Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

FileParade + very slow startup and shutdown

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

FileParade + very slow startup and shutdown

Unread postby stephenabyers » January 31st, 2015, 9:55 pm

I am having trouble uninstalling FileParade Bundle and also having very slow startups and shutdowns. Thanks for your help.

DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 11.0.9600.17496 BrowserJavaVersion: 11.25.2
Run by Admin at 20:45:42 on 2015-01-31
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.16301.12995 [GMT -5:00]
.
AV: AVG AntiVirus Free Edition 2014 *Enabled/Updated* {0E9420C4-06B3-7FA0-3AB1-6E49CB52ECD9}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Spybot - Search and Destroy *Disabled/Outdated* {9BC38DF1-3CCA-732D-A930-C1CA5F20A4B0}
SP: AVG AntiVirus Free Edition 2014 *Enabled/Updated* {B5F5C120-2089-702E-0001-553BB0D5A664}
.
============== Running Processes ===============
.
c:\PROGRA~2\AVG\AVG2014\avgrsa.exe
C:\Program Files (x86)\AVG\AVG2014\avgcsrva.exe
C:\windows\system32\lsm.exe
C:\windows\system32\svchost.exe -k DcomLaunch
C:\windows\system32\svchost.exe -k RPCSS
C:\windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\windows\system32\svchost.exe -k LocalService
C:\windows\system32\svchost.exe -k netsvcs
C:\Program Files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe
C:\windows\system32\svchost.exe -k GPSvcGroup
C:\windows\system32\svchost.exe -k NetworkService
C:\windows\System32\spoolsv.exe
C:\windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files (x86)\AVG\AVG2014\avgidsagent.exe
C:\Program Files (x86)\AVG\AVG2014\avgwdsvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe
C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
C:\windows\system32\spool\DRIVERS\x64\3\lxecserv.exe
C:\windows\system32\lxeccoms.exe
C:\Program Files (x86)\Sony\PlayMemories Home\PMBDeviceInfoProvider.exe
C:\Program Files (x86)\AVG\AVG2014\avgnsa.exe
C:\Program Files (x86)\AVG\AVG2014\avgemca.exe
C:\Program Files\Serviio\bin\ServiioService.exe
C:\Program Files\Serviio\bin\ServiioService.exe
C:\windows\system32\svchost.exe -k imgsvc
C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\18.2.0\ToolbarUpdater.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\18.2.0\loggingserver.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\windows\system32\SearchIndexer.exe
C:\windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\windows\System32\WUDFHost.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\windows\System32\svchost.exe -k LocalServicePeerNet
C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHDms.exe
C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\SPF\SpfService64.exe
C:\windows\system32\Dwm.exe
C:\windows\Explorer.EXE
C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
C:\Program Files (x86)\Windows Live\Family Safety\fsui.exe
C:\Program Files (x86)\Lexmark Pro800-Pro900 Series\lxecmon.exe
C:\Program Files (x86)\Lexmark Pro800-Pro900 Series\ezprint.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files (x86)\Squeezebox\SqueezeTray.exe
C:\Program Files\Serviio\bin\ServiioConsole.exe
C:\Program Files (x86)\AVG\AVG2014\avgui.exe
C:\Program Files (x86)\AVG SafeGuard toolbar\vprot.exe
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\PROGRA~2\SQUEEZ~1\server\SQUEEZ~3.EXE
C:\windows\system32\taskhost.exe
C:\windows\system32\taskeng.exe
c:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe
c:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe
C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\windows\system32\wbem\wmiprvse.exe
C:\windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.amazon.com/websearch/ref=bit ... _US_ie_sp_
uDefault_Page_URL = hxxp://nmd.msn.com
mWinlogon: Userinit = userinit.exe
BHO: AVG Safe Search: {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - LocalServer32 - <no file>
BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL
BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre1.8.0_25\bin\ssv.dll
BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: AVG SafeGuard toolbar: {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG SafeGuard toolbar\18.2.0.829\AVG SafeGuard toolbar_toolbar.dll
BHO: Skype Browser Helper: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL
BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre1.8.0_25\bin\jp2ssv.dll
TB: AVG SafeGuard toolbar: {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG SafeGuard toolbar\18.2.0.829\AVG SafeGuard toolbar_toolbar.dll
mRun: [BCSSync] "C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServices
mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun: [AVG_UI] "C:\Program Files (x86)\AVG\AVG2014\avgui.exe" /TRAYONLY
mRun: [vProt] "C:\Program Files (x86)\AVG SafeGuard toolbar\vprot.exe"
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
dRunOnce: [FlashPlayerUpdate] C:\windows\SysWOW64\Macromed\Flash\FlashUtil32_11_5_502_149_ActiveX.exe -update activex
StartupFolder: C:\Users\Admin\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\Serviio.lnk - C:\Program Files\Serviio\bin\ServiioConsole.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\CRASHP~1.LNK - C:\Program Files\CrashPlan\CrashPlanTray.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\LOGITE~1.LNK - C:\Program Files (x86)\Squeezebox\SqueezeTray.exe
uPolicies-Explorer: NoDriveTypeAutoRun = dword:145
mPolicies-Explorer: NoActiveDesktop = dword:1
mPolicies-Explorer: NoActiveDesktopChanges = dword:1
mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~4\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - C:\PROGRA~2\MICROS~4\Office14\ONBttnIE.dll/105
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
DPF: {6A060448-60F9-11D5-A6CD-0002B31F7455} -
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.7.0/jinsta ... s-i586.cab
DPF: {CAFEEFAC-0017-0000-0067-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.7.0/jinsta ... s-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.7.0/jinsta ... s-i586.cab
TCP: NameServer = 192.168.1.1
TCP: Interfaces\{398FA4FC-D7BB-4FEF-AC5D-A241C45B9E0D} : DHCPNameServer = 192.168.1.1
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - <orphaned>
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll
Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\18.2.0\ViProtocol.dll
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
Notify: SDWinLogon - SDWinLogon.dll
SSODL: WebCheck - <orphaned>
SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL
mASetup: {10880D85-AAD9-4558-ABDC-2AB1552D831F} - "C:\Program Files (x86)\Common Files\LightScribe\LSRunOnce.exe"
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\40.0.2214.94\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
x64-BHO: AVG Safe Search: {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - LocalServer32 - <no file>
x64-BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL
x64-BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Oracle\JavaFX 2.2 Runtime\bin\ssv.dll
x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
x64-BHO: Skype add-on for Internet Explorer: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll
x64-BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL
x64-BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Oracle\JavaFX 2.2 Runtime\bin\jp2ssv.dll
x64-Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s
x64-Run: [fssui] "C:\Program Files (x86)\Windows Live\Family Safety\fsui.exe" -autorun
x64-Run: [lxecmon.exe] "C:\Program Files (x86)\Lexmark Pro800-Pro900 Series\lxecmon.exe"
x64-Run: [EzPrint] "C:\Program Files (x86)\Lexmark Pro800-Pro900 Series\ezprint.exe"
x64-Run: [IgfxTray] "C:\windows\System32\igfxtray.exe"
x64-Run: [HotKeysCmds] "C:\windows\System32\hkcmd.exe"
x64-Run: [Persistence] "C:\windows\System32\igfxpers.exe"
x64-IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll
x64-IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
x64-IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll
x64-DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinsta ... s-i586.cab
x64-DPF: {CAFEEFAC-0016-0000-0045-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinsta ... s-i586.cab
x64-DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinsta ... s-i586.cab
x64-Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
x64-Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - <orphaned>
x64-Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll
x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned>
x64-Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - <orphaned>
x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned>
x64-Notify: igfxcui - igfxdev.dll
x64-SSODL: WebCheck - <orphaned>
x64-SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL
.
============= SERVICES / DRIVERS ===============
.
R0 AVGIDSHA;AVGIDSHA;C:\windows\System32\drivers\avgidsha.sys [2014-6-17 190744]
R0 Avgloga;AVG Logging Driver;C:\windows\System32\drivers\avgloga.sys [2014-6-17 328984]
R0 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield;C:\windows\System32\drivers\avgmfx64.sys [2014-10-29 123672]
R0 Avgrkx64;AVG Anti-Rootkit Driver;C:\windows\System32\drivers\avgrkx64.sys [2014-6-17 31512]
R1 Avgdiska;AVG Disk Driver;C:\windows\System32\drivers\avgdiska.sys [2014-6-30 152344]
R1 AVGIDSDriver;AVGIDSDriver;C:\windows\System32\drivers\avgidsdrivera.sys [2014-7-21 244504]
R1 Avgldx64;AVG AVI Loader Driver;C:\windows\System32\drivers\avgldx64.sys [2014-10-24 237848]
R1 Avgtdia;AVG TDI Driver;C:\windows\System32\drivers\avgtdia.sys [2014-10-20 269080]
R1 avgtp;avgtp;C:\windows\System32\drivers\avgtpx64.sys [2014-3-25 52000]
R2 AVGIDSAgent;AVGIDSAgent;C:\Program Files (x86)\AVG\AVG2014\avgidsagent.exe [2014-12-16 3247120]
R2 avgwd;AVG WatchDog;C:\Program Files (x86)\AVG\AVG2014\avgwdsvc.exe [2014-12-16 289328]
R2 fssfltr;fssfltr;C:\windows\System32\drivers\fssfltr.sys [2014-1-4 57840]
R2 fsssvc;Windows Live Family Safety Service;C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe [2014-3-31 1512640]
R2 lxec_device;lxec_device;C:\windows\System32\lxeccoms.exe -service --> C:\windows\System32\lxeccoms.exe -service [?]
R2 lxecCATSCustConnectService;lxecCATSCustConnectService;C:\windows\System32\spool\drivers\x64\3\lxecserv.exe [2014-1-9 45736]
R2 PMBDeviceInfoProvider;PMBDeviceInfoProvider;C:\Program Files (x86)\Sony\PlayMemories Home\PMBDeviceInfoProvider.exe [2014-3-12 481816]
R2 SDWSCService;Spybot-S&D 2 Security Center Service;C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [2013-11-17 171416]
R2 Serviio;Serviio;C:\Program Files\Serviio\bin\ServiioService.exe [2014-3-20 359936]
R2 SOHDms;Sony Digital Media Server;C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHDms.exe [2014-1-16 495248]
R2 UMVPFSrv;UMVPFSrv;C:\Program Files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe [2012-1-18 450848]
R2 UNS;Intel(R) Management and Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2011-11-22 2655768]
R2 vToolbarUpdater18.2.0;vToolbarUpdater18.2.0;C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\18.2.0\ToolbarUpdater.exe [2014-12-11 1806872]
R3 EtronHub3;Etron USB 3.0 Extensible Hub Driver;C:\windows\System32\drivers\EtronHub3.sys [2011-1-26 39808]
R3 EtronXHCI;Etron USB 3.0 Extensible Host Controller Driver;C:\windows\System32\drivers\EtronXHCI.sys [2011-1-26 64256]
R3 IntcDAud;Intel(R) Display Audio;C:\windows\System32\drivers\IntcDAud.sys [2011-11-22 317440]
R3 LVRS64;Logitech RightSound Filter Driver;C:\windows\System32\drivers\lvrs64.sys [2012-1-18 351136]
R3 LVUVC64;Logitech HD Webcam C270(UVC);C:\windows\System32\drivers\lvuvc64.sys [2012-1-18 4865568]
R3 RTL8167;Realtek 8167 NT Driver;C:\windows\System32\drivers\Rt64win7.sys [2014-2-5 888536]
R3 SpfService;VAIO Entertainment Common Service;C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\SPF\SpfService64.exe [2011-12-1 289952]
S2 CLKMSVC10_9EC60124;CyberLink Product - 2011/12/27 11:19:33;C:\Program Files (x86)\CyberLink\PowerDVD9\NavFilter\kmsvc.exe [2010-11-18 240112]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2013-9-11 105144]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2013-9-11 124088]
S2 SDScannerService;Spybot-S&D 2 Scanner Service;C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [2013-11-17 3921880]
S2 SDUpdateService;Spybot-S&D 2 Updating Service;C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [2013-11-17 1042272]
S3 IEEtwCollectorService;Internet Explorer ETW Collector Service;C:\windows\System32\ieetwcollector.exe [2014-12-10 114688]
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;C:\windows\System32\drivers\rdpvideominiport.sys [2013-1-26 19456]
S3 SOHDs;Sony Device Searcher;C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHDs.exe [2013-12-3 79000]
S3 TsUsbFlt;TsUsbFlt;C:\windows\System32\drivers\TsUsbFlt.sys [2013-1-26 57856]
S3 TsUsbGD;Remote Desktop Generic USB Device;C:\windows\System32\drivers\TsUsbGD.sys [2013-1-26 30208]
S3 USBAAPL64;Apple Mobile USB Driver;C:\windows\System32\drivers\usbaapl64.sys [2014-8-15 54784]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\windows\System32\Wat\WatAdminSvc.exe [2012-3-16 1255736]
S4 Skype C2C Service;Skype C2C Service;C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe [2013-10-9 3275136]
.
=============== Created Last 30 ================
.
2015-02-01 01:10:25 -------- d-sh--w- C:\Users\Admin\AppData\Local\EmieUserList
2015-02-01 01:10:25 -------- d-sh--w- C:\Users\Admin\AppData\Local\EmieSiteList
2015-02-01 01:10:25 -------- d-sh--w- C:\Users\Admin\AppData\Local\EmieBrowserModeList
2015-01-30 02:03:38 -------- d-----w- C:\Users\Admin\AppData\Roaming\HD Tune Pro
2015-01-29 03:56:38 -------- d-----w- C:\Program Files (x86)\Ffmpeg For Audacity
2015-01-24 00:16:18 -------- d-----w- C:\Users\Admin\AppData\Roaming\Mirillis
2015-01-24 00:16:18 -------- d-----w- C:\ProgramData\Mirillis
2015-01-24 00:16:15 -------- d-----w- C:\Users\Admin\AppData\Local\Mirillis
2015-01-24 00:15:33 -------- d-----w- C:\Program Files (x86)\Mirillis
.
==================== Find3M ====================
.
2015-01-25 04:30:04 71344 ----a-w- C:\windows\SysWow64\FlashPlayerCPLApp.cpl
2015-01-25 04:30:04 701616 ----a-w- C:\windows\SysWow64\FlashPlayerApp.exe
2014-12-19 03:06:55 210432 ----a-w- C:\windows\System32\profsvc.dll
2014-12-19 01:46:45 141312 ----a-w- C:\windows\System32\drivers\mrxdav.sys
2014-12-13 05:09:01 144384 ----a-w- C:\windows\System32\ieUnatt.exe
2014-12-13 03:33:44 115712 ----a-w- C:\windows\SysWow64\ieUnatt.exe
2014-12-12 05:35:10 5553592 ----a-w- C:\windows\System32\ntoskrnl.exe
2014-12-12 05:31:49 503808 ----a-w- C:\windows\System32\srcore.dll
2014-12-12 05:31:49 50176 ----a-w- C:\windows\System32\srclient.dll
2014-12-12 05:31:22 296960 ----a-w- C:\windows\System32\rstrui.exe
2014-12-12 05:11:44 3971512 ----a-w- C:\windows\SysWow64\ntkrnlpa.exe
2014-12-12 05:11:43 3916728 ----a-w- C:\windows\SysWow64\ntoskrnl.exe
2014-12-12 05:07:44 43008 ----a-w- C:\windows\SysWow64\srclient.dll
2014-12-12 00:11:40 52000 ----a-w- C:\windows\System32\drivers\avgtpx64.sys
2014-12-11 17:47:16 62976 ----a-w- C:\windows\System32\TSWbPrxy.exe
2014-12-11 14:02:32 30331855 ----a-w- C:\ProgramData\SPL4149.tmp
2014-12-06 04:17:27 303616 ----a-w- C:\windows\System32\nlasvc.dll
2014-12-06 03:50:19 52224 ----a-w- C:\windows\SysWow64\nlaapi.dll
2014-12-06 03:50:18 156672 ----a-w- C:\windows\SysWow64\ncsi.dll
2014-12-04 02:50:55 413184 ----a-w- C:\windows\System32\generaltel.dll
2014-12-04 02:50:45 741376 ----a-w- C:\windows\System32\invagent.dll
2014-12-04 02:50:40 396800 ----a-w- C:\windows\System32\devinv.dll
2014-12-04 02:50:38 830976 ----a-w- C:\windows\System32\appraiser.dll
2014-12-04 02:50:37 227328 ----a-w- C:\windows\System32\aepdu.dll
2014-12-04 02:50:37 192000 ----a-w- C:\windows\System32\aepic.dll
2014-12-04 02:44:48 1083392 ----a-w- C:\windows\System32\aeinv.dll
2014-12-01 23:28:44 1232040 ----a-w- C:\windows\System32\aitstatic.exe
2014-11-22 03:06:23 2724864 ----a-w- C:\windows\System32\mshtml.tlb
2014-11-22 03:06:11 4096 ----a-w- C:\windows\System32\ieetwcollectorres.dll
2014-11-22 02:50:39 66560 ----a-w- C:\windows\System32\iesetup.dll
2014-11-22 02:50:10 580096 ----a-w- C:\windows\System32\vbscript.dll
2014-11-22 02:49:54 48640 ----a-w- C:\windows\System32\ieetwproxystub.dll
2014-11-22 02:48:20 88064 ----a-w- C:\windows\System32\MshtmlDac.dll
2014-11-22 02:35:29 114688 ----a-w- C:\windows\System32\ieetwcollector.exe
2014-11-22 02:34:51 814080 ----a-w- C:\windows\System32\jscript9diag.dll
2014-11-22 02:34:07 6039552 ----a-w- C:\windows\System32\jscript9.dll
2014-11-22 02:26:31 968704 ----a-w- C:\windows\System32\MsSpellCheckingFacility.exe
2014-11-22 02:20:44 2724864 ----a-w- C:\windows\SysWow64\mshtml.tlb
2014-11-22 02:14:16 77824 ----a-w- C:\windows\System32\JavaScriptCollectionAgent.dll
2014-11-22 02:07:43 501248 ----a-w- C:\windows\SysWow64\vbscript.dll
2014-11-22 02:07:17 62464 ----a-w- C:\windows\SysWow64\iesetup.dll
2014-11-22 02:06:32 47616 ----a-w- C:\windows\SysWow64\ieetwproxystub.dll
2014-11-22 02:05:02 64000 ----a-w- C:\windows\SysWow64\MshtmlDac.dll
2014-11-22 01:54:30 620032 ----a-w- C:\windows\SysWow64\jscript9diag.dll
2014-11-22 01:47:10 1359360 ----a-w- C:\windows\System32\mshtmlmedia.dll
2014-11-22 01:46:58 2125312 ----a-w- C:\windows\System32\inetcpl.cpl
2014-11-22 01:40:04 60416 ----a-w- C:\windows\SysWow64\JavaScriptCollectionAgent.dll
2014-11-22 01:29:26 4299264 ----a-w- C:\windows\SysWow64\jscript9.dll
2014-11-22 01:28:21 2358272 ----a-w- C:\windows\System32\wininet.dll
2014-11-22 01:22:49 2052096 ----a-w- C:\windows\SysWow64\inetcpl.cpl
2014-11-22 01:21:57 1155072 ----a-w- C:\windows\SysWow64\mshtmlmedia.dll
2014-11-22 01:00:20 1888256 ----a-w- C:\windows\SysWow64\wininet.dll
2014-11-19 09:31:16 1217192 ----a-w- C:\windows\SysWow64\FM20.DLL
2014-11-14 18:29:40 800734 ----a-w- C:\ProgramData\SPLE13B.tmp
2014-11-11 03:09:06 1424384 ----a-w- C:\windows\System32\WindowsCodecs.dll
2014-11-11 03:08:52 241152 ----a-w- C:\windows\System32\pku2u.dll
2014-11-11 03:08:48 728064 ----a-w- C:\windows\System32\kerberos.dll
2014-11-11 02:44:45 1230336 ----a-w- C:\windows\SysWow64\WindowsCodecs.dll
2014-11-11 02:44:32 186880 ----a-w- C:\windows\SysWow64\pku2u.dll
2014-11-11 02:44:25 550912 ----a-w- C:\windows\SysWow64\kerberos.dll
2014-11-11 01:46:26 119296 ----a-w- C:\windows\System32\drivers\tdx.sys
2014-11-08 03:16:08 2048 ----a-w- C:\windows\System32\tzres.dll
2014-11-08 02:45:09 2048 ----a-w- C:\windows\SysWow64\tzres.dll
2014-11-03 20:49:44 1727233 ----a-w- C:\ProgramData\SPL1E95.tmp
.
============= FINISH: 20:46:25.93 ===============

.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2012-11-20.01)
.
Microsoft Windows 7 Home Premium
Boot Device: \Device\HarddiskVolume1
Install Date: 3/6/2012 8:50:17 PM
System Uptime: 1/31/2015 7:46:23 PM (1 hours ago)
.
Motherboard: Gigabyte Technology Co., Ltd. | | H67MA-USB3-B3
Processor: Intel(R) Core(TM) i7-2600 CPU @ 3.40GHz | Socket 1155 | 3701/100mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 1863 GiB total, 1332.101 GiB free.
D: is CDROM ()
F: is Removable
G: is Removable
H: is Removable
I: is Removable
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
RP192: 1/22/2015 9:22:40 PM - Scheduled Checkpoint
RP193: 1/23/2015 7:13:16 PM - Installed ZD Soft Screen Recorder
RP194: 1/31/2015 12:00:01 AM - Scheduled Checkpoint
RP195: 1/31/2015 7:56:04 PM - Removed CrashPlan
RP196: 1/31/2015 8:02:07 PM - Removed PlayOn
RP197: 1/31/2015 8:08:23 PM - Removed Grade 5 Success
RP198: 1/31/2015 8:18:35 PM - Removed Kindergarten Success
RP199: 1/31/2015 8:20:37 PM - Removed ABBYY FineReader 6.0 Sprint
RP200: 1/31/2015 8:21:28 PM - Removed Clifford Phonics
.
==== Installed Programs ======================
.
µTorrent
7-Zip 9.22beta
Action!
Adobe Flash Player 16 ActiveX
Adobe Flash Player 16 NPAPI
Adobe Reader X (10.1.12)
Adobe Shockwave Player 11.6
Amazon MP3 Downloader 1.0.17
Apple Application Support
Apple Mobile Device Support
Apple Software Update
Audacity 2.0.5
AVG 2014
AVG SafeGuard toolbar
Blackboard Collaborate Launcher
Bonjour
CCleaner
CyberLink Blu-ray Disc Suite
CyberLink LabelPrint
CyberLink LG Burning Tool
CyberLink MediaShow
CyberLink PowerBackup
CyberLink PowerDVD 9
CyberLink PowerProducer
CyberLink YouCam
D3DX10
Definition Update for Microsoft Office 2010 (KB2910899) 32-Bit Edition
DVD Shrink 3.2
eFax Messenger
Etron USB3.0 Host Controller
Exact Audio Copy 1.0beta3
FFmpeg v0.6.2 for Audacity
FileParade Bundle
Google Chrome
Google Drive
Google Earth Plug-in
Google Update Helper
Grade 4 Success
HandBrake 0.9.9
Image Data Converter
Intel(R) Control Center
Intel(R) Management Engine Components
Intel(R) Processor Graphics
iTunes
Java 7 Update 67
Java 8 Update 25
Java Auto Updater
Java(TM) 6 Update 45 (64-bit)
Java(TM) SE Development Kit 6 Update 45 (64-bit)
JavaFX 2.1.1
JavaFX 2.2.7 (64-bit)
Junk Mail filter update
LAME v3.99.3 (for Windows)
Lexmark Pro800-Pro900 Series
LightScribe System Software
Logitech Harmony Remote Software 7
Logitech Media Server 7.7.5
MergeModule_x64
Microsoft .NET Framework 4.5.1
Microsoft Access 2000 SR-1 Runtime
Microsoft Application Error Reporting
Microsoft Keyboard Layout Creator 1.4
Microsoft Mouse and Keyboard Center
Microsoft Office 2010
Microsoft Office Access MUI (English) 2010
Microsoft Office Access Setup Metadata MUI (English) 2010
Microsoft Office Excel MUI (English) 2010
Microsoft Office Groove MUI (English) 2010
Microsoft Office InfoPath MUI (English) 2010
Microsoft Office Office 64-bit Components 2010
Microsoft Office OneNote MUI (English) 2010
Microsoft Office Outlook MUI (English) 2010
Microsoft Office PowerPoint MUI (English) 2010
Microsoft Office Professional Plus 2010
Microsoft Office Proof (English) 2010
Microsoft Office Proof (French) 2010
Microsoft Office Proof (Spanish) 2010
Microsoft Office Proofing (English) 2010
Microsoft Office Publisher MUI (English) 2010
Microsoft Office Shared 64-bit MUI (English) 2010
Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2010
Microsoft Office Shared MUI (English) 2010
Microsoft Office Shared Setup Metadata MUI (English) 2010
Microsoft Office Word MUI (English) 2010
Microsoft Silverlight
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
Movie Maker
MSVCRT
MSVCRT_amd64
MSVCRT110
MSVCRT110_amd64
MSXML 4.0 SP3 Parser
MSXML 4.0 SP3 Parser (KB2758694)
OpenDNS Updater 2.2.1
Photo Common
Photo Gallery
PlayMemories Home
QuickTime 7
Realtek Ethernet Controller Driver
Realtek High Definition Audio Driver
Remote Control USB Driver
SAMSUNG USB Driver for Mobile Phones
Security Update for Microsoft .NET Framework 4.5.1 (KB2894854v2)
Security Update for Microsoft .NET Framework 4.5.1 (KB2898869)
Security Update for Microsoft .NET Framework 4.5.1 (KB2901126)
Security Update for Microsoft .NET Framework 4.5.1 (KB2931368)
Security Update for Microsoft .NET Framework 4.5.1 (KB2972107)
Security Update for Microsoft .NET Framework 4.5.1 (KB2972216)
Security Update for Microsoft .NET Framework 4.5.1 (KB2978128)
Security Update for Microsoft .NET Framework 4.5.1 (KB2979578v2)
Security Update for Microsoft Excel 2010 (KB2910902) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2553154) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2553284) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2687423) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2810073) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2850016) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2880971) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2881071) 32-Bit Edition
Security Update for Microsoft Word 2010 (KB2899519) 32-Bit Edition
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition
Serviio
Skype Click to Call
Skype™ 6.20
Softsqueeze 3.9b2
SOHLib for PlayMemories Home
Sony RAW Driver
Spybot - Search & Destroy
SqueezePlay 7.8.0r328
swMSM
Update for Microsoft Access 2010 (KB2553446) 32-Bit Edition
Update for Microsoft Excel 2010 (KB2589348) 32-Bit Edition
Update for Microsoft Filter Pack 2.0 (KB2878281) 32-Bit Edition
Update for Microsoft InfoPath 2010 (KB2817369) 32-Bit Edition
Update for Microsoft InfoPath 2010 (KB2817396) 32-Bit Edition
Update for Microsoft Office 2010 (KB2494150)
Update for Microsoft Office 2010 (KB2553140) 32-Bit Edition
Update for Microsoft Office 2010 (KB2589298) 32-Bit Edition
Update for Microsoft Office 2010 (KB2589352) 32-Bit Edition
Update for Microsoft Office 2010 (KB2589375) 32-Bit Edition
Update for Microsoft Office 2010 (KB2589386) 32-Bit Edition
Update for Microsoft Office 2010 (KB2597087) 32-Bit Edition
Update for Microsoft Office 2010 (KB2597089) 32-Bit Edition
Update for Microsoft Office 2010 (KB2687275) 32-Bit Edition
Update for Microsoft Office 2010 (KB2760631) 32-Bit Edition
Update for Microsoft Office 2010 (KB2794737) 32-Bit Edition
Update for Microsoft Office 2010 (KB2825635) 32-Bit Edition
Update for Microsoft Office 2010 (KB2825640) 32-Bit Edition
Update for Microsoft Office 2010 (KB2837581) 32-Bit Edition
Update for Microsoft Office 2010 (KB2837602) 32-Bit Edition
Update for Microsoft Office 2010 (KB2837606) 32-Bit Edition
Update for Microsoft Office 2010 (KB2883019) 32-Bit Edition
Update for Microsoft Office 2010 (KB2889818) 32-Bit Edition
Update for Microsoft Office 2010 (KB2889828) 32-Bit Edition
Update for Microsoft Office 2010 (KB2910896) 32-Bit Edition
Update for Microsoft OneNote 2010 (KB2597088) 32-Bit Edition
Update for Microsoft Outlook 2010 (KB2687567) 32-Bit Edition
Update for Microsoft PowerPoint 2010 (KB2880517) 32-Bit Edition
Update for Microsoft SharePoint Workspace 2010 (KB2760601) 32-Bit Edition
Update for Microsoft Visio 2010 (KB2880526) 32-Bit Edition
Update for Microsoft Visio Viewer 2010 (KB2837587) 32-Bit Edition
Visual Studio 2008 x64 Redistributables
Visual Studio 2010 x64 Redistributables
Visual Studio 2012 x64 Redistributables
Visual Studio 2012 x86 Redistributables
VLC media player
Windows Live Communications Platform
Windows Live Essentials
Windows Live Family Safety
Windows Live ID Sign-in Assistant
Windows Live Installer
Windows Live Mail
Windows Live Messenger
Windows Live MIME IFilter
Windows Live Photo Common
Windows Live PIMT Platform
Windows Live SOXE
Windows Live SOXE Definitions
Windows Live UX Platform
Windows Live UX Platform Language Pack
Windows Live Writer
Windows Live Writer Resources
ZD Soft Screen Recorder
.
==== Event Viewer Messages From Past Week ========
.
1/31/2015 7:54:21 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the WMPNetworkSvc service.
1/31/2015 7:52:47 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the ShellHWDetection service.
1/31/2015 7:49:18 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Spybot-S&D 2 Scanner Service service to connect.
1/31/2015 7:49:18 PM, Error: Service Control Manager [7000] - The Spybot-S&D 2 Scanner Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
1/31/2015 7:48:33 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Spybot-S&D 2 Updating Service service to connect.
1/31/2015 7:48:33 PM, Error: Service Control Manager [7000] - The Spybot-S&D 2 Updating Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
1/31/2015 6:49:51 PM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: cdrom
1/31/2015 6:33:43 PM, Error: Service Control Manager [7043] - The Group Policy Client service did not shut down properly after receiving a preshutdown control.
1/31/2015 6:28:29 PM, Error: Service Control Manager [7038] - The WdiServiceHost service was unable to log on as NT AUTHORITY\LocalService with the currently configured password due to the following error: The request is not supported. To ensure that the service is configured properly, use the Services snap-in in Microsoft Management Console (MMC).
1/31/2015 6:28:29 PM, Error: Service Control Manager [7038] - The swprv service was unable to log on as NT AUTHORITY\SYSTEM with the currently configured password due to the following error: The request is not supported. To ensure that the service is configured properly, use the Services snap-in in Microsoft Management Console (MMC).
1/31/2015 6:28:29 PM, Error: Service Control Manager [7038] - The netprofm service was unable to log on as NT AUTHORITY\LocalService with the currently configured password due to the following error: The request is not supported. To ensure that the service is configured properly, use the Services snap-in in Microsoft Management Console (MMC).
1/31/2015 6:28:29 PM, Error: Service Control Manager [7000] - The Spybot-S&D 2 Scanner Service service failed to start due to the following error: The pipe has been ended.
1/31/2015 6:28:29 PM, Error: Service Control Manager [7000] - The Portable Device Enumerator Service service failed to start due to the following error: A system shutdown is in progress.
1/31/2015 6:28:29 PM, Error: Service Control Manager [7000] - The Network List Service service failed to start due to the following error: The service did not start due to a logon failure.
1/31/2015 6:28:29 PM, Error: Service Control Manager [7000] - The Microsoft Software Shadow Copy Provider service failed to start due to the following error: The service did not start due to a logon failure.
1/31/2015 6:28:29 PM, Error: Service Control Manager [7000] - The Human Interface Device Access service failed to start due to the following error: A system shutdown is in progress.
1/31/2015 6:28:29 PM, Error: Service Control Manager [7000] - The Diagnostic Service Host service failed to start due to the following error: The service did not start due to a logon failure.
1/31/2015 6:28:26 PM, Error: Service Control Manager [7023] - The Server service terminated with the following error: The service has not been started.
1/31/2015 6:16:43 PM, Error: Service Control Manager [7038] - The Dhcp service was unable to log on as NT Authority\LocalService with the currently configured password due to the following error: The request is not supported. To ensure that the service is configured properly, use the Services snap-in in Microsoft Management Console (MMC).
1/31/2015 6:16:43 PM, Error: Service Control Manager [7001] - The WinHTTP Web Proxy Auto-Discovery Service service depends on the DHCP Client service which failed to start because of the following error: The service did not start due to a logon failure.
1/31/2015 6:16:43 PM, Error: Service Control Manager [7000] - The DHCP Client service failed to start due to the following error: The service did not start due to a logon failure.
1/31/2015 6:16:39 PM, Error: Service Control Manager [7000] - The Volume Shadow Copy service failed to start due to the following error: The pipe has been ended.
1/31/2015 6:13:14 PM, Error: Service Control Manager [7024] - The Superfetch service terminated with service-specific error The operation completed successfully..
1/31/2015 6:04:23 PM, Error: Service Control Manager [7043] - The AVGIDSAgent service did not shut down properly after receiving a preshutdown control.
1/31/2015 6:01:00 PM, Error: Service Control Manager [7023] - The IPsec Policy Agent service terminated with the following error: The authentication service is unknown.
1/29/2015 7:36:55 PM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x00000050 (0xffffffffffffffd0, 0x0000000000000001, 0xfffff800032dfa00, 0x0000000000000000). A dump was saved in: C:\windows\MEMORY.DMP. Report Id: 012915-62650-01.
1/29/2015 7:31:56 PM, Error: cdrom [11] - The driver detected a controller error on \Device\CdRom0.
1/28/2015 3:54:13 PM, Error: Service Control Manager [7022] - The Windows Update service hung on starting.
1/28/2015 10:30:27 AM, Error: srv [2017] - The server was unable to allocate from the system nonpaged pool because the server reached the configured limit for nonpaged pool allocations.
1/26/2015 7:52:55 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Windows Error Reporting Service service to connect.
.
==== End Of File ===========================
stephenabyers
Active Member
 
Posts: 14
Joined: January 31st, 2015, 9:48 pm
Advertisement
Register to Remove

Re: FileParade + very slow startup and shutdown

Unread postby Gary R » February 3rd, 2015, 5:57 am

Looking over your logs, back soon.
User avatar
Gary R
Administrator
Administrator
 
Posts: 21868
Joined: June 28th, 2005, 11:36 am
Location: Yorkshire

Re: FileParade + very slow startup and shutdown

Unread postby Gary R » February 3rd, 2015, 6:16 am

Please note that all instructions given are customised for this computer only, the tools used may cause damage if used on a computer with different infections.

If you think you have similar problems, please post a log in the "Infected? Virus, malware, adware, ransomware, oh my!" forum and wait for help.


Unless informed of in advance, failure to post replies within 3 days will result in this thread being closed.


Hi

I'm Gary R,

Before we start: Please be aware that removing Malware is a potentially hazardous undertaking. I will take care not to knowingly suggest courses of action that might damage your computer. However it is impossible for me to foresee all interactions that may happen between the software on your computer and those we'll use to clear you of infection, and I cannot guarantee the safety of your system. It is possible that we might encounter situations where the only recourse is to re-format and re-install your operating system, or to necessitate you taking your computer to a repair shop.

Because of this, I advise you to backup any personal files and folders before you start.

As an added safety precaution, before we start removing anything, I'd like you to make a backup of your Registry, which we can restore to if necessary.

Please click on THIS link, and follow the instructions for installing TCRB and creating a backup of your Registry.

Please observe these rules while we work:
  • Do not edit your logs in any way whatsoever.
  • Perform all actions in the order given.
  • If you don't know, stop and ask! Don't keep going on.
  • Please reply to this thread. Do not start a new topic.
  • Stick with it till you're given the all clear.
  • Remember, absence of symptoms does not mean the infection is all gone.
  • Don't attempt to install any new software (other than those I ask you to) until we've got your computer clean.
  • Don't attempt to clean your computer with any tools other than the ones I ask you to use during the cleanup process. If your defensive programmes warn you about any of those tools, be assured that they are not infected, and are safe to use.
If you can do these things, everything should go smoothly.
  • As you're using Windows 7, it will be necessary to right click all tools we use and select ----> Run as Administrator

It may be helpful to you to print out or take a copy of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.


OK, before we remove anything I need you to run a few additional scans for me, so that I have a more complete picture of what we need to deal with.

First ...

Please download AdwCleaner and save it to your desktop.

  • Double click AdwCleaner.exe to run it.
  • Click Scan.
  • A logfile will automatically open after the scan has finished.
  • Close the adwCleaner window, click ok to the prompt.
  • Please post the contents of that logfile with your next reply.
  • You can also find the logfile at C:\AdwCleaner[R1].txt.

AT THIS POINT, DO NOT ATTEMPT TO CLEAN ANYTHING THAT MAY BE FOUND

Next ...

  • Download FRST64 to your Desktop.
  • Double click Frst64.exe to launch it.
  • FRST will start to run.
    • When the tool opens click Yes to disclaimer.
    • Press the Scan button.
    • When finished scanning 2 logs will open on your Desktop, FRST.txt and Addition.txt
    • Please post them in your next reply.

Finally ...

I now need you to run a search for me using FRST.

  • Double click Frst64.exe to launch it.
  • FRST will start to run.
    • When the tool opens click Yes to the disclaimer.
    • Copy/Paste or Type the following line into the Search: box.
    Fun4IM;Bandoo;Searchnu;Searchqu;iLivid;whitesmoke;datamngr;kelkoopartners;trolltech;babylon;conduit;sweetpacks;FileParade

    • Press the Search Registry button.
    • When finished searching a log will open on your Desktop ... Search.txt
    • Please post it in your next reply.

Summary of the logs I need from you in your next post:
  • ADWCleaner log
  • FRST.txt
  • Addition.txt
  • Search.txt


Please post each log separately to prevent it being cut off by the forum post size limiter. Check each after you've posted it to make sure it's all present, if any log is cut off you'll have to post it in sections.
User avatar
Gary R
Administrator
Administrator
 
Posts: 21868
Joined: June 28th, 2005, 11:36 am
Location: Yorkshire

Re: FileParade + very slow startup and shutdown

Unread postby stephenabyers » February 5th, 2015, 9:09 pm

# AdwCleaner v4.110 - Logfile created 05/02/2015 at 20:00:31
# Updated 05/02/2015 by Xplode
# Database : 2015-02-05.2 [Server]
# Operating system : Windows 7 Home Premium Service Pack 1 (x64)
# Username : Admin - ZT2012
# Running from : C:\Users\Stephen\Desktop\adwcleaner_4.110.exe
# Option : Scan

***** [ Services ] *****

Service Found : vToolbarUpdater18.2.0

***** [ Files / Folders ] *****

File Found : C:\Users\Stephen\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_services.hearstmags.com_0.localstorage
File Found : C:\Users\Stephen\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_services.hearstmags.com_0.localstorage-journal
File Found : C:\Users\Stephen\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.ask.com_0.localstorage
File Found : C:\Users\Stephen\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.ask.com_0.localstorage-journal
File Found : C:\Users\Stephen\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.superfish.com_0.localstorage
File Found : C:\Users\Stephen\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.superfish.com_0.localstorage-journal
File Found : C:\Users\Stephen\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxps_static.olark.com_0.localstorage-journal
File Found : C:\Users\Stephen\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\iLivid.lnk
Folder Found : C:\Program Files (x86)\AVG SafeGuard toolbar
Folder Found : C:\Program Files (x86)\AVG Security Toolbar
Folder Found : C:\Program Files (x86)\Common Files\AVG Secure Search
Folder Found : C:\Program Files (x86)\Conduit
Folder Found : C:\ProgramData\apn
Folder Found : C:\ProgramData\AVG SafeGuard toolbar
Folder Found : C:\ProgramData\AVG Secure Search
Folder Found : C:\ProgramData\AVG Security Toolbar
Folder Found : C:\ProgramData\Tarma Installer
Folder Found : C:\Users\Admin\AppData\Local\AVG SafeGuard toolbar
Folder Found : C:\Users\Admin\AppData\LocalLow\AVG SafeGuard toolbar
Folder Found : C:\Users\Admin\AppData\LocalLow\Conduit
Folder Found : C:\Users\Stephen\AppData\Local\AVG SafeGuard toolbar
Folder Found : C:\Users\Stephen\AppData\Local\Conduit
Folder Found : C:\Users\Stephen\AppData\Local\Google\Chrome\User Data\Default\Extensions\mfhnkgpdlogbknkhlgdjlejeljbhflim
Folder Found : C:\Users\Stephen\AppData\LocalLow\AVG SafeGuard toolbar
Folder Found : C:\Users\Stephen\AppData\LocalLow\Conduit

***** [ Scheduled tasks ] *****

Task Found : VisualBeeRecovery

***** [ Shortcuts ] *****


***** [ Registry ] *****

Data Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings [ProxyServer] - localhost:8080
Key Found : HKCU\Software\AppDataLow\Software\Conduit
Key Found : HKCU\Software\AVG SafeGuard toolbar
Key Found : HKCU\Software\Conduit
Key Found : HKCU\Software\ilivid
Key Found : HKCU\Software\IM
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Found : [x64] HKCU\Software\AVG SafeGuard toolbar
Key Found : [x64] HKCU\Software\Conduit
Key Found : [x64] HKCU\Software\ilivid
Key Found : [x64] HKCU\Software\IM
Key Found : HKLM\SOFTWARE\AVG SafeGuard toolbar
Key Found : HKLM\SOFTWARE\AVG Security Toolbar
Key Found : HKLM\SOFTWARE\Classes\AppID\{1FDFF5A2-7BB1-48E1-8081-7236812B12B2}
Key Found : HKLM\SOFTWARE\Classes\AppID\{608D3067-77E8-463D-9084-908966806826}
Key Found : HKLM\SOFTWARE\Classes\AppID\{BDB69379-802F-4EAF-B541-F8DE92DD98DB}
Key Found : HKLM\SOFTWARE\Classes\AppID\{EA28B360-05E0-4F93-8150-02891F1D8D3C}
Key Found : HKLM\SOFTWARE\Classes\AppID\ViProtocol.DLL
Key Found : HKLM\SOFTWARE\Classes\Applications\ilividsetup.exe
Key Found : HKLM\SOFTWARE\Classes\AVG SafeGuard toolbar.BrowserWndAPI
Key Found : HKLM\SOFTWARE\Classes\AVG SafeGuard toolbar.BrowserWndAPI.1
Key Found : HKLM\SOFTWARE\Classes\AVG SafeGuard toolbar.PugiObj
Key Found : HKLM\SOFTWARE\Classes\AVG SafeGuard toolbar.PugiObj.1
Key Found : HKLM\SOFTWARE\Classes\CLSID\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{80922EE0-8A76-46AE-95D5-BD3C3FE0708D}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{933B95E2-E7B7-4AD9-B952-7AC336682AE3}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{B658800C-F66E-4EF3-AB85-6C0C227862A9}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{DE9028D0-5FFA-4E69-94E3-89EE8741F468}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Found : HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
Key Found : HKLM\SOFTWARE\Classes\Interface\{10DE7085-6A1E-4D41-A7BF-9AF93E351401}
Key Found : HKLM\SOFTWARE\Classes\Interface\{1AD27395-1659-4DFF-A319-2CFA243861A5}
Key Found : HKLM\SOFTWARE\Classes\Interface\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}
Key Found : HKLM\SOFTWARE\Classes\Interface\{8C953EC4-8CFA-44FB-B32E-1249E5505091}
Key Found : HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
Key Found : HKLM\SOFTWARE\Classes\Interface\{C401D2CE-DC27-45C7-BC0C-8E6EA7F085D6}
Key Found : HKLM\SOFTWARE\Classes\protocols\handler\viprotocol
Key Found : HKLM\SOFTWARE\Classes\S
Key Found : HKLM\SOFTWARE\Classes\ScriptHelper.ScriptHelperApi
Key Found : HKLM\SOFTWARE\Classes\ScriptHelper.ScriptHelperApi.1
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{74FB6AFD-DD77-4CEB-83BD-AB2B63E63C93}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{9C049BA6-EA47-4AC3-AED6-A66D8DC9E1D8}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{C2AC8A0E-E48E-484B-A71C-C7A937FAAB94}
Key Found : HKLM\SOFTWARE\Classes\ViProtocol.ViProtocolOLE
Key Found : HKLM\SOFTWARE\Classes\ViProtocol.ViProtocolOLE.1
Key Found : HKLM\SOFTWARE\Conduit
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{E57091A7-B5F0-4C42-9329-72ED3E59ED31}
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{C6FDD0C3-266A-4DC3-B459-28C697C44CDC}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\AVG SafeGuard toolbar
Key Found : HKLM\SOFTWARE\MozillaPlugins\@avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin
Key Found : HKLM\SOFTWARE\VBMZ
Key Found : HKLM\SOFTWARE\visualbee
Key Found : [x64] HKLM\SOFTWARE\Classes\CLSID\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{C401D2CE-DC27-45C7-BC0C-8E6EA7F085D6}
Key Found : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Found : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}
Key Found : [x64] HKLM\SOFTWARE\Tarma Installer
Value Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{95B7759C-8C7F-4BF1-B163-73684A933233}]
Value Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [vProt]

***** [ Web browsers ] *****

-\\ Internet Explorer v11.0.9600.17496

Setting Found : HKCU\Software\Microsoft\Internet Explorer\Main [Start Page] - hxxp://www.amazon.com/websearch/ref=bit ... _US_ie_sp_

-\\ Google Chrome v40.0.2214.111

[C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Web data] - Found [Search Provider] : hxxp://search.aol.com/aol/search?q={searchTerms}
[C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Web data] - Found [Search Provider] : hxxp://www.ask.com/web?q={searchTerms}
[C:\Users\Stephen\AppData\Local\Google\Chrome\User Data\Default\Web data] - Found [Search Provider] : hxxp://search.aol.com/aol/search?q={searchTerms}
[C:\Users\Stephen\AppData\Local\Google\Chrome\User Data\Default\Web data] - Found [Search Provider] : hxxp://www.ask.com/web?q={searchTerms}
[C:\Users\Stephen\AppData\Local\Google\Chrome\User Data\Default\Web data] - Found [Search Provider] : hxxp://movies.netflix.com/WiSearch?raw_ ... osn=-1&v1={searchTerms}&search_submit=
[C:\Users\Stephen\AppData\Local\Google\Chrome\User Data\Default\Web data] - Found [Search Provider] : hxxp://www.netflix.com/WiSearch?raw_que ... osn=-1&v1={searchTerms}&search_submit=
[C:\Users\Stephen\AppData\Local\Google\Chrome\User Data\Default\Web data] - Found [Search Provider] : hxxp://Vosteran.com/results.php?f=4&q={searchTerms}&a=vst_captaind_14_49_other&cd=2XzuyEtN2Y1L1QzuyDtD0EyDyEzy0CyB0DyCtD0F0FtDzz0BtN0D0Tzu0StCtDyCyCtN1L2XzutAtFyCtFyCtFtDtN1L1CzutCyEtBzytDyD1V1BtN1L1G1B1V1N2Y1L1Qzu2SyEtCzytDtDtCzy0CtG0F0BtCzztGtByEzz0BtGyB0EtByDtGtAyByC0E0A0Czy0A0CyCtDtC2QtN1M1F1B2Z1V1N2Y1L1Qzu2StCzy0D0FzzyCtAtAtGyD0E0C0EtGyEyD0FzztG0AyEyC0EtGtDyCtAtCtD0CtA0A0CtByB0D2Q&cr=418073027&ir=
[C:\Users\Stephen\AppData\Local\Google\Chrome\User Data\Default\Web data] - Found [Search Provider] : hxxp://Vosteran.com/results.php?f=4&q={searchTerms}&a=vst_captaind_14_49_other&cd=2XzuyEtN2Y1L1QzuyDtD0EyDyEzy0CyB0DyCtD0F0FtDzz0BtN0D0Tzu0StCtDyCyCtN1L2XzutAtFyCtFyCtFtDtN1L1CzutCyEtBzytDyD1V1BtN1L1G1B1V1N2Y1L1Qzu2SyEtCzytDtDtCzy0CtG0F0BtCzztGtByEzz0BtGyB0EtByDtGtAyByC0E0A0Czy0A0CyCtDtC2QtN1M1F1B2Z1V1N2Y1L1Qzu2StCzy0D0FzzyCtAtAtGyD0E0C0EtGyEyD0FzztG0AyEyC0EtGtDyCtAtCtD0CtA0A0CtByB0D2Q&cr=418073027&ir=
*************************

AdwCleaner[R0].txt - [10684 bytes] - [05/02/2015 20:00:31]

########## EOF - \AdwCleaner\AdwCleaner[R0].txt - [10744 bytes] ##########
stephenabyers
Active Member
 
Posts: 14
Joined: January 31st, 2015, 9:48 pm

Re: FileParade + very slow startup and shutdown

Unread postby stephenabyers » February 5th, 2015, 9:12 pm

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 05-02-2015
Ran by Stephen (ATTENTION: The logged in user is not administrator) on ZT2012 on 05-02-2015 20:03:35
Running from C:\Users\Stephen\Desktop
Loaded Profiles: Stephen & Admin (Available profiles: Stephen & Admin)
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: English (United States)
Internet Explorer Version 11 (Default browser: IE)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/33 ... scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
(Microsoft Corporation) C:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe
(Microsoft Corporation) C:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Microsoft Corporation) C:\Program Files (x86)\Windows Live\Family Safety\fsui.exe
() C:\Program Files (x86)\Lexmark Pro800-Pro900 Series\lxecmon.exe
() C:\Program Files (x86)\Lexmark Pro800-Pro900 Series\ezprint.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Google) C:\Program Files (x86)\Google\Drive\googledrivesync.exe
() C:\Program Files (x86)\OpenDNS Updater\OpenDNSUpdater.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\Office14\MSOSYNC.EXE
() C:\Users\Stephen\AppData\Roaming\ACEStream\engine\ace_engine.exe
(Akamai Technologies, Inc.) C:\Users\Stephen\AppData\Local\Akamai\netsession_win.exe
(Ruiware LLC) C:\Program Files (x86)\Ruiware\WinPatrol\WinPatrol.exe
() C:\Users\Stephen\AppData\Local\Autobahn\nexdef.exe
(Google) C:\Program Files (x86)\Google\Drive\googledrivesync.exe
(Akamai Technologies, Inc.) C:\Users\Stephen\AppData\Local\Akamai\netsession_win.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgui.exe
() C:\Program Files (x86)\AVG SafeGuard toolbar\vprot.exe
(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Apple Application Support\distnoted.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\SyncServer.exe
(Logitech Inc.) C:\Program Files (x86)\Squeezebox\SqueezeTray.exe
(Logitech Inc.) C:\Program Files (x86)\Squeezebox\server\SqueezeSvr.exe
() C:\Users\Stephen\AppData\Roaming\ACEStream\updater\ace_update.exe
(Prosoftnet) C:\Program Files (x86)\IDriveWindows\id_tray.exe
(Prosoftnet) C:\Program Files (x86)\IDriveWindows\id_bglaunch.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe
() C:\Program Files (x86)\IDriveWindows\cmd_util\idwutil_600.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\40.0.2214.111\nacl64.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\40.0.2214.111\nacl64.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [11772520 2011-01-04] (Realtek Semiconductor)
HKLM\...\Run: [fssui] => C:\Program Files (x86)\Windows Live\Family Safety\fsui.exe [892608 2014-03-31] (Microsoft Corporation)
HKLM\...\Run: [lxecmon.exe] => C:\Program Files (x86)\Lexmark Pro800-Pro900 Series\lxecmon.exe [772712 2013-01-23] ()
HKLM\...\Run: [EzPrint] => C:\Program Files (x86)\Lexmark Pro800-Pro900 Series\ezprint.exe [150264 2013-01-23] ()
HKLM-x32\...\Run: [BCSSync] => C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe [89184 2012-11-05] (Microsoft Corporation)
HKLM-x32\...\Run: [AVG_UI] => C:\Program Files (x86)\AVG\AVG2014\avgui.exe [5188112 2014-12-16] (AVG Technologies CZ, s.r.o.)
HKLM-x32\...\Run: [vProt] => C:\Program Files (x86)\AVG SafeGuard toolbar\vprot.exe [2636312 2014-12-11] ()
HKLM-x32\...\Run: [IDrive Background process] => C:\Program Files (x86)\IDriveWindows\id_bglaunch.exe [67616 2015-01-31] (Prosoftnet)
HKLM-x32\...\Run: [IDrive Tray] => C:\Program Files (x86)\IDriveWindows\id_tray.exe [1973280 2015-01-31] (Prosoftnet)
Winlogon\Notify\igfxcui: C:\windows\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-4008453203-116359934-4206298802-1001\...\Run: [BTLive] => C:\Users\Stephen\AppData\Roaming\BTLive\BTLive.exe
HKU\S-1-5-21-4008453203-116359934-4206298802-1001\...\Run: [GoogleDriveSync] => C:\Program Files (x86)\Google\Drive\googledrivesync.exe [23308256 2015-01-15] (Google)
HKU\S-1-5-21-4008453203-116359934-4206298802-1001\...\Run: [OpenDNS Updater] => C:\Program Files (x86)\OpenDNS Updater\OpenDNSUpdater.exe [839680 2010-06-16] ()
HKU\S-1-5-21-4008453203-116359934-4206298802-1001\...\Run: [ROC_ROC_APR2013_AV] => C:\Users\Stephen\AppData\Roaming\AVG April 2013 Campaign\AVG-Secure-Search-Update.exe /PROMPT --mid bda1e2e2ac0d47d0a5f581ac0f233ffc-cc466c8dc8bb3b30c0b723e2031f0d52e028a0ba --CMPID ROC_APR2013_AV --C (the data entry has 14 more characters).
HKU\S-1-5-21-4008453203-116359934-4206298802-1001\...\Run: [AVG-Secure-Search-Update_0913a] => C:\Users\Stephen\AppData\Roaming\AVG 0913a Campaign\AVG-Secure-Search-Update-0913a.exe /PROMPT --mid bda1e2e2ac0d47d0a5f581ac0f233ffc-cc466c8dc8bb3b30c0b723e2031f0d52e028a0ba --CMPID 0913a
HKU\S-1-5-21-4008453203-116359934-4206298802-1001\...\Run: [AVG-Secure-Search-Update_0214c] => C:\Users\Stephen\AppData\Roaming\AVG 0214c Campaign\AVG-Secure-Search-Update-0214c.exe /PROMPT /mid=bda1e2e2ac0d47d0a5f581ac0f233ffc-cc466c8dc8bb3b30c0b723e2031f0d52e028a0ba /CMPID=0214c
HKU\S-1-5-21-4008453203-116359934-4206298802-1001\...\Run: [OfficeSyncProcess] => C:\Program Files (x86)\Microsoft Office\Office14\MSOSYNC.EXE [720064 2014-10-14] (Microsoft Corporation)
HKU\S-1-5-21-4008453203-116359934-4206298802-1001\...\Run: [AceStream] => C:\Users\Stephen\AppData\Roaming\ACEStream\engine\ace_engine.exe [27904 2014-09-25] ()
HKU\S-1-5-21-4008453203-116359934-4206298802-1001\...\Run: [Akamai NetSession Interface] => C:\Users\Stephen\AppData\Local\Akamai\netsession_win.exe [4673432 2014-10-29] (Akamai Technologies, Inc.)
HKU\S-1-5-21-4008453203-116359934-4206298802-1001\...\Run: [WinPatrol] => C:\Program Files (x86)\Ruiware\WinPatrol\winpatrol.exe [1154112 2014-07-20] (Ruiware LLC)
HKU\S-1-5-21-4008453203-116359934-4206298802-1001\...\RunOnce: [Uninstall C:\Users\Stephen\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\amd64] => C:\windows\system32\cmd.exe /q /c rmdir /s /q "C:\Users\Stephen\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\amd64"
HKU\S-1-5-21-4008453203-116359934-4206298802-1001\...\Policies\system: [LogonHoursAction] 2
HKU\S-1-5-21-4008453203-116359934-4206298802-1001\...\Policies\system: [DontDisplayLogonHoursWarnings] 1
HKU\S-1-5-21-4008453203-116359934-4206298802-1001\...\MountPoints2: {2e2379eb-fd73-11e1-844a-50e549c7d60f} - K:\TLBootstrap_WPP.exe
HKU\S-1-5-21-4008453203-116359934-4206298802-1001\...\MountPoints2: {8760830f-837c-11e2-83ff-50e549c7d60f} - J:\setup.exe -a
HKU\S-1-5-18\...\RunOnce: [FlashPlayerUpdate] => C:\windows\SysWOW64\Macromed\Flash\FlashUtil32_11_5_502_149_ActiveX.exe -update activex
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\CrashPlan Tray.lnk
ShortcutTarget: CrashPlan Tray.lnk -> C:\Program Files\CrashPlan\CrashPlanTray.exe (No File)
Startup: C:\Users\Stephen\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\eFax 4.4.lnk
ShortcutTarget: eFax 4.4.lnk -> C:\Program Files (x86)\eFax Messenger 4.4\J2GTray.exe (j2 Global Communications, Inc.)
Startup: C:\Users\Stephen\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\NexDef Plug-in.lnk
ShortcutTarget: NexDef Plug-in.lnk -> C:\Users\Stephen\AppData\Local\Autobahn\nexdef.exe ()
ShellIconOverlayIdentifiers: [0001IDSIcon1] -> {0FA6DCC0-CF0B-427D-A8AF-97C466AB5769} => C:\Program Files (x86)\IDriveWindows\IDSyncIntIcon64.dll (Pro-Softnet Corporation, U.S.A)
ShellIconOverlayIdentifiers: [0001IDSIcon2] -> {66357BBE-D2E5-453C-95FF-8102EB32419D} => C:\Program Files (x86)\IDriveWindows\IDSyncIntIcon64.dll (Pro-Softnet Corporation, U.S.A)
ShellIconOverlayIdentifiers: [0001IDSIcon3] -> {904E6336-8B13-43FA-B4C3-5B62C1C91971} => C:\Program Files (x86)\IDriveWindows\IDSyncIntIcon64.dll (Pro-Softnet Corporation, U.S.A)
BootExecute: autocheck autochk * sdnclean64.exe
GroupPolicyUsers\S-1-5-21-4008453203-116359934-4206298802-1001\User: Group Policy restriction detected <======= ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\S-1-5-21-4008453203-116359934-4206298802-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://nmd.msn.com
URLSearchHook: [S-1-5-21-4008453203-116359934-4206298802-1003] ATTENTION ==> Default URLSearchHook is missing.
SearchScopes: HKLM -> DefaultScope {15D6AACC-F402-4335-8BD8-20BB5E8A8DB5} URL = http://www.bing.com/search?q={searchTerms}&form=MNMTDF&pc=MANM&src=IE-SearchBox
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM -> {15D6AACC-F402-4335-8BD8-20BB5E8A8DB5} URL = http://www.bing.com/search?q={searchTerms}&form=MNMTDF&pc=MANM&src=IE-SearchBox
SearchScopes: HKLM-x32 -> DefaultScope {D76D72CF-E095-4571-BA70-D447FD302996} URL = http://www.bing.com/search?q={searchTerms}&form=MNMTDF&pc=MANM&src=IE-SearchBox
SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM-x32 -> {D76D72CF-E095-4571-BA70-D447FD302996} URL = http://www.bing.com/search?q={searchTerms}&form=MNMTDF&pc=MANM&src=IE-SearchBox
SearchScopes: HKU\S-1-5-21-4008453203-116359934-4206298802-1001 -> DefaultScope {95B7759C-8C7F-4BF1-B163-73684A933233} URL = https://mysearch.avg.com/search?cid={AACB84DC-ED5F-49CD-BE37-9C675C4EF508}&mid=bda1e2e2ac0d47d0a5f581ac0f233ffc-cc466c8dc8bb3b30c0b723e2031f0d52e028a0ba&lang=en&ds=AVG&coid=avgtbavg&cmpid=1214tb&pr=fr&d=2014-03-25 16:42:10&v=18.2.0.829&pid=safeguard&sg=&sap=dsp&q={searchTerms}
SearchScopes: HKU\S-1-5-21-4008453203-116359934-4206298802-1001 -> {95B7759C-8C7F-4BF1-B163-73684A933233} URL = https://mysearch.avg.com/search?cid={AACB84DC-ED5F-49CD-BE37-9C675C4EF508}&mid=bda1e2e2ac0d47d0a5f581ac0f233ffc-cc466c8dc8bb3b30c0b723e2031f0d52e028a0ba&lang=en&ds=AVG&coid=avgtbavg&cmpid=1214tb&pr=fr&d=2014-03-25 16:42:10&v=18.2.0.829&pid=safeguard&sg=&sap=dsp&q={searchTerms}
SearchScopes: HKU\S-1-5-21-4008453203-116359934-4206298802-1001 -> {DC91FAFB-6CEA-49E5-BB74-9CEE75D09B77} URL = https://mysearch.avg.com/search?cid={AACB84DC-ED5F-49CD-BE37-9C675C4EF508}&mid=bda1e2e2ac0d47d0a5f581ac0f233ffc-cc466c8dc8bb3b30c0b723e2031f0d52e028a0ba&lang=en&ds=AVG&coid=avgtbavg&cmpid=&pr=fr&d=2014-03-25 16:42:10&v=18.1.9.799&pid=safeguard&sg=&sap=dsp&q={searchTerms}
BHO: AVG Safe Search -> {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} -> No File
BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Oracle\JavaFX 2.2 Runtime\bin\ssv.dll (Oracle Corporation)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Skype add-on for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Oracle\JavaFX 2.2 Runtime\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: AVG Safe Search -> {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} -> No File
BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\ssv.dll (Oracle Corporation)
BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: AVG SafeGuard toolbar -> {95B7759C-8C7F-4BF1-B163-73684A933233} -> C:\Program Files (x86)\AVG SafeGuard toolbar\18.2.0.829\AVG SafeGuard toolbar_toolbar.dll (AVG Secure Search)
BHO-x32: Skype Browser Helper -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKLM-x32 - AVG SafeGuard toolbar - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG SafeGuard toolbar\18.2.0.829\AVG SafeGuard toolbar_toolbar.dll (AVG Secure Search)
Toolbar: HKU\S-1-5-21-4008453203-116359934-4206298802-1001 -> No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No File
DPF: HKLM-x32 {6A060448-60F9-11D5-A6CD-0002B31F7455}
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - No File
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.)
Handler-x32: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Handler-x32: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\18.2.0\ViProtocol.dll (AVG Secure Search)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1

FireFox:
========
FF ProfilePath: C:\Users\Stephen\AppData\Roaming\Mozilla\Firefox\Profiles\4gr2ro7t.default-1357999601149
FF DefaultSearchEngine: AVG Secure Search
FF SelectedSearchEngine: Vosteran
FF Keyword.URL:
FF Plugin: @adobe.com/FlashPlayer -> C:\windows\system32\Macromed\Flash\NPSWF64_16_0_0_305.dll ()
FF Plugin: @java.com/DTPlugin,version=10.15.1 -> C:\windows\system32\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin -> C:\Program Files\Oracle\JavaFX 2.2 Runtime\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.15.1 -> C:\Program Files\Oracle\JavaFX 2.2 Runtime\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\windows\SysWOW64\Macromed\Flash\NPSWF32_16_0_0_305.dll ()
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\windows\SysWOW64\Adobe\Director\np32dsw_1168638.dll (Adobe Systems, Inc.)
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin -> C:\Program Files (x86)\Common Files\AVG Secure Search\SiteSafetyInstaller\18.2.0\\npsitesafety.dll No File
FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin-x32: @java.com/DTPlugin,version=11.25.2 -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.25.2 -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~4\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~4\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3528.0331 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.1.5 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-4008453203-116359934-4206298802-1001: @acestream.net/acestreamplugin,version=2.2.10-next -> C:\Users\Stephen\AppData\Roaming\ACEStream\player\npace_plugin.dll (Innovative Digital Technologies)
FF Plugin HKU\S-1-5-21-4008453203-116359934-4206298802-1001: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\Stephen\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
FF Plugin HKU\S-1-5-21-4008453203-116359934-4206298802-1001: amazon.com/AmazonMP3DownloaderPlugin -> C:\Program Files (x86)\Amazon\MP3 Downloader\npAmazonMP3DownloaderPlugin1017300.dll (Amazon.com, Inc.)
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\searchplugins\avg-secure-search.xml
FF Extension: AS Magic Player - C:\Users\Stephen\AppData\Roaming\Mozilla\Firefox\Profiles\4gr2ro7t.default-1357999601149\Extensions\magicplayer@acestream.org [2014-08-23]
FF Extension: Adblock Plus - C:\Users\Stephen\AppData\Roaming\Mozilla\Firefox\Profiles\4gr2ro7t.default-1357999601149\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2013-01-12]
FF HKLM-x32\...\Firefox\Extensions: [avg@toolbar] - C:\ProgramData\AVG SafeGuard toolbar\FireFoxExt\17.3.1.91
FF Extension: AVG SafeGuard toolbar - C:\ProgramData\AVG SafeGuard toolbar\FireFoxExt\17.3.1.91 [2014-03-25]

Chrome:
=======
CHR HomePage: Default -> hxxp://Vosteran.com/?f=1&a=vst_captaind ... 073027&ir=
CHR StartupUrls: Default -> "hxxp://Vosteran.com/?f=7&a=vst_captaind_14_49_other&cd=2XzuyEtN2Y1L1QzuyDtD0EyDyEzy0CyB0DyCtD0F0FtDzz0BtN0D0Tzu0StCtDyCyCtN1L2XzutAtFyCtFyCtFtDtN1L1CzutCyEtBzytDyD1V1BtN1L1G1B1V1N2Y1L1Qzu2SyEtCzytDtDtCzy0CtG0F0BtCzztGtByEzz0BtGyB0EtByDtGtAyByC0E0A0Czy0A0CyCtDtC2QtN1M1F1B2Z1V1N2Y1L1Qzu2StCzy0D0FzzyCtAtAtGyD0E0C0EtGyEyD0FzztG0AyEyC0EtGtDyCtAtCtD0CtA0A0CtByB0D2Q&cr=418073027&ir="
CHR DefaultSuggestURL: Default -> {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client={google:suggestClient}&gs_ri={google:suggestRid}&xssi=t&q={searchTerms}&{google:inputType}{google:cursorPosition}{google:currentPageUrl}{google:pageClassification}{google:searchVersion}{google:sessionToken}{google:prefetchQuery}sugkey={google:suggestAPIKeyParameter}
CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\40.0.2214.94\gcswf32.dll No File
CHR Plugin: (Shockwave Flash) - C:\windows\SysWOW64\Macromed\Flash\NPSWF32_11_2_202_228.dll No File
CHR Plugin: (Java(TM) Platform SE 6 U31) - C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll No File
CHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll (Adobe Systems Inc.)
CHR Plugin: (Silverlight Plug-In) - c:\Program Files (x86)\Microsoft Silverlight\4.1.10111.0\npctrl.dll No File
CHR Plugin: (Shockwave for Director) - C:\windows\system32\Adobe\Director\np32dsw.dll No File
CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~2\MICROS~4\Office14\NPAUTHZ.DLL (Microsoft Corporation)
CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~2\MICROS~4\Office14\NPSPWRAP.DLL (Microsoft Corporation)
CHR Plugin: (Chrome NaCl) - C:\Program Files (x86)\Google\Chrome\Application\40.0.2214.94\ppGoogleNaClPluginChrome.dll No File
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\40.0.2214.94\pdf.dll ()
CHR Plugin: (AVG Internet Security) - C:\Users\Stephen\AppData\Local\Google\Chrome\User Data\Default\Extensions\jmfkcklnlgedgbglfkkgedjfmejoahla\12.0.0.2111_0\plugins/avgnpss.dll No File
CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.57\npGoogleUpdate3.dll No File
CHR Plugin: (Windows Live™ Photo Gallery) - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
CHR Plugin: (Default Plug-in) - default_plugin No File
CHR Profile: C:\Users\Stephen\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Drive) - C:\Users\Stephen\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2013-05-16]
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\Stephen\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-05-23]
CHR Extension: (AdBlock) - C:\Users\Stephen\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2014-12-24]
CHR Extension: (Skype Click to Call) - C:\Users\Stephen\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl [2014-09-24]
CHR Extension: (Application Launcher for Drive (by Google)) - C:\Users\Stephen\AppData\Local\Google\Chrome\User Data\Default\Extensions\lmjegmlicamnimmfhcmpkclmigmmcbeh [2014-11-05]
CHR Extension: (AS Magic Player) - C:\Users\Stephen\AppData\Local\Google\Chrome\User Data\Default\Extensions\mfhnkgpdlogbknkhlgdjlejeljbhflim [2014-10-27]
CHR Extension: (Google Wallet) - C:\Users\Stephen\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-08-21]
CHR HKU\S-1-5-21-4008453203-116359934-4206298802-1001\...\Chrome\Extension: [apdfllckaahabafndbhieahigkjlhalf] - C:\Users\Stephen\AppData\Local\Google\Drive\apdfllckaahabafndbhieahigkjlhalf_live.crx [2013-04-30]
CHR HKU\S-1-5-21-4008453203-116359934-4206298802-1001\...\Chrome\Extension: [lmjegmlicamnimmfhcmpkclmigmmcbeh] - No Path
CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files (x86)\Skype\Toolbars\Skype for Chromium\skype_chrome_extension.crx [2013-10-09]

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 AVGIDSAgent; C:\Program Files (x86)\AVG\AVG2014\avgidsagent.exe [3247120 2014-12-16] (AVG Technologies CZ, s.r.o.)
R2 avgwd; C:\Program Files (x86)\AVG\AVG2014\avgwdsvc.exe [289328 2014-12-16] (AVG Technologies CZ, s.r.o.)
S2 CLKMSVC10_9EC60124; C:\Program Files (x86)\CyberLink\PowerDVD9\NavFilter\kmsvc.exe [240112 2010-11-18] (CyberLink)
R2 IDriveService; C:\Program Files (x86)\IDriveWindows\id_service.exe [100384 2015-01-31] (Prosoftnet)
R2 LightScribeService; C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe [73728 2011-03-04] (Hewlett-Packard Company) [File not signed]
R2 lmhosts; C:\Windows\system32\svchost.exe [27136 2009-07-13] (Microsoft Corporation)
R2 lmhosts; C:\Windows\SysWOW64\svchost.exe [20992 2009-07-13] (Microsoft Corporation)
R2 lxecCATSCustConnectService; C:\windows\system32\spool\DRIVERS\x64\3\\lxecserv.exe [45736 2010-04-14] (Lexmark International, Inc.)
R2 lxec_device; C:\windows\system32\lxeccoms.exe [1052328 2010-04-14] ( )
R2 lxec_device; C:\windows\SysWOW64\lxeccoms.exe [598696 2010-04-14] ( )
R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1871160 2014-11-21] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [969016 2014-11-21] (Malwarebytes Corporation)
R2 NlaSvc; C:\Windows\System32\svchost.exe [27136 2009-07-13] (Microsoft Corporation)
R2 NlaSvc; C:\Windows\SysWOW64\svchost.exe [20992 2009-07-13] (Microsoft Corporation)
R2 nsi; C:\Windows\system32\svchost.exe [27136 2009-07-13] (Microsoft Corporation)
R2 nsi; C:\Windows\SysWOW64\svchost.exe [20992 2009-07-13] (Microsoft Corporation)
R2 PMBDeviceInfoProvider; C:\Program Files (x86)\Sony\PlayMemories Home\PMBDeviceInfoProvider.exe [481816 2014-03-12] (Sony Corporation)
S4 RichVideo; C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe [244904 2009-07-02] () [File not signed]
R2 Serviio; C:\Program Files\Serviio\bin\ServiioService.exe [359936 2014-03-20] () [File not signed]
R2 vToolbarUpdater18.2.0; C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\18.2.0\ToolbarUpdater.exe [1806872 2014-12-11] (AVG Secure Search)
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R1 Avgdiska; C:\Windows\System32\DRIVERS\avgdiska.sys [152344 2014-06-30] (AVG Technologies CZ, s.r.o.)
R1 AVGIDSDriver; C:\Windows\System32\DRIVERS\avgidsdrivera.sys [244504 2014-07-21] (AVG Technologies CZ, s.r.o.)
R0 AVGIDSHA; C:\Windows\System32\DRIVERS\avgidsha.sys [190744 2014-06-17] (AVG Technologies CZ, s.r.o.)
R1 Avgldx64; C:\Windows\System32\DRIVERS\avgldx64.sys [237848 2014-10-24] (AVG Technologies CZ, s.r.o.)
R0 Avgloga; C:\Windows\System32\DRIVERS\avgloga.sys [328984 2014-06-17] (AVG Technologies CZ, s.r.o.)
R0 Avgmfx64; C:\Windows\System32\DRIVERS\avgmfx64.sys [123672 2014-10-29] (AVG Technologies CZ, s.r.o.)
R0 Avgrkx64; C:\Windows\System32\DRIVERS\avgrkx64.sys [31512 2014-06-17] (AVG Technologies CZ, s.r.o.)
R1 Avgtdia; C:\Windows\System32\DRIVERS\avgtdia.sys [269080 2014-10-20] (AVG Technologies CZ, s.r.o.)
R1 avgtp; C:\windows\system32\drivers\avgtpx64.sys [52000 2014-12-11] (AVG Technologies)
R3 MBAMProtector; C:\windows\system32\drivers\mbam.sys [25816 2014-11-21] (Malwarebytes Corporation)
R3 MBAMSwissArmy; C:\windows\system32\drivers\MBAMSwissArmy.sys [129752 2015-02-01] (Malwarebytes Corporation)
R3 MBAMWebAccessControl; C:\windows\system32\drivers\mwac.sys [63704 2014-11-21] (Malwarebytes Corporation)
R3 msvad_simple; C:\Windows\System32\drivers\povrtdev.sys [28528 2012-03-28] (MediaMall Technologies, Inc.)
S3 sscdserd; C:\Windows\System32\DRIVERS\sscdserd.sys [141384 2010-11-11] (MCCI Corporation)
S3 gdrv; \??\C:\windows\gdrv.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-02-05 20:03 - 2015-02-05 20:03 - 00028891 _____ () C:\Users\Stephen\Desktop\FRST.txt
2015-02-05 20:03 - 2015-02-05 20:03 - 00000000 ____D () C:\FRST
2015-02-05 20:02 - 2015-02-05 20:02 - 00010870 _____ () C:\Users\Admin\Desktop\AdwCleaner[R0].txt
2015-02-05 20:00 - 2015-02-05 20:01 - 00000000 ____D () C:\AdwCleaner
2015-02-05 19:59 - 2015-02-05 19:59 - 02131968 _____ (Farbar) C:\Users\Stephen\Desktop\FRST64.exe
2015-02-05 19:59 - 2015-02-05 19:59 - 02112512 _____ () C:\Users\Stephen\Desktop\adwcleaner_4.110.exe
2015-02-05 19:58 - 2015-02-05 19:58 - 00000207 _____ () C:\windows\tweaking.com-regbackup-ZT2012-Windows-7-Home-Premium-(64-bit).dat
2015-02-05 19:57 - 2015-02-05 19:57 - 00002237 _____ () C:\Users\Public\Desktop\Tweaking.com - Registry Backup.lnk
2015-02-05 19:57 - 2015-02-05 19:57 - 00000000 ____D () C:\RegBackup
2015-02-05 19:57 - 2015-02-05 19:57 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Tweaking.com
2015-02-05 19:57 - 2015-02-05 19:57 - 00000000 ____D () C:\Program Files (x86)\Tweaking.com
2015-02-05 19:55 - 2015-02-05 19:55 - 04803888 _____ () C:\Users\Stephen\Desktop\tweaking.com_registry_backup_setup.exe
2015-02-01 20:23 - 2015-02-05 02:26 - 00000000 ____D () C:\ProgramData\IDrive
2015-02-01 20:23 - 2015-02-01 20:24 - 00000000 ____D () C:\Program Files (x86)\IDriveWindows
2015-02-01 20:23 - 2015-02-01 20:23 - 00001932 _____ () C:\Users\Public\Desktop\IDrive.lnk
2015-02-01 20:23 - 2015-02-01 20:23 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\IDrive
2015-02-01 20:23 - 2015-01-27 19:18 - 00533776 _____ (Microsoft Corporation) C:\windows\SysWOW64\msxml.dll
2015-02-01 20:09 - 2015-02-01 20:09 - 19659752 _____ (Pro Softnet Corp ) C:\Users\Stephen\Desktop\IDriveWinSetup.exe
2015-02-01 17:37 - 2015-02-01 17:37 - 00000000 ____D () C:\Users\Stephen\AppData\Roaming\WinPatrol
2015-02-01 15:56 - 2015-02-01 15:56 - 00000000 ____D () C:\Users\Admin\AppData\Roaming\WinPatrol
2015-02-01 15:56 - 2015-02-01 15:56 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinPatrol
2015-02-01 15:56 - 2015-02-01 15:56 - 00000000 ____D () C:\ProgramData\InstallMate
2015-02-01 15:56 - 2015-02-01 15:56 - 00000000 ____D () C:\Program Files (x86)\Ruiware
2015-02-01 14:41 - 2015-02-01 17:46 - 00129752 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\MBAMSwissArmy.sys
2015-02-01 14:41 - 2015-02-01 14:41 - 00001104 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2015-02-01 14:41 - 2015-02-01 14:41 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2015-02-01 14:41 - 2015-02-01 14:41 - 00000000 ____D () C:\ProgramData\Malwarebytes
2015-02-01 14:41 - 2015-02-01 14:41 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2015-02-01 14:41 - 2014-11-21 06:14 - 00093400 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\mbamchameleon.sys
2015-02-01 14:41 - 2014-11-21 06:14 - 00063704 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\mwac.sys
2015-02-01 14:41 - 2014-11-21 06:14 - 00025816 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\mbam.sys
2015-02-01 14:27 - 2015-02-01 14:27 - 00014704 _____ () C:\Users\Admin\Desktop\attach2.txt
2015-02-01 14:27 - 2015-02-01 14:26 - 00023188 _____ () C:\Users\Admin\Desktop\dds2.txt
2015-01-31 20:46 - 2015-01-31 20:46 - 00023553 _____ () C:\Users\Admin\Desktop\dds1.txt
2015-01-31 20:46 - 2015-01-31 20:46 - 00014820 _____ () C:\Users\Admin\Desktop\attach1.txt
2015-01-31 20:44 - 2015-01-31 20:44 - 00688992 ____R (Swearware) C:\Users\Admin\Desktop\dds.scr
2015-01-30 09:02 - 2015-01-30 09:02 - 00010671 _____ () C:\Users\Stephen\Downloads\meeting (6).collab
2015-01-30 09:01 - 2015-01-30 09:01 - 00010671 _____ () C:\Users\Stephen\Downloads\meeting (5).collab
2015-01-29 21:03 - 2015-01-29 21:03 - 00000000 ____D () C:\Users\Admin\AppData\Roaming\HD Tune Pro
2015-01-29 19:36 - 2015-01-29 19:36 - 1529855018 _____ () C:\windows\MEMORY.DMP
2015-01-29 19:36 - 2015-01-29 19:36 - 00000000 ____D () C:\windows\Minidump
2015-01-29 19:26 - 2015-01-29 19:26 - 00010592 _____ () C:\Users\Stephen\Downloads\nativeplayback.collab
2015-01-28 22:56 - 2015-01-28 22:56 - 00000000 ____D () C:\Program Files (x86)\Ffmpeg For Audacity
2015-01-27 21:37 - 2015-01-27 21:38 - 183308946 _____ () C:\Users\Stephen\Downloads\Byers Heart Project (1).zip
2015-01-25 22:14 - 2015-01-25 22:14 - 183308946 _____ () C:\Users\Stephen\Downloads\Byers Heart Project.zip
2015-01-23 19:16 - 2015-01-24 14:49 - 00000000 ____D () C:\Users\Admin\Documents\Action!
2015-01-23 19:16 - 2015-01-24 10:49 - 00003924 _____ () C:\windows\windefendam.log
2015-01-23 19:16 - 2015-01-24 10:49 - 00000020 _____ () C:\windows\capsys184523.log
2015-01-23 19:16 - 2015-01-23 19:16 - 00000000 ____D () C:\Users\Admin\AppData\Roaming\Mirillis
2015-01-23 19:16 - 2015-01-23 19:16 - 00000000 ____D () C:\ProgramData\Mirillis
2015-01-23 19:15 - 2015-01-23 19:15 - 00002037 _____ () C:\Users\Public\Desktop\Action!.lnk
2015-01-23 19:15 - 2015-01-23 19:15 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mirillis
2015-01-23 19:15 - 2015-01-23 19:15 - 00000000 ____D () C:\Program Files (x86)\Mirillis
2015-01-23 19:14 - 2015-01-23 19:14 - 21876840 _____ (Mirillis Ltd.) C:\Users\Stephen\Downloads\action_1_21_0_setup.exe
2015-01-23 19:14 - 2015-01-23 19:14 - 00001004 _____ () C:\Users\Public\Desktop\Screen Recorder.lnk
2015-01-23 19:14 - 2015-01-23 19:14 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ZD Soft
2015-01-23 19:12 - 2015-01-23 19:12 - 02352652 _____ () C:\Users\Stephen\Downloads\ScnRec.msi
2015-01-23 08:51 - 2015-01-23 08:51 - 00010671 _____ () C:\Users\Stephen\Downloads\meeting (4).collab
2015-01-22 20:47 - 2015-01-22 20:47 - 00010671 _____ () C:\Users\Stephen\Downloads\meeting (3).collab
2015-01-22 20:00 - 2015-01-22 20:00 - 00000127 _____ () C:\Users\Stephen\Desktop\Basic Information.url
2015-01-17 09:00 - 2015-01-17 09:01 - 00000138 _____ () C:\Users\Stephen\Desktop\Tanki-Russian Server 1.url
2015-01-17 08:50 - 2015-01-17 08:51 - 00000115 _____ () C:\Users\Stephen\Desktop\Tanki.url
2015-01-16 08:53 - 2015-01-16 08:53 - 00010671 _____ () C:\Users\Stephen\Downloads\meeting (2).collab
2015-01-15 22:05 - 2015-01-15 22:05 - 00010671 _____ () C:\Users\Stephen\Downloads\meeting (1).collab
2015-01-13 19:05 - 2014-12-18 22:06 - 00210432 _____ (Microsoft Corporation) C:\windows\system32\profsvc.dll
2015-01-13 19:05 - 2014-12-18 20:46 - 00141312 _____ (Microsoft Corporation) C:\windows\system32\Drivers\mrxdav.sys
2015-01-13 19:05 - 2014-12-12 00:35 - 05553592 _____ (Microsoft Corporation) C:\windows\system32\ntoskrnl.exe
2015-01-13 19:05 - 2014-12-12 00:31 - 00503808 _____ (Microsoft Corporation) C:\windows\system32\srcore.dll
2015-01-13 19:05 - 2014-12-12 00:31 - 00296960 _____ (Microsoft Corporation) C:\windows\system32\rstrui.exe
2015-01-13 19:05 - 2014-12-12 00:31 - 00050176 _____ (Microsoft Corporation) C:\windows\system32\srclient.dll
2015-01-13 19:05 - 2014-12-12 00:11 - 03971512 _____ (Microsoft Corporation) C:\windows\SysWOW64\ntkrnlpa.exe
2015-01-13 19:05 - 2014-12-12 00:11 - 03916728 _____ (Microsoft Corporation) C:\windows\SysWOW64\ntoskrnl.exe
2015-01-13 19:05 - 2014-12-12 00:07 - 00043008 _____ (Microsoft Corporation) C:\windows\SysWOW64\srclient.dll
2015-01-13 19:05 - 2014-12-11 12:47 - 00062976 _____ (Microsoft Corporation) C:\windows\system32\TSWbPrxy.exe
2015-01-13 19:05 - 2014-12-05 23:17 - 00303616 _____ (Microsoft Corporation) C:\windows\system32\nlasvc.dll
2015-01-13 19:05 - 2014-12-05 22:50 - 00156672 _____ (Microsoft Corporation) C:\windows\SysWOW64\ncsi.dll
2015-01-13 19:05 - 2014-12-05 22:50 - 00052224 _____ (Microsoft Corporation) C:\windows\SysWOW64\nlaapi.dll
2015-01-11 21:20 - 2015-01-11 21:20 - 01623466 _____ () C:\Users\Stephen\Downloads\MyDownloadPackage (1).zip
2015-01-11 21:12 - 2015-01-11 21:13 - 01352983 _____ () C:\Users\Stephen\Downloads\MyDownloadPackage.zip
2015-01-11 15:45 - 2015-01-11 15:45 - 00010671 _____ () C:\Users\Stephen\Downloads\meeting.collab
2015-01-11 15:43 - 2015-01-11 15:43 - 00001636 _____ () C:\Users\Stephen\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Blackboard Collaborate Launcher.lnk
2015-01-11 15:43 - 2015-01-11 15:43 - 00000000 ____D () C:\Users\Stephen\AppData\Local\Blackboard

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-02-05 19:51 - 2012-04-18 18:22 - 00000898 _____ () C:\windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-02-05 19:45 - 2012-03-02 19:42 - 01843725 _____ () C:\windows\WindowsUpdate.log
2015-02-05 19:30 - 2012-04-10 19:16 - 00000830 _____ () C:\windows\Tasks\Adobe Flash Player Updater.job
2015-02-05 18:42 - 2012-03-26 19:16 - 00126736 _____ () C:\ProgramData\lxecscan.log
2015-02-05 18:37 - 2012-03-29 18:24 - 00000000 ____D () C:\ProgramData\MFAData
2015-02-05 16:10 - 2012-11-13 20:29 - 00000347 _____ () C:\.dir
2015-02-05 11:30 - 2012-04-10 19:16 - 00701616 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerApp.exe
2015-02-05 11:30 - 2012-03-06 21:37 - 00071344 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerCPLApp.cpl
2015-02-05 04:51 - 2012-04-18 18:22 - 00000894 _____ () C:\windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-02-04 03:06 - 2014-01-29 03:03 - 00775502 _____ () C:\windows\SysWOW64\PerfStringBackup.INI
2015-02-04 03:06 - 2009-07-14 00:13 - 00775502 _____ () C:\windows\system32\PerfStringBackup.INI
2015-02-01 20:13 - 2013-05-16 20:26 - 00001236 __RSH () C:\Users\Stephen\ntuser.pol
2015-02-01 20:13 - 2012-03-06 20:50 - 00000000 ____D () C:\Users\Stephen
2015-02-01 20:00 - 2012-12-04 22:09 - 00000000 ___RD () C:\Users\Stephen\Google Drive
2015-02-01 17:44 - 2013-05-16 20:26 - 00000632 __RSH () C:\Users\Admin\ntuser.pol
2015-02-01 17:44 - 2013-05-16 19:09 - 00000000 ____D () C:\Users\Admin
2015-02-01 16:15 - 2009-07-13 23:45 - 00024608 ____H () C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-02-01 16:15 - 2009-07-13 23:45 - 00024608 ____H () C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-02-01 16:06 - 2014-09-02 15:47 - 00766724 _____ () C:\windows\PFRO.log
2015-02-01 16:06 - 2014-07-21 19:20 - 00006204 _____ () C:\windows\setupact.log
2015-02-01 16:06 - 2009-07-14 00:08 - 00000006 ____H () C:\windows\Tasks\SA.DAT
2015-02-01 15:48 - 2012-08-12 20:07 - 00000000 ____D () C:\Users\Stephen\AppData\Local\CRE
2015-02-01 14:18 - 2013-11-17 19:34 - 00000000 ____D () C:\Program Files (x86)\Spybot - Search & Destroy 2
2015-02-01 14:17 - 2013-11-17 20:05 - 00001524 _____ () C:\windows\wininit.ini
2015-02-01 14:17 - 2013-11-17 19:34 - 00000000 ____D () C:\ProgramData\Spybot - Search & Destroy
2015-01-31 20:31 - 2013-03-17 11:09 - 00000000 ____D () C:\Program Files (x86)\Canon
2015-01-31 20:22 - 2013-10-25 19:52 - 00000000 ____D () C:\Program Files (x86)\BookSmart
2015-01-31 20:21 - 2011-11-22 16:55 - 00000000 ___HD () C:\Program Files (x86)\InstallShield Installation Information
2015-01-31 20:20 - 2012-07-05 21:07 - 00000000 ____D () C:\Program Files (x86)\TopicsLearning
2015-01-31 20:19 - 2012-07-05 21:08 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TopicsLearning
2015-01-31 20:02 - 2012-05-17 18:00 - 00000000 ____D () C:\Program Files (x86)\MediaMall
2015-01-31 20:01 - 2013-11-30 19:42 - 00000000 ____D () C:\ProgramData\CrashPlan
2015-01-30 22:41 - 2013-09-01 19:09 - 00000000 ____D () C:\Users\Stephen\AppData\Roaming\.ACEStream
2015-01-30 21:33 - 2014-06-19 17:20 - 00000000 ____D () C:\Users\Stephen\AppData\Roaming\Audacity
2015-01-30 09:48 - 2014-02-15 13:44 - 00000000 ____D () C:\Users\Stephen\Documents\Adelaide
2015-01-28 17:26 - 2012-03-26 19:27 - 00000000 ____D () C:\Users\Stephen\AppData\Local\CrashDumps
2015-01-28 10:30 - 2012-09-01 09:10 - 00000000 ____D () C:\Users\Stephen\AppData\Roaming\Skype
2015-01-26 20:08 - 2012-04-26 21:12 - 00000000 ____D () C:\Users\Stephen\Documents\Home
2015-01-26 19:52 - 2012-08-09 20:33 - 00000000 ____D () C:\Users\Stephen\Documents\Addison
2015-01-22 15:52 - 2012-12-04 22:07 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Drive
2015-01-19 11:50 - 2012-03-26 19:11 - 00000000 ____D () C:\ProgramData\lx_Cats
2015-01-14 16:54 - 2012-03-06 21:28 - 00000000 ____D () C:\Users\Stephen\AppData\Local\Microsoft Help
2015-01-14 03:09 - 2013-08-15 02:01 - 00000000 ____D () C:\windows\system32\MRT
2015-01-14 03:00 - 2012-08-15 18:35 - 113365784 _____ (Microsoft Corporation) C:\windows\system32\MRT.exe
2015-01-08 08:34 - 2014-03-15 08:12 - 00000967 _____ () C:\Users\Public\Desktop\AVG 2014.lnk

==================== Files in the root of some directories =======

2012-08-09 18:47 - 2014-12-05 09:45 - 0000599 _____ () C:\Users\Stephen\AppData\Roaming\My Profile.xml
2012-10-29 18:31 - 2014-02-08 08:16 - 0019968 _____ () C:\Users\Stephen\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2013-11-30 16:54 - 2013-11-30 16:54 - 0000017 _____ () C:\Users\Stephen\AppData\Local\resmon.resmoncfg
2012-05-26 07:02 - 2012-05-26 07:02 - 0000000 _____ () C:\ProgramData\cmn_upld.log
2012-03-26 19:18 - 2014-01-09 20:42 - 0000756 _____ () C:\ProgramData\FastPics.log
2013-11-30 15:45 - 2014-09-16 16:18 - 0000585 _____ () C:\ProgramData\lxec.log
2013-01-21 08:47 - 2014-11-04 19:26 - 0000492 _____ () C:\ProgramData\lxecDiagnostics.log
2012-03-26 19:15 - 2014-11-11 19:37 - 0286390 _____ () C:\ProgramData\lxecJSW.log
2012-03-26 19:16 - 2015-02-05 18:42 - 0126736 _____ () C:\ProgramData\lxecscan.log
2012-05-26 07:02 - 2012-05-26 07:02 - 0000000 _____ () C:\ProgramData\LxWbGwLog.log
2014-11-03 15:49 - 2014-11-03 15:49 - 1727233 _____ () C:\ProgramData\SPL1E95.tmp
2014-12-11 09:02 - 2014-12-11 09:02 - 30331855 _____ () C:\ProgramData\SPL4149.tmp
2013-11-17 18:29 - 2013-11-17 18:29 - 0153787 _____ () C:\ProgramData\SPL451E.tmp
2014-01-16 22:29 - 2014-01-16 22:29 - 2398763 _____ () C:\ProgramData\SPL4F8E.tmp
2014-09-16 15:50 - 2014-09-16 15:50 - 0282720 _____ () C:\ProgramData\SPL5C9B.tmp
2012-05-08 15:28 - 2012-05-08 15:32 - 31633754 _____ () C:\ProgramData\SPL6612.tmp
2014-09-22 14:36 - 2014-09-22 14:36 - 0560864 _____ () C:\ProgramData\SPL733C.tmp
2014-09-26 11:44 - 2014-09-26 11:44 - 6057910 _____ () C:\ProgramData\SPL7446.tmp
2013-02-02 22:57 - 2013-02-02 22:57 - 1248926 _____ () C:\ProgramData\SPL7651.tmp
2014-10-21 10:02 - 2014-10-21 10:02 - 0107251 _____ () C:\ProgramData\SPL8F6E.tmp
2013-11-17 19:47 - 2013-11-17 19:47 - 0003206 _____ () C:\ProgramData\SPL9CCB.tmp
2014-02-24 09:21 - 2014-02-24 09:21 - 2934426 _____ () C:\ProgramData\SPLA3E1.tmp
2013-11-17 14:45 - 2013-11-17 14:45 - 1483386 _____ () C:\ProgramData\SPLBDBC.tmp
2013-11-27 11:04 - 2013-11-27 11:04 - 0279366 _____ () C:\ProgramData\SPLC1F5.tmp
2014-08-08 11:45 - 2014-08-08 11:45 - 0147900 _____ () C:\ProgramData\SPLD2A4.tmp
2014-11-14 13:29 - 2014-11-14 13:29 - 0800734 _____ () C:\ProgramData\SPLE13B.tmp
2013-12-12 03:19 - 2013-12-12 03:19 - 0230838 _____ () C:\ProgramData\SPLEA69.tmp
2013-12-09 22:16 - 2013-12-09 22:16 - 0135883 _____ () C:\ProgramData\SPLF94A.tmp
2012-03-26 19:16 - 2012-03-26 19:16 - 0000000 _____ () C:\ProgramData\UpdaterLog.txt

Files to move or delete:
====================
C:\Users\Public\AlexaNSISPlugin.2808.dll
C:\Users\Stephen\javafx-windows-x64__Vlatest.exe


Some content of TEMP:
====================
C:\Users\Admin\AppData\Local\Temp\i4jdel0.exe
C:\Users\Admin\AppData\Local\Temp\_is11BC.exe
C:\Users\Admin\AppData\Local\Temp\_is697C.exe
C:\Users\Stephen\AppData\Local\Temp\i4jdel0.exe
C:\Users\Stephen\AppData\Local\Temp\SkypeSetup.exe


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


ATTENTION: ==> Could not access BCD. Check to make sure user is administrator or see Addition.txt for additional information.

==================== End Of Log ============================
stephenabyers
Active Member
 
Posts: 14
Joined: January 31st, 2015, 9:48 pm

Re: FileParade + very slow startup and shutdown

Unread postby stephenabyers » February 5th, 2015, 9:13 pm

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 05-02-2015
Ran by Stephen at 2015-02-05 20:04:16
Running from C:\Users\Stephen\Desktop
Boot Mode: Normal
==========================================================


==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: AVG AntiVirus Free Edition 2014 (Enabled - Up to date) {0E9420C4-06B3-7FA0-3AB1-6E49CB52ECD9}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: AVG AntiVirus Free Edition 2014 (Enabled - Up to date) {B5F5C120-2089-702E-0001-553BB0D5A664}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

µTorrent (HKU\S-1-5-21-4008453203-116359934-4206298802-1001\...\uTorrent) (Version: 3.4.2.32239 - BitTorrent Inc.)
7-Zip 9.22beta (HKLM-x32\...\7-Zip) (Version: - )
Ace Stream Media 2.2.10-next (HKU\S-1-5-21-4008453203-116359934-4206298802-1001\...\AceStream) (Version: 2.2.10-next - Ace Stream Media)
Action! (HKLM-x32\...\Mirillis Action!) (Version: 1.21.0 - Mirillis)
Adobe Flash Player 16 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 16.0.0.305 - Adobe Systems Incorporated)
Adobe Flash Player 16 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 16.0.0.305 - Adobe Systems Incorporated)
Adobe Reader X (10.1.12) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AA1000000001}) (Version: 10.1.12 - Adobe Systems Incorporated)
Adobe Shockwave Player 11.6 (HKLM-x32\...\Adobe Shockwave Player) (Version: 11.6.8.638 - Adobe Systems, Inc.)
Akamai NetSession Interface (HKU\S-1-5-21-4008453203-116359934-4206298802-1001\...\Akamai) (Version: - Akamai Technologies, Inc)
Amazon MP3 Downloader 1.0.17 (HKLM-x32\...\Amazon MP3 Downloader) (Version: 1.0.17 - Amazon Services LLC)
Apple Application Support (HKLM-x32\...\{83CAF0DE-8D3B-4C37-A631-2B8F16EC3031}) (Version: 3.1 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{BDD99690-3541-4619-9D2A-3CDDB3E15F9E}) (Version: 8.0.5.6 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
Audacity 2.0.5 (HKLM-x32\...\Audacity_is1) (Version: 2.0.5 - Audacity Team)
AVG 2014 (HKLM\...\AVG) (Version: 2014.0.4800 - AVG Technologies)
AVG 2014 (Version: 14.0.4257 - AVG Technologies) Hidden
AVG 2014 (Version: 14.0.4800 - AVG Technologies) Hidden
AVG SafeGuard toolbar (HKLM-x32\...\AVG SafeGuard toolbar) (Version: 18.2.0.829 - AVG Technologies)
Blackboard Collaborate Launcher (HKLM-x32\...\{7D82D616-8BD8-4BE3-B19C-C4BC772E8426}) (Version: 1.2.0.0 - Blackboard)
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
CCleaner (HKLM\...\CCleaner) (Version: 4.15 - Piriform)
CyberLink Blu-ray Disc Suite (HKLM-x32\...\InstallShield_{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}) (Version: 6.0.3226 - CyberLink Corp.)
CyberLink LabelPrint (HKLM-x32\...\InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}) (Version: 2.5.1916 - CyberLink Corp.)
CyberLink LG Burning Tool (HKLM-x32\...\InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}) (Version: 6.2.3714 - CyberLink Corp.)
CyberLink MediaShow (HKLM-x32\...\InstallShield_{80E158EA-7181-40FE-A701-301CE6BE64AB}) (Version: 4.1.3402 - CyberLink Corp.)
CyberLink PowerBackup (HKLM-x32\...\{ADD5DB49-72CF-11D8-9D75-000129760D75}) (Version: 2.5.4511 - CyberLink Corp.)
CyberLink PowerDVD 9 (HKLM-x32\...\InstallShield_{A8516AC9-AAF1-47F9-9766-03E2D4CDBCF8}) (Version: 9.0.3815.52 - CyberLink Corp.)
CyberLink PowerProducer (HKLM-x32\...\InstallShield_{B7A0CE06-068E-11D6-97FD-0050BACBF861}) (Version: 5.0.1.1520 - CyberLink Corp.)
CyberLink YouCam (HKLM-x32\...\InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}) (Version: 1.0.2609 - CyberLink Corp.)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
DVD Shrink 3.2 (HKLM-x32\...\DVD Shrink_is1) (Version: - DVD Shrink)
eFax Messenger (HKLM-x32\...\{DF6DA606-904D-4C18-823F-A4CFC3035E53}) (Version: 4.4.1.528 - j2 Global)
Etron USB3.0 Host Controller (HKLM-x32\...\InstallShield_{DFBB738C-71D8-4DC5-B8D2-D65C37680E27}) (Version: 0.95 - Etron Technology)
Etron USB3.0 Host Controller (x32 Version: 0.95 - Etron Technology) Hidden
Exact Audio Copy 1.0beta3 (HKLM-x32\...\Exact Audio Copy) (Version: 1.0beta3 - Andre Wiethoff)
FFmpeg v0.6.2 for Audacity (HKLM-x32\...\FFmpeg for Audacity_is1) (Version: - )
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 40.0.2214.111 - Google Inc.)
Google Drive (HKLM-x32\...\{65EACBB4-B0B8-4A5B-AE46-22DBE15C70B5}) (Version: 1.19.8406.6504 - Google, Inc.)
Google Earth Plug-in (HKLM-x32\...\{4AB54F11-2F8C-11E3-B09F-B8AC6F97B88E}) (Version: 7.1.2.2041 - Google)
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
Grade 4 Success (HKLM-x32\...\{B48337F4-01EE-4502-869F-BA75816D367C}) (Version: 0001.0000.0000 - Topics Learning Inc.)
Grade 4 Success (x32 Version: 0001.0000.0000 - Topics Learning Inc.) Hidden
IDrive Version - 6.0 (HKLM-x32\...\IDrive_is1) (Version: 6.0 - Pro Softnet Corp)
Image Data Converter (HKLM-x32\...\{87998E4E-6D9C-411B-AAE9-B8523FFE357D}) (Version: 4.2.02.10112 - Sony Corporation)
Intel(R) Control Center (HKLM-x32\...\{F8A9085D-4C7A-41a9-8A77-C8998A96C421}) (Version: 1.2.1.1007 - Intel Corporation)
Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 7.0.0.1118 - Intel Corporation)
Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 9.17.10.3347 - Intel Corporation)
iTunes (HKLM\...\{2ABBBD91-91E5-4AD7-929A-FE15D1DC0576}) (Version: 12.0.1.26 - Apple Inc.)
Java 7 Update 67 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F03217067FF}) (Version: 7.0.670 - Oracle)
Java 8 Update 25 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218025F0}) (Version: 8.0.250 - Oracle Corporation)
Java(TM) 6 Update 45 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86416045FF}) (Version: 6.0.450 - Oracle)
Java(TM) SE Development Kit 6 Update 45 (64-bit) (HKLM\...\{64A3A4F4-B792-11D6-A78A-00B0D0160450}) (Version: 1.6.0.450 - Oracle)
JavaFX 2.1.1 (HKLM-x32\...\{1111706F-666A-4037-7777-211328764D10}) (Version: 2.1.1 - Oracle Corporation)
JavaFX 2.2.7 (64-bit) (HKLM\...\{1111706F-666A-4037-7777-227648764D10}) (Version: 2.2.7 - Oracle Corporation)
Junk Mail filter update (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
LAME v3.99.3 (for Windows) (HKLM-x32\...\LAME_is1) (Version: - )
Lexmark Pro800-Pro900 Series (HKLM\...\Lexmark Pro800-Pro900 Series) (Version: - Lexmark International, Inc.)
LightScribe System Software (HKLM-x32\...\{E0E55FC1-C53D-4F8D-B14B-B59C312747C8}) (Version: 1.18.22.2 - LightScribe)
Logitech Harmony Remote Software 7 (HKLM-x32\...\{5C6F884D-680C-448B-B4C9-22296EE1B206}) (Version: 7.7.0.0 - Logitech)
Logitech Media Server 7.7.5 (HKLM-x32\...\Logitech Media Server_is1) (Version: 7.7.5 - Logitech)
Malwarebytes Anti-Malware version 2.0.4.1028 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.4.1028 - Malwarebytes Corporation)
MergeModule_x64 (Version: 8.0.00 - Sony Corporation) Hidden
Microsoft .NET Framework 4.5.2 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.51209 - Microsoft Corporation)
Microsoft Access 2000 SR-1 Runtime (HKLM-x32\...\{004F0409-78E1-11D2-B60F-006097C998E7}) (Version: 9.00.3821 - Microsoft Corporation)
Microsoft Keyboard Layout Creator 1.4 (HKLM-x32\...\{99E66BC9-E4B6-485F-ABFC-31EFCE36DFDF}) (Version: 1.4.6000 - Microsoft Corp.)
Microsoft Mouse and Keyboard Center (HKLM\...\Microsoft Mouse and Keyboard Center) (Version: 2.2.173.0 - Microsoft Corporation)
Microsoft Office 2010 (HKLM-x32\...\{95140000-0070-0000-0000-0000000FF1CE}) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Office Professional Plus 2010 (HKLM-x32\...\Office14.PROPLUSR) (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-4008453203-116359934-4206298802-1001\...\OneDriveSetup.exe) (Version: 17.0.4029.0217 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Movie Maker (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Mozilla Firefox 27.0.1 (x86 en-US) (HKU\S-1-5-21-4008453203-116359934-4206298802-1001\...\Mozilla Firefox 27.0.1 (x86 en-US)) (Version: 27.0.1 - Mozilla)
MSXML 4.0 SP3 Parser (HKLM-x32\...\{196467F1-C11F-4F76-858B-5812ADC83B94}) (Version: 4.30.2100.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (KB2758694) (HKLM-x32\...\{1D95BA90-F4F8-47EC-A882-441C99D30C1E}) (Version: 4.30.2117.0 - Microsoft Corporation)
OpenDNS Updater 2.2.1 (HKLM-x32\...\OpenDNS Updater) (Version: 2.2.1 - )
PlayMemories Home (HKLM-x32\...\{107EF5BF-F806-414F-8A4D-CA73C72EA12E}) (Version: 3.1.01.03120 - Sony Corporation)
QuickTime 7 (HKLM-x32\...\{3D2CBC2C-65D4-4463-87AB-BB2C859C1F3E}) (Version: 7.76.80.95 - Apple Inc.)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.78.1218.2013 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6282 - Realtek Semiconductor Corp.)
Remote Control USB Driver (HKLM-x32\...\{8471021C-F529-43DE-84DF-3612E10F58C4}) (Version: 2.3.2.317 - )
SAMSUNG USB Driver for Mobile Phones (HKLM\...\{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}) (Version: 1.3.550.0 - SAMSUNG Electronics Co., Ltd.)
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM-x32\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{DE28B448-32E8-4E8F-84F0-A52B21A49B5B}) (Version: - Microsoft)
Serviio (HKLM\...\Serviio) (Version: - )
Skype Click to Call (HKLM-x32\...\{B6CF2967-C81E-40C0-9815-C05774FEF120}) (Version: 6.13.13771 - Skype Technologies S.A.)
Skype™ 6.20 (HKLM-x32\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 6.20.104 - Skype Technologies S.A.)
Softsqueeze 3.9b2 (HKLM-x32\...\Softsqueeze 3.9b2) (Version: - Ralph Irving)
SOHLib for PlayMemories Home (Version: 1.0.3.02170 - Sony Corporation) Hidden
Sony RAW Driver (HKLM-x32\...\{166FCF01-AC98-4288-A01C-90BEB808C059}) (Version: 2.0.00.08130 - Sony Corporation)
SqueezePlay 7.8.0r328 (HKLM-x32\...\{09B790E3-21E3-4D1A-8130-AAA9227C9785}_is1) (Version: - Logitech)
swMSM (x32 Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
Tweaking.com - Registry Backup (HKLM-x32\...\Tweaking.com - Registry Backup) (Version: 2.1.0 - Tweaking.com)
Unity Web Player (HKU\S-1-5-21-4008453203-116359934-4206298802-1001\...\UnityWebPlayer) (Version: - Unity Technologies ApS)
Visual Studio 2008 x64 Redistributables (HKLM-x32\...\{FCDBEA60-79F0-4FAE-BBA8-55A26C609A49}) (Version: 10.0.0.2 - AVG Technologies)
Visual Studio 2010 x64 Redistributables (HKLM\...\{21B133D6-5979-47F0-BE1C-F6A6B304693F}) (Version: 13.0.0.1 - AVG Technologies)
Visual Studio 2012 x64 Redistributables (HKLM\...\{8C775E70-A791-4DA8-BCC3-6AB7136F4484}) (Version: 14.0.0.1 - AVG Technologies)
Visual Studio 2012 x86 Redistributables (HKLM-x32\...\{98EFF19A-30AB-4E4B-B943-F06B1C63EBF8}) (Version: 14.0.0.1 - AVG Technologies CZ, s.r.o.)
VLC media player (HKLM-x32\...\VLC media player) (Version: 2.1.5 - VideoLAN)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3528.0331 - Microsoft Corporation)
WinPatrol (HKLM\...\{6A206A04-6BC1-411B-AA04-4E52EDEEADF2}) (Version: 32.0.2014.5 - Ruiware)
ZD Soft Screen Recorder (HKLM-x32\...\{101CC777-634C-42AF-AF95-7A0282ABF247}) (Version: 8.0.1 - ZD Soft)

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)


==================== Restore Points =========================

ATTENTION: System Restore is disabled.
Check "winmgmt" service or repair WMI.


==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-13 21:34 - 2009-06-10 16:00 - 00000824 ____A C:\windows\system32\Drivers\etc\hosts

==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

Task: C:\windows\Tasks\Adobe Flash Player Updater.job => ?
Task: C:\windows\Tasks\GoogleUpdateTaskMachineCore.job => ?
Task: C:\windows\Tasks\GoogleUpdateTaskMachineUA.job => ?

==================== Loaded Modules (whitelisted) ==============

2013-09-05 00:17 - 2013-09-05 00:17 - 04300456 _____ () C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Cultures\OFFICE.ODF
2010-10-20 14:23 - 2010-10-20 14:23 - 08801632 _____ () C:\Program Files\Microsoft Office\Office14\1033\GrooveIntlResource.dll
2015-02-01 20:23 - 2015-01-27 19:16 - 00582656 _____ () C:\Program Files (x86)\IDriveWindows\IDContextMenu.dll
2014-01-09 20:39 - 2013-01-23 13:35 - 00772712 _____ () C:\Program Files (x86)\Lexmark Pro800-Pro900 Series\lxecmon.exe
2014-01-09 20:39 - 2013-01-23 13:35 - 00150264 _____ () C:\Program Files (x86)\Lexmark Pro800-Pro900 Series\ezprint.exe
2011-11-22 16:54 - 2011-01-07 03:57 - 00094208 _____ () C:\Windows\System32\IccLibDll_x64.dll
2010-06-16 16:42 - 2010-06-16 16:42 - 00839680 _____ () C:\Program Files (x86)\OpenDNS Updater\OpenDNSUpdater.exe
2014-08-22 10:11 - 2014-09-25 12:57 - 00027904 _____ () C:\Users\Stephen\AppData\Roaming\ACEStream\engine\ace_engine.exe
2011-08-11 10:27 - 2011-08-11 10:27 - 15490560 _____ () C:\Users\Stephen\AppData\Local\Autobahn\nexdef.exe
2014-03-25 15:41 - 2014-12-11 19:11 - 02636312 _____ () C:\Program Files (x86)\AVG SafeGuard toolbar\vprot.exe
2013-03-29 06:18 - 2013-03-29 06:18 - 00026744 _____ () C:\Users\Stephen\AppData\Roaming\ACEStream\updater\ace_update.exe
2015-02-01 20:23 - 2015-01-27 19:18 - 00225280 _____ () C:\Program Files (x86)\IDriveWindows\Sync.dll
2015-02-01 20:23 - 2015-01-31 17:08 - 00013312 _____ () C:\Program Files (x86)\IDriveWindows\SqliteWrapper.dll
2015-02-01 20:23 - 2015-01-27 19:16 - 00834048 _____ () C:\Program Files (x86)\IDriveWindows\sqlite3.dll
2015-02-01 20:23 - 2015-01-27 19:17 - 01890088 _____ () C:\Program Files (x86)\IDriveWindows\cmd_util\idwutil_600.exe

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)


==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)


==================== EXE Association (whitelisted) ===============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)


==================== Other Registry Areas =====================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-4008453203-116359934-4206298802-1001\Control Panel\Desktop\\Wallpaper ->

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)

MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^ImageBrowser EX Agent.lnk => C:\windows\pss\ImageBrowser EX Agent.lnk.CommonStartup
MSCONFIG\startupreg: ApnTBMon => "C:\Program Files (x86)\AskPartnerNetwork\Toolbar\Updater\TBNotifier.exe"
MSCONFIG\startupreg: BDRegion => C:\Program Files (x86)\Cyberlink\Shared files\brs.exe
MSCONFIG\startupreg: CLMLServer => "C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe"
MSCONFIG\startupreg: MDS_Menu => "C:\Program Files (x86)\CyberLink\MediaShow4\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\MediaShow4" UpdateWithCreateOnce "Software\CyberLink\MediaShow\4.1"
MSCONFIG\startupreg: PMBVolumeWatcher => C:\Program Files (x86)\Sony\PlayMemories Home\PMBVolumeWatcher.exe
MSCONFIG\startupreg: RemoteControl9 => "C:\Program Files (x86)\CyberLink\PowerDVD9\PDVD9Serv.exe"
MSCONFIG\startupreg: SDTray => "C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe"
MSCONFIG\startupreg: Skype => "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun
MSCONFIG\startupreg: Spybot-S&D Cleaning => "C:\Program Files (x86)\Spybot - Search & Destroy 2\SDCleaner.exe" /autoclean
MSCONFIG\startupreg: UCam_Menu => "C:\Program Files (x86)\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\YouCam" UpdateWithCreateOnce "Software\CyberLink\YouCam\1.0"
MSCONFIG\startupreg: UpdateLBPShortCut => "C:\Program Files (x86)\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\LabelPrint" UpdateWithCreateOnce "Software\CyberLink\LabelPrint\2.5"
MSCONFIG\startupreg: UpdateP2GoShortCut => "C:\Program Files (x86)\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\Power2Go" UpdateWithCreateOnce "SOFTWARE\CyberLink\Power2Go\6.0"
MSCONFIG\startupreg: UpdatePPShortCut => "C:\Program Files (x86)\CyberLink\PowerProducer\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\PowerProducer" UpdateWithCreateOnce "Software\CyberLink\PowerProducer\5.0"
MSCONFIG\startupreg: UpdatePSTShortCut => "C:\Program Files (x86)\CyberLink\Blu-ray Disc Suite\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\Blu-ray Disc Suite" UpdateWithCreateOnce "Software\CyberLink\PowerStarter"

==================== Accounts: =============================

Admin (S-1-5-21-4008453203-116359934-4206298802-1003 - Administrator - Enabled) => C:\Users\Admin
Administrator (S-1-5-21-4008453203-116359934-4206298802-500 - Administrator - Disabled)
Guest (S-1-5-21-4008453203-116359934-4206298802-501 - Limited - Enabled)
HomeGroupUser$ (S-1-5-21-4008453203-116359934-4206298802-1002 - Limited - Enabled)
Stephen (S-1-5-21-4008453203-116359934-4206298802-1001 - Limited - Enabled) => C:\Users\Stephen

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (02/01/2015 08:04:11 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Client application bug: DNSServiceResolve(10:40:f3:b4:83:c1@fe80::1240:f3ff:feb4:83c1._apple-mobdev2._tcp.local.) active for over two minutes. This places considerable burden on the network.

Error: (02/01/2015 08:04:11 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Client application bug: DNSServiceResolve(c8:bc:c8:0f:10:83@fe80::cabc:c8ff:fe0f:1083._apple-mobdev._tcp.local.) active for over two minutes. This places considerable burden on the network.

Error: (02/01/2015 04:08:05 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (02/01/2015 02:20:03 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (01/31/2015 08:01:48 PM) (Source: Microsoft-Windows-RestartManager) (EventID: 10007) (User: ZT2012)
Description: Application or service 'CrashPlan Backup Service' could not be restarted.

Error: (01/31/2015 07:48:36 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (01/31/2015 07:12:35 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (01/31/2015 06:49:30 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (01/31/2015 06:42:42 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (01/31/2015 06:33:24 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003


System errors:
=============
Error: (02/03/2015 03:19:16 AM) (Source: bowser) (EventID: 8003) (User: )
Description: The master browser has received a server announcement from the computer DELL2013
that believes that it is the master browser for the domain on transport NetBT_Tcpip_{398FA4FC-D7BB-4FEF-AC5D-A241C45B9E0D}.
The master browser is stopping or an election is being forced.

Error: (02/02/2015 06:19:44 PM) (Source: Schannel) (EventID: 4119) (User: NT AUTHORITY)
Description: The following fatal alert was received: 20.

Error: (02/02/2015 04:38:00 PM) (Source: Schannel) (EventID: 4119) (User: NT AUTHORITY)
Description: The following fatal alert was received: 20.

Error: (02/01/2015 05:43:27 PM) (Source: DCOM) (EventID: 10010) (User: )
Description: {078AEF33-C48A-49F7-AFF3-A0EE810BFE7C}

Error: (02/01/2015 05:42:57 PM) (Source: DCOM) (EventID: 10010) (User: )
Description: {AB8902B4-09CA-4BB6-B78D-A8F59079A8D5}

Error: (01/31/2015 07:54:21 PM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the WMPNetworkSvc service.

Error: (01/31/2015 07:52:47 PM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the ShellHWDetection service.

Error: (01/31/2015 07:49:18 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Spybot-S&D 2 Scanner Service service failed to start due to the following error:
%%1053

Error: (01/31/2015 07:49:18 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the Spybot-S&D 2 Scanner Service service to connect.

Error: (01/31/2015 07:48:33 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Spybot-S&D 2 Updating Service service failed to start due to the following error:
%%1053


Microsoft Office Sessions:
=========================
Error: (02/01/2015 08:04:11 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Client application bug: DNSServiceResolve(10:40:f3:b4:83:c1@fe80::1240:f3ff:feb4:83c1._apple-mobdev2._tcp.local.) active for over two minutes. This places considerable burden on the network.

Error: (02/01/2015 08:04:11 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Client application bug: DNSServiceResolve(c8:bc:c8:0f:10:83@fe80::cabc:c8ff:fe0f:1083._apple-mobdev._tcp.local.) active for over two minutes. This places considerable burden on the network.

Error: (02/01/2015 04:08:05 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (02/01/2015 02:20:03 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (01/31/2015 08:01:48 PM) (Source: Microsoft-Windows-RestartManager) (EventID: 10007) (User: ZT2012)
Description: 0CrashPlanService.exeCrashPlan Backup Service03026217820600

Error: (01/31/2015 07:48:36 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (01/31/2015 07:12:35 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (01/31/2015 06:49:30 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (01/31/2015 06:42:42 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (01/31/2015 06:33:24 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003


==================== Memory info ===========================

Processor: Intel(R) Core(TM) i7-2600 CPU @ 3.40GHz
Percentage of memory in use: 36%
Total physical RAM: 16301.12 MB
Available physical RAM: 10363.21 MB
Total Pagefile: 32600.42 MB
Available Pagefile: 26616.08 MB
Total Virtual: 8192 MB
Available Virtual: 8191.81 MB

==================== Drives ================================

Drive c: (OS) (Fixed) (Total:1862.92 GB) (Free:1330.88 GB) NTFS

==================== MBR & Partition Table ==================

==================== End Of Log ============================
stephenabyers
Active Member
 
Posts: 14
Joined: January 31st, 2015, 9:48 pm

Re: FileParade + very slow startup and shutdown

Unread postby stephenabyers » February 5th, 2015, 9:13 pm

Farbar Recovery Scan Tool (x64) Version: 05-02-2015
Ran by Stephen at 2015-02-05 20:06:49
Running from C:\Users\Stephen\Desktop
Boot Mode: Normal

================== Search Registry: "Fun4IM;Bandoo;Searchnu;Searchqu;iLivid;whitesmoke;datamngr;kelkoopartners;trolltech;babylon;conduit;sweetpacks;FileParade" ===========


===================== Search result for "Searchqu" ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{AB310581-AC80-11D1-8DF3-00C04FB6EF63}]
""="ISearchQueryHelper"

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\Interface\{AB310581-AC80-11D1-8DF3-00C04FB6EF63}]
""="ISearchQueryHelper"


===================== Search result for "iLivid" ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Applications\iLividSetup(1).exe]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Applications\iLividSetup(3).exe]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Applications\iLividSetup
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\iLividSetup(1)_RASAPI32]

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\iLividSetup(2)_RASAPI32]

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\iLividSetup(3)_RASAPI32]

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\iLividSetup
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\iLividSetup
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\iLividSetup_RASAPI32]

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\iLivid_RASAPI32]

[HKEY_USERS\S-1-5-21-4008453203-116359934-4206298802-1001\Software\ilivid]

[HKEY_USERS\S-1-5-21-4008453203-116359934-4206298802-1001\Software\ilivid\iLivid]
"Home"="C:\Users\Stephen\AppData\Local\iLivid"

[HKEY_USERS\S-1-5-21-4008453203-116359934-4206298802-1001\Software\Microsoft\IntelliType Pro\AppSpecific\iLivid.exe]

[HKEY_USERS\S-1-5-21-4008453203-116359934-4206298802-1001\Software\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Compatibility Assistant\Persisted]
"C:\Users\Stephen\Downloads\iLividSetup.exe"="1"

[HKEY_USERS\S-1-5-21-4008453203-116359934-4206298802-1001\Software\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Compatibility Assistant\Persisted]
"C:\Users\Stephen\Downloads\iLividSetup(2).exe"="1"

[HKEY_USERS\S-1-5-21-4008453203-116359934-4206298802-1001\Software\Trolltech\OrganizationDefaults\Qt Factory Cache 4.8\com.trolltech.Qt.QImageIOHandlerFactoryInterface:\C:\Users\Stephen\AppData\Local\iLivid]

[HKEY_USERS\S-1-5-21-4008453203-116359934-4206298802-1001\Software\Trolltech\OrganizationDefaults\Qt Plugin Cache 4.8.false\C:\Users\Stephen\AppData\Local\iLivid]

===================== Search result for "trolltech" ==========

[HKEY_USERS\S-1-5-21-4008453203-116359934-4206298802-1001\Software\Trolltech]

[HKEY_USERS\S-1-5-21-4008453203-116359934-4206298802-1001\Software\Trolltech\OrganizationDefaults\Qt Factory Cache 4.6\com.trolltech.Qt.QImageIOHandlerFactoryInterface:]

[HKEY_USERS\S-1-5-21-4008453203-116359934-4206298802-1001\Software\Trolltech\OrganizationDefaults\Qt Factory Cache 4.8\com.trolltech.Qt.QImageIOHandlerFactoryInterface:\C:\Users\Stephen\AppData\Local\iLivid]

[HKEY_USERS\S-1-5-21-4008453203-116359934-4206298802-1001\Software\Trolltech\OrganizationDefaults\Qt Plugin Cache 4.8.false\C:\Users\Stephen\AppData\Local\iLivid]

===================== Search result for "babylon" ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{2EECD738-5844-4A99-B4B6-146BF802613B}]
"DllName"="BabylonToolbar.dll"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{98889811-442D-49DD-99D7-DC866BE87DBC}]
"DllName"="BabylonToolbarTlbr.dll"

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Extension Compatibility\{2EECD738-5844-4A99-B4B6-146BF802613B}]
"DllName"="BabylonToolbar.dll"

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Extension Compatibility\{98889811-442D-49DD-99D7-DC866BE87DBC}]
"DllName"="BabylonToolbarTlbr.dll"


===================== Search result for "conduit" ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\063A857434EDED11A893800002C0A966]
"09699DDB14539164D9A2C3DD3B1EF5E9"="C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\iSyncConduit.dll"

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Conduit]

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Conduit\HomePage]
"{7aeae561-714b-45f6-ace3-4a8aed6e227b}"="http://search.conduit.com?SearchSource=10&CUI=UN31803351762352133&ctid=CT3268494"

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\conduitinstaller_RASAPI32]

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\VBMZ]
"P1"="conduit"

[HKEY_USERS\S-1-5-21-4008453203-116359934-4206298802-1001\Software\AppDataLow\Software\Conduit]

[HKEY_USERS\S-1-5-21-4008453203-116359934-4206298802-1001\Software\AppDataLow\Software\Conduit\ChromeExtData\GlobalStorage\Repository]
"CT3072253.mam_gk_appsData"="%7B%22apps%22%3A%5B%7B%22id%22%3A%22PriceGong%22%2C%22url%22%3A%22http%3A//pricegong.conduitapps.com/MAM/v1/html_comp.html%22%2C%22optionsDialog%22%3A%7B%22displayName%22%3A%22PriceGong%22%2C%22appDesc%22%3A%22your%20online%20shopping%20assistant.%20Use%20PriceGong%20to%20find%20the%20best%20online%20deals%20and%20get%20online%20coupons%20just%20when%20you%20need%20it.%22%2C%22privacyPolicyUrl%22%3A%22http%3A//www.pricegong.com/PrivacyPolicy.aspx%22%2C%22termsOfUseUrl%22%3A%22http%3A//www.pricegong.com/TermsofUse.aspx%22%7D%2C%22compatibility%22%3A%5B%7B%22platform%22%3A%22IE_TB%22%2C%22maxVersion%22%3A%220.0.0.0%22%7D%5D%2C%22HiddenApp%22%3Afalse%2C%22EnabledInHttps%22%3Afalse%7D%2C%7B%22id%22%3A%22CouponBuddy%22%2C%22url%22%3A%22http%3A//www.socialgrowthtechnologies.com/couponbuddy_v003/index.php%3Fctid%3DEBTOOLBARID%22%2C%22optionsDialog%22%3A%7B%22displayName%22%3A%22CouponBuddy%22%2C%22appDesc%22%3A%22Coupon%20Buddy%20saves%20you%20money%20by%20serving%20you%20the%20best%20coupons%20and%20deals%20at%20thousands%20of%20the%20largest%20online%20merchants.%20Coupon%20Buddy%20recognizes%20where%20you%20are%20browsing%20and%20alerts%20you%20of%20the%20best%20deals%20right%20on%20the%20site%20you%20are%20visiting.%22%2C%22privacyPolicyUrl%22%3A%22http%3A//cbapp.com/privacypolicy/%22%2C%22termsOfUseUrl%22%3A%22http%3A//cbapp.com/privacypolicy/%22%7D%2C%22HiddenApp%22%3Afalse%2C%22EnabledInHttps%22%3Afalse%7D%2C%7B%22id%22%3A%22WindowShopper%22%2C%22url%22%3A%22http%3A//www.superfish.com/ws/sf_conduit_loader.html%22%2C%22optionsDialog%22%3A%7B%22displayName%22%3A%22WindowShopper%22%2C%22appDesc%22%3A%22Instantly%20compare%20prices%20on%20any%20product%20on%2075%2C000%20online%20stores%20in%20US%2C%20Europe%2C%20Canada%2C%20Brazil%20or%20Australia.%20Our%20index%20covers%20over%20500%20million%20products%20in%20every%20product%20category.%20With%20the%20WindowShopper%2C%20there%27s%20no%20more%20jumping%20around%20from%20site%20to%20site%20to%20compare%20prices%20or%20to%20find%20what%20you%20want.%5Cn%20%5CnUsing%20WindowShopper%2C%20you%20will%20see%20a%20%5C%22See%20Similar%5C%22%20icon%20appear%20next%20to%20product%20images.%20Just%20click%20on%20the%20icon%20and%20the%20WindowShopper%20window%20will%20appear%2C%20presenting%20deals%20and%20visually%20similar%20products%20from%20hundreds%20of%20online%20stores.%22%2C%22privacyPolicyUrl%22%3A%22http%3A//wwws.superfish.com/privacy-policy/%22%2C%22termsOfUseUrl%22%3A%22http%3A//wwws.superfish.com/terms-of-use/%22%7D%2C%22HiddenApp%22%3Afalse%2C%22EnabledInHttps%22%3Afalse%7D%5D%2C%22Status%22%3A%22succeeded%22%2C%22lastUpdateTime%22%3A1368754742408%7D"

[HKEY_USERS\S-1-5-21-4008453203-116359934-4206298802-1001\Software\AppDataLow\Software\Conduit\ChromeExtData\pacgpkgadgmibnhpdidcnfafllnmeomc\Repository]
"CT3072253.embeddedsData"="%5B%7B%22appId%22%3A%22129571859753931591%22%2C%22apiPermissions%22%3A%7B%22crossDomainAjax%22%3Atrue%2C%22getMainFrameTitle%22%3Atrue%2C%22getMainFrameUrl%22%3Atrue%2C%22getSearchTerm%22%3Atrue%2C%22instantAlert%22%3Atrue%2C%22jsInjection%22%3Atrue%2C%22sslGranted%22%3Atrue%7D%2C%22onBeforeLoadData%22%3A%22%7B%5C%22view%5C%22%3A%7B%5C%22html%5C%22%3A%5C%22%3Ctable%20id%3D%5C%5C%5C%22main%5C%5C%5C%22%20class%3D%5C%5C%5C%22mainwrapper%5C%5C%5C%22%20cellpadding%3D%5C%5C%5C%220%5C%5C%5C%22%20cellspacing%3D%5C%5C%5C%220%5C%5C%5C%22%3E%5C%5Cn%20%20%20%20%3Ctbody%3E%3Ctr%3E%5C%5Cn%20%20%20%20%20%20%20%20%3C%21--%20don%27t%20remove%20the%20width%3D%5C%5C%5C%22100%25%5C%5C%5C%22%20bug%20in%20chrome%20the%20width%20become%20in%20px--%3E%5C%5Cn%20%20%20%20%20%20%20%20%3Ctd%20id%3D%5C%5C%5C%22textboxWrapper%5C%5C%5C%22%20width%3D%5C%5C%5C%22100%25%5C%5C%5C%22%20style%3D%5C%5C%5C%22width%3A%20100%25%3B%20background-color%3A%20rgb%28255%2C%20255%2C%20255%29%3B%20background-position%3A%20initial%20initial%3B%20background-repeat%3A%20initial%20initial%3B%5C%5C%5C%22%3E%5C%5Cn%20%20%20%20%20%20%20%20%20%20%20%20%3C%21--%20take%20focuse%20in%20IE%20--%3E%5C%5Cn%20%20%20%20%20%20%20%20%20%20%20%20%3C%21--%5Bif%20ie%5D%3E%5C%5Cn%20%20%20%20%20%20%20%20%20%20%20%20%3Cform%20onsubmit%20%3D%5C%5C%5C%22return%20false%3B%5C%5C%5C%22%20action%3D%5C%5C%5C%22%23%5C%5C%5C%22%3E%5C%5Cn%20%20%20%20%20%20%20%20%20%20%20%20%3C%21%5Bendif%5D--%3E%5C%5Cn%20%20%20%20%20%20%20%20%20%20%20%20%3Cinput%20id%3D%5C%5C%5C%22textbox%5C%5C%5C%22%20type%3D%5C%5C%5C%22text%5C%5C%5C%22%20style%3D%5C%5C%5C%22color%3A%20rgb%280%2C%200%2C%200%29%3B%20background-color%3A%20rgb%28255%2C%20255%2C%20255%29%3B%20min-width%3A%20137px%3B%20max-width%3A%20358px%3B%20width%3A%20100%25%3B%20background-position%3A%20initial%20initial%3B%20background-repeat%3A%20initial%20initial%3B%5C%5C%5C%22%3E%5C%5Cn%20%20%20%20%20%20%20%20%20%20%20%20%3C%21--%5Bif%20ie%5D%3E%5C%5Cn%20%20%20%20%20%20%20%20%20%20%20%20%3C/form%3E%5C%5Cn%20%20%20%20%20%20%20%20%20%20%20%20%3C%21%5Bendif%5D--%3E%5C%5Cn%20%20%20%20%20%20%20%20%3C/td%3E%5C%5Cn%20%20%20%20%20%20%20%20%3Ctd%20id%3D%5C%5C%5C%22infoPopupButtonWrapper%5C%5C%5C%22%20style%3D%5C%5C%5C%22background-color%3A%20rgb%28255%2C%20255%2C%20255%29%3B%20display%3A%20table-cell%3B%20background-position%3A%20initial%20initial%3B%20background-repeat%3A%20initial%20initial%3B%5C%5C%5C%22%3E%5C%5Cn%20%20%20%20%20%20%20%20%20%20%20%20%3Cdiv%20id%3D%5C%5C%5C%22infoPopupButton%5C%5C%5C%22%20class%3D%5C%5C%5C%22dropdownButton%20no-select%5C%5C%5C%22%3E%3C/div%3E%5C%5Cn%20%20%20%20%20%20%20%20%3C/td%3E%5C%5Cn%20%20%20%20%20%20%20%20%3Ctd%20id%3D%5C%5C%5C%22engineWrapperContainer%5C%5C%5C%22%3E%5C%5Cn%20%20%20%20%20%20%20%20%20%20%20%20%3Ctable%20cellpadding%3D%5C%5C%5C%220%5C%5C%5C%22%20cellspacing%3D%5C%5C%5C%220%5C%5C%5C%22%3E%5C%5Cn%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%3Ctbody%3E%3Ctr%3E%5C%5Cn%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%3Ctd%20id%3D%5C%5C%5C%22imageTextWrapperContainer%5C%5C%5C%22%3E%5C%5Cn%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%3Ctable%20cellspacing%3D%5C%5C%5C%220%5C%5C%5C%22%20cellpadding%3D%5C%5C%5C%220%5C%5C%5C%22%3E%5C%5Cn%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%3Ctbody%3E%3Ctr%3E%5C%5Cn%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%3Ctd%20id%3D%5C%5C%5C%22engineWrapper%5C%5C%5C%22%20style%3D%5C%5C%5C%22display%3A%20table-cell%3B%5C%5C%5C%22%3E%3Cimg%20style%3D%5C%5C%5C%22display%3A%20block%3B%5C%5C%5C%22%20id%3D%5C%5C%5C%22engineImage%5C%5C%5C%22%20alt%3D%5C%5C%5C%22%5C%5C%5C%22%20src%3D%5C%5C%5C%22http%3A//storage.conduit.com/53/307/CT3072253/images/634514692184142958_20PX.png%5C%5C%5C%22%20onerror%3D%5C%5C%5C%22javascript%3A%20this.src%3D%27http%3A//storage.conduit.com/images/searchengines/go_btn_new.gif%27%5C%5C%5C%22%3E%3C/td%3E%5C%5Cn%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%3Ctd%20id%3D%5C%5C%5C%22engineTextWrapper%5C%5C%5C%22%20style%3D%5C%5C%5C%22display%3A%20table-cell%3B%5C%5C%5C%22%3E%5C%5Cn%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%3Cdiv%20id%3D%5C%5C%5C%22engineText%5C%5C%5C%22%20style%3D%5C%5C%5C%22color%3A%20rgb%280%2C%200%2C%200%29%3B%20font-family%3A%20Tahoma%3B%20font-weight%3A%20normal%3B%20font-style%3A%20normal%3B%20font-size%3A%2011px%3B%5C%5C%5C%22%20title%3D%5C%5C%5C%22Search%5C%5C%5C%22%3ESearch%3C/div%3E%5C%5Cn%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%3C/td%3E%5C%5Cn%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%3C/tr%3E%5C%5Cn%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%3C/tbody%3E%3C/table%3E%5C%5Cn%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%3C/td%3E%5C%5Cn%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%3Ctd%20id%3D%5C%5C%5C%22enginesPopupButtonWrapper%5C%5C%5C%22%3E%5C%5Cn%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%3Cdiv%20id%3D%5C%5C%5C%22enginesPopupButton%5C%5C%5C%22%20class%3D%5C%5C%5C%22dropdownButton%20no-select%5C%5C%5C%22%3E%26nbsp%3B%3C/div%3E%5C%5Cn%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%3C/td%3E%5C%5Cn%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%3C/tr%3E%5C%5Cn%20%20%20%20%20%20%20%20%20%20%20%20%3C/tbody%3E%3C/table%3E%5C%5Cn%20%20%20%20%20%20%20%20%3C/td%3E%5C%5Cn%20%20%20%20%3C/tr%3E%5C%5Cn%3C/tbody%3E%3C/table%3E%5C%22%7D%2C%5C%22locale%5C%22%3A%7B%5C%22alignMode%5C%22%3A%5C%22LTR%5C%22%2C%5C%22locale%5C%22%3A%5C%22en%5C%22%2C%5C%22languageAlignMode%5C%22%3A%5C%22LTR%5C%22%7D%7D%22%7D%2C%7B%22appId%22%3A%22129593762370823811%22%2C%22apiPermissions%22%3A%7B%22crossDomainAjax%22%3Atrue%2C%22getMainFrameTitle%22%3Atrue%2C%22getMainFrameUrl%22%3Atrue%2C%22getSearchTerm%22%3Atrue%2C%22instantAlert%22%3Atrue%2C%22jsInjection%22%3Atrue%2C%22sslGranted%22%3Afalse%7D%2C%22originalHeight%22%3A26%7D%2C%7B%22appId%22%3A%22129805375651312503%22%2C%22apiPermissions%22%3A%7B%22crossDomainAjax%22%3Atrue%2C%22getMainFrameTitle%22%3Afalse%2C%22getMainFrameUrl%22%3Afalse%2C%22getSearchTerm%22%3Afalse%2C%22instantAlert%22%3Atrue%2C%22jsInjection%22%3Atrue%2C%22sslGranted%22%3Afalse%7D%2C%22originalHeight%22%3A26%7D%2C%7B%22appId%22%3A%22129749445881800338%22%2C%22apiPermissions%22%3A%7B%22crossDomainAjax%22%3Afalse%2C%22getMainFrameTitle%22%3Afalse%2C%22getMainFrameUrl%22%3Afalse%2C%22getSearchTerm%22%3Afalse%2C%22instantAlert%22%3Atrue%2C%22jsInjection%22%3Afalse%2C%22sslGranted%22%3Afalse%7D%2C%22originalHeight%22%3A26%7D%2C%7B%22appId%22%3A%221359634299000%22%2C%22apiPermissions%22%3A%7B%22crossDomainAjax%22%3Atrue%2C%22getMainFrameTitle%22%3Afalse%2C%22getMainFrameUrl%22%3Afalse%2C%22getSearchTerm%22%3Afalse%2C%22instantAlert%22%3Atrue%2C%22jsInjection%22%3Afalse%2C%22sslGranted%22%3Afalse%7D%2C%22originalHeight%22%3A26%7D%2C%7B%22appId%22%3A%22130067979083742856%22%2C%22apiPermissions%22%3A%7B%22crossDomainAjax%22%3Atrue%2C%22getMainFrameTitle%22%3Atrue%2C%22getMainFrameUrl%22%3Atrue%2C%22getSearchTerm%22%3Afalse%2C%22instantAlert%22%3Atrue%2C%22jsInjection%22%3Atrue%2C%22sslGranted%22%3Atrue%7D%2C%22originalHeight%22%3A26%7D%5D"

[HKEY_USERS\S-1-5-21-4008453203-116359934-4206298802-1001\Software\AppDataLow\Software\Conduit\ChromeExtData\pacgpkgadgmibnhpdidcnfafllnmeomc\Repository]
"gadgetsContextHash_d5c86c6a-0207-4d57-9125-87dc274fcb20___pacgpkgadgmibnhpdidcnfafllnmeomc"="%7B%22appId%22%3A%22toolbarContextMenu%22%2C%22menuId%22%3A%22toolbarContextMenu%22%2C%22viewId%22%3A%220.7702241900842637%22%2C%22isContextMenu%22%3Atrue%2C%22isMenu%22%3Atrue%2C%22context%22%3A%22popup%22%2C%22popupId%22%3A%222%22%2C%22info%22%3A%7B%22platform%22%3A%7B%22browser%22%3A%22Chrome%22%2C%22browserVersion%22%3A%2226.0.1410.64%22%2C%22locale%22%3A%22en-US%22%2C%22OS%22%3A%22Windows%22%2C%22OSVersion%22%3A%226.1%22%7D%2C%22toolbar%22%3A%7B%22id%22%3A%22CT3072253%22%2C%22name%22%3A%22uTorrentControl2%22%2C%22icon%22%3A%22chrome-extension%3A//pacgpkgadgmibnhpdidcnfafllnmeomc/toolbarImages/http___storage_conduit_com_53_307_CT3072253_Images_634520779497696087.png%22%2C%22downloadUrl%22%3A%22http%3A//uTorrentControl2.OurToolbar.com/%22%2C%22version%22%3A%2210.11.21.5%22%2C%22cID%22%3A%22pacgpkgadgmibnhpdidcnfafllnmeomc/%22%7D%2C%22app%22%3A%7B%22appId%22%3A%22toolbarContextMenu%22%2C%22isUserAdded%22%3Afalse%7D%2C%22tabInfo%22%3A%7B%22windowId%22%3A1%2C%22tabId%22%3A%222%22%2C%22selected%22%3Atrue%2C%22tabIndex%22%3Anull%7D%7D%2C%22flowid%22%3A%220.12599648535251617%22%7D"

[HKEY_USERS\S-1-5-21-4008453203-116359934-4206298802-1001\Software\AppDataLow\Software\Conduit\Community Alerts\Data\Feeds\1459356]
"Url"="http://alerts.conduit-services.com/root/1463702/1459356/US"

[HKEY_USERS\S-1-5-21-4008453203-116359934-4206298802-1001\Software\AppDataLow\Software\Conduit\Community Alerts\Settings]
"ALPServicesServerName"="http://alert.services.conduit.com"

[HKEY_USERS\S-1-5-21-4008453203-116359934-4206298802-1001\Software\AppDataLow\Software\Conduit\Community Alerts\Settings\Services\ChannelsSettings]
"URL"="http://alert.services.conduit.com/channels/?aid=EB_CHANNEL_ID"

[HKEY_USERS\S-1-5-21-4008453203-116359934-4206298802-1001\Software\AppDataLow\Software\Conduit\Community Alerts\Settings\Services\Login]
"URL"="http://alert.services.conduit.com/Alerts/AlertServices.asmx/AlertLogin"

[HKEY_USERS\S-1-5-21-4008453203-116359934-4206298802-1001\Software\AppDataLow\Software\Conduit\Community Alerts\Settings\Services\Usage]
"URL"="http://alert.services.conduit.com/Alerts/AlertServices.asmx/SetAlertUsageRequest"

[HKEY_USERS\S-1-5-21-4008453203-116359934-4206298802-1001\Software\AppDataLow\Software\Conduit\RevertSettings]
"ConduitLatestHomePage"="http://search.conduit.com?SearchSource=10&CUI=UN31803351762352133&ctid=CT3268494"

[HKEY_USERS\S-1-5-21-4008453203-116359934-4206298802-1001\Software\AppDataLow\Software\uTorrentControl2\toolbar]
"SearchServerUrl"="http://search.conduit.com"

[HKEY_USERS\S-1-5-21-4008453203-116359934-4206298802-1001\Software\AppDataLow\Software\uTorrentControl2\toolbar]
"UsageURL"="http://usage.users.conduit.com/UsersWebService.asmx/UsersRequests"

[HKEY_USERS\S-1-5-21-4008453203-116359934-4206298802-1001\Software\AppDataLow\Software\uTorrentControl2\toolbar]
"PrivacyPageURL"="http://www.conduit.com/privacy/Default.aspx"

[HKEY_USERS\S-1-5-21-4008453203-116359934-4206298802-1001\Software\AppDataLow\Software\uTorrentControl2\toolbar]
"ClientLogURL"="http://clientlog.users.conduit.com/ClientDiagnostics.asmx/ReportDiagnosticsEvent"

[HKEY_USERS\S-1-5-21-4008453203-116359934-4206298802-1001\Software\AppDataLow\Software\uTorrentControl2\toolbar]
"AppsDetectionUrlPattern"="http://appdownload.conduit.com/"

[HKEY_USERS\S-1-5-21-4008453203-116359934-4206298802-1001\Software\AppDataLow\Software\uTorrentControl2\toolbar\Repository\conduit_CT3072253]

[HKEY_USERS\S-1-5-21-4008453203-116359934-4206298802-1001\Software\AppDataLow\Software\uTorrentControl2\toolbar\Repository\conduit_CT3072253\AppRegisterUsage]
"ServiceUrl"="http://apps.usage.conduit-services.com/AppOperations/AppRegistration.ashx"

[HKEY_USERS\S-1-5-21-4008453203-116359934-4206298802-1001\Software\AppDataLow\Software\uTorrentControl2\toolbar\Repository\conduit_CT3072253\AppsSettings]
"ServiceUrl"="http://mystuff.conduit-services.com/MyStuffService.ashx?ComponentId=EB_COMP_ID"

[HKEY_USERS\S-1-5-21-4008453203-116359934-4206298802-1001\Software\AppDataLow\Software\uTorrentControl2\toolbar\Repository\conduit_CT3072253\AppTrackingUsage]
"ServiceUrl"="http://tracking.usage.app.conduit-services.com/Usage.ashx"

[HKEY_USERS\S-1-5-21-4008453203-116359934-4206298802-1001\Software\AppDataLow\Software\uTorrentControl2\toolbar\Repository\conduit_CT3072253\BrowserToolbarsInfo]
"ServiceUrl"="http://counting.usage.toolbar.conduit-services.com/usage.ashx"

[HKEY_USERS\S-1-5-21-4008453203-116359934-4206298802-1001\Software\AppDataLow\Software\uTorrentControl2\toolbar\Repository\conduit_CT3072253\DynamicDialogs]
"ServiceUrl"="http://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=EB_TOOLBAR_VERSION"

[HKEY_USERS\S-1-5-21-4008453203-116359934-4206298802-1001\Software\AppDataLow\Software\uTorrentControl2\toolbar\Repository\conduit_CT3072253\HostingUsage]
"ServiceUrl"="http://usage.hosting.toolbar.conduit-services.com/usage.ashx?ctid=EB_TOOLBAR_ID"

[HKEY_USERS\S-1-5-21-4008453203-116359934-4206298802-1001\Software\AppDataLow\Software\uTorrentControl2\toolbar\Repository\conduit_CT3072253\OtherAppsContextMenu]
"ServiceUrl"="http://contextmenu.toolbar.conduit-services.com/?name=OtherApps&locale=EB_LOCALE"

[HKEY_USERS\S-1-5-21-4008453203-116359934-4206298802-1001\Software\AppDataLow\Software\uTorrentControl2\toolbar\Repository\conduit_CT3072253\SearchInNewTabBlank]
"ServiceUrl"="http://storage.conduit.com/SearchInNewTab/SearchInNewTabBlank.html"

[HKEY_USERS\S-1-5-21-4008453203-116359934-4206298802-1001\Software\AppDataLow\Software\uTorrentControl2\toolbar\Repository\conduit_CT3072253\SharedAppsContextMenu]
"ServiceUrl"="http://contextmenu.toolbar.conduit-services.com/?name=SharedApps&locale=EB_LOCALE"

[HKEY_USERS\S-1-5-21-4008453203-116359934-4206298802-1001\Software\AppDataLow\Software\uTorrentControl2\toolbar\Repository\conduit_CT3072253\ToolbarAppUsage]
"ServiceUrl"="http://usage.toolbar.conduit-services.com/ToolbarUsage.ashx"

[HKEY_USERS\S-1-5-21-4008453203-116359934-4206298802-1001\Software\AppDataLow\Software\uTorrentControl2\toolbar\Repository\conduit_CT3072253\ToolbarContextMenu]
"ServiceUrl"="http://contextmenu.toolbar.conduit-services.com/?name=Toolbar&locale=EB_LOCALE"

[HKEY_USERS\S-1-5-21-4008453203-116359934-4206298802-1001\Software\AppDataLow\Software\uTorrentControl2\toolbar\Repository\conduit_CT3072253\ToolbarHiddenLogin]
"ServiceUrl"="http://login.hiddentoolbar.conduit-services.com/Login.ashx"

[HKEY_USERS\S-1-5-21-4008453203-116359934-4206298802-1001\Software\AppDataLow\Software\uTorrentControl2\toolbar\Repository\conduit_CT3072253\ToolbarHiddenSettingsForSB]
"ServiceUrl"="http://settings.smartbar.conduit-services.com/settings/?ctid=EB_TOOLBAR_ID&octid=EB_ORIGINAL_CTID&protocolVersion=EB_PROTOCOL_VERSION"

[HKEY_USERS\S-1-5-21-4008453203-116359934-4206298802-1001\Software\AppDataLow\Software\uTorrentControl2\toolbar\Repository\conduit_CT3072253\ToolbarSettings]
"ServiceUrl"="http://Settings.toolbar.search.conduit.com/root/EB_TOOLBAR_ID/EB_ORIGINAL_CTID"

[HKEY_USERS\S-1-5-21-4008453203-116359934-4206298802-1001\Software\AppDataLow\Software\uTorrentControl2\toolbar\Repository\conduit_CT3072253\ToolbarSettingsForSB]
"ServiceUrl"="http://settings.smartbar.conduit-services.com/settings/?ctid=EB_TOOLBAR_ID&octid=EB_ORIGINAL_CTID&protocolVersion=EB_PROTOCOL_VERSION"

[HKEY_USERS\S-1-5-21-4008453203-116359934-4206298802-1001\Software\AppDataLow\Software\uTorrentControl2\toolbar\Repository\conduit_CT3072253\ToolbarTranslation]
"ServiceUrl"="http://translation.toolbar.conduit-services.com/?locale=EB_LOCALE"

[HKEY_USERS\S-1-5-21-4008453203-116359934-4206298802-1001\Software\AppDataLow\Software\uTorrentControl2\toolbar\Repository\conduit_CT3072253\ToolbarUsage]
"ServiceUrl"="http://usage.toolbar.conduit-services.com/ToolbarUsage.ashx"

[HKEY_USERS\S-1-5-21-4008453203-116359934-4206298802-1001\Software\AppDataLow\Software\uTorrentControl2\toolbar\Repository\conduit_CT3072253\UninstallDialogUsage]
"ServiceUrl"="http://uninstalldialogusage.toolbar.conduit-services.com/Usage.ashx"

[HKEY_USERS\S-1-5-21-4008453203-116359934-4206298802-1001\Software\AppDataLow\Software\uTorrentControl2\toolbar\Repository\conduit_CT3072253\WebAppSettingsNC]
"ServiceUrl"="http://metadata.webapp.conduit-services.com/metanc/WEB_APP_GUID"

[HKEY_USERS\S-1-5-21-4008453203-116359934-4206298802-1001\Software\AppDataLow\Software\uTorrentControl2\toolbar\Repository\conduit_CT3072253_CT3072253]

[HKEY_USERS\S-1-5-21-4008453203-116359934-4206298802-1001\Software\AppDataLow\Software\uTorrentControl2\toolbar\Repository\MetaData\1698540711]
"dbname"="conduit_CT3072253_CT3072253"

[HKEY_USERS\S-1-5-21-4008453203-116359934-4206298802-1001\Software\AppDataLow\Software\uTorrentControl2\toolbar\Repository\MetaData\2181958168]
"dbname"="conduit_CT3072253_CT3072253"

[HKEY_USERS\S-1-5-21-4008453203-116359934-4206298802-1001\Software\AppDataLow\Software\uTorrentControl2\toolbar\Repository\MetaData\3300567142]
"dbname"="conduit_CT3072253_CT3072253"

[HKEY_USERS\S-1-5-21-4008453203-116359934-4206298802-1001\Software\AppDataLow\Software\uTorrentControl2\toolbar\Repository\MetaData\4076064582]
"dbname"="conduit_CT3072253_CT3072253"

[HKEY_USERS\S-1-5-21-4008453203-116359934-4206298802-1001\Software\AppDataLow\Software\uTorrentControl2\toolbar\Settings]
"APITrustedDomains"="conduit.com,conduit-hosting.com,conduit-services.com,client.conduit-storage.com,OurToolbar.com,CommunityToolbars.com,ForumToolbar.com,MyBlogToolbar.com,MyCityToolbar.com,MyCollegeToolbar.com,MyFamilyToolbar.com,MyForumToolbar.com,MyLibraryToolbar.com,MyRadioToolbar.com,MyStoreToolbar.com,MyTownToolbar.com,MyUniversityToolbar.com,OurChurchToolbar.com,MyXangaToolbar.com,Media-Toolbar.com,LoyaltyToolbar.com,MyTeamToolbar.com,GreatToolbars.com,OurOrganizationToolbar.com,OurBusinessToolbar.com,Toolbar.fm"

[HKEY_USERS\S-1-5-21-4008453203-116359934-4206298802-1001\Software\AppDataLow\Software\uTorrentControl2\toolbar\Settings\BackHandStorage\http___bar_utorrent_com_conduit_html_v=1_04]

[HKEY_USERS\S-1-5-21-4008453203-116359934-4206298802-1001\Software\AppDataLow\Software\uTorrentControl2\toolbar\Settings\BackHandStorage\http___youtube_conduitapps_com_v3_3_0_toolbar_html]

[HKEY_USERS\S-1-5-21-4008453203-116359934-4206298802-1001\Software\AppDataLow\Software\uTorrentControl2\toolbar\Settings\ExternalComponent]
"http://contextmenu.toolbar.conduit-services.com/?name=SharedApps&locale=en"="1353794343"

[HKEY_USERS\S-1-5-21-4008453203-116359934-4206298802-1001\Software\AppDataLow\Software\uTorrentControl2\toolbar\Settings\ExternalComponent]
"http://contextmenu.toolbar.conduit-services.com/?name=OtherApps&locale=en"="1353794343"

[HKEY_USERS\S-1-5-21-4008453203-116359934-4206298802-1001\Software\AppDataLow\Software\uTorrentControl2\toolbar\Settings\FeatureProtector\BrowserSearch]
"ConduitEnabled"="TRUE"

[HKEY_USERS\S-1-5-21-4008453203-116359934-4206298802-1001\Software\AppDataLow\Software\uTorrentControl2\toolbar\Settings\FeatureProtector\HomePage]
"ConduitEnabled"="TRUE"

[HKEY_USERS\S-1-5-21-4008453203-116359934-4206298802-1001\Software\AppDataLow\Software\uTorrentControl2\toolbar\Settings\MyStuff]
"ConduitEnable"="TRUE"

[HKEY_USERS\S-1-5-21-4008453203-116359934-4206298802-1001\Software\AppDataLow\Software\uTorrentControl2\toolbar\Settings\SearchInNewTab]
"AboutTabsDataUrlConduit"="http://newtab.conduit-hosting.com/newtab/?ctid=EB_TOOLBAR_ID"

[HKEY_USERS\S-1-5-21-4008453203-116359934-4206298802-1001\Software\AppDataLow\Software\uTorrentControl2\toolbar\Settings\SearchInNewTab]
"AboutTabsEnabledByConduit"="TRUE"

[HKEY_USERS\S-1-5-21-4008453203-116359934-4206298802-1001\Software\AppDataLow\Software\uTorrentControl2\toolbar\Settings\Update]
"ModuleURL"="http://ieupdate.conduit.com/ver6.9.0.16/tbedrs.dll"

[HKEY_USERS\S-1-5-21-4008453203-116359934-4206298802-1001\Software\Conduit]

====== End Of Search ======
stephenabyers
Active Member
 
Posts: 14
Joined: January 31st, 2015, 9:48 pm

Re: FileParade + very slow startup and shutdown

Unread postby stephenabyers » February 5th, 2015, 9:16 pm

# AdwCleaner v4.110 - Logfile created 05/02/2015 at 20:00:31
# Updated 05/02/2015 by Xplode
# Database : 2015-02-05.2 [Server]
# Operating system : Windows 7 Home Premium Service Pack 1 (x64)
# Username : Admin - ZT2012
# Running from : C:\Users\Stephen\Desktop\adwcleaner_4.110.exe
# Option : Scan

***** [ Services ] *****

Service Found : vToolbarUpdater18.2.0

***** [ Files / Folders ] *****

File Found : C:\Users\Stephen\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_services.hearstmags.com_0.localstorage
File Found : C:\Users\Stephen\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_services.hearstmags.com_0.localstorage-journal
File Found : C:\Users\Stephen\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.ask.com_0.localstorage
File Found : C:\Users\Stephen\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.ask.com_0.localstorage-journal
File Found : C:\Users\Stephen\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.superfish.com_0.localstorage
File Found : C:\Users\Stephen\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.superfish.com_0.localstorage-journal
File Found : C:\Users\Stephen\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxps_static.olark.com_0.localstorage-journal
File Found : C:\Users\Stephen\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\iLivid.lnk
Folder Found : C:\Program Files (x86)\AVG SafeGuard toolbar
Folder Found : C:\Program Files (x86)\AVG Security Toolbar
Folder Found : C:\Program Files (x86)\Common Files\AVG Secure Search
Folder Found : C:\Program Files (x86)\Conduit
Folder Found : C:\ProgramData\apn
Folder Found : C:\ProgramData\AVG SafeGuard toolbar
Folder Found : C:\ProgramData\AVG Secure Search
Folder Found : C:\ProgramData\AVG Security Toolbar
Folder Found : C:\ProgramData\Tarma Installer
Folder Found : C:\Users\Admin\AppData\Local\AVG SafeGuard toolbar
Folder Found : C:\Users\Admin\AppData\LocalLow\AVG SafeGuard toolbar
Folder Found : C:\Users\Admin\AppData\LocalLow\Conduit
Folder Found : C:\Users\Stephen\AppData\Local\AVG SafeGuard toolbar
Folder Found : C:\Users\Stephen\AppData\Local\Conduit
Folder Found : C:\Users\Stephen\AppData\Local\Google\Chrome\User Data\Default\Extensions\mfhnkgpdlogbknkhlgdjlejeljbhflim
Folder Found : C:\Users\Stephen\AppData\LocalLow\AVG SafeGuard toolbar
Folder Found : C:\Users\Stephen\AppData\LocalLow\Conduit

***** [ Scheduled tasks ] *****

Task Found : VisualBeeRecovery

***** [ Shortcuts ] *****


***** [ Registry ] *****

Data Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings [ProxyServer] - localhost:8080
Key Found : HKCU\Software\AppDataLow\Software\Conduit
Key Found : HKCU\Software\AVG SafeGuard toolbar
Key Found : HKCU\Software\Conduit
Key Found : HKCU\Software\ilivid
Key Found : HKCU\Software\IM
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Found : [x64] HKCU\Software\AVG SafeGuard toolbar
Key Found : [x64] HKCU\Software\Conduit
Key Found : [x64] HKCU\Software\ilivid
Key Found : [x64] HKCU\Software\IM
Key Found : HKLM\SOFTWARE\AVG SafeGuard toolbar
Key Found : HKLM\SOFTWARE\AVG Security Toolbar
Key Found : HKLM\SOFTWARE\Classes\AppID\{1FDFF5A2-7BB1-48E1-8081-7236812B12B2}
Key Found : HKLM\SOFTWARE\Classes\AppID\{608D3067-77E8-463D-9084-908966806826}
Key Found : HKLM\SOFTWARE\Classes\AppID\{BDB69379-802F-4EAF-B541-F8DE92DD98DB}
Key Found : HKLM\SOFTWARE\Classes\AppID\{EA28B360-05E0-4F93-8150-02891F1D8D3C}
Key Found : HKLM\SOFTWARE\Classes\AppID\ViProtocol.DLL
Key Found : HKLM\SOFTWARE\Classes\Applications\ilividsetup.exe
Key Found : HKLM\SOFTWARE\Classes\AVG SafeGuard toolbar.BrowserWndAPI
Key Found : HKLM\SOFTWARE\Classes\AVG SafeGuard toolbar.BrowserWndAPI.1
Key Found : HKLM\SOFTWARE\Classes\AVG SafeGuard toolbar.PugiObj
Key Found : HKLM\SOFTWARE\Classes\AVG SafeGuard toolbar.PugiObj.1
Key Found : HKLM\SOFTWARE\Classes\CLSID\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{80922EE0-8A76-46AE-95D5-BD3C3FE0708D}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{933B95E2-E7B7-4AD9-B952-7AC336682AE3}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{B658800C-F66E-4EF3-AB85-6C0C227862A9}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{DE9028D0-5FFA-4E69-94E3-89EE8741F468}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Found : HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
Key Found : HKLM\SOFTWARE\Classes\Interface\{10DE7085-6A1E-4D41-A7BF-9AF93E351401}
Key Found : HKLM\SOFTWARE\Classes\Interface\{1AD27395-1659-4DFF-A319-2CFA243861A5}
Key Found : HKLM\SOFTWARE\Classes\Interface\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}
Key Found : HKLM\SOFTWARE\Classes\Interface\{8C953EC4-8CFA-44FB-B32E-1249E5505091}
Key Found : HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
Key Found : HKLM\SOFTWARE\Classes\Interface\{C401D2CE-DC27-45C7-BC0C-8E6EA7F085D6}
Key Found : HKLM\SOFTWARE\Classes\protocols\handler\viprotocol
Key Found : HKLM\SOFTWARE\Classes\S
Key Found : HKLM\SOFTWARE\Classes\ScriptHelper.ScriptHelperApi
Key Found : HKLM\SOFTWARE\Classes\ScriptHelper.ScriptHelperApi.1
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{74FB6AFD-DD77-4CEB-83BD-AB2B63E63C93}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{9C049BA6-EA47-4AC3-AED6-A66D8DC9E1D8}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{C2AC8A0E-E48E-484B-A71C-C7A937FAAB94}
Key Found : HKLM\SOFTWARE\Classes\ViProtocol.ViProtocolOLE
Key Found : HKLM\SOFTWARE\Classes\ViProtocol.ViProtocolOLE.1
Key Found : HKLM\SOFTWARE\Conduit
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{E57091A7-B5F0-4C42-9329-72ED3E59ED31}
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{C6FDD0C3-266A-4DC3-B459-28C697C44CDC}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\AVG SafeGuard toolbar
Key Found : HKLM\SOFTWARE\MozillaPlugins\@avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin
Key Found : HKLM\SOFTWARE\VBMZ
Key Found : HKLM\SOFTWARE\visualbee
Key Found : [x64] HKLM\SOFTWARE\Classes\CLSID\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{C401D2CE-DC27-45C7-BC0C-8E6EA7F085D6}
Key Found : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Found : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}
Key Found : [x64] HKLM\SOFTWARE\Tarma Installer
Value Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{95B7759C-8C7F-4BF1-B163-73684A933233}]
Value Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [vProt]

***** [ Web browsers ] *****

-\\ Internet Explorer v11.0.9600.17496

Setting Found : HKCU\Software\Microsoft\Internet Explorer\Main [Start Page] - hxxp://www.amazon.com/websearch/ref=bit ... _US_ie_sp_

-\\ Google Chrome v40.0.2214.111

[C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Web data] - Found [Search Provider] : hxxp://search.aol.com/aol/search?q={searchTerms}
[C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Web data] - Found [Search Provider] : hxxp://www.ask.com/web?q={searchTerms}
[C:\Users\Stephen\AppData\Local\Google\Chrome\User Data\Default\Web data] - Found [Search Provider] : hxxp://search.aol.com/aol/search?q={searchTerms}
[C:\Users\Stephen\AppData\Local\Google\Chrome\User Data\Default\Web data] - Found [Search Provider] : hxxp://www.ask.com/web?q={searchTerms}
[C:\Users\Stephen\AppData\Local\Google\Chrome\User Data\Default\Web data] - Found [Search Provider] : hxxp://movies.netflix.com/WiSearch?raw_ ... osn=-1&v1={searchTerms}&search_submit=
[C:\Users\Stephen\AppData\Local\Google\Chrome\User Data\Default\Web data] - Found [Search Provider] : hxxp://www.netflix.com/WiSearch?raw_que ... osn=-1&v1={searchTerms}&search_submit=
[C:\Users\Stephen\AppData\Local\Google\Chrome\User Data\Default\Web data] - Found [Search Provider] : hxxp://Vosteran.com/results.php?f=4&q={searchTerms}&a=vst_captaind_14_49_other&cd=2XzuyEtN2Y1L1QzuyDtD0EyDyEzy0CyB0DyCtD0F0FtDzz0BtN0D0Tzu0StCtDyCyCtN1L2XzutAtFyCtFyCtFtDtN1L1CzutCyEtBzytDyD1V1BtN1L1G1B1V1N2Y1L1Qzu2SyEtCzytDtDtCzy0CtG0F0BtCzztGtByEzz0BtGyB0EtByDtGtAyByC0E0A0Czy0A0CyCtDtC2QtN1M1F1B2Z1V1N2Y1L1Qzu2StCzy0D0FzzyCtAtAtGyD0E0C0EtGyEyD0FzztG0AyEyC0EtGtDyCtAtCtD0CtA0A0CtByB0D2Q&cr=418073027&ir=
[C:\Users\Stephen\AppData\Local\Google\Chrome\User Data\Default\Web data] - Found [Search Provider] : hxxp://Vosteran.com/results.php?f=4&q={searchTerms}&a=vst_captaind_14_49_other&cd=2XzuyEtN2Y1L1QzuyDtD0EyDyEzy0CyB0DyCtD0F0FtDzz0BtN0D0Tzu0StCtDyCyCtN1L2XzutAtFyCtFyCtFtDtN1L1CzutCyEtBzytDyD1V1BtN1L1G1B1V1N2Y1L1Qzu2SyEtCzytDtDtCzy0CtG0F0BtCzztGtByEzz0BtGyB0EtByDtGtAyByC0E0A0Czy0A0CyCtDtC2QtN1M1F1B2Z1V1N2Y1L1Qzu2StCzy0D0FzzyCtAtAtGyD0E0C0EtGyEyD0FzztG0AyEyC0EtGtDyCtAtCtD0CtA0A0CtByB0D2Q&cr=418073027&ir=
*************************

AdwCleaner[R0].txt - [10684 bytes] - [05/02/2015 20:00:31]

########## EOF - \AdwCleaner\AdwCleaner[R0].txt - [10744 bytes] ##########
stephenabyers
Active Member
 
Posts: 14
Joined: January 31st, 2015, 9:48 pm

Re: FileParade + very slow startup and shutdown

Unread postby Gary R » February 6th, 2015, 5:30 am

Please Note ... I notice that you are running things from a non-adminstrator account ...

Ran by Stephen (ATTENTION: The logged in user is not administrator) on ZT2012 on 05-02-2015 20:03:35
Running from C:\Users\Stephen\Desktop
Loaded Profiles: Stephen & Admin (Available profiles: Stephen & Admin)


... so you'll need to right click on each of the tools we're going to use and select Run as Administrator otherwise they will not be able to remove things.

OK, let's get started cleaning your computer.

First ...

Please go to Control Panel > Programs > Uninstall a program and Uninstall the following:

µTorrent
Java 7 Update 67
Java 8 Update 25
Java(TM) 6 Update 45
Java(TM) SE Development Kit 6 Update 45


Use of P2P programs is the fastest way to contract an infection I know, see ... viewtopic.php?p=491394#p491394

Out of date versions of Java can be, and are exploited.

Reboot your computer once they've all been uninstalled.

Next ...

  • Double click AdwCleaner.exe to run it.
  • Click Scan and allow the scan to finish.
  • Now click Clean to remove the items found.
  • Click OK to the prompt.
  • The tool will run & your computer will be rebooted automatically. A logfile will open after the restart.
  • Post the contents of the logfile with your next reply.
  • You can also find the logfile at C:\AdwCleaner[s1].txt.

Next ...

  • Click Start
  • Type notepad.exe in the search programs and files box and click Enter.
  • A blank Notepad page should open.
    • Copy/Paste the contents of the code box below into Notepad (don't include Code: Select all).
Code: Select all
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\CrashPlan Tray.lnk
ShortcutTarget: CrashPlan Tray.lnk -> C:\Program Files\CrashPlan\CrashPlanTray.exe (No File)
GroupPolicyUsers\S-1-5-21-4008453203-116359934-4206298802-1001\User: Group Policy restriction detected <======= ATTENTION
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
URLSearchHook: [S-1-5-21-4008453203-116359934-4206298802-1003] ATTENTION ==> Default URLSearchHook is missing.
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-4008453203-116359934-4206298802-1001 -> DefaultScope {95B7759C-8C7F-4BF1-B163-73684A933233} URL = https://mysearch.avg.com/search?cid= {AACB84DC-ED5F-49CD-BE37-9C675C4EF508}&mid=bda1e2e2ac0d47d0a5f581ac0f233ffc-cc466c8dc8bb3b30c0b723e2031f0d52e028a0ba&lang=en&ds=AVG&coid=avgtbavg&cmpid=1214tb&pr=fr&d=2014-03-25 16:42:10&v=18.2.0.829&pid=safeguard&sg=&sap=dsp&q={searchTerms}
SearchScopes: HKU\S-1-5-21-4008453203-116359934-4206298802-1001 -> {95B7759C-8C7F-4BF1-B163-73684A933233} URL = https://mysearch.avg.com/search?cid= {AACB84DC-ED5F-49CD-BE37-9C675C4EF508}&mid=bda1e2e2ac0d47d0a5f581ac0f233ffc-cc466c8dc8bb3b30c0b723e2031f0d52e028a0ba&lang=en&ds=AVG&coid=avgtbavg&cmpid=1214tb&pr=fr&d=2014-03-25 16:42:10&v=18.2.0.829&pid=safeguard&sg=&sap=dsp&q={searchTerms}
SearchScopes: HKU\S-1-5-21-4008453203-116359934-4206298802-1001 -> {DC91FAFB-6CEA-49E5-BB74-9CEE75D09B77} URL = https://mysearch.avg.com/search?cid= {AACB84DC-ED5F-49CD-BE37-9C675C4EF508}&mid=bda1e2e2ac0d47d0a5f581ac0f233ffc-cc466c8dc8bb3b30c0b723e2031f0d52e028a0ba&lang=en&ds=AVG&coid=avgtbavg&cmpid=&pr=fr&d=2014-03-25 16:42:10&v=18.1.9.799&pid=safeguard&sg=&sap=dsp&q={searchTerms}
BHO: AVG Safe Search -> {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} -> No File
SearchScopes: HKU\S-1-5-21-4008453203-116359934-4206298802-1001 -> DefaultScope {95B7759C-8C7F-4BF1-B163-73684A933233} URL = https://mysearch.avg.com/search?cid= {AACB84DC-ED5F-49CD-BE37-9C675C4EF508}&mid=bda1e2e2ac0d47d0a5f581ac0f233ffc-cc466c8dc8bb3b30c0b723e2031f0d52e028a0ba&lang=en&ds=AVG&coid=avgtbavg&cmpid=1214tb&pr=fr&d=2014-03-25 16:42:10&v=18.2.0.829&pid=safeguard&sg=&sap=dsp&q={searchTerms}
SearchScopes: HKU\S-1-5-21-4008453203-116359934-4206298802-1001 -> {95B7759C-8C7F-4BF1-B163-73684A933233} URL = https://mysearch.avg.com/search?cid= {AACB84DC-ED5F-49CD-BE37-9C675C4EF508}&mid=bda1e2e2ac0d47d0a5f581ac0f233ffc-cc466c8dc8bb3b30c0b723e2031f0d52e028a0ba&lang=en&ds=AVG&coid=avgtbavg&cmpid=1214tb&pr=fr&d=2014-03-25 16:42:10&v=18.2.0.829&pid=safeguard&sg=&sap=dsp&q={searchTerms}
SearchScopes: HKU\S-1-5-21-4008453203-116359934-4206298802-1001 -> {DC91FAFB-6CEA-49E5-BB74-9CEE75D09B77} URL = https://mysearch.avg.com/search?cid= {AACB84DC-ED5F-49CD-BE37-9C675C4EF508}&mid=bda1e2e2ac0d47d0a5f581ac0f233ffc-cc466c8dc8bb3b30c0b723e2031f0d52e028a0ba&lang=en&ds=AVG&coid=avgtbavg&cmpid=&pr=fr&d=2014-03-25 16:42:10&v=18.1.9.799&pid=safeguard&sg=&sap=dsp&q={searchTerms}
BHO: AVG Safe Search -> {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} -> No File
Toolbar: HKU\S-1-5-21-4008453203-116359934-4206298802-1001 -> No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No File
FF DefaultSearchEngine: AVG Secure Search
FF SelectedSearchEngine: Vosteran
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\searchplugins\avg-secure-search.xml
CHR HomePage: Default -> hxxp://Vosteran.com/?f=1&a=vst_captaind ... 073027&ir=
CHR StartupUrls: Default -> "hxxp://Vosteran.com/?f=7&a=vst_captaind_14_49_other&cd=2XzuyEtN2Y1L1QzuyDtD0EyDyEzy0CyB0DyCtD0F0FtDzz0BtN0D0Tzu0StCtDyCyCtN1L2XzutAtFyCtFyCtFtDtN1L1CzutCyEtBzytDyD1V1BtN1L1G1B1V1N2Y1L1Qzu2SyEtCzytDtDtCzy0CtG0F0BtCzztGtByEzz0BtGyB0EtByDtGtAyByC0E0A0Czy0A0CyCtDtC2QtN1M1F1B2Z1V1N2Y1L1Qzu2StCzy0D0FzzyCtAtAtGyD0E0C0EtGyEyD0FzztG0AyEyC0EtGtDyCtAtCtD0CtA0A0CtByB0D2Q&cr=418073027&ir="
CHR HomePage: Default -> hxxp://Vosteran.com/?f=1&a=vst_captaind ... 073027&ir=
CHR StartupUrls: Default -> "hxxp://Vosteran.com/?f=7&a=vst_captaind_14_49_other&cd=2XzuyEtN2Y1L1QzuyDtD0EyDyEzy0CyB0DyCtD0F0FtDzz0BtN0D0Tzu0StCtDyCyCtN1L2XzutAtFyCtFyCtFtDtN1L1CzutCyEtBzytDyD1V1BtN1L1G1B1V1N2Y1L1Qzu2SyEtCzytDtDtCzy0CtG0F0BtCzztGtByEzz0BtGyB0EtByDtGtAyByC0E0A0Czy0A0CyCtDtC2QtN1M1F1B2Z1V1N2Y1L1Qzu2StCzy0D0FzzyCtAtAtGyD0E0C0EtGyEyD0FzztG0AyEyC0EtGtDyCtAtCtD0CtA0A0CtByB0D2Q&cr=418073027&ir="
CHR HKU\S-1-5-21-4008453203-116359934-4206298802-1001\...\Chrome\Extension: [lmjegmlicamnimmfhcmpkclmigmmcbeh] - No Path
2014-11-03 15:49 - 2014-11-03 15:49 - 1727233 _____ () C:\ProgramData\SPL1E95.tmp
2014-12-11 09:02 - 2014-12-11 09:02 - 30331855 _____ () C:\ProgramData\SPL4149.tmp
2013-11-17 18:29 - 2013-11-17 18:29 - 0153787 _____ () C:\ProgramData\SPL451E.tmp
2014-01-16 22:29 - 2014-01-16 22:29 - 2398763 _____ () C:\ProgramData\SPL4F8E.tmp
2014-09-16 15:50 - 2014-09-16 15:50 - 0282720 _____ () C:\ProgramData\SPL5C9B.tmp
2012-05-08 15:28 - 2012-05-08 15:32 - 31633754 _____ () C:\ProgramData\SPL6612.tmp
2014-09-22 14:36 - 2014-09-22 14:36 - 0560864 _____ () C:\ProgramData\SPL733C.tmp
2014-09-26 11:44 - 2014-09-26 11:44 - 6057910 _____ () C:\ProgramData\SPL7446.tmp
2013-02-02 22:57 - 2013-02-02 22:57 - 1248926 _____ () C:\ProgramData\SPL7651.tmp
2014-10-21 10:02 - 2014-10-21 10:02 - 0107251 _____ () C:\ProgramData\SPL8F6E.tmp
2013-11-17 19:47 - 2013-11-17 19:47 - 0003206 _____ () C:\ProgramData\SPL9CCB.tmp
2014-02-24 09:21 - 2014-02-24 09:21 - 2934426 _____ () C:\ProgramData\SPLA3E1.tmp
2013-11-17 14:45 - 2013-11-17 14:45 - 1483386 _____ () C:\ProgramData\SPLBDBC.tmp
2013-11-27 11:04 - 2013-11-27 11:04 - 0279366 _____ () C:\ProgramData\SPLC1F5.tmp
2014-08-08 11:45 - 2014-08-08 11:45 - 0147900 _____ () C:\ProgramData\SPLD2A4.tmp
2014-11-14 13:29 - 2014-11-14 13:29 - 0800734 _____ () C:\ProgramData\SPLE13B.tmp
2013-12-12 03:19 - 2013-12-12 03:19 - 0230838 _____ () C:\ProgramData\SPLEA69.tmp
2013-12-09 22:16 - 2013-12-09 22:16 - 0135883 _____ () C:\ProgramData\SPLF94A.tmp
C:\Users\Public\AlexaNSISPlugin.2808.dll
C:\Users\Stephen\javafx-windows-x64__Vlatest.exe
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Applications\iLividSetup(1).exe]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Applications\iLividSetup(3).exe]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Applications\iLividSetup
[-HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\iLividSetup(1)_RASAPI32]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\iLividSetup(2)_RASAPI32]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\iLividSetup(3)_RASAPI32]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\iLividSetup
[-HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\iLividSetup_RASAPI32]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\iLivid_RASAPI32]
[-HKEY_USERS\S-1-5-21-4008453203-116359934-4206298802-1001\Software\ilivid]
[-HKEY_USERS\S-1-5-21-4008453203-116359934-4206298802-1001\Software\Microsoft\IntelliType Pro\AppSpecific\iLivid.exe]
[-HKEY_USERS\S-1-5-21-4008453203-116359934-4206298802-1001\Software\Trolltech\OrganizationDefaults\Qt Factory Cache 4.8\com.trolltech.Qt.QImageIOHandlerFactoryInterface:\C:\Users\Stephen\AppData\Local\iLivid]
[-HKEY_USERS\S-1-5-21-4008453203-116359934-4206298802-1001\Software\Trolltech\OrganizationDefaults\Qt Plugin Cache 4.8.false\C:\Users\Stephen\AppData\Local\iLivid]
[-HKEY_USERS\S-1-5-21-4008453203-116359934-4206298802-1001\Software\Trolltech]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{2EECD738-5844-4A99-B4B6-146BF802613B}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{98889811-442D-49DD-99D7-DC866BE87DBC}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Extension Compatibility\{2EECD738-5844-4A99-B4B6-146BF802613B}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Extension Compatibility\{98889811-442D-49DD-99D7-DC866BE87DBC}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Conduit]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\conduitinstaller_RASAPI32]
[-HKEY_USERS\S-1-5-21-4008453203-116359934-4206298802-1001\Software\AppDataLow\Software\Conduit]
[-HKEY_USERS\S-1-5-21-4008453203-116359934-4206298802-1001\Software\AppDataLow\Software\uTorrentControl2\toolbar]
[-HKEY_USERS\S-1-5-21-4008453203-116359934-4206298802-1001\Software\Conduit]

    • Save it to the same folder/directory that FRST.exe is in, naming it as fixlist.txt

NOTICE: This script was written specifically for this user. Running it on another machine may cause damage to your operating system

  • Start FRST in a similar manner to when you ran a scan earlier, but this time when it opens ....
    • Press the Fix button once and wait.
    • FRST will process fixlist.txt
    • When finished, it will produce a log fixlog.txt in the same folder/directory as FRST64.exe
    • Please post me the log

Summary of the logs I need from you in your next post:
  • AWCleaner fix log
  • Fixlog.txt


Please post each log separately to prevent it being cut off by the forum post size limiter. Check each after you've posted it to make sure it's all present, if any log is cut off you'll have to post it in sections.
User avatar
Gary R
Administrator
Administrator
 
Posts: 21868
Joined: June 28th, 2005, 11:36 am
Location: Yorkshire

Re: FileParade + very slow startup and shutdown

Unread postby stephenabyers » February 6th, 2015, 7:54 pm

Couple of things occurred:

uTorrent said it was uninstalled but I noticed that it really wasn't. It no longer appeared in the Control Panel Programs but I could still see the uTorrent application .exe down the path C:\Program Files (x86)\uTorrent

I was not able to uninstall Java(TM) SE Development Kit 6 Update 45. Dialog box "Preparing to uninstall..." but it just spun around for many minutes. I eventually clicked Cancel and tried again; same thing. I did this after rebooting from the Java 6 Update 45 uninstall which required the reboot.

# AdwCleaner v4.110 - Logfile created 06/02/2015 at 18:45:48
# Updated 05/02/2015 by Xplode
# Database : 2015-02-05.2 [Server]
# Operating system : Windows 7 Home Premium Service Pack 1 (x64)
# Username : Admin - ZT2012
# Running from : C:\Users\Admin\Desktop\adwcleaner_4.110.exe
# Option : Cleaning

***** [ Services ] *****

Service Deleted : vToolbarUpdater18.2.0

***** [ Files / Folders ] *****

Folder Deleted : C:\ProgramData\apn
Folder Deleted : C:\ProgramData\AVG SafeGuard toolbar
Folder Deleted : C:\ProgramData\AVG Secure Search
Folder Deleted : C:\ProgramData\AVG Security Toolbar
Folder Deleted : C:\ProgramData\Tarma Installer
Folder Deleted : C:\Program Files (x86)\AVG SafeGuard toolbar
Folder Deleted : C:\Program Files (x86)\AVG Security Toolbar
Folder Deleted : C:\Program Files (x86)\Conduit
Folder Deleted : C:\Program Files (x86)\Common Files\AVG Secure Search
Folder Deleted : C:\Users\Admin\AppData\Local\AVG SafeGuard toolbar
Folder Deleted : C:\Users\Admin\AppData\LocalLow\AVG SafeGuard toolbar
Folder Deleted : C:\Users\Admin\AppData\LocalLow\Conduit
Folder Deleted : C:\Users\Stephen\AppData\Local\AVG SafeGuard toolbar
Folder Deleted : C:\Users\Stephen\AppData\Local\Conduit
Folder Deleted : C:\Users\Stephen\AppData\LocalLow\AVG SafeGuard toolbar
Folder Deleted : C:\Users\Stephen\AppData\LocalLow\Conduit
Folder Deleted : C:\Users\Stephen\AppData\Local\Google\Chrome\User Data\Default\Extensions\mfhnkgpdlogbknkhlgdjlejeljbhflim
File Deleted : C:\Users\Stephen\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\iLivid.lnk
File Deleted : C:\Users\Stephen\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.superfish.com_0.localstorage
File Deleted : C:\Users\Stephen\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.superfish.com_0.localstorage-journal
File Deleted : C:\Users\Stephen\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.ask.com_0.localstorage
File Deleted : C:\Users\Stephen\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.ask.com_0.localstorage-journal
File Deleted : C:\Users\Stephen\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_services.hearstmags.com_0.localstorage-journal
File Deleted : C:\Users\Stephen\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_services.hearstmags.com_0.localstorage
File Deleted : C:\Users\Stephen\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxps_static.olark.com_0.localstorage-journal

***** [ Scheduled tasks ] *****

Task Deleted : VisualBeeRecovery

***** [ Shortcuts ] *****


***** [ Registry ] *****

Key Deleted : HKLM\SOFTWARE\Classes\AppID\ViProtocol.DLL
Key Deleted : HKLM\SOFTWARE\Classes\Applications\ilividsetup.exe
Key Deleted : HKLM\SOFTWARE\Classes\AVG SafeGuard toolbar.BrowserWndAPI
Key Deleted : HKLM\SOFTWARE\Classes\AVG SafeGuard toolbar.BrowserWndAPI.1
Key Deleted : HKLM\SOFTWARE\Classes\AVG SafeGuard toolbar.PugiObj
Key Deleted : HKLM\SOFTWARE\Classes\AVG SafeGuard toolbar.PugiObj.1
Key Deleted : HKLM\SOFTWARE\Classes\protocols\handler\viprotocol
Key Deleted : HKLM\SOFTWARE\Classes\S
Key Deleted : HKLM\SOFTWARE\Classes\ScriptHelper.ScriptHelperApi
Key Deleted : HKLM\SOFTWARE\Classes\ScriptHelper.ScriptHelperApi.1
Key Deleted : HKLM\SOFTWARE\Classes\ViProtocol.ViProtocolOLE
Key Deleted : HKLM\SOFTWARE\Classes\ViProtocol.ViProtocolOLE.1
Value Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [vProt]
Key Deleted : HKLM\SOFTWARE\MozillaPlugins\@avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{1FDFF5A2-7BB1-48E1-8081-7236812B12B2}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{608D3067-77E8-463D-9084-908966806826}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{BDB69379-802F-4EAF-B541-F8DE92DD98DB}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{EA28B360-05E0-4F93-8150-02891F1D8D3C}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{80922EE0-8A76-46AE-95D5-BD3C3FE0708D}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{933B95E2-E7B7-4AD9-B952-7AC336682AE3}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{B658800C-F66E-4EF3-AB85-6C0C227862A9}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{DE9028D0-5FFA-4E69-94E3-89EE8741F468}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{10DE7085-6A1E-4D41-A7BF-9AF93E351401}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{1AD27395-1659-4DFF-A319-2CFA243861A5}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{8C953EC4-8CFA-44FB-B32E-1249E5505091}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{C401D2CE-DC27-45C7-BC0C-8E6EA7F085D6}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{74FB6AFD-DD77-4CEB-83BD-AB2B63E63C93}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{9C049BA6-EA47-4AC3-AED6-A66D8DC9E1D8}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{C2AC8A0E-E48E-484B-A71C-C7A937FAAB94}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{C6FDD0C3-266A-4DC3-B459-28C697C44CDC}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{E57091A7-B5F0-4C42-9329-72ED3E59ED31}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F25AF245-4A81-40DC-92F9-E9021F207706}
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{95B7759C-8C7F-4BF1-B163-73684A933233}]
Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{C401D2CE-DC27-45C7-BC0C-8E6EA7F085D6}
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Deleted : HKCU\Software\AVG SafeGuard toolbar
Key Deleted : HKCU\Software\Conduit
Key Deleted : HKCU\Software\ilivid
Key Deleted : HKCU\Software\IM
Key Deleted : HKCU\Software\AppDataLow\Software\Conduit
Key Deleted : HKLM\SOFTWARE\AVG SafeGuard toolbar
Key Deleted : HKLM\SOFTWARE\AVG Security Toolbar
Key Deleted : HKLM\SOFTWARE\Conduit
Key Deleted : HKLM\SOFTWARE\VBMZ
Key Deleted : HKLM\SOFTWARE\visualbee
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\AVG SafeGuard toolbar
Key Deleted : [x64] HKLM\SOFTWARE\Tarma Installer
Data Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings [ProxyServer] - localhost:8080

***** [ Web browsers ] *****

-\\ Internet Explorer v11.0.9600.17496

Setting Restored : HKCU\Software\Microsoft\Internet Explorer\Main [Start Page]

-\\ Google Chrome v40.0.2214.111

[C:\Users\Stephen\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://search.aol.com/aol/search?q={searchTerms}
[C:\Users\Stephen\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://www.ask.com/web?q={searchTerms}
[C:\Users\Stephen\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://movies.netflix.com/WiSearch?raw_ ... osn=-1&v1={searchTerms}&search_submit=
[C:\Users\Stephen\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://www.netflix.com/WiSearch?raw_que ... osn=-1&v1={searchTerms}&search_submit=
[C:\Users\Stephen\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://Vosteran.com/results.php?f=4&q={searchTerms}&a=vst_captaind_14_49_other&cd=2XzuyEtN2Y1L1QzuyDtD0EyDyEzy0CyB0DyCtD0F0FtDzz0BtN0D0Tzu0StCtDyCyCtN1L2XzutAtFyCtFyCtFtDtN1L1CzutCyEtBzytDyD1V1BtN1L1G1B1V1N2Y1L1Qzu2SyEtCzytDtDtCzy0CtG0F0BtCzztGtByEzz0BtGyB0EtByDtGtAyByC0E0A0Czy0A0CyCtDtC2QtN1M1F1B2Z1V1N2Y1L1Qzu2StCzy0D0FzzyCtAtAtGyD0E0C0EtGyEyD0FzztG0AyEyC0EtGtDyCtAtCtD0CtA0A0CtByB0D2Q&cr=418073027&ir=
[C:\Users\Stephen\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://Vosteran.com/results.php?f=4&q={searchTerms}&a=vst_captaind_14_49_other&cd=2XzuyEtN2Y1L1QzuyDtD0EyDyEzy0CyB0DyCtD0F0FtDzz0BtN0D0Tzu0StCtDyCyCtN1L2XzutAtFyCtFyCtFtDtN1L1CzutCyEtBzytDyD1V1BtN1L1G1B1V1N2Y1L1Qzu2SyEtCzytDtDtCzy0CtG0F0BtCzztGtByEzz0BtGyB0EtByDtGtAyByC0E0A0Czy0A0CyCtDtC2QtN1M1F1B2Z1V1N2Y1L1Qzu2StCzy0D0FzzyCtAtAtGyD0E0C0EtGyEyD0FzztG0AyEyC0EtGtDyCtAtCtD0CtA0A0CtByB0D2Q&cr=418073027&ir=

*************************

AdwCleaner[R1].txt - [10580 bytes] - [06/02/2015 18:40:48]
AdwCleaner[S0].txt - [10330 bytes] - [06/02/2015 18:45:48]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [10390 bytes] ##########
stephenabyers
Active Member
 
Posts: 14
Joined: January 31st, 2015, 9:48 pm

Re: FileParade + very slow startup and shutdown

Unread postby stephenabyers » February 6th, 2015, 8:00 pm

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 05-02-2015
Ran by Admin at 2015-02-06 18:54:38 Run:1
Running from C:\Users\Admin\Desktop
Loaded Profiles: Admin (Available profiles: Stephen & Admin)
Boot Mode: Normal
==============================================

Content of fixlist:
*****************
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\CrashPlan Tray.lnk
ShortcutTarget: CrashPlan Tray.lnk -> C:\Program Files\CrashPlan\CrashPlanTray.exe (No File)
GroupPolicyUsers\S-1-5-21-4008453203-116359934-4206298802-1001\User: Group Policy restriction detected <======= ATTENTION
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
URLSearchHook: [S-1-5-21-4008453203-116359934-4206298802-1003] ATTENTION ==> Default URLSearchHook is missing.
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-4008453203-116359934-4206298802-1001 -> DefaultScope {95B7759C-8C7F-4BF1-B163-73684A933233} URL = https://mysearch.avg.com/search?cid= {AACB84DC-ED5F-49CD-BE37-9C675C4EF508}&mid=bda1e2e2ac0d47d0a5f581ac0f233ffc-cc466c8dc8bb3b30c0b723e2031f0d52e028a0ba&lang=en&ds=AVG&coid=avgtbavg&cmpid=1214tb&pr=fr&d=2014-03-25 16:42:10&v=18.2.0.829&pid=safeguard&sg=&sap=dsp&q={searchTerms}
SearchScopes: HKU\S-1-5-21-4008453203-116359934-4206298802-1001 -> {95B7759C-8C7F-4BF1-B163-73684A933233} URL = https://mysearch.avg.com/search?cid= {AACB84DC-ED5F-49CD-BE37-9C675C4EF508}&mid=bda1e2e2ac0d47d0a5f581ac0f233ffc-cc466c8dc8bb3b30c0b723e2031f0d52e028a0ba&lang=en&ds=AVG&coid=avgtbavg&cmpid=1214tb&pr=fr&d=2014-03-25 16:42:10&v=18.2.0.829&pid=safeguard&sg=&sap=dsp&q={searchTerms}
SearchScopes: HKU\S-1-5-21-4008453203-116359934-4206298802-1001 -> {DC91FAFB-6CEA-49E5-BB74-9CEE75D09B77} URL = https://mysearch.avg.com/search?cid= {AACB84DC-ED5F-49CD-BE37-9C675C4EF508}&mid=bda1e2e2ac0d47d0a5f581ac0f233ffc-cc466c8dc8bb3b30c0b723e2031f0d52e028a0ba&lang=en&ds=AVG&coid=avgtbavg&cmpid=&pr=fr&d=2014-03-25 16:42:10&v=18.1.9.799&pid=safeguard&sg=&sap=dsp&q={searchTerms}
BHO: AVG Safe Search -> {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} -> No File
SearchScopes: HKU\S-1-5-21-4008453203-116359934-4206298802-1001 -> DefaultScope {95B7759C-8C7F-4BF1-B163-73684A933233} URL = https://mysearch.avg.com/search?cid= {AACB84DC-ED5F-49CD-BE37-9C675C4EF508}&mid=bda1e2e2ac0d47d0a5f581ac0f233ffc-cc466c8dc8bb3b30c0b723e2031f0d52e028a0ba&lang=en&ds=AVG&coid=avgtbavg&cmpid=1214tb&pr=fr&d=2014-03-25 16:42:10&v=18.2.0.829&pid=safeguard&sg=&sap=dsp&q={searchTerms}
SearchScopes: HKU\S-1-5-21-4008453203-116359934-4206298802-1001 -> {95B7759C-8C7F-4BF1-B163-73684A933233} URL = https://mysearch.avg.com/search?cid= {AACB84DC-ED5F-49CD-BE37-9C675C4EF508}&mid=bda1e2e2ac0d47d0a5f581ac0f233ffc-cc466c8dc8bb3b30c0b723e2031f0d52e028a0ba&lang=en&ds=AVG&coid=avgtbavg&cmpid=1214tb&pr=fr&d=2014-03-25 16:42:10&v=18.2.0.829&pid=safeguard&sg=&sap=dsp&q={searchTerms}
SearchScopes: HKU\S-1-5-21-4008453203-116359934-4206298802-1001 -> {DC91FAFB-6CEA-49E5-BB74-9CEE75D09B77} URL = https://mysearch.avg.com/search?cid= {AACB84DC-ED5F-49CD-BE37-9C675C4EF508}&mid=bda1e2e2ac0d47d0a5f581ac0f233ffc-cc466c8dc8bb3b30c0b723e2031f0d52e028a0ba&lang=en&ds=AVG&coid=avgtbavg&cmpid=&pr=fr&d=2014-03-25 16:42:10&v=18.1.9.799&pid=safeguard&sg=&sap=dsp&q={searchTerms}
BHO: AVG Safe Search -> {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} -> No File
Toolbar: HKU\S-1-5-21-4008453203-116359934-4206298802-1001 -> No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No File
FF DefaultSearchEngine: AVG Secure Search
FF SelectedSearchEngine: Vosteran
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\searchplugins\avg-secure-search.xml
CHR HomePage: Default -> hxxp://Vosteran.com/?f=1&a=vst_captaind ... 073027&ir=
CHR StartupUrls: Default -> "hxxp://Vosteran.com/?f=7&a=vst_captaind_14_49_other&cd=2XzuyEtN2Y1L1QzuyDtD0EyDyEzy0CyB0DyCtD0F0FtDzz0BtN0D0Tzu0StCtDyCyCtN1L2XzutAtFyCtFyCtFtDtN1L1CzutCyEtBzytDyD1V1BtN1L1G1B1V1N2Y1L1Qzu2SyEtCzytDtDtCzy0CtG0F0BtCzztGtByEzz0BtGyB0EtByDtGtAyByC0E0A0Czy0A0CyCtDtC2QtN1M1F1B2Z1V1N2Y1L1Qzu2StCzy0D0FzzyCtAtAtGyD0E0C0EtGyEyD0FzztG0AyEyC0EtGtDyCtAtCtD0CtA0A0CtByB0D2Q&cr=418073027&ir="
CHR HomePage: Default -> hxxp://Vosteran.com/?f=1&a=vst_captaind ... 073027&ir=
CHR StartupUrls: Default -> "hxxp://Vosteran.com/?f=7&a=vst_captaind_14_49_other&cd=2XzuyEtN2Y1L1QzuyDtD0EyDyEzy0CyB0DyCtD0F0FtDzz0BtN0D0Tzu0StCtDyCyCtN1L2XzutAtFyCtFyCtFtDtN1L1CzutCyEtBzytDyD1V1BtN1L1G1B1V1N2Y1L1Qzu2SyEtCzytDtDtCzy0CtG0F0BtCzztGtByEzz0BtGyB0EtByDtGtAyByC0E0A0Czy0A0CyCtDtC2QtN1M1F1B2Z1V1N2Y1L1Qzu2StCzy0D0FzzyCtAtAtGyD0E0C0EtGyEyD0FzztG0AyEyC0EtGtDyCtAtCtD0CtA0A0CtByB0D2Q&cr=418073027&ir="
CHR HKU\S-1-5-21-4008453203-116359934-4206298802-1001\...\Chrome\Extension: [lmjegmlicamnimmfhcmpkclmigmmcbeh] - No Path
2014-11-03 15:49 - 2014-11-03 15:49 - 1727233 _____ () C:\ProgramData\SPL1E95.tmp
2014-12-11 09:02 - 2014-12-11 09:02 - 30331855 _____ () C:\ProgramData\SPL4149.tmp
2013-11-17 18:29 - 2013-11-17 18:29 - 0153787 _____ () C:\ProgramData\SPL451E.tmp
2014-01-16 22:29 - 2014-01-16 22:29 - 2398763 _____ () C:\ProgramData\SPL4F8E.tmp
2014-09-16 15:50 - 2014-09-16 15:50 - 0282720 _____ () C:\ProgramData\SPL5C9B.tmp
2012-05-08 15:28 - 2012-05-08 15:32 - 31633754 _____ () C:\ProgramData\SPL6612.tmp
2014-09-22 14:36 - 2014-09-22 14:36 - 0560864 _____ () C:\ProgramData\SPL733C.tmp
2014-09-26 11:44 - 2014-09-26 11:44 - 6057910 _____ () C:\ProgramData\SPL7446.tmp
2013-02-02 22:57 - 2013-02-02 22:57 - 1248926 _____ () C:\ProgramData\SPL7651.tmp
2014-10-21 10:02 - 2014-10-21 10:02 - 0107251 _____ () C:\ProgramData\SPL8F6E.tmp
2013-11-17 19:47 - 2013-11-17 19:47 - 0003206 _____ () C:\ProgramData\SPL9CCB.tmp
2014-02-24 09:21 - 2014-02-24 09:21 - 2934426 _____ () C:\ProgramData\SPLA3E1.tmp
2013-11-17 14:45 - 2013-11-17 14:45 - 1483386 _____ () C:\ProgramData\SPLBDBC.tmp
2013-11-27 11:04 - 2013-11-27 11:04 - 0279366 _____ () C:\ProgramData\SPLC1F5.tmp
2014-08-08 11:45 - 2014-08-08 11:45 - 0147900 _____ () C:\ProgramData\SPLD2A4.tmp
2014-11-14 13:29 - 2014-11-14 13:29 - 0800734 _____ () C:\ProgramData\SPLE13B.tmp
2013-12-12 03:19 - 2013-12-12 03:19 - 0230838 _____ () C:\ProgramData\SPLEA69.tmp
2013-12-09 22:16 - 2013-12-09 22:16 - 0135883 _____ () C:\ProgramData\SPLF94A.tmp
C:\Users\Public\AlexaNSISPlugin.2808.dll
C:\Users\Stephen\javafx-windows-x64__Vlatest.exe
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Applications\iLividSetup(1).exe]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Applications\iLividSetup(3).exe]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Applications\iLividSetup
[-HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\iLividSetup(1)_RASAPI32]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\iLividSetup(2)_RASAPI32]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\iLividSetup(3)_RASAPI32]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\iLividSetup
[-HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\iLividSetup_RASAPI32]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\iLivid_RASAPI32]
[-HKEY_USERS\S-1-5-21-4008453203-116359934-4206298802-1001\Software\ilivid]
[-HKEY_USERS\S-1-5-21-4008453203-116359934-4206298802-1001\Software\Microsoft\IntelliType Pro\AppSpecific\iLivid.exe]
[-HKEY_USERS\S-1-5-21-4008453203-116359934-4206298802-1001\Software\Trolltech\OrganizationDefaults\Qt Factory Cache 4.8\com.trolltech.Qt.QImageIOHandlerFactoryInterface:\C:\Users\Stephen\AppData\Local\iLivid]
[-HKEY_USERS\S-1-5-21-4008453203-116359934-4206298802-1001\Software\Trolltech\OrganizationDefaults\Qt Plugin Cache 4.8.false\C:\Users\Stephen\AppData\Local\iLivid]
[-HKEY_USERS\S-1-5-21-4008453203-116359934-4206298802-1001\Software\Trolltech]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{2EECD738-5844-4A99-B4B6-146BF802613B}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{98889811-442D-49DD-99D7-DC866BE87DBC}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Extension Compatibility\{2EECD738-5844-4A99-B4B6-146BF802613B}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Extension Compatibility\{98889811-442D-49DD-99D7-DC866BE87DBC}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Conduit]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\conduitinstaller_RASAPI32]
[-HKEY_USERS\S-1-5-21-4008453203-116359934-4206298802-1001\Software\AppDataLow\Software\Conduit]
[-HKEY_USERS\S-1-5-21-4008453203-116359934-4206298802-1001\Software\AppDataLow\Software\uTorrentControl2\toolbar]
[-HKEY_USERS\S-1-5-21-4008453203-116359934-4206298802-1001\Software\Conduit]
*****************

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\CrashPlan Tray.lnk => Moved successfully.
C:\Program Files\CrashPlan\CrashPlanTray.exe not found.
C:\windows\system32\GroupPolicyUsers\S-1-5-21-4008453203-116359934-4206298802-1001\User => Moved successfully.
C:\windows\system32\GroupPolicy\GPT.ini => Moved successfully.
"HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer" => Key deleted successfully.
Error setting Default URLSearchHook.
"HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}" => Key deleted successfully.
HKCR\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} => Key not found.
"HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}" => Key deleted successfully.
HKCR\Wow6432Node\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} => Key not found.
HKU\S-1-5-21-4008453203-116359934-4206298802-1001\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => Value not found.
HKU\S-1-5-21-4008453203-116359934-4206298802-1001\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233} => Key not found.
HKCR\CLSID\{95B7759C-8C7F-4BF1-B163-73684A933233} => Key not found.
HKU\S-1-5-21-4008453203-116359934-4206298802-1001\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{DC91FAFB-6CEA-49E5-BB74-9CEE75D09B77} => Key not found.
HKCR\CLSID\{DC91FAFB-6CEA-49E5-BB74-9CEE75D09B77} => Key not found.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} => Key not found.
HKCR\CLSID\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} => Key not found.
HKU\S-1-5-21-4008453203-116359934-4206298802-1001\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => Value not found.
HKU\S-1-5-21-4008453203-116359934-4206298802-1001\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233} => Key not found.
HKCR\CLSID\{95B7759C-8C7F-4BF1-B163-73684A933233} => Key not found.
HKU\S-1-5-21-4008453203-116359934-4206298802-1001\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{DC91FAFB-6CEA-49E5-BB74-9CEE75D09B77} => Key not found.
HKCR\CLSID\{DC91FAFB-6CEA-49E5-BB74-9CEE75D09B77} => Key not found.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} => Key not found.
HKCR\CLSID\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} => Key not found.
HKU\S-1-5-21-4008453203-116359934-4206298802-1001\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} => Value not found.
HKCR\CLSID\{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} => Key not found.
Firefox DefaultSearchEngine deleted successfully.
Firefox SelectedSearchEngine deleted successfully.
C:\Program Files (x86)\mozilla firefox\searchplugins\avg-secure-search.xml => Moved successfully.
Chrome HomePage deleted successfully.
Chrome StartupUrls deleted successfully.
Chrome HomePage not detected.
Chrome StartupUrls not detected.
HKU\S-1-5-21-4008453203-116359934-4206298802-1001\SOFTWARE\Google\Chrome\Extensions\lmjegmlicamnimmfhcmpkclmigmmcbeh => Key not found.
C:\ProgramData\SPL1E95.tmp => Moved successfully.
C:\ProgramData\SPL4149.tmp => Moved successfully.
C:\ProgramData\SPL451E.tmp => Moved successfully.
C:\ProgramData\SPL4F8E.tmp => Moved successfully.
C:\ProgramData\SPL5C9B.tmp => Moved successfully.
C:\ProgramData\SPL6612.tmp => Moved successfully.
C:\ProgramData\SPL733C.tmp => Moved successfully.
C:\ProgramData\SPL7446.tmp => Moved successfully.
C:\ProgramData\SPL7651.tmp => Moved successfully.
C:\ProgramData\SPL8F6E.tmp => Moved successfully.
C:\ProgramData\SPL9CCB.tmp => Moved successfully.
C:\ProgramData\SPLA3E1.tmp => Moved successfully.
C:\ProgramData\SPLBDBC.tmp => Moved successfully.
C:\ProgramData\SPLC1F5.tmp => Moved successfully.
C:\ProgramData\SPLD2A4.tmp => Moved successfully.
C:\ProgramData\SPLE13B.tmp => Moved successfully.
C:\ProgramData\SPLEA69.tmp => Moved successfully.
C:\ProgramData\SPLF94A.tmp => Moved successfully.
C:\Users\Public\AlexaNSISPlugin.2808.dll => Moved successfully.
C:\Users\Stephen\javafx-windows-x64__Vlatest.exe => Moved successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Applications\iLividSetup(1).exe => Key Deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Applications\iLividSetup(3).exe => Key Deleted successfully.
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Applications\iLividSetup => Error deleting key: incorrect path.
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\iLividSetup(1)_RASAPI32 => Key not found.
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\iLividSetup(2)_RASAPI32 => Key not found.
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\iLividSetup(3)_RASAPI32 => Key not found.
[-HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\iLividSetup => Error deleting key: incorrect path.
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\iLividSetup_RASAPI32 => Key not found.
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\iLivid_RASAPI32 => Key not found.
HKEY_USERS\S-1-5-21-4008453203-116359934-4206298802-1001\Software\ilivid => Key not found.
HKEY_USERS\S-1-5-21-4008453203-116359934-4206298802-1001\Software\Microsoft\IntelliType Pro\AppSpecific\iLivid.exe => Key not found.
HKEY_USERS\S-1-5-21-4008453203-116359934-4206298802-1001\Software\Trolltech\OrganizationDefaults\Qt Factory Cache 4.8\com.trolltech.Qt.QImageIOHandlerFactoryInterface:\C:\Users\Stephen\AppData\Local\iLivid => Key not found.
HKEY_USERS\S-1-5-21-4008453203-116359934-4206298802-1001\Software\Trolltech\OrganizationDefaults\Qt Plugin Cache 4.8.false\C:\Users\Stephen\AppData\Local\iLivid => Key not found.
HKEY_USERS\S-1-5-21-4008453203-116359934-4206298802-1001\Software\Trolltech => Key not found.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{2EECD738-5844-4A99-B4B6-146BF802613B} => Key Deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{98889811-442D-49DD-99D7-DC866BE87DBC} => Key Deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Extension Compatibility\{2EECD738-5844-4A99-B4B6-146BF802613B} => Key Deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Extension Compatibility\{98889811-442D-49DD-99D7-DC866BE87DBC} => Key Deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Conduit => Key not found.
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\conduitinstaller_RASAPI32 => Key not found.
HKEY_USERS\S-1-5-21-4008453203-116359934-4206298802-1001\Software\AppDataLow\Software\Conduit => Key not found.
HKEY_USERS\S-1-5-21-4008453203-116359934-4206298802-1001\Software\AppDataLow\Software\uTorrentControl2\toolbar => Key not found.
HKEY_USERS\S-1-5-21-4008453203-116359934-4206298802-1001\Software\Conduit => Key not found.


The system needed a reboot.

==== End of Fixlog 18:55:02 ====
stephenabyers
Active Member
 
Posts: 14
Joined: January 31st, 2015, 9:48 pm

Re: FileParade + very slow startup and shutdown

Unread postby Gary R » February 7th, 2015, 1:40 am

Sorry, I forgot to include a couple of instructions in my last fix, so please do the following ...

  • Click Start
  • Type notepad.exe in the search programs and files box and click Enter.
  • A blank Notepad page should open.
    • Copy/Paste the contents of the code box below into Notepad (don't include Code: Select all).
Code: Select all
EmptyTemp:
Hosts:
Cmd: ipconfig /flushdns

    • Save it to the same folder/directory that FRST.exe is in, naming it as fixlist.txt

NOTICE: This script was written specifically for this user. Running it on another machine may cause damage to your operating system

  • Start FRST in a similar manner to when you ran a scan earlier, but this time when it opens ....
    • Press the Fix button once and wait.
    • FRST will process fixlist.txt
    • When finished, it will produce a log fixlog.txt in the same folder/directory as FRST64.exe
    • Please post me the log

Next ...

Reboot your computer, then run a new scan for me with FRST ...

  • Double click Frst.exe to launch it.
  • FRST will start to run.
    • When the tool opens click Yes to disclaimer.
    • Press the Scan button.
    • When finished scanning just 1 log will open on your Desktop this time, FRST.txt
    • Please post it in your next reply.

Next ...

Please run a scan with ESET Online Scanner

Note: You can use either Internet Explorer or Mozilla FireFox for this scan. You will however need to disable your current installed Anti-Virus, how to do so can be read here.
  • Please go HERE then click on Run ESET Online Scanner
Note: If using Mozilla Firefox you will need to download esetsmartinstaller_enu.exe when prompted then double click on it to install.
All of the below instructions are compatible with either Internet Explorer or Mozilla FireFox.

  • Select the option YES, I accept the Terms of Use then click on: Image
  • When prompted allow the Add-On/Active X to install.
  • Make sure that the option Remove found threats is NOT checked.
  • Now click on Advanced Settings and select the following:
    • Scan for potentially unwanted applications
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth Technology
  • Now click on: Image
  • The virus signature database... will begin to download. Be patient this make take some time depending on the speed of your Internet Connection.
  • When completed click on Start to start the scan.
  • Do not touch either the Mouse or keyboard during the scan otherwise it may stall.
  • When completed you will be presented with a list of found threats ....
    • Click on the List of found threats link
    • Click on Export to text file
    • Save as ESET.txt to your Desktop
  • Exit out of ESET Online Scanner.
  • Post me the contents of ESET.txt please.

Summary of the logs I need from you in your next post:
  • Fixlog.txt
  • FRST.txt
  • E-Set.txt


Please post each log separately to prevent it being cut off by the forum post size limiter. Check each after you've posted it to make sure it's all present, if any log is cut off you'll have to post it in sections.
User avatar
Gary R
Administrator
Administrator
 
Posts: 21868
Joined: June 28th, 2005, 11:36 am
Location: Yorkshire

Re: FileParade + very slow startup and shutdown

Unread postby stephenabyers » February 7th, 2015, 9:02 am

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 05-02-2015
Ran by Admin at 2015-02-07 07:48:07 Run:2
Running from C:\Users\Admin\Desktop
Loaded Profiles: Admin (Available profiles: Stephen & Admin)
Boot Mode: Normal
==============================================

Content of fixlist:
*****************
EmptyTemp:
Hosts:
Cmd: ipconfig /flushdns
*****************

C:\Windows\System32\Drivers\etc\hosts => Moved successfully.
Hosts was reset successfully.

========= ipconfig /flushdns =========


Windows IP Configuration

Successfully flushed the DNS Resolver Cache.

========= End of CMD: =========

EmptyTemp: => Removed 1016 MB temporary data.


The system needed a reboot.

==== End of Fixlog 07:51:30 ====
stephenabyers
Active Member
 
Posts: 14
Joined: January 31st, 2015, 9:48 pm

Re: FileParade + very slow startup and shutdown

Unread postby stephenabyers » February 7th, 2015, 9:03 am

After the reboot....

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 05-02-2015
Ran by Admin (administrator) on ZT2012 on 07-02-2015 07:57:25
Running from C:\Users\Admin\Desktop
Loaded Profiles: Admin (Available profiles: Stephen & Admin)
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/33 ... scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgrsa.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgcsrva.exe
(Logitech Inc.) C:\Program Files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgidsagent.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgwdsvc.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Microsoft Corporation) C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe
(Prosoftnet) C:\Program Files (x86)\IDriveWindows\id_service.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
(Lexmark International, Inc.) C:\Windows\System32\spool\drivers\x64\3\lxecserv.exe
( ) C:\Windows\System32\lxeccoms.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
(Sony Corporation) C:\Program Files (x86)\Sony\PlayMemories Home\PMBDeviceInfoProvider.exe
() C:\Program Files\Serviio\bin\ServiioService.exe
() C:\Program Files\Serviio\bin\ServiioService.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgnsa.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgemca.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
(Microsoft Corporation) C:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe
(Microsoft Corporation) C:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Microsoft Corporation) C:\Program Files (x86)\Windows Live\Family Safety\fsui.exe
() C:\Program Files (x86)\Lexmark Pro800-Pro900 Series\lxecmon.exe
() C:\Program Files (x86)\Lexmark Pro800-Pro900 Series\ezprint.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Ruiware LLC) C:\Program Files (x86)\Ruiware\WinPatrol\WinPatrol.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgui.exe
(Prosoftnet) C:\Program Files (x86)\IDriveWindows\id_bglaunch.exe
(Prosoftnet) C:\Program Files (x86)\IDriveWindows\id_tray.exe
(Sony Corporation) C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHDms.exe
(Sony Corporation) C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\SPF\SpfService64.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Logitech Inc.) C:\Program Files (x86)\Squeezebox\SqueezeTray.exe
(Logitech Inc.) C:\Program Files (x86)\Squeezebox\server\SqueezeSvr.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [11772520 2011-01-04] (Realtek Semiconductor)
HKLM\...\Run: [fssui] => C:\Program Files (x86)\Windows Live\Family Safety\fsui.exe [892608 2014-03-31] (Microsoft Corporation)
HKLM\...\Run: [lxecmon.exe] => C:\Program Files (x86)\Lexmark Pro800-Pro900 Series\lxecmon.exe [772712 2013-01-23] ()
HKLM\...\Run: [EzPrint] => C:\Program Files (x86)\Lexmark Pro800-Pro900 Series\ezprint.exe [150264 2013-01-23] ()
HKLM-x32\...\Run: [BCSSync] => C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe [89184 2012-11-05] (Microsoft Corporation)
HKLM-x32\...\Run: [AVG_UI] => C:\Program Files (x86)\AVG\AVG2014\avgui.exe [5188112 2014-12-16] (AVG Technologies CZ, s.r.o.)
HKLM-x32\...\Run: [IDrive Background process] => C:\Program Files (x86)\IDriveWindows\id_bglaunch.exe [67616 2015-01-31] (Prosoftnet)
HKLM-x32\...\Run: [IDrive Tray] => C:\Program Files (x86)\IDriveWindows\id_tray.exe [1973280 2015-01-31] (Prosoftnet)
Winlogon\Notify\igfxcui: C:\windows\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-4008453203-116359934-4206298802-1003\...\Run: [WinPatrol] => C:\Program Files (x86)\Ruiware\WinPatrol\winpatrol.exe [1154112 2014-07-20] (Ruiware LLC)
HKU\S-1-5-21-4008453203-116359934-4206298802-1003\...\Policies\system: [LogonHoursAction] 2
HKU\S-1-5-21-4008453203-116359934-4206298802-1003\...\Policies\system: [DontDisplayLogonHoursWarnings] 1
HKU\S-1-5-18\...\RunOnce: [FlashPlayerUpdate] => C:\windows\SysWOW64\Macromed\Flash\FlashUtil32_11_5_502_149_ActiveX.exe -update activex
Startup: C:\Users\Stephen\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\eFax 4.4.lnk
ShortcutTarget: eFax 4.4.lnk -> C:\Program Files (x86)\eFax Messenger 4.4\J2GTray.exe (j2 Global Communications, Inc.)
Startup: C:\Users\Stephen\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\NexDef Plug-in.lnk
ShortcutTarget: NexDef Plug-in.lnk -> C:\Users\Admin\AppData\Local\Autobahn\nexdef.exe (No File)
ShellIconOverlayIdentifiers: [ SkyDrive1] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} => No File
ShellIconOverlayIdentifiers: [ SkyDrive2] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => No File
ShellIconOverlayIdentifiers: [ SkyDrive3] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} => No File
ShellIconOverlayIdentifiers: [0001IDSIcon1] -> {0FA6DCC0-CF0B-427D-A8AF-97C466AB5769} => C:\Program Files (x86)\IDriveWindows\IDSyncIntIcon64.dll (Pro-Softnet Corporation, U.S.A)
ShellIconOverlayIdentifiers: [0001IDSIcon2] -> {66357BBE-D2E5-453C-95FF-8102EB32419D} => C:\Program Files (x86)\IDriveWindows\IDSyncIntIcon64.dll (Pro-Softnet Corporation, U.S.A)
ShellIconOverlayIdentifiers: [0001IDSIcon3] -> {904E6336-8B13-43FA-B4C3-5B62C1C91971} => C:\Program Files (x86)\IDriveWindows\IDSyncIntIcon64.dll (Pro-Softnet Corporation, U.S.A)
ShellIconOverlayIdentifiers-x32: [ SkyDrive1] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} => No File
ShellIconOverlayIdentifiers-x32: [ SkyDrive2] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => No File
ShellIconOverlayIdentifiers-x32: [ SkyDrive3] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} => No File
BootExecute: autocheck autochk * sdnclean64.exe
GroupPolicyUsers\S-1-5-21-4008453203-116359934-4206298802-1001\User: Group Policy restriction detected <======= ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKU\S-1-5-21-4008453203-116359934-4206298802-1003\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://nmd.msn.com
SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM -> {15D6AACC-F402-4335-8BD8-20BB5E8A8DB5} URL = http://www.bing.com/search?q={searchTerms}&form=MNMTDF&pc=MANM&src=IE-SearchBox
SearchScopes: HKLM-x32 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM-x32 -> {D76D72CF-E095-4571-BA70-D447FD302996} URL = http://www.bing.com/search?q={searchTerms}&form=MNMTDF&pc=MANM&src=IE-SearchBox
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-4008453203-116359934-4206298802-1003 -> {15D6AACC-F402-4335-8BD8-20BB5E8A8DB5} URL =
BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
BHO: No Name -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> No File
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Skype add-on for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Oracle\JavaFX 2.2 Runtime\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Skype Browser Helper -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
DPF: HKLM-x32 {6A060448-60F9-11D5-A6CD-0002B31F7455}
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - No File
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.)
Handler-x32: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1

FireFox:
========
FF Plugin: @adobe.com/FlashPlayer -> C:\windows\system32\Macromed\Flash\NPSWF64_16_0_0_305.dll ()
FF Plugin: @java.com/DTPlugin,version=10.15.1 -> C:\windows\system32\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.15.1 -> C:\Program Files\Oracle\JavaFX 2.2 Runtime\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\windows\SysWOW64\Macromed\Flash\NPSWF32_16_0_0_305.dll ()
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\windows\SysWOW64\Adobe\Director\np32dsw_1168638.dll (Adobe Systems, Inc.)
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~4\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~4\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3528.0331 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.1.5 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF HKLM-x32\...\Firefox\Extensions: [avg@toolbar] - C:\ProgramData\AVG SafeGuard toolbar\FireFoxExt\17.3.1.91

Chrome:
=======
CHR Profile: C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Docs) - C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2013-05-16]
CHR Extension: (Google Drive) - C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2013-05-16]
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-07-10]
CHR Extension: (YouTube) - C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2013-05-16]
CHR Extension: (Google Search) - C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2013-05-16]
CHR Extension: (Google Wallet) - C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-09-22]
CHR Extension: (Gmail) - C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2013-05-16]
CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files (x86)\Skype\Toolbars\Skype for Chromium\skype_chrome_extension.crx [2013-10-09]

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 AVGIDSAgent; C:\Program Files (x86)\AVG\AVG2014\avgidsagent.exe [3247120 2014-12-16] (AVG Technologies CZ, s.r.o.)
R2 avgwd; C:\Program Files (x86)\AVG\AVG2014\avgwdsvc.exe [289328 2014-12-16] (AVG Technologies CZ, s.r.o.)
S2 CLKMSVC10_9EC60124; C:\Program Files (x86)\CyberLink\PowerDVD9\NavFilter\kmsvc.exe [240112 2010-11-18] (CyberLink)
R2 IDriveService; C:\Program Files (x86)\IDriveWindows\id_service.exe [100384 2015-01-31] (Prosoftnet)
R2 LightScribeService; C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe [73728 2011-03-04] (Hewlett-Packard Company) [File not signed]
R2 lxecCATSCustConnectService; C:\windows\system32\spool\DRIVERS\x64\3\\lxecserv.exe [45736 2010-04-14] (Lexmark International, Inc.)
R2 lxec_device; C:\windows\system32\lxeccoms.exe [1052328 2010-04-14] ( )
R2 lxec_device; C:\windows\SysWOW64\lxeccoms.exe [598696 2010-04-14] ( )
R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1871160 2014-11-21] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [969016 2014-11-21] (Malwarebytes Corporation)
R2 PMBDeviceInfoProvider; C:\Program Files (x86)\Sony\PlayMemories Home\PMBDeviceInfoProvider.exe [481816 2014-03-12] (Sony Corporation)
S4 RichVideo; C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe [244904 2009-07-02] () [File not signed]
R2 Serviio; C:\Program Files\Serviio\bin\ServiioService.exe [359936 2014-03-20] () [File not signed]
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R1 Avgdiska; C:\Windows\System32\DRIVERS\avgdiska.sys [152344 2014-06-30] (AVG Technologies CZ, s.r.o.)
R1 AVGIDSDriver; C:\Windows\System32\DRIVERS\avgidsdrivera.sys [244504 2014-07-21] (AVG Technologies CZ, s.r.o.)
R0 AVGIDSHA; C:\Windows\System32\DRIVERS\avgidsha.sys [190744 2014-06-17] (AVG Technologies CZ, s.r.o.)
R1 Avgldx64; C:\Windows\System32\DRIVERS\avgldx64.sys [237848 2014-10-24] (AVG Technologies CZ, s.r.o.)
R0 Avgloga; C:\Windows\System32\DRIVERS\avgloga.sys [328984 2014-06-17] (AVG Technologies CZ, s.r.o.)
R0 Avgmfx64; C:\Windows\System32\DRIVERS\avgmfx64.sys [123672 2014-10-29] (AVG Technologies CZ, s.r.o.)
R0 Avgrkx64; C:\Windows\System32\DRIVERS\avgrkx64.sys [31512 2014-06-17] (AVG Technologies CZ, s.r.o.)
R1 Avgtdia; C:\Windows\System32\DRIVERS\avgtdia.sys [269080 2014-10-20] (AVG Technologies CZ, s.r.o.)
R1 avgtp; C:\windows\system32\drivers\avgtpx64.sys [52000 2014-12-11] (AVG Technologies)
R3 MBAMProtector; C:\windows\system32\drivers\mbam.sys [25816 2014-11-21] (Malwarebytes Corporation)
R3 MBAMSwissArmy; C:\windows\system32\drivers\MBAMSwissArmy.sys [129752 2015-02-07] (Malwarebytes Corporation)
R3 MBAMWebAccessControl; C:\windows\system32\drivers\mwac.sys [63704 2014-11-21] (Malwarebytes Corporation)
R3 msvad_simple; C:\Windows\System32\drivers\povrtdev.sys [28528 2012-03-28] (MediaMall Technologies, Inc.)
S3 sscdserd; C:\Windows\System32\DRIVERS\sscdserd.sys [141384 2010-11-11] (MCCI Corporation)
S3 gdrv; \??\C:\windows\gdrv.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-02-07 07:57 - 2015-02-07 07:58 - 00019055 _____ () C:\Users\Admin\Desktop\FRST.txt
2015-02-07 07:47 - 2015-02-07 07:47 - 00000043 _____ () C:\Users\Admin\Desktop\.txt
2015-02-06 18:54 - 2015-02-06 18:54 - 00000000 _____ () C:\prefs.js
2015-02-06 18:44 - 2015-02-06 18:44 - 00000553 _____ () C:\Users\Admin\Desktop\notes.txt
2015-02-06 18:43 - 2015-02-05 19:59 - 02131968 _____ (Farbar) C:\Users\Admin\Desktop\FRST64.exe
2015-02-06 18:33 - 2015-02-06 18:33 - 02112512 _____ () C:\Users\Admin\Downloads\adwcleaner_4.110.exe
2015-02-06 18:33 - 2015-02-06 18:33 - 02112512 _____ () C:\Users\Admin\Desktop\adwcleaner_4.110.exe
2015-02-06 18:13 - 2015-02-06 18:13 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java Development Kit
2015-02-06 18:13 - 2014-10-24 15:39 - 00176552 _____ (Oracle Corporation) C:\windows\SysWOW64\javaw.exe
2015-02-06 18:13 - 2014-10-24 15:39 - 00176552 _____ (Oracle Corporation) C:\windows\SysWOW64\java.exe
2015-02-06 08:54 - 2015-02-06 08:54 - 00010671 _____ () C:\Users\Stephen\Downloads\meeting (7).collab
2015-02-05 20:06 - 2015-02-05 20:06 - 00027401 _____ () C:\Users\Stephen\Desktop\Search.txt
2015-02-05 20:04 - 2015-02-05 20:04 - 00027470 _____ () C:\Users\Stephen\Desktop\Addition.txt
2015-02-05 20:03 - 2015-02-07 07:57 - 00000000 ____D () C:\FRST
2015-02-05 20:03 - 2015-02-05 20:04 - 00046203 _____ () C:\Users\Stephen\Desktop\FRST.txt
2015-02-05 20:02 - 2015-02-05 20:02 - 00010870 _____ () C:\Users\Admin\Desktop\AdwCleaner[R0].txt
2015-02-05 20:00 - 2015-02-06 18:45 - 00000000 ____D () C:\AdwCleaner
2015-02-05 20:00 - 2015-02-05 20:01 - 00010870 _____ () C:\Users\Stephen\Desktop\AdwCleaner[R0].txt
2015-02-05 19:59 - 2015-02-05 19:59 - 02131968 _____ (Farbar) C:\Users\Stephen\Desktop\FRST64.exe
2015-02-05 19:59 - 2015-02-05 19:59 - 02112512 _____ () C:\Users\Stephen\Desktop\adwcleaner_4.110.exe
2015-02-05 19:58 - 2015-02-05 19:58 - 00000207 _____ () C:\windows\tweaking.com-regbackup-ZT2012-Windows-7-Home-Premium-(64-bit).dat
2015-02-05 19:57 - 2015-02-05 19:57 - 00002237 _____ () C:\Users\Public\Desktop\Tweaking.com - Registry Backup.lnk
2015-02-05 19:57 - 2015-02-05 19:57 - 00000000 ____D () C:\RegBackup
2015-02-05 19:57 - 2015-02-05 19:57 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Tweaking.com
2015-02-05 19:57 - 2015-02-05 19:57 - 00000000 ____D () C:\Program Files (x86)\Tweaking.com
2015-02-05 19:55 - 2015-02-05 19:55 - 04803888 _____ () C:\Users\Stephen\Desktop\tweaking.com_registry_backup_setup.exe
2015-02-01 20:23 - 2015-02-07 07:46 - 00000000 ____D () C:\ProgramData\IDrive
2015-02-01 20:23 - 2015-02-01 20:24 - 00000000 ____D () C:\Program Files (x86)\IDriveWindows
2015-02-01 20:23 - 2015-02-01 20:23 - 00001932 _____ () C:\Users\Public\Desktop\IDrive.lnk
2015-02-01 20:23 - 2015-02-01 20:23 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\IDrive
2015-02-01 20:23 - 2015-01-27 19:18 - 00533776 _____ (Microsoft Corporation) C:\windows\SysWOW64\msxml.dll
2015-02-01 20:09 - 2015-02-01 20:09 - 19659752 _____ (Pro Softnet Corp ) C:\Users\Stephen\Desktop\IDriveWinSetup.exe
2015-02-01 17:37 - 2015-02-01 17:37 - 00000000 ____D () C:\Users\Stephen\AppData\Roaming\WinPatrol
2015-02-01 15:56 - 2015-02-01 15:56 - 00000000 ____D () C:\Users\Admin\AppData\Roaming\WinPatrol
2015-02-01 15:56 - 2015-02-01 15:56 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinPatrol
2015-02-01 15:56 - 2015-02-01 15:56 - 00000000 ____D () C:\ProgramData\InstallMate
2015-02-01 15:56 - 2015-02-01 15:56 - 00000000 ____D () C:\Program Files (x86)\Ruiware
2015-02-01 15:55 - 2015-02-01 15:55 - 01156136 _____ (Ruiware) C:\Users\Admin\Downloads\wpsetup.exe
2015-02-01 14:41 - 2015-02-07 07:54 - 00129752 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\MBAMSwissArmy.sys
2015-02-01 14:41 - 2015-02-01 14:41 - 00001104 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2015-02-01 14:41 - 2015-02-01 14:41 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2015-02-01 14:41 - 2015-02-01 14:41 - 00000000 ____D () C:\ProgramData\Malwarebytes
2015-02-01 14:41 - 2015-02-01 14:41 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2015-02-01 14:41 - 2014-11-21 06:14 - 00093400 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\mbamchameleon.sys
2015-02-01 14:41 - 2014-11-21 06:14 - 00063704 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\mwac.sys
2015-02-01 14:41 - 2014-11-21 06:14 - 00025816 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\mbam.sys
2015-02-01 14:27 - 2015-02-01 14:27 - 00014704 _____ () C:\Users\Admin\Desktop\attach2.txt
2015-02-01 14:27 - 2015-02-01 14:26 - 00023188 _____ () C:\Users\Admin\Desktop\dds2.txt
2015-02-01 14:24 - 2015-02-01 14:24 - 20447072 _____ (Malwarebytes Corporation ) C:\Users\Admin\Downloads\mbam-setup-2.0.4.1028.exe
2015-01-31 20:46 - 2015-01-31 20:46 - 00023553 _____ () C:\Users\Admin\Desktop\dds1.txt
2015-01-31 20:46 - 2015-01-31 20:46 - 00014820 _____ () C:\Users\Admin\Desktop\attach1.txt
2015-01-31 20:44 - 2015-01-31 20:44 - 00688992 ____R (Swearware) C:\Users\Admin\Desktop\dds.scr
2015-01-31 20:10 - 2015-01-31 20:10 - 00000000 __SHD () C:\Users\Admin\AppData\Local\EmieUserList
2015-01-31 20:10 - 2015-01-31 20:10 - 00000000 __SHD () C:\Users\Admin\AppData\Local\EmieSiteList
2015-01-31 20:10 - 2015-01-31 20:10 - 00000000 __SHD () C:\Users\Admin\AppData\Local\EmieBrowserModeList
2015-01-30 09:02 - 2015-01-30 09:02 - 00010671 _____ () C:\Users\Stephen\Downloads\meeting (6).collab
2015-01-30 09:01 - 2015-01-30 09:01 - 00010671 _____ () C:\Users\Stephen\Downloads\meeting (5).collab
2015-01-29 21:03 - 2015-01-29 21:03 - 00000000 ____D () C:\Users\Admin\AppData\Roaming\HD Tune Pro
2015-01-29 19:36 - 2015-01-29 19:36 - 1529855018 _____ () C:\windows\MEMORY.DMP
2015-01-29 19:36 - 2015-01-29 19:36 - 00283552 _____ () C:\windows\Minidump\012915-62650-01.dmp
2015-01-29 19:36 - 2015-01-29 19:36 - 00000000 ____D () C:\windows\Minidump
2015-01-29 19:26 - 2015-01-29 19:26 - 00010592 _____ () C:\Users\Stephen\Downloads\nativeplayback.collab
2015-01-28 22:56 - 2015-01-28 22:56 - 00000000 ____D () C:\Program Files (x86)\Ffmpeg For Audacity
2015-01-27 21:37 - 2015-01-27 21:38 - 183308946 _____ () C:\Users\Stephen\Downloads\Byers Heart Project (1).zip
2015-01-25 22:14 - 2015-01-25 22:14 - 183308946 _____ () C:\Users\Stephen\Downloads\Byers Heart Project.zip
2015-01-23 19:16 - 2015-01-24 14:49 - 00000000 ____D () C:\Users\Admin\Documents\Action!
2015-01-23 19:16 - 2015-01-24 10:49 - 00003924 _____ () C:\windows\windefendam.log
2015-01-23 19:16 - 2015-01-24 10:49 - 00000020 _____ () C:\windows\capsys184523.log
2015-01-23 19:16 - 2015-01-23 19:16 - 00000000 ____D () C:\Users\Admin\AppData\Roaming\Mirillis
2015-01-23 19:16 - 2015-01-23 19:16 - 00000000 ____D () C:\Users\Admin\AppData\Local\Mirillis
2015-01-23 19:16 - 2015-01-23 19:16 - 00000000 ____D () C:\ProgramData\Mirillis
2015-01-23 19:15 - 2015-01-23 19:15 - 00002037 _____ () C:\Users\Public\Desktop\Action!.lnk
2015-01-23 19:15 - 2015-01-23 19:15 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mirillis
2015-01-23 19:15 - 2015-01-23 19:15 - 00000000 ____D () C:\Program Files (x86)\Mirillis
2015-01-23 19:14 - 2015-01-23 19:14 - 21876840 _____ (Mirillis Ltd.) C:\Users\Stephen\Downloads\action_1_21_0_setup.exe
2015-01-23 19:14 - 2015-01-23 19:14 - 00001004 _____ () C:\Users\Public\Desktop\Screen Recorder.lnk
2015-01-23 19:14 - 2015-01-23 19:14 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ZD Soft
2015-01-23 19:12 - 2015-01-23 19:12 - 02352652 _____ () C:\Users\Stephen\Downloads\ScnRec.msi
2015-01-23 08:51 - 2015-01-23 08:51 - 00010671 _____ () C:\Users\Stephen\Downloads\meeting (4).collab
2015-01-22 20:47 - 2015-01-22 20:47 - 00010671 _____ () C:\Users\Stephen\Downloads\meeting (3).collab
2015-01-22 20:00 - 2015-01-22 20:00 - 00000127 _____ () C:\Users\Stephen\Desktop\Basic Information.url
2015-01-17 09:00 - 2015-01-17 09:01 - 00000138 _____ () C:\Users\Stephen\Desktop\Tanki-Russian Server 1.url
2015-01-17 08:50 - 2015-01-17 08:51 - 00000115 _____ () C:\Users\Stephen\Desktop\Tanki.url
2015-01-16 08:53 - 2015-01-16 08:53 - 00010671 _____ () C:\Users\Stephen\Downloads\meeting (2).collab
2015-01-15 22:05 - 2015-01-15 22:05 - 00010671 _____ () C:\Users\Stephen\Downloads\meeting (1).collab
2015-01-13 19:05 - 2014-12-18 22:06 - 00210432 _____ (Microsoft Corporation) C:\windows\system32\profsvc.dll
2015-01-13 19:05 - 2014-12-18 20:46 - 00141312 _____ (Microsoft Corporation) C:\windows\system32\Drivers\mrxdav.sys
2015-01-13 19:05 - 2014-12-12 00:35 - 05553592 _____ (Microsoft Corporation) C:\windows\system32\ntoskrnl.exe
2015-01-13 19:05 - 2014-12-12 00:31 - 00503808 _____ (Microsoft Corporation) C:\windows\system32\srcore.dll
2015-01-13 19:05 - 2014-12-12 00:31 - 00296960 _____ (Microsoft Corporation) C:\windows\system32\rstrui.exe
2015-01-13 19:05 - 2014-12-12 00:31 - 00050176 _____ (Microsoft Corporation) C:\windows\system32\srclient.dll
2015-01-13 19:05 - 2014-12-12 00:11 - 03971512 _____ (Microsoft Corporation) C:\windows\SysWOW64\ntkrnlpa.exe
2015-01-13 19:05 - 2014-12-12 00:11 - 03916728 _____ (Microsoft Corporation) C:\windows\SysWOW64\ntoskrnl.exe
2015-01-13 19:05 - 2014-12-12 00:07 - 00043008 _____ (Microsoft Corporation) C:\windows\SysWOW64\srclient.dll
2015-01-13 19:05 - 2014-12-11 12:47 - 00062976 _____ (Microsoft Corporation) C:\windows\system32\TSWbPrxy.exe
2015-01-13 19:05 - 2014-12-05 23:17 - 00303616 _____ (Microsoft Corporation) C:\windows\system32\nlasvc.dll
2015-01-13 19:05 - 2014-12-05 22:50 - 00156672 _____ (Microsoft Corporation) C:\windows\SysWOW64\ncsi.dll
2015-01-13 19:05 - 2014-12-05 22:50 - 00052224 _____ (Microsoft Corporation) C:\windows\SysWOW64\nlaapi.dll
2015-01-11 21:20 - 2015-01-11 21:20 - 01623466 _____ () C:\Users\Stephen\Downloads\MyDownloadPackage (1).zip
2015-01-11 21:12 - 2015-01-11 21:13 - 01352983 _____ () C:\Users\Stephen\Downloads\MyDownloadPackage.zip
2015-01-11 15:45 - 2015-01-11 15:45 - 00010671 _____ () C:\Users\Stephen\Downloads\meeting.collab
2015-01-11 15:43 - 2015-01-11 15:43 - 00001636 _____ () C:\Users\Stephen\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Blackboard Collaborate Launcher.lnk
2015-01-11 15:43 - 2015-01-11 15:43 - 00000000 ____D () C:\Users\Stephen\AppData\Local\Blackboard

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-02-07 07:57 - 2012-03-02 19:42 - 01896920 _____ () C:\windows\WindowsUpdate.log
2015-02-07 07:54 - 2012-03-26 19:16 - 00127616 _____ () C:\ProgramData\lxecscan.log
2015-02-07 07:53 - 2013-05-16 20:26 - 00000632 __RSH () C:\Users\Admin\ntuser.pol
2015-02-07 07:53 - 2013-05-16 19:09 - 00000000 ____D () C:\Users\Admin
2015-02-07 07:53 - 2012-11-13 20:29 - 00000347 _____ () C:\.dir
2015-02-07 07:53 - 2012-04-18 18:22 - 00000894 _____ () C:\windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-02-07 07:52 - 2014-09-02 15:47 - 00773420 _____ () C:\windows\PFRO.log
2015-02-07 07:52 - 2014-07-21 19:20 - 00006428 _____ () C:\windows\setupact.log
2015-02-07 07:52 - 2009-07-14 00:08 - 00000006 ____H () C:\windows\Tasks\SA.DAT
2015-02-07 07:30 - 2012-04-10 19:16 - 00000830 _____ () C:\windows\Tasks\Adobe Flash Player Updater.job
2015-02-07 06:59 - 2012-04-18 18:22 - 00000898 _____ () C:\windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-02-06 19:08 - 2009-07-13 23:45 - 00024608 ____H () C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-02-06 19:08 - 2009-07-13 23:45 - 00024608 ____H () C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-02-06 19:01 - 2013-05-16 20:26 - 00000908 __RSH () C:\Users\Stephen\ntuser.pol
2015-02-06 19:01 - 2012-12-04 22:09 - 00000000 ___RD () C:\Users\Stephen\Google Drive
2015-02-06 19:01 - 2012-03-06 20:50 - 00000000 ____D () C:\Users\Stephen
2015-02-06 18:58 - 2009-07-13 22:20 - 00000000 ___HD () C:\windows\system32\GroupPolicy
2015-02-06 18:23 - 2012-03-29 18:24 - 00000000 ____D () C:\ProgramData\MFAData
2015-02-06 18:13 - 2012-03-26 19:35 - 00000000 ____D () C:\Program Files (x86)\Java
2015-02-06 18:10 - 2014-09-08 18:41 - 00000000 ____D () C:\Users\Admin\AppData\Roaming\uTorrent
2015-02-06 17:40 - 2012-09-01 09:10 - 00000000 ____D () C:\Users\Stephen\AppData\Roaming\Skype
2015-02-05 23:54 - 2012-04-18 18:22 - 00003894 _____ () C:\windows\System32\Tasks\GoogleUpdateTaskMachineUA
2015-02-05 23:54 - 2012-04-18 18:22 - 00003642 _____ () C:\windows\System32\Tasks\GoogleUpdateTaskMachineCore
2015-02-05 11:30 - 2012-04-10 19:16 - 00701616 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerApp.exe
2015-02-05 11:30 - 2012-04-10 19:16 - 00003768 _____ () C:\windows\System32\Tasks\Adobe Flash Player Updater
2015-02-05 11:30 - 2012-03-06 21:37 - 00071344 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerCPLApp.cpl
2015-02-04 03:06 - 2014-01-29 03:03 - 00775502 _____ () C:\windows\SysWOW64\PerfStringBackup.INI
2015-02-04 03:06 - 2009-07-14 00:13 - 00775502 _____ () C:\windows\system32\PerfStringBackup.INI
2015-02-01 15:48 - 2012-08-12 20:07 - 00000000 ____D () C:\Users\Stephen\AppData\Local\CRE
2015-02-01 14:18 - 2013-11-17 19:34 - 00000000 ____D () C:\Program Files (x86)\Spybot - Search & Destroy 2
2015-02-01 14:17 - 2013-11-17 20:05 - 00001524 _____ () C:\windows\wininit.ini
2015-02-01 14:17 - 2013-11-17 19:34 - 00000000 ____D () C:\ProgramData\Spybot - Search & Destroy
2015-01-31 20:31 - 2013-03-17 11:09 - 00000000 ____D () C:\Program Files (x86)\Canon
2015-01-31 20:22 - 2013-10-25 19:52 - 00000000 ____D () C:\Program Files (x86)\BookSmart
2015-01-31 20:21 - 2011-11-22 16:55 - 00000000 ___HD () C:\Program Files (x86)\InstallShield Installation Information
2015-01-31 20:20 - 2012-07-05 21:07 - 00000000 ____D () C:\Program Files (x86)\TopicsLearning
2015-01-31 20:19 - 2012-07-05 21:08 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TopicsLearning
2015-01-31 20:02 - 2012-05-17 18:00 - 00000000 ____D () C:\Program Files (x86)\MediaMall
2015-01-31 20:01 - 2013-11-30 19:42 - 00000000 ____D () C:\ProgramData\CrashPlan
2015-01-30 22:41 - 2013-09-01 19:09 - 00000000 ____D () C:\Users\Stephen\AppData\Roaming\.ACEStream
2015-01-30 21:33 - 2014-06-19 17:20 - 00000000 ____D () C:\Users\Stephen\AppData\Roaming\Audacity
2015-01-30 09:48 - 2014-02-15 13:44 - 00000000 ____D () C:\Users\Stephen\Documents\Adelaide
2015-01-28 17:26 - 2012-03-26 19:27 - 00000000 ____D () C:\Users\Stephen\AppData\Local\CrashDumps
2015-01-26 20:08 - 2012-04-26 21:12 - 00000000 ____D () C:\Users\Stephen\Documents\Home
2015-01-26 19:52 - 2012-08-09 20:33 - 00000000 ____D () C:\Users\Stephen\Documents\Addison
2015-01-22 15:52 - 2012-12-04 22:07 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Drive
2015-01-19 11:50 - 2012-03-26 19:11 - 00000000 ____D () C:\ProgramData\lx_Cats
2015-01-14 16:54 - 2012-03-06 21:28 - 00000000 ____D () C:\Users\Stephen\AppData\Local\Microsoft Help
2015-01-14 03:09 - 2013-08-15 02:01 - 00000000 ____D () C:\windows\system32\MRT
2015-01-14 03:00 - 2012-08-15 18:35 - 113365784 _____ (Microsoft Corporation) C:\windows\system32\MRT.exe
2015-01-08 08:34 - 2014-03-15 08:12 - 00000967 _____ () C:\Users\Public\Desktop\AVG 2014.lnk

==================== Files in the root of some directories =======

2013-12-20 21:09 - 2014-06-03 16:24 - 0007620 _____ () C:\Users\Admin\AppData\Local\Resmon.ResmonCfg
2012-05-26 07:02 - 2012-05-26 07:02 - 0000000 _____ () C:\ProgramData\cmn_upld.log
2012-03-26 19:18 - 2014-01-09 20:42 - 0000756 _____ () C:\ProgramData\FastPics.log
2013-11-30 15:45 - 2014-09-16 16:18 - 0000585 _____ () C:\ProgramData\lxec.log
2013-01-21 08:47 - 2014-11-04 19:26 - 0000492 _____ () C:\ProgramData\lxecDiagnostics.log
2012-03-26 19:15 - 2014-11-11 19:37 - 0286390 _____ () C:\ProgramData\lxecJSW.log
2012-03-26 19:16 - 2015-02-07 07:54 - 0127616 _____ () C:\ProgramData\lxecscan.log
2012-05-26 07:02 - 2012-05-26 07:02 - 0000000 _____ () C:\ProgramData\LxWbGwLog.log
2012-03-26 19:16 - 2012-03-26 19:16 - 0000000 _____ () C:\ProgramData\UpdaterLog.txt

==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2015-02-03 00:30

==================== End Of Log ============================
stephenabyers
Active Member
 
Posts: 14
Joined: January 31st, 2015, 9:48 pm

Re: FileParade + very slow startup and shutdown

Unread postby stephenabyers » February 7th, 2015, 9:04 am

A second file from FRST was generated, Addition.txt, posted here:
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 05-02-2015
Ran by Admin at 2015-02-07 08:00:01
Running from C:\Users\Admin\Desktop
Boot Mode: Normal
==========================================================


==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: AVG AntiVirus Free Edition 2014 (Enabled - Up to date) {0E9420C4-06B3-7FA0-3AB1-6E49CB52ECD9}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: AVG AntiVirus Free Edition 2014 (Enabled - Up to date) {B5F5C120-2089-702E-0001-553BB0D5A664}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

7-Zip 9.22beta (HKLM-x32\...\7-Zip) (Version: - )
Action! (HKLM-x32\...\Mirillis Action!) (Version: 1.21.0 - Mirillis)
Adobe Flash Player 16 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 16.0.0.305 - Adobe Systems Incorporated)
Adobe Flash Player 16 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 16.0.0.305 - Adobe Systems Incorporated)
Adobe Reader X (10.1.12) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AA1000000001}) (Version: 10.1.12 - Adobe Systems Incorporated)
Adobe Shockwave Player 11.6 (HKLM-x32\...\Adobe Shockwave Player) (Version: 11.6.8.638 - Adobe Systems, Inc.)
Amazon MP3 Downloader 1.0.17 (HKLM-x32\...\Amazon MP3 Downloader) (Version: 1.0.17 - Amazon Services LLC)
Apple Application Support (HKLM-x32\...\{83CAF0DE-8D3B-4C37-A631-2B8F16EC3031}) (Version: 3.1 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{BDD99690-3541-4619-9D2A-3CDDB3E15F9E}) (Version: 8.0.5.6 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
Audacity 2.0.5 (HKLM-x32\...\Audacity_is1) (Version: 2.0.5 - Audacity Team)
AVG 2014 (HKLM\...\AVG) (Version: 2014.0.4800 - AVG Technologies)
AVG 2014 (Version: 14.0.4257 - AVG Technologies) Hidden
AVG 2014 (Version: 14.0.4800 - AVG Technologies) Hidden
Blackboard Collaborate Launcher (HKLM-x32\...\{7D82D616-8BD8-4BE3-B19C-C4BC772E8426}) (Version: 1.2.0.0 - Blackboard)
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
CCleaner (HKLM\...\CCleaner) (Version: 4.15 - Piriform)
CyberLink Blu-ray Disc Suite (HKLM-x32\...\InstallShield_{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}) (Version: 6.0.3226 - CyberLink Corp.)
CyberLink LabelPrint (HKLM-x32\...\InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}) (Version: 2.5.1916 - CyberLink Corp.)
CyberLink LG Burning Tool (HKLM-x32\...\InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}) (Version: 6.2.3714 - CyberLink Corp.)
CyberLink MediaShow (HKLM-x32\...\InstallShield_{80E158EA-7181-40FE-A701-301CE6BE64AB}) (Version: 4.1.3402 - CyberLink Corp.)
CyberLink PowerBackup (HKLM-x32\...\{ADD5DB49-72CF-11D8-9D75-000129760D75}) (Version: 2.5.4511 - CyberLink Corp.)
CyberLink PowerDVD 9 (HKLM-x32\...\InstallShield_{A8516AC9-AAF1-47F9-9766-03E2D4CDBCF8}) (Version: 9.0.3815.52 - CyberLink Corp.)
CyberLink PowerProducer (HKLM-x32\...\InstallShield_{B7A0CE06-068E-11D6-97FD-0050BACBF861}) (Version: 5.0.1.1520 - CyberLink Corp.)
CyberLink YouCam (HKLM-x32\...\InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}) (Version: 1.0.2609 - CyberLink Corp.)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
DVD Shrink 3.2 (HKLM-x32\...\DVD Shrink_is1) (Version: - DVD Shrink)
eFax Messenger (HKLM-x32\...\{DF6DA606-904D-4C18-823F-A4CFC3035E53}) (Version: 4.4.1.528 - j2 Global)
Etron USB3.0 Host Controller (HKLM-x32\...\InstallShield_{DFBB738C-71D8-4DC5-B8D2-D65C37680E27}) (Version: 0.95 - Etron Technology)
Etron USB3.0 Host Controller (x32 Version: 0.95 - Etron Technology) Hidden
Exact Audio Copy 1.0beta3 (HKLM-x32\...\Exact Audio Copy) (Version: 1.0beta3 - Andre Wiethoff)
FFmpeg v0.6.2 for Audacity (HKLM-x32\...\FFmpeg for Audacity_is1) (Version: - )
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 40.0.2214.111 - Google Inc.)
Google Drive (HKLM-x32\...\{65EACBB4-B0B8-4A5B-AE46-22DBE15C70B5}) (Version: 1.19.8406.6504 - Google, Inc.)
Google Earth Plug-in (HKLM-x32\...\{4AB54F11-2F8C-11E3-B09F-B8AC6F97B88E}) (Version: 7.1.2.2041 - Google)
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.26.9 - Google Inc.) Hidden
Grade 4 Success (HKLM-x32\...\{B48337F4-01EE-4502-869F-BA75816D367C}) (Version: 0001.0000.0000 - Topics Learning Inc.)
Grade 4 Success (x32 Version: 0001.0000.0000 - Topics Learning Inc.) Hidden
IDrive Version - 6.0 (HKLM-x32\...\IDrive_is1) (Version: 6.0 - Pro Softnet Corp)
Image Data Converter (HKLM-x32\...\{87998E4E-6D9C-411B-AAE9-B8523FFE357D}) (Version: 4.2.02.10112 - Sony Corporation)
Intel(R) Control Center (HKLM-x32\...\{F8A9085D-4C7A-41a9-8A77-C8998A96C421}) (Version: 1.2.1.1007 - Intel Corporation)
Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 7.0.0.1118 - Intel Corporation)
Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 9.17.10.3347 - Intel Corporation)
iTunes (HKLM\...\{2ABBBD91-91E5-4AD7-929A-FE15D1DC0576}) (Version: 12.0.1.26 - Apple Inc.)
Java(TM) SE Development Kit 6 Update 45 (64-bit) (HKLM\...\{64A3A4F4-B792-11D6-A78A-00B0D0160450}) (Version: 1.6.0.450 - Oracle)
JavaFX 2.1.1 (HKLM-x32\...\{1111706F-666A-4037-7777-211328764D10}) (Version: 2.1.1 - Oracle Corporation)
JavaFX 2.2.7 (64-bit) (HKLM\...\{1111706F-666A-4037-7777-227648764D10}) (Version: 2.2.7 - Oracle Corporation)
Junk Mail filter update (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
LAME v3.99.3 (for Windows) (HKLM-x32\...\LAME_is1) (Version: - )
Lexmark Pro800-Pro900 Series (HKLM\...\Lexmark Pro800-Pro900 Series) (Version: - Lexmark International, Inc.)
LightScribe System Software (HKLM-x32\...\{E0E55FC1-C53D-4F8D-B14B-B59C312747C8}) (Version: 1.18.22.2 - LightScribe)
Logitech Harmony Remote Software 7 (HKLM-x32\...\{5C6F884D-680C-448B-B4C9-22296EE1B206}) (Version: 7.7.0.0 - Logitech)
Logitech Media Server 7.7.5 (HKLM-x32\...\Logitech Media Server_is1) (Version: 7.7.5 - Logitech)
Malwarebytes Anti-Malware version 2.0.4.1028 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.4.1028 - Malwarebytes Corporation)
MergeModule_x64 (Version: 8.0.00 - Sony Corporation) Hidden
Microsoft .NET Framework 4.5.2 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.51209 - Microsoft Corporation)
Microsoft Access 2000 SR-1 Runtime (HKLM-x32\...\{004F0409-78E1-11D2-B60F-006097C998E7}) (Version: 9.00.3821 - Microsoft Corporation)
Microsoft Keyboard Layout Creator 1.4 (HKLM-x32\...\{99E66BC9-E4B6-485F-ABFC-31EFCE36DFDF}) (Version: 1.4.6000 - Microsoft Corp.)
Microsoft Mouse and Keyboard Center (HKLM\...\Microsoft Mouse and Keyboard Center) (Version: 2.2.173.0 - Microsoft Corporation)
Microsoft Office 2010 (HKLM-x32\...\{95140000-0070-0000-0000-0000000FF1CE}) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Office Professional Plus 2010 (HKLM-x32\...\Office14.PROPLUSR) (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Movie Maker (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
MSXML 4.0 SP3 Parser (HKLM-x32\...\{196467F1-C11F-4F76-858B-5812ADC83B94}) (Version: 4.30.2100.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (KB2758694) (HKLM-x32\...\{1D95BA90-F4F8-47EC-A882-441C99D30C1E}) (Version: 4.30.2117.0 - Microsoft Corporation)
OpenDNS Updater 2.2.1 (HKLM-x32\...\OpenDNS Updater) (Version: 2.2.1 - )
PlayMemories Home (HKLM-x32\...\{107EF5BF-F806-414F-8A4D-CA73C72EA12E}) (Version: 3.1.01.03120 - Sony Corporation)
QuickTime 7 (HKLM-x32\...\{3D2CBC2C-65D4-4463-87AB-BB2C859C1F3E}) (Version: 7.76.80.95 - Apple Inc.)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.78.1218.2013 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6282 - Realtek Semiconductor Corp.)
Remote Control USB Driver (HKLM-x32\...\{8471021C-F529-43DE-84DF-3612E10F58C4}) (Version: 2.3.2.317 - )
SAMSUNG USB Driver for Mobile Phones (HKLM\...\{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}) (Version: 1.3.550.0 - SAMSUNG Electronics Co., Ltd.)
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM-x32\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{DE28B448-32E8-4E8F-84F0-A52B21A49B5B}) (Version: - Microsoft)
Serviio (HKLM\...\Serviio) (Version: - )
Skype Click to Call (HKLM-x32\...\{B6CF2967-C81E-40C0-9815-C05774FEF120}) (Version: 6.13.13771 - Skype Technologies S.A.)
Skype™ 6.20 (HKLM-x32\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 6.20.104 - Skype Technologies S.A.)
Softsqueeze 3.9b2 (HKLM-x32\...\Softsqueeze 3.9b2) (Version: - Ralph Irving)
SOHLib for PlayMemories Home (Version: 1.0.3.02170 - Sony Corporation) Hidden
Sony RAW Driver (HKLM-x32\...\{166FCF01-AC98-4288-A01C-90BEB808C059}) (Version: 2.0.00.08130 - Sony Corporation)
SqueezePlay 7.8.0r328 (HKLM-x32\...\{09B790E3-21E3-4D1A-8130-AAA9227C9785}_is1) (Version: - Logitech)
swMSM (x32 Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
Tweaking.com - Registry Backup (HKLM-x32\...\Tweaking.com - Registry Backup) (Version: 2.1.0 - Tweaking.com)
Visual Studio 2008 x64 Redistributables (HKLM-x32\...\{FCDBEA60-79F0-4FAE-BBA8-55A26C609A49}) (Version: 10.0.0.2 - AVG Technologies)
Visual Studio 2010 x64 Redistributables (HKLM\...\{21B133D6-5979-47F0-BE1C-F6A6B304693F}) (Version: 13.0.0.1 - AVG Technologies)
Visual Studio 2012 x64 Redistributables (HKLM\...\{8C775E70-A791-4DA8-BCC3-6AB7136F4484}) (Version: 14.0.0.1 - AVG Technologies)
Visual Studio 2012 x86 Redistributables (HKLM-x32\...\{98EFF19A-30AB-4E4B-B943-F06B1C63EBF8}) (Version: 14.0.0.1 - AVG Technologies CZ, s.r.o.)
VLC media player (HKLM-x32\...\VLC media player) (Version: 2.1.5 - VideoLAN)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3528.0331 - Microsoft Corporation)
WinPatrol (HKLM\...\{6A206A04-6BC1-411B-AA04-4E52EDEEADF2}) (Version: 32.0.2014.5 - Ruiware)
ZD Soft Screen Recorder (HKLM-x32\...\{101CC777-634C-42AF-AF95-7A0282ABF247}) (Version: 8.0.1 - ZD Soft)

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)


==================== Restore Points =========================

01-02-2015 20:25:55 Everything seems smooth after running Malwarebytes
04-02-2015 03:00:11 Windows Update
06-02-2015 18:11:49 Removed Java 7 Update 67
06-02-2015 18:13:53 Removed Java 8 Update 25
06-02-2015 18:15:17 Removed Java(TM) 6 Update 45 (64-bit)
06-02-2015 18:21:53 Removed Java(TM) SE Development Kit 6 Update 45 (64-bit)
06-02-2015 18:25:03 Removed Java(TM) SE Development Kit 6 Update 45 (64-bit)

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-13 21:34 - 2015-02-07 07:48 - 00000035 ____A C:\windows\system32\Drivers\etc\hosts

==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

Task: {1668AFC4-5DAD-4611-8F16-7AB15DFBEA39} - System32\Tasks\Adobe Flash Player Updater => C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-02-05] (Adobe Systems Incorporated)
Task: {22B58DCF-BDBD-4034-9455-80F516DC316E} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2014-06-24] (Piriform Ltd)
Task: {24D680F5-43DB-4C02-AF69-1E92CF5984A5} - System32\Tasks\Microsoft_MKC_Logon_Task_ipoint.exe => c:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe [2013-05-13] (Microsoft Corporation)
Task: {38A1D792-9B2B-4C7E-B663-214AD3C8B76B} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-10-22] (Google Inc.)
Task: {3F1DBEA1-6E1C-4B05-9A84-347708454911} - System32\Tasks\Sony Corporation\Sony Home Network Library\SOHLib SOHDms => C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHDms.exe [2014-01-16] (Sony Corporation)
Task: {44A2DD04-70BC-4058-BC13-E1D0A16E379E} - System32\Tasks\Microsoft_Hardware_Launch_mousekeyboardcenter_exe => c:\Program Files\Microsoft Mouse and Keyboard Center\mousekeyboardcenter.exe [2013-05-13] (Microsoft)
Task: {4BCA6F0A-FBEE-4B28-A074-6DB07CC7A471} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-10-22] (Google Inc.)
Task: {5E0795C6-2B39-428C-AEC4-F3F1062EEF93} - System32\Tasks\OfficeSoftwareProtectionPlatform\SvcRestartTask => Sc.exe start osppsvc
Task: {7DD4EC6F-1F04-415B-B4D0-B5D0F1E4C3E6} - System32\Tasks\Adobe online update program => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2014-08-21] (Adobe Systems Incorporated)
Task: {812940A5-E754-4647-8ABD-A2A4C3F2B6D3} - System32\Tasks\Microsoft_Hardware_Launch_itype_exe => c:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe [2013-05-13] (Microsoft Corporation)
Task: {8C426758-98E3-466E-8D8A-D9474427AF1B} - System32\Tasks\Microsoft_Hardware_Launch_devicecenter_exe => c:\Program Files\Microsoft Device Center\devicecenter.exe
Task: {D193D4AF-1E1B-46A4-8F73-7D75033039A4} - System32\Tasks\Java Update Scheduler => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
Task: {D96F3608-319F-4230-946D-DECC71044D17} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {EB219870-D654-4349-8995-372780DC9297} - System32\Tasks\{2D07EA19-DEC6-4E00-AE3D-ECDF29FFFED3} => pcalua.exe -a C:\Users\Stephen\Downloads\softsqueeze_windows_3_9b2.exe -d "C:\Program Files (x86)\Mozilla Firefox"
Task: {F01BE6B2-217A-4BE3-83D3-DC8DD148EB1C} - System32\Tasks\Microsoft_MKC_Logon_Task_itype.exe => c:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe [2013-05-13] (Microsoft Corporation)
Task: {FA4ED309-096F-4A19-A070-94DC82DE95EB} - System32\Tasks\Microsoft_Hardware_Launch_ipoint_exe => c:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe [2013-05-13] (Microsoft Corporation)
Task: C:\windows\Tasks\Adobe Flash Player Updater.job => C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

==================== Loaded Modules (whitelisted) ==============

2013-12-13 19:42 - 2009-11-04 08:17 - 00189440 _____ () C:\windows\system32\spool\PRTPROCS\x64\lxecdrpp.dll
2014-03-20 20:57 - 2014-03-20 20:57 - 00359936 _____ () C:\Program Files\Serviio\bin\ServiioService.exe
2013-09-05 00:17 - 2013-09-05 00:17 - 04300456 _____ () C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Cultures\OFFICE.ODF
2010-10-20 14:23 - 2010-10-20 14:23 - 08801632 _____ () C:\Program Files\Microsoft Office\Office14\1033\GrooveIntlResource.dll
2014-01-09 20:39 - 2013-01-23 13:35 - 00772712 _____ () C:\Program Files (x86)\Lexmark Pro800-Pro900 Series\lxecmon.exe
2014-01-09 20:39 - 2013-01-23 13:35 - 00150264 _____ () C:\Program Files (x86)\Lexmark Pro800-Pro900 Series\ezprint.exe
2011-11-22 16:54 - 2011-01-07 03:57 - 00094208 _____ () C:\Windows\System32\IccLibDll_x64.dll
2015-02-01 20:23 - 2015-01-27 19:18 - 00225280 _____ () C:\Program Files (x86)\IDriveWindows\Sync.dll
2014-10-11 13:06 - 2014-10-11 13:06 - 00073544 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
2014-10-11 13:05 - 2014-10-11 13:05 - 01044776 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
2013-09-05 00:14 - 2013-09-05 00:14 - 04300456 _____ () C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF
2010-10-20 14:45 - 2010-10-20 14:45 - 08801120 _____ () C:\Program Files (x86)\Microsoft Office\Office14\1033\GrooveIntlResource.dll
2014-01-09 20:39 - 2010-04-01 12:23 - 00389120 _____ () C:\Program Files (x86)\Lexmark Pro800-Pro900 Series\lxecscw.dll
2014-01-09 20:39 - 2009-05-27 07:16 - 00192512 _____ () C:\Program Files (x86)\Lexmark Pro800-Pro900 Series\lxecdatr.dll
2014-01-09 20:39 - 2010-04-01 12:24 - 01159168 _____ () C:\Program Files (x86)\Lexmark Pro800-Pro900 Series\lxecDRS.dll
2014-01-09 20:39 - 2009-03-10 00:43 - 00155648 _____ () C:\Program Files (x86)\Lexmark Pro800-Pro900 Series\lxeccaps.dll
2009-02-20 07:48 - 2009-02-20 03:48 - 00381440 _____ () C:\windows\system32\lxecsm.dll
2009-02-20 07:48 - 2009-02-20 03:48 - 00023552 _____ () C:\windows\system32\lxecsmr.dll
2014-01-09 20:39 - 2010-04-05 05:56 - 00716954 _____ () C:\Program Files (x86)\Lexmark Pro800-Pro900 Series\Epwizard.DLL
2014-01-09 20:39 - 2010-04-05 05:55 - 00159890 _____ () C:\Program Files (x86)\Lexmark Pro800-Pro900 Series\customui.dll
2014-01-09 20:39 - 2010-04-05 05:54 - 00123033 _____ () C:\Program Files (x86)\Lexmark Pro800-Pro900 Series\Eputil.DLL
2014-01-09 20:39 - 2010-04-05 05:54 - 00143502 _____ () C:\Program Files (x86)\Lexmark Pro800-Pro900 Series\Imagutil.DLL
2014-01-09 20:39 - 2010-04-05 05:55 - 00061604 _____ () C:\Program Files (x86)\Lexmark Pro800-Pro900 Series\Epfunct.DLL
2014-01-09 20:39 - 2010-04-05 05:56 - 02203803 _____ () C:\Program Files (x86)\Lexmark Pro800-Pro900 Series\EPWizRes.dll
2014-01-09 20:39 - 2010-04-05 05:56 - 00045221 _____ () C:\Program Files (x86)\Lexmark Pro800-Pro900 Series\epstring.dll
2014-01-09 20:39 - 2010-04-05 05:56 - 00094359 _____ () C:\Program Files (x86)\Lexmark Pro800-Pro900 Series\EPOEMDll.dll
2014-01-09 20:39 - 2009-04-07 14:25 - 00409600 _____ () C:\Program Files (x86)\Lexmark Pro800-Pro900 Series\iptk.dll
2014-01-09 20:39 - 2009-03-02 09:25 - 00151552 _____ () C:\Program Files (x86)\Lexmark Pro800-Pro900 Series\lxecptp.dll
2015-02-05 18:53 - 2015-02-04 04:02 - 01117512 _____ () C:\Program Files (x86)\Google\Chrome\Application\40.0.2214.111\libglesv2.dll
2015-02-05 18:53 - 2015-02-04 04:02 - 00211272 _____ () C:\Program Files (x86)\Google\Chrome\Application\40.0.2214.111\libegl.dll
2015-02-07 07:55 - 2015-02-07 07:55 - 00028774 ____R () C:\Users\Admin\AppData\Local\Temp\pdk-Admin-7140\d1e7c33431cd8713f2ce3582829a8b14\Socket.dll
2015-02-07 07:55 - 2015-02-07 07:55 - 00024679 ____R () C:\Users\Admin\AppData\Local\Temp\pdk-Admin-7140\c5cce8d16a1bd48692b421dcf46d3396\Util.dll
2015-02-07 07:55 - 2015-02-07 07:55 - 00032878 ____R () C:\Users\Admin\AppData\Local\Temp\pdk-Admin-7140\7ef0d901bf4203fbcf7a0fff0e82aa5f\Encode.dll
2015-02-07 07:55 - 2015-02-07 07:55 - 00024701 ____R () C:\Users\Admin\AppData\Local\Temp\pdk-Admin-7140\d10c2c06ba2044cccc247c4315f5c7d3\Process.dll
2015-02-07 07:55 - 2015-02-07 07:55 - 00028779 ____R () C:\Users\Admin\AppData\Local\Temp\pdk-Admin-7140\60ff464e01c2cd5526dbdad5a125081d\Dumper.dll
2015-02-07 07:55 - 2015-02-07 07:55 - 00020601 ____R () C:\Users\Admin\AppData\Local\Temp\pdk-Admin-7140\4461f48e31bde5c56b31b973b773de09\List.dll
2015-02-07 07:55 - 2015-02-07 07:55 - 00118918 ____R () C:\Users\Admin\AppData\Local\Temp\pdk-Admin-7140\eaeabd54205de2f10c00aea80bbf0d83\Registry.dll
2015-02-07 07:55 - 2015-02-07 07:55 - 00082048 ____R () C:\Users\Admin\AppData\Local\Temp\pdk-Admin-7140\3a7ccbf8181ee5a145227a6dfce3594c\WinError.dll
2015-02-07 07:55 - 2015-02-07 07:55 - 00020576 ____R () C:\Users\Admin\AppData\Local\Temp\pdk-Admin-7140\31638f63e39b38d3e250a9a57cb9d1c5\Cwd.dll
2015-02-07 07:55 - 2015-02-07 07:55 - 00036964 ____R () C:\Users\Admin\AppData\Local\Temp\pdk-Admin-7140\f233f63b6654362865c7577442edb9e3\Win32.dll
2015-02-07 07:55 - 2015-02-07 07:55 - 00020590 ____R () C:\Users\Admin\AppData\Local\Temp\pdk-Admin-7140\5ffd05b2cbd58528e56519784ca9c869\Hostname.dll
2015-02-07 07:55 - 2015-02-07 07:55 - 00082033 ____R () C:\Users\Admin\AppData\Local\Temp\pdk-Admin-7140\df1ba73f49c38cbbc7a11c779c3506d2\OLE.dll
2015-02-07 07:55 - 2015-02-07 07:55 - 00024676 ____R () C:\Users\Admin\AppData\Local\Temp\pdk-Admin-7140\32785c19dc6898fbbbf06f3b776edd08\Fcntl.dll
2015-02-07 07:55 - 2015-02-07 07:55 - 00061540 ____R () C:\Users\Admin\AppData\Local\Temp\pdk-Admin-7140\e56c61f7248672819579325af3387035\POSIX.dll
2015-02-07 07:55 - 2015-02-07 07:55 - 00094334 ____R () C:\Users\Admin\AppData\Local\Temp\pdk-Admin-7140\eb138ef0e4282611dbf485a302784646\LibYAML.dll
2015-02-07 07:55 - 2015-02-07 07:55 - 00053340 ____R () C:\Users\Admin\AppData\Local\Temp\pdk-Admin-7140\de446fdd1ae335c7d2b9e62bb8cdf765\B.dll
2015-02-07 07:55 - 2015-02-07 07:55 - 00184414 ____R () C:\Users\Admin\AppData\Local\Temp\pdk-Admin-7140\bd5179a413bc0c4b82eedc22c6cab101\re.dll
2015-02-07 07:55 - 2015-02-07 07:55 - 00024701 ____R () C:\Users\Admin\AppData\Local\Temp\pdk-Admin-7140\93e7e3d6030f426844228042348210cf\Service.dll
2015-02-07 07:55 - 2015-02-07 07:55 - 00020576 ____R () C:\Users\Admin\AppData\Local\Temp\pdk-Admin-3876\31638f63e39b38d3e250a9a57cb9d1c5\Cwd.dll
2015-02-07 07:55 - 2015-02-07 07:55 - 00036964 ____R () C:\Users\Admin\AppData\Local\Temp\pdk-Admin-3876\f233f63b6654362865c7577442edb9e3\Win32.dll
2015-02-07 07:55 - 2015-02-07 07:55 - 00024676 ____R () C:\Users\Admin\AppData\Local\Temp\pdk-Admin-3876\32785c19dc6898fbbbf06f3b776edd08\Fcntl.dll
2015-02-07 07:55 - 2015-02-07 07:55 - 00061540 ____R () C:\Users\Admin\AppData\Local\Temp\pdk-Admin-3876\e56c61f7248672819579325af3387035\POSIX.dll
2015-02-07 07:55 - 2015-02-07 07:55 - 00020590 ____R () C:\Users\Admin\AppData\Local\Temp\pdk-Admin-3876\5ffd05b2cbd58528e56519784ca9c869\Hostname.dll
2015-02-07 07:55 - 2015-02-07 07:55 - 00082033 ____R () C:\Users\Admin\AppData\Local\Temp\pdk-Admin-3876\df1ba73f49c38cbbc7a11c779c3506d2\OLE.dll
2015-02-07 07:55 - 2015-02-07 07:55 - 00118918 ____R () C:\Users\Admin\AppData\Local\Temp\pdk-Admin-3876\eaeabd54205de2f10c00aea80bbf0d83\Registry.dll
2015-02-07 07:55 - 2015-02-07 07:55 - 00082048 ____R () C:\Users\Admin\AppData\Local\Temp\pdk-Admin-3876\3a7ccbf8181ee5a145227a6dfce3594c\WinError.dll
2015-02-07 07:55 - 2015-02-07 07:55 - 00028779 ____R () C:\Users\Admin\AppData\Local\Temp\pdk-Admin-3876\60ff464e01c2cd5526dbdad5a125081d\Dumper.dll
2015-02-07 07:55 - 2015-02-07 07:55 - 00020601 ____R () C:\Users\Admin\AppData\Local\Temp\pdk-Admin-3876\4461f48e31bde5c56b31b973b773de09\List.dll
2015-02-07 07:55 - 2015-02-07 07:55 - 00024681 ____R () C:\Users\Admin\AppData\Local\Temp\pdk-Admin-3876\c199d3c1960e7aeeecb599487952bed2\HiRes.dll
2015-02-07 07:55 - 2015-02-07 07:55 - 00090213 ____R () C:\Users\Admin\AppData\Local\Temp\pdk-Admin-3876\961b0d62fa52b1dd29c795a822fbf1cf\DBI.dll
2015-02-07 07:55 - 2015-02-07 07:55 - 00024679 ____R () C:\Users\Admin\AppData\Local\Temp\pdk-Admin-3876\c5cce8d16a1bd48692b421dcf46d3396\Util.dll
2015-02-07 07:55 - 2015-02-07 07:55 - 00077824 ____R () C:\Users\Admin\AppData\Local\Temp\pdk-Admin-3876\7f177c338672436e01c4f0bdbcf94491\EV.dll
2015-02-07 07:55 - 2015-02-07 07:55 - 00138752 ____R () C:\Users\Admin\AppData\Local\Temp\pdk-Admin-3876\44727051c604ef6b79894b64d4c63832\Expat.dll
2015-02-07 07:55 - 2015-02-07 07:55 - 00041080 ____R () C:\Users\Admin\AppData\Local\Temp\pdk-Admin-3876\2b1fc61b36a6711ea149b18bf3b41500\Parser.dll
2015-02-07 07:55 - 2015-02-07 07:55 - 00030720 ____R () C:\Users\Admin\AppData\Local\Temp\pdk-Admin-3876\dacfd0ab9b5fd029ed8d29e4482b0775\XS.dll
2015-02-07 07:55 - 2015-02-07 07:55 - 00020590 ____R () C:\Users\Admin\AppData\Local\Temp\pdk-Admin-3876\fa9e3c814aa32db2ad5f17bdfbc22746\attributes.dll
2015-02-07 07:55 - 2015-02-07 07:55 - 00024694 ____R () C:\Users\Admin\AppData\Local\Temp\pdk-Admin-3876\c344fd5536724b2af2e6453833b60203\SHA1.dll
2015-02-07 07:55 - 2015-02-07 07:55 - 00094334 ____R () C:\Users\Admin\AppData\Local\Temp\pdk-Admin-3876\eb138ef0e4282611dbf485a302784646\LibYAML.dll
2015-02-07 07:55 - 2015-02-07 07:55 - 00053340 ____R () C:\Users\Admin\AppData\Local\Temp\pdk-Admin-3876\de446fdd1ae335c7d2b9e62bb8cdf765\B.dll
2015-02-07 07:55 - 2015-02-07 07:55 - 00184414 ____R () C:\Users\Admin\AppData\Local\Temp\pdk-Admin-3876\bd5179a413bc0c4b82eedc22c6cab101\re.dll
2015-02-07 07:55 - 2015-02-07 07:55 - 00020592 ____R () C:\Users\Admin\AppData\Local\Temp\pdk-Admin-3876\b979ace6da01e63d651cce9ee2474fdc\Name.dll
2015-02-07 07:55 - 2015-02-07 07:55 - 00028774 ____R () C:\Users\Admin\AppData\Local\Temp\pdk-Admin-3876\d1e7c33431cd8713f2ce3582829a8b14\Socket.dll
2015-02-07 07:55 - 2015-02-07 07:55 - 00182272 ____R () C:\Users\Admin\AppData\Local\Temp\pdk-Admin-3876\d0bf009923f29116535c26d228271d6d\Scan.dll
2015-02-07 07:55 - 2015-02-07 07:55 - 00024672 ____R () C:\Users\Admin\AppData\Local\Temp\pdk-Admin-3876\17d0b152e63e6bfe81b4b19588538896\mro.dll
2015-02-07 07:55 - 2015-02-07 07:55 - 00020596 ____R () C:\Users\Admin\AppData\Local\Temp\pdk-Admin-3876\3b7106dd14676048b10bbb09a990f74c\XS.dll
2015-02-07 07:55 - 2015-02-07 07:55 - 00032878 ____R () C:\Users\Admin\AppData\Local\Temp\pdk-Admin-3876\7ef0d901bf4203fbcf7a0fff0e82aa5f\Encode.dll
2015-02-07 07:55 - 2015-02-07 07:55 - 00024695 ____R () C:\Users\Admin\AppData\Local\Temp\pdk-Admin-3876\cf5fe81e2f5dcbfecfd0495e1648c991\Unicode.dll
2015-02-07 07:55 - 2015-02-07 07:55 - 00024670 ____R () C:\Users\Admin\AppData\Local\Temp\pdk-Admin-3876\3a8764e0d7c5d453e01d9ad08cf7fb58\IO.dll
2015-02-07 07:55 - 2015-02-07 07:55 - 00361472 ____R () C:\Users\Admin\AppData\Local\Temp\pdk-Admin-3876\aff7ee779ea184f884ed432c30a58f5d\Scale.dll
2015-02-07 07:55 - 2015-02-07 07:55 - 00024701 ____R () C:\Users\Admin\AppData\Local\Temp\pdk-Admin-3876\d10c2c06ba2044cccc247c4315f5c7d3\Process.dll
2015-02-07 07:55 - 2015-02-07 07:55 - 00061546 ____R () C:\Users\Admin\AppData\Local\Temp\pdk-Admin-3876\4f2c03383aab0133b8dc0a3fa2dd92fa\Storable.dll
2015-02-07 07:55 - 2015-02-07 07:55 - 00110705 ____R () C:\Users\Admin\AppData\Local\Temp\pdk-Admin-3876\7f2598c08178217a0e2c754f3d568f28\Byte.dll
2015-02-07 07:55 - 2015-02-07 07:55 - 00024679 ____R () C:\Users\Admin\AppData\Local\Temp\pdk-Admin-3876\c19d5e3dc664d9f4ce700001e2621cee\MD5.dll
2015-02-07 07:55 - 2015-02-07 07:55 - 00608256 ____R () C:\Users\Admin\AppData\Local\Temp\pdk-Admin-3876\e2e81dd6b3e5a36f0bdae076393cc11d\SQLite.dll
2015-02-07 07:55 - 2015-02-07 07:55 - 00001024 ____R () C:\Users\Admin\AppData\Local\Temp\pdk-Admin-3876\e2e81dd6b3e5a36f0bdae076393cc11d\icudt46.dll
2015-02-07 07:55 - 2015-02-07 07:55 - 00020596 ____R () C:\Users\Admin\AppData\Local\Temp\pdk-Admin-3876\d1c77e404b5c4b954fa537ed63c8fb7b\File.dll
2015-02-07 07:55 - 2015-02-07 07:55 - 00030208 ____R () C:\Users\Admin\AppData\Local\Temp\pdk-Admin-3876\0665c25e931c1ac0151b062449e91028\XSAccessor.dll
2015-02-07 07:55 - 2015-02-07 07:55 - 00020587 ____R () C:\Users\Admin\AppData\Local\Temp\pdk-Admin-3876\c668a322917d32a5ea22894518aa9897\Base64.dll
2015-02-07 07:55 - 2015-02-07 07:55 - 04547584 ____R () C:\Users\Admin\AppData\Local\Temp\pdk-Admin-3876\38a10ee333cf1a9afec3f0acdf1bbebc\Scan.dll
2015-02-07 07:55 - 2015-02-07 07:55 - 00017920 ____R () C:\Users\Admin\AppData\Local\Temp\pdk-Admin-3876\8fedeb86a4a984edfc1fb255d4ea965c\XS.dll
2015-02-07 07:55 - 2015-02-07 07:55 - 00061547 ____R () C:\Users\Admin\AppData\Local\Temp\pdk-Admin-3876\bc147d83c7c868eeee67082dcf55430c\File.dll
2015-02-07 07:55 - 2015-02-07 07:55 - 00032881 ____R () C:\Users\Admin\AppData\Local\Temp\pdk-Admin-3876\b6bd87c968599725b8ab2e5c25d3046a\API.dll
2015-02-07 07:55 - 2015-02-07 07:55 - 00098415 ____R () C:\Users\Admin\AppData\Local\Temp\pdk-Admin-3876\19febd96672ffdb7ea244cef36aaa062\Zlib.dll
2015-02-07 07:55 - 2015-02-07 07:55 - 00020584 ____R () C:\Users\Admin\AppData\Local\Temp\pdk-Admin-3876\b85a62b790c857e778d07594fda14f0d\Peek.dll
2015-02-05 18:53 - 2015-02-04 04:02 - 09170760 _____ () C:\Program Files (x86)\Google\Chrome\Application\40.0.2214.111\pdf.dll

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)


==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)


==================== EXE Association (whitelisted) ===============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)


==================== Other Registry Areas =====================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-4008453203-116359934-4206298802-1003\Control Panel\Desktop\\Wallpaper -> C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)

MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^ImageBrowser EX Agent.lnk => C:\windows\pss\ImageBrowser EX Agent.lnk.CommonStartup
MSCONFIG\startupreg: ApnTBMon => "C:\Program Files (x86)\AskPartnerNetwork\Toolbar\Updater\TBNotifier.exe"
MSCONFIG\startupreg: BDRegion => C:\Program Files (x86)\Cyberlink\Shared files\brs.exe
MSCONFIG\startupreg: CLMLServer => "C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe"
MSCONFIG\startupreg: MDS_Menu => "C:\Program Files (x86)\CyberLink\MediaShow4\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\MediaShow4" UpdateWithCreateOnce "Software\CyberLink\MediaShow\4.1"
MSCONFIG\startupreg: PMBVolumeWatcher => C:\Program Files (x86)\Sony\PlayMemories Home\PMBVolumeWatcher.exe
MSCONFIG\startupreg: RemoteControl9 => "C:\Program Files (x86)\CyberLink\PowerDVD9\PDVD9Serv.exe"
MSCONFIG\startupreg: SDTray => "C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe"
MSCONFIG\startupreg: Skype => "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun
MSCONFIG\startupreg: Spybot-S&D Cleaning => "C:\Program Files (x86)\Spybot - Search & Destroy 2\SDCleaner.exe" /autoclean
MSCONFIG\startupreg: UCam_Menu => "C:\Program Files (x86)\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\YouCam" UpdateWithCreateOnce "Software\CyberLink\YouCam\1.0"
MSCONFIG\startupreg: UpdateLBPShortCut => "C:\Program Files (x86)\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\LabelPrint" UpdateWithCreateOnce "Software\CyberLink\LabelPrint\2.5"
MSCONFIG\startupreg: UpdateP2GoShortCut => "C:\Program Files (x86)\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\Power2Go" UpdateWithCreateOnce "SOFTWARE\CyberLink\Power2Go\6.0"
MSCONFIG\startupreg: UpdatePPShortCut => "C:\Program Files (x86)\CyberLink\PowerProducer\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\PowerProducer" UpdateWithCreateOnce "Software\CyberLink\PowerProducer\5.0"
MSCONFIG\startupreg: UpdatePSTShortCut => "C:\Program Files (x86)\CyberLink\Blu-ray Disc Suite\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\Blu-ray Disc Suite" UpdateWithCreateOnce "Software\CyberLink\PowerStarter"

==================== Accounts: =============================

Admin (S-1-5-21-4008453203-116359934-4206298802-1003 - Administrator - Enabled) => C:\Users\Admin
Administrator (S-1-5-21-4008453203-116359934-4206298802-500 - Administrator - Disabled)
Guest (S-1-5-21-4008453203-116359934-4206298802-501 - Limited - Enabled)
HomeGroupUser$ (S-1-5-21-4008453203-116359934-4206298802-1002 - Limited - Enabled)
Stephen (S-1-5-21-4008453203-116359934-4206298802-1001 - Limited - Enabled) => C:\Users\Stephen

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (02/07/2015 07:54:15 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (02/06/2015 06:58:14 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (02/06/2015 06:49:20 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (02/06/2015 06:20:47 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (02/06/2015 11:06:36 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 15038

Error: (02/06/2015 11:06:36 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 15038

Error: (02/06/2015 11:06:36 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (02/06/2015 11:06:35 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 14040

Error: (02/06/2015 11:06:35 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 14040

Error: (02/06/2015 11:06:35 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second


System errors:
=============
Error: (02/07/2015 07:46:13 AM) (Source: DCOM) (EventID: 10010) (User: )
Description: {078AEF33-C48A-49F7-AFF3-A0EE810BFE7C}

Error: (02/06/2015 06:46:22 PM) (Source: Service Control Manager) (EventID: 7032) (User: )
Description: The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the Windows Live ID Sign-in Assistant service, but this action failed with the following error:
%%1056

Error: (02/06/2015 06:46:12 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The Intel(R) Management and Security Application User Notification Service service terminated unexpectedly. It has done this 1 time(s).

Error: (02/06/2015 06:46:12 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Windows Media Player Network Sharing Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 30000 milliseconds: Restart the service.

Error: (02/06/2015 06:46:12 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The VAIO Entertainment Common Service service terminated unexpectedly. It has done this 1 time(s).

Error: (02/06/2015 06:46:12 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Windows Search service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 30000 milliseconds: Restart the service.

Error: (02/06/2015 06:46:12 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The iPod Service service terminated unexpectedly. It has done this 1 time(s).

Error: (02/06/2015 06:46:12 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The Sony Digital Media Server service terminated unexpectedly. It has done this 1 time(s).

Error: (02/06/2015 06:46:12 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Windows Live ID Sign-in Assistant service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 10000 milliseconds: Restart the service.

Error: (02/06/2015 06:46:12 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The Serviio service terminated unexpectedly. It has done this 1 time(s).


Microsoft Office Sessions:
=========================
Error: (02/07/2015 07:54:15 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (02/06/2015 06:58:14 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (02/06/2015 06:49:20 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (02/06/2015 06:20:47 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (02/06/2015 11:06:36 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 15038

Error: (02/06/2015 11:06:36 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 15038

Error: (02/06/2015 11:06:36 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (02/06/2015 11:06:35 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 14040

Error: (02/06/2015 11:06:35 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 14040

Error: (02/06/2015 11:06:35 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second


==================== Memory info ===========================

Processor: Intel(R) Core(TM) i7-2600 CPU @ 3.40GHz
Percentage of memory in use: 23%
Total physical RAM: 16301.12 MB
Available physical RAM: 12435.4 MB
Total Pagefile: 32600.42 MB
Available Pagefile: 28868.2 MB
Total Virtual: 8192 MB
Available Virtual: 8191.84 MB

==================== Drives ================================

Drive c: (OS) (Fixed) (Total:1862.92 GB) (Free:1332.18 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 1863 GB) (Disk ID: 2BD2C32A)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=1862.9 GB) - (Type=07 NTFS)

==================== End Of Log ============================
stephenabyers
Active Member
 
Posts: 14
Joined: January 31st, 2015, 9:48 pm
Advertisement
Register to Remove

Next

  • Similar Topics
    Replies
    Views
    Last post

Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: No registered users and 45 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware