Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Several processes are trying to access clearyfitzgeralddentalpractice.ie


  • This topic is locked This topic is locked
39 replies to this topic

#1 lrmarker

lrmarker

  • Members
  • 23 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:06:49 PM

Posted 26 January 2015 - 02:08 PM

I noticed a lot of file activity that didn't seem normal, so I ran Resource Monitor and saw 4 processes accessing the network at location clearyfitzgeralddentalpractice.ie  A screenshot of the ResMon display is attached.

 

I have done the following:
 
 1 - I ran MalwareBytes and it found 26 PUPs but no malware. One was a registry entry for MySearchDial and the rest were all Foxfire profiles related to MySearchDial. MWB quarantined all these, but it did not fix the problem.
 
 2 - I ran a full system scan in NIS.  It quarantined 3 "suspicious" files -- all are part of NIRtools, so I believe these are false positives.  The problem remains.
 
 3 - Google turned up the fact that there are 456 different web sites that are registered for the same IP address, one of which is clearyfitzgeralddentalpractice.ie
 
 4 - I next looked in my hosts file and found that that name is directed to 127.0.0.1, which means that my MirageAB utility had already dead-lettered it which means that it is a known bad site.
 
 5 - I ran RKill, AdwCleaner, TDSSkiller, and Malwarebytes Anti-Rootkit.  All came up negative.

 

The folks at the Virus forum on Compuserve recommended I come here.

 

-----------------------------------------

Attached File  ResMon Network.jpg   98.64KB   0 downloadsAttached File  Addition.txt   78.06KB   1 downloads

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 24-01-2015 01
Ran by Administrator (administrator) on LARRYS-PC on 26-01-2015 12:43:00
Running from C:\Users\Larry\Desktop\Potential virus stuff\Bleeping Computer\FRST
Loaded Profiles: Larry & Administrator (Available profiles: Larry & lrmar_000 & Administrator & DefaultAppPool)
Platform: Microsoft Windows 8.1 Pro (X86) OS Language: English (United States)
Internet Explorer Version 11 (Default browser: IE)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(Logitech Inc.) C:\Program Files\Common Files\logishrd\LVMVFM\UMVPFSrv.exe
(Acronis) C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Microsoft Corporation) C:\Program Files\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe
(Microsoft Corporation) C:\Program Files\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe
(Hagel Technologies Ltd.) C:\Program Files\DU Meter\DUMeterSvc.exe
(Microsoft Corporation) C:\Windows\System32\dasHost.exe
(Intel® Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
() C:\Program Files\Common Files\Appkeys\yytool.exe
(Microsoft Corporation) C:\Windows\System32\mqsvc.exe
(Microsoft Corporation) C:\Program Files\Microsoft SQL Server\MSSQL10_50.ESHA\MSSQL\Binn\sqlservr.exe
(Symantec Corporation) C:\Program Files\Norton Internet Security\Engine\21.6.0.32\nis.exe
(Interactive Brands Inc.) C:\Program Files\PDF Suite 2015\HelperService.exe
(Interactive Brands Inc.) C:\Program Files\PDF Suite 2015\ConversionService.exe
(Cyber Power Systems, Inc.) C:\Program Files\CyberPower PowerPanel Personal Edition\ppped.exe
(Protexis Inc.) C:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe
(Microsoft Corporation) C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
(VIA Technologies, Inc.) C:\Windows\System32\ViakaraokeSrv.exe
(Western Digital Technologies, Inc.) C:\Program Files\Western Digital\WD Drive Manager\WDDriveService.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Google Inc.) C:\Program Files\Google\Update\1.3.25.11\GoogleCrashHandler.exe
(Intuit Inc.) C:\Program Files\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe
(Intel Corporation) C:\Program Files\Intel\Intel® Management Engine Components\DAL\Jhi_service.exe
(Intel Corporation) C:\Program Files\Intel\Intel® Management Engine Components\LMS\LMS.exe
(Nero AG) C:\Program Files\Nero\Update\NASvc.exe
(Acronis) C:\Program Files\Common Files\Acronis\SyncAgent\syncagentsrv.exe
(Symantec Corporation) C:\Program Files\Norton Internet Security\Engine\21.6.0.32\nis.exe
(IvoSoft) C:\Program Files\Classic Shell\ClassicStartMenu.exe
(Acronis) C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe
(Acronis International GmbH) C:\Program Files\Common Files\Acronis\TibMounter\TibMounterMonitor.exe
(www.stone-oakvalley-studios.com) C:\Program Files\FloatLED\FloatLED.exe
(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
(VIA) C:\Program Files\VIA\VIAudioi\VDeck\VDeck.exe
(Hewlett-Packard) C:\Program Files\HP\HP Software Update\hpwuschd2.exe
(Logitech Inc.) C:\Program Files\Logitech\LWS\Webcam Software\LWS.exe
() C:\Program Files\Logitech\LWS\Webcam Software\CameraHelperShell.exe
(Cyber Power Systems, Inc.) C:\Program Files\CyberPower PowerPanel Personal Edition\pppeuser.exe
(Acronis) C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe
(Microsoft Corporation) C:\Program Files\EMET 4.1\EMET_Agent.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Update Core\NvBackend.exe
(Logitech, Inc.) C:\Program Files\Logitech\SetPointP\SetPoint.exe
(CyberLink) C:\Program Files\CyberLink\Power2Go8\CLMLSvc_P2G8.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office\Office14\MSOSYNC.EXE
(AWS Convergence Technologies, Inc.) C:\Program Files\AWS\WeatherBug\Weather.exe
() C:\Users\Larry\AppData\Local\Amazon Music\Amazon Music Helper.exe
(Hewlett-Packard Co.) C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
(Dropbox, Inc.) C:\Users\Larry\AppData\Roaming\Dropbox\bin\Dropbox.exe
(FSL - Freesoftland) C:\Program Files\FSL\IconRestorer\IconRestorer.exe
() C:\Program Files\ShellFolderFix\ShellFolderFixUI.exe
(Logitech, Inc.) C:\Program Files\Common Files\logishrd\KHAL3\KHALMNPR.exe
(Hagel Technologies Ltd.) C:\Program Files\DU Meter\DUMeter.exe
(Hewlett-Packard Co.) C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe
(Hewlett-Packard Co.) C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe
(Hewlett-Packard) C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe
(Microsoft Corporation) C:\Windows\System32\audiodg.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe

==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [Acronis Scheduler2 Service] => C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe [379672 2013-07-18] (Acronis)
HKLM\...\Run: [AcronisTibMounterMonitor] => C:\Program Files\Common Files\Acronis\TibMounter\TibMounterMonitor.exe [1102192 2013-10-10] (Acronis International GmbH)
HKLM\...\Run: [Adobe ARM] => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1022152 2014-12-19] (Adobe Systems Incorporated)
HKLM\...\Run: [BCSSync] => C:\Program Files\Microsoft Office\Office14\BCSSync.exe [89184 2012-11-05] (Microsoft Corporation)
HKLM\...\Run: [FloatLED] => C:\Program Files\FloatLED\FloatLED.exe [138240 2012-01-10] (www.stone-oakvalley-studios.com)
HKLM\...\Run: [Greenshot] => C:\Program Files\Greenshot\Greenshot.exe [499712 2013-05-20] (Greenshot)
HKLM\...\Run: [HDAudDeck] => C:\Program Files\VIA\VIAudioi\VDeck\VDeck.exe [3837552 2012-01-12] (VIA)
HKLM\...\Run: [HP Software Update] => C:\Program Files\HP\HP Software Update\HPWuSchd2.exe [49208 2011-10-28] (Hewlett-Packard)
HKLM\...\Run: [LWS] => C:\Program Files\Logitech\LWS\Webcam Software\LWS.exe [204136 2012-09-12] (Logitech Inc.)
HKLM\...\Run: [PowerPanel Personal Edition User Interaction] => C:\Program Files\CyberPower PowerPanel Personal Edition\pppeuser.exe [353728 2011-06-17] (Cyber Power Systems, Inc.)
HKLM\...\Run: [TrueImageMonitor.exe] => C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe [7805936 2014-02-04] (Acronis)
HKLM\...\Run: [] => [X]
HKLM\...\Run: [EaseUs Watch] => C:\Program Files\EaseUS\Todo Backup\bin\EuWatch.exe [70728 2013-09-04] (CHENGDU YIWO Tech Development Co., Ltd)
HKLM\...\Run: [EaseUs Tray] => C:\Program Files\EaseUS\Todo Backup\bin\TrayNotify.exe [1372232 2013-09-04] (CHENGDU YIWO Tech Development Co., Ltd)
HKLM\...\Run: [EMET 4.1 Agent] => C:\Program Files\EMET 4.1\EMET_agent.exe [78992 2013-11-21] (Microsoft Corporation)
HKLM\...\Run: [NvBackend] => C:\Program Files\NVIDIA Corporation\Update Core\NvBackend.exe [1797064 2014-03-20] (NVIDIA Corporation)
HKLM\...\Run: [Classic Start Menu] => C:\Program Files\Classic Shell\ClassicStartMenu.exe [150208 2014-04-20] (IvoSoft)
HKLM\...\Run: [EvtMgr6] => C:\Program Files\Logitech\SetPointP\SetPoint.exe [2296600 2013-07-31] (Logitech, Inc.)
HKLM\...\Run: [Malwarebytes Anti-Exploit] => C:\Program Files\Malwarebytes Anti-Exploit\mbae.exe
HKLM\...\Run: [CLMLServer_For_P2G8] => C:\Program Files\CyberLink\Power2Go8\CLMLSvc_P2G8.exe [111576 2013-08-05] (CyberLink)
HKLM\...\Run: [CLVirtualDrive] => C:\Program Files\CyberLink\Power2Go8\VirtualDrive.exe [490760 2013-08-19] (CyberLink Corp.)
HKLM\...\Run: [PowerDVD14Agent] => C:\Program Files\CyberLink\PowerDVD14\PowerDVD14Agent.exe [795672 2014-11-06] (CyberLink Corp.)
HKLM\...\RunOnce: [EasyTuneVI] => C:\Program Files\GIGABYTE\ET6\ETCall.exe [40960 2012-07-09] ()
Winlogon\Notify\GoToAssist: C:\Program Files\Citrix\GoToAssist\917\G2AWinLogon.dll (Citrix Online, a division of Citrix Systems, Inc.)
Winlogon\Notify\LBTWlgn: c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll (Logitech, Inc.)
HKU\S-1-5-21-758451956-1520791384-1717137910-1000\...\Run: [DU Meter] => C:\Program Files\DU Meter\DUMeter.exe [2325976 2014-11-13] (Hagel Technologies Ltd.)
HKU\S-1-5-21-758451956-1520791384-1717137910-1000\...\Run: [Mirage Anti-Bot] => C:\Misc_Programs\MirageAB\MirageAB.exe [3087360 2013-02-09] (PhrozenSoft.com)
HKU\S-1-5-21-758451956-1520791384-1717137910-1000\...\Run: [OfficeSyncProcess] => C:\Program Files\Microsoft Office\Office14\MSOSYNC.EXE [720064 2014-10-14] (Microsoft Corporation)
HKU\S-1-5-21-758451956-1520791384-1717137910-1000\...\Run: [Weather] => C:\Program Files\AWS\WeatherBug\Weather.exe [1653760 2013-06-05] (AWS Convergence Technologies, Inc.)
HKU\S-1-5-21-758451956-1520791384-1717137910-1000\...\Run: [ISUSPM Startup] => C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe [221184 2005-02-17] (InstallShield Software Corporation)
HKU\S-1-5-21-758451956-1520791384-1717137910-1000\...\Run: [Amazon Music] => C:\Users\Larry\AppData\Local\Amazon Music\Amazon Music Helper.exe [6281024 2014-10-14] ()
HKU\S-1-5-21-758451956-1520791384-1717137910-1000\...\Policies\Explorer: [HideSCABattery] 1
HKU\S-1-5-21-758451956-1520791384-1717137910-1000\...\Policies\Explorer: [NoCloseDragDropBands] 0
HKU\S-1-5-21-758451956-1520791384-1717137910-1000\...\Policies\Explorer: [NoLowDiskSpaceChecks] 1
HKU\S-1-5-21-758451956-1520791384-1717137910-1000\...\Policies\Explorer: [NoSearchCommInStartMenu] 1
HKU\S-1-5-21-758451956-1520791384-1717137910-1000\...\Policies\Explorer: [NoSearchInternetInStartMenu] 1
HKU\S-1-5-21-758451956-1520791384-1717137910-1000\...\Policies\Explorer: [NoStartMenuMFUprogramsList] 0
HKU\S-1-5-21-758451956-1520791384-1717137910-1000\...\Policies\Explorer: [NoStartMenuMorePrograms] 0
HKU\S-1-5-21-758451956-1520791384-1717137910-1000\...\Policies\Explorer: [NoStartMenuMyGames] 1
HKU\S-1-5-21-758451956-1520791384-1717137910-1000\...\Policies\Explorer: [NoStartMenuMyMusic] 0
HKU\S-1-5-21-758451956-1520791384-1717137910-1000\...\Policies\Explorer: [NoStartMenuPinnedList] 0
HKU\S-1-5-21-758451956-1520791384-1717137910-1000\...\Policies\Explorer: [NoUserFolderInStartMenu] 0
HKU\S-1-5-21-758451956-1520791384-1717137910-500\...\Run: [DU Meter] => C:\Program Files\DU Meter\DUMeter.exe [2325976 2014-11-13] (Hagel Technologies Ltd.)
HKU\S-1-5-21-758451956-1520791384-1717137910-500\...\Run: [Mirage Anti-Bot] => C:\Misc_Programs\MirageAB\MirageAB.exe [3087360 2013-02-09] (PhrozenSoft.com)
HKU\S-1-5-21-758451956-1520791384-1717137910-500\...\Run: [swg] => C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [39408 2013-10-23] (Google Inc.)
HKU\S-1-5-21-758451956-1520791384-1717137910-500\...\Run: [Power2GoExpress8] => C:\Program Files\CyberLink\Power2Go8\Power2GoExpress8.exe [1713416 2013-08-19] (CyberLink Corp.)
HKU\S-1-5-21-758451956-1520791384-1717137910-500\...\Policies\Explorer: [NoAutoTrayNotify] 1
Startup: C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\NB11 Plus.lnk
ShortcutTarget: NB11 Plus.lnk -> C:\Program Files\NutriBase\NB11Plus.exe ()
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
ShortcutTarget: HP Digital Imaging Monitor.lnk -> C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe (Hewlett-Packard Co.)
Startup: C:\Users\Larry\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk -> C:\Users\Administrator\AppData\Roaming\Dropbox\bin\Dropbox.exe (No File)
Startup: C:\Users\Larry\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\IconRestorer.lnk
ShortcutTarget: IconRestorer.lnk -> C:\Program Files\FSL\IconRestorer\IconRestorer.exe (FSL - Freesoftland)
Startup: C:\Users\Larry\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ShellFolderFix.lnk
ShortcutTarget: ShellFolderFix.lnk -> C:\Program Files\ShellFolderFix\ShellFolderFixUI.exe ()
ShellIconOverlayIdentifiers: [AcronisSyncError] -> {934BC6C0-FEC2-4df5-A100-961DE2C8A0ED} => C:\Program Files\Acronis\TrueImageHome\tishell.dll ()
ShellIconOverlayIdentifiers: [AcronisSyncInProgress] -> {00F848DC-B1D4-4892-9C25-CAADC86A215D} => C:\Program Files\Acronis\TrueImageHome\tishell.dll ()
ShellIconOverlayIdentifiers: [AcronisSyncOk] -> {71573297-552E-46fc-BE3D-3DFAF88D47B7} => C:\Program Files\Acronis\TrueImageHome\tishell.dll ()
ShellIconOverlayIdentifiers: [DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} =>  No File
ShellIconOverlayIdentifiers: [DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} =>  No File
ShellIconOverlayIdentifiers: [DropboxExt3] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} =>  No File
ShellIconOverlayIdentifiers: [ShareOverlay] -> {594D4122-1F87-41E2-96C7-825FB4796516} => C:\Program Files\Classic Shell\ClassicExplorer32.dll (IvoSoft)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.com
HKU\S-1-5-21-758451956-1520791384-1717137910-1000\Software\Microsoft\Internet Explorer\Main,Start Page = http://abcnews.go.com/
HKU\S-1-5-21-758451956-1520791384-1717137910-1000\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/?ocid=iehp
HKU\S-1-5-21-758451956-1520791384-1717137910-500\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.com/?gws_rd=ssl
HKU\S-1-5-21-758451956-1520791384-1717137910-500\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/
SearchScopes: HKLM -> DefaultScope {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = http://start.mysearchdial.com/results.php?f=4&q={searchTerms}&a=file0202ie&cd=2XzuyEtN2Y1L1QzuzytDtB0BtAyEyCtD0D0EyBtDyC0B0C0BtN0D0Tzu0SyBzytBtN1L2XzutBtFtBtFtCyEtFtCtAyBzytN1L1CzutCyD1B1P1R&cr=1561261278&ir=
SearchScopes: HKLM -> {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = http://start.mysearchdial.com/results.php?f=4&q={searchTerms}&a=file0202ie&cd=2XzuyEtN2Y1L1QzuzytDtB0BtAyEyCtD0D0EyBtDyC0B0C0BtN0D0Tzu0SyBzytBtN1L2XzutBtFtBtFtCyEtFtCtAyBzytN1L1CzutCyD1B1P1R&cr=1561261278&ir=
SearchScopes: HKU\.DEFAULT -> DefaultScope {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL =
SearchScopes: HKU\S-1-5-21-758451956-1520791384-1717137910-1000 -> {AFBCB7E0-F91A-4951-9F31-58FEE57A25C4} URL = http://nortonsafe.search.ask.com/web?q={SEARCHTERMS}&o=APN10506&l=dis&prt=NIS&chn=retail&geo=US&ver=20&locale=en_US&gct=kwd&qsrc=2869
SearchScopes: HKU\S-1-5-21-758451956-1520791384-1717137910-500 -> DefaultScope {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = http://start.mysearchdial.com/results.php?f=4&q={searchTerms}&a=file0202ie&cd=2XzuyEtN2Y1L1QzuzytDtB0BtAyEyCtD0D0EyBtDyC0B0C0BtN0D0Tzu0SyBzytBtN1L2XzutBtFtBtFtCyEtFtCtAyBzytN1L1CzutCyD1B1P1R&cr=1561261278&ir=
SearchScopes: HKU\S-1-5-21-758451956-1520791384-1717137910-500 -> {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = http://start.mysearchdial.com/results.php?f=4&q={searchTerms}&a=file0202ie&cd=2XzuyEtN2Y1L1QzuzytDtB0BtAyEyCtD0D0EyBtDyC0B0C0BtN0D0Tzu0SyBzytBtN1L2XzutBtFtBtFtCyEtFtCtAyBzytN1L1CzutCyD1B1P1R&cr=1561261278&ir=
SearchScopes: HKU\S-1-5-21-758451956-1520791384-1717137910-500 -> {AFBCB7E0-F91A-4951-9F31-58FEE57A25C4} URL = http://nortonsafe.search.ask.com/web?q={SEARCHTERMS}&o=APN10506&l=dis&prt=NIS&chn=retail&geo=US&ver=21&locale=en_US&gct=kwd&qsrc=2869
BHO: No Name -> {02478D38-C3F9-4efb-9B51-7695ECA05670} ->  No File
BHO: ExplorerBHO Class -> {449D0D6E-2412-4E61-B68F-1CB625CD9E52} -> C:\Program Files\Classic Shell\ClassicExplorer32.dll (IvoSoft)
BHO: Norton Identity Protection -> {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} -> C:\Program Files\Norton Internet Security\Engine\21.6.0.32\coIEPlg.dll (Symantec Corporation)
BHO: Norton Vulnerability Protection -> {6D53EC84-6AAE-4787-AEEE-F4628F01010C} -> C:\Program Files\Norton Internet Security\Engine\21.6.0.32\IPS\IPSBHO.DLL (Symantec Corporation)
BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
BHO: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_31\bin\ssv.dll (Oracle Corporation)
BHO: PDF Suite 2015 Helper -> {990FB160-376C-4AA7-BC28-D5CF1B4DA8B9} -> C:\Program Files\PDF Suite 2015\PDFIEHelper.dll (Interactive Brands Inc.)
BHO: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
BHO: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Microsoft Corporation)
BHO: Logitech SetPoint -> {AF949550-9094-4807-95EC-D1C317803333} -> C:\Program Files\Logitech\SetPointP\SetPointSmooth.dll (Logitech, Inc.)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_31\bin\jp2ssv.dll (Oracle Corporation)
BHO: ClassicIEBHO Class -> {EA801577-E6AD-4BD5-8F71-4BE0154331A4} -> C:\Program Files\Classic Shell\ClassicIEDLL_32.dll (IvoSoft)
Toolbar: HKLM - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton Internet Security\Engine\21.6.0.32\coIEPlg.dll (Symantec Corporation)
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
Toolbar: HKLM - Classic Explorer Bar - {553891B7-A0D5-4526-BE18-D3CE461D6310} - C:\Program Files\Classic Shell\ClassicExplorer32.dll (IvoSoft)
Toolbar: HKLM - PDF Suite 2015 Toolbar - {267E0B0F-6EC6-4E97-AEA4-5D96B8B22957} - C:\Program Files\PDF Suite 2015\PDFIEPlugin.dll (Interactive Brands Inc.)
Toolbar: HKU\S-1-5-21-758451956-1520791384-1717137910-1000 -> Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
Toolbar: HKU\S-1-5-21-758451956-1520791384-1717137910-1000 -> Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton Internet Security\Engine\21.6.0.32\coIEPlg.dll (Symantec Corporation)
Toolbar: HKU\S-1-5-21-758451956-1520791384-1717137910-500 -> Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
Toolbar: HKU\S-1-5-21-758451956-1520791384-1717137910-500 -> Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton Internet Security\Engine\21.6.0.32\coIEPlg.dll (Symantec Corporation)
DPF: {0D6709DD-4ED8-40CA-B459-2757AEEF7BEE} http://download.gigabyte.com.tw/object/Dldrv.ocx
DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab
DPF: {FB298ECE-4D17-414A-A5E8-FABC938796B2} http://homecareparts.electroluxusa.com/_bin/AWSDrawingViewer.cab
Handler: belarc - {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - C:\Program Files\Belarc\Advisor\System\BAVoilaX.dll (Belarc, Inc.)
Handler: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Microsoft Corporation)
Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files\Common Files\AVG Secure Search\ViProtocolInstaller\17.0.1\ViProtocol.dll (AVG Secure Search)
Winsock: Catalog5 07 C:\Program Files\Bonjour\mdnsNSP.dll [121704] (Apple Inc.)
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.1.254

FireFox:
========
FF ProfilePath: C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\9ymcphlr.default-1407863738633
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF32_16_0_0_296.dll ()
FF Plugin: @avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin -> C:\Program Files\Common Files\AVG Secure Search\SiteSafetyInstaller\17.0.1\\npsitesafety.dll (AVG Technologies)
FF Plugin: @glance.net/GlanceClient -> C:\Program Files\Glance29\npglance.dll (Glance Networks, Inc.)
FF Plugin: @Google.com/GoogleEarthPlugin -> C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin: @intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.5 -> C:\Program Files\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
FF Plugin: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
FF Plugin: @java.com/DTPlugin,version=11.31.2 -> C:\Program Files\Java\jre1.8.0_31\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.31.2 -> C:\Program Files\Java\jre1.8.0_31\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin: @microsoft.com/VirtualEarth3D,version=4.0 -> C:\Program Files\Virtual Earth 3D\ ()
FF Plugin: @Nero.com/KM -> C:\PROGRA~1\COMMON~1\Nero\BROWSE~1\NPBROW~1.DLL (Nero AG)
FF Plugin: @nvidia.com/3DVision -> C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF Plugin: @nvidia.com/3DVisionStreaming -> C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @videolan.org/vlc,version=2.1.0 -> C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Extension: Skype Click to Call - C:\Program Files\Mozilla Firefox\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}.xpi [2014-12-29]
FF HKLM\...\Firefox\Extensions: [{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_21.0.2.1\coFFPlgn
FF Extension: Norton Toolbar - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_21.0.2.1\coFFPlgn [2015-01-26]
FF HKLM\...\Firefox\Extensions: [{F003DA68-8256-4b37-A6C4-350FA04494DF}] - C:\Program Files\Logitech\SetPointP\LogiSmoothFirefoxExt
FF Extension: Logitech SetPoint - C:\Program Files\Logitech\SetPointP\LogiSmoothFirefoxExt [2014-06-25]
FF HKLM\...\Firefox\Extensions: [FFPDFConverter2015@ib.com] - C:\Program Files\PDF Suite 2015\firefoxextension2015
FF Extension: PDF Suite 2015 Converter For Firefox - C:\Program Files\PDF Suite 2015\firefoxextension2015 [2014-11-26]

Chrome:
=======
CHR Profile: C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Docs) - C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2013-10-23]
CHR Extension: (Google Drive) - C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2013-10-23]
CHR Extension: (YouTube) - C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2013-10-23]
CHR Extension: (Google Search) - C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2013-10-23]
CHR Extension: (Skype Click to Call) - C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl [2013-10-23]
CHR Extension: (Norton Identity Protection) - C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\mkfokfffehpeedafpekjeddnmnjhmcmk [2013-10-23]
CHR Extension: (Chrome In-App Payments service) - C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-10-23]
CHR Extension: (Gmail) - C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2013-10-23]
CHR HKLM\...\Chrome\Extension: [iikflkcanblccfahdhdonehdalibjnif] - No Path
CHR HKLM\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files\Skype\Toolbars\ChromeExtension\skype_chrome_extension.crx [2014-07-14]
CHR HKLM\...\Chrome\Extension: [mkfokfffehpeedafpekjeddnmnjhmcmk] - C:\Program Files\Norton Internet Security\Engine\21.6.0.32\Exts\Chrome.crx [2014-10-02]

========================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 AcrSch2Svc; C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe [777016 2013-07-18] (Acronis)
S4 afcdpsrv; C:\Program Files\Common Files\Acronis\CDP\afcdpsrv.exe [3873784 2014-05-20] (Acronis)
S3 AppleChargerSrv; C:\WINDOWS\System32\AppleChargerSrv.exe [31272 2010-04-06] ()
S4 becldr3Service; C:\Program Files\BCL Technologies\easyConverter SDK 3\Common\becldr.exe [225280 2013-07-03] () [File not signed]
S3 BthHFSrv; C:\WINDOWS\System32\BthHFSrv.dll [250880 2014-10-28] (Microsoft Corporation)
R2 c2cautoupdatesvc; C:\Program Files\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [1390176 2014-07-14] (Microsoft Corporation)
R2 c2cpnrsvc; C:\Program Files\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [1767520 2014-07-14] (Microsoft Corporation)
R2 DUMeterSvc; C:\Program Files\DU Meter\DUMeterSvc.exe [1385272 2014-11-13] (Hagel Technologies Ltd.)
S4 EaseUS Agent; C:\Program Files\EaseUS\Todo Backup\bin\Agent.exe [36936 2013-12-02] (CHENGDU YIWO Tech Development Co., Ltd) [File not signed]
S4 GoToAssist; C:\Program Files\Citrix\GoToAssist\917\g2aservice.exe [308568 2014-05-13] (Citrix Online, a division of Citrix Systems, Inc.)
S4 Guard Agent; C:\Program Files\EaseUS\Todo Backup\bin\GuardAgent.exe [23624 2013-09-04] (CHENGDU YIWO Tech Development Co., Ltd) [File not signed]
R2 HPSLPSVC; C:\Program Files\HP\Digital Imaging\bin\HPSLPSVC32.DLL [696320 2011-08-18] (Hewlett-Packard Co.) [File not signed]
S3 ICCS; C:\Program Files\Intel\Intel® Integrated Clock Controller Service\ICCProxy.exe [160256 2011-08-30] (Intel Corporation) [File not signed]
S3 IDriverT; C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [69632 2005-04-03] (Macrovision Corporation) [File not signed]
R2 Intel® Capability Licensing Service Interface; C:\Program Files\Intel\iCLS Client\HeciServer.exe [595968 2013-08-27] (Intel® Corporation) [File not signed]
S3 Intel® Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [642520 2013-08-27] (Intel® Corporation)
R2 jhi_service; C:\Program Files\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [169432 2013-09-16] (Intel Corporation)
R2 Leawo_service; C:\Program Files\Common Files\Appkeys\yytool.exe [934384 2014-07-21] ()
S3 MBAMScheduler; C:\Program Files\Malwarebytes Anti-Malware\mbamscheduler.exe [1871160 2014-11-21] (Malwarebytes Corporation)
S3 MBAMService; C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe [969016 2014-11-21] (Malwarebytes Corporation)
R2 MSMQ; C:\WINDOWS\system32\mqsvc.exe [25088 2013-10-23] (Microsoft Corporation)
R2 MSSQL$ESHA; C:\Program Files\Microsoft SQL Server\MSSQL10_50.ESHA\MSSQL\Binn\sqlservr.exe [43128496 2014-07-10] (Microsoft Corporation)
R2 NAUpdate; C:\Program Files\Nero\Update\NASvc.exe [786256 2014-07-14] (Nero AG)
R2 Net Driver HPZ12; C:\Windows\system32\HPZinw12.dll [44032 2010-08-06] (Hewlett-Packard) [File not signed]
R2 NIS; C:\Program Files\Norton Internet Security\Engine\21.6.0.32\NIS.exe [276376 2014-09-21] (Symantec Corporation)
S2 OS Selector; C:\Program Files\Acronis\DiskDirector\OSS\reinstall_svc.exe [2139400 2011-11-15] ()
R2 PDF Suite 2015 Helper Service; C:\Program Files\PDF Suite 2015\HelperService.exe [1144184 2014-10-09] (Interactive Brands Inc.)
R2 PDF Suite 2015 Service; C:\Program Files\PDF Suite 2015\ConversionService.exe [853368 2014-10-09] (Interactive Brands Inc.)
R2 Pml Driver HPZ12; C:\Windows\system32\HPZipm12.dll [53760 2010-08-06] (Hewlett-Packard) [File not signed]
R2 ppped; C:\Program Files\CyberPower PowerPanel Personal Edition\ppped.exe [1000896 2011-06-17] (Cyber Power Systems, Inc.)
S3 ScDeviceEnum; C:\WINDOWS\System32\ScDeviceEnum.dll [103936 2014-10-28] (Microsoft Corporation)
S4 SQLAgent$ESHA; C:\Program Files\Microsoft SQL Server\MSSQL10_50.ESHA\MSSQL\Binn\SQLAGENT.EXE [381104 2014-07-10] (Microsoft Corporation)
R2 syncagentsrv; C:\Program Files\Common Files\Acronis\SyncAgent\syncagentsrv.exe [7142320 2014-02-04] (Acronis)
R2 UMVPFSrv; C:\Program Files\Common Files\logishrd\LVMVFM\UMVPFSrv.exe [428640 2011-03-03] (Logitech Inc.)
R2 VIAKaraokeService; C:\WINDOWS\system32\viakaraokesrv.exe [27760 2012-01-10] (VIA Technologies, Inc.)
S4 vToolbarUpdater17.0.1; C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\17.0.1\ToolbarUpdater.exe [1734680 2013-09-30] (AVG Secure Search)
S3 w3logsvc; C:\WINDOWS\system32\inetsrv\w3logsvc.dll [66560 2014-07-02] (Microsoft Corporation)
S4 WDBackup; C:\Program Files\Western Digital\WD SmartWare\WDBackupEngine.exe [1042808 2013-06-19] (Western Digital Technologies, Inc.)
R2 WDDriveService; C:\Program Files\Western Digital\WD Drive Manager\WDDriveService.exe [270192 2013-06-19] (Western Digital Technologies, Inc.)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [288128 2014-09-21] (Microsoft Corporation)
S3 WEPHOSTSVC; C:\WINDOWS\system32\wephostsvc.dll [20992 2014-10-28] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [22192 2014-09-21] (Microsoft Corporation)
S3 workfolderssvc; C:\WINDOWS\system32\workfolderssvc.dll [1269248 2014-10-28] (Microsoft Corporation)
S4 rpcapd; "%ProgramFiles%\WinPcap\rpcapd.exe" -d -f "%ProgramFiles%\WinPcap\rpcapd.ini" [X]

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R1 AppleCharger; C:\WINDOWS\System32\DRIVERS\AppleCharger.sys [19056 2011-11-02] ()
R1 avgtp; C:\Windows\system32\drivers\avgtpx86.sys [37664 2013-09-30] (AVG Technologies)
R1 BasicRender; C:\WINDOWS\System32\drivers\BasicRender.sys [25600 2014-02-22] (Microsoft Corporation)
R1 BHDrvx86; C:\Program Files\Norton Internet Security\NortonData\21.0.2.1\Definitions\BASHDefs\20150106.001\BHDrvx86.sys [1164504 2015-01-06] (Symantec Corporation)
R1 ccSet_NIS; C:\WINDOWS\system32\drivers\NIS\1506000.020\ccSetx86.sys [127064 2013-09-25] (Symantec Corporation)
R1 CLVirtualDrive; C:\WINDOWS\system32\DRIVERS\CLVirtualDrive.sys [74816 2013-03-05] (CyberLink)
R3 CompFilter; C:\WINDOWS\System32\drivers\lvbusflt.sys [21096 2012-10-26] (Logitech Inc.)
S3 DUMeterDrv; C:\Program Files\DU Meter\DUMETR32.SYS [19720 2014-11-13] (Hagel Technologies Ltd.)
R1 eeCtrl; C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys [378672 2014-12-26] (Symantec Corporation)
R3 EraserUtilRebootDrv; C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [111408 2014-12-26] (Symantec Corporation)
S3 etdrv; C:\Windows\etdrv.sys [17488 2014-01-21] (Windows ® 2000 DDK provider)
R0 EUBAKUP; C:\WINDOWS\System32\drivers\eubakup.sys [51784 2013-09-04] (CHENGDU YIWO Tech Development Co., Ltd) [File not signed]
R0 EUBKMON; C:\WINDOWS\System32\drivers\EUBKMON.sys [41544 2013-09-04] () [File not signed]
R1 EUDSKACS; C:\Windows\system32\drivers\eudskacs.sys [15944 2013-09-04] (CHENGDU YIWO Tech Development Co., Ltd) [File not signed]
R1 EUFDDISK; C:\Windows\system32\drivers\EuFdDisk.sys [186952 2013-09-04] (CHENGDU YIWO Tech Development Co., Ltd) [File not signed]
S3 gdrv; C:\Windows\gdrv.sys [17488 2015-01-23] (Windows ® 2000 DDK provider)
R1 glancedrv; C:\WINDOWS\system32\DRIVERS\glancedrv.sys [34080 2009-05-13] (Glance Networks, Inc)
S3 GPIO; C:\WINDOWS\System32\drivers\iaiogpio.sys [22016 2013-07-23] (Intel Corporation)
S3 GVTDrv; C:\WINDOWS\system32\Drivers\GVTDrv.sys [24944 2015-01-23] ()
R1 IDSVix86; C:\Program Files\Norton Internet Security\NortonData\21.0.2.1\Definitions\IPSDefs\20150123.001\IDSvix86.sys [503000 2015-01-13] (Symantec Corporation)
S3 iusb3hub; C:\WINDOWS\System32\DRIVERS\iusb3hub.sys [348440 2012-01-27] (Intel Corporation)
S3 iusb3xhc; C:\WINDOWS\System32\DRIVERS\iusb3xhc.sys [791832 2012-01-27] (Intel Corporation)
R3 L1C; C:\WINDOWS\system32\DRIVERS\L1C63x86.sys [111304 2013-07-17] (Qualcomm Atheros Co., Ltd.)
R3 LEqdUsb; C:\WINDOWS\System32\Drivers\LEqdUsb.Sys [42264 2014-03-18] (Logitech, Inc.)
R3 LHidEqd; C:\WINDOWS\System32\Drivers\LHidEqd.Sys [10136 2014-03-18] (Logitech, Inc.)
S3 MBAMProtector; C:\WINDOWS\system32\drivers\mbam.sys [23256 2014-11-21] (Malwarebytes Corporation)
S3 MBAMWebAccessControl; C:\WINDOWS\system32\drivers\mwac.sys [51928 2014-11-21] (Malwarebytes Corporation)
R3 MEI; C:\WINDOWS\system32\DRIVERS\TeeDriver.sys [85464 2013-09-16] (Intel Corporation)
R3 MQAC; C:\WINDOWS\System32\drivers\mqac.sys [131072 2013-10-23] (Microsoft Corporation)
R3 NAVENG; C:\Program Files\Norton Internet Security\NortonData\21.0.2.1\Definitions\VirusDefs\20150125.032\NAVENG.SYS [95704 2015-01-20] (Symantec Corporation)
R3 NAVEX15; C:\Program Files\Norton Internet Security\NortonData\21.0.2.1\Definitions\VirusDefs\20150125.032\NAVEX15.SYS [1636696 2015-01-20] (Symantec Corporation)
R2 NPF; C:\WINDOWS\System32\drivers\npf.sys [36600 2013-02-28] (Riverbed Technology, Inc.)
S3 pwdrvio; C:\Windows\system32\pwdrvio.sys [15688 2013-09-30] ()
S3 pwdspio; C:\Windows\system32\pwdspio.sys [10320 2013-09-30] ()
S4 RsFx0153; C:\WINDOWS\System32\DRIVERS\RsFx0153.sys [250160 2014-07-10] (Microsoft Corporation)
R1 SRTSP; C:\WINDOWS\System32\Drivers\NIS\1506000.020\SRTSP.SYS [664792 2014-08-25] (Symantec Corporation)
R1 SRTSPX; C:\WINDOWS\system32\drivers\NIS\1506000.020\SRTSPX.SYS [32984 2014-08-25] (Symantec Corporation)
R0 SymDS; C:\WINDOWS\System32\drivers\NIS\1506000.020\SYMDS.SYS [367704 2013-07-31] (Symantec Corporation)
R0 SymEFA; C:\WINDOWS\System32\drivers\NIS\1506000.020\SYMEFA.SYS [936152 2014-03-03] (Symantec Corporation)
S4 SymELAM; C:\WINDOWS\system32\drivers\NIS\1506000.020\SYMELAM.SYS [21520 2013-07-31] (Symantec Corporation)
R3 SymEvent; C:\Windows\system32\Drivers\SYMEVENT.SYS [142936 2013-10-05] (Symantec Corporation)
R1 SymIRON; C:\WINDOWS\system32\drivers\NIS\1506000.020\Ironx86.SYS [209624 2014-08-06] (Symantec Corporation)
R1 SymNetS; C:\WINDOWS\System32\Drivers\NIS\1506000.020\SYMNETS.SYS [447704 2014-02-17] (Symantec Corporation)
S3 tdrpman; C:\WINDOWS\system32\DRIVERS\tdrpman.sys [889888 2014-05-20] (Acronis International GmbH)
R0 tib; C:\WINDOWS\System32\DRIVERS\tib.sys [736192 2013-05-16] (Acronis International GmbH)
R0 tib_mounter; C:\WINDOWS\System32\DRIVERS\tib_mounter.sys [143648 2014-05-20] (Acronis International GmbH)
R3 VIAHdAudAddService; C:\WINDOWS\system32\drivers\viahduaa.sys [1822832 2012-01-10] (VIA Technologies, Inc.)
S3 WdNisDrv; C:\WINDOWS\System32\Drivers\WdNisDrv.sys [84800 2014-09-21] (Microsoft Corporation)
R0 Wof; C:\WINDOWS\system32\Drivers\Wof.sys [138584 2014-03-13] (Microsoft Corporation)
S3 cpuz135; \??\C:\Users\Larry\AppData\Local\Temp\cpuz135\cpuz135_x32.sys [X]
S1 ESProtectionDriver; \??\C:\Program Files\Malwarebytes Anti-Exploit\mbae.sys [X]
S3 EUBAKUP0; \??\C:\WINDOWS\system32\drivers\EUBAKUP0.sys [X]
S3 EUBKMON0; \??\C:\WINDOWS\system32\drivers\EUBKMON0.sys [X]
S3 EUFDDISK0; \??\C:\WINDOWS\system32\drivers\EUFDDISK0.sys [X]
U3 idsvc; No ImagePath
U2 UxSms; No ImagePath

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)

==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-01-26 12:42 - 2015-01-26 12:43 - 00000000 ____D () C:\FRST
2015-01-25 13:17 - 2015-01-26 12:27 - 00000000 ____D () C:\Users\Larry\Desktop\Potential virus stuff
2015-01-24 22:03 - 2015-01-24 22:30 - 00000000 ____D () C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2015-01-24 22:02 - 2015-01-24 22:30 - 00000000 ____D () C:\Users\Administrator\Desktop\mbar
2015-01-24 21:47 - 2015-01-24 21:48 - 00001842 _____ () C:\Users\Administrator\Desktop\Rkill.txt
2015-01-23 19:06 - 2015-01-23 19:06 - 00000704 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Legacy 8.0.lnk
2015-01-23 19:06 - 2015-01-23 19:06 - 00000000 ____D () C:\Users\Larry\Documents\Legacy Family Tree
2015-01-23 19:06 - 2015-01-23 19:06 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Legacy 8.0
2015-01-23 19:06 - 2015-01-23 19:06 - 00000000 ____D () C:\Program Files\Legacy8
2015-01-23 19:06 - 2011-03-02 20:54 - 00886776 _____ (Codejock Software) C:\WINDOWS\system32\Codejock.TaskPanel.v15.0.2.ocx
2015-01-23 19:06 - 2011-03-02 20:53 - 02660344 _____ (Codejock Software) C:\WINDOWS\system32\Codejock.CommandBars.v15.0.2.ocx
2015-01-23 19:06 - 2011-03-02 20:53 - 01882104 _____ (Codejock Software) C:\WINDOWS\system32\Codejock.Controls.v15.0.2.ocx
2015-01-23 19:06 - 2011-03-02 20:53 - 01374200 _____ (Codejock Software) C:\WINDOWS\system32\Codejock.ReportControl.v15.0.2.ocx
2015-01-23 19:06 - 2011-03-02 20:53 - 00825336 _____ (Codejock Software) C:\WINDOWS\system32\Codejock.DockingPane.v15.0.2.ocx
2015-01-23 19:06 - 2011-03-02 20:53 - 00501752 _____ (Codejock Software) C:\WINDOWS\system32\Codejock.ShortcutBar.v15.0.2.ocx
2015-01-23 19:06 - 2007-11-07 19:03 - 00496384 _____ (Xceed Software Inc (450) 442-2626 support@xceedsoft.com www.xceedsoft.com) C:\WINDOWS\system32\XceedZip.dll
2015-01-23 19:06 - 2005-08-09 17:14 - 00458752 _____ (ComponentOne) C:\WINDOWS\system32\vsprint8.ocx
2015-01-23 19:06 - 2005-08-09 17:14 - 00262144 _____ (ComponentOne ) C:\WINDOWS\system32\vspdf8.ocx
2015-01-23 19:06 - 2004-11-23 16:59 - 00184320 _____ (CIA, The Company) C:\WINDOWS\system32\ciaXPButton30.ocx
2015-01-23 19:06 - 2004-11-19 01:45 - 00200704 _____ (CIA, The company) C:\WINDOWS\system32\ciaSCls20.dll
2015-01-23 19:06 - 2004-03-09 01:00 - 01010720 _____ (Microsoft Corporation) C:\WINDOWS\system32\MSCHRT20.OCX
2015-01-23 19:06 - 2003-12-12 16:41 - 00053248 _____ (CIA, The Company) C:\WINDOWS\system32\ciaXPRegSvr20.dll
2015-01-23 19:06 - 2003-02-19 01:11 - 00065536 _____ (Larcom and Young) C:\WINDOWS\system32\ReSize32.ocx
2015-01-23 19:06 - 2002-02-12 16:24 - 00169216 _____ (Wintertree Software Inc.) C:\WINDOWS\system32\WSpell.ocx
2015-01-23 19:06 - 2000-12-06 09:59 - 00832448 _____ (APEX Software Corporation) C:\WINDOWS\system32\tdbg6.ocx
2015-01-23 19:06 - 2000-05-22 00:00 - 00647872 _____ (Microsoft Corporation) C:\WINDOWS\system32\MSCOMCT2.OCX
2015-01-23 19:06 - 2000-05-22 00:00 - 00203976 _____ (Microsoft Corporation) C:\WINDOWS\system32\RICHTX32.OCX
2015-01-23 19:06 - 2000-05-21 23:00 - 00115920 _____ (Microsoft Corporation) C:\WINDOWS\system32\MSINET.OCX
2015-01-23 19:06 - 1999-11-23 10:01 - 00276992 _____ (LEAD Technologies, Inc.) C:\WINDOWS\system32\LFCMP11n.DLL
2015-01-23 19:06 - 1999-11-22 13:58 - 00751104 _____ (LEAD Technologies, Inc.) C:\WINDOWS\system32\ltocx11n.ocx
2015-01-23 19:06 - 1999-11-22 13:52 - 00172544 _____ (LEAD Technologies, Inc.) C:\WINDOWS\system32\Lfpng11n.dll
2015-01-23 19:06 - 1999-11-22 13:52 - 00151040 _____ (LEAD Technologies, Inc.) C:\WINDOWS\system32\lftif11n.dll
2015-01-23 19:06 - 1999-11-22 13:52 - 00080896 _____ (LEAD Technologies, Inc.) C:\WINDOWS\system32\lffax11n.dll
2015-01-23 19:06 - 1999-11-22 13:52 - 00059392 _____ (LEAD Technologies, Inc.) C:\WINDOWS\system32\lfwmf11n.dll
2015-01-23 19:06 - 1999-11-22 13:52 - 00041472 _____ (LEAD Technologies, Inc.) C:\WINDOWS\system32\lfgif11n.dll
2015-01-23 19:06 - 1999-11-22 13:52 - 00036864 _____ (LEAD Technologies, Inc.) C:\WINDOWS\system32\lfbmp11n.dll
2015-01-23 19:06 - 1999-11-22 13:52 - 00035328 _____ (LEAD Technologies, Inc.) C:\WINDOWS\system32\lfcal11n.dll
2015-01-23 19:06 - 1999-11-22 13:52 - 00032768 _____ (LEAD Technologies, Inc.) C:\WINDOWS\system32\lfpcx11n.dll
2015-01-23 19:06 - 1999-11-22 13:52 - 00031232 _____ (LEAD Technologies, Inc.) C:\WINDOWS\system32\lfeps11n.dll
2015-01-23 19:06 - 1999-11-22 13:52 - 00027648 _____ (LEAD Technologies, Inc.) C:\WINDOWS\system32\lfwpg11n.dll
2015-01-23 19:06 - 1999-11-22 13:52 - 00027648 _____ (LEAD Technologies, Inc.) C:\WINDOWS\system32\lftga11n.dll
2015-01-23 19:06 - 1999-11-22 13:52 - 00027136 _____ (LEAD Technologies, Inc.) C:\WINDOWS\system32\lfimg11n.dll
2015-01-23 19:06 - 1999-11-22 13:52 - 00026112 _____ (LEAD Technologies, Inc.) C:\WINDOWS\system32\lfpcd11n.dll
2015-01-23 19:06 - 1999-11-22 13:52 - 00026112 _____ (LEAD Technologies, Inc.) C:\WINDOWS\system32\lfmsp11n.dll
2015-01-23 19:06 - 1999-11-22 13:51 - 00262144 _____ (LEAD Technologies, Inc.) C:\WINDOWS\system32\LTDIS11n.dll
2015-01-23 19:06 - 1999-11-22 13:51 - 00226816 _____ (LEAD Technologies, Inc.) C:\WINDOWS\system32\ltefx11n.dll
2015-01-23 19:06 - 1999-11-22 13:51 - 00127488 _____ (LEAD Technologies, Inc.) C:\WINDOWS\system32\ltimg11n.dll
2015-01-23 19:06 - 1999-11-22 13:51 - 00118272 _____ (LEAD Technologies, Inc.) C:\WINDOWS\system32\ltfil11n.DLL
2015-01-23 19:06 - 1999-11-22 13:51 - 00038400 _____ (LEAD Technologies, Inc.) C:\WINDOWS\system32\lttwn11n.dll
2015-01-23 19:06 - 1999-11-22 13:50 - 00391168 _____ (LEAD Technologies, Inc.) C:\WINDOWS\system32\ltkrn11n.dll
2015-01-23 19:06 - 1999-11-22 13:49 - 00045936 _____ (LEAD Technologies, Inc.) C:\WINDOWS\system32\ltvdd11w.drv
2015-01-23 19:06 - 1999-11-22 13:49 - 00003824 _____ (LEAD Technologies, Inc.) C:\WINDOWS\system32\ltthk11w.dll
2015-01-23 19:06 - 1999-09-17 11:14 - 00065536 _____ (Sheridan Software Systems, Inc) C:\WINDOWS\system32\ssfm1032.dll
2015-01-23 19:06 - 1999-07-01 13:17 - 00237568 _____ (VideoSoft) C:\WINDOWS\system32\Vsocx6.ocx
2015-01-23 19:06 - 1999-05-07 00:00 - 00198640 _____ (Microsoft Corporation) C:\WINDOWS\system32\MCI32.OCX
2015-01-23 19:06 - 1998-09-11 09:14 - 00021504 _____ () C:\WINDOWS\system32\WBCustomizer.dll
2015-01-23 19:06 - 1998-06-18 00:00 - 00089360 _____ (Microsoft Corporation) C:\WINDOWS\system32\VB5DB.dll
2015-01-23 19:06 - 1995-07-31 11:44 - 00212480 _____ (Eastman Kodak) C:\WINDOWS\system32\PCDLIB32.DLL
2015-01-23 11:47 - 2015-01-23 11:47 - 00000000 ____D () C:\Program Files\Common Files\Java
2015-01-22 20:19 - 2015-01-22 20:19 - 00001121 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2015-01-22 20:19 - 2015-01-22 20:19 - 00001121 _____ () C:\ProgramData\Desktop\Malwarebytes Anti-Malware.lnk
2015-01-22 20:15 - 2015-01-22 20:15 - 00001625 _____ () C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Resource Monitor.lnk
2015-01-22 20:10 - 2015-01-22 20:10 - 00000000 ____D () C:\Users\Administrator\AppData\Roaming\CyberLink
2015-01-22 20:10 - 2015-01-22 20:10 - 00000000 ____D () C:\Users\Administrator\AppData\Local\Power2Go8
2015-01-22 19:55 - 2015-01-22 19:55 - 00001234 _____ () C:\Users\Larry\Desktop\iecv.exe.lnk
2015-01-22 18:16 - 2015-01-22 18:16 - 00002029 _____ () C:\Users\Public\Desktop\UltraEdit.lnk
2015-01-22 18:16 - 2015-01-22 18:16 - 00002029 _____ () C:\ProgramData\Desktop\UltraEdit.lnk
2015-01-22 18:16 - 2015-01-22 18:16 - 00000000 ____D () C:\Users\Larry\AppData\Roaming\IDMComp
2015-01-22 18:16 - 2015-01-22 18:16 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\UltraEdit
2015-01-22 18:16 - 2015-01-22 18:16 - 00000000 ____D () C:\Program Files\IDM Computer Solutions
2015-01-14 18:19 - 2015-01-14 18:19 - 00000120 _____ () C:\WINDOWS\QUICKEN.INI
2015-01-14 18:19 - 2015-01-14 18:19 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Quicken 2015
2015-01-14 18:19 - 2014-09-29 23:45 - 07280344 _____ (Amyuni Technologies http://www.amyuni.com) C:\WINDOWS\system32\cdintf500.dll
2015-01-14 13:46 - 2015-01-14 13:46 - 00000000 ____D () C:\Users\Larry\Desktop\Quicken How-to Notes
2015-01-14 13:12 - 2014-11-17 14:23 - 00529352 _____ (Microsoft Corporation) C:\WINDOWS\system32\MDMAgent.exe
2015-01-14 13:12 - 2014-11-17 14:23 - 00224168 _____ (Microsoft Corporation) C:\WINDOWS\system32\SystemSettingsAdminFlows.exe
2015-01-14 13:12 - 2014-11-15 13:05 - 00801584 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfplat.dll
2015-01-14 13:12 - 2014-11-14 12:11 - 00048504 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuauclt.exe
2015-01-14 13:12 - 2014-11-13 23:05 - 02947584 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuaueng.dll
2015-01-14 13:12 - 2014-11-13 23:04 - 00084992 _____ (Microsoft Corporation) C:\WINDOWS\system32\SystemSettingsDatabase.dll
2015-01-14 13:12 - 2014-11-13 23:04 - 00029696 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuapp.exe
2015-01-14 13:12 - 2014-11-13 23:03 - 00885760 _____ (Microsoft Corporation) C:\WINDOWS\system32\MFMediaEngine.dll
2015-01-14 13:12 - 2014-11-13 23:03 - 00124928 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuwebv.dll
2015-01-14 13:12 - 2014-11-13 23:01 - 00723968 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuapi.dll
2015-01-14 13:12 - 2014-11-13 23:01 - 00366592 _____ (Microsoft Corporation) C:\WINDOWS\system32\SystemSettings.Handlers.dll
2015-01-14 13:12 - 2014-11-13 23:01 - 00332800 _____ (Microsoft Corporation) C:\WINDOWS\system32\WUSettingsProvider.dll
2015-01-14 13:12 - 2014-11-13 23:01 - 00081920 _____ (Microsoft Corporation) C:\WINDOWS\system32\wudriver.dll
2015-01-14 13:12 - 2014-11-13 22:57 - 01653248 _____ (Microsoft Corporation) C:\WINDOWS\system32\wucltux.dll
2015-01-14 13:12 - 2014-11-13 22:55 - 01619968 _____ (Microsoft Corporation) C:\WINDOWS\system32\SystemSettingsAdminFlowUI.dll
2015-01-14 13:12 - 2014-11-13 22:53 - 00790528 _____ (Microsoft Corporation) C:\WINDOWS\system32\MrmCoreR.dll
2015-01-14 13:12 - 2014-11-13 22:51 - 02241024 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsHandlers.dll
2015-01-14 13:12 - 2014-11-10 18:17 - 19731824 _____ (Microsoft Corporation) C:\WINDOWS\system32\shell32.dll
2015-01-14 13:12 - 2014-11-10 11:47 - 01856320 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\tcpip.sys
2015-01-14 13:12 - 2014-11-10 11:47 - 00335168 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\netio.sys
2015-01-14 13:12 - 2014-11-10 11:47 - 00286528 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\FWPKCLNT.SYS
2015-01-14 13:12 - 2014-11-10 11:47 - 00069440 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\wfplwfs.sys
2015-01-14 13:12 - 2014-11-09 20:14 - 00077312 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\agilevpn.sys
2015-01-14 13:12 - 2014-11-09 19:15 - 00569856 _____ (Microsoft Corporation) C:\WINDOWS\system32\BFE.DLL
2015-01-14 13:12 - 2014-11-09 19:10 - 00734208 _____ (Microsoft Corporation) C:\WINDOWS\system32\IKEEXT.DLL
2015-01-14 13:12 - 2014-11-09 19:09 - 00272384 _____ (Microsoft Corporation) C:\WINDOWS\system32\FWPUCLNT.DLL
2015-01-14 13:12 - 2014-11-09 19:04 - 00328192 _____ (Microsoft Corporation) C:\WINDOWS\system32\vpnike.dll
2015-01-14 13:12 - 2014-11-09 18:57 - 00624640 _____ (Microsoft Corporation) C:\WINDOWS\system32\rasapi32.dll
2015-01-14 13:12 - 2014-11-09 18:57 - 00561664 _____ (Microsoft Corporation) C:\WINDOWS\system32\nshwfp.dll
2015-01-14 13:12 - 2014-11-08 04:23 - 01127976 _____ (Microsoft Corporation) C:\WINDOWS\system32\msctf.dll
2015-01-14 13:12 - 2014-11-07 21:17 - 00020480 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ndistapi.sys
2015-01-14 13:12 - 2014-11-07 21:15 - 00082432 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\rasl2tp.sys
2015-01-14 13:12 - 2014-11-07 21:15 - 00066048 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\wanarp.sys
2015-01-14 13:12 - 2014-11-07 21:13 - 00039424 _____ (Microsoft Corporation) C:\WINDOWS\system32\kmddsp.tsp
2015-01-14 13:12 - 2014-11-07 21:13 - 00033280 _____ (Microsoft Corporation) C:\WINDOWS\system32\rasmxs.dll
2015-01-14 13:12 - 2014-11-07 21:13 - 00022528 _____ (Microsoft Corporation) C:\WINDOWS\system32\rasser.dll
2015-01-14 13:12 - 2014-11-07 20:48 - 00061440 _____ (Microsoft Corporation) C:\WINDOWS\system32\rasdiag.dll
2015-01-14 13:12 - 2014-11-07 20:17 - 00143360 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppxAllUserStore.dll
2015-01-14 13:12 - 2014-11-07 19:59 - 00162304 _____ (Microsoft Corporation) C:\WINDOWS\system32\rascfg.dll
2015-01-14 13:12 - 2014-11-07 19:56 - 00595456 _____ (Microsoft Corporation) C:\WINDOWS\system32\SkyDriveTelemetry.dll
2015-01-14 13:12 - 2014-11-07 19:52 - 03999232 _____ (Microsoft Corporation) C:\WINDOWS\system32\SyncEngine.dll
2015-01-14 13:12 - 2014-11-07 19:45 - 00897536 _____ (Microsoft Corporation) C:\WINDOWS\system32\SkyDrive.exe
2015-01-14 13:12 - 2014-11-06 21:20 - 00786120 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfmp4srcsnk.dll
2015-01-14 13:12 - 2014-11-04 19:39 - 00155648 _____ (Microsoft Corporation) C:\WINDOWS\system32\QSHVHOST.DLL
2015-01-14 13:12 - 2014-11-04 19:39 - 00094208 _____ (Microsoft Corporation) C:\WINDOWS\system32\QSVRMGMT.DLL
2015-01-14 13:12 - 2014-11-04 19:33 - 00465408 _____ (Microsoft Corporation) C:\WINDOWS\system32\DevicePairing.dll
2015-01-14 13:12 - 2014-11-04 19:20 - 00498688 _____ (Microsoft Corporation) C:\WINDOWS\system32\dnsapi.dll
2015-01-14 13:12 - 2014-11-04 19:20 - 00187904 _____ (Microsoft Corporation) C:\WINDOWS\system32\dnsrslvr.dll
2015-01-14 13:12 - 2014-11-04 19:18 - 00507392 _____ (Microsoft Corporation) C:\WINDOWS\system32\untfs.dll
2015-01-14 13:12 - 2014-11-04 19:06 - 00555520 _____ (Microsoft Corporation) C:\WINDOWS\system32\WSDApi.dll
2015-01-14 13:12 - 2014-11-04 19:02 - 00265728 _____ (Microsoft Corporation) C:\WINDOWS\system32\WSDMon.dll
2015-01-14 13:12 - 2014-11-04 13:28 - 00051520 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dam.sys
2015-01-14 13:12 - 2014-11-04 13:22 - 00045888 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\kbdclass.sys
2015-01-14 13:12 - 2014-11-04 13:22 - 00041792 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mouclass.sys
2015-01-14 13:12 - 2014-11-03 23:03 - 00083456 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\i8042prt.sys
2015-01-14 13:12 - 2014-11-03 23:03 - 00023552 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\kbdhid.sys
2015-01-14 13:12 - 2014-11-03 23:03 - 00022528 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mouhid.sys
2015-01-14 13:12 - 2014-11-03 23:03 - 00019968 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\sermouse.sys
2015-01-14 13:12 - 2014-11-03 22:41 - 00112128 _____ (Microsoft Corporation) C:\WINDOWS\splwow64.exe
2015-01-14 13:12 - 2014-11-03 21:44 - 00559616 _____ (Microsoft Corporation) C:\WINDOWS\system32\spoolsv.exe
2015-01-14 13:12 - 2014-10-30 18:10 - 15158784 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Xaml.dll
2015-01-14 13:12 - 2014-10-30 00:02 - 01468408 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntdll.dll
2015-01-14 13:12 - 2014-10-29 23:59 - 05769024 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe
2015-01-14 13:12 - 2014-10-28 20:22 - 00410944 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\vhdmp.sys
2015-01-14 13:12 - 2014-10-28 19:13 - 00169984 _____ (Microsoft Corporation) C:\WINDOWS\system32\WinSCard.dll
2015-01-14 13:12 - 2014-10-26 16:10 - 00390841 _____ () C:\WINDOWS\system32\ApnDatabase.xml
2015-01-14 13:12 - 2014-10-20 19:19 - 00015360 _____ (Microsoft Corporation) C:\WINDOWS\system32\eventcls.dll
2015-01-14 13:12 - 2014-10-20 18:31 - 00055296 _____ (Microsoft Corporation) C:\WINDOWS\system32\vsstrace.dll
2015-01-14 13:12 - 2014-10-20 18:20 - 01142272 _____ (Microsoft Corporation) C:\WINDOWS\system32\vssapi.dll
2015-01-14 13:12 - 2014-10-20 18:19 - 00987136 _____ (Microsoft Corporation) C:\WINDOWS\system32\VSSVC.exe
2015-01-14 13:12 - 2014-10-16 21:15 - 00199488 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\sdbus.sys
2015-01-14 13:12 - 2014-10-16 21:15 - 00131392 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dumpsd.sys
2015-01-14 13:12 - 2014-10-16 21:15 - 00036160 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\intelpep.sys
2015-01-14 13:12 - 2014-10-16 21:01 - 00076096 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\pdc.sys
2015-01-14 13:12 - 2014-04-15 17:35 - 00028352 _____ (Microsoft Corporation) C:\WINDOWS\system32\aspnet_counters.dll
2015-01-14 10:56 - 2015-01-14 10:56 - 00007162 _____ () C:\Users\Larry\Desktop\Transactions.qfx
2015-01-14 10:52 - 2015-01-14 10:52 - 00000000 ____D () C:\Users\Administrator\AppData\Local\Intuit_Inc
2015-01-14 10:49 - 2015-01-14 10:49 - 53313536 _____ () C:\Users\Administrator\Desktop\93CHECKW-2015-01-14.QDF-backup
2015-01-14 10:41 - 2015-01-14 10:41 - 00000000 ____D () C:\Users\Administrator\AppData\Local\Intuit
2015-01-14 08:25 - 2014-12-18 23:46 - 00124928 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mrxdav.sys
2015-01-14 08:25 - 2014-12-11 19:34 - 00074240 _____ (Microsoft Corporation) C:\WINDOWS\system32\TSWbPrxy.exe
2015-01-14 08:25 - 2014-12-11 18:46 - 00061952 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ahcache.sys
2015-01-14 08:25 - 2014-12-08 21:42 - 00187904 _____ (Microsoft Corporation) C:\WINDOWS\system32\profsvc.dll
2015-01-14 08:25 - 2014-12-08 13:46 - 00485544 _____ (Microsoft Corporation) C:\WINDOWS\system32\ci.dll
2015-01-14 08:25 - 2014-12-08 13:46 - 00108944 _____ (Microsoft Corporation) C:\WINDOWS\system32\EncDump.dll
2015-01-14 08:25 - 2014-12-08 13:42 - 00448792 _____ (Microsoft Corporation) C:\WINDOWS\system32\wer.dll
2015-01-14 08:25 - 2014-12-08 13:42 - 00372408 _____ (Microsoft Corporation) C:\WINDOWS\system32\Faultrep.dll
2015-01-14 08:25 - 2014-12-08 13:42 - 00033584 _____ (Microsoft Corporation) C:\WINDOWS\system32\WerFaultSecure.exe
2015-01-14 08:25 - 2014-12-05 20:36 - 00273408 _____ (Microsoft Corporation) C:\WINDOWS\system32\ncsi.dll
2015-01-14 08:25 - 2014-12-05 19:28 - 00314880 _____ (Microsoft Corporation) C:\WINDOWS\system32\nlasvc.dll
2015-01-14 08:25 - 2014-12-05 19:23 - 00194048 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioEndpointBuilder.dll
2015-01-12 12:56 - 2015-01-12 12:56 - 00000969 _____ () C:\Users\Larry\Desktop\Current Tax Backup.lnk
2015-01-12 11:43 - 2015-01-12 11:49 - 00000000 ____D () C:\Users\Larry\Desktop\RHRA claims
2015-01-11 17:38 - 2015-01-11 17:38 - 00000451 _____ () C:\Users\Larry\Desktop\Watch 1000 Years of European Borders Change In 3 Minutes.website
2015-01-08 13:04 - 2015-01-08 13:04 - 00002905 _____ () C:\Users\Public\Desktop\Nero 2015.lnk
2015-01-08 13:04 - 2015-01-08 13:04 - 00002905 _____ () C:\ProgramData\Desktop\Nero 2015.lnk
2015-01-08 13:02 - 2015-01-08 13:04 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Nero
2015-01-08 11:52 - 2015-01-08 11:53 - 00000000 ____D () C:\Users\Larry\AppData\Roaming\tiger-k
2015-01-08 11:52 - 2015-01-08 11:52 - 00000000 ____D () C:\Users\Larry\Documents\Leawo
2015-01-08 11:52 - 2015-01-08 11:52 - 00000000 ____D () C:\Users\Larry\AppData\Roaming\MenuTemplate
2015-01-08 11:52 - 2015-01-08 11:52 - 00000000 ____D () C:\Users\Larry\AppData\Roaming\Leawo
2015-01-08 11:39 - 2015-01-08 11:39 - 00000000 ____D () C:\Users\Larry\Documents\CyberLink
2015-01-07 21:52 - 2015-01-07 21:55 - 148100944 _____ () C:\Users\Larry\Documents\PowerDVD_14.0.4704.58_Patch_DVD140911-04.exe
2015-01-07 21:49 - 2015-01-07 21:49 - 00000000 ____D () C:\Users\Larry\AppData\Local\CyberLink
2015-01-07 21:48 - 2015-01-07 21:48 - 00002200 _____ () C:\Users\Public\Desktop\CyberLink PowerDVD 14.lnk
2015-01-07 21:48 - 2015-01-07 21:48 - 00002200 _____ () C:\ProgramData\Desktop\CyberLink PowerDVD 14.lnk
2015-01-07 21:48 - 2015-01-07 21:48 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CyberLink PowerDVD 14
2015-01-07 21:48 - 2015-01-07 21:48 - 00000000 ____D () C:\Users\Administrator\AppData\Local\CyberLink
2015-01-07 21:46 - 2015-01-07 21:58 - 00000000 ____D () C:\ProgramData\SUPPORTDIR
2015-01-07 20:44 - 2015-01-07 20:45 - 00000000 ____D () C:\Users\Administrator\AppData\Roaming\tiger-k
2015-01-07 20:44 - 2015-01-07 20:44 - 00001214 _____ () C:\Users\Public\Desktop\Leawo Blu-ray Copy.lnk
2015-01-07 20:44 - 2015-01-07 20:44 - 00001214 _____ () C:\ProgramData\Desktop\Leawo Blu-ray Copy.lnk
2015-01-07 20:44 - 2015-01-07 20:44 - 00000000 ____D () C:\Users\Administrator\Documents\Leawo
2015-01-07 20:44 - 2015-01-07 20:44 - 00000000 ____D () C:\Users\Administrator\AppData\Roaming\MenuTemplate
2015-01-07 20:44 - 2015-01-07 20:44 - 00000000 ____D () C:\Users\Administrator\AppData\Roaming\Leawo
2015-01-07 20:44 - 2015-01-07 20:44 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Leawo
2015-01-07 20:44 - 2012-01-10 10:18 - 00066944 _____ (TOSHIBA Corporation) C:\WINDOWS\system32\thdudf.sys
2015-01-07 20:44 - 2012-01-10 10:18 - 00066944 _____ (TOSHIBA Corporation) C:\WINDOWS\system32\Drivers\thdudf.sys
2015-01-07 20:43 - 2015-01-07 20:44 - 00000000 ____D () C:\ProgramData\Leawo
2015-01-07 20:43 - 2015-01-07 20:43 - 00000000 ____D () C:\Program Files\Leawo
2015-01-07 20:43 - 2015-01-07 20:43 - 00000000 ____D () C:\Program Files\Common Files\Appkeys
2015-01-07 20:43 - 2012-01-09 11:34 - 00606208 _____ (http://www.xvid.org) C:\WINDOWS\system32\xvidcore.dll
2015-01-07 20:43 - 2012-01-09 11:34 - 00139264 _____ (http://www.xvid.org) C:\WINDOWS\system32\xvid.ax
2015-01-07 20:41 - 2015-01-07 20:41 - 00000000 ____D () C:\Users\Larry\AppData\Local\Power2Go8
2015-01-07 20:27 - 2015-01-07 20:27 - 00000000 ____D () C:\Users\Public\CyberLink
2015-01-07 20:25 - 2015-01-07 21:50 - 00000000 ____D () C:\Users\Larry\AppData\Roaming\CyberLink
2015-01-07 20:25 - 2015-01-07 20:25 - 00000000 ____D () C:\Users\Public\Documents\CyberLink
2015-01-07 20:25 - 2015-01-07 20:25 - 00000000 ____D () C:\ProgramData\Documents\CyberLink
2015-01-07 20:19 - 2015-01-07 20:19 - 00002188 _____ () C:\Users\Public\Desktop\CyberLink Power2Go 8.lnk
2015-01-07 20:19 - 2015-01-07 20:19 - 00002188 _____ () C:\ProgramData\Desktop\CyberLink Power2Go 8.lnk
2015-01-07 20:19 - 2015-01-07 20:19 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CyberLink Power2Go 8
2015-01-07 20:19 - 2015-01-07 20:19 - 00000000 ____D () C:\Program Files\Common Files\CyberLink
2015-01-07 20:19 - 2013-03-05 12:02 - 00074816 _____ (CyberLink) C:\WINDOWS\system32\Drivers\CLVirtualDrive.sys
2015-01-07 20:13 - 2015-01-13 10:10 - 00000000 ____D () C:\ProgramData\CyberLink
2015-01-07 20:11 - 2015-01-07 21:47 - 00000000 ____D () C:\Program Files\CyberLink
2015-01-07 20:09 - 2015-01-07 20:27 - 00001948 _____ () C:\Users\Administrator\Desktop\ASUS E-Green.lnk
2015-01-07 20:08 - 2015-01-07 21:46 - 00000000 ____D () C:\ProgramData\install_clap
2015-01-07 19:44 - 2015-01-07 19:44 - 00000390 _____ () C:\Users\Larry\Desktop\Blu-Ray (V).lnk
2015-01-07 08:56 - 2015-01-07 08:56 - 00135248 _____ () C:\WINDOWS\Minidump\010715-47453-01.dmp
2015-01-04 12:55 - 2015-01-04 12:55 - 00000000 ____D () C:\Program Files\Glance29
2015-01-04 12:55 - 2009-05-13 10:56 - 00034080 _____ (Glance Networks, Inc) C:\WINDOWS\system32\Drivers\glancedrv.sys
2015-01-04 12:55 - 2009-05-13 10:56 - 00033824 _____ (Glance Networks, Inc) C:\WINDOWS\system32\glancedrv.dll
2014-12-29 12:27 - 2014-12-29 12:27 - 00000000 ____D () C:\Program Files\Mozilla Firefox
2014-12-27 12:02 - 2014-12-29 12:34 - 00000000 ____D () C:\Program Files\Tansee iDevice Photo Camera Transfer
2014-12-27 12:02 - 2014-12-27 12:02 - 00000000 ____D () C:\Users\Administrator\Documents\Tansee
2014-12-27 12:02 - 2014-12-27 12:02 - 00000000 ____D () C:\Users\Administrator\AppData\Roaming\Apple Computer
2014-12-27 11:43 - 2014-12-27 11:43 - 00000000 ____D () C:\Users\Larry\AppData\Roaming\Apple Computer
2014-12-27 11:43 - 2014-12-27 11:43 - 00000000 ____D () C:\Users\Larry\AppData\Local\Apple Computer
2014-12-27 11:41 - 2014-12-29 12:33 - 00000000 ____D () C:\ProgramData\B0FFCDD9-5261-4e59-B29A-17A4FABDEBAB
2014-12-27 11:41 - 2014-12-27 11:41 - 00002535 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Apple Software Update.lnk
2014-12-27 11:41 - 2014-12-27 11:41 - 00000000 ____D () C:\Users\Administrator\AppData\Local\Apple
2014-12-27 11:41 - 2014-12-27 11:41 - 00000000 ____D () C:\ProgramData\Apple Computer
2014-12-27 11:41 - 2014-12-27 11:41 - 00000000 ____D () C:\Program Files\Apple Software Update
2014-12-27 11:40 - 2014-12-29 12:33 - 00000000 ____D () C:\Program Files\Common Files\Apple
2014-12-27 11:40 - 2014-12-27 11:41 - 00000000 ____D () C:\ProgramData\Apple
2014-12-27 11:40 - 2014-12-27 11:40 - 00000000 ____D () C:\Program Files\Bonjour
2014-12-27 00:38 - 2015-01-19 15:32 - 00714720 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerApp.exe
2014-12-27 00:38 - 2015-01-19 15:32 - 00106976 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerCPLApp.cpl
2014-12-27 00:32 - 2014-12-27 00:32 - 00000000 ___SD () C:\WINDOWS\system32\CompatTel
2014-12-27 00:02 - 2014-11-21 20:22 - 19749376 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2014-12-27 00:02 - 2014-11-21 20:07 - 00501248 _____ (Microsoft Corporation) C:\WINDOWS\system32\vbscript.dll
2014-12-27 00:02 - 2014-11-21 20:06 - 00340992 _____ (Microsoft Corporation) C:\WINDOWS\system32\html.iec
2014-12-27 00:02 - 2014-11-21 20:05 - 00064000 _____ (Microsoft Corporation) C:\WINDOWS\system32\MshtmlDac.dll
2014-12-27 00:02 - 2014-11-21 20:01 - 02277888 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll
2014-12-27 00:02 - 2014-11-21 19:55 - 00661504 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript.dll
2014-12-27 00:02 - 2014-11-21 19:35 - 00076288 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtmled.dll
2014-12-27 00:02 - 2014-11-21 19:34 - 00128000 _____ (Microsoft Corporation) C:\WINDOWS\system32\iepeers.dll
2014-12-27 00:02 - 2014-11-21 19:33 - 00285696 _____ (Microsoft Corporation) C:\WINDOWS\system32\dxtrans.dll
2014-12-27 00:02 - 2014-11-21 19:29 - 04299264 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
2014-12-27 00:02 - 2014-11-21 19:29 - 00880128 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcomm.dll
2014-12-27 00:02 - 2014-11-21 19:25 - 00230400 _____ (Microsoft Corporation) C:\WINDOWS\system32\webcheck.dll
2014-12-27 00:02 - 2014-11-21 19:23 - 00688640 _____ (Microsoft Corporation) C:\WINDOWS\system32\msfeeds.dll
2014-12-27 00:02 - 2014-11-21 19:23 - 00684544 _____ (Microsoft Corporation) C:\WINDOWS\system32\ie4uinit.exe
2014-12-27 00:02 - 2014-11-21 19:23 - 00326656 _____ (Microsoft Corporation) C:\WINDOWS\system32\iedkcs32.dll
2014-12-27 00:02 - 2014-11-21 19:22 - 02052096 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcpl.cpl
2014-12-27 00:02 - 2014-11-21 19:13 - 12836864 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2014-12-27 00:02 - 2014-11-21 19:00 - 01888256 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll
2014-12-27 00:02 - 2014-11-21 18:56 - 01307136 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
2014-12-27 00:02 - 2014-11-21 18:54 - 00710144 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieapfltr.dll
2014-12-27 00:02 - 2014-11-09 19:51 - 00028672 _____ (Microsoft Corporation) C:\WINDOWS\system32\DeviceSetupStatusProvider.dll
2014-12-27 00:02 - 2014-11-06 21:26 - 01489072 _____ (Microsoft Corporation) C:\WINDOWS\system32\WindowsCodecs.dll
2014-12-27 00:02 - 2014-10-30 17:38 - 01612992 _____ (Microsoft Corporation) C:\WINDOWS\system32\crypt32.dll
2014-12-27 00:02 - 2014-10-30 16:37 - 00129536 _____ (Microsoft Corporation) C:\WINDOWS\system32\poqexec.exe

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-01-26 12:23 - 2013-10-30 11:24 - 00000000 ____D () C:\Users\Larry\AppData\Roaming\ClassicShell
2015-01-26 12:15 - 2013-05-16 22:12 - 00000904 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2015-01-26 12:00 - 2013-08-22 02:17 - 00000000 ____D () C:\WINDOWS\system32\sru
2015-01-26 11:49 - 2013-05-21 10:58 - 00000830 _____ () C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
2015-01-26 09:22 - 2013-05-17 09:44 - 00000000 ____D () C:\Users\Larry\AppData\Local\CrashDumps
2015-01-26 09:04 - 2013-10-23 13:02 - 01595670 _____ () C:\WINDOWS\WindowsUpdate.log
2015-01-26 08:54 - 2013-10-08 00:30 - 00000900 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore1cec3efd5583227.job
2015-01-26 08:54 - 2013-05-19 17:53 - 00000000 ___RD () C:\Users\Larry\Dropbox
2015-01-26 08:54 - 2013-05-19 17:51 - 00000000 ____D () C:\Users\Larry\AppData\Roaming\Dropbox
2015-01-26 08:22 - 2013-08-22 02:17 - 00000000 ____D () C:\WINDOWS\Microsoft.NET
2015-01-26 08:11 - 2013-10-23 13:02 - 00000000 ____D () C:\ProgramData\NVIDIA
2015-01-26 08:11 - 2013-08-22 01:23 - 00482406 _____ () C:\WINDOWS\setupact.log
2015-01-26 08:11 - 2013-08-22 01:23 - 00000006 ____H () C:\WINDOWS\Tasks\SA.DAT
2015-01-26 08:11 - 2013-08-22 00:13 - 00262144 ___SH () C:\WINDOWS\system32\config\ELAM
2015-01-26 08:11 - 2013-05-20 13:13 - 00000000 ____D () C:\Program Files\CyberPower PowerPanel Personal Edition
2015-01-26 00:09 - 2014-11-26 13:05 - 00000000 ____D () C:\Program Files\PDF Suite 2015
2015-01-26 00:09 - 2014-03-25 10:49 - 00000000 ____D () C:\Program Files\EMET 4.1
2015-01-26 00:09 - 2013-05-21 12:44 - 00000000 ____D () C:\Program Files\DU Meter
2015-01-25 22:42 - 2013-06-10 18:03 - 00000000 ____D () C:\Users\Larry\AppData\Roaming\MahJong Suite
2015-01-25 13:59 - 2013-11-13 15:54 - 00007639 _____ () C:\Users\Administrator\AppData\Local\Resmon.ResmonCfg
2015-01-24 22:03 - 2014-04-01 13:55 - 00119512 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2015-01-24 22:02 - 2014-04-01 13:55 - 00082648 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbamchameleon.sys
2015-01-24 21:03 - 2013-10-23 13:03 - 01068716 _____ () C:\WINDOWS\system32\PerfStringBackup.INI
2015-01-24 02:09 - 2013-08-22 00:13 - 00524288 ___SH () C:\WINDOWS\system32\config\BBI
2015-01-23 19:06 - 2014-02-20 11:38 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ThumbsPlus
2015-01-23 11:54 - 2013-08-22 02:17 - 00000000 ____D () C:\WINDOWS\AppReadiness
2015-01-23 11:51 - 2013-11-11 13:48 - 00000000 ____D () C:\Users\Administrator\AppData\Roaming\ClassicShell
2015-01-23 11:48 - 2014-05-16 20:19 - 00000000 ____D () C:\ProgramData\Oracle
2015-01-23 11:46 - 2014-10-14 16:31 - 00272296 _____ (Oracle Corporation) C:\WINDOWS\system32\javaws.exe
2015-01-23 11:46 - 2014-10-14 16:31 - 00176552 _____ (Oracle Corporation) C:\WINDOWS\system32\javaw.exe
2015-01-23 11:46 - 2014-10-14 16:31 - 00176552 _____ (Oracle Corporation) C:\WINDOWS\system32\java.exe
2015-01-23 11:46 - 2014-10-14 16:31 - 00096680 _____ (Oracle Corporation) C:\WINDOWS\system32\WindowsAccessBridge.dll
2015-01-23 11:46 - 2014-04-12 12:03 - 00000000 ____D () C:\Program Files\Java
2015-01-23 11:43 - 2014-05-03 13:13 - 00000004 _____ () C:\WINDOWS\system32\GVTunner.ref
2015-01-23 11:43 - 2013-05-16 18:24 - 00024944 _____ () C:\WINDOWS\system32\Drivers\GVTDrv.sys
2015-01-23 11:42 - 2013-05-16 18:23 - 00017488 _____ (Windows ® 2000 DDK provider) C:\WINDOWS\gdrv.sys
2015-01-23 09:17 - 2014-04-01 13:55 - 00000000 ____D () C:\Program Files\Malwarebytes Anti-Malware
2015-01-23 09:05 - 2012-07-26 00:43 - 00000000 ____D () C:\WINDOWS\CbsTemp
2015-01-23 00:21 - 2013-09-29 21:50 - 00115282 _____ () C:\WINDOWS\PFRO.log
2015-01-23 00:21 - 2012-07-26 00:53 - 00000000 ___HD () C:\WINDOWS\ELAMBKUP
2015-01-22 20:43 - 2013-08-22 02:17 - 00000000 ____D () C:\WINDOWS\System
2015-01-22 20:28 - 2013-09-30 19:18 - 00000000 ____D () C:\Program Files\File Type Assistant
2015-01-22 20:19 - 2014-04-01 13:55 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2015-01-22 19:32 - 2013-05-17 08:54 - 00000000 ____D () C:\Users\Larry\Desktop\Family
2015-01-22 18:17 - 2013-10-23 13:05 - 00000000 ____D () C:\Users\Larry
2015-01-18 16:00 - 2013-05-21 12:57 - 00000000 ____D () C:\ProgramData\TEMP
2015-01-14 13:58 - 2013-08-22 02:17 - 00000000 ____D () C:\WINDOWS\rescache
2015-01-14 13:32 - 2013-08-22 02:17 - 00000000 ___RD () C:\WINDOWS\ToastData
2015-01-14 13:32 - 2013-08-22 02:17 - 00000000 ___RD () C:\WINDOWS\ImmersiveControlPanel
2015-01-14 13:32 - 2013-08-22 02:17 - 00000000 ____D () C:\WINDOWS\system32\inetsrv
2015-01-14 13:11 - 2014-11-12 08:19 - 00025600 _____ (Microsoft Corporation) C:\WINDOWS\system32\wups.dll
2015-01-14 13:11 - 2014-11-12 08:19 - 00023552 _____ (Microsoft Corporation) C:\WINDOWS\system32\wups2.dll
2015-01-14 13:11 - 2014-11-12 08:19 - 00014848 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuaext.dll
2015-01-14 11:02 - 2013-09-30 19:27 - 00000000 ____D () C:\Users\Larry\AppData\Local\File Viewer
2015-01-14 09:20 - 2013-07-09 16:09 - 00000000 ____D () C:\WINDOWS\system32\MRT
2015-01-14 09:15 - 2013-05-16 23:06 - 110348472 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2015-01-11 11:45 - 2013-11-29 18:33 - 00219136 ___SH () C:\Users\Larry\Desktop\Thumbs.db
2015-01-09 14:46 - 2013-07-01 17:27 - 00000000 ____D () C:\Users\Larry\AppData\Local\WeatherBug
2015-01-08 13:19 - 2013-05-21 15:35 - 00000000 ____D () C:\Users\Larry\AppData\Roaming\Nero
2015-01-08 13:08 - 2013-05-21 14:33 - 00000000 ____D () C:\ProgramData\Nero
2015-01-08 13:04 - 2013-05-21 14:54 - 00000000 ____D () C:\Program Files\Nero
2015-01-08 13:04 - 2013-05-21 14:54 - 00000000 ____D () C:\Program Files\Common Files\Nero
2015-01-07 21:48 - 2013-05-16 18:10 - 00000000 ___HD () C:\Program Files\InstallShield Installation Information
2015-01-07 20:27 - 2013-08-22 00:21 - 00000000 ___RD () C:\Users\Public
2015-01-07 08:56 - 2014-04-18 20:36 - 00000000 ____D () C:\WINDOWS\Minidump
2015-01-06 10:34 - 2013-10-22 17:10 - 201899808 ____N () C:\WINDOWS\MEMORY.DMP
2015-01-04 13:45 - 2013-05-19 18:04 - 00000000 ____D () C:\Users\Larry\AppData\Roaming\FamilyTreeMaker
2015-01-04 12:55 - 2013-11-29 12:38 - 00000000 ____D () C:\Program Files\Family Tree Maker 2014
2015-01-03 11:59 - 2013-09-14 09:56 - 00000000 ____D () C:\Users\Larry\Desktop\genealogy resources
2014-12-30 04:07 - 2013-11-07 14:09 - 00000000 ____D () C:\Program Files\Mozilla Maintenance Service
2014-12-29 09:21 - 2014-11-27 14:28 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SketchUp 2015
2014-12-28 12:11 - 2013-10-23 10:51 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DU Meter
2014-12-27 12:17 - 2013-12-04 12:35 - 00000000 ____D () C:\Users\Administrator\Documents\New folder
2014-12-27 00:42 - 2013-05-16 22:00 - 00002457 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk
2014-12-27 00:38 - 2013-08-22 02:18 - 00005217 _____ () C:\WINDOWS\DtcInstall.log
2014-12-27 00:37 - 2013-08-22 01:22 - 00507976 _____ () C:\WINDOWS\system32\FNTCACHE.DAT
2014-12-27 00:33 - 2013-08-22 02:17 - 00000000 ___RD () C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools
2014-12-27 00:33 - 2013-08-22 02:17 - 00000000 ___RD () C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
2014-12-27 00:33 - 2013-08-22 02:17 - 00000000 ___RD () C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility
2014-12-27 00:33 - 2013-08-22 02:17 - 00000000 ___RD () C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools
2014-12-27 00:33 - 2013-08-22 02:17 - 00000000 ___RD () C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
2014-12-27 00:33 - 2013-08-22 02:17 - 00000000 ___RD () C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility
2014-12-27 00:33 - 2013-08-22 02:17 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\System Tools
2014-12-27 00:33 - 2013-08-22 02:17 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories
2014-12-27 00:33 - 2013-08-22 02:17 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessibility
2014-12-27 00:33 - 2013-08-22 02:17 - 00000000 ____D () C:\WINDOWS\system32\sr-Latn-RS
2014-12-27 00:33 - 2013-08-22 02:17 - 00000000 ____D () C:\WINDOWS\system32\sr-Latn-CS
2014-12-27 00:33 - 2013-08-22 02:17 - 00000000 ____D () C:\WINDOWS\MediaViewer
2014-12-27 00:33 - 2013-08-22 02:17 - 00000000 ____D () C:\WINDOWS\FileManager
2014-12-27 00:33 - 2013-08-22 02:17 - 00000000 ____D () C:\WINDOWS\Camera
2014-12-27 00:32 - 2013-09-29 21:47 - 00000000 __SHD () C:\WINDOWS\BitLockerDiscoveryVolumeContents
2014-12-27 00:32 - 2013-09-29 21:47 - 00000000 ____D () C:\Program Files\Windows Journal
2014-12-27 00:32 - 2013-08-22 02:17 - 00000000 ___SD () C:\WINDOWS\system32\dsc
2014-12-27 00:32 - 2013-08-22 02:17 - 00000000 ____D () C:\WINDOWS\WinStore
2014-12-27 00:32 - 2013-08-22 02:17 - 00000000 ____D () C:\WINDOWS\twain_32
2014-12-27 00:32 - 2013-08-22 02:17 - 00000000 ____D () C:\WINDOWS\system32\WinBioPlugIns
2014-12-27 00:32 - 2013-08-22 02:17 - 00000000 ____D () C:\WINDOWS\system32\SystemResetPlatform
2014-12-27 00:32 - 2013-08-22 02:17 - 00000000 ____D () C:\WINDOWS\system32\Com
2014-12-27 00:32 - 2013-08-22 02:17 - 00000000 ____D () C:\WINDOWS\IME
2014-12-27 00:32 - 2013-08-22 02:17 - 00000000 ____D () C:\Program Files\WindowsPowerShell
2014-12-27 00:32 - 2013-08-22 02:17 - 00000000 ____D () C:\Program Files\Windows Portable Devices
2014-12-27 00:32 - 2013-08-22 02:17 - 00000000 ____D () C:\Program Files\Windows Photo Viewer
2014-12-27 00:32 - 2013-08-22 02:17 - 00000000 ____D () C:\Program Files\Windows Multimedia Platform
2014-12-27 00:32 - 2013-08-22 02:17 - 00000000 ____D () C:\Program Files\Common Files\System
2014-12-27 00:31 - 2013-05-16 22:44 - 00000000 ____D () C:\ProgramData\Microsoft Help
2014-12-27 00:14 - 2013-08-22 02:17 - 00195072 _____ (Microsoft Corporation) C:\WINDOWS\system32\msclmd.dll

==================== Files in the root of some directories =======

2013-11-13 15:54 - 2015-01-25 13:59 - 0007639 _____ () C:\Users\Administrator\AppData\Local\Resmon.ResmonCfg
2013-05-20 10:24 - 2013-05-20 10:24 - 0000008 __RSH () C:\ProgramData\D8F7E80667.sys
2013-05-19 15:58 - 2013-10-23 15:54 - 0014203 _____ () C:\ProgramData\hpzinstall.log
2013-05-20 10:24 - 2013-12-29 20:34 - 0002568 ___SH () C:\ProgramData\KGyGaAvL.sys
2013-05-21 15:50 - 2014-11-18 18:29 - 0001192 _____ () C:\ProgramData\Microsoft.SqlServer.Compact.400.32.bc

Some content of TEMP:
====================
C:\Users\Administrator\AppData\Local\Temp\jre-7u71-windows-i586-iftw.exe
C:\Users\Administrator\AppData\Local\Temp\jre-8u31-windows-au.exe
C:\Users\Larry\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpfdj0px.dll
C:\Users\Larry\AppData\Local\Temp\SkypeSetup.exe

==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\wininit.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2015-01-26 08:22

==================== End Of Log ============================



BC AdBot (Login to Remove)

 


#2 shelf life

shelf life

  • Malware Response Team
  • 2,657 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:@localhost
  • Local time:08:49 PM

Posted 28 January 2015 - 07:34 PM

hi lrmarker,

 

You can get two dowbloads to use. Post the logs and lets see what they drag up and we will go from there:

 

1) Adwcleaner:

 

Please download adwcleaner from here and save to your desktop.

    Right-click on adwcleaner.exe and select Run as Administrator to launch the application.
    Now click on the Scan tab, once the scan is complete click on the Clean tab and follow the prompts.
    Allow the system to reboot. You will then be presented with the report. Copy & Paste this report on your next  reply.

    http://www.bleepingcomputer.com/download/adwcleaner/

    Note: The log can also be located at C: AdwCleaner AdwCleaner[S0].txt

 

2) JRT.exe:

 

Please download Junkware Removal Tool to your desktop.

     http://thisisudax.org/downloads/JRT.exe

    Shutdown your antivirus to avoid any conflicts.
    Double click the icon or Right click for Vista/W7,8 and select Run as administrator
    The tool will open and start scanning.
    Please be patient as this can take a while to complete.
    On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
    Post the contents of JRT.txt into your next message

 

 

 

 

How Can I Reduce My Risk to Malware?


#3 lrmarker

lrmarker
  • Topic Starter

  • Members
  • 23 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:06:49 PM

Posted 28 January 2015 - 08:37 PM

Thanks for the quick response

 

The results log for AdwCleaner did not open after the reboot, but here is the contents of the AdwCleaner[S0].txt file:

 

# AdwCleaner v4.109 - Report created 28/01/2015 at 19:18:32
# Updated 24/01/2015 by Xplode
# Database : 2015-01-26.1 [Live]
# Operating System : Windows 8.1 Pro  (32 bits)
# Username : Administrator - LARRYS-PC
# Running from : C:\Users\Larry\Desktop\Potential virus stuff\Bleeping Computer\AdwCleaner\AdwCleaner.exe
# Option : Clean

***** [ Services ] *****

***** [ Files / Folders ] *****

Folder Deleted : C:\ProgramData\NCH Software
Folder Deleted : C:\ProgramData\StarApp
Folder Deleted : C:\ProgramData\saFe saVVee
Folder Deleted : C:\Program Files\AVG SafeGuard toolbar
Folder Deleted : C:\Program Files\File Type Assistant
Folder Deleted : C:\Program Files\NCH Software
Folder Deleted : C:\Program Files\SafeSaver
Folder Deleted : C:\Program Files\PANDORA.TV
Folder Deleted : C:\Program Files\Common Files\AVG Secure Search
Folder Deleted : C:\Users\Administrator\AppData\Local\PackageAware
Folder Deleted : C:\Users\Larry\AppData\Local\AVG SafeGuard toolbar
Folder Deleted : C:\Users\Larry\AppData\Local\FileTypeAssistant
Folder Deleted : C:\Users\Larry\AppData\Local\PackageAware
Folder Deleted : C:\Users\Larry\AppData\Local\CrashRpt
Folder Deleted : C:\Users\Larry\AppData\LocalLow\saFe saVVee
Folder Deleted : C:\Users\Larry\AppData\Roaming\NCH Software
Folder Deleted : C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\mkfokfffehpeedafpekjeddnmnjhmcmk
Folder Deleted : C:\Users\Larry\AppData\Local\Google\Chrome\User Data\Default\Extensions\mkfokfffehpeedafpekjeddnmnjhmcmk
File Deleted : C:\Users\Larry\AppData\Roaming\Mozilla\Firefox\Profiles\1rvpvjnx.default\invalidprefs.js
File Deleted : C:\Users\Larry\AppData\Roaming\Mozilla\Firefox\Profiles\1rvpvjnx.default\searchplugins\safesearch.xml
File Deleted : C:\Users\Larry\AppData\Roaming\Mozilla\Firefox\Profiles\1rvpvjnx.default\user.js
File Deleted : C:\Users\Larry\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.superfish.com_0.localstorage
File Deleted : C:\Users\Larry\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.superfish.com_0.localstorage-journal
File Deleted : C:\Users\Larry\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxps_www.superfish.com_0.localstorage
File Deleted : C:\Users\Larry\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxps_www.superfish.com_0.localstorage-journal

***** [ Scheduled Tasks ] *****

Task Deleted : ProgramRefresh-ATFST
Task Deleted : ProgramUpdateCheck

***** [ Shortcuts ] *****

***** [ Registry ] *****

Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\mkfokfffehpeedafpekjeddnmnjhmcmk
Key Deleted : HKCU\Software\MICROSOFT\INTERNET EXPLORER\DOMSTORAGE\superfish.com
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\DOMStorage\www.superfish.com
Key Deleted : HKLM\SOFTWARE\Classes\AppID\ScriptHelper.EXE
Key Deleted : HKLM\SOFTWARE\Classes\AppID\ViProtocol.DLL
Key Deleted : HKLM\SOFTWARE\Classes\protector_dll.protectorbho
Key Deleted : HKLM\SOFTWARE\Classes\protector_dll.protectorbho.1
Key Deleted : HKLM\SOFTWARE\Classes\protocols\handler\viprotocol
Key Deleted : HKLM\SOFTWARE\Classes\S
Key Deleted : HKLM\SOFTWARE\Classes\ScriptHelper.ScriptHelperApi
Key Deleted : HKLM\SOFTWARE\Classes\ScriptHelper.ScriptHelperApi.1
Key Deleted : HKLM\SOFTWARE\Classes\ViProtocol.ViProtocolOLE
Key Deleted : HKLM\SOFTWARE\Classes\ViProtocol.ViProtocolOLE.1
Key Deleted : HKLM\SOFTWARE\MozillaPlugins\@avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{1FDFF5A2-7BB1-48E1-8081-7236812B12B2}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{BB711CB0-C70B-482E-9852-EC05EBD71DBB}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{C292AD0A-C11F-479B-B8DB-743E72D283B0}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{408CFAD9-8F13-4747-8EC7-770A339C7237}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{933B95E2-E7B7-4AD9-B952-7AC336682AE3}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{B658800C-F66E-4EF3-AB85-6C0C227862A9}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{DE9028D0-5FFA-4E69-94E3-89EE8741F468}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{C401D2CE-DC27-45C7-BC0C-8E6EA7F085D6}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{07CAC314-E962-4F78-89AB-DD002F2490EE}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{74FB6AFD-DD77-4CEB-83BD-AB2B63E63C93}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{9C049BA6-EA47-4AC3-AED6-A66D8DC9E1D8}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{C2AC8A0E-E48E-484B-A71C-C7A937FAAB94}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{AFBCB7E0-F91A-4951-9F31-58FEE57A25C4}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}
Key Deleted : HKCU\Software\APN PIP
Key Deleted : HKCU\Software\PIP
Key Deleted : HKLM\SOFTWARE\AVG Security Toolbar
Key Deleted : HKLM\SOFTWARE\Conduit
Key Deleted : HKLM\SOFTWARE\firstsearch
Key Deleted : HKLM\SOFTWARE\PIP
Key Deleted : HKLM\SOFTWARE\SP Global
Key Deleted : HKLM\SOFTWARE\SProtector
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Trusted Software Assistant_is1
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\464AA55239C100F32AF2D438EDDC0F47
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\5652BA3D5FB98AE31B337BF0AF939856
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\86EB95E1AFCBABE3DB9ECCC669B99494

***** [ Browsers ] *****

-\\ Internet Explorer v11.0.9600.17416

Setting Restored : HKLM\SOFTWARE\Microsoft\Internet Explorer\AboutURls [Tabs]

-\\ Mozilla Firefox v35.0.1 (x86 en-US)

[1rvpvjnx.default\prefs.js] - Line Deleted : user_pref("extensions.mymysearchdial.hmpgUrl", "hxxp://start.mysearchdial.com/?f=1&a=file0202ie&cd=2XzuyEtN2Y1L1QzuzytDtB0BtAyEyCtD0D0EyBtDyC0B0C0BtN0CyD1B1P1R&cr=1561261278&ir=");
[1rvpvjnx.default\prefs.js] - Line Deleted : user_pref("extensions.mysearchdial.dfltSrch", true);

-\\ Google Chrome v40.0.2214.93

[C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://search.aol.com/aol/search?query={searchTerms}
[C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://www.ask.com/web?q={searchTerms}
[C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://start.mysearchdial.com/results.php?f=4&q={searchTerms}&a=file0202ie&cd=2XzuyEtN2Y1L1QzuzytDtB0BtAyEyCtD0D0EyBtDyC0B0C0BtN0D0Tzu0SyBzytBtN1L2XzutBtFtBtFtCyEtFtCtAyBzytN1L1CzutCyD1B1P1R&cr=1561261278&ir=
[C:\Users\Larry\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://nortonsafe.search.ask.com/web?q={SEARCHTERMS}&o=15527&prt=NIS&chn=retail&geo=US&ver=20&locale=en_US&tpr=111
[C:\Users\Larry\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://search.aol.com/aol/search?q={searchTerms}
[C:\Users\Larry\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://www.ask.com/web?q={searchTerms}
[C:\Users\Larry\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://start.mysearchdial.com/results.php?f=4&q={searchTerms}&a=file0202ie&cd=2XzuyEtN2Y1L1QzuzytDtB0BtAyEyCtD0D0EyBtDyC0B0C0BtN0D0Tzu0SyBzytBtN1L2XzutBtFtBtFtCyEtFtCtAyBzytN1L1CzutCyD1B1P1R&cr=1561261278&ir=
[C:\Users\Larry\AppData\Local\Google\Chrome\User Data\Default\preferences] - Deleted [Extension] : mkfokfffehpeedafpekjeddnmnjhmcmk

*************************

AdwCleaner[R1].txt - [9125 octets] - [28/01/2015 18:58:36]
AdwCleaner[S0].txt - [9063 octets] - [28/01/2015 19:18:32]

########## EOF - \AdwCleaner\AdwCleaner[S0].txt - [9123 octets] ##########

 

----------------------------------------------------------------------------

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.4.1 (12.28.2014:1)
OS: Windows 8.1 Pro x86
Ran by Administrator on Wed 01/28/2015 at 19:27:26.07
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

 

~~~ Services

 

~~~ Registry Values

 

~~~ Registry Keys

 

~~~ Files

Successfully deleted: [File] C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-758451956-1520791384-1717137910-1000
Successfully deleted: [File] C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-758451956-1520791384-1717137910-1007
Successfully deleted: [File] C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-758451956-1520791384-1717137910-500

 

~~~ Folders

 

~~~ Event Viewer Logs were cleared

 

 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Wed 01/28/2015 at 19:29:05.35
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~


Edited by lrmarker, 28 January 2015 - 08:38 PM.


#4 shelf life

shelf life

  • Malware Response Team
  • 2,657 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:@localhost
  • Local time:08:49 PM

Posted 28 January 2015 - 09:04 PM

ok. Good. Next we will use FRST:

 

Open notepad. Please copy/paste the contents of the code box below into notepad

C:\ProgramData\D8F7E80667.sysHKLM\...\Run: [] => [X]S3 cpuz135; \??\C:\Users\Larry\AppData\Local\Temp\cpuz135\cpuz135_x32.sys [X]
S1 ESProtectionDriver; \??\C:\Program Files\Malwarebytes Anti-Exploit\mbae.sys [X]
S3 EUBAKUP0; \??\C:\WINDOWS\system32\drivers\EUBAKUP0.sys [X]
S3 EUBKMON0; \??\C:\WINDOWS\system32\drivers\EUBKMON0.sys [X]
S3 EUFDDISK0; \??\C:\WINDOWS\system32\drivers\EUFDDISK0.sys [X]EmptyTemp:

Save it on the Desktop as fixlist.txt. In the same folder as FRST.exe is located.

 

Run FRST again like before except this time: press the Fix button just once and wait.

The tool will make a log on the desktop (Fixlog.txt) please post it to your reply.


How Can I Reduce My Risk to Malware?


#5 lrmarker

lrmarker
  • Topic Starter

  • Members
  • 23 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:06:49 PM

Posted 28 January 2015 - 09:27 PM

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x86) Version: 28-01-2015 01
Ran by Administrator at 2015-01-28 20:24:03 Run:1
Running from C:\Users\Larry\Desktop\Potential virus stuff\Bleeping Computer\FRST
Loaded Profiles: Larry & Administrator (Available profiles: Larry & lrmar_000 & Administrator & DefaultAppPool)
Boot Mode: Normal

==============================================

Content of fixlist:
*****************
C:\ProgramData\D8F7E80667.sysHKLM\...\Run: [] => [X]S3 cpuz135; \??\C:\Users\Larry\AppData\Local\Temp\cpuz135\cpuz135_x32.sys
[X]
S1 ESProtectionDriver; \??\C:\Program Files\Malwarebytes Anti-Exploit\mbae.sys [X]
S3 EUBAKUP0; \??\C:\WINDOWS\system32\drivers\EUBAKUP0.sys [X]
S3 EUBKMON0; \??\C:\WINDOWS\system32\drivers\EUBKMON0.sys [X]
S3 EUFDDISK0; \??\C:\WINDOWS\system32\drivers\EUFDDISK0.sys [X]EmptyTemp:

*****************

"C:\ProgramData\D8F7E80667.sysHKLM\...\Run: [] => [X]S3 cpuz135; \??\C:\Users\Larry\AppData\Local\Temp\cpuz135\cpuz135_x32.sys" => File/Directory not found.
[X] => Error: No automatic fix found for this entry.
ESProtectionDriver => Service deleted successfully.
EUBAKUP0 => Service deleted successfully.
EUBKMON0 => Service deleted successfully.
EUFDDISK0 => Service deleted successfully.

==== End of Fixlog 20:24:03 ====



#6 shelf life

shelf life

  • Malware Response Team
  • 2,657 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:@localhost
  • Local time:08:49 PM

Posted 28 January 2015 - 09:56 PM

Whoops. didnt format correctly and those are ok:  Lets restore those items from quarantine:

Open notepad. Please copy/paste the contents of the code box below into notepad

 

Save it on the Desktop as fixlist.txt. In the same folder as FRST.exe is located.

 

Run FRST again like before except this time: press the Fix button just once and wait.

The tool will make a log on the desktop (Fixlog.txt) please post it to your reply.

RestoreQuarantine: C:\FRST\Quarantine

How Can I Reduce My Risk to Malware?


#7 lrmarker

lrmarker
  • Topic Starter

  • Members
  • 23 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:06:49 PM

Posted 28 January 2015 - 10:48 PM

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x86) Version: 28-01-2015 01
Ran by Administrator at 2015-01-28 21:46:04 Run:2
Running from C:\Users\Larry\Desktop\Potential virus stuff\Bleeping Computer\FRST
Loaded Profiles: Larry & Administrator (Available profiles: Larry & lrmar_000 & Administrator & DefaultAppPool)
Boot Mode: Normal

==============================================

Content of fixlist:
*****************
RestoreQuarantine: C:\FRST\Quarantine

*****************

RestoreQuarantine: C:\FRST\Quarantine=> Restoring from Quarantine completed.

==== End of Fixlog 21:46:04 ====

#8 shelf life

shelf life

  • Malware Response Team
  • 2,657 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:@localhost
  • Local time:08:49 PM

Posted 29 January 2015 - 05:26 PM

Ok great. Sorry for the delay. We will use FRST again:

 

Open notepad. Please copy/paste the contents of the code box below into notepad

2013-05-20 10:24 - 2013-05-20 10:24 - 0000008 __RSH () C:\ProgramData\D8F7E80667.sys
EmptyTemp:

Save it on the Desktop as fixlist.txt. In the same folder as FRST.exe is located.

Run FRST again like before except this time: press the Fix button just once and wait.

 

The tool will make a log on the desktop (Fixlog.txt) please post it to your reply. Looknig better on your end now?


How Can I Reduce My Risk to Malware?


#9 lrmarker

lrmarker
  • Topic Starter

  • Members
  • 23 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:06:49 PM

Posted 29 January 2015 - 06:25 PM

Here is the FRST Fixlog.

 

The problem still remains.

 

Also,

 

The following programs are supposed to load at startup but are not appearing in the tray and do not appear in Task Manager/Users/Larry:

 

DU Meter -- Service is running, but the icon is not in the trey

 

Logitech Setpoint -- no evidence of it running.  Mouse button mapping is not working

 

MirageAB -- does not appear to be running

 

FloatLED -- is not running

 

--------------------------------------------------------------------------------------

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x86) Version: 28-01-2015 01
Ran by Larry at 2015-01-29 16:58:33 Run:3
Running from C:\Users\Larry\Desktop\Potential virus stuff\Bleeping Computer\FRST
Loaded Profiles: Larry & Administrator (Available profiles: Larry & lrmar_000 & Administrator & DefaultAppPool)
Boot Mode: Normal

==============================================

Content of fixlist:
*****************
2013-05-20 10:24 - 2013-05-20 10:24 - 0000008 __RSH () C:\ProgramData\D8F7E80667.sys
EmptyTemp:
*****************

C:\ProgramData\D8F7E80667.sys => Moved successfully.
EmptyTemp: => Removed 15.1 GB temporary data.

The system needed a reboot.

==== End of Fixlog 17:12:24 ====


Edited by lrmarker, 29 January 2015 - 07:39 PM.


#10 shelf life

shelf life

  • Malware Response Team
  • 2,657 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:@localhost
  • Local time:08:49 PM

Posted 29 January 2015 - 07:58 PM

Those are new problems?


How Can I Reduce My Risk to Malware?


#11 lrmarker

lrmarker
  • Topic Starter

  • Members
  • 23 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:06:49 PM

Posted 29 January 2015 - 08:30 PM

I'm not positive when MirageAB stopped working, but for sure the other three stopped working after
the last FRST run and its subsequent reboot.

I tried manually launching DU Meter and Setpoint, and they seemed to work fine. However a subsequent
reboot returned them to the failed state described above. I suspect a reinstall would fix them, but I
won't try that until you tell me to.

#12 shelf life

shelf life

  • Malware Response Team
  • 2,657 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:@localhost
  • Local time:08:49 PM

Posted 29 January 2015 - 09:20 PM

All FRST removed was C:\ProgramData\D8F7E80667.sys and 15.1GB of Temporary data. I doubt they where running out of a temp directory.

 Rescan with FRST like you did originally and post a new log.

I wont be back on line for 15-16hrs or so.

 


How Can I Reduce My Risk to Malware?


#13 lrmarker

lrmarker
  • Topic Starter

  • Members
  • 23 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:06:49 PM

Posted 30 January 2015 - 02:01 PM

Odd -- today DU Meter and Float LED are loading with startup and are running correctly. SetPoint loads at startup and runs but every few minutes I get a Visual C++ runtime error that SetPoint request an unusual shutdown. Error dialog attached. When I click OK, SetPoint restarts but the error recurs a few minutes later. This behavior survives a reboot. MirageAB is not running.

New FRST Scan results below and attached.

>>>>>> I can't seem to upload files today. When I click the Choose Files button, it animates, but then nothing happens. So, I will paste the contents of Addition.txt at the bottom. Since I can't upload the error message, I'll describe it.

Dialog Title: Microsoft Visual C++ Runtime Library
Content:
Runtime Error!
Program: C:\Program Files/Logitech/SetPoint.exe
This application has requested the Runtime to terminate in an unusual way.
Please contact the application's support team for more information.
End of Content

------------------------------------------------------------------------
Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 28-01-2015 01
Ran by Administrator (administrator) on LARRYS-PC on 30-01-2015 12:41:13
Running from C:\Users\Larry\Desktop\Potential virus stuff\Bleeping Computer\FRST
Loaded Profiles: Larry & Administrator (Available profiles: Larry & lrmar_000 & Administrator & DefaultAppPool)
Platform: Microsoft Windows 8.1 Pro (X86) OS Language: English (United States)
Internet Explorer Version 11 (Default browser: IE)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Logitech Inc.) C:\Program Files\Common Files\logishrd\LVMVFM\UMVPFSrv.exe
(Microsoft Corporation) C:\Windows\System32\audiodg.exe
(Acronis) C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Microsoft Corporation) C:\Program Files\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe
(Microsoft Corporation) C:\Program Files\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe
(Hagel Technologies Ltd.) C:\Program Files\DU Meter\DUMeterSvc.exe
(Microsoft Corporation) C:\Windows\System32\dasHost.exe
(Intel® Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
() C:\Program Files\Common Files\Appkeys\yytool.exe
(Microsoft Corporation) C:\Windows\System32\mqsvc.exe
(Microsoft Corporation) C:\Program Files\Microsoft SQL Server\MSSQL10_50.ESHA\MSSQL\Binn\sqlservr.exe
(Symantec Corporation) C:\Program Files\Norton Internet Security\Engine\21.6.0.32\nis.exe
(Interactive Brands Inc.) C:\Program Files\PDF Suite 2015\HelperService.exe
(Interactive Brands Inc.) C:\Program Files\PDF Suite 2015\ConversionService.exe
(Cyber Power Systems, Inc.) C:\Program Files\CyberPower PowerPanel Personal Edition\ppped.exe
(Protexis Inc.) C:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe
(Microsoft Corporation) C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
(VIA Technologies, Inc.) C:\Windows\System32\ViakaraokeSrv.exe
(Western Digital Technologies, Inc.) C:\Program Files\Western Digital\WD Drive Manager\WDDriveService.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
(Symantec Corporation) C:\Program Files\Norton Internet Security\Engine\21.6.0.32\nis.exe
(Google Inc.) C:\Program Files\Google\Update\1.3.25.11\GoogleCrashHandler.exe
(IvoSoft) C:\Program Files\Classic Shell\ClassicStartMenu.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Acronis) C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe
(Acronis International GmbH) C:\Program Files\Common Files\Acronis\TibMounter\TibMounterMonitor.exe
(www.stone-oakvalley-studios.com) C:\Program Files\FloatLED\FloatLED.exe
(VIA) C:\Program Files\VIA\VIAudioi\VDeck\VDeck.exe
(Hewlett-Packard) C:\Program Files\HP\HP Software Update\hpwuschd2.exe
(Logitech Inc.) C:\Program Files\Logitech\LWS\Webcam Software\LWS.exe
() C:\Program Files\Logitech\LWS\Webcam Software\CameraHelperShell.exe
(Cyber Power Systems, Inc.) C:\Program Files\CyberPower PowerPanel Personal Edition\pppeuser.exe
(Acronis) C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe
(Microsoft Corporation) C:\Program Files\EMET 4.1\EMET_Agent.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Update Core\NvBackend.exe
(Logitech, Inc.) C:\Program Files\Logitech\SetPointP\SetPoint.exe
(CyberLink) C:\Program Files\CyberLink\Power2Go8\CLMLSvc_P2G8.exe
(Logitech, Inc.) C:\Program Files\Common Files\logishrd\KHAL3\KHALMNPR.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office\Office14\MSOSYNC.EXE
(AWS Convergence Technologies, Inc.) C:\Program Files\AWS\WeatherBug\Weather.exe
(Hewlett-Packard Co.) C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
(Dropbox, Inc.) C:\Users\Larry\AppData\Roaming\Dropbox\bin\Dropbox.exe
(FSL - Freesoftland) C:\Program Files\FSL\IconRestorer\IconRestorer.exe
() C:\Program Files\ShellFolderFix\ShellFolderFixUI.exe
(Hagel Technologies Ltd.) C:\Program Files\DU Meter\DUMeter.exe
(Hewlett-Packard Co.) C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe
(Hewlett-Packard Co.) C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe
(Hewlett-Packard) C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe
(Intuit Inc.) C:\Program Files\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe
(Intel Corporation) C:\Program Files\Intel\Intel® Management Engine Components\DAL\Jhi_service.exe
(Intel Corporation) C:\Program Files\Intel\Intel® Management Engine Components\LMS\LMS.exe
(Acronis) C:\Program Files\Common Files\Acronis\SyncAgent\syncagentsrv.exe
(Nero AG) C:\Program Files\Nero\Update\NASvc.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [Acronis Scheduler2 Service] => C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe [379672 2013-07-18] (Acronis)
HKLM\...\Run: [AcronisTibMounterMonitor] => C:\Program Files\Common Files\Acronis\TibMounter\TibMounterMonitor.exe [1102192 2013-10-10] (Acronis International GmbH)
HKLM\...\Run: [Adobe ARM] => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1022152 2014-12-19] (Adobe Systems Incorporated)
HKLM\...\Run: [BCSSync] => C:\Program Files\Microsoft Office\Office14\BCSSync.exe [89184 2012-11-05] (Microsoft Corporation)
HKLM\...\Run: [FloatLED] => C:\Program Files\FloatLED\FloatLED.exe [138240 2012-01-10] (www.stone-oakvalley-studios.com)
HKLM\...\Run: [Greenshot] => C:\Program Files\Greenshot\Greenshot.exe [499712 2013-05-20] (Greenshot)
HKLM\...\Run: [HDAudDeck] => C:\Program Files\VIA\VIAudioi\VDeck\VDeck.exe [3837552 2012-01-12] (VIA)
HKLM\...\Run: [HP Software Update] => C:\Program Files\HP\HP Software Update\HPWuSchd2.exe [49208 2011-10-28] (Hewlett-Packard)
HKLM\...\Run: [LWS] => C:\Program Files\Logitech\LWS\Webcam Software\LWS.exe [204136 2012-09-12] (Logitech Inc.)
HKLM\...\Run: [PowerPanel Personal Edition User Interaction] => C:\Program Files\CyberPower PowerPanel Personal Edition\pppeuser.exe [353728 2011-06-17] (Cyber Power Systems, Inc.)
HKLM\...\Run: [TrueImageMonitor.exe] => C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe [7805936 2014-02-04] (Acronis)
HKLM\...\Run: [] => [X]
HKLM\...\Run: [EaseUs Watch] => C:\Program Files\EaseUS\Todo Backup\bin\EuWatch.exe [70728 2013-09-04] (CHENGDU YIWO Tech Development Co., Ltd)
HKLM\...\Run: [EaseUs Tray] => C:\Program Files\EaseUS\Todo Backup\bin\TrayNotify.exe [1372232 2013-09-04] (CHENGDU YIWO Tech Development Co., Ltd)
HKLM\...\Run: [EMET 4.1 Agent] => C:\Program Files\EMET 4.1\EMET_agent.exe [78992 2013-11-21] (Microsoft Corporation)
HKLM\...\Run: [NvBackend] => C:\Program Files\NVIDIA Corporation\Update Core\NvBackend.exe [1797064 2014-03-20] (NVIDIA Corporation)
HKLM\...\Run: [Classic Start Menu] => C:\Program Files\Classic Shell\ClassicStartMenu.exe [150208 2014-04-20] (IvoSoft)
HKLM\...\Run: [EvtMgr6] => C:\Program Files\Logitech\SetPointP\SetPoint.exe [2296600 2013-07-31] (Logitech, Inc.)
HKLM\...\Run: [Malwarebytes Anti-Exploit] => C:\Program Files\Malwarebytes Anti-Exploit\mbae.exe
HKLM\...\Run: [CLMLServer_For_P2G8] => C:\Program Files\CyberLink\Power2Go8\CLMLSvc_P2G8.exe [111576 2013-08-05] (CyberLink)
HKLM\...\Run: [CLVirtualDrive] => C:\Program Files\CyberLink\Power2Go8\VirtualDrive.exe [490760 2013-08-19] (CyberLink Corp.)
HKLM\...\Run: [PowerDVD14Agent] => C:\Program Files\CyberLink\PowerDVD14\PowerDVD14Agent.exe [795672 2014-11-06] (CyberLink Corp.)
HKLM\...\RunOnce: [EasyTuneVI] => C:\Program Files\GIGABYTE\ET6\ETCall.exe [40960 2012-07-09] ()
Winlogon\Notify\GoToAssist: C:\Program Files\Citrix\GoToAssist\917\G2AWinLogon.dll (Citrix Online, a division of Citrix Systems, Inc.)
Winlogon\Notify\LBTWlgn: c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll (Logitech, Inc.)
HKU\S-1-5-21-758451956-1520791384-1717137910-1000\...\Run: [DU Meter] => C:\Program Files\DU Meter\DUMeter.exe [2325976 2014-11-13] (Hagel Technologies Ltd.)
HKU\S-1-5-21-758451956-1520791384-1717137910-1000\...\Run: [Mirage Anti-Bot] => C:\Misc_Programs\MirageAB\MirageAB.exe [3087360 2013-02-09] (PhrozenSoft.com)
HKU\S-1-5-21-758451956-1520791384-1717137910-1000\...\Run: [OfficeSyncProcess] => C:\Program Files\Microsoft Office\Office14\MSOSYNC.EXE [720064 2014-10-14] (Microsoft Corporation)
HKU\S-1-5-21-758451956-1520791384-1717137910-1000\...\Run: [Weather] => C:\Program Files\AWS\WeatherBug\Weather.exe [1653760 2013-06-05] (AWS Convergence Technologies, Inc.)
HKU\S-1-5-21-758451956-1520791384-1717137910-1000\...\Run: [ISUSPM Startup] => C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe [221184 2005-02-17] (InstallShield Software Corporation)
HKU\S-1-5-21-758451956-1520791384-1717137910-1000\...\Run: [Amazon Music] => C:\Users\Larry\AppData\Local\Amazon Music\Amazon Music Helper.exe [6281024 2014-10-14] ()
HKU\S-1-5-21-758451956-1520791384-1717137910-1000\...\Policies\Explorer: [HideSCABattery] 1
HKU\S-1-5-21-758451956-1520791384-1717137910-1000\...\Policies\Explorer: [NoCloseDragDropBands] 0
HKU\S-1-5-21-758451956-1520791384-1717137910-1000\...\Policies\Explorer: [NoLowDiskSpaceChecks] 1
HKU\S-1-5-21-758451956-1520791384-1717137910-1000\...\Policies\Explorer: [NoSearchCommInStartMenu] 1
HKU\S-1-5-21-758451956-1520791384-1717137910-1000\...\Policies\Explorer: [NoSearchInternetInStartMenu] 1
HKU\S-1-5-21-758451956-1520791384-1717137910-1000\...\Policies\Explorer: [NoStartMenuMFUprogramsList] 0
HKU\S-1-5-21-758451956-1520791384-1717137910-1000\...\Policies\Explorer: [NoStartMenuMorePrograms] 0
HKU\S-1-5-21-758451956-1520791384-1717137910-1000\...\Policies\Explorer: [NoStartMenuMyGames] 1
HKU\S-1-5-21-758451956-1520791384-1717137910-1000\...\Policies\Explorer: [NoStartMenuMyMusic] 0
HKU\S-1-5-21-758451956-1520791384-1717137910-1000\...\Policies\Explorer: [NoStartMenuPinnedList] 0
HKU\S-1-5-21-758451956-1520791384-1717137910-1000\...\Policies\Explorer: [NoUserFolderInStartMenu] 0
HKU\S-1-5-21-758451956-1520791384-1717137910-500\...\Run: [DU Meter] => C:\Program Files\DU Meter\DUMeter.exe [2325976 2014-11-13] (Hagel Technologies Ltd.)
HKU\S-1-5-21-758451956-1520791384-1717137910-500\...\Run: [Mirage Anti-Bot] => C:\Misc_Programs\MirageAB\MirageAB.exe [3087360 2013-02-09] (PhrozenSoft.com)
HKU\S-1-5-21-758451956-1520791384-1717137910-500\...\Run: [swg] => C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [39408 2013-10-23] (Google Inc.)
HKU\S-1-5-21-758451956-1520791384-1717137910-500\...\Run: [Power2GoExpress8] => C:\Program Files\CyberLink\Power2Go8\Power2GoExpress8.exe [1713416 2013-08-19] (CyberLink Corp.)
HKU\S-1-5-21-758451956-1520791384-1717137910-500\...\RunOnce: [Report] => \AdwCleaner\AdwCleaner[S0].txt [9201 2015-01-28] ()
HKU\S-1-5-21-758451956-1520791384-1717137910-500\...\Policies\Explorer: [NoAutoTrayNotify] 1
Startup: C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\NB11 Plus.lnk
ShortcutTarget: NB11 Plus.lnk -> C:\Program Files\NutriBase\NB11Plus.exe ()
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
ShortcutTarget: HP Digital Imaging Monitor.lnk -> C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe (Hewlett-Packard Co.)
Startup: C:\Users\Larry\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk -> C:\Users\Administrator\AppData\Roaming\Dropbox\bin\Dropbox.exe (No File)
Startup: C:\Users\Larry\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\IconRestorer.lnk
ShortcutTarget: IconRestorer.lnk -> C:\Program Files\FSL\IconRestorer\IconRestorer.exe (FSL - Freesoftland)
Startup: C:\Users\Larry\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ShellFolderFix.lnk
ShortcutTarget: ShellFolderFix.lnk -> C:\Program Files\ShellFolderFix\ShellFolderFixUI.exe ()
ShellIconOverlayIdentifiers: [AcronisSyncError] -> {934BC6C0-FEC2-4df5-A100-961DE2C8A0ED} => C:\Program Files\Acronis\TrueImageHome\tishell.dll ()
ShellIconOverlayIdentifiers: [AcronisSyncInProgress] -> {00F848DC-B1D4-4892-9C25-CAADC86A215D} => C:\Program Files\Acronis\TrueImageHome\tishell.dll ()
ShellIconOverlayIdentifiers: [AcronisSyncOk] -> {71573297-552E-46fc-BE3D-3DFAF88D47B7} => C:\Program Files\Acronis\TrueImageHome\tishell.dll ()
ShellIconOverlayIdentifiers: [DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => No File
ShellIconOverlayIdentifiers: [DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => No File
ShellIconOverlayIdentifiers: [DropboxExt3] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => No File
ShellIconOverlayIdentifiers: [ShareOverlay] -> {594D4122-1F87-41E2-96C7-825FB4796516} => C:\Program Files\Classic Shell\ClassicExplorer32.dll (IvoSoft)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.com
HKU\S-1-5-21-758451956-1520791384-1717137910-1000\Software\Microsoft\Internet Explorer\Main,Start Page = http://abcnews.go.com/
HKU\S-1-5-21-758451956-1520791384-1717137910-1000\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/?ocid=iehp
HKU\S-1-5-21-758451956-1520791384-1717137910-500\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.com/?gws_rd=ssl
HKU\S-1-5-21-758451956-1520791384-1717137910-500\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-758451956-1520791384-1717137910-1000 -> {AFBCB7E0-F91A-4951-9F31-58FEE57A25C4} URL = http://nortonsafe.search.ask.com/web?q={SEARCHTERMS}&o=APN10506&l=dis&prt=NIS&chn=retail&geo=US&ver=20&locale=en_US&gct=kwd&qsrc=2869
BHO: ExplorerBHO Class -> {449D0D6E-2412-4E61-B68F-1CB625CD9E52} -> C:\Program Files\Classic Shell\ClassicExplorer32.dll (IvoSoft)
BHO: Norton Identity Protection -> {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} -> C:\Program Files\Norton Internet Security\Engine\21.6.0.32\coIEPlg.dll (Symantec Corporation)
BHO: Norton Vulnerability Protection -> {6D53EC84-6AAE-4787-AEEE-F4628F01010C} -> C:\Program Files\Norton Internet Security\Engine\21.6.0.32\IPS\IPSBHO.DLL (Symantec Corporation)
BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
BHO: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_31\bin\ssv.dll (Oracle Corporation)
BHO: PDF Suite 2015 Helper -> {990FB160-376C-4AA7-BC28-D5CF1B4DA8B9} -> C:\Program Files\PDF Suite 2015\PDFIEHelper.dll (Interactive Brands Inc.)
BHO: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
BHO: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Microsoft Corporation)
BHO: Logitech SetPoint -> {AF949550-9094-4807-95EC-D1C317803333} -> C:\Program Files\Logitech\SetPointP\SetPointSmooth.dll (Logitech, Inc.)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_31\bin\jp2ssv.dll (Oracle Corporation)
BHO: ClassicIEBHO Class -> {EA801577-E6AD-4BD5-8F71-4BE0154331A4} -> C:\Program Files\Classic Shell\ClassicIEDLL_32.dll (IvoSoft)
Toolbar: HKLM - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton Internet Security\Engine\21.6.0.32\coIEPlg.dll (Symantec Corporation)
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
Toolbar: HKLM - Classic Explorer Bar - {553891B7-A0D5-4526-BE18-D3CE461D6310} - C:\Program Files\Classic Shell\ClassicExplorer32.dll (IvoSoft)
Toolbar: HKLM - PDF Suite 2015 Toolbar - {267E0B0F-6EC6-4E97-AEA4-5D96B8B22957} - C:\Program Files\PDF Suite 2015\PDFIEPlugin.dll (Interactive Brands Inc.)
Toolbar: HKU\S-1-5-21-758451956-1520791384-1717137910-1000 -> Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
Toolbar: HKU\S-1-5-21-758451956-1520791384-1717137910-1000 -> Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton Internet Security\Engine\21.6.0.32\coIEPlg.dll (Symantec Corporation)
Toolbar: HKU\S-1-5-21-758451956-1520791384-1717137910-500 -> Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
Toolbar: HKU\S-1-5-21-758451956-1520791384-1717137910-500 -> Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton Internet Security\Engine\21.6.0.32\coIEPlg.dll (Symantec Corporation)
DPF: {0D6709DD-4ED8-40CA-B459-2757AEEF7BEE} http://download.gigabyte.com.tw/object/Dldrv.ocx
DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab
DPF: {FB298ECE-4D17-414A-A5E8-FABC938796B2} http://homecareparts.electroluxusa.com/_bin/AWSDrawingViewer.cab
Handler: belarc - {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - C:\Program Files\Belarc\Advisor\System\BAVoilaX.dll (Belarc, Inc.)
Handler: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Microsoft Corporation)
Winsock: Catalog5 07 C:\Program Files\Bonjour\mdnsNSP.dll [121704] (Apple Inc.)
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.1.254

FireFox:
========
FF ProfilePath: C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\9ymcphlr.default-1407863738633
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF32_16_0_0_296.dll ()
FF Plugin: @glance.net/GlanceClient -> C:\Program Files\Glance29\npglance.dll (Glance Networks, Inc.)
FF Plugin: @Google.com/GoogleEarthPlugin -> C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin: @intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.5 -> C:\Program Files\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
FF Plugin: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
FF Plugin: @java.com/DTPlugin,version=11.31.2 -> C:\Program Files\Java\jre1.8.0_31\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.31.2 -> C:\Program Files\Java\jre1.8.0_31\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin: @microsoft.com/VirtualEarth3D,version=4.0 -> C:\Program Files\Virtual Earth 3D\ ()
FF Plugin: @Nero.com/KM -> C:\PROGRA~1\COMMON~1\Nero\BROWSE~1\NPBROW~1.DLL (Nero AG)
FF Plugin: @nvidia.com/3DVision -> C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF Plugin: @nvidia.com/3DVisionStreaming -> C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @videolan.org/vlc,version=2.1.0 -> C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Extension: Skype Click to Call - C:\Program Files\Mozilla Firefox\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}.xpi [2015-01-28]
FF HKLM\...\Firefox\Extensions: [{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_21.0.2.1\coFFPlgn
FF Extension: Norton Toolbar - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_21.0.2.1\coFFPlgn [2015-01-30]
FF HKLM\...\Firefox\Extensions: [{F003DA68-8256-4b37-A6C4-350FA04494DF}] - C:\Program Files\Logitech\SetPointP\LogiSmoothFirefoxExt
FF Extension: Logitech SetPoint - C:\Program Files\Logitech\SetPointP\LogiSmoothFirefoxExt [2014-06-25]
FF HKLM\...\Firefox\Extensions: [FFPDFConverter2015@ib.com] - C:\Program Files\PDF Suite 2015\firefoxextension2015
FF Extension: PDF Suite 2015 Converter For Firefox - C:\Program Files\PDF Suite 2015\firefoxextension2015 [2014-11-26]

Chrome:
=======
CHR Profile: C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Docs) - C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2013-10-23]
CHR Extension: (Google Drive) - C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2013-10-23]
CHR Extension: (YouTube) - C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2013-10-23]
CHR Extension: (Google Search) - C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2013-10-23]
CHR Extension: (Skype Click to Call) - C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl [2013-10-23]
CHR Extension: (Chrome In-App Payments service) - C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-10-23]
CHR Extension: (Gmail) - C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2013-10-23]
CHR HKLM\...\Chrome\Extension: [iikflkcanblccfahdhdonehdalibjnif] - No Path
CHR HKLM\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files\Skype\Toolbars\ChromeExtension\skype_chrome_extension.crx [2014-07-14]
CHR HKLM\...\Chrome\Extension: [mkfokfffehpeedafpekjeddnmnjhmcmk] - C:\Program Files\Norton Internet Security\Engine\21.6.0.32\Exts\Chrome.crx [2014-10-02]

========================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 AcrSch2Svc; C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe [777016 2013-07-18] (Acronis)
S4 afcdpsrv; C:\Program Files\Common Files\Acronis\CDP\afcdpsrv.exe [3873784 2014-05-20] (Acronis)
S3 AppleChargerSrv; C:\WINDOWS\System32\AppleChargerSrv.exe [31272 2010-04-06] ()
S4 becldr3Service; C:\Program Files\BCL Technologies\easyConverter SDK 3\Common\becldr.exe [225280 2013-07-03] () [File not signed]
S3 BthHFSrv; C:\WINDOWS\System32\BthHFSrv.dll [250880 2014-10-28] (Microsoft Corporation)
R2 c2cautoupdatesvc; C:\Program Files\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [1390176 2014-07-14] (Microsoft Corporation)
R2 c2cpnrsvc; C:\Program Files\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [1767520 2014-07-14] (Microsoft Corporation)
R2 DUMeterSvc; C:\Program Files\DU Meter\DUMeterSvc.exe [1385272 2014-11-13] (Hagel Technologies Ltd.)
S4 EaseUS Agent; C:\Program Files\EaseUS\Todo Backup\bin\Agent.exe [36936 2013-12-02] (CHENGDU YIWO Tech Development Co., Ltd) [File not signed]
S4 GoToAssist; C:\Program Files\Citrix\GoToAssist\917\g2aservice.exe [308568 2014-05-13] (Citrix Online, a division of Citrix Systems, Inc.)
S4 Guard Agent; C:\Program Files\EaseUS\Todo Backup\bin\GuardAgent.exe [23624 2013-09-04] (CHENGDU YIWO Tech Development Co., Ltd) [File not signed]
R2 HPSLPSVC; C:\Program Files\HP\Digital Imaging\bin\HPSLPSVC32.DLL [696320 2011-08-18] (Hewlett-Packard Co.) [File not signed]
S3 ICCS; C:\Program Files\Intel\Intel® Integrated Clock Controller Service\ICCProxy.exe [160256 2011-08-30] (Intel Corporation) [File not signed]
S3 IDriverT; C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [69632 2005-04-03] (Macrovision Corporation) [File not signed]
R2 Intel® Capability Licensing Service Interface; C:\Program Files\Intel\iCLS Client\HeciServer.exe [595968 2013-08-27] (Intel® Corporation) [File not signed]
S3 Intel® Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [642520 2013-08-27] (Intel® Corporation)
R2 jhi_service; C:\Program Files\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [169432 2013-09-16] (Intel Corporation)
R2 Leawo_service; C:\Program Files\Common Files\Appkeys\yytool.exe [934384 2014-07-21] ()
S3 MBAMScheduler; C:\Program Files\Malwarebytes Anti-Malware\mbamscheduler.exe [1871160 2014-11-21] (Malwarebytes Corporation)
S3 MBAMService; C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe [969016 2014-11-21] (Malwarebytes Corporation)
R2 MSMQ; C:\WINDOWS\system32\mqsvc.exe [25088 2013-10-23] (Microsoft Corporation)
R2 MSSQL$ESHA; C:\Program Files\Microsoft SQL Server\MSSQL10_50.ESHA\MSSQL\Binn\sqlservr.exe [43128496 2014-07-10] (Microsoft Corporation)
R2 NAUpdate; C:\Program Files\Nero\Update\NASvc.exe [786256 2014-07-14] (Nero AG)
R2 Net Driver HPZ12; C:\Windows\system32\HPZinw12.dll [44032 2010-08-06] (Hewlett-Packard) [File not signed]
R2 NIS; C:\Program Files\Norton Internet Security\Engine\21.6.0.32\NIS.exe [276376 2014-09-21] (Symantec Corporation)
S2 OS Selector; C:\Program Files\Acronis\DiskDirector\OSS\reinstall_svc.exe [2139400 2011-11-15] ()
R2 PDF Suite 2015 Helper Service; C:\Program Files\PDF Suite 2015\HelperService.exe [1144184 2014-10-09] (Interactive Brands Inc.)
R2 PDF Suite 2015 Service; C:\Program Files\PDF Suite 2015\ConversionService.exe [853368 2014-10-09] (Interactive Brands Inc.)
R2 Pml Driver HPZ12; C:\Windows\system32\HPZipm12.dll [53760 2010-08-06] (Hewlett-Packard) [File not signed]
R2 ppped; C:\Program Files\CyberPower PowerPanel Personal Edition\ppped.exe [1000896 2011-06-17] (Cyber Power Systems, Inc.)
S3 ScDeviceEnum; C:\WINDOWS\System32\ScDeviceEnum.dll [103936 2014-10-28] (Microsoft Corporation)
S4 SQLAgent$ESHA; C:\Program Files\Microsoft SQL Server\MSSQL10_50.ESHA\MSSQL\Binn\SQLAGENT.EXE [381104 2014-07-10] (Microsoft Corporation)
R2 syncagentsrv; C:\Program Files\Common Files\Acronis\SyncAgent\syncagentsrv.exe [7142320 2014-02-04] (Acronis)
R2 UMVPFSrv; C:\Program Files\Common Files\logishrd\LVMVFM\UMVPFSrv.exe [428640 2011-03-03] (Logitech Inc.)
R2 VIAKaraokeService; C:\WINDOWS\system32\viakaraokesrv.exe [27760 2012-01-10] (VIA Technologies, Inc.)
S3 w3logsvc; C:\WINDOWS\system32\inetsrv\w3logsvc.dll [66560 2014-07-02] (Microsoft Corporation)
S4 WDBackup; C:\Program Files\Western Digital\WD SmartWare\WDBackupEngine.exe [1042808 2013-06-19] (Western Digital Technologies, Inc.)
R2 WDDriveService; C:\Program Files\Western Digital\WD Drive Manager\WDDriveService.exe [270192 2013-06-19] (Western Digital Technologies, Inc.)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [288128 2014-09-21] (Microsoft Corporation)
S3 WEPHOSTSVC; C:\WINDOWS\system32\wephostsvc.dll [20992 2014-10-28] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [22192 2014-09-21] (Microsoft Corporation)
S3 workfolderssvc; C:\WINDOWS\system32\workfolderssvc.dll [1269248 2014-10-28] (Microsoft Corporation)
S4 rpcapd; "%ProgramFiles%\WinPcap\rpcapd.exe" -d -f "%ProgramFiles%\WinPcap\rpcapd.ini" [X]
S4 vToolbarUpdater17.0.1; C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\17.0.1\ToolbarUpdater.exe [X]

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R1 AppleCharger; C:\WINDOWS\System32\DRIVERS\AppleCharger.sys [19056 2011-11-02] ()
R1 avgtp; C:\Windows\system32\drivers\avgtpx86.sys [37664 2013-09-30] (AVG Technologies)
R1 BasicRender; C:\WINDOWS\System32\drivers\BasicRender.sys [25600 2014-02-22] (Microsoft Corporation)
R1 BHDrvx86; C:\Program Files\Norton Internet Security\NortonData\21.0.2.1\Definitions\BASHDefs\20150106.001\BHDrvx86.sys [1164504 2015-01-06] (Symantec Corporation)
R1 ccSet_NIS; C:\WINDOWS\system32\drivers\NIS\1506000.020\ccSetx86.sys [127064 2013-09-25] (Symantec Corporation)
R1 CLVirtualDrive; C:\WINDOWS\system32\DRIVERS\CLVirtualDrive.sys [74816 2013-03-05] (CyberLink)
R3 CompFilter; C:\WINDOWS\System32\drivers\lvbusflt.sys [21096 2012-10-26] (Logitech Inc.)
S3 DUMeterDrv; C:\Program Files\DU Meter\DUMETR32.SYS [19720 2014-11-13] (Hagel Technologies Ltd.)
R1 eeCtrl; C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys [378672 2014-12-26] (Symantec Corporation)
R3 EraserUtilRebootDrv; C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [111408 2014-12-26] (Symantec Corporation)
S3 etdrv; C:\Windows\etdrv.sys [17488 2014-01-21] (Windows ® 2000 DDK provider)
R0 EUBAKUP; C:\WINDOWS\System32\drivers\eubakup.sys [51784 2013-09-04] (CHENGDU YIWO Tech Development Co., Ltd) [File not signed]
R0 EUBKMON; C:\WINDOWS\System32\drivers\EUBKMON.sys [41544 2013-09-04] () [File not signed]
R1 EUDSKACS; C:\Windows\system32\drivers\eudskacs.sys [15944 2013-09-04] (CHENGDU YIWO Tech Development Co., Ltd) [File not signed]
R1 EUFDDISK; C:\Windows\system32\drivers\EuFdDisk.sys [186952 2013-09-04] (CHENGDU YIWO Tech Development Co., Ltd) [File not signed]
S3 gdrv; C:\Windows\gdrv.sys [17488 2015-01-23] (Windows ® 2000 DDK provider)
R1 glancedrv; C:\WINDOWS\system32\DRIVERS\glancedrv.sys [34080 2009-05-13] (Glance Networks, Inc)
S3 GPIO; C:\WINDOWS\System32\drivers\iaiogpio.sys [22016 2013-07-23] (Intel Corporation)
S3 GVTDrv; C:\WINDOWS\system32\Drivers\GVTDrv.sys [24944 2015-01-23] ()
R1 IDSVix86; C:\Program Files\Norton Internet Security\NortonData\21.0.2.1\Definitions\IPSDefs\20150129.001\IDSvix86.sys [503000 2015-01-13] (Symantec Corporation)
S3 iusb3hub; C:\WINDOWS\System32\DRIVERS\iusb3hub.sys [348440 2012-01-27] (Intel Corporation)
S3 iusb3xhc; C:\WINDOWS\System32\DRIVERS\iusb3xhc.sys [791832 2012-01-27] (Intel Corporation)
R3 L1C; C:\WINDOWS\system32\DRIVERS\L1C63x86.sys [111304 2013-07-17] (Qualcomm Atheros Co., Ltd.)
R3 LEqdUsb; C:\WINDOWS\System32\Drivers\LEqdUsb.Sys [42264 2014-03-18] (Logitech, Inc.)
R3 LHidEqd; C:\WINDOWS\System32\Drivers\LHidEqd.Sys [10136 2014-03-18] (Logitech, Inc.)
S3 MBAMProtector; C:\WINDOWS\system32\drivers\mbam.sys [23256 2014-11-21] (Malwarebytes Corporation)
S3 MBAMWebAccessControl; C:\WINDOWS\system32\drivers\mwac.sys [51928 2014-11-21] (Malwarebytes Corporation)
R3 MEI; C:\WINDOWS\system32\DRIVERS\TeeDriver.sys [85464 2013-09-16] (Intel Corporation)
R3 MQAC; C:\WINDOWS\System32\drivers\mqac.sys [131072 2013-10-23] (Microsoft Corporation)
R3 NAVENG; C:\Program Files\Norton Internet Security\NortonData\21.0.2.1\Definitions\VirusDefs\20150129.033\NAVENG.SYS [95704 2015-01-20] (Symantec Corporation)
R3 NAVEX15; C:\Program Files\Norton Internet Security\NortonData\21.0.2.1\Definitions\VirusDefs\20150129.033\NAVEX15.SYS [1636696 2015-01-20] (Symantec Corporation)
R2 NPF; C:\WINDOWS\System32\drivers\npf.sys [36600 2013-02-28] (Riverbed Technology, Inc.)
S3 pwdrvio; C:\Windows\system32\pwdrvio.sys [15688 2013-09-30] ()
S3 pwdspio; C:\Windows\system32\pwdspio.sys [10320 2013-09-30] ()
S4 RsFx0153; C:\WINDOWS\System32\DRIVERS\RsFx0153.sys [250160 2014-07-10] (Microsoft Corporation)
R3 SRTSP; C:\WINDOWS\System32\Drivers\NIS\1506000.020\SRTSP.SYS [664792 2014-08-25] (Symantec Corporation)
R1 SRTSPX; C:\WINDOWS\system32\drivers\NIS\1506000.020\SRTSPX.SYS [32984 2014-08-25] (Symantec Corporation)
R0 SymDS; C:\WINDOWS\System32\drivers\NIS\1506000.020\SYMDS.SYS [367704 2013-07-31] (Symantec Corporation)
R0 SymEFA; C:\WINDOWS\System32\drivers\NIS\1506000.020\SYMEFA.SYS [936152 2014-03-03] (Symantec Corporation)
S4 SymELAM; C:\WINDOWS\system32\drivers\NIS\1506000.020\SYMELAM.SYS [21520 2013-07-31] (Symantec Corporation)
R3 SymEvent; C:\Windows\system32\Drivers\SYMEVENT.SYS [142936 2013-10-05] (Symantec Corporation)
R1 SymIRON; C:\WINDOWS\system32\drivers\NIS\1506000.020\Ironx86.SYS [209624 2014-08-06] (Symantec Corporation)
R1 SymNetS; C:\WINDOWS\System32\Drivers\NIS\1506000.020\SYMNETS.SYS [447704 2014-02-17] (Symantec Corporation)
S3 tdrpman; C:\WINDOWS\system32\DRIVERS\tdrpman.sys [889888 2014-05-20] (Acronis International GmbH)
R0 tib; C:\WINDOWS\System32\DRIVERS\tib.sys [736192 2013-05-16] (Acronis International GmbH)
R0 tib_mounter; C:\WINDOWS\System32\DRIVERS\tib_mounter.sys [143648 2014-05-20] (Acronis International GmbH)
R3 VIAHdAudAddService; C:\WINDOWS\system32\drivers\viahduaa.sys [1822832 2012-01-10] (VIA Technologies, Inc.)
S3 WdNisDrv; C:\WINDOWS\System32\Drivers\WdNisDrv.sys [84800 2014-09-21] (Microsoft Corporation)
R0 Wof; C:\WINDOWS\system32\Drivers\Wof.sys [138584 2014-03-13] (Microsoft Corporation)
S3 cpuz135; \??\C:\Users\Larry\AppData\Local\Temp\cpuz135\cpuz135_x32.sys [X]
U3 idsvc; No ImagePath
U2 UxSms; No ImagePath

==================== NetSvcs (Whitelisted) ===================


(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-01-28 19:29 - 2015-01-28 19:29 - 00001037 _____ () C:\Users\Administrator\Desktop\JRT.txt
2015-01-28 19:27 - 2015-01-28 19:27 - 00000000 ____D () C:\WINDOWS\ERUNT
2015-01-28 18:58 - 2015-01-28 19:18 - 00000000 ____D () C:\AdwCleaner
2015-01-28 17:57 - 2015-01-28 17:57 - 00000000 ____D () C:\Program Files\Mozilla Firefox
2015-01-26 12:42 - 2015-01-30 12:41 - 00000000 ____D () C:\FRST
2015-01-25 13:17 - 2015-01-26 12:27 - 00000000 ____D () C:\Users\Larry\Desktop\Potential virus stuff
2015-01-24 22:03 - 2015-01-24 22:30 - 00000000 ____D () C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2015-01-24 22:02 - 2015-01-24 22:30 - 00000000 ____D () C:\Users\Administrator\Desktop\mbar
2015-01-24 21:47 - 2015-01-24 21:48 - 00001842 _____ () C:\Users\Administrator\Desktop\Rkill.txt
2015-01-23 19:06 - 2015-01-23 19:06 - 00000704 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Legacy 8.0.lnk
2015-01-23 19:06 - 2015-01-23 19:06 - 00000000 ____D () C:\Users\Larry\Documents\Legacy Family Tree
2015-01-23 19:06 - 2015-01-23 19:06 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Legacy 8.0
2015-01-23 19:06 - 2015-01-23 19:06 - 00000000 ____D () C:\Program Files\Legacy8
2015-01-23 19:06 - 2011-03-02 20:54 - 00886776 _____ (Codejock Software) C:\WINDOWS\system32\Codejock.TaskPanel.v15.0.2.ocx
2015-01-23 19:06 - 2011-03-02 20:53 - 02660344 _____ (Codejock Software) C:\WINDOWS\system32\Codejock.CommandBars.v15.0.2.ocx
2015-01-23 19:06 - 2011-03-02 20:53 - 01882104 _____ (Codejock Software) C:\WINDOWS\system32\Codejock.Controls.v15.0.2.ocx
2015-01-23 19:06 - 2011-03-02 20:53 - 01374200 _____ (Codejock Software) C:\WINDOWS\system32\Codejock.ReportControl.v15.0.2.ocx
2015-01-23 19:06 - 2011-03-02 20:53 - 00825336 _____ (Codejock Software) C:\WINDOWS\system32\Codejock.DockingPane.v15.0.2.ocx
2015-01-23 19:06 - 2011-03-02 20:53 - 00501752 _____ (Codejock Software) C:\WINDOWS\system32\Codejock.ShortcutBar.v15.0.2.ocx
2015-01-23 19:06 - 2007-11-07 19:03 - 00496384 _____ (Xceed Software Inc (450) 442-2626 support@xceedsoft.com www.xceedsoft.com) C:\WINDOWS\system32\XceedZip.dll
2015-01-23 19:06 - 2005-08-09 17:14 - 00458752 _____ (ComponentOne) C:\WINDOWS\system32\vsprint8.ocx
2015-01-23 19:06 - 2005-08-09 17:14 - 00262144 _____ (ComponentOne ) C:\WINDOWS\system32\vspdf8.ocx
2015-01-23 19:06 - 2004-11-23 16:59 - 00184320 _____ (CIA, The Company) C:\WINDOWS\system32\ciaXPButton30.ocx
2015-01-23 19:06 - 2004-11-19 01:45 - 00200704 _____ (CIA, The company) C:\WINDOWS\system32\ciaSCls20.dll
2015-01-23 19:06 - 2004-03-09 01:00 - 01010720 _____ (Microsoft Corporation) C:\WINDOWS\system32\MSCHRT20.OCX
2015-01-23 19:06 - 2003-12-12 16:41 - 00053248 _____ (CIA, The Company) C:\WINDOWS\system32\ciaXPRegSvr20.dll
2015-01-23 19:06 - 2003-02-19 01:11 - 00065536 _____ (Larcom and Young) C:\WINDOWS\system32\ReSize32.ocx
2015-01-23 19:06 - 2002-02-12 16:24 - 00169216 _____ (Wintertree Software Inc.) C:\WINDOWS\system32\WSpell.ocx
2015-01-23 19:06 - 2000-12-06 09:59 - 00832448 _____ (APEX Software Corporation) C:\WINDOWS\system32\tdbg6.ocx
2015-01-23 19:06 - 2000-05-22 00:00 - 00647872 _____ (Microsoft Corporation) C:\WINDOWS\system32\MSCOMCT2.OCX
2015-01-23 19:06 - 2000-05-22 00:00 - 00203976 _____ (Microsoft Corporation) C:\WINDOWS\system32\RICHTX32.OCX
2015-01-23 19:06 - 2000-05-21 23:00 - 00115920 _____ (Microsoft Corporation) C:\WINDOWS\system32\MSINET.OCX
2015-01-23 19:06 - 1999-11-23 10:01 - 00276992 _____ (LEAD Technologies, Inc.) C:\WINDOWS\system32\LFCMP11n.DLL
2015-01-23 19:06 - 1999-11-22 13:58 - 00751104 _____ (LEAD Technologies, Inc.) C:\WINDOWS\system32\ltocx11n.ocx
2015-01-23 19:06 - 1999-11-22 13:52 - 00172544 _____ (LEAD Technologies, Inc.) C:\WINDOWS\system32\Lfpng11n.dll
2015-01-23 19:06 - 1999-11-22 13:52 - 00151040 _____ (LEAD Technologies, Inc.) C:\WINDOWS\system32\lftif11n.dll
2015-01-23 19:06 - 1999-11-22 13:52 - 00080896 _____ (LEAD Technologies, Inc.) C:\WINDOWS\system32\lffax11n.dll
2015-01-23 19:06 - 1999-11-22 13:52 - 00059392 _____ (LEAD Technologies, Inc.) C:\WINDOWS\system32\lfwmf11n.dll
2015-01-23 19:06 - 1999-11-22 13:52 - 00041472 _____ (LEAD Technologies, Inc.) C:\WINDOWS\system32\lfgif11n.dll
2015-01-23 19:06 - 1999-11-22 13:52 - 00036864 _____ (LEAD Technologies, Inc.) C:\WINDOWS\system32\lfbmp11n.dll
2015-01-23 19:06 - 1999-11-22 13:52 - 00035328 _____ (LEAD Technologies, Inc.) C:\WINDOWS\system32\lfcal11n.dll
2015-01-23 19:06 - 1999-11-22 13:52 - 00032768 _____ (LEAD Technologies, Inc.) C:\WINDOWS\system32\lfpcx11n.dll
2015-01-23 19:06 - 1999-11-22 13:52 - 00031232 _____ (LEAD Technologies, Inc.) C:\WINDOWS\system32\lfeps11n.dll
2015-01-23 19:06 - 1999-11-22 13:52 - 00027648 _____ (LEAD Technologies, Inc.) C:\WINDOWS\system32\lfwpg11n.dll
2015-01-23 19:06 - 1999-11-22 13:52 - 00027648 _____ (LEAD Technologies, Inc.) C:\WINDOWS\system32\lftga11n.dll
2015-01-23 19:06 - 1999-11-22 13:52 - 00027136 _____ (LEAD Technologies, Inc.) C:\WINDOWS\system32\lfimg11n.dll
2015-01-23 19:06 - 1999-11-22 13:52 - 00026112 _____ (LEAD Technologies, Inc.) C:\WINDOWS\system32\lfpcd11n.dll
2015-01-23 19:06 - 1999-11-22 13:52 - 00026112 _____ (LEAD Technologies, Inc.) C:\WINDOWS\system32\lfmsp11n.dll
2015-01-23 19:06 - 1999-11-22 13:51 - 00262144 _____ (LEAD Technologies, Inc.) C:\WINDOWS\system32\LTDIS11n.dll
2015-01-23 19:06 - 1999-11-22 13:51 - 00226816 _____ (LEAD Technologies, Inc.) C:\WINDOWS\system32\ltefx11n.dll
2015-01-23 19:06 - 1999-11-22 13:51 - 00127488 _____ (LEAD Technologies, Inc.) C:\WINDOWS\system32\ltimg11n.dll
2015-01-23 19:06 - 1999-11-22 13:51 - 00118272 _____ (LEAD Technologies, Inc.) C:\WINDOWS\system32\ltfil11n.DLL
2015-01-23 19:06 - 1999-11-22 13:51 - 00038400 _____ (LEAD Technologies, Inc.) C:\WINDOWS\system32\lttwn11n.dll
2015-01-23 19:06 - 1999-11-22 13:50 - 00391168 _____ (LEAD Technologies, Inc.) C:\WINDOWS\system32\ltkrn11n.dll
2015-01-23 19:06 - 1999-11-22 13:49 - 00045936 _____ (LEAD Technologies, Inc.) C:\WINDOWS\system32\ltvdd11w.drv
2015-01-23 19:06 - 1999-11-22 13:49 - 00003824 _____ (LEAD Technologies, Inc.) C:\WINDOWS\system32\ltthk11w.dll
2015-01-23 19:06 - 1999-09-17 11:14 - 00065536 _____ (Sheridan Software Systems, Inc) C:\WINDOWS\system32\ssfm1032.dll
2015-01-23 19:06 - 1999-07-01 13:17 - 00237568 _____ (VideoSoft) C:\WINDOWS\system32\Vsocx6.ocx
2015-01-23 19:06 - 1999-05-07 00:00 - 00198640 _____ (Microsoft Corporation) C:\WINDOWS\system32\MCI32.OCX
2015-01-23 19:06 - 1998-09-11 09:14 - 00021504 _____ () C:\WINDOWS\system32\WBCustomizer.dll
2015-01-23 19:06 - 1998-06-18 00:00 - 00089360 _____ (Microsoft Corporation) C:\WINDOWS\system32\VB5DB.dll
2015-01-23 19:06 - 1995-07-31 11:44 - 00212480 _____ (Eastman Kodak) C:\WINDOWS\system32\PCDLIB32.DLL
2015-01-23 11:47 - 2015-01-23 11:47 - 00000000 ____D () C:\Program Files\Common Files\Java
2015-01-22 20:19 - 2015-01-22 20:19 - 00001121 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2015-01-22 20:19 - 2015-01-22 20:19 - 00001121 _____ () C:\ProgramData\Desktop\Malwarebytes Anti-Malware.lnk
2015-01-22 20:15 - 2015-01-22 20:15 - 00001625 _____ () C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Resource Monitor.lnk
2015-01-22 20:10 - 2015-01-22 20:10 - 00000000 ____D () C:\Users\Administrator\AppData\Roaming\CyberLink
2015-01-22 20:10 - 2015-01-22 20:10 - 00000000 ____D () C:\Users\Administrator\AppData\Local\Power2Go8
2015-01-22 19:55 - 2015-01-22 19:55 - 00001234 _____ () C:\Users\Larry\Desktop\iecv.exe.lnk
2015-01-22 18:16 - 2015-01-22 18:16 - 00002029 _____ () C:\Users\Public\Desktop\UltraEdit.lnk
2015-01-22 18:16 - 2015-01-22 18:16 - 00002029 _____ () C:\ProgramData\Desktop\UltraEdit.lnk
2015-01-22 18:16 - 2015-01-22 18:16 - 00000000 ____D () C:\Users\Larry\AppData\Roaming\IDMComp
2015-01-22 18:16 - 2015-01-22 18:16 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\UltraEdit
2015-01-22 18:16 - 2015-01-22 18:16 - 00000000 ____D () C:\Program Files\IDM Computer Solutions
2015-01-14 18:19 - 2015-01-14 18:19 - 00000120 _____ () C:\WINDOWS\QUICKEN.INI
2015-01-14 18:19 - 2015-01-14 18:19 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Quicken 2015
2015-01-14 18:19 - 2014-09-29 23:45 - 07280344 _____ (Amyuni Technologies http://www.amyuni.com) C:\WINDOWS\system32\cdintf500.dll
2015-01-14 13:46 - 2015-01-14 13:46 - 00000000 ____D () C:\Users\Larry\Desktop\Quicken How-to Notes
2015-01-14 13:12 - 2014-11-17 14:23 - 00529352 _____ (Microsoft Corporation) C:\WINDOWS\system32\MDMAgent.exe
2015-01-14 13:12 - 2014-11-17 14:23 - 00224168 _____ (Microsoft Corporation) C:\WINDOWS\system32\SystemSettingsAdminFlows.exe
2015-01-14 13:12 - 2014-11-15 13:05 - 00801584 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfplat.dll
2015-01-14 13:12 - 2014-11-14 12:11 - 00048504 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuauclt.exe
2015-01-14 13:12 - 2014-11-13 23:05 - 02947584 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuaueng.dll
2015-01-14 13:12 - 2014-11-13 23:04 - 00084992 _____ (Microsoft Corporation) C:\WINDOWS\system32\SystemSettingsDatabase.dll
2015-01-14 13:12 - 2014-11-13 23:04 - 00029696 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuapp.exe
2015-01-14 13:12 - 2014-11-13 23:03 - 00885760 _____ (Microsoft Corporation) C:\WINDOWS\system32\MFMediaEngine.dll
2015-01-14 13:12 - 2014-11-13 23:03 - 00124928 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuwebv.dll
2015-01-14 13:12 - 2014-11-13 23:01 - 00723968 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuapi.dll
2015-01-14 13:12 - 2014-11-13 23:01 - 00366592 _____ (Microsoft Corporation) C:\WINDOWS\system32\SystemSettings.Handlers.dll
2015-01-14 13:12 - 2014-11-13 23:01 - 00332800 _____ (Microsoft Corporation) C:\WINDOWS\system32\WUSettingsProvider.dll
2015-01-14 13:12 - 2014-11-13 23:01 - 00081920 _____ (Microsoft Corporation) C:\WINDOWS\system32\wudriver.dll
2015-01-14 13:12 - 2014-11-13 22:57 - 01653248 _____ (Microsoft Corporation) C:\WINDOWS\system32\wucltux.dll
2015-01-14 13:12 - 2014-11-13 22:55 - 01619968 _____ (Microsoft Corporation) C:\WINDOWS\system32\SystemSettingsAdminFlowUI.dll
2015-01-14 13:12 - 2014-11-13 22:53 - 00790528 _____ (Microsoft Corporation) C:\WINDOWS\system32\MrmCoreR.dll
2015-01-14 13:12 - 2014-11-13 22:51 - 02241024 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsHandlers.dll
2015-01-14 13:12 - 2014-11-10 18:17 - 19731824 _____ (Microsoft Corporation) C:\WINDOWS\system32\shell32.dll
2015-01-14 13:12 - 2014-11-10 11:47 - 01856320 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\tcpip.sys
2015-01-14 13:12 - 2014-11-10 11:47 - 00335168 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\netio.sys
2015-01-14 13:12 - 2014-11-10 11:47 - 00286528 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\FWPKCLNT.SYS
2015-01-14 13:12 - 2014-11-10 11:47 - 00069440 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\wfplwfs.sys
2015-01-14 13:12 - 2014-11-09 20:14 - 00077312 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\agilevpn.sys
2015-01-14 13:12 - 2014-11-09 19:15 - 00569856 _____ (Microsoft Corporation) C:\WINDOWS\system32\BFE.DLL
2015-01-14 13:12 - 2014-11-09 19:10 - 00734208 _____ (Microsoft Corporation) C:\WINDOWS\system32\IKEEXT.DLL
2015-01-14 13:12 - 2014-11-09 19:09 - 00272384 _____ (Microsoft Corporation) C:\WINDOWS\system32\FWPUCLNT.DLL
2015-01-14 13:12 - 2014-11-09 19:04 - 00328192 _____ (Microsoft Corporation) C:\WINDOWS\system32\vpnike.dll
2015-01-14 13:12 - 2014-11-09 18:57 - 00624640 _____ (Microsoft Corporation) C:\WINDOWS\system32\rasapi32.dll
2015-01-14 13:12 - 2014-11-09 18:57 - 00561664 _____ (Microsoft Corporation) C:\WINDOWS\system32\nshwfp.dll
2015-01-14 13:12 - 2014-11-08 04:23 - 01127976 _____ (Microsoft Corporation) C:\WINDOWS\system32\msctf.dll
2015-01-14 13:12 - 2014-11-07 21:17 - 00020480 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ndistapi.sys
2015-01-14 13:12 - 2014-11-07 21:15 - 00082432 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\rasl2tp.sys
2015-01-14 13:12 - 2014-11-07 21:15 - 00066048 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\wanarp.sys
2015-01-14 13:12 - 2014-11-07 21:13 - 00039424 _____ (Microsoft Corporation) C:\WINDOWS\system32\kmddsp.tsp
2015-01-14 13:12 - 2014-11-07 21:13 - 00033280 _____ (Microsoft Corporation) C:\WINDOWS\system32\rasmxs.dll
2015-01-14 13:12 - 2014-11-07 21:13 - 00022528 _____ (Microsoft Corporation) C:\WINDOWS\system32\rasser.dll
2015-01-14 13:12 - 2014-11-07 20:48 - 00061440 _____ (Microsoft Corporation) C:\WINDOWS\system32\rasdiag.dll
2015-01-14 13:12 - 2014-11-07 20:17 - 00143360 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppxAllUserStore.dll
2015-01-14 13:12 - 2014-11-07 19:59 - 00162304 _____ (Microsoft Corporation) C:\WINDOWS\system32\rascfg.dll
2015-01-14 13:12 - 2014-11-07 19:56 - 00595456 _____ (Microsoft Corporation) C:\WINDOWS\system32\SkyDriveTelemetry.dll
2015-01-14 13:12 - 2014-11-07 19:52 - 03999232 _____ (Microsoft Corporation) C:\WINDOWS\system32\SyncEngine.dll
2015-01-14 13:12 - 2014-11-07 19:45 - 00897536 _____ (Microsoft Corporation) C:\WINDOWS\system32\SkyDrive.exe
2015-01-14 13:12 - 2014-11-06 21:20 - 00786120 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfmp4srcsnk.dll
2015-01-14 13:12 - 2014-11-04 19:39 - 00155648 _____ (Microsoft Corporation) C:\WINDOWS\system32\QSHVHOST.DLL
2015-01-14 13:12 - 2014-11-04 19:39 - 00094208 _____ (Microsoft Corporation) C:\WINDOWS\system32\QSVRMGMT.DLL
2015-01-14 13:12 - 2014-11-04 19:33 - 00465408 _____ (Microsoft Corporation) C:\WINDOWS\system32\DevicePairing.dll
2015-01-14 13:12 - 2014-11-04 19:20 - 00498688 _____ (Microsoft Corporation) C:\WINDOWS\system32\dnsapi.dll
2015-01-14 13:12 - 2014-11-04 19:20 - 00187904 _____ (Microsoft Corporation) C:\WINDOWS\system32\dnsrslvr.dll
2015-01-14 13:12 - 2014-11-04 19:18 - 00507392 _____ (Microsoft Corporation) C:\WINDOWS\system32\untfs.dll
2015-01-14 13:12 - 2014-11-04 19:06 - 00555520 _____ (Microsoft Corporation) C:\WINDOWS\system32\WSDApi.dll
2015-01-14 13:12 - 2014-11-04 19:02 - 00265728 _____ (Microsoft Corporation) C:\WINDOWS\system32\WSDMon.dll
2015-01-14 13:12 - 2014-11-04 13:28 - 00051520 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dam.sys
2015-01-14 13:12 - 2014-11-04 13:22 - 00045888 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\kbdclass.sys
2015-01-14 13:12 - 2014-11-04 13:22 - 00041792 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mouclass.sys
2015-01-14 13:12 - 2014-11-03 23:03 - 00083456 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\i8042prt.sys
2015-01-14 13:12 - 2014-11-03 23:03 - 00023552 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\kbdhid.sys
2015-01-14 13:12 - 2014-11-03 23:03 - 00022528 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mouhid.sys
2015-01-14 13:12 - 2014-11-03 23:03 - 00019968 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\sermouse.sys
2015-01-14 13:12 - 2014-11-03 22:41 - 00112128 _____ (Microsoft Corporation) C:\WINDOWS\splwow64.exe
2015-01-14 13:12 - 2014-11-03 21:44 - 00559616 _____ (Microsoft Corporation) C:\WINDOWS\system32\spoolsv.exe
2015-01-14 13:12 - 2014-10-30 18:10 - 15158784 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Xaml.dll
2015-01-14 13:12 - 2014-10-30 00:02 - 01468408 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntdll.dll
2015-01-14 13:12 - 2014-10-29 23:59 - 05769024 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe
2015-01-14 13:12 - 2014-10-28 20:22 - 00410944 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\vhdmp.sys
2015-01-14 13:12 - 2014-10-28 19:13 - 00169984 _____ (Microsoft Corporation) C:\WINDOWS\system32\WinSCard.dll
2015-01-14 13:12 - 2014-10-26 16:10 - 00390841 _____ () C:\WINDOWS\system32\ApnDatabase.xml
2015-01-14 13:12 - 2014-10-20 19:19 - 00015360 _____ (Microsoft Corporation) C:\WINDOWS\system32\eventcls.dll
2015-01-14 13:12 - 2014-10-20 18:31 - 00055296 _____ (Microsoft Corporation) C:\WINDOWS\system32\vsstrace.dll
2015-01-14 13:12 - 2014-10-20 18:20 - 01142272 _____ (Microsoft Corporation) C:\WINDOWS\system32\vssapi.dll
2015-01-14 13:12 - 2014-10-20 18:19 - 00987136 _____ (Microsoft Corporation) C:\WINDOWS\system32\VSSVC.exe
2015-01-14 13:12 - 2014-10-16 21:15 - 00199488 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\sdbus.sys
2015-01-14 13:12 - 2014-10-16 21:15 - 00131392 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dumpsd.sys
2015-01-14 13:12 - 2014-10-16 21:15 - 00036160 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\intelpep.sys
2015-01-14 13:12 - 2014-10-16 21:01 - 00076096 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\pdc.sys
2015-01-14 13:12 - 2014-04-15 17:35 - 00028352 _____ (Microsoft Corporation) C:\WINDOWS\system32\aspnet_counters.dll
2015-01-14 10:52 - 2015-01-14 10:52 - 00000000 ____D () C:\Users\Administrator\AppData\Local\Intuit_Inc
2015-01-14 10:49 - 2015-01-14 10:49 - 53313536 _____ () C:\Users\Administrator\Desktop\93CHECKW-2015-01-14.QDF-backup
2015-01-14 10:41 - 2015-01-14 10:41 - 00000000 ____D () C:\Users\Administrator\AppData\Local\Intuit
2015-01-14 08:25 - 2014-12-18 23:46 - 00124928 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mrxdav.sys
2015-01-14 08:25 - 2014-12-11 19:34 - 00074240 _____ (Microsoft Corporation) C:\WINDOWS\system32\TSWbPrxy.exe
2015-01-14 08:25 - 2014-12-11 18:46 - 00061952 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ahcache.sys
2015-01-14 08:25 - 2014-12-08 21:42 - 00187904 _____ (Microsoft Corporation) C:\WINDOWS\system32\profsvc.dll
2015-01-14 08:25 - 2014-12-08 13:46 - 00485544 _____ (Microsoft Corporation) C:\WINDOWS\system32\ci.dll
2015-01-14 08:25 - 2014-12-08 13:46 - 00108944 _____ (Microsoft Corporation) C:\WINDOWS\system32\EncDump.dll
2015-01-14 08:25 - 2014-12-08 13:42 - 00448792 _____ (Microsoft Corporation) C:\WINDOWS\system32\wer.dll
2015-01-14 08:25 - 2014-12-08 13:42 - 00372408 _____ (Microsoft Corporation) C:\WINDOWS\system32\Faultrep.dll
2015-01-14 08:25 - 2014-12-08 13:42 - 00033584 _____ (Microsoft Corporation) C:\WINDOWS\system32\WerFaultSecure.exe
2015-01-14 08:25 - 2014-12-05 20:36 - 00273408 _____ (Microsoft Corporation) C:\WINDOWS\system32\ncsi.dll
2015-01-14 08:25 - 2014-12-05 19:28 - 00314880 _____ (Microsoft Corporation) C:\WINDOWS\system32\nlasvc.dll
2015-01-14 08:25 - 2014-12-05 19:23 - 00194048 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioEndpointBuilder.dll
2015-01-12 12:56 - 2015-01-12 12:56 - 00000969 _____ () C:\Users\Larry\Desktop\Current Tax Backup.lnk
2015-01-12 11:43 - 2015-01-12 11:49 - 00000000 ____D () C:\Users\Larry\Desktop\RHRA claims
2015-01-11 17:38 - 2015-01-11 17:38 - 00000451 _____ () C:\Users\Larry\Desktop\Watch 1000 Years of European Borders Change In 3 Minutes.website
2015-01-08 13:04 - 2015-01-08 13:04 - 00002905 _____ () C:\Users\Public\Desktop\Nero 2015.lnk
2015-01-08 13:04 - 2015-01-08 13:04 - 00002905 _____ () C:\ProgramData\Desktop\Nero 2015.lnk
2015-01-08 13:02 - 2015-01-08 13:04 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Nero
2015-01-08 11:52 - 2015-01-08 11:53 - 00000000 ____D () C:\Users\Larry\AppData\Roaming\tiger-k
2015-01-08 11:52 - 2015-01-08 11:52 - 00000000 ____D () C:\Users\Larry\Documents\Leawo
2015-01-08 11:52 - 2015-01-08 11:52 - 00000000 ____D () C:\Users\Larry\AppData\Roaming\MenuTemplate
2015-01-08 11:52 - 2015-01-08 11:52 - 00000000 ____D () C:\Users\Larry\AppData\Roaming\Leawo
2015-01-08 11:39 - 2015-01-08 11:39 - 00000000 ____D () C:\Users\Larry\Documents\CyberLink
2015-01-07 21:52 - 2015-01-07 21:55 - 148100944 _____ () C:\Users\Larry\Documents\PowerDVD_14.0.4704.58_Patch_DVD140911-04.exe
2015-01-07 21:49 - 2015-01-07 21:49 - 00000000 ____D () C:\Users\Larry\AppData\Local\CyberLink
2015-01-07 21:48 - 2015-01-07 21:48 - 00002200 _____ () C:\Users\Public\Desktop\CyberLink PowerDVD 14.lnk
2015-01-07 21:48 - 2015-01-07 21:48 - 00002200 _____ () C:\ProgramData\Desktop\CyberLink PowerDVD 14.lnk
2015-01-07 21:48 - 2015-01-07 21:48 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CyberLink PowerDVD 14
2015-01-07 21:48 - 2015-01-07 21:48 - 00000000 ____D () C:\Users\Administrator\AppData\Local\CyberLink
2015-01-07 21:46 - 2015-01-07 21:58 - 00000000 ____D () C:\ProgramData\SUPPORTDIR
2015-01-07 20:44 - 2015-01-07 20:45 - 00000000 ____D () C:\Users\Administrator\AppData\Roaming\tiger-k
2015-01-07 20:44 - 2015-01-07 20:44 - 00001214 _____ () C:\Users\Public\Desktop\Leawo Blu-ray Copy.lnk
2015-01-07 20:44 - 2015-01-07 20:44 - 00001214 _____ () C:\ProgramData\Desktop\Leawo Blu-ray Copy.lnk
2015-01-07 20:44 - 2015-01-07 20:44 - 00000000 ____D () C:\Users\Administrator\Documents\Leawo
2015-01-07 20:44 - 2015-01-07 20:44 - 00000000 ____D () C:\Users\Administrator\AppData\Roaming\MenuTemplate
2015-01-07 20:44 - 2015-01-07 20:44 - 00000000 ____D () C:\Users\Administrator\AppData\Roaming\Leawo
2015-01-07 20:44 - 2015-01-07 20:44 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Leawo
2015-01-07 20:44 - 2012-01-10 10:18 - 00066944 _____ (TOSHIBA Corporation) C:\WINDOWS\system32\thdudf.sys
2015-01-07 20:44 - 2012-01-10 10:18 - 00066944 _____ (TOSHIBA Corporation) C:\WINDOWS\system32\Drivers\thdudf.sys
2015-01-07 20:43 - 2015-01-07 20:44 - 00000000 ____D () C:\ProgramData\Leawo
2015-01-07 20:43 - 2015-01-07 20:43 - 00000000 ____D () C:\Program Files\Leawo
2015-01-07 20:43 - 2015-01-07 20:43 - 00000000 ____D () C:\Program Files\Common Files\Appkeys
2015-01-07 20:43 - 2012-01-09 11:34 - 00606208 _____ (http://www.xvid.org) C:\WINDOWS\system32\xvidcore.dll
2015-01-07 20:43 - 2012-01-09 11:34 - 00139264 _____ (http://www.xvid.org) C:\WINDOWS\system32\xvid.ax
2015-01-07 20:41 - 2015-01-07 20:41 - 00000000 ____D () C:\Users\Larry\AppData\Local\Power2Go8
2015-01-07 20:27 - 2015-01-07 20:27 - 00000000 ____D () C:\Users\Public\CyberLink
2015-01-07 20:25 - 2015-01-07 21:50 - 00000000 ____D () C:\Users\Larry\AppData\Roaming\CyberLink
2015-01-07 20:25 - 2015-01-07 20:25 - 00000000 ____D () C:\Users\Public\Documents\CyberLink
2015-01-07 20:25 - 2015-01-07 20:25 - 00000000 ____D () C:\ProgramData\Documents\CyberLink
2015-01-07 20:19 - 2015-01-07 20:19 - 00002188 _____ () C:\Users\Public\Desktop\CyberLink Power2Go 8.lnk
2015-01-07 20:19 - 2015-01-07 20:19 - 00002188 _____ () C:\ProgramData\Desktop\CyberLink Power2Go 8.lnk
2015-01-07 20:19 - 2015-01-07 20:19 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CyberLink Power2Go 8
2015-01-07 20:19 - 2015-01-07 20:19 - 00000000 ____D () C:\Program Files\Common Files\CyberLink
2015-01-07 20:19 - 2013-03-05 12:02 - 00074816 _____ (CyberLink) C:\WINDOWS\system32\Drivers\CLVirtualDrive.sys
2015-01-07 20:13 - 2015-01-13 10:10 - 00000000 ____D () C:\ProgramData\CyberLink
2015-01-07 20:11 - 2015-01-07 21:47 - 00000000 ____D () C:\Program Files\CyberLink
2015-01-07 20:09 - 2015-01-07 20:27 - 00001948 _____ () C:\Users\Administrator\Desktop\ASUS E-Green.lnk
2015-01-07 20:08 - 2015-01-07 21:46 - 00000000 ____D () C:\ProgramData\install_clap
2015-01-07 19:44 - 2015-01-07 19:44 - 00000390 _____ () C:\Users\Larry\Desktop\Blu-Ray (V).lnk
2015-01-07 08:56 - 2015-01-07 08:56 - 00135248 _____ () C:\WINDOWS\Minidump\010715-47453-01.dmp
2015-01-04 12:55 - 2015-01-04 12:55 - 00000000 ____D () C:\Program Files\Glance29
2015-01-04 12:55 - 2009-05-13 10:56 - 00034080 _____ (Glance Networks, Inc) C:\WINDOWS\system32\Drivers\glancedrv.sys
2015-01-04 12:55 - 2009-05-13 10:56 - 00033824 _____ (Glance Networks, Inc) C:\WINDOWS\system32\glancedrv.dll

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-01-30 12:41 - 2013-05-17 09:44 - 00000000 ____D () C:\Users\Larry\AppData\Local\CrashDumps
2015-01-30 12:39 - 2013-05-19 17:53 - 00000000 ___RD () C:\Users\Larry\Dropbox
2015-01-30 12:39 - 2013-05-19 17:51 - 00000000 ____D () C:\Users\Larry\AppData\Roaming\Dropbox
2015-01-30 12:38 - 2013-10-23 13:02 - 01105485 _____ () C:\WINDOWS\WindowsUpdate.log
2015-01-30 12:37 - 2013-10-23 13:02 - 00000000 ____D () C:\ProgramData\NVIDIA
2015-01-30 12:37 - 2013-10-08 00:30 - 00000900 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore1cec3efd5583227.job
2015-01-30 12:37 - 2013-08-22 01:23 - 00483253 _____ () C:\WINDOWS\setupact.log
2015-01-30 12:37 - 2013-08-22 01:23 - 00000006 ____H () C:\WINDOWS\Tasks\SA.DAT
2015-01-30 12:37 - 2013-05-20 13:13 - 00000000 ____D () C:\Program Files\CyberPower PowerPanel Personal Edition
2015-01-30 12:36 - 2013-10-30 11:24 - 00000000 ____D () C:\Users\Larry\AppData\Roaming\ClassicShell
2015-01-30 12:15 - 2013-05-16 22:12 - 00000904 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2015-01-30 12:00 - 2013-08-22 02:17 - 00000000 ____D () C:\WINDOWS\system32\sru
2015-01-30 11:54 - 2013-11-13 15:54 - 00007644 _____ () C:\Users\Administrator\AppData\Local\Resmon.ResmonCfg
2015-01-30 11:49 - 2013-05-21 10:58 - 00000830 _____ () C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
2015-01-30 08:26 - 2014-11-26 13:05 - 00000000 ____D () C:\Program Files\PDF Suite 2015
2015-01-30 08:15 - 2013-08-22 02:17 - 00000000 ____D () C:\WINDOWS\Microsoft.NET
2015-01-29 23:24 - 2013-06-10 18:03 - 00000000 ____D () C:\Users\Larry\AppData\Roaming\MahJong Suite
2015-01-29 17:09 - 2014-03-25 10:49 - 00000000 ____D () C:\Program Files\EMET 4.1
2015-01-29 17:09 - 2013-05-21 12:44 - 00000000 ____D () C:\Program Files\DU Meter
2015-01-28 19:20 - 2013-09-29 21:50 - 00115982 _____ () C:\WINDOWS\PFRO.log
2015-01-28 18:48 - 2013-11-07 14:09 - 00000000 ____D () C:\Program Files\Mozilla Maintenance Service
2015-01-28 08:42 - 2012-07-26 00:43 - 00000000 ____D () C:\WINDOWS\CbsTemp
2015-01-27 13:31 - 2013-11-17 17:47 - 00000000 ____D () C:\Users\Administrator\AppData\Local\Adobe
2015-01-27 10:08 - 2013-08-22 02:17 - 00000000 ____D () C:\WINDOWS\AppReadiness
2015-01-27 10:08 - 2013-08-22 00:13 - 00262144 ___SH () C:\WINDOWS\system32\config\ELAM
2015-01-27 00:13 - 2013-08-22 00:13 - 00524288 ___SH () C:\WINDOWS\system32\config\BBI
2015-01-24 22:03 - 2014-04-01 13:55 - 00119512 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2015-01-24 22:02 - 2014-04-01 13:55 - 00082648 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbamchameleon.sys
2015-01-24 21:03 - 2013-10-23 13:03 - 01068716 _____ () C:\WINDOWS\system32\PerfStringBackup.INI
2015-01-24 14:20 - 2014-12-27 00:38 - 00714720 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerApp.exe
2015-01-24 14:20 - 2014-12-27 00:38 - 00106976 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerCPLApp.cpl
2015-01-23 19:06 - 2014-02-20 11:38 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ThumbsPlus
2015-01-23 11:51 - 2013-11-11 13:48 - 00000000 ____D () C:\Users\Administrator\AppData\Roaming\ClassicShell
2015-01-23 11:48 - 2014-05-16 20:19 - 00000000 ____D () C:\ProgramData\Oracle
2015-01-23 11:46 - 2014-10-14 16:31 - 00272296 _____ (Oracle Corporation) C:\WINDOWS\system32\javaws.exe
2015-01-23 11:46 - 2014-10-14 16:31 - 00176552 _____ (Oracle Corporation) C:\WINDOWS\system32\javaw.exe
2015-01-23 11:46 - 2014-10-14 16:31 - 00176552 _____ (Oracle Corporation) C:\WINDOWS\system32\java.exe
2015-01-23 11:46 - 2014-10-14 16:31 - 00096680 _____ (Oracle Corporation) C:\WINDOWS\system32\WindowsAccessBridge.dll
2015-01-23 11:46 - 2014-04-12 12:03 - 00000000 ____D () C:\Program Files\Java
2015-01-23 11:43 - 2014-05-03 13:13 - 00000004 _____ () C:\WINDOWS\system32\GVTunner.ref
2015-01-23 11:43 - 2013-05-16 18:24 - 00024944 _____ () C:\WINDOWS\system32\Drivers\GVTDrv.sys
2015-01-23 11:42 - 2013-05-16 18:23 - 00017488 _____ (Windows ® 2000 DDK provider) C:\WINDOWS\gdrv.sys
2015-01-23 09:17 - 2014-04-01 13:55 - 00000000 ____D () C:\Program Files\Malwarebytes Anti-Malware
2015-01-23 00:21 - 2012-07-26 00:53 - 00000000 ___HD () C:\WINDOWS\ELAMBKUP
2015-01-22 20:43 - 2013-08-22 02:17 - 00000000 ____D () C:\WINDOWS\System
2015-01-22 20:19 - 2014-04-01 13:55 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2015-01-22 19:32 - 2013-05-17 08:54 - 00000000 ____D () C:\Users\Larry\Desktop\Family
2015-01-22 18:17 - 2013-10-23 13:05 - 00000000 ____D () C:\Users\Larry
2015-01-18 16:00 - 2013-05-21 12:57 - 00000000 ____D () C:\ProgramData\TEMP
2015-01-14 13:58 - 2013-08-22 02:17 - 00000000 ____D () C:\WINDOWS\rescache
2015-01-14 13:32 - 2013-08-22 02:17 - 00000000 ___RD () C:\WINDOWS\ToastData
2015-01-14 13:32 - 2013-08-22 02:17 - 00000000 ___RD () C:\WINDOWS\ImmersiveControlPanel
2015-01-14 13:32 - 2013-08-22 02:17 - 00000000 ____D () C:\WINDOWS\system32\inetsrv
2015-01-14 13:11 - 2014-11-12 08:19 - 00025600 _____ (Microsoft Corporation) C:\WINDOWS\system32\wups.dll
2015-01-14 13:11 - 2014-11-12 08:19 - 00023552 _____ (Microsoft Corporation) C:\WINDOWS\system32\wups2.dll
2015-01-14 13:11 - 2014-11-12 08:19 - 00014848 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuaext.dll
2015-01-14 11:02 - 2013-09-30 19:27 - 00000000 ____D () C:\Users\Larry\AppData\Local\File Viewer
2015-01-14 09:20 - 2013-07-09 16:09 - 00000000 ____D () C:\WINDOWS\system32\MRT
2015-01-14 09:15 - 2013-05-16 23:06 - 110348472 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2015-01-11 11:45 - 2013-11-29 18:33 - 00219136 ___SH () C:\Users\Larry\Desktop\Thumbs.db
2015-01-09 14:46 - 2013-07-01 17:27 - 00000000 ____D () C:\Users\Larry\AppData\Local\WeatherBug
2015-01-08 13:19 - 2013-05-21 15:35 - 00000000 ____D () C:\Users\Larry\AppData\Roaming\Nero
2015-01-08 13:08 - 2013-05-21 14:33 - 00000000 ____D () C:\ProgramData\Nero
2015-01-08 13:04 - 2013-05-21 14:54 - 00000000 ____D () C:\Program Files\Nero
2015-01-08 13:04 - 2013-05-21 14:54 - 00000000 ____D () C:\Program Files\Common Files\Nero
2015-01-07 21:48 - 2013-05-16 18:10 - 00000000 ___HD () C:\Program Files\InstallShield Installation Information
2015-01-07 20:27 - 2013-08-22 00:21 - 00000000 ___RD () C:\Users\Public
2015-01-07 08:56 - 2014-04-18 20:36 - 00000000 ____D () C:\WINDOWS\Minidump
2015-01-06 10:34 - 2013-10-22 17:10 - 201899808 ____N () C:\WINDOWS\MEMORY.DMP
2015-01-04 13:45 - 2013-05-19 18:04 - 00000000 ____D () C:\Users\Larry\AppData\Roaming\FamilyTreeMaker
2015-01-04 12:55 - 2013-11-29 12:38 - 00000000 ____D () C:\Program Files\Family Tree Maker 2014
2015-01-03 11:59 - 2013-09-14 09:56 - 00000000 ____D () C:\Users\Larry\Desktop\genealogy resources

==================== Files in the root of some directories =======

2013-11-13 15:54 - 2015-01-30 11:54 - 0007644 _____ () C:\Users\Administrator\AppData\Local\Resmon.ResmonCfg
2013-05-19 15:58 - 2013-10-23 15:54 - 0014203 _____ () C:\ProgramData\hpzinstall.log
2013-05-20 10:24 - 2013-12-29 20:34 - 0002568 ___SH () C:\ProgramData\KGyGaAvL.sys
2013-05-21 15:50 - 2014-11-18 18:29 - 0001192 _____ () C:\ProgramData\Microsoft.SqlServer.Compact.400.32.bc

Some content of TEMP:
====================
C:\Users\Larry\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpjfg9zt.dll


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\wininit.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2015-01-30 08:15

==================== End Of Log ============================
----------------------------------------------------
Additional scan result of Farbar Recovery Scan Tool (x86) Version: 28-01-2015 01
Ran by Administrator at 2015-01-30 12:42:00
Running from C:\Users\Larry\Desktop\Potential virus stuff\Bleeping Computer\FRST
Boot Mode: Normal
==========================================================


==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: Norton Internet Security (Enabled - Up to date) {D87FA2C0-F526-77B1-D6EC-0EDF3936CEDB}
AS: Norton Internet Security (Enabled - Up to date) {631E4324-D31C-783F-EC5C-35AD42B18466}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: Norton Internet Security (Enabled) {E04423E5-BF49-76E9-FDB3-A7EAC7E589A0}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

@BIOS (HKLM\...\{B2DC3F08-2EB2-49A5-AA24-15DFC8B1CB83}) (Version: 2.28 - GIGABYTE)
100% Free Gin 7.42 (HKLM\...\FreeGin) (Version: 7.42 - DreamQuest)
32 Bit HP CIO Components Installer (Version: 7.1.8 - Hewlett-Packard) Hidden
Acronis True Image 2014 (HKLM\...\{6B38A7DF-F641-45D5-BBCA-3E676ABCF5C8}Visible) (Version: 17.0.6673 - Acronis)
Acronis True Image 2014 (Version: 17.0.6673 - Acronis) Hidden
Acronis Disk Director 11 Home (HKLM\...\{8EFB7927-48AD-4E6D-91B7-6B2BD6C3F380}) (Version: 11.0.2343 - Acronis)
Adobe Flash Player 16 NPAPI (HKLM\...\Adobe Flash Player NPAPI) (Version: 16.0.0.296 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.10) (HKLM\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.10 - Adobe Systems Incorporated)
AIO_Scan (Version: 130.0.421.000 - Hewlett-Packard) Hidden
Amazon Music (HKU\S-1-5-21-758451956-1520791384-1717137910-1000\...\Amazon Amazon Music) (Version: 3.6.0.671 - Amazon Services LLC)
Apple Application Support (HKLM\...\{83CAF0DE-8D3B-4C37-A631-2B8F16EC3031}) (Version: 3.1 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{235EBB33-3DA1-46DF-AADE-9955123409CB}) (Version: 8.0.5.6 - Apple Inc.)
Apple Software Update (HKLM\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
ASUS E-Green Uninstall (HKLM\...\EGREEN) (Version: - )
Atheros Communications Inc.® AR81Family Gigabit/Fast Ethernet Driver (HKLM\...\{3108C217-BE83-42E4-AE9E-A56A2A92E549}) (Version: 2.1.0.21 - Atheros Communications Inc.)
AutoGreen B12.0206.1 (HKLM\...\InstallShield_{C75FAD21-EC08-42F3-92D6-C9C0AB355345}) (Version: 1.00.0000 - GIGABYTE)
AutoGreen B12.0206.1 (Version: 1.00.0000 - GIGABYTE) Hidden
BCL easyConverter SDK 3 (Word Version) (HKLM\...\{A932ABFB-1AC4-4FBF-9954-B710CABE3482}) (Version: 3.0.64 - BCL Technologies)
Bing Maps 3D (HKLM\...\{2D87E961-577B-492B-AD54-1368680FB9A7}) (Version: 4.0.903.16005 - Microsoft Corporation)
Bonjour (HKLM\...\{79155F2B-9895-49D7-8612-D92580E0DE5B}) (Version: 3.0.0.10 - Apple Inc.)
BufferChm (Version: 140.0.298.000 - Hewlett-Packard) Hidden
C6200 (Version: 140.0.425.000 - Hewlett-Packard) Hidden
C6200_Help (Version: 100.0.206.000 - Hewlett-Packard) Hidden
CameraHelperMsi (Version: 13.51.815.0 - Logitech) Hidden
CCleaner (HKLM\...\CCleaner) (Version: 4.06 - Piriform)
Classic Shell (HKLM\...\{E0E49E80-19DE-43FE-BFF2-8C58DDF3C7F9}) (Version: 4.1.0 - IvoSoft)
CoffeeCup Direct FTP (HKLM\...\{88741A14-4C9D-469F-BA36-8FDF6037BB68}) (Version: 3.9.2015 - CoffeeCup Software Inc.)
CoffeeCup HTML Editor (HKU\S-1-5-21-758451956-1520791384-1717137910-1000\...\CoffeeCup HTML Editor) (Version: - )
Cook'n (HKLM\...\Cook'n) (Version: - )
Copy (Version: 140.0.298.000 - Hewlett-Packard) Hidden
Corel Paint Shop Pro Photo X2 (HKLM\...\{64E72FB1-2343-4977-B4A8-262CD53D0BD3}) (Version: 12.50.0001 - Corel Corporation)
CPUID HWMonitor 1.23 (HKLM\...\CPUID HWMonitor_is1) (Version: - )
Crystal Reports 9 Redistributables (HKLM\...\{9D571CDB-02AC-472D-8921-D2DBC4E64CE6}) (Version: 1.0.0 - ESHA Research)
CyberLink Power2Go 8 (HKLM\...\InstallShield_{2A87D48D-3FDF-41fd-97CD-A1E370EFFFE2}) (Version: 8.0.0.3215 - CyberLink Corp.)
CyberLink PowerDVD 14 (HKLM\...\{32C8E300-BDB4-4398-92C2-E9B7D8A233DB}) (Version: 14.0.4704.58 - CyberLink Corp.)
CyberPower PowerPanel Personal Edition 1.3.2 (HKLM\...\{6984B5E1-721C-4F8E-BF5A-ED5F45D90EB6}) (Version: 1.3.2 - Cyber Power Systems, Inc.)
Data Lifeguard Diagnostic for Windows 1.24 (HKLM\...\{519C4DB6-B53B-4F5C-8297-89B2BE949FA5}_is1) (Version: - Western Digital Corporation)
Destinations (Version: 140.0.253.000 - Hewlett-Packard) Hidden
DeviceDiscovery (Version: 140.0.298.000 - Hewlett-Packard) Hidden
DMIView Ver.1.5 B12.0314.1 (HKLM\...\{3EE1008C-11A1-4F4F-8DB7-27573924DE78}) (Version: 1.5 - GIGABYTE)
DocProc (Version: 140.0.185.000 - Hewlett-Packard) Hidden
Dropbox (HKU\S-1-5-21-758451956-1520791384-1717137910-1000\...\Dropbox) (Version: 3.0.3 - Dropbox, Inc.)
DU Meter (HKLM\...\DUMeter3_is1) (Version: 6.40 - Hagel Technologies Ltd.)
EaseUS Todo Backup Home 6.5 (HKLM\...\EaseUS Todo Backup Home 6.5 Trial_is1) (Version: 6.5 - CHENGDU YIWO Tech Development Co., Ltd)
Easy Tune 6 B12.1121.1 (HKLM\...\InstallShield_{457D7505-D665-4F95-91C3-ECB8C56E9ACA}) (Version: 1.00.0000 - GIGABYTE)
Easy Tune 6 B12.1121.1 (Version: 1.00.0000 - GIGABYTE) Hidden
EasyBCD 2.2 (HKLM\...\EasyBCD) (Version: 2.2 - NeoSmart Technologies)
EMET 4.1 (HKLM\...\{65BC2BDA-D828-4596-99E4-A8799C45C84C}) (Version: 4.1 - Microsoft Corporation)
EnhanceMy8 (HKLM\...\EnhanceMy8_is1) (Version: - SeriousBit)
eReg (Version: 1.20.138.34 - Logitech, Inc.) Hidden
Eudora (HKLM\...\{D1CF4746-3775-4C58-80BB-4566BF936C00}) (Version: 7.0 - )
Family Tree Maker 2014 (HKLM\...\Family Tree Maker 2014) (Version: 22.0.207 - Ancestry.com, Inc.)
Family Tree Maker 2014 (Version: 22.0.207 - Ancestry.com, Inc.) Hidden
Fax (Version: 140.0.307.000 - Hewlett-Packard) Hidden
File Identifier version 1.0.3 (HKLM\...\File Identifier_is1) (Version: 1.0.3 - )
File Viewer version 1.0.2 (HKLM\...\{C8B24B83-920A-446E-B027-38F72C9D8898}_is1) (Version: 1.0.2 - Sharpened Productions)
Firefox Free Download Packages (HKU\S-1-5-21-758451956-1520791384-1717137910-500\...\Firefox Free Download Packages) (Version: - ) <==== ATTENTION
FloatLED v1.12 (HKLM\...\FloatLED_is1) (Version: - Stone Oakvalley Studios)
Free File Viewer 2012 (HKLM\...\FreeFileViewer_is1) (Version: 2012.10.9.0 - Bitberry Software) <==== ATTENTION
Free Viewer (HKLM\...\{5EF92F52-FA16-4CA6-A204-811524BEE514}_is1) (Version: 1.0 - Free Viewer, LLC)
GDR 4033 for SQL Server 2008 R2 (KB2977320) (HKLM\...\KB2977320) (Version: 10.52.4033.0 - Microsoft Corporation)
Genelines Universal Edition (HKLM\...\{025D5191-E9A3-43A2-AA73-FE130DE0E0D8}) (Version: 2.4 - Progeny Genealogy Inc.)
Glance 2.9 (HKLM\...\Glance_is1) (Version: - Glance Networks, Inc.)
Google Chrome (HKLM\...\Google Chrome) (Version: 40.0.2214.93 - Google Inc.)
Google Earth (HKLM\...\{4D2A6330-2F8B-11E3-9C40-B8AC6F97B88E}) (Version: 7.1.2.2041 - Google)
Google Toolbar for Internet Explorer (HKLM\...\{2318C2B1-4965-11d4-9B18-009027A5CD4F}) (Version: 7.5.5111.1712 - Google Inc.)
Google Toolbar for Internet Explorer (Version: 1.0.0 - Google Inc.) Hidden
Google Update Helper (Version: 1.3.25.11 - Google Inc.) Hidden
GoToAssist Corporate (HKLM\...\GoToAssist) (Version: 10.4.0.917 - Citrix Online, a division of Citrix Systems, Inc.)
GPBaseService2 (Version: 140.0.297.000 - Hewlett-Packard) Hidden
Greenshot 1.1.5.2643 (HKLM\...\Greenshot_is1) (Version: 1.1.5.2643 - Greenshot)
HHD Software Free Hex Editor Neo 5.14 (HKLM\...\{8EB85C0E-DE7D-4A53-BD66-708B8F2C80B0}) (Version: 5.14.0.4787 - HHD Software, Ltd.)
HP Customer Participation Program 14.0 (HKLM\...\HPExtendedCapabilities) (Version: 14.0 - HP)
HP Imaging Device Functions 14.0 (HKLM\...\HP Imaging Device Functions) (Version: 14.0 - HP)
HP Photo Creations (HKLM\...\HP Photo Creations) (Version: 1.0.0.2024 - HP Photo Creations Powered by RocketLife)
HP Photosmart All-In-One Driver Software (HKLM\...\{A96C5DB7-40F9-46DD-B36F-9E657D1D9E04}) (Version: 14.0 - HP)
HP Solution Center 14.0 (HKLM\...\HP Solution Center & Imaging Support Tools) (Version: 14.0 - HP)
HP Update (HKLM\...\{912D30CF-F39E-4B31-AD9A-123C6B794EE2}) (Version: 5.005.002.002 - Hewlett-Packard)
HPDiagnosticAlert (Version: 1.00.0000 - Microsoft) Hidden
HPPhotoGadget (Version: 140.0.524.000 - Hewlett-Packard) Hidden
HPProductAssistant (Version: 140.0.298.000 - Hewlett-Packard) Hidden
HPSSupply (Version: 140.0.297.000 - Hewlett-Packard) Hidden
IconRestorer 1.0.8.1 SR1 (HKLM\...\IconRestorer Free_is1) (Version: - FSL - FreeSoftLand)
Intel® Management Engine Components (HKLM\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 9.5.15.1730 - Intel Corporation)
IrfanView (remove only) (HKLM\...\IrfanView) (Version: 4.37 - Irfan Skiljan)
iSEEK AnswerWorks English Runtime (HKLM\...\{18A8E78B-9EF2-496E-B310-BCD8E4C1DAB3}) (Version: 010.000.0101 - Vantage Linguistics)
ISO to USB (HKLM\...\{D08A30AC-A663-4EA8-8D81-B98E17F19F1C}_is1) (Version: - isotousb.com)
Java 8 Update 31 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F83218031F0}) (Version: 8.0.310 - Oracle Corporation)
KeyboardTest V3.0 (HKLM\...\KeyboardTest_is1) (Version: - PassMark Software)
K-Lite Codec Pack 7.0.0 (Standard) (HKLM\...\KLiteCodecPack_is1) (Version: 7.0.0 - )
Leawo Blu-ray Copy version 7.1.0.7 (HKLM\...\{9B97E64D-B46A-4453-8AC5-664F7D2729AA}_is1) (Version: 7.1.0.7 - Leawo Software)
Legacy 8.0 (HKLM\...\Legacy 8.0) (Version: 8.0 - Millennia Corporation)
LifeGlobe Sharks, Terrors of the Deep 2 (HKLM\...\LifeGlobe Sharks, Terrors of the Deep 2_is1) (Version: 2.0 - Prolific Publishing, Inc.)
Logitech SetPoint 6.65 (HKLM\...\sp6) (Version: 6.65.62 - Logitech)
Logitech Webcam Software (HKLM\...\{D40EB009-0499-459c-A8AF-C9C110766215}) (Version: 2.51 - Logitech Inc.)
Magical Jelly Bean KeyFinder (HKLM\...\KeyFinder_is1) (Version: 2.0.8.2 - Magical Jelly Bean)
MahJong Suite 2013 v10.0 (HKLM\...\MahJong Suite_is1) (Version: 10.0 - TreeCardGames)
Malwarebytes Anti-Malware version 2.0.4.1028 (HKLM\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.4.1028 - Malwarebytes Corporation)
MarketResearch (Version: 140.0.299.000 - Hewlett-Packard) Hidden
Microsoft Office Professional Plus 2010 (HKLM\...\Office14.PROPLUSR) (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft SQL Server 2008 R2 (HKLM\...\Microsoft SQL Server 2008 R2) (Version: - Microsoft Corporation)
Microsoft SQL Server 2008 R2 Management Objects (HKLM\...\{B692E59A-055C-43B7-BE0A-9C2FE0AB88B6}) (Version: 10.50.1600.1 - Microsoft Corporation)
Microsoft SQL Server 2008 R2 Native Client (HKLM\...\{54C78F26-C830-4FFC-AD4B-791B099A2C41}) (Version: 10.52.4033.0 - Microsoft Corporation)
Microsoft SQL Server 2008 R2 Setup (English) (HKLM\...\{DAB2D121-A8A3-4E92-A7E5-4319F928735F}) (Version: 10.52.4033.0 - Microsoft Corporation)
Microsoft SQL Server 2012 Express LocalDB (HKLM\...\{485DE620-A598-4481-ACDC-61734504DB74}) (Version: 11.0.2318.0 - Microsoft Corporation)
Microsoft SQL Server 2012 Management Objects (HKLM\...\{DA1C1761-5F4F-4332-AB9D-29EDF3F8EA0A}) (Version: 11.0.2100.60 - Microsoft Corporation)
Microsoft SQL Server 2012 Native Client (HKLM\...\{83C7F964-AC58-4104-B613-B4D0F61DA8CD}) (Version: 11.0.2100.60 - Microsoft Corporation)
Microsoft SQL Server System CLR Types (HKLM\...\{A47FD1BF-A815-4A76-BE65-53A15BD5D25D}) (Version: 10.50.1600.1 - Microsoft Corporation)
Microsoft System CLR Types for SQL Server 2012 (HKLM\...\{E2082604-4BA5-44BB-BBFB-AF0F3CB8C6AB}) (Version: 11.0.2100.60 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{A49F249F-0C91-497F-86DF-B2585E8E76B7}) (Version: 8.0.50727.42 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
MiniTool Partition Wizard Home Edition 8.1.1 (HKLM\...\{05D996FA-ADCB-4D23-BA3C-A7C184A8FAC6}_is1) (Version: - MiniTool Solution Ltd.)
Mirage Anti-Bot version 3.0.2 (HKLM\...\Mirage Anti-Bot_is1) (Version: 3.0.2 - Phrozen ® Software 2013.)
Mozilla Firefox 35.0.1 (x86 en-US) (HKLM\...\Mozilla Firefox 35.0.1 (x86 en-US)) (Version: 35.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 29.0 - Mozilla)
MSXML 4.0 SP2 (KB954430) (HKLM\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
My Uninstaller Pro v2.2 (HKLM\...\My Uninstaller Pro_is1) (Version: 2.2 - Large Software)
Nero 2015 (HKLM\...\{763EF8DC-4CC0-47CA-BE1C-BDE731462250}) (Version: 16.0.02900 - Nero AG)
Nero Info (HKLM\...\{B791E0AB-87A9-41A4-8D98-D13C2E37D928}) (Version: 16.0.1003 - Nero AG)
Nero Prerequisite Installer 1.0 (HKLM\...\{011E92F1-AF76-4983-8707-79F8F1956439}) (Version: 11.0.11500 - Nero AG)
Network (Version: 140.0.306.000 - Hewlett-Packard) Hidden
Norton Internet Security (HKLM\...\NIS) (Version: 21.6.0.32 - Symantec Corporation)
novaPDF v7 (novaPDF 7.7 printer) (HKLM\...\novaPDF v7_is1) (Version: - Softland)
NutriBase (HKLM\...\NutriBase) (Version: 11.61 - CyberSoft, Inc.)
NVIDIA 3D Vision Controller Driver 275.33 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB) (Version: 275.33 - NVIDIA Corporation)
NVIDIA 3D Vision Driver 340.52 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 340.52 - NVIDIA Corporation)
NVIDIA Graphics Driver 340.52 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 340.52 - NVIDIA Corporation)
NVIDIA HD Audio Driver 1.3.30.1 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.30.1 - NVIDIA Corporation)
NVIDIA PhysX System Software 9.10.0514 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.10.0514 - NVIDIA Corporation)
NVIDIA Update 10.4.0 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update) (Version: 10.4.0 - NVIDIA Corporation)
OCR Software by I.R.I.S. 14.0 (HKLM\...\HPOCR) (Version: 14.0 - HP)
ON_OFF Charge B11.1102.1 (HKLM\...\{3DECD372-76A1-4483-BF10-B547790A3261}) (Version: 1.00.0001 - GIGABYTE)
PDF Suite 2015 (HKLM\...\{6C296082-AD1D-49E3-BDFD-C53219121297}) (Version: 12.0.3.19718 - Interactive Brands Malta Limited)
Platform (Version: 1.39 - VIA Technologies, Inc.) Hidden
Prerequisite installer (Version: 16.0.0000 - Nero AG) Hidden
ProSafe Plus Utility (HKLM\...\InstallShield_{AA42EDB4-A4F2-4386-A0BD-3CF8C3B71BF2}) (Version: 2.2.26 - NetGear)
ProSafe Plus Utility (Version: 2.2.26 - NetGear) Hidden
PS_AIO_02_ProductContext (Version: 140.0.425.000 - Hewlett-Packard) Hidden
PS_AIO_02_Software (Version: 140.0.425.000 - Hewlett-Packard) Hidden
PS_AIO_02_Software_Min (Version: 140.0.425.000 - Hewlett-Packard) Hidden
Quicken 2015 (HKLM\...\{00C2D443-43D9-4550-ABEA-318288E23E57}) (Version: 24.1.4.19 - Intuit)
SAMSUNG USB Driver for Mobile Phones (HKLM\...\{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}) (Version: 1.5.22.0 - SAMSUNG Electronics Co., Ltd.)
Scan (Version: 140.0.253.000 - Hewlett-Packard) Hidden
SeaTools for Windows (HKLM\...\{98613C99-1399-416C-A07C-1EE1C585D872}) (Version: 1.2.0.7 - Seagate Technology)
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{DE28B448-32E8-4E8F-84F0-A52B21A49B5B}) (Version: - Microsoft)
Service Pack 2 for SQL Server 2008 R2 (KB2630458) (HKLM\...\KB2630458) (Version: 10.52.4000.0 - Microsoft Corporation)
ShellFolderFix 1.1.4 (HKLM\...\{3DD823AB-145A-4522-B9F6-A9566121F837}_is1) (Version: - )
Shop for HP Supplies (HKLM\...\Shop for HP Supplies) (Version: 14.0 - HP)
SketchUp 2015 (HKLM\...\{72FCCE6E-98AB-4953-AF89-772DF0704E11}) (Version: 15.1.105 - Trimble Navigation Limited)
Skype Click to Call (HKLM\...\{6D1221A9-17BF-4EC0-81F2-27D30EC30701}) (Version: 7.3.16540.9015 - Microsoft Corporation)
Skype 6.22 (HKLM\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 6.22.107 - Skype Technologies S.A.)
SolutionCenter (Version: 140.0.299.000 - Hewlett-Packard) Hidden
SQL Server 2008 R2 SP2 Common Files (Version: 10.52.4000.0 - Microsoft Corporation) Hidden
SQL Server 2008 R2 SP2 Database Engine Services (Version: 10.52.4000.0 - Microsoft Corporation) Hidden
SQL Server 2008 R2 SP2 Database Engine Shared (Version: 10.52.4000.0 - Microsoft Corporation) Hidden
Sql Server Customer Experience Improvement Program (Version: 10.50.1600.1 - Microsoft Corporation) Hidden
Status (Version: 140.0.342.000 - Hewlett-Packard) Hidden
SUABnR (HKLM\...\InstallShield_{2485354C-6B65-4978-BB91-CCE61442377B}) (Version: 1.1.0.13082_1 - Samsung Electronics Co., Ltd.)
SUABnR (Version: 1.1.0.13082_1 - Samsung Electronics Co., Ltd.) Hidden
The Complete National Geographic (HKLM\...\The Complete National Geographic 1.66) (Version: 1.66 - National Geographic)
The Complete National Geographic (Version: 1.66 build 1251 - National Geographic Society) Hidden
The Complete National Geographic (Version: 1.66.1251 - National Geographic Society) Hidden
The Food Processor SQL (HKLM\...\{4AF5F76D-3E12-4952-B207-D114BB324034}) (Version: 10.14.0 - ESHA Research Inc.)
ThumbsPlus (HKU\S-1-5-21-758451956-1520791384-1717137910-500\...\ThumbsPlus) (Version: - Cerious Software Inc.)
ThumbsPlus (Version: 9.0.0.3935 - Cerious Software Inc.) Hidden
ThumbsPlus Tutorials (HKLM\...\ThumbsPlus Tutorials) (Version: - )
Toolbox (Version: 140.0.596.000 - Hewlett-Packard) Hidden
TrayApp (Version: 140.0.297.000 - Hewlett-Packard) Hidden
TurboCAD Deluxe 20 32 bit (HKLM\...\{A9B517B1-E340-40D2-AA7D-E421570070F2}) (Version: 20.2.533 - IMSIDesign)
TurboCAD Deluxe 20 Symbols (HKLM\...\{7E2CB68B-8D1D-4478-B7AC-2900EFF742AA}) (Version: 20.0.0 - IMSIDesign)
TurboTax 2011 (HKLM\...\TurboTax 2011) (Version: - Intuit, Inc)
TurboTax 2012 (HKLM\...\TurboTax 2012) (Version: 2012.0 - Intuit, Inc)
TurboTax 2013 (HKLM\...\TurboTax 2013) (Version: 2013.0 - Intuit, Inc)
TurboTax 2014 (HKLM\...\TurboTax 2014) (Version: 2014.0 - Intuit, Inc)
UltraEdit 16.00 (HKLM\...\{C6DDE2AE-8E63-48C4-89C5-EACD4AC6E665}) (Version: 16.00.33 - IDM Computer Solutions, Inc.)
Verizon Wireless Software Upgrade Assistant - Samsung(ar) (HKLM\...\{7D75F678-4499-436C-B219-9E6DC24EE82D}) (Version: 2.13.0903 - Samsung Electronics Co., Ltd.)
Verizon Wireless Software Utility Application for Android - Samsung (HKLM\...\{2B15112E-0FEF-42C2-8B36-B76CD995FD47}) (Version: 2.13.0901 - Samsung Electronics Co., Ltd.)
VIA Platform Device Manager (HKLM\...\InstallShield_{20D4A895-748C-4D88-871C-FDB1695B0169}) (Version: 1.39 - VIA Technologies, Inc.)
Visual Site Designer (HKLM\...\{5FA08EAD-6532-4609-9E78-DBBEBE9AE6D2}) (Version: 7.0.82 - CoffeeCup Software)
VLC media player 2.1.0 (HKLM\...\VLC media player) (Version: 2.1.0 - VideoLAN)
WD Quick View (HKLM\...\{1B08B793-BB08-4643-9914-5E090743B174}) (Version: 2.1.0.11 - Western Digital Technologies, Inc.)
WD SmartWare (HKLM\...\{EA0BE08C-2434-4F68-9B85-2E9F67477BE2}) (Version: 2.1.0.11 - Western Digital Technologies, Inc.)
WD SmartWare Installer (HKLM\...\{b562e350-d8f0-4ff8-aa59-2c5fb99952e2}) (Version: 2.1.0.11 - Western Digital Technologies, Inc.)
WeatherBug (HKLM\...\{DAFA6315-EAE5-4B9E-9D18-0DC51D1DB0F0}) (Version: 7.0.0.12 - Earth Networks, Inc.)
Web Image Studio (HKLM\...\{9D34DBEF-C329-426E-B07E-2C772F8463D9}) (Version: 1.1.3716 - CoffeeCup Software)
WebReg (Version: 140.0.297.017 - Hewlett-Packard) Hidden
WindowManager (HKLM\...\WindowManager) (Version: 3.3.3 - DeskSoft)
Windows Automated Installation Kit (HKLM\...\{31E8F586-4EF7-4500-844D-BA8756474FF1}) (Version: 2.0.0.0 - Microsoft Corporation)
Windows Media Encoder 9 Series (HKLM\...\Windows Media Encoder 9) (Version: - )
Windows XP Mode (HKLM\...\{1374CC63-B520-4f3f-98E8-E9020BF01CFF}) (Version: 1.3.7600.16423 - Microsoft Corporation)
WinPcap 4.1.3 (HKLM\...\WinPcapInst) (Version: 4.1.0.2980 - Riverbed Technology, Inc.)
WinSudoku (HKLM\...\{B3D7648D-104F-442D-9D1B-44A5016D74DB}) (Version: 1.0.0 - WinSudoku)
WinZip 18.5 (HKLM\...\{CD95F661-A5C4-44F5-A6AA-ECDD91C240E2}) (Version: 18.5.11111 - WinZip Computing, S.L. )
Wood Movement Calculator 1.0 (HKLM\...\Wood Movement Calculator_is1) (Version: - Larry Marker)
ZipDownloader (HKLM\...\ZipDownloader) (Version: - )

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)

CustomCLSID: HKU\S-1-5-21-758451956-1520791384-1717137910-1000_Classes\CLSID\{0000002F-0000-0000-C000-000000000046}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-758451956-1520791384-1717137910-1000_Classes\CLSID\{00020420-0000-0000-C000-000000000046}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-758451956-1520791384-1717137910-1000_Classes\CLSID\{00020421-0000-0000-C000-000000000046}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-758451956-1520791384-1717137910-1000_Classes\CLSID\{00020422-0000-0000-C000-000000000046}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-758451956-1520791384-1717137910-1000_Classes\CLSID\{00020423-0000-0000-C000-000000000046}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-758451956-1520791384-1717137910-1000_Classes\CLSID\{00020424-0000-0000-C000-000000000046}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-758451956-1520791384-1717137910-1000_Classes\CLSID\{00020425-0000-0000-C000-000000000046}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-758451956-1520791384-1717137910-1000_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Users\Larry\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-758451956-1520791384-1717137910-1000_Classes\CLSID\{016D58C4-CF57-48A8-89CB-B8D9537DA2CC}\InprocServer32 -> C:\Program Files\IMSIDesign\TCW15\Program\Regens\FoundationPlan.dll No File
CustomCLSID: HKU\S-1-5-21-758451956-1520791384-1717137910-1000_Classes\CLSID\{056ADF40-C1D0-4CEB-94D2-4B82CB2C25F4}\InprocServer32 -> C:\Program Files\IMSIDesign\TCW20\Program\Ties\SolidBodyTie.dll (IMSIDesign, LLC)
CustomCLSID: HKU\S-1-5-21-758451956-1520791384-1717137910-1000_Classes\CLSID\{0BE35203-8F91-11CE-9DE3-00AA004BB851}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-758451956-1520791384-1717137910-1000_Classes\CLSID\{0BE35204-8F91-11CE-9DE3-00AA004BB851}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-758451956-1520791384-1717137910-1000_Classes\CLSID\{0D818D11-C218-4799-AE9D-FCD1811B978A}\InprocServer32 -> C:\Program Files\IMSIDesign\TCW15\Program\Draggers\OffsetPolyline.dll No File
CustomCLSID: HKU\S-1-5-21-758451956-1520791384-1717137910-1000_Classes\CLSID\{1030CDF2-4B81-47F2-A9A8-33AA24A753EC}\InprocServer32 -> C:\Program Files\IMSIDesign\TCW20\Program\Draggers\TCmark.dll (IMSIDesign, LLC)
CustomCLSID: HKU\S-1-5-21-758451956-1520791384-1717137910-1000_Classes\CLSID\{130E8ABC-A163-43b5-B9E5-A31C1B1CB7B4}\InprocServer32 -> C:\Program Files\IMSIDesign\TCW20\Program\Draggers\BPMngr.dll (IMSIDesign, LLC)
CustomCLSID: HKU\S-1-5-21-758451956-1520791384-1717137910-1000_Classes\CLSID\{15544F60-D775-4962-BEB4-E580346B1591}\InprocServer32 -> C:\Program Files\IMSIDesign\TCW20\Program\Ties\ScetchTie.dll (IMSIDesign, LLC)
CustomCLSID: HKU\S-1-5-21-758451956-1520791384-1717137910-1000_Classes\CLSID\{1E72E725-BF17-43D0-BFF1-DBC70C53EC33}\InprocServer32 -> C:\Program Files\IMSIDesign\TCW20\Program\Regens\DatumRef.dll (IMSIDesign, LLC)
CustomCLSID: HKU\S-1-5-21-758451956-1520791384-1717137910-1000_Classes\CLSID\{1F5A6ED8-96DF-44E4-9BF2-05D7341C47B3}\InprocServer32 -> C:\Program Files\IMSIDesign\TCW20\Program\Draggers\CopyInPlace.dll (IMSIDesign, LLC)
CustomCLSID: HKU\S-1-5-21-758451956-1520791384-1717137910-1000_Classes\CLSID\{28A80F2D-0869-4E55-B0B3-0E44E64DC4C6}\InprocServer32 -> C:\Program Files\IMSIDesign\TCW20\Program\Draggers\ExtRefManager.dll (IMSIDesign, LLC)
CustomCLSID: HKU\S-1-5-21-758451956-1520791384-1717137910-1000_Classes\CLSID\{2B904934-6DDD-4546-A20B-29BAB1FA3486}\InprocServer32 -> C:\Program Files\IMSIDesign\TCW20\Program\Draggers\CopyInPlace.dll (IMSIDesign, LLC)
CustomCLSID: HKU\S-1-5-21-758451956-1520791384-1717137910-1000_Classes\CLSID\{2C10CA50-05D0-11D2-8697-0000B46B691D}\InprocServer32 -> C:\Program Files\IMSIDesign\TCW20\Program\Ties\ObjectTie.dll (IMSIDesign, LLC)
CustomCLSID: HKU\S-1-5-21-758451956-1520791384-1717137910-1000_Classes\CLSID\{30B60A3C-27E0-47DA-BA41-4D6A00FF2F31}\InprocServer32 -> C:\Program Files\IMSIDesign\TCW20\Program\Draggers\PlaneBool.dll (IMSIDesign, LLC)
CustomCLSID: HKU\S-1-5-21-758451956-1520791384-1717137910-1000_Classes\CLSID\{443E0383-3F0F-4ABF-93B8-885915F56C6F}\InprocServer32 -> C:\Program Files\IMSIDesign\TCW15\Program\Draggers\JointPolyline.dll No File
CustomCLSID: HKU\S-1-5-21-758451956-1520791384-1717137910-1000_Classes\CLSID\{46763EE0-CAB2-11CE-8C20-00AA0051E5D4}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-758451956-1520791384-1717137910-1000_Classes\CLSID\{49E39851-1FC0-11D2-8698-0000B46B691D}\InprocServer32 -> C:\Program Files\IMSIDesign\TCW20\Program\Ties\SmartHatch.dll (IMSIDesign, LLC)
CustomCLSID: HKU\S-1-5-21-758451956-1520791384-1717137910-1000_Classes\CLSID\{5153A083-1A0E-4146-8DBB-50982700BF7E}\InprocServer32 -> C:\Program Files\IMSIDesign\TCW15\Program\Regens\ScheduleIntoBlock.dll No File
CustomCLSID: HKU\S-1-5-21-758451956-1520791384-1717137910-1000_Classes\CLSID\{52023F65-3227-49CE-B330-EC460C8AA92A}\InprocServer32 -> C:\Program Files\IMSIDesign\TCW20\Program\Regens\GeoData.dll (IMSIDesign, LLC)
CustomCLSID: HKU\S-1-5-21-758451956-1520791384-1717137910-1000_Classes\CLSID\{554EDBD6-7585-40C5-9713-180E76DAC4FC}\InprocServer32 -> C:\Program Files\IMSIDesign\TCW20\Program\Regens\TCImage.dll (IMSIDesign, LLC)
CustomCLSID: HKU\S-1-5-21-758451956-1520791384-1717137910-1000_Classes\CLSID\{5B60CCED-F564-43BA-802B-01183FAA0A84}\InprocServer32 -> C:\Program Files\IMSIDesign\TCW20\Program\Draggers\TCImageTool.dll (IMSIDesign, LLC)
CustomCLSID: HKU\S-1-5-21-758451956-1520791384-1717137910-1000_Classes\CLSID\{5EAA79C8-B810-45EC-B85E-7C264F73A019}\InprocServer32 -> C:\Program Files\IMSIDesign\TCW15\Program\Draggers\PlaneBool.dll No File
CustomCLSID: HKU\S-1-5-21-758451956-1520791384-1717137910-1000_Classes\CLSID\{6A481001-E531-11CF-A115-00A024158DAF}\localserver32 -> C:\Program Files\IMSIDesign\TCW20\Program\tcw20.exe (IMSIDesign, LLC)
CustomCLSID: HKU\S-1-5-21-758451956-1520791384-1717137910-1000_Classes\CLSID\{6A481002-E531-11CF-A115-00A024158DAF}\localserver32 -> C:\Program Files\IMSIDesign\TCW20\Program\tcw20.exe (IMSIDesign, LLC)
CustomCLSID: HKU\S-1-5-21-758451956-1520791384-1717137910-1000_Classes\CLSID\{6A481003-E531-11CF-A115-00A024158DAF}\localserver32 -> C:\Program Files\IMSIDesign\TCW20\Program\tcw20.exe (IMSIDesign, LLC)
CustomCLSID: HKU\S-1-5-21-758451956-1520791384-1717137910-1000_Classes\CLSID\{6A481004-E531-11CF-A115-00A024158DAF}\localserver32 -> C:\Program Files\IMSIDesign\TCW20\Program\tcw20.exe (IMSIDesign, LLC)
CustomCLSID: HKU\S-1-5-21-758451956-1520791384-1717137910-1000_Classes\CLSID\{6A481005-E531-11CF-A115-00A024158DAF}\localserver32 -> C:\Program Files\IMSIDesign\TCW20\Program\tcw20.exe (IMSIDesign, LLC)
CustomCLSID: HKU\S-1-5-21-758451956-1520791384-1717137910-1000_Classes\CLSID\{6A481100-E531-11CF-A115-00A024158DAF}\InprocServer32 -> C:\Program Files\IMSIDesign\TCW20\Program\ImsigxPS20.dll (IMSIDesign, LLC)
CustomCLSID: HKU\S-1-5-21-758451956-1520791384-1717137910-1000_Classes\CLSID\{6A481801-E531-11CF-A115-00A024158DAF}\InprocServer32 -> C:\Program Files\IMSIDesign\TCW20\Program\IMSIGX20.dll (IMSIDesign, LLC)
CustomCLSID: HKU\S-1-5-21-758451956-1520791384-1717137910-1000_Classes\CLSID\{6A481802-E531-11CF-A115-00A024158DAF}\InprocServer32 -> C:\Program Files\IMSIDesign\TCW20\Program\IMSIGX20.dll (IMSIDesign, LLC)
CustomCLSID: HKU\S-1-5-21-758451956-1520791384-1717137910-1000_Classes\CLSID\{6A481803-E531-11CF-A115-00A024158DAF}\InprocServer32 -> C:\Program Files\IMSIDesign\TCW20\Program\IMSIGX20.dll (IMSIDesign, LLC)
CustomCLSID: HKU\S-1-5-21-758451956-1520791384-1717137910-1000_Classes\CLSID\{6A481804-E531-11CF-A115-00A024158DAF}\InprocServer32 -> C:\Program Files\IMSIDesign\TCW20\Program\IMSIGX20.dll (IMSIDesign, LLC)
CustomCLSID: HKU\S-1-5-21-758451956-1520791384-1717137910-1000_Classes\CLSID\{6A481805-E531-11CF-A115-00A024158DAF}\InprocServer32 -> C:\Program Files\IMSIDesign\TCW20\Program\IMSIGX20.dll (IMSIDesign, LLC)
CustomCLSID: HKU\S-1-5-21-758451956-1520791384-1717137910-1000_Classes\CLSID\{6A482001-E531-11CF-A115-00A024158DAF}\InprocServer32 -> C:\Program Files\IMSIDesign\TCW20\Program\imsigxext\gxext20.dll (IMSIDesign, LLC)
CustomCLSID: HKU\S-1-5-21-758451956-1520791384-1717137910-1000_Classes\CLSID\{6A482002-E531-11CF-A115-00A024158DAF}\InprocServer32 -> C:\Program Files\IMSIDesign\TCW20\Program\imsigxext\gxext20.dll (IMSIDesign, LLC)
CustomCLSID: HKU\S-1-5-21-758451956-1520791384-1717137910-1000_Classes\CLSID\{6A482003-E531-11CF-A115-00A024158DAF}\InprocServer32 -> C:\Program Files\IMSIDesign\TCW20\Program\imsigxext\gxext20.dll (IMSIDesign, LLC)
CustomCLSID: HKU\S-1-5-21-758451956-1520791384-1717137910-1000_Classes\CLSID\{6E1099B5-A2D4-11D5-BA2B-00C0DF0625A5}\InprocServer32 -> C:\Program Files\IMSIDesign\TCW20\Program\Draggers\RevisionCloud.dll (IMSIDesign, LLC)
CustomCLSID: HKU\S-1-5-21-758451956-1520791384-1717137910-1000_Classes\CLSID\{75F17666-0783-4450-A649-2B434C1EBB34}\InprocServer32 -> C:\Program Files\IMSIDesign\TCW20\Program\Draggers\PickInside.dll (IMSIDesign, LLC)
CustomCLSID: HKU\S-1-5-21-758451956-1520791384-1717137910-1000_Classes\CLSID\{7657D07B-63D1-480B-B9E5-839E458E659E}\InprocServer32 -> C:\Program Files\IMSIDesign\TCW20\Program\Ties\DimensionTie.dll (IMSIDesign, LLC)
CustomCLSID: HKU\S-1-5-21-758451956-1520791384-1717137910-1000_Classes\CLSID\{869A07B5-AA8A-4504-B701-754FBAECC26D}\InprocServer32 -> C:\Program Files\IMSIDesign\TCW15\Program\Regens\MarkerHouse.dll No File
CustomCLSID: HKU\S-1-5-21-758451956-1520791384-1717137910-1000_Classes\CLSID\{8BBD4228-2200-43B4-9940-5787A37F8428}\InprocServer32 -> C:\Program Files\IMSIDesign\TCW20\Program\Draggers\PlaneBool.dll (IMSIDesign, LLC)
CustomCLSID: HKU\S-1-5-21-758451956-1520791384-1717137910-1000_Classes\CLSID\{8FBFFBB2-64D0-4318-BD07-561CC8EE2084}\InprocServer32 -> C:\Program Files\IMSIDesign\TCW15\Program\Regens\AutoDimHouse.dll No File
CustomCLSID: HKU\S-1-5-21-758451956-1520791384-1717137910-1000_Classes\CLSID\{90E611F0-DE07-11D2-ABC3-0000B46B691D}\InprocServer32 -> C:\Program Files\IMSIDesign\TCW20\Program\Ties\ViewportTie.dll (IMSIDesign, LLC)
CustomCLSID: HKU\S-1-5-21-758451956-1520791384-1717137910-1000_Classes\CLSID\{99D040C9-BC79-44E2-BEC1-DE3636FA0320}\InprocServer32 -> C:\Program Files\IMSIDesign\TCW20\Program\Draggers\ChainPolyline.dll No File
CustomCLSID: HKU\S-1-5-21-758451956-1520791384-1717137910-1000_Classes\CLSID\{A8DE3A0F-0014-4D28-AF7F-76391DDB372C}\InprocServer32 -> C:\Program Files\IMSIDesign\TCW20\Program\Draggers\MultiAddToolVB.dll (IMSIDesign, LLC)
CustomCLSID: HKU\S-1-5-21-758451956-1520791384-1717137910-1000_Classes\CLSID\{B196B286-BAB4-101A-B69C-00AA00341D07}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-758451956-1520791384-1717137910-1000_Classes\CLSID\{b5456a09-836b-73c8-a2d6-f404608df8df0}\InprocServer32 -> 0x3167434241444E4A5A50582B6263384249414435762B466D6A714A5137367363662B4F456D386C3850704A3333446B6C77 (the data entry has 694 more characters).
CustomCLSID: HKU\S-1-5-21-758451956-1520791384-1717137910-1000_Classes\CLSID\{b5eedee0-c06e-11cf-8c56-444553540000}\InprocServer32 -> C:\Program Files\IDM Computer Solutions\UltraEdit\ue32ctmn.dll ()
CustomCLSID: HKU\S-1-5-21-758451956-1520791384-1717137910-1000_Classes\CLSID\{BF0BBC85-A311-11D3-A82D-00C0DF246524}\InprocServer32 -> C:\Program Files\IMSIDesign\TCW20\Program\TcTools\PalTool.dll (IMSIDesign, LLC)
CustomCLSID: HKU\S-1-5-21-758451956-1520791384-1717137910-1000_Classes\CLSID\{C1B747A9-D72B-4329-9587-2BAB772B2980}\InprocServer32 -> C:\Program Files\IMSIDesign\TCW20\Program\Draggers\CopyInPlace.dll (IMSIDesign, LLC)
CustomCLSID: HKU\S-1-5-21-758451956-1520791384-1717137910-1000_Classes\CLSID\{C7611519-B312-43D9-B3FF-A7EC31E55319}\InprocServer32 -> C:\Program Files\IMSIDesign\TCW15\Program\Regens\WindowHouse.dll No File
CustomCLSID: HKU\S-1-5-21-758451956-1520791384-1717137910-1000_Classes\CLSID\{C9ACD2AA-AB9F-40DE-AFBE-1350D6BCB291}\InprocServer32 -> C:\Program Files\IMSIDesign\TCW20\Program\Draggers\TCTrnTools.dll (IMSIDesign, LLC)
CustomCLSID: HKU\S-1-5-21-758451956-1520791384-1717137910-1000_Classes\CLSID\{D5DE8D20-5BB8-11D1-A1E3-00A0C90F2731}\InprocServer32 -> C:\Windows\system32\MSVBVM60.DLL (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-758451956-1520791384-1717137910-1000_Classes\CLSID\{D732323E-7207-465d-9924-BCBAFE352435}\InprocServer32 -> C:\Program Files\IMSIDesign\TCW20\Program\Ties\CompoundProfileTie.dll (IMSIDesign, LLC)
CustomCLSID: HKU\S-1-5-21-758451956-1520791384-1717137910-1000_Classes\CLSID\{DB450008-9764-11D6-819E-005056C00008}\localserver32 -> C:\Program Files\DU Meter\DUMeterSvc.exe (Hagel Technologies Ltd.)
CustomCLSID: HKU\S-1-5-21-758451956-1520791384-1717137910-1000_Classes\CLSID\{DF9B76D3-539B-42DC-B0A3-80B0664B2C01}\InprocServer32 -> C:\Program Files\IMSIDesign\TCW20\Program\TcTools\TcCfpLaunchTool.dll (IMSIDesign, LLC)
CustomCLSID: HKU\S-1-5-21-758451956-1520791384-1717137910-1000_Classes\CLSID\{E10BBB8C-5479-422D-AABB-6EA0816736B6}\InprocServer32 -> C:\Program Files\IMSIDesign\TCW20\Program\Draggers\PlaneBool.dll (IMSIDesign, LLC)
CustomCLSID: HKU\S-1-5-21-758451956-1520791384-1717137910-1000_Classes\CLSID\{E5151088-1C1D-47B9-887A-FCFEA8700C95}\InprocServer32 -> C:\Program Files\IMSIDesign\TCW15\Program\Draggers\TCmark.dll No File
CustomCLSID: HKU\S-1-5-21-758451956-1520791384-1717137910-1000_Classes\CLSID\{E830E884-1B3D-11D4-9BEE-00C0DF246524}\InprocServer32 -> C:\PROGRA~1\IMSIDE~1\TCW15\Program\TcTools\FPBRID~1.DLL No File
CustomCLSID: HKU\S-1-5-21-758451956-1520791384-1717137910-1000_Classes\CLSID\{E830E887-1B3D-11D4-9BEE-00C0DF246524}\InprocServer32 -> C:\PROGRA~1\IMSIDE~1\TCW15\Program\TcTools\FPBRID~1.DLL No File
CustomCLSID: HKU\S-1-5-21-758451956-1520791384-1717137910-1000_Classes\CLSID\{E906895A-189F-4113-87C0-18E1090D0FAB}\InprocServer32 -> C:\Program Files\IMSIDesign\TCW20\Program\Draggers\MultiAddToolVB.dll (IMSIDesign, LLC)
CustomCLSID: HKU\S-1-5-21-758451956-1520791384-1717137910-1000_Classes\CLSID\{EA533FD7-A49E-4661-A7F7-851B4A4FC511}\InprocServer32 -> C:\Program Files\IMSIDesign\TCW20\Program\Draggers\MultiAddToolVB.dll (IMSIDesign, LLC)
CustomCLSID: HKU\S-1-5-21-758451956-1520791384-1717137910-1000_Classes\CLSID\{F5125F6F-A84D-4830-AD78-A13E03B64185}\InprocServer32 -> C:\Program Files\IMSIDesign\TCW15\Program\Draggers\BPMngr.dll No File
CustomCLSID: HKU\S-1-5-21-758451956-1520791384-1717137910-1000_Classes\CLSID\{F6B5662B-3540-4923-937A-3BC8D9CAE568}\InprocServer32 -> C:\Program Files\IMSIDesign\TCW15\Program\Regens\doorhouse.dll No File
CustomCLSID: HKU\S-1-5-21-758451956-1520791384-1717137910-1000_Classes\CLSID\{F6F41304-02C7-43B1-99DE-FDC3DBFA3C56}\InprocServer32 -> C:\Program Files\IMSIDesign\TCW15\Program\Regens\NorthDirection.dll No File
CustomCLSID: HKU\S-1-5-21-758451956-1520791384-1717137910-1000_Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Larry\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-758451956-1520791384-1717137910-1000_Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Larry\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-758451956-1520791384-1717137910-1000_Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Larry\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-758451956-1520791384-1717137910-1000_Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Larry\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-758451956-1520791384-1717137910-1000_Classes\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Larry\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-758451956-1520791384-1717137910-1000_Classes\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Larry\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-758451956-1520791384-1717137910-1000_Classes\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Larry\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-758451956-1520791384-1717137910-1000_Classes\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Larry\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll (Dropbox, Inc.)

==================== Restore Points =========================

14-01-2015 09:14:00 Windows Update
16-01-2015 18:30:51 Installed TurboTax 2014 waliper
22-01-2015 18:15:37 Installed UltraEdit 16.00
28-01-2015 08:39:14 Windows Update

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2013-08-22 00:13 - 2015-01-30 11:37 - 00103102 ____R C:\WINDOWS\system32\Drivers\etc\hosts
127.0.0.1 clearyfitzgeralddentalpractice.ie
127.0.0.1 emilteleaga.cc
127.0.0.1 hackneyvslibrary.co.uk
127.0.0.1 london-historyes.org
127.0.0.1 shoefashionality.com
127.0.0.1 may2008.dyndns.info
127.0.0.1 menu.dyndns.biz
127.0.0.1 flashsoft.no-ip.biz
127.0.0.1 monagameel.chickenkiller.com
127.0.0.1 hatamaya.chickenkiller.com
127.0.0.1 powerhost.zapto.org
127.0.0.1 helpme.no-ip.biz
127.0.0.1 mjed10.no-ip.info
127.0.0.1 good.zapto.org
127.0.0.1 hint.zapto.org
127.0.0.1 hint1.zapto.org
127.0.0.1 natco1.no-ip.net
127.0.0.1 natco2.no-ip.net
127.0.0.1 natco3.no-ip.net
127.0.0.1 natco4.no-ip.net
127.0.0.1 loading.myftp.org
127.0.0.1 skype.servemp3.com
127.0.0.1 test.cable-modem.org
127.0.0.1 idf.blogsite.org
127.0.0.1 javaupdate.no-ip.info
127.0.0.1 lokia.mine.nu
127.0.0.1 hint-sms.com
127.0.0.1 owner.no-ip.biz
127.0.0.1 remoteback.no-ip.biz

There are 1000 more lines.


==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

Task: {0B7870C6-4C43-4496-9BCB-8C6607FF52CF} - System32\Tasks\Microsoft\Windows\Media Center\mcupdate_scheduled => C:\WINDOWS\ehome\mcupdate.exe
Task: {10BBE3EC-35C5-4F6B-B9C2-4AC5E32E9B8C} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\WINDOWS\system32\MRT.exe [2015-01-14] (Microsoft Corporation)
Task: {1112C23C-7250-4E02-B505-A723DF1F0362} - System32\Tasks\Microsoft\Windows\Media Center\PvrRecoveryTask => C:\WINDOWS\ehome\mcupdate.exe
Task: {1BCB64C8-F8C4-4E8F-B04B-B88947718C86} - System32\Tasks\Microsoft\Windows\Media Center\UpdateRecordPath => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {1F7140E8-92C9-4C8A-AE92-0E5957B1FC3D} - System32\Tasks\{9A0E1FDE-B63F-4610-908E-0A55B5BD6CC9} => Iexplore.exe http://ui.skype.com/ui/0/6.5.0.158/en/abandoninstall?page=tsPlugin
Task: {263D1CF5-D29F-4C2F-BD82-8C50589A12A5} - System32\Tasks\Norton WSC Integration => C:\Program Files\Norton Internet Security\Engine\21.6.0.32\WSCStub.exe [2014-09-21] (Symantec Corporation)
Task: {2B4A2D27-53E9-495D-A60E-7A945A2FA06C} - System32\Tasks\Microsoft\Windows\Media Center\MediaCenterRecoveryTask => C:\WINDOWS\ehome\mcupdate.exe
Task: {2C9A0AAC-8DC4-4A7F-A2B6-3626D461CBB3} - System32\Tasks\Microsoft\Windows\Media Center\InstallPlayReady => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {347E30D9-127E-403E-9486-2A4A1AE9208E} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscoveryW1 => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {35B6728E-302D-49C2-9FE9-E198E1924863} - System32\Tasks\Microsoft\Windows\Media Center\ObjectStoreRecoveryTask => C:\WINDOWS\ehome\mcupdate.exe
Task: {3867D193-5F53-4478-AF5E-ADF7B6ED0C28} - System32\Tasks\Nero\Nero Info => C:\Program Files\Common Files\Nero\Nero Info\NeroInfo.exe [2014-07-21] (Nero AG)
Task: {3CD02AAF-0220-47FD-A6A8-D2EDC7276A72} - System32\Tasks\Norton Internet Security\Norton Error Processor => C:\Program Files\Norton Internet Security\Engine\21.6.0.32\SymErr.exe [2014-01-30] (Symantec Corporation)
Task: {3F70868C-F2E2-4994-8C52-D4B758A1D928} - System32\Tasks\Microsoft\Windows\Media Center\RegisterSearch => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {4F2CFDD0-6739-4073-B347-CE04A66E8316} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscovery => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {57872734-5607-4FEA-B707-9733DA8E156C} - System32\Tasks\WindowManager => C:\Program Files\WindowManager\WindowManager.exe [2014-02-08] (DeskSoft)
Task: {5A7E12E5-049C-4CAC-9E19-F621A9E8DD87} - System32\Tasks\Norton Internet Security\Norton Error Analyzer => C:\Program Files\Norton Internet Security\Engine\21.6.0.32\SymErr.exe [2014-01-30] (Symantec Corporation)
Task: {5DBE2568-1389-4AF8-B65C-8B2AE404625C} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2015-01-27] (Adobe Systems Incorporated)
Task: {634BAF4C-DB90-4790-AD78-8CD58279452D} - System32\Tasks\OfficeSoftwareProtectionPlatform\SvcRestartTask => Sc.exe start osppsvc
Task: {66655FA7-3CD3-4308-84F6-9E6F2A130370} - System32\Tasks\{0ADE96BB-366F-43DE-B394-857CC1BEAE47} => pcalua.exe -a C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\11\INTEL3~1\IDriver.exe -c /M{457D7505-D665-4F95-91C3-ECB8C56E9ACA}
Task: {6A50322E-99DA-4583-A59A-7CF188ADF8BC} - System32\Tasks\Microsoft\Windows\Media Center\OCURActivate => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {6BFCCD48-BDF1-4089-944F-2AD07E969C42} - System32\Tasks\Microsoft\Windows\Media Center\OCURDiscovery => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {71F92DF8-CD25-4EF7-BB88-849E2481EA99} - System32\Tasks\Microsoft\Windows\Media Center\RecordingRestart => C:\WINDOWS\ehome\ehrec.exe
Task: {7AF8E84D-3D14-41BE-AA91-73F0A82CD8EC} - System32\Tasks\GoogleUpdateTaskMachineCore1cec3efd5583227 => C:\Program Files\Google\Update\GoogleUpdate.exe [2013-05-16] (Google Inc.)
Task: {7C3F5E6E-837A-436B-8177-5D4912248AA0} - System32\Tasks\Microsoft\Windows\Media Center\ehDRMInit => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {8501EF70-ED43-47E3-A1BB-798FD2FA7D7E} - System32\Tasks\Microsoft\Windows\Media Center\ActivateWindowsSearch => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {8C820DF1-254B-439F-A8A2-64B36B34B90A} - System32\Tasks\Microsoft\Windows\Media Center\DispatchRecoveryTasks => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {99B6B40F-3B35-45C5-A975-471F4E56BE3F} - \Optimize Start Menu Cache Files-S-1-5-21-758451956-1520791384-1717137910-500 No Task File <==== ATTENTION
Task: {9E646D93-8D25-4274-9921-E12962DB6C0F} - \Optimize Start Menu Cache Files-S-1-5-21-758451956-1520791384-1717137910-1007 No Task File <==== ATTENTION
Task: {A45F5000-104E-4E7B-88E9-A3631CC82044} - System32\Tasks\Microsoft\Windows\Media Center\PeriodicScanRetry => C:\WINDOWS\ehome\MCUpdate.exe
Task: {AF2195C3-AD19-40F8-8B60-E93DC26E7C76} - System32\Tasks\Microsoft\Windows\Media Center\StartRecording => C:\WINDOWS\ehome\ehrec.exe
Task: {BF4EEF6F-72F3-4DDC-AE6E-09C7CC18D751} - System32\Tasks\{D8E17798-B26B-44CA-973F-4C797E4DD331} => Iexplore.exe http://www.skype.com/go/downloading?source=lightinstaller&amp;ver=6.5.0.158&amp;LastError=12029
Task: {C57B0365-9597-42F7-BC2D-5FDC5A05341A} - System32\Tasks\Secunia PSI Logon Task => C:\Program Files\Secunia\PSI\psi.exe
Task: {C780BC76-11B0-4B0E-AB82-7E56F1746705} - System32\Tasks\Microsoft\Windows\Media Center\PvrScheduleTask => C:\WINDOWS\ehome\mcupdate.exe
Task: {CEBD27EF-C7DF-4B23-BE57-14085DDD1D09} - System32\Tasks\Microsoft\Windows\Media Center\ReindexSearchRoot => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {D664F4D1-9CBE-4214-B4EB-B0E8D50A9D9C} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscoveryW2 => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {DBD9424A-F446-4D30-8386-88D6374DB406} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files\Google\Update\GoogleUpdate.exe [2013-05-16] (Google Inc.)
Task: {E7D8398C-4F5E-4BA6-8111-CF9AC44E7327} - \Optimize Start Menu Cache Files-S-1-5-21-758451956-1520791384-1717137910-1000 No Task File <==== ATTENTION
Task: {F83E15C7-ABBC-4A68-A2F3-D5747B639C0A} - System32\Tasks\Microsoft\Windows\Media Center\mcupdate => C:\WINDOWS\ehome\mcupdate.exe
Task: {FAFBE75B-CBDF-420A-ADC6-FFBCD35079F8} - System32\Tasks\Microsoft\Windows\Media Center\ConfigureInternetTimeService => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {FB734A0C-5A12-42F0-A0A0-0EF5B7DCCFE4} - System32\Tasks\Microsoft\Windows\Media Center\SqlLiteRecoveryTask => C:\WINDOWS\ehome\mcupdate.exe
Task: {FB7C8FAF-DF41-409A-B3A3-97093F049804} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2013-09-19] (Piriform Ltd)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\WINDOWS\Tasks\Adobe Flash Player Updater.job => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\WINDOWS\Tasks\FreeFileViewerUpdateChecker.job => C:\Program Files\FreeFileViewer\FFVCheckForUpdates.exe <==== ATTENTION
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore1cec3efd5583227.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe

==================== Loaded Modules (whitelisted) =============

2013-11-21 09:14 - 2013-11-21 09:14 - 00080528 _____ () C:\Program Files\EMET 4.1\EMET_CE.DLL
2013-10-23 13:02 - 2014-07-02 13:42 - 00107992 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax.dll
2014-10-11 13:06 - 2014-10-11 13:06 - 00073544 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
2014-10-11 13:05 - 2014-10-11 13:05 - 01044776 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
2015-01-07 20:43 - 2014-07-21 17:03 - 00934384 _____ () C:\Program Files\Common Files\Appkeys\yytool.exe
2013-03-27 21:36 - 2013-10-01 09:26 - 02627672 _____ () C:\Program Files\Acronis\TrueImageHome\tishell.dll
2013-09-04 23:14 - 2013-09-04 23:14 - 04300456 _____ () C:\Program Files\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF
2010-10-20 14:45 - 2010-10-20 14:45 - 08801120 _____ () C:\Program Files\Microsoft Office\Office14\1033\GrooveIntlResource.dll
2013-05-18 10:36 - 2010-09-28 17:52 - 00086528 _____ () C:\Program Files\ShellFolderFix\ShellFolderFix.dll
2013-05-16 18:11 - 2012-01-12 07:21 - 00080496 ____R () C:\Program Files\VIA\VIAudioi\VDeck\QsApoApi.dll
2013-05-16 18:11 - 2012-01-12 07:21 - 00113264 ____R () C:\Program Files\VIA\VIAudioi\VDeck\Dts2ApoApi.dll
2012-09-12 23:38 - 2012-09-12 23:38 - 02144104 _____ () C:\Program Files\Logitech\LWS\Webcam Software\QtCore4.dll
2012-09-12 23:38 - 2012-09-12 23:38 - 07955304 _____ () C:\Program Files\Logitech\LWS\Webcam Software\QtGui4.dll
2012-09-12 23:38 - 2012-09-12 23:38 - 00341352 _____ () C:\Program Files\Logitech\LWS\Webcam Software\QtXml4.dll
2012-09-12 23:38 - 2012-09-12 23:38 - 00028008 _____ () C:\Program Files\Logitech\LWS\Webcam Software\imageformats\QGif4.dll
2012-09-12 23:38 - 2012-09-12 23:38 - 00127336 _____ () C:\Program Files\Logitech\LWS\Webcam Software\imageformats\QJpeg4.dll
2012-09-12 23:38 - 2012-09-12 23:38 - 00264040 _____ () C:\Program Files\Logitech\LWS\Webcam Software\CameraHelperShell.exe
2012-09-12 23:39 - 2012-09-12 23:39 - 00336232 _____ () C:\Program Files\Common Files\logishrd\LWSPlugins\LWS\Applets\CameraHelper\DevManagerCore.dll
2014-02-04 17:25 - 2014-02-04 17:25 - 00036672 _____ () C:\Program Files\Acronis\TrueImageHome\qt_icontray_ex.dll
2014-02-04 17:25 - 2014-02-04 17:25 - 00028992 _____ () C:\Program Files\Common Files\Acronis\Home\thread_pool.dll
2015-01-07 20:12 - 2013-08-05 01:49 - 00627672 _____ () C:\Program Files\CyberLink\Power2Go8\CLMediaLibrary.dll
2013-08-05 15:48 - 2013-08-05 15:48 - 00016856 _____ () C:\Program Files\CyberLink\Power2Go8\CLMLSvcPS.dll
2014-10-21 18:22 - 2014-10-21 18:22 - 00750080 _____ () C:\Users\Larry\AppData\Roaming\Dropbox\bin\libGLESv2.dll
2015-01-30 12:38 - 2015-01-30 12:38 - 00043008 _____ () c:\users\larry\appdata\local\temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpjfg9zt.dll
2014-10-21 18:22 - 2014-10-21 18:22 - 00047616 _____ () C:\Users\Larry\AppData\Roaming\Dropbox\bin\libEGL.dll
2014-10-21 18:22 - 2014-10-21 18:22 - 00863744 _____ () C:\Users\Larry\AppData\Roaming\Dropbox\bin\plugins\platforms\qwindows.dll
2014-10-21 18:22 - 2014-10-21 18:22 - 00200704 _____ () C:\Users\Larry\AppData\Roaming\Dropbox\bin\plugins\imageformats\qjpeg.dll
2013-05-18 10:36 - 2010-09-28 17:52 - 01819648 _____ () C:\Program Files\ShellFolderFix\ShellFolderFixUI.exe
2013-10-01 10:00 - 2013-10-01 10:00 - 00022336 _____ () C:\Program Files\Acronis\TrueImageHome\ti_managers_proxy_stub.dll
2010-03-16 16:00 - 2010-03-16 16:00 - 00107008 _____ () C:\Program Files\IDM Computer Solutions\UltraEdit\ue32ctmn.dll
2014-01-21 20:11 - 2013-09-16 12:17 - 01242584 _____ () C:\Program Files\Intel\Intel® Management Engine Components\LMS\ACE.dll
2014-02-04 17:28 - 2014-02-04 17:28 - 00420160 _____ () C:\Program Files\Common Files\Acronis\Home\ulxmlrpcpp.dll

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)

AlternateDataStreams: C:\ProgramData\Reprise:wupeogjxldtlfudivq`qsp`26hfm
AlternateDataStreams: C:\ProgramData\TEMP:541E1530
AlternateDataStreams: C:\ProgramData\TEMP:BC359956
AlternateDataStreams: C:\Users\Public\DRM:احتضان

==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\GoToAssist => ""="Service"

==================== EXE Association (whitelisted) =============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)



HKU\S-1-5-21-758451956-1520791384-1717137910-1000\Software\Classes\.exe: => <===== ATTENTION!

==================== MSCONFIG/TASK MANAGER disabled items =========

(Currently there is no automatic fix for this section.)

MSCONFIG\Services: afcdpsrv => 2
MSCONFIG\Services: becldr3Service => 3
MSCONFIG\Services: EaseUS Agent => 2
MSCONFIG\Services: GoToAssist => 3
MSCONFIG\Services: Guard Agent => 2
MSCONFIG\Services: LBTServ => 3
MSCONFIG\Services: rpcapd => 3
MSCONFIG\Services: vToolbarUpdater17.0.1 => 2
MSCONFIG\Services: WDBackup => 2
MSCONFIG\startupfolder: C:^Users^Larry^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Data LifeGuard LifeLine Lite installer.lnk => C:\Windows\pss\Data LifeGuard LifeLine Lite installer.lnk.Startup
MSCONFIG\startupfolder: C:^Users^Larry^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OneNote 2010 Screen Clipper and Launcher.lnk => C:\Windows\pss\OneNote 2010 Screen Clipper and Launcher.lnk.Startup
MSCONFIG\startupreg: Adobe ARM => "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
MSCONFIG\startupreg: Corel File Shell Monitor => C:\Program Files\Corel\Corel Paint Shop Pro Photo X2\CorelIOMonitor.exe
MSCONFIG\startupreg: Corel Photo Downloader => "C:\Program Files\Common Files\Corel\Corel PhotoDownloader\Corel Photo Downloader.exe" -startup
MSCONFIG\startupreg: EMET Agent => "C:\Program Files\EMET 4.0\EMET_agent.exe"
MSCONFIG\startupreg: NBAgent => "C:\Program Files\Nero\Nero 10\Nero BackItUp\NBAgent.exe" /WinStart
MSCONFIG\startupreg: Skype => "C:\Program Files\Skype\Phone\Skype.exe" /minimized /regrun
MSCONFIG\startupreg: swg => "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
MSCONFIG\startupreg: vProt => "C:\Program Files\AVG SafeGuard toolbar\vprot.exe"
MSCONFIG\startupreg: WD Quick View => C:\Program Files\Western Digital\WD Quick View\WDDMStatus.exe
HKLM\...\StartupApproved\Run: => "EaseUs Watch"
HKLM\...\StartupApproved\Run: => "EaseUs Tray"
HKLM\...\StartupApproved\Run: => "Greenshot"
HKLM\...\StartupApproved\Run: => "dvd43"
HKLM\...\StartupApproved\Run: => "BingDesktop"
HKU\S-1-5-21-758451956-1520791384-1717137910-1000\...\StartupApproved\StartupFolder: => "Verizon Wireless Software Utility Application for Android Samsung.lnk"
HKU\S-1-5-21-758451956-1520791384-1717137910-500\...\StartupApproved\StartupFolder: => "NB11 Plus.lnk"

========================= Accounts: ==========================

Administrator (S-1-5-21-758451956-1520791384-1717137910-500 - Administrator - Enabled) => C:\Users\Administrator
Guest (S-1-5-21-758451956-1520791384-1717137910-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-758451956-1520791384-1717137910-1011 - Limited - Enabled)
Larry (S-1-5-21-758451956-1520791384-1717137910-1000 - Limited - Enabled) => C:\Users\Larry
lrmar_000 (S-1-5-21-758451956-1520791384-1717137910-1007 - Limited - Enabled) => C:\Users\lrmar_000

==================== Faulty Device Manager Devices =============

Name: Photosmart C6200 series
Description: Photosmart C6200 series
Class Guid: {4d36e971-e325-11ce-bfc1-08002be10318}
Manufacturer: HP
Service:
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.


==================== Event log errors: =========================

Application errors:
==================
Error: (01/30/2015 00:41:28 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: SetPoint.exe, version: 6.61.15.0, time stamp: 0x51f96ac5
Faulting module name: MSVCR90.dll, version: 9.0.30729.8387, time stamp: 0x51ea24a5
Exception code: 0x40000015
Fault offset: 0x0005beae
Faulting process id: 0x1408
Faulting application start time: 0xSetPoint.exe0
Faulting application path: SetPoint.exe1
Faulting module path: SetPoint.exe2
Report Id: SetPoint.exe3
Faulting package full name: SetPoint.exe4
Faulting package-relative application ID: SetPoint.exe5

Error: (01/30/2015 00:38:03 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: Explorer.EXE, version: 6.3.9600.17415, time stamp: 0x5450367b
Faulting module name: twinui.dll, version: 6.3.9600.17415, time stamp: 0x545039ac
Exception code: 0x80270249
Fault offset: 0x00288dfe
Faulting process id: 0x1580
Faulting application start time: 0xExplorer.EXE0
Faulting application path: Explorer.EXE1
Faulting module path: Explorer.EXE2
Report Id: Explorer.EXE3
Faulting package full name: Explorer.EXE4
Faulting package-relative application ID: Explorer.EXE5

Error: (01/30/2015 00:19:43 PM) (Source: EMET) (EventID: 42) (User: )
Description: EMET detected that the SSL certificate for "iecvlist.microsoft.com" is not trusted by the rule "MSLiveCA" associated with the domain "login.live.com"

Certificates details:

[SSL CERTIFICATE]
SubjectName : CN=*.vo.msecnd.net
Issuer CA : CN=Microsoft IT SSL SHA2, OU=Microsoft IT, O=Microsoft Corporation, L=Redmond, S=Washington, C=US
SerialNumber : 5A00005A45B7B2907CD8662D5C000100005A45
Thumbprint : 080C7173188EDFB14433D34B0DB760951ADD3EB2
SignatureAlg : sha256RSA
NotAfter : 10/28/2016 7:40:20 PM
NotBefore : 10/29/2014 7:40:20 PM
PublicKey : 3082010A0282010100BF887BB5E2F9C133B02B1411828299EAEBEAA7DE3416EA763BE5DCBA8D8E6CC7FC2D090760ED5AB74D7A1A468752B184CF43DEF23599EC28B46D3EBD766A92591E6B141595C7E1B7F8204B5F069B241526A0A9A4C6CB02F9923B9B7058A7ECA33173408D07327044E4F95E1A9E3D6AA7027DD8BA3F0572C3BF3056C3825D6D5354FE42110BF4BACAF35AC7A754688C005154760D0110D7F550289A13670C631AA421D751FC4DE556C62AAE7B2F6631F6380C5C5416F9C8B79805866E9CB9DB6DD7DE49938C4082B170E9AC40592BDC7A816D069E90BB0F8D8751D571D38F12DB6A6DD1D96EE3CAD76528341C55D9A72AEDCBF80FFE07EA1CA4AA1ED8B386CD190203010001

[ROOTCA CERTIFICATE]
SubjectName : CN=Baltimore CyberTrust Root, OU=CyberTrust, O=Baltimore, C=IE
Issuer CA : CN=Baltimore CyberTrust Root, OU=CyberTrust, O=Baltimore, C=IE
SerialNumber : 020000B9
Thumbprint : D4DE20D05E66FC53FE1A50882C78DB2852CAE474
SignatureAlg : sha1RSA
NotAfter : 5/12/2025 6:59:00 PM
NotBefore : 5/12/2000 1:46:00 PM
PublicKey : 3082010A0282010100A304BB22AB983D57E826729AB579D429E2E1E89580B1B0E35B8E2B299A64DFA15DEDB009056DDB282ECE62A262FEB488DA12EB38EB219DC0412B01527B8877D31C8FC7BAB988B56A09E773E81140A7D1CCCA628D2DE58F0BA650D2A850C328EAF5AB25878A9A961CA967B83F0CD5F7F952132FC21BD57070F08FC012CA06CB9AE1D9CA337A77D6F8ECB9F16844424813D2C0C2A4AE5E60FEB6A605FCB4DD075902D459189863F5A563E0900C7D5DB2067AF385EAEBD403AE5E843E5FFF15ED69BCF939367275CF77524DF3C9902CB93DE5C923533F1F2498215C079929BDC63AECE76E863A6B97746333BD681831F0788D76BFFC9E8E5D2A86A74D90DC271A390203010001

Error: (01/30/2015 00:19:40 PM) (Source: EMET) (EventID: 42) (User: )
Description: EMET detected that the SSL certificate for "analytics.twitter.com" is not trusted by the rule "TwitterCA" associated with the domain "twitter.com"

Certificates details:

[SSL CERTIFICATE]
SubjectName : CN=*.twitter.com, OU=Twitter Security, O="Twitter, Inc.", L=San Francisco, S=CA, C=US
Issuer CA : CN=DigiCert High Assurance CA-3, OU=www.digicert.com, O=DigiCert Inc, C=US
SerialNumber : 01520C14367C70B1310AAEB5467EC2B7
Thumbprint : 101BEB4907EF3CF3372ACF81E63F6382A7AC41B3
SignatureAlg : sha1RSA
NotAfter : 12/31/2015 6:00:00 AM
NotBefore : 12/11/2014 6:00:00 PM
PublicKey : 3082010A0282010100D65CA0430374B0DAB39587FC211DCCE8FD1C1810417A2757449C4C5D2E5E533FA7665954C004F8092A6482D0F87AFEFCB85BC17EB6CB6CED25CCA92302FB129FE5765F62DE89B543891005A673CC27E22E8013723D7FD3EC4104DA03783047040E8B40D6934E78C19D72CAFA4A64F006147B84833758F4A994E727C01E2E5FB5D7284A0F834286CB9E05F8418ADC0DA8B126184504D0B69EF98EF646EB19BB036D4F26270AFB2334E5AF86A574E41E17FFA38E05816FB783A9591CFAC08992D993744B1C42358624D87ADEE6F2A9A61FCFAF4B7AC4FB773E5F328A04650E4E0C385502F429E3C4E4C8F1B928E47E48AFE008AB91A6B6EC1BAA71FED144E845330203010001

[ROOTCA CERTIFICATE]
SubjectName : CN=DigiCert High Assurance EV Root CA, OU=www.digicert.com, O=DigiCert Inc, C=US
Issuer CA : CN=DigiCert High Assurance EV Root CA, OU=www.digicert.com, O=DigiCert Inc, C=US
SerialNumber : 02AC5C266A0B409B8F0B79F2AE462577
Thumbprint : 5FB7EE0633E259DBAD0C4C9AE6D38F1A61C7DC25
SignatureAlg : sha1RSA
NotAfter : 11/9/2031 6:00:00 PM
NotBefore : 11/9/2006 6:00:00 PM
PublicKey : 3082010A0282010100C6CCE573E6FBD4BBE52D2D32A6DFE5813FC9CD2549B6712AC3D5943467A20A1CB05F69A640B1C4B7B28FD098A4A941593AD3DC94D63CDB7438A44ACC4D2582F74AA5531238EEF3496D71917E63B6ABA65FC3A484F84F6251BEF8C5ECDB3892E306E508910CC4284155FBCB5A89157E71E835BF4D72093DBE3A38505B77311B8DB3C724459AA7AC6D00145A04B7BA13EB510A984141224E656187814150A6795C89DE194A57D52EE65D1C532C7E98CD1A0616A46873D03404135CA171D35A7C55DB5E64E13787305604E511B4298012F1793988A202117C2766B788B778F2CA0AA838AB0A64C2BF665D9584C1A1251E875D1A500B2012CC41BB6E0B5138B84BCB0203010001

Error: (01/30/2015 00:19:21 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: SearchProtocolHost.exe, version: 7.0.9600.17415, time stamp: 0x54504128
Faulting module name: Idapi32.dll, version: 4.0.0.36, time stamp: 0x912f226c
Exception code: 0xc0000005
Fault offset: 0x00061a46
Faulting process id: 0x1f8c
Faulting application start time: 0xSearchProtocolHost.exe0
Faulting application path: SearchProtocolHost.exe1
Faulting module path: SearchProtocolHost.exe2
Report Id: SearchProtocolHost.exe3
Faulting package full name: SearchProtocolHost.exe4
Faulting package-relative application ID: SearchProtocolHost.exe5

Error: (01/30/2015 00:18:24 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: SetPoint.exe, version: 6.61.15.0, time stamp: 0x51f96ac5
Faulting module name: MSVCR90.dll, version: 9.0.30729.8387, time stamp: 0x51ea24a5
Exception code: 0x40000015
Fault offset: 0x0005beae
Faulting process id: 0x32c
Faulting application start time: 0xSetPoint.exe0
Faulting application path: SetPoint.exe1
Faulting module path: SetPoint.exe2
Report Id: SetPoint.exe3
Faulting package full name: SetPoint.exe4
Faulting package-relative application ID: SetPoint.exe5

Error: (01/30/2015 00:15:35 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: SetPoint.exe, version: 6.61.15.0, time stamp: 0x51f96ac5
Faulting module name: MSVCR90.dll, version: 9.0.30729.8387, time stamp: 0x51ea24a5
Exception code: 0x40000015
Fault offset: 0x0005beae
Faulting process id: 0x1334
Faulting application start time: 0xSetPoint.exe0
Faulting application path: SetPoint.exe1
Faulting module path: SetPoint.exe2
Report Id: SetPoint.exe3
Faulting package full name: SetPoint.exe4
Faulting package-relative application ID: SetPoint.exe5

Error: (01/30/2015 00:05:13 PM) (Source: EMET) (EventID: 42) (User: )
Description: EMET detected that the SSL certificate for "iecvlist.microsoft.com" is not trusted by the rule "MSLiveCA" associated with the domain "login.live.com"

Certificates details:

[SSL CERTIFICATE]
SubjectName : CN=*.vo.msecnd.net
Issuer CA : CN=Microsoft IT SSL SHA2, OU=Microsoft IT, O=Microsoft Corporation, L=Redmond, S=Washington, C=US
SerialNumber : 5A00005A45B7B2907CD8662D5C000100005A45
Thumbprint : 080C7173188EDFB14433D34B0DB760951ADD3EB2
SignatureAlg : sha256RSA
NotAfter : 10/28/2016 7:40:20 PM
NotBefore : 10/29/2014 7:40:20 PM
PublicKey : 3082010A0282010100BF887BB5E2F9C133B02B1411828299EAEBEAA7DE3416EA763BE5DCBA8D8E6CC7FC2D090760ED5AB74D7A1A468752B184CF43DEF23599EC28B46D3EBD766A92591E6B141595C7E1B7F8204B5F069B241526A0A9A4C6CB02F9923B9B7058A7ECA33173408D07327044E4F95E1A9E3D6AA7027DD8BA3F0572C3BF3056C3825D6D5354FE42110BF4BACAF35AC7A754688C005154760D0110D7F550289A13670C631AA421D751FC4DE556C62AAE7B2F6631F6380C5C5416F9C8B79805866E9CB9DB6DD7DE49938C4082B170E9AC40592BDC7A816D069E90BB0F8D8751D571D38F12DB6A6DD1D96EE3CAD76528341C55D9A72AEDCBF80FFE07EA1CA4AA1ED8B386CD190203010001

[ROOTCA CERTIFICATE]
SubjectName : CN=Baltimore CyberTrust Root, OU=CyberTrust, O=Baltimore, C=IE
Issuer CA : CN=Baltimore CyberTrust Root, OU=CyberTrust, O=Baltimore, C=IE
SerialNumber : 020000B9
Thumbprint : D4DE20D05E66FC53FE1A50882C78DB2852CAE474
SignatureAlg : sha1RSA
NotAfter : 5/12/2025 6:59:00 PM
NotBefore : 5/12/2000 1:46:00 PM
PublicKey : 3082010A0282010100A304BB22AB983D57E826729AB579D429E2E1E89580B1B0E35B8E2B299A64DFA15DEDB009056DDB282ECE62A262FEB488DA12EB38EB219DC0412B01527B8877D31C8FC7BAB988B56A09E773E81140A7D1CCCA628D2DE58F0BA650D2A850C328EAF5AB25878A9A961CA967B83F0CD5F7F952132FC21BD57070F08FC012CA06CB9AE1D9CA337A77D6F8ECB9F16844424813D2C0C2A4AE5E60FEB6A605FCB4DD075902D459189863F5A563E0900C7D5DB2067AF385EAEBD403AE5E843E5FFF15ED69BCF939367275CF77524DF3C9902CB93DE5C923533F1F2498215C079929BDC63AECE76E863A6B97746333BD681831F0788D76BFFC9E8E5D2A86A74D90DC271A390203010001

Error: (01/30/2015 00:04:40 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: SearchProtocolHost.exe, version: 7.0.9600.17415, time stamp: 0x54504128
Faulting module name: Idapi32.dll, version: 4.0.0.36, time stamp: 0x912f226c
Exception code: 0xc0000005
Fault offset: 0x00061a46
Faulting process id: 0x1940
Faulting application start time: 0xSearchProtocolHost.exe0
Faulting application path: SearchProtocolHost.exe1
Faulting module path: SearchProtocolHost.exe2
Report Id: SearchProtocolHost.exe3
Faulting package full name: SearchProtocolHost.exe4
Faulting package-relative application ID: SearchProtocolHost.exe5

Error: (01/30/2015 00:01:33 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: SetPoint.exe, version: 6.61.15.0, time stamp: 0x51f96ac5
Faulting module name: MSVCR90.dll, version: 9.0.30729.8387, time stamp: 0x51ea24a5
Exception code: 0x40000015
Fault offset: 0x0005beae
Faulting process id: 0x12d0
Faulting application start time: 0xSetPoint.exe0
Faulting application path: SetPoint.exe1
Faulting module path: SetPoint.exe2
Report Id: SetPoint.exe3
Faulting package full name: SetPoint.exe4
Faulting package-relative application ID: SetPoint.exe5


System errors:
=============
Error: (01/30/2015 00:37:51 PM) (Source: Service Control Manager) (EventID: 7003) (User: )
Description: The Acronis OS Selector activator service depends on the following service: ProtectedStorage. This service might not be installed.

Error: (01/30/2015 11:45:57 AM) (Source: Service Control Manager) (EventID: 7003) (User: )
Description: The Acronis OS Selector activator service depends on the following service: ProtectedStorage. This service might not be installed.

Error: (01/30/2015 09:24:17 AM) (Source: DCOM) (EventID: 10010) (User: Larrys-PC)
Description: {BF6C1E47-86EC-4194-9CE5-13C15DCB2001}

Error: (01/30/2015 09:23:47 AM) (Source: DCOM) (EventID: 10010) (User: Larrys-PC)
Description: {1B1F472E-3221-4826-97DB-2C2324D389AE}

Error: (01/30/2015 08:04:36 AM) (Source: Service Control Manager) (EventID: 7003) (User: )
Description: The Acronis OS Selector activator service depends on the following service: ProtectedStorage. This service might not be installed.

Error: (01/29/2015 06:29:13 PM) (Source: Service Control Manager) (EventID: 7003) (User: )
Description: The Acronis OS Selector activator service depends on the following service: ProtectedStorage. This service might not be installed.

Error: (01/29/2015 06:11:31 PM) (Source: Service Control Manager) (EventID: 7003) (User: )
Description: The Acronis OS Selector activator service depends on the following service: ProtectedStorage. This service might not be installed.

Error: (01/29/2015 05:14:11 PM) (Source: Service Control Manager) (EventID: 7003) (User: )
Description: The Acronis OS Selector activator service depends on the following service: ProtectedStorage. This service might not be installed.

Error: (01/29/2015 09:13:49 AM) (Source: DCOM) (EventID: 10010) (User: Larrys-PC)
Description: {BF6C1E47-86EC-4194-9CE5-13C15DCB2001}

Error: (01/29/2015 08:01:01 AM) (Source: Service Control Manager) (EventID: 7003) (User: )
Description: The Acronis OS Selector activator service depends on the following service: ProtectedStorage. This service might not be installed.


Microsoft Office Sessions:
=========================
Error: (01/30/2015 00:41:28 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: SetPoint.exe6.61.15.051f96ac5MSVCR90.dll9.0.30729.838751ea24a5400000150005beae140801d03cbbf83a67d9C:\Program Files\Logitech\SetPointP\SetPoint.exeC:\WINDOWS\WinSxS\x86_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.8387_none_5094ca96bcb6b2bb\MSVCR90.dll99a767b4-a8af-11e4-b1f7-902b3460de70

Error: (01/30/2015 00:38:03 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Explorer.EXE6.3.9600.174155450367btwinui.dll6.3.9600.17415545039ac8027024900288dfe158001d03cbbe02fbbb9C:\WINDOWS\Explorer.EXEC:\WINDOWS\system32\twinui.dll1f872690-a8af-11e4-b1f7-902b3460de70

Error: (01/30/2015 00:19:43 PM) (Source: EMET) (EventID: 42) (User: )
Description: EMET detected that the SSL certificate for "iecvlist.microsoft.com" is not trusted by the rule "MSLiveCA" associated with the domain "login.live.com"

Certificates details:

[SSL CERTIFICATE]
SubjectName : CN=*.vo.msecnd.net
Issuer CA : CN=Microsoft IT SSL SHA2, OU=Microsoft IT, O=Microsoft Corporation, L=Redmond, S=Washington, C=US
SerialNumber : 5A00005A45B7B2907CD8662D5C000100005A45
Thumbprint : 080C7173188EDFB14433D34B0DB760951ADD3EB2
SignatureAlg : sha256RSA
NotAfter : 10/28/2016 7:40:20 PM
NotBefore : 10/29/2014 7:40:20 PM
PublicKey : 3082010A0282010100BF887BB5E2F9C133B02B1411828299EAEBEAA7DE3416EA763BE5DCBA8D8E6CC7FC2D090760ED5AB74D7A1A468752B184CF43DEF23599EC28B46D3EBD766A92591E6B141595C7E1B7F8204B5F069B241526A0A9A4C6CB02F9923B9B7058A7ECA33173408D07327044E4F95E1A9E3D6AA7027DD8BA3F0572C3BF3056C3825D6D5354FE42110BF4BACAF35AC7A754688C005154760D0110D7F550289A13670C631AA421D751FC4DE556C62AAE7B2F6631F6380C5C5416F9C8B79805866E9CB9DB6DD7DE49938C4082B170E9AC40592BDC7A816D069E90BB0F8D8751D571D38F12DB6A6DD1D96EE3CAD76528341C55D9A72AEDCBF80FFE07EA1CA4AA1ED8B386CD190203010001

[ROOTCA CERTIFICATE]
SubjectName : CN=Baltimore CyberTrust Root, OU=CyberTrust, O=Baltimore, C=IE
Issuer CA : CN=Baltimore CyberTrust Root, OU=CyberTrust, O=Baltimore, C=IE
SerialNumber : 020000B9
Thumbprint : D4DE20D05E66FC53FE1A50882C78DB2852CAE474
SignatureAlg : sha1RSA
NotAfter : 5/12/2025 6:59:00 PM
NotBefore : 5/12/2000 1:46:00 PM
PublicKey : 3082010A0282010100A304BB22AB983D57E826729AB579D429E2E1E89580B1B0E35B8E2B299A64DFA15DEDB009056DDB282ECE62A262FEB488DA12EB38EB219DC0412B01527B8877D31C8FC7BAB988B56A09E773E81140A7D1CCCA628D2DE58F0BA650D2A850C328EAF5AB25878A9A961CA967B83F0CD5F7F952132FC21BD57070F08FC012CA06CB9AE1D9CA337A77D6F8ECB9F16844424813D2C0C2A4AE5E60FEB6A605FCB4DD075902D459189863F5A563E0900C7D5DB2067AF385EAEBD403AE5E843E5FFF15ED69BCF939367275CF77524DF3C9902CB93DE5C923533F1F2498215C079929BDC63AECE76E863A6B97746333BD681831F0788D76BFFC9E8E5D2A86A74D90DC271A390203010001

Error: (01/30/2015 00:19:40 PM) (Source: EMET) (EventID: 42) (User: )
Description: EMET detected that the SSL certificate for "analytics.twitter.com" is not trusted by the rule "TwitterCA" associated with the domain "twitter.com"

Certificates details:

[SSL CERTIFICATE]
SubjectName : CN=*.twitter.com, OU=Twitter Security, O="Twitter, Inc.", L=San Francisco, S=CA, C=US
Issuer CA : CN=DigiCert High Assurance CA-3, OU=www.digicert.com, O=DigiCert Inc, C=US
SerialNumber : 01520C14367C70B1310AAEB5467EC2B7
Thumbprint : 101BEB4907EF3CF3372ACF81E63F6382A7AC41B3
SignatureAlg : sha1RSA
NotAfter : 12/31/2015 6:00:00 AM
NotBefore : 12/11/2014 6:00:00 PM
PublicKey : 3082010A0282010100D65CA0430374B0DAB39587FC211DCCE8FD1C1810417A2757449C4C5D2E5E533FA7665954C004F8092A6482D0F87AFEFCB85BC17EB6CB6CED25CCA92302FB129FE5765F62DE89B543891005A673CC27E22E8013723D7FD3EC4104DA03783047040E8B40D6934E78C19D72CAFA4A64F006147B84833758F4A994E727C01E2E5FB5D7284A0F834286CB9E05F8418ADC0DA8B126184504D0B69EF98EF646EB19BB036D4F26270AFB2334E5AF86A574E41E17FFA38E05816FB783A9591CFAC08992D993744B1C42358624D87ADEE6F2A9A61FCFAF4B7AC4FB773E5F328A04650E4E0C385502F429E3C4E4C8F1B928E47E48AFE008AB91A6B6EC1BAA71FED144E845330203010001

[ROOTCA CERTIFICATE]
SubjectName : CN=DigiCert High Assurance EV Root CA, OU=www.digicert.com, O=DigiCert Inc, C=US
Issuer CA : CN=DigiCert High Assurance EV Root CA, OU=www.digicert.com, O=DigiCert Inc, C=US
SerialNumber : 02AC5C266A0B409B8F0B79F2AE462577
Thumbprint : 5FB7EE0633E259DBAD0C4C9AE6D38F1A61C7DC25
SignatureAlg : sha1RSA
NotAfter : 11/9/2031 6:00:00 PM
NotBefore : 11/9/2006 6:00:00 PM
PublicKey : 3082010A0282010100C6CCE573E6FBD4BBE52D2D32A6DFE5813FC9CD2549B6712AC3D5943467A20A1CB05F69A640B1C4B7B28FD098A4A941593AD3DC94D63CDB7438A44ACC4D2582F74AA5531238EEF3496D71917E63B6ABA65FC3A484F84F6251BEF8C5ECDB3892E306E508910CC4284155FBCB5A89157E71E835BF4D72093DBE3A38505B77311B8DB3C724459AA7AC6D00145A04B7BA13EB510A984141224E656187814150A6795C89DE194A57D52EE65D1C532C7E98CD1A0616A46873D03404135CA171D35A7C55DB5E64E13787305604E511B4298012F1793988A202117C2766B788B778F2CA0AA838AB0A64C2BF665D9584C1A1251E875D1A500B2012CC41BB6E0B5138B84BCB0203010001

Error: (01/30/2015 00:19:21 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: SearchProtocolHost.exe7.0.9600.1741554504128Idapi32.dll4.0.0.36912f226cc000000500061a461f8c01d03cb939921c9dC:\WINDOWS\system32\SearchProtocolHost.exeC:\Corel\Suite8\Shared\IDAPI\Idapi32.dll82621ff2-a8ac-11e4-b1f6-902b3460de70

Error: (01/30/2015 00:18:24 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: SetPoint.exe6.61.15.051f96ac5MSVCR90.dll9.0.30729.838751ea24a5400000150005beae32c01d03cb8c1ce9fd8C:\Program Files\Logitech\SetPointP\SetPoint.exeC:\WINDOWS\WinSxS\x86_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.8387_none_5094ca96bcb6b2bb\MSVCR90.dll60844dc7-a8ac-11e4-b1f6-902b3460de70

Error: (01/30/2015 00:15:35 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: SetPoint.exe6.61.15.051f96ac5MSVCR90.dll9.0.30729.838751ea24a5400000150005beae133401d03cb6ca4d59dbC:\Program Files\Logitech\SetPointP\SetPoint.exeC:\WINDOWS\WinSxS\x86_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.8387_none_5094ca96bcb6b2bb\MSVCR90.dllfc01c2d4-a8ab-11e4-b1f6-902b3460de70

Error: (01/30/2015 00:05:13 PM) (Source: EMET) (EventID: 42) (User: )
Description: EMET detected that the SSL certificate for "iecvlist.microsoft.com" is not trusted by the rule "MSLiveCA" associated with the domain "login.live.com"

Certificates details:

[SSL CERTIFICATE]
SubjectName : CN=*.vo.msecnd.net
Issuer CA : CN=Microsoft IT SSL SHA2, OU=Microsoft IT, O=Microsoft Corporation, L=Redmond, S=Washington, C=US
SerialNumber : 5A00005A45B7B2907CD8662D5C000100005A45
Thumbprint : 080C7173188EDFB14433D34B0DB760951ADD3EB2
SignatureAlg : sha256RSA
NotAfter : 10/28/2016 7:40:20 PM
NotBefore : 10/29/2014 7:40:20 PM
PublicKey : 3082010A0282010100BF887BB5E2F9C133B02B1411828299EAEBEAA7DE3416EA763BE5DCBA8D8E6CC7FC2D090760ED5AB74D7A1A468752B184CF43DEF23599EC28B46D3EBD766A92591E6B141595C7E1B7F8204B5F069B241526A0A9A4C6CB02F9923B9B7058A7ECA33173408D07327044E4F95E1A9E3D6AA7027DD8BA3F0572C3BF3056C3825D6D5354FE42110BF4BACAF35AC7A754688C005154760D0110D7F550289A13670C631AA421D751FC4DE556C62AAE7B2F6631F6380C5C5416F9C8B79805866E9CB9DB6DD7DE49938C4082B170E9AC40592BDC7A816D069E90BB0F8D8751D571D38F12DB6A6DD1D96EE3CAD76528341C55D9A72AEDCBF80FFE07EA1CA4AA1ED8B386CD190203010001

[ROOTCA CERTIFICATE]
SubjectName : CN=Baltimore CyberTrust Root, OU=CyberTrust, O=Baltimore, C=IE
Issuer CA : CN=Baltimore CyberTrust Root, OU=CyberTrust, O=Baltimore, C=IE
SerialNumber : 020000B9
Thumbprint : D4DE20D05E66FC53FE1A50882C78DB2852CAE474
SignatureAlg : sha1RSA
NotAfter : 5/12/2025 6:59:00 PM
NotBefore : 5/12/2000 1:46:00 PM
PublicKey : 3082010A0282010100A304BB22AB983D57E826729AB579D429E2E1E89580B1B0E35B8E2B299A64DFA15DEDB009056DDB282ECE62A262FEB488DA12EB38EB219DC0412B01527B8877D31C8FC7BAB988B56A09E773E81140A7D1CCCA628D2DE58F0BA650D2A850C328EAF5AB25878A9A961CA967B83F0CD5F7F952132FC21BD57070F08FC012CA06CB9AE1D9CA337A77D6F8ECB9F16844424813D2C0C2A4AE5E60FEB6A605FCB4DD075902D459189863F5A563E0900C7D5DB2067AF385EAEBD403AE5E843E5FFF15ED69BCF939367275CF77524DF3C9902CB93DE5C923533F1F2498215C079929BDC63AECE76E863A6B97746333BD681831F0788D76BFFC9E8E5D2A86A74D90DC271A390203010001

Error: (01/30/2015 00:04:40 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: SearchProtocolHost.exe7.0.9600.1741554504128Idapi32.dll4.0.0.36912f226cc000000500061a46194001d03cb72ae1621bC:\WINDOWS\system32\SearchProtocolHost.exeC:\Corel\Suite8\Shared\IDAPI\Idapi32.dll755a3bd1-a8aa-11e4-b1f6-902b3460de70

Error: (01/30/2015 00:01:33 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: SetPoint.exe6.61.15.051f96ac5MSVCR90.dll9.0.30729.838751ea24a5400000150005beae12d001d03cb66097d2c6C:\Program Files\Logitech\SetPointP\SetPoint.exeC:\WINDOWS\WinSxS\x86_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.8387_none_5094ca96bcb6b2bb\MSVCR90.dll05a8298e-a8aa-11e4-b1f6-902b3460de70


CodeIntegrity Errors:
===================================
Date: 2015-01-14 17:18:51.302
Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe) attempted to load \Device\HarddiskVolume2\Windows\assembly\GAC\ADODB\7.0.3300.0__b03f5f7f11d50a3a\adodb.dll that did not meet the Microsoft signing level requirements.

Date: 2015-01-14 17:18:51.193
Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe) attempted to load \Device\HarddiskVolume2\Windows\assembly\GAC\ADODB\7.0.3300.0__b03f5f7f11d50a3a\adodb.dll that did not meet the Microsoft signing level requirements.

Date: 2014-12-27 12:55:19.809
Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe) attempted to load \Device\HarddiskVolume2\Windows\assembly\GAC\ADODB\7.0.3300.0__b03f5f7f11d50a3a\adodb.dll that did not meet the Microsoft signing level requirements.

Date: 2014-12-27 12:55:19.621
Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe) attempted to load \Device\HarddiskVolume2\Windows\assembly\GAC\ADODB\7.0.3300.0__b03f5f7f11d50a3a\adodb.dll that did not meet the Microsoft signing level requirements.

Date: 2014-11-12 13:39:16.487
Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe) attempted to load \Device\HarddiskVolume2\Windows\assembly\GAC\ADODB\7.0.3300.0__b03f5f7f11d50a3a\adodb.dll that did not meet the Microsoft signing level requirements.

Date: 2014-11-12 13:39:16.425
Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe) attempted to load \Device\HarddiskVolume2\Windows\assembly\GAC\ADODB\7.0.3300.0__b03f5f7f11d50a3a\adodb.dll that did not meet the Microsoft signing level requirements.

Date: 2014-10-14 18:01:40.062
Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe) attempted to load \Device\HarddiskVolume2\Windows\assembly\GAC\ADODB\7.0.3300.0__b03f5f7f11d50a3a\adodb.dll that did not meet the Microsoft signing level requirements.

Date: 2014-10-14 18:01:39.781
Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe) attempted to load \Device\HarddiskVolume2\Windows\assembly\GAC\ADODB\7.0.3300.0__b03f5f7f11d50a3a\adodb.dll that did not meet the Microsoft signing level requirements.

Date: 2014-09-15 08:21:58.896
Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe) attempted to load \Device\HarddiskVolume2\Windows\assembly\GAC\ADODB\7.0.3300.0__b03f5f7f11d50a3a\adodb.dll that did not meet the Microsoft signing level requirements.

Date: 2014-09-15 08:21:58.599
Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe) attempted to load \Device\HarddiskVolume2\Windows\assembly\GAC\ADODB\7.0.3300.0__b03f5f7f11d50a3a\adodb.dll that did not meet the Microsoft signing level requirements.


==================== Memory info ===========================

Processor: Intel® Core™ i5-3550 CPU @ 3.30GHz
Percentage of memory in use: 38%
Total physical RAM: 3560.71 MB
Available physical RAM: 2172.69 MB
Total Pagefile: 7655.71 MB
Available Pagefile: 6175.24 MB
Total Virtual: 2047.88 MB
Available Virtual: 1902.72 MB

==================== Drives ================================

Drive c: (LRM_System) (Fixed) (Total:181.63 GB) (Free:111.85 GB) NTFS
Drive d: (LRM_Data) (Fixed) (Total:98.27 GB) (Free:44.88 GB) NTFS
Drive e: (LRM_SWAP) (Fixed) (Total:9.99 GB) (Free:5.99 GB) FAT32
Drive g: (LRM_SCRATCH) (Fixed) (Total:29.29 GB) (Free:15.79 GB) FAT32
Drive h: (LRM_Backups) (Fixed) (Total:29.3 GB) (Free:8.09 GB) NTFS
Drive m: (LRM_Media) (Fixed) (Total:25.07 GB) (Free:21.42 GB) NTFS
Drive s: (Large Media) (Fixed) (Total:199.99 GB) (Free:154.02 GB) NTFS
Drive u: (My Book) (Fixed) (Total:1862.98 GB) (Free:582.22 GB) NTFS
Drive y: (alt_system) (Fixed) (Total:265.66 GB) (Free:265.53 GB) NTFS
Drive z: (System Reserved) (Fixed) (Total:0.1 GB) (Free:0.07 GB) NTFS ==>[System with boot components (obtained from reading drive)]

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 931.5 GB) (Disk ID: 517CEAF7)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=181.6 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=191.9 GB) - (Type=OF Extended)

========================================================
Disk: 1 (MBR Code: Windows 7 or 8) (Size: 465.8 GB) (Disk ID: FCB606C0)
Partition 1: (Not Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=200 GB) - (Type=OF Extended)
Partition 3: (Active) - (Size=265.7 GB) - (Type=07 NTFS)

========================================================
Disk: 2 (MBR Code: Windows XP) (Size: 1863 GB) (Disk ID: 0005F107)
Partition 1: (Not Active) - (Size=1863 GB) - (Type=07 NTFS)

==================== End Of Log ============================

#14 shelf life

shelf life

  • Malware Response Team
  • 2,657 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:@localhost
  • Local time:08:49 PM

Posted 30 January 2015 - 03:15 PM

Ok thanks for the log. Everything looks intact. Heres the entry for MirageAB:

 

HKU\S-1-5-21-758451956-1520791384-1717137910-1000\...\Run: [Mirage Anti-Bot] => C:\Misc_Programs\MirageAB\MirageAB.exe [3087360 2013-02-09] (PhrozenSoft.com)

 

I see the Logitech application errors. That must be a mouse? You could try a uninstall/reinstall, or poke around the Logitech forum for clues.

 

Based on the new FRST log we will use FRST one more time to remove some items. Its really just a cleanup. You know the drill. Copy/paste into notepad, save it has fixlist.txt, start FRST and click on Fix:

SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-758451956-1520791384-1717137910-1000 -> {AFBCB7E0-F91A-4951-9F31-58FEE57A25C4} URL = http://nortonsafe.search.ask.com/web?q={SEARCHTERMS}&o=APN10506&l=dis&prt=NIS&chn=retail&geo=US&ver=20&locale=en_US&gct=kwd&qsrc=2869
Task: {99B6B40F-3B35-45C5-A975-471F4E56BE3F} - \Optimize Start Menu Cache Files-S-1-5-21-758451956-1520791384-1717137910-500 No Task File <==== ATTENTION
Task: {9E646D93-8D25-4274-9921-E12962DB6C0F} - \Optimize Start Menu Cache Files-S-1-5-21-758451956-1520791384-1717137910-1007 No Task File <==== ATTENTION
Task: {E7D8398C-4F5E-4BA6-8111-CF9AC44E7327} - \Optimize Start Menu Cache Files-S-1-5-21-758451956-1520791384-1717137910-1000 No Task File <==== ATTENTION
Task: C:\WINDOWS\Tasks\FreeFileViewerUpdateChecker.job => C:\Program Files\FreeFileViewer\FFVCheckForUpdates.exe <==== ATTENTION
ShellIconOverlayIdentifiers: [DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => No File
ShellIconOverlayIdentifiers: [DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => No File
ShellIconOverlayIdentifiers: [DropboxExt3] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => No File
CustomCLSID: HKU\S-1-5-21-758451956-1520791384-1717137910-1000_Classes\CLSID\{0000002F-0000-0000-C000-000000000046}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-758451956-1520791384-1717137910-1000_Classes\CLSID\{00020420-0000-0000-C000-000000000046}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-758451956-1520791384-1717137910-1000_Classes\CLSID\{00020421-0000-0000-C000-000000000046}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-758451956-1520791384-1717137910-1000_Classes\CLSID\{B196B286-BAB4-101A-B69C-00AA00341D07}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-758451956-1520791384-1717137910-1000_Classes\CLSID\{E5151088-1C1D-47B9-887A-FCFEA8700C95}\InprocServer32 -> C:\Program Files\IMSIDesign\TCW15\Program\Draggers\TCmark.dll No File
CustomCLSID: HKU\S-1-5-21-758451956-1520791384-1717137910-1000_Classes\CLSID\{E830E884-1B3D-11D4-9BEE-00C0DF246524}\InprocServer32 -> C:\PROGRA~1\IMSIDE~1\TCW15\Program\TcTools\FPBRID~1.DLL No File
CustomCLSID: HKU\S-1-5-21-758451956-1520791384-1717137910-1000_Classes\CLSID\{00020422-0000-0000-C000-000000000046}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-758451956-1520791384-1717137910-1000_Classes\CLSID\{00020423-0000-0000-C000-000000000046}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-758451956-1520791384-1717137910-1000_Classes\CLSID\{00020424-0000-0000-C000-000000000046}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-758451956-1520791384-1717137910-1000_Classes\CLSID\{00020425-0000-0000-C000-000000000046}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-758451956-1520791384-1717137910-1000_Classes\CLSID\{869A07B5-AA8A-4504-B701-754FBAECC26D}\InprocServer32 -> C:\Program Files\IMSIDesign\TCW15\Program\Regens\MarkerHouse.dll No File
CustomCLSID: HKU\S-1-5-21-758451956-1520791384-1717137910-1000_Classes\CLSID\{8FBFFBB2-64D0-4318-BD07-561CC8EE2084}\InprocServer32 -> C:\Program Files\IMSIDesign\TCW15\Program\Regens\AutoDimHouse.dll No File
CustomCLSID: HKU\S-1-5-21-758451956-1520791384-1717137910-1000_Classes\CLSID\{99D040C9-BC79-44E2-BEC1-DE3636FA0320}\InprocServer32 -> C:\Program Files\IMSIDesign\TCW20\Program\Draggers\ChainPolyline.dll No File
CHR HKLM\...\Chrome\Extension: [iikflkcanblccfahdhdonehdalibjnif] - No Path
AlternateDataStreams: C:\ProgramData\Reprise:wupeogjxldtlfudivq`qsp`26hfm
AlternateDataStreams: C:\ProgramData\TEMP:541E1530
AlternateDataStreams: C:\ProgramData\TEMP:BC359956
AlternateDataStreams: C:\Users\Public\DRM:احتضان

How Can I Reduce My Risk to Malware?


#15 lrmarker

lrmarker
  • Topic Starter

  • Members
  • 23 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:06:49 PM

Posted 30 January 2015 - 07:56 PM

At the very end of your code block, there is one or more non-ascii characters. Look like could be Unicode character(s). Is that part of the code? If so, Notepad won't save it as an ascii file and I need to know which Unicode format to choose.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users