Browsers Crash, Executable files stall or crash

Alright, after you have completed the Zemana Scan, & Malwarebytes please re-run FRST so that I can get a fresh look at your machine. Jmarket has taken care of the scans that I usually have folks run, so we will clean up with FRST script… anything that remains.

Please re-run Farbar Recovery Scan Tool to give me a fresh look at your system.

[ul]
[li]Right-click on FRST icon and select Run as Administrator to start the tool.[/li](XP users click run after receipt of Windows Security Warning - Open File).
[li]Make sure that Addition option is checked.[/li][li]Press Scan button and wait.[/li][li]The tool will produce two logfiles on your desktop: FRST.txt, and Addition.txt.[/li][/ul]
Please Copy & Paste them into your next reply

Hi jmarket,
Below are logfiles for the Zemana & Malwarebytes scans …

** Interesting funky fonts at the bottom of the Zemana logfile … it’s Chinese to me.

Zemana AntiMalware 2.60.189.1 (Installed)

---

Scan Result : Completed
Scan Date : 2016/11/15
Operating System : Windows Vista 32-bit
Processor : 2X Intel(R) Core™2 Duo CPU T5550 @ 1.83GHz
BIOS Mode : Legacy
CUID : 1227DE929AEA1593147883
Scan Type : Smart Scan
Duration : 29m 26s
Scanned Objects : 109751
Detected Objects : 5
Excluded Objects : 0
Read Level : SCSI
Auto Upload : Enabled
Detect All Extensions : Disabled
Scan Documents : Disabled
Domain Info : PS WORKGROUP,0,2
[HEADING=1]Detected Objects[/HEADING]
Shell Execute Hooks
Status : Scanned
Object : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Pol icies\Explorer\EnableShellExecuteHooks
MD5 : -
Publisher : -
Size : -
Version : -
Detection : Suspicious Setting
Cleaning Action : Delete
Related Objects :
Registry Entry - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Pol icies\Explorer\EnableShellExecuteHooks = enabled

Tabs Hijack (System)
Status : Scanned
Object : HKLM\SOFTWARE\Microsoft\Internet Explorer\AboutURLs\Tabs
MD5 : -
Publisher : -
Size : -
Version : -
Detection : Suspicious Setting
Cleaning Action : Repair
Related Objects :
Registry Entry - HKLM\SOFTWARE\Microsoft\Internet Explorer\AboutURLs\Tabs = about:newtab

StartPage Search Engine
Status : Scanned
Object : %localappdata%\google\chrome\user data\default\extensions\choepknhbopmendmnohbaemeae emnaom
MD5 : -
Publisher : -
Size : -
Version : -
Detection : PUA.ChromeExt!Gr
Cleaning Action : Repair
Related Objects :
Browser Extension - StartPage Search Engine

panda_url_filtering.dll
Status : Scanned
Object : %programfiles%\panda security url filtering\panda_url_filtering.dll
MD5 : 6F5328EA41BE4C1AD4D52283182AFF03
Publisher : Visicom Media Inc.
Size : 339464
Version : 1.0.1.127
Detection : Adware:Win32/VisicomToolbar!Ep
Cleaning Action : Quarantine
Related Objects :
File - %programfiles%\panda security url filtering\panda_url_filtering.dll
DLL - 2368 - C:\Windows\System32\dwm.exe
DLL - 2376 - C:\Windows\explorer.exe
DLL - 5292 - C:\Program Files\Toshiba\ConfigFree\NDSTray.exe
DLL - 4780 - C:\Program Files\Belkin\Router Setup and Monitor\dlnaPlugin.exe
DLL - 3260 - C:\Program Files\Belkin\Router Setup and Monitor\BelkinSetup.exe
DLL - 6060 - C:\Program Files\Belkin\Belkin USB Print and Storage Center\Connect.exe
DLL - 3332 - C:\Program Files\Toshiba\ConfigFree\CFSwMgr.exe
DLL - 4396 - C:\Program Files\Panda Security URL Filtering\Panda_URL_Filtering.exe
DLL - 4220 - C:\Program Files\Panda Security\Panda Security Protection\PSUAMain.exe
DLL - 6024 - C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
DLL - 5992 - C:\Program Files\Belkin\Router Setup and Monitor\BelkinRouterMonitor.exe
DLL - 4436 - C:\Windows\System32\wuauclt.exe
DLL - 4152 - C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe

Panda_URL_Filtering.exe
Status : Scanned
Object : %programfiles%\panda security url filtering\panda_url_filtering.exe
MD5 : 2E6D56B8F807914E6777982CF961AE2A
Publisher : Visicom Media Inc.
Size : 254472
Version : 1.0.1.127
Detection : Adware:Win32/VisicomToolbar!Ep
Cleaning Action : Quarantine
Related Objects :
File - %programfiles%\panda security url filtering\panda_url_filtering.exe
Process - 4396 - C:\Program Files\Panda Security URL Filtering\Panda_URL_Filtering.exe
Registry Entry - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run \Panda Security URL Filtering = “C:\Program Files\Panda Security URL Filtering\Panda_URL_Filtering.exe”

界Ē畴Ē渜Ĉ疜Ē痄ĒĆ痬Ē瘔Ē瘼Ē湌Ĉ湼ĈĆ셬ĕ迤ďĆĆĒĆ癤ĒĆĆ溬Ĉ฼đ솴ĕ逜ď 滜Ĉ皌Ē�Đ�Đ�Đ쇼ĕ達ď邌ď�Đ�ĐĆĆ✴Đ쉄ĕ皴ĒĆĆĆĆ盜Ē眄Ē郄ď郼ď漌Ĉ漼Ĉ 潬Ĉ眬Ē䅜Ė�Đ澜ĈĒĆ濌Ĉ鄴ď睔Ē睼Ē酬ď�ĐĆ瞤ĒĆ濼Ĉ瀬ĈĆ醤ď釜ď灜Ĉ炌Ĉ炼Ĉ烬Ĉ Ć焜ĈĆ煌ĈĆ矌Ē矴Ē鈔ďĆĆĆ砜Ē硄Ē煼Ĉ熬Ĉ燜Ĉ爌Ĉ硬Ē爼Ĉ牬Ĉ碔Ē犜Ĉ鉌ď銄ď碼Ē 磤Ē礌Ē礴Ē狌Ĉ�Đ祜Ē禄Ē狼Ĉ禬Ē猬Ĉ獜Ĉ秔ĒĆ玌Ĉ秼ĒĒ稤Ē穌Ē穴Ē窜ĒĆ竄Ē竬Ē銼ď鋴ď ĆĆĆĆĆĆĆĆĆĆĆĆĆĆĆĆ笔ĒĆĒĆĆ笼Ē筤Ē

================================================== ================================================== ======
Malwarebytes Anti-Malware
www.malwarebytes.org

Scan Date: 15/11/2016
Scan Time: 4:05:19 PM
Logfile: 2016.11.15_MBytes.Results.txt
Administrator: Yes

Version: 2.2.1.1043
Malware Database: v2016.11.15.13
Rootkit Database: v2016.10.31.01
License: Free
Malware Protection: Disabled
Malicious Website Protection: Disabled
Self-protection: Disabled

OS: Windows Vista Service Pack 2
CPU: x86
File System: NTFS
User: psimoes

Scan Type: Threat Scan
Result: Completed
Objects Scanned: 360867
Time Elapsed: 48 min, 22 sec

Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Enabled
Heuristics: Enabled
PUP: Warn
PUM: Enabled

Processes: 0
(No malicious items detected)

Modules: 0
(No malicious items detected)

Registry Keys: 0
(No malicious items detected)

Registry Values: 0
(No malicious items detected)

Registry Data: 0
(No malicious items detected)

Folders: 0
(No malicious items detected)

Files: 0
(No malicious items detected)

Physical Sectors: 0
(No malicious items detected)

(end)

Hi Malnutrition,

WOW, Chrome is loading faster than I can remember for this old PC …

Below are the FRST logs …

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 12-11-2016
Ran by psimoes (administrator) on PS-TOSHIBA (15-11-2016 17:33:19)
Running from C:\Users\psimoes\Desktop
Loaded Profiles: psimoes (Available Profiles: psimoes & torrents & Guest)
Platform: Microsoft® Windows Vista™ Home Premium Service Pack 2 (X86) Language: English (United States)
Internet Explorer Version 8 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic...ery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(AuthenTec Inc.) C:\Windows\System32\TAMSvr.exe
(ATI Technologies Inc.) C:\Windows\System32\Ati2evxx.exe
(Microsoft Corporation) C:\Windows\System32\SLsvc.exe
(ATI Technologies Inc.) C:\Windows\System32\Ati2evxx.exe
(Emsisoft GmbH) C:\Program Files\Online Armor\OAcat.exe
(Affinegy, Inc.) C:\Program Files\Belkin\Router Setup and Monitor\BelkinService.exe
(Agere Systems) C:\Windows\System32\agrsmsvc.exe
(AOMEI Tech Co., Ltd.) C:\Program Files\AOMEI Backupper Standard Edition 2.0.2\ABService.exe
() C:\Program Files\Belkin\Belkin USB Print and Storage Center\BkBackupScheduler.exe
() C:\Program Files\Belkin\Belkin USB Print and Storage Center\Bkapcs.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(TOSHIBA CORPORATION) C:\Program Files\Toshiba\ConfigFree\CFSvcs.exe
(Microsoft Corporation) C:\Windows\ehome\ehrecvr.exe
(Microsoft Corporation) C:\Windows\ehome\ehsched.exe
(Intel Corporation) C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
(Panda Security, S.L.) C:\Program Files\Panda Security\Panda Security Protection\PSANHost.exe
(Panda Security, S.L.) C:\Program Files\Panda Security\Panda Devices Agent\AgentSvc.exe
() C:\Program Files\HTC\Internet Pass-Through\PassThruSvr.exe
() C:\Toshiba\IVP\ISM\pinger.exe
(Panda Security, S.L.) C:\Program Files\Panda Security\Panda Security Protection\PSUAService.exe
(Intel Corporation) C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
() C:\Toshiba\IVP\swupdate\swupdtmr.exe
(TOSHIBA Corporation) C:\Program Files\Toshiba\TOSHIBA DVD PLAYER\TNaviSrv.exe
(TOSHIBA Corporation) C:\Program Files\Toshiba\Power Saver\TosCoSrv.exe
(TOSHIBA CORPORATION) C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe
(TOSHIBA Corporation) C:\Program Files\Toshiba\SMARTLogService\TosIPCSrv.exe
(Microsoft Corporation) C:\Windows\System32\UI0Detect.exe
(Ulead Systems, Inc.) C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
(Microsoft Corp.) C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE
(Microsoft Corp.) C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE
(Zemana Ltd.) C:\Program Files\Zemana AntiMalware\ZAM.exe
(Zemana Ltd.) C:\Program Files\Zemana AntiMalware\ZAM.exe
(Realtek Semiconductor) C:\Windows\RtHDVCpl.exe
(AuthenTec, Inc) C:\Program Files\TrueSuite Access Manager\FpNotifier.exe
(Advanced Micro Devices Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(Arachnoid Biometrics Identification Group) C:\Program Files\TrueSuite Access Manager\PwdBank.exe
(Synaptics, Inc.) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(TOSHIBA CORPORATION) C:\Program Files\Toshiba\ConfigFree\NDSTray.exe
() C:\Program Files\TrueSuite Access Manager\usbnotify.exe
(Affinegy, Inc.) C:\Program Files\Belkin\Router Setup and Monitor\BelkinRouterMonitor.exe
(Panda Security, S.L.) C:\Program Files\Panda Security\Panda Security Protection\PSUAMain.exe
(Arachnoid Biometrics Identification Group Corp.) C:\Program Files\TrueSuite Access Manager\CssSvr.exe
(Zemana Ltd.) C:\Program Files\Zemana AntiMalware\ZAM.exe
() C:\Program Files\Toshiba\TOSCDSPD\TOSCDSPD.exe
(TOSHIBA CORPORATION) C:\Program Files\Toshiba\ConfigFree\CFSwMgr.exe
(Belkin International, Inc.) C:\Program Files\Belkin\Belkin USB Print and Storage Center\Connect.exe
(Affinegy, Inc.) C:\Program Files\Belkin\Router Setup and Monitor\BelkinSetup.exe
(Affinegy, Inc.) C:\Program Files\Belkin\Router Setup and Monitor\dlnaPlugin.exe
(ATI Technologies Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(Synaptics, Inc.) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Crystal Dew World) C:\Users\psimoes\Desktop\AntiV\CrystalDiskInfo6_2_ 2\DiskInfo.exe
(Microsoft Corporation) C:\Windows\System32\wuauclt.exe
(Malwarebytes) C:\Program Files\Malwarebytes Anti-Malware\mbamresearch.exe
(Microsoft Corporation) C:\Windows\System32\conime.exe

==================== Registry (Whitelisted) ====================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM...\Run: [StartCCC] => C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [90112 2006-11-10] ()
HKLM...\Run: [RtHDVCpl] => C:\Windows\RtHDVCpl.exe [4911104 2008-01-29] (Realtek Semiconductor)
HKLM...\Run: [Camera Assistant Software] => C:\Program Files\Camera Assistant Software for Toshiba\traybar.exe [413696 2007-10-25] (Chicony)
HKLM...\Run: [FingerPrintNotifer] => C:\Program Files\TrueSuite Access Manager\FpNotifier.exe [671744 2008-01-24] (AuthenTec, Inc)
HKLM...\Run: [PwdBank] => C:\Program Files\TrueSuite Access Manager\PwdBank.exe [3150848 2008-02-01] (Arachnoid Biometrics Identification Group)
HKLM...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [1348904 2008-08-14] (Synaptics, Inc.)
HKLM...\Run: [NDSTray.exe] => NDSTray.exe
HKLM...\Run: [@OnlineArmor GUI] => C:\Program Files\Online Armor\OAui.exe [7558464 2013-10-15] (Emsisoft GmbH)
HKLM...\Run: [UsbMonitor] => C:\Program Files\TrueSuite Access Manager\usbnotify.exe [94208 2007-06-05] ()
HKLM...\Run: [InstaLAN] => C:\Program Files\Belkin\Router Setup and Monitor\BelkinRouterMonitor.exe [1885088 2012-02-23] (Affinegy, Inc.)
HKLM...\Run: [SunJavaUpdateSched] => C:\Program Files\Common Files\Java\Java Update\jusched.exe [256896 2014-07-25] (Oracle Corporation)
HKLM...\Run: [PSUAMain] => C:\Program Files\Panda Security\Panda Security Protection\PSUAMain.exe [109824 2016-08-04] (Panda Security, S.L.)
HKLM...\Run: [ZAM] => C:\Program Files\Zemana AntiMalware\ZAM.exe [13900016 2016-11-09] (Zemana Ltd.)
HKLM...\Policies\Explorer: [EnableShellExecuteHooks] 1
HKU\S-1-5-21-3399307451-3074549587-1771456082-1000...\Run: [TOSCDSPD] => C:\Program Files\TOSHIBA\TOSCDSPD\TOSCDSPD.exe [430080 2008-01-29] ()
HKU\S-1-5-21-3399307451-3074549587-1771456082-1000...\Run: [swg] => C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNo tifier.exe [39408 2009-02-16] (Google Inc.)
HKU\S-1-5-21-3399307451-3074549587-1771456082-1000...\Run: [cdloader] => C:\Users\psimoes\AppData\Roaming\mjusbsp\cdloader2 .exe [51592 2014-07-04] (magicJack L.P.)
HKU\S-1-5-21-3399307451-3074549587-1771456082-1000...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner.exe [6495144 2015-09-16] (Piriform Ltd)
HKU\S-1-5-21-3399307451-3074549587-1771456082-1000...\Run: [Adobe Reader Synchronizer] => C:\Program Files\Adobe\Reader 10.0\Reader\AdobeCollabSync.exe [1104288 2015-09-24] (Adobe Systems Incorporated)
HKU\S-1-5-18...\Policies\system: [LogonHoursAction] 2
HKU\S-1-5-18...\Policies\system: [DontDisplayLogonHoursWarnings] 1
ShellExecuteHooks: OA Shell Helper - {4F07DA45-8170-4859-9B5F-037EF2970034} - C:\Program Files\Online Armor\oaevent.dll [1033968 2013-10-15] (Emsisoft GmbH)
ShellIconOverlayIdentifiers: [00avast] → {472083B0-C522-11CF-8763-00608CC02F24} => No File
ShellIconOverlayIdentifiers: [IconOvrly1] → {A4EEBF66-92EB-4F2A-9F1E-2F6D14B30DA6} => C:\Program Files\TrueSuite Access Manager\IconOvrly.dll [2007-04-20] (Arachnoid Biometrics Identification Group Corp.)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Winsock: Catalog5 07 C:\Program Files\Bonjour\mdnsNSP.dll [152864 2010-07-27] (Apple Inc.)
Tcpip\Parameters: [DhcpNameServer] 192.168.2.1
Tcpip..\Interfaces{1D540E3C-1399-47A6-BADF-78CB0BFC08EB}: [NameServer] 208.67.222.222,208.67.220.220
Tcpip..\Interfaces{1D540E3C-1399-47A6-BADF-78CB0BFC08EB}: [DhcpNameServer] 192.168.2.1
Tcpip..\Interfaces{3B2222F8-C9A7-46A7-97F5-F8C4C87BF2CD}: [DhcpNameServer] 192.168.2.1
[HEADING=1]Internet Explorer:[/HEADING]
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKU\S-1-5-21-3399307451-3074549587-1771456082-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
HKU.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
HKU\S-1-5-21-3399307451-3074549587-1771456082-1000\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
URLSearchHook: [S-1-5-21-3399307451-3074549587-1771456082-1000] ATTENTION => Default URLSearchHook is missing
SearchScopes: HKU\S-1-5-19 → DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 → DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-3399307451-3074549587-1771456082-1000 → {012E1000-F331-11DB-8314-0800200C9A66} URL = hxxp://www.google.com/search?q={searchTerms}
BHO: SnagIt Toolbar Loader → {00C6482D-C502-44C8-8409-FCE54AD9C208} → C:\Program Files\TechSmith\SnagIt 9\SnagItBHO.dll [2008-05-15] (TechSmith Corporation)
BHO: Groove GFS Browser Helper → {72853161-30C5-4D22-B7F9-0BBC1D38A37E} → C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll [2006-10-27] (Microsoft Corporation)
BHO: Java™ Plug-In SSV Helper → {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} → C:\Program Files\Java\jre7\bin\ssv.dll [2014-07-25] (Oracle Corporation)
BHO: Windows Live ID Sign-in Helper → {9030D464-4C02-4ABF-8ECC-5164760863C6} → C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2011-03-28] (Microsoft Corp.)
BHO: Google Toolbar Helper → {AA58ED58-01DD-4d91-8333-CF10577473F7} → C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll [2016-04-26] (Google Inc.)
BHO: Java™ Plug-In 2 SSV Helper → {DBC80044-A445-435b-BC74-9C25C1C588A9} → C:\Program Files\Java\jre7\bin\jp2ssv.dll [2014-07-25] (Oracle Corporation)
Toolbar: HKLM - SnagIt - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - C:\Program Files\TechSmith\SnagIt 9\SnagItIEAddin.dll [2008-05-15] (TechSmith Corporation)
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll [2016-04-26] (Google Inc.)
Toolbar: HKU\S-1-5-21-3399307451-3074549587-1771456082-1000 → Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll [2016-04-26] (Google Inc.)
DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} hxxp://download.eset.com/special/eos/OnlineScanner.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab
DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C}
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll [2006-10-27] (Microsoft Corporation)
Handler: ms-itss - {0A9007C0-4076-11D3-8789-0000F8105754} - c:\Program Files\Common Files\Microsoft Shared\Information Retrieval\msitss.dll [2007-06-08] (Microsoft Corporation)
[HEADING=1]FireFox:[/HEADING]
FF ProfilePath: C:\Users\psimoes\AppData\Roaming\Mozilla\Firefox\P rofiles\9yk1vrhk.default [2016-11-15]
FF Extension: (Firefox Hotfix) - C:\Users\psimoes\AppData\Roaming\Mozilla\Firefox\P rofiles\9yk1vrhk.default\Extensions\firefox-hotfix@mozilla.org.xpi [2016-09-06]
FF Plugin: @adobe.com/FlashPlayer → C:\Windows\system32\Macromed\Flash\NPSWF32_23_0_0_ 207.dll [2016-11-08] ()
FF Plugin: @Apple.com/iTunes,version=1.0 → C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll [2010-12-09] ()
FF Plugin: @google.com/npPicasa3,version=3.0.0 → C:\Program Files\Google\Picasa3\npPicasa3.dll [2014-01-06] (Google, Inc.)
FF Plugin: @java.com/DTPlugin,version=10.67.2 → C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll [2014-07-25] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.67.2 → C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll [2014-07-25] (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 → C:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll [2013-01-24] ( Microsoft Corporation)
FF Plugin: @microsoft.com/WPF,version=3.5 → C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll [2008-07-29] (Microsoft Corporation)
FF Plugin: @tools.google.com/Google Update;version=3 → C:\Program Files\Google\Update\1.3.31.5\npGoogleUpdate3.dll [2016-07-28] (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 → C:\Program Files\Google\Update\1.3.31.5\npGoogleUpdate3.dll [2016-07-28] (Google Inc.)
FF Plugin: Adobe Reader → C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll [2015-09-24] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-3399307451-3074549587-1771456082-1000: @citrixonline.com/appdetectorplugin → C:\Users\psimoes\AppData\Local\Citrix\Plugins\104\ npappdetector.dll [2015-11-19] (Citrix Online)
FF Plugin HKU\S-1-5-21-3399307451-3074549587-1771456082-1000: @Skype Limited.com/Facebook Video Calling Plugin → C:\Users\psimoes\AppData\Local\Facebook\Video\Skyp e\npFacebookVideoCalling.dll [2014-07-24] (Skype Limited)
FF Plugin HKU\S-1-5-21-3399307451-3074549587-1771456082-1000: @talk.google.com/GoogleTalkPlugin → C:\Users\psimoes\AppData\Roaming\Mozilla\plugins\n pgoogletalk.dll [2015-12-08] (Google)
FF Plugin HKU\S-1-5-21-3399307451-3074549587-1771456082-1000: @talk.google.com/O1DPlugin → C:\Users\psimoes\AppData\Roaming\Mozilla\plugins\n po1d.dll [2015-12-08] (Google)
FF Plugin HKU\S-1-5-21-3399307451-3074549587-1771456082-1000: @tools.google.com/Google Update;version=3 → C:\Users\psimoes\AppData\Local\Google\Update\1.3.3 1.5\npGoogleUpdate3.dll [2016-07-28] (Google Inc.)
FF Plugin HKU\S-1-5-21-3399307451-3074549587-1771456082-1000: @tools.google.com/Google Update;version=9 → C:\Users\psimoes\AppData\Local\Google\Update\1.3.3 1.5\npGoogleUpdate3.dll [2016-07-28] (Google Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nppdf32.dll [2015-09-24] (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Users\psimoes\AppData\Roaming\mozilla\plugins\n patgpc.dll [2013-07-13] (Cisco WebEx LLC)
FF Plugin ProgramFiles/Appdata: C:\Users\psimoes\AppData\Roaming\mozilla\plugins\n pgoogletalk.dll [2015-12-08] (Google)
FF Plugin ProgramFiles/Appdata: C:\Users\psimoes\AppData\Roaming\mozilla\plugins\n po1d.dll [2015-12-08] (Google)
[HEADING=1]Chrome:[/HEADING]
CHR HomePage: Default → hxxps://www.google.com/accounts/ServiceLogin?service=mail&passive=true&rm=false&co ntinue=http%3A%2F%2Fmail.google.com%2Fmail%2F%3Fui %3Dhtml%26zy%3Dl&bsv=1k96igf4806cy&scc=1&ltmpl=def ault&ltmplcache=2&hl=en
CHR StartupUrls: Default → “hxxps://www.startpage.com/”
CHR Profile: C:\Users\psimoes\AppData\Local\Google\Chrome\User Data\Default [2016-11-15]
CHR Extension: (Google Slides) - C:\Users\psimoes\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhon fmgoek [2015-09-09]
CHR Extension: (Google Docs) - C:\Users\psimoes\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfi lokake [2015-09-09]
CHR Extension: (Google Drive) - C:\Users\psimoes\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigk jlhalf [2015-10-21]
CHR Extension: (TV) - C:\Users\psimoes\AppData\Local\Google\Chrome\User Data\Default\Extensions\beobeededemalmllhkmnkinmfe mbdimh [2015-09-09]
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\psimoes\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmn hjmhfn [2015-09-09]
CHR Extension: (YouTube) - C:\Users\psimoes\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldk acnbeo [2015-09-24]
CHR Extension: (Thesaurus.com - Synonyms and Antonyms) - C:\Users\psimoes\AppData\Local\Google\Chrome\User Data\Default\Extensions\clljlcapeomdokpgadmegpabak ieebci [2015-09-09]
CHR Extension: (Google Search) - C:\Users\psimoes\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljnie djpjpf [2015-10-27]
CHR Extension: (Learn Italian - Molto Bene) - C:\Users\psimoes\AppData\Local\Google\Chrome\User Data\Default\Extensions\dadgddaepklpemjojmnhgdjmmk mefihe [2015-09-09]
CHR Extension: (Trading Dashboard to Fructify your Money) - C:\Users\psimoes\AppData\Local\Google\Chrome\User Data\Default\Extensions\egfjlnahigndmbebpdhnnkcfna hhhglp [2015-09-09]
CHR Extension: (Zoho Invoice and Time Tracking) - C:\Users\psimoes\AppData\Local\Google\Chrome\User Data\Default\Extensions\ehmnelfmlmpladgddfgghoaigj hfkhdj [2015-09-09]
CHR Extension: (Google Sheets) - C:\Users\psimoes\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpeb giejap [2015-09-09]
CHR Extension: (Google Docs Offline) - C:\Users\psimoes\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdl olhkhi [2016-03-15]
CHR Extension: (Save to Google Drive) - C:\Users\psimoes\AppData\Local\Google\Chrome\User Data\Default\Extensions\gmbmikajjgmnabiglmofipeaba ddhgne [2015-09-09]
CHR Extension: (Send Anywhere (File Transfer)) - C:\Users\psimoes\AppData\Local\Google\Chrome\User Data\Default\Extensions\hihbikoooaenkpdooehgemieli gjejcb [2016-11-10]
CHR Extension: (Learn Portuguese - Tudo Bem) - C:\Users\psimoes\AppData\Local\Google\Chrome\User Data\Default\Extensions\iaichpenkdlohcjgagagapnegb jmfnfh [2015-09-09]
CHR Extension: (Mailvelope) - C:\Users\psimoes\AppData\Local\Google\Chrome\User Data\Default\Extensions\kajibbejlbohfaggdiogboambc ijhkke [2016-09-08]
CHR Extension: (HelloSign: Online signatures made easy) - C:\Users\psimoes\AppData\Local\Google\Chrome\User Data\Default\Extensions\kajjckmbclbffbpecfbiecehkf gopppd [2015-09-09]
CHR Extension: (Yesware Reports) - C:\Users\psimoes\AppData\Local\Google\Chrome\User Data\Default\Extensions\kiciehannidbjakcefendokamk jnolhg [2015-09-09]
CHR Extension: (Boomerang for Gmail) - C:\Users\psimoes\AppData\Local\Google\Chrome\User Data\Default\Extensions\mdanidgdpmkimeiiojknlnekbl gmpdll [2016-05-23]
CHR Extension: (Vend) - C:\Users\psimoes\AppData\Local\Google\Chrome\User Data\Default\Extensions\meddmiakkfjlledfhjljjjdeba jikafa [2015-09-09]
CHR Extension: (Mailtrack for Gmail) - C:\Users\psimoes\AppData\Local\Google\Chrome\User Data\Default\Extensions\ndnaehgpjlnokgebbaldlmgkap kpjkkb [2016-11-14]
CHR Extension: (Chrome Web Store Payments) - C:\Users\psimoes\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccm gmieda [2016-04-02]
CHR Extension: (Docs PDF/PowerPoint Viewer (by Google)) - C:\Users\psimoes\AppData\Local\Google\Chrome\User Data\Default\Extensions\nnbmlagghjjcbdhgmkedmbmede ngocbn [2015-09-09]
CHR Extension: (Gmail) - C:\Users\psimoes\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoe jaedia [2015-09-09]
CHR Extension: (Learn Spanish - Qué Onda) - C:\Users\psimoes\AppData\Local\Google\Chrome\User Data\Default\Extensions\pmcdjmebmeoobmdghjbjhbifoo cbcmaj [2015-09-09]
CHR Extension: (Streak CRM for Gmail) - C:\Users\psimoes\AppData\Local\Google\Chrome\User Data\Default\Extensions\pnnfemgpilpdaojpnkjdgfgbnn jojfik [2016-06-21]
CHR HKLM...\Chrome\Extension: [fagakgcelolinfnkfgekcnedpaklfcok] - hxxps://clients2.google.com/service/update2/crx

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 AffinegyService; C:\Program Files\Belkin\Router Setup and Monitor\BelkinService.exe [563104 2012-02-23] (Affinegy, Inc.)
R2 Authentec memory manager; C:\Windows\system32\TAMSvr.exe [49152 2007-10-15] (AuthenTec Inc.) [File not signed]
R2 Backupper Service; C:\Program Files\AOMEI Backupper Standard Edition 2.0.2\ABService.exe [29912 2014-08-21] (AOMEI Tech Co., Ltd.) [File not signed]
R2 Belkin Local Backup Service; C:\Program Files\Belkin\Belkin USB Print and Storage Center\BkBackupScheduler.exe [152576 2011-04-19] () [File not signed]
R2 Belkin Network USB Helper; C:\Program Files\Belkin\Belkin USB Print and Storage Center\Bkapcs.exe [49152 2010-02-09] () [File not signed]
R2 ConfigFree Service; C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe [40960 2007-12-25] (TOSHIBA CORPORATION) [File not signed]
R2 EvtEng; C:\Program Files\Intel\Wireless\Bin\EvtEng.exe [794624 2007-10-08] (Intel Corporation) [File not signed]
S3 getPlusHelper; C:\Windows\System32\svchost.exe [21504 2008-01-20] (Microsoft Corporation)
S3 Gizmo Central; C:\Program Files\Gizmo\gservice.exe [34728 2011-07-02] (Arainia Solutions)
S3 GoogleDesktopManager; C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe [1862144 2008-02-12] (Google) [File not signed]
S3 IDriverT; C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe [69632 2005-11-14] (Macrovision Corporation) [File not signed]
R2 NanoServiceMain; C:\Program Files\Panda Security\Panda Security Protection\PSANHost.exe [153096 2016-08-04] (Panda Security, S.L.)
S3 nosGetPlusHelper; C:\Windows\System32\svchost.exe [21504 2008-01-20] (Microsoft Corporation)
R2 OAcat; C:\Program Files\Online Armor\OAcat.exe [584864 2013-10-15] (Emsisoft GmbH)
R2 PandaAgent; C:\Program Files\Panda Security\Panda Devices Agent\AgentSvc.exe [86104 2016-07-19] (Panda Security, S.L.)
R2 PassThru Service; C:\Program Files\HTC\Internet Pass-Through\PassThruSvr.exe [166912 2013-10-17] () [File not signed]
R2 pinger; C:\Toshiba\IVP\ISM\pinger.exe [136816 2007-01-25] ()
R2 PSUAService; C:\Program Files\Panda Security\Panda Security Protection\PSUAService.exe [48584 2016-08-04] (Panda Security, S.L.)
R2 RegSrvc; C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe [483328 2007-10-08] (Intel Corporation) [File not signed]
S3 ServiceLayer; C:\Program Files\PC Connectivity Solution\ServiceLayer.exe [633856 2011-06-08] (Nokia) [File not signed]
S2 SvcOnlineArmor; C:\Program Files\Online Armor\oasrv.exe [4457688 2013-10-15] (Emsisoft GmbH)
R2 Swupdtmr; c:\Toshiba\IVP\swupdate\swupdtmr.exe [66928 2007-10-23] ()
R2 TOSHIBA SMART Log Service; C:\Program Files\TOSHIBA\SMARTLogService\TosIPCSrv.exe [126976 2007-12-03] (TOSHIBA Corporation) [File not signed]
R2 UleadBurningHelper; C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe [49152 2006-08-23] (Ulead Systems, Inc.) [File not signed]
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [272952 2008-01-20] (Microsoft Corporation)
R2 ZAMSvc; C:\Program Files\Zemana AntiMalware\ZAM.exe [13900016 2016-11-09] (Zemana Ltd.)
S4 AcrSch2Svc; no ImagePath
S3 rpcapd; “%ProgramFiles%\WinPcap\rpcapd.exe” -d -f “%ProgramFiles%\WinPcap\rpcapd.ini”

===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R0 AlfaFF; C:\Windows\System32\Drivers\AlfaFF.sys [43440 2008-02-03] (Alfa Corporation)
R0 ambakdrv; C:\Windows\System32\ambakdrv.sys [26424 2014-08-19] () [File not signed]
R2 ammntdrv; C:\Windows\system32\ammntdrv.sys [129720 2014-08-19] () [File not signed]
R2 amwrtdrv; C:\Windows\system32\amwrtdrv.sys [14392 2014-08-19] () [File not signed]
R3 ATSWPDRV; C:\Windows\System32\DRIVERS\ATSwpDrv.sys [146944 2009-01-26] (AuthenTec, Inc.)
S1 Cdr4_xp; C:\Windows\system32\Drivers\Cdr4_xp.sys [2432 2006-10-04] (Sonic Solutions) [File not signed]
S1 Cdralw2k; C:\Windows\system32\Drivers\Cdralw2k.sys [2560 2006-10-04] (Sonic Solutions) [File not signed]
R1 GizmoDrv; C:\Windows\system32\Drivers\GizmoDrv.sys [25488 2011-07-02] (Arainia Solutions LLC)
R1 NNSALPC; C:\Windows\System32\DRIVERS\NNSAlpc.sys [87032 2015-12-04] (Panda Security, S.L.)
R1 NNSHTTP; C:\Windows\System32\DRIVERS\NNSHttp.sys [202104 2015-12-04] (Panda Security, S.L.)
R1 NNSHTTPS; C:\Windows\System32\DRIVERS\NNSHttps.sys [109688 2015-12-04] (Panda Security, S.L.)
R1 NNSIDS; C:\Windows\System32\DRIVERS\NNSIds.sys [121720 2015-12-04] (Panda Security, S.L.)
R1 NNSNAHSL; C:\Windows\System32\DRIVERS\NNSNAHSL.sys [42256 2015-04-27] (Panda Security, S.L.)
R1 NNSPICC; C:\Windows\System32\DRIVERS\NNSPicc.sys [102392 2015-12-04] (Panda Security, S.L.)
R1 NNSPIHSW; C:\Windows\System32\DRIVERS\NNSPihsw.sys [72400 2016-03-14] (Panda Security, S.L.)
R1 NNSPOP3; C:\Windows\System32\DRIVERS\NNSPop3.sys [120568 2015-12-04] (Panda Security, S.L.)
R1 NNSPROT; C:\Windows\System32\DRIVERS\NNSProt.sys [281720 2015-12-04] (Panda Security, S.L.)
R1 NNSPRV; C:\Windows\System32\DRIVERS\NNSPrv.sys [216208 2016-02-17] (Panda Security, S.L.)
R1 NNSSMTP; C:\Windows\System32\DRIVERS\NNSSmtp.sys [108408 2015-12-04] (Panda Security, S.L.)
R1 NNSSTRM; C:\Windows\System32\DRIVERS\NNSStrm.sys [247568 2016-02-17] (Panda Security, S.L.)
R1 NNSTLSC; C:\Windows\System32\DRIVERS\NNSTlsc.sys [94968 2015-12-04] (Panda Security, S.L.)
S3 NPF; C:\Windows\System32\drivers\npf.sys [35088 2010-06-25] (CACE Technologies, Inc.)
R1 OADevice; C:\Windows\system32\drivers\OADriver.sys [210360 2013-10-15] ()
S1 oahlpXX; C:\Windows\system32\drivers\oahlp32.sys [44984 2013-10-15] ()
R1 OAmon; C:\Windows\system32\drivers\OAmon.sys [34856 2013-10-15] (Emsisoft)
R3 OAnet; C:\Windows\System32\DRIVERS\oanet.sys [31760 2013-10-15] (Emsisoft)
R2 PSINAflt; C:\Windows\System32\DRIVERS\PSINAflt.sys [147728 2016-08-04] (Panda Security, S.L.)
R2 PSINFile; C:\Windows\System32\DRIVERS\PSINFile.sys [111376 2016-08-04] (Panda Security, S.L.)
R1 PSINKNC; C:\Windows\System32\DRIVERS\psinknc.sys [175888 2016-08-04] (Panda Security, S.L.)
R2 PSINProc; C:\Windows\System32\DRIVERS\PSINProc.sys [121616 2016-08-04] (Panda Security, S.L.)
R2 PSINProt; C:\Windows\System32\DRIVERS\PSINProt.sys [132880 2016-08-04] (Panda Security, S.L.)
R2 PSINReg; C:\Windows\System32\DRIVERS\PSINReg.sys [107792 2016-08-04] (Panda Security, S.L.)
R3 PSKMAD; C:\Windows\System32\DRIVERS\PSKMAD.sys [58288 2016-08-08] (Panda Security, S.L.)
R0 snapman380; C:\Windows\System32\DRIVERS\snman380.sys [134272 2009-03-14] (Acronis)
R3 stdriver; C:\Windows\System32\DRIVERS\stdriver32.sys [49240 2011-02-11] (NCH Software)
R2 sxuptp; C:\Windows\System32\DRIVERS\sxuptp.sys [247320 2009-06-22] (silex technology, Inc.)
S3 tap0901; C:\Windows\System32\DRIVERS\tap0901.sys [25216 2010-02-25] (The OpenVPN Project)
R0 tdrpman147; C:\Windows\System32\DRIVERS\tdrpm147.sys [971232 2009-03-14] (Acronis)
S3 teamviewervpn; C:\Windows\System32\DRIVERS\teamviewervpn.sys [25088 2013-10-17] (TeamViewer GmbH)
S3 trufos; C:\Windows\System32\drivers\trufos.sys [343456 2015-06-07] (BitDefender S.R.L.)
R3 UVCFTR; C:\Windows\System32\Drivers\UVCFTR_S.SYS [18432 2007-12-17] (Chicony Electronics Co., Ltd.)
R1 ZAM; C:\Windows\System32\drivers\zam32.sys [181496 2016-11-15] (Zemana Ltd.)
R1 ZAM_Guard; C:\Windows\System32\drivers\zamguard32.sys [181496 2016-11-15] (Zemana Ltd.)
U5 AppMgmt; C:\Windows\system32\svchost.exe [21504 2008-01-20] (Microsoft Corporation)
S3 aswVmm; ??\C:\Users\psimoes\AppData\Local\Temp\aswVmm.sys
S3 catchme; ??\C:\ComboFix\catchme.sys
S3 IpInIp; system32\DRIVERS\ipinip.sys
S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys
S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys
S0 tljkva; no ImagePath
S3 Tosrfcom; no ImagePath
S0 wayuia; no ImagePath

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-11-15 17:33 - 2016-11-15 17:34 - 00028459 _____ C:\Users\psimoes\Desktop\FRST.txt
2016-11-15 16:56 - 2016-11-15 16:56 - 00001080 _____ C:\Users\psimoes\Desktop\2016.11.15_MBytes.Results .txt
2016-11-15 15:59 - 2016-11-15 16:03 - 00170200 _____ (Malwarebytes) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2016-11-15 15:58 - 2016-11-15 15:58 - 00000870 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2016-11-15 15:58 - 2016-11-15 15:58 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2016-11-15 15:58 - 2016-11-15 15:58 - 00000000 ____D C:\Program Files\Malwarebytes Anti-Malware
2016-11-15 15:58 - 2016-03-10 14:09 - 00053120 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2016-11-15 15:58 - 2016-03-10 14:08 - 00126336 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbamchameleon.sys
2016-11-15 15:56 - 2016-11-15 15:56 - 00005276 _____ C:\Users\psimoes\Desktop\2016.11.15-15.03.04-i0-t92-d5_Zemana.Scan.txt
2016-11-15 14:33 - 2016-11-15 17:33 - 00073613 _____ C:\Windows\ZAM.krnl.trace
2016-11-15 14:33 - 2016-11-15 17:33 - 00050224 _____ C:\Windows\ZAM_Guard.krnl.trace
2016-11-15 14:33 - 2016-11-15 14:33 - 00181496 _____ (Zemana Ltd.) C:\Windows\system32\Drivers\zamguard32.sys
2016-11-15 14:33 - 2016-11-15 14:33 - 00181496 _____ (Zemana Ltd.) C:\Windows\system32\Drivers\zam32.sys
2016-11-15 14:33 - 2016-11-15 14:33 - 00001698 _____ C:\Users\Public\Desktop\Zemana AntiMalware.lnk
2016-11-15 14:33 - 2016-11-15 14:33 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Zemana AntiMalware
2016-11-15 14:33 - 2016-11-15 14:33 - 00000000 ____D C:\Program Files\Zemana AntiMalware
2016-11-15 14:32 - 2016-11-15 14:32 - 00000000 ____D C:\Users\psimoes\AppData\Local\Zemana
2016-11-15 14:24 - 2016-11-15 14:24 - 22851472 _____ (Malwarebytes ) C:\Users\psimoes\Desktop\mbam-setup-2.2.1.1043.exe
2016-11-15 14:23 - 2016-11-15 14:23 - 05426600 _____ ( ) C:\Users\psimoes\Desktop\Zemana.AntiMalware.Setup. exe
2016-11-14 19:22 - 2016-08-08 04:00 - 00058288 _____ (Panda Security, S.L.) C:\Windows\system32\Drivers\PSKMAD.sys
2016-11-14 18:30 - 2016-11-14 18:30 - 03910208 _____ C:\Users\psimoes\Desktop\adwcleaner_6.030.exe
2016-11-14 16:56 - 2016-11-14 16:56 - 00000008 __RSH C:\ProgramData\ntuser.pol
2016-11-14 16:48 - 2016-11-14 16:18 - 00024064 _____ C:\Windows\zoek-delete.exe
2016-11-14 16:41 - 2016-11-14 16:48 - 00000000 ____D C:\zoek
2016-11-14 16:18 - 2016-11-14 16:46 - 00000000 ____D C:\zoek_backup
2016-11-14 16:14 - 2016-11-15 09:59 - 00161202 _____ C:\Windows\ntbtlog.txt
2016-11-14 14:52 - 2016-11-14 15:54 - 00005375 _____ C:\Users\psimoes\Desktop\ZHPCleaner.txt
2016-11-14 14:37 - 2016-11-14 15:54 - 00000000 ____D C:\Users\psimoes\AppData\Roaming\ZHP
2016-11-14 14:37 - 2016-11-14 14:37 - 00000749 _____ C:\Users\psimoes\Desktop\ZHPCleaner.lnk
2016-11-14 14:33 - 2016-11-14 14:34 - 04186040 _____ C:\Users\psimoes\Desktop\zoek.zip
2016-11-14 14:33 - 2016-11-14 14:33 - 01309184 _____ C:\Users\psimoes\Desktop\zoek.exe
2016-11-14 14:31 - 2016-11-14 14:31 - 02485248 _____ C:\Users\psimoes\Desktop\ZHPCleaner.exe
2016-11-14 12:30 - 2016-11-14 13:11 - 00000512 _____ C:\Users\psimoes\Desktop\MBR.dat
2016-11-14 11:29 - 2016-11-15 17:33 - 00000000 ____D C:\FRST
2016-11-14 11:15 - 2016-11-14 11:15 - 05200384 _____ (AVAST Software) C:\Users\psimoes\Desktop\aswmbr.exe
2016-11-14 11:15 - 2016-11-14 11:15 - 01760768 _____ (Farbar) C:\Users\psimoes\Desktop\FRST.exe
2016-11-13 23:07 - 2016-11-13 23:07 - 00000000 ____D C:\Users\psimoes\AppData\Local\ESET
2016-11-13 13:27 - 2016-11-13 22:30 - 00000000 ____D C:\Users\psimoes\Desktop\Panda.Cloud.Cleaner_Porta ble
2016-11-13 13:20 - 2016-11-13 13:20 - 37786232 _____ (Panda Security ) C:\Users\psimoes\Desktop\PandaCloudCleaner.exe
2016-11-12 23:25 - 2016-11-12 23:52 - 00000000 ____D C:\ProgramData\F-Secure
2016-11-12 23:25 - 2016-11-12 23:25 - 00000000 ____D C:\Users\psimoes\AppData\Local\F-Secure
2016-11-12 23:06 - 2016-11-12 23:06 - 00524248 _____ (F-Secure Corporation) C:\Users\psimoes\Desktop\F-SecureOnlineScanner.exe
2016-11-12 23:04 - 2016-11-12 23:04 - 06761600 _____ (ESET spol. s r.o.) C:\Users\psimoes\Desktop\esetonlinescanner_enu.exe
2016-11-10 20:55 - 2016-11-15 08:41 - 00000000 ____D C:\Program Files\Mozilla Firefox
2016-10-21 13:43 - 2016-11-15 15:43 - 00000000 ____D C:\Program Files\Panda Security URL Filtering
2016-10-21 13:43 - 2016-10-21 13:53 - 00000000 ____D C:\Users\psimoes\AppData\Local\panda
2016-10-21 13:41 - 2016-10-21 13:41 - 00000000 ____D C:\Users\psimoes\AppData\Roaming\Panda Security
2016-10-21 13:34 - 2016-10-21 13:44 - 00002029 _____ C:\Users\Public\Desktop\Panda Free Antivirus.lnk
2016-10-21 13:34 - 2016-10-21 13:34 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Panda Free Antivirus
2016-10-21 13:33 - 2016-10-21 13:42 - 00000000 ____D C:\Program Files\Panda Security

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-11-15 17:21 - 2009-06-30 20:06 - 00000916 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3399307451-3074549587-1771456082-1000UA.job
2016-11-15 17:12 - 2010-02-09 17:32 - 00000886 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2016-11-15 16:37 - 2013-03-20 23:25 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2016-11-15 16:21 - 2009-06-30 20:06 - 00000864 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3399307451-3074549587-1771456082-1000Core.job
2016-11-15 15:58 - 2011-06-27 08:49 - 00000000 ____D C:\Program Files\Malwarebytes’ Anti-Malware
2016-11-15 15:58 - 2009-02-16 14:19 - 00000000 ____D C:\Users\psimoes\AppData\Roaming\Malwarebytes
2016-11-15 15:58 - 2009-02-16 14:19 - 00000000 ____D C:\ProgramData\Malwarebytes
2016-11-15 15:47 - 2010-02-09 17:32 - 00000882 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2016-11-15 15:47 - 2006-11-02 07:37 - 00000000 ___RD C:\Users\Public\Recorded TV
2016-11-15 15:46 - 2006-11-02 08:01 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2016-11-15 15:46 - 2006-11-02 07:47 - 00003616 _____ C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
2016-11-15 15:46 - 2006-11-02 07:47 - 00003616 _____ C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
2016-11-15 15:42 - 2006-11-02 08:01 - 00032656 _____ C:\Windows\Tasks\SCHEDLGU.TXT
2016-11-15 15:03 - 2009-02-16 11:17 - 00000000 ____D C:\Users\psimoes
2016-11-15 14:47 - 2011-12-25 20:37 - 00000936 _____ C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3399307451-3074549587-1771456082-1000UA.job
2016-11-15 09:59 - 2015-06-07 17:29 - 00000000 ____D C:\AdwCleaner
2016-11-14 17:47 - 2011-12-25 20:37 - 00000914 _____ C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3399307451-3074549587-1771456082-1000Core.job
2016-11-14 16:59 - 2013-03-07 23:13 - 00000000 ____D C:\Program Files\Online Armor
2016-11-14 16:56 - 2010-02-10 23:48 - 00000008 __RSH C:\Users\psimoes\ntuser.pol
2016-11-14 16:44 - 2006-11-02 06:18 - 00000000 ___HD C:\Windows\system32\GroupPolicy
2016-11-14 14:56 - 2014-07-05 17:04 - 00000000 ____D C:\Users\psimoes\Downloads\Android Apps
2016-11-14 12:15 - 2006-11-02 06:18 - 00000000 ____D C:\Windows\inf
2016-11-14 12:15 - 2006-11-02 05:33 - 00854788 _____ C:\Windows\system32\PerfStringBackup.INI
2016-11-14 00:19 - 2014-03-06 22:39 - 00000000 ____D C:\Users\psimoes\AppData\Local\CrashDumps
2016-11-10 18:32 - 2016-04-15 08:12 - 00000000 ____D C:\Users\psimoes\AppData\Roaming\Microsoft\Windows \Start Menu\Programs\Chrome Apps
2016-11-08 12:37 - 2012-05-03 08:23 - 00796352 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe
2016-11-08 12:37 - 2011-06-21 23:31 - 00142528 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl
2016-11-08 12:37 - 2008-02-12 21:43 - 00000000 ____D C:\Windows\system32\Macromed
2016-11-03 11:06 - 2016-02-22 16:43 - 00000000 ____D C:\Users\psimoes\AppData\Roaming\vlc
2016-11-03 11:04 - 2014-08-18 13:43 - 00000000 ____D C:\Users\psimoes\Desktop\0misc.downl_Tosh
2016-10-25 07:04 - 2006-11-02 07:47 - 00462664 _____ C:\Windows\system32\FNTCACHE.DAT
2016-10-21 13:42 - 2014-10-17 21:06 - 00000000 ____D C:\ProgramData\Panda Security
2016-10-21 13:41 - 2009-02-16 11:18 - 00121608 _____ C:\Users\psimoes\AppData\Local\GDIPFONTCACHEV1.DAT
2016-10-21 12:59 - 2012-06-16 00:29 - 00000000 ____D C:\ProgramData\AVAST Software

==================== Files in the root of some directories =======

2010-02-21 20:14 - 2010-04-02 18:43 - 0000990 ___SH () C:\Users\psimoes\AppData\Roaming\systemfl.$dk
2014-10-13 16:09 - 2014-10-29 03:29 - 0207963 _____ () C:\Users\psimoes\AppData\Local\ars.cache
2014-10-13 16:09 - 2014-10-29 03:29 - 0576849 _____ () C:\Users\psimoes\AppData\Local\census.cache
2010-07-18 20:02 - 2015-05-16 07:08 - 0001356 _____ () C:\Users\psimoes\AppData\Local\d3d9caps.dat
2009-02-16 02:35 - 2011-06-29 21:25 - 0081408 _____ () C:\Users\psimoes\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2014-10-13 15:55 - 2014-10-13 15:55 - 0000036 _____ () C:\Users\psimoes\AppData\Local\housecall.guid.cach e
2014-10-13 16:06 - 2014-10-28 23:31 - 0000010 _____ () C:\Users\psimoes\AppData\Local\sponge.last.runtime .cache
[HEADING=1]Some files in TEMP:[/HEADING]
C:\Users\psimoes\AppData\Local\Temp\libeay32.dll
C:\Users\psimoes\AppData\Local\Temp\msvcr120.dll
C:\Users\psimoes\AppData\Local\Temp\sqlite3.dll
[HEADING=1]Some zero byte size files/folders:[/HEADING]
C:\Windows\logo_1.exe
C:\Windows\RUNDL132.EXE
C:\Windows\VDLL.DLL
C:\Windows\System32\runouce.exe

==================== Bamital & volsnap ======================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\explorer.exe => File is digitally signed
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2016-11-15 15:54

==================== End of FRST.txt ============================
[HEADING=1]Additional scan result of Farbar Recovery Scan Tool (x86) Version: 12-11-2016
Ran by psimoes (15-11-2016 17:35:01)
Running from C:\Users\psimoes\Desktop
Microsoft® Windows Vista™ Home Premium Service Pack 2 (X86) (2009-02-16 07:13:03)
Boot Mode: Normal[/HEADING]
==================== Accounts: =============================

Administrator (S-1-5-21-3399307451-3074549587-1771456082-500 - Administrator - Disabled)
Guest (S-1-5-21-3399307451-3074549587-1771456082-501 - Limited - Enabled) => C:\Users\Guest
psimoes (S-1-5-21-3399307451-3074549587-1771456082-1000 - Administrator - Enabled) => C:\Users\psimoes
torrents (S-1-5-21-3399307451-3074549587-1771456082-1004 - Limited - Enabled) => C:\Users\torrents

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Panda Free Antivirus (Disabled - Up to date) {3456760B-FDAA-FFFD-06C2-7BB528D2066C}
AS: Panda Free Antivirus (Disabled - Up to date) {8F3797EF-DB90-F073-3C72-40C753554CD1}
AS: Windows Defender (Disabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: Panda Firewall (Disabled) {0C6DF72E-B7C5-FEA5-2D9D-D280D6014117}
FW: Online Armor Firewall (Disabled) {BD3F5FCA-866B-1E2E-0A68-58900A751EA1}

==================== Installed Programs ======================

(Only the adware programs with “Hidden” flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

7-Zip 4.65 (HKLM...\7-Zip) (Version: - )
7-Zip 9.20 (HKLM...{23170F69-40C1-2701-0920-000001000000}) (Version: 9.20.00.0 - Igor Pavlov)
Acrobat.com (HKLM...\com.adobe.mauby.4875E02D9FB21EE389F73B8D1 702B320485DF8CE.1) (Version: 1.1.377 - Adobe Systems Incorporated)
Acrobat.com (Version: 0.0.0 - Adobe Systems Incorporated) Hidden
Adobe AIR (HKLM...\Adobe AIR) (Version: 4.0.0.1390 - Adobe Systems Incorporated)
Adobe Flash Player 23 ActiveX (HKLM...\Adobe Flash Player ActiveX) (Version: 23.0.0.207 - Adobe Systems Incorporated)
Adobe Flash Player 23 NPAPI (HKLM...\Adobe Flash Player NPAPI) (Version: 23.0.0.207 - Adobe Systems Incorporated)
Adobe Flash Player 23 PPAPI (HKLM...\Adobe Flash Player PPAPI) (Version: 23.0.0.207 - Adobe Systems Incorporated)
Adobe Reader X (10.1.16) (HKLM...{AC76BA86-7AD7-1033-7B44-AA1000000001}) (Version: 10.1.16 - Adobe Systems Incorporated)
Aiseesoft Blu-ray Ripper (HKLM...\Aiseesoft Blu-ray Ripper_is1) (Version: - )
Aiseesoft Streaming Video Recorder (HKLM...\Aiseesoft Streaming Video Recorder_is1) (Version: - )
AOMEI Backupper Standard Edition 2.0.2 (HKLM...{A83692F5-3E9B-4E95-9E7E-B5DF5536C09F}is1) (Version: - AOMEI Technology Co., Ltd.)
Apple Application Support (HKLM...{F5266D28-E0B2-4130-BFC5-EE155AD514DC}) (Version: 2.3 - Apple Inc.)
Apple Mobile Device Support (HKLM...{308B6AEA-DE50-4666-996D-0FA461719D6B}) (Version: 3.3.0.69 - Apple Inc.)
Apple Software Update (HKLM...{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
ATI Catalyst Install Manager (HKLM...{53BB9294-6E76-4853-4130-1CD0A01EAE45}) (Version: 3.0.657.0 - ATI Technologies, Inc.)
Auslogics DiskDefrag (HKLM...{DF6A13C0-77DF-41FE-BD05-6D5201EB0CE7}is1) (Version: 4.4.0.0 - Auslogics Labs Pty Ltd)
Belkin Setup and Router Monitor (HKLM...\Belkin Setup and Router Monitor_is1) (Version: - )
Belkin USB Print and Storage Center (HKLM...\Belkin USB Print and Storage Center) (Version: 1.1.4 - Belkin International, Inc.)
Bluetooth Stack for Windows by Toshiba (HKLM...{CEBB6BFB-D708-4F99-A633-BC2600E01EF6}) (Version: v6.10.02(T) - TOSHIBA CORPORATION)
Bonjour (HKLM...{FF1C31AE-0CDC-40CE-AB85-406F8B70D643}) (Version: 2.0.3.0 - Apple Inc.)
Camera Assistant Software for Toshiba (HKLM...{37C866E4-AA67-4725-9E95-A39968DD7960}) (Version: 1.7.175.0123 - Chicony Electronics Co.,Ltd.)
Catalyst Control Center - Branding (HKLM...{D58A1E94-9EEA-4C6E-B9FB-D7C63DC6C941}) (Version: 1.00.0000 - ATI)
ccc-core-static (Version: 2008.0130.1509.26922 - ATI) Hidden
CCleaner (HKLM...\CCleaner) (Version: 5.10 - Piriform)
CD/DVD Drive Acoustic Silencer (HKLM...{9FE35071-CAB2-4E79-93E7-BFC6A2DC5C5D}) (Version: 2.02.01 - TOSHIBA)
Cisco WebEx Meetings (HKLM...\ActiveTouchMeetingClient) (Version: - Cisco WebEx LLC)
Citrix Online Launcher (HKLM...{678753E6-E526-4AE5-A144-00240772543A}) (Version: 1.0.393 - Citrix)
Compatibility Pack for the 2007 Office system (HKLM...{90120000-0020-0409-0000-0000000FF1CE}) (Version: 12.0.6425.1000 - Microsoft Corporation)
Cover Commander 3.0 by Insofta Development (HKLM...\Cover Commander) (Version: 3.0 - Insofta Development)
CyberLink PowerCinema for TOSHIBA (HKLM...\InstallShield{2637C347-9DAD-11D6-9EA2-00055D0CA761}) (Version: 6.0.1414 - CyberLink Corp.)
D3DX10 (Version: 15.4.2368.0902 - Microsoft) Hidden
DVD MovieFactory for TOSHIBA (HKLM...{F214EAA4-A069-4BAF-9DA4-4DB8BEEDE485}) (Version: 5.51 - Ulead Systems, Inc.)
ESET Online Scanner v3 (HKLM...\ESET Online Scanner) (Version: - )
Facebook Video Calling 3.1.0.521 (HKLM...{2091F234-EB58-4B80-8C96-8EB78C808CF7}) (Version: 3.1.521 - Skype Limited)
FileASSASSIN (HKLM...\FileASSASSIN) (Version: 1.06 - Malwarebytes)
Folder Lock (HKU\S-1-5-21-3399307451-3074549587-1771456082-1000...\FolderLock6) (Version: - New Sofware.net Inc.)
FXCM Trading Station (HKU\S-1-5-21-3399307451-3074549587-1771456082-1000...\FXCM Trading Station) (Version: 010311 - )
FXCM Trading Station (Version: 010311 - FXCM) Hidden
GearDrvs (Version: 1 - Symantec Corporation) Hidden
GearDrvs (Version: 1.00.0000 - GEAR Software) Hidden
Gizmo Central (HKLM...\Gizmo Central) (Version: v2.7.9 - Arainia Solutions, LLC)
Google Chrome (HKLM...\Google Chrome) (Version: 49.0.2623.112 - Google Inc.)
Google Desktop (HKLM...\Google Desktop) (Version: - - Google)
Google Talk Plugin (HKLM...{F9B579C2-D854-300A-BE62-A09EB9D722E4}) (Version: 5.41.3.0 - Google)
Google Toolbar for Internet Explorer (HKLM...{2318C2B1-4965-11d4-9B18-009027A5CD4F}) (Version: 7.5.7619.1252 - Google Inc.)
Google Toolbar for Internet Explorer (Version: 1.0.0 - Google Inc.) Hidden
Google Update Helper (Version: 1.3.25.11 - Google Inc.) Hidden
Google Update Helper (Version: 1.3.31.5 - Google Inc.) Hidden
GoToMeeting 7.16.0.4800 (HKU\S-1-5-21-3399307451-3074549587-1771456082-1000...\GoToMeeting) (Version: 7.16.0.4800 - CitrixOnline)
HTC BMP USB Driver (HKLM...{31A559C1-9E4D-423B-9DD3-34A6C5398752}) (Version: 1.0.5375 - HTC)
HTC Driver Installer (HKLM...{6D6664A9-3342-4948-9B7E-034EFE366F0F}) (Version: 3.0.0.021 - HTC Corporation)
Ideal DVD Copy V4.1.2 (HKLM...\Ideal DVD Copy_is1) (Version: - Ideal DVD Software, Inc.)
ImgBurn (HKLM...\ImgBurn) (Version: 2.5.7.0 - LIGHTNING UK!)
Intel(R) PROSet/Wireless Software (HKLM...\ProInst) (Version: 11.5.0000 - Intel Corporation)
Intel® Matrix Storage Manager (HKLM...{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}) (Version: - )
IPTInstaller (HKLM...{08208143-777D-4A06-BB54-71BF0AD1BB70}) (Version: 4.0.9 - HTC)
iTunes (HKLM...{881F5DE8-9367-4B81-A325-E91BBC6472F9}) (Version: 10.1.1.4 - Apple Inc.)
Java 7 Update 67 (HKLM...{26A24AE4-039D-4CA4-87B4-2F83217051FF}) (Version: 7.0.670 - Oracle)
Junk Mail filter update (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Logitech Unifying Software 2.50 (HKLM...\Logitech Unifying) (Version: 2.50.25 - Logitech)
magicJack (HKU\S-1-5-21-3399307451-3074549587-1771456082-1000...\magicJack) (Version: 4.1.7574.5297 - magicJack L.P.)
Malwarebytes Anti-Malware version 2.2.1.1043 (HKLM...\Malwarebytes Anti-Malware_is1) (Version: 2.2.1.1043 - Malwarebytes)
mCorev32.ism_new (Version: 11.02.0000 - Intel Corporation) Hidden
mCPlug (Version: 11.02.0000 - Intel Corporation) Hidden
mHelp (Version: 11.02.0000 - Intel) Hidden
Microsoft .NET Framework 3.5 SP1 (HKLM...\Microsoft .NET Framework 3.5 SP1) (Version: - Microsoft Corporation)
Microsoft .NET Framework 4.5.2 (HKLM...{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.51209 - Microsoft Corporation)
Microsoft Office Enterprise 2007 (HKLM...\ENTERPRISE) (Version: 12.0.4518.1014 - Microsoft Corporation)
Microsoft Silverlight (HKLM...{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.20125.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (HKLM...{770657D0-A123-3C07-8E44-1C83EC895118}) (Version: 8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM...{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM...{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148 (HKLM...{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM...{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022.218 (HKLM...{E503B4BF-F7BB-3D5F-8BC8-F694B1CFF942}) (Version: 9.0.21022.218 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM...{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM...{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM...{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Works (HKLM...{15BC8CD0-A65B-47D0-A2DD-90A824590FA8}) (Version: 9.7.0621 - Microsoft Corporation)
mMHouse (Version: 11.02.0000 - Intel Corporation) Hidden
Mozilla Firefox 48.0.2 (x86 en-US) (HKLM...\Mozilla Firefox 48.0.2 (x86 en-US)) (Version: 48.0.2 - Mozilla)
mPfMgr (Version: 11.02.0000 - Intel Corporation) Hidden
MSVC90_x86 (Version: 1.0.1.2 - Nokia) Hidden
MSXML 4.0 SP2 (KB941833) (HKLM...{C523D256-313D-4866-B36A-F3DE528246EF}) (Version: 4.20.9849.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB954430) (HKLM...{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM...{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (HKLM...{196467F1-C11F-4F76-858B-5812ADC83B94}) (Version: 4.30.2100.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (KB2721691) (HKLM...{355B5AC0-CEEE-42C5-AD4D-7F3CFD806C36}) (Version: 4.30.2114.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (KB2758694) (HKLM...{1D95BA90-F4F8-47EC-A882-441C99D30C1E}) (Version: 4.30.2117.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (KB973685) (HKLM...{859DFA95-E4A6-48CD-B88E-A3E483E89B44}) (Version: 4.30.2107.0 - Microsoft Corporation)
Network Recording Player (HKLM...{FDA24BB0-8462-4356-B30E-C74FDC25C6DF}) (Version: 28.7.0.15458 - Cisco WebEx LLC)
Nokia Connectivity Cable Driver (HKLM...{2D99A593-C841-43A7-B7C9-D6F3AE70B756}) (Version: 7.1.45.0 - Nokia)
Nokia PC Suite (HKLM...\Nokia PC Suite) (Version: 7.1.62.1 - Nokia)
Nokia PC Suite (Version: 7.1.62.1 - Nokia) Hidden
Online Armor 6.0 (HKLM...\OnlineArmor_is1) (Version: 6.0 - Emsisoft GmbH)
Opera Stable 36.0.2130.80 (HKLM...\Opera 36.0.2130.80) (Version: 36.0.2130.80 - Opera Software)
Panda Devices Agent (Version: 1.03.08 - Panda Security) Hidden
Panda Devices Agent (Version: 1.08.00 - Panda Security) Hidden
Panda Free Antivirus (HKLM...\Panda Universal Agent Endpoint) (Version: 17.00.01.0000 - Panda Security)
Panda Free Antivirus (Version: 8.31.00 - Panda Security) Hidden
Panda Safe Web (HKLM...\pandasecuritytb) (Version: 4.3.1.20 - Panda Security and Visicom Media Inc.)
PC Connectivity Solution (HKLM...{C373F7C4-05D2-4047-96D1-6AF30661C6AA}) (Version: 11.4.19.0 - Nokia)
Picasa 3 (HKLM...\Picasa 3) (Version: 3.9 - Google, Inc.)
QuickTime (HKLM...{AF0CE7C0-A3E4-4D73-988B-B29187EC6E9A}) (Version: 7.73.80.64 - Apple Inc.)
Realtek 8169, 8168, 8101E and 8102E Ethernet Network Card Driver for Windows Vista (HKLM...{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 1.00.0000 - Realtek)
Realtek High Definition Audio Driver (HKLM...{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.5559 - Realtek Semiconductor Corp.)
Revo Uninstaller 1.92 (HKLM...\Revo Uninstaller) (Version: 1.92 - VS Revo Group)
RICOH R5C83x/84x Flash Media Controller Driver Ver.3.51.01 (HKLM...{59F6A514-9813-47A3-948C-8A155460CC2A}) (Version: 3.51.01 - )
Segoe UI (Version: 15.4.2271.0615 - Microsoft Corp) Hidden
Skins (Version: 2008.0130.1509.26922 - ATI) Hidden
Skype™ 7.26 (HKLM...{FC965A47-4839-40CA-B618-18F486F042C6}) (Version: 7.26.101 - Skype Technologies S.A.)
Snagit 11 (HKLM...{A56C6348-59D0-433B-A48A-75914858664E}) (Version: 11.2.1 - TechSmith Corporation)
SnagIt 9 (HKLM...{59991D18-A988-45AB-B1BF-5ADE6E64CD3F}) (Version: 9.0.0 - TechSmith Corporation)
Spelling Dictionaries Support For Adobe Reader 9 (HKLM...{AC76BA86-7AD7-5464-3428-900000000004}) (Version: 9.0.0 - Adobe Systems Incorporated)
Synaptics Pointing Device Driver (HKLM...\SynTPDeinstKey) (Version: 11.2.4.0 - Synaptics)
TOSHIBA Assist (HKLM...{12B3A009-A080-4619-9A2A-C6DB151D8D67}) (Version: 2.01.05 - TOSHIBA)
TOSHIBA ConfigFree (HKLM...{78C6A78A-8B03-48C8-A47C-78BA1FCA2307}) (Version: 7.1.27 - TOSHIBA Corporation)
TOSHIBA DVD PLAYER (HKLM...{6C5F3BDC-0A1B-4436-A696-5939629D5C31}) (Version: 1.20.10 - TOSHIBA Corporation)
TOSHIBA Extended Tiles for Windows Mobility Center (HKLM...\InstallShield{617C36FD-0CBE-4600-84B2-441CEB12FADF}) (Version: 1.01.00 - TOSHIBA Corporation)
TOSHIBA Face Recognition (HKLM...\InstallShield_{C730E42C-935A-45BB-A0C5-37E5234D111B}) (Version: 1.0.3.32 - TOSHIBA)
TOSHIBA Hardware Setup (HKLM...{2883F6F5-0509-43F3-868C-D50330DD9DD3}) (Version: 2.00.06 - )
Toshiba Registration (HKLM...{C53D16CC-E56F-47B8-906E-70AAF8EABB4F}) (Version: 1.00.0000 - Datalode Inc.)
TOSHIBA SD Memory Utilities (HKLM...{EBFF48F5-3CFA-436F-8FD5-94FB01D3A0A7}) (Version: 1.8.1.1 - TOSHIBA)
TOSHIBA Software Upgrades (HKLM...{425A2BC2-AA64-4107-9C29-484245BBEA05}) (Version: 4.3 - TOSHIBA)
TOSHIBA Speech System Applications (HKLM...{EE033C1F-443E-41EC-A0E2-559B539A4E4D}) (Version: - )
TOSHIBA Speech System SR Engine(U.S.) Version1.0 (HKLM...{008D69EB-70FF-46AB-9C75-924620DF191A}) (Version: - )
TOSHIBA Speech System TTS Engine(U.S.) Version1.0 (HKLM...{3FBF6F99-8EC6-41B4-8527-0A32241B5496}) (Version: - )
TOSHIBA Supervisor Password (HKLM...{4B1E87C3-00DE-4898-8E39-E390AAEF2391}) (Version: 2.00.03 - )
TOSHIBA Value Added Package (HKLM...\InstallShield_{FEDD27A0-B306-45EF-BF58-B527406B42C8}) (Version: 1.1.14 - TOSHIBA Corporation)
TrueSuite Access Manager (HKLM...{A2075A09-28AA-4D30-9BCC-82EAD9FA51BD}) (Version: 1.1.13.13 - ABIG)
TRW conferencing (HKLM...{E23E9487-2B6B-42CA-AE8D-E2369563AB02}) (Version: 7.71 - Digitalweb)
TurboMeeting (HKU\S-1-5-21-3399307451-3074549587-1771456082-1000...\TurboMeeting) (Version: 3.0.300 - RHUB Communications, Inc.)
Unlocker 1.9.0 (HKLM...\Unlocker) (Version: 1.9.0 - Cedrick Collomb)
Video Mover (HKLM...\Video Mover_is1) (Version: - )
VLC media player (HKLM...\VLC media player) (Version: 2.2.2 - VideoLAN)
Windows Driver Package - Nokia Modem (02/25/2011 4.7) (HKLM...\E0AC723A3DE3A04256288CADBBB011B112AED454) (Version: 02/25/2011 4.7 - Nokia)
Windows Driver Package - Nokia Modem (02/25/2011 7.01.0.9) (HKLM...\72A50F48CC5601190B9C4E74D81161693133E7F7) (Version: 02/25/2011 7.01.0.9 - Nokia)
Windows Driver Package - Nokia pccsmcfd (08/22/2008 7.0.0.0) (HKLM...\504244733D18C8F63FF584AEB290E3904E791693) (Version: 08/22/2008 7.0.0.0 - Nokia)
Windows Live Essentials (HKLM...\WinLiveSuite) (Version: 15.4.3538.0513 - Microsoft Corporation)
Windows Media Encoder 9 Series (HKLM...\Windows Media Encoder 9) (Version: - )
WinPcap 4.1.2 (HKLM...\WinPcapInst) (Version: 4.1.0.2001 - CACE Technologies)
Your monster voice 1 (HKLM...\Your monster voice 1) (Version: - )
Zemana AntiMalware (HKLM...{8F0CD7D1-42F3-4195-95CD-833578D45057}_is1) (Version: 2.60.1 - Zemana Ltd.)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-3399307451-3074549587-1771456082-1000_Classes\CLSID{01B48E19-3C98-4B34-B679-86D14E74C2D8}\InprocServer32 → no filepath
CustomCLSID: HKU\S-1-5-21-3399307451-3074549587-1771456082-1000_Classes\CLSID{022105BD-948A-40C9-AB42-A3300DDF097F}\localserver32 → C:\Users\psimoes\AppData\Local\Google\Update\Googl eUpdate.exe (Google Inc.)
CustomCLSID: HKU\S-1-5-21-3399307451-3074549587-1771456082-1000_Classes\CLSID{035FBE31-3755-450A-A775-5E6BBD43D344}\InprocServer32 → C:\Users\psimoes\AppData\Local\Google\Update\1.3.2 1.135\psuser.dll => No File
CustomCLSID: HKU\S-1-5-21-3399307451-3074549587-1771456082-1000_Classes\CLSID{039B2CA5-3B41-4D93-AD77-47D3293FC5CB}\InprocServer32 → no filepath
CustomCLSID: HKU\S-1-5-21-3399307451-3074549587-1771456082-1000_Classes\CLSID{095A2EEC-F7FE-42E8-96FB-C20E53081908}\InprocServer32 → no filepath
CustomCLSID: HKU\S-1-5-21-3399307451-3074549587-1771456082-1000_Classes\CLSID{0E55CBE1-B06A-49B6-AD8D-9EFAA0160C6F}\InprocServer32 → no filepath
CustomCLSID: HKU\S-1-5-21-3399307451-3074549587-1771456082-1000_Classes\CLSID{0F22A205-CFB0-4679-8499-A6F44A80A208}\InprocServer32 → C:\Users\psimoes\AppData\Local\Google\Update\1.3.2 5.5\psuser.dll => No File
CustomCLSID: HKU\S-1-5-21-3399307451-3074549587-1771456082-1000_Classes\CLSID{11CD84A3-A5E0-43CB-B3DF-92C623C0E0E0}\InprocServer32 → C:\Windows\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3399307451-3074549587-1771456082-1000_Classes\CLSID{1423F872-3F7F-4E57-B621-8B1A9D49B448}\InprocServer32 → C:\Users\psimoes\AppData\Local\Google\Update\1.3.2 7.5\psuser.dll => No File
CustomCLSID: HKU\S-1-5-21-3399307451-3074549587-1771456082-1000_Classes\CLSID{1FD1FE74-9E3C-4C1C-AEEB-AAB592AD770F}\localserver32 → C:\Users\psimoes\AppData\Local\Facebook\Update\Fac ebookUpdate.exe (Facebook Inc.)
CustomCLSID: HKU\S-1-5-21-3399307451-3074549587-1771456082-1000_Classes\CLSID{22181302-A8A6-4F84-A541-E5CBFC70CC43}\localserver32 → C:\Users\psimoes\AppData\Local\Google\Update\1.3.3 1.5\GoogleUpdateOnDemand.exe (Google Inc.)
CustomCLSID: HKU\S-1-5-21-3399307451-3074549587-1771456082-1000_Classes\CLSID{29A96789-9595-4947-BEDB-0FCC776F7DB8}\InprocServer32 → no filepath
CustomCLSID: HKU\S-1-5-21-3399307451-3074549587-1771456082-1000_Classes\CLSID{2A235D7E-0358-40E2-B51A-DE22F8F5C50D}\InprocServer32 → C:\Windows\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3399307451-3074549587-1771456082-1000_Classes\CLSID{2F0E2680-9FF5-43C0-B76E-114A56E93598}\localserver32 → C:\Users\psimoes\AppData\Local\Google\Update\1.3.3 1.5\GoogleUpdateOnDemand.exe (Google Inc.)
CustomCLSID: HKU\S-1-5-21-3399307451-3074549587-1771456082-1000_Classes\CLSID{320F0FDB-BE0A-4648-9D18-4A2C3448C007}\InprocServer32 → no filepath
CustomCLSID: HKU\S-1-5-21-3399307451-3074549587-1771456082-1000_Classes\CLSID{355EC88A-02E2-4547-9DEE-F87426484BD1}\InprocServer32 → C:\Users\psimoes\AppData\Local\Google\Update\1.3.2 3.9\psuser.dll => No File
CustomCLSID: HKU\S-1-5-21-3399307451-3074549587-1771456082-1000_Classes\CLSID{39125640-8D80-11DC-A2FE-C5C455D89593}\InprocServer32 → C:\Users\psimoes\AppData\Local\Google\Google Talk Plugin\googletalkax.dll (Google)
CustomCLSID: HKU\S-1-5-21-3399307451-3074549587-1771456082-1000_Classes\CLSID{3D0E3723-95BF-4639-BE54-BB803AE4AE13}\localserver32 → C:\Program Files\Candleworks\FXTS2\FXTSpp.exe ()
CustomCLSID: HKU\S-1-5-21-3399307451-3074549587-1771456082-1000_Classes\CLSID{42481700-CF3C-4D05-8EC6-F9A1C57E8DC0}\InprocServer32 → no filepath
CustomCLSID: HKU\S-1-5-21-3399307451-3074549587-1771456082-1000_Classes\CLSID{4DF0C730-DF9D-4AE3-9153-AA6B82E9795A}\InprocServer32 → no filepath
CustomCLSID: HKU\S-1-5-21-3399307451-3074549587-1771456082-1000_Classes\CLSID{51F9E8EF-59D7-475B-A106-C7EA6F30C119}\localserver32 → C:\Users\psimoes\AppData\Local\Google\Update\1.3.3 1.5\GoogleUpdateOnDemand.exe (Google Inc.)
CustomCLSID: HKU\S-1-5-21-3399307451-3074549587-1771456082-1000_Classes\CLSID{590C4387-5EBD-4D46-8A84-CD0BA2EF2856}\InprocServer32 → C:\Users\psimoes\AppData\Local\Google\Update\1.3.3 0.3\psuser.dll => No File
CustomCLSID: HKU\S-1-5-21-3399307451-3074549587-1771456082-1000_Classes\CLSID{59B55F04-DE14-4BB8-92FF-C4A22EF2E5F4}\InprocServer32 → C:\Users\psimoes\AppData\Local\Google\Update\1.3.3 1.5\psuser.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-3399307451-3074549587-1771456082-1000_Classes\CLSID{5C8C2A98-6133-4EBA-BBCC-34D9EA01FC2E}\InprocServer32 → C:\Users\psimoes\AppData\Local\Google\Update\1.3.2 8.1\psuser.dll => No File
CustomCLSID: HKU\S-1-5-21-3399307451-3074549587-1771456082-1000_Classes\CLSID{5E71E4F3-E8C7-4906-9626-973E418762B6}\InprocServer32 → C:\Users\psimoes\AppData\Local\Facebook\Update\1.2 .205.0\goopdate.dll (Facebook Inc.)
CustomCLSID: HKU\S-1-5-21-3399307451-3074549587-1771456082-1000_Classes\CLSID{62A0D750-DED9-448C-B693-406B34BB0892}\InprocServer32 → C:\Users\psimoes\AppData\Local\Google\Update\1.3.2 1.145\psuser.dll => No File
CustomCLSID: HKU\S-1-5-21-3399307451-3074549587-1771456082-1000_Classes\CLSID{634059C0-D264-4B2C-AE80-F73E48D33E5B}\InprocServer32 → C:\Users\psimoes\AppData\Local\Google\Update\1.3.2 1.123\psuser.dll => No File
CustomCLSID: HKU\S-1-5-21-3399307451-3074549587-1771456082-1000_Classes\CLSID{672CDBDB-0270-4EB9-83EC-216377522D21}\InprocServer32 → C:\Windows\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3399307451-3074549587-1771456082-1000_Classes\CLSID{6D7374DE-63AA-473C-8C02-60D9CDCD84C5}\InprocServer32 → C:\Users\psimoes\AppData\Local\Google\Update\1.3.2 1.153\psuser.dll => No File
CustomCLSID: HKU\S-1-5-21-3399307451-3074549587-1771456082-1000_Classes\CLSID{78550997-5DEF-4A8A-BAF9-D5774E87AC98}\InprocServer32 → C:\Users\psimoes\AppData\Local\Google\Update\1.3.2 8.13\psuser.dll => No File
CustomCLSID: HKU\S-1-5-21-3399307451-3074549587-1771456082-1000_Classes\CLSID{793EE463-1304-471C-ADF1-68C2FFB01247}\InprocServer32 → C:\Users\psimoes\AppData\Local\Google\Update\1.3.2 9.5\psuser.dll => No File
CustomCLSID: HKU\S-1-5-21-3399307451-3074549587-1771456082-1000_Classes\CLSID{841BFDCA-6A9A-4EBC-BC7E-194AA5DCE428}\InprocServer32 → C:\Windows\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3399307451-3074549587-1771456082-1000_Classes\CLSID{84B5A313-CD5D-4904-8BA2-AFDC81C1B309}\InprocServer32 → C:\Program Files\Citrix\GoToMeeting\3880\G2MOutlookAddin.dll (Citrix Online, a division of Citrix Systems, Inc.)
CustomCLSID: HKU\S-1-5-21-3399307451-3074549587-1771456082-1000_Classes\CLSID{8B9F5BF4-0407-4BB2-9FED-4C0372DABD00}\localserver32 → C:\Users\psimoes\AppData\Local\Facebook\Video\Skyp e\FacebookVideoCallingProxy.exe (Skype Limited)
CustomCLSID: HKU\S-1-5-21-3399307451-3074549587-1771456082-1000_Classes\CLSID{90B3DFBF-AF6A-4EA0-8899-F332194690F8}\InprocServer32 → C:\Users\psimoes\AppData\Local\Google\Update\1.3.2 4.15\psuser.dll => No File
CustomCLSID: HKU\S-1-5-21-3399307451-3074549587-1771456082-1000_Classes\CLSID{91EFB276-CEFE-48EC-BB3A-57795A7B4008}\InprocServer32 → C:\Users\psimoes\AppData\Local\Google\Update\1.3.2 1.149\psuser.dll => No File
CustomCLSID: HKU\S-1-5-21-3399307451-3074549587-1771456082-1000_Classes\CLSID{A45426FB-E444-42B2-AA56-419F8FBEEC61}\InprocServer32 → C:\Users\psimoes\AppData\Local\Google\Update\1.3.2 2.3\psuser.dll => No File
CustomCLSID: HKU\S-1-5-21-3399307451-3074549587-1771456082-1000_Classes\CLSID{A4EEBF66-92EB-4F2A-9F1E-2F6D14B30DA6}\InprocServer32 → no filepath
CustomCLSID: HKU\S-1-5-21-3399307451-3074549587-1771456082-1000_Classes\CLSID{A54D478D-4F70-4F72-9A74-17C9986E35AB}\InprocServer32 → C:\Users\psimoes\AppData\Local\Google\Update\1.3.2 1.165\psuser.dll => No File
CustomCLSID: HKU\S-1-5-21-3399307451-3074549587-1771456082-1000_Classes\CLSID{AB9F4455-E591-4132-A386-0B91EAEDB96C}\InprocServer32 → C:\Users\psimoes\AppData\Local\Google\Google Talk Plugin\o1dax.dll (Google)
CustomCLSID: HKU\S-1-5-21-3399307451-3074549587-1771456082-1000_Classes\CLSID{C3101A8B-0EE1-4612-BFE9-41FFC1A3C19D}\InprocServer32 → C:\Users\psimoes\AppData\Local\Google\Update\1.3.3 1.5\npGoogleUpdate3.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-3399307451-3074549587-1771456082-1000_Classes\CLSID{C3BC25C0-FCD3-4F01-AFDD-41373F017C9A}\InprocServer32 → C:\Users\psimoes\AppData\Local\Google\Update\1.3.2 6.9\psuser.dll => No File
CustomCLSID: HKU\S-1-5-21-3399307451-3074549587-1771456082-1000_Classes\CLSID{C442AC41-9200-4770-8CC0-7CDB4F245C55}\InprocServer32 → C:\Users\psimoes\AppData\Local\Google\Update\1.3.3 1.5\npGoogleUpdate3.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-3399307451-3074549587-1771456082-1000_Classes\CLSID{C5A2122B-A05B-4FD8-AE49-91990AE10998}\InprocServer32 → no filepath
CustomCLSID: HKU\S-1-5-21-3399307451-3074549587-1771456082-1000_Classes\CLSID{CBE9C57E-FFA9-4123-8354-AD360D6DD3CC}\InprocServer32 → C:\Users\psimoes\AppData\Local\Facebook\Video\Skyp e\npFacebookVideoCalling.dll (Skype Limited)
CustomCLSID: HKU\S-1-5-21-3399307451-3074549587-1771456082-1000_Classes\CLSID{CC182BE1-84CE-4A57-B85C-FD4BBDF78CB2}\InprocServer32 → C:\Users\psimoes\AppData\Local\Google\Update\1.3.2 9.1\psuser.dll => No File
CustomCLSID: HKU\S-1-5-21-3399307451-3074549587-1771456082-1000_Classes\CLSID{D0336C0B-7919-4C04-8CCE-2EBAE2ECE8C9}\InprocServer32 → C:\Users\psimoes\AppData\Local\Google\Update\1.3.2 5.11\psuser.dll => No File
CustomCLSID: HKU\S-1-5-21-3399307451-3074549587-1771456082-1000_Classes\CLSID{D0D38C6E-BF64-4C42-840D-3E0019D9F7A6}\InprocServer32 → no filepath
CustomCLSID: HKU\S-1-5-21-3399307451-3074549587-1771456082-1000_Classes\CLSID{D1EDC4F5-7F4D-4B12-906A-614ECF66DDAF}\InprocServer32 → C:\Users\psimoes\AppData\Local\Google\Update\1.3.2 8.15\psuser.dll => No File
CustomCLSID: HKU\S-1-5-21-3399307451-3074549587-1771456082-1000_Classes\CLSID{D9144DCD-E998-4ECA-AB6A-DCD83CCBA16D}\InprocServer32 → no filepath
CustomCLSID: HKU\S-1-5-21-3399307451-3074549587-1771456082-1000_Classes\CLSID{DB25D157-76D4-41C1-97B5-359E4A4CECEB}\InprocServer32 → no filepath
CustomCLSID: HKU\S-1-5-21-3399307451-3074549587-1771456082-1000_Classes\CLSID{E5F07F0E-C4AE-4AA8-AE7E-FC3DB683977E}\InprocServer32 → no filepath
CustomCLSID: HKU\S-1-5-21-3399307451-3074549587-1771456082-1000_Classes\CLSID{E67BE843-BBBE-4484-95FB-05271AE86750}\localserver32 → C:\Users\psimoes\AppData\Local\Google\Update\1.3.3 1.5\GoogleUpdateOnDemand.exe (Google Inc.)
CustomCLSID: HKU\S-1-5-21-3399307451-3074549587-1771456082-1000_Classes\CLSID{E8CF3E55-F919-49D9-ABC0-948E6CB34B9F}\InprocServer32 → C:\Users\psimoes\AppData\Local\Google\Update\1.3.3 1.5\psuser.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-3399307451-3074549587-1771456082-1000_Classes\CLSID{EB06378B-ABB6-4B3C-9B40-D488DD8A6E93}\InprocServer32 → C:\Users\psimoes\AppData\Local\Google\Update\1.3.2 2.5\psuser.dll => No File
CustomCLSID: HKU\S-1-5-21-3399307451-3074549587-1771456082-1000_Classes\CLSID{FB994D36-B312-46CE-A40B-CF63980641F9}\InprocServer32 → no filepath
CustomCLSID: HKU\S-1-5-21-3399307451-3074549587-1771456082-1000_Classes\CLSID{FE498BAB-CB4C-4F88-AC3F-3641AAAF5E9E}\InprocServer32 → C:\Users\psimoes\AppData\Local\Google\Update\1.3.2 4.7\psuser.dll => No File

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {0D161987-AD10-4D61-B6AF-08F1AF26C734} - System32\Tasks\Microsoft\Windows Defender\MP Scheduled Signature Update => c:\program files\windows defender\MpCmdRun.exe [2008-01-20] (Microsoft Corporation)
Task: {10F2238D-1EFD-497B-9F82-2ED7F4C95DD0} - System32\Tasks\FacebookUpdateTaskUserS-1-5-21-3399307451-3074549587-1771456082-1000UA => C:\Users\psimoes\AppData\Local\Facebook\Update\Fac ebookUpdate.exe [2012-07-11] (Facebook Inc.)
Task: {19B6ADC6-F3BD-4A45-9CB2-9DC80C9BA1F5} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files\Google\Update\GoogleUpdate.exe [2015-08-28] (Google Inc.)
Task: {1B2D5FC3-FD37-4F6B-B75D-92A79188796E} - System32\Tasks\PCMAgent.exe_1826580705 => C:\Program Files\CyberLink\PowerCinema for TOSHIBA\PCMAgent.exe [2007-12-13] (CyberLink Corp.)
Task: {35DA24BC-4BEA-4952-9DA5-B76E941F8DC9} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2015-12-13] (Adobe Systems Incorporated)
Task: {363B5A23-E3F2-4920-96D6-0FE18DF74777} - System32\Tasks\SafeZone scheduled Autoupdate 1464051125 => C:\Program Files\AVAST Software\SZBrowser\launcher.exe
Task: {3921AC9D-4361-4ECB-8B8E-644734DC37D7} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2015-09-16] (Piriform Ltd)
Task: {5255BE42-F960-4D14-B4BD-AC20C3743812} - System32\Tasks\CrystalDiskInfo => C:\Users\psimoes\Desktop\AntiV\CrystalDiskInfo6_2_ 2\DiskInfo.exe [2014-12-19] (Crystal Dew World)
Task: {5409B770-4508-4CB0-A052-26CAB9E4B9FA} - System32\Tasks\Opera scheduled Autoupdate 1382066025 => C:\Program Files\Opera\launcher.exe [2016-08-05] (Opera Software)
Task: {59C50FF3-0D3B-4CC6-BCBF-2D74EC3778AA} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-3399307451-3074549587-1771456082-1000UA => C:\Users\psimoes\AppData\Local\Google\Update\Googl eUpdate.exe [2015-08-30] (Google Inc.)
Task: {605400B6-8685-48B6-A6B9-A8C5529FC843} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files\Google\Update\GoogleUpdate.exe [2015-08-28] (Google Inc.)
Task: {81E48EDE-D2AC-4A54-B5A4-CAC8152C6D87} - System32\Tasks\FacebookUpdateTaskUserS-1-5-21-3399307451-3074549587-1771456082-1000Core => C:\Users\psimoes\AppData\Local\Facebook\Update\Fac ebookUpdate.exe [2012-07-11] (Facebook Inc.)
Task: {914710E2-0A42-44A6-AFA4-A6D7EAEDF898} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\system32\Macromed\Flash\FlashPlayerUpda teService.exe [2016-11-08] (Adobe Systems Incorporated)
Task: {954E1E94-94FD-420B-9725-623FAB68F590} - System32\Tasks{C074CB77-8752-4695-819D-DF00F7AAE9A6} => Chrome.exe hxxp://ui.skype.com/ui/0/6.18.59.106/en/abandoninstall?page=tsMain
Task: {9C8D6C2E-DF0E-4E97-BBB6-2A797D3B3BC4} - System32\Tasks\SafeZone scheduled Autoupdate 1458652480 => C:\Program Files\AVAST Software\SZBrowser\launcher.exe
Task: {A879EAD0-908D-481B-A17F-06FDB1F79C50} - System32\Tasks{EB5A17F7-59B1-4914-80F9-8981CBF7FF0B} => C:\Program Files\Gizmo\gizmo.exe [2011-07-02] (Arainia Solutions)
Task: {B52E95C6-0FEB-457F-A518-4DE31303C9AF} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-3399307451-3074549587-1771456082-1000Core => C:\Users\psimoes\AppData\Local\Google\Update\Googl eUpdate.exe [2015-08-30] (Google Inc.)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\system32\Macromed\Flash\FlashPlayerUpda teService.exe
Task: C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3399307451-3074549587-1771456082-1000Core.job => C:\Users\psimoes\AppData\Local\Facebook\Update\Fac ebookUpdate.exe
Task: C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3399307451-3074549587-1771456082-1000UA.job => C:\Users\psimoes\AppData\Local\Facebook\Update\Fac ebookUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3399307451-3074549587-1771456082-1000Core.job => C:\Users\psimoes\AppData\Local\Google\Update\Googl eUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3399307451-3074549587-1771456082-1000UA.job => C:\Users\psimoes\AppData\Local\Google\Update\Googl eUpdate.exe

==================== Shortcuts =============================

(The entries could be listed to be restored or removed.)

Shortcut: C:\Users\psimoes\Favorites\NCH Software Download Site.lnk → hxxp://www.nchsoftware.com/index.html
Shortcut: C:\Users\psimoes\Favorites\NCH Software Download.lnk → hxxp://www.nchsoftware.com/index.html

ShortcutWithArgument: C:\Users\psimoes\AppData\Roaming\Microsoft\Windows \Start Menu\Programs\Chrome Apps\Send Anywhere (File Transfer).lnk → C:\Program Files\Google\Chrome\Application\chrome.exe (Google Inc.) → --profile-directory=Default --app-id=hihbikoooaenkpdooehgemieligjejcb
ShortcutWithArgument: C:\Users\psimoes\AppData\Roaming\Microsoft\Windows \Start Menu\Programs\Chrome Apps\StartPage Search Engine.lnk → C:\Program Files\Google\Chrome\Application\chrome.exe (Google Inc.) → --profile-directory=Default --app-id=choepknhbopmendmnohbaemeaeemnaom

==================== Loaded Modules (Whitelisted) ==============

2013-06-27 00:10 - 2012-02-23 14:57 - 00022944 _____ () C:\Program Files\Belkin\Router Setup and Monitor\BelkinServicePS.dll
2014-10-18 17:39 - 2014-08-21 10:23 - 00270040 _____ () C:\Program Files\AOMEI Backupper Standard Edition 2.0.2\UiLogic.dll
2014-10-18 17:39 - 2014-08-21 10:22 - 00229080 _____ () C:\Program Files\AOMEI Backupper Standard Edition 2.0.2\diskmgr.dll
2014-10-18 17:39 - 2014-08-21 10:22 - 00265944 _____ () C:\Program Files\AOMEI Backupper Standard Edition 2.0.2\Comn.dll
2014-10-18 17:39 - 2014-08-21 10:23 - 00077528 _____ () C:\Program Files\AOMEI Backupper Standard Edition 2.0.2\Ldm.dll
2014-10-18 17:39 - 2014-08-21 10:22 - 00061144 _____ () C:\Program Files\AOMEI Backupper Standard Edition 2.0.2\Device.dll
2014-10-18 17:39 - 2014-08-21 10:22 - 00257752 _____ () C:\Program Files\AOMEI Backupper Standard Edition 2.0.2\BrFat.dll
2014-10-18 17:39 - 2014-08-21 10:22 - 00376536 _____ () C:\Program Files\AOMEI Backupper Standard Edition 2.0.2\BrNtfs.dll
2014-10-18 17:39 - 2014-08-21 10:22 - 00106200 _____ () C:\Program Files\AOMEI Backupper Standard Edition 2.0.2\FuncLogic.dll
2014-10-18 17:39 - 2014-08-21 10:22 - 00233176 _____ () C:\Program Files\AOMEI Backupper Standard Edition 2.0.2\Clone.dll
2014-10-18 17:39 - 2014-08-21 10:23 - 00335576 _____ () C:\Program Files\AOMEI Backupper Standard Edition 2.0.2\ImgFile.dll
2014-10-18 17:39 - 2014-08-21 10:22 - 00028376 _____ () C:\Program Files\AOMEI Backupper Standard Edition 2.0.2\Encrypt.dll
2014-10-18 17:39 - 2014-08-21 10:22 - 00073432 _____ () C:\Program Files\AOMEI Backupper Standard Edition 2.0.2\Compress.dll
2014-10-18 17:39 - 2014-08-21 10:22 - 00093912 _____ () C:\Program Files\AOMEI Backupper Standard Edition 2.0.2\BrVol.dll
2014-10-18 17:39 - 2014-08-21 10:22 - 00188120 _____ () C:\Program Files\AOMEI Backupper Standard Edition 2.0.2\GptBcd.dll
2014-10-18 17:39 - 2014-08-21 10:22 - 00147160 _____ () C:\Program Files\AOMEI Backupper Standard Edition 2.0.2\FlBackup.dll
2014-10-18 17:39 - 2014-08-21 10:22 - 00478936 _____ () C:\Program Files\AOMEI Backupper Standard Edition 2.0.2\EnumFolder.dll
2014-10-18 17:39 - 2014-08-21 10:22 - 00102104 _____ () C:\Program Files\AOMEI Backupper Standard Edition 2.0.2\Backup.dll
2014-10-18 17:39 - 2014-08-21 10:22 - 00098008 _____ () C:\Program Files\AOMEI Backupper Standard Edition 2.0.2\BrLog.dll
2014-10-18 17:39 - 2013-01-17 16:38 - 02403504 _____ () C:\Program Files\AOMEI Backupper Standard Edition 2.0.2\QtCore4.dll
2011-07-02 10:00 - 2011-07-02 10:00 - 00059304 _____ () C:\Program Files\Gizmo\gshell.dll
2013-06-27 00:11 - 2011-04-19 15:29 - 00132608 _____ () C:\Program Files\Belkin\Belkin USB Print and Storage Center\BkLocalBackup.dll
2016-11-15 14:33 - 2016-11-15 14:33 - 00129392 _____ () C:\Program Files\Zemana AntiMalware\ZAMShellExt32.dll
2013-06-27 00:11 - 2011-04-19 15:29 - 00152576 _____ () C:\Program Files\Belkin\Belkin USB Print and Storage Center\BkBackupScheduler.exe
2008-01-30 18:30 - 2008-01-30 18:30 - 00159744 _____ () C:\Windows\system32\atitmmxx.dll
2013-06-27 00:11 - 2010-02-09 14:55 - 00049152 _____ () C:\Program Files\Belkin\Belkin USB Print and Storage Center\Bkapcs.exe
2015-12-15 12:17 - 2015-12-15 12:17 - 00618544 _____ () C:\Program Files\Panda Security\Panda Security Protection\SQLite3.dll
2013-10-17 14:27 - 2013-10-17 14:27 - 00166912 _____ () C:\Program Files\HTC\Internet Pass-Through\PassThruSvr.exe
2008-02-12 21:22 - 2007-01-25 21:47 - 00136816 _____ () C:\Toshiba\IVP\ISM\pinger.exe
2008-02-12 21:22 - 2007-10-23 19:27 - 00066928 _____ () c:\Toshiba\IVP\swupdate\swupdtmr.exe
2009-02-16 02:43 - 2007-06-05 19:42 - 00094208 _____ () C:\Program Files\TrueSuite Access Manager\usbnotify.exe
2013-06-27 00:10 - 2010-08-22 19:01 - 00325632 _____ () C:\Program Files\Belkin\Router Setup and Monitor\QtXml4.dll
2013-06-27 00:10 - 2010-08-22 19:01 - 01954304 _____ () C:\Program Files\Belkin\Router Setup and Monitor\QtCore4.dll
2013-06-27 00:10 - 2010-08-22 19:01 - 07187456 _____ () C:\Program Files\Belkin\Router Setup and Monitor\QtGui4.dll
2013-06-27 00:10 - 2010-08-22 19:01 - 00847360 _____ () C:\Program Files\Belkin\Router Setup and Monitor\QtNetwork4.dll
2013-06-27 00:10 - 2010-08-22 18:32 - 00119808 _____ () C:\Program Files\Belkin\Router Setup and Monitor\imageformats\qjpeg4.dll
2008-02-12 21:13 - 2008-01-29 19:00 - 00430080 _____ () C:\Program Files\Toshiba\TOSCDSPD\TOSCDSPD.exe
2013-06-27 00:10 - 2012-02-23 14:19 - 00669696 _____ () C:\Program Files\Belkin\Router Setup and Monitor\gateways\GenericBelkinGatewayLOC.dll
2007-12-12 15:46 - 2007-12-12 15:46 - 00016384 ____R () C:\Program Files\ATI Technologies\ATI.ACE\Branding\Branding.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)

AlternateDataStreams: C:\Windows\notepad.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\basesrv.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\cewmdm.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\clfs.sys:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\clfsw32.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\comctl32.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\corpol.dll:$CmdTcID [130]
AlternateDataStreams: C:\Windows\system32\dxmasf.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\dxtmsft.dll:$CmdTcID [130]
AlternateDataStreams: C:\Windows\system32\dxtrans.dll:$CmdTcID [130]
AlternateDataStreams: C:\Windows\system32\emdmgmt.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\ie4uinit.exe:$CmdTcID [130]
AlternateDataStreams: C:\Windows\system32\iedkcs32.dll:$CmdTcID [130]
AlternateDataStreams: C:\Windows\system32\ieframe.dll:$CmdTcID [130]
AlternateDataStreams: C:\Windows\system32\iepeers.dll:$CmdTcID [130]
AlternateDataStreams: C:\Windows\system32\iernonce.dll:$CmdTcID [130]
AlternateDataStreams: C:\Windows\system32\iertutil.dll:$CmdTcID [130]
AlternateDataStreams: C:\Windows\system32\iesetup.dll:$CmdTcID [130]
AlternateDataStreams: C:\Windows\system32\iesysprep.dll:$CmdTcID [130]
AlternateDataStreams: C:\Windows\system32\ieui.dll:$CmdTcID [130]
AlternateDataStreams: C:\Windows\system32\ieUnatt.exe:$CmdTcID [130]
AlternateDataStreams: C:\Windows\system32\inetcpl.cpl:$CmdTcID [130]
AlternateDataStreams: C:\Windows\system32\jsproxy.dll:$CmdTcID [130]
AlternateDataStreams: C:\Windows\system32\licmgr10.dll:$CmdTcID [130]
AlternateDataStreams: C:\Windows\system32\msctf.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\msdxm.ocx:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\msfeeds.dll:$CmdTcID [130]
AlternateDataStreams: C:\Windows\system32\msfeedsbs.dll:$CmdTcID [130]
AlternateDataStreams: C:\Windows\system32\msfeedssync.exe:$CmdTcID [130]
AlternateDataStreams: C:\Windows\system32\mshtml.dll:$CmdTcID [130]
AlternateDataStreams: C:\Windows\system32\mshtmled.dll:$CmdTcID [130]
AlternateDataStreams: C:\Windows\system32\msi.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\msiexec.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\msmmsp.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\mstime.dll:$CmdTcID [130]
AlternateDataStreams: C:\Windows\system32\mstscax.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\msv1_0.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\ncsi.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\nlaapi.dll:$CmdTcID [130]
AlternateDataStreams: C:\Windows\system32\nlasvc.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\notepad.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\occache.dll:$CmdTcID [130]
AlternateDataStreams: C:\Windows\system32\PresentationCFFRasterizerNativ e_v0300.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\profsvc.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\scesrv.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\services.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\spwmp.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\url.dll:$CmdTcID [130]
AlternateDataStreams: C:\Windows\system32\urlmon.dll:$CmdTcID [130]
AlternateDataStreams: C:\Windows\system32\vbscript.dll:$CmdTcID [130]
AlternateDataStreams: C:\Windows\system32\WebClnt.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\WindowsCodecs.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\wininet.dll:$CmdTcID [130]
AlternateDataStreams: C:\Windows\system32\wmp.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\WMPhoto.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\wmploc.DLL:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\Drivers\ecache.sys:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\Drivers\mountmgr.sys:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\Drivers\mrxsmb.sys:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\Drivers\mrxsmb10.sys:$CmdTcID [130]
AlternateDataStreams: C:\Windows\system32\Drivers\mrxsmb20.sys:$CmdTcID [64]
AlternateDataStreams: C:\ProgramData\TEMP:56AC8DD1 [364]
AlternateDataStreams: C:\ProgramData\TEMP:5C321E34 [118]
AlternateDataStreams: C:\Users\psimoes\Downloads\39F2.tmp:$CmdTcID [64]

==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The “AlternateShell” value will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Min imal\NanoServiceMain => “”=“Service”
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Min imal\PSUAService => “”=“Service”
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Net work\NanoServiceMain => “”=“Service”
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Net work\PSUAService => “”=“Service”

==================== Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)

HKLM...\cmdfile\DefaultIcon: %SystemRoot%\System32\imageres.dll,-68 <===== ATTENTION

==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)

IE restricted site: HKU\S-1-5-21-3399307451-3074549587-1771456082-1000...\008i.com → 008i.com
IE restricted site: HKU\S-1-5-21-3399307451-3074549587-1771456082-1000...\008k.com → 008k.com
IE restricted site: HKU\S-1-5-21-3399307451-3074549587-1771456082-1000...\00hq.com → 00hq.com
IE restricted site: HKU\S-1-5-21-3399307451-3074549587-1771456082-1000...\0190-dialers.com → 0190-dialers.com
IE restricted site: HKU\S-1-5-21-3399307451-3074549587-1771456082-1000...\01i.info → 01i.info
IE restricted site: HKU\S-1-5-21-3399307451-3074549587-1771456082-1000...\02pmnzy5eo29bfk4.com → 02pmnzy5eo29bfk4.com
IE restricted site: HKU\S-1-5-21-3399307451-3074549587-1771456082-1000...\05p.com → 05p.com
IE restricted site: HKU\S-1-5-21-3399307451-3074549587-1771456082-1000...\07ic5do2myz3vzpk.com → 07ic5do2myz3vzpk.com
IE restricted site: HKU\S-1-5-21-3399307451-3074549587-1771456082-1000...\08nigbmwk43i01y6.com → 08nigbmwk43i01y6.com
IE restricted site: HKU\S-1-5-21-3399307451-3074549587-1771456082-1000...\093qpeuqpmz6ebfa.com → 093qpeuqpmz6ebfa.com
IE restricted site: HKU\S-1-5-21-3399307451-3074549587-1771456082-1000...\0calories.net → 0calories.net
IE restricted site: HKU\S-1-5-21-3399307451-3074549587-1771456082-1000...\0cj.net → 0cj.net
IE restricted site: HKU\S-1-5-21-3399307451-3074549587-1771456082-1000...\0scan.com → 0scan.com
IE restricted site: HKU\S-1-5-21-3399307451-3074549587-1771456082-1000...\1-britney-spears-nude.com → 1-britney-spears-nude.com
IE restricted site: HKU\S-1-5-21-3399307451-3074549587-1771456082-1000...\1-domains-registrations.com → 1-domains-registrations.com
IE restricted site: HKU\S-1-5-21-3399307451-3074549587-1771456082-1000...\1-se.com → 1-se.com
IE restricted site: HKU\S-1-5-21-3399307451-3074549587-1771456082-1000...\1001movie.com → 1001movie.com
IE restricted site: HKU\S-1-5-21-3399307451-3074549587-1771456082-1000...\1001night.biz → 1001night.biz
IE restricted site: HKU\S-1-5-21-3399307451-3074549587-1771456082-1000...\100gal.net → 100gal.net
IE restricted site: HKU\S-1-5-21-3399307451-3074549587-1771456082-1000...\100sexlinks.com → 100sexlinks.com

There are 4928 more sites.

==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2015-08-30 23:16 - 2016-11-14 16:26 - 00000781 ____A C:\Windows\system32\Drivers\etc\hosts

127.0.0.1 localhost
::1 localhost

==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-3399307451-3074549587-1771456082-1000\Control Panel\Desktop\Wallpaper → C:\Users\Public\Pictures\Sample Pictures\1Tomorrow.Is.Too.Late_3840x2160.jpg
DNS Servers: 192.168.2.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Pol icies\System => (ConsentPromptBehaviorAdmin: 2) (ConsentPromptBehaviorUser: 1) (EnableLUA: 1)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

MSCONFIG\startupfolder: C:^Users^psimoes^AppData^Roaming^Microsoft^Windows ^Start Menu^Programs^Startup^MagicDisc.lnk => C:\Windows\pss\MagicDisc.lnk.Startup
MSCONFIG\startupfolder: C:^Users^psimoes^AppData^Roaming^Microsoft^Windows ^Start Menu^Programs^Startup^OneNote 2007 Screen Clipper and Launcher.lnk => C:\Windows\pss\OneNote 2007 Screen Clipper and Launcher.lnk.Startup
MSCONFIG\startupreg: APSDaemon => “C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe”
MSCONFIG\startupreg: CLMLServer => “C:\Program Files\CyberLink\PowerCinema for TOSHIBA\Kernel\CLML\CLMLSvc.exe”
MSCONFIG\startupreg: Facebook Update => “C:\Users\psimoes\AppData\Local\Facebook\Update\Fa cebookUpdate.exe” /c /nocrashserver
MSCONFIG\startupreg: GizmoDriveDelegate => “C:\Program Files\Gizmo\gizmo.exe” /RemountStartupImages
MSCONFIG\startupreg: Google Desktop Search => “C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe” /startup
MSCONFIG\startupreg: GrooveMonitor => “C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe”
MSCONFIG\startupreg: iTunesHelper => “C:\Program Files\iTunes\iTunesHelper.exe”
MSCONFIG\startupreg: PCMAgent => “C:\Program Files\CyberLink\PowerCinema for TOSHIBA\PCMAgent.exe”

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [WMP-In-UDP-x86] => (Allow) %ProgramFiles(x86)%\Windows Media Player\wmplayer.exe
FirewallRules: [WMP-Out-UDP-x86] => (Allow) %ProgramFiles(x86)%\Windows Media Player\wmplayer.exe
FirewallRules: [WMP-Out-TCP-x86] => (Allow) %ProgramFiles(x86)%\Windows Media Player\wmplayer.exe
FirewallRules: [{E926E57D-011D-4F63-BCC5-FFCFDC28D091}] => (Allow) %ProgramFiles(x86)%\Windows Media Player\wmplayer.exe
FirewallRules: [{CE504808-152F-4073-8BB9-0F8E7C4D30C6}] => (Allow) %ProgramFiles(x86)%\Windows Media Player\wmplayer.exe
FirewallRules: [{AB3FBA72-52C3-4476-9A38-230DBE05659B}] => (Allow) %ProgramFiles(x86)%\Windows Media Player\wmplayer.exe
FirewallRules: [{4E4E1545-348C-4603-9D75-690DB6DB8EFE}] => (Allow) C:\Program Files\CyberLink\PowerCinema for TOSHIBA\PowerCinema.exe
FirewallRules: [TCP Query User{F4071B34-7CFE-4C17-8437-9596C2C381C9}F:\skype portable\skypeportable\app\skype\phone\skype.exe] => (Allow) F:\skype portable\skypeportable\app\skype\phone\skype.exe
FirewallRules: [UDP Query User{C24E18F8-5581-4198-9A10-66E035373D8D}F:\skype portable\skypeportable\app\skype\phone\skype.exe] => (Allow) F:\skype portable\skypeportable\app\skype\phone\skype.exe
FirewallRules: [{5508EC15-FC59-414B-8296-BE6CEB28AA30}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{053EDA5A-BA5B-43E6-A9CA-47A951F9B941}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{2D3E087C-8E81-4F1B-9559-1DF3121BB6E8}] => (Allow) C:\Program Files\iTunes\iTunes.exe
FirewallRules: [{BC17EFD5-CC08-478F-88B7-00647D78E267}] => (Allow) C:\Program Files\Opera\opera.exe
FirewallRules: [{749477DC-40E0-424C-BF2C-5D11AE5B4F0D}] => (Allow) C:\Program Files\Opera\opera.exe
FirewallRules: [{CE0CD43E-FC3E-4C81-BE78-9ADA48A2EBE7}] => (Allow) LPort=80
FirewallRules: [{DFC70C83-5301-4E07-A711-4F82ADCDB041}] => (Allow) LPort=80
FirewallRules: [{A8F0510A-B6F8-4D99-BB31-973A34F75DC8}] => (Allow) LPort=80
FirewallRules: [{06C8BCEC-FA06-4186-8424-6B4118527424}] => (Allow) C:\Program Files\Windows Live\Contacts\wlcomm.exe
FirewallRules: [{644FAB9F-7CF4-4784-97A7-83EBAA0C4D93}] => (Allow) LPort=2869
FirewallRules: [{EDC55D5F-2A85-447D-9AC6-CBFFA164070A}] => (Allow) LPort=1900
FirewallRules: [{1CED6313-6CFF-400E-9659-877A765C3577}] => (Allow) C:\Program Files\Windows Live\Messenger\msnmsgr.exe
FirewallRules: [{8597E2F7-901E-431F-B328-8B45BBF3ED9B}] => (Allow) C:\Users\psimoes\AppData\Local\Facebook\Video\Skyp e\FacebookVideoCalling.exe
FirewallRules: [{ED520E14-A907-4B64-BE11-43A136ED8F34}] => (Allow) C:\Program Files\Opera\pluginwrapper\opera_plugin_wrapper.exe
FirewallRules: [{5539EF35-A53F-4D74-85F7-7F9B1980CE2E}] => (Allow) C:\Program Files\Opera\pluginwrapper\opera_plugin_wrapper.exe
FirewallRules: [{E9CE9526-4F2B-4E3C-9AD3-BEE1281232E5}] => (Allow) C:\Program Files\Skype\Phone\Skype.exe
FirewallRules: [PotPlayer(PotPlayerMini.exe)] => (Allow) C:\Program Files\Daum\PotPlayer\PotPlayerMini.exe
FirewallRules: [{0517A223-3585-4C97-8C65-922E353A488A}] => (Allow) C:\Program Files\Daum\PotPlayer\PotPlayerMini.exe
FirewallRules: [{7D2FD514-A4E5-4CC9-B468-F507562E3D6D}] => (Allow) C:\Program Files\Opera\opera.exe
FirewallRules: [{03DDC0C0-C324-4C65-807F-D5ACCAB8C97B}] => (Allow) C:\Program Files\Opera\opera.exe
FirewallRules: [{3BE1ADE1-9FCF-4C6E-B2C3-B9CDC8CF02C1}] => (Allow) C:\Program Files\Common Files\Apple\Apple Application Support\WebKit2WebProcess.exe
FirewallRules: [{10DC4ED3-16BD-4AD4-A0C9-A217494AADD6}] => (Allow) C:\Program Files\Belkin\Router Setup and Monitor\BelkinSetup.exe
FirewallRules: [{A50038B0-7B94-4AEF-90BB-920797496DE5}] => (Allow) C:\Program Files\Belkin\Router Setup and Monitor\BelkinSetup.exe
FirewallRules: [{0C879E00-0487-46AE-AA4A-55CC42C8B88F}] => (Allow) C:\Program Files\Belkin\Router Setup and Monitor\BelkinSetup.exe
FirewallRules: [{E592995F-5041-4BE4-98AD-FD51147C132D}] => (Allow) C:\Program Files\Belkin\Router Setup and Monitor\BelkinSetup.exe
FirewallRules: [{99CAAAC5-6302-481A-8ADD-8F14FE4F07BD}] => (Allow) C:\Program Files\Belkin\Router Setup and Monitor\BelkinSetup.exe
FirewallRules: [{DDEFB12B-09E9-40CC-A6AB-B0D4BD757C77}] => (Allow) C:\Program Files\Belkin\Belkin USB Print and Storage Center\Connect.exe
FirewallRules: [{CB24E490-CDFA-41FF-8A07-29998C85F70A}] => (Allow) LPort=19540
FirewallRules: [{9F5B6F3B-419F-4F3A-A35D-0D9DEE60E0A5}] => (Allow) C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSv cHost.exe
FirewallRules: [{BB7189C2-1967-4289-9AE7-08BF8A54A0EE}] => (Allow) C:\Users\psimoes\AppData\Roaming\mjusbsp\magicJack .exe
FirewallRules: [{F22DB67E-0353-4D2A-A88A-15C75CB30662}] => (Allow) C:\Users\psimoes\AppData\Roaming\mjusbsp\magicJack .exe
FirewallRules: [WinCollab-Out-UDP] => (Allow) %ProgramFiles%\Windows Collaboration\WinCollab.exe
FirewallRules: [WinCollab-In-UDP] => (Allow) %ProgramFiles%\Windows Collaboration\WinCollab.exe
FirewallRules: [WinCollab-Out-TCP] => (Allow) %ProgramFiles%\Windows Collaboration\WinCollab.exe
FirewallRules: [WinCollab-In-TCP] => (Allow) %ProgramFiles%\Windows Collaboration\WinCollab.exe
FirewallRules: [WinCollab-DFSR-Out-TCP] => (Allow) %SystemRoot%\system32\dfsr.exe
FirewallRules: [WinCollab-DFSR-In-TCP] => (Allow) %SystemRoot%\system32\dfsr.exe
FirewallRules: [WMPNSS-WMP-Out-TCP-x86] => (Allow) %ProgramFiles(x86)%\Windows Media Player\wmplayer.exe
FirewallRules: [WMPNSS-WMP-Out-UDP-x86] => (Allow) %ProgramFiles(x86)%\Windows Media Player\wmplayer.exe
FirewallRules: [WMPNSS-WMP-In-UDP-x86] => (Allow) %ProgramFiles(x86)%\Windows Media Player\wmplayer.exe
FirewallRules: [WMPNSS-WMP-Out-TCP-NoScope-x86] => (Allow) %ProgramFiles(x86)%\Windows Media Player\wmplayer.exe
FirewallRules: [WMPNSS-WMP-Out-UDP-NoScope-x86] => (Allow) %ProgramFiles(x86)%\Windows Media Player\wmplayer.exe
FirewallRules: [WMPNSS-WMP-In-UDP-NoScope-x86] => (Allow) %ProgramFiles(x86)%\Windows Media Player\wmplayer.exe
FirewallRules: [{7B0956BD-F3D2-483D-B46D-8A8571258DC6}] => (Allow) LPort=80
FirewallRules: [{8AB470CC-8166-471A-8F5F-8CF24CBF9CE7}] => (Allow) LPort=80
FirewallRules: [{E72885C9-C635-4DBF-9775-C607C77F0F91}] => (Allow) LPort=80
FirewallRules: [{8DDDFC3C-8BDF-4BBA-9891-3A893B64887F}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe
FirewallRules: [{1E25327B-000E-445D-A5AE-51F32002A261}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe
FirewallRules: [{9347CC66-D564-4AC1-B23C-48C894338A7C}] => (Allow) C:\Program Files\Google\Chrome\Application\chrome.exe
FirewallRules: [{87104172-30C3-4748-9242-7ADDEF38D8DA}] => (Allow) C:\Program Files\pandasecuritytb\ToolbarCleaner.exe
FirewallRules: [{4CBEC3BA-E216-4C97-B61B-D0483BE0C229}] => (Allow) C:\Program Files\pandasecuritytb\ToolbarCleaner.exe
StandardProfile\AuthorizedApplications: [C:\TOSHIBA\ivp\NetInt\Netint.exe] => Enabled:NIE - Toshiba Software Upgrades Engine
StandardProfile\AuthorizedApplications: [C:\TOSHIBA\Ivp\ISM\pinger.exe] => Enabled:Toshiba Software Upgrades Pinger

==================== Restore Points =========================

28-09-2016 17:42:56 ComboFix created restore point
21-10-2016 12:45:21 Revo Uninstaller’s restore point - Avast Free Antivirus
21-10-2016 13:44:37 Device Driver Package Install: Panda Security, S.L. Network Service

==================== Faulty Device Manager Devices =============

Name: Intel(R) Wireless WiFi Link 4965AGN
Description: Intel(R) Wireless WiFi Link 4965AGN
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Intel Corporation
Service: NETw4v32
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click “Action”, and then click “Enable Device”. This starts the Enable Device wizard. Follow the instructions.

Name:
Description:
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click “Update Driver”, which starts the Hardware Update wizard.

==================== Event log errors: =========================
[HEADING=1]Application errors:[/HEADING]
Error: (11/15/2016 09:46:55 AM) (Source: EventSystem) (EventID: 4609) (User: )
Description: The COM+ Event System detected a bad return code during its internal processing. HRESULT was 8007043c from line 45 of d:\longhorn\com\complus\src\events\tier1\eventsyst emobj.cpp. Please contact Microsoft Product Support Services to report this error.

Error: (11/14/2016 04:25:40 PM) (Source: System Restore) (EventID: 8193) (User: )
Description: Failed to create restore point on volume (Process = C:\Windows\System32\wbem\WmiPrvSE.exe; Descripton = zoek.exe restore point; Hr = 0x8007043c).

Error: (11/14/2016 04:16:28 PM) (Source: EventSystem) (EventID: 4609) (User: )
Description: The COM+ Event System detected a bad return code during its internal processing. HRESULT was 8007043c from line 45 of d:\longhorn\com\complus\src\events\tier1\eventsyst emobj.cpp. Please contact Microsoft Product Support Services to report this error.

Error: (11/14/2016 12:19:37 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application esetonlinescanner_enu.exe, version 2.0.12.0, time stamp 0x57ac3e59, faulting module esetonlinescanner_enu.exe, version 2.0.12.0, time stamp 0x57ac3e59, exception code 0xc0000005, fault offset 0x001b50f3,
process id 0x1710, application start time 0x01d23e2c85df4f3c.

Error: (11/13/2016 11:02:19 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application PCloudCleaner.exe, version 1.4.0.162, time stamp 0x00000000, faulting module kernel32.dll, version 6.0.6002.19623, time stamp 0x56ec36ff, exception code 0x0eedfade, fault offset 0x0003fdb6,
process id 0xa14, application start time 0x01d23e28c8b9dc2c.

Error: (11/13/2016 08:36:36 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 9298

Error: (11/13/2016 08:36:36 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 9298

Error: (11/13/2016 08:36:36 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (11/13/2016 08:36:34 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 7176

Error: (11/13/2016 08:36:34 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 7176
[HEADING=1]System errors:[/HEADING]
Error: (11/15/2016 03:48:21 PM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: The following boot-start or system-start driver(s) failed to load:
Cdr4_xp
tljkva
wayuia

Error: (11/15/2016 03:41:45 PM) (Source: DCOM) (EventID: 10010) (User: )
Description: The server {E10F6C3A-F1AE-4ADC-AA9D-2FE65525666E} did not register with DCOM within the required timeout.

Error: (11/15/2016 10:04:58 AM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: The following boot-start or system-start driver(s) failed to load:
Cdr4_xp
tljkva
wayuia

Error: (11/15/2016 09:59:03 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Panda Protection Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 0 milliseconds: Restart the service.

Error: (11/15/2016 09:59:03 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Panda Product Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 0 milliseconds: Restart the service.

Error: (11/15/2016 09:47:11 AM) (Source: DCOM) (EventID: 10005) (User: )
Description: DCOM got error “1084” attempting to start the service WSearch with arguments “” in order to run the server:
{9E175B6D-F52A-11D8-B9A5-505054503030}

Error: (11/15/2016 09:46:58 AM) (Source: DCOM) (EventID: 10005) (User: )
Description: DCOM got error “1068” attempting to start the service fdPHost with arguments “” in order to run the server:
{145B4335-FE2A-4927-A040-7C35AD3180EF}

Error: (11/15/2016 09:46:55 AM) (Source: DCOM) (EventID: 10005) (User: )
Description: DCOM got error “1084” attempting to start the service EventSystem with arguments “” in order to run the server:
{1BE1F766-5536-11D1-B726-00C04FB926AF}

Error: (11/15/2016 09:46:46 AM) (Source: DCOM) (EventID: 10005) (User: )
Description: DCOM got error “1084” attempting to start the service ShellHWDetection with arguments “” in order to run the server:
{DD522ACC-F821-461A-A407-50B198B896DC}

Error: (11/15/2016 09:46:03 AM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: The following boot-start or system-start driver(s) failed to load:
Cdr4_xp
GizmoDrv
NNSALPC
NNSHTTP
NNSHTTPS
NNSIDS
NNSPICC
NNSPIHSW
NNSPOP3
NNSPROT
NNSPRV
NNSSMTP
NNSSTRM
NNSTLSC
OADevice
oahlpXX
PSINKNC
spldr
tljkva
Wanarpv6
wayuia
[HEADING=1]CodeIntegrity:[/HEADING]
Date: 2016-11-15 17:34:52.710
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\m wac.sys because the set of per-page image hashes could not be found on the system.

Date: 2016-11-15 17:34:52.165
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\m wac.sys because the set of per-page image hashes could not be found on the system.

Date: 2016-11-15 17:34:51.616
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\m wac.sys because the set of per-page image hashes could not be found on the system.

Date: 2016-11-15 17:34:51.045
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\m wac.sys because the set of per-page image hashes could not be found on the system.

Date: 2016-11-15 17:34:50.274
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\m bamchameleon.sys because the set of per-page image hashes could not be found on the system.

Date: 2016-11-15 17:34:49.727
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\m bamchameleon.sys because the set of per-page image hashes could not be found on the system.

Date: 2016-11-15 17:34:49.182
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\m bamchameleon.sys because the set of per-page image hashes could not be found on the system.

Date: 2016-11-15 17:34:48.631
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\m bamchameleon.sys because the set of per-page image hashes could not be found on the system.

Date: 2016-11-15 17:34:22.930
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\P SINReg.sys because the set of per-page image hashes could not be found on the system.

Date: 2016-11-15 17:34:22.388
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\P SINReg.sys because the set of per-page image hashes could not be found on the system.

==================== Memory info ===========================

Processor: Intel(R) Core™2 Duo CPU T5550 @ 1.83GHz
Percentage of memory in use: 54%
Total physical RAM: 3069.21 MB
Available physical RAM: 1384.29 MB
Total Virtual: 6342.66 MB
Available Virtual: 4655.18 MB

==================== Drives ================================

Drive c: (SQ004710V01) (Fixed) (Total:184.85 GB) (Free:15.24 GB) NTFS ==>[drive with boot components (obtained from BCD)]
Drive d: () (Fixed) (Total:186.31 GB) (Free:92.98 GB) NTFS

==================== MBR & Partition Table ==================

================================================== ======
Disk: 0 (Size: 186.3 GB) (Disk ID: 9C9CF735)
Partition 1: (Not Active) - (Size=800 MB) - (Type=27)
Partition 2: (Active) - (Size=184.8 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=698 MB) - (Type=OF Extended)

================================================== ======
Disk: 1 (Size: 186.3 GB) (Disk ID: 33D68AE6)
Partition 1: (Not Active) - (Size=186.3 GB) - (Type=07 NTFS)

==================== End of Addition.txt ============================

Looking, give me about 30 mins…

Go ahead and free up some space with Privazer while you wait, windows performs best when there is at least 15% free space. You have 15 gigs free of 184, 15% is around 30 gigs.

I’ll give it a try. Thanks for the tip.

FRST Fix

Download attached fixlist.txt file and save it to the Desktop. NOTE. It’s important that both files, FRST/FRST64 and fixlist.txt are in the same location or the fix will not work. NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system Run FRST/FRST64 and press the Fix button just once and wait. If for some reason the tool needs a restart, please make sure you let the system restart normally. After that let the tool complete its run. When finished FRST will generate a log on the Desktop (Fixlog.txt). Please post it to your reply.

Here are the FRST results…

Fix result of Farbar Recovery Scan Tool (x86) Version: 12-11-2016
Ran by psimoes (15-11-2016 18:56:02) Run:1
Running from C:\Users\psimoes\Desktop
Loaded Profiles: psimoes (Available Profiles: psimoes & torrents & Guest)
Boot Mode: Normal

==============================================

fixlist content:

---

start
CreateRestorePoint:
CloseProcesses:
HKLM...\Run: [SunJavaUpdateSched] => C:\Program Files\Common Files\Java\Java Update\jusched.exe [256896 2014-07-25] (Oracle Corporation)
HKLM...\Policies\Explorer: [EnableShellExecuteHooks] 1
HKU\S-1-5-21-3399307451-3074549587-1771456082-1000...\Run: [swg] => C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNo tifier.exe [39408 2009-02-16] (Google Inc.)
ShellExecuteHooks: - {AEB6717E-7E19-11d0-97EE-00C04FD91972} - No File
ShellIconOverlayIdentifiers: [00avast] → {472083B0-C522-11CF-8763-00608CC02F24} => No File
GroupPolicy: Restriction ? <======= ATTENTION
GroupPolicy\User: Restriction ? <======= ATTENTION
CHR HKU\S-1-5-21-3399307451-3074549587-1771456082-1000\SOFTWARE\Policies\Google: Restriction <======= ATTENTION
Tcpip\Parameters: [DhcpNameServer] 192.168.2.1
Tcpip..\Interfaces{1D540E3C-1399-47A6-BADF-78CB0BFC08EB}: [NameServer] 208.67.222.222,208.67.220.220
Tcpip..\Interfaces{1D540E3C-1399-47A6-BADF-78CB0BFC08EB}: [DhcpNameServer] 192.168.2.1
Tcpip..\Interfaces{3B2222F8-C9A7-46A7-97F5-F8C4C87BF2CD}: [DhcpNameServer] 192.168.2.1
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKU\S-1-5-21-3399307451-3074549587-1771456082-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
HKU.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
HKU\S-1-5-21-3399307451-3074549587-1771456082-1000\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\S-1-5-21-3399307451-3074549587-1771456082-1000\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
URLSearchHook: [S-1-5-21-3399307451-3074549587-1771456082-1000] ATTENTION => Default URLSearchHook is missing
SearchScopes: HKU\S-1-5-19 → DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 → DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
BHO: SnagIt Toolbar Loader → {00C6482D-C502-44C8-8409-FCE54AD9C208} → C:\Program Files\TechSmith\SnagIt 9\SnagItBHO.dll [2008-05-15] (TechSmith Corporation)
BHO: Google Toolbar Helper → {AA58ED58-01DD-4d91-8333-CF10577473F7} → C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll [2016-04-26] (Google Inc.)
Toolbar: HKLM - SnagIt - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - C:\Program Files\TechSmith\SnagIt 9\SnagItIEAddin.dll [2008-05-15] (TechSmith Corporation)
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll [2016-04-26] (Google Inc.)
Toolbar: HKU\S-1-5-21-3399307451-3074549587-1771456082-1000 → Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll [2016-04-26] (Google Inc.)
DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} hxxp://download.eset.com/special/eos/OnlineScanner.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab
DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C}
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll [2006-10-27] (Microsoft Corporation)
Handler: ms-itss - {0A9007C0-4076-11D3-8789-0000F8105754} - c:\Program Files\Common Files\Microsoft Shared\Information Retrieval\msitss.dll [2007-06-08] (Microsoft Corporation)
FF SearchPlugin: C:\Users\psimoes\AppData\Roaming\Mozilla\Firefox\P rofiles\9yk1vrhk.default\searchplugins\yahoo-avast.xml [2014-06-17]
FF Plugin: @tools.google.com/Google Update;version=3 → C:\Program Files\Google\Update\1.3.31.5\npGoogleUpdate3.dll [2016-07-28] (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 → C:\Program Files\Google\Update\1.3.31.5\npGoogleUpdate3.dll [2016-07-28] (Google Inc.)
FF Plugin HKU\S-1-5-21-3399307451-3074549587-1771456082-1000: @Skype Limited.com/Facebook Video Calling Plugin → C:\Users\psimoes\AppData\Local\Facebook\Video\Skyp e\npFacebookVideoCalling.dll [2014-07-24] (Skype Limited)
CHR StartupUrls: Default → “hxxps://www.startpage.com/”
CHR Extension: (StartPage Search Engine) - C:\Users\psimoes\AppData\Local\Google\Chrome\User Data\Default\Extensions\choepknhbopmendmnohbaemeae emnaom [2016-11-10]
CHR Extension: (HelloSign: Online signatures made easy) - C:\Users\psimoes\AppData\Local\Google\Chrome\User Data\Default\Extensions\kajjckmbclbffbpecfbiecehkf gopppd [2015-09-09]
CHR Extension: (Yesware Reports) - C:\Users\psimoes\AppData\Local\Google\Chrome\User Data\Default\Extensions\kiciehannidbjakcefendokamk jnolhg [2015-09-09]
CHR Extension: (Google Chrome to Phone Extension [DEPRECATED]) - C:\Users\psimoes\AppData\Local\Google\Chrome\User Data\Default\Extensions\oadboiipflhobonjjffjbfekfj cgkhco [2015-12-04]
S4 AcrSch2Svc; no ImagePath
S3 rpcapd; “%ProgramFiles%\WinPcap\rpcapd.exe” -d -f “%ProgramFiles%\WinPcap\rpcapd.ini”
S3 trufos; C:\Windows\System32\drivers\trufos.sys [343456 2015-06-07] (BitDefender S.R.L.)
U0 aswVmm; no ImagePath
S3 catchme; ??\C:\ComboFix\catchme.sys
S3 IpInIp; system32\DRIVERS\ipinip.sys
S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys
S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys
S0 tljkva; no ImagePath
S3 Tosrfcom; no ImagePath
S0 wayuia; no ImagePath
2016-11-12 23:25 - 2016-11-12 23:52 - 00000000 ____D C:\ProgramData\F-Secure
2016-11-12 23:25 - 2016-11-12 23:25 - 00000000 ____D C:\Users\psimoes\AppData\Local\F-Secure
2016-11-12 23:06 - 2016-11-12 23:06 - 00524248 _____ (F-Secure Corporation) C:\Users\psimoes\Desktop\F-SecureOnlineScanner.exe
2016-11-12 23:04 - 2016-11-12 23:04 - 06761600 _____ (ESET spol. s r.o.) C:\Users\psimoes\Desktop\esetonlinescanner_enu.exe
2016-11-13 23:47 - 2011-12-25 20:37 - 00000936 _____ C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3399307451-3074549587-1771456082-1000UA.job
2016-11-13 17:47 - 2011-12-25 20:37 - 00000914 _____ C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3399307451-3074549587-1771456082-1000Core.job
2016-10-21 12:59 - 2012-06-16 00:29 - 00000000 ____D C:\ProgramData\AVAST Software
2015-09-08 15:27 - 2015-09-08 20:18 - 3993600 _____ () C:\Program Files\GUTC12.tmp
2010-02-21 20:14 - 2010-04-02 18:43 - 0000990 ___SH () C:\Users\psimoes\AppData\Roaming\systemfl.$dk
2014-10-13 16:09 - 2014-10-29 03:29 - 0207963 _____ () C:\Users\psimoes\AppData\Local\ars.cache
2014-10-13 16:09 - 2014-10-29 03:29 - 0576849 _____ () C:\Users\psimoes\AppData\Local\census.cache
2010-07-18 20:02 - 2015-05-16 07:08 - 0001356 _____ () C:\Users\psimoes\AppData\Local\d3d9caps.dat
2009-02-16 02:35 - 2011-06-29 21:25 - 0081408 _____ () C:\Users\psimoes\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2014-10-13 15:55 - 2014-10-13 15:55 - 0000036 _____ () C:\Users\psimoes\AppData\Local\housecall.guid.cach e
2014-10-13 16:06 - 2014-10-28 23:31 - 0000010 _____ () C:\Users\psimoes\AppData\Local\sponge.last.runtime .cache
C:\Windows\logo_1.exe
C:\Windows\RUNDL132.EXE
C:\Windows\VDLL.DLL
C:\Windows\System32\runouce.exe
CustomCLSID: HKU\S-1-5-21-3399307451-3074549587-1771456082-1000_Classes\CLSID{01B48E19-3C98-4B34-B679-86D14E74C2D8}\InprocServer32 → no filepath
CustomCLSID: HKU\S-1-5-21-3399307451-3074549587-1771456082-1000_Classes\CLSID{035FBE31-3755-450A-A775-5E6BBD43D344}\InprocServer32 → C:\Users\psimoes\AppData\Local\Google\Update\1.3.2 1.135\psuser.dll => No File
CustomCLSID: HKU\S-1-5-21-3399307451-3074549587-1771456082-1000_Classes\CLSID{039B2CA5-3B41-4D93-AD77-47D3293FC5CB}\InprocServer32 → no filepath
CustomCLSID: HKU\S-1-5-21-3399307451-3074549587-1771456082-1000_Classes\CLSID{095A2EEC-F7FE-42E8-96FB-C20E53081908}\InprocServer32 → no filepath
CustomCLSID: HKU\S-1-5-21-3399307451-3074549587-1771456082-1000_Classes\CLSID{0E55CBE1-B06A-49B6-AD8D-9EFAA0160C6F}\InprocServer32 → no filepath
CustomCLSID: HKU\S-1-5-21-3399307451-3074549587-1771456082-1000_Classes\CLSID{0F22A205-CFB0-4679-8499-A6F44A80A208}\InprocServer32 → C:\Users\psimoes\AppData\Local\Google\Update\1.3.2 5.5\psuser.dll => No File
CustomCLSID: HKU\S-1-5-21-3399307451-3074549587-1771456082-1000_Classes\CLSID{1423F872-3F7F-4E57-B621-8B1A9D49B448}\InprocServer32 → C:\Users\psimoes\AppData\Local\Google\Update\1.3.2 7.5\psuser.dll => No File
CustomCLSID: HKU\S-1-5-21-3399307451-3074549587-1771456082-1000_Classes\CLSID{1FD1FE74-9E3C-4C1C-AEEB-AAB592AD770F}\localserver32 → C:\Users\psimoes\AppData\Local\Facebook\Update\Fac ebookUpdate.exe (Facebook Inc.)
CustomCLSID: HKU\S-1-5-21-3399307451-3074549587-1771456082-1000_Classes\CLSID{22181302-A8A6-4F84-A541-E5CBFC70CC43}\localserver32 → C:\Users\psimoes\AppData\Local\Google\Update\1.3.3 1.5\GoogleUpdateOnDemand.exe (Google Inc.)
CustomCLSID: HKU\S-1-5-21-3399307451-3074549587-1771456082-1000_Classes\CLSID{29A96789-9595-4947-BEDB-0FCC776F7DB8}\InprocServer32 → no filepath
CustomCLSID: HKU\S-1-5-21-3399307451-3074549587-1771456082-1000_Classes\CLSID{320F0FDB-BE0A-4648-9D18-4A2C3448C007}\InprocServer32 → no filepath
CustomCLSID: HKU\S-1-5-21-3399307451-3074549587-1771456082-1000_Classes\CLSID{355EC88A-02E2-4547-9DEE-F87426484BD1}\InprocServer32 → C:\Users\psimoes\AppData\Local\Google\Update\1.3.2 3.9\psuser.dll => No File
CustomCLSID: HKU\S-1-5-21-3399307451-3074549587-1771456082-1000_Classes\CLSID{42481700-CF3C-4D05-8EC6-F9A1C57E8DC0}\InprocServer32 → no filepath
CustomCLSID: HKU\S-1-5-21-3399307451-3074549587-1771456082-1000_Classes\CLSID{4DF0C730-DF9D-4AE3-9153-AA6B82E9795A}\InprocServer32 → no filepath
CustomCLSID: HKU\S-1-5-21-3399307451-3074549587-1771456082-1000_Classes\CLSID{590C4387-5EBD-4D46-8A84-CD0BA2EF2856}\InprocServer32 → C:\Users\psimoes\AppData\Local\Google\Update\1.3.3 0.3\psuser.dll => No File
CustomCLSID: HKU\S-1-5-21-3399307451-3074549587-1771456082-1000_Classes\CLSID{5C8C2A98-6133-4EBA-BBCC-34D9EA01FC2E}\InprocServer32 → C:\Users\psimoes\AppData\Local\Google\Update\1.3.2 8.1\psuser.dll => No File
CustomCLSID: HKU\S-1-5-21-3399307451-3074549587-1771456082-1000_Classes\CLSID{5E71E4F3-E8C7-4906-9626-973E418762B6}\InprocServer32 → C:\Users\psimoes\AppData\Local\Facebook\Update\1.2 .205.0\goopdate.dll (Facebook Inc.)
CustomCLSID: HKU\S-1-5-21-3399307451-3074549587-1771456082-1000_Classes\CLSID{62A0D750-DED9-448C-B693-406B34BB0892}\InprocServer32 → C:\Users\psimoes\AppData\Local\Google\Update\1.3.2 1.145\psuser.dll => No File
CustomCLSID: HKU\S-1-5-21-3399307451-3074549587-1771456082-1000_Classes\CLSID{634059C0-D264-4B2C-AE80-F73E48D33E5B}\InprocServer32 → C:\Users\psimoes\AppData\Local\Google\Update\1.3.2 1.123\psuser.dll => No File
CustomCLSID: HKU\S-1-5-21-3399307451-3074549587-1771456082-1000_Classes\CLSID{6D7374DE-63AA-473C-8C02-60D9CDCD84C5}\InprocServer32 → C:\Users\psimoes\AppData\Local\Google\Update\1.3.2 1.153\psuser.dll => No File
CustomCLSID: HKU\S-1-5-21-3399307451-3074549587-1771456082-1000_Classes\CLSID{78550997-5DEF-4A8A-BAF9-D5774E87AC98}\InprocServer32 → C:\Users\psimoes\AppData\Local\Google\Update\1.3.2 8.13\psuser.dll => No File
CustomCLSID: HKU\S-1-5-21-3399307451-3074549587-1771456082-1000_Classes\CLSID{793EE463-1304-471C-ADF1-68C2FFB01247}\InprocServer32 → C:\Users\psimoes\AppData\Local\Google\Update\1.3.2 9.5\psuser.dll => No File
CustomCLSID: HKU\S-1-5-21-3399307451-3074549587-1771456082-1000_Classes\CLSID{90B3DFBF-AF6A-4EA0-8899-F332194690F8}\InprocServer32 → C:\Users\psimoes\AppData\Local\Google\Update\1.3.2 4.15\psuser.dll => No File
CustomCLSID: HKU\S-1-5-21-3399307451-3074549587-1771456082-1000_Classes\CLSID{91EFB276-CEFE-48EC-BB3A-57795A7B4008}\InprocServer32 → C:\Users\psimoes\AppData\Local\Google\Update\1.3.2 1.149\psuser.dll => No File
CustomCLSID: HKU\S-1-5-21-3399307451-3074549587-1771456082-1000_Classes\CLSID{A45426FB-E444-42B2-AA56-419F8FBEEC61}\InprocServer32 → C:\Users\psimoes\AppData\Local\Google\Update\1.3.2 2.3\psuser.dll => No File
CustomCLSID: HKU\S-1-5-21-3399307451-3074549587-1771456082-1000_Classes\CLSID{A4EEBF66-92EB-4F2A-9F1E-2F6D14B30DA6}\InprocServer32 → no filepath
CustomCLSID: HKU\S-1-5-21-3399307451-3074549587-1771456082-1000_Classes\CLSID{A54D478D-4F70-4F72-9A74-17C9986E35AB}\InprocServer32 → C:\Users\psimoes\AppData\Local\Google\Update\1.3.2 1.165\psuser.dll => No File
CustomCLSID: HKU\S-1-5-21-3399307451-3074549587-1771456082-1000_Classes\CLSID{C3BC25C0-FCD3-4F01-AFDD-41373F017C9A}\InprocServer32 → C:\Users\psimoes\AppData\Local\Google\Update\1.3.2 6.9\psuser.dll => No File
CustomCLSID: HKU\S-1-5-21-3399307451-3074549587-1771456082-1000_Classes\CLSID{C5A2122B-A05B-4FD8-AE49-91990AE10998}\InprocServer32 → no filepath
CustomCLSID: HKU\S-1-5-21-3399307451-3074549587-1771456082-1000_Classes\CLSID{CC182BE1-84CE-4A57-B85C-FD4BBDF78CB2}\InprocServer32 → C:\Users\psimoes\AppData\Local\Google\Update\1.3.2 9.1\psuser.dll => No File
CustomCLSID: HKU\S-1-5-21-3399307451-3074549587-1771456082-1000_Classes\CLSID{D0336C0B-7919-4C04-8CCE-2EBAE2ECE8C9}\InprocServer32 → C:\Users\psimoes\AppData\Local\Google\Update\1.3.2 5.11\psuser.dll => No File
CustomCLSID: HKU\S-1-5-21-3399307451-3074549587-1771456082-1000_Classes\CLSID{D0D38C6E-BF64-4C42-840D-3E0019D9F7A6}\InprocServer32 → no filepath
CustomCLSID: HKU\S-1-5-21-3399307451-3074549587-1771456082-1000_Classes\CLSID{D1EDC4F5-7F4D-4B12-906A-614ECF66DDAF}\InprocServer32 → C:\Users\psimoes\AppData\Local\Google\Update\1.3.2 8.15\psuser.dll => No File
CustomCLSID: HKU\S-1-5-21-3399307451-3074549587-1771456082-1000_Classes\CLSID{D9144DCD-E998-4ECA-AB6A-DCD83CCBA16D}\InprocServer32 → no filepath
CustomCLSID: HKU\S-1-5-21-3399307451-3074549587-1771456082-1000_Classes\CLSID{DB25D157-76D4-41C1-97B5-359E4A4CECEB}\InprocServer32 → no filepath
CustomCLSID: HKU\S-1-5-21-3399307451-3074549587-1771456082-1000_Classes\CLSID{E5F07F0E-C4AE-4AA8-AE7E-FC3DB683977E}\InprocServer32 → no filepath
CustomCLSID: HKU\S-1-5-21-3399307451-3074549587-1771456082-1000_Classes\CLSID{EB06378B-ABB6-4B3C-9B40-D488DD8A6E93}\InprocServer32 → C:\Users\psimoes\AppData\Local\Google\Update\1.3.2 2.5\psuser.dll => No File
CustomCLSID: HKU\S-1-5-21-3399307451-3074549587-1771456082-1000_Classes\CLSID{FB994D36-B312-46CE-A40B-CF63980641F9}\InprocServer32 → no filepath
CustomCLSID: HKU\S-1-5-21-3399307451-3074549587-1771456082-1000_Classes\CLSID{FE498BAB-CB4C-4F88-AC3F-3641AAAF5E9E}\InprocServer32 → C:\Users\psimoes\AppData\Local\Google\Update\1.3.2 4.7\psuser.dll => No File
Task: {0D161987-AD10-4D61-B6AF-08F1AF26C734} - System32\Tasks\Microsoft\Windows Defender\MP Scheduled Signature Update => c:\program files\windows defender\MpCmdRun.exe [2008-01-20] (Microsoft Corporation)
Task: {10F2238D-1EFD-497B-9F82-2ED7F4C95DD0} - System32\Tasks\FacebookUpdateTaskUserS-1-5-21-3399307451-3074549587-1771456082-1000UA => C:\Users\psimoes\AppData\Local\Facebook\Update\Fac ebookUpdate.exe [2012-07-11] (Facebook Inc.)
Task: {363B5A23-E3F2-4920-96D6-0FE18DF74777} - System32\Tasks\SafeZone scheduled Autoupdate 1464051125 => C:\Program Files\AVAST Software\SZBrowser\launcher.exe
C:\Program Files\AVAST Software\SZBrowser\launcher.exe
Task: {81E48EDE-D2AC-4A54-B5A4-CAC8152C6D87} - System32\Tasks\FacebookUpdateTaskUserS-1-5-21-3399307451-3074549587-1771456082-1000Core => C:\Users\psimoes\AppData\Local\Facebook\Update\Fac ebookUpdate.exe [2012-07-11] (Facebook Inc.)
C:\Program Files\AVAST Software
Task: C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3399307451-3074549587-1771456082-1000Core.job => C:\Users\psimoes\AppData\Local\Facebook\Update\Fac ebookUpdate.exe
Task: C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3399307451-3074549587-1771456082-1000UA.job => C:\Users\psimoes\AppData\Local\Facebook\Update\Fac ebookUpdate.exe
ShortcutWithArgument: C:\Users\psimoes\AppData\Roaming\Microsoft\Windows \Start Menu\Programs\Chrome Apps\Send Anywhere (File Transfer).lnk → C:\Program Files\Google\Chrome\Application\chrome.exe (Google Inc.) → --profile-directory=Default --app-id=hihbikoooaenkpdooehgemieligjejcb
ShortcutWithArgument: C:\Users\psimoes\AppData\Roaming\Microsoft\Windows \Start Menu\Programs\Chrome Apps\StartPage Search Engine.lnk → C:\Program Files\Google\Chrome\Application\chrome.exe (Google Inc.) → --profile-directory=Default --app-id=choepknhbopmendmnohbaemeaeemnaom
AlternateDataStreams: C:\ProgramData\TEMP:56AC8DD1 [364]
AlternateDataStreams: C:\ProgramData\TEMP:5C321E34 [118]
HKLM...\cmdfile\DefaultIcon: %SystemRoot%\System32\imageres.dll,-68 <===== ATTENTION
Hosts:
CMD: netsh advfirewall reset
CMD: netsh advfirewall set allprofiles state Off
RemoveProxy:
CMD: ipconfig /flushdns
Emptytemp:
reboot:
end

---

Restore point was successfully created.
Processes closed successfully.
HKLM\Software\Microsoft\Windows\CurrentVersion\Run \SunJavaUpdateSched => value removed successfully.
HKLM\Software\Microsoft\Windows\CurrentVersion\Pol icies\Explorer\EnableShellExecuteHooks => value removed successfully.
HKU\S-1-5-21-3399307451-3074549587-1771456082-1000\Software\Microsoft\Windows\CurrentVersion\Run \swg => value removed successfully.
HKLM\Software\Microsoft\Windows\CurrentVersion\exp lorer\ShellExecuteHooks\{AEB6717E-7E19-11d0-97EE-00C04FD91972} => value not found.
HKCR\CLSID{AEB6717E-7E19-11d0-97EE-00C04FD91972} => key not found.
“HKLM\Software\Microsoft\Windows\CurrentVersion\Ex plorer\ShellIconOverlayIdentifiers\00avast” => key removed successfully.
HKCR\CLSID{472083B0-C522-11CF-8763-00608CC02F24} => key not found.
“C:\Windows\system32\GroupPolicy\Machine” => not found.
“C:\Windows\system32\GroupPolicy\User” => not found.
HKU\S-1-5-21-3399307451-3074549587-1771456082-1000\SOFTWARE\Policies\Google => key not found.
HKLM\System\CurrentControlSet\Services\Tcpip\Param eters\DhcpNameServer => value removed successfully.
HKLM\System\CurrentControlSet\Services\Tcpip\Param eters\Interfaces{1D540E3C-1399-47A6-BADF-78CB0BFC08EB}\NameServer => value removed successfully.
HKLM\System\CurrentControlSet\Services\Tcpip\Param eters\Interfaces{1D540E3C-1399-47A6-BADF-78CB0BFC08EB}\DhcpNameServer => value removed successfully.
HKLM\System\CurrentControlSet\Services\Tcpip\Param eters\Interfaces{3B2222F8-C9A7-46A7-97F5-F8C4C87BF2CD}\DhcpNameServer => value removed successfully.
“HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer” => key removed successfully.
“HKU\S-1-5-21-3399307451-3074549587-1771456082-1000\SOFTWARE\Policies\Microsoft\Internet Explorer” => key removed successfully.
HKLM\Software\Microsoft\Internet Explorer\Main\Start Page => value restored successfully
HKLM\Software\Microsoft\Internet Explorer\Main\Local Page => value restored successfully
HKU.DEFAULT\Software\Microsoft\Internet Explorer\Main\Search Page => value removed successfully.
HKU.DEFAULT\Software\Microsoft\Internet Explorer\Main\Start Page => value removed successfully.
HKU\S-1-5-21-3399307451-3074549587-1771456082-1000\Software\Microsoft\Internet Explorer\Main\Search Page => value restored successfully
HKU\S-1-5-21-3399307451-3074549587-1771456082-1000\Software\Microsoft\Internet Explorer\Main\Start Page => value restored successfully
Could not restore Default URLSearchHook.
HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\DefaultScope => value removed successfully.
HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\DefaultScope => value removed successfully.
“HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ex plorer\Browser Helper Objects{00C6482D-C502-44C8-8409-FCE54AD9C208}” => key removed successfully.
“HKCR\CLSID{00C6482D-C502-44C8-8409-FCE54AD9C208}” => key removed successfully.
“HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ex plorer\Browser Helper Objects{AA58ED58-01DD-4d91-8333-CF10577473F7}” => key removed successfully.
“HKCR\CLSID{AA58ED58-01DD-4d91-8333-CF10577473F7}” => key removed successfully.
HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar\{8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} => value removed successfully.
“HKCR\CLSID{8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3}” => key removed successfully.
HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar\{2318C2B1-4965-11d4-9B18-009027A5CD4F} => value removed successfully.
“HKCR\CLSID{2318C2B1-4965-11d4-9B18-009027A5CD4F}” => key removed successfully.
HKU\S-1-5-21-3399307451-3074549587-1771456082-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\{2318C2B1-4965-11D4-9B18-009027A5CD4F} => value removed successfully.
HKCR\CLSID{2318C2B1-4965-11D4-9B18-009027A5CD4F} => key not found.
“HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units{7530BFB8-7293-4D34-9923-61A11451AFC5}” => key removed successfully.
“HKCR\CLSID{7530BFB8-7293-4D34-9923-61A11451AFC5}” => key removed successfully.
“HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}” => key removed successfully.
“HKCR\CLSID{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}” => key removed successfully.
“HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units{E06E2E99-0AA1-11D4-ABA6-0060082AA75C}” => key removed successfully.
“HKCR\CLSID{E06E2E99-0AA1-11D4-ABA6-0060082AA75C}” => key removed successfully.
“HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units{E2883E8F-472F-4FB0-9522-AC9BF37916A7}” => key removed successfully.
HKCR\CLSID{E2883E8F-472F-4FB0-9522-AC9BF37916A7} => key not found.
“HKCR\PROTOCOLS\Handler\grooveLocalGWS” => key removed successfully.
“HKCR\CLSID{88FED34C-F0CA-4636-A375-3CB6248B04CD}” => key removed successfully.
“HKCR\PROTOCOLS\Handler\ms-itss” => key removed successfully.
“HKCR\CLSID{0A9007C0-4076-11D3-8789-0000F8105754}” => key removed successfully.
“C:\Users\psimoes\AppData\Roaming\Mozilla\Firefox\ Profiles\9yk1vrhk.default\searchplugins\yahoo-avast.xml” => not found.
“HKLM\Software\MozillaPlugins@tools.google.com/Google Update;version=3” => key removed successfully.
C:\Program Files\Google\Update\1.3.31.5\npGoogleUpdate3.dll => moved successfully
“HKLM\Software\MozillaPlugins@tools.google.com/Google Update;version=9” => key removed successfully.
“C:\Program Files\Google\Update\1.3.31.5\npGoogleUpdate3.dll” => not found.
“HKU\S-1-5-21-3399307451-3074549587-1771456082-1000\Software\MozillaPlugins@Skype Limited.com/Facebook Video Calling Plugin” => key removed successfully.
C:\Users\psimoes\AppData\Local\Facebook\Video\Skyp e\npFacebookVideoCalling.dll => moved successfully
Chrome StartupUrls => removed successfully.

“C:\Users\psimoes\AppData\Local\Google\Chrome\User Data\Default\Extensions\choepknhbopmendmnohbaemeae emnaom” folder move:

Could not move “C:\Users\psimoes\AppData\Local\Google\Chrome\User Data\Default\Extensions\choepknhbopmendmnohbaemeae emnaom” => Scheduled to move on reboot.

C:\Users\psimoes\AppData\Local\Google\Chrome\User Data\Default\Extensions\kajjckmbclbffbpecfbiecehkf gopppd => moved successfully
C:\Users\psimoes\AppData\Local\Google\Chrome\User Data\Default\Extensions\kiciehannidbjakcefendokamk jnolhg => moved successfully
C:\Users\psimoes\AppData\Local\Google\Chrome\User Data\Default\Extensions\oadboiipflhobonjjffjbfekfj cgkhco => not found.
AcrSch2Svc => service removed successfully.
rpcapd => service removed successfully.
trufos => service removed successfully.
aswVmm => service removed successfully.
catchme => service removed successfully.
IpInIp => service removed successfully.
NwlnkFlt => service removed successfully.
NwlnkFwd => service removed successfully.
tljkva => service removed successfully.
Tosrfcom => service removed successfully.
wayuia => service removed successfully.
C:\ProgramData\F-Secure => moved successfully
C:\Users\psimoes\AppData\Local\F-Secure => moved successfully
C:\Users\psimoes\Desktop\F-SecureOnlineScanner.exe => moved successfully
C:\Users\psimoes\Desktop\esetonlinescanner_enu.exe => moved successfully
C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3399307451-3074549587-1771456082-1000UA.job => moved successfully
C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3399307451-3074549587-1771456082-1000Core.job => moved successfully
C:\ProgramData\AVAST Software => moved successfully
“C:\Program Files\GUTC12.tmp” => not found.
C:\Users\psimoes\AppData\Roaming\systemfl.$dk => moved successfully
C:\Users\psimoes\AppData\Local\ars.cache => moved successfully
C:\Users\psimoes\AppData\Local\census.cache => moved successfully
C:\Users\psimoes\AppData\Local\d3d9caps.dat => moved successfully
C:\Users\psimoes\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini => moved successfully
C:\Users\psimoes\AppData\Local\housecall.guid.cach e => moved successfully
C:\Users\psimoes\AppData\Local\sponge.last.runtime .cache => moved successfully
C:\Windows\logo_1.exe => moved successfully
C:\Windows\RUNDL132.EXE => moved successfully
C:\Windows\VDLL.DLL => moved successfully
C:\Windows\System32\runouce.exe => moved successfully
“HKU\S-1-5-21-3399307451-3074549587-1771456082-1000_Classes\CLSID{01B48E19-3C98-4B34-B679-86D14E74C2D8}” => key removed successfully.
“HKU\S-1-5-21-3399307451-3074549587-1771456082-1000_Classes\CLSID{035FBE31-3755-450A-A775-5E6BBD43D344}” => key removed successfully.
“HKU\S-1-5-21-3399307451-3074549587-1771456082-1000_Classes\CLSID{039B2CA5-3B41-4D93-AD77-47D3293FC5CB}” => key removed successfully.
“HKU\S-1-5-21-3399307451-3074549587-1771456082-1000_Classes\CLSID{095A2EEC-F7FE-42E8-96FB-C20E53081908}” => key removed successfully.
“HKU\S-1-5-21-3399307451-3074549587-1771456082-1000_Classes\CLSID{0E55CBE1-B06A-49B6-AD8D-9EFAA0160C6F}” => key removed successfully.
“HKU\S-1-5-21-3399307451-3074549587-1771456082-1000_Classes\CLSID{0F22A205-CFB0-4679-8499-A6F44A80A208}” => key removed successfully.
“HKU\S-1-5-21-3399307451-3074549587-1771456082-1000_Classes\CLSID{1423F872-3F7F-4E57-B621-8B1A9D49B448}” => key removed successfully.
“HKU\S-1-5-21-3399307451-3074549587-1771456082-1000_Classes\CLSID{1FD1FE74-9E3C-4C1C-AEEB-AAB592AD770F}” => key removed successfully.
“HKU\S-1-5-21-3399307451-3074549587-1771456082-1000_Classes\CLSID{22181302-A8A6-4F84-A541-E5CBFC70CC43}” => key removed successfully.
“HKU\S-1-5-21-3399307451-3074549587-1771456082-1000_Classes\CLSID{29A96789-9595-4947-BEDB-0FCC776F7DB8}” => key removed successfully.
“HKU\S-1-5-21-3399307451-3074549587-1771456082-1000_Classes\CLSID{320F0FDB-BE0A-4648-9D18-4A2C3448C007}” => key removed successfully.
“HKU\S-1-5-21-3399307451-3074549587-1771456082-1000_Classes\CLSID{355EC88A-02E2-4547-9DEE-F87426484BD1}” => key removed successfully.
“HKU\S-1-5-21-3399307451-3074549587-1771456082-1000_Classes\CLSID{42481700-CF3C-4D05-8EC6-F9A1C57E8DC0}” => key removed successfully.
“HKU\S-1-5-21-3399307451-3074549587-1771456082-1000_Classes\CLSID{4DF0C730-DF9D-4AE3-9153-AA6B82E9795A}” => key removed successfully.
“HKU\S-1-5-21-3399307451-3074549587-1771456082-1000_Classes\CLSID{590C4387-5EBD-4D46-8A84-CD0BA2EF2856}” => key removed successfully.
“HKU\S-1-5-21-3399307451-3074549587-1771456082-1000_Classes\CLSID{5C8C2A98-6133-4EBA-BBCC-34D9EA01FC2E}” => key removed successfully.
“HKU\S-1-5-21-3399307451-3074549587-1771456082-1000_Classes\CLSID{5E71E4F3-E8C7-4906-9626-973E418762B6}” => key removed successfully.
“HKU\S-1-5-21-3399307451-3074549587-1771456082-1000_Classes\CLSID{62A0D750-DED9-448C-B693-406B34BB0892}” => key removed successfully.
“HKU\S-1-5-21-3399307451-3074549587-1771456082-1000_Classes\CLSID{634059C0-D264-4B2C-AE80-F73E48D33E5B}” => key removed successfully.
“HKU\S-1-5-21-3399307451-3074549587-1771456082-1000_Classes\CLSID{6D7374DE-63AA-473C-8C02-60D9CDCD84C5}” => key removed successfully.
“HKU\S-1-5-21-3399307451-3074549587-1771456082-1000_Classes\CLSID{78550997-5DEF-4A8A-BAF9-D5774E87AC98}” => key removed successfully.
“HKU\S-1-5-21-3399307451-3074549587-1771456082-1000_Classes\CLSID{793EE463-1304-471C-ADF1-68C2FFB01247}” => key removed successfully.
“HKU\S-1-5-21-3399307451-3074549587-1771456082-1000_Classes\CLSID{90B3DFBF-AF6A-4EA0-8899-F332194690F8}” => key removed successfully.
“HKU\S-1-5-21-3399307451-3074549587-1771456082-1000_Classes\CLSID{91EFB276-CEFE-48EC-BB3A-57795A7B4008}” => key removed successfully.
“HKU\S-1-5-21-3399307451-3074549587-1771456082-1000_Classes\CLSID{A45426FB-E444-42B2-AA56-419F8FBEEC61}” => key removed successfully.
“HKU\S-1-5-21-3399307451-3074549587-1771456082-1000_Classes\CLSID{A4EEBF66-92EB-4F2A-9F1E-2F6D14B30DA6}” => key removed successfully.
“HKU\S-1-5-21-3399307451-3074549587-1771456082-1000_Classes\CLSID{A54D478D-4F70-4F72-9A74-17C9986E35AB}” => key removed successfully.
“HKU\S-1-5-21-3399307451-3074549587-1771456082-1000_Classes\CLSID{C3BC25C0-FCD3-4F01-AFDD-41373F017C9A}” => key removed successfully.
“HKU\S-1-5-21-3399307451-3074549587-1771456082-1000_Classes\CLSID{C5A2122B-A05B-4FD8-AE49-91990AE10998}” => key removed successfully.
“HKU\S-1-5-21-3399307451-3074549587-1771456082-1000_Classes\CLSID{CC182BE1-84CE-4A57-B85C-FD4BBDF78CB2}” => key removed successfully.
“HKU\S-1-5-21-3399307451-3074549587-1771456082-1000_Classes\CLSID{D0336C0B-7919-4C04-8CCE-2EBAE2ECE8C9}” => key removed successfully.
“HKU\S-1-5-21-3399307451-3074549587-1771456082-1000_Classes\CLSID{D0D38C6E-BF64-4C42-840D-3E0019D9F7A6}” => key removed successfully.
“HKU\S-1-5-21-3399307451-3074549587-1771456082-1000_Classes\CLSID{D1EDC4F5-7F4D-4B12-906A-614ECF66DDAF}” => key removed successfully.
“HKU\S-1-5-21-3399307451-3074549587-1771456082-1000_Classes\CLSID{D9144DCD-E998-4ECA-AB6A-DCD83CCBA16D}” => key removed successfully.
“HKU\S-1-5-21-3399307451-3074549587-1771456082-1000_Classes\CLSID{DB25D157-76D4-41C1-97B5-359E4A4CECEB}” => key removed successfully.
“HKU\S-1-5-21-3399307451-3074549587-1771456082-1000_Classes\CLSID{E5F07F0E-C4AE-4AA8-AE7E-FC3DB683977E}” => key removed successfully.
“HKU\S-1-5-21-3399307451-3074549587-1771456082-1000_Classes\CLSID{EB06378B-ABB6-4B3C-9B40-D488DD8A6E93}” => key removed successfully.
“HKU\S-1-5-21-3399307451-3074549587-1771456082-1000_Classes\CLSID{FB994D36-B312-46CE-A40B-CF63980641F9}” => key removed successfully.
“HKU\S-1-5-21-3399307451-3074549587-1771456082-1000_Classes\CLSID{FE498BAB-CB4C-4F88-AC3F-3641AAAF5E9E}” => key removed successfully.
“HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain{0D16198 7-AD10-4D61-B6AF-08F1AF26C734}” => key removed successfully.
“HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks{0D16198 7-AD10-4D61-B6AF-08F1AF26C734}” => key removed successfully.
C:\Windows\System32\Tasks\Microsoft\Windows Defender\MP Scheduled Signature Update => moved successfully
“HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsof t\Windows Defender\MP Scheduled Signature Update” => key removed successfully.
“HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain{10F2238 D-1EFD-497B-9F82-2ED7F4C95DD0}” => key removed successfully.
“HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks{10F2238 D-1EFD-497B-9F82-2ED7F4C95DD0}” => key removed successfully.
C:\Windows\System32\Tasks\FacebookUpdateTaskUserS-1-5-21-3399307451-3074549587-1771456082-1000UA => moved successfully
“HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Facebook UpdateTaskUserS-1-5-21-3399307451-3074549587-1771456082-1000UA” => key removed successfully.
“HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Boot{363B5A23-E3F2-4920-96D6-0FE18DF74777}” => key removed successfully.
“HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks{363B5A2 3-E3F2-4920-96D6-0FE18DF74777}” => key removed successfully.
C:\Windows\System32\Tasks\SafeZone scheduled Autoupdate 1464051125 => moved successfully
“HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\SafeZone scheduled Autoupdate 1464051125” => key removed successfully.
“C:\Program Files\AVAST Software\SZBrowser\launcher.exe” => not found.
“HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain{81E48ED E-D2AC-4A54-B5A4-CAC8152C6D87}” => key removed successfully.
“HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks{81E48ED E-D2AC-4A54-B5A4-CAC8152C6D87}” => key removed successfully.
C:\Windows\System32\Tasks\FacebookUpdateTaskUserS-1-5-21-3399307451-3074549587-1771456082-1000Core => moved successfully
“HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Facebook UpdateTaskUserS-1-5-21-3399307451-3074549587-1771456082-1000Core” => key removed successfully.
“C:\Program Files\AVAST Software” => not found.
C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3399307451-3074549587-1771456082-1000Core.job => not found.
C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3399307451-3074549587-1771456082-1000UA.job => not found.
C:\Users\psimoes\AppData\Roaming\Microsoft\Windows \Start Menu\Programs\Chrome Apps\Send Anywhere (File Transfer).lnk => Shortcut argument removed successfully..
C:\Users\psimoes\AppData\Roaming\Microsoft\Windows \Start Menu\Programs\Chrome Apps\StartPage Search Engine.lnk => Shortcut argument removed successfully..
C:\ProgramData\TEMP => “:56AC8DD1” ADS removed successfully..
C:\ProgramData\TEMP => “:5C321E34” ADS removed successfully..
HKLM\Software\Classes\cmdfile\DefaultIcon\Default => value restored successfully
C:\Windows\System32\Drivers\etc\hosts => moved successfully
Hosts restored successfully.

========= netsh advfirewall reset =========

Ok.

========= End of CMD: =========

========= netsh advfirewall set allprofiles state Off =========

Ok.

========= End of CMD: =========

========= RemoveProxy: =========

HKU.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVers ion\Internet Settings\Connections\DefaultConnectionSettings => value removed successfully.
HKU.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVers ion\Internet Settings\Connections\SavedLegacySettings => value removed successfully.
HKU\S-1-5-21-3399307451-3074549587-1771456082-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Int ernet Settings\Connections\DefaultConnectionSettings => value removed successfully.
HKU\S-1-5-21-3399307451-3074549587-1771456082-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Int ernet Settings\Connections\SavedLegacySettings => value removed successfully.

========= End of RemoveProxy: =========

========= ipconfig /flushdns =========

Windows IP Configuration

Successfully flushed the DNS Resolver Cache.

========= End of CMD: =========

=========== EmptyTemp: ==========

BITS transfer queue => 4194304 B
DOMStoree, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 17034736 B
Java, Flash, Steam htmlcache => 0 B
Windows/system/drivers => 1362250 B
Edge => 0 B
Chrome => 146354841 B
Firefox => 79764958 B
Opera => 18003107 B

Temp, IE cache, history, cookies, recent:
Default => 33125 B
Public => 0 B
ProgramData => 0 B
systemprofile => 100481 B
LocalService => 33125 B
NetworkService => 692 B
psimoes => 14027374 B
torrents => 66325 B
Guest => 305953 B

RecycleBin => 0 B
EmptyTemp: => 268.3 MB temporary data Removed.

================================

Result of scheduled files to move (Boot Mode: Normal) (Date&Time: 15-11-2016 19:04:15)

C:\Users\psimoes\AppData\Local\Google\Chrome\User Data\Default\Extensions\choepknhbopmendmnohbaemeae emnaom => is moved successfully

==== End of Fixlog 19:04:16 ====

How are things now?

Overall things are MUCH better. The malware appears to be gone. Web browsers are not crashing. Programs open smoothly, quickly, … great for an old laptop.

Thanks. What a relief.

But browsers were loading quicker, more smoothly after running Zemana & Malwarebytes. Before the last run of FRST

Is another reboot needed?

Sure, but I would also suggest disabling some startup items as well. Let’s take a look at what can go.

Security Check Scan.

[ul]
[li]Download Security Check to your desktop.[/li][li]Right click it run as administrator.[/li][li]When the program completes, the tool will automatically open a log file.[/li][li]Please post that log here in your next post.[/li][/ul]
HijackThis.

1- Please click HERE to download HijackThis.
2- Run the program.
3- Click on the Main Menu button if not already there.
4- Select Do a system scan and save a logfile.

Download Autoruns and Autorunsc Unzip it to your desktop and then double click autoruns.exe
After the scan is finished then click on File>>>>>>>>>>>Save
The default name will be autoruns.arn make sure to save it as Autoruns.txt under the file type option.
in other words make sure it is a .txt file instead of .arn Attach the text in your next reply.

Might not be a bad idea to reset your browsers, considering the age of this machine…

Also, a quick little bit of info to get your internet settings in the optimum area. (y)

Disable IPV6

Configure IPv6 for advanced users - Windows Server | Microsoft Learn

Change some settings.

Use this tool to remove the Tunnel adapters.

Disable Computer Browser Service

1. Press the Windows + R key at the same time, a Run Window will appear
2. Type or copy and paste Services.msc hit enter.
3. Scroll to the Computer Browser Service
4. Right-Click Computer Browser Service and choose Stop the service.
5. Right Click Computer Browser Service again select Properties.
6. Change the Startup type to disabled.

[IMG alt="8cPC1j3" width="410px" height="458px"]https://windowsinstructed.com/wp-content/uploads/2015/03/8cPC1j3.png[/IMG]

7. Hit Apply then Ok.
Uninstall Netbt Driver.

1. Press the Windows + R key at the same time, a Run Window will appear.
2. Now enter or copy and paste devmgmt.msc in the Run Window and click on OK
3. Click on View and select Show Hidden Devices

[MEDIA=imgur]Crp3oNM[/MEDIA]

1. Then click on and unfold Non-Plug and Play Driver

[IMG alt="27sS1dS" width="322px" height="26px"]https://windowsinstructed.com/wp-content/uploads/2015/03/27sS1dS.png[/IMG]

1. Then find NET BT, Right-click the device and choose to Uninstall the Driver.
2. Reboot your device when asked.

Hit enter after each command.

1. Open Start and type cmd, then right-click Command Prompt and choose Run as Administrator
2. Once Command Prompt has started enter the following command. nbtstat -R
3. Wait for that command to complete, a new line will appear, now enter the following command. nbtstat -RR

4 Wait for that command to complete, a new line will appear, now enter the following command. Shutdown – R

Disable netbios over tcpip.

Windows key & r at the same time.
Type or copy and paste ncpa.cpl hit enter.
Right click your connection hit properties.
Select internet protocol version 4 then properties.
Select Advanced, then Wins tab.
Put a tick next to Disable Net Bios over TCPIP.

Use DNS Jumper to set your dns to google dns.

Dns Jumper v2.3 - A Free DNS Changer

Thanks for the detailed break down, I’ll implement ASAP.

Here are the Security Check, HijackThis & Autoruns log files …

SecurityCheck by glax24 & Severnyj v.1.4.0.46 [22.09.16]
WebSite: www.safezone.cc
DateLog: 15.11.2016 20:43:46
Path starting: C:\Users\psimoes\AppData\Local\Temp\SecurityCheck\ SecurityCheck.exe
Log directory: C:\SecurityCheck
IsAdmin: True
User: psimoes
VersionXML: 3.51is-12.11.2016

---

Windows Vista(6.0.6002) Service Pack 2 (x86) HomePremium Lang: English(0409)
Installation date OS: 16.02.2009 07:13:03
LicenseStatus: Windows™ Vista, HomePremium edition The machine is permanently activated.
Boot Mode: Normal
Default Browser: C:\Program Files\Google\Chrome\Application\chrome.exe
SystemDrive: C: FS: [NTFS] Capacity: [184.8 Gb] Used: [169.7 Gb] Free: [15.1 Gb]
------------------------------- [ Windows ] -------------------------------
Internet Explorer 8.0.6001.19600 Warning! Download Update
Online installation. Last version available when Windows update is enabled throught the Internet.
Notify before download
Date install updates: 2016-06-13 03:32:23
Windows Update (wuauserv) - The service is running
Security Center (wscsvc) - The service is running
Remote Registry (RemoteRegistry) - The service has stopped
Terminal Services (TermService) - The service is running
Windows Remote Management (WS-Management) (WinRM) - The service has stopped
SSDP Discovery (SSDPSRV) - The service is running
Account guest is enabled. Not require a password.
------------------------------ [ MS Office ] ------------------------------
Microsoft Office 2007 v.12.0.6425.1000
---------------------------- [ Antivirus_WMI ] ----------------------------
Panda Free Antivirus (enabled)
---------------------------- [ Firewall_WMI ] -----------------------------
Panda Firewall
Online Armor Firewall (enabled)
--------------------------- [ AntiSpyware_WMI ] ---------------------------
Panda Free Antivirus (enabled)
Windows Defender (disabled)
---------------------- [ AntiVirusFirewallInstall ] -----------------------
ESET Online Scanner v3
Online Armor 6.0 v.6.0 Warning! This software is no longer supported. Please uninstall it and use another software.
Panda Free Antivirus v.17.00.01.0000
-------------------------- [ SecurityUtilities ] --------------------------
Malwarebytes Anti-Malware version 2.2.1.1043 v.2.2.1.1043
Zemana AntiMalware v.2.60.1
--------------------------- [ OtherUtilities ] ----------------------------
7-Zip 4.65
Picasa 3 v.3.9 Warning! This software is no longer supported.
VLC media player v.2.2.2 Warning! Download Update
7-Zip 9.20 v.9.20.00.0 Warning! Download Update
Uninstall old version and install new one.
Microsoft Silverlight v.5.1.20125.0 Warning! Download Update
--------------------------------- [ IM ] ----------------------------------
Skype™ 7.26 v.7.26.101 Warning! Download Update
^Optional update.[1]
-------------------------------- [ Java ] ---------------------------------
Java 7 Update 67 v.7.0.670 Warning! This software is no longer supported. Please uninstall it and use Java SE 8 (jre-8u112-windows-i586.exe).
--------------------------- [ AppleProduction ] ---------------------------
iTunes v.10.1.1.4 Warning! Download Update
^Please use Apple Software Update tool.[2]
QuickTime v.7.73.80.64 Warning! This software is no longer supported. Please uninstall it and use another software.
Bonjour v.2.0.3.0 Warning! Download Update
^Please use Apple Software Update tool.[3]
Bonjour Service (Bonjour Service) - The service is running
--------------------------- [ AdobeProduction ] ---------------------------
Adobe AIR v.4.0.0.1390 Warning! Download Update
Adobe Flash Player 23 ActiveX v.23.0.0.207
Adobe Flash Player 23 NPAPI v.23.0.0.207
Adobe Flash Player 23 PPAPI v.23.0.0.207
Adobe Reader X (10.1.16) v.10.1.16 Warning! This software is no longer supported. Please uninstall it and use Adobe Reader XI or Adobe Acrobat Reader DC.
------------------------------- [ Browser ] -------------------------------
Google Chrome v.49.0.2623.112 Warning! Download Update
Mozilla Firefox 49.0.2 (x86 en-US) v.49.0.2
Opera Stable 36.0.2130.80 v.36.0.2130.80 Warning! Download Update
----------------------------- [ EmailClient ] -----------------------------
Windows Live Mail v.15.4.3502.0922
------------------ [ AntivirusFirewallProcessServices ] -------------------
Online Armor Helper Service (OAcat) - The service is running
C:\Program Files\Online Armor\OAcat.exe v.7.0.0.1866
Online Armor (SvcOnlineArmor) - The service is running
C:\Program Files\Online Armor\OAsrv.exe v.7.0.0.1866
C:\Program Files\Panda Security\Panda Security Protection\PSUAMain.exe v.4.0.0.651
Panda Protection Service (NanoServiceMain) - The service is running
C:\Program Files\Panda Security\Panda Security Protection\PSANHost.exe v.4.0.0.786
Panda Product Service (PSUAService) - The service is running
C:\Program Files\Panda Security\Panda Security Protection\PSUAService.exe v.4.0.0.642
Panda Devices Agent (PandaAgent) - The service is running
C:\Program Files\Panda Security\Panda Devices Agent\AgentSvc.exe v.1.3.8.0
Windows Defender (WinDefend) - The service has stopped
ZAM Controller Service (ZAMSvc) - The service is running
C:\Program Files\Zemana AntiMalware\ZAM.exe v.0.0.0.0
---------------------------- [ UnwantedApps ] -----------------------------
Google Toolbar for Internet Explorer v.1.0.0 << Hidden Warning! Browser’s toolbar. It can slow down the working of your browser and have violation privacy problems.
Auslogics DiskDefrag v.4.4.0.0 Warning! Suspected demo version of anti-spyware or optimization program - scareware or badware. Uninstallation recommended. Possible you became a victim of fraud or social engineering.
----------------------------- [ End of Log ] ------------------------------

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 8:49:46 PM, on 15/11/2016
Platform: Windows Vista SP2 (WinNT 6.00.1906)
MSIE: Internet Explorer v8.00 (8.00.6001.19600)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\RtHDVCpl.exe
C:\Program Files\TrueSuite Access Manager\FpNotifier.exe
C:\Program Files\TrueSuite Access Manager\PwdBank.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Toshiba\ConfigFree\NDSTray.exe
C:\Program Files\Online Armor\OAui.exe
C:\Program Files\TrueSuite Access Manager\usbnotify.exe
C:\Program Files\Online Armor\OAhlp.exe
C:\Program Files\Belkin\Router Setup and Monitor\BelkinRouterMonitor.exe
C:\Program Files\Panda Security\Panda Security Protection\PSUAMain.exe
C:\Program Files\Toshiba\TOSCDSPD\TOSCDSPD.exe
C:\Program Files\TrueSuite Access Manager\CssSvr.exe
C:\Program Files\Toshiba\ConfigFree\CFSwMgr.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Program Files\Belkin\Belkin USB Print and Storage Center\connect.exe
C:\Program Files\Belkin\Router Setup and Monitor\BelkinSetup.exe
C:\Program Files\Belkin\Router Setup and Monitor\dlnaPlugin.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Users\psimoes\Desktop\AntiV\CrystalDiskInfo6_2_ 2\DiskInfo.exe
C:\Windows\system32\wuauclt.exe
C:\Users\psimoes\Desktop\HijackThis.exe
C:\Windows\system32\SearchFilterHost.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = Search - Microsoft Bing
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = MSN
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = MSN
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Search - Microsoft Bing
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = Search - Microsoft Bing
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Search - Microsoft Bing
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = MSN
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - Default URLSearchHook is missing
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL
O2 - BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll
O4 - HKLM..\Run: [StartCCC] “C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe”
O4 - HKLM..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM..\Run: [Camera Assistant Software] “C:\Program Files\Camera Assistant Software for Toshiba\traybar.exe” /start
O4 - HKLM..\Run: [FingerPrintNotifer] “C:\Program Files\TrueSuite Access Manager\FpNotifier.exe”
O4 - HKLM..\Run: [PwdBank] “C:\Program Files\TrueSuite Access Manager\PwdBank.exe”
O4 - HKLM..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM..\Run: [NDSTray.exe] NDSTray.exe
O4 - HKLM..\Run: [@OnlineArmor GUI] “C:\Program Files\Online Armor\OAui.exe”
O4 - HKLM..\Run: [UsbMonitor] “C:\Program Files\TrueSuite Access Manager\usbnotify.exe”
O4 - HKLM..\Run: [InstaLAN] “C:\Program Files\Belkin\Router Setup and Monitor\BelkinRouterMonitor.exe” startup
O4 - HKLM..\Run: [PSUAMain] “C:\Program Files\Panda Security\Panda Security Protection\PSUAMain.exe” /LaunchSysTray
O4 - HKLM..\Run: [ZAM] “C:\Program Files\Zemana AntiMalware\ZAM.exe” /minimized
O4 - HKCU..\Run: [TOSCDSPD] C:\Program Files\TOSHIBA\TOSCDSPD\TOSCDSPD.exe
O4 - HKCU..\Run: [cdloader] “C:\Users\psimoes\AppData\Roaming\mjusbsp\cdloader 2.exe” MAGICJACK
O4 - HKCU..\Run: [CCleaner Monitoring] “C:\Program Files\CCleaner\CCleaner.exe” /MONITOR
O4 - HKCU..\Run: [Adobe Reader Synchronizer] “C:\Program Files\Adobe\Reader 10.0\Reader\AdobeCollabSync.exe”
O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\Windows\system32\GPhotos.scr/200
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra ‘Tools’ menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\Windows\system32\browseui.dll
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\system32\Macromed\Flash\FlashPlayerUpda teService.exe
O23 - Service: AffinegyService - Affinegy, Inc. - C:\Program Files\Belkin\Router Setup and Monitor\BelkinService.exe
O23 - Service: Agere Modem Call Progress Audio (AgereModemAudio) - Agere Systems - C:\Windows\system32\agrsmsvc.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: Ati External Event Utility - ATI Technologies Inc. - C:\Windows\system32\Ati2evxx.exe
O23 - Service: Authentec memory manager service (Authentec memory manager) - AuthenTec Inc. - C:\Windows\system32\TAMSvr.exe
O23 - Service: AOMEI Backupper Scheduler Service (Backupper Service) - AOMEI Tech Co., Ltd. - C:\Program Files\AOMEI Backupper Standard Edition 2.0.2\ABService.exe
O23 - Service: Belkin Local Backup Service - Unknown owner - C:\Program Files\Belkin\Belkin USB Print and Storage Center\BkBackupScheduler.exe
O23 - Service: Belkin Network USB Helper - Unknown owner - C:\Program Files\Belkin\Belkin USB Print and Storage Center\Bkapcs.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: ConfigFree Service - TOSHIBA CORPORATION - C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: Gizmo Central - Arainia Solutions - C:\Program Files\Gizmo\gservice.exe
O23 - Service: GoogleDesktopManager - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Panda Protection Service (NanoServiceMain) - Panda Security, S.L. - C:\Program Files\Panda Security\Panda Security Protection\PSANHost.exe
O23 - Service: Online Armor Helper Service (OAcat) - Unknown owner - C:\Program Files\Online Armor\OAcat.exe
O23 - Service: Panda Devices Agent (PandaAgent) - Panda Security, S.L. - C:\Program Files\Panda Security\Panda Devices Agent\AgentSvc.exe
O23 - Service: Internet Pass-Through Service (PassThru Service) - Unknown owner - C:\Program Files\HTC\Internet Pass-Through\PassThruSvr.exe
O23 - Service: pinger - Unknown owner - C:\Toshiba\IVP\ISM\pinger.exe
O23 - Service: Panda Product Service (PSUAService) - Panda Security, S.L. - C:\Program Files\Panda Security\Panda Security Protection\PSUAService.exe
O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: ServiceLayer - Nokia - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files\Skype\Updater\Updater.exe
O23 - Service: Online Armor (SvcOnlineArmor) - Unknown owner - C:\Program Files\Online Armor\oasrv.exe
O23 - Service: Swupdtmr - Unknown owner - c:\Toshiba\IVP\swupdate\swupdtmr.exe
O23 - Service: TOSHIBA Navi Support Service (TNaviSrv) - TOSHIBA Corporation - C:\Program Files\Toshiba\TOSHIBA DVD PLAYER\TNaviSrv.exe
O23 - Service: TOSHIBA Power Saver (TosCoSrv) - TOSHIBA Corporation - C:\Program Files\Toshiba\Power Saver\TosCoSrv.exe
O23 - Service: TOSHIBA Bluetooth Service - TOSHIBA CORPORATION - C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe
O23 - Service: TOSHIBA SMART Log Service - TOSHIBA Corporation - C:\Program Files\TOSHIBA\SMARTLogService\TosIPCSrv.exe
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
O23 - Service: ZAM Controller Service (ZAMSvc) - Zemana Ltd. - C:\Program Files\Zemana AntiMalware\ZAM.exe

–
End of file - 9693 bytes

“HKLM\System\CurrentControlSet\Control\Terminal Server\Wds\rdpwd\StartupPrograms” “” “” “” “19/10/2014 4:00 PM” “”

• “rdpclip” “” “” “File not found: rdpclip” “” “”
  “HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ru n” “” “” “” “15/11/2016 6:56 PM” “”
• “@OnlineArmor GUI” “Online Armor Component” “Emsisoft GmbH” “c:\program files\online armor\oaui.exe” “19/06/1992 5:22 PM” “”
• “Camera Assistant Software” “traybar” “Chicony” “c:\program files\camera assistant software for toshiba\traybar.exe” “25/10/2007 4:41 AM” “”
• “FingerPrintNotifer” “Fingerprint Suite Notifier Application” “AuthenTec, Inc” “c:\program files\truesuite access manager\fpnotifier.exe” “23/01/2008 10:21 PM” “”
• “InstaLAN” “” “Affinegy, Inc.” “c:\program files\belkin\router setup and monitor\belkinroutermonitor.exe” “23/02/2012 4:03 PM” “”
• “NDSTray.exe” “ConfigFree™ Task tray menu” “TOSHIBA CORPORATION” “C:\Program Files\TOSHIBA\ConfigFree\NDSTray.exe” “09/01/2008 12:02 AM” “”
• “PSUAMain” “AV Console” “Panda Security, S.L.” “c:\program files\panda security\panda security protection\psuamain.exe” “04/08/2016 10:26 PM” “”
• “PwdBank” “” “Arachnoid Biometrics Identification Group” “c:\program files\truesuite access manager\pwdbank.exe” “19/06/1992 5:22 PM” “”
• “RtHDVCpl” “HD Audio Control Panel” “Realtek Semiconductor” “c:\windows\rthdvcpl.exe” “29/01/2008 5:51 AM” “”
• “StartCCC” “” “” “c:\program files\ati technologies\ati.ace\core-static\clistart.exe” “10/11/2006 12:35 PM” “”
• “SynTPEnh” “Synaptics TouchPad Enhancements” “Synaptics, Inc.” “c:\program files\synaptics\syntp\syntpenh.exe” “14/08/2008 9:20 PM” “”
• “UsbMonitor” “” “” “c:\program files\truesuite access manager\usbnotify.exe” “05/06/2007 3:42 AM” “”
• “ZAM” “ZAM” “Zemana Ltd.” “c:\program files\zemana antimalware\zam.exe” “09/11/2016 4:39 AM” “”
  “HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ru n” “” “” “” “15/11/2016 6:56 PM” “”
• “Adobe Reader Synchronizer” “Adobe Collaboration Synchronizer 10.1” “Adobe Systems Incorporated” “c:\program files\adobe\reader 10.0\reader\adobecollabsync.exe” “24/09/2015 8:42 AM” “”
• “CCleaner Monitoring” “CCleaner” “Piriform Ltd” “c:\program files\ccleaner\ccleaner.exe” “16/09/2015 3:14 PM” “”
• “cdloader” “magicJack (cdloader2)” “magicJack L.P.” “c:\users\psimoes\appdata\roaming\mjusbsp\cdloader 2.exe” “12/12/2007 6:34 AM” “”
• “TOSCDSPD” “En-us” “” “c:\program files\toshiba\toscdspd\toscdspd.exe” “29/01/2008 3:00 AM” “”
  “HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components” “” “” “” “28/09/2016 5:14 PM” “”
• “Google Chrome” “Google Chrome Installer” “Google Inc.” “c:\program files\google\chrome\application\49.0.2623.112\inst aller\chrmstp.exe” “05/04/2016 6:26 PM” “”
• “Microsoft Windows Mail 7” “Windows Mail” “Microsoft Corporation” “c:\program files\windows mail\winmail.exe” “19/01/2008 12:47 AM” “”
  “HKLM\SOFTWARE\Classes\Protocols\Filter” “” “” “” “19/10/2014 4:04 PM” “”
• “text/xml” “Microsoft Office XML MIME Filter” “Microsoft Corporation” “c:\program files\common files\microsoft shared\office12\msoxmlmf.dll” “26/10/2006 11:31 PM” “”
  “HKLM\SOFTWARE\Classes\Protocols\Handler” “” “” “” “15/11/2016 6:56 PM” “”
• “livecall” “Windows Live Messenger Protocol Handler Module” “Microsoft Corporation” “c:\program files\windows live\messenger\msgrapp.dll” “13/05/2011 5:36 PM” “”
• “ms-help” “Microsoft® Help Data Services Module” “Microsoft Corporation” “c:\program files\common files\microsoft shared\help\hxds.dll” “19/08/2006 3:23 AM” “”
• “msnim” “Windows Live Messenger Protocol Handler Module” “Microsoft Corporation” “c:\program files\windows live\messenger\msgrapp.dll” “13/05/2011 5:36 PM” “”
• “wlmailhtml” “Windows Live Mail” “Microsoft Corporation” “c:\program files\windows live\mail\mailcomm.dll” “13/05/2011 6:08 PM” “”
  “HKLM\Software\Microsoft\Windows\CurrentVersion\Ex plorer\ShellExecuteHooks” “” “” “” “14/11/2016 4:43 PM” “”
• “Groove GFS Stub Execution Hook” “GrooveShellExtensions Module” “Microsoft Corporation” “c:\program files\microsoft office\office12\grooveshellextensions.dll” “27/10/2006 2:20 AM” “”
• “OA Shell Helper” “Online Armor Component” “Emsisoft GmbH” “c:\program files\online armor\oaevent.dll” “19/06/1992 5:22 PM” “”
  “HKLM\Software\Classes*\ShellEx\ContextMenuHandler s” “” “” “” “15/11/2016 2:33 PM” “”
• “2.0 Zemana AntiMalware” “Zemana AntiMalware” “Zemana Ltd.” “c:\program files\zemana antimalware\zamshellext32.dll” “29/09/2016 6:40 AM” “”
• “7-Zip” “7-Zip Shell Extension” “Igor Pavlov” “c:\program files\7-zip\7-zip.dll” “18/11/2010 11:08 AM” “”
• “Belkin HistoryBrowser” “Belkin History Browser Extension” “Belkin International, Inc.” “c:\program files\belkin\belkin usb print and storage center\bkhistorybrowser.dll” “19/04/2011 2:29 AM” “”
• “FilePtcMenu” “” “Arachnoid Biometrics Identification Group Corp.” “c:\program files\truesuite access manager\fileptcmenu.dll” “29/09/2007 2:48 AM” “”
• “GizmoShellMenuExt” “Gizmo Shell Module” “” “c:\program files\gizmo\gshell.dll” “30/04/2011 5:35 PM” “”
• “OnlineArmorShell” “Online Armor Component” “Emsisoft GmbH” “c:\program files\online armor\oaevent.dll” “19/06/1992 5:22 PM” “”
• “SnagItMainShellExt” “Snagit Shell Extension DLL” “TechSmith Corporation” “c:\program files\techsmith\snagit 11\snagitshellext.dll” “29/05/2013 3:23 PM” “”
• “UAContextMenu” "Shell extension " “Panda Security, S.L.” “c:\program files\panda security\panda security protection\psuashell.dll” “04/08/2016 10:28 PM” “”
• “XXX Groove GFS Context Menu Handler XXX” “GrooveShellExtensions Module” “Microsoft Corporation” “c:\program files\microsoft office\office12\grooveshellextensions.dll” “27/10/2006 2:20 AM” “”
  “HKLM\Software\Classes\Drive\ShellEx\ContextMenuHa ndlers” “” “” “” “08/09/2015 1:45 PM” “”
• “GizmoShellMenuExt” “Gizmo Shell Module” “” “c:\program files\gizmo\gshell.dll” “30/04/2011 5:35 PM” “”
• “SD Format” “” “” “File not found: \SDFMTEXT.dll” “” “”
  “HKLM\Software\Classes\AllFileSystemObjects\ShellE x\ContextMenuHandlers” “” “” “” “15/11/2016 3:58 PM” “”
• “FAExt” “FileASSASSIN Shell Extension” “Malwarebytes” “c:\program files\fileassassin\fileassassinext.dll” “30/03/2007 5:34 PM” “”
• “MBAMShlExt” “Malwarebytes Anti-Malware” “Malwarebytes” “c:\program files\malwarebytes anti-malware\mbamext.dll” “24/02/2016 12:13 PM” “”
• “XXX Groove GFS Context Menu Handler XXX” “GrooveShellExtensions Module” “Microsoft Corporation” “c:\program files\microsoft office\office12\grooveshellextensions.dll” “27/10/2006 2:20 AM” “”
  “HKLM\Software\Classes\Directory\ShellEx\ContextMe nuHandlers” “” “” “” “14/02/2016 6:40 PM” “”
• “7-Zip” “7-Zip Shell Extension” “Igor Pavlov” “c:\program files\7-zip\7-zip.dll” “18/11/2010 11:08 AM” “”
• “Belkin HistoryBrowser” “Belkin History Browser Extension” “Belkin International, Inc.” “c:\program files\belkin\belkin usb print and storage center\bkhistorybrowser.dll” “19/04/2011 2:29 AM” “”
• “SnagItMainShellExt” “Snagit Shell Extension DLL” “TechSmith Corporation” “c:\program files\techsmith\snagit 11\snagitshellext.dll” “29/05/2013 3:23 PM” “”
• “XXX Groove GFS Context Menu Handler XXX” “GrooveShellExtensions Module” “Microsoft Corporation” “c:\program files\microsoft office\office12\grooveshellextensions.dll” “27/10/2006 2:20 AM” “”
  “HKLM\Software\Classes\Directory\Shellex\DragDropH andlers” “” “” “” “19/10/2014 4:03 PM” “”
• “7-Zip” “7-Zip Shell Extension” “Igor Pavlov” “c:\program files\7-zip\7-zip.dll” “18/11/2010 11:08 AM” “”
  “HKLM\Software\Classes\Directory\Shellex\CopyHookH andlers” “” “” “” “19/10/2014 4:03 PM” “”
• “Nokia” “Phone Browser” “Nokia” “c:\program files\nokia\nokia pc suite 7\phonebrowser.dll” “09/05/2011 6:31 AM” “”
  “HKLM\Software\Classes\Directory\Background\ShellE x\ContextMenuHandlers” “” “” “” “21/10/2016 1:34 PM” “”
• “Gadgets” “Sidebar droptarget” “Microsoft Corporation” “c:\program files\windows sidebar\sbdrop.dll” “02/11/2006 4:43 AM” “”
• “UAContextMenu” "Shell extension " “Panda Security, S.L.” “c:\program files\panda security\panda security protection\psuashell.dll” “04/08/2016 10:28 PM” “”
• “XXX Groove GFS Context Menu Handler XXX” “GrooveShellExtensions Module” “Microsoft Corporation” “c:\program files\microsoft office\office12\grooveshellextensions.dll” “27/10/2006 2:20 AM” “”
  “HKLM\Software\Classes\Folder\Shellex\ColumnHandle rs” “” “” “” “19/10/2014 9:33 PM” “”
• “PDF Shell Extension” “PDF Shell Extension” “Adobe Systems, Inc.” “c:\program files\common files\adobe\acrobat\activex\pdfshell.dll” “24/09/2015 8:42 AM” “”
  “HKLM\Software\Classes\Folder\ShellEx\ContextMenuH andlers” “” “” “” “15/11/2016 3:58 PM” “”
• “2.0 Zemana AntiMalware” “Zemana AntiMalware” “Zemana Ltd.” “c:\program files\zemana antimalware\zamshellext32.dll” “29/09/2016 6:40 AM” “”
• “Belkin HistoryBrowser” “Belkin History Browser Extension” “Belkin International, Inc.” “c:\program files\belkin\belkin usb print and storage center\bkhistorybrowser.dll” “19/04/2011 2:29 AM” “”
• “FilePtcMenu” “” “Arachnoid Biometrics Identification Group Corp.” “c:\program files\truesuite access manager\fileptcmenu.dll” “29/09/2007 2:48 AM” “”
• “GizmoShellMenuExt” “Gizmo Shell Module” “” “c:\program files\gizmo\gshell.dll” “30/04/2011 5:35 PM” “”
• “MBAMShlExt” “Malwarebytes Anti-Malware” “Malwarebytes” “c:\program files\malwarebytes anti-malware\mbamext.dll” “24/02/2016 12:13 PM” “”
• “OnlineArmorShell” “Online Armor Component” “Emsisoft GmbH” “c:\program files\online armor\oaevent.dll” “19/06/1992 5:22 PM” “”
• “UAContextMenu” "Shell extension " “Panda Security, S.L.” “c:\program files\panda security\panda security protection\psuashell.dll” “04/08/2016 10:28 PM” “”
• “XXX Groove GFS Context Menu Handler XXX” “GrooveShellExtensions Module” “Microsoft Corporation” “c:\program files\microsoft office\office12\grooveshellextensions.dll” “27/10/2006 2:20 AM” “”
  “HKLM\Software\Microsoft\Windows\CurrentVersion\Ex plorer\ShellIconOverlayIdentifiers” “” “” “” “15/11/2016 6:56 PM” “”
• “Groove Explorer Icon Overlay 1 (GFS Unread Stub)” “GrooveShellExtensions Module” “Microsoft Corporation” “c:\program files\microsoft office\office12\grooveshellextensions.dll” “27/10/2006 2:20 AM” “”
• “Groove Explorer Icon Overlay 2 (GFS Stub)” “GrooveShellExtensions Module” “Microsoft Corporation” “c:\program files\microsoft office\office12\grooveshellextensions.dll” “27/10/2006 2:20 AM” “”
• “Groove Explorer Icon Overlay 2.5 (GFS Unread Folder)” “GrooveShellExtensions Module” “Microsoft Corporation” “c:\program files\microsoft office\office12\grooveshellextensions.dll” “27/10/2006 2:20 AM” “”
• “Groove Explorer Icon Overlay 3 (GFS Folder)” “GrooveShellExtensions Module” “Microsoft Corporation” “c:\program files\microsoft office\office12\grooveshellextensions.dll” “27/10/2006 2:20 AM” “”
• “Groove Explorer Icon Overlay 4 (GFS Unread Mark)” “GrooveShellExtensions Module” “Microsoft Corporation” “c:\program files\microsoft office\office12\grooveshellextensions.dll” “27/10/2006 2:20 AM” “”
• “IconOvrly1” “” “Arachnoid Biometrics Identification Group Corp.” “c:\program files\truesuite access manager\iconovrly.dll” “19/04/2007 10:40 PM” “”
  “HKLM\Software\Microsoft\Windows\CurrentVersion\Ex plorer\Browser Helper Objects” “” “” “” “15/11/2016 6:56 PM” “”
• “Groove GFS Browser Helper” “GrooveShellExtensions Module” “Microsoft Corporation” “c:\program files\microsoft office\office12\grooveshellextensions.dll” “27/10/2006 2:20 AM” “”
• “Java™ Plug-In 2 SSV Helper” “Java™ Platform SE binary” “Oracle Corporation” “c:\program files\java\jre7\bin\jp2ssv.dll” “25/07/2014 1:45 PM” “”
• “Java™ Plug-In SSV Helper” “Java™ Platform SE binary” “Oracle Corporation” “c:\program files\java\jre7\bin\ssv.dll” “25/07/2014 1:45 PM” “”
• “Windows Live ID Sign-in Helper” “Microsoft® Windows Live ID Login Helper” “Microsoft Corp.” “c:\program files\common files\microsoft shared\windows live\windowslivelogin.dll” “28/03/2011 10:32 PM” “”
  “HKLM\Software\Microsoft\Internet Explorer\Extensions” “” “” “” “19/10/2014 3:54 PM” “”
• “S&end to OneNote” “Microsoft Office OneNote Internet Explorer Add-in” “Microsoft Corporation” “c:\program files\microsoft office\office12\onbttnie.dll” “26/10/2006 10:32 PM” “”
  “Task Scheduler” “” “” “” “” “”
• “\Adobe Acrobat Update Task” “Adobe Reader and Acrobat Manager” “Adobe Systems Incorporated” “c:\program files\common files\adobe\arm\1.0\adobearm.exe” “14/12/2015 2:38 AM” “”
• “\Adobe Flash Player Updater” “Adobe® Flash® Player Update Service 23.0 r0” “Adobe Systems Incorporated” “c:\windows\system32\macromed\flash\flashplayerupd ateservice.exe” “25/10/2016 9:04 PM” “”
• “\CCleanerSkipUAC” “CCleaner” “Piriform Ltd” “c:\program files\ccleaner\ccleaner.exe” “16/09/2015 3:14 PM” “”
• “\CrystalDiskInfo” “CrystalDiskInfo” “Crystal Dew World” “c:\users\psimoes\desktop\antiv\crystaldiskinfo6_2 _2\diskinfo.exe” “04/12/2014 8:17 PM” “”
• “\GoogleUpdateTaskMachineCore” “Google Installer” “Google Inc.” “c:\program files\google\update\googleupdate.exe” “21/08/2015 9:13 PM” “”
• “\GoogleUpdateTaskMachineUA” “Google Installer” “Google Inc.” “c:\program files\google\update\googleupdate.exe” “21/08/2015 9:13 PM” “”
• “\GoogleUpdateTaskUserS-1-5-21-3399307451-3074549587-1771456082-1000Core” “Google Installer” “Google Inc.” “c:\users\psimoes\appdata\local\google\update\goog leupdate.exe” “21/08/2015 9:13 PM” “”
• “\GoogleUpdateTaskUserS-1-5-21-3399307451-3074549587-1771456082-1000UA” “Google Installer” “Google Inc.” “c:\users\psimoes\appdata\local\google\update\goog leupdate.exe” “21/08/2015 9:13 PM” “”
• “\Microsoft\Windows Defender\MP Scheduled Scan” “Windows Defender Command Line Utility” “Microsoft Corporation” “c:\program files\windows defender\mpcmdrun.exe” “19/01/2008 12:42 AM” “”
• “\Microsoft\Windows Live\SOXE\Extractor Definitions Update Task” “Windows Live Social Object Extractor Engine” “Microsoft Corporation” “c:\program files\windows live\soxe\wlsoxe.dll” “13/05/2011 5:21 PM” “”
• “\Microsoft\Windows\Wired\GatherWiredInfo” “” “” “c:\windows\system32\gatherwiredinfo.vbs” “20/01/2008 9:24 PM” “”
• “\Microsoft\Windows\Wireless\GatherWirelessInfo” “” “” “c:\windows\system32\gatherwirelessinfo.vbs” “20/01/2008 9:23 PM” “”
• “\Opera scheduled Autoupdate 1382066025” “Opera Internet Browser” “Opera Software” “c:\program files\opera\launcher.exe” “18/07/2016 9:14 PM” “”
• “\PCMAgent.exe_1826580705” “CyberLink PowerCinema Resident Program” “CyberLink Corp.” “c:\program files\cyberlink\powercinema for toshiba\pcmagent.exe” “13/12/2007 6:45 AM” “”
• “\SafeZone scheduled Autoupdate 1458652480” “” “” “File not found: C:\Program Files\AVAST Software\SZBrowser\launcher.exe” “” “”
• “{C074CB77-8752-4695-819D-DF00F7AAE9A6}” “” “” “File not found: c:\users\psimoes\appdata\local\google\chrome\appli cation\chrome.exe” “” “”
• “{EB5A17F7-59B1-4914-80F9-8981CBF7FF0B}” “Gizmo Central” “Arainia Solutions” “c:\program files\gizmo\gizmo.exe” “07/05/2011 10:55 AM” “”
  “HKLM\System\CurrentControlSet\Services” “” “” “” “15/11/2016 7:04 PM” “”
• “AdobeARMservice” “Adobe Acrobat Updater keeps your Adobe software up to date.” “Adobe Systems Incorporated” “c:\program files\common files\adobe\arm\1.0\armsvc.exe” “14/12/2015 2:38 AM” “”
• “AdobeFlashPlayerUpdateSvc” “This service keeps your Adobe Flash Player installation up to date with the latest enhancements and security fixes.” “Adobe Systems Incorporated” “c:\windows\system32\macromed\flash\flashplayerupd ateservice.exe” “25/10/2016 9:04 PM” “”
• “AffinegyService” “Affinegy Mobility Management support” “Affinegy, Inc.” “c:\program files\belkin\router setup and monitor\belkinservice.exe” “23/02/2012 4:17 PM” “”
• “AgereModemAudio” “Agere Soft Modem Call Progress Service” “Agere Systems” “c:\windows\system32\agrsmsvc.exe” “05/10/2006 12:10 PM” “”
• “Apple Mobile Device” “Provides the interface to Apple mobile devices.” “Apple Inc.” “c:\program files\common files\apple\mobile device support\applemobiledeviceservice.exe” “15/10/2010 10:28 PM” “”
• “Ati External Event Utility” “ATI External Event Utility EXE Module” “ATI Technologies Inc.” “c:\windows\system32\ati2evxx.exe” “30/01/2008 3:28 PM” “”
• “Authentec memory manager” “Create memory pool for fingerprint software.” “AuthenTec Inc.” “c:\windows\system32\tamsvr.exe” “14/10/2007 8:01 PM” “”
• “Backupper Service” “AOMEI Backupper Schedule Task Service…” “AOMEI Tech Co., Ltd.” “c:\program files\aomei backupper standard edition 2.0.2\abservice.exe” “20/08/2014 9:58 PM” “”
• “Belkin Local Backup Service” “Belkin Local Backup Service” “” “c:\program files\belkin\belkin usb print and storage center\bkbackupscheduler.exe” “19/04/2011 2:29 AM” “”
• “Belkin Network USB Helper” “Belkin Network USB Helper” “” “c:\program files\belkin\belkin usb print and storage center\bkapcs.exe” “09/02/2010 1:55 AM” “”
• “Bonjour Service” “Enables hardware devices and software services to automatically configure themselves on the network and advertise their presence.” “Apple Inc.” “c:\program files\bonjour\mdnsresponder.exe” “27/07/2010 8:35 PM” “”
• “ConfigFree Service” “You can’t stop this service, if you want to keep ConfigFree functionality fine.” “TOSHIBA CORPORATION” “c:\program files\toshiba\configfree\cfsvcs.exe” “24/12/2007 11:07 PM” “”
• “EvtEng” “Manages the event trace messages for all the components of Intel(R) PROSet/Wireless software.” “Intel Corporation” “c:\program files\intel\wireless\bin\evteng.exe” “08/10/2007 4:27 PM” “”
• “Gizmo Central” “Provides an infrastructure for Gizmo Central to seemlessly process Device Driver Communication and authorization” “Arainia Solutions” “c:\program files\gizmo\gservice.exe” “30/04/2011 5:34 PM” “”
• “GoogleDesktopManager” “Google Desktop” “Google” “c:\program files\google\google desktop search\googledesktop.exe” “27/03/2007 1:45 AM” “”
• “gupdate” “Keeps your Google software up to date. If this service is disabled or stopped, your Google software will not be kept up to date, meaning security vulnerabilities that may arise cannot be fixed and features may not work. This service uninstalls itself when there is no Google software using it.” “Google Inc.” “c:\program files\google\update\googleupdate.exe” “21/08/2015 9:13 PM” “”
• “gupdatem” “Keeps your Google software up to date. If this service is disabled or stopped, your Google software will not be kept up to date, meaning security vulnerabilities that may arise cannot be fixed and features may not work. This service uninstalls itself when there is no Google software using it.” “Google Inc.” “c:\program files\google\update\googleupdate.exe” “21/08/2015 9:13 PM” “”
• “gusvc” “Google Updater keeps your Google software up to date. If Google Updater Service is disabled or stopped, your Google software will not be kept up to date, meaning security vulnerabilities that may arise cannot be fixed and features may not work.” “Google” “c:\program files\google\common\google updater\googleupdaterservice.exe” “02/03/2012 4:13 PM” “”
• “IDriverT” “Provides support for the Running Object Table for InstallShield Drivers” “Macrovision Corporation” “c:\program files\common files\installshield\driver\1150\intel 32\idrivert.exe” “14/11/2005 2:06 AM” “”
• “iPod Service” “iPod hardware management services” “Apple Inc.” “c:\program files\ipod\bin\ipodservice.exe” “13/12/2010 7:16 PM” “”
• “Microsoft Office Groove Audit Service” “Groove Audit Service” “Microsoft Corporation” “c:\program files\microsoft office\office12\grooveauditservice.exe” “27/10/2006 1:44 AM” “”
• “NanoServiceMain” “Panda Protection Service” “Panda Security, S.L.” “c:\program files\panda security\panda security protection\psanhost.exe” “04/08/2016 7:02 PM” “”
• “OAcat” “Online Armor Component” “Emsisoft GmbH” “c:\program files\online armor\oacat.exe” “19/06/1992 5:22 PM” “”
• “odserv” “Run portions of Microsoft Office Diagnostics.” “Microsoft Corporation” “c:\program files\common files\microsoft shared\office12\odserv.exe” “26/10/2006 9:48 PM” “”
• “ose” “Saves installation files used for updates and repairs and is required for the downloading of Setup updates and Watson error reports.” “Microsoft Corporation” “c:\program files\common files\microsoft shared\source engine\ose.exe” “26/10/2006 4:00 PM” “”
• “PandaAgent” “Panda Security Devices Agent” “Panda Security, S.L.” “c:\program files\panda security\panda devices agent\agentsvc.exe” “19/07/2016 3:04 AM” “”
• “PassThru Service” “Detect HTC Android device for internet pass-through function.” “” “c:\program files\htc\internet pass-through\passthrusvr.exe” “30/09/2013 10:03 PM” “”
• “pinger” “” “” “c:\toshiba\ivp\ism\pinger.exe” “25/01/2007 7:38 PM” “”
• “PSUAService” “Panda Product Service” “Panda Security, S.L.” “c:\program files\panda security\panda security protection\psuaservice.exe” “04/08/2016 10:26 PM” “”
• “RegSrvc” “Intel(R) PROSet/Wireless Registry Service” “Intel Corporation” “c:\program files\intel\wireless\bin\regsrvc.exe” “08/10/2007 4:01 PM” “”
• “ServiceLayer” “ServiceLayer Module” “Nokia” “c:\program files\pc connectivity solution\servicelayer.exe” “08/06/2011 5:01 AM” “”
• “SkypeUpdate” “Enables the detection, download and installation of updates for Skype.” “Skype Technologies” “c:\program files\skype\updater\updater.exe” “23/05/2016 9:15 AM” “”
• “SvcOnlineArmor” “Online Armor Component” “Emsisoft GmbH” “c:\program files\online armor\oasrv.exe” “19/06/1992 5:22 PM” “”
• “Swupdtmr” “” “” “c:\toshiba\ivp\swupdate\swupdtmr.exe” “23/10/2007 6:20 PM” “”
• “TNaviSrv” “TOSHIBA Navi Support Service” “TOSHIBA Corporation” “c:\program files\toshiba\toshiba dvd player\tnavisrv.exe” “21/01/2008 1:44 AM” “”
• “TosCoSrv” “TOSHIBA Power Saver manages power saving settings supported by TOSHIBA. These settings will not work if the service has stopped.” “TOSHIBA Corporation” “c:\program files\toshiba\power saver\toscosrv.exe” “10/01/2008 8:57 PM” “”
• “TOSHIBA Bluetooth Service” “TOSHIBA Bluetooth Service” “TOSHIBA CORPORATION” “c:\program files\toshiba\bluetooth toshiba stack\tosbtsrv.exe” “27/09/2007 9:55 PM” “”
• “TOSHIBA SMART Log Service” “TosIPCSrv.exe” “TOSHIBA Corporation” “c:\program files\toshiba\smartlogservice\tosipcsrv.exe” “03/12/2007 3:03 AM” “”
• “UleadBurningHelper” “ULCDRSvr” “Ulead Systems, Inc.” “c:\program files\common files\ulead systems\dvd\ulcdrsvr.exe” “12/03/2004 3:04 PM” “”
• “WinDefend” “Scan your computer for unwanted software, schedule scans, and get the latest unwanted software definitions.” “Microsoft Corporation” “c:\program files\windows defender\mpsvc.dll” “19/01/2008 2:26 AM” “”
• “wlidsvc” “Enables Windows Live ID authentication.” “Microsoft Corp.” “c:\program files\common files\microsoft shared\windows live\wlidsvc.exe” “28/03/2011 10:31 PM” “”
• “WMPNetworkSvc” “Shares Windows Media Player libraries to other networked players and media devices using Universal Plug and Play” “Microsoft Corporation” “c:\program files\windows media player\wmpnetwk.exe” “19/01/2008 1:06 AM” “”
• “ZAMSvc” “ZAM” “Zemana Ltd.” “c:\program files\zemana antimalware\zam.exe” “09/11/2016 4:39 AM” “”
  “HKLM\System\CurrentControlSet\Services” “” “” “” “15/11/2016 7:04 PM” “”
• “AgereSoftModem” “SoftModem Device Driver” “Agere Systems” “c:\windows\system32\drivers\agrsm.sys” “28/11/2006 3:10 PM” “”
• “AlfaFF” “Windows 2000 Mini-Filter Monitor Network Edition” “Alfa Corporation” “c:\windows\system32\drivers\alfaff.sys” “02/02/2008 1:03 AM” “”
• “ambakdrv” “” “” “c:\windows\system32\ambakdrv.sys” “25/12/2012 3:45 AM” “”
• “ammntdrv” “” “” “c:\windows\system32\ammntdrv.sys” “25/12/2012 3:45 AM” “”
• “amwrtdrv” “” “” “c:\windows\system32\amwrtdrv.sys” “25/12/2012 3:45 AM” “”
• “atikmdag” “ATI Radeon Kernel Mode Driver” “ATI Technologies Inc.” “c:\windows\system32\drivers\atikmdag.sys” “30/01/2008 3:42 PM” “”
• “ATSWPDRV” “Slide Fingerprint USB Driver” “AuthenTec, Inc.” “c:\windows\system32\drivers\atswpdrv.sys” “12/08/2008 12:03 PM” “”
• “BrFiltLo” “Windows ME USB Mass-Storage Bulk-Only Lower Filter Driver” “Brother Industries, Ltd.” “c:\windows\system32\drivers\brfiltlo.sys” “06/08/2006 4:33 PM” “”
• “BrFiltUp” “Windows ME USB Mass-Storage Bulk-Only Upper Filter Driver” “Brother Industries, Ltd.” “c:\windows\system32\drivers\brfiltup.sys” “06/08/2006 4:33 PM” “”
• “BrUsbSer” “Brother USB Serial Driver” “Brother Industries Ltd.” “c:\windows\system32\drivers\brusbser.sys” “09/08/2006 7:02 AM” “”
• “Cdr4_xp” “CDR4 CD and DVD Place Holder Driver (see PxHelp)” “Sonic Solutions” “c:\windows\system32\drivers\cdr4_xp.sys” “10/08/2005 1:28 PM” “”
• “Cdralw2k” “CDRAL Place Holder Driver (see PxHelp)” “Sonic Solutions” “c:\windows\system32\drivers\cdralw2k.sys” “10/08/2005 1:28 PM” “”
• “E1G60” “Intel(R) PRO/1000 Adapter NDIS 6 deserialized driver” “Intel Corporation” “c:\windows\system32\drivers\e1g60i32.sys” “07/08/2007 11:14 AM” “”
• “FwLnk” “TOSHIBA Firmware Linkage 32-bit Driver” “TOSHIBA Corporation” “c:\windows\system32\drivers\fwlnk.sys” “19/11/2006 9:11 AM” “”
• “GEARAspiWDM” “CD DVD Filter” “GEAR Software Inc.” “c:\windows\system32\drivers\gearaspiwdm.sys” “18/05/2009 7:16 AM” “”
• “GizmoDrv” “Gizmo kernel-mode device driver, used to emulate CD/DVD-ROM and hard drives” “Arainia Solutions LLC” “c:\windows\system32\drivers\gizmodrv.sys” “29/04/2011 1:19 PM” “”
• “htcnprot” “HTC NDIS Protocol Driver” “Windows (R) Win 7 DDK provider” “c:\windows\system32\drivers\htcnprot.sys” “22/06/2010 9:23 PM” “”
• “iaStor” “Intel Matrix Storage Manager driver - ia32” “Intel Corporation” “c:\windows\system32\drivers\iastor.sys” “30/09/2007 12:20 AM” “”
• “IntcAzAudAddService” “Realtek(r) High Definition Audio Function Driver” “Realtek Semiconductor Corp.” “c:\windows\system32\drivers\rtkvhda.sys” “29/01/2008 10:32 PM” “”
• “NETw3v32” “Intel® Wireless WiFi Link Driver” “Intel Corporation” “c:\windows\system32\drivers\netw3v32.sys” “25/07/2007 12:27 PM” “”
• “NETw4v32” “Intel® Wireless WiFi Link Driver” “Intel Corporation” “c:\windows\system32\drivers\netw4v32.sys” “26/09/2007 8:12 AM” “”
• “nmwcd” “Nokia USB Phone Bus Driver” “Nokia” “c:\windows\system32\drivers\ccdcmb.sys” “18/05/2011 2:12 AM” “”
• “nmwcdc” “Nokia USB Phone Bus Driver” “Nokia” “c:\windows\system32\drivers\ccdcmbo.sys” “18/05/2011 2:12 AM” “”
• “NNSALPC” “Application Layer Protocol Colorizer” “Panda Security, S.L.” “c:\windows\system32\drivers\nnsalpc.sys” “03/12/2015 12:19 PM” “”
• “NNSHTTP” “Http Parser” “Panda Security, S.L.” “c:\windows\system32\drivers\nnshttp.sys” “03/12/2015 12:28 PM” “”
• “NNSHTTPS” “Https Parser” “Panda Security, S.L.” “c:\windows\system32\drivers\nnshttps.sys” “03/12/2015 1:17 PM” “”
• “NNSIDS” “Intrusion Detection System” “Panda Security, S.L.” “c:\windows\system32\drivers\nnsids.sys” “03/12/2015 1:04 PM” “”
• “NNSNAHSL” “Network Activity Hook Server LightWeight Filter Driver” “Panda Security, S.L.” “c:\windows\system32\drivers\nnsnahsl.sys” “24/04/2015 9:28 AM” “”
• “NNSPICC” “Process Info Colorizer Client” “Panda Security, S.L.” “c:\windows\system32\drivers\nnspicc.sys” “03/12/2015 12:51 PM” “”
• “NNSPIHSW” “Process Info Hook Server WFP” “Panda Security, S.L.” “c:\windows\system32\drivers\nnspihsw.sys” “14/03/2016 5:45 AM” “”
• “NNSPOP3” “Pop3 Parser” “Panda Security, S.L.” “c:\windows\system32\drivers\nnspop3.sys” “03/12/2015 1:06 PM” “”
• “NNSPROT” “Network Protector” “Panda Security, S.L.” “c:\windows\system32\drivers\nnsprot.sys” “03/12/2015 1:00 PM” “”
• “NNSPRV” “Network Provider” “Panda Security, S.L.” “c:\windows\system32\drivers\nnsprv.sys” “17/02/2016 8:04 AM” “”
• “NNSSMTP” “Smtp Parser” “Panda Security, S.L.” “c:\windows\system32\drivers\nnssmtp.sys” “03/12/2015 1:10 PM” “”
• “NNSSTRM” “Streamer” “Panda Security, S.L.” “c:\windows\system32\drivers\nnsstrm.sys” “17/02/2016 8:18 AM” “”
• “NNSTLSC” “Transport Layer Session Colorizer” “Panda Security, S.L.” “c:\windows\system32\drivers\nnstlsc.sys” “03/12/2015 12:22 PM” “”
• “NPF” “npf.sys (NT5/6 x86) Kernel Driver” “CACE Technologies, Inc.” “c:\windows\system32\drivers\npf.sys” “25/06/2010 11:47 AM” “”
• “OADevice” “” “” “c:\windows\system32\drivers\oadriver.sys” “10/10/2013 8:40 PM” “”
• “oahlpXX” “” “” “c:\windows\system32\drivers\oahlp32.sys” “05/07/2012 12:30 PM” “”
• “OAmon” “TDI Helper Driver” “Emsisoft” “c:\windows\system32\drivers\oamon.sys” “10/10/2013 8:40 PM” “”
• “OAnet” “OA Helper Driver” “Emsisoft” “c:\windows\system32\drivers\oanet.sys” “10/10/2013 8:40 PM” “”
• “pccsmcfd” “PCCS Mode Change Filter Driver” “Nokia” “c:\windows\system32\drivers\pccsmcfd.sys” “26/08/2008 2:26 AM” “”
• “PSINAflt” “PSINAflt Driver” “Panda Security, S.L.” “c:\windows\system32\drivers\psinaflt.sys” “04/08/2016 9:27 PM” “”
• “PSINFile” “PSINFile Mini-Filter Driver” “Panda Security, S.L.” “c:\windows\system32\drivers\psinfile.sys” “04/08/2016 9:31 PM” “”
• “PSINKNC” “PSINKNC Kernel Controller for Vista32” “Panda Security, S.L.” “c:\windows\system32\drivers\psinknc.sys” “04/08/2016 9:21 PM” “”
• “PSINProc” “PSINProc Filter Driver” “Panda Security, S.L.” “c:\windows\system32\drivers\psinproc.sys” “04/08/2016 9:39 PM” “”
• “PSINProt” “PSINProt Driver” “Panda Security, S.L.” “c:\windows\system32\drivers\psinprot.sys” “04/08/2016 9:44 PM” “”
• “PSINReg” “PSINReg Driver” “Panda Security, S.L.” “c:\windows\system32\drivers\psinreg.sys” “04/08/2016 9:35 PM” “”
• “PSKMAD” “Panda Kernel Memory Access Driver (x86)” “Panda Security, S.L.” “c:\windows\system32\drivers\pskmad.sys” “08/08/2016 3:59 AM” “”
• “PxHelp20” “Px Engine Device Driver for Windows 2000/XP” “Sonic Solutions” “c:\windows\system32\drivers\pxhelp20.sys” “20/06/2007 5:26 PM” “”
• “rimmptsk” “RICOH SD Driver” “REDC” “c:\windows\system32\drivers\rimmptsk.sys” “24/02/2007 12:42 AM” “”
• “rimsptsk” “RICOH MS Driver” “REDC” “c:\windows\system32\drivers\rimsptsk.sys” “23/01/2007 2:40 AM” “”
• “rismxdp” “RICOH XD SM Driver” “REDC” “c:\windows\system32\drivers\rixdptsk.sys” “21/03/2007 8:02 AM” “”
• “RTL8169” "Realtek 8136/8168/8169 NDIS6 32-bit Driver " "Realtek " “c:\windows\system32\drivers\rtlh86.sys” “23/06/2010 4:21 AM” “”
• “snapman380” “Acronis Snapshot API” “Acronis” “c:\windows\system32\drivers\snman380.sys” “16/09/2008 12:09 PM” “”
• “stdriver” “stdriver.sys” “NCH Software” “c:\windows\system32\drivers\stdriver32.sys” “12/12/2010 10:30 PM” “”
• “sxuptp” “SXUPTP Driver” “silex technology, Inc.” “c:\windows\system32\drivers\sxuptp.sys” “07/05/2009 11:13 PM” “”
• “SynTP” “Synaptics Touchpad Driver” “Synaptics, Inc.” “c:\windows\system32\drivers\syntp.sys” “14/08/2008 9:02 PM” “”
• “tap0901” “TAP-Win32 Virtual Network Driver” “The OpenVPN Project” “c:\windows\system32\drivers\tap0901.sys” “19/11/2008 1:22 PM” “”
• “tdrpman147” “Acronis Try&Decide Volume Filter Driver” “Acronis” “c:\windows\system32\drivers\tdrpm147.sys” “13/10/2008 5:15 AM” “”
• “teamviewervpn” “TeamViewerVPN Network Adapter” “TeamViewer GmbH” “c:\windows\system32\drivers\teamviewervpn.sys” “29/11/2007 3:27 AM” “”
• “tos_sps32” “tos_sps2” “TOSHIBA Corporation” “c:\windows\system32\drivers\tos_sps32.sys” “26/10/2006 3:52 AM” “”
• “tosrfec” “TOSHIBA Bluetooth EC Driver” “TOSHIBA Corporation” “c:\windows\system32\drivers\tosrfec.sys” “23/10/2006 2:32 AM” “”
• “TVALZ” “TOSHIBA ACPI-Based Value Added Logical and General Purpose Device Driver” “TOSHIBA Corporation” “c:\windows\system32\drivers\tvalz_o.sys” “08/11/2007 10:07 PM” “”
• “upperdev” “Filter Driver for Nokia USB Phone Bus Driver” “Nokia” “c:\windows\system32\drivers\usbser_lowerflt.sys” “18/05/2011 2:12 AM” “”
• “USBAAPL” “Apple Mobile Device USB Driver” “Apple, Inc.” “c:\windows\system32\drivers\usbaapl.sys” “16/09/2010 9:19 PM” “”
• “UsbserFilt” “Filter Driver for Nokia USB Phone Bus Driver” “Nokia” “c:\windows\system32\drivers\usbser_lowerfltj.sys” “18/05/2011 2:12 AM” “”
• “UVCFTR” “UVCFTR_S.sys” “Chicony Electronics Co., Ltd.” “c:\windows\system32\drivers\uvcftr_s.sys” “27/11/2007 5:38 AM” “”
• “ZAM” “ZAM” “Zemana Ltd.” “c:\windows\system32\drivers\zam32.sys” “17/08/2016 12:07 PM” “”
• “ZAM_Guard” “ZAM” “Zemana Ltd.” “c:\windows\system32\drivers\zamguard32.sys” “17/08/2016 12:07 PM” “”
  “HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Font Drivers” “” “” “” “19/10/2014 3:58 PM” “”
• “Adobe Type Manager” “Windows NT OpenType/Type 1 Font Driver” “Adobe Systems Incorporated” “c:\windows\system32\atmfd.dll” “05/02/2016 7:33 PM” “”
  “HKLM\Software\Microsoft\Windows NT\CurrentVersion\Drivers32” “” “” “” “07/10/2016 7:30 AM” “”
• “msacm.l3acm” “MPEG Layer-3 Audio Codec for MSACM” “Fraunhofer Institut Integrierte Schaltungen IIS” “c:\windows\system32\l3codeca.acm” “21/01/2010 10:05 AM” “”
• “vidc.cvid” “Cinepak® Codec” “Radius Inc.” “c:\windows\system32\iccvid.dll” “27/05/2010 3:08 PM” “”
  “HKLM\Software\Classes\CLSID{083863F1-70DE-11d0-BD40-00A0C911CE86}\Instance” “” “” “” “19/10/2014 4:40 PM” “”
• “9x8Resize” “Windows Movie Maker Filters” “Microsoft Corporation” “c:\program files\movie maker\wmm2filt.dll” “11/04/2009 1:28 AM” “”
• “AAC Encoder” “AACEnc” “InterVider” “c:\program files\intervideo\common\bin\aacenc.ax” “08/06/2007 4:25 AM” “”
• “Allocator Fix” “Windows Movie Maker Filters” “Microsoft Corporation” “c:\program files\movie maker\wmm2filt.dll” “11/04/2009 1:28 AM” “”
• “AsyncEx” “VisioForge AsyncEx Filter” “VisioForge” “c:\users\psimoes\appdata\roaming\windsolutions\co pytransmanager\copytransmanager.ax” “19/06/1992 5:22 PM” “”
• “Audio Source” “Windows Media Preview Object” “Microsoft Corporation” “c:\program files\windows media components\encoder\wmprevu.dll” “11/12/2002 8:34 PM” “”
• “Bitmap” “Windows Movie Maker Filters” “Microsoft Corporation” “c:\program files\movie maker\wmm2filt.dll” “11/04/2009 1:28 AM” “”
• “Capture ASF Writer” “Windows Movie Maker Filters” “Microsoft Corporation” “c:\program files\movie maker\wmm2filt.dll” “11/04/2009 1:28 AM” “”
• “CyberLink Audio Commercial Cut Analyzer” “CLAudCM” “Cyberlink Corp.” “c:\program files\cyberlink\powercinema for toshiba\kernel\video\claudcm.ax” “25/08/2005 10:54 PM” “”
• “CyberLink Audio Decoder” “CyberLink Audio Decoder Filter” “CyberLink Corp.” “c:\program files\cyberlink\powercinema for toshiba\kernel\clml\claud.ax” “21/11/2007 5:40 AM” “”
• “CyberLink Audio Decoder (PCM45)” “CyberLink Audio Decoder Filter” “CyberLink Corp.” “c:\program files\cyberlink\powercinema for toshiba\kernel\video\claud.ax” “21/11/2007 5:40 AM” “”
• “CyberLink Audio Effect (PCM45)” “CyberLink Audio Effect Filter” “CyberLink Corporation” “c:\program files\cyberlink\powercinema for toshiba\kernel\video\claudfx.ax” “22/12/2004 10:16 PM” “”
• “CyberLink Audio Noise Reduction” “CLAuNR” “CyberLink Corp.” “c:\program files\cyberlink\powercinema for toshiba\kernel\clml\claunrwrapper.ax” “11/04/2006 2:35 AM” “”
• “CyberLink Audio Resampler” “CLAuRsmpl.ax” “CyberLink Corp.” “c:\program files\cyberlink\powercinema for toshiba\kernel\clml\claursmpl.ax” “10/04/2006 10:34 PM” “”
• “CyberLink Audio Spectrum Analyzer” “CLAudSpa.ax” “CyberLink Corp.” “c:\program files\cyberlink\powercinema for toshiba\kernel\video\claudspa.ax” “24/09/2004 6:08 AM” “”
• “CyberLink Audio Wizard (PCM45)” “CyberLink Audio Wizard Filter” “CyberLink Corp.” “c:\program files\cyberlink\powercinema for toshiba\kernel\video\claudwizard.ax” “15/12/2006 8:35 AM” “”
• “CyberLink AudioCD Filter” “CyberLink AudioCD Filter” “CyberLink Corp.” “c:\program files\cyberlink\powercinema for toshiba\kernel\video\claudiocd.ax” “02/08/2006 6:37 PM” “”
• “CyberLink Demultiplexer” “MPEG-2 Dempltiplexer” “CyberLink Corp.” “c:\program files\cyberlink\powercinema for toshiba\kernel\clml\cldemuxer.ax” “05/06/2007 9:44 AM” “”
• “CyberLink Demultiplexer (PCM45)” “MPEG-2 Dempltiplexer” “CyberLink Corp.” “c:\program files\cyberlink\powercinema for toshiba\kernel\video\cldemuxer.ax” “05/06/2007 9:44 AM” “”
• “CyberLink DVD Navigator (PCM45)” “CyberLink DVD Navigation Filter” “CyberLink Corp.” “c:\program files\cyberlink\powercinema for toshiba\kernel\video\clnavx.ax” “01/11/2007 10:05 PM” “”
• “CyberLink Line21 Decoder Filter (PCM45)” “CyberLink Line21 Decoder Filter” “CyberLink Corp.” “c:\program files\cyberlink\powercinema for toshiba\kernel\video\clline21.ax” “27/03/2007 8:05 AM” “”
• “CyberLink Load Image Filter” “CLImage” “CyberLink” “c:\program files\cyberlink\powercinema for toshiba\kernel\clml\climage.ax” “07/09/2005 9:52 AM” “”
• “CyberLink MPEG Splitter” “CyberLink MPEG Splitter” “CyberLink Corp.” “c:\program files\cyberlink\powercinema for toshiba\kernel\video\clsplter.ax” “28/07/2006 2:48 AM” “”
• “CyberLink Scene Detect Filter 2” “CLScnDt2” “訊連科技” “c:\program files\cyberlink\powercinema for toshiba\kernel\clml\clscndt2.dll” “02/08/2006 1:35 AM” “”
• “Cyberlink SubTitle Importor (PCM45)” “CLSubTitle.ax” “CyberLink Corp.” “c:\program files\cyberlink\powercinema for toshiba\kernel\video\clsubtitle.ax” “04/04/2005 2:48 AM” “”
• “CyberLink TimeStretch Filter” “CLAuTS.ax” “CyberLink Corp.” “c:\program files\cyberlink\powercinema for toshiba\kernel\video\clauts.ax” “22/06/2007 10:28 PM” “”
• “CyberLink TL MPEG Splitter” “CyberLink MPEG Splitter” “CyberLink Corp.” “c:\program files\cyberlink\powercinema for toshiba\kernel\clml\cltlmsplter.ax” “15/06/2006 4:17 AM” “”
• “Cyberlink TS Filter Filter” “TSFF” “Cyberlink” “c:\program files\cyberlink\powercinema for toshiba\kernel\clml\cltsff.ax” “22/09/2005 5:00 AM” “”
• “Cyberlink TS Information” “CLTSInfo” “Cyberlink” “c:\program files\cyberlink\powercinema for toshiba\kernel\clml\cltsinfo.ax” “24/05/2006 9:45 AM” “”
• “CyberLink Video Effect (PCM45)” “CLVidFx” “CyberLink” “c:\program files\cyberlink\powercinema for toshiba\kernel\video\clvidfx.ax” “23/03/2005 3:15 AM” “”
• “CyberLink Video Regulator” “CLRGL” “Cyberlink” “c:\program files\cyberlink\powercinema for toshiba\kernel\clml\clrgl.ax” “02/02/2007 6:36 AM” “”
• “CyberLink Video/SP Decoder” “CyberLink Video/SP Filter” “CyberLink Corp.” “c:\program files\cyberlink\powercinema for toshiba\kernel\clml\clvsd.ax” “15/07/2007 10:57 PM” “”
• “CyberLink Video/SP Decoder (PCM45)” “CyberLink Video/SP Filter” “CyberLink Corp.” “c:\program files\cyberlink\powercinema for toshiba\kernel\video\clvsd.ax” “25/12/2007 3:38 AM” “”
• “CyberLink Video/SP Decoder (ShEX)” “CyberLink Video/SP Filter” “CyberLink Corp.” “c:\program files\cyberlink\powercinema for toshiba\kernel\video\climagevsd.ax” “01/08/2006 11:22 PM” “”
• “Dib Output” “” “Ulead Systems, Inc.” “c:\program files\common files\ulead systems\filters\diboutput.ax” “05/09/2005 10:16 PM” “”
• “Dib Receive” “” “Ulead Systems, Inc.” “c:\program files\common files\ulead systems\filters\dibreceive.ax” “05/09/2005 10:16 PM” “”
• “DV ACM V/A Source Filter” “” “Ulead Systems, Inc.” “c:\program files\common files\ulead systems\filters\dvsf.ax” “05/09/2005 11:09 PM” “”
• “DV V/A Source Filter” “” “Ulead Systems, Inc.” “c:\program files\common files\ulead systems\filters\dvsf.ax” “05/09/2005 11:09 PM” “”
• “DV Video Source Filter” “” “Ulead Systems, Inc.” “c:\program files\common files\ulead systems\filters\dvsf.ax” “05/09/2005 11:09 PM” “”
• “Emuzed AAC/AAC+ Decoder TFilter” “Emuzed AAC/AAC+ Decoder Filter” "Emuzed Inc. " “c:\program files\common files\nokia\codecs\emzaacdecfilter.dll” “22/04/2009 6:46 AM” “”
• “Emuzed AMR/3GPP/MP4/MP3 Multiplexer-Filter” “Emuzed MP4/3GP2/AMR/QCP Multiplexer/Sink Filter” "Emuzed Inc. " “c:\program files\common files\nokia\codecs\ezdmp4muxfilter.dll” “20/04/2009 3:33 AM” “”
• “Emuzed AMR/QCP/3GPP/MP4/3G2 Source Filter” “Emuzed MP4/3GP2/AMR/QCP Source Filter” "Emuzed Inc. " “c:\program files\common files\nokia\codecs\emzmp4source.dll” “20/04/2009 3:33 AM” “”
• “Emuzed H264 Video Decoder-Filter” “Emuzed H.264 Video Transform Filter” "Emuzed Inc. " “c:\program files\common files\nokia\codecs\ezdh264dectfilter.dll” “20/04/2009 3:35 AM” “”
• “Emuzed MP3 Source/Decoder Filter” “Emuzed MP3 Source/Decoder Filter” "Emuzed Inc. " “c:\program files\common files\nokia\codecs\emzmp3sourcefilter.dll” “20/04/2009 3:33 AM” “”
• “Emuzed MP4SP/H263 Video Decoder-Filter” “Emuzed MP4SP/H.263 Video Transform Filter” "Emuzed Inc. " “c:\program files\common files\nokia\codecs\emzdecmp4_h263.dll” “20/04/2009 3:35 AM” “”
• “Frame Eater” “Windows Movie Maker Filters” “Microsoft Corporation” “c:\program files\movie maker\wmm2filt.dll” “11/04/2009 1:28 AM” “”
• “IDM Filter” “idmf” “Cyberlink” “c:\program files\cyberlink\powercinema for toshiba\kernel\clml\idmf.ax” “09/03/2006 10:29 AM” “”
• “Intervideo 3gFileSource” “Intervideo 3G File Source Filter” “Microsoft Corporation” “c:\program files\intervideo\common\bin\source3g.ax” “08/06/2007 4:12 AM” “”
• “Intervideo 3gFileWrite” “Intervideo 3G File Write Filter” “Microsoft Corporation” “c:\program files\intervideo\common\bin\write3g.ax” “08/06/2007 4:12 AM” “”
• “InterVideo AAC (XForm) Decoder” “InterVideo AAC Decoder” “InterVideo Inc.” “c:\program files\intervideo\common\bin\iviaacdec.ax” “08/06/2007 4:24 AM” “”
• “Intervideo AMR Decoder” “IVI AMR Decoding” “Intervideo, Inc.” “c:\program files\intervideo\common\bin\amrdec.ax” “08/06/2007 4:22 AM” “”
• “Intervideo AMR Encoder” “IVI AMR Encoding” “Intervideo, Inc.” “c:\program files\intervideo\common\bin\amrenc.ax” “08/06/2007 4:22 AM” “”
• “InterVideo Audio Encoder” “InterVideo?Audio Encoder Filter” “InterVideo Inc.” “c:\program files\intervideo\common\bin\iviaenc.ax” “08/06/2007 4:31 AM” “”
• “InterVideo Demux” “InterVideo® MPEG System Demultiplexer Filter” “InterVideo Inc.” “c:\program files\intervideo\common\bin\ividemxx.ax” “08/06/2007 4:36 AM” “”
• “InterVideo Down Scale Filter” “InterVideo® Down Scale Filter” “InterVideo Inc.” “c:\program files\intervideo\common\bin\ividowns.ax” “08/06/2007 4:37 AM” “”
• “InterVideo DV Pre-Process” “InterVideo DV Pre-Process Filter” “InterVideo” “c:\program files\intervideo\common\bin\dvprocs.ax” “08/06/2007 4:14 AM” “”
• “InterVideo DVB DSM-CC Filter” “InterVideo DVB DSM-CC Decoder” “InterVideo, Inc.” “c:\program files\intervideo\common\bin\dvbdsmcc.ax” “08/06/2007 4:16 AM” “”
• “InterVideo DVB Subpicture Filter” “InterVideo DVB Subtitle Decoder” “InterVideo, Inc.” “c:\program files\intervideo\common\bin\dvbspic.ax” “08/06/2007 4:17 AM” “”
• “InterVideo File Writer” “InterVideo® File Writer Filter” “InterVideo Inc.” “c:\program files\intervideo\common\bin\iviwrite.ax” “08/06/2007 4:30 AM” “”
• “InterVideo MPEG4 Video Decoder” “InterVideo® MPEG4 Video Decoder Filter” “InterVideo Inc.” “c:\program files\intervideo\common\bin\mp4vdec.ax” “08/06/2007 4:28 AM” “”
• “InterVideo MPEG4 Video Encoder” “InterVideo® MPEG4 Video Encoder Filter” “InterVideo Inc.” “c:\program files\intervideo\common\bin\mp4venc.ax” “08/06/2007 4:27 AM” “”
• “InterVideo Multiplexer” “InterVideo® MPEG System Multiplexer Filter” “InterVideo Inc.” “c:\program files\intervideo\common\bin\ivimux.ax” “08/06/2007 4:35 AM” “”
• “InterVideo Pre-scaling Filter” “InterVideo® PreScale Filter” “InterVideo Inc.” “c:\program files\intervideo\common\bin\iviscale.ax” “08/06/2007 4:34 AM” “”
• “InterVideo PSIP/SI Filter” “InterVideo PSIP/SI Sections/Tables Filter” “InterVideo, Inc.” “c:\program files\intervideo\common\bin\psidecod.ax” “08/06/2007 4:15 AM” “”
• “InterVideo Still Capture” “InterVideo® Still Capture Filter” “InterVideo Inc.” “c:\program files\intervideo\common\bin\iviscapt.ax” “08/06/2007 4:34 AM” “”
• “InterVideo Stream Buffer Filter” “InterVideo Stream Buffer Filter” “InterVideo Inc.” “c:\program files\intervideo\common\bin\smbuffer.ax” “08/06/2007 4:22 AM” “”
• “InterVideo Stream Writer” “InterVideo© Stream File Writer” “InterVideo, Inc.” “c:\program files\intervideo\common\bin\stmrite.ax” “08/06/2007 4:22 AM” “”
• “InterVideo Time Shift” “InterVideo Time Shifting Filter” “InterVideo Inc.” “c:\program files\intervideo\common\bin\ivits.ax” “08/06/2007 4:29 AM” “”
• “InterVideo Transport to Program Stream” “InterVideo© Transport to Program Stream Converter” “InterVideo, Inc.” “c:\program files\intervideo\common\bin\trtoprog.ax” “08/06/2007 4:14 AM” “”
• “InterVideo VBI Decoder” “InterVideo VBI Decoder Filter” “InterVideo, Inc.” “c:\program files\intervideo\common\bin\ivvbidec.ax” “08/06/2007 4:16 AM” “”
• “InterVideo Video Encoder” “InterVideo® MPEG Video Encoder Filter” “InterVideo Inc.” “c:\program files\intervideo\common\bin\ivivenc.ax” “08/06/2007 4:33 AM” “”
• “MPEG2 TS Source” “” “” “c:\program files\intervideo\common\bin\mpgtsrdr.ax” “08/06/2007 4:17 AM” “”
• “Multiple File Output” “Windows Movie Maker Filters” “Microsoft Corporation” “c:\program files\movie maker\wmm2filt.dll” “11/04/2009 1:28 AM” “”
• “Proxy Sink” “Windows Movie Maker Filters” “Microsoft Corporation” “c:\program files\movie maker\wmm2filt.dll” “11/04/2009 1:28 AM” “”
• “Proxy Source” “Windows Movie Maker Filters” “Microsoft Corporation” “c:\program files\movie maker\wmm2filt.dll” “11/04/2009 1:28 AM” “”
• “QTSrc” “QuickTime Source Filter” “CyberLink Corp” “c:\program files\cyberlink\powercinema for toshiba\kernel\clml\clqtsrc.ax” “01/09/2006 4:49 AM” “”
• “Record Queue” “WME Record Queue” “Microsoft Corporation” “c:\program files\windows media components\encoder\wmedque.dll” “11/12/2002 8:34 PM” “”
• “Record Queue” “Windows Movie Maker Filters” “Microsoft Corporation” “c:\program files\movie maker\wmm2filt.dll” “11/04/2009 1:28 AM” “”
• “SFVCaptureFilter” “SmartFaceVCapt” “” “c:\windows\system32\smartfacevcapt.dll” “28/01/2008 4:01 AM” “”
• “ShotDetect” “Windows Movie Maker Filters” “Microsoft Corporation” “c:\program files\movie maker\wmm2filt.dll” “11/04/2009 1:28 AM” “”
• “Stetch” “Windows Movie Maker Filters” “Microsoft Corporation” “c:\program files\movie maker\wmm2filt.dll” “11/04/2009 1:28 AM” “”
• “TOSHIBA Audio Decoder DVD” “TOSHIBA Audio Decoder DVD” “TOSHIBA Corporation” “c:\program files\toshiba\toshiba dvd player\tosauddecl.ax” “20/01/2008 5:17 AM” “”
• “TOSHIBA Audio Rate Converter” “TOSHIBA Audio Rate Converter” “TOSHIBA Corporation” “c:\program files\common files\toshiba shared\tosarc.ax” “13/11/2006 3:32 AM” “”
• “TOSHIBA DualMono” “TOSHIBA DualMono” “TOSHIBA Corporation” “c:\program files\common files\toshiba shared\tosdualmono.ax” “13/11/2006 3:34 AM” “”
• “TOSHIBA DVD Navigator” “TOSHIBA DVD Navigator” “TOSHIBA Corporation” “c:\program files\toshiba\toshiba dvd player\tdvdnavi.ax” “20/01/2008 5:20 AM” “”
• “TOSHIBA DVD VR Navigator” “TOSHIBA DVD Player” “TOSHIBA Corporation” “c:\program files\toshiba\toshiba dvd player\tvrnavi.ax” “20/01/2008 5:22 AM” “”
• “TOSHIBA MPEG-2 Video Decoder (DVD)” “TOSHIBA DVD Video Decoder Filter” “TOSHIBA Corporation” “c:\program files\toshiba\toshiba dvd player\tosmp2dvd.ax” “20/01/2008 5:25 AM” “”
• “Ulead Audio Dual Channel Filter” “Ulead Audio Dual Channel Filter” “Ulead Systems, Inc.” “c:\program files\common files\ulead systems\mpeg\uaudiodcfilter.ax” “25/04/2004 10:30 PM” “”
• “Ulead DV Scene Detect” “ulDvScDt” “Ulead system Inc.” “c:\program files\common files\ulead systems\capture\uldvscdt.ax” “15/11/2006 1:05 AM” “”
• “Ulead DV Writer” “ulDVWriter” “Ulead System Inc.” “c:\program files\common files\ulead systems\capture\uldvrite.ax” “05/01/2006 1:35 AM” “”
• “Ulead DVB Parser” “Ulead DVB Parser Filter” “Ulead Systems, Inc.” “c:\program files\common files\ulead systems\mpeg\uldvbparser.ax” “26/10/2005 2:27 AM” “”
• “Ulead DVD Audio Decoder 2” “Audio Decoder” “Ulead Systems, Inc.” “c:\program files\common files\ulead systems\mpeg\uldvdaudio.ax” “17/08/2005 11:23 AM” “”
• “Ulead DVD Navigator” “DVD Navigator filter” “Ulead Systems, Inc.” “c:\program files\common files\ulead systems\dvd\uleaddvdnavigator.ax” “21/01/2005 4:15 AM” “”
• “Ulead DVD Video decoder 2” “DVD Video Decoder with DxVA Support” “Ulead Systems, Inc.” “c:\program files\common files\ulead systems\mpeg\uldvdvideo.ax” “02/03/2007 12:58 AM” “”
• “ULead File Source (Async.)” “Ulead Async Filter” “Ulead Systems” “c:\program files\common files\ulead systems\mpeg\ulasync.ax” “26/05/2005 12:06 PM” “”
• “ULead File Writer” “File Dump Filter” “ULead Systems” “c:\program files\common files\ulead systems\filters\uldump.ax” “23/11/2004 1:39 AM” “”
• “ULead Infinite Pin Tee” “Ulead Infinite Tee Filter” “Ulead Systems, Inc.” “c:\program files\common files\ulead systems\mpeg\uinftee.ax” “07/01/2003 3:11 AM” “”
• “Ulead MPEG Audio Decoder” “Audio Decoder” “Ulead Systems, Inc.” “c:\program files\common files\ulead systems\mpeg\uldvdaudio.ax” “17/08/2005 11:23 AM” “”
• “Ulead MPEG Encoder” “MPEG Encoder and Muxer” “ULead Systems” “c:\program files\common files\ulead systems\mpeg\ulesmpeg.ax” “24/10/2005 1:32 AM” “”
• “Ulead MPEG Muxer” “MPEG Muxer” “ULead Systems” “c:\program files\common files\ulead systems\mpeg\ulmxmpeg.ax” “25/05/2007 7:02 PM” “”
• “Ulead MPEG Splitter” “ULead Mpeg I/II Splitter” “ULead Systems” “c:\program files\common files\ulead systems\mpeg\ulspmpeg.ax” “06/03/2006 7:52 AM” “”
• “Ulead MPEG Transcoder” “ulMPGTrans” “Ulead com” “c:\program files\common files\ulead systems\mpeg\ulmpgtrans.ax” “13/04/2005 2:06 AM” “”
• “Ulead MPEG Video Decoder” “MPEG Video and Audio Decoder” “ULead Systems” “c:\program files\common files\ulead systems\mpeg\uldsmpeg.ax” “03/05/2007 4:17 AM” “”
• “Ulead MPEG-4 Audio Decoder” “MP4 AAC Audio Decoder Filter” “Ulead Systems, Inc.” “c:\program files\common files\ulead systems\mpeg\uladmp4.ax” “01/11/2005 2:18 AM” “”
• “Ulead MPEG-4 Splitter” “MP4 Splitter Filter” “Ulead Systems, Inc.” “c:\program files\common files\ulead systems\mpeg\ulspmp4.ax” “13/11/2005 11:01 PM” “”
• “Ulead MPEG-4 Video Decoder” “MP4 Video Decoder Filter” “Ulead Systems, Inc.” “c:\program files\common files\ulead systems\mpeg\ulvdmp4.ax” “16/02/2006 3:13 AM” “”
• “Ulead Ogg Parser” “ulOggParserFilter” “Ulead Systems, Inc.” “c:\program files\common files\ulead systems\mpeg\uloggparserfilter.ax” “18/11/2005 2:13 AM” “”
• “Ulead OggVorbis Decoder” “ulOggVorbisDecoderFilter” “Ulead Systems, Inc.” “c:\program files\common files\ulead systems\mpeg\uloggvorbisdecoderfilter.ax” “01/02/2005 10:25 PM” “”
• “Ulead OggVorbis Encoder” “ulOggVorbisEncoderFilter” “Ulead Systems, Inc.” “c:\program files\common files\ulead systems\mpeg\uloggvorbisencoderfilter.ax” “29/09/2004 4:46 AM” “”
• “Ulead Push Source Filter” “Ulead Push Source Filter” “Ulead Systems, Inc.” “c:\program files\common files\ulead systems\mpeg\ulpushsource.ax” “23/11/2003 9:44 PM” “”
• “Ulead Sub-Picture Push Source Filter” “Ulead Sub-Picture Push Source Filter” “Ulead Systems, Inc.” “c:\program files\common files\ulead systems\mpeg\ulsubpicpushsource.ax” “09/11/2004 11:29 PM” “”
• “Ulead Video Deinterlace Filter” “” “Ulead Systems, Inc.” “c:\program files\common files\ulead systems\filters\deinterlace.ax” “24/06/2005 2:10 AM” “”
• “Video Source” “Windows Media Preview Object” “Microsoft Corporation” “c:\program files\windows media components\encoder\wmprevu.dll” “11/12/2002 8:34 PM” “”
• “WAV Dest” “” “” “c:\program files\cyberlink\powercinema for toshiba\kernel\clml\wavdest.ax” “02/09/1998 10:24 AM” “”
• “WM VIH2 Fix” “Windows Movie Maker Filters” “Microsoft Corporation” “c:\program files\movie maker\wmm2filt.dll” “11/04/2009 1:28 AM” “”
• “WMEnc Screen Capture Filter” “WMESrcWp Module” “Microsoft Corporation” “c:\program files\windows media components\encoder\wmesrcwp.dll” “11/12/2002 8:34 PM” “”
• “WMT Audio Analyzer” “Windows Movie Maker Filters” “Microsoft Corporation” “c:\program files\movie maker\wmm2filt.dll” “11/04/2009 1:28 AM” “”
• “WMT Black Frame Generator” “Windows Movie Maker Filters” “Microsoft Corporation” “c:\program files\movie maker\wmm2filt.dll” “11/04/2009 1:28 AM” “”
• “WMT DV Extract Filter” “Windows Movie Maker Filters” “Microsoft Corporation” “c:\program files\movie maker\wmm2filt.dll” “11/04/2009 1:28 AM” “”
• “WMT FormatConversion” “Windows Movie Maker Filters” “Microsoft Corporation” “c:\program files\movie maker\wmm2filt.dll” “11/04/2009 1:28 AM” “”
• “WMT Import Filter” “Windows Movie Maker Filters” “Microsoft Corporation” “c:\program files\movie maker\wmm2filt.dll” “11/04/2009 1:28 AM” “”
• “WMT Interlacer” “Windows Movie Maker Filters” “Microsoft Corporation” “c:\program files\movie maker\wmm2filt.dll” “11/04/2009 1:28 AM” “”
• “WMT Log Filter” “Windows Movie Maker Filters” “Microsoft Corporation” “c:\program files\movie maker\wmm2filt.dll” “11/04/2009 1:28 AM” “”
• “WMT MuxDeMux Filter” “Windows Movie Maker Filters” “Microsoft Corporation” “c:\program files\movie maker\wmm2filt.dll” “11/04/2009 1:28 AM” “”
• “WMT Sample Info Filter” “Windows Movie Maker Filters” “Microsoft Corporation” “c:\program files\movie maker\wmm2filt.dll” “11/04/2009 1:28 AM” “”
• “WMT Switch Filter” “Windows Movie Maker Filters” “Microsoft Corporation” “c:\program files\movie maker\wmm2filt.dll” “11/04/2009 1:28 AM” “”
• “WMT Virtual Renderer” “Windows Movie Maker Filters” “Microsoft Corporation” “c:\program files\movie maker\wmm2filt.dll” “11/04/2009 1:28 AM” “”
• “WMT Virtual Source” “Windows Movie Maker Filters” “Microsoft Corporation” “c:\program files\movie maker\wmm2filt.dll” “11/04/2009 1:28 AM” “”
• “WMT Volume” “Windows Movie Maker Filters” “Microsoft Corporation” “c:\program files\movie maker\wmm2filt.dll” “11/04/2009 1:28 AM” “”
  “HKLM\SOFTWARE\Classes\Htmlfile\Shell\Open\Command (Default)” “” “” “” “19/10/2014 4:03 PM” “”
• “C:\Program Files\Internet Explorer\iexplore.exe” “Internet Explorer” “Microsoft Corporation” “c:\program files\internet explorer\iexplore.exe” “03/02/2015 3:31 AM” “”
  “HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Au thentication\Credential Providers” “” “” “” “19/10/2014 3:54 PM” “”
• “Fingerprint Logon Credential Provider” “Fingerprint Credential Provider” “AuthenTec,Inc.” “c:\windows\system32\fpcredprov.dll” “24/01/2008 12:49 AM” “”
• “{B65F237C-AAFF-4df7-8872-91B65663E41F}” “” “” “c:\windows\system32\smartfacevcp.dll” “28/01/2008 4:01 AM” “”
  “HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Au thentication\Credential Provider Filters” “” “” “” “19/10/2014 3:54 PM” “”
• “Fingerprint Logon Credential Provider Filter” “Fingerprint Credential Provider” “AuthenTec,Inc.” “c:\windows\system32\fpcredprov.dll” “24/01/2008 12:49 AM” “”
  “HKLM\System\CurrentControlSet\Services\WinSock2\P arameters\NameSpace_Catalog5\Catalog_Entries” “” “” “” “19/10/2014 5:28 PM” “”
• “mdnsNSP” “Bonjour Namespace Provider” “Apple Inc.” “c:\program files\bonjour\mdnsnsp.dll” “27/07/2010 8:38 PM” “”
  “HKLM\SYSTEM\CurrentControlSet\Control\Print\Monit ors” “” “” “” “19/10/2014 4:00 PM” “”
• “Toshiba Bluetooth Monitor” “” “TOSHIBA CORPORATION.” “c:\windows\system32\tbtmon.dll” “07/12/2006 9:05 PM” “”
  “C:\Users\psimoes\AppData\Local\Microsoft\Windows Sidebar\Settings.ini” “” “” “” “16/06/2012 12:06 AM” “”
• “Clock” “Watch the clock in your own time zone or any city in the world.” “Microsoft Corporation” “C:\Program Files\windows sidebar\gadgets\Clock.gadget\en-us\Gadget.xml” “02/11/2006 7:41 AM” “”
• “Feed Headlines” “Track the latest news, sports, and entertainment headlines.” “Microsoft Corporation” “C:\Program Files\windows sidebar\gadgets\RSSFeeds.Gadget\en-us\Gadget.xml” “20/01/2008 9:25 PM” “”
• “Slide Show” “Show a continuous slide show of your pictures.” “Microsoft Corporation” “C:\Program Files\windows sidebar\gadgets\SlideShow.Gadget\en-us\Gadget.xml” “02/11/2006 7:41 AM” “”
  “HKLM\Software\Microsoft\Office\Outlook\Addins” “” “” “” “21/10/2016 12:47 PM” “”
• “Connect Class” “OutlookChangeNotifier” “Apple Inc.” “c:\program files\common files\apple\mobile device support\outlookchangenotifieraddin.dll” “15/10/2010 11:18 PM” “”
  X “Groove OutlookProxyAddIn” “GrooveTransceiver Module” “Microsoft Corporation” “c:\program files\microsoft office\office12\groovetransceiver.dll” “27/10/2006 5:30 PM” “”
• “Microsoft VBA for Outlook Addin” “Outlook VBA Integration Add-In” “Microsoft Corporation” “c:\program files\microsoft office\office12\addins\outlvba.dll” “26/10/2006 10:41 PM” “”
• “OMS Connect class” “Microsoft Outlook Mobile Service” “Microsoft Corporation” “c:\program files\microsoft office\office12\omsmain.dll” “26/10/2006 10:33 PM” “”
• “OneNote Notes about Outlook Items” “Microsoft Office OneNote Outlook Add-in” “Microsoft Corporation” “c:\program files\microsoft office\office12\onbttnol.dll” “27/10/2006 5:39 PM” “”
  “HKCU\Software\Microsoft\Office\Outlook\Addins” “” “” “” “19/10/2014 3:40 PM” “”
• “Access COM Addin for Outlook” “Access Outlook Data Collection Addin” “Microsoft Corporation” “c:\program files\microsoft office\office12\addins\accolk.dll” “26/10/2006 11:08 PM” “”
• “CalendarHelper Class” “iTunes Outlook Add-in” “Apple Inc.” “c:\program files\itunes\itunesoutlookaddin.dll” “13/12/2010 7:17 PM” “”
• “ColleagueImportAddIn Class” “” “” “c:\program files\microsoft office\office12\addins\colleagueimport.dll” “26/10/2006 11:25 PM” “”
• “FormRegionAddin Class” “” “” “c:\program files\microsoft office\office12\addins\umoutlookaddin.dll” “27/10/2006 5:34 PM” “”
• “Google Desktop Office Addin” “Google Desktop” “Google” “c:\program files\google\google desktop search\googledesktopoffice.dll” “27/03/2007 1:36 AM” “”
• “{D614B4AF-F5E6-4A03-AE81-37BA64372538}” “Microsoft Office Outlook Calendar Gadget for Windows SideShow” “Microsoft Corporation” “c:\program files\microsoft office\office12\olsideshow.dll” “26/10/2006 10:31 PM” “”
  “HKLM\Software\Microsoft\Office\Excel\Addins” “” “” “” “19/10/2014 3:54 PM” “”
• “Connect Class” “SnagIt Add-In for Microsoft Office” “TechSmith Corporation” “c:\program files\techsmith\snagit 9\snagitofficeaddin.dll” “15/05/2008 3:39 PM” “”
  “HKCU\Software\Microsoft\Office\Excel\Addins” “” “” “” “19/10/2014 3:40 PM” “”
• “Google Desktop Office Addin” “Google Desktop” “Google” “c:\program files\google\google desktop search\googledesktopoffice.dll” “27/03/2007 1:36 AM” “”
  “HKLM\Software\Microsoft\Office\Word\Addins” “” “” “” “19/10/2014 3:54 PM” “”
• “Connect Class” “SnagIt Add-In for Microsoft Office” “TechSmith Corporation” “c:\program files\techsmith\snagit 9\snagitofficeaddin.dll” “15/05/2008 3:39 PM” “”
  “HKCU\Software\Microsoft\Office\Word\Addins” “” “” “” “19/10/2014 3:40 PM” “”
• “Google Desktop Office Addin” “Google Desktop” “Google” “c:\program files\google\google desktop search\googledesktopoffice.dll” “27/03/2007 1:36 AM” “”
  “HKCU\Software\Microsoft\Office\Access\Addins” “” “” “” “19/10/2014 3:40 PM” “”
• “AceCnfViewer.sortie” “Replication Conflict Viewing and Resolution for Microsoft Access” “Microsoft Corporation” “c:\program files\common files\microsoft shared\office12\acecnf.dll” “26/10/2006 9:59 PM” “”

---

1. /B ↩︎
2. /B ↩︎
3. /B ↩︎

Have a look here, also update all old software with Patch My PC and post an updated Security Check log. We will go from there. If you need a free good firewall, then I suggest this.