Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Strange Behavior - Norton 360 mysteriously deleted


  • This topic is locked This topic is locked
2 replies to this topic

#1 cdepaola

cdepaola

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:12:32 AM

Posted 12 April 2015 - 10:46 AM

Started to experience some very strange behavior over the course of the past few weeks, which I can not attribute to any changes, download, or installations.  These behaviors include, but are not limited too:

 

  • Files and Folders "Owner" being changed or lost.
  • Norton 360, provided through Comcast, had been installed on this computer for several years.  It was fully up to date and running without issue. However in last several days the program became uninstalled and attempts to re install were successful but the program would not start automatically or manually. I followed guides on Nortons support site to deal with potential issues and still had no success.  
  • Malwarebytes crashes upon trying to remove any malware and or PUP's
  • Superantispyware will not start

 

I have made several attempts to scan the computer with Kaspersky and MalwayreBytes as well as online scan tools. No problems were found. 

 

Initial FRST logs below:

 

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 11-04-2015
Ran by Chris (administrator) on ASUSG74 on 12-04-2015 10:24:12
Running from C:\Users\Chris\Downloads
Loaded Profiles: Chris (Available profiles: Chris)
Platform: Windows 8.1 Pro (X64) OS Language: English (United States)
Internet Explorer Version 11 (Default browser: IE)
Boot Mode: Normal
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Stardock Software, Inc) C:\Program Files (x86)\Stardock\Start8\Start8Srv.exe
(Stardock Software, Inc) C:\Program Files (x86)\Stardock\Start8\Start8_64.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\AsLdrSrv.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Kaspersky Lab ZAO) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.2\avp.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Code 42 Software) C:\Program Files\CrashPlan\CrashPlanService.exe
(Intel® Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe
(Microsoft Corporation) C:\Windows\System32\dasHost.exe
(Microsoft Corporation) C:\Windows\SysWOW64\svchost.exe
(LogMeIn, Inc.) C:\Program Files (x86)\LogMeIn\x64\LMIGuardianSvc.exe
(LogMeIn, Inc.) C:\Program Files (x86)\LogMeIn\x64\ramaint.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(Intel® Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
(Microsoft Corporation) C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
(Intel® Corporation) C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe
(LogMeIn, Inc.) C:\Program Files (x86)\LogMeIn\x64\LogMeIn.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(Kaspersky Lab ZAO) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.2\avpui.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\USBChargerPlus\USBChargerPlus.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe
(NETGEAR) C:\Program Files (x86)\NETGEAR ReadyNAS\Remote\bin\ReadyNASRemote.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
(Intel Corporation) C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe
(Intel® Corporation) C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ATKOSD.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\WDC.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Sentelic Corporation) C:\Program Files\FSP\FspUip.exe
(Box, Inc.) C:\Program Files\Box\Box Sync\BoxSync.exe
(LogMeIn, Inc.) C:\Program Files (x86)\LogMeIn\x64\LogMeInSystray.exe
(Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe
(Akamai Technologies, Inc.) C:\Users\Chris\AppData\Local\Akamai\netsession_win.exe
(Akamai Technologies, Inc.) C:\Users\Chris\AppData\Local\Akamai\netsession_win.exe
(Hewlett-Packard Co.) C:\Program Files\HP\HP Officejet Pro 8600\Bin\ScanToPCActivationApp.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudDrive.exe
(Piriform Ltd) C:\Program Files\CCleaner\CCleaner64.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Hewlett-Packard Co.) C:\Program Files\HP\HP Officejet Pro 8600\Bin\HPNetworkCommunicator.exe
(Code 42 Software, Inc.) C:\Program Files\CrashPlan\CrashPlanTray.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe
(Dropbox, Inc.) C:\Users\Chris\AppData\Roaming\Dropbox\bin\Dropbox.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe
(Windows ® Win 7 DDK provider) C:\Program Files\Fresco Logic\Fresco Logic USB3.0 Host Controller\amd64_host\FLxHCIm.exe
(Adobe Systems Inc.) C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\acrotray.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Binnerup Consult) C:\Program Files (x86)\Binnerup Consult\My Movies for Windows\My Movies Tray.exe
(Hewlett-Packard Co.) C:\Program Files\HP\HP Officejet Pro 8600\Bin\HPNetworkCommunicatorCom.exe
(Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe
(Hewlett-Packard) C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
() C:\Program Files (x86)\Google\Update\Install\{92140466-274A-4366-A030-3897B9733A0E}\41.0.2272.118_41.0.2272.101_chrome_updater.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\41.0.2272.101\Installer\setup.exe
(NETGEAR Inc.) C:\Program Files (x86)\NETGEAR ReadyNAS\Remote\bin\ReadyDrop.exe
(NTeWORKS) C:\Program Files (x86)\PicPick\picpick.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\Office14\OUTLOOK.EXE
(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
 
 
==================== Registry (Whitelisted) ==================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13513288 2013-03-29] (Realtek Semiconductor)
HKLM\...\Run: [fspuip] => C:\Program Files\FSP\fspuip.exe [4285952 2011-06-19] (Sentelic Corporation)
HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2403104 2014-07-25] (NVIDIA Corporation)
HKLM\...\Run: [ShadowPlay] => C:\WINDOWS\system32\rundll32.exe C:\WINDOWS\system32\nvspcap64.dll,ShadowPlayOnSystemStart
HKLM\...\Run: [BoxSync] => C:\Program Files\Box\Box Sync\BoxSync.exe [5728624 2015-03-11] (Box, Inc.)
HKLM\...\Run: [LogMeIn GUI] => C:\Program Files (x86)\LogMeIn\x64\LogMeInSystray.exe [57928 2014-02-07] (LogMeIn, Inc.)
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [169768 2015-02-13] (Apple Inc.)
HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [557768 2014-10-14] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [ATKOSD2] => C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe [5716608 2011-07-21] (ASUS)
HKLM-x32\...\Run: [ATKMEDIA] => C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe [170624 2010-10-07] (ASUS)
HKLM-x32\...\Run: [HControlUser] => C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe [105016 2009-06-19] (ASUS)
HKLM-x32\...\Run: [FLxHCIm64] => C:\Program Files\Fresco Logic\Fresco Logic USB3.0 Host Controller\amd64_host\FLxHCIm.exe [48128 2012-07-19] (Windows ® Win 7 DDK provider)
HKLM-x32\...\Run: [Acrobat Assistant 8.0] => C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrotray.exe [840592 2014-12-03] (Adobe Systems Inc.)
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [60712 2015-02-13] (Apple Inc.)
HKLM-x32\...\Run: [SwitchBoard] => C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2014-10-02] (Apple Inc.)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [508800 2014-12-17] (Oracle Corporation)
HKLM-x32\...\Run: [Adobe Acrobat Speed Launcher] => C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrobat_sl.exe [41360 2014-12-03] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1022152 2014-12-19] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [My Movies Tray] => C:\Program Files (x86)\Binnerup Consult\My Movies for Windows\My Movies Tray.exe [496632 2015-01-30] (Binnerup Consult)
HKLM-x32\...\Run: [AdobeCS5ServiceManager] => C:\Program Files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe [402432 2010-07-22] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [HP Software Update] => C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe [96056 2013-05-30] (Hewlett-Packard)
HKU\S-1-5-21-4219955133-3732581121-3349534885-1001\...\Run: [Akamai NetSession Interface] => C:\Users\Chris\AppData\Local\Akamai\netsession_win.exe [4673432 2014-10-30] (Akamai Technologies, Inc.)
HKU\S-1-5-21-4219955133-3732581121-3349534885-1001\...\Run: [HP Officejet Pro 8600 (NET)] => C:\Program Files\HP\HP Officejet Pro 8600\Bin\ScanToPCActivationApp.exe [2573416 2012-10-17] (Hewlett-Packard Co.)
HKU\S-1-5-21-4219955133-3732581121-3349534885-1001\...\Run: [ApplePhotoStreams] => C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe [43816 2014-11-21] (Apple Inc.)
HKU\S-1-5-21-4219955133-3732581121-3349534885-1001\...\Run: [iCloudServices] => C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe [43816 2014-10-17] (Apple Inc.)
HKU\S-1-5-21-4219955133-3732581121-3349534885-1001\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [7451928 2015-03-13] (Piriform Ltd)
HKU\S-1-5-21-4219955133-3732581121-3349534885-1001\...\Run: [iCloudDrive] => C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudDrive.exe [43816 2014-10-20] (Apple Inc.)
HKU\S-1-5-21-4219955133-3732581121-3349534885-1001\...\Run: [GoogleChromeAutoLaunch_4E6299B33FA0592A57BB7C6E94F010D2] => C:\Program Files (x86)\Google\Chrome\Application\chrome.exe [809288 2015-03-14] (Google Inc.)
HKU\S-1-5-21-4219955133-3732581121-3349534885-1001\...\Run: [PhotoshopElements13SyncAgent] => C:\Program Files\Adobe\Elements 13 Organizer\ElementsOrganizerAgent.exe [3734736 2015-01-30] (Adobe Systems Incorporated)
HKU\S-1-5-21-4219955133-3732581121-3349534885-1001\...\Run: [AnyDVD] => C:\Program Files (x86)\SlySoft\AnyDVD\AnyDVD.exe [109480 2015-03-16] (SlySoft, Inc.)
HKU\S-1-5-21-4219955133-3732581121-3349534885-1001\...\Run: [PicPick Start] => C:\Program Files (x86)\PicPick\picpick.exe [19918656 2015-03-04] (NTeWORKS)
HKU\S-1-5-21-4219955133-3732581121-3349534885-1001\...\MountPoints2: {df8da07a-d892-11e2-be66-806e6f6e6963} - "E:\PCOpenCD.exe" 
HKU\S-1-5-18\...\Run: [AnyDVD] => C:\Program Files (x86)\SlySoft\AnyDVD\AnyDVD.exe [109480 2015-03-16] (SlySoft, Inc.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\CrashPlan Tray.lnk
ShortcutTarget: CrashPlan Tray.lnk -> C:\Program Files\CrashPlan\CrashPlanTray.exe (Code 42 Software, Inc.)
Startup: C:\Users\Chris\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk -> C:\Users\Chris\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
Startup: C:\Users\Chris\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Monitor Ink Alerts - HP Officejet Pro 8600 (Network).lnk
ShortcutTarget: Monitor Ink Alerts - HP Officejet Pro 8600 (Network).lnk -> C:\Program Files\HP\HP Officejet Pro 8600\Bin\HPStatusBL.dll (Hewlett-Packard Co.)
ShellIconOverlayIdentifiers: [    BoxSyncFileLocked] -> {2a607da5-abe8-358e-a881-c0f5faf2d3a5} => C:\WINDOWS\system32\mscoree.dll (Microsoft Corporation)
ShellIconOverlayIdentifiers: [    BoxSyncFileLockedByOther] -> {f7d2951f-0b6b-346c-99ec-69cffc30a364} => C:\WINDOWS\system32\mscoree.dll (Microsoft Corporation)
ShellIconOverlayIdentifiers: [    BoxSyncNotSynced] -> {5ea95e3d-3e46-3812-b03c-49785fa67d41} => C:\WINDOWS\system32\mscoree.dll (Microsoft Corporation)
ShellIconOverlayIdentifiers: [    BoxSyncProblem] -> {a88b7184-bfa1-3d14-8efb-2225df9699bc} => C:\WINDOWS\system32\mscoree.dll (Microsoft Corporation)
ShellIconOverlayIdentifiers: [    BoxSyncSynced] -> {c89f9943-8f58-3eca-bd55-a658f53b2f48} => C:\WINDOWS\system32\mscoree.dll (Microsoft Corporation)
ShellIconOverlayIdentifiers: [DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Chris\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Chris\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [DropboxExt3] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Chris\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [DropboxExt4] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Chris\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Chris\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Chris\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [DropboxExt3] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Chris\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll (Dropbox, Inc.)
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com
HKU\S-1-5-21-4219955133-3732581121-3349534885-1001\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://t.msn.com/
HKU\S-1-5-21-4219955133-3732581121-3349534885-1001\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.com/ie
HKU\S-1-5-21-4219955133-3732581121-3349534885-1001\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com/ie
SearchScopes: HKLM-x32 -> DefaultScope value is missing.
SearchScopes: HKU\S-1-5-21-4219955133-3732581121-3349534885-1001 -> {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = http://www.google.com/search?q={sear
SearchScopes: HKU\S-1-5-21-4219955133-3732581121-3349534885-1001 -> {7BAFFB52-DAAF-49B5-BC96-1AD4710DAEC2} URL = 
BHO: Virtual Keyboard Plugin -> {4A66AD60-A03D-4D01-86F0-5F0F7C0EF1AD} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.2\x64\IEExt\ie_plugin.dll [2014-12-23] (Kaspersky Lab ZAO)
BHO: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre7\bin\ssv.dll [2015-02-28] (Oracle Corporation)
BHO: Content Blocker Plugin -> {93BC2EA7-2F17-4729-948A-D2E03FFB2412} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.2\x64\IEExt\ie_plugin.dll [2014-12-23] (Kaspersky Lab ZAO)
BHO: LastPass Vault -> {95D9ECF5-2A4D-4550-BE49-70D42F71296E} -> C:\Program Files (x86)\LastPass\LPToolbar_x64.dll [2013-08-23] (LastPass)
BHO: Safe Money Plugin -> {AB379017-4C03-4E00-8EDF-E6D6AF7CCF82} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.2\x64\IEExt\ie_plugin.dll [2014-12-23] (Kaspersky Lab ZAO)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
BHO: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre7\bin\jp2ssv.dll [2015-02-28] (Oracle Corporation)
BHO-x32: Virtual Keyboard Plugin -> {4A66AD60-A03D-4D01-86F0-5F0F7C0EF1AD} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.2\IEExt\ie_plugin.dll [2014-12-23] (Kaspersky Lab ZAO)
BHO-x32: No Name -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} ->  No File
BHO-x32: Content Blocker Plugin -> {93BC2EA7-2F17-4729-948A-D2E03FFB2412} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.2\IEExt\ie_plugin.dll [2014-12-23] (Kaspersky Lab ZAO)
BHO-x32: LastPass Vault -> {95D9ECF5-2A4D-4550-BE49-70D42F71296E} -> C:\Program Files (x86)\LastPass\LPToolbar.dll [2013-08-23] (LastPass)
BHO-x32: Safe Money Plugin -> {AB379017-4C03-4E00-8EDF-E6D6AF7CCF82} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.2\IEExt\ie_plugin.dll [2014-12-23] (Kaspersky Lab ZAO)
BHO-x32: Adobe PDF Conversion Toolbar Helper -> {AE7CD045-E861-484f-8273-0445EE161910} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll [2014-12-03] (Adobe Systems Incorporated)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
BHO-x32: No Name -> {DBC80044-A445-435b-BC74-9C25C1C588A9} ->  No File
BHO-x32: SmartSelect Class -> {F4971EE7-DAA0-4053-9964-665D8EE6A077} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll [2014-12-03] (Adobe Systems Incorporated)
Toolbar: HKLM - LastPass Toolbar - {9f6b5cc3-5c7b-4b5c-97af-19dec1e380e5} - C:\Program Files (x86)\LastPass\LPToolbar_x64.dll [2013-08-23] (LastPass)
Toolbar: HKLM-x32 - LastPass Toolbar - {9f6b5cc3-5c7b-4b5c-97af-19dec1e380e5} - C:\Program Files (x86)\LastPass\LPToolbar.dll [2013-08-23] (LastPass)
Toolbar: HKLM-x32 - Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll [2014-12-03] (Adobe Systems Incorporated)
Toolbar: HKU\S-1-5-21-4219955133-3732581121-3349534885-1001 -> No Name - {47833539-D0C5-4125-9FA8-0819E2EAAC93} -  No File
DPF: HKLM-x32 {0D41B8C5-2599-4893-8183-00195EC8D5F9} http://support.asus.com/select/asusTek_sys_ctrl3.cab
DPF: HKLM-x32 {1241F20B-0688-45A5-ADB2-208AFE4A5DDC} https://mail.plvw.org/fhweb/plugins/fhweb-activex.cab
Handler-x32: leaf - {3c4a8a13-029e-430d-b8c1-46e834d20b31} - C:\WINDOWS\SysWOW64\mscoree.dll [2013-08-21] (Microsoft Corporation)
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
 
FireFox:
========
FF ProfilePath: C:\Users\Chris\AppData\Roaming\Mozilla\Firefox\Profiles\imt2m8k2.default
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_16_0_0_305.dll [2015-02-05] ()
FF Plugin: @java.com/DTPlugin,version=10.75.2 -> C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll [2015-02-28] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.75.2 -> C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll [2015-02-28] (Oracle Corporation)
FF Plugin: @lastpass.com/NPLastPass -> C:\Program Files (x86)\LastPass\nplastpass64.dll [2013-08-23] (LastPass)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll [2014-05-13] ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_16_0_0_305.dll [2015-02-05] ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2014-10-30] ()
FF Plugin-x32: @foxitsoftware.com/Foxit PhantomPDF Plugin,version=1.0,application/vnd.fdf -> C:\Program Files (x86)\Foxit Software\Foxit PhantomPDF\plugins\npFoxitPhantomPDFPlugin.dll No File
FF Plugin-x32: @google.com/npPicasa3,version=3.0.0 -> C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll [2014-01-06] (Google, Inc.)
FF Plugin-x32: @java.com/DTPlugin,version=11.31.2 -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\dtplugin\npDeployJava1.dll No File
FF Plugin-x32: @java.com/JavaPlugin,version=11.31.2 -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\plugin2\npjp2.dll No File
FF Plugin-x32: @kaspersky.com/content_blocker_663BE84DBCC949E88C7600F63CA7F098 -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.2\FFExt\content_blocker@kaspersky.com [2015-04-11] ()
FF Plugin-x32: @kaspersky.com/online_banking_08806E753BE44495B44E90AA2513BDC5 -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.2\FFExt\online_banking@kaspersky.com [2015-04-11] ()
FF Plugin-x32: @kaspersky.com/virtual_keyboard_07402848C2F6470194F131B0F3DE025E -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.2\FFExt\virtual_keyboard@kaspersky.com [2015-04-11] ()
FF Plugin-x32: @lastpass.com/NPLastPass -> C:\Program Files (x86)\LastPass\nplastpass.dll [2013-08-23] (LastPass)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll [2014-05-13] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation)
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [2014-07-02] (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2014-07-02] (NVIDIA Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-02-04] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-02-04] (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.1.3 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2014-02-04] (VideoLAN)
FF Plugin-x32: Adobe Acrobat -> C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Air\nppdf32.dll [2014-12-03] (Adobe Systems Inc.)
FF Extension: ACSXerox FH Web Edition - C:\Users\Chris\AppData\Roaming\Mozilla\Firefox\Profiles\imt2m8k2.default\Extensions\support@firehousesoftware.com [2014-07-22]
FF Extension: Greasemonkey - C:\Users\Chris\AppData\Roaming\Mozilla\Firefox\Profiles\imt2m8k2.default\Extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}.xpi [2014-10-01]
FF HKLM-x32\...\Firefox\Extensions: [web2pdfextension@web2pdf.adobedotcom] - C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Browser\WCFirefoxExtn
FF Extension: Adobe Acrobat - Create PDF - C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Browser\WCFirefoxExtn [2013-06-24]
FF HKLM-x32\...\Firefox\Extensions: [content_blocker_663BE84DBCC949E88C7600F63CA7F098@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.2\FFExt\content_blocker@kaspersky.com
FF Extension: Dangerous Websites Blocker - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.2\FFExt\content_blocker@kaspersky.com [2015-04-11]
FF HKLM-x32\...\Firefox\Extensions: [virtual_keyboard_07402848C2F6470194F131B0F3DE025E@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.2\FFExt\virtual_keyboard@kaspersky.com
FF Extension: Virtual Keyboard - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.2\FFExt\virtual_keyboard@kaspersky.com [2015-04-11]
FF HKLM-x32\...\Firefox\Extensions: [online_banking_08806E753BE44495B44E90AA2513BDC5@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.2\FFExt\online_banking@kaspersky.com
FF Extension: Safe Money - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.2\FFExt\online_banking@kaspersky.com [2015-04-11]
FF Extension: No Name - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} [Not Found]
 
Chrome: 
=======
CHR HomePage: Default -> 
CHR StartupUrls: Default -> "hxxp://google.com/", "hxxp://www.search.ask.com/?tpid=ORJ-SPE&o=APN11411&pf=V7&trgb=CR&p2=%5EBBJ%5EOSJ000%5EYY%5EUS&gct=hp&apn_ptnrs=BBJ&apn_dtid=%5EOSJ000%5EYY%5EUS&apn_dbr=cr_36.0.1985.125&apn_uid=C914EE89-494B-4E11-9382-1B1B52587AEF&itbv=12.15.1.20&doi=2014-07-22&psv=&pt=tb"
CHR Profile: C:\Users\Chris\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Slides) - C:\Users\Chris\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-03-22]
CHR Extension: (Xmarks Bookmark Sync) - C:\Users\Chris\AppData\Local\Google\Chrome\User Data\Default\Extensions\ajpgkpeckebdhofmmjfgcjjiiejpodla [2015-03-22]
CHR Extension: (Awesome Screenshot: Capture, Annotate & Share) - C:\Users\Chris\AppData\Local\Google\Chrome\User Data\Default\Extensions\alelhddbbhepgpmgidjdcjakblofbmce [2015-03-22]
CHR Extension: (Google Docs) - C:\Users\Chris\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-03-22]
CHR Extension: (Google Drive) - C:\Users\Chris\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-03-22]
CHR Extension: (YouTube) - C:\Users\Chris\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-03-22]
CHR Extension: (Google Cast) - C:\Users\Chris\AppData\Local\Google\Chrome\User Data\Default\Extensions\boadgeojelhgndaghljhdicfkmllpafd [2015-03-22]
CHR Extension: (Adblock Plus) - C:\Users\Chris\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2015-03-22]
CHR Extension: (Google Search) - C:\Users\Chris\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-03-22]
CHR Extension: (Kaspersky Protection) - C:\Users\Chris\AppData\Local\Google\Chrome\User Data\Default\Extensions\dbhjdbfgekjfcfkkfjjmlmojhbllhbho [2015-04-12]
CHR Extension: (AutoCAD 360) - C:\Users\Chris\AppData\Local\Google\Chrome\User Data\Default\Extensions\dcjeclnkejmbepoibfnamioojinoopln [2015-03-22]
CHR Extension: (Google Sheets) - C:\Users\Chris\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-03-22]
CHR Extension: (Google Analytics Opt-out Add-on (by Google)) - C:\Users\Chris\AppData\Local\Google\Chrome\User Data\Default\Extensions\fllaojicojecljbmefodhfapmkghcbnh [2015-03-22]
CHR Extension: (IBA Opt-out (by Google)) - C:\Users\Chris\AppData\Local\Google\Chrome\User Data\Default\Extensions\gbiekjoijknlhijdjbaadobpkdhmoebb [2015-03-22]
CHR Extension: (HTTPS Everywhere) - C:\Users\Chris\AppData\Local\Google\Chrome\User Data\Default\Extensions\gcbommkclmclpchllfjekcdonpmejbdp [2015-03-22]
CHR Extension: (AdBlock) - C:\Users\Chris\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2015-03-22]
CHR Extension: (Bookmark Manager) - C:\Users\Chris\AppData\Local\Google\Chrome\User Data\Default\Extensions\gmlllbghnfkpflemihljekbapjopfjik [2015-04-07]
CHR Extension: (Pin It Button) - C:\Users\Chris\AppData\Local\Google\Chrome\User Data\Default\Extensions\gpdjojdkbbmdfjfahjcgigfpmkopogic [2015-03-22]
CHR Extension: (LastPass: Free Password Manager) - C:\Users\Chris\AppData\Local\Google\Chrome\User Data\Default\Extensions\hdokiejnpimakedhajhdlcegeplioahd [2015-03-22]
CHR Extension: (IE Tab) - C:\Users\Chris\AppData\Local\Google\Chrome\User Data\Default\Extensions\hehijbfgiekmjfkfjpbkbammjbdenadd [2015-03-22]
CHR Extension: (Hearts) - C:\Users\Chris\AppData\Local\Google\Chrome\User Data\Default\Extensions\iiekbobmockobialdpkcikfbldlinhch [2015-03-22]
CHR Extension: (Norton Identity Safe) - C:\Users\Chris\AppData\Local\Google\Chrome\User Data\Default\Extensions\iikflkcanblccfahdhdonehdalibjnif [2015-03-22]
CHR Extension: (Hootsuite) - C:\Users\Chris\AppData\Local\Google\Chrome\User Data\Default\Extensions\kneloppijbcidgidihgdjnooihjcdbij [2015-03-22]
CHR Extension: (Chrome Hotword Shared Module) - C:\Users\Chris\AppData\Local\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg [2015-03-22]
CHR Extension: (Google Wallet) - C:\Users\Chris\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-03-22]
CHR Extension: (Gmail) - C:\Users\Chris\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-03-22]
CHR HKLM\...\Chrome\Extension: [dbhjdbfgekjfcfkkfjjmlmojhbllhbho] - https://chrome.google.com/webstore/detail/dbhjdbfgekjfcfkkfjjmlmojhbllhbho [Not Found]
CHR HKLM\...\Chrome\Extension: [iikflkcanblccfahdhdonehdalibjnif] - https://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [dbhjdbfgekjfcfkkfjjmlmojhbllhbho] - https://chrome.google.com/webstore/detail/dbhjdbfgekjfcfkkfjjmlmojhbllhbho [Not Found]
CHR HKLM-x32\...\Chrome\Extension: [iikflkcanblccfahdhdonehdalibjnif] - https://clients2.google.com/service/update2/crx
 
==================== Services (Whitelisted) =================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
S2 AdobeActiveFileMonitor13.0; C:\Program Files\Adobe\Elements 13 Organizer\PhotoshopElementsFileAgent.exe [231120 2015-01-30] (Adobe Systems Incorporated)
R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [77128 2015-01-20] (Apple Inc.)
R2 AVP15.0.2; C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.2\avp.exe [193400 2014-12-23] (Kaspersky Lab ZAO)
S3 BoxSyncUpdateService; C:\Program Files\Box\Box Sync\SyncUpdaterService.exe [28696 2014-09-24] (Box, Inc.)
S3 BthHFSrv; C:\Windows\System32\BthHFSrv.dll [324608 2014-10-28] (Microsoft Corporation)
R2 CrashPlanService; C:\Program Files\CrashPlan\CrashPlanService.exe [223232 2014-10-13] (Code 42 Software) [File not signed]
R2 HPSLPSVC; C:\Program Files (x86)\HP\Digital Imaging\bin\HPSLPSVC64.DLL [1039360 2011-08-18] (Hewlett-Packard Co.) [File not signed]
R2 LMIGuardianSvc; C:\Program Files (x86)\LogMeIn\x64\LMIGuardianSvc.exe [417640 2015-03-03] (LogMeIn, Inc.)
R2 LMIMaint; C:\Program Files (x86)\LogMeIn\x64\RaMaint.exe [234344 2015-03-03] (LogMeIn, Inc.)
R2 LogMeIn; C:\Program Files (x86)\LogMeIn\x64\LogMeIn.exe [407424 2014-02-07] (LogMeIn, Inc.)
S2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1080120 2015-03-17] (Malwarebytes Corporation)
S2 My Movies General Service; C:\Program Files (x86)\Binnerup Consult\My Movies for Windows\My Movies General Service.exe [1179128 2015-01-30] ()
S3 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [273136 2013-04-18] ()
R2 Net Driver HPZ12; C:\Windows\System32\HPZinw12.dll [50688 2012-07-31] (Hewlett-Packard) [File not signed]
R2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1720608 2014-07-25] (NVIDIA Corporation)
R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [18956064 2014-07-25] (NVIDIA Corporation)
R2 nvsvc; C:\WINDOWS\SysWOW64\nvvsvc.exe [0 2014-01-02] () <==== ATTENTION (zero size file/folder)
R2 Pml Driver HPZ12; C:\Windows\System32\HPZipm12.dll [66048 2012-07-31] (Hewlett-Packard) [File not signed]
S3 rpcapd; C:\Program Files (x86)\WinPcap\rpcapd.exe [118520 2013-02-28] (Riverbed Technology, Inc.)
R2 SamSs; C:\Windows\SysWOW64\lsass.exe [0 2014-01-02] () <==== ATTENTION (zero size file/folder)
R2 Spooler; C:\Windows\SysWOW64\spoolsv.exe [0 2014-01-02] () <==== ATTENTION (zero size file/folder)
R2 Start8; C:\Program Files (x86)\Stardock\Start8\Start8Srv.exe [143288 2014-06-12] (Stardock Software, Inc)
S3 SwitchBoard; C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated) [File not signed]
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [366520 2015-02-03] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23792 2015-02-03] (Microsoft Corporation)
R2 ZeroConfigService; C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe [3388144 2013-04-18] (Intel® Corporation)
S2 MSSQL$MYMOVIES; "C:\Program Files\Microsoft SQL Server\MSSQL10_50.MYMOVIES\MSSQL\Binn\sqlservr.exe" -sMYMOVIES [X]
 
==================== Drivers (Whitelisted) ====================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
R3 AnyDVD; C:\Windows\System32\Drivers\AnyDVD.sys [150440 2014-12-23] (SlySoft, Inc.)
R3 AnyDVD; C:\Windows\SysWOW64\Drivers\AnyDVD.sys [150440 2014-12-23] (SlySoft, Inc.)
R0 cm_km_w; C:\Windows\System32\DRIVERS\cm_km_w.sys [238288 2013-01-14] (Kaspersky Lab UK Ltd)
R3 FLxHCIh; C:\Windows\System32\drivers\FLxHCIh.sys [77040 2012-11-08] (Fresco Logic)
R3 fspad_win764; C:\Windows\system32\DRIVERS\fspad_win764.sys [53760 2011-06-19] (Windows ® Win 7 DDK provider)
S3 FwHookDrv; C:\WINDOWS\system32\drivers\FwHookDrv.sys [14048 2013-12-23] (NETGEAR)
R3 Fwleaf; C:\Windows\system32\DRIVERS\fwleaf.sys [27872 2013-12-23] (NETGEAR)
R0 kl1; C:\Windows\System32\DRIVERS\kl1.sys [468576 2014-03-31] (Kaspersky Lab ZAO)
R2 kldisk; C:\Windows\system32\DRIVERS\kldisk.sys [56008 2015-04-11] (Kaspersky Lab ZAO)
S0 klelam; C:\Windows\System32\DRIVERS\klelam.sys [29616 2012-07-27] (Kaspersky Lab)
R3 klflt; C:\Windows\system32\DRIVERS\klflt.sys [151240 2014-11-28] (Kaspersky Lab ZAO)
R1 klhk; C:\Windows\system32\DRIVERS\klhk.sys [247496 2014-10-22] (Kaspersky Lab ZAO)
R1 KLIF; C:\Windows\System32\DRIVERS\klif.sys [824008 2015-04-11] (Kaspersky Lab ZAO)
R1 KLIM6; C:\Windows\system32\DRIVERS\klim6.sys [30920 2014-10-10] (Kaspersky Lab ZAO)
R3 klkbdflt; C:\Windows\system32\DRIVERS\klkbdflt.sys [31432 2014-10-30] (Kaspersky Lab ZAO)
R3 klmouflt; C:\Windows\system32\DRIVERS\klmouflt.sys [29280 2013-08-08] (Kaspersky Lab ZAO)
R1 klpd; C:\Windows\system32\DRIVERS\klpd.sys [15456 2013-04-12] (Kaspersky Lab ZAO)
R1 klwfp; C:\Windows\system32\DRIVERS\klwfp.sys [69320 2014-11-20] (Kaspersky Lab ZAO)
R1 Klwtp; C:\Windows\system32\DRIVERS\klwtp.sys [77000 2014-11-22] (Kaspersky Lab ZAO)
R1 kneps; C:\Windows\system32\DRIVERS\kneps.sys [181960 2014-11-10] (Kaspersky Lab ZAO)
R3 leafnets; C:\Windows\system32\DRIVERS\leafnets.sys [29696 2013-01-15] (Leaf Networks)
R2 LMIInfo; C:\Program Files (x86)\LogMeIn\x64\RaInfo.sys [16056 2014-02-07] (LogMeIn, Inc.)
S4 LMIRfsClientNP; No ImagePath
R3 MBAMProtector; C:\WINDOWS\system32\drivers\mbam.sys [25816 2015-03-17] (Malwarebytes Corporation)
R3 NETwNe64; C:\Windows\system32\DRIVERS\NETwew00.sys [3345376 2013-09-04] (Intel Corporation)
R2 NPF; C:\Windows\System32\drivers\npf.sys [36600 2013-02-28] (Riverbed Technology, Inc.)
R3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [20256 2014-07-25] (NVIDIA Corporation)
R3 nvvad_WaveExtensible; C:\Windows\system32\drivers\nvvad64v.sys [40392 2014-03-31] (NVIDIA Corporation)
S3 PCAMp50a64; C:\Windows\System32\Drivers\PCAMp50a64.sys [43328 2006-11-28] (Printing Communications Assoc., Inc. (PCAUSA))
S3 PCASp50a64; C:\Windows\System32\Drivers\PCASp50a64.sys [41280 2006-11-28] (Printing Communications Assoc., Inc. (PCAUSA))
R0 PxHlpa64; C:\Windows\System32\drivers\PxHlpa64.sys [56336 2013-09-03] (Corel Corporation)
R3 RimVSerPort; C:\Windows\system32\DRIVERS\RimSerial_AMD64.sys [31744 2010-08-30] (Research in Motion Ltd)
R1 RsFx0153; C:\Windows\System32\DRIVERS\RsFx0153.sys [322736 2014-07-10] (Microsoft Corporation)
R3 SmbDrvI; C:\Windows\system32\DRIVERS\Smb_driver_Intel.sys [34544 2013-08-20] (Synaptics Incorporated)
R1 SMR430; C:\Windows\System32\drivers\SMR430.SYS [108216 2015-04-12] (Symantec Corporation)
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [114496 2015-02-03] (Microsoft Corporation)
U0 BMLoad; system32\drivers\BMLoad.sys [X]
S3 MFE_RR; \??\C:\Users\Chris\AppData\Local\Temp\mfe_rr.sys [X]
S3 PCTINDIS5X64; \??\C:\WINDOWS\SYSTEM32\PCTINDIS5X64.SYS [X]
S3 swmsflt; \SystemRoot\System32\drivers\swmsflt.sys [X]
S1 tcpipBM; \??\C:\WINDOWS\system32\drivers\tcpipBM.sys [X]
R3 WPRO_41_1742; system32\drivers\WPRO_41_1742.sys [X]
 
==================== NetSvcs (Whitelisted) ===================
 
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
 
 
==================== One Month Created Files and Folders ========
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2015-04-12 10:24 - 2015-04-12 10:24 - 00038884 _____ () C:\Users\Chris\Downloads\FRST.txt
2015-04-12 10:23 - 2015-04-12 10:23 - 02095616 _____ (Farbar) C:\Users\Chris\Downloads\FRST64.exe
2015-04-12 10:07 - 2015-04-12 10:08 - 158158304 _____ () C:\Users\Chris\Downloads\mwav.exe
2015-04-12 09:55 - 2015-04-12 09:59 - 00108216 _____ (Symantec Corporation) C:\WINDOWS\system32\Drivers\SMR430.SYS
2015-04-12 09:55 - 2015-04-12 09:59 - 00000020 _____ () C:\WINDOWS\system32\Drivers\SMR430.dat
2015-04-12 09:55 - 2015-04-12 09:55 - 03060320 ____N (Symantec Corporation) C:\Users\Chris\Downloads\NPE (1).exe
2015-04-12 09:51 - 2015-04-12 09:51 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PicPick
2015-04-12 09:50 - 2015-04-12 09:50 - 13052912 _____ () C:\Users\Chris\Downloads\picpick_inst.exe
2015-04-12 09:47 - 2015-04-12 09:47 - 00096784 _____ (CACE Technologies) C:\WINDOWS\SysWOW64\WPRO_41_1742woem.tmp
2015-04-12 09:45 - 2015-04-12 09:45 - 05045272 _____ () C:\WINDOWS\system32\FNTCACHE.DAT
2015-04-12 09:45 - 2015-04-12 09:45 - 00000231 _____ () C:\WINDOWS\setupact.log
2015-04-12 09:45 - 2015-04-12 09:45 - 00000000 _____ () C:\WINDOWS\setuperr.log
2015-04-11 23:15 - 2015-04-11 23:15 - 00002361 _____ () C:\Users\Chris\Desktop\Safe Money.lnk
2015-04-11 23:15 - 2015-04-11 23:15 - 00002159 _____ () C:\Users\Public\Desktop\Kaspersky Internet Security.lnk
2015-04-11 23:15 - 2015-04-11 23:15 - 00002159 _____ () C:\ProgramData\Desktop\Kaspersky Internet Security.lnk
2015-04-11 23:15 - 2015-04-11 23:15 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Kaspersky Internet Security
2015-04-11 23:14 - 2015-04-12 09:51 - 00000000 ____D () C:\ProgramData\Kaspersky Lab
2015-04-11 23:14 - 2015-04-11 23:14 - 00000000 ____D () C:\Program Files (x86)\Kaspersky Lab
2015-04-11 23:14 - 2014-10-22 21:13 - 00247496 _____ (Kaspersky Lab ZAO) C:\WINDOWS\system32\Drivers\klhk.sys
2015-04-11 23:14 - 2013-05-06 08:13 - 00110176 _____ (Kaspersky Lab ZAO) C:\WINDOWS\system32\klfphc.dll
2015-04-11 23:10 - 2015-04-11 23:10 - 00000000 ____D () C:\WINDOWS\%LOCALAPPDATA%
2015-04-11 23:07 - 2015-04-11 23:08 - 04197016 _____ (Kaspersky Lab ZAO) C:\Users\Chris\Downloads\tdsskiller.exe
2015-04-11 23:04 - 2015-04-11 23:05 - 196619584 _____ (Kaspersky Lab) C:\Users\Chris\Downloads\kis15.0.2.361en_7411.exe
2015-04-11 23:01 - 2015-04-11 23:13 - 00136408 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2015-04-11 23:00 - 2015-04-11 23:00 - 21540440 _____ (Malwarebytes Corporation ) C:\Users\Chris\Downloads\mbam-setup-2.1.4.1018.exe
2015-04-11 23:00 - 2015-04-11 23:00 - 00001129 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2015-04-11 23:00 - 2015-04-11 23:00 - 00001129 _____ () C:\ProgramData\Desktop\Malwarebytes Anti-Malware.lnk
2015-04-11 23:00 - 2015-04-11 23:00 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2015-04-11 23:00 - 2015-04-11 23:00 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2015-04-11 23:00 - 2015-03-17 06:15 - 00107736 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbamchameleon.sys
2015-04-11 23:00 - 2015-03-17 06:15 - 00064216 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mwac.sys
2015-04-11 23:00 - 2015-03-17 06:15 - 00025816 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbam.sys
2015-04-11 22:43 - 2015-04-11 22:43 - 01021632 _____ (Symantec Corporation) C:\Users\Chris\Downloads\Norton_Download_Manager (1).exe
2015-04-11 22:36 - 2015-04-11 22:36 - 03060320 ____N (Symantec Corporation) C:\Users\Chris\Downloads\NPE.exe
2015-04-11 22:36 - 2015-04-11 22:36 - 00896048 _____ () C:\Users\Chris\Downloads\Norton_Removal_Tool.exe
2015-04-11 22:33 - 2015-04-11 22:33 - 00184192 _____ () C:\Users\Chris\Downloads\qsinstaller.exe
2015-04-11 22:33 - 2015-04-11 22:33 - 00000000 ____D () C:\Users\Chris\AppData\Roaming\QuickScan
2015-04-11 22:31 - 2015-04-11 22:31 - 02494944 _____ (Trend Micro Inc.) C:\Users\Chris\Downloads\HousecallLauncher64.exe
2015-04-11 22:31 - 2013-09-27 21:56 - 00285208 _____ (Trend Micro Inc.) C:\WINDOWS\system32\Drivers\tmcomm.sys
2015-04-11 22:19 - 2015-04-11 22:50 - 00001303 _____ () C:\Users\Chris\Desktop\Norton Installation Files.lnk
2015-04-11 22:19 - 2015-04-11 22:19 - 01021632 _____ (Symantec Corporation) C:\Users\Chris\Downloads\Norton_Download_Manager.exe
2015-04-11 22:19 - 2015-04-11 22:19 - 00000000 ____D () C:\Users\Chris\Documents\Symantec
2015-04-11 22:15 - 2015-04-11 22:15 - 05346704 _____ (Piriform Ltd) C:\Users\Chris\Downloads\ccsetup504pro.exe
2015-04-11 22:15 - 2015-04-11 22:15 - 05346704 _____ (Piriform Ltd) C:\Users\Chris\Downloads\ccsetup504pro (1).exe
2015-04-11 08:27 - 2015-04-11 08:27 - 00524288 _____ (Simon Tatham) C:\Users\Chris\Downloads\putty.exe
2015-04-07 09:38 - 2015-04-07 09:38 - 00001080 _____ () C:\Users\Chris\Desktop\Notepad++.lnk
2015-04-07 09:38 - 2015-04-07 09:38 - 00000000 ____D () C:\Users\Chris\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Notepad++
2015-04-07 09:38 - 2015-04-07 09:38 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Notepad++
2015-04-07 09:37 - 2015-04-07 09:37 - 08271739 _____ () C:\Users\Chris\Downloads\npp.6.7.5.Installer.exe
2015-04-03 19:02 - 2015-04-03 19:02 - 00000000 ___SD () C:\WINDOWS\SysWOW64\GWX
2015-04-03 19:02 - 2015-04-03 19:02 - 00000000 ___SD () C:\WINDOWS\system32\GWX
2015-04-02 21:40 - 2015-04-02 21:40 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\My Movies
2015-04-02 21:40 - 2015-04-02 21:40 - 00000000 ____D () C:\Program Files (x86)\Binnerup Consult
2015-04-02 21:39 - 2015-04-02 21:40 - 00000000 ____D () C:\ProgramData\My Movies
2015-04-02 21:17 - 2015-04-02 21:17 - 00000000 ____D () C:\Users\Chris\Downloads\My Movies Clean Tool
2015-04-02 21:13 - 2015-04-02 21:13 - 00124344 _____ () C:\Users\Chris\Downloads\My Movies Clean Tool.zip
2015-04-02 19:40 - 2015-04-02 19:40 - 00001056 _____ () C:\Users\Public\Desktop\AnyDVD.lnk
2015-04-02 19:40 - 2015-04-02 19:40 - 00001056 _____ () C:\ProgramData\Desktop\AnyDVD.lnk
2015-04-02 19:36 - 2015-04-02 19:36 - 00000000 ____D () C:\Users\Chris\Downloads\My Movies for Windows 5.12
2015-04-02 19:30 - 2015-04-02 19:35 - 113859430 _____ () C:\Users\Chris\Downloads\My Movies for Windows 5.12.zip
2015-04-01 08:11 - 2015-04-01 08:11 - 00000000 ____D () C:\Users\Chris\Documents\TheDriversLab - Ecobee 2.7.0 Beta
2015-03-31 23:59 - 2015-04-01 00:00 - 00000000 ____D () C:\Users\Chris\AppData\Roaming\StormFront
2015-03-31 23:59 - 2015-03-31 23:59 - 00000175 _____ () C:\Users\Chris\Downloads\Promithius.sal
2015-03-31 23:59 - 2002-12-25 10:44 - 00380928 _____ () C:\WINDOWS\SysWOW64\actskin4.ocx
2015-03-31 23:55 - 2015-03-31 23:59 - 00000000 ____D () C:\Program Files (x86)\SIMU
2015-03-31 23:54 - 2015-03-31 23:54 - 00260112 _____ () C:\Users\Chris\Downloads\lnchInst.exe
2015-03-26 15:39 - 2015-03-14 03:54 - 00133256 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuauclt.exe
2015-03-26 15:39 - 2015-03-13 20:56 - 00066048 _____ (Microsoft Corporation) C:\WINDOWS\system32\wups.dll
2015-03-26 15:39 - 2015-03-13 20:56 - 00052224 _____ (Microsoft Corporation) C:\WINDOWS\system32\wups2.dll
2015-03-26 15:39 - 2015-03-13 20:51 - 00015360 _____ (Microsoft Corporation) C:\WINDOWS\system32\wu.upgrade.ps.dll
2015-03-26 15:39 - 2015-03-13 20:37 - 00267264 _____ (Microsoft Corporation) C:\WINDOWS\system32\WinSetupUI.dll
2015-03-26 15:39 - 2015-03-13 20:14 - 00027136 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wups.dll
2015-03-26 15:39 - 2015-03-13 19:22 - 03678720 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuaueng.dll
2015-03-26 15:39 - 2015-03-13 19:12 - 00140288 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuwebv.dll
2015-03-26 15:39 - 2015-03-13 19:12 - 00035840 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuapp.exe
2015-03-26 15:39 - 2015-03-13 19:09 - 00200192 _____ (Microsoft Corporation) C:\WINDOWS\system32\storewuauth.dll
2015-03-26 15:39 - 2015-03-13 19:08 - 00408064 _____ (Microsoft Corporation) C:\WINDOWS\system32\WUSettingsProvider.dll
2015-03-26 15:39 - 2015-03-13 19:08 - 00095744 _____ (Microsoft Corporation) C:\WINDOWS\system32\wudriver.dll
2015-03-26 15:39 - 2015-03-13 19:06 - 02373632 _____ (Microsoft Corporation) C:\WINDOWS\system32\wucltux.dll
2015-03-26 15:39 - 2015-03-13 19:06 - 00891392 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuapi.dll
2015-03-26 15:39 - 2015-03-13 19:02 - 00124928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wuwebv.dll
2015-03-26 15:39 - 2015-03-13 19:02 - 00029696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wuapp.exe
2015-03-26 15:39 - 2015-03-13 18:59 - 00721920 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wuapi.dll
2015-03-26 15:39 - 2015-03-13 18:59 - 00081920 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wudriver.dll
2015-03-24 23:28 - 2015-03-24 23:28 - 00059297 _____ () C:\Users\Chris\Downloads\cinegration_modes_agent.c4z
2015-03-24 23:15 - 2015-03-24 23:17 - 00000000 ____D () C:\Users\Chris\Downloads\driverworks_advanced_custom_buttons
2015-03-24 23:14 - 2015-03-24 23:14 - 00728467 _____ () C:\Users\Chris\Downloads\driverworks_advanced_custom_buttons.zip
2015-03-24 21:54 - 2015-03-24 21:54 - 00001121 _____ () C:\Users\Public\Desktop\Control4 for PC-Mac.lnk
2015-03-24 21:54 - 2015-03-24 21:54 - 00001121 _____ () C:\ProgramData\Desktop\Control4 for PC-Mac.lnk
2015-03-24 21:49 - 2015-03-24 21:49 - 00000872 _____ () C:\Users\Chris\Downloads\TakeOwnership.zip
2015-03-24 21:18 - 2015-03-24 21:19 - 00000165 _____ () C:\WINDOWS\Reimage.ini
2015-03-24 21:18 - 2015-03-24 21:18 - 00768512 _____ (Reimage®) C:\Users\Chris\Downloads\ReimageRepair.exe
2015-03-24 16:44 - 2015-03-24 16:44 - 17721040 _____ (Adobe Systems Inc.) C:\Users\Chris\Downloads\AdobeAIRInstaller.exe
2015-03-24 13:43 - 2015-03-24 13:44 - 19571115 _____ () C:\Users\Chris\Downloads\Control4 for PC-Mac.air
2015-03-24 13:31 - 2015-03-24 13:31 - 00001226 _____ () C:\Users\Chris\Desktop\Composer 2.7.0.lnk
2015-03-24 13:29 - 2015-03-24 13:30 - 105320184 _____ (Control4 ) C:\Users\Chris\Downloads\ComposerPro-2.7.0.exe
2015-03-24 11:53 - 2015-03-24 11:53 - 00042116 _____ () C:\Users\Chris\Documents\aab08660
2015-03-22 22:33 - 2015-03-22 22:33 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
2015-03-15 16:00 - 2015-03-15 16:00 - 00000000 ____D () C:\Users\Chris\AppData\Local\Audible
2015-03-15 14:57 - 2015-03-22 22:37 - 00000000 ____D () C:\Users\Chris\Documents\Audible
2015-03-15 14:57 - 2015-03-15 15:00 - 00000000 ____D () C:\Program Files (x86)\Audible
2015-03-15 14:57 - 2001-08-17 22:43 - 00024576 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msxml3a.dll
2015-03-13 22:43 - 2015-03-13 22:43 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Advanced IP Scanner
2015-03-13 22:43 - 2015-03-13 22:43 - 00000000 ____D () C:\Program Files (x86)\Advanced IP Scanner v2
2015-03-13 22:42 - 2015-03-13 22:42 - 00000000 ____D () C:\Users\Chris\.swt
 
==================== One Month Modified Files and Folders =======
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2015-04-12 10:24 - 2014-01-03 00:13 - 00000000 ____D () C:\FRST
2015-04-12 10:20 - 2014-10-11 20:19 - 00000000 ____D () C:\Users\Chris\AppData\Local\D0B31B21-9F0A-4ECC-87E0-628C9FCB4C6C.aplzod
2015-04-12 10:20 - 2013-06-19 02:11 - 00000000 ____D () C:\Users\Chris\Documents\Outlook Files
2015-04-12 10:19 - 2014-01-02 23:04 - 00000924 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2015-04-12 10:15 - 2013-08-28 21:16 - 00000000 ____D () C:\Users\Chris\AppData\Local\CrashDumps
2015-04-12 10:13 - 2013-09-24 13:26 - 00000830 _____ () C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
2015-04-12 10:07 - 2014-09-11 23:58 - 01828602 _____ () C:\WINDOWS\WindowsUpdate.log
2015-04-12 10:07 - 2013-06-18 22:58 - 00003598 _____ () C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-4219955133-3732581121-3349534885-1001
2015-04-12 10:02 - 2014-02-22 22:40 - 00000000 ____D () C:\Users\Chris\AppData\Roaming\Intelliremote
2015-04-12 10:02 - 2013-12-09 01:10 - 00000000 ____D () C:\Users\Chris\AppData\Local\Deployment
2015-04-12 10:01 - 2014-01-02 17:06 - 00000000 ____D () C:\Program Files\SUPERAntiSpyware
2015-04-12 09:59 - 2013-09-03 12:46 - 00000000 ____D () C:\Users\Chris\AppData\Local\NPE
2015-04-12 09:49 - 2014-12-08 10:08 - 00000000 ___RD () C:\Users\Chris\iCloudDrive
2015-04-12 09:49 - 2014-01-17 19:54 - 00000000 ___RD () C:\Users\Chris\Dropbox
2015-04-12 09:49 - 2014-01-17 19:52 - 00000000 ____D () C:\Users\Chris\AppData\Roaming\Dropbox
2015-04-12 09:49 - 2013-09-29 23:04 - 00339866 _____ () C:\WINDOWS\system32\PerfStringBackup.INI
2015-04-12 09:49 - 2013-08-28 21:40 - 00000000 ____D () C:\Users\Chris\AppData\Local\ReadyDROP
2015-04-12 09:49 - 2013-08-28 11:15 - 00252416 ___SH () C:\Users\Chris\Desktop\Thumbs.db
2015-04-12 09:49 - 2013-06-24 12:30 - 00000000 ____D () C:\Users\Chris\AppData\Local\ReadyNASRemote
2015-04-12 09:47 - 2014-03-02 01:17 - 00000430 _____ () C:\WINDOWS\Tasks\{915ED9CB-7196-4396-8194-34519CCCA219}.job
2015-04-12 09:47 - 2014-01-02 23:04 - 00000920 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2015-04-12 09:47 - 2013-10-18 08:57 - 00000000 ____D () C:\Users\Chris
2015-04-12 09:46 - 2014-09-25 09:47 - 00001031 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LogMeIn Client.lnk
2015-04-12 09:46 - 2014-09-25 09:47 - 00001015 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LogMeIn Control Panel.lnk
2015-04-12 09:45 - 2013-08-22 10:36 - 00000000 ____D () C:\WINDOWS\AppReadiness
2015-04-12 09:45 - 2013-08-22 09:45 - 00000006 ____H () C:\WINDOWS\Tasks\SA.DAT
2015-04-12 09:45 - 2013-08-22 08:25 - 00262144 ___SH () C:\WINDOWS\system32\config\ELAM
2015-04-12 05:16 - 2013-12-26 14:08 - 00000000 ____D () C:\ProgramData\LogMeIn
2015-04-12 05:13 - 2014-04-24 19:03 - 00000000 ____D () C:\Program Files (x86)\Rr Savings
2015-04-12 02:00 - 2013-06-24 13:13 - 00000000 ____D () C:\Users\Chris\AppData\Local\Adobe
2015-04-11 23:21 - 2013-06-19 01:34 - 00000000 ____D () C:\Program Files\CCleaner
2015-04-11 23:16 - 2014-12-13 18:21 - 00824008 _____ (Kaspersky Lab ZAO) C:\WINDOWS\system32\Drivers\klif.sys
2015-04-11 23:16 - 2014-08-19 12:31 - 00056008 _____ (Kaspersky Lab ZAO) C:\WINDOWS\system32\Drivers\kldisk.sys
2015-04-11 23:14 - 2014-04-22 15:06 - 00000000 ____D () C:\Users\dub_cm_auto
2015-04-11 23:14 - 2014-01-02 15:16 - 00000000 ____D () C:\Users\HomeGroupUser$
2015-04-11 23:14 - 2014-01-02 15:16 - 00000000 ____D () C:\Users\Guest
2015-04-11 23:14 - 2014-01-02 15:16 - 00000000 ____D () C:\Users\Administrator
2015-04-11 23:14 - 2012-07-26 03:12 - 00000000 ___HD () C:\WINDOWS\ELAMBKUP
2015-04-11 23:13 - 2013-08-28 11:15 - 00000000 ____D () C:\ProgramData\Norton
2015-04-11 22:47 - 2013-07-10 22:02 - 00000000 ____D () C:\Users\Chris\AppData\Roaming\HpUpdate
2015-04-11 22:36 - 2014-01-02 15:47 - 01371480 _____ () C:\Users\Chris\AppData\Local\census.cache
2015-04-11 22:36 - 2014-01-02 15:47 - 00083267 _____ () C:\Users\Chris\AppData\Local\ars.cache
2015-04-11 22:25 - 2013-09-26 20:17 - 00000000 ____D () C:\ProgramData\Sonos,_Inc
2015-04-11 22:22 - 2013-08-22 08:25 - 00524288 ___SH () C:\WINDOWS\system32\config\BBI
2015-04-11 22:16 - 2014-09-11 23:38 - 00000845 _____ () C:\Users\Public\Desktop\CCleaner.lnk
2015-04-11 22:16 - 2014-09-11 23:38 - 00000845 _____ () C:\ProgramData\Desktop\CCleaner.lnk
2015-04-11 08:28 - 2013-08-20 17:05 - 00000600 _____ () C:\Users\Chris\AppData\Local\PUTTY.RND
2015-04-10 15:38 - 2013-06-19 01:13 - 00000000 ____D () C:\Users\Chris\AppData\Roaming\Control4
2015-04-08 11:02 - 2013-12-04 00:12 - 00499712 ___SH () C:\Users\Chris\Documents\Thumbs.db
2015-04-07 16:39 - 2013-08-29 14:09 - 00000000 ____D () C:\Users\Chris\AppData\Roaming\Notepad++
2015-04-07 16:38 - 2014-02-02 21:35 - 00000600 _____ () C:\Users\Chris\AppData\Roaming\winscp.rnd
2015-04-07 09:38 - 2013-08-29 14:09 - 00000000 ____D () C:\Program Files (x86)\Notepad++
2015-04-07 09:15 - 2014-02-02 16:07 - 00000000 ____D () C:\Users\Chris\AppData\Roaming\FileZilla
2015-04-04 13:53 - 2014-02-21 11:30 - 00000000 ____D () C:\Program Files\Common Files\Adobe
2015-04-04 11:56 - 2013-06-19 12:00 - 00000000 ____D () C:\Users\Chris\AppData\Local\Box Sync
2015-04-03 19:02 - 2012-07-26 02:59 - 00000000 ____D () C:\WINDOWS\CbsTemp
2015-04-03 16:36 - 2013-07-11 00:56 - 00000000 ____D () C:\Users\Chris\AppData\Local\Control4_Corporation
2015-04-02 22:59 - 2014-12-16 15:56 - 00000000 ____D () C:\Users\Chris\AppData\Roaming\eMachineShop
2015-04-02 21:17 - 2014-04-15 10:29 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft SQL Server 2008 R2
2015-04-02 21:17 - 2013-10-08 08:59 - 00000000 ____D () C:\Program Files (x86)\Microsoft SQL Server
2015-04-02 21:17 - 2013-10-08 08:58 - 00000000 ____D () C:\Program Files\Microsoft SQL Server
2015-04-02 20:53 - 2013-06-26 13:41 - 02795520 ___SH () C:\Users\Chris\Downloads\Thumbs.db
2015-04-02 20:32 - 2013-08-22 10:36 - 00000000 ____D () C:\WINDOWS\rescache
2015-04-02 19:45 - 2014-01-17 19:53 - 00000000 ____D () C:\Users\Chris\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
2015-03-26 13:53 - 2015-02-28 15:20 - 00000000 ____D () C:\Users\Chris\Ubiquiti mFi
2015-03-24 21:54 - 2014-02-17 15:45 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Control4
2015-03-24 21:54 - 2013-06-19 01:13 - 00000000 ____D () C:\Program Files (x86)\Control4
2015-03-24 13:31 - 2013-06-19 00:21 - 00000000 ____D () C:\ProgramData\Package Cache
2015-03-22 23:21 - 2014-02-13 15:05 - 00000000 ____D () C:\temp
2015-03-22 23:08 - 2013-09-03 12:49 - 00000000 ____D () C:\ProgramData\Malwarebytes
2015-03-22 23:00 - 2013-08-22 10:36 - 00000000 ____D () C:\WINDOWS\system32\sru
2015-03-22 22:47 - 2014-04-20 21:15 - 00000000 ____D () C:\NPE
2015-03-22 22:38 - 2014-01-02 23:04 - 00000000 ____D () C:\Program Files (x86)\Google
2015-03-22 22:37 - 2013-06-19 01:13 - 00000000 ____D () C:\Users\Chris\Documents\Control4
2015-03-22 22:33 - 2013-06-19 00:47 - 00000000 ____D () C:\Users\Chris\AppData\Local\Google
2015-03-22 13:30 - 2013-06-18 23:42 - 00000000 ____D () C:\Users\Chris\AppData\Local\Akamai
2015-03-21 00:13 - 2015-02-28 17:06 - 00000000 ____D () C:\Users\Chris\AppData\Local\Greenshot
2015-03-18 23:28 - 2014-05-20 22:46 - 00000000 ____D () C:\Users\Chris\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\mpixpro ROES
2015-03-18 18:13 - 2013-07-10 21:51 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Box Sync
2015-03-18 12:59 - 2014-12-17 02:00 - 00000444 _____ () C:\Users\Chris\advanced_ip_scanner_Favorites.bin
2015-03-18 12:59 - 2014-11-14 00:19 - 00001752 _____ () C:\Users\Chris\advanced_ip_scanner_MAC.bin
2015-03-16 09:34 - 2013-10-18 08:55 - 00000000 ____D () C:\ProgramData\NVIDIA
2015-03-15 15:18 - 2013-09-26 20:17 - 00000000 ____D () C:\Program Files (x86)\Sonos
2015-03-14 10:47 - 2013-08-22 10:36 - 00000000 ___RD () C:\WINDOWS\ToastData
2015-03-14 10:47 - 2013-08-22 10:36 - 00000000 ___RD () C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools
2015-03-14 10:47 - 2013-08-22 10:36 - 00000000 ___RD () C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools
2015-03-14 10:47 - 2013-08-22 10:36 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories
2015-03-14 10:47 - 2013-08-22 10:36 - 00000000 ____D () C:\WINDOWS\WinStore
2015-03-14 10:47 - 2013-08-22 10:36 - 00000000 ____D () C:\WINDOWS\PolicyDefinitions
2015-03-14 10:47 - 2013-08-22 10:36 - 00000000 ____D () C:\Program Files\Windows Defender
2015-03-14 10:47 - 2013-08-22 10:36 - 00000000 ____D () C:\Program Files (x86)\Windows Defender
2015-03-13 22:43 - 2013-09-29 19:22 - 00001019 _____ () C:\Users\Public\Desktop\Advanced IP Scanner.lnk
2015-03-13 22:43 - 2013-09-29 19:22 - 00001019 _____ () C:\ProgramData\Desktop\Advanced IP Scanner.lnk
 
==================== Files in the root of some directories =======
 
2013-08-23 08:08 - 2013-08-23 08:08 - 15678464 _____ (LastPass) C:\Program Files (x86)\Common Files\lpuninstall.exe
2014-03-04 14:01 - 2014-06-20 10:10 - 0000132 _____ () C:\Users\Chris\AppData\Roaming\Adobe PNG Format CS5 Prefs
2014-12-15 02:19 - 2014-12-15 15:53 - 0044035 _____ () C:\Users\Chris\AppData\Roaming\FlickrSync.Config.depaola_chris.XML
2014-01-02 21:49 - 2014-01-02 21:49 - 0000043 _____ () C:\Users\Chris\AppData\Roaming\mbam.context.scan
2014-02-02 21:35 - 2015-04-07 16:38 - 0000600 _____ () C:\Users\Chris\AppData\Roaming\winscp.rnd
2013-09-29 23:59 - 2013-10-17 10:28 - 0000346 ___SH () C:\Users\Chris\AppData\Local\70149b02515b3bb20dd492.47983420
2014-03-05 23:29 - 2014-03-05 23:35 - 0001456 _____ () C:\Users\Chris\AppData\Local\Adobe Save for Web 12.0 Prefs
2014-01-02 15:47 - 2015-04-11 22:36 - 0083267 _____ () C:\Users\Chris\AppData\Local\ars.cache
2014-01-02 15:47 - 2015-04-11 22:36 - 1371480 _____ () C:\Users\Chris\AppData\Local\census.cache
2014-04-17 22:16 - 2014-04-17 22:21 - 0004608 _____ () C:\Users\Chris\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2014-01-02 15:30 - 2014-01-02 15:30 - 0000036 _____ () C:\Users\Chris\AppData\Local\housecall.guid.cache
2013-08-20 17:05 - 2015-04-11 08:28 - 0000600 _____ () C:\Users\Chris\AppData\Local\PUTTY.RND
2013-10-11 09:00 - 2014-11-27 18:17 - 0000125 ___SH () C:\ProgramData\.zreglib
2013-07-30 12:33 - 2013-07-30 12:33 - 0000057 _____ () C:\ProgramData\Ament.ini
2013-07-10 21:35 - 2014-01-29 23:03 - 0009665 _____ () C:\ProgramData\hpzinstall.log
2014-12-14 20:16 - 2015-01-05 15:22 - 0010326 _____ () C:\ProgramData\StreamingMediaTechnologyLog.txt
 
Files to move or delete:
====================
C:\Windows\Tasks\{915ED9CB-7196-4396-8194-34519CCCA219}.job
 
 
Some content of TEMP:
====================
C:\Users\Chris\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmptgystu.dll
C:\Users\Chris\AppData\Local\Temp\GLB1A2B.EXE
C:\Users\Chris\AppData\Local\Temp\SpotifyUninstall.exe
 
 
Some zero byte size files/folders:
==========================
C:\Windows\SysWOW64\conhost.exe
C:\Windows\SysWOW64\dasHost.exe
C:\Windows\SysWOW64\dwm.exe
C:\Windows\SysWOW64\lsass.exe
C:\Windows\SysWOW64\nvvsvc.exe
C:\Windows\SysWOW64\RuntimeBroker.exe
C:\Windows\SysWOW64\SkyDrive.exe
C:\Windows\SysWOW64\spoolsv.exe
C:\Windows\SysWOW64\taskhostex.exe
C:\Windows\SysWOW64\wininit.exe
C:\Windows\SysWOW64\winlogon.exe
 
==================== Bamital & volsnap Check =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
 
 
LastRegBack: 2015-04-11 23:48
 
==================== End Of Log ============================
 
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 11-04-2015
Ran by Chris at 2015-04-12 10:24:58
Running from C:\Users\Chris\Downloads
Boot Mode: Normal
==========================================================
 
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
AV: Kaspersky Internet Security (Enabled - Up to date) {179979E8-273D-D14E-0543-2861940E4886}
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Kaspersky Internet Security (Enabled - Up to date) {ACF8980C-0107-DEC0-3FF3-1313EF89023B}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: Kaspersky Internet Security (Enabled) {2FA2F8CD-6D52-D016-2E1C-81546ADD0FFD}
 
==================== Installed Programs ======================
 
(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
64 Bit HP CIO Components Installer (Version: 13.2.1 - Hewlett-Packard) Hidden
7-Zip 9.20 (x64 edition) (HKLM\...\{23170F69-40C1-2702-0920-000001000000}) (Version: 9.20.00.0 - Igor Pavlov)
Adobe Acrobat X Pro - English, Français, Deutsch (HKLM-x32\...\{AC76BA86-1033-F400-7760-000000000005}) (Version: 10.1.13 - Adobe Systems)
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 17.0.0.124 - Adobe Systems Incorporated)
Adobe Community Help (HKLM-x32\...\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1) (Version: 3.0.0.400 - Adobe Systems Incorporated)
Adobe Creative Suite 5 Master Collection (HKLM-x32\...\{FBB02B04-C034-4382-A3F6-57416E2752C4}) (Version: 5.0 - Adobe Systems Incorporated)
Adobe Download Assistant (HKLM-x32\...\com.adobe.downloadassistant.AdobeDownloadAssistant) (Version: 1.2.9 - Adobe Systems Incorporated)
Adobe Flash Player 16 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 16.0.0.305 - Adobe Systems Incorporated)
Adobe Media Player (HKLM-x32\...\com.adobe.amp.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1) (Version: 1.8 - Adobe Systems Incorporated)
Adobe Photoshop Elements 13 (HKLM-x32\...\{609818B9-23EB-4196-B466-EFE05E92A32F}) (Version: 13.1 - Adobe Systems Incorporated)
Advanced IP Scanner 2.4 (HKLM-x32\...\{221C4218-4414-4275-AF04-748DF4BF48D3}) (Version: 2.4.2526 - Famatech)
Akamai NetSession Interface (HKU\S-1-5-21-4219955133-3732581121-3349534885-1001\...\Akamai) (Version:  - Akamai Technologies, Inc)
AnyDVD (HKLM-x32\...\AnyDVD) (Version: 7.5.9.0 - SlySoft)
Apple Application Support (32-bit) (HKLM-x32\...\{447CDCE5-F555-429B-BFA6-642C3C6D684F}) (Version: 3.1.2 - Apple Inc.)
Apple Application Support (64-bit) (HKLM\...\{0DF7096B-715A-4233-8633-C7A16ED6D616}) (Version: 3.1.2 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{C4123106-B685-48E6-B9BD-E4F911841EB4}) (Version: 8.1.1.3 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
ASUS USB Charger Plus (HKLM-x32\...\{A859E3E5-C62F-4BFA-AF1D-2B95E03166AF}) (Version: 2.0.8 - ASUS)
ATK Package (HKLM-x32\...\{AB5C933E-5C7D-4D30-B314-9C83A49B94BE}) (Version: 1.0.0014 - ASUS)
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
Box Sync (HKLM\...\{1E4F1322-E5A0-40DE-A0D4-781AA1A108AB}) (Version: 4.0.6169.0 - Box, Inc.)
BufferChm (x32 Version: 140.0.298.000 - Hewlett-Packard) Hidden
C309a (x32 Version: 140.0.846.000 - Hewlett-Packard) Hidden
CCleaner (HKLM\...\CCleaner) (Version: 5.04 - Piriform)
CloneDVD2 (HKLM-x32\...\CloneDVD2) (Version: 2.9.3.0 - Elaborate Bytes)
Composer 2.7.0 (HKLM\...\{F6D133D4-6D41-4ba0-92DB-DD5DC27EDBD3}_is1) (Version: 2.7.0.505313-res - Control4 Corporation)
Control4 for PC-Mac (HKLM-x32\...\MyHomePC) (Version: 2.7.0.505218-res - Control4 Corporation)
Control4 for PC-Mac (x32 Version: 2.7.0 - Control4 Corporation) Hidden
CrashPlan (HKLM\...\{89993433-1D66-4138-8E97-C72CD850CD2B}) (Version: 3.6.4 - Code 42 Software)
Destinations (x32 Version: 140.0.253.000 - Hewlett-Packard) Hidden
DeviceDiscovery (x32 Version: 140.0.298.000 - Hewlett-Packard) Hidden
DocProc (x32 Version: 140.0.185.000 - Hewlett-Packard) Hidden
DriverEditor 2.0.1 (HKLM-x32\...\{8544D1ED-CA09-4DE3-9127-4B314CBFA2DC}}_is1) (Version:  - Control4 Corporation)
Dropbox (HKU\S-1-5-21-4219955133-3732581121-3349534885-1001\...\Dropbox) (Version: 3.4.3 - Dropbox, Inc.)
eMachineShop version 1.907 (HKLM-x32\...\eMachineShop_is1) (Version: 1.907 - )
Fax (x32 Version: 140.0.307.000 - Hewlett-Packard) Hidden
FileZilla Client 3.7.3 (HKLM-x32\...\FileZilla Client) (Version: 3.7.3 - Tim Kosse)
Finger Sensing Pad Driver (HKLM\...\{E86906FF-C63D-4EAF-ACE7-5F8D55FBEA9A}) (Version: 9.1.3.5 - Sentelic)
Fresco Logic USB3.0 Host Controller (HKLM\...\{17F94DA8-CB07-4BD8-A6DB-E53A1CC5C433}) (Version: 3.5.73.0 - Fresco Logic Inc.)
GDR 4033 for SQL Server 2008 R2 (KB2977320) (64-bit) (HKLM\...\KB2977320) (Version: 10.52.4033.0 - Microsoft Corporation)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 41.0.2272.101 - Google Inc.)
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.26.9 - Google Inc.) Hidden
GPBaseService2 (x32 Version: 140.0.297.000 - Hewlett-Packard) Hidden
Growl for Windows (HKLM-x32\...\{2C911352-0BCE-420B-935E-93A24FDE9D53}) (Version: 2.0.9001 - Growl)
HandBrake 0.9.9.1 (HKLM-x32\...\HandBrake) (Version: 0.9.9.1 - )
HP Imaging Device Functions 14.0 (HKLM\...\HP Imaging Device Functions) (Version: 14.0 - HP)
HP Officejet Pro 8600 Basic Device Software (HKLM\...\{791A06E2-340F-43B0-8FAB-62D151339362}) (Version: 28.0.1315.0 - Hewlett-Packard Co.)
HP Photosmart C309a All-In-One Driver 14.0 Rel. 5 (HKLM\...\{71C4F928-136A-4222-A191-310E081FB96B}) (Version: 14.0 - HP)
HP Photosmart C309a All-In-One Driver Software 14.0 Rel. 6 (HKLM\...\{F089B734-1356-484F-A7B8-1B78F1616A15}) (Version: 14.0 - HP)
HP Solution Center 14.0 (HKLM\...\HP Solution Center & Imaging Support Tools) (Version: 14.0 - HP)
HP Update (HKLM-x32\...\{912D30CF-F39E-4B31-AD9A-123C6B794EE2}) (Version: 5.005.002.002 - Hewlett-Packard)
HPDiagnosticAlert (x32 Version: 1.00.0000 - Microsoft) Hidden
HPPhotoGadget (x32 Version: 140.0.524.000 - Hewlett-Packard) Hidden
HPProductAssistant (x32 Version: 140.0.298.000 - Hewlett-Packard) Hidden
I.R.I.S. OCR (HKLM-x32\...\{CA6BCA2F-EDEB-408F-850B-31404BE16A61}) (Version: 12.3.4.0 - HP)
iCloud (HKLM\...\{309768A4-A2BB-4930-A5A2-8169678C9B4C}) (Version: 4.0.6.28 - Apple Inc.)
Intel® PROSet/Wireless Software (HKLM-x32\...\{e6d17d96-ddaa-476f-bb07-db601024ffb1}) (Version: 15.8.0 - Intel Corporation)
iTunes (HKLM\...\{D227565A-0033-40AD-89BA-653A205CDC11}) (Version: 12.1.1.4 - Apple Inc.)
Java 7 Update 75 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F06417075FF}) (Version: 7.0.750 - Oracle)
Java 7 Update 75 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F03217075FF}) (Version: 7.0.750 - Oracle)
Kaspersky Internet Security (HKLM-x32\...\InstallWIX_{02FECEE0-16B2-43DB-BC3B-C844477FC142}) (Version: 15.0.2.361 - Kaspersky Lab)
Kaspersky Internet Security (x32 Version: 15.0.2.361 - Kaspersky Lab) Hidden
LastPass (uninstall only) (HKLM-x32\...\LastPass) (Version:  - LastPass)
LogMeIn (HKLM-x32\...\{9905E4C1-14D8-4522-88FE-FD00B51A20DC}) (Version: 4.1.4408 - LogMeIn, Inc.)
Malwarebytes Anti-Malware version 2.1.4.1018 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.1.4.1018 - Malwarebytes Corporation)
Microsoft ASP.NET MVC 4 Runtime (HKLM-x32\...\{3FE312D5-B862-40CE-8E4E-A6D8ABF62736}) (Version: 4.0.40804.0 - Microsoft Corporation)
Microsoft Office Professional 2010 (HKLM-x32\...\Office14.SingleImage) (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft Report Viewer 2012 Runtime (HKLM-x32\...\{C58378BC-0B7B-474E-855C-9D02E5E75D71}) (Version: 11.1.3452.0 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft SQL Server 2008 R2 (64-bit) (HKLM\...\Microsoft SQL Server 2008 R2) (Version:  - Microsoft Corporation)
Microsoft SQL Server 2008 R2 Native Client (HKLM\...\{E8F7904A-4780-4F3F-B153-21BE32857120}) (Version: 10.52.4033.0 - Microsoft Corporation)
Microsoft SQL Server 2008 R2 Setup (English) (HKLM\...\{1D4A3734-9328-440F-960C-42B4CE481EB4}) (Version: 10.52.4033.0 - Microsoft Corporation)
Microsoft SQL Server 2008 Setup Support Files  (HKLM\...\{B40EE88B-400A-4266-A17B-E3DE64E94431}) (Version: 10.1.2731.0 - Microsoft Corporation)
Microsoft SQL Server Browser (HKLM-x32\...\{BF9BF038-FE03-429D-9B26-2FA0FD756052}) (Version: 10.52.4000.0 - Microsoft Corporation)
Microsoft SQL Server Compact 3.5 SP2 ENU (HKLM-x32\...\{3A9FC03D-C685-4831-94CF-4EDFD3749497}) (Version: 3.5.8080.0 - Microsoft Corporation)
Microsoft SQL Server Compact 3.5 SP2 x64 ENU (HKLM\...\{D4AD39AD-091E-4D33-BB2B-59F6FCB8ADC3}) (Version: 3.5.8080.0 - Microsoft Corporation)
Microsoft SQL Server VSS Writer (HKLM\...\{288D79EE-A2D1-42AF-9597-B0ADCC23A8ED}) (Version: 10.52.4000.0 - Microsoft Corporation)
Microsoft System CLR Types for SQL Server 2012 (HKLM-x32\...\{CD5AAE18-1DF8-4D7B-8B99-9071D7D36126}) (Version: 11.1.3000.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.51106 (HKLM-x32\...\{8e70e4e1-06d7-470b-9f74-a51bef21088e}) (Version: 11.0.51106.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.21005 (HKLM-x32\...\{7f51bdb9-ee21-49ee-94d6-90afc321780e}) (Version: 12.0.21005.1 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005 (HKLM-x32\...\{ce085a78-074e-4823-8dc1-8a721b94b76d}) (Version: 12.0.21005.1 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)
My Movies for Windows (HKLM-x32\...\{6CA6A846-9637-4959-A393-883D39227343}) (Version: 5.1.2.100 - Binnerup Consult)
Network64 (Version: 140.0.215.000 - Hewlett-Packard) Hidden
Network64 (Version: 140.0.306.000 - Hewlett-Packard) Hidden
Notepad++ (HKLM-x32\...\Notepad++) (Version: 6.7.5 - Notepad++ Team)
NVIDIA 3D Vision Driver 340.52 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 340.52 - NVIDIA Corporation)
NVIDIA GeForce Experience 2.1.1 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 2.1.1 - NVIDIA Corporation)
NVIDIA Graphics Driver 340.52 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 340.52 - NVIDIA Corporation)
NVIDIA HD Audio Driver 1.3.30.1 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.30.1 - NVIDIA Corporation)
NVIDIA PhysX System Software 9.13.1220 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.13.1220 - NVIDIA Corporation)
OCR Software by I.R.I.S. 14.0 (HKLM\...\HPOCR) (Version: 14.0 - HP)
Pandora (HKLM-x32\...\com.pandora.desktop.E7C14276FFE9EEF0BC7DCE654C467D9A299EFD21.1) (Version: 2.0.8 - PANDORA MEDIA, INC.)
Pandora (x32 Version: 2.0.8 - PANDORA MEDIA, INC.) Hidden
PDF Settings CS5 (x32 Version: 10.0 - Adobe Systems Incorporated) Hidden
PhotoMove 2.0 version 2.0 (HKLM-x32\...\{546443DF-4D82-484A-8E00-2136243B8B9A}_is1) (Version: 2.0 - Mike Baker @ Rediscovering Photography)
Picasa 3 (HKLM-x32\...\Picasa 3) (Version: 3.9 - Google, Inc.)
PicPick (HKLM-x32\...\PicPick) (Version: 4.0.4 - NTeWORKS)
PS_AIO_05_C309_Software_Min (x32 Version: 140.0.690.000 - Hewlett-Packard) Hidden
QuickTime 7 (HKLM-x32\...\{3D2CBC2C-65D4-4463-87AB-BB2C859C1F3E}) (Version: 7.76.80.95 - Apple Inc.)
RAIDar 4.3.8 (HKLM-x32\...\1381-5408-0515-7060) (Version: 4.3.8 - Netgear Inc.)
ReadyNAS Remote (HKLM-x32\...\ReadyApps) (Version: 1.6.5.23 - NETGEAR)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.44.421.2011 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6873 - Realtek Semiconductor Corp.)
Realtek USB 2.0 Reader Driver (HKLM-x32\...\{62BBB2F0-E220-4821-A564-730807D2C34D}) (Version: 6.1.7600.10001 - Realtek Semiconductor Corp.)
RrSavings (x32 Version: 1.0.0.0 - RrSavings) Hidden
Safari (HKLM-x32\...\{C779648B-410E-4BBA-B75B-5815BCEFE71D}) (Version: 5.34.57.2 - Apple Inc.)
Scan (x32 Version: 140.0.80.000 - Hewlett-Packard) Hidden
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{DE28B448-32E8-4E8F-84F0-A52B21A49B5B}) (Version:  - Microsoft)
Service Pack 2 for SQL Server 2008 R2 (KB2630458) (64-bit) (HKLM\...\KB2630458) (Version: 10.52.4000.0 - Microsoft Corporation)
SHIELD Streaming (Version: 3.1.100 - NVIDIA Corporation) Hidden
SmartControlCenter (HKLM-x32\...\{63CE935C-03E3-4EB4-B194-792CB2F91C87}) (Version: 1.1.3.2 - Netgear)
SolutionCenter (x32 Version: 140.0.299.000 - Hewlett-Packard) Hidden
Sonos Controller (HKLM-x32\...\{7BBA9BF8-05DF-47D8-8880-82A9B99505B9}) (Version: 28.1.86200 - Sonos, Inc.)
SQL Server 2008 R2 SP2 Common Files (Version: 10.52.4000.0 - Microsoft Corporation) Hidden
SQL Server 2008 R2 SP2 Database Engine Shared (Version: 10.52.4000.0 - Microsoft Corporation) Hidden
Sql Server Customer Experience Improvement Program (Version: 10.50.1600.1 - Microsoft Corporation) Hidden
Stardock Start8 (HKLM-x32\...\Stardock Start8) (Version: 1.47 - Stardock Software, Inc.)
Status (x32 Version: 140.0.342.000 - Hewlett-Packard) Hidden
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 17.0.8.2 - Synaptics Incorporated)
SystemMonitorForGrowl (HKLM-x32\...\{DA8BB27B-CEF4-4A0D-80F6-FAA1FAD9851D}) (Version: 1.2.1 - System Monitor)
Toolbox (x32 Version: 140.0.428.000 - Hewlett-Packard) Hidden
TrayApp (x32 Version: 140.0.297.000 - Hewlett-Packard) Hidden
Ubiquiti mFi (remove only) (HKLM-x32\...\Ubiquiti mFi) (Version:  - )
Ubiquiti UniFi (remove only) (HKLM-x32\...\Ubiquiti UniFi) (Version:  - )
VLC media player 2.1.3 (HKLM-x32\...\VLC media player) (Version: 2.1.3 - VideoLAN)
WattBox Utility (HKLM-x32\...\{D004104E-FDB9-472C-BEA3-F3B190BF8EF9}) (Version: 4.55 - WattBox)
WebReg (x32 Version: 140.0.297.017 - Hewlett-Packard) Hidden
WinPcap 4.1.3 (HKLM-x32\...\WinPcapInst) (Version: 4.1.0.2980 - Riverbed Technology, Inc.)
WinSCP 5.5.1 (HKLM-x32\...\winscp3_is1) (Version: 5.5.1 - Martin Prikryl)
Yubikey Configuration Utility (HKLM-x32\...\{6049C1D1-D130-445E-B3A2-B038CD687CA7}) (Version: 2.2.8 - Yubico)
YubiKey Personalization Tool (HKLM-x32\...\yubikey-personalization-gui) (Version: 3.1.14 - Yubico AB)
 
==================== Custom CLSID (selected items): ==========================
 
(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)
 
CustomCLSID: HKU\S-1-5-21-4219955133-3732581121-3349534885-1001_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Users\Chris\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-4219955133-3732581121-3349534885-1001_Classes\CLSID\{ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C}\InprocServer32 -> C:\Users\Chris\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-4219955133-3732581121-3349534885-1001_Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Chris\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-4219955133-3732581121-3349534885-1001_Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Chris\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-4219955133-3732581121-3349534885-1001_Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Chris\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-4219955133-3732581121-3349534885-1001_Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Chris\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-4219955133-3732581121-3349534885-1001_Classes\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Chris\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-4219955133-3732581121-3349534885-1001_Classes\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Chris\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-4219955133-3732581121-3349534885-1001_Classes\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Chris\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-4219955133-3732581121-3349534885-1001_Classes\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Chris\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
 
==================== Restore Points  =========================
 
11-04-2015 22:40:45 Norton_Power_Eraser_20150411224044955
 
==================== Hosts content: ==========================
 
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 
2012-07-26 00:26 - 2014-03-06 00:24 - 00002420 ____N C:\WINDOWS\system32\Drivers\etc\hosts
127.0.0.1 192.150.14.69
127.0.0.1 192.150.18.101
127.0.0.1 192.150.18.108
127.0.0.1 192.150.22.40
127.0.0.1 192.150.8.100
127.0.0.1 192.150.8.118
127.0.0.1 209-34-83-73.ood.opsource.net
127.0.0.1 3dns-1.adobe.com
127.0.0.1 3dns-2.adobe.com
127.0.0.1 3dns-3.adobe.com
127.0.0.1 3dns-4.adobe.com
127.0.0.1 3dns.adobe.com
127.0.0.1 activate-sea.adobe.com
127.0.0.1 activate-sjc0.adobe.com
127.0.0.1 activate.adobe.com
127.0.0.1 activate.wip.adobe.com
127.0.0.1 activate.wip1.adobe.com
127.0.0.1 activate.wip2.adobe.com
127.0.0.1 activate.wip3.adobe.com
127.0.0.1 activate.wip4.adobe.com
127.0.0.1 adobe-dns-1.adobe.com
127.0.0.1 adobe-dns-2.adobe.com
127.0.0.1 adobe-dns-3.adobe.com
127.0.0.1 adobe-dns-4.adobe.com
127.0.0.1 adobe-dns.adobe.com
127.0.0.1 adobe.activate.com
127.0.0.1 adobeereg.com
127.0.0.1 crl.verisign.net
127.0.0.1 CRL.VERISIGN.NET.*
 
There are 22 more lines.
 
 
==================== Scheduled Tasks (whitelisted) =============
 
(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)
 
Task: {0082D89D-33C5-422B-AB6C-C8E044A49398} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\WINDOWS\system32\MRT.exe [2015-03-11] (Microsoft Corporation)
Task: {05C1CB2A-0A55-4E8D-9C80-D94D5607FCF4} - System32\Tasks\Microsoft\Windows\Setup\gwx\launchtrayprocess => C:\Windows\system32\GWX\GWX.exe [2015-03-23] (Microsoft Corporation)
Task: {1EDE2C7F-0A80-45C9-A6E4-4ABCDEED9C8C} - System32\Tasks\ASUS USB Charger Plus => C:\Program Files (x86)\ASUS\USBChargerPlus\USBChargerPlus.exe [2012-01-30] (ASUSTek Computer Inc.)
Task: {4D35B1D3-1353-4C37-868F-A29A67CA911F} - System32\Tasks\{AE36F8EC-8FBC-44B7-86BD-378AD8E12FF9} => Chrome.exe http://www.skype.com/go/downloading?source=lightinstaller&amp;ver=6.11.0.102&amp;LastError=12002
Task: {4E75BBBA-DBEC-4A81-8AF0-852F3566B609} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {55E669E6-23C4-4C33-92C4-7BE8A44EC249} - System32\Tasks\Microsoft\Windows\Setup\gwx\runappraiser => C:\Windows\system32\GWX\GWXConfigManager.exe [2015-03-23] (Microsoft Corporation)
Task: {7F3A1B37-B186-4ED8-8565-5EEEC1FA0104} - System32\Tasks\OfficeSoftwareProtectionPlatform\SvcRestartTask => Sc.exe start osppsvc
Task: {80B99EE0-A706-495A-B842-153F917C7BDD} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-01-02] (Google Inc.)
Task: {8AD46D1E-38FB-488E-81D0-8F540943AA83} - System32\Tasks\Apple Diagnostics => C:\Program Files (x86)\Common Files\Apple\Internet Services\EReporter.exe [2014-12-01] (Apple Inc.)
Task: {8B88B922-DD2F-410E-8EF2-3BA8D64D3097} - System32\Tasks\ASUS P4G => C:\Program Files\ASUS\P4G\BatteryLife.exe
Task: {959814C1-27B7-43D2-AB76-EDCAA7A99C54} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-01-02] (Google Inc.)
Task: {ABB6A0F3-548E-401B-9D91-1662C00E34E3} - System32\Tasks\Adobe Flash Player Updater => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-02-05] (Adobe Systems Incorporated)
Task: {BA2AF06D-E432-4C14-BE60-60FD7C4405D6} - System32\Tasks\Microsoft\Windows\Setup\gwx\refreshgwxcontent => C:\Windows\system32\GWX\GWXConfigManager.exe [2015-03-23] (Microsoft Corporation)
Task: {D4BB05A1-7055-46CF-9EA8-9E325D754476} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2015-03-13] (Piriform Ltd)
Task: {DF09A2D3-D17A-49F7-8978-19B592B7565B} - System32\Tasks\{DB1A8ECE-0047-4574-BBCD-049FDF0367AC} => pcalua.exe -a C:\Users\Chris\Downloads\Ext2IFS_1_11a.exe -d C:\Users\Chris\Downloads
Task: {E1376FF9-9AC9-45E5-B516-DBE24902921F} - System32\Tasks\ATKOSD2 => C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe [2011-07-21] (ASUS)
Task: {E356A146-BEA6-416B-BAE7-69A74A479910} - System32\Tasks\Synaptics TouchPad Enhancements => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2013-08-20] (Synaptics Incorporated)
Task: {ED350124-2207-40AE-9E10-4C8C88824E59} - System32\Tasks\Microsoft\Windows\Setup\gwx\refreshgwxconfig => C:\Windows\system32\GWX\GWXConfigManager.exe [2015-03-23] (Microsoft Corporation)
Task: {ED3709FD-2BAF-4C8D-8AEA-299C298CE911} - System32\Tasks\AdobeAAMUpdater-1.0-MicrosoftAccount-chrisdepaola@gmail.com => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [2014-10-14] (Adobe Systems Incorporated)
Task: {FC60388D-683E-420C-9DB2-8C00356909B8} - System32\Tasks\MsgUpdateCheck (ed5bac9b-5ca0-4f99-aa46-a881a08ff6f3) => C:\SmartDraw CI\MarkedUp\tray\TrayNotifierNET35.exe
Task: {FE609D72-0843-40D9-8BB0-2139E661999A} - System32\Tasks\{915ED9CB-7196-4396-8194-34519CCCA219} => C:\Program Files (x86)\NETGEAR ReadyNAS\Remote\bin\ReadyNASRemote.exe [2013-12-23] (NETGEAR)
Task: C:\WINDOWS\Tasks\Adobe Flash Player Updater.job => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\{915ED9CB-7196-4396-8194-34519CCCA219}.job => C:\Program Files (x86)\NETGEAR ReadyNAS\Remote\bin\ReadyNASRemote.exe
 
==================== Loaded Modules (whitelisted) ==============
 
2013-10-18 08:55 - 2014-07-02 13:55 - 00116568 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll
2015-01-20 23:35 - 2015-01-20 23:35 - 00085832 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
2015-01-20 23:35 - 2015-01-20 23:35 - 01346344 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
2014-10-13 14:58 - 2014-10-13 14:58 - 00014848 _____ () C:\Program Files\CrashPlan\md564.dll
2015-01-15 09:18 - 2015-01-15 09:18 - 00230400 _____ () C:\Program Files\CrashPlan\cpnative64.dll
2010-01-02 09:42 - 2010-01-02 09:42 - 00098304 _____ () C:\Program Files (x86)\FileZilla FTP Client\fzshellext_64.dll
2011-06-19 16:03 - 2011-06-19 16:03 - 00044032 _____ () C:\Program Files\FSP\KbdHook.dll
2011-06-19 16:03 - 2011-06-19 16:03 - 00072704 _____ () C:\Program Files\FSP\FspLib.dll
2012-04-10 23:30 - 2012-04-10 23:30 - 00471552 _____ () C:\Program Files\Box\Box Sync\_hashlib.pyd
2012-10-27 07:28 - 2012-10-27 07:28 - 00128512 _____ () C:\Program Files\Box\Box Sync\win32api.pyd
2012-10-27 07:27 - 2012-10-27 07:27 - 00137728 _____ () C:\Program Files\Box\Box Sync\pywintypes27.dll
2012-10-27 07:29 - 2012-10-27 07:29 - 00503808 _____ () C:\Program Files\Box\Box Sync\pythoncom27.dll
2012-04-10 23:25 - 2012-04-10 23:25 - 00111616 _____ () C:\Program Files\Box\Box Sync\_ctypes.pyd
2013-10-09 17:05 - 2013-10-09 17:05 - 00003584 _____ () C:\Program Files\Box\Box Sync\clr.pyd
2013-10-09 17:05 - 2013-10-09 17:05 - 00103424 _____ () C:\Program Files\Box\Box Sync\Python.Runtime.dll
2012-04-10 23:24 - 2012-04-10 23:24 - 00046080 _____ () C:\Program Files\Box\Box Sync\_socket.pyd
2012-04-10 23:30 - 2012-04-10 23:30 - 01167360 _____ () C:\Program Files\Box\Box Sync\_ssl.pyd
2012-04-10 23:24 - 2012-04-10 23:24 - 00010752 _____ () C:\Program Files\Box\Box Sync\select.pyd
2012-04-10 23:24 - 2012-04-10 23:24 - 00166912 _____ () C:\Program Files\Box\Box Sync\_elementtree.pyd
2012-04-10 23:24 - 2012-04-10 23:24 - 00164352 _____ () C:\Program Files\Box\Box Sync\pyexpat.pyd
2012-04-10 23:24 - 2012-04-10 23:24 - 00689664 _____ () C:\Program Files\Box\Box Sync\unicodedata.pyd
2012-10-27 07:31 - 2012-10-27 07:31 - 00438784 _____ () C:\Program Files\Box\Box Sync\win32com.shell.shell.pyd
2012-10-27 07:27 - 2012-10-27 07:27 - 00023040 _____ () C:\Program Files\Box\Box Sync\win32event.pyd
2012-04-10 23:24 - 2012-04-10 23:24 - 00058368 _____ () C:\Program Files\Box\Box Sync\_sqlite3.pyd
2014-12-16 09:44 - 2014-12-16 09:44 - 00044544 _____ () C:\Program Files\Box\Box Sync\_psutil_windows.pyd
2012-10-27 07:27 - 2012-10-27 07:27 - 00149504 _____ () C:\Program Files\Box\Box Sync\win32file.pyd
2014-12-16 09:44 - 2014-12-16 09:44 - 00027136 _____ () C:\Program Files\Box\Box Sync\ujson.pyd
2012-10-27 07:28 - 2012-10-27 07:28 - 00136192 _____ () C:\Program Files\Box\Box Sync\win32security.pyd
2012-10-27 07:27 - 2012-10-27 07:27 - 00044032 _____ () C:\Program Files\Box\Box Sync\win32process.pyd
2012-10-27 07:27 - 2012-10-27 07:27 - 00030720 _____ () C:\Program Files\Box\Box Sync\win32cred.pyd
2014-12-16 09:44 - 2014-12-16 09:44 - 00030208 _____ () C:\Program Files\Box\Box Sync\Crypto.Cipher._AES.pyd
2014-12-16 09:44 - 2014-12-16 09:44 - 00008192 _____ () C:\Program Files\Box\Box Sync\Crypto.Util.strxor.pyd
2014-12-16 09:44 - 2014-12-16 09:44 - 00010752 _____ () C:\Program Files\Box\Box Sync\Crypto.Random.OSRNG.winrandom.pyd
2014-12-16 09:44 - 2014-12-16 09:44 - 00011264 _____ () C:\Program Files\Box\Box Sync\Crypto.Util._counter.pyd
2012-04-10 23:24 - 2012-04-10 23:24 - 00031744 _____ () C:\Program Files\Box\Box Sync\_multiprocessing.pyd
2012-10-27 07:28 - 2012-10-27 07:28 - 00053760 _____ () C:\Program Files\Box\Box Sync\win32service.pyd
2014-12-16 09:44 - 2014-12-16 09:44 - 00026112 _____ () C:\Program Files\Box\Box Sync\_yappi.pyd
2012-10-27 07:27 - 2012-10-27 07:27 - 00021504 _____ () C:\Program Files\Box\Box Sync\win32clipboard.pyd
2012-10-27 07:28 - 2012-10-27 07:28 - 00223232 _____ () C:\Program Files\Box\Box Sync\win32gui.pyd
2015-01-06 08:18 - 2015-01-06 08:18 - 00039192 _____ () C:\Program Files\CCleaner\branding.dll
2015-04-12 09:49 - 2015-04-12 09:49 - 00864336 _____ () C:\Program Files (x86)\Google\Update\Install\{92140466-274A-4366-A030-3897B9733A0E}\41.0.2272.118_41.0.2272.101_chrome_updater.exe
2013-09-05 00:14 - 2013-09-05 00:14 - 04300456 _____ () C:\Program Files (x86)\Common Files\Microsoft Shared\office14\Cultures\office.odf
2013-03-27 18:16 - 2013-03-27 18:16 - 00106496 _____ () C:\Program Files (x86)\NETGEAR ReadyNAS\Remote\bin\Libnet.dll
2013-03-27 18:16 - 2013-03-27 18:16 - 00053299 _____ () C:\Program Files (x86)\NETGEAR ReadyNAS\Remote\bin\pthreadVC.dll
2015-01-20 23:35 - 2015-01-20 23:35 - 01044776 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
2013-08-07 14:25 - 2013-08-07 14:25 - 00093696 _____ () C:\Program Files (x86)\FileZilla FTP Client\fzshellext.dll
2015-03-22 22:33 - 2015-03-14 05:12 - 01174856 _____ () C:\Program Files (x86)\Google\Chrome\Application\41.0.2272.101\libglesv2.dll
2015-03-22 22:33 - 2015-03-14 05:12 - 00080200 _____ () C:\Program Files (x86)\Google\Chrome\Application\41.0.2272.101\libegl.dll
2015-03-22 22:33 - 2015-03-14 05:12 - 09278792 _____ () C:\Program Files (x86)\Google\Chrome\Application\41.0.2272.101\pdf.dll
2015-04-12 09:49 - 2015-04-12 09:49 - 00043008 _____ () c:\users\chris\appdata\local\temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmptgystu.dll
2015-03-04 16:45 - 2015-03-04 16:45 - 00750080 _____ () C:\Users\Chris\AppData\Roaming\Dropbox\bin\libGLESv2.dll
2015-03-04 16:45 - 2015-03-04 16:45 - 00047616 _____ () C:\Users\Chris\AppData\Roaming\Dropbox\bin\libEGL.dll
2015-03-04 16:45 - 2015-03-04 16:45 - 00865280 _____ () C:\Users\Chris\AppData\Roaming\Dropbox\bin\plugins\platforms\qwindows.dll
2015-03-04 16:45 - 2015-03-04 16:45 - 00200704 _____ () C:\Users\Chris\AppData\Roaming\Dropbox\bin\plugins\imageformats\qjpeg.dll
2013-02-14 15:46 - 2013-02-14 15:46 - 01044048 _____ () C:\Program Files (x86)\Microsoft Office\Office14\ADDINS\UmOutlookAddin.dll
2015-03-22 22:33 - 2015-03-14 05:12 - 14974280 _____ () C:\Program Files (x86)\Google\Chrome\Application\41.0.2272.101\PepperFlash\pepflashplayer.dll
 
==================== Alternate Data Streams (whitelisted) =========
 
(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)
 
AlternateDataStreams: C:\ProgramData\TEMP:5B811727
AlternateDataStreams: C:\ProgramData\TEMP:C7A9BA7F
 
==================== Safe Mode (whitelisted) ===================
 
(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
 
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PEVSystemStart => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\procexp90.Sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\PEVSystemStart => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\procexp90.Sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\SMR410 => ""="Service"
 
==================== EXE Association (whitelisted) ===============
 
(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)
 
 
==================== Other Areas ============================
 
(Currently there is no automatic fix for this section.)
 
HKU\S-1-5-21-4219955133-3732581121-3349534885-1001\Control Panel\Desktop\\Wallpaper -> (None)
DNS Servers: 192.178.16.14 - 192.178.16.22
 
==================== MSCONFIG/TASK MANAGER disabled items ==
 
(Currently there is no automatic fix for this section.)
 
HKU\S-1-5-21-4219955133-3732581121-3349534885-1001\...\StartupApproved\StartupFolder: => "EventGhost.lnk"
HKU\S-1-5-21-4219955133-3732581121-3349534885-1001\...\StartupApproved\Run: => "AnyDVD"
HKU\S-1-5-21-4219955133-3732581121-3349534885-1001\...\StartupApproved\Run: => "Skype"
HKU\S-1-5-21-4219955133-3732581121-3349534885-1001\...\StartupApproved\Run: => "SUPERAntiSpyware"
HKU\S-1-5-21-4219955133-3732581121-3349534885-1001\...\StartupApproved\Run: => "Spotify"
HKU\S-1-5-21-4219955133-3732581121-3349534885-1001\...\StartupApproved\Run: => "Spotify Web Helper"
 
==================== Accounts: =============================
 
Administrator (S-1-5-21-4219955133-3732581121-3349534885-500 - Administrator - Enabled)
Chris (S-1-5-21-4219955133-3732581121-3349534885-1001 - Administrator - Enabled) => C:\Users\Chris
Guest (S-1-5-21-4219955133-3732581121-3349534885-501 - Limited - Enabled)
Sonos (S-1-5-21-4219955133-3732581121-3349534885-1019 - Limited - Enabled)
 
==================== Faulty Device Manager Devices =============
 
Name: HP LaserJet 400 M401n
Description: HP LaserJet 400 M401n
Class Guid: {4d36e971-e325-11ce-bfc1-08002be10318}
Manufacturer: Hewlett-Packard
Service: 
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.
 
 
==================== Event log errors: =========================
 
Could not start eventlog service, could not read events.
 
The Windows Event Log service is starting.
The Windows Event Log service could not be started.
 
A system error has occurred.
 
System error 5 has occurred.
 
Access is denied.
 
 
==================== Memory info =========================== 
 
Processor: Intel® Core™ i7-2630QM CPU @ 2.00GHz
Percentage of memory in use: 24%
Total physical RAM: 16361.16 MB
Available physical RAM: 12433.32 MB
Total Pagefile: 18793.16 MB
Available Pagefile: 14403.28 MB
Total Virtual: 131072 MB
Available Virtual: 131071.84 MB
 
==================== Drives ================================
 
Drive c: (Windows SSD) (Fixed) (Total:119.24 GB) (Free:39.01 GB) NTFS ==>[Drive with boot components (obtained from BCD)]
Drive d: (Data Drive) (Fixed) (Total:465.76 GB) (Free:460.51 GB) NTFS
Drive e: (ImageCD) (CDROM) (Total:0.2 GB) (Free:0 GB) CDFS
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 119.2 GB) (Disk ID: 6FACF24F)
Partition 1: (Active) - (Size=119.2 GB) - (Type=07 NTFS)
 
========================================================
Disk: 1 (Size: 465.8 GB) (Disk ID: BBC58B91)
Partition 1: (Active) - (Size=465.8 GB) - (Type=07 NTFS)
 
==================== End Of Log ============================
 
Attached File  FRST.txt   61.42KB   0 downloads
Attached File  Addition.txt   34.59KB   0 downloads
 

 



BC AdBot (Login to Remove)

 


#2 nasdaq

nasdaq

  • Malware Response Team
  • 40,238 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:01:32 AM

Posted 14 April 2015 - 09:35 AM

Hello, Welcome to BleepingComputer.
I'm nasdaq and will be helping you.

If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps in the order listed.
===

Open notepad (Start =>All Programs => Accessories => Notepad). Please copy the entire contents of the code box below.
 
start

CreateRestorePoint
CloseProcesses:

HKLM-x32\...\Run: [] => [X]
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
SearchScopes: HKLM-x32 -> DefaultScope value is missing.
SearchScopes: HKU\S-1-5-21-4219955133-3732581121-3349534885-1001 -> {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = http://www.google.com/search?q={sear
BHO-x32: No Name -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} ->  No File
BHO-x32: No Name -> {DBC80044-A445-435b-BC74-9C25C1C588A9} ->  No File
Toolbar: HKU\S-1-5-21-4219955133-3732581121-3349534885-1001 -> No Name - {47833539-D0C5-4125-9FA8-0819E2EAAC93} -  No File
FF Plugin-x32: @foxitsoftware.com/Foxit PhantomPDF Plugin,version=1.0,application/vnd.fdf -> C:\Program Files (x86)\Foxit Software\Foxit PhantomPDF\plugins\npFoxitPhantomPDFPlugin.dll No File
FF Plugin-x32: @java.com/DTPlugin,version=11.31.2 -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\dtplugin\npDeployJava1.dll No File
FF Plugin-x32: @java.com/JavaPlugin,version=11.31.2 -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\plugin2\npjp2.dll No File
FF Extension: No Name - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} [Not Found]
CHR StartupUrls: Default -> "hxxp://google.com/", "hxxp://www.search.ask.com/?tpid=ORJ-SPE&o=APN11411&pf=V7&trgb=CR&p2=%5EBBJ%5EOSJ000%5EYY%5EUS&gct=hp&apn_ptnrs=BBJ&apn_dtid=%5EOSJ000%5EYY%5EUS&apn_dbr=cr_36.0.1985.125&apn_uid=C914EE89-494B-4E11-9382-1B1B52587AEF&itbv=12.15.1.20&doi=2014-07-22&psv=&pt=tb"
CHR Extension: (IBA Opt-out (by Google)) - C:\Users\Chris\AppData\Local\Google\Chrome\User Data\Default\Extensions\gbiekjoijknlhijdjbaadobpkdhmoebb [2015-03-22]
CHR HKLM\...\Chrome\Extension: [dbhjdbfgekjfcfkkfjjmlmojhbllhbho] - https://chrome.google.com/webstore/detail/dbhjdbfgekjfcfkkfjjmlmojhbllhbho [Not Found]
CHR HKLM\...\Chrome\Extension: [iikflkcanblccfahdhdonehdalibjnif] - https://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [dbhjdbfgekjfcfkkfjjmlmojhbllhbho] - https://chrome.google.com/webstore/detail/dbhjdbfgekjfcfkkfjjmlmojhbllhbho [Not Found]
CHR HKLM-x32\...\Chrome\Extension: [iikflkcanblccfahdhdonehdalibjnif] - https://clients2.google.com/service/update2/crx
R2 nvsvc; C:\WINDOWS\SysWOW64\nvvsvc.exe [0 2014-01-02] () <==== ATTENTION (zero size file/folder)
R2 SamSs; C:\Windows\SysWOW64\lsass.exe [0 2014-01-02] () <==== ATTENTION (zero size file/folder)
R2 Spooler; C:\Windows\SysWOW64\spoolsv.exe [0 2014-01-02] () <==== ATTENTION (zero size file/folder)
S4 LMIRfsClientNP; No ImagePath
U0 BMLoad; system32\drivers\BMLoad.sys [X]
S3 MFE_RR; \??\C:\Users\Chris\AppData\Local\Temp\mfe_rr.sys [X]
S3 PCTINDIS5X64; \??\C:\WINDOWS\SYSTEM32\PCTINDIS5X64.SYS [X]
S3 swmsflt; \SystemRoot\System32\drivers\swmsflt.sys [X]
S1 tcpipBM; \??\C:\WINDOWS\system32\drivers\tcpipBM.sys [X]
R3 WPRO_41_1742; system32\drivers\WPRO_41_1742.sys [X]
C:\Users\Chris\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmptgystu.dll
C:\Users\Chris\AppData\Local\Temp\GLB1A2B.EXE
C:\Users\Chris\AppData\Local\Temp\SpotifyUninstall.exe
AlternateDataStreams: C:\ProgramData\TEMP:5B811727
AlternateDataStreams: C:\ProgramData\TEMP:C7A9BA7F
C:\Users\Chris\AppData\Local\Google\Chrome\User Data\Default\Extensions\gbiekjoijknlhijdjbaadobpkdhmoebb

End
Save the files as fixlist.txt in the same folder where the Farbar tool is running from.
The location is listed in the 3rd line of the Farbar log you have submitted.

Run FRST and click Fix only once and wait.

Restart the computer normally to reset the registry.

The tool will create a log (Fixlog.txt) please post it to your reply.
===

How is the computer running now?

#3 nasdaq

nasdaq

  • Malware Response Team
  • 40,238 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:01:32 AM

Posted 19 April 2015 - 07:35 AM

Due to the lack of feedback, this topic is now closed.

In the event you still have problems, please send me or any Moderator a Private Message and ask them to reopen this topic within the next 5 days.

Please include a link to your topic in the Private Message. Thank you.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users