Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Unknown virus - Netflix preventer amongst other things


  • This topic is locked This topic is locked
15 replies to this topic

#1 jouster007

jouster007

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:09:51 AM

Posted 30 December 2015 - 12:53 AM

A friend of mine's teenage son had installed what appears to be a trojan that prevents Netflix from running saying it is blocked. Originally it prevented all antivirus related sites from coming up. When went to firefox home page it would indicate it had the latest version at the same time say it was out of date with a generic looking screen with no pictures or graphics just text. Tried a system restore from before the trojan was downloaded, no change in behavior. I can boot in safe mode with networking support and appears to act normal. Tried msconfig and turning off all the start up items in normal boot no change. Ran Eset virus scan, it found a few items and removed them but then nothing. When I booted clamwin in safe mode it found things related to real downloader and Nvidia but after cleaning everything same problem. Ran Ccleaner in safe mode, gained the abillity of normal screen for firefox nothing else. Tried Malwarebytes clean - nothing found. I'm getting ready to call it a loss for my friend and just format the computer an reinstall but I thought i would see if anyone could come up with what this is as I have never seen anything like it before.

 

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:29-12-2015
Ran by installation (administrator) on PALS (29-12-2015 21:31:36)
Running from C:\Users\installation\Downloads
Loaded Profiles: installation (Available Profiles: Larry & Carrie & installation & Test for Antivirus & User1 & Mama's Mix profile & Joel & Administrator & Guest)
Platform: Windows 7 Ultimate Service Pack 1 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Safe Mode (with Networking)
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Farbar) C:\Users\installation\Downloads\FRST64(2).exe


==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [XboxStat] => C:\Program Files\Microsoft Xbox 360 Accessories\XboxStat.exe [825184 2009-09-30] (Microsoft Corporation)
HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2634896 2015-07-23] (NVIDIA Corporation)
HKLM\...\Run: [ShadowPlay] => C:\Windows\system32\rundll32.exe C:\Windows\system32\nvspcap64.dll,ShadowPlayOnSystemStart
HKLM-x32\...\Run: [HP Software Update] => C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe [96056 2013-05-30] (Hewlett-Packard)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [ProductUpdater] => C:\Program Files (x86)\Common Files\Freemake Shared\ProductUpdater\ProductUpdater.exe [71680 2015-11-23] ()
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [596528 2015-11-09] (Oracle Corporation)
HKLM-x32\...\Run: [Syncios device service] => C:\Program Files (x86)\Syncios\SynciosDeviceService.exe [736768 2014-08-12] ()
HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2014-09-01] (Apple Inc.)
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [43816 2014-07-31] (Apple Inc.)
HKLM Group Policy restriction on software: %LocalAppData%\*\*.exe <====== ATTENTION
HKLM Group Policy restriction on software: %LocalAppData%\Temp\*.zip\*.exe <====== ATTENTION
HKLM Group Policy restriction on software: %LocalAppData%\Temp\7z*\*.exe <====== ATTENTION
HKLM Group Policy restriction on software: Path: %AppData%\*.exe <====== ATTENTION
HKLM Group Policy restriction on software: %LocalAppData%\*.exe <====== ATTENTION
HKLM Group Policy restriction on software: %LocalAppData%\Temp\wz*\*.exe <====== ATTENTION
HKLM Group Policy restriction on software: %LocalAppData%\Temp\Rar*\*.exe <====== ATTENTION
HKLM Group Policy restriction on software: %AppData%\*\*.exe <====== ATTENTION
HKLM Group Policy restriction on software: %HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRoot% <====== ATTENTION
HKLM Group Policy restriction on software: %HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ProgramFilesDir% <====== ATTENTION
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-2085024141-2439579769-4020783274-1004\...\Run: [ClamWin] => C:\Program Files (x86)\ClamWin\bin\ClamTray.exe [86016 2015-05-05] (alch)
HKU\S-1-5-21-2085024141-2439579769-4020783274-1004\...\Run: [NETGEARGenie] => C:\Program Files (x86)\NETGEAR Genie\bin\NETGEARGenie.exe [602880 2015-06-01] (NETGEAR Inc.)
HKU\S-1-5-21-2085024141-2439579769-4020783274-1004\...\Run: [iCloudServices] => C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe [43816 2014-08-07] (Apple Inc.)
HKU\S-1-5-21-2085024141-2439579769-4020783274-1004\...\Run: [ApplePhotoStreams] => C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe [43816 2014-08-14] (Apple Inc.)
HKU\S-1-5-21-2085024141-2439579769-4020783274-1004\...\Run: [Google Update] => C:\Users\installation\AppData\Local\Google\Update\GoogleUpdate.exe [144200 2015-08-27] (Google Inc.)
HKU\S-1-5-21-2085024141-2439579769-4020783274-1004\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [8591272 2015-11-16] (Piriform Ltd)
HKU\S-1-5-21-2085024141-2439579769-4020783274-1004\...\MountPoints2: F - F:\Launcher.exe
HKU\S-1-5-21-2085024141-2439579769-4020783274-1004\...\MountPoints2: {2850e040-bd39-11e1-a1e8-806e6f6e6963} - H:\Launcher.exe
HKU\S-1-5-21-2085024141-2439579769-4020783274-1004\...\MountPoints2: {5bbe4818-3798-11e3-ae3e-0024e813eacf} - H:\X501_ZTE.exe
HKU\S-1-5-21-2085024141-2439579769-4020783274-1004\...\MountPoints2: {63e27712-4025-11e3-b87d-0024e813eacf} - H:\iLinker.exe
HKU\S-1-5-21-2085024141-2439579769-4020783274-1004\...\MountPoints2: {758126d2-149f-11e3-a3ba-0024e813eacf} - I:\X501_ZTE.exe
HKU\S-1-5-21-2085024141-2439579769-4020783274-1004\...\MountPoints2: {9227cbae-c546-11e2-9d73-0024e813eacf} - C:\Windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL E:\TL-Bootstrap.exe
HKU\S-1-5-21-2085024141-2439579769-4020783274-1004\...\MountPoints2: {ba0431f5-eeee-11e2-bbcc-0024e813eacf} - G:\X501_ZTE.exe
HKU\S-1-5-21-2085024141-2439579769-4020783274-1004\...\MountPoints2: {c6eaa3da-4383-11e4-b1f2-0024e813eacf} - E:\X501_ZTE.exe
HKU\S-1-5-21-2085024141-2439579769-4020783274-1004\...\MountPoints2: {cb1bd0a1-cce5-11e1-aaa2-0024e813eacf} - I:\KODAK_Software_Downloader.exe
HKU\S-1-5-21-2085024141-2439579769-4020783274-1004\...\MountPoints2: {e76ce140-326e-11e2-9ad9-806e6f6e6963} - H:\Launcher.exe
Startup: C:\Users\installation\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Monitor Ink Alerts - HP Deskjet 2540 series.lnk [2015-12-29]
ShortcutTarget: Monitor Ink Alerts - HP Deskjet 2540 series.lnk -> C:\Program Files\HP\HP Deskjet 2540 series\Bin\HPStatusBL.dll (Hewlett-Packard Co.)
GroupPolicyScripts: Restriction <======= ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Winsock: Catalog5 08 C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL No File
Winsock: Catalog5 09 C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL No File
Winsock: Catalog5-x64 08 C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL No File
Winsock: Catalog5-x64 09 C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL No File
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{8456B2B0-2CD7-404F-AF35-96E37532BC6B}: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{EE8818FE-BB8D-47E9-B323-81FA5816594A}: [DhcpNameServer] 209.222.18.222 209.222.18.218

Internet Explorer:
==================
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKU\.DEFAULT\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKU\S-1-5-21-2085024141-2439579769-4020783274-1004\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKU\S-1-5-21-2085024141-2439579769-4020783274-1004\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://search.yahoo.com/?fr=avantsearch6
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\OCHelper.dll [2015-12-19] (Microsoft Corporation)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\URLREDIR.DLL [2015-12-19] (Microsoft Corporation)
BHO: Microsoft OneDrive for Business Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\GROOVEEX.DLL [2015-12-19] (Microsoft Corporation)
BHO-x32: RealNetworks Download and Record Plugin for Internet Explorer -> {3049C3E9-B461-4BC5-8870-4C09146192CA} -> C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin.dll [2013-03-06] (RealDownloader)
BHO-x32: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\root\Office16\OCHelper.dll [2015-12-19] (Microsoft Corporation)
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_66\bin\ssv.dll [2015-11-16] (Oracle Corporation)
BHO-x32: FlashGetBHO -> {b070d3e3-fec0-47d9-8e8a-99d4eeb3d3b0} -> C:\Users\installation\AppData\Roaming\FlashGetBHO\FlashGetBHO.dll [2012-10-31] (Trend Media Group)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\root\Office16\URLREDIR.DLL [2015-12-19] (Microsoft Corporation)
BHO-x32: Microsoft OneDrive for Business Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\root\Office16\GROOVEEX.DLL [2015-12-19] (Microsoft Corporation)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_66\bin\jp2ssv.dll [2015-11-16] (Oracle Corporation)
BHO-x32: Freemake.YoutubeButton -> {e9e8eb35-ff77-455d-b677-91e5e4fc06c2} -> C:\Windows\SysWOW64\mscoree.dll [2010-11-04] (Microsoft Corporation)
Handler-x32: belarc - {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - C:\Program Files (x86)\Belarc\BelarcAdvisor\System\BAVoilaX.dll [2015-08-05] (Belarc, Inc.)
Handler-x32: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2015-12-19] (Microsoft Corporation)
Handler-x32: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2015-12-19] (Microsoft Corporation)
Handler-x32: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2015-12-19] (Microsoft Corporation)
Handler-x32: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2015-12-19] (Microsoft Corporation)

FireFox:
========
FF ProfilePath: C:\Users\installation\AppData\Roaming\Mozilla\Firefox\Profiles\0pog8qjj.default-1445815610010
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_19_0_0_245.dll [2015-11-29] ()
FF Plugin: @java.com/DTPlugin,version=10.25.2 -> C:\Windows\system32\npDeployJava1.dll [2013-09-09] (Oracle Corporation)
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.41105.0\npctrl.dll [2015-11-04] ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_19_0_0_245.dll [2015-11-29] ()
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\Windows\SysWOW64\Adobe\Director\np32dsw_1215155.dll [2014-12-02] (Adobe Systems, Inc.)
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2014-05-06] ()
FF Plugin-x32: @gpac/osmozilla,version=1.0 -> C:\Program Files (x86)\GPAC\nposmozilla.dll [2012-05-25] ( )
FF Plugin-x32: @java.com/DTPlugin,version=11.66.2 -> C:\Program Files (x86)\Java\jre1.8.0_66\bin\dtplugin\npDeployJava1.dll [2015-11-16] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.66.2 -> C:\Program Files (x86)\Java\jre1.8.0_66\bin\plugin2\npjp2.dll [2015-11-16] (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX86\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2015-12-19] (Microsoft Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.41105.0\npctrl.dll [2015-11-04] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files (x86)\Microsoft Office\root\Office16\NPSPWRAP.DLL [2015-12-19] (Microsoft Corporation)
FF Plugin-x32: @Nero.com/KM -> C:\PROGRA~2\COMMON~1\Nero\BROWSE~1\NPBROW~1.DLL [2013-08-20] (Nero AG)
FF Plugin-x32: @real.com/nppl3260;version=16.0.1.18 -> c:\program files (x86)\real\realplayer\Netscape6\nppl3260.dll [2013-03-17] (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprndlchromebrowserrecordext;version=1.3.1 -> C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlchromebrowserrecordext.dll [2013-03-06] (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprndlhtml5videoshim;version=1.3.1 -> C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlhtml5videoshim.dll [2013-03-06] (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprndlpepperflashvideoshim;version=1.3.1 -> C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlpepperflashvideoshim.dll [2013-03-06] (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprpplugin;version=16.0.1.18 -> c:\program files (x86)\real\realplayer\Netscape6\nprpplugin.dll [2013-03-17] (RealPlayer)
FF Plugin-x32: @realnetworks.com/npdlplugin;version=1 -> C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\npdlplugin.dll [2013-03-06] (RealDownloader)
FF Plugin-x32: @videolan.org/vlc,version=2.0.3 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2012-07-19] (VideoLAN)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2015-09-30] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-2085024141-2439579769-4020783274-1004: @tools.google.com/Google Update;version=3 -> C:\Users\installation\AppData\Local\Google\Update\1.3.29.1\npGoogleUpdate3.dll [2015-12-04] (Google Inc.)
FF Plugin HKU\S-1-5-21-2085024141-2439579769-4020783274-1004: @tools.google.com/Google Update;version=9 -> C:\Users\installation\AppData\Local\Google\Update\1.3.29.1\npGoogleUpdate3.dll [2015-12-04] (Google Inc.)
FF Extension: Anti-Banner - C:\Program Files (x86)\Mozilla Firefox\extensions\KavAntiBanner@kaspersky.ru_bak2 [2015-11-08] [not signed]
FF Extension: Kaspersky URL Advisor - C:\Program Files (x86)\Mozilla Firefox\extensions\linkfilter@kaspersky.ru_bak2 [2015-11-08] [not signed]
FF Extension: Hotspot Shield Extension - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\afproxy@anchorfree.com [2015-11-08] [not signed]
FF HKLM\...\Thunderbird\Extensions: [eplgTb@eset.com] - C:\Program Files\ESET\ESET Smart Security\Mozilla Thunderbird => not found
FF HKLM-x32\...\Firefox\Extensions: [{DAC3F861-B30D-40dd-9166-F4E75327FAC7}] - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext
FF Extension: RealDownloader - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext [2013-03-17] [not signed]
FF HKLM-x32\...\Firefox\Extensions: [fmdownloader@gmail.com] - C:\Program Files (x86)\Freemake\Freemake Video Downloader\BrowserPlugin\Firefox\fmdownloader@gmail.com
FF Extension: Freemake Video Downloader Plugin - C:\Program Files (x86)\Freemake\Freemake Video Downloader\BrowserPlugin\Firefox\fmdownloader@gmail.com [2013-03-18] [not signed]
FF HKLM-x32\...\Firefox\Extensions: [ytfmdownloader@gmail.com] - C:\Program Files (x86)\Freemake\Freemake Video Downloader\BrowserPlugin\Firefox\ytfmdownloader@gmail.com
FF Extension: Freemake Youtube Download Button - C:\Program Files (x86)\Freemake\Freemake Video Downloader\BrowserPlugin\Firefox\ytfmdownloader@gmail.com [2013-03-18] [not signed]
FF HKLM-x32\...\Firefox\Extensions: [{ABDE892B-13A8-4d1b-88E6-365A6E755758}] - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext
FF HKLM-x32\...\Thunderbird\Extensions: [eplgTb@eset.com] - C:\Program Files\ESET\ESET Smart Security\Mozilla Thunderbird => not found

Chrome:
=======
CHR Profile: C:\Users\installation\AppData\Local\Google\Chrome\User Data\default
CHR Extension: (Chrome Web Store Payments) - C:\Users\installation\AppData\Local\Google\Chrome\User Data\default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-12-25]
CHR HKLM-x32\...\Chrome\Extension: [idhngdhcfkoamngbedgpaokgjbnpdiji] - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Chrome\Ext\realdownloader.crx [2013-03-06]
StartMenuInternet: Google Chrome.75L362MWEYYJVWM3OLNFXNGWII - C:\Users\installation\AppData\Local\Google\Chrome\Application\chrome.exe

==================== Services (Whitelisted) ========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S4 ACDaemon; C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe [113152 2010-03-18] (ArcSoft Inc.)
S4 AxAutoMntSrv; C:\Program Files (x86)\Alcohol 120\AxAutoMntSrv.exe [75624 2012-01-05] (Alcohol Soft Development Team)
S3 c2wts; C:\Program Files\Windows Identity Foundation\v3.5\c2wtshost.exe [13080 2010-01-24] (Microsoft Corporation)
S2 ClickToRunSvc; C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe [2869432 2015-11-01] (Microsoft Corporation)
S2 ekrn; C:\Program Files\ESET\ESET Smart Security\ekrn.exe [2521080 2015-11-19] (ESET)
S4 FreemakeVideoCapture; C:\Program Files (x86)\Freemake\CaptureLib\CaptureLibService.exe [9216 2013-02-25] (Ellora Assets Corp.) [File not signed]
S2 GfExperienceService; C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe [1155216 2015-07-23] (NVIDIA Corporation)
S2 hmpalertsvc; C:\Program Files (x86)\HitmanPro.Alert\hmpalert.exe [1876816 2014-11-05] (SurfRight B.V.)
S4 NETGEARGenieDaemon; C:\Program Files (x86)\NETGEAR Genie\bin\NETGEARGenieDaemon64.exe [232192 2015-06-01] (NETGEAR)
S2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1871504 2015-07-23] (NVIDIA Corporation)
S2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe [5544592 2015-07-23] (NVIDIA Corporation)
S4 RealNetworks Downloader Resolver Service; C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe [39056 2013-03-06] ()
S2 StarWindServiceAE; C:\Program Files (x86)\Alcohol 120\StarWind\StarWindServiceAE.exe [370688 2009-12-23] (StarWind Software) [File not signed]
S3 TVersityMediaServer; C:\ProgramData\TVersity\Media Server\MediaServer.exe [1783944 2015-07-29] ()
S2 TZVPNCLIENT; C:\Program Files\Trust.Zone VPN Client\vpnclient_x64.exe [4492280 2015-10-18] (Trust.Zone VPN Project)
S4 UDisk Monitor; C:\Program Files (x86)\Froyo_Android_Driver\Bin\MonServiceUDisk.exe [517960 2012-04-20] ()
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-26] (Microsoft Corporation)

===================== Drivers (Whitelisted) ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S3 61883; C:\Windows\System32\DRIVERS\61883.sys [60288 2009-07-13] (Microsoft Corporation)
R1 aswKbd; C:\Windows\System32\Drivers\aswKbd.sys [19600 2012-07-03] (AVAST Software)
S1 eamonm; C:\Windows\System32\DRIVERS\eamonm.sys [263528 2015-11-16] (ESET)
S3 ebdrv; C:\Windows\system32\DRIVERS\evbda.sys [3286016 2009-06-10] (Broadcom Corporation)
S1 ehdrv; C:\Windows\System32\DRIVERS\ehdrv.sys [186784 2015-11-16] (ESET)
R2 ekbdflt; C:\Windows\System32\DRIVERS\ekbdflt.sys [142976 2015-11-16] (ESET)
R1 epfw; C:\Windows\System32\DRIVERS\epfw.sys [206312 2015-11-16] (ESET)
R1 EpfwLWF; C:\Windows\System32\DRIVERS\EpfwLWF.sys [52872 2015-11-16] (ESET)
S0 epfwwfp; C:\Windows\System32\DRIVERS\epfwwfp.sys [69840 2015-11-16] (ESET)
S3 FlyUsb; C:\Windows\System32\DRIVERS\FlyUsb.sys [24576 2011-11-12] (LeapFrog)
S3 Generalusbserialser20675; C:\Windows\System32\DRIVERS\CT_U_USBSER.sys [128328 2012-04-20] (Incorporated)
S3 GenericMount; C:\Windows\System32\DRIVERS\GenericMount.sys [54320 2009-09-21] (Symantec Corporation)
S2 hmpalert; C:\Windows\System32\drivers\hmpalert.sys [93144 2014-11-05] ()
S3 IPNPF; C:\Windows\SysWOW64\drivers\IPNPF.sys [42704 2012-03-05] (SurveilStar Inc.      )
S1 ISODrive; C:\Program Files (x86)\UltraISO\drivers\ISODrv64.sys [115600 2009-02-10] (EZB Systems, Inc.)
S2 NPF; C:\Windows\system32\drivers\npf.sys [35344 2015-09-18] (CACE Technologies, Inc.)
S3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [19600 2015-07-23] (NVIDIA Corporation)
S3 nvvad_WaveExtensible; C:\Windows\System32\drivers\nvvad64v.sys [47976 2015-07-02] (NVIDIA Corporation)
R1 RrNetCapFilterDriver; C:\Windows\System32\DRIVERS\RrNetCapFilterDriver.sys [24744 2013-10-07] (Audials AG)
R0 sptd; C:\Windows\System32\Drivers\sptd.sys [560184 2012-06-23] (Duplex Secure Ltd.)
S3 taphss6; C:\Windows\System32\DRIVERS\taphss6.sys [42184 2013-01-10] (Anchorfree Inc.)
S3 TFsfltdrv; C:\Windows\SysWOW64\drivers\tfsfltdrv.sys [35272 2012-03-05] (SurveilStar Inc.      )
S3 ATP; system32\DRIVERS\cmdatp.sys [X]
S3 cpuz136; \??\C:\Users\INSTAL~1\AppData\Local\Temp\cpuz136\cpuz136_x64.sys [X]
S3 Synth3dVsc; System32\drivers\synth3dvsc.sys [X]
S3 Tpacketv; system32\DRIVERS\tpacketv.sys [X]
S3 TpacketvMP; system32\DRIVERS\tpacketv.sys [X]
S3 tsusbhub; system32\drivers\tsusbhub.sys [X]
U2 V2iMount; no ImagePath
S3 VGPU; System32\drivers\rdvgkmd.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-12-29 21:30 - 2015-12-29 21:30 - 02370560 _____ (Farbar) C:\Users\installation\Downloads\FRST64(2).exe
2015-12-27 20:45 - 2015-12-27 20:45 - 00005859 _____ C:\Windows\brndlog.txt
2015-12-27 20:44 - 2015-12-27 20:44 - 00000000 ____D C:\Users\Default\AppData\Local\NVIDIA
2015-12-27 20:44 - 2015-12-27 20:44 - 00000000 ____D C:\Users\Default User\AppData\Local\NVIDIA
2015-12-25 18:55 - 2015-12-25 19:16 - 00000000 ____D C:\Users\installation\Downloads\backups
2015-12-25 18:18 - 2015-09-28 21:22 - 1488422178 _____ C:\Inside.Out.2015.HDRip.XviD.AC3-EVO.avi
2015-12-25 17:59 - 2015-12-25 17:59 - 00001080 _____ C:\maleware results.txt
2015-12-25 14:14 - 2015-12-25 19:16 - 00000000 ____D C:\Program Files (x86)\Malwarebytes Anti-Malware
2015-12-25 14:14 - 2015-12-25 14:14 - 00000000 ____D C:\ProgramData\Malwarebytes
2015-12-25 14:08 - 2015-12-25 14:08 - 00000000 ____D C:\Users\installation\AppData\Roaming\Opera Software
2015-12-25 14:08 - 2015-12-25 14:08 - 00000000 ____D C:\Users\installation\AppData\Local\Opera Software
2015-12-25 14:07 - 2015-12-25 19:16 - 00000000 ____D C:\Program Files (x86)\Opera
2015-12-25 14:03 - 2015-12-25 14:03 - 00027726 _____ C:\ComboFix.txt
2015-12-25 13:29 - 2015-12-25 14:03 - 00000000 ____D C:\ComboFix
2015-12-25 13:22 - 2015-12-25 14:03 - 00000000 ____D C:\Qoobox
2015-12-25 13:21 - 2015-12-25 19:16 - 00000000 ____D C:\Windows\erdnt
2015-12-20 15:09 - 2015-12-29 21:27 - 00351036 _____ C:\Windows\ntbtlog.txt
2015-12-20 15:07 - 2015-12-20 15:07 - 00000049 _____ C:\Users\installation\test.txt
2015-12-20 10:41 - 2015-12-20 10:41 - 13171424 _____ (Microsoft Corporation) C:\Users\installation\Downloads\Silverlight_x64(2).exe
2015-12-20 01:24 - 2015-12-20 01:24 - 00000000 ____D C:\Users\installation\Downloads\New folder
2015-12-20 01:21 - 2015-12-28 15:45 - 00000000 ____D C:\Users\installation\AppData\Roaming\qBittorrent
2015-12-20 01:21 - 2015-12-20 01:21 - 00000000 ____D C:\Users\installation\AppData\Local\qBittorrent
2015-12-20 01:21 - 2015-12-20 01:21 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\qBittorrent
2015-12-20 01:21 - 2015-12-20 01:21 - 00000000 ____D C:\Program Files (x86)\qBittorrent
2015-12-20 01:02 - 2015-12-20 01:02 - 00231620 _____ C:\Users\installation\Documents\eset settings.xml
2015-12-19 23:22 - 2015-12-19 23:22 - 00002027 _____ C:\Users\Public\Desktop\ESET Banking & Payment protection.lnk
2015-12-19 23:22 - 2015-12-19 23:22 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ESET
2015-12-19 23:22 - 2015-12-19 23:22 - 00000000 ____D C:\ProgramData\ESET
2015-12-19 23:22 - 2015-12-19 23:22 - 00000000 ____D C:\Program Files\ESET
2015-12-19 22:58 - 2015-12-19 22:58 - 00466428 _____ C:\Users\installation\Documents\cc_20151219_225808.reg
2015-12-19 22:32 - 2015-12-19 22:32 - 06801752 _____ (Piriform Ltd) C:\Users\installation\Downloads\ccsetup512.exe
2015-12-19 22:32 - 2015-12-19 22:32 - 00000822 _____ C:\Users\Public\Desktop\CCleaner.lnk
2015-12-19 22:32 - 2015-12-19 22:32 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
2015-12-19 22:32 - 2015-12-19 22:32 - 00000000 ____D C:\Program Files\CCleaner
2015-12-19 22:23 - 2015-12-19 22:23 - 01740288 _____ C:\Users\installation\Downloads\adwcleaner_5.025.exe
2015-12-19 22:08 - 2015-12-19 22:08 - 00000000 ____D C:\Users\installation\AppData\Roaming\URSoft
2015-12-19 15:45 - 2015-12-19 15:45 - 00001163 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2015-12-19 15:45 - 2015-12-19 15:45 - 00001151 _____ C:\Users\Public\Desktop\Mozilla Firefox.lnk
2015-12-19 15:44 - 2015-12-19 15:44 - 00249416 _____ C:\Users\installation\Downloads\Firefox Setup Stub 43.0.1.exe
2015-12-19 15:06 - 2015-12-19 15:06 - 00001927 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Avant Browser.lnk
2015-12-19 15:06 - 2015-12-19 15:06 - 00001921 _____ C:\Users\Public\Desktop\Avant Browser.lnk
2015-12-19 15:06 - 2015-12-19 15:06 - 00000000 ____D C:\Users\installation\AppData\Roaming\Avant Profiles
2015-12-19 15:06 - 2015-12-19 15:06 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avant Browser
2015-12-19 15:05 - 2015-12-19 15:06 - 00000000 ____D C:\Program Files (x86)\Avant Browser
2015-12-10 18:12 - 2015-12-10 18:12 - 07464106 _____ C:\Users\installation\Documents\AP17506_CommGas_PowerVent_75gal_N3.pdf
2015-12-10 16:08 - 2015-12-10 16:08 - 00000000 ____D C:\Users\installation\AppData\Local\CEF
2015-12-05 21:16 - 2015-12-05 21:16 - 00001381 _____ C:\Users\Public\Desktop\GeForce Experience.lnk
2015-12-05 21:01 - 2015-07-23 20:21 - 01756608 _____ (NVIDIA Corporation) C:\Windows\system32\nvspbridge64.dll
2015-12-05 21:01 - 2015-07-23 20:21 - 01316000 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvspbridge.dll
2015-12-05 20:55 - 2015-07-24 15:28 - 00204648 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvhda64v.sys
2015-12-05 20:55 - 2015-07-24 15:28 - 00040280 _____ (NVIDIA Corporation) C:\Windows\system32\nvhdap64.dll
2015-12-05 20:55 - 2015-07-22 20:06 - 42730128 _____ C:\Windows\system32\nvcompiler.dll
2015-12-05 20:55 - 2015-07-22 20:06 - 37748880 _____ C:\Windows\SysWOW64\nvcompiler.dll
2015-12-05 20:55 - 2015-07-22 20:06 - 30487880 _____ (NVIDIA Corporation) C:\Windows\system32\nvoglv64.dll
2015-12-05 20:55 - 2015-07-22 20:06 - 22950544 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvoglv32.dll
2015-12-05 20:55 - 2015-07-22 20:06 - 17615408 _____ (NVIDIA Corporation) C:\Windows\system32\nvwgf2umx.dll
2015-12-05 20:55 - 2015-07-22 20:06 - 16151688 _____ (NVIDIA Corporation) C:\Windows\system32\nvopencl.dll
2015-12-05 20:55 - 2015-07-22 20:06 - 15892200 _____ (NVIDIA Corporation) C:\Windows\system32\nvd3dumx.dll
2015-12-05 20:55 - 2015-07-22 20:06 - 15129192 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvwgf2um.dll
2015-12-05 20:55 - 2015-07-22 20:06 - 14503880 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuda.dll
2015-12-05 20:55 - 2015-07-22 20:06 - 13268712 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvopencl.dll
2015-12-05 20:55 - 2015-07-22 20:06 - 11836680 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuda.dll
2015-12-05 20:55 - 2015-07-22 20:06 - 11055248 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvlddmkm.sys
2015-12-05 20:55 - 2015-07-22 20:06 - 03407144 _____ (NVIDIA Corporation) C:\Windows\system32\nvapi64.dll
2015-12-05 20:55 - 2015-07-22 20:06 - 02933576 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuvid.dll
2015-12-05 20:55 - 2015-07-22 20:06 - 02600592 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuvid.dll
2015-12-05 20:55 - 2015-07-22 20:06 - 01898128 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispco6435362.dll
2015-12-05 20:55 - 2015-07-22 20:06 - 01557648 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispgenco6435362.dll
2015-12-05 20:55 - 2015-07-22 20:06 - 01101856 _____ (NVIDIA Corporation) C:\Windows\system32\nvumdshimx.dll
2015-12-05 20:55 - 2015-07-22 20:06 - 01061008 _____ (NVIDIA Corporation) C:\Windows\system32\NvIFR64.dll
2015-12-05 20:55 - 2015-07-22 20:06 - 01053000 _____ (NVIDIA Corporation) C:\Windows\system32\NvFBC64.dll
2015-12-05 20:55 - 2015-07-22 20:06 - 00983368 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvIFR.dll
2015-12-05 20:55 - 2015-07-22 20:06 - 00976528 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvFBC.dll
2015-12-05 20:55 - 2015-07-22 20:06 - 00940104 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvumdshim.dll
2015-12-05 20:55 - 2015-07-22 20:06 - 00176904 _____ (NVIDIA Corporation) C:\Windows\system32\nvinitx.dll
2015-12-05 20:55 - 2015-07-22 20:06 - 00155280 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvinit.dll
2015-12-05 20:55 - 2015-07-22 20:06 - 00150832 _____ (NVIDIA Corporation) C:\Windows\system32\nvoglshim64.dll
2015-12-05 20:55 - 2015-07-22 20:06 - 00128512 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvoglshim32.dll
2015-12-05 20:55 - 2015-07-02 20:28 - 00069992 _____ (NVIDIA Corporation) C:\Windows\system32\nvaudcap64v.dll
2015-12-05 20:55 - 2015-07-02 20:28 - 00065896 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvaudcap32v.dll
2015-12-05 20:55 - 2015-07-02 20:28 - 00047976 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvvad64v.sys
2015-12-05 20:52 - 2015-12-28 15:27 - 00000000 ____D C:\Users\installation\Downloads\qbittorrent dl
2015-12-05 20:32 - 2015-12-05 20:41 - 457499339 _____ C:\Users\installation\Downloads\NVDriver_Vista_Win7_Win8_Win8_1_64_VER353_62.zip
2015-12-05 20:27 - 2015-07-20 06:16 - 05121613 _____ C:\Windows\system32\nvcoproc.bin
2015-12-04 18:48 - 2015-12-04 18:49 - 00000000 ____D C:\Program Files (x86)\GUMAE29.tmp
2015-12-02 10:05 - 2015-12-02 10:05 - 00000000 ____D C:\Users\Joel\AppData\LocalLow\Adobe
2015-12-02 10:05 - 2015-12-02 10:05 - 00000000 ____D C:\Users\Joel\AppData\Local\CEF
2015-12-02 10:05 - 2015-12-02 10:05 - 00000000 ____D C:\Users\Joel\AppData\Local\Adobe
2015-12-02 10:01 - 2015-12-02 10:01 - 00000000 ____D C:\Users\Joel\AppData\Local\Deployment
2015-12-02 10:01 - 2015-12-02 10:01 - 00000000 ____D C:\Users\Joel\AppData\Local\Apps\2.0
2015-12-01 19:27 - 2015-12-01 19:33 - 00000000 ____D C:\Lilly for Joel
2015-12-01 14:49 - 2015-12-01 14:49 - 00003168 _____ C:\Windows\System32\Tasks\{ED8B50F0-9D79-4AB0-86DC-5C4E1CC6F8A5}
2015-12-01 14:45 - 2015-12-01 14:47 - 25989289 _____ C:\Users\installation\Downloads\installer_win.exe
2015-11-29 20:26 - 2015-12-29 21:16 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-11-29 20:26 - 2015-11-29 20:26 - 00003768 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-12-29 21:31 - 2015-11-03 20:34 - 00000000 ____D C:\FRST
2015-12-29 21:31 - 2015-11-03 20:34 - 00000000 _____ C:\Users\installation\Downloads\FRST.txt
2015-12-29 21:23 - 2014-11-05 19:54 - 00000000 ____D C:\Windows\CryptoGuard
2015-12-29 20:53 - 2014-12-25 17:19 - 00000936 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2085024141-2439579769-4020783274-1004UA.job
2015-12-29 18:53 - 2015-02-05 06:25 - 00000884 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2085024141-2439579769-4020783274-1004Core1d0414f97774c92.job
2015-12-29 18:07 - 2009-07-13 20:45 - 00020704 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-12-29 18:07 - 2009-07-13 20:45 - 00020704 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-12-29 18:06 - 2015-09-08 15:39 - 00000000 ____D C:\Users\installation\AppData\Local\TVersity
2015-12-29 18:06 - 2009-07-13 21:13 - 00827296 _____ C:\Windows\system32\PerfStringBackup.INI
2015-12-29 18:06 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\inf
2015-12-29 18:02 - 2013-06-13 06:42 - 00000404 _____ C:\Windows\Tasks\RNUpgradeHelperLogonPrompt_installation.job
2015-12-29 18:01 - 2009-07-13 21:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2015-12-29 18:00 - 2015-11-16 20:23 - 00000000 ____D C:\Users\installation\AppData\Roaming\Azureus
2015-12-28 19:56 - 2009-07-13 19:20 - 00000000 ____D C:\Windows
2015-12-27 21:03 - 2015-09-08 15:39 - 01024086 _____ C:\Windows\SysWOW64\TVersityMediaServer.log.1
2015-12-27 20:45 - 2015-09-08 15:39 - 01024086 _____ C:\Windows\SysWOW64\TVersityMediaServer.log.2
2015-12-27 20:45 - 2009-07-13 20:57 - 00001547 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Media Player.lnk
2015-12-27 20:41 - 2012-04-19 18:02 - 00152848 _____ C:\Users\Administrator\AppData\Local\GDIPFONTCACHEV1.DAT
2015-12-27 20:34 - 2012-08-04 07:55 - 00000000 ____D C:\Users\Test for Antivirus\AppData\Roaming\Avant Profiles
2015-12-27 13:26 - 2014-09-27 09:09 - 00003426 _____ C:\Windows\System32\Tasks\Apple Diagnostics
2015-12-27 07:44 - 2013-06-13 06:42 - 00000394 _____ C:\Windows\Tasks\ReclaimerUpdateXML_installation.job
2015-12-27 06:30 - 2014-12-25 17:19 - 00000884 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2085024141-2439579769-4020783274-1004Core.job
2015-12-27 03:47 - 2013-06-13 06:42 - 00000398 _____ C:\Windows\Tasks\ReclaimerUpdateFiles_installation.job
2015-12-26 20:24 - 2015-11-08 20:08 - 00000000 ____D C:\Users\installation\AppData\Roaming\HpUpdate
2015-12-26 20:18 - 2012-04-21 07:41 - 00000000 ____D C:\Users\installation
2015-12-25 19:17 - 2015-07-31 12:19 - 00000000 ____D C:\Users\Joel
2015-12-25 19:17 - 2014-05-01 17:36 - 00000000 ____D C:\Users\Mama's Mix profile
2015-12-25 19:17 - 2013-07-30 08:46 - 00000000 ____D C:\Users\Guest
2015-12-25 19:17 - 2012-08-23 20:53 - 00000000 ____D C:\Users\User1
2015-12-25 19:17 - 2012-08-04 05:18 - 00000000 ____D C:\Users\Test for Antivirus
2015-12-25 19:17 - 2012-04-22 05:55 - 00000000 ____D C:\Users\Carrie
2015-12-25 19:17 - 2012-04-21 06:44 - 00000000 ____D C:\Users\Larry
2015-12-25 19:17 - 2012-04-19 18:02 - 00000000 ____D C:\Users\Administrator
2015-12-25 19:17 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\system32\spool
2015-12-25 19:16 - 2015-11-08 08:31 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2015-12-25 19:16 - 2015-09-19 09:50 - 00000000 ____D C:\Users\installation\Downloads\produkey-x64
2015-12-25 19:16 - 2014-12-22 19:29 - 00000000 ____D C:\Users\installation\AppData\Local\NETGEARGenie
2015-12-25 19:16 - 2014-03-13 15:58 - 00000000 ____D C:\Users\installation\AppData\Roaming\FlashGetBHO
2015-12-25 19:16 - 2013-05-05 05:57 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2015-12-25 19:16 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\registration
2015-12-25 19:14 - 2013-08-09 20:11 - 00000000 ____D C:\ProgramData\Real
2015-12-25 14:03 - 2014-06-16 04:23 - 00000000 ____D C:\Users\joels paint
2015-12-25 13:47 - 2009-11-16 14:07 - 00524288 _____ C:\Windows\system32\config\DEFAULT.bak
2015-12-25 13:47 - 2009-11-16 14:06 - 26214400 _____ C:\Windows\system32\config\SYSTEM.bak
2015-12-25 13:47 - 2009-11-16 14:05 - 95158272 _____ C:\Windows\system32\config\SOFTWARE.bak
2015-12-25 13:47 - 2009-07-13 18:34 - 00524288 _____ C:\Windows\system32\config\SAM.bak
2015-12-25 13:47 - 2009-07-13 18:34 - 00262144 _____ C:\Windows\system32\config\SECURITY.bak
2015-12-25 12:50 - 2012-06-12 18:09 - 00000000 ____D C:\SavedGames
2015-12-21 19:55 - 2015-11-15 17:01 - 00000000 ____D C:\Users\installation\Documents\Outlook Files
2015-12-20 16:52 - 2015-03-05 18:56 - 00000000 ____D C:\Users\installation\AppData\Roaming\Media Player Classic
2015-12-20 15:09 - 2013-05-31 20:55 - 00000000 ____D C:\Program Files\Microsoft Silverlight
2015-12-20 15:09 - 2013-05-31 20:55 - 00000000 ____D C:\Program Files (x86)\Microsoft Silverlight
2015-12-20 10:42 - 2014-03-14 20:06 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
2015-12-19 22:44 - 2013-03-18 06:41 - 00000000 ____D C:\ProgramData\VSO
2015-12-19 22:44 - 2013-03-16 11:38 - 00000000 ____D C:\Program Files (x86)\PDFCreator
2015-12-19 22:44 - 2012-08-25 17:03 - 00000000 ____D C:\Users\installation\Tracing
2015-12-19 22:44 - 2012-04-21 10:55 - 00000000 ____D C:\Users\installation\AppData\Roaming\Vso
2015-12-19 22:42 - 2012-04-19 18:53 - 00000000 ____D C:\Windows\Panther
2015-12-19 22:29 - 2014-11-08 00:18 - 00000000 ____D C:\AdwCleaner
2015-12-19 15:31 - 2012-04-19 18:12 - 00000000 ____D C:\Program Files (x86)\Microsoft Office
2015-12-19 14:15 - 2009-07-13 19:20 - 00000000 ____D C:\Users\Joel\Default
2015-12-19 14:13 - 2013-10-28 17:37 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NVIDIA Corporation
2015-12-19 14:13 - 2013-01-12 20:49 - 00000000 ____D C:\ProgramData\NVIDIA
2015-12-19 14:13 - 2013-01-12 20:48 - 00000000 ____D C:\Program Files (x86)\NVIDIA Corporation
2015-12-19 14:13 - 2013-01-12 20:46 - 00000000 ____D C:\Program Files\NVIDIA Corporation
2015-12-19 14:13 - 2012-11-05 06:34 - 00000000 ____D C:\Users\installation\AppData\Roaming\IrfanView
2015-12-19 14:13 - 2012-08-06 05:05 - 00000000 ____D C:\Users\Test for Antivirus\AppData\Roaming\Azureus
2015-12-19 14:13 - 2012-06-09 12:15 - 00000000 ____D C:\Users\installation\AppData\Roaming\vlc
2015-12-19 14:13 - 2012-04-21 11:47 - 00000000 ____D C:\Windows\system32\Macromed
2015-12-19 14:13 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\Help
2015-12-19 14:08 - 2015-07-21 20:47 - 00000000 ____D C:\ProgramData\Package Cache
2015-12-19 14:08 - 2013-01-12 20:48 - 00000000 ____D C:\ProgramData\NVIDIA Corporation
2015-12-16 17:22 - 2015-10-23 19:45 - 00000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2015-12-12 19:43 - 2012-08-14 04:48 - 00074965 _____ C:\Users\installation\Documents\bills.txt
2015-12-07 22:46 - 2012-06-17 07:20 - 00000000 ____D C:\Users\installation\Documents\ConvertXToDVD
2015-12-06 10:38 - 2012-06-16 17:20 - 00000000 ____D C:\Users\installation\AppData\Local\ElevatedDiagnostics
2015-12-05 21:17 - 2013-11-12 21:06 - 00000000 ____D C:\Users\installation\AppData\Local\NVIDIA Corporation
2015-12-04 18:48 - 2015-02-05 06:25 - 00003528 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-2085024141-2439579769-4020783274-1004Core1d0414f97774c92
2015-12-04 18:48 - 2014-12-25 17:19 - 00003924 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-2085024141-2439579769-4020783274-1004UA
2015-12-02 10:05 - 2015-07-31 12:20 - 00000000 ____D C:\Users\Joel\AppData\Roaming\Adobe
2015-12-02 09:33 - 2015-07-31 12:20 - 00000000 ____D C:\Users\Joel\AppData\Roaming\Apple Computer
2015-12-01 15:53 - 2012-07-13 18:48 - 00001324 _____ C:\Users\Public\Desktop\Freemake Video Converter.lnk
2015-12-01 15:53 - 2012-07-13 18:47 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Freemake
2015-12-01 15:53 - 2012-07-13 18:47 - 00000000 ____D C:\ProgramData\Freemake
2015-12-01 15:47 - 2015-11-04 04:39 - 00000000 ____D C:\Users\Test for Antivirus\.oracle_jre_usage
2015-12-01 15:27 - 2015-10-22 03:40 - 00003164 _____ C:\Windows\System32\Tasks\Private Internet Access Startup
2015-12-01 15:27 - 2015-10-21 14:55 - 00000000 ____D C:\Program Files\pia_manager
2015-11-29 20:34 - 2015-11-03 20:13 - 00002441 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk
2015-11-29 20:27 - 2014-07-05 00:09 - 00000000 ____D C:\Users\installation\AppData\Local\Adobe
2015-11-29 20:26 - 2015-06-25 16:05 - 00780488 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2015-11-29 20:26 - 2015-06-25 16:05 - 00142536 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl

==================== Files in the root of some directories =======

2012-04-21 10:55 - 2013-11-15 18:36 - 0099384 _____ () C:\Users\installation\AppData\Roaming\inst.exe
2012-04-21 10:55 - 2013-11-15 18:36 - 0007859 _____ () C:\Users\installation\AppData\Roaming\pcouffin.cat
2012-04-21 10:55 - 2013-11-15 18:36 - 0001167 _____ () C:\Users\installation\AppData\Roaming\pcouffin.inf
2012-04-21 10:56 - 2013-11-15 18:36 - 0000055 _____ () C:\Users\installation\AppData\Roaming\pcouffin.log
2012-04-21 10:55 - 2013-11-15 18:36 - 0082816 _____ (VSO Software) C:\Users\installation\AppData\Roaming\pcouffin.sys
2012-04-21 10:58 - 2013-09-19 04:12 - 0001057 _____ () C:\Users\installation\AppData\Roaming\vso_ts_preview.xml
2013-04-22 07:48 - 2015-06-21 14:57 - 0070144 _____ () C:\Users\installation\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2015-11-08 20:07 - 2015-11-08 20:07 - 0000057 _____ () C:\ProgramData\Ament.ini

Some files in TEMP:
====================
C:\Users\Administrator\AppData\Local\Temp\$avantbrowser$.update.exe
C:\Users\Administrator\AppData\Local\Temp\HitmanPro.exe
C:\Users\Administrator\AppData\Local\Temp\hmpalert_update.exe
C:\Users\Administrator\AppData\Local\Temp\i4jdel0.exe
C:\Users\Carrie\AppData\Local\Temp\$browser$.update.exe
C:\Users\Carrie\AppData\Local\Temp\i4jdel0.exe
C:\Users\Carrie\AppData\Local\Temp\i4jdel1.exe
C:\Users\Carrie\AppData\Local\Temp\install_flashplayer11x32ax_gtba_chra_dy_aih.exe
C:\Users\Guest\AppData\Local\Temp\i4jdel0.exe
C:\Users\installation\AppData\Local\Temp\$avantbrowser$.update.exe
C:\Users\installation\AppData\Local\Temp\Quarantine.exe
C:\Users\installation\AppData\Local\Temp\sqlite3.dll
C:\Users\Joel\AppData\Local\Temp\$avantbrowser$.update.exe
C:\Users\Larry\AppData\Local\Temp\$avantbrowser$.update.exe
C:\Users\Larry\AppData\Local\Temp\$browser$.update.exe
C:\Users\Larry\AppData\Local\Temp\i4jdel0.exe
C:\Users\Test for Antivirus\AppData\Local\Temp\$avantbrowser$.update.exe
C:\Users\Test for Antivirus\AppData\Local\Temp\FreemakeVideoConverterFull.exe
C:\Users\Test for Antivirus\AppData\Local\Temp\i4jdel0.exe
C:\Users\User1\AppData\Local\Temp\$browser$.update.exe
C:\Users\User1\AppData\Local\Temp\i4jdel0.exe
C:\Users\User1\AppData\Local\Temp\install_flashplayer11x32ax_gtba_chra_dy_aih.exe
C:\Users\User1\AppData\Local\Temp\install_reader11_en_aih.exe


==================== Bamital & volsnap =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2015-12-20 04:49

==================== End of FRST.txt ============================

 

 

 

Attached Files



BC AdBot (Login to Remove)

 


#2 nasdaq

nasdaq

  • Malware Response Team
  • 40,169 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:01:51 PM

Posted 30 December 2015 - 11:55 AM

Hello, Welcome to BleepingComputer.
I'm nasdaq and will be helping you.

If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps in the order listed.
===


Press the windows key Windows_Logo_key.gif+ r on your keyboard at the same time. This will open the RUN BOX.
Type Notepad and and click the OK key.
Please copy the entire contents of the code box below to the a new file.


start

CreateRestorePoint:
EmptyTemp:
CloseProcesses:
cmd: netsh winsock reset

HKLM-x32\...\Run: [] => [X]
HKLM Group Policy restriction on software: %LocalAppData%\*\*.exe <====== ATTENTION
HKLM Group Policy restriction on software: %LocalAppData%\Temp\*.zip\*.exe <====== ATTENTION
HKLM Group Policy restriction on software: %LocalAppData%\Temp\7z*\*.exe <====== ATTENTION
HKLM Group Policy restriction on software: Path: %AppData%\*.exe <====== ATTENTION
HKLM Group Policy restriction on software: %LocalAppData%\*.exe <====== ATTENTION
HKLM Group Policy restriction on software: %LocalAppData%\Temp\wz*\*.exe <====== ATTENTION
HKLM Group Policy restriction on software: %LocalAppData%\Temp\Rar*\*.exe <====== ATTENTION
HKLM Group Policy restriction on software: %AppData%\*\*.exe <====== ATTENTION
HKLM Group Policy restriction on software: %HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRoot% <====== ATTENTION
HKLM Group Policy restriction on software: %HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ProgramFilesDir% <====== ATTENTION
GroupPolicyScripts: Restriction <======= ATTENTION
Winsock: Catalog5 08 C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL No File
Winsock: Catalog5 09 C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL No File
Winsock: Catalog5-x64 08 C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL No File
Winsock: Catalog5-x64 09 C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL No File
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKU\.DEFAULT\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKU\S-1-5-21-2085024141-2439579769-4020783274-1004\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKU\S-1-5-21-2085024141-2439579769-4020783274-1004\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://search.yahoo.com/?fr=avantsearch6
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
FF Extension: Hotspot Shield Extension - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\afproxy@anchorfree.com [2015-11-08] [not signed]
FF HKLM\...\Thunderbird\Extensions: [eplgTb@eset.com] - C:\Program Files\ESET\ESET Smart Security\Mozilla Thunderbird => not found
FF HKLM-x32\...\Thunderbird\Extensions: [eplgTb@eset.com] - C:\Program Files\ESET\ESET Smart Security\Mozilla Thunderbird => not found
S3 ATP; system32\DRIVERS\cmdatp.sys [X]
S3 cpuz136; \??\C:\Users\INSTAL~1\AppData\Local\Temp\cpuz136\cpuz136_x64.sys [X]
S3 Synth3dVsc; System32\drivers\synth3dvsc.sys [X]
S3 Tpacketv; system32\DRIVERS\tpacketv.sys [X]
S3 TpacketvMP; system32\DRIVERS\tpacketv.sys [X]
S3 tsusbhub; system32\drivers\tsusbhub.sys [X]
U2 V2iMount; no ImagePath
S3 VGPU; System32\drivers\rdvgkmd.sys [X]
C:\Users\Administrator\AppData\Local\Temp\$avantbrowser$.update.exe
C:\Users\Administrator\AppData\Local\Temp\HitmanPro.exe
C:\Users\Administrator\AppData\Local\Temp\hmpalert_update.exe
C:\Users\Administrator\AppData\Local\Temp\i4jdel0.exe
C:\Users\Carrie\AppData\Local\Temp\$browser$.update.exe
C:\Users\Carrie\AppData\Local\Temp\i4jdel0.exe
C:\Users\Carrie\AppData\Local\Temp\i4jdel1.exe
C:\Users\Carrie\AppData\Local\Temp\install_flashplayer11x32ax_gtba_chra_dy_aih.exe
C:\Users\Guest\AppData\Local\Temp\i4jdel0.exe
C:\Users\installation\AppData\Local\Temp\$avantbrowser$.update.exe
C:\Users\installation\AppData\Local\Temp\Quarantine.exe
C:\Users\installation\AppData\Local\Temp\sqlite3.dll
C:\Users\Joel\AppData\Local\Temp\$avantbrowser$.update.exe
C:\Users\Larry\AppData\Local\Temp\$avantbrowser$.update.exe
C:\Users\Larry\AppData\Local\Temp\$browser$.update.exe
C:\Users\Larry\AppData\Local\Temp\i4jdel0.exe
C:\Users\Test for Antivirus\AppData\Local\Temp\$avantbrowser$.update.exe
C:\Users\Test for Antivirus\AppData\Local\Temp\FreemakeVideoConverterFull.exe
C:\Users\Test for Antivirus\AppData\Local\Temp\i4jdel0.exe
C:\Users\User1\AppData\Local\Temp\$browser$.update.exe
C:\Users\User1\AppData\Local\Temp\i4jdel0.exe
C:\Users\User1\AppData\Local\Temp\install_flashplayer11x32ax_gtba_chra_dy_aih.exe
C:\Users\User1\AppData\Local\Temp\install_reader11_en_aih.exe

End
Save the file as fixlist.txt in the same folder where the Farbar tool is running from.
The location is listed in the 3rd line of the Farbar log you have submitted.

Run FRST and click Fix only once and wait.

Restart the computer normally to reset the registry.

The tool will create a log (Fixlog.txt) please post it to your reply.
===

Please download AdwCleaner by Xplode onto your Desktop.
  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click the Scan button and wait for the process to complete.
  • Click the LogFile button and the report will open in Notepad.
IMPORTANT
  • If you click the Clean button all items listed in the report will be removed.
If you find some false positive items or programs that you wish to keep, Close the AdwCleaner windows.
  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click the Scan button and wait for the process to complete.
  • Check off the element(s) you wish to keep.
  • Click on the Clean button follow the prompts.
  • A log file will automatically open after the scan has finished.
  • Please post the content of that log file with your next answer.
  • You can find the log file at C:\AdwCleanerCx.txt (x is a number).
===

Please post the logs and let me know what problem persists.

p.s.

Please remove this old version of Java via the Control Panel > Programs and Features applet.

Java 8 Update 65 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218065F0}) (Version: 8.0.650.17 - Oracle Corporation)

#3 jouster007

jouster007
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:09:51 AM

Posted 30 December 2015 - 06:46 PM

# AdwCleaner v5.027 - Logfile created 30/12/2015 at 15:21:49
# Updated 30/12/2015 by Xplode
# Database : 2015-12-30.1 [Server]
# Operating system : Windows 7 Ultimate Service Pack 1 (x64)
# Username : installation - PALS
# Running from : C:\Users\installation\Desktop\AdwCleaner(1).exe
# Option : Scan
# Support : http://toolslib.net/forum

***** [ Services ] *****


***** [ Folders ] *****


***** [ Files ] *****


***** [ DLL ] *****


***** [ Shortcuts ] *****


***** [ Scheduled tasks ] *****


***** [ Registry ] *****


***** [ Web browsers ] *****


########## EOF - C:\AdwCleaner\AdwCleaner[S7].txt - [591 bytes] ##########
 

I have removed the Java 8 update 65

rebooted the computer and tested the browsers.

I did notice it takes a really long time to have the computer restart it takes forever to establish an internet connection though I am on broadband cable internet the internet access icon on the lower right corner literally took about 3 mins before it finally said connected.

 

Tried firefox and went to netflix.

When I clicked on an episode like before when it would normally show the progress icon for the stream before it plays. Since having this trojan this progress icon does not show up and eventually times out with a code.

Whoops, something went wrong... Internet Connection Problem

An Internet or home network connection problem is preventing playback. Please check your Internet connection and try again.

If the problem persists, please call Netflix Customer Support at 1-800-585-7265.

Error Code: F7031-1105

 

I have called Netflix and they indicate there is some kind of blocker on the computer, I have checked fire fox settings but do not see any kind of blocking occurring.

Looks like I still have the existing issue as before despite the farbar fix script.

 

 



#4 nasdaq

nasdaq

  • Malware Response Team
  • 40,169 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:01:51 PM

Posted 31 December 2015 - 08:35 AM

If the problem persists, please call Netflix Customer Support at 1-800-585-7265.
Error Code: F7031-1105

I have called Netflix and they indicate there is some kind of blocker on the computer, I have checked fire fox settings but do not see any kind of blocking occurring.
Looks like I still have the existing issue as before despite the farbar fix script.


This nexflix page describes you problem.
https://help.netflix.com/en/node/85

Did they suggest you start with the instructions?

Did you try to connect you game console directly to your Modem?

If that works then your Router has probably been compromises.

How to Reset a Router Back to the Factory Default Settings
http://www.ehow.com/how_2110924_reset-back-factory-default-settings.html

Then, please reconfigure it back to your preferred setting.. Below is the list of default username and password, should you don't know it ;)

http://www.routerpasswords.com/
http://www.phenoelit-us.org/dpl/dpl.html
===

Reset for Linksys, Netgear, D-Link and Belkin Routers
http://www.techsupportforum.com/2763-reset-for-linksys-netgear-d-link-and-belkin-routers/


How to tell if my Wireless is secure.
http://www.ehow.com/how_6775466_tell-wireless-secure_.html

===

--RogueKiller--
  • Download & SAVE to your Desktop Download RogueKiller
  • Quit all programs that you may have started.
  • Please disconnect any USB or external drives from the computer before you run this scan!
  • For Vista or Windows 7, right-click and select "Run as Administrator to start"
  • For Windows XP, double-click to start.
  • Wait until Prescan has finished ...
  • When instructed Click on "Scan" button
  • Wait until the Status box shows "Scan Finished"
  • Click on "Report"
  • Click on Export TXT button save the file as RogueReport.txt
  • The file RogueReport.txt will be saved in the desktop.
  • Close the program.
  • Open the file with Notepad and Copy/paste the content into your next reply.
<<<>>>

Please the log and let me know what problem persists.

#5 jouster007

jouster007
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:09:51 AM

Posted 31 December 2015 - 08:43 PM

Hi, thank you for the links regarding the router. I don't think they will be necessary because Netflix like the other affected sites works fine in safe mode.

 

Here is the log file from the rogue killer.

RogueKiller V11.0.5.0 [Dec 28 2015] (Free) by Adlice Software
mail : http://www.adlice.com/contact/
Feedback : http://forum.adlice.com
Website : http://www.adlice.com/software/roguekiller/
Blog : http://www.adlice.com

Operating System : Windows 7 (6.1.7601 Service Pack 1) 64 bits version
Started in : Normal mode
User : installation [Administrator]
Started from : C:\Users\installation\Desktop\RogueKiller(1).exe
Mode : Scan -- Date : 12/31/2015 14:04:44

¤¤¤ Processes : 0 ¤¤¤

¤¤¤ Registry : 6 ¤¤¤
[PUP] (X86) HKEY_LOCAL_MACHINE\Software\DownloadTerms -> Found
[PUP] (X86) HKEY_LOCAL_MACHINE\Software\Object -> Found
[PUP] (X64) HKEY_USERS\S-1-5-21-2085024141-2439579769-4020783274-1004\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7F6AFBF1-E065-4627-A2FD-810366367D01} -> Found
[PUP] (X86) HKEY_USERS\S-1-5-21-2085024141-2439579769-4020783274-1004\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7F6AFBF1-E065-4627-A2FD-810366367D01} -> Found
[PUM.Policies] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System | ConsentPromptBehaviorAdmin : 0  -> Found
[PUM.Policies] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System | ConsentPromptBehaviorAdmin : 0  -> Found

¤¤¤ Tasks : 0 ¤¤¤

¤¤¤ Files : 2 ¤¤¤
[PUP][Folder] C:\ProgramData\{1C6FDDD8-FC9E-4C12-9FA5-1AAD377097B3} -> Found
[PUP][Folder] C:\ProgramData\{93E26451-CD9A-43A5-A2FA-C42392EA4001} -> Found

¤¤¤ Hosts File : 11 ¤¤¤
[C:\Windows\System32\drivers\etc\hosts] 127.0.0.1 shop.audials.com
[C:\Windows\System32\drivers\etc\hosts] 127.0.0.1 www.eblaster.com
[C:\Windows\System32\drivers\etc\hosts] 127.0.0.1 www.spectorsoft.com
[C:\Windows\System32\drivers\etc\hosts] 127.0.0.1 eblaster.com
[C:\Windows\System32\drivers\etc\hosts] 127.0.0.1 spectorsoft.com
[C:\Windows\System32\drivers\etc\hosts] 127.0.0.1 www.u2a1376gf-43ty-245b.com
[C:\Windows\System32\drivers\etc\hosts] 127.0.0.1 u2a1376gf-43ty-245b.com
[C:\Windows\System32\drivers\etc\hosts] 127.0.0.1 www.v19170dc0-7597-11d.com
[C:\Windows\System32\drivers\etc\hosts] 127.0.0.1 v19170dc0-7597-11d.com
[C:\Windows\System32\drivers\etc\hosts] 127.0.0.1 www.d2a1376gf-43ty-245a.com
[C:\Windows\System32\drivers\etc\hosts] 127.0.0.1 d2a1376gf-43ty-245a.com

¤¤¤ Antirootkit : 0 (Driver: Not loaded [0xc000036b]) ¤¤¤

¤¤¤ Web browsers : 0 ¤¤¤

¤¤¤ MBR Check : ¤¤¤
+++++ PhysicalDrive0: ST3500418AS ATA Device +++++
--- User ---
[MBR] 9547f35ab244f9e83ac2164545bfd59b
[BSP] ae203e84dcb456630d870d8f3155a2b5 : Windows XP MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x7) [VISIBLE] Offset (sectors): 63 | Size: 316929 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
1 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 649072640 | Size: 160008 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
User = LL1 ... OK
User = LL2 ... OK
 

You did not indicate if you wanted me to delete the pups found so the same issue is current since nothing has been done.



#6 nasdaq

nasdaq

  • Malware Response Team
  • 40,169 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:01:51 PM

Posted 01 January 2016 - 08:51 AM

It's OK to clean all.
Run the tool one more time and fix everything.
Default settings will be reset where necessary.

===

Firefox:
Reset Default Browsing settings:
https://support.mozilla.org/en-US/kb/reset-firefox-easily-fix-problems?utm_expid=65912487-41.djHNRQY0RhaLvvtvcd0BQA.2&utm_referrer=https%3A%2F%2Fwww.google.ca%2F

Clean the Firefox Cache.
https://kb.wisc.edu/page.php?id=15141
===

Keep me posted.

#7 jouster007

jouster007
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:09:51 AM

Posted 01 January 2016 - 10:50 PM

I did as you instructed ran another scan of rogue killer, cleaned all the items. Reboot, then I reset fire fox to default settings and cleared the caches this I had to do in safe mode for when I went to reset firefox to default settings the screen looked like it did with no graphics all text and links not working. When I pulled up in safe mode it was fine. Restarted in normal again took forever to load and connect to the internet. When tried netflix it was the same as before. I ran another scan of rogue killer and it found items again.

 

Here is the log file:

RogueKiller V11.0.5.0 [Dec 28 2015] (Free) by Adlice Software
mail : http://www.adlice.com/contact/
Feedback : http://forum.adlice.com
Website : http://www.adlice.com/software/roguekiller/
Blog : http://www.adlice.com

Operating System : Windows 7 (6.1.7601 Service Pack 1) 64 bits version
Started in : Normal mode
User : installation [Administrator]
Started from : C:\Users\installation\Desktop\RogueKiller(1).exe
Mode : Scan -- Date : 01/01/2016 19:27:21

¤¤¤ Processes : 0 ¤¤¤

¤¤¤ Registry : 0 ¤¤¤

¤¤¤ Tasks : 0 ¤¤¤

¤¤¤ Files : 2 ¤¤¤
[PUP][Folder] C:\ProgramData\{1C6FDDD8-FC9E-4C12-9FA5-1AAD377097B3} -> Found
[PUP][Folder] C:\ProgramData\{93E26451-CD9A-43A5-A2FA-C42392EA4001} -> Found

¤¤¤ Hosts File : 5 ¤¤¤
[C:\Windows\System32\drivers\etc\hosts] 127.0.0.1 u2a1376gf-43ty-245b.com
[C:\Windows\System32\drivers\etc\hosts] 127.0.0.1 www.v19170dc0-7597-11d.com
[C:\Windows\System32\drivers\etc\hosts] 127.0.0.1 v19170dc0-7597-11d.com
[C:\Windows\System32\drivers\etc\hosts] 127.0.0.1 www.d2a1376gf-43ty-245a.com
[C:\Windows\System32\drivers\etc\hosts] 127.0.0.1 d2a1376gf-43ty-245a.com

¤¤¤ Antirootkit : 0 (Driver: Not loaded [0xc000036b]) ¤¤¤

¤¤¤ Web browsers : 0 ¤¤¤

¤¤¤ MBR Check : ¤¤¤
+++++ PhysicalDrive0: ST3500418AS ATA Device +++++
--- User ---
[MBR] 9547f35ab244f9e83ac2164545bfd59b
[BSP] ae203e84dcb456630d870d8f3155a2b5 : Windows XP MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x7) [VISIBLE] Offset (sectors): 63 | Size: 316929 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
1 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 649072640 | Size: 160008 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
User = LL1 ... OK
User = LL2 ... OK
 

Please let me know what you would like me to do next.

Jouster



#8 nasdaq

nasdaq

  • Malware Response Team
  • 40,169 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:01:51 PM

Posted 02 January 2016 - 09:21 AM

If the folders in bold are empy you can delete them.

[PUP][Folder] C:\ProgramData\{1C6FDDD8-FC9E-4C12-9FA5-1AAD377097B3} -> Found
[PUP][Folder] C:\ProgramData\{93E26451-CD9A-43A5-A2FA-C42392EA4001} -> Found

If not empty please run this Farbar search and post the log for my review.

Press the windows key Windows_Logo_key.gif+ r on your keyboard at the same time. This will open the RUN BOX.
Type Notepad and and click the OK key.
Please copy the entire contents of the code box below to the a new file.
 
start

FindFolder: {1C6FDDD8-FC9E-4C12-9FA5-1AAD377097B3} 
FindFolder: {93E26451-CD9A-43A5-A2FA-C42392EA4001} 

Place the fix here...

End
Save the file as fixlist.txt in the same folder where the Farbar tool is running from.
The location is listed in the 3rd line of the Farbar log you have submitted.

Run FRST and click Fix only once and wait.

Restart the computer normally to reset the registry.

The tool will create a log (Fixlog.txt) please post it to your reply.
===


Your Firefox was compromised. Remove and re-install the application.


Remove Firefox using the instructions one this page.
https://support.mozilla.org/en-US/kb/uninstall-firefox-from-your-computer

Before proceeding save your Bookmarks.
https://support.mozilla.org/en-US/kb/export-firefox-bookmarks-to-backup-or-transfer

Install the latest version of the application.

You can then import them to the new version of Firefox.

Firefox Password manager -
Remember, delete and change saved passwords in Firefox
https://support.mozilla.org/en-US/kb/password-manager-remember-delete-change-passwords
<<<>>>

Let me know of how things are.

#9 jouster007

jouster007
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:09:51 AM

Posted 02 January 2016 - 06:38 PM

Here are the requested logs:

 

Fix result of Farbar Recovery Scan Tool (x64) Version:29-12-2015
Ran by installation (2016-01-02 14:29:01) Run:2
Running from C:\Users\installation\Desktop
Loaded Profiles: installation (Available Profiles: Larry & Carrie & installation & Test for Antivirus & User1 & Mama's Mix profile & Joel & Administrator & Guest)
Boot Mode: Normal
==============================================

fixlist content:
*****************
start

FindFolder: {1C6FDDD8-FC9E-4C12-9FA5-1AAD377097B3}
FindFolder: {93E26451-CD9A-43A5-A2FA-C42392EA4001}

Place the fix here...

End
*****************

================== FindFolder: "{1C6FDDD8-FC9E-4C12-9FA5-1AAD377097B3}" ===================

2012-04-20 20:06 - 2012-06-11 20:21 _____ C:\ProgramData\{1C6FDDD8-FC9E-4C12-9FA5-1AAD377097B3}

=== End of FindFolder ===
================== FindFolder: "{93E26451-CD9A-43A5-A2FA-C42392EA4001}" ===================

2012-04-21 11:23 - 2012-04-21 11:24 _____ C:\ProgramData\{93E26451-CD9A-43A5-A2FA-C42392EA4001}

=== End of FindFolder ===
Place the fix here... => Error: No automatic fix found for this entry.

==== End of Fixlog 14:32:00 ====

 

 

 

Additional scan result of Farbar Recovery Scan Tool (x64) Version:29-12-2015
Ran by installation (2016-01-02 14:22:23)
Running from C:\Users\installation\Desktop
Windows 7 Ultimate Service Pack 1 (X64) (2012-04-20 02:01:27)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-2085024141-2439579769-4020783274-500 - Administrator - Enabled) => C:\Users\Administrator
Carrie (S-1-5-21-2085024141-2439579769-4020783274-1003 - Limited - Enabled) => C:\Users\Carrie
Guest (S-1-5-21-2085024141-2439579769-4020783274-501 - Limited - Disabled) => C:\Users\Guest
HomeGroupUser$ (S-1-5-21-2085024141-2439579769-4020783274-1001 - Limited - Enabled)
installation (S-1-5-21-2085024141-2439579769-4020783274-1004 - Administrator - Enabled) => C:\Users\installation
Joel (S-1-5-21-2085024141-2439579769-4020783274-1011 - Limited - Enabled) => C:\Users\Joel
Larry (S-1-5-21-2085024141-2439579769-4020783274-1002 - Limited - Enabled) => C:\Users\Larry
Mama's Mix profile (S-1-5-21-2085024141-2439579769-4020783274-1010 - Administrator - Enabled) => C:\Users\Mama's Mix profile
New User (S-1-5-21-2085024141-2439579769-4020783274-1012 - Administrator - Enabled)
Test for Antivirus (S-1-5-21-2085024141-2439579769-4020783274-1005 - Administrator - Enabled) => C:\Users\Test for Antivirus
User1 (S-1-5-21-2085024141-2439579769-4020783274-1006 - Limited - Enabled) => C:\Users\User1

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: ESET Smart Security 9.0.349.0 (Enabled - Up to date) {19259FAE-8396-A113-46DB-15B0E7DFA289}
AS: Windows Defender (Enabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: ESET Smart Security 9.0.349.0 (Enabled - Up to date) {A2447E4A-A5AC-AE9D-7C6B-2EC29C58E834}
FW: ESET Personal firewall (Enabled) {211E1E8B-C9F9-A04B-6D84-BC85190CE5F2}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

7-Zip 9.20 (x64 edition) (HKLM\...\{23170F69-40C1-2702-0920-000001000000}) (Version: 9.20.00.0 - Igor Pavlov)
Adobe Acrobat Reader DC (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}) (Version: 15.009.20079 - Adobe Systems Incorporated)
Adobe Flash Player 19 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 19.0.0.245 - Adobe Systems Incorporated)
Adobe Photoshop CS4 (HKLM-x32\...\Adobe Photoshop CS4) (Version: 11.0.1 - DLC)
Adobe Shockwave Player 12.1 (HKLM-x32\...\Adobe Shockwave Player) (Version: 12.1.5.155 - Adobe Systems, Inc.)
Album Art Downloader XUI 1.00 (HKLM-x32\...\Album Art Downloader XUI) (Version: 1.00 - hxxp://sourceforge.net/projects/album-art)
Android USB Driver (HKLM-x32\...\Android USB Driver_is1) (Version:  - )
Angry Birds Star Wars II (HKLM-x32\...\{15231C14-90E3-4BBE-A11E-88C289FD0B6B}) (Version: 1.2.1 - Rovio Entertainment Ltd.)
Apple Application Support (HKLM-x32\...\{78002155-F025-4070-85B3-7C0453561701}) (Version: 3.0.6 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{B678797F-DF38-4556-8A31-8B818E261868}) (Version: 8.0.0.23 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
ArcSoft Print Creations - Album Page (HKLM-x32\...\{E6B4117F-AC59-4B13-9274-EB136E8897EE}) (Version:  - ArcSoft)
ArcSoft Print Creations - Funhouse (HKLM-x32\...\{9591C049-5CAE-4E89-A8D9-191F1899628B}) (Version:  - ArcSoft)
ArcSoft Print Creations - Greeting Card (HKLM-x32\...\{F04F9557-81A9-4293-BC49-2C216FA325A7}) (Version:  - ArcSoft)
ArcSoft Print Creations - Photo Book (HKLM-x32\...\{56589DFE-0C29-4DFE-8E42-887B771ECD23}) (Version:  - ArcSoft)
ArcSoft Print Creations - Photo Calendar (HKLM-x32\...\{CA9ED5E4-1548-485B-A293-417840060158}) (Version:  - ArcSoft)
ArcSoft Print Creations - Scrapbook (HKLM-x32\...\{B0D83FCD-9D42-43ED-8315-250326AADA02}) (Version:  - ArcSoft)
ArcSoft Print Creations - Slimline Card (HKLM-x32\...\{007B37D9-0C45-4202-834B-DD5FAAE99D63}) (Version:  - ArcSoft)
ArcSoft Print Creations (HKLM-x32\...\{CAE8A0F1-B498-4C23-95FA-55047E730C8F}) (Version: 2.8.255.384 - ArcSoft)
ATI Catalyst Install Manager (HKLM\...\{5EA942DE-482B-F143-7EC7-058EAC790D4D}) (Version: 3.0.643.0 - ATI Technologies, Inc.)
Audacity 2.0.6 (HKLM-x32\...\Audacity_is1) (Version: 2.0.6 - Audacity Team)
Avant Browser (remove only) (HKLM-x32\...\AvantBrowser) (Version: 12.5.0.0 - Avant Force)
AviSynth 2.5 (HKLM-x32\...\AviSynth) (Version:  - )
Belarc Advisor 8.5a (HKLM-x32\...\Belarc Advisor) (Version: 8.5.1.0 - Belarc Inc.)
BitTorrent Sync (HKLM-x32\...\BitTorrent Sync) (Version: 1.2.82 - )
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
calibre (HKLM-x32\...\{D9D5A07A-F299-4741-BFE6-302324CC0BD7}) (Version: 0.9.7 - Kovid Goyal)
CBR Reader (HKLM-x32\...\{EDAAC216-AC73-4152-9654-E12FE5A69F5D}_is1) (Version:  - cbrreader.com)
ccc-core-static (x32 Version: 2007.1010.1337.22397 - ATI) Hidden
CCleaner (HKLM\...\CCleaner) (Version: 5.12 - Piriform)
CDBurnerXP (HKLM-x32\...\{7E265513-8CDA-4631-B696-F40D983F3B07}_is1) (Version: 4.5.1.4003 - CDBurnerXP)
ChromecastApp (HKU\S-1-5-21-2085024141-2439579769-4020783274-1004\...\{079ede36-133d-44b0-8053-c7c1fa8d2e0d}_is1) (Version: 1.5.1693.0 - Google Inc.)
ClamWin Free Antivirus 0.98.7 (HKLM-x32\...\ClamWin Free Antivirus_is1) (Version:  - alch)
ConvertHelper 2.2 (HKLM-x32\...\{27CC6AB1-E72B-4179-AF1A-EAE507EBAF51}_is1) (Version:  - DownloadHelper)
CopyTrans Suite (HKLM-x32\...\CopyTrans Suite) (Version:  - )
d2mp (HKLM-x32\...\d2mp) (Version:  - )
Defraggler (HKLM\...\Defraggler) (Version: 2.18 - Piriform)
Disney Infinity 2.0 (HKLM-x32\...\{AD3C5D08-A89D-4E05-A0D2-CD24C6F689EE}) (Version: 1.101.1728 - Disney Interactive)
DVD Decrypter (Remove Only) (HKLM-x32\...\DVD Decrypter) (Version:  - )
EPSON Scan (HKLM-x32\...\EPSON Scanner) (Version:  - )
ESET Smart Security (HKLM\...\{C7967963-BE1C-4ABA-839F-3CB206E50697}) (Version: 9.0.349.0 - ESET, spol. s r.o.)
FlashGet3.7 (HKLM-x32\...\FlashGet3.7) (Version: 3.7.0.1220 - hxxp://www.FlashGet.com)
Free Video Volume Booster v1.8 (HKLM-x32\...\Free Video Volume Booster_is1) (Version: 1.8.0.0 - DVDAVITools)
Freemake Audio Converter version 1.1.0 (HKLM-x32\...\Freemake Audio Converter_is1) (Version: 1.1.0 - Ellora Assets Corporation)
Freemake Video Converter version 4.1.9 (HKLM-x32\...\Freemake Video Converter_is1) (Version: 4.1.9 - Ellora Assets Corporation)
Freemake Video Downloader (HKLM-x32\...\Freemake Video Downloader_is1) (Version: 3.5.0 - Ellora Assets Corporation)
FUJIFILM USB Driver (HKLM-x32\...\{5490882C-6961-11D5-BAE5-00E0188E010B}) (Version:  - )
Google Chrome (HKU\S-1-5-21-2085024141-2439579769-4020783274-1004\...\Google Chrome) (Version: 47.0.2526.106 - Google Inc.)
GrabIt 1.7.2 Beta 6 (build 1008) (HKLM-x32\...\GrabIt_is1) (Version:  - Ilan Shemes)
Hallmark Card Studio 2012 Deluxe (HKLM-x32\...\{8777089A-4CF4-44BA-910B-9A4580669DED}) (Version: 13.0.0.17 - Creative Home)
HitmanPro.Alert (HKLM\...\HitmanPro.Alert) (Version: 2.6.5.77 - SurfRight B.V.)
HP Deskjet 2540 series Basic Device Software (HKLM\...\{6A79CD11-0C1C-4E24-A8C6-46A02F680346}) (Version: 32.2.188.47710 - Hewlett-Packard Co.)
HP Photo Creations (HKLM-x32\...\HP Photo Creations) (Version: 1.0.0.7702 - HP)
HP Update (HKLM-x32\...\{912D30CF-F39E-4B31-AD9A-123C6B794EE2}) (Version: 5.005.002.002 - Hewlett-Packard)
iCloud (HKLM\...\{6096C0CC-7E19-4355-87F0-627EC5AA146D}) (Version: 4.0.3.56 - Apple Inc.)
Intel® Graphics Media Accelerator Driver (HKLM\...\HDMI) (Version: 8.15.10.1930 - Intel Corporation)
IrfanView (remove only) (HKLM-x32\...\IrfanView) (Version: 4.32 - Irfan Skiljan)
iTunes (HKLM\...\{F46AA0F1-E284-4878-A462-5F11B9166C0E}) (Version: 11.4.0.18 - Apple Inc.)
Java 8 Update 66 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218066F0}) (Version: 8.0.660.18 - Oracle Corporation)
K-Lite Mega Codec Pack 9.9.5 (HKLM-x32\...\KLiteCodecPack_is1) (Version: 9.9.5 - )
Lagarith Lossless Codec (1.3.27) (HKLM-x32\...\{F59AC46C-10C3-4023-882C-4212A92283B3}_is1) (Version:  - )
LAME v3.99.3 (for Windows) (HKLM-x32\...\LAME_is1) (Version:  - )
LeapFrog Connect (HKLM-x32\...\UPCShell) (Version: 4.2.14.16426 - LeapFrog)
LeapFrog Connect (x32 Version: 4.2.14.16426 - LeapFrog) Hidden
LeapFrog Tag Plugin (x32 Version: 4.2.9.15649 - LeapFrog) Hidden
LEGO MARVEL Super Heroes (HKLM-x32\...\LEGO MARVEL Super Heroes_is1) (Version:  - Warner Bros. Games)
LEGO® Batman™ (HKLM-x32\...\InstallShield_{398AB469-77FC-4935-820B-D419388C0A6A}) (Version: 1.00.0000 - Warner Bros. Interactive Entertainment)
LEGO® Batman™ (x32 Version: 1.00.0000 - Warner Bros. Interactive Entertainment) Hidden
LEGO® Batman™ 2: DC Super Heroes (HKLM-x32\...\{4E2EA555-3DAE-4BE1-96BF-6A632ACFE8DE}) (Version: 1.0.0.0 - Warner Bros. Interactive Entertainment)
LEGO® Indiana Jones™ (HKLM-x32\...\InstallShield_{A14C40E7-F7E5-498D-B8BD-A3EAE942EED0}) (Version: 1.00.0000 - LucasArts)
LEGO® Indiana Jones™ (x32 Version: 1.00.0000 - LucasArts) Hidden
LEGO® Indiana Jones™ 2 (x32 Version: 1.00.0000 - LucasArts) Hidden
LEGO® Indiana Jones™ 2: The Adventure Continues (HKLM-x32\...\InstallShield_{11192AA7-FBE3-4150-9667-EE7279CCC769}) (Version: 1.00.0000 - LucasArts)
LEGO® MARVEL Super Heroes DEMO (HKLM-x32\...\{B61BC343-F4F2-40F8-8F85-E6AF3828CBA5}) (Version: 1.0.0.0 - Warner Bros. Interactive Entertainment)
LEGO® Pirates of the Caribbean The Video Game (HKLM-x32\...\{64958DA4-79D3-43FD-AF06-720DAD044F9E}) (Version: 1.0.0.0 - Disney Interactive Studios)
LEGO® Star Wars™: The Complete Saga (HKLM-x32\...\InstallShield_{D596980D-17BE-4425-B8F0-5640719AADE9}) (Version: 1.00.0000 - LucasArts)
LEGO® Star Wars™: The Complete Saga (x32 Version: 1.00.0000 - LucasArts) Hidden
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft Mouse and Keyboard Center (HKLM\...\Microsoft Mouse and Keyboard Center) (Version: 2.2.173.0 - Microsoft Corporation)
Microsoft Office File Validation Add-In (HKLM-x32\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
Microsoft Office Outlook Connector (HKLM-x32\...\{95140000-007A-0409-0000-0000000FF1CE}) (Version: 14.0.5118.5000 - Microsoft Corporation)
Microsoft Office Professional Plus 2016 - en-us (HKLM\...\ProPlusRetail - en-us) (Version: 16.0.6366.2036 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-2085024141-2439579769-4020783274-1004\...\OneDriveSetup.exe) (Version: 17.3.5951.0827 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.41105.0 - Microsoft Corporation)
Microsoft SQL Server Compact 3.5 SP2 ENU (HKLM-x32\...\{3A9FC03D-C685-4831-94CF-4EDFD3749497}) (Version: 3.5.8080.0 - Microsoft Corporation)
Microsoft SQL Server Compact 3.5 SP2 x64 ENU (HKLM\...\{D4AD39AD-091E-4D33-BB2B-59F6FCB8ADC3}) (Version: 3.5.8080.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6E8E85E8-CE4B-4FF5-91F7-04999C9FAE6A}) (Version: 8.0.50727.42 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005 (HKLM-x32\...\{ce085a78-074e-4823-8dc1-8a721b94b76d}) (Version: 12.0.21005.1 - Microsoft Corporation)
Microsoft Xbox 360 Accessories 1.2 (HKLM\...\{D9C50188-12D5-4D3E-8F00-682346C2AA5F}) (Version: 1.20.146.0 - Microsoft)
MKVToolNix 7.5.0 (64bit) (HKLM-x32\...\MKVToolNix) (Version: 7.5.0 - Moritz Bunkus)
Mozilla Firefox 43.0.3 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 43.0.3 (x86 en-US)) (Version: 43.0.3 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 43.0.3.5835 - Mozilla)
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (HKLM-x32\...\{196467F1-C11F-4F76-858B-5812ADC83B94}) (Version: 4.30.2100.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (KB2758694) (HKLM-x32\...\{1D95BA90-F4F8-47EC-A882-441C99D30C1E}) (Version: 4.30.2117.0 - Microsoft Corporation)
Nero 2014 (HKLM-x32\...\{F384C1E1-3A16-4073-95C3-7271FE0ED4C2}) (Version: 15.0.02200 - Nero AG)
NETGEAR Genie (HKLM-x32\...\NETGEAR Genie) (Version: 2.4.12.00 - NETGEAR Inc.)
NirSoft Network Password Recovery (HKLM-x32\...\NirSoft Network Password Recovery) (Version:  - )
NVIDIA 3D Vision Controller Driver 352.65 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB) (Version: 352.65 - NVIDIA Corporation)
NVIDIA GeForce Experience 2.5.12.11 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 2.5.12.11 - NVIDIA Corporation)
NVIDIA Graphics Driver 353.62 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 353.62 - NVIDIA Corporation)
NVIDIA HD Audio Driver 1.3.34.3 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.34.3 - NVIDIA Corporation)
NVIDIA PhysX System Software 9.15.0428 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.15.0428 - NVIDIA Corporation)
Office 16 Click-to-Run Extensibility Component (x32 Version: 16.0.6326.1010 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Licensing Component (Version: 16.0.6326.1010 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Localization Component (x32 Version: 16.0.6326.1010 - Microsoft Corporation) Hidden
OpenSource Flash Video Splitter 1.0.0.5 (HKLM-x32\...\OpenSource Flash Video Splitter) (Version: 1.0.0.5 - )
Osmo4/GPAC (remove only) (HKLM-x32\...\Osmo4) (Version:  - )
PDFCreator (HKLM-x32\...\{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}) (Version: 1.2.0 - Frank Heindörfer, Philip Chinery)
PeerBlock 1.2 (r693) (HKLM\...\{015C5B35-B678-451C-9AEE-821E8D69621C}_is1) (Version: 1.2.0.693 - PeerBlock, LLC)
PhotoDVD 4.0.0.37 (HKLM-x32\...\VSO PhotoDVD_is1) (Version: 4.0.0.37 - VSO Software SARL)
PowerISO (HKLM-x32\...\PowerISO) (Version: 4.6 - PowerISO Computing, Inc.)
Prerequisite installer (x32 Version: 15.0.0005 - Nero AG) Hidden
Private Internet Access Support Files (HKLM-x32\...\{7D72DAFF-DCB2-437B-BC22-4B2ABF21462B}) (Version: 1.0.0.0 - Private Internet Access)
qBittorrent 3.3.1 (HKLM-x32\...\qBittorrent) (Version: 3.3.1 - The qBittorrent project)
QuickPar 0.9 (HKLM-x32\...\QuickPar) (Version: 0.9 - Peter B. Clements)
QuickTime (HKLM-x32\...\{B67BAFBA-4C9F-48FA-9496-933E3B255044}) (Version: 7.74.80.86 - Apple Inc.)
RealDownloader (x32 Version: 1.3.1 - RealNetworks, Inc.) Hidden
RealNetworks - Microsoft Visual C++ 2008 Runtime (x32 Version: 9.0 - RealNetworks, Inc) Hidden
RealNetworks - Microsoft Visual C++ 2010 Runtime (x32 Version: 10.0 - RealNetworks, Inc) Hidden
RealUpgrade 1.1 (x32 Version: 1.1.0 - RealNetworks, Inc.) Hidden
SABnzbd 0.7.17 (HKLM-x32\...\SABnzbd) (Version: 0.7.17 - The SABnzbd Team)
Seagate Dashboard (HKLM-x32\...\{C3A11907-930D-41AC-A135-CC3B12F92011}) (Version: 1.1.0.1421 - Memeo Inc.)
SeaTools for Windows (HKLM-x32\...\{98613C99-1399-416C-A07C-1EE1C585D872}) (Version: 1.2.0.6 - Seagate Technology)
SeaTools for Windows 1.4.0.2 (HKLM-x32\...\SeaTools for Windows) (Version: 1.4.0.2 - Seagate Technology)
SHIELD Streaming (Version: 4.1.3000 - NVIDIA Corporation) Hidden
SHIELD Wireless Controller Driver (Version: 2.5.12.11 - NVIDIA Corporation) Hidden
Skins (x32 Version: 2007.1010.1337.22397 - ATI) Hidden
Speccy (HKLM\...\Speccy) (Version: 1.24 - Piriform)
Spider-Man™ - Web of Shadows (HKLM-x32\...\InstallShield_{7F7E4FA7-6F32-4DE2-917E-361E034AED7A}) (Version: 1.0 - Activision)
Spider-Man™ - Web of Shadows (x32 Version: 1.0 - Activision) Hidden
swMSM (x32 Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
Syncios version 4.1.1 (HKLM-x32\...\{068A5D84-8419-4BDE-9689-FE65F412EFBB}_is1) (Version: 4.1.1 - Anvsoft, Inc.)
Teenage Mutant Ninja Turtles: Out of the Shadows (HKLM-x32\...\Teenage Mutant Ninja Turtles: Out of the Shadows_is1) (Version: 1.0 - Activision)
Total Video Converter 3.70 100621 (HKLM-x32\...\Total Video Converter 3.70_is1) (Version:  - EffectMatrix Inc.)
TouchCopy 11 (HKLM-x32\...\{B7604945-ED3D-4AE5-AA69-7D5CFF333FE1}) (Version: 11.03 - Wide Angle Software)
Trust.Zone VPN Client (HKLM\...\trustzone_tzvpnclient) (Version: 1.00.986 - Trust.Zone VPN Project)
TuneUp Utilities Language Pack (en-US) (x32 Version: 9.0.3000.136 - TuneUp Software) Hidden
TVersity Codec Pack 1.7 (HKLM-x32\...\TVersity Codec Pack) (Version: 1.7 - TVersity Inc.)
TVersity Media Server Pro 3.8 (HKLM-x32\...\TVersity Media Server Pro) (Version: 3.8 - TVersity)
UltraISO Premium V9.35 (HKLM-x32\...\UltraISO_is1) (Version:  - )
USB Driver Vers. 3.2 (HKLM-x32\...\USB Driver Vers. 3.2) (Version:  - )
Use the entry named LeapFrog Connect to uninstall (LeapFrog Tag Plugin) (HKLM-x32\...\TagPlugin) (Version: 4.2.9.15649 - LeapFrog)
Vegas Pro 10.0 (HKLM-x32\...\{6D592E30-11EC-11E0-859C-0013D3D69929}) (Version: 10.0.469 - Sony)
VSO ConvertXToDVD (HKLM-x32\...\{CE1F93C0-4353-4C9D-84DA-AB4E7C63ED32}_is1) (Version: 5.1.0.2 - VSO Software)
VSO Video Converter 1 (HKLM-x32\...\{{5289246A-D537-4823-88C2-38C17840E45A}_is1) (Version: 1.1.0.20 - VSO Software)
Vuze (HKLM-x32\...\8461-7759-5462-8226) (Version: 5.7.0.0 - Azureus Software, Inc.)
Windows Automated Installation Kit (HKLM\...\{31E8F586-4EF7-4500-844D-BA8756474FF1}) (Version: 1.1.0.0 - Microsoft Corporation)
Windows Driver Package - LeapFrog (FlyUsb) USB  (11/05/2008 1.1.1.0) (HKLM\...\781745E87AFF80C0C1388CFF79D19ECAB2E9BB47) (Version: 11/05/2008 1.1.1.0 - LeapFrog)
Windows Driver Package - Leapfrog (Leapfrog-USBLAN) Net  (09/10/2009 02.03.05.012) (HKLM\...\8F14F2ECEDE68D26EA515B48DC25B39103C4FE8D) (Version: 09/10/2009 02.03.05.012 - Leapfrog)
Xiph.Org Open Codecs 0.85.17777 (HKLM-x32\...\Open Codecs) (Version: 0.85.17777 - Xiph.Org)
Xvid MPEG-4 Video Codec (HKLM-x32\...\xvid) (Version:  - Xvid Development Team)
Xvid Video Codec (HKLM-x32\...\Xvid Video Codec 1.3.2) (Version: 1.3.2 - Xvid Team)
XviD4PSP 5.10.289.0 (HKLM-x32\...\XviD4PSP5_is1) (Version:  - Winnydows & fcp team)
YAMB (HKLM-x32\...\YAMB) (Version:  - )
Your Uninstaller! 2010 (HKLM-x32\...\YU2010_is1) (Version: 7.0 - URSoft, Inc.)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-2085024141-2439579769-4020783274-1004_Classes\CLSID\{65713842-C410-4f44-8383-BFE01A398C90}\InprocServer32 -> C:\Program Files (x86)\ClamWin\bin\ExpShell64.dll ()
CustomCLSID: HKU\S-1-5-21-2085024141-2439579769-4020783274-1004_Classes\CLSID\{CC182BE1-84CE-4A57-B85C-FD4BBDF78CB2}\InprocServer32 -> C:\Users\installation\AppData\Local\Google\Update\1.3.29.1\psuser_64.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-2085024141-2439579769-4020783274-1004_Classes\CLSID\{E8CF3E55-F919-49D9-ABC0-948E6CB34B9F}\InprocServer32 -> C:\Users\installation\AppData\Local\Google\Update\1.3.29.1\psuser_64.dll (Google Inc.)

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {0771DA80-AD6F-4033-AD13-D30354B634AC} - System32\Tasks\Microsoft\Office\Office Automatic Updates => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [2015-11-01] (Microsoft Corporation)
Task: {157F337A-8EF0-4A25-8CF3-7B49B560347A} - System32\Tasks\Microsoft_Hardware_Launch_ipoint_exe => C:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe [2013-05-13] (Microsoft Corporation)
Task: {1E1C4BF8-FB05-40F8-80FC-6D5F453A7E89} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-2085024141-2439579769-4020783274-1004UA => C:\Users\installation\AppData\Local\Google\Update\GoogleUpdate.exe [2015-08-27] (Google Inc.)
Task: {22B9C9C0-5578-4F42-AD76-04A3EA43518C} - System32\Tasks\Microsoft_Hardware_Launch_itype_exe => C:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe [2013-05-13] (Microsoft Corporation)
Task: {2C2C042F-EC1D-418F-A10C-93878E5DC8BA} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2015-10-28] (Adobe Systems Incorporated)
Task: {3639BA25-FF2F-44AE-AA8C-AA016988CADA} - System32\Tasks\RNUpgradeHelperResumePrompt_installation => C:\Users\installation\AppData\Roaming\Real\Update\UpgradeHelper\RealPlayer\10.50\agent\rnupgagent.exe [2013-06-13] (RealNetworks, Inc.)
Task: {369B8563-A628-4B14-8584-5F8FB682850D} - System32\Tasks\RealPlayerRealUpgradeLogonTaskS-1-5-21-2085024141-2439579769-4020783274-1006 => C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe [2013-03-06] (RealNetworks, Inc.)
Task: {38EB57AA-2EBF-484D-8F60-808B4AFAB07D} - System32\Tasks\{4285B96D-1C7E-47D8-9CCB-28AA2359EC2C} => F:\Program Files\Vuze\Azureus.exe
Task: {3C62F1F2-AA7A-4365-AB38-2B10A024ED75} - System32\Tasks\{ED8B50F0-9D79-4AB0-86DC-5C4E1CC6F8A5} => pcalua.exe -a C:\Users\installation\Downloads\installer_win.exe -d C:\Users\installation\Downloads
Task: {3FF4AD25-9767-4C67-BE9F-2BD626B6B9B0} - System32\Tasks\{617498EA-1E82-4260-B8F8-6EA00A9DAC9D} => F:\Program Files\Vuze\Azureus.exe
Task: {47D0D637-AFD5-4647-B218-2FD33EFEB477} - System32\Tasks\RealUpgradeScheduledTaskS-1-5-21-2085024141-2439579769-4020783274-1004 => C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe [2013-03-06] (RealNetworks, Inc.)
Task: {5A40E926-9E86-4B89-9CFD-B12311724371} - System32\Tasks\Microsoft\Windows\UPnP\UPnPHostConfig => config upnphost start= auto
Task: {667063B5-12C5-46EF-BEAF-05CB95A8D02A} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack2016 => C:\Program Files (x86)\Microsoft Office\root\Office16\msoia.exe [2015-12-19] (Microsoft Corporation)
Task: {6E1DCC90-63F5-4267-9CCC-343568714FDF} - System32\Tasks\RealPlayerRealUpgradeLogonTaskS-1-5-21-2085024141-2439579769-4020783274-1004 => C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe [2013-03-06] (RealNetworks, Inc.)
Task: {71885604-AA25-4B72-91C5-5C1BAFD5F5E5} - System32\Tasks\RealPlayerRealUpgradeScheduledTaskS-1-5-21-2085024141-2439579769-4020783274-1004 => C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe [2013-03-06] (RealNetworks, Inc.)
Task: {760B1DA0-D17A-4645-A867-C65866798F02} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-2085024141-2439579769-4020783274-1004Core => C:\Users\installation\AppData\Local\Google\Update\GoogleUpdate.exe [2015-08-27] (Google Inc.)
Task: {82969B93-4E11-4DA7-ADBB-936449D50A34} - System32\Tasks\{A11BF63D-8D68-4C3C-BA92-FBE01835CF6B} => F:\Program Files\Vuze\Azureus.exe
Task: {8D594C67-28F2-4EA2-90B5-F351E858B451} - System32\Tasks\Microsoft_Hardware_Launch_mousekeyboardcenter_exe => C:\Program Files\Microsoft Mouse and Keyboard Center\mousekeyboardcenter.exe [2013-05-13] (Microsoft)
Task: {8DC370A1-CE74-40ED-A4AC-5919D8E59114} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn2016 => C:\Program Files (x86)\Microsoft Office\root\Office16\msoia.exe [2015-12-19] (Microsoft Corporation)
Task: {8EC3688A-43CE-4FE0-80AD-AF1A5E18B2F2} - System32\Tasks\ReclaimerUpdateXML_installation => C:\Users\installation\AppData\Roaming\Real\Update\UpgradeHelper\RealPlayer\10.50\agent\rnupgagent.exe [2013-06-13] (RealNetworks, Inc.)
Task: {932D39BC-0DC7-42E3-9C80-72EFA9DA06B0} - System32\Tasks\{EB94000F-7284-4A0F-95F6-F385B082A6F9} => F:\Program Files\Vuze\Azureus.exe
Task: {9989F057-9A72-4878-B3A4-22C9951D4617} - System32\Tasks\{AAEA3F3B-3796-47D2-90DA-CBFF9BC1F3C4} => F:\Program Files\Vuze\Azureus.exe
Task: {9A021970-8A5B-480B-9D40-B54BEEEB6E83} - System32\Tasks\Private Internet Access Startup => C:\Program Files\pia_manager\pia_manager.exe [2015-12-01] ()
Task: {9A519024-18E8-4D35-9479-044E2209EA68} - System32\Tasks\{7475CE5C-11DA-4CA6-92C7-58578A9777B9} => F:\Program Files\Vuze\Azureus.exe
Task: {A5FD65E5-0A10-494E-B45E-5C36523C0AC3} - System32\Tasks\ReclaimerUpdateFiles_installation => C:\Users\installation\AppData\Roaming\Real\Update\UpgradeHelper\RealPlayer\10.50\agent\rnupgagent.exe [2013-06-13] (RealNetworks, Inc.)
Task: {AE0228AD-2528-48E6-898E-FE3BF62BEB2C} - System32\Tasks\Apple Diagnostics => C:\Program Files (x86)\Common Files\Apple\Internet Services\EReporter.exe [2014-08-25] (Apple Inc.)
Task: {B15F15AE-3222-4C84-9E7E-4597DDB1B8DD} - System32\Tasks\RNUpgradeHelperLogonPrompt_installation => C:\Users\installation\AppData\Roaming\Real\Update\UpgradeHelper\RealPlayer\10.50\agent\rnupgagent.exe [2013-06-13] (RealNetworks, Inc.)
Task: {BC26A644-10F0-4B39-9146-20B32E515A40} - System32\Tasks\{777AD5D3-4F23-4276-B79F-E333877352E9} => F:\Program Files\Vuze\Azureus.exe
Task: {BC9A182D-C2FF-4C4E-866C-9030A3DBEA2C} - System32\Tasks\Microsoft_MKC_Logon_Task_itype.exe => C:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe [2013-05-13] (Microsoft Corporation)
Task: {C2D98AE0-AA4A-4183-8799-1452DE3477DA} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [2015-11-01] (Microsoft Corporation)
Task: {C5A8577C-60BD-464A-97C5-F2814B641DB3} - System32\Tasks\Microsoft_MKC_Logon_Task_ipoint.exe => C:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe [2013-05-13] (Microsoft Corporation)
Task: {CABCE607-1D51-4F7E-8A3B-D52B17A4903A} - System32\Tasks\RealPlayerRealUpgradeLogonTaskS-1-5-21-2085024141-2439579769-4020783274-1002 => C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe [2013-03-06] (RealNetworks, Inc.)
Task: {CAC1FEC5-8597-445D-9C90-E1D9D07C8822} - System32\Tasks\RealPlayerRealUpgradeScheduledTaskS-1-5-21-2085024141-2439579769-4020783274-1006 => C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe [2013-03-06] (RealNetworks, Inc.)
Task: {CD9498F0-9199-4160-8AE6-878EBCB01B94} - System32\Tasks\Nero\Nero Info => C:\Program Files (x86)\Common Files\Nero\Nero Info\NeroInfo.exe [2013-08-20] (Nero AG)
Task: {D80B8EA8-23BE-436C-99D1-F231886EDBED} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-11-29] (Adobe Systems Incorporated)
Task: {DA16C543-83A4-48E6-A449-7C53F3A81B62} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-2085024141-2439579769-4020783274-1004Core1d0414f97774c92 => C:\Users\installation\AppData\Local\Google\Update\GoogleUpdate.exe [2015-08-27] (Google Inc.)
Task: {DD9F510C-95F4-499A-90C8-BAC5BC372FF4} - System32\Tasks\Microsoft\Windows\SoftwareProtectionPlatform\SvcRestartTask => start sppsvc
Task: {DFF3770C-27B1-4A2B-B0F4-282B693138DC} - System32\Tasks\RealUpgradeLogonTaskS-1-5-21-2085024141-2439579769-4020783274-1004 => C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe [2013-03-06] (RealNetworks, Inc.)
Task: {E0C11D9E-3152-423B-AB92-4DD504A8CAB9} - System32\Tasks\RealPlayerRealUpgradeScheduledTaskS-1-5-21-2085024141-2439579769-4020783274-1002 => C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe [2013-03-06] (RealNetworks, Inc.)
Task: {F06CFBFE-EC45-41C6-8177-4D38732094B7} - System32\Tasks\{1B2A9766-B5E1-47E5-B1F2-6F4B3AB6D9B5} => pcalua.exe -a C:\Users\installation\Downloads\wlsetup-web.exe -d "C:\Program Files (x86)\Mozilla Firefox"
Task: {F1EC4FB6-657A-4CB2-9374-BA37E32335E5} - System32\Tasks\{B881D4E0-B368-4AE9-B3A4-CBE453DED6A3} => pcalua.exe -a C:\Users\installation\Downloads\HPSupportSolutionsFramework-12.0.30.81.exe -d C:\Users\installation\Downloads
Task: {F8902527-19A3-40A6-9D51-EE9F7DD1FF93} - System32\Tasks\TuneUpUtilities_Task_BkGndMaintenance => C:\Program Files (x86)\TuneUp Utilities 2010\OneClick.exe

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2085024141-2439579769-4020783274-1004Core.job => C:\Users\installation\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2085024141-2439579769-4020783274-1004Core1d0414f97774c92.job => C:\Users\installation\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2085024141-2439579769-4020783274-1004UA.job => C:\Users\installation\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\ReclaimerUpdateFiles_installation.job => C:\Users\installation\AppData\Roaming\Real\Update\UpgradeHelper\RealPlayer\10.50\agent\rnupgagent.exe
Task: C:\Windows\Tasks\ReclaimerUpdateXML_installation.job => C:\Users\installation\AppData\Roaming\Real\Update\UpgradeHelper\RealPlayer\10.50\agent\rnupgagent.exe
Task: C:\Windows\Tasks\RNUpgradeHelperLogonPrompt_installation.job => C:\Users\installation\AppData\Roaming\Real\Update\UpgradeHelper\RealPlayer\10.50\agent\rnupgagent.exe

==================== Shortcuts =============================

(The entries could be listed to be restored or removed.)

==================== Loaded Modules (Whitelisted) ==============

2013-01-12 21:09 - 2015-07-22 17:31 - 00116368 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll
2012-04-19 18:26 - 2005-03-11 23:07 - 00087040 _____ () C:\Windows\System32\pdfcmnnt.dll
2015-10-23 19:26 - 2015-11-01 02:11 - 00161448 _____ () C:\Program Files\Common Files\Microsoft Shared\ClickToRun\ApiClient.dll
2015-11-20 16:50 - 2015-12-19 15:24 - 08903848 _____ () C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\1033\GrooveIntlResource.dll
2015-06-29 19:03 - 2008-04-19 15:35 - 00080384 _____ () C:\Program Files (x86)\ClamWin\bin\ExpShell64.dll
2007-03-02 11:44 - 2007-03-02 11:44 - 00076800 _____ () C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\atiacm64.dll
2015-10-22 03:39 - 2015-12-01 15:20 - 08845798 _____ () C:\Program Files\pia_manager\pia_manager.exe
2015-11-16 15:23 - 2015-11-23 16:05 - 00071680 _____ () C:\Program Files (x86)\Common Files\Freemake Shared\ProductUpdater\ProductUpdater.exe
2014-09-27 09:11 - 2014-08-12 09:42 - 00736768 _____ () C:\Program Files (x86)\Syncios\SynciosDeviceService.exe
2015-10-22 03:40 - 2015-12-01 15:20 - 00184320 _____ () C:\Program Files\pia_manager\pia_tray\pia_tray.exe
2015-06-01 19:14 - 2015-06-01 19:14 - 00105216 _____ () C:\Program Files (x86)\NETGEAR Genie\bin\genie2_tray.exe
2015-07-29 12:03 - 2015-07-29 12:03 - 01783944 _____ () C:\ProgramData\TVersity\Media Server\MediaServer.exe
2015-10-22 03:39 - 2015-12-01 15:26 - 00690688 _____ () C:\Program Files\pia_manager\openvpn.exe
2015-10-22 03:40 - 2015-12-01 15:26 - 00190317 _____ () C:\Program Files\pia_manager\liblzo2-2.dll
2015-10-22 03:40 - 2015-12-01 15:26 - 00108441 _____ () C:\Program Files\pia_manager\libpkcs11-helper-1.dll
2014-07-31 11:16 - 2014-07-31 11:16 - 00073544 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
2014-07-31 11:16 - 2014-07-31 11:16 - 01044776 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
2016-01-01 19:02 - 2016-01-01 19:02 - 00012800 _____ () C:\Users\installation\AppData\Local\Temp\ocr8FEF.tmp\lib\ruby\1.9.1\i386-mingw32\enc\encdb.so
2016-01-01 19:02 - 2016-01-01 19:02 - 00009728 _____ () C:\Users\installation\AppData\Local\Temp\ocr8FEF.tmp\lib\ruby\1.9.1\i386-mingw32\enc\iso_8859_1.so
2016-01-01 19:02 - 2016-01-01 19:02 - 00014848 _____ () C:\Users\installation\AppData\Local\Temp\ocr8FEF.tmp\lib\ruby\1.9.1\i386-mingw32\enc\trans\transdb.so
2016-01-01 19:02 - 2016-01-01 19:02 - 00094208 _____ () C:\Users\installation\AppData\Local\Temp\ocr8FEF.tmp\src\rgloader\rgloader193.mswin.so
2016-01-01 19:02 - 2016-01-01 19:02 - 00009216 _____ () C:\Users\installation\AppData\Local\Temp\ocr8FEF.tmp\lib\ruby\1.9.1\i386-mingw32\etc.so
2016-01-01 19:02 - 2016-01-01 19:02 - 00094208 _____ () C:\Users\installation\AppData\Local\Temp\ocr8FEF.tmp\lib\ruby\site_ruby\1.9.1\rgloader\rgloader193.mswin.so
2016-01-01 19:02 - 2016-01-01 19:02 - 00126976 _____ () C:\Users\installation\AppData\Local\Temp\ocr8FEF.tmp\lib\ruby\1.9.1\i386-mingw32\win32ole.so
2016-01-01 19:02 - 2016-01-01 19:02 - 00087552 _____ () C:\Users\installation\AppData\Local\Temp\ocr8FEF.tmp\lib\ruby\1.9.1\i386-mingw32\dl.so
2016-01-01 19:02 - 2016-01-01 19:02 - 00016384 _____ () C:\Users\installation\AppData\Local\Temp\ocr8FEF.tmp\lib\ruby\1.9.1\i386-mingw32\fiddle.so
2016-01-01 19:02 - 2016-01-01 19:02 - 00127316 _____ () C:\Users\installation\AppData\Local\Temp\ocr8FEF.tmp\bin\libffi-6.dll
2016-01-01 19:02 - 2016-01-01 19:02 - 00008704 _____ () C:\Users\installation\AppData\Local\Temp\ocr8FEF.tmp\lib\ruby\1.9.1\i386-mingw32\enc\utf_16le.so
2016-01-01 19:02 - 2016-01-01 19:02 - 00013312 _____ () C:\Users\installation\AppData\Local\Temp\ocr8FEF.tmp\lib\ruby\1.9.1\i386-mingw32\enc\trans\utf_16_32.so
2016-01-01 19:02 - 2016-01-01 19:02 - 00095744 _____ () C:\Users\installation\AppData\Local\Temp\ocr8FEF.tmp\lib\ruby\1.9.1\i386-mingw32\enc\trans\single_byte.so
2016-01-01 19:02 - 2016-01-01 19:02 - 00026624 _____ () C:\Users\installation\AppData\Local\Temp\ocr8FEF.tmp\lib\ruby\gems\1.9.1\gems\win32-api-1.5.0-universal-mingw32\lib\win32\ruby19\win32\api.so
2015-12-05 21:00 - 2015-07-23 20:22 - 00011920 _____ () C:\Program Files (x86)\NVIDIA Corporation\Update Core\detoured.dll
2016-01-01 19:02 - 2016-01-01 19:02 - 00012800 _____ () C:\Users\installation\AppData\Local\Temp\ocrC051.tmp\lib\ruby\1.9.1\i386-mingw32\enc\encdb.so
2016-01-01 19:02 - 2016-01-01 19:02 - 00009728 _____ () C:\Users\installation\AppData\Local\Temp\ocrC051.tmp\lib\ruby\1.9.1\i386-mingw32\enc\iso_8859_1.so
2016-01-01 19:02 - 2016-01-01 19:02 - 00014848 _____ () C:\Users\installation\AppData\Local\Temp\ocrC051.tmp\lib\ruby\1.9.1\i386-mingw32\enc\trans\transdb.so
2016-01-01 19:02 - 2016-01-01 19:02 - 00094208 _____ () C:\Users\installation\AppData\Local\Temp\ocrC051.tmp\src\rgloader\rgloader193.mswin.so
2016-01-01 19:02 - 2016-01-01 19:02 - 00094208 _____ () C:\Users\installation\AppData\Local\Temp\ocrC051.tmp\lib\ruby\site_ruby\1.9.1\rgloader\rgloader193.mswin.so
2016-01-01 19:02 - 2016-01-01 19:02 - 00118784 _____ () C:\Users\installation\AppData\Local\Temp\ocrC051.tmp\lib\ruby\1.9.1\i386-mingw32\socket.so
2016-01-01 19:02 - 2016-01-01 19:02 - 00069120 _____ () C:\Users\installation\AppData\Local\Temp\ocrC051.tmp\lib\ruby\1.9.1\i386-mingw32\zlib.so
2016-01-01 19:02 - 2016-01-01 19:02 - 00083968 _____ () C:\Users\installation\AppData\Local\Temp\ocrC051.tmp\bin\zlib1.dll
2016-01-01 19:02 - 2016-01-01 19:02 - 00026624 _____ () C:\Users\installation\AppData\Local\Temp\ocrC051.tmp\lib\ruby\1.9.1\i386-mingw32\stringio.so
2016-01-01 19:02 - 2016-01-01 19:02 - 00275968 _____ () C:\Users\installation\AppData\Local\Temp\ocrC051.tmp\lib\ruby\1.9.1\i386-mingw32\openssl.so
2016-01-01 19:02 - 2016-01-01 19:02 - 00015360 _____ () C:\Users\installation\AppData\Local\Temp\ocrC051.tmp\lib\ruby\1.9.1\i386-mingw32\digest.so
2016-01-01 19:02 - 2016-01-01 19:02 - 00008192 _____ () C:\Users\installation\AppData\Local\Temp\ocrC051.tmp\lib\ruby\1.9.1\i386-mingw32\fcntl.so
2016-01-01 19:02 - 2016-01-01 19:02 - 00009216 _____ () C:\Users\installation\AppData\Local\Temp\ocrC051.tmp\lib\ruby\1.9.1\i386-mingw32\etc.so
2016-01-01 19:02 - 2016-01-01 19:02 - 00023552 _____ () C:\Users\installation\AppData\Local\Temp\ocrC051.tmp\lib\ruby\1.9.1\i386-mingw32\json\ext\parser.so
2016-01-01 19:02 - 2016-01-01 19:02 - 00008704 _____ () C:\Users\installation\AppData\Local\Temp\ocrC051.tmp\lib\ruby\1.9.1\i386-mingw32\enc\utf_16be.so
2016-01-01 19:02 - 2016-01-01 19:02 - 00008704 _____ () C:\Users\installation\AppData\Local\Temp\ocrC051.tmp\lib\ruby\1.9.1\i386-mingw32\enc\utf_16le.so
2016-01-01 19:02 - 2016-01-01 19:02 - 00008704 _____ () C:\Users\installation\AppData\Local\Temp\ocrC051.tmp\lib\ruby\1.9.1\i386-mingw32\enc\utf_32be.so
2016-01-01 19:02 - 2016-01-01 19:02 - 00008704 _____ () C:\Users\installation\AppData\Local\Temp\ocrC051.tmp\lib\ruby\1.9.1\i386-mingw32\enc\utf_32le.so
2016-01-01 19:02 - 2016-01-01 19:02 - 00036352 _____ () C:\Users\installation\AppData\Local\Temp\ocrC051.tmp\lib\ruby\1.9.1\i386-mingw32\json\ext\generator.so
2016-01-01 19:02 - 2016-01-01 19:02 - 00126976 _____ () C:\Users\installation\AppData\Local\Temp\ocrC051.tmp\lib\ruby\1.9.1\i386-mingw32\win32ole.so
2016-01-01 19:02 - 2016-01-01 19:02 - 00087552 _____ () C:\Users\installation\AppData\Local\Temp\ocrC051.tmp\lib\ruby\1.9.1\i386-mingw32\dl.so
2016-01-01 19:02 - 2016-01-01 19:02 - 00016384 _____ () C:\Users\installation\AppData\Local\Temp\ocrC051.tmp\lib\ruby\1.9.1\i386-mingw32\fiddle.so
2016-01-01 19:02 - 2016-01-01 19:02 - 00127316 _____ () C:\Users\installation\AppData\Local\Temp\ocrC051.tmp\bin\libffi-6.dll
2016-01-01 19:02 - 2016-01-01 19:02 - 00013312 _____ () C:\Users\installation\AppData\Local\Temp\ocrC051.tmp\lib\ruby\1.9.1\i386-mingw32\enc\trans\utf_16_32.so
2016-01-01 19:02 - 2016-01-01 19:02 - 00095744 _____ () C:\Users\installation\AppData\Local\Temp\ocrC051.tmp\lib\ruby\1.9.1\i386-mingw32\enc\trans\single_byte.so
2016-01-01 19:02 - 2016-01-01 19:02 - 00026624 _____ () C:\Users\installation\AppData\Local\Temp\ocrC051.tmp\lib\ruby\gems\1.9.1\gems\win32-api-1.5.0-universal-mingw32\lib\win32\ruby19\win32\api.so
2015-06-29 19:03 - 2005-02-08 15:23 - 00979005 _____ () C:\Program Files (x86)\ClamWin\bin\python23.dll
2015-06-29 19:03 - 2004-11-20 01:27 - 00069632 _____ () C:\Program Files (x86)\ClamWin\lib\win32api.pyd
2015-06-29 19:03 - 2004-10-11 18:21 - 00094208 _____ () C:\Program Files (x86)\ClamWin\lib\pywintypes23.dll
2015-06-29 19:03 - 2004-05-25 19:18 - 00057401 _____ () C:\Program Files (x86)\ClamWin\lib\_sre.pyd
2015-06-29 19:03 - 2004-11-20 01:27 - 00086016 _____ () C:\Program Files (x86)\ClamWin\lib\win32gui.pyd
2015-06-29 19:03 - 2004-11-20 01:27 - 00024576 _____ () C:\Program Files (x86)\ClamWin\lib\win32event.pyd
2015-06-29 19:03 - 2004-11-20 01:27 - 00036864 _____ () C:\Program Files (x86)\ClamWin\lib\win32process.pyd
2015-06-29 19:03 - 2004-05-25 19:18 - 00049212 _____ () C:\Program Files (x86)\ClamWin\lib\_socket.pyd
2015-06-29 19:03 - 2004-05-25 19:18 - 00495616 _____ () C:\Program Files (x86)\ClamWin\lib\_ssl.pyd
2015-06-29 19:03 - 2004-05-25 19:20 - 00036864 _____ () C:\Program Files (x86)\ClamWin\lib\_winreg.pyd
2015-06-29 19:03 - 2004-10-11 18:22 - 00315392 _____ () C:\Program Files (x86)\ClamWin\lib\pythoncom23.dll
2015-06-29 19:03 - 2004-11-20 01:27 - 00106496 _____ () C:\Program Files (x86)\ClamWin\lib\shell.pyd
2015-06-29 19:03 - 2004-11-20 01:27 - 00065536 _____ () C:\Program Files (x86)\ClamWin\lib\win32security.pyd
2015-06-29 19:03 - 2004-01-15 12:45 - 00061440 _____ () C:\Program Files (x86)\ClamWin\lib\_ctypes.pyd
2015-06-29 19:03 - 2004-11-20 01:27 - 00077824 _____ () C:\Program Files (x86)\ClamWin\lib\win32file.pyd
2015-06-29 19:03 - 2004-11-20 01:27 - 00024576 _____ () C:\Program Files (x86)\ClamWin\lib\win32pipe.pyd
2015-06-29 19:03 - 2003-10-01 11:40 - 02240512 _____ () C:\Program Files (x86)\ClamWin\lib\wxc.pyd
2015-06-29 19:03 - 2003-10-01 09:43 - 03239936 _____ () C:\Program Files (x86)\ClamWin\lib\wxmsw24h.dll
2015-06-29 19:03 - 2003-08-10 07:14 - 00061440 _____ () C:\Program Files (x86)\ClamWin\lib\mxDateTime.pyd
2015-06-29 19:03 - 2004-05-25 19:17 - 00622651 _____ () C:\Program Files (x86)\ClamWin\lib\_bsddb.pyd
2015-06-29 19:03 - 2004-05-25 19:19 - 00045117 _____ () C:\Program Files (x86)\ClamWin\lib\datetime.pyd
2013-09-28 17:14 - 2013-09-28 17:14 - 03369922 _____ () C:\Program Files (x86)\NETGEAR Genie\bin\icuin51.dll
2013-09-28 17:13 - 2013-09-28 17:13 - 00544817 _____ () C:\Program Files (x86)\NETGEAR Genie\bin\libgcc_s_dw2-1.dll
2013-09-28 17:13 - 2013-09-28 17:13 - 00989805 _____ () C:\Program Files (x86)\NETGEAR Genie\bin\libstdc++-6.dll
2013-09-28 17:14 - 2013-09-28 17:14 - 01978690 _____ () C:\Program Files (x86)\NETGEAR Genie\bin\icuuc51.dll
2013-09-28 17:14 - 2013-09-28 17:14 - 22378434 _____ () C:\Program Files (x86)\NETGEAR Genie\bin\icudt51.dll
2013-09-28 17:14 - 2013-09-28 17:14 - 01233408 _____ () C:\Program Files (x86)\NETGEAR Genie\bin\platforms\qwindows.dll
2015-06-12 02:43 - 2015-06-12 02:43 - 00657408 _____ () C:\Program Files (x86)\NETGEAR Genie\bin\Genie.dll
2015-04-08 00:52 - 2015-04-08 00:52 - 01688576 _____ () C:\Program Files (x86)\NETGEAR Genie\bin\SvtNetworkTool.dll
2015-05-25 01:44 - 2015-05-25 01:44 - 00192512 _____ () C:\Program Files (x86)\NETGEAR Genie\bin\GeniePlugin_Airprint.dll
2015-06-01 21:15 - 2015-06-01 21:15 - 00602624 _____ () C:\Program Files (x86)\NETGEAR Genie\bin\GeniePlugin_Internet.dll
2015-06-14 23:03 - 2015-06-14 23:03 - 06724096 _____ () C:\Program Files (x86)\NETGEAR Genie\bin\GeniePlugin_Map.dll
2014-06-29 17:55 - 2014-06-29 17:55 - 00068608 _____ () C:\Program Files (x86)\NETGEAR Genie\bin\QRCode.dll
2014-06-29 18:05 - 2014-06-29 18:05 - 01183232 _____ () C:\Program Files (x86)\NETGEAR Genie\bin\qwt.dll
2015-06-14 23:04 - 2015-06-14 23:04 - 03101696 _____ () C:\Program Files (x86)\NETGEAR Genie\bin\GeniePlugin_MyMedia.dll
2012-10-15 12:27 - 2012-10-15 12:27 - 00111616 _____ () C:\Program Files (x86)\NETGEAR Genie\bin\libvlc.dll
2012-10-15 12:28 - 2012-10-15 12:28 - 02286592 _____ () C:\Program Files (x86)\NETGEAR Genie\bin\libvlccore.dll
2015-05-25 01:59 - 2015-05-25 01:59 - 01057280 _____ () C:\Program Files (x86)\NETGEAR Genie\bin\GeniePlugin_NetworkProblem.dll
2014-09-11 00:39 - 2014-09-11 00:39 - 00144896 _____ () C:\Program Files (x86)\NETGEAR Genie\bin\DragonNetTool.dll
2015-05-25 01:57 - 2015-05-25 01:57 - 01202688 _____ () C:\Program Files (x86)\NETGEAR Genie\bin\GeniePlugin_ParentalControl.dll
2015-06-12 01:49 - 2015-06-12 01:49 - 11253248 _____ () C:\Program Files (x86)\NETGEAR Genie\bin\GeniePlugin_Resource.dll
2015-05-25 02:03 - 2015-05-25 02:03 - 02584576 _____ () C:\Program Files (x86)\NETGEAR Genie\bin\GeniePlugin_RouterConfiguration.dll
2015-05-25 02:03 - 2015-05-25 02:03 - 00200192 _____ () C:\Program Files (x86)\NETGEAR Genie\bin\GeniePlugin_Statistics.dll
2015-05-25 02:04 - 2015-05-25 02:04 - 00891904 _____ () C:\Program Files (x86)\NETGEAR Genie\bin\GeniePlugin_Ui.dll
2015-05-25 02:05 - 2015-05-25 02:05 - 00438272 _____ () C:\Program Files (x86)\NETGEAR Genie\bin\GeniePlugin_Wireless.dll
2013-09-28 17:13 - 2013-09-28 17:13 - 00051200 _____ () C:\Program Files (x86)\NETGEAR Genie\bin\imageformats\qgif.dll
2013-08-25 11:07 - 2013-08-25 11:07 - 00052224 _____ () C:\Program Files (x86)\NETGEAR Genie\bin\imageformats\qico.dll
2013-09-28 17:13 - 2013-09-28 17:13 - 00261120 _____ () C:\Program Files (x86)\NETGEAR Genie\bin\imageformats\qjpeg.dll
2013-08-25 11:16 - 2013-08-25 11:16 - 00381952 _____ () C:\Program Files (x86)\NETGEAR Genie\bin\imageformats\qmng.dll
2013-08-25 11:09 - 2013-08-25 11:09 - 00046080 _____ () C:\Program Files (x86)\NETGEAR Genie\bin\imageformats\qsvg.dll
2013-08-25 11:16 - 2013-08-25 11:16 - 00046080 _____ () C:\Program Files (x86)\NETGEAR Genie\bin\imageformats\qtga.dll
2013-08-25 11:16 - 2013-08-25 11:16 - 00390144 _____ () C:\Program Files (x86)\NETGEAR Genie\bin\imageformats\qtiff.dll
2013-08-25 11:16 - 2013-08-25 11:16 - 00045056 _____ () C:\Program Files (x86)\NETGEAR Genie\bin\imageformats\qwbmp.dll
2014-06-29 17:55 - 2014-06-29 17:55 - 00081408 _____ () C:\Program Files (x86)\NETGEAR Genie\bin\DiagnosePlugin.dll
2015-04-17 02:36 - 2015-04-17 02:36 - 00146944 _____ () C:\Program Files (x86)\NETGEAR Genie\bin\DiagnoseDll.dll
2015-06-03 05:53 - 2015-06-03 05:53 - 02356956 _____ () C:\Program Files (x86)\NETGEAR Genie\bin\drivers\libntgr_api.dll
2015-02-03 02:09 - 2015-02-03 02:09 - 00072192 _____ () C:\Program Files (x86)\NETGEAR Genie\bin\SVTUtils.dll
2014-09-03 22:00 - 2014-09-03 22:00 - 00074240 _____ () C:\Program Files (x86)\NETGEAR Genie\bin\NetcardApi.dll
2014-09-03 22:00 - 2014-09-03 22:00 - 00136704 _____ () C:\Program Files (x86)\NETGEAR Genie\bin\airprintdll.dll
2012-10-15 12:28 - 2012-10-15 12:28 - 00219648 _____ () C:\Program Files (x86)\NETGEAR Genie\bin\plugins\access\libdshow_plugin.dll
2012-10-15 12:28 - 2012-10-15 12:28 - 00049664 _____ () C:\Program Files (x86)\NETGEAR Genie\bin\plugins\audio_output\libaout_directx_plugin.dll
2012-10-15 12:28 - 2012-10-15 12:28 - 00051200 _____ () C:\Program Files (x86)\NETGEAR Genie\bin\plugins\audio_output\libwaveout_plugin.dll
2012-10-15 12:28 - 2012-10-15 12:28 - 00070144 _____ () C:\Program Files (x86)\NETGEAR Genie\bin\plugins\video_output\libdirectx_plugin.dll
2015-05-25 02:05 - 2015-05-25 02:05 - 00642048 _____ () C:\Program Files (x86)\NETGEAR Genie\bin\InnerPlugin_Update.dll
2015-05-25 02:06 - 2015-05-25 02:06 - 00458752 _____ () C:\Program Files (x86)\NETGEAR Genie\bin\InnerPlugin_WirelessExport.dll
2014-06-29 18:33 - 2014-06-29 18:33 - 00046080 _____ () C:\Program Files (x86)\NETGEAR Genie\bin\WSetupApiPlugin.dll
2014-09-03 22:00 - 2014-09-03 22:00 - 00066560 _____ () C:\Program Files (x86)\NETGEAR Genie\bin\WSetupDll.dll
2013-09-28 17:13 - 2013-09-28 17:13 - 00040960 _____ () C:\Program Files (x86)\NETGEAR Genie\bin\printsupport\windowsprintersupport.dll
2014-09-27 09:11 - 2014-08-12 09:42 - 00382464 _____ () C:\Program Files (x86)\Syncios\DuiLib.dll
2014-09-27 09:11 - 2013-03-01 09:30 - 00059904 _____ () C:\Program Files (x86)\Syncios\zlib.dll
2014-09-27 09:11 - 2013-03-01 09:30 - 00526848 _____ () C:\Program Files (x86)\Syncios\sqlite3.dll
2014-09-27 09:11 - 2014-04-29 16:11 - 00067072 _____ () C:\Program Files (x86)\Syncios\zlib1.dll
2014-09-27 09:11 - 2014-01-06 10:24 - 00671744 _____ () C:\Program Files (x86)\Syncios\hashab.dll
2014-07-31 11:16 - 2014-07-31 11:16 - 00237352 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxslt.dll
2015-10-22 03:40 - 2015-12-01 15:21 - 00815104 _____ () C:\Program Files\pia_manager\pia_tray\runtime\1.2.0.RC6d\khost.dll
2015-10-22 03:40 - 2015-12-01 15:22 - 01198592 _____ () C:\Program Files\pia_manager\pia_tray\runtime\1.2.0.RC6d\PocoFoundation.dll
2015-10-22 03:40 - 2015-12-01 15:20 - 00745472 _____ () C:\Program Files\pia_manager\pia_tray\runtime\1.2.0.RC6d\CFLite.dll
2015-10-22 03:40 - 2015-12-01 15:26 - 00059904 _____ () C:\Program Files\pia_manager\pia_tray\runtime\1.2.0.RC6d\zlib1.dll
2015-10-22 03:40 - 2015-12-01 15:22 - 01234944 _____ () C:\Program Files\pia_manager\pia_tray\runtime\1.2.0.RC6d\libxml2.dll
2015-10-22 03:39 - 2015-12-01 15:20 - 00200704 _____ () C:\Program Files\pia_manager\pia_tray\modules\tiapp\1.2.0.RC6d\tiappmodule.dll
2015-10-22 03:40 - 2015-12-01 15:22 - 00290816 _____ () C:\Program Files\pia_manager\pia_tray\runtime\1.2.0.RC6d\PocoUtil.dll
2015-10-22 03:40 - 2015-12-01 15:22 - 00511488 _____ () C:\Program Files\pia_manager\pia_tray\runtime\1.2.0.RC6d\PocoXML.dll
2015-10-22 03:39 - 2015-12-01 15:20 - 00180224 _____ () C:\Program Files\pia_manager\pia_tray\modules\tifilesystem\1.2.0.RC6d\tifilesystemmodule.dll
2015-10-22 03:40 - 2015-12-01 15:20 - 00344064 _____ () C:\Program Files\pia_manager\pia_tray\modules\tiui\1.2.0.RC6d\tiuimodule.dll
2015-10-22 03:39 - 2015-12-01 15:20 - 00368640 _____ () C:\Program Files\pia_manager\pia_tray\modules\tinetwork\1.2.0.RC6d\tinetworkmodule.dll
2015-10-22 03:40 - 2015-12-01 15:22 - 00642048 _____ () C:\Program Files\pia_manager\pia_tray\runtime\1.2.0.RC6d\PocoNet.dll
2015-10-22 03:40 - 2015-12-01 15:20 - 00217088 _____ () C:\Program Files\pia_manager\pia_tray\modules\tiprocess\1.2.0.RC6d\tiprocessmodule.dll
2015-11-20 16:49 - 2015-12-19 15:24 - 08903848 _____ () C:\Program Files (x86)\Microsoft Office\root\Office16\1033\GrooveIntlResource.dll
2011-12-17 13:14 - 2011-12-17 13:14 - 00102184 _____ () C:\ProgramData\TVersity\Media Server\EasyHook32.dll
2013-07-25 20:07 - 2013-07-25 20:07 - 33345536 _____ () C:\ProgramData\TVersity\Media Server\berkelium.dll
2011-12-17 13:15 - 2011-12-17 13:15 - 00081704 _____ () C:\ProgramData\TVersity\Media Server\portaudio_x86.dll
2011-12-17 13:15 - 2011-12-17 13:15 - 00556840 _____ () C:\ProgramData\TVersity\Media Server\taglib.dll
2011-12-17 13:14 - 2011-12-17 13:14 - 00225064 _____ () C:\ProgramData\TVersity\Media Server\CORE_RL_lcms_.dll
2011-12-17 13:14 - 2011-12-17 13:14 - 00031528 _____ () C:\ProgramData\TVersity\Media Server\CORE_RL_xlib_.dll
2015-01-12 13:34 - 2015-01-12 13:34 - 00279955 _____ () C:\ProgramData\TVersity\Media Server\libidn-11.dll
2015-01-12 13:34 - 2015-01-12 13:34 - 00113166 _____ () C:\ProgramData\TVersity\Media Server\zlib1.dll
2011-12-17 13:14 - 2011-12-17 13:14 - 00716584 _____ () C:\ProgramData\TVersity\Media Server\log4cxx.dll
2014-06-12 07:54 - 2014-06-12 07:54 - 22956146 _____ () C:\ProgramData\TVersity\Media Server\avcodec-52.dll
2014-05-09 08:02 - 2014-05-09 08:02 - 00356838 _____ () C:\ProgramData\TVersity\Media Server\avutil-50.dll
2014-05-12 18:01 - 2014-05-12 18:01 - 00112142 _____ () C:\ProgramData\TVersity\Media Server\libgcc_s_dw2-1.dll
2011-12-17 13:13 - 2011-12-17 13:13 - 00309755 _____ () C:\ProgramData\TVersity\Media Server\libmp3lame-0.dll
2014-05-12 19:01 - 2014-05-12 19:01 - 00239162 _____ () C:\ProgramData\TVersity\Media Server\libvorbis-0.dll
2014-05-12 18:55 - 2014-05-12 18:55 - 00087192 _____ () C:\ProgramData\TVersity\Media Server\libogg-0.dll
2014-05-12 19:01 - 2014-05-12 19:01 - 00690494 _____ () C:\ProgramData\TVersity\Media Server\libvorbisenc-2.dll
2014-06-14 18:37 - 2014-06-14 18:37 - 06714712 _____ () C:\ProgramData\TVersity\Media Server\avformat-52.dll
2014-05-09 08:03 - 2014-05-09 08:03 - 00631343 _____ () C:\ProgramData\TVersity\Media Server\swscale-0.dll
2011-12-17 13:15 - 2011-12-17 13:15 - 00562072 _____ () C:\ProgramData\TVersity\Media Server\sqlite3.dll
2013-07-25 20:07 - 2013-07-25 20:07 - 33345536 _____ () C:\ProgramData\TVersity\Media Server\berkelium\berkelium.dll
2013-06-21 18:10 - 2013-06-21 18:10 - 01305102 _____ () C:\ProgramData\TVersity\Media Server\berkelium\avcodec-52.dll
2013-06-21 18:10 - 2013-06-21 18:10 - 00096782 _____ () C:\ProgramData\TVersity\Media Server\berkelium\avutil-50.dll
2013-06-21 18:10 - 2013-06-21 18:10 - 00160782 _____ () C:\ProgramData\TVersity\Media Server\berkelium\avformat-52.dll
2015-12-02 08:58 - 2015-11-16 10:32 - 00919040 _____ () C:\Windows\mod_frst.exe

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)


==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\.Winhlpsvr => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ipnpf.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\.Winhlpsvr => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\ipnpf.sys => ""="Driver"

==================== EXE Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)

IE trusted site: HKU\S-1-5-21-2085024141-2439579769-4020783274-1004\...\dell.com -> dell.com

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-13 18:34 - 2016-01-01 11:33 - 00001008 ____A C:\Windows\system32\Drivers\etc\hosts

127.0.0.1 u2a1376gf-43ty-245b.com
127.0.0.1 www.v19170dc0-7597-11d.com
127.0.0.1 v19170dc0-7597-11d.com
127.0.0.1 www.d2a1376gf-43ty-245a.com
127.0.0.1 d2a1376gf-43ty-245a.com

==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-2085024141-2439579769-4020783274-1004\Control Panel\Desktop\\Wallpaper -> C:\Users\installation\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 209.222.18.222 - 209.222.18.218
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 2) (ConsentPromptBehaviorUser: 0) (EnableLUA: 0)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)

MSCONFIG\Services: ACDaemon => 2
MSCONFIG\Services: AdobeARMservice => 2
MSCONFIG\Services: AdobeFlashPlayerUpdateSvc => 3
MSCONFIG\Services: AeLookupSvc => 3
MSCONFIG\Services: AMD External Events Utility => 2
MSCONFIG\Services: AppIDSvc => 3
MSCONFIG\Services: Application Updater => 2
MSCONFIG\Services: AppMgmt => 3
MSCONFIG\Services: aspnet_state => 3
MSCONFIG\Services: Ati External Event Utility => 2
MSCONFIG\Services: AxAutoMntSrv => 2
MSCONFIG\Services: BITS => 3
MSCONFIG\Services: Browser => 3
MSCONFIG\Services: bthserv => 3
MSCONFIG\Services: CrossLoopService => 2
MSCONFIG\Services: defragsvc => 3
MSCONFIG\Services: DPS => 2
MSCONFIG\Services: EzVpnSvc => 2
MSCONFIG\Services: fdPHost => 3
MSCONFIG\Services: FDResPub => 2
MSCONFIG\Services: FreemakeVideoCapture => 2
MSCONFIG\Services: gupdate => 2
MSCONFIG\Services: gupdatem => 3
MSCONFIG\Services: HomeGroupListener => 2
MSCONFIG\Services: HomeGroupProvider => 2
MSCONFIG\Services: hshld => 2
MSCONFIG\Services: HssSrv => 2
MSCONFIG\Services: HssTrayService => 3
MSCONFIG\Services: HssWd => 2
MSCONFIG\Services: iphlpsvc => 2
MSCONFIG\Services: iPod Service => 3
MSCONFIG\Services: KeyIso => 3
MSCONFIG\Services: LeapFrog Connect Device Service => 2
MSCONFIG\Services: MemeoBackgroundService => 2
MSCONFIG\Services: MozillaMaintenance => 3
MSCONFIG\Services: NETGEARGenieDaemon => 3
MSCONFIG\Services: NvNetworkService => 2
MSCONFIG\Services: NvStreamSvc => 2
MSCONFIG\Services: nvsvc => 2
MSCONFIG\Services: p2pimsvc => 3
MSCONFIG\Services: p2psvc => 3
MSCONFIG\Services: PcaSvc => 2
MSCONFIG\Services: PNRPsvc => 3
MSCONFIG\Services: RealNetworks Downloader Resolver Service => 2
MSCONFIG\Services: SeagateDashboardService => 2
MSCONFIG\Services: Stereo Service => 2
MSCONFIG\Services: TabletInputService => 3
MSCONFIG\Services: TrkWks => 2
MSCONFIG\Services: UDisk Monitor => 2
MSCONFIG\Services: wuauserv => 2
MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Event Planner Reminder.lnk => C:\Windows\pss\Event Planner Reminder.lnk.CommonStartup
MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^RocketDock.exe - Shortcut.lnk => C:\Windows\pss\RocketDock.exe - Shortcut.lnk.CommonStartup
MSCONFIG\startupreg: AddressBookReminderApp => F:\Program Files (x86)\Creative Home\Hallmark Card Studio 2012 Deluxe\ReminderApp.exe
MSCONFIG\startupreg: Adobe ARM => "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
MSCONFIG\startupreg: AlcoholAutomount => "C:\Program Files (x86)\Alcohol 120\AxAutoMntSrv.exe" -automount
MSCONFIG\startupreg: ArcSoft Connection Service => C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
MSCONFIG\startupreg: BCSSync => "C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServices
MSCONFIG\startupreg: CrossLoop => "C:\Users\installation\AppData\Local\CrossLoop\CrossLoopConnect.exe" -ap=crossloop -port=5910 -udp=www.CrossLoop.com -webserver=server.crossloop.com -webservice=www.crossloop.com -startup=server  -minimize
MSCONFIG\startupreg: DellSystemDetect => C:\Users\installation\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dell\Dell System Detect.appref-ms
MSCONFIG\startupreg: Google Update => "C:\Users\installation\AppData\Local\Google\Update\GoogleUpdate.exe" /c
MSCONFIG\startupreg: GrooveMonitor => "C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe"
MSCONFIG\startupreg: HotKeysCmds => C:\Windows\system32\hkcmd.exe
MSCONFIG\startupreg: IgfxTray => C:\Windows\system32\igfxtray.exe
MSCONFIG\startupreg: Memeo Instant Backup => C:\Program Files (x86)\Memeo\AutoBackup\MemeoLauncher2.exe --silent --no_ui
MSCONFIG\startupreg: Monitor => "C:\Program Files (x86)\LeapFrog\LeapFrog Connect\Monitor.exe"
MSCONFIG\startupreg: msnmsgr => "C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe" /background
MSCONFIG\startupreg: NETGEARGenie => "C:\Program Files (x86)\NETGEAR Genie\bin\NETGEARGenie.exe" -mini -redirect
MSCONFIG\startupreg: NvBackend => "C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe"
MSCONFIG\startupreg: Nvtmru => "C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\nvtmru.exe"
MSCONFIG\startupreg: Persistence => C:\Windows\system32\igfxpers.exe
MSCONFIG\startupreg: QuickTime Task => "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
MSCONFIG\startupreg: REGSHAVE => C:\Program Files (x86)\REGSHAVE\REGSHAVE.EXE /AUTORUN
MSCONFIG\startupreg: Seagate Dashboard => C:\Program Files (x86)\Seagate\Seagate Dashboard\MemeoLauncher.exe --silent --no_ui
MSCONFIG\startupreg: SearchSettings => "C:\Program Files (x86)\Common Files\Spigot\Search Settings\SearchSettings.exe"
MSCONFIG\startupreg: ShadowPlay => C:\Windows\system32\rundll32.exe C:\Windows\system32\nvspcap64.dll,ShadowPlayOnSystemStart
MSCONFIG\startupreg: StartCCC => "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe"
MSCONFIG\startupreg: SunJavaUpdateSched => "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
MSCONFIG\startupreg: Sweetpacks Communicator => C:\Program Files (x86)\SweetIM\Communicator\SweetPacksUpdateManager.exe
MSCONFIG\startupreg: TkBellExe => "C:\Program Files (x86)\Real\RealPlayer\update\realsched.exe"  -osboot
MSCONFIG\startupreg: Trust.Zone VPN Client UI Helper => "C:\Program Files\Trust.Zone VPN Client\vpnclient_x64.exe" /uihelp

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [VirtualPC-In-UDP-1] => (Allow) %SystemRoot%\System32\vpc.exe
FirewallRules: [VirtualPC-In-UDP-2] => (Allow) %SystemRoot%\System32\vpc.exe
FirewallRules: [VirtualPC-In-TCP-1] => (Allow) %SystemRoot%\System32\vpc.exe
FirewallRules: [{47670542-3CFD-41AE-A1F3-960DADA63E0F}] => (Allow) C:\ProgramData\TVersity\Media Server\MediaServer.exe
FirewallRules: [{72321F47-78C3-4BB0-9166-D666C81328F7}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{0DE2BD88-E191-491B-A338-D6EDC26038CB}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{9F051C01-C3D9-4ED8-AB4E-4818905D3C36}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{9E4DC2E1-FAFE-41CC-9167-C314CE1B9A61}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{DBBE3318-71F1-4178-BC19-499AD5FACDD0}] => (Allow) C:\Program Files (x86)\Activision\Spider-Man - Web of Shadows\image\pc\Spider-Man Web of Shadows.exe
FirewallRules: [{5B794351-32D6-4ADB-BFF3-AD99A5DE3140}] => (Allow) C:\Program Files (x86)\Activision\Spider-Man - Web of Shadows\image\pc\Spider-Man Web of Shadows.exe
FirewallRules: [TCP Query User{B14BCF1A-D8C2-4E90-AC85-2D34DDAB9CBA}C:\program files (x86)\netgear genie\bin\netgeargenie.exe] => (Allow) C:\program files (x86)\netgear genie\bin\netgeargenie.exe
FirewallRules: [UDP Query User{DFA0AB28-939F-46FB-838F-289AF1793492}C:\program files (x86)\netgear genie\bin\netgeargenie.exe] => (Allow) C:\program files (x86)\netgear genie\bin\netgeargenie.exe
FirewallRules: [TCP Query User{AEAC346E-2792-44E7-870A-A5E7142228E3}C:\program files (x86)\netgear genie\bin\netgeargenie.exe] => (Block) C:\program files (x86)\netgear genie\bin\netgeargenie.exe
FirewallRules: [UDP Query User{A13AF60B-0D61-4533-9306-C63DF74D5F42}C:\program files (x86)\netgear genie\bin\netgeargenie.exe] => (Block) C:\program files (x86)\netgear genie\bin\netgeargenie.exe
FirewallRules: [{AE5B0F0D-2D15-459D-B689-72243788ABB4}] => (Allow) LPort=5910
FirewallRules: [{7C897023-B661-4F2E-81A3-25E9F9FB85DE}] => (Allow) C:\Program Files (x86)\Seagate\Seagate Dashboard\HipServAgent\HipServAgent.exe
FirewallRules: [{E06981CC-B31E-426B-B18C-313A35572EA7}] => (Allow) C:\Windows\SysWOW64\msiexec.exe
FirewallRules: [{7F094575-818B-4A60-8270-BC1516EEA445}] => (Allow) C:\Windows\SysWOW64\msiexec.exe
FirewallRules: [{6957C300-76B9-4EC5-8BAD-477091278A72}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
FirewallRules: [{220E9DAC-4B93-4CD6-8C10-FC973552C112}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
FirewallRules: [{50B1BD4B-8078-48FA-8A8D-26CE465BF153}] => (Allow) F:\Program Files (x86)\TMNT-OotS\Binaries\Win32\TMNT-OotS.exe
FirewallRules: [{97218FAD-96C2-4ED6-BE7C-F475A52966A7}] => (Allow) F:\Program Files (x86)\TMNT-OotS\Binaries\Win32\TMNT-OotS.exe
FirewallRules: [{1BC46672-A402-47AD-84D0-9A309B9EDE8F}] => (Allow) F:\Program Files (x86)\TMNT-OotS\Binaries\Win32\TMNT-OotS.exe
FirewallRules: [{ECE481EB-C443-4F5A-BA4E-A6793D5B11D8}] => (Allow) F:\Program Files (x86)\TMNT-OotS\Binaries\Win32\TMNT-OotS.exe
FirewallRules: [{0A064C61-D2CD-42A1-8ED0-782A5D741B15}] => (Block) F:\Program Files (x86)\TMNT-OotS\Binaries\Win32\TMNT-OotS.exe
FirewallRules: [{6BD90AC0-8E03-48D7-AEFA-17A55FDD51E5}] => (Allow) F:\Program Files (x86)\Nero\Nero Blu-ray Player\Blu-rayPlayer.exe
FirewallRules: [{C2622637-5AE8-4FA5-9BAC-3F4F14A7074F}] => (Allow) F:\Program Files (x86)\Nero\Nero Blu-ray Player\Blu-rayPlayer.exe
FirewallRules: [{F0DB37E1-5079-451F-B88D-0114ECFA7290}] => (Allow) F:\Program Files (x86)\Nero\KM\NMDllHost.exe
FirewallRules: [{35A3987B-9195-43D0-91DD-4E7925D113CC}] => (Allow) F:\Program Files (x86)\Nero\KM\NMDllHost.exe
FirewallRules: [{06851F4C-1A06-4187-80E7-46CAF5819331}] => (Block) F:\Program Files (x86)\VSO\ConvertX\5\ConvertXtoDvd.exe
FirewallRules: [{CA4AD212-8CB9-4F92-8150-E2D3BAF44A72}] => (Block) F:\Program Files (x86)\VSO\ConvertX\5\ConvertXtoDvd.exe
FirewallRules: [TCP Query User{0355175E-0613-43E0-B32E-042CAA29C101}F:\program files (x86)\nero\km\nmdllhost.exe] => (Allow) F:\program files (x86)\nero\km\nmdllhost.exe
FirewallRules: [UDP Query User{B8B28EFE-C760-4851-8AF6-CDB5C8901085}F:\program files (x86)\nero\km\nmdllhost.exe] => (Allow) F:\program files (x86)\nero\km\nmdllhost.exe
FirewallRules: [{0C2295A0-1B3B-4D76-8FC1-D4D588448153}] => (Block) %ProgramFiles% (x86)\LEGO MARVEL Super Heroes\LEGOMARVEL.exe
FirewallRules: [{6643FD6A-1AD3-469D-A5F5-C03B0F9F8622}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
FirewallRules: [{3FFC02DA-A178-440B-B6C6-D9EECBC0DFB9}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
FirewallRules: [{22118844-07E6-4397-B0CB-2DB0FDBDF9AC}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [{0F87DA45-9753-48FD-846B-626D2754CA63}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [{8CFA6F8A-132A-45F9-8735-35BD3026D917}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
FirewallRules: [{C562A5BC-438B-4F5C-BCD7-E49DF6A20B92}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [{7D6A1922-EF8C-4458-843F-5C564DA2AF26}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [{41C52425-87B1-460B-BABC-F64D1B464E95}] => (Allow) f:\Program Files (x86)\BitTorrent Sync\BTSync.exe
FirewallRules: [{1F17F2CB-2A49-4B6E-B563-A966F297DC56}] => (Allow) f:\Program Files (x86)\BitTorrent Sync\BTSync.exe
FirewallRules: [{C683904A-9CD3-4A53-89FF-E6D25CF3AFD0}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
FirewallRules: [{9F0F6312-9B5B-4D97-AF29-89E27D00EE83}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
FirewallRules: [{99FC6066-59AD-446A-8999-74EB66D597EB}] => (Block) %SystemRoot%\explorer.exe
FirewallRules: [{E862003E-4349-4083-B834-4A6FBB15378A}] => (Allow) LPort=9235
FirewallRules: [{35290079-B287-4D4A-B143-ADAA1546FB13}] => (Allow) LPort=9235
FirewallRules: [{DCF58F0F-3F0F-42B8-8E81-10609CDEC401}] => (Allow) LPort=9237
FirewallRules: [{F3890F0C-C417-40FB-9E09-66ECC4BA10B5}] => (Allow) LPort=9237
FirewallRules: [{C52C3125-7E5C-4A72-B60C-D708CAA8D8D6}] => (Allow) LPort=8643
FirewallRules: [{C5ECD48F-8584-4D54-812F-D674A9543EA7}] => (Allow) LPort=8200
FirewallRules: [{CDC8793A-5E06-48F3-9A31-E8F123C15358}] => (Allow) LPort=8226
FirewallRules: [{28E794F8-3A3C-45BF-902B-7A72EAC0387F}] => (Allow) LPort=9235
FirewallRules: [{EA8A32E3-0F12-4CB0-B333-B845BA79E059}] => (Allow) LPort=9235
FirewallRules: [{83D142AA-FB71-41C3-80F7-7F88CAF893D0}] => (Allow) LPort=9237
FirewallRules: [{EDAC357A-6BD9-4AA4-A88B-766C07601CA1}] => (Allow) LPort=9237
FirewallRules: [{F6376C2F-D1CF-43F0-A231-83E81756FCD4}] => (Allow) LPort=8643
FirewallRules: [{1F20104D-F725-437E-91F2-E965E400CE81}] => (Allow) LPort=8200
FirewallRules: [{0254D3B2-E0A3-474E-9D31-FB64302EC393}] => (Allow) LPort=8226
FirewallRules: [{4A5D6547-12B5-4D39-A0F8-73289DABA55F}] => (Allow) C:\Program Files (x86)\iTunes\iTunes.exe
FirewallRules: [{0354393E-2D29-4BA8-ADF4-D6C6A569A383}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{93195DF8-9FAA-4B3F-BBDF-4B6D49A8AAD4}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{F156007D-48B7-4869-B588-634D116B48A3}] => (Allow) C:\Program Files (x86)\LeapFrog\LeapFrog Connect\LeapfrogConnect.exe
FirewallRules: [{136DE497-6DFC-4831-AF0E-D242E90E26D2}] => (Allow) C:\Program Files (x86)\Vuze\Azureus.exe
FirewallRules: [{C6DE58D6-8311-4E8D-85EB-BEE993861010}] => (Allow) C:\Program Files (x86)\Vuze\Azureus.exe
FirewallRules: [{E95FC471-48EA-47B8-8C6F-E45F7A6796E7}] => (Allow) C:\ProgramData\TVersity\Media Server\MediaServer.exe
FirewallRules: [{1092EE65-33D1-4646-8121-0CA5E70DED49}] => (Allow) C:\Program Files\Trust.Zone VPN Client\vpnclient_x64.exe
FirewallRules: [{2E7F85D5-61B0-4283-AE76-3E55738D8841}] => (Allow) C:\Program Files\Trust.Zone VPN Client\vpnclient.exe
FirewallRules: [{FFB07815-6280-4BAD-85A6-D9A88494281F}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\outlook.exe
FirewallRules: [{A08EDC01-FC0B-45FF-A6AD-0E6E3ED9E970}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\Lync.exe
FirewallRules: [{92144329-3E6B-413D-BA3B-79A510D08BE4}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\Lync.exe
FirewallRules: [{5B44AFAE-26E2-40D3-9698-67C4C8A9B457}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\UcMapi.exe
FirewallRules: [{050828F7-48A8-4E3C-B0D5-21667AA9ED28}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\UcMapi.exe
FirewallRules: [{550B7C6B-1D98-4393-948F-76E23BDEC2EC}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{BC424DE9-13F1-4DEB-988E-0FB00ECBA776}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{2E88A188-CEC3-4CB1-A58B-CD74E2AF5533}] => (Allow) C:\Program Files\HP\HP Deskjet 2540 series\Bin\DeviceSetup.exe
FirewallRules: [{08CE264A-3919-4A36-A714-C50E165733B2}] => (Allow) LPort=5357
FirewallRules: [{E5231F65-DEC9-48A0-A7A8-3AB1DF1224C3}] => (Allow) C:\Program Files\HP\HP Deskjet 2540 series\Bin\HPNetworkCommunicatorCom.exe
FirewallRules: [{BAE82953-0968-4B4A-8EEF-5F07DAE96551}] => (Allow) C:\Program Files (x86)\Vuze\Azureus.exe
FirewallRules: [{464A1D38-E18C-494A-B33F-1ADA0A913494}] => (Allow) C:\Program Files (x86)\Vuze\Azureus.exe
FirewallRules: [{FAA05BCC-47B5-4A33-AC1A-7F6F9F53E7F7}] => (Allow) C:\Users\installation\AppData\Local\Google\Chrome\Application\chrome.exe
FirewallRules: [{7F333B4C-6395-4E47-8F2A-BB31E30A23C3}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe
FirewallRules: [{DCD84B7F-A404-4DBF-907E-8A92EF00ABAB}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe
FirewallRules: [{88552AFF-485B-42C7-9D62-E7DB03AC8A34}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe
FirewallRules: [{7CA34255-A762-472A-8734-4241EE552196}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [{98B9197E-C3E6-4F65-88F4-AC8F0EBAB931}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [{3A79BCDB-C9DA-4DE6-AF50-EDE80FA1FCD0}] => (Allow) C:\Program Files (x86)\qBittorrent\qbittorrent.exe
FirewallRules: [{07D0490A-4138-4C12-A854-BFD5739DF7F2}] => (Allow) C:\Program Files (x86)\qBittorrent\qbittorrent.exe
StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\FlashGet Network\FlashGet 3\FlashGet3.exe] => Enabled:Flashget3

==================== Restore Points =========================

19-12-2015 23:21:51 Installed ESET Smart Security
20-12-2015 19:43:50 Windows Backup
25-12-2015 19:10:07 Restore Operation
30-12-2015 15:30:24 Removed Java 8 Update 65

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (01/01/2016 07:06:36 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: mDNSCoreReceiveResponse: Unexpected conflict discarding   12 6.1.168.192.in-addr.arpa. PTR Pals.local.

Error: (01/01/2016 07:06:36 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: mDNSCoreReceiveResponse: Received from 192.168.1.6:5353   14 6.1.168.192.in-addr.arpa. PTR Pals-2.local.

Error: (01/01/2016 07:06:36 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: mDNSCoreReceiveResponse: Unexpected conflict discarding   12 6.1.174.10.in-addr.arpa. PTR Pals.local.

Error: (01/01/2016 07:06:36 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: mDNSCoreReceiveResponse: Received from 10.174.1.6:5353   14 6.1.174.10.in-addr.arpa. PTR Pals-2.local.

Error: (01/01/2016 07:04:44 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: mDNSCoreReceiveResponse: Unexpected conflict discarding   12 6.1.168.192.in-addr.arpa. PTR Pals.local.

Error: (01/01/2016 07:04:44 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: mDNSCoreReceiveResponse: Received from 192.168.1.6:5353   14 6.1.168.192.in-addr.arpa. PTR Pals-2.local.

Error: (01/01/2016 11:38:45 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: mDNSCoreReceiveResponse: Unexpected conflict discarding   12 6.1.168.192.in-addr.arpa. PTR Pals.local.

Error: (01/01/2016 11:38:45 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: mDNSCoreReceiveResponse: Received from 192.168.1.6:5353   14 6.1.168.192.in-addr.arpa. PTR Pals-2.local.

Error: (01/01/2016 11:34:01 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: mDNSCoreReceiveResponse: Unexpected conflict discarding   12 6.1.168.192.in-addr.arpa. PTR Pals.local.

Error: (01/01/2016 11:34:01 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: mDNSCoreReceiveResponse: Received from 192.168.1.6:5353   14 6.1.168.192.in-addr.arpa. PTR Pals-2.local.


System errors:
=============
Error: (01/02/2016 02:23:16 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Trust.Zone VPN Client service terminated unexpectedly.  It has done this 6775 time(s).  The following corrective action will be taken in 10000 milliseconds: Restart the service.

Error: (01/02/2016 02:23:06 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Trust.Zone VPN Client service terminated unexpectedly.  It has done this 6774 time(s).  The following corrective action will be taken in 10000 milliseconds: Restart the service.

Error: (01/02/2016 02:22:55 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Trust.Zone VPN Client service terminated unexpectedly.  It has done this 6773 time(s).  The following corrective action will be taken in 10000 milliseconds: Restart the service.

Error: (01/02/2016 02:22:45 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Trust.Zone VPN Client service terminated unexpectedly.  It has done this 6772 time(s).  The following corrective action will be taken in 10000 milliseconds: Restart the service.

Error: (01/02/2016 02:22:34 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Trust.Zone VPN Client service terminated unexpectedly.  It has done this 6771 time(s).  The following corrective action will be taken in 10000 milliseconds: Restart the service.

Error: (01/02/2016 02:22:24 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Trust.Zone VPN Client service terminated unexpectedly.  It has done this 6770 time(s).  The following corrective action will be taken in 10000 milliseconds: Restart the service.

Error: (01/02/2016 02:22:14 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Trust.Zone VPN Client service terminated unexpectedly.  It has done this 6769 time(s).  The following corrective action will be taken in 10000 milliseconds: Restart the service.

Error: (01/02/2016 02:22:03 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Trust.Zone VPN Client service terminated unexpectedly.  It has done this 6768 time(s).  The following corrective action will be taken in 10000 milliseconds: Restart the service.

Error: (01/02/2016 02:21:53 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Trust.Zone VPN Client service terminated unexpectedly.  It has done this 6767 time(s).  The following corrective action will be taken in 10000 milliseconds: Restart the service.

Error: (01/02/2016 02:21:42 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Trust.Zone VPN Client service terminated unexpectedly.  It has done this 6766 time(s).  The following corrective action will be taken in 10000 milliseconds: Restart the service.


CodeIntegrity:
===================================
  Date: 2016-01-02 14:18:56.756
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\hmpalert.dll because the set of per-page image hashes could not be found on the system.

  Date: 2016-01-01 19:54:29.892
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\hmpalert.dll because the set of per-page image hashes could not be found on the system.

  Date: 2016-01-01 19:06:20.345
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\TrueSight.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2016-01-01 19:06:20.203
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\TrueSight.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2016-01-01 19:02:17.993
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\hmpalert.dll because the set of per-page image hashes could not be found on the system.

  Date: 2016-01-01 11:35:10.066
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\hmpalert.dll because the set of per-page image hashes could not be found on the system.

  Date: 2016-01-01 11:34:03.748
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\hmpalert.dll because the set of per-page image hashes could not be found on the system.

  Date: 2016-01-01 10:16:19.828
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\TrueSight.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2016-01-01 10:16:19.653
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\TrueSight.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2016-01-01 10:11:29.957
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\hmpalert.dll because the set of per-page image hashes could not be found on the system.


==================== Memory info ===========================

Processor: Intel® Pentium® Dual CPU E2180 @ 2.00GHz
Percentage of memory in use: 70%
Total physical RAM: 4094.18 MB
Available physical RAM: 1196.75 MB
Total Virtual: 5625.36 MB
Available Virtual: 3030.74 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:309.5 GB) (Free:87 GB) NTFS ==>[drive with boot components (obtained from BCD)]
Drive e: (FreeAgent GoFlex Drive) (Fixed) (Total:698.71 GB) (Free:283.56 GB) NTFS
Drive f: (Windowsxp) (Fixed) (Total:156.26 GB) (Free:5.1 GB) NTFS
Drive g: (music and pictures) (Fixed) (Total:307.93 GB) (Free:302.07 GB) NTFS
Drive h: (movies) (Fixed) (Total:390.62 GB) (Free:217.44 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows XP) (Size: 465.8 GB) (Disk ID: D0F4738C)
Partition 1: (Active) - (Size=309.5 GB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=156.3 GB) - (Type=07 NTFS)

========================================================
Disk: 1 (MBR Code: Windows 7 or 8) (Size: 1397.3 GB) (Disk ID: 75D53715)
Partition 1: (Not Active) - (Size=698.7 GB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=307.9 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=390.6 GB) - (Type=07 NTFS)

==================== End of Addition.txt ============================

 

I followed your instructions to export my book marks. Then booted to safe mode, added the addin for exporting the user names and passwords, removed firefox, deleted the mozilla folders in the program data and app data folders. Downloaded a fresh copy of fire fox, Installed it, then booted to normal.

 

Again it took a while to load up, the internet connection icon in the system tray took the long time again. Opened windows explorer the folders you wanted me to delete are still there. Opened fire fox tried to load up netflix same issue. I even tried a different profile in netflix.

 

It seems like there is something that is avoiding detection and reloading itself.

 

I appreciate your patience with me and ready to see what you would suggest next.

-Jouster-



#10 jouster007

jouster007
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:09:51 AM

Posted 02 January 2016 - 08:10 PM

I tried one more thing. I booted into safe mode, attempted to delete the folders which you wanted me to delete it still wouldn't let me but it did let me rename them to old and old2. When I rebooted into normal mode, everything was still the same. the questionable folders in the Program data were still renamed to old and old2 they did not rebuild themselves but the started up was the same as was netflix.

 

I'm sorry if i jumped ahead I just wanted to eliminate that as a possibility.

Jouster



#11 nasdaq

nasdaq

  • Malware Response Team
  • 40,169 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:01:51 PM

Posted 03 January 2016 - 09:42 AM


The only erro that might explain your problem is this VPN Client service.

Error: (01/02/2016 02:23:16 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Trust.Zone VPN Client service terminated unexpectedly. It has done this 6775 time(s). The following corrective action will be taken in 10000 milliseconds: Restart the service.

Error: (01/02/2016 02:23:06 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Trust.Zone VPN Client service terminated unexpectedly. It has done this 6774 time(s). The following corrective action will be taken in 10000 milliseconds: Restart the service.

etc...


This service is listed in your MSCONFIG section of the addition.txt , I suggest your set it to enable.

MSCONFIG\Services: EzVpnSvc => 2

All f this is part of the service.
S2 TZVPNCLIENT; C:\Program Files\Trust.Zone VPN Client\vpnclient_x64.exe [4492280 2015-10-18] (Trust.Zone VPN Project)

Did you install this and why do you need it?

#12 jouster007

jouster007
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:09:51 AM

Posted 03 January 2016 - 09:44 PM

I asked my friend whom I am helping fix his computer if he install trust zone and if he knew why he said he didn't. However, it is very possible his teenage son did. He said he did not want this on the computer if this is what was causing a problem. I first tried an uninstaller to remove trust zone manually as I did not see any programs listed as such in the add/remove programs list. If found the program and uninstalled it. However when i searched the registry further there were some lingering entries so deleted those as well. I rebooted the computer still have the same issue. As of 6:30 pm I did all this so run another Farbar scan and have posted the logs. It would appear netflix is still not working.

 

Any other ideas? I have no idea what further programs my friend's teenage son installed that may have lead to this.

 

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:29-12-2015
Ran by installation (administrator) on PALS (03-01-2016 18:32:39)
Running from C:\Users\installation\Desktop
Loaded Profiles: installation (Available Profiles: Larry & Carrie & installation & Test for Antivirus & User1 & Mama's Mix profile & Joel & Administrator & Guest)
Platform: Windows 7 Ultimate Service Pack 1 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(ESET) C:\Program Files\ESET\ESET Smart Security\ekrn.exe
(SurfRight B.V.) C:\Program Files (x86)\HitmanPro.Alert\hmpalert.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Innovative Solutions) C:\Program Files (x86)\Innovative Solutions\Advanced Uninstaller PRO\uninstaller.exe
() C:\Program Files\pia_manager\pia_manager.exe
(Microsoft Corporation) C:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe
(Microsoft Corporation) C:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe
(Microsoft Corporation) C:\Program Files\Microsoft Xbox 360 Accessories\XBoxStat.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
(alch) C:\Program Files (x86)\ClamWin\bin\ClamTray.exe
(NETGEAR Inc.) C:\Program Files (x86)\NETGEAR Genie\bin\NETGEARGenie.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe
(Piriform Ltd) C:\Program Files\CCleaner\CCleaner64.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe
(Hewlett-Packard) C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
() C:\Program Files (x86)\Common Files\Freemake Shared\ProductUpdater\ProductUpdater.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
() C:\Program Files (x86)\Syncios\SynciosDeviceService.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe
(StarWind Software) C:\Program Files (x86)\Alcohol 120\StarWind\StarWindServiceAE.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe
(ESET) C:\Program Files\ESET\ESET Smart Security\egui.exe
() C:\Program Files (x86)\Common Files\Innovative Solutions\Advanced Uninstaller\InnovativeSolutions_monitor_Svr.exe
() C:\Program Files (x86)\NETGEAR Genie\bin\genie2_tray.exe
(hxxp://www.ruby-lang.org/) C:\Users\installation\AppData\Local\Temp\ocr5CDE.tmp\bin\rubyw.exe
() C:\Program Files\pia_manager\pia_manager.exe
(Microsoft Corporation) C:\Windows\splwow64.exe
(Farbar) C:\Users\installation\Desktop\FRST64(2).exe
(hxxp://www.ruby-lang.org/) C:\Users\installation\AppData\Local\Temp\ocrBE2.tmp\bin\rubyw.exe
() C:\Program Files\pia_manager\pia_tray\pia_tray.exe
() C:\Program Files\pia_manager\openvpn.exe


==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [XboxStat] => C:\Program Files\Microsoft Xbox 360 Accessories\XboxStat.exe [825184 2009-09-30] (Microsoft Corporation)
HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2634896 2015-07-23] (NVIDIA Corporation)
HKLM\...\Run: [ShadowPlay] => C:\Windows\system32\rundll32.exe C:\Windows\system32\nvspcap64.dll,ShadowPlayOnSystemStart
HKLM-x32\...\Run: [HP Software Update] => C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe [96056 2013-05-30] (Hewlett-Packard)
HKLM-x32\...\Run: [ProductUpdater] => C:\Program Files (x86)\Common Files\Freemake Shared\ProductUpdater\ProductUpdater.exe [71680 2015-11-23] ()
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [596528 2015-11-09] (Oracle Corporation)
HKLM-x32\...\Run: [Syncios device service] => C:\Program Files (x86)\Syncios\SynciosDeviceService.exe [736768 2014-08-12] ()
HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2014-09-01] (Apple Inc.)
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [43816 2014-07-31] (Apple Inc.)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-2085024141-2439579769-4020783274-1004\...\Run: [ClamWin] => C:\Program Files (x86)\ClamWin\bin\ClamTray.exe [86016 2015-05-05] (alch)
HKU\S-1-5-21-2085024141-2439579769-4020783274-1004\...\Run: [NETGEARGenie] => C:\Program Files (x86)\NETGEAR Genie\bin\NETGEARGenie.exe [602880 2015-06-01] (NETGEAR Inc.)
HKU\S-1-5-21-2085024141-2439579769-4020783274-1004\...\Run: [iCloudServices] => C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe [43816 2014-08-07] (Apple Inc.)
HKU\S-1-5-21-2085024141-2439579769-4020783274-1004\...\Run: [ApplePhotoStreams] => C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe [43816 2014-08-14] (Apple Inc.)
HKU\S-1-5-21-2085024141-2439579769-4020783274-1004\...\Run: [Google Update] => C:\Users\installation\AppData\Local\Google\Update\GoogleUpdate.exe [144200 2015-08-27] (Google Inc.)
HKU\S-1-5-21-2085024141-2439579769-4020783274-1004\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [8591272 2015-11-16] (Piriform Ltd)
HKU\S-1-5-21-2085024141-2439579769-4020783274-1004\...\MountPoints2: F - F:\Launcher.exe
HKU\S-1-5-21-2085024141-2439579769-4020783274-1004\...\MountPoints2: I - I:\autorun.exe
HKU\S-1-5-21-2085024141-2439579769-4020783274-1004\...\MountPoints2: {2850e040-bd39-11e1-a1e8-806e6f6e6963} - H:\Launcher.exe
HKU\S-1-5-21-2085024141-2439579769-4020783274-1004\...\MountPoints2: {5bbe4818-3798-11e3-ae3e-0024e813eacf} - H:\X501_ZTE.exe
HKU\S-1-5-21-2085024141-2439579769-4020783274-1004\...\MountPoints2: {63e27712-4025-11e3-b87d-0024e813eacf} - H:\iLinker.exe
HKU\S-1-5-21-2085024141-2439579769-4020783274-1004\...\MountPoints2: {758126d2-149f-11e3-a3ba-0024e813eacf} - I:\X501_ZTE.exe
HKU\S-1-5-21-2085024141-2439579769-4020783274-1004\...\MountPoints2: {9227cbae-c546-11e2-9d73-0024e813eacf} - C:\Windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL E:\TL-Bootstrap.exe
HKU\S-1-5-21-2085024141-2439579769-4020783274-1004\...\MountPoints2: {ba0431f5-eeee-11e2-bbcc-0024e813eacf} - G:\X501_ZTE.exe
HKU\S-1-5-21-2085024141-2439579769-4020783274-1004\...\MountPoints2: {c6eaa3da-4383-11e4-b1f2-0024e813eacf} - E:\X501_ZTE.exe
HKU\S-1-5-21-2085024141-2439579769-4020783274-1004\...\MountPoints2: {cb1bd0a1-cce5-11e1-aaa2-0024e813eacf} - I:\KODAK_Software_Downloader.exe
HKU\S-1-5-21-2085024141-2439579769-4020783274-1004\...\MountPoints2: {e76ce140-326e-11e2-9ad9-806e6f6e6963} - H:\Launcher.exe
Startup: C:\Users\installation\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Monitor Ink Alerts - HP Deskjet 2540 series.lnk [2016-01-03]
ShortcutTarget: Monitor Ink Alerts - HP Deskjet 2540 series.lnk -> C:\Program Files\HP\HP Deskjet 2540 series\Bin\HPStatusBL.dll (Hewlett-Packard Co.)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{8456B2B0-2CD7-404F-AF35-96E37532BC6B}: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{EE8818FE-BB8D-47E9-B323-81FA5816594A}: [DhcpNameServer] 209.222.18.222 209.222.18.218

Internet Explorer:
==================
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\OCHelper.dll [2015-12-19] (Microsoft Corporation)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\URLREDIR.DLL [2015-12-19] (Microsoft Corporation)
BHO: Microsoft OneDrive for Business Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\GROOVEEX.DLL [2015-12-19] (Microsoft Corporation)
BHO-x32: RealNetworks Download and Record Plugin for Internet Explorer -> {3049C3E9-B461-4BC5-8870-4C09146192CA} -> C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin.dll [2013-03-06] (RealDownloader)
BHO-x32: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\root\Office16\OCHelper.dll [2015-12-19] (Microsoft Corporation)
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_66\bin\ssv.dll [2015-11-16] (Oracle Corporation)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\root\Office16\URLREDIR.DLL [2015-12-19] (Microsoft Corporation)
BHO-x32: Microsoft OneDrive for Business Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\root\Office16\GROOVEEX.DLL [2015-12-19] (Microsoft Corporation)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_66\bin\jp2ssv.dll [2015-11-16] (Oracle Corporation)
BHO-x32: Freemake.YoutubeButton -> {e9e8eb35-ff77-455d-b677-91e5e4fc06c2} -> C:\Windows\SysWOW64\mscoree.dll [2010-11-04] (Microsoft Corporation)
Handler-x32: belarc - {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - C:\Program Files (x86)\Belarc\BelarcAdvisor\System\BAVoilaX.dll [2015-08-05] (Belarc, Inc.)
Handler-x32: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2015-12-19] (Microsoft Corporation)
Handler-x32: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2015-12-19] (Microsoft Corporation)
Handler-x32: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2015-12-19] (Microsoft Corporation)
Handler-x32: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2015-12-19] (Microsoft Corporation)

FireFox:
========
FF ProfilePath: C:\Users\installation\AppData\Roaming\Mozilla\Firefox\Profiles\owj0hsac.default
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_19_0_0_245.dll [2015-11-29] ()
FF Plugin: @java.com/DTPlugin,version=10.25.2 -> C:\Windows\system32\npDeployJava1.dll [2013-09-09] (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.41105.0\npctrl.dll [2015-11-04] ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_19_0_0_245.dll [2015-11-29] ()
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\Windows\SysWOW64\Adobe\Director\np32dsw_1215155.dll [2014-12-02] (Adobe Systems, Inc.)
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2014-05-06] ()
FF Plugin-x32: @gpac/osmozilla,version=1.0 -> C:\Program Files (x86)\GPAC\nposmozilla.dll [2012-05-25] ( )
FF Plugin-x32: @java.com/DTPlugin,version=11.66.2 -> C:\Program Files (x86)\Java\jre1.8.0_66\bin\dtplugin\npDeployJava1.dll [2015-11-16] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.66.2 -> C:\Program Files (x86)\Java\jre1.8.0_66\bin\plugin2\npjp2.dll [2015-11-16] (Oracle Corporation)
FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX86\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2015-12-19] (Microsoft Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.41105.0\npctrl.dll [2015-11-04] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files (x86)\Microsoft Office\root\Office16\NPSPWRAP.DLL [2015-12-19] (Microsoft Corporation)
FF Plugin-x32: @Nero.com/KM -> C:\PROGRA~2\COMMON~1\Nero\BROWSE~1\NPBROW~1.DLL [2013-08-20] (Nero AG)
FF Plugin-x32: @real.com/nppl3260;version=16.0.1.18 -> c:\program files (x86)\real\realplayer\Netscape6\nppl3260.dll [No File]
FF Plugin-x32: @real.com/nprndlchromebrowserrecordext;version=1.3.1 -> C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlchromebrowserrecordext.dll [2013-03-06] (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprndlhtml5videoshim;version=1.3.1 -> C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlhtml5videoshim.dll [2013-03-06] (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprndlpepperflashvideoshim;version=1.3.1 -> C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlpepperflashvideoshim.dll [2013-03-06] (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprpplugin;version=16.0.1.18 -> c:\program files (x86)\real\realplayer\Netscape6\nprpplugin.dll [No File]
FF Plugin-x32: @realnetworks.com/npdlplugin;version=1 -> C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\npdlplugin.dll [2013-03-06] (RealDownloader)
FF Plugin-x32: @videolan.org/vlc,version=2.0.3 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2012-07-19] (VideoLAN)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2015-09-30] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-2085024141-2439579769-4020783274-1004: @tools.google.com/Google Update;version=3 -> C:\Users\installation\AppData\Local\Google\Update\1.3.29.1\npGoogleUpdate3.dll [2015-12-04] (Google Inc.)
FF Plugin HKU\S-1-5-21-2085024141-2439579769-4020783274-1004: @tools.google.com/Google Update;version=9 -> C:\Users\installation\AppData\Local\Google\Update\1.3.29.1\npGoogleUpdate3.dll [2015-12-04] (Google Inc.)
FF HKLM-x32\...\Firefox\Extensions: [{DAC3F861-B30D-40dd-9166-F4E75327FAC7}] - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext
FF Extension: RealDownloader - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext [2013-03-17] [not signed]
FF HKLM-x32\...\Firefox\Extensions: [fmdownloader@gmail.com] - C:\Program Files (x86)\Freemake\Freemake Video Downloader\BrowserPlugin\Firefox\fmdownloader@gmail.com
FF Extension: Freemake Video Downloader Plugin - C:\Program Files (x86)\Freemake\Freemake Video Downloader\BrowserPlugin\Firefox\fmdownloader@gmail.com [2013-03-18] [not signed]
FF HKLM-x32\...\Firefox\Extensions: [ytfmdownloader@gmail.com] - C:\Program Files (x86)\Freemake\Freemake Video Downloader\BrowserPlugin\Firefox\ytfmdownloader@gmail.com
FF Extension: Freemake Youtube Download Button - C:\Program Files (x86)\Freemake\Freemake Video Downloader\BrowserPlugin\Firefox\ytfmdownloader@gmail.com [2013-03-18] [not signed]
FF HKLM-x32\...\Firefox\Extensions: [{ABDE892B-13A8-4d1b-88E6-365A6E755758}] - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext

Chrome:
=======
CHR Profile: C:\Users\installation\AppData\Local\Google\Chrome\User Data\default
CHR Extension: (Chrome Web Store Payments) - C:\Users\installation\AppData\Local\Google\Chrome\User Data\default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-12-25]
CHR HKLM-x32\...\Chrome\Extension: [idhngdhcfkoamngbedgpaokgjbnpdiji] - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Chrome\Ext\realdownloader.crx [2013-03-06]
StartMenuInternet: Google Chrome.75L362MWEYYJVWM3OLNFXNGWII - C:\Users\installation\AppData\Local\Google\Chrome\Application\chrome.exe

==================== Services (Whitelisted) ========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S4 ACDaemon; C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe [113152 2010-03-18] (ArcSoft Inc.)
S4 AxAutoMntSrv; C:\Program Files (x86)\Alcohol 120\AxAutoMntSrv.exe [75624 2012-01-05] (Alcohol Soft Development Team)
S3 c2wts; C:\Program Files\Windows Identity Foundation\v3.5\c2wtshost.exe [13080 2010-01-24] (Microsoft Corporation)
R2 ClickToRunSvc; C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe [2869432 2015-11-01] (Microsoft Corporation)
R2 ekrn; C:\Program Files\ESET\ESET Smart Security\ekrn.exe [2521080 2015-11-19] (ESET)
S4 FreemakeVideoCapture; C:\Program Files (x86)\Freemake\CaptureLib\CaptureLibService.exe [9216 2013-02-25] (Ellora Assets Corp.) [File not signed]
R2 GfExperienceService; C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe [1155216 2015-07-23] (NVIDIA Corporation)
R2 hmpalertsvc; C:\Program Files (x86)\HitmanPro.Alert\hmpalert.exe [1876816 2014-11-05] (SurfRight B.V.)
R3 InnovativeSolutions_monitor; C:\Program Files (x86)\Common Files\Innovative Solutions\Advanced Uninstaller\InnovativeSolutions_monitor_Svr.exe [1064520 2015-11-23] ()
S4 NETGEARGenieDaemon; C:\Program Files (x86)\NETGEAR Genie\bin\NETGEARGenieDaemon64.exe [232192 2015-06-01] (NETGEAR)
R2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1871504 2015-07-23] (NVIDIA Corporation)
R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe [5544592 2015-07-23] (NVIDIA Corporation)
R2 StarWindServiceAE; C:\Program Files (x86)\Alcohol 120\StarWind\StarWindServiceAE.exe [370688 2009-12-23] (StarWind Software) [File not signed]
S3 TVersityMediaServer; C:\ProgramData\TVersity\Media Server\MediaServer.exe [1783944 2015-07-29] ()
S4 UDisk Monitor; C:\Program Files (x86)\Froyo_Android_Driver\Bin\MonServiceUDisk.exe [517960 2012-04-20] ()
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-26] (Microsoft Corporation)
S4 RealNetworks Downloader Resolver Service; "C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe" [X]
S4 TZVPNCLIENT; "C:\Program Files\Trust.Zone VPN Client\vpnclient_x64.exe" /service [X]

===================== Drivers (Whitelisted) ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S3 61883; C:\Windows\System32\DRIVERS\61883.sys [60288 2009-07-13] (Microsoft Corporation)
R1 aswKbd; C:\Windows\System32\Drivers\aswKbd.sys [19600 2012-07-03] (AVAST Software)
R1 eamonm; C:\Windows\System32\DRIVERS\eamonm.sys [263528 2015-11-16] (ESET)
S3 ebdrv; C:\Windows\system32\DRIVERS\evbda.sys [3286016 2009-06-10] (Broadcom Corporation)
R1 ehdrv; C:\Windows\System32\DRIVERS\ehdrv.sys [186784 2015-11-16] (ESET)
R2 ekbdflt; C:\Windows\System32\DRIVERS\ekbdflt.sys [142976 2015-11-16] (ESET)
R1 epfw; C:\Windows\System32\DRIVERS\epfw.sys [206312 2015-11-16] (ESET)
R1 EpfwLWF; C:\Windows\System32\DRIVERS\EpfwLWF.sys [52872 2015-11-16] (ESET)
R0 epfwwfp; C:\Windows\System32\DRIVERS\epfwwfp.sys [69840 2015-11-16] (ESET)
S3 FlyUsb; C:\Windows\System32\DRIVERS\FlyUsb.sys [24576 2011-11-12] (LeapFrog)
S3 Generalusbserialser20675; C:\Windows\System32\DRIVERS\CT_U_USBSER.sys [128328 2012-04-20] (Incorporated)
S3 GenericMount; C:\Windows\System32\DRIVERS\GenericMount.sys [54320 2009-09-21] (Symantec Corporation)
R2 hmpalert; C:\Windows\System32\drivers\hmpalert.sys [93144 2014-11-05] ()
S3 IPNPF; C:\Windows\SysWOW64\drivers\IPNPF.sys [42704 2012-03-05] (SurveilStar Inc.      )
R1 ISODrive; C:\Program Files (x86)\UltraISO\drivers\ISODrv64.sys [115600 2009-02-10] (EZB Systems, Inc.)
R2 NPF; C:\Windows\system32\drivers\npf.sys [35344 2015-09-18] (CACE Technologies, Inc.)
R3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [19600 2015-07-23] (NVIDIA Corporation)
R3 nvvad_WaveExtensible; C:\Windows\System32\drivers\nvvad64v.sys [47976 2015-07-02] (NVIDIA Corporation)
R1 RrNetCapFilterDriver; C:\Windows\System32\DRIVERS\RrNetCapFilterDriver.sys [24744 2013-10-07] (Audials AG)
R0 sptd; C:\Windows\System32\Drivers\sptd.sys [560184 2012-06-23] (Duplex Secure Ltd.)
S3 taphss6; C:\Windows\System32\DRIVERS\taphss6.sys [42184 2013-01-10] (Anchorfree Inc.)
S3 TFsfltdrv; C:\Windows\SysWOW64\drivers\tfsfltdrv.sys [35272 2012-03-05] (SurveilStar Inc.      )
U3 TrueSight; C:\Windows\System32\drivers\TrueSight.sys [30848 2016-01-01] ()
U3 ac4u73yb; C:\Windows\System32\Drivers\ac4u73yb.sys [0 ] (Microsoft Corporation) <==== ATTENTION (zero byte File/Folder)

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-01-03 18:08 - 2016-01-03 18:32 - 00022319 _____ C:\Users\installation\Desktop\FRST.txt
2016-01-03 17:38 - 2016-01-03 18:07 - 00000356 _____ C:\Windows\Tasks\Health-Check-auto.job
2016-01-03 17:38 - 2016-01-03 18:00 - 00000358 _____ C:\Windows\Tasks\Health-Check-deep.job
2016-01-03 17:38 - 2016-01-03 18:00 - 00000350 _____ C:\Windows\Tasks\Health-Check.job
2016-01-03 17:38 - 2016-01-03 17:38 - 00003460 _____ C:\Windows\System32\Tasks\UninstallMonitor
2016-01-03 17:38 - 2016-01-03 17:38 - 00002948 _____ C:\Windows\System32\Tasks\Health-Check-deep
2016-01-03 17:38 - 2016-01-03 17:38 - 00002940 _____ C:\Windows\System32\Tasks\Health-Check
2016-01-03 17:38 - 2016-01-03 17:38 - 00002644 _____ C:\Windows\System32\Tasks\Health-Check-auto
2016-01-03 17:38 - 2016-01-03 17:38 - 00001645 _____ C:\Users\installation\Desktop\Advanced Uninstaller PRO 11.lnk
2016-01-03 17:38 - 2016-01-03 17:38 - 00001529 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Advanced Uninstaller PRO 11.lnk
2016-01-03 17:38 - 2016-01-03 17:38 - 00000000 ____D C:\Users\installation\AppData\Local\Innovative Solutions
2016-01-03 17:38 - 2016-01-03 17:38 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Advanced Uninstaller PRO
2016-01-03 17:38 - 2016-01-03 17:38 - 00000000 ____D C:\ProgramData\Innovative Solutions
2016-01-03 17:38 - 2016-01-03 17:38 - 00000000 ____D C:\Program Files (x86)\Innovative Solutions
2016-01-03 17:38 - 2014-03-07 09:25 - 00042496 _____ C:\Windows\SysWOW64\AdvUninstCPL.cpl
2016-01-02 15:16 - 2016-01-02 15:16 - 00000936 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2016-01-02 15:16 - 2016-01-02 15:16 - 00000924 _____ C:\Users\Public\Desktop\Mozilla Firefox.lnk
2016-01-02 15:16 - 2016-01-02 15:16 - 00000000 ____D C:\Users\installation\AppData\Roaming\Mozilla
2016-01-02 15:16 - 2016-01-02 15:16 - 00000000 ____D C:\Program Files\Mozilla Firefox
2016-01-02 15:16 - 2016-01-02 15:16 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2016-01-02 14:48 - 2016-01-02 14:48 - 47604512 _____ C:\Users\installation\Downloads\Firefox Setup 43.0.3.exe
2016-01-02 14:34 - 2016-01-02 14:35 - 00000000 ____D C:\Users\installation\Desktop\backup bookmarks
2016-01-02 14:29 - 2016-01-02 14:32 - 00001148 _____ C:\Users\installation\Desktop\Fixlogold.txt
2016-01-02 14:22 - 2016-01-02 14:23 - 00080480 _____ C:\Users\installation\Desktop\Additionold.txt
2016-01-02 14:21 - 2016-01-02 14:23 - 00043646 _____ C:\Users\installation\Desktop\FRSTold.txt
2016-01-02 14:20 - 2015-12-29 21:30 - 02370560 _____ (Farbar) C:\Users\installation\Desktop\FRST64(2).exe
2016-01-01 19:45 - 2016-01-01 19:45 - 00003476 _____ C:\Users\installation\Desktop\RogueReport2.txt
2016-01-01 18:56 - 2016-01-01 18:56 - 00000000 ____D C:\Users\installation\Desktop\Old Firefox Data
2015-12-31 17:40 - 2015-12-31 17:40 - 00005894 _____ C:\Users\installation\Desktop\RogueReport.txt
2015-12-31 13:40 - 2016-01-01 19:06 - 00030848 _____ C:\Windows\system32\Drivers\TrueSight.sys
2015-12-31 13:40 - 2015-12-31 17:42 - 00000000 ____D C:\ProgramData\RogueKiller
2015-12-31 13:32 - 2015-12-31 13:32 - 20835400 _____ C:\Users\installation\Desktop\RogueKiller(1).exe
2015-12-30 15:19 - 2015-12-30 15:19 - 01745920 _____ C:\Users\installation\Desktop\AdwCleaner(1).exe
2015-12-30 15:09 - 2015-12-30 15:10 - 00010450 _____ C:\Users\installation\Downloads\Fixlog.txt
2015-12-29 21:49 - 2015-12-29 21:50 - 00061832 _____ C:\Users\installation\Downloads\Addition.txt
2015-12-29 21:30 - 2015-12-29 21:30 - 02370560 _____ (Farbar) C:\Users\installation\Downloads\FRST64(2).exe
2015-12-27 20:45 - 2015-12-27 20:45 - 00005859 _____ C:\Windows\brndlog.txt
2015-12-27 20:44 - 2015-12-27 20:44 - 00000000 ____D C:\Users\Default\AppData\Local\NVIDIA
2015-12-27 20:44 - 2015-12-27 20:44 - 00000000 ____D C:\Users\Default User\AppData\Local\NVIDIA
2015-12-25 18:55 - 2015-12-25 19:16 - 00000000 ____D C:\Users\installation\Downloads\backups
2015-12-25 18:18 - 2015-09-28 21:22 - 1488422178 _____ C:\Inside.Out.2015.HDRip.XviD.AC3-EVO.avi
2015-12-25 17:59 - 2015-12-25 17:59 - 00001080 _____ C:\maleware results.txt
2015-12-25 14:14 - 2015-12-25 19:16 - 00000000 ____D C:\Program Files (x86)\Malwarebytes Anti-Malware
2015-12-25 14:14 - 2015-12-25 14:14 - 00000000 ____D C:\ProgramData\Malwarebytes
2015-12-25 14:08 - 2015-12-25 14:08 - 00000000 ____D C:\Users\installation\AppData\Roaming\Opera Software
2015-12-25 14:08 - 2015-12-25 14:08 - 00000000 ____D C:\Users\installation\AppData\Local\Opera Software
2015-12-25 14:07 - 2015-12-25 19:16 - 00000000 ____D C:\Program Files (x86)\Opera
2015-12-25 14:03 - 2015-12-25 14:03 - 00027726 _____ C:\ComboFix.txt
2015-12-25 13:29 - 2015-12-25 14:03 - 00000000 ____D C:\ComboFix
2015-12-25 13:22 - 2015-12-25 14:03 - 00000000 ____D C:\Qoobox
2015-12-25 13:21 - 2015-12-25 19:16 - 00000000 ____D C:\Windows\erdnt
2015-12-20 15:09 - 2016-01-02 16:58 - 00882742 _____ C:\Windows\ntbtlog.txt
2015-12-20 15:07 - 2015-12-20 15:07 - 00000049 _____ C:\Users\installation\test.txt
2015-12-20 10:41 - 2015-12-20 10:41 - 13171424 _____ (Microsoft Corporation) C:\Users\installation\Downloads\Silverlight_x64(2).exe
2015-12-20 01:24 - 2015-12-20 01:24 - 00000000 ____D C:\Users\installation\Downloads\New folder
2015-12-20 01:21 - 2015-12-28 15:45 - 00000000 ____D C:\Users\installation\AppData\Roaming\qBittorrent
2015-12-20 01:21 - 2015-12-20 01:21 - 00000000 ____D C:\Users\installation\AppData\Local\qBittorrent
2015-12-20 01:21 - 2015-12-20 01:21 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\qBittorrent
2015-12-20 01:21 - 2015-12-20 01:21 - 00000000 ____D C:\Program Files (x86)\qBittorrent
2015-12-20 01:02 - 2015-12-20 01:02 - 00231620 _____ C:\Users\installation\Documents\eset settings.xml
2015-12-19 23:22 - 2015-12-19 23:22 - 00002027 _____ C:\Users\Public\Desktop\ESET Banking & Payment protection.lnk
2015-12-19 23:22 - 2015-12-19 23:22 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ESET
2015-12-19 23:22 - 2015-12-19 23:22 - 00000000 ____D C:\ProgramData\ESET
2015-12-19 23:22 - 2015-12-19 23:22 - 00000000 ____D C:\Program Files\ESET
2015-12-19 22:58 - 2015-12-19 22:58 - 00466428 _____ C:\Users\installation\Documents\cc_20151219_225808.reg
2015-12-19 22:32 - 2015-12-19 22:32 - 06801752 _____ (Piriform Ltd) C:\Users\installation\Downloads\ccsetup512.exe
2015-12-19 22:32 - 2015-12-19 22:32 - 00000822 _____ C:\Users\Public\Desktop\CCleaner.lnk
2015-12-19 22:32 - 2015-12-19 22:32 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
2015-12-19 22:32 - 2015-12-19 22:32 - 00000000 ____D C:\Program Files\CCleaner
2015-12-19 22:23 - 2015-12-19 22:23 - 01740288 _____ C:\Users\installation\Downloads\adwcleaner_5.025.exe
2015-12-19 22:08 - 2015-12-19 22:08 - 00000000 ____D C:\Users\installation\AppData\Roaming\URSoft
2015-12-19 15:44 - 2015-12-19 15:44 - 00249416 _____ C:\Users\installation\Downloads\Firefox Setup Stub 43.0.1.exe
2015-12-19 15:06 - 2015-12-19 15:06 - 00001927 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Avant Browser.lnk
2015-12-19 15:06 - 2015-12-19 15:06 - 00001921 _____ C:\Users\Public\Desktop\Avant Browser.lnk
2015-12-19 15:06 - 2015-12-19 15:06 - 00000000 ____D C:\Users\installation\AppData\Roaming\Avant Profiles
2015-12-19 15:06 - 2015-12-19 15:06 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avant Browser
2015-12-19 15:05 - 2015-12-19 15:06 - 00000000 ____D C:\Program Files (x86)\Avant Browser
2015-12-10 18:12 - 2015-12-10 18:12 - 07464106 _____ C:\Users\installation\Documents\AP17506_CommGas_PowerVent_75gal_N3.pdf
2015-12-10 16:08 - 2015-12-10 16:08 - 00000000 ____D C:\Users\installation\AppData\Local\CEF
2015-12-05 21:16 - 2015-12-05 21:16 - 00001381 _____ C:\Users\Public\Desktop\GeForce Experience.lnk
2015-12-05 21:01 - 2015-07-23 20:21 - 01756608 _____ (NVIDIA Corporation) C:\Windows\system32\nvspbridge64.dll
2015-12-05 21:01 - 2015-07-23 20:21 - 01316000 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvspbridge.dll
2015-12-05 20:55 - 2015-07-24 15:28 - 00204648 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvhda64v.sys
2015-12-05 20:55 - 2015-07-24 15:28 - 00040280 _____ (NVIDIA Corporation) C:\Windows\system32\nvhdap64.dll
2015-12-05 20:55 - 2015-07-22 20:06 - 42730128 _____ C:\Windows\system32\nvcompiler.dll
2015-12-05 20:55 - 2015-07-22 20:06 - 37748880 _____ C:\Windows\SysWOW64\nvcompiler.dll
2015-12-05 20:55 - 2015-07-22 20:06 - 30487880 _____ (NVIDIA Corporation) C:\Windows\system32\nvoglv64.dll
2015-12-05 20:55 - 2015-07-22 20:06 - 22950544 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvoglv32.dll
2015-12-05 20:55 - 2015-07-22 20:06 - 17615408 _____ (NVIDIA Corporation) C:\Windows\system32\nvwgf2umx.dll
2015-12-05 20:55 - 2015-07-22 20:06 - 16151688 _____ (NVIDIA Corporation) C:\Windows\system32\nvopencl.dll
2015-12-05 20:55 - 2015-07-22 20:06 - 15892200 _____ (NVIDIA Corporation) C:\Windows\system32\nvd3dumx.dll
2015-12-05 20:55 - 2015-07-22 20:06 - 15129192 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvwgf2um.dll
2015-12-05 20:55 - 2015-07-22 20:06 - 14503880 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuda.dll
2015-12-05 20:55 - 2015-07-22 20:06 - 13268712 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvopencl.dll
2015-12-05 20:55 - 2015-07-22 20:06 - 11836680 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuda.dll
2015-12-05 20:55 - 2015-07-22 20:06 - 11055248 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvlddmkm.sys
2015-12-05 20:55 - 2015-07-22 20:06 - 03407144 _____ (NVIDIA Corporation) C:\Windows\system32\nvapi64.dll
2015-12-05 20:55 - 2015-07-22 20:06 - 02933576 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuvid.dll
2015-12-05 20:55 - 2015-07-22 20:06 - 02600592 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuvid.dll
2015-12-05 20:55 - 2015-07-22 20:06 - 01898128 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispco6435362.dll
2015-12-05 20:55 - 2015-07-22 20:06 - 01557648 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispgenco6435362.dll
2015-12-05 20:55 - 2015-07-22 20:06 - 01101856 _____ (NVIDIA Corporation) C:\Windows\system32\nvumdshimx.dll
2015-12-05 20:55 - 2015-07-22 20:06 - 01061008 _____ (NVIDIA Corporation) C:\Windows\system32\NvIFR64.dll
2015-12-05 20:55 - 2015-07-22 20:06 - 01053000 _____ (NVIDIA Corporation) C:\Windows\system32\NvFBC64.dll
2015-12-05 20:55 - 2015-07-22 20:06 - 00983368 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvIFR.dll
2015-12-05 20:55 - 2015-07-22 20:06 - 00976528 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvFBC.dll
2015-12-05 20:55 - 2015-07-22 20:06 - 00940104 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvumdshim.dll
2015-12-05 20:55 - 2015-07-22 20:06 - 00176904 _____ (NVIDIA Corporation) C:\Windows\system32\nvinitx.dll
2015-12-05 20:55 - 2015-07-22 20:06 - 00155280 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvinit.dll
2015-12-05 20:55 - 2015-07-22 20:06 - 00150832 _____ (NVIDIA Corporation) C:\Windows\system32\nvoglshim64.dll
2015-12-05 20:55 - 2015-07-22 20:06 - 00128512 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvoglshim32.dll
2015-12-05 20:55 - 2015-07-02 20:28 - 00069992 _____ (NVIDIA Corporation) C:\Windows\system32\nvaudcap64v.dll
2015-12-05 20:55 - 2015-07-02 20:28 - 00065896 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvaudcap32v.dll
2015-12-05 20:55 - 2015-07-02 20:28 - 00047976 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvvad64v.sys
2015-12-05 20:52 - 2015-12-28 15:27 - 00000000 ____D C:\Users\installation\Downloads\qbittorrent dl
2015-12-05 20:32 - 2015-12-05 20:41 - 457499339 _____ C:\Users\installation\Downloads\NVDriver_Vista_Win7_Win8_Win8_1_64_VER353_62.zip
2015-12-05 20:27 - 2015-07-20 06:16 - 05121613 _____ C:\Windows\system32\nvcoproc.bin
2015-12-04 18:48 - 2015-12-04 18:49 - 00000000 ____D C:\Program Files (x86)\GUMAE29.tmp

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-01-03 18:32 - 2015-11-03 20:34 - 00000000 ____D C:\FRST
2016-01-03 18:16 - 2015-11-29 20:26 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2016-01-03 18:14 - 2009-07-13 20:45 - 00020704 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2016-01-03 18:14 - 2009-07-13 20:45 - 00020704 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2016-01-03 18:12 - 2014-11-05 19:54 - 00000000 ____D C:\Windows\CryptoGuard
2016-01-03 18:12 - 2009-07-13 19:20 - 00000000 ____D C:\Windows
2016-01-03 18:06 - 2009-07-13 21:13 - 00827296 _____ C:\Windows\system32\PerfStringBackup.INI
2016-01-03 18:06 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\inf
2016-01-03 18:00 - 2013-06-13 06:42 - 00000404 _____ C:\Windows\Tasks\RNUpgradeHelperLogonPrompt_installation.job
2016-01-03 17:59 - 2009-07-13 21:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2016-01-03 17:53 - 2014-12-25 17:19 - 00000936 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2085024141-2439579769-4020783274-1004UA.job
2016-01-03 17:51 - 2012-07-01 21:58 - 00000000 ____D C:\Users\installation\AppData\Roaming\WindSolutions
2016-01-03 12:26 - 2014-09-27 09:09 - 00003426 _____ C:\Windows\System32\Tasks\Apple Diagnostics
2016-01-03 07:44 - 2013-06-13 06:42 - 00000394 _____ C:\Windows\Tasks\ReclaimerUpdateXML_installation.job
2016-01-03 06:30 - 2014-12-25 17:19 - 00000884 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2085024141-2439579769-4020783274-1004Core.job
2016-01-03 03:47 - 2013-06-13 06:42 - 00000398 _____ C:\Windows\Tasks\ReclaimerUpdateFiles_installation.job
2016-01-02 21:07 - 2015-11-08 20:08 - 00000000 ____D C:\Users\installation\AppData\Roaming\HpUpdate
2016-01-02 18:53 - 2015-02-05 06:25 - 00000884 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2085024141-2439579769-4020783274-1004Core1d0414f97774c92.job
2016-01-02 17:14 - 2015-09-08 15:39 - 00000000 ____D C:\Users\installation\AppData\Local\TVersity
2016-01-02 14:07 - 2015-09-08 15:39 - 01024086 _____ C:\Windows\SysWOW64\TVersityMediaServer.log.1
2016-01-02 13:09 - 2015-09-08 15:39 - 01024036 _____ C:\Windows\SysWOW64\TVersityMediaServer.log.2
2016-01-01 19:58 - 2015-11-16 20:23 - 00000000 ____D C:\Users\installation\AppData\Roaming\Azureus
2015-12-31 18:28 - 2012-08-14 04:48 - 00075740 _____ C:\Users\installation\Documents\bills.txt
2015-12-31 13:22 - 2009-07-13 21:08 - 00032628 _____ C:\Windows\Tasks\SCHEDLGU.TXT
2015-12-31 13:17 - 2013-03-14 05:34 - 00000400 __RSH C:\ProgramData\ntuser.pol
2015-12-30 16:28 - 2009-07-13 19:20 - 00000000 ___HD C:\Windows\system32\GroupPolicy
2015-12-30 16:28 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\SysWOW64\GroupPolicy
2015-12-30 15:51 - 2013-04-24 13:04 - 00000008 __RSH C:\Users\Test for Antivirus\ntuser.pol
2015-12-30 15:51 - 2012-08-04 05:18 - 00000000 ____D C:\Users\Test for Antivirus
2015-12-30 15:31 - 2015-11-03 20:01 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2015-12-30 15:31 - 2012-06-07 04:48 - 00000000 ____D C:\Program Files (x86)\Java
2015-12-30 15:21 - 2014-11-08 00:18 - 00000000 ____D C:\AdwCleaner
2015-12-30 15:16 - 2013-03-16 11:37 - 00000008 __RSH C:\Users\installation\ntuser.pol
2015-12-30 15:16 - 2012-04-21 07:41 - 00000000 ____D C:\Users\installation
2015-12-29 21:50 - 2015-11-03 20:34 - 00044857 _____ C:\Users\installation\Downloads\FRST.txt
2015-12-27 20:45 - 2009-07-13 20:57 - 00001547 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Media Player.lnk
2015-12-27 20:41 - 2012-04-19 18:02 - 00152848 _____ C:\Users\Administrator\AppData\Local\GDIPFONTCACHEV1.DAT
2015-12-27 20:34 - 2012-08-04 07:55 - 00000000 ____D C:\Users\Test for Antivirus\AppData\Roaming\Avant Profiles
2015-12-25 19:17 - 2015-07-31 12:19 - 00000000 ____D C:\Users\Joel
2015-12-25 19:17 - 2014-05-01 17:36 - 00000000 ____D C:\Users\Mama's Mix profile
2015-12-25 19:17 - 2013-07-30 08:46 - 00000000 ____D C:\Users\Guest
2015-12-25 19:17 - 2012-08-23 20:53 - 00000000 ____D C:\Users\User1
2015-12-25 19:17 - 2012-04-22 05:55 - 00000000 ____D C:\Users\Carrie
2015-12-25 19:17 - 2012-04-21 06:44 - 00000000 ____D C:\Users\Larry
2015-12-25 19:17 - 2012-04-19 18:02 - 00000000 ____D C:\Users\Administrator
2015-12-25 19:17 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\system32\spool
2015-12-25 19:16 - 2015-09-19 09:50 - 00000000 ____D C:\Users\installation\Downloads\produkey-x64
2015-12-25 19:16 - 2014-12-22 19:29 - 00000000 ____D C:\Users\installation\AppData\Local\NETGEARGenie
2015-12-25 19:16 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\registration
2015-12-25 19:14 - 2013-08-09 20:11 - 00000000 ____D C:\ProgramData\Real
2015-12-25 14:03 - 2014-06-16 04:23 - 00000000 ____D C:\Users\joels paint
2015-12-25 13:47 - 2009-11-16 14:07 - 00524288 _____ C:\Windows\system32\config\DEFAULT.bak
2015-12-25 13:47 - 2009-11-16 14:06 - 26214400 _____ C:\Windows\system32\config\SYSTEM.bak
2015-12-25 13:47 - 2009-11-16 14:05 - 95158272 _____ C:\Windows\system32\config\SOFTWARE.bak
2015-12-25 13:47 - 2009-07-13 18:34 - 00524288 _____ C:\Windows\system32\config\SAM.bak
2015-12-25 13:47 - 2009-07-13 18:34 - 00262144 _____ C:\Windows\system32\config\SECURITY.bak
2015-12-25 12:50 - 2012-06-12 18:09 - 00000000 ____D C:\SavedGames
2015-12-21 19:55 - 2015-11-15 17:01 - 00000000 ____D C:\Users\installation\Documents\Outlook Files
2015-12-20 16:52 - 2015-03-05 18:56 - 00000000 ____D C:\Users\installation\AppData\Roaming\Media Player Classic
2015-12-20 15:09 - 2013-05-31 20:55 - 00000000 ____D C:\Program Files\Microsoft Silverlight
2015-12-20 15:09 - 2013-05-31 20:55 - 00000000 ____D C:\Program Files (x86)\Microsoft Silverlight
2015-12-20 10:42 - 2014-03-14 20:06 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
2015-12-19 22:44 - 2013-03-18 06:41 - 00000000 ____D C:\ProgramData\VSO
2015-12-19 22:44 - 2013-03-16 11:38 - 00000000 ____D C:\Program Files (x86)\PDFCreator
2015-12-19 22:44 - 2012-08-25 17:03 - 00000000 ____D C:\Users\installation\Tracing
2015-12-19 22:44 - 2012-04-21 10:55 - 00000000 ____D C:\Users\installation\AppData\Roaming\Vso
2015-12-19 22:42 - 2012-04-19 18:53 - 00000000 ____D C:\Windows\Panther
2015-12-19 15:31 - 2012-04-19 18:12 - 00000000 ____D C:\Program Files (x86)\Microsoft Office
2015-12-19 14:15 - 2009-07-13 19:20 - 00000000 ____D C:\Users\Joel\Default
2015-12-19 14:13 - 2013-10-28 17:37 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NVIDIA Corporation
2015-12-19 14:13 - 2013-01-12 20:49 - 00000000 ____D C:\ProgramData\NVIDIA
2015-12-19 14:13 - 2013-01-12 20:48 - 00000000 ____D C:\Program Files (x86)\NVIDIA Corporation
2015-12-19 14:13 - 2013-01-12 20:46 - 00000000 ____D C:\Program Files\NVIDIA Corporation
2015-12-19 14:13 - 2012-11-05 06:34 - 00000000 ____D C:\Users\installation\AppData\Roaming\IrfanView
2015-12-19 14:13 - 2012-08-06 05:05 - 00000000 ____D C:\Users\Test for Antivirus\AppData\Roaming\Azureus
2015-12-19 14:13 - 2012-06-09 12:15 - 00000000 ____D C:\Users\installation\AppData\Roaming\vlc
2015-12-19 14:13 - 2012-04-21 11:47 - 00000000 ____D C:\Windows\system32\Macromed
2015-12-19 14:13 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\Help
2015-12-19 14:08 - 2015-07-21 20:47 - 00000000 ____D C:\ProgramData\Package Cache
2015-12-19 14:08 - 2013-01-12 20:48 - 00000000 ____D C:\ProgramData\NVIDIA Corporation
2015-12-16 17:22 - 2015-10-23 19:45 - 00000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2015-12-07 22:46 - 2012-06-17 07:20 - 00000000 ____D C:\Users\installation\Documents\ConvertXToDVD
2015-12-06 10:38 - 2012-06-16 17:20 - 00000000 ____D C:\Users\installation\AppData\Local\ElevatedDiagnostics
2015-12-05 21:17 - 2013-11-12 21:06 - 00000000 ____D C:\Users\installation\AppData\Local\NVIDIA Corporation
2015-12-04 18:48 - 2015-02-05 06:25 - 00003528 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-2085024141-2439579769-4020783274-1004Core1d0414f97774c92
2015-12-04 18:48 - 2014-12-25 17:19 - 00003924 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-2085024141-2439579769-4020783274-1004UA

==================== Files in the root of some directories =======

2012-04-21 10:55 - 2013-11-15 18:36 - 0099384 _____ () C:\Users\installation\AppData\Roaming\inst.exe
2012-04-21 10:55 - 2013-11-15 18:36 - 0007859 _____ () C:\Users\installation\AppData\Roaming\pcouffin.cat
2012-04-21 10:55 - 2013-11-15 18:36 - 0001167 _____ () C:\Users\installation\AppData\Roaming\pcouffin.inf
2012-04-21 10:56 - 2013-11-15 18:36 - 0000055 _____ () C:\Users\installation\AppData\Roaming\pcouffin.log
2012-04-21 10:55 - 2013-11-15 18:36 - 0082816 _____ (VSO Software) C:\Users\installation\AppData\Roaming\pcouffin.sys
2012-04-21 10:58 - 2013-09-19 04:12 - 0001057 _____ () C:\Users\installation\AppData\Roaming\vso_ts_preview.xml
2013-04-22 07:48 - 2015-06-21 14:57 - 0070144 _____ () C:\Users\installation\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2015-11-08 20:07 - 2015-11-08 20:07 - 0000057 _____ () C:\ProgramData\Ament.ini

Some files in TEMP:
====================
C:\Users\installation\AppData\Local\Temp\dllnt_dump.dll
C:\Users\installation\AppData\Local\Temp\Uninstall.exe


==================== Bamital & volsnap =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2015-12-30 00:54

==================== End of FRST.txt ============================

 

Additional scan result of Farbar Recovery Scan Tool (x64) Version:29-12-2015
Ran by installation (2016-01-03 18:33:26)
Running from C:\Users\installation\Desktop
Windows 7 Ultimate Service Pack 1 (X64) (2012-04-20 02:01:27)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-2085024141-2439579769-4020783274-500 - Administrator - Enabled) => C:\Users\Administrator
Carrie (S-1-5-21-2085024141-2439579769-4020783274-1003 - Limited - Enabled) => C:\Users\Carrie
Guest (S-1-5-21-2085024141-2439579769-4020783274-501 - Limited - Disabled) => C:\Users\Guest
HomeGroupUser$ (S-1-5-21-2085024141-2439579769-4020783274-1001 - Limited - Enabled)
installation (S-1-5-21-2085024141-2439579769-4020783274-1004 - Administrator - Enabled) => C:\Users\installation
Joel (S-1-5-21-2085024141-2439579769-4020783274-1011 - Limited - Enabled) => C:\Users\Joel
Larry (S-1-5-21-2085024141-2439579769-4020783274-1002 - Limited - Enabled) => C:\Users\Larry
Mama's Mix profile (S-1-5-21-2085024141-2439579769-4020783274-1010 - Administrator - Enabled) => C:\Users\Mama's Mix profile
New User (S-1-5-21-2085024141-2439579769-4020783274-1012 - Administrator - Enabled)
Test for Antivirus (S-1-5-21-2085024141-2439579769-4020783274-1005 - Administrator - Enabled) => C:\Users\Test for Antivirus
User1 (S-1-5-21-2085024141-2439579769-4020783274-1006 - Limited - Enabled) => C:\Users\User1

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: ESET Smart Security 9.0.349.0 (Enabled - Up to date) {19259FAE-8396-A113-46DB-15B0E7DFA289}
AS: Windows Defender (Enabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: ESET Smart Security 9.0.349.0 (Enabled - Up to date) {A2447E4A-A5AC-AE9D-7C6B-2EC29C58E834}
FW: ESET Personal firewall (Enabled) {211E1E8B-C9F9-A04B-6D84-BC85190CE5F2}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

7-Zip 9.20 (x64 edition) (HKLM\...\{23170F69-40C1-2702-0920-000001000000}) (Version: 9.20.00.0 - Igor Pavlov)
Adobe Acrobat Reader DC (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}) (Version: 15.009.20079 - Adobe Systems Incorporated)
Adobe Flash Player 19 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 19.0.0.245 - Adobe Systems Incorporated)
Adobe Photoshop CS4 (HKLM-x32\...\Adobe Photoshop CS4) (Version: 11.0.1 - DLC)
Adobe Shockwave Player 12.1 (HKLM-x32\...\Adobe Shockwave Player) (Version: 12.1.5.155 - Adobe Systems, Inc.)
Advanced Uninstaller PRO - Version 11 (HKLM-x32\...\AU11_is1) (Version: 11.69.0.333 - Innovative Solutions)
Album Art Downloader XUI 1.00 (HKLM-x32\...\Album Art Downloader XUI) (Version: 1.00 - hxxp://sourceforge.net/projects/album-art)
Android USB Driver (HKLM-x32\...\Android USB Driver_is1) (Version:  - )
Angry Birds Star Wars II (HKLM-x32\...\{15231C14-90E3-4BBE-A11E-88C289FD0B6B}) (Version: 1.2.1 - Rovio Entertainment Ltd.)
Apple Application Support (HKLM-x32\...\{78002155-F025-4070-85B3-7C0453561701}) (Version: 3.0.6 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{B678797F-DF38-4556-8A31-8B818E261868}) (Version: 8.0.0.23 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
ArcSoft Print Creations - Album Page (HKLM-x32\...\{E6B4117F-AC59-4B13-9274-EB136E8897EE}) (Version:  - ArcSoft)
ArcSoft Print Creations - Funhouse (HKLM-x32\...\{9591C049-5CAE-4E89-A8D9-191F1899628B}) (Version:  - ArcSoft)
ArcSoft Print Creations - Greeting Card (HKLM-x32\...\{F04F9557-81A9-4293-BC49-2C216FA325A7}) (Version:  - ArcSoft)
ArcSoft Print Creations - Photo Book (HKLM-x32\...\{56589DFE-0C29-4DFE-8E42-887B771ECD23}) (Version:  - ArcSoft)
ArcSoft Print Creations - Photo Calendar (HKLM-x32\...\{CA9ED5E4-1548-485B-A293-417840060158}) (Version:  - ArcSoft)
ArcSoft Print Creations - Scrapbook (HKLM-x32\...\{B0D83FCD-9D42-43ED-8315-250326AADA02}) (Version:  - ArcSoft)
ArcSoft Print Creations - Slimline Card (HKLM-x32\...\{007B37D9-0C45-4202-834B-DD5FAAE99D63}) (Version:  - ArcSoft)
ArcSoft Print Creations (HKLM-x32\...\{CAE8A0F1-B498-4C23-95FA-55047E730C8F}) (Version: 2.8.255.384 - ArcSoft)
ATI Catalyst Install Manager (HKLM\...\{5EA942DE-482B-F143-7EC7-058EAC790D4D}) (Version: 3.0.643.0 - ATI Technologies, Inc.)
Audacity 2.0.6 (HKLM-x32\...\Audacity_is1) (Version: 2.0.6 - Audacity Team)
Avant Browser (remove only) (HKLM-x32\...\AvantBrowser) (Version: 12.5.0.0 - Avant Force)
AviSynth 2.5 (HKLM-x32\...\AviSynth) (Version:  - )
Belarc Advisor 8.5a (HKLM-x32\...\Belarc Advisor) (Version: 8.5.1.0 - Belarc Inc.)
BitTorrent Sync (HKLM-x32\...\BitTorrent Sync) (Version: 1.2.82 - )
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
calibre (HKLM-x32\...\{D9D5A07A-F299-4741-BFE6-302324CC0BD7}) (Version: 0.9.7 - Kovid Goyal)
CBR Reader (HKLM-x32\...\{EDAAC216-AC73-4152-9654-E12FE5A69F5D}_is1) (Version:  - cbrreader.com)
ccc-core-static (x32 Version: 2007.1010.1337.22397 - ATI) Hidden
CCleaner (HKLM\...\CCleaner) (Version: 5.12 - Piriform)
CDBurnerXP (HKLM-x32\...\{7E265513-8CDA-4631-B696-F40D983F3B07}_is1) (Version: 4.5.1.4003 - CDBurnerXP)
ChromecastApp (HKU\S-1-5-21-2085024141-2439579769-4020783274-1004\...\{079ede36-133d-44b0-8053-c7c1fa8d2e0d}_is1) (Version: 1.5.1693.0 - Google Inc.)
ClamWin Free Antivirus 0.98.7 (HKLM-x32\...\ClamWin Free Antivirus_is1) (Version:  - alch)
ConvertHelper 2.2 (HKLM-x32\...\{27CC6AB1-E72B-4179-AF1A-EAE507EBAF51}_is1) (Version:  - DownloadHelper)
Defraggler (HKLM\...\Defraggler) (Version: 2.18 - Piriform)
Disney Infinity 2.0 (HKLM-x32\...\{AD3C5D08-A89D-4E05-A0D2-CD24C6F689EE}) (Version: 1.101.1728 - Disney Interactive)
DVD Decrypter (Remove Only) (HKLM-x32\...\DVD Decrypter) (Version:  - )
EPSON Scan (HKLM-x32\...\EPSON Scanner) (Version:  - )
ESET Smart Security (HKLM\...\{C7967963-BE1C-4ABA-839F-3CB206E50697}) (Version: 9.0.349.0 - ESET, spol. s r.o.)
Free Video Volume Booster v1.8 (HKLM-x32\...\Free Video Volume Booster_is1) (Version: 1.8.0.0 - DVDAVITools)
Freemake Audio Converter version 1.1.0 (HKLM-x32\...\Freemake Audio Converter_is1) (Version: 1.1.0 - Ellora Assets Corporation)
Freemake Video Converter version 4.1.9 (HKLM-x32\...\Freemake Video Converter_is1) (Version: 4.1.9 - Ellora Assets Corporation)
Freemake Video Downloader (HKLM-x32\...\Freemake Video Downloader_is1) (Version: 3.5.0 - Ellora Assets Corporation)
FUJIFILM USB Driver (HKLM-x32\...\{5490882C-6961-11D5-BAE5-00E0188E010B}) (Version:  - )
Google Chrome (HKU\S-1-5-21-2085024141-2439579769-4020783274-1004\...\Google Chrome) (Version: 47.0.2526.106 - Google Inc.)
GrabIt 1.7.2 Beta 6 (build 1008) (HKLM-x32\...\GrabIt_is1) (Version:  - Ilan Shemes)
Hallmark Card Studio 2012 Deluxe (HKLM-x32\...\{8777089A-4CF4-44BA-910B-9A4580669DED}) (Version: 13.0.0.17 - Creative Home)
HitmanPro.Alert (HKLM\...\HitmanPro.Alert) (Version: 2.6.5.77 - SurfRight B.V.)
HP Deskjet 2540 series Basic Device Software (HKLM\...\{6A79CD11-0C1C-4E24-A8C6-46A02F680346}) (Version: 32.2.188.47710 - Hewlett-Packard Co.)
HP Photo Creations (HKLM-x32\...\HP Photo Creations) (Version: 1.0.0.7702 - HP)
HP Update (HKLM-x32\...\{912D30CF-F39E-4B31-AD9A-123C6B794EE2}) (Version: 5.005.002.002 - Hewlett-Packard)
iCloud (HKLM\...\{6096C0CC-7E19-4355-87F0-627EC5AA146D}) (Version: 4.0.3.56 - Apple Inc.)
Intel® Graphics Media Accelerator Driver (HKLM\...\HDMI) (Version: 8.15.10.1930 - Intel Corporation)
IrfanView (remove only) (HKLM-x32\...\IrfanView) (Version: 4.32 - Irfan Skiljan)
iTunes (HKLM\...\{F46AA0F1-E284-4878-A462-5F11B9166C0E}) (Version: 11.4.0.18 - Apple Inc.)
Java 8 Update 66 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218066F0}) (Version: 8.0.660.18 - Oracle Corporation)
K-Lite Mega Codec Pack 9.9.5 (HKLM-x32\...\KLiteCodecPack_is1) (Version: 9.9.5 - )
Lagarith Lossless Codec (1.3.27) (HKLM-x32\...\{F59AC46C-10C3-4023-882C-4212A92283B3}_is1) (Version:  - )
LAME v3.99.3 (for Windows) (HKLM-x32\...\LAME_is1) (Version:  - )
LeapFrog Connect (HKLM-x32\...\UPCShell) (Version: 4.2.14.16426 - LeapFrog)
LeapFrog Connect (x32 Version: 4.2.14.16426 - LeapFrog) Hidden
LeapFrog Tag Plugin (x32 Version: 4.2.9.15649 - LeapFrog) Hidden
LEGO MARVEL Super Heroes (HKLM-x32\...\LEGO MARVEL Super Heroes_is1) (Version:  - Warner Bros. Games)
LEGO® Batman™ (HKLM-x32\...\InstallShield_{398AB469-77FC-4935-820B-D419388C0A6A}) (Version: 1.00.0000 - Warner Bros. Interactive Entertainment)
LEGO® Batman™ (x32 Version: 1.00.0000 - Warner Bros. Interactive Entertainment) Hidden
LEGO® Batman™ 2: DC Super Heroes (HKLM-x32\...\{4E2EA555-3DAE-4BE1-96BF-6A632ACFE8DE}) (Version: 1.0.0.0 - Warner Bros. Interactive Entertainment)
LEGO® Indiana Jones™ (HKLM-x32\...\InstallShield_{A14C40E7-F7E5-498D-B8BD-A3EAE942EED0}) (Version: 1.00.0000 - LucasArts)
LEGO® Indiana Jones™ (x32 Version: 1.00.0000 - LucasArts) Hidden
LEGO® Indiana Jones™ 2 (x32 Version: 1.00.0000 - LucasArts) Hidden
LEGO® Indiana Jones™ 2: The Adventure Continues (HKLM-x32\...\InstallShield_{11192AA7-FBE3-4150-9667-EE7279CCC769}) (Version: 1.00.0000 - LucasArts)
LEGO® MARVEL Super Heroes DEMO (HKLM-x32\...\{B61BC343-F4F2-40F8-8F85-E6AF3828CBA5}) (Version: 1.0.0.0 - Warner Bros. Interactive Entertainment)
LEGO® Pirates of the Caribbean The Video Game (HKLM-x32\...\{64958DA4-79D3-43FD-AF06-720DAD044F9E}) (Version: 1.0.0.0 - Disney Interactive Studios)
LEGO® Star Wars™: The Complete Saga (HKLM-x32\...\InstallShield_{D596980D-17BE-4425-B8F0-5640719AADE9}) (Version: 1.00.0000 - LucasArts)
LEGO® Star Wars™: The Complete Saga (x32 Version: 1.00.0000 - LucasArts) Hidden
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft Mouse and Keyboard Center (HKLM\...\Microsoft Mouse and Keyboard Center) (Version: 2.2.173.0 - Microsoft Corporation)
Microsoft Office File Validation Add-In (HKLM-x32\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
Microsoft Office Outlook Connector (HKLM-x32\...\{95140000-007A-0409-0000-0000000FF1CE}) (Version: 14.0.5118.5000 - Microsoft Corporation)
Microsoft Office Professional Plus 2016 - en-us (HKLM\...\ProPlusRetail - en-us) (Version: 16.0.6366.2036 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-2085024141-2439579769-4020783274-1004\...\OneDriveSetup.exe) (Version: 17.3.5951.0827 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.41105.0 - Microsoft Corporation)
Microsoft SQL Server Compact 3.5 SP2 ENU (HKLM-x32\...\{3A9FC03D-C685-4831-94CF-4EDFD3749497}) (Version: 3.5.8080.0 - Microsoft Corporation)
Microsoft SQL Server Compact 3.5 SP2 x64 ENU (HKLM\...\{D4AD39AD-091E-4D33-BB2B-59F6FCB8ADC3}) (Version: 3.5.8080.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6E8E85E8-CE4B-4FF5-91F7-04999C9FAE6A}) (Version: 8.0.50727.42 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005 (HKLM-x32\...\{ce085a78-074e-4823-8dc1-8a721b94b76d}) (Version: 12.0.21005.1 - Microsoft Corporation)
Microsoft Xbox 360 Accessories 1.2 (HKLM\...\{D9C50188-12D5-4D3E-8F00-682346C2AA5F}) (Version: 1.20.146.0 - Microsoft)
MKVToolNix 7.5.0 (64bit) (HKLM-x32\...\MKVToolNix) (Version: 7.5.0 - Moritz Bunkus)
Mozilla Firefox 43.0.3 (x64 en-US) (HKLM\...\Mozilla Firefox 43.0.3 (x64 en-US)) (Version: 43.0.3 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 43.0.3 - Mozilla)
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (HKLM-x32\...\{196467F1-C11F-4F76-858B-5812ADC83B94}) (Version: 4.30.2100.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (KB2758694) (HKLM-x32\...\{1D95BA90-F4F8-47EC-A882-441C99D30C1E}) (Version: 4.30.2117.0 - Microsoft Corporation)
Nero 2014 (HKLM-x32\...\{F384C1E1-3A16-4073-95C3-7271FE0ED4C2}) (Version: 15.0.02200 - Nero AG)
NETGEAR Genie (HKLM-x32\...\NETGEAR Genie) (Version: 2.4.12.00 - NETGEAR Inc.)
NirSoft Network Password Recovery (HKLM-x32\...\NirSoft Network Password Recovery) (Version:  - )
NVIDIA 3D Vision Controller Driver 352.65 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB) (Version: 352.65 - NVIDIA Corporation)
NVIDIA GeForce Experience 2.5.12.11 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 2.5.12.11 - NVIDIA Corporation)
NVIDIA Graphics Driver 353.62 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 353.62 - NVIDIA Corporation)
NVIDIA HD Audio Driver 1.3.34.3 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.34.3 - NVIDIA Corporation)
NVIDIA PhysX System Software 9.15.0428 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.15.0428 - NVIDIA Corporation)
Office 16 Click-to-Run Extensibility Component (x32 Version: 16.0.6326.1010 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Licensing Component (Version: 16.0.6326.1010 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Localization Component (x32 Version: 16.0.6326.1010 - Microsoft Corporation) Hidden
OpenSource Flash Video Splitter 1.0.0.5 (HKLM-x32\...\OpenSource Flash Video Splitter) (Version: 1.0.0.5 - )
Osmo4/GPAC (remove only) (HKLM-x32\...\Osmo4) (Version:  - )
PDFCreator (HKLM-x32\...\{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}) (Version: 1.2.0 - Frank Heindörfer, Philip Chinery)
PeerBlock 1.2 (r693) (HKLM\...\{015C5B35-B678-451C-9AEE-821E8D69621C}_is1) (Version: 1.2.0.693 - PeerBlock, LLC)
PhotoDVD 4.0.0.37 (HKLM-x32\...\VSO PhotoDVD_is1) (Version: 4.0.0.37 - VSO Software SARL)
PowerISO (HKLM-x32\...\PowerISO) (Version: 4.6 - PowerISO Computing, Inc.)
Prerequisite installer (x32 Version: 15.0.0005 - Nero AG) Hidden
Private Internet Access Support Files (HKLM-x32\...\{7D72DAFF-DCB2-437B-BC22-4B2ABF21462B}) (Version: 1.0.0.0 - Private Internet Access)
qBittorrent 3.3.1 (HKLM-x32\...\qBittorrent) (Version: 3.3.1 - The qBittorrent project)
QuickPar 0.9 (HKLM-x32\...\QuickPar) (Version: 0.9 - Peter B. Clements)
QuickTime (HKLM-x32\...\{B67BAFBA-4C9F-48FA-9496-933E3B255044}) (Version: 7.74.80.86 - Apple Inc.)
RealDownloader (x32 Version: 1.3.1 - RealNetworks, Inc.) Hidden
RealNetworks - Microsoft Visual C++ 2008 Runtime (x32 Version: 9.0 - RealNetworks, Inc) Hidden
RealNetworks - Microsoft Visual C++ 2010 Runtime (x32 Version: 10.0 - RealNetworks, Inc) Hidden
RealUpgrade 1.1 (x32 Version: 1.1.0 - RealNetworks, Inc.) Hidden
Seagate Dashboard (HKLM-x32\...\{C3A11907-930D-41AC-A135-CC3B12F92011}) (Version: 1.1.0.1421 - Memeo Inc.)
SeaTools for Windows (HKLM-x32\...\{98613C99-1399-416C-A07C-1EE1C585D872}) (Version: 1.2.0.6 - Seagate Technology)
SeaTools for Windows 1.4.0.2 (HKLM-x32\...\SeaTools for Windows) (Version: 1.4.0.2 - Seagate Technology)
SHIELD Streaming (Version: 4.1.3000 - NVIDIA Corporation) Hidden
SHIELD Wireless Controller Driver (Version: 2.5.12.11 - NVIDIA Corporation) Hidden
Skins (x32 Version: 2007.1010.1337.22397 - ATI) Hidden
Speccy (HKLM\...\Speccy) (Version: 1.24 - Piriform)
Spider-Man™ - Web of Shadows (HKLM-x32\...\InstallShield_{7F7E4FA7-6F32-4DE2-917E-361E034AED7A}) (Version: 1.0 - Activision)
Spider-Man™ - Web of Shadows (x32 Version: 1.0 - Activision) Hidden
swMSM (x32 Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
Syncios version 4.1.1 (HKLM-x32\...\{068A5D84-8419-4BDE-9689-FE65F412EFBB}_is1) (Version: 4.1.1 - Anvsoft, Inc.)
Teenage Mutant Ninja Turtles: Out of the Shadows (HKLM-x32\...\Teenage Mutant Ninja Turtles: Out of the Shadows_is1) (Version: 1.0 - Activision)
TouchCopy 11 (HKLM-x32\...\{B7604945-ED3D-4AE5-AA69-7D5CFF333FE1}) (Version: 11.03 - Wide Angle Software)
TuneUp Utilities Language Pack (en-US) (x32 Version: 9.0.3000.136 - TuneUp Software) Hidden
TVersity Codec Pack 1.7 (HKLM-x32\...\TVersity Codec Pack) (Version: 1.7 - TVersity Inc.)
TVersity Media Server Pro 3.8 (HKLM-x32\...\TVersity Media Server Pro) (Version: 3.8 - TVersity)
UltraISO Premium V9.35 (HKLM-x32\...\UltraISO_is1) (Version:  - )
USB Driver Vers. 3.2 (HKLM-x32\...\USB Driver Vers. 3.2) (Version:  - )
Use the entry named LeapFrog Connect to uninstall (LeapFrog Tag Plugin) (HKLM-x32\...\TagPlugin) (Version: 4.2.9.15649 - LeapFrog)
Vegas Pro 10.0 (HKLM-x32\...\{6D592E30-11EC-11E0-859C-0013D3D69929}) (Version: 10.0.469 - Sony)
VSO ConvertXToDVD (HKLM-x32\...\{CE1F93C0-4353-4C9D-84DA-AB4E7C63ED32}_is1) (Version: 5.1.0.2 - VSO Software)
VSO Video Converter 1 (HKLM-x32\...\{{5289246A-D537-4823-88C2-38C17840E45A}_is1) (Version: 1.1.0.20 - VSO Software)
Vuze (HKLM-x32\...\8461-7759-5462-8226) (Version: 5.7.0.0 - Azureus Software, Inc.)
Windows Automated Installation Kit (HKLM\...\{31E8F586-4EF7-4500-844D-BA8756474FF1}) (Version: 1.1.0.0 - Microsoft Corporation)
Windows Driver Package - LeapFrog (FlyUsb) USB  (11/05/2008 1.1.1.0) (HKLM\...\781745E87AFF80C0C1388CFF79D19ECAB2E9BB47) (Version: 11/05/2008 1.1.1.0 - LeapFrog)
Windows Driver Package - Leapfrog (Leapfrog-USBLAN) Net  (09/10/2009 02.03.05.012) (HKLM\...\8F14F2ECEDE68D26EA515B48DC25B39103C4FE8D) (Version: 09/10/2009 02.03.05.012 - Leapfrog)
Xiph.Org Open Codecs 0.85.17777 (HKLM-x32\...\Open Codecs) (Version: 0.85.17777 - Xiph.Org)
Xvid MPEG-4 Video Codec (HKLM-x32\...\xvid) (Version:  - Xvid Development Team)
Xvid Video Codec (HKLM-x32\...\Xvid Video Codec 1.3.2) (Version: 1.3.2 - Xvid Team)
XviD4PSP 5.10.289.0 (HKLM-x32\...\XviD4PSP5_is1) (Version:  - Winnydows & fcp team)
YAMB (HKLM-x32\...\YAMB) (Version:  - )
Your Uninstaller! 2010 (HKLM-x32\...\YU2010_is1) (Version: 7.0 - URSoft, Inc.)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-2085024141-2439579769-4020783274-1004_Classes\CLSID\{65713842-C410-4f44-8383-BFE01A398C90}\InprocServer32 -> C:\Program Files (x86)\ClamWin\bin\ExpShell64.dll ()
CustomCLSID: HKU\S-1-5-21-2085024141-2439579769-4020783274-1004_Classes\CLSID\{CC182BE1-84CE-4A57-B85C-FD4BBDF78CB2}\InprocServer32 -> C:\Users\installation\AppData\Local\Google\Update\1.3.29.1\psuser_64.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-2085024141-2439579769-4020783274-1004_Classes\CLSID\{E8CF3E55-F919-49D9-ABC0-948E6CB34B9F}\InprocServer32 -> C:\Users\installation\AppData\Local\Google\Update\1.3.29.1\psuser_64.dll (Google Inc.)

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {0771DA80-AD6F-4033-AD13-D30354B634AC} - System32\Tasks\Microsoft\Office\Office Automatic Updates => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [2015-11-01] (Microsoft Corporation)
Task: {157F337A-8EF0-4A25-8CF3-7B49B560347A} - System32\Tasks\Microsoft_Hardware_Launch_ipoint_exe => C:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe [2013-05-13] (Microsoft Corporation)
Task: {1E1C4BF8-FB05-40F8-80FC-6D5F453A7E89} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-2085024141-2439579769-4020783274-1004UA => C:\Users\installation\AppData\Local\Google\Update\GoogleUpdate.exe [2015-08-27] (Google Inc.)
Task: {22B9C9C0-5578-4F42-AD76-04A3EA43518C} - System32\Tasks\Microsoft_Hardware_Launch_itype_exe => C:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe [2013-05-13] (Microsoft Corporation)
Task: {2C2C042F-EC1D-418F-A10C-93878E5DC8BA} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2015-10-28] (Adobe Systems Incorporated)
Task: {3639BA25-FF2F-44AE-AA8C-AA016988CADA} - System32\Tasks\RNUpgradeHelperResumePrompt_installation => C:\Users\installation\AppData\Roaming\Real\Update\UpgradeHelper\RealPlayer\10.50\agent\rnupgagent.exe
Task: {369B8563-A628-4B14-8584-5F8FB682850D} - System32\Tasks\RealPlayerRealUpgradeLogonTaskS-1-5-21-2085024141-2439579769-4020783274-1006 => C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe
Task: {38EB57AA-2EBF-484D-8F60-808B4AFAB07D} - System32\Tasks\{4285B96D-1C7E-47D8-9CCB-28AA2359EC2C} => F:\Program Files\Vuze\Azureus.exe
Task: {3C62F1F2-AA7A-4365-AB38-2B10A024ED75} - System32\Tasks\{ED8B50F0-9D79-4AB0-86DC-5C4E1CC6F8A5} => pcalua.exe -a C:\Users\installation\Downloads\installer_win.exe -d C:\Users\installation\Downloads
Task: {3FF4AD25-9767-4C67-BE9F-2BD626B6B9B0} - System32\Tasks\{617498EA-1E82-4260-B8F8-6EA00A9DAC9D} => F:\Program Files\Vuze\Azureus.exe
Task: {47D0D637-AFD5-4647-B218-2FD33EFEB477} - System32\Tasks\RealUpgradeScheduledTaskS-1-5-21-2085024141-2439579769-4020783274-1004 => C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe
Task: {5A40E926-9E86-4B89-9CFD-B12311724371} - System32\Tasks\Microsoft\Windows\UPnP\UPnPHostConfig => config upnphost start= auto
Task: {649587BC-316F-45AF-814D-96A960DBAE48} - System32\Tasks\Health-Check-deep => C:\Program Files (x86)\Innovative Solutions\Advanced Uninstaller PRO\healthcheck.exe [2015-11-23] (Innovative Solutions)
Task: {667063B5-12C5-46EF-BEAF-05CB95A8D02A} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack2016 => C:\Program Files (x86)\Microsoft Office\root\Office16\msoia.exe [2015-12-19] (Microsoft Corporation)
Task: {6E1DCC90-63F5-4267-9CCC-343568714FDF} - System32\Tasks\RealPlayerRealUpgradeLogonTaskS-1-5-21-2085024141-2439579769-4020783274-1004 => C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe
Task: {71885604-AA25-4B72-91C5-5C1BAFD5F5E5} - System32\Tasks\RealPlayerRealUpgradeScheduledTaskS-1-5-21-2085024141-2439579769-4020783274-1004 => C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe
Task: {754689F4-5DD4-4591-BB0A-BF5EDD30B15F} - System32\Tasks\Health-Check-auto => C:\Program Files (x86)\Innovative Solutions\Advanced Uninstaller PRO\healthcheck.exe [2015-11-23] (Innovative Solutions)
Task: {760B1DA0-D17A-4645-A867-C65866798F02} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-2085024141-2439579769-4020783274-1004Core => C:\Users\installation\AppData\Local\Google\Update\GoogleUpdate.exe [2015-08-27] (Google Inc.)
Task: {82969B93-4E11-4DA7-ADBB-936449D50A34} - System32\Tasks\{A11BF63D-8D68-4C3C-BA92-FBE01835CF6B} => F:\Program Files\Vuze\Azureus.exe
Task: {84C94C85-85FE-4D16-93A1-0EC580A9008F} - System32\Tasks\UninstallMonitor => C:\Program Files (x86)\Innovative Solutions\Advanced Uninstaller PRO\Uninstaller.exe [2015-11-23] (Innovative Solutions)
Task: {8D594C67-28F2-4EA2-90B5-F351E858B451} - System32\Tasks\Microsoft_Hardware_Launch_mousekeyboardcenter_exe => C:\Program Files\Microsoft Mouse and Keyboard Center\mousekeyboardcenter.exe [2013-05-13] (Microsoft)
Task: {8DC370A1-CE74-40ED-A4AC-5919D8E59114} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn2016 => C:\Program Files (x86)\Microsoft Office\root\Office16\msoia.exe [2015-12-19] (Microsoft Corporation)
Task: {8EC3688A-43CE-4FE0-80AD-AF1A5E18B2F2} - System32\Tasks\ReclaimerUpdateXML_installation => C:\Users\installation\AppData\Roaming\Real\Update\UpgradeHelper\RealPlayer\10.50\agent\rnupgagent.exe
Task: {932D39BC-0DC7-42E3-9C80-72EFA9DA06B0} - System32\Tasks\{EB94000F-7284-4A0F-95F6-F385B082A6F9} => F:\Program Files\Vuze\Azureus.exe
Task: {9989F057-9A72-4878-B3A4-22C9951D4617} - System32\Tasks\{AAEA3F3B-3796-47D2-90DA-CBFF9BC1F3C4} => F:\Program Files\Vuze\Azureus.exe
Task: {9A021970-8A5B-480B-9D40-B54BEEEB6E83} - System32\Tasks\Private Internet Access Startup => C:\Program Files\pia_manager\pia_manager.exe [2015-12-01] ()
Task: {9A519024-18E8-4D35-9479-044E2209EA68} - System32\Tasks\{7475CE5C-11DA-4CA6-92C7-58578A9777B9} => F:\Program Files\Vuze\Azureus.exe
Task: {A5FD65E5-0A10-494E-B45E-5C36523C0AC3} - System32\Tasks\ReclaimerUpdateFiles_installation => C:\Users\installation\AppData\Roaming\Real\Update\UpgradeHelper\RealPlayer\10.50\agent\rnupgagent.exe
Task: {AE0228AD-2528-48E6-898E-FE3BF62BEB2C} - System32\Tasks\Apple Diagnostics => C:\Program Files (x86)\Common Files\Apple\Internet Services\EReporter.exe [2014-08-25] (Apple Inc.)
Task: {B15F15AE-3222-4C84-9E7E-4597DDB1B8DD} - System32\Tasks\RNUpgradeHelperLogonPrompt_installation => C:\Users\installation\AppData\Roaming\Real\Update\UpgradeHelper\RealPlayer\10.50\agent\rnupgagent.exe
Task: {BC26A644-10F0-4B39-9146-20B32E515A40} - System32\Tasks\{777AD5D3-4F23-4276-B79F-E333877352E9} => F:\Program Files\Vuze\Azureus.exe
Task: {BC9A182D-C2FF-4C4E-866C-9030A3DBEA2C} - System32\Tasks\Microsoft_MKC_Logon_Task_itype.exe => C:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe [2013-05-13] (Microsoft Corporation)
Task: {C2D98AE0-AA4A-4183-8799-1452DE3477DA} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [2015-11-01] (Microsoft Corporation)
Task: {C5A8577C-60BD-464A-97C5-F2814B641DB3} - System32\Tasks\Microsoft_MKC_Logon_Task_ipoint.exe => C:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe [2013-05-13] (Microsoft Corporation)
Task: {CABCE607-1D51-4F7E-8A3B-D52B17A4903A} - System32\Tasks\RealPlayerRealUpgradeLogonTaskS-1-5-21-2085024141-2439579769-4020783274-1002 => C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe
Task: {CAC1FEC5-8597-445D-9C90-E1D9D07C8822} - System32\Tasks\RealPlayerRealUpgradeScheduledTaskS-1-5-21-2085024141-2439579769-4020783274-1006 => C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe
Task: {CD9498F0-9199-4160-8AE6-878EBCB01B94} - System32\Tasks\Nero\Nero Info => C:\Program Files (x86)\Common Files\Nero\Nero Info\NeroInfo.exe [2013-08-20] (Nero AG)
Task: {D80B8EA8-23BE-436C-99D1-F231886EDBED} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-11-29] (Adobe Systems Incorporated)
Task: {DA16C543-83A4-48E6-A449-7C53F3A81B62} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-2085024141-2439579769-4020783274-1004Core1d0414f97774c92 => C:\Users\installation\AppData\Local\Google\Update\GoogleUpdate.exe [2015-08-27] (Google Inc.)
Task: {DD9F510C-95F4-499A-90C8-BAC5BC372FF4} - System32\Tasks\Microsoft\Windows\SoftwareProtectionPlatform\SvcRestartTask => start sppsvc
Task: {DFF3770C-27B1-4A2B-B0F4-282B693138DC} - System32\Tasks\RealUpgradeLogonTaskS-1-5-21-2085024141-2439579769-4020783274-1004 => C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe
Task: {E0C11D9E-3152-423B-AB92-4DD504A8CAB9} - System32\Tasks\RealPlayerRealUpgradeScheduledTaskS-1-5-21-2085024141-2439579769-4020783274-1002 => C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe
Task: {F06CFBFE-EC45-41C6-8177-4D38732094B7} - System32\Tasks\{1B2A9766-B5E1-47E5-B1F2-6F4B3AB6D9B5} => pcalua.exe -a C:\Users\installation\Downloads\wlsetup-web.exe -d "C:\Program Files (x86)\Mozilla Firefox"
Task: {F1EC4FB6-657A-4CB2-9374-BA37E32335E5} - System32\Tasks\{B881D4E0-B368-4AE9-B3A4-CBE453DED6A3} => pcalua.exe -a C:\Users\installation\Downloads\HPSupportSolutionsFramework-12.0.30.81.exe -d C:\Users\installation\Downloads
Task: {F49DFDBE-0CD6-4289-9C51-1089018E9EE3} - System32\Tasks\Health-Check => C:\Program Files (x86)\Innovative Solutions\Advanced Uninstaller PRO\healthcheck.exe [2015-11-23] (Innovative Solutions)
Task: {F8902527-19A3-40A6-9D51-EE9F7DD1FF93} - System32\Tasks\TuneUpUtilities_Task_BkGndMaintenance => C:\Program Files (x86)\TuneUp Utilities 2010\OneClick.exe

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2085024141-2439579769-4020783274-1004Core.job => C:\Users\installation\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2085024141-2439579769-4020783274-1004Core1d0414f97774c92.job => C:\Users\installation\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2085024141-2439579769-4020783274-1004UA.job => C:\Users\installation\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\Health-Check-auto.job => C:\Program Files (x86)\Innovative Solutions\Advanced Uninstaller PRO\healthcheck.exe
Task: C:\Windows\Tasks\Health-Check-deep.job => C:\Program Files (x86)\Innovative Solutions\Advanced Uninstaller PRO\healthcheck.exe
Task: C:\Windows\Tasks\Health-Check.job => C:\Program Files (x86)\Innovative Solutions\Advanced Uninstaller PRO\healthcheck.exe
Task: C:\Windows\Tasks\ReclaimerUpdateFiles_installation.job => C:\Users\installation\AppData\Roaming\Real\Update\UpgradeHelper\RealPlayer\10.50\agent\rnupgagent.exe
Task: C:\Windows\Tasks\ReclaimerUpdateXML_installation.job => C:\Users\installation\AppData\Roaming\Real\Update\UpgradeHelper\RealPlayer\10.50\agent\rnupgagent.exe
Task: C:\Windows\Tasks\RNUpgradeHelperLogonPrompt_installation.job => C:\Users\installation\AppData\Roaming\Real\Update\UpgradeHelper\RealPlayer\10.50\agent\rnupgagent.exe

==================== Shortcuts =============================

(The entries could be listed to be restored or removed.)

==================== Loaded Modules (Whitelisted) ==============

2013-01-12 21:09 - 2015-07-22 17:31 - 00116368 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll
2012-04-19 18:26 - 2005-03-11 23:07 - 00087040 _____ () C:\Windows\System32\pdfcmnnt.dll
2015-11-20 16:50 - 2015-12-19 15:24 - 08903848 _____ () C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\1033\GrooveIntlResource.dll
2015-06-29 19:03 - 2008-04-19 15:35 - 00080384 _____ () C:\Program Files (x86)\ClamWin\bin\ExpShell64.dll
2015-10-22 03:39 - 2015-12-01 15:20 - 08845798 _____ () C:\Program Files\pia_manager\pia_manager.exe
2015-10-23 19:26 - 2015-11-01 02:11 - 00161448 _____ () C:\Program Files\Common Files\Microsoft Shared\ClickToRun\ApiClient.dll
2015-11-16 15:23 - 2015-11-23 16:05 - 00071680 _____ () C:\Program Files (x86)\Common Files\Freemake Shared\ProductUpdater\ProductUpdater.exe
2014-09-27 09:11 - 2014-08-12 09:42 - 00736768 _____ () C:\Program Files (x86)\Syncios\SynciosDeviceService.exe
2016-01-03 17:38 - 2015-11-23 16:00 - 01064520 _____ () C:\Program Files (x86)\Common Files\Innovative Solutions\Advanced Uninstaller\InnovativeSolutions_monitor_Svr.exe
2015-06-01 19:14 - 2015-06-01 19:14 - 00105216 _____ () C:\Program Files (x86)\NETGEAR Genie\bin\genie2_tray.exe
2015-10-22 03:40 - 2015-12-01 15:20 - 00184320 _____ () C:\Program Files\pia_manager\pia_tray\pia_tray.exe
2015-10-22 03:39 - 2015-12-01 15:26 - 00690688 _____ () C:\Program Files\pia_manager\openvpn.exe
2015-10-22 03:40 - 2015-12-01 15:26 - 00190317 _____ () C:\Program Files\pia_manager\liblzo2-2.dll
2015-10-22 03:40 - 2015-12-01 15:26 - 00108441 _____ () C:\Program Files\pia_manager\libpkcs11-helper-1.dll
2014-07-31 11:16 - 2014-07-31 11:16 - 00073544 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
2014-07-31 11:16 - 2014-07-31 11:16 - 01044776 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
2016-01-03 17:38 - 2014-03-07 09:23 - 00565827 _____ () C:\Program Files (x86)\Innovative Solutions\Advanced Uninstaller PRO\sqlite3.dll
2015-11-20 16:49 - 2015-12-19 15:24 - 08903848 _____ () C:\Program Files (x86)\Microsoft Office\root\Office16\1033\GrooveIntlResource.dll
2015-12-05 21:00 - 2015-07-23 20:22 - 00011920 _____ () C:\Program Files (x86)\NVIDIA Corporation\Update Core\detoured.dll
2015-06-29 19:03 - 2005-02-08 15:23 - 00979005 _____ () C:\Program Files (x86)\ClamWin\bin\python23.dll
2015-06-29 19:03 - 2004-11-20 01:27 - 00069632 _____ () C:\Program Files (x86)\ClamWin\lib\win32api.pyd
2015-06-29 19:03 - 2004-10-11 18:21 - 00094208 _____ () C:\Program Files (x86)\ClamWin\lib\pywintypes23.dll
2015-06-29 19:03 - 2004-05-25 19:18 - 00057401 _____ () C:\Program Files (x86)\ClamWin\lib\_sre.pyd
2015-06-29 19:03 - 2004-11-20 01:27 - 00086016 _____ () C:\Program Files (x86)\ClamWin\lib\win32gui.pyd
2015-06-29 19:03 - 2004-11-20 01:27 - 00024576 _____ () C:\Program Files (x86)\ClamWin\lib\win32event.pyd
2015-06-29 19:03 - 2004-11-20 01:27 - 00036864 _____ () C:\Program Files (x86)\ClamWin\lib\win32process.pyd
2015-06-29 19:03 - 2004-05-25 19:18 - 00049212 _____ () C:\Program Files (x86)\ClamWin\lib\_socket.pyd
2015-06-29 19:03 - 2004-05-25 19:18 - 00495616 _____ () C:\Program Files (x86)\ClamWin\lib\_ssl.pyd
2015-06-29 19:03 - 2004-05-25 19:20 - 00036864 _____ () C:\Program Files (x86)\ClamWin\lib\_winreg.pyd
2015-06-29 19:03 - 2004-10-11 18:22 - 00315392 _____ () C:\Program Files (x86)\ClamWin\lib\pythoncom23.dll
2015-06-29 19:03 - 2004-11-20 01:27 - 00106496 _____ () C:\Program Files (x86)\ClamWin\lib\shell.pyd
2015-06-29 19:03 - 2004-11-20 01:27 - 00065536 _____ () C:\Program Files (x86)\ClamWin\lib\win32security.pyd
2015-06-29 19:03 - 2004-01-15 12:45 - 00061440 _____ () C:\Program Files (x86)\ClamWin\lib\_ctypes.pyd
2015-06-29 19:03 - 2004-11-20 01:27 - 00077824 _____ () C:\Program Files (x86)\ClamWin\lib\win32file.pyd
2015-06-29 19:03 - 2004-11-20 01:27 - 00024576 _____ () C:\Program Files (x86)\ClamWin\lib\win32pipe.pyd
2015-06-29 19:03 - 2003-10-01 11:40 - 02240512 _____ () C:\Program Files (x86)\ClamWin\lib\wxc.pyd
2015-06-29 19:03 - 2003-10-01 09:43 - 03239936 _____ () C:\Program Files (x86)\ClamWin\lib\wxmsw24h.dll
2015-06-29 19:03 - 2003-08-10 07:14 - 00061440 _____ () C:\Program Files (x86)\ClamWin\lib\mxDateTime.pyd
2015-06-29 19:03 - 2004-05-25 19:17 - 00622651 _____ () C:\Program Files (x86)\ClamWin\lib\_bsddb.pyd
2015-06-29 19:03 - 2004-05-25 19:19 - 00045117 _____ () C:\Program Files (x86)\ClamWin\lib\datetime.pyd
2013-09-28 17:14 - 2013-09-28 17:14 - 03369922 _____ () C:\Program Files (x86)\NETGEAR Genie\bin\icuin51.dll
2013-09-28 17:13 - 2013-09-28 17:13 - 00544817 _____ () C:\Program Files (x86)\NETGEAR Genie\bin\libgcc_s_dw2-1.dll
2013-09-28 17:13 - 2013-09-28 17:13 - 00989805 _____ () C:\Program Files (x86)\NETGEAR Genie\bin\libstdc++-6.dll
2013-09-28 17:14 - 2013-09-28 17:14 - 01978690 _____ () C:\Program Files (x86)\NETGEAR Genie\bin\icuuc51.dll
2013-09-28 17:14 - 2013-09-28 17:14 - 22378434 _____ () C:\Program Files (x86)\NETGEAR Genie\bin\icudt51.dll
2013-09-28 17:14 - 2013-09-28 17:14 - 01233408 _____ () C:\Program Files (x86)\NETGEAR Genie\bin\platforms\qwindows.dll
2015-06-12 02:43 - 2015-06-12 02:43 - 00657408 _____ () C:\Program Files (x86)\NETGEAR Genie\bin\Genie.dll
2015-04-08 00:52 - 2015-04-08 00:52 - 01688576 _____ () C:\Program Files (x86)\NETGEAR Genie\bin\SvtNetworkTool.dll
2015-05-25 01:44 - 2015-05-25 01:44 - 00192512 _____ () C:\Program Files (x86)\NETGEAR Genie\bin\GeniePlugin_Airprint.dll
2015-06-01 21:15 - 2015-06-01 21:15 - 00602624 _____ () C:\Program Files (x86)\NETGEAR Genie\bin\GeniePlugin_Internet.dll
2015-06-14 23:03 - 2015-06-14 23:03 - 06724096 _____ () C:\Program Files (x86)\NETGEAR Genie\bin\GeniePlugin_Map.dll
2014-06-29 17:55 - 2014-06-29 17:55 - 00068608 _____ () C:\Program Files (x86)\NETGEAR Genie\bin\QRCode.dll
2014-06-29 18:05 - 2014-06-29 18:05 - 01183232 _____ () C:\Program Files (x86)\NETGEAR Genie\bin\qwt.dll
2015-06-14 23:04 - 2015-06-14 23:04 - 03101696 _____ () C:\Program Files (x86)\NETGEAR Genie\bin\GeniePlugin_MyMedia.dll
2012-10-15 12:27 - 2012-10-15 12:27 - 00111616 _____ () C:\Program Files (x86)\NETGEAR Genie\bin\libvlc.dll
2012-10-15 12:28 - 2012-10-15 12:28 - 02286592 _____ () C:\Program Files (x86)\NETGEAR Genie\bin\libvlccore.dll
2015-05-25 01:59 - 2015-05-25 01:59 - 01057280 _____ () C:\Program Files (x86)\NETGEAR Genie\bin\GeniePlugin_NetworkProblem.dll
2014-09-11 00:39 - 2014-09-11 00:39 - 00144896 _____ () C:\Program Files (x86)\NETGEAR Genie\bin\DragonNetTool.dll
2015-05-25 01:57 - 2015-05-25 01:57 - 01202688 _____ () C:\Program Files (x86)\NETGEAR Genie\bin\GeniePlugin_ParentalControl.dll
2015-06-12 01:49 - 2015-06-12 01:49 - 11253248 _____ () C:\Program Files (x86)\NETGEAR Genie\bin\GeniePlugin_Resource.dll
2015-05-25 02:03 - 2015-05-25 02:03 - 02584576 _____ () C:\Program Files (x86)\NETGEAR Genie\bin\GeniePlugin_RouterConfiguration.dll
2015-05-25 02:03 - 2015-05-25 02:03 - 00200192 _____ () C:\Program Files (x86)\NETGEAR Genie\bin\GeniePlugin_Statistics.dll
2015-05-25 02:04 - 2015-05-25 02:04 - 00891904 _____ () C:\Program Files (x86)\NETGEAR Genie\bin\GeniePlugin_Ui.dll
2015-05-25 02:05 - 2015-05-25 02:05 - 00438272 _____ () C:\Program Files (x86)\NETGEAR Genie\bin\GeniePlugin_Wireless.dll
2013-09-28 17:13 - 2013-09-28 17:13 - 00051200 _____ () C:\Program Files (x86)\NETGEAR Genie\bin\imageformats\qgif.dll
2013-08-25 11:07 - 2013-08-25 11:07 - 00052224 _____ () C:\Program Files (x86)\NETGEAR Genie\bin\imageformats\qico.dll
2013-09-28 17:13 - 2013-09-28 17:13 - 00261120 _____ () C:\Program Files (x86)\NETGEAR Genie\bin\imageformats\qjpeg.dll
2013-08-25 11:16 - 2013-08-25 11:16 - 00381952 _____ () C:\Program Files (x86)\NETGEAR Genie\bin\imageformats\qmng.dll
2013-08-25 11:09 - 2013-08-25 11:09 - 00046080 _____ () C:\Program Files (x86)\NETGEAR Genie\bin\imageformats\qsvg.dll
2013-08-25 11:16 - 2013-08-25 11:16 - 00046080 _____ () C:\Program Files (x86)\NETGEAR Genie\bin\imageformats\qtga.dll
2013-08-25 11:16 - 2013-08-25 11:16 - 00390144 _____ () C:\Program Files (x86)\NETGEAR Genie\bin\imageformats\qtiff.dll
2013-08-25 11:16 - 2013-08-25 11:16 - 00045056 _____ () C:\Program Files (x86)\NETGEAR Genie\bin\imageformats\qwbmp.dll
2014-06-29 17:55 - 2014-06-29 17:55 - 00081408 _____ () C:\Program Files (x86)\NETGEAR Genie\bin\DiagnosePlugin.dll
2015-04-17 02:36 - 2015-04-17 02:36 - 00146944 _____ () C:\Program Files (x86)\NETGEAR Genie\bin\DiagnoseDll.dll
2015-06-03 05:53 - 2015-06-03 05:53 - 02356956 _____ () C:\Program Files (x86)\NETGEAR Genie\bin\drivers\libntgr_api.dll
2015-02-03 02:09 - 2015-02-03 02:09 - 00072192 _____ () C:\Program Files (x86)\NETGEAR Genie\bin\SVTUtils.dll
2014-09-03 22:00 - 2014-09-03 22:00 - 00074240 _____ () C:\Program Files (x86)\NETGEAR Genie\bin\NetcardApi.dll
2014-09-03 22:00 - 2014-09-03 22:00 - 00136704 _____ () C:\Program Files (x86)\NETGEAR Genie\bin\airprintdll.dll
2012-10-15 12:28 - 2012-10-15 12:28 - 00219648 _____ () C:\Program Files (x86)\NETGEAR Genie\bin\plugins\access\libdshow_plugin.dll
2012-10-15 12:28 - 2012-10-15 12:28 - 00049664 _____ () C:\Program Files (x86)\NETGEAR Genie\bin\plugins\audio_output\libaout_directx_plugin.dll
2012-10-15 12:28 - 2012-10-15 12:28 - 00051200 _____ () C:\Program Files (x86)\NETGEAR Genie\bin\plugins\audio_output\libwaveout_plugin.dll
2012-10-15 12:28 - 2012-10-15 12:28 - 00070144 _____ () C:\Program Files (x86)\NETGEAR Genie\bin\plugins\video_output\libdirectx_plugin.dll
2015-05-25 02:05 - 2015-05-25 02:05 - 00642048 _____ () C:\Program Files (x86)\NETGEAR Genie\bin\InnerPlugin_Update.dll
2015-05-25 02:06 - 2015-05-25 02:06 - 00458752 _____ () C:\Program Files (x86)\NETGEAR Genie\bin\InnerPlugin_WirelessExport.dll
2014-06-29 18:33 - 2014-06-29 18:33 - 00046080 _____ () C:\Program Files (x86)\NETGEAR Genie\bin\WSetupApiPlugin.dll
2014-09-03 22:00 - 2014-09-03 22:00 - 00066560 _____ () C:\Program Files (x86)\NETGEAR Genie\bin\WSetupDll.dll
2013-09-28 17:13 - 2013-09-28 17:13 - 00040960 _____ () C:\Program Files (x86)\NETGEAR Genie\bin\printsupport\windowsprintersupport.dll
2014-09-27 09:11 - 2014-08-12 09:42 - 00382464 _____ () C:\Program Files (x86)\Syncios\DuiLib.dll
2014-09-27 09:11 - 2013-03-01 09:30 - 00059904 _____ () C:\Program Files (x86)\Syncios\zlib.dll
2014-09-27 09:11 - 2013-03-01 09:30 - 00526848 _____ () C:\Program Files (x86)\Syncios\sqlite3.dll
2014-09-27 09:11 - 2014-04-29 16:11 - 00067072 _____ () C:\Program Files (x86)\Syncios\zlib1.dll
2014-09-27 09:11 - 2014-01-06 10:24 - 00671744 _____ () C:\Program Files (x86)\Syncios\hashab.dll
2014-07-31 11:16 - 2014-07-31 11:16 - 00237352 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxslt.dll
2016-01-03 18:02 - 2016-01-03 18:02 - 00012800 _____ () C:\Users\installation\AppData\Local\Temp\ocr5CDE.tmp\lib\ruby\1.9.1\i386-mingw32\enc\encdb.so
2016-01-03 18:02 - 2016-01-03 18:02 - 00009728 _____ () C:\Users\installation\AppData\Local\Temp\ocr5CDE.tmp\lib\ruby\1.9.1\i386-mingw32\enc\iso_8859_1.so
2016-01-03 18:02 - 2016-01-03 18:02 - 00014848 _____ () C:\Users\installation\AppData\Local\Temp\ocr5CDE.tmp\lib\ruby\1.9.1\i386-mingw32\enc\trans\transdb.so
2016-01-03 18:00 - 2016-01-03 18:00 - 00094208 ____N () C:\Users\installation\AppData\Local\Temp\ocr5CDE.tmp\src\rgloader\rgloader193.mswin.so
2016-01-03 18:03 - 2016-01-03 18:03 - 00009216 _____ () C:\Users\installation\AppData\Local\Temp\ocr5CDE.tmp\lib\ruby\1.9.1\i386-mingw32\etc.so
2016-01-03 18:03 - 2016-01-03 18:03 - 00094208 ____N () C:\Users\installation\AppData\Local\Temp\ocr5CDE.tmp\lib\ruby\site_ruby\1.9.1\rgloader\rgloader193.mswin.so
2016-01-03 18:04 - 2016-01-03 18:04 - 00126976 _____ () C:\Users\installation\AppData\Local\Temp\ocr5CDE.tmp\lib\ruby\1.9.1\i386-mingw32\win32ole.so
2016-01-03 18:04 - 2016-01-03 18:04 - 00087552 _____ () C:\Users\installation\AppData\Local\Temp\ocr5CDE.tmp\lib\ruby\1.9.1\i386-mingw32\dl.so
2016-01-03 18:04 - 2016-01-03 18:04 - 00016384 _____ () C:\Users\installation\AppData\Local\Temp\ocr5CDE.tmp\lib\ruby\1.9.1\i386-mingw32\fiddle.so
2016-01-03 18:01 - 2016-01-03 18:01 - 00127316 _____ () C:\Users\installation\AppData\Local\Temp\ocr5CDE.tmp\bin\libffi-6.dll
2016-01-03 18:02 - 2016-01-03 18:02 - 00008704 _____ () C:\Users\installation\AppData\Local\Temp\ocr5CDE.tmp\lib\ruby\1.9.1\i386-mingw32\enc\utf_16le.so
2016-01-03 18:02 - 2016-01-03 18:02 - 00013312 ____N () C:\Users\installation\AppData\Local\Temp\ocr5CDE.tmp\lib\ruby\1.9.1\i386-mingw32\enc\trans\utf_16_32.so
2016-01-03 18:02 - 2016-01-03 18:02 - 00095744 _____ () C:\Users\installation\AppData\Local\Temp\ocr5CDE.tmp\lib\ruby\1.9.1\i386-mingw32\enc\trans\single_byte.so
2016-01-03 18:04 - 2016-01-03 18:05 - 00026624 _____ () C:\Users\installation\AppData\Local\Temp\ocr5CDE.tmp\lib\ruby\gems\1.9.1\gems\win32-api-1.5.0-universal-mingw32\lib\win32\ruby19\win32\api.so
2016-01-03 18:06 - 2016-01-03 18:06 - 00012800 _____ () C:\Users\installation\AppData\Local\Temp\ocrBE2.tmp\lib\ruby\1.9.1\i386-mingw32\enc\encdb.so
2016-01-03 18:06 - 2016-01-03 18:06 - 00009728 _____ () C:\Users\installation\AppData\Local\Temp\ocrBE2.tmp\lib\ruby\1.9.1\i386-mingw32\enc\iso_8859_1.so
2016-01-03 18:06 - 2016-01-03 18:06 - 00014848 _____ () C:\Users\installation\AppData\Local\Temp\ocrBE2.tmp\lib\ruby\1.9.1\i386-mingw32\enc\trans\transdb.so
2016-01-03 18:05 - 2016-01-03 18:05 - 00094208 _____ () C:\Users\installation\AppData\Local\Temp\ocrBE2.tmp\src\rgloader\rgloader193.mswin.so
2016-01-03 18:06 - 2016-01-03 18:06 - 00094208 _____ () C:\Users\installation\AppData\Local\Temp\ocrBE2.tmp\lib\ruby\site_ruby\1.9.1\rgloader\rgloader193.mswin.so
2016-01-03 18:06 - 2016-01-03 18:06 - 00118784 _____ () C:\Users\installation\AppData\Local\Temp\ocrBE2.tmp\lib\ruby\1.9.1\i386-mingw32\socket.so
2016-01-03 18:06 - 2016-01-03 18:06 - 00069120 _____ () C:\Users\installation\AppData\Local\Temp\ocrBE2.tmp\lib\ruby\1.9.1\i386-mingw32\zlib.so
2016-01-03 18:05 - 2016-01-03 18:05 - 00083968 _____ () C:\Users\installation\AppData\Local\Temp\ocrBE2.tmp\bin\zlib1.dll
2016-01-03 18:06 - 2016-01-03 18:06 - 00026624 _____ () C:\Users\installation\AppData\Local\Temp\ocrBE2.tmp\lib\ruby\1.9.1\i386-mingw32\stringio.so
2016-01-03 18:06 - 2016-01-03 18:06 - 00275968 _____ () C:\Users\installation\AppData\Local\Temp\ocrBE2.tmp\lib\ruby\1.9.1\i386-mingw32\openssl.so
2016-01-03 18:06 - 2016-01-03 18:06 - 00015360 _____ () C:\Users\installation\AppData\Local\Temp\ocrBE2.tmp\lib\ruby\1.9.1\i386-mingw32\digest.so
2016-01-03 18:07 - 2016-01-03 18:07 - 00008192 _____ () C:\Users\installation\AppData\Local\Temp\ocrBE2.tmp\lib\ruby\1.9.1\i386-mingw32\fcntl.so
2016-01-03 18:07 - 2016-01-03 18:07 - 00009216 _____ () C:\Users\installation\AppData\Local\Temp\ocrBE2.tmp\lib\ruby\1.9.1\i386-mingw32\etc.so
2016-01-03 18:07 - 2016-01-03 18:07 - 00023552 _____ () C:\Users\installation\AppData\Local\Temp\ocrBE2.tmp\lib\ruby\1.9.1\i386-mingw32\json\ext\parser.so
2016-01-03 18:07 - 2016-01-03 18:07 - 00008704 _____ () C:\Users\installation\AppData\Local\Temp\ocrBE2.tmp\lib\ruby\1.9.1\i386-mingw32\enc\utf_16be.so
2016-01-03 18:06 - 2016-01-03 18:06 - 00008704 _____ () C:\Users\installation\AppData\Local\Temp\ocrBE2.tmp\lib\ruby\1.9.1\i386-mingw32\enc\utf_16le.so
2016-01-03 18:07 - 2016-01-03 18:07 - 00008704 _____ () C:\Users\installation\AppData\Local\Temp\ocrBE2.tmp\lib\ruby\1.9.1\i386-mingw32\enc\utf_32be.so
2016-01-03 18:07 - 2016-01-03 18:07 - 00008704 _____ () C:\Users\installation\AppData\Local\Temp\ocrBE2.tmp\lib\ruby\1.9.1\i386-mingw32\enc\utf_32le.so
2016-01-03 18:07 - 2016-01-03 18:07 - 00036352 _____ () C:\Users\installation\AppData\Local\Temp\ocrBE2.tmp\lib\ruby\1.9.1\i386-mingw32\json\ext\generator.so
2016-01-03 18:07 - 2016-01-03 18:07 - 00126976 _____ () C:\Users\installation\AppData\Local\Temp\ocrBE2.tmp\lib\ruby\1.9.1\i386-mingw32\win32ole.so
2016-01-03 18:07 - 2016-01-03 18:07 - 00087552 _____ () C:\Users\installation\AppData\Local\Temp\ocrBE2.tmp\lib\ruby\1.9.1\i386-mingw32\dl.so
2016-01-03 18:07 - 2016-01-03 18:07 - 00016384 _____ () C:\Users\installation\AppData\Local\Temp\ocrBE2.tmp\lib\ruby\1.9.1\i386-mingw32\fiddle.so
2016-01-03 18:06 - 2016-01-03 18:06 - 00127316 _____ () C:\Users\installation\AppData\Local\Temp\ocrBE2.tmp\bin\libffi-6.dll
2016-01-03 18:06 - 2016-01-03 18:06 - 00013312 _____ () C:\Users\installation\AppData\Local\Temp\ocrBE2.tmp\lib\ruby\1.9.1\i386-mingw32\enc\trans\utf_16_32.so
2016-01-03 18:06 - 2016-01-03 18:06 - 00095744 _____ () C:\Users\installation\AppData\Local\Temp\ocrBE2.tmp\lib\ruby\1.9.1\i386-mingw32\enc\trans\single_byte.so
2016-01-03 18:08 - 2016-01-03 18:08 - 00026624 _____ () C:\Users\installation\AppData\Local\Temp\ocrBE2.tmp\lib\ruby\gems\1.9.1\gems\win32-api-1.5.0-universal-mingw32\lib\win32\ruby19\win32\api.so
2015-10-22 03:40 - 2015-12-01 15:21 - 00815104 _____ () C:\Program Files\pia_manager\pia_tray\runtime\1.2.0.RC6d\khost.dll
2015-10-22 03:40 - 2015-12-01 15:22 - 01198592 _____ () C:\Program Files\pia_manager\pia_tray\runtime\1.2.0.RC6d\PocoFoundation.dll
2015-10-22 03:40 - 2015-12-01 15:20 - 00745472 _____ () C:\Program Files\pia_manager\pia_tray\runtime\1.2.0.RC6d\CFLite.dll
2015-10-22 03:40 - 2015-12-01 15:26 - 00059904 _____ () C:\Program Files\pia_manager\pia_tray\runtime\1.2.0.RC6d\zlib1.dll
2015-10-22 03:40 - 2015-12-01 15:22 - 01234944 _____ () C:\Program Files\pia_manager\pia_tray\runtime\1.2.0.RC6d\libxml2.dll
2015-10-22 03:39 - 2015-12-01 15:20 - 00200704 _____ () C:\Program Files\pia_manager\pia_tray\modules\tiapp\1.2.0.RC6d\tiappmodule.dll
2015-10-22 03:40 - 2015-12-01 15:22 - 00290816 _____ () C:\Program Files\pia_manager\pia_tray\runtime\1.2.0.RC6d\PocoUtil.dll
2015-10-22 03:40 - 2015-12-01 15:22 - 00511488 _____ () C:\Program Files\pia_manager\pia_tray\runtime\1.2.0.RC6d\PocoXML.dll
2015-10-22 03:39 - 2015-12-01 15:20 - 00180224 _____ () C:\Program Files\pia_manager\pia_tray\modules\tifilesystem\1.2.0.RC6d\tifilesystemmodule.dll
2015-10-22 03:40 - 2015-12-01 15:20 - 00344064 _____ () C:\Program Files\pia_manager\pia_tray\modules\tiui\1.2.0.RC6d\tiuimodule.dll
2015-10-22 03:39 - 2015-12-01 15:20 - 00368640 _____ () C:\Program Files\pia_manager\pia_tray\modules\tinetwork\1.2.0.RC6d\tinetworkmodule.dll
2015-10-22 03:40 - 2015-12-01 15:22 - 00642048 _____ () C:\Program Files\pia_manager\pia_tray\runtime\1.2.0.RC6d\PocoNet.dll
2015-10-22 03:40 - 2015-12-01 15:20 - 00217088 _____ () C:\Program Files\pia_manager\pia_tray\modules\tiprocess\1.2.0.RC6d\tiprocessmodule.dll
2015-12-02 08:58 - 2015-11-16 10:32 - 00919040 _____ () C:\Windows\mod_frst.exe

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)


==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\.Winhlpsvr => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ipnpf.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\.Winhlpsvr => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\ipnpf.sys => ""="Driver"

==================== EXE Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)

IE trusted site: HKU\S-1-5-21-2085024141-2439579769-4020783274-1004\...\dell.com -> dell.com

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-13 18:34 - 2016-01-01 11:33 - 00001008 ____A C:\Windows\system32\Drivers\etc\hosts

127.0.0.1 u2a1376gf-43ty-245b.com
127.0.0.1 www.v19170dc0-7597-11d.com
127.0.0.1 v19170dc0-7597-11d.com
127.0.0.1 www.d2a1376gf-43ty-245a.com
127.0.0.1 d2a1376gf-43ty-245a.com

==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-2085024141-2439579769-4020783274-1004\Control Panel\Desktop\\Wallpaper -> C:\Users\installation\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 209.222.18.222 - 209.222.18.218
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 2) (ConsentPromptBehaviorUser: 0) (EnableLUA: 0)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)

MSCONFIG\Services: ACDaemon => 2
MSCONFIG\Services: AdobeARMservice => 2
MSCONFIG\Services: AdobeFlashPlayerUpdateSvc => 3
MSCONFIG\Services: AeLookupSvc => 3
MSCONFIG\Services: AMD External Events Utility => 2
MSCONFIG\Services: AppIDSvc => 3
MSCONFIG\Services: Application Updater => 2
MSCONFIG\Services: AppMgmt => 3
MSCONFIG\Services: aspnet_state => 3
MSCONFIG\Services: Ati External Event Utility => 2
MSCONFIG\Services: AxAutoMntSrv => 2
MSCONFIG\Services: BITS => 3
MSCONFIG\Services: Browser => 3
MSCONFIG\Services: bthserv => 3
MSCONFIG\Services: CrossLoopService => 2
MSCONFIG\Services: defragsvc => 3
MSCONFIG\Services: DPS => 2
MSCONFIG\Services: EzVpnSvc => 2
MSCONFIG\Services: fdPHost => 3
MSCONFIG\Services: FDResPub => 2
MSCONFIG\Services: FreemakeVideoCapture => 2
MSCONFIG\Services: gupdate => 2
MSCONFIG\Services: gupdatem => 3
MSCONFIG\Services: HomeGroupListener => 2
MSCONFIG\Services: HomeGroupProvider => 2
MSCONFIG\Services: hshld => 2
MSCONFIG\Services: HssSrv => 2
MSCONFIG\Services: HssTrayService => 3
MSCONFIG\Services: HssWd => 2
MSCONFIG\Services: iphlpsvc => 2
MSCONFIG\Services: iPod Service => 3
MSCONFIG\Services: KeyIso => 3
MSCONFIG\Services: LeapFrog Connect Device Service => 2
MSCONFIG\Services: MemeoBackgroundService => 2
MSCONFIG\Services: MozillaMaintenance => 3
MSCONFIG\Services: NETGEARGenieDaemon => 3
MSCONFIG\Services: NvNetworkService => 2
MSCONFIG\Services: NvStreamSvc => 2
MSCONFIG\Services: nvsvc => 2
MSCONFIG\Services: p2pimsvc => 3
MSCONFIG\Services: p2psvc => 3
MSCONFIG\Services: PcaSvc => 2
MSCONFIG\Services: PNRPsvc => 3
MSCONFIG\Services: SeagateDashboardService => 2
MSCONFIG\Services: Stereo Service => 2
MSCONFIG\Services: TabletInputService => 3
MSCONFIG\Services: TrkWks => 2
MSCONFIG\Services: UDisk Monitor => 2
MSCONFIG\Services: wuauserv => 2
MSCONFIG\startupreg: AddressBookReminderApp => F:\Program Files (x86)\Creative Home\Hallmark Card Studio 2012 Deluxe\ReminderApp.exe
MSCONFIG\startupreg: Adobe ARM => "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
MSCONFIG\startupreg: AlcoholAutomount => "C:\Program Files (x86)\Alcohol 120\AxAutoMntSrv.exe" -automount
MSCONFIG\startupreg: ArcSoft Connection Service => C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
MSCONFIG\startupreg: BCSSync => "C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServices
MSCONFIG\startupreg: Google Update => "C:\Users\installation\AppData\Local\Google\Update\GoogleUpdate.exe" /c
MSCONFIG\startupreg: GrooveMonitor => "C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe"
MSCONFIG\startupreg: HotKeysCmds => C:\Windows\system32\hkcmd.exe
MSCONFIG\startupreg: IgfxTray => C:\Windows\system32\igfxtray.exe
MSCONFIG\startupreg: Monitor => "C:\Program Files (x86)\LeapFrog\LeapFrog Connect\Monitor.exe"
MSCONFIG\startupreg: NETGEARGenie => "C:\Program Files (x86)\NETGEAR Genie\bin\NETGEARGenie.exe" -mini -redirect
MSCONFIG\startupreg: NvBackend => "C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe"
MSCONFIG\startupreg: Nvtmru => "C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\nvtmru.exe"
MSCONFIG\startupreg: Persistence => C:\Windows\system32\igfxpers.exe
MSCONFIG\startupreg: QuickTime Task => "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
MSCONFIG\startupreg: REGSHAVE => C:\Program Files (x86)\REGSHAVE\REGSHAVE.EXE /AUTORUN
MSCONFIG\startupreg: Seagate Dashboard => C:\Program Files (x86)\Seagate\Seagate Dashboard\MemeoLauncher.exe --silent --no_ui
MSCONFIG\startupreg: SearchSettings => "C:\Program Files (x86)\Common Files\Spigot\Search Settings\SearchSettings.exe"
MSCONFIG\startupreg: ShadowPlay => C:\Windows\system32\rundll32.exe C:\Windows\system32\nvspcap64.dll,ShadowPlayOnSystemStart
MSCONFIG\startupreg: StartCCC => "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe"
MSCONFIG\startupreg: SunJavaUpdateSched => "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [VirtualPC-In-UDP-1] => (Allow) %SystemRoot%\System32\vpc.exe
FirewallRules: [VirtualPC-In-UDP-2] => (Allow) %SystemRoot%\System32\vpc.exe
FirewallRules: [VirtualPC-In-TCP-1] => (Allow) %SystemRoot%\System32\vpc.exe
FirewallRules: [{47670542-3CFD-41AE-A1F3-960DADA63E0F}] => (Allow) C:\ProgramData\TVersity\Media Server\MediaServer.exe
FirewallRules: [{72321F47-78C3-4BB0-9166-D666C81328F7}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{0DE2BD88-E191-491B-A338-D6EDC26038CB}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{9F051C01-C3D9-4ED8-AB4E-4818905D3C36}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{9E4DC2E1-FAFE-41CC-9167-C314CE1B9A61}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{DBBE3318-71F1-4178-BC19-499AD5FACDD0}] => (Allow) C:\Program Files (x86)\Activision\Spider-Man - Web of Shadows\image\pc\Spider-Man Web of Shadows.exe
FirewallRules: [{5B794351-32D6-4ADB-BFF3-AD99A5DE3140}] => (Allow) C:\Program Files (x86)\Activision\Spider-Man - Web of Shadows\image\pc\Spider-Man Web of Shadows.exe
FirewallRules: [TCP Query User{B14BCF1A-D8C2-4E90-AC85-2D34DDAB9CBA}C:\program files (x86)\netgear genie\bin\netgeargenie.exe] => (Allow) C:\program files (x86)\netgear genie\bin\netgeargenie.exe
FirewallRules: [UDP Query User{DFA0AB28-939F-46FB-838F-289AF1793492}C:\program files (x86)\netgear genie\bin\netgeargenie.exe] => (Allow) C:\program files (x86)\netgear genie\bin\netgeargenie.exe
FirewallRules: [TCP Query User{AEAC346E-2792-44E7-870A-A5E7142228E3}C:\program files (x86)\netgear genie\bin\netgeargenie.exe] => (Block) C:\program files (x86)\netgear genie\bin\netgeargenie.exe
FirewallRules: [UDP Query User{A13AF60B-0D61-4533-9306-C63DF74D5F42}C:\program files (x86)\netgear genie\bin\netgeargenie.exe] => (Block) C:\program files (x86)\netgear genie\bin\netgeargenie.exe
FirewallRules: [{AE5B0F0D-2D15-459D-B689-72243788ABB4}] => (Allow) LPort=5910
FirewallRules: [{7C897023-B661-4F2E-81A3-25E9F9FB85DE}] => (Allow) C:\Program Files (x86)\Seagate\Seagate Dashboard\HipServAgent\HipServAgent.exe
FirewallRules: [{E06981CC-B31E-426B-B18C-313A35572EA7}] => (Allow) C:\Windows\SysWOW64\msiexec.exe
FirewallRules: [{7F094575-818B-4A60-8270-BC1516EEA445}] => (Allow) C:\Windows\SysWOW64\msiexec.exe
FirewallRules: [{6957C300-76B9-4EC5-8BAD-477091278A72}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
FirewallRules: [{220E9DAC-4B93-4CD6-8C10-FC973552C112}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
FirewallRules: [{50B1BD4B-8078-48FA-8A8D-26CE465BF153}] => (Allow) F:\Program Files (x86)\TMNT-OotS\Binaries\Win32\TMNT-OotS.exe
FirewallRules: [{97218FAD-96C2-4ED6-BE7C-F475A52966A7}] => (Allow) F:\Program Files (x86)\TMNT-OotS\Binaries\Win32\TMNT-OotS.exe
FirewallRules: [{1BC46672-A402-47AD-84D0-9A309B9EDE8F}] => (Allow) F:\Program Files (x86)\TMNT-OotS\Binaries\Win32\TMNT-OotS.exe
FirewallRules: [{ECE481EB-C443-4F5A-BA4E-A6793D5B11D8}] => (Allow) F:\Program Files (x86)\TMNT-OotS\Binaries\Win32\TMNT-OotS.exe
FirewallRules: [{0A064C61-D2CD-42A1-8ED0-782A5D741B15}] => (Block) F:\Program Files (x86)\TMNT-OotS\Binaries\Win32\TMNT-OotS.exe
FirewallRules: [{6BD90AC0-8E03-48D7-AEFA-17A55FDD51E5}] => (Allow) F:\Program Files (x86)\Nero\Nero Blu-ray Player\Blu-rayPlayer.exe
FirewallRules: [{C2622637-5AE8-4FA5-9BAC-3F4F14A7074F}] => (Allow) F:\Program Files (x86)\Nero\Nero Blu-ray Player\Blu-rayPlayer.exe
FirewallRules: [{F0DB37E1-5079-451F-B88D-0114ECFA7290}] => (Allow) F:\Program Files (x86)\Nero\KM\NMDllHost.exe
FirewallRules: [{35A3987B-9195-43D0-91DD-4E7925D113CC}] => (Allow) F:\Program Files (x86)\Nero\KM\NMDllHost.exe
FirewallRules: [{06851F4C-1A06-4187-80E7-46CAF5819331}] => (Block) F:\Program Files (x86)\VSO\ConvertX\5\ConvertXtoDvd.exe
FirewallRules: [{CA4AD212-8CB9-4F92-8150-E2D3BAF44A72}] => (Block) F:\Program Files (x86)\VSO\ConvertX\5\ConvertXtoDvd.exe
FirewallRules: [TCP Query User{0355175E-0613-43E0-B32E-042CAA29C101}F:\program files (x86)\nero\km\nmdllhost.exe] => (Allow) F:\program files (x86)\nero\km\nmdllhost.exe
FirewallRules: [UDP Query User{B8B28EFE-C760-4851-8AF6-CDB5C8901085}F:\program files (x86)\nero\km\nmdllhost.exe] => (Allow) F:\program files (x86)\nero\km\nmdllhost.exe
FirewallRules: [{0C2295A0-1B3B-4D76-8FC1-D4D588448153}] => (Block) %ProgramFiles% (x86)\LEGO MARVEL Super Heroes\LEGOMARVEL.exe
FirewallRules: [{6643FD6A-1AD3-469D-A5F5-C03B0F9F8622}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
FirewallRules: [{3FFC02DA-A178-440B-B6C6-D9EECBC0DFB9}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
FirewallRules: [{22118844-07E6-4397-B0CB-2DB0FDBDF9AC}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [{0F87DA45-9753-48FD-846B-626D2754CA63}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [{8CFA6F8A-132A-45F9-8735-35BD3026D917}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
FirewallRules: [{C562A5BC-438B-4F5C-BCD7-E49DF6A20B92}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [{7D6A1922-EF8C-4458-843F-5C564DA2AF26}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [{41C52425-87B1-460B-BABC-F64D1B464E95}] => (Allow) f:\Program Files (x86)\BitTorrent Sync\BTSync.exe
FirewallRules: [{1F17F2CB-2A49-4B6E-B563-A966F297DC56}] => (Allow) f:\Program Files (x86)\BitTorrent Sync\BTSync.exe
FirewallRules: [{C683904A-9CD3-4A53-89FF-E6D25CF3AFD0}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
FirewallRules: [{9F0F6312-9B5B-4D97-AF29-89E27D00EE83}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
FirewallRules: [{99FC6066-59AD-446A-8999-74EB66D597EB}] => (Block) %SystemRoot%\explorer.exe
FirewallRules: [{E862003E-4349-4083-B834-4A6FBB15378A}] => (Allow) LPort=9235
FirewallRules: [{35290079-B287-4D4A-B143-ADAA1546FB13}] => (Allow) LPort=9235
FirewallRules: [{DCF58F0F-3F0F-42B8-8E81-10609CDEC401}] => (Allow) LPort=9237
FirewallRules: [{F3890F0C-C417-40FB-9E09-66ECC4BA10B5}] => (Allow) LPort=9237
FirewallRules: [{C52C3125-7E5C-4A72-B60C-D708CAA8D8D6}] => (Allow) LPort=8643
FirewallRules: [{C5ECD48F-8584-4D54-812F-D674A9543EA7}] => (Allow) LPort=8200
FirewallRules: [{CDC8793A-5E06-48F3-9A31-E8F123C15358}] => (Allow) LPort=8226
FirewallRules: [{28E794F8-3A3C-45BF-902B-7A72EAC0387F}] => (Allow) LPort=9235
FirewallRules: [{EA8A32E3-0F12-4CB0-B333-B845BA79E059}] => (Allow) LPort=9235
FirewallRules: [{83D142AA-FB71-41C3-80F7-7F88CAF893D0}] => (Allow) LPort=9237
FirewallRules: [{EDAC357A-6BD9-4AA4-A88B-766C07601CA1}] => (Allow) LPort=9237
FirewallRules: [{F6376C2F-D1CF-43F0-A231-83E81756FCD4}] => (Allow) LPort=8643
FirewallRules: [{1F20104D-F725-437E-91F2-E965E400CE81}] => (Allow) LPort=8200
FirewallRules: [{0254D3B2-E0A3-474E-9D31-FB64302EC393}] => (Allow) LPort=8226
FirewallRules: [{4A5D6547-12B5-4D39-A0F8-73289DABA55F}] => (Allow) C:\Program Files (x86)\iTunes\iTunes.exe
FirewallRules: [{F156007D-48B7-4869-B588-634D116B48A3}] => (Allow) C:\Program Files (x86)\LeapFrog\LeapFrog Connect\LeapfrogConnect.exe
FirewallRules: [{136DE497-6DFC-4831-AF0E-D242E90E26D2}] => (Allow) C:\Program Files (x86)\Vuze\Azureus.exe
FirewallRules: [{C6DE58D6-8311-4E8D-85EB-BEE993861010}] => (Allow) C:\Program Files (x86)\Vuze\Azureus.exe
FirewallRules: [{E95FC471-48EA-47B8-8C6F-E45F7A6796E7}] => (Allow) C:\ProgramData\TVersity\Media Server\MediaServer.exe
FirewallRules: [{1092EE65-33D1-4646-8121-0CA5E70DED49}] => (Allow) C:\Program Files\Trust.Zone VPN Client\vpnclient_x64.exe
FirewallRules: [{2E7F85D5-61B0-4283-AE76-3E55738D8841}] => (Allow) C:\Program Files\Trust.Zone VPN Client\vpnclient.exe
FirewallRules: [{FFB07815-6280-4BAD-85A6-D9A88494281F}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\outlook.exe
FirewallRules: [{A08EDC01-FC0B-45FF-A6AD-0E6E3ED9E970}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\Lync.exe
FirewallRules: [{92144329-3E6B-413D-BA3B-79A510D08BE4}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\Lync.exe
FirewallRules: [{5B44AFAE-26E2-40D3-9698-67C4C8A9B457}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\UcMapi.exe
FirewallRules: [{050828F7-48A8-4E3C-B0D5-21667AA9ED28}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\UcMapi.exe
FirewallRules: [{2E88A188-CEC3-4CB1-A58B-CD74E2AF5533}] => (Allow) C:\Program Files\HP\HP Deskjet 2540 series\Bin\DeviceSetup.exe
FirewallRules: [{08CE264A-3919-4A36-A714-C50E165733B2}] => (Allow) LPort=5357
FirewallRules: [{E5231F65-DEC9-48A0-A7A8-3AB1DF1224C3}] => (Allow) C:\Program Files\HP\HP Deskjet 2540 series\Bin\HPNetworkCommunicatorCom.exe
FirewallRules: [{BAE82953-0968-4B4A-8EEF-5F07DAE96551}] => (Allow) C:\Program Files (x86)\Vuze\Azureus.exe
FirewallRules: [{464A1D38-E18C-494A-B33F-1ADA0A913494}] => (Allow) C:\Program Files (x86)\Vuze\Azureus.exe
FirewallRules: [{FAA05BCC-47B5-4A33-AC1A-7F6F9F53E7F7}] => (Allow) C:\Users\installation\AppData\Local\Google\Chrome\Application\chrome.exe
FirewallRules: [{7F333B4C-6395-4E47-8F2A-BB31E30A23C3}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe
FirewallRules: [{DCD84B7F-A404-4DBF-907E-8A92EF00ABAB}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe
FirewallRules: [{88552AFF-485B-42C7-9D62-E7DB03AC8A34}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe
FirewallRules: [{7CA34255-A762-472A-8734-4241EE552196}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [{98B9197E-C3E6-4F65-88F4-AC8F0EBAB931}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [{3A79BCDB-C9DA-4DE6-AF50-EDE80FA1FCD0}] => (Allow) C:\Program Files (x86)\qBittorrent\qbittorrent.exe
FirewallRules: [{07D0490A-4138-4C12-A854-BFD5739DF7F2}] => (Allow) C:\Program Files (x86)\qBittorrent\qbittorrent.exe
FirewallRules: [{360578C8-D073-4D59-84A9-A1DF44B0BA36}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe
FirewallRules: [{242EEB33-3541-4C71-8120-0CD5F810D250}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe

==================== Restore Points =========================

19-12-2015 23:21:51 Installed ESET Smart Security
20-12-2015 19:43:50 Windows Backup
25-12-2015 19:10:07 Restore Operation
30-12-2015 15:30:24 Removed Java 8 Update 65
03-01-2016 17:38:59 After installing Advanced Uninstaller PRO

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (01/03/2016 06:12:58 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: mDNSCoreReceiveResponse: Unexpected conflict discarding   12 6.1.168.192.in-addr.arpa. PTR Pals.local.

Error: (01/03/2016 06:12:58 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: mDNSCoreReceiveResponse: Received from 192.168.1.6:5353   14 6.1.168.192.in-addr.arpa. PTR Pals-2.local.

Error: (01/03/2016 06:12:58 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: mDNSCoreReceiveResponse: Unexpected conflict discarding   12 6.1.147.10.in-addr.arpa. PTR Pals.local.

Error: (01/03/2016 06:12:58 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: mDNSCoreReceiveResponse: Received from 10.147.1.6:5353   14 6.1.147.10.in-addr.arpa. PTR Pals-2.local.

Error: (01/03/2016 06:04:16 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: mDNSCoreReceiveResponse: Unexpected conflict discarding   12 6.1.168.192.in-addr.arpa. PTR Pals.local.

Error: (01/03/2016 06:04:16 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: mDNSCoreReceiveResponse: Received from 192.168.1.6:5353   14 6.1.168.192.in-addr.arpa. PTR Pals-2.local.

Error: (01/02/2016 05:05:26 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: mDNSCoreReceiveResponse: Unexpected conflict discarding   12 6.1.168.192.in-addr.arpa. PTR Pals.local.

Error: (01/02/2016 05:05:26 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: mDNSCoreReceiveResponse: Received from 192.168.1.6:5353   14 6.1.168.192.in-addr.arpa. PTR Pals-2.local.

Error: (01/02/2016 03:26:22 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: mDNSCoreReceiveResponse: Unexpected conflict discarding   12 6.1.168.192.in-addr.arpa. PTR Pals.local.

Error: (01/02/2016 03:26:22 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: mDNSCoreReceiveResponse: Received from 192.168.1.6:5353   14 6.1.168.192.in-addr.arpa. PTR Pals-2.local.


System errors:
=============
Error: (01/03/2016 06:03:53 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The WLAN AutoConfig service depends on the Extensible Authentication Protocol service which failed to start because of the following error:
%%1068

Error: (01/03/2016 06:03:53 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Extensible Authentication Protocol service depends on the CNG Key Isolation service which failed to start because of the following error:
%%1058

Error: (01/03/2016 05:59:51 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The WLAN AutoConfig service depends on the Extensible Authentication Protocol service which failed to start because of the following error:
%%1068

Error: (01/03/2016 05:59:51 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Extensible Authentication Protocol service depends on the CNG Key Isolation service which failed to start because of the following error:
%%1058

Error: (01/03/2016 05:41:33 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Trust.Zone VPN Client service failed to start due to the following error:
%%2

Error: (01/03/2016 05:41:23 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Trust.Zone VPN Client service terminated unexpectedly.  It has done this 8624 time(s).  The following corrective action will be taken in 10000 milliseconds: Restart the service.

Error: (01/03/2016 05:41:13 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Trust.Zone VPN Client service terminated unexpectedly.  It has done this 8623 time(s).  The following corrective action will be taken in 10000 milliseconds: Restart the service.

Error: (01/03/2016 05:41:02 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Trust.Zone VPN Client service terminated unexpectedly.  It has done this 8622 time(s).  The following corrective action will be taken in 10000 milliseconds: Restart the service.

Error: (01/03/2016 05:40:52 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Trust.Zone VPN Client service terminated unexpectedly.  It has done this 8621 time(s).  The following corrective action will be taken in 10000 milliseconds: Restart the service.

Error: (01/03/2016 05:40:41 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Trust.Zone VPN Client service terminated unexpectedly.  It has done this 8620 time(s).  The following corrective action will be taken in 10000 milliseconds: Restart the service.


CodeIntegrity:
===================================
  Date: 2016-01-03 18:14:54.666
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\hmpalert.dll because the set of per-page image hashes could not be found on the system.

  Date: 2016-01-03 17:59:49.447
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\hmpalert.dll because the set of per-page image hashes could not be found on the system.

  Date: 2016-01-03 17:58:24.293
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\hmpalert.dll because the set of per-page image hashes could not be found on the system.

  Date: 2016-01-03 17:39:35.446
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\hmpalert.dll because the set of per-page image hashes could not be found on the system.

  Date: 2016-01-02 17:12:19.492
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\hmpalert.dll because the set of per-page image hashes could not be found on the system.

  Date: 2016-01-02 17:01:44.776
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\hmpalert.dll because the set of per-page image hashes could not be found on the system.

  Date: 2016-01-02 16:57:35.380
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\hmpalert.dll because the set of per-page image hashes could not be found on the system.

  Date: 2016-01-02 15:22:46.961
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\hmpalert.dll because the set of per-page image hashes could not be found on the system.

  Date: 2016-01-02 14:40:25.085
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\hmpalert.dll because the set of per-page image hashes could not be found on the system.

  Date: 2016-01-02 14:18:56.756
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\hmpalert.dll because the set of per-page image hashes could not be found on the system.


==================== Memory info ===========================

Processor: Intel® Pentium® Dual CPU E2180 @ 2.00GHz
Percentage of memory in use: 43%
Total physical RAM: 4094.18 MB
Available physical RAM: 2299.45 MB
Total Virtual: 5625.36 MB
Available Virtual: 3572.89 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:309.5 GB) (Free:86.93 GB) NTFS ==>[drive with boot components (obtained from BCD)]
Drive e: (FreeAgent GoFlex Drive) (Fixed) (Total:698.71 GB) (Free:283.56 GB) NTFS
Drive f: (Windowsxp) (Fixed) (Total:156.26 GB) (Free:5.11 GB) NTFS
Drive g: (music and pictures) (Fixed) (Total:307.93 GB) (Free:302.07 GB) NTFS
Drive h: (movies) (Fixed) (Total:390.62 GB) (Free:217.44 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows XP) (Size: 465.8 GB) (Disk ID: D0F4738C)
Partition 1: (Active) - (Size=309.5 GB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=156.3 GB) - (Type=07 NTFS)

========================================================
Disk: 1 (MBR Code: Windows 7 or 8) (Size: 1397.3 GB) (Disk ID: 75D53715)
Partition 1: (Not Active) - (Size=698.7 GB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=307.9 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=390.6 GB) - (Type=07 NTFS)

==================== End of Addition.txt ============================



#13 nasdaq

nasdaq

  • Malware Response Team
  • 40,169 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:01:51 PM

Posted 04 January 2016 - 11:25 AM



Press the windows key Windows_Logo_key.gif+ r on your keyboard at the same time. This will open the RUN BOX.
Type Notepad and and click the OK key.
Please copy the entire contents of the code box below to the a new file.


start

CreateRestorePoint:
EmptyTemp:
CloseProcesses:

(hxxp://www.ruby-lang.org/) C:\Users\installation\AppData\Local\Temp\ocr5CDE.tmp\bin\rubyw.exe
(hxxp://www.ruby-lang.org/) C:\Users\installation\AppData\Local\Temp\ocrBE2.tmp\bin\rubyw.exe
FF Plugin-x32: @real.com/nppl3260;version=16.0.1.18 -> c:\program files (x86)\real\realplayer\Netscape6\nppl3260.dll [No File]
FF Plugin-x32: @real.com/nprpplugin;version=16.0.1.18 -> c:\program files (x86)\real\realplayer\Netscape6\nprpplugin.dll [No File]
S4 RealNetworks Downloader Resolver Service; "C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe" [X]
S4 TZVPNCLIENT; "C:\Program Files\Trust.Zone VPN Client\vpnclient_x64.exe" /service [X]
U3 ac4u73yb; C:\Windows\System32\Drivers\ac4u73yb.sys [0 ] (Microsoft Corporation) <==== ATTENTION (zero byte File/Folder)
C:\Users\installation\AppData\Local\Temp\ocr5CDE.tmp
C:\Users\installation\AppData\Local\Temp\ocrBE2.tmp
C:\Windows\System32\Drivers\ac4u73yb.sys

End
Save the file as fixlist.txt in the same folder where the Farbar tool is running from.
The location is listed in the 3rd line of the Farbar log you have submitted.

Run FRST and click Fix only once and wait.

Restart the computer normally to reset the registry.

The tool will create a log (Fixlog.txt) please post it to your reply.
===

If the problem persists then the issue is not caused by malware.

It may be a network setting.

Some issues are covered in this topic.

https://supportforums.cisco.com/discussion/11823236/netflix-streaming-issue-isa550

From here on I can only suggest you start a new topic in the Networking forum.
http://www.bleepingcomputer.com/forums/f/21/networking/

To help the helper I suggest your download and run this tool.
Post the log in the new topic.

http://www.bleepingcomputer.com/forums/f/21/networking/
===

Before I leave I have one more suggestion.
Did you try to run Netflix with the AV and or the Firewall disable?

#14 jouster007

jouster007
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:09:51 AM

Posted 05 January 2016 - 08:07 AM

Thank you Nasdaq for all your help. I ran the fixlog as you instructed, reboot, still didn't take care of the issue. I attempted to disable both the firewall and antivirus protection (Eset 9), no change. So I went through did a side by side services and processes comparison from safe mode to normal mode tried to mimic as close to safe mode as possible (no change) there were some services I could not stop IE, Eset and handful of others. Out of desperation I went ahead and uninstalled Eset Internet and Security 9.0 and lo behold the issue went away. Netflix was accessible and working properly as well as other security sites. I will have my friend work it out with Eset to figure out why their program is preventing Netflix from streaming.

 

You can go ahead and consider this issue resolved. I do apologize for spending so much of your time trying to fix something that appeared after all not to be.

 

-Jouster-



#15 nasdaq

nasdaq

  • Malware Response Team
  • 40,169 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:01:51 PM

Posted 05 January 2016 - 09:53 AM

Glad we could help.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users