Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Infected with Searching malware/hijacker


  • This topic is locked This topic is locked
12 replies to this topic

#1 Ddraiglais

Ddraiglais

  • Members
  • 44 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:02:22 PM

Posted 19 May 2015 - 06:40 PM

I had a virus that downloaded all kinds of malware. Every time I tried to remove one in Control Panel, it would download more. It also hijacked my homepage to www (dot) searching (dot) com. I am also getting all kinds of fake advertisements every time I go to a webpage not is safe mode. I ran MWB, Eset, ZHP, 9-Labs, and MWB-root kit. I am no longer downloading new malware. However, I am still getting the advertisements, and I can't keep my homepage where I want it. It still goes to searching.

 

 

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 19-05-2015
Ran by Ginny (administrator) on GINNY-PC on 19-05-2015 19:17:49
Running from C:\Users\Ginny\Desktop
Loaded Profiles: Ginny (Available profiles: Ginny)
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: English (United States)
Internet Explorer Version 11 (Default browser: IE)
Boot Mode: Safe Mode (with Networking)
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe

==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [] => [X]
HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [7982112 2009-07-29] (Realtek Semiconductor)
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [1815848 2009-07-20] (Synaptics Incorporated)
HKLM\...\Run: [TPwrMain] => C:\Program Files\TOSHIBA\Power Saver\TPwrMain.EXE [497504 2009-08-05] (TOSHIBA Corporation)
HKLM\...\Run: [SmoothView] => C:\Program Files\Toshiba\SmoothView\SmoothView.exe [508216 2009-07-28] (TOSHIBA Corporation)
HKLM\...\Run: [00TCrdMain] => C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe [909624 2009-08-05] (TOSHIBA Corporation)
HKLM\...\Run: [TosWaitSrv] => C:\Program Files\TOSHIBA\TPHM\TosWaitSrv.exe [711000 2009-08-04] (TOSHIBA Corporation)
HKLM\...\Run: [Teco] => C:\Program Files\TOSHIBA\TECO\Teco.exe [1482080 2009-08-11] (TOSHIBA Corporation)
HKLM\...\Run: [SmartFaceVWatcher] => C:\Program Files\Toshiba\SmartFaceV\SmartFaceVWatcher.exe [238080 2009-07-29] (TOSHIBA Corporation)
HKLM\...\Run: [TosSENotify] => C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosWaitSrv.exe [709976 2009-08-03] (TOSHIBA Corporation)
HKLM\...\Run: [TosNC] => C:\Program Files\Toshiba\BulletinBoard\TosNcCore.exe [595816 2009-10-28] (TOSHIBA Corporation)
HKLM\...\Run: [TosReelTimeMonitor] => C:\Program Files\TOSHIBA\ReelTime\TosReelTimeMonitor.exe [34648 2009-10-29] (TOSHIBA Corporation)
HKLM\...\Run: [shopperz64] => C:\Program Files\shopperz\wrex64.exe [460648 2015-05-14] ()
HKLM-x32\...\Run: [TWebCamera] => C:\Program Files (x86)\TOSHIBA\TOSHIBA Web Camera Application\TWebCamera.exe [2446648 2009-08-11] (TOSHIBA CORPORATION.)
HKLM-x32\...\Run: [Desktop Disc Tool] => C:\Program Files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe [498160 2009-07-13] ()
HKLM-x32\...\Run: [TkBellExe] => C:\Program Files (x86)\Real\RealPlayer\Update\realsched.exe [296520 2015-03-07] (RealNetworks, Inc.)
HKLM-x32\...\Run: [RealDownloader] => C:\Program Files (x86)\RealNetworks\RealDownloader\downloader2.exe [560192 2014-10-29] ()
HKLM-x32\...\Run: [Adobe Reader Speed Launcher] => C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe [35696 2009-02-27] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [ospd_us_1068] => [X]
Winlogon\Notify\igfxcui: C:\windows\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-494707120-3277395189-1778691621-1000\...\Run: [swg] => C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [39408 2009-11-12] (Google Inc.)
HKU\S-1-5-21-494707120-3277395189-1778691621-1000\...\Run: [Messenger (Yahoo!)] => C:\Program Files (x86)\Yahoo!\Messenger\YahooMessenger.exe [6595928 2012-05-25] (Yahoo! Inc.)
HKU\S-1-5-21-494707120-3277395189-1778691621-1000\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [7416088 2015-02-19] (Piriform Ltd)
HKU\S-1-5-18\...\RunOnce: [SPReview] => C:\windows\System32\SPReview\SPReview.exe [301568 2015-03-03] (Microsoft Corporation)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\RealPlayer Cloud Service UI.lnk [2015-03-07]
ShortcutTarget: RealPlayer Cloud Service UI.lnk -> C:\Program Files (x86)\Real\RealPlayer\RPDS\Bin64\rpsystray.exe (RealNetworks, Inc.)
Startup: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Best Buy pc app.lnk [2015-03-01]
ShortcutTarget: Best Buy pc app.lnk -> C:\ProgramData\Best Buy pc app\ClickOnceSetup.exe (Microsoft)
Startup: C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Best Buy pc app.lnk [2015-03-01]
ShortcutTarget: Best Buy pc app.lnk -> C:\ProgramData\Best Buy pc app\ClickOnceSetup.exe (Microsoft)
Startup: C:\Users\Ginny\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\hqghumeaylnlf.lnk [2015-05-16]
ShortcutTarget: hqghumeaylnlf.lnk -> C:\ProgramData\{b692dcdd-4424-2c32-b692-2dcdd4427375}\hqghumeaylnlf.exe (No File)
Startup: C:\Users\Ginny\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Wipe Tray Agent.lnk [2015-05-17]
ShortcutTarget: Wipe Tray Agent.lnk -> C:\Program Files\Wipe\Wipe.exe (No File)
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\S-1-5-21-494707120-3277395189-1778691621-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Local Page =
HKU\S-1-5-21-494707120-3277395189-1778691621-1000\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.yahoo.com/
URLSearchHook: HKU\S-1-5-21-494707120-3277395189-1778691621-1000 - (No Name) - {D8278076-BC68-4484-9233-6E7F1628B56C} - No File
SearchScopes: HKLM -> DefaultScope {C8BB6DE4-E445-4311-AA0B-6BAD3CE44222} URL = http://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7TSNA
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM -> {0b4d26f6-61a8-4463-99dd-5f2fe0400fa6} URL =
SearchScopes: HKLM -> {C8BB6DE4-E445-4311-AA0B-6BAD3CE44222} URL = http://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7TSNA
SearchScopes: HKU\S-1-5-21-494707120-3277395189-1778691621-1000 -> DefaultScope {C8BB6DE4-E445-4311-AA0B-6BAD3CE44222} URL =
SearchScopes: HKU\S-1-5-21-494707120-3277395189-1778691621-1000 -> {C8BB6DE4-E445-4311-AA0B-6BAD3CE44222} URL =
BHO: RealNetworks Download and Record Plugin for Internet Explorer -> {3049C3E9-B461-4BC5-8870-4C09146192CA} -> C:\Program Files (x86)\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin64.dll [2014-10-27] (RealDownloader)
BHO: shopperz -> {5081D2D4-1637-404c-B74F-50526718257D} -> C:\Program Files\shopperz\mseff64.dll [2015-05-14] ()
BHO: Partner BHO Class -> {83FF80F4-8C74-4b80-B5BA-C8DDD434E5C4} -> C:\ProgramData\Partner\Partner64.dll No File
BHO: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2015-03-04] (Google Inc.)
BHO: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll [2014-07-14] (Microsoft Corporation)
BHO: Google Toolbar Notifier BHO -> {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} -> C:\Program Files\Google\GoogleToolbarNotifier\5.10.11023.1534\swg64.dll [2015-03-04] (Google Inc.)
BHO: Consumer Input DCA BHO -> {B49699FC-1665-4414-A1CB-C4A2A4A13EEC} -> C:\Program Files (x86)\Consumer Input\InternetExplorer\x64\dca-bho.dll [2015-02-25] (Compete, Inc.)
BHO-x32: &Yahoo! Toolbar Helper -> {02478D38-C3F9-4efb-9B51-7695ECA05670} -> C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn0\yt.dll [2013-08-07] (Yahoo! Inc.)
BHO-x32: Adobe PDF Link Helper -> {18DF081C-E8AD-4283-A596-FA578C2EBDC3} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2009-02-27] (Adobe Systems Incorporated)
BHO-x32: RealNetworks Download and Record Plugin for Internet Explorer -> {3049C3E9-B461-4BC5-8870-4C09146192CA} -> C:\Program Files (x86)\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin.dll [2014-10-27] (RealDownloader)
BHO-x32: shopperz -> {5081D2D4-1637-404c-B74F-50526718257D} -> C:\Program Files\shopperz\mseff32.dll [2015-05-14] ()
BHO-x32: No Name -> {5C255C8A-E604-49b4-9D64-90988571CECB} ->  No File
BHO-x32: Partner BHO Class -> {83FF80F4-8C74-4b80-B5BA-C8DDD434E5C4} -> C:\ProgramData\Partner\Partner.dll No File
BHO-x32: Windows Live Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-01-22] (Microsoft Corporation)
BHO-x32: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll [2015-03-04] (Google Inc.)
BHO-x32: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2014-07-14] (Microsoft Corporation)
BHO-x32: Google Toolbar Notifier BHO -> {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} -> C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.10.11023.1534\swg.dll [2015-03-04] (Google Inc.)
BHO-x32: Consumer Input DCA BHO -> {B49699FC-1665-4414-A1CB-C4A2A4A13EEC} -> C:\Program Files (x86)\Consumer Input\InternetExplorer\dca-bho.dll [2015-02-25] (Compete, Inc.)
BHO-x32: PathMaxx 1.0.0.7 -> {cf6bd74e-5c54-4129-8b10-c931bc156fe8} -> C:\Program Files (x86)\PathMaxx\PathMaxxbho.dll [2015-05-04] (PathMaxx)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll [2009-11-12] (Sun Microsystems, Inc.)
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2015-03-04] (Google Inc.)
Toolbar: HKLM-x32 - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll [2015-03-04] (Google Inc.)
Toolbar: HKLM-x32 - Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn0\yt.dll [2013-08-07] (Yahoo! Inc.)
Toolbar: HKU\S-1-5-21-494707120-3277395189-1778691621-1000 -> Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2015-03-04] (Google Inc.)
Toolbar: HKU\S-1-5-21-494707120-3277395189-1778691621-1000 -> No Name - {5245414C-312D-5350-00A7-7A786E7484D7} -  No File
Handler-x32: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll [2009-07-26] (Microsoft Corporation)
Handler-x32: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll [2009-07-26] (Microsoft Corporation)
Handler: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll [2014-07-14] (Microsoft Corporation)
Handler-x32: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2014-07-14] (Microsoft Corporation)
Hosts: Hosts file not detected in the default directory
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1 209.18.47.61 209.18.47.62

FireFox:
========
FF ProfilePath: C:\Users\Ginny\AppData\Roaming\Mozilla\Firefox\Profiles\ay8mqpk8.default-1425701412547
FF Plugin: @bestbuy.com/npBestBuyPcAppDetector,version=1.0 -> C:\ProgramData\Best Buy pc app\npBestBuyPcAppDetector.dll [2011-08-29] (Best Buy)
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @bestbuy.com/npBestBuyPcAppDetector,version=1.0 -> C:\ProgramData\Best Buy pc app\npBestBuyPcAppDetector.dll [2011-08-29] (Best Buy)
FF Plugin-x32: @messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6 -> C:\Program Files (x86)\Yahoo!\Shared\npYState.dll [2012-05-25] (Yahoo! Inc.)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\3.0.40624.0\npctrl.dll [2009-06-24] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=14.0.8081.0709 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2009-07-10] (Microsoft Corporation)
FF Plugin-x32: @real.com/nppl3260;version=17.0.15.10 -> C:\Program Files (x86)\Real\RealPlayer\Netscape6\nppl3260.dll [2015-03-07] (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprndlhtml5videoshim;version=17.0.15 -> C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlhtml5videoshim.dll [2014-10-27] (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprpplugin;version=17.0.15.10 -> C:\Program Files (x86)\Real\RealPlayer\Netscape6\nprpplugin.dll [2015-03-07] (RealPlayer Cloud)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-02-28] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-02-28] (Google Inc.)
FF user.js: detected! => C:\Users\Ginny\AppData\Roaming\Mozilla\Firefox\Profiles\ay8mqpk8.default-1425701412547\user.js [2015-05-17]
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\GoSearch.xml [2015-04-29]
FF Extension: Ge-Force - C:\Users\Ginny\AppData\Roaming\Mozilla\Firefox\Profiles\ay8mqpk8.default-1425701412547\Extensions\TTSD90021300@PYDKGV101145942.com [2015-05-17]
FF Extension: PathMaxx 1.0.1 - C:\Users\Ginny\AppData\Roaming\Mozilla\Firefox\Profiles\ay8mqpk8.default-1425701412547\Extensions\{b5648ada-2fb6-4c3d-9086-16c88ae7a921}.xpi [2015-05-17]
FF Extension: Firefox Helper Tool - C:\Program Files (x86)\Mozilla Firefox\distribution\bundles\8526c86a0cae50f276bc2203927fee03 [2015-04-25]
FF Extension: Firefox Helper - C:\Program Files (x86)\Mozilla Firefox\distribution\bundles\882acb6c0dae4ff077bc2103917fed03 [2015-03-06]
FF HKLM\...\Firefox\Extensions: [{5081D2D4-1637-404c-B74F-50526718257D}] - C:\Program Files\shopperz\Firefox
FF Extension: shopperz - C:\Program Files\shopperz\Firefox [2015-05-17]
FF HKLM-x32\...\Firefox\Extensions: [{338950EA-82DB-44C1-930D-0C28E023C9F0}] - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext
FF Extension: RealDownloader - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext [2015-03-07]
FF HKLM-x32\...\Firefox\Extensions: [{ABDE892B-13A8-4d1b-88E6-365A6E755758}] - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext
FF HKLM-x32\...\Firefox\Extensions: [{5081D2D4-1637-404c-B74F-50526718257D}] - C:\Program Files\shopperz\Firefox
FF HKU\S-1-5-21-494707120-3277395189-1778691621-1000\...\Firefox\Extensions: [ConsumerInput@Compete] - C:\Program Files (x86)\Consumer Input\Firefox\ciff-3.2.0-12099.xpi
FF Extension: Consumer Input - C:\Program Files (x86)\Consumer Input\Firefox\ciff-3.2.0-12099.xpi [2015-01-21]

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

S2 70F4EEDB-1367-4b4f-8247-3133551A7415; C:\Program Files\shopperz\grunt.exe [281960 2015-05-14] ()
S2 c2cautoupdatesvc; C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [1390176 2014-07-14] (Microsoft Corporation)
S2 c2cpnrsvc; C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [1767520 2014-07-14] (Microsoft Corporation)
S2 consumerinput_update; C:\Program Files (x86)\Consumer Input\Update\ConsumerInputUpdate.exe [105944 2015-05-18] (ConsumerInput)
S3 consumerinput_updatem; C:\Program Files (x86)\Consumer Input\Update\ConsumerInputUpdate.exe [105944 2015-05-18] (ConsumerInput)
S2 PrivoxyService; C:\Program Files (x86)\Megasoft Security\privoxy.exe [371200 2015-05-05] (The Privoxy team - www.privoxy.org) [File not signed] <==== ATTENTION
S2 RealNetworks Downloader Resolver Service; C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe [39568 2014-10-27] ()
S2 RealPlayer Cloud Service; C:\Program Files (x86)\Real\RealPlayer\RPDS\Bin\rpdsvc.exe [1141848 2015-03-07] (RealNetworks, Inc.)
S2 RealPlayerUpdateSvc; C:\Program Files (x86)\Real\UpdateService\RealPlayerUpdateSvc.exe [31856 2014-10-30] ()
S2 shopperz Updater; C:\Program Files\shopperz\nseven.exe [170344 2015-05-14] ()
S2 Update PathMaxx; C:\Program Files (x86)\PathMaxx\updatePathMaxx.exe [658664 2015-05-19] ()
S2 Util PathMaxx; C:\Program Files (x86)\PathMaxx\bin\utilPathMaxx.exe [658664 2015-05-19] ()
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)
S2 cdc5517a; "C:\windows\system32\rundll32.exe" "c:\Program Files (x86)\Optimizer Pro 3.91\OptProMon.dll",ENT <==== ATTENTION
S2 hukylyqu; C:\Users\Ginny\AppData\Roaming\A0249120-1431834439-DE11-BBA9-00266C3C43F3\nsm6043.tmpfs [X]
S3 Partner Service; "C:\ProgramData\Partner\Partner.exe" [X]

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

S3 SPBIUpdd; C:\Program Files\Common Files\ShopperPro\spbiw.sys [41624 2015-05-16] ()
S3 SWDUMon; C:\Windows\System32\DRIVERS\SWDUMon.sys [16056 2015-05-16] (SlimWare Utilities, Inc.)
S3 trufos; C:\Windows\System32\drivers\trufos.sys [350160 2015-05-17] (BitDefender S.R.L.)
R1 {b5648ada-2fb6-4c3d-9086-16c88ae7a921}w64; C:\Windows\System32\drivers\{b5648ada-2fb6-4c3d-9086-16c88ae7a921}w64.sys [48776 2015-05-18] (StdLib)
S3 EsgScanner; system32\DRIVERS\EsgScanner.sys [X]
S2 SPDRIVER_1.42.1.1841; \??\C:\Program Files (x86)\ShopperPro\JSDriver\1.42.1.1841\jsdrv.sys [X]
S2 webTinstMKTN84; \??\C:\windows\system32\Drivers\webTinstMKTN84.sys [X]
S1 {b5648ada-2fb6-4c3d-9086-16c88ae7a921}Gw64; system32\drivers\{b5648ada-2fb6-4c3d-9086-16c88ae7a921}Gw64.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)

==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-05-19 19:17 - 2015-05-19 19:17 - 00019184 _____ () C:\Users\Ginny\Desktop\FRST.txt
2015-05-19 19:15 - 2015-05-19 19:15 - 02107904 _____ (Farbar) C:\Users\Ginny\Desktop\FRST64.exe
2015-05-19 19:14 - 2015-05-19 19:17 - 00000000 ____D () C:\FRST
2015-05-19 18:43 - 2015-05-19 18:43 - 00079152 _____ () C:\Users\Ginny\AppData\Local\GDIPFONTCACHEV1.DAT
2015-05-19 08:22 - 2015-05-19 19:08 - 00006173 _____ () C:\windows\WindowsUpdate.log
2015-05-19 08:21 - 2015-05-19 18:42 - 00000112 _____ () C:\windows\setupact.log
2015-05-19 08:21 - 2015-05-19 08:21 - 00338960 _____ () C:\windows\system32\FNTCACHE.DAT
2015-05-19 08:21 - 2015-05-19 08:21 - 00000000 _____ () C:\windows\setuperr.log
2015-05-19 07:02 - 2015-05-18 13:36 - 00048776 _____ (StdLib) C:\windows\system32\Drivers\{b5648ada-2fb6-4c3d-9086-16c88ae7a921}w64.sys
2015-05-18 20:45 - 2015-05-19 08:07 - 00000000 ____D () C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2015-05-18 20:43 - 2015-05-19 07:00 - 00000000 ____D () C:\Users\Ginny\Desktop\mbar
2015-05-18 17:37 - 2015-05-18 17:37 - 00000945 _____ () C:\Users\Public\Desktop\Removal Tool.lnk
2015-05-18 17:37 - 2015-05-18 17:37 - 00000000 ____D () C:\Users\Ginny\AppData\Roaming\9-lab
2015-05-18 17:37 - 2015-05-18 17:37 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\9-lab Removal Tool
2015-05-18 17:37 - 2015-05-18 17:37 - 00000000 ____D () C:\ProgramData\9-lab
2015-05-18 17:37 - 2015-05-18 17:37 - 00000000 ____D () C:\Program Files\9-lab
2015-05-18 17:09 - 2015-05-18 17:09 - 00000000 ____D () C:\Users\Ginny\AppData\Roaming\Compete
2015-05-18 14:53 - 2015-05-18 14:53 - 00000000 ____D () C:\Program Files (x86)\Setup Support for Consumer Input
2015-05-18 14:52 - 2015-05-19 19:08 - 00000360 _____ () C:\windows\Tasks\CIMT_S-1-5-21-494707120-3277395189-1778691621-1000.job
2015-05-18 14:52 - 2015-05-18 14:52 - 00003396 _____ () C:\windows\System32\Tasks\CIMT_daily_S-1-5-21-494707120-3277395189-1778691621-1000
2015-05-18 14:52 - 2015-05-18 14:52 - 00003274 _____ () C:\windows\System32\Tasks\CIMT_S-1-5-21-494707120-3277395189-1778691621-1000
2015-05-18 14:52 - 2015-05-18 14:52 - 00000394 _____ () C:\windows\Tasks\CIMT_daily_S-1-5-21-494707120-3277395189-1778691621-1000.job
2015-05-18 14:50 - 2015-05-19 18:55 - 00000968 _____ () C:\windows\Tasks\ConsumerInputUpdateTaskMachineUA.job
2015-05-18 14:50 - 2015-05-19 18:42 - 00000964 _____ () C:\windows\Tasks\ConsumerInputUpdateTaskMachineCore.job
2015-05-18 14:50 - 2015-05-18 14:50 - 00003964 _____ () C:\windows\System32\Tasks\ConsumerInputUpdateTaskMachineUA
2015-05-18 14:50 - 2015-05-18 14:50 - 00003712 _____ () C:\windows\System32\Tasks\ConsumerInputUpdateTaskMachineCore
2015-05-18 14:50 - 2015-05-18 14:50 - 00000000 ____D () C:\Users\Ginny\AppData\Local\Consumer Input
2015-05-18 14:49 - 2015-05-18 14:52 - 00000000 ____D () C:\Program Files (x86)\Consumer Input
2015-05-17 20:12 - 2015-05-18 17:03 - 00000000 ____D () C:\Users\Ginny\AppData\Local\gmsd_us_589
2015-05-17 20:12 - 2015-05-18 17:03 - 00000000 ____D () C:\Program Files (x86)\gmsd_us_589
2015-05-17 20:11 - 2015-05-17 20:13 - 00000000 ____D () C:\Program Files (x86)\PathMaxx
2015-05-17 18:40 - 2015-05-19 07:00 - 00000000 ____D () C:\Program Files\shopperz
2015-05-17 18:40 - 2015-05-17 18:40 - 00003620 _____ () C:\windows\System32\Tasks\gtaUpt
2015-05-17 18:01 - 2015-05-19 18:42 - 00000330 _____ () C:\windows\Tasks\LMVHRTEJX1.job
2015-05-17 18:01 - 2015-05-18 16:28 - 00000000 ____D () C:\ProgramData\04741f5cd84a49bcb1c2ee8c75c31c52
2015-05-17 18:01 - 2015-05-17 18:01 - 00003558 _____ () C:\windows\System32\Tasks\NCCQRI
2015-05-17 18:01 - 2015-05-17 18:01 - 00002852 _____ () C:\windows\System32\Tasks\LMVHRTEJX1
2015-05-17 18:01 - 2015-05-17 18:01 - 00000000 ____D () C:\ProgramData\FlashBeat
2015-05-17 18:01 - 2015-05-17 18:01 - 00000000 ____D () C:\ProgramData\28341ff220e0446c9fff27c4493d622e
2015-05-17 16:45 - 2015-05-17 16:45 - 00000000 ____D () C:\Program Files (x86)\ESET
2015-05-17 16:44 - 2015-05-17 16:44 - 02347384 _____ (ESET) C:\Users\Ginny\Desktop\esetsmartinstaller_enu.exe
2015-05-17 16:31 - 2015-05-17 16:39 - 00000000 ____D () C:\Users\Ginny\AppData\Roaming\ZHP
2015-05-17 16:31 - 2015-05-17 16:31 - 00000803 _____ () C:\Users\Ginny\Desktop\ZHPCleaner.lnk
2015-05-17 16:22 - 2015-05-18 16:26 - 00000000 ____D () C:\Program Files\Adware-Removal-Tool
2015-05-17 16:22 - 2015-05-17 16:22 - 00290304 _____ (Microsoft Corporation) C:\windows\SysWOW64\subinacl.exe
2015-05-17 13:50 - 2015-05-17 13:50 - 00000000 ____D () C:\Users\Ginny\AppData\Local\Zemana
2015-05-17 03:38 - 2015-05-17 03:39 - 16108197 _____ () C:\windows\REGBK00.ZIP
2015-05-17 03:37 - 2015-05-17 03:37 - 00000000 ____D () C:\windows\VDLL.DLL
2015-05-17 03:37 - 2015-05-17 03:37 - 00000000 ____D () C:\windows\SysWOW64\runouce.exe
2015-05-17 03:37 - 2015-05-17 03:37 - 00000000 ____D () C:\windows\rundll16.exe
2015-05-17 03:37 - 2015-05-17 03:37 - 00000000 ____D () C:\windows\RUNDL132.EXE
2015-05-17 03:37 - 2015-05-17 03:37 - 00000000 ____D () C:\windows\logo1_.exe
2015-05-17 03:37 - 2015-05-17 03:37 - 00000000 ____D () C:\windows\logo_1.exe
2015-05-17 03:32 - 2015-05-17 03:37 - 00000056 _____ () C:\windows\Lic.xxx
2015-05-17 03:31 - 2015-05-17 03:31 - 00655872 _____ (Microsoft Corporation) C:\windows\SysWOW64\msvcr90.dll
2015-05-17 03:31 - 2015-05-17 03:31 - 00632064 _____ (Microsoft Corporation) C:\windows\SysWOW64\msvcr80.dll
2015-05-17 03:31 - 2015-05-17 03:31 - 00572928 _____ (Microsoft Corporation) C:\windows\SysWOW64\msvcp90.dll
2015-05-17 03:31 - 2015-05-17 03:31 - 00554240 _____ (Microsoft Corporation) C:\windows\SysWOW64\msvcp80.dll
2015-05-17 03:31 - 2015-05-17 03:31 - 00350160 _____ (BitDefender S.R.L.) C:\windows\system32\Drivers\trufos.sys
2015-05-17 03:31 - 2015-05-17 03:31 - 00156392 _____ (MicroWorld Technologies Inc.) C:\windows\SysWOW64\eEmpty.exe
2015-05-17 03:30 - 2015-05-17 03:30 - 00001026 _____ () C:\Users\Ginny\Desktop\MWAVSCAN.lnk
2015-05-17 03:30 - 2015-05-17 03:30 - 00000000 ____D () C:\ProgramData\MicroWorld
2015-05-17 03:19 - 2015-05-17 17:39 - 00000000 ____D () C:\Program Files (x86)\System Ninja
2015-05-17 02:59 - 2015-05-18 16:27 - 00000000 ____D () C:\Program Files\Common Files\ShopperPro
2015-05-17 02:59 - 2015-05-17 02:59 - 00004506 _____ () C:\windows\System32\Tasks\ShopperPro
2015-05-17 02:59 - 2015-05-17 02:59 - 00003494 _____ () C:\windows\System32\Tasks\SPDriver
2015-05-17 02:58 - 2015-05-17 02:58 - 00005794 _____ () C:\windows\System32\Tasks\ae7e27e2-d0d7-4feb-8fb0-24133894cfee-5
2015-05-17 02:57 - 2015-05-17 02:57 - 00006822 _____ () C:\windows\System32\Tasks\ae7e27e2-d0d7-4feb-8fb0-24133894cfee-1-7
2015-05-17 02:57 - 2015-05-17 02:57 - 00006476 _____ () C:\windows\System32\Tasks\ae7e27e2-d0d7-4feb-8fb0-24133894cfee-1-6
2015-05-17 02:57 - 2015-05-17 02:57 - 00003568 _____ () C:\windows\System32\Tasks\ShopperProJSUpd
2015-05-17 02:56 - 2015-05-17 02:56 - 00007498 _____ () C:\windows\System32\Tasks\ae7e27e2-d0d7-4feb-8fb0-24133894cfee-4
2015-05-17 02:56 - 2015-05-17 02:56 - 00003254 _____ () C:\windows\System32\Tasks\Optimizer Pro Schedule
2015-05-17 02:52 - 2015-05-18 16:59 - 00000000 ____D () C:\Users\Ginny\AppData\Roaming\A0249120-1431845576-DE11-BBA9-00266C3C43F3
2015-05-17 02:51 - 2015-05-17 02:51 - 00003722 _____ () C:\windows\System32\Tasks\SMupdate1
2015-05-17 02:50 - 2015-05-17 02:55 - 00003720 _____ () C:\windows\System32\Tasks\Inst_Rep
2015-05-17 02:50 - 2015-05-17 02:50 - 00004240 _____ () C:\windows\System32\Tasks\SMW_UpdateTask_Time_323339383739353133312d3437415a556c2a3223346c41
2015-05-17 02:50 - 2015-05-17 02:50 - 00003904 _____ () C:\windows\System32\Tasks\YTDownloaderUpd
2015-05-17 02:50 - 2015-05-17 02:50 - 00003840 _____ () C:\windows\System32\Tasks\Smp
2015-05-17 02:50 - 2015-05-17 02:50 - 00003592 _____ () C:\windows\System32\Tasks\SMWUpd
2015-05-17 02:50 - 2015-05-17 02:50 - 00003582 _____ () C:\windows\System32\Tasks\YTDownloader
2015-05-17 02:50 - 2015-05-17 02:50 - 00003074 _____ () C:\windows\System32\Tasks\SpeeditUp Update
2015-05-17 02:50 - 2015-05-17 02:50 - 00002336 _____ () C:\windows\patsearch.bin
2015-05-17 02:50 - 2015-05-17 02:50 - 00000000 ____D () C:\ProgramData\SearchModule
2015-05-17 02:50 - 2015-05-17 02:50 - 00000000 ____D () C:\Program Files\Common Files\Goobzo
2015-05-17 01:34 - 2015-05-17 01:34 - 00000000 ____N () C:\autoexec.bat
2015-05-17 01:33 - 2015-05-17 01:33 - 00003326 _____ () C:\windows\System32\Tasks\SpyHunter4Startup
2015-05-17 01:19 - 2015-05-17 03:43 - 00000000 ____D () C:\ProgramData\{b692dcdd-4424-2c32-b692-2dcdd4427375}
2015-05-17 01:18 - 2015-05-17 01:18 - 00001023 _____ () C:\windows\SysWOW64\${LOGFILE}
2015-05-17 01:04 - 2015-05-17 01:04 - 00000000 ____D () C:\263d21bb391d7b9137729bff0787ef
2015-05-17 00:55 - 2015-05-17 03:26 - 00000000 ____D () C:\Users\Ginny\AppData\Roaming\A0249120-1431838549-DE11-BBA9-00266C3C43F3
2015-05-17 00:42 - 2015-05-17 01:21 - 00000000 ____D () C:\Users\Ginny\AppData\Roaming\WTools
2015-05-17 00:40 - 2015-05-17 01:23 - 00003446 _____ () C:\windows\System32\Tasks\NetEngine
2015-05-17 00:40 - 2015-05-17 00:40 - 00000000 ____D () C:\ProgramData\NetEngine
2015-05-17 00:38 - 2015-05-17 01:12 - 00000000 ____D () C:\ProgramData\{af4db5f9-3d61-5aaf-af4d-db5f93d6d7e4}
2015-05-17 00:37 - 2015-05-17 01:22 - 00000000 ____D () C:\Program Files\Common Files\PastaLeads
2015-05-17 00:25 - 2015-05-17 00:37 - 00000000 ___HD () C:\ProgramData\exh
2015-05-17 00:00 - 2015-05-16 12:41 - 00048776 _____ (StdLib) C:\windows\system32\Drivers\{11944e07-3e46-4956-b8c7-7e52c7a44c1d}Gw64.sys.mwt
2015-05-16 23:56 - 2015-05-19 18:42 - 00000986 _____ () C:\windows\Tasks\HdSbqI7.job
2015-05-16 23:56 - 2015-05-16 23:56 - 00004012 _____ () C:\windows\System32\Tasks\HdSbqI7
2015-05-16 23:55 - 2015-05-16 23:55 - 00004086 _____ () C:\windows\System32\Tasks\Crossbrowse
2015-05-16 23:55 - 2015-05-16 23:55 - 00000000 ____D () C:\Users\Ginny\AppData\Local\Crossbrowse
2015-05-16 23:54 - 2015-05-16 23:54 - 00000000 ____D () C:\Program Files (x86)\Crossbrowse
2015-05-16 23:52 - 2015-05-16 23:52 - 00004034 _____ () C:\windows\System32\Tasks\SmartWeb Upgrade Trigger Task
2015-05-16 23:51 - 2015-05-17 02:56 - 00000004 _____ () C:\windows\SysWOW64\029B560A371F4E00AB32838EBC01B9E7
2015-05-16 23:47 - 2015-05-18 16:59 - 00000000 ____D () C:\Users\Ginny\AppData\Roaming\A0249120-1431834439-DE11-BBA9-00266C3C43F3
2015-05-16 23:47 - 2015-05-16 23:47 - 00631296 _____ () C:\windows\exh.dat
2015-05-16 23:47 - 2015-05-16 23:47 - 00408576 _____ () C:\windows\mexh.exe.mwt
2015-05-16 23:47 - 2009-06-10 17:00 - 00000824 _____ () C:\windows\system32\Drivers\etc\hp.bak
2015-05-16 23:40 - 2015-05-19 18:42 - 00001014 _____ () C:\windows\Tasks\yH9F810Vs7KCokgfyEYHj.job
2015-05-16 23:40 - 2015-05-19 18:42 - 00000330 _____ () C:\windows\Tasks\QHWXXQN1.job
2015-05-16 23:40 - 2015-05-18 16:34 - 00000000 ____D () C:\Users\Ginny\AppData\Local\ospd_us_1068
2015-05-16 23:40 - 2015-05-18 16:29 - 00000000 ____D () C:\Users\Ginny\AppData\Local\B304F891-C1A0-A742-8BFE-6D159B2B06C2
2015-05-16 23:40 - 2015-05-16 23:40 - 00004622 _____ () C:\windows\System32\Tasks\Runner for IC
2015-05-16 23:40 - 2015-05-16 23:40 - 00004040 _____ () C:\windows\System32\Tasks\yH9F810Vs7KCokgfyEYHj
2015-05-16 23:40 - 2015-05-16 23:40 - 00003980 _____ () C:\windows\System32\Tasks\LaunchPreSignup
2015-05-16 23:40 - 2015-05-16 23:40 - 00003558 _____ () C:\windows\System32\Tasks\RMYGRR
2015-05-16 23:40 - 2015-05-16 23:40 - 00002852 _____ () C:\windows\System32\Tasks\QHWXXQN1
2015-05-16 23:39 - 2015-05-17 03:43 - 00000000 ____D () C:\ProgramData\{bf493fba-ac93-3cfc-bf49-93fbaac9feea}
2015-05-16 23:39 - 2015-05-17 02:56 - 00003900 _____ () C:\windows\System32\Tasks\globalUpdateUpdateTaskMachineUA
2015-05-16 23:39 - 2015-05-17 02:56 - 00003646 _____ () C:\windows\System32\Tasks\globalUpdateUpdateTaskMachineCore
2015-05-16 23:39 - 2015-05-16 23:39 - 00000064 _____ () C:\Users\Ginny\AppData\Local\8287343cd1ae64b0329f8f2e03f1c8e4
2015-05-16 23:38 - 2015-05-16 23:38 - 00000000 ____D () C:\Users\Ginny\Documents\vlc
2015-05-16 20:01 - 2015-05-16 20:01 - 00000000 ____D () C:\Program Files (x86)\GUM3B9F.tmp
2015-05-06 06:58 - 2015-05-16 23:52 - 00016056 _____ (SlimWare Utilities, Inc.) C:\windows\system32\Drivers\SWDUMon.sys
2015-05-06 06:58 - 2015-05-06 06:58 - 00000000 ____D () C:\Users\Public\Documents\Downloaded Installers
2015-05-06 06:58 - 2015-05-06 06:58 - 00000000 ____D () C:\Users\Ginny\AppData\Local\SlimWare Utilities Inc
2015-05-05 07:00 - 2015-05-18 16:27 - 00000000 ____D () C:\Program Files (x86)\Megasoft Security
2015-04-29 07:58 - 2015-04-29 07:58 - 00000000 ____D () C:\Program Files (x86)\Windows Resource Kits

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-05-19 19:13 - 2009-07-14 01:13 - 00743352 _____ () C:\windows\system32\PerfStringBackup.INI
2015-05-19 18:50 - 2009-07-14 00:45 - 00015792 ____H () C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-05-19 18:50 - 2009-07-14 00:45 - 00015792 ____H () C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-05-19 18:46 - 2009-07-13 22:34 - 00000922 _____ () C:\windows\win.ini
2015-05-19 18:42 - 2015-02-28 20:47 - 00000894 _____ () C:\windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-05-19 18:42 - 2009-07-14 01:08 - 00000006 ____H () C:\windows\Tasks\SA.DAT
2015-05-19 08:50 - 2015-02-28 20:44 - 00000000 ____D () C:\Users\Ginny\AppData\Roaming\Skype
2015-05-19 08:06 - 2009-07-13 23:20 - 00000000 ____D () C:\windows\system32\NDF
2015-05-19 07:38 - 2015-03-02 11:03 - 00073728 _____ () C:\windows\SysWOW64\tasks.dll
2015-05-19 07:10 - 2015-02-28 20:47 - 00000898 _____ () C:\windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-05-19 07:09 - 2015-03-05 20:15 - 00000830 _____ () C:\windows\Tasks\Adobe Flash Player Updater.job
2015-05-19 07:01 - 2009-07-14 01:37 - 00000000 ____D () C:\windows\DigitalLocker
2015-05-18 20:45 - 2015-03-07 06:41 - 00136408 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\MBAMSwissArmy.sys
2015-05-18 20:45 - 2015-03-01 00:21 - 00107736 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\mbamchameleon.sys
2015-05-18 16:27 - 2009-07-13 23:20 - 00000000 ____D () C:\Program Files\Common Files\System
2015-05-18 16:26 - 2015-03-06 16:33 - 00000000 ____D () C:\6f752f6e-ddf8-4bae-80c5-abc6de917856
2015-05-17 13:52 - 2015-03-01 09:19 - 00001291 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2015-05-17 13:52 - 2015-03-01 09:19 - 00001279 _____ () C:\Users\Public\Desktop\Mozilla Firefox.lnk
2015-05-17 02:50 - 2015-02-28 20:34 - 00001536 _____ () C:\Users\Ginny\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2015-05-16 20:05 - 2015-02-28 20:47 - 00003894 _____ () C:\windows\System32\Tasks\GoogleUpdateTaskMachineUA
2015-05-16 20:05 - 2015-02-28 20:47 - 00003642 _____ () C:\windows\System32\Tasks\GoogleUpdateTaskMachineCore
2015-05-12 20:39 - 2015-03-01 09:41 - 00000000 ____D () C:\Users\Ginny\AppData\Roaming\Azureus
2015-05-10 21:31 - 2009-07-14 01:08 - 00032574 _____ () C:\windows\Tasks\SCHEDLGU.TXT
2015-05-10 02:52 - 2015-03-31 18:06 - 00000000 ____D () C:\windows\Minidump
2015-05-06 08:11 - 2015-02-28 20:43 - 00000000 ___RD () C:\Program Files (x86)\Skype
2015-05-06 08:11 - 2015-02-28 20:43 - 00000000 ____D () C:\ProgramData\Skype

==================== Files in the root of some directories =======

2015-03-29 05:57 - 2015-03-29 05:57 - 0009662 _____ () C:\Users\Ginny\AppData\Roaming\em_64x64.ico
2015-03-01 00:25 - 2015-03-07 04:26 - 0000126 _____ () C:\Users\Ginny\AppData\Roaming\WB.CFG
2015-03-18 16:38 - 2015-04-07 16:23 - 0000572 _____ () C:\Users\Ginny\AppData\Roaming\wklnhst.dat
2015-05-16 23:39 - 2015-05-16 23:39 - 0000064 _____ () C:\Users\Ginny\AppData\Local\8287343cd1ae64b0329f8f2e03f1c8e4
2015-03-02 20:49 - 2015-03-02 20:49 - 0274045 _____ () C:\Users\Ginny\AppData\Local\dsi1.dat
2015-03-02 20:49 - 2015-03-02 20:49 - 0161916 _____ () C:\Users\Ginny\AppData\Local\dsi2.dat

Some content of TEMP:
====================
C:\Users\Ginny\AppData\Local\Temp\bes91E4.exe
C:\Users\Ginny\AppData\Local\Temp\compete.exe
C:\Users\Ginny\AppData\Local\Temp\cw.exe
C:\Users\Ginny\AppData\Local\Temp\jue5EC4.exe
C:\Users\Ginny\AppData\Local\Temp\Uninstall.exe

Some zero byte size files/folders:
==========================
C:\Windows\logo1_.exe
C:\Windows\logo_1.exe
C:\Windows\RUNDL132.EXE
C:\Windows\rundll16.exe
C:\Windows\VDLL.DLL
C:\Windows\SysWOW64\runouce.exe

==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2015-05-04 00:20

==================== End Of Log ============================

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 19-05-2015
Ran by Ginny (administrator) on GINNY-PC on 19-05-2015 19:17:49
Running from C:\Users\Ginny\Desktop
Loaded Profiles: Ginny (Available profiles: Ginny)
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: English (United States)
Internet Explorer Version 11 (Default browser: IE)
Boot Mode: Safe Mode (with Networking)
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe

==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [] => [X]
HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [7982112 2009-07-29] (Realtek Semiconductor)
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [1815848 2009-07-20] (Synaptics Incorporated)
HKLM\...\Run: [TPwrMain] => C:\Program Files\TOSHIBA\Power Saver\TPwrMain.EXE [497504 2009-08-05] (TOSHIBA Corporation)
HKLM\...\Run: [SmoothView] => C:\Program Files\Toshiba\SmoothView\SmoothView.exe [508216 2009-07-28] (TOSHIBA Corporation)
HKLM\...\Run: [00TCrdMain] => C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe [909624 2009-08-05] (TOSHIBA Corporation)
HKLM\...\Run: [TosWaitSrv] => C:\Program Files\TOSHIBA\TPHM\TosWaitSrv.exe [711000 2009-08-04] (TOSHIBA Corporation)
HKLM\...\Run: [Teco] => C:\Program Files\TOSHIBA\TECO\Teco.exe [1482080 2009-08-11] (TOSHIBA Corporation)
HKLM\...\Run: [SmartFaceVWatcher] => C:\Program Files\Toshiba\SmartFaceV\SmartFaceVWatcher.exe [238080 2009-07-29] (TOSHIBA Corporation)
HKLM\...\Run: [TosSENotify] => C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosWaitSrv.exe [709976 2009-08-03] (TOSHIBA Corporation)
HKLM\...\Run: [TosNC] => C:\Program Files\Toshiba\BulletinBoard\TosNcCore.exe [595816 2009-10-28] (TOSHIBA Corporation)
HKLM\...\Run: [TosReelTimeMonitor] => C:\Program Files\TOSHIBA\ReelTime\TosReelTimeMonitor.exe [34648 2009-10-29] (TOSHIBA Corporation)
HKLM\...\Run: [shopperz64] => C:\Program Files\shopperz\wrex64.exe [460648 2015-05-14] ()
HKLM-x32\...\Run: [TWebCamera] => C:\Program Files (x86)\TOSHIBA\TOSHIBA Web Camera Application\TWebCamera.exe [2446648 2009-08-11] (TOSHIBA CORPORATION.)
HKLM-x32\...\Run: [Desktop Disc Tool] => C:\Program Files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe [498160 2009-07-13] ()
HKLM-x32\...\Run: [TkBellExe] => C:\Program Files (x86)\Real\RealPlayer\Update\realsched.exe [296520 2015-03-07] (RealNetworks, Inc.)
HKLM-x32\...\Run: [RealDownloader] => C:\Program Files (x86)\RealNetworks\RealDownloader\downloader2.exe [560192 2014-10-29] ()
HKLM-x32\...\Run: [Adobe Reader Speed Launcher] => C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe [35696 2009-02-27] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [ospd_us_1068] => [X]
Winlogon\Notify\igfxcui: C:\windows\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-494707120-3277395189-1778691621-1000\...\Run: [swg] => C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [39408 2009-11-12] (Google Inc.)
HKU\S-1-5-21-494707120-3277395189-1778691621-1000\...\Run: [Messenger (Yahoo!)] => C:\Program Files (x86)\Yahoo!\Messenger\YahooMessenger.exe [6595928 2012-05-25] (Yahoo! Inc.)
HKU\S-1-5-21-494707120-3277395189-1778691621-1000\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [7416088 2015-02-19] (Piriform Ltd)
HKU\S-1-5-18\...\RunOnce: [SPReview] => C:\windows\System32\SPReview\SPReview.exe [301568 2015-03-03] (Microsoft Corporation)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\RealPlayer Cloud Service UI.lnk [2015-03-07]
ShortcutTarget: RealPlayer Cloud Service UI.lnk -> C:\Program Files (x86)\Real\RealPlayer\RPDS\Bin64\rpsystray.exe (RealNetworks, Inc.)
Startup: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Best Buy pc app.lnk [2015-03-01]
ShortcutTarget: Best Buy pc app.lnk -> C:\ProgramData\Best Buy pc app\ClickOnceSetup.exe (Microsoft)
Startup: C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Best Buy pc app.lnk [2015-03-01]
ShortcutTarget: Best Buy pc app.lnk -> C:\ProgramData\Best Buy pc app\ClickOnceSetup.exe (Microsoft)
Startup: C:\Users\Ginny\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\hqghumeaylnlf.lnk [2015-05-16]
ShortcutTarget: hqghumeaylnlf.lnk -> C:\ProgramData\{b692dcdd-4424-2c32-b692-2dcdd4427375}\hqghumeaylnlf.exe (No File)
Startup: C:\Users\Ginny\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Wipe Tray Agent.lnk [2015-05-17]
ShortcutTarget: Wipe Tray Agent.lnk -> C:\Program Files\Wipe\Wipe.exe (No File)
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\S-1-5-21-494707120-3277395189-1778691621-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Local Page =
HKU\S-1-5-21-494707120-3277395189-1778691621-1000\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.yahoo.com/
URLSearchHook: HKU\S-1-5-21-494707120-3277395189-1778691621-1000 - (No Name) - {D8278076-BC68-4484-9233-6E7F1628B56C} - No File
SearchScopes: HKLM -> DefaultScope {C8BB6DE4-E445-4311-AA0B-6BAD3CE44222} URL = http://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7TSNA
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM -> {0b4d26f6-61a8-4463-99dd-5f2fe0400fa6} URL =
SearchScopes: HKLM -> {C8BB6DE4-E445-4311-AA0B-6BAD3CE44222} URL = http://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7TSNA
SearchScopes: HKU\S-1-5-21-494707120-3277395189-1778691621-1000 -> DefaultScope {C8BB6DE4-E445-4311-AA0B-6BAD3CE44222} URL =
SearchScopes: HKU\S-1-5-21-494707120-3277395189-1778691621-1000 -> {C8BB6DE4-E445-4311-AA0B-6BAD3CE44222} URL =
BHO: RealNetworks Download and Record Plugin for Internet Explorer -> {3049C3E9-B461-4BC5-8870-4C09146192CA} -> C:\Program Files (x86)\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin64.dll [2014-10-27] (RealDownloader)
BHO: shopperz -> {5081D2D4-1637-404c-B74F-50526718257D} -> C:\Program Files\shopperz\mseff64.dll [2015-05-14] ()
BHO: Partner BHO Class -> {83FF80F4-8C74-4b80-B5BA-C8DDD434E5C4} -> C:\ProgramData\Partner\Partner64.dll No File
BHO: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2015-03-04] (Google Inc.)
BHO: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll [2014-07-14] (Microsoft Corporation)
BHO: Google Toolbar Notifier BHO -> {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} -> C:\Program Files\Google\GoogleToolbarNotifier\5.10.11023.1534\swg64.dll [2015-03-04] (Google Inc.)
BHO: Consumer Input DCA BHO -> {B49699FC-1665-4414-A1CB-C4A2A4A13EEC} -> C:\Program Files (x86)\Consumer Input\InternetExplorer\x64\dca-bho.dll [2015-02-25] (Compete, Inc.)
BHO-x32: &Yahoo! Toolbar Helper -> {02478D38-C3F9-4efb-9B51-7695ECA05670} -> C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn0\yt.dll [2013-08-07] (Yahoo! Inc.)
BHO-x32: Adobe PDF Link Helper -> {18DF081C-E8AD-4283-A596-FA578C2EBDC3} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2009-02-27] (Adobe Systems Incorporated)
BHO-x32: RealNetworks Download and Record Plugin for Internet Explorer -> {3049C3E9-B461-4BC5-8870-4C09146192CA} -> C:\Program Files (x86)\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin.dll [2014-10-27] (RealDownloader)
BHO-x32: shopperz -> {5081D2D4-1637-404c-B74F-50526718257D} -> C:\Program Files\shopperz\mseff32.dll [2015-05-14] ()
BHO-x32: No Name -> {5C255C8A-E604-49b4-9D64-90988571CECB} ->  No File
BHO-x32: Partner BHO Class -> {83FF80F4-8C74-4b80-B5BA-C8DDD434E5C4} -> C:\ProgramData\Partner\Partner.dll No File
BHO-x32: Windows Live Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-01-22] (Microsoft Corporation)
BHO-x32: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll [2015-03-04] (Google Inc.)
BHO-x32: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2014-07-14] (Microsoft Corporation)
BHO-x32: Google Toolbar Notifier BHO -> {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} -> C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.10.11023.1534\swg.dll [2015-03-04] (Google Inc.)
BHO-x32: Consumer Input DCA BHO -> {B49699FC-1665-4414-A1CB-C4A2A4A13EEC} -> C:\Program Files (x86)\Consumer Input\InternetExplorer\dca-bho.dll [2015-02-25] (Compete, Inc.)
BHO-x32: PathMaxx 1.0.0.7 -> {cf6bd74e-5c54-4129-8b10-c931bc156fe8} -> C:\Program Files (x86)\PathMaxx\PathMaxxbho.dll [2015-05-04] (PathMaxx)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll [2009-11-12] (Sun Microsystems, Inc.)
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2015-03-04] (Google Inc.)
Toolbar: HKLM-x32 - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll [2015-03-04] (Google Inc.)
Toolbar: HKLM-x32 - Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn0\yt.dll [2013-08-07] (Yahoo! Inc.)
Toolbar: HKU\S-1-5-21-494707120-3277395189-1778691621-1000 -> Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2015-03-04] (Google Inc.)
Toolbar: HKU\S-1-5-21-494707120-3277395189-1778691621-1000 -> No Name - {5245414C-312D-5350-00A7-7A786E7484D7} -  No File
Handler-x32: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll [2009-07-26] (Microsoft Corporation)
Handler-x32: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll [2009-07-26] (Microsoft Corporation)
Handler: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll [2014-07-14] (Microsoft Corporation)
Handler-x32: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2014-07-14] (Microsoft Corporation)
Hosts: Hosts file not detected in the default directory
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1 209.18.47.61 209.18.47.62

FireFox:
========
FF ProfilePath: C:\Users\Ginny\AppData\Roaming\Mozilla\Firefox\Profiles\ay8mqpk8.default-1425701412547
FF Plugin: @bestbuy.com/npBestBuyPcAppDetector,version=1.0 -> C:\ProgramData\Best Buy pc app\npBestBuyPcAppDetector.dll [2011-08-29] (Best Buy)
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @bestbuy.com/npBestBuyPcAppDetector,version=1.0 -> C:\ProgramData\Best Buy pc app\npBestBuyPcAppDetector.dll [2011-08-29] (Best Buy)
FF Plugin-x32: @messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6 -> C:\Program Files (x86)\Yahoo!\Shared\npYState.dll [2012-05-25] (Yahoo! Inc.)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\3.0.40624.0\npctrl.dll [2009-06-24] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=14.0.8081.0709 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2009-07-10] (Microsoft Corporation)
FF Plugin-x32: @real.com/nppl3260;version=17.0.15.10 -> C:\Program Files (x86)\Real\RealPlayer\Netscape6\nppl3260.dll [2015-03-07] (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprndlhtml5videoshim;version=17.0.15 -> C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlhtml5videoshim.dll [2014-10-27] (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprpplugin;version=17.0.15.10 -> C:\Program Files (x86)\Real\RealPlayer\Netscape6\nprpplugin.dll [2015-03-07] (RealPlayer Cloud)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-02-28] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-02-28] (Google Inc.)
FF user.js: detected! => C:\Users\Ginny\AppData\Roaming\Mozilla\Firefox\Profiles\ay8mqpk8.default-1425701412547\user.js [2015-05-17]
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\GoSearch.xml [2015-04-29]
FF Extension: Ge-Force - C:\Users\Ginny\AppData\Roaming\Mozilla\Firefox\Profiles\ay8mqpk8.default-1425701412547\Extensions\TTSD90021300@PYDKGV101145942.com [2015-05-17]
FF Extension: PathMaxx 1.0.1 - C:\Users\Ginny\AppData\Roaming\Mozilla\Firefox\Profiles\ay8mqpk8.default-1425701412547\Extensions\{b5648ada-2fb6-4c3d-9086-16c88ae7a921}.xpi [2015-05-17]
FF Extension: Firefox Helper Tool - C:\Program Files (x86)\Mozilla Firefox\distribution\bundles\8526c86a0cae50f276bc2203927fee03 [2015-04-25]
FF Extension: Firefox Helper - C:\Program Files (x86)\Mozilla Firefox\distribution\bundles\882acb6c0dae4ff077bc2103917fed03 [2015-03-06]
FF HKLM\...\Firefox\Extensions: [{5081D2D4-1637-404c-B74F-50526718257D}] - C:\Program Files\shopperz\Firefox
FF Extension: shopperz - C:\Program Files\shopperz\Firefox [2015-05-17]
FF HKLM-x32\...\Firefox\Extensions: [{338950EA-82DB-44C1-930D-0C28E023C9F0}] - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext
FF Extension: RealDownloader - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext [2015-03-07]
FF HKLM-x32\...\Firefox\Extensions: [{ABDE892B-13A8-4d1b-88E6-365A6E755758}] - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext
FF HKLM-x32\...\Firefox\Extensions: [{5081D2D4-1637-404c-B74F-50526718257D}] - C:\Program Files\shopperz\Firefox
FF HKU\S-1-5-21-494707120-3277395189-1778691621-1000\...\Firefox\Extensions: [ConsumerInput@Compete] - C:\Program Files (x86)\Consumer Input\Firefox\ciff-3.2.0-12099.xpi
FF Extension: Consumer Input - C:\Program Files (x86)\Consumer Input\Firefox\ciff-3.2.0-12099.xpi [2015-01-21]

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

S2 70F4EEDB-1367-4b4f-8247-3133551A7415; C:\Program Files\shopperz\grunt.exe [281960 2015-05-14] ()
S2 c2cautoupdatesvc; C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [1390176 2014-07-14] (Microsoft Corporation)
S2 c2cpnrsvc; C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [1767520 2014-07-14] (Microsoft Corporation)
S2 consumerinput_update; C:\Program Files (x86)\Consumer Input\Update\ConsumerInputUpdate.exe [105944 2015-05-18] (ConsumerInput)
S3 consumerinput_updatem; C:\Program Files (x86)\Consumer Input\Update\ConsumerInputUpdate.exe [105944 2015-05-18] (ConsumerInput)
S2 PrivoxyService; C:\Program Files (x86)\Megasoft Security\privoxy.exe [371200 2015-05-05] (The Privoxy team - www.privoxy.org) [File not signed] <==== ATTENTION
S2 RealNetworks Downloader Resolver Service; C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe [39568 2014-10-27] ()
S2 RealPlayer Cloud Service; C:\Program Files (x86)\Real\RealPlayer\RPDS\Bin\rpdsvc.exe [1141848 2015-03-07] (RealNetworks, Inc.)
S2 RealPlayerUpdateSvc; C:\Program Files (x86)\Real\UpdateService\RealPlayerUpdateSvc.exe [31856 2014-10-30] ()
S2 shopperz Updater; C:\Program Files\shopperz\nseven.exe [170344 2015-05-14] ()
S2 Update PathMaxx; C:\Program Files (x86)\PathMaxx\updatePathMaxx.exe [658664 2015-05-19] ()
S2 Util PathMaxx; C:\Program Files (x86)\PathMaxx\bin\utilPathMaxx.exe [658664 2015-05-19] ()
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)
S2 cdc5517a; "C:\windows\system32\rundll32.exe" "c:\Program Files (x86)\Optimizer Pro 3.91\OptProMon.dll",ENT <==== ATTENTION
S2 hukylyqu; C:\Users\Ginny\AppData\Roaming\A0249120-1431834439-DE11-BBA9-00266C3C43F3\nsm6043.tmpfs [X]
S3 Partner Service; "C:\ProgramData\Partner\Partner.exe" [X]

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

S3 SPBIUpdd; C:\Program Files\Common Files\ShopperPro\spbiw.sys [41624 2015-05-16] ()
S3 SWDUMon; C:\Windows\System32\DRIVERS\SWDUMon.sys [16056 2015-05-16] (SlimWare Utilities, Inc.)
S3 trufos; C:\Windows\System32\drivers\trufos.sys [350160 2015-05-17] (BitDefender S.R.L.)
R1 {b5648ada-2fb6-4c3d-9086-16c88ae7a921}w64; C:\Windows\System32\drivers\{b5648ada-2fb6-4c3d-9086-16c88ae7a921}w64.sys [48776 2015-05-18] (StdLib)
S3 EsgScanner; system32\DRIVERS\EsgScanner.sys [X]
S2 SPDRIVER_1.42.1.1841; \??\C:\Program Files (x86)\ShopperPro\JSDriver\1.42.1.1841\jsdrv.sys [X]
S2 webTinstMKTN84; \??\C:\windows\system32\Drivers\webTinstMKTN84.sys [X]
S1 {b5648ada-2fb6-4c3d-9086-16c88ae7a921}Gw64; system32\drivers\{b5648ada-2fb6-4c3d-9086-16c88ae7a921}Gw64.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)

==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-05-19 19:17 - 2015-05-19 19:17 - 00019184 _____ () C:\Users\Ginny\Desktop\FRST.txt
2015-05-19 19:15 - 2015-05-19 19:15 - 02107904 _____ (Farbar) C:\Users\Ginny\Desktop\FRST64.exe
2015-05-19 19:14 - 2015-05-19 19:17 - 00000000 ____D () C:\FRST
2015-05-19 18:43 - 2015-05-19 18:43 - 00079152 _____ () C:\Users\Ginny\AppData\Local\GDIPFONTCACHEV1.DAT
2015-05-19 08:22 - 2015-05-19 19:08 - 00006173 _____ () C:\windows\WindowsUpdate.log
2015-05-19 08:21 - 2015-05-19 18:42 - 00000112 _____ () C:\windows\setupact.log
2015-05-19 08:21 - 2015-05-19 08:21 - 00338960 _____ () C:\windows\system32\FNTCACHE.DAT
2015-05-19 08:21 - 2015-05-19 08:21 - 00000000 _____ () C:\windows\setuperr.log
2015-05-19 07:02 - 2015-05-18 13:36 - 00048776 _____ (StdLib) C:\windows\system32\Drivers\{b5648ada-2fb6-4c3d-9086-16c88ae7a921}w64.sys
2015-05-18 20:45 - 2015-05-19 08:07 - 00000000 ____D () C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2015-05-18 20:43 - 2015-05-19 07:00 - 00000000 ____D () C:\Users\Ginny\Desktop\mbar
2015-05-18 17:37 - 2015-05-18 17:37 - 00000945 _____ () C:\Users\Public\Desktop\Removal Tool.lnk
2015-05-18 17:37 - 2015-05-18 17:37 - 00000000 ____D () C:\Users\Ginny\AppData\Roaming\9-lab
2015-05-18 17:37 - 2015-05-18 17:37 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\9-lab Removal Tool
2015-05-18 17:37 - 2015-05-18 17:37 - 00000000 ____D () C:\ProgramData\9-lab
2015-05-18 17:37 - 2015-05-18 17:37 - 00000000 ____D () C:\Program Files\9-lab
2015-05-18 17:09 - 2015-05-18 17:09 - 00000000 ____D () C:\Users\Ginny\AppData\Roaming\Compete
2015-05-18 14:53 - 2015-05-18 14:53 - 00000000 ____D () C:\Program Files (x86)\Setup Support for Consumer Input
2015-05-18 14:52 - 2015-05-19 19:08 - 00000360 _____ () C:\windows\Tasks\CIMT_S-1-5-21-494707120-3277395189-1778691621-1000.job
2015-05-18 14:52 - 2015-05-18 14:52 - 00003396 _____ () C:\windows\System32\Tasks\CIMT_daily_S-1-5-21-494707120-3277395189-1778691621-1000
2015-05-18 14:52 - 2015-05-18 14:52 - 00003274 _____ () C:\windows\System32\Tasks\CIMT_S-1-5-21-494707120-3277395189-1778691621-1000
2015-05-18 14:52 - 2015-05-18 14:52 - 00000394 _____ () C:\windows\Tasks\CIMT_daily_S-1-5-21-494707120-3277395189-1778691621-1000.job
2015-05-18 14:50 - 2015-05-19 18:55 - 00000968 _____ () C:\windows\Tasks\ConsumerInputUpdateTaskMachineUA.job
2015-05-18 14:50 - 2015-05-19 18:42 - 00000964 _____ () C:\windows\Tasks\ConsumerInputUpdateTaskMachineCore.job
2015-05-18 14:50 - 2015-05-18 14:50 - 00003964 _____ () C:\windows\System32\Tasks\ConsumerInputUpdateTaskMachineUA
2015-05-18 14:50 - 2015-05-18 14:50 - 00003712 _____ () C:\windows\System32\Tasks\ConsumerInputUpdateTaskMachineCore
2015-05-18 14:50 - 2015-05-18 14:50 - 00000000 ____D () C:\Users\Ginny\AppData\Local\Consumer Input
2015-05-18 14:49 - 2015-05-18 14:52 - 00000000 ____D () C:\Program Files (x86)\Consumer Input
2015-05-17 20:12 - 2015-05-18 17:03 - 00000000 ____D () C:\Users\Ginny\AppData\Local\gmsd_us_589
2015-05-17 20:12 - 2015-05-18 17:03 - 00000000 ____D () C:\Program Files (x86)\gmsd_us_589
2015-05-17 20:11 - 2015-05-17 20:13 - 00000000 ____D () C:\Program Files (x86)\PathMaxx
2015-05-17 18:40 - 2015-05-19 07:00 - 00000000 ____D () C:\Program Files\shopperz
2015-05-17 18:40 - 2015-05-17 18:40 - 00003620 _____ () C:\windows\System32\Tasks\gtaUpt
2015-05-17 18:01 - 2015-05-19 18:42 - 00000330 _____ () C:\windows\Tasks\LMVHRTEJX1.job
2015-05-17 18:01 - 2015-05-18 16:28 - 00000000 ____D () C:\ProgramData\04741f5cd84a49bcb1c2ee8c75c31c52
2015-05-17 18:01 - 2015-05-17 18:01 - 00003558 _____ () C:\windows\System32\Tasks\NCCQRI
2015-05-17 18:01 - 2015-05-17 18:01 - 00002852 _____ () C:\windows\System32\Tasks\LMVHRTEJX1
2015-05-17 18:01 - 2015-05-17 18:01 - 00000000 ____D () C:\ProgramData\FlashBeat
2015-05-17 18:01 - 2015-05-17 18:01 - 00000000 ____D () C:\ProgramData\28341ff220e0446c9fff27c4493d622e
2015-05-17 16:45 - 2015-05-17 16:45 - 00000000 ____D () C:\Program Files (x86)\ESET
2015-05-17 16:44 - 2015-05-17 16:44 - 02347384 _____ (ESET) C:\Users\Ginny\Desktop\esetsmartinstaller_enu.exe
2015-05-17 16:31 - 2015-05-17 16:39 - 00000000 ____D () C:\Users\Ginny\AppData\Roaming\ZHP
2015-05-17 16:31 - 2015-05-17 16:31 - 00000803 _____ () C:\Users\Ginny\Desktop\ZHPCleaner.lnk
2015-05-17 16:22 - 2015-05-18 16:26 - 00000000 ____D () C:\Program Files\Adware-Removal-Tool
2015-05-17 16:22 - 2015-05-17 16:22 - 00290304 _____ (Microsoft Corporation) C:\windows\SysWOW64\subinacl.exe
2015-05-17 13:50 - 2015-05-17 13:50 - 00000000 ____D () C:\Users\Ginny\AppData\Local\Zemana
2015-05-17 03:38 - 2015-05-17 03:39 - 16108197 _____ () C:\windows\REGBK00.ZIP
2015-05-17 03:37 - 2015-05-17 03:37 - 00000000 ____D () C:\windows\VDLL.DLL
2015-05-17 03:37 - 2015-05-17 03:37 - 00000000 ____D () C:\windows\SysWOW64\runouce.exe
2015-05-17 03:37 - 2015-05-17 03:37 - 00000000 ____D () C:\windows\rundll16.exe
2015-05-17 03:37 - 2015-05-17 03:37 - 00000000 ____D () C:\windows\RUNDL132.EXE
2015-05-17 03:37 - 2015-05-17 03:37 - 00000000 ____D () C:\windows\logo1_.exe
2015-05-17 03:37 - 2015-05-17 03:37 - 00000000 ____D () C:\windows\logo_1.exe
2015-05-17 03:32 - 2015-05-17 03:37 - 00000056 _____ () C:\windows\Lic.xxx
2015-05-17 03:31 - 2015-05-17 03:31 - 00655872 _____ (Microsoft Corporation) C:\windows\SysWOW64\msvcr90.dll
2015-05-17 03:31 - 2015-05-17 03:31 - 00632064 _____ (Microsoft Corporation) C:\windows\SysWOW64\msvcr80.dll
2015-05-17 03:31 - 2015-05-17 03:31 - 00572928 _____ (Microsoft Corporation) C:\windows\SysWOW64\msvcp90.dll
2015-05-17 03:31 - 2015-05-17 03:31 - 00554240 _____ (Microsoft Corporation) C:\windows\SysWOW64\msvcp80.dll
2015-05-17 03:31 - 2015-05-17 03:31 - 00350160 _____ (BitDefender S.R.L.) C:\windows\system32\Drivers\trufos.sys
2015-05-17 03:31 - 2015-05-17 03:31 - 00156392 _____ (MicroWorld Technologies Inc.) C:\windows\SysWOW64\eEmpty.exe
2015-05-17 03:30 - 2015-05-17 03:30 - 00001026 _____ () C:\Users\Ginny\Desktop\MWAVSCAN.lnk
2015-05-17 03:30 - 2015-05-17 03:30 - 00000000 ____D () C:\ProgramData\MicroWorld
2015-05-17 03:19 - 2015-05-17 17:39 - 00000000 ____D () C:\Program Files (x86)\System Ninja
2015-05-17 02:59 - 2015-05-18 16:27 - 00000000 ____D () C:\Program Files\Common Files\ShopperPro
2015-05-17 02:59 - 2015-05-17 02:59 - 00004506 _____ () C:\windows\System32\Tasks\ShopperPro
2015-05-17 02:59 - 2015-05-17 02:59 - 00003494 _____ () C:\windows\System32\Tasks\SPDriver
2015-05-17 02:58 - 2015-05-17 02:58 - 00005794 _____ () C:\windows\System32\Tasks\ae7e27e2-d0d7-4feb-8fb0-24133894cfee-5
2015-05-17 02:57 - 2015-05-17 02:57 - 00006822 _____ () C:\windows\System32\Tasks\ae7e27e2-d0d7-4feb-8fb0-24133894cfee-1-7
2015-05-17 02:57 - 2015-05-17 02:57 - 00006476 _____ () C:\windows\System32\Tasks\ae7e27e2-d0d7-4feb-8fb0-24133894cfee-1-6
2015-05-17 02:57 - 2015-05-17 02:57 - 00003568 _____ () C:\windows\System32\Tasks\ShopperProJSUpd
2015-05-17 02:56 - 2015-05-17 02:56 - 00007498 _____ () C:\windows\System32\Tasks\ae7e27e2-d0d7-4feb-8fb0-24133894cfee-4
2015-05-17 02:56 - 2015-05-17 02:56 - 00003254 _____ () C:\windows\System32\Tasks\Optimizer Pro Schedule
2015-05-17 02:52 - 2015-05-18 16:59 - 00000000 ____D () C:\Users\Ginny\AppData\Roaming\A0249120-1431845576-DE11-BBA9-00266C3C43F3
2015-05-17 02:51 - 2015-05-17 02:51 - 00003722 _____ () C:\windows\System32\Tasks\SMupdate1
2015-05-17 02:50 - 2015-05-17 02:55 - 00003720 _____ () C:\windows\System32\Tasks\Inst_Rep
2015-05-17 02:50 - 2015-05-17 02:50 - 00004240 _____ () C:\windows\System32\Tasks\SMW_UpdateTask_Time_323339383739353133312d3437415a556c2a3223346c41
2015-05-17 02:50 - 2015-05-17 02:50 - 00003904 _____ () C:\windows\System32\Tasks\YTDownloaderUpd
2015-05-17 02:50 - 2015-05-17 02:50 - 00003840 _____ () C:\windows\System32\Tasks\Smp
2015-05-17 02:50 - 2015-05-17 02:50 - 00003592 _____ () C:\windows\System32\Tasks\SMWUpd
2015-05-17 02:50 - 2015-05-17 02:50 - 00003582 _____ () C:\windows\System32\Tasks\YTDownloader
2015-05-17 02:50 - 2015-05-17 02:50 - 00003074 _____ () C:\windows\System32\Tasks\SpeeditUp Update
2015-05-17 02:50 - 2015-05-17 02:50 - 00002336 _____ () C:\windows\patsearch.bin
2015-05-17 02:50 - 2015-05-17 02:50 - 00000000 ____D () C:\ProgramData\SearchModule
2015-05-17 02:50 - 2015-05-17 02:50 - 00000000 ____D () C:\Program Files\Common Files\Goobzo
2015-05-17 01:34 - 2015-05-17 01:34 - 00000000 ____N () C:\autoexec.bat
2015-05-17 01:33 - 2015-05-17 01:33 - 00003326 _____ () C:\windows\System32\Tasks\SpyHunter4Startup
2015-05-17 01:19 - 2015-05-17 03:43 - 00000000 ____D () C:\ProgramData\{b692dcdd-4424-2c32-b692-2dcdd4427375}
2015-05-17 01:18 - 2015-05-17 01:18 - 00001023 _____ () C:\windows\SysWOW64\${LOGFILE}
2015-05-17 01:04 - 2015-05-17 01:04 - 00000000 ____D () C:\263d21bb391d7b9137729bff0787ef
2015-05-17 00:55 - 2015-05-17 03:26 - 00000000 ____D () C:\Users\Ginny\AppData\Roaming\A0249120-1431838549-DE11-BBA9-00266C3C43F3
2015-05-17 00:42 - 2015-05-17 01:21 - 00000000 ____D () C:\Users\Ginny\AppData\Roaming\WTools
2015-05-17 00:40 - 2015-05-17 01:23 - 00003446 _____ () C:\windows\System32\Tasks\NetEngine
2015-05-17 00:40 - 2015-05-17 00:40 - 00000000 ____D () C:\ProgramData\NetEngine
2015-05-17 00:38 - 2015-05-17 01:12 - 00000000 ____D () C:\ProgramData\{af4db5f9-3d61-5aaf-af4d-db5f93d6d7e4}
2015-05-17 00:37 - 2015-05-17 01:22 - 00000000 ____D () C:\Program Files\Common Files\PastaLeads
2015-05-17 00:25 - 2015-05-17 00:37 - 00000000 ___HD () C:\ProgramData\exh
2015-05-17 00:00 - 2015-05-16 12:41 - 00048776 _____ (StdLib) C:\windows\system32\Drivers\{11944e07-3e46-4956-b8c7-7e52c7a44c1d}Gw64.sys.mwt
2015-05-16 23:56 - 2015-05-19 18:42 - 00000986 _____ () C:\windows\Tasks\HdSbqI7.job
2015-05-16 23:56 - 2015-05-16 23:56 - 00004012 _____ () C:\windows\System32\Tasks\HdSbqI7
2015-05-16 23:55 - 2015-05-16 23:55 - 00004086 _____ () C:\windows\System32\Tasks\Crossbrowse
2015-05-16 23:55 - 2015-05-16 23:55 - 00000000 ____D () C:\Users\Ginny\AppData\Local\Crossbrowse
2015-05-16 23:54 - 2015-05-16 23:54 - 00000000 ____D () C:\Program Files (x86)\Crossbrowse
2015-05-16 23:52 - 2015-05-16 23:52 - 00004034 _____ () C:\windows\System32\Tasks\SmartWeb Upgrade Trigger Task
2015-05-16 23:51 - 2015-05-17 02:56 - 00000004 _____ () C:\windows\SysWOW64\029B560A371F4E00AB32838EBC01B9E7
2015-05-16 23:47 - 2015-05-18 16:59 - 00000000 ____D () C:\Users\Ginny\AppData\Roaming\A0249120-1431834439-DE11-BBA9-00266C3C43F3
2015-05-16 23:47 - 2015-05-16 23:47 - 00631296 _____ () C:\windows\exh.dat
2015-05-16 23:47 - 2015-05-16 23:47 - 00408576 _____ () C:\windows\mexh.exe.mwt
2015-05-16 23:47 - 2009-06-10 17:00 - 00000824 _____ () C:\windows\system32\Drivers\etc\hp.bak
2015-05-16 23:40 - 2015-05-19 18:42 - 00001014 _____ () C:\windows\Tasks\yH9F810Vs7KCokgfyEYHj.job
2015-05-16 23:40 - 2015-05-19 18:42 - 00000330 _____ () C:\windows\Tasks\QHWXXQN1.job
2015-05-16 23:40 - 2015-05-18 16:34 - 00000000 ____D () C:\Users\Ginny\AppData\Local\ospd_us_1068
2015-05-16 23:40 - 2015-05-18 16:29 - 00000000 ____D () C:\Users\Ginny\AppData\Local\B304F891-C1A0-A742-8BFE-6D159B2B06C2
2015-05-16 23:40 - 2015-05-16 23:40 - 00004622 _____ () C:\windows\System32\Tasks\Runner for IC
2015-05-16 23:40 - 2015-05-16 23:40 - 00004040 _____ () C:\windows\System32\Tasks\yH9F810Vs7KCokgfyEYHj
2015-05-16 23:40 - 2015-05-16 23:40 - 00003980 _____ () C:\windows\System32\Tasks\LaunchPreSignup
2015-05-16 23:40 - 2015-05-16 23:40 - 00003558 _____ () C:\windows\System32\Tasks\RMYGRR
2015-05-16 23:40 - 2015-05-16 23:40 - 00002852 _____ () C:\windows\System32\Tasks\QHWXXQN1
2015-05-16 23:39 - 2015-05-17 03:43 - 00000000 ____D () C:\ProgramData\{bf493fba-ac93-3cfc-bf49-93fbaac9feea}
2015-05-16 23:39 - 2015-05-17 02:56 - 00003900 _____ () C:\windows\System32\Tasks\globalUpdateUpdateTaskMachineUA
2015-05-16 23:39 - 2015-05-17 02:56 - 00003646 _____ () C:\windows\System32\Tasks\globalUpdateUpdateTaskMachineCore
2015-05-16 23:39 - 2015-05-16 23:39 - 00000064 _____ () C:\Users\Ginny\AppData\Local\8287343cd1ae64b0329f8f2e03f1c8e4
2015-05-16 23:38 - 2015-05-16 23:38 - 00000000 ____D () C:\Users\Ginny\Documents\vlc
2015-05-16 20:01 - 2015-05-16 20:01 - 00000000 ____D () C:\Program Files (x86)\GUM3B9F.tmp
2015-05-06 06:58 - 2015-05-16 23:52 - 00016056 _____ (SlimWare Utilities, Inc.) C:\windows\system32\Drivers\SWDUMon.sys
2015-05-06 06:58 - 2015-05-06 06:58 - 00000000 ____D () C:\Users\Public\Documents\Downloaded Installers
2015-05-06 06:58 - 2015-05-06 06:58 - 00000000 ____D () C:\Users\Ginny\AppData\Local\SlimWare Utilities Inc
2015-05-05 07:00 - 2015-05-18 16:27 - 00000000 ____D () C:\Program Files (x86)\Megasoft Security
2015-04-29 07:58 - 2015-04-29 07:58 - 00000000 ____D () C:\Program Files (x86)\Windows Resource Kits

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-05-19 19:13 - 2009-07-14 01:13 - 00743352 _____ () C:\windows\system32\PerfStringBackup.INI
2015-05-19 18:50 - 2009-07-14 00:45 - 00015792 ____H () C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-05-19 18:50 - 2009-07-14 00:45 - 00015792 ____H () C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-05-19 18:46 - 2009-07-13 22:34 - 00000922 _____ () C:\windows\win.ini
2015-05-19 18:42 - 2015-02-28 20:47 - 00000894 _____ () C:\windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-05-19 18:42 - 2009-07-14 01:08 - 00000006 ____H () C:\windows\Tasks\SA.DAT
2015-05-19 08:50 - 2015-02-28 20:44 - 00000000 ____D () C:\Users\Ginny\AppData\Roaming\Skype
2015-05-19 08:06 - 2009-07-13 23:20 - 00000000 ____D () C:\windows\system32\NDF
2015-05-19 07:38 - 2015-03-02 11:03 - 00073728 _____ () C:\windows\SysWOW64\tasks.dll
2015-05-19 07:10 - 2015-02-28 20:47 - 00000898 _____ () C:\windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-05-19 07:09 - 2015-03-05 20:15 - 00000830 _____ () C:\windows\Tasks\Adobe Flash Player Updater.job
2015-05-19 07:01 - 2009-07-14 01:37 - 00000000 ____D () C:\windows\DigitalLocker
2015-05-18 20:45 - 2015-03-07 06:41 - 00136408 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\MBAMSwissArmy.sys
2015-05-18 20:45 - 2015-03-01 00:21 - 00107736 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\mbamchameleon.sys
2015-05-18 16:27 - 2009-07-13 23:20 - 00000000 ____D () C:\Program Files\Common Files\System
2015-05-18 16:26 - 2015-03-06 16:33 - 00000000 ____D () C:\6f752f6e-ddf8-4bae-80c5-abc6de917856
2015-05-17 13:52 - 2015-03-01 09:19 - 00001291 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2015-05-17 13:52 - 2015-03-01 09:19 - 00001279 _____ () C:\Users\Public\Desktop\Mozilla Firefox.lnk
2015-05-17 02:50 - 2015-02-28 20:34 - 00001536 _____ () C:\Users\Ginny\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2015-05-16 20:05 - 2015-02-28 20:47 - 00003894 _____ () C:\windows\System32\Tasks\GoogleUpdateTaskMachineUA
2015-05-16 20:05 - 2015-02-28 20:47 - 00003642 _____ () C:\windows\System32\Tasks\GoogleUpdateTaskMachineCore
2015-05-12 20:39 - 2015-03-01 09:41 - 00000000 ____D () C:\Users\Ginny\AppData\Roaming\Azureus
2015-05-10 21:31 - 2009-07-14 01:08 - 00032574 _____ () C:\windows\Tasks\SCHEDLGU.TXT
2015-05-10 02:52 - 2015-03-31 18:06 - 00000000 ____D () C:\windows\Minidump
2015-05-06 08:11 - 2015-02-28 20:43 - 00000000 ___RD () C:\Program Files (x86)\Skype
2015-05-06 08:11 - 2015-02-28 20:43 - 00000000 ____D () C:\ProgramData\Skype

==================== Files in the root of some directories =======

2015-03-29 05:57 - 2015-03-29 05:57 - 0009662 _____ () C:\Users\Ginny\AppData\Roaming\em_64x64.ico
2015-03-01 00:25 - 2015-03-07 04:26 - 0000126 _____ () C:\Users\Ginny\AppData\Roaming\WB.CFG
2015-03-18 16:38 - 2015-04-07 16:23 - 0000572 _____ () C:\Users\Ginny\AppData\Roaming\wklnhst.dat
2015-05-16 23:39 - 2015-05-16 23:39 - 0000064 _____ () C:\Users\Ginny\AppData\Local\8287343cd1ae64b0329f8f2e03f1c8e4
2015-03-02 20:49 - 2015-03-02 20:49 - 0274045 _____ () C:\Users\Ginny\AppData\Local\dsi1.dat
2015-03-02 20:49 - 2015-03-02 20:49 - 0161916 _____ () C:\Users\Ginny\AppData\Local\dsi2.dat

Some content of TEMP:
====================
C:\Users\Ginny\AppData\Local\Temp\bes91E4.exe
C:\Users\Ginny\AppData\Local\Temp\compete.exe
C:\Users\Ginny\AppData\Local\Temp\cw.exe
C:\Users\Ginny\AppData\Local\Temp\jue5EC4.exe
C:\Users\Ginny\AppData\Local\Temp\Uninstall.exe

Some zero byte size files/folders:
==========================
C:\Windows\logo1_.exe
C:\Windows\logo_1.exe
C:\Windows\RUNDL132.EXE
C:\Windows\rundll16.exe
C:\Windows\VDLL.DLL
C:\Windows\SysWOW64\runouce.exe

==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2015-05-04 00:20

==================== End Of Log ============================

 

 

 

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 19-05-2015
Ran by Ginny at 2015-05-19 19:18:16
Running from C:\Users\Ginny\Desktop
Boot Mode: Safe Mode (with Networking)
==========================================================

==================== Accounts: =============================

Administrator (S-1-5-21-494707120-3277395189-1778691621-500 - Administrator - Disabled)
Ginny (S-1-5-21-494707120-3277395189-1778691621-1000 - Administrator - Enabled) => C:\Users\Ginny
Guest (S-1-5-21-494707120-3277395189-1778691621-501 - Limited - Disabled)

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

9-lab Removal Tool (HKLM-x32\...\9-lab Removal Tool) (Version:  - )
Adobe Flash Player 17 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 17.0.0.169 - Adobe Systems Incorporated)
Adobe Reader 9.1 (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-A91000000001}) (Version: 9.1.0 - Adobe Systems Incorporated)
Best Buy pc app (Version: 3.2.2.1 - Best Buy) Hidden
Best Buy pc app (x32 Version: 3.2.2.1 - Best Buy) Hidden
CCleaner (HKLM\...\CCleaner) (Version: 5.03 - Piriform)
Compatibility Pack for the 2007 Office system (HKLM-x32\...\{90120000-0020-0409-0000-0000000FF1CE}) (Version: 12.0.4518.1014 - Microsoft Corporation)
Consumer Input (HKLM-x32\...\Setup Support for Consumer Input) (Version: 1.0 - Software Service Inc.) <==== ATTENTION
Consumer Input (remove only) (HKLM-x32\...\Consumer Input Installer) (Version:  - Compete Inc.) <==== ATTENTION
Consumer Input Update Helper (x32 Version: 1.3.25.309 - Compete Inc.) Hidden <==== ATTENTION
ESET Online Scanner v3 (HKLM-x32\...\ESET Online Scanner) (Version:  - )
FlashBeat (HKLM-x32\...\FlashBeat) (Version:  - ) <==== ATTENTION!
GamesDesktop 025.589 (HKLM-x32\...\gmsd_us_589_is1) (Version:  - GAMESDESKTOP) <==== ATTENTION
Google Toolbar for Internet Explorer (HKLM-x32\...\{2318C2B1-4965-11d4-9B18-009027A5CD4F}) (Version: 7.5.6227.252 - Google Inc.)
Google Toolbar for Internet Explorer (x32 Version: 1.0.0 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.27.5 - Google Inc.) Hidden
Idle Crawler (HKLM-x32\...\B304F891-C1A0-A742-8BFE-6D159B2B06C2) (Version: 166.0.0.1703 - GREYSTONE VENTURES LP) <==== ATTENTION
Intel® Graphics Media Accelerator Driver (HKLM\...\HDMI) (Version: 8.15.10.1883 - Intel Corporation)
Intel® Matrix Storage Manager (HKLM\...\{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}) (Version:  - Intel Corporation)
Java™ 6 Update 14 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83216014FF}) (Version: 6.0.140 - Sun Microsystems, Inc.)
Junk Mail filter update (x32 Version: 14.0.8089.726 - Microsoft Corporation) Hidden
Malwarebytes Anti-Malware version 2.0.4.1028 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.4.1028 - Malwarebytes Corporation)
Microsoft .NET Framework 4 Client Profile (HKLM\...\Microsoft .NET Framework 4 Client Profile) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft Office 2007 Service Pack 2 (SP2) (HKLM-x32\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}) (Version:  - Microsoft)
Microsoft Office Home and Student 2007 (HKLM-x32\...\HOMESTUDENTR) (Version: 12.0.6425.1000 - Microsoft Corporation)
Microsoft Office PowerPoint Viewer 2007 (English) (HKLM-x32\...\{95120000-00AF-0409-0000-0000000FF1CE}) (Version: 12.0.4518.1014 - Microsoft Corporation)
Microsoft Office Suite Activation Assistant (HKLM-x32\...\{E50AE784-FABE-46DA-A1F8-7B6B56DCB22E}) (Version: 2.9 - Microsoft Corporation)
Microsoft Silverlight (HKLM-x32\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 3.0.40624.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Works (HKLM-x32\...\{15BC8CD0-A65B-47D0-A2DD-90A824590FA8}) (Version: 9.7.0621 - Microsoft Corporation)
Mozilla Firefox 36.0.1 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 36.0.1 (x86 en-US)) (Version: 36.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 36.0 - Mozilla)
PathMaxx (HKLM\...\PathMaxx) (Version: 2015.05.17.192346 - PathMaxx) <==== ATTENTION
PlayReady PC Runtime amd64 (HKLM\...\{BCA9334F-B6C9-4F65-9A73-AC5A329A4D04}) (Version: 1.3.0 - Microsoft Corporation)
RealDownloader (x32 Version: 17.0.15.4 - RealNetworks, Inc.) Hidden
RealDownloader (x32 Version: 17.0.15.7 - RealNetworks) Hidden
RealNetworks - Microsoft Visual C++ 2008 Runtime (x32 Version: 9.0 - RealNetworks, Inc) Hidden
RealNetworks - Microsoft Visual C++ 2010 Runtime (Version: 10.0 - RealNetworks, Inc) Hidden
RealNetworks - Microsoft Visual C++ 2010 Runtime (x32 Version: 10.0 - RealNetworks, Inc) Hidden
RealPlayer Cloud (HKLM-x32\...\RealPlayer 17.0) (Version: 17.0.15 - RealNetworks)
RealPlayer Packages (HKU\S-1-5-21-494707120-3277395189-1778691621-1000\...\RealPlayer Packages) (Version:  - ) <==== ATTENTION
Realtek Ethernet Controller  Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 1.00.0008 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.5904 - Realtek Semiconductor Corp.)
Realtek USB 2.0 Card Reader (HKLM-x32\...\{96AE7E41-E34E-47D0-AC07-1091A8127911}) (Version: 6.1.7600.30101 - Realtek Semiconductor Corp.)
Realtek WLAN Driver (HKLM-x32\...\{0FB630AB-7BD8-40AE-B223-60397D57C3C9}) (Version: 2.00.0006 - Realtek)
RealUpgrade 1.1 (x32 Version: 1.1.0 - RealNetworks, Inc.) Hidden
Roxio Burn (HKLM-x32\...\{B2E47DE7-800B-40BB-BD1F-9F221C3AEE87}) (Version: 1.2 - Roxio)
Roxio Express Labeler 3 (HKLM-x32\...\{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}) (Version: 3.2.1 - Roxio)
shopperz 2.0.0.461 (HKLM\...\{5081D2D4-1637-404c-B74F-50526718257D}_is1) (Version: 2.0.0.461 - shopperz) <==== ATTENTION
Skype Click to Call (HKLM-x32\...\{6D1221A9-17BF-4EC0-81F2-27D30EC30701}) (Version: 7.3.16540.9015 - Microsoft Corporation)
Skype™ 7.4 (HKLM-x32\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 7.4.102 - Skype Technologies S.A.)
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 13.2.6.1 - Synaptics Incorporated)
TOSHIBA Application Installer (HKLM-x32\...\{970472D0-F5F9-4158-A6E3-1AE49EFEF2D3}) (Version: 9.0.1.0 - TOSHIBA)
TOSHIBA Assist (HKLM-x32\...\{1B87C40B-A60B-4EF3-9A68-706CF4B69978}) (Version: 3.00.10 - TOSHIBA)
TOSHIBA Bulletin Board (HKLM-x32\...\InstallShield_{F64684A0-754B-4637-B7F9-6E8DAA8CD5CD}) (Version: 1.5.05.64 - TOSHIBA Corporation)
TOSHIBA ConfigFree (HKLM-x32\...\{F3529665-D75E-4D6D-98F0-745C78C68E9B}) (Version: 8.0.21 - TOSHIBA Corporation)
TOSHIBA Disc Creator (HKLM\...\{5DA0E02F-970B-424B-BF41-513A5018E4C0}) (Version: 2.1.0.1 for x64 - TOSHIBA Corporation)
TOSHIBA DVD PLAYER (HKLM-x32\...\{6C5F3BDC-0A1B-4436-A696-5939629D5C31}) (Version: 3.01.0.07-A - TOSHIBA Corporation)
TOSHIBA eco Utility (HKLM-x32\...\InstallShield_{B3FF1CD9-B2F0-4D71-BB55-5F580401C48E}) (Version: 1.1.7.64 - TOSHIBA Corporation)
TOSHIBA Extended Tiles for Windows Mobility Center (HKLM-x32\...\InstallShield_{617C36FD-0CBE-4600-84B2-441CEB12FADF}) (Version:  - )
TOSHIBA Face Recognition (HKLM-x32\...\InstallShield_{F67FA545-D8E5-4209-86B1-AEE045D1003F}) (Version: 3.1.0.64 - TOSHIBA Corporation)
TOSHIBA Hardware Setup (HKLM-x32\...\{D0387727-C89D-4774-B643-B9333EAA09DE}) (Version: 2.00.11 - TOSHIBA Corporation)
TOSHIBA HDD/SSD Alert (HKLM-x32\...\InstallShield_{D4322448-B6AF-4316-B859-D8A0E84DCB38}) (Version: 3.1.64.0 - TOSHIBA Corporation)
TOSHIBA Media Controller (HKLM-x32\...\{983CD6FE-8320-4B80-A8F6-0D0366E0AA22}) (Version: 1.0.65 - TOSHIBA CORPORATION)
TOSHIBA PC Health Monitor (HKLM\...\{9DECD0F9-D3E8-48B0-A390-1CF09F54E3A4}) (Version: 1.4.1.64 - TOSHIBA Corporation)
TOSHIBA Quality Application (HKLM-x32\...\{E69992ED-A7F6-406C-9280-1C156417BC49}) (Version: 1.0.1 - TOSHIBA)
TOSHIBA Recovery Media Creator (HKLM\...\{B65BBB06-1F8E-48F5-8A54-B024A9E15FDF}) (Version: 2.1.0.4 for x64 - TOSHIBA Corporation)
TOSHIBA ReelTime (HKLM-x32\...\InstallShield_{5BCC94A1-DEF1-4AB4-8046-BC13048E929A}) (Version: 1.5.07.64 - TOSHIBA Corporation)
TOSHIBA Service Station (HKLM-x32\...\{AC6569FA-6919-442A-8552-073BE69E247A}) (Version: 2.1.33 - TOSHIBA)
TOSHIBA Speech System Applications (HKLM-x32\...\{EE033C1F-443E-41EC-A0E2-559B539A4E4D}) (Version: 1.00.2518 - )
TOSHIBA Speech System SR Engine(U.S.) Version1.0 (HKLM-x32\...\{008D69EB-70FF-46AB-9C75-924620DF191A}) (Version:  - )
TOSHIBA Speech System TTS Engine(U.S.) Version1.0 (HKLM-x32\...\{3FBF6F99-8EC6-41B4-8527-0A32241B5496}) (Version:  - )
TOSHIBA Supervisor Password (HKLM-x32\...\{A208044D-A88B-4ACF-AE95-E4F213E6EDC0}) (Version: 2.00.09 - TOSHIBA Corporation)
TOSHIBA Value Added Package (HKLM-x32\...\InstallShield_{066CFFF8-12BF-4390-A673-75F95EFF188E}) (Version: 1.2.25.64 - TOSHIBA Corporation)
TOSHIBA Web Camera Application (HKLM-x32\...\{5E6F6CF3-BACC-4144-868C-E14622C658F3}) (Version: 1.1.1.4 - TOSHIBA Corporation)
ToshibaRegistration (HKLM-x32\...\{5AF550B4-BB67-4E7E-82F1-2C4300279050}) (Version: 1.0.3 - Toshiba)
UpdateService (x32 Version: 1.0.0 - RealNetworks, Inc.) Hidden
Video Downloader (x32 Version: 1.0.0 - RealNetworks) Hidden
Vuze (HKLM-x32\...\8461-7759-5462-8226) (Version: 5.6.0.0 - Azureus Software, Inc.)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite_Wave3) (Version: 14.0.8089.0726 - Microsoft Corporation)
Windows Live Sign-in Assistant (HKLM-x32\...\{45338B07-A236-4270-9A77-EBB4115517B5}) (Version: 5.000.818.5 - Microsoft Corporation)
Windows Live Sync (HKLM-x32\...\{84EBDF39-4B33-49D7-A0BD-EB6E2C4E81C1}) (Version: 14.0.8089.726 - Microsoft Corporation)
Windows Live Upload Tool (HKLM-x32\...\{205C6BDD-7B73-42DE-8505-9A093F35A238}) (Version: 14.0.8014.1029 - Microsoft Corporation)
Windows Resource Kit Tools - SubInAcl.exe (HKLM-x32\...\{D3EE034D-5B92-4A55-AA02-2E6D0A6A96EE}) (Version: 5.2.3790.1164 - Microsoft Corporation)
Yahoo! Messenger (HKLM-x32\...\Yahoo! Messenger) (Version:  - Yahoo! Inc.)
Yahoo! Software Update (HKLM-x32\...\Yahoo! Software Update) (Version:  - )
Yahoo! Toolbar (HKLM-x32\...\Yahoo! Companion) (Version:  - Yahoo! Inc.)

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)

==================== Restore Points  =========================

16-05-2015 23:41:11 Removed WeatherApp
17-05-2015 00:23:37 Removed DriverUpdate

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

Task: {02D4C0CE-837B-4E1D-A018-EF8A3775330A} - System32\Tasks\QHWXXQN1 => C:\ProgramData\FlashBeat\FlashBeat.exe [2015-05-17] (FlashBeat) <==== ATTENTION
Task: {03542FE5-1886-456D-B4D4-9C428E59BC09} - System32\Tasks\SMWUpd => C:\Program Files\Common Files\Goobzo\GBUpdate\updater.exe <==== ATTENTION
Task: {109B5F5F-C2D6-44E3-A664-FBC42E4DD266} - System32\Tasks\ProPCCleaner_Popup => C:\Program Files (x86)\Pro PC Cleaner\Splash.exe <==== ATTENTION
Task: {16456991-A3E7-49D8-9692-FBC4811C8B47} - System32\Tasks\NCCQRI => C:\ProgramData\04741f5cd84a49bcb1c2ee8c75c31c52\04741f5cd84a49bcb1c2ee8c75c31c52.exe
Task: {195CCB70-922E-4F7F-AC4C-76BA9B05F0D2} - System32\Tasks\UpdaterEX => C:\Users\Ginny\AppData\Roaming\UPDATE~1\UPDATE~1\UPDATE~1.EXE <==== ATTENTION
Task: {1B339F36-72C1-497B-B010-6A3EF9CA011B} - System32\Tasks\RealDownloaderRealUpgradeLogonTaskS-1-5-21-494707120-3277395189-1778691621-1000 => C:\Program Files (x86)\RealNetworks\RealDownloader\RealUpgrade.exe [2014-10-27] (RealNetworks, Inc.)
Task: {1C350AAD-0ADC-46A4-9C85-AF2660795899} - System32\Tasks\RealDownloaderDownloaderScheduledTaskS-1-5-21-494707120-3277395189-1778691621-1000 => C:\Program Files (x86)\RealNetworks\RealDownloader\recordingmanager.exe [2014-10-27] (RealNetworks, Inc.)
Task: {2249F105-06E3-40D8-9959-14EF2C40A4F7} - System32\Tasks\NetEngine => C:\ProgramData\NetEngine\bin\D10\netengine.exe <==== ATTENTION
Task: {22C94227-15C0-4AA9-82D0-1E1DC544E846} - System32\Tasks\ae7e27e2-d0d7-4feb-8fb0-24133894cfee-4 => C:\Program Files (x86)\Ge-Force\ae7e27e2-d0d7-4feb-8fb0-24133894cfee-4.exe <==== ATTENTION
Task: {2C6AD8BA-64F7-4DDC-9D6C-BF1CFE4BE645} - System32\Tasks\SpeeditUp Update => C:\Program Files (x86)\version20SpeeditUp\U0SpeeditUpQ09.exe <==== ATTENTION
Task: {36231FB6-8558-49A6-8ED3-62278FB190D6} - System32\Tasks\ae7e27e2-d0d7-4feb-8fb0-24133894cfee-5 => C:\Program Files (x86)\Ge-Force\ae7e27e2-d0d7-4feb-8fb0-24133894cfee-5.exe <==== ATTENTION
Task: {3799221F-B67E-4427-8922-F5FBFCB45DD6} - System32\Tasks\ae7e27e2-d0d7-4feb-8fb0-24133894cfee-10_user => C:\Program Files (x86)\Ge-Force\ae7e27e2-d0d7-4feb-8fb0-24133894cfee-10.exe <==== ATTENTION
Task: {3BC95ED9-7E9A-4BC3-9F60-AB2483DAEC41} - System32\Tasks\globalUpdateUpdateTaskMachineUA => C:\Program Files (x86)\globalUpdate\Update\globalupdate.exe <==== ATTENTION
Task: {3D45FC54-AE18-4A00-BE68-D2A7A371DB8E} - System32\Tasks\Smp => C:\Program Files\Common Files\Goobzo\GBUpdate\smp.exe <==== ATTENTION
Task: {498FA630-24A7-4268-B863-F22683B7D09F} - System32\Tasks\Malware Cleaner => C:\Users\Ginny\AppData\Roaming\741.tmp.exe <==== ATTENTION
Task: {51228C28-D2B7-4835-AF97-EEA1A3154F5A} - System32\Tasks\yH9F810Vs7KCokgfyEYHj => C:\Users\Ginny\AppData\Roaming\yH9F810Vs7KCokgfyEYHj.exe <==== ATTENTION
Task: {55A3E103-ADB3-4287-A28A-02741832DBFB} - System32\Tasks\ConfigFree Startup Programs => C:\Program Files (x86)\TOSHIBA\ConfigFree\NDSTray.exe [2009-07-13] (TOSHIBA CORPORATION)
Task: {59B447B9-FD54-4877-8CEA-A58DC8C843EB} - System32\Tasks\ae7e27e2-d0d7-4feb-8fb0-24133894cfee-1-6 => C:\Program Files (x86)\Ge-Force\ae7e27e2-d0d7-4feb-8fb0-24133894cfee-1-6.exe <==== ATTENTION
Task: {5ABE5532-DAE7-487A-874B-8CDE7C0933F1} - System32\Tasks\Microsoft\Windows\Maintenance\Updater for IC => %LOCALAPPDATA%\B304F891-C1A0-A742-8BFE-6D159B2B06C2\Runner.exe <==== ATTENTION
Task: {5D7E9B90-0FE5-43CE-9AB5-1E01ABF275C5} - System32\Tasks\RealDownloaderRealUpgradeScheduledTaskS-1-5-21-494707120-3277395189-1778691621-1000 => C:\Program Files (x86)\RealNetworks\RealDownloader\RealUpgrade.exe [2014-10-27] (RealNetworks, Inc.)
Task: {62F01EF2-7EDD-4226-874F-C84FBF2AAC28} - System32\Tasks\Runner for IC => %LOCALAPPDATA%\B304F891-C1A0-A742-8BFE-6D159B2B06C2\Runner.exe <==== ATTENTION
Task: {67A4D01D-B0F3-4CDF-A011-C717EFBC1F8F} - System32\Tasks\LaunchPreSignup => C:\Program Files (x86)\OLBPre\OLBPre.exe <==== ATTENTION
Task: {697E9EE8-7EFF-4D79-9AD4-0BE877C81446} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-02-28] (Google Inc.)
Task: {6F59C9D7-C2A1-45C6-A1F0-7782C6C295BF} - System32\Tasks\Adobe Flash Player Updater => C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-04-14] (Adobe Systems Incorporated)
Task: {820F23C0-D7A2-4ED1-8DA7-817E198BEB34} - System32\Tasks\SMupdate1 => Rundll32.exe C:\PROGRA~1\COMMON~1\System\SysMenu.dll ,Command701 update1 <==== ATTENTION
Task: {88C47C51-389C-448A-AD15-42423930A3EF} - System32\Tasks\SpyHunter4Startup => C:\Program Files\Enigma Software Group\SpyHunter\Spyhunter4.exe
Task: {8D8E986A-218E-46A8-937A-9F8848FA8DC5} - System32\Tasks\ae7e27e2-d0d7-4feb-8fb0-24133894cfee-5_user => C:\Program Files (x86)\Ge-Force\ae7e27e2-d0d7-4feb-8fb0-24133894cfee-5.exe <==== ATTENTION
Task: {93A8C657-ED40-45B7-8F9C-EFC51D9A5497} - System32\Tasks\CIMT_S-1-5-21-494707120-3277395189-1778691621-1000 => C:\Program Files (x86)\Consumer Input\Monitoring\dca-monitoring.exe [2015-04-16] () <==== ATTENTION
Task: {955BEC6B-AE21-4251-A6BC-AFC17829DB36} - System32\Tasks\YTDownloader => C:\Program Files (x86)\YTDownloader\YTDownloader.exe <==== ATTENTION
Task: {97CD0FE2-783C-4791-B73F-C1EE8944CAFC} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2015-02-19] (Piriform Ltd)
Task: {986ADCBB-8C89-49AA-8797-FCC836340C30} - System32\Tasks\Microsoft\Windows\Multimedia\SMupdate3 => Rundll32.exe C:\PROGRA~1\COMMON~1\System\SysMenu.dll ,Command701 update3 <==== ATTENTION
Task: {A00A5662-F7B0-437D-AF1F-4B30BCA10316} - System32\Tasks\Great Performance Ultimate => C:\Program Files (x86)\PrivateVPN\gpup.exe [2015-03-01] () <==== ATTENTION
Task: {A2B7398C-B471-4248-8001-F2E77FA895AC} - System32\Tasks\Maintenance Updater Schedualer => C:\Program Files (x86)\Maintenance Updater\MaintenanceUpdater.exe [2015-04-08] (Secure Updater)
Task: {A5B48414-83AC-48D4-913B-5708384694BC} - System32\Tasks\LMVHRTEJX1 => C:\ProgramData\FlashBeat\FlashBeat.exe [2015-05-17] (FlashBeat) <==== ATTENTION
Task: {A906144C-D6E0-4888-83B4-08155FCC9CDB} - System32\Tasks\ProPCCleaner_Start => C:\Program Files (x86)\Pro PC Cleaner\ProPCCleaner.exe <==== ATTENTION
Task: {AC033DAF-97AD-41F2-80A9-68C78E1AC660} - System32\Tasks\SmartWeb Upgrade Trigger Task => C:\Users\Ginny\AppData\Local\SmartWeb\SmartWebHelper.exe <==== ATTENTION
Task: {B3F7B1A9-A6D7-41FC-929E-5BAE53F3B88E} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-02-28] (Google Inc.)
Task: {B7A62AD5-6766-47B7-A809-C7C47E83149D} - System32\Tasks\gtaUpt => C:\Program Files\shopperz\zaeed.bat [2015-05-14] ()
Task: {B830BDA0-4E23-4346-A161-CFBBB0C6BC06} - System32\Tasks\ShopperPro => C:\Program Files (x86)\ShopperPro\ShopperPro.exe <==== ATTENTION
Task: {BA82F93B-6A30-4CEA-8C57-CC34C362B83C} - System32\Tasks\RealDownloader Update Check => C:\Program Files (x86)\RealNetworks\RealDownloader\downloader2.exe [2014-10-29] ()
Task: {BC18FD67-4BD1-4EAA-BCA8-4BA1EC44AB45} - System32\Tasks\SMW_UpdateTask_Time_323339383739353133312d3437415a556c2a3223346c41 => Wscript.exe //B "C:\ProgramData\SearchModule\smhe.js" smu.exe /invoke /f:check_services /l:0 <==== ATTENTION
Task: {C0EA1DE5-ADFC-4892-9814-31CDF7F67F46} - System32\Tasks\ConsumerInputUpdateTaskMachineUA => C:\Program Files (x86)\Consumer Input\Update\ConsumerInputUpdate.exe [2015-05-18] (ConsumerInput) <==== ATTENTION
Task: {C218E8E8-F04A-46A1-9A44-AC8F6A8C64A7} - System32\Tasks\RMYGRR => C:\ProgramData\41d2ca6adb7c4b5585247b56fff3ec4c\41d2ca6adb7c4b5585247b56fff3ec4c.exe
Task: {C23E329D-5AE3-4230-A228-0B9333A34259} - System32\Tasks\Inst_Rep => C:\Users\Ginny\AppData\Local\Installer\Install_29889\DCytdkietut_tutdk_setup.exe
Task: {C4AE3445-9FCF-4255-9883-924A66619242} - System32\Tasks\CIMT_daily_S-1-5-21-494707120-3277395189-1778691621-1000 => C:\Program Files (x86)\Consumer Input\Monitoring\dca-monitoring.exe [2015-04-16] () <==== ATTENTION
Task: {CA9F10B5-A600-4F0E-8037-CB214449DB64} - System32\Tasks\Optimizer Pro Schedule => C:\Program Files (x86)\Optimizer Pro 3.91\OptProLauncher.exe <==== ATTENTION
Task: {CB492552-3FAA-4834-B7CB-2C34CDF5B4F4} - System32\Tasks\ae7e27e2-d0d7-4feb-8fb0-24133894cfee-1-7 => C:\Program Files (x86)\Ge-Force\ae7e27e2-d0d7-4feb-8fb0-24133894cfee-1-7.exe <==== ATTENTION
Task: {D95E40EC-5C53-4A0C-9F10-C51983CB3C8B} - System32\Tasks\Microsoft\Windows\Maintenance\SMupdate2 => Rundll32.exe C:\PROGRA~1\COMMON~1\System\SysMenu.dll ,Command701 update2 <==== ATTENTION
Task: {E081A3A1-FCCF-4622-B846-4C4EE3A960FF} - System32\Tasks\ConsumerInputUpdateTaskMachineCore => C:\Program Files (x86)\Consumer Input\Update\ConsumerInputUpdate.exe [2015-05-18] (ConsumerInput) <==== ATTENTION
Task: {E350986F-41C5-428D-9986-0664375CA37C} - System32\Tasks\YTDownloaderUpd => C:\Program Files (x86)\YTDownloader\updater.exe <==== ATTENTION
Task: {E7D54B58-399A-4B7A-BD5E-E20F4F143218} - System32\Tasks\SPDriver => C:\Program Files (x86)\ShopperPro\JSDriver\1.42.1.1841\jsdrv.exe <==== ATTENTION
Task: {EBC2AC81-A963-498F-97EC-CF55674BD3D0} - System32\Tasks\HdSbqI7 => C:\Users\Ginny\AppData\Roaming\HdSbqI7.exe <==== ATTENTION
Task: {F392C7B5-7850-462F-97D2-8D291A985B6C} - System32\Tasks\ShopperProJSUpd => C:\Program Files (x86)\ShopperPro\updater.exe <==== ATTENTION
Task: {F5B62090-6FE4-4B5F-B533-14C481BEE8A6} - System32\Tasks\Crossbrowse => C:\Program Files (x86)\Crossbrowse\Crossbrowse\Application\utility.exe <==== ATTENTION
Task: {F67AA430-B079-4BD5-B250-26E847D4CCF5} - System32\Tasks\globalUpdateUpdateTaskMachineCore => C:\Program Files (x86)\globalUpdate\Update\globalupdate.exe <==== ATTENTION
Task: C:\windows\Tasks\Adobe Flash Player Updater.job => C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\windows\Tasks\CIMT_daily_S-1-5-21-494707120-3277395189-1778691621-1000.job => C:\Program Files (x86)\Consumer Input\Monitoring\dca-monitoring.exe <==== ATTENTION
Task: C:\windows\Tasks\CIMT_S-1-5-21-494707120-3277395189-1778691621-1000.job => C:\Program Files (x86)\Consumer Input\Monitoring\dca-monitoring.exe <==== ATTENTION
Task: C:\windows\Tasks\ConsumerInputUpdateTaskMachineCore.job => C:\Program Files (x86)\Consumer Input\Update\ConsumerInputUpdate.exe <==== ATTENTION
Task: C:\windows\Tasks\ConsumerInputUpdateTaskMachineUA.job => C:\Program Files (x86)\Consumer Input\Update\ConsumerInputUpdate.exe <==== ATTENTION
Task: C:\windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\windows\Tasks\HdSbqI7.job => C:\Users\Ginny\AppData\Roaming\HdSbqI7.exe <==== ATTENTION
Task: C:\windows\Tasks\LMVHRTEJX1.job => C:\ProgramData\FlashBeat\FlashBeat.exe <==== ATTENTION
Task: C:\windows\Tasks\QHWXXQN1.job => C:\ProgramData\FlashBeat\FlashBeat.exe <==== ATTENTION
Task: C:\windows\Tasks\yH9F810Vs7KCokgfyEYHj.job => C:\Users\Ginny\AppData\Roaming\yH9F810Vs7KCokgfyEYHj.exe <==== ATTENTION

==================== Loaded Modules (Whitelisted) ==============

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)

==================== Safe Mode (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mbamchameleon => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mbamchameleon => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Option => "OptionValue"="2"

==================== EXE Association (Whitelisted) ===============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)

==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, the associated entry will be removed from the registry.)

==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-494707120-3277395189-1778691621-1000\Control Panel\Desktop\\Wallpaper ->
DNS Servers: 192.168.1.1 - 209.18.47.61

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)

FirewallRules: [{BE5693A9-0B75-4D76-99F7-A9DCC9D696FA}] => (Allow) C:\Program Files (x86)\Windows Live\Messenger\wlcsdk.exe
FirewallRules: [{B6F2F9F2-4D4C-44EE-8514-30E380CEF075}] => (Allow) C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe
FirewallRules: [{259B014B-8CA9-405F-9340-537B1220F1D7}] => (Allow) svchost.exe
FirewallRules: [{190BD108-7ED2-4361-9E24-8B082B179026}] => (Allow) C:\Program Files (x86)\Windows Live\Sync\WindowsLiveSync.exe
FirewallRules: [{20EAADF0-9A19-4E82-8B73-3E25BE42E03E}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exe
FirewallRules: [{F9BB8A77-D25F-41AD-9334-C2CD45E3C92B}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{67B933E7-4561-4DF8-B061-D81B5F3B76E4}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [TCP Query User{5184FB8A-D8AE-432A-931B-66387F2CAE17}C:\program files (x86)\mozilla firefox\firefox.exe] => (Allow) C:\program files (x86)\mozilla firefox\firefox.exe
FirewallRules: [UDP Query User{73F80684-B4A2-4830-BC92-AF1FA6482484}C:\program files (x86)\mozilla firefox\firefox.exe] => (Allow) C:\program files (x86)\mozilla firefox\firefox.exe
FirewallRules: [{9A78C205-5A1D-4BDD-A150-991114DBE773}] => (Allow) C:\Program Files (x86)\Yahoo!\Messenger\YahooMessenger.exe
FirewallRules: [{53C8CE7D-8CA6-4272-B9A6-7E0A6C116DB2}] => (Allow) C:\Program Files (x86)\Yahoo!\Messenger\YahooMessenger.exe
FirewallRules: [{22A2096F-ED75-4FB3-97C5-F03E1759728B}] => (Allow) C:\Program Files (x86)\Real\RealPlayer\RPDS\Bin\rpdsvc.exe
FirewallRules: [{3EEEFFC0-5416-4BE2-A0E4-6285CF7252DF}] => (Allow) C:\Program Files (x86)\Vuze\Azureus.exe
FirewallRules: [{DA2A29F9-4E2D-45EF-952A-FDF69A14B126}] => (Allow) C:\Program Files (x86)\Vuze\Azureus.exe
FirewallRules: [{184074F9-7F11-4E8A-8BEE-0D759EE6C7D6}] => (Allow) C:\Program Files (x86)\Crossbrowse\Crossbrowse\Application\crossbrowse.exe

==================== Faulty Device Manager Devices =============

Name: Security Processor Loader Driver
Description: Security Processor Loader Driver
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer:
Service: spldr
Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
Devices stay in this state if they have been prepared for removal.
After you remove the device, this error disappears.Remove the device, and this error should be resolved.

Name: {b5648ada-2fb6-4c3d-9086-16c88ae7a921}Gw64
Description: {b5648ada-2fb6-4c3d-9086-16c88ae7a921}Gw64
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer:
Service: {b5648ada-2fb6-4c3d-9086-16c88ae7a921}Gw64
Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
Devices stay in this state if they have been prepared for removal.
After you remove the device, this error disappears.Remove the device, and this error should be resolved.

Name: Teredo Tunneling Pseudo-Interface
Description: Microsoft Teredo Tunneling Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: tunnel
Problem: : This device cannot start. (Code10)
Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.

==================== Event log errors: =========================

Application errors:
==================
Error: (05/19/2015 07:09:10 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: Activation context generation failed for "C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1".Error in manifest or policy file "C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" on line C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Component 2: C:\windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.

Error: (05/19/2015 07:09:09 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: Activation context generation failed for "rpshellextension.1.0,language="&#x2a;",type="win32",version="1.0.0.0"1".
Dependent Assembly rpshellextension.1.0,language="&#x2a;",type="win32",version="1.0.0.0" could not be found.
Please use sxstrace.exe for detailed diagnosis.

Error: (05/19/2015 07:09:09 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: Activation context generation failed for "rpshellextension.1.0,language="&#x2a;",type="win32",version="1.0.0.0"1".
Dependent Assembly rpshellextension.1.0,language="&#x2a;",type="win32",version="1.0.0.0" could not be found.
Please use sxstrace.exe for detailed diagnosis.

Error: (05/19/2015 06:51:32 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: IEXPLORE.EXE, version: 11.0.9600.16428, time stamp: 0x525b66f7
Faulting module name: msvcrt.dll, version: 7.0.7601.17744, time stamp: 0x4eeb033f
Exception code: 0xc0000005
Fault offset: 0x000000000001580c
Faulting process id: 0xd88
Faulting application start time: 0xIEXPLORE.EXE0
Faulting application path: IEXPLORE.EXE1
Faulting module path: IEXPLORE.EXE2
Report Id: IEXPLORE.EXE3

Error: (05/19/2015 06:43:16 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: Activation context generation failed for "rpshellextension.1.0,language="&#x2a;",type="win32",version="1.0.0.0"1".
Dependent Assembly rpshellextension.1.0,language="&#x2a;",type="win32",version="1.0.0.0" could not be found.
Please use sxstrace.exe for detailed diagnosis.

Error: (05/19/2015 06:42:37 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: Activation context generation failed for "rpshellextension.1.0,language="&#x2a;",type="win32",version="1.0.0.0"1".
Dependent Assembly rpshellextension.1.0,language="&#x2a;",type="win32",version="1.0.0.0" could not be found.
Please use sxstrace.exe for detailed diagnosis.

Error: (05/19/2015 06:42:37 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: Activation context generation failed for "rpshellextension.1.0,language="&#x2a;",type="win32",version="1.0.0.0"1".
Dependent Assembly rpshellextension.1.0,language="&#x2a;",type="win32",version="1.0.0.0" could not be found.
Please use sxstrace.exe for detailed diagnosis.

Error: (05/19/2015 06:42:30 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: Activation context generation failed for "C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1".Error in manifest or policy file "C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" on line C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Component 2: C:\windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.

Error: (05/19/2015 08:22:20 AM) (Source: SideBySide) (EventID: 33) (User: )
Description: Activation context generation failed for "rpshellextension.1.0,language="&#x2a;",type="win32",version="1.0.0.0"1".
Dependent Assembly rpshellextension.1.0,language="&#x2a;",type="win32",version="1.0.0.0" could not be found.
Please use sxstrace.exe for detailed diagnosis.

Error: (05/19/2015 08:22:17 AM) (Source: SideBySide) (EventID: 33) (User: )
Description: Activation context generation failed for "rpshellextension.1.0,language="&#x2a;",type="win32",version="1.0.0.0"1".
Dependent Assembly rpshellextension.1.0,language="&#x2a;",type="win32",version="1.0.0.0" could not be found.
Please use sxstrace.exe for detailed diagnosis.

System errors:
=============
Error: (05/19/2015 07:09:15 PM) (Source: DCOM) (EventID: 10005) (User: )
Description: 1084WSearch{9E175B6D-F52A-11D8-B9A5-505054503030}

Error: (05/19/2015 07:09:12 PM) (Source: Microsoft-Windows-DNS-Client) (EventID: 1012) (User: NT AUTHORITY)
Description: There was an error while attempting to read the local hosts file.

Error: (05/19/2015 07:09:13 PM) (Source: DCOM) (EventID: 10005) (User: )
Description: 1084WSearch{7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}

Error: (05/19/2015 07:09:11 PM) (Source: Microsoft-Windows-DNS-Client) (EventID: 1012) (User: NT AUTHORITY)
Description: There was an error while attempting to read the local hosts file.

Error: (05/19/2015 07:09:09 PM) (Source: DCOM) (EventID: 10005) (User: )
Description: 1084EventSystem{1BE1F766-5536-11D1-B726-00C04FB926AF}

Error: (05/19/2015 07:09:03 PM) (Source: DCOM) (EventID: 10005) (User: )
Description: 1084ShellHWDetection{DD522ACC-F821-461A-A407-50B198B896DC}

Error: (05/19/2015 07:09:00 PM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: The following boot-start or system-start driver(s) failed to load:
discache
spldr
Wanarpv6
{b5648ada-2fb6-4c3d-9086-16c88ae7a921}Gw64

Error: (05/19/2015 07:08:05 PM) (Source: Microsoft-Windows-DNS-Client) (EventID: 1012) (User: NT AUTHORITY)
Description: There was an error while attempting to read the local hosts file.

Error: (05/19/2015 06:43:09 PM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: The following boot-start or system-start driver(s) failed to load:
{b5648ada-2fb6-4c3d-9086-16c88ae7a921}Gw64

Error: (05/19/2015 06:43:04 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The webTinstMKTN84 service failed to start due to the following error:
%%2

Microsoft Office Sessions:
=========================

CodeIntegrity Errors:
===================================
  Date: 2015-05-17 02:40:11.170
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\BubbleSound\BubbleSound.dll because the set of per-page image hashes could not be found on the system.

  Date: 2015-05-17 02:40:06.358
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\BubbleSound\BubbleSound.dll because the set of per-page image hashes could not be found on the system.

  Date: 2015-05-17 02:40:06.160
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\BubbleSound\BubbleSound.dll because the set of per-page image hashes could not be found on the system.

  Date: 2015-05-17 02:39:25.189
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\BubbleSound\BubbleSound.dll because the set of per-page image hashes could not be found on the system.

  Date: 2015-05-17 02:38:58.782
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\BubbleSound\BubbleSound.dll because the set of per-page image hashes could not be found on the system.

  Date: 2015-05-17 02:37:22.300
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\BubbleSound\BubbleSound.dll because the set of per-page image hashes could not be found on the system.

  Date: 2015-05-17 02:36:57.086
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\BubbleSound\BubbleSound.dll because the set of per-page image hashes could not be found on the system.

  Date: 2015-05-17 02:36:41.992
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\BubbleSound\BubbleSound.dll because the set of per-page image hashes could not be found on the system.

  Date: 2015-05-17 02:28:30.695
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\BubbleSound\BubbleSound.dll because the set of per-page image hashes could not be found on the system.

  Date: 2015-05-17 02:28:30.410
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\BubbleSound\BubbleSound.dll because the set of per-page image hashes could not be found on the system.

==================== Memory info ===========================

Processor: Pentium® Dual-Core CPU T4400 @ 2.20GHz
Percentage of memory in use: 28%
Total physical RAM: 2939.99 MB
Available physical RAM: 2094.01 MB
Total Pagefile: 5878.16 MB
Available Pagefile: 5071.38 MB
Total Virtual: 8192 MB
Available Virtual: 8191.84 MB

==================== Drives ================================

Drive c: (TI105487W0B) (Fixed) (Total:287.55 GB) (Free:132.31 GB) NTFS ==>[System with boot components (obtained from reading drive)]

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or Vista) (Size: 298.1 GB) (Disk ID: 29ADC161)
Partition 1: (Active) - (Size=1.5 GB) - (Type=27)
Partition 2: (Not Active) - (Size=287.6 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=9.1 GB) - (Type=17)

==================== End Of Log ====================

 

 

Thank you for any help

Attached Files



BC AdBot (Login to Remove)

 


#2 Jo*

Jo*

  • Malware Response Team
  • 3,429 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:09:22 PM

Posted 20 May 2015 - 12:33 AM

:welcome:

Hello Ddraiglais,

my name is Jo and I will help you with your computer problems.


Please follow these guidelines:
  • Logs can take a while to research, so please be patient.
  • Read and follow the instructions in the sequence they are posted.
  • print or copy & save instructions.
  • back up all your private data / important files on another (external) drive before using our tools.
  • Do not install / uninstall any applications, unless otherwise instructed.
  • Use only that tools you have been instructed to use.
  • Copy and Paste the log files inside your post, unless otherwise instructed.
  • Ask for clarification, if you have any questions.
  • Stay with this topic til you get the all clean post.
  • My first language is not english. So please do not use slang or idioms. It could be hard for me to read. Thanks for your understanding.

***


Download Security Check by screen317 from here or here.
  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
    Vista / Windows 7/8 users right-click and select Run As Administrator.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.

***


Please download Malwarebytes Anti-Rootkit and save it to your desktop.
  • Be sure to print out and follow the instructions provided on that same page.
  • Caution: This is a beta version so please be sure to read the disclaimer and back up all your data before using.
  • Scan your system for malware
With some infections, you may see two messages boxes.
  • 'Could not load protection driver'. Click 'OK'.
  • 'Could not load DDA driver'. Click 'Yes' to this message, to allow the driver to load after a restart. Allow the computer to restart. Continue with the rest of these instructions.
  • If malware is found - do not press the Clean up button, please go to the MBAR folder and then copy/paste the contents of the MBAR-log-***.txt file to your next reply.
  • If there is no malware found, please let me know as well.

***


Please download AdwCleaner by Xplode and save to your Desktop.
Double-click AdwCleaner.exe
Vista / Windows 7/8 users right-click and select Run As Administrator.
  • Click on the Scan button.
  • AdwCleaner will begin...be patient as the scan may take some time to complete.
    When the scan has finished, the actual line should say "Pending. Please uncheck elements you do not want to remove" => scan is complete.
  • After the scan has finished, click on the Report button...a logfile (AdwCleaner[R0].txt) will open in Notepad for review.
  • The contents of the log file may be confusing. Unless you see a program name that you know should not be removed, don't worry about it.
    If you see an entry you want to keep, let me know about it.
  • Copy and paste the contents of that logfile in your next reply.
  • A copy of all logfiles are saved in the C:\AdwCleaner folder which was created when running the tool.

***


Graduate of the WTT Classroom
Cheers,
Jo
If I have been helping you, and I have not replied to your latest post in 36 hours please send me a PM.


#3 Ddraiglais

Ddraiglais
  • Topic Starter

  • Members
  • 44 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:02:22 PM

Posted 20 May 2015 - 03:34 PM

Thank you for the quick reply. Here is the SC results:

 

 Results of screen317's Security Check version 1.002 
 Windows 7 Service Pack 1 x64 (UAC is enabled) 
 Internet Explorer 11 
``````````````Antivirus/Firewall Check:``````````````
 Windows Security Center service is not running! This report may not be accurate!
 Windows Firewall Enabled! 
 WMI entry may not exist for antivirus; attempting automatic update.
`````````Anti-malware/Other Utilities Check:`````````
 Java™ 6 Update 14 
 Java version 32-bit out of Date!
 Adobe Reader 9 Adobe Reader out of Date!
 Mozilla Firefox 36.0.1 Firefox out of Date! 
````````Process Check: objlist.exe by Laurent```````` 
`````````````````System Health check`````````````````
 Total Fragmentation on Drive C: 
````````````````````End of Log``````````````````````

 

 

MWB-AR found two items, but I don't know where to find the report.


Edited by Ddraiglais, 20 May 2015 - 03:35 PM.


#4 Ddraiglais

Ddraiglais
  • Topic Starter

  • Members
  • 44 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:02:22 PM

Posted 20 May 2015 - 03:39 PM

Oh, and the ADWcleaner report:

 

# AdwCleaner v4.204 - Logfile created 20/05/2015 at 16:36:42
# Updated 12/05/2015 by Xplode
# Database : 2015-05-20.1 [Server]
# Operating system : Windows 7 Home Premium Service Pack 1 (x64)
# Username : Ginny - GINNY-PC
# Running from : C:\Users\Ginny\Desktop\AdwCleaner.exe
# Option : Scan

***** [ Services ] *****

Service Found : consumerinput_update
Service Found : consumerinput_updatem
Service Found : Partner Service
Service Found : PrivoxyService
Service Found : shopperz Updater
Service Found : SPBIUpdd
Service Found : YahooAUService
Service Found : Update PathMaxx
Service Found : Util PathMaxx
Service Found : {b5648ada-2fb6-4c3d-9086-16c88ae7a921}Gw64
Service Found : {b5648ada-2fb6-4c3d-9086-16c88ae7a921}w64
Service Found : {ced3c91e-07ec-4297-b3a1-a79d883a1d62}w64
Service Found : 70F4EEDB-1367-4b4f-8247-3133551A7415
Service Found : cdc5517a
Service Found : SPDRIVER_1.42.1.1841
Service Found : webTinstMKTN84

***** [ Files / Folders ] *****

File Found : C:\Program Files (x86)\Mozilla Firefox\browser\searchplugins\GoSearch.xml
File Found : C:\Users\Ginny\AppData\Local\Temp\Uninstall.exe
File Found : C:\Users\Ginny\AppData\Roaming\Mozilla\Firefox\Profiles\ay8mqpk8.default-1425701412547\Extensions\{b5648ada-2fb6-4c3d-9086-16c88ae7a921}.xpi
File Found : C:\Users\Ginny\AppData\Roaming\Mozilla\Firefox\Profiles\ay8mqpk8.default-1425701412547\Extensions\{b5648ada-2fb6-4c3d-9086-16c88ae7a921}.xpi
File Found : C:\Users\Ginny\AppData\Roaming\Mozilla\Firefox\Profiles\ay8mqpk8.default-1425701412547\user.js
File Found : C:\windows\patsearch.bin
File Found : C:\windows\System32\drivers\{b5648ada-2fb6-4c3d-9086-16c88ae7a921}w64.sys
File Found : C:\windows\System32\drivers\{ced3c91e-07ec-4297-b3a1-a79d883a1d62}w64.sys
Folder Found : C:\Program Files (x86)\Consumer Input
Folder Found : C:\Program Files (x86)\Crossbrowse
Folder Found : C:\Program Files (x86)\gmsd_us_589
Folder Found : C:\Program Files (x86)\PathMaxx
Folder Found : C:\Program Files (x86)\PrivateVPN
Folder Found : C:\Program Files\Common Files\Goobzo
Folder Found : C:\Program Files\Common Files\pastaleads
Folder Found : C:\Program Files\Common Files\ShopperPro
Folder Found : C:\Program Files\shopperz
Folder Found : C:\ProgramData\{af4db5f9-3d61-5aaf-af4d-db5f93d6d7e4}
Folder Found : C:\ProgramData\{b692dcdd-4424-2c32-b692-2dcdd4427375}
Folder Found : C:\ProgramData\{bf493fba-ac93-3cfc-bf49-93fbaac9feea}
Folder Found : C:\ProgramData\FlashBeat
Folder Found : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\GAMESDESKTOP
Folder Found : C:\ProgramData\NetEngine
Folder Found : C:\ProgramData\SearchModule
Folder Found : C:\ProgramData\Yahoo! Companion
Folder Found : C:\Users\Ginny\AppData\Local\Consumer Input
Folder Found : C:\Users\Ginny\AppData\Local\Crossbrowse
Folder Found : C:\Users\Ginny\AppData\Local\gmsd_us_589
Folder Found : C:\Users\Ginny\AppData\LocalLow\{D2020D47-707D-4E26-B4D9-739C4F4C2E9A}
Folder Found : C:\Users\Ginny\AppData\LocalLow\Yahoo! Companion
Folder Found : C:\Users\Ginny\AppData\Roaming\WTools
Folder Found : C:\windows\SysWOW64\config\systemprofile\AppData\Local\SafeGuard

***** [ Scheduled tasks ] *****

Task Found : ConsumerInputUpdateTaskMachineCore
Task Found : ConsumerInputUpdateTaskMachineUA
Task Found : Crossbrowse
Task Found : globalUpdateUpdateTaskMachineCore
Task Found : globalUpdateUpdateTaskMachineUA
Task Found : gtaUpt
Task Found : Inst_Rep
Task Found : Malware Cleaner
Task Found : Optimizer Pro Schedule
Task Found : ShopperPro
Task Found : ShopperProJSUpd
Task Found : SmartWeb Upgrade Trigger Task
Task Found : Smp
Task Found : SMupdate1
Task Found : SPDriver
Task Found : UpdaterEX
Task Found : YTDownloader
Task Found : YTDownloaderUpd
Task Found : NetEngine
Task Found : Runner for IC
Task Found : LaunchPreSignup
Task Found : Microsoft\Windows\Multimedia\SMupdate3
Task Found : Microsoft\Windows\Maintenance\SMupdate2
Task Found : ae7e27e2-d0d7-4feb-8fb0-24133894cfee-1-6
Task Found : ae7e27e2-d0d7-4feb-8fb0-24133894cfee-1-7
Task Found : ae7e27e2-d0d7-4feb-8fb0-24133894cfee-10_user
Task Found : ae7e27e2-d0d7-4feb-8fb0-24133894cfee-4
Task Found : ae7e27e2-d0d7-4feb-8fb0-24133894cfee-5
Task Found : ae7e27e2-d0d7-4feb-8fb0-24133894cfee-5_user

***** [ Shortcuts ] *****

Shortcut Infected : C:\Users\Public\Desktop\Mozilla Firefox.lnk
Shortcut Infected : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
Shortcut Infected : C:\Users\Ginny\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
Shortcut Infected : C:\Users\Ginny\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Internet Explorer (No Add-ons).lnk
Shortcut Infected : C:\Users\Ginny\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
Shortcut Infected : C:\Users\Ginny\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Internet Explorer.lnk
Shortcut Infected : C:\Users\Ginny\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\StartMenu\Internet Explorer.lnk

***** [ Registry ] *****

Data Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings [ProxyOverride] - *.local
Key Found : HKCU\Software\{4E7638A1-6962-4e44-A6B9-F40E84FD6D09}
Key Found : HKCU\Software\AppDataLow\{1146AC44-2F03-4431-B4FD-889BC837521F}
Key Found : HKCU\Software\AppDataLow\Software\Compete
Key Found : HKCU\Software\Compete
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{5081D2D4-1637-404C-B74F-50526718257D}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{83FF80F4-8C74-4B80-B5BA-C8DDD434E5C4}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{B49699FC-1665-4414-A1CB-C4A2A4A13EEC}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{5081D2D4-1637-404C-B74F-50526718257D}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{83FF80F4-8C74-4B80-B5BA-C8DDD434E5C4}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{B49699FC-1665-4414-A1CB-C4A2A4A13EEC}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Key Found : HKCU\Software\PathMaxx
Key Found : HKCU\Software\SearchModule
Key Found : HKCU\Software\subpar
Key Found : HKCU\Software\Tutorials
Key Found : HKCU\Software\TutoTag
Key Found : HKCU\Software\WTools
Key Found : [x64] HKCU\Software\{4E7638A1-6962-4e44-A6B9-F40E84FD6D09}
Key Found : [x64] HKCU\Software\Compete
Key Found : [x64] HKCU\Software\PathMaxx
Key Found : [x64] HKCU\Software\SearchModule
Key Found : [x64] HKCU\Software\subpar
Key Found : [x64] HKCU\Software\Tutorials
Key Found : [x64] HKCU\Software\TutoTag
Key Found : [x64] HKCU\Software\WTools
Key Found : HKLM\SOFTWARE\{1146AC44-2F03-4431-B4FD-889BC837521F}
Key Found : HKLM\SOFTWARE\{3A7D3E19-1B79-4E4E-BD96-5467DA2C4EF0}
Key Found : HKLM\SOFTWARE\{6791A2F3-FC80-475C-A002-C014AF797E9C}
Key Found : HKLM\SOFTWARE\Classes\*\shellex\ContextMenuHandlers\SysMenuExt
Key Found : HKLM\SOFTWARE\Classes\AppID\{28A88B70-D874-4F73-BBBA-9B2B222FB7D6}
Key Found : HKLM\SOFTWARE\Classes\AppID\{3278F5CF-48F3-4253-A6BB-004CE84AF492}
Key Found : HKLM\SOFTWARE\Classes\AppID\{425F4ABF-B8E4-402D-9E49-06E494EB8DBF}
Key Found : HKLM\SOFTWARE\Classes\AppID\{4D6A5312-AB4D-41AA-8BED-0E019B87CA11}
Key Found : HKLM\SOFTWARE\Classes\AppID\{577975B8-C40E-43E6-B0DE-4C6B44088B52}
Key Found : HKLM\SOFTWARE\Classes\AppID\{A57F7191-1E7F-4852-BAAF-F80A43E2687A}
Key Found : HKLM\SOFTWARE\Classes\AppID\{D813D5BB-EBC7-45F9-B8A4-36A305168069}
Key Found : HKLM\SOFTWARE\Classes\AppID\{DD7C44CC-0F60-4FD9-A38F-5CF30D698AC2}
Key Found : HKLM\SOFTWARE\Classes\AppID\CptUrlPassthru.DLL
Key Found : HKLM\SOFTWARE\Classes\AppID\dca-bho.DLL
Key Found : HKLM\SOFTWARE\Classes\AppID\ShopperPro.DLL
Key Found : HKLM\SOFTWARE\Classes\AppID\SysMenu.DLL
Key Found : HKLM\SOFTWARE\Classes\CLSID\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{051E9166-B275-4683-907B-372FAE22BC7C}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{058F0E48-61CA-4964-9FBA-1978A1BB060D}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{18F33C35-8EF2-40D7-8BA4-932B0121B472}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{1AA60054-57D9-4F99-9A55-D0FBFBE7ECD3}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{3278F5CF-48F3-4253-A6BB-004CE84AF492}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{3B5702BA-7F4C-4D1A-B026-1E9A01D43978}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{3CF50C82-4C4B-43E9-B1B2-15CB1BD0C193}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{4AA46D49-459F-4358-B4D1-169048547C23}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{5081D2D4-1637-404C-B74F-50526718257D}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{5645E0E7-FC12-43BF-A6E4-F9751942B298}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{577975B8-C40E-43E6-B0DE-4C6B44088B52}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{5A4E3A41-FA55-4BDA-AED7-CEBE6E7BCB52}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{5A4E3A41-FA55-4BDA-AED7-CEBE6E7BCB52}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{5E89ACE9-E16B-499A-87B4-0DBF742404C1}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{60260024-AA48-4A2F-84DA-2C2DCB24AAD0}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{69F256DF-BA98-45E9-86EA-FC3CFECF9D30}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{6E87FC94-9866-49B9-8E93-5736D6DE3DD7}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{7D8DAE88-BC05-4578-8C29-E541FFBA5757}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{7E49F793-B3CD-4BF7-8419-B34B8BD30E61}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{81017EA9-9AA8-4A6A-9734-7AF40E7D593F}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{834469E3-CA2B-4F21-A5CA-4F6F4DBCDE87}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{83FF80F4-8C74-4B80-B5BA-C8DDD434E5C4}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{8529FAA3-5BFD-43C1-AB35-B53C4B96C6E5}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{ADBC39BE-3D20-4333-8D99-E91EB1B62474}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{B49699FC-1665-4414-A1CB-C4A2A4A13EEC}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{C7BF8F4B-7BC7-4F42-B944-3D28A3A86D8A}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{cf6bd74e-5c54-4129-8b10-c931bc156fe8}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{CFC47BB5-5FB5-4AD0-8427-6AA04334A3FC}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{E06CA7F5-BA34-4FF6-8D24-B1BDC594D91F}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{E0ADB535-D7B5-4D8B-B15D-578BDD20D76A}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{E5A7A645-8318-4895-B85C-EDC606B80DB6}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{F6421EE5-A5BE-4D31-81D5-C16B7BF48E4C}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{FD8E81D0-F5FE-4CB1-9AEA-1E163D2BAB78}
Key Found : HKLM\SOFTWARE\Classes\CptUrlPassthru.hxxpMonitor
Key Found : HKLM\SOFTWARE\Classes\CptUrlPassthru.hxxpMonitor.1
Key Found : HKLM\SOFTWARE\Classes\dcabho.Dca
Key Found : HKLM\SOFTWARE\Classes\dcabho.Dca.1
Key Found : HKLM\SOFTWARE\Classes\Extension.jshep
Key Found : HKLM\SOFTWARE\Classes\Extension.jshep.1
Key Found : HKLM\SOFTWARE\Classes\globalUpdateUpdate.Update3COMClassService
Key Found : HKLM\SOFTWARE\Classes\globalUpdateUpdate.Update3COMClassService.1.0
Key Found : HKLM\SOFTWARE\Classes\Interface\{03C0AC00-86DE-4B55-81BA-2E7CD61C51B1}
Key Found : HKLM\SOFTWARE\Classes\Interface\{15527BF5-9729-49DC-889C-9F956983154C}
Key Found : HKLM\SOFTWARE\Classes\Interface\{4E6354DE-9115-4AEE-BD21-C46C3E8A49DB}
Key Found : HKLM\SOFTWARE\Classes\Interface\{DD05B915-F77B-474A-9D42-9FEEAF5475C4}
Key Found : HKLM\SOFTWARE\Classes\Interface\{E4C3E50F-5761-4BF8-95A0-939A819DF1C3}
Key Found : HKLM\SOFTWARE\Classes\Interface\{F6A014F2-42AC-46DE-B38C-2841A7E31CBE}
Key Found : HKLM\SOFTWARE\Classes\Interface\{FC073BDA-C115-4A1D-9DF9-9B5C461482E5}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{7BAB653D-88FB-4F60-AFC2-8E6FD59FAFF3}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{86676E13-D6D8-4652-9FCF-F2047F1FB000}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{8FB1A663-2820-468B-95C4-5060A4C5F413}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{9AE7A6AE-162E-44C4-9A2B-A6B4EF19909D}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{A2D733A7-73B0-4C6B-B0C7-06A432950B66}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{A2D733A7-73B0-4C6B-B0C7-06A432950B66}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{A57F7191-1E7F-4852-BAAF-F80A43E2687A}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{B5C4833B-847B-49CD-8EBE-CDD9B43C882F}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{fb6eb5e6-4d16-4461-9c01-d74247281d5a}
Key Found : HKLM\SOFTWARE\CompeteInc
Key Found : HKLM\SOFTWARE\FlashBeat
Key Found : HKLM\SOFTWARE\GAMESDESKTOP
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{5E89ACE9-E16B-499A-87B4-0DBF742404C1}
Key Found : HKLM\SOFTWARE\Microsoft\Mediaplayer\Shiminclusionlist\crossbrowse.exe
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5081D2D4-1637-404C-B74F-50526718257D}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{83FF80F4-8C74-4B80-B5BA-C8DDD434E5C4}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B49699FC-1665-4414-A1CB-C4A2A4A13EEC}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{cf6bd74e-5c54-4129-8b10-c931bc156fe8}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{5645E0E7-FC12-43BF-A6E4-F9751942B298}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{C7BF8F4B-7BC7-4F42-B944-3D28A3A86D8A}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Consumer Input Installer
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\FlashBeat
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\gmsd_us_589_is1
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Setup Support for Consumer Input
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\VOPackage
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Yahoo! Companion
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Yahoo! Toolbar
Key Found : HKLM\SOFTWARE\PathMaxx
Key Found : HKLM\SOFTWARE\SearchModule
Key Found : HKLM\SOFTWARE\shopperz
Key Found : HKLM\SOFTWARE\Tutorials
Key Found : HKLM\SYSTEM\CurrentControlSet\Services\EventLog\Application\Update PathMaxx
Key Found : HKLM\SYSTEM\CurrentControlSet\Services\EventLog\Application\Util PathMaxx
Key Found : [x64] HKLM\SOFTWARE\Classes\CLSID\{020B1D4B-5738-4C77-9E19-4F173DD9B486}
Key Found : [x64] HKLM\SOFTWARE\Classes\CLSID\{051E9166-B275-4683-907B-372FAE22BC7C}
Key Found : [x64] HKLM\SOFTWARE\Classes\CLSID\{4AA46D49-459F-4358-B4D1-169048547C23}
Key Found : [x64] HKLM\SOFTWARE\Classes\CLSID\{5081D2D4-1637-404C-B74F-50526718257D}
Key Found : [x64] HKLM\SOFTWARE\Classes\CLSID\{5A4E3A41-FA55-4BDA-AED7-CEBE6E7BCB52}
Key Found : [x64] HKLM\SOFTWARE\Classes\CLSID\{5A4E3A41-FA55-4BDA-AED7-CEBE6E7BCB52}
Key Found : [x64] HKLM\SOFTWARE\Classes\CLSID\{60260024-AA48-4A2F-84DA-2C2DCB24AAD0}
Key Found : [x64] HKLM\SOFTWARE\Classes\CLSID\{83FF80F4-8C74-4B80-B5BA-C8DDD434E5C4}
Key Found : [x64] HKLM\SOFTWARE\Classes\CLSID\{B49699FC-1665-4414-A1CB-C4A2A4A13EEC}
Key Found : [x64] HKLM\SOFTWARE\Classes\CLSID\{E5A7A645-8318-4895-B85C-EDC606B80DB6}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{03C0AC00-86DE-4B55-81BA-2E7CD61C51B1}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{15527BF5-9729-49DC-889C-9F956983154C}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{4E6354DE-9115-4AEE-BD21-C46C3E8A49DB}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{DD05B915-F77B-474A-9D42-9FEEAF5475C4}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{E4C3E50F-5761-4BF8-95A0-939A819DF1C3}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{F6A014F2-42AC-46DE-B38C-2841A7E31CBE}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{FC073BDA-C115-4A1D-9DF9-9B5C461482E5}
Key Found : [x64] HKLM\SOFTWARE\FlashBeat
Key Found : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5081D2D4-1637-404C-B74F-50526718257D}
Key Found : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{83FF80F4-8C74-4B80-B5BA-C8DDD434E5C4}
Key Found : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B49699FC-1665-4414-A1CB-C4A2A4A13EEC}
Key Found : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{5081D2D4-1637-404c-B74F-50526718257D}_is1
Key Found : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\PathMaxx
Key Found : [x64] HKLM\SOFTWARE\SearchModule
Key Found : [x64] HKLM\SOFTWARE\shopperz
Key Found : HKU\.DEFAULT\Software\{4E7638A1-6962-4e44-A6B9-F40E84FD6D09}
Key Found : HKU\.DEFAULT\Software\GeekBuddyRSP
Value Found : HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks [{D8278076-BC68-4484-9233-6E7F1628B56C}]
Value Found : HKCU\Software\Mozilla\Firefox\Extensions [ConsumerInput@Compete]
Value Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{EF99BD32-C1FB-11D2-892F-0090271D4F88}]
Value Found : HKLM\SOFTWARE\Mozilla\Firefox\Extensions [{5081D2D4-1637-404c-B74F-50526718257D}]
Value Found : [x64] HKLM\SOFTWARE\Mozilla\Firefox\Extensions [{5081D2D4-1637-404c-B74F-50526718257D}]

***** [ Web browsers ] *****

-\\ Internet Explorer v11.0.9600.16428

-\\ Mozilla Firefox v36.0.1 (x86 en-US)

*************************

AdwCleaner[R0].txt - [18198 bytes] - [20/05/2015 16:36:42]

########## EOF - C:\AdwCleaner\AdwCleaner[R0].txt - [18258 bytes] ##########



#5 Jo*

Jo*

  • Malware Response Team
  • 3,429 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:09:22 PM

Posted 20 May 2015 - 03:53 PM

Hello Ddraiglais,

Run Malwarebytes Anti-Rootkit again: Right-click mbar.exe and select Run As Administrator
  • Scan your system for malware
  • If malware is found, click on the Cleanup button to remove any threats and reboot if prompted to do so.
  • Wait while the system shuts down and the cleanup process is performed.
  • then please go to the MBAR folder and then copy/paste the contents of the MBAR-log-***.txt file to your next reply.
  • If there is no malware found, please let me know as well.


    ***


    Double click on AdwCleaner.exe to run the tool again.
    Vista / Windows 7/8 users right-click and select
Run As Administrator.
  • Click on the Scan button.
  • AdwCleaner will begin to scan your computer like it did before.
  • When the scan has finished, the actual line should say "Pending. Please uncheck elements you do not want to remove". Look through the scan results and uncheck any entries that you do not wish to remove.
  • This time, click on the Clean button.
  • Press OK when asked to close all programs and follow the onscreen prompts.
  • Press OK again to allow AdwCleaner to restart the computer and complete the removal process.
  • After rebooting, a logfile report (AdwCleaner[S0].txt) will open automatically.
  • Copy and paste the contents of that logfile in your next reply.
  • A copy of that logfile will also be saved in the C:\AdwCleaner folder.

***


Please download Junkware Removal Tool from HERE and save it to your desktop.
Shutdown your antivirus to avoid any potential conflicts.
Double click JRT.exe to run the tool.
Vista / Windows 7/8 users right-click and select Run As Administrator.
  • JRT will begin to backup your registry and start scanning your system.
  • Please be patient as this can take a while to complete depending on your system's specifications.
  • On completion, the log JRT.txt is saved on your desktop and will automatically open.
Enable your antivirus!
Post the contents of JRT.txt into your next reply.


***


How the computer is running now?


***


Graduate of the WTT Classroom
Cheers,
Jo
If I have been helping you, and I have not replied to your latest post in 36 hours please send me a PM.


#6 Ddraiglais

Ddraiglais
  • Topic Starter

  • Members
  • 44 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:02:22 PM

Posted 22 May 2015 - 04:20 PM

I had to work a double yesterday. I am sorry. I am running those scans today.



#7 Ddraiglais

Ddraiglais
  • Topic Starter

  • Members
  • 44 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:02:22 PM

Posted 23 May 2015 - 06:01 PM

MWB A-R didn't find anything.

 

ADW Cleaner:

# AdwCleaner v4.205 - Logfile created 23/05/2015 at 18:52:43
# Updated 21/05/2015 by Xplode
# Database : 2015-05-21.2 [Server]
# Operating system : Windows 7 Home Premium Service Pack 1 (x64)
# Username : Ginny - GINNY-PC
# Running from : C:\Users\Ginny\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\NF2RVUQN\adwcleaner_4.205.exe
# Option : Cleaning

***** [ Services ] *****

***** [ Files / Folders ] *****

***** [ Scheduled tasks ] *****

 

JRT:

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.7.8 (05.23.2015:2)
OS: Windows 7 Home Premium x64
Ran by Ginny on Sat 05/23/2015 at 18:56:11.95
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

 

~~~ Services

Successfully stopped: [Service] swdumon
Successfully deleted: [Service] swdumon



#8 Jo*

Jo*

  • Malware Response Team
  • 3,429 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:09:22 PM

Posted 24 May 2015 - 09:36 AM

How the computer is running now?



***


FRST / FSRT64: run it again.
  • Right-click FRST / FSRT64 then click "Run as administrator" (XP users: click run after receipt of Windows Security Warning - Open File).
  • When the tool opens, click Yes to disclaimer.
  • Press the Scan button.
  • When finished, it will produce a log called FRST.txt in the same directory the tool was run from.
  • Please copy and paste the log in your next reply.

***


Graduate of the WTT Classroom
Cheers,
Jo
If I have been helping you, and I have not replied to your latest post in 36 hours please send me a PM.


#9 Ddraiglais

Ddraiglais
  • Topic Starter

  • Members
  • 44 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:02:22 PM

Posted 25 May 2015 - 06:02 PM

It's running much better now. Thank you.

 

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 25-05-2015
Ran by Ginny (administrator) on GINNY-PC on 25-05-2015 16:22:35
Running from C:\Users\Ginny\Desktop
Loaded Profiles: Ginny (Available Profiles: Ginny)
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: English (United States)
Internet Explorer Version 11 (Default browser: IE)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe
() C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe
(RealNetworks, Inc.) C:\Program Files (x86)\Real\RealPlayer\RPDS\Bin\rpdsvc.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\Power Saver\TPwrMain.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\SmoothView\SmoothView.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe
(Intel Corporation) C:\Windows\System32\igfxsrvc.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\TECO\Teco.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\BulletinBoard\TosNcCore.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\ReelTime\TosReelTimeMonitor.exe
(RealNetworks, Inc.) C:\Program Files (x86)\Real\RealPlayer\RPDS\Bin64\rpsystray.exe
() C:\Program Files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe
(RealNetworks, Inc.) C:\Program Files (x86)\Real\RealPlayer\Update\realsched.exe
() C:\Program Files (x86)\RealNetworks\RealDownloader\downloader2.exe
() C:\Program Files (x86)\Real\UpdateService\RealPlayerUpdateSvc.exe
(TOSHIBA Corporation) C:\Windows\System32\TODDSrv.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\TECO\TecoService.exe
(Intel Corporation) C:\Windows\System32\igfxext.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Piriform Ltd) C:\Program Files\CCleaner\CCleaner64.exe
(Yahoo! Inc.) C:\Program Files (x86)\Yahoo!\Messenger\Ymsgr_tray.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Google Inc.) C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbarUser_32.exe
(TOSHIBA CORPORATION) C:\Program Files (x86)\Toshiba\ConfigFree\NDSTray.exe
(TOSHIBA CORPORATION) C:\Program Files (x86)\Toshiba\ConfigFree\CFSwMgr.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\TPHM\TPCHSrv.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\TPHM\TPCHWMsg.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSENotify.exe
(TOSHIBA CORPORATION) C:\Program Files (x86)\Toshiba\ConfigFree\CFIWmxSvcs64.exe
(TOSHIBA CORPORATION) C:\Program Files (x86)\Toshiba\ConfigFree\CFProcSRVC.exe
(TOSHIBA CORPORATION) C:\Program Files (x86)\Toshiba\ConfigFree\CFSvcs.exe
(RealNetworks, Inc.) C:\Program Files (x86)\RealNetworks\RealDownloader\recordingmanager.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe

==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [] => [X]
HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [7982112 2009-07-29] (Realtek Semiconductor)
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [1815848 2009-07-20] (Synaptics Incorporated)
HKLM\...\Run: [TPwrMain] => C:\Program Files\TOSHIBA\Power Saver\TPwrMain.EXE [497504 2009-08-05] (TOSHIBA Corporation)
HKLM\...\Run: [SmoothView] => C:\Program Files\Toshiba\SmoothView\SmoothView.exe [508216 2009-07-28] (TOSHIBA Corporation)
HKLM\...\Run: [00TCrdMain] => C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe [909624 2009-08-05] (TOSHIBA Corporation)
HKLM\...\Run: [TosWaitSrv] => C:\Program Files\TOSHIBA\TPHM\TosWaitSrv.exe [711000 2009-08-04] (TOSHIBA Corporation)
HKLM\...\Run: [Teco] => C:\Program Files\TOSHIBA\TECO\Teco.exe [1482080 2009-08-11] (TOSHIBA Corporation)
HKLM\...\Run: [SmartFaceVWatcher] => C:\Program Files\Toshiba\SmartFaceV\SmartFaceVWatcher.exe [238080 2009-07-29] (TOSHIBA Corporation)
HKLM\...\Run: [TosSENotify] => C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosWaitSrv.exe [709976 2009-08-03] (TOSHIBA Corporation)
HKLM\...\Run: [TosNC] => C:\Program Files\Toshiba\BulletinBoard\TosNcCore.exe [595816 2009-10-28] (TOSHIBA Corporation)
HKLM\...\Run: [TosReelTimeMonitor] => C:\Program Files\TOSHIBA\ReelTime\TosReelTimeMonitor.exe [34648 2009-10-29] (TOSHIBA Corporation)
HKLM\...\Run: [shopperz64] => C:\Program Files\shopperz\wrex64.exe
HKLM-x32\...\Run: [TWebCamera] => C:\Program Files (x86)\TOSHIBA\TOSHIBA Web Camera Application\TWebCamera.exe [2446648 2009-08-11] (TOSHIBA CORPORATION.)
HKLM-x32\...\Run: [Desktop Disc Tool] => C:\Program Files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe [498160 2009-07-13] ()
HKLM-x32\...\Run: [TkBellExe] => C:\Program Files (x86)\Real\RealPlayer\Update\realsched.exe [296520 2015-03-07] (RealNetworks, Inc.)
HKLM-x32\...\Run: [RealDownloader] => C:\Program Files (x86)\RealNetworks\RealDownloader\downloader2.exe [560192 2014-10-29] ()
HKLM-x32\...\Run: [Adobe Reader Speed Launcher] => C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe [35696 2009-02-27] (Adobe Systems Incorporated)
Winlogon\Notify\igfxcui: C:\windows\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-494707120-3277395189-1778691621-1000\...\Run: [swg] => C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [39408 2009-11-12] (Google Inc.)
HKU\S-1-5-21-494707120-3277395189-1778691621-1000\...\Run: [Messenger (Yahoo!)] => C:\Program Files (x86)\Yahoo!\Messenger\YahooMessenger.exe [6595928 2012-05-25] (Yahoo! Inc.)
HKU\S-1-5-21-494707120-3277395189-1778691621-1000\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [7416088 2015-02-19] (Piriform Ltd)
HKU\S-1-5-18\...\RunOnce: [SPReview] => C:\windows\System32\SPReview\SPReview.exe [301568 2015-03-03] (Microsoft Corporation)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\RealPlayer Cloud Service UI.lnk [2015-03-07]
ShortcutTarget: RealPlayer Cloud Service UI.lnk -> C:\Program Files (x86)\Real\RealPlayer\RPDS\Bin64\rpsystray.exe (RealNetworks, Inc.)
Startup: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Best Buy pc app.lnk [2015-03-01]
ShortcutTarget: Best Buy pc app.lnk -> C:\ProgramData\Best Buy pc app\ClickOnceSetup.exe (No File)
Startup: C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Best Buy pc app.lnk [2015-03-01]
ShortcutTarget: Best Buy pc app.lnk -> C:\ProgramData\Best Buy pc app\ClickOnceSetup.exe (No File)
Startup: C:\Users\Ginny\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\hqghumeaylnlf.lnk [2015-05-16]
ShortcutTarget: hqghumeaylnlf.lnk -> C:\ProgramData\{b692dcdd-4424-2c32-b692-2dcdd4427375}\hqghumeaylnlf.exe (No File)
Startup: C:\Users\Ginny\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Wipe Tray Agent.lnk [2015-05-17]
ShortcutTarget: Wipe Tray Agent.lnk -> C:\Program Files\Wipe\Wipe.exe (No File)
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKU\S-1-5-21-494707120-3277395189-1778691621-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Local Page =
HKU\S-1-5-21-494707120-3277395189-1778691621-1000\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.yahoo.com/
SearchScopes: HKLM -> {0b4d26f6-61a8-4463-99dd-5f2fe0400fa6} URL =
SearchScopes: HKLM -> {C8BB6DE4-E445-4311-AA0B-6BAD3CE44222} URL = http://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7TSNA
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-494707120-3277395189-1778691621-1000 -> DefaultScope {C8BB6DE4-E445-4311-AA0B-6BAD3CE44222} URL =
SearchScopes: HKU\S-1-5-21-494707120-3277395189-1778691621-1000 -> {C8BB6DE4-E445-4311-AA0B-6BAD3CE44222} URL =
BHO: RealNetworks Download and Record Plugin for Internet Explorer -> {3049C3E9-B461-4BC5-8870-4C09146192CA} -> C:\Program Files (x86)\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin64.dll [2014-10-27] (RealDownloader)
BHO: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2015-03-04] (Google Inc.)
BHO: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll [2014-07-14] (Microsoft Corporation)
BHO: Google Toolbar Notifier BHO -> {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} -> C:\Program Files\Google\GoogleToolbarNotifier\5.10.11023.1534\swg64.dll [2015-03-04] (Google Inc.)
BHO-x32: Adobe PDF Link Helper -> {18DF081C-E8AD-4283-A596-FA578C2EBDC3} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2009-02-27] (Adobe Systems Incorporated)
BHO-x32: RealNetworks Download and Record Plugin for Internet Explorer -> {3049C3E9-B461-4BC5-8870-4C09146192CA} -> C:\Program Files (x86)\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin.dll [2014-10-27] (RealDownloader)
BHO-x32: No Name -> {5C255C8A-E604-49b4-9D64-90988571CECB} ->  No File
BHO-x32: Windows Live Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-01-22] (Microsoft Corporation)
BHO-x32: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll [2015-03-04] (Google Inc.)
BHO-x32: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2014-07-14] (Microsoft Corporation)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll [2009-11-12] (Sun Microsystems, Inc.)
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2015-03-04] (Google Inc.)
Toolbar: HKLM-x32 - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll [2015-03-04] (Google Inc.)
Toolbar: HKU\S-1-5-21-494707120-3277395189-1778691621-1000 -> Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2015-03-04] (Google Inc.)
Handler-x32: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll [2009-07-26] (Microsoft Corporation)
Handler-x32: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll [2009-07-26] (Microsoft Corporation)
Handler: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll [2014-07-14] (Microsoft Corporation)
Handler-x32: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2014-07-14] (Microsoft Corporation)
Hosts: Hosts file not detected in the default directory
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1 209.18.47.61 209.18.47.62

FireFox:
========
FF ProfilePath: C:\Users\Ginny\AppData\Roaming\Mozilla\Firefox\Profiles\ay8mqpk8.default-1425701412547
FF Plugin: @bestbuy.com/npBestBuyPcAppDetector,version=1.0 -> C:\ProgramData\Best Buy pc app\npBestBuyPcAppDetector.dll No File
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @bestbuy.com/npBestBuyPcAppDetector,version=1.0 -> C:\ProgramData\Best Buy pc app\npBestBuyPcAppDetector.dll No File
FF Plugin-x32: @messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6 -> C:\Program Files (x86)\Yahoo!\Shared\npYState.dll [2012-05-25] (Yahoo! Inc.)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\3.0.40624.0\npctrl.dll [2009-06-24] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=14.0.8081.0709 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2009-07-10] (Microsoft Corporation)
FF Plugin-x32: @real.com/nppl3260;version=17.0.15.10 -> C:\Program Files (x86)\Real\RealPlayer\Netscape6\nppl3260.dll [2015-03-07] (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprndlhtml5videoshim;version=17.0.15 -> C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlhtml5videoshim.dll [2014-10-27] (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprpplugin;version=17.0.15.10 -> C:\Program Files (x86)\Real\RealPlayer\Netscape6\nprpplugin.dll [2015-03-07] (RealPlayer Cloud)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-02-28] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-02-28] (Google Inc.)
FF Extension: Ge-Force - C:\Users\Ginny\AppData\Roaming\Mozilla\Firefox\Profiles\ay8mqpk8.default-1425701412547\Extensions\TTSD90021300@PYDKGV101145942.com [2015-05-17]
FF Extension: Firefox Helper Tool - C:\Program Files (x86)\Mozilla Firefox\distribution\bundles\8526c86a0cae50f276bc2203927fee03 [2015-04-25]
FF Extension: Firefox Helper - C:\Program Files (x86)\Mozilla Firefox\distribution\bundles\882acb6c0dae4ff077bc2103917fed03 [2015-03-06]
FF HKLM-x32\...\Firefox\Extensions: [{338950EA-82DB-44C1-930D-0C28E023C9F0}] - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext
FF Extension: RealDownloader - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext [2015-03-07]
FF HKLM-x32\...\Firefox\Extensions: [{ABDE892B-13A8-4d1b-88E6-365A6E755758}] - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 c2cautoupdatesvc; C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [1390176 2014-07-14] (Microsoft Corporation)
R2 c2cpnrsvc; C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [1767520 2014-07-14] (Microsoft Corporation)
R2 RealNetworks Downloader Resolver Service; C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe [39568 2014-10-27] ()
R2 RealPlayer Cloud Service; C:\Program Files (x86)\Real\RealPlayer\RPDS\Bin\rpdsvc.exe [1141848 2015-03-07] (RealNetworks, Inc.)
R2 RealPlayerUpdateSvc; C:\Program Files (x86)\Real\UpdateService\RealPlayerUpdateSvc.exe [31856 2014-10-30] ()
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)
S2 hukylyqu; C:\Users\Ginny\AppData\Roaming\A0249120-1431834439-DE11-BBA9-00266C3C43F3\nsm6043.tmpfs [X]

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S3 trufos; C:\Windows\System32\drivers\trufos.sys [350160 2015-05-17] (BitDefender S.R.L.)
S3 EsgScanner; system32\DRIVERS\EsgScanner.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-05-25 16:22 - 2015-05-25 16:23 - 00017391 _____ () C:\Users\Ginny\Desktop\FRST.txt
2015-05-25 16:22 - 2015-05-25 16:22 - 00000000 ____D () C:\Users\Ginny\Desktop\FRST-OlderVersion
2015-05-25 16:18 - 2015-05-25 16:18 - 00079152 _____ () C:\Users\Ginny\AppData\Local\GDIPFONTCACHEV1.DAT
2015-05-23 18:56 - 2015-05-23 18:56 - 00000207 _____ () C:\windows\tweaking.com-regbackup-GINNY-PC-Windows-7-Home-Premium-(64-bit).dat
2015-05-23 18:56 - 2015-05-23 18:56 - 00000000 ____D () C:\RegBackup
2015-05-23 18:55 - 2015-05-23 18:55 - 02720636 _____ (Thisisu) C:\Users\Ginny\Desktop\JRT.exe
2015-05-20 16:36 - 2015-05-23 18:52 - 00000000 ____D () C:\AdwCleaner
2015-05-20 14:34 - 2015-05-20 14:34 - 00852639 _____ () C:\Users\Ginny\Desktop\SecurityCheck.exe
2015-05-19 19:15 - 2015-05-25 16:22 - 02108928 _____ (Farbar) C:\Users\Ginny\Desktop\FRST64.exe
2015-05-19 19:14 - 2015-05-25 16:22 - 00000000 ____D () C:\FRST
2015-05-19 08:22 - 2015-05-25 14:48 - 00045915 ____N () C:\windows\WindowsUpdate.log
2015-05-18 20:45 - 2015-05-23 07:09 - 00000000 ____D () C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2015-05-18 20:43 - 2015-05-23 07:09 - 00000000 ____D () C:\Users\Ginny\Desktop\mbar
2015-05-18 17:37 - 2015-05-18 17:37 - 00000945 _____ () C:\Users\Public\Desktop\Removal Tool.lnk
2015-05-18 17:37 - 2015-05-18 17:37 - 00000000 ____D () C:\Users\Ginny\AppData\Roaming\9-lab
2015-05-18 17:37 - 2015-05-18 17:37 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\9-lab Removal Tool
2015-05-18 17:37 - 2015-05-18 17:37 - 00000000 ____D () C:\ProgramData\9-lab
2015-05-18 17:37 - 2015-05-18 17:37 - 00000000 ____D () C:\Program Files\9-lab
2015-05-18 14:53 - 2015-05-18 14:53 - 00000000 ____D () C:\Program Files (x86)\Setup Support for Consumer Input
2015-05-17 18:01 - 2015-05-25 14:44 - 00000330 _____ () C:\windows\Tasks\LMVHRTEJX1.job
2015-05-17 18:01 - 2015-05-18 16:28 - 00000000 ____D () C:\ProgramData\04741f5cd84a49bcb1c2ee8c75c31c52
2015-05-17 18:01 - 2015-05-17 18:01 - 00003558 _____ () C:\windows\System32\Tasks\NCCQRI
2015-05-17 18:01 - 2015-05-17 18:01 - 00002852 _____ () C:\windows\System32\Tasks\LMVHRTEJX1
2015-05-17 18:01 - 2015-05-17 18:01 - 00000000 ____D () C:\ProgramData\28341ff220e0446c9fff27c4493d622e
2015-05-17 16:45 - 2015-05-17 16:45 - 00000000 ____D () C:\Program Files (x86)\ESET
2015-05-17 16:44 - 2015-05-17 16:44 - 02347384 _____ (ESET) C:\Users\Ginny\Desktop\esetsmartinstaller_enu.exe
2015-05-17 16:31 - 2015-05-17 16:39 - 00000000 ____D () C:\Users\Ginny\AppData\Roaming\ZHP
2015-05-17 16:31 - 2015-05-17 16:31 - 00000803 _____ () C:\Users\Ginny\Desktop\ZHPCleaner.lnk
2015-05-17 16:22 - 2015-05-18 16:26 - 00000000 ____D () C:\Program Files\Adware-Removal-Tool
2015-05-17 16:22 - 2015-05-17 16:22 - 00290304 _____ (Microsoft Corporation) C:\windows\SysWOW64\subinacl.exe
2015-05-17 13:50 - 2015-05-17 13:50 - 00000000 ____D () C:\Users\Ginny\AppData\Local\Zemana
2015-05-17 03:38 - 2015-05-17 03:39 - 16108197 _____ () C:\windows\REGBK00.ZIP
2015-05-17 03:37 - 2015-05-17 03:37 - 00000000 ____D () C:\windows\VDLL.DLL
2015-05-17 03:37 - 2015-05-17 03:37 - 00000000 ____D () C:\windows\SysWOW64\runouce.exe
2015-05-17 03:37 - 2015-05-17 03:37 - 00000000 ____D () C:\windows\rundll16.exe
2015-05-17 03:37 - 2015-05-17 03:37 - 00000000 ____D () C:\windows\RUNDL132.EXE
2015-05-17 03:37 - 2015-05-17 03:37 - 00000000 ____D () C:\windows\logo1_.exe
2015-05-17 03:37 - 2015-05-17 03:37 - 00000000 ____D () C:\windows\logo_1.exe
2015-05-17 03:32 - 2015-05-17 03:37 - 00000056 _____ () C:\windows\Lic.xxx
2015-05-17 03:31 - 2015-05-17 03:31 - 00655872 _____ (Microsoft Corporation) C:\windows\SysWOW64\msvcr90.dll
2015-05-17 03:31 - 2015-05-17 03:31 - 00632064 _____ (Microsoft Corporation) C:\windows\SysWOW64\msvcr80.dll
2015-05-17 03:31 - 2015-05-17 03:31 - 00572928 _____ (Microsoft Corporation) C:\windows\SysWOW64\msvcp90.dll
2015-05-17 03:31 - 2015-05-17 03:31 - 00554240 _____ (Microsoft Corporation) C:\windows\SysWOW64\msvcp80.dll
2015-05-17 03:31 - 2015-05-17 03:31 - 00350160 _____ (BitDefender S.R.L.) C:\windows\system32\Drivers\trufos.sys
2015-05-17 03:31 - 2015-05-17 03:31 - 00156392 _____ (MicroWorld Technologies Inc.) C:\windows\SysWOW64\eEmpty.exe
2015-05-17 03:30 - 2015-05-17 03:30 - 00000000 ____D () C:\ProgramData\MicroWorld
2015-05-17 03:19 - 2015-05-17 17:39 - 00000000 ____D () C:\Program Files (x86)\System Ninja
2015-05-17 02:52 - 2015-05-18 16:59 - 00000000 ____D () C:\Users\Ginny\AppData\Roaming\A0249120-1431845576-DE11-BBA9-00266C3C43F3
2015-05-17 02:50 - 2015-05-17 02:50 - 00003592 _____ () C:\windows\System32\Tasks\SMWUpd
2015-05-17 01:34 - 2015-05-17 01:34 - 00000000 ____N () C:\autoexec.bat
2015-05-17 01:33 - 2015-05-17 01:33 - 00003326 _____ () C:\windows\System32\Tasks\SpyHunter4Startup
2015-05-17 01:18 - 2015-05-17 01:18 - 00001023 _____ () C:\windows\SysWOW64\${LOGFILE}
2015-05-17 01:04 - 2015-05-17 01:04 - 00000000 ____D () C:\263d21bb391d7b9137729bff0787ef
2015-05-17 00:55 - 2015-05-17 03:26 - 00000000 ____D () C:\Users\Ginny\AppData\Roaming\A0249120-1431838549-DE11-BBA9-00266C3C43F3
2015-05-17 00:25 - 2015-05-17 00:37 - 00000000 ___HD () C:\ProgramData\exh
2015-05-17 00:00 - 2015-05-16 12:41 - 00048776 _____ (StdLib) C:\windows\system32\Drivers\{11944e07-3e46-4956-b8c7-7e52c7a44c1d}Gw64.sys.mwt
2015-05-16 23:56 - 2015-05-25 14:44 - 00000986 _____ () C:\windows\Tasks\HdSbqI7.job
2015-05-16 23:56 - 2015-05-16 23:56 - 00004012 _____ () C:\windows\System32\Tasks\HdSbqI7
2015-05-16 23:51 - 2015-05-17 02:56 - 00000004 _____ () C:\windows\SysWOW64\029B560A371F4E00AB32838EBC01B9E7
2015-05-16 23:47 - 2015-05-18 16:59 - 00000000 ____D () C:\Users\Ginny\AppData\Roaming\A0249120-1431834439-DE11-BBA9-00266C3C43F3
2015-05-16 23:47 - 2015-05-16 23:47 - 00631296 _____ () C:\windows\exh.dat
2015-05-16 23:47 - 2015-05-16 23:47 - 00408576 _____ () C:\windows\mexh.exe.mwt
2015-05-16 23:47 - 2009-06-10 17:00 - 00000824 _____ () C:\windows\system32\Drivers\etc\hp.bak
2015-05-16 23:40 - 2015-05-25 14:44 - 00001014 _____ () C:\windows\Tasks\yH9F810Vs7KCokgfyEYHj.job
2015-05-16 23:40 - 2015-05-25 14:44 - 00000330 _____ () C:\windows\Tasks\QHWXXQN1.job
2015-05-16 23:40 - 2015-05-18 16:29 - 00000000 ____D () C:\Users\Ginny\AppData\Local\B304F891-C1A0-A742-8BFE-6D159B2B06C2
2015-05-16 23:40 - 2015-05-16 23:40 - 00004040 _____ () C:\windows\System32\Tasks\yH9F810Vs7KCokgfyEYHj
2015-05-16 23:40 - 2015-05-16 23:40 - 00003558 _____ () C:\windows\System32\Tasks\RMYGRR
2015-05-16 23:40 - 2015-05-16 23:40 - 00002852 _____ () C:\windows\System32\Tasks\QHWXXQN1
2015-05-16 23:39 - 2015-05-16 23:39 - 00000064 _____ () C:\Users\Ginny\AppData\Local\8287343cd1ae64b0329f8f2e03f1c8e4
2015-05-16 23:38 - 2015-05-16 23:38 - 00000000 ____D () C:\Users\Ginny\Documents\vlc
2015-05-16 20:01 - 2015-05-16 20:01 - 00000000 ____D () C:\Program Files (x86)\GUM3B9F.tmp
2015-05-06 06:58 - 2015-05-06 06:58 - 00000000 ____D () C:\Users\Public\Documents\Downloaded Installers
2015-05-05 07:00 - 2015-05-18 16:27 - 00000000 ____D () C:\Program Files (x86)\Megasoft Security
2015-04-29 07:58 - 2015-04-29 07:58 - 00000000 ____D () C:\Program Files (x86)\Windows Resource Kits

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-05-25 16:22 - 2015-03-01 09:41 - 00000000 ____D () C:\Users\Ginny\AppData\Roaming\Azureus
2015-05-25 16:10 - 2015-02-28 20:47 - 00000898 _____ () C:\windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-05-25 16:09 - 2015-03-05 20:15 - 00000830 _____ () C:\windows\Tasks\Adobe Flash Player Updater.job
2015-05-25 14:52 - 2009-07-14 00:45 - 00015792 ____H () C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-05-25 14:52 - 2009-07-14 00:45 - 00015792 ____H () C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-05-25 14:49 - 2009-07-14 01:13 - 00743352 _____ () C:\windows\system32\PerfStringBackup.INI
2015-05-25 14:44 - 2015-02-28 20:47 - 00000894 _____ () C:\windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-05-25 14:44 - 2009-07-14 01:08 - 00000006 ____H () C:\windows\Tasks\SA.DAT
2015-05-24 22:18 - 2009-07-13 23:20 - 00000000 ____D () C:\windows\system32\NDF
2015-05-24 15:45 - 2015-02-28 20:44 - 00000000 ____D () C:\Users\Ginny\AppData\Roaming\Skype
2015-05-23 06:43 - 2015-03-07 06:41 - 00136408 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\MBAMSwissArmy.sys
2015-05-23 06:43 - 2015-03-01 00:21 - 00107736 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\mbamchameleon.sys
2015-05-20 16:40 - 2015-03-01 09:19 - 00001072 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2015-05-20 16:40 - 2015-03-01 09:19 - 00001060 _____ () C:\Users\Public\Desktop\Mozilla Firefox.lnk
2015-05-20 16:40 - 2015-02-28 20:34 - 00001183 _____ () C:\Users\Ginny\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2015-05-20 14:24 - 2009-07-13 22:34 - 00000922 _____ () C:\windows\win.ini
2015-05-19 07:38 - 2015-03-02 11:03 - 00073728 _____ () C:\windows\SysWOW64\tasks.dll
2015-05-19 07:01 - 2009-07-14 01:37 - 00000000 ____D () C:\windows\DigitalLocker
2015-05-18 16:27 - 2009-07-13 23:20 - 00000000 ____D () C:\Program Files\Common Files\System
2015-05-18 16:26 - 2015-03-06 16:33 - 00000000 ____D () C:\6f752f6e-ddf8-4bae-80c5-abc6de917856
2015-05-16 20:05 - 2015-02-28 20:47 - 00003894 _____ () C:\windows\System32\Tasks\GoogleUpdateTaskMachineUA
2015-05-16 20:05 - 2015-02-28 20:47 - 00003642 _____ () C:\windows\System32\Tasks\GoogleUpdateTaskMachineCore
2015-05-10 21:31 - 2009-07-14 01:08 - 00032574 _____ () C:\windows\Tasks\SCHEDLGU.TXT
2015-05-10 02:52 - 2015-03-31 18:06 - 00000000 ____D () C:\windows\Minidump
2015-05-06 08:11 - 2015-02-28 20:43 - 00000000 ___RD () C:\Program Files (x86)\Skype
2015-05-06 08:11 - 2015-02-28 20:43 - 00000000 ____D () C:\ProgramData\Skype

==================== Files in the root of some directories =======

2015-03-29 05:57 - 2015-03-29 05:57 - 0009662 _____ () C:\Users\Ginny\AppData\Roaming\em_64x64.ico
2015-03-01 00:25 - 2015-03-07 04:26 - 0000126 _____ () C:\Users\Ginny\AppData\Roaming\WB.CFG
2015-03-18 16:38 - 2015-04-07 16:23 - 0000572 _____ () C:\Users\Ginny\AppData\Roaming\wklnhst.dat
2015-05-16 23:39 - 2015-05-16 23:39 - 0000064 _____ () C:\Users\Ginny\AppData\Local\8287343cd1ae64b0329f8f2e03f1c8e4
2015-03-02 20:49 - 2015-03-02 20:49 - 0274045 _____ () C:\Users\Ginny\AppData\Local\dsi1.dat
2015-03-02 20:49 - 2015-03-02 20:49 - 0161916 _____ () C:\Users\Ginny\AppData\Local\dsi2.dat

Some files in TEMP:
====================
C:\Users\Ginny\AppData\Local\Temp\i4jdel0.exe

Some zero byte size files/folders:
==========================
C:\Windows\logo1_.exe
C:\Windows\logo_1.exe
C:\Windows\RUNDL132.EXE
C:\Windows\rundll16.exe
C:\Windows\VDLL.DLL
C:\Windows\SysWOW64\runouce.exe

==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2015-05-04 00:20

==================== End of log ============================

 

 

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 25-05-2015
Ran by Ginny at 2015-05-25 16:24:16
Running from C:\Users\Ginny\Desktop
Boot Mode: Normal
==========================================================

==================== Accounts: =============================

Administrator (S-1-5-21-494707120-3277395189-1778691621-500 - Administrator - Disabled)
Ginny (S-1-5-21-494707120-3277395189-1778691621-1000 - Administrator - Enabled) => C:\Users\Ginny
Guest (S-1-5-21-494707120-3277395189-1778691621-501 - Limited - Disabled)

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

9-lab Removal Tool (HKLM-x32\...\9-lab Removal Tool) (Version:  - )
Adobe Flash Player 17 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 17.0.0.169 - Adobe Systems Incorporated)
Adobe Reader 9.1 (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-A91000000001}) (Version: 9.1.0 - Adobe Systems Incorporated)
Best Buy pc app (Version: 3.2.2.1 - Best Buy) Hidden
Best Buy pc app (x32 Version: 3.2.2.1 - Best Buy) Hidden
CCleaner (HKLM\...\CCleaner) (Version: 5.03 - Piriform)
Compatibility Pack for the 2007 Office system (HKLM-x32\...\{90120000-0020-0409-0000-0000000FF1CE}) (Version: 12.0.4518.1014 - Microsoft Corporation)
Consumer Input Update Helper (x32 Version: 1.3.25.309 - Compete Inc.) Hidden <==== ATTENTION
ESET Online Scanner v3 (HKLM-x32\...\ESET Online Scanner) (Version:  - )
Google Toolbar for Internet Explorer (HKLM-x32\...\{2318C2B1-4965-11d4-9B18-009027A5CD4F}) (Version: 7.5.6227.252 - Google Inc.)
Google Toolbar for Internet Explorer (x32 Version: 1.0.0 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.27.5 - Google Inc.) Hidden
Idle Crawler (HKLM-x32\...\B304F891-C1A0-A742-8BFE-6D159B2B06C2) (Version: 166.0.0.1703 - GREYSTONE VENTURES LP) <==== ATTENTION
Intel® Graphics Media Accelerator Driver (HKLM\...\HDMI) (Version: 8.15.10.1883 - Intel Corporation)
Intel® Matrix Storage Manager (HKLM\...\{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}) (Version:  - Intel Corporation)
Java™ 6 Update 14 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83216014FF}) (Version: 6.0.140 - Sun Microsystems, Inc.)
Junk Mail filter update (x32 Version: 14.0.8089.726 - Microsoft Corporation) Hidden
Malwarebytes Anti-Malware version 2.0.4.1028 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.4.1028 - Malwarebytes Corporation)
Microsoft .NET Framework 4 Client Profile (HKLM\...\Microsoft .NET Framework 4 Client Profile) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft Office 2007 Service Pack 2 (SP2) (HKLM-x32\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}) (Version:  - Microsoft)
Microsoft Office Home and Student 2007 (HKLM-x32\...\HOMESTUDENTR) (Version: 12.0.6425.1000 - Microsoft Corporation)
Microsoft Office PowerPoint Viewer 2007 (English) (HKLM-x32\...\{95120000-00AF-0409-0000-0000000FF1CE}) (Version: 12.0.4518.1014 - Microsoft Corporation)
Microsoft Office Suite Activation Assistant (HKLM-x32\...\{E50AE784-FABE-46DA-A1F8-7B6B56DCB22E}) (Version: 2.9 - Microsoft Corporation)
Microsoft Silverlight (HKLM-x32\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 3.0.40624.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Works (HKLM-x32\...\{15BC8CD0-A65B-47D0-A2DD-90A824590FA8}) (Version: 9.7.0621 - Microsoft Corporation)
Mozilla Firefox 36.0.1 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 36.0.1 (x86 en-US)) (Version: 36.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 36.0 - Mozilla)
PlayReady PC Runtime amd64 (HKLM\...\{BCA9334F-B6C9-4F65-9A73-AC5A329A4D04}) (Version: 1.3.0 - Microsoft Corporation)
RealDownloader (x32 Version: 17.0.15.4 - RealNetworks, Inc.) Hidden
RealDownloader (x32 Version: 17.0.15.7 - RealNetworks) Hidden
RealNetworks - Microsoft Visual C++ 2008 Runtime (x32 Version: 9.0 - RealNetworks, Inc) Hidden
RealNetworks - Microsoft Visual C++ 2010 Runtime (Version: 10.0 - RealNetworks, Inc) Hidden
RealNetworks - Microsoft Visual C++ 2010 Runtime (x32 Version: 10.0 - RealNetworks, Inc) Hidden
RealPlayer Cloud (HKLM-x32\...\RealPlayer 17.0) (Version: 17.0.15 - RealNetworks)
RealPlayer Packages (HKU\S-1-5-21-494707120-3277395189-1778691621-1000\...\RealPlayer Packages) (Version:  - ) <==== ATTENTION
Realtek Ethernet Controller  Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 1.00.0008 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.5904 - Realtek Semiconductor Corp.)
Realtek USB 2.0 Card Reader (HKLM-x32\...\{96AE7E41-E34E-47D0-AC07-1091A8127911}) (Version: 6.1.7600.30101 - Realtek Semiconductor Corp.)
Realtek WLAN Driver (HKLM-x32\...\{0FB630AB-7BD8-40AE-B223-60397D57C3C9}) (Version: 2.00.0006 - Realtek)
RealUpgrade 1.1 (x32 Version: 1.1.0 - RealNetworks, Inc.) Hidden
Roxio Burn (HKLM-x32\...\{B2E47DE7-800B-40BB-BD1F-9F221C3AEE87}) (Version: 1.2 - Roxio)
Roxio Express Labeler 3 (HKLM-x32\...\{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}) (Version: 3.2.1 - Roxio)
Skype Click to Call (HKLM-x32\...\{6D1221A9-17BF-4EC0-81F2-27D30EC30701}) (Version: 7.3.16540.9015 - Microsoft Corporation)
Skype™ 7.4 (HKLM-x32\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 7.4.102 - Skype Technologies S.A.)
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 13.2.6.1 - Synaptics Incorporated)
TOSHIBA Application Installer (HKLM-x32\...\{970472D0-F5F9-4158-A6E3-1AE49EFEF2D3}) (Version: 9.0.1.0 - TOSHIBA)
TOSHIBA Assist (HKLM-x32\...\{1B87C40B-A60B-4EF3-9A68-706CF4B69978}) (Version: 3.00.10 - TOSHIBA)
TOSHIBA Bulletin Board (HKLM-x32\...\InstallShield_{F64684A0-754B-4637-B7F9-6E8DAA8CD5CD}) (Version: 1.5.05.64 - TOSHIBA Corporation)
TOSHIBA ConfigFree (HKLM-x32\...\{F3529665-D75E-4D6D-98F0-745C78C68E9B}) (Version: 8.0.21 - TOSHIBA Corporation)
TOSHIBA Disc Creator (HKLM\...\{5DA0E02F-970B-424B-BF41-513A5018E4C0}) (Version: 2.1.0.1 for x64 - TOSHIBA Corporation)
TOSHIBA DVD PLAYER (HKLM-x32\...\{6C5F3BDC-0A1B-4436-A696-5939629D5C31}) (Version: 3.01.0.07-A - TOSHIBA Corporation)
TOSHIBA eco Utility (HKLM-x32\...\InstallShield_{B3FF1CD9-B2F0-4D71-BB55-5F580401C48E}) (Version: 1.1.7.64 - TOSHIBA Corporation)
TOSHIBA Extended Tiles for Windows Mobility Center (HKLM-x32\...\InstallShield_{617C36FD-0CBE-4600-84B2-441CEB12FADF}) (Version:  - )
TOSHIBA Face Recognition (HKLM-x32\...\InstallShield_{F67FA545-D8E5-4209-86B1-AEE045D1003F}) (Version: 3.1.0.64 - TOSHIBA Corporation)
TOSHIBA Hardware Setup (HKLM-x32\...\{D0387727-C89D-4774-B643-B9333EAA09DE}) (Version: 2.00.11 - TOSHIBA Corporation)
TOSHIBA HDD/SSD Alert (HKLM-x32\...\InstallShield_{D4322448-B6AF-4316-B859-D8A0E84DCB38}) (Version: 3.1.64.0 - TOSHIBA Corporation)
TOSHIBA Media Controller (HKLM-x32\...\{983CD6FE-8320-4B80-A8F6-0D0366E0AA22}) (Version: 1.0.65 - TOSHIBA CORPORATION)
TOSHIBA PC Health Monitor (HKLM\...\{9DECD0F9-D3E8-48B0-A390-1CF09F54E3A4}) (Version: 1.4.1.64 - TOSHIBA Corporation)
TOSHIBA Quality Application (HKLM-x32\...\{E69992ED-A7F6-406C-9280-1C156417BC49}) (Version: 1.0.1 - TOSHIBA)
TOSHIBA Recovery Media Creator (HKLM\...\{B65BBB06-1F8E-48F5-8A54-B024A9E15FDF}) (Version: 2.1.0.4 for x64 - TOSHIBA Corporation)
TOSHIBA ReelTime (HKLM-x32\...\InstallShield_{5BCC94A1-DEF1-4AB4-8046-BC13048E929A}) (Version: 1.5.07.64 - TOSHIBA Corporation)
TOSHIBA Service Station (HKLM-x32\...\{AC6569FA-6919-442A-8552-073BE69E247A}) (Version: 2.1.33 - TOSHIBA)
TOSHIBA Speech System Applications (HKLM-x32\...\{EE033C1F-443E-41EC-A0E2-559B539A4E4D}) (Version: 1.00.2518 - )
TOSHIBA Speech System SR Engine(U.S.) Version1.0 (HKLM-x32\...\{008D69EB-70FF-46AB-9C75-924620DF191A}) (Version:  - )
TOSHIBA Speech System TTS Engine(U.S.) Version1.0 (HKLM-x32\...\{3FBF6F99-8EC6-41B4-8527-0A32241B5496}) (Version:  - )
TOSHIBA Supervisor Password (HKLM-x32\...\{A208044D-A88B-4ACF-AE95-E4F213E6EDC0}) (Version: 2.00.09 - TOSHIBA Corporation)
TOSHIBA Value Added Package (HKLM-x32\...\InstallShield_{066CFFF8-12BF-4390-A673-75F95EFF188E}) (Version: 1.2.25.64 - TOSHIBA Corporation)
TOSHIBA Web Camera Application (HKLM-x32\...\{5E6F6CF3-BACC-4144-868C-E14622C658F3}) (Version: 1.1.1.4 - TOSHIBA Corporation)
ToshibaRegistration (HKLM-x32\...\{5AF550B4-BB67-4E7E-82F1-2C4300279050}) (Version: 1.0.3 - Toshiba)
UpdateService (x32 Version: 1.0.0 - RealNetworks, Inc.) Hidden
Video Downloader (x32 Version: 1.0.0 - RealNetworks) Hidden
Vuze (HKLM-x32\...\8461-7759-5462-8226) (Version: 5.6.0.0 - Azureus Software, Inc.)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite_Wave3) (Version: 14.0.8089.0726 - Microsoft Corporation)
Windows Live Sign-in Assistant (HKLM-x32\...\{45338B07-A236-4270-9A77-EBB4115517B5}) (Version: 5.000.818.5 - Microsoft Corporation)
Windows Live Sync (HKLM-x32\...\{84EBDF39-4B33-49D7-A0BD-EB6E2C4E81C1}) (Version: 14.0.8089.726 - Microsoft Corporation)
Windows Live Upload Tool (HKLM-x32\...\{205C6BDD-7B73-42DE-8505-9A093F35A238}) (Version: 14.0.8014.1029 - Microsoft Corporation)
Windows Resource Kit Tools - SubInAcl.exe (HKLM-x32\...\{D3EE034D-5B92-4A55-AA02-2E6D0A6A96EE}) (Version: 5.2.3790.1164 - Microsoft Corporation)
Yahoo! Messenger (HKLM-x32\...\Yahoo! Messenger) (Version:  - Yahoo! Inc.)
Yahoo! Software Update (HKLM-x32\...\Yahoo! Software Update) (Version:  - )

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

==================== Restore Points =========================

16-05-2015 23:41:11 Removed WeatherApp
17-05-2015 00:23:37 Removed DriverUpdate

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {02D4C0CE-837B-4E1D-A018-EF8A3775330A} - System32\Tasks\QHWXXQN1 => C:\ProgramData\FlashBeat\FlashBeat.exe <==== ATTENTION
Task: {03542FE5-1886-456D-B4D4-9C428E59BC09} - System32\Tasks\SMWUpd => C:\Program Files\Common Files\Goobzo\GBUpdate\updater.exe <==== ATTENTION
Task: {109B5F5F-C2D6-44E3-A664-FBC42E4DD266} - \ProPCCleaner_Popup No Task File <==== ATTENTION
Task: {16456991-A3E7-49D8-9692-FBC4811C8B47} - System32\Tasks\NCCQRI => C:\ProgramData\04741f5cd84a49bcb1c2ee8c75c31c52\04741f5cd84a49bcb1c2ee8c75c31c52.exe
Task: {1B339F36-72C1-497B-B010-6A3EF9CA011B} - System32\Tasks\RealDownloaderRealUpgradeLogonTaskS-1-5-21-494707120-3277395189-1778691621-1000 => C:\Program Files (x86)\RealNetworks\RealDownloader\RealUpgrade.exe [2014-10-27] (RealNetworks, Inc.)
Task: {1C350AAD-0ADC-46A4-9C85-AF2660795899} - System32\Tasks\RealDownloaderDownloaderScheduledTaskS-1-5-21-494707120-3277395189-1778691621-1000 => C:\Program Files (x86)\RealNetworks\RealDownloader\recordingmanager.exe [2014-10-27] (RealNetworks, Inc.)
Task: {2C6AD8BA-64F7-4DDC-9D6C-BF1CFE4BE645} - \SpeeditUp Update No Task File <==== ATTENTION
Task: {51228C28-D2B7-4835-AF97-EEA1A3154F5A} - System32\Tasks\yH9F810Vs7KCokgfyEYHj => C:\Users\Ginny\AppData\Roaming\yH9F810Vs7KCokgfyEYHj.exe <==== ATTENTION
Task: {55A3E103-ADB3-4287-A28A-02741832DBFB} - System32\Tasks\ConfigFree Startup Programs => C:\Program Files (x86)\TOSHIBA\ConfigFree\NDSTray.exe [2009-07-13] (TOSHIBA CORPORATION)
Task: {5ABE5532-DAE7-487A-874B-8CDE7C0933F1} - System32\Tasks\Microsoft\Windows\Maintenance\Updater for IC => %LOCALAPPDATA%\B304F891-C1A0-A742-8BFE-6D159B2B06C2\Runner.exe <==== ATTENTION
Task: {5D7E9B90-0FE5-43CE-9AB5-1E01ABF275C5} - System32\Tasks\RealDownloaderRealUpgradeScheduledTaskS-1-5-21-494707120-3277395189-1778691621-1000 => C:\Program Files (x86)\RealNetworks\RealDownloader\RealUpgrade.exe [2014-10-27] (RealNetworks, Inc.)
Task: {697E9EE8-7EFF-4D79-9AD4-0BE877C81446} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-02-28] (Google Inc.)
Task: {6F59C9D7-C2A1-45C6-A1F0-7782C6C295BF} - System32\Tasks\Adobe Flash Player Updater => C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-04-14] (Adobe Systems Incorporated)
Task: {88C47C51-389C-448A-AD15-42423930A3EF} - System32\Tasks\SpyHunter4Startup => C:\Program Files\Enigma Software Group\SpyHunter\Spyhunter4.exe
Task: {97CD0FE2-783C-4791-B73F-C1EE8944CAFC} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2015-02-19] (Piriform Ltd)
Task: {A00A5662-F7B0-437D-AF1F-4B30BCA10316} - System32\Tasks\Great Performance Ultimate => C:\Program Files (x86)\PrivateVPN\gpup.exe <==== ATTENTION
Task: {A2B7398C-B471-4248-8001-F2E77FA895AC} - System32\Tasks\Maintenance Updater Schedualer => C:\Program Files (x86)\Maintenance Updater\MaintenanceUpdater.exe [2015-04-08] (Secure Updater)
Task: {A5B48414-83AC-48D4-913B-5708384694BC} - System32\Tasks\LMVHRTEJX1 => C:\ProgramData\FlashBeat\FlashBeat.exe <==== ATTENTION
Task: {A906144C-D6E0-4888-83B4-08155FCC9CDB} - \ProPCCleaner_Start No Task File <==== ATTENTION
Task: {B3F7B1A9-A6D7-41FC-929E-5BAE53F3B88E} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-02-28] (Google Inc.)
Task: {BA82F93B-6A30-4CEA-8C57-CC34C362B83C} - System32\Tasks\RealDownloader Update Check => C:\Program Files (x86)\RealNetworks\RealDownloader\downloader2.exe [2014-10-29] ()
Task: {BC18FD67-4BD1-4EAA-BCA8-4BA1EC44AB45} - \SMW_UpdateTask_Time_323339383739353133312d3437415a556c2a3223346c41 No Task File <==== ATTENTION
Task: {C218E8E8-F04A-46A1-9A44-AC8F6A8C64A7} - System32\Tasks\RMYGRR => C:\ProgramData\41d2ca6adb7c4b5585247b56fff3ec4c\41d2ca6adb7c4b5585247b56fff3ec4c.exe
Task: {EBC2AC81-A963-498F-97EC-CF55674BD3D0} - System32\Tasks\HdSbqI7 => C:\Users\Ginny\AppData\Roaming\HdSbqI7.exe <==== ATTENTION
Task: C:\windows\Tasks\Adobe Flash Player Updater.job => C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\windows\Tasks\HdSbqI7.job => C:\Users\Ginny\AppData\Roaming\HdSbqI7.exe <==== ATTENTION
Task: C:\windows\Tasks\LMVHRTEJX1.job => C:\ProgramData\FlashBeat\FlashBeat.exe <==== ATTENTION
Task: C:\windows\Tasks\QHWXXQN1.job => C:\ProgramData\FlashBeat\FlashBeat.exe <==== ATTENTION
Task: C:\windows\Tasks\yH9F810Vs7KCokgfyEYHj.job => C:\Users\Ginny\AppData\Roaming\yH9F810Vs7KCokgfyEYHj.exe <==== ATTENTION

==================== Loaded Modules (Whitelisted) ==============

2014-10-27 02:59 - 2014-10-27 02:59 - 00039568 _____ () C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe
2009-07-16 19:27 - 2009-07-16 19:27 - 07244600 _____ () C:\Program Files\TOSHIBA\FlashCards\BlackPng.dll
2009-07-16 19:27 - 2009-07-16 19:27 - 00051512 _____ () C:\Program Files\TOSHIBA\FlashCards\Hotkey\FnZ.dll
2009-11-12 22:23 - 2009-06-22 19:40 - 00022328 _____ () C:\Program Files\TOSHIBA\Toshiba Assist\NotifyX.dll
2009-03-12 23:08 - 2009-03-12 23:08 - 00048640 _____ () C:\Program Files (x86)\Toshiba\PCDiag\NotifyPCD.dll
2009-07-25 21:38 - 2009-07-25 21:38 - 00017800 _____ () C:\Program Files\TOSHIBA\TOSHIBA Disc Creator\NotifyTDC.dll
2009-07-13 02:35 - 2009-07-13 02:35 - 00498160 _____ () C:\Program Files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe
2014-10-29 23:06 - 2014-10-29 23:06 - 00560192 _____ () C:\Program Files (x86)\RealNetworks\RealDownloader\downloader2.exe
2014-10-30 09:41 - 2014-10-30 09:41 - 00031856 _____ () C:\Program Files (x86)\Real\UpdateService\RealPlayerUpdateSvc.exe
2009-08-03 22:18 - 2009-08-03 22:18 - 00081752 _____ () C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosIPCWraper.dll
2015-03-07 16:02 - 2015-03-07 16:02 - 00865880 _____ () C:\Program Files (x86)\Real\RealPlayer\RPDS\Plugins\cldplin.dll
2014-10-29 23:01 - 2014-10-29 23:01 - 01382048 _____ () C:\Program Files (x86)\RealNetworks\RealDownloader\cpprest100_1_2.dll
2014-10-30 09:41 - 2014-10-30 09:41 - 00035976 _____ () C:\Program Files (x86)\Real\UpdateService\DL2UpdatePlugin.dll
2014-10-30 09:41 - 2014-10-30 09:41 - 00039560 _____ () C:\Program Files (x86)\Real\UpdateService\RealDownloaderUpdatePlugin.dll
2014-10-30 09:41 - 2014-10-30 09:41 - 00032888 _____ () C:\Program Files (x86)\Real\UpdateService\RPDSUpdatePlugin.dll
2015-03-05 20:15 - 2012-05-25 08:25 - 00921600 _____ () C:\Program Files (x86)\Yahoo!\Messenger\yui.dll
2015-03-07 16:02 - 2015-03-07 16:02 - 00573528 _____ () C:\Program Files (x86)\Real\RealPlayer\RPDS\Lib\r1api.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)

==================== Safe Mode (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

==================== EXE Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)

==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)

==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-494707120-3277395189-1778691621-1000\Control Panel\Desktop\\Wallpaper ->
DNS Servers: 192.168.1.1 - 209.18.47.61

==================== MSCONFIG/TASK MANAGER Error getting ==

(Currently there is no automatic fix for this section.)

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [{BE5693A9-0B75-4D76-99F7-A9DCC9D696FA}] => (Allow) C:\Program Files (x86)\Windows Live\Messenger\wlcsdk.exe
FirewallRules: [{B6F2F9F2-4D4C-44EE-8514-30E380CEF075}] => (Allow) C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe
FirewallRules: [{259B014B-8CA9-405F-9340-537B1220F1D7}] => (Allow) svchost.exe
FirewallRules: [{190BD108-7ED2-4361-9E24-8B082B179026}] => (Allow) C:\Program Files (x86)\Windows Live\Sync\WindowsLiveSync.exe
FirewallRules: [{20EAADF0-9A19-4E82-8B73-3E25BE42E03E}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exe
FirewallRules: [{F9BB8A77-D25F-41AD-9334-C2CD45E3C92B}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{67B933E7-4561-4DF8-B061-D81B5F3B76E4}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [TCP Query User{5184FB8A-D8AE-432A-931B-66387F2CAE17}C:\program files (x86)\mozilla firefox\firefox.exe] => (Allow) C:\program files (x86)\mozilla firefox\firefox.exe
FirewallRules: [UDP Query User{73F80684-B4A2-4830-BC92-AF1FA6482484}C:\program files (x86)\mozilla firefox\firefox.exe] => (Allow) C:\program files (x86)\mozilla firefox\firefox.exe
FirewallRules: [{9A78C205-5A1D-4BDD-A150-991114DBE773}] => (Allow) C:\Program Files (x86)\Yahoo!\Messenger\YahooMessenger.exe
FirewallRules: [{53C8CE7D-8CA6-4272-B9A6-7E0A6C116DB2}] => (Allow) C:\Program Files (x86)\Yahoo!\Messenger\YahooMessenger.exe
FirewallRules: [{22A2096F-ED75-4FB3-97C5-F03E1759728B}] => (Allow) C:\Program Files (x86)\Real\RealPlayer\RPDS\Bin\rpdsvc.exe
FirewallRules: [{3EEEFFC0-5416-4BE2-A0E4-6285CF7252DF}] => (Allow) C:\Program Files (x86)\Vuze\Azureus.exe
FirewallRules: [{DA2A29F9-4E2D-45EF-952A-FDF69A14B126}] => (Allow) C:\Program Files (x86)\Vuze\Azureus.exe
FirewallRules: [{184074F9-7F11-4E8A-8BEE-0D759EE6C7D6}] => (Allow) C:\Program Files (x86)\Crossbrowse\Crossbrowse\Application\crossbrowse.exe

==================== Faulty Device Manager Devices =============

Name: Teredo Tunneling Pseudo-Interface
Description: Microsoft Teredo Tunneling Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: tunnel
Problem: : This device cannot start. (Code10)
Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.

==================== Event log errors: =========================

Application errors:
==================
Error: (05/25/2015 04:06:26 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: Activation context generation failed for "rpshellextension.1.0,language="&#x2a;",type="win32",version="1.0.0.0"1".
Dependent Assembly rpshellextension.1.0,language="&#x2a;",type="win32",version="1.0.0.0" could not be found.
Please use sxstrace.exe for detailed diagnosis.

Error: (05/25/2015 03:14:36 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: recordingmanager.exe, version: 17.0.15.4, time stamp: 0x544ddf47
Faulting module name: ntdll.dll, version: 6.1.7601.18247, time stamp: 0x521ea8e7
Exception code: 0xc0000374
Fault offset: 0x000ce753
Faulting process id: 0xe4c
Faulting application start time: 0xrecordingmanager.exe0
Faulting application path: recordingmanager.exe1
Faulting module path: recordingmanager.exe2
Report Id: recordingmanager.exe3

Error: (05/25/2015 05:10:07 AM) (Source: SideBySide) (EventID: 33) (User: )
Description: Activation context generation failed for "rpshellextension.1.0,language="&#x2a;",type="win32",version="1.0.0.0"1".
Dependent Assembly rpshellextension.1.0,language="&#x2a;",type="win32",version="1.0.0.0" could not be found.
Please use sxstrace.exe for detailed diagnosis.

Error: (05/25/2015 05:03:56 AM) (Source: SideBySide) (EventID: 35) (User: )
Description: Activation context generation failed for "WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1"1".Error in manifest or policy file "WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1"2" on line WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1"3.
Component identity found in manifest does not match the identity of the component requested.
Reference is WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1".
Definition is WLMFDS,processorArchitecture="x86",type="win32",version="1.0.0.1".
Please use sxstrace.exe for detailed diagnosis.

Error: (05/25/2015 04:56:30 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: recordingmanager.exe, version: 17.0.15.4, time stamp: 0x544ddf47
Faulting module name: ntdll.dll, version: 6.1.7601.18247, time stamp: 0x521ea8e7
Exception code: 0xc0000374
Fault offset: 0x000ce753
Faulting process id: 0x670
Faulting application start time: 0xrecordingmanager.exe0
Faulting application path: recordingmanager.exe1
Faulting module path: recordingmanager.exe2
Report Id: recordingmanager.exe3

Error: (05/25/2015 04:50:24 AM) (Source: SideBySide) (EventID: 80) (User: )
Description: Activation context generation failed for "C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1".Error in manifest or policy file "C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" on line C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Component 2: C:\windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.

Error: (05/24/2015 10:11:36 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: recordingmanager.exe, version: 17.0.15.4, time stamp: 0x544ddf47
Faulting module name: ntdll.dll, version: 6.1.7601.18247, time stamp: 0x521ea8e7
Exception code: 0xc0000374
Fault offset: 0x000ce753
Faulting process id: 0x1e0c
Faulting application start time: 0xrecordingmanager.exe0
Faulting application path: recordingmanager.exe1
Faulting module path: recordingmanager.exe2
Report Id: recordingmanager.exe3

Error: (05/24/2015 09:38:59 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program IEXPLORE.EXE version 11.0.9600.16428 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: 200

Start Time: 01d0968b78fdd217

Termination Time: 20

Application Path: C:\Program Files\Internet Explorer\IEXPLORE.EXE

Report Id: c9e08d68-027e-11e5-ab15-00266c3c43f3

Error: (05/24/2015 09:38:10 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: IEXPLORE.EXE, version: 11.0.9600.16428, time stamp: 0x525b66f7
Faulting module name: rndlbrowserrecordplugin64.dll, version: 17.0.15.1, time stamp: 0x544b5bcc
Exception code: 0xc0000005
Fault offset: 0x000000000000b4b9
Faulting process id: 0x1460
Faulting application start time: 0xIEXPLORE.EXE0
Faulting application path: IEXPLORE.EXE1
Faulting module path: IEXPLORE.EXE2
Report Id: IEXPLORE.EXE3

Error: (05/24/2015 09:37:00 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: IEXPLORE.EXE, version: 11.0.9600.16428, time stamp: 0x525b66f7
Faulting module name: rndlbrowserrecordplugin64.dll, version: 17.0.15.1, time stamp: 0x544b5bcc
Exception code: 0xc0000005
Fault offset: 0x000000000000b4b9
Faulting process id: 0x187c
Faulting application start time: 0xIEXPLORE.EXE0
Faulting application path: IEXPLORE.EXE1
Faulting module path: IEXPLORE.EXE2
Report Id: IEXPLORE.EXE3

System errors:
=============
Error: (05/25/2015 02:44:45 PM) (Source: Microsoft-Windows-DNS-Client) (EventID: 1012) (User: NT AUTHORITY)
Description: There was an error while attempting to read the local hosts file.

Error: (05/25/2015 02:44:45 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Voltage Article service failed to start due to the following error:
%%2

Error: (05/25/2015 05:49:29 AM) (Source: Microsoft-Windows-DNS-Client) (EventID: 1012) (User: NT AUTHORITY)
Description: There was an error while attempting to read the local hosts file.

Error: (05/24/2015 09:30:10 PM) (Source: Disk) (EventID: 11) (User: )
Description: The driver detected a controller error on \Device\Harddisk1\DR2.

Error: (05/24/2015 09:06:02 PM) (Source: Microsoft-Windows-DNS-Client) (EventID: 1012) (User: NT AUTHORITY)
Description: There was an error while attempting to read the local hosts file.

Error: (05/24/2015 08:18:19 PM) (Source: Microsoft-Windows-DNS-Client) (EventID: 1012) (User: NT AUTHORITY)
Description: There was an error while attempting to read the local hosts file.

Error: (05/24/2015 07:06:44 PM) (Source: Microsoft-Windows-DNS-Client) (EventID: 1012) (User: NT AUTHORITY)
Description: There was an error while attempting to read the local hosts file.

Error: (05/24/2015 03:44:44 PM) (Source: Microsoft-Windows-DNS-Client) (EventID: 1012) (User: NT AUTHORITY)
Description: There was an error while attempting to read the local hosts file.

Error: (05/24/2015 03:44:42 PM) (Source: Microsoft-Windows-DNS-Client) (EventID: 1012) (User: NT AUTHORITY)
Description: There was an error while attempting to read the local hosts file.

Error: (05/24/2015 03:44:42 PM) (Source: Microsoft-Windows-DNS-Client) (EventID: 1012) (User: NT AUTHORITY)
Description: There was an error while attempting to read the local hosts file.

Microsoft Office:
=========================

CodeIntegrity Errors:
===================================
  Date: 2015-05-17 02:40:11.170
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\BubbleSound\BubbleSound.dll because the set of per-page image hashes could not be found on the system.

  Date: 2015-05-17 02:40:06.358
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\BubbleSound\BubbleSound.dll because the set of per-page image hashes could not be found on the system.

  Date: 2015-05-17 02:40:06.160
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\BubbleSound\BubbleSound.dll because the set of per-page image hashes could not be found on the system.

  Date: 2015-05-17 02:39:25.189
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\BubbleSound\BubbleSound.dll because the set of per-page image hashes could not be found on the system.

  Date: 2015-05-17 02:38:58.782
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\BubbleSound\BubbleSound.dll because the set of per-page image hashes could not be found on the system.

  Date: 2015-05-17 02:37:22.300
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\BubbleSound\BubbleSound.dll because the set of per-page image hashes could not be found on the system.

  Date: 2015-05-17 02:36:57.086
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\BubbleSound\BubbleSound.dll because the set of per-page image hashes could not be found on the system.

  Date: 2015-05-17 02:36:41.992
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\BubbleSound\BubbleSound.dll because the set of per-page image hashes could not be found on the system.

  Date: 2015-05-17 02:28:30.695
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\BubbleSound\BubbleSound.dll because the set of per-page image hashes could not be found on the system.

  Date: 2015-05-17 02:28:30.410
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\BubbleSound\BubbleSound.dll because the set of per-page image hashes could not be found on the system.

==================== Memory info ===========================

Processor: Pentium® Dual-Core CPU T4400 @ 2.20GHz
Percentage of memory in use: 53%
Total physical RAM: 2939.99 MB
Available physical RAM: 1373.17 MB
Total Pagefile: 5878.16 MB
Available Pagefile: 3808.77 MB
Total Virtual: 8192 MB
Available Virtual: 8191.85 MB

==================== Drives ================================

Drive c: (TI105487W0B) (Fixed) (Total:287.55 GB) (Free:128.82 GB) NTFS ==>[System with boot components (obtained from reading drive)]
Drive f: (FreeAgent GoFlex Drive) (Fixed) (Total:1863.01 GB) (Free:48.35 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or Vista) (Size: 298.1 GB) (Disk ID: 29ADC161)
Partition 1: (Active) - (Size=1.5 GB) - (Type=27)
Partition 2: (Not Active) - (Size=287.6 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=9.1 GB) - (Type=17)

========================================================
Disk: 1 (Size: 1863 GB) (Disk ID: A4B57300)
Partition 1: (Not Active) - (Size=1863 GB) - (Type=07 NTFS)

==================== End of log ============================


It's running much better now. Thank you.

 

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 25-05-2015
Ran by Ginny (administrator) on GINNY-PC on 25-05-2015 16:22:35
Running from C:\Users\Ginny\Desktop
Loaded Profiles: Ginny (Available Profiles: Ginny)
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: English (United States)
Internet Explorer Version 11 (Default browser: IE)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe
() C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe
(RealNetworks, Inc.) C:\Program Files (x86)\Real\RealPlayer\RPDS\Bin\rpdsvc.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\Power Saver\TPwrMain.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\SmoothView\SmoothView.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe
(Intel Corporation) C:\Windows\System32\igfxsrvc.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\TECO\Teco.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\BulletinBoard\TosNcCore.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\ReelTime\TosReelTimeMonitor.exe
(RealNetworks, Inc.) C:\Program Files (x86)\Real\RealPlayer\RPDS\Bin64\rpsystray.exe
() C:\Program Files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe
(RealNetworks, Inc.) C:\Program Files (x86)\Real\RealPlayer\Update\realsched.exe
() C:\Program Files (x86)\RealNetworks\RealDownloader\downloader2.exe
() C:\Program Files (x86)\Real\UpdateService\RealPlayerUpdateSvc.exe
(TOSHIBA Corporation) C:\Windows\System32\TODDSrv.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\TECO\TecoService.exe
(Intel Corporation) C:\Windows\System32\igfxext.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Piriform Ltd) C:\Program Files\CCleaner\CCleaner64.exe
(Yahoo! Inc.) C:\Program Files (x86)\Yahoo!\Messenger\Ymsgr_tray.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Google Inc.) C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbarUser_32.exe
(TOSHIBA CORPORATION) C:\Program Files (x86)\Toshiba\ConfigFree\NDSTray.exe
(TOSHIBA CORPORATION) C:\Program Files (x86)\Toshiba\ConfigFree\CFSwMgr.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\TPHM\TPCHSrv.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\TPHM\TPCHWMsg.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSENotify.exe
(TOSHIBA CORPORATION) C:\Program Files (x86)\Toshiba\ConfigFree\CFIWmxSvcs64.exe
(TOSHIBA CORPORATION) C:\Program Files (x86)\Toshiba\ConfigFree\CFProcSRVC.exe
(TOSHIBA CORPORATION) C:\Program Files (x86)\Toshiba\ConfigFree\CFSvcs.exe
(RealNetworks, Inc.) C:\Program Files (x86)\RealNetworks\RealDownloader\recordingmanager.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe

==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [] => [X]
HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [7982112 2009-07-29] (Realtek Semiconductor)
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [1815848 2009-07-20] (Synaptics Incorporated)
HKLM\...\Run: [TPwrMain] => C:\Program Files\TOSHIBA\Power Saver\TPwrMain.EXE [497504 2009-08-05] (TOSHIBA Corporation)
HKLM\...\Run: [SmoothView] => C:\Program Files\Toshiba\SmoothView\SmoothView.exe [508216 2009-07-28] (TOSHIBA Corporation)
HKLM\...\Run: [00TCrdMain] => C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe [909624 2009-08-05] (TOSHIBA Corporation)
HKLM\...\Run: [TosWaitSrv] => C:\Program Files\TOSHIBA\TPHM\TosWaitSrv.exe [711000 2009-08-04] (TOSHIBA Corporation)
HKLM\...\Run: [Teco] => C:\Program Files\TOSHIBA\TECO\Teco.exe [1482080 2009-08-11] (TOSHIBA Corporation)
HKLM\...\Run: [SmartFaceVWatcher] => C:\Program Files\Toshiba\SmartFaceV\SmartFaceVWatcher.exe [238080 2009-07-29] (TOSHIBA Corporation)
HKLM\...\Run: [TosSENotify] => C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosWaitSrv.exe [709976 2009-08-03] (TOSHIBA Corporation)
HKLM\...\Run: [TosNC] => C:\Program Files\Toshiba\BulletinBoard\TosNcCore.exe [595816 2009-10-28] (TOSHIBA Corporation)
HKLM\...\Run: [TosReelTimeMonitor] => C:\Program Files\TOSHIBA\ReelTime\TosReelTimeMonitor.exe [34648 2009-10-29] (TOSHIBA Corporation)
HKLM\...\Run: [shopperz64] => C:\Program Files\shopperz\wrex64.exe
HKLM-x32\...\Run: [TWebCamera] => C:\Program Files (x86)\TOSHIBA\TOSHIBA Web Camera Application\TWebCamera.exe [2446648 2009-08-11] (TOSHIBA CORPORATION.)
HKLM-x32\...\Run: [Desktop Disc Tool] => C:\Program Files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe [498160 2009-07-13] ()
HKLM-x32\...\Run: [TkBellExe] => C:\Program Files (x86)\Real\RealPlayer\Update\realsched.exe [296520 2015-03-07] (RealNetworks, Inc.)
HKLM-x32\...\Run: [RealDownloader] => C:\Program Files (x86)\RealNetworks\RealDownloader\downloader2.exe [560192 2014-10-29] ()
HKLM-x32\...\Run: [Adobe Reader Speed Launcher] => C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe [35696 2009-02-27] (Adobe Systems Incorporated)
Winlogon\Notify\igfxcui: C:\windows\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-494707120-3277395189-1778691621-1000\...\Run: [swg] => C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [39408 2009-11-12] (Google Inc.)
HKU\S-1-5-21-494707120-3277395189-1778691621-1000\...\Run: [Messenger (Yahoo!)] => C:\Program Files (x86)\Yahoo!\Messenger\YahooMessenger.exe [6595928 2012-05-25] (Yahoo! Inc.)
HKU\S-1-5-21-494707120-3277395189-1778691621-1000\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [7416088 2015-02-19] (Piriform Ltd)
HKU\S-1-5-18\...\RunOnce: [SPReview] => C:\windows\System32\SPReview\SPReview.exe [301568 2015-03-03] (Microsoft Corporation)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\RealPlayer Cloud Service UI.lnk [2015-03-07]
ShortcutTarget: RealPlayer Cloud Service UI.lnk -> C:\Program Files (x86)\Real\RealPlayer\RPDS\Bin64\rpsystray.exe (RealNetworks, Inc.)
Startup: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Best Buy pc app.lnk [2015-03-01]
ShortcutTarget: Best Buy pc app.lnk -> C:\ProgramData\Best Buy pc app\ClickOnceSetup.exe (No File)
Startup: C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Best Buy pc app.lnk [2015-03-01]
ShortcutTarget: Best Buy pc app.lnk -> C:\ProgramData\Best Buy pc app\ClickOnceSetup.exe (No File)
Startup: C:\Users\Ginny\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\hqghumeaylnlf.lnk [2015-05-16]
ShortcutTarget: hqghumeaylnlf.lnk -> C:\ProgramData\{b692dcdd-4424-2c32-b692-2dcdd4427375}\hqghumeaylnlf.exe (No File)
Startup: C:\Users\Ginny\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Wipe Tray Agent.lnk [2015-05-17]
ShortcutTarget: Wipe Tray Agent.lnk -> C:\Program Files\Wipe\Wipe.exe (No File)
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKU\S-1-5-21-494707120-3277395189-1778691621-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Local Page =
HKU\S-1-5-21-494707120-3277395189-1778691621-1000\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.yahoo.com/
SearchScopes: HKLM -> {0b4d26f6-61a8-4463-99dd-5f2fe0400fa6} URL =
SearchScopes: HKLM -> {C8BB6DE4-E445-4311-AA0B-6BAD3CE44222} URL = http://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7TSNA
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-494707120-3277395189-1778691621-1000 -> DefaultScope {C8BB6DE4-E445-4311-AA0B-6BAD3CE44222} URL =
SearchScopes: HKU\S-1-5-21-494707120-3277395189-1778691621-1000 -> {C8BB6DE4-E445-4311-AA0B-6BAD3CE44222} URL =
BHO: RealNetworks Download and Record Plugin for Internet Explorer -> {3049C3E9-B461-4BC5-8870-4C09146192CA} -> C:\Program Files (x86)\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin64.dll [2014-10-27] (RealDownloader)
BHO: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2015-03-04] (Google Inc.)
BHO: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll [2014-07-14] (Microsoft Corporation)
BHO: Google Toolbar Notifier BHO -> {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} -> C:\Program Files\Google\GoogleToolbarNotifier\5.10.11023.1534\swg64.dll [2015-03-04] (Google Inc.)
BHO-x32: Adobe PDF Link Helper -> {18DF081C-E8AD-4283-A596-FA578C2EBDC3} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2009-02-27] (Adobe Systems Incorporated)
BHO-x32: RealNetworks Download and Record Plugin for Internet Explorer -> {3049C3E9-B461-4BC5-8870-4C09146192CA} -> C:\Program Files (x86)\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin.dll [2014-10-27] (RealDownloader)
BHO-x32: No Name -> {5C255C8A-E604-49b4-9D64-90988571CECB} ->  No File
BHO-x32: Windows Live Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-01-22] (Microsoft Corporation)
BHO-x32: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll [2015-03-04] (Google Inc.)
BHO-x32: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2014-07-14] (Microsoft Corporation)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll [2009-11-12] (Sun Microsystems, Inc.)
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2015-03-04] (Google Inc.)
Toolbar: HKLM-x32 - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll [2015-03-04] (Google Inc.)
Toolbar: HKU\S-1-5-21-494707120-3277395189-1778691621-1000 -> Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2015-03-04] (Google Inc.)
Handler-x32: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll [2009-07-26] (Microsoft Corporation)
Handler-x32: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll [2009-07-26] (Microsoft Corporation)
Handler: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll [2014-07-14] (Microsoft Corporation)
Handler-x32: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2014-07-14] (Microsoft Corporation)
Hosts: Hosts file not detected in the default directory
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1 209.18.47.61 209.18.47.62

FireFox:
========
FF ProfilePath: C:\Users\Ginny\AppData\Roaming\Mozilla\Firefox\Profiles\ay8mqpk8.default-1425701412547
FF Plugin: @bestbuy.com/npBestBuyPcAppDetector,version=1.0 -> C:\ProgramData\Best Buy pc app\npBestBuyPcAppDetector.dll No File
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @bestbuy.com/npBestBuyPcAppDetector,version=1.0 -> C:\ProgramData\Best Buy pc app\npBestBuyPcAppDetector.dll No File
FF Plugin-x32: @messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6 -> C:\Program Files (x86)\Yahoo!\Shared\npYState.dll [2012-05-25] (Yahoo! Inc.)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\3.0.40624.0\npctrl.dll [2009-06-24] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=14.0.8081.0709 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2009-07-10] (Microsoft Corporation)
FF Plugin-x32: @real.com/nppl3260;version=17.0.15.10 -> C:\Program Files (x86)\Real\RealPlayer\Netscape6\nppl3260.dll [2015-03-07] (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprndlhtml5videoshim;version=17.0.15 -> C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlhtml5videoshim.dll [2014-10-27] (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprpplugin;version=17.0.15.10 -> C:\Program Files (x86)\Real\RealPlayer\Netscape6\nprpplugin.dll [2015-03-07] (RealPlayer Cloud)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-02-28] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-02-28] (Google Inc.)
FF Extension: Ge-Force - C:\Users\Ginny\AppData\Roaming\Mozilla\Firefox\Profiles\ay8mqpk8.default-1425701412547\Extensions\TTSD90021300@PYDKGV101145942.com [2015-05-17]
FF Extension: Firefox Helper Tool - C:\Program Files (x86)\Mozilla Firefox\distribution\bundles\8526c86a0cae50f276bc2203927fee03 [2015-04-25]
FF Extension: Firefox Helper - C:\Program Files (x86)\Mozilla Firefox\distribution\bundles\882acb6c0dae4ff077bc2103917fed03 [2015-03-06]
FF HKLM-x32\...\Firefox\Extensions: [{338950EA-82DB-44C1-930D-0C28E023C9F0}] - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext
FF Extension: RealDownloader - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext [2015-03-07]
FF HKLM-x32\...\Firefox\Extensions: [{ABDE892B-13A8-4d1b-88E6-365A6E755758}] - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 c2cautoupdatesvc; C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [1390176 2014-07-14] (Microsoft Corporation)
R2 c2cpnrsvc; C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [1767520 2014-07-14] (Microsoft Corporation)
R2 RealNetworks Downloader Resolver Service; C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe [39568 2014-10-27] ()
R2 RealPlayer Cloud Service; C:\Program Files (x86)\Real\RealPlayer\RPDS\Bin\rpdsvc.exe [1141848 2015-03-07] (RealNetworks, Inc.)
R2 RealPlayerUpdateSvc; C:\Program Files (x86)\Real\UpdateService\RealPlayerUpdateSvc.exe [31856 2014-10-30] ()
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)
S2 hukylyqu; C:\Users\Ginny\AppData\Roaming\A0249120-1431834439-DE11-BBA9-00266C3C43F3\nsm6043.tmpfs [X]

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S3 trufos; C:\Windows\System32\drivers\trufos.sys [350160 2015-05-17] (BitDefender S.R.L.)
S3 EsgScanner; system32\DRIVERS\EsgScanner.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-05-25 16:22 - 2015-05-25 16:23 - 00017391 _____ () C:\Users\Ginny\Desktop\FRST.txt
2015-05-25 16:22 - 2015-05-25 16:22 - 00000000 ____D () C:\Users\Ginny\Desktop\FRST-OlderVersion
2015-05-25 16:18 - 2015-05-25 16:18 - 00079152 _____ () C:\Users\Ginny\AppData\Local\GDIPFONTCACHEV1.DAT
2015-05-23 18:56 - 2015-05-23 18:56 - 00000207 _____ () C:\windows\tweaking.com-regbackup-GINNY-PC-Windows-7-Home-Premium-(64-bit).dat
2015-05-23 18:56 - 2015-05-23 18:56 - 00000000 ____D () C:\RegBackup
2015-05-23 18:55 - 2015-05-23 18:55 - 02720636 _____ (Thisisu) C:\Users\Ginny\Desktop\JRT.exe
2015-05-20 16:36 - 2015-05-23 18:52 - 00000000 ____D () C:\AdwCleaner
2015-05-20 14:34 - 2015-05-20 14:34 - 00852639 _____ () C:\Users\Ginny\Desktop\SecurityCheck.exe
2015-05-19 19:15 - 2015-05-25 16:22 - 02108928 _____ (Farbar) C:\Users\Ginny\Desktop\FRST64.exe
2015-05-19 19:14 - 2015-05-25 16:22 - 00000000 ____D () C:\FRST
2015-05-19 08:22 - 2015-05-25 14:48 - 00045915 ____N () C:\windows\WindowsUpdate.log
2015-05-18 20:45 - 2015-05-23 07:09 - 00000000 ____D () C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2015-05-18 20:43 - 2015-05-23 07:09 - 00000000 ____D () C:\Users\Ginny\Desktop\mbar
2015-05-18 17:37 - 2015-05-18 17:37 - 00000945 _____ () C:\Users\Public\Desktop\Removal Tool.lnk
2015-05-18 17:37 - 2015-05-18 17:37 - 00000000 ____D () C:\Users\Ginny\AppData\Roaming\9-lab
2015-05-18 17:37 - 2015-05-18 17:37 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\9-lab Removal Tool
2015-05-18 17:37 - 2015-05-18 17:37 - 00000000 ____D () C:\ProgramData\9-lab
2015-05-18 17:37 - 2015-05-18 17:37 - 00000000 ____D () C:\Program Files\9-lab
2015-05-18 14:53 - 2015-05-18 14:53 - 00000000 ____D () C:\Program Files (x86)\Setup Support for Consumer Input
2015-05-17 18:01 - 2015-05-25 14:44 - 00000330 _____ () C:\windows\Tasks\LMVHRTEJX1.job
2015-05-17 18:01 - 2015-05-18 16:28 - 00000000 ____D () C:\ProgramData\04741f5cd84a49bcb1c2ee8c75c31c52
2015-05-17 18:01 - 2015-05-17 18:01 - 00003558 _____ () C:\windows\System32\Tasks\NCCQRI
2015-05-17 18:01 - 2015-05-17 18:01 - 00002852 _____ () C:\windows\System32\Tasks\LMVHRTEJX1
2015-05-17 18:01 - 2015-05-17 18:01 - 00000000 ____D () C:\ProgramData\28341ff220e0446c9fff27c4493d622e
2015-05-17 16:45 - 2015-05-17 16:45 - 00000000 ____D () C:\Program Files (x86)\ESET
2015-05-17 16:44 - 2015-05-17 16:44 - 02347384 _____ (ESET) C:\Users\Ginny\Desktop\esetsmartinstaller_enu.exe
2015-05-17 16:31 - 2015-05-17 16:39 - 00000000 ____D () C:\Users\Ginny\AppData\Roaming\ZHP
2015-05-17 16:31 - 2015-05-17 16:31 - 00000803 _____ () C:\Users\Ginny\Desktop\ZHPCleaner.lnk
2015-05-17 16:22 - 2015-05-18 16:26 - 00000000 ____D () C:\Program Files\Adware-Removal-Tool
2015-05-17 16:22 - 2015-05-17 16:22 - 00290304 _____ (Microsoft Corporation) C:\windows\SysWOW64\subinacl.exe
2015-05-17 13:50 - 2015-05-17 13:50 - 00000000 ____D () C:\Users\Ginny\AppData\Local\Zemana
2015-05-17 03:38 - 2015-05-17 03:39 - 16108197 _____ () C:\windows\REGBK00.ZIP
2015-05-17 03:37 - 2015-05-17 03:37 - 00000000 ____D () C:\windows\VDLL.DLL
2015-05-17 03:37 - 2015-05-17 03:37 - 00000000 ____D () C:\windows\SysWOW64\runouce.exe
2015-05-17 03:37 - 2015-05-17 03:37 - 00000000 ____D () C:\windows\rundll16.exe
2015-05-17 03:37 - 2015-05-17 03:37 - 00000000 ____D () C:\windows\RUNDL132.EXE
2015-05-17 03:37 - 2015-05-17 03:37 - 00000000 ____D () C:\windows\logo1_.exe
2015-05-17 03:37 - 2015-05-17 03:37 - 00000000 ____D () C:\windows\logo_1.exe
2015-05-17 03:32 - 2015-05-17 03:37 - 00000056 _____ () C:\windows\Lic.xxx
2015-05-17 03:31 - 2015-05-17 03:31 - 00655872 _____ (Microsoft Corporation) C:\windows\SysWOW64\msvcr90.dll
2015-05-17 03:31 - 2015-05-17 03:31 - 00632064 _____ (Microsoft Corporation) C:\windows\SysWOW64\msvcr80.dll
2015-05-17 03:31 - 2015-05-17 03:31 - 00572928 _____ (Microsoft Corporation) C:\windows\SysWOW64\msvcp90.dll
2015-05-17 03:31 - 2015-05-17 03:31 - 00554240 _____ (Microsoft Corporation) C:\windows\SysWOW64\msvcp80.dll
2015-05-17 03:31 - 2015-05-17 03:31 - 00350160 _____ (BitDefender S.R.L.) C:\windows\system32\Drivers\trufos.sys
2015-05-17 03:31 - 2015-05-17 03:31 - 00156392 _____ (MicroWorld Technologies Inc.) C:\windows\SysWOW64\eEmpty.exe
2015-05-17 03:30 - 2015-05-17 03:30 - 00000000 ____D () C:\ProgramData\MicroWorld
2015-05-17 03:19 - 2015-05-17 17:39 - 00000000 ____D () C:\Program Files (x86)\System Ninja
2015-05-17 02:52 - 2015-05-18 16:59 - 00000000 ____D () C:\Users\Ginny\AppData\Roaming\A0249120-1431845576-DE11-BBA9-00266C3C43F3
2015-05-17 02:50 - 2015-05-17 02:50 - 00003592 _____ () C:\windows\System32\Tasks\SMWUpd
2015-05-17 01:34 - 2015-05-17 01:34 - 00000000 ____N () C:\autoexec.bat
2015-05-17 01:33 - 2015-05-17 01:33 - 00003326 _____ () C:\windows\System32\Tasks\SpyHunter4Startup
2015-05-17 01:18 - 2015-05-17 01:18 - 00001023 _____ () C:\windows\SysWOW64\${LOGFILE}
2015-05-17 01:04 - 2015-05-17 01:04 - 00000000 ____D () C:\263d21bb391d7b9137729bff0787ef
2015-05-17 00:55 - 2015-05-17 03:26 - 00000000 ____D () C:\Users\Ginny\AppData\Roaming\A0249120-1431838549-DE11-BBA9-00266C3C43F3
2015-05-17 00:25 - 2015-05-17 00:37 - 00000000 ___HD () C:\ProgramData\exh
2015-05-17 00:00 - 2015-05-16 12:41 - 00048776 _____ (StdLib) C:\windows\system32\Drivers\{11944e07-3e46-4956-b8c7-7e52c7a44c1d}Gw64.sys.mwt
2015-05-16 23:56 - 2015-05-25 14:44 - 00000986 _____ () C:\windows\Tasks\HdSbqI7.job
2015-05-16 23:56 - 2015-05-16 23:56 - 00004012 _____ () C:\windows\System32\Tasks\HdSbqI7
2015-05-16 23:51 - 2015-05-17 02:56 - 00000004 _____ () C:\windows\SysWOW64\029B560A371F4E00AB32838EBC01B9E7
2015-05-16 23:47 - 2015-05-18 16:59 - 00000000 ____D () C:\Users\Ginny\AppData\Roaming\A0249120-1431834439-DE11-BBA9-00266C3C43F3
2015-05-16 23:47 - 2015-05-16 23:47 - 00631296 _____ () C:\windows\exh.dat
2015-05-16 23:47 - 2015-05-16 23:47 - 00408576 _____ () C:\windows\mexh.exe.mwt
2015-05-16 23:47 - 2009-06-10 17:00 - 00000824 _____ () C:\windows\system32\Drivers\etc\hp.bak
2015-05-16 23:40 - 2015-05-25 14:44 - 00001014 _____ () C:\windows\Tasks\yH9F810Vs7KCokgfyEYHj.job
2015-05-16 23:40 - 2015-05-25 14:44 - 00000330 _____ () C:\windows\Tasks\QHWXXQN1.job
2015-05-16 23:40 - 2015-05-18 16:29 - 00000000 ____D () C:\Users\Ginny\AppData\Local\B304F891-C1A0-A742-8BFE-6D159B2B06C2
2015-05-16 23:40 - 2015-05-16 23:40 - 00004040 _____ () C:\windows\System32\Tasks\yH9F810Vs7KCokgfyEYHj
2015-05-16 23:40 - 2015-05-16 23:40 - 00003558 _____ () C:\windows\System32\Tasks\RMYGRR
2015-05-16 23:40 - 2015-05-16 23:40 - 00002852 _____ () C:\windows\System32\Tasks\QHWXXQN1
2015-05-16 23:39 - 2015-05-16 23:39 - 00000064 _____ () C:\Users\Ginny\AppData\Local\8287343cd1ae64b0329f8f2e03f1c8e4
2015-05-16 23:38 - 2015-05-16 23:38 - 00000000 ____D () C:\Users\Ginny\Documents\vlc
2015-05-16 20:01 - 2015-05-16 20:01 - 00000000 ____D () C:\Program Files (x86)\GUM3B9F.tmp
2015-05-06 06:58 - 2015-05-06 06:58 - 00000000 ____D () C:\Users\Public\Documents\Downloaded Installers
2015-05-05 07:00 - 2015-05-18 16:27 - 00000000 ____D () C:\Program Files (x86)\Megasoft Security
2015-04-29 07:58 - 2015-04-29 07:58 - 00000000 ____D () C:\Program Files (x86)\Windows Resource Kits

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-05-25 16:22 - 2015-03-01 09:41 - 00000000 ____D () C:\Users\Ginny\AppData\Roaming\Azureus
2015-05-25 16:10 - 2015-02-28 20:47 - 00000898 _____ () C:\windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-05-25 16:09 - 2015-03-05 20:15 - 00000830 _____ () C:\windows\Tasks\Adobe Flash Player Updater.job
2015-05-25 14:52 - 2009-07-14 00:45 - 00015792 ____H () C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-05-25 14:52 - 2009-07-14 00:45 - 00015792 ____H () C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-05-25 14:49 - 2009-07-14 01:13 - 00743352 _____ () C:\windows\system32\PerfStringBackup.INI
2015-05-25 14:44 - 2015-02-28 20:47 - 00000894 _____ () C:\windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-05-25 14:44 - 2009-07-14 01:08 - 00000006 ____H () C:\windows\Tasks\SA.DAT
2015-05-24 22:18 - 2009-07-13 23:20 - 00000000 ____D () C:\windows\system32\NDF
2015-05-24 15:45 - 2015-02-28 20:44 - 00000000 ____D () C:\Users\Ginny\AppData\Roaming\Skype
2015-05-23 06:43 - 2015-03-07 06:41 - 00136408 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\MBAMSwissArmy.sys
2015-05-23 06:43 - 2015-03-01 00:21 - 00107736 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\mbamchameleon.sys
2015-05-20 16:40 - 2015-03-01 09:19 - 00001072 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2015-05-20 16:40 - 2015-03-01 09:19 - 00001060 _____ () C:\Users\Public\Desktop\Mozilla Firefox.lnk
2015-05-20 16:40 - 2015-02-28 20:34 - 00001183 _____ () C:\Users\Ginny\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2015-05-20 14:24 - 2009-07-13 22:34 - 00000922 _____ () C:\windows\win.ini
2015-05-19 07:38 - 2015-03-02 11:03 - 00073728 _____ () C:\windows\SysWOW64\tasks.dll
2015-05-19 07:01 - 2009-07-14 01:37 - 00000000 ____D () C:\windows\DigitalLocker
2015-05-18 16:27 - 2009-07-13 23:20 - 00000000 ____D () C:\Program Files\Common Files\System
2015-05-18 16:26 - 2015-03-06 16:33 - 00000000 ____D () C:\6f752f6e-ddf8-4bae-80c5-abc6de917856
2015-05-16 20:05 - 2015-02-28 20:47 - 00003894 _____ () C:\windows\System32\Tasks\GoogleUpdateTaskMachineUA
2015-05-16 20:05 - 2015-02-28 20:47 - 00003642 _____ () C:\windows\System32\Tasks\GoogleUpdateTaskMachineCore
2015-05-10 21:31 - 2009-07-14 01:08 - 00032574 _____ () C:\windows\Tasks\SCHEDLGU.TXT
2015-05-10 02:52 - 2015-03-31 18:06 - 00000000 ____D () C:\windows\Minidump
2015-05-06 08:11 - 2015-02-28 20:43 - 00000000 ___RD () C:\Program Files (x86)\Skype
2015-05-06 08:11 - 2015-02-28 20:43 - 00000000 ____D () C:\ProgramData\Skype

==================== Files in the root of some directories =======

2015-03-29 05:57 - 2015-03-29 05:57 - 0009662 _____ () C:\Users\Ginny\AppData\Roaming\em_64x64.ico
2015-03-01 00:25 - 2015-03-07 04:26 - 0000126 _____ () C:\Users\Ginny\AppData\Roaming\WB.CFG
2015-03-18 16:38 - 2015-04-07 16:23 - 0000572 _____ () C:\Users\Ginny\AppData\Roaming\wklnhst.dat
2015-05-16 23:39 - 2015-05-16 23:39 - 0000064 _____ () C:\Users\Ginny\AppData\Local\8287343cd1ae64b0329f8f2e03f1c8e4
2015-03-02 20:49 - 2015-03-02 20:49 - 0274045 _____ () C:\Users\Ginny\AppData\Local\dsi1.dat
2015-03-02 20:49 - 2015-03-02 20:49 - 0161916 _____ () C:\Users\Ginny\AppData\Local\dsi2.dat

Some files in TEMP:
====================
C:\Users\Ginny\AppData\Local\Temp\i4jdel0.exe

Some zero byte size files/folders:
==========================
C:\Windows\logo1_.exe
C:\Windows\logo_1.exe
C:\Windows\RUNDL132.EXE
C:\Windows\rundll16.exe
C:\Windows\VDLL.DLL
C:\Windows\SysWOW64\runouce.exe

==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2015-05-04 00:20

==================== End of log ============================

 

 

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 25-05-2015
Ran by Ginny at 2015-05-25 16:24:16
Running from C:\Users\Ginny\Desktop
Boot Mode: Normal
==========================================================

==================== Accounts: =============================

Administrator (S-1-5-21-494707120-3277395189-1778691621-500 - Administrator - Disabled)
Ginny (S-1-5-21-494707120-3277395189-1778691621-1000 - Administrator - Enabled) => C:\Users\Ginny
Guest (S-1-5-21-494707120-3277395189-1778691621-501 - Limited - Disabled)

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

9-lab Removal Tool (HKLM-x32\...\9-lab Removal Tool) (Version:  - )
Adobe Flash Player 17 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 17.0.0.169 - Adobe Systems Incorporated)
Adobe Reader 9.1 (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-A91000000001}) (Version: 9.1.0 - Adobe Systems Incorporated)
Best Buy pc app (Version: 3.2.2.1 - Best Buy) Hidden
Best Buy pc app (x32 Version: 3.2.2.1 - Best Buy) Hidden
CCleaner (HKLM\...\CCleaner) (Version: 5.03 - Piriform)
Compatibility Pack for the 2007 Office system (HKLM-x32\...\{90120000-0020-0409-0000-0000000FF1CE}) (Version: 12.0.4518.1014 - Microsoft Corporation)
Consumer Input Update Helper (x32 Version: 1.3.25.309 - Compete Inc.) Hidden <==== ATTENTION
ESET Online Scanner v3 (HKLM-x32\...\ESET Online Scanner) (Version:  - )
Google Toolbar for Internet Explorer (HKLM-x32\...\{2318C2B1-4965-11d4-9B18-009027A5CD4F}) (Version: 7.5.6227.252 - Google Inc.)
Google Toolbar for Internet Explorer (x32 Version: 1.0.0 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.27.5 - Google Inc.) Hidden
Idle Crawler (HKLM-x32\...\B304F891-C1A0-A742-8BFE-6D159B2B06C2) (Version: 166.0.0.1703 - GREYSTONE VENTURES LP) <==== ATTENTION
Intel® Graphics Media Accelerator Driver (HKLM\...\HDMI) (Version: 8.15.10.1883 - Intel Corporation)
Intel® Matrix Storage Manager (HKLM\...\{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}) (Version:  - Intel Corporation)
Java™ 6 Update 14 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83216014FF}) (Version: 6.0.140 - Sun Microsystems, Inc.)
Junk Mail filter update (x32 Version: 14.0.8089.726 - Microsoft Corporation) Hidden
Malwarebytes Anti-Malware version 2.0.4.1028 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.4.1028 - Malwarebytes Corporation)
Microsoft .NET Framework 4 Client Profile (HKLM\...\Microsoft .NET Framework 4 Client Profile) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft Office 2007 Service Pack 2 (SP2) (HKLM-x32\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}) (Version:  - Microsoft)
Microsoft Office Home and Student 2007 (HKLM-x32\...\HOMESTUDENTR) (Version: 12.0.6425.1000 - Microsoft Corporation)
Microsoft Office PowerPoint Viewer 2007 (English) (HKLM-x32\...\{95120000-00AF-0409-0000-0000000FF1CE}) (Version: 12.0.4518.1014 - Microsoft Corporation)
Microsoft Office Suite Activation Assistant (HKLM-x32\...\{E50AE784-FABE-46DA-A1F8-7B6B56DCB22E}) (Version: 2.9 - Microsoft Corporation)
Microsoft Silverlight (HKLM-x32\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 3.0.40624.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Works (HKLM-x32\...\{15BC8CD0-A65B-47D0-A2DD-90A824590FA8}) (Version: 9.7.0621 - Microsoft Corporation)
Mozilla Firefox 36.0.1 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 36.0.1 (x86 en-US)) (Version: 36.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 36.0 - Mozilla)
PlayReady PC Runtime amd64 (HKLM\...\{BCA9334F-B6C9-4F65-9A73-AC5A329A4D04}) (Version: 1.3.0 - Microsoft Corporation)
RealDownloader (x32 Version: 17.0.15.4 - RealNetworks, Inc.) Hidden
RealDownloader (x32 Version: 17.0.15.7 - RealNetworks) Hidden
RealNetworks - Microsoft Visual C++ 2008 Runtime (x32 Version: 9.0 - RealNetworks, Inc) Hidden
RealNetworks - Microsoft Visual C++ 2010 Runtime (Version: 10.0 - RealNetworks, Inc) Hidden
RealNetworks - Microsoft Visual C++ 2010 Runtime (x32 Version: 10.0 - RealNetworks, Inc) Hidden
RealPlayer Cloud (HKLM-x32\...\RealPlayer 17.0) (Version: 17.0.15 - RealNetworks)
RealPlayer Packages (HKU\S-1-5-21-494707120-3277395189-1778691621-1000\...\RealPlayer Packages) (Version:  - ) <==== ATTENTION
Realtek Ethernet Controller  Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 1.00.0008 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.5904 - Realtek Semiconductor Corp.)
Realtek USB 2.0 Card Reader (HKLM-x32\...\{96AE7E41-E34E-47D0-AC07-1091A8127911}) (Version: 6.1.7600.30101 - Realtek Semiconductor Corp.)
Realtek WLAN Driver (HKLM-x32\...\{0FB630AB-7BD8-40AE-B223-60397D57C3C9}) (Version: 2.00.0006 - Realtek)
RealUpgrade 1.1 (x32 Version: 1.1.0 - RealNetworks, Inc.) Hidden
Roxio Burn (HKLM-x32\...\{B2E47DE7-800B-40BB-BD1F-9F221C3AEE87}) (Version: 1.2 - Roxio)
Roxio Express Labeler 3 (HKLM-x32\...\{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}) (Version: 3.2.1 - Roxio)
Skype Click to Call (HKLM-x32\...\{6D1221A9-17BF-4EC0-81F2-27D30EC30701}) (Version: 7.3.16540.9015 - Microsoft Corporation)
Skype™ 7.4 (HKLM-x32\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 7.4.102 - Skype Technologies S.A.)
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 13.2.6.1 - Synaptics Incorporated)
TOSHIBA Application Installer (HKLM-x32\...\{970472D0-F5F9-4158-A6E3-1AE49EFEF2D3}) (Version: 9.0.1.0 - TOSHIBA)
TOSHIBA Assist (HKLM-x32\...\{1B87C40B-A60B-4EF3-9A68-706CF4B69978}) (Version: 3.00.10 - TOSHIBA)
TOSHIBA Bulletin Board (HKLM-x32\...\InstallShield_{F64684A0-754B-4637-B7F9-6E8DAA8CD5CD}) (Version: 1.5.05.64 - TOSHIBA Corporation)
TOSHIBA ConfigFree (HKLM-x32\...\{F3529665-D75E-4D6D-98F0-745C78C68E9B}) (Version: 8.0.21 - TOSHIBA Corporation)
TOSHIBA Disc Creator (HKLM\...\{5DA0E02F-970B-424B-BF41-513A5018E4C0}) (Version: 2.1.0.1 for x64 - TOSHIBA Corporation)
TOSHIBA DVD PLAYER (HKLM-x32\...\{6C5F3BDC-0A1B-4436-A696-5939629D5C31}) (Version: 3.01.0.07-A - TOSHIBA Corporation)
TOSHIBA eco Utility (HKLM-x32\...\InstallShield_{B3FF1CD9-B2F0-4D71-BB55-5F580401C48E}) (Version: 1.1.7.64 - TOSHIBA Corporation)
TOSHIBA Extended Tiles for Windows Mobility Center (HKLM-x32\...\InstallShield_{617C36FD-0CBE-4600-84B2-441CEB12FADF}) (Version:  - )
TOSHIBA Face Recognition (HKLM-x32\...\InstallShield_{F67FA545-D8E5-4209-86B1-AEE045D1003F}) (Version: 3.1.0.64 - TOSHIBA Corporation)
TOSHIBA Hardware Setup (HKLM-x32\...\{D0387727-C89D-4774-B643-B9333EAA09DE}) (Version: 2.00.11 - TOSHIBA Corporation)
TOSHIBA HDD/SSD Alert (HKLM-x32\...\InstallShield_{D4322448-B6AF-4316-B859-D8A0E84DCB38}) (Version: 3.1.64.0 - TOSHIBA Corporation)
TOSHIBA Media Controller (HKLM-x32\...\{983CD6FE-8320-4B80-A8F6-0D0366E0AA22}) (Version: 1.0.65 - TOSHIBA CORPORATION)
TOSHIBA PC Health Monitor (HKLM\...\{9DECD0F9-D3E8-48B0-A390-1CF09F54E3A4}) (Version: 1.4.1.64 - TOSHIBA Corporation)
TOSHIBA Quality Application (HKLM-x32\...\{E69992ED-A7F6-406C-9280-1C156417BC49}) (Version: 1.0.1 - TOSHIBA)
TOSHIBA Recovery Media Creator (HKLM\...\{B65BBB06-1F8E-48F5-8A54-B024A9E15FDF}) (Version: 2.1.0.4 for x64 - TOSHIBA Corporation)
TOSHIBA ReelTime (HKLM-x32\...\InstallShield_{5BCC94A1-DEF1-4AB4-8046-BC13048E929A}) (Version: 1.5.07.64 - TOSHIBA Corporation)
TOSHIBA Service Station (HKLM-x32\...\{AC6569FA-6919-442A-8552-073BE69E247A}) (Version: 2.1.33 - TOSHIBA)
TOSHIBA Speech System Applications (HKLM-x32\...\{EE033C1F-443E-41EC-A0E2-559B539A4E4D}) (Version: 1.00.2518 - )
TOSHIBA Speech System SR Engine(U.S.) Version1.0 (HKLM-x32\...\{008D69EB-70FF-46AB-9C75-924620DF191A}) (Version:  - )
TOSHIBA Speech System TTS Engine(U.S.) Version1.0 (HKLM-x32\...\{3FBF6F99-8EC6-41B4-8527-0A32241B5496}) (Version:  - )
TOSHIBA Supervisor Password (HKLM-x32\...\{A208044D-A88B-4ACF-AE95-E4F213E6EDC0}) (Version: 2.00.09 - TOSHIBA Corporation)
TOSHIBA Value Added Package (HKLM-x32\...\InstallShield_{066CFFF8-12BF-4390-A673-75F95EFF188E}) (Version: 1.2.25.64 - TOSHIBA Corporation)
TOSHIBA Web Camera Application (HKLM-x32\...\{5E6F6CF3-BACC-4144-868C-E14622C658F3}) (Version: 1.1.1.4 - TOSHIBA Corporation)
ToshibaRegistration (HKLM-x32\...\{5AF550B4-BB67-4E7E-82F1-2C4300279050}) (Version: 1.0.3 - Toshiba)
UpdateService (x32 Version: 1.0.0 - RealNetworks, Inc.) Hidden
Video Downloader (x32 Version: 1.0.0 - RealNetworks) Hidden
Vuze (HKLM-x32\...\8461-7759-5462-8226) (Version: 5.6.0.0 - Azureus Software, Inc.)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite_Wave3) (Version: 14.0.8089.0726 - Microsoft Corporation)
Windows Live Sign-in Assistant (HKLM-x32\...\{45338B07-A236-4270-9A77-EBB4115517B5}) (Version: 5.000.818.5 - Microsoft Corporation)
Windows Live Sync (HKLM-x32\...\{84EBDF39-4B33-49D7-A0BD-EB6E2C4E81C1}) (Version: 14.0.8089.726 - Microsoft Corporation)
Windows Live Upload Tool (HKLM-x32\...\{205C6BDD-7B73-42DE-8505-9A093F35A238}) (Version: 14.0.8014.1029 - Microsoft Corporation)
Windows Resource Kit Tools - SubInAcl.exe (HKLM-x32\...\{D3EE034D-5B92-4A55-AA02-2E6D0A6A96EE}) (Version: 5.2.3790.1164 - Microsoft Corporation)
Yahoo! Messenger (HKLM-x32\...\Yahoo! Messenger) (Version:  - Yahoo! Inc.)
Yahoo! Software Update (HKLM-x32\...\Yahoo! Software Update) (Version:  - )

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

==================== Restore Points =========================

16-05-2015 23:41:11 Removed WeatherApp
17-05-2015 00:23:37 Removed DriverUpdate

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {02D4C0CE-837B-4E1D-A018-EF8A3775330A} - System32\Tasks\QHWXXQN1 => C:\ProgramData\FlashBeat\FlashBeat.exe <==== ATTENTION
Task: {03542FE5-1886-456D-B4D4-9C428E59BC09} - System32\Tasks\SMWUpd => C:\Program Files\Common Files\Goobzo\GBUpdate\updater.exe <==== ATTENTION
Task: {109B5F5F-C2D6-44E3-A664-FBC42E4DD266} - \ProPCCleaner_Popup No Task File <==== ATTENTION
Task: {16456991-A3E7-49D8-9692-FBC4811C8B47} - System32\Tasks\NCCQRI => C:\ProgramData\04741f5cd84a49bcb1c2ee8c75c31c52\04741f5cd84a49bcb1c2ee8c75c31c52.exe
Task: {1B339F36-72C1-497B-B010-6A3EF9CA011B} - System32\Tasks\RealDownloaderRealUpgradeLogonTaskS-1-5-21-494707120-3277395189-1778691621-1000 => C:\Program Files (x86)\RealNetworks\RealDownloader\RealUpgrade.exe [2014-10-27] (RealNetworks, Inc.)
Task: {1C350AAD-0ADC-46A4-9C85-AF2660795899} - System32\Tasks\RealDownloaderDownloaderScheduledTaskS-1-5-21-494707120-3277395189-1778691621-1000 => C:\Program Files (x86)\RealNetworks\RealDownloader\recordingmanager.exe [2014-10-27] (RealNetworks, Inc.)
Task: {2C6AD8BA-64F7-4DDC-9D6C-BF1CFE4BE645} - \SpeeditUp Update No Task File <==== ATTENTION
Task: {51228C28-D2B7-4835-AF97-EEA1A3154F5A} - System32\Tasks\yH9F810Vs7KCokgfyEYHj => C:\Users\Ginny\AppData\Roaming\yH9F810Vs7KCokgfyEYHj.exe <==== ATTENTION
Task: {55A3E103-ADB3-4287-A28A-02741832DBFB} - System32\Tasks\ConfigFree Startup Programs => C:\Program Files (x86)\TOSHIBA\ConfigFree\NDSTray.exe [2009-07-13] (TOSHIBA CORPORATION)
Task: {5ABE5532-DAE7-487A-874B-8CDE7C0933F1} - System32\Tasks\Microsoft\Windows\Maintenance\Updater for IC => %LOCALAPPDATA%\B304F891-C1A0-A742-8BFE-6D159B2B06C2\Runner.exe <==== ATTENTION
Task: {5D7E9B90-0FE5-43CE-9AB5-1E01ABF275C5} - System32\Tasks\RealDownloaderRealUpgradeScheduledTaskS-1-5-21-494707120-3277395189-1778691621-1000 => C:\Program Files (x86)\RealNetworks\RealDownloader\RealUpgrade.exe [2014-10-27] (RealNetworks, Inc.)
Task: {697E9EE8-7EFF-4D79-9AD4-0BE877C81446} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-02-28] (Google Inc.)
Task: {6F59C9D7-C2A1-45C6-A1F0-7782C6C295BF} - System32\Tasks\Adobe Flash Player Updater => C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-04-14] (Adobe Systems Incorporated)
Task: {88C47C51-389C-448A-AD15-42423930A3EF} - System32\Tasks\SpyHunter4Startup => C:\Program Files\Enigma Software Group\SpyHunter\Spyhunter4.exe
Task: {97CD0FE2-783C-4791-B73F-C1EE8944CAFC} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2015-02-19] (Piriform Ltd)
Task: {A00A5662-F7B0-437D-AF1F-4B30BCA10316} - System32\Tasks\Great Performance Ultimate => C:\Program Files (x86)\PrivateVPN\gpup.exe <==== ATTENTION
Task: {A2B7398C-B471-4248-8001-F2E77FA895AC} - System32\Tasks\Maintenance Updater Schedualer => C:\Program Files (x86)\Maintenance Updater\MaintenanceUpdater.exe [2015-04-08] (Secure Updater)
Task: {A5B48414-83AC-48D4-913B-5708384694BC} - System32\Tasks\LMVHRTEJX1 => C:\ProgramData\FlashBeat\FlashBeat.exe <==== ATTENTION
Task: {A906144C-D6E0-4888-83B4-08155FCC9CDB} - \ProPCCleaner_Start No Task File <==== ATTENTION
Task: {B3F7B1A9-A6D7-41FC-929E-5BAE53F3B88E} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-02-28] (Google Inc.)
Task: {BA82F93B-6A30-4CEA-8C57-CC34C362B83C} - System32\Tasks\RealDownloader Update Check => C:\Program Files (x86)\RealNetworks\RealDownloader\downloader2.exe [2014-10-29] ()
Task: {BC18FD67-4BD1-4EAA-BCA8-4BA1EC44AB45} - \SMW_UpdateTask_Time_323339383739353133312d3437415a556c2a3223346c41 No Task File <==== ATTENTION
Task: {C218E8E8-F04A-46A1-9A44-AC8F6A8C64A7} - System32\Tasks\RMYGRR => C:\ProgramData\41d2ca6adb7c4b5585247b56fff3ec4c\41d2ca6adb7c4b5585247b56fff3ec4c.exe
Task: {EBC2AC81-A963-498F-97EC-CF55674BD3D0} - System32\Tasks\HdSbqI7 => C:\Users\Ginny\AppData\Roaming\HdSbqI7.exe <==== ATTENTION
Task: C:\windows\Tasks\Adobe Flash Player Updater.job => C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\windows\Tasks\HdSbqI7.job => C:\Users\Ginny\AppData\Roaming\HdSbqI7.exe <==== ATTENTION
Task: C:\windows\Tasks\LMVHRTEJX1.job => C:\ProgramData\FlashBeat\FlashBeat.exe <==== ATTENTION
Task: C:\windows\Tasks\QHWXXQN1.job => C:\ProgramData\FlashBeat\FlashBeat.exe <==== ATTENTION
Task: C:\windows\Tasks\yH9F810Vs7KCokgfyEYHj.job => C:\Users\Ginny\AppData\Roaming\yH9F810Vs7KCokgfyEYHj.exe <==== ATTENTION

==================== Loaded Modules (Whitelisted) ==============

2014-10-27 02:59 - 2014-10-27 02:59 - 00039568 _____ () C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe
2009-07-16 19:27 - 2009-07-16 19:27 - 07244600 _____ () C:\Program Files\TOSHIBA\FlashCards\BlackPng.dll
2009-07-16 19:27 - 2009-07-16 19:27 - 00051512 _____ () C:\Program Files\TOSHIBA\FlashCards\Hotkey\FnZ.dll
2009-11-12 22:23 - 2009-06-22 19:40 - 00022328 _____ () C:\Program Files\TOSHIBA\Toshiba Assist\NotifyX.dll
2009-03-12 23:08 - 2009-03-12 23:08 - 00048640 _____ () C:\Program Files (x86)\Toshiba\PCDiag\NotifyPCD.dll
2009-07-25 21:38 - 2009-07-25 21:38 - 00017800 _____ () C:\Program Files\TOSHIBA\TOSHIBA Disc Creator\NotifyTDC.dll
2009-07-13 02:35 - 2009-07-13 02:35 - 00498160 _____ () C:\Program Files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe
2014-10-29 23:06 - 2014-10-29 23:06 - 00560192 _____ () C:\Program Files (x86)\RealNetworks\RealDownloader\downloader2.exe
2014-10-30 09:41 - 2014-10-30 09:41 - 00031856 _____ () C:\Program Files (x86)\Real\UpdateService\RealPlayerUpdateSvc.exe
2009-08-03 22:18 - 2009-08-03 22:18 - 00081752 _____ () C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosIPCWraper.dll
2015-03-07 16:02 - 2015-03-07 16:02 - 00865880 _____ () C:\Program Files (x86)\Real\RealPlayer\RPDS\Plugins\cldplin.dll
2014-10-29 23:01 - 2014-10-29 23:01 - 01382048 _____ () C:\Program Files (x86)\RealNetworks\RealDownloader\cpprest100_1_2.dll
2014-10-30 09:41 - 2014-10-30 09:41 - 00035976 _____ () C:\Program Files (x86)\Real\UpdateService\DL2UpdatePlugin.dll
2014-10-30 09:41 - 2014-10-30 09:41 - 00039560 _____ () C:\Program Files (x86)\Real\UpdateService\RealDownloaderUpdatePlugin.dll
2014-10-30 09:41 - 2014-10-30 09:41 - 00032888 _____ () C:\Program Files (x86)\Real\UpdateService\RPDSUpdatePlugin.dll
2015-03-05 20:15 - 2012-05-25 08:25 - 00921600 _____ () C:\Program Files (x86)\Yahoo!\Messenger\yui.dll
2015-03-07 16:02 - 2015-03-07 16:02 - 00573528 _____ () C:\Program Files (x86)\Real\RealPlayer\RPDS\Lib\r1api.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)

==================== Safe Mode (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

==================== EXE Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)

==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)

==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-494707120-3277395189-1778691621-1000\Control Panel\Desktop\\Wallpaper ->
DNS Servers: 192.168.1.1 - 209.18.47.61

==================== MSCONFIG/TASK MANAGER Error getting ==

(Currently there is no automatic fix for this section.)

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [{BE5693A9-0B75-4D76-99F7-A9DCC9D696FA}] => (Allow) C:\Program Files (x86)\Windows Live\Messenger\wlcsdk.exe
FirewallRules: [{B6F2F9F2-4D4C-44EE-8514-30E380CEF075}] => (Allow) C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe
FirewallRules: [{259B014B-8CA9-405F-9340-537B1220F1D7}] => (Allow) svchost.exe
FirewallRules: [{190BD108-7ED2-4361-9E24-8B082B179026}] => (Allow) C:\Program Files (x86)\Windows Live\Sync\WindowsLiveSync.exe
FirewallRules: [{20EAADF0-9A19-4E82-8B73-3E25BE42E03E}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exe
FirewallRules: [{F9BB8A77-D25F-41AD-9334-C2CD45E3C92B}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{67B933E7-4561-4DF8-B061-D81B5F3B76E4}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [TCP Query User{5184FB8A-D8AE-432A-931B-66387F2CAE17}C:\program files (x86)\mozilla firefox\firefox.exe] => (Allow) C:\program files (x86)\mozilla firefox\firefox.exe
FirewallRules: [UDP Query User{73F80684-B4A2-4830-BC92-AF1FA6482484}C:\program files (x86)\mozilla firefox\firefox.exe] => (Allow) C:\program files (x86)\mozilla firefox\firefox.exe
FirewallRules: [{9A78C205-5A1D-4BDD-A150-991114DBE773}] => (Allow) C:\Program Files (x86)\Yahoo!\Messenger\YahooMessenger.exe
FirewallRules: [{53C8CE7D-8CA6-4272-B9A6-7E0A6C116DB2}] => (Allow) C:\Program Files (x86)\Yahoo!\Messenger\YahooMessenger.exe
FirewallRules: [{22A2096F-ED75-4FB3-97C5-F03E1759728B}] => (Allow) C:\Program Files (x86)\Real\RealPlayer\RPDS\Bin\rpdsvc.exe
FirewallRules: [{3EEEFFC0-5416-4BE2-A0E4-6285CF7252DF}] => (Allow) C:\Program Files (x86)\Vuze\Azureus.exe
FirewallRules: [{DA2A29F9-4E2D-45EF-952A-FDF69A14B126}] => (Allow) C:\Program Files (x86)\Vuze\Azureus.exe
FirewallRules: [{184074F9-7F11-4E8A-8BEE-0D759EE6C7D6}] => (Allow) C:\Program Files (x86)\Crossbrowse\Crossbrowse\Application\crossbrowse.exe

==================== Faulty Device Manager Devices =============

Name: Teredo Tunneling Pseudo-Interface
Description: Microsoft Teredo Tunneling Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: tunnel
Problem: : This device cannot start. (Code10)
Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.

==================== Event log errors: =========================

Application errors:
==================
Error: (05/25/2015 04:06:26 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: Activation context generation failed for "rpshellextension.1.0,language="&#x2a;",type="win32",version="1.0.0.0"1".
Dependent Assembly rpshellextension.1.0,language="&#x2a;",type="win32",version="1.0.0.0" could not be found.
Please use sxstrace.exe for detailed diagnosis.

Error: (05/25/2015 03:14:36 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: recordingmanager.exe, version: 17.0.15.4, time stamp: 0x544ddf47
Faulting module name: ntdll.dll, version: 6.1.7601.18247, time stamp: 0x521ea8e7
Exception code: 0xc0000374
Fault offset: 0x000ce753
Faulting process id: 0xe4c
Faulting application start time: 0xrecordingmanager.exe0
Faulting application path: recordingmanager.exe1
Faulting module path: recordingmanager.exe2
Report Id: recordingmanager.exe3

Error: (05/25/2015 05:10:07 AM) (Source: SideBySide) (EventID: 33) (User: )
Description: Activation context generation failed for "rpshellextension.1.0,language="&#x2a;",type="win32",version="1.0.0.0"1".
Dependent Assembly rpshellextension.1.0,language="&#x2a;",type="win32",version="1.0.0.0" could not be found.
Please use sxstrace.exe for detailed diagnosis.

Error: (05/25/2015 05:03:56 AM) (Source: SideBySide) (EventID: 35) (User: )
Description: Activation context generation failed for "WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1"1".Error in manifest or policy file "WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1"2" on line WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1"3.
Component identity found in manifest does not match the identity of the component requested.
Reference is WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1".
Definition is WLMFDS,processorArchitecture="x86",type="win32",version="1.0.0.1".
Please use sxstrace.exe for detailed diagnosis.

Error: (05/25/2015 04:56:30 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: recordingmanager.exe, version: 17.0.15.4, time stamp: 0x544ddf47
Faulting module name: ntdll.dll, version: 6.1.7601.18247, time stamp: 0x521ea8e7
Exception code: 0xc0000374
Fault offset: 0x000ce753
Faulting process id: 0x670
Faulting application start time: 0xrecordingmanager.exe0
Faulting application path: recordingmanager.exe1
Faulting module path: recordingmanager.exe2
Report Id: recordingmanager.exe3

Error: (05/25/2015 04:50:24 AM) (Source: SideBySide) (EventID: 80) (User: )
Description: Activation context generation failed for "C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1".Error in manifest or policy file "C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" on line C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Component 2: C:\windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.

Error: (05/24/2015 10:11:36 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: recordingmanager.exe, version: 17.0.15.4, time stamp: 0x544ddf47
Faulting module name: ntdll.dll, version: 6.1.7601.18247, time stamp: 0x521ea8e7
Exception code: 0xc0000374
Fault offset: 0x000ce753
Faulting process id: 0x1e0c
Faulting application start time: 0xrecordingmanager.exe0
Faulting application path: recordingmanager.exe1
Faulting module path: recordingmanager.exe2
Report Id: recordingmanager.exe3

Error: (05/24/2015 09:38:59 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program IEXPLORE.EXE version 11.0.9600.16428 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: 200

Start Time: 01d0968b78fdd217

Termination Time: 20

Application Path: C:\Program Files\Internet Explorer\IEXPLORE.EXE

Report Id: c9e08d68-027e-11e5-ab15-00266c3c43f3

Error: (05/24/2015 09:38:10 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: IEXPLORE.EXE, version: 11.0.9600.16428, time stamp: 0x525b66f7
Faulting module name: rndlbrowserrecordplugin64.dll, version: 17.0.15.1, time stamp: 0x544b5bcc
Exception code: 0xc0000005
Fault offset: 0x000000000000b4b9
Faulting process id: 0x1460
Faulting application start time: 0xIEXPLORE.EXE0
Faulting application path: IEXPLORE.EXE1
Faulting module path: IEXPLORE.EXE2
Report Id: IEXPLORE.EXE3

Error: (05/24/2015 09:37:00 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: IEXPLORE.EXE, version: 11.0.9600.16428, time stamp: 0x525b66f7
Faulting module name: rndlbrowserrecordplugin64.dll, version: 17.0.15.1, time stamp: 0x544b5bcc
Exception code: 0xc0000005
Fault offset: 0x000000000000b4b9
Faulting process id: 0x187c
Faulting application start time: 0xIEXPLORE.EXE0
Faulting application path: IEXPLORE.EXE1
Faulting module path: IEXPLORE.EXE2
Report Id: IEXPLORE.EXE3

System errors:
=============
Error: (05/25/2015 02:44:45 PM) (Source: Microsoft-Windows-DNS-Client) (EventID: 1012) (User: NT AUTHORITY)
Description: There was an error while attempting to read the local hosts file.

Error: (05/25/2015 02:44:45 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Voltage Article service failed to start due to the following error:
%%2

Error: (05/25/2015 05:49:29 AM) (Source: Microsoft-Windows-DNS-Client) (EventID: 1012) (User: NT AUTHORITY)
Description: There was an error while attempting to read the local hosts file.

Error: (05/24/2015 09:30:10 PM) (Source: Disk) (EventID: 11) (User: )
Description: The driver detected a controller error on \Device\Harddisk1\DR2.

Error: (05/24/2015 09:06:02 PM) (Source: Microsoft-Windows-DNS-Client) (EventID: 1012) (User: NT AUTHORITY)
Description: There was an error while attempting to read the local hosts file.

Error: (05/24/2015 08:18:19 PM) (Source: Microsoft-Windows-DNS-Client) (EventID: 1012) (User: NT AUTHORITY)
Description: There was an error while attempting to read the local hosts file.

Error: (05/24/2015 07:06:44 PM) (Source: Microsoft-Windows-DNS-Client) (EventID: 1012) (User: NT AUTHORITY)
Description: There was an error while attempting to read the local hosts file.

Error: (05/24/2015 03:44:44 PM) (Source: Microsoft-Windows-DNS-Client) (EventID: 1012) (User: NT AUTHORITY)
Description: There was an error while attempting to read the local hosts file.

Error: (05/24/2015 03:44:42 PM) (Source: Microsoft-Windows-DNS-Client) (EventID: 1012) (User: NT AUTHORITY)
Description: There was an error while attempting to read the local hosts file.

Error: (05/24/2015 03:44:42 PM) (Source: Microsoft-Windows-DNS-Client) (EventID: 1012) (User: NT AUTHORITY)
Description: There was an error while attempting to read the local hosts file.

Microsoft Office:
=========================

CodeIntegrity Errors:
===================================
  Date: 2015-05-17 02:40:11.170
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\BubbleSound\BubbleSound.dll because the set of per-page image hashes could not be found on the system.

  Date: 2015-05-17 02:40:06.358
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\BubbleSound\BubbleSound.dll because the set of per-page image hashes could not be found on the system.

  Date: 2015-05-17 02:40:06.160
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\BubbleSound\BubbleSound.dll because the set of per-page image hashes could not be found on the system.

  Date: 2015-05-17 02:39:25.189
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\BubbleSound\BubbleSound.dll because the set of per-page image hashes could not be found on the system.

  Date: 2015-05-17 02:38:58.782
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\BubbleSound\BubbleSound.dll because the set of per-page image hashes could not be found on the system.

  Date: 2015-05-17 02:37:22.300
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\BubbleSound\BubbleSound.dll because the set of per-page image hashes could not be found on the system.

  Date: 2015-05-17 02:36:57.086
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\BubbleSound\BubbleSound.dll because the set of per-page image hashes could not be found on the system.

  Date: 2015-05-17 02:36:41.992
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\BubbleSound\BubbleSound.dll because the set of per-page image hashes could not be found on the system.

  Date: 2015-05-17 02:28:30.695
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\BubbleSound\BubbleSound.dll because the set of per-page image hashes could not be found on the system.

  Date: 2015-05-17 02:28:30.410
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\BubbleSound\BubbleSound.dll because the set of per-page image hashes could not be found on the system.

==================== Memory info ===========================

Processor: Pentium® Dual-Core CPU T4400 @ 2.20GHz
Percentage of memory in use: 53%
Total physical RAM: 2939.99 MB
Available physical RAM: 1373.17 MB
Total Pagefile: 5878.16 MB
Available Pagefile: 3808.77 MB
Total Virtual: 8192 MB
Available Virtual: 8191.85 MB

==================== Drives ================================

Drive c: (TI105487W0B) (Fixed) (Total:287.55 GB) (Free:128.82 GB) NTFS ==>[System with boot components (obtained from reading drive)]
Drive f: (FreeAgent GoFlex Drive) (Fixed) (Total:1863.01 GB) (Free:48.35 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or Vista) (Size: 298.1 GB) (Disk ID: 29ADC161)
Partition 1: (Active) - (Size=1.5 GB) - (Type=27)
Partition 2: (Not Active) - (Size=287.6 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=9.1 GB) - (Type=17)

========================================================
Disk: 1 (Size: 1863 GB) (Disk ID: A4B57300)
Partition 1: (Not Active) - (Size=1863 GB) - (Type=07 NTFS)

==================== End of log ============================



#10 Jo*

Jo*

  • Malware Response Team
  • 3,429 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:09:22 PM

Posted 26 May 2015 - 06:30 AM

Hello Ddraiglais,
 

***


Open notepad. Please copy the contents of the code box below. To do this highlight the contents of the box and right click on it. Paste this into the open notepad.
Save it in the same location as / FSRT / FSRT64 (usually your desktop) as fixlist.txt

 
start
CreateRestorePoint:
CloseProcesses:
EmptyTemp:
Hosts:
HKLM\...\Run: [] => [X]
HKLM\...\Run: [shopperz64] => C:\Program Files\shopperz\wrex64.exe
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
HKU\S-1-5-21-494707120-3277395189-1778691621-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
S2 hukylyqu; C:\Users\Ginny\AppData\Roaming\A0249120-1431834439-DE11-BBA9-00266C3C43F3\nsm6043.tmpfs [X]
S3 EsgScanner; system32\DRIVERS\EsgScanner.sys [X]
end


NOTICE: This script was written specifically for this user, for use on that particular machine.
Running this on another machine may cause damage to your operating system


Run FRST / FSRT64 again like we did before but this time press the Fix button just once and wait.
The tool will make a log (Fixlog.txt) please post it to your reply.


***


Graduate of the WTT Classroom
Cheers,
Jo
If I have been helping you, and I have not replied to your latest post in 36 hours please send me a PM.


#11 Ddraiglais

Ddraiglais
  • Topic Starter

  • Members
  • 44 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:02:22 PM

Posted 26 May 2015 - 12:47 PM

I can't copy and paste because Sticky Keys is stuck on It is turned off in Control Panel I don't know why it turns itself on and off. Filter Keys does the same thing.



#12 Jo*

Jo*

  • Malware Response Team
  • 3,429 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:09:22 PM

Posted 26 May 2015 - 12:58 PM

Ok here is the fixlist as attached file!


Graduate of the WTT Classroom
Cheers,
Jo
If I have been helping you, and I have not replied to your latest post in 36 hours please send me a PM.


#13 Jo*

Jo*

  • Malware Response Team
  • 3,429 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:09:22 PM

Posted 29 May 2015 - 02:41 AM

Due to the lack of feedback, this topic is now closed.

In the event you still have problems, please send me or any Moderator a Private Message and ask them to reopen this topic within the next 5 days.

Please include a link to your topic in the Private Message. Thank you.

Graduate of the WTT Classroom
Cheers,
Jo
If I have been helping you, and I have not replied to your latest post in 36 hours please send me a PM.





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users