busychild

Hello, here is the link to the original thread that I started: https://forums.malwarebytes.org/index.php?/topic/164954-vista-problems-after-running-adwcleaner-4110/ Malwarebytes scans came all clean. Then i ran Farbar Recovery Scan Tool. Here are the logs: FIRST.txt Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 15-02-2015 Ran by TEDi (administrator) on TEDI-PC on 17-02-2015 20:10:26 Running from C:\Users\TEDi\Desktop Loaded Profiles: TEDi (Available profiles: TEDi) Platform: Microsoft® Windows Vista™ Ultimate Service Pack 2 (X86) OS Language: English (United States) Internet Explorer Version 9 (Default browser: FF) Boot Mode: Normal Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) (AMD) C:\Windows\System32\atiesrxx.exe (Microsoft Corporation) C:\Windows\System32\SLsvc.exe (AMD) C:\Windows\System32\atieclxx.exe (Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\sched.exe (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe (Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Microsoft Corporation) C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe (Microsoft Corporation) C:\Windows\System32\dllhost.exe (Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe (NETGEAR Inc.) C:\Program Files\NETGEAR Genie\bin\NETGEARGenie.exe (Advanced Micro Devices Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe (Acronis) C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe (Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avguard.exe (Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe () C:\Program Files\BWMeter\BWMeterConSvc.exe (Malwarebytes Corporation) C:\Program Files\Malwarebytes Anti-Malware\mbamscheduler.exe (Malwarebytes Corporation) C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe (NETGEAR) C:\Program Files\NETGEAR Genie\bin\NETGEARGenieDaemon.exe (Nitro PDF Software) C:\Program Files\Nitro PDF\Professional\NitroPDFDriverService.exe (Nalpeiron Ltd.) C:\Windows\System32\NLSSRV32.EXE () C:\Program Files\HTC\Internet Pass-Through\PassThruSvr.exe (Alcatel-Lucent) C:\Program Files\Common Files\Motive\pcCMService.exe (Realtek) C:\Program Files\oem\11n USB Wireless LAN Utility\RtlService.exe (Malwarebytes Corporation) C:\Program Files\Malwarebytes Anti-Malware\mbam.exe (Copyright 2013 SAMSUNG) C:\Program Files\Samsung\Samsung Link\Samsung Link.exe (Realtek Semiconductor Corp.) C:\Program Files\oem\11n USB Wireless LAN Utility\RtWLan.exe (Copyright 2013 SAMSUNG) C:\Program Files\Samsung\Samsung Link\Samsung Link.exe (TuneUp Software) C:\Windows\System32\TUProgSt.exe (Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avshadow.exe (ATI Technologies Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe (Microsoft Corporation) C:\Windows\System32\mobsync.exe (Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe () C:\Program Files\NETGEAR Genie\bin\genie2_tray.exe (Samsung) C:\Program Files\Samsung\AllShare Framework DMS\1.3.17\AllShareFrameworkManagerDMS.exe (Samsung) C:\Program Files\Samsung\AllShare Framework DMS\1.3.17\AllShareFrameworkDMS.exe (Microsoft Corporation) C:\Windows\System32\conime.exe ==================== Registry (Whitelisted) ================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe [6793760 2009-02-17] (Realtek Semiconductor) HKLM\...\Run: [startCCC] => C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [61440 2009-03-17] (Advanced Micro Devices, Inc.) HKLM\...\Run: [] => [X] HKLM\...\Run: [avgnt] => C:\Program Files\Avira\AntiVir Desktop\avgnt.exe [347192 2013-09-11] (Avira Operations GmbH & Co. KG) HKLM\...\Run: [samsung Link] => C:\Program Files\Samsung\Samsung Link\Samsung Link Tray Agent.exe [567368 2013-09-03] (Copyright 2013 SAMSUNG) HKLM\...\Run: [Adobe ARM] => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1021128 2014-11-20] (Adobe Systems Incorporated) HKLM\...\Run: [GrooveMonitor] => C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe [31016 2006-10-27] (Microsoft Corporation) HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [157480 2014-10-15] (Apple Inc.) HKU\S-1-5-19\...\Run: [WindowsWelcomeCenter] => rundll32.exe oobefldr.dll,ShowWelcomeCenter HKU\S-1-5-20\...\Run: [WindowsWelcomeCenter] => rundll32.exe oobefldr.dll,ShowWelcomeCenter HKU\S-1-5-21-2466917097-4220814058-3705793299-1000\...\Run: [AdobeBridge] => [X] HKU\S-1-5-21-2466917097-4220814058-3705793299-1000\...\Run: [] => [X] HKU\S-1-5-21-2466917097-4220814058-3705793299-1000\...\Run: [NETGEARGenie] => C:\Program Files\NETGEAR Genie\bin\NETGEARGenie.exe [602880 2014-11-06] (NETGEAR Inc.) HKU\S-1-5-21-2466917097-4220814058-3705793299-1000\...\RunOnce: [Adobe Speed Launcher] => 1424225190 HKU\S-1-5-21-2466917097-4220814058-3705793299-1000\...\MountPoints2: N - N:\SETUP.EXE HKU\S-1-5-21-2466917097-4220814058-3705793299-1000\...\MountPoints2: {1122c263-5754-11e2-b93a-00241d21b7ae} - N:\LaunchU3.exe -a HKU\S-1-5-21-2466917097-4220814058-3705793299-1000\...\MountPoints2: {1c307b48-7926-11e0-802b-00241d21b7ae} - O:\LaunchU3.exe -a HKU\S-1-5-21-2466917097-4220814058-3705793299-1000\...\MountPoints2: {3aa5fe6c-2c0a-11e2-bfa4-00241d21b7ae} - S:\KODAK_Camera_Setup_App.exe Startup: C:\Users\TEDi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Seagate NA4JXZK0 Product Registration.lnk ShortcutTarget: Seagate NA4JXZK0 Product Registration.lnk -> C:\Users\TEDi\AppData\Roaming\Leadertech\PowerRegister\Seagate NA4JXZK0 Product Registration.exe (Leader Technologies/Seagate) ShellIconOverlayIdentifiers: [DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\TEDi\AppData\Roaming\Dropbox\bin\DropboxExt.19.dll (Dropbox, Inc.) ShellIconOverlayIdentifiers: [DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\TEDi\AppData\Roaming\Dropbox\bin\DropboxExt.19.dll (Dropbox, Inc.) ShellIconOverlayIdentifiers: [DropboxExt3] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\TEDi\AppData\Roaming\Dropbox\bin\DropboxExt.19.dll (Dropbox, Inc.) ShellIconOverlayIdentifiers: [DropboxExt4] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\TEDi\AppData\Roaming\Dropbox\bin\DropboxExt.19.dll (Dropbox, Inc.) CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION CHR HKU\S-1-5-21-2466917097-4220814058-3705793299-1000\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION ==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) HKU\S-1-5-21-2466917097-4220814058-3705793299-1000\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/ SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKU\S-1-5-21-2466917097-4220814058-3705793299-1000 -> DefaultScope {BC4F3A92-0CCD-4177-9192-6177A6C7BFCA} URL = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}&ie={inputEncoding}&oe={outputEncoding}&startIndex={startIndex?}&startPage={startPage} SearchScopes: HKU\S-1-5-21-2466917097-4220814058-3705793299-1000 -> {BC4F3A92-0CCD-4177-9192-6177A6C7BFCA} URL = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}&ie={inputEncoding}&oe={outputEncoding}&startIndex={startIndex?}&startPage={startPage} BHO: HP Print Enhancer -> {0347C33E-8762-4905-BF09-768834316C61} -> C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll (Hewlett-Packard Co.) BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation) BHO: Java Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_31\bin\ssv.dll (Oracle Corporation) BHO: Java Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_31\bin\jp2ssv.dll (Oracle Corporation) BHO: HP Smart BHO Class -> {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} -> C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll (Hewlett-Packard Co.) Toolbar: HKU\S-1-5-21-2466917097-4220814058-3705793299-1000 -> No Name - {8FF5E180-ABDE-46EB-B09E-D2AAB95CABE3} - No File DPF: {7191F0AC-D686-46A8-BFCC-EA61778C74DD} http://10.0.0.7/aplugLite.cab DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.8.0/jinstall-1_8_0_31-windows-i586.cab DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab DPF: {CAFEEFAC-0018-0000-0031-ABCDEFFEDCBA} http://java.sun.com/update/1.8.0/jinstall-1_8_0_31-windows-i586.cab DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.8.0/jinstall-1_8_0_31-windows-i586.cab DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation) Winsock: Catalog5 07 C:\Program Files\Bonjour\mdnsNSP.dll [121704] (Apple Inc.) Winsock: Catalog9 01 C:\Windows\system32\MyOSProtect.dll File Not found () Winsock: Catalog9 02 C:\Windows\system32\MyOSProtect.dll File Not found () Winsock: Catalog9 03 C:\Windows\system32\MyOSProtect.dll File Not found () Winsock: Catalog9 04 C:\Windows\system32\MyOSProtect.dll File Not found () Winsock: Catalog9 05 C:\Program Files\Avira\AntiVir Desktop\avsda.dll [258104] (Avira Operations GmbH & Co. KG) Winsock: Catalog9 06 C:\Program Files\Avira\AntiVir Desktop\avsda.dll [258104] (Avira Operations GmbH & Co. KG) Winsock: Catalog9 07 C:\Program Files\Avira\AntiVir Desktop\avsda.dll [258104] (Avira Operations GmbH & Co. KG) Winsock: Catalog9 08 C:\Program Files\Avira\AntiVir Desktop\avsda.dll [258104] (Avira Operations GmbH & Co. KG) Winsock: Catalog9 09 C:\Program Files\Avira\AntiVir Desktop\avsda.dll [258104] (Avira Operations GmbH & Co. KG) Winsock: Catalog9 10 C:\Program Files\Avira\AntiVir Desktop\avsda.dll [258104] (Avira Operations GmbH & Co. KG) Winsock: Catalog9 11 C:\Program Files\Avira\AntiVir Desktop\avsda.dll [258104] (Avira Operations GmbH & Co. KG) Winsock: Catalog9 12 C:\Program Files\Avira\AntiVir Desktop\avsda.dll [258104] (Avira Operations GmbH & Co. KG) Winsock: Catalog9 23 C:\Program Files\Avira\AntiVir Desktop\avsda.dll [258104] (Avira Operations GmbH & Co. KG) Winsock: Catalog9 25 C:\Windows\system32\MyOSProtect.dll File Not found () Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt Tcpip\Parameters: [DhcpNameServer] 10.0.0.1 FireFox: ======== FF ProfilePath: C:\Users\TEDi\AppData\Roaming\Mozilla\Firefox\Profiles\0az6boje.default-1350005085957 FF DefaultSearchEngine: Google FF Homepage: about:home FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF32_16_0_0_296.dll () FF Plugin: @Apple.com/iTunes,version=1.0 -> C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll () FF Plugin: @java.com/DTPlugin,version=11.31.2 -> C:\Windows\system32\npdeployJava1.dll (Oracle Corporation) FF Plugin: @java.com/JavaPlugin -> C:\Program Files\Java\jre1.8.0_31\bin\plugin2\npjp2.dll (Oracle Corporation) FF Plugin: @java.com/JavaPlugin,version=11.31.2 -> C:\Program Files\Java\jre1.8.0_31\bin\plugin2\npjp2.dll (Oracle Corporation) FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation) FF Plugin: @microsoft.com/WPF,version=3.5 -> C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation) FF Plugin: @Motive.com/NpMotive,version=1.0 -> C:\Program Files\ATT\8.3.1.7\ma\bin\npMotive.dll (Alcatel-Lucent) FF Plugin: @Motive.com/npMotiveRequest,version=1.0 -> C:\Program Files\Common Files\Motive\npMotiveRequest.dll (Alcatel-Lucent) FF Plugin: @nokia.com/EnablerPlugin -> C:\Program Files\Nokia\Nokia Suite\npNokiaSuiteEnabler.dll ( ) FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF Plugin: samsung.com/SamsungLinkPCPlugin -> C:\Program Files\Samsung\Samsung Link\utils\npSamsungLinkPCPlugin.dll (Samsung) FF Plugin HKU\S-1-5-21-2466917097-4220814058-3705793299-1000: @octoshape.com/Octoshape Streaming Services,version=1.0 -> C:\Users\TEDi\AppData\Roaming\Octoshape\Octoshape Streaming Services\sua-1101262-0-npoctoshape.dll (Octoshape ApS) FF Plugin HKU\S-1-5-21-2466917097-4220814058-3705793299-1000: samsung.com/SamsungLinkPCPlugin -> C:\Program Files\Samsung\Samsung Link\utils\npSamsungLinkPCPlugin.dll (Samsung) FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\np-mswmp.dll (Microsoft Corporation) FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npCouponPrinter.dll (Coupons, Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npMozCouponPrinter.dll (Coupons, Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\NPOFF12.DLL (Microsoft Corporation) FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.) FF Plugin ProgramFiles/Appdata: C:\Users\TEDi\AppData\Roaming\mozilla\plugins\npoctoshape.dll (Octoshape ApS) FF Extension: LogMeIn, Inc. Remote Access Plugin - C:\Users\TEDi\AppData\Roaming\Mozilla\Firefox\Profiles\0az6boje.default-1350005085957\Extensions\LogMeInClient@logmein.com [2014-11-04] FF Extension: DownloadHelper - C:\Users\TEDi\AppData\Roaming\Mozilla\Firefox\Profiles\0az6boje.default-1350005085957\Extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d} [2014-11-27] FF Extension: Who stole my pictures? - C:\Users\TEDi\AppData\Roaming\Mozilla\Firefox\Profiles\0az6boje.default-1350005085957\Extensions\images@wink.su.xpi [2014-03-29] FF Extension: Adblock Plus - C:\Users\TEDi\AppData\Roaming\Mozilla\Firefox\Profiles\0az6boje.default-1350005085957\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2012-12-23] FF Extension: BetterPrivacy - C:\Users\TEDi\AppData\Roaming\Mozilla\Firefox\Profiles\0az6boje.default-1350005085957\Extensions\{d40f5e7b-d2cf-4856-b441-cc613eeffbe3}.xpi [2012-12-23] FF Extension: Java Console - C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} [2015-01-27] FF Extension: Java Console - C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} [2015-01-27] FF Extension: Java Console - C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} [2015-01-27] FF Extension: Java Console - C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} [2015-01-27] FF Extension: Java Console - C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} [2015-01-27] FF Extension: Java Console - C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} [2015-01-27] FF Extension: Java Console - C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} [2015-01-27] FF Extension: Java Console - C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} [2015-01-27] FF Extension: Java Console - C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA} [2015-01-27] FF Extension: No Name - C:\Program Files\Mozilla Firefox\extensions\mcciwbch@motive.com.xpi [2015-01-27] FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension FF Extension: Microsoft .NET Framework Assistant - C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension [2009-05-18] FF HKLM\...\Firefox\Extensions: [smartwebprinting@hp.com] - C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 FF Extension: HP Smart Web Printing - C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2010-11-01] FF HKLM\...\Thunderbird\Extensions: [eplgTb@eset.com] - C:\Program Files\ESET\ESET NOD32 Antivirus\Mozilla Thunderbird FF HKU\S-1-5-21-2466917097-4220814058-3705793299-1000\...\Firefox\Extensions: [smartwebprinting@hp.com] - C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 Chrome: ======= CHR HKLM\...\Chrome\Extension: [edmgmpmklgfbohogafcfobonnkogchec] - C:\Program Files\Common Files\Motive\extensions\MotiveRequest.crx [2013-10-09] ========================== Services (Whitelisted) ================= (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) R2 AcrSch2Svc; C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe [618936 2009-01-20] (Acronis) R2 AllShare Framework DMS; C:\Program Files\Samsung\AllShare Framework DMS\1.3.17\AllShareFrameworkManagerDMS.exe [401800 2013-08-23] (Samsung) [File not signed] S2 AntiVirMailService; C:\Program Files\Avira\AntiVir Desktop\avmailc.exe [622648 2013-09-11] (Avira Operations GmbH & Co. KG) [File not signed] R2 AntiVirSchedulerService; C:\Program Files\Avira\AntiVir Desktop\sched.exe [84024 2013-09-11] (Avira Operations GmbH & Co. KG) [File not signed] R2 AntiVirService; C:\Program Files\Avira\AntiVir Desktop\avguard.exe [108088 2013-09-11] (Avira Operations GmbH & Co. KG) [File not signed] S2 AntiVirWebService; C:\Program Files\Avira\AntiVir Desktop\AVWEBGRD.EXE [815160 2013-09-11] (Avira Operations GmbH & Co. KG) [File not signed] S2 ATT MAHostService; C:\Program Files\ATT\8.3.1.7\ma\bin\MAHostService.exe [321024 2013-08-26] (Alcatel-Lucent) [File not signed] R2 BWMeterConSvc; C:\Program Files\BWMeter\BWMeterConSvc.exe [62464 2009-10-03] () [File not signed] S2 DisplayLinkService; C:\Program Files\DisplayLink Core Software\DisplayLinkManager.exe [4707688 2009-10-09] (DisplayLink Corp.) R3 hpqcxs08; C:\Program Files\HP\Digital Imaging\bin\hpqcxs08.dll [253568 2009-11-18] (Hewlett-Packard Co.) [File not signed] R2 hpqddsvc; C:\Program Files\HP\Digital Imaging\bin\hpqddsvc.dll [137344 2009-11-18] (Hewlett-Packard Co.) [File not signed] R2 MBAMScheduler; C:\Program Files\Malwarebytes Anti-Malware\mbamscheduler.exe [1871160 2014-11-21] (Malwarebytes Corporation) R2 MBAMService; C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe [969016 2014-11-21] (Malwarebytes Corporation) R2 Net Driver HPZ12; C:\Windows\system32\HPZinw12.dll [44544 2008-12-03] (Hewlett-Packard) [File not signed] R2 NETGEARGenieDaemon; C:\Program Files\NETGEAR Genie\bin\NETGEARGenieDaemon.exe [195840 2014-11-06] (NETGEAR) R2 NitroDriverReadSpool; C:\Program Files\Nitro PDF\Professional\NitroPDFDriverService.exe [196928 2011-03-21] (Nitro PDF Software) R2 PassThru Service; C:\Program Files\HTC\Internet Pass-Through\PassThruSvr.exe [80896 2011-03-31] () [File not signed] R2 pcCMService; C:\Program Files\Common Files\Motive\pcCMService.exe [369152 2013-03-02] (Alcatel-Lucent) [File not signed] R2 Pml Driver HPZ12; C:\Windows\system32\HPZipm12.dll [53760 2008-12-03] (Hewlett-Packard) [File not signed] R2 RealtekCU; C:\Program Files\oem\11n USB Wireless LAN Utility\RtlService.exe [36864 2010-04-16] (Realtek) [File not signed] R2 Samsung Link Service; C:\Program Files\Samsung\Samsung Link\Samsung Link.exe [574536 2013-09-03] (Copyright 2013 SAMSUNG) S2 ss_conn_service; C:\Program Files\SAMSUNG\USB Drivers\25_escape\conn\ss_conn_service.exe [741640 2014-06-16] (DEVGURU Co., LTD.) S2 TeamViewer; C:\Program Files\TeamViewer\TeamViewer_Service.exe [5429520 2015-01-30] (TeamViewer GmbH) S3 TuneUp.Defrag; C:\Windows\System32\TuneUpDefragService.exe [361216 2009-05-17] (TuneUp Software) R2 TuneUp.ProgramStatisticsSvc; C:\Windows\System32\TUProgSt.exe [604416 2009-05-17] (TuneUp Software) S4 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [272952 2008-01-20] (Microsoft Corporation) ==================== Drivers (Whitelisted) ==================== (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) R1 ArcSec; C:\Windows\System32\drivers\ArcSec.sys [192504 2010-09-21] () [File not signed] R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [88840 2013-09-11] (Avira Operations GmbH & Co. KG) R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [136672 2013-09-11] (Avira Operations GmbH & Co. KG) R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [37352 2013-04-01] (Avira Operations GmbH & Co. KG) S3 DisplayLinkUsbPort; C:\Windows\System32\DRIVERS\DisplayLinkUsbPort_5.2.21555.0.sys [21888 2010-02-27] (http://libusb-win32.sourceforge.net) R3 dlkmd; C:\Windows\system32\drivers\dlkmd.sys [164976 2009-10-09] (DisplayLink Corp.) R0 dlkmdldr; C:\Windows\System32\drivers\dlkmdldr.sys [13936 2009-10-09] (DisplayLink Corp.) S3 dsnpfd; C:\Windows\System32\DRIVERS\dsnpfd.sys [28552 2009-10-03] (DeskSoft) R3 dsnpfdMP; C:\Windows\System32\DRIVERS\dsnpfd.sys [28552 2009-10-03] (DeskSoft) S3 EGXFilter; C:\Windows\System32\drivers\egxfilter.sys [140800 2009-07-06] () S3 ENTECH; C:\Windows\system32\DRIVERS\ENTECH.sys [27672 2008-04-22] (EnTech Taiwan) S3 gdrv; C:\Windows\gdrv.sys [16608 2009-04-09] (Windows ® 2000 DDK provider) R0 giveio; C:\Windows\System32\giveio.sys [5248 1996-04-03] () [File not signed] R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [23256 2014-11-21] (Malwarebytes Corporation) R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [114904 2015-02-17] (Malwarebytes Corporation) R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [51928 2014-11-21] (Malwarebytes Corporation) S3 mr8980; C:\Windows\System32\DRIVERS\mr8980.sys [105856 2010-07-26] (Mars Semiconductor Corp.) [File not signed] S3 MREMP50; C:\Program Files\Common Files\Motive\MREMP50.sys [21248 2010-02-02] (Printing Communications Assoc., Inc. (PCAUSA)) [File not signed] S3 MRESP50; C:\Program Files\Common Files\Motive\MRESP50.sys [20096 2010-02-02] (Printing Communications Assoc., Inc. (PCAUSA)) [File not signed] R2 NPF; C:\Windows\system32\drivers\npf.sys [35088 2014-11-20] (CACE Technologies, Inc.) S3 RTL8187B; C:\Windows\System32\DRIVERS\RTL8187B.sys [281088 2007-07-18] (Realtek Semiconductor Corporation ) S3 RTL8192cu; C:\Windows\System32\DRIVERS\rtwlanu.sys [828520 2012-09-09] (Realtek Semiconductor Corporation ) R1 SCDEmu; C:\Windows\system32\Drivers\SCDEmu.sys [56108 2008-07-07] (PowerISO Computing, Inc.) [File not signed] S3 se32; C:\Windows\System32\drivers\se32.sys [12112 2007-05-03] (EnTech Taiwan) R0 snapman380; C:\Windows\System32\DRIVERS\snman380.sys [134272 2009-04-10] (Acronis) R0 speedfan; C:\Windows\System32\speedfan.sys [5248 2006-09-24] (Windows ® 2000 DDK provider) [File not signed] R1 ssmdrv; C:\Windows\System32\DRIVERS\ssmdrv.sys [28520 2012-08-27] (Avira GmbH) R0 tdrpman174; C:\Windows\System32\DRIVERS\tdrpm174.sys [971552 2009-04-10] (Acronis) R2 tifsfilter; C:\Windows\System32\DRIVERS\tifsfilt.sys [44704 2009-04-10] (Acronis) S3 xTouch; C:\Windows\System32\DRIVERS\xtouch.sys [125952 2009-07-06] () S1 archlp; system32\drivers\archlp.sys [X] S3 IpInIp; system32\DRIVERS\ipinip.sys [X] S3 lvpopflt; system32\DRIVERS\lvpopflt.sys [X] S3 LVUSBSta; system32\drivers\LVUSBSta.sys [X] S3 LVUVC; system32\DRIVERS\lvuvc.sys [X] S3 MREMPR5; \??\C:\PROGRA~1\COMMON~1\Motive\MREMPR5.SYS [X] S3 MRENDIS5; \??\C:\PROGRA~1\COMMON~1\Motive\MRENDIS5.SYS [X] S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [X] S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [X] S3 RimUsb; System32\Drivers\RimUsb.sys [X] U5 sertouch; C:\Windows\System32\Drivers\sertouch.sys [128512 2009-07-06] () ==================== NetSvcs (Whitelisted) =================== (If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.) ==================== One Month Created Files and Folders ======== (If an entry is included in the fixlist, the file\folder will be moved.) 2015-02-17 20:10 - 2015-02-17 20:11 - 00024538 _____ () C:\Users\TEDi\Desktop\FRST.txt 2015-02-17 20:10 - 2015-02-17 20:10 - 00000000 ____D () C:\FRST 2015-02-17 19:57 - 2015-02-17 18:57 - 01125888 _____ (Farbar) C:\Users\TEDi\Desktop\FRST.exe 2015-02-17 10:02 - 2015-02-17 10:02 - 00000000 ____D () C:\Users\TEDi\Desktop\yaru32.v.1.40.win 2015-02-16 16:22 - 2015-02-16 16:21 - 00966249 _____ () C:\Users\TEDi\Desktop\yaru32.v.1.40.win.zip 2015-02-11 13:28 - 2015-02-17 20:09 - 00014868 _____ () C:\Windows\WindowsUpdate.log 2015-02-06 15:31 - 2015-02-06 15:31 - 00000270 ____H () C:\Windows\Tasks\User_Feed_Synchronization-{82A5E1E0-5364-4602-87A7-2E9A61F48E9D}.job 2015-02-06 14:54 - 2015-02-16 17:01 - 00005430 _____ () C:\Users\TEDi\Desktop\AdwCleaner[s0].txt 2015-02-06 14:31 - 2015-02-06 14:31 - 02112512 _____ () C:\Users\TEDi\Downloads\adwcleaner_4.110.exe 2015-02-06 14:31 - 2015-02-06 14:31 - 02112512 _____ () C:\Users\TEDi\Desktop\adwcleaner_4.110.exe 2015-02-06 14:28 - 2015-02-06 14:28 - 00029259 _____ () C:\Users\TEDi\Downloads\lone-survivor_english-884959.zip 2015-02-06 14:26 - 2015-02-06 14:26 - 00039984 _____ () C:\Users\TEDi\Downloads\fury_english-1046799.zip 2015-02-03 11:57 - 2015-02-11 19:20 - 00000000 ____D () C:\AdwCleaner 2015-02-03 11:56 - 2015-02-03 11:56 - 02194432 _____ () C:\Users\TEDi\Downloads\adwcleaner_4.109.exe 2015-02-03 11:35 - 2015-02-03 11:32 - 00086589 _____ () C:\Users\TEDi\Desktop\New vendor.zip 2015-02-03 11:32 - 2015-02-03 11:32 - 00086589 _____ () C:\Users\TEDi\Downloads\New vendor.zip 2015-02-01 12:26 - 2015-02-01 12:26 - 00000000 _____ () C:\Users\TEDi\Desktop\New Text Document.txt 2015-01-31 15:25 - 2015-01-31 15:25 - 00040704 _____ () C:\Users\TEDi\Downloads\captain-phillips_english-844252.zip 2015-01-27 15:32 - 2015-02-03 11:21 - 00000000 ____D () C:\Program Files\Mozilla Firefox 2015-01-22 18:22 - 2015-01-22 18:19 - 00897960 _____ (Oracle Corporation) C:\Windows\system32\npdeployJava1.dll 2015-01-22 18:22 - 2015-01-22 18:19 - 00818088 _____ (Oracle Corporation) C:\Windows\system32\deployJava1.dll 2015-01-22 18:19 - 2015-01-22 18:19 - 00000000 ____D () C:\Program Files\Common Files\Java 2015-01-21 17:30 - 2015-01-21 23:28 - 00000000 ____D () C:\Users\TEDi\Desktop\ramka 2015-01-21 17:23 - 2015-01-21 17:26 - 08947446 _____ () C:\Users\TEDi\Downloads\ramka.rar ==================== One Month Modified Files and Folders ======= (If an entry is included in the fixlist, the file\folder will be moved.) 2015-02-17 20:07 - 2014-09-10 22:45 - 00114904 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys 2015-02-17 20:06 - 2006-11-02 07:00 - 00000006 ____H () C:\Windows\Tasks\SA.DAT 2015-02-17 20:06 - 2006-11-02 06:46 - 00005312 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 2015-02-17 20:06 - 2006-11-02 06:46 - 00005312 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 2015-02-17 19:41 - 2006-11-02 04:33 - 00755222 _____ () C:\Windows\system32\PerfStringBackup.INI 2015-02-17 19:33 - 2013-06-09 11:47 - 00000012 _____ () C:\Windows\bthservsdp.dat 2015-02-17 19:33 - 2006-11-02 07:00 - 00032618 _____ () C:\Windows\Tasks\SCHEDLGU.TXT 2015-02-17 09:57 - 2014-11-20 00:35 - 00000000 ____D () C:\Users\TEDi\AppData\Local\NETGEARGenie 2015-02-17 09:55 - 2014-09-30 20:40 - 00165652 _____ () C:\Windows\Minidump\Mini021715-01.dmp 2015-02-17 09:55 - 2009-04-25 00:22 - 00000000 ____D () C:\Windows\Minidump 2015-02-13 12:52 - 2014-09-30 20:40 - 00147009 _____ () C:\Windows\Minidump\Mini021315-01.dmp 2015-02-11 20:04 - 2010-02-27 23:47 - 00000000 ____D () C:\Program Files\DisplayLink Core Software 2015-02-09 00:20 - 2009-04-09 06:13 - 00000000 ____D () C:\Users\TEDi 2015-02-08 18:45 - 2013-07-04 13:14 - 00000000 ____D () C:\Users\TEDi\AppData\Local\CrashDumps 2015-02-06 15:23 - 2009-04-27 11:01 - 00000069 _____ () C:\Windows\NeroDigital.ini 2015-02-06 14:19 - 2013-10-09 18:03 - 00000000 ____D () C:\Program Files\ATT 2015-02-03 11:49 - 2010-11-29 22:45 - 00000000 ____D () C:\Users\TEDi\Documents\My Scans 2015-02-03 11:21 - 2012-02-16 12:29 - 00000000 ____D () C:\Users\TEDi\AppData\Roaming\TeamViewer 2015-02-01 12:02 - 2015-01-17 13:37 - 00000840 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TeamViewer 10.lnk 2015-02-01 12:02 - 2015-01-17 13:37 - 00000828 _____ () C:\Users\Public\Desktop\TeamViewer 10.lnk 2015-02-01 12:02 - 2015-01-17 13:37 - 00000000 ____D () C:\Program Files\TeamViewer 2015-02-01 11:48 - 2012-04-02 06:08 - 00701616 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe 2015-02-01 11:48 - 2011-05-18 19:56 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl 2015-01-31 15:57 - 2014-06-14 17:01 - 00000000 ____D () C:\Users\TEDi\Desktop\Itools 2015-01-31 15:38 - 2010-09-02 18:29 - 00027233 _____ () C:\Users\TEDi\Desktop\FutbolistPlovdiv2008.txt 2015-01-23 15:22 - 2009-04-09 21:38 - 00101376 _____ () C:\Users\TEDi\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini 2015-01-22 18:24 - 2013-10-20 19:39 - 00000000 ____D () C:\ProgramData\Oracle 2015-01-22 18:20 - 2010-05-17 17:44 - 00000000 ____D () C:\Program Files\Java 2015-01-22 18:19 - 2014-10-20 19:16 - 00272296 _____ (Oracle Corporation) C:\Windows\system32\javaws.exe 2015-01-22 18:19 - 2014-10-20 19:16 - 00096680 _____ (Oracle Corporation) C:\Windows\system32\WindowsAccessBridge.dll 2015-01-22 18:19 - 2014-07-15 15:50 - 00176552 _____ (Oracle Corporation) C:\Windows\system32\javaw.exe 2015-01-22 18:19 - 2014-07-15 15:50 - 00176552 _____ (Oracle Corporation) C:\Windows\system32\java.exe 2015-01-18 10:33 - 2009-04-09 06:13 - 00100640 _____ () C:\Users\TEDi\AppData\Local\GDIPFONTCACHEV1.DAT 2015-01-18 10:31 - 2006-11-02 06:46 - 02297448 _____ () C:\Windows\system32\FNTCACHE.DAT ==================== Files in the root of some directories ======= 2009-04-18 15:49 - 2009-04-21 01:36 - 0022328 _____ () C:\Users\TEDi\AppData\Roaming\PnkBstrK.sys 2014-09-10 19:52 - 2014-10-29 19:48 - 0000600 _____ () C:\Users\TEDi\AppData\Roaming\winscp.rnd 2009-04-09 21:29 - 2009-04-09 21:29 - 0000552 _____ () C:\Users\TEDi\AppData\Local\d3d8caps.dat 2009-04-09 06:13 - 2014-11-12 10:00 - 0007836 _____ () C:\Users\TEDi\AppData\Local\d3d9caps.dat 2009-04-09 21:38 - 2015-01-23 15:22 - 0101376 _____ () C:\Users\TEDi\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini Some zero byte size files/folders: ========================== C:\Windows\System32\dlumd10.dll C:\Windows\System32\dlumd9.dll ==================== Bamital & volsnap Check ================= (There is no automatic fix for files that do not pass verification.) C:\Windows\explorer.exe => File is digitally signed C:\Windows\system32\winlogon.exe => File is digitally signed C:\Windows\system32\wininit.exe => File is digitally signed C:\Windows\system32\svchost.exe => File is digitally signed C:\Windows\system32\services.exe => File is digitally signed C:\Windows\system32\User32.dll => File is digitally signed C:\Windows\system32\userinit.exe => File is digitally signed C:\Windows\system32\rpcss.dll => File is digitally signed C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed LastRegBack: 2015-02-17 19:33 ==================== End Of Log ============================ Addition.txt Additional scan result of Farbar Recovery Scan Tool (x86) Version: 15-02-2015 Ran by TEDi at 2015-02-17 20:11:12 Running from C:\Users\TEDi\Desktop Boot Mode: Normal ========================================================== ==================== Security Center ======================== (If an entry is included in the fixlist, it will be removed.) AV: Avira Desktop (Enabled - Out of date) {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C} AS: Avira Desktop (Enabled - Out of date) {4D1AAC01-E68E-63B1-344F-57F1C6DA4691} AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} ==================== Installed Programs ====================== (Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.) µTorrent (HKLM\...\uTorrent) (Version: 3.2.1.28086 - BitTorrent Inc.) µTorrent (HKU\S-1-5-21-2466917097-4220814058-3705793299-1000\...\uTorrent) (Version: 1.8.2 - ) 32 Bit HP CIO Components Installer (Version: 6.1.1 - Hewlett-Packard) Hidden 3DMark Vantage (HKLM\...\{C40C3C3D-97CF-44B5-836C-766E374464B3}) (Version: 1.0.1.1 - Futuremark Corporation) 3DMark06 (HKLM\...\{7F3AD00A-1819-4B15-BB7D-08B3586336D7}) (Version: 1.1.0 - Futuremark) Acrobat.com (HKLM\...\{287ECFA4-719A-2143-A09B-D6A12DE54E40}) (Version: 1.6.65 - Adobe Systems Incorporated) Acronis True Image Home (HKLM\...\{37C8899D-FD70-481F-94AA-1F1B08765E22}) (Version: 12.0.9709 - Acronis) Active@ UNDELETE 7 Enterprise (HKLM\...\Active@ UNDELETE 7 Enterprise) (Version: - ) Adobe AIR (HKLM\...\Adobe AIR) (Version: 2.6.0.19120 - Adobe Systems Incorporated) Adobe Creative Suite 4 Master Collection (HKLM\...\Adobe_b2d6abde968e6f277ddbfd501383e02) (Version: 4.0 - Adobe Systems Incorporated) Adobe Flash Player 10 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 10.0.45.2 - Adobe Systems Incorporated) Adobe Flash Player 16 NPAPI (HKLM\...\Adobe Flash Player NPAPI) (Version: 16.0.0.296 - Adobe Systems Incorporated) Adobe Media Player (HKLM\...\com.adobe.amp.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1) (Version: 1.1 - Adobe Systems Incorporated) Adobe Photoshop CS4 (HKLM\...\Adobe_faf656ef605427ee2f42989c3ad31b8) (Version: 11.0 - Adobe Systems Incorporated) Adobe Reader X (10.1.13) (HKLM\...\{AC76BA86-7AD7-1033-7B44-AA1000000001}) (Version: 10.1.13 - Adobe Systems Incorporated) AllShare Framework DMS (HKLM\...\{3AEB0C6A-BD57-4E3C-8AD7-83F5E614ED83}) (Version: 1.3.17 - Samsung) AnyToISO (HKLM\...\AnyToISO_is1) (Version: 3.6.1 - CrystalIdea Software, Inc.) Apple Application Support (HKLM\...\{83CAF0DE-8D3B-4C37-A631-2B8F16EC3031}) (Version: 3.1 - Apple Inc.) Apple Mobile Device Support (HKLM\...\{235EBB33-3DA1-46DF-AADE-9955123409CB}) (Version: 8.0.5.6 - Apple Inc.) Apple Software Update (HKLM\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.) ArcSoft TotalMedia Theatre 5 (HKLM\...\InstallShield_{9A2CE5D4-0A1E-42EB-9CE0-ABD5DD79E94E}) (Version: 5.0.1.114 - ArcSoft) ArcSoft TotalMedia Theatre 5 (Version: 5.0.1.80 - ArcSoft) Hidden ATI Catalyst Install Manager (HKLM\...\{2C99779B-99A9-CE50-C43F-A9F765E1FE23}) (Version: 3.0.719.0 - ATI Technologies, Inc.) ATT Management Agent (HKLM\...\ATT-ATT Management Agent) (Version: 8.3.1.7 - ATT) ATT-PRT22 (HKLM\...\ATT-PRT22) (Version: - ) Avira Antivirus Premium (HKLM\...\Avira AntiVir Desktop) (Version: 13.0.0.4052 - Avira) Bonjour (HKLM\...\{79155F2B-9895-49D7-8612-D92580E0DE5B}) (Version: 3.0.0.10 - Apple Inc.) BufferChm (Version: 140.0.212.000 - Hewlett-Packard) Hidden BWMeter (HKLM\...\BWMeter) (Version: 5.2.0 - DeskSoft) ccc-core-static (Version: 2009.0317.2131.36802 - ATI) Hidden CCleaner (HKLM\...\CCleaner) (Version: 3.25 - Piriform) Cisco EAP-FAST Module (HKLM\...\{64BF0187-F3D2-498B-99EA-163AF9AE6EC9}) (Version: 2.2.14 - Cisco Systems, Inc.) Cisco LEAP Module (HKLM\...\{51C7AD07-C3F6-4635-8E8A-231306D810FE}) (Version: 1.0.19 - Cisco Systems, Inc.) Cisco PEAP Module (HKLM\...\{ED5776D5-59B4-46B7-AF81-5F2D94D7C640}) (Version: 1.1.6 - Cisco Systems, Inc.) Connect (Version: 1.0.0.1 - Adobe Systems Incorporated) Hidden Copy (Version: 140.0.212.000 - Hewlett-Packard) Hidden CoreAVC Professional Edition (remove only) (HKLM\...\CoreAVC Professional Edition) (Version: - ) Destinations (Version: 140.0.77.000 - Hewlett-Packard) Hidden DeviceDiscovery (Version: 140.0.212.000 - Hewlett-Packard) Hidden DisplayLink Core Software (HKLM\...\{DE8CB084-AE1B-4038-8544-D6E9A1D5D808}) (Version: 5.2.21555.0 - DisplayLink Corp.) DisplayLink Graphics (HKLM\...\{7336DD99-5B0D-4FBB-A1F2-FD188E117CCC}) (Version: 5.2.21997.0 - DisplayLink Corp.) DJ_AIO_05_F4400_Software_Min (Version: 140.0.690.000 - Hewlett-Packard) Hidden Dropbox (HKU\S-1-5-21-2466917097-4220814058-3705793299-1000\...\Dropbox) (Version: 2.2.3 - Dropbox, Inc.) F4400 (Version: 140.0.696.000 - Hewlett-Packard) Hidden FormatFactory 2.70 (HKLM\...\FormatFactory) (Version: 2.70 - Free Time) Fraps (remove only) (HKLM\...\Fraps) (Version: - ) Futuremark SystemInfo (HKLM\...\{BEE64C14-BEF1-4610-8A68-A16EAA47B882}) (Version: 3.16.2.1 - Futuremark Corporation) GetDataBack for FAT and GetDataBack for NTFS (HKLM\...\{49C09E32-B9FD-4EDC-9152-9BC0CC618A13}) (Version: 3.03.000 - Runtime Software) GPBaseService2 (Version: 140.0.211.000 - Hewlett-Packard) Hidden GRID (HKLM\...\{5A0B7BA5-4682-4273-81C2-69B17E649103}) (Version: 1.00.0000 - Codemasters) Haali Media Splitter (HKLM\...\HaaliMkx) (Version: - ) HP Customer Participation Program 14.0 (HKLM\...\HPExtendedCapabilities) (Version: 14.0 - HP) HP Deskjet F4400 Printer Driver Software 14.0 Rel. 5 (HKLM\...\{A800FCC9-8E1E-4D84-9CED-47870701FDE1}) (Version: 14.0 - HP) HP Imaging Device Functions 14.0 (HKLM\...\HP Imaging Device Functions) (Version: 14.0 - HP) HP Photo Creations (HKLM\...\HP Photo Creations) (Version: 1.0.0.2024 - HP Photo Creations Powered by RocketLife) HP Smart Web Printing 4.60 (HKLM\...\HP Smart Web Printing) (Version: 4.60 - HP) HP Solution Center 14.0 (HKLM\...\HP Solution Center & Imaging Support Tools) (Version: 14.0 - HP) HP Update (HKLM\...\{74DC0593-6BC6-4001-AD5F-D810AFB68D86}) (Version: 5.002.002.002 - Hewlett-Packard) HPPhotoGadget (Version: 140.0.524.000 - Hewlett-Packard) Hidden HPProductAssistant (Version: 140.0.212.000 - Hewlett-Packard) Hidden HPSSupply (Version: 140.0.211.000 - Hewlett-Packard) Hidden HTC BMP USB Driver (HKLM\...\{31A559C1-9E4D-423B-9DD3-34A6C5398752}) (Version: 1.0.5375 - HTC) HTC Driver Installer (HKLM\...\{6D6664A9-3342-4948-9B7E-034EFE366F0F}) (Version: 3.0.0.007 - HTC Corporation) iBackupBot 5.2.4 (HKLM\...\iBackupBot) (Version: 5.2.4 - VOWSoft, Ltd.) iCloud (HKLM\...\{DA7DF8E2-4B8F-4286-97FE-DE3FFFE9B728}) (Version: 1.1.0.40 - Apple Inc.) iExplorer 3.3.2.1 (HKLM\...\{7FD8B0C1-CDDA-4B4D-A577-B2E3570EA3A3}_is1) (Version: - Macroplant LLC) iFunbox (v2.8.2414.748), iFunbox DevTeam (HKLM\...\iFunbox_is1) (Version: v2.8.2414.748 - ) iTunes (HKLM\...\{5D928931-D1D2-4A93-A82D-BF60D0E7CFA5}) (Version: 12.0.1.26 - Apple Inc.) Java 8 Update 31 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F83218031F0}) (Version: 8.0.310 - Oracle Corporation) KaraFun Player 2 (HKLM\...\KaraFun Player 2_is1) (Version: 2.1.30.158 - Recisio) kuler (Version: 2.0 - Adobe Systems Incorporated) Hidden Malwarebytes Anti-Malware version 2.0.4.1028 (HKLM\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.4.1028 - Malwarebytes Corporation) MarketResearch (Version: 140.0.212.000 - Hewlett-Packard) Hidden Medieval CUE Splitter (HKLM\...\{B96D2269-568B-4CBF-9332-12FAE8B158F7}) (Version: 1.2.0 - Medieval Software) Microphone Pass-through(Playback) Emulator 1.5.1 (HKLM\...\{9AD0C1EE-A944-43D6-97A5-D8BB7BCAF2F8}_is1) (Version: 1.5.1 - Majiastic Computer) Microsoft .NET Framework 3.5 SP1 (HKLM\...\Microsoft .NET Framework 3.5 SP1) (Version: - Microsoft Corporation) Microsoft .NET Framework 4 Client Profile (HKLM\...\Microsoft .NET Framework 4 Client Profile) (Version: 4.0.30319 - Microsoft Corporation) Microsoft .NET Framework 4 Extended (HKLM\...\Microsoft .NET Framework 4 Extended) (Version: 4.0.30319 - Microsoft Corporation) Microsoft Office Enterprise 2007 (HKLM\...\ENTERPRISE) (Version: 12.0.4518.1014 - Microsoft Corporation) Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation) Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (HKLM\...\{770657D0-A123-3C07-8E44-1C83EC895118}) (Version: 8.0.50727.4053 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (HKLM\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (HKLM\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation) Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148 (HKLM\...\{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}) (Version: 9.0.30729.4148 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 (HKLM\...\{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}) (Version: 9.0.30729.5570 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation) Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation) Microsoft WSE 3.0 Runtime (HKLM\...\{E3E71D07-CD27-46CB-8448-16D4FB29AA13}) (Version: 3.0.5305.0 - Microsoft Corp.) Monitor Asset Manager (HKLM\...\Monitor Asset Manager) (Version: - ) Mozilla Firefox (3.0.14) (HKLM\...\Mozilla Firefox (3.0.14)) (Version: 3.0.14 (en-US) - Mozilla) MSVC80_x86_v2 (Version: 1.0.3.0 - Nokia) Hidden MSVC90_x86 (Version: 1.0.1.2 - Nokia) Hidden MSXML 4.0 SP2 (KB954430) (HKLM\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation) MSXML 4.0 SP2 (KB973688) (HKLM\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation) MSXML 4.0 SP3 Parser (HKLM\...\{196467F1-C11F-4F76-858B-5812ADC83B94}) (Version: 4.30.2100.0 - Microsoft Corporation) MyPhoneExplorer (HKLM\...\MPE) (Version: 1.8.1 - F.J. Wechselberger) Need for Speed™ SHIFT (HKLM\...\{BBF0A67B-5DBA-452F-9D2E-6F168BC226E4}) (Version: 1.0.0.0 - Electronic Arts) Nero 7 Premium (HKLM\...\{CF097717-F174-4144-954A-FBC4BF301033}) (Version: 7.02.9753 - Nero AG) NETGEAR Genie (HKLM\...\NETGEAR Genie) (Version: 2.3.1.46 - NETGEAR Inc.) Nitro PDF Professional (HKLM\...\{5CDF6674-78CA-4B1F-A3CA-BA7EAC6E4E0B}) (Version: 6.2.1.10 - Nitro PDF Software) Nokia Connectivity Cable Driver (HKLM\...\{0906982B-A432-4C06-8F01-C01BE1143779}) (Version: 7.1.92.0 - Nokia) Nokia Suite (HKLM\...\Nokia Suite) (Version: 3.6.36.0 - Nokia) Nokia Suite (Version: 3.6.36.0 - Nokia) Hidden NVIDIA PhysX (HKLM\...\{5DB65884-C963-4454-AABA-4CA3089281FA}) (Version: 9.09.0720 - NVIDIA Corporation) Octoshape Streaming Services (HKU\S-1-5-21-2466917097-4220814058-3705793299-1000\...\Octoshape Streaming Services) (Version: - ) OpenAL (HKLM\...\OpenAL) (Version: - ) oZone3D.Net FurMark v1.6.5 (HKLM\...\oZone3D.Net FurMark_is1) (Version: - oZone3D.Net) PC Connectivity Solution (HKLM\...\{BA77F9D2-CD35-41EB-9BC9-769879DFF8A6}) (Version: 12.0.48.0 - Nokia) PDF Settings CS4 (Version: 9.0 - Adobe Systems Incorporated) Hidden Photoshop Camera Raw (Version: 5.0 - Adobe Systems Incorporated) Hidden PowerISO (HKLM\...\PowerISO) (Version: - ) PunkBuster Services (HKLM\...\PunkBusterSvc) (Version: 0.986 - Even Balance, Inc.) Realtek 8169 8168 8101E 8102E Ethernet Driver (HKLM\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 1.00.0000 - Realtek) Realtek High Definition Audio Driver (HKLM\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.5793 - Realtek Semiconductor Corp.) ReClock (remove only) (HKLM\...\ReClock) (Version: - ) Recover My Files (HKLM\...\Recover My Files_is1) (Version: 3.9.7.5012 - GetData Pty Ltd) RegVac Registry Cleaner 5.01 (Registered Version) (HKLM\...\RegVac Registry Cleaner (Registered Version)_is1) (Version: - Super Win Software, Inc.) Samsung Link 1.7.0.1309031728 (HKLM\...\8474-7877-9059-0204) (Version: 1.7.0.1309031728 - Copyright 2013 SAMSUNG) SAMSUNG USB Driver for Mobile Phones (HKLM\...\{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}) (Version: 1.5.14.0 - SAMSUNG Electronics Co., Ltd.) Scan (Version: 140.0.80.000 - Hewlett-Packard) Hidden Shop for HP Supplies (HKLM\...\Shop for HP Supplies) (Version: 14.0 - HP) Skins (Version: 2009.0317.2131.36802 - ATI) Hidden Skype™ 6.18 (HKLM\...\{7A3C7E05-EE37-47D6-99E1-2EB05A3DA3F7}) (Version: 6.18.106 - Skype Technologies S.A.) SmartWebPrinting (Version: 140.0.186.000 - Hewlett-Packard) Hidden Snagit 11 (HKLM\...\{68723B04-57EC-11E1-A6A8-9E2D4824019B}) (Version: 11.1.0 - TechSmith Corporation) SolutionCenter (Version: 140.0.213.000 - Hewlett-Packard) Hidden SpeedFan (remove only) (HKLM\...\SpeedFan) (Version: - ) Status (Version: 140.0.212.000 - Hewlett-Packard) Hidden Suite Shared Configuration CS4 (Version: 1.0 - Adobe Systems Incorporated) Hidden TeamViewer 10 (HKLM\...\TeamViewer) (Version: 10.0.38475 - TeamViewer) The KMPlayer (remove only) (HKLM\...\The KMPlayer) (Version: - ) Tom Clancy's H.A.W.X (HKLM\...\{6E36A172-06FB-4BC8-B7FC-D30D219E6776}) (Version: 1.00.00000 - Ubisoft) Toolbox (Version: 140.0.428.000 - Hewlett-Packard) Hidden Total Video Converter 3.50 (HKLM\...\Total Video Converter 3.50_is1) (Version: - EffectMatrix Inc.) Touchside (HKLM\...\{C6A750AE-6029-4435-9A8D-06507AA46798}) (Version: 1.00.000 - Touchside) TrayApp (Version: 140.0.212.000 - Hewlett-Packard) Hidden TRENDnet TEW-424UB Wireless USB 2.0 Adapter Vista Driver and Utility (HKLM\...\InstallShield_{B1BDEA80-95CE-4DFB-B9D3-DC800E7F87B4}) (Version: 1.00.0000 - ) TRENDnet TEW-424UB Wireless USB 2.0 Adapter Vista Driver and Utility (Version: 1.00.0000 - ) Hidden TuneUp Utilities 2009 (HKLM\...\{55A29068-F2CE-456C-9148-C869879E2357}) (Version: 8.0.3100.31 - TuneUp Software) VS 2008 CRT Package (HKLM\...\{ED79C920-2FF2-4742-AF32-B58BE68B0FA6}) (Version: 1.1.0 - Microsoft) WebReg (Version: 140.0.212.017 - Hewlett-Packard) Hidden Windows Driver Package - Nokia pccsmcfd “LegacyDriver” (05/31/2012 7.1.2.0) (HKLM\...\17D063A0A9F5D5A225B76B1D9BCB5ADBE85C8382) (Version: 05/31/2012 7.1.2.0 - Nokia) Windows Driver Package - OEM (mr8980) Image (07/02/2010 1.0.0.0) (HKLM\...\0587FB824A2C7876CE70A17CA0BABB28702DE6DC) (Version: 07/02/2010 1.0.0.0 - OEM) Windows Media Player Firefox Plugin (HKLM\...\{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}) (Version: 1.0.0.8 - Microsoft Corp) Windows Sound Schemes (HKLM\...\UltSounds) (Version: - Microsoft Corporation) WinRAR archiver (HKLM\...\WinRAR archiver) (Version: - ) WinSCP 4.1.9 (HKLM\...\winscp3_is1) (Version: 4.1.9 - Martin Prikryl) Wireless LAN Driver and Utility (HKLM\...\{9C049499-055C-4A0C-A916-1D12314F45EB}) (Version: 1.00.0183 - Co.,Ltd.) Wireless Monitoring System (HKLM\...\InstallShield_{1E6679EB-C736-40E6-A1E5-F97F69A096E3}) (Version: 1.00.0000 - MR8980) Wireless Monitoring System (Version: 1.00.0000 - MR8980) Hidden Your Uninstaller! 7 (HKLM\...\YU2010_is1) (Version: 7.5.2013.2 - URSoft, Inc.) ==================== Custom CLSID (selected items): ========================== (If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.) CustomCLSID: HKU\S-1-5-21-2466917097-4220814058-3705793299-1000_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Users\TEDi\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.) CustomCLSID: HKU\S-1-5-21-2466917097-4220814058-3705793299-1000_Classes\CLSID\{039B2CA5-3B41-4D93-AD77-47D3293FC5CB}\InprocServer32 -> C:\Program Files\Skype\Plugin Manager\ezPMUtils.dll No File CustomCLSID: HKU\S-1-5-21-2466917097-4220814058-3705793299-1000_Classes\CLSID\{11CD84A3-A5E0-43CB-B3DF-92C623C0E0E0}\InprocServer32 -> C:\Windows\system32\mscoree.dll (Microsoft Corporation) CustomCLSID: HKU\S-1-5-21-2466917097-4220814058-3705793299-1000_Classes\CLSID\{2A235D7E-0358-40E2-B51A-DE22F8F5C50D}\InprocServer32 -> C:\Windows\system32\mscoree.dll (Microsoft Corporation) CustomCLSID: HKU\S-1-5-21-2466917097-4220814058-3705793299-1000_Classes\CLSID\{32C15893-74C0-4478-879B-FE14EB684AB4}\InprocServer32 -> C:\Users\TEDi\AppData\Local\Microsoft\Windows Sidebar\Gadgets\HPPhoto.gadget\x86\hpqgps01.dll (Hewlett-Packard Co.) CustomCLSID: HKU\S-1-5-21-2466917097-4220814058-3705793299-1000_Classes\CLSID\{39C26CEE-9070-4B47-9261-6743499AFBF7}\InprocServer32 -> C:\Users\TEDi\AppData\Local\Microsoft\Windows Sidebar\Gadgets\HPPhoto.gadget\x86\hpqgutil.dll (Hewlett-Packard Co.) CustomCLSID: HKU\S-1-5-21-2466917097-4220814058-3705793299-1000_Classes\CLSID\{42481700-CF3C-4D05-8EC6-F9A1C57E8DC0}\InprocServer32 -> C:\Program Files\Skype\Plugin Manager\ezPMUtils.dll No File CustomCLSID: HKU\S-1-5-21-2466917097-4220814058-3705793299-1000_Classes\CLSID\{672CDBDB-0270-4EB9-83EC-216377522D21}\InprocServer32 -> C:\Windows\system32\mscoree.dll (Microsoft Corporation) CustomCLSID: HKU\S-1-5-21-2466917097-4220814058-3705793299-1000_Classes\CLSID\{7D4733C0-C43B-4A81-AF43-F9B20D1F8348}\InprocServer32 -> C:\Users\TEDi\AppData\Roaming\Octoshape\Octoshape Streaming Services\sua-1101262-0-apoctoshape.dll (Octoshape ApS) CustomCLSID: HKU\S-1-5-21-2466917097-4220814058-3705793299-1000_Classes\CLSID\{841BFDCA-6A9A-4EBC-BC7E-194AA5DCE428}\InprocServer32 -> C:\Windows\system32\mscoree.dll (Microsoft Corporation) CustomCLSID: HKU\S-1-5-21-2466917097-4220814058-3705793299-1000_Classes\CLSID\{9CC1FE07-02F9-49A6-A3F4-63AD8BAE9E49}\InprocServer32 -> C:\Users\TEDi\AppData\Local\Microsoft\Windows Sidebar\Gadgets\HPPhoto.gadget\x86\hpqgps01.dll (Hewlett-Packard Co.) CustomCLSID: HKU\S-1-5-21-2466917097-4220814058-3705793299-1000_Classes\CLSID\{D0D38C6E-BF64-4C42-840D-3E0019D9F7A6}\InprocServer32 -> C:\Program Files\Skype\Plugin Manager\ezPMUtils.dll No File CustomCLSID: HKU\S-1-5-21-2466917097-4220814058-3705793299-1000_Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\TEDi\AppData\Roaming\Dropbox\bin\DropboxExt.19.dll (Dropbox, Inc.) CustomCLSID: HKU\S-1-5-21-2466917097-4220814058-3705793299-1000_Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\TEDi\AppData\Roaming\Dropbox\bin\DropboxExt.19.dll (Dropbox, Inc.) CustomCLSID: HKU\S-1-5-21-2466917097-4220814058-3705793299-1000_Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\TEDi\AppData\Roaming\Dropbox\bin\DropboxExt.19.dll (Dropbox, Inc.) CustomCLSID: HKU\S-1-5-21-2466917097-4220814058-3705793299-1000_Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\TEDi\AppData\Roaming\Dropbox\bin\DropboxExt.19.dll (Dropbox, Inc.) ==================== Restore Points ========================= ==================== Hosts content: ========================== (If needed Hosts: directive could be included in the fixlist to reset Hosts.) 2006-11-02 04:23 - 2009-04-25 01:07 - 00000789 ____A C:\Windows\system32\Drivers\etc\hosts 127.0.0.1 localhost 127.0.0.1 activate.adobe.com ==================== Scheduled Tasks (whitelisted) ============= (If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.) Task: {178279AD-0523-4C60-97E0-D1522EE384A7} - System32\Tasks\Launch HTC Sync Loader => C:\Program Files\HTC\HTC Sync 3.0\htcUPCTLoader.exe Task: {1969C96B-9572-44BD-84D9-939FDCC0E9A1} - System32\Tasks\{F6D28F6E-775A-4876-A20F-9D4933D06E22} => C:\Program Files\Skype\Phone\Skype.exe [2014-07-24] (Skype Technologies S.A.) Task: {232C1A86-F2C2-49EC-8F02-BB920F9A754D} - System32\Tasks\Microsoft\Windows\MobilePC\DisplayLink TMM Control Task: {281028B8-1418-4EBB-AD08-50A37BD375BF} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2012-11-23] (Piriform Ltd) Task: {5915C5E2-D3AC-4D98-87EB-D5C152C38CC1} - System32\Tasks\HP online update program => C:\Program Files\HP\HP Software Update\HPWuSchd2.exe [2009-11-18] (Hewlett-Packard) Task: {9D198BA4-42C0-4F2B-9099-CB62888C0EC6} - System32\Tasks\Java Update Scheduler => C:\Program Files\Common Files\Java\Java Update\jusched.exe [2014-12-17] (Oracle Corporation) Task: {CC74EB25-26F9-4E19-8104-00A7276E3F84} - System32\Tasks\Leader Technologies\PowerRegister\Seagate NA4JXZK0 Product Registration (TEDi) => C:\Users\TEDi\AppData\Roaming\Leadertech\PowerRegister\Seagate NA4JXZK0 Product Registration.exe [2009-01-16] (Leader Technologies/Seagate) (If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.) Task: C:\Windows\Tasks\User_Feed_Synchronization-{82A5E1E0-5364-4602-87A7-2E9A61F48E9D}.job => C:\Windows\system32\msfeedssync.exe ==================== Loaded Modules (whitelisted) ============== 2013-03-31 21:26 - 2012-12-18 08:31 - 00397704 _____ () C:\Program Files\Avira\AntiVir Desktop\sqlite3.dll 2009-04-10 13:49 - 2008-09-16 19:18 - 00132608 _____ () C:\Program Files\WinRAR\rarext.dll 2011-03-21 10:18 - 2011-03-21 10:18 - 00115008 _____ () C:\Program Files\Nitro PDF\Professional\NPShellExtension.dll 2011-04-20 00:21 - 2011-04-20 00:21 - 00037376 _____ () C:\Windows\system32\atitmpxx.dll 2014-04-23 15:05 - 2014-04-23 15:05 - 00073544 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll 2014-10-11 13:05 - 2014-10-11 13:05 - 01044776 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll 2013-09-28 19:14 - 2013-09-28 19:14 - 03369922 _____ () C:\Program Files\NETGEAR Genie\bin\icuin51.dll 2013-09-28 19:13 - 2013-09-28 19:13 - 00544817 _____ () C:\Program Files\NETGEAR Genie\bin\libgcc_s_dw2-1.dll 2013-09-28 19:13 - 2013-09-28 19:13 - 00989805 _____ () C:\Program Files\NETGEAR Genie\bin\libstdc++-6.dll 2013-09-28 19:14 - 2013-09-28 19:14 - 01978690 _____ () C:\Program Files\NETGEAR Genie\bin\icuuc51.dll 2013-09-28 19:14 - 2013-09-28 19:14 - 22378434 _____ () C:\Program Files\NETGEAR Genie\bin\icudt51.dll 2013-09-28 19:14 - 2013-09-28 19:14 - 01233408 _____ () C:\Program Files\NETGEAR Genie\bin\platforms\qwindows.dll 2014-11-17 03:46 - 2014-11-17 03:46 - 00639488 _____ () C:\Program Files\NETGEAR Genie\bin\Genie.dll 2014-11-10 03:55 - 2014-11-10 03:55 - 01686016 _____ () C:\Program Files\NETGEAR Genie\bin\SvtNetworkTool.dll 2014-11-05 01:36 - 2014-11-05 01:36 - 00192512 _____ () C:\Program Files\NETGEAR Genie\bin\GeniePlugin_Airprint.dll 2014-11-05 01:37 - 2014-11-05 01:37 - 00632832 _____ () C:\Program Files\NETGEAR Genie\bin\GeniePlugin_Internet.dll 2014-11-14 04:53 - 2014-11-14 04:53 - 06499840 _____ () C:\Program Files\NETGEAR Genie\bin\GeniePlugin_Map.dll 2014-06-29 19:55 - 2014-06-29 19:55 - 00068608 _____ () C:\Program Files\NETGEAR Genie\bin\QRCode.dll 2014-06-29 20:05 - 2014-06-29 20:05 - 01183232 _____ () C:\Program Files\NETGEAR Genie\bin\qwt.dll 2014-11-07 03:13 - 2014-11-07 03:13 - 02475520 _____ () C:\Program Files\NETGEAR Genie\bin\GeniePlugin_MyMedia.dll 2012-10-15 14:27 - 2012-10-15 14:27 - 00111616 _____ () C:\Program Files\NETGEAR Genie\bin\libvlc.dll 2012-10-15 14:28 - 2012-10-15 14:28 - 02286592 _____ () C:\Program Files\NETGEAR Genie\bin\libvlccore.dll 2014-11-17 01:00 - 2014-11-17 01:00 - 01056768 _____ () C:\Program Files\NETGEAR Genie\bin\GeniePlugin_NetworkProblem.dll 2014-09-11 02:39 - 2014-09-11 02:39 - 00144896 _____ () C:\Program Files\NETGEAR Genie\bin\DragonNetTool.dll 2014-11-05 01:51 - 2014-11-05 01:51 - 01191424 _____ () C:\Program Files\NETGEAR Genie\bin\GeniePlugin_ParentalControl.dll 2014-11-17 00:21 - 2014-11-17 00:21 - 10374656 _____ () C:\Program Files\NETGEAR Genie\bin\GeniePlugin_Resource.dll 2014-11-17 00:18 - 2014-11-17 00:18 - 02496512 _____ () C:\Program Files\NETGEAR Genie\bin\GeniePlugin_RouterConfiguration.dll 2014-11-06 03:39 - 2014-11-06 03:39 - 00200192 _____ () C:\Program Files\NETGEAR Genie\bin\GeniePlugin_Statistics.dll 2014-11-05 01:58 - 2014-11-05 01:58 - 00889344 _____ () C:\Program Files\NETGEAR Genie\bin\GeniePlugin_Ui.dll 2014-11-05 02:00 - 2014-11-05 02:00 - 00435712 _____ () C:\Program Files\NETGEAR Genie\bin\GeniePlugin_Wireless.dll 2013-09-28 19:13 - 2013-09-28 19:13 - 00051200 _____ () C:\Program Files\NETGEAR Genie\bin\imageformats\qgif.dll 2013-09-28 19:13 - 2013-09-28 19:13 - 00052224 _____ () C:\Program Files\NETGEAR Genie\bin\imageformats\qico.dll 2013-09-28 19:13 - 2013-09-28 19:13 - 00261120 _____ () C:\Program Files\NETGEAR Genie\bin\imageformats\qjpeg.dll 2013-09-28 19:13 - 2013-09-28 19:13 - 00046080 _____ () C:\Program Files\NETGEAR Genie\bin\imageformats\qsvg.dll 2014-06-29 19:55 - 2014-06-29 19:55 - 00081408 _____ () C:\Program Files\NETGEAR Genie\bin\DiagnosePlugin.dll 2014-11-03 02:23 - 2014-11-03 02:23 - 00143360 _____ () C:\Program Files\NETGEAR Genie\bin\DiagnoseDll.dll 2014-06-18 20:22 - 2014-06-18 20:22 - 02177405 _____ () C:\Program Files\NETGEAR Genie\bin\drivers\libntgr_api.dll 2014-09-04 00:00 - 2014-09-04 00:00 - 00072192 _____ () C:\Program Files\NETGEAR Genie\bin\SVTUtils.dll 2014-09-04 00:00 - 2014-09-04 00:00 - 00074240 _____ () C:\Program Files\NETGEAR Genie\bin\NetcardApi.dll 2014-09-04 00:00 - 2014-09-04 00:00 - 00136704 _____ () C:\Program Files\NETGEAR Genie\bin\airprintdll.dll 2012-10-15 14:28 - 2012-10-15 14:28 - 00219648 _____ () C:\Program Files\NETGEAR Genie\bin\plugins\access\libdshow_plugin.dll 2012-10-15 14:28 - 2012-10-15 14:28 - 00049664 _____ () C:\Program Files\NETGEAR Genie\bin\plugins\audio_output\libaout_directx_plugin.dll 2012-10-15 14:28 - 2012-10-15 14:28 - 00051200 _____ () C:\Program Files\NETGEAR Genie\bin\plugins\audio_output\libwaveout_plugin.dll 2012-10-15 14:28 - 2012-10-15 14:28 - 00070144 _____ () C:\Program Files\NETGEAR Genie\bin\plugins\video_output\libdirectx_plugin.dll 2013-09-28 19:13 - 2013-09-28 19:13 - 00040960 _____ () C:\Program Files\NETGEAR Genie\bin\printsupport\windowsprintersupport.dll 2014-11-05 01:59 - 2014-11-05 01:59 - 00642048 _____ () C:\Program Files\NETGEAR Genie\bin\InnerPlugin_Update.dll 2014-11-05 02:01 - 2014-11-05 02:01 - 00458752 _____ () C:\Program Files\NETGEAR Genie\bin\InnerPlugin_WirelessExport.dll 2014-06-29 20:33 - 2014-06-29 20:33 - 00046080 _____ () C:\Program Files\NETGEAR Genie\bin\WSetupApiPlugin.dll 2014-09-04 00:00 - 2014-09-04 00:00 - 00066560 _____ () C:\Program Files\NETGEAR Genie\bin\WSetupDll.dll 2009-10-03 12:00 - 2009-10-03 12:00 - 00062464 _____ () C:\Program Files\BWMeter\BWMeterConSvc.exe 2011-03-31 15:08 - 2011-03-31 15:08 - 00080896 _____ () C:\Program Files\HTC\Internet Pass-Through\PassThruSvr.exe 2014-10-24 21:16 - 2009-12-09 20:20 - 00126976 _____ () C:\Program Files\oem\11n USB Wireless LAN Utility\EnumDevLib.dll 2013-06-22 19:29 - 2013-09-03 16:28 - 00011264 _____ () C:\Program Files\Samsung\Samsung Link\JniSys.dll 2014-09-13 16:40 - 2014-09-13 16:40 - 00541696 ____N () C:\Windows\Temp\sqlite-3.7.2-sqlitejdbc.dll 2013-09-03 08:53 - 2013-09-03 16:28 - 00982528 _____ () C:\Program Files\Samsung\Samsung Link\scone_proxy.dll 2013-09-03 08:53 - 2013-09-03 16:28 - 01025024 _____ () C:\Program Files\Samsung\Samsung Link\scone_stub.dll 2013-08-23 13:49 - 2013-08-23 13:49 - 00038912 _____ () C:\Program Files\Samsung\AllShare Framework DMS\1.3.17\JNIInterface.dll 2013-08-23 13:50 - 2013-08-23 13:50 - 00119296 _____ () C:\Program Files\Samsung\AllShare Framework DMS\1.3.17\ASFAPI.dll 2013-08-23 13:51 - 2013-08-23 13:51 - 00013824 _____ () C:\Program Files\Samsung\AllShare Framework DMS\1.3.17\MediaDB_Manager.dll 2013-08-23 13:34 - 2013-08-23 13:34 - 00025600 _____ () C:\Program Files\Samsung\AllShare Framework DMS\1.3.17\MediaDB.dll 2013-08-23 13:34 - 2013-08-23 13:34 - 00706560 _____ () C:\Program Files\Samsung\AllShare Framework DMS\1.3.17\ContentDirectoryPresenter.dll 2013-08-23 13:51 - 2013-08-23 13:51 - 00589824 _____ () C:\Program Files\Samsung\AllShare Framework DMS\1.3.17\DMS_Manager.dll 2013-07-23 18:18 - 2013-07-23 18:18 - 00038912 _____ () C:\Windows\system32\boost_date_time-vc90-mt-1_47.dll 2013-07-23 18:18 - 2013-07-23 18:18 - 00012800 _____ () C:\Windows\system32\boost_system-vc90-mt-1_47.dll 2013-07-23 18:18 - 2013-07-23 18:18 - 00046592 _____ () C:\Windows\system32\boost_thread-vc90-mt-1_47.dll 2013-07-23 18:18 - 2013-07-23 18:18 - 00227840 _____ () C:\Windows\system32\boost_serialization-vc90-mt-1_47.dll 2009-04-09 22:42 - 2009-04-09 22:42 - 00014848 _____ () C:\Windows\assembly\GAC_MSIL\AxInterop.WBOCXLib\1.0.0.0__90ba9c70f846762e\AxInterop.WBOCXLib.dll 2008-10-30 13:39 - 2008-10-30 13:39 - 00016384 ____R () C:\Program Files\ATI Technologies\ATI.ACE\Branding\Branding.dll 2014-11-06 09:28 - 2014-11-06 09:28 - 00105216 _____ () C:\Program Files\NETGEAR Genie\bin\genie2_tray.exe 2013-08-23 13:34 - 2013-08-23 13:34 - 01112576 _____ () C:\Program Files\Samsung\AllShare Framework DMS\1.3.17\DMSManager.dll 2013-08-23 13:34 - 2013-08-23 13:34 - 00107008 _____ () C:\Program Files\Samsung\AllShare Framework DMS\1.3.17\DCMCDP.dll 2013-08-23 13:34 - 2013-08-23 13:34 - 00102400 _____ () C:\Program Files\Samsung\AllShare Framework DMS\1.3.17\FolderCDP.dll 2013-08-23 13:34 - 2013-08-23 13:34 - 00077312 _____ () C:\Program Files\Samsung\AllShare Framework DMS\1.3.17\MetadataFramework.dll 2013-07-23 18:30 - 2013-07-23 18:30 - 00520234 _____ () C:\Program Files\Samsung\AllShare Framework DMS\1.3.17\sqlite3.dll 2013-07-23 18:30 - 2013-07-23 18:30 - 00450560 _____ () C:\Program Files\Samsung\AllShare Framework DMS\1.3.17\MoodExtractor.dll 2013-07-23 18:30 - 2013-07-23 18:30 - 05717504 _____ () C:\Program Files\Samsung\AllShare Framework DMS\1.3.17\DCMImgExtractor.dll 2013-08-14 07:29 - 2013-08-14 07:29 - 00028672 _____ () C:\Program Files\Samsung\AllShare Framework DMS\1.3.17\AutoChaptering.dll 2013-07-23 18:30 - 2013-07-23 18:30 - 00147456 _____ () C:\Program Files\Samsung\AllShare Framework DMS\1.3.17\libexpat.dll 2013-08-14 07:29 - 2013-08-14 07:29 - 00012288 _____ () C:\Program Files\Samsung\AllShare Framework DMS\1.3.17\VideoThumb.dll 2013-07-23 18:30 - 2013-07-23 18:30 - 04671488 _____ () C:\Program Files\Samsung\AllShare Framework DMS\1.3.17\avcodec-52.dll 2013-07-23 18:30 - 2013-07-23 18:30 - 00070656 _____ () C:\Program Files\Samsung\AllShare Framework DMS\1.3.17\avutil-50.dll 2013-07-23 18:30 - 2013-07-23 18:30 - 00686080 _____ () C:\Program Files\Samsung\AllShare Framework DMS\1.3.17\avformat-52.dll 2013-07-23 18:30 - 2013-07-23 18:30 - 00152064 _____ () C:\Program Files\Samsung\AllShare Framework DMS\1.3.17\swscale-0.dll 2013-08-14 07:29 - 2013-08-14 07:29 - 00028160 _____ () C:\Program Files\Samsung\AllShare Framework DMS\1.3.17\AudioExtractor.dll 2013-08-14 07:29 - 2013-08-14 07:29 - 00064000 _____ () C:\Program Files\Samsung\AllShare Framework DMS\1.3.17\ID3Driver.dll 2013-07-23 18:30 - 2013-07-23 18:30 - 00366592 _____ () C:\Program Files\Samsung\AllShare Framework DMS\1.3.17\tag.dll 2013-07-23 18:30 - 2013-07-23 18:30 - 00289792 _____ () C:\Program Files\Samsung\AllShare Framework DMS\1.3.17\libThumbnail.dll 2013-08-14 07:29 - 2013-08-14 07:29 - 00023040 _____ () C:\Program Files\Samsung\AllShare Framework DMS\1.3.17\RichInfoDriver.dll 2013-08-23 13:34 - 2013-08-23 13:34 - 00017920 _____ () C:\Program Files\Samsung\AllShare Framework DMS\1.3.17\VideoExtractor.dll 2013-08-14 07:29 - 2013-08-14 07:29 - 00117248 _____ () C:\Program Files\Samsung\AllShare Framework DMS\1.3.17\ThumbnailMaker.dll 2013-08-14 07:29 - 2013-08-14 07:29 - 01033216 _____ () C:\Program Files\Samsung\AllShare Framework DMS\1.3.17\ImageMagickWrapper.dll 2013-08-23 13:34 - 2013-08-23 13:34 - 00134144 _____ () C:\Program Files\Samsung\AllShare Framework DMS\1.3.17\VideoMetadataDriver.dll 2013-08-14 07:29 - 2013-08-14 07:29 - 00290816 _____ () C:\Program Files\Samsung\AllShare Framework DMS\1.3.17\libKeyFrame.dll 2013-08-14 07:29 - 2013-08-14 07:29 - 00024064 _____ () C:\Program Files\Samsung\AllShare Framework DMS\1.3.17\SECMetaDriver.dll 2013-08-14 07:29 - 2013-08-14 07:29 - 00012288 _____ () C:\Program Files\Samsung\AllShare Framework DMS\1.3.17\ImageExtractor.dll 2013-07-23 18:30 - 2013-07-23 18:30 - 00024064 _____ () C:\Program Files\Samsung\AllShare Framework DMS\1.3.17\photoDriver.dll 2013-07-23 18:30 - 2013-07-23 18:30 - 00399826 _____ () C:\Program Files\Samsung\AllShare Framework DMS\1.3.17\libexif-12.dll.dll 2013-08-14 07:29 - 2013-08-14 07:29 - 00013824 _____ () C:\Program Files\Samsung\AllShare Framework DMS\1.3.17\TextExtractor.dll 2013-07-23 18:30 - 2013-07-23 18:30 - 00032768 _____ () C:\Program Files\Samsung\AllShare Framework DMS\1.3.17\Autobackup.dll 2013-07-23 18:30 - 2013-07-23 18:30 - 00055808 _____ () C:\Program Files\Samsung\AllShare Framework DMS\1.3.17\RosettaAllShare.dll 2013-07-23 18:18 - 2013-07-23 18:18 - 00227840 _____ () C:\Program Files\Samsung\AllShare Framework DMS\1.3.17\boost_serialization-vc90-mt-1_47.dll 2013-07-23 18:18 - 2013-07-23 18:18 - 00038912 _____ () C:\Program Files\Samsung\AllShare Framework DMS\1.3.17\boost_date_time-vc90-mt-1_47.dll 2013-07-23 18:18 - 2013-07-23 18:18 - 00012800 _____ () C:\Program Files\Samsung\AllShare Framework DMS\1.3.17\boost_system-vc90-mt-1_47.dll 2013-07-23 18:18 - 2013-07-23 18:18 - 00046592 _____ () C:\Program Files\Samsung\AllShare Framework DMS\1.3.17\boost_thread-vc90-mt-1_47.dll 2013-07-23 18:30 - 2013-07-23 18:30 - 00044032 _____ () C:\Program Files\Samsung\AllShare Framework DMS\1.3.17\us.dll ==================== Alternate Data Streams (whitelisted) ========= (If an entry is included in the fixlist, only the Alternate Data Streams will be removed.) AlternateDataStreams: C:\Windows:nlsPreferences AlternateDataStreams: C:\ProgramData\TEMP:1CE11B51 AlternateDataStreams: C:\ProgramData\TEMP:B3D74A13 AlternateDataStreams: C:\ProgramData\TEMP:F8D65F32 ==================== Safe Mode (whitelisted) =================== (If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.) HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\pcwatch.sys => ""="Driver" <==== ATTENTION HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MyOSProtect => ""="service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\pcwatch.sys => ""="Driver" <==== ATTENTION ==================== EXE Association (whitelisted) =============== (If an entry is included in the fixlist, the default will be restored. None default entries will be removed.) ==================== Other Areas ============================ (Currently there is no automatic fix for this section.) HKU\S-1-5-21-2466917097-4220814058-3705793299-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\TEDi\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg DNS Servers: 10.0.0.1 ==================== MSCONFIG/TASK MANAGER disabled items == (Currently there is no automatic fix for this section.) MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk => C:\Windows\pss\HP Digital Imaging Monitor.lnk.CommonStartup MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^LaunchTouchMon.lnk => C:\Windows\pss\LaunchTouchMon.lnk.CommonStartup MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^TotalMedia Server.lnk => C:\Windows\pss\TotalMedia Server.lnk.CommonStartup MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Wireless Configuration Utility.lnk => C:\Windows\pss\Wireless Configuration Utility.lnk.CommonStartup MSCONFIG\startupreg: Acronis Scheduler2 Service => "C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe" MSCONFIG\startupreg: AcronisTimounterMonitor => C:\Program Files\Acronis\TrueImageHome\TimounterMonitor.exe MSCONFIG\startupreg: Adobe ARM => "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" MSCONFIG\startupreg: Adobe Reader Speed Launcher => "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe" MSCONFIG\startupreg: AdobeCS4ServiceManager => "C:\Program Files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" -launchedbylogin MSCONFIG\startupreg: APSDaemon => "C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe" MSCONFIG\startupreg: BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA} => "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe" MSCONFIG\startupreg: ClearTKHandle => C:\Program Files\Touchside\ClearTKHandle.exe MSCONFIG\startupreg: ehTray.exe => C:\Windows\ehome\ehTray.exe MSCONFIG\startupreg: G DATA AntiVirus Trayapplication => C:\Program Files\G Data\AntiVirus\AVKTray\AVKTray.exe MSCONFIG\startupreg: iTunesHelper => "C:\Program Files\iTunes\iTunesHelper.exe" MSCONFIG\startupreg: Java => "C:\Users\TEDi\AppData\Local\Temp\Java.exe" MSCONFIG\startupreg: LogitechCommunicationsManager => "C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe" MSCONFIG\startupreg: LogitechQuickCamRibbon => "C:\Program Files\Logitech\QuickCam10\QuickCam10.exe" /hide MSCONFIG\startupreg: Malwarebytes' Anti-Malware => "C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray MSCONFIG\startupreg: MobileDocuments => C:\Program Files\Common Files\Apple\Internet Services\ubd.exe MSCONFIG\startupreg: NeroFilterCheck => C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe MSCONFIG\startupreg: nmctxth => "C:\Program Files\Common Files\Pure Networks Shared\Platform\nmctxth.exe" MSCONFIG\startupreg: Octoshape Streaming Services => "C:\Users\TEDi\AppData\Roaming\Octoshape\Octoshape Streaming Services\OctoshapeClient.exe" -inv:bootrun MSCONFIG\startupreg: SunJavaUpdateSched => "C:\Program Files\Java\jre6\bin\jusched.exe" MSCONFIG\startupreg: TrueImageMonitor.exe => C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe MSCONFIG\startupreg: Windows Defender => %ProgramFiles%\Windows Defender\MSASCui.exe -hide ==================== Accounts: ============================= Administrator (S-1-5-21-2466917097-4220814058-3705793299-500 - Administrator - Disabled) Guest (S-1-5-21-2466917097-4220814058-3705793299-501 - Limited - Enabled) TEDi (S-1-5-21-2466917097-4220814058-3705793299-1000 - Administrator - Enabled) => C:\Users\TEDi ==================== Faulty Device Manager Devices ============= Name: isatap.{E0D9B7D8-A595-4D8C-AB06-DD02B98DFC5C} Description: Microsoft ISATAP Adapter Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318} Manufacturer: Microsoft Service: tunnel Problem: : This device cannot start. (Code10) Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device. On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard. Name: Multimedia Controller Description: Multimedia Controller Class Guid: Manufacturer: Service: Problem: : The drivers for this device are not installed. (Code 28) Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard. ==================== Event log errors: ========================= Application errors: ================== Error: (02/17/2015 08:09:29 PM) (Source: Microsoft-Windows-SpoolerSpoolss) (EventID: 1031) (User: NT AUTHORITY) Description: 0x80072af9 Error: (02/17/2015 08:07:43 PM) (Source: Application Error) (EventID: 1000) (User: ) Description: Faulting application avmailc.exe, version 13.6.20.2202, time stamp 0x521f4012, faulting module MSVCR100.dll, version 10.0.40219.1, time stamp 0x4d5f0c22, exception code 0x40000015, fault offset 0x0008d6fd, process id 0xb80, application start time 0xavmailc.exe0. Error: (02/17/2015 08:07:33 PM) (Source: Application Error) (EventID: 1000) (User: ) Description: Faulting application avmailc.exe, version 13.6.20.2202, time stamp 0x521f4012, faulting module MSVCR100.dll, version 10.0.40219.1, time stamp 0x4d5f0c22, exception code 0x40000015, fault offset 0x0008d6fd, process id 0x1528, application start time 0xavmailc.exe0. Error: (02/17/2015 08:07:29 PM) (Source: WinMgmt) (EventID: 10) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (02/17/2015 08:07:01 PM) (Source: Application Error) (EventID: 1000) (User: ) Description: Faulting application avmailc.exe, version 13.6.20.2202, time stamp 0x521f4012, faulting module MSVCR100.dll, version 10.0.40219.1, time stamp 0x4d5f0c22, exception code 0x40000015, fault offset 0x0008d6fd, process id 0xf64, application start time 0xavmailc.exe0. Error: (02/17/2015 08:06:37 PM) (Source: Application Error) (EventID: 1000) (User: ) Description: Faulting application ss_conn_service.exe, version 2.5.0.0, time stamp 0x53355653, faulting module ss_conn_service.exe, version 2.5.0.0, time stamp 0x53355653, exception code 0x40000015, fault offset 0x00062af6, process id 0xe48, application start time 0xss_conn_service.exe0. Error: (02/17/2015 08:06:17 PM) (Source: Microsoft-Windows-SpoolerSpoolss) (EventID: 1031) (User: NT AUTHORITY) Description: 0x80072af9 Error: (02/17/2015 07:36:48 PM) (Source: WinMgmt) (EventID: 10) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (02/17/2015 07:35:54 PM) (Source: EventSystem) (EventID: 4609) (User: ) Description: d:\longhorn\com\complus\src\events\tier1\eventsystemobj.cpp458007043c Error: (02/17/2015 07:07:48 PM) (Source: Microsoft-Windows-SpoolerSpoolss) (EventID: 1031) (User: NT AUTHORITY) Description: 0x80072af9 System errors: ============= Error: (02/17/2015 08:11:59 PM) (Source: Service Control Manager) (EventID: 7031) (User: ) Description: DisplayLinkManager12940301Restart the service Error: (02/17/2015 08:09:29 PM) (Source: Service Control Manager) (EventID: 7031) (User: ) Description: Print Spooler2600001Restart the service Error: (02/17/2015 08:09:20 PM) (Source: Service Control Manager) (EventID: 7023) (User: ) Description: Windows Update%%2147952506 Error: (02/17/2015 08:09:04 PM) (Source: Microsoft-Windows-Bits-Client) (EventID: 16392) (User: NT AUTHORITY) Description: 2147952506 Error: (02/17/2015 08:07:46 PM) (Source: Service Control Manager) (EventID: 7034) (User: ) Description: Avira Mail Protection3 Error: (02/17/2015 08:07:43 PM) (Source: Service Control Manager) (EventID: 7034) (User: ) Description: ATT MAHostService3 Error: (02/17/2015 08:07:43 PM) (Source: Service Control Manager) (EventID: 7023) (User: ) Description: ATT MAHostService%%4294967295 Error: (02/17/2015 08:07:42 PM) (Source: Service Control Manager) (EventID: 7001) (User: ) Description: UPnP Device HostSSDP Discovery%%1058 Error: (02/17/2015 08:07:42 PM) (Source: Service Control Manager) (EventID: 7031) (User: ) Description: ATT MAHostService210001Restart the service Error: (02/17/2015 08:07:41 PM) (Source: Service Control Manager) (EventID: 7023) (User: ) Description: ATT MAHostService%%4294967295 Microsoft Office Sessions: ========================= CodeIntegrity Errors: =================================== Date: 2015-02-17 20:10:35.330 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\drivers\dlkmd.sys because the set of per-page image hashes could not be found on the system. Date: 2015-02-17 20:10:35.238 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\drivers\dlkmd.sys because the set of per-page image hashes could not be found on the system. Date: 2015-02-17 20:10:35.147 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\drivers\dlkmd.sys because the set of per-page image hashes could not be found on the system. Date: 2015-02-17 20:10:35.047 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\drivers\dlkmd.sys because the set of per-page image hashes could not be found on the system. Date: 2015-02-17 20:07:28.578 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system. Date: 2015-02-17 19:43:25.379 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\drivers\mbamchameleon.sys because the set of per-page image hashes could not be found on the system. Date: 2015-02-17 19:43:25.301 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\drivers\mbamchameleon.sys because the set of per-page image hashes could not be found on the system. Date: 2015-02-17 19:43:25.223 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\drivers\mbamchameleon.sys because the set of per-page image hashes could not be found on the system. Date: 2015-02-17 19:43:25.130 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\drivers\mbamchameleon.sys because the set of per-page image hashes could not be found on the system. Date: 2015-02-17 19:39:16.448 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system. ==================== Memory info =========================== Processor: Intel® Core2 Quad CPU Q9550 @ 2.83GHz Percentage of memory in use: 39% Total physical RAM: 3325.58 MB Available physical RAM: 2007.52 MB Total Pagefile: 6844.16 MB Available Pagefile: 5299.4 MB Total Virtual: 2047.88 MB Available Virtual: 1900.57 MB ==================== Drives ================================ Drive c: () (Fixed) (Total:58.59 GB) (Free:5.23 GB) NTFS ==>[Drive with boot components (obtained from BCD)] Drive d: () (Fixed) (Total:39.06 GB) (Free:26.54 GB) NTFS Drive e: () (Fixed) (Total:39.06 GB) (Free:38.97 GB) NTFS Drive f: () (Fixed) (Total:561.91 GB) (Free:323.6 GB) NTFS Drive j: () (Fixed) (Total:97.66 GB) (Free:97.57 GB) NTFS Drive k: () (Fixed) (Total:1765.36 GB) (Free:189.03 GB) NTFS Drive l: () (Fixed) (Total:1863.01 GB) (Free:466.82 GB) NTFS Drive m: () (Fixed) (Total:1863.01 GB) (Free:213.08 GB) NTFS Drive o: () (Fixed) (Total:2794.51 GB) (Free:1753.42 GB) NTFS ==================== MBR & Partition Table ================== ======================================================== Disk: 0 (MBR Code: Windows 7 or Vista) (Size: 1863 GB) (Disk ID: 005267FC) Partition 1: (Not Active) - (Size=97.7 GB) - (Type=07 NTFS) Partition 2: (Not Active) - (Size=1765.4 GB) - (Type=07 NTFS) ======================================================== Disk: 1 (MBR Code: Windows 7 or Vista) (Size: 1863 GB) (Disk ID: 2E264054) Partition 1: (Not Active) - (Size=1863 GB) - (Type=07 NTFS) ======================================================== Disk: 2 (MBR Code: Windows 7 or Vista) (Size: 698.6 GB) (Disk ID: 92DCE1C5) Partition 1: (Active) - (Size=58.6 GB) - (Type=07 NTFS) Partition 2: (Not Active) - (Size=39.1 GB) - (Type=07 NTFS) Partition 3: (Not Active) - (Size=39.1 GB) - (Type=07 NTFS) Partition 4: (Not Active) - (Size=561.9 GB) - (Type=OF Extended) ======================================================== Disk: 7 (Size: 1863 GB) (Disk ID: E4CBBC8D) Partition 1: (Not Active) - (Size=1863 GB) - (Type=07 NTFS) Attempted reading MBR returned 0 bytes. Could not read MBR for disk 8. ==================== End Of Log ============================

Thank You

Hello, I recently installed/run AdwCleaner v4.110 and let it delete some files and registry keys on my Vista pc. I was trying to clean some traces of old/residual infections. Everything was fine prior to the install. Now windows explorer stopped working as well as my installed programs have sort of selective start-up. Sometimes they start, another - they wil not. Firefox would default to its home page, but I cant open anything further, no web search, simply unresponsive! Everytime I type web address or google search - nothing happens. As for IE, it shows "internet connection". I tried to run/update Malwarebytes but it wont let me. I tried rebooting in Safe Mode but it did not help, I get the exact same issues as in normal mode. Restoring to an earlier point is not an option as I had System Restore turned off at the time I ran AdwCleaner. Thanks for any help. Below I've c/p the AdwCleaner log file: # AdwCleaner v4.110 - Logfile created 06/02/2015 at 14:42:29 # Updated 05/02/2015 by Xplode # Database : 2015-02-05.2 [server] # Operating system : Windows Vista ™ Ultimate Service Pack 2 (x86) # Username : TEDi - TEDI-PC # Running from : C:\Users\TEDi\Desktop\adwcleaner_4.110.exe # Option : Cleaning ***** [ Services ] ***** [#] Service Deleted : pcwatch ***** [ Files / Folders ] ***** Folder Deleted : C:\ProgramData\Babylon Folder Deleted : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Coupons Folder Deleted : C:\Program Files\Optimizer Pro Folder Deleted : C:\Program Files\Web Protect Folder Deleted : C:\Program Files\Klip Pal Folder Deleted : C:\Program Files\Coupons Folder Deleted : C:\Users\TEDi\AppData\Local\Babylon Folder Deleted : C:\Users\TEDi\AppData\LocalLow\HPAppData Folder Deleted : C:\Users\TEDi\AppData\Roaming\Babylon Folder Deleted : C:\Users\TEDi\AppData\Roaming\HPAppData File Deleted : C:\END File Deleted : C:\Windows\system32\MyOSProtect.dll File Deleted : C:\Users\TEDi\AppData\Roaming\Mozilla\Firefox\Profiles\0az6boje.default-1350005085957\user.js ***** [ Scheduled tasks ] ***** ***** [ Shortcuts ] ***** ***** [ Registry ] ***** Key Deleted : HKLM\SOFTWARE\Classes\Prod.cap Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{1AA60054-57D9-4F99-9A55-D0FBFBE7ECD3} Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{533403E2-6E21-4615-9E28-43F4E97E977B} Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{5A4E3A41-FA55-4BDA-AED7-CEBE6E7BCB52} Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{9522B3FB-7A2B-4646-8AF6-36E7F593073C} Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{A85A5E6A-DE2C-4F4E-99DC-F469DF5A0EEC} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{0FCE4F01-64EC-42F1-83E1-1E08D38605D2} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{1A2A195A-A0F9-4006-AF02-3F05EEFDE792} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{2D9DB233-DC4B-4677-946C-5FA5ABCF506B} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{3AE76A17-C344-4A83-81CE-65EFEE41E42D} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{4C0A69B0-CE97-42B7-86FC-08280C99C74D} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{4E6354DE-9115-4AEE-BD21-C46C3E8A49DB} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{4E9EB4D5-C929-4005-AC62-1856B1DA5A24} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{813A22E0-3E2B-4188-9BDA-ECA9878B8D48} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{8FAF962C-3EDE-405E-B1D0-62B8235C6044} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{BCFF5F55-6F44-11D2-86F8-00104B265ED5} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{C1F5E799-B218-4C32-B189-3C389BA140BB} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{F60C9408-3110-4C98-A139-ABE1EE1111DD} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{FC073BDA-C115-4A1D-9DF9-9B5C461482E5} Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{A2D733A7-73B0-4C6B-B0C7-06A432950B66} Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{7854F00C-DC77-477E-A10E-603F48442D3B} Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{9522B3FB-7A2B-4646-8AF6-36E7F593073C} Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions\{92780B25-18CC-41C8-B9BE-3C9C571A8263} Key Deleted : HKCU\Software\APN PIP Key Deleted : HKCU\Software\Optimizer Pro Key Deleted : HKCU\Software\WebProtect Key Deleted : HKCU\Software\YahooPartnerToolbar Key Deleted : HKCU\Software\AppDataLow\{1146AC44-2F03-4431-B4FD-889BC837521F} Key Deleted : HKCU\Software\AppDataLow\Software\TheBestDeals Key Deleted : HKLM\SOFTWARE\{1146AC44-2F03-4431-B4FD-889BC837521F} Key Deleted : HKLM\SOFTWARE\{3A7D3E19-1B79-4E4E-BD96-5467DA2C4EF0} Key Deleted : HKLM\SOFTWARE\{6791A2F3-FC80-475C-A002-C014AF797E9C} Key Deleted : HKLM\SOFTWARE\Orbit Key Deleted : HKLM\SOFTWARE\PIP Key Deleted : HKLM\SOFTWARE\WebProtect Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Coupon Printer for Windows5.0.0.0 Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{3D2C9DE6-9ADE-4252-A241-E43723B0CE02} Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{99C91FC5-DB5B-4AA0-BB70-5D89C5A4DF96} Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\Optimizer Pro_is1 Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\RocketTab Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\SearchProtect Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\VOPackage Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\Coupon Printer for Windows5.0.0.0 ***** [ Web browsers ] ***** -\\ Internet Explorer v9.0.8112.16421 -\\ Mozilla Firefox v3.0.14 (en-US) ************************* AdwCleaner[R0].txt - [4901 bytes] - [03/02/2015 11:57:38] AdwCleaner[R1].txt - [5028 bytes] - [06/02/2015 14:32:02] AdwCleaner[s0].txt - [4955 bytes] - [06/02/2015 14:42:29] ########## EOF - C:\AdwCleaner\AdwCleaner[s0].txt - [5014 bytes] ##########