Jump to content

Mad Dog Vee

Honorary Members
  • Posts

    185
  • Joined

  • Last visited

Posts posted by Mad Dog Vee

  1. FIRST LINK: Image Version: 6.3.9600.17031

    Ran a scanhealth & it said The compoent store is repairable
    Ran a restorehealth & it said "The component store corruption was repaired.

     

    NOTHING CHANGED - I'm going to do a restart just in case before going to the second link (yes it was just a spacing error that gave the Error 87 before)

     

    LINK 2 METHOD 1

    Instructions weren't perfect but close enough to get me where I needed to go
    Problems found: Windows Update components must be repaired - FIXED

     

    METHOD 2 - not required.

     

    METHOD 3 - I assume copy/paste and run of repair.bat worked.  checked for updates, downloaded and installed & rebooted but

     

    NOTHING CHANGED

     

    So nothing changed using all these methods.  Link 3 isn't needed as that was only a spacing error.

  2. Toms Hardware suggestion: no change

    --------------

    Eightforums: Asks for a Microsoft Account and well iirc that is unnecessary, using the diagcab & it fixed some service

    ------------------

    Microsoft SFC scan = Windows Resource \protection found corrupt files but was unable to fix some of them.  Details are included in the CBS.\log windir\Logs\CBS\CBS.log.  For example\ C:\Windows\Logs\CBS\CBS.log.  Note that logging is currently not supported in offline servicing scenarios.

     

    DISM.exe = gives error 87 - doesn't recognise the command ''health''

    ---------------

     

    RUNNING THE DIAGNOSTIC AGAIN

     

    Issues found
    Service registration is missing or corrupt
    Detected
    Reset service registration
    Not run
    Microsoft account required
    Detected
    Switch to Microsoft account
    Not run

     

    I'm not Windows 8 savvy & this person is not even computer savvy really - Windows 8 was supposed to make it easier for these people. 

    I reset the Service registration but did not do a Microsoft account thing - that's up to them and a general pain in the rear.

     

    NEXT STEP is to check Windows 8 is activated but doesn't say how - Somehow in all these instructions I managed to open Computer & noticed it said Windows Activated

     

    The steps are practically useless - they tell me to open PC Settings then they do not say what to do from there

     

    So after all this mucking around - we've established we only have a LOCAL ACCOUNT on this computer

    ================================

     

    The instructions are near impossible to follow going through those many steps.  The CBS log from earlier was sent to Microsoft through the Action Center.

     

    None of these things worked.  She doesn't wish to refresh the computer as it will lose the printer and some other things that have been installed and is not savvy enough to put them back on.  I may have done one of the apps in the early days.

     

    This computer is only used for email and news & now I know why no one thinks highly of Windows 8

     

    ANY SUGGESTIONS WELCOME.

  3. A friend of mine is having trouble with windows 8.  I still have windows 7 so am not much help.

     

    When she opens apps - they don't seem to load up at all and automatically minimise.  I've looked around on the net and this seems a common problem but there is no clear solution.

     

    The internet still works fine.  Her emails work fine.  Apps like Reader or even News don't seem to load and automatically minimise.  You restore them and they haven't loaded and they also quickly minimise again.

     

    What course of action do you suggest?

  4. restorefix.reg was never ran - I was hesitant to do so give restorefix.bat didn't work.  DAR.reg is just a registry backup before they were ran.

     

    @echo off

    setlocal

    set key=HKLM\Software\Policies\Microsoft\Windows NT\SystemRestore

    set disableconfig=DisableConfig

    set disablesr=DisableSR

     

    :Enable

    swreg add %key% /v %disableconfig% /t REG_DWORD /d 0 > NUL

    swreg add %key% /v %disablesr% /t REG_DWORD /d 0 > NUL

     

    :eof

     

    IT IS OLD INFO SO PROBABLY NOT APPLICABLE TO WINDOWS 7

  5. Hi all,

     

    I think I've seen a similar issue to this before. Windows 7 - No System Restore - Mouse on black screen when loading windows normally.

     

    I tried a system restore without success but that also seemed to kill system restore - as it is not active - not under services to reinstate either. 

     

    I can get in in safe mode hence the logs.

     

    FRST LOG

     

    Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 22-10-2014
    Ran by JTR (administrator) on JTR-PC on 24-10-2014 00:41:10
    Running from C:\Users\JTR\Desktop
    Loaded Profile: JTR (Available profiles: JTR)
    Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: English (United States)
    Internet Explorer Version 11
    Boot Mode: Safe Mode (with Networking)
     
    ==================== Processes (Whitelisted) =================
     
    (If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
     
    (Microsoft Corporation) C:\Windows\System32\dllhost.exe
    (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    (Intel Corporation) C:\Windows\System32\igfxsrvc.exe
    (Microsoft Corporation) C:\Windows\System32\dllhost.exe
     
     
    ==================== Registry (Whitelisted) ==================
     
    (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
     
    HKLM\...\Run: [] => [X]
    HKLM\...\Run: [TPwrMain] => C:\Program Files\TOSHIBA\Power Saver\TPwrMain.EXE [497504 2009-08-06] (TOSHIBA Corporation)
    HKLM\...\Run: [HSON] => C:\Program Files\TOSHIBA\TBS\HSON.exe [52600 2009-03-10] (TOSHIBA Corporation)
    HKLM\...\Run: [smoothView] => C:\Program Files\Toshiba\SmoothView\SmoothView.exe [508216 2009-07-29] (TOSHIBA Corporation)
    HKLM\...\Run: [00TCrdMain] => C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe [909624 2009-08-06] (TOSHIBA Corporation)
    HKLM\...\Run: [synTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [1815848 2009-07-21] (Synaptics Incorporated)
    HKLM\...\Run: [TosSENotify] => C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosWaitSrv.exe [709976 2009-08-04] (TOSHIBA Corporation)
    HKLM\...\Run: [TosWaitSrv] => C:\Program Files\TOSHIBA\TPHM\TosWaitSrv.exe [711000 2009-08-05] (TOSHIBA Corporation)
    HKLM\...\Run: [TosNC] => C:\Program Files\Toshiba\BulletinBoard\TosNcCore.exe [596328 2009-08-07] (TOSHIBA Corporation)
    HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13667032 2000-01-01] (Realtek Semiconductor)
    HKLM\...\Run: [Telstra_McciTrayApp] => C:\Program Files\Telstra Broadband Assistant\1.0.1.10\ma\bin\pcTrayApp.exe [2835456 2014-07-30] (Telstra Corporation Ltd.)
    HKLM-x32\...\Run: [sVPWUTIL] => C:\Program Files (x86)\TOSHIBA\Utilities\SVPWUTIL.exe [352256 2009-07-10] (TOSHIBA CORPORATION)
    HKLM-x32\...\Run: [HWSetup] => C:\Program Files\TOSHIBA\Utilities\HWSetup.exe [423936 2009-06-03] (TOSHIBA Electronics, Inc.)
    HKLM-x32\...\Run: [KeNotify] => C:\Program Files (x86)\TOSHIBA\Utilities\KeNotify.exe [34088 2009-01-14] (TOSHIBA CORPORATION)
    HKLM-x32\...\Run: [YSearchProtection] => C:\Program Files (x86)\Yahoo!\Search Protection\SearchProtection.exe [111856 2009-02-04] (Yahoo! Inc)
    HKLM-x32\...\Run: [RoxWatchTray] => C:\Program Files (x86)\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe [236016 2009-07-08] (Sonic Solutions)
    HKLM-x32\...\Run: [CanonQuickMenu] => C:\Program Files (x86)\Canon\Quick Menu\CNQMMAIN.EXE [1273448 2012-04-03] (CANON INC.)
    HKLM-x32\...\Run: [AVG_UI] => C:\Program Files (x86)\AVG\AVG2014\avgui.exe [5187088 2014-08-11] (AVG Technologies CZ, s.r.o.)
    HKLM-x32\...\Run: [mobilegeni daemon] => C:\Program Files (x86)\Mobogenie\DaemonProcess.exe [761024 2013-12-13] ()
    HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-22] (Adobe Systems Incorporated)
    HKLM-x32\...\Run: [sunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)
    Winlogon\Notify\igfxcui: C:\windows\system32\igfxdev.dll (Intel Corporation)
    HKU\S-1-5-21-4096225383-1857649611-4187784336-1004\...\Run: [swg] => C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [39408 2010-04-27] (Google Inc.)
    HKU\S-1-5-21-4096225383-1857649611-4187784336-1004\...\Run: [ccleaner] => C:\Program Files\CCleaner\CCleaner64.exe [6482200 2014-09-27] (Piriform Ltd)
    HKU\S-1-5-21-4096225383-1857649611-4187784336-1004\...\Run: [search Protection] => C:\Program Files (x86)\Yahoo!\Search Protection\SearchProtection.exe [111856 2009-02-04] (Yahoo! Inc)
    HKU\S-1-5-21-4096225383-1857649611-4187784336-1004\...\Run: [GarminExpressTrayApp] => C:\Program Files (x86)\Garmin\Express Tray\ExpressTray.exe [1095000 2013-11-08] (Garmin Ltd or its subsidiaries)
    HKU\S-1-5-21-4096225383-1857649611-4187784336-1004\...\Run: [Driver Detective] => C:\Program Files (x86)\Driver Whiz\Driver Whiz\DriverWhiz.exe /applicationMode:systemTray /showWelcome:false
    HKU\S-1-5-21-4096225383-1857649611-4187784336-1004\...\Run: [skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [21446272 2014-05-08] (Skype Technologies S.A.)
    HKU\S-1-5-21-4096225383-1857649611-4187784336-1004\...\Run: [Google Update] => C:\Users\JTR\AppData\Local\Google\Update\GoogleUpdate.exe [116648 2014-03-28] (Google Inc.)
    HKU\S-1-5-21-4096225383-1857649611-4187784336-1004\...\Run: [fastclean] => "C:\Program Files (x86)\FastClean PRO\fastcleanpro.exe"
    HKU\S-1-5-21-4096225383-1857649611-4187784336-1004\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [6482200 2014-09-27] (Piriform Ltd)
    HKU\S-1-5-21-4096225383-1857649611-4187784336-1004\...\Policies\Explorer: [NoThumbnailCache] 1
    HKU\S-1-5-21-4096225383-1857649611-4187784336-1004\...\MountPoints2: {05a642a9-6f02-11df-9607-70f1a12ba276} - E:\WIN\setup.exe
    HKU\S-1-5-21-4096225383-1857649611-4187784336-1004\...\MountPoints2: {2aa9efb1-9d3e-11e0-a6c6-70f1a12ba276} - F:\autorun.exe
    HKU\S-1-5-21-4096225383-1857649611-4187784336-1004\...\MountPoints2: {b4e14541-501b-11e0-aa9c-70f1a12ba276} - E:\setup_vmc_lite.exe /checkApplicationPresence
    AppInit_DLLs-x32: c:\progra~3\bitguard\271769~1.27\{c16c1~1\bitguard.dll => "c:\progra~3\bitguard\271769~1.27\{c16c1~1\bitguard.dll" File Not Found
    Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\PHOTOfunSTUDIO 9.1 PE.lnk
    ShortcutTarget: PHOTOfunSTUDIO 9.1 PE.lnk -> C:\Program Files (x86)\Common Files\Panasonic\PHOTOfunSTUDIO AutoStart\AutoStartupService.exe (Panasonic Corporation)
    Startup: C:\Users\JTR\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
    ShortcutTarget: Dropbox.lnk -> C:\Users\JTR\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
    ShellIconOverlayIdentifiers: [1AMPCBOK] -> {04cd1f3e-81d5-4904-a3ab-e0f99a7d769d} => C:\windows\system32\mscoree.dll (Microsoft Corporation)
    ShellIconOverlayIdentifiers: [1AMPCBSyncing] -> {4d87b7a7-23f1-470c-aa45-96b25b9bd138} =>  No File
    ShellIconOverlayIdentifiers-x32: [1AMPCBOK] -> {04cd1f3e-81d5-4904-a3ab-e0f99a7d769d} => C:\windows\SysWOW64\mscoree.dll (Microsoft Corporation)
    ShellIconOverlayIdentifiers-x32: [1AMPCBSyncing] -> {4d87b7a7-23f1-470c-aa45-96b25b9bd138} =>  No File
    CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
     
    ==================== Internet (Whitelisted) ====================
     
    (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
     
    StartMenuInternet: IEXPLORE.EXE - iexplore.exe
    SearchScopes: HKCU - DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://www.bing.com/search?q={searchTerms}&r=146
    SearchScopes: HKCU - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://www.bing.com/search?q={searchTerms}&r=146
    SearchScopes: HKCU - {0A5A7107-A666-4766-B710-11758ADFFBD0} URL = http://www.flickr.com/search/?q={searchTerms}
    SearchScopes: HKCU - {1CB20BF0-BBAE-40A7-93F4-6435FF3D0411} URL = http://www.crawler.com/search/dispatcher.aspx?tp=bs&qkw={searchTerms}&tbid=60434
    SearchScopes: HKCU - {1F4DF0F4-6C8A-45E4-888B-96F8A11B5A07} URL = http://nz.news.search.yahoo.com/search/news?p={searchTerms}&fr=yessv
    SearchScopes: HKCU - {9CB36A63-8BF0-4AF2-AA43-75D811F2C7F8} URL = http://nz.search.yahoo.com/search/video?p={searchTerms}&fr=yessv
    SearchScopes: HKCU - {DECA3892-BA8F-44b8-A993-A466AD694AE4} URL = http://nz.search.yahoo.com/search?p={searchTerms}&fr=chr-tyc8
    SearchScopes: HKCU - {EF5AF3EC-C542-4290-B15B-FB1F2AA57E96} URL = http://nz.search.yahoo.com/search/images?p={searchTerms}&fr=yessv
    BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
    BHO: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
    BHO: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Microsoft Corporation)
    BHO-x32: HP Print Enhancer -> {0347C33E-8762-4905-BF09-768834316C61} -> C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll (Hewlett-Packard Co.)
    BHO-x32: Canon Easy-WebPrint EX BHO -> {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} -> C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexbho.dll (CANON INC.)
    BHO-x32: Java Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
    BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
    BHO-x32: Windows Live Messenger Companion Helper -> {9FDDE16B-836F-4806-AB1F-1455CBEFF289} -> C:\Program Files (x86)\Windows Live\Companion\companioncore.dll (Microsoft Corporation)
    BHO-x32: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
    BHO-x32: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Microsoft Corporation)
    BHO-x32: Java Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
    BHO-x32: SingleInstance Class -> {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} -> C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn0\YTSingleInstance.dll (Yahoo! Inc)
    BHO-x32: HP Smart BHO Class -> {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} -> C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll (Hewlett-Packard Co.)
    Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
    Toolbar: HKLM-x32 - Canon Easy-WebPrint EX - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexhlp.dll (CANON INC.)
    Toolbar: HKLM-x32 - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
    Toolbar: HKCU - Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
    Toolbar: HKCU - No Name - {4B3803EA-5230-4DC3-A7FC-33638F3D3542} -  No File
    DPF: HKLM-x32 {02BCC737-B171-4746-94C9-0D8A0B2C0089} http://office.microsoft.com/_layouts/ClientBin/ieawsdc32.cab
    DPF: HKLM-x32 {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} C:\Program Files (x86)\Yahoo!\Common\Yinsthelper.dll
    DPF: HKLM-x32 {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
    Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} -  No File
    Handler: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Microsoft Corporation)
    Handler-x32: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} -  No File
    Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
    Handler-x32: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Microsoft Corporation)
    Tcpip\Parameters: [DhcpNameServer] 192.168.2.1
     
    FireFox:
    ========
    FF Plugin: @adobe.com/FlashPlayer -> C:\windows\system32\Macromed\Flash\NPSWF64_14_0_0_145.dll ()
    FF Plugin: @garmin.com/GpsControl -> C:\Program Files\Garmin GPS Plugin\npGarmin.dll (GARMIN Corp.)
    FF Plugin: @microsoft.com/GENUINE -> disabled No File
    FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
    FF Plugin-x32: @adobe.com/FlashPlayer -> C:\windows\SysWOW64\Macromed\Flash\NPSWF32_14_0_0_145.dll ()
    FF Plugin-x32: @canon.com/EPPEX -> C:\Program Files (x86)\Canon\My Image Garden\AddOn\CIG\npmigfpi.dll (CANON INC.)
    FF Plugin-x32: @garmin.com/GpsControl -> C:\Program Files (x86)\Garmin GPS Plugin\npGarmin.dll (GARMIN Corp.)
    FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
    FF Plugin-x32: @java.com/DTPlugin,version=10.51.2 -> C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
    FF Plugin-x32: @java.com/JavaPlugin,version=10.51.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
    FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
    FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
    FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
    FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
    FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3538.0513 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
    FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3555.0308 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
    FF Plugin-x32: @Motive.com/NpMotive,version=1.0 -> C:\Program Files (x86)\Telstra Broadband Assistant\1.0.1.10\ma\bin\npMotive.dll (Telstra Corporation Ltd.)
    FF Plugin-x32: @Motive.com/npMotiveRequest,version=1.0 -> C:\Program Files (x86)\Common Files\Motive\npMotiveRequest.dll (Telstra Corporation Ltd.)
    FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
    FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
    FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
    FF Plugin HKCU: @talk.google.com/GoogleTalkPlugin -> C:\Users\JTR\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll (Google)
    FF Plugin HKCU: @talk.google.com/O1DPlugin -> C:\Users\JTR\AppData\Roaming\Mozilla\plugins\npo1d.dll (Google)
    FF Plugin HKCU: @tools.google.com/Google Update;version=3 -> C:\Users\JTR\AppData\Local\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
    FF Plugin HKCU: @tools.google.com/Google Update;version=9 -> C:\Users\JTR\AppData\Local\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
    FF Plugin ProgramFiles/Appdata: C:\Users\JTR\AppData\Roaming\mozilla\plugins\npgoogletalk.dll (Google)
    FF Plugin ProgramFiles/Appdata: C:\Users\JTR\AppData\Roaming\mozilla\plugins\npo1d.dll (Google)
    FF HKLM-x32\...\Firefox\Extensions: [smartwebprinting@hp.com] - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
    FF Extension: HP Smart Web Printing - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2011-04-16]
    FF HKLM-x32\...\Firefox\Extensions: [siteranker@siteranker.com] - C:\Program Files (x86)\SiteRanker\firefox
    FF HKLM-x32\...\Firefox\Extensions: [speedtestanalysis@SpeedAnalysis.com] - C:\Users\JTR\AppData\Roaming\Mozilla\Extensions\speedtestanalysis@SpeedAnalysis.com
    FF HKLM-x32\...\Firefox\Extensions: [freegames4357@BestOffers] - C:\Users\JTR\AppData\Roaming\Mozilla\Extensions\freegames4357@BestOffers
    FF HKCU\...\Firefox\Extensions: [smartwebprinting@hp.com] - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
    FF HKCU\...\Firefox\Extensions: [freegames4357@BestOffers] - C:\Users\JTR\AppData\Roaming\Mozilla\Extensions\freegames4357@BestOffers
     
    Chrome: 
    =======
    CHR Profile: C:\Users\JTR\AppData\Local\Google\Chrome\User Data\Default
    CHR Extension: (Telstra Extension) - C:\Users\JTR\AppData\Local\Google\Chrome\User Data\Default\Extensions\edmgmpmklgfbohogafcfobonnkogchec [2014-05-31]
    CHR Extension: (Skype Click to Call) - C:\Users\JTR\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl [2014-08-08]
    CHR Extension: (Google Wallet) - C:\Users\JTR\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-08-29]
    CHR HKLM-x32\...\Chrome\Extension: [edmgmpmklgfbohogafcfobonnkogchec] - C:\Program Files (x86)\Common Files\Motive\extensions\MotiveRequest.crx [2014-05-31]
    CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files (x86)\Skype\Toolbars\ChromeExtension\skype_chrome_extension.crx [2014-07-14]
    CHR HKLM-x32\...\Chrome\Extension: [ndibdjnfmopecpmkdieinmbadjfpblof] - C:\ProgramData\\ChromeExt\\avg.crx [2014-07-14]
     
    ==================== Services (Whitelisted) =================
     
    (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
     
    S2 avgfws; C:\Program Files (x86)\AVG\AVG2014\avgfws.exe [1417160 2014-08-11] (AVG Technologies CZ, s.r.o.)
    S2 AVGIDSAgent; C:\Program Files (x86)\AVG\AVG2014\avgidsagent.exe [3244048 2014-08-11] (AVG Technologies CZ, s.r.o.)
    S2 avgwd; C:\Program Files (x86)\AVG\AVG2014\avgwdsvc.exe [289328 2014-08-11] (AVG Technologies CZ, s.r.o.)
    S2 c2cautoupdatesvc; C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [1390176 2014-07-14] (Microsoft Corporation)
    S2 c2cpnrsvc; C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [1767520 2014-07-14] (Microsoft Corporation)
    S2 cfWiMAXService; C:\Program Files (x86)\TOSHIBA\ConfigFree\CFIWmxSvcs.exe [181616 2009-07-18] (TOSHIBA CORPORATION)
    S2 Garmin Core Update Service; C:\Program Files (x86)\Garmin\Core Update Service\Garmin.Cartography.MapUpdate.CoreService.exe [250712 2013-11-08] (Garmin Ltd or its subsidiaries)
    S2 gupdate1cae996bb638bf3; C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [133104 2010-05-02] (Google Inc.)
    S2 HPSLPSVC; C:\Program Files (x86)\HP\Digital Imaging\bin\HPSLPSVC64.DLL [1039360 2010-10-22] (Hewlett-Packard Co.) [File not signed]
    S3 IDriverT; C:\Program Files (x86)\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe [73728 2004-10-22] (Macrovision Corporation) [File not signed]
    S2 IJPLMSVC; C:\Program Files (x86)\Canon\IJPLM\IJPLMSVC.EXE [140456 2012-03-28] ()
    S2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1809720 2014-05-12] (Malwarebytes Corporation)
    S2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [860472 2014-05-12] (Malwarebytes Corporation)
    S2 MSSQL$SQLEXPRESS; c:\Program Files (x86)\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [29293408 2010-12-10] (Microsoft Corporation)
    S2 Net Driver HPZ12; C:\Windows\system32\HPZinw12.dll [71680 2010-08-06] (Hewlett-Packard) [File not signed]
    S2 pcCMService; C:\Program Files (x86)\Common Files\Motive\pcCMService.exe [369152 2013-10-23] (Alcatel-Lucent) [File not signed]
    S2 pcCMService64; C:\Program Files\Common Files\Motive\pcCMService.exe [460800 2013-10-23] (Alcatel-Lucent) [File not signed]
    S2 Pml Driver HPZ12; C:\Windows\system32\HPZipm12.dll [89600 2010-08-06] (Hewlett-Packard) [File not signed]
    S2 SlimService; C:\Program Files\SlimCleaner+\SlimServiceFactory.exe [232256 2013-10-30] (SlimWare Utilities, Inc.)
    S2 Telstra MAHostService; C:\Program Files (x86)\Telstra Broadband Assistant\1.0.1.10\ma\bin\MAHostService.exe [321024 2014-07-30] (Alcatel-Lucent) [File not signed]
    S2 TuneUp.UtilitiesSvc; C:\Program Files (x86)\TuneUp Utilities 2012\TuneUpUtilitiesService64.exe [2143072 2012-05-29] (TuneUp Software)
    S2 WSWNA3100; C:\Program Files (x86)\NETGEAR\WNA3100\WifiSvc.exe [285152 2010-08-26] ()
     
    ==================== Drivers (Whitelisted) ====================
     
    (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
     
    S1 Avgdiska; C:\Windows\System32\DRIVERS\avgdiska.sys [152344 2014-06-30] (AVG Technologies CZ, s.r.o.)
    R1 Avgfwfd; C:\Windows\System32\DRIVERS\avgfwd6a.sys [57144 2013-09-26] (AVG Technologies CZ, s.r.o.)
    S1 AVGIDSDriver; C:\Windows\System32\DRIVERS\avgidsdrivera.sys [242968 2014-06-17] (AVG Technologies CZ, s.r.o.)
    R0 AVGIDSHA; C:\Windows\System32\DRIVERS\avgidsha.sys [190744 2014-06-17] (AVG Technologies CZ, s.r.o.)
    S1 Avgldx64; C:\Windows\System32\DRIVERS\avgldx64.sys [235800 2014-06-17] (AVG Technologies CZ, s.r.o.)
    R0 Avgloga; C:\Windows\System32\DRIVERS\avgloga.sys [328984 2014-06-17] (AVG Technologies CZ, s.r.o.)
    R0 Avgmfx64; C:\Windows\System32\DRIVERS\avgmfx64.sys [123672 2014-06-17] (AVG Technologies CZ, s.r.o.)
    R0 Avgrkx64; C:\Windows\System32\DRIVERS\avgrkx64.sys [31512 2014-06-17] (AVG Technologies CZ, s.r.o.)
    R1 Avgtdia; C:\Windows\System32\DRIVERS\avgtdia.sys [269080 2014-06-17] (AVG Technologies CZ, s.r.o.)
    R1 avgtp; C:\windows\system32\drivers\avgtpx64.sys [46368 2013-10-03] (AVG Technologies)
    S3 MBAMProtector; C:\windows\system32\drivers\mbam.sys [25816 2014-05-12] (Malwarebytes Corporation)
    S3 MBAMSwissArmy; C:\windows\system32\drivers\MBAMSwissArmy.sys [122584 2014-10-23] (Malwarebytes Corporation)
    S3 MBAMWebAccessControl; C:\windows\system32\drivers\mwac.sys [63704 2014-05-12] (Malwarebytes Corporation)
    S3 MREMP50; C:\Program Files (x86)\Common Files\Motive\MREMP50.sys [21248 2010-02-03] (Printing Communications Assoc., Inc. (PCAUSA)) [File not signed]
    S3 MREMP50a64; C:\Program Files\Common Files\Motive\MREMP50a64.SYS [43008 2010-02-03] (Printing Communications Assoc., Inc. (PCAUSA))
    S3 MRESP50; C:\Program Files (x86)\Common Files\Motive\MRESP50.sys [20096 2010-02-03] (Printing Communications Assoc., Inc. (PCAUSA)) [File not signed]
    S3 MRESP50a64; C:\Program Files\Common Files\Motive\MRESP50a64.SYS [40960 2010-02-03] (Printing Communications Assoc., Inc. (PCAUSA))
    S3 NPF; C:\Windows\System32\DRIVERS\npf.sys [47632 2010-02-03] (CACE Technologies, Inc.)
    S3 qcusbser; C:\Windows\System32\DRIVERS\qcusbser.sys [118016 2010-07-27] (TCT International Mobile Ltd)
    S3 RimUsb; No ImagePath
    S3 RimVSerPort; C:\Windows\System32\DRIVERS\RimSerial_AMD64.sys [31744 2009-01-09] (Research in Motion Ltd)
    S3 RSUSBSTOR; No ImagePath
    S3 RtsUIR; No ImagePath
    S3 SWDUMon; C:\Windows\System32\DRIVERS\SWDUMon.sys [16152 2014-08-30] ()
    S3 TuneUpUtilitiesDrv; C:\Program Files (x86)\TuneUp Utilities 2012\TuneUpUtilitiesDriver64.sys [11856 2012-05-08] (TuneUp Software)
    S3 USBCCID; No ImagePath
    S3 MREMPR5; \??\C:\PROGRA~1\COMMON~1\Motive\MREMPR5.SYS [X]
    S3 MRENDIS5; \??\C:\PROGRA~1\COMMON~1\Motive\MRENDIS5.SYS [X]
     
    ==================== NetSvcs (Whitelisted) ===================
     
    (If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
     
     
    ==================== One Month Created Files and Folders ========
     
    (If an entry is included in the fixlist, the file\folder will be moved.)
     
    2014-10-24 00:41 - 2014-10-24 00:41 - 00024875 _____ () C:\Users\JTR\Desktop\FRST.txt
    2014-10-24 00:41 - 2014-10-23 16:38 - 02112000 _____ (Farbar) C:\Users\JTR\Desktop\FRST64.exe
    2014-10-24 00:34 - 2014-10-24 00:35 - 00049893 _____ () C:\Users\JTR\Downloads\Addition.txt
    2014-10-24 00:32 - 2014-10-24 00:41 - 00000000 ____D () C:\FRST
    2014-10-24 00:32 - 2014-10-24 00:35 - 00029086 _____ () C:\Users\JTR\Downloads\FRST.txt
    2014-10-24 00:25 - 2014-10-24 00:25 - 00000793 _____ () C:\Users\Public\Desktop\CCleaner.lnk
    2014-10-24 00:24 - 2014-10-24 00:25 - 04965896 _____ (Piriform Ltd) C:\Users\JTR\Downloads\ccsetup418.exe
    2014-10-23 16:37 - 2014-10-23 16:38 - 02112000 _____ (Farbar) C:\Users\JTR\Downloads\FRST64.exe
    2014-10-23 16:28 - 2014-10-23 16:28 - 325253922 _____ () C:\Users\JTR\Desktop\dar.reg
    2014-10-23 16:27 - 2014-10-23 16:27 - 00002350 _____ () C:\Users\JTR\Desktop\restorefix.reg
    2014-10-23 16:25 - 2014-10-23 16:25 - 00000282 _____ () C:\Users\JTR\Desktop\restorefix.bat
    2014-10-23 16:04 - 2014-10-23 16:04 - 00000640 _____ () C:\windows\PFRO.log
    2014-10-23 15:01 - 2014-10-23 16:01 - 00000168 _____ () C:\windows\setupact.log
    2014-10-23 15:01 - 2014-10-23 15:01 - 00000000 _____ () C:\windows\setuperr.log
     
    ==================== One Month Modified Files and Folders =======
     
    (If an entry is included in the fixlist, the file\folder will be moved.)
     
    2014-10-24 00:35 - 2009-07-14 16:13 - 00853802 _____ () C:\windows\system32\PerfStringBackup.INI
    2014-10-24 00:31 - 2014-04-30 09:37 - 01178738 _____ () C:\windows\WindowsUpdate.log
    2014-10-24 00:29 - 2012-03-09 16:48 - 00065536 _____ () C:\windows\system32\Ikeext.etl
    2014-10-24 00:25 - 2011-02-09 12:03 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
    2014-10-24 00:25 - 2011-02-09 12:03 - 00000000 ____D () C:\Program Files\CCleaner
    2014-10-23 17:39 - 2010-04-26 19:14 - 00000000 ____D () C:\Users\JTR
    2014-10-23 15:21 - 2014-07-05 18:17 - 00122584 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\MBAMSwissArmy.sys
    2014-10-23 14:00 - 2014-04-30 13:01 - 00000000 ___SD () C:\windows\system32\CompatTel
    2014-10-23 14:00 - 2009-07-14 18:45 - 00000000 ____D () C:\Program Files\Windows Journal
    2014-10-23 14:00 - 2009-07-14 14:20 - 00000000 ____D () C:\windows\SysWOW64\Dism
    2014-10-23 14:00 - 2009-07-14 14:20 - 00000000 ____D () C:\windows\system32\Dism
    2014-10-23 14:00 - 2009-07-14 14:20 - 00000000 ____D () C:\windows\PolicyDefinitions
    2014-10-23 13:59 - 2014-02-03 20:34 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
    2014-10-23 13:59 - 2013-03-18 22:12 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
    2014-10-23 13:59 - 2013-03-13 12:01 - 00000000 ____D () C:\Program Files\Microsoft Silverlight
    2014-10-23 13:59 - 2010-04-27 09:39 - 00000000 ____D () C:\Program Files (x86)\Microsoft Silverlight
    2014-10-23 13:59 - 2009-07-14 14:20 - 00000000 ____D () C:\windows\servicing
    2014-10-23 13:59 - 2009-07-14 14:20 - 00000000 ____D () C:\Program Files\Common Files\Microsoft Shared
    2014-10-23 13:57 - 2010-05-02 12:30 - 00000000 ____D () C:\Users\JTR\AppData\Roaming\Skype
    2014-10-23 13:56 - 2009-08-21 10:16 - 00000000 ____D () C:\Program Files (x86)\Java
     
    Some content of TEMP:
    ====================
    C:\Users\JTR\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpj7dpte.dll
    C:\Users\JTR\AppData\Local\Temp\jre-7u67-windows-i586-iftw.exe
     
     
    ==================== Bamital & volsnap Check =================
     
    (There is no automatic fix for files that do not pass verification.)
     
    C:\Windows\System32\winlogon.exe => File is digitally signed
    C:\Windows\System32\wininit.exe => File is digitally signed
    C:\Windows\SysWOW64\wininit.exe => File is digitally signed
    C:\Windows\explorer.exe => File is digitally signed
    C:\Windows\SysWOW64\explorer.exe => File is digitally signed
    C:\Windows\System32\svchost.exe => File is digitally signed
    C:\Windows\SysWOW64\svchost.exe => File is digitally signed
    C:\Windows\System32\services.exe => File is digitally signed
    C:\Windows\System32\User32.dll => File is digitally signed
    C:\Windows\SysWOW64\User32.dll => File is digitally signed
    C:\Windows\System32\userinit.exe => File is digitally signed
    C:\Windows\SysWOW64\userinit.exe => File is digitally signed
    C:\Windows\System32\rpcss.dll => File is digitally signed
    C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
     
     
    LastRegBack: 2014-08-29 22:59
     
    ==================== End Of Log ============================
     
     
    ADDITION LOG
     
    Additional scan result of Farbar Recovery Scan Tool (x64) Version: 22-10-2014
    Ran by JTR at 2014-10-24 00:41:51
    Running from C:\Users\JTR\Desktop
    Boot Mode: Safe Mode (with Networking)
    ==========================================================
     
     
    ==================== Security Center ========================
     
    (If an entry is included in the fixlist, it will be removed.)
     
     
    ==================== Installed Programs ======================
     
    (Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
     
    2007 Microsoft Office system (HKLM-x32\...\PROHYBRIDR) (Version: 12.0.6612.1000 - Microsoft Corporation)
    64 Bit HP CIO Components Installer (Version: 7.2.8 - Hewlett-Packard) Hidden
    Acrobat.com (HKLM-x32\...\{287ECFA4-719A-2143-A09B-D6A12DE54E40}) (Version: 1.6.65 - Adobe Systems Incorporated)
    Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 3.9.0.1210 - Adobe Systems Incorporated)
    Adobe AIR (x32 Version: 3.9.0.1210 - Adobe Systems Incorporated) Hidden
    Adobe AIR Free Download Packages (HKCU\...\Adobe AIR Free Download Packages) (Version:  - ) <==== ATTENTION
    Adobe Flash Player 14 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 14.0.0.145 - Adobe Systems Incorporated)
    Adobe Flash Player 14 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 14.0.0.145 - Adobe Systems Incorporated)
    Adobe Flash Player ActiveX Free Download Packages (HKCU\...\Adobe Flash Player ActiveX Free Download Packages) (Version:  - ) <==== ATTENTION
    Adobe Flash Player Plugin Free Download Packages (HKCU\...\Adobe Flash Player Plugin Free Download Packages) (Version:  - ) <==== ATTENTION
    Adobe Reader X (10.1.11) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AA1000000001}) (Version: 10.1.11 - Adobe Systems Incorporated)
    Apple Application Support (HKLM-x32\...\{45C56AA7-ED1B-4800-A97F-EDDF3F3520B1}) (Version: 2.3.3 - Apple Inc.)
    Apple Mobile Device Support (HKLM\...\{9C98CA38-4C1A-4AC8-B55C-169497C8826B}) (Version: 4.0.0.96 - Apple Inc.)
    Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
    AVG 2014 (HKLM\...\AVG) (Version: 2014.0.4745 - AVG Technologies)
    AVG 2014 (Version: 14.0.4015 - AVG Technologies) Hidden
    AVG 2014 (Version: 14.0.4745 - AVG Technologies) Hidden
    AVG PC Tuneup (HKLM-x32\...\{50316C0A-CC2A-460A-9EA5-F486E54AC17D}_is1) (Version: 10.0.0.27 - AVG)
    B110 (x32 Version: 140.0.283.000 - Hewlett-Packard) Hidden
    BCL easyConverter Desktop 3 (Word Version) (HKLM-x32\...\{8C5845B5-729F-40E3-A945-4454E67F65F4}) (Version: 3.0.18 - BCL Technologies)
    BigPond Broadband ADSL (HKLM-x32\...\{2A36014E-DF1D-4840-A209-3185B17BFC71}) (Version: 11.0 - BigPond)
    Bluetooth Stack for Windows by Toshiba (HKLM\...\{CEBB6BFB-D708-4F99-A633-BC2600E01EF6}) (Version: v8.00.02(T) - TOSHIBA CORPORATION)
    Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
    BufferChm (x32 Version: 140.0.212.000 - Hewlett-Packard) Hidden
    Canon Easy-WebPrint EX (HKLM-x32\...\Easy-WebPrint EX) (Version:  - )
    Canon IJ Scan Utility (HKLM-x32\...\Canon_IJ_Scan_Utility) (Version:  - ‪Canon Inc.‬)
    Canon Inkjet Printer/Scanner/Fax Extended Survey Program (HKLM-x32\...\CANONIJPLM100) (Version: 4.0.0 - Canon Inc.)
    Canon MG2200 series MP Drivers (HKLM\...\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MG2200_series) (Version: 1.00 - Canon Inc.)
    Canon MG2200 series On-screen Manual (HKLM-x32\...\Canon MG2200 series On-screen Manual) (Version: 7.5.0 - Canon Inc.)
    Canon My Image Garden (HKLM-x32\...\Canon My Image Garden) (Version: 1.0.0 - Canon Inc.)
    Canon My Image Garden Design Files (HKLM-x32\...\Canon My Image Garden Design Files) (Version: 1.0.0 - Canon Inc.)
    Canon My Printer (HKLM-x32\...\CanonMyPrinter) (Version: 3.0.0 - Canon Inc.)
    Canon Quick Menu (HKLM-x32\...\CanonQuickMenu) (Version: 2.0.0 - Canon Inc.)
    CCleaner (HKLM\...\CCleaner) (Version: 4.18 - Piriform)
    Compatibility Pack for the 2007 Office system (HKLM-x32\...\{90120000-0020-0409-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation)
    D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
    Defraggler (HKLM\...\Defraggler) (Version: 2.09 - Piriform)
    Destinations (x32 Version: 140.0.77.000 - Hewlett-Packard) Hidden
    DeviceDiscovery (x32 Version: 140.0.212.000 - Hewlett-Packard) Hidden
    Direct DiscRecorder (x32 Version: 1.00.0000 - Corel Corporation) Hidden
    Documents To Go Desktop for iOS (HKLM-x32\...\DTGDesktop) (Version: 4.0001.010 - DataViz, Inc.)
    DriverUpdate (HKLM-x32\...\{24EDC8CC-1E94-4D2B-9B1B-1D63DFF05F6D}) (Version: 2.2.36927 - SlimWare Utilities, Inc.)
    Dropbox (HKCU\...\Dropbox) (Version: 2.10.28 - Dropbox, Inc.)
    DVD MovieFactory for TOSHIBA (HKLM-x32\...\InstallShield_{50F68032-B5B7-4513-9116-C978DBD8F27A}) (Version: 7.0.0 - Corel Corporation)
    DVD MovieFactory for TOSHIBA (x32 Version: 7.0.0 - Corel Corporation) Hidden
    Elevated Installer (x32 Version: 2.3.16.0 - Garmin Ltd or its subsidiaries) Hidden
    e-tax 2013 (HKLM-x32\...\{FFF14233-FE39-4671-A38E-76FD8F24A879}) (Version: 0.10.558 - Australian Taxation Office)
    Garmin City Navigator Australia And New Zealand NT 2013.10 Update (HKLM-x32\...\{D8077FA2-97A4-48C6-BDCA-C3E426B06FF9}) (Version: 13.10.0.0 - Garmin Ltd or its subsidiaries)
    Garmin Communicator Plugin (HKLM-x32\...\{71DBFBF2-F7EB-4268-8485-9471D83C4E66}) (Version: 4.2.0 - Garmin Ltd or its subsidiaries)
    Garmin Communicator Plugin x64 (HKLM\...\{70A381F1-C161-4D61-A20C-BE12FC6777DF}) (Version: 4.2.0 - Garmin Ltd or its subsidiaries)
    Garmin Express (HKLM-x32\...\{6f60b921-2ae3-43fe-a6fb-ad849bd91451}) (Version: 2.3.16.0 - Garmin Ltd or its subsidiaries)
    Garmin Express (x32 Version: 2.3.16.0 - Garmin Ltd or its subsidiaries) Hidden
    Garmin Express Tray (x32 Version: 2.3.16.0 - Garmin Ltd or its subsidiaries) Hidden
    Garmin USB Drivers (HKLM-x32\...\{510D2239-6C2E-457B-9590-485EC552D94D}) (Version: 2.3.0.0 - Garmin Ltd or its subsidiaries)
    Google Chrome (HKLM-x32\...\Google Chrome) (Version: 32.0.1700.107 - Google Inc.)
    Google Drive (HKLM-x32\...\{56D4499E-AC3E-4B8D-91C9-C700C148C44B}) (Version: 1.13.5782.599 - Google, Inc.)
    Google Earth (HKLM-x32\...\{A2264E8F-1649-11E3-8BED-B8AC6F98CCE3}) (Version: 7.1.2.2019 - Google)
    Google Earth Free Download Packages (HKCU\...\Google Earth Free Download Packages) (Version:  - ) <==== ATTENTION
    Google Talk Plugin (HKLM-x32\...\{E121A4FE-009B-385B-BB0D-B934E2A88288}) (Version: 5.2.4.18058 - Google)
    Google Toolbar for Internet Explorer (HKLM-x32\...\{2318C2B1-4965-11d4-9B18-009027A5CD4F}) (Version: 7.5.4805.320 - Google Inc.)
    Google Toolbar for Internet Explorer (x32 Version: 1.0.0 - Google Inc.) Hidden
    Google Update Helper (x32 Version: 1.3.24.15 - Google Inc.) Hidden
    GPBaseService2 (x32 Version: 140.0.211.000 - Hewlett-Packard) Hidden
    HP Customer Participation Program 14.0 (HKLM\...\HPExtendedCapabilities) (Version: 14.0 - HP)
    HP Photosmart Wireless B110 All-In-One Driver Software 14.0 Rel. 7 (HKLM\...\{59C83C08-63F4-4AEC-81D6-392C5E23B843}) (Version: 14.0 - HP)
    HPAppStudio (x32 Version: 140.0.95.000 - Hewlett-Packard) Hidden
    HPDiagnosticAlert (x32 Version: 1.00.0000 - Microsoft) Hidden
    HPPhotoGadget (x32 Version: 140.0.524.000 - Hewlett-Packard) Hidden
    HPProductAssistant (x32 Version: 140.0.212.000 - Hewlett-Packard) Hidden
    HPSSupply (x32 Version: 140.0.211.000 - Hewlett-Packard) Hidden
    iCloud (HKLM\...\{704C0303-D20C-45AF-BD2B-556EAF31BE09}) (Version: 2.1.2.8 - Apple Inc.)
    Intel® Graphics Media Accelerator Driver (HKLM\...\HDMI) (Version: 8.15.10.1883 - Intel Corporation)
    Java 7 Update 51 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83217021FF}) (Version: 7.0.510 - Oracle)
    Java Auto Updater (x32 Version: 2.1.9.8 - Sun Microsystems, Inc.) Hidden
    Java 6 Update 29 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83216014FF}) (Version: 6.0.290 - Sun Microsystems, Inc.)
    Jump Flip (HKLM\...\Jump Flip) (Version: 2014.01.16.002256 - Jump Flip) <==== ATTENTION
    Junk Mail filter update (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
    LoiLoScope Download (HKLM-x32\...\{C2A254F4-AC74-482F-8F09-DB2843AC2AAE}_is1) (Version: 2.0 - LoiLo inc)
    LSI V92 MOH Application (HKLM\...\LTMOH) (Version:  - LSI Corporation)
    LUMIX Map Tool (HKLM-x32\...\InstallShield_{7DCF5B1D-79C2-4F24-9746-511436EBC6B4}) (Version: 1.1.0 - Panasonic Corporation)
    LUMIX Map Tool (x32 Version: 1.1.0 - Panasonic Corporation) Hidden
    Malwarebytes Anti-Malware version 2.0.2.1012 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.2.1012 - Malwarebytes Corporation)
    MarketResearch (x32 Version: 140.0.212.000 - Hewlett-Packard) Hidden
    Mesh Runtime (x32 Version: 15.4.5722.2 - Microsoft Corporation) Hidden
    Messenger Companion (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
    Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
    Microsoft Office 2003 Web Components (HKLM-x32\...\{90A40409-6000-11D3-8CFE-0150048383C9}) (Version: 11.0.8173.0 - Microsoft Corporation)
    Microsoft Office 2007 Primary Interop Assemblies (HKLM-x32\...\{50120000-1105-0000-0000-0000000FF1CE}) (Version: 12.0.4518.1014 - Microsoft Corporation)
    Microsoft Office 2007 Service Pack 3 (SP3) (HKLM-x32\...\{91120000-0031-0000-0000-0000000FF1CE}_PROHYBRIDR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version:  - Microsoft)
    Microsoft Office 2007 Service Pack 3 (SP3) (HKLM-x32\...\{91120000-00CA-0000-0000-0000000FF1CE}_SMALLBUSINESSR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version:  - Microsoft)
    Microsoft Office File Validation Add-In (HKLM-x32\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
    Microsoft Office Small Business 2007 (HKLM-x32\...\SMALLBUSINESSR) (Version: 12.0.6612.1000 - Microsoft Corporation)
    Microsoft Office Small Business Connectivity Components (HKLM-x32\...\{A939D341-5A04-4E0A-BB55-3E65B386432D}) (Version: 2.0.7024.0 - Microsoft Corporation)
    Microsoft Office Suite Activation Assistant (HKLM-x32\...\{E50AE784-FABE-46DA-A1F8-7B6B56DCB22E}) (Version: 2.9 - Microsoft Corporation)
    Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30214.0 - Microsoft Corporation)
    Microsoft SQL Server 2005 (HKLM-x32\...\Microsoft SQL Server 2005) (Version:  - Microsoft Corporation)
    Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
    Microsoft SQL Server Compact 3.5 SP2 ENU (HKLM-x32\...\{3A9FC03D-C685-4831-94CF-4EDFD3749497}) (Version: 3.5.8080.0 - Microsoft Corporation)
    Microsoft SQL Server Compact 3.5 SP2 x64 ENU (HKLM\...\{D4AD39AD-091E-4D33-BB2B-59F6FCB8ADC3}) (Version: 3.5.8080.0 - Microsoft Corporation)
    Microsoft SQL Server Native Client (HKLM\...\{9ACF3FDB-C8E6-444C-8C64-13A221F7BFFD}) (Version: 9.00.5000.00 - Microsoft Corporation)
    Microsoft SQL Server Setup Support Files (English) (HKLM-x32\...\{53F5C3EE-05ED-4830-994B-50B2F0D50FCE}) (Version: 9.00.5000.00 - Microsoft Corporation)
    Microsoft SQL Server VSS Writer (HKLM\...\{B636C9B9-A3F2-4DCE-ADCC-72E095018385}) (Version: 9.00.5000.00 - Microsoft Corporation)
    Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053 (HKLM\...\{B6E3757B-5E77-3915-866A-CCFC4B8D194C}) (Version: 8.0.50727.4053 - Microsoft Corporation)
    Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (HKLM-x32\...\{770657D0-A123-3C07-8E44-1C83EC895118}) (Version: 8.0.50727.4053 - Microsoft Corporation)
    Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
    Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
    Microsoft Visual C++ 2005 Redistributable (x64) - KB2467175 (HKLM\...\{aac9fcc4-dd9e-4add-901c-b5496a07ab2e}) (Version: 8.0.51011 - Microsoft Corporation)
    Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
    Microsoft Visual C++ 2008 ATL Update kb973924 - x64 9.0.30729.4148 (HKLM\...\{EE936C7A-EA40-31D5-9B65-8E3E089C3828}) (Version: 9.0.30729.4148 - Microsoft Corporation)
    Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148 (HKLM-x32\...\{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}) (Version: 9.0.30729.4148 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - KB2467174 - x64 9.0.30729.5570 (HKLM\...\{8338783A-0968-3B85-AFC7-BAAE0A63DC50}) (Version: 9.0.30729.5570 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 (HKLM-x32\...\{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}) (Version: 9.0.30729.5570 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
    Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
    Microsoft Works 6-9 Converter (HKLM-x32\...\{95140000-0137-0409-0000-0000000FF1CE}) (Version: 14.0.6120.5002 - Microsoft Corporation)
    MobileMe Control Panel (HKLM\...\{6DD01FF3-63CE-436B-96DB-61363EAA4EB8}) (Version: 3.1.8.0 - Apple Inc.)
    Mobogenie (HKLM-x32\...\Mobogenie) (Version:  - Mobogenie.com) <==== ATTENTION
    MSVCRT (x32 Version: 15.4.2862.0708 - Microsoft) Hidden
    MSVCRT_amd64 (x32 Version: 15.4.2862.0708 - Microsoft) Hidden
    MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
    MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
    MyPC Backup  (HKLM\...\MyPC Backup) (Version:  - MyPC Backup) <==== ATTENTION
    NETGEAR WNA3100 wireless USB 2.0 adapter (HKLM-x32\...\{C2425F91-1F7B-4037-9A05-9F290184798D}) (Version: 1.01.206 - NETGEAR)
    Network64 (Version: 140.0.215.000 - Hewlett-Packard) Hidden
    Network64 (Version: 140.0.221.000 - Hewlett-Packard) Hidden
    Optimizer Pro v3.2 (HKLM-x32\...\Optimizer Pro_is1) (Version: 3.2 - PC Utilities Software Limited) <==== ATTENTION
    PHOTOfunSTUDIO 9.1 PE (HKLM-x32\...\{C13FE7DE-D34D-48CC-9FA3-8DB9A3621B98}) (Version: 9.01.709 - Panasonic Corporation)
    PlayReady PC Runtime amd64 (HKLM\...\{BCA9334F-B6C9-4F65-9A73-AC5A329A4D04}) (Version: 1.3.0 - Microsoft Corporation)
    PS_AIO_07_B110_SW_Min (x32 Version: 140.0.142.000 - Hewlett-Packard) Hidden
    QuickTransfer (x32 Version: 140.0.98.000 - Hewlett-Packard) Hidden
    Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.41.216.2011 - Realtek)
    Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7183 - Realtek Semiconductor Corp.)
    Realtek USB 2.0 Card Reader (HKLM-x32\...\{96AE7E41-E34E-47D0-AC07-1091A8127911}) (Version: 6.1.7600.30101 - Realtek Semiconductor Corp.)
    Realtek WLAN Driver (HKLM-x32\...\{0FB630AB-7BD8-40AE-B223-60397D57C3C9}) (Version: 2.00.0006 - Realtek)
    Recuva (HKLM\...\Recuva) (Version: 1.47 - Piriform)
    Roxio Media Manager (x32 Version: 9.4.067 - Roxio) Hidden
    Scan (x32 Version: 140.0.80.000 - Hewlett-Packard) Hidden
    Search-Gol Chrome Toolbar (HKLM-x32\...\Search-Gol Chrome Toolbar) (Version:  - Search-Gol) <==== ATTENTION
    Skype Click to Call (HKLM-x32\...\{6D1221A9-17BF-4EC0-81F2-27D30EC30701}) (Version: 7.3.16540.9015 - Microsoft Corporation)
    Skype Download Packages (HKCU\...\Skype Download Packages) (Version:  - ) <==== ATTENTION
    Skype™ 6.16 (HKLM-x32\...\{7A3C7E05-EE37-47D6-99E1-2EB05A3DA3F7}) (Version: 6.16.105 - Skype Technologies S.A.)
    SlimCleaner+ (HKLM\...\{4CA4B2E7-3F49-4C15-9869-547FDB24C8E6}) (Version: 1.0.16057 - SlimWare Utilities, Inc.)
    SmartWebPrinting (x32 Version: 140.0.186.000 - Hewlett-Packard) Hidden
    SolutionCenter (x32 Version: 140.0.214.000 - Hewlett-Packard) Hidden
    Status (x32 Version: 140.0.256.000 - Hewlett-Packard) Hidden
    Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 13.2.6.1 - Synaptics Incorporated)
    Telstra Broadband Assistant (HKLM-x32\...\Telstra-Telstra Broadband Assistant) (Version: 1.0.1.10 - Telstra Corporation Ltd.)
    Toolbox (x32 Version: 140.0.428.000 - Hewlett-Packard) Hidden
    TOSHIBA Assist (HKLM-x32\...\{1B87C40B-A60B-4EF3-9A68-706CF4B69978}) (Version: 3.00.09 - TOSHIBA)
    TOSHIBA Bulletin Board (HKLM-x32\...\InstallShield_{1E9E8BA6-FD0B-465D-AFA2-ECE10BF095F9}) (Version: 1.0.04.64 - TOSHIBA Corporation)
    TOSHIBA Bulletin Board (Version: 1.0.04.64 - Your Company Name) Hidden
    TOSHIBA ConfigFree (HKLM-x32\...\{F3529665-D75E-4D6D-98F0-745C78C68E9B}) (Version: 8.0.19 - TOSHIBA Corporation)
    TOSHIBA DVD PLAYER (HKLM-x32\...\{6C5F3BDC-0A1B-4436-A696-5939629D5C31}) (Version: 3.01.0.07-A - TOSHIBA Corporation)
    TOSHIBA eco Utility (HKLM-x32\...\InstallShield_{B3FF1CD9-B2F0-4D71-BB55-5F580401C48E}) (Version: 1.1.6.64 - TOSHIBA Corporation)
    TOSHIBA eco Utility (Version: 1.1.6.64 - TOSHIBA Corporation) Hidden
    TOSHIBA eco Utility (x32 Version: 1.1.6.64 - TOSHIBA Corporation) Hidden
    TOSHIBA Extended Tiles for Windows Mobility Center (HKLM-x32\...\InstallShield_{617C36FD-0CBE-4600-84B2-441CEB12FADF}) (Version:  - )
    TOSHIBA Extended Tiles for Windows Mobility Center (Version: 1.01.00 - TOSHIBA Corporation) Hidden
    TOSHIBA Face Recognition (HKLM-x32\...\InstallShield_{F67FA545-D8E5-4209-86B1-AEE045D1003F}) (Version: 3.1.0.64 - TOSHIBA Corporation)
    TOSHIBA Face Recognition (Version: 3.1.0.64 - TOSHIBA Corporation) Hidden
    TOSHIBA Flash Cards Support Utility (HKLM-x32\...\InstallShield_{620BBA5E-F848-4D56-8BDA-584E44584C5E}) (Version: 1.63.0.4C - TOSHIBA CORPORATION)
    TOSHIBA Flash Cards Support Utility (x32 Version: 1.63.0.4C - TOSHIBA CORPORATION) Hidden
    TOSHIBA Hardware Setup (HKLM-x32\...\InstallShield_{5279374D-87FE-4879-9385-F17278EBB9D3}) (Version: 1.63.0.11C - TOSHIBA CORPORATION)
    TOSHIBA Hardware Setup (x32 Version: 1.63.0.11C - TOSHIBA CORPORATION) Hidden
    TOSHIBA HDD/SSD Alert (HKLM-x32\...\InstallShield_{D4322448-B6AF-4316-B859-D8A0E84DCB38}) (Version: 3.1.64.0 - TOSHIBA Corporation)
    TOSHIBA HDD/SSD Alert (Version: 3.1.64.0 - TOSHIBA Corporation) Hidden
    TOSHIBA HDD/SSD Alert (x32 Version: 3.1.64.0 - TOSHIBA Corporation) Hidden
    TOSHIBA Internal Modem Region Select Utility (HKLM-x32\...\InstallShield_{89F7D66C-777D-473B-AA11-319C0F190EAC}) (Version: 2.3.0.0 - TOSHIBA Corporation)
    TOSHIBA Internal Modem Region Select Utility (Version: 2.3.0.01 - TOSHIBA Corporation) Hidden
    TOSHIBA PC Health Monitor (HKLM\...\{9DECD0F9-D3E8-48B0-A390-1CF09F54E3A4}) (Version: 1.4.1.64 - TOSHIBA Corporation)
    TOSHIBA Recovery Media Creator (HKLM\...\{B65BBB06-1F8E-48F5-8A54-B024A9E15FDF}) (Version: 2.1.0.1 for x64 - TOSHIBA Corporation)
    TOSHIBA ReelTime (HKLM-x32\...\InstallShield_{C2DDF845-7107-40E8-8D2A-8719F1799570}) (Version: 1.0.04.64 - TOSHIBA Corporation)
    TOSHIBA ReelTime (Version: 1.0.04.64 - TOSHIBA Corporation) Hidden
    TOSHIBA SD Memory Utilities (HKLM\...\{EBFF48F5-3CFA-436F-8FD5-94FB01D3A0A7}) (Version: 1.9.1.12 - TOSHIBA)
    TOSHIBA Service Station (HKLM-x32\...\{AC6569FA-6919-442A-8552-073BE69E247A}) (Version: 2.1.33 - TOSHIBA)
    TOSHIBA Software Modem (HKLM\...\TOSHIBA Software Modem) (Version: 2.2.97 - LSI Corporation)
    TOSHIBA Speech System Applications (HKLM-x32\...\{EE033C1F-443E-41EC-A0E2-559B539A4E4D}) (Version: 1.00.2518 - )
    TOSHIBA Speech System SR Engine(U.S.) Version1.0 (HKLM-x32\...\{008D69EB-70FF-46AB-9C75-924620DF191A}) (Version:  - )
    TOSHIBA Speech System TTS Engine(U.S.) Version1.0 (HKLM-x32\...\{3FBF6F99-8EC6-41B4-8527-0A32241B5496}) (Version:  - )
    TOSHIBA Supervisor Password (HKLM-x32\...\InstallShield_{51B4E156-14A5-4904-9AE4-B1AA2A0E46BE}) (Version: 1.63.0.6C - TOSHIBA CORPORATION)
    TOSHIBA Supervisor Password (x32 Version: 1.63.0.6C - TOSHIBA CORPORATION) Hidden
    TOSHIBA Value Added Package (HKLM-x32\...\InstallShield_{066CFFF8-12BF-4390-A673-75F95EFF188E}) (Version: 1.2.25.64 - TOSHIBA Corporation)
    TOSHIBA Value Added Package (Version: 1.2.25.64 - TOSHIBA Corporation) Hidden
    TOSHIBA Value Added Package (x32 Version: 1.2.25.64 - TOSHIBA Corporation) Hidden
    TOSHIBA Web Camera Application (HKLM-x32\...\{5E6F6CF3-BACC-4144-868C-E14622C658F3}) (Version: 1.1.1.4 - TOSHIBA Corporation)
    TrayApp (x32 Version: 140.0.212.000 - Hewlett-Packard) Hidden
    TuneUp Utilities 2012 (x32 Version: 12.0.3600.104 - TuneUp Software) Hidden
    TuneUp Utilities Language Pack (en-US) (x32 Version: 12.0.3600.104 - TuneUp Software) Hidden
    Update for 2007 Microsoft Office System (KB967642) (HKLM-x32\...\{91120000-0031-0000-0000-0000000FF1CE}_PROHYBRIDR_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version:  - Microsoft)
    Update for 2007 Microsoft Office System (KB967642) (HKLM-x32\...\{91120000-00CA-0000-0000-0000000FF1CE}_SMALLBUSINESSR_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version:  - Microsoft)
    Updater (HKLM-x32\...\{D54E3D9F-FEB8-4D2D-A138-B69A5C80080B}) (Version: 2.6.53 - Creative Island Media, LLC) <==== ATTENTION
    Utility Common Driver (x32 Version: 1.0.50.26C - TOSHIBA) Hidden
    VD64Inst (Version: 1.00.0000 - Roxio, Inc.) Hidden
    Visual C++ 8.0 Runtime Setup Package (x64) (HKLM-x32\...\{2FDBBCEA-62DB-45F4-B6E5-0E1FB2A1F29D}) (Version: 9.0.0.623 - AVG Technologies CZ, s.r.o.)
    Visual Studio 2008 x64 Redistributables (HKLM-x32\...\{FCDBEA60-79F0-4FAE-BBA8-55A26C609A49}) (Version: 10.0.0.2 - AVG Technologies)
    Visual Studio 2010 x64 Redistributables (HKLM\...\{21B133D6-5979-47F0-BE1C-F6A6B304693F}) (Version: 13.0.0.1 - AVG Technologies)
    Visual Studio 2012 x64 Redistributables (HKLM\...\{8C775E70-A791-4DA8-BCC3-6AB7136F4484}) (Version: 14.0.0.1 - AVG Technologies)
    Visual Studio 2012 x86 Redistributables (HKLM-x32\...\{98EFF19A-30AB-4E4B-B943-F06B1C63EBF8}) (Version: 14.0.0.1 - AVG Technologies CZ, s.r.o.)
    WebReg (x32 Version: 140.0.212.017 - Hewlett-Packard) Hidden
    Windows Driver Package - Garmin (grmnusb) GARMIN Devices  (06/03/2009 2.3.0.0) (HKLM\...\49CF605F02C7954F4E139D18828DE298CD59217C) (Version: 06/03/2009 2.3.0.0 - Garmin)
    Windows Driver Package - NETGEAR Inc. (RTL8187) Net  (12/01/2006 6.1258.1201.2006) (HKLM\...\5AF8BE22A56B38B1816F36BAC6A71F1277E45440) (Version: 12/01/2006 6.1258.1201.2006 - NETGEAR Inc.)
    Windows Driver Package - Thomson (USB_RNDIS) Net  (02/15/2007 2.0.0.0) (HKLM\...\2CA3B8348CD526E9B8928840AC68738C5B5A4F8F) (Version: 02/15/2007 2.0.0.0 - Thomson)
    Windows Live Communications Platform (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
    Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3555.0308 - Microsoft Corporation)
    Windows Live Essentials (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
    Windows Live Family Safety (Version: 15.4.3555.0308 - Microsoft Corporation) Hidden
    Windows Live ID Sign-in Assistant (Version: 7.250.4232.0 - Microsoft Corporation) Hidden
    Windows Live Installer (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
    Windows Live Language Selector (Version: 15.4.3555.0308 - Microsoft Corporation) Hidden
    Windows Live Mail (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
    Windows Live Mesh (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
    Windows Live Mesh ActiveX Control for Remote Connections (HKLM-x32\...\{2902F983-B4C1-44BA-B85D-5C6D52E2C441}) (Version: 15.4.5722.2 - Microsoft Corporation)
    Windows Live Messenger (x32 Version: 15.4.3538.0513 - Microsoft Corporation) Hidden
    Windows Live Messenger Companion Core (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
    Windows Live MIME IFilter (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
    Windows Live Movie Maker (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
    Windows Live Photo Common (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
    Windows Live Photo Gallery (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
    Windows Live PIMT Platform (x32 Version: 15.4.3508.1109 - Microsoft Corporation) Hidden
    Windows Live Remote Client (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
    Windows Live Remote Client Resources (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
    Windows Live Remote Service (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
    Windows Live Remote Service Resources (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
    Windows Live SOXE (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
    Windows Live SOXE Definitions (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
    Windows Live Sync (HKLM-x32\...\{84EBDF39-4B33-49D7-A0BD-EB6E2C4E81C1}) (Version: 14.0.8089.726 - Microsoft Corporation)
    Windows Live UX Platform (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
    Windows Live UX Platform Language Pack (x32 Version: 15.4.3508.1109 - Microsoft Corporation) Hidden
    Windows Live Writer (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
    Windows Live Writer Resources (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
    Windows Media Player Firefox Plugin (HKLM-x32\...\{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}) (Version: 1.0.0.8 - Microsoft Corp)
    Yahoo! Install Manager (HKLM-x32\...\YInstHelper) (Version:  - )
    Yahoo!Xtra Toolbar (HKLM-x32\...\Yahoo! Companion) (Version:  - )
     
    ==================== Custom CLSID (selected items): ==========================
     
    (If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)
     
    CustomCLSID: HKU\S-1-5-21-4096225383-1857649611-4187784336-1004_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Users\JTR\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
    CustomCLSID: HKU\S-1-5-21-4096225383-1857649611-4187784336-1004_Classes\CLSID\{355EC88A-02E2-4547-9DEE-F87426484BD1}\InprocServer32 -> C:\Users\JTR\AppData\Local\Google\Update\1.3.23.9\psuser_64.dll No File
    CustomCLSID: HKU\S-1-5-21-4096225383-1857649611-4187784336-1004_Classes\CLSID\{45C6AFA5-2C13-402f-BC5D-45CC8172EF6B}\InprocServer32 -> C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\sys\x64\TosBtExt.dll (TOSHIBA)
    CustomCLSID: HKU\S-1-5-21-4096225383-1857649611-4187784336-1004_Classes\CLSID\{90B3DFBF-AF6A-4EA0-8899-F332194690F8}\InprocServer32 -> C:\Users\JTR\AppData\Local\Google\Update\1.3.24.15\psuser_64.dll (Google Inc.)
    CustomCLSID: HKU\S-1-5-21-4096225383-1857649611-4187784336-1004_Classes\CLSID\{E8CF3E55-F919-49D9-ABC0-948E6CB34B9F}\InprocServer32 -> C:\Users\JTR\AppData\Local\Google\Update\1.3.24.15\psuser_64.dll (Google Inc.)
    CustomCLSID: HKU\S-1-5-21-4096225383-1857649611-4187784336-1004_Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\JTR\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
    CustomCLSID: HKU\S-1-5-21-4096225383-1857649611-4187784336-1004_Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\JTR\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
    CustomCLSID: HKU\S-1-5-21-4096225383-1857649611-4187784336-1004_Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\JTR\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
    CustomCLSID: HKU\S-1-5-21-4096225383-1857649611-4187784336-1004_Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\JTR\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
    CustomCLSID: HKU\S-1-5-21-4096225383-1857649611-4187784336-1004_Classes\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\JTR\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
    CustomCLSID: HKU\S-1-5-21-4096225383-1857649611-4187784336-1004_Classes\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\JTR\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
    CustomCLSID: HKU\S-1-5-21-4096225383-1857649611-4187784336-1004_Classes\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\JTR\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
    CustomCLSID: HKU\S-1-5-21-4096225383-1857649611-4187784336-1004_Classes\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\JTR\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
    CustomCLSID: HKU\S-1-5-21-4096225383-1857649611-4187784336-1004_Classes\CLSID\{FE498BAB-CB4C-4F88-AC3F-3641AAAF5E9E}\InprocServer32 -> C:\Users\JTR\AppData\Local\Google\Update\1.3.24.7\psuser_64.dll No File
     
    ==================== Restore Points  =========================
     
     
    ==================== Hosts content: ==========================
     
    (If needed Hosts: directive could be included in the fixlist to reset Hosts.)
     
    2009-07-14 13:34 - 2009-06-11 08:00 - 00000824 ____A C:\windows\system32\Drivers\etc\hosts
     
    ==================== Scheduled Tasks (whitelisted) =============
     
    (If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)
     
    Task: {027DD4B0-847A-4682-A924-D34AA665CF4F} - \ParetoLogic Registration3 No Task File <==== ATTENTION
    Task: {079E34C5-35D1-40EA-84AA-9ACB995B3F3D} - System32\Tasks\SlimCleaner+ (Check for Updates - JTR) => C:\Program Files\SlimCleaner+\SlimCleanerPlus.exe [2013-10-30] (SlimWare Utilities, Inc.)
    Task: {0B6B55E0-D5A3-4363-BFFD-8F4147D8FA2F} - System32\Tasks\Primax Electronics online update program => C:\Program Files (x86)\Common Files\Research In Motion\Auto Update\RIMAutoUpdate.exe
    Task: {0F81D1B7-8FA7-4662-9AC2-72B0894242FD} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2010-05-02] (Google Inc.)
    Task: {0FEAFE5B-6C19-4EB9-9352-BE09CFA9E1D8} - System32\Tasks\TuneUpUtilities_Task_BkGndMaintenance2012 => C:\Program Files (x86)\TuneUp Utilities 2012\OneClick.exe [2012-05-29] (TuneUp Software)
    Task: {16E99ADD-B821-45A0-9BAC-391C9872F355} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2014-09-27] (Piriform Ltd)
    Task: {28709D3A-D8AA-4A9C-BA6B-E81F8299D1E4} - \ProgramRefresh-ATFST No Task File <==== ATTENTION
    Task: {2CD3FBCB-7621-4244-90F9-47DE767A875C} - \ProgramUpdateCheck No Task File <==== ATTENTION
    Task: {32DF6A55-D78C-4021-A599-76A8C1161BE1} - System32\Tasks\Java Update Scheduler => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [2013-07-02] (Oracle Corporation)
    Task: {3711A3A7-79D7-4BF3-A0B5-1C63BC264D77} - System32\Tasks\{31B21CFF-71D4-41C0-8D3B-F4AC187C4B9D} => C:\Program Files (x86)\Research In Motion\BlackBerry\DesktopMgr.exe
    Task: {3D64CBE5-489F-4FF2-B473-B61A231BDD4D} - System32\Tasks\LaunchApp => C:\Program Files (x86)\MyPC Backup\MyPC Backup.exe <==== ATTENTION
    Task: {3D7163D8-FD04-452F-87EC-42C873E1255B} - System32\Tasks\{8FE5F148-586E-400A-8476-40DD23469111} => C:\Program Files (x86)\Skype\Phone\Skype.exe [2014-05-08] (Skype Technologies S.A.)
    Task: {4BF58B21-6030-4224-9352-5814BCFFFDCB} - System32\Tasks\ConfigFree Startup Programs => C:\Program Files (x86)\TOSHIBA\ConfigFree\NDSTray.exe [2009-07-14] (TOSHIBA CORPORATION)
    Task: {512EB5D1-002C-4F7A-AEAB-71DD6BA73732} - System32\Tasks\SlimCleaner+ (Scheduled Scan - JTR) => C:\Program Files\SlimCleaner+\SlimCleanerPlus.exe [2013-10-30] (SlimWare Utilities, Inc.)
    Task: {5CBB9682-EF9B-4149-A679-080159C3DA87} - System32\Tasks\Microsoft\Windows\WindowsBackup\AutomaticBackup => Rundll32.exe /d sdengin2.dll,ExecuteScheduledBackup
    Task: {66814F25-0103-4668-994E-427FA5487EA6} - System32\Tasks\Driver Detective-RTMScan => C:\Program Files (x86)\Driver Whiz\Driver Whiz\DriverWhiz.exe
    Task: {7F91B93E-21AD-4B91-93DD-492A989510BC} - System32\Tasks\HP online update program => C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe
    Task: {991B3505-D735-4180-871A-3329872133BD} - System32\Tasks\Adobe online update program => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2013-11-22] (Adobe Systems Incorporated)
    Task: {9AE9DB52-E10D-4234-A5D7-D796B7767A21} - System32\Tasks\AVG\PC Tuneup\Integrator\Start On JTR Logon => C:\Program Files (x86)\AVG\AVG PC Tuneup\BoostSpeed.exe [2011-11-03] (AVG)
    Task: {A0B462CD-2576-4BF7-B54A-2114E60D6C9D} - System32\Tasks\Defraggler Volume C Task => C:\Program Files\Defraggler\df64.exe [2012-01-17] (Piriform Ltd)
    Task: {B5178E9F-4176-47B5-ADCE-12844CA788F6} - System32\Tasks\DriverUpdate Startup => C:\Program Files (x86)\DriverUpdate\DriverUpdate.exe [2014-03-19] (SlimWare Utilities, Inc.)
    Task: {B557AC1C-B301-466B-8EE8-A46318178854} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
    Task: {BC044562-E213-4C57-953F-ADDD761C08E6} - System32\Tasks\Adobe Flash Player Updater => C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-07-09] (Adobe Systems Incorporated)
    Task: {CE498654-D544-4860-82E4-73F5D88AD855} - System32\Tasks\{03F5EA17-BFF2-4028-8EA8-88C52738AEF6} => C:\Program Files (x86)\Research In Motion\BlackBerry\DesktopMgr.exe
    Task: {CEFAF4C3-8AFE-4A22-BDB6-6D95080C3511} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-4096225383-1857649611-4187784336-1004Core => C:\Users\JTR\AppData\Local\Google\Update\GoogleUpdate.exe [2014-03-28] (Google Inc.)
    Task: {D3AB13C8-D037-4FFB-A9D3-441E5C0E9215} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2010-05-02] (Google Inc.)
    Task: {DCD46123-EC2A-48C9-B8A8-60D89EF4BBA9} - System32\Tasks\Driver Detective-RTMUpdater => C:\Program Files (x86)\Driver Whiz\Driver Whiz\DriverWhiz.exe
    Task: {DF46F28C-3AA4-49C4-8860-5CA14276CE8C} - System32\Tasks\Driver Detective-RTMRules => C:\Program Files (x86)\Driver Whiz\Driver Whiz\DriverWhiz.exe
    Task: {F1161AFF-14ED-40E6-8045-473891B7944E} - System32\Tasks\SlimCleaner+ (StartupTask - JTR) => C:\Program Files\SlimCleaner+\SlimCleanerPlus.exe [2013-10-30] (SlimWare Utilities, Inc.)
    Task: {F41F5F23-EAE3-48AB-85BE-A520D92D9FF3} - \Scheduled Update for Ask Toolbar No Task File <==== ATTENTION
    Task: {F64F897B-FB5A-4B9B-B53C-751387A120FE} - \BonanzaDealsUpdate No Task File <==== ATTENTION
    Task: {FC6D5E92-7B80-4AF8-A6C5-B9038AD23E68} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-4096225383-1857649611-4187784336-1004UA => C:\Users\JTR\AppData\Local\Google\Update\GoogleUpdate.exe [2014-03-28] (Google Inc.)
    Task: {FFF49258-29DC-4604-A716-328CC4301F93} - System32\Tasks\ParetoLogic Registration => Rundll32.exe "C:\Program Files (x86)\Common Files\ParetoLogic\UUS2\UUS.dll" RunUns
    Task: C:\windows\Tasks\Adobe Flash Player Updater.job => C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
    Task: C:\windows\Tasks\Defraggler Volume C Task.job => C:\Program Files\Defraggler\df64.exe
    Task: C:\windows\Tasks\DriverUpdate Startup.job => C:\Program Files (x86)\DriverUpdate\DriverUpdate.exe
    Task: C:\windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
    Task: C:\windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
    Task: C:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-4096225383-1857649611-4187784336-1004Core.job => C:\Users\JTR\AppData\Local\Google\Update\GoogleUpdate.exe
    Task: C:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-4096225383-1857649611-4187784336-1004UA.job => C:\Users\JTR\AppData\Local\Google\Update\GoogleUpdate.exe
    Task: C:\windows\Tasks\ParetoLogic Registration.job => C:\Program Files (x86)\Common Files\ParetoLogic\UUS2\UUS.dll
    Task: C:\windows\Tasks\SlimCleaner+ (Check for Updates - JTR).job => C:\Program Files\SlimCleaner+\SlimCleanerPlus.exe
    Task: C:\windows\Tasks\SlimCleaner+ (Scheduled Scan - JTR).job => C:\Program Files\SlimCleaner+\SlimCleanerPlus.exe
     
    ==================== Loaded Modules (whitelisted) =============
     
    2013-09-20 09:37 - 2013-09-20 09:37 - 03889152 _____ () C:\Program Files (x86)\MyPC Backup\MPCBIconOverlays.dll
    2013-09-20 09:32 - 2013-09-20 09:32 - 01102336 _____ () C:\Program Files (x86)\MyPC Backup\x64\System.Data.SQLite.dll
    2013-04-05 13:58 - 2013-04-05 13:58 - 00954696 _____ () C:\Program Files\Common Files\Apple\Internet Services\ShellStreams64.dll
    2014-02-04 18:10 - 2014-02-02 10:42 - 04055368 _____ () C:\Program Files (x86)\Google\Chrome\Application\32.0.1700.107\pdf.dll
    2014-02-04 18:10 - 2014-02-02 10:42 - 00399688 _____ () C:\Program Files (x86)\Google\Chrome\Application\32.0.1700.107\ppGoogleNaClPluginChrome.dll
    2014-02-04 18:10 - 2014-02-02 10:41 - 01634632 _____ () C:\Program Files (x86)\Google\Chrome\Application\32.0.1700.107\ffmpegsumo.dll
     
    ==================== Alternate Data Streams (whitelisted) =========
     
    (If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)
     
    AlternateDataStreams: C:\ProgramData\Temp:0B4227B4
    AlternateDataStreams: C:\ProgramData\Temp:373E1720
    AlternateDataStreams: C:\ProgramData\Temp:98181191
    AlternateDataStreams: C:\Users\JTR\Downloads\Marg Dixon's Farewell.eml:OECustomProperty
    AlternateDataStreams: C:\Users\JTR\Downloads\noname (1).eml:OECustomProperty
    AlternateDataStreams: C:\Users\JTR\Downloads\noname.eml:OECustomProperty
     
    ==================== Safe Mode (whitelisted) ===================
     
    (If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
     
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMSwissArmy => ""="Driver"
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMSwissArmy => ""="Driver"
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\NaveriskAgent => ""="Service"
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\NaveriskServiceMonitor => ""="Service"
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Option => "OptionValue"="2"
     
    ==================== EXE Association (whitelisted) =============
     
    (If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)
     
     
    ==================== MSCONFIG/TASK MANAGER disabled items =========
     
    (Currently there is no automatic fix for this section.)
     
    MSCONFIG\startupreg: Microsoft Default Manager => "C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" -resume
    MSCONFIG\startupreg: swg => "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
    MSCONFIG\startupreg: Yahoo! Pager => "C:\PROGRA~2\Yahoo!\MESSEN~1\YAHOOM~1.EXE" -quiet
     
    ========================= Accounts: ==========================
     
    Administrator (S-1-5-21-4096225383-1857649611-4187784336-500 - Administrator - Disabled)
    Guest (S-1-5-21-4096225383-1857649611-4187784336-501 - Limited - Disabled)
    HomeGroupUser$ (S-1-5-21-4096225383-1857649611-4187784336-1006 - Limited - Enabled)
    JTR (S-1-5-21-4096225383-1857649611-4187784336-1004 - Administrator - Enabled) => C:\Users\JTR
     
    ==================== Faulty Device Manager Devices =============
     
    Name: Photosmart B110 series
    Description: Photosmart B110 series
    Class Guid: 
    Manufacturer: 
    Service: 
    Problem: : The drivers for this device are not installed. (Code 28)
    Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.
     
    Name: Security Processor Loader Driver
    Description: Security Processor Loader Driver
    Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
    Manufacturer: 
    Service: spldr
    Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
    Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
    Devices stay in this state if they have been prepared for removal.
    After you remove the device, this error disappears.Remove the device, and this error should be resolved.
     
     
    ==================== Event log errors: =========================
     
    Application errors:
    ==================
    Error: (10/23/2014 05:42:28 PM) (Source: WinMgmt) (EventID: 4) (User: )
    Description: 0x8004100aC:\PROGRAM FILES (X86)\MICROSOFT SQL SERVER\90\SHARED\SQLMGMPROVIDERXPSP2UP.MOF
     
    Error: (10/23/2014 02:20:49 PM) (Source: Wininit) (EventID: 1015) (User: )
    Description: A critical system process, C:\windows\system32\lsass.exe, failed with status code 255.  The machine must now be restarted.
     
    Error: (10/23/2014 02:20:44 PM) (Source: Application Error) (EventID: 1005) (User: )
    Description: Windows cannot access the file C:\Windows\System32\lsasrv.dll for one of the following reasons:
    there is a problem with the network connection, the disk that the file is stored on, or the storage
    drivers installed on this computer; or the disk is missing.
    Windows closed the program Local Security Authority Process because of this error.
     
    Program: Local Security Authority Process
    File: C:\Windows\System32\lsasrv.dll
     
    The error value is listed in the Additional Data section.
    User Action
    1. Open the file again.
    This situation might be a temporary problem that corrects itself when the program runs again.
    2.
    If the file still cannot be accessed and
    - It is on the network,
    your network administrator should verify that there is not a problem with the network and that the server can be contacted.
    - It is on a removable disk, for example, a floppy disk or CD-ROM, verify that the disk is fully inserted into the computer.
    3. Check and repair the file system by running CHKDSK. To run CHKDSK, click Start, click Run, type CMD, and then click OK. At the command prompt, type CHKDSK /F, and then press ENTER.
    4. If the problem persists, restore the file from a backup copy.
    5. Determine whether other files on the same disk can be opened. If not, the disk might be damaged. If it is a hard disk, contact your administrator or computer hardware vendor for
    further assistance.
     
    Additional Data
    Error value: C0000185
    Disk type: 3
     
    Error: (10/23/2014 02:20:44 PM) (Source: Application Error) (EventID: 1000) (User: )
    Description: Faulting application name: lsass.exe, version: 6.1.7601.18443, time stamp: 0x5348920c
    Faulting module name: lsasrv.dll, version: 6.1.7601.18443, time stamp: 0x5348a24b
    Exception code: 0xc0000006
    Fault offset: 0x00000000000b0120
    Faulting process id: 0x1e4
    Faulting application start time: 0xlsass.exe0
    Faulting application path: lsass.exe1
    Faulting module path: lsass.exe2
    Report Id: lsass.exe3
     
    Error: (08/30/2014 04:36:41 PM) (Source: ESENT) (EventID: 454) (User: )
    Description: SlimService (5508) {86A89AE9-FFF7-415F-B973-AD40DA0E3B71}: Database recovery/restore failed with unexpected error -1216.
     
    Error: (08/30/2014 04:36:41 PM) (Source: ESENT) (EventID: 494) (User: )
    Description: SlimService (5508) {86A89AE9-FFF7-415F-B973-AD40DA0E3B71}: Database recovery failed with error -1216 because it encountered references to a database, 'C:\Users\TEMP\AppData\Local\SlimWare Utilities Inc\SlimCleaner+\settings.db', which is no longer present. The database was not brought to a Clean Shutdown state before it was removed (or possibly moved or renamed). The database engine will not permit recovery to complete for this instance until the missing database is re-instated. If the database is truly no longer available and no longer required, procedures for recovering from this error are available in the Microsoft Knowledge Base or by following the "more information" link at the bottom of this message.
     
    Error: (08/30/2014 04:36:40 PM) (Source: ESENT) (EventID: 454) (User: )
    Description: SlimService (5508) {86A89AE9-FFF7-415F-B973-AD40DA0E3B71}: Database recovery/restore failed with unexpected error -1216.
     
    Error: (08/30/2014 04:36:40 PM) (Source: ESENT) (EventID: 494) (User: )
    Description: SlimService (5508) {86A89AE9-FFF7-415F-B973-AD40DA0E3B71}: Database recovery failed with error -1216 because it encountered references to a database, 'C:\Users\TEMP\AppData\Local\SlimWare Utilities Inc\SlimCleaner+\settings.db', which is no longer present. The database was not brought to a Clean Shutdown state before it was removed (or possibly moved or renamed). The database engine will not permit recovery to complete for this instance until the missing database is re-instated. If the database is truly no longer available and no longer required, procedures for recovering from this error are available in the Microsoft Knowledge Base or by following the "more information" link at the bottom of this message.
     
    Error: (08/30/2014 04:36:40 PM) (Source: ESENT) (EventID: 454) (User: )
    Description: SlimService (5508) {86A89AE9-FFF7-415F-B973-AD40DA0E3B71}: Database recovery/restore failed with unexpected error -1216.
     
    Error: (08/30/2014 04:36:40 PM) (Source: ESENT) (EventID: 494) (User: )
    Description: SlimService (5508) {86A89AE9-FFF7-415F-B973-AD40DA0E3B71}: Database recovery failed with error -1216 because it encountered references to a database, 'C:\Users\TEMP\AppData\Local\SlimWare Utilities Inc\SlimCleaner+\settings.db', which is no longer present. The database was not brought to a Clean Shutdown state before it was removed (or possibly moved or renamed). The database engine will not permit recovery to complete for this instance until the missing database is re-instated. If the database is truly no longer available and no longer required, procedures for recovering from this error are available in the Microsoft Knowledge Base or by following the "more information" link at the bottom of this message.
     
     
    System errors:
    =============
    Error: (10/24/2014 00:41:07 AM) (Source: Service Control Manager) (EventID: 7001) (User: )
    Description: The Computer Browser service depends on the Server service which failed to start because of the following error: 
    %%1068
     
    Error: (10/24/2014 00:41:07 AM) (Source: Service Control Manager) (EventID: 7001) (User: )
    Description: The Computer Browser service depends on the Server service which failed to start because of the following error: 
    %%1068
     
    Error: (10/24/2014 00:41:07 AM) (Source: Service Control Manager) (EventID: 7001) (User: )
    Description: The Computer Browser service depends on the Server service which failed to start because of the following error: 
    %%1068
     
    Error: (10/24/2014 00:41:07 AM) (Source: Service Control Manager) (EventID: 7001) (User: )
    Description: The Computer Browser service depends on the Server service which failed to start because of the following error: 
    %%1068
     
    Error: (10/24/2014 00:41:07 AM) (Source: Service Control Manager) (EventID: 7001) (User: )
    Description: The Computer Browser service depends on the Server service which failed to start because of the following error: 
    %%1068
     
    Error: (10/24/2014 00:41:07 AM) (Source: Service Control Manager) (EventID: 7001) (User: )
    Description: The Computer Browser service depends on the Server service which failed to start because of the following error: 
    %%1068
     
    Error: (10/24/2014 00:38:34 AM) (Source: Service Control Manager) (EventID: 7001) (User: )
    Description: The Computer Browser service depends on the Server service which failed to start because of the following error: 
    %%1068
     
    Error: (10/24/2014 00:38:34 AM) (Source: Service Control Manager) (EventID: 7001) (User: )
    Description: The Computer Browser service depends on the Server service which failed to start because of the following error: 
    %%1068
     
    Error: (10/24/2014 00:38:34 AM) (Source: Service Control Manager) (EventID: 7001) (User: )
    Description: The Computer Browser service depends on the Server service which failed to start because of the following error: 
    %%1068
     
    Error: (10/24/2014 00:37:20 AM) (Source: Service Control Manager) (EventID: 7001) (User: )
    Description: The Computer Browser service depends on the Server service which failed to start because of the following error: 
    %%1068
     
     
    Microsoft Office Sessions:
    =========================
    Error: (05/15/2014 10:13:52 AM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
    Description: ID: 6, Application Name: Microsoft Office Outlook, Application Version: 12.0.6691.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 130 seconds with 120 seconds of active time.  This session ended with a crash.
     
    Error: (01/13/2014 08:37:12 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
    Description: ID: 6, Application Name: Microsoft Office Outlook, Application Version: 12.0.6680.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 34 seconds with 0 seconds of active time.  This session ended with a crash.
     
    Error: (02/20/2011 03:14:01 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
    Description: ID: 6, Application Name: Microsoft Office Outlook, Application Version: 12.0.6550.5003, Microsoft Office Version: 12.0.6425.1000. This session lasted 10 seconds with 0 seconds of active time.  This session ended with a crash.
     
     
    ==================== Memory info =========================== 
     
    Processor: Pentium® Dual-Core CPU T4400 @ 2.20GHz
    Percentage of memory in use: 22%
    Total physical RAM: 3932.88 MB
    Available physical RAM: 3033.48 MB
    Total Pagefile: 7863.93 MB
    Available Pagefile: 7002.4 MB
    Total Virtual: 8192 MB
    Available Virtual: 8191.83 MB
     
    ==================== Drives ================================
     
    Drive c: (S3A8050D003) (Fixed) (Total:453.99 GB) (Free:370.59 GB) NTFS ==>[system with boot components (obtained from reading drive)]
     
    ==================== MBR & Partition Table ==================
     
    ========================================================
    Disk: 0 (MBR Code: Windows 7 or Vista) (Size: 465.8 GB) (Disk ID: 8397E41A)
    Partition 1: (Active) - (Size=1.5 GB) - (Type=27)
    Partition 2: (Not Active) - (Size=454 GB) - (Type=07 NTFS)
    Partition 3: (Not Active) - (Size=10.3 GB) - (Type=17)
     
    ==================== End Of Log ============================

     

  6. SystemLook 30.07.11 by jpshortstuff
    Log created at 14:28 on 20/02/2014 by Art
    Administrator - Elevation successful

    ========== regfind ==========

    Searching for "hkplcpjdkjhdlbpaocppfjjpfmgpcmfb"
    No data found.

    ========== folderfind ==========

    Searching for "hkplcpjdkjhdlbpaocppfjjpfmgpcmfb"
    C:\ProgramData\hkplcpjdkjhdlbpaocppfjjpfmgpcmfb    d------    [17:13 05/01/2014]
    C:\Users\All Users\hkplcpjdkjhdlbpaocppfjjpfmgpcmfb    d------    [17:13 05/01/2014]

    -= EOF =-

  7. Think I know what happened, Avira picked it up

     

    Begin scan in 'C:\ProgramData\saveron\EGE.dll'
    C:\ProgramData\saveron\EGE.dll
      [DETECTION] Contains virus patterns of Adware ADWARE/Adware.Gen

    Beginning disinfection:
    C:\ProgramData\saveron\EGE.dll
      [DETECTION] Contains virus patterns of Adware ADWARE/Adware.Gen
      [NOTE]      The file was moved to the quarantine directory under the name '5bff98e2.qua'!

  8. Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 18-02-2014
    Ran by Art at 2014-02-20 13:20:01 Run:1
    Running from C:\Users\Art\Desktop
    Boot Mode: Normal
    ==============================================

    Content of fixlist:
    *****************
    GroupPolicy: Group Policy on Chrome detected <======= ATTENTION
    GroupPolicyUsers\S-1-5-21-3037837604-4240180166-2112078839-1001\User: Group Policy restriction detected <======= ATTENTION
    SearchScopes: HKLM - DefaultScope value is missing.
    BHO: saveron - {FBCAE03C-9230-8ABA-AB8B-335B2FDE7C0F} - C:\ProgramData\saveron\EGE.x64.dll No File
    CHR Plugin: (Silverlight Plug-In) - C:\Program Files (x86)\Microsoft Silverlight\5.1.20125.0\npctrl.dll No File
    CHR Plugin: (My Web Search Plugin Stub) - C:\Program Files (x86)\MyWebSearch\bar\1.bin\NPMyWebS.dll No File
    CHR Plugin: (Google Update) - C:\Users\Art\AppData\Local\Google\Update\1.3.21.145\npGoogleUpdate3.dll No File
    CHR Plugin: (Shockwave Flash) - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_224.dll No File
    CHR Plugin: (Shockwave for Director) - C:\Windows\system32\Adobe\Director\np32dsw.dll No File
    CHR Extension: (HtmmlCHEcckeer) - C:\Users\Art\AppData\Local\Google\Chrome\User Data\Default\Extensions\angijblkobfiimfjbllaaalefeapmplj [2014-02-03]
    CHR Extension: (saveron) - C:\ProgramData\hkplcpjdkjhdlbpaocppfjjpfmgpcmfb [2014-01-06]
    CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
    AlternateDataStreams: C:\ProgramData\TEMP:373E1720
    Task: {A41B1331-DC0C-4FE4-9E05-E930025B0D9D} - \EPUpdater No Task File
    Task: {DD910BBB-5371-40A9-BC84-21E50F862758} - \Desk 365 RunAsStdUser No Task File
    Task: {8A608056-CE9E-4F89-A3BD-A30C7805F516} - \LaunchApp No Task File
    C:\Users\Art\AppData\Local\Temp\avgnt.exe
    C:\Users\Art\AppData\Local\Temp\ntdll_dump.dll
    C:\Users\Art\AppData\Local\Temp\Quarantine.exe

    *****************

    C:\Windows\system32\GroupPolicy\Machine => Moved successfully.
    C:\Windows\system32\GroupPolicy\GPT.ini => Moved successfully.
    C:\Windows\system32\GroupPolicyUsers\S-1-5-21-3037837604-4240180166-2112078839-1001\User => Moved successfully.
    HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => Value was restored successfully.
    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{FBCAE03C-9230-8ABA-AB8B-335B2FDE7C0F} => Key deleted successfully.
    HKCR\CLSID\{FBCAE03C-9230-8ABA-AB8B-335B2FDE7C0F} => Key deleted successfully.
    C:\Program Files (x86)\Microsoft Silverlight\5.1.20125.0\npctrl.dll not found.
    C:\Program Files (x86)\MyWebSearch\bar\1.bin\NPMyWebS.dll not found.
    C:\Users\Art\AppData\Local\Google\Update\1.3.21.145\npGoogleUpdate3.dll not found.
    C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_224.dll not found.
    C:\Windows\system32\Adobe\Director\np32dsw.dll not found.
    C:\Users\Art\AppData\Local\Google\Chrome\User Data\Default\Extensions\angijblkobfiimfjbllaaalefeapmplj => Moved successfully.
    CHR Extension: (saveron) - C:\ProgramData\hkplcpjdkjhdlbpaocppfjjpfmgpcmfb [2014-01-06] directory not found.
    HKLM\SOFTWARE\Policies\Google => Key deleted successfully.
    C:\ProgramData\TEMP => ":373E1720" ADS removed successfully.
    HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{A41B1331-DC0C-4FE4-9E05-E930025B0D9D} => Key deleted successfully.
    HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{A41B1331-DC0C-4FE4-9E05-E930025B0D9D} => Key deleted successfully.
    HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\EPUpdater => Key deleted successfully.
    HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{DD910BBB-5371-40A9-BC84-21E50F862758} => Key deleted successfully.
    HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{DD910BBB-5371-40A9-BC84-21E50F862758} => Key deleted successfully.
    HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Desk 365 RunAsStdUser => Key deleted successfully.
    HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{8A608056-CE9E-4F89-A3BD-A30C7805F516} => Key deleted successfully.
    HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{8A608056-CE9E-4F89-A3BD-A30C7805F516} => Key deleted successfully.
    HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\LaunchApp => Key deleted successfully.
    C:\Users\Art\AppData\Local\Temp\avgnt.exe => Moved successfully.
    C:\Users\Art\AppData\Local\Temp\ntdll_dump.dll => Moved successfully.
    C:\Users\Art\AppData\Local\Temp\Quarantine.exe => Moved successfully.


    The system needs a manual reboot.

    ==== End of Fixlog ====

    rebooting as requested I'll BRB

  9. Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 18-02-2014
    Ran by Art (administrator) on ART-PC on 20-02-2014 12:57:58
    Running from C:\Users\Art\Desktop
    Windows 7 Home Premium Service Pack 1 (X64) OS Language: English(US)
    Internet Explorer Version 11
    Boot Mode: Normal

    The only official download link for FRST:
    Download link for 32-Bit version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/
    Download link for 64-Bit Version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/
    Download link from any site other than Bleeping Computer is unpermitted or outdated.
    See tutorial for FRST: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

    ==================== Processes (Whitelisted) =================

    (NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe
    (NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
    (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
    (NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe
    (Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
    (SUPERAntiSpyware.com) C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE
    (Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
    (Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    (Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
    (Microsoft Corporation) C:\Program Files (x86)\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe
    (McAfee, Inc.) C:\Windows\system32\mfevtps.exe
    (Protexis Inc.) c:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe
    (Apple Inc.) C:\Program Files (x86)\Common Files\Research In Motion\Tunnel Manager\mDNSResponder.exe
    (TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version6\TeamViewer_Service.exe
    (Research In Motion Limited) C:\Program Files (x86)\Common Files\Research In Motion\Tunnel Manager\tunmgr.exe
    (Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
    (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
    (Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe
    (Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe


    ==================== Registry (Whitelisted) ==================

    HKLM-x32\...\Run: [avgnt] - C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [684600 2013-12-19] (Avira Operations GmbH & Co. KG)
    HKU\S-1-5-21-3037837604-4240180166-2112078839-1000\...\Policies\system: [LogonHoursAction] 2
    HKU\S-1-5-21-3037837604-4240180166-2112078839-1000\...\Policies\system: [DontDisplayLogonHoursWarnings] 1
    HKU\S-1-5-21-3037837604-4240180166-2112078839-1000\...\MountPoints2: {1923fcd8-a791-11e0-b73e-0026187a78b8} - G:\autorun.exe
    HKU\S-1-5-21-3037837604-4240180166-2112078839-1000\...\MountPoints2: {26d83590-ee07-11e0-a902-0026187a78b8} - F:\LaunchU3.exe -a
    HKU\S-1-5-21-3037837604-4240180166-2112078839-1000\...\MountPoints2: {26d83598-ee07-11e0-a902-0026187a78b8} - L:\LaunchU3.exe -a
    HKU\S-1-5-21-3037837604-4240180166-2112078839-1000\...\MountPoints2: {93758645-8cc3-11e2-9fee-db3f57872e66} - F:\LaunchU3.exe
    HKU\S-1-5-21-3037837604-4240180166-2112078839-1000\...\MountPoints2: {f053505b-cbd5-11e2-9eab-de6be4af673f} - C:\Windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL F:\start.exe
    HKU\S-1-5-21-3037837604-4240180166-2112078839-1000\...\MountPoints2: {f1c093e6-06a0-11e2-a8c6-806e6f6e6963} - F:\Autorun.exe
    GroupPolicy: Group Policy on Chrome detected <======= ATTENTION
    GroupPolicyUsers\S-1-5-21-3037837604-4240180166-2112078839-1001\User: Group Policy restriction detected <======= ATTENTION

    ==================== Internet (Whitelisted) ====================

    HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://ninemsn.com.au/?ocid=iehp
    HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-AU
    SearchScopes: HKLM - DefaultScope value is missing.
    BHO: SmiArtCOmpare - {398C9C18-BC8C-0898-D9E0-970DF3155E3F} - C:\ProgramData\SmiArtCOmpare\ha74UgOfpY.x64.dll No File
    BHO: SAVerPProo - {3BA54BE3-E60C-331A-8B9E-EDE4B47C7DA5} - C:\ProgramData\SAVerPProo\YnoWnaC.x64.dll No File
    BHO: HtmmlCHEcckeer - {EFF36C2F-FE0E-65F5-D760-506F3370A3DD} - C:\ProgramData\HtmmlCHEcckeer\JvuqhlI.x64.dll No File
    BHO: saveron - {FBCAE03C-9230-8ABA-AB8B-335B2FDE7C0F} - C:\ProgramData\saveron\EGE.x64.dll No File
    BHO-x32: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
    Tcpip\Parameters: [DhcpNameServer] 192.168.0.1

    FireFox:
    ========
    FF ProfilePath: C:\Users\Art\AppData\Roaming\Mozilla\Firefox\Profiles\fadztibp.default
    FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_11_9_900_170.dll ()
    FF Plugin: @microsoft.com/GENUINE - disabled No File
    FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
    FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_12_0_0_44.dll ()
    FF Plugin-x32: @adobe.com/ShockwavePlayer - C:\Windows\system32\Adobe\Director\np32dsw.dll No File
    FF Plugin-x32: @Apple.com/iTunes,version=1.0 - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
    FF Plugin-x32: @google.com/npPicasa3,version=3.0.0 - C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll (Google, Inc.)
    FF Plugin-x32: @java.com/JavaPlugin - C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
    FF Plugin-x32: @microsoft.com/GENUINE - disabled No File
    FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files (x86)\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
    FF Plugin-x32: @nvidia.com/3DVision - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
    FF Plugin-x32: @nvidia.com/3DVisionStreaming - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
    FF Plugin-x32: @RIM.com/WebSLLauncher,version=1.0 - C:\Program Files (x86)\Common Files\Research In Motion\BBWebSLLauncher\NPWebSLLauncher.dll ()
    FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
    FF Plugin HKCU: @tools.google.com/Google Update;version=3 - C:\Users\Art\AppData\Local\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)
    FF Plugin HKCU: @tools.google.com/Google Update;version=9 - C:\Users\Art\AppData\Local\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)

    Chrome:
    =======
    CHR DefaultSearchKeyword: google.com.au
    CHR Plugin: (Shockwave Flash) - C:\Users\Art\AppData\Local\Google\Chrome\Application\31.0.1650.63\PepperFlash\pepflashplayer.dll ()
    CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer
    CHR Plugin: (Native Client) - C:\Users\Art\AppData\Local\Google\Chrome\Application\31.0.1650.63\ppGoogleNaClPluginChrome.dll ()
    CHR Plugin: (Chrome PDF Viewer) - C:\Users\Art\AppData\Local\Google\Chrome\Application\31.0.1650.63\pdf.dll ()
    CHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll (Adobe Systems Inc.)
    CHR Plugin: (Java Deployment Toolkit 6.0.260.3) - C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll (Sun Microsystems, Inc.)
    CHR Plugin: (Java Platform SE 6 U26) - C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
    CHR Plugin: (QuickTime Plug-in 7.7.3) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin.dll (Apple Inc.)
    CHR Plugin: (QuickTime Plug-in 7.7.3) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin2.dll (Apple Inc.)
    CHR Plugin: (QuickTime Plug-in 7.7.3) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin3.dll (Apple Inc.)
    CHR Plugin: (QuickTime Plug-in 7.7.3) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin4.dll (Apple Inc.)
    CHR Plugin: (QuickTime Plug-in 7.7.3) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin5.dll (Apple Inc.)
    CHR Plugin: (QuickTime Plug-in 7.7.3) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin6.dll (Apple Inc.)
    CHR Plugin: (QuickTime Plug-in 7.7.3) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin7.dll (Apple Inc.)
    CHR Plugin: (RIM Handheld Application Loader) - C:\Program Files (x86)\Common Files\Research In Motion\BBWebSLLauncher\NPWebSLLauncher.dll ()
    CHR Plugin: (Picasa) - C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll (Google, Inc.)
    CHR Plugin: (Silverlight Plug-In) - C:\Program Files (x86)\Microsoft Silverlight\5.1.20125.0\npctrl.dll No File
    CHR Plugin: (My Web Search Plugin Stub) - C:\Program Files (x86)\MyWebSearch\bar\1.bin\NPMyWebS.dll No File
    CHR Plugin: (NVIDIA 3D Vision) - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
    CHR Plugin: (NVIDIA 3D VISION) - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
    CHR Plugin: (iTunes Application Detector) - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
    CHR Plugin: (Google Update) - C:\Users\Art\AppData\Local\Google\Update\1.3.21.145\npGoogleUpdate3.dll No File
    CHR Plugin: (Shockwave Flash) - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_224.dll No File
    CHR Plugin: (Shockwave for Director) - C:\Windows\system32\Adobe\Director\np32dsw.dll No File
    CHR Extension: (HtmmlCHEcckeer) - C:\Users\Art\AppData\Local\Google\Chrome\User Data\Default\Extensions\angijblkobfiimfjbllaaalefeapmplj [2014-02-03]
    CHR Extension: (Google Docs) - C:\Users\Art\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2013-06-29]
    CHR Extension: (Google Drive) - C:\Users\Art\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2013-06-29]
    CHR Extension: (YouTube) - C:\Users\Art\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2013-06-29]
    CHR Extension: (Adblock Plus) - C:\Users\Art\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2014-02-20]
    CHR Extension: (Google Search) - C:\Users\Art\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2013-06-29]
    CHR Extension: (FromDocToPDF) - C:\Users\Art\AppData\Local\Google\Chrome\User Data\Default\Extensions\dhhjmlmdpcpiojiffodbldlkgcnaeogp [2013-11-12]
    CHR Extension: (Google Wallet) - C:\Users\Art\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-08-25]
    CHR Extension: (Gmail) - C:\Users\Art\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2013-06-29]
    CHR Extension: (saveron) - C:\ProgramData\hkplcpjdkjhdlbpaocppfjjpfmgpcmfb [2014-01-06]
    CHR HKLM\...\Chrome\Extension: [dchmpbaclbiioedakpcldenooikekokm] - C:\Users\Art\AppData\Local\foxtab_speeddial.crx [2013-11-12]
    CHR HKCU\...\Chrome\Extension: [dchmpbaclbiioedakpcldenooikekokm] - C:\Users\Art\AppData\Local\foxtab_speeddial.crx [2013-11-12]
    CHR HKLM-x32\...\Chrome\Extension: [dchmpbaclbiioedakpcldenooikekokm] - C:\Users\Art\AppData\Local\foxtab_speeddial.crx [2013-11-12]
    CHR StartMenuInternet: Google Chrome - C:\Users\Art\AppData\Local\Google\Chrome\Application\chrome.exe
    CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION

    ==================== Services (Whitelisted) =================

    R2 !SASCORE; C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE [140672 2012-07-12] (SUPERAntiSpyware.com)
    R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [440376 2013-12-19] (Avira Operations GmbH & Co. KG)
    R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [440376 2013-11-26] (Avira Operations GmbH & Co. KG)
    S3 BlackBerry Device Manager; C:\Program Files (x86)\Common Files\Research In Motion\USB Drivers\BbDevMgr.exe [585728 2013-03-06] (Research In Motion Limited)
    R2 mfevtp; C:\Windows\system32\mfevtps.exe [149032 2010-07-08] (McAfee, Inc.)
    R2 RIM MDNS; C:\Program Files (x86)\Common Files\Research In Motion\Tunnel Manager\mDNSResponder.exe [389632 2013-06-04] (Apple Inc.)
    R2 RIM Tunnel Service; C:\Program Files (x86)\Common Files\Research In Motion\Tunnel Manager\tunmgr.exe [1263616 2013-06-04] (Research In Motion Limited)
    S2 vToolbarUpdater15.1.0; C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\15.1.0\ToolbarUpdater.exe [X]

    ==================== Drivers (Whitelisted) ====================

    R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [108440 2013-12-19] (Avira Operations GmbH & Co. KG)
    R1 avgtp; C:\Windows\system32\drivers\avgtpx64.sys [40736 2013-05-08] (AVG Technologies)
    R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [131576 2013-12-19] (Avira Operations GmbH & Co. KG)
    R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [28600 2013-11-26] (Avira Operations GmbH & Co. KG)
    R1 dtsoftbus01; C:\Windows\System32\DRIVERS\dtsoftbus01.sys [254528 2011-07-06] (DT Soft Ltd)
    S3 mfeapfk; C:\Windows\System32\drivers\mfeapfk.sys [121248 2010-07-08] (McAfee, Inc.)
    R0 mfehidk; C:\Windows\System32\drivers\mfehidk.sys [529000 2010-07-08] (McAfee, Inc.)
    S3 RimUsb; C:\Windows\System32\Drivers\RimUsb_AMD64.sys [78336 2013-04-08] (Research In Motion Limited)
    R3 rimvndis; C:\Windows\System32\Drivers\rimvndis6_AMD64.sys [17920 2013-06-04] (Research in Motion Limited)
    R3 RimVSerPort; C:\Windows\System32\DRIVERS\RimSerial_AMD64.sys [44544 2012-12-10] (Research in Motion Ltd)
    R1 SASDIFSV; C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS [14928 2011-07-23] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
    R1 SASKUTIL; C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS [12368 2011-07-13] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
    S3 usbrndis6; C:\Windows\System32\DRIVERS\usb80236.sys [19968 2013-02-12] (Microsoft Corporation)

    ==================== NetSvcs (Whitelisted) ===================


    ==================== One Month Created Files and Folders ========

    2014-02-20 12:57 - 2014-02-20 12:58 - 00014138 _____ () C:\Users\Art\Desktop\FRST.txt
    2014-02-20 12:57 - 2014-02-20 12:57 - 00000000 ____D () C:\FRST
    2014-02-20 12:56 - 2014-02-20 12:57 - 02153472 _____ (Farbar) C:\Users\Art\Downloads\FRST64(2).exe
    2014-02-20 12:48 - 2014-02-20 12:48 - 01241834 _____ () C:\Users\Art\Desktop\AdwCleaner(1).exe
    2014-02-20 12:24 - 2014-02-20 12:25 - 02153472 _____ (Farbar) C:\Users\Art\Desktop\FRST64.exe
    2014-02-20 11:49 - 2014-02-20 11:49 - 00001780 _____ () C:\Users\Art\Desktop\RKreport[0]_S_02202014_114939.txt
    2014-02-20 11:47 - 2014-02-20 12:42 - 00000000 ____D () C:\Users\Art\Desktop\RK_Quarantine
    2014-02-20 11:47 - 2014-02-20 11:48 - 02153472 _____ (Farbar) C:\Users\Art\Downloads\FRST64.exe
    2014-02-20 11:14 - 2014-02-20 11:15 - 04413952 _____ () C:\Users\Art\Desktop\RogueKillerX64 (1).exe
    2014-02-20 11:13 - 2014-02-20 11:13 - 04413952 _____ () C:\Users\Art\Downloads\RogueKillerX64.exe
    2014-02-20 11:12 - 2014-02-20 11:13 - 03817984 _____ () C:\Users\Art\Downloads\RogueKiller.exe
    2014-02-19 11:11 - 2014-02-19 09:04 - 00504352 _____ () C:\Users\Art\Downloads\Backup_of_Ryan Bywater - handyman.cdr
    2014-02-19 09:04 - 2014-02-19 11:11 - 01449057 _____ () C:\Users\Art\Downloads\Ryan Bywater - handyman.cdr
    2014-02-18 16:57 - 2014-02-18 16:57 - 00014217 _____ () C:\Users\Art\Downloads\GOOLOOGONG TRAIL RIDERS.DST
    2014-02-17 12:19 - 2014-02-17 12:19 - 00000000 ____D () C:\Windows\pss
    2014-02-17 12:02 - 2014-02-17 12:05 - 00000632 __RSH () C:\Users\Art\ntuser.pol
    2014-02-17 11:31 - 2014-02-20 12:51 - 00000000 ____D () C:\AdwCleaner
    2014-02-17 11:31 - 2014-02-17 11:31 - 01166132 _____ () C:\Users\Art\Downloads\AdwCleaner.exe
    2014-02-17 10:30 - 2014-02-17 11:22 - 00000000 ____D () C:\JRT
    2014-02-17 10:03 - 2014-02-17 10:03 - 00091352 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
    2014-02-17 09:54 - 2014-02-17 09:54 - 12589848 _____ (Malwarebytes Corp.) C:\Users\Art\Downloads\mbar-1.07.0.1009.exe
    2014-02-17 09:49 - 2014-02-20 12:27 - 00000000 ____D () C:\Users\Art\Desktop\Darren Computer Doctor
    2014-02-17 09:44 - 2014-02-17 09:44 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
    2014-02-14 09:48 - 2014-02-17 09:37 - 00000000 ____D () C:\ProgramData\SAVerPProo
    2014-02-14 09:48 - 2014-02-14 09:48 - 00000000 ____D () C:\Users\Art\AppData\Local\Packages
    2014-02-13 03:01 - 2013-12-21 20:53 - 00548864 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
    2014-02-13 03:01 - 2013-12-21 19:56 - 00454656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
    2014-02-13 03:00 - 2014-02-06 23:16 - 23170048 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
    2014-02-13 03:00 - 2014-02-06 22:30 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
    2014-02-13 03:00 - 2014-02-06 22:30 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
    2014-02-13 03:00 - 2014-02-06 22:12 - 02765824 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
    2014-02-13 03:00 - 2014-02-06 22:07 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
    2014-02-13 03:00 - 2014-02-06 22:06 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
    2014-02-13 03:00 - 2014-02-06 21:57 - 00053760 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
    2014-02-13 03:00 - 2014-02-06 21:56 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
    2014-02-13 03:00 - 2014-02-06 21:52 - 00574976 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
    2014-02-13 03:00 - 2014-02-06 21:49 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
    2014-02-13 03:00 - 2014-02-06 21:48 - 00708608 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
    2014-02-13 03:00 - 2014-02-06 21:48 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
    2014-02-13 03:00 - 2014-02-06 21:38 - 17103872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
    2014-02-13 03:00 - 2014-02-06 21:32 - 00218624 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
    2014-02-13 03:00 - 2014-02-06 21:20 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
    2014-02-13 03:00 - 2014-02-06 21:17 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
    2014-02-13 03:00 - 2014-02-06 21:11 - 05768704 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
    2014-02-13 03:00 - 2014-02-06 21:01 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
    2014-02-13 03:00 - 2014-02-06 21:00 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
    2014-02-13 03:00 - 2014-02-06 20:57 - 02168320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
    2014-02-13 03:00 - 2014-02-06 20:57 - 00627200 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
    2014-02-13 03:00 - 2014-02-06 20:52 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
    2014-02-13 03:00 - 2014-02-06 20:52 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
    2014-02-13 03:00 - 2014-02-06 20:50 - 02041856 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
    2014-02-13 03:00 - 2014-02-06 20:49 - 00440832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
    2014-02-13 03:00 - 2014-02-06 20:47 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
    2014-02-13 03:00 - 2014-02-06 20:46 - 00553472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
    2014-02-13 03:00 - 2014-02-06 20:25 - 04244480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
    2014-02-13 03:00 - 2014-02-06 20:25 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
    2014-02-13 03:00 - 2014-02-06 20:24 - 02334208 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
    2014-02-13 03:00 - 2014-02-06 20:22 - 13051392 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
    2014-02-13 03:00 - 2014-02-06 20:13 - 00524288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
    2014-02-13 03:00 - 2014-02-06 20:09 - 01964032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
    2014-02-13 03:00 - 2014-02-06 20:03 - 11266048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
    2014-02-13 03:00 - 2014-02-06 19:55 - 01393664 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
    2014-02-13 03:00 - 2014-02-06 19:41 - 01820160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
    2014-02-13 03:00 - 2014-02-06 19:40 - 00817664 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
    2014-02-13 03:00 - 2014-02-06 19:36 - 01156096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
    2014-02-13 03:00 - 2014-02-06 19:34 - 00703488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
    2014-02-12 17:48 - 2014-01-01 10:05 - 00420008 _____ () C:\Windows\SysWOW64\locale.nls
    2014-02-12 17:48 - 2014-01-01 10:04 - 00420008 _____ () C:\Windows\system32\locale.nls
    2014-02-12 17:48 - 2013-12-06 13:30 - 01882112 _____ (Microsoft Corporation) C:\Windows\system32\msxml3.dll
    2014-02-12 17:48 - 2013-12-06 13:30 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\msxml3r.dll
    2014-02-12 17:48 - 2013-12-06 13:02 - 01237504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3.dll
    2014-02-12 17:48 - 2013-12-06 13:02 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3r.dll
    2014-02-12 17:45 - 2013-12-04 13:27 - 00488448 _____ (Microsoft Corporation) C:\Windows\system32\secproc.dll
    2014-02-12 17:45 - 2013-12-04 13:27 - 00485888 _____ (Microsoft Corporation) C:\Windows\system32\secproc_isv.dll
    2014-02-12 17:45 - 2013-12-04 13:27 - 00123392 _____ (Microsoft Corporation) C:\Windows\system32\secproc_ssp_isv.dll
    2014-02-12 17:45 - 2013-12-04 13:27 - 00123392 _____ (Microsoft Corporation) C:\Windows\system32\secproc_ssp.dll
    2014-02-12 17:45 - 2013-12-04 13:26 - 00528384 _____ (Microsoft Corporation) C:\Windows\system32\msdrm.dll
    2014-02-12 17:45 - 2013-12-04 13:16 - 00658432 _____ (Microsoft Corporation) C:\Windows\system32\RMActivate_isv.exe
    2014-02-12 17:45 - 2013-12-04 13:16 - 00626176 _____ (Microsoft Corporation) C:\Windows\system32\RMActivate.exe
    2014-02-12 17:45 - 2013-12-04 13:16 - 00553984 _____ (Microsoft Corporation) C:\Windows\system32\RMActivate_ssp.exe
    2014-02-12 17:45 - 2013-12-04 13:16 - 00552960 _____ (Microsoft Corporation) C:\Windows\system32\RMActivate_ssp_isv.exe
    2014-02-12 17:45 - 2013-12-04 13:03 - 00428032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secproc.dll
    2014-02-12 17:45 - 2013-12-04 13:03 - 00423936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secproc_isv.dll
    2014-02-12 17:45 - 2013-12-04 13:03 - 00087040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secproc_ssp_isv.dll
    2014-02-12 17:45 - 2013-12-04 13:03 - 00087040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secproc_ssp.dll
    2014-02-12 17:45 - 2013-12-04 13:02 - 00390144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msdrm.dll
    2014-02-12 17:45 - 2013-12-04 12:54 - 00594944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RMActivate_isv.exe
    2014-02-12 17:45 - 2013-12-04 12:54 - 00572416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RMActivate.exe
    2014-02-12 17:45 - 2013-12-04 12:54 - 00510976 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RMActivate_ssp.exe
    2014-02-12 17:45 - 2013-12-04 12:54 - 00508928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RMActivate_ssp_isv.exe
    2014-02-12 17:36 - 2013-12-25 10:09 - 01987584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10warp.dll
    2014-02-12 17:36 - 2013-12-25 09:48 - 02565120 _____ (Microsoft Corporation) C:\Windows\system32\d3d10warp.dll
    2014-02-12 17:36 - 2013-11-26 19:16 - 03419136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d2d1.dll
    2014-02-12 17:36 - 2013-11-23 09:48 - 03928064 _____ (Microsoft Corporation) C:\Windows\system32\d2d1.dll
    2014-02-07 15:56 - 2014-02-07 15:56 - 00235187 _____ () C:\Users\Art\Downloads\balletschoollogo.zip
    2014-02-06 10:35 - 2014-02-06 10:59 - 00000000 ____D () C:\Users\Art\Desktop\kristen ph 2014
    2014-02-03 14:17 - 2014-02-03 14:17 - 12584780 _____ () C:\Users\Art\Desktop\SHANNON'S LOGO.cdr
    2014-02-03 13:32 - 2014-02-17 09:37 - 00000000 ____D () C:\ProgramData\HtmmlCHEcckeer
    2014-02-03 13:32 - 2014-02-03 13:32 - 00000258 __RSH () C:\ProgramData\ntuser.pol
    2014-02-03 13:32 - 2014-02-03 13:32 - 00000000 ____D () C:\ProgramData\angijblkobfiimfjbllaaalefeapmplj

    ==================== One Month Modified Files and Folders =======

    2014-02-20 12:58 - 2014-02-20 12:57 - 00014138 _____ () C:\Users\Art\Desktop\FRST.txt
    2014-02-20 12:57 - 2014-02-20 12:57 - 00000000 ____D () C:\FRST
    2014-02-20 12:57 - 2014-02-20 12:56 - 02153472 _____ (Farbar) C:\Users\Art\Downloads\FRST64(2).exe
    2014-02-20 12:57 - 2011-07-06 15:31 - 01581956 _____ () C:\Windows\WindowsUpdate.log
    2014-02-20 12:54 - 2013-06-13 16:01 - 00001433 _____ () C:\Users\Art\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Search.lnk
    2014-02-20 12:53 - 2011-07-06 18:07 - 00000320 _____ () C:\Windows\Tasks\GlaryInitialize.job
    2014-02-20 12:52 - 2013-06-29 13:32 - 00026680 _____ () C:\Windows\setupact.log
    2014-02-20 12:52 - 2011-07-06 15:59 - 00000000 ____D () C:\ProgramData\NVIDIA
    2014-02-20 12:52 - 2009-07-14 16:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
    2014-02-20 12:51 - 2014-02-17 11:31 - 00000000 ____D () C:\AdwCleaner
    2014-02-20 12:51 - 2009-07-14 15:45 - 00021888 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
    2014-02-20 12:51 - 2009-07-14 15:45 - 00021888 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
    2014-02-20 12:48 - 2014-02-20 12:48 - 01241834 _____ () C:\Users\Art\Desktop\AdwCleaner(1).exe
    2014-02-20 12:42 - 2014-02-20 11:47 - 00000000 ____D () C:\Users\Art\Desktop\RK_Quarantine
    2014-02-20 12:27 - 2014-02-17 09:49 - 00000000 ____D () C:\Users\Art\Desktop\Darren Computer Doctor
    2014-02-20 12:25 - 2014-02-20 12:24 - 02153472 _____ (Farbar) C:\Users\Art\Desktop\FRST64.exe
    2014-02-20 12:15 - 2011-07-06 18:02 - 00000900 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3037837604-4240180166-2112078839-1000UA.job
    2014-02-20 12:04 - 2012-09-11 20:09 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
    2014-02-20 11:49 - 2014-02-20 11:49 - 00001780 _____ () C:\Users\Art\Desktop\RKreport[0]_S_02202014_114939.txt
    2014-02-20 11:48 - 2014-02-20 11:47 - 02153472 _____ (Farbar) C:\Users\Art\Downloads\FRST64.exe
    2014-02-20 11:37 - 2013-06-29 16:11 - 00128322 _____ () C:\Windows\PFRO.log
    2014-02-20 11:15 - 2014-02-20 11:14 - 04413952 _____ () C:\Users\Art\Desktop\RogueKillerX64 (1).exe
    2014-02-20 11:13 - 2014-02-20 11:13 - 04413952 _____ () C:\Users\Art\Downloads\RogueKillerX64.exe
    2014-02-20 11:13 - 2014-02-20 11:12 - 03817984 _____ () C:\Users\Art\Downloads\RogueKiller.exe
    2014-02-20 08:15 - 2011-07-06 18:01 - 00000848 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3037837604-4240180166-2112078839-1000Core.job
    2014-02-19 11:11 - 2014-02-19 09:04 - 01449057 _____ () C:\Users\Art\Downloads\Ryan Bywater - handyman.cdr
    2014-02-19 09:04 - 2014-02-19 11:11 - 00504352 _____ () C:\Users\Art\Downloads\Backup_of_Ryan Bywater - handyman.cdr
    2014-02-18 16:57 - 2014-02-18 16:57 - 00014217 _____ () C:\Users\Art\Downloads\GOOLOOGONG TRAIL RIDERS.DST
    2014-02-17 12:19 - 2014-02-17 12:19 - 00000000 ____D () C:\Windows\pss
    2014-02-17 12:19 - 2011-07-06 15:53 - 00000000 ___RD () C:\Users\Art\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
    2014-02-17 12:12 - 2011-07-06 18:10 - 00000000 ____D () C:\Users\Art\AppData\Roaming\Dropbox
    2014-02-17 12:11 - 2011-06-11 22:02 - 00000000 ___RD () C:\Users\Art\Dropbox
    2014-02-17 12:05 - 2014-02-17 12:02 - 00000632 __RSH () C:\Users\Art\ntuser.pol
    2014-02-17 12:05 - 2011-07-06 15:52 - 00000000 ____D () C:\Users\Art
    2014-02-17 11:31 - 2014-02-17 11:31 - 01166132 _____ () C:\Users\Art\Downloads\AdwCleaner.exe
    2014-02-17 11:22 - 2014-02-17 10:30 - 00000000 ____D () C:\JRT
    2014-02-17 11:21 - 2013-06-29 20:32 - 00000000 ____D () C:\ProgramData\Malwarebytes' Anti-Malware (portable)
    2014-02-17 10:03 - 2014-02-17 10:03 - 00091352 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
    2014-02-17 10:00 - 2012-05-03 17:59 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
    2014-02-17 09:54 - 2014-02-17 09:54 - 12589848 _____ (Malwarebytes Corp.) C:\Users\Art\Downloads\mbar-1.07.0.1009.exe
    2014-02-17 09:52 - 2013-06-29 20:15 - 00000000 ____D () C:\Windows\ERDNT
    2014-02-17 09:44 - 2014-02-17 09:44 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
    2014-02-17 09:37 - 2014-02-14 09:48 - 00000000 ____D () C:\ProgramData\SAVerPProo
    2014-02-17 09:37 - 2014-02-03 13:32 - 00000000 ____D () C:\ProgramData\HtmmlCHEcckeer
    2014-02-17 09:37 - 2014-01-06 04:13 - 00000000 ____D () C:\ProgramData\SmiArtCOmpare
    2014-02-17 09:37 - 2014-01-06 04:13 - 00000000 ____D () C:\ProgramData\saveron
    2014-02-17 09:15 - 2009-07-14 16:13 - 00783374 _____ () C:\Windows\system32\PerfStringBackup.INI
    2014-02-17 09:12 - 2013-06-29 16:24 - 00000000 ____D () C:\Program Files\SUPERAntiSpyware
    2014-02-14 09:48 - 2014-02-14 09:48 - 00000000 ____D () C:\Users\Art\AppData\Local\Packages
    2014-02-14 09:48 - 2014-01-06 04:13 - 00000000 ____D () C:\ProgramData\f77b50b554af04de
    2014-02-14 09:18 - 2013-12-20 00:18 - 00000127 _____ () C:\Users\Art\AppData\Roaming\WB.CFG
    2014-02-13 04:22 - 2009-07-14 14:20 - 00000000 ____D () C:\Windows\rescache
    2014-02-13 03:14 - 2011-07-06 18:29 - 00768842 _____ () C:\Windows\SysWOW64\PerfStringBackup.INI
    2014-02-07 15:56 - 2014-02-07 15:56 - 00235187 _____ () C:\Users\Art\Downloads\balletschoollogo.zip
    2014-02-06 23:16 - 2014-02-13 03:00 - 23170048 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
    2014-02-06 22:30 - 2014-02-13 03:00 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
    2014-02-06 22:30 - 2014-02-13 03:00 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
    2014-02-06 22:12 - 2014-02-13 03:00 - 02765824 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
    2014-02-06 22:07 - 2014-02-13 03:00 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
    2014-02-06 22:06 - 2014-02-13 03:00 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
    2014-02-06 21:57 - 2014-02-13 03:00 - 00053760 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
    2014-02-06 21:56 - 2014-02-13 03:00 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
    2014-02-06 21:52 - 2014-02-13 03:00 - 00574976 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
    2014-02-06 21:49 - 2014-02-13 03:00 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
    2014-02-06 21:48 - 2014-02-13 03:00 - 00708608 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
    2014-02-06 21:48 - 2014-02-13 03:00 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
    2014-02-06 21:38 - 2014-02-13 03:00 - 17103872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
    2014-02-06 21:32 - 2014-02-13 03:00 - 00218624 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
    2014-02-06 21:20 - 2014-02-13 03:00 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
    2014-02-06 21:17 - 2014-02-13 03:00 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
    2014-02-06 21:11 - 2014-02-13 03:00 - 05768704 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
    2014-02-06 21:01 - 2014-02-13 03:00 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
    2014-02-06 21:00 - 2014-02-13 03:00 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
    2014-02-06 20:57 - 2014-02-13 03:00 - 02168320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
    2014-02-06 20:57 - 2014-02-13 03:00 - 00627200 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
    2014-02-06 20:52 - 2014-02-13 03:00 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
    2014-02-06 20:52 - 2014-02-13 03:00 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
    2014-02-06 20:50 - 2014-02-13 03:00 - 02041856 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
    2014-02-06 20:49 - 2014-02-13 03:00 - 00440832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
    2014-02-06 20:47 - 2014-02-13 03:00 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
    2014-02-06 20:46 - 2014-02-13 03:00 - 00553472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
    2014-02-06 20:25 - 2014-02-13 03:00 - 04244480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
    2014-02-06 20:25 - 2014-02-13 03:00 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
    2014-02-06 20:24 - 2014-02-13 03:00 - 02334208 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
    2014-02-06 20:22 - 2014-02-13 03:00 - 13051392 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
    2014-02-06 20:13 - 2014-02-13 03:00 - 00524288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
    2014-02-06 20:09 - 2014-02-13 03:00 - 01964032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
    2014-02-06 20:03 - 2014-02-13 03:00 - 11266048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
    2014-02-06 19:55 - 2014-02-13 03:00 - 01393664 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
    2014-02-06 19:41 - 2014-02-13 03:00 - 01820160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
    2014-02-06 19:40 - 2014-02-13 03:00 - 00817664 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
    2014-02-06 19:36 - 2014-02-13 03:00 - 01156096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
    2014-02-06 19:34 - 2014-02-13 03:00 - 00703488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
    2014-02-06 10:59 - 2014-02-06 10:35 - 00000000 ____D () C:\Users\Art\Desktop\kristen ph 2014
    2014-02-05 13:04 - 2012-09-11 20:09 - 00692616 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
    2014-02-05 13:04 - 2012-09-11 20:09 - 00003768 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
    2014-02-05 13:04 - 2011-07-06 18:02 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
    2014-02-03 14:17 - 2014-02-03 14:17 - 12584780 _____ () C:\Users\Art\Desktop\SHANNON'S LOGO.cdr
    2014-02-03 13:32 - 2014-02-03 13:32 - 00000258 __RSH () C:\ProgramData\ntuser.pol
    2014-02-03 13:32 - 2014-02-03 13:32 - 00000000 ____D () C:\ProgramData\angijblkobfiimfjbllaaalefeapmplj
    2014-02-03 13:32 - 2009-07-14 14:20 - 00000000 ___HD () C:\Windows\system32\GroupPolicy
    2014-02-03 13:32 - 2009-07-14 14:20 - 00000000 ____D () C:\Windows\SysWOW64\GroupPolicy
    2014-01-28 09:26 - 2013-11-28 08:26 - 00000000 ____D () C:\Users\Art\Desktop\assorted files
    2014-01-28 09:26 - 2012-01-06 13:00 - 00000000 ____D () C:\Users\Art\Desktop\2012-01-06 kristens camera
    2014-01-28 09:25 - 2013-08-12 15:11 - 00000000 ____D () C:\Users\Art\Desktop\wilcox fliers

    Some content of TEMP:
    ====================
    C:\Users\Art\AppData\Local\Temp\avgnt.exe
    C:\Users\Art\AppData\Local\Temp\ntdll_dump.dll
    C:\Users\Art\AppData\Local\Temp\Quarantine.exe


    ==================== Bamital & volsnap Check =================

    C:\Windows\System32\winlogon.exe => MD5 is legit
    C:\Windows\System32\wininit.exe => MD5 is legit
    C:\Windows\SysWOW64\wininit.exe => MD5 is legit
    C:\Windows\explorer.exe => MD5 is legit
    C:\Windows\SysWOW64\explorer.exe => MD5 is legit
    C:\Windows\System32\svchost.exe => MD5 is legit
    C:\Windows\SysWOW64\svchost.exe => MD5 is legit
    C:\Windows\System32\services.exe => MD5 is legit
    C:\Windows\System32\User32.dll => MD5 is legit
    C:\Windows\SysWOW64\User32.dll => MD5 is legit
    C:\Windows\System32\userinit.exe => MD5 is legit
    C:\Windows\SysWOW64\userinit.exe => MD5 is legit
    C:\Windows\System32\rpcss.dll => MD5 is legit
    C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit


    LastRegBack: 2014-02-18 09:21

    ==================== End Of Log ============================

    addition.txt attached

    Addition.txt

  10. # AdwCleaner v3.019 - Report created 20/02/2014 at 12:51:38
    # Updated 17/02/2014 by Xplode
    # Operating System : Windows 7 Home Premium Service Pack 1 (64 bits)
    # Username : Art - ART-PC
    # Running from : C:\Users\Art\Desktop\AdwCleaner(1).exe
    # Option : Clean

    ***** [ Services ] *****


    ***** [ Files / Folders ] *****

    Folder Deleted : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Driver Pro
    Folder Deleted : C:\Program Files (x86)\Driver Pro
    Folder Deleted : C:\Program Files (x86)\FoxTab
    Folder Deleted : C:\Users\Art\AppData\Roaming\Driver Pro
    Folder Deleted : C:\Users\Art\AppData\Roaming\FoxTab
    Folder Deleted : C:\Users\Art\AppData\Roaming\pluswinks
    File Deleted : C:\Users\Art\AppData\Roaming\Mozilla\Firefox\Profiles\fadztibp.default\Extensions\speedanalysis02@SpeedAnalysis.com.xpi

    ***** [ Shortcuts ] *****

    Shortcut Disinfected : C:\Users\Art\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Search.lnk

    ***** [ Registry ] *****

    Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\mmiopbgcekanlhpjkonogoljpfmhpkhf
    Key Deleted : HKLM\SOFTWARE\Classes\*\shell\filescout
    Key Deleted : HKLM\SOFTWARE\Classes\secman.OutlookSecurityManager
    Key Deleted : HKLM\SOFTWARE\Classes\secman.OutlookSecurityManager.1
    Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\askchecker_RASAPI32
    Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\askchecker_RASMANCS
    Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\desk365_RASAPI32
    Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\desk365_RASMANCS
    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{00000001-4FEF-40D3-B3FA-E0531B897F98}
    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{AF175732-0D59-716D-F757-9F1492D808D9}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{AFB130D4-7DD2-41EB-A9AD-4C90414657F4}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{C66F0B7A-BD67-4982-AF71-C6CA6E7F016F}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{DB507187-9746-458C-97DA-C458131EEDE7}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{EAF749DC-CD87-4B04-B22A-D4AC3FBCB2BC}
    Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{65F1815B-26A0-4AA8-A973-1598F6D646F6}
    Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{AFB130D4-7DD2-41EB-A9AD-4C90414657F4}
    Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{C66F0B7A-BD67-4982-AF71-C6CA6E7F016F}
    Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{DB507187-9746-458C-97DA-C458131EEDE7}
    Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{EAF749DC-CD87-4B04-B22A-D4AC3FBCB2BC}
    Key Deleted : HKCU\Software\Driver Pro
    [x] Not Deleted : HKCU\Software\InstallCore
    Key Deleted : HKCU\Software\tuguu sl
    Key Deleted : HKLM\Software\{3A7D3E19-1B79-4E4E-BD96-5467DA2C4EF0}
    [x] Not Deleted : HKLM\Software\InstallCore
    Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Driver Pro_is1
    [x] Not Deleted : [x64] HKCU\Software\InstallCore

    ***** [ Browsers ] *****

    -\\ Internet Explorer v11.0.9600.16518

    Setting Restored : HKCU\Software\Microsoft\Internet Explorer\SearchUrl [Default]
    Setting Restored : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchUrl [Default]

    -\\ Mozilla Firefox v27.0.1 (en-US)

    [ File : C:\Users\Art\AppData\Roaming\Mozilla\Firefox\Profiles\fadztibp.default\prefs.js ]



    -\\ Google Chrome v

    [ File : C:\Users\Art\AppData\Local\Google\Chrome\User Data\Default\preferences ]


    *************************

    AdwCleaner[R0].txt - [6210 octets] - [17/02/2014 11:32:00]
    AdwCleaner[R1].txt - [4252 octets] - [20/02/2014 12:48:55]
    AdwCleaner[s0].txt - [6127 octets] - [17/02/2014 11:35:06]
    AdwCleaner[s1].txt - [3740 octets] - [20/02/2014 12:51:38]

    ########## EOF - C:\AdwCleaner\AdwCleaner[s1].txt - [3800 octets] ##########
     

  11. She uses Chrome & yet to see things replicated in Firefox.  Definitely extensions/addons can't get rid of in Chrome

    e.g. Saveron, htmmlCHEcckeer

     

    RogueKiller V8.8.8 _x64_ [Feb 19 2014] by Tigzy
    mail : tigzyRK<at>gmail<dot>com
    Feedback : http://forum.adlice.com
    Website : http://www.adlice.com/softwares/roguekiller/
    Blog : http://www.adlice.com

    Operating System : Windows 7 (6.1.7601 Service Pack 1) 64 bits version
    Started in : Normal mode
    User : Art [Admin rights]
    Mode : Scan -- Date : 02/20/2014 12:29:43
    | ARK || FAK || MBR |

    ¤¤¤ Bad processes : 0 ¤¤¤

    ¤¤¤ Registry Entries : 0 ¤¤¤

    ¤¤¤ Scheduled tasks : 0 ¤¤¤

    ¤¤¤ Startup Entries : 0 ¤¤¤

    ¤¤¤ Web browsers : 0 ¤¤¤

    ¤¤¤ Browser Addons : 0 ¤¤¤

    ¤¤¤ Particular Files / Folders: ¤¤¤

    ¤¤¤ Driver : [NOT LOADED 0x0] ¤¤¤

    ¤¤¤ External Hives: ¤¤¤

    ¤¤¤ Infection :  ¤¤¤

    ¤¤¤ HOSTS File: ¤¤¤
    --> %SystemRoot%\System32\drivers\etc\hosts




    ¤¤¤ MBR Check: ¤¤¤

    +++++ PhysicalDrive0: (\\.\PHYSICALDRIVE0 @ SCSI) Hitachi HDT721032SLA SCSI Disk Device +++++
    --- User ---
    [MBR] ea1c020db9750956af345cdfe8ce9d40
    [bSP] ceb84c3e7b096f62a58a22cb4210973b : Windows 7/8 MBR Code
    Partition table:
    0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 63 | Size: 294833 Mo
    1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 603819090 | Size: 10409 Mo
    User = LL1 ... OK!
    Error reading LL2 MBR! ([0x1] Incorrect function. )

    +++++ PhysicalDrive1: (\\.\PHYSICALDRIVE1 @ USB) TOSHIBA MK3252GSX USB Device +++++
    --- User ---
    [MBR] f47c40799e7b3a318fe50e4bf03f04d6
    [bSP] 9e38cd1b459863a78110369a3424f516 : Windows XP MBR Code
    Partition table:
    0 - [XXXXXX] FAT32 (0x0b) [VISIBLE] Offset (sectors): 63 | Size: 305242 Mo
    User = LL1 ... OK!
    Error reading LL2 MBR! ([0x32] The request is not supported. )

    Finished : << RKreport[0]_S_02202014_122943.txt >>
    RKreport[0]_S_02202014_114939.txt


     

  12. Using my Aunt's computer she tells me when she clicks a link from email that it redirects to an advertisement.  When she closes that and clicks again it takes her to where the link should go.  I have seen this replicated.

     

    I am told that this happens with some website links too but I have not seen it replicated.

     

    I have ran MBAM which finds nothing.

     

    The browsers do seem to have a few add-ons I cannot remove.  I am hoping you can help with this as soon as possible.

     

    DDS

     

    DDS (Ver_2012-11-20.01) - NTFS_AMD64 

    Internet Explorer: 11.0.9600.16518  BrowserJavaVersion: 1.6.0_26
    Run by Art at 11:23:31 on 2014-02-20
    Microsoft Windows 7 Home Premium   6.1.7601.1.1252.61.1033.18.4094.2406 [GMT 11:00]
    .
    AV: Avira Desktop *Disabled/Updated* {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C}
    SP: Avira Desktop *Disabled/Updated* {4D1AAC01-E68E-63B1-344F-57F1C6DA4691}
    SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    .
    ============== Running Processes ===============
    .
    C:\Windows\system32\lsm.exe
    C:\Windows\system32\svchost.exe -k DcomLaunch
    C:\Windows\system32\nvvsvc.exe
    C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
    C:\Windows\system32\svchost.exe -k RPCSS
    C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
    C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
    C:\Windows\system32\svchost.exe -k LocalService
    C:\Windows\system32\svchost.exe -k netsvcs
    C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
    C:\Windows\system32\nvvsvc.exe
    C:\Windows\system32\svchost.exe -k NetworkService
    C:\Windows\System32\spoolsv.exe
    C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
    C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
    C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE
    C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
    C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
    C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    C:\Program Files\Bonjour\mDNSResponder.exe
    C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
    C:\Program Files (x86)\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe
    C:\Windows\system32\mfevtps.exe
    C:\Windows\System32\svchost.exe -k HPZ12
    C:\Windows\System32\svchost.exe -k HPZ12
    c:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe
    C:\Program Files (x86)\Common Files\Research In Motion\Tunnel Manager\mDNSResponder.exe
    C:\Program Files (x86)\TeamViewer\Version6\TeamViewer_Service.exe
    C:\Program Files (x86)\Common Files\Research In Motion\Tunnel Manager\tunmgr.exe
    C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe
    C:\Program Files (x86)\Common Files\Research In Motion\USB Drivers\BbDevMgr.exe
    C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
    C:\Windows\System32\WUDFHost.exe
    C:\Program Files\Windows Media Player\wmpnetwk.exe
    C:\Windows\system32\SearchIndexer.exe
    C:\Windows\system32\taskhost.exe
    C:\Windows\system32\Dwm.exe
    C:\Windows\Explorer.EXE
    C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
    C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
    C:\Windows\system32\wuauclt.exe
    C:\Windows\splwow64.exe
    C:\Program Files (x86)\Corel\CorelDRAW Graphics Suite X5\Programs\CorelDRW.exe
    C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
    C:\Users\Art\AppData\Local\Google\Chrome\Application\chrome.exe
    C:\Users\Art\AppData\Local\Google\Chrome\Application\chrome.exe
    C:\Users\Art\AppData\Local\Google\Chrome\Application\chrome.exe
    C:\Users\Art\AppData\Local\Google\Chrome\Application\chrome.exe
    C:\Users\Art\AppData\Local\Google\Chrome\Application\chrome.exe
    C:\Users\Art\AppData\Local\Google\Chrome\Application\chrome.exe
    C:\Users\Art\AppData\Local\Google\Chrome\Application\chrome.exe
    C:\Users\Art\AppData\Local\Google\Chrome\Application\chrome.exe
    C:\Windows\system32\wbem\wmiprvse.exe
    C:\Windows\System32\cscript.exe
    .
    ============== Pseudo HJT Report ===============
    .
    uSearch Bar = Preserve
    mWinlogon: Userinit = userinit.exe,
    BHO: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
    mRun: [avgnt] "C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe" /min
    uPolicies-Explorer: NoDriveTypeAutoRun = dword:145
    mPolicies-Explorer: NoActiveDesktop = dword:1
    mPolicies-Explorer: NoActiveDesktopChanges = dword:1
    mPolicies-System: ConsentPromptBehaviorUser = dword:3
    mPolicies-System: EnableUIADesktopToggle = dword:0
    mPolicies-System: PromptOnSecureDesktop = dword:0
    IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}
    TCP: NameServer = 192.168.0.1
    TCP: Interfaces\{52F2FB98-8872-4EF1-95C3-33EBCBF77F98} : DHCPNameServer = 192.168.0.1
    TCP: Interfaces\{52F2FB98-8872-4EF1-95C3-33EBCBF77F98}\24967605F6E646730314733354 : DHCPNameServer = 10.0.0.138
    TCP: Interfaces\{52F2FB98-8872-4EF1-95C3-33EBCBF77F98}\4617033377966696F57607 : DHCPNameServer = 192.168.2.1
    TCP: Interfaces\{AA744B14-17C3-4908-8B0F-70FA782E1D2F} : DHCPNameServer = 192.168.0.1
    SSODL: WebCheck - <orphaned>
    x64-BHO: SmiArtCOmpare: {398C9C18-BC8C-0898-D9E0-970DF3155E3F} - 
    x64-BHO: SAVerPProo: {3BA54BE3-E60C-331A-8B9E-EDE4B47C7DA5} - 
    x64-BHO: HtmmlCHEcckeer: {EFF36C2F-FE0E-65F5-D760-506F3370A3DD} - 
    x64-BHO: saveron: {FBCAE03C-9230-8ABA-AB8B-335B2FDE7C0F} - 
    x64-SSODL: WebCheck - <orphaned>
    .
    ================= FIREFOX ===================
    .
    FF - ProfilePath - C:\Users\Art\AppData\Roaming\Mozilla\Firefox\Profiles\fadztibp.default\
    FF - plugin: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll
    FF - plugin: C:\Program Files (x86)\Common Files\Research In Motion\BBWebSLLauncher\NPWebSLLauncher.dll
    FF - plugin: C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll
    FF - plugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
    FF - plugin: C:\Program Files (x86)\Microsoft Silverlight\5.1.20913.0\npctrlui.dll
    FF - plugin: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll
    FF - plugin: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll
    FF - plugin: C:\Users\Art\AppData\Local\Google\Update\1.3.22.3\npGoogleUpdate3.dll
    FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_12_0_0_44.dll
    FF - ExtSQL: 2014-02-05 15:42; zvb-wqbdfp@ai-opqpr.net; C:\Users\Art\AppData\Roaming\Mozilla\Firefox\Profiles\fadztibp.default\extensions\zvb-wqbdfp@ai-opqpr.net
    FF - ExtSQL: 2014-02-05 15:42; yyuixx.yiea@dmfbjbqi.org; C:\Users\Art\AppData\Roaming\Mozilla\Firefox\Profiles\fadztibp.default\extensions\yyuixx.yiea@dmfbjbqi.org
    FF - ExtSQL: 2014-02-05 15:42; ydzoeiue@rhdp.edu; C:\Users\Art\AppData\Roaming\Mozilla\Firefox\Profiles\fadztibp.default\extensions\ydzoeiue@rhdp.edu
    .
    ============= SERVICES / DRIVERS ===============
    .
    R0 mfehidk;McAfee Inc. mfehidk;C:\Windows\System32\drivers\mfehidk.sys [2010-7-8 529000]
    R1 avgtp;avgtp;C:\Windows\System32\drivers\avgtpx64.sys [2013-5-8 40736]
    R1 avkmgr;avkmgr;C:\Windows\System32\drivers\avkmgr.sys [2013-6-29 28600]
    R1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;C:\Windows\System32\drivers\dtsoftbus01.sys [2011-7-6 254528]
    R1 SASDIFSV;SASDIFSV;C:\Program Files\SUPERAntiSpyware\sasdifsv64.sys [2011-7-23 14928]
    R1 SASKUTIL;SASKUTIL;C:\Program Files\SUPERAntiSpyware\saskutil64.sys [2011-7-13 12368]
    R2 !SASCORE;SAS Core Service;C:\Program Files\SUPERAntiSpyware\SASCore64.exe [2012-7-12 140672]
    R2 AntiVirSchedulerService;Avira Scheduler;C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [2013-6-29 440376]
    R2 AntiVirService;Avira Real-Time Protection;C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [2013-6-29 440376]
    R2 avgntflt;avgntflt;C:\Windows\System32\drivers\avgntflt.sys [2013-6-29 108440]
    R2 mfevtp;McAfee Validation Trust Protection Service;C:\Windows\System32\mfevtps.exe [2013-6-21 149032]
    R2 RIM MDNS;RIM MDNS;C:\Program Files (x86)\Common Files\Research in Motion\Tunnel Manager\mDNSResponder.exe [2013-6-4 389632]
    R2 RIM Tunnel Service;BlackBerry Link Communication Manager;C:\Program Files (x86)\Common Files\Research in Motion\Tunnel Manager\tunmgr.exe [2013-6-4 1263616]
    R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2013-1-18 383264]
    R2 TeamViewer6;TeamViewer 6;C:\Program Files (x86)\TeamViewer\Version6\TeamViewer_Service.exe [2011-7-6 2337144]
    R3 BlackBerry Device Manager;BlackBerry Device Manager;C:\Program Files (x86)\Common Files\Research in Motion\USB Drivers\BbDevMgr.exe [2013-3-6 585728]
    R3 rimvndis;BlackBerry Virtual Private Network;C:\Windows\System32\drivers\rimvndis6_AMD64.sys [2013-6-4 17920]
    S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
    S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
    S2 vToolbarUpdater15.1.0;vToolbarUpdater15.1.0;C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\15.1.0\ToolbarUpdater.exe --> C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\15.1.0\ToolbarUpdater.exe [?]
    S3 dg_ssudbus;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.);C:\Windows\System32\drivers\ssudbus.sys [2013-10-28 107288]
    S3 FLEXnet Licensing Service 64;FLEXnet Licensing Service 64;C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe [2011-7-7 1038088]
    S3 IEEtwCollectorService;Internet Explorer ETW Collector Service;C:\Windows\System32\ieetwcollector.exe [2014-2-13 111616]
    S3 ssudmdm;SAMSUNG  Mobile USB Modem Drivers (DEVGURU Ver.);C:\Windows\System32\drivers\ssudmdm.sys [2013-10-28 204568]
    S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2010-11-21 59392]
    S3 TsUsbGD;Remote Desktop Generic USB Device;C:\Windows\System32\drivers\TsUsbGD.sys [2010-11-21 31232]
    S3 usbrndis6;USB RNDIS6 Adapter;C:\Windows\System32\drivers\usb80236.sys [2013-3-26 19968]
    S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2011-7-6 1255736]
    .
    =============== Created Last 30 ================
    .
    2014-02-17 01:19:14 -------- d-----w- C:\Windows\pss
    2014-02-17 00:31:58 -------- d-----w- C:\AdwCleaner
    2014-02-16 23:30:41 -------- d-----w- C:\JRT
    2014-02-16 23:03:29 91352 ----a-w- C:\Windows\System32\drivers\mbamchameleon.sys
    2014-02-13 22:48:33 -------- d-----w- C:\Users\Art\AppData\Local\Packages
    2014-02-13 22:48:26 -------- d-----w- C:\ProgramData\SAVerPProo
    2014-02-12 16:01:49 548864 ----a-w- C:\Windows\System32\vbscript.dll
    2014-02-12 16:01:49 454656 ----a-w- C:\Windows\SysWow64\vbscript.dll
    2014-02-12 06:48:16 2048 ----a-w- C:\Windows\SysWow64\msxml3r.dll
    2014-02-12 06:48:16 2048 ----a-w- C:\Windows\System32\msxml3r.dll
    2014-02-12 06:48:16 1882112 ----a-w- C:\Windows\System32\msxml3.dll
    2014-02-12 06:48:16 1237504 ----a-w- C:\Windows\SysWow64\msxml3.dll
    2014-02-12 06:36:28 3928064 ----a-w- C:\Windows\System32\d2d1.dll
    2014-02-12 06:36:28 3419136 ----a-w- C:\Windows\SysWow64\d2d1.dll
    2014-02-12 06:36:28 2565120 ----a-w- C:\Windows\System32\d3d10warp.dll
    2014-02-12 06:36:28 1987584 ----a-w- C:\Windows\SysWow64\d3d10warp.dll
    2014-02-03 02:32:43 -------- d-----w- C:\ProgramData\HtmmlCHEcckeer
    2014-02-03 02:32:41 -------- d-----w- C:\ProgramData\angijblkobfiimfjbllaaalefeapmplj
    .
    ==================== Find3M  ====================
    .
    2014-02-06 11:30:46 2724864 ----a-w- C:\Windows\System32\mshtml.tlb
    2014-02-06 11:30:12 4096 ----a-w- C:\Windows\System32\ieetwcollectorres.dll
    2014-02-06 11:07:39 66048 ----a-w- C:\Windows\System32\iesetup.dll
    2014-02-06 11:06:47 48640 ----a-w- C:\Windows\System32\ieetwproxystub.dll
    2014-02-06 10:49:03 139264 ----a-w- C:\Windows\System32\ieUnatt.exe
    2014-02-06 10:48:45 111616 ----a-w- C:\Windows\System32\ieetwcollector.exe
    2014-02-06 10:48:11 708608 ----a-w- C:\Windows\System32\jscript9diag.dll
    2014-02-06 10:20:26 2724864 ----a-w- C:\Windows\SysWow64\mshtml.tlb
    2014-02-06 10:11:37 5768704 ----a-w- C:\Windows\System32\jscript9.dll
    2014-02-06 10:01:36 61952 ----a-w- C:\Windows\SysWow64\iesetup.dll
    2014-02-06 10:00:46 51200 ----a-w- C:\Windows\SysWow64\ieetwproxystub.dll
    2014-02-06 09:50:32 2041856 ----a-w- C:\Windows\System32\inetcpl.cpl
    2014-02-06 09:47:22 112128 ----a-w- C:\Windows\SysWow64\ieUnatt.exe
    2014-02-06 09:46:27 553472 ----a-w- C:\Windows\SysWow64\jscript9diag.dll
    2014-02-06 09:25:36 4244480 ----a-w- C:\Windows\SysWow64\jscript9.dll
    2014-02-06 09:24:52 2334208 ----a-w- C:\Windows\System32\wininet.dll
    2014-02-06 09:09:30 1964032 ----a-w- C:\Windows\SysWow64\inetcpl.cpl
    2014-02-06 08:41:35 1820160 ----a-w- C:\Windows\SysWow64\wininet.dll
    2014-02-05 02:04:15 71048 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
    2014-02-05 02:04:15 692616 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
    2013-12-18 22:11:05 84720 ----a-w- C:\Windows\System32\drivers\avnetflt.sys
    2013-12-18 22:11:05 108440 ----a-w- C:\Windows\System32\drivers\avgntflt.sys
    2013-12-04 02:27:33 485888 ----a-w- C:\Windows\System32\secproc_isv.dll
    2013-12-04 02:27:33 123392 ----a-w- C:\Windows\System32\secproc_ssp_isv.dll
    2013-12-04 02:27:33 123392 ----a-w- C:\Windows\System32\secproc_ssp.dll
    2013-12-04 02:27:16 488448 ----a-w- C:\Windows\System32\secproc.dll
    2013-12-04 02:26:32 528384 ----a-w- C:\Windows\System32\msdrm.dll
    2013-12-04 02:16:51 658432 ----a-w- C:\Windows\System32\RMActivate_isv.exe
    2013-12-04 02:16:51 626176 ----a-w- C:\Windows\System32\RMActivate.exe
    2013-12-04 02:16:50 552960 ----a-w- C:\Windows\System32\RMActivate_ssp_isv.exe
    2013-12-04 02:16:48 553984 ----a-w- C:\Windows\System32\RMActivate_ssp.exe
    2013-12-04 02:03:20 87040 ----a-w- C:\Windows\SysWow64\secproc_ssp_isv.dll
    2013-12-04 02:03:20 87040 ----a-w- C:\Windows\SysWow64\secproc_ssp.dll
    2013-12-04 02:03:20 423936 ----a-w- C:\Windows\SysWow64\secproc_isv.dll
    2013-12-04 02:03:08 428032 ----a-w- C:\Windows\SysWow64\secproc.dll
    2013-12-04 02:02:06 390144 ----a-w- C:\Windows\SysWow64\msdrm.dll
    2013-12-04 01:54:14 510976 ----a-w- C:\Windows\SysWow64\RMActivate_ssp.exe
    2013-12-04 01:54:10 594944 ----a-w- C:\Windows\SysWow64\RMActivate_isv.exe
    2013-12-04 01:54:09 572416 ----a-w- C:\Windows\SysWow64\RMActivate.exe
    2013-12-04 01:54:06 508928 ----a-w- C:\Windows\SysWow64\RMActivate_ssp_isv.exe
    2013-11-27 01:41:37 343040 ----a-w- C:\Windows\System32\drivers\usbhub.sys
    2013-11-27 01:41:15 99840 ----a-w- C:\Windows\System32\drivers\usbccgp.sys
    2013-11-27 01:41:11 53248 ----a-w- C:\Windows\System32\drivers\usbehci.sys
    2013-11-27 01:41:11 325120 ----a-w- C:\Windows\System32\drivers\usbport.sys
    2013-11-27 01:41:09 25600 ----a-w- C:\Windows\System32\drivers\usbohci.sys
    2013-11-27 01:41:06 30720 ----a-w- C:\Windows\System32\drivers\usbuhci.sys
    2013-11-27 01:41:03 7808 ----a-w- C:\Windows\System32\drivers\usbd.sys
    2013-11-26 11:40:00 376768 ----a-w- C:\Windows\System32\drivers\netio.sys
    2013-11-26 10:32:56 3156480 ----a-w- C:\Windows\System32\win32k.sys
    2013-11-26 00:14:17 28600 ----a-w- C:\Windows\System32\drivers\avkmgr.sys
    2013-11-23 18:26:20 417792 ----a-w- C:\Windows\SysWow64\WMPhoto.dll
    2013-11-23 17:47:34 465920 ----a-w- C:\Windows\System32\WMPhoto.dll
    .
    ============= FINISH: 11:24:02.64 ===============
     
    Attach
     
    DDS (Ver_2012-11-20.01)
    .
    Microsoft Windows 7 Home Premium 
    Boot Device: \Device\HarddiskVolume1
    Install Date: 6/07/2011 2:52:40 PM
    System Uptime: 19/02/2014 2:24:10 PM (21 hours ago)
    .
    Motherboard: PEGATRON CORPORATION |  | NARRA5
    Processor: AMD Athlon 7550 Dual-Core Processor | Socket AM2  | 2500/200mhz
    .
    ==== Disk Partitions =========================
    .
    C: is FIXED (NTFS) - 288 GiB total, 95.56 GiB free.
    D: is FIXED (NTFS) - 10 GiB total, 1.434 GiB free.
    E: is CDROM ()
    G: is CDROM ()
    H: is FIXED (FAT32) - 298 GiB total, 179.774 GiB free.
    I: is Removable
    .
    ==== Disabled Device Manager Items =============
    .
    ==== System Restore Points ===================
    .
    RP250: 15/11/2013 3:00:43 AM - Windows Update
    RP251: 26/11/2013 11:55:36 AM - Scheduled Checkpoint
    RP252: 29/11/2013 7:34:12 AM - Installed Samsung Kies
    RP253: 4/12/2013 3:00:23 AM - Windows Update
    RP254: 12/12/2013 12:00:16 AM - Scheduled Checkpoint
    RP255: 12/12/2013 3:00:28 AM - Windows Update
    RP256: 20/12/2013 12:00:11 AM - Scheduled Checkpoint
    RP257: 22/12/2013 6:26:02 PM - Windows Update
    RP258: 4/01/2014 12:48:48 PM - Scheduled Checkpoint
    RP259: 12/01/2014 12:00:03 AM - Scheduled Checkpoint
    RP260: 16/01/2014 3:00:49 AM - Windows Update
    RP261: 24/01/2014 10:37:03 AM - Scheduled Checkpoint
    RP262: 3/02/2014 10:43:03 AM - Scheduled Checkpoint
    RP263: 11/02/2014 12:00:13 AM - Scheduled Checkpoint
    RP264: 13/02/2014 3:00:15 AM - Windows Update
    RP265: 17/02/2014 9:32:08 AM - 170214
    RP266: 17/02/2014 2:24:48 PM - 170214almostclean
    RP267: 17/02/2014 2:30:55 PM - 170214cleanqnmark
    .
    ==== Installed Programs ======================
    .
     Update for Microsoft Office 2007 (KB2508958)
    64 Bit HP CIO Components Installer
    7-Zip 9.20 (x64 edition)
    Adobe AIR
    Adobe Anchor Service CS4
    Adobe Anchor Service x64 CS4
    Adobe Bridge CS4
    Adobe CMaps CS4
    Adobe CMaps x64 CS4
    Adobe Color - Photoshop Specific CS4
    Adobe Color EU Recommended Settings CS4
    Adobe Color JA Extra Settings CS4
    Adobe Color NA Extra Settings CS4
    Adobe Color Video Profiles CS CS4
    Adobe CSI CS4
    Adobe CSI CS4 x64
    Adobe Default Language CS4
    Adobe Device Central CS4
    Adobe Drive CS4
    Adobe Drive CS4 x64
    Adobe ExtendScript Toolkit CS4
    Adobe Extension Manager CS4
    Adobe Flash Player 12 ActiveX
    Adobe Flash Player 12 Plugin
    Adobe Fonts All
    Adobe Fonts All x64
    Adobe Linguistics CS4
    Adobe Linguistics CS4 x64
    Adobe Media Player
    Adobe Output Module
    Adobe PDF Library Files CS4
    Adobe PDF Library Files x64 CS4
    Adobe Photoshop CS4
    Adobe Photoshop CS4 (64 Bit)
    Adobe Photoshop CS4 Support
    Adobe Reader X (10.1.8)
    Adobe Search for Help
    Adobe Service Manager Extension
    Adobe Setup
    Adobe Shockwave Player 11.6
    Adobe Type Support CS4
    Adobe Type Support x64 CS4
    Adobe Update Manager CS4
    Adobe WinSoft Linguistics Plugin
    Adobe WinSoft Linguistics Plugin x64
    Adobe XMP Panels CS4
    AdobeColorCommonSetCMYK
    AdobeColorCommonSetRGB
    albumworks
    Apple Application Support
    Apple Mobile Device Support
    Apple Software Update
    Auslogics Disk Defrag
    Avira Free Antivirus
    BlackBerry Link
    Bonjour
    CCleaner
    Compatibility Pack for the 2007 Office system
    Connect
    Corel Graphics - Windows Shell Extension
    Corel Graphics - Windows Shell Extension 64 Bit
    CorelDRAW Graphics Suite X5
    CorelDRAW Graphics Suite X5 - BR
    CorelDRAW Graphics Suite X5 - Capture
    CorelDRAW Graphics Suite X5 - Common
    CorelDRAW Graphics Suite X5 - Connect
    CorelDRAW Graphics Suite X5 - Custom Data
    CorelDRAW Graphics Suite X5 - Draw
    CorelDRAW Graphics Suite X5 - EN
    CorelDRAW Graphics Suite X5 - ES
    CorelDRAW Graphics Suite X5 - Extra Content
    CorelDRAW Graphics Suite X5 - Filters
    CorelDRAW Graphics Suite X5 - FontNav
    CorelDRAW Graphics Suite X5 - FR
    CorelDRAW Graphics Suite X5 - IPM
    CorelDRAW Graphics Suite X5 - PHOTO-PAINT
    CorelDRAW Graphics Suite X5 - Photozoom Plugin
    CorelDRAW Graphics Suite X5 - Redist
    CorelDRAW Graphics Suite X5 - Setup Files
    CorelDRAW Graphics Suite X5 - VBA
    CorelDRAW Graphics Suite X5 - VideoBrowser
    CorelDRAW Graphics Suite X5 - VSTA
    CorelDRAW Graphics Suite X5 - WT
    CorelDRAW® Graphics Suite X5
    CutePDF Writer 2.8
    DAEMON Tools Lite
    Driver Pro v3.0
    Dropbox
    ERUNT 1.1j
    FileZilla Client 3.5.0
    FoxTab
    Ghostscript GPL 8.64 (Msi Setup)
    GIMP 2.6.11
    Glary Utilities 2.35.0.1216
    Google Chrome
    Hotfix for Microsoft Visual Studio 2007 Tools for Applications - ENU (KB946040)
    Hotfix for Microsoft Visual Studio 2007 Tools for Applications - ENU (KB946308)
    Hotfix for Microsoft Visual Studio 2007 Tools for Applications - ENU (KB946344)
    Hotfix for Microsoft Visual Studio 2007 Tools for Applications - ENU (KB947540)
    Hotfix for Microsoft Visual Studio 2007 Tools for Applications - ENU (KB947789)
    ImgBurn
    Inkscape 0.48.1 
    iTunes
    Java Auto Updater
    Java 6 Update 26
    K-Lite Codec Pack 7.2.0 (Full)
    kuler
    LibreOffice 3.3
    Malwarebytes Anti-Malware version 1.75.0.1300
    Microsoft .NET Framework 4 Client Profile
    Microsoft .NET Framework 4 Extended
    Microsoft Office 2007 Service Pack 3 (SP3)
    Microsoft Office Access MUI (English) 2007
    Microsoft Office Access Setup Metadata MUI (English) 2007
    Microsoft Office Excel MUI (English) 2007
    Microsoft Office File Validation Add-In
    Microsoft Office Office 64-bit Components 2007
    Microsoft Office Outlook MUI (English) 2007
    Microsoft Office PowerPoint MUI (English) 2007
    Microsoft Office Professional 2007
    Microsoft Office Proof (English) 2007
    Microsoft Office Proof (French) 2007
    Microsoft Office Proof (Spanish) 2007
    Microsoft Office Proofing (English) 2007
    Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
    Microsoft Office Publisher MUI (English) 2007
    Microsoft Office Shared 64-bit MUI (English) 2007
    Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007
    Microsoft Office Shared MUI (English) 2007
    Microsoft Office Shared Setup Metadata MUI (English) 2007
    Microsoft Office Word MUI (English) 2007
    Microsoft Security Essentials
    Microsoft Silverlight
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
    Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219
    Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
    Microsoft Visual Studio Tools for Applications 2.0 - ENU
    Microsoft Visual Studio Tools for Applications 2.0 Runtime
    Mozilla Firefox 27.0.1 (x86 en-US)
    Mozilla Maintenance Service
    MyCalendar
    NVIDIA 3D Vision Driver 311.06
    NVIDIA Control Panel 311.06
    NVIDIA Drivers
    NVIDIA Graphics Driver 311.06
    NVIDIA Install Application
    NVIDIA Stereoscopic 3D Driver
    NVIDIA Update 1.11.3
    NVIDIA Update Components
    Paint.NET v3.5.8
    PDF Settings CS4
    Photoshop Camera Raw
    Photoshop Camera Raw_x64
    Picasa 3
    QuickTime
    Realtek High Definition Audio Driver
    Revo Uninstaller 1.92
    Samsung Kies
    SAMSUNG USB Driver for Mobile Phones
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2729449)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2736428)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2737019)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2742595)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2789642)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2804576)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2835393)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2840628)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2840628v2)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2858302v2)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2898855v2)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2901110v2)
    Security Update for Microsoft .NET Framework 4 Extended (KB2487367)
    Security Update for Microsoft .NET Framework 4 Extended (KB2656351)
    Security Update for Microsoft .NET Framework 4 Extended (KB2736428)
    Security Update for Microsoft .NET Framework 4 Extended (KB2742595)
    Security Update for Microsoft .NET Framework 4 Extended (KB2858302v2)
    Security Update for Microsoft .NET Framework 4 Extended (KB2901110v2)
    Security Update for Microsoft Office 2007 suites (KB2596744) 32-Bit Edition 
    Security Update for Microsoft Office 2007 suites (KB2596754) 32-Bit Edition 
    Security Update for Microsoft Office 2007 suites (KB2596792) 32-Bit Edition
    Security Update for Microsoft Office 2007 suites (KB2596825) 32-Bit Edition 
    Security Update for Microsoft Office 2007 suites (KB2596871) 32-Bit Edition
    Security Update for Microsoft Office 2007 suites (KB2597969) 32-Bit Edition
    Security Update for Microsoft Office 2007 suites (KB2597973) 32-Bit Edition 
    Security Update for Microsoft Office 2007 suites (KB2760411) 32-Bit Edition 
    Security Update for Microsoft Office 2007 suites (KB2760415) 32-Bit Edition 
    Security Update for Microsoft Office 2007 suites (KB2760585) 32-Bit Edition 
    Security Update for Microsoft Office 2007 suites (KB2760591) 32-Bit Edition 
    Security Update for Microsoft Office 2007 suites (KB2817641) 32-Bit Edition 
    Security Update for Microsoft Office 2007 suites (KB2827326) 32-Bit Edition 
    Security Update for Microsoft Office 2007 suites (KB2837615) 32-Bit Edition 
    Security Update for Microsoft Office 2007 suites (KB2850022) 32-Bit Edition 
    Security Update for Microsoft Office Excel 2007 (KB2827324) 32-Bit Edition 
    Security Update for Microsoft Office InfoPath 2007 (KB2687440) 32-Bit Edition 
    Security Update for Microsoft Office Outlook 2007 (KB2825644) 32-Bit Edition 
    Security Update for Microsoft Office PowerPoint 2007 (KB2596764) 32-Bit Edition
    Security Update for Microsoft Office PowerPoint 2007 (KB2596912) 32-Bit Edition
    Security Update for Microsoft Office Publisher 2007 (KB2597971) 32-Bit Edition 
    Security Update for Microsoft Office Word 2007 (KB2837617) 32-Bit Edition 
    Snap.Do
    Speccy
    Suite Shared Configuration CS4
    SUPERAntiSpyware
    TeamViewer 6
    TP-LINK TL-WN851ND Driver
    TP-LINK Wireless Configuration Utility
    Update for 2007 Microsoft Office System (KB967642)
    Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
    Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
    Update for Microsoft .NET Framework 4 Client Profile (KB2600217)
    Update for Microsoft .NET Framework 4 Client Profile (KB2836939)
    Update for Microsoft .NET Framework 4 Client Profile (KB2836939v3)
    Update for Microsoft .NET Framework 4 Extended (KB2468871)
    Update for Microsoft .NET Framework 4 Extended (KB2533523)
    Update for Microsoft .NET Framework 4 Extended (KB2600217)
    Update for Microsoft .NET Framework 4 Extended (KB2836939)
    Update for Microsoft .NET Framework 4 Extended (KB2836939v3)
    Update for Microsoft Office 2007 Help for Common Features (KB963673)
    Update for Microsoft Office 2007 suites (KB2596620) 32-Bit Edition
    Update for Microsoft Office 2007 suites (KB2687493) 32-Bit Edition
    Update for Microsoft Office 2007 suites (KB2767849) 32-Bit Edition
    Update for Microsoft Office 2007 suites (KB2767916) 32-Bit Edition
    Update for Microsoft Office Access 2007 Help (KB963663)
    Update for Microsoft Office Excel 2007 Help (KB963678)
    Update for Microsoft Office Outlook 2007 (KB2687404) 32-Bit Edition
    Update for Microsoft Office Outlook 2007 Help (KB963677)
    Update for Microsoft Office Outlook 2007 Junk Email Filter (KB2850085) 32-Bit Edition
    Update for Microsoft Office Powerpoint 2007 Help (KB963669)
    Update for Microsoft Office Publisher 2007 Help (KB963667)
    Update for Microsoft Office Script Editor Help (KB963671)
    Update for Microsoft Office Word 2007 Help (KB963665)
    Visual Basic for Applications ® Core
    Visual Basic for Applications ® Core - English
    Visual Studio 2010 x64 Redistributables
    VLC media player 1.1.10
    .
    ==== Event Viewer Messages From Past Week ========
    .
    19/02/2014 2:27:09 PM, Error: Service Control Manager [7038]  - The nvUpdatusService service was unable to log on as .\UpdatusUser with the currently configured password due to the following error:  Logon failure: the specified account password has expired. To ensure that the service is configured properly, use the Services snap-in in Microsoft Management Console (MMC).
    19/02/2014 2:27:09 PM, Error: Service Control Manager [7000]  - The NVIDIA Update Service Daemon service failed to start due to the following error:  The service did not start due to a logon failure.
    19/02/2014 2:24:39 PM, Error: Service Control Manager [7000]  - The vToolbarUpdater15.1.0 service failed to start due to the following error:  The system cannot find the file specified.
    18/02/2014 4:29:21 PM, Error: Service Control Manager [7009]  - A timeout was reached (30000 milliseconds) while waiting for the Apple Mobile Device service to connect.
    18/02/2014 4:29:21 PM, Error: Service Control Manager [7000]  - The Apple Mobile Device service failed to start due to the following error:  The service did not respond to the start or control request in a timely fashion.
    .
    ==== End Of File ===========================
     
  13.  Results of screen317's Security Check version 0.99.76  
     Windows 7 Service Pack 1 x86 (UAC is enabled)  
     Internet Explorer 10  
    ``````````````Antivirus/Firewall Check:``````````````
     Windows Firewall Enabled!  
    Avira Desktop   
     Antivirus up to date!  (On Access scanning disabled!)
    `````````Anti-malware/Other Utilities Check:`````````
     SUPERAntiSpyware     
     Malwarebytes Anti-Malware version 1.75.0.1300  
     CCleaner     
     Adobe Flash Player     11.9.900.117  
     Mozilla Firefox (25.0)
     Google Chrome 30.0.1599.101  
     Google Chrome 30.0.1599.69  
    ````````Process Check: objlist.exe by Laurent````````  
     Avira Antivir avgnt.exe
     Avira Antivir avguard.exe
     Symantec Norton Online Backup NOBuAgent.exe  
    `````````````````System Health check`````````````````
     Total Fragmentation on Drive C: 0%
    ````````````````````End of Log``````````````````````
     

  14. And nothing detected with MBAM

     

    Malwarebytes Anti-Malware 1.75.0.1300
    www.malwarebytes.org

    Database version: v2013.11.06.03

    Windows 7 Service Pack 1 x86 NTFS
    Internet Explorer 10.0.9200.16686
    CLEAN-LAPTOP :: CLEAN-LAPTOP-HP [administrator]

    6/11/2013 8:29:35 PM
    mbam-log-2013-11-06 (20-29-35).txt

    Scan type: Quick scan
    Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
    Scan options disabled: P2P
    Objects scanned: 206957
    Time elapsed: 15 minute(s), 24 second(s)

    Memory Processes Detected: 0
    (No malicious items detected)

    Memory Modules Detected: 0
    (No malicious items detected)

    Registry Keys Detected: 0
    (No malicious items detected)

    Registry Values Detected: 0
    (No malicious items detected)

    Registry Data Items Detected: 0
    (No malicious items detected)

    Folders Detected: 0

Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.