Jump to content

I've Been Infected What Do I Do Now?


tr9999
 Share

Recommended Posts

I have been infected and Malwarebytes Premium will not open. Here are my logs:

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 06-10-2014 01
Ran by owner (administrator) on OWNER-PC on 08-10-2014 12:18:33
Running from C:\Users\owner\Downloads
Loaded Profile: owner (Available profiles: owner)
Platform: Microsoft Windows 7 Home Premium  Service Pack 1 (X86) OS Language: English (United States)
Internet Explorer Version 10
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(AMD) C:\Windows\System32\atiesrxx.exe
(AMD) C:\Windows\System32\atieclxx.exe
(ArcSoft Inc.) C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
(Acronis) C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe
(Acronis) C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe
(Acronis) C:\Program Files\Common Files\Acronis\CDP\afcdpsrv.exe
(Starfield Technologies) C:\Program Files\Workspace\offSyncService.exe
(Garmin Ltd or its subsidiaries) C:\Program Files\Garmin\Core Update Service\Garmin.Cartography.MapUpdate.CoreService.exe
(Microsoft Corporation) C:\Program Files\Microsoft Application Virtualization Client\sftvsa.exe
(Authentium, Inc) C:\Program Files\Common Files\Authentium\AntiVirus5\vsedsps.exe
(Microsoft Corp.) C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE
(Microsoft Corporation) C:\Program Files\Microsoft Application Virtualization Client\sftlist.exe
(Microsoft Corp.) C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE
(Authentium, Inc) C:\Program Files\Common Files\Authentium\AntiVirus5\vseamps.exe
(Authentium, Inc) C:\Program Files\Common Files\Authentium\AntiVirus5\vseqrts.exe
(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\NisSrv.exe
(Synaptics, Inc.) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(ArcSoft Inc.) C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
() C:\Program Files\HTC\ModeSelection\VMMModeSelection.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(Acronis) C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe
(Synaptics, Inc.) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Acronis International GmbH) C:\Program Files\Common Files\Acronis\TibMounter\TibMounterMonitor.exe
(Oracle Corporation) C:\Program Files\Common Files\Java\Java Update\jusched.exe
(Spotify Ltd) C:\Users\owner\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe
(Garmin Ltd or its subsidiaries) C:\Program Files\Garmin\Express Tray\ExpressTray.exe
(Starfield Technologies) C:\Users\owner\AppData\Local\Workspace\workspaceupdate.exe
(Google) C:\Program Files\Google\Drive\googledrivesync.exe
(Hewlett-Packard Co.) C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
(Dropbox, Inc.) C:\Users\owner\AppData\Roaming\Dropbox\bin\Dropbox.exe
(Hewlett-Packard Co.) C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe
(Hewlett-Packard Co.) C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe
(Hewlett-Packard) C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe
(Google) C:\Program Files\Google\Drive\googledrivesync.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Acronis) C:\Program Files\Common Files\Acronis\SyncAgent\syncagentsrv.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\plugin-container.exe
(Adobe Systems, Inc.) C:\Windows\System32\Macromed\Flash\FlashPlayerPlugin_15_0_0_152.exe
(Adobe Systems, Inc.) C:\Windows\System32\Macromed\Flash\FlashPlayerPlugin_15_0_0_152.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [synTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [1348904 2008-08-14] (Synaptics, Inc.)
HKLM\...\Run: [ArcSoft Connection Service] => C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe [207424 2010-10-27] (ArcSoft Inc.)
HKLM\...\Run: [Logitech Download Assistant] => C:\Windows\system32\rundll32.exe C:\Windows\System32\LogiLDA.dll,LogiFetch
HKLM\...\Run: [VMM Mode Selection] => C:\Program Files\HTC\ModeSelection\VMMModeSelection.exe [43520 2011-02-14] ()
HKLM\...\Run: [MSC] => C:\Program Files\Microsoft Security Client\msseces.exe [974432 2014-08-22] (Microsoft Corporation)
HKLM\...\Run: [Adobe ARM] => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959176 2014-08-21] (Adobe Systems Incorporated)
HKLM\...\Run: [QuickTime Task] => C:\Program Files\QuickTime\QTTask.exe [421888 2013-05-01] (Apple Inc.)
HKLM\...\Run: [TrueImageMonitor.exe] => C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe [7805936 2014-02-04] (Acronis)
HKLM\...\Run: [AcronisTibMounterMonitor] => C:\Program Files\Common Files\Acronis\TibMounter\TibMounterMonitor.exe [1102192 2013-10-10] (Acronis International GmbH)
HKLM\...\Run: [Acronis Scheduler2 Service] => C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe [379672 2013-07-18] (Acronis)
HKLM\...\Run: [sunJavaUpdateSched] => C:\Program Files\Common Files\Java\Java Update\jusched.exe [256896 2014-07-25] (Oracle Corporation)
HKLM\...\RunOnce: [AvgUninstallURL] => cmd.exe /c start http://www.avg.com/ww.special-uninstallation-feedback-appf?lic=NFVZOVgtTlNWVkwtTzRCWlEtUUlNQ0wtUVREQ0gtNElKTUg"&"inst=NzctNTkxNDcwOTE3LVhPMTArMTItRjEwTTEwRCsxLUxJQysyMi1TUDErMS1TVUQrM (the data entry has 107 more characters).
HKU\S-1-5-19\...\Run: [sidebar] => %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun
HKU\S-1-5-20\...\Run: [sidebar] => %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun
HKU\S-1-5-21-3933923020-1945999727-4106239382-1000\...\Run: [HLBackupScheduler] => C:\Program Files\Verizon V CAST Media Manager\V CAST Backup Scheduler.exe
HKU\S-1-5-21-3933923020-1945999727-4106239382-1000\...\Run: [Google Update] => C:\Users\owner\AppData\Local\Google\Update\GoogleUpdate.exe [116648 2012-05-10] (Google Inc.)
HKU\S-1-5-21-3933923020-1945999727-4106239382-1000\...\Run: [spotify Web Helper] => C:\Users\owner\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe [1514040 2014-10-06] (Spotify Ltd)
HKU\S-1-5-21-3933923020-1945999727-4106239382-1000\...\Run: [GarminExpressTrayApp] => C:\Program Files\Garmin\Express Tray\ExpressTray.exe [688984 2014-08-07] (Garmin Ltd or its subsidiaries)
HKU\S-1-5-21-3933923020-1945999727-4106239382-1000\...\Run: [starfield Updater] => C:\Users\owner\AppData\Local\Workspace\workspaceupdate.exe [35008 2013-12-30] (Starfield Technologies)
HKU\S-1-5-21-3933923020-1945999727-4106239382-1000\...\Run: [GoogleDriveSync] => C:\Program Files\Google\Drive\googledrivesync.exe [22734160 2014-08-08] (Google)
HKU\S-1-5-21-3933923020-1945999727-4106239382-1000\...\MountPoints2: {1144e4be-5569-11e1-a0ff-00266c5fa966} - E:\TL-Bootstrap.exe
HKU\S-1-5-21-3933923020-1945999727-4106239382-1000\...\MountPoints2: {1144e4c8-5569-11e1-a0ff-00266c5fa966} - E:\TL-Bootstrap.exe
HKU\S-1-5-21-3933923020-1945999727-4106239382-1000\...\MountPoints2: {2214445d-9774-11e3-8a8b-00266c5fa966} - E:\VerizonSWUpgradeAssistantLauncher.exe
HKU\S-1-5-21-3933923020-1945999727-4106239382-1000\...\MountPoints2: {4b6b0ffc-4741-11e3-8d88-00266c5fa966} - E:\TL-Bootstrap.exe
HKU\S-1-5-21-3933923020-1945999727-4106239382-1000\...\MountPoints2: {b78b358a-01cb-11e1-a8ae-00266c5fa966} - E:\TL-Bootstrap.exe
HKU\S-1-5-21-3933923020-1945999727-4106239382-1000\...\MountPoints2: {c909aa32-0d08-11e3-aa12-00266c5fa966} - E:\TL-Bootstrap.exe
HKU\S-1-5-21-3933923020-1945999727-4106239382-1000\...\MountPoints2: {cc10b542-c83e-11e1-8470-00266c5fa966} - E:\TL_Bootstrap.exe
HKU\S-1-5-21-3933923020-1945999727-4106239382-1000\...\MountPoints2: {d13edb53-cf6e-11e3-9657-00266c5fa966} - E:\VerizonSWUpgradeAssistantLauncher.exe
HKU\S-1-5-18\...\Run: [GarminExpressTrayApp] => C:\Program Files\Garmin\Express Tray\ExpressTray.exe [688984 2014-08-07] (Garmin Ltd or its subsidiaries)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
ShortcutTarget: HP Digital Imaging Monitor.lnk -> C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe (Hewlett-Packard Co.)
Startup: C:\Users\owner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk -> C:\Users\owner\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
Startup: C:\Users\owner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Facebook Messenger.lnk
ShortcutTarget: Facebook Messenger.lnk -> C:\Users\owner\AppData\Local\Facebook\Messenger\2.1.4814.0\FacebookMessenger.exe (No File)
ShellIconOverlayIdentifiers: [AcronisSyncError] -> {934BC6C0-FEC2-4df5-A100-961DE2C8A0ED} => C:\Program Files\Acronis\TrueImageHome\tishell.dll ()
ShellIconOverlayIdentifiers: [AcronisSyncInProgress] -> {00F848DC-B1D4-4892-9C25-CAADC86A215D} => C:\Program Files\Acronis\TrueImageHome\tishell.dll ()
ShellIconOverlayIdentifiers: [AcronisSyncOk] -> {71573297-552E-46fc-BE3D-3DFAF88D47B7} => C:\Program Files\Acronis\TrueImageHome\tishell.dll ()
ShellIconOverlayIdentifiers: [GDriveBlacklistedOverlay] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42} => C:\Program Files\Google\Drive\googledrivesync32.dll (Google)
ShellIconOverlayIdentifiers: [GDriveSharedEditOverlay] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44} => C:\Program Files\Google\Drive\googledrivesync32.dll (Google)
ShellIconOverlayIdentifiers: [GDriveSharedViewOverlay] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D43} => C:\Program Files\Google\Drive\googledrivesync32.dll (Google)
ShellIconOverlayIdentifiers: [GDriveSyncedOverlay] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40} => C:\Program Files\Google\Drive\googledrivesync32.dll (Google)
ShellIconOverlayIdentifiers: [GDriveSyncingOverlay] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41} => C:\Program Files\Google\Drive\googledrivesync32.dll (Google)
ShellIconOverlayIdentifiers: [off0] -> {8E33AEC3-C5F2-43C4-B048-9E3EB19B1DD5} => C:\Program Files\Workspace\offsyncext.dll (Starfield Technologies, LLC)
ShellIconOverlayIdentifiers: [off1] -> {8E33AEC4-C5F2-43C4-B048-9E3EB19B1DD5} => C:\Program Files\Workspace\offsyncext.dll (Starfield Technologies, LLC)
BootExecute: autocheck autochk * auto_reactivate \\?\Volume{c1429cf4-120a-11e0-b3bc-806e6f6e6963}\bootwiz\asrm.bin

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0xC4A4C29805A6CB01
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Restore = http://www.search.yahoo.com/?fr=w3i&type=W3i_SP,204,0_0,StartPage,20101253,16898,0,8,0
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com/ie
SearchScopes: HKLM - DefaultScope {C3F61520-7990-453B-A130-6F4749F4197D} URL =
SearchScopes: HKCU - {25971FE5-3A59-4C96-883A-6F2EE86DAB13} URL = http://start.sweetpacks.com/?src=6&q={searchTerms}&st=12&crg=3.5000006.10045&barid={41DDC218-BF50-11E2-84EA-00266C5FA966}
SearchScopes: HKCU - {3FB046AB-CE41-42DE-BB85-8CB39765E3EB} URL = http://websearch.ask.com/redirect?client=ie&tb=DIC3V5&o=13736&src=kw&q={searchTerms}&locale=&apn_ptnrs=D6&apn_dtid=YYYYYYYYUS&apn_uid=D0338D1B-6F0F-4D44-8294-3992DA021F24&apn_sauid=E72F5672-C3D0-4BC7-BF09-635F32706D6E&
SearchScopes: HKCU - {510CD752-1C06-4217-9FB6-422B8DC37DCC} URL = http://search.avg.com/route/?d=4d191d03&v=6.103.18.1&i=23&tp=chrome&q={searchTerms}&lng={language}&iy=&ychte=us
SearchScopes: HKCU - {C3F61520-7990-453B-A130-6F4749F4197D} URL = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT3306061&CUI=UN30605478682377711&UM=2
SearchScopes: HKCU - {D084F586-91EB-45AA-9BA6-BCCD0845FD19} URL = http://search.yahoo.com/search?p={searchterms}&ei=UTF-8&fr=w3i&type=W3i_DS,136,0_0,Search,20101253,6901,0,8,0
BHO: HP Print Enhancer -> {0347C33E-8762-4905-BF09-768834316C61} -> C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll (Hewlett-Packard Co.)
BHO: Java Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Java Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO: HP Smart BHO Class -> {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} -> C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll (Hewlett-Packard Co.)
Toolbar: HKLM - No Name - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} -  No File
Toolbar: HKCU - No Name - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} -  No File
Toolbar: HKCU - No Name - {EEE6C35B-6118-11DC-9C72-001320C79847} -  No File
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1 66.18.32.3

FireFox:
========
FF ProfilePath: C:\Users\owner\AppData\Roaming\Mozilla\Firefox\Profiles\evx4oxp0.default-1359051315835
FF Homepage: https://www.google.com/
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF32_15_0_0_152.dll ()
FF Plugin: @adobe.com/ShockwavePlayer -> C:\Windows\system32\Adobe\Director\np32dsw_1205146.dll (Adobe Systems, Inc.)
FF Plugin: @garmin.com/GpsControl -> C:\Program Files\Garmin GPS Plugin\npGarmin.dll (GARMIN Corp.)
FF Plugin: @Google.com/GoogleEarthPlugin -> C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin: @java.com/DTPlugin,version=10.67.2 -> C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.67.2 -> C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~1\MICROS~3\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin: @microsoft.com/WLPG,version=16.4.3522.0110 -> C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin: @real.com/nprjplug;version=15.0.5.109 -> c:\program files\real\realplayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
FF Plugin: @real.com/nprpchromebrowserrecordext;version=15.0.5.109 -> C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.)
FF Plugin: @real.com/nprphtml5videoshim;version=15.0.5.109 -> C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: @citrixonline.com/appdetectorplugin -> C:\Users\owner\AppData\Local\Citrix\Plugins\104\npappdetector.dll (Citrix Online)
FF Plugin HKCU: @starfield.com/off -> C:\Users\owner\AppData\Roaming\Mozilla\Plugins\npoff.dll ( Starfield Technologies, LLC.)
FF Plugin HKCU: @starfield.com/wbe -> C:\Users\owner\AppData\Roaming\Mozilla\Plugins\npwbe.dll (Starfield Technology, LLC)
FF Plugin HKCU: @talk.google.com/GoogleTalkPlugin -> C:\Users\owner\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll (Google)
FF Plugin HKCU: @talk.google.com/O1DPlugin -> C:\Users\owner\AppData\Roaming\Mozilla\plugins\npo1d.dll (Google)
FF Plugin HKCU: @tools.google.com/Google Update;version=3 -> C:\Users\owner\AppData\Local\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKCU: @tools.google.com/Google Update;version=9 -> C:\Users\owner\AppData\Local\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF user.js: detected! => C:\Users\owner\AppData\Roaming\Mozilla\Firefox\Profiles\evx4oxp0.default-1359051315835\user.js
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\NPOFF12.DLL (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin2.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin3.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin4.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin5.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nprjplug.dll (RealNetworks, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Users\owner\AppData\Roaming\mozilla\plugins\npgoogletalk.dll (Google)
FF Plugin ProgramFiles/Appdata: C:\Users\owner\AppData\Roaming\mozilla\plugins\npo1d.dll (Google)
FF Plugin ProgramFiles/Appdata: C:\Users\owner\AppData\Roaming\mozilla\plugins\npoff.dll ( Starfield Technologies, LLC.)
FF Plugin ProgramFiles/Appdata: C:\Users\owner\AppData\Roaming\mozilla\plugins\npwbe.dll (Starfield Technology, LLC)
FF Extension: WBE Paste - C:\Users\owner\AppData\Roaming\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}\wbepaste@starfield [2013-12-30]
FF Extension: Garmin Communicator - C:\Users\owner\AppData\Roaming\Mozilla\Firefox\Profiles\evx4oxp0.default-1359051315835\Extensions\{195A3098-0BD5-4e90-AE22-BA1C540AFD1E} [2014-03-16]
FF Extension: Pin It button - C:\Users\owner\AppData\Roaming\Mozilla\Firefox\Profiles\evx4oxp0.default-1359051315835\Extensions\pinterest@robertnyman.com.xpi [2013-11-06]
FF HKLM\...\Firefox\Extensions: [{C3949AC2-4B17-43ee-B4F1-D26B9D42404D}] - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext
FF Extension: RealPlayer Browser Record Plugin - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2012-07-11]
FF HKLM\...\Firefox\Extensions: [{ABDE892B-13A8-4d1b-88E6-365A6E755758}] - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext
FF HKLM\...\Firefox\Extensions: [smartwebprinting@hp.com] - C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
FF Extension: HP Smart Web Printing - C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2013-12-28]
FF HKCU\...\Firefox\Extensions: [smartwebprinting@hp.com] - C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3

Chrome:
=======
CHR HKLM\...\Chrome\Extension: [jfmjfhklogoienhpfnppmbcbjfjnkonk] - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Chrome\Ext\rphtml5video.crx [2012-07-11]

========================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 ACDaemon; C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe [113152 2010-03-18] (ArcSoft Inc.)
R2 AcrSch2Svc; C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe [777016 2013-07-18] (Acronis)
R2 afcdpsrv; C:\Program Files\Common Files\Acronis\CDP\afcdpsrv.exe [3873784 2014-02-18] (Acronis)
R2 File Backup; C:\Program Files\Workspace\offSyncService.exe [1187040 2013-07-22] (Starfield Technologies)
R2 Garmin Core Update Service; C:\Program Files\Garmin\Core Update Service\Garmin.Cartography.MapUpdate.CoreService.exe [438616 2014-08-07] (Garmin Ltd or its subsidiaries)
S2 MBAMScheduler; C:\Program Files\Malwarebytes Anti-Malware\mbamscheduler.exe [1809720 2014-05-12] (Malwarebytes Corporation)
S2 MBAMService; C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe [860472 2014-05-12] (Malwarebytes Corporation)
R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [22192 2014-08-22] (Microsoft Corporation)
R2 Net Driver HPZ12; C:\Windows\system32\HPZinw12.dll [44032 2010-08-06] (Hewlett-Packard) [File not signed]
R3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [288120 2014-08-22] (Microsoft Corporation)
R2 Pml Driver HPZ12; C:\Windows\system32\HPZipm12.dll [53760 2010-08-06] (Hewlett-Packard) [File not signed]
R2 syncagentsrv; C:\Program Files\Common Files\Acronis\SyncAgent\syncagentsrv.exe [7142320 2014-02-04] (Acronis)
R2 vseamps; C:\Program Files\Common Files\Authentium\AntiVirus5\vseamps.exe [117288 2010-04-08] (Authentium, Inc)
R2 vsedsps; C:\Program Files\Common Files\Authentium\AntiVirus5\vsedsps.exe [117288 2010-04-08] (Authentium, Inc)
R2 vseqrts; C:\Program Files\Common Files\Authentium\AntiVirus5\vseqrts.exe [154152 2010-04-08] (Authentium, Inc)
S2 GoToMyPC; "C:\Program Files\Citrix\GoToMyPC\g2svc.exe" Start=service [X]

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R3 Afc; C:\Windows\System32\drivers\Afc.sys [18688 2006-11-10] (Arcsoft, Inc.)
S3 BVRPMPR5; C:\Windows\system32\drivers\BVRPMPR5.SYS [49904 2010-06-21] (Avanquest Software) [File not signed]
R1 mbamchameleon; C:\Windows\system32\drivers\mbamchameleon.sys [74456 2014-05-12] (Malwarebytes Corporation)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [23256 2014-05-12] (Malwarebytes Corporation)
S3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [110296 2014-10-01] (Malwarebytes Corporation)
S3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [51928 2014-05-12] (Malwarebytes Corporation)
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [231800 2014-07-17] (Microsoft Corporation)
R1 MpKsl5a466eb8; C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{FFC058EB-23DC-4AC9-A26D-6223F8A6A063}\MpKsl5a466eb8.sys [39464 2014-10-07] (Microsoft Corporation)
R1 MpKsledc1fa3f; C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{FFC058EB-23DC-4AC9-A26D-6223F8A6A063}\MpKsledc1fa3f.sys [39464 2014-10-08] (Microsoft Corporation)
S3 PcaSp60; C:\Windows\System32\DRIVERS\PcaSp60.sys [28672 2010-09-07] (Printing Communications Assoc., Inc. (PCAUSA))
S3 SWDUMon; C:\Windows\System32\DRIVERS\SWDUMon.sys [13024 2013-05-17] ()
S3 tdrpman; C:\Windows\System32\DRIVERS\tdrpman.sys [889888 2014-02-18] (Acronis International GmbH)
R0 tib; C:\Windows\System32\DRIVERS\tib.sys [736192 2013-12-08] (Acronis International GmbH)
R0 tib_mounter; C:\Windows\System32\DRIVERS\tib_mounter.sys [143648 2013-12-08] (Acronis International GmbH)
S3 USBAAPL; C:\Windows\System32\Drivers\usbaapl.sys [43520 2012-02-15] (Apple, Inc.) [File not signed]
R0 vididr; C:\Windows\System32\DRIVERS\vididr.sys [116000 2013-12-08] (Acronis International GmbH)
R0 vidsflt; C:\Windows\System32\DRIVERS\vidsflt.sys [85280 2013-12-08] (Acronis International GmbH)
S3 lmimirr; system32\DRIVERS\lmimirr.sys [X]

==================== NetSvcs (Whitelisted) ===================


(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-10-08 12:19 - 2014-10-08 12:19 - 00001094 _____ () C:\Users\owner\Desktop\FRST.exe - Shortcut.lnk
2014-10-08 12:18 - 2014-10-08 12:19 - 00024060 _____ () C:\Users\owner\Downloads\FRST.txt
2014-10-08 12:18 - 2014-10-08 12:18 - 00000000 ____D () C:\FRST
2014-10-08 12:17 - 2014-10-08 12:17 - 01101312 _____ (Farbar) C:\Users\owner\Downloads\FRST.exe
2014-10-05 09:52 - 2014-10-05 09:52 - 00000253 _____ () C:\Users\owner\Desktop\Art history basics Khan Academy.URL
2014-10-01 09:23 - 2014-09-24 21:40 - 00519680 _____ (Microsoft Corporation) C:\Windows\system32\qdvd.dll
2014-09-29 15:53 - 2014-09-29 15:53 - 00005177 _____ () C:\Users\owner\Desktop\ArtConnectionSpread - Sheet1-MARKED.csv
2014-09-23 13:57 - 2014-09-09 17:47 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
2014-09-11 00:33 - 2014-08-16 23:57 - 14369280 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-09-11 00:33 - 2014-08-16 23:57 - 13757440 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-09-11 00:33 - 2014-08-16 23:57 - 02861568 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-09-11 00:33 - 2014-08-16 23:57 - 02055168 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-09-11 00:33 - 2014-08-16 23:57 - 01766400 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-09-11 00:33 - 2014-08-16 23:57 - 01440768 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-09-11 00:33 - 2014-08-16 23:57 - 01180672 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-09-11 00:33 - 2014-08-16 23:57 - 00690688 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2014-09-11 00:33 - 2014-08-16 23:57 - 00493056 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-09-11 00:33 - 2014-08-16 23:57 - 00391168 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-09-11 00:33 - 2014-08-16 23:57 - 00357888 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-09-11 00:33 - 2014-08-16 23:57 - 00226816 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2014-09-11 00:33 - 2014-08-16 23:57 - 00226816 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-09-11 00:33 - 2014-08-16 23:57 - 00163840 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-09-11 00:33 - 2014-08-16 23:57 - 00109056 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll
2014-09-11 00:33 - 2014-08-16 23:57 - 00080384 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-09-11 00:33 - 2014-08-16 23:57 - 00061440 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-09-11 00:33 - 2014-08-16 23:57 - 00042496 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-09-11 00:33 - 2014-08-16 23:57 - 00039424 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-09-11 00:33 - 2014-08-16 23:57 - 00033280 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-09-11 00:33 - 2014-08-16 02:43 - 02706432 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-09-11 00:33 - 2014-08-16 01:53 - 00071680 _____ (Microsoft Corporation) C:\Windows\system32\RegisterIEPKEYs.exe
2014-09-11 00:32 - 2014-06-26 21:45 - 02285056 _____ (Microsoft Corporation) C:\Windows\system32\msmpeg2vdec.dll
2014-09-10 06:55 - 2014-07-06 21:40 - 01059840 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2014-09-10 06:55 - 2014-07-06 21:40 - 00550912 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2014-09-10 06:54 - 2014-09-04 21:52 - 00445952 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-09-10 06:54 - 2014-09-04 21:47 - 00302592 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2014-09-10 06:54 - 2014-08-01 07:35 - 00793600 _____ (Microsoft Corporation) C:\Windows\system32\TSWorkspace.dll
2014-09-10 06:54 - 2014-06-23 22:59 - 01987584 _____ (Microsoft Corporation) C:\Windows\system32\d3d10warp.dll

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-10-08 12:17 - 2011-03-10 15:25 - 00000884 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-10-08 12:04 - 2012-05-04 07:41 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-10-08 11:56 - 2009-07-14 00:34 - 00022656 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-10-08 11:56 - 2009-07-14 00:34 - 00022656 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-10-08 11:54 - 2012-07-14 11:13 - 00000000 ____D () C:\Users\owner\AppData\Local\CrashDumps
2014-10-08 11:54 - 2010-12-27 15:54 - 01967201 _____ () C:\Windows\WindowsUpdate.log
2014-10-08 11:51 - 2014-06-02 09:25 - 00000000 ___RD () C:\Users\owner\Sync
2014-10-08 11:50 - 2013-10-09 22:55 - 00000000 ___RD () C:\Users\owner\Dropbox
2014-10-08 11:50 - 2013-10-09 22:50 - 00000000 ____D () C:\Users\owner\AppData\Roaming\Dropbox
2014-10-08 11:50 - 2012-10-30 17:35 - 00000000 ___RD () C:\Users\owner\Google Drive
2014-10-08 11:48 - 2011-03-10 15:25 - 00000880 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-10-08 11:48 - 2009-07-14 00:53 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-10-08 11:47 - 2011-09-24 12:38 - 00093823 _____ () C:\Windows\setupact.log
2014-10-08 11:45 - 2014-07-02 17:12 - 00000000 ____D () C:\Users\owner\Desktop\Art Connection
2014-10-08 11:45 - 2011-01-05 12:22 - 00000000 ____D () C:\Users\owner\AppData\Roaming\SoftGrid Client
2014-10-08 11:25 - 2012-05-10 22:16 - 00000908 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3933923020-1945999727-4106239382-1000UA.job
2014-10-07 12:25 - 2012-05-10 22:16 - 00000856 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3933923020-1945999727-4106239382-1000Core.job
2014-10-07 10:11 - 2014-03-01 11:18 - 00000000 ____D () C:\Users\owner\Desktop\FLAG
2014-10-06 18:41 - 2013-09-13 14:41 - 00000000 ____D () C:\Users\owner\AppData\Local\Spotify
2014-10-06 18:41 - 2013-09-13 14:40 - 00000000 ____D () C:\Users\owner\AppData\Roaming\Spotify
2014-10-06 08:00 - 2010-12-27 19:19 - 00110072 _____ () C:\Users\owner\AppData\Local\GDIPFONTCACHEV1.DAT
2014-10-05 14:11 - 2013-08-24 18:18 - 00007608 _____ () C:\Users\owner\AppData\Local\Resmon.ResmonCfg
2014-10-01 14:22 - 2014-05-16 10:13 - 00110296 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-09-26 14:36 - 2014-06-02 13:51 - 00000000 ____D () C:\Users\owner\AppData\Local\Adobe
2014-09-26 14:36 - 2012-05-04 07:41 - 00701104 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe
2014-09-26 14:36 - 2011-06-26 18:05 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl
2014-09-26 09:29 - 2010-12-27 18:52 - 00783400 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-09-26 09:28 - 2012-11-03 19:54 - 00002441 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk
2014-09-25 09:47 - 2009-07-13 22:37 - 00000000 ____D () C:\Windows\rescache
2014-09-25 07:45 - 2014-06-18 12:01 - 00000000 ____D () C:\Program Files\Mozilla Firefox
2014-09-22 02:41 - 2010-12-27 16:11 - 00231568 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe
2014-09-19 13:28 - 2013-03-04 12:25 - 00000000 ____D () C:\Users\owner\Desktop\Lindstrom Metal Arts
2014-09-18 07:19 - 2011-01-02 17:00 - 00000000 ____D () C:\Users\owner\Desktop\Desk Top Docs and Photos
2014-09-18 06:54 - 2013-10-09 22:55 - 00001017 _____ () C:\Users\owner\Desktop\Dropbox.lnk
2014-09-18 06:54 - 2013-10-09 22:51 - 00000000 ____D () C:\Users\owner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
2014-09-11 03:17 - 2011-12-27 15:11 - 00491430 _____ () C:\Windows\PFRO.log
2014-09-11 00:46 - 2009-07-13 22:37 - 00000000 ____D () C:\Windows\Microsoft.NET
2014-09-11 00:32 - 2013-07-22 10:22 - 00000000 ____D () C:\Windows\system32\MRT
2014-09-11 00:24 - 2012-05-01 03:01 - 00002117 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Security Essentials.lnk
2014-09-11 00:24 - 2011-09-24 12:17 - 00002155 _____ () C:\Windows\epplauncher.mif
2014-09-11 00:24 - 2010-12-27 16:08 - 98758480 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-09-11 00:23 - 2014-05-07 03:00 - 00000000 ___SD () C:\Windows\system32\CompatTel
2014-09-11 00:23 - 2011-09-24 12:16 - 00000000 ____D () C:\Program Files\Microsoft Security Client

Files to move or delete:
====================
C:\Users\owner\gosetup.exe
C:\Users\owner\gotomypc_540.exe


Some content of TEMP:
====================
C:\Users\owner\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpbyresq.dll
C:\Users\owner\AppData\Local\Temp\jre-7u60-windows-i586-iftw.exe
C:\Users\owner\AppData\Local\Temp\jre-7u65-windows-i586-iftw.exe
C:\Users\owner\AppData\Local\Temp\jre-7u67-windows-i586-iftw.exe
C:\Users\owner\AppData\Local\Temp\lowproc.exe
C:\Users\owner\AppData\Local\Temp\stubhelper.dll
C:\Users\owner\AppData\Local\Temp\SymCCIS.dll


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\explorer.exe => File is digitally signed
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2014-10-06 08:28

==================== End Of Log ============================

 

Next Log:

Additional scan result of Farbar Recovery Scan Tool (x86) Version: 06-10-2014 01
Ran by owner at 2014-10-08 12:19:59
Running from C:\Users\owner\Downloads
Boot Mode: Normal
==========================================================


==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Microsoft Security Essentials (Enabled - Up to date) {4F35CFC4-45A3-FC37-EF17-759A02E39AB1}
AS: Microsoft Security Essentials (Enabled - Up to date) {F4542E20-6399-F3B9-D5A7-4EE87964D00C}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

 Update for Microsoft Office 2007 (KB2508958) (HKLM\...\{91120000-0019-0000-0000-0000000FF1CE}_PUBLISHERR_{0C5823AA-7B6F-44E1-8D5B-8FD1FF0E6438}) (Version:  - Microsoft)
32 Bit HP CIO Components Installer (Version: 7.1.8 - Hewlett-Packard) Hidden
ABBYY FineReader 6.0 Sprint (HKLM\...\{ACF60000-22B9-4CE9-98D6-2CCF359BAC07}) (Version: 6.00.1395.4512 - ABBYY Software House)
Acronis True Image 2014 (HKLM\...\{6B38A7DF-F641-45D5-BBCA-3E676ABCF5C8}Visible) (Version: 17.0.6673 - Acronis)
Acronis True Image 2014 (Version: 17.0.6673 - Acronis) Hidden
Adobe AIR (HKLM\...\Adobe AIR) (Version: 2.5.1.17730 - Adobe Systems Inc.)
Adobe AIR (Version: 2.5.1.17730 - Adobe Systems Inc.) Hidden
Adobe Download Assistant (HKLM\...\com.adobe.downloadassistant.AdobeDownloadAssistant) (Version: 1.2.6 - Adobe Systems Incorporated)
Adobe Download Assistant (Version: 1.2.6 - Adobe Systems Incorporated) Hidden
Adobe Flash Player 15 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 15.0.0.167 - Adobe Systems Incorporated)
Adobe Flash Player 15 Plugin (HKLM\...\Adobe Flash Player Plugin) (Version: 15.0.0.152 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.09) (HKLM\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.09 - Adobe Systems Incorporated)
Adobe Shockwave Player 12.0 (HKLM\...\Adobe Shockwave Player) (Version: 12.0.5.146 - Adobe Systems, Inc.)
Amazon Kindle (HKLM\...\Amazon Kindle) (Version:  - Amazon)
ANT Drivers Installer x86 (Version: 2.3.4 - Garmin Ltd or its subsidiaries) Hidden
ArcSoft MediaImpression (HKLM\...\{531F0013-964C-4BE6-B382-4117DC8BCDF9}) (Version:  - ArcSoft)
ASUS RT-N16 Wireless Router Utilities (HKLM\...\{2BF4582C-9BBF-4B55-AB3A-C2375278B13E}) (Version: 4.1.3.5 - ASUS)
Atheros Communications Inc.® AR81Family Gigabit/Fast Ethernet Driver (HKLM\...\{3108C217-BE83-42E4-AE9E-A56A2A92E549}) (Version: 1.0.0.27 - Atheros Communications Inc.)
Auslogics Disk Defrag (HKLM\...\{DF6A13C0-77DF-41FE-BD05-6D5201EB0CE7}_is1) (Version: 3.5 - Auslogics Software Pty Ltd)
AVS Screen Capture version 2.0.1 (HKLM\...\AVS Screen Capture_is1) (Version:  - Online Media Technologies Ltd.)
AVS Update Manager 1.0 (HKLM\...\AVS Update Manager_is1) (Version:  - Online Media Technologies Ltd.)
AVS Video Converter 7 (HKLM\...\AVS4YOU Video Converter 7_is1) (Version:  - Online Media Technologies Ltd.)
AVS Video Editor 6 (HKLM\...\AVS Video Editor_is1) (Version:  - Online Media Technologies Ltd.)
AVS Video Recorder 2.4 (HKLM\...\AVS Video Recorder_is1) (Version:  - Online Media Technologies Ltd.)
AVS4YOU Software Navigator 1.4 (HKLM\...\AVS4YOU Software Navigator_is1) (Version:  - Online Media Technologies Ltd.)
AVSDK5 (Version: 5.2.9 - Authentium, Inc) Hidden
BufferChm (Version: 140.0.212.000 - Hewlett-Packard) Hidden
Cisco Connect (HKLM\...\Cisco Connect) (Version: 1.3.11069.2 - Cisco Consumer Products LLC)
D110 (Version: 140.0.283.000 - Hewlett-Packard) Hidden
D3DX10 (Version: 15.4.2368.0902 - Microsoft) Hidden
Destinations (Version: 140.0.77.000 - Hewlett-Packard) Hidden
DeviceDiscovery (Version: 140.0.212.000 - Hewlett-Packard) Hidden
Dropbox (HKCU\...\Dropbox) (Version: 2.10.30 - Dropbox, Inc.)
Elevated Installer (Version: 3.2.17.0 - Garmin Ltd or its subsidiaries) Hidden
Epson Copy Utility 3.5 (HKLM\...\{AA72FB28-73B4-49E5-B6B4-E78F44BBD0AD}) (Version: 3.5.0.0 - )
Epson Event Manager (HKLM\...\{48F22622-1CC2-4A83-9C1E-644DD96F832D}) (Version: 2.30.01 - SEIKO EPSON Corporation)
EPSON Perfection V30/V300 Photo Scanner Driver Update (HKLM\...\{3B03E732-6150-4D0A-849F-C6F4141EA78C}) (Version:  - )
EPSON Scan (HKLM\...\EPSON Scanner) (Version:  - )
ffdshow [rev 2527] [2008-12-19] (HKLM\...\ffdshow_is1) (Version: 1.0 - )
Free PDF Solutions PDF to WORD version 1.0 (HKLM\...\Free PDF Solutions PDF to WORD_is1) (Version: 1.0 - )
FreeRIP v3.6 (HKLM\...\{501451DE-5808-4599-B544-8BD0915B6B24}_is1) (Version: 3.6 - MGShareware)
Garmin City Navigator North America NT 2013.20 Update (HKLM\...\{8BBC40D0-95A4-40F1-817B-F2B30A1ADF02}) (Version: 16.20.0.0 - Garmin Ltd or its subsidiaries)
Garmin Communicator Plugin (HKLM\...\{13F054F3-0B07-4D15-9E80-C55B496AB557}) (Version: 4.0.3 - Garmin Ltd or its subsidiaries)
Garmin Express (HKLM\...\{b43ffffb-1adc-4bcb-b277-7844ebff94da}) (Version: 3.2.17.0 - Garmin Ltd or its subsidiaries)
Garmin Express (Version: 3.2.17.0 - Garmin Ltd or its subsidiaries) Hidden
Garmin Express Tray (Version: 3.2.17.0 - Garmin Ltd or its subsidiaries) Hidden
Google Drive (HKLM\...\{C6640705-7479-4EE5-BC86-879F05F65E74}) (Version: 1.17.7290.4094 - Google, Inc.)
Google Earth Plug-in (HKLM\...\{4AB54F11-2F8C-11E3-B09F-B8AC6F97B88E}) (Version: 7.1.2.2041 - Google)
Google Talk Plugin (HKLM\...\{C1E3DFE7-4EAD-3E9E-A826-E06055BA5921}) (Version: 5.4.2.18903 - Google)
Google Update Helper (Version: 1.3.24.15 - Google Inc.) Hidden
GPBaseService2 (Version: 140.0.211.000 - Hewlett-Packard) Hidden
Hewlett-Packard ACLM.NET v1.1.0.0 (Version: 1.00.0000 - Hewlett-Packard) Hidden
HP Customer Participation Program 14.0 (HKLM\...\HPExtendedCapabilities) (Version: 14.0 - HP)
HP Imaging Device Functions 14.0 (HKLM\...\HP Imaging Device Functions) (Version: 14.0 - HP)
HP Photo Creations (HKLM\...\HP Photo Creations) (Version: 1.0.0.2024 - HP Photo Creations Powered by RocketLife)
HP Photosmart D110 All-In-One Driver Software 14.0 Rel. 7 (HKLM\...\{DBC1DE57-B55A-4D57-9769-1DB9BE506AF7}) (Version: 14.0 - HP)
HP Product Detection (HKLM\...\{A436F67F-687E-4736-BD2B-537121A804CF}) (Version: 11.14.0001 - HP)
HP Smart Web Printing 4.60 (HKLM\...\HP Smart Web Printing) (Version: 4.60 - HP)
HP Solution Center 14.0 (HKLM\...\HP Solution Center & Imaging Support Tools) (Version: 14.0 - HP)
HPAppStudio (Version: 140.0.95.000 - Hewlett-Packard) Hidden
HPPhotoGadget (Version: 140.0.524.000 - Hewlett-Packard) Hidden
HPProductAssistant (Version: 140.0.212.000 - Hewlett-Packard) Hidden
HPSSupply (Version: 140.0.211.000 - Hewlett-Packard) Hidden
HTC Driver Installer (HKLM\...\{6D6664A9-3342-4948-9B7E-034EFE366F0F}) (Version: 2.0.7.018 - HTC Corporation)
InfraRecorder (HKLM\...\InfraRecorder) (Version:  - )
Java 7 Update 67 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F03217067FF}) (Version: 7.0.670 - Oracle)
Java Auto Updater (Version: 2.1.67.1 - Oracle, Inc.) Hidden
Junk Mail filter update (Version: 16.4.3522.0110 - Microsoft Corporation) Hidden
Malwarebytes Anti-Malware version 2.0.2.1012 (HKLM\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.2.1012 - Malwarebytes Corporation)
MarketResearch (Version: 140.0.212.000 - Hewlett-Packard) Hidden
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (Version: 4.5.50938 - Microsoft Corporation) Hidden
Microsoft Application Error Reporting (Version: 12.0.6012.5000 - Microsoft Corporation) Hidden
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM\...\{91120000-0019-0000-0000-0000000FF1CE}_PUBLISHERR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version:  - Microsoft)
Microsoft Office 2007 Service Pack 3 (SP3) (Version:  - Microsoft) Hidden
Microsoft Office Click-to-Run 2010 (HKLM\...\Office14.Click2Run) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Office Click-to-Run 2010 (Version: 14.0.4763.1000 - Microsoft Corporation) Hidden
Microsoft Office File Validation Add-In (HKLM\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
Microsoft Office Home and Student 2010 - English (HKLM\...\{90140011-0061-0409-0000-0000000FF1CE}) (Version: 14.0.5130.5001 - Microsoft Corporation)
Microsoft Office Proof (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (French) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (Spanish) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proofing (English) 2007 (Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) (Version:  - Microsoft) Hidden
Microsoft Office Publisher 2007 (HKLM\...\PUBLISHERR) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Office Publisher 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Publisher MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared Setup Metadata MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft OneDrive (HKCU\...\OneDriveSetup.exe) (Version: 17.0.4024.1220 - Microsoft Corporation)
Microsoft Security Client (Version: 4.6.0305.0 - Microsoft Corporation) Hidden
Microsoft Security Essentials (HKLM\...\Microsoft Security Client) (Version: 4.6.305.0 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (HKLM\...\{770657D0-A123-3C07-8E44-1C83EC895118}) (Version: 8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 (HKLM\...\{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}) (Version: 9.0.30729.5570 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005 (HKLM\...\{ce085a78-074e-4823-8dc1-8a721b94b76d}) (Version: 12.0.21005.1 - Microsoft Corporation)
Microsoft Visual C++ 2013 x86 Additional Runtime - 12.0.21005 (Version: 12.0.21005 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2013 x86 Minimum Runtime - 12.0.21005 (Version: 12.0.21005 - Microsoft Corporation) Hidden
Motorola Mobile Drivers Installation 5.2.0 (HKLM\...\{1D76A52C-87A6-4AB0-A7B0-08C8D5DF1D75}) (Version: 5.2.0 - Motorola Inc.)
Movie Maker (Version: 16.4.3522.0110 - Microsoft Corporation) Hidden
Mozilla Firefox 32.0.3 (x86 en-US) (HKLM\...\Mozilla Firefox 32.0.3 (x86 en-US)) (Version: 32.0.3 - Mozilla)
MSVCRT (Version: 15.4.2862.0708 - Microsoft) Hidden
MSVCRT110 (Version: 16.4.1108.0727 - Microsoft) Hidden
MSXML 4.0 SP2 (KB954430) (HKLM\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
Network (Version: 140.0.215.000 - Hewlett-Packard) Hidden
PANTECH Handset Driver (HKLM\...\{6DF6CEFE-5FFC-4109-A96B-39E0C9BE128B}) (Version: 2.2.1001.0402 - PANTECH CO., LTD.)
Photo Gallery (Version: 16.4.3522.0110 - Microsoft Corporation) Hidden
PhotoScape (HKLM\...\PhotoScape) (Version:  - )
PS_AIO_07_D110_SW_Min (Version: 140.0.142.000 - Hewlett-Packard) Hidden
QuickTime (HKLM\...\{B67BAFBA-4C9F-48FA-9496-933E3B255044}) (Version: 7.74.80.86 - Apple Inc.)
QuickTransfer (Version: 140.0.98.000 - Hewlett-Packard) Hidden
QuickVPN Client (HKLM\...\{5C8AE145-C9F7-4883-9750-7ECD2B41CCCA}) (Version: 1.4.1.2 - Cisco  Small Business)
RealPlayer (HKLM\...\RealPlayer 15.0) (Version: 15.0.5 - RealNetworks)
RealUpgrade 1.1 (Version: 1.1.0 - RealNetworks, Inc.) Hidden
Roxio Creator Audio (Version: 3.7.0 - Roxio) Hidden
Roxio Creator Copy (Version: 3.7.0 - Roxio) Hidden
Roxio Creator Data (Version: 3.7.0 - Roxio) Hidden
Roxio Creator DE (HKLM\...\{09760D42-E223-42AD-8C3E-55B47D0DDAC3}) (Version: 10.1 - Roxio)
Roxio Creator DE (Version: 3.7.0 - Roxio) Hidden
Roxio Creator Tools (Version: 3.7.0 - Roxio) Hidden
Roxio Express Labeler 3 (Version: 3.2.1 - Roxio) Hidden
Roxio Update Manager (Version: 6.0.0 - Roxio) Hidden
SAMSUNG USB Driver for Mobile Phones (HKLM\...\{ABAB97F4-80C6-43A5-8691-57C3C605D7C1}) (Version: 1.3.2400.0 - SAMSUNG Electronics Co., Ltd.)
Scan (Version: 140.0.80.000 - Hewlett-Packard) Hidden
Shop for HP Supplies (HKLM\...\Shop for HP Supplies) (Version: 14.0 - HP)
SmartWebPrinting (Version: 140.0.186.000 - Hewlett-Packard) Hidden
SolutionCenter (Version: 140.0.214.000 - Hewlett-Packard) Hidden
Spotify (HKCU\...\Spotify) (Version: 0.9.14.13.gba5645ad - Spotify AB)
Status (Version: 140.0.256.000 - Hewlett-Packard) Hidden
swMSM (Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 11.2.4.0 - Synaptics)
Toolbox (Version: 140.0.428.000 - Hewlett-Packard) Hidden
TOSHIBA Supervisor Password (HKLM\...\{401879D1-AC26-43CD-BDDE-E0D5D5608083}) (Version: 2.00.03PLV - )
TrayApp (Version: 140.0.212.000 - Hewlett-Packard) Hidden
Update for 2007 Microsoft Office System (KB967642) (HKLM\...\{91120000-0019-0000-0000-0000000FF1CE}_PUBLISHERR_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version:  - Microsoft)
Update for Microsoft Office 2007 Help for Common Features (KB963673) (HKLM\...\{90120000-006E-0409-0000-0000000FF1CE}_PUBLISHERR_{AB365889-0395-4FAD-B702-CA5985D53D42}) (Version:  - Microsoft)
Update for Microsoft Office 2007 suites (KB2596620) 32-Bit Edition (HKLM\...\{91120000-0019-0000-0000-0000000FF1CE}_PUBLISHERR_{A024FC7B-77DE-45DE-A058-1C049A17BFB3}) (Version:  - Microsoft)
Update for Microsoft Office 2007 suites (KB2767849) 32-Bit Edition (HKLM\...\{91120000-0019-0000-0000-0000000FF1CE}_PUBLISHERR_{CB68A5B0-3508-4193-AEB9-AF636DAECE0F}) (Version:  - Microsoft)
Update for Microsoft Office 2007 suites (KB2767916) 32-Bit Edition (HKLM\...\{91120000-0019-0000-0000-0000000FF1CE}_PUBLISHERR_{E9A82945-BA29-4EE8-8F2A-2F49545E9CF2}) (Version:  - Microsoft)
Update for Microsoft Office Publisher 2007 Help (KB963667) (HKLM\...\{90120000-0019-0409-0000-0000000FF1CE}_PUBLISHERR_{2E40DE55-B289-4C8B-8901-5D369B16814F}) (Version:  - Microsoft)
Update for Microsoft Office Script Editor Help (KB963671) (HKLM\...\{90120000-006E-0409-0000-0000000FF1CE}_PUBLISHERR_{CD11C6A2-FFC6-4271-8EAB-79C3582F505C}) (Version:  - Microsoft)
WebReg (Version: 140.0.212.017 - Hewlett-Packard) Hidden
Windows Driver Package - Dynastream Innovations, Inc. ANT LibUSB Drivers (04/11/2012 1.2.40.201) (HKLM\...\F9D2A789F9CFF8CEC36B544F53877C80F1F73C46) (Version: 04/11/2012 1.2.40.201 - Dynastream Innovations, Inc.)
Windows Driver Package - Silicon Labs Software (DSI_SiUSBXp_3_1) USB  (02/06/2007 3.1) (HKLM\...\D1506E0025B5A3F9EB8270FE81C1EEDD9388B8A2) (Version: 02/06/2007 3.1 - Silicon Labs Software)
Windows Live Communications Platform (Version: 16.4.3522.0110 - Microsoft Corporation) Hidden
Windows Live Essentials (HKLM\...\WinLiveSuite) (Version: 16.4.3522.0110 - Microsoft Corporation)
Windows Live Essentials (Version: 16.4.3522.0110 - Microsoft Corporation) Hidden
Windows Live Family Safety (Version: 16.4.3522.0110 - Microsoft Corporation) Hidden
Windows Live ID Sign-in Assistant (Version: 7.250.4311.0 - Microsoft Corporation) Hidden
Windows Live Installer (Version: 16.4.3522.0110 - Microsoft Corporation) Hidden
Windows Live Mail (Version: 16.4.3522.0110 - Microsoft Corporation) Hidden
Windows Live Messenger (Version: 16.4.3522.0110 - Microsoft Corporation) Hidden
Windows Live MIME IFilter (Version: 16.4.3522.0110 - Microsoft Corporation) Hidden
Windows Live Photo Common (Version: 16.4.3522.0110 - Microsoft Corporation) Hidden
Windows Live PIMT Platform (Version: 16.4.3522.0110 - Microsoft Corporation) Hidden
Windows Live SOXE (Version: 16.4.3522.0110 - Microsoft Corporation) Hidden
Windows Live SOXE Definitions (Version: 16.4.3522.0110 - Microsoft Corporation) Hidden
Windows Live UX Platform (Version: 16.4.3522.0110 - Microsoft Corporation) Hidden
Windows Live UX Platform Language Pack (Version: 16.4.3522.0110 - Microsoft Corporation) Hidden
Windows Live Writer (Version: 16.4.3522.0110 - Microsoft Corporation) Hidden
Windows Live Writer Resources (Version: 16.4.3522.0110 - Microsoft Corporation) Hidden
WinSCP 4.1.8 (HKLM\...\winscp3_is1) (Version: 4.1.8 - Martin Prikryl)
WinSCP Free Download Packages (HKCU\...\WinSCP Free Download Packages) (Version:  - ) <==== ATTENTION
WModem Driver Installer (HKLM\...\HTC_WModemDriver) (Version: 2.0.6.14 - HTC)
Workspace Desktop (HKCU\...\workspacedesktop) (Version:  - Starfield Technologies)

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)

CustomCLSID: HKU\S-1-5-21-3933923020-1945999727-4106239382-1000_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Users\owner\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3933923020-1945999727-4106239382-1000_Classes\CLSID\{022105BD-948A-40C9-AB42-A3300DDF097F}\localserver32 -> C:\Users\owner\AppData\Local\Google\Update\GoogleUpdate.exe (Google Inc.)
CustomCLSID: HKU\S-1-5-21-3933923020-1945999727-4106239382-1000_Classes\CLSID\{035FBE31-3755-450A-A775-5E6BBD43D344}\InprocServer32 -> C:\Users\owner\AppData\Local\Google\Update\1.3.21.135\psuser.dll No File
CustomCLSID: HKU\S-1-5-21-3933923020-1945999727-4106239382-1000_Classes\CLSID\{047466F1-82AE-455A-AFC4-D3AC463FBF6B}\InprocServer32 -> C:\Windows\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3933923020-1945999727-4106239382-1000_Classes\CLSID\{1BFB1268-6353-495A-AB78-97BF7CAB4D59}\InprocServer32 -> C:\Users\owner\AppData\Local\Workspace\gdeditwrapperax15.dll (Starfield Technologies)
CustomCLSID: HKU\S-1-5-21-3933923020-1945999727-4106239382-1000_Classes\CLSID\{22181302-A8A6-4F84-A541-E5CBFC70CC43}\localserver32 -> C:\Users\owner\AppData\Local\Google\Update\1.3.24.15\GoogleUpdateOnDemand.exe (Google Inc.)
CustomCLSID: HKU\S-1-5-21-3933923020-1945999727-4106239382-1000_Classes\CLSID\{2F0E2680-9FF5-43C0-B76E-114A56E93598}\localserver32 -> C:\Users\owner\AppData\Local\Google\Update\1.3.24.15\GoogleUpdateOnDemand.exe (Google Inc.)
CustomCLSID: HKU\S-1-5-21-3933923020-1945999727-4106239382-1000_Classes\CLSID\{355EC88A-02E2-4547-9DEE-F87426484BD1}\InprocServer32 -> C:\Users\owner\AppData\Local\Google\Update\1.3.23.9\psuser.dll No File
CustomCLSID: HKU\S-1-5-21-3933923020-1945999727-4106239382-1000_Classes\CLSID\{39125640-8D80-11DC-A2FE-C5C455D89593}\InprocServer32 -> C:\Users\owner\AppData\Local\Google\Google Talk Plugin\googletalkax.dll (Google)
CustomCLSID: HKU\S-1-5-21-3933923020-1945999727-4106239382-1000_Classes\CLSID\{51F9E8EF-59D7-475B-A106-C7EA6F30C119}\localserver32 -> C:\Users\owner\AppData\Local\Google\Update\1.3.24.15\GoogleUpdateOnDemand.exe (Google Inc.)
CustomCLSID: HKU\S-1-5-21-3933923020-1945999727-4106239382-1000_Classes\CLSID\{62A0D750-DED9-448C-B693-406B34BB0892}\InprocServer32 -> C:\Users\owner\AppData\Local\Google\Update\1.3.21.145\psuser.dll No File
CustomCLSID: HKU\S-1-5-21-3933923020-1945999727-4106239382-1000_Classes\CLSID\{634059C0-D264-4B2C-AE80-F73E48D33E5B}\InprocServer32 -> C:\Users\owner\AppData\Local\Google\Update\1.3.21.123\psuser.dll No File
CustomCLSID: HKU\S-1-5-21-3933923020-1945999727-4106239382-1000_Classes\CLSID\{6D7374DE-63AA-473C-8C02-60D9CDCD84C5}\InprocServer32 -> C:\Users\owner\AppData\Local\Google\Update\1.3.21.153\psuser.dll No File
CustomCLSID: HKU\S-1-5-21-3933923020-1945999727-4106239382-1000_Classes\CLSID\{7B37E4E2-C62F-4914-9620-8FB5062718CC}\localserver32 -> C:\Users\owner\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3933923020-1945999727-4106239382-1000_Classes\CLSID\{90B3DFBF-AF6A-4EA0-8899-F332194690F8}\InprocServer32 -> C:\Users\owner\AppData\Local\Google\Update\1.3.24.15\psuser.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-3933923020-1945999727-4106239382-1000_Classes\CLSID\{91EFB276-CEFE-48EC-BB3A-57795A7B4008}\InprocServer32 -> C:\Users\owner\AppData\Local\Google\Update\1.3.21.149\psuser.dll No File
CustomCLSID: HKU\S-1-5-21-3933923020-1945999727-4106239382-1000_Classes\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}\InprocServer32 -> C:\Users\owner\AppData\Local\Microsoft\SkyDrive\17.0.4024.1220\SkyDriveShell.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3933923020-1945999727-4106239382-1000_Classes\CLSID\{A45426FB-E444-42B2-AA56-419F8FBEEC61}\InprocServer32 -> C:\Users\owner\AppData\Local\Google\Update\1.3.22.3\psuser.dll No File
CustomCLSID: HKU\S-1-5-21-3933923020-1945999727-4106239382-1000_Classes\CLSID\{A54D478D-4F70-4F72-9A74-17C9986E35AB}\InprocServer32 -> C:\Users\owner\AppData\Local\Google\Update\1.3.21.165\psuser.dll No File
CustomCLSID: HKU\S-1-5-21-3933923020-1945999727-4106239382-1000_Classes\CLSID\{AB807329-7324-431B-8B36-DBD581F56E0B}\localserver32 -> C:\Users\owner\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3933923020-1945999727-4106239382-1000_Classes\CLSID\{AB9F4455-E591-4132-A386-0B91EAEDB96C}\InprocServer32 -> C:\Users\owner\AppData\Local\Google\Google Talk Plugin\o1dax.dll (Google)
CustomCLSID: HKU\S-1-5-21-3933923020-1945999727-4106239382-1000_Classes\CLSID\{B5B8593C-89BC-44a7-BCE3-32FE4FED7C5C}\InprocServer32 -> C:\Users\owner\AppData\Local\Workspace\wbetoolsax.dll (Starfield Technology, LLC)
CustomCLSID: HKU\S-1-5-21-3933923020-1945999727-4106239382-1000_Classes\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524}\InprocServer32 -> C:\Users\owner\AppData\Local\Microsoft\SkyDrive\17.0.4024.1220\SkyDriveShell.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3933923020-1945999727-4106239382-1000_Classes\CLSID\{C3101A8B-0EE1-4612-BFE9-41FFC1A3C19D}\InprocServer32 -> C:\Users\owner\AppData\Local\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-3933923020-1945999727-4106239382-1000_Classes\CLSID\{C442AC41-9200-4770-8CC0-7CDB4F245C55}\InprocServer32 -> C:\Users\owner\AppData\Local\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-3933923020-1945999727-4106239382-1000_Classes\CLSID\{C5A2122B-A05B-4FD8-AE49-91990AE10998}\InprocServer32 -> C:\Users\owner\AppData\Local\Google\Update\1.3.21.115\psuser.dll No File
CustomCLSID: HKU\S-1-5-21-3933923020-1945999727-4106239382-1000_Classes\CLSID\{CB3D0F55-BC2C-4C1A-85ED-23ED75B5106B}\InprocServer32 -> C:\Users\owner\AppData\Local\Microsoft\SkyDrive\17.0.4024.1220\SkyDriveShell.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3933923020-1945999727-4106239382-1000_Classes\CLSID\{E67BE843-BBBE-4484-95FB-05271AE86750}\localserver32 -> C:\Users\owner\AppData\Local\Google\Update\1.3.24.15\GoogleUpdateOnDemand.exe (Google Inc.)
CustomCLSID: HKU\S-1-5-21-3933923020-1945999727-4106239382-1000_Classes\CLSID\{E8CF3E55-F919-49D9-ABC0-948E6CB34B9F}\InprocServer32 -> C:\Users\owner\AppData\Local\Google\Update\1.3.24.15\psuser.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-3933923020-1945999727-4106239382-1000_Classes\CLSID\{EB06378B-ABB6-4B3C-9B40-D488DD8A6E93}\InprocServer32 -> C:\Users\owner\AppData\Local\Google\Update\1.3.22.5\psuser.dll No File
CustomCLSID: HKU\S-1-5-21-3933923020-1945999727-4106239382-1000_Classes\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A}\InprocServer32 -> C:\Users\owner\AppData\Local\Microsoft\SkyDrive\17.0.4024.1220\SkyDriveShell.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3933923020-1945999727-4106239382-1000_Classes\CLSID\{F8071786-1FD0-4A66-81A1-3CBE29274458}\InprocServer32 -> C:\Users\owner\AppData\Local\Microsoft\SkyDrive\17.0.4024.1220\FileSyncApi.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3933923020-1945999727-4106239382-1000_Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\owner\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3933923020-1945999727-4106239382-1000_Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\owner\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3933923020-1945999727-4106239382-1000_Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\owner\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3933923020-1945999727-4106239382-1000_Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\owner\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3933923020-1945999727-4106239382-1000_Classes\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\owner\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3933923020-1945999727-4106239382-1000_Classes\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\owner\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3933923020-1945999727-4106239382-1000_Classes\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\owner\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3933923020-1945999727-4106239382-1000_Classes\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\owner\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3933923020-1945999727-4106239382-1000_Classes\CLSID\{FB994D36-B312-46CE-A40B-CF63980641F9}\InprocServer32 -> C:\Users\owner\AppData\Local\Google\Update\1.3.21.111\psuser.dll No File
CustomCLSID: HKU\S-1-5-21-3933923020-1945999727-4106239382-1000_Classes\CLSID\{FE498BAB-CB4C-4F88-AC3F-3641AAAF5E9E}\InprocServer32 -> C:\Users\owner\AppData\Local\Google\Update\1.3.24.7\psuser.dll No File

==================== Restore Points  =========================

15-09-2014 13:33:50 Windows Update
19-09-2014 12:41:38 Windows Update
23-09-2014 12:22:02 Windows Update
24-09-2014 01:06:33 Windows Update
27-09-2014 07:57:17 Windows Update
30-09-2014 11:31:40 Windows Update
02-10-2014 13:00:07 Windows Update
07-10-2014 12:25:26 Windows Update

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-13 22:04 - 2009-06-10 17:39 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts

==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

Task: {1529F9F3-1240-42E7-9F2F-84094E775CA2} - System32\Tasks\SidebarExecute => C:\Program Files\Windows Sidebar\sidebar.exe
Task: {1EB6A162-FE18-43E1-98B1-F76407288A43} - System32\Tasks\GarminUpdaterTask => C:\Program Files\Garmin\Express Self Updater\ExpressSelfUpdater.exe [2014-08-07] ()
Task: {33FB2D71-1216-452D-B3E2-C80782112D77} - System32\Tasks\RealPlayerRealUpgradeLogonTaskS-1-5-21-3933923020-1945999727-4106239382-1000 => C:\Program Files\Real\RealUpgrade\RealUpgrade.exe [2013-08-14] (RealNetworks, Inc.)
Task: {34BCF81B-CC09-41A0-9E67-D421A2297DAA} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files\Google\Update\GoogleUpdate.exe [2011-03-10] (Google Inc.)
Task: {35E23409-1919-47AF-99B4-4C5C057CB5D1} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2014-09-26] (Adobe Systems Incorporated)
Task: {4A61584E-AB41-46C6-9258-0B2C34FB0749} - System32\Tasks\RealPlayerRealUpgradeScheduledTaskS-1-5-21-3933923020-1945999727-4106239382-1000 => C:\Program Files\Real\RealUpgrade\RealUpgrade.exe [2013-08-14] (RealNetworks, Inc.)
Task: {5D3621A1-A7B2-482B-BA96-834037E85957} - System32\Tasks\Microsoft\Windows\WindowsBackup\AutomaticBackup => Rundll32.exe /d sdengin2.dll,ExecuteScheduledBackup
Task: {63BA8AE7-B202-4155-AD53-30384769CB3E} - System32\Tasks\RealUpgradeLogonTaskS-1-5-21-3933923020-1945999727-4106239382-1000 => C:\Program Files\Real\RealUpgrade\RealUpgrade.exe [2013-08-14] (RealNetworks, Inc.)
Task: {6C6B2538-2C20-43EF-9D23-1319A34B4A82} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-3933923020-1945999727-4106239382-1000Core => C:\Users\owner\AppData\Local\Google\Update\GoogleUpdate.exe [2012-05-10] (Google Inc.)
Task: {876639C3-1094-483E-A6A0-E70A2683A6A4} - System32\Tasks\RealDownloaderRealUpgradeLogonTaskS-1-5-21-3933923020-1945999727-4106239382-1000 => C:\Program Files\RealNetworks\RealDownloader\realupgrade.exe
Task: {934E9000-218A-4251-AFDF-E7F68E204A0E} - System32\Tasks\{56FC5EC0-8E4E-4B52-B77F-71C3F3C9E61C} => C:\Program Files\Common Files\Microsoft Shared\OFFICE12\OFFDIAG.EXE [2011-07-20] (Microsoft Corporation)
Task: {9C293702-96C2-4EB2-9E2E-A3A2F28ABEC4} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-3933923020-1945999727-4106239382-1000UA => C:\Users\owner\AppData\Local\Google\Update\GoogleUpdate.exe [2012-05-10] (Google Inc.)
Task: {B15FE7C7-0A8A-4C7D-BD6D-3A1954866FA0} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files\Google\Update\GoogleUpdate.exe [2011-03-10] (Google Inc.)
Task: {B612B99F-DFA6-4B07-9683-A86DD50EDCAC} - System32\Tasks\{EEDAE409-B2ED-4FE2-9053-F7BB8A966AFD} => C:\Program Files\Common Files\Microsoft Shared\OFFICE12\OFFDIAG.EXE [2011-07-20] (Microsoft Corporation)
Task: {BBC77F90-7F79-4B7D-B8A3-03F1B4DC7F19} - System32\Tasks\RealDownloaderRealUpgradeScheduledTaskS-1-5-21-3933923020-1945999727-4106239382-1000 => C:\Program Files\RealNetworks\RealDownloader\realupgrade.exe
Task: {C263F8EF-8129-4EAF-9119-B30D4A070BEC} - System32\Tasks\RealDownloaderDownloaderScheduledTaskS-1-5-21-3933923020-1945999727-4106239382-1000 => C:\Program Files\RealNetworks\RealDownloader\recordingmanager.exe
Task: {D03D60D9-0D4C-4E37-ADB8-59E6F9A792AD} - System32\Tasks\RealUpgradeScheduledTaskS-1-5-21-3933923020-1945999727-4106239382-1000 => C:\Program Files\Real\RealUpgrade\RealUpgrade.exe [2013-08-14] (RealNetworks, Inc.)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3933923020-1945999727-4106239382-1000Core.job => C:\Users\owner\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3933923020-1945999727-4106239382-1000UA.job => C:\Users\owner\AppData\Local\Google\Update\GoogleUpdate.exe

==================== Loaded Modules (whitelisted) =============

2012-01-15 15:36 - 2007-08-21 14:32 - 00098304 _____ () C:\Windows\System32\redmonnt.dll
2013-10-01 11:26 - 2013-10-01 11:26 - 02627672 _____ () C:\Program Files\Acronis\TrueImageHome\tishell.dll
2013-10-01 12:00 - 2013-10-01 12:00 - 00022336 _____ () C:\Program Files\Acronis\TrueImageHome\ti_managers_proxy_stub.dll
2011-02-14 09:55 - 2011-02-14 09:55 - 00043520 ____R () C:\Program Files\HTC\ModeSelection\VMMModeSelection.exe
2014-02-04 19:25 - 2014-02-04 19:25 - 00036672 _____ () C:\Program Files\Acronis\TrueImageHome\qt_icontray_ex.dll
2014-02-04 19:25 - 2014-02-04 19:25 - 00028992 _____ () C:\Program Files\Common Files\Acronis\Home\thread_pool.dll
2014-10-08 11:49 - 2014-10-08 11:49 - 00043008 _____ () c:\users\owner\appdata\local\temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpbyresq.dll
2013-08-23 15:01 - 2013-08-23 15:01 - 25100288 _____ () C:\Users\owner\AppData\Roaming\Dropbox\bin\libcef.dll
2014-10-08 11:49 - 2014-10-08 11:49 - 00098816 _____ () C:\Users\owner\AppData\Local\Temp\_MEI52922\win32api.pyd
2014-10-08 11:49 - 2014-10-08 11:49 - 00110080 _____ () C:\Users\owner\AppData\Local\Temp\_MEI52922\pywintypes27.dll
2014-10-08 11:49 - 2014-10-08 11:49 - 00364544 _____ () C:\Users\owner\AppData\Local\Temp\_MEI52922\pythoncom27.dll
2014-10-08 11:49 - 2014-10-08 11:49 - 00045568 _____ () C:\Users\owner\AppData\Local\Temp\_MEI52922\_socket.pyd
2014-10-08 11:49 - 2014-10-08 11:49 - 01160704 _____ () C:\Users\owner\AppData\Local\Temp\_MEI52922\_ssl.pyd
2014-10-08 11:49 - 2014-10-08 11:49 - 00320512 _____ () C:\Users\owner\AppData\Local\Temp\_MEI52922\win32com.shell.shell.pyd
2014-10-08 11:49 - 2014-10-08 11:49 - 00713216 _____ () C:\Users\owner\AppData\Local\Temp\_MEI52922\_hashlib.pyd
2014-10-08 11:49 - 2014-10-08 11:49 - 01175040 _____ () C:\Users\owner\AppData\Local\Temp\_MEI52922\wx._core_.pyd
2014-10-08 11:49 - 2014-10-08 11:49 - 00805888 _____ () C:\Users\owner\AppData\Local\Temp\_MEI52922\wx._gdi_.pyd
2014-10-08 11:49 - 2014-10-08 11:49 - 00811008 _____ () C:\Users\owner\AppData\Local\Temp\_MEI52922\wx._windows_.pyd
2014-10-08 11:49 - 2014-10-08 11:49 - 01062400 _____ () C:\Users\owner\AppData\Local\Temp\_MEI52922\wx._controls_.pyd
2014-10-08 11:49 - 2014-10-08 11:49 - 00735232 _____ () C:\Users\owner\AppData\Local\Temp\_MEI52922\wx._misc_.pyd
2014-10-08 11:49 - 2014-10-08 11:49 - 00128512 _____ () C:\Users\owner\AppData\Local\Temp\_MEI52922\_elementtree.pyd
2014-10-08 11:49 - 2014-10-08 11:49 - 00127488 _____ () C:\Users\owner\AppData\Local\Temp\_MEI52922\pyexpat.pyd
2014-10-08 11:49 - 2014-10-08 11:49 - 00557056 _____ () C:\Users\owner\AppData\Local\Temp\_MEI52922\pysqlite2._sqlite.pyd
2014-10-08 11:49 - 2014-10-08 11:49 - 00007168 _____ () C:\Users\owner\AppData\Local\Temp\_MEI52922\hashobjs_ext.pyd
2014-10-08 11:49 - 2014-10-08 11:49 - 00087552 _____ () C:\Users\owner\AppData\Local\Temp\_MEI52922\_ctypes.pyd
2014-10-08 11:49 - 2014-10-08 11:49 - 00119808 _____ () C:\Users\owner\AppData\Local\Temp\_MEI52922\win32file.pyd
2014-10-08 11:49 - 2014-10-08 11:49 - 00108544 _____ () C:\Users\owner\AppData\Local\Temp\_MEI52922\win32security.pyd
2014-10-08 11:49 - 2014-10-08 11:49 - 00018432 _____ () C:\Users\owner\AppData\Local\Temp\_MEI52922\win32event.pyd
2014-10-08 11:49 - 2014-10-08 11:49 - 00038912 _____ () C:\Users\owner\AppData\Local\Temp\_MEI52922\win32inet.pyd
2014-10-08 11:49 - 2014-10-08 11:49 - 00070656 _____ () C:\Users\owner\AppData\Local\Temp\_MEI52922\wx._html2.pyd
2014-10-08 11:49 - 2014-10-08 11:49 - 00167936 _____ () C:\Users\owner\AppData\Local\Temp\_MEI52922\win32gui.pyd
2014-10-08 11:49 - 2014-10-08 11:49 - 00011264 _____ () C:\Users\owner\AppData\Local\Temp\_MEI52922\win32crypt.pyd
2014-10-08 11:49 - 2014-10-08 11:49 - 00027136 _____ () C:\Users\owner\AppData\Local\Temp\_MEI52922\_multiprocessing.pyd
2014-10-08 11:49 - 2014-10-08 11:49 - 00686080 _____ () C:\Users\owner\AppData\Local\Temp\_MEI52922\unicodedata.pyd
2014-10-08 11:49 - 2014-10-08 11:49 - 00122368 _____ () C:\Users\owner\AppData\Local\Temp\_MEI52922\wx._wizard.pyd
2014-10-08 11:49 - 2014-10-08 11:49 - 00010240 _____ () C:\Users\owner\AppData\Local\Temp\_MEI52922\select.pyd
2014-10-08 11:49 - 2014-10-08 11:49 - 00024064 _____ () C:\Users\owner\AppData\Local\Temp\_MEI52922\win32pipe.pyd
2014-10-08 11:49 - 2014-10-08 11:49 - 00025600 _____ () C:\Users\owner\AppData\Local\Temp\_MEI52922\win32pdh.pyd
2014-10-08 11:49 - 2014-10-08 11:49 - 00525640 _____ () C:\Users\owner\AppData\Local\Temp\_MEI52922\windows._lib_cacheinvalidation.pyd
2014-10-08 11:49 - 2014-10-08 11:49 - 00035840 _____ () C:\Users\owner\AppData\Local\Temp\_MEI52922\win32process.pyd
2014-10-08 11:49 - 2014-10-08 11:49 - 00017408 _____ () C:\Users\owner\AppData\Local\Temp\_MEI52922\win32profile.pyd
2014-10-08 11:49 - 2014-10-08 11:49 - 00022528 _____ () C:\Users\owner\AppData\Local\Temp\_MEI52922\win32ts.pyd
2014-10-08 11:49 - 2014-10-08 11:49 - 00078336 _____ () C:\Users\owner\AppData\Local\Temp\_MEI52922\wx._animate.pyd
2014-02-04 19:28 - 2014-02-04 19:28 - 00420160 _____ () C:\Program Files\Common Files\Acronis\Home\ulxmlrpcpp.dll
2014-06-18 12:01 - 2014-09-25 07:44 - 03715184 _____ () C:\Program Files\Mozilla Firefox\mozjs.dll
2014-09-10 15:04 - 2014-09-26 14:36 - 16825520 _____ () C:\Windows\system32\Macromed\Flash\NPSWF32_15_0_0_152.dll

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)

AlternateDataStreams: C:\ProgramData\TEMP:0B4227B4

==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)


==================== EXE Association (whitelisted) =============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)


==================== MSCONFIG/TASK MANAGER disabled items =========

(Currently there is no automatic fix for this section.)

MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk => C:\Windows\pss\HP Digital Imaging Monitor.lnk.CommonStartup
MSCONFIG\startupfolder: C:^Users^owner^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Epson scanner Registration.lnk => C:\Windows\pss\Epson scanner Registration.lnk.Startup
MSCONFIG\startupfolder: C:^Users^owner^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OneNote 2010 Screen Clipper and Launcher.lnk => C:\Windows\pss\OneNote 2010 Screen Clipper and Launcher.lnk.Startup
MSCONFIG\startupreg: APSDaemon => "C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe"
MSCONFIG\startupreg: EEventManager => C:\PROGRA~1\EPSONS~1\EVENTM~1\EEventManager.exe
MSCONFIG\startupreg: Facebook Update => "C:\Users\owner\AppData\Local\Facebook\Update\FacebookUpdate.exe" /c /nocrashserver
MSCONFIG\startupreg: Garmin Lifetime Updater => C:\Program Files\Garmin\Lifetime Updater\GarminLifetime.exe /StartMinimized
MSCONFIG\startupreg: Google Update => "C:\Users\owner\AppData\Local\Google\Update\GoogleUpdate.exe" /c
MSCONFIG\startupreg: GoogleDriveSync => "C:\Program Files\Google\Drive\googledrivesync.exe" /autostart
MSCONFIG\startupreg: googletalk => C:\Users\owner\AppData\Roaming\Google\Google Talk\googletalk.exe /autostart
MSCONFIG\startupreg: iTunesHelper => "C:\Program Files\iTunes\iTunesHelper.exe"
MSCONFIG\startupreg: QuickTime Task => "C:\Program Files\QuickTime\QTTask.exe" -atboottime
MSCONFIG\startupreg: Skype => "C:\Program Files\Skype\Phone\Skype.exe" /minimized /regrun
MSCONFIG\startupreg: TkBellExe => "c:\program files\real\realplayer\Update\realsched.exe" -osboot

========================= Accounts: ==========================

Administrator (S-1-5-21-3933923020-1945999727-4106239382-500 - Administrator - Disabled)
Guest (S-1-5-21-3933923020-1945999727-4106239382-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-3933923020-1945999727-4106239382-1002 - Limited - Enabled)
owner (S-1-5-21-3933923020-1945999727-4106239382-1000 - Administrator - Enabled) => C:\Users\owner

==================== Faulty Device Manager Devices =============

Name: Photosmart C6300 series
Description: Photosmart C6300 series
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

Name: Photosmart D110 series
Description: Photosmart D110 series
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

Name: Photosmart D110 series
Description: Photosmart D110 series
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

Name: Photosmart C6300 series
Description: Photosmart C6300 series
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

Name: Photosmart C6300 series
Description: Photosmart C6300 series
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

Name: Photosmart D110 series
Description: Photosmart D110 series
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

Name: Photosmart D110 series
Description: Photosmart D110 series
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

Name: Officejet 7500 E910
Description: Officejet 7500 E910
Class Guid: {4d36e971-e325-11ce-bfc1-08002be10318}
Manufacturer: HP
Service:
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.

Name: Photosmart C6300 series
Description: Photosmart C6300 series
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

Name: Photosmart D110 series
Description: Photosmart D110 series
Class Guid: {4d36e971-e325-11ce-bfc1-08002be10318}
Manufacturer: HP
Service:
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.

Name: Photosmart D110 series
Description: Photosmart D110 series
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

Name: Photosmart D110 series
Description: Photosmart D110 series
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.


==================== Event log errors: =========================

Application errors:
==================
Error: (10/08/2014 11:54:30 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: mbam.exe, version: 1.0.0.532, time stamp: 0x53518532
Faulting module name: MSVCR100.dll, version: 10.0.40219.325, time stamp: 0x4df2be1e
Exception code: 0x40000015
Fault offset: 0x0008d6fd
Faulting process id: 0x12c4
Faulting application start time: 0xmbam.exe0
Faulting application path: mbam.exe1
Faulting module path: mbam.exe2
Report Id: mbam.exe3

Error: (10/08/2014 11:53:34 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: mbam.exe, version: 1.0.0.532, time stamp: 0x53518532
Faulting module name: MSVCR100.dll, version: 10.0.40219.325, time stamp: 0x4df2be1e
Exception code: 0x40000015
Fault offset: 0x0008d6fd
Faulting process id: 0xf68
Faulting application start time: 0xmbam.exe0
Faulting application path: mbam.exe1
Faulting module path: mbam.exe2
Report Id: mbam.exe3

Error: (10/08/2014 11:52:31 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: mbam.exe, version: 1.0.0.532, time stamp: 0x53518532
Faulting module name: MSVCR100.dll, version: 10.0.40219.325, time stamp: 0x4df2be1e
Exception code: 0x40000015
Fault offset: 0x0008d6fd
Faulting process id: 0xe10
Faulting application start time: 0xmbam.exe0
Faulting application path: mbam.exe1
Faulting module path: mbam.exe2
Report Id: mbam.exe3

Error: (10/08/2014 11:52:08 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: mbam.exe, version: 1.0.0.532, time stamp: 0x53518532
Faulting module name: MSVCR100.dll, version: 10.0.40219.325, time stamp: 0x4df2be1e
Exception code: 0x40000015
Fault offset: 0x0008d6fd
Faulting process id: 0x4c4
Faulting application start time: 0xmbam.exe0
Faulting application path: mbam.exe1
Faulting module path: mbam.exe2
Report Id: mbam.exe3

Error: (10/08/2014 11:51:39 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: mbam.exe, version: 1.0.0.532, time stamp: 0x53518532
Faulting module name: MSVCR100.dll, version: 10.0.40219.325, time stamp: 0x4df2be1e
Exception code: 0x40000015
Fault offset: 0x0008d6fd
Faulting process id: 0x160
Faulting application start time: 0xmbam.exe0
Faulting application path: mbam.exe1
Faulting module path: mbam.exe2
Report Id: mbam.exe3

Error: (10/08/2014 11:51:10 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program iexplore.exe version 10.0.9200.17088 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: 10b0

Start Time: 01cfe30f7ab3b3e7

Termination Time: 16

Application Path: C:\Program Files\Internet Explorer\iexplore.exe

Report Id: e59cc554-4f02-11e4-9868-00266c5fa966

Error: (10/08/2014 11:48:58 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: mbamservice.exe, version: 3.0.2.0, time stamp: 0x5318d363
Faulting module name: mbamservice.exe, version: 3.0.2.0, time stamp: 0x5318d363
Exception code: 0x40000015
Fault offset: 0x0007da8a
Faulting process id: 0xa64
Faulting application start time: 0xmbamservice.exe0
Faulting application path: mbamservice.exe1
Faulting module path: mbamservice.exe2
Report Id: mbamservice.exe3

Error: (10/08/2014 11:48:39 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: mbamscheduler.exe, version: 3.0.2.0, time stamp: 0x5339cec3
Faulting module name: MSVCR100.dll, version: 10.0.40219.325, time stamp: 0x4df2be1e
Exception code: 0x40000015
Fault offset: 0x0008d6fd
Faulting process id: 0x96c
Faulting application start time: 0xmbamscheduler.exe0
Faulting application path: mbamscheduler.exe1
Faulting module path: mbamscheduler.exe2
Report Id: mbamscheduler.exe3

Error: (10/08/2014 00:24:14 AM) (Source: SideBySide) (EventID: 33) (User: )
Description: Activation context generation failed for "Microsoft.Windows.Common-Controls,language="*",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"1".
Dependent Assembly Microsoft.Windows.Common-Controls,language="*",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0" could not be found.
Please use sxstrace.exe for detailed diagnosis.

Error: (10/08/2014 00:00:03 AM) (Source: Windows Backup) (EventID: 4103) (User: )
Description: The backup did not complete because of an error writing to the backup location F:\. The error is: The backup location cannot be found or is not valid. Review your backup settings and check the backup location. (0x81000006).


System errors:
=============
Error: (10/08/2014 11:48:59 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The MBAMService service terminated unexpectedly.  It has done this 1 time(s).

Error: (10/08/2014 11:48:43 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The MBAMScheduler service failed to start due to the following error:
%%1053

Error: (10/08/2014 11:48:43 AM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the MBAMScheduler service to connect.

Error: (10/08/2014 11:48:24 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The GoToMyPC service failed to start due to the following error:
%%2

Error: (10/08/2014 11:47:54 AM) (Source: atikmdag) (EventID: 10261) (User: )
Description: Display is not active

Error: (10/08/2014 11:47:54 AM) (Source: atikmdag) (EventID: 19468) (User: )
Description: CPLIB :: General - Invalid Parameter

Error: (10/08/2014 11:47:58 AM) (Source: EventLog) (EventID: 6008) (User: )
Description: The previous system shutdown at 11:45:59 AM on ‎10/‎8/‎2014 was unexpected.

Error: (10/08/2014 09:10:00 AM) (Source: atikmdag) (EventID: 10261) (User: )
Description: Display is not active

Error: (10/08/2014 09:09:52 AM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the afcdpsrv service.

Error: (10/07/2014 08:14:32 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The MBAMService service terminated unexpectedly.  It has done this 1 time(s).


Microsoft Office Sessions:
=========================

==================== Memory info ===========================

Processor: AMD Athlon II P320 Dual-Core Processor
Percentage of memory in use: 58%
Total physical RAM: 2810.9 MB
Available physical RAM: 1174.06 MB
Total Pagefile: 5620.09 MB
Available Pagefile: 3953.05 MB
Total Virtual: 2047.88 MB
Available Virtual: 1884.27 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:297.99 GB) (Free:221.48 GB) NTFS
Drive d: (PS_AIO_07_D110_U) (CDROM) (Total:0.41 GB) (Free:0 GB) CDFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 298.1 GB) (Disk ID: 02508322)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=298 GB) - (Type=07 NTFS)

========================================================
Disk: 1 (Size: 2794.5 GB) (Disk ID: 31572036)

Partition: GPT Partition Type.

==================== End Of Log ============================

Link to post
Share on other sites

  • Staff

Hello,
    
 
They call me TwinHeadedEagle around here, and I'll be working with you.
 
     
    
Before we start please read and note the following:

  • Limit your internet access to posting here, some infections just wait to steal typed-in passwords.
  • Please be patient. I know it is frustrating when your PC isn't working properly, but malware removal takes time.
  • Don't run any scripts or tools on your own, unsupervised usage may cause more harm than good.
  • Do not paste the logs in your posts, attachments make my work easier. There is a Upload Files option below which you can use to attach your reports. Always attach reports from all tools.
  • Stay with me to the end, the absence of symptoms doesn't mean that your machine is fully operational.
  • Note that we may live in totally different time zones, what may cause some delays between answers.
  • Do not ask for help for your business PC. Companies are making revenue via computers, so it is good thing to pay someone to repair it.
  • If I don't hear from you within 3 days from this initial or any subsequent post, then this thread will be closed.

:excl: I can't foresee everything, so if anything unexpected happens, please stop and inform me!
:excl: There are no silly questions. Never be afraid to ask if in doubt!
 
 
 
  warning.gif Rules and policies
 
We won't support any piracy.
That being told, if any evidence of illegal OS, software, cracks/keygens or any other will be revealed, any further assistance will be suspended. If you are aware that there is this kind of stuff on your machine, remove it before proceeding!
The same applies to any use of P2P software: uTorrent, BitTorrent, Vuze, Kazaa, Ares... We don't provide any help for P2P, except for their removal. All P2P software has to be uninstalled or at least fully disabled before proceeding!
 
Failure to follow these guidelines will result with closing your topic and withdrawning any assistance.
 
 
 
 

adwcleaner_new.png Fix with AdwCleaner
 
Please download AdwCleaner by Xplode and save the file to your desktop.

  • Right-click on adwcleaner_new.png icon and select RunAsAdmin.jpg Run as Administrator to start the tool.
  • Follow the prompts and click Scan.
  • When finished, please click Clean.
  • Upon completion, click Report. A log (AdwCleaner[s*].txt) will open.

Please include the contents of that file in your reply.
 
Note: Reports will be saved in your system partition, usually at C:\Adwcleaner
 
 
 
 

FRST.gif Scan with Farbar Recovery Scan Tool
 
Please re-run Farbar Recovery Scan Tool to give me a fresh look at your system.

  • Right-click on FRST.gif icon and select RunAsAdmin.jpg Run as Administrator to start the tool.
    (XP users click run after receipt of Windows Security Warning - Open File).
  • Make sure that Addition option is checked.
  • Press Scan button and wait.
  • The tool will produce two logfiles on your desktop: FRST.txt and Addition.txt.

Please include their content into your next reply.

Link to post
Share on other sites

  • Staff

Okay, one more step. Tell me how is your PC now?
 
 
FRST.gif Fix with Farbar Recovery Scan Tool
 

icon_exclaim.gif This fix was created for this user for use on that particular machine. icon_exclaim.gif
icon_exclaim.gif Running it on another one may cause damage and render the system unstable. icon_exclaim.gif

 
Download attached fixlist.txt file and save it to the Desktop:
 
Both files, FRST and fixlist.txt have to be in the same location or the fix will not work!

  • Right-click on FRST.gif icon and select RunAsAdmin.jpg Run as Administrator to start the tool.
    (XP users click run after receipt of Windows Security Warning - Open File).
  • Press the Fix button just once and wait.
  • If for some reason the tool needs a restart, please make sure you let the system restart normally. After that let the tool complete its run.
  • When finished FRST will generate a log on the Desktop, called Fixlog.txt.

Please post it to your reply.

fixlist.txt

Link to post
Share on other sites

  • Staff

Okay, let's try different tool:
 
 
51a5bf3d99e8a-ComboFixlogo16.png Scan with ComboFix
 
This is a very powerful tool that should be used only if advised by Malware Analyst.
Do not run ComboFix on your own!

 
Referring to this instruction, please download ComboFix by sUBs and save it to your desktop.
Temporary disable your AntiVirus and AntiSpyware protection - instructions here.

  • Right-click on 51a5bf3d99e8a-ComboFixlogo16.png icon and select RunAsAdmin.jpg Run as Administrator to start the tool.
  • Accept the disclaimer and agree if prompted to install Recovery Console.
  • Do not take any actions while ComboFix goes through your System - it may cause it to stall!
  • This scan may take some time!
  • When finished - it will display a logfile (located also on your main drive, usually C:\ComboFix.txt).

Include that log in your next reply.
icon_idea.gif If you'll encounter any issues with internet connection after running ComboFix, please visit this link.
icon_idea.gif If an error about operation on the key marked for deletion will appear after running the tool, please reboot your machine.

Link to post
Share on other sites

  • Staff

Then let's reinstall it:
 
 
mbam-old.png Uninstall outdated Malwarebytes' Anti-Malware
 
Please download MBAM-clean and save it to your desktop.

  • Right-click on mbam-clean.exe icon and select RunAsAdmin.jpg Run as Administrator to start the tool.
  • It will ask you to reboot the machine - please do so.

After that follow my next instructions to download & install the newset MBAM version.
 
 
 
51a46ae42d560-malwarebytes_anti_malware. Scan with Malwarebytes' Anti-Malware
 
Please download Malwarebytes Anti-Malware and save it to your desktop.

  • Install the progam and select update.
  • Once updated, click the Settings tab, in the left panel choose Detctions & protection and tick Scan for rootkits.
  • Click the Scan tab, choose Threat Scan is checked and click Scan Now.
  • If threats are detected, click the Apply Actions button. You will now be prompted to reboot. Click Yes.
  • Upon completion of the scan (or after the reboot), click the History tab.
  • Click Application Logs and double-click the Scan Log.
  • At the bottom click Export and choose Text file.

Save the file to your desktop and include its content in your next reply.

Link to post
Share on other sites

Before when the scan was finished, a screen popped up and told me the results. This time nothing happened, so I opened MWB and copied the log results. I tried to attach the file but when I clicked on attached on this email nothing happened?

Malwarebytes Anti-Malware
www.malwarebytes.org

Scan Date: 10/11/2014
Scan Time: 2:56:47 PM
Logfile: report log.txt
Administrator: Yes

Version: 2.00.3.1025
Malware Database: v2014.10.11.09
Rootkit Database: v2014.10.08.01
License: Premium
Malware Protection: Enabled
Malicious Website Protection: Enabled
Self-protection: Enabled

OS: Windows 7 Service Pack 1
CPU: x86
File System: NTFS
User: owner

Scan Type: Threat Scan
Result: Completed
Objects Scanned: 350678
Time Elapsed: 38 min, 15 sec

Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Enabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled

Processes: 0
(No malicious items detected)

Modules: 0
(No malicious items detected)

Registry Keys: 0
(No malicious items detected)

Registry Values: 0
(No malicious items detected)

Registry Data: 0
(No malicious items detected)

Folders: 0
(No malicious items detected)

Files: 0
(No malicious items detected)

Physical Sectors: 0
(No malicious items detected)


(end)

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
 Share

  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.