Browsers Crash, Executable files stall or crash

Good day, RE: Toshiba Satellite laptop 15" A305-S6841, Vista SP 2, 3GB Ram

My browsers crash, (Chrome, Firefox, Opera) and executables either stall or crash.

It appears to coincide after adding HTTPS Everywhere & uBlock / AdBlock extensions to Chrome, Firefox & Opera. I say that because I had also installed / activated them on my ASUS desktop & Acer netbook at the same time, and they are experiencing the same problems.

I have since removed all plugins, extensions and reset my browsers. Tried to run Panda & ESET online scanners but both stall or crash.

thanks for your assistance…

Below are the logs from FRST and MBR:

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 12-11-2016
Ran by psimoes (administrator) on PS-TOSHIBA (14-11-2016 11:34:48)
Running from C:\Users\psimoes\Desktop
Loaded Profiles: psimoes (Available Profiles: psimoes & Guest)
Platform: Microsoft® Windows Vista™ Home Premium Service Pack 2 (X86) Language: English (United States)
Internet Explorer Version 8 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic...ery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(AuthenTec Inc.) C:\Windows\System32\TAMSvr.exe
(ATI Technologies Inc.) C:\Windows\System32\Ati2evxx.exe
(Microsoft Corporation) C:\Windows\System32\SLsvc.exe
(ATI Technologies Inc.) C:\Windows\System32\Ati2evxx.exe
(Emsisoft GmbH) C:\Program Files\Online Armor\OAcat.exe
(Emsisoft GmbH) C:\Program Files\Online Armor\OAsrv.exe
(Affinegy, Inc.) C:\Program Files\Belkin\Router Setup and Monitor\BelkinService.exe
(Agere Systems) C:\Windows\System32\agrsmsvc.exe
(AOMEI Tech Co., Ltd.) C:\Program Files\AOMEI Backupper Standard Edition 2.0.2\ABService.exe
() C:\Program Files\Belkin\Belkin USB Print and Storage Center\BkBackupScheduler.exe
() C:\Program Files\Belkin\Belkin USB Print and Storage Center\Bkapcs.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(TOSHIBA CORPORATION) C:\Program Files\Toshiba\ConfigFree\CFSvcs.exe
(Microsoft Corporation) C:\Windows\ehome\ehrecvr.exe
(Microsoft Corporation) C:\Windows\ehome\ehsched.exe
(Intel Corporation) C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
(Panda Security, S.L.) C:\Program Files\Panda Security\Panda Security Protection\PSANHost.exe
(Panda Security, S.L.) C:\Program Files\Panda Security\Panda Devices Agent\AgentSvc.exe
() C:\Program Files\HTC\Internet Pass-Through\PassThruSvr.exe
() C:\Toshiba\IVP\ISM\pinger.exe
(Panda Security, S.L.) C:\Program Files\Panda Security\Panda Security Protection\PSUAService.exe
(Intel Corporation) C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
() C:\Toshiba\IVP\swupdate\swupdtmr.exe
(TOSHIBA Corporation) C:\Program Files\Toshiba\TOSHIBA DVD PLAYER\TNaviSrv.exe
(TOSHIBA Corporation) C:\Program Files\Toshiba\Power Saver\TosCoSrv.exe
(TOSHIBA CORPORATION) C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe
(TOSHIBA Corporation) C:\Program Files\Toshiba\SMARTLogService\TosIPCSrv.exe
(Microsoft Corporation) C:\Windows\System32\UI0Detect.exe
(Ulead Systems, Inc.) C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
(Microsoft Corp.) C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE
(Microsoft Corp.) C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE
(Realtek Semiconductor) C:\Windows\RtHDVCpl.exe
(Advanced Micro Devices Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(AuthenTec, Inc) C:\Program Files\TrueSuite Access Manager\FpNotifier.exe
(Arachnoid Biometrics Identification Group) C:\Program Files\TrueSuite Access Manager\PwdBank.exe
(Synaptics, Inc.) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(TOSHIBA CORPORATION) C:\Program Files\Toshiba\ConfigFree\NDSTray.exe
(Emsisoft GmbH) C:\Program Files\Online Armor\OAui.exe
() C:\Program Files\TrueSuite Access Manager\usbnotify.exe
(Affinegy, Inc.) C:\Program Files\Belkin\Router Setup and Monitor\BelkinRouterMonitor.exe
(Panda Security, S.L.) C:\Program Files\Panda Security\Panda Security Protection\PSUAMain.exe
(Visicom Media Inc.) C:\Program Files\Panda Security URL Filtering\Panda_URL_Filtering.exe
() C:\Program Files\Toshiba\TOSCDSPD\TOSCDSPD.exe
(Emsisoft GmbH) C:\Program Files\Online Armor\OAhlp.exe
(Arachnoid Biometrics Identification Group Corp.) C:\Program Files\TrueSuite Access Manager\CssSvr.exe
(Piriform Ltd) C:\Program Files\CCleaner\CCleaner.exe
(TOSHIBA CORPORATION) C:\Program Files\Toshiba\ConfigFree\CFSwMgr.exe
(Belkin International, Inc.) C:\Program Files\Belkin\Belkin USB Print and Storage Center\Connect.exe
(Affinegy, Inc.) C:\Program Files\Belkin\Router Setup and Monitor\BelkinSetup.exe
(Affinegy, Inc.) C:\Program Files\Belkin\Router Setup and Monitor\dlnaPlugin.exe
(ATI Technologies Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(Synaptics, Inc.) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Microsoft Corporation) C:\Windows\System32\wuauclt.exe
(Crystal Dew World) C:\Users\psimoes\Desktop\AntiV\CrystalDiskInfo6_2_ 2\DiskInfo.exe

==================== Registry (Whitelisted) ====================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM...\Run: [StartCCC] => C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [90112 2006-11-10] ()
HKLM...\Run: [RtHDVCpl] => C:\Windows\RtHDVCpl.exe [4911104 2008-01-29] (Realtek Semiconductor)
HKLM...\Run: [Camera Assistant Software] => C:\Program Files\Camera Assistant Software for Toshiba\traybar.exe [413696 2007-10-25] (Chicony)
HKLM...\Run: [FingerPrintNotifer] => C:\Program Files\TrueSuite Access Manager\FpNotifier.exe [671744 2008-01-24] (AuthenTec, Inc)
HKLM...\Run: [PwdBank] => C:\Program Files\TrueSuite Access Manager\PwdBank.exe [3150848 2008-02-01] (Arachnoid Biometrics Identification Group)
HKLM...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [1348904 2008-08-14] (Synaptics, Inc.)
HKLM...\Run: [NDSTray.exe] => NDSTray.exe
HKLM...\Run: [@OnlineArmor GUI] => C:\Program Files\Online Armor\OAui.exe [7558464 2013-10-15] (Emsisoft GmbH)
HKLM...\Run: [UsbMonitor] => C:\Program Files\TrueSuite Access Manager\usbnotify.exe [94208 2007-06-05] ()
HKLM...\Run: [InstaLAN] => C:\Program Files\Belkin\Router Setup and Monitor\BelkinRouterMonitor.exe [1885088 2012-02-23] (Affinegy, Inc.)
HKLM...\Run: [SunJavaUpdateSched] => C:\Program Files\Common Files\Java\Java Update\jusched.exe [256896 2014-07-25] (Oracle Corporation)
HKLM...\Run: [PSUAMain] => C:\Program Files\Panda Security\Panda Security Protection\PSUAMain.exe [109824 2016-08-04] (Panda Security, S.L.)
HKLM...\Run: [Panda Security URL Filtering] => C:\Program Files\Panda Security URL Filtering\Panda_URL_Filtering.exe [254472 2015-11-06] (Visicom Media Inc.)
HKLM...\Policies\Explorer: [EnableShellExecuteHooks] 1
HKU\S-1-5-21-3399307451-3074549587-1771456082-1000...\Run: [TOSCDSPD] => C:\Program Files\TOSHIBA\TOSCDSPD\TOSCDSPD.exe [430080 2008-01-29] ()
HKU\S-1-5-21-3399307451-3074549587-1771456082-1000...\Run: [swg] => C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNo tifier.exe [39408 2009-02-16] (Google Inc.)
HKU\S-1-5-21-3399307451-3074549587-1771456082-1000...\Run: [cdloader] => C:\Users\psimoes\AppData\Roaming\mjusbsp\cdloader2 .exe [51592 2014-07-04] (magicJack L.P.)
HKU\S-1-5-21-3399307451-3074549587-1771456082-1000...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner.exe [6495144 2015-09-16] (Piriform Ltd)
HKU\S-1-5-21-3399307451-3074549587-1771456082-1000...\Run: [Adobe Reader Synchronizer] => C:\Program Files\Adobe\Reader 10.0\Reader\AdobeCollabSync.exe [1104288 2015-09-24] (Adobe Systems Incorporated)
HKU\S-1-5-21-3399307451-3074549587-1771456082-1000...\Policies\system: [LogonHoursAction] 2
HKU\S-1-5-21-3399307451-3074549587-1771456082-1000...\Policies\system: [DontDisplayLogonHoursWarnings] 1
HKU\S-1-5-18...\Policies\system: [LogonHoursAction] 2
HKU\S-1-5-18...\Policies\system: [DontDisplayLogonHoursWarnings] 1
ShellExecuteHooks: - {AEB6717E-7E19-11d0-97EE-00C04FD91972} - No File
ShellExecuteHooks: OA Shell Helper - {4F07DA45-8170-4859-9B5F-037EF2970034} - C:\Program Files\Online Armor\oaevent.dll [1033968 2013-10-15] (Emsisoft GmbH)
ShellIconOverlayIdentifiers: [00avast] → {472083B0-C522-11CF-8763-00608CC02F24} => No File
ShellIconOverlayIdentifiers: [IconOvrly1] → {A4EEBF66-92EB-4F2A-9F1E-2F6D14B30DA6} => C:\Program Files\TrueSuite Access Manager\IconOvrly.dll [2007-04-20] (Arachnoid Biometrics Identification Group Corp.)
GroupPolicy: Restriction ? <======= ATTENTION
GroupPolicy\User: Restriction ? <======= ATTENTION
CHR HKU\S-1-5-21-3399307451-3074549587-1771456082-1000\SOFTWARE\Policies\Google: Restriction <======= ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Winsock: Catalog5 07 C:\Program Files\Bonjour\mdnsNSP.dll [152864 2010-07-27] (Apple Inc.)
Tcpip\Parameters: [DhcpNameServer] 192.168.2.1
Tcpip..\Interfaces{1D540E3C-1399-47A6-BADF-78CB0BFC08EB}: [NameServer] 208.67.222.222,208.67.220.220
Tcpip..\Interfaces{1D540E3C-1399-47A6-BADF-78CB0BFC08EB}: [DhcpNameServer] 192.168.2.1
Tcpip..\Interfaces{3B2222F8-C9A7-46A7-97F5-F8C4C87BF2CD}: [DhcpNameServer] 192.168.2.1
[HEADING=1]Internet Explorer:[/HEADING]
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKU\S-1-5-21-3399307451-3074549587-1771456082-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
HKU.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
HKU\S-1-5-21-3399307451-3074549587-1771456082-1000\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\S-1-5-21-3399307451-3074549587-1771456082-1000\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
URLSearchHook: [S-1-5-21-3399307451-3074549587-1771456082-1000] ATTENTION => Default URLSearchHook is missing
URLSearchHook: HKU\S-1-5-21-3399307451-3074549587-1771456082-1000 - Panda Safe Web - {B821BF60-5C2D-41EB-92DC-3E4CCD3A22E4} - C:\Program Files\pandasecuritytb\pandasecurityDx.dll ()
SearchScopes: HKU\S-1-5-19 → DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 → DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
BHO: SnagIt Toolbar Loader → {00C6482D-C502-44C8-8409-FCE54AD9C208} → C:\Program Files\TechSmith\SnagIt 9\SnagItBHO.dll [2008-05-15] (TechSmith Corporation)
BHO: Groove GFS Browser Helper → {72853161-30C5-4D22-B7F9-0BBC1D38A37E} → C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll [2006-10-27] (Microsoft Corporation)
BHO: Java™ Plug-In SSV Helper → {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} → C:\Program Files\Java\jre7\bin\ssv.dll [2014-07-25] (Oracle Corporation)
BHO: Windows Live ID Sign-in Helper → {9030D464-4C02-4ABF-8ECC-5164760863C6} → C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2011-03-28] (Microsoft Corp.)
BHO: Google Toolbar Helper → {AA58ED58-01DD-4d91-8333-CF10577473F7} → C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll [2016-04-26] (Google Inc.)
BHO: Panda Safe Web → {B821BF60-5C2D-41EB-92DC-3E4CCD3A22E4} → C:\Program Files\pandasecuritytb\pandasecurityDx.dll [2016-07-27] ()
BHO: Java™ Plug-In 2 SSV Helper → {DBC80044-A445-435b-BC74-9C25C1C588A9} → C:\Program Files\Java\jre7\bin\jp2ssv.dll [2014-07-25] (Oracle Corporation)
Toolbar: HKLM - SnagIt - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - C:\Program Files\TechSmith\SnagIt 9\SnagItIEAddin.dll [2008-05-15] (TechSmith Corporation)
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll [2016-04-26] (Google Inc.)
Toolbar: HKLM - Panda Safe Web - {B821BF60-5C2D-41EB-92DC-3E4CCD3A22E4} - C:\Program Files\pandasecuritytb\pandasecurityDx.dll [2016-07-27] ()
Toolbar: HKU\S-1-5-21-3399307451-3074549587-1771456082-1000 → Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll [2016-04-26] (Google Inc.)
DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} hxxp://download.eset.com/special/eos/OnlineScanner.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab
DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C}
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll [2006-10-27] (Microsoft Corporation)
Handler: ms-itss - {0A9007C0-4076-11D3-8789-0000F8105754} - c:\Program Files\Common Files\Microsoft Shared\Information Retrieval\msitss.dll [2007-06-08] (Microsoft Corporation)
[HEADING=1]FireFox:[/HEADING]
FF ProfilePath: C:\Users\psimoes\AppData\Roaming\Mozilla\Firefox\P rofiles\9yk1vrhk.default [2016-11-14]
FF Extension: (Firefox Hotfix) - C:\Users\psimoes\AppData\Roaming\Mozilla\Firefox\P rofiles\9yk1vrhk.default\Extensions\firefox-hotfix@mozilla.org.xpi [2016-09-06]
FF Extension: (Panda Security Toolbar) - C:\Users\psimoes\AppData\Roaming\Mozilla\Firefox\P rofiles\9yk1vrhk.default\Extensions{B821BF60-5C2D-41EB-92DC-3E4CCD3A22E4}.xpi [2016-04-26]
FF SearchPlugin: C:\Users\psimoes\AppData\Roaming\Mozilla\Firefox\P rofiles\9yk1vrhk.default\searchplugins\yahoo-avast.xml [2014-06-17]
FF Plugin: @adobe.com/FlashPlayer → C:\Windows\system32\Macromed\Flash\NPSWF32_23_0_0_ 207.dll [2016-11-08] ()
FF Plugin: @Apple.com/iTunes,version=1.0 → C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll [2010-12-09] ()
FF Plugin: @google.com/npPicasa3,version=3.0.0 → C:\Program Files\Google\Picasa3\npPicasa3.dll [2014-01-06] (Google, Inc.)
FF Plugin: @java.com/DTPlugin,version=10.67.2 → C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll [2014-07-25] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.67.2 → C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll [2014-07-25] (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 → C:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll [2013-01-24] ( Microsoft Corporation)
FF Plugin: @microsoft.com/WPF,version=3.5 → C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll [2008-07-29] (Microsoft Corporation)
FF Plugin: @tools.google.com/Google Update;version=3 → C:\Program Files\Google\Update\1.3.31.5\npGoogleUpdate3.dll [2016-07-28] (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 → C:\Program Files\Google\Update\1.3.31.5\npGoogleUpdate3.dll [2016-07-28] (Google Inc.)
FF Plugin: Adobe Reader → C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll [2015-09-24] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-3399307451-3074549587-1771456082-1000: @citrixonline.com/appdetectorplugin → C:\Users\psimoes\AppData\Local\Citrix\Plugins\104\ npappdetector.dll [2015-11-19] (Citrix Online)
FF Plugin HKU\S-1-5-21-3399307451-3074549587-1771456082-1000: @Skype Limited.com/Facebook Video Calling Plugin → C:\Users\psimoes\AppData\Local\Facebook\Video\Skyp e\npFacebookVideoCalling.dll [2014-07-24] (Skype Limited)
FF Plugin HKU\S-1-5-21-3399307451-3074549587-1771456082-1000: @talk.google.com/GoogleTalkPlugin → C:\Users\psimoes\AppData\Roaming\Mozilla\plugins\n pgoogletalk.dll [2015-12-08] (Google)
FF Plugin HKU\S-1-5-21-3399307451-3074549587-1771456082-1000: @talk.google.com/O1DPlugin → C:\Users\psimoes\AppData\Roaming\Mozilla\plugins\n po1d.dll [2015-12-08] (Google)
FF Plugin HKU\S-1-5-21-3399307451-3074549587-1771456082-1000: @tools.google.com/Google Update;version=3 → C:\Users\psimoes\AppData\Local\Google\Update\1.3.3 1.5\npGoogleUpdate3.dll [2016-07-28] (Google Inc.)
FF Plugin HKU\S-1-5-21-3399307451-3074549587-1771456082-1000: @tools.google.com/Google Update;version=9 → C:\Users\psimoes\AppData\Local\Google\Update\1.3.3 1.5\npGoogleUpdate3.dll [2016-07-28] (Google Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nppdf32.dll [2015-09-24] (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Users\psimoes\AppData\Roaming\mozilla\plugins\n patgpc.dll [2013-07-13] (Cisco WebEx LLC)
FF Plugin ProgramFiles/Appdata: C:\Users\psimoes\AppData\Roaming\mozilla\plugins\n pgoogletalk.dll [2015-12-08] (Google)
FF Plugin ProgramFiles/Appdata: C:\Users\psimoes\AppData\Roaming\mozilla\plugins\n po1d.dll [2015-12-08] (Google)
[HEADING=1]Chrome:[/HEADING]
CHR HomePage: Default → hxxps://www.google.com/accounts/ServiceLogin?service=mail&passive=true&rm=false&co ntinue=http%3A%2F%2Fmail.google.com%2Fmail%2F%3Fui %3Dhtml%26zy%3Dl&bsv=1k96igf4806cy&scc=1&ltmpl=def ault&ltmplcache=2&hl=en
CHR StartupUrls: Default → “hxxps://www.startpage.com/”
CHR Profile: C:\Users\psimoes\AppData\Local\Google\Chrome\User Data\Default [2016-11-14]
CHR Extension: (Google Slides) - C:\Users\psimoes\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhon fmgoek [2015-09-09]
CHR Extension: (Google Docs) - C:\Users\psimoes\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfi lokake [2015-09-09]
CHR Extension: (Google Drive) - C:\Users\psimoes\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigk jlhalf [2015-10-21]
CHR Extension: (TV) - C:\Users\psimoes\AppData\Local\Google\Chrome\User Data\Default\Extensions\beobeededemalmllhkmnkinmfe mbdimh [2015-09-09]
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\psimoes\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmn hjmhfn [2015-09-09]
CHR Extension: (YouTube) - C:\Users\psimoes\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldk acnbeo [2015-09-24]
CHR Extension: (StartPage Search Engine) - C:\Users\psimoes\AppData\Local\Google\Chrome\User Data\Default\Extensions\choepknhbopmendmnohbaemeae emnaom [2016-11-10]
CHR Extension: (Thesaurus.com - Synonyms and Antonyms) - C:\Users\psimoes\AppData\Local\Google\Chrome\User Data\Default\Extensions\clljlcapeomdokpgadmegpabak ieebci [2015-09-09]
CHR Extension: (Google Search) - C:\Users\psimoes\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljnie djpjpf [2015-10-27]
CHR Extension: (Learn Italian - Molto Bene) - C:\Users\psimoes\AppData\Local\Google\Chrome\User Data\Default\Extensions\dadgddaepklpemjojmnhgdjmmk mefihe [2015-09-09]
CHR Extension: (Trading Dashboard to Fructify your Money) - C:\Users\psimoes\AppData\Local\Google\Chrome\User Data\Default\Extensions\egfjlnahigndmbebpdhnnkcfna hhhglp [2015-09-09]
CHR Extension: (Zoho Invoice and Time Tracking) - C:\Users\psimoes\AppData\Local\Google\Chrome\User Data\Default\Extensions\ehmnelfmlmpladgddfgghoaigj hfkhdj [2015-09-09]
CHR Extension: (Google Sheets) - C:\Users\psimoes\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpeb giejap [2015-09-09]
CHR Extension: (Google Docs Offline) - C:\Users\psimoes\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdl olhkhi [2016-03-15]
CHR Extension: (Save to Google Drive) - C:\Users\psimoes\AppData\Local\Google\Chrome\User Data\Default\Extensions\gmbmikajjgmnabiglmofipeaba ddhgne [2015-09-09]
CHR Extension: (Send Anywhere (File Transfer)) - C:\Users\psimoes\AppData\Local\Google\Chrome\User Data\Default\Extensions\hihbikoooaenkpdooehgemieli gjejcb [2016-11-10]
CHR Extension: (Learn Portuguese - Tudo Bem) - C:\Users\psimoes\AppData\Local\Google\Chrome\User Data\Default\Extensions\iaichpenkdlohcjgagagapnegb jmfnfh [2015-09-09]
CHR Extension: (Mailvelope) - C:\Users\psimoes\AppData\Local\Google\Chrome\User Data\Default\Extensions\kajibbejlbohfaggdiogboambc ijhkke [2016-09-08]
CHR Extension: (HelloSign: Online signatures made easy) - C:\Users\psimoes\AppData\Local\Google\Chrome\User Data\Default\Extensions\kajjckmbclbffbpecfbiecehkf gopppd [2015-09-09]
CHR Extension: (Yesware Reports) - C:\Users\psimoes\AppData\Local\Google\Chrome\User Data\Default\Extensions\kiciehannidbjakcefendokamk jnolhg [2015-09-09]
CHR Extension: (Boomerang for Gmail) - C:\Users\psimoes\AppData\Local\Google\Chrome\User Data\Default\Extensions\mdanidgdpmkimeiiojknlnekbl gmpdll [2016-05-23]
CHR Extension: (Vend) - C:\Users\psimoes\AppData\Local\Google\Chrome\User Data\Default\Extensions\meddmiakkfjlledfhjljjjdeba jikafa [2015-09-09]
CHR Extension: (Mailtrack for Gmail) - C:\Users\psimoes\AppData\Local\Google\Chrome\User Data\Default\Extensions\ndnaehgpjlnokgebbaldlmgkap kpjkkb [2016-11-09]
CHR Extension: (Chrome Web Store Payments) - C:\Users\psimoes\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccm gmieda [2016-04-02]
CHR Extension: (Docs PDF/PowerPoint Viewer (by Google)) - C:\Users\psimoes\AppData\Local\Google\Chrome\User Data\Default\Extensions\nnbmlagghjjcbdhgmkedmbmede ngocbn [2015-09-09]
CHR Extension: (Google Chrome to Phone Extension [DEPRECATED]) - C:\Users\psimoes\AppData\Local\Google\Chrome\User Data\Default\Extensions\oadboiipflhobonjjffjbfekfj cgkhco [2015-12-04]
CHR Extension: (Gmail) - C:\Users\psimoes\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoe jaedia [2015-09-09]
CHR Extension: (Learn Spanish - Qué Onda) - C:\Users\psimoes\AppData\Local\Google\Chrome\User Data\Default\Extensions\pmcdjmebmeoobmdghjbjhbifoo cbcmaj [2015-09-09]
CHR Extension: (Streak CRM for Gmail) - C:\Users\psimoes\AppData\Local\Google\Chrome\User Data\Default\Extensions\pnnfemgpilpdaojpnkjdgfgbnn jojfik [2016-06-21]
CHR HKLM...\Chrome\Extension: [fagakgcelolinfnkfgekcnedpaklfcok] - hxxps://clients2.google.com/service/update2/crx
[HEADING=1]Opera:[/HEADING]
OPR StartupUrls: “hxxps://accounts.google.com/ServiceLogin?service=mail&continue=hxxps://mail.google.com/mail/”

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 AffinegyService; C:\Program Files\Belkin\Router Setup and Monitor\BelkinService.exe [563104 2012-02-23] (Affinegy, Inc.)
R2 Authentec memory manager; C:\Windows\system32\TAMSvr.exe [49152 2007-10-15] (AuthenTec Inc.) [File not signed]
R2 Backupper Service; C:\Program Files\AOMEI Backupper Standard Edition 2.0.2\ABService.exe [29912 2014-08-21] (AOMEI Tech Co., Ltd.) [File not signed]
R2 Belkin Local Backup Service; C:\Program Files\Belkin\Belkin USB Print and Storage Center\BkBackupScheduler.exe [152576 2011-04-19] () [File not signed]
R2 Belkin Network USB Helper; C:\Program Files\Belkin\Belkin USB Print and Storage Center\Bkapcs.exe [49152 2010-02-09] () [File not signed]
R2 ConfigFree Service; C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe [40960 2007-12-25] (TOSHIBA CORPORATION) [File not signed]
R2 EvtEng; C:\Program Files\Intel\Wireless\Bin\EvtEng.exe [794624 2007-10-08] (Intel Corporation) [File not signed]
S3 getPlusHelper; C:\Windows\System32\svchost.exe [21504 2008-01-20] (Microsoft Corporation)
S3 Gizmo Central; C:\Program Files\Gizmo\gservice.exe [34728 2011-07-02] (Arainia Solutions)
S3 GoogleDesktopManager; C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe [1862144 2008-02-12] (Google) [File not signed]
S3 IDriverT; C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe [69632 2005-11-14] (Macrovision Corporation) [File not signed]
R2 NanoServiceMain; C:\Program Files\Panda Security\Panda Security Protection\PSANHost.exe [153096 2016-08-04] (Panda Security, S.L.)
S3 nosGetPlusHelper; C:\Windows\System32\svchost.exe [21504 2008-01-20] (Microsoft Corporation)
R2 OAcat; C:\Program Files\Online Armor\OAcat.exe [584864 2013-10-15] (Emsisoft GmbH)
R2 PandaAgent; C:\Program Files\Panda Security\Panda Devices Agent\AgentSvc.exe [86104 2016-07-19] (Panda Security, S.L.)
R2 PassThru Service; C:\Program Files\HTC\Internet Pass-Through\PassThruSvr.exe [166912 2013-10-17] () [File not signed]
R2 pinger; C:\Toshiba\IVP\ISM\pinger.exe [136816 2007-01-25] ()
R2 PSUAService; C:\Program Files\Panda Security\Panda Security Protection\PSUAService.exe [48584 2016-08-04] (Panda Security, S.L.)
R2 RegSrvc; C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe [483328 2007-10-08] (Intel Corporation) [File not signed]
S3 ServiceLayer; C:\Program Files\PC Connectivity Solution\ServiceLayer.exe [633856 2011-06-08] (Nokia) [File not signed]
R2 SvcOnlineArmor; C:\Program Files\Online Armor\oasrv.exe [4457688 2013-10-15] (Emsisoft GmbH)
R2 Swupdtmr; c:\Toshiba\IVP\swupdate\swupdtmr.exe [66928 2007-10-23] ()
R2 TOSHIBA SMART Log Service; C:\Program Files\TOSHIBA\SMARTLogService\TosIPCSrv.exe [126976 2007-12-03] (TOSHIBA Corporation) [File not signed]
R2 UleadBurningHelper; C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe [49152 2006-08-23] (Ulead Systems, Inc.) [File not signed]
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [272952 2008-01-20] (Microsoft Corporation)
S4 AcrSch2Svc; no ImagePath
S3 rpcapd; “%ProgramFiles%\WinPcap\rpcapd.exe” -d -f “%ProgramFiles%\WinPcap\rpcapd.ini”

===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R0 AlfaFF; C:\Windows\System32\Drivers\AlfaFF.sys [43440 2008-02-03] (Alfa Corporation)
R0 ambakdrv; C:\Windows\System32\ambakdrv.sys [26424 2014-08-19] () [File not signed]
R2 ammntdrv; C:\Windows\system32\ammntdrv.sys [129720 2014-08-19] () [File not signed]
R2 amwrtdrv; C:\Windows\system32\amwrtdrv.sys [14392 2014-08-19] () [File not signed]
R3 ATSWPDRV; C:\Windows\System32\DRIVERS\ATSwpDrv.sys [146944 2009-01-26] (AuthenTec, Inc.)
S1 Cdr4_xp; C:\Windows\system32\Drivers\Cdr4_xp.sys [2432 2006-10-04] (Sonic Solutions) [File not signed]
S1 Cdralw2k; C:\Windows\system32\Drivers\Cdralw2k.sys [2560 2006-10-04] (Sonic Solutions) [File not signed]
R1 GizmoDrv; C:\Windows\system32\Drivers\GizmoDrv.sys [25488 2011-07-02] (Arainia Solutions LLC)
R1 NNSALPC; C:\Windows\System32\DRIVERS\NNSAlpc.sys [87032 2015-12-04] (Panda Security, S.L.)
R1 NNSHTTP; C:\Windows\System32\DRIVERS\NNSHttp.sys [202104 2015-12-04] (Panda Security, S.L.)
R1 NNSHTTPS; C:\Windows\System32\DRIVERS\NNSHttps.sys [109688 2015-12-04] (Panda Security, S.L.)
R1 NNSIDS; C:\Windows\System32\DRIVERS\NNSIds.sys [121720 2015-12-04] (Panda Security, S.L.)
R1 NNSNAHSL; C:\Windows\System32\DRIVERS\NNSNAHSL.sys [42256 2015-04-27] (Panda Security, S.L.)
R1 NNSPICC; C:\Windows\System32\DRIVERS\NNSPicc.sys [102392 2015-12-04] (Panda Security, S.L.)
R1 NNSPIHSW; C:\Windows\System32\DRIVERS\NNSPihsw.sys [72400 2016-03-14] (Panda Security, S.L.)
R1 NNSPOP3; C:\Windows\System32\DRIVERS\NNSPop3.sys [120568 2015-12-04] (Panda Security, S.L.)
R1 NNSPROT; C:\Windows\System32\DRIVERS\NNSProt.sys [281720 2015-12-04] (Panda Security, S.L.)
R1 NNSPRV; C:\Windows\System32\DRIVERS\NNSPrv.sys [216208 2016-02-17] (Panda Security, S.L.)
R1 NNSSMTP; C:\Windows\System32\DRIVERS\NNSSmtp.sys [108408 2015-12-04] (Panda Security, S.L.)
R1 NNSSTRM; C:\Windows\System32\DRIVERS\NNSStrm.sys [247568 2016-02-17] (Panda Security, S.L.)
R1 NNSTLSC; C:\Windows\System32\DRIVERS\NNSTlsc.sys [94968 2015-12-04] (Panda Security, S.L.)
S3 NPF; C:\Windows\System32\drivers\npf.sys [35088 2010-06-25] (CACE Technologies, Inc.)
R1 OADevice; C:\Windows\system32\drivers\OADriver.sys [210360 2013-10-15] ()
R1 oahlpXX; C:\Windows\system32\drivers\oahlp32.sys [44984 2013-10-15] ()
R1 OAmon; C:\Windows\system32\drivers\OAmon.sys [34856 2013-10-15] (Emsisoft)
R3 OAnet; C:\Windows\System32\DRIVERS\oanet.sys [31760 2013-10-15] (Emsisoft)
R2 PSINAflt; C:\Windows\System32\DRIVERS\PSINAflt.sys [147728 2016-08-04] (Panda Security, S.L.)
R2 PSINFile; C:\Windows\System32\DRIVERS\PSINFile.sys [111376 2016-08-04] (Panda Security, S.L.)
R1 PSINKNC; C:\Windows\System32\DRIVERS\psinknc.sys [175888 2016-08-04] (Panda Security, S.L.)
R2 PSINProc; C:\Windows\System32\DRIVERS\PSINProc.sys [121616 2016-08-04] (Panda Security, S.L.)
R2 PSINProt; C:\Windows\System32\DRIVERS\PSINProt.sys [132880 2016-08-04] (Panda Security, S.L.)
R2 PSINReg; C:\Windows\System32\DRIVERS\PSINReg.sys [107792 2016-08-04] (Panda Security, S.L.)
R3 PSKMAD; C:\Windows\System32\DRIVERS\PSKMAD.sys [58288 2016-08-08] (Panda Security, S.L.)
R0 snapman380; C:\Windows\System32\DRIVERS\snman380.sys [134272 2009-03-14] (Acronis)
R3 stdriver; C:\Windows\System32\DRIVERS\stdriver32.sys [49240 2011-02-11] (NCH Software)
R2 sxuptp; C:\Windows\System32\DRIVERS\sxuptp.sys [247320 2009-06-22] (silex technology, Inc.)
S3 tap0901; C:\Windows\System32\DRIVERS\tap0901.sys [25216 2010-02-25] (The OpenVPN Project)
R0 tdrpman147; C:\Windows\System32\DRIVERS\tdrpm147.sys [971232 2009-03-14] (Acronis)
S3 teamviewervpn; C:\Windows\System32\DRIVERS\teamviewervpn.sys [25088 2013-10-17] (TeamViewer GmbH)
S3 trufos; C:\Windows\System32\drivers\trufos.sys [343456 2015-06-07] (BitDefender S.R.L.)
R3 UVCFTR; C:\Windows\System32\Drivers\UVCFTR_S.SYS [18432 2007-12-17] (Chicony Electronics Co., Ltd.)
U5 AppMgmt; C:\Windows\system32\svchost.exe [21504 2008-01-20] (Microsoft Corporation)
U0 aswVmm; no ImagePath
S3 catchme; ??\C:\ComboFix\catchme.sys
S3 IpInIp; system32\DRIVERS\ipinip.sys
S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys
S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys
S0 tljkva; no ImagePath
S3 Tosrfcom; no ImagePath
S0 wayuia; no ImagePath

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-11-14 11:34 - 2016-11-14 11:36 - 00029931 _____ C:\Users\psimoes\Desktop\FRST.txt
2016-11-14 11:29 - 2016-11-14 11:34 - 00000000 ____D C:\FRST
2016-11-14 11:15 - 2016-11-14 11:15 - 05200384 _____ (AVAST Software) C:\Users\psimoes\Desktop\aswmbr.exe
2016-11-14 11:15 - 2016-11-14 11:15 - 01760768 _____ (Farbar) C:\Users\psimoes\Desktop\FRST.exe
2016-11-13 23:07 - 2016-11-13 23:07 - 00000000 ____D C:\Users\psimoes\AppData\Local\ESET
2016-11-13 22:43 - 2016-08-08 04:00 - 00058288 _____ (Panda Security, S.L.) C:\Windows\system32\Drivers\PSKMAD.sys
2016-11-13 13:27 - 2016-11-13 22:30 - 00000000 ____D C:\Users\psimoes\Desktop\Panda.Cloud.Cleaner_Porta ble
2016-11-13 13:20 - 2016-11-13 13:20 - 37786232 _____ (Panda Security ) C:\Users\psimoes\Desktop\PandaCloudCleaner.exe
2016-11-12 23:25 - 2016-11-13 09:33 - 00000000 ____D C:\Users\psimoes\AppData\Local\FSDART
2016-11-12 23:25 - 2016-11-12 23:52 - 00000000 ____D C:\ProgramData\F-Secure
2016-11-12 23:25 - 2016-11-12 23:25 - 00000000 ____D C:\Users\psimoes\AppData\Local\F-Secure
2016-11-12 23:06 - 2016-11-12 23:06 - 00524248 _____ (F-Secure Corporation) C:\Users\psimoes\Desktop\F-SecureOnlineScanner.exe
2016-11-12 23:04 - 2016-11-12 23:04 - 06761600 _____ (ESET spol. s r.o.) C:\Users\psimoes\Desktop\esetonlinescanner_enu.exe
2016-11-10 20:55 - 2016-11-14 10:07 - 00000000 ____D C:\Program Files\Mozilla Firefox
2016-10-21 13:43 - 2016-10-21 13:53 - 00000000 ____D C:\Users\psimoes\AppData\Local\panda
2016-10-21 13:43 - 2016-10-21 13:43 - 00000000 ____D C:\Program Files\Panda Security URL Filtering
2016-10-21 13:42 - 2016-11-13 13:17 - 00000000 ____D C:\Users\psimoes\AppData\LocalLow\pandasecuritytb
2016-10-21 13:42 - 2016-10-21 13:42 - 00000000 ____D C:\Program Files\pandasecuritytb
2016-10-21 13:41 - 2016-10-21 13:41 - 00000000 ____D C:\Users\psimoes\AppData\Roaming\Panda Security
2016-10-21 13:34 - 2016-10-21 13:44 - 00002029 _____ C:\Users\Public\Desktop\Panda Free Antivirus.lnk
2016-10-21 13:34 - 2016-10-21 13:34 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Panda Free Antivirus
2016-10-21 13:33 - 2016-10-21 13:42 - 00000000 ____D C:\Program Files\Panda Security

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-11-14 11:23 - 2006-11-02 07:47 - 00003616 _____ C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
2016-11-14 11:23 - 2006-11-02 07:47 - 00003616 _____ C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
2016-11-14 11:21 - 2009-06-30 20:06 - 00000916 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3399307451-3074549587-1771456082-1000UA.job
2016-11-14 11:12 - 2010-02-09 17:32 - 00000886 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2016-11-14 10:37 - 2013-03-20 23:25 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2016-11-14 09:29 - 2006-11-02 06:18 - 00000000 ____D C:\Windows\inf
2016-11-14 09:29 - 2006-11-02 05:33 - 00854788 _____ C:\Windows\system32\PerfStringBackup.INI
2016-11-14 09:26 - 2010-02-09 17:32 - 00000882 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2016-11-14 09:24 - 2006-11-02 08:01 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2016-11-14 09:24 - 2006-11-02 07:37 - 00000000 ___RD C:\Users\Public\Recorded TV
2016-11-14 00:24 - 2006-11-02 08:01 - 00032656 _____ C:\Windows\Tasks\SCHEDLGU.TXT
2016-11-14 00:19 - 2014-03-06 22:39 - 00000000 ____D C:\Users\psimoes\AppData\Local\CrashDumps
2016-11-13 23:47 - 2011-12-25 20:37 - 00000936 _____ C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3399307451-3074549587-1771456082-1000UA.job
2016-11-13 17:47 - 2011-12-25 20:37 - 00000914 _____ C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3399307451-3074549587-1771456082-1000Core.job
2016-11-13 16:21 - 2009-06-30 20:06 - 00000864 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3399307451-3074549587-1771456082-1000Core.job
2016-11-10 18:32 - 2016-04-15 08:12 - 00000000 ____D C:\Users\psimoes\AppData\Roaming\Microsoft\Windows \Start Menu\Programs\Chrome Apps
2016-11-08 12:37 - 2012-05-03 08:23 - 00796352 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe
2016-11-08 12:37 - 2011-06-21 23:31 - 00142528 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl
2016-11-08 12:37 - 2008-02-12 21:43 - 00000000 ____D C:\Windows\system32\Macromed
2016-11-03 11:06 - 2016-02-22 16:43 - 00000000 ____D C:\Users\psimoes\AppData\Roaming\vlc
2016-11-03 11:04 - 2014-08-18 13:43 - 00000000 ____D C:\Users\psimoes\Desktop\0misc.downl_Tosh
2016-10-25 07:04 - 2006-11-02 07:47 - 00462664 _____ C:\Windows\system32\FNTCACHE.DAT
2016-10-21 13:42 - 2014-10-17 21:06 - 00000000 ____D C:\ProgramData\Panda Security
2016-10-21 13:41 - 2009-02-16 11:18 - 00121608 _____ C:\Users\psimoes\AppData\Local\GDIPFONTCACHEV1.DAT
2016-10-21 12:59 - 2012-06-16 00:29 - 00000000 ____D C:\ProgramData\AVAST Software
2016-10-20 18:05 - 2013-03-07 23:13 - 00000000 ____D C:\Program Files\Online Armor

==================== Files in the root of some directories =======

2015-09-08 15:27 - 2015-09-08 20:18 - 3993600 _____ () C:\Program Files\GUTC12.tmp
2010-02-21 20:14 - 2010-04-02 18:43 - 0000990 ___SH () C:\Users\psimoes\AppData\Roaming\systemfl.$dk
2014-10-13 16:09 - 2014-10-29 03:29 - 0207963 _____ () C:\Users\psimoes\AppData\Local\ars.cache
2014-10-13 16:09 - 2014-10-29 03:29 - 0576849 _____ () C:\Users\psimoes\AppData\Local\census.cache
2010-07-18 20:02 - 2015-05-16 07:08 - 0001356 _____ () C:\Users\psimoes\AppData\Local\d3d9caps.dat
2009-02-16 02:35 - 2011-06-29 21:25 - 0081408 _____ () C:\Users\psimoes\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2014-10-13 15:55 - 2014-10-13 15:55 - 0000036 _____ () C:\Users\psimoes\AppData\Local\housecall.guid.cach e
2014-10-13 16:06 - 2014-10-28 23:31 - 0000010 _____ () C:\Users\psimoes\AppData\Local\sponge.last.runtime .cache
[HEADING=1]Some zero byte size files/folders:[/HEADING]
C:\Windows\logo_1.exe
C:\Windows\RUNDL132.EXE
C:\Windows\VDLL.DLL
C:\Windows\System32\runouce.exe

==================== Bamital & volsnap ======================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\explorer.exe => File is digitally signed
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2016-11-14 09:31

==================== End of FRST.txt ============================
[HEADING=1]Additional scan result of Farbar Recovery Scan Tool (x86) Version: 12-11-2016
Ran by psimoes (14-11-2016 11:36:58)
Running from C:\Users\psimoes\Desktop
Microsoft® Windows Vista™ Home Premium Service Pack 2 (X86) (2009-02-16 07:13:03)
Boot Mode: Normal[/HEADING]
==================== Accounts: =============================

Administrator (S-1-5-21-3399307451-3074549587-1771456082-500 - Administrator - Disabled)
Guest (S-1-5-21-3399307451-3074549587-1771456082-501 - Limited - Enabled) => C:\Users\Guest
psimoes (S-1-5-21-3399307451-3074549587-1771456082-1000 - Administrator - Enabled) => C:\Users\psimoes
torrents (S-1-5-21-3399307451-3074549587-1771456082-1004 - Limited - Enabled) => C:\Users\torrents

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Panda Free Antivirus (Enabled - Up to date) {3456760B-FDAA-FFFD-06C2-7BB528D2066C}
AS: Panda Free Antivirus (Enabled - Up to date) {8F3797EF-DB90-F073-3C72-40C753554CD1}
AS: Windows Defender (Disabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: Panda Firewall (Disabled) {0C6DF72E-B7C5-FEA5-2D9D-D280D6014117}
FW: Online Armor Firewall (Enabled) {BD3F5FCA-866B-1E2E-0A68-58900A751EA1}

==================== Installed Programs ======================

(Only the adware programs with “Hidden” flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

7-Zip 4.65 (HKLM...\7-Zip) (Version: - )
7-Zip 9.20 (HKLM...{23170F69-40C1-2701-0920-000001000000}) (Version: 9.20.00.0 - Igor Pavlov)
Acrobat.com (HKLM...\com.adobe.mauby.4875E02D9FB21EE389F73B8D1 702B320485DF8CE.1) (Version: 1.1.377 - Adobe Systems Incorporated)
Acrobat.com (Version: 0.0.0 - Adobe Systems Incorporated) Hidden
Adobe AIR (HKLM...\Adobe AIR) (Version: 4.0.0.1390 - Adobe Systems Incorporated)
Adobe Flash Player 23 ActiveX (HKLM...\Adobe Flash Player ActiveX) (Version: 23.0.0.207 - Adobe Systems Incorporated)
Adobe Flash Player 23 NPAPI (HKLM...\Adobe Flash Player NPAPI) (Version: 23.0.0.207 - Adobe Systems Incorporated)
Adobe Flash Player 23 PPAPI (HKLM...\Adobe Flash Player PPAPI) (Version: 23.0.0.207 - Adobe Systems Incorporated)
Adobe Reader X (10.1.16) (HKLM...{AC76BA86-7AD7-1033-7B44-AA1000000001}) (Version: 10.1.16 - Adobe Systems Incorporated)
Aiseesoft Blu-ray Ripper (HKLM...\Aiseesoft Blu-ray Ripper_is1) (Version: - )
Aiseesoft Streaming Video Recorder (HKLM...\Aiseesoft Streaming Video Recorder_is1) (Version: - )
AOMEI Backupper Standard Edition 2.0.2 (HKLM...{A83692F5-3E9B-4E95-9E7E-B5DF5536C09F}is1) (Version: - AOMEI Technology Co., Ltd.)
Apple Application Support (HKLM...{F5266D28-E0B2-4130-BFC5-EE155AD514DC}) (Version: 2.3 - Apple Inc.)
Apple Mobile Device Support (HKLM...{308B6AEA-DE50-4666-996D-0FA461719D6B}) (Version: 3.3.0.69 - Apple Inc.)
Apple Software Update (HKLM...{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
ATI Catalyst Install Manager (HKLM...{53BB9294-6E76-4853-4130-1CD0A01EAE45}) (Version: 3.0.657.0 - ATI Technologies, Inc.)
Auslogics DiskDefrag (HKLM...{DF6A13C0-77DF-41FE-BD05-6D5201EB0CE7}is1) (Version: 4.4.0.0 - Auslogics Labs Pty Ltd)
Belkin Setup and Router Monitor (HKLM...\Belkin Setup and Router Monitor_is1) (Version: - )
Belkin USB Print and Storage Center (HKLM...\Belkin USB Print and Storage Center) (Version: 1.1.4 - Belkin International, Inc.)
Bluetooth Stack for Windows by Toshiba (HKLM...{CEBB6BFB-D708-4F99-A633-BC2600E01EF6}) (Version: v6.10.02(T) - TOSHIBA CORPORATION)
Bonjour (HKLM...{FF1C31AE-0CDC-40CE-AB85-406F8B70D643}) (Version: 2.0.3.0 - Apple Inc.)
Camera Assistant Software for Toshiba (HKLM...{37C866E4-AA67-4725-9E95-A39968DD7960}) (Version: 1.7.175.0123 - Chicony Electronics Co.,Ltd.)
Catalyst Control Center - Branding (HKLM...{D58A1E94-9EEA-4C6E-B9FB-D7C63DC6C941}) (Version: 1.00.0000 - ATI)
ccc-core-static (Version: 2008.0130.1509.26922 - ATI) Hidden
CCleaner (HKLM...\CCleaner) (Version: 5.10 - Piriform)
CD/DVD Drive Acoustic Silencer (HKLM...{9FE35071-CAB2-4E79-93E7-BFC6A2DC5C5D}) (Version: 2.02.01 - TOSHIBA)
Cisco WebEx Meetings (HKLM...\ActiveTouchMeetingClient) (Version: - Cisco WebEx LLC)
Citrix Online Launcher (HKLM...{678753E6-E526-4AE5-A144-00240772543A}) (Version: 1.0.393 - Citrix)
Compatibility Pack for the 2007 Office system (HKLM...{90120000-0020-0409-0000-0000000FF1CE}) (Version: 12.0.6425.1000 - Microsoft Corporation)
Cover Commander 3.0 by Insofta Development (HKLM...\Cover Commander) (Version: 3.0 - Insofta Development)
CyberLink PowerCinema for TOSHIBA (HKLM...\InstallShield{2637C347-9DAD-11D6-9EA2-00055D0CA761}) (Version: 6.0.1414 - CyberLink Corp.)
D3DX10 (Version: 15.4.2368.0902 - Microsoft) Hidden
DVD MovieFactory for TOSHIBA (HKLM...{F214EAA4-A069-4BAF-9DA4-4DB8BEEDE485}) (Version: 5.51 - Ulead Systems, Inc.)
ESET Online Scanner v3 (HKLM...\ESET Online Scanner) (Version: - )
Facebook Video Calling 3.1.0.521 (HKLM...{2091F234-EB58-4B80-8C96-8EB78C808CF7}) (Version: 3.1.521 - Skype Limited)
FileASSASSIN (HKLM...\FileASSASSIN) (Version: 1.06 - Malwarebytes)
Folder Lock (HKU\S-1-5-21-3399307451-3074549587-1771456082-1000...\FolderLock6) (Version: - New Sofware.net Inc.)
FXCM Trading Station (HKU\S-1-5-21-3399307451-3074549587-1771456082-1000...\FXCM Trading Station) (Version: 010311 - )
FXCM Trading Station (Version: 010311 - FXCM) Hidden
GearDrvs (Version: 1 - Symantec Corporation) Hidden
GearDrvs (Version: 1.00.0000 - GEAR Software) Hidden
Gizmo Central (HKLM...\Gizmo Central) (Version: v2.7.9 - Arainia Solutions, LLC)
Google Chrome (HKLM...\Google Chrome) (Version: 49.0.2623.112 - Google Inc.)
Google Desktop (HKLM...\Google Desktop) (Version: - - Google)
Google Talk Plugin (HKLM...{F9B579C2-D854-300A-BE62-A09EB9D722E4}) (Version: 5.41.3.0 - Google)
Google Toolbar for Internet Explorer (HKLM...{2318C2B1-4965-11d4-9B18-009027A5CD4F}) (Version: 7.5.7619.1252 - Google Inc.)
Google Toolbar for Internet Explorer (Version: 1.0.0 - Google Inc.) Hidden
Google Update Helper (Version: 1.3.25.11 - Google Inc.) Hidden
Google Update Helper (Version: 1.3.31.5 - Google Inc.) Hidden
GoToMeeting 7.16.0.4800 (HKU\S-1-5-21-3399307451-3074549587-1771456082-1000...\GoToMeeting) (Version: 7.16.0.4800 - CitrixOnline)
HTC BMP USB Driver (HKLM...{31A559C1-9E4D-423B-9DD3-34A6C5398752}) (Version: 1.0.5375 - HTC)
HTC Driver Installer (HKLM...{6D6664A9-3342-4948-9B7E-034EFE366F0F}) (Version: 3.0.0.021 - HTC Corporation)
Ideal DVD Copy V4.1.2 (HKLM...\Ideal DVD Copy_is1) (Version: - Ideal DVD Software, Inc.)
ImgBurn (HKLM...\ImgBurn) (Version: 2.5.7.0 - LIGHTNING UK!)
Intel(R) PROSet/Wireless Software (HKLM...\ProInst) (Version: 11.5.0000 - Intel Corporation)
Intel® Matrix Storage Manager (HKLM...{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}) (Version: - )
IPTInstaller (HKLM...{08208143-777D-4A06-BB54-71BF0AD1BB70}) (Version: 4.0.9 - HTC)
iTunes (HKLM...{881F5DE8-9367-4B81-A325-E91BBC6472F9}) (Version: 10.1.1.4 - Apple Inc.)
Java 7 Update 67 (HKLM...{26A24AE4-039D-4CA4-87B4-2F83217051FF}) (Version: 7.0.670 - Oracle)
Junk Mail filter update (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Logitech Unifying Software 2.50 (HKLM...\Logitech Unifying) (Version: 2.50.25 - Logitech)
magicJack (HKU\S-1-5-21-3399307451-3074549587-1771456082-1000...\magicJack) (Version: 4.1.7574.5297 - magicJack L.P.)
Malwarebytes’ Anti-Malware version 1.51.0.1200 (HKLM...\Malwarebytes’ Anti-Malware_is1) (Version: 1.51.0.1200 - Malwarebytes Corporation)
mCorev32.ism_new (Version: 11.02.0000 - Intel Corporation) Hidden
mCPlug (Version: 11.02.0000 - Intel Corporation) Hidden
mHelp (Version: 11.02.0000 - Intel) Hidden
Microsoft .NET Framework 3.5 SP1 (HKLM...\Microsoft .NET Framework 3.5 SP1) (Version: - Microsoft Corporation)
Microsoft .NET Framework 4.5.2 (HKLM...{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.51209 - Microsoft Corporation)
Microsoft Office Enterprise 2007 (HKLM...\ENTERPRISE) (Version: 12.0.4518.1014 - Microsoft Corporation)
Microsoft Silverlight (HKLM...{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.20125.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (HKLM...{770657D0-A123-3C07-8E44-1C83EC895118}) (Version: 8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM...{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM...{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148 (HKLM...{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM...{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022.218 (HKLM...{E503B4BF-F7BB-3D5F-8BC8-F694B1CFF942}) (Version: 9.0.21022.218 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM...{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM...{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM...{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Works (HKLM...{15BC8CD0-A65B-47D0-A2DD-90A824590FA8}) (Version: 9.7.0621 - Microsoft Corporation)
mMHouse (Version: 11.02.0000 - Intel Corporation) Hidden
Mozilla Firefox 48.0.2 (x86 en-US) (HKLM...\Mozilla Firefox 48.0.2 (x86 en-US)) (Version: 48.0.2 - Mozilla)
mPfMgr (Version: 11.02.0000 - Intel Corporation) Hidden
MSVC90_x86 (Version: 1.0.1.2 - Nokia) Hidden
MSXML 4.0 SP2 (KB941833) (HKLM...{C523D256-313D-4866-B36A-F3DE528246EF}) (Version: 4.20.9849.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB954430) (HKLM...{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM...{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (HKLM...{196467F1-C11F-4F76-858B-5812ADC83B94}) (Version: 4.30.2100.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (KB2721691) (HKLM...{355B5AC0-CEEE-42C5-AD4D-7F3CFD806C36}) (Version: 4.30.2114.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (KB2758694) (HKLM...{1D95BA90-F4F8-47EC-A882-441C99D30C1E}) (Version: 4.30.2117.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (KB973685) (HKLM...{859DFA95-E4A6-48CD-B88E-A3E483E89B44}) (Version: 4.30.2107.0 - Microsoft Corporation)
Network Recording Player (HKLM...{FDA24BB0-8462-4356-B30E-C74FDC25C6DF}) (Version: 28.7.0.15458 - Cisco WebEx LLC)
Nokia Connectivity Cable Driver (HKLM...{2D99A593-C841-43A7-B7C9-D6F3AE70B756}) (Version: 7.1.45.0 - Nokia)
Nokia PC Suite (HKLM...\Nokia PC Suite) (Version: 7.1.62.1 - Nokia)
Nokia PC Suite (Version: 7.1.62.1 - Nokia) Hidden
Online Armor 6.0 (HKLM...\OnlineArmor_is1) (Version: 6.0 - Emsisoft GmbH)
Opera Stable 36.0.2130.80 (HKLM...\Opera 36.0.2130.80) (Version: 36.0.2130.80 - Opera Software)
Panda Devices Agent (Version: 1.03.08 - Panda Security) Hidden
Panda Devices Agent (Version: 1.08.00 - Panda Security) Hidden
Panda Free Antivirus (HKLM...\Panda Universal Agent Endpoint) (Version: 17.00.01.0000 - Panda Security)
Panda Free Antivirus (Version: 8.31.00 - Panda Security) Hidden
Panda Safe Web (HKLM...\pandasecuritytb) (Version: 4.3.1.20 - Panda Security and Visicom Media Inc.)
PC Connectivity Solution (HKLM...{C373F7C4-05D2-4047-96D1-6AF30661C6AA}) (Version: 11.4.19.0 - Nokia)
Picasa 3 (HKLM...\Picasa 3) (Version: 3.9 - Google, Inc.)
QuickTime (HKLM...{AF0CE7C0-A3E4-4D73-988B-B29187EC6E9A}) (Version: 7.73.80.64 - Apple Inc.)
Realtek 8169, 8168, 8101E and 8102E Ethernet Network Card Driver for Windows Vista (HKLM...{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 1.00.0000 - Realtek)
Realtek High Definition Audio Driver (HKLM...{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.5559 - Realtek Semiconductor Corp.)
Revo Uninstaller 1.92 (HKLM...\Revo Uninstaller) (Version: 1.92 - VS Revo Group)
RICOH R5C83x/84x Flash Media Controller Driver Ver.3.51.01 (HKLM...{59F6A514-9813-47A3-948C-8A155460CC2A}) (Version: 3.51.01 - )
Segoe UI (Version: 15.4.2271.0615 - Microsoft Corp) Hidden
Skins (Version: 2008.0130.1509.26922 - ATI) Hidden
Skype™ 7.26 (HKLM...{FC965A47-4839-40CA-B618-18F486F042C6}) (Version: 7.26.101 - Skype Technologies S.A.)
Snagit 11 (HKLM...{A56C6348-59D0-433B-A48A-75914858664E}) (Version: 11.2.1 - TechSmith Corporation)
SnagIt 9 (HKLM...{59991D18-A988-45AB-B1BF-5ADE6E64CD3F}) (Version: 9.0.0 - TechSmith Corporation)
Spelling Dictionaries Support For Adobe Reader 9 (HKLM...{AC76BA86-7AD7-5464-3428-900000000004}) (Version: 9.0.0 - Adobe Systems Incorporated)
Synaptics Pointing Device Driver (HKLM...\SynTPDeinstKey) (Version: 11.2.4.0 - Synaptics)
TOSHIBA Assist (HKLM...{12B3A009-A080-4619-9A2A-C6DB151D8D67}) (Version: 2.01.05 - TOSHIBA)
TOSHIBA ConfigFree (HKLM...{78C6A78A-8B03-48C8-A47C-78BA1FCA2307}) (Version: 7.1.27 - TOSHIBA Corporation)
TOSHIBA DVD PLAYER (HKLM...{6C5F3BDC-0A1B-4436-A696-5939629D5C31}) (Version: 1.20.10 - TOSHIBA Corporation)
TOSHIBA Extended Tiles for Windows Mobility Center (HKLM...\InstallShield{617C36FD-0CBE-4600-84B2-441CEB12FADF}) (Version: 1.01.00 - TOSHIBA Corporation)
TOSHIBA Face Recognition (HKLM...\InstallShield_{C730E42C-935A-45BB-A0C5-37E5234D111B}) (Version: 1.0.3.32 - TOSHIBA)
TOSHIBA Hardware Setup (HKLM...{2883F6F5-0509-43F3-868C-D50330DD9DD3}) (Version: 2.00.06 - )
Toshiba Registration (HKLM...{C53D16CC-E56F-47B8-906E-70AAF8EABB4F}) (Version: 1.00.0000 - Datalode Inc.)
TOSHIBA SD Memory Utilities (HKLM...{EBFF48F5-3CFA-436F-8FD5-94FB01D3A0A7}) (Version: 1.8.1.1 - TOSHIBA)
TOSHIBA Software Upgrades (HKLM...{425A2BC2-AA64-4107-9C29-484245BBEA05}) (Version: 4.3 - TOSHIBA)
TOSHIBA Speech System Applications (HKLM...{EE033C1F-443E-41EC-A0E2-559B539A4E4D}) (Version: - )
TOSHIBA Speech System SR Engine(U.S.) Version1.0 (HKLM...{008D69EB-70FF-46AB-9C75-924620DF191A}) (Version: - )
TOSHIBA Speech System TTS Engine(U.S.) Version1.0 (HKLM...{3FBF6F99-8EC6-41B4-8527-0A32241B5496}) (Version: - )
TOSHIBA Supervisor Password (HKLM...{4B1E87C3-00DE-4898-8E39-E390AAEF2391}) (Version: 2.00.03 - )
TOSHIBA Value Added Package (HKLM...\InstallShield_{FEDD27A0-B306-45EF-BF58-B527406B42C8}) (Version: 1.1.14 - TOSHIBA Corporation)
TrueSuite Access Manager (HKLM...{A2075A09-28AA-4D30-9BCC-82EAD9FA51BD}) (Version: 1.1.13.13 - ABIG)
TRW conferencing (HKLM...{E23E9487-2B6B-42CA-AE8D-E2369563AB02}) (Version: 7.71 - Digitalweb)
TurboMeeting (HKU\S-1-5-21-3399307451-3074549587-1771456082-1000...\TurboMeeting) (Version: 3.0.300 - RHUB Communications, Inc.)
Unlocker 1.9.0 (HKLM...\Unlocker) (Version: 1.9.0 - Cedrick Collomb)
Video Mover (HKLM...\Video Mover_is1) (Version: - )
VLC media player (HKLM...\VLC media player) (Version: 2.2.2 - VideoLAN)
Windows Driver Package - Nokia Modem (02/25/2011 4.7) (HKLM...\E0AC723A3DE3A04256288CADBBB011B112AED454) (Version: 02/25/2011 4.7 - Nokia)
Windows Driver Package - Nokia Modem (02/25/2011 7.01.0.9) (HKLM...\72A50F48CC5601190B9C4E74D81161693133E7F7) (Version: 02/25/2011 7.01.0.9 - Nokia)
Windows Driver Package - Nokia pccsmcfd (08/22/2008 7.0.0.0) (HKLM...\504244733D18C8F63FF584AEB290E3904E791693) (Version: 08/22/2008 7.0.0.0 - Nokia)
Windows Live Essentials (HKLM...\WinLiveSuite) (Version: 15.4.3538.0513 - Microsoft Corporation)
Windows Media Encoder 9 Series (HKLM...\Windows Media Encoder 9) (Version: - )
WinPcap 4.1.2 (HKLM...\WinPcapInst) (Version: 4.1.0.2001 - CACE Technologies)
Your monster voice 1 (HKLM...\Your monster voice 1) (Version: - )

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-3399307451-3074549587-1771456082-1000_Classes\CLSID{01B48E19-3C98-4B34-B679-86D14E74C2D8}\InprocServer32 → no filepath
CustomCLSID: HKU\S-1-5-21-3399307451-3074549587-1771456082-1000_Classes\CLSID{022105BD-948A-40C9-AB42-A3300DDF097F}\localserver32 → C:\Users\psimoes\AppData\Local\Google\Update\Googl eUpdate.exe (Google Inc.)
CustomCLSID: HKU\S-1-5-21-3399307451-3074549587-1771456082-1000_Classes\CLSID{035FBE31-3755-450A-A775-5E6BBD43D344}\InprocServer32 → C:\Users\psimoes\AppData\Local\Google\Update\1.3.2 1.135\psuser.dll => No File
CustomCLSID: HKU\S-1-5-21-3399307451-3074549587-1771456082-1000_Classes\CLSID{039B2CA5-3B41-4D93-AD77-47D3293FC5CB}\InprocServer32 → no filepath
CustomCLSID: HKU\S-1-5-21-3399307451-3074549587-1771456082-1000_Classes\CLSID{095A2EEC-F7FE-42E8-96FB-C20E53081908}\InprocServer32 → no filepath
CustomCLSID: HKU\S-1-5-21-3399307451-3074549587-1771456082-1000_Classes\CLSID{0E55CBE1-B06A-49B6-AD8D-9EFAA0160C6F}\InprocServer32 → no filepath
CustomCLSID: HKU\S-1-5-21-3399307451-3074549587-1771456082-1000_Classes\CLSID{0F22A205-CFB0-4679-8499-A6F44A80A208}\InprocServer32 → C:\Users\psimoes\AppData\Local\Google\Update\1.3.2 5.5\psuser.dll => No File
CustomCLSID: HKU\S-1-5-21-3399307451-3074549587-1771456082-1000_Classes\CLSID{11CD84A3-A5E0-43CB-B3DF-92C623C0E0E0}\InprocServer32 → C:\Windows\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3399307451-3074549587-1771456082-1000_Classes\CLSID{1423F872-3F7F-4E57-B621-8B1A9D49B448}\InprocServer32 → C:\Users\psimoes\AppData\Local\Google\Update\1.3.2 7.5\psuser.dll => No File
CustomCLSID: HKU\S-1-5-21-3399307451-3074549587-1771456082-1000_Classes\CLSID{1FD1FE74-9E3C-4C1C-AEEB-AAB592AD770F}\localserver32 → C:\Users\psimoes\AppData\Local\Facebook\Update\Fac ebookUpdate.exe (Facebook Inc.)
CustomCLSID: HKU\S-1-5-21-3399307451-3074549587-1771456082-1000_Classes\CLSID{22181302-A8A6-4F84-A541-E5CBFC70CC43}\localserver32 → C:\Users\psimoes\AppData\Local\Google\Update\1.3.3 1.5\GoogleUpdateOnDemand.exe (Google Inc.)
CustomCLSID: HKU\S-1-5-21-3399307451-3074549587-1771456082-1000_Classes\CLSID{29A96789-9595-4947-BEDB-0FCC776F7DB8}\InprocServer32 → no filepath
CustomCLSID: HKU\S-1-5-21-3399307451-3074549587-1771456082-1000_Classes\CLSID{2A235D7E-0358-40E2-B51A-DE22F8F5C50D}\InprocServer32 → C:\Windows\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3399307451-3074549587-1771456082-1000_Classes\CLSID{2F0E2680-9FF5-43C0-B76E-114A56E93598}\localserver32 → C:\Users\psimoes\AppData\Local\Google\Update\1.3.3 1.5\GoogleUpdateOnDemand.exe (Google Inc.)
CustomCLSID: HKU\S-1-5-21-3399307451-3074549587-1771456082-1000_Classes\CLSID{320F0FDB-BE0A-4648-9D18-4A2C3448C007}\InprocServer32 → no filepath
CustomCLSID: HKU\S-1-5-21-3399307451-3074549587-1771456082-1000_Classes\CLSID{355EC88A-02E2-4547-9DEE-F87426484BD1}\InprocServer32 → C:\Users\psimoes\AppData\Local\Google\Update\1.3.2 3.9\psuser.dll => No File
CustomCLSID: HKU\S-1-5-21-3399307451-3074549587-1771456082-1000_Classes\CLSID{39125640-8D80-11DC-A2FE-C5C455D89593}\InprocServer32 → C:\Users\psimoes\AppData\Local\Google\Google Talk Plugin\googletalkax.dll (Google)
CustomCLSID: HKU\S-1-5-21-3399307451-3074549587-1771456082-1000_Classes\CLSID{3D0E3723-95BF-4639-BE54-BB803AE4AE13}\localserver32 → C:\Program Files\Candleworks\FXTS2\FXTSpp.exe ()
CustomCLSID: HKU\S-1-5-21-3399307451-3074549587-1771456082-1000_Classes\CLSID{42481700-CF3C-4D05-8EC6-F9A1C57E8DC0}\InprocServer32 → no filepath
CustomCLSID: HKU\S-1-5-21-3399307451-3074549587-1771456082-1000_Classes\CLSID{4DF0C730-DF9D-4AE3-9153-AA6B82E9795A}\InprocServer32 → no filepath
CustomCLSID: HKU\S-1-5-21-3399307451-3074549587-1771456082-1000_Classes\CLSID{51F9E8EF-59D7-475B-A106-C7EA6F30C119}\localserver32 → C:\Users\psimoes\AppData\Local\Google\Update\1.3.3 1.5\GoogleUpdateOnDemand.exe (Google Inc.)
CustomCLSID: HKU\S-1-5-21-3399307451-3074549587-1771456082-1000_Classes\CLSID{590C4387-5EBD-4D46-8A84-CD0BA2EF2856}\InprocServer32 → C:\Users\psimoes\AppData\Local\Google\Update\1.3.3 0.3\psuser.dll => No File
CustomCLSID: HKU\S-1-5-21-3399307451-3074549587-1771456082-1000_Classes\CLSID{59B55F04-DE14-4BB8-92FF-C4A22EF2E5F4}\InprocServer32 → C:\Users\psimoes\AppData\Local\Google\Update\1.3.3 1.5\psuser.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-3399307451-3074549587-1771456082-1000_Classes\CLSID{5C8C2A98-6133-4EBA-BBCC-34D9EA01FC2E}\InprocServer32 → C:\Users\psimoes\AppData\Local\Google\Update\1.3.2 8.1\psuser.dll => No File
CustomCLSID: HKU\S-1-5-21-3399307451-3074549587-1771456082-1000_Classes\CLSID{5E71E4F3-E8C7-4906-9626-973E418762B6}\InprocServer32 → C:\Users\psimoes\AppData\Local\Facebook\Update\1.2 .205.0\goopdate.dll (Facebook Inc.)
CustomCLSID: HKU\S-1-5-21-3399307451-3074549587-1771456082-1000_Classes\CLSID{62A0D750-DED9-448C-B693-406B34BB0892}\InprocServer32 → C:\Users\psimoes\AppData\Local\Google\Update\1.3.2 1.145\psuser.dll => No File
CustomCLSID: HKU\S-1-5-21-3399307451-3074549587-1771456082-1000_Classes\CLSID{634059C0-D264-4B2C-AE80-F73E48D33E5B}\InprocServer32 → C:\Users\psimoes\AppData\Local\Google\Update\1.3.2 1.123\psuser.dll => No File
CustomCLSID: HKU\S-1-5-21-3399307451-3074549587-1771456082-1000_Classes\CLSID{672CDBDB-0270-4EB9-83EC-216377522D21}\InprocServer32 → C:\Windows\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3399307451-3074549587-1771456082-1000_Classes\CLSID{6D7374DE-63AA-473C-8C02-60D9CDCD84C5}\InprocServer32 → C:\Users\psimoes\AppData\Local\Google\Update\1.3.2 1.153\psuser.dll => No File
CustomCLSID: HKU\S-1-5-21-3399307451-3074549587-1771456082-1000_Classes\CLSID{78550997-5DEF-4A8A-BAF9-D5774E87AC98}\InprocServer32 → C:\Users\psimoes\AppData\Local\Google\Update\1.3.2 8.13\psuser.dll => No File
CustomCLSID: HKU\S-1-5-21-3399307451-3074549587-1771456082-1000_Classes\CLSID{793EE463-1304-471C-ADF1-68C2FFB01247}\InprocServer32 → C:\Users\psimoes\AppData\Local\Google\Update\1.3.2 9.5\psuser.dll => No File
CustomCLSID: HKU\S-1-5-21-3399307451-3074549587-1771456082-1000_Classes\CLSID{841BFDCA-6A9A-4EBC-BC7E-194AA5DCE428}\InprocServer32 → C:\Windows\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3399307451-3074549587-1771456082-1000_Classes\CLSID{84B5A313-CD5D-4904-8BA2-AFDC81C1B309}\InprocServer32 → C:\Program Files\Citrix\GoToMeeting\3880\G2MOutlookAddin.dll (Citrix Online, a division of Citrix Systems, Inc.)
CustomCLSID: HKU\S-1-5-21-3399307451-3074549587-1771456082-1000_Classes\CLSID{8B9F5BF4-0407-4BB2-9FED-4C0372DABD00}\localserver32 → C:\Users\psimoes\AppData\Local\Facebook\Video\Skyp e\FacebookVideoCallingProxy.exe (Skype Limited)
CustomCLSID: HKU\S-1-5-21-3399307451-3074549587-1771456082-1000_Classes\CLSID{90B3DFBF-AF6A-4EA0-8899-F332194690F8}\InprocServer32 → C:\Users\psimoes\AppData\Local\Google\Update\1.3.2 4.15\psuser.dll => No File
CustomCLSID: HKU\S-1-5-21-3399307451-3074549587-1771456082-1000_Classes\CLSID{91EFB276-CEFE-48EC-BB3A-57795A7B4008}\InprocServer32 → C:\Users\psimoes\AppData\Local\Google\Update\1.3.2 1.149\psuser.dll => No File
CustomCLSID: HKU\S-1-5-21-3399307451-3074549587-1771456082-1000_Classes\CLSID{A45426FB-E444-42B2-AA56-419F8FBEEC61}\InprocServer32 → C:\Users\psimoes\AppData\Local\Google\Update\1.3.2 2.3\psuser.dll => No File
CustomCLSID: HKU\S-1-5-21-3399307451-3074549587-1771456082-1000_Classes\CLSID{A4EEBF66-92EB-4F2A-9F1E-2F6D14B30DA6}\InprocServer32 → no filepath
CustomCLSID: HKU\S-1-5-21-3399307451-3074549587-1771456082-1000_Classes\CLSID{A54D478D-4F70-4F72-9A74-17C9986E35AB}\InprocServer32 → C:\Users\psimoes\AppData\Local\Google\Update\1.3.2 1.165\psuser.dll => No File
CustomCLSID: HKU\S-1-5-21-3399307451-3074549587-1771456082-1000_Classes\CLSID{AB9F4455-E591-4132-A386-0B91EAEDB96C}\InprocServer32 → C:\Users\psimoes\AppData\Local\Google\Google Talk Plugin\o1dax.dll (Google)
CustomCLSID: HKU\S-1-5-21-3399307451-3074549587-1771456082-1000_Classes\CLSID{C3101A8B-0EE1-4612-BFE9-41FFC1A3C19D}\InprocServer32 → C:\Users\psimoes\AppData\Local\Google\Update\1.3.3 1.5\npGoogleUpdate3.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-3399307451-3074549587-1771456082-1000_Classes\CLSID{C3BC25C0-FCD3-4F01-AFDD-41373F017C9A}\InprocServer32 → C:\Users\psimoes\AppData\Local\Google\Update\1.3.2 6.9\psuser.dll => No File
CustomCLSID: HKU\S-1-5-21-3399307451-3074549587-1771456082-1000_Classes\CLSID{C442AC41-9200-4770-8CC0-7CDB4F245C55}\InprocServer32 → C:\Users\psimoes\AppData\Local\Google\Update\1.3.3 1.5\npGoogleUpdate3.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-3399307451-3074549587-1771456082-1000_Classes\CLSID{C5A2122B-A05B-4FD8-AE49-91990AE10998}\InprocServer32 → no filepath
CustomCLSID: HKU\S-1-5-21-3399307451-3074549587-1771456082-1000_Classes\CLSID{CBE9C57E-FFA9-4123-8354-AD360D6DD3CC}\InprocServer32 → C:\Users\psimoes\AppData\Local\Facebook\Video\Skyp e\npFacebookVideoCalling.dll (Skype Limited)
CustomCLSID: HKU\S-1-5-21-3399307451-3074549587-1771456082-1000_Classes\CLSID{CC182BE1-84CE-4A57-B85C-FD4BBDF78CB2}\InprocServer32 → C:\Users\psimoes\AppData\Local\Google\Update\1.3.2 9.1\psuser.dll => No File
CustomCLSID: HKU\S-1-5-21-3399307451-3074549587-1771456082-1000_Classes\CLSID{D0336C0B-7919-4C04-8CCE-2EBAE2ECE8C9}\InprocServer32 → C:\Users\psimoes\AppData\Local\Google\Update\1.3.2 5.11\psuser.dll => No File
CustomCLSID: HKU\S-1-5-21-3399307451-3074549587-1771456082-1000_Classes\CLSID{D0D38C6E-BF64-4C42-840D-3E0019D9F7A6}\InprocServer32 → no filepath
CustomCLSID: HKU\S-1-5-21-3399307451-3074549587-1771456082-1000_Classes\CLSID{D1EDC4F5-7F4D-4B12-906A-614ECF66DDAF}\InprocServer32 → C:\Users\psimoes\AppData\Local\Google\Update\1.3.2 8.15\psuser.dll => No File
CustomCLSID: HKU\S-1-5-21-3399307451-3074549587-1771456082-1000_Classes\CLSID{D9144DCD-E998-4ECA-AB6A-DCD83CCBA16D}\InprocServer32 → no filepath
CustomCLSID: HKU\S-1-5-21-3399307451-3074549587-1771456082-1000_Classes\CLSID{DB25D157-76D4-41C1-97B5-359E4A4CECEB}\InprocServer32 → no filepath
CustomCLSID: HKU\S-1-5-21-3399307451-3074549587-1771456082-1000_Classes\CLSID{E5F07F0E-C4AE-4AA8-AE7E-FC3DB683977E}\InprocServer32 → no filepath
CustomCLSID: HKU\S-1-5-21-3399307451-3074549587-1771456082-1000_Classes\CLSID{E67BE843-BBBE-4484-95FB-05271AE86750}\localserver32 → C:\Users\psimoes\AppData\Local\Google\Update\1.3.3 1.5\GoogleUpdateOnDemand.exe (Google Inc.)
CustomCLSID: HKU\S-1-5-21-3399307451-3074549587-1771456082-1000_Classes\CLSID{E8CF3E55-F919-49D9-ABC0-948E6CB34B9F}\InprocServer32 → C:\Users\psimoes\AppData\Local\Google\Update\1.3.3 1.5\psuser.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-3399307451-3074549587-1771456082-1000_Classes\CLSID{EB06378B-ABB6-4B3C-9B40-D488DD8A6E93}\InprocServer32 → C:\Users\psimoes\AppData\Local\Google\Update\1.3.2 2.5\psuser.dll => No File
CustomCLSID: HKU\S-1-5-21-3399307451-3074549587-1771456082-1000_Classes\CLSID{FB994D36-B312-46CE-A40B-CF63980641F9}\InprocServer32 → no filepath
CustomCLSID: HKU\S-1-5-21-3399307451-3074549587-1771456082-1000_Classes\CLSID{FE498BAB-CB4C-4F88-AC3F-3641AAAF5E9E}\InprocServer32 → C:\Users\psimoes\AppData\Local\Google\Update\1.3.2 4.7\psuser.dll => No File

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {0D161987-AD10-4D61-B6AF-08F1AF26C734} - System32\Tasks\Microsoft\Windows Defender\MP Scheduled Signature Update => c:\program files\windows defender\MpCmdRun.exe [2008-01-20] (Microsoft Corporation)
Task: {10F2238D-1EFD-497B-9F82-2ED7F4C95DD0} - System32\Tasks\FacebookUpdateTaskUserS-1-5-21-3399307451-3074549587-1771456082-1000UA => C:\Users\psimoes\AppData\Local\Facebook\Update\Fac ebookUpdate.exe [2012-07-11] (Facebook Inc.)
Task: {19B6ADC6-F3BD-4A45-9CB2-9DC80C9BA1F5} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files\Google\Update\GoogleUpdate.exe [2015-08-28] (Google Inc.)
Task: {1B2D5FC3-FD37-4F6B-B75D-92A79188796E} - System32\Tasks\PCMAgent.exe_1826580705 => C:\Program Files\CyberLink\PowerCinema for TOSHIBA\PCMAgent.exe [2007-12-13] (CyberLink Corp.)
Task: {35DA24BC-4BEA-4952-9DA5-B76E941F8DC9} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2015-12-13] (Adobe Systems Incorporated)
Task: {363B5A23-E3F2-4920-96D6-0FE18DF74777} - System32\Tasks\SafeZone scheduled Autoupdate 1464051125 => C:\Program Files\AVAST Software\SZBrowser\launcher.exe
Task: {3921AC9D-4361-4ECB-8B8E-644734DC37D7} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2015-09-16] (Piriform Ltd)
Task: {5255BE42-F960-4D14-B4BD-AC20C3743812} - System32\Tasks\CrystalDiskInfo => C:\Users\psimoes\Desktop\AntiV\CrystalDiskInfo6_2_ 2\DiskInfo.exe [2014-12-19] (Crystal Dew World)
Task: {5409B770-4508-4CB0-A052-26CAB9E4B9FA} - System32\Tasks\Opera scheduled Autoupdate 1382066025 => C:\Program Files\Opera\launcher.exe [2016-08-05] (Opera Software)
Task: {59C50FF3-0D3B-4CC6-BCBF-2D74EC3778AA} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-3399307451-3074549587-1771456082-1000UA => C:\Users\psimoes\AppData\Local\Google\Update\Googl eUpdate.exe [2015-08-30] (Google Inc.)
Task: {605400B6-8685-48B6-A6B9-A8C5529FC843} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files\Google\Update\GoogleUpdate.exe [2015-08-28] (Google Inc.)
Task: {81E48EDE-D2AC-4A54-B5A4-CAC8152C6D87} - System32\Tasks\FacebookUpdateTaskUserS-1-5-21-3399307451-3074549587-1771456082-1000Core => C:\Users\psimoes\AppData\Local\Facebook\Update\Fac ebookUpdate.exe [2012-07-11] (Facebook Inc.)
Task: {914710E2-0A42-44A6-AFA4-A6D7EAEDF898} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\system32\Macromed\Flash\FlashPlayerUpda teService.exe [2016-11-08] (Adobe Systems Incorporated)
Task: {954E1E94-94FD-420B-9725-623FAB68F590} - System32\Tasks{C074CB77-8752-4695-819D-DF00F7AAE9A6} => Chrome.exe hxxp://ui.skype.com/ui/0/6.18.59.106/en/abandoninstall?page=tsMain
Task: {9C8D6C2E-DF0E-4E97-BBB6-2A797D3B3BC4} - System32\Tasks\SafeZone scheduled Autoupdate 1458652480 => C:\Program Files\AVAST Software\SZBrowser\launcher.exe
Task: {A879EAD0-908D-481B-A17F-06FDB1F79C50} - System32\Tasks{EB5A17F7-59B1-4914-80F9-8981CBF7FF0B} => C:\Program Files\Gizmo\gizmo.exe [2011-07-02] (Arainia Solutions)
Task: {B52E95C6-0FEB-457F-A518-4DE31303C9AF} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-3399307451-3074549587-1771456082-1000Core => C:\Users\psimoes\AppData\Local\Google\Update\Googl eUpdate.exe [2015-08-30] (Google Inc.)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\system32\Macromed\Flash\FlashPlayerUpda teService.exe
Task: C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3399307451-3074549587-1771456082-1000Core.job => C:\Users\psimoes\AppData\Local\Facebook\Update\Fac ebookUpdate.exe
Task: C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3399307451-3074549587-1771456082-1000UA.job => C:\Users\psimoes\AppData\Local\Facebook\Update\Fac ebookUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3399307451-3074549587-1771456082-1000Core.job => C:\Users\psimoes\AppData\Local\Google\Update\Googl eUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3399307451-3074549587-1771456082-1000UA.job => C:\Users\psimoes\AppData\Local\Google\Update\Googl eUpdate.exe

==================== Shortcuts =============================

(The entries could be listed to be restored or removed.)

Shortcut: C:\Users\psimoes\Favorites\NCH Software Download Site.lnk → hxxp://www.nchsoftware.com/index.html
Shortcut: C:\Users\psimoes\Favorites\NCH Software Download.lnk → hxxp://www.nchsoftware.com/index.html

ShortcutWithArgument: C:\Users\psimoes\AppData\Roaming\Microsoft\Windows \Start Menu\Programs\Chrome Apps\Send Anywhere (File Transfer).lnk → C:\Program Files\Google\Chrome\Application\chrome.exe (Google Inc.) → --profile-directory=Default --app-id=hihbikoooaenkpdooehgemieligjejcb
ShortcutWithArgument: C:\Users\psimoes\AppData\Roaming\Microsoft\Windows \Start Menu\Programs\Chrome Apps\StartPage Search Engine.lnk → C:\Program Files\Google\Chrome\Application\chrome.exe (Google Inc.) → --profile-directory=Default --app-id=choepknhbopmendmnohbaemeaeemnaom

==================== Loaded Modules (Whitelisted) ==============

2013-06-27 00:10 - 2012-02-23 14:57 - 00022944 _____ () C:\Program Files\Belkin\Router Setup and Monitor\BelkinServicePS.dll
2014-10-18 17:39 - 2014-08-21 10:23 - 00270040 _____ () C:\Program Files\AOMEI Backupper Standard Edition 2.0.2\UiLogic.dll
2014-10-18 17:39 - 2014-08-21 10:22 - 00229080 _____ () C:\Program Files\AOMEI Backupper Standard Edition 2.0.2\diskmgr.dll
2014-10-18 17:39 - 2014-08-21 10:22 - 00265944 _____ () C:\Program Files\AOMEI Backupper Standard Edition 2.0.2\Comn.dll
2014-10-18 17:39 - 2014-08-21 10:23 - 00077528 _____ () C:\Program Files\AOMEI Backupper Standard Edition 2.0.2\Ldm.dll
2014-10-18 17:39 - 2014-08-21 10:22 - 00061144 _____ () C:\Program Files\AOMEI Backupper Standard Edition 2.0.2\Device.dll
2014-10-18 17:39 - 2014-08-21 10:22 - 00257752 _____ () C:\Program Files\AOMEI Backupper Standard Edition 2.0.2\BrFat.dll
2014-10-18 17:39 - 2014-08-21 10:22 - 00376536 _____ () C:\Program Files\AOMEI Backupper Standard Edition 2.0.2\BrNtfs.dll
2014-10-18 17:39 - 2014-08-21 10:22 - 00106200 _____ () C:\Program Files\AOMEI Backupper Standard Edition 2.0.2\FuncLogic.dll
2014-10-18 17:39 - 2014-08-21 10:22 - 00233176 _____ () C:\Program Files\AOMEI Backupper Standard Edition 2.0.2\Clone.dll
2014-10-18 17:39 - 2014-08-21 10:23 - 00335576 _____ () C:\Program Files\AOMEI Backupper Standard Edition 2.0.2\ImgFile.dll
2014-10-18 17:39 - 2014-08-21 10:22 - 00028376 _____ () C:\Program Files\AOMEI Backupper Standard Edition 2.0.2\Encrypt.dll
2014-10-18 17:39 - 2014-08-21 10:22 - 00073432 _____ () C:\Program Files\AOMEI Backupper Standard Edition 2.0.2\Compress.dll
2014-10-18 17:39 - 2014-08-21 10:22 - 00093912 _____ () C:\Program Files\AOMEI Backupper Standard Edition 2.0.2\BrVol.dll
2014-10-18 17:39 - 2014-08-21 10:22 - 00188120 _____ () C:\Program Files\AOMEI Backupper Standard Edition 2.0.2\GptBcd.dll
2014-10-18 17:39 - 2014-08-21 10:22 - 00147160 _____ () C:\Program Files\AOMEI Backupper Standard Edition 2.0.2\FlBackup.dll
2014-10-18 17:39 - 2014-08-21 10:22 - 00478936 _____ () C:\Program Files\AOMEI Backupper Standard Edition 2.0.2\EnumFolder.dll
2014-10-18 17:39 - 2014-08-21 10:22 - 00102104 _____ () C:\Program Files\AOMEI Backupper Standard Edition 2.0.2\Backup.dll
2014-10-18 17:39 - 2014-08-21 10:22 - 00098008 _____ () C:\Program Files\AOMEI Backupper Standard Edition 2.0.2\BrLog.dll
2014-10-18 17:39 - 2013-01-17 16:38 - 02403504 _____ () C:\Program Files\AOMEI Backupper Standard Edition 2.0.2\QtCore4.dll
2013-06-27 00:11 - 2011-04-19 15:29 - 00152576 _____ () C:\Program Files\Belkin\Belkin USB Print and Storage Center\BkBackupScheduler.exe
2013-06-27 00:11 - 2010-02-09 14:55 - 00049152 _____ () C:\Program Files\Belkin\Belkin USB Print and Storage Center\Bkapcs.exe
2015-12-15 12:17 - 2015-12-15 12:17 - 00618544 _____ () C:\Program Files\Panda Security\Panda Security Protection\SQLite3.dll
2013-10-17 14:27 - 2013-10-17 14:27 - 00166912 _____ () C:\Program Files\HTC\Internet Pass-Through\PassThruSvr.exe
2008-02-12 21:22 - 2007-01-25 21:47 - 00136816 _____ () C:\Toshiba\IVP\ISM\pinger.exe
2008-02-12 21:22 - 2007-10-23 19:27 - 00066928 _____ () c:\Toshiba\IVP\swupdate\swupdtmr.exe
2008-01-30 18:30 - 2008-01-30 18:30 - 00159744 _____ () C:\Windows\system32\atitmmxx.dll
2011-07-02 10:00 - 2011-07-02 10:00 - 00059304 _____ () C:\Program Files\Gizmo\gshell.dll
2013-06-27 00:11 - 2011-04-19 15:29 - 00132608 _____ () C:\Program Files\Belkin\Belkin USB Print and Storage Center\BkLocalBackup.dll
2009-02-16 02:43 - 2007-06-05 19:42 - 00094208 _____ () C:\Program Files\TrueSuite Access Manager\usbnotify.exe
2013-06-27 00:10 - 2010-08-22 19:01 - 00325632 _____ () C:\Program Files\Belkin\Router Setup and Monitor\QtXml4.dll
2013-06-27 00:10 - 2010-08-22 19:01 - 01954304 _____ () C:\Program Files\Belkin\Router Setup and Monitor\QtCore4.dll
2013-06-27 00:10 - 2010-08-22 19:01 - 07187456 _____ () C:\Program Files\Belkin\Router Setup and Monitor\QtGui4.dll
2013-06-27 00:10 - 2010-08-22 19:01 - 00847360 _____ () C:\Program Files\Belkin\Router Setup and Monitor\QtNetwork4.dll
2013-06-27 00:10 - 2010-08-22 18:32 - 00119808 _____ () C:\Program Files\Belkin\Router Setup and Monitor\imageformats\qjpeg4.dll
2008-02-12 21:13 - 2008-01-29 19:00 - 00430080 _____ () C:\Program Files\Toshiba\TOSCDSPD\TOSCDSPD.exe
2013-06-27 00:10 - 2012-02-23 14:19 - 00669696 _____ () C:\Program Files\Belkin\Router Setup and Monitor\gateways\GenericBelkinGatewayLOC.dll
2007-12-12 15:46 - 2007-12-12 15:46 - 00016384 ____R () C:\Program Files\ATI Technologies\ATI.ACE\Branding\Branding.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)

AlternateDataStreams: C:\Windows\notepad.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\basesrv.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\cewmdm.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\clfs.sys:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\clfsw32.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\comctl32.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\corpol.dll:$CmdTcID [130]
AlternateDataStreams: C:\Windows\system32\dxmasf.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\dxtmsft.dll:$CmdTcID [130]
AlternateDataStreams: C:\Windows\system32\dxtrans.dll:$CmdTcID [130]
AlternateDataStreams: C:\Windows\system32\emdmgmt.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\ie4uinit.exe:$CmdTcID [130]
AlternateDataStreams: C:\Windows\system32\iedkcs32.dll:$CmdTcID [130]
AlternateDataStreams: C:\Windows\system32\ieframe.dll:$CmdTcID [130]
AlternateDataStreams: C:\Windows\system32\iepeers.dll:$CmdTcID [130]
AlternateDataStreams: C:\Windows\system32\iernonce.dll:$CmdTcID [130]
AlternateDataStreams: C:\Windows\system32\iertutil.dll:$CmdTcID [130]
AlternateDataStreams: C:\Windows\system32\iesetup.dll:$CmdTcID [130]
AlternateDataStreams: C:\Windows\system32\iesysprep.dll:$CmdTcID [130]
AlternateDataStreams: C:\Windows\system32\ieui.dll:$CmdTcID [130]
AlternateDataStreams: C:\Windows\system32\ieUnatt.exe:$CmdTcID [130]
AlternateDataStreams: C:\Windows\system32\inetcpl.cpl:$CmdTcID [130]
AlternateDataStreams: C:\Windows\system32\jsproxy.dll:$CmdTcID [130]
AlternateDataStreams: C:\Windows\system32\licmgr10.dll:$CmdTcID [130]
AlternateDataStreams: C:\Windows\system32\msctf.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\msdxm.ocx:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\msfeeds.dll:$CmdTcID [130]
AlternateDataStreams: C:\Windows\system32\msfeedsbs.dll:$CmdTcID [130]
AlternateDataStreams: C:\Windows\system32\msfeedssync.exe:$CmdTcID [130]
AlternateDataStreams: C:\Windows\system32\mshtml.dll:$CmdTcID [130]
AlternateDataStreams: C:\Windows\system32\mshtmled.dll:$CmdTcID [130]
AlternateDataStreams: C:\Windows\system32\msi.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\msiexec.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\msmmsp.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\mstime.dll:$CmdTcID [130]
AlternateDataStreams: C:\Windows\system32\mstscax.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\msv1_0.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\ncsi.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\nlaapi.dll:$CmdTcID [130]
AlternateDataStreams: C:\Windows\system32\nlasvc.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\notepad.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\occache.dll:$CmdTcID [130]
AlternateDataStreams: C:\Windows\system32\PresentationCFFRasterizerNativ e_v0300.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\profsvc.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\scesrv.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\services.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\spwmp.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\url.dll:$CmdTcID [130]
AlternateDataStreams: C:\Windows\system32\urlmon.dll:$CmdTcID [130]
AlternateDataStreams: C:\Windows\system32\vbscript.dll:$CmdTcID [130]
AlternateDataStreams: C:\Windows\system32\WebClnt.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\WindowsCodecs.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\wininet.dll:$CmdTcID [130]
AlternateDataStreams: C:\Windows\system32\wmp.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\WMPhoto.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\wmploc.DLL:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\Drivers\ecache.sys:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\Drivers\mountmgr.sys:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\Drivers\mrxsmb.sys:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\Drivers\mrxsmb10.sys:$CmdTcID [130]
AlternateDataStreams: C:\Windows\system32\Drivers\mrxsmb20.sys:$CmdTcID [64]
AlternateDataStreams: C:\ProgramData\TEMP:56AC8DD1 [364]
AlternateDataStreams: C:\ProgramData\TEMP:5C321E34 [118]
AlternateDataStreams: C:\Users\psimoes\Downloads\39F2.tmp:$CmdTcID [64]

==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The “AlternateShell” value will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Min imal\NanoServiceMain => “”=“Service”
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Min imal\PSUAService => “”=“Service”
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Net work\NanoServiceMain => “”=“Service”
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Net work\PSUAService => “”=“Service”

==================== Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)

HKLM...\cmdfile\DefaultIcon: %SystemRoot%\System32\imageres.dll,-68 <===== ATTENTION

==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)

IE restricted site: HKU\S-1-5-21-3399307451-3074549587-1771456082-1000...\008i.com → 008i.com
IE restricted site: HKU\S-1-5-21-3399307451-3074549587-1771456082-1000...\008k.com → 008k.com
IE restricted site: HKU\S-1-5-21-3399307451-3074549587-1771456082-1000...\00hq.com → 00hq.com
IE restricted site: HKU\S-1-5-21-3399307451-3074549587-1771456082-1000...\0190-dialers.com → 0190-dialers.com
IE restricted site: HKU\S-1-5-21-3399307451-3074549587-1771456082-1000...\01i.info → 01i.info
IE restricted site: HKU\S-1-5-21-3399307451-3074549587-1771456082-1000...\02pmnzy5eo29bfk4.com → 02pmnzy5eo29bfk4.com
IE restricted site: HKU\S-1-5-21-3399307451-3074549587-1771456082-1000...\05p.com → 05p.com
IE restricted site: HKU\S-1-5-21-3399307451-3074549587-1771456082-1000...\07ic5do2myz3vzpk.com → 07ic5do2myz3vzpk.com
IE restricted site: HKU\S-1-5-21-3399307451-3074549587-1771456082-1000...\08nigbmwk43i01y6.com → 08nigbmwk43i01y6.com
IE restricted site: HKU\S-1-5-21-3399307451-3074549587-1771456082-1000...\093qpeuqpmz6ebfa.com → 093qpeuqpmz6ebfa.com
IE restricted site: HKU\S-1-5-21-3399307451-3074549587-1771456082-1000...\0calories.net → 0calories.net
IE restricted site: HKU\S-1-5-21-3399307451-3074549587-1771456082-1000...\0cj.net → 0cj.net
IE restricted site: HKU\S-1-5-21-3399307451-3074549587-1771456082-1000...\0scan.com → 0scan.com
IE restricted site: HKU\S-1-5-21-3399307451-3074549587-1771456082-1000...\1-britney-spears-nude.com → 1-britney-spears-nude.com
IE restricted site: HKU\S-1-5-21-3399307451-3074549587-1771456082-1000...\1-domains-registrations.com → 1-domains-registrations.com
IE restricted site: HKU\S-1-5-21-3399307451-3074549587-1771456082-1000...\1-se.com → 1-se.com
IE restricted site: HKU\S-1-5-21-3399307451-3074549587-1771456082-1000...\1001movie.com → 1001movie.com
IE restricted site: HKU\S-1-5-21-3399307451-3074549587-1771456082-1000...\1001night.biz → 1001night.biz
IE restricted site: HKU\S-1-5-21-3399307451-3074549587-1771456082-1000...\100gal.net → 100gal.net
IE restricted site: HKU\S-1-5-21-3399307451-3074549587-1771456082-1000...\100sexlinks.com → 100sexlinks.com

There are 4928 more sites.

==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2015-08-30 23:16 - 2016-09-28 17:30 - 00000027 ____A C:\Windows\system32\Drivers\etc\hosts

127.0.0.1 localhost

==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-3399307451-3074549587-1771456082-1000\Control Panel\Desktop\Wallpaper → C:\Users\Public\Pictures\Sample Pictures\1Tomorrow.Is.Too.Late_3840x2160.jpg
DNS Servers: 192.168.2.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Pol icies\System => (ConsentPromptBehaviorAdmin: 2) (ConsentPromptBehaviorUser: 1) (EnableLUA: 1)
Windows Firewall is disabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

MSCONFIG\startupfolder: C:^Users^psimoes^AppData^Roaming^Microsoft^Windows ^Start Menu^Programs^Startup^MagicDisc.lnk => C:\Windows\pss\MagicDisc.lnk.Startup
MSCONFIG\startupfolder: C:^Users^psimoes^AppData^Roaming^Microsoft^Windows ^Start Menu^Programs^Startup^OneNote 2007 Screen Clipper and Launcher.lnk => C:\Windows\pss\OneNote 2007 Screen Clipper and Launcher.lnk.Startup
MSCONFIG\startupreg: APSDaemon => “C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe”
MSCONFIG\startupreg: CLMLServer => “C:\Program Files\CyberLink\PowerCinema for TOSHIBA\Kernel\CLML\CLMLSvc.exe”
MSCONFIG\startupreg: Facebook Update => “C:\Users\psimoes\AppData\Local\Facebook\Update\Fa cebookUpdate.exe” /c /nocrashserver
MSCONFIG\startupreg: GizmoDriveDelegate => “C:\Program Files\Gizmo\gizmo.exe” /RemountStartupImages
MSCONFIG\startupreg: Google Desktop Search => “C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe” /startup
MSCONFIG\startupreg: GrooveMonitor => “C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe”
MSCONFIG\startupreg: iTunesHelper => “C:\Program Files\iTunes\iTunesHelper.exe”
MSCONFIG\startupreg: PCMAgent => “C:\Program Files\CyberLink\PowerCinema for TOSHIBA\PCMAgent.exe”
MSCONFIG\startupreg: QuickTime Task => “C:\Program Files\QuickTime\QTTask.exe” -atboottime

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [WMP-In-UDP-x86] => (Allow) %ProgramFiles(x86)%\Windows Media Player\wmplayer.exe
FirewallRules: [WMP-Out-UDP-x86] => (Allow) %ProgramFiles(x86)%\Windows Media Player\wmplayer.exe
FirewallRules: [WMP-Out-TCP-x86] => (Allow) %ProgramFiles(x86)%\Windows Media Player\wmplayer.exe
FirewallRules: [{E926E57D-011D-4F63-BCC5-FFCFDC28D091}] => (Allow) %ProgramFiles(x86)%\Windows Media Player\wmplayer.exe
FirewallRules: [{CE504808-152F-4073-8BB9-0F8E7C4D30C6}] => (Allow) %ProgramFiles(x86)%\Windows Media Player\wmplayer.exe
FirewallRules: [{AB3FBA72-52C3-4476-9A38-230DBE05659B}] => (Allow) %ProgramFiles(x86)%\Windows Media Player\wmplayer.exe
FirewallRules: [{4E4E1545-348C-4603-9D75-690DB6DB8EFE}] => (Allow) C:\Program Files\CyberLink\PowerCinema for TOSHIBA\PowerCinema.exe
FirewallRules: [TCP Query User{F4071B34-7CFE-4C17-8437-9596C2C381C9}F:\skype portable\skypeportable\app\skype\phone\skype.exe] => (Allow) F:\skype portable\skypeportable\app\skype\phone\skype.exe
FirewallRules: [UDP Query User{C24E18F8-5581-4198-9A10-66E035373D8D}F:\skype portable\skypeportable\app\skype\phone\skype.exe] => (Allow) F:\skype portable\skypeportable\app\skype\phone\skype.exe
FirewallRules: [{5508EC15-FC59-414B-8296-BE6CEB28AA30}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{053EDA5A-BA5B-43E6-A9CA-47A951F9B941}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{2D3E087C-8E81-4F1B-9559-1DF3121BB6E8}] => (Allow) C:\Program Files\iTunes\iTunes.exe
FirewallRules: [{BC17EFD5-CC08-478F-88B7-00647D78E267}] => (Allow) C:\Program Files\Opera\opera.exe
FirewallRules: [{749477DC-40E0-424C-BF2C-5D11AE5B4F0D}] => (Allow) C:\Program Files\Opera\opera.exe
FirewallRules: [{CE0CD43E-FC3E-4C81-BE78-9ADA48A2EBE7}] => (Allow) LPort=80
FirewallRules: [{DFC70C83-5301-4E07-A711-4F82ADCDB041}] => (Allow) LPort=80
FirewallRules: [{A8F0510A-B6F8-4D99-BB31-973A34F75DC8}] => (Allow) LPort=80
FirewallRules: [{06C8BCEC-FA06-4186-8424-6B4118527424}] => (Allow) C:\Program Files\Windows Live\Contacts\wlcomm.exe
FirewallRules: [{644FAB9F-7CF4-4784-97A7-83EBAA0C4D93}] => (Allow) LPort=2869
FirewallRules: [{EDC55D5F-2A85-447D-9AC6-CBFFA164070A}] => (Allow) LPort=1900
FirewallRules: [{1CED6313-6CFF-400E-9659-877A765C3577}] => (Allow) C:\Program Files\Windows Live\Messenger\msnmsgr.exe
FirewallRules: [{8597E2F7-901E-431F-B328-8B45BBF3ED9B}] => (Allow) C:\Users\psimoes\AppData\Local\Facebook\Video\Skyp e\FacebookVideoCalling.exe
FirewallRules: [{ED520E14-A907-4B64-BE11-43A136ED8F34}] => (Allow) C:\Program Files\Opera\pluginwrapper\opera_plugin_wrapper.exe
FirewallRules: [{5539EF35-A53F-4D74-85F7-7F9B1980CE2E}] => (Allow) C:\Program Files\Opera\pluginwrapper\opera_plugin_wrapper.exe
FirewallRules: [{E9CE9526-4F2B-4E3C-9AD3-BEE1281232E5}] => (Allow) C:\Program Files\Skype\Phone\Skype.exe
FirewallRules: [PotPlayer(PotPlayerMini.exe)] => (Allow) C:\Program Files\Daum\PotPlayer\PotPlayerMini.exe
FirewallRules: [{0517A223-3585-4C97-8C65-922E353A488A}] => (Allow) C:\Program Files\Daum\PotPlayer\PotPlayerMini.exe
FirewallRules: [{7D2FD514-A4E5-4CC9-B468-F507562E3D6D}] => (Allow) C:\Program Files\Opera\opera.exe
FirewallRules: [{03DDC0C0-C324-4C65-807F-D5ACCAB8C97B}] => (Allow) C:\Program Files\Opera\opera.exe
FirewallRules: [{3BE1ADE1-9FCF-4C6E-B2C3-B9CDC8CF02C1}] => (Allow) C:\Program Files\Common Files\Apple\Apple Application Support\WebKit2WebProcess.exe
FirewallRules: [{10DC4ED3-16BD-4AD4-A0C9-A217494AADD6}] => (Allow) C:\Program Files\Belkin\Router Setup and Monitor\BelkinSetup.exe
FirewallRules: [{A50038B0-7B94-4AEF-90BB-920797496DE5}] => (Allow) C:\Program Files\Belkin\Router Setup and Monitor\BelkinSetup.exe
FirewallRules: [{0C879E00-0487-46AE-AA4A-55CC42C8B88F}] => (Allow) C:\Program Files\Belkin\Router Setup and Monitor\BelkinSetup.exe
FirewallRules: [{E592995F-5041-4BE4-98AD-FD51147C132D}] => (Allow) C:\Program Files\Belkin\Router Setup and Monitor\BelkinSetup.exe
FirewallRules: [{99CAAAC5-6302-481A-8ADD-8F14FE4F07BD}] => (Allow) C:\Program Files\Belkin\Router Setup and Monitor\BelkinSetup.exe
FirewallRules: [{DDEFB12B-09E9-40CC-A6AB-B0D4BD757C77}] => (Allow) C:\Program Files\Belkin\Belkin USB Print and Storage Center\Connect.exe
FirewallRules: [{CB24E490-CDFA-41FF-8A07-29998C85F70A}] => (Allow) LPort=19540
FirewallRules: [{9F5B6F3B-419F-4F3A-A35D-0D9DEE60E0A5}] => (Allow) C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSv cHost.exe
FirewallRules: [{BB7189C2-1967-4289-9AE7-08BF8A54A0EE}] => (Allow) C:\Users\psimoes\AppData\Roaming\mjusbsp\magicJack .exe
FirewallRules: [{F22DB67E-0353-4D2A-A88A-15C75CB30662}] => (Allow) C:\Users\psimoes\AppData\Roaming\mjusbsp\magicJack .exe
FirewallRules: [WinCollab-Out-UDP] => (Allow) %ProgramFiles%\Windows Collaboration\WinCollab.exe
FirewallRules: [WinCollab-In-UDP] => (Allow) %ProgramFiles%\Windows Collaboration\WinCollab.exe
FirewallRules: [WinCollab-Out-TCP] => (Allow) %ProgramFiles%\Windows Collaboration\WinCollab.exe
FirewallRules: [WinCollab-In-TCP] => (Allow) %ProgramFiles%\Windows Collaboration\WinCollab.exe
FirewallRules: [WinCollab-DFSR-Out-TCP] => (Allow) %SystemRoot%\system32\dfsr.exe
FirewallRules: [WinCollab-DFSR-In-TCP] => (Allow) %SystemRoot%\system32\dfsr.exe
FirewallRules: [WMPNSS-WMP-Out-TCP-x86] => (Allow) %ProgramFiles(x86)%\Windows Media Player\wmplayer.exe
FirewallRules: [WMPNSS-WMP-Out-UDP-x86] => (Allow) %ProgramFiles(x86)%\Windows Media Player\wmplayer.exe
FirewallRules: [WMPNSS-WMP-In-UDP-x86] => (Allow) %ProgramFiles(x86)%\Windows Media Player\wmplayer.exe
FirewallRules: [WMPNSS-WMP-Out-TCP-NoScope-x86] => (Allow) %ProgramFiles(x86)%\Windows Media Player\wmplayer.exe
FirewallRules: [WMPNSS-WMP-Out-UDP-NoScope-x86] => (Allow) %ProgramFiles(x86)%\Windows Media Player\wmplayer.exe
FirewallRules: [WMPNSS-WMP-In-UDP-NoScope-x86] => (Allow) %ProgramFiles(x86)%\Windows Media Player\wmplayer.exe
FirewallRules: [{7B0956BD-F3D2-483D-B46D-8A8571258DC6}] => (Allow) LPort=80
FirewallRules: [{8AB470CC-8166-471A-8F5F-8CF24CBF9CE7}] => (Allow) LPort=80
FirewallRules: [{E72885C9-C635-4DBF-9775-C607C77F0F91}] => (Allow) LPort=80
FirewallRules: [{8DDDFC3C-8BDF-4BBA-9891-3A893B64887F}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe
FirewallRules: [{1E25327B-000E-445D-A5AE-51F32002A261}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe
FirewallRules: [{9347CC66-D564-4AC1-B23C-48C894338A7C}] => (Allow) C:\Program Files\Google\Chrome\Application\chrome.exe
FirewallRules: [{87104172-30C3-4748-9242-7ADDEF38D8DA}] => (Allow) C:\Program Files\pandasecuritytb\ToolbarCleaner.exe
FirewallRules: [{4CBEC3BA-E216-4C97-B61B-D0483BE0C229}] => (Allow) C:\Program Files\pandasecuritytb\ToolbarCleaner.exe
StandardProfile\AuthorizedApplications: [C:\TOSHIBA\ivp\NetInt\Netint.exe] => Enabled:NIE - Toshiba Software Upgrades Engine
StandardProfile\AuthorizedApplications: [C:\TOSHIBA\Ivp\ISM\pinger.exe] => Enabled:Toshiba Software Upgrades Pinger

==================== Restore Points =========================

28-09-2016 17:42:56 ComboFix created restore point
21-10-2016 12:45:21 Revo Uninstaller’s restore point - Avast Free Antivirus
21-10-2016 13:44:37 Device Driver Package Install: Panda Security, S.L. Network Service

==================== Faulty Device Manager Devices =============

Name: Intel(R) Wireless WiFi Link 4965AGN
Description: Intel(R) Wireless WiFi Link 4965AGN
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Intel Corporation
Service: NETw4v32
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click “Action”, and then click “Enable Device”. This starts the Enable Device wizard. Follow the instructions.

Name:
Description:
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click “Update Driver”, which starts the Hardware Update wizard.

==================== Event log errors: =========================
[HEADING=1]Application errors:[/HEADING]
Error: (11/14/2016 12:19:37 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application esetonlinescanner_enu.exe, version 2.0.12.0, time stamp 0x57ac3e59, faulting module esetonlinescanner_enu.exe, version 2.0.12.0, time stamp 0x57ac3e59, exception code 0xc0000005, fault offset 0x001b50f3,
process id 0x1710, application start time 0x01d23e2c85df4f3c.

Error: (11/13/2016 11:02:19 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application PCloudCleaner.exe, version 1.4.0.162, time stamp 0x00000000, faulting module kernel32.dll, version 6.0.6002.19623, time stamp 0x56ec36ff, exception code 0x0eedfade, fault offset 0x0003fdb6,
process id 0xa14, application start time 0x01d23e28c8b9dc2c.

Error: (11/13/2016 08:36:36 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 9298

Error: (11/13/2016 08:36:36 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 9298

Error: (11/13/2016 08:36:36 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (11/13/2016 08:36:34 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 7176

Error: (11/13/2016 08:36:34 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 7176

Error: (11/13/2016 08:36:34 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (11/13/2016 08:36:32 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 5320

Error: (11/13/2016 08:36:32 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 5320
[HEADING=1]System errors:[/HEADING]
Error: (11/14/2016 09:25:57 AM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: The following boot-start or system-start driver(s) failed to load:
Cdr4_xp
DasBoot
DasBootF
PRSBDRVR
tljkva
wayuia

Error: (11/14/2016 09:23:43 AM) (Source: Dhcp) (EventID: 1002) (User: )
Description: The IP address lease 192.168.2.8 for the Network Card with network address 001E333EFAE9 has been denied by the DHCP server 192.168.2.1 (The DHCP Server sent a DHCPNACK message).

Error: (11/14/2016 12:24:07 AM) (Source: DCOM) (EventID: 10010) (User: )
Description: The server {E10F6C3A-F1AE-4ADC-AA9D-2FE65525666E} did not register with DCOM within the required timeout.

Error: (11/13/2016 10:48:51 PM) (Source: Service Control Manager) (EventID: 7022) (User: )
Description: The Windows Update service hung on starting.

Error: (11/13/2016 10:45:55 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the Microsoft .NET Framework NGEN v4.0.30319_X86 service to connect.

Error: (11/13/2016 10:43:28 PM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: The following boot-start or system-start driver(s) failed to load:
Cdr4_xp
tljkva
wayuia

Error: (11/13/2016 10:42:46 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Windows Search service failed to start due to the following error:
The service did not respond to the start or control request in a timely fashion.

Error: (11/13/2016 10:42:46 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the Windows Search service to connect.

Error: (11/13/2016 10:32:26 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Windows Live ID Sign-in Assistant service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 10000 milliseconds: Restart the service.

Error: (11/13/2016 10:32:26 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The Ulead Burning Helper service terminated unexpectedly. It has done this 1 time(s).
[HEADING=1]CodeIntegrity:[/HEADING]
Date: 2016-11-14 11:36:14.387
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\P SINReg.sys because the set of per-page image hashes could not be found on the system.

Date: 2016-11-14 11:36:13.809
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\P SINReg.sys because the set of per-page image hashes could not be found on the system.

Date: 2016-11-14 11:36:13.239
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\P SINReg.sys because the set of per-page image hashes could not be found on the system.

Date: 2016-11-14 11:36:12.685
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\P SINReg.sys because the set of per-page image hashes could not be found on the system.

Date: 2016-11-14 11:36:12.032
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\P SINProt.sys because the set of per-page image hashes could not be found on the system.

Date: 2016-11-14 11:36:11.453
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\P SINProt.sys because the set of per-page image hashes could not be found on the system.

Date: 2016-11-14 11:36:10.898
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\P SINProt.sys because the set of per-page image hashes could not be found on the system.

Date: 2016-11-14 11:36:10.326
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\P SINProt.sys because the set of per-page image hashes could not be found on the system.

Date: 2016-11-14 11:36:09.601
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\P SINProc.sys because the set of per-page image hashes could not be found on the system.

Date: 2016-11-14 11:36:09.003
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\P SINProc.sys because the set of per-page image hashes could not be found on the system.

==================== Memory info ===========================

Processor: Intel(R) Core™2 Duo CPU T5550 @ 1.83GHz
Percentage of memory in use: 42%
Total physical RAM: 3069.21 MB
Available physical RAM: 1772.05 MB
Total Virtual: 6344.66 MB
Available Virtual: 4454.55 MB

==================== Drives ================================

Drive c: (SQ004710V01) (Fixed) (Total:184.85 GB) (Free:16.09 GB) NTFS ==>[drive with boot components (obtained from BCD)]
Drive d: () (Fixed) (Total:186.31 GB) (Free:92.98 GB) NTFS

==================== MBR & Partition Table ==================

================================================== ======
Disk: 0 (Size: 186.3 GB) (Disk ID: 9C9CF735)
Partition 1: (Not Active) - (Size=800 MB) - (Type=27)
Partition 2: (Active) - (Size=184.8 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=698 MB) - (Type=OF Extended)

================================================== ======
Disk: 1 (Size: 186.3 GB) (Disk ID: 33D68AE6)
Partition 1: (Not Active) - (Size=186.3 GB) - (Type=07 NTFS)

==================== End of Addition.txt ============================
[HEADING=1]aswMBR version 1.0.1.2290 Copyright(c) 2014 AVAST Software
Run date: 2016-11-14 12:21:08[/HEADING]
12:21:08.113 OS Version: Windows 6.0.6002 Service Pack 2
12:21:08.114 Number of processors: 2 586 0xF0D
12:21:08.115 ComputerName: PS-TOSHIBA UserName: psimoes
12:21:10.628 Initialize success
12:21:10.674 VM: initialized successfully
12:21:10.676 VM: Intel CPU virtualization not supported
12:27:41.986 AVAST engine defs: 16111401
12:29:00.678 Disk 0 (boot) \Device\Harddisk0\DR0 → \Device\Ide\IAAStorageDevice-0
12:29:00.680 Disk 0 Vendor: Hitachi_ BBDO Size: 190782MB BusType: 3
12:29:00.684 Disk 1 \Device\Harddisk1\DR1 → \Device\Ide\IAAStorageDevice-1
12:29:00.687 Disk 1 Vendor: TOSHIBA_ DK02 Size: 190782MB BusType: 3
12:29:03.700 Disk 0 statistics 670/0/0 @ 2.10 MB/s
12:29:03.700 Scan stopped
12:30:01.212 Disk 0 MBR has been saved successfully to “C:\Users\psimoes\Desktop\MBR.dat”
12:30:01.214 The log file has been saved successfully to “C:\Users\psimoes\Desktop\aswMBR.txt”
12:30:20.859 Disk 0 (boot) \Device\Harddisk0\DR0 → \Device\Ide\IAAStorageDevice-0
12:30:20.863 Disk 0 Vendor: Hitachi_ BBDO Size: 190782MB BusType: 3
12:30:20.868 Disk 1 \Device\Harddisk1\DR1 → \Device\Ide\IAAStorageDevice-1
12:30:21.208 Disk 1 Vendor: TOSHIBA_ DK02 Size: 190782MB BusType: 3
12:30:21.354 Disk 0 MBR read successfully
12:30:21.360 Disk 0 MBR scan
12:30:21.368 Disk 0 unknown MBR code
12:30:22.031 Disk 0 Partition 1 00 27 Hidden NTFS WinRE NTFS 800 MB offset 64
12:30:22.052 Disk 0 Partition 2 80 (A) 07 HPFS/NTFS NTFS 189281 MB offset 1638632
12:30:22.062 Disk 0 Partition - 00 0F Extended LBA 698 MB offset 389287080
12:30:22.102 Disk 0 Partition 3 00 BC BOOTWIZ0 698 MB offset 389287143
12:30:22.114 Disk 0 scanning sectors +390716865
12:30:22.312 Disk 0 scanning C:\Windows\system32\drivers
12:30:39.051 Service scanning
12:31:28.459 Modules scanning
12:31:28.467 Disk 0 trace - called modules:
12:31:28.486 ntkrnlpa.exe CLASSPNP.SYS disk.sys iaStor.sys hal.dll
12:31:28.491 1 nt!IofCallDriver → \Device\Harddisk0\DR0[0x8782b608]
12:31:28.497 3 CLASSPNP.SYS[8b98d8b3] → nt!IofCallDriver → \Device\Ide\IAAStorageDevice-0[0x86932028]
12:31:29.947 AVAST engine scan C:\Windows
12:31:41.023 AVAST engine scan C:\Windows\system32
12:36:49.491 AVAST engine scan C:\Windows\system32\drivers
12:37:11.646 AVAST engine scan C:\Users\psimoes
13:03:41.255 AVAST engine scan C:\ProgramData
13:10:17.057 Disk 0 statistics 4445229/0/0 @ 1.18 MB/s
13:10:17.072 Scan finished successfully
13:11:01.932 Disk 0 MBR has been saved successfully to “C:\Users\psimoes\Desktop\MBR.dat”
13:11:01.938 The log file has been saved successfully to “C:\Users\psimoes\Desktop\aswMBR-2.txt”

SPECS…
Laptop: Toshiba Satellite laptop 15" A305-S6841
CPU: Intel Core 2 Duo CPU T5550 @ 1.83GHz
Ram: 3 GB
Hard drive: 400GB ( 2 X 200GB )
OS: Windows Vista 2007 Home Premium, 32bit, SP2
Internet connection: DSL
ATI Mobility Radeon HD 3470 with 256MB
Intel Wireless WiFi link 4965AGN
Realtek TRL8102E Family PCI-E Ethernet NIC (NDIS 6.0)
Browsers ( latest versions ) : Chrome, FireFox, Opera
Firewall and security software: Online Armor Firewall, Panda Antivirus,