Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Infected with adware or virus HELP! hot deals, ad by theadblock pop ups.


  • This topic is locked This topic is locked
8 replies to this topic

#1 MoonpigsART

MoonpigsART

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:02:35 PM

Posted 17 February 2015 - 10:24 PM

Hello trying to fix this pc i am experiencing popups in chrome ive got one popup on the bottom and side telling me some hot deals powered by theadblock and one up top and 2 on the bottom says important message congratulations you have a new prize.  I feel the load times of opening a jpeg or any kind of program seems to be slower then usual and booting up seems much slower.

 

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 15-02-2015
Ran by Richard (administrator) on RICHARD-PC on 17-02-2015 21:58:53
Running from C:\Users\Richard\Downloads
Loaded Profiles: Richard & fbwuser (Available profiles: Richard & fbwuser)
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: English (United States)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2012\avgrsa.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2012\avgcsrva.exe
(AMD) C:\Windows\System32\atiesrxx.exe
(Creative Technology Ltd) C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe
(Wacom Technology, Corp.) C:\Program Files\WTouch\WTouchService.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Microsoft Corporation) C:\Windows\System32\wisptis.exe
(SUPERAntiSpyware.com) C:\Program Files\SUPERAntiSpyware\SASCore64.exe
(Autodesk Inc.) C:\Program Files (x86)\Common Files\Autodesk Shared\AppManager\R1\AdAppMgrSvc.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Elements 9 Organizer\PhotoshopElementsFileAgent.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Microsoft Corporation) C:\Windows\System32\wisptis.exe
(Wacom Technology, Corp.) C:\Program Files\WTouch\WTouchUser.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2012\avgfws.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Microsoft Corporation) C:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe
(Microsoft Corporation) C:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe
(BlueStack Systems, Inc.) C:\Program Files (x86)\BlueStacks\HD-LogRotatorService.exe
() C:\Program Files (x86)\Lexmark Pro800-Pro900 Series\lxecmon.exe
(Avid Technology, Inc.) C:\Windows\System32\M-AudioTaskBarIcon.exe
(Logitech Inc.) C:\Program Files\Logitech\GamePanel Software\G-series Software\LGDCore.exe
(Logitech Inc.) C:\Program Files\Logitech\GamePanel Software\LCD Manager\LCDMon.exe
() C:\Program Files (x86)\Lexmark Pro800-Pro900 Series\ezprint.exe
(Creative Technology Ltd) C:\Windows\SysWOW64\CtHdaSvc.exe
(SUPERAntiSpyware.com) C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
() C:\Program Files\DAZ 3D\Content Management Service\ContentManagementServer.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe
(Logitech Inc.) C:\Program Files\Logitech\GamePanel Software\Applets\LCDCountdown.exe
(Logitech Inc.) C:\Program Files\Logitech\GamePanel Software\Applets\LCDClock.exe
(Logitech Inc.) C:\Program Files\Logitech\GamePanel Software\Applets\LCDMedia.exe
(Logitech Inc.) C:\Program Files\Logitech\GamePanel Software\Applets\LCDPop3.exe
(Logitech Inc.) C:\Program Files\Logitech\GamePanel Software\Applets\ColorOnly\LCDMovieViewer.exe
(Logitech Inc.) C:\Program Files\Logitech\GamePanel Software\Applets\ColorOnly\LCDPictureViewer.exe
(Logitech Inc.) C:\Program Files\Logitech\GamePanel Software\Applets\ColorOnly\LCDYT.exe
(Logitech Inc.) C:\Program Files\Logitech\GamePanel Software\Applets\ColorOnly\LCDWebCam.exe
(McAfee, Inc.) C:\Program Files\McAfee Security Scan\3.8.150\SSScheduler.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2012\avgtray.exe
(NETGEAR) C:\Program Files (x86)\NETGEAR\WNDA4100\WNDA4100.EXE
() C:\Program Files (x86)\AVG Secure Search\vprot.exe
(Creative Technology Ltd) C:\Program Files (x86)\Creative\Sound Blaster Z-Series\Sound Blaster Z-Series Control Panel\SBZ.exe
(Digidesign, A Division of Avid Technology, Inc.) C:\Program Files (x86)\Digidesign\Drivers\MMERefresh.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(RealNetworks, Inc.) C:\Program Files (x86)\Real\RealPlayer\Update\realsched.exe
(Microsoft Corporation) C:\Windows\SysWOW64\rundll32.exe
(Nero AG) C:\Program Files (x86)\Nero\Nero 10\Nero BackItUp\NBAgent.exe
(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
() C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe
(SlySoft, Inc.) C:\Program Files (x86)\SlySoft\CloneCD\CloneCDTray.exe
(BlueStack Systems, Inc.) C:\Program Files (x86)\BlueStacks\HD-Agent.exe
() C:\Program Files (x86)\Hotspot Shield\bin\hsswd.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
(Hewlett-Packard) C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
(Lexmark International, Inc.) C:\Windows\System32\spool\drivers\x64\3\lxecserv.exe
( ) C:\Windows\System32\lxeccoms.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2012\avgnsa.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2012\avgemca.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
() C:\Windows\SysWOW64\PnkBstrA.exe
(Ralink Technology, Corp.) C:\Program Files (x86)\NETGEAR\WNDA4100\Service\RaRegistry.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
(Ralink Technology, Corp.) C:\Program Files (x86)\NETGEAR\WNDA4100\Service\RaRegistry64.exe
() C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe
(Wacom Technology, Corp.) C:\Windows\System32\Pen_Tablet.exe
(Intel® Corporation) C:\Program Files\Intel\TurboBoost\TurboBoost.exe
(AVG Secure Search) C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\18.1.9\ToolbarUpdater.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
() C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\18.1.9\loggingserver.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\ink\InputPersonalization.exe
(Autodesk Inc.) C:\Users\Richard\AppData\Local\Autodesk\.AdskAppManager\R1\AdAppMgr.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2012\avgidsagent.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Disc Soft Ltd) C:\Program Files (x86)\DAEMON Tools Ultra\DiscSoftBusService.exe
(Raptr, Inc) C:\Program Files (x86)\Raptr\raptr.exe
(Microsoft Corporation) C:\Program Files\Windows Media Player\WMPSideShowGadget.exe
(Raptr, Inc) C:\Program Files (x86)\Raptr\raptr_im.exe
(Raptr Inc.) C:\Program Files (x86)\Raptr\raptr_ep64.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2012\avgcsrva.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
(Nero AG) C:\Program Files (x86)\Nero\Update\NASvc.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\SysWOW64\cmd.exe
(Akamai Technologies, Inc.) C:\Users\Richard\AppData\Local\Akamai\netsession_win.exe
(Akamai Technologies, Inc.) C:\Users\Richard\AppData\Local\Akamai\netsession_win.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
 
 
==================== Registry (Whitelisted) ==================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [lxecmon.exe] => C:\Program Files (x86)\Lexmark Pro800-Pro900 Series\lxecmon.exe [770728 2011-01-23] ()
HKLM\...\Run: [IntelTBRunOnce] => wscript.exe //b //nologo "C:\Program Files\Intel\TurboBoost\RunTBGadgetOnce.vbs"
HKLM\...\Run: [M-Audio Taskbar Icon] => C:\Windows\system32\M-AudioTaskBarIcon.exe [798728 2010-12-07] (Avid Technology, Inc.)
HKLM\...\Run: [Launch LgDeviceAgent] => C:\Program Files\Logitech\GamePanel Software\LgDevAgt.exe [415816 2010-08-03] (Logitech Inc.)
HKLM\...\Run: [Launch LGDCore] => C:\Program Files\Logitech\GamePanel Software\G-series Software\LGDCore.exe [4725320 2010-08-03] (Logitech Inc.)
HKLM\...\Run: [Launch LCDMon] => C:\Program Files\Logitech\GamePanel Software\LCD Manager\LCDMon.exe [2412616 2010-08-03] (Logitech Inc.)
HKLM\...\Run: [EzPrint] => C:\Program Files (x86)\Lexmark Pro800-Pro900 Series\ezprint.exe [148280 2011-01-23] ()
HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [446392 2012-04-04] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [AVG_TRAY] => C:\Program Files (x86)\AVG\AVG2012\avgtray.exe [2598520 2012-11-19] (AVG Technologies CZ, s.r.o.)
HKLM-x32\...\Run: [vProt] => C:\Program Files (x86)\AVG Secure Search\vprot.exe [2640408 2014-08-26] ()
HKLM-x32\...\Run: [Sound Blaster Z-Series Control Panel] => C:\Program Files (x86)\Creative\Sound Blaster Z-Series\Sound Blaster Z-Series Control Panel\SBZ.exe [735744 2013-02-27] (Creative Technology Ltd)
HKLM-x32\...\Run: [StartCCC] => "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
HKLM-x32\...\Run: [UpdReg] => C:\Windows\UpdReg.EXE [90112 2000-05-11] (Creative Technology Ltd.)
HKLM-x32\...\Run: [TkBellExe] => C:\Program Files (x86)\Real\RealPlayer\update\realsched.exe [295512 2013-04-20] (RealNetworks, Inc.)
HKLM-x32\...\Run: [SwitchBoard] => C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [ROC_roc_dec12] => C:\Program Files (x86)\AVG Secure Search\ROC_roc_dec12.exe [928096 2012-01-19] ()
HKLM-x32\...\Run: [Raptr] => C:\Program Files (x86)\Raptr\raptrstub.exe [55568 2015-01-30] (Raptr, Inc)
HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2014-01-17] (Apple Inc.)
HKLM-x32\...\Run: [NBAgent] => C:\Program Files (x86)\Nero\Nero 10\Nero BackItUp\NBAgent.exe [1234216 2010-03-26] (Nero AG)
HKLM-x32\...\Run: [Malwarebytes' Anti-Malware (reboot)] => "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript
HKLM-x32\...\Run: [Lexmark Pro800-Pro900 Series] => C:\Program Files (x86)\Lexmark Pro800-Pro900 Series\fm3032.exe [316072 2011-01-23] ()
HKLM-x32\...\Run: [JMB36X IDE Setup] => C:\Windows\RaidTool\xInsIDE.exe [36864 2007-03-20] ()
HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2014-08-01] (Apple Inc.)
HKLM-x32\...\Run: [IAStorIcon] => C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe [284696 2010-03-03] (Intel Corporation)
HKLM-x32\...\Run: [DivXUpdate] => C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe [1259376 2011-07-28] ()
HKLM-x32\...\Run: [DigidesignMMERefresh] => C:\Program Files (x86)\Digidesign\Drivers\MMERefresh.exe [77824 2007-10-30] (Digidesign, A Division of Avid Technology, Inc.)
HKLM-x32\...\Run: [CloneCDTray] => C:\Program Files (x86)\SlySoft\CloneCD\CloneCDTray.exe [57344 2009-01-29] (SlySoft, Inc.)
HKLM-x32\...\Run: [BlueStacks Agent] => C:\Program Files (x86)\BlueStacks\HD-Agent.exe [606024 2013-09-19] (BlueStack Systems, Inc.)
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [43816 2014-07-31] (Apple Inc.)
HKLM-x32\...\Run: [AppleSyncNotifier] => C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe [59240 2012-02-23] (Apple Inc.)
HKLM-x32\...\Run: [Aeria Ignite] => "C:\Program Files (x86)\Aeria Games\Ignite\aeriaignite.exe" silent
HKLM-x32\...\Run: [ADSKAppManager] => C:\Program Files (x86)\Common Files\Autodesk Shared\AppManager\R1\AdAppMgr.exe [477064 2013-12-22] (Autodesk Inc.)
HKLM-x32\...\Run: [AdobeCS6ServiceManager] => C:\Program Files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe [1073312 2012-03-09] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [AdobeCS5ServiceManager] => C:\Program Files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe [406992 2010-02-22] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Adobe Reader Speed Launcher] => "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1022152 2014-12-19] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [HP Software Update] => C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe [96056 2013-05-30] (Hewlett-Packard)
HKLM-x32\...\Run: [] => [X]
HKLM\...D6A79037F57F\InprocServer32: [Default-fastprox] fastprox.dll ATTENTION! ====> ZeroAccess?
HKU\S-1-5-21-3319899460-182958709-312313737-1002\...\Run: [AdobeBridge] => [X]
HKU\S-1-5-21-3319899460-182958709-312313737-1002\...\Run: [GoogleChromeAutoLaunch_29A699B01FEEF335BD09EDAD4C8A90AE] => C:\Program Files (x86)\Google\Chrome\Application\chrome.exe [843592 2015-02-04] (Google Inc.)
HKU\S-1-5-21-3319899460-182958709-312313737-1002\...\Run: [SUPERAntiSpyware] => C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe [5629312 2012-11-01] (SUPERAntiSpyware.com)
HKU\S-1-5-21-3319899460-182958709-312313737-1002\...\Run: [Steam] => C:\Program Files (x86)\Steam\Steam.exe [1942720 2015-01-19] (Valve Corporation)
HKU\S-1-5-21-3319899460-182958709-312313737-1002\...\Run: [RGSC] => C:\Program Files (x86)\Steam\steamapps\common\Grand Theft Auto IV\GTAIV\RGSCLauncher.exe /silent
HKU\S-1-5-21-3319899460-182958709-312313737-1002\...\Run: [MobileDocuments] => C:\Program Files (x86)\Common Files\Apple\Internet Services\ubd.exe
HKU\S-1-5-21-3319899460-182958709-312313737-1002\...\Run: [iCloudServices] => C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe [59720 2013-10-31] (Apple Inc.)
HKU\S-1-5-21-3319899460-182958709-312313737-1002\...\Run: [Google Update] => C:\Users\Richard\AppData\Local\Google\Update\GoogleUpdate.exe [116648 2014-04-12] (Google Inc.)
HKU\S-1-5-21-3319899460-182958709-312313737-1002\...\Run: [DAEMON Tools Ultra Agent] => C:\Program Files (x86)\DAEMON Tools Ultra\DTAgent.exe [3088448 2013-03-06] (Disc Soft Ltd)
HKU\S-1-5-21-3319899460-182958709-312313737-1002\...\Run: [DAEMON Tools Lite] => C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe [3672640 2013-03-14] (Disc Soft Ltd)
HKU\S-1-5-21-3319899460-182958709-312313737-1002\...\Run: [Akamai NetSession Interface] => C:\Users\Richard\AppData\Local\Akamai\netsession_win.exe [4480768 2013-01-26] (Akamai Technologies, Inc.)
HKU\S-1-5-21-3319899460-182958709-312313737-1002\...\MountPoints2: {6de05925-c6c0-11df-91a3-406186c77add} - M:\setup.exe
HKU\S-1-5-21-3319899460-182958709-312313737-1002\...\MountPoints2: {8a4f4d9b-8a13-11e2-a645-406186c77add} - O:\disk1\setup.exe
HKU\S-1-5-21-3319899460-182958709-312313737-1002\...\MountPoints2: {ad93edcb-aacb-11df-af2c-806e6f6e6963} - E:\autorun.exe
HKU\S-1-5-21-3319899460-182958709-312313737-1002\...\MountPoints2: {deee2e0a-5cbc-11e3-a645-406186c77add} - O:\iLinker.exe
HKU\S-1-5-21-3319899460-182958709-312313737-1002\...409d6c4515e9\InprocServer32: [Default-shell32] C:\$Recycle.Bin\S-1-5-21-3319899460-182958709-312313737-1002\$8b432e2009290dda021288b9140fa04a\n. ATTENTION! ====> ZeroAccess?
HKU\S-1-5-18\...\RunOnce: [SpUninstallDeleteDir] => rmdir /s /q "\SearchProtect"
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\MA003DMN.LNK
ShortcutTarget: MA003DMN.LNK -> C:\Program Files (x86)\M-Audio Audiophile USB\Dmn\ma003dmn.exe (No File)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk
ShortcutTarget: McAfee Security Scan Plus.lnk -> C:\Program Files\McAfee Security Scan\3.8.150\SSScheduler.exe (McAfee, Inc.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\NETGEAR WNDA4100 Genie.lnk
ShortcutTarget: NETGEAR WNDA4100 Genie.lnk -> C:\Program Files (x86)\NETGEAR\WNDA4100\WNDA4100.EXE (NETGEAR)
Startup: C:\Users\Richard\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk -> C:\Users\Richard\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Richard\AppData\Roaming\Dropbox\bin\DropboxExt64.17.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Richard\AppData\Roaming\Dropbox\bin\DropboxExt64.17.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [DropboxExt3] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Richard\AppData\Roaming\Dropbox\bin\DropboxExt64.17.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [DropboxExt4] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Richard\AppData\Roaming\Dropbox\bin\DropboxExt64.17.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Richard\AppData\Roaming\Dropbox\bin\DropboxExt.17.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Richard\AppData\Roaming\Dropbox\bin\DropboxExt.17.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [DropboxExt3] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Richard\AppData\Roaming\Dropbox\bin\DropboxExt.17.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [DropboxExt4] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Richard\AppData\Roaming\Dropbox\bin\DropboxExt.17.dll (Dropbox, Inc.)
BootExecute: autocheck autochk * C:\PROGRA~2\AVG\AVG2012\avgrsa.exe /sync /restart
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
ProxyEnable: [S-1-5-21-3319899460-182958709-312313737-1005] => Internet Explorer proxy is enabled.
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = www.google.com
HKU\S-1-5-21-3319899460-182958709-312313737-1002\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/
HKU\S-1-5-21-3319899460-182958709-312313737-1002\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.22find.com/newtab?utm_source=b&utm_medium=lwaviguanwang&from=lwaviguanwang&uid=HitachiXHDT721010SLA360_STF607MS08G4TK08G4TKX&ts=1361498654
URLSearchHook: HKU\S-1-5-21-3319899460-182958709-312313737-1002 - Default Value = {CFBFAE00-17A6-11D0-99CB-00C04FD64497}
URLSearchHook: HKU\S-1-5-21-3319899460-182958709-312313737-1002 - (No Name) - {ec173f7c-6744-441f-be93-c7cc43103ba5} - No File
SearchScopes: HKLM-x32 -> DefaultScope {BB82DE59-BC4C-4172-9AC4-73315F71CFFE} URL = http://websearch.look-for-it.info/?l=1&q={searchTerms}&pid=21122&r=2015/02/12&hid=10759119092824900463&lg=EN&cc=US&unqvl=82
SearchScopes: HKLM-x32 -> {afdbddaa-5d3f-42ee-b79c-185a7020515b} URL = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT3001725
SearchScopes: HKU\S-1-5-21-3319899460-182958709-312313737-1002 -> DefaultScope {BB82DE59-BC4C-4172-9AC4-73315F71CFFE} URL = http://websearch.look-for-it.info/?l=1&q={searchTerms}&pid=21122&r=2015/02/12&hid=10759119092824900463&lg=EN&cc=US&unqvl=82
SearchScopes: HKU\S-1-5-21-3319899460-182958709-312313737-1002 -> {171DEBEB-C3D4-40b7-AC73-056A5EBA4A7E} URL = 
SearchScopes: HKU\S-1-5-21-3319899460-182958709-312313737-1002 -> {351D3021-D675-4D73-82D1-55308A409FD1} URL = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT1561552
SearchScopes: HKU\S-1-5-21-3319899460-182958709-312313737-1002 -> {40419C19-01BD-D42C-3B25-A639D6F21B1C} URL = http://www.bing.com/search?q={searchTerms}&pc=Z016&form=ZGAIDF
SearchScopes: HKU\S-1-5-21-3319899460-182958709-312313737-1002 -> {4438E829-0504-4893-AFA5-A90D222939D1} URL = http://search.avg.com/route/?d=4c7e10ce&v=6.10.6.4&i=23&tp=chrome&q={searchTerms}&lng={language}&iy=&ychte=us
SearchScopes: HKU\S-1-5-21-3319899460-182958709-312313737-1002 -> {95B7759C-8C7F-4BF1-B163-73684A933233} URL = http://isearch.avg.com/search?cid={2CBDDC0C-2131-4E58-B00E-460F1A1A1C31}&mid=b186c6b6a926b42c82099ed85282dd2f-5c98abb0f82372868a4becf757a4e2144b50b582&lang=en&ds=AVG&pr=pr&d=2011-10-04 20:52:49&v=15.5.0.2&pid=avg&sg=0&sap=dsp&q={searchTerms}
SearchScopes: HKU\S-1-5-21-3319899460-182958709-312313737-1002 -> {BB82DE59-BC4C-4172-9AC4-73315F71CFFE} URL = http://websearch.look-for-it.info/?l=1&q={searchTerms}&pid=21122&r=2015/02/12&hid=10759119092824900463&lg=EN&cc=US&unqvl=82
BHO: AVG Do Not Track -> {31332EEF-CB9F-458F-AFEB-D30E9A66B6BA} -> C:\Program Files (x86)\AVG\AVG2012\avgdtiea.dll (AVG Technologies CZ, s.r.o.)
BHO: AVG Safe Search -> {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} -> C:\Program Files (x86)\AVG\AVG2012\avgssiea.dll (AVG Technologies CZ, s.r.o.)
BHO: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
BHO: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Microsoft Corporation)
BHO: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO: Hotspot Shield Class -> {F9E4A054-E9B1-4BC3-83A3-76A1AE736170} -> C:\Program Files (x86)\Hotspot Shield\HssIE\HssIE_64.dll (AnchorFree Inc.)
BHO-x32: MSS+ Identifier -> {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} -> C:\Program Files\McAfee Security Scan\3.8.150\McAfeeMSS_IE.dll (McAfee, Inc.)
BHO-x32: Lexmark Toolbar -> {1017A80C-6F09-4548-A84D-EDD6AC9525F0} -> C:\Program Files\Lexmark Toolbar\toolband.dll ()
BHO-x32: RealNetworks Download and Record Plugin for Internet Explorer -> {3049C3E9-B461-4BC5-8870-4C09146192CA} -> C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin.dll (RealDownloader)
BHO-x32: AVG Do Not Track -> {31332EEF-CB9F-458F-AFEB-D30E9A66B6BA} -> C:\Program Files (x86)\AVG\AVG2012\avgdtiex.dll (AVG Technologies CZ, s.r.o.)
BHO-x32: AVG Safe Search -> {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} -> C:\Program Files (x86)\AVG\AVG2012\avgssie.dll (AVG Technologies CZ, s.r.o.)
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
BHO-x32: AVG Security Toolbar -> {95B7759C-8C7F-4BF1-B163-73684A933233} -> C:\Program Files (x86)\AVG Secure Search\18.1.9.799\AVG Secure Search_toolbar.dll (AVG Secure Search)
BHO-x32: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Microsoft Corporation)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: Hotspot Shield Class -> {F9E4A054-E9B1-4BC3-83A3-76A1AE736170} -> C:\Program Files (x86)\Hotspot Shield\HssIE\HssIE.dll (AnchorFree Inc.)
Toolbar: HKLM-x32 - No Name - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} -  No File
Toolbar: HKLM-x32 - Lexmark Toolbar - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:\Program Files\Lexmark Toolbar\toolband.dll ()
Toolbar: HKLM-x32 - AVG Security Toolbar - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG Secure Search\18.1.9.799\AVG Secure Search_toolbar.dll (AVG Secure Search)
Toolbar: HKU\S-1-5-21-3319899460-182958709-312313737-1002 -> No Name - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} -  No File
Toolbar: HKU\S-1-5-21-3319899460-182958709-312313737-1002 -> No Name - {D4027C7F-154A-4066-A1AD-4243D8127440} -  No File
Toolbar: HKU\S-1-5-21-3319899460-182958709-312313737-1002 -> No Name - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} -  No File
Toolbar: HKU\S-1-5-21-3319899460-182958709-312313737-1002 -> No Name - {E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} -  No File
DPF: HKLM-x32 {D4B68B83-8710-488B-A692-D74B50BA558E} http://ccfiles.creative.com/Web/softwareupdate/ocx/15113/CTPIDPDE.cab
DPF: HKLM-x32 {F6ACF75C-C32C-447B-9BEF-46B766368D29} http://ccfiles.creative.com/Web/softwareupdate/ocx/130321/CTPID.cab
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG2012\avgppa.dll (AVG Technologies CZ, s.r.o.)
Handler-x32: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG2012\avgpp.dll (AVG Technologies CZ, s.r.o.)
Handler: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Microsoft Corporation)
Handler-x32: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Microsoft Corporation)
Handler-x32: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\18.1.9\ViProtocol.dll (AVG Secure Search)
Winsock: Catalog5 01 mswsock.dll File Not found () ATTENTION: The LibraryPath should be "%SystemRoot%\system32\NLAapi.dll"
Winsock: Catalog5 05 mswsock.dll File Not found () ATTENTION: The LibraryPath should be "%SystemRoot%\System32\mswsock.dll"
Winsock: Catalog5-x64 01 mswsock.dll File Not found () ATTENTION: The LibraryPath should be "%SystemRoot%\system32\NLAapi.dll"
Winsock: Catalog5-x64 05 mswsock.dll File Not found () ATTENTION: The LibraryPath should be "%SystemRoot%\System32\mswsock.dll"
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
 
FireFox:
========
FF ProfilePath: C:\Users\Richard\AppData\Roaming\Mozilla\Firefox\Profiles\xyhh5etr.default-1361501546659
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_16_0_0_305.dll ()
FF Plugin: @divx.com/DivX VOD Helper,version=1.0.0 -> C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF Plugin: @java.com/DTPlugin,version=10.75.2 -> C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.75.2 -> C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_16_0_0_305.dll ()
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\Windows\SysWOW64\Adobe\Director\np32dsw_1200112.dll (Adobe Systems, Inc.)
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin -> C:\Program Files (x86)\Common Files\AVG Secure Search\SiteSafetyInstaller\18.1.9\\npsitesafety.dll No File
FF Plugin-x32: @divx.com/DivX Browser Plugin,version=1.0.0 -> C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX,Inc.)
FF Plugin-x32: @divx.com/DivX VOD Helper,version=1.0.0 -> C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF Plugin-x32: @esn/esnlaunch,version=2.1.2 -> C:\Program Files (x86)\Battlelog Web Plugins\2.1.2\npesnlaunch.dll (ESN Social Software AB)
FF Plugin-x32: @java.com/DTPlugin,version=10.40.2 -> C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.40.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @logitech.com/HarmonyRemote,version=1.0.0 -> C:\Program Files (x86)\Logitech\Harmony Remote Driver\NprtHarmonyPlugin.dll (Logitech Inc.)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @nexon.net/NxGame -> C:\ProgramData\NexonUS\NGM\npNxGameUS.dll (Nexon)
FF Plugin-x32: @pandonetworks.com/PandoWebPlugin -> C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF Plugin-x32: @real.com/nppl3260;version=16.0.1.18 -> c:\program files (x86)\real\realplayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprjplug;version=15.0.1.13 -> c:\program files (x86)\real\realplayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprndlchromebrowserrecordext;version=1.3.1 -> C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlchromebrowserrecordext.dll (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprndlhtml5videoshim;version=1.3.1 -> C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlhtml5videoshim.dll (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprndlpepperflashvideoshim;version=1.3.1 -> C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlpepperflashvideoshim.dll (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprpchromebrowserrecordext;version=15.0.1.13 -> C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprphtml5videoshim;version=15.0.1.13 -> C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprpjplug;version=15.0.1.13 -> c:\program files (x86)\real\realplayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprpplugin;version=16.0.1.18 -> c:\program files (x86)\real\realplayer\Netscape6\nprpplugin.dll (RealPlayer)
FF Plugin-x32: @realnetworks.com/npdlplugin;version=1 -> C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\npdlplugin.dll (RealDownloader)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @wacom.com/wacom-plugin,version=1.1.0.3 -> C:\Program Files (x86)\TabletPlugins\npwacom.dll (Wacom, Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-3319899460-182958709-312313737-1002: @tools.google.com/Google Update;version=3 -> C:\Users\Richard\AppData\Local\Google\Update\1.3.26.9\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKU\S-1-5-21-3319899460-182958709-312313737-1002: @tools.google.com/Google Update;version=9 -> C:\Users\Richard\AppData\Local\Google\Update\1.3.26.9\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKU\S-1-5-21-3319899460-182958709-312313737-1002: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\Richard\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
FF Plugin HKU\S-1-5-21-3319899460-182958709-312313737-1002: benvanik/npvr -> C:\Users\Richard\Desktop\occulus rift games demos\vr.js-master\bin\npvr.dll No File
FF Plugin HKU\S-1-5-21-3319899460-182958709-312313737-1002: pandonetworks.com/PandoWebPlugin -> C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\np-mswmp.dll (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\NPOFF12.DLL (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppl3260.dll (RealNetworks, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin2.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin3.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin4.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin5.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nprjplug.dll (RealNetworks, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nprpjplug.dll (RealNetworks, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nprpplugin.dll (RealPlayer)
FF SearchPlugin: C:\Users\Richard\AppData\Roaming\Mozilla\Firefox\Profiles\xyhh5etr.default-1361501546659\searchplugins\avg-secure-search.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\avg-secure-search.xml
FF Extension: Browise2save - C:\Users\Richard\AppData\Roaming\Mozilla\Firefox\Profiles\xyhh5etr.default-1361501546659\Extensions\dhrtum-sdh@yuel-jp.com [2013-04-11]
FF Extension: youtubeadblocker - C:\Users\Richard\AppData\Roaming\Mozilla\Firefox\Profiles\xyhh5etr.default-1361501546659\Extensions\G5M6@I.net [2015-02-11]
FF Extension: CoNtoinnueyTTosoaave - C:\Users\Richard\AppData\Roaming\Mozilla\Firefox\Profiles\xyhh5etr.default-1361501546659\Extensions\klvdpn6jgwg@eklj-mq.com [2013-05-28]
FF Extension: UniDealSe - C:\Users\Richard\AppData\Roaming\Mozilla\Firefox\Profiles\xyhh5etr.default-1361501546659\Extensions\m@g.co.uk [2015-02-11]
FF Extension: Flash and Video Download - C:\Users\Richard\AppData\Roaming\Mozilla\Firefox\Profiles\xyhh5etr.default-1361501546659\Extensions\{bee6eb20-01e0-ebd1-da83-080329fb9a3a} [2015-02-14]
FF Extension: TinEye Reverse Image Search - C:\Users\Richard\AppData\Roaming\Mozilla\Firefox\Profiles\xyhh5etr.default-1361501546659\Extensions\tineye@ideeinc.com.xpi [2015-02-17]
FF Extension: Google Reverse Image Search - C:\Users\Richard\AppData\Roaming\Mozilla\Firefox\Profiles\xyhh5etr.default-1361501546659\Extensions\{95322c08-05ff-4f3c-85fd-8ceb821988dd}.xpi [2015-02-17]
FF Extension: Cookie Controller - C:\Users\Richard\AppData\Roaming\Mozilla\Firefox\Profiles\xyhh5etr.default-1361501546659\Extensions\{ac2cfa60-bc96-11e0-962b-0800200c9a66}.xpi [2013-02-21]
FF Extension: Adblock Plus - C:\Users\Richard\AppData\Roaming\Mozilla\Firefox\Profiles\xyhh5etr.default-1361501546659\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2015-02-14]
FF Extension: QuickJava - C:\Users\Richard\AppData\Roaming\Mozilla\Firefox\Profiles\xyhh5etr.default-1361501546659\Extensions\{E6C1199F-E687-42da-8C24-E7770CC3AE66}.xpi [2013-04-20]
FF Extension: Hotspot Shield Helper (Please allow this installation) - C:\Program Files (x86)\Mozilla Firefox\extensions\afurladvisor@anchorfree.com [2015-02-15]
FF Extension: Java Console - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA} [2015-02-15]
FF Extension: Skype Click to Call - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}.xpi [2015-02-15]
FF HKLM-x32\...\Firefox\Extensions: [{1E73965B-8B48-48be-9C8D-68B920ABC1C4}] - C:\Program Files (x86)\AVG\AVG2012\Firefox4
FF Extension: AVG Safe Search - C:\Program Files (x86)\AVG\AVG2012\Firefox4 [2011-10-04]
FF HKLM-x32\...\Firefox\Extensions: [{ABDE892B-13A8-4d1b-88E6-365A6E755758}] - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext
FF Extension: RealDownloader - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext [2013-04-20]
FF HKLM-x32\...\Firefox\Extensions: [{DAC3F861-B30D-40dd-9166-F4E75327FAC7}] - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext
FF HKLM-x32\...\Firefox\Extensions: [avg@toolbar] - C:\ProgramData\AVG Secure Search\FireFoxExt\18.1.9.799
FF Extension: AVG Security Toolbar - C:\ProgramData\AVG Secure Search\FireFoxExt\18.1.9.799 [2014-08-26]
FF HKLM-x32\...\Firefox\Extensions: [{F53C93F1-07D5-430c-86D4-C9531B27DFAF}] - C:\Program Files (x86)\AVG\AVG2012\Firefox\DoNotTrack
FF Extension: AVG Do Not Track - C:\Program Files (x86)\AVG\AVG2012\Firefox\DoNotTrack [2012-08-29]
FF HKU\S-1-5-21-3319899460-182958709-312313737-1002\...\Firefox\Extensions: [{e4f94d1e-2f53-401e-8885-681602c0ddd8}] - C:\ProgramData\McAfee Security Scan\Extensions\{e4f94d1e-2f53-401e-8885-681602c0ddd8}.xpi
FF Extension: No Name - C:\ProgramData\McAfee Security Scan\Extensions\{e4f94d1e-2f53-401e-8885-681602c0ddd8}.xpi [2014-04-04]
 
Chrome: 
=======
CHR HomePage: Default -> hxxp://search.easylifeapp.com/?pid=34&src=ch1&r=2013/03/13&hid=49225719&lg=EN&cc=US
CHR StartupUrls: Default -> "", "hxxp://google.com/"
CHR DefaultSuggestURL: Default -> {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client={google:suggestClient}&gs_ri={google:suggestRid}&xssi=t&q={searchTerms}&{google:inputType}{google:cursorPosition}{google:currentPageUrl}{google:pageClassification}{google:searchVersion}{google:sessionToken}{google:prefetchQuery}sugkey={google:suggestAPIKeyParameter}
CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\40.0.2214.111\PepperFlash\pepflashplayer.dll ()
CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\40.0.2214.111\ppGoogleNaClPluginChrome.dll No File
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\40.0.2214.111\pdf.dll ()
CHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll No File
CHR Plugin: (Microsoft® Windows Media Player Firefox Plugin) - C:\Program Files (x86)\Mozilla Firefox\plugins\np-mswmp.dll (Microsoft Corporation)
CHR Plugin: (2007 Microsoft Office system) - C:\Program Files (x86)\Mozilla Firefox\plugins\NPOFF12.DLL (Microsoft Corporation)
CHR Plugin: (RealPlayer™ G2 LiveConnect-Enabled Plug-In (32-bit) ) - C:\Program Files (x86)\Mozilla Firefox\plugins\nppl3260.dll (RealNetworks, Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.3) - C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.3) - C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin2.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.3) - C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin3.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.3) - C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin4.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.3) - C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin5.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.3) - C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin6.dll No File
CHR Plugin: (QuickTime Plug-in 7.7.3) - C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin7.dll No File
CHR Plugin: (RealJukebox NS Plugin) - C:\Program Files (x86)\Mozilla Firefox\plugins\nprjplug.dll (RealNetworks, Inc.)
CHR Plugin: (RealPlayer Version Plugin) - C:\Program Files (x86)\Mozilla Firefox\plugins\nprpjplug.dll (RealNetworks, Inc.)
CHR Plugin: (RealPlayer Download Plugin) - C:\Program Files (x86)\Mozilla Firefox\plugins\nprpplugin.dll (RealPlayer)
CHR Plugin: (ESN Launch Mozilla Plugin) - C:\Program Files (x86)\Battlelog Web Plugins\2.1.2\npesnlaunch.dll (ESN Social Software AB)
CHR Plugin: (AVG SiteSafety plugin) - C:\Program Files (x86)\Common Files\AVG Secure Search\SiteSafetyInstaller\14.2.0\\npsitesafety.dll (AVG Technologies)
CHR Plugin: (DivX VOD Helper Plug-in) - C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
CHR Plugin: (DivX Web Player) - C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX,Inc.)
CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.135\npGoogleUpdate3.dll No File
CHR Plugin: (Java Deployment Toolkit 7.0.210.11) - C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
CHR Plugin: (Java™ Platform SE 7 U21) - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
CHR Plugin: (Harmony Firefox Plugin) - C:\Program Files (x86)\Logitech\Harmony Remote Driver\NprtHarmonyPlugin.dll (Logitech Inc.)
CHR Plugin: (Pando Web Plugin) - C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
CHR Plugin: ( Wacom Dynamic Link Library) - C:\Program Files (x86)\TabletPlugins\npwacom.dll (Wacom, Inc.)
CHR Plugin: (iTunes Application Detector) - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
CHR Plugin: (Nexon Game Controller) - C:\ProgramData\NexonUS\NGM\npNxGameUS.dll (Nexon)
CHR Plugin: (RealNetworks™ RealDownloader Chrome Background Extension Plug-In (32-bit) ) - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlchromebrowserrecordext.dll (RealNetworks, Inc.)
CHR Plugin: (RealNetworks™ RealDownloader HTML5VideoShim Plug-In (32-bit) ) - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlhtml5videoshim.dll (RealNetworks, Inc.)
CHR Plugin: (RealNetworks™ RealDownloader PepperFlashVideoShim Plug-In (32-bit) ) - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlpepperflashvideoshim.dll (RealNetworks, Inc.)
CHR Plugin: (RealDownloader Plugin) - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\npdlplugin.dll (RealDownloader)
CHR Plugin: (RealNetworks™ Chrome Background Extension Plug-In (32-bit) ) - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.)
CHR Plugin: (RealPlayer™ HTML5VideoShim Plug-In (32-bit) ) - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)
CHR Plugin: (Shockwave for Director) - C:\Windows\SysWOW64\Adobe\Director\np32dsw_1200112.dll (Adobe Systems, Inc.)
CHR Plugin: (Shockwave Flash) - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_169.dll No File
CHR Plugin: (Silverlight Plug-In) - c:\Program Files (x86)\Microsoft Silverlight\5.1.20125.0\npctrl.dll No File
CHR Profile: C:\Users\Richard\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Docs) - C:\Users\Richard\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2013-04-21]
CHR Extension: (Google Drive) - C:\Users\Richard\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2013-04-21]
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\Richard\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-05-21]
CHR Extension: (YouTube) - C:\Users\Richard\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2013-04-21]
CHR Extension: (Google Cast) - C:\Users\Richard\AppData\Local\Google\Chrome\User Data\Default\Extensions\boadgeojelhgndaghljhdicfkmllpafd [2014-04-12]
CHR Extension: (Adblock Plus) - C:\Users\Richard\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2013-07-10]
CHR Extension: (Google Search) - C:\Users\Richard\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2013-04-21]
CHR Extension: (Wolfram Alpha Official) - C:\Users\Richard\AppData\Local\Google\Chrome\User Data\Default\Extensions\icncamkooinmbehmkeilcccmoljfkdhp [2015-02-11]
CHR Extension: (RealDownloader) - C:\Users\Richard\AppData\Local\Google\Chrome\User Data\Default\Extensions\idhngdhcfkoamngbedgpaokgjbnpdiji [2013-04-21]
CHR Extension: (Skype Click to Call) - C:\Users\Richard\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl [2013-04-21]
CHR Extension: (AVG Security Toolbar) - C:\Users\Richard\AppData\Local\Google\Chrome\User Data\Default\Extensions\ndibdjnfmopecpmkdieinmbadjfpblof [2013-04-21]
CHR Extension: (Google Wallet) - C:\Users\Richard\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-08-22]
CHR Extension: (Gmail) - C:\Users\Richard\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2013-04-21]
CHR HKLM-x32\...\Chrome\Extension: [bopakagnckmlgajfccecajhnimjiiedh] - No Path
CHR HKLM-x32\...\Chrome\Extension: [cpojbflpfnldlfajplfekeljkpkcedad] - C:\Users\Richard\AppData\Local\Temp\cpojbflpfnldlfajplfekeljkpkcedad.crx [Not Found]
CHR HKLM-x32\...\Chrome\Extension: [idhngdhcfkoamngbedgpaokgjbnpdiji] - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Chrome\Ext\realdownloader.crx [2013-03-06]
CHR HKLM-x32\...\Chrome\Extension: [jmfkcklnlgedgbglfkkgedjfmejoahla] - C:\Program Files (x86)\AVG\AVG2012\Chrome\safesearch.crx [2012-07-26]
CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files (x86)\Skype\Toolbars\ChromeExtension\skype_chrome_extension.crx [2014-07-14]
CHR HKLM-x32\...\Chrome\Extension: [ndibdjnfmopecpmkdieinmbadjfpblof] - C:\Program Files (x86)\AVG\AVG2012\Chrome\donottrack.crx [2012-04-20]
CHR HKLM-x32\...\Chrome\Extension: [nneajnkjbffgblleaoojgaacokifdkhm] - No Path
 
==================== Services (Whitelisted) =================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 !SASCORE; C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE [140672 2012-07-11] (SUPERAntiSpyware.com) [File not signed]
R2 AdAppMgrSvc; C:\Program Files (x86)\Common Files\Autodesk Shared\AppManager\R1\AdAppMgrSvc.exe [576904 2013-12-22] (Autodesk Inc.)
R2 avgfws; C:\Program Files (x86)\AVG\AVG2012\avgfws.exe [2322000 2014-11-04] (AVG Technologies CZ, s.r.o.)
R2 AVGIDSAgent; C:\Program Files (x86)\AVG\AVG2012\AVGIDSAgent.exe [5175856 2013-10-16] (AVG Technologies CZ, s.r.o.)
R2 avgwd; C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe [193288 2012-02-14] (AVG Technologies CZ, s.r.o.)
S3 BEService; C:\Program Files (x86)\Common Files\BattlEye\BEService.exe [49152 2014-01-11] () [File not signed]
S2 BstHdAndroidSvc; C:\Program Files (x86)\BlueStacks\HD-Service.exe [393032 2013-09-19] (BlueStack Systems, Inc.)
R2 BstHdLogRotatorSvc; C:\Program Files (x86)\BlueStacks\HD-LogRotatorService.exe [384840 2013-09-19] (BlueStack Systems, Inc.)
S4 c2cautoupdatesvc; C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [1390176 2014-07-14] (Microsoft Corporation)
S4 c2cpnrsvc; C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [1767520 2014-07-14] (Microsoft Corporation)
S3 Creative ALchemy AL6 Licensing Service; C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\AL6Licensing.exe [79360 2013-05-25] (Creative Labs) [File not signed]
S3 Creative Audio Engine Licensing Service; C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe [79360 2013-05-25] (Creative Labs) [File not signed]
R2 CTAudSvcService; C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe [423424 2012-10-08] (Creative Technology Ltd) [File not signed]
R2 CtHdaSvc; C:\Windows\sysWow64\CtHdaSvc.exe [112640 2013-03-25] (Creative Technology Ltd)
R2 DAZContentManagementService; C:\Program Files\DAZ 3D\Content Management Service\ContentManagementServer.exe [22528 2011-05-05] () [File not signed]
R2 DigiRefresh; C:\Program Files (x86)\Digidesign\Drivers\MMERefresh.exe [77824 2007-10-30] (Digidesign, A Division of Avid Technology, Inc.) [File not signed]
S3 digiSPTIService; C:\Program Files (x86)\Digidesign\Pro Tools\digiSPTIService.exe [159744 2007-10-30] (Digidesign, A Division of Avid Technology, Inc.) [File not signed]
R3 Disc Soft Bus Service; C:\Program Files (x86)\DAEMON Tools Ultra\DiscSoftBusService.exe [580672 2013-03-06] (Disc Soft Ltd)
R2 fb0849cd; c:\Program Files (x86)\TrimGeneration\TrimGeneration.dll [1541120 2015-02-11] () [File not signed]
S3 HssTrayService; C:\Program Files (x86)\Hotspot Shield\bin\HssTrayService.EXE [78512 2013-07-23] ()
R2 HssWd; C:\Program Files (x86)\Hotspot Shield\bin\hsswd.exe [548136 2013-07-25] ()
R2 lxecCATSCustConnectService; C:\Windows\system32\spool\DRIVERS\x64\3\\lxecserv.exe [45736 2010-04-14] (Lexmark International, Inc.)
R2 lxec_device; C:\Windows\system32\lxeccoms.exe [1052328 2010-04-14] ( )
R2 lxec_device; C:\Windows\SysWOW64\lxeccoms.exe [598696 2010-04-14] ( )
R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1871160 2014-11-21] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [969016 2014-11-21] (Malwarebytes Corporation)
S3 McComponentHostService; C:\Program Files\McAfee Security Scan\3.8.150\McCHSvc.exe [289256 2014-04-09] (McAfee, Inc.)
S3 mi-raysat_3dsmax2015_64; C:\Program Files\Autodesk\3ds Max 2015\NVIDIA\Satellite\raysat_3dsmax2015_64server.exe [86016 2011-09-14] () [File not signed]
S3 npggsvc; C:\Windows\SysWOW64\GameMon.des [4199520 2012-03-06] (INCA Internet Co., Ltd.) [File not signed]
R2 PnkBstrA; C:\Windows\SysWOW64\PnkBstrA.exe [76888 2012-11-04] ()
R2 RalinkRegistryWriter; C:\Program Files (x86)\NETGEAR\WNDA4100\Service\RaRegistry.exe [377088 2012-09-04] (Ralink Technology, Corp.)
R2 RalinkRegistryWriter64; C:\Program Files (x86)\NETGEAR\WNDA4100\Service\RaRegistry64.exe [455424 2012-09-04] (Ralink Technology, Corp.)
R2 RealNetworks Downloader Resolver Service; C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe [39056 2013-03-06] ()
S3 SwitchBoard; C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated) [File not signed]
R2 vToolbarUpdater18.1.9; C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\18.1.9\ToolbarUpdater.exe [1820184 2014-08-11] (AVG Secure Search)
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)
R2 WTouchService; C:\Program Files\WTouch\WTouchService.exe [127784 2009-11-23] (Wacom Technology, Corp.)
S2 RoxLiveShare10; "C:\Program Files (x86)\Common Files\Roxio Shared\10.0\SharedCOM\RoxLiveShare10.exe" [X]
 
==================== Drivers (Whitelisted) ====================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
R1 Avgfwfd; C:\Windows\System32\DRIVERS\avgfwd6a.sys [48992 2011-05-23] (AVG Technologies CZ, s.r.o.)
R3 AVGIDSDriver; C:\Windows\System32\DRIVERS\avgidsdrivera.sys [127328 2012-12-10] (AVG Technologies CZ, s.r.o. )
R3 AVGIDSFilter; C:\Windows\System32\DRIVERS\avgidsfiltera.sys [29776 2011-12-23] (AVG Technologies CZ, s.r.o. )
R0 AVGIDSHA; C:\Windows\System32\DRIVERS\avgidsha.sys [28480 2012-04-19] (AVG Technologies CZ, s.r.o. )
R1 Avgldx64; C:\Windows\System32\DRIVERS\avgldx64.sys [307040 2012-11-08] (AVG Technologies CZ, s.r.o.)
R1 Avgmfx64; C:\Windows\System32\DRIVERS\avgmfx64.sys [47696 2011-12-23] (AVG Technologies CZ, s.r.o.)
R0 Avgrkx64; C:\Windows\System32\DRIVERS\avgrkx64.sys [36944 2012-01-31] (AVG Technologies CZ, s.r.o.)
R1 Avgtdia; C:\Windows\System32\DRIVERS\avgtdia.sys [384800 2014-11-04] (AVG Technologies CZ, s.r.o.)
R1 avgtp; C:\Windows\system32\drivers\avgtpx64.sys [50976 2014-08-11] (AVG Technologies)
R2 BstHdDrv; C:\Program Files (x86)\BlueStacks\HD-Hypervisor-amd64.sys [70984 2013-09-19] (BlueStack Systems)
S3 ck3iusb64; C:\Windows\System32\DRIVERS\ck3iusb64.sys [64000 2010-01-18] (Xecuter)
R3 cthda; C:\Windows\System32\drivers\cthda.sys [1058072 2013-03-25] (Creative Technology Ltd)
R3 cthdb; C:\Windows\System32\DRIVERS\cthdb.sys [31512 2013-03-25] (Creative Technology Ltd)
R3 dtscsibus; C:\Windows\System32\DRIVERS\dtscsibus.sys [29696 2013-03-12] (Disc Soft Ltd)
R3 ElbyCDFL; C:\Windows\System32\Drivers\ElbyCDFL.sys [40648 2007-02-15] (SlySoft, Inc.)
R3 ElbyCDFL; C:\Windows\SysWOW64\Drivers\ElbyCDFL.sys [40648 2007-02-15] (SlySoft, Inc.)
S3 Gun; C:\Game\SoftnyxGame\GunBoundIS\Gun64.sys [45176 2012-09-16] ()
R1 HssDRV6; C:\Windows\System32\DRIVERS\hssdrv6.sys [46792 2013-07-23] (AnchorFree Inc.)
R2 IntelHaxm; C:\Windows\System32\DRIVERS\IntelHaxm.sys [84992 2014-11-18] (Intel  Corporation)
R3 LGPBTDD; C:\Windows\System32\Drivers\LGPBTDD.sys [30728 2009-07-01] (Logitech Inc.)
S3 libusb0; C:\Windows\System32\DRIVERS\libusb0.sys [16896 2007-03-20] (http://libusb-win32.sourceforge.net)
S3 MAUSBFASTTRACKPRO; C:\Windows\System32\DRIVERS\MAudioFastTrackPro.sys [187912 2010-12-07] (Avid Technology, Inc.)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2014-11-21] (Malwarebytes Corporation)
R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [129752 2015-02-17] (Malwarebytes Corporation)
R3 MBAMSwissArmy; C:\Windows\SysWOW64\drivers\MBAMSwissArmy.sys [41272 2011-09-24] (Malwarebytes Corporation)
R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2014-11-21] (Malwarebytes Corporation)
S2 MCSTRM; No ImagePath
R1 SASDIFSV; C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS [14928 2011-07-22] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
R1 SASKUTIL; C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS [12368 2011-07-12] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
R0 sptd; C:\Windows\System32\Drivers\sptd.sys [564824 2013-04-02] (Duplex Secure Ltd.)
S3 SWDUMon; C:\Windows\System32\DRIVERS\SWDUMon.sys [15672 2012-01-17] ()
R3 taphss6; C:\Windows\System32\DRIVERS\taphss6.sys [42184 2013-06-20] (Anchorfree Inc.)
S3 tapoas; C:\Windows\System32\DRIVERS\tapoas.sys [30720 2011-08-19] (The OpenVPN Project)
R2 TurboB; C:\Windows\System32\DRIVERS\TurboB.sys [13832 2010-05-21] ()
U3 a1thxvm6; C:\Windows\System32\Drivers\a1thxvm6.sys [0 ] (Intel Corporation) <==== ATTENTION (zero size file/folder)
S3 IntcAzAudAddService; system32\drivers\RTKVHD64.sys [X]
S3 lmimirr; system32\DRIVERS\lmimirr.sys [X]
S3 NPF; system32\DRIVERS\npf.sys [X]
 
==================== NetSvcs (Whitelisted) ===================
 
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
 
 
==================== One Month Created Files and Folders ========
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2015-02-17 21:58 - 2015-02-17 21:59 - 00056126 _____ () C:\Users\Richard\Downloads\FRST.txt
2015-02-17 21:57 - 2015-02-17 21:58 - 00000000 ____D () C:\FRST
2015-02-17 21:57 - 2015-02-17 21:57 - 02085888 _____ (Farbar) C:\Users\Richard\Downloads\FRST64.exe
2015-02-17 01:47 - 2015-02-17 01:47 - 00000020 _____ () C:\Users\Richard\AppData\Roaming\appdataFr3.bin
2015-02-17 01:47 - 2015-02-17 01:47 - 00000000 ____D () C:\ProgramData\Block The Ads
2015-02-16 23:54 - 2015-02-16 23:54 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee Security Scan Plus
2015-02-16 23:54 - 2015-02-16 23:54 - 00000000 ____D () C:\Program Files\McAfee Security Scan
2015-02-16 23:46 - 2015-02-16 23:47 - 00275664 _____ () C:\Windows\Minidump\021615-41121-01.dmp
2015-02-16 21:50 - 2015-02-16 21:50 - 00000000 ____D () C:\Windows\Hewlett-Packard
2015-02-15 00:55 - 2015-02-15 00:55 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2015-02-14 20:24 - 2015-02-14 20:24 - 00000000 ____D () C:\ProgramData\AVG
2015-02-14 20:16 - 2015-02-14 20:16 - 00000000 ____D () C:\Users\Richard\AppData\Roaming\TuneUp Software
2015-02-14 19:28 - 2015-02-14 19:29 - 00000000 ____D () C:\ProgramData\Ralink
2015-02-14 19:28 - 2015-02-14 19:28 - 00002025 _____ () C:\Windows\system32\RaCoInst.log
2015-02-14 19:28 - 2015-02-14 19:28 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NETGEAR WNDA4100 Genie
2015-02-14 19:28 - 2015-02-14 19:28 - 00000000 ____D () C:\Program Files (x86)\NETGEAR
2015-02-14 19:28 - 2015-02-14 19:28 - 00000000 ____D () C:\Program Files (x86)\Cisco
2015-02-14 19:28 - 2012-10-22 14:50 - 00008192 _____ () C:\Windows\system32\Drivers\rt2870.bin
2015-02-14 19:28 - 2012-09-04 13:34 - 02403392 _____ (Ralink Technology, Corp.) C:\Windows\system32\RaCertMgr.dll
2015-02-14 19:28 - 2012-09-04 13:34 - 01121856 _____ (Ralink Technology, Corp.) C:\Windows\system32\RaIHV.dll
2015-02-14 19:28 - 2012-09-04 13:34 - 00128864 _____ (Ralink Technology, Corp.) C:\Windows\system32\RaExtUI.dll
2015-02-14 19:27 - 2015-02-14 19:27 - 00000000 ____D () C:\ProgramData\NETGEAR
2015-02-14 17:38 - 2015-02-14 17:38 - 00275608 _____ () C:\Windows\Minidump\021415-36301-01.dmp
2015-02-14 16:53 - 2015-02-14 16:53 - 00000000 __SHD () C:\found.000
2015-02-13 22:21 - 2015-01-22 23:42 - 00814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2015-02-13 22:21 - 2015-01-22 23:41 - 06041600 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2015-02-13 22:21 - 2015-01-22 22:43 - 00620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2015-02-13 22:21 - 2015-01-22 22:17 - 04300800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2015-02-13 21:17 - 2015-02-17 21:07 - 00129752 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-02-13 21:16 - 2015-02-13 22:03 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2015-02-13 21:16 - 2015-02-13 21:16 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2015-02-13 21:16 - 2014-11-21 06:14 - 00093400 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2015-02-13 21:16 - 2014-11-21 06:14 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2015-02-12 21:39 - 2015-02-12 21:39 - 00275608 _____ () C:\Windows\Minidump\021215-40061-01.dmp
2015-02-11 22:56 - 2015-02-11 22:56 - 01110476 _____ () C:\Users\Richard\Downloads\7z920.exe
2015-02-11 22:56 - 2015-02-11 22:56 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\7-Zip
2015-02-11 22:56 - 2015-02-11 22:56 - 00000000 ____D () C:\Program Files (x86)\7-Zip
2015-02-11 21:37 - 2015-02-11 21:37 - 00000000 ____D () C:\Program Files (x86)\TrimGeneration
2015-02-11 21:36 - 2015-02-13 23:50 - 00000000 ____D () C:\Program Files (x86)\Wolfram Alpha Official
2015-02-11 21:35 - 2015-02-13 23:50 - 00000000 ____D () C:\Program Files (x86)\UniDealSe
2015-02-11 21:35 - 2015-02-11 21:39 - 00000000 ____D () C:\ProgramData\nhmcglfkepndbiojjicdnlaedjcdebji
2015-02-11 21:35 - 2015-02-11 21:35 - 00000000 ____D () C:\ProgramData\14287534737476752146
2015-02-11 21:34 - 2015-02-12 21:43 - 00000000 ____D () C:\ProgramData\{ea624672-eec5-e1a0-ea62-24672eec19cb}
2015-02-11 09:15 - 2015-01-08 22:14 - 00950272 _____ (Microsoft Corporation) C:\Windows\system32\perftrack.dll
2015-02-11 09:15 - 2015-01-08 22:14 - 00091136 _____ (Microsoft Corporation) C:\Windows\system32\wdi.dll
2015-02-11 09:15 - 2015-01-08 22:14 - 00029696 _____ (Microsoft Corporation) C:\Windows\system32\powertracker.dll
2015-02-11 09:15 - 2015-01-08 21:48 - 00076800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdi.dll
2015-02-11 09:14 - 2014-12-07 22:09 - 00406528 _____ (Microsoft Corporation) C:\Windows\system32\scesrv.dll
2015-02-11 09:14 - 2014-12-07 21:46 - 00308224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\scesrv.dll
2015-02-11 09:13 - 2015-02-03 22:16 - 00894976 _____ (Microsoft Corporation) C:\Windows\system32\appraiser.dll
2015-02-11 09:13 - 2015-02-03 22:16 - 00762368 _____ (Microsoft Corporation) C:\Windows\system32\invagent.dll
2015-02-11 09:13 - 2015-02-03 22:16 - 00609280 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll
2015-02-11 09:13 - 2015-02-03 22:16 - 00414720 _____ (Microsoft Corporation) C:\Windows\system32\devinv.dll
2015-02-11 09:13 - 2015-02-03 22:16 - 00227328 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2015-02-11 09:13 - 2015-02-03 22:16 - 00192000 _____ (Microsoft Corporation) C:\Windows\system32\aepic.dll
2015-02-11 09:13 - 2015-02-03 22:13 - 01098752 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2015-02-11 09:13 - 2015-01-27 18:36 - 01239720 _____ (Microsoft Corporation) C:\Windows\system32\aitstatic.exe
2015-02-11 09:13 - 2015-01-14 00:47 - 00389808 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2015-02-11 09:13 - 2015-01-14 00:09 - 00342712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2015-02-11 09:13 - 2015-01-11 22:05 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2015-02-11 09:13 - 2015-01-11 22:05 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2015-02-11 09:13 - 2015-01-11 21:49 - 00066560 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2015-02-11 09:13 - 2015-01-11 21:48 - 02885632 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2015-02-11 09:13 - 2015-01-11 21:48 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2015-02-11 09:13 - 2015-01-11 21:39 - 00034304 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2015-02-11 09:13 - 2015-01-11 21:34 - 00114688 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2015-02-11 09:13 - 2015-01-11 21:25 - 19740160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2015-02-11 09:13 - 2015-01-11 21:25 - 00968704 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2015-02-11 09:13 - 2015-01-11 21:21 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2015-02-11 09:13 - 2015-01-11 21:13 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2015-02-11 09:13 - 2015-01-11 21:08 - 00503296 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2015-02-11 09:13 - 2015-01-11 21:07 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2015-02-11 09:13 - 2015-01-11 21:07 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2015-02-11 09:13 - 2015-01-11 21:05 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2015-02-11 09:13 - 2015-01-11 21:04 - 00316928 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2015-02-11 09:13 - 2015-01-11 21:02 - 02277888 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2015-02-11 09:13 - 2015-01-11 21:00 - 00047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2015-02-11 09:13 - 2015-01-11 20:59 - 00030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2015-02-11 09:13 - 2015-01-11 20:57 - 00478208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2015-02-11 09:13 - 2015-01-11 20:55 - 00115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2015-02-11 09:13 - 2015-01-11 20:48 - 00801280 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2015-02-11 09:13 - 2015-01-11 20:48 - 00718848 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2015-02-11 09:13 - 2015-01-11 20:46 - 02125824 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2015-02-11 09:13 - 2015-01-11 20:45 - 00418304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2015-02-11 09:13 - 2015-01-11 20:40 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2015-02-11 09:13 - 2015-01-11 20:35 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2015-02-11 09:13 - 2015-01-11 20:33 - 00285696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2015-02-11 09:13 - 2015-01-11 20:23 - 02052608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2015-02-11 09:13 - 2015-01-11 20:23 - 00688640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2015-02-11 09:13 - 2015-01-11 20:22 - 01155072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2015-02-11 09:13 - 2015-01-11 20:14 - 12829184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2015-02-11 09:13 - 2015-01-11 20:14 - 01548288 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2015-02-11 09:13 - 2015-01-11 20:02 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2015-02-11 09:13 - 2015-01-11 19:56 - 01307136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2015-02-11 09:13 - 2015-01-11 19:55 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2015-02-11 09:13 - 2015-01-10 01:48 - 00728064 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2015-02-11 09:13 - 2015-01-10 01:48 - 00341504 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2015-02-11 09:13 - 2015-01-10 01:48 - 00314880 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2015-02-11 09:13 - 2015-01-10 01:48 - 00309760 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2015-02-11 09:13 - 2015-01-10 01:48 - 00210944 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2015-02-11 09:13 - 2015-01-10 01:48 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2015-02-11 09:13 - 2015-01-10 01:48 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2015-02-11 09:13 - 2015-01-10 01:27 - 00550912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2015-02-11 09:13 - 2015-01-10 01:27 - 00259584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2015-02-11 09:13 - 2015-01-10 01:27 - 00248832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2015-02-11 09:13 - 2015-01-10 01:27 - 00221184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2015-02-11 09:13 - 2015-01-10 01:27 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
2015-02-11 09:13 - 2015-01-10 01:27 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2015-02-11 09:13 - 2015-01-10 01:27 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2015-02-11 09:12 - 2015-01-11 22:09 - 25056256 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2015-02-11 09:12 - 2015-01-11 21:48 - 00584192 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2015-02-11 09:12 - 2015-01-11 21:47 - 00088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2015-02-11 09:12 - 2015-01-11 21:40 - 00054784 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2015-02-11 09:12 - 2015-01-11 21:36 - 00633856 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2015-02-11 09:12 - 2015-01-11 21:34 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2015-02-11 09:12 - 2015-01-11 21:21 - 00490496 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2015-02-11 09:12 - 2015-01-11 21:08 - 00199680 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2015-02-11 09:12 - 2015-01-11 21:07 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2015-02-11 09:12 - 2015-01-11 20:46 - 01359360 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2015-02-11 09:12 - 2015-01-11 20:43 - 14401024 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2015-02-11 09:12 - 2015-01-11 20:36 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2015-02-11 09:12 - 2015-01-11 20:27 - 02358272 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2015-02-11 09:12 - 2015-01-11 20:00 - 01888256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2015-02-11 09:11 - 2015-01-15 03:14 - 00155072 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2015-02-11 09:11 - 2015-01-15 03:14 - 00095680 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2015-02-11 09:11 - 2015-01-15 03:09 - 01461760 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2015-02-11 09:11 - 2015-01-15 03:09 - 00136192 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2015-02-11 09:11 - 2015-01-15 03:09 - 00031232 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2015-02-11 09:11 - 2015-01-15 03:09 - 00029184 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2015-02-11 09:11 - 2015-01-15 03:09 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2015-02-11 09:11 - 2015-01-15 03:08 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe
2015-02-11 09:11 - 2015-01-15 03:06 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
2015-02-11 09:11 - 2015-01-15 03:06 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll
2015-02-11 09:11 - 2015-01-15 03:04 - 00686080 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2015-02-11 09:11 - 2015-01-15 02:42 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\auditpol.exe
2015-02-11 09:11 - 2015-01-15 02:42 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2015-02-11 09:11 - 2015-01-15 02:41 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2015-02-11 09:11 - 2015-01-15 02:39 - 00146432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll
2015-02-11 09:11 - 2015-01-15 02:39 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msobjs.dll
2015-02-11 09:11 - 2015-01-15 02:37 - 00686080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll
2015-02-11 09:11 - 2015-01-14 23:22 - 00458824 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\cng.sys
2015-02-11 09:11 - 2015-01-12 22:10 - 01424384 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecs.dll
2015-02-11 09:11 - 2015-01-12 21:49 - 01230336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WindowsCodecs.dll
2015-02-11 09:11 - 2014-12-12 00:31 - 01480192 _____ (Microsoft Corporation) C:\Windows\system32\crypt32.dll
2015-02-11 09:11 - 2014-12-12 00:07 - 01174528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\crypt32.dll
2015-02-11 09:11 - 2014-07-06 21:07 - 00229376 _____ (Microsoft Corporation) C:\Windows\system32\wintrust.dll
2015-02-11 09:11 - 2014-07-06 21:06 - 00187904 _____ (Microsoft Corporation) C:\Windows\system32\cryptsvc.dll
2015-02-11 09:11 - 2014-07-06 20:40 - 00179200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wintrust.dll
2015-02-11 09:11 - 2014-07-06 20:40 - 00143872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptsvc.dll
2015-02-11 09:10 - 2014-11-25 22:53 - 00861696 _____ (Microsoft Corporation) C:\Windows\system32\oleaut32.dll
2015-02-11 09:10 - 2014-11-25 22:32 - 00571904 _____ (Microsoft Corporation) C:\Windows\SysWOW64\oleaut32.dll
2015-02-11 09:09 - 2015-01-14 01:09 - 05554112 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2015-02-11 09:09 - 2015-01-14 01:05 - 00503808 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll
2015-02-11 09:09 - 2015-01-14 01:05 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll
2015-02-11 09:09 - 2015-01-14 01:04 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe
2015-02-11 09:09 - 2015-01-14 00:44 - 03972544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2015-02-11 09:09 - 2015-01-14 00:44 - 03917760 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2015-02-11 09:09 - 2015-01-14 00:41 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll
2015-02-11 09:09 - 2014-10-03 21:10 - 03722752 _____ (Microsoft Corporation) C:\Windows\system32\mstscax.dll
2015-02-11 09:09 - 2014-10-03 20:42 - 03221504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mstscax.dll
2015-02-11 09:09 - 2014-10-03 20:42 - 00131584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\aaclient.dll
2015-02-11 09:08 - 2015-01-08 21:03 - 03201536 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2015-02-02 02:16 - 2015-02-17 02:31 - 00002976 _____ () C:\Windows\System32\Tasks\ReclaimerUpdateXML_Richard
2015-02-02 02:16 - 2015-02-17 02:31 - 00000374 _____ () C:\Windows\Tasks\ReclaimerUpdateXML_Richard.job
2015-02-02 02:16 - 2015-02-16 19:23 - 00002980 _____ () C:\Windows\System32\Tasks\ReclaimerUpdateFiles_Richard
2015-02-02 02:16 - 2015-02-16 19:23 - 00000378 _____ () C:\Windows\Tasks\ReclaimerUpdateFiles_Richard.job
2015-02-01 18:47 - 2015-02-01 18:51 - 00000000 ____D () C:\Users\Richard\Desktop\ManualMuscleTesting&Goniometry
2015-02-01 18:07 - 2015-02-01 18:07 - 00000000 ____D () C:\Users\Richard\.gradle
2015-02-01 18:06 - 2015-02-01 19:17 - 00000000 ____D () C:\Users\Richard\AndroidStudioProjects
2015-02-01 18:01 - 2015-02-01 18:01 - 00000000 ____D () C:\Users\Richard\AppData\Roaming\JetBrains
2015-02-01 18:00 - 2015-02-01 18:00 - 00000000 ____D () C:\Users\Richard\.AndroidStudio
2015-02-01 17:59 - 2015-02-01 17:58 - 00320424 _____ (Oracle Corporation) C:\Windows\system32\javaws.exe
2015-02-01 17:58 - 2015-02-01 17:58 - 00189352 _____ (Oracle Corporation) C:\Windows\system32\javaw.exe
2015-02-01 17:58 - 2015-02-01 17:58 - 00189352 _____ (Oracle Corporation) C:\Windows\system32\java.exe
2015-02-01 17:58 - 2015-02-01 17:58 - 00111016 _____ (Oracle Corporation) C:\Windows\system32\WindowsAccessBridge-64.dll
2015-02-01 17:53 - 2015-02-01 17:54 - 135816096 _____ (Oracle Corporation) C:\Users\Richard\Downloads\jdk-7u75-windows-x64.exe
2015-02-01 17:45 - 2015-02-01 20:10 - 00000000 ____D () C:\Users\Richard\.android
2015-02-01 17:45 - 2015-02-01 17:45 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Android Studio
2015-02-01 17:44 - 2014-11-18 15:02 - 00084992 _____ (Intel Corporation) C:\Windows\system32\Drivers\IntelHaxm.sys
2015-02-01 17:40 - 2015-02-01 17:40 - 00000000 ____D () C:\Users\Richard\AppData\Local\Android
2015-02-01 17:39 - 2015-02-01 17:39 - 00000000 ____D () C:\Program Files\Android
2015-02-01 17:29 - 2015-02-01 17:37 - 868344232 _____ (Google Inc.) C:\Users\Richard\Downloads\android-studio-bundle-135.1641136.exe
2015-01-29 11:22 - 2015-01-29 11:22 - 00000000 ____D () C:\Users\Richard\AppData\Roaming\JAM Software
2015-01-29 11:22 - 2015-01-29 11:22 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TreeSize Free
2015-01-29 11:22 - 2015-01-29 11:22 - 00000000 ____D () C:\Program Files (x86)\JAM Software
2015-01-21 22:51 - 2015-02-05 07:58 - 00003348 _____ () C:\Windows\System32\Tasks\RealPlayerRealUpgradeScheduledTaskS-1-5-21-3319899460-182958709-312313737-1002
2015-01-21 22:51 - 2015-02-05 07:58 - 00003218 _____ () C:\Windows\System32\Tasks\RealPlayerRealUpgradeLogonTaskS-1-5-21-3319899460-182958709-312313737-1002
2015-01-21 22:49 - 2015-01-21 22:49 - 00275608 _____ () C:\Windows\Minidump\012115-48875-01.dmp
 
==================== One Month Modified Files and Folders =======
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2015-02-17 21:55 - 2011-03-26 03:39 - 00000898 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-02-17 21:29 - 2012-06-01 20:26 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-02-17 21:00 - 2014-04-12 17:24 - 00000916 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3319899460-182958709-312313737-1002UA.job
2015-02-17 20:30 - 2013-03-17 03:17 - 00000000 ____D () C:\Users\Richard\AppData\Local\Akamai
2015-02-17 19:36 - 2011-10-04 19:51 - 00000000 ____D () C:\Windows\system32\Drivers\AVG
2015-02-17 16:48 - 2009-07-13 23:45 - 00018736 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-02-17 16:48 - 2009-07-13 23:45 - 00018736 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-02-17 16:45 - 2010-08-18 08:29 - 01847916 _____ () C:\Windows\WindowsUpdate.log
2015-02-17 16:44 - 2009-07-13 23:51 - 00119084 _____ () C:\Windows\setupact.log
2015-02-17 16:37 - 2013-06-02 18:52 - 00000350 _____ () C:\Windows\Tasks\AVG-Secure-Search-Update_JUNE2013_TB_rmv.job
2015-02-17 16:37 - 2013-03-13 06:16 - 00000444 ____H () C:\Windows\Tasks\schedule!1818212897.job
2015-02-17 16:37 - 2013-01-24 16:49 - 00000354 _____ () C:\Windows\Tasks\ROC_JAN2013_TB_rmv.job
2015-02-17 16:37 - 2011-05-26 20:22 - 00077810 _____ () C:\ProgramData\lxecscan.log
2015-02-17 16:37 - 2011-03-26 03:39 - 00000894 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-02-17 16:36 - 2009-07-14 00:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-02-17 15:00 - 2014-04-12 17:24 - 00000864 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3319899460-182958709-312313737-1002Core.job
2015-02-17 05:23 - 2010-09-01 14:26 - 00739312 _____ () C:\Windows\PFRO.log
2015-02-17 02:00 - 2010-09-06 20:41 - 00000000 ____D () C:\Users\Richard\AppData\Local\Adobe
2015-02-17 01:14 - 2014-12-10 20:15 - 00000000 ____D () C:\Users\Richard\Documents\Reality
2015-02-16 23:54 - 2013-04-19 04:59 - 00000000 ____D () C:\ProgramData\McAfee Security Scan
2015-02-16 23:52 - 2014-06-24 01:39 - 00000000 ____D () C:\Users\Richard\AppData\Roaming\Raptr
2015-02-16 23:50 - 2013-03-30 15:19 - 00000000 ____D () C:\Users\Richard\AppData\Roaming\Dropbox
2015-02-16 23:47 - 2010-11-03 03:54 - 00000000 ____D () C:\Users\Richard\AppData\Roaming\WTablet
2015-02-16 23:46 - 2014-11-20 23:04 - 926696782 _____ () C:\Windows\MEMORY.DMP
2015-02-16 23:46 - 2010-09-01 22:13 - 00000000 ____D () C:\Windows\Minidump
2015-02-16 23:41 - 2013-03-13 03:59 - 00000000 ____D () C:\ProgramData\e-onsoftware
2015-02-16 21:52 - 2013-12-31 19:44 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HP
2015-02-16 21:52 - 2013-12-31 19:42 - 00000000 ____D () C:\Program Files (x86)\HP
2015-02-16 21:50 - 2013-12-31 19:44 - 00000000 ____D () C:\Users\Richard\AppData\Roaming\HpUpdate
2015-02-15 21:50 - 2012-06-17 00:21 - 00000000 ____D () C:\Windows\pss
2015-02-15 18:34 - 2009-07-14 00:13 - 00795684 _____ () C:\Windows\system32\PerfStringBackup.INI
2015-02-15 03:12 - 2012-07-22 15:20 - 00093184 ___SH () C:\Users\Richard\AppData\Thumbs.db
2015-02-15 01:26 - 2012-10-28 15:17 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2015-02-15 01:26 - 2010-09-02 01:38 - 00000000 ____D () C:\Users\Richard\AppData\Local\Mozilla
2015-02-14 19:28 - 2010-08-18 08:39 - 00000000 ____D () C:\ProgramData\InstallShield
2015-02-14 19:28 - 2010-08-18 08:28 - 00000000 ___HD () C:\Program Files (x86)\InstallShield Installation Information
2015-02-14 19:27 - 2011-06-15 20:58 - 00000000 ____D () C:\Windows\Downloaded Installations
2015-02-14 18:59 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\rescache
2015-02-14 17:52 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\system32\NDF
2015-02-13 23:50 - 2014-06-24 01:39 - 00000000 ____D () C:\Program Files (x86)\Raptr
2015-02-13 23:50 - 2014-05-01 03:57 - 00000000 ____D () C:\Users\Richard\AppData\Roaming\Autodesk
2015-02-13 23:50 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\registration
2015-02-13 23:49 - 2011-05-13 15:47 - 00000000 ____D () C:\ProgramData\Real
2015-02-13 22:02 - 2013-07-30 18:22 - 00000000 ____D () C:\Users\Richard\AppData\Local\CRE
2015-02-13 21:16 - 2012-10-28 14:07 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes' Anti-Malware
2015-02-13 21:16 - 2011-09-14 15:52 - 00000000 ____D () C:\Users\Richard\AppData\Roaming\Malwarebytes
2015-02-13 21:16 - 2011-09-14 15:52 - 00000000 ____D () C:\ProgramData\Malwarebytes
2015-02-13 21:13 - 2013-03-17 23:35 - 00000378 _____ () C:\Windows\system32\Pen_Tablet.dat
2015-02-13 21:12 - 2010-09-01 03:19 - 00000000 ____D () C:\Users\Richard
2015-02-13 18:23 - 2012-12-04 09:40 - 00000284 _____ () C:\ProgramData\lxec.log
2015-02-12 21:35 - 2010-10-07 18:40 - 00000000 ____D () C:\Users\Richard\AppData\Roaming\uTorrent
2015-02-12 10:19 - 2009-07-13 23:45 - 04925528 _____ () C:\Windows\system32\FNTCACHE.DAT
2015-02-12 03:38 - 2014-12-10 03:33 - 00000000 ____D () C:\Windows\system32\appraiser
2015-02-12 03:38 - 2014-05-06 02:00 - 00000000 ___SD () C:\Windows\system32\CompatTel
2015-02-12 03:38 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\tracing
2015-02-12 03:18 - 2010-10-20 01:32 - 00000000 ____D () C:\ProgramData\Microsoft Help
2015-02-12 03:17 - 2013-07-18 02:00 - 00000000 ____D () C:\Windows\system32\MRT
2015-02-12 03:03 - 2010-09-05 17:33 - 116773704 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2015-02-10 23:37 - 2012-05-11 19:01 - 00000000 ____D () C:\Program Files (x86)\Steam
2015-02-06 14:55 - 2014-04-12 17:24 - 00003894 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-3319899460-182958709-312313737-1002UA
2015-02-06 14:55 - 2014-04-12 17:24 - 00003498 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-3319899460-182958709-312313737-1002Core
2015-02-05 13:50 - 2011-03-26 03:39 - 00003894 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2015-02-05 13:50 - 2011-03-26 03:39 - 00003642 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2015-02-04 22:29 - 2012-06-01 20:26 - 00701616 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2015-02-04 22:29 - 2012-06-01 20:26 - 00003768 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2015-02-04 22:29 - 2011-07-07 02:24 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2015-02-01 17:58 - 2013-04-20 23:46 - 00000000 ____D () C:\Program Files\Java
2015-02-01 17:44 - 2010-08-18 08:33 - 00000000 ____D () C:\Program Files\Intel
2015-01-29 11:04 - 2013-03-06 01:45 - 00000000 ____D () C:\Users\Richard\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\DAZ 3D
2015-01-29 10:47 - 2013-03-06 01:30 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DAZ 3D
2015-01-21 23:49 - 2013-02-17 14:22 - 00870128 _____ () C:\Users\Richard\AppData\Roaming\mcs.rma
2015-01-21 23:49 - 2010-12-19 18:55 - 00000004 _____ () C:\Users\Richard\AppData\Roaming\8AA746
2015-01-21 03:05 - 2010-08-18 08:38 - 00787806 _____ () C:\Windows\SysWOW64\PerfStringBackup.INI
 
==================== Files in the root of some directories =======
 
2013-02-26 01:28 - 2013-02-26 01:28 - 0027762 _____ () C:\Program Files\changes.txt
2013-02-26 01:34 - 2013-02-26 01:34 - 2547384 _____ (Beepa P/L) C:\Program Files\fraps.exe
2013-02-26 01:34 - 2013-02-26 01:34 - 0234168 _____ (Beepa P/L) C:\Program Files\fraps32.dll
2013-02-26 01:34 - 2013-02-26 01:34 - 0068792 _____ (Beepa P/L) C:\Program Files\fraps64.dat
2013-02-26 01:34 - 2013-02-26 01:34 - 0186552 _____ (Beepa P/L) C:\Program Files\fraps64.dll
2013-02-26 01:30 - 2013-02-26 01:30 - 0140288 _____ (Beepa P/L) C:\Program Files\frapslcd.dll
2013-05-25 00:59 - 2013-05-25 01:07 - 0000366 _____ () C:\Program Files\FRAPSLOG.TXT
2013-02-26 01:27 - 2013-02-26 01:27 - 0001894 _____ () C:\Program Files\README.HTM
2013-03-24 05:24 - 2013-03-24 05:24 - 0040446 _____ (Beepa Pty Ltd) C:\Program Files\uninstall.exe
2013-09-27 19:59 - 2014-06-22 22:39 - 0003728 _____ () C:\Program Files (x86)\Mozilla Firefoxavg-secure-search.xml
2010-12-09 02:09 - 2010-12-09 02:09 - 0000000 _____ () C:\Users\Richard\AppData\Roaming\.NANotifyHere
2010-12-19 18:55 - 2015-01-21 23:49 - 0000004 _____ () C:\Users\Richard\AppData\Roaming\8AA746
2011-08-15 00:03 - 2011-08-15 00:03 - 0000132 _____ () C:\Users\Richard\AppData\Roaming\Adobe BMP Format CS5 Prefs
2013-03-04 06:05 - 2013-03-04 06:06 - 0000132 _____ () C:\Users\Richard\AppData\Roaming\Adobe IllExport Filter CS5 Prefs
2011-09-23 20:57 - 2013-10-13 22:06 - 0000132 _____ () C:\Users\Richard\AppData\Roaming\Adobe PNG Format CS5 Prefs
2015-02-17 01:47 - 2015-02-17 01:47 - 0000020 _____ () C:\Users\Richard\AppData\Roaming\appdataFr3.bin
2013-02-17 14:22 - 2015-01-21 23:49 - 0870128 _____ () C:\Users\Richard\AppData\Roaming\mcs.rma
2011-11-04 00:32 - 2011-11-04 00:32 - 0001456 _____ () C:\Users\Richard\AppData\Local\Adobe Save for Web 12.0 Prefs
2013-04-11 19:23 - 2013-04-11 19:23 - 0000095 _____ () C:\Users\Richard\AppData\Local\fusioncache.dat
2012-02-20 17:39 - 2012-02-20 17:39 - 0000041 ___SH () C:\ProgramData\.zreglib
2012-01-22 19:07 - 2012-01-22 19:07 - 0000000 _____ () C:\ProgramData\1904543495
2012-01-22 06:32 - 2012-01-22 06:32 - 0000000 _____ () C:\ProgramData\4037067068
2010-10-29 03:07 - 2010-11-30 03:45 - 0000088 __RSH () C:\ProgramData\53881DCD2F.sys
2013-12-31 19:41 - 2013-12-31 19:41 - 0000057 _____ () C:\ProgramData\Ament.ini
2011-05-26 20:18 - 2011-05-26 20:18 - 0000000 _____ () C:\ProgramData\cmn_upld.log
2011-05-26 20:58 - 2011-05-26 20:58 - 0000256 _____ () C:\ProgramData\FastPics.log
2010-10-29 03:07 - 2012-06-01 21:16 - 0002828 ___SH () C:\ProgramData\KGyGaAvL.sys
2012-12-04 09:40 - 2015-02-13 18:23 - 0000284 _____ () C:\ProgramData\lxec.log
2011-08-18 15:48 - 2012-03-24 02:35 - 0000614 _____ () C:\ProgramData\lxecDiagnostics.log
2011-05-26 20:53 - 2013-12-02 23:09 - 0016874 _____ () C:\ProgramData\lxecJSW.log
2011-05-26 20:22 - 2015-02-17 16:37 - 0077810 _____ () C:\ProgramData\lxecscan.log
2011-05-26 20:18 - 2011-05-26 20:18 - 0000000 _____ () C:\ProgramData\LxWbGwLog.log
2013-12-12 03:22 - 2013-12-12 03:22 - 1609356 _____ () C:\ProgramData\SPL8DE.tmp
2012-07-14 22:33 - 2012-07-16 04:51 - 4503728 ____T () C:\ProgramData\to_r0tsef.pad
2011-05-26 20:18 - 2011-05-26 20:18 - 0000000 _____ () C:\ProgramData\UpdaterLog.txt
2012-01-22 06:31 - 2012-01-22 06:31 - 0005089 _____ () C:\ProgramData\zrmjlmea.zpl
2012-01-22 06:32 - 2012-01-22 06:32 - 0005089 _____ () C:\ProgramData\{rmjlmea.zpl
 
ZeroAccess:
C:\$Recycle.Bin\S-1-5-21-3319899460-182958709-312313737-1002\$8b432e2009290dda021288b9140fa04a
 
ZeroAccess:
C:\$Recycle.Bin\S-1-5-18\$8b432e2009290dda021288b9140fa04a
 
Files to move or delete:
====================
C:\ProgramData\to_r0tsef.pad
 
 
Some content of TEMP:
====================
C:\Users\Richard\AppData\Local\Temp\drm_dyndata_7380015.dll
C:\Users\Richard\AppData\Local\Temp\FastDownloadTNT.exe
C:\Users\Richard\AppData\Local\Temp\InstallFlashPlayer.exe
C:\Users\Richard\AppData\Local\Temp\jre-8u31-windows-au.exe
C:\Users\Richard\AppData\Local\Temp\OCL233848T8.dll
C:\Users\Richard\AppData\Local\Temp\ose00000.exe
C:\Users\Richard\AppData\Local\Temp\twapi-2.0a7.dll
 
 
==================== Bamital & volsnap Check =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
 
 
LastRegBack: 2015-02-14 06:20
 
==================== End Of Log ============================
 
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 15-02-2015
Ran by Richard at 2015-02-17 21:59:36
Running from C:\Users\Richard\Downloads
Boot Mode: Normal
==========================================================
 
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
AV: AVG Internet Security 2012 (Disabled - Up to date) {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}
AS: AVG Internet Security 2012 (Disabled - Up to date) {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: AVG Internet Security 2012 (Enabled) {621CC794-9486-F902-D092-0484E8EA828B}
 
==================== Installed Programs ======================
 
(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
µTorrent (HKU\S-1-5-21-3319899460-182958709-312313737-1002\...\uTorrent) (Version: 3.4.2.37754 - BitTorrent Inc.)
7-Zip 9.20 (HKLM-x32\...\7-Zip) (Version:  - )
AaAaAA!!! - A Reckless Disregard for Gravity (HKLM-x32\...\Steam App 15520) (Version:  - Dejobaan Games, LLC)
AaaaaAAaaaAAAaaAAAAaAAAAA!!! for the Awesome (HKLM-x32\...\Steam App 15560) (Version:  - Dejobaan Games, LLC)
ABBYY FineReader 6.0 Sprint (HKLM-x32\...\{ACF60000-22B9-4CE9-98D6-2CCF359BAC07}) (Version: 6.00.2146.41621 - ABBYY Software House)
abgx360 v1.0.6 (HKLM-x32\...\abgx360) (Version:  - )
Add or Remove Adobe Premiere Pro CS5 (HKLM-x32\...\{96F9B265-1367-4E1A-B8B9-F8530EF3AA62}) (Version: 5.0 - Adobe Systems Incorporated)
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 3.6.0.5970 - Adobe Systems Incorporated)
Adobe Flash Player 16 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 16.0.0.305 - Adobe Systems Incorporated)
Adobe Flash Player 16 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 16.0.0.305 - Adobe Systems Incorporated)
Adobe Help Manager (HKLM-x32\...\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1) (Version: 4.0.244 - Adobe Systems Incorporated)
Adobe Illustrator CS6 (HKLM-x32\...\{4869414E-7AEA-4C8E-BE1C-8D40977FD517}) (Version: 16.0 - Adobe Systems Incorporated)
Adobe Media Player (HKLM-x32\...\com.adobe.amp.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1) (Version: 1.8 - Adobe Systems Incorporated)
Adobe Photoshop CS5 (HKLM-x32\...\{15FEDA5F-141C-4127-8D7E-B962D1742728}) (Version: 12.0 - Adobe Systems Incorporated)
Adobe Photoshop Elements 9 (HKLM-x32\...\Adobe Photoshop Elements 9) (Version: 9.0 - Adobe Systems Incorporated)
Adobe Photoshop.com Inspiration Browser (HKLM-x32\...\PhotoshopdotcomInspirationBrowser.4C35C4D325D350FE0114230CBADCA2DDD0AC8D25.1) (Version: 3.07 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.06) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.06 - Adobe Systems Incorporated)
Adobe Shockwave Player 12.0 (HKLM-x32\...\Adobe Shockwave Player) (Version: 12.0.0.112 - Adobe Systems, Inc.)
Age of Chivalry Dedicated Server (HKLM-x32\...\Steam App 17515) (Version:  - Team Chivalry)
Age of Conan - Hyborian Adventures (HKLM-x32\...\Age of Conan_is1) (Version:  - Funcom)
Age of Wonders III (HKLM-x32\...\Steam App 226840) (Version:  - Triumph Studios)
Akamai NetSession Interface (HKU\S-1-5-21-3319899460-182958709-312313737-1002\...\Akamai) (Version:  - Akamai Technologies, Inc)
Alan Wake (HKLM-x32\...\Steam App 108710) (Version:  - Remedy Entertainment)
Alan Wake's American Nightmare (HKLM-x32\...\Steam App 202750) (Version:  - Remedy Entertainment)
AMD Catalyst Install Manager (HKLM\...\{6119B3A6-3603-9695-0398-CDF2AF0A13F8}) (Version: 8.0.916.0 - Advanced Micro Devices, Inc.)
Amnesia - The Dark Descent  (HKLM-x32\...\{54B7A3C7-0940-4C16-A509-FC3C3758D22A}_is1) (Version: 1.2 - Frictional Games)
Android Studio (HKLM\...\Android Studio) (Version: 1.0 - Google Inc.)
Antichamber (HKLM-x32\...\Steam App 219890) (Version:  - Alexander Bruce)
Apple Application Support (HKLM-x32\...\{78002155-F025-4070-85B3-7C0453561701}) (Version: 3.0.6 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{6AF2AC2A-3532-43FD-9F4D-BDC9C0D724C7}) (Version: 7.1.2.6 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
ARMA 2 (HKLM-x32\...\Steam App 33900) (Version:  - Bohemia Interactive)
Arma 2: DayZ Mod (HKLM-x32\...\Steam App 224580) (Version:  - )
ARMA 2: Operation Arrowhead (HKLM-x32\...\Steam App 33930) (Version:  - Bohemia Interactive)
ARMA 2: Operation Arrowhead Beta (HKLM-x32\...\Steam App 219540) (Version:  - )
ATI Catalyst Registration (x32 Version: 3.00.0000 - ATI Technologies Inc.) Hidden
Audacity 1.3.14 (Unicode) (HKLM-x32\...\Audacity 1.3 Beta (Unicode)_is1) (Version:  - Audacity Team)
Audacity 2.0.2 (HKLM-x32\...\Audacity_is1) (Version: 2.0.2 - Audacity Team)
Audiophile USB 1.5.4.15 (HKLM-x32\...\USBAudiophile) (Version:  - )
Audiosurf (HKLM-x32\...\Steam App 12900) (Version:  - Dylan Fitterer)
Autodesk 3ds Max 2015 (HKLM\...\Autodesk 3ds Max 2015) (Version: 17.0.630.0 - Autodesk)
Autodesk 3ds Max 2015 (Version: 17.0.630.0 - Autodesk) Hidden
Autodesk 3ds Max 2015 Populate Data (HKLM\...\{57E92DED-DC6C-41E5-B9E1-76D83BD2EABE}) (Version: 17.0.0.0 - Autodesk)
Autodesk Application Manager (HKLM-x32\...\Autodesk Application Manager) (Version: 1.0.59.0 - Autodesk)
Autodesk Backburner 2015 (HKLM-x32\...\{8C5F38D2-8EFE-49A4-B3F5-BF3210FED168}) (Version: 15.0.0.0 - Autodesk)
Autodesk DirectConnect 2015 64-bit (HKLM\...\Autodesk DirectConnect 2015 64-bit) (Version: 9.0.56.4 - Autodesk)
Autodesk DirectConnect 2015 64-bit (Version: 9.0.56.4 - Autodesk) Hidden
Autodesk Inventor Server Engine for 3ds Max 2015 (HKLM\...\{9167CA34-4E48-49E3-8892-3C439739D2D3}) (Version: 17.0 - Autodesk)
Autodesk Material Library 2015 (HKLM-x32\...\{427F733F-4D6C-45BC-9324-EB743104C321}) (Version: 5.2.9.100 - Autodesk)
Autodesk Material Library Base Resolution Image Library 2015 (HKLM-x32\...\{ABE2F70B-8D94-44E9-AA04-F0DB35063D62}) (Version: 5.2.9.100 - Autodesk)
Autodesk Material Library Medium Resolution Image Library 2015 (HKLM-x32\...\{9F6466D9-6EFC-4A10-B931-C72D1A3F1763}) (Version: 5.2.9.100 - Autodesk)
Autodesk Revit Interoperability for 3ds Max 2015 (HKLM\...\Autodesk Revit Interoperability for 3ds Max 2015) (Version: 15.0.107.0 - Autodesk)
Autodesk Revit Interoperability for 3ds Max 2015 (Version: 15.0.107.0 - Autodesk) Hidden
AVG 2012 (HKLM\...\AVG) (Version: 2012.1.2249 - AVG Technologies)
AVG 2012 (Version: 12.0.4257 - AVG Technologies) Hidden
AVG 2012 (Version: 12.1.2249 - AVG Technologies) Hidden
AVG Security Toolbar (HKLM-x32\...\AVG Secure Search) (Version: 18.1.9.799 - AVG Technologies)
Bamboo (HKLM-x32\...\Pen Tablet Driver) (Version:  - Wacom Technology Corp.)
Battlefield 3™ (HKLM-x32\...\{76285C16-411A-488A-BCE3-C83CB933D8CF}) (Version: 1.4.0.0 - Electronic Arts)
Battlelog Web Plugins (HKLM-x32\...\Battlelog Web Plugins) (Version: 2.1.2 - EA Digital Illusions CE AB)
BattlEye for OA Uninstall (HKLM-x32\...\BattlEye for OA) (Version:  - )
Belkin USB Wireless Adaptor (HKLM-x32\...\InstallShield_{8524BBAC-E3A7-42F5-9B9A-5AE50A10C500}) (Version: 1.0.0.10 - Belkin)
Belkin USB Wireless Adaptor (x32 Version: 1.0.0.10 - Belkin) Hidden
BioShock (HKLM-x32\...\Steam App 7670) (Version:  - 2K Boston)
BioShock 2 (HKLM-x32\...\Steam App 8850) (Version:  - 2K Games)
BioShock Infinite (HKLM-x32\...\Steam App 8870) (Version:  - Irrational Games)
Block The Ads (HKLM-x32\...\{37476589-E48E-439E-A706-56189E2ED4C4}_is1) (Version:  - Block The Ads) <==== ATTENTION
BlueStacks App Player (HKLM-x32\...\BlueStacks App Player) (Version: 0.7.18.921 - BlueStack Systems, Inc.)
BlueStacks Notification Center (HKLM-x32\...\{87D0541E-7EB4-44AD-8A0D-D951152020C1}) (Version: 0.7.18.921 - BlueStack Systems, Inc.)
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
Brothers - A Tale of Two Sons (HKLM-x32\...\Steam App 225080) (Version:  - Starbreeze Studios AB)
Bryce 7.1 (HKLM-x32\...\Bryce 7.1 7.1.0.74) (Version: 7.1.0.74 - DAZ 3D)
Cabela's Dangerous Hunts 2013 Demo (HKLM-x32\...\Steam App 225580) (Version:  - )
CamStudio (HKLM-x32\...\CamStudio) (Version:  - )
Cheat Engine 6.3 (HKLM-x32\...\Cheat Engine 6.3_is1) (Version:  - Cheat Engine)
Chivalry: Medieval Warfare (HKLM-x32\...\Steam App 219640) (Version:  - )
ChromecastApp (HKU\S-1-5-21-3319899460-182958709-312313737-1002\...\{079ede36-133d-44b0-8053-c7c1fa8d2e0d}_is1) (Version: 1.5.1383.0 - Google Inc.)
Cisco EAP-FAST Module (HKLM-x32\...\{64BF0187-F3D2-498B-99EA-163AF9AE6EC9}) (Version: 2.2.14 - Cisco Systems, Inc.)
Cisco LEAP Module (HKLM-x32\...\{51C7AD07-C3F6-4635-8E8A-231306D810FE}) (Version: 1.0.19 - Cisco Systems, Inc.)
Cisco PEAP Module (HKLM-x32\...\{ED5776D5-59B4-46B7-AF81-5F2D94D7C640}) (Version: 1.1.6 - Cisco Systems, Inc.)
CloneCD (HKLM-x32\...\CloneCD) (Version:  - SlySoft)
Creative Music Server (HKLM-x32\...\Music Server) (Version: 1.01 - Creative Technology Limited)
DAEMON Tools Lite (HKLM-x32\...\DAEMON Tools Lite) (Version: 4.47.1.0333 - Disc Soft Ltd)
DAEMON Tools Ultra (HKLM-x32\...\DAEMON Tools Ultra) (Version: 1.0.0.0068 - Disc Soft Ltd)
Dark Souls: Prepare to Die Edition (HKLM-x32\...\Steam App 211420) (Version:  - FromSoftware)
DayZ (HKLM-x32\...\Steam App 221100) (Version:  - Bohemia Interactive)
DAZ Content Management Service (HKLM-x32\...\DAZ Content Management Service 4.8.1.7) (Version: 4.8.1.7 - DAZ 3D)
DAZ Install Manager (HKLM-x32\...\DAZ Install Manager 1.1.0.28) (Version: 1.1.0.28 - DAZ 3D)
DAZ Studio 4.5 (64bit) (HKLM-x32\...\DAZ Studio 4.5 (64bit) 4.5.1.56) (Version: 4.5.1.56 - DAZ 3D)
Deus Ex: Game of the Year Edition (HKLM-x32\...\Steam App 6910) (Version:  - Ion Storm)
Deus Ex: Human Revolution - The Missing Link (HKLM-x32\...\Steam App 201280) (Version:  - Eidos Montreal)
Deus Ex: Human Revolution (HKLM-x32\...\Steam App 28050) (Version:  - Eidos Montreal)
Deus Ex: Invisible War (HKLM-x32\...\Steam App 6920) (Version:  - Ion Storm)
Digidesign Pro Tools M-Powered Demo 7.4 (HKLM-x32\...\{14AA664E-9BFA-44C4-A083-83A2998679BA}) (Version: 7.4 - Digidesign, A Division of Avid Technology, Inc.)
Digidesign Shared Plug-Ins 7.4 (HKLM-x32\...\{AFE354A5-640F-4A23-94C8-0B441E8967CA}) (Version: 7.4 - Digidesign, A Division of Avid Technology, Inc.)
DirectX 9 Runtime (x32 Version: 1.00.0000 - Sonic Solutions) Hidden
Dishonored (HKLM-x32\...\Steam App 205100) (Version: 1.0 - Bethesda Softworks)
DivX Setup (HKLM-x32\...\DivX Setup) (Version: 2.6.0.34 - DivX, LLC)
Dolby Digital Live Pack (HKLM-x32\...\Dolby Digital Live Pack) (Version: 3.03 - Creative Technology Limited)
Dropbox (HKU\S-1-5-21-3319899460-182958709-312313737-1002\...\Dropbox) (Version: 2.0.0 - Dropbox, Inc.)
DSON Importer for Poser (64bit) (HKLM-x32\...\DSON Importer for Poser (64bit) 1.0.0.56) (Version: 1.0.0.56 - DAZ 3D)
DTS Connect Pack (HKLM-x32\...\DTS Connect Pack) (Version: 1.00 - Creative Technology Limited)
DVD Flick 1.3.0.7 (HKLM-x32\...\DVD Flick_is1) (Version: 1.3.0.7 - Dennis Meuwissen)
Dynamic Clothing Control DS4 (64bit) (HKLM-x32\...\Dynamic Clothing Control DS4 (64bit) 1.0.11.9) (Version: 1.0.11.9 - DAZ 3D)
Elements 9 Organizer (x32 Version: 9.0 - Adobe Systems Incorporated) Hidden
Elements STI Installer (x32 Version: 1.0 - Adobe Systems Incorporated) Hidden
FallenAngelsLair (HKLM\...\UDK-a4dd8eaf-489b-4776-80c8-5b56ee933523) (Version:  - Epic Games, Inc.)
Fraps (remove only) (HKLM-x32\...\Fraps) (Version:  - )
Garry's Mod (HKLM-x32\...\Steam App 4000) (Version:  - Facepunch Studios)
Goat Simulator (HKLM-x32\...\Steam App 265930) (Version:  - Coffee Stain Studios)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 40.0.2214.111 - Google Inc.)
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.26.9 - Google Inc.) Hidden
Grand Theft Auto IV (HKLM-x32\...\Steam App 12210) (Version:  - Rockstar)
Grand Theft Auto: Episodes from Liberty City (HKLM-x32\...\Steam App 12220) (Version:  - Rockstar)
Guild Wars 2 (HKLM-x32\...\Guild Wars 2) (Version:  - NCsoft Corporation, Ltd.)
GunboundIS (HKLM-x32\...\GunboundIS_is1) (Version:  - Softnyx co.,ltd.)
HandBrake 0.9.9.1 (HKLM-x32\...\HandBrake) (Version: 0.9.9.1 - )
Hexagon 2 (HKLM-x32\...\Hexagon 2 2.5.1.79) (Version: 2.5.1.79 - DAZ 3D)
High-Definition Video Playback 10 (x32 Version: 7.0.11400.29.0 - Nero AG) Hidden
Horizon v2.5.11.1 (HKLM-x32\...\d4cfeebc-b821-40b7-9f81-d366b1466f03_is1) (Version: 2.5.11.1 - Daring Development Inc.)
Hotspot Shield 3.11 (HKLM-x32\...\HotspotShield) (Version: 3.11 - AnchorFree Inc.)
HP Officejet 6600 Basic Device Software (HKLM\...\{B407F586-D027-45C3-9109-CC2943E839FA}) (Version: 28.0.1315.0 - Hewlett-Packard Co.)
HP Officejet 6600 Help (HKLM-x32\...\{2FA81482-5570-4CF0-9A10-D61D2F164916}) (Version: 140.0.2.2 - Hewlett Packard)
HP Officejet 6600 Product Improvement Study (HKLM\...\{9DD732B9-9B16-4F28-8E21-4AB5E40AF7DE}) (Version: 28.0.1315.0 - Hewlett-Packard Co.)
HP Update (HKLM-x32\...\{912D30CF-F39E-4B31-AD9A-123C6B794EE2}) (Version: 5.005.002.002 - Hewlett-Packard)
I.R.I.S. OCR (HKLM-x32\...\{CA6BCA2F-EDEB-408F-850B-31404BE16A61}) (Version: 12.3.4.0 - HP)
iClone v5.01  (HKLM-x32\...\{E8EB9130-8C34-4DCE-A6C4-B1C5A399F616}) (Version: 5.01.1005.1 - Reallusion Inc.)
iCloud (HKLM\...\{CE97E4D3-9F91-4D72-8A29-ED9EA90E5A15}) (Version: 2.1.3.25 - Apple Inc.)
ImgBurn (HKLM-x32\...\ImgBurn) (Version: 2.5.7.0 - LIGHTNING UK!)
Inkscape 0.48.2 (HKLM-x32\...\Inkscape) (Version: 0.48.2 - )
Intel® Control Center (HKLM-x32\...\{F8A9085D-4C7A-41a9-8A77-C8998A96C421}) (Version: 1.2.1.1007 - Intel Corporation)
Intel® Rapid Storage Technology (HKLM-x32\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 9.6.0.1014 - Intel Corporation)
Intel® Turbo Boost Technology Monitor (HKLM\...\{39F4C6F9-618A-4E5B-8FB2-6BD661174E32}) (Version: 1.0.400.5 - Intel)
Intel® Hardware Accelerated Execution Manager (HKLM\...\{ECCB31F5-435D-4F37-A98D-5854D3C62718}) (Version: 1.1.1 - Intel Corporation)
Interlok driver setup x64 (HKLM\...\{25613C10-27D2-410B-942B-D922D5C3A7BE}) (Version: 5.7.2.2923 - PACE Anti-Piracy)
iTunes (HKLM\...\{77DE5105-D05E-448C-96CB-7FA381903753}) (Version: 11.3.1.2 - Apple Inc.)
Java 7 Update 40 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83217040FF}) (Version: 7.0.400 - Oracle)
Java 7 Update 75 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F06417075FF}) (Version: 7.0.750 - Oracle)
Java SE Development Kit 7 Update 75 (64-bit) (HKLM\...\{64A3A4F4-B792-11D6-A78A-00B0D0170750}) (Version: 1.7.0.750 - Oracle)
Java SE Development Kit 7 Update 9 (HKLM-x32\...\{32A3A4F4-B792-11D6-A78A-00B0D0170090}) (Version: 1.7.0.90 - Oracle)
Java™ 6 Update 37 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83216032FF}) (Version: 6.0.370 - Oracle)
JMicron JMB36X Driver (HKLM-x32\...\{3A1B5D40-41E9-43FA-8C7B-A8667F5586EF}) (Version: 1.00.0000 - JMICRON Technology Corp.)
Just Cause 2 (HKLM-x32\...\Steam App 8190) (Version:  - Avalanche)
Kerbal Space Program (HKLM-x32\...\Steam App 220200) (Version:  - Squad)
Left 4 Dead 2 (HKLM-x32\...\Steam App 550) (Version:  - Valve)
LEGO - The Hobbit (HKLM-x32\...\Steam App 285160) (Version:  - Traveller's Tales)
LEGO Lord of the Rings (HKLM-x32\...\Steam App 214510) (Version:  - Traveller's Tales)
Lexmark Pro800-Pro900 Series (HKLM\...\Lexmark Pro800-Pro900 Series) (Version:  - Lexmark International, Inc.)
Lexmark Toolbar (HKLM-x32\...\{1017A80C-6F09-4548-A84D-EDD6AC9525F0}) (Version: 4.3.37.0 - )
Lexmark Tools for Office (HKLM-x32\...\{10812DE7-2E57-4740-B226-6B3BE34AF9D7}) (Version: 1.29.0.0 - )
LIMBO (HKLM-x32\...\Steam App 48000) (Version:  - )
Logitech GamePanel Software 3.06.109 (HKLM\...\{A1E85B9A-AFAD-4D38-AF01-6B020DD5213A}) (Version: 3.06.109 - Logitech Inc.)
Logitech Harmony Remote Software (HKLM-x32\...\{634F79E1-2A41-4C40-9E8D-89EC740AC9D6}) (Version: 0.6.0201 - Logitech)
Logitech Harmony Remote Software 7 (HKLM-x32\...\{5C6F884D-680C-448B-B4C9-22296EE1B206}) (Version: 7.7.0.0 - Logitech)
Lunar Flight (HKLM-x32\...\Steam App 208600) (Version:  - Shovsoft)
LuxRender 1.3.1 x64 OpenCL (HKLM\...\{C289183E-1DD8-42FA-8DFE-94F61ED1CFA3}_is1) (Version: 1.3.1 - LuxRender)
Magic 2014  (HKLM-x32\...\Steam App 213850) (Version:  - Stainless Games)
Malwarebytes Anti-Malware version 2.0.4.1028 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.4.1028 - Malwarebytes Corporation)
Mark Leung - Revenge of the bleep (HKLM-x32\...\Mark Leung - Revenge of the bleep1.2) (Version: 1.2 - Uglysoft)
M-Audio FastTrackPro Driver 6.0.7 (x64) (HKLM\...\{73089240-023C-11E0-9AE3-2BA1DFD72085}) (Version: 6.0.7 - M-Audio)
McAfee Security Scan Plus (HKLM\...\McAfee Security Scan) (Version: 3.8.150.1 - McAfee, Inc.)
Microsoft .NET Framework 1.1 (HKLM-x32\...\{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}) (Version: 1.1.4322 - Microsoft)
Microsoft .NET Framework 4.5.2 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.51209 - Microsoft Corporation)
Microsoft Games for Windows - LIVE Redistributable (HKLM-x32\...\{42AA4CA8-DCD8-4308-BCAB-0B6D75856A9D}) (Version: 3.5.95.0 - Microsoft Corporation)
Microsoft Games for Windows Marketplace (HKLM-x32\...\{4CB0307C-565E-4441-86BE-0DF2E4FB828C}) (Version: 3.5.50.0 - Microsoft Corporation)
Microsoft Mouse and Keyboard Center (HKLM\...\Microsoft Mouse and Keyboard Center) (Version: 2.1.177.0 - Microsoft Corporation)
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM-x32\...\{90120000-001B-0000-0000-0000000FF1CE}_WORD_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version:  - Microsoft)
Microsoft Office File Validation Add-In (HKLM-x32\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
Microsoft Office Word 2007 (HKLM-x32\...\WORD) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Primary Interoperability Assemblies 2005 (HKLM-x32\...\{D24DB8B9-BB6C-4334-9619-BA1C650E13D3}) (Version: 8.0.50727.42 - Microsoft Corporation)
Microsoft Save as PDF or XPS Add-in for 2007 Microsoft Office programs (HKLM-x32\...\{90120000-00B2-0409-0000-0000000FF1CE}) (Version: 12.0.4518.1014 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x64 9.0.30729.5570 (HKLM\...\{8338783A-0968-3B85-AFC7-BAAE0A63DC50}) (Version: 9.0.30729.5570 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 (HKLM-x32\...\{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}) (Version: 9.0.30729.5570 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.50727 (HKLM-x32\...\{15134cb0-b767-4960-a911-f2d16ae54797}) (Version: 11.0.50727.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.60610 (HKLM-x32\...\{95716cce-fc71-413f-8ad5-56c2892d4b3a}) (Version: 11.0.60610.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft XNA Framework Redistributable 4.0 (HKLM-x32\...\{2BFC7AA0-544C-4E3A-8796-67F3BE655BE9}) (Version: 4.0.20823.0 - Microsoft Corporation)
MobileMe Control Panel (HKLM\...\{AF5020D9-116A-46AC-A922-087592F37EC9}) (Version: 3.1.8.0 - Apple Inc.)
Mozilla Firefox 35.0.1 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 35.0.1 (x86 en-US)) (Version: 35.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 35.0.1 - Mozilla)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (KB2721691) (HKLM-x32\...\{355B5AC0-CEEE-42C5-AD4D-7F3CFD806C36}) (Version: 4.30.2114.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (KB2758694) (HKLM-x32\...\{1D95BA90-F4F8-47EC-A882-441C99D30C1E}) (Version: 4.30.2117.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (KB973685) (HKLM-x32\...\{859DFA95-E4A6-48CD-B88E-A3E483E89B44}) (Version: 4.30.2107.0 - Microsoft Corporation)
My Game Long Name (HKLM\...\UDK-698aa06b-2de1-4eb4-88e9-aa762e0c2668) (Version:  - Epic Games, Inc.)
My Game Long Name (HKLM\...\UDK-dd7149be-523e-4e91-abe6-05d35620ac77) (Version:  - Epic Games, Inc.)
Native Instruments Guitar Rig 3 (HKLM-x32\...\Native Instruments Guitar Rig 3) (Version:  - )
Nero BackItUp 10 (HKLM-x32\...\{68AB6930-5BFF-4FF6-923B-516A91984FE6}) (Version: 5.4.11600.19.100 - Nero AG)
Nero Burning ROM 10 (HKLM-x32\...\{7A5D731D-B4B3-490E-B339-75685712BAAB}) (Version: 10.0.11100.10.100 - Nero AG)
Nero BurnRights 10 (HKLM-x32\...\{943CFD7D-5336-47AF-9418-E02473A5A517}) (Version: 4.0.11000.12.100 - Nero AG)
Nero CoverDesigner 10 (HKLM-x32\...\{FCF00A6E-FB58-477A-ABE9-232907105521}) (Version: 5.0.10900.11.100 - Nero AG)
Nero DiscSpeed 10 (HKLM-x32\...\{34490F4E-48D0-492E-8249-B48BECF0537C}) (Version: 6.0.10800.7.100 - Nero AG)
Nero Express 10 (HKLM-x32\...\{70550193-1C22-445C-8FA4-564E155DB1A7}) (Version: 10.0.11000.10.100 - Nero AG)
Nero InfoTool 10 (HKLM-x32\...\{F412B4AF-388C-4FF5-9B2F-33DB1C536953}) (Version: 7.0.10800.8.100 - Nero AG)
Nero MediaHub 10 (HKLM-x32\...\{1F7FB68F-52F6-46A3-B42F-38CE46295AE5}) (Version: 1.0.13400.11.100 - Nero AG)
Nero Multimedia Suite 10 (HKLM-x32\...\{277C1559-4CF7-44FF-8D07-98AA9C13AABD}) (Version: 10.0.13100 - Nero AG)
Nero Recode 10 (HKLM-x32\...\{8ECEC853-5C3D-4B10-B5C7-FF11FF724807}) (Version: 4.6.10900.4.100 - Nero AG)
Nero RescueAgent 10 (HKLM-x32\...\{E337E787-CF61-4B7B-B84F-509202A54023}) (Version: 3.0.10900.9.100 - Nero AG)
Nero SoundTrax 10 (HKLM-x32\...\{E1EE5339-5D32-458F-BAAB-B19F6301BCE2}) (Version: 4.6.10600.2.100 - Nero AG)
Nero StartSmart 10 (HKLM-x32\...\{F61D489E-6C44-49AC-AD02-7DA8ACA73A65}) (Version: 10.0.11200.12.100 - Nero AG)
Nero Update (HKLM-x32\...\{65BB0407-4CC8-4DC7-952E-3EEFDF05602A}) (Version: 1.0.0017 - Nero AG)
Nero Vision 10 (HKLM-x32\...\{9A4297F3-2A51-4ED9-92CA-4BCB8380947E}) (Version: 7.0.11100.8.100 - Nero AG)
Nero WaveEditor 10 (HKLM-x32\...\{EDCDFAD5-DF80-4600-A493-E9DAD6810230}) (Version: 5.6.10600.2.100 - Nero AG)
NETGEAR WNDA4100 Genie (HKLM-x32\...\InstallShield_{422FB885-2E3D-4F0C-8C47-BF4336B5318B}) (Version: 1.2.0.10 - NETGEAR)
NETGEAR WNDA4100 Genie (x32 Version: 1.2.0.10 - NETGEAR) Hidden
Nexon Game Manager (HKLM-x32\...\{EA2DB6E0-72C5-4ef9-A3A0-E6705F4A6A9E}) (Version:  - )
NVIDIA PhysX (HKLM-x32\...\{8B922CF8-8A6C-41CE-A858-F1755D7F5D29}) (Version: 9.12.1031 - NVIDIA Corporation)
OpenAL (HKLM-x32\...\OpenAL) (Version:  - )
Organ Trail: Director's Cut (HKLM-x32\...\Steam App 233740) (Version:  - The Men Who Wear Many Hats)
Origin (HKLM-x32\...\Origin) (Version: 9.0.15.65 - Electronic Arts, Inc.)
Outerra - Anteworld - Outerra Anteworld Demo (HKLM-x32\...\Outerra Anteworld) (Version: "0.7.16-3782" - "Outerra")
Paint.NET v3.5.10 (HKLM\...\{529125EF-E3AC-4B74-97E6-F688A7C0F1C0}) (Version: 3.60.0 - dotPDN LLC)
Pando Media Booster (HKLM-x32\...\{980A182F-E0A2-4A40-94C1-AE0C1235902E}) (Version: 2.3.4.1 - Pando Networks Inc.)
PAYDAY 2 (HKLM-x32\...\Steam App 218620) (Version:  - OVERKILL - a Starbreeze Studio.)
PAYDAY: The Heist (HKLM-x32\...\Steam App 24240) (Version:  - OVERKILL Software)
PDF Settings CS6 (x32 Version: 11.0 - Adobe Systems Incorporated) Hidden
Play withSIX (HKLM-x32\...\{310CC2FA-5EC5-48B6-BB31-5551B78449BA}) (Version: 1.00.0174 - SIX Networks)
Poser Debut (HKLM-x32\...\Poser Debut_is1) (Version: 8.0.3 - Smith Micro Software, Inc.)
Poser Pro 2012 (HKLM\...\Poser Pro 2012_is1) (Version: 9.0.0 - Smith Micro Software, Inc.)
PunkBuster Services (HKLM-x32\...\PunkBusterSvc) (Version: 0.991 - Even Balance, Inc.)
PxMergeModule (x32 Version: 1.00.0000 - Your Company Name) Hidden
Queue Manager 2012 (HKLM\...\Queue Manager 2012_is1) (Version: 8.0.3 - Smith Micro Software, Inc.)
Quicken 2013 (HKLM-x32\...\{034DD4BB-F0D6-4ECF-B064-8E39E3EF7076}) (Version: 22.1.11.31 - Intuit)
QuickTime 7 (HKLM-x32\...\{111EE7DF-FC45-40C7-98A7-753AC46B12FB}) (Version: 7.75.80.95 - Apple Inc.)
Raptr (HKLM-x32\...\Raptr) (Version:  - )
RealDownloader (x32 Version: 1.3.1 - RealNetworks, Inc.) Hidden
RealNetworks - Microsoft Visual C++ 2008 Runtime (x32 Version: 9.0 - RealNetworks, Inc) Hidden
RealNetworks - Microsoft Visual C++ 2010 Runtime (x32 Version: 10.0 - RealNetworks, Inc) Hidden
RealPlayer (HKLM-x32\...\RealPlayer 15.0) (Version:  - RealNetworks)
RealPlayer (HKLM-x32\...\RealPlayer 16.0) (Version: 16.0.0 - RealNetworks)
Realtek Ethernet Controller Driver For Windows 7 (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.17.304.2010 - Realtek)
RealUpgrade 1.1 (x32 Version: 1.1.0 - RealNetworks, Inc.) Hidden
Remote Control USB Driver (HKLM-x32\...\{8471021C-F529-43DE-84DF-3612E10F58C4}) (Version: 2.3.2.317 - )
Rhapsody (HKLM-x32\...\Rhapsody) (Version:  - )
RiftCoaster (HKLM\...\UDK-4a02cdb3-6143-46ec-9795-eb6b884c65bb) (Version:  - Epic Games, Inc.)
RollerCoaster Tycoon 3: Platinum! (HKLM-x32\...\Steam App 2700) (Version:  - Frontier)
Safari (HKLM-x32\...\{C779648B-410E-4BBA-B75B-5815BCEFE71D}) (Version: 5.34.57.2 - Apple Inc.)
Saints Row: The Third (HKLM-x32\...\Steam App 55230) (Version:  - Volition)
Samsung i-Launcher 1.0.1.48 (HKLM-x32\...\Samsung i-Launcher) (Version: 1.0.1.48 - Samsung Electronics Co., Ltd.)
Scribblenauts Unlimited (HKLM-x32\...\Steam App 218680) (Version:  - )
Search Protect (HKLM-x32\...\SearchProtect) (Version: 2.13.2.14 - Client Connect LTD) <==== ATTENTION
Sharepod 4.0.1.0 (HKLM-x32\...\{085BCFB8-F6FB-4600-AFAB-1F6DBC7F5F99}_is1) (Version:  - Macroplant LLC)
Sid Meier's Civilization V (HKLM-x32\...\Steam App 8930) (Version:  - 2K Games, Inc.)
Skype Click to Call (HKLM-x32\...\{6D1221A9-17BF-4EC0-81F2-27D30EC30701}) (Version: 7.3.16540.9015 - Microsoft Corporation)
SMS (remove only) (HKLM-x32\...\SMS) (Version:  - )
SONAR 8.0 Producer Edition (HKLM-x32\...\SONAR8Producer_x64_is1) (Version: 17.0 - Cakewalk Music Software)
Sound Blaster Z-Series (HKLM-x32\...\{34BB1F1C-5B9F-4F7B-BE3D-AC9AC304491D}) (Version: 1.00.16 - Creative Technology Limited)
Sound Blaster Z-Series Extras (HKLM-x32\...\{9D9DB4BA-E352-4AC8-AD2B-B10104F5AB80}) (Version: 1.0 - Creative Technology Limited)
Source SDK (HKLM-x32\...\Steam App 211) (Version:  - Valve)
Source SDK Base 2013 Singleplayer (HKLM-x32\...\Steam App 243730) (Version:  - )
State of Decay (HKLM-x32\...\Steam App 241540) (Version:  - Undead Labs)
Steam (HKLM-x32\...\{048298C9-A4D3-490B-9FF9-AB023A9238F3}) (Version: 1.0.0.0 - Valve Corporation)
SUPERAntiSpyware (HKLM\...\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}) (Version: 5.6.1014 - SUPERAntiSpyware.com)
Surgeon Simulator 2013 (HKLM-x32\...\Steam App 233720) (Version:  - Bossa Studios)
swMSM (x32 Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
TeamSpeak 3 Client (HKLM\...\TeamSpeak 3 Client) (Version:  - TeamSpeak Systems GmbH)
Terraria (HKLM-x32\...\Steam App 105600) (Version:  - Re-Logic)
The Elder Scrolls V: Skyrim (HKLM-x32\...\Steam App 72850) (Version:  - Bethesda Game Studios)
The Forest (HKLM-x32\...\Steam App 242760) (Version:  - Endnight Games Ltd)
The Lord of the Rings FREE Trial  (x32 Version: 1.00.0000 - ATI Technologies Inc.) Hidden
The Lord of the Rings Online™ v1200.0054.0447.4006 (HKLM-x32\...\12bbe590-c890-11d9-9669-0800200c9a66_is1) (Version: 1200.0054.0447.4006 - Turbine, Inc.)
The Walking Dead (HKLM-x32\...\Steam App 207610) (Version:  - )
The War Z version alpha (HKLM-x32\...\{BC3051A7-1021-4B57-A3DA-AAC24566FAE7}_is1) (Version: alpha - Arktos Entertainment Group LLC)
The Wonderful End of the World (HKLM-x32\...\Steam App 15500) (Version:  - Dejobaan Games, LLC)
Tomb Raider (HKLM-x32\...\Steam App 203160) (Version:  - Crystal Dynamics)
TreeSize Free V3.2.1 (HKLM-x32\...\TreeSize Free_is1) (Version: 3.2.1 - JAM Software)
Tropico 4 (HKLM-x32\...\Steam App 57690) (Version:  - Haemimont Games)
UnderCurrent VR X01 (HKLM\...\UDK-564d4241-15a0-4e7f-9e60-a7ef83cb5ca6) (Version:  - Epic Games, Inc.)
Unity (HKLM-x32\...\Unity) (Version:  - Unity Technologies ApS)
Unity Web Player (HKU\S-1-5-21-3319899460-182958709-312313737-1002\...\UnityWebPlayer) (Version:  - Unity Technologies ApS)
Update for 2007 Microsoft Office System (KB967642) (HKLM-x32\...\{90120000-001B-0000-0000-0000000FF1CE}_WORD_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version:  - Microsoft)
Updater Service (HKLM-x32\...\Updater Service) (Version: 15,9,28,27 - ) <==== ATTENTION
VC80CRTRedist - 8.0.50727.6195 (x32 Version: 1.2.0 - DivX, Inc) Hidden
VDMSound 2.0.4 (HKLM-x32\...\{8ECBE643-8230-11D5-9D6B-00A024112F81}) (Version: 2.0.4.0 - VDMSound Project)
Ventrilo Client (HKLM-x32\...\{789289CA-F73A-4A16-A331-54D498CE069F}) (Version: 3.0.8 - Flagship Industries, Inc.)
VirtualReality.io (HKLM-x32\...\VirtualReality.io) (Version:  - )
Visual C++ 8.0 Runtime Setup Package (x64) (HKLM-x32\...\{2FDBBCEA-62DB-45F4-B6E5-0E1FB2A1F29D}) (Version: 9.0.0.623 - AVG Technologies CZ, s.r.o.)
Visual Studio 2008 x64 Redistributables (HKLM-x32\...\{FCDBEA60-79F0-4FAE-BBA8-55A26C609A49}) (Version: 10.0.0.2 - AVG Technologies)
VR Player (HKLM-x32\...\{F59C176F-DD10-4E82-96B2-A3B796F26169}) (Version: 1.0.0 - StephaneLX)
Vue 10 xStream 64bit (HKLM-x32\...\Vue 10 xStream 64bit) (Version: 10 - e-on software)
Vue11 64bit (HKLM-x32\...\Vue11 64bit) (Version: 11 - e-on software)
War Thunder (HKLM-x32\...\Steam App 236390) (Version:  - Gaijin Entertainment)
WebTablet IE Plugin (HKLM-x32\...\Wacom WebTabletPlugin for IE) (Version: 1.1.0.4 - Wacom Technology Corp.)
WebTablet Netscape Plugin (HKLM-x32\...\Wacom WebTabletPlugin for Netscape) (Version: 1.1.0.3 - Wacom Technology Corp.)
Windows Live ID Sign-in Assistant (HKLM\...\{9B48B0AC-C813-4174-9042-476A887592C7}) (Version: 6.500.3165.0 - Microsoft Corporation)
Windows Media Player Firefox Plugin (HKLM-x32\...\{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}) (Version: 1.0.0.8 - Microsoft Corp)
Windows Media Player Packages (HKU\S-1-5-21-3319899460-182958709-312313737-1002\...\Windows Media Player Packages) (Version:  - ) <==== ATTENTION
WinRAR 4.20 (64-bit) (HKLM\...\WinRAR archiver) (Version: 4.20.0 - win.rar GmbH)
Wolfram Alpha Official (HKLM-x32\...\{AD11DADE-C597-45D9-D8C5-1D2EB0B89613}) (Version:  - ) <==== ATTENTION
XECUTER CK3 PRO - USB (HKLM-x32\...\{B5734BB9-56FC-4937-88F2-AB34ABF49821}) (Version: 1.00.000 - XECUTER)
Xvid 1.2.2 final uninstall (HKLM-x32\...\Xvid_is1) (Version: 1.2 - Xvid team (Koepi))
ZBrush 4R6 (HKLM-x32\...\ZBrush 4R6 4R6) (Version: 4R6 - Pixologic)
Zeno Clash (HKLM-x32\...\Steam App 22200) (Version:  - ACE Team)
Zeno Clash 2 (HKLM-x32\...\Steam App 215690) (Version:  - ACE Team)
 
==================== Custom CLSID (selected items): ==========================
 
(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)
 
CustomCLSID: HKU\S-1-5-21-3319899460-182958709-312313737-1002_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Users\Richard\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3319899460-182958709-312313737-1002_Classes\CLSID\{073CB204-6B29-46FC-AB98-451F1D068741}\InprocServer32 -> C:\Program Files\Autodesk\3ds Max 2015\Inventor Server\Bin\TestServer.dll No File
CustomCLSID: HKU\S-1-5-21-3319899460-182958709-312313737-1002_Classes\CLSID\{0F22A205-CFB0-4679-8499-A6F44A80A208}\InprocServer32 -> C:\Users\Richard\AppData\Local\Google\Update\1.3.25.5\psuser_64.dll No File
CustomCLSID: HKU\S-1-5-21-3319899460-182958709-312313737-1002_Classes\CLSID\{355EC88A-02E2-4547-9DEE-F87426484BD1}\InprocServer32 -> C:\Users\Richard\AppData\Local\Google\Update\1.3.23.9\psuser_64.dll No File
CustomCLSID: HKU\S-1-5-21-3319899460-182958709-312313737-1002_Classes\CLSID\{8C23B656-4E6E-4B45-9920-9617168D39A3}\InprocServer32 -> C:\Program Files\Autodesk\3ds Max 2015\Inventor Server\Bin\TestServer.dll No File
CustomCLSID: HKU\S-1-5-21-3319899460-182958709-312313737-1002_Classes\CLSID\{90B3DFBF-AF6A-4EA0-8899-F332194690F8}\InprocServer32 -> C:\Users\Richard\AppData\Local\Google\Update\1.3.24.15\psuser_64.dll No File
CustomCLSID: HKU\S-1-5-21-3319899460-182958709-312313737-1002_Classes\CLSID\{C3BC25C0-FCD3-4F01-AFDD-41373F017C9A}\InprocServer32 -> C:\Users\Richard\AppData\Local\Google\Update\1.3.26.9\psuser_64.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-3319899460-182958709-312313737-1002_Classes\CLSID\{D0336C0B-7919-4C04-8CCE-2EBAE2ECE8C9}\InprocServer32 -> C:\Users\Richard\AppData\Local\Google\Update\1.3.25.11\psuser_64.dll No File
CustomCLSID: HKU\S-1-5-21-3319899460-182958709-312313737-1002_Classes\CLSID\{E5B0515D-48D2-4F04-906D-0192ED65A2DD}\InprocServer32 -> C:\Program Files\Autodesk\3ds Max 2015\Inventor Server\Bin\TestServer.dll No File
CustomCLSID: HKU\S-1-5-21-3319899460-182958709-312313737-1002_Classes\CLSID\{E8CF3E55-F919-49D9-ABC0-948E6CB34B9F}\InprocServer32 -> C:\Users\Richard\AppData\Local\Google\Update\1.3.26.9\psuser_64.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-3319899460-182958709-312313737-1002_Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Richard\AppData\Roaming\Dropbox\bin\DropboxExt64.17.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3319899460-182958709-312313737-1002_Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Richard\AppData\Roaming\Dropbox\bin\DropboxExt64.17.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3319899460-182958709-312313737-1002_Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Richard\AppData\Roaming\Dropbox\bin\DropboxExt64.17.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3319899460-182958709-312313737-1002_Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Richard\AppData\Roaming\Dropbox\bin\DropboxExt64.17.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3319899460-182958709-312313737-1002_Classes\CLSID\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InprocServer32 -> C:\$Recycle.Bin ()
CustomCLSID: HKU\S-1-5-21-3319899460-182958709-312313737-1002_Classes\CLSID\{FE498BAB-CB4C-4F88-AC3F-3641AAAF5E9E}\InprocServer32 -> C:\Users\Richard\AppData\Local\Google\Update\1.3.24.7\psuser_64.dll No File
 
==================== Restore Points  =========================
 
14-02-2015 03:00:19 Windows Update
14-02-2015 17:55:29 Device Driver Package Install: NETGEAR Inc. Network Protocol
14-02-2015 17:56:00 Installed NETGEAR WNDA3100v2 wireless USB 2.0 adapter
14-02-2015 18:02:15 Device Driver Package Install: NETGEAR Inc. Network Protocol
14-02-2015 18:02:26 Removed NETGEAR WNDA3100v2 wireless USB 2.0 adapter
14-02-2015 19:27:39 Installed NETGEAR WNDA4100 Genie
15-02-2015 18:30:59 Windows Update
15-02-2015 19:00:26 Windows Backup
16-02-2015 21:50:23 Installed HP Update.
 
==================== Hosts content: ==========================
 
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 
2010-12-19 04:22 - 2012-06-14 23:55 - 00001798 ____A C:\Windows\system32\Drivers\etc\hosts
127.0.0.1 activate.adobe.com
127.0.0.1 practivate.adobe.com
127.0.0.1 ereg.adobe.com
127.0.0.1 activate.wip3.adobe.com
127.0.0.1 wip3.adobe.com
127.0.0.1 3dns-3.adobe.com
127.0.0.1 3dns-2.adobe.com
127.0.0.1 adobe-dns.adobe.com
127.0.0.1 adobe-dns-2.adobe.com
127.0.0.1 adobe-dns-3.adobe.com
127.0.0.1 ereg.wip3.adobe.com
127.0.0.1 activate-sea.adobe.com
127.0.0.1 wwis-dubc1-vip60.adobe.com
127.0.0.1 activate-sjc0.adobe.com
127.0.0.1                               adobe.activate.com
127.0.0.1                               adobeereg.com                        
127.0.0.1                               www.adobeereg.com                    
127.0.0.1                               wwis-dubc1-vip60.adobe.com           
127.0.0.1                               125.252.224.90                       
127.0.0.1                               125.252.224.91
127.0.0.1                               hl2rcv.adobe.com
 
 
==================== Scheduled Tasks (whitelisted) =============
 
(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)
 
Task: {002B30E6-C4C8-4FEB-8F15-F9C8A5709B72} - System32\Tasks\Microsoft_Hardware_Launch_mousekeyboardcenter_exe => c:\Program Files\Microsoft Mouse and Keyboard Center\mousekeyboardcenter.exe [2013-01-29] (Microsoft)
Task: {0251B964-6AD6-4643-81C9-D2192F2B1D9F} - System32\Tasks\{05F3A784-EE1A-489C-96CA-7F11364DE75C} => pcalua.exe -a "C:\Program Files (x86)\Xfire\uninst.exe"
Task: {04D78EF2-BC99-4798-BB90-6C184C006AE2} - System32\Tasks\{CB59DF9C-14C3-46F6-A44F-6AE8E9413E4F} => C:\Users\Richard\Downloads\Mechwarrior Trilogy\_Patches\Mechwarrior 2 Win95 XP patches\mw2patch.exe
Task: {05A37FDF-C739-4A1C-AC45-E277C23C28AD} - System32\Tasks\RealPlayerRealUpgradeScheduledTaskS-1-5-21-3319899460-182958709-312313737-1002 => C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe [2013-03-06] (RealNetworks, Inc.)
Task: {0D2AE60E-B866-4A32-A5B4-560E120A0610} - System32\Tasks\{E77F17A6-3D95-4FA8-872B-5883D54B9B0F} => pcalua.exe -a "P:\DAZ Content\Daz - the Freak\Ps_Ac573B - Freak - Princedemon.exe" -d "P:\DAZ Content\Daz - the Freak"
Task: {122308CD-9AF0-4703-A371-B8A65156DDAE} - System32\Tasks\{EA771589-20E2-4763-A892-C75905E6C660} => pcalua.exe -a "C:\Users\Richard\Downloads\Daz3D - Poser - Victoria 5 Pro\9032_1_ds_DynamicClothingControl.exe" -d "C:\Users\Richard\Downloads\Daz3D - Poser - Victoria 5 Pro"
Task: {12D7F5D2-94E3-4A34-AC83-4E747C7A6AC1} - System32\Tasks\AVG-Secure-Search-Update_JUNE2013_TB_rmv => C:\Windows\TEMP\{8A31AB4F-03BB-45B2-A8FB-F4A44E1D6881}.exe
Task: {14EF26F8-CC91-417E-9BCC-A2DC04F3AE8C} - System32\Tasks\HPCustParticipation HP Officejet 6600 => C:\Program Files\HP\HP Officejet 6600\Bin\HPCustPartic.exe [2012-10-17] (Hewlett-Packard Co.)
Task: {16AE9086-EFC6-4D5A-8C3E-62076FA9463A} - System32\Tasks\ReclaimerUpdateFiles_Richard => C:\Users\Richard\AppData\Roaming\Real\Update\UpgradeHelper\RealPlayer\12.01\agent\rnupgagent.exe [2015-02-01] (RealNetworks, Inc.)
Task: {20FFA7DA-E879-4A14-9766-ACFE778672BE} - System32\Tasks\{00BAEB91-B010-41B9-9975-2022DCCCEDF4} => C:\Program Files (x86)\NUVICO CMS Lite\SMS.exe [2010-06-30] ()
Task: {2233A608-3328-46B3-BE13-11B827FFB546} - System32\Tasks\AdobeAAMUpdater-1.0-Richard-PC-Richard => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [2012-04-04] (Adobe Systems Incorporated)
Task: {2B5899A8-58E7-450C-AD33-1E872C7A583C} - System32\Tasks\{7578E25C-6957-46D9-ACD9-32ADA18119DC} => C:\Program Files (x86)\Guild Wars 2\Gw2.exe [2014-05-05] (ArenaNet)
Task: {342E7960-A9E9-4DDC-9B83-2570FC26A69C} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-10-21] (Google Inc.)
Task: {3F089083-C86A-4E5E-92F8-300349646120} - System32\Tasks\Microsoft\Windows\TabletPC\InputPersonalization => C:\Program Files\Common Files\Microsoft Shared\Ink\InputPersonalization.exe [2009-07-13] (Microsoft Corporation)
Task: {4887E59A-42C4-4B23-8034-076A3FB240F0} - System32\Tasks\ReclaimerUpdateXML_Richard => C:\Users\Richard\AppData\Roaming\Real\Update\UpgradeHelper\RealPlayer\12.01\agent\rnupgagent.exe [2015-02-01] (RealNetworks, Inc.)
Task: {49CE4374-9990-4907-B3D2-D9B60807E80D} - System32\Tasks\{1432E841-8E51-4F8D-B906-75659843C958} => pcalua.exe -a "P:\DAZ Content\Daz - Aiko\ps_ac1685 - Heavenbound For a3 - Part 1.exe" -d "P:\DAZ Content\Daz - Aiko"
Task: {4EAA11B2-D0E4-4C46-B827-58F42F895C96} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-3319899460-182958709-312313737-1002Core => C:\Users\Richard\AppData\Local\Google\Update\GoogleUpdate.exe [2014-04-12] (Google Inc.)
Task: {4F89A3F0-486D-4ED0-BF46-817DFAA3E591} - System32\Tasks\{0ECA4FD8-833E-48D5-BF61-21E407E3CF23} => pcalua.exe -a "P:\DAZ Content\Daz - Vicki\ps_ac611b - V3 Mystic Moon Hair.exe" -d "P:\DAZ Content\Daz - Vicki"
Task: {5485805E-2CD8-4AB0-BB6D-DD86CD876385} - System32\Tasks\{CA76B21F-6E3A-4C57-BAE0-E6DFE7E54FE5} => pcalua.exe -a C:\Users\Richard\Downloads\ASIO4ALL_2_10_beta1_English.exe -d "C:\Program Files (x86)\Mozilla Firefox"
Task: {570066E0-CDDE-4424-83D1-8892F26D79A0} - System32\Tasks\{CF6A7BD5-B976-48AC-A29A-147940DE2557} => pcalua.exe -a "P:\DAZ Content\Daz - Vicki\ps_ac879_UltimatePonyTail.exe" -d "P:\DAZ Content\Daz - Vicki"
Task: {5B6CF4AC-94D8-4368-849F-31B2186387B5} - System32\Tasks\{7F472B76-E45E-41E6-82F0-37C06874B716} => C:\Users\Richard\Downloads\Mechwarrior Trilogy\_Patches\Mechwarrior 2 Win95 XP patches\mw2patch.exe
Task: {6002B85A-A25B-49EA-9347-512FCB215B36} - System32\Tasks\{02AE7E7F-341B-4970-8201-38929A4FDE16} => pcalua.exe -a C:\Users\Richard\Downloads\qavimator-setup-20100106.exe -d "C:\Program Files (x86)\Mozilla Firefox"
Task: {669B15CB-0BB9-4FE9-98A8-96717C39D0C8} - System32\Tasks\{B9585704-D3E6-4490-AB05-7D5E411EFA3D} => C:\Users\Richard\Downloads\Mechwarrior Trilogy\_Patches\Mechwarrior 2 Win95 XP patches\mw2patch.exe
Task: {6C395249-85CD-4D03-AC7E-4E96B8469605} - System32\Tasks\{82392557-A5F7-47D0-B251-7DE7FDE0998A} => C:\Users\Richard\Downloads\Mechwarrior Trilogy\_Patches\Mechwarrior 2 Win95 XP patches\mw2patch.exe
Task: {6D8D143F-DBEC-49D4-9EB1-5B419C844FEB} - System32\Tasks\schedule!1818212897 => C:\ProgramData\BetterSoft\EasyLife Updater\EasyLife Updater.exe <==== ATTENTION
Task: {724751E9-25AC-4F6E-87C3-B112F14C4600} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-10-21] (Google Inc.)
Task: {7936CE97-C821-40F7-AA9C-0B727A0A85CB} - System32\Tasks\RealUpgradeScheduledTaskS-1-5-21-3319899460-182958709-312313737-1002 => C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe [2013-03-06] (RealNetworks, Inc.)
Task: {7A80F815-F10F-4A2A-8B93-4AF42C519635} - System32\Tasks\ROC_JAN2013_TB_rmv => C:\Program Files (x86)\AVG Secure Search\PostInstall\ROC.exe [2013-01-30] ()
Task: {7A9B08B5-4520-4667-A47D-4305B257AA90} - System32\Tasks\{79EDC028-4889-44F1-A196-5C1FAE2A82F1} => pcalua.exe -a "C:\Users\Richard\Downloads\Daz3D - Poser - Victoria 5 Pro\7196_1_dpc_SnowflakeforAiko3.exe" -d "C:\Users\Richard\Downloads\Daz3D - Poser - Victoria 5 Pro"
Task: {837C7375-03B2-40E8-876C-9A530B1D9F9E} - System32\Tasks\RealPlayerRealUpgradeLogonTaskS-1-5-21-3319899460-182958709-312313737-1002 => C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe [2013-03-06] (RealNetworks, Inc.)
Task: {8565B515-18DD-4EC6-B01F-DFB29005388E} - System32\Tasks\{DE1FBDA6-C73C-47C3-9ABF-FAF29110107C} => pcalua.exe -a "C:\Users\Richard\Downloads\DAZ Content\Daz - Aiko\Daz3D - Anime Hair.exe" -d "C:\Users\Richard\Downloads\DAZ Content\Daz - Aiko"
Task: {8E58C354-171A-4D66-930B-00CF347F6CB5} - System32\Tasks\{BB51D02E-7983-4E69-A570-90D009D47A18} => C:\Users\Richard\Downloads\Mechwarrior Trilogy\_Patches\Mechwarrior 2 Win95 XP patches\mw2patch.exe
Task: {8F02E5AA-5721-4FE4-A07E-779D472C1C76} - System32\Tasks\{9795B6CD-8B0D-473F-9A7A-FA4E296E2971} => pcalua.exe -a "C:\Users\Richard\Downloads\Daz3D - Poser - Victoria 5 Pro\9409_1_dpc_FutureLawTextures_1.exe" -d "C:\Users\Richard\Downloads\Daz3D - Poser - Victoria 5 Pro"
Task: {9604AFA4-80EB-4242-B89B-6EED7824D104} - System32\Tasks\{BACE2729-CF40-4C7A-998C-7A59677226E3} => pcalua.exe -a "P:\DAZ Content\Daz - Aiko\ps_ac1241 - a3 Xstyle.exe" -d "P:\DAZ Content\Daz - Aiko"
Task: {97EBE952-DC72-49B1-B721-800A8DA64013} - System32\Tasks\RunAsStdUser => C:\Program Files (x86)\Desk 365\desk365.exe <==== ATTENTION
Task: {A6A1CA92-CB1E-4618-8A7F-0840FF6C6767} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {ADB0A9ED-0360-43C8-B664-8312D356EC84} - System32\Tasks\Microsoft_MKC_Logon_Task_ipoint.exe => c:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe [2013-01-29] (Microsoft Corporation)
Task: {B4295C26-D524-4A1F-93D5-AC65AF146496} - System32\Tasks\{73BC0534-FFAE-4441-8E1F-EB8872F72CE4} => pcalua.exe -a "C:\Users\Richard\Downloads\Mechwarrior Trilogy\_Tools\DOSBox0.72-win32-installer.exe" -d "C:\Users\Richard\Downloads\Mechwarrior Trilogy\_Tools"
Task: {B8F05FA9-BD05-49EC-903F-BEA588F3EEC0} - System32\Tasks\RealUpgradeLogonTaskS-1-5-21-3319899460-182958709-312313737-1002 => C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe [2013-03-06] (RealNetworks, Inc.)
Task: {BBA670B4-768E-4298-AEA1-1F787DC9D178} - System32\Tasks\{23208210-A622-4494-A33C-B770BBF2BC04} => pcalua.exe -a "C:\Program Files (x86)\Xfire\uninst.exe"
Task: {BD15BABA-F74C-407E-8802-557856428B92} - System32\Tasks\RealCreateProcessScheduledTask228110511S-1-5-21-3319899460-182958709-312313737-1002 => c:\program files (x86)\real\realplayer\update\realsched.exe [2013-04-20] (RealNetworks, Inc.)
Task: {DB73172D-CAA6-46A4-9CC4-23925962835A} - System32\Tasks\Microsoft_Hardware_Launch_itype_exe => c:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe [2013-01-29] (Microsoft Corporation)
Task: {DB98A68A-C954-44FA-92DB-B22379AC29D9} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-02-04] (Adobe Systems Incorporated)
Task: {DF6485F2-C6D5-4BC7-A688-D924A4E939C2} - System32\Tasks\{D48D3A18-6CE5-4488-B9B4-69063131C25C} => pcalua.exe -a C:\Users\Richard\AppData\Local\Temp\InstallFlashPlayer.exe -d "C:\Program Files (x86)\Mozilla Firefox"
Task: {E5CB8C9B-0C33-435C-A5FF-EE739EBCBA50} - System32\Tasks\Microsoft_MKC_Logon_Task_itype.exe => c:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe [2013-01-29] (Microsoft Corporation)
Task: {EFD91E9D-7F79-4D98-A430-8574F115904B} - System32\Tasks\{3D025125-27B7-489F-86B1-547899ADDEC6} => pcalua.exe -a C:\Users\Richard\Desktop\vcredist_x64.exe -d C:\Users\Richard\Desktop
Task: {FB8A6E89-EB68-4B74-AA26-8F9487648A44} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2014-12-19] (Adobe Systems Incorporated)
Task: {FD51876B-DEB6-46C8-9BA5-B1A5E840E23A} - System32\Tasks\Microsoft_Hardware_Launch_ipoint_exe => c:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe [2013-01-29] (Microsoft Corporation)
Task: {FE54B46F-DC36-4CE1-979E-BABEAC679326} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-3319899460-182958709-312313737-1002UA => C:\Users\Richard\AppData\Local\Google\Update\GoogleUpdate.exe [2014-04-12] (Google Inc.)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\AVG-Secure-Search-Update_JUNE2013_TB_rmv.job => C:\Windows\TEMP\{8A31AB4F-03BB-45B2-A8FB-F4A44E1D6881}.exe <==== ATTENTION
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3319899460-182958709-312313737-1002Core.job => C:\Users\Richard\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3319899460-182958709-312313737-1002UA.job => C:\Users\Richard\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\ReclaimerUpdateFiles_Richard.job => C:\Users\Richard\AppData\Roaming\Real\Update\UpgradeHelper\RealPlayer\12.01\agent\rnupgagent.exe
Task: C:\Windows\Tasks\ReclaimerUpdateXML_Richard.job => C:\Users\Richard\AppData\Roaming\Real\Update\UpgradeHelper\RealPlayer\12.01\agent\rnupgagent.exe
Task: C:\Windows\Tasks\ROC_JAN2013_TB_rmv.job => C:\Program Files (x86)\AVG Secure Search\PostInstall\ROC.exe
Task: C:\Windows\Tasks\schedule!1818212897.job => C:\ProgramData\BetterSoft\EasyLife Updater\EasyLife Updater.exe
 
==================== Loaded Modules (whitelisted) ==============
 
2011-05-26 20:22 - 2009-11-26 00:09 - 00053760 _____ () C:\Windows\System32\LXECPMON.DLL
2011-05-26 20:22 - 2009-01-13 07:15 - 04485120 _____ () C:\Windows\System32\LXECOEM.DLL
2011-05-26 20:23 - 2009-11-04 07:17 - 00189440 _____ () C:\Windows\system32\spool\PRTPROCS\x64\lxecdrpp.dll
2011-05-26 20:22 - 2011-01-23 18:47 - 00770728 _____ () C:\Program Files (x86)\Lexmark Pro800-Pro900 Series\lxecmon.exe
2011-05-26 20:22 - 2011-01-23 18:47 - 00148280 _____ () C:\Program Files (x86)\Lexmark Pro800-Pro900 Series\ezprint.exe
2013-04-13 02:45 - 2011-05-05 15:36 - 00022528 _____ () C:\Program Files\DAZ 3D\Content Management Service\ContentManagementServer.exe
2013-04-13 02:45 - 2011-05-05 15:36 - 01479680 _____ () C:\Program Files\DAZ 3D\Content Management Service\ace_x64.dll
2013-04-13 02:45 - 2011-05-05 15:36 - 00977408 _____ () C:\Program Files\DAZ 3D\Content Management Service\VServer_x64.dll
2013-04-13 02:45 - 2011-05-05 15:36 - 01053696 _____ () C:\Program Files\DAZ 3D\Content Management Service\ace_ssl_x64.dll
2013-04-13 02:45 - 2011-05-05 15:36 - 00155136 _____ () C:\Program Files\DAZ 3D\Content Management Service\asnmp_x64.dll
2011-10-04 19:52 - 2014-08-26 03:01 - 02640408 _____ () C:\Program Files (x86)\AVG Secure Search\vprot.exe
2011-07-28 18:08 - 2011-07-28 18:08 - 01259376 _____ () C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe
2013-07-25 11:57 - 2013-07-25 11:57 - 00548136 _____ () C:\Program Files (x86)\Hotspot Shield\bin\hsswd.exe
2012-11-04 14:15 - 2012-11-04 14:31 - 00076888 _____ () C:\Windows\SysWOW64\PnkBstrA.exe
2013-03-06 01:21 - 2013-03-06 01:21 - 00039056 _____ () C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe
2014-08-11 12:55 - 2014-08-11 12:55 - 00159768 _____ () C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\18.1.9\loggingserver.exe
2014-05-01 23:48 - 2013-12-22 01:22 - 00047496 _____ () C:\Program Files (x86)\Common Files\Autodesk Shared\AppManager\R1\QtSolutions_Service-head.dll
2014-05-01 23:48 - 2013-12-22 01:22 - 00104328 _____ () C:\Program Files (x86)\Common Files\Autodesk Shared\AppManager\R1\qjson0.dll
2014-07-31 11:16 - 2014-07-31 11:16 - 00073544 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
2014-07-31 11:16 - 2014-07-31 11:16 - 01044776 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
2011-05-26 20:22 - 2010-04-01 11:23 - 00389120 _____ () C:\Program Files (x86)\Lexmark Pro800-Pro900 Series\lxecscw.dll
2011-05-26 20:22 - 2009-05-27 06:16 - 00192512 _____ () C:\Program Files (x86)\Lexmark Pro800-Pro900 Series\lxecdatr.dll
2011-05-26 20:22 - 2009-05-27 06:13 - 00081920 _____ () C:\Program Files (x86)\Lexmark Pro800-Pro900 Series\lxeccats.dll
2011-05-26 20:22 - 2010-04-01 11:24 - 01159168 _____ () C:\Program Files (x86)\Lexmark Pro800-Pro900 Series\lxecDRS.dll
2011-05-26 20:22 - 2009-03-09 23:43 - 00155648 _____ () C:\Program Files (x86)\Lexmark Pro800-Pro900 Series\lxeccaps.dll
2011-05-26 20:22 - 2010-04-05 04:56 - 00716954 _____ () C:\Program Files (x86)\Lexmark Pro800-Pro900 Series\Epwizard.DLL
2011-05-26 20:22 - 2010-04-05 04:55 - 00159890 _____ () C:\Program Files (x86)\Lexmark Pro800-Pro900 Series\customui.dll
2011-05-26 20:22 - 2010-04-05 04:54 - 00123033 _____ () C:\Program Files (x86)\Lexmark Pro800-Pro900 Series\Eputil.DLL
2011-05-26 20:22 - 2010-04-05 04:54 - 00143502 _____ () C:\Program Files (x86)\Lexmark Pro800-Pro900 Series\Imagutil.DLL
2011-05-26 20:22 - 2010-04-05 04:55 - 00061604 _____ () C:\Program Files (x86)\Lexmark Pro800-Pro900 Series\Epfunct.DLL
2011-05-26 20:22 - 2010-04-05 04:56 - 02203803 _____ () C:\Program Files (x86)\Lexmark Pro800-Pro900 Series\EPWizRes.dll
2011-05-26 20:22 - 2010-04-05 04:56 - 00045221 _____ () C:\Program Files (x86)\Lexmark Pro800-Pro900 Series\epstring.dll
2011-05-26 20:22 - 2010-04-05 04:56 - 00094359 _____ () C:\Program Files (x86)\Lexmark Pro800-Pro900 Series\EPOEMDll.dll
2011-05-26 20:22 - 2009-04-07 13:25 - 00409600 _____ () C:\Program Files (x86)\Lexmark Pro800-Pro900 Series\iptk.dll
2011-05-26 20:22 - 2009-03-02 08:25 - 00151552 _____ () C:\Program Files (x86)\Lexmark Pro800-Pro900 Series\lxecptp.dll
2013-09-14 00:51 - 2013-09-14 00:51 - 00087952 _____ () C:\Program Files (x86)\Common Files\Apple\Internet Services\zlib1.dll
2013-09-14 00:50 - 2013-09-14 00:50 - 01242952 _____ () C:\Program Files (x86)\Common Files\Apple\Internet Services\libxml2.dll
2013-01-09 10:09 - 2013-01-09 10:09 - 00118784 _____ () C:\Program Files (x86)\NETGEAR\WNDA4100\Ralink.dll
2012-09-04 13:34 - 2012-09-04 13:34 - 01066856 _____ () C:\Program Files (x86)\NETGEAR\WNDA4100\RaWLAPI.dll
2014-08-11 12:55 - 2014-08-11 12:55 - 00519704 _____ () C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\18.1.9\log4cplusU.dll
2015-02-11 21:37 - 2015-02-11 21:37 - 01541120 _____ () c:\Program Files (x86)\TrimGeneration\TrimGeneration.dll
2011-07-28 18:09 - 2011-07-28 18:09 - 00096112 _____ () C:\Program Files (x86)\DivX\DivX Update\DivXUpdateCheck.dll
2013-06-20 19:46 - 2013-06-20 19:46 - 00749352 _____ () C:\Program Files (x86)\Hotspot Shield\bin\af_proxy.dll
2015-02-17 16:39 - 2013-12-22 01:22 - 00104328 _____ () C:\Users\Richard\AppData\Local\Autodesk\.AdskAppManager\R1\qjson0.dll
2010-11-22 17:56 - 2010-11-22 17:56 - 00087040 _____ () C:\Program Files (x86)\Raptr\_ctypes.pyd
2010-11-22 17:56 - 2010-11-22 17:56 - 00043008 _____ () C:\Program Files (x86)\Raptr\_socket.pyd
2010-11-22 17:56 - 2010-11-22 17:56 - 00805376 _____ () C:\Program Files (x86)\Raptr\_ssl.pyd
2014-05-13 18:26 - 2014-05-13 18:26 - 05812736 _____ () C:\Program Files (x86)\Raptr\PyQt4.QtGui.pyd
2014-05-13 18:26 - 2014-05-13 18:26 - 00067584 _____ () C:\Program Files (x86)\Raptr\sip.pyd
2014-05-13 18:26 - 2014-05-13 18:26 - 01662464 _____ () C:\Program Files (x86)\Raptr\PyQt4.QtCore.pyd
2014-05-13 18:26 - 2014-05-13 18:26 - 00494592 _____ () C:\Program Files (x86)\Raptr\PyQt4.QtNetwork.pyd
2010-11-22 17:57 - 2010-11-22 17:57 - 00096256 _____ () C:\Program Files (x86)\Raptr\win32api.pyd
2010-11-22 17:56 - 2010-11-22 17:56 - 00110592 _____ () C:\Program Files (x86)\Raptr\pywintypes26.dll
2010-11-22 17:56 - 2010-11-22 17:56 - 00010240 _____ () C:\Program Files (x86)\Raptr\select.pyd
2010-11-22 17:56 - 2010-11-22 17:56 - 00356864 _____ () C:\Program Files (x86)\Raptr\_hashlib.pyd
2010-11-22 17:57 - 2010-11-22 17:57 - 00036352 _____ () C:\Program Files (x86)\Raptr\win32process.pyd
2010-11-22 17:57 - 2010-11-22 17:57 - 00111104 _____ () C:\Program Files (x86)\Raptr\win32file.pyd
2010-11-22 17:56 - 2010-11-22 17:56 - 00044544 _____ () C:\Program Files (x86)\Raptr\_sqlite3.pyd
2011-02-15 13:17 - 2011-02-15 13:17 - 00417501 _____ () C:\Program Files (x86)\Raptr\sqlite3.dll
2010-11-22 17:57 - 2010-11-22 17:57 - 00167936 _____ () C:\Program Files (x86)\Raptr\win32gui.pyd
2014-05-13 18:26 - 2014-05-13 18:26 - 00313856 _____ () C:\Program Files (x86)\Raptr\PyQt4.QtWebKit.pyd
2010-11-22 17:56 - 2010-11-22 17:56 - 00127488 _____ () C:\Program Files (x86)\Raptr\pyexpat.pyd
2010-11-22 17:56 - 2010-11-22 17:56 - 00009216 _____ () C:\Program Files (x86)\Raptr\winsound.pyd
2010-11-22 17:56 - 2010-11-22 17:56 - 00354304 _____ () C:\Program Files (x86)\Raptr\pythoncom26.dll
2010-11-22 17:57 - 2010-11-22 17:57 - 00016384 _____ () C:\Program Files (x86)\Raptr\win32trace.pyd
2014-08-13 19:37 - 2014-08-13 19:37 - 00113171 _____ () C:\Program Files (x86)\Raptr\libvlc.dll
2014-08-13 19:37 - 2014-08-13 19:37 - 02396691 _____ () C:\Program Files (x86)\Raptr\libvlccore.dll
2010-11-22 17:56 - 2010-11-22 17:56 - 00583680 _____ () C:\Program Files (x86)\Raptr\unicodedata.pyd
2010-11-22 17:57 - 2010-11-22 17:57 - 00263168 _____ () C:\Program Files (x86)\Raptr\win32com.shell.shell.pyd
2010-11-22 17:57 - 2010-11-22 17:57 - 00141312 _____ () C:\Program Files (x86)\Raptr\gobject._gobject.pyd
2014-06-17 19:56 - 2014-06-17 19:56 - 02717595 _____ () C:\Program Files (x86)\Raptr\heliotrope._purple.pyd
2011-02-15 13:17 - 2011-02-15 13:17 - 01213633 _____ () C:\Program Files (x86)\Raptr\libxml2-2.dll
2010-11-22 18:06 - 2010-11-22 18:06 - 00055808 _____ () C:\Program Files (x86)\Raptr\zlib1.dll
2013-05-09 18:52 - 2013-05-09 18:52 - 00495680 _____ () C:\Program Files (x86)\Raptr\plugins\libaim.dll
2013-05-09 18:52 - 2013-05-09 18:52 - 01183699 _____ () C:\Program Files (x86)\Raptr\liboscar.dll
2013-05-09 18:52 - 2013-05-09 18:52 - 00483306 _____ () C:\Program Files (x86)\Raptr\plugins\libicq.dll
2013-05-03 13:57 - 2013-05-03 13:57 - 00655356 _____ () C:\Program Files (x86)\Raptr\plugins\libirc.dll
2013-05-03 13:56 - 2013-05-03 13:56 - 01306387 _____ () C:\Program Files (x86)\Raptr\plugins\libmsn.dll
2013-05-03 13:56 - 2013-05-03 13:56 - 00565461 _____ () C:\Program Files (x86)\Raptr\plugins\libxmpp.dll
2013-05-03 13:57 - 2013-05-03 13:57 - 01640221 _____ () C:\Program Files (x86)\Raptr\libjabber.dll
2013-05-03 13:56 - 2013-05-03 13:56 - 00506276 _____ () C:\Program Files (x86)\Raptr\plugins\libyahoo.dll
2013-05-03 13:57 - 2013-05-03 13:57 - 01053730 _____ () C:\Program Files (x86)\Raptr\libymsg.dll
2013-05-03 13:57 - 2013-05-03 13:57 - 00497782 _____ () C:\Program Files (x86)\Raptr\plugins\libyahoojp.dll
2013-05-03 13:57 - 2013-05-03 13:57 - 00603326 _____ () C:\Program Files (x86)\Raptr\plugins\ssl-nss.dll
2013-05-03 13:57 - 2013-05-03 13:57 - 00474199 _____ () C:\Program Files (x86)\Raptr\plugins\ssl.dll
2010-08-18 08:29 - 2010-03-03 19:08 - 00058880 _____ () C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IsdiInterop.dll
2015-02-14 19:36 - 2015-02-04 04:02 - 01117512 _____ () C:\Program Files (x86)\Google\Chrome\Application\40.0.2214.111\libglesv2.dll
2015-02-14 19:36 - 2015-02-04 04:02 - 00211272 _____ () C:\Program Files (x86)\Google\Chrome\Application\40.0.2214.111\libegl.dll
2015-02-14 19:36 - 2015-02-04 04:02 - 09170760 _____ () C:\Program Files (x86)\Google\Chrome\Application\40.0.2214.111\pdf.dll
2015-02-14 19:36 - 2015-02-04 04:02 - 14965064 _____ () C:\Program Files (x86)\Google\Chrome\Application\40.0.2214.111\PepperFlash\pepflashplayer.dll
 
==================== Alternate Data Streams (whitelisted) =========
 
(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)
 
AlternateDataStreams: C:\Windows:FA088E6B23EF14EC
AlternateDataStreams: C:\Program Files\Common Files\Microsoft Shared:8NIRLXUOEIG5PGH1UKb1aenfoO
AlternateDataStreams: C:\ProgramData\Microsoft:7Knv8y48edUYgnxnKQlizwxxZk5
AlternateDataStreams: C:\ProgramData\Microsoft:9AQyDmPzRplowbuc0r1Q
AlternateDataStreams: C:\ProgramData\Microsoft:L4RbZVmX9zehyuwMoJhroPxG
AlternateDataStreams: C:\ProgramData\Microsoft:wJjDmGGeplv1JH3UGw8mx8m9BxI
AlternateDataStreams: C:\Users\Richard\Local Settings:pBX9DS3E6gP3c0jA
AlternateDataStreams: C:\Users\Richard\AppData\Local:pBX9DS3E6gP3c0jA
AlternateDataStreams: C:\Users\Richard\AppData\Local\Application Data:pBX9DS3E6gP3c0jA
 
==================== Safe Mode (whitelisted) ===================
 
(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
 
 
==================== EXE Association (whitelisted) ===============
 
(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)
 
HKU\S-1-5-21-3319899460-182958709-312313737-1002\Software\Classes\.exe: exefile =>  <===== ATTENTION!
HKU\S-1-5-21-3319899460-182958709-312313737-1002\Software\Classes\exefile:  <===== ATTENTION!
 
==================== Other Areas ============================
 
(Currently there is no automatic fix for this section.)
 
HKU\S-1-5-21-3319899460-182958709-312313737-1002\Control Panel\Desktop\\Wallpaper -> C:\Users\Richard\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 192.168.1.1
 
==================== MSCONFIG/TASK MANAGER disabled items ==
 
(Currently there is no automatic fix for this section.)
 
MSCONFIG\Services: c2cautoupdatesvc => 2
MSCONFIG\Services: c2cpnrsvc => 2
MSCONFIG\Services: Hamachi2Svc => 2
MSCONFIG\Services: SkypeUpdate => 2
 
==================== Accounts: =============================
 
Administrator (S-1-5-21-3319899460-182958709-312313737-500 - Administrator - Disabled)
ASPNET (S-1-5-21-3319899460-182958709-312313737-1001 - Limited - Enabled)
fbwuser (S-1-5-21-3319899460-182958709-312313737-1005 - Limited - Enabled) => C:\Users\fbwuser
Guest (S-1-5-21-3319899460-182958709-312313737-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-3319899460-182958709-312313737-1004 - Limited - Enabled)
Richard (S-1-5-21-3319899460-182958709-312313737-1002 - Administrator - Enabled) => C:\Users\Richard
 
==================== Faulty Device Manager Devices =============
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (02/17/2015 08:30:53 PM) (Source: MsiInstaller) (EventID: 11310) (User: Richard-PC)
Description: Product: Akamai NetSession Interface -- Error 1310. Error writing to file: C:\Users\Richard\AppData\Local\Akamai\admintool.exe.  System error 0.  Verify that you have access to that directory.
 
Error: (02/17/2015 08:30:29 PM) (Source: MsiInstaller) (EventID: 11310) (User: Richard-PC)
Description: Product: Akamai NetSession Interface -- Error 1310. Error writing to file: C:\Users\Richard\AppData\Local\Akamai\admintool.exe.  System error 0.  Verify that you have access to that directory.
 
Error: (02/17/2015 04:40:23 PM) (Source: BstHdAndroidSvc) (EventID: 0) (User: )
Description: Service cannot be started. System.ApplicationException: Cannot start service.  Service did not stop gracefully the last time it was run.
   at BlueStacks.hyperDroid.Service.Service.OnStart(String[] args)
   at System.ServiceProcess.ServiceBase.ServiceQueuedMainCallback(Object state)
 
Error: (02/17/2015 04:39:00 PM) (Source: TabletServicePen) (EventID: 0) (User: )
Description: Could not init tablet driver
 
Error: (02/17/2015 04:28:32 PM) (Source: MsiInstaller) (EventID: 11310) (User: Richard-PC)
Description: Product: Akamai NetSession Interface -- Error 1310. Error writing to file: C:\Users\Richard\AppData\Local\Akamai\admintool.exe.  System error 0.  Verify that you have access to that directory.
 
Error: (02/17/2015 04:28:10 PM) (Source: MsiInstaller) (EventID: 11310) (User: Richard-PC)
Description: Product: Akamai NetSession Interface -- Error 1310. Error writing to file: C:\Users\Richard\AppData\Local\Akamai\admintool.exe.  System error 0.  Verify that you have access to that directory.
 
Error: (02/17/2015 00:27:58 PM) (Source: MsiInstaller) (EventID: 11310) (User: Richard-PC)
Description: Product: Akamai NetSession Interface -- Error 1310. Error writing to file: C:\Users\Richard\AppData\Local\Akamai\admintool.exe.  System error 0.  Verify that you have access to that directory.
 
Error: (02/17/2015 00:27:38 PM) (Source: MsiInstaller) (EventID: 11310) (User: Richard-PC)
Description: Product: Akamai NetSession Interface -- Error 1310. Error writing to file: C:\Users\Richard\AppData\Local\Akamai\admintool.exe.  System error 0.  Verify that you have access to that directory.
 
Error: (02/17/2015 11:44:52 AM) (Source: SideBySide) (EventID: 33) (User: )
Description: Activation context generation failed for "Microsoft.VC90.CRT,processorArchitecture="x86",type="win32",version="9.0.30729.1"1".
Dependent Assembly Microsoft.VC90.CRT,processorArchitecture="x86",type="win32",version="9.0.30729.1" could not be found.
Please use sxstrace.exe for detailed diagnosis.
 
Error: (02/17/2015 11:44:52 AM) (Source: SideBySide) (EventID: 33) (User: )
Description: Activation context generation failed for "Microsoft.VC90.CRT,processorArchitecture="x86",type="win32",version="9.0.30729.1"1".
Dependent Assembly Microsoft.VC90.CRT,processorArchitecture="x86",type="win32",version="9.0.30729.1" could not be found.
Please use sxstrace.exe for detailed diagnosis.
 
 
System errors:
=============
Error: (02/17/2015 04:40:23 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: The BlueStacks Android Service service terminated with the following error: 
%%1064
 
Error: (02/17/2015 04:38:33 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The MCSTRM service failed to start due to the following error: 
%%2
 
Error: (02/17/2015 05:26:08 AM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: The BlueStacks Android Service service terminated with the following error: 
%%1064
 
Error: (02/17/2015 05:24:10 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The MCSTRM service failed to start due to the following error: 
%%2
 
Error: (02/17/2015 02:40:56 AM) (Source: sptd) (EventID: 4) (User: )
Description: Driver detected an internal error in its data structures for .
 
Error: (02/17/2015 02:40:56 AM) (Source: sptd) (EventID: 4) (User: )
Description: Driver detected an internal error in its data structures for .
 
Error: (02/17/2015 02:40:56 AM) (Source: sptd) (EventID: 4) (User: )
Description: Driver detected an internal error in its data structures for .
 
Error: (02/17/2015 01:10:20 AM) (Source: sptd) (EventID: 4) (User: )
Description: Driver detected an internal error in its data structures for .
 
Error: (02/17/2015 01:10:20 AM) (Source: sptd) (EventID: 4) (User: )
Description: Driver detected an internal error in its data structures for .
 
Error: (02/17/2015 01:08:30 AM) (Source: VDS Basic Provider) (EventID: 1) (User: )
Description: Unexpected failure. Error code: 490@01010004
 
 
Microsoft Office Sessions:
=========================
 
CodeIntegrity Errors:
===================================
  Date: 2013-04-11 20:23:16.343
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Users\Richard\AppData\Local\Temp\PIOCA8F.tmp because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2013-04-11 20:23:16.238
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Users\Richard\AppData\Local\Temp\PIOCA8F.tmp because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2013-02-19 20:19:13.451
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume6\Windows\winsxs\x86_microsoft-windows-tpm-driver-wmi_31bf3856ad364e35_6.0.6001.18000_none_6f8d0e60c043c672\Win32_Tpm.dll because the set of per-page image hashes could not be found on the system.
 
  Date: 2013-02-19 20:19:13.293
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume6\Windows\winsxs\x86_microsoft-windows-tpm-driver-wmi_31bf3856ad364e35_6.0.6001.18000_none_6f8d0e60c043c672\Win32_Tpm.dll because the set of per-page image hashes could not be found on the system.
 
  Date: 2013-02-19 20:19:13.149
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume6\Windows\winsxs\x86_microsoft-windows-tpm-driver-wmi_31bf3856ad364e35_6.0.6001.18000_none_6f8d0e60c043c672\Win32_Tpm.dll because the set of per-page image hashes could not be found on the system.
 
  Date: 2013-02-19 20:14:48.716
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume6\Windows\winsxs\x86_microsoft-windows-bcrypt-dll_31bf3856ad364e35_6.0.6002.18005_none_f0780c78ec8773db\bcrypt.dll because the set of per-page image hashes could not be found on the system.
 
  Date: 2013-02-19 20:14:48.497
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume6\Windows\winsxs\x86_microsoft-windows-bcrypt-dll_31bf3856ad364e35_6.0.6002.18005_none_f0780c78ec8773db\bcrypt.dll because the set of per-page image hashes could not be found on the system.
 
  Date: 2013-02-19 20:14:48.247
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume6\Windows\winsxs\x86_microsoft-windows-bcrypt-dll_31bf3856ad364e35_6.0.6002.18005_none_f0780c78ec8773db\bcrypt.dll because the set of per-page image hashes could not be found on the system.
 
  Date: 2013-02-19 20:14:48.063
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume6\Windows\winsxs\x86_microsoft-windows-bcrypt-dll_31bf3856ad364e35_6.0.6001.18000_none_ee8c936cef65a88f\bcrypt.dll because the set of per-page image hashes could not be found on the system.
 
  Date: 2013-02-19 20:14:47.919
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume6\Windows\winsxs\x86_microsoft-windows-bcrypt-dll_31bf3856ad364e35_6.0.6001.18000_none_ee8c936cef65a88f\bcrypt.dll because the set of per-page image hashes could not be found on the system.
 
 
==================== Memory info =========================== 
 
Processor: Intel® Core™ i5 CPU 650 @ 3.20GHz
Percentage of memory in use: 43%
Total physical RAM: 8183.08 MB
Available physical RAM: 4609.04 MB
Total Pagefile: 16364.35 MB
Available Pagefile: 11989.45 MB
Total Virtual: 8192 MB
Available Virtual: 8191.82 MB
 
==================== Drives ================================
 
Drive c: (WINDOWS) (Fixed) (Total:891.02 GB) (Free:398.31 GB) NTFS
Drive d: (ImageBackup) (Fixed) (Total:40 GB) (Free:35.27 GB) NTFS
Drive f: () (Fixed) (Total:227.51 GB) (Free:52.66 GB) NTFS
Drive g: (RECOVERY) (Fixed) (Total:5.37 GB) (Free:2.41 GB) FAT32
Drive p: (Hitachi) (Fixed) (Total:931.51 GB) (Free:761.01 GB) NTFS
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (MBR Code: Windows 7 or Vista) (Size: 931.5 GB) (Disk ID: 18761E3F)
Partition 1: (Active) - (Size=500 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=40 GB) - (Type=OF Extended)
Partition 3: (Not Active) - (Size=891 GB) - (Type=07 NTFS)
 
========================================================
Disk: 1 (MBR Code: Windows XP) (Size: 232.9 GB) (Disk ID: FAC1FAC1)
Partition 1: (Not Active) - (Size=5.4 GB) - (Type=0B)
Partition 2: (Active) - (Size=227.5 GB) - (Type=07 NTFS)
Attempted reading MBR returned 0 bytes.
 Could not read MBR for disk 6.
 
==================== End Of Log ============================
 
 


BC AdBot (Login to Remove)

 


m

#2 nasdaq

nasdaq

  • Malware Response Team
  • 38,242 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:01:35 PM

Posted 21 February 2015 - 11:29 AM

Hello, Welcome to BleepingComputer.
I'm nasdaq and will be helping you.

If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps in the order listed.
===

Using the Add/Remove Programs applet delete these programs in bold.

Block The Ads (HKLM-x32\...\{37476589-E48E-439E-A706-56189E2ED4C4}_is1) (Version: - Block The Ads) <==== ATTENTION
Search Protect (HKLM-x32\...\SearchProtect) (Version: 2.13.2.14 - Client Connect LTD) <==== ATTENTION
Updater Service (HKLM-x32\...\Updater Service) (Version: 15,9,28,27 - ) <==== ATTENTION
Windows Media Player Packages (HKU\S-1-5-21-3319899460-182958709-312313737-1002\...\Windows Media Player Packages) (Version: - ) <==== ATTENTION
Wolfram Alpha Official (HKLM-x32\...\{AD11DADE-C597-45D9-D8C5-1D2EB0B89613}) (Version: - ) <==== ATTENTION

===

Read this topic and decide if you want to keep HotSpot shield.
() C:\Program Files (x86)\Hotspot Shield\bin\hsswd.exe

===


Open notepad (Start =>All Programs => Accessories => Notepad). Please copy the entire contents of the code box below.
 
start

CloseProcesses:

() C:\Program Files (x86)\AVG Secure Search\vprot.exe
(AVG Secure Search) C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\18.1.9\ToolbarUpdater.exe
() C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\18.1.9\loggingserver.exe
HKLM-x32\...\Run: [vProt] => C:\Program Files (x86)\AVG Secure Search\vprot.exe [2640408 2014-08-26] ()
HKLM-x32\...\Run: [] => [X]
HKLM\...D6A79037F57F\InprocServer32: [Default-fastprox] fastprox.dll ATTENTION! ====> ZeroAccess?
HKU\S-1-5-21-3319899460-182958709-312313737-1002\...\Run: [AdobeBridge] => [X]
HKU\S-1-5-21-3319899460-182958709-312313737-1002\...409d6c4515e9\InprocServer32: [Default-shell32] C:\$Recycle.Bin\S-1-5-21-3319899460-182958709-312313737-1002\$8b432e2009290dda021288b9140fa04a\n. ATTENTION! ====> ZeroAccess?
HKU\S-1-5-18\...\RunOnce: [SpUninstallDeleteDir] => rmdir /s /q "\SearchProtect"
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\MA003DMN.LNK
ShortcutTarget: MA003DMN.LNK -> C:\Program Files (x86)\M-Audio Audiophile USB\Dmn\ma003dmn.exe (No File)
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
ProxyEnable: [S-1-5-21-3319899460-182958709-312313737-1005] => Internet Explorer proxy is enabled.
URLSearchHook: HKU\S-1-5-21-3319899460-182958709-312313737-1002 - (No Name) - {ec173f7c-6744-441f-be93-c7cc43103ba5} - No File
SearchScopes: HKLM-x32 -> DefaultScope {BB82DE59-BC4C-4172-9AC4-73315F71CFFE} URL = http://websearch.look-for-it.info/?l=1&q={searchTerms}&pid=21122&r=2015/02/12&hid=10759119092824900463&lg=EN&cc=US&unqvl=82
SearchScopes: HKLM-x32 -> {afdbddaa-5d3f-42ee-b79c-185a7020515b} URL = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT3001725
SearchScopes: HKLM-x32 -> {BB82DE59-BC4C-4172-9AC4-73315F71CFFE} URL = http://websearch.look-for-it.info/?l=1&q={searchTerms}&pid=21122&r=2015/02/12&hid=10759119092824900463&lg=EN&cc=US&unqvl=82
SearchScopes: HKU\S-1-5-21-3319899460-182958709-312313737-1002 -> DefaultScope {BB82DE59-BC4C-4172-9AC4-73315F71CFFE} URL = http://websearch.look-for-it.info/?l=1&q={searchTerms}&pid=21122&r=2015/02/12&hid=10759119092824900463&lg=EN&cc=US&unqvl=82
SearchScopes: HKU\S-1-5-21-3319899460-182958709-312313737-1002 -> {171DEBEB-C3D4-40b7-AC73-056A5EBA4A7E} URL =
SearchScopes: HKU\S-1-5-21-3319899460-182958709-312313737-1002 -> {351D3021-D675-4D73-82D1-55308A409FD1} URL = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT1561552
SearchScopes: HKU\S-1-5-21-3319899460-182958709-312313737-1002 -> {390BB05C-4A49-46C1-B79E-DE5B79B124AC} URL = http://websearch.ask.com/redirect?client=ie&tb=PF&o=15176&src=kw&q={searchTerms}&locale=&apn_ptnrs=RW&apn_dtid=YYYYYYYYUS&apn_uid=e16dd38a-3d68-489f-a4ce-a865c5595d5d&apn_sauid=4073B620-8B34-4350-8DDD-2D76D17D909C
SearchScopes: HKU\S-1-5-21-3319899460-182958709-312313737-1002 -> {4438E829-0504-4893-AFA5-A90D222939D1} URL = http://search.avg.com/route/?d=4c7e10ce&v=6.10.6.4&i=23&tp=chrome&q={searchTerms}&lng={language}&iy=&ychte=us
SearchScopes: HKU\S-1-5-21-3319899460-182958709-312313737-1002 -> {95B7759C-8C7F-4BF1-B163-73684A933233} URL = http://isearch.avg.com/search?cid={2CBDDC0C-2131-4E58-B00E-460F1A1A1C31}&mid=b186c6b6a926b42c82099ed85282dd2f-5c98abb0f82372868a4becf757a4e2144b50b582&lang=en&ds=AVG&pr=pr&d=2011-10-04 20:52:49&v=15.5.0.2&pid=avg&sg=0&sap=dsp&q={searchTerms}
SearchScopes: HKU\S-1-5-21-3319899460-182958709-312313737-1002 -> {BB82DE59-BC4C-4172-9AC4-73315F71CFFE} URL = http://websearch.look-for-it.info/?l=1&q={searchTerms}&pid=21122&r=2015/02/12&hid=10759119092824900463&lg=EN&cc=US&unqvl=82
Toolbar: HKLM-x32 - No Name - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} -  No File
Toolbar: HKU\S-1-5-21-3319899460-182958709-312313737-1002 -> No Name - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} -  No File
Toolbar: HKU\S-1-5-21-3319899460-182958709-312313737-1002 -> No Name - {D4027C7F-154A-4066-A1AD-4243D8127440} -  No File
Toolbar: HKU\S-1-5-21-3319899460-182958709-312313737-1002 -> No Name - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} -  No File
Toolbar: HKU\S-1-5-21-3319899460-182958709-312313737-1002 -> No Name - {E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} -  No File
Handler-x32: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\18.1.9\ViProtocol.dll (AVG Secure Search)
Winsock: Catalog5 01 mswsock.dll File Not found () ATTENTION: The LibraryPath should be "%SystemRoot%\system32\NLAapi.dll"
Winsock: Catalog5 05 mswsock.dll File Not found () ATTENTION: The LibraryPath should be "%SystemRoot%\System32\mswsock.dll"
Winsock: Catalog5-x64 01 mswsock.dll File Not found () ATTENTION: The LibraryPath should be "%SystemRoot%\system32\NLAapi.dll"
Winsock: Catalog5-x64 05 mswsock.dll File Not found () ATTENTION: The LibraryPath should be "%SystemRoot%\System32\mswsock.dll"
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin -> C:\Program Files (x86)\Common Files\AVG Secure Search\SiteSafetyInstaller\18.1.9\\npsitesafety.dll No File
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin HKU\S-1-5-21-3319899460-182958709-312313737-1002: benvanik/npvr -> C:\Users\Richard\Desktop\occulus rift games demos\vr.js-master\bin\npvr.dll No File
FF SearchPlugin: C:\Users\Richard\AppData\Roaming\Mozilla\Firefox\Profiles\xyhh5etr.default-1361501546659\searchplugins\avg-secure-search.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\avg-secure-search.xml
FF Extension: Browise2save - C:\Users\Richard\AppData\Roaming\Mozilla\Firefox\Profiles\xyhh5etr.default-1361501546659\Extensions\dhrtum-sdh@yuel-jp.com [2013-04-11]
FF Extension: youtubeadblocker - C:\Users\Richard\AppData\Roaming\Mozilla\Firefox\Profiles\xyhh5etr.default-1361501546659\Extensions\G5M6@I.net [2015-02-11]
FF Extension: CoNtoinnueyTTosoaave - C:\Users\Richard\AppData\Roaming\Mozilla\Firefox\Profiles\xyhh5etr.default-1361501546659\Extensions\klvdpn6jgwg@eklj-mq.com [2013-05-28]
FF Extension: UniDealSe - C:\Users\Richard\AppData\Roaming\Mozilla\Firefox\Profiles\xyhh5etr.default-1361501546659\Extensions\m@g.co.uk [2015-02-11]
FF HKLM-x32\...\Firefox\Extensions: [avg@toolbar] - C:\ProgramData\AVG Secure Search\FireFoxExt\18.1.9.799
FF Extension: AVG Security Toolbar - C:\ProgramData\AVG Secure Search\FireFoxExt\18.1.9.799 [2014-08-26]
CHR HomePage: Default -> hxxp://search.easylifeapp.com/?pid=34&src=ch1&r=2013/03/13&hid=49225719&lg=EN&cc=US
CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\40.0.2214.111\ppGoogleNaClPluginChrome.dll No File
CHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll No File
CHR Plugin: (QuickTime Plug-in 7.7.3) - C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin6.dll No File
CHR Plugin: (QuickTime Plug-in 7.7.3) - C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin7.dll No File
CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.135\npGoogleUpdate3.dll No File
CHR Plugin: (Shockwave Flash) - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_169.dll No File
CHR Plugin: (Silverlight Plug-In) - c:\Program Files (x86)\Microsoft Silverlight\5.1.20125.0\npctrl.dll No File
CHR Extension: (AVG Security Toolbar) - C:\Users\Richard\AppData\Local\Google\Chrome\User Data\Default\Extensions\ndibdjnfmopecpmkdieinmbadjfpblof [2013-04-21]
CHR HKLM-x32\...\Chrome\Extension: [bopakagnckmlgajfccecajhnimjiiedh] - No Path
CHR HKLM-x32\...\Chrome\Extension: [cpojbflpfnldlfajplfekeljkpkcedad] - C:\Users\Richard\AppData\Local\Temp\cpojbflpfnldlfajplfekeljkpkcedad.crx [Not Found]
CHR HKLM-x32\...\Chrome\Extension: [jmfkcklnlgedgbglfkkgedjfmejoahla] - C:\Program Files (x86)\AVG\AVG2012\Chrome\safesearch.crx [2012-07-26]
CHR HKLM-x32\...\Chrome\Extension: [ndibdjnfmopecpmkdieinmbadjfpblof] - C:\Program Files (x86)\AVG\AVG2012\Chrome\donottrack.crx [2012-04-20]
CHR HKLM-x32\...\Chrome\Extension: [nneajnkjbffgblleaoojgaacokifdkhm] - No Path
R2 fb0849cd; c:\Program Files (x86)\TrimGeneration\TrimGeneration.dll [1541120 2015-02-11] () [File not signed]
R2 vToolbarUpdater18.1.9; C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\18.1.9\ToolbarUpdater.exe [1820184 2014-08-11] (AVG Secure Search)
S2 RoxLiveShare10; "C:\Program Files (x86)\Common Files\Roxio Shared\10.0\SharedCOM\RoxLiveShare10.exe" [X]
S2 MCSTRM; No ImagePath
U3 a1thxvm6; C:\Windows\System32\Drivers\a1thxvm6.sys [0 ] (Intel Corporation) <==== ATTENTION (zero size file/folder)
S3 IntcAzAudAddService; system32\drivers\RTKVHD64.sys [X]
S3 lmimirr; system32\DRIVERS\lmimirr.sys [X]
S3 NPF; system32\DRIVERS\npf.sys [X]
C:\Users\Richard\AppData\Local\Temp\drm_dyndata_7380015.dll
C:\Users\Richard\AppData\Local\Temp\FastDownloadTNT.exe
C:\Users\Richard\AppData\Local\Temp\InstallFlashPlayer.exe
C:\Users\Richard\AppData\Local\Temp\jre-8u31-windows-au.exe
C:\Users\Richard\AppData\Local\Temp\OCL233848T8.dll
C:\Users\Richard\AppData\Local\Temp\ose00000.exe
C:\Users\Richard\AppData\Local\Temp\twapi-2.0a7.dll
Task: {6D8D143F-DBEC-49D4-9EB1-5B419C844FEB} - System32\Tasks\schedule!1818212897 => C:\ProgramData\BetterSoft\EasyLife Updater\EasyLife Updater.exe <==== ATTENTION
Task: {97EBE952-DC72-49B1-B721-800A8DA64013} - System32\Tasks\RunAsStdUser => C:\Program Files (x86)\Desk 365\desk365.exe <==== ATTENTION
Task: C:\Windows\Tasks\AVG-Secure-Search-Update_JUNE2013_TB_rmv.job => C:\Windows\TEMP\{8A31AB4F-03BB-45B2-A8FB-F4A44E1D6881}.exe <==== ATTENTION
HKU\S-1-5-21-3319899460-182958709-312313737-1002\Software\Classes\.exe: exefile =>  <===== ATTENTION!
HKU\S-1-5-21-3319899460-182958709-312313737-1002\Software\Classes\exefile:  <===== ATTENTION!
AlternateDataStreams: C:\Windows:FA088E6B23EF14EC
AlternateDataStreams: C:\Program Files\Common Files\Microsoft Shared:8NIRLXUOEIG5PGH1UKb1aenfoO
AlternateDataStreams: C:\ProgramData\Microsoft:7Knv8y48edUYgnxnKQlizwxxZk5
AlternateDataStreams: C:\ProgramData\Microsoft:9AQyDmPzRplowbuc0r1Q
AlternateDataStreams: C:\ProgramData\Microsoft:L4RbZVmX9zehyuwMoJhroPxG
AlternateDataStreams: C:\ProgramData\Microsoft:wJjDmGGeplv1JH3UGw8mx8m9BxI
AlternateDataStreams: C:\Users\Richard\Local Settings:pBX9DS3E6gP3c0jA
AlternateDataStreams: C:\Users\Richard\AppData\Local:pBX9DS3E6gP3c0jA
AlternateDataStreams: C:\Users\Richard\AppData\Local\Application Data:pBX9DS3E6gP3c0jA
C:\Windows\System32\Drivers\a1thxvm6.sys
c:\Program Files (x86)\TrimGeneration

End
Save the files as fixlist.txt into the same folder as FRST

Run FRST and click Fix only once and wait.

Restart the computer normally to reset the registry.

The tool will create a log (Fixlog.txt) please post it to your reply.
===

Please download AdwCleaner by Xplode onto your Desktop.
  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click the Scan button and wait for the process to complete.
  • Click the Report button and the report will open in Notepad.
IMPORTANT
  • If you click the Clean button all items listed in the report will be removed.
If you find some false positive items or programs that you wish to keep, Close the AdwCleaner windows.
  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click the Scan button and wait for the process to complete.
  • Check off the element(s) you wish to keep.
  • Click on the Clean button follow the prompts.
  • A log file will automatically open after the scan has finished.
  • Please post the content of that log file with your next answer.
  • You can find the log file at C:\AdwCleaner[Sn].txt (n is a number).
How is the computer running now?

#3 MoonpigsART

MoonpigsART
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:02:35 PM

Posted 21 February 2015 - 08:44 PM

I dont have anymore ads and feels like things are running very quickly now 
 
Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 21-02-2015
Ran by Richard at 2015-02-21 20:15:34 Run:1
Running from C:\Users\Richard\Downloads
Loaded Profiles: Richard & fbwuser (Available profiles: Richard & fbwuser)
Boot Mode: Normal
==============================================
 
Content of fixlist:
*****************
start
 
CloseProcesses:
 
() C:\Program Files (x86)\AVG Secure Search\vprot.exe
(AVG Secure Search) C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\18.1.9\ToolbarUpdater.exe
() C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\18.1.9\loggingserver.exe
HKLM-x32\...\Run: [vProt] => C:\Program Files (x86)\AVG Secure Search\vprot.exe [2640408 2014-08-26] ()
HKLM-x32\...\Run: [] => [X]
HKLM\...D6A79037F57F\InprocServer32: [Default-fastprox] fastprox.dll ATTENTION! ====> ZeroAccess?
HKU\S-1-5-21-3319899460-182958709-312313737-1002\...\Run: [AdobeBridge] => [X]
HKU\S-1-5-21-3319899460-182958709-312313737-1002\...409d6c4515e9\InprocServer32: [Default-shell32] C:\$Recycle.Bin\S-1-5-21-3319899460-182958709-312313737-1002\$8b432e2009290dda021288b9140fa04a\n. ATTENTION! ====> ZeroAccess?
HKU\S-1-5-18\...\RunOnce: [SpUninstallDeleteDir] => rmdir /s /q "\SearchProtect"
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\MA003DMN.LNK
ShortcutTarget: MA003DMN.LNK -> C:\Program Files (x86)\M-Audio Audiophile USB\Dmn\ma003dmn.exe (No File)
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
ProxyEnable: [S-1-5-21-3319899460-182958709-312313737-1005] => Internet Explorer proxy is enabled.
URLSearchHook: HKU\S-1-5-21-3319899460-182958709-312313737-1002 - (No Name) - {ec173f7c-6744-441f-be93-c7cc43103ba5} - No File
SearchScopes: HKLM-x32 -> DefaultScope {BB82DE59-BC4C-4172-9AC4-73315F71CFFE} URL = http://websearch.look-for-it.info/?l=1&q={searchTerms}&pid=21122&r=2015/02/12&hid=10759119092824900463&lg=EN&cc=US&unqvl=82
SearchScopes: HKLM-x32 -> {afdbddaa-5d3f-42ee-b79c-185a7020515b} URL = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT3001725
SearchScopes: HKU\S-1-5-21-3319899460-182958709-312313737-1002 -> DefaultScope {BB82DE59-BC4C-4172-9AC4-73315F71CFFE} URL = http://websearch.look-for-it.info/?l=1&q={searchTerms}&pid=21122&r=2015/02/12&hid=10759119092824900463&lg=EN&cc=US&unqvl=82
SearchScopes: HKU\S-1-5-21-3319899460-182958709-312313737-1002 -> {171DEBEB-C3D4-40b7-AC73-056A5EBA4A7E} URL =
SearchScopes: HKU\S-1-5-21-3319899460-182958709-312313737-1002 -> {351D3021-D675-4D73-82D1-55308A409FD1} URL = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT1561552
SearchScopes: HKU\S-1-5-21-3319899460-182958709-312313737-1002 -> {4438E829-0504-4893-AFA5-A90D222939D1} URL = http://search.avg.com/route/?d=4c7e10ce&v=6.10.6.4&i=23&tp=chrome&q={searchTerms}&lng={language}&iy=&ychte=us
SearchScopes: HKU\S-1-5-21-3319899460-182958709-312313737-1002 -> {95B7759C-8C7F-4BF1-B163-73684A933233} URL = http://isearch.avg.com/search?cid={2CBDDC0C-2131-4E58-B00E-460F1A1A1C31}&mid=b186c6b6a926b42c82099ed85282dd2f-5c98abb0f82372868a4becf757a4e2144b50b582&lang=en&ds=AVG&pr=pr&d=2011-10-04 20:52:49&v=15.5.0.2&pid=avg&sg=0&sap=dsp&q={searchTerms}
SearchScopes: HKU\S-1-5-21-3319899460-182958709-312313737-1002 -> {BB82DE59-BC4C-4172-9AC4-73315F71CFFE} URL = http://websearch.look-for-it.info/?l=1&q={searchTerms}&pid=21122&r=2015/02/12&hid=10759119092824900463&lg=EN&cc=US&unqvl=82
Toolbar: HKLM-x32 - No Name - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} -  No File
Toolbar: HKU\S-1-5-21-3319899460-182958709-312313737-1002 -> No Name - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} -  No File
Toolbar: HKU\S-1-5-21-3319899460-182958709-312313737-1002 -> No Name - {D4027C7F-154A-4066-A1AD-4243D8127440} -  No File
Toolbar: HKU\S-1-5-21-3319899460-182958709-312313737-1002 -> No Name - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} -  No File
Toolbar: HKU\S-1-5-21-3319899460-182958709-312313737-1002 -> No Name - {E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} -  No File
Handler-x32: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\18.1.9\ViProtocol.dll (AVG Secure Search)
Winsock: Catalog5 01 mswsock.dll File Not found () ATTENTION: The LibraryPath should be "%SystemRoot%\system32\NLAapi.dll"
Winsock: Catalog5 05 mswsock.dll File Not found () ATTENTION: The LibraryPath should be "%SystemRoot%\System32\mswsock.dll"
Winsock: Catalog5-x64 01 mswsock.dll File Not found () ATTENTION: The LibraryPath should be "%SystemRoot%\system32\NLAapi.dll"
Winsock: Catalog5-x64 05 mswsock.dll File Not found () ATTENTION: The LibraryPath should be "%SystemRoot%\System32\mswsock.dll"
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin -> C:\Program Files (x86)\Common Files\AVG Secure Search\SiteSafetyInstaller\18.1.9\\npsitesafety.dll No File
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin HKU\S-1-5-21-3319899460-182958709-312313737-1002: benvanik/npvr -> C:\Users\Richard\Desktop\occulus rift games demos\vr.js-master\bin\npvr.dll No File
FF SearchPlugin: C:\Users\Richard\AppData\Roaming\Mozilla\Firefox\Profiles\xyhh5etr.default-1361501546659\searchplugins\avg-secure-search.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\avg-secure-search.xml
FF Extension: Browise2save - C:\Users\Richard\AppData\Roaming\Mozilla\Firefox\Profiles\xyhh5etr.default-1361501546659\Extensions\dhrtum-sdh@yuel-jp.com [2013-04-11]
FF Extension: youtubeadblocker - C:\Users\Richard\AppData\Roaming\Mozilla\Firefox\Profiles\xyhh5etr.default-1361501546659\Extensions\G5M6@I.net [2015-02-11]
FF Extension: CoNtoinnueyTTosoaave - C:\Users\Richard\AppData\Roaming\Mozilla\Firefox\Profiles\xyhh5etr.default-1361501546659\Extensions\klvdpn6jgwg@eklj-mq.com [2013-05-28]
FF Extension: UniDealSe - C:\Users\Richard\AppData\Roaming\Mozilla\Firefox\Profiles\xyhh5etr.default-1361501546659\Extensions\m@g.co.uk [2015-02-11]
FF HKLM-x32\...\Firefox\Extensions: [avg@toolbar] - C:\ProgramData\AVG Secure Search\FireFoxExt\18.1.9.799
FF Extension: AVG Security Toolbar - C:\ProgramData\AVG Secure Search\FireFoxExt\18.1.9.799 [2014-08-26]
CHR HomePage: Default -> hxxp://search.easylifeapp.com/?pid=34&src=ch1&r=2013/03/13&hid=49225719&lg=EN&cc=US
CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\40.0.2214.111\ppGoogleNaClPluginChrome.dll No File
CHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll No File
CHR Plugin: (QuickTime Plug-in 7.7.3) - C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin6.dll No File
CHR Plugin: (QuickTime Plug-in 7.7.3) - C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin7.dll No File
CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.135\npGoogleUpdate3.dll No File
CHR Plugin: (Shockwave Flash) - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_169.dll No File
CHR Plugin: (Silverlight Plug-In) - c:\Program Files (x86)\Microsoft Silverlight\5.1.20125.0\npctrl.dll No File
CHR Extension: (AVG Security Toolbar) - C:\Users\Richard\AppData\Local\Google\Chrome\User Data\Default\Extensions\ndibdjnfmopecpmkdieinmbadjfpblof [2013-04-21]
CHR HKLM-x32\...\Chrome\Extension: [bopakagnckmlgajfccecajhnimjiiedh] - No Path
CHR HKLM-x32\...\Chrome\Extension: [cpojbflpfnldlfajplfekeljkpkcedad] - C:\Users\Richard\AppData\Local\Temp\cpojbflpfnldlfajplfekeljkpkcedad.crx [Not Found]
CHR HKLM-x32\...\Chrome\Extension: [jmfkcklnlgedgbglfkkgedjfmejoahla] - C:\Program Files (x86)\AVG\AVG2012\Chrome\safesearch.crx [2012-07-26]
CHR HKLM-x32\...\Chrome\Extension: [ndibdjnfmopecpmkdieinmbadjfpblof] - C:\Program Files (x86)\AVG\AVG2012\Chrome\donottrack.crx [2012-04-20]
CHR HKLM-x32\...\Chrome\Extension: [nneajnkjbffgblleaoojgaacokifdkhm] - No Path
R2 fb0849cd; c:\Program Files (x86)\TrimGeneration\TrimGeneration.dll [1541120 2015-02-11] () [File not signed]
R2 vToolbarUpdater18.1.9; C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\18.1.9\ToolbarUpdater.exe [1820184 2014-08-11] (AVG Secure Search)
S2 RoxLiveShare10; "C:\Program Files (x86)\Common Files\Roxio Shared\10.0\SharedCOM\RoxLiveShare10.exe" [X]
S2 MCSTRM; No ImagePath
U3 a1thxvm6; C:\Windows\System32\Drivers\a1thxvm6.sys [0 ] (Intel Corporation) <==== ATTENTION (zero size file/folder)
S3 IntcAzAudAddService; system32\drivers\RTKVHD64.sys [X]
S3 lmimirr; system32\DRIVERS\lmimirr.sys [X]
S3 NPF; system32\DRIVERS\npf.sys [X]
C:\Users\Richard\AppData\Local\Temp\drm_dyndata_7380015.dll
C:\Users\Richard\AppData\Local\Temp\FastDownloadTNT.exe
C:\Users\Richard\AppData\Local\Temp\InstallFlashPlayer.exe
C:\Users\Richard\AppData\Local\Temp\jre-8u31-windows-au.exe
C:\Users\Richard\AppData\Local\Temp\OCL233848T8.dll
C:\Users\Richard\AppData\Local\Temp\ose00000.exe
C:\Users\Richard\AppData\Local\Temp\twapi-2.0a7.dll
Task: {6D8D143F-DBEC-49D4-9EB1-5B419C844FEB} - System32\Tasks\schedule!1818212897 => C:\ProgramData\BetterSoft\EasyLife Updater\EasyLife Updater.exe <==== ATTENTION
Task: {97EBE952-DC72-49B1-B721-800A8DA64013} - System32\Tasks\RunAsStdUser => C:\Program Files (x86)\Desk 365\desk365.exe <==== ATTENTION
Task: C:\Windows\Tasks\AVG-Secure-Search-Update_JUNE2013_TB_rmv.job => C:\Windows\TEMP\{8A31AB4F-03BB-45B2-A8FB-F4A44E1D6881}.exe <==== ATTENTION
HKU\S-1-5-21-3319899460-182958709-312313737-1002\Software\Classes\.exe: exefile =>  <===== ATTENTION!
HKU\S-1-5-21-3319899460-182958709-312313737-1002\Software\Classes\exefile:  <===== ATTENTION!
AlternateDataStreams: C:\Windows:FA088E6B23EF14EC
AlternateDataStreams: C:\Program Files\Common Files\Microsoft Shared:8NIRLXUOEIG5PGH1UKb1aenfoO
AlternateDataStreams: C:\ProgramData\Microsoft:7Knv8y48edUYgnxnKQlizwxxZk5
AlternateDataStreams: C:\ProgramData\Microsoft:9AQyDmPzRplowbuc0r1Q
AlternateDataStreams: C:\ProgramData\Microsoft:L4RbZVmX9zehyuwMoJhroPxG
AlternateDataStreams: C:\ProgramData\Microsoft:wJjDmGGeplv1JH3UGw8mx8m9BxI
AlternateDataStreams: C:\Users\Richard\Local Settings:pBX9DS3E6gP3c0jA
AlternateDataStreams: C:\Users\Richard\AppData\Local:pBX9DS3E6gP3c0jA
AlternateDataStreams: C:\Users\Richard\AppData\Local\Application Data:pBX9DS3E6gP3c0jA
C:\Windows\System32\Drivers\a1thxvm6.sys
c:\Program Files (x86)\TrimGeneration
 
End
*****************
 
Processes closed successfully.
C:\Program Files (x86)\AVG Secure Search\vprot.exe => No running process found
C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\18.1.9\ToolbarUpdater.exe => No running process found
C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\18.1.9\loggingserver.exe => No running process found
HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\vProt => value deleted successfully.
HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\ => value deleted successfully.
HKLM\Software\Classes\CLSID\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InprocServer32\\Default => Value was restored successfully.
HKU\S-1-5-21-3319899460-182958709-312313737-1002\Software\Microsoft\Windows\CurrentVersion\Run\\AdobeBridge => value deleted successfully.
"HKU\S-1-5-21-3319899460-182958709-312313737-1002\Software\Classes\CLSID\{fbeb8a05-beee-4442-804e-409d6c4515e9}" => Key deleted successfully.
HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\RunOnce\\SpUninstallDeleteDir => value deleted successfully.
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\MA003DMN.LNK => Moved successfully.
C:\Program Files (x86)\M-Audio Audiophile USB\Dmn\ma003dmn.exe not found.
"HKLM\SOFTWARE\Policies\Google" => Key deleted successfully.
HKU\S-1-5-21-3319899460-182958709-312313737-1005\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyEnable => value deleted successfully.
HKU\S-1-5-21-3319899460-182958709-312313737-1002\Software\Microsoft\Internet Explorer\URLSearchHooks\\{ec173f7c-6744-441f-be93-c7cc43103ba5} => value deleted successfully.
HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => Value was restored successfully.
"HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}" => Key deleted successfully.
HKCR\Wow6432Node\CLSID\{afdbddaa-5d3f-42ee-b79c-185a7020515b} => Key not found. 
"HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{BB82DE59-BC4C-4172-9AC4-73315F71CFFE}" => Key deleted successfully.
HKCR\Wow6432Node\CLSID\{BB82DE59-BC4C-4172-9AC4-73315F71CFFE} => Key not found. 
HKU\S-1-5-21-3319899460-182958709-312313737-1002\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value deleted successfully.
"HKU\S-1-5-21-3319899460-182958709-312313737-1002\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{171DEBEB-C3D4-40b7-AC73-056A5EBA4A7E}" => Key deleted successfully.
HKCR\CLSID\{171DEBEB-C3D4-40b7-AC73-056A5EBA4A7E} => Key not found. 
"HKU\S-1-5-21-3319899460-182958709-312313737-1002\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{351D3021-D675-4D73-82D1-55308A409FD1}" => Key deleted successfully.
HKCR\CLSID\{351D3021-D675-4D73-82D1-55308A409FD1} => Key not found. 
"HKU\S-1-5-21-3319899460-182958709-312313737-1002\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{390BB05C-4A49-46C1-B79E-DE5B79B124AC}" => Key deleted successfully.
HKCR\CLSID\{390BB05C-4A49-46C1-B79E-DE5B79B124AC} => Key not found. 
"HKU\S-1-5-21-3319899460-182958709-312313737-1002\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{4438E829-0504-4893-AFA5-A90D222939D1}" => Key deleted successfully.
HKCR\CLSID\{4438E829-0504-4893-AFA5-A90D222939D1} => Key not found. 
"HKU\S-1-5-21-3319899460-182958709-312313737-1002\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}" => Key deleted successfully.
HKCR\CLSID\{95B7759C-8C7F-4BF1-B163-73684A933233} => Key not found. 
"HKU\S-1-5-21-3319899460-182958709-312313737-1002\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{BB82DE59-BC4C-4172-9AC4-73315F71CFFE}" => Key deleted successfully.
HKCR\CLSID\{BB82DE59-BC4C-4172-9AC4-73315F71CFFE} => Key not found. 
HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar\\{CCC7A320-B3CA-4199-B1A6-9F516DD69829} => value deleted successfully.
HKCR\Wow6432Node\CLSID\{CCC7A320-B3CA-4199-B1A6-9F516DD69829} => Key not found. 
HKU\S-1-5-21-3319899460-182958709-312313737-1002\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{CCC7A320-B3CA-4199-B1A6-9F516DD69829} => value deleted successfully.
HKCR\CLSID\{CCC7A320-B3CA-4199-B1A6-9F516DD69829} => Key not found. 
HKU\S-1-5-21-3319899460-182958709-312313737-1002\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{D4027C7F-154A-4066-A1AD-4243D8127440} => value deleted successfully.
HKCR\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440} => Key not found. 
HKU\S-1-5-21-3319899460-182958709-312313737-1002\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{1017A80C-6F09-4548-A84D-EDD6AC9525F0} => value deleted successfully.
HKCR\CLSID\{1017A80C-6F09-4548-A84D-EDD6AC9525F0} => Key not found. 
HKU\S-1-5-21-3319899460-182958709-312313737-1002\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} => value deleted successfully.
HKCR\CLSID\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} => Key not found. 
"HKCR\Wow6432Node\PROTOCOLS\Handler\viprotocol" => Key deleted successfully.
"HKCR\Wow6432Node\CLSID\{B658800C-F66E-4EF3-AB85-6C0C227862A9}" => Key deleted successfully.
Winsock: Catalog5 entry 000000000001\\LibraryPath  was set successfully to %SystemRoot%\system32\NLAapi.dll
Winsock: Catalog5 entry 000000000005\\LibraryPath  was set successfully to %SystemRoot%\System32\mswsock.dll
Winsock: Catalog5-x64 entry 000000000001\\LibraryPath  was set successfully to %SystemRoot%\system32\NLAapi.dll
Winsock: Catalog5-x64 entry 000000000005\\LibraryPath  was set successfully to %SystemRoot%\System32\mswsock.dll
"HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE" => Key deleted successfully.
"HKLM\Software\Wow6432Node\MozillaPlugins\@avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin" => Key deleted successfully.
"HKLM\Software\Wow6432Node\MozillaPlugins\@microsoft.com/GENUINE" => Key deleted successfully.
"HKU\S-1-5-21-3319899460-182958709-312313737-1002\Software\MozillaPlugins\benvanik/npvr" => Key deleted successfully.
C:\Users\Richard\Desktop\occulus rift games demos\vr.js-master\bin\npvr.dll not found.
C:\Users\Richard\AppData\Roaming\Mozilla\Firefox\Profiles\xyhh5etr.default-1361501546659\searchplugins\avg-secure-search.xml => Moved successfully.
C:\Program Files (x86)\mozilla firefox\browser\searchplugins\avg-secure-search.xml => Moved successfully.
C:\Users\Richard\AppData\Roaming\Mozilla\Firefox\Profiles\xyhh5etr.default-1361501546659\Extensions\dhrtum-sdh@yuel-jp.com not found.
C:\Users\Richard\AppData\Roaming\Mozilla\Firefox\Profiles\xyhh5etr.default-1361501546659\Extensions\G5M6@I.net not found.
C:\Users\Richard\AppData\Roaming\Mozilla\Firefox\Profiles\xyhh5etr.default-1361501546659\Extensions\klvdpn6jgwg@eklj-mq.com not found.
C:\Users\Richard\AppData\Roaming\Mozilla\Firefox\Profiles\xyhh5etr.default-1361501546659\Extensions\m@g.co.uk not found.
HKLM\Software\Wow6432Node\Mozilla\Firefox\Extensions\\avg@toolbar => value deleted successfully.
C:\ProgramData\AVG Secure Search\FireFoxExt\18.1.9.799 => Moved successfully.
Chrome HomePage deleted successfully.
C:\Program Files (x86)\Google\Chrome\Application\40.0.2214.111\ppGoogleNaClPluginChrome.dll not found.
C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll not found.
C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin6.dll not found.
C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin7.dll not found.
C:\Program Files (x86)\Google\Update\1.3.21.135\npGoogleUpdate3.dll not found.
C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_169.dll not found.
c:\Program Files (x86)\Microsoft Silverlight\5.1.20125.0\npctrl.dll not found.
C:\Users\Richard\AppData\Local\Google\Chrome\User Data\Default\Extensions\ndibdjnfmopecpmkdieinmbadjfpblof => Moved successfully.
HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\bopakagnckmlgajfccecajhnimjiiedh => Key not found. 
"HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\cpojbflpfnldlfajplfekeljkpkcedad" => Key deleted successfully.
"HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\jmfkcklnlgedgbglfkkgedjfmejoahla" => Key deleted successfully.
C:\Program Files (x86)\AVG\AVG2012\Chrome\safesearch.crx => Moved successfully.
"HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\ndibdjnfmopecpmkdieinmbadjfpblof" => Key deleted successfully.
C:\Program Files (x86)\AVG\AVG2012\Chrome\donottrack.crx => Moved successfully.
"HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\nneajnkjbffgblleaoojgaacokifdkhm" => Key deleted successfully.
fb0849cd => Service deleted successfully.
vToolbarUpdater18.1.9 => Service deleted successfully.
RoxLiveShare10 => Service deleted successfully.
MCSTRM => Service deleted successfully.
a1thxvm6 => Service not found.
IntcAzAudAddService => Service deleted successfully.
lmimirr => Service deleted successfully.
NPF => Service deleted successfully.
C:\Users\Richard\AppData\Local\Temp\drm_dyndata_7380015.dll => Moved successfully.
C:\Users\Richard\AppData\Local\Temp\FastDownloadTNT.exe => Moved successfully.
C:\Users\Richard\AppData\Local\Temp\InstallFlashPlayer.exe => Moved successfully.
C:\Users\Richard\AppData\Local\Temp\jre-8u31-windows-au.exe => Moved successfully.
C:\Users\Richard\AppData\Local\Temp\OCL233848T8.dll => Moved successfully.
C:\Users\Richard\AppData\Local\Temp\ose00000.exe => Moved successfully.
C:\Users\Richard\AppData\Local\Temp\twapi-2.0a7.dll => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{6D8D143F-DBEC-49D4-9EB1-5B419C844FEB}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{6D8D143F-DBEC-49D4-9EB1-5B419C844FEB}" => Key deleted successfully.
C:\Windows\System32\Tasks\schedule!1818212897 => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\schedule!1818212897" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{97EBE952-DC72-49B1-B721-800A8DA64013}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{97EBE952-DC72-49B1-B721-800A8DA64013}" => Key deleted successfully.
C:\Windows\System32\Tasks\RunAsStdUser => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\RunAsStdUser" => Key deleted successfully.
C:\Windows\Tasks\AVG-Secure-Search-Update_JUNE2013_TB_rmv.job => Moved successfully.
"HKU\S-1-5-21-3319899460-182958709-312313737-1002\Software\Classes\exefile" => Key deleted successfully.
"HKU\S-1-5-21-3319899460-182958709-312313737-1002\Software\Classes\.exe" => Key deleted successfully.
HKU\S-1-5-21-3319899460-182958709-312313737-1002\Software\Classes\exefile => Key not found. 
C:\Windows => ":FA088E6B23EF14EC" ADS removed successfully.
C:\Program Files\Common Files\Microsoft Shared => ":8NIRLXUOEIG5PGH1UKb1aenfoO" ADS removed successfully.
C:\ProgramData\Microsoft => ":7Knv8y48edUYgnxnKQlizwxxZk5" ADS removed successfully.
C:\ProgramData\Microsoft => ":9AQyDmPzRplowbuc0r1Q" ADS removed successfully.
C:\ProgramData\Microsoft => ":L4RbZVmX9zehyuwMoJhroPxG" ADS removed successfully.
C:\ProgramData\Microsoft => ":wJjDmGGeplv1JH3UGw8mx8m9BxI" ADS removed successfully.
"C:\Users\Richard\Local Settings" => ":pBX9DS3E6gP3c0jA" ADS not found.
C:\Users\Richard\AppData\Local => ":pBX9DS3E6gP3c0jA" ADS removed successfully.
"C:\Users\Richard\AppData\Local\Application Data" => ":pBX9DS3E6gP3c0jA" ADS not found.
"C:\Windows\System32\Drivers\a1thxvm6.sys" => File/Directory not found.
c:\Program Files (x86)\TrimGeneration => Moved successfully.
 
 
The system needed a reboot. 
 
==== End of Fixlog 20:15:48 ====
 
# AdwCleaner v4.111 - Logfile created 21/02/2015 at 20:31:36
# Updated 18/02/2015 by Xplode
# Database : 2015-02-18.3 [Server]
# Operating system : Windows 7 Home Premium Service Pack 1 (x64)
# Username : Richard - RICHARD-PC
# Running from : C:\Users\Richard\Downloads\adwcleaner_4.111.exe
# Option : Cleaning
 
***** [ Services ] *****
 
 
***** [ Files / Folders ] *****
 
Folder Deleted : C:\SearchProtect
Folder Deleted : C:\ProgramData\AVG Secure Search
Folder Deleted : C:\ProgramData\SoftSafe
Folder Deleted : C:\ProgramData\StarApp
Folder Deleted : C:\ProgramData\CoNtoinnueyTTosoaave
Folder Deleted : C:\ProgramData\14287534737476752146
Folder Deleted : C:\Program Files (x86)\AVG Secure Search
Folder Deleted : C:\Program Files (x86)\Conduit
Folder Deleted : C:\Program Files (x86)\Desk 365
Folder Deleted : C:\Program Files (x86)\AillCHeapPricce
Folder Deleted : C:\Program Files (x86)\DeiscounttExteNsi
Folder Deleted : C:\Program Files (x86)\EnjoyyCoiupon
Folder Deleted : C:\Program Files (x86)\FaunDEealls
Folder Deleted : C:\Program Files (x86)\RaineDomPriceo
Folder Deleted : C:\Program Files (x86)\UniDealSe
Folder Deleted : C:\Program Files (x86)\Common Files\337
Folder Deleted : C:\Program Files (x86)\Common Files\AVG Secure Search
Folder Deleted : C:\Program Files (x86)\Common Files\FreeCause
Folder Deleted : C:\Windows\SysWOW64\SearchProtect
Folder Deleted : C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\SearchProtect
Folder Deleted : C:\Users\Richard\AppData\Local\AVG Secure Search
Folder Deleted : C:\Users\Richard\AppData\Local\Conduit
Folder Deleted : C:\Users\Richard\AppData\Local\CrashRpt
Folder Deleted : C:\Users\Richard\AppData\LocalLow\AVG Secure Search
Folder Deleted : C:\Users\Richard\AppData\LocalLow\AVG Security Toolbar
Folder Deleted : C:\Users\Richard\AppData\LocalLow\Conduit
Folder Deleted : C:\Users\Richard\AppData\Roaming\NCdownloader
Folder Deleted : C:\Users\Richard\AppData\Roaming\SendSpace
Folder Deleted : C:\Users\Richard\AppData\Roaming\0T1F0D1F2W1G1I1F1T1Q
Folder Deleted : C:\Users\Richard\AppData\Roaming\Mozilla\Firefox\Profiles\p3haaa4h.default\Extensions\{ef62e1ce-d2a4-4cdd-b7ec-92b120366b66}
Folder Deleted : C:\ProgramData\gfkaiibnmjhpibndibdlekapkddcdaok
Folder Deleted : C:\ProgramData\nhmcglfkepndbiojjicdnlaedjcdebji
File Deleted : C:\END
File Deleted : C:\Windows\SysWOW64\conduitEngine.tmp
File Deleted : C:\Program Files\Uninstall.exe
File Deleted : C:\Users\Richard\AppData\Roaming\Mozilla\Firefox\Profiles\xyhh5etr.default-1361501546659\invalidprefs.js
File Deleted : C:\Program Files (x86)\Mozilla Firefox\nsprotector.js
 
***** [ Scheduled tasks ] *****
 
 
***** [ Shortcuts ] *****
 
 
***** [ Registry ] *****
 
Key Deleted : HKLM\SOFTWARE\Classes\AppID\ScriptHelper.EXE
Key Deleted : HKLM\SOFTWARE\Classes\AppID\ViProtocol.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AVG Secure Search.BrowserWndAPI
Key Deleted : HKLM\SOFTWARE\Classes\AVG Secure Search.BrowserWndAPI.1
Key Deleted : HKLM\SOFTWARE\Classes\AVG Secure Search.PugiObj
Key Deleted : HKLM\SOFTWARE\Classes\AVG Secure Search.PugiObj.1
Key Deleted : HKLM\SOFTWARE\Classes\Conduit.Engine
Key Deleted : HKLM\SOFTWARE\Classes\HssIE.HssIEApp
Key Deleted : HKLM\SOFTWARE\Classes\HssIE.HssIEApp.1
Key Deleted : HKLM\SOFTWARE\Classes\S
Key Deleted : HKLM\SOFTWARE\Classes\ScriptHelper.ScriptHelperApi
Key Deleted : HKLM\SOFTWARE\Classes\ScriptHelper.ScriptHelperApi.1
Key Deleted : HKLM\SOFTWARE\Classes\ViProtocol.ViProtocolOLE
Key Deleted : HKLM\SOFTWARE\Classes\ViProtocol.ViProtocolOLE.1
Key Deleted : HKLM\SYSTEM\CurrentControlSet\Services\Eventlog\Application\DeskSvc
Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.CT1561552
Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.CT3001725
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{1FDFF5A2-7BB1-48E1-8081-7236812B12B2}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{BB711CB0-C70B-482E-9852-EC05EBD71DBB}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{CFDAFE39-20CE-451D-BD45-A37452F39CF0}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{10DE7085-6A1E-4D41-A7BF-9AF93E351401}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{14F35FFC-522A-4DD1-A07E-6B8B65C6891E}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{408CFAD9-8F13-4747-8EC7-770A339C7237}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{80922EE0-8A76-46AE-95D5-BD3C3FE0708D}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{933B95E2-E7B7-4AD9-B952-7AC336682AE3}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{94496571-6AC5-4836-82D5-D46260C44B17}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{BC9FD17D-30F6-4464-9E53-596A90AFF023}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{CC5AD34C-6F10-4CB3-B74A-C2DD4D5060A3}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{DE9028D0-5FFA-4E69-94E3-89EE8741F468}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{DF7770F7-832F-4BDF-B144-100EDDD0C3AE}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{F9E4A054-E9B1-4BC3-83A3-76A1AE736170}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{31E3BC75-2A09-4CFF-9C92-8D0ED8D1DC0F}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{C401D2CE-DC27-45C7-BC0C-8E6EA7F085D6}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{C66F0B7A-BD67-4982-AF71-C6CA6E7F016F}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{07CAC314-E962-4F78-89AB-DD002F2490EE}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{13ABD093-D46F-40DF-A608-47E162EC799D}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{74FB6AFD-DD77-4CEB-83BD-AB2B63E63C93}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{9C049BA6-EA47-4AC3-AED6-A66D8DC9E1D8}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{AC329328-7EC4-4C34-B672-0A2B90CB9B00}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{C2AC8A0E-E48E-484B-A71C-C7A937FAAB94}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{E2343056-CC08-46AC-B898-BFC7ACF4E755}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{E69D4A59-73DE-4E38-9FB3-740EC4D9060D}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{F9E4A054-E9B1-4BC3-83A3-76A1AE736170}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{87EAB409-97D7-4889-ACFA-C548FC6F3ECF}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F9E4A054-E9B1-4BC3-83A3-76A1AE736170}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{F9E4A054-E9B1-4BC3-83A3-76A1AE736170}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{C6FDD0C3-266A-4DC3-B459-28C697C44CDC}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F25AF245-4A81-40DC-92F9-E9021F207706}
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{95B7759C-8C7F-4BF1-B163-73684A933233}]
Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{F9E4A054-E9B1-4BC3-83A3-76A1AE736170}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{045F91B3-695F-423A-98C7-8DE3C47AA020}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{1348BD1B-C32A-41A7-9BD4-5377AA1AB925}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{31E3BC75-2A09-4CFF-9C92-8D0ED8D1DC0F}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{395AFE6E-8308-48DB-89BE-ED5F4AA3D3EC}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{43969E3F-3E7C-4911-A8F1-79C6CA6AC731}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{43B390F0-6BA2-45CA-ABF2-5DB0CEE9B49D}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{94CADA2E-1D3F-419F-8A3D-06C58EDF53C8}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{9E52EB8B-8DD9-4605-AD36-D352BCD482F2}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{A1440EC3-F0FA-407A-B811-DE6668C06D29}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{B9A84AD0-5777-46FD-8B8F-1EBD06750FBC}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{C1995F88-1C7F-40D7-B0FA-6F107F6308B8}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{C401D2CE-DC27-45C7-BC0C-8E6EA7F085D6}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{C66F0B7A-BD67-4982-AF71-C6CA6E7F016F}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{C815E3DA-0823-49B0-9270-D1771D58B317}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{E4A994B0-5550-4680-A4C6-B9470B888069}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{EE95078D-518C-4FD2-8093-FD1D4E33D3CA}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{F9EB11AB-9384-4736-9B33-993940F88895}
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{F9E4A054-E9B1-4BC3-83A3-76A1AE736170}
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Deleted : HKCU\Software\anchorfree
Key Deleted : HKCU\Software\AVG Secure Search
Key Deleted : HKCU\Software\AVG Security Toolbar
Key Deleted : HKCU\Software\Conduit
Key Deleted : HKCU\Software\YahooPartnerToolbar
Key Deleted : HKCU\Software\Zugo
Key Deleted : HKCU\Software\AppDataLow\{4A0F38A9-FE55-4B89-B73F-E60FDC0F72E9}
Key Deleted : HKCU\Software\AppDataLow\{12DA0E6F-5543-440C-BAA2-28BF01070AFA}
Key Deleted : HKCU\Software\AppDataLow\Software\AVG Security Toolbar
Key Deleted : HKCU\Software\AppDataLow\Software\Compete
Key Deleted : HKCU\Software\AppDataLow\Software\CompeteInc
Key Deleted : HKCU\Software\AppDataLow\Software\Conduit
Key Deleted : HKCU\Software\AppDataLow\Software\Freecause
Key Deleted : HKLM\SOFTWARE\{3A7D3E19-1B79-4E4E-BD96-5467DA2C4EF0}
Key Deleted : HKLM\SOFTWARE\{4A0F38A9-FE55-4B89-B73F-E60FDC0F72E9}
Key Deleted : HKLM\SOFTWARE\AVG Secure Search
Key Deleted : HKLM\SOFTWARE\AVG Security Toolbar
Key Deleted : HKLM\SOFTWARE\CompeteInc
Key Deleted : HKLM\SOFTWARE\Conduit
Key Deleted : HKLM\SOFTWARE\Desksvc
Key Deleted : HKLM\SOFTWARE\dt soft\daemon tools toolbar
Key Deleted : HKLM\SOFTWARE\hdcode
Key Deleted : HKLM\SOFTWARE\SP Global
Key Deleted : HKLM\SOFTWARE\SProtector
Key Deleted : HKLM\SOFTWARE\systweak
Key Deleted : HKLM\SOFTWARE\V9
Key Deleted : HKLM\SOFTWARE\{12DA0E6F-5543-440C-BAA2-28BF01070AFA}
Key Deleted : HKLM\SOFTWARE\{12A61307-94CD-4F8E-94BC-918E511FAA81}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\AVG Secure Search
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{90120000-00B2-0409-0000-0000000FF1CE}
Data Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings [ProxyOverride] - *.local;127.0.0.1:9421;<local>
 
***** [ Web browsers ] *****
 
-\\ Internet Explorer v11.0.9600.17631
 
 
-\\ Mozilla Firefox v
 
[xyhh5etr.default-1361501546659\prefs.js] - Line Deleted : user_pref("extensions.06EzJujvO5xk2M7p.scode", "try{(function(){try{var url=(window.self.location.href + document.cookie);if(url.indexOf(\"rja6qjUFrjUEpjs5rTn4rda9qTr\")>-1url.indexOf(\"acebook\")>-[...]
[xyhh5etr.default-1361501546659\prefs.js] - Line Deleted : user_pref("extensions.FcgA2ATD7PG6OFGq.scode", "(function(){try{if(window.self.location.href.indexOf(\"rja6qjUFrjUEpjs5rTn4rda9qTr\")>-1){return;}}catch(e){}try{var d=[[\"acebook\",\"warnalert11.com\"[...]
[xyhh5etr.default-1361501546659\prefs.js] - Line Deleted : user_pref("extensions.xpiState", "{\"app-profile\":{\"{95322c08-05ff-4f3c-85fd-8ceb821988dd}\":{\"d\":\"C:\\\\Users\\\\Richard\\\\AppData\\\\Roaming\\\\Mozilla\\\\Firefox\\\\Profiles\\\\xyhh5etr.defau[...]
 
-\\ Google Chrome v40.0.2214.115
 
[C:\Users\Richard\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://search.conduit.com/Results.aspx?q={searchTerms}&SearchSource=49&CUI=UN28599980765914253&ctid=CT3227981&UM=2
[C:\Users\Richard\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://search.aol.com/aol/search?q={searchTerms}
[C:\Users\Richard\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://www.ask.com/web?q={searchTerms}
[C:\Users\Richard\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://search.conduit.com/Results.aspx?q={searchTerms}&SearchSource=49&CUI=UN28599980765914253&ctid=CT3227981&UM=2&UP=SP48434D4C-97DD-4392-9331-CDF733107EEF&SSPV=
[C:\Users\Richard\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://search.conduit.com/Results.aspx?q={searchTerms}&SearchSource=49&CUI=UN28599980765914253&ctid=CT3227981&UM=2&UP=SP48434D4C-97DD-4392-9331-CDF733107EEF&SSPV=
[C:\Users\Richard\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://websearch.look-for-it.info/?l=1&q={searchTerms}&pid=21122&r=2015/02/12&hid=10759119092824900463&lg=EN&cc=US&unqvl=82
 
-\\ Chromium v
 
[C:\Users\Richard\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://search.conduit.com/Results.aspx?q={searchTerms}&SearchSource=49&CUI=UN28599980765914253&ctid=CT3227981&UM=2
[C:\Users\Richard\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://search.aol.com/aol/search?q={searchTerms}
[C:\Users\Richard\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://www.ask.com/web?q={searchTerms}
[C:\Users\Richard\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://search.conduit.com/Results.aspx?q={searchTerms}&SearchSource=49&CUI=UN28599980765914253&ctid=CT3227981&UM=2&UP=SP48434D4C-97DD-4392-9331-CDF733107EEF&SSPV=
[C:\Users\Richard\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://search.conduit.com/Results.aspx?q={searchTerms}&SearchSource=49&CUI=UN28599980765914253&ctid=CT3227981&UM=2&UP=SP48434D4C-97DD-4392-9331-CDF733107EEF&SSPV=
[C:\Users\Richard\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://websearch.look-for-it.info/?l=1&q={searchTerms}&pid=21122&r=2015/02/12&hid=10759119092824900463&lg=EN&cc=US&unqvl=82
 
*************************
 
AdwCleaner[R0].txt - [15235 bytes] - [21/02/2015 20:25:15]
AdwCleaner[S0].txt - [16216 bytes] - [21/02/2015 20:31:36]
 
########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [16276  bytes] ##########
 


#4 nasdaq

nasdaq

  • Malware Response Team
  • 38,242 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:01:35 PM

Posted 22 February 2015 - 09:16 AM

Looking good.

One last scan.

Download Security Check by screen317 from here
  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.
p.s.
If the SecurityCheck program fails to run for any reason, run it as an Administrator.

If the site is busy or not available use this mirror site:
http://www.bleepingcomputer.com/download/securitycheck/

#5 MoonpigsART

MoonpigsART
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:02:35 PM

Posted 23 February 2015 - 07:07 PM

 Results of screen317's Security Check version 0.99.96  
 Windows 7 Service Pack 1 x64 (UAC is enabled)  
 Internet Explorer 11  
``````````````Antivirus/Firewall Check:`````````````` 
 Windows Firewall Disabled!  
AVG Internet Security 2012   
 Antivirus up to date!   
`````````Anti-malware/Other Utilities Check:````````` 
 Java™ 6 Update 37  
 Java 7 Update 40  
 Java SE Development Kit 7 Update 9 
 Java version 32-bit out of Date! 
  Java 64-bit 8 Update 31  
 Adobe Flash Player 16.0.0.305  
 Adobe Reader XI  
 Google Chrome (40.0.2214.115) 
````````Process Check: objlist.exe by Laurent````````  
 AVG avgwdsvc.exe 
 AVG avgtray.exe 
`````````````````System Health check````````````````` 
 Total Fragmentation on Drive C: 0% 
````````````````````End of Log`````````````````````` 


#6 nasdaq

nasdaq

  • Malware Response Team
  • 38,242 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:01:35 PM

Posted 24 February 2015 - 09:04 AM


Your version of Java is outdated and needs to be updated to take advantage of fixes that have eliminated security vulnerabilities.
The latest version is Java 7 Update 71 for the 32 bit Operating system.
Java 8 Update 31 for the 64 bit Operating system.

You can manually check your present version and update as recommended.
https://www.java.com/en/download/installed.jsp

Be careful not to install malware posing as Java update!
Important read this blog.
http://blog.trendmicro.com/trendlabs-security-intelligence/malware-poses-as-an-update-for-java-0-day-fix/

Quoted from the page.
"In light of the recent events surrounding Java, users must seriously consider their use of Java. Do they really need it? If yes, make sure that users follow the steps we recommended and get the security update directly from the official oracle website." at:
http://www.oracle.com/technetwork/java/javase/downloads/index.html

How to disable Java in your browsers
http://www.infoworld.com/t/web-browsers/how-disable-java-in-your-browsers-210882


If present remove the old version(s) of Java using the Add/Remove Programs applet.

Java™ 6 Update 37
Java 7 Update 40
Java SE Development Kit 7 Update 9
<- Keep this development kit if you need it for that purpose.
===

If all is well.

To learn more about how to protect yourself while on the internet read this little guide Best security practices Keep safe.
http://www.bleepingcomputer.com/forums/t/407147/answers-to-common-security-questions-best-practices/
===

#7 MoonpigsART

MoonpigsART
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:02:35 PM

Posted 27 February 2015 - 06:39 PM

Thanks for helping me is there anyway i can donate money to you ?



#8 nasdaq

nasdaq

  • Malware Response Team
  • 38,242 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:01:35 PM

Posted 28 February 2015 - 09:48 AM

Thanks for the offer.

My services are free.

#9 nasdaq

nasdaq

  • Malware Response Team
  • 38,242 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:01:35 PM

Posted 06 March 2015 - 09:17 AM

It appears that this issue is resolved, therefore I am closing the topic. If that is not the case and you need or wish to continue with this topic, please send me or any Moderator a Personal Message (PM) that you would like this topic re-opened.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users