Solved Browsers Crash, Executable files stall or crash

[paulwb]

Good day, RE: Toshiba Satellite laptop 15" A305-S6841, Vista SP 2, 3GB Ram

My browsers crash, (Chrome, Firefox, Opera) and executables either stall or crash.

It appears to coincide after adding HTTPS Everywhere & uBlock / AdBlock extensions to Chrome, Firefox & Opera. I say that because I had also installed / activated them on my ASUS desktop & Acer netbook at the same time, and they are experiencing the same problems.

I have since removed all plugins, extensions and reset my browsers. Tried to run Panda & ESET online scanners but both stall or crash.

thanks for your assistance....

Below are the logs from FRST and MBR:

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 12-11-2016
Ran by psimoes (administrator) on PS-TOSHIBA (14-11-2016 11:34:48)
Running from C:\Users\psimoes\Desktop
Loaded Profiles: psimoes (Available Profiles: psimoes & Guest)
Platform: Microsoft® Windows Vista™ Home Premium Service Pack 2 (X86) Language: English (United States)
Internet Explorer Version 8 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(AuthenTec Inc.) C:\Windows\System32\TAMSvr.exe
(ATI Technologies Inc.) C:\Windows\System32\Ati2evxx.exe
(Microsoft Corporation) C:\Windows\System32\SLsvc.exe
(ATI Technologies Inc.) C:\Windows\System32\Ati2evxx.exe
(Emsisoft GmbH) C:\Program Files\Online Armor\OAcat.exe
(Emsisoft GmbH) C:\Program Files\Online Armor\OAsrv.exe
(Affinegy, Inc.) C:\Program Files\Belkin\Router Setup and Monitor\BelkinService.exe
(Agere Systems) C:\Windows\System32\agrsmsvc.exe
(AOMEI Tech Co., Ltd.) C:\Program Files\AOMEI Backupper Standard Edition 2.0.2\ABService.exe
() C:\Program Files\Belkin\Belkin USB Print and Storage Center\BkBackupScheduler.exe
() C:\Program Files\Belkin\Belkin USB Print and Storage Center\Bkapcs.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(TOSHIBA CORPORATION) C:\Program Files\Toshiba\ConfigFree\CFSvcs.exe
(Microsoft Corporation) C:\Windows\ehome\ehrecvr.exe
(Microsoft Corporation) C:\Windows\ehome\ehsched.exe
(Intel Corporation) C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
(Panda Security, S.L.) C:\Program Files\Panda Security\Panda Security Protection\PSANHost.exe
(Panda Security, S.L.) C:\Program Files\Panda Security\Panda Devices Agent\AgentSvc.exe
() C:\Program Files\HTC\Internet Pass-Through\PassThruSvr.exe
() C:\Toshiba\IVP\ISM\pinger.exe
(Panda Security, S.L.) C:\Program Files\Panda Security\Panda Security Protection\PSUAService.exe
(Intel Corporation) C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
() C:\Toshiba\IVP\swupdate\swupdtmr.exe
(TOSHIBA Corporation) C:\Program Files\Toshiba\TOSHIBA DVD PLAYER\TNaviSrv.exe
(TOSHIBA Corporation) C:\Program Files\Toshiba\Power Saver\TosCoSrv.exe
(TOSHIBA CORPORATION) C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe
(TOSHIBA Corporation) C:\Program Files\Toshiba\SMARTLogService\TosIPCSrv.exe
(Microsoft Corporation) C:\Windows\System32\UI0Detect.exe
(Ulead Systems, Inc.) C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
(Microsoft Corp.) C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE
(Microsoft Corp.) C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE
(Realtek Semiconductor) C:\Windows\RtHDVCpl.exe
(Advanced Micro Devices Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(AuthenTec, Inc) C:\Program Files\TrueSuite Access Manager\FpNotifier.exe
(Arachnoid Biometrics Identification Group) C:\Program Files\TrueSuite Access Manager\PwdBank.exe
(Synaptics, Inc.) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(TOSHIBA CORPORATION) C:\Program Files\Toshiba\ConfigFree\NDSTray.exe
(Emsisoft GmbH) C:\Program Files\Online Armor\OAui.exe
() C:\Program Files\TrueSuite Access Manager\usbnotify.exe
(Affinegy, Inc.) C:\Program Files\Belkin\Router Setup and Monitor\BelkinRouterMonitor.exe
(Panda Security, S.L.) C:\Program Files\Panda Security\Panda Security Protection\PSUAMain.exe
(Visicom Media Inc.) C:\Program Files\Panda Security URL Filtering\Panda_URL_Filtering.exe
() C:\Program Files\Toshiba\TOSCDSPD\TOSCDSPD.exe
(Emsisoft GmbH) C:\Program Files\Online Armor\OAhlp.exe
(Arachnoid Biometrics Identification Group Corp.) C:\Program Files\TrueSuite Access Manager\CssSvr.exe
(Piriform Ltd) C:\Program Files\CCleaner\CCleaner.exe
(TOSHIBA CORPORATION) C:\Program Files\Toshiba\ConfigFree\CFSwMgr.exe
(Belkin International, Inc.) C:\Program Files\Belkin\Belkin USB Print and Storage Center\Connect.exe
(Affinegy, Inc.) C:\Program Files\Belkin\Router Setup and Monitor\BelkinSetup.exe
(Affinegy, Inc.) C:\Program Files\Belkin\Router Setup and Monitor\dlnaPlugin.exe
(ATI Technologies Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(Synaptics, Inc.) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Microsoft Corporation) C:\Windows\System32\wuauclt.exe
(Crystal Dew World) C:\Users\psimoes\Desktop\AntiV\CrystalDiskInfo6_2_2\DiskInfo.exe


==================== Registry (Whitelisted) ====================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [StartCCC] => C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [90112 2006-11-10] ()
HKLM\...\Run: [RtHDVCpl] => C:\Windows\RtHDVCpl.exe [4911104 2008-01-29] (Realtek Semiconductor)
HKLM\...\Run: [Camera Assistant Software] => C:\Program Files\Camera Assistant Software for Toshiba\traybar.exe [413696 2007-10-25] (Chicony)
HKLM\...\Run: [FingerPrintNotifer] => C:\Program Files\TrueSuite Access Manager\FpNotifier.exe [671744 2008-01-24] (AuthenTec, Inc)
HKLM\...\Run: [PwdBank] => C:\Program Files\TrueSuite Access Manager\PwdBank.exe [3150848 2008-02-01] (Arachnoid Biometrics Identification Group)
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [1348904 2008-08-14] (Synaptics, Inc.)
HKLM\...\Run: [NDSTray.exe] => NDSTray.exe
HKLM\...\Run: [@OnlineArmor GUI] => C:\Program Files\Online Armor\OAui.exe [7558464 2013-10-15] (Emsisoft GmbH)
HKLM\...\Run: [UsbMonitor] => C:\Program Files\TrueSuite Access Manager\usbnotify.exe [94208 2007-06-05] ()
HKLM\...\Run: [InstaLAN] => C:\Program Files\Belkin\Router Setup and Monitor\BelkinRouterMonitor.exe [1885088 2012-02-23] (Affinegy, Inc.)
HKLM\...\Run: [SunJavaUpdateSched] => C:\Program Files\Common Files\Java\Java Update\jusched.exe [256896 2014-07-25] (Oracle Corporation)
HKLM\...\Run: [PSUAMain] => C:\Program Files\Panda Security\Panda Security Protection\PSUAMain.exe [109824 2016-08-04] (Panda Security, S.L.)
HKLM\...\Run: [Panda Security URL Filtering] => C:\Program Files\Panda Security URL Filtering\Panda_URL_Filtering.exe [254472 2015-11-06] (Visicom Media Inc.)
HKLM\...\Policies\Explorer: [EnableShellExecuteHooks] 1
HKU\S-1-5-21-3399307451-3074549587-1771456082-1000\...\Run: [TOSCDSPD] => C:\Program Files\TOSHIBA\TOSCDSPD\TOSCDSPD.exe [430080 2008-01-29] ()
HKU\S-1-5-21-3399307451-3074549587-1771456082-1000\...\Run: [swg] => C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [39408 2009-02-16] (Google Inc.)
HKU\S-1-5-21-3399307451-3074549587-1771456082-1000\...\Run: [cdloader] => C:\Users\psimoes\AppData\Roaming\mjusbsp\cdloader2.exe [51592 2014-07-04] (magicJack L.P.)
HKU\S-1-5-21-3399307451-3074549587-1771456082-1000\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner.exe [6495144 2015-09-16] (Piriform Ltd)
HKU\S-1-5-21-3399307451-3074549587-1771456082-1000\...\Run: [Adobe Reader Synchronizer] => C:\Program Files\Adobe\Reader 10.0\Reader\AdobeCollabSync.exe [1104288 2015-09-24] (Adobe Systems Incorporated)
HKU\S-1-5-21-3399307451-3074549587-1771456082-1000\...\Policies\system: [LogonHoursAction] 2
HKU\S-1-5-21-3399307451-3074549587-1771456082-1000\...\Policies\system: [DontDisplayLogonHoursWarnings] 1
HKU\S-1-5-18\...\Policies\system: [LogonHoursAction] 2
HKU\S-1-5-18\...\Policies\system: [DontDisplayLogonHoursWarnings] 1
ShellExecuteHooks: - {AEB6717E-7E19-11d0-97EE-00C04FD91972} - No File [ ]
ShellExecuteHooks: OA Shell Helper - {4F07DA45-8170-4859-9B5F-037EF2970034} - C:\Program Files\Online Armor\oaevent.dll [1033968 2013-10-15] (Emsisoft GmbH)
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => No File
ShellIconOverlayIdentifiers: [IconOvrly1] -> {A4EEBF66-92EB-4F2A-9F1E-2F6D14B30DA6} => C:\Program Files\TrueSuite Access Manager\IconOvrly.dll [2007-04-20] (Arachnoid Biometrics Identification Group Corp.)
GroupPolicy: Restriction ? <======= ATTENTION
GroupPolicy\User: Restriction ? <======= ATTENTION
CHR HKU\S-1-5-21-3399307451-3074549587-1771456082-1000\SOFTWARE\Policies\Google: Restriction <======= ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Winsock: Catalog5 07 C:\Program Files\Bonjour\mdnsNSP.dll [152864 2010-07-27] (Apple Inc.)
Tcpip\Parameters: [DhcpNameServer] 192.168.2.1
Tcpip\..\Interfaces\{1D540E3C-1399-47A6-BADF-78CB0BFC08EB}: [NameServer] 208.67.222.222,208.67.220.220
Tcpip\..\Interfaces\{1D540E3C-1399-47A6-BADF-78CB0BFC08EB}: [DhcpNameServer] 192.168.2.1
Tcpip\..\Interfaces\{3B2222F8-C9A7-46A7-97F5-F8C4C87BF2CD}: [DhcpNameServer] 192.168.2.1

Internet Explorer:
==================
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKU\S-1-5-21-3399307451-3074549587-1771456082-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
HKU\S-1-5-21-3399307451-3074549587-1771456082-1000\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\S-1-5-21-3399307451-3074549587-1771456082-1000\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
URLSearchHook: [S-1-5-21-3399307451-3074549587-1771456082-1000] ATTENTION => Default URLSearchHook is missing
URLSearchHook: HKU\S-1-5-21-3399307451-3074549587-1771456082-1000 - Panda Safe Web - {B821BF60-5C2D-41EB-92DC-3E4CCD3A22E4} - C:\Program Files\pandasecuritytb\pandasecurityDx.dll ()
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
BHO: SnagIt Toolbar Loader -> {00C6482D-C502-44C8-8409-FCE54AD9C208} -> C:\Program Files\TechSmith\SnagIt 9\SnagItBHO.dll [2008-05-15] (TechSmith Corporation)
BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll [2006-10-27] (Microsoft Corporation)
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre7\bin\ssv.dll [2014-07-25] (Oracle Corporation)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2011-03-28] (Microsoft Corp.)
BHO: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll [2016-04-26] (Google Inc.)
BHO: Panda Safe Web -> {B821BF60-5C2D-41EB-92DC-3E4CCD3A22E4} -> C:\Program Files\pandasecuritytb\pandasecurityDx.dll [2016-07-27] ()
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre7\bin\jp2ssv.dll [2014-07-25] (Oracle Corporation)
Toolbar: HKLM - SnagIt - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - C:\Program Files\TechSmith\SnagIt 9\SnagItIEAddin.dll [2008-05-15] (TechSmith Corporation)
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll [2016-04-26] (Google Inc.)
Toolbar: HKLM - Panda Safe Web - {B821BF60-5C2D-41EB-92DC-3E4CCD3A22E4} - C:\Program Files\pandasecuritytb\pandasecurityDx.dll [2016-07-27] ()
Toolbar: HKU\S-1-5-21-3399307451-3074549587-1771456082-1000 -> Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll [2016-04-26] (Google Inc.)
DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} hxxp://download.eset.com/special/eos/OnlineScanner.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab
DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C}
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll [2006-10-27] (Microsoft Corporation)
Handler: ms-itss - {0A9007C0-4076-11D3-8789-0000F8105754} - c:\Program Files\Common Files\Microsoft Shared\Information Retrieval\msitss.dll [2007-06-08] (Microsoft Corporation)

FireFox:
========
FF ProfilePath: C:\Users\psimoes\AppData\Roaming\Mozilla\Firefox\Profiles\9yk1vrhk.default [2016-11-14]
FF Extension: (Firefox Hotfix) - C:\Users\psimoes\AppData\Roaming\Mozilla\Firefox\Profiles\9yk1vrhk.default\Extensions\firefox-hotfix@mozilla.org.xpi [2016-09-06]
FF Extension: (Panda Security Toolbar) - C:\Users\psimoes\AppData\Roaming\Mozilla\Firefox\Profiles\9yk1vrhk.default\Extensions\{B821BF60-5C2D-41EB-92DC-3E4CCD3A22E4}.xpi [2016-04-26]
FF SearchPlugin: C:\Users\psimoes\AppData\Roaming\Mozilla\Firefox\Profiles\9yk1vrhk.default\searchplugins\yahoo-avast.xml [2014-06-17]
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF32_23_0_0_207.dll [2016-11-08] ()
FF Plugin: @Apple.com/iTunes,version=1.0 -> C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll [2010-12-09] ()
FF Plugin: @google.com/npPicasa3,version=3.0.0 -> C:\Program Files\Google\Picasa3\npPicasa3.dll [2014-01-06] (Google, Inc.)
FF Plugin: @java.com/DTPlugin,version=10.67.2 -> C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll [2014-07-25] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.67.2 -> C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll [2014-07-25] (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll [2013-01-24] ( Microsoft Corporation)
FF Plugin: @microsoft.com/WPF,version=3.5 -> C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll [2008-07-29] (Microsoft Corporation)
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.31.5\npGoogleUpdate3.dll [2016-07-28] (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.31.5\npGoogleUpdate3.dll [2016-07-28] (Google Inc.)
FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll [2015-09-24] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-3399307451-3074549587-1771456082-1000: @citrixonline.com/appdetectorplugin -> C:\Users\psimoes\AppData\Local\Citrix\Plugins\104\npappdetector.dll [2015-11-19] (Citrix Online)
FF Plugin HKU\S-1-5-21-3399307451-3074549587-1771456082-1000: @Skype Limited.com/Facebook Video Calling Plugin -> C:\Users\psimoes\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll [2014-07-24] (Skype Limited)
FF Plugin HKU\S-1-5-21-3399307451-3074549587-1771456082-1000: @talk.google.com/GoogleTalkPlugin -> C:\Users\psimoes\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll [2015-12-08] (Google)
FF Plugin HKU\S-1-5-21-3399307451-3074549587-1771456082-1000: @talk.google.com/O1DPlugin -> C:\Users\psimoes\AppData\Roaming\Mozilla\plugins\npo1d.dll [2015-12-08] (Google)
FF Plugin HKU\S-1-5-21-3399307451-3074549587-1771456082-1000: @tools.google.com/Google Update;version=3 -> C:\Users\psimoes\AppData\Local\Google\Update\1.3.31.5\npGoogleUpdate3.dll [2016-07-28] (Google Inc.)
FF Plugin HKU\S-1-5-21-3399307451-3074549587-1771456082-1000: @tools.google.com/Google Update;version=9 -> C:\Users\psimoes\AppData\Local\Google\Update\1.3.31.5\npGoogleUpdate3.dll [2016-07-28] (Google Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nppdf32.dll [2015-09-24] (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Users\psimoes\AppData\Roaming\mozilla\plugins\npatgpc.dll [2013-07-13] (Cisco WebEx LLC)
FF Plugin ProgramFiles/Appdata: C:\Users\psimoes\AppData\Roaming\mozilla\plugins\npgoogletalk.dll [2015-12-08] (Google)
FF Plugin ProgramFiles/Appdata: C:\Users\psimoes\AppData\Roaming\mozilla\plugins\npo1d.dll [2015-12-08] (Google)

Chrome:
=======
CHR HomePage: Default -> hxxps://www.google.com/accounts/ServiceLogin?service=mail&passive=true&rm=false&continue=http%3A%2F%2Fmail.google.com%2Fmail%2F%3Fui%3Dhtml%26zy%3Dl&bsv=1k96igf4806cy&scc=1&ltmpl=default&ltmplcache=2&hl=en
CHR StartupUrls: Default -> "hxxps://www.startpage.com/"
CHR Profile: C:\Users\psimoes\AppData\Local\Google\Chrome\User Data\Default [2016-11-14]
CHR Extension: (Google Slides) - C:\Users\psimoes\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-09-09]
CHR Extension: (Google Docs) - C:\Users\psimoes\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-09-09]
CHR Extension: (Google Drive) - C:\Users\psimoes\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-10-21]
CHR Extension: (TV) - C:\Users\psimoes\AppData\Local\Google\Chrome\User Data\Default\Extensions\beobeededemalmllhkmnkinmfembdimh [2015-09-09]
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\psimoes\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2015-09-09]
CHR Extension: (YouTube) - C:\Users\psimoes\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-09-24]
CHR Extension: (StartPage Search Engine) - C:\Users\psimoes\AppData\Local\Google\Chrome\User Data\Default\Extensions\choepknhbopmendmnohbaemeaeemnaom [2016-11-10]
CHR Extension: (Thesaurus.com - Synonyms and Antonyms) - C:\Users\psimoes\AppData\Local\Google\Chrome\User Data\Default\Extensions\clljlcapeomdokpgadmegpabakieebci [2015-09-09]
CHR Extension: (Google Search) - C:\Users\psimoes\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-10-27]
CHR Extension: (Learn Italian - Molto Bene) - C:\Users\psimoes\AppData\Local\Google\Chrome\User Data\Default\Extensions\dadgddaepklpemjojmnhgdjmmkmefihe [2015-09-09]
CHR Extension: (Trading Dashboard to Fructify your Money) - C:\Users\psimoes\AppData\Local\Google\Chrome\User Data\Default\Extensions\egfjlnahigndmbebpdhnnkcfnahhhglp [2015-09-09]
CHR Extension: (Zoho Invoice and Time Tracking) - C:\Users\psimoes\AppData\Local\Google\Chrome\User Data\Default\Extensions\ehmnelfmlmpladgddfgghoaigjhfkhdj [2015-09-09]
CHR Extension: (Google Sheets) - C:\Users\psimoes\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-09-09]
CHR Extension: (Google Docs Offline) - C:\Users\psimoes\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-03-15]
CHR Extension: (Save to Google Drive) - C:\Users\psimoes\AppData\Local\Google\Chrome\User Data\Default\Extensions\gmbmikajjgmnabiglmofipeabaddhgne [2015-09-09]
CHR Extension: (Send Anywhere (File Transfer)) - C:\Users\psimoes\AppData\Local\Google\Chrome\User Data\Default\Extensions\hihbikoooaenkpdooehgemieligjejcb [2016-11-10]
CHR Extension: (Learn Portuguese - Tudo Bem) - C:\Users\psimoes\AppData\Local\Google\Chrome\User Data\Default\Extensions\iaichpenkdlohcjgagagapnegbjmfnfh [2015-09-09]
CHR Extension: (Mailvelope) - C:\Users\psimoes\AppData\Local\Google\Chrome\User Data\Default\Extensions\kajibbejlbohfaggdiogboambcijhkke [2016-09-08]
CHR Extension: (HelloSign: Online signatures made easy) - C:\Users\psimoes\AppData\Local\Google\Chrome\User Data\Default\Extensions\kajjckmbclbffbpecfbiecehkfgopppd [2015-09-09]
CHR Extension: (Yesware Reports) - C:\Users\psimoes\AppData\Local\Google\Chrome\User Data\Default\Extensions\kiciehannidbjakcefendokamkjnolhg [2015-09-09]
CHR Extension: (Boomerang for Gmail) - C:\Users\psimoes\AppData\Local\Google\Chrome\User Data\Default\Extensions\mdanidgdpmkimeiiojknlnekblgmpdll [2016-05-23]
CHR Extension: (Vend) - C:\Users\psimoes\AppData\Local\Google\Chrome\User Data\Default\Extensions\meddmiakkfjlledfhjljjjdebajikafa [2015-09-09]
CHR Extension: (Mailtrack for Gmail) - C:\Users\psimoes\AppData\Local\Google\Chrome\User Data\Default\Extensions\ndnaehgpjlnokgebbaldlmgkapkpjkkb [2016-11-09]
CHR Extension: (Chrome Web Store Payments) - C:\Users\psimoes\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-04-02]
CHR Extension: (Docs PDF/PowerPoint Viewer (by Google)) - C:\Users\psimoes\AppData\Local\Google\Chrome\User Data\Default\Extensions\nnbmlagghjjcbdhgmkedmbmedengocbn [2015-09-09]
CHR Extension: (Google Chrome to Phone Extension [DEPRECATED]) - C:\Users\psimoes\AppData\Local\Google\Chrome\User Data\Default\Extensions\oadboiipflhobonjjffjbfekfjcgkhco [2015-12-04]
CHR Extension: (Gmail) - C:\Users\psimoes\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-09-09]
CHR Extension: (Learn Spanish - Qué Onda) - C:\Users\psimoes\AppData\Local\Google\Chrome\User Data\Default\Extensions\pmcdjmebmeoobmdghjbjhbifoocbcmaj [2015-09-09]
CHR Extension: (Streak CRM for Gmail) - C:\Users\psimoes\AppData\Local\Google\Chrome\User Data\Default\Extensions\pnnfemgpilpdaojpnkjdgfgbnnjojfik [2016-06-21]
CHR HKLM\...\Chrome\Extension: [fagakgcelolinfnkfgekcnedpaklfcok] - hxxps://clients2.google.com/service/update2/crx

Opera:
=======
OPR StartupUrls: "hxxps://accounts.google.com/ServiceLogin?service=mail&continue=hxxps://mail.google.com/mail/"

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 AffinegyService; C:\Program Files\Belkin\Router Setup and Monitor\BelkinService.exe [563104 2012-02-23] (Affinegy, Inc.)
R2 Authentec memory manager; C:\Windows\system32\TAMSvr.exe [49152 2007-10-15] (AuthenTec Inc.) [File not signed]
R2 Backupper Service; C:\Program Files\AOMEI Backupper Standard Edition 2.0.2\ABService.exe [29912 2014-08-21] (AOMEI Tech Co., Ltd.) [File not signed]
R2 Belkin Local Backup Service; C:\Program Files\Belkin\Belkin USB Print and Storage Center\BkBackupScheduler.exe [152576 2011-04-19] () [File not signed]
R2 Belkin Network USB Helper; C:\Program Files\Belkin\Belkin USB Print and Storage Center\Bkapcs.exe [49152 2010-02-09] () [File not signed]
R2 ConfigFree Service; C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe [40960 2007-12-25] (TOSHIBA CORPORATION) [File not signed]
R2 EvtEng; C:\Program Files\Intel\Wireless\Bin\EvtEng.exe [794624 2007-10-08] (Intel Corporation) [File not signed]
S3 getPlusHelper; C:\Windows\System32\svchost.exe [21504 2008-01-20] (Microsoft Corporation)
S3 Gizmo Central; C:\Program Files\Gizmo\gservice.exe [34728 2011-07-02] (Arainia Solutions)
S3 GoogleDesktopManager; C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe [1862144 2008-02-12] (Google) [File not signed]
S3 IDriverT; C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe [69632 2005-11-14] (Macrovision Corporation) [File not signed]
R2 NanoServiceMain; C:\Program Files\Panda Security\Panda Security Protection\PSANHost.exe [153096 2016-08-04] (Panda Security, S.L.)
S3 nosGetPlusHelper; C:\Windows\System32\svchost.exe [21504 2008-01-20] (Microsoft Corporation)
R2 OAcat; C:\Program Files\Online Armor\OAcat.exe [584864 2013-10-15] (Emsisoft GmbH)
R2 PandaAgent; C:\Program Files\Panda Security\Panda Devices Agent\AgentSvc.exe [86104 2016-07-19] (Panda Security, S.L.)
R2 PassThru Service; C:\Program Files\HTC\Internet Pass-Through\PassThruSvr.exe [166912 2013-10-17] () [File not signed]
R2 pinger; C:\Toshiba\IVP\ISM\pinger.exe [136816 2007-01-25] ()
R2 PSUAService; C:\Program Files\Panda Security\Panda Security Protection\PSUAService.exe [48584 2016-08-04] (Panda Security, S.L.)
R2 RegSrvc; C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe [483328 2007-10-08] (Intel Corporation) [File not signed]
S3 ServiceLayer; C:\Program Files\PC Connectivity Solution\ServiceLayer.exe [633856 2011-06-08] (Nokia) [File not signed]
R2 SvcOnlineArmor; C:\Program Files\Online Armor\oasrv.exe [4457688 2013-10-15] (Emsisoft GmbH)
R2 Swupdtmr; c:\Toshiba\IVP\swupdate\swupdtmr.exe [66928 2007-10-23] ()
R2 TOSHIBA SMART Log Service; C:\Program Files\TOSHIBA\SMARTLogService\TosIPCSrv.exe [126976 2007-12-03] (TOSHIBA Corporation) [File not signed]
R2 UleadBurningHelper; C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe [49152 2006-08-23] (Ulead Systems, Inc.) [File not signed]
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [272952 2008-01-20] (Microsoft Corporation)
S4 AcrSch2Svc; no ImagePath
S3 rpcapd; "%ProgramFiles%\WinPcap\rpcapd.exe" -d -f "%ProgramFiles%\WinPcap\rpcapd.ini" [X]

===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R0 AlfaFF; C:\Windows\System32\Drivers\AlfaFF.sys [43440 2008-02-03] (Alfa Corporation)
R0 ambakdrv; C:\Windows\System32\ambakdrv.sys [26424 2014-08-19] () [File not signed]
R2 ammntdrv; C:\Windows\system32\ammntdrv.sys [129720 2014-08-19] () [File not signed]
R2 amwrtdrv; C:\Windows\system32\amwrtdrv.sys [14392 2014-08-19] () [File not signed]
R3 ATSWPDRV; C:\Windows\System32\DRIVERS\ATSwpDrv.sys [146944 2009-01-26] (AuthenTec, Inc.)
S1 Cdr4_xp; C:\Windows\system32\Drivers\Cdr4_xp.sys [2432 2006-10-04] (Sonic Solutions) [File not signed]
S1 Cdralw2k; C:\Windows\system32\Drivers\Cdralw2k.sys [2560 2006-10-04] (Sonic Solutions) [File not signed]
R1 GizmoDrv; C:\Windows\system32\Drivers\GizmoDrv.sys [25488 2011-07-02] (Arainia Solutions LLC)
R1 NNSALPC; C:\Windows\System32\DRIVERS\NNSAlpc.sys [87032 2015-12-04] (Panda Security, S.L.)
R1 NNSHTTP; C:\Windows\System32\DRIVERS\NNSHttp.sys [202104 2015-12-04] (Panda Security, S.L.)
R1 NNSHTTPS; C:\Windows\System32\DRIVERS\NNSHttps.sys [109688 2015-12-04] (Panda Security, S.L.)
R1 NNSIDS; C:\Windows\System32\DRIVERS\NNSIds.sys [121720 2015-12-04] (Panda Security, S.L.)
R1 NNSNAHSL; C:\Windows\System32\DRIVERS\NNSNAHSL.sys [42256 2015-04-27] (Panda Security, S.L.)
R1 NNSPICC; C:\Windows\System32\DRIVERS\NNSPicc.sys [102392 2015-12-04] (Panda Security, S.L.)
R1 NNSPIHSW; C:\Windows\System32\DRIVERS\NNSPihsw.sys [72400 2016-03-14] (Panda Security, S.L.)
R1 NNSPOP3; C:\Windows\System32\DRIVERS\NNSPop3.sys [120568 2015-12-04] (Panda Security, S.L.)
R1 NNSPROT; C:\Windows\System32\DRIVERS\NNSProt.sys [281720 2015-12-04] (Panda Security, S.L.)
R1 NNSPRV; C:\Windows\System32\DRIVERS\NNSPrv.sys [216208 2016-02-17] (Panda Security, S.L.)
R1 NNSSMTP; C:\Windows\System32\DRIVERS\NNSSmtp.sys [108408 2015-12-04] (Panda Security, S.L.)
R1 NNSSTRM; C:\Windows\System32\DRIVERS\NNSStrm.sys [247568 2016-02-17] (Panda Security, S.L.)
R1 NNSTLSC; C:\Windows\System32\DRIVERS\NNSTlsc.sys [94968 2015-12-04] (Panda Security, S.L.)
S3 NPF; C:\Windows\System32\drivers\npf.sys [35088 2010-06-25] (CACE Technologies, Inc.)
R1 OADevice; C:\Windows\system32\drivers\OADriver.sys [210360 2013-10-15] ()
R1 oahlpXX; C:\Windows\system32\drivers\oahlp32.sys [44984 2013-10-15] ()
R1 OAmon; C:\Windows\system32\drivers\OAmon.sys [34856 2013-10-15] (Emsisoft)
R3 OAnet; C:\Windows\System32\DRIVERS\oanet.sys [31760 2013-10-15] (Emsisoft)
R2 PSINAflt; C:\Windows\System32\DRIVERS\PSINAflt.sys [147728 2016-08-04] (Panda Security, S.L.)
R2 PSINFile; C:\Windows\System32\DRIVERS\PSINFile.sys [111376 2016-08-04] (Panda Security, S.L.)
R1 PSINKNC; C:\Windows\System32\DRIVERS\psinknc.sys [175888 2016-08-04] (Panda Security, S.L.)
R2 PSINProc; C:\Windows\System32\DRIVERS\PSINProc.sys [121616 2016-08-04] (Panda Security, S.L.)
R2 PSINProt; C:\Windows\System32\DRIVERS\PSINProt.sys [132880 2016-08-04] (Panda Security, S.L.)
R2 PSINReg; C:\Windows\System32\DRIVERS\PSINReg.sys [107792 2016-08-04] (Panda Security, S.L.)
R3 PSKMAD; C:\Windows\System32\DRIVERS\PSKMAD.sys [58288 2016-08-08] (Panda Security, S.L.)
R0 snapman380; C:\Windows\System32\DRIVERS\snman380.sys [134272 2009-03-14] (Acronis)
R3 stdriver; C:\Windows\System32\DRIVERS\stdriver32.sys [49240 2011-02-11] (NCH Software)
R2 sxuptp; C:\Windows\System32\DRIVERS\sxuptp.sys [247320 2009-06-22] (silex technology, Inc.)
S3 tap0901; C:\Windows\System32\DRIVERS\tap0901.sys [25216 2010-02-25] (The OpenVPN Project)
R0 tdrpman147; C:\Windows\System32\DRIVERS\tdrpm147.sys [971232 2009-03-14] (Acronis)
S3 teamviewervpn; C:\Windows\System32\DRIVERS\teamviewervpn.sys [25088 2013-10-17] (TeamViewer GmbH)
S3 trufos; C:\Windows\System32\drivers\trufos.sys [343456 2015-06-07] (BitDefender S.R.L.)
R3 UVCFTR; C:\Windows\System32\Drivers\UVCFTR_S.SYS [18432 2007-12-17] (Chicony Electronics Co., Ltd.)
U5 AppMgmt; C:\Windows\system32\svchost.exe [21504 2008-01-20] (Microsoft Corporation)
U0 aswVmm; no ImagePath
S3 catchme; \??\C:\ComboFix\catchme.sys [X]
S3 IpInIp; system32\DRIVERS\ipinip.sys [X]
S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [X]
S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [X]
S0 tljkva; no ImagePath
S3 Tosrfcom; no ImagePath
S0 wayuia; no ImagePath

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-11-14 11:34 - 2016-11-14 11:36 - 00029931 _____ C:\Users\psimoes\Desktop\FRST.txt
2016-11-14 11:29 - 2016-11-14 11:34 - 00000000 ____D C:\FRST
2016-11-14 11:15 - 2016-11-14 11:15 - 05200384 _____ (AVAST Software) C:\Users\psimoes\Desktop\aswmbr.exe
2016-11-14 11:15 - 2016-11-14 11:15 - 01760768 _____ (Farbar) C:\Users\psimoes\Desktop\FRST.exe
2016-11-13 23:07 - 2016-11-13 23:07 - 00000000 ____D C:\Users\psimoes\AppData\Local\ESET
2016-11-13 22:43 - 2016-08-08 04:00 - 00058288 _____ (Panda Security, S.L.) C:\Windows\system32\Drivers\PSKMAD.sys
2016-11-13 13:27 - 2016-11-13 22:30 - 00000000 ____D C:\Users\psimoes\Desktop\Panda.Cloud.Cleaner_Portable
2016-11-13 13:20 - 2016-11-13 13:20 - 37786232 _____ (Panda Security ) C:\Users\psimoes\Desktop\PandaCloudCleaner.exe
2016-11-12 23:25 - 2016-11-13 09:33 - 00000000 ____D C:\Users\psimoes\AppData\Local\FSDART
2016-11-12 23:25 - 2016-11-12 23:52 - 00000000 ____D C:\ProgramData\F-Secure
2016-11-12 23:25 - 2016-11-12 23:25 - 00000000 ____D C:\Users\psimoes\AppData\Local\F-Secure
2016-11-12 23:06 - 2016-11-12 23:06 - 00524248 _____ (F-Secure Corporation) C:\Users\psimoes\Desktop\F-SecureOnlineScanner.exe
2016-11-12 23:04 - 2016-11-12 23:04 - 06761600 _____ (ESET spol. s r.o.) C:\Users\psimoes\Desktop\esetonlinescanner_enu.exe
2016-11-10 20:55 - 2016-11-14 10:07 - 00000000 ____D C:\Program Files\Mozilla Firefox
2016-10-21 13:43 - 2016-10-21 13:53 - 00000000 ____D C:\Users\psimoes\AppData\Local\panda
2016-10-21 13:43 - 2016-10-21 13:43 - 00000000 ____D C:\Program Files\Panda Security URL Filtering
2016-10-21 13:42 - 2016-11-13 13:17 - 00000000 ____D C:\Users\psimoes\AppData\LocalLow\pandasecuritytb
2016-10-21 13:42 - 2016-10-21 13:42 - 00000000 ____D C:\Program Files\pandasecuritytb
2016-10-21 13:41 - 2016-10-21 13:41 - 00000000 ____D C:\Users\psimoes\AppData\Roaming\Panda Security
2016-10-21 13:34 - 2016-10-21 13:44 - 00002029 _____ C:\Users\Public\Desktop\Panda Free Antivirus.lnk
2016-10-21 13:34 - 2016-10-21 13:34 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Panda Free Antivirus
2016-10-21 13:33 - 2016-10-21 13:42 - 00000000 ____D C:\Program Files\Panda Security

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-11-14 11:23 - 2006-11-02 07:47 - 00003616 _____ C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
2016-11-14 11:23 - 2006-11-02 07:47 - 00003616 _____ C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
2016-11-14 11:21 - 2009-06-30 20:06 - 00000916 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3399307451-3074549587-1771456082-1000UA.job
2016-11-14 11:12 - 2010-02-09 17:32 - 00000886 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2016-11-14 10:37 - 2013-03-20 23:25 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2016-11-14 09:29 - 2006-11-02 06:18 - 00000000 ____D C:\Windows\inf
2016-11-14 09:29 - 2006-11-02 05:33 - 00854788 _____ C:\Windows\system32\PerfStringBackup.INI
2016-11-14 09:26 - 2010-02-09 17:32 - 00000882 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2016-11-14 09:24 - 2006-11-02 08:01 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2016-11-14 09:24 - 2006-11-02 07:37 - 00000000 ___RD C:\Users\Public\Recorded TV
2016-11-14 00:24 - 2006-11-02 08:01 - 00032656 _____ C:\Windows\Tasks\SCHEDLGU.TXT
2016-11-14 00:19 - 2014-03-06 22:39 - 00000000 ____D C:\Users\psimoes\AppData\Local\CrashDumps
2016-11-13 23:47 - 2011-12-25 20:37 - 00000936 _____ C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3399307451-3074549587-1771456082-1000UA.job
2016-11-13 17:47 - 2011-12-25 20:37 - 00000914 _____ C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3399307451-3074549587-1771456082-1000Core.job
2016-11-13 16:21 - 2009-06-30 20:06 - 00000864 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3399307451-3074549587-1771456082-1000Core.job
2016-11-10 18:32 - 2016-04-15 08:12 - 00000000 ____D C:\Users\psimoes\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps
2016-11-08 12:37 - 2012-05-03 08:23 - 00796352 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe
2016-11-08 12:37 - 2011-06-21 23:31 - 00142528 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl
2016-11-08 12:37 - 2008-02-12 21:43 - 00000000 ____D C:\Windows\system32\Macromed
2016-11-03 11:06 - 2016-02-22 16:43 - 00000000 ____D C:\Users\psimoes\AppData\Roaming\vlc
2016-11-03 11:04 - 2014-08-18 13:43 - 00000000 ____D C:\Users\psimoes\Desktop\0misc.downl_Tosh
2016-10-25 07:04 - 2006-11-02 07:47 - 00462664 _____ C:\Windows\system32\FNTCACHE.DAT
2016-10-21 13:42 - 2014-10-17 21:06 - 00000000 ____D C:\ProgramData\Panda Security
2016-10-21 13:41 - 2009-02-16 11:18 - 00121608 _____ C:\Users\psimoes\AppData\Local\GDIPFONTCACHEV1.DAT
2016-10-21 12:59 - 2012-06-16 00:29 - 00000000 ____D C:\ProgramData\AVAST Software
2016-10-20 18:05 - 2013-03-07 23:13 - 00000000 ____D C:\Program Files\Online Armor

==================== Files in the root of some directories =======

2015-09-08 15:27 - 2015-09-08 20:18 - 3993600 _____ () C:\Program Files\GUTC12.tmp
2010-02-21 20:14 - 2010-04-02 18:43 - 0000990 ___SH () C:\Users\psimoes\AppData\Roaming\systemfl.$dk
2014-10-13 16:09 - 2014-10-29 03:29 - 0207963 _____ () C:\Users\psimoes\AppData\Local\ars.cache
2014-10-13 16:09 - 2014-10-29 03:29 - 0576849 _____ () C:\Users\psimoes\AppData\Local\census.cache
2010-07-18 20:02 - 2015-05-16 07:08 - 0001356 _____ () C:\Users\psimoes\AppData\Local\d3d9caps.dat
2009-02-16 02:35 - 2011-06-29 21:25 - 0081408 _____ () C:\Users\psimoes\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2014-10-13 15:55 - 2014-10-13 15:55 - 0000036 _____ () C:\Users\psimoes\AppData\Local\housecall.guid.cache
2014-10-13 16:06 - 2014-10-28 23:31 - 0000010 _____ () C:\Users\psimoes\AppData\Local\sponge.last.runtime.cache

Some zero byte size files/folders:
==========================
C:\Windows\logo_1.exe
C:\Windows\RUNDL132.EXE
C:\Windows\VDLL.DLL
C:\Windows\System32\runouce.exe

==================== Bamital & volsnap ======================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\explorer.exe => File is digitally signed
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2016-11-14 09:31

==================== End of FRST.txt ============================


Additional scan result of Farbar Recovery Scan Tool (x86) Version: 12-11-2016
Ran by psimoes (14-11-2016 11:36:58)
Running from C:\Users\psimoes\Desktop
Microsoft® Windows Vista™ Home Premium Service Pack 2 (X86) (2009-02-16 07:13:03)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-3399307451-3074549587-1771456082-500 - Administrator - Disabled)
Guest (S-1-5-21-3399307451-3074549587-1771456082-501 - Limited - Enabled) => C:\Users\Guest
psimoes (S-1-5-21-3399307451-3074549587-1771456082-1000 - Administrator - Enabled) => C:\Users\psimoes
torrents (S-1-5-21-3399307451-3074549587-1771456082-1004 - Limited - Enabled) => C:\Users\torrents

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Panda Free Antivirus (Enabled - Up to date) {3456760B-FDAA-FFFD-06C2-7BB528D2066C}
AS: Panda Free Antivirus (Enabled - Up to date) {8F3797EF-DB90-F073-3C72-40C753554CD1}
AS: Windows Defender (Disabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: Panda Firewall (Disabled) {0C6DF72E-B7C5-FEA5-2D9D-D280D6014117}
FW: Online Armor Firewall (Enabled) {BD3F5FCA-866B-1E2E-0A68-58900A751EA1}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

7-Zip 4.65 (HKLM\...\7-Zip) (Version: - )
7-Zip 9.20 (HKLM\...\{23170F69-40C1-2701-0920-000001000000}) (Version: 9.20.00.0 - Igor Pavlov)
Acrobat.com (HKLM\...\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1) (Version: 1.1.377 - Adobe Systems Incorporated)
Acrobat.com (Version: 0.0.0 - Adobe Systems Incorporated) Hidden
Adobe AIR (HKLM\...\Adobe AIR) (Version: 4.0.0.1390 - Adobe Systems Incorporated)
Adobe Flash Player 23 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 23.0.0.207 - Adobe Systems Incorporated)
Adobe Flash Player 23 NPAPI (HKLM\...\Adobe Flash Player NPAPI) (Version: 23.0.0.207 - Adobe Systems Incorporated)
Adobe Flash Player 23 PPAPI (HKLM\...\Adobe Flash Player PPAPI) (Version: 23.0.0.207 - Adobe Systems Incorporated)
Adobe Reader X (10.1.16) (HKLM\...\{AC76BA86-7AD7-1033-7B44-AA1000000001}) (Version: 10.1.16 - Adobe Systems Incorporated)
Aiseesoft Blu-ray Ripper (HKLM\...\Aiseesoft Blu-ray Ripper_is1) (Version: - )
Aiseesoft Streaming Video Recorder (HKLM\...\Aiseesoft Streaming Video Recorder_is1) (Version: - )
AOMEI Backupper Standard Edition 2.0.2 (HKLM\...\{A83692F5-3E9B-4E95-9E7E-B5DF5536C09F}_is1) (Version: - AOMEI Technology Co., Ltd.)
Apple Application Support (HKLM\...\{F5266D28-E0B2-4130-BFC5-EE155AD514DC}) (Version: 2.3 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{308B6AEA-DE50-4666-996D-0FA461719D6B}) (Version: 3.3.0.69 - Apple Inc.)
Apple Software Update (HKLM\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
ATI Catalyst Install Manager (HKLM\...\{53BB9294-6E76-4853-4130-1CD0A01EAE45}) (Version: 3.0.657.0 - ATI Technologies, Inc.)
Auslogics DiskDefrag (HKLM\...\{DF6A13C0-77DF-41FE-BD05-6D5201EB0CE7}_is1) (Version: 4.4.0.0 - Auslogics Labs Pty Ltd)
Belkin Setup and Router Monitor (HKLM\...\Belkin Setup and Router Monitor_is1) (Version: - )
Belkin USB Print and Storage Center (HKLM\...\Belkin USB Print and Storage Center) (Version: 1.1.4 - Belkin International, Inc.)
Bluetooth Stack for Windows by Toshiba (HKLM\...\{CEBB6BFB-D708-4F99-A633-BC2600E01EF6}) (Version: v6.10.02(T) - TOSHIBA CORPORATION)
Bonjour (HKLM\...\{FF1C31AE-0CDC-40CE-AB85-406F8B70D643}) (Version: 2.0.3.0 - Apple Inc.)
Camera Assistant Software for Toshiba (HKLM\...\{37C866E4-AA67-4725-9E95-A39968DD7960}) (Version: 1.7.175.0123 - Chicony Electronics Co.,Ltd.)
Catalyst Control Center - Branding (HKLM\...\{D58A1E94-9EEA-4C6E-B9FB-D7C63DC6C941}) (Version: 1.00.0000 - ATI)
ccc-core-static (Version: 2008.0130.1509.26922 - ATI) Hidden
CCleaner (HKLM\...\CCleaner) (Version: 5.10 - Piriform)
CD/DVD Drive Acoustic Silencer (HKLM\...\{9FE35071-CAB2-4E79-93E7-BFC6A2DC5C5D}) (Version: 2.02.01 - TOSHIBA)
Cisco WebEx Meetings (HKLM\...\ActiveTouchMeetingClient) (Version: - Cisco WebEx LLC)
Citrix Online Launcher (HKLM\...\{678753E6-E526-4AE5-A144-00240772543A}) (Version: 1.0.393 - Citrix)
Compatibility Pack for the 2007 Office system (HKLM\...\{90120000-0020-0409-0000-0000000FF1CE}) (Version: 12.0.6425.1000 - Microsoft Corporation)
Cover Commander 3.0 by Insofta Development (HKLM\...\Cover Commander) (Version: 3.0 - Insofta Development)
CyberLink PowerCinema for TOSHIBA (HKLM\...\InstallShield_{2637C347-9DAD-11D6-9EA2-00055D0CA761}) (Version: 6.0.1414 - CyberLink Corp.)
D3DX10 (Version: 15.4.2368.0902 - Microsoft) Hidden
DVD MovieFactory for TOSHIBA (HKLM\...\{F214EAA4-A069-4BAF-9DA4-4DB8BEEDE485}) (Version: 5.51 - Ulead Systems, Inc.)
ESET Online Scanner v3 (HKLM\...\ESET Online Scanner) (Version: - )
Facebook Video Calling 3.1.0.521 (HKLM\...\{2091F234-EB58-4B80-8C96-8EB78C808CF7}) (Version: 3.1.521 - Skype Limited)
FileASSASSIN (HKLM\...\FileASSASSIN) (Version: 1.06 - Malwarebytes)
Folder Lock (HKU\S-1-5-21-3399307451-3074549587-1771456082-1000\...\FolderLock6) (Version: - New Sofware.net Inc.)
FXCM Trading Station (HKU\S-1-5-21-3399307451-3074549587-1771456082-1000\...\FXCM Trading Station) (Version: 010311 - )
FXCM Trading Station (Version: 010311 - FXCM) Hidden
GearDrvs (Version: 1 - Symantec Corporation) Hidden
GearDrvs (Version: 1.00.0000 - GEAR Software) Hidden
Gizmo Central (HKLM\...\Gizmo Central) (Version: v2.7.9 - Arainia Solutions, LLC)
Google Chrome (HKLM\...\Google Chrome) (Version: 49.0.2623.112 - Google Inc.)
Google Desktop (HKLM\...\Google Desktop) (Version: - - Google)
Google Talk Plugin (HKLM\...\{F9B579C2-D854-300A-BE62-A09EB9D722E4}) (Version: 5.41.3.0 - Google)
Google Toolbar for Internet Explorer (HKLM\...\{2318C2B1-4965-11d4-9B18-009027A5CD4F}) (Version: 7.5.7619.1252 - Google Inc.)
Google Toolbar for Internet Explorer (Version: 1.0.0 - Google Inc.) Hidden
Google Update Helper (Version: 1.3.25.11 - Google Inc.) Hidden
Google Update Helper (Version: 1.3.31.5 - Google Inc.) Hidden
GoToMeeting 7.16.0.4800 (HKU\S-1-5-21-3399307451-3074549587-1771456082-1000\...\GoToMeeting) (Version: 7.16.0.4800 - CitrixOnline)
HTC BMP USB Driver (HKLM\...\{31A559C1-9E4D-423B-9DD3-34A6C5398752}) (Version: 1.0.5375 - HTC)
HTC Driver Installer (HKLM\...\{6D6664A9-3342-4948-9B7E-034EFE366F0F}) (Version: 3.0.0.021 - HTC Corporation)
Ideal DVD Copy V4.1.2 (HKLM\...\Ideal DVD Copy_is1) (Version: - Ideal DVD Software, Inc.)
ImgBurn (HKLM\...\ImgBurn) (Version: 2.5.7.0 - LIGHTNING UK!)
Intel(R) PROSet/Wireless Software (HKLM\...\ProInst) (Version: 11.5.0000 - Intel Corporation)
Intel® Matrix Storage Manager (HKLM\...\{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}) (Version: - )
IPTInstaller (HKLM\...\{08208143-777D-4A06-BB54-71BF0AD1BB70}) (Version: 4.0.9 - HTC)
iTunes (HKLM\...\{881F5DE8-9367-4B81-A325-E91BBC6472F9}) (Version: 10.1.1.4 - Apple Inc.)
Java 7 Update 67 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F83217051FF}) (Version: 7.0.670 - Oracle)
Junk Mail filter update (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Logitech Unifying Software 2.50 (HKLM\...\Logitech Unifying) (Version: 2.50.25 - Logitech)
magicJack (HKU\S-1-5-21-3399307451-3074549587-1771456082-1000\...\magicJack) (Version: 4.1.7574.5297 - magicJack L.P.)
Malwarebytes' Anti-Malware version 1.51.0.1200 (HKLM\...\Malwarebytes' Anti-Malware_is1) (Version: 1.51.0.1200 - Malwarebytes Corporation)
mCorev32.ism_new (Version: 11.02.0000 - Intel Corporation) Hidden
mCPlug (Version: 11.02.0000 - Intel Corporation) Hidden
mHelp (Version: 11.02.0000 - Intel) Hidden
Microsoft .NET Framework 3.5 SP1 (HKLM\...\Microsoft .NET Framework 3.5 SP1) (Version: - Microsoft Corporation)
Microsoft .NET Framework 4.5.2 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.51209 - Microsoft Corporation)
Microsoft Office Enterprise 2007 (HKLM\...\ENTERPRISE) (Version: 12.0.4518.1014 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.20125.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (HKLM\...\{770657D0-A123-3C07-8E44-1C83EC895118}) (Version: 8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148 (HKLM\...\{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022.218 (HKLM\...\{E503B4BF-F7BB-3D5F-8BC8-F694B1CFF942}) (Version: 9.0.21022.218 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Works (HKLM\...\{15BC8CD0-A65B-47D0-A2DD-90A824590FA8}) (Version: 9.7.0621 - Microsoft Corporation)
mMHouse (Version: 11.02.0000 - Intel Corporation) Hidden
Mozilla Firefox 48.0.2 (x86 en-US) (HKLM\...\Mozilla Firefox 48.0.2 (x86 en-US)) (Version: 48.0.2 - Mozilla)
mPfMgr (Version: 11.02.0000 - Intel Corporation) Hidden
MSVC90_x86 (Version: 1.0.1.2 - Nokia) Hidden
MSXML 4.0 SP2 (KB941833) (HKLM\...\{C523D256-313D-4866-B36A-F3DE528246EF}) (Version: 4.20.9849.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB954430) (HKLM\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (HKLM\...\{196467F1-C11F-4F76-858B-5812ADC83B94}) (Version: 4.30.2100.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (KB2721691) (HKLM\...\{355B5AC0-CEEE-42C5-AD4D-7F3CFD806C36}) (Version: 4.30.2114.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (KB2758694) (HKLM\...\{1D95BA90-F4F8-47EC-A882-441C99D30C1E}) (Version: 4.30.2117.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (KB973685) (HKLM\...\{859DFA95-E4A6-48CD-B88E-A3E483E89B44}) (Version: 4.30.2107.0 - Microsoft Corporation)
Network Recording Player (HKLM\...\{FDA24BB0-8462-4356-B30E-C74FDC25C6DF}) (Version: 28.7.0.15458 - Cisco WebEx LLC)
Nokia Connectivity Cable Driver (HKLM\...\{2D99A593-C841-43A7-B7C9-D6F3AE70B756}) (Version: 7.1.45.0 - Nokia)
Nokia PC Suite (HKLM\...\Nokia PC Suite) (Version: 7.1.62.1 - Nokia)
Nokia PC Suite (Version: 7.1.62.1 - Nokia) Hidden
Online Armor 6.0 (HKLM\...\OnlineArmor_is1) (Version: 6.0 - Emsisoft GmbH)
Opera Stable 36.0.2130.80 (HKLM\...\Opera 36.0.2130.80) (Version: 36.0.2130.80 - Opera Software)
Panda Devices Agent (Version: 1.03.08 - Panda Security) Hidden
Panda Devices Agent (Version: 1.08.00 - Panda Security) Hidden
Panda Free Antivirus (HKLM\...\Panda Universal Agent Endpoint) (Version: 17.00.01.0000 - Panda Security)
Panda Free Antivirus (Version: 8.31.00 - Panda Security) Hidden
Panda Safe Web (HKLM\...\pandasecuritytb) (Version: 4.3.1.20 - Panda Security and Visicom Media Inc.)
PC Connectivity Solution (HKLM\...\{C373F7C4-05D2-4047-96D1-6AF30661C6AA}) (Version: 11.4.19.0 - Nokia)
Picasa 3 (HKLM\...\Picasa 3) (Version: 3.9 - Google, Inc.)
QuickTime (HKLM\...\{AF0CE7C0-A3E4-4D73-988B-B29187EC6E9A}) (Version: 7.73.80.64 - Apple Inc.)
Realtek 8169, 8168, 8101E and 8102E Ethernet Network Card Driver for Windows Vista (HKLM\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 1.00.0000 - Realtek)
Realtek High Definition Audio Driver (HKLM\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.5559 - Realtek Semiconductor Corp.)
Revo Uninstaller 1.92 (HKLM\...\Revo Uninstaller) (Version: 1.92 - VS Revo Group)
RICOH R5C83x/84x Flash Media Controller Driver Ver.3.51.01 (HKLM\...\{59F6A514-9813-47A3-948C-8A155460CC2A}) (Version: 3.51.01 - )
Segoe UI (Version: 15.4.2271.0615 - Microsoft Corp) Hidden
Skins (Version: 2008.0130.1509.26922 - ATI) Hidden
Skype™ 7.26 (HKLM\...\{FC965A47-4839-40CA-B618-18F486F042C6}) (Version: 7.26.101 - Skype Technologies S.A.)
Snagit 11 (HKLM\...\{A56C6348-59D0-433B-A48A-75914858664E}) (Version: 11.2.1 - TechSmith Corporation)
SnagIt 9 (HKLM\...\{59991D18-A988-45AB-B1BF-5ADE6E64CD3F}) (Version: 9.0.0 - TechSmith Corporation)
Spelling Dictionaries Support For Adobe Reader 9 (HKLM\...\{AC76BA86-7AD7-5464-3428-900000000004}) (Version: 9.0.0 - Adobe Systems Incorporated)
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 11.2.4.0 - Synaptics)
TOSHIBA Assist (HKLM\...\{12B3A009-A080-4619-9A2A-C6DB151D8D67}) (Version: 2.01.05 - TOSHIBA)
TOSHIBA ConfigFree (HKLM\...\{78C6A78A-8B03-48C8-A47C-78BA1FCA2307}) (Version: 7.1.27 - TOSHIBA Corporation)
TOSHIBA DVD PLAYER (HKLM\...\{6C5F3BDC-0A1B-4436-A696-5939629D5C31}) (Version: 1.20.10 - TOSHIBA Corporation)
TOSHIBA Extended Tiles for Windows Mobility Center (HKLM\...\InstallShield_{617C36FD-0CBE-4600-84B2-441CEB12FADF}) (Version: 1.01.00 - TOSHIBA Corporation)
TOSHIBA Face Recognition (HKLM\...\InstallShield_{C730E42C-935A-45BB-A0C5-37E5234D111B}) (Version: 1.0.3.32 - TOSHIBA)
TOSHIBA Hardware Setup (HKLM\...\{2883F6F5-0509-43F3-868C-D50330DD9DD3}) (Version: 2.00.06 - )
Toshiba Registration (HKLM\...\{C53D16CC-E56F-47B8-906E-70AAF8EABB4F}) (Version: 1.00.0000 - Datalode Inc.)
TOSHIBA SD Memory Utilities (HKLM\...\{EBFF48F5-3CFA-436F-8FD5-94FB01D3A0A7}) (Version: 1.8.1.1 - TOSHIBA)
TOSHIBA Software Upgrades (HKLM\...\{425A2BC2-AA64-4107-9C29-484245BBEA05}) (Version: 4.3 - TOSHIBA)
TOSHIBA Speech System Applications (HKLM\...\{EE033C1F-443E-41EC-A0E2-559B539A4E4D}) (Version: - )
TOSHIBA Speech System SR Engine(U.S.) Version1.0 (HKLM\...\{008D69EB-70FF-46AB-9C75-924620DF191A}) (Version: - )
TOSHIBA Speech System TTS Engine(U.S.) Version1.0 (HKLM\...\{3FBF6F99-8EC6-41B4-8527-0A32241B5496}) (Version: - )
TOSHIBA Supervisor Password (HKLM\...\{4B1E87C3-00DE-4898-8E39-E390AAEF2391}) (Version: 2.00.03 - )
TOSHIBA Value Added Package (HKLM\...\InstallShield_{FEDD27A0-B306-45EF-BF58-B527406B42C8}) (Version: 1.1.14 - TOSHIBA Corporation)
TrueSuite Access Manager (HKLM\...\{A2075A09-28AA-4D30-9BCC-82EAD9FA51BD}) (Version: 1.1.13.13 - ABIG)
TRW conferencing (HKLM\...\{E23E9487-2B6B-42CA-AE8D-E2369563AB02}) (Version: 7.71 - Digitalweb)
TurboMeeting (HKU\S-1-5-21-3399307451-3074549587-1771456082-1000\...\TurboMeeting) (Version: 3.0.300 - RHUB Communications, Inc.)
Unlocker 1.9.0 (HKLM\...\Unlocker) (Version: 1.9.0 - Cedrick Collomb)
Video Mover (HKLM\...\Video Mover_is1) (Version: - )
VLC media player (HKLM\...\VLC media player) (Version: 2.2.2 - VideoLAN)
Windows Driver Package - Nokia Modem (02/25/2011 4.7) (HKLM\...\E0AC723A3DE3A04256288CADBBB011B112AED454) (Version: 02/25/2011 4.7 - Nokia)
Windows Driver Package - Nokia Modem (02/25/2011 7.01.0.9) (HKLM\...\72A50F48CC5601190B9C4E74D81161693133E7F7) (Version: 02/25/2011 7.01.0.9 - Nokia)
Windows Driver Package - Nokia pccsmcfd (08/22/2008 7.0.0.0) (HKLM\...\504244733D18C8F63FF584AEB290E3904E791693) (Version: 08/22/2008 7.0.0.0 - Nokia)
Windows Live Essentials (HKLM\...\WinLiveSuite) (Version: 15.4.3538.0513 - Microsoft Corporation)
Windows Media Encoder 9 Series (HKLM\...\Windows Media Encoder 9) (Version: - )
WinPcap 4.1.2 (HKLM\...\WinPcapInst) (Version: 4.1.0.2001 - CACE Technologies)
Your monster voice 1 (HKLM\...\Your monster voice 1) (Version: - )

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-3399307451-3074549587-1771456082-1000_Classes\CLSID\{01B48E19-3C98-4B34-B679-86D14E74C2D8}\InprocServer32 -> no filepath
CustomCLSID: HKU\S-1-5-21-3399307451-3074549587-1771456082-1000_Classes\CLSID\{022105BD-948A-40C9-AB42-A3300DDF097F}\localserver32 -> C:\Users\psimoes\AppData\Local\Google\Update\GoogleUpdate.exe (Google Inc.)
CustomCLSID: HKU\S-1-5-21-3399307451-3074549587-1771456082-1000_Classes\CLSID\{035FBE31-3755-450A-A775-5E6BBD43D344}\InprocServer32 -> C:\Users\psimoes\AppData\Local\Google\Update\1.3.21.135\psuser.dll => No File
CustomCLSID: HKU\S-1-5-21-3399307451-3074549587-1771456082-1000_Classes\CLSID\{039B2CA5-3B41-4D93-AD77-47D3293FC5CB}\InprocServer32 -> no filepath
CustomCLSID: HKU\S-1-5-21-3399307451-3074549587-1771456082-1000_Classes\CLSID\{095A2EEC-F7FE-42E8-96FB-C20E53081908}\InprocServer32 -> no filepath
CustomCLSID: HKU\S-1-5-21-3399307451-3074549587-1771456082-1000_Classes\CLSID\{0E55CBE1-B06A-49B6-AD8D-9EFAA0160C6F}\InprocServer32 -> no filepath
CustomCLSID: HKU\S-1-5-21-3399307451-3074549587-1771456082-1000_Classes\CLSID\{0F22A205-CFB0-4679-8499-A6F44A80A208}\InprocServer32 -> C:\Users\psimoes\AppData\Local\Google\Update\1.3.25.5\psuser.dll => No File
CustomCLSID: HKU\S-1-5-21-3399307451-3074549587-1771456082-1000_Classes\CLSID\{11CD84A3-A5E0-43CB-B3DF-92C623C0E0E0}\InprocServer32 -> C:\Windows\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3399307451-3074549587-1771456082-1000_Classes\CLSID\{1423F872-3F7F-4E57-B621-8B1A9D49B448}\InprocServer32 -> C:\Users\psimoes\AppData\Local\Google\Update\1.3.27.5\psuser.dll => No File
CustomCLSID: HKU\S-1-5-21-3399307451-3074549587-1771456082-1000_Classes\CLSID\{1FD1FE74-9E3C-4C1C-AEEB-AAB592AD770F}\localserver32 -> C:\Users\psimoes\AppData\Local\Facebook\Update\FacebookUpdate.exe (Facebook Inc.)
CustomCLSID: HKU\S-1-5-21-3399307451-3074549587-1771456082-1000_Classes\CLSID\{22181302-A8A6-4F84-A541-E5CBFC70CC43}\localserver32 -> C:\Users\psimoes\AppData\Local\Google\Update\1.3.31.5\GoogleUpdateOnDemand.exe (Google Inc.)
CustomCLSID: HKU\S-1-5-21-3399307451-3074549587-1771456082-1000_Classes\CLSID\{29A96789-9595-4947-BEDB-0FCC776F7DB8}\InprocServer32 -> no filepath
CustomCLSID: HKU\S-1-5-21-3399307451-3074549587-1771456082-1000_Classes\CLSID\{2A235D7E-0358-40E2-B51A-DE22F8F5C50D}\InprocServer32 -> C:\Windows\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3399307451-3074549587-1771456082-1000_Classes\CLSID\{2F0E2680-9FF5-43C0-B76E-114A56E93598}\localserver32 -> C:\Users\psimoes\AppData\Local\Google\Update\1.3.31.5\GoogleUpdateOnDemand.exe (Google Inc.)
CustomCLSID: HKU\S-1-5-21-3399307451-3074549587-1771456082-1000_Classes\CLSID\{320F0FDB-BE0A-4648-9D18-4A2C3448C007}\InprocServer32 -> no filepath
CustomCLSID: HKU\S-1-5-21-3399307451-3074549587-1771456082-1000_Classes\CLSID\{355EC88A-02E2-4547-9DEE-F87426484BD1}\InprocServer32 -> C:\Users\psimoes\AppData\Local\Google\Update\1.3.23.9\psuser.dll => No File
CustomCLSID: HKU\S-1-5-21-3399307451-3074549587-1771456082-1000_Classes\CLSID\{39125640-8D80-11DC-A2FE-C5C455D89593}\InprocServer32 -> C:\Users\psimoes\AppData\Local\Google\Google Talk Plugin\googletalkax.dll (Google)
CustomCLSID: HKU\S-1-5-21-3399307451-3074549587-1771456082-1000_Classes\CLSID\{3D0E3723-95BF-4639-BE54-BB803AE4AE13}\localserver32 -> C:\Program Files\Candleworks\FXTS2\FXTSpp.exe ()
CustomCLSID: HKU\S-1-5-21-3399307451-3074549587-1771456082-1000_Classes\CLSID\{42481700-CF3C-4D05-8EC6-F9A1C57E8DC0}\InprocServer32 -> no filepath
CustomCLSID: HKU\S-1-5-21-3399307451-3074549587-1771456082-1000_Classes\CLSID\{4DF0C730-DF9D-4AE3-9153-AA6B82E9795A}\InprocServer32 -> no filepath
CustomCLSID: HKU\S-1-5-21-3399307451-3074549587-1771456082-1000_Classes\CLSID\{51F9E8EF-59D7-475B-A106-C7EA6F30C119}\localserver32 -> C:\Users\psimoes\AppData\Local\Google\Update\1.3.31.5\GoogleUpdateOnDemand.exe (Google Inc.)
CustomCLSID: HKU\S-1-5-21-3399307451-3074549587-1771456082-1000_Classes\CLSID\{590C4387-5EBD-4D46-8A84-CD0BA2EF2856}\InprocServer32 -> C:\Users\psimoes\AppData\Local\Google\Update\1.3.30.3\psuser.dll => No File
CustomCLSID: HKU\S-1-5-21-3399307451-3074549587-1771456082-1000_Classes\CLSID\{59B55F04-DE14-4BB8-92FF-C4A22EF2E5F4}\InprocServer32 -> C:\Users\psimoes\AppData\Local\Google\Update\1.3.31.5\psuser.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-3399307451-3074549587-1771456082-1000_Classes\CLSID\{5C8C2A98-6133-4EBA-BBCC-34D9EA01FC2E}\InprocServer32 -> C:\Users\psimoes\AppData\Local\Google\Update\1.3.28.1\psuser.dll => No File
CustomCLSID: HKU\S-1-5-21-3399307451-3074549587-1771456082-1000_Classes\CLSID\{5E71E4F3-E8C7-4906-9626-973E418762B6}\InprocServer32 -> C:\Users\psimoes\AppData\Local\Facebook\Update\1.2.205.0\goopdate.dll (Facebook Inc.)
CustomCLSID: HKU\S-1-5-21-3399307451-3074549587-1771456082-1000_Classes\CLSID\{62A0D750-DED9-448C-B693-406B34BB0892}\InprocServer32 -> C:\Users\psimoes\AppData\Local\Google\Update\1.3.21.145\psuser.dll => No File
CustomCLSID: HKU\S-1-5-21-3399307451-3074549587-1771456082-1000_Classes\CLSID\{634059C0-D264-4B2C-AE80-F73E48D33E5B}\InprocServer32 -> C:\Users\psimoes\AppData\Local\Google\Update\1.3.21.123\psuser.dll => No File
CustomCLSID: HKU\S-1-5-21-3399307451-3074549587-1771456082-1000_Classes\CLSID\{672CDBDB-0270-4EB9-83EC-216377522D21}\InprocServer32 -> C:\Windows\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3399307451-3074549587-1771456082-1000_Classes\CLSID\{6D7374DE-63AA-473C-8C02-60D9CDCD84C5}\InprocServer32 -> C:\Users\psimoes\AppData\Local\Google\Update\1.3.21.153\psuser.dll => No File
CustomCLSID: HKU\S-1-5-21-3399307451-3074549587-1771456082-1000_Classes\CLSID\{78550997-5DEF-4A8A-BAF9-D5774E87AC98}\InprocServer32 -> C:\Users\psimoes\AppData\Local\Google\Update\1.3.28.13\psuser.dll => No File
CustomCLSID: HKU\S-1-5-21-3399307451-3074549587-1771456082-1000_Classes\CLSID\{793EE463-1304-471C-ADF1-68C2FFB01247}\InprocServer32 -> C:\Users\psimoes\AppData\Local\Google\Update\1.3.29.5\psuser.dll => No File
CustomCLSID: HKU\S-1-5-21-3399307451-3074549587-1771456082-1000_Classes\CLSID\{841BFDCA-6A9A-4EBC-BC7E-194AA5DCE428}\InprocServer32 -> C:\Windows\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3399307451-3074549587-1771456082-1000_Classes\CLSID\{84B5A313-CD5D-4904-8BA2-AFDC81C1B309}\InprocServer32 -> C:\Program Files\Citrix\GoToMeeting\3880\G2MOutlookAddin.dll (Citrix Online, a division of Citrix Systems, Inc.)
CustomCLSID: HKU\S-1-5-21-3399307451-3074549587-1771456082-1000_Classes\CLSID\{8B9F5BF4-0407-4BB2-9FED-4C0372DABD00}\localserver32 -> C:\Users\psimoes\AppData\Local\Facebook\Video\Skype\FacebookVideoCallingProxy.exe (Skype Limited)
CustomCLSID: HKU\S-1-5-21-3399307451-3074549587-1771456082-1000_Classes\CLSID\{90B3DFBF-AF6A-4EA0-8899-F332194690F8}\InprocServer32 -> C:\Users\psimoes\AppData\Local\Google\Update\1.3.24.15\psuser.dll => No File
CustomCLSID: HKU\S-1-5-21-3399307451-3074549587-1771456082-1000_Classes\CLSID\{91EFB276-CEFE-48EC-BB3A-57795A7B4008}\InprocServer32 -> C:\Users\psimoes\AppData\Local\Google\Update\1.3.21.149\psuser.dll => No File
CustomCLSID: HKU\S-1-5-21-3399307451-3074549587-1771456082-1000_Classes\CLSID\{A45426FB-E444-42B2-AA56-419F8FBEEC61}\InprocServer32 -> C:\Users\psimoes\AppData\Local\Google\Update\1.3.22.3\psuser.dll => No File
CustomCLSID: HKU\S-1-5-21-3399307451-3074549587-1771456082-1000_Classes\CLSID\{A4EEBF66-92EB-4F2A-9F1E-2F6D14B30DA6}\InprocServer32 -> no filepath
CustomCLSID: HKU\S-1-5-21-3399307451-3074549587-1771456082-1000_Classes\CLSID\{A54D478D-4F70-4F72-9A74-17C9986E35AB}\InprocServer32 -> C:\Users\psimoes\AppData\Local\Google\Update\1.3.21.165\psuser.dll => No File
CustomCLSID: HKU\S-1-5-21-3399307451-3074549587-1771456082-1000_Classes\CLSID\{AB9F4455-E591-4132-A386-0B91EAEDB96C}\InprocServer32 -> C:\Users\psimoes\AppData\Local\Google\Google Talk Plugin\o1dax.dll (Google)
CustomCLSID: HKU\S-1-5-21-3399307451-3074549587-1771456082-1000_Classes\CLSID\{C3101A8B-0EE1-4612-BFE9-41FFC1A3C19D}\InprocServer32 -> C:\Users\psimoes\AppData\Local\Google\Update\1.3.31.5\npGoogleUpdate3.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-3399307451-3074549587-1771456082-1000_Classes\CLSID\{C3BC25C0-FCD3-4F01-AFDD-41373F017C9A}\InprocServer32 -> C:\Users\psimoes\AppData\Local\Google\Update\1.3.26.9\psuser.dll => No File
CustomCLSID: HKU\S-1-5-21-3399307451-3074549587-1771456082-1000_Classes\CLSID\{C442AC41-9200-4770-8CC0-7CDB4F245C55}\InprocServer32 -> C:\Users\psimoes\AppData\Local\Google\Update\1.3.31.5\npGoogleUpdate3.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-3399307451-3074549587-1771456082-1000_Classes\CLSID\{C5A2122B-A05B-4FD8-AE49-91990AE10998}\InprocServer32 -> no filepath
CustomCLSID: HKU\S-1-5-21-3399307451-3074549587-1771456082-1000_Classes\CLSID\{CBE9C57E-FFA9-4123-8354-AD360D6DD3CC}\InprocServer32 -> C:\Users\psimoes\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll (Skype Limited)
CustomCLSID: HKU\S-1-5-21-3399307451-3074549587-1771456082-1000_Classes\CLSID\{CC182BE1-84CE-4A57-B85C-FD4BBDF78CB2}\InprocServer32 -> C:\Users\psimoes\AppData\Local\Google\Update\1.3.29.1\psuser.dll => No File
CustomCLSID: HKU\S-1-5-21-3399307451-3074549587-1771456082-1000_Classes\CLSID\{D0336C0B-7919-4C04-8CCE-2EBAE2ECE8C9}\InprocServer32 -> C:\Users\psimoes\AppData\Local\Google\Update\1.3.25.11\psuser.dll => No File
CustomCLSID: HKU\S-1-5-21-3399307451-3074549587-1771456082-1000_Classes\CLSID\{D0D38C6E-BF64-4C42-840D-3E0019D9F7A6}\InprocServer32 -> no filepath
CustomCLSID: HKU\S-1-5-21-3399307451-3074549587-1771456082-1000_Classes\CLSID\{D1EDC4F5-7F4D-4B12-906A-614ECF66DDAF}\InprocServer32 -> C:\Users\psimoes\AppData\Local\Google\Update\1.3.28.15\psuser.dll => No File
CustomCLSID: HKU\S-1-5-21-3399307451-3074549587-1771456082-1000_Classes\CLSID\{D9144DCD-E998-4ECA-AB6A-DCD83CCBA16D}\InprocServer32 -> no filepath
CustomCLSID: HKU\S-1-5-21-3399307451-3074549587-1771456082-1000_Classes\CLSID\{DB25D157-76D4-41C1-97B5-359E4A4CECEB}\InprocServer32 -> no filepath
CustomCLSID: HKU\S-1-5-21-3399307451-3074549587-1771456082-1000_Classes\CLSID\{E5F07F0E-C4AE-4AA8-AE7E-FC3DB683977E}\InprocServer32 -> no filepath
CustomCLSID: HKU\S-1-5-21-3399307451-3074549587-1771456082-1000_Classes\CLSID\{E67BE843-BBBE-4484-95FB-05271AE86750}\localserver32 -> C:\Users\psimoes\AppData\Local\Google\Update\1.3.31.5\GoogleUpdateOnDemand.exe (Google Inc.)
CustomCLSID: HKU\S-1-5-21-3399307451-3074549587-1771456082-1000_Classes\CLSID\{E8CF3E55-F919-49D9-ABC0-948E6CB34B9F}\InprocServer32 -> C:\Users\psimoes\AppData\Local\Google\Update\1.3.31.5\psuser.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-3399307451-3074549587-1771456082-1000_Classes\CLSID\{EB06378B-ABB6-4B3C-9B40-D488DD8A6E93}\InprocServer32 -> C:\Users\psimoes\AppData\Local\Google\Update\1.3.22.5\psuser.dll => No File
CustomCLSID: HKU\S-1-5-21-3399307451-3074549587-1771456082-1000_Classes\CLSID\{FB994D36-B312-46CE-A40B-CF63980641F9}\InprocServer32 -> no filepath
CustomCLSID: HKU\S-1-5-21-3399307451-3074549587-1771456082-1000_Classes\CLSID\{FE498BAB-CB4C-4F88-AC3F-3641AAAF5E9E}\InprocServer32 -> C:\Users\psimoes\AppData\Local\Google\Update\1.3.24.7\psuser.dll => No File

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {0D161987-AD10-4D61-B6AF-08F1AF26C734} - System32\Tasks\Microsoft\Windows Defender\MP Scheduled Signature Update => c:\program files\windows defender\MpCmdRun.exe [2008-01-20] (Microsoft Corporation)
Task: {10F2238D-1EFD-497B-9F82-2ED7F4C95DD0} - System32\Tasks\FacebookUpdateTaskUserS-1-5-21-3399307451-3074549587-1771456082-1000UA => C:\Users\psimoes\AppData\Local\Facebook\Update\FacebookUpdate.exe [2012-07-11] (Facebook Inc.)
Task: {19B6ADC6-F3BD-4A45-9CB2-9DC80C9BA1F5} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files\Google\Update\GoogleUpdate.exe [2015-08-28] (Google Inc.)
Task: {1B2D5FC3-FD37-4F6B-B75D-92A79188796E} - System32\Tasks\PCMAgent.exe_1826580705 => C:\Program Files\CyberLink\PowerCinema for TOSHIBA\PCMAgent.exe [2007-12-13] (CyberLink Corp.)
Task: {35DA24BC-4BEA-4952-9DA5-B76E941F8DC9} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2015-12-13] (Adobe Systems Incorporated)
Task: {363B5A23-E3F2-4920-96D6-0FE18DF74777} - System32\Tasks\SafeZone scheduled Autoupdate 1464051125 => C:\Program Files\AVAST Software\SZBrowser\launcher.exe
Task: {3921AC9D-4361-4ECB-8B8E-644734DC37D7} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2015-09-16] (Piriform Ltd)
Task: {5255BE42-F960-4D14-B4BD-AC20C3743812} - System32\Tasks\CrystalDiskInfo => C:\Users\psimoes\Desktop\AntiV\CrystalDiskInfo6_2_2\DiskInfo.exe [2014-12-19] (Crystal Dew World)
Task: {5409B770-4508-4CB0-A052-26CAB9E4B9FA} - System32\Tasks\Opera scheduled Autoupdate 1382066025 => C:\Program Files\Opera\launcher.exe [2016-08-05] (Opera Software)
Task: {59C50FF3-0D3B-4CC6-BCBF-2D74EC3778AA} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-3399307451-3074549587-1771456082-1000UA => C:\Users\psimoes\AppData\Local\Google\Update\GoogleUpdate.exe [2015-08-30] (Google Inc.)
Task: {605400B6-8685-48B6-A6B9-A8C5529FC843} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files\Google\Update\GoogleUpdate.exe [2015-08-28] (Google Inc.)
Task: {81E48EDE-D2AC-4A54-B5A4-CAC8152C6D87} - System32\Tasks\FacebookUpdateTaskUserS-1-5-21-3399307451-3074549587-1771456082-1000Core => C:\Users\psimoes\AppData\Local\Facebook\Update\FacebookUpdate.exe [2012-07-11] (Facebook Inc.)
Task: {914710E2-0A42-44A6-AFA4-A6D7EAEDF898} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2016-11-08] (Adobe Systems Incorporated)
Task: {954E1E94-94FD-420B-9725-623FAB68F590} - System32\Tasks\{C074CB77-8752-4695-819D-DF00F7AAE9A6} => Chrome.exe hxxp://ui.skype.com/ui/0/6.18.59.106/en/abandoninstall?page=tsMain
Task: {9C8D6C2E-DF0E-4E97-BBB6-2A797D3B3BC4} - System32\Tasks\SafeZone scheduled Autoupdate 1458652480 => C:\Program Files\AVAST Software\SZBrowser\launcher.exe
Task: {A879EAD0-908D-481B-A17F-06FDB1F79C50} - System32\Tasks\{EB5A17F7-59B1-4914-80F9-8981CBF7FF0B} => C:\Program Files\Gizmo\gizmo.exe [2011-07-02] (Arainia Solutions)
Task: {B52E95C6-0FEB-457F-A518-4DE31303C9AF} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-3399307451-3074549587-1771456082-1000Core => C:\Users\psimoes\AppData\Local\Google\Update\GoogleUpdate.exe [2015-08-30] (Google Inc.)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3399307451-3074549587-1771456082-1000Core.job => C:\Users\psimoes\AppData\Local\Facebook\Update\FacebookUpdate.exe
Task: C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3399307451-3074549587-1771456082-1000UA.job => C:\Users\psimoes\AppData\Local\Facebook\Update\FacebookUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3399307451-3074549587-1771456082-1000Core.job => C:\Users\psimoes\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3399307451-3074549587-1771456082-1000UA.job => C:\Users\psimoes\AppData\Local\Google\Update\GoogleUpdate.exe

==================== Shortcuts =============================

(The entries could be listed to be restored or removed.)

Shortcut: C:\Users\psimoes\Favorites\NCH Software Download Site.lnk -> hxxp://www.nchsoftware.com/index.html
Shortcut: C:\Users\psimoes\Favorites\NCH Software Download.lnk -> hxxp://www.nchsoftware.com/index.html

ShortcutWithArgument: C:\Users\psimoes\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Send Anywhere (File Transfer).lnk -> C:\Program Files\Google\Chrome\Application\chrome.exe (Google Inc.) -> --profile-directory=Default --app-id=hihbikoooaenkpdooehgemieligjejcb
ShortcutWithArgument: C:\Users\psimoes\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\StartPage Search Engine.lnk -> C:\Program Files\Google\Chrome\Application\chrome.exe (Google Inc.) -> --profile-directory=Default --app-id=choepknhbopmendmnohbaemeaeemnaom

==================== Loaded Modules (Whitelisted) ==============

2013-06-27 00:10 - 2012-02-23 14:57 - 00022944 _____ () C:\Program Files\Belkin\Router Setup and Monitor\BelkinServicePS.dll
2014-10-18 17:39 - 2014-08-21 10:23 - 00270040 _____ () C:\Program Files\AOMEI Backupper Standard Edition 2.0.2\UiLogic.dll
2014-10-18 17:39 - 2014-08-21 10:22 - 00229080 _____ () C:\Program Files\AOMEI Backupper Standard Edition 2.0.2\diskmgr.dll
2014-10-18 17:39 - 2014-08-21 10:22 - 00265944 _____ () C:\Program Files\AOMEI Backupper Standard Edition 2.0.2\Comn.dll
2014-10-18 17:39 - 2014-08-21 10:23 - 00077528 _____ () C:\Program Files\AOMEI Backupper Standard Edition 2.0.2\Ldm.dll
2014-10-18 17:39 - 2014-08-21 10:22 - 00061144 _____ () C:\Program Files\AOMEI Backupper Standard Edition 2.0.2\Device.dll
2014-10-18 17:39 - 2014-08-21 10:22 - 00257752 _____ () C:\Program Files\AOMEI Backupper Standard Edition 2.0.2\BrFat.dll
2014-10-18 17:39 - 2014-08-21 10:22 - 00376536 _____ () C:\Program Files\AOMEI Backupper Standard Edition 2.0.2\BrNtfs.dll
2014-10-18 17:39 - 2014-08-21 10:22 - 00106200 _____ () C:\Program Files\AOMEI Backupper Standard Edition 2.0.2\FuncLogic.dll
2014-10-18 17:39 - 2014-08-21 10:22 - 00233176 _____ () C:\Program Files\AOMEI Backupper Standard Edition 2.0.2\Clone.dll
2014-10-18 17:39 - 2014-08-21 10:23 - 00335576 _____ () C:\Program Files\AOMEI Backupper Standard Edition 2.0.2\ImgFile.dll
2014-10-18 17:39 - 2014-08-21 10:22 - 00028376 _____ () C:\Program Files\AOMEI Backupper Standard Edition 2.0.2\Encrypt.dll
2014-10-18 17:39 - 2014-08-21 10:22 - 00073432 _____ () C:\Program Files\AOMEI Backupper Standard Edition 2.0.2\Compress.dll
2014-10-18 17:39 - 2014-08-21 10:22 - 00093912 _____ () C:\Program Files\AOMEI Backupper Standard Edition 2.0.2\BrVol.dll
2014-10-18 17:39 - 2014-08-21 10:22 - 00188120 _____ () C:\Program Files\AOMEI Backupper Standard Edition 2.0.2\GptBcd.dll
2014-10-18 17:39 - 2014-08-21 10:22 - 00147160 _____ () C:\Program Files\AOMEI Backupper Standard Edition 2.0.2\FlBackup.dll
2014-10-18 17:39 - 2014-08-21 10:22 - 00478936 _____ () C:\Program Files\AOMEI Backupper Standard Edition 2.0.2\EnumFolder.dll
2014-10-18 17:39 - 2014-08-21 10:22 - 00102104 _____ () C:\Program Files\AOMEI Backupper Standard Edition 2.0.2\Backup.dll
2014-10-18 17:39 - 2014-08-21 10:22 - 00098008 _____ () C:\Program Files\AOMEI Backupper Standard Edition 2.0.2\BrLog.dll
2014-10-18 17:39 - 2013-01-17 16:38 - 02403504 _____ () C:\Program Files\AOMEI Backupper Standard Edition 2.0.2\QtCore4.dll
2013-06-27 00:11 - 2011-04-19 15:29 - 00152576 _____ () C:\Program Files\Belkin\Belkin USB Print and Storage Center\BkBackupScheduler.exe
2013-06-27 00:11 - 2010-02-09 14:55 - 00049152 _____ () C:\Program Files\Belkin\Belkin USB Print and Storage Center\Bkapcs.exe
2015-12-15 12:17 - 2015-12-15 12:17 - 00618544 _____ () C:\Program Files\Panda Security\Panda Security Protection\SQLite3.dll
2013-10-17 14:27 - 2013-10-17 14:27 - 00166912 _____ () C:\Program Files\HTC\Internet Pass-Through\PassThruSvr.exe
2008-02-12 21:22 - 2007-01-25 21:47 - 00136816 _____ () C:\Toshiba\IVP\ISM\pinger.exe
2008-02-12 21:22 - 2007-10-23 19:27 - 00066928 _____ () c:\Toshiba\IVP\swupdate\swupdtmr.exe
2008-01-30 18:30 - 2008-01-30 18:30 - 00159744 _____ () C:\Windows\system32\atitmmxx.dll
2011-07-02 10:00 - 2011-07-02 10:00 - 00059304 _____ () C:\Program Files\Gizmo\gshell.dll
2013-06-27 00:11 - 2011-04-19 15:29 - 00132608 _____ () C:\Program Files\Belkin\Belkin USB Print and Storage Center\BkLocalBackup.dll
2009-02-16 02:43 - 2007-06-05 19:42 - 00094208 _____ () C:\Program Files\TrueSuite Access Manager\usbnotify.exe
2013-06-27 00:10 - 2010-08-22 19:01 - 00325632 _____ () C:\Program Files\Belkin\Router Setup and Monitor\QtXml4.dll
2013-06-27 00:10 - 2010-08-22 19:01 - 01954304 _____ () C:\Program Files\Belkin\Router Setup and Monitor\QtCore4.dll
2013-06-27 00:10 - 2010-08-22 19:01 - 07187456 _____ () C:\Program Files\Belkin\Router Setup and Monitor\QtGui4.dll
2013-06-27 00:10 - 2010-08-22 19:01 - 00847360 _____ () C:\Program Files\Belkin\Router Setup and Monitor\QtNetwork4.dll
2013-06-27 00:10 - 2010-08-22 18:32 - 00119808 _____ () C:\Program Files\Belkin\Router Setup and Monitor\imageformats\qjpeg4.dll
2008-02-12 21:13 - 2008-01-29 19:00 - 00430080 _____ () C:\Program Files\Toshiba\TOSCDSPD\TOSCDSPD.exe
2013-06-27 00:10 - 2012-02-23 14:19 - 00669696 _____ () C:\Program Files\Belkin\Router Setup and Monitor\gateways\GenericBelkinGatewayLOC.dll
2007-12-12 15:46 - 2007-12-12 15:46 - 00016384 ____R () C:\Program Files\ATI Technologies\ATI.ACE\Branding\Branding.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)

AlternateDataStreams: C:\Windows\notepad.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\basesrv.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\cewmdm.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\clfs.sys:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\clfsw32.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\comctl32.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\corpol.dll:$CmdTcID [130]
AlternateDataStreams: C:\Windows\system32\dxmasf.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\dxtmsft.dll:$CmdTcID [130]
AlternateDataStreams: C:\Windows\system32\dxtrans.dll:$CmdTcID [130]
AlternateDataStreams: C:\Windows\system32\emdmgmt.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\ie4uinit.exe:$CmdTcID [130]
AlternateDataStreams: C:\Windows\system32\iedkcs32.dll:$CmdTcID [130]
AlternateDataStreams: C:\Windows\system32\ieframe.dll:$CmdTcID [130]
AlternateDataStreams: C:\Windows\system32\iepeers.dll:$CmdTcID [130]
AlternateDataStreams: C:\Windows\system32\iernonce.dll:$CmdTcID [130]
AlternateDataStreams: C:\Windows\system32\iertutil.dll:$CmdTcID [130]
AlternateDataStreams: C:\Windows\system32\iesetup.dll:$CmdTcID [130]
AlternateDataStreams: C:\Windows\system32\iesysprep.dll:$CmdTcID [130]
AlternateDataStreams: C:\Windows\system32\ieui.dll:$CmdTcID [130]
AlternateDataStreams: C:\Windows\system32\ieUnatt.exe:$CmdTcID [130]
AlternateDataStreams: C:\Windows\system32\inetcpl.cpl:$CmdTcID [130]
AlternateDataStreams: C:\Windows\system32\jsproxy.dll:$CmdTcID [130]
AlternateDataStreams: C:\Windows\system32\licmgr10.dll:$CmdTcID [130]
AlternateDataStreams: C:\Windows\system32\msctf.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\msdxm.ocx:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\msfeeds.dll:$CmdTcID [130]
AlternateDataStreams: C:\Windows\system32\msfeedsbs.dll:$CmdTcID [130]
AlternateDataStreams: C:\Windows\system32\msfeedssync.exe:$CmdTcID [130]
AlternateDataStreams: C:\Windows\system32\mshtml.dll:$CmdTcID [130]
AlternateDataStreams: C:\Windows\system32\mshtmled.dll:$CmdTcID [130]
AlternateDataStreams: C:\Windows\system32\msi.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\msiexec.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\msmmsp.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\mstime.dll:$CmdTcID [130]
AlternateDataStreams: C:\Windows\system32\mstscax.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\msv1_0.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\ncsi.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\nlaapi.dll:$CmdTcID [130]
AlternateDataStreams: C:\Windows\system32\nlasvc.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\notepad.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\occache.dll:$CmdTcID [130]
AlternateDataStreams: C:\Windows\system32\PresentationCFFRasterizerNative_v0300.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\profsvc.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\scesrv.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\services.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\spwmp.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\url.dll:$CmdTcID [130]
AlternateDataStreams: C:\Windows\system32\urlmon.dll:$CmdTcID [130]
AlternateDataStreams: C:\Windows\system32\vbscript.dll:$CmdTcID [130]
AlternateDataStreams: C:\Windows\system32\WebClnt.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\WindowsCodecs.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\wininet.dll:$CmdTcID [130]
AlternateDataStreams: C:\Windows\system32\wmp.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\WMPhoto.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\wmploc.DLL:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\Drivers\ecache.sys:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\Drivers\mountmgr.sys:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\Drivers\mrxsmb.sys:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\Drivers\mrxsmb10.sys:$CmdTcID [130]
AlternateDataStreams: C:\Windows\system32\Drivers\mrxsmb20.sys:$CmdTcID [64]
AlternateDataStreams: C:\ProgramData\TEMP:56AC8DD1 [364]
AlternateDataStreams: C:\ProgramData\TEMP:5C321E34 [118]
AlternateDataStreams: C:\Users\psimoes\Downloads\39F2.tmp:$CmdTcID [64]

==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" value will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\NanoServiceMain => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PSUAService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\NanoServiceMain => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\PSUAService => ""="Service"

==================== Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)

HKLM\...\cmdfile\DefaultIcon: %SystemRoot%\System32\imageres.dll,-68 <===== ATTENTION

==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)

IE restricted site: HKU\S-1-5-21-3399307451-3074549587-1771456082-1000\...\008i.com -> 008i.com
IE restricted site: HKU\S-1-5-21-3399307451-3074549587-1771456082-1000\...\008k.com -> 008k.com
IE restricted site: HKU\S-1-5-21-3399307451-3074549587-1771456082-1000\...\00hq.com -> 00hq.com
IE restricted site: HKU\S-1-5-21-3399307451-3074549587-1771456082-1000\...\0190-dialers.com -> 0190-dialers.com
IE restricted site: HKU\S-1-5-21-3399307451-3074549587-1771456082-1000\...\01i.info -> 01i.info
IE restricted site: HKU\S-1-5-21-3399307451-3074549587-1771456082-1000\...\02pmnzy5eo29bfk4.com -> 02pmnzy5eo29bfk4.com
IE restricted site: HKU\S-1-5-21-3399307451-3074549587-1771456082-1000\...\05p.com -> 05p.com
IE restricted site: HKU\S-1-5-21-3399307451-3074549587-1771456082-1000\...\07ic5do2myz3vzpk.com -> 07ic5do2myz3vzpk.com
IE restricted site: HKU\S-1-5-21-3399307451-3074549587-1771456082-1000\...\08nigbmwk43i01y6.com -> 08nigbmwk43i01y6.com
IE restricted site: HKU\S-1-5-21-3399307451-3074549587-1771456082-1000\...\093qpeuqpmz6ebfa.com -> 093qpeuqpmz6ebfa.com
IE restricted site: HKU\S-1-5-21-3399307451-3074549587-1771456082-1000\...\0calories.net -> 0calories.net
IE restricted site: HKU\S-1-5-21-3399307451-3074549587-1771456082-1000\...\0cj.net -> 0cj.net
IE restricted site: HKU\S-1-5-21-3399307451-3074549587-1771456082-1000\...\0scan.com -> 0scan.com
IE restricted site: HKU\S-1-5-21-3399307451-3074549587-1771456082-1000\...\1-britney-spears-nude.com -> 1-britney-spears-nude.com
IE restricted site: HKU\S-1-5-21-3399307451-3074549587-1771456082-1000\...\1-domains-registrations.com -> 1-domains-registrations.com
IE restricted site: HKU\S-1-5-21-3399307451-3074549587-1771456082-1000\...\1-se.com -> 1-se.com
IE restricted site: HKU\S-1-5-21-3399307451-3074549587-1771456082-1000\...\1001movie.com -> 1001movie.com
IE restricted site: HKU\S-1-5-21-3399307451-3074549587-1771456082-1000\...\1001night.biz -> 1001night.biz
IE restricted site: HKU\S-1-5-21-3399307451-3074549587-1771456082-1000\...\100gal.net -> 100gal.net
IE restricted site: HKU\S-1-5-21-3399307451-3074549587-1771456082-1000\...\100sexlinks.com -> 100sexlinks.com

There are 4928 more sites.


==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2015-08-30 23:16 - 2016-09-28 17:30 - 00000027 ____A C:\Windows\system32\Drivers\etc\hosts

127.0.0.1 localhost

==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-3399307451-3074549587-1771456082-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\Public\Pictures\Sample Pictures\1Tomorrow.Is.Too.Late_3840x2160.jpg
DNS Servers: 192.168.2.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 2) (ConsentPromptBehaviorUser: 1) (EnableLUA: 1)
Windows Firewall is disabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

MSCONFIG\startupfolder: C:^Users^psimoes^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^MagicDisc.lnk => C:\Windows\pss\MagicDisc.lnk.Startup
MSCONFIG\startupfolder: C:^Users^psimoes^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OneNote 2007 Screen Clipper and Launcher.lnk => C:\Windows\pss\OneNote 2007 Screen Clipper and Launcher.lnk.Startup
MSCONFIG\startupreg: APSDaemon => "C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe"
MSCONFIG\startupreg: CLMLServer => "C:\Program Files\CyberLink\PowerCinema for TOSHIBA\Kernel\CLML\CLMLSvc.exe"
MSCONFIG\startupreg: Facebook Update => "C:\Users\psimoes\AppData\Local\Facebook\Update\FacebookUpdate.exe" /c /nocrashserver
MSCONFIG\startupreg: GizmoDriveDelegate => "C:\Program Files\Gizmo\gizmo.exe" /RemountStartupImages
MSCONFIG\startupreg: Google Desktop Search => "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
MSCONFIG\startupreg: GrooveMonitor => "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
MSCONFIG\startupreg: iTunesHelper => "C:\Program Files\iTunes\iTunesHelper.exe"
MSCONFIG\startupreg: PCMAgent => "C:\Program Files\CyberLink\PowerCinema for TOSHIBA\PCMAgent.exe"
MSCONFIG\startupreg: QuickTime Task => "C:\Program Files\QuickTime\QTTask.exe" -atboottime

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [WMP-In-UDP-x86] => (Allow) %ProgramFiles(x86)%\Windows Media Player\wmplayer.exe
FirewallRules: [WMP-Out-UDP-x86] => (Allow) %ProgramFiles(x86)%\Windows Media Player\wmplayer.exe
FirewallRules: [WMP-Out-TCP-x86] => (Allow) %ProgramFiles(x86)%\Windows Media Player\wmplayer.exe
FirewallRules: [{E926E57D-011D-4F63-BCC5-FFCFDC28D091}] => (Allow) %ProgramFiles(x86)%\Windows Media Player\wmplayer.exe
FirewallRules: [{CE504808-152F-4073-8BB9-0F8E7C4D30C6}] => (Allow) %ProgramFiles(x86)%\Windows Media Player\wmplayer.exe
FirewallRules: [{AB3FBA72-52C3-4476-9A38-230DBE05659B}] => (Allow) %ProgramFiles(x86)%\Windows Media Player\wmplayer.exe
FirewallRules: [{4E4E1545-348C-4603-9D75-690DB6DB8EFE}] => (Allow) C:\Program Files\CyberLink\PowerCinema for TOSHIBA\PowerCinema.exe
FirewallRules: [TCP Query User{F4071B34-7CFE-4C17-8437-9596C2C381C9}F:\skype portable\skypeportable\app\skype\phone\skype.exe] => (Allow) F:\skype portable\skypeportable\app\skype\phone\skype.exe
FirewallRules: [UDP Query User{C24E18F8-5581-4198-9A10-66E035373D8D}F:\skype portable\skypeportable\app\skype\phone\skype.exe] => (Allow) F:\skype portable\skypeportable\app\skype\phone\skype.exe
FirewallRules: [{5508EC15-FC59-414B-8296-BE6CEB28AA30}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{053EDA5A-BA5B-43E6-A9CA-47A951F9B941}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{2D3E087C-8E81-4F1B-9559-1DF3121BB6E8}] => (Allow) C:\Program Files\iTunes\iTunes.exe
FirewallRules: [{BC17EFD5-CC08-478F-88B7-00647D78E267}] => (Allow) C:\Program Files\Opera\opera.exe
FirewallRules: [{749477DC-40E0-424C-BF2C-5D11AE5B4F0D}] => (Allow) C:\Program Files\Opera\opera.exe
FirewallRules: [{CE0CD43E-FC3E-4C81-BE78-9ADA48A2EBE7}] => (Allow) LPort=80
FirewallRules: [{DFC70C83-5301-4E07-A711-4F82ADCDB041}] => (Allow) LPort=80
FirewallRules: [{A8F0510A-B6F8-4D99-BB31-973A34F75DC8}] => (Allow) LPort=80
FirewallRules: [{06C8BCEC-FA06-4186-8424-6B4118527424}] => (Allow) C:\Program Files\Windows Live\Contacts\wlcomm.exe
FirewallRules: [{644FAB9F-7CF4-4784-97A7-83EBAA0C4D93}] => (Allow) LPort=2869
FirewallRules: [{EDC55D5F-2A85-447D-9AC6-CBFFA164070A}] => (Allow) LPort=1900
FirewallRules: [{1CED6313-6CFF-400E-9659-877A765C3577}] => (Allow) C:\Program Files\Windows Live\Messenger\msnmsgr.exe
FirewallRules: [{8597E2F7-901E-431F-B328-8B45BBF3ED9B}] => (Allow) C:\Users\psimoes\AppData\Local\Facebook\Video\Skype\FacebookVideoCalling.exe
FirewallRules: [{ED520E14-A907-4B64-BE11-43A136ED8F34}] => (Allow) C:\Program Files\Opera\pluginwrapper\opera_plugin_wrapper.exe
FirewallRules: [{5539EF35-A53F-4D74-85F7-7F9B1980CE2E}] => (Allow) C:\Program Files\Opera\pluginwrapper\opera_plugin_wrapper.exe
FirewallRules: [{E9CE9526-4F2B-4E3C-9AD3-BEE1281232E5}] => (Allow) C:\Program Files\Skype\Phone\Skype.exe
FirewallRules: [PotPlayer(PotPlayerMini.exe)] => (Allow) C:\Program Files\Daum\PotPlayer\PotPlayerMini.exe
FirewallRules: [{0517A223-3585-4C97-8C65-922E353A488A}] => (Allow) C:\Program Files\Daum\PotPlayer\PotPlayerMini.exe
FirewallRules: [{7D2FD514-A4E5-4CC9-B468-F507562E3D6D}] => (Allow) C:\Program Files\Opera\opera.exe
FirewallRules: [{03DDC0C0-C324-4C65-807F-D5ACCAB8C97B}] => (Allow) C:\Program Files\Opera\opera.exe
FirewallRules: [{3BE1ADE1-9FCF-4C6E-B2C3-B9CDC8CF02C1}] => (Allow) C:\Program Files\Common Files\Apple\Apple Application Support\WebKit2WebProcess.exe
FirewallRules: [{10DC4ED3-16BD-4AD4-A0C9-A217494AADD6}] => (Allow) C:\Program Files\Belkin\Router Setup and Monitor\BelkinSetup.exe
FirewallRules: [{A50038B0-7B94-4AEF-90BB-920797496DE5}] => (Allow) C:\Program Files\Belkin\Router Setup and Monitor\BelkinSetup.exe
FirewallRules: [{0C879E00-0487-46AE-AA4A-55CC42C8B88F}] => (Allow) C:\Program Files\Belkin\Router Setup and Monitor\BelkinSetup.exe
FirewallRules: [{E592995F-5041-4BE4-98AD-FD51147C132D}] => (Allow) C:\Program Files\Belkin\Router Setup and Monitor\BelkinSetup.exe
FirewallRules: [{99CAAAC5-6302-481A-8ADD-8F14FE4F07BD}] => (Allow) C:\Program Files\Belkin\Router Setup and Monitor\BelkinSetup.exe
FirewallRules: [{DDEFB12B-09E9-40CC-A6AB-B0D4BD757C77}] => (Allow) C:\Program Files\Belkin\Belkin USB Print and Storage Center\Connect.exe
FirewallRules: [{CB24E490-CDFA-41FF-8A07-29998C85F70A}] => (Allow) LPort=19540
FirewallRules: [{9F5B6F3B-419F-4F3A-A35D-0D9DEE60E0A5}] => (Allow) C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
FirewallRules: [{BB7189C2-1967-4289-9AE7-08BF8A54A0EE}] => (Allow) C:\Users\psimoes\AppData\Roaming\mjusbsp\magicJack.exe
FirewallRules: [{F22DB67E-0353-4D2A-A88A-15C75CB30662}] => (Allow) C:\Users\psimoes\AppData\Roaming\mjusbsp\magicJack.exe
FirewallRules: [WinCollab-Out-UDP] => (Allow) %ProgramFiles%\Windows Collaboration\WinCollab.exe
FirewallRules: [WinCollab-In-UDP] => (Allow) %ProgramFiles%\Windows Collaboration\WinCollab.exe
FirewallRules: [WinCollab-Out-TCP] => (Allow) %ProgramFiles%\Windows Collaboration\WinCollab.exe
FirewallRules: [WinCollab-In-TCP] => (Allow) %ProgramFiles%\Windows Collaboration\WinCollab.exe
FirewallRules: [WinCollab-DFSR-Out-TCP] => (Allow) %SystemRoot%\system32\dfsr.exe
FirewallRules: [WinCollab-DFSR-In-TCP] => (Allow) %SystemRoot%\system32\dfsr.exe
FirewallRules: [WMPNSS-WMP-Out-TCP-x86] => (Allow) %ProgramFiles(x86)%\Windows Media Player\wmplayer.exe
FirewallRules: [WMPNSS-WMP-Out-UDP-x86] => (Allow) %ProgramFiles(x86)%\Windows Media Player\wmplayer.exe
FirewallRules: [WMPNSS-WMP-In-UDP-x86] => (Allow) %ProgramFiles(x86)%\Windows Media Player\wmplayer.exe
FirewallRules: [WMPNSS-WMP-Out-TCP-NoScope-x86] => (Allow) %ProgramFiles(x86)%\Windows Media Player\wmplayer.exe
FirewallRules: [WMPNSS-WMP-Out-UDP-NoScope-x86] => (Allow) %ProgramFiles(x86)%\Windows Media Player\wmplayer.exe
FirewallRules: [WMPNSS-WMP-In-UDP-NoScope-x86] => (Allow) %ProgramFiles(x86)%\Windows Media Player\wmplayer.exe
FirewallRules: [{7B0956BD-F3D2-483D-B46D-8A8571258DC6}] => (Allow) LPort=80
FirewallRules: [{8AB470CC-8166-471A-8F5F-8CF24CBF9CE7}] => (Allow) LPort=80
FirewallRules: [{E72885C9-C635-4DBF-9775-C607C77F0F91}] => (Allow) LPort=80
FirewallRules: [{8DDDFC3C-8BDF-4BBA-9891-3A893B64887F}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe
FirewallRules: [{1E25327B-000E-445D-A5AE-51F32002A261}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe
FirewallRules: [{9347CC66-D564-4AC1-B23C-48C894338A7C}] => (Allow) C:\Program Files\Google\Chrome\Application\chrome.exe
FirewallRules: [{87104172-30C3-4748-9242-7ADDEF38D8DA}] => (Allow) C:\Program Files\pandasecuritytb\ToolbarCleaner.exe
FirewallRules: [{4CBEC3BA-E216-4C97-B61B-D0483BE0C229}] => (Allow) C:\Program Files\pandasecuritytb\ToolbarCleaner.exe
StandardProfile\AuthorizedApplications: [C:\TOSHIBA\ivp\NetInt\Netint.exe] => Enabled:NIE - Toshiba Software Upgrades Engine
StandardProfile\AuthorizedApplications: [C:\TOSHIBA\Ivp\ISM\pinger.exe] => Enabled:Toshiba Software Upgrades Pinger

==================== Restore Points =========================

28-09-2016 17:42:56 ComboFix created restore point
21-10-2016 12:45:21 Revo Uninstaller's restore point - Avast Free Antivirus
21-10-2016 13:44:37 Device Driver Package Install: Panda Security, S.L. Network Service

==================== Faulty Device Manager Devices =============

Name: Intel(R) Wireless WiFi Link 4965AGN
Description: Intel(R) Wireless WiFi Link 4965AGN
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Intel Corporation
Service: NETw4v32
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.

Name:
Description:
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.


==================== Event log errors: =========================

Application errors:
==================
Error: (11/14/2016 12:19:37 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application esetonlinescanner_enu.exe, version 2.0.12.0, time stamp 0x57ac3e59, faulting module esetonlinescanner_enu.exe, version 2.0.12.0, time stamp 0x57ac3e59, exception code 0xc0000005, fault offset 0x001b50f3,
process id 0x1710, application start time 0x01d23e2c85df4f3c.

Error: (11/13/2016 11:02:19 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application PCloudCleaner.exe, version 1.4.0.162, time stamp 0x00000000, faulting module kernel32.dll, version 6.0.6002.19623, time stamp 0x56ec36ff, exception code 0x0eedfade, fault offset 0x0003fdb6,
process id 0xa14, application start time 0x01d23e28c8b9dc2c.

Error: (11/13/2016 08:36:36 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 9298

Error: (11/13/2016 08:36:36 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 9298

Error: (11/13/2016 08:36:36 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (11/13/2016 08:36:34 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 7176

Error: (11/13/2016 08:36:34 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 7176

Error: (11/13/2016 08:36:34 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (11/13/2016 08:36:32 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 5320

Error: (11/13/2016 08:36:32 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 5320


System errors:
=============
Error: (11/14/2016 09:25:57 AM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: The following boot-start or system-start driver(s) failed to load:
Cdr4_xp
DasBoot
DasBootF
PRSBDRVR
tljkva
wayuia

Error: (11/14/2016 09:23:43 AM) (Source: Dhcp) (EventID: 1002) (User: )
Description: The IP address lease 192.168.2.8 for the Network Card with network address 001E333EFAE9 has been denied by the DHCP server 192.168.2.1 (The DHCP Server sent a DHCPNACK message).

Error: (11/14/2016 12:24:07 AM) (Source: DCOM) (EventID: 10010) (User: )
Description: The server {E10F6C3A-F1AE-4ADC-AA9D-2FE65525666E} did not register with DCOM within the required timeout.

Error: (11/13/2016 10:48:51 PM) (Source: Service Control Manager) (EventID: 7022) (User: )
Description: The Windows Update service hung on starting.

Error: (11/13/2016 10:45:55 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the Microsoft .NET Framework NGEN v4.0.30319_X86 service to connect.

Error: (11/13/2016 10:43:28 PM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: The following boot-start or system-start driver(s) failed to load:
Cdr4_xp
tljkva
wayuia

Error: (11/13/2016 10:42:46 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Windows Search service failed to start due to the following error:
The service did not respond to the start or control request in a timely fashion.

Error: (11/13/2016 10:42:46 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the Windows Search service to connect.

Error: (11/13/2016 10:32:26 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Windows Live ID Sign-in Assistant service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 10000 milliseconds: Restart the service.

Error: (11/13/2016 10:32:26 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The Ulead Burning Helper service terminated unexpectedly. It has done this 1 time(s).


CodeIntegrity:
===================================
Date: 2016-11-14 11:36:14.387
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\PSINReg.sys because the set of per-page image hashes could not be found on the system.

Date: 2016-11-14 11:36:13.809
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\PSINReg.sys because the set of per-page image hashes could not be found on the system.

Date: 2016-11-14 11:36:13.239
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\PSINReg.sys because the set of per-page image hashes could not be found on the system.

Date: 2016-11-14 11:36:12.685
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\PSINReg.sys because the set of per-page image hashes could not be found on the system.

Date: 2016-11-14 11:36:12.032
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\PSINProt.sys because the set of per-page image hashes could not be found on the system.

Date: 2016-11-14 11:36:11.453
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\PSINProt.sys because the set of per-page image hashes could not be found on the system.

Date: 2016-11-14 11:36:10.898
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\PSINProt.sys because the set of per-page image hashes could not be found on the system.

Date: 2016-11-14 11:36:10.326
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\PSINProt.sys because the set of per-page image hashes could not be found on the system.

Date: 2016-11-14 11:36:09.601
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\PSINProc.sys because the set of per-page image hashes could not be found on the system.

Date: 2016-11-14 11:36:09.003
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\PSINProc.sys because the set of per-page image hashes could not be found on the system.


==================== Memory info ===========================

Processor: Intel(R) Core(TM)2 Duo CPU T5550 @ 1.83GHz
Percentage of memory in use: 42%
Total physical RAM: 3069.21 MB
Available physical RAM: 1772.05 MB
Total Virtual: 6344.66 MB
Available Virtual: 4454.55 MB

==================== Drives ================================

Drive c: (SQ004710V01) (Fixed) (Total:184.85 GB) (Free:16.09 GB) NTFS ==>[drive with boot components (obtained from BCD)]
Drive d: () (Fixed) (Total:186.31 GB) (Free:92.98 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 186.3 GB) (Disk ID: 9C9CF735)
Partition 1: (Not Active) - (Size=800 MB) - (Type=27)
Partition 2: (Active) - (Size=184.8 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=698 MB) - (Type=OF Extended)

========================================================
Disk: 1 (Size: 186.3 GB) (Disk ID: 33D68AE6)
Partition 1: (Not Active) - (Size=186.3 GB) - (Type=07 NTFS)

==================== End of Addition.txt ============================

aswMBR version 1.0.1.2290 Copyright(c) 2014 AVAST Software
Run date: 2016-11-14 12:21:08
-----------------------------
12:21:08.113 OS Version: Windows 6.0.6002 Service Pack 2
12:21:08.114 Number of processors: 2 586 0xF0D
12:21:08.115 ComputerName: PS-TOSHIBA UserName: psimoes
12:21:10.628 Initialize success
12:21:10.674 VM: initialized successfully
12:21:10.676 VM: Intel CPU virtualization not supported
12:27:41.986 AVAST engine defs: 16111401
12:29:00.678 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-0
12:29:00.680 Disk 0 Vendor: Hitachi_ BBDO Size: 190782MB BusType: 3
12:29:00.684 Disk 1 \Device\Harddisk1\DR1 -> \Device\Ide\IAAStorageDevice-1
12:29:00.687 Disk 1 Vendor: TOSHIBA_ DK02 Size: 190782MB BusType: 3
12:29:03.700 Disk 0 statistics 670/0/0 @ 2.10 MB/s
12:29:03.700 Scan stopped
12:30:01.212 Disk 0 MBR has been saved successfully to "C:\Users\psimoes\Desktop\MBR.dat"
12:30:01.214 The log file has been saved successfully to "C:\Users\psimoes\Desktop\aswMBR.txt"
12:30:20.859 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-0
12:30:20.863 Disk 0 Vendor: Hitachi_ BBDO Size: 190782MB BusType: 3
12:30:20.868 Disk 1 \Device\Harddisk1\DR1 -> \Device\Ide\IAAStorageDevice-1
12:30:21.208 Disk 1 Vendor: TOSHIBA_ DK02 Size: 190782MB BusType: 3
12:30:21.354 Disk 0 MBR read successfully
12:30:21.360 Disk 0 MBR scan
12:30:21.368 Disk 0 unknown MBR code
12:30:22.031 Disk 0 Partition 1 00 27 Hidden NTFS WinRE NTFS 800 MB offset 64
12:30:22.052 Disk 0 Partition 2 80 (A) 07 HPFS/NTFS NTFS 189281 MB offset 1638632
12:30:22.062 Disk 0 Partition - 00 0F Extended LBA 698 MB offset 389287080
12:30:22.102 Disk 0 Partition 3 00 BC BOOTWIZ0 698 MB offset 389287143
12:30:22.114 Disk 0 scanning sectors +390716865
12:30:22.312 Disk 0 scanning C:\Windows\system32\drivers
12:30:39.051 Service scanning
12:31:28.459 Modules scanning
12:31:28.467 Disk 0 trace - called modules:
12:31:28.486 ntkrnlpa.exe CLASSPNP.SYS disk.sys iaStor.sys hal.dll
12:31:28.491 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x8782b608]
12:31:28.497 3 CLASSPNP.SYS[8b98d8b3] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-0[0x86932028]
12:31:29.947 AVAST engine scan C:\Windows
12:31:41.023 AVAST engine scan C:\Windows\system32
12:36:49.491 AVAST engine scan C:\Windows\system32\drivers
12:37:11.646 AVAST engine scan C:\Users\psimoes
13:03:41.255 AVAST engine scan C:\ProgramData
13:10:17.057 Disk 0 statistics 4445229/0/0 @ 1.18 MB/s
13:10:17.072 Scan finished successfully
13:11:01.932 Disk 0 MBR has been saved successfully to "C:\Users\psimoes\Desktop\MBR.dat"
13:11:01.938 The log file has been saved successfully to "C:\Users\psimoes\Desktop\aswMBR-2.txt"




SPECS....
Laptop: Toshiba Satellite laptop 15" A305-S6841
CPU: Intel Core 2 Duo CPU T5550 @ 1.83GHz
Ram: 3 GB
Hard drive: 400GB ( 2 X 200GB )
OS: Windows Vista 2007 Home Premium, 32bit, SP2
Internet connection: DSL
ATI Mobility Radeon HD 3470 with 256MB
Intel Wireless WiFi link 4965AGN
Realtek TRL8102E Family PCI-E Ethernet NIC (NDIS 6.0)
Browsers ( latest versions ) : Chrome, FireFox, Opera
Firewall and security software: Online Armor Firewall, Panda Antivirus,

 

[jmarket]

Hi there Paul Let's you started shall we?

ZHP Scan.

Please download Zhp Cleaner to your desktop. Right Click the icon and select run as administrator.

2. Once you have started the program, you will need to click the scanner button.

The program will close all open browsers!
3. Once the scan is completed, the you will want to click the Repair button.



At the end of the process you may be asked to reboot your machine. After you reboot a report will open on your desktop.
Copy and paste the report here in your next reply.

Zoek Scan

Disable your antivirus prior to this scan.
Download Zoek
Save the file to your desktop.
Right click Zoek.exe and run as administrator. (Xp Users double click)
Copy and paste the items in red below and paste them into Zoek.

createsrpoint;
emptyfolderscheck;delete
emptyclsid;
emptyalltemp;
ipconfig /flushdns;b
ResetHosts;
autoclean;

Now hit the run script button.
The log will appear after a reboot, also you can find it on the C: drive.
Post the log in your next reply.

 

[paulwb]

Thanks for the quick reply.
I ran ZHP cleaner, total bug count 33.
Clicked Repair, and it started to scan again, now stuck at 96% for 30 minutes, while the bug count rises, currently at 25.
Is this normal? Is it in repair mode, on its way to repairing the 33 found earlier?

 

[jmarket]

Is this normal? Is it in repair mode, on its way to repairing the 33 found earlier?

Sometimes ZHP Cleaner can take a while depending on the total # of items found as well as the speed of your computer. If it's sticking, try running it in Safe Mode.

If that doesn't work either, skip it and move on to the Zoek scan

 

[paulwb]

Hi jmarket,
OK thanks. It wasn't clear if the repair process was under way. The repair was successful.
Below are the ZHP & Zoek logs ....

~ ZHPCleaner v2016.11.14.193 by Nicolas Coolman (2016/11/14)
~ Run by psimoes (Administrator) (14/11/2016 14:55:34)
~ Web: https://www.nicolascoolman.com
~ Blog: https://www.anti-malware.top
~ Facebook : https://www.facebook.com/nicolascoolman1
~ State version : Version OK
~ Type : Repair
~ Report : C:\Users\psimoes\Desktop\ZHPCleaner.txt
~ Quarantine : C:\Users\psimoes\AppData\Roaming\ZHP\ZHPCleaner_Quarantine.txt
~ UAC : Activate
~ Boot Mode : Normal (Normal boot)
Windows VISTA, 32-bit Service Pack 2 (Build 6002)

---\\ Services (0)
~ No malicious or unnecessary items found.


---\\ Browser internet (1)
REPLACED Opera URL: {"ab_testing":{"uid":"QzRGMTc4NTYtMjY0Ri00REU1LUEwMzItNThEOTg2NzI0QkYw"},"autofill":{"wallet_import_[...] =>Adware.Sambreel


---\\ Hosts file (1)
~ The hosts file is legitimate (1)

---\\ Scheduled automatic tasks. (0)
~ No malicious or unnecessary items found.

---\\ Explorer ( File, Folder) (30)
MOVED file: C:\Windows\Installer\wix{308B6AEA-DE50-4666-996D-0FA461719D6B}.SchedServiceConfig.rmi =>.Superfluous.Empty
MOVED file: C:\Windows\Installer\wix{3911CF56-9EF2-39BA-846A-C27BD3CD0685}.SchedServiceConfig.rmi =>.Superfluous.Empty
MOVED file: C:\Windows\Installer\wix{3C3901C5-3455-3E0A-A214-0B093A5070A6}.SchedServiceConfig.rmi =>.Superfluous.Empty
MOVED file: C:\Windows\Installer\wix{4903D172-DCCB-392F-93A3-34CA9D47FE3D}.SchedServiceConfig.rmi =>.Superfluous.Empty
MOVED file: C:\Windows\Installer\wix{CCA1EEA3-555E-4D05-AC46-4B49C6C5D887}.SchedServiceConfig.rmi =>.Superfluous.Empty
MOVED file: C:\Users\psimoes\Downloads\Android Apps\PopcornTime-5.4.exe [Popcorn Time - Popcorn Time Setup] =>.Superfluous.PopcornTime
MOVED folder: C:\ProgramData\{3276BE95_AF08_429F_A64F_CA64CB79BCF6} =>Heuristic.Suspect
MOVED folder: C:\Program Files\QuickTime =>Riskware.QuickTime
MOVED folder: C:\Users\psimoes\AppData\Local\Google\Chrome\User Data\Default\File System\008 =>PUP.Optional.DomaIQ
MOVED folder: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QuickTime =>Riskware.QuickTime
MOVED folder: C:\Users\psimoes\AppData\Local\{0874CFEB-46BA-48A7-B323-3F248E2A9D2C} =>.Superfluous.Empty
MOVED folder: C:\Users\psimoes\AppData\Local\{1D0683B0-E87A-4F6C-817C-6B6FB0DBFBFB} =>.Superfluous.Empty
MOVED folder: C:\Users\psimoes\AppData\Local\{33653CAF-5422-495F-80D4-DFB50403B443} =>.Superfluous.Empty
MOVED folder: C:\Users\psimoes\AppData\Local\{3E54A680-E6DA-49BE-86E5-3D593FE0490D} =>.Superfluous.Empty
MOVED folder: C:\Users\psimoes\AppData\Local\{3F01CD36-A73A-4250-A198-0B4AEC9BD7E0} =>.Superfluous.Empty
MOVED folder: C:\Users\psimoes\AppData\Local\{413831D1-1316-4252-81D6-A1DF48FFAAFC} =>.Superfluous.Empty
MOVED folder: C:\Users\psimoes\AppData\Local\{531198E2-06D2-4349-AFD4-C4F540ED3328} =>.Superfluous.Empty
MOVED folder: C:\Users\psimoes\AppData\Local\{545D1F99-2D75-4119-B2C5-A06F9E8E2824} =>.Superfluous.Empty
MOVED folder: C:\Users\psimoes\AppData\Local\{6D46D35E-1DDE-4B8B-89A3-E27AE5D9B70B} =>.Superfluous.Empty
MOVED folder: C:\Users\psimoes\AppData\Local\{89BD34DC-36EE-4159-A41A-137CB894103B} =>.Superfluous.Empty
MOVED folder: C:\Users\psimoes\AppData\Local\{A49468BD-99A5-466B-A56D-AA37F2E140AC} =>.Superfluous.Empty
MOVED folder: C:\Users\psimoes\AppData\Local\{A6C835F9-3D04-4574-8701-0AA8A1206FE1} =>.Superfluous.Empty
MOVED folder: C:\Users\psimoes\AppData\Local\{A9693926-F907-4666-8DB9-82CA018B6D99} =>.Superfluous.Empty
MOVED folder: C:\Users\psimoes\AppData\Local\{AB814BA9-6A52-4ECE-9573-3FC5D8E31AEC} =>.Superfluous.Empty
MOVED folder: C:\Users\psimoes\AppData\Local\{C42D5C08-0E58-459C-837E-4C41FCD8F1BD} =>.Superfluous.Empty
MOVED folder: C:\Users\psimoes\AppData\Local\{D25F0319-D7A8-48C1-9496-6F309BE412C5} =>.Superfluous.Empty
MOVED folder: C:\Users\psimoes\AppData\Local\{E287512F-5B4F-4332-838A-2609852F8DD9} =>.Superfluous.Empty
MOVED folder: C:\Users\psimoes\AppData\Local\{E6A6AD84-DC5B-4087-9E59-D6FC298AC3F7} =>.Superfluous.Empty
MOVED folder: C:\Users\psimoes\AppData\Local\{E8909DFA-19EC-4A8F-B88D-013D56ABB973} =>.Superfluous.Empty
MOVED folder: C:\Users\psimoes\AppData\Local\{FF413783-784D-44ED-AAEF-E27675D2464D} =>.Superfluous.Empty


---\\ Registry ( Key, Value, Data) (1)
DELETED key*: HKLM\SOFTWARE\Unlocker\OpenCandy [] =>Adware.OpenCandy


---\\ Summary of the elements found (7)
https://www.nicolascoolman.com/fr/pup-optional-sambreel/ =>Adware.Sambreel
https://www.nicolascoolman.com/fr/logiciels-superflus =>.Superfluous.Empty
https://www.anti-malware.top/2016/09/28/superfluous-popcorntime/ =>.Superfluous.PopcornTime
https://www.anti-malware.top/2016/04/22/heuristic-suspect/ =>Heuristic.Suspect
https://www.anti-malware.top/2016/04/21/riskware-quicktime/ =>Riskware.QuickTime
https://www.nicolascoolman.com/fr/adware-domaiq/ =>PUP.Optional.DomaIQ
https://www.nicolascoolman.com/fr/repaquetage-et_infections/ =>Adware.OpenCandy


---\\ Other deletions. (12)
~ Registry Keys Tracing deleted (12)
~ Remove the old reports ZHPCleaner. (0)


---\\ Result of repair
~ Repair carried out successfully


---\\ Statistics
~ Items scanned : 790
~ Items found : 0
~ Items cancelled : 0
~ Items repaired : 32


~ End of clean in 00h58mn27s
~====================

Zoek.exe v5.0.0.1 Updated 19-September-2016
Tool run by psimoes on 14/11/2016 at 16:18:42.12.
Microsoft® Windows Vista™ Home Premium 6.0.6002 Service Pack 2 x86
Running in: Safe Mode NETWORK Internet Access Detected
Launched: C:\Users\psimoes\Desktop\zoek.exe [Scan all users] [Script inserted]

==== System Restore Info ======================

==== Reset Hosts File ======================

# Copyright (c) 1993-2006 Microsoft Corp.
#
# This is a sample HOSTS file used by Microsoft TCP/IP for Windows.
#
# This file contains the mappings of IP addresses to host names. Each
# entry should be kept on an individual line. The IP address should
# be placed in the first column followed by the corresponding host name.
# The IP address and the host name should be separated by at least one
# space.
#
# Additionally, comments (such as these) may be inserted on individual
# lines or following the machine name denoted by a '#' symbol.
#
# For example:
#
# 102.54.94.97 rhino.acme.com # source server
# 38.25.63.10 x.acme.com # x client host

127.0.0.1 localhost
::1 localhost

==== Empty Folders Check ======================

C:\Program Files\Tweaking.com deleted successfully
C:\Program Files\Common Files\MicroWorld deleted successfully
C:\PROGRA~2\Oracle deleted successfully
C:\Users\Guest\AppData\Roaming\Apple Computer deleted successfully
C:\Users\psimoes\AppData\Roaming\JAM Software deleted successfully
C:\Users\psimoes\AppData\Roaming\Media Player Classic deleted successfully
C:\Users\psimoes\AppData\Roaming\SkypePM deleted successfully
C:\Users\psimoes\AppData\Roaming\Windows Live Writer deleted successfully
C:\Users\torrents\AppData\Roaming\Apple Computer deleted successfully
C:\Users\torrents\AppData\Roaming\Google deleted successfully
C:\Users\psimoes\AppData\Local\Downloaded Installations deleted successfully
C:\Users\psimoes\AppData\Local\FSDART deleted successfully
C:\Users\psimoes\AppData\Local\Skype deleted successfully
C:\Users\torrents\AppData\Local\{0A37DD66-17E4-4654-B151-1A26F2A96828} deleted successfully
C:\Users\torrents\AppData\Local\{0B6F107D-F2CE-4CA8-8AD5-DB8ABC72D1E5} deleted successfully
C:\Users\torrents\AppData\Local\{0E39A969-7D56-4B65-95AA-5C882C6602F9} deleted successfully
C:\Users\torrents\AppData\Local\{1FDE68B8-951C-4A51-A93E-F1D66AE04090} deleted successfully
C:\Users\torrents\AppData\Local\{214F433E-2134-436B-B363-54049233701D} deleted successfully
C:\Users\torrents\AppData\Local\{2B464EDD-249F-44E9-84EE-325F99BA1058} deleted successfully
C:\Users\torrents\AppData\Local\{2FB85267-A6B0-4190-A051-D4D4C1A6AA43} deleted successfully
C:\Users\torrents\AppData\Local\{2FD89FA8-6573-4A96-B5D7-4C3F8BBCFD13} deleted successfully
C:\Users\torrents\AppData\Local\{3136722F-B1D1-4F2C-92E9-8555A1322CC0} deleted successfully
C:\Users\torrents\AppData\Local\{3140949C-A842-42E6-975C-EB87FCB8EE2B} deleted successfully
C:\Users\torrents\AppData\Local\{331194C8-A41A-4CE7-8B7D-55B3171617EB} deleted successfully
C:\Users\torrents\AppData\Local\{344BA392-42A2-4859-AE10-E999215FF8E9} deleted successfully
C:\Users\torrents\AppData\Local\{358E2A08-0899-4FE2-9870-F6B3509DACD7} deleted successfully
C:\Users\torrents\AppData\Local\{359750A4-75BE-4368-9EB1-3C1DE6E3D54E} deleted successfully
C:\Users\torrents\AppData\Local\{3FAF0087-8840-4B92-B04A-2EDBC5B6804A} deleted successfully
C:\Users\torrents\AppData\Local\{4C5154E0-4B95-48DE-9DB7-B8FDCFA6ED01} deleted successfully
C:\Users\torrents\AppData\Local\{4F07F52C-274E-4C20-A666-E1C070E54A48} deleted successfully
C:\Users\torrents\AppData\Local\{5765A1B0-875B-4E57-B98C-1BE6722F47C5} deleted successfully
C:\Users\torrents\AppData\Local\{5CE51B4A-E0F5-40E3-8DEF-B54485A1A411} deleted successfully
C:\Users\torrents\AppData\Local\{5FA25ACC-0FFC-4937-B7B5-6A202868998F} deleted successfully
C:\Users\torrents\AppData\Local\{6073A68F-401D-4427-A024-BA813B059670} deleted successfully
C:\Users\torrents\AppData\Local\{65648A3C-3DB0-4D2A-8E9E-5B51BAA2404D} deleted successfully
C:\Users\torrents\AppData\Local\{67499C0A-1B95-4A17-95C4-F8A0D91C3DEC} deleted successfully
C:\Users\torrents\AppData\Local\{68A98603-40E7-492A-B4F0-2DC6E059BDF9} deleted successfully
C:\Users\torrents\AppData\Local\{6CFC1921-E76B-4EF5-B535-ED8F70D3A8BF} deleted successfully
C:\Users\torrents\AppData\Local\{6EB9A3F8-78DB-48E1-8A4E-876209CC4C39} deleted successfully
C:\Users\torrents\AppData\Local\{6FB7EADD-BB26-443E-AFCB-AD015F453593} deleted successfully
C:\Users\torrents\AppData\Local\{71A6C0EE-436F-4D74-9109-6A393C9BBAD8} deleted successfully
C:\Users\torrents\AppData\Local\{755F3813-611E-4EC3-9B92-9C7344865CED} deleted successfully
C:\Users\torrents\AppData\Local\{7B2F88D1-1D5D-4D39-9F52-18BBCB8E9A13} deleted successfully
C:\Users\torrents\AppData\Local\{7E93AAE5-D03F-4650-B4EC-537A69AC08AD} deleted successfully
C:\Users\torrents\AppData\Local\{85E07806-366D-48BD-BBA0-9D080EE589F6} deleted successfully
C:\Users\torrents\AppData\Local\{87D17032-6377-424B-896B-7575FDE53C8A} deleted successfully
C:\Users\torrents\AppData\Local\{88DB861A-CFE3-4380-9121-0CB7D522E3A0} deleted successfully
C:\Users\torrents\AppData\Local\{8B39BCDC-D196-414D-8386-F18D3973D7D4} deleted successfully
C:\Users\torrents\AppData\Local\{8C1FFCE6-83AB-4141-B278-779159F8144A} deleted successfully
C:\Users\torrents\AppData\Local\{9E00F062-00C6-4672-8D03-84E2ACF8F91B} deleted successfully
C:\Users\torrents\AppData\Local\{9E550A50-8A63-4A43-AD43-2B29AFC01498} deleted successfully
C:\Users\torrents\AppData\Local\{A4C29529-2296-4245-B493-DE961F91123F} deleted successfully
C:\Users\torrents\AppData\Local\{A89E34E3-C409-4096-BD11-9D0BFA85884C} deleted successfully
C:\Users\torrents\AppData\Local\{AA2A1E82-5CA2-4838-BAF3-F97A4D89663B} deleted successfully
C:\Users\torrents\AppData\Local\{B0785BDD-6C32-472D-96A6-59DAA791CAC7} deleted successfully
C:\Users\torrents\AppData\Local\{B1655C30-6372-4D0A-A0FA-2BE23E72283A} deleted successfully
C:\Users\torrents\AppData\Local\{B492D19B-7289-4876-BCEB-4E1F3DE6E6A3} deleted successfully
C:\Users\torrents\AppData\Local\{BD3F5A03-6F83-4CEB-8935-CD66701D1703} deleted successfully
C:\Users\torrents\AppData\Local\{C6F73A72-159F-45B2-B208-E54558EFE04D} deleted successfully
C:\Users\torrents\AppData\Local\{CB3FC6A7-5053-424C-A027-D4096E71F09F} deleted successfully
C:\Users\torrents\AppData\Local\{D1281A4A-560B-4461-8F7C-B2F4979C6E28} deleted successfully
C:\Users\torrents\AppData\Local\{D6B0651B-DBAD-4A5E-8876-CB60BAC4E177} deleted successfully
C:\Users\torrents\AppData\Local\{DAADFAE0-51E8-4AC5-A434-7A8CEFEC25C7} deleted successfully
C:\Users\torrents\AppData\Local\{DD55A1CA-EA2D-4758-A7F8-9DB91C27B4C8} deleted successfully
C:\Users\torrents\AppData\Local\{DFDD1532-190F-4335-AD11-5EAC086068BD} deleted successfully
C:\Users\torrents\AppData\Local\{E479EE4B-73C8-4795-8D65-8217326E29DF} deleted successfully
C:\Users\torrents\AppData\Local\{E62D77A7-1540-4163-8D40-AAB4CC595DB5} deleted successfully
C:\Users\torrents\AppData\Local\{E78501C0-1C99-4278-B5C2-4318EAB5B0B3} deleted successfully
C:\Users\torrents\AppData\Local\{EA2447D0-0F46-4255-8E7A-424AEAEE2C99} deleted successfully
C:\Users\torrents\AppData\Local\{F324F794-1DA0-454C-9458-FE140F57FE6B} deleted successfully
C:\Users\torrents\AppData\Local\{F3395637-9E2E-4E42-B992-E62A74AE0235} deleted successfully
C:\Users\torrents\AppData\Local\{FA31F46F-0328-4348-9E8D-30BD4FD1FF1D} deleted successfully
C:\Users\torrents\AppData\Local\{FC0CA199-F2D7-4E1A-AB14-0489408CCCA7} deleted successfully
C:\Users\torrents\AppData\Local\{FEDDB565-A261-478C-B924-18D89D2CAF3C} deleted successfully

==== Deleting CLSID Registry Keys ======================

HKEY_USERS\S-1-5-21-3399307451-3074549587-1771456082-1000\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D} deleted successfully
HKEY_USERS\S-1-5-21-3399307451-3074549587-1771456082-1000\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D} deleted successfully
HKEY_USERS\S-1-5-21-3399307451-3074549587-1771456082-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F4E39681-15F8-4fda-B8A3-B5C98378F2F3} deleted successfully
HKEY_CLASSES_ROOT\CLSID\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D} deleted successfully

==== Deleting CLSID Registry Values ======================

HKEY_USERS\S-1-5-21-3399307451-3074549587-1771456082-1000\Software\Microsoft\Internet Explorer\Approved Extensions\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D} deleted successfully
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\{AEB6717E-7E19-11d0-97EE-00C04FD91972} deleted successfully

==== Deleting Services ======================


==== FireFox Fix ======================

ProfilePath: C:\Users\Guest\AppData\Roaming\Mozilla\Firefox\Profiles\hnnfnerz.default

user.js not found
---- FireFox user.js and prefs.js backups ----

prefs_112016_0443_.backup

ProfilePath: C:\Users\psimoes\AppData\Roaming\Mozilla\Firefox\Profiles\9yk1vrhk.default

user.js not found
---- FireFox user.js and prefs.js backups ----

prefs_112016_0443_.backup

ProfilePath: C:\Users\torrents\AppData\Roaming\Mozilla\Firefox\Profiles\z9ph3vjm.default

user.js not found
---- Lines yahoo removed from prefs.js ----
user_pref("extensions.wrc.SearchRules.yahoo.com.style", ".WRCN {display:none} .sm-hd .WRCN, .sm-links .WRCN, .res h3 > .WRCN {display:inline url(\"IM
user_pref("extensions.wrc.SearchRules.yahoo.com.url", "^http(s)?\\:\\/\\/((.)+\\.)?search\\.yahoo\\.com\\/(.)*");
---- Lines finder removed from prefs.js ----
user_pref("browser.startup.homepage", "http://adultfriendfinder.com/|http://www.hornymatches.com/");
---- Lines Search-Results removed from prefs.js ----
user_pref("extensions.wrc.SearchRules.rambler.ru.style", ".WRCN {display:none} .search-results .title + .WRCN {display:inline url(\"IMAGE\") right no
---- FireFox user.js and prefs.js backups ----

prefs_112016_0443_.backup

==== Batch Command(s) Run By Tool======================


==== Deleting Files \ Folders ======================

C:\Program Files\Tweaking.com not found
C:\Program Files\stinger deleted
C:\Windows\system32\appdata deleted
C:\Program Files\GUTC12.tmp deleted
C:\Program Files\GUMC11.tmp deleted
C:\Program Files\IdealDVDCopy deleted
C:\Program Files\pandasecuritytb deleted
C:\PROGRA~2\IdealSoftware deleted
C:\PROGRA~2\{429CAD59-35B1-4DBC-BB6D-1DB246563521} deleted
C:\Users\psimoes\AppData\Local\{ACABC2F9-44A4-4E51-B14F-01A564E7E99E} deleted
C:\Users\psimoes\AppData\Local\IdealSoftware deleted
C:\Users\psimoes\AppData\LocalLow\pandasecuritytb deleted
C:\Windows\system32\GroupPolicy\Machine deleted
C:\Windows\system32\GroupPolicy\User deleted
C:\Windows\system32\GroupPolicy\gpt.ini deleted
C:\Users\Guest\AppData\Roaming\Mozilla\Firefox\Profiles\hnnfnerz.default\pandasecuritytb deleted
C:\Users\psimoes\AppData\Roaming\Mozilla\Firefox\Profiles\9yk1vrhk.default\pandasecuritytb deleted
C:\Users\torrents\AppData\Roaming\Mozilla\Firefox\Profiles\z9ph3vjm.default\pandasecuritytb deleted
"C:\Users\psimoes\AppData\Roaming\Mozilla\Firefox\Profiles\9yk1vrhk.default\searchplugins\yahoo-avast.xml" deleted
"C:\Users\psimoes\AppData\Roaming\Mozilla\Firefox\Profiles\9yk1vrhk.default\searchplugins\yahoo-avast.xml" deleted

==== Firefox Extensions ======================

ProfilePath: C:\Users\Guest\AppData\Roaming\Mozilla\Firefox\Profiles\hnnfnerz.default
- Undetermined - C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}
- Undetermined - C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}
- Undetermined - C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
- Undetermined - C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
- Microsoft .NET Framework Assistant - %ProfilePath%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
- Panda Security Toolbar - %ProfilePath%\extensions\{B821BF60-5C2D-41EB-92DC-3E4CCD3A22E4}.xpi

ProfilePath: C:\Users\psimoes\AppData\Roaming\Mozilla\Firefox\Profiles\9yk1vrhk.default
- Firefox Hotfix - %ProfilePath%\extensions\firefox-hotfix@mozilla.org.xpi
- Panda Security Toolbar - %ProfilePath%\extensions\{B821BF60-5C2D-41EB-92DC-3E4CCD3A22E4}.xpi

ProfilePath: C:\Users\torrents\AppData\Roaming\Mozilla\Firefox\Profiles\z9ph3vjm.default
- Microsoft .NET Framework Assistant - %ProfilePath%\extensions\{20a82645-c095-46ed-80e3-08825760534b}.xpi
- Panda Security Toolbar - %ProfilePath%\extensions\{B821BF60-5C2D-41EB-92DC-3E4CCD3A22E4}.xpi

AppDir: C:\Program Files\Mozilla Firefox
- Undetermined - %AppDir%\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}.xpi

==== Firefox Plugins ======================

Profilepath: C:\Users\psimoes\AppData\Roaming\Mozilla\Firefox\Profiles\9yk1vrhk.default
F169116C1BA501AB4D0D66D41FF496B5 - C:\Program Files\Adobe\Reader 10.0\Reader\browser\nppdf32.dll - Adobe Acrobat
FC5D7AF1FC3A63782E19B375E2312D1C - C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll - Adobe Acrobat
3EE8AE0ECFE5D79DE1737A855AD1E84C - C:\Program Files\Google\Update\1.3.31.5\npGoogleUpdate3.dll - Google Update
AB87EEFFD18F2BAAFC274E7075EA6C67 - C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll - Windows Presentation Foundation / Windows Presentation Foundation
A5C14075B571AF1C9592595BE724D9D2 - C:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll - Silverlight Plug-In
14D06C3796CE3F6BA8F43CDF3AD65D76 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll - Java(TM) Platform SE 7 U67
0A6E5E3BEF374AA2F47071E7374EAD7B - C:\Program Files\Java\jre7\bin\dtplugin\npdeployJava1.dll - Java Deployment Toolkit 7.0.670.1
5B4DA1113F240C3F06FFF9D52761528B - C:\Program Files\Google\Picasa3\npPicasa3.dll - Picasa
2658CE01D183BC62E7C46A1C9969632E - C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll - iTunes Application Detector
83FCFA3C1E0D7523C21CCFBF336D2687 - C:\Windows\system32\Macromed\Flash\NPSWF32_23_0_0_207.dll - Shockwave Flash
3EE8AE0ECFE5D79DE1737A855AD1E84C - C:\Users\psimoes\AppData\Local\Google\Update\1.3.31.5\npGoogleUpdate3.dll - Google Update
3CD19649B2C3023D65E67C056457A2BC - C:\Users\psimoes\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll - Facebook Video Calling Plugin
E3B4EA121F7BDEB0F6366E2BA9608CB5 - C:\Users\psimoes\AppData\Local\Citrix\Plugins\104\npappdetector.dll - Citrix Online Web Deployment Plugin 1.0.0.104
5E8CA71295BD5C4EACC805FDAACAF5AF - C:\Users\psimoes\AppData\Roaming\Mozilla\plugins\npatgpc.dll - ActiveTouch General Plugin Container
20FF20FBC1F20ADEC0AD6AF98ABE9545 - C:\Users\psimoes\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll - Google Talk Plugin
57D28190C994AD5E9B1007FB2259393A - C:\Users\psimoes\AppData\Roaming\Mozilla\plugins\npo1d.dll - Google Talk Plugin Video Renderer
2AA3703D87E1327A2290C9D416D89A28 - C:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrlui.dll - Microsoft® Silverlight


==== Chromium Look ======================

Google Chrome Version: 46.0.2490.86

HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions
fagakgcelolinfnkfgekcnedpaklfcok - No path found[]

Google Voice Search Hotword (Beta) - psimoes\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn
StartPage Search Engine - psimoes\AppData\Local\Google\Chrome\User Data\Default\Extensions\choepknhbopmendmnohbaemeaeemnaom
Thesaurus.com - Synonyms and Antonyms - psimoes\AppData\Local\Google\Chrome\User Data\Default\Extensions\clljlcapeomdokpgadmegpabakieebci
Learn Italian - psimoes\AppData\Local\Google\Chrome\User Data\Default\Extensions\dadgddaepklpemjojmnhgdjmmkmefihe
Trading Dashboard to Fructify your Money - psimoes\AppData\Local\Google\Chrome\User Data\Default\Extensions\egfjlnahigndmbebpdhnnkcfnahhhglp
Zoho Invoice and Time Tracking - psimoes\AppData\Local\Google\Chrome\User Data\Default\Extensions\ehmnelfmlmpladgddfgghoaigjhfkhdj
Learn Portuguese - psimoes\AppData\Local\Google\Chrome\User Data\Default\Extensions\iaichpenkdlohcjgagagapnegbjmfnfh
Yesware Reports - psimoes\AppData\Local\Google\Chrome\User Data\Default\Extensions\kiciehannidbjakcefendokamkjnolhg
Boomerang for Gmail - psimoes\AppData\Local\Google\Chrome\User Data\Default\Extensions\mdanidgdpmkimeiiojknlnekblgmpdll
Vend - psimoes\AppData\Local\Google\Chrome\User Data\Default\Extensions\meddmiakkfjlledfhjljjjdebajikafa
Learn Spanish - psimoes\AppData\Local\Google\Chrome\User Data\Default\Extensions\pmcdjmebmeoobmdghjbjhbifoocbcmaj

==== Chromium Startpages ======================

C:\Users\psimoes\AppData\Roaming\Opera Software\Opera Stable\Preferences
"startup_urls": [ "https://www.google.fr/" ],


==== Chromium Fix ======================

C:\Users\psimoes\AppData\Local\Google\Chrome\User Data\Default\Local Storage\https_c.betrad.com_0.localstorage deleted successfully
C:\Users\psimoes\AppData\Local\Google\Chrome\User Data\Default\Local Storage\https_c.betrad.com_0.localstorage-journal deleted successfully

==== Set IE to Default ======================

Old Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main]
"Search Bar"="http://www.google.com/ie"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\AboutURLs]
"Tabs"="res://ieframe.dll/tabswelcome.htm"

New Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Start Page"="http://go.microsoft.com/fwlink/?LinkId=69157"
[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main]
"Search Bar"="http://go.microsoft.com/fwlink/?LinkId=54896"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\AboutURLs]
"Tabs"="about:newtab"

==== All HKLM and HKCU SearchScopes ======================

HKLM\SearchScopes "DefaultScope"="{67C334C0-408D-4E6D-B5A7-0ADD6AFFA252}"
HKLM\SearchScopes\{67C334C0-408D-4E6D-B5A7-0ADD6AFFA252} - http://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:{language}:{referrer:source}&ie={inputEncoding?}&oe={outputEncoding?}
HKCU\SearchScopes "DefaultScope"="{67C334C0-408D-4E6D-B5A7-0ADD6AFFA252}"
HKCU\SearchScopes\{012E1000-F331-11DB-8314-0800200C9A66} - http://www.google.com/search?q={searchTerms}
HKCU\SearchScopes\{67C334C0-408D-4E6D-B5A7-0ADD6AFFA252} - http://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:{language}:{referrer:source}&ie={inputEncoding?}&oe={outputEncoding?}&rlz=1I7GGLL_en

==== Deleting CLSID Registry Keys ======================

HKEY_USERS\S-1-5-21-3399307451-3074549587-1771456082-1000\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{B821BF60-5C2D-41EB-92DC-3E4CCD3A22E4} deleted successfully
HKEY_USERS\S-1-5-21-3399307451-3074549587-1771456082-1000\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{B821BF60-5C2D-41EB-92DC-3E4CCD3A22E4} deleted successfully
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{B821BF60-5C2D-41EB-92DC-3E4CCD3A22E4} deleted successfully
HKEY_CLASSES_ROOT\CLSID\{B821BF60-5C2D-41EB-92DC-3E4CCD3A22E4} deleted successfully
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B821BF60-5C2D-41EB-92DC-3E4CCD3A22E4} deleted successfully

==== Deleting CLSID Registry Values ======================

HKEY_USERS\S-1-5-21-3399307451-3074549587-1771456082-1000\Software\Microsoft\Internet Explorer\URLSearchHooks\{B821BF60-5C2D-41EB-92DC-3E4CCD3A22E4} deleted successfully
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar\{B821BF60-5C2D-41EB-92DC-3E4CCD3A22E4} deleted successfully

==== Deleting Registry Keys ======================

HKEY_CURRENT_USER\Software\Policies\Google deleted successfully
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task deleted successfully

==== Empty IE Cache ======================

C:\Users\psimoes\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5 emptied successfully
C:\Users\psimoes\AppData\Local\temp\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\psimoes\AppData\Local\temp(49)\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\system32\config\systemprofile\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\system32\config\systemprofile\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temporary Internet Files\Low\Content.IE5 emptied successfully
C:\Windows\system32\config\systemprofile\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\system32\config\systemprofile\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5 emptied successfully
C:\Windows\system32\config\systemprofile\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temporary Internet Files\Low\Content.IE5 emptied successfully
C:\Windows\system32\config\systemprofile\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5 emptied successfully
C:\Windows\system32\config\systemprofile\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temporary Internet Files\Low\Content.IE5 emptied successfully
C:\Windows\system32\config\systemprofile\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5 emptied successfully
C:\Windows\system32\config\systemprofile\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temporary Internet Files\Low\Content.IE5 emptied successfully
C:\Windows\system32\config\systemprofile\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5 emptied successfully
C:\Windows\system32\config\systemprofile\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Temporary Internet Files\Low\Content.IE5 emptied successfully
C:\Windows\system32\config\systemprofile\AppData\Local\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5 emptied successfully
C:\Windows\system32\config\systemprofile\AppData\Local\Application Data\Application Data\Application Data\Application Data\Temporary Internet Files\Low\Content.IE5 emptied successfully
C:\Windows\system32\config\systemprofile\AppData\Local\Application Data\Application Data\Application Data\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5 emptied successfully
C:\Windows\system32\config\systemprofile\AppData\Local\Application Data\Application Data\Application Data\Temporary Internet Files\Low\Content.IE5 emptied successfully
C:\Windows\system32\config\systemprofile\AppData\Local\Application Data\Application Data\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5 emptied successfully
C:\Windows\system32\config\systemprofile\AppData\Local\Application Data\Application Data\Temporary Internet Files\Low\Content.IE5 emptied successfully
C:\Windows\system32\config\systemprofile\AppData\Local\Application Data\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5 emptied successfully
C:\Windows\system32\config\systemprofile\AppData\Local\Application Data\Temporary Internet Files\Low\Content.IE5 emptied successfully
C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5 emptied successfully
C:\Windows\system32\config\systemprofile\AppData\Local\Temporary Internet Files\Low\Content.IE5 emptied successfully
C:\Windows\system32\config\systemprofile\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\system32\config\systemprofile\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temporary Internet Files\Low\Content.IE5 emptied successfully
C:\Windows\system32\config\systemprofile\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\system32\config\systemprofile\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5 emptied successfully
C:\Windows\system32\config\systemprofile\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temporary Internet Files\Low\Content.IE5 emptied successfully
C:\Windows\system32\config\systemprofile\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5 emptied successfully
C:\Windows\system32\config\systemprofile\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temporary Internet Files\Low\Content.IE5 emptied successfully
C:\Windows\system32\config\systemprofile\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5 emptied successfully
C:\Windows\system32\config\systemprofile\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temporary Internet Files\Low\Content.IE5 emptied successfully
C:\Windows\system32\config\systemprofile\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5 emptied successfully
C:\Windows\system32\config\systemprofile\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temporary Internet Files\Low\Content.IE5 emptied successfully
C:\Windows\system32\config\systemprofile\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5 emptied successfully
C:\Windows\system32\config\systemprofile\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Temporary Internet Files\Low\Content.IE5 emptied successfully
C:\Windows\system32\config\systemprofile\Local Settings\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5 emptied successfully
C:\Windows\system32\config\systemprofile\Local Settings\Application Data\Application Data\Application Data\Application Data\Temporary Internet Files\Low\Content.IE5 emptied successfully
C:\Windows\system32\config\systemprofile\Local Settings\Application Data\Application Data\Application Data\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5 emptied successfully
C:\Windows\system32\config\systemprofile\Local Settings\Application Data\Application Data\Application Data\Temporary Internet Files\Low\Content.IE5 emptied successfully
C:\Windows\system32\config\systemprofile\Local Settings\Application Data\Application Data\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5 emptied successfully
C:\Windows\system32\config\systemprofile\Local Settings\Application Data\Application Data\Temporary Internet Files\Low\Content.IE5 emptied successfully
C:\Windows\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5 emptied successfully
C:\Windows\system32\config\systemprofile\Local Settings\Application Data\Temporary Internet Files\Low\Content.IE5 emptied successfully
C:\Windows\system32\config\systemprofile\Local Settings\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5 emptied successfully
C:\Windows\system32\config\systemprofile\Local Settings\Temporary Internet Files\Low\Content.IE5 emptied successfully
C:\Windows\serviceprofiles\networkservice\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\serviceprofiles\Localservice\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\serviceprofiles\Localservice\AppData\Local\Temp\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\system32\config\systemprofile\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\system32\config\systemprofile\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temporary Internet Files\Low\Content.IE5 emptied successfully
C:\Windows\system32\config\systemprofile\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\system32\config\systemprofile\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5 emptied successfully
C:\Windows\system32\config\systemprofile\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temporary Internet Files\Low\Content.IE5 emptied successfully
C:\Windows\system32\config\systemprofile\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5 emptied successfully
C:\Windows\system32\config\systemprofile\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temporary Internet Files\Low\Content.IE5 emptied successfully
C:\Windows\system32\config\systemprofile\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5 emptied successfully
C:\Windows\system32\config\systemprofile\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temporary Internet Files\Low\Content.IE5 emptied successfully
C:\Windows\system32\config\systemprofile\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5 emptied successfully
C:\Windows\system32\config\systemprofile\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temporary Internet Files\Low\Content.IE5 emptied successfully
C:\Windows\system32\config\systemprofile\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5 emptied successfully
C:\Windows\system32\config\systemprofile\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Temporary Internet Files\Low\Content.IE5 emptied successfully
C:\Windows\system32\config\systemprofile\AppData\Local\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5 emptied successfully
C:\Windows\system32\config\systemprofile\AppData\Local\Application Data\Application Data\Application Data\Application Data\Temporary Internet Files\Low\Content.IE5 emptied successfully
C:\Windows\system32\config\systemprofile\AppData\Local\Application Data\Application Data\Application Data\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5 emptied successfully
C:\Windows\system32\config\systemprofile\AppData\Local\Application Data\Application Data\Application Data\Temporary Internet Files\Low\Content.IE5 emptied successfully
C:\Windows\system32\config\systemprofile\AppData\Local\Application Data\Application Data\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5 emptied successfully
C:\Windows\system32\config\systemprofile\AppData\Local\Application Data\Application Data\Temporary Internet Files\Low\Content.IE5 emptied successfully
C:\Windows\system32\config\systemprofile\AppData\Local\Application Data\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5 emptied successfully
C:\Windows\system32\config\systemprofile\AppData\Local\Application Data\Temporary Internet Files\Low\Content.IE5 emptied successfully
C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5 emptied successfully
C:\Windows\system32\config\systemprofile\AppData\Local\Temporary Internet Files\Low\Content.IE5 emptied successfully
C:\Windows\system32\config\systemprofile\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\system32\config\systemprofile\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temporary Internet Files\Low\Content.IE5 emptied successfully
C:\Windows\system32\config\systemprofile\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\system32\config\systemprofile\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5 emptied successfully
C:\Windows\system32\config\systemprofile\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temporary Internet Files\Low\Content.IE5 emptied successfully
C:\Windows\system32\config\systemprofile\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5 emptied successfully
C:\Windows\system32\config\systemprofile\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temporary Internet Files\Low\Content.IE5 emptied successfully
C:\Windows\system32\config\systemprofile\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5 emptied successfully
C:\Windows\system32\config\systemprofile\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temporary Internet Files\Low\Content.IE5 emptied successfully
C:\Windows\system32\config\systemprofile\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5 emptied successfully
C:\Windows\system32\config\systemprofile\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temporary Internet Files\Low\Content.IE5 emptied successfully
C:\Windows\system32\config\systemprofile\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5 emptied successfully
C:\Windows\system32\config\systemprofile\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Temporary Internet Files\Low\Content.IE5 emptied successfully
C:\Windows\system32\config\systemprofile\Local Settings\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5 emptied successfully
C:\Windows\system32\config\systemprofile\Local Settings\Application Data\Application Data\Application Data\Application Data\Temporary Internet Files\Low\Content.IE5 emptied successfully
C:\Windows\system32\config\systemprofile\Local Settings\Application Data\Application Data\Application Data\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5 emptied successfully
C:\Windows\system32\config\systemprofile\Local Settings\Application Data\Application Data\Application Data\Temporary Internet Files\Low\Content.IE5 emptied successfully
C:\Windows\system32\config\systemprofile\Local Settings\Application Data\Application Data\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5 emptied successfully
C:\Windows\system32\config\systemprofile\Local Settings\Application Data\Application Data\Temporary Internet Files\Low\Content.IE5 emptied successfully
C:\Windows\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5 emptied successfully
C:\Windows\system32\config\systemprofile\Local Settings\Application Data\Temporary Internet Files\Low\Content.IE5 emptied successfully
C:\Windows\system32\config\systemprofile\Local Settings\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5 emptied successfully
C:\Windows\system32\config\systemprofile\Local Settings\Temporary Internet Files\Low\Content.IE5 emptied successfully
C:\Users\psimoes\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat will be deleted at reboot
C:\Windows\system32\config\systemprofile\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temporary Internet Files\Content.IE5\index.dat will be deleted at reboot
C:\Windows\system32\config\systemprofile\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temporary Internet Files\Low\Content.IE5\desktop.ini will be deleted at reboot
C:\Windows\system32\config\systemprofile\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temporary Internet Files\Low\Content.IE5\index.dat will be deleted at reboot
C:\Windows\system32\config\systemprofile\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat will be deleted at reboot
C:\Windows\system32\config\systemprofile\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\desktop.ini will be deleted at reboot
C:\Windows\system32\config\systemprofile\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\index.dat will be deleted at reboot
C:\Windows\system32\config\systemprofile\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temporary Internet Files\Content.IE5\index.dat will be deleted at reboot
C:\Windows\system32\config\systemprofile\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat will be deleted at reboot
C:\Windows\system32\config\systemprofile\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temporary Internet Files\Content.IE5\index.dat will be deleted at reboot
C:\Windows\system32\config\systemprofile\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat will be deleted at reboot
C:\Windows\system32\config\systemprofile\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temporary Internet Files\Content.IE5\index.dat will be deleted at reboot
C:\Windows\system32\config\systemprofile\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat will be deleted at reboot
C:\Windows\system32\config\systemprofile\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Temporary Internet Files\Content.IE5\index.dat will be deleted at reboot
C:\Windows\system32\config\systemprofile\AppData\Local\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat will be deleted at reboot
C:\Windows\system32\config\systemprofile\AppData\Local\Application Data\Application Data\Application Data\Application Data\Temporary Internet Files\Content.IE5\index.dat will be deleted at reboot
C:\Windows\system32\config\systemprofile\AppData\Local\Application Data\Application Data\Application Data\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat will be deleted at reboot
C:\Windows\system32\config\systemprofile\AppData\Local\Application Data\Application Data\Application Data\Temporary Internet Files\Content.IE5\index.dat will be deleted at reboot
C:\Windows\system32\config\systemprofile\AppData\Local\Application Data\Application Data\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat will be deleted at reboot
C:\Windows\system32\config\systemprofile\AppData\Local\Application Data\Application Data\Temporary Internet Files\Content.IE5\index.dat will be deleted at reboot
C:\Windows\system32\config\systemprofile\AppData\Local\Application Data\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat will be deleted at reboot
C:\Windows\system32\config\systemprofile\AppData\Local\Application Data\Temporary Internet Files\Content.IE5\index.dat will be deleted at reboot
C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat will be deleted at reboot
C:\Windows\system32\config\systemprofile\AppData\Local\Temporary Internet Files\Content.IE5\index.dat will be deleted at reboot
C:\Windows\system32\config\systemprofile\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temporary Internet Files\Content.IE5\index.dat will be deleted at reboot
C:\Windows\system32\config\systemprofile\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat will be deleted at reboot
C:\Windows\system32\config\systemprofile\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temporary Internet Files\Content.IE5\index.dat will be deleted at reboot
C:\Windows\system32\config\systemprofile\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat will be deleted at reboot
C:\Windows\system32\config\systemprofile\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temporary Internet Files\Content.IE5\index.dat will be deleted at reboot
C:\Windows\system32\config\systemprofile\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat will be deleted at reboot
C:\Windows\system32\config\systemprofile\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temporary Internet Files\Content.IE5\index.dat will be deleted at reboot
C:\Windows\system32\config\systemprofile\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat will be deleted at reboot
C:\Windows\system32\config\systemprofile\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Temporary Internet Files\Content.IE5\index.dat will be deleted at reboot
C:\Windows\system32\config\systemprofile\Local Settings\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat will be deleted at reboot
C:\Windows\system32\config\systemprofile\Local Settings\Application Data\Application Data\Application Data\Application Data\Temporary Internet Files\Content.IE5\index.dat will be deleted at reboot
C:\Windows\system32\config\systemprofile\Local Settings\Application Data\Application Data\Application Data\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat will be deleted at reboot
C:\Windows\system32\config\systemprofile\Local Settings\Application Data\Application Data\Application Data\Temporary Internet Files\Content.IE5\index.dat will be deleted at reboot
C:\Windows\system32\config\systemprofile\Local Settings\Application Data\Application Data\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat will be deleted at reboot
C:\Windows\system32\config\systemprofile\Local Settings\Application Data\Application Data\Temporary Internet Files\Content.IE5\index.dat will be deleted at reboot
C:\Windows\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat will be deleted at reboot
C:\Windows\system32\config\systemprofile\Local Settings\Application Data\Temporary Internet Files\Content.IE5\index.dat will be deleted at reboot
C:\Windows\system32\config\systemprofile\Local Settings\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat will be deleted at reboot
C:\Windows\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat will be deleted at reboot
C:\Windows\system32\config\systemprofile\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temporary Internet Files\Content.IE5\index.dat will be deleted at reboot
C:\Windows\system32\config\systemprofile\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat will be deleted at reboot
C:\Windows\system32\config\systemprofile\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temporary Internet Files\Content.IE5\index.dat will be deleted at reboot
C:\Windows\system32\config\systemprofile\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat will be deleted at reboot
C:\Windows\system32\config\systemprofile\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temporary Internet Files\Content.IE5\index.dat will be deleted at reboot
C:\Windows\system32\config\systemprofile\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat will be deleted at reboot
C:\Windows\system32\config\systemprofile\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temporary Internet Files\Content.IE5\index.dat will be deleted at reboot
C:\Windows\system32\config\systemprofile\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat will be deleted at reboot
C:\Windows\system32\config\systemprofile\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Temporary Internet Files\Content.IE5\index.dat will be deleted at reboot
C:\Windows\system32\config\systemprofile\AppData\Local\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat will be deleted at reboot
C:\Windows\system32\config\systemprofile\AppData\Local\Application Data\Application Data\Application Data\Application Data\Temporary Internet Files\Content.IE5\index.dat will be deleted at reboot
C:\Windows\system32\config\systemprofile\AppData\Local\Application Data\Application Data\Application Data\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat will be deleted at reboot
C:\Windows\system32\config\systemprofile\AppData\Local\Application Data\Application Data\Application Data\Temporary Internet Files\Content.IE5\index.dat will be deleted at reboot
C:\Windows\system32\config\systemprofile\AppData\Local\Application Data\Application Data\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat will be deleted at reboot
C:\Windows\system32\config\systemprofile\AppData\Local\Application Data\Application Data\Temporary Internet Files\Content.IE5\index.dat will be deleted at reboot
C:\Windows\system32\config\systemprofile\AppData\Local\Application Data\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat will be deleted at reboot
C:\Windows\system32\config\systemprofile\AppData\Local\Application Data\Temporary Internet Files\Content.IE5\index.dat will be deleted at reboot
C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat will be deleted at reboot
C:\Windows\system32\config\systemprofile\AppData\Local\Temporary Internet Files\Content.IE5\index.dat will be deleted at reboot
C:\Windows\system32\config\systemprofile\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temporary Internet Files\Content.IE5\index.dat will be deleted at reboot
C:\Windows\system32\config\systemprofile\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat will be deleted at reboot
C:\Windows\system32\config\systemprofile\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temporary Internet Files\Content.IE5\index.dat will be deleted at reboot
C:\Windows\system32\config\systemprofile\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat will be deleted at reboot
C:\Windows\system32\config\systemprofile\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temporary Internet Files\Content.IE5\index.dat will be deleted at reboot
C:\Windows\system32\config\systemprofile\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat will be deleted at reboot
C:\Windows\system32\config\systemprofile\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temporary Internet Files\Content.IE5\index.dat will be deleted at reboot
C:\Windows\system32\config\systemprofile\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat will be deleted at reboot
C:\Windows\system32\config\systemprofile\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Temporary Internet Files\Content.IE5\index.dat will be deleted at reboot
C:\Windows\system32\config\systemprofile\Local Settings\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat will be deleted at reboot
C:\Windows\system32\config\systemprofile\Local Settings\Application Data\Application Data\Application Data\Application Data\Temporary Internet Files\Content.IE5\index.dat will be deleted at reboot
C:\Windows\system32\config\systemprofile\Local Settings\Application Data\Application Data\Application Data\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat will be deleted at reboot
C:\Windows\system32\config\systemprofile\Local Settings\Application Data\Application Data\Application Data\Temporary Internet Files\Content.IE5\index.dat will be deleted at reboot
C:\Windows\system32\config\systemprofile\Local Settings\Application Data\Application Data\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat will be deleted at reboot
C:\Windows\system32\config\systemprofile\Local Settings\Application Data\Application Data\Temporary Internet Files\Content.IE5\index.dat will be deleted at reboot
C:\Windows\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat will be deleted at reboot
C:\Windows\system32\config\systemprofile\Local Settings\Application Data\Temporary Internet Files\Content.IE5\index.dat will be deleted at reboot
C:\Windows\system32\config\systemprofile\Local Settings\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat will be deleted at reboot
C:\Windows\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat will be deleted at reboot

==== Empty FireFox Cache ======================

C:\Users\psimoes\AppData\Local\Mozilla\Firefox\Profiles\9yk1vrhk.default\cache2 emptied successfully

==== Empty Chrome Cache ======================

C:\Users\psimoes\AppData\Local\Opera Software\Opera Stable\Cache emptied successfully
C:\Users\psimoes\AppData\Local\Google\Chrome\User Data\Default\Cache emptied successfully

==== Empty All Flash Cache ======================

Flash Cache Emptied Successfully

==== Empty All Java Cache ======================

Java Cache cleared successfully

==== C:\zoek_backup content ======================

C:\zoek_backup (files=4040 folders=64 41490763 bytes)

==== Empty Temp Folders ======================

C:\Users\Default\AppData\Local\temp emptied successfully
C:\Users\Default User\AppData\Local\temp emptied successfully
C:\Users\Guest\AppData\Local\temp emptied successfully
C:\Users\psimoes\AppData\Local\temp will be emptied at reboot
C:\Users\Public\AppData\Local\temp emptied successfully
C:\Users\torrents\AppData\Local\temp emptied successfully
C:\Windows\serviceprofiles\networkservice\AppData\Local\Temp emptied successfully
C:\Windows\serviceprofiles\Localservice\AppData\Local\Temp emptied successfully
C:\Windows\Temp will be emptied at reboot

 

[jmarket]

I will have @Malnutrition and @DonnaB analyze your FRST log. In the meantime, how is your system running right now?

 

[jmarket]

I see some concerns in your log file regarding adware.

We will need a log from AdwCleaner for further information.

Please download a copy of AdwCleaner from HERE, it is important to download it to your desktop.

Once downloaded to the desktop AdwCleaner will create an icon

Should you receive any security warnings or your User Account Control warning appears whilst you are using this application you can safely allow AdwCleaner to continue.

Before running AdwCleaner please ensure all other programs and browsers are closed, then double left click the icon to open it.

AdwCleaner will open, click the scan button to start searching.

The scan may take some time to complete, and when it has any malware found will be automatically selected for quarantining. Click the "Cleaning" button.

After a few seconds a message should tell you your computer will now reboot. Allow the reboot.

When the computer restarts a log file will be displayed, but if its closed for any reason before copying the contents, you will find a copy of the file if you navigate to C:\AdwCleaner[s#].txt

Please Copy and Paste the contents of the log file with your next reply.

 

[paulwb]

I will have @Malnutrition analyze your FRST log. In the meantime, how is your system running right now?

Thank you.
I've opened all browsers and various websites, none have crashed so far.
However, pages load slow, as if struggling with graphics content. PC boot time is also much slower.

 

[paulwb]

Here are the AdwCleaner log files C3 & S3 ...

# AdwCleaner v6.030 - Logfile created 14/11/2016 at 19:13:34
# Updated on 19/10/2016 by Malwarebytes
# Database : 2016-11-14.1 [Server]
# Operating System : Windows Vista (TM) Home Premium Service Pack 2 (X86)
# Username : psimoes - PS-TOSHIBA
# Running from : C:\Users\psimoes\Desktop\adwcleaner_6.030.exe
# Mode: Clean
# Support : hxxps://www.malwarebytes.com/support

***** [ Services ] *****

***** [ Folders ] *****

[-] Folder deleted: C:\Users\psimoes\AppData\Local\Google\Chrome\User Data\Default\Extensions\oadboiipflhobonjjffjbfekfjcgkhco

***** [ Files ] *****

[-] File deleted: C:\Users\psimoes\AppData\Roaming\Mozilla\Firefox\Profiles\9yk1vrhk.default\extensions\{B821BF60-5C2D-41EB-92DC-3E4CCD3A22E4}.xpi
[-] File deleted: C:\Users\torrents\AppData\Roaming\Mozilla\Firefox\Profiles\z9ph3vjm.default\extensions\{B821BF60-5C2D-41EB-92DC-3E4CCD3A22E4}.xpi
[-] File deleted: C:\Users\Guest\AppData\Roaming\Mozilla\Firefox\Profiles\hnnfnerz.default\extensions\{B821BF60-5C2D-41EB-92DC-3E4CCD3A22E4}.xpi

***** [ DLL ] *****

***** [ WMI ] *****

***** [ Shortcuts ] *****

***** [ Scheduled Tasks ] *****

***** [ Registry ] *****

[-] Key deleted: HKLM\SOFTWARE\Classes\PCSuiteContactsView
[-] Key deleted: HKLM\SOFTWARE\Classes\PCSuiteMessagesView
[-] Key deleted: HKLM\SOFTWARE\Classes\protector_dll.Protector
[-] Key deleted: HKLM\SOFTWARE\Classes\protector_dll.Protector.1
[-] Key deleted: HKLM\SOFTWARE\Classes\protector_dll.ProtectorLib
[-] Key deleted: HKLM\SOFTWARE\Classes\protector_dll.ProtectorLib.1


***** [ Web browsers ] *****

[-] Chrome preferences cleaned: "extensions.wrc.SearchRules.rambler.ru.url" - "^hxxp\\:\\/\\/nova\\.rambler\\.ru\\/.+"
[-] [C:\Users\psimoes\AppData\Local\Google\Chrome\User Data\Default\Web data] [Search Provider] Deleted: www.yahoo.com
[-] [C:\Users\psimoes\AppData\Local\Google\Chrome\User Data\Default\Web data] [Search Provider] Deleted: ask.com
[-] [C:\Users\psimoes\AppData\Local\Google\Chrome\User Data\Default\Web data] [Search Provider] Deleted: pricegrabber.com
[-] [C:\Users\psimoes\AppData\Local\Google\Chrome\User Data\Default\Web data] [Search Provider] Deleted: fido.ca
[-] [C:\Users\psimoes\AppData\Local\Google\Chrome\User Data\Default\Web data] [Search Provider] Deleted: okayfreedom.en.softonic.com
[-] [C:\Users\psimoes\AppData\Local\Google\Chrome\User Data\Default\Web data] [Search Provider] Deleted: debut-video-capture.en.softonic.com
[-] [C:\Users\psimoes\AppData\Local\Google\Chrome\User Data\Default] [extension] Deleted: oadboiipflhobonjjffjbfekfjcgkhco

*************************

:: "Tracing" keys deleted
:: Winsock settings cleared

*************************

C:\AdwCleaner\AdwCleaner[C2].txt - [1330 Bytes] - [30/08/2015 17:02:57]
C:\AdwCleaner\AdwCleaner[C3].txt - [2808 Bytes] - [14/11/2016 19:13:34]
C:\AdwCleaner\AdwCleaner[R0].txt - [2362 Bytes] - [07/06/2015 17:30:00]
C:\AdwCleaner\AdwCleaner[S0].txt - [2470 Bytes] - [07/06/2015 17:45:56]
C:\AdwCleaner\AdwCleaner[S2].txt - [14422 Bytes] - [30/08/2015 16:51:48]
C:\AdwCleaner\AdwCleaner[S3].txt - [3218 Bytes] - [14/11/2016 18:41:11]

########## EOF - C:\AdwCleaner\AdwCleaner[C3].txt - [3174 Bytes] ##########

# AdwCleaner v6.030 - Logfile created 14/11/2016 at 18:41:11
# Updated on 19/10/2016 by Malwarebytes
# Database : 2016-11-14.1 [Server]
# Operating System : Windows Vista (TM) Home Premium Service Pack 2 (X86)
# Username : psimoes - PS-TOSHIBA
# Running from : C:\Users\psimoes\Desktop\adwcleaner_6.030.exe
# Mode: Scan
# Support : https://www.malwarebytes.com/support

***** [ Services ] *****

No malicious services found.
***** [ Folders ] *****

Folder Found: C:\Users\psimoes\AppData\Local\Google\Chrome\User Data\Default\Extensions\oadboiipflhobonjjffjbfekfjcgkhco

***** [ Files ] *****

File Found: C:\Users\psimoes\AppData\Roaming\Mozilla\Firefox\Profiles\9yk1vrhk.default\extensions\{B821BF60-5C2D-41EB-92DC-

3E4CCD3A22E4}.xpi
File Found: C:\Users\torrents\AppData\Roaming\Mozilla\Firefox\Profiles\z9ph3vjm.default\extensions\{B821BF60-5C2D-41EB-92DC-

3E4CCD3A22E4}.xpi
File Found: C:\Users\Guest\AppData\Roaming\Mozilla\Firefox\Profiles\hnnfnerz.default\extensions\{B821BF60-5C2D-41EB-92DC-

3E4CCD3A22E4}.xpi

***** [ DLL ] *****

No malicious DLLs found.

***** [ WMI ] *****

No malicious keys found.

***** [ Shortcuts ] *****

No infected shortcut found.

***** [ Scheduled Tasks ] *****

No malicious task found.

***** [ Registry ] *****

Key Found: HKLM\SOFTWARE\Classes\PCSuiteContactsView
Key Found: HKLM\SOFTWARE\Classes\PCSuiteMessagesView
Key Found: HKLM\SOFTWARE\Classes\protector_dll.Protector
Key Found: HKLM\SOFTWARE\Classes\protector_dll.Protector.1
Key Found: HKLM\SOFTWARE\Classes\protector_dll.ProtectorLib
Key Found: HKLM\SOFTWARE\Classes\protector_dll.ProtectorLib.1

***** [ Web browsers ] *****

Firefox pref Found: [C:\Users\torrents\AppData\Roaming\Mozilla\Firefox\Profiles\z9ph3vjm.default\prefs.js] -

"extensions.wrc.SearchRules.rambler.ru.url" - "^hxxp\\:\\/\\/nova\\.rambler\\.ru\\/.+"
Chrome pref Found: [C:\Users\psimoes\AppData\Local\Google\Chrome\User Data\Default\Web data] - www.yahoo.com
Chrome pref Found: [C:\Users\psimoes\AppData\Local\Google\Chrome\User Data\Default\Web data] - ask.com
Chrome pref Found: [C:\Users\psimoes\AppData\Local\Google\Chrome\User Data\Default\Web data] - pricegrabber.com
Chrome pref Found: [C:\Users\psimoes\AppData\Local\Google\Chrome\User Data\Default\Web data] - fido.ca
Chrome pref Found: [C:\Users\psimoes\AppData\Local\Google\Chrome\User Data\Default\Web data] - okayfreedom.en.softonic.com
Chrome pref Found: [C:\Users\psimoes\AppData\Local\Google\Chrome\User Data\Default\Web data] - debut-video-capture.en.softonic.com
Chrome pref Found: [C:\Users\psimoes\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences ] - oadboiipflhobonjjffjbfekfjcgkhco

*************************

C:\AdwCleaner\AdwCleaner[C2].txt - [1330 Bytes] - [30/08/2015 17:02:57]
C:\AdwCleaner\AdwCleaner[R0].txt - [2362 Bytes] - [07/06/2015 17:30:00]
C:\AdwCleaner\AdwCleaner[S0].txt - [2470 Bytes] - [07/06/2015 17:45:56]
C:\AdwCleaner\AdwCleaner[S2].txt - [14422 Bytes] - [30/08/2015 16:51:48]
C:\AdwCleaner\AdwCleaner[S3].txt - [3066 Bytes] - [14/11/2016 18:41:11]

########## EOF - C:\AdwCleaner\AdwCleaner[S3].txt - [3139 Bytes] ##########

 

[jmarket]

Reboot your computer and see if it pages render faster now Sometimes it may take another reboot for the cache to rebuild. That's probably why you're experiencing slowness.

 

[paulwb]

It's a little better. From start up to the login screen ~ 3m 15s, from login to desktop icons appearing etc ~ 2m.

Several of the detected files found in the ZHP scan ( 33 found in total ) also appeared in the AdwCleaner scan run aftwards, 18 bugs found. So the ZHP repair did not work completely. It ran quite slowly during the repair phase and appeared to be "fighting" another process.

I don't think the malware is completely gone..... maybe run AdwCleaner again, but in Safe Mode?
What do you recommend?

 

[jmarket]

Go ahead and run Adwcleaner again and post its log files

 

[paulwb]

OK, here they are... the files in the Web Browsers section were previously deleted but are showing up again.

# AdwCleaner v6.030 - Logfile created 15/11/2016 at 09:59:13
# Updated on 19/10/2016 by Malwarebytes
# Database : 2016-11-15.1 [Server]
# Operating System : Windows Vista (TM) Home Premium Service Pack 2 (X86)
# Username : psimoes - PS-TOSHIBA
# Running from : C:\Users\psimoes\Desktop\adwcleaner_6.030.exe
# Mode: Clean
# Support : hxxps://www.malwarebytes.com/support

***** [ Services ] *****

***** [ Folders ] *****

***** [ Files ] *****

***** [ DLL ] *****

***** [ WMI ] *****

***** [ Shortcuts ] *****

***** [ Scheduled Tasks ] *****

***** [ Registry ] *****

***** [ Web browsers ] *****

[-] [C:\Users\psimoes\AppData\Local\Google\Chrome\User Data\Default\Web data] [Search Provider] Deleted: pricegrabber.com
[-] [C:\Users\psimoes\AppData\Local\Google\Chrome\User Data\Default\Web data] [Search Provider] Deleted: fido.ca
[-] [C:\Users\psimoes\AppData\Local\Google\Chrome\User Data\Default\Web data] [Search Provider] Deleted: www.yahoo.com
[-] [C:\Users\psimoes\AppData\Local\Google\Chrome\User Data\Default\Web data] [Search Provider] Deleted: ask.com
[-] [C:\Users\psimoes\AppData\Local\Google\Chrome\User Data\Default\Web data] [Search Provider] Deleted: okayfreedom.en.softonic.com
[-] [C:\Users\psimoes\AppData\Local\Google\Chrome\User Data\Default\Web data] [Search Provider] Deleted: debut-video-capture.en.softonic.com
[-] [C:\Users\psimoes\AppData\Local\Google\Chrome\User Data\Default] [extension] Deleted: oadboiipflhobonjjffjbfekfjcgkhco


*************************

:: "Tracing" keys deleted
:: Winsock settings cleared

*************************

C:\AdwCleaner\AdwCleaner[C2].txt - [1330 Bytes] - [30/08/2015 17:02:57]
C:\AdwCleaner\AdwCleaner[C3].txt - [3253 Bytes] - [14/11/2016 19:13:34]
C:\AdwCleaner\AdwCleaner[C4].txt - [1803 Bytes] - [15/11/2016 09:59:13]
C:\AdwCleaner\AdwCleaner[R0].txt - [2362 Bytes] - [07/06/2015 17:30:00]
C:\AdwCleaner\AdwCleaner[S0].txt - [2470 Bytes] - [07/06/2015 17:45:56]
C:\AdwCleaner\AdwCleaner[S2].txt - [14422 Bytes] - [30/08/2015 16:51:48]
C:\AdwCleaner\AdwCleaner[S3].txt - [3218 Bytes] - [14/11/2016 18:41:11]
C:\AdwCleaner\AdwCleaner[S4].txt - [2401 Bytes] - [15/11/2016 09:57:13]

########## EOF - C:\AdwCleaner\AdwCleaner[C4].txt - [2242 Bytes] ##########

 

[jmarket]

To eliminate any further malware, please do the following:

Please download the free trial of Zemana HERE. Save it to somewhere you can find, double click the downloaded file and start the installation. Accept the default install options and you can safely ignore any security warnings and allow Accept the default install options and you can safely ignore any security warnings and allow Zemana to complete the install. Once completed click the new desktop icon

to open the program. If Zemana opens and informs of any available updates allow it to so. Next change Zemana's default from "Smart Scan" to Deep Scan as shown below.

Then click scan

When the scan is complete allow Zemana to Quarantine any infections found by clicking Next

Once the infections are quarantined a message box will indicate success, then click the logs icon as below.

Select the latest scan and choose Open Report from the upper menu. or simply double left click on the scan just run.

The log will open as a text file. Please Copy and Paste the contents of that file in your next post

We need you to run Malwarebytes Anti-Malware (MBAM) to get a log. Please download the free version of Malwarebytes HERE

Save the file to somewhere you can easily find it. Double click the saved file to start the install, accept any security warnings that may appear and after the install click the new desktop icon

to start the program. We need to modify a couple of things with MalwareBytes before we use it so please follow the steps below.

• If the dashboard is not already displayed select it.

• Then select Update to get the latest definition database.

• Next we need to change a scanning option, select Settings on the main menu

• Then Detection and Protection on the left.

• Then select Scan for rootkits in the detection options, as well as the other two options already checked.

Now return to Dashboard on the main menu and select Scan Now at the bottom of the screen.

• Allow Malwarebytes to scan your system. It may take some time depending on how much data loaded onto your hard drive. When the scan is finished any threats will be listed for action. Ensure all threats are selected, and click Remove Selected

A dialogue box may open and ask to restart the computer, if so select Yes

Once the computer restarts open Malwarebytes again and select History on the menu bar, Application logs, then click the scan just completed, then click Export, choose text file. Name the text file and select a location, preferably the desktop and close Malwarebytes.

Please copy and paste the contents of the text file in your next post

 

[paulwb]

Hi jmarket,
All of the images you posted are broken and not being displayed.
How do you switch from Smart Scan to Deep Scan in Zemana? i've checked all over and don't see the option.
Did a quick search online & ver 2.15 shows the option to select Smart or Deep Scan on the lower right hand side of screen just above the Scan button.

i'm running the Smart Scan now... Zemana ver 2.60.189.1

 

[Malnutrition]

Alright, after you have completed the Zemana Scan, & Malwarebytes please re-run FRST so that I can get a fresh look at your machine. Jmarket has taken care of the scans that I usually have folks run, so we will clean up with FRST script.... anything that remains.

Please re-run Farbar Recovery Scan Tool to give me a fresh look at your system.

• Right-click on FRST icon and select Run as Administrator to start the tool.
  (XP users click run after receipt of Windows Security Warning - Open File).
• Make sure that Addition option is checked.
• Press Scan button and wait.
• The tool will produce two logfiles on your desktop: FRST.txt, and Addition.txt.

Please Copy & Paste them into your next reply

 

[paulwb]

Hi jmarket,
Below are logfiles for the Zemana & Malwarebytes scans ...

** Interesting funky fonts at the bottom of the Zemana logfile .... it's Chinese to me.

Zemana AntiMalware 2.60.189.1 (Installed)

-------------------------------------------------------
Scan Result : Completed
Scan Date : 2016/11/15
Operating System : Windows Vista 32-bit
Processor : 2X Intel(R) Core(TM)2 Duo CPU T5550 @ 1.83GHz
BIOS Mode : Legacy
CUID : 1227DE929AEA1593147883
Scan Type : Smart Scan
Duration : 29m 26s
Scanned Objects : 109751
Detected Objects : 5
Excluded Objects : 0
Read Level : SCSI
Auto Upload : Enabled
Detect All Extensions : Disabled
Scan Documents : Disabled
Domain Info : PS WORKGROUP,0,2

Detected Objects
-------------------------------------------------------

Shell Execute Hooks
Status : Scanned
Object : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\EnableShellExecuteHooks
MD5 : -
Publisher : -
Size : -
Version : -
Detection : Suspicious Setting
Cleaning Action : Delete
Related Objects :
Registry Entry - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\EnableShellExecuteHooks = enabled

Tabs Hijack (System)
Status : Scanned
Object : HKLM\SOFTWARE\Microsoft\Internet Explorer\AboutURLs\Tabs
MD5 : -
Publisher : -
Size : -
Version : -
Detection : Suspicious Setting
Cleaning Action : Repair
Related Objects :
Registry Entry - HKLM\SOFTWARE\Microsoft\Internet Explorer\AboutURLs\Tabs = about:newtab

StartPage Search Engine
Status : Scanned
Object : %localappdata%\google\chrome\user data\default\extensions\choepknhbopmendmnohbaemeaeemnaom
MD5 : -
Publisher : -
Size : -
Version : -
Detection : PUA.ChromeExt!Gr
Cleaning Action : Repair
Related Objects :
Browser Extension - StartPage Search Engine

panda_url_filtering.dll
Status : Scanned
Object : %programfiles%\panda security url filtering\panda_url_filtering.dll
MD5 : 6F5328EA41BE4C1AD4D52283182AFF03
Publisher : Visicom Media Inc.
Size : 339464
Version : 1.0.1.127
Detection : Adware:Win32/VisicomToolbar!Ep
Cleaning Action : Quarantine
Related Objects :
File - %programfiles%\panda security url filtering\panda_url_filtering.dll
DLL - 2368 - C:\Windows\System32\dwm.exe
DLL - 2376 - C:\Windows\explorer.exe
DLL - 5292 - C:\Program Files\Toshiba\ConfigFree\NDSTray.exe
DLL - 4780 - C:\Program Files\Belkin\Router Setup and Monitor\dlnaPlugin.exe
DLL - 3260 - C:\Program Files\Belkin\Router Setup and Monitor\BelkinSetup.exe
DLL - 6060 - C:\Program Files\Belkin\Belkin USB Print and Storage Center\Connect.exe
DLL - 3332 - C:\Program Files\Toshiba\ConfigFree\CFSwMgr.exe
DLL - 4396 - C:\Program Files\Panda Security URL Filtering\Panda_URL_Filtering.exe
DLL - 4220 - C:\Program Files\Panda Security\Panda Security Protection\PSUAMain.exe
DLL - 6024 - C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
DLL - 5992 - C:\Program Files\Belkin\Router Setup and Monitor\BelkinRouterMonitor.exe
DLL - 4436 - C:\Windows\System32\wuauclt.exe
DLL - 4152 - C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe

Panda_URL_Filtering.exe
Status : Scanned
Object : %programfiles%\panda security url filtering\panda_url_filtering.exe
MD5 : 2E6D56B8F807914E6777982CF961AE2A
Publisher : Visicom Media Inc.
Size : 254472
Version : 1.0.1.127
Detection : Adware:Win32/VisicomToolbar!Ep
Cleaning Action : Quarantine
Related Objects :
File - %programfiles%\panda security url filtering\panda_url_filtering.exe
Process - 4396 - C:\Program Files\Panda Security URL Filtering\Panda_URL_Filtering.exe
Registry Entry - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Panda Security URL Filtering = "C:\Program Files\Panda Security URL Filtering\Panda_URL_Filtering.exe"

界Ē畴Ē渜Ĉ疜Ē痄ĒĆ痬Ē瘔Ē瘼Ē湌Ĉ湼ĈĆ셬ĕ迤ďĆĆĒĆ癤ĒĆĆ溬Ĉ฼đ솴ĕ逜ď滜Ĉ皌Ē�Đ�Đ�Đ쇼ĕ達ď邌ď�Đ�ĐĆĆ✴Đ쉄ĕ皴ĒĆĆĆĆ盜Ē眄Ē郄ď郼ď漌Ĉ漼Ĉ潬Ĉ眬Ē䅜Ė�Đ澜ĈĒĆ濌Ĉ鄴ď睔Ē睼Ē酬ď�ĐĆ瞤ĒĆ濼Ĉ瀬ĈĆ醤ď釜ď灜Ĉ炌Ĉ炼Ĉ烬ĈĆ焜ĈĆ煌ĈĆ矌Ē矴Ē鈔ďĆĆĆ砜Ē硄Ē煼Ĉ熬Ĉ燜Ĉ爌Ĉ硬Ē爼Ĉ牬Ĉ碔Ē犜Ĉ鉌ď銄ď碼Ē磤Ē礌Ē礴Ē狌Ĉ�Đ祜Ē禄Ē狼Ĉ禬Ē猬Ĉ獜Ĉ秔ĒĆ玌Ĉ秼ĒĒ稤Ē穌Ē穴Ē窜ĒĆ竄Ē竬Ē銼ď鋴ďĆĆĆĆĆĆĆĆĆĆĆĆĆĆĆĆ笔ĒĆĒĆĆ笼Ē筤Ē

==========================================================================================================
Malwarebytes Anti-Malware
www.malwarebytes.org

Scan Date: 15/11/2016
Scan Time: 4:05:19 PM
Logfile: 2016.11.15_MBytes.Results.txt
Administrator: Yes

Version: 2.2.1.1043
Malware Database: v2016.11.15.13
Rootkit Database: v2016.10.31.01
License: Free
Malware Protection: Disabled
Malicious Website Protection: Disabled
Self-protection: Disabled

OS: Windows Vista Service Pack 2
CPU: x86
File System: NTFS
User: psimoes

Scan Type: Threat Scan
Result: Completed
Objects Scanned: 360867
Time Elapsed: 48 min, 22 sec

Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Enabled
Heuristics: Enabled
PUP: Warn
PUM: Enabled

Processes: 0
(No malicious items detected)

Modules: 0
(No malicious items detected)

Registry Keys: 0
(No malicious items detected)

Registry Values: 0
(No malicious items detected)

Registry Data: 0
(No malicious items detected)

Folders: 0
(No malicious items detected)

Files: 0
(No malicious items detected)

Physical Sectors: 0
(No malicious items detected)


(end)

 

[paulwb]

Alright, after you have completed the Zemana Scan, & Malwarebytes please re-run FRST so that I can get a fresh look at your machine. Jmarket has taken care of the scans that I usually have folks run, so we will clean up with FRST script.... anything that remains.

Please re-run Farbar Recovery Scan Tool to give me a fresh look at your system.

• Right-click on FRST icon and select Run as Administrator to start the tool.
  (XP users click run after receipt of Windows Security Warning - Open File).
• Make sure that Addition option is checked.
• Press Scan button and wait.
• The tool will produce two logfiles on your desktop: FRST.txt, and Addition.txt.

Please Copy & Paste them into your next reply

Hi Malnutrition,

WOW, Chrome is loading faster than I can remember for this old PC ....

Below are the FRST logs ....

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 12-11-2016
Ran by psimoes (administrator) on PS-TOSHIBA (15-11-2016 17:33:19)
Running from C:\Users\psimoes\Desktop
Loaded Profiles: psimoes (Available Profiles: psimoes & torrents & Guest)
Platform: Microsoft® Windows Vista™ Home Premium Service Pack 2 (X86) Language: English (United States)
Internet Explorer Version 8 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(AuthenTec Inc.) C:\Windows\System32\TAMSvr.exe
(ATI Technologies Inc.) C:\Windows\System32\Ati2evxx.exe
(Microsoft Corporation) C:\Windows\System32\SLsvc.exe
(ATI Technologies Inc.) C:\Windows\System32\Ati2evxx.exe
(Emsisoft GmbH) C:\Program Files\Online Armor\OAcat.exe
(Affinegy, Inc.) C:\Program Files\Belkin\Router Setup and Monitor\BelkinService.exe
(Agere Systems) C:\Windows\System32\agrsmsvc.exe
(AOMEI Tech Co., Ltd.) C:\Program Files\AOMEI Backupper Standard Edition 2.0.2\ABService.exe
() C:\Program Files\Belkin\Belkin USB Print and Storage Center\BkBackupScheduler.exe
() C:\Program Files\Belkin\Belkin USB Print and Storage Center\Bkapcs.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(TOSHIBA CORPORATION) C:\Program Files\Toshiba\ConfigFree\CFSvcs.exe
(Microsoft Corporation) C:\Windows\ehome\ehrecvr.exe
(Microsoft Corporation) C:\Windows\ehome\ehsched.exe
(Intel Corporation) C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
(Panda Security, S.L.) C:\Program Files\Panda Security\Panda Security Protection\PSANHost.exe
(Panda Security, S.L.) C:\Program Files\Panda Security\Panda Devices Agent\AgentSvc.exe
() C:\Program Files\HTC\Internet Pass-Through\PassThruSvr.exe
() C:\Toshiba\IVP\ISM\pinger.exe
(Panda Security, S.L.) C:\Program Files\Panda Security\Panda Security Protection\PSUAService.exe
(Intel Corporation) C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
() C:\Toshiba\IVP\swupdate\swupdtmr.exe
(TOSHIBA Corporation) C:\Program Files\Toshiba\TOSHIBA DVD PLAYER\TNaviSrv.exe
(TOSHIBA Corporation) C:\Program Files\Toshiba\Power Saver\TosCoSrv.exe
(TOSHIBA CORPORATION) C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe
(TOSHIBA Corporation) C:\Program Files\Toshiba\SMARTLogService\TosIPCSrv.exe
(Microsoft Corporation) C:\Windows\System32\UI0Detect.exe
(Ulead Systems, Inc.) C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
(Microsoft Corp.) C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE
(Microsoft Corp.) C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE
(Zemana Ltd.) C:\Program Files\Zemana AntiMalware\ZAM.exe
(Zemana Ltd.) C:\Program Files\Zemana AntiMalware\ZAM.exe
(Realtek Semiconductor) C:\Windows\RtHDVCpl.exe
(AuthenTec, Inc) C:\Program Files\TrueSuite Access Manager\FpNotifier.exe
(Advanced Micro Devices Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(Arachnoid Biometrics Identification Group) C:\Program Files\TrueSuite Access Manager\PwdBank.exe
(Synaptics, Inc.) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(TOSHIBA CORPORATION) C:\Program Files\Toshiba\ConfigFree\NDSTray.exe
() C:\Program Files\TrueSuite Access Manager\usbnotify.exe
(Affinegy, Inc.) C:\Program Files\Belkin\Router Setup and Monitor\BelkinRouterMonitor.exe
(Panda Security, S.L.) C:\Program Files\Panda Security\Panda Security Protection\PSUAMain.exe
(Arachnoid Biometrics Identification Group Corp.) C:\Program Files\TrueSuite Access Manager\CssSvr.exe
(Zemana Ltd.) C:\Program Files\Zemana AntiMalware\ZAM.exe
() C:\Program Files\Toshiba\TOSCDSPD\TOSCDSPD.exe
(TOSHIBA CORPORATION) C:\Program Files\Toshiba\ConfigFree\CFSwMgr.exe
(Belkin International, Inc.) C:\Program Files\Belkin\Belkin USB Print and Storage Center\Connect.exe
(Affinegy, Inc.) C:\Program Files\Belkin\Router Setup and Monitor\BelkinSetup.exe
(Affinegy, Inc.) C:\Program Files\Belkin\Router Setup and Monitor\dlnaPlugin.exe
(ATI Technologies Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(Synaptics, Inc.) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Crystal Dew World) C:\Users\psimoes\Desktop\AntiV\CrystalDiskInfo6_2_2\DiskInfo.exe
(Microsoft Corporation) C:\Windows\System32\wuauclt.exe
(Malwarebytes) C:\Program Files\Malwarebytes Anti-Malware\mbamresearch.exe
(Microsoft Corporation) C:\Windows\System32\conime.exe


==================== Registry (Whitelisted) ====================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [StartCCC] => C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [90112 2006-11-10] ()
HKLM\...\Run: [RtHDVCpl] => C:\Windows\RtHDVCpl.exe [4911104 2008-01-29] (Realtek Semiconductor)
HKLM\...\Run: [Camera Assistant Software] => C:\Program Files\Camera Assistant Software for Toshiba\traybar.exe [413696 2007-10-25] (Chicony)
HKLM\...\Run: [FingerPrintNotifer] => C:\Program Files\TrueSuite Access Manager\FpNotifier.exe [671744 2008-01-24] (AuthenTec, Inc)
HKLM\...\Run: [PwdBank] => C:\Program Files\TrueSuite Access Manager\PwdBank.exe [3150848 2008-02-01] (Arachnoid Biometrics Identification Group)
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [1348904 2008-08-14] (Synaptics, Inc.)
HKLM\...\Run: [NDSTray.exe] => NDSTray.exe
HKLM\...\Run: [@OnlineArmor GUI] => C:\Program Files\Online Armor\OAui.exe [7558464 2013-10-15] (Emsisoft GmbH)
HKLM\...\Run: [UsbMonitor] => C:\Program Files\TrueSuite Access Manager\usbnotify.exe [94208 2007-06-05] ()
HKLM\...\Run: [InstaLAN] => C:\Program Files\Belkin\Router Setup and Monitor\BelkinRouterMonitor.exe [1885088 2012-02-23] (Affinegy, Inc.)
HKLM\...\Run: [SunJavaUpdateSched] => C:\Program Files\Common Files\Java\Java Update\jusched.exe [256896 2014-07-25] (Oracle Corporation)
HKLM\...\Run: [PSUAMain] => C:\Program Files\Panda Security\Panda Security Protection\PSUAMain.exe [109824 2016-08-04] (Panda Security, S.L.)
HKLM\...\Run: [ZAM] => C:\Program Files\Zemana AntiMalware\ZAM.exe [13900016 2016-11-09] (Zemana Ltd.)
HKLM\...\Policies\Explorer: [EnableShellExecuteHooks] 1
HKU\S-1-5-21-3399307451-3074549587-1771456082-1000\...\Run: [TOSCDSPD] => C:\Program Files\TOSHIBA\TOSCDSPD\TOSCDSPD.exe [430080 2008-01-29] ()
HKU\S-1-5-21-3399307451-3074549587-1771456082-1000\...\Run: [swg] => C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [39408 2009-02-16] (Google Inc.)
HKU\S-1-5-21-3399307451-3074549587-1771456082-1000\...\Run: [cdloader] => C:\Users\psimoes\AppData\Roaming\mjusbsp\cdloader2.exe [51592 2014-07-04] (magicJack L.P.)
HKU\S-1-5-21-3399307451-3074549587-1771456082-1000\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner.exe [6495144 2015-09-16] (Piriform Ltd)
HKU\S-1-5-21-3399307451-3074549587-1771456082-1000\...\Run: [Adobe Reader Synchronizer] => C:\Program Files\Adobe\Reader 10.0\Reader\AdobeCollabSync.exe [1104288 2015-09-24] (Adobe Systems Incorporated)
HKU\S-1-5-18\...\Policies\system: [LogonHoursAction] 2
HKU\S-1-5-18\...\Policies\system: [DontDisplayLogonHoursWarnings] 1
ShellExecuteHooks: OA Shell Helper - {4F07DA45-8170-4859-9B5F-037EF2970034} - C:\Program Files\Online Armor\oaevent.dll [1033968 2013-10-15] (Emsisoft GmbH)
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => No File
ShellIconOverlayIdentifiers: [IconOvrly1] -> {A4EEBF66-92EB-4F2A-9F1E-2F6D14B30DA6} => C:\Program Files\TrueSuite Access Manager\IconOvrly.dll [2007-04-20] (Arachnoid Biometrics Identification Group Corp.)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Winsock: Catalog5 07 C:\Program Files\Bonjour\mdnsNSP.dll [152864 2010-07-27] (Apple Inc.)
Tcpip\Parameters: [DhcpNameServer] 192.168.2.1
Tcpip\..\Interfaces\{1D540E3C-1399-47A6-BADF-78CB0BFC08EB}: [NameServer] 208.67.222.222,208.67.220.220
Tcpip\..\Interfaces\{1D540E3C-1399-47A6-BADF-78CB0BFC08EB}: [DhcpNameServer] 192.168.2.1
Tcpip\..\Interfaces\{3B2222F8-C9A7-46A7-97F5-F8C4C87BF2CD}: [DhcpNameServer] 192.168.2.1

Internet Explorer:
==================
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKU\S-1-5-21-3399307451-3074549587-1771456082-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
HKU\S-1-5-21-3399307451-3074549587-1771456082-1000\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
URLSearchHook: [S-1-5-21-3399307451-3074549587-1771456082-1000] ATTENTION => Default URLSearchHook is missing
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-3399307451-3074549587-1771456082-1000 -> {012E1000-F331-11DB-8314-0800200C9A66} URL = hxxp://www.google.com/search?q={searchTerms}
BHO: SnagIt Toolbar Loader -> {00C6482D-C502-44C8-8409-FCE54AD9C208} -> C:\Program Files\TechSmith\SnagIt 9\SnagItBHO.dll [2008-05-15] (TechSmith Corporation)
BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll [2006-10-27] (Microsoft Corporation)
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre7\bin\ssv.dll [2014-07-25] (Oracle Corporation)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2011-03-28] (Microsoft Corp.)
BHO: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll [2016-04-26] (Google Inc.)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre7\bin\jp2ssv.dll [2014-07-25] (Oracle Corporation)
Toolbar: HKLM - SnagIt - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - C:\Program Files\TechSmith\SnagIt 9\SnagItIEAddin.dll [2008-05-15] (TechSmith Corporation)
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll [2016-04-26] (Google Inc.)
Toolbar: HKU\S-1-5-21-3399307451-3074549587-1771456082-1000 -> Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll [2016-04-26] (Google Inc.)
DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} hxxp://download.eset.com/special/eos/OnlineScanner.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab
DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C}
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll [2006-10-27] (Microsoft Corporation)
Handler: ms-itss - {0A9007C0-4076-11D3-8789-0000F8105754} - c:\Program Files\Common Files\Microsoft Shared\Information Retrieval\msitss.dll [2007-06-08] (Microsoft Corporation)

FireFox:
========
FF ProfilePath: C:\Users\psimoes\AppData\Roaming\Mozilla\Firefox\Profiles\9yk1vrhk.default [2016-11-15]
FF Extension: (Firefox Hotfix) - C:\Users\psimoes\AppData\Roaming\Mozilla\Firefox\Profiles\9yk1vrhk.default\Extensions\firefox-hotfix@mozilla.org.xpi [2016-09-06]
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF32_23_0_0_207.dll [2016-11-08] ()
FF Plugin: @Apple.com/iTunes,version=1.0 -> C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll [2010-12-09] ()
FF Plugin: @google.com/npPicasa3,version=3.0.0 -> C:\Program Files\Google\Picasa3\npPicasa3.dll [2014-01-06] (Google, Inc.)
FF Plugin: @java.com/DTPlugin,version=10.67.2 -> C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll [2014-07-25] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.67.2 -> C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll [2014-07-25] (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll [2013-01-24] ( Microsoft Corporation)
FF Plugin: @microsoft.com/WPF,version=3.5 -> C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll [2008-07-29] (Microsoft Corporation)
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.31.5\npGoogleUpdate3.dll [2016-07-28] (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.31.5\npGoogleUpdate3.dll [2016-07-28] (Google Inc.)
FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll [2015-09-24] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-3399307451-3074549587-1771456082-1000: @citrixonline.com/appdetectorplugin -> C:\Users\psimoes\AppData\Local\Citrix\Plugins\104\npappdetector.dll [2015-11-19] (Citrix Online)
FF Plugin HKU\S-1-5-21-3399307451-3074549587-1771456082-1000: @Skype Limited.com/Facebook Video Calling Plugin -> C:\Users\psimoes\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll [2014-07-24] (Skype Limited)
FF Plugin HKU\S-1-5-21-3399307451-3074549587-1771456082-1000: @talk.google.com/GoogleTalkPlugin -> C:\Users\psimoes\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll [2015-12-08] (Google)
FF Plugin HKU\S-1-5-21-3399307451-3074549587-1771456082-1000: @talk.google.com/O1DPlugin -> C:\Users\psimoes\AppData\Roaming\Mozilla\plugins\npo1d.dll [2015-12-08] (Google)
FF Plugin HKU\S-1-5-21-3399307451-3074549587-1771456082-1000: @tools.google.com/Google Update;version=3 -> C:\Users\psimoes\AppData\Local\Google\Update\1.3.31.5\npGoogleUpdate3.dll [2016-07-28] (Google Inc.)
FF Plugin HKU\S-1-5-21-3399307451-3074549587-1771456082-1000: @tools.google.com/Google Update;version=9 -> C:\Users\psimoes\AppData\Local\Google\Update\1.3.31.5\npGoogleUpdate3.dll [2016-07-28] (Google Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nppdf32.dll [2015-09-24] (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Users\psimoes\AppData\Roaming\mozilla\plugins\npatgpc.dll [2013-07-13] (Cisco WebEx LLC)
FF Plugin ProgramFiles/Appdata: C:\Users\psimoes\AppData\Roaming\mozilla\plugins\npgoogletalk.dll [2015-12-08] (Google)
FF Plugin ProgramFiles/Appdata: C:\Users\psimoes\AppData\Roaming\mozilla\plugins\npo1d.dll [2015-12-08] (Google)

Chrome:
=======
CHR HomePage: Default -> hxxps://www.google.com/accounts/ServiceLogin?service=mail&passive=true&rm=false&continue=http%3A%2F%2Fmail.google.com%2Fmail%2F%3Fui%3Dhtml%26zy%3Dl&bsv=1k96igf4806cy&scc=1&ltmpl=default&ltmplcache=2&hl=en
CHR StartupUrls: Default -> "hxxps://www.startpage.com/"
CHR Profile: C:\Users\psimoes\AppData\Local\Google\Chrome\User Data\Default [2016-11-15]
CHR Extension: (Google Slides) - C:\Users\psimoes\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-09-09]
CHR Extension: (Google Docs) - C:\Users\psimoes\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-09-09]
CHR Extension: (Google Drive) - C:\Users\psimoes\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-10-21]
CHR Extension: (TV) - C:\Users\psimoes\AppData\Local\Google\Chrome\User Data\Default\Extensions\beobeededemalmllhkmnkinmfembdimh [2015-09-09]
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\psimoes\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2015-09-09]
CHR Extension: (YouTube) - C:\Users\psimoes\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-09-24]
CHR Extension: (Thesaurus.com - Synonyms and Antonyms) - C:\Users\psimoes\AppData\Local\Google\Chrome\User Data\Default\Extensions\clljlcapeomdokpgadmegpabakieebci [2015-09-09]
CHR Extension: (Google Search) - C:\Users\psimoes\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-10-27]
CHR Extension: (Learn Italian - Molto Bene) - C:\Users\psimoes\AppData\Local\Google\Chrome\User Data\Default\Extensions\dadgddaepklpemjojmnhgdjmmkmefihe [2015-09-09]
CHR Extension: (Trading Dashboard to Fructify your Money) - C:\Users\psimoes\AppData\Local\Google\Chrome\User Data\Default\Extensions\egfjlnahigndmbebpdhnnkcfnahhhglp [2015-09-09]
CHR Extension: (Zoho Invoice and Time Tracking) - C:\Users\psimoes\AppData\Local\Google\Chrome\User Data\Default\Extensions\ehmnelfmlmpladgddfgghoaigjhfkhdj [2015-09-09]
CHR Extension: (Google Sheets) - C:\Users\psimoes\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-09-09]
CHR Extension: (Google Docs Offline) - C:\Users\psimoes\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-03-15]
CHR Extension: (Save to Google Drive) - C:\Users\psimoes\AppData\Local\Google\Chrome\User Data\Default\Extensions\gmbmikajjgmnabiglmofipeabaddhgne [2015-09-09]
CHR Extension: (Send Anywhere (File Transfer)) - C:\Users\psimoes\AppData\Local\Google\Chrome\User Data\Default\Extensions\hihbikoooaenkpdooehgemieligjejcb [2016-11-10]
CHR Extension: (Learn Portuguese - Tudo Bem) - C:\Users\psimoes\AppData\Local\Google\Chrome\User Data\Default\Extensions\iaichpenkdlohcjgagagapnegbjmfnfh [2015-09-09]
CHR Extension: (Mailvelope) - C:\Users\psimoes\AppData\Local\Google\Chrome\User Data\Default\Extensions\kajibbejlbohfaggdiogboambcijhkke [2016-09-08]
CHR Extension: (HelloSign: Online signatures made easy) - C:\Users\psimoes\AppData\Local\Google\Chrome\User Data\Default\Extensions\kajjckmbclbffbpecfbiecehkfgopppd [2015-09-09]
CHR Extension: (Yesware Reports) - C:\Users\psimoes\AppData\Local\Google\Chrome\User Data\Default\Extensions\kiciehannidbjakcefendokamkjnolhg [2015-09-09]
CHR Extension: (Boomerang for Gmail) - C:\Users\psimoes\AppData\Local\Google\Chrome\User Data\Default\Extensions\mdanidgdpmkimeiiojknlnekblgmpdll [2016-05-23]
CHR Extension: (Vend) - C:\Users\psimoes\AppData\Local\Google\Chrome\User Data\Default\Extensions\meddmiakkfjlledfhjljjjdebajikafa [2015-09-09]
CHR Extension: (Mailtrack for Gmail) - C:\Users\psimoes\AppData\Local\Google\Chrome\User Data\Default\Extensions\ndnaehgpjlnokgebbaldlmgkapkpjkkb [2016-11-14]
CHR Extension: (Chrome Web Store Payments) - C:\Users\psimoes\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-04-02]
CHR Extension: (Docs PDF/PowerPoint Viewer (by Google)) - C:\Users\psimoes\AppData\Local\Google\Chrome\User Data\Default\Extensions\nnbmlagghjjcbdhgmkedmbmedengocbn [2015-09-09]
CHR Extension: (Gmail) - C:\Users\psimoes\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-09-09]
CHR Extension: (Learn Spanish - Qué Onda) - C:\Users\psimoes\AppData\Local\Google\Chrome\User Data\Default\Extensions\pmcdjmebmeoobmdghjbjhbifoocbcmaj [2015-09-09]
CHR Extension: (Streak CRM for Gmail) - C:\Users\psimoes\AppData\Local\Google\Chrome\User Data\Default\Extensions\pnnfemgpilpdaojpnkjdgfgbnnjojfik [2016-06-21]
CHR HKLM\...\Chrome\Extension: [fagakgcelolinfnkfgekcnedpaklfcok] - hxxps://clients2.google.com/service/update2/crx

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 AffinegyService; C:\Program Files\Belkin\Router Setup and Monitor\BelkinService.exe [563104 2012-02-23] (Affinegy, Inc.)
R2 Authentec memory manager; C:\Windows\system32\TAMSvr.exe [49152 2007-10-15] (AuthenTec Inc.) [File not signed]
R2 Backupper Service; C:\Program Files\AOMEI Backupper Standard Edition 2.0.2\ABService.exe [29912 2014-08-21] (AOMEI Tech Co., Ltd.) [File not signed]
R2 Belkin Local Backup Service; C:\Program Files\Belkin\Belkin USB Print and Storage Center\BkBackupScheduler.exe [152576 2011-04-19] () [File not signed]
R2 Belkin Network USB Helper; C:\Program Files\Belkin\Belkin USB Print and Storage Center\Bkapcs.exe [49152 2010-02-09] () [File not signed]
R2 ConfigFree Service; C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe [40960 2007-12-25] (TOSHIBA CORPORATION) [File not signed]
R2 EvtEng; C:\Program Files\Intel\Wireless\Bin\EvtEng.exe [794624 2007-10-08] (Intel Corporation) [File not signed]
S3 getPlusHelper; C:\Windows\System32\svchost.exe [21504 2008-01-20] (Microsoft Corporation)
S3 Gizmo Central; C:\Program Files\Gizmo\gservice.exe [34728 2011-07-02] (Arainia Solutions)
S3 GoogleDesktopManager; C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe [1862144 2008-02-12] (Google) [File not signed]
S3 IDriverT; C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe [69632 2005-11-14] (Macrovision Corporation) [File not signed]
R2 NanoServiceMain; C:\Program Files\Panda Security\Panda Security Protection\PSANHost.exe [153096 2016-08-04] (Panda Security, S.L.)
S3 nosGetPlusHelper; C:\Windows\System32\svchost.exe [21504 2008-01-20] (Microsoft Corporation)
R2 OAcat; C:\Program Files\Online Armor\OAcat.exe [584864 2013-10-15] (Emsisoft GmbH)
R2 PandaAgent; C:\Program Files\Panda Security\Panda Devices Agent\AgentSvc.exe [86104 2016-07-19] (Panda Security, S.L.)
R2 PassThru Service; C:\Program Files\HTC\Internet Pass-Through\PassThruSvr.exe [166912 2013-10-17] () [File not signed]
R2 pinger; C:\Toshiba\IVP\ISM\pinger.exe [136816 2007-01-25] ()
R2 PSUAService; C:\Program Files\Panda Security\Panda Security Protection\PSUAService.exe [48584 2016-08-04] (Panda Security, S.L.)
R2 RegSrvc; C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe [483328 2007-10-08] (Intel Corporation) [File not signed]
S3 ServiceLayer; C:\Program Files\PC Connectivity Solution\ServiceLayer.exe [633856 2011-06-08] (Nokia) [File not signed]
S2 SvcOnlineArmor; C:\Program Files\Online Armor\oasrv.exe [4457688 2013-10-15] (Emsisoft GmbH)
R2 Swupdtmr; c:\Toshiba\IVP\swupdate\swupdtmr.exe [66928 2007-10-23] ()
R2 TOSHIBA SMART Log Service; C:\Program Files\TOSHIBA\SMARTLogService\TosIPCSrv.exe [126976 2007-12-03] (TOSHIBA Corporation) [File not signed]
R2 UleadBurningHelper; C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe [49152 2006-08-23] (Ulead Systems, Inc.) [File not signed]
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [272952 2008-01-20] (Microsoft Corporation)
R2 ZAMSvc; C:\Program Files\Zemana AntiMalware\ZAM.exe [13900016 2016-11-09] (Zemana Ltd.)
S4 AcrSch2Svc; no ImagePath
S3 rpcapd; "%ProgramFiles%\WinPcap\rpcapd.exe" -d -f "%ProgramFiles%\WinPcap\rpcapd.ini" [X]

===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R0 AlfaFF; C:\Windows\System32\Drivers\AlfaFF.sys [43440 2008-02-03] (Alfa Corporation)
R0 ambakdrv; C:\Windows\System32\ambakdrv.sys [26424 2014-08-19] () [File not signed]
R2 ammntdrv; C:\Windows\system32\ammntdrv.sys [129720 2014-08-19] () [File not signed]
R2 amwrtdrv; C:\Windows\system32\amwrtdrv.sys [14392 2014-08-19] () [File not signed]
R3 ATSWPDRV; C:\Windows\System32\DRIVERS\ATSwpDrv.sys [146944 2009-01-26] (AuthenTec, Inc.)
S1 Cdr4_xp; C:\Windows\system32\Drivers\Cdr4_xp.sys [2432 2006-10-04] (Sonic Solutions) [File not signed]
S1 Cdralw2k; C:\Windows\system32\Drivers\Cdralw2k.sys [2560 2006-10-04] (Sonic Solutions) [File not signed]
R1 GizmoDrv; C:\Windows\system32\Drivers\GizmoDrv.sys [25488 2011-07-02] (Arainia Solutions LLC)
R1 NNSALPC; C:\Windows\System32\DRIVERS\NNSAlpc.sys [87032 2015-12-04] (Panda Security, S.L.)
R1 NNSHTTP; C:\Windows\System32\DRIVERS\NNSHttp.sys [202104 2015-12-04] (Panda Security, S.L.)
R1 NNSHTTPS; C:\Windows\System32\DRIVERS\NNSHttps.sys [109688 2015-12-04] (Panda Security, S.L.)
R1 NNSIDS; C:\Windows\System32\DRIVERS\NNSIds.sys [121720 2015-12-04] (Panda Security, S.L.)
R1 NNSNAHSL; C:\Windows\System32\DRIVERS\NNSNAHSL.sys [42256 2015-04-27] (Panda Security, S.L.)
R1 NNSPICC; C:\Windows\System32\DRIVERS\NNSPicc.sys [102392 2015-12-04] (Panda Security, S.L.)
R1 NNSPIHSW; C:\Windows\System32\DRIVERS\NNSPihsw.sys [72400 2016-03-14] (Panda Security, S.L.)
R1 NNSPOP3; C:\Windows\System32\DRIVERS\NNSPop3.sys [120568 2015-12-04] (Panda Security, S.L.)
R1 NNSPROT; C:\Windows\System32\DRIVERS\NNSProt.sys [281720 2015-12-04] (Panda Security, S.L.)
R1 NNSPRV; C:\Windows\System32\DRIVERS\NNSPrv.sys [216208 2016-02-17] (Panda Security, S.L.)
R1 NNSSMTP; C:\Windows\System32\DRIVERS\NNSSmtp.sys [108408 2015-12-04] (Panda Security, S.L.)
R1 NNSSTRM; C:\Windows\System32\DRIVERS\NNSStrm.sys [247568 2016-02-17] (Panda Security, S.L.)
R1 NNSTLSC; C:\Windows\System32\DRIVERS\NNSTlsc.sys [94968 2015-12-04] (Panda Security, S.L.)
S3 NPF; C:\Windows\System32\drivers\npf.sys [35088 2010-06-25] (CACE Technologies, Inc.)
R1 OADevice; C:\Windows\system32\drivers\OADriver.sys [210360 2013-10-15] ()
S1 oahlpXX; C:\Windows\system32\drivers\oahlp32.sys [44984 2013-10-15] ()
R1 OAmon; C:\Windows\system32\drivers\OAmon.sys [34856 2013-10-15] (Emsisoft)
R3 OAnet; C:\Windows\System32\DRIVERS\oanet.sys [31760 2013-10-15] (Emsisoft)
R2 PSINAflt; C:\Windows\System32\DRIVERS\PSINAflt.sys [147728 2016-08-04] (Panda Security, S.L.)
R2 PSINFile; C:\Windows\System32\DRIVERS\PSINFile.sys [111376 2016-08-04] (Panda Security, S.L.)
R1 PSINKNC; C:\Windows\System32\DRIVERS\psinknc.sys [175888 2016-08-04] (Panda Security, S.L.)
R2 PSINProc; C:\Windows\System32\DRIVERS\PSINProc.sys [121616 2016-08-04] (Panda Security, S.L.)
R2 PSINProt; C:\Windows\System32\DRIVERS\PSINProt.sys [132880 2016-08-04] (Panda Security, S.L.)
R2 PSINReg; C:\Windows\System32\DRIVERS\PSINReg.sys [107792 2016-08-04] (Panda Security, S.L.)
R3 PSKMAD; C:\Windows\System32\DRIVERS\PSKMAD.sys [58288 2016-08-08] (Panda Security, S.L.)
R0 snapman380; C:\Windows\System32\DRIVERS\snman380.sys [134272 2009-03-14] (Acronis)
R3 stdriver; C:\Windows\System32\DRIVERS\stdriver32.sys [49240 2011-02-11] (NCH Software)
R2 sxuptp; C:\Windows\System32\DRIVERS\sxuptp.sys [247320 2009-06-22] (silex technology, Inc.)
S3 tap0901; C:\Windows\System32\DRIVERS\tap0901.sys [25216 2010-02-25] (The OpenVPN Project)
R0 tdrpman147; C:\Windows\System32\DRIVERS\tdrpm147.sys [971232 2009-03-14] (Acronis)
S3 teamviewervpn; C:\Windows\System32\DRIVERS\teamviewervpn.sys [25088 2013-10-17] (TeamViewer GmbH)
S3 trufos; C:\Windows\System32\drivers\trufos.sys [343456 2015-06-07] (BitDefender S.R.L.)
R3 UVCFTR; C:\Windows\System32\Drivers\UVCFTR_S.SYS [18432 2007-12-17] (Chicony Electronics Co., Ltd.)
R1 ZAM; C:\Windows\System32\drivers\zam32.sys [181496 2016-11-15] (Zemana Ltd.)
R1 ZAM_Guard; C:\Windows\System32\drivers\zamguard32.sys [181496 2016-11-15] (Zemana Ltd.)
U5 AppMgmt; C:\Windows\system32\svchost.exe [21504 2008-01-20] (Microsoft Corporation)
S3 aswVmm; \??\C:\Users\psimoes\AppData\Local\Temp\aswVmm.sys [X]
S3 catchme; \??\C:\ComboFix\catchme.sys [X]
S3 IpInIp; system32\DRIVERS\ipinip.sys [X]
S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [X]
S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [X]
S0 tljkva; no ImagePath
S3 Tosrfcom; no ImagePath
S0 wayuia; no ImagePath

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-11-15 17:33 - 2016-11-15 17:34 - 00028459 _____ C:\Users\psimoes\Desktop\FRST.txt
2016-11-15 16:56 - 2016-11-15 16:56 - 00001080 _____ C:\Users\psimoes\Desktop\2016.11.15_MBytes.Results.txt
2016-11-15 15:59 - 2016-11-15 16:03 - 00170200 _____ (Malwarebytes) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2016-11-15 15:58 - 2016-11-15 15:58 - 00000870 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2016-11-15 15:58 - 2016-11-15 15:58 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2016-11-15 15:58 - 2016-11-15 15:58 - 00000000 ____D C:\Program Files\Malwarebytes Anti-Malware
2016-11-15 15:58 - 2016-03-10 14:09 - 00053120 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2016-11-15 15:58 - 2016-03-10 14:08 - 00126336 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbamchameleon.sys
2016-11-15 15:56 - 2016-11-15 15:56 - 00005276 _____ C:\Users\psimoes\Desktop\2016.11.15-15.03.04-i0-t92-d5_Zemana.Scan.txt
2016-11-15 14:33 - 2016-11-15 17:33 - 00073613 _____ C:\Windows\ZAM.krnl.trace
2016-11-15 14:33 - 2016-11-15 17:33 - 00050224 _____ C:\Windows\ZAM_Guard.krnl.trace
2016-11-15 14:33 - 2016-11-15 14:33 - 00181496 _____ (Zemana Ltd.) C:\Windows\system32\Drivers\zamguard32.sys
2016-11-15 14:33 - 2016-11-15 14:33 - 00181496 _____ (Zemana Ltd.) C:\Windows\system32\Drivers\zam32.sys
2016-11-15 14:33 - 2016-11-15 14:33 - 00001698 _____ C:\Users\Public\Desktop\Zemana AntiMalware.lnk
2016-11-15 14:33 - 2016-11-15 14:33 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Zemana AntiMalware
2016-11-15 14:33 - 2016-11-15 14:33 - 00000000 ____D C:\Program Files\Zemana AntiMalware
2016-11-15 14:32 - 2016-11-15 14:32 - 00000000 ____D C:\Users\psimoes\AppData\Local\Zemana
2016-11-15 14:24 - 2016-11-15 14:24 - 22851472 _____ (Malwarebytes ) C:\Users\psimoes\Desktop\mbam-setup-2.2.1.1043.exe
2016-11-15 14:23 - 2016-11-15 14:23 - 05426600 _____ ( ) C:\Users\psimoes\Desktop\Zemana.AntiMalware.Setup.exe
2016-11-14 19:22 - 2016-08-08 04:00 - 00058288 _____ (Panda Security, S.L.) C:\Windows\system32\Drivers\PSKMAD.sys
2016-11-14 18:30 - 2016-11-14 18:30 - 03910208 _____ C:\Users\psimoes\Desktop\adwcleaner_6.030.exe
2016-11-14 16:56 - 2016-11-14 16:56 - 00000008 __RSH C:\ProgramData\ntuser.pol
2016-11-14 16:48 - 2016-11-14 16:18 - 00024064 _____ C:\Windows\zoek-delete.exe
2016-11-14 16:41 - 2016-11-14 16:48 - 00000000 ____D C:\zoek
2016-11-14 16:18 - 2016-11-14 16:46 - 00000000 ____D C:\zoek_backup
2016-11-14 16:14 - 2016-11-15 09:59 - 00161202 _____ C:\Windows\ntbtlog.txt
2016-11-14 14:52 - 2016-11-14 15:54 - 00005375 _____ C:\Users\psimoes\Desktop\ZHPCleaner.txt
2016-11-14 14:37 - 2016-11-14 15:54 - 00000000 ____D C:\Users\psimoes\AppData\Roaming\ZHP
2016-11-14 14:37 - 2016-11-14 14:37 - 00000749 _____ C:\Users\psimoes\Desktop\ZHPCleaner.lnk
2016-11-14 14:33 - 2016-11-14 14:34 - 04186040 _____ C:\Users\psimoes\Desktop\zoek.zip
2016-11-14 14:33 - 2016-11-14 14:33 - 01309184 _____ C:\Users\psimoes\Desktop\zoek.exe
2016-11-14 14:31 - 2016-11-14 14:31 - 02485248 _____ C:\Users\psimoes\Desktop\ZHPCleaner.exe
2016-11-14 12:30 - 2016-11-14 13:11 - 00000512 _____ C:\Users\psimoes\Desktop\MBR.dat
2016-11-14 11:29 - 2016-11-15 17:33 - 00000000 ____D C:\FRST
2016-11-14 11:15 - 2016-11-14 11:15 - 05200384 _____ (AVAST Software) C:\Users\psimoes\Desktop\aswmbr.exe
2016-11-14 11:15 - 2016-11-14 11:15 - 01760768 _____ (Farbar) C:\Users\psimoes\Desktop\FRST.exe
2016-11-13 23:07 - 2016-11-13 23:07 - 00000000 ____D C:\Users\psimoes\AppData\Local\ESET
2016-11-13 13:27 - 2016-11-13 22:30 - 00000000 ____D C:\Users\psimoes\Desktop\Panda.Cloud.Cleaner_Portable
2016-11-13 13:20 - 2016-11-13 13:20 - 37786232 _____ (Panda Security ) C:\Users\psimoes\Desktop\PandaCloudCleaner.exe
2016-11-12 23:25 - 2016-11-12 23:52 - 00000000 ____D C:\ProgramData\F-Secure
2016-11-12 23:25 - 2016-11-12 23:25 - 00000000 ____D C:\Users\psimoes\AppData\Local\F-Secure
2016-11-12 23:06 - 2016-11-12 23:06 - 00524248 _____ (F-Secure Corporation) C:\Users\psimoes\Desktop\F-SecureOnlineScanner.exe
2016-11-12 23:04 - 2016-11-12 23:04 - 06761600 _____ (ESET spol. s r.o.) C:\Users\psimoes\Desktop\esetonlinescanner_enu.exe
2016-11-10 20:55 - 2016-11-15 08:41 - 00000000 ____D C:\Program Files\Mozilla Firefox
2016-10-21 13:43 - 2016-11-15 15:43 - 00000000 ____D C:\Program Files\Panda Security URL Filtering
2016-10-21 13:43 - 2016-10-21 13:53 - 00000000 ____D C:\Users\psimoes\AppData\Local\panda
2016-10-21 13:41 - 2016-10-21 13:41 - 00000000 ____D C:\Users\psimoes\AppData\Roaming\Panda Security
2016-10-21 13:34 - 2016-10-21 13:44 - 00002029 _____ C:\Users\Public\Desktop\Panda Free Antivirus.lnk
2016-10-21 13:34 - 2016-10-21 13:34 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Panda Free Antivirus
2016-10-21 13:33 - 2016-10-21 13:42 - 00000000 ____D C:\Program Files\Panda Security

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-11-15 17:21 - 2009-06-30 20:06 - 00000916 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3399307451-3074549587-1771456082-1000UA.job
2016-11-15 17:12 - 2010-02-09 17:32 - 00000886 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2016-11-15 16:37 - 2013-03-20 23:25 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2016-11-15 16:21 - 2009-06-30 20:06 - 00000864 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3399307451-3074549587-1771456082-1000Core.job
2016-11-15 15:58 - 2011-06-27 08:49 - 00000000 ____D C:\Program Files\Malwarebytes' Anti-Malware
2016-11-15 15:58 - 2009-02-16 14:19 - 00000000 ____D C:\Users\psimoes\AppData\Roaming\Malwarebytes
2016-11-15 15:58 - 2009-02-16 14:19 - 00000000 ____D C:\ProgramData\Malwarebytes
2016-11-15 15:47 - 2010-02-09 17:32 - 00000882 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2016-11-15 15:47 - 2006-11-02 07:37 - 00000000 ___RD C:\Users\Public\Recorded TV
2016-11-15 15:46 - 2006-11-02 08:01 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2016-11-15 15:46 - 2006-11-02 07:47 - 00003616 _____ C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
2016-11-15 15:46 - 2006-11-02 07:47 - 00003616 _____ C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
2016-11-15 15:42 - 2006-11-02 08:01 - 00032656 _____ C:\Windows\Tasks\SCHEDLGU.TXT
2016-11-15 15:03 - 2009-02-16 11:17 - 00000000 ____D C:\Users\psimoes
2016-11-15 14:47 - 2011-12-25 20:37 - 00000936 _____ C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3399307451-3074549587-1771456082-1000UA.job
2016-11-15 09:59 - 2015-06-07 17:29 - 00000000 ____D C:\AdwCleaner
2016-11-14 17:47 - 2011-12-25 20:37 - 00000914 _____ C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3399307451-3074549587-1771456082-1000Core.job
2016-11-14 16:59 - 2013-03-07 23:13 - 00000000 ____D C:\Program Files\Online Armor
2016-11-14 16:56 - 2010-02-10 23:48 - 00000008 __RSH C:\Users\psimoes\ntuser.pol
2016-11-14 16:44 - 2006-11-02 06:18 - 00000000 ___HD C:\Windows\system32\GroupPolicy
2016-11-14 14:56 - 2014-07-05 17:04 - 00000000 ____D C:\Users\psimoes\Downloads\Android Apps
2016-11-14 12:15 - 2006-11-02 06:18 - 00000000 ____D C:\Windows\inf
2016-11-14 12:15 - 2006-11-02 05:33 - 00854788 _____ C:\Windows\system32\PerfStringBackup.INI
2016-11-14 00:19 - 2014-03-06 22:39 - 00000000 ____D C:\Users\psimoes\AppData\Local\CrashDumps
2016-11-10 18:32 - 2016-04-15 08:12 - 00000000 ____D C:\Users\psimoes\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps
2016-11-08 12:37 - 2012-05-03 08:23 - 00796352 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe
2016-11-08 12:37 - 2011-06-21 23:31 - 00142528 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl
2016-11-08 12:37 - 2008-02-12 21:43 - 00000000 ____D C:\Windows\system32\Macromed
2016-11-03 11:06 - 2016-02-22 16:43 - 00000000 ____D C:\Users\psimoes\AppData\Roaming\vlc
2016-11-03 11:04 - 2014-08-18 13:43 - 00000000 ____D C:\Users\psimoes\Desktop\0misc.downl_Tosh
2016-10-25 07:04 - 2006-11-02 07:47 - 00462664 _____ C:\Windows\system32\FNTCACHE.DAT
2016-10-21 13:42 - 2014-10-17 21:06 - 00000000 ____D C:\ProgramData\Panda Security
2016-10-21 13:41 - 2009-02-16 11:18 - 00121608 _____ C:\Users\psimoes\AppData\Local\GDIPFONTCACHEV1.DAT
2016-10-21 12:59 - 2012-06-16 00:29 - 00000000 ____D C:\ProgramData\AVAST Software

==================== Files in the root of some directories =======

2010-02-21 20:14 - 2010-04-02 18:43 - 0000990 ___SH () C:\Users\psimoes\AppData\Roaming\systemfl.$dk
2014-10-13 16:09 - 2014-10-29 03:29 - 0207963 _____ () C:\Users\psimoes\AppData\Local\ars.cache
2014-10-13 16:09 - 2014-10-29 03:29 - 0576849 _____ () C:\Users\psimoes\AppData\Local\census.cache
2010-07-18 20:02 - 2015-05-16 07:08 - 0001356 _____ () C:\Users\psimoes\AppData\Local\d3d9caps.dat
2009-02-16 02:35 - 2011-06-29 21:25 - 0081408 _____ () C:\Users\psimoes\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2014-10-13 15:55 - 2014-10-13 15:55 - 0000036 _____ () C:\Users\psimoes\AppData\Local\housecall.guid.cache
2014-10-13 16:06 - 2014-10-28 23:31 - 0000010 _____ () C:\Users\psimoes\AppData\Local\sponge.last.runtime.cache

Some files in TEMP:
====================
C:\Users\psimoes\AppData\Local\Temp\libeay32.dll
C:\Users\psimoes\AppData\Local\Temp\msvcr120.dll
C:\Users\psimoes\AppData\Local\Temp\sqlite3.dll


Some zero byte size files/folders:
==========================
C:\Windows\logo_1.exe
C:\Windows\RUNDL132.EXE
C:\Windows\VDLL.DLL
C:\Windows\System32\runouce.exe

==================== Bamital & volsnap ======================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\explorer.exe => File is digitally signed
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2016-11-15 15:54

==================== End of FRST.txt ============================


Additional scan result of Farbar Recovery Scan Tool (x86) Version: 12-11-2016
Ran by psimoes (15-11-2016 17:35:01)
Running from C:\Users\psimoes\Desktop
Microsoft® Windows Vista™ Home Premium Service Pack 2 (X86) (2009-02-16 07:13:03)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-3399307451-3074549587-1771456082-500 - Administrator - Disabled)
Guest (S-1-5-21-3399307451-3074549587-1771456082-501 - Limited - Enabled) => C:\Users\Guest
psimoes (S-1-5-21-3399307451-3074549587-1771456082-1000 - Administrator - Enabled) => C:\Users\psimoes
torrents (S-1-5-21-3399307451-3074549587-1771456082-1004 - Limited - Enabled) => C:\Users\torrents

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Panda Free Antivirus (Disabled - Up to date) {3456760B-FDAA-FFFD-06C2-7BB528D2066C}
AS: Panda Free Antivirus (Disabled - Up to date) {8F3797EF-DB90-F073-3C72-40C753554CD1}
AS: Windows Defender (Disabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: Panda Firewall (Disabled) {0C6DF72E-B7C5-FEA5-2D9D-D280D6014117}
FW: Online Armor Firewall (Disabled) {BD3F5FCA-866B-1E2E-0A68-58900A751EA1}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

7-Zip 4.65 (HKLM\...\7-Zip) (Version: - )
7-Zip 9.20 (HKLM\...\{23170F69-40C1-2701-0920-000001000000}) (Version: 9.20.00.0 - Igor Pavlov)
Acrobat.com (HKLM\...\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1) (Version: 1.1.377 - Adobe Systems Incorporated)
Acrobat.com (Version: 0.0.0 - Adobe Systems Incorporated) Hidden
Adobe AIR (HKLM\...\Adobe AIR) (Version: 4.0.0.1390 - Adobe Systems Incorporated)
Adobe Flash Player 23 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 23.0.0.207 - Adobe Systems Incorporated)
Adobe Flash Player 23 NPAPI (HKLM\...\Adobe Flash Player NPAPI) (Version: 23.0.0.207 - Adobe Systems Incorporated)
Adobe Flash Player 23 PPAPI (HKLM\...\Adobe Flash Player PPAPI) (Version: 23.0.0.207 - Adobe Systems Incorporated)
Adobe Reader X (10.1.16) (HKLM\...\{AC76BA86-7AD7-1033-7B44-AA1000000001}) (Version: 10.1.16 - Adobe Systems Incorporated)
Aiseesoft Blu-ray Ripper (HKLM\...\Aiseesoft Blu-ray Ripper_is1) (Version: - )
Aiseesoft Streaming Video Recorder (HKLM\...\Aiseesoft Streaming Video Recorder_is1) (Version: - )
AOMEI Backupper Standard Edition 2.0.2 (HKLM\...\{A83692F5-3E9B-4E95-9E7E-B5DF5536C09F}_is1) (Version: - AOMEI Technology Co., Ltd.)
Apple Application Support (HKLM\...\{F5266D28-E0B2-4130-BFC5-EE155AD514DC}) (Version: 2.3 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{308B6AEA-DE50-4666-996D-0FA461719D6B}) (Version: 3.3.0.69 - Apple Inc.)
Apple Software Update (HKLM\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
ATI Catalyst Install Manager (HKLM\...\{53BB9294-6E76-4853-4130-1CD0A01EAE45}) (Version: 3.0.657.0 - ATI Technologies, Inc.)
Auslogics DiskDefrag (HKLM\...\{DF6A13C0-77DF-41FE-BD05-6D5201EB0CE7}_is1) (Version: 4.4.0.0 - Auslogics Labs Pty Ltd)
Belkin Setup and Router Monitor (HKLM\...\Belkin Setup and Router Monitor_is1) (Version: - )
Belkin USB Print and Storage Center (HKLM\...\Belkin USB Print and Storage Center) (Version: 1.1.4 - Belkin International, Inc.)
Bluetooth Stack for Windows by Toshiba (HKLM\...\{CEBB6BFB-D708-4F99-A633-BC2600E01EF6}) (Version: v6.10.02(T) - TOSHIBA CORPORATION)
Bonjour (HKLM\...\{FF1C31AE-0CDC-40CE-AB85-406F8B70D643}) (Version: 2.0.3.0 - Apple Inc.)
Camera Assistant Software for Toshiba (HKLM\...\{37C866E4-AA67-4725-9E95-A39968DD7960}) (Version: 1.7.175.0123 - Chicony Electronics Co.,Ltd.)
Catalyst Control Center - Branding (HKLM\...\{D58A1E94-9EEA-4C6E-B9FB-D7C63DC6C941}) (Version: 1.00.0000 - ATI)
ccc-core-static (Version: 2008.0130.1509.26922 - ATI) Hidden
CCleaner (HKLM\...\CCleaner) (Version: 5.10 - Piriform)
CD/DVD Drive Acoustic Silencer (HKLM\...\{9FE35071-CAB2-4E79-93E7-BFC6A2DC5C5D}) (Version: 2.02.01 - TOSHIBA)
Cisco WebEx Meetings (HKLM\...\ActiveTouchMeetingClient) (Version: - Cisco WebEx LLC)
Citrix Online Launcher (HKLM\...\{678753E6-E526-4AE5-A144-00240772543A}) (Version: 1.0.393 - Citrix)
Compatibility Pack for the 2007 Office system (HKLM\...\{90120000-0020-0409-0000-0000000FF1CE}) (Version: 12.0.6425.1000 - Microsoft Corporation)
Cover Commander 3.0 by Insofta Development (HKLM\...\Cover Commander) (Version: 3.0 - Insofta Development)
CyberLink PowerCinema for TOSHIBA (HKLM\...\InstallShield_{2637C347-9DAD-11D6-9EA2-00055D0CA761}) (Version: 6.0.1414 - CyberLink Corp.)
D3DX10 (Version: 15.4.2368.0902 - Microsoft) Hidden
DVD MovieFactory for TOSHIBA (HKLM\...\{F214EAA4-A069-4BAF-9DA4-4DB8BEEDE485}) (Version: 5.51 - Ulead Systems, Inc.)
ESET Online Scanner v3 (HKLM\...\ESET Online Scanner) (Version: - )
Facebook Video Calling 3.1.0.521 (HKLM\...\{2091F234-EB58-4B80-8C96-8EB78C808CF7}) (Version: 3.1.521 - Skype Limited)
FileASSASSIN (HKLM\...\FileASSASSIN) (Version: 1.06 - Malwarebytes)
Folder Lock (HKU\S-1-5-21-3399307451-3074549587-1771456082-1000\...\FolderLock6) (Version: - New Sofware.net Inc.)
FXCM Trading Station (HKU\S-1-5-21-3399307451-3074549587-1771456082-1000\...\FXCM Trading Station) (Version: 010311 - )
FXCM Trading Station (Version: 010311 - FXCM) Hidden
GearDrvs (Version: 1 - Symantec Corporation) Hidden
GearDrvs (Version: 1.00.0000 - GEAR Software) Hidden
Gizmo Central (HKLM\...\Gizmo Central) (Version: v2.7.9 - Arainia Solutions, LLC)
Google Chrome (HKLM\...\Google Chrome) (Version: 49.0.2623.112 - Google Inc.)
Google Desktop (HKLM\...\Google Desktop) (Version: - - Google)
Google Talk Plugin (HKLM\...\{F9B579C2-D854-300A-BE62-A09EB9D722E4}) (Version: 5.41.3.0 - Google)
Google Toolbar for Internet Explorer (HKLM\...\{2318C2B1-4965-11d4-9B18-009027A5CD4F}) (Version: 7.5.7619.1252 - Google Inc.)
Google Toolbar for Internet Explorer (Version: 1.0.0 - Google Inc.) Hidden
Google Update Helper (Version: 1.3.25.11 - Google Inc.) Hidden
Google Update Helper (Version: 1.3.31.5 - Google Inc.) Hidden
GoToMeeting 7.16.0.4800 (HKU\S-1-5-21-3399307451-3074549587-1771456082-1000\...\GoToMeeting) (Version: 7.16.0.4800 - CitrixOnline)
HTC BMP USB Driver (HKLM\...\{31A559C1-9E4D-423B-9DD3-34A6C5398752}) (Version: 1.0.5375 - HTC)
HTC Driver Installer (HKLM\...\{6D6664A9-3342-4948-9B7E-034EFE366F0F}) (Version: 3.0.0.021 - HTC Corporation)
Ideal DVD Copy V4.1.2 (HKLM\...\Ideal DVD Copy_is1) (Version: - Ideal DVD Software, Inc.)
ImgBurn (HKLM\...\ImgBurn) (Version: 2.5.7.0 - LIGHTNING UK!)
Intel(R) PROSet/Wireless Software (HKLM\...\ProInst) (Version: 11.5.0000 - Intel Corporation)
Intel® Matrix Storage Manager (HKLM\...\{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}) (Version: - )
IPTInstaller (HKLM\...\{08208143-777D-4A06-BB54-71BF0AD1BB70}) (Version: 4.0.9 - HTC)
iTunes (HKLM\...\{881F5DE8-9367-4B81-A325-E91BBC6472F9}) (Version: 10.1.1.4 - Apple Inc.)
Java 7 Update 67 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F83217051FF}) (Version: 7.0.670 - Oracle)
Junk Mail filter update (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Logitech Unifying Software 2.50 (HKLM\...\Logitech Unifying) (Version: 2.50.25 - Logitech)
magicJack (HKU\S-1-5-21-3399307451-3074549587-1771456082-1000\...\magicJack) (Version: 4.1.7574.5297 - magicJack L.P.)
Malwarebytes Anti-Malware version 2.2.1.1043 (HKLM\...\Malwarebytes Anti-Malware_is1) (Version: 2.2.1.1043 - Malwarebytes)
mCorev32.ism_new (Version: 11.02.0000 - Intel Corporation) Hidden
mCPlug (Version: 11.02.0000 - Intel Corporation) Hidden
mHelp (Version: 11.02.0000 - Intel) Hidden
Microsoft .NET Framework 3.5 SP1 (HKLM\...\Microsoft .NET Framework 3.5 SP1) (Version: - Microsoft Corporation)
Microsoft .NET Framework 4.5.2 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.51209 - Microsoft Corporation)
Microsoft Office Enterprise 2007 (HKLM\...\ENTERPRISE) (Version: 12.0.4518.1014 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.20125.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (HKLM\...\{770657D0-A123-3C07-8E44-1C83EC895118}) (Version: 8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148 (HKLM\...\{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022.218 (HKLM\...\{E503B4BF-F7BB-3D5F-8BC8-F694B1CFF942}) (Version: 9.0.21022.218 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Works (HKLM\...\{15BC8CD0-A65B-47D0-A2DD-90A824590FA8}) (Version: 9.7.0621 - Microsoft Corporation)
mMHouse (Version: 11.02.0000 - Intel Corporation) Hidden
Mozilla Firefox 48.0.2 (x86 en-US) (HKLM\...\Mozilla Firefox 48.0.2 (x86 en-US)) (Version: 48.0.2 - Mozilla)
mPfMgr (Version: 11.02.0000 - Intel Corporation) Hidden
MSVC90_x86 (Version: 1.0.1.2 - Nokia) Hidden
MSXML 4.0 SP2 (KB941833) (HKLM\...\{C523D256-313D-4866-B36A-F3DE528246EF}) (Version: 4.20.9849.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB954430) (HKLM\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (HKLM\...\{196467F1-C11F-4F76-858B-5812ADC83B94}) (Version: 4.30.2100.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (KB2721691) (HKLM\...\{355B5AC0-CEEE-42C5-AD4D-7F3CFD806C36}) (Version: 4.30.2114.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (KB2758694) (HKLM\...\{1D95BA90-F4F8-47EC-A882-441C99D30C1E}) (Version: 4.30.2117.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (KB973685) (HKLM\...\{859DFA95-E4A6-48CD-B88E-A3E483E89B44}) (Version: 4.30.2107.0 - Microsoft Corporation)
Network Recording Player (HKLM\...\{FDA24BB0-8462-4356-B30E-C74FDC25C6DF}) (Version: 28.7.0.15458 - Cisco WebEx LLC)
Nokia Connectivity Cable Driver (HKLM\...\{2D99A593-C841-43A7-B7C9-D6F3AE70B756}) (Version: 7.1.45.0 - Nokia)
Nokia PC Suite (HKLM\...\Nokia PC Suite) (Version: 7.1.62.1 - Nokia)
Nokia PC Suite (Version: 7.1.62.1 - Nokia) Hidden
Online Armor 6.0 (HKLM\...\OnlineArmor_is1) (Version: 6.0 - Emsisoft GmbH)
Opera Stable 36.0.2130.80 (HKLM\...\Opera 36.0.2130.80) (Version: 36.0.2130.80 - Opera Software)
Panda Devices Agent (Version: 1.03.08 - Panda Security) Hidden
Panda Devices Agent (Version: 1.08.00 - Panda Security) Hidden
Panda Free Antivirus (HKLM\...\Panda Universal Agent Endpoint) (Version: 17.00.01.0000 - Panda Security)
Panda Free Antivirus (Version: 8.31.00 - Panda Security) Hidden
Panda Safe Web (HKLM\...\pandasecuritytb) (Version: 4.3.1.20 - Panda Security and Visicom Media Inc.)
PC Connectivity Solution (HKLM\...\{C373F7C4-05D2-4047-96D1-6AF30661C6AA}) (Version: 11.4.19.0 - Nokia)
Picasa 3 (HKLM\...\Picasa 3) (Version: 3.9 - Google, Inc.)
QuickTime (HKLM\...\{AF0CE7C0-A3E4-4D73-988B-B29187EC6E9A}) (Version: 7.73.80.64 - Apple Inc.)
Realtek 8169, 8168, 8101E and 8102E Ethernet Network Card Driver for Windows Vista (HKLM\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 1.00.0000 - Realtek)
Realtek High Definition Audio Driver (HKLM\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.5559 - Realtek Semiconductor Corp.)
Revo Uninstaller 1.92 (HKLM\...\Revo Uninstaller) (Version: 1.92 - VS Revo Group)
RICOH R5C83x/84x Flash Media Controller Driver Ver.3.51.01 (HKLM\...\{59F6A514-9813-47A3-948C-8A155460CC2A}) (Version: 3.51.01 - )
Segoe UI (Version: 15.4.2271.0615 - Microsoft Corp) Hidden
Skins (Version: 2008.0130.1509.26922 - ATI) Hidden
Skype™ 7.26 (HKLM\...\{FC965A47-4839-40CA-B618-18F486F042C6}) (Version: 7.26.101 - Skype Technologies S.A.)
Snagit 11 (HKLM\...\{A56C6348-59D0-433B-A48A-75914858664E}) (Version: 11.2.1 - TechSmith Corporation)
SnagIt 9 (HKLM\...\{59991D18-A988-45AB-B1BF-5ADE6E64CD3F}) (Version: 9.0.0 - TechSmith Corporation)
Spelling Dictionaries Support For Adobe Reader 9 (HKLM\...\{AC76BA86-7AD7-5464-3428-900000000004}) (Version: 9.0.0 - Adobe Systems Incorporated)
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 11.2.4.0 - Synaptics)
TOSHIBA Assist (HKLM\...\{12B3A009-A080-4619-9A2A-C6DB151D8D67}) (Version: 2.01.05 - TOSHIBA)
TOSHIBA ConfigFree (HKLM\...\{78C6A78A-8B03-48C8-A47C-78BA1FCA2307}) (Version: 7.1.27 - TOSHIBA Corporation)
TOSHIBA DVD PLAYER (HKLM\...\{6C5F3BDC-0A1B-4436-A696-5939629D5C31}) (Version: 1.20.10 - TOSHIBA Corporation)
TOSHIBA Extended Tiles for Windows Mobility Center (HKLM\...\InstallShield_{617C36FD-0CBE-4600-84B2-441CEB12FADF}) (Version: 1.01.00 - TOSHIBA Corporation)
TOSHIBA Face Recognition (HKLM\...\InstallShield_{C730E42C-935A-45BB-A0C5-37E5234D111B}) (Version: 1.0.3.32 - TOSHIBA)
TOSHIBA Hardware Setup (HKLM\...\{2883F6F5-0509-43F3-868C-D50330DD9DD3}) (Version: 2.00.06 - )
Toshiba Registration (HKLM\...\{C53D16CC-E56F-47B8-906E-70AAF8EABB4F}) (Version: 1.00.0000 - Datalode Inc.)
TOSHIBA SD Memory Utilities (HKLM\...\{EBFF48F5-3CFA-436F-8FD5-94FB01D3A0A7}) (Version: 1.8.1.1 - TOSHIBA)
TOSHIBA Software Upgrades (HKLM\...\{425A2BC2-AA64-4107-9C29-484245BBEA05}) (Version: 4.3 - TOSHIBA)
TOSHIBA Speech System Applications (HKLM\...\{EE033C1F-443E-41EC-A0E2-559B539A4E4D}) (Version: - )
TOSHIBA Speech System SR Engine(U.S.) Version1.0 (HKLM\...\{008D69EB-70FF-46AB-9C75-924620DF191A}) (Version: - )
TOSHIBA Speech System TTS Engine(U.S.) Version1.0 (HKLM\...\{3FBF6F99-8EC6-41B4-8527-0A32241B5496}) (Version: - )
TOSHIBA Supervisor Password (HKLM\...\{4B1E87C3-00DE-4898-8E39-E390AAEF2391}) (Version: 2.00.03 - )
TOSHIBA Value Added Package (HKLM\...\InstallShield_{FEDD27A0-B306-45EF-BF58-B527406B42C8}) (Version: 1.1.14 - TOSHIBA Corporation)
TrueSuite Access Manager (HKLM\...\{A2075A09-28AA-4D30-9BCC-82EAD9FA51BD}) (Version: 1.1.13.13 - ABIG)
TRW conferencing (HKLM\...\{E23E9487-2B6B-42CA-AE8D-E2369563AB02}) (Version: 7.71 - Digitalweb)
TurboMeeting (HKU\S-1-5-21-3399307451-3074549587-1771456082-1000\...\TurboMeeting) (Version: 3.0.300 - RHUB Communications, Inc.)
Unlocker 1.9.0 (HKLM\...\Unlocker) (Version: 1.9.0 - Cedrick Collomb)
Video Mover (HKLM\...\Video Mover_is1) (Version: - )
VLC media player (HKLM\...\VLC media player) (Version: 2.2.2 - VideoLAN)
Windows Driver Package - Nokia Modem (02/25/2011 4.7) (HKLM\...\E0AC723A3DE3A04256288CADBBB011B112AED454) (Version: 02/25/2011 4.7 - Nokia)
Windows Driver Package - Nokia Modem (02/25/2011 7.01.0.9) (HKLM\...\72A50F48CC5601190B9C4E74D81161693133E7F7) (Version: 02/25/2011 7.01.0.9 - Nokia)
Windows Driver Package - Nokia pccsmcfd (08/22/2008 7.0.0.0) (HKLM\...\504244733D18C8F63FF584AEB290E3904E791693) (Version: 08/22/2008 7.0.0.0 - Nokia)
Windows Live Essentials (HKLM\...\WinLiveSuite) (Version: 15.4.3538.0513 - Microsoft Corporation)
Windows Media Encoder 9 Series (HKLM\...\Windows Media Encoder 9) (Version: - )
WinPcap 4.1.2 (HKLM\...\WinPcapInst) (Version: 4.1.0.2001 - CACE Technologies)
Your monster voice 1 (HKLM\...\Your monster voice 1) (Version: - )
Zemana AntiMalware (HKLM\...\{8F0CD7D1-42F3-4195-95CD-833578D45057}_is1) (Version: 2.60.1 - Zemana Ltd.)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-3399307451-3074549587-1771456082-1000_Classes\CLSID\{01B48E19-3C98-4B34-B679-86D14E74C2D8}\InprocServer32 -> no filepath
CustomCLSID: HKU\S-1-5-21-3399307451-3074549587-1771456082-1000_Classes\CLSID\{022105BD-948A-40C9-AB42-A3300DDF097F}\localserver32 -> C:\Users\psimoes\AppData\Local\Google\Update\GoogleUpdate.exe (Google Inc.)
CustomCLSID: HKU\S-1-5-21-3399307451-3074549587-1771456082-1000_Classes\CLSID\{035FBE31-3755-450A-A775-5E6BBD43D344}\InprocServer32 -> C:\Users\psimoes\AppData\Local\Google\Update\1.3.21.135\psuser.dll => No File
CustomCLSID: HKU\S-1-5-21-3399307451-3074549587-1771456082-1000_Classes\CLSID\{039B2CA5-3B41-4D93-AD77-47D3293FC5CB}\InprocServer32 -> no filepath
CustomCLSID: HKU\S-1-5-21-3399307451-3074549587-1771456082-1000_Classes\CLSID\{095A2EEC-F7FE-42E8-96FB-C20E53081908}\InprocServer32 -> no filepath
CustomCLSID: HKU\S-1-5-21-3399307451-3074549587-1771456082-1000_Classes\CLSID\{0E55CBE1-B06A-49B6-AD8D-9EFAA0160C6F}\InprocServer32 -> no filepath
CustomCLSID: HKU\S-1-5-21-3399307451-3074549587-1771456082-1000_Classes\CLSID\{0F22A205-CFB0-4679-8499-A6F44A80A208}\InprocServer32 -> C:\Users\psimoes\AppData\Local\Google\Update\1.3.25.5\psuser.dll => No File
CustomCLSID: HKU\S-1-5-21-3399307451-3074549587-1771456082-1000_Classes\CLSID\{11CD84A3-A5E0-43CB-B3DF-92C623C0E0E0}\InprocServer32 -> C:\Windows\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3399307451-3074549587-1771456082-1000_Classes\CLSID\{1423F872-3F7F-4E57-B621-8B1A9D49B448}\InprocServer32 -> C:\Users\psimoes\AppData\Local\Google\Update\1.3.27.5\psuser.dll => No File
CustomCLSID: HKU\S-1-5-21-3399307451-3074549587-1771456082-1000_Classes\CLSID\{1FD1FE74-9E3C-4C1C-AEEB-AAB592AD770F}\localserver32 -> C:\Users\psimoes\AppData\Local\Facebook\Update\FacebookUpdate.exe (Facebook Inc.)
CustomCLSID: HKU\S-1-5-21-3399307451-3074549587-1771456082-1000_Classes\CLSID\{22181302-A8A6-4F84-A541-E5CBFC70CC43}\localserver32 -> C:\Users\psimoes\AppData\Local\Google\Update\1.3.31.5\GoogleUpdateOnDemand.exe (Google Inc.)
CustomCLSID: HKU\S-1-5-21-3399307451-3074549587-1771456082-1000_Classes\CLSID\{29A96789-9595-4947-BEDB-0FCC776F7DB8}\InprocServer32 -> no filepath
CustomCLSID: HKU\S-1-5-21-3399307451-3074549587-1771456082-1000_Classes\CLSID\{2A235D7E-0358-40E2-B51A-DE22F8F5C50D}\InprocServer32 -> C:\Windows\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3399307451-3074549587-1771456082-1000_Classes\CLSID\{2F0E2680-9FF5-43C0-B76E-114A56E93598}\localserver32 -> C:\Users\psimoes\AppData\Local\Google\Update\1.3.31.5\GoogleUpdateOnDemand.exe (Google Inc.)
CustomCLSID: HKU\S-1-5-21-3399307451-3074549587-1771456082-1000_Classes\CLSID\{320F0FDB-BE0A-4648-9D18-4A2C3448C007}\InprocServer32 -> no filepath
CustomCLSID: HKU\S-1-5-21-3399307451-3074549587-1771456082-1000_Classes\CLSID\{355EC88A-02E2-4547-9DEE-F87426484BD1}\InprocServer32 -> C:\Users\psimoes\AppData\Local\Google\Update\1.3.23.9\psuser.dll => No File
CustomCLSID: HKU\S-1-5-21-3399307451-3074549587-1771456082-1000_Classes\CLSID\{39125640-8D80-11DC-A2FE-C5C455D89593}\InprocServer32 -> C:\Users\psimoes\AppData\Local\Google\Google Talk Plugin\googletalkax.dll (Google)
CustomCLSID: HKU\S-1-5-21-3399307451-3074549587-1771456082-1000_Classes\CLSID\{3D0E3723-95BF-4639-BE54-BB803AE4AE13}\localserver32 -> C:\Program Files\Candleworks\FXTS2\FXTSpp.exe ()
CustomCLSID: HKU\S-1-5-21-3399307451-3074549587-1771456082-1000_Classes\CLSID\{42481700-CF3C-4D05-8EC6-F9A1C57E8DC0}\InprocServer32 -> no filepath
CustomCLSID: HKU\S-1-5-21-3399307451-3074549587-1771456082-1000_Classes\CLSID\{4DF0C730-DF9D-4AE3-9153-AA6B82E9795A}\InprocServer32 -> no filepath
CustomCLSID: HKU\S-1-5-21-3399307451-3074549587-1771456082-1000_Classes\CLSID\{51F9E8EF-59D7-475B-A106-C7EA6F30C119}\localserver32 -> C:\Users\psimoes\AppData\Local\Google\Update\1.3.31.5\GoogleUpdateOnDemand.exe (Google Inc.)
CustomCLSID: HKU\S-1-5-21-3399307451-3074549587-1771456082-1000_Classes\CLSID\{590C4387-5EBD-4D46-8A84-CD0BA2EF2856}\InprocServer32 -> C:\Users\psimoes\AppData\Local\Google\Update\1.3.30.3\psuser.dll => No File
CustomCLSID: HKU\S-1-5-21-3399307451-3074549587-1771456082-1000_Classes\CLSID\{59B55F04-DE14-4BB8-92FF-C4A22EF2E5F4}\InprocServer32 -> C:\Users\psimoes\AppData\Local\Google\Update\1.3.31.5\psuser.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-3399307451-3074549587-1771456082-1000_Classes\CLSID\{5C8C2A98-6133-4EBA-BBCC-34D9EA01FC2E}\InprocServer32 -> C:\Users\psimoes\AppData\Local\Google\Update\1.3.28.1\psuser.dll => No File
CustomCLSID: HKU\S-1-5-21-3399307451-3074549587-1771456082-1000_Classes\CLSID\{5E71E4F3-E8C7-4906-9626-973E418762B6}\InprocServer32 -> C:\Users\psimoes\AppData\Local\Facebook\Update\1.2.205.0\goopdate.dll (Facebook Inc.)
CustomCLSID: HKU\S-1-5-21-3399307451-3074549587-1771456082-1000_Classes\CLSID\{62A0D750-DED9-448C-B693-406B34BB0892}\InprocServer32 -> C:\Users\psimoes\AppData\Local\Google\Update\1.3.21.145\psuser.dll => No File
CustomCLSID: HKU\S-1-5-21-3399307451-3074549587-1771456082-1000_Classes\CLSID\{634059C0-D264-4B2C-AE80-F73E48D33E5B}\InprocServer32 -> C:\Users\psimoes\AppData\Local\Google\Update\1.3.21.123\psuser.dll => No File
CustomCLSID: HKU\S-1-5-21-3399307451-3074549587-1771456082-1000_Classes\CLSID\{672CDBDB-0270-4EB9-83EC-216377522D21}\InprocServer32 -> C:\Windows\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3399307451-3074549587-1771456082-1000_Classes\CLSID\{6D7374DE-63AA-473C-8C02-60D9CDCD84C5}\InprocServer32 -> C:\Users\psimoes\AppData\Local\Google\Update\1.3.21.153\psuser.dll => No File
CustomCLSID: HKU\S-1-5-21-3399307451-3074549587-1771456082-1000_Classes\CLSID\{78550997-5DEF-4A8A-BAF9-D5774E87AC98}\InprocServer32 -> C:\Users\psimoes\AppData\Local\Google\Update\1.3.28.13\psuser.dll => No File
CustomCLSID: HKU\S-1-5-21-3399307451-3074549587-1771456082-1000_Classes\CLSID\{793EE463-1304-471C-ADF1-68C2FFB01247}\InprocServer32 -> C:\Users\psimoes\AppData\Local\Google\Update\1.3.29.5\psuser.dll => No File
CustomCLSID: HKU\S-1-5-21-3399307451-3074549587-1771456082-1000_Classes\CLSID\{841BFDCA-6A9A-4EBC-BC7E-194AA5DCE428}\InprocServer32 -> C:\Windows\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3399307451-3074549587-1771456082-1000_Classes\CLSID\{84B5A313-CD5D-4904-8BA2-AFDC81C1B309}\InprocServer32 -> C:\Program Files\Citrix\GoToMeeting\3880\G2MOutlookAddin.dll (Citrix Online, a division of Citrix Systems, Inc.)
CustomCLSID: HKU\S-1-5-21-3399307451-3074549587-1771456082-1000_Classes\CLSID\{8B9F5BF4-0407-4BB2-9FED-4C0372DABD00}\localserver32 -> C:\Users\psimoes\AppData\Local\Facebook\Video\Skype\FacebookVideoCallingProxy.exe (Skype Limited)
CustomCLSID: HKU\S-1-5-21-3399307451-3074549587-1771456082-1000_Classes\CLSID\{90B3DFBF-AF6A-4EA0-8899-F332194690F8}\InprocServer32 -> C:\Users\psimoes\AppData\Local\Google\Update\1.3.24.15\psuser.dll => No File
CustomCLSID: HKU\S-1-5-21-3399307451-3074549587-1771456082-1000_Classes\CLSID\{91EFB276-CEFE-48EC-BB3A-57795A7B4008}\InprocServer32 -> C:\Users\psimoes\AppData\Local\Google\Update\1.3.21.149\psuser.dll => No File
CustomCLSID: HKU\S-1-5-21-3399307451-3074549587-1771456082-1000_Classes\CLSID\{A45426FB-E444-42B2-AA56-419F8FBEEC61}\InprocServer32 -> C:\Users\psimoes\AppData\Local\Google\Update\1.3.22.3\psuser.dll => No File
CustomCLSID: HKU\S-1-5-21-3399307451-3074549587-1771456082-1000_Classes\CLSID\{A4EEBF66-92EB-4F2A-9F1E-2F6D14B30DA6}\InprocServer32 -> no filepath
CustomCLSID: HKU\S-1-5-21-3399307451-3074549587-1771456082-1000_Classes\CLSID\{A54D478D-4F70-4F72-9A74-17C9986E35AB}\InprocServer32 -> C:\Users\psimoes\AppData\Local\Google\Update\1.3.21.165\psuser.dll => No File
CustomCLSID: HKU\S-1-5-21-3399307451-3074549587-1771456082-1000_Classes\CLSID\{AB9F4455-E591-4132-A386-0B91EAEDB96C}\InprocServer32 -> C:\Users\psimoes\AppData\Local\Google\Google Talk Plugin\o1dax.dll (Google)
CustomCLSID: HKU\S-1-5-21-3399307451-3074549587-1771456082-1000_Classes\CLSID\{C3101A8B-0EE1-4612-BFE9-41FFC1A3C19D}\InprocServer32 -> C:\Users\psimoes\AppData\Local\Google\Update\1.3.31.5\npGoogleUpdate3.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-3399307451-3074549587-1771456082-1000_Classes\CLSID\{C3BC25C0-FCD3-4F01-AFDD-41373F017C9A}\InprocServer32 -> C:\Users\psimoes\AppData\Local\Google\Update\1.3.26.9\psuser.dll => No File
CustomCLSID: HKU\S-1-5-21-3399307451-3074549587-1771456082-1000_Classes\CLSID\{C442AC41-9200-4770-8CC0-7CDB4F245C55}\InprocServer32 -> C:\Users\psimoes\AppData\Local\Google\Update\1.3.31.5\npGoogleUpdate3.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-3399307451-3074549587-1771456082-1000_Classes\CLSID\{C5A2122B-A05B-4FD8-AE49-91990AE10998}\InprocServer32 -> no filepath
CustomCLSID: HKU\S-1-5-21-3399307451-3074549587-1771456082-1000_Classes\CLSID\{CBE9C57E-FFA9-4123-8354-AD360D6DD3CC}\InprocServer32 -> C:\Users\psimoes\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll (Skype Limited)
CustomCLSID: HKU\S-1-5-21-3399307451-3074549587-1771456082-1000_Classes\CLSID\{CC182BE1-84CE-4A57-B85C-FD4BBDF78CB2}\InprocServer32 -> C:\Users\psimoes\AppData\Local\Google\Update\1.3.29.1\psuser.dll => No File
CustomCLSID: HKU\S-1-5-21-3399307451-3074549587-1771456082-1000_Classes\CLSID\{D0336C0B-7919-4C04-8CCE-2EBAE2ECE8C9}\InprocServer32 -> C:\Users\psimoes\AppData\Local\Google\Update\1.3.25.11\psuser.dll => No File
CustomCLSID: HKU\S-1-5-21-3399307451-3074549587-1771456082-1000_Classes\CLSID\{D0D38C6E-BF64-4C42-840D-3E0019D9F7A6}\InprocServer32 -> no filepath
CustomCLSID: HKU\S-1-5-21-3399307451-3074549587-1771456082-1000_Classes\CLSID\{D1EDC4F5-7F4D-4B12-906A-614ECF66DDAF}\InprocServer32 -> C:\Users\psimoes\AppData\Local\Google\Update\1.3.28.15\psuser.dll => No File
CustomCLSID: HKU\S-1-5-21-3399307451-3074549587-1771456082-1000_Classes\CLSID\{D9144DCD-E998-4ECA-AB6A-DCD83CCBA16D}\InprocServer32 -> no filepath
CustomCLSID: HKU\S-1-5-21-3399307451-3074549587-1771456082-1000_Classes\CLSID\{DB25D157-76D4-41C1-97B5-359E4A4CECEB}\InprocServer32 -> no filepath
CustomCLSID: HKU\S-1-5-21-3399307451-3074549587-1771456082-1000_Classes\CLSID\{E5F07F0E-C4AE-4AA8-AE7E-FC3DB683977E}\InprocServer32 -> no filepath
CustomCLSID: HKU\S-1-5-21-3399307451-3074549587-1771456082-1000_Classes\CLSID\{E67BE843-BBBE-4484-95FB-05271AE86750}\localserver32 -> C:\Users\psimoes\AppData\Local\Google\Update\1.3.31.5\GoogleUpdateOnDemand.exe (Google Inc.)
CustomCLSID: HKU\S-1-5-21-3399307451-3074549587-1771456082-1000_Classes\CLSID\{E8CF3E55-F919-49D9-ABC0-948E6CB34B9F}\InprocServer32 -> C:\Users\psimoes\AppData\Local\Google\Update\1.3.31.5\psuser.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-3399307451-3074549587-1771456082-1000_Classes\CLSID\{EB06378B-ABB6-4B3C-9B40-D488DD8A6E93}\InprocServer32 -> C:\Users\psimoes\AppData\Local\Google\Update\1.3.22.5\psuser.dll => No File
CustomCLSID: HKU\S-1-5-21-3399307451-3074549587-1771456082-1000_Classes\CLSID\{FB994D36-B312-46CE-A40B-CF63980641F9}\InprocServer32 -> no filepath
CustomCLSID: HKU\S-1-5-21-3399307451-3074549587-1771456082-1000_Classes\CLSID\{FE498BAB-CB4C-4F88-AC3F-3641AAAF5E9E}\InprocServer32 -> C:\Users\psimoes\AppData\Local\Google\Update\1.3.24.7\psuser.dll => No File

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {0D161987-AD10-4D61-B6AF-08F1AF26C734} - System32\Tasks\Microsoft\Windows Defender\MP Scheduled Signature Update => c:\program files\windows defender\MpCmdRun.exe [2008-01-20] (Microsoft Corporation)
Task: {10F2238D-1EFD-497B-9F82-2ED7F4C95DD0} - System32\Tasks\FacebookUpdateTaskUserS-1-5-21-3399307451-3074549587-1771456082-1000UA => C:\Users\psimoes\AppData\Local\Facebook\Update\FacebookUpdate.exe [2012-07-11] (Facebook Inc.)
Task: {19B6ADC6-F3BD-4A45-9CB2-9DC80C9BA1F5} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files\Google\Update\GoogleUpdate.exe [2015-08-28] (Google Inc.)
Task: {1B2D5FC3-FD37-4F6B-B75D-92A79188796E} - System32\Tasks\PCMAgent.exe_1826580705 => C:\Program Files\CyberLink\PowerCinema for TOSHIBA\PCMAgent.exe [2007-12-13] (CyberLink Corp.)
Task: {35DA24BC-4BEA-4952-9DA5-B76E941F8DC9} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2015-12-13] (Adobe Systems Incorporated)
Task: {363B5A23-E3F2-4920-96D6-0FE18DF74777} - System32\Tasks\SafeZone scheduled Autoupdate 1464051125 => C:\Program Files\AVAST Software\SZBrowser\launcher.exe
Task: {3921AC9D-4361-4ECB-8B8E-644734DC37D7} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2015-09-16] (Piriform Ltd)
Task: {5255BE42-F960-4D14-B4BD-AC20C3743812} - System32\Tasks\CrystalDiskInfo => C:\Users\psimoes\Desktop\AntiV\CrystalDiskInfo6_2_2\DiskInfo.exe [2014-12-19] (Crystal Dew World)
Task: {5409B770-4508-4CB0-A052-26CAB9E4B9FA} - System32\Tasks\Opera scheduled Autoupdate 1382066025 => C:\Program Files\Opera\launcher.exe [2016-08-05] (Opera Software)
Task: {59C50FF3-0D3B-4CC6-BCBF-2D74EC3778AA} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-3399307451-3074549587-1771456082-1000UA => C:\Users\psimoes\AppData\Local\Google\Update\GoogleUpdate.exe [2015-08-30] (Google Inc.)
Task: {605400B6-8685-48B6-A6B9-A8C5529FC843} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files\Google\Update\GoogleUpdate.exe [2015-08-28] (Google Inc.)
Task: {81E48EDE-D2AC-4A54-B5A4-CAC8152C6D87} - System32\Tasks\FacebookUpdateTaskUserS-1-5-21-3399307451-3074549587-1771456082-1000Core => C:\Users\psimoes\AppData\Local\Facebook\Update\FacebookUpdate.exe [2012-07-11] (Facebook Inc.)
Task: {914710E2-0A42-44A6-AFA4-A6D7EAEDF898} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2016-11-08] (Adobe Systems Incorporated)
Task: {954E1E94-94FD-420B-9725-623FAB68F590} - System32\Tasks\{C074CB77-8752-4695-819D-DF00F7AAE9A6} => Chrome.exe hxxp://ui.skype.com/ui/0/6.18.59.106/en/abandoninstall?page=tsMain
Task: {9C8D6C2E-DF0E-4E97-BBB6-2A797D3B3BC4} - System32\Tasks\SafeZone scheduled Autoupdate 1458652480 => C:\Program Files\AVAST Software\SZBrowser\launcher.exe
Task: {A879EAD0-908D-481B-A17F-06FDB1F79C50} - System32\Tasks\{EB5A17F7-59B1-4914-80F9-8981CBF7FF0B} => C:\Program Files\Gizmo\gizmo.exe [2011-07-02] (Arainia Solutions)
Task: {B52E95C6-0FEB-457F-A518-4DE31303C9AF} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-3399307451-3074549587-1771456082-1000Core => C:\Users\psimoes\AppData\Local\Google\Update\GoogleUpdate.exe [2015-08-30] (Google Inc.)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3399307451-3074549587-1771456082-1000Core.job => C:\Users\psimoes\AppData\Local\Facebook\Update\FacebookUpdate.exe
Task: C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3399307451-3074549587-1771456082-1000UA.job => C:\Users\psimoes\AppData\Local\Facebook\Update\FacebookUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3399307451-3074549587-1771456082-1000Core.job => C:\Users\psimoes\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3399307451-3074549587-1771456082-1000UA.job => C:\Users\psimoes\AppData\Local\Google\Update\GoogleUpdate.exe

==================== Shortcuts =============================

(The entries could be listed to be restored or removed.)

Shortcut: C:\Users\psimoes\Favorites\NCH Software Download Site.lnk -> hxxp://www.nchsoftware.com/index.html
Shortcut: C:\Users\psimoes\Favorites\NCH Software Download.lnk -> hxxp://www.nchsoftware.com/index.html

ShortcutWithArgument: C:\Users\psimoes\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Send Anywhere (File Transfer).lnk -> C:\Program Files\Google\Chrome\Application\chrome.exe (Google Inc.) -> --profile-directory=Default --app-id=hihbikoooaenkpdooehgemieligjejcb
ShortcutWithArgument: C:\Users\psimoes\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\StartPage Search Engine.lnk -> C:\Program Files\Google\Chrome\Application\chrome.exe (Google Inc.) -> --profile-directory=Default --app-id=choepknhbopmendmnohbaemeaeemnaom

==================== Loaded Modules (Whitelisted) ==============

2013-06-27 00:10 - 2012-02-23 14:57 - 00022944 _____ () C:\Program Files\Belkin\Router Setup and Monitor\BelkinServicePS.dll
2014-10-18 17:39 - 2014-08-21 10:23 - 00270040 _____ () C:\Program Files\AOMEI Backupper Standard Edition 2.0.2\UiLogic.dll
2014-10-18 17:39 - 2014-08-21 10:22 - 00229080 _____ () C:\Program Files\AOMEI Backupper Standard Edition 2.0.2\diskmgr.dll
2014-10-18 17:39 - 2014-08-21 10:22 - 00265944 _____ () C:\Program Files\AOMEI Backupper Standard Edition 2.0.2\Comn.dll
2014-10-18 17:39 - 2014-08-21 10:23 - 00077528 _____ () C:\Program Files\AOMEI Backupper Standard Edition 2.0.2\Ldm.dll
2014-10-18 17:39 - 2014-08-21 10:22 - 00061144 _____ () C:\Program Files\AOMEI Backupper Standard Edition 2.0.2\Device.dll
2014-10-18 17:39 - 2014-08-21 10:22 - 00257752 _____ () C:\Program Files\AOMEI Backupper Standard Edition 2.0.2\BrFat.dll
2014-10-18 17:39 - 2014-08-21 10:22 - 00376536 _____ () C:\Program Files\AOMEI Backupper Standard Edition 2.0.2\BrNtfs.dll
2014-10-18 17:39 - 2014-08-21 10:22 - 00106200 _____ () C:\Program Files\AOMEI Backupper Standard Edition 2.0.2\FuncLogic.dll
2014-10-18 17:39 - 2014-08-21 10:22 - 00233176 _____ () C:\Program Files\AOMEI Backupper Standard Edition 2.0.2\Clone.dll
2014-10-18 17:39 - 2014-08-21 10:23 - 00335576 _____ () C:\Program Files\AOMEI Backupper Standard Edition 2.0.2\ImgFile.dll
2014-10-18 17:39 - 2014-08-21 10:22 - 00028376 _____ () C:\Program Files\AOMEI Backupper Standard Edition 2.0.2\Encrypt.dll
2014-10-18 17:39 - 2014-08-21 10:22 - 00073432 _____ () C:\Program Files\AOMEI Backupper Standard Edition 2.0.2\Compress.dll
2014-10-18 17:39 - 2014-08-21 10:22 - 00093912 _____ () C:\Program Files\AOMEI Backupper Standard Edition 2.0.2\BrVol.dll
2014-10-18 17:39 - 2014-08-21 10:22 - 00188120 _____ () C:\Program Files\AOMEI Backupper Standard Edition 2.0.2\GptBcd.dll
2014-10-18 17:39 - 2014-08-21 10:22 - 00147160 _____ () C:\Program Files\AOMEI Backupper Standard Edition 2.0.2\FlBackup.dll
2014-10-18 17:39 - 2014-08-21 10:22 - 00478936 _____ () C:\Program Files\AOMEI Backupper Standard Edition 2.0.2\EnumFolder.dll
2014-10-18 17:39 - 2014-08-21 10:22 - 00102104 _____ () C:\Program Files\AOMEI Backupper Standard Edition 2.0.2\Backup.dll
2014-10-18 17:39 - 2014-08-21 10:22 - 00098008 _____ () C:\Program Files\AOMEI Backupper Standard Edition 2.0.2\BrLog.dll
2014-10-18 17:39 - 2013-01-17 16:38 - 02403504 _____ () C:\Program Files\AOMEI Backupper Standard Edition 2.0.2\QtCore4.dll
2011-07-02 10:00 - 2011-07-02 10:00 - 00059304 _____ () C:\Program Files\Gizmo\gshell.dll
2013-06-27 00:11 - 2011-04-19 15:29 - 00132608 _____ () C:\Program Files\Belkin\Belkin USB Print and Storage Center\BkLocalBackup.dll
2016-11-15 14:33 - 2016-11-15 14:33 - 00129392 _____ () C:\Program Files\Zemana AntiMalware\ZAMShellExt32.dll
2013-06-27 00:11 - 2011-04-19 15:29 - 00152576 _____ () C:\Program Files\Belkin\Belkin USB Print and Storage Center\BkBackupScheduler.exe
2008-01-30 18:30 - 2008-01-30 18:30 - 00159744 _____ () C:\Windows\system32\atitmmxx.dll
2013-06-27 00:11 - 2010-02-09 14:55 - 00049152 _____ () C:\Program Files\Belkin\Belkin USB Print and Storage Center\Bkapcs.exe
2015-12-15 12:17 - 2015-12-15 12:17 - 00618544 _____ () C:\Program Files\Panda Security\Panda Security Protection\SQLite3.dll
2013-10-17 14:27 - 2013-10-17 14:27 - 00166912 _____ () C:\Program Files\HTC\Internet Pass-Through\PassThruSvr.exe
2008-02-12 21:22 - 2007-01-25 21:47 - 00136816 _____ () C:\Toshiba\IVP\ISM\pinger.exe
2008-02-12 21:22 - 2007-10-23 19:27 - 00066928 _____ () c:\Toshiba\IVP\swupdate\swupdtmr.exe
2009-02-16 02:43 - 2007-06-05 19:42 - 00094208 _____ () C:\Program Files\TrueSuite Access Manager\usbnotify.exe
2013-06-27 00:10 - 2010-08-22 19:01 - 00325632 _____ () C:\Program Files\Belkin\Router Setup and Monitor\QtXml4.dll
2013-06-27 00:10 - 2010-08-22 19:01 - 01954304 _____ () C:\Program Files\Belkin\Router Setup and Monitor\QtCore4.dll
2013-06-27 00:10 - 2010-08-22 19:01 - 07187456 _____ () C:\Program Files\Belkin\Router Setup and Monitor\QtGui4.dll
2013-06-27 00:10 - 2010-08-22 19:01 - 00847360 _____ () C:\Program Files\Belkin\Router Setup and Monitor\QtNetwork4.dll
2013-06-27 00:10 - 2010-08-22 18:32 - 00119808 _____ () C:\Program Files\Belkin\Router Setup and Monitor\imageformats\qjpeg4.dll
2008-02-12 21:13 - 2008-01-29 19:00 - 00430080 _____ () C:\Program Files\Toshiba\TOSCDSPD\TOSCDSPD.exe
2013-06-27 00:10 - 2012-02-23 14:19 - 00669696 _____ () C:\Program Files\Belkin\Router Setup and Monitor\gateways\GenericBelkinGatewayLOC.dll
2007-12-12 15:46 - 2007-12-12 15:46 - 00016384 ____R () C:\Program Files\ATI Technologies\ATI.ACE\Branding\Branding.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)

AlternateDataStreams: C:\Windows\notepad.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\basesrv.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\cewmdm.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\clfs.sys:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\clfsw32.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\comctl32.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\corpol.dll:$CmdTcID [130]
AlternateDataStreams: C:\Windows\system32\dxmasf.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\dxtmsft.dll:$CmdTcID [130]
AlternateDataStreams: C:\Windows\system32\dxtrans.dll:$CmdTcID [130]
AlternateDataStreams: C:\Windows\system32\emdmgmt.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\ie4uinit.exe:$CmdTcID [130]
AlternateDataStreams: C:\Windows\system32\iedkcs32.dll:$CmdTcID [130]
AlternateDataStreams: C:\Windows\system32\ieframe.dll:$CmdTcID [130]
AlternateDataStreams: C:\Windows\system32\iepeers.dll:$CmdTcID [130]
AlternateDataStreams: C:\Windows\system32\iernonce.dll:$CmdTcID [130]
AlternateDataStreams: C:\Windows\system32\iertutil.dll:$CmdTcID [130]
AlternateDataStreams: C:\Windows\system32\iesetup.dll:$CmdTcID [130]
AlternateDataStreams: C:\Windows\system32\iesysprep.dll:$CmdTcID [130]
AlternateDataStreams: C:\Windows\system32\ieui.dll:$CmdTcID [130]
AlternateDataStreams: C:\Windows\system32\ieUnatt.exe:$CmdTcID [130]
AlternateDataStreams: C:\Windows\system32\inetcpl.cpl:$CmdTcID [130]
AlternateDataStreams: C:\Windows\system32\jsproxy.dll:$CmdTcID [130]
AlternateDataStreams: C:\Windows\system32\licmgr10.dll:$CmdTcID [130]
AlternateDataStreams: C:\Windows\system32\msctf.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\msdxm.ocx:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\msfeeds.dll:$CmdTcID [130]
AlternateDataStreams: C:\Windows\system32\msfeedsbs.dll:$CmdTcID [130]
AlternateDataStreams: C:\Windows\system32\msfeedssync.exe:$CmdTcID [130]
AlternateDataStreams: C:\Windows\system32\mshtml.dll:$CmdTcID [130]
AlternateDataStreams: C:\Windows\system32\mshtmled.dll:$CmdTcID [130]
AlternateDataStreams: C:\Windows\system32\msi.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\msiexec.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\msmmsp.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\mstime.dll:$CmdTcID [130]
AlternateDataStreams: C:\Windows\system32\mstscax.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\msv1_0.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\ncsi.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\nlaapi.dll:$CmdTcID [130]
AlternateDataStreams: C:\Windows\system32\nlasvc.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\notepad.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\occache.dll:$CmdTcID [130]
AlternateDataStreams: C:\Windows\system32\PresentationCFFRasterizerNative_v0300.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\profsvc.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\scesrv.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\services.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\spwmp.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\url.dll:$CmdTcID [130]
AlternateDataStreams: C:\Windows\system32\urlmon.dll:$CmdTcID [130]
AlternateDataStreams: C:\Windows\system32\vbscript.dll:$CmdTcID [130]
AlternateDataStreams: C:\Windows\system32\WebClnt.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\WindowsCodecs.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\wininet.dll:$CmdTcID [130]
AlternateDataStreams: C:\Windows\system32\wmp.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\WMPhoto.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\wmploc.DLL:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\Drivers\ecache.sys:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\Drivers\mountmgr.sys:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\Drivers\mrxsmb.sys:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\Drivers\mrxsmb10.sys:$CmdTcID [130]
AlternateDataStreams: C:\Windows\system32\Drivers\mrxsmb20.sys:$CmdTcID [64]
AlternateDataStreams: C:\ProgramData\TEMP:56AC8DD1 [364]
AlternateDataStreams: C:\ProgramData\TEMP:5C321E34 [118]
AlternateDataStreams: C:\Users\psimoes\Downloads\39F2.tmp:$CmdTcID [64]

==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" value will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\NanoServiceMain => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PSUAService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\NanoServiceMain => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\PSUAService => ""="Service"

==================== Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)

HKLM\...\cmdfile\DefaultIcon: %SystemRoot%\System32\imageres.dll,-68 <===== ATTENTION

==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)

IE restricted site: HKU\S-1-5-21-3399307451-3074549587-1771456082-1000\...\008i.com -> 008i.com
IE restricted site: HKU\S-1-5-21-3399307451-3074549587-1771456082-1000\...\008k.com -> 008k.com
IE restricted site: HKU\S-1-5-21-3399307451-3074549587-1771456082-1000\...\00hq.com -> 00hq.com
IE restricted site: HKU\S-1-5-21-3399307451-3074549587-1771456082-1000\...\0190-dialers.com -> 0190-dialers.com
IE restricted site: HKU\S-1-5-21-3399307451-3074549587-1771456082-1000\...\01i.info -> 01i.info
IE restricted site: HKU\S-1-5-21-3399307451-3074549587-1771456082-1000\...\02pmnzy5eo29bfk4.com -> 02pmnzy5eo29bfk4.com
IE restricted site: HKU\S-1-5-21-3399307451-3074549587-1771456082-1000\...\05p.com -> 05p.com
IE restricted site: HKU\S-1-5-21-3399307451-3074549587-1771456082-1000\...\07ic5do2myz3vzpk.com -> 07ic5do2myz3vzpk.com
IE restricted site: HKU\S-1-5-21-3399307451-3074549587-1771456082-1000\...\08nigbmwk43i01y6.com -> 08nigbmwk43i01y6.com
IE restricted site: HKU\S-1-5-21-3399307451-3074549587-1771456082-1000\...\093qpeuqpmz6ebfa.com -> 093qpeuqpmz6ebfa.com
IE restricted site: HKU\S-1-5-21-3399307451-3074549587-1771456082-1000\...\0calories.net -> 0calories.net
IE restricted site: HKU\S-1-5-21-3399307451-3074549587-1771456082-1000\...\0cj.net -> 0cj.net
IE restricted site: HKU\S-1-5-21-3399307451-3074549587-1771456082-1000\...\0scan.com -> 0scan.com
IE restricted site: HKU\S-1-5-21-3399307451-3074549587-1771456082-1000\...\1-britney-spears-nude.com -> 1-britney-spears-nude.com
IE restricted site: HKU\S-1-5-21-3399307451-3074549587-1771456082-1000\...\1-domains-registrations.com -> 1-domains-registrations.com
IE restricted site: HKU\S-1-5-21-3399307451-3074549587-1771456082-1000\...\1-se.com -> 1-se.com
IE restricted site: HKU\S-1-5-21-3399307451-3074549587-1771456082-1000\...\1001movie.com -> 1001movie.com
IE restricted site: HKU\S-1-5-21-3399307451-3074549587-1771456082-1000\...\1001night.biz -> 1001night.biz
IE restricted site: HKU\S-1-5-21-3399307451-3074549587-1771456082-1000\...\100gal.net -> 100gal.net
IE restricted site: HKU\S-1-5-21-3399307451-3074549587-1771456082-1000\...\100sexlinks.com -> 100sexlinks.com

There are 4928 more sites.


==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2015-08-30 23:16 - 2016-11-14 16:26 - 00000781 ____A C:\Windows\system32\Drivers\etc\hosts


127.0.0.1 localhost
::1 localhost

==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-3399307451-3074549587-1771456082-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\Public\Pictures\Sample Pictures\1Tomorrow.Is.Too.Late_3840x2160.jpg
DNS Servers: 192.168.2.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 2) (ConsentPromptBehaviorUser: 1) (EnableLUA: 1)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

MSCONFIG\startupfolder: C:^Users^psimoes^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^MagicDisc.lnk => C:\Windows\pss\MagicDisc.lnk.Startup
MSCONFIG\startupfolder: C:^Users^psimoes^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OneNote 2007 Screen Clipper and Launcher.lnk => C:\Windows\pss\OneNote 2007 Screen Clipper and Launcher.lnk.Startup
MSCONFIG\startupreg: APSDaemon => "C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe"
MSCONFIG\startupreg: CLMLServer => "C:\Program Files\CyberLink\PowerCinema for TOSHIBA\Kernel\CLML\CLMLSvc.exe"
MSCONFIG\startupreg: Facebook Update => "C:\Users\psimoes\AppData\Local\Facebook\Update\FacebookUpdate.exe" /c /nocrashserver
MSCONFIG\startupreg: GizmoDriveDelegate => "C:\Program Files\Gizmo\gizmo.exe" /RemountStartupImages
MSCONFIG\startupreg: Google Desktop Search => "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
MSCONFIG\startupreg: GrooveMonitor => "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
MSCONFIG\startupreg: iTunesHelper => "C:\Program Files\iTunes\iTunesHelper.exe"
MSCONFIG\startupreg: PCMAgent => "C:\Program Files\CyberLink\PowerCinema for TOSHIBA\PCMAgent.exe"

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [WMP-In-UDP-x86] => (Allow) %ProgramFiles(x86)%\Windows Media Player\wmplayer.exe
FirewallRules: [WMP-Out-UDP-x86] => (Allow) %ProgramFiles(x86)%\Windows Media Player\wmplayer.exe
FirewallRules: [WMP-Out-TCP-x86] => (Allow) %ProgramFiles(x86)%\Windows Media Player\wmplayer.exe
FirewallRules: [{E926E57D-011D-4F63-BCC5-FFCFDC28D091}] => (Allow) %ProgramFiles(x86)%\Windows Media Player\wmplayer.exe
FirewallRules: [{CE504808-152F-4073-8BB9-0F8E7C4D30C6}] => (Allow) %ProgramFiles(x86)%\Windows Media Player\wmplayer.exe
FirewallRules: [{AB3FBA72-52C3-4476-9A38-230DBE05659B}] => (Allow) %ProgramFiles(x86)%\Windows Media Player\wmplayer.exe
FirewallRules: [{4E4E1545-348C-4603-9D75-690DB6DB8EFE}] => (Allow) C:\Program Files\CyberLink\PowerCinema for TOSHIBA\PowerCinema.exe
FirewallRules: [TCP Query User{F4071B34-7CFE-4C17-8437-9596C2C381C9}F:\skype portable\skypeportable\app\skype\phone\skype.exe] => (Allow) F:\skype portable\skypeportable\app\skype\phone\skype.exe
FirewallRules: [UDP Query User{C24E18F8-5581-4198-9A10-66E035373D8D}F:\skype portable\skypeportable\app\skype\phone\skype.exe] => (Allow) F:\skype portable\skypeportable\app\skype\phone\skype.exe
FirewallRules: [{5508EC15-FC59-414B-8296-BE6CEB28AA30}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{053EDA5A-BA5B-43E6-A9CA-47A951F9B941}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{2D3E087C-8E81-4F1B-9559-1DF3121BB6E8}] => (Allow) C:\Program Files\iTunes\iTunes.exe
FirewallRules: [{BC17EFD5-CC08-478F-88B7-00647D78E267}] => (Allow) C:\Program Files\Opera\opera.exe
FirewallRules: [{749477DC-40E0-424C-BF2C-5D11AE5B4F0D}] => (Allow) C:\Program Files\Opera\opera.exe
FirewallRules: [{CE0CD43E-FC3E-4C81-BE78-9ADA48A2EBE7}] => (Allow) LPort=80
FirewallRules: [{DFC70C83-5301-4E07-A711-4F82ADCDB041}] => (Allow) LPort=80
FirewallRules: [{A8F0510A-B6F8-4D99-BB31-973A34F75DC8}] => (Allow) LPort=80
FirewallRules: [{06C8BCEC-FA06-4186-8424-6B4118527424}] => (Allow) C:\Program Files\Windows Live\Contacts\wlcomm.exe
FirewallRules: [{644FAB9F-7CF4-4784-97A7-83EBAA0C4D93}] => (Allow) LPort=2869
FirewallRules: [{EDC55D5F-2A85-447D-9AC6-CBFFA164070A}] => (Allow) LPort=1900
FirewallRules: [{1CED6313-6CFF-400E-9659-877A765C3577}] => (Allow) C:\Program Files\Windows Live\Messenger\msnmsgr.exe
FirewallRules: [{8597E2F7-901E-431F-B328-8B45BBF3ED9B}] => (Allow) C:\Users\psimoes\AppData\Local\Facebook\Video\Skype\FacebookVideoCalling.exe
FirewallRules: [{ED520E14-A907-4B64-BE11-43A136ED8F34}] => (Allow) C:\Program Files\Opera\pluginwrapper\opera_plugin_wrapper.exe
FirewallRules: [{5539EF35-A53F-4D74-85F7-7F9B1980CE2E}] => (Allow) C:\Program Files\Opera\pluginwrapper\opera_plugin_wrapper.exe
FirewallRules: [{E9CE9526-4F2B-4E3C-9AD3-BEE1281232E5}] => (Allow) C:\Program Files\Skype\Phone\Skype.exe
FirewallRules: [PotPlayer(PotPlayerMini.exe)] => (Allow) C:\Program Files\Daum\PotPlayer\PotPlayerMini.exe
FirewallRules: [{0517A223-3585-4C97-8C65-922E353A488A}] => (Allow) C:\Program Files\Daum\PotPlayer\PotPlayerMini.exe
FirewallRules: [{7D2FD514-A4E5-4CC9-B468-F507562E3D6D}] => (Allow) C:\Program Files\Opera\opera.exe
FirewallRules: [{03DDC0C0-C324-4C65-807F-D5ACCAB8C97B}] => (Allow) C:\Program Files\Opera\opera.exe
FirewallRules: [{3BE1ADE1-9FCF-4C6E-B2C3-B9CDC8CF02C1}] => (Allow) C:\Program Files\Common Files\Apple\Apple Application Support\WebKit2WebProcess.exe
FirewallRules: [{10DC4ED3-16BD-4AD4-A0C9-A217494AADD6}] => (Allow) C:\Program Files\Belkin\Router Setup and Monitor\BelkinSetup.exe
FirewallRules: [{A50038B0-7B94-4AEF-90BB-920797496DE5}] => (Allow) C:\Program Files\Belkin\Router Setup and Monitor\BelkinSetup.exe
FirewallRules: [{0C879E00-0487-46AE-AA4A-55CC42C8B88F}] => (Allow) C:\Program Files\Belkin\Router Setup and Monitor\BelkinSetup.exe
FirewallRules: [{E592995F-5041-4BE4-98AD-FD51147C132D}] => (Allow) C:\Program Files\Belkin\Router Setup and Monitor\BelkinSetup.exe
FirewallRules: [{99CAAAC5-6302-481A-8ADD-8F14FE4F07BD}] => (Allow) C:\Program Files\Belkin\Router Setup and Monitor\BelkinSetup.exe
FirewallRules: [{DDEFB12B-09E9-40CC-A6AB-B0D4BD757C77}] => (Allow) C:\Program Files\Belkin\Belkin USB Print and Storage Center\Connect.exe
FirewallRules: [{CB24E490-CDFA-41FF-8A07-29998C85F70A}] => (Allow) LPort=19540
FirewallRules: [{9F5B6F3B-419F-4F3A-A35D-0D9DEE60E0A5}] => (Allow) C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
FirewallRules: [{BB7189C2-1967-4289-9AE7-08BF8A54A0EE}] => (Allow) C:\Users\psimoes\AppData\Roaming\mjusbsp\magicJack.exe
FirewallRules: [{F22DB67E-0353-4D2A-A88A-15C75CB30662}] => (Allow) C:\Users\psimoes\AppData\Roaming\mjusbsp\magicJack.exe
FirewallRules: [WinCollab-Out-UDP] => (Allow) %ProgramFiles%\Windows Collaboration\WinCollab.exe
FirewallRules: [WinCollab-In-UDP] => (Allow) %ProgramFiles%\Windows Collaboration\WinCollab.exe
FirewallRules: [WinCollab-Out-TCP] => (Allow) %ProgramFiles%\Windows Collaboration\WinCollab.exe
FirewallRules: [WinCollab-In-TCP] => (Allow) %ProgramFiles%\Windows Collaboration\WinCollab.exe
FirewallRules: [WinCollab-DFSR-Out-TCP] => (Allow) %SystemRoot%\system32\dfsr.exe
FirewallRules: [WinCollab-DFSR-In-TCP] => (Allow) %SystemRoot%\system32\dfsr.exe
FirewallRules: [WMPNSS-WMP-Out-TCP-x86] => (Allow) %ProgramFiles(x86)%\Windows Media Player\wmplayer.exe
FirewallRules: [WMPNSS-WMP-Out-UDP-x86] => (Allow) %ProgramFiles(x86)%\Windows Media Player\wmplayer.exe
FirewallRules: [WMPNSS-WMP-In-UDP-x86] => (Allow) %ProgramFiles(x86)%\Windows Media Player\wmplayer.exe
FirewallRules: [WMPNSS-WMP-Out-TCP-NoScope-x86] => (Allow) %ProgramFiles(x86)%\Windows Media Player\wmplayer.exe
FirewallRules: [WMPNSS-WMP-Out-UDP-NoScope-x86] => (Allow) %ProgramFiles(x86)%\Windows Media Player\wmplayer.exe
FirewallRules: [WMPNSS-WMP-In-UDP-NoScope-x86] => (Allow) %ProgramFiles(x86)%\Windows Media Player\wmplayer.exe
FirewallRules: [{7B0956BD-F3D2-483D-B46D-8A8571258DC6}] => (Allow) LPort=80
FirewallRules: [{8AB470CC-8166-471A-8F5F-8CF24CBF9CE7}] => (Allow) LPort=80
FirewallRules: [{E72885C9-C635-4DBF-9775-C607C77F0F91}] => (Allow) LPort=80
FirewallRules: [{8DDDFC3C-8BDF-4BBA-9891-3A893B64887F}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe
FirewallRules: [{1E25327B-000E-445D-A5AE-51F32002A261}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe
FirewallRules: [{9347CC66-D564-4AC1-B23C-48C894338A7C}] => (Allow) C:\Program Files\Google\Chrome\Application\chrome.exe
FirewallRules: [{87104172-30C3-4748-9242-7ADDEF38D8DA}] => (Allow) C:\Program Files\pandasecuritytb\ToolbarCleaner.exe
FirewallRules: [{4CBEC3BA-E216-4C97-B61B-D0483BE0C229}] => (Allow) C:\Program Files\pandasecuritytb\ToolbarCleaner.exe
StandardProfile\AuthorizedApplications: [C:\TOSHIBA\ivp\NetInt\Netint.exe] => Enabled:NIE - Toshiba Software Upgrades Engine
StandardProfile\AuthorizedApplications: [C:\TOSHIBA\Ivp\ISM\pinger.exe] => Enabled:Toshiba Software Upgrades Pinger

==================== Restore Points =========================

28-09-2016 17:42:56 ComboFix created restore point
21-10-2016 12:45:21 Revo Uninstaller's restore point - Avast Free Antivirus
21-10-2016 13:44:37 Device Driver Package Install: Panda Security, S.L. Network Service

==================== Faulty Device Manager Devices =============

Name: Intel(R) Wireless WiFi Link 4965AGN
Description: Intel(R) Wireless WiFi Link 4965AGN
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Intel Corporation
Service: NETw4v32
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.

Name:
Description:
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.


==================== Event log errors: =========================

Application errors:
==================
Error: (11/15/2016 09:46:55 AM) (Source: EventSystem) (EventID: 4609) (User: )
Description: The COM+ Event System detected a bad return code during its internal processing. HRESULT was 8007043c from line 45 of d:\longhorn\com\complus\src\events\tier1\eventsystemobj.cpp. Please contact Microsoft Product Support Services to report this error.

Error: (11/14/2016 04:25:40 PM) (Source: System Restore) (EventID: 8193) (User: )
Description: Failed to create restore point on volume (Process = C:\Windows\System32\wbem\WmiPrvSE.exe; Descripton = zoek.exe restore point; Hr = 0x8007043c).

Error: (11/14/2016 04:16:28 PM) (Source: EventSystem) (EventID: 4609) (User: )
Description: The COM+ Event System detected a bad return code during its internal processing. HRESULT was 8007043c from line 45 of d:\longhorn\com\complus\src\events\tier1\eventsystemobj.cpp. Please contact Microsoft Product Support Services to report this error.

Error: (11/14/2016 12:19:37 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application esetonlinescanner_enu.exe, version 2.0.12.0, time stamp 0x57ac3e59, faulting module esetonlinescanner_enu.exe, version 2.0.12.0, time stamp 0x57ac3e59, exception code 0xc0000005, fault offset 0x001b50f3,
process id 0x1710, application start time 0x01d23e2c85df4f3c.

Error: (11/13/2016 11:02:19 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application PCloudCleaner.exe, version 1.4.0.162, time stamp 0x00000000, faulting module kernel32.dll, version 6.0.6002.19623, time stamp 0x56ec36ff, exception code 0x0eedfade, fault offset 0x0003fdb6,
process id 0xa14, application start time 0x01d23e28c8b9dc2c.

Error: (11/13/2016 08:36:36 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 9298

Error: (11/13/2016 08:36:36 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 9298

Error: (11/13/2016 08:36:36 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (11/13/2016 08:36:34 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 7176

Error: (11/13/2016 08:36:34 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 7176


System errors:
=============
Error: (11/15/2016 03:48:21 PM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: The following boot-start or system-start driver(s) failed to load:
Cdr4_xp
tljkva
wayuia

Error: (11/15/2016 03:41:45 PM) (Source: DCOM) (EventID: 10010) (User: )
Description: The server {E10F6C3A-F1AE-4ADC-AA9D-2FE65525666E} did not register with DCOM within the required timeout.

Error: (11/15/2016 10:04:58 AM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: The following boot-start or system-start driver(s) failed to load:
Cdr4_xp
tljkva
wayuia

Error: (11/15/2016 09:59:03 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Panda Protection Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 0 milliseconds: Restart the service.

Error: (11/15/2016 09:59:03 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Panda Product Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 0 milliseconds: Restart the service.

Error: (11/15/2016 09:47:11 AM) (Source: DCOM) (EventID: 10005) (User: )
Description: DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server:
{9E175B6D-F52A-11D8-B9A5-505054503030}

Error: (11/15/2016 09:46:58 AM) (Source: DCOM) (EventID: 10005) (User: )
Description: DCOM got error "1068" attempting to start the service fdPHost with arguments "" in order to run the server:
{145B4335-FE2A-4927-A040-7C35AD3180EF}

Error: (11/15/2016 09:46:55 AM) (Source: DCOM) (EventID: 10005) (User: )
Description: DCOM got error "1084" attempting to start the service EventSystem with arguments "" in order to run the server:
{1BE1F766-5536-11D1-B726-00C04FB926AF}

Error: (11/15/2016 09:46:46 AM) (Source: DCOM) (EventID: 10005) (User: )
Description: DCOM got error "1084" attempting to start the service ShellHWDetection with arguments "" in order to run the server:
{DD522ACC-F821-461A-A407-50B198B896DC}

Error: (11/15/2016 09:46:03 AM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: The following boot-start or system-start driver(s) failed to load:
Cdr4_xp
GizmoDrv
NNSALPC
NNSHTTP
NNSHTTPS
NNSIDS
NNSPICC
NNSPIHSW
NNSPOP3
NNSPROT
NNSPRV
NNSSMTP
NNSSTRM
NNSTLSC
OADevice
oahlpXX
PSINKNC
spldr
tljkva
Wanarpv6
wayuia


CodeIntegrity:
===================================
Date: 2016-11-15 17:34:52.710
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system.

Date: 2016-11-15 17:34:52.165
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system.

Date: 2016-11-15 17:34:51.616
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system.

Date: 2016-11-15 17:34:51.045
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system.

Date: 2016-11-15 17:34:50.274
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\mbamchameleon.sys because the set of per-page image hashes could not be found on the system.

Date: 2016-11-15 17:34:49.727
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\mbamchameleon.sys because the set of per-page image hashes could not be found on the system.

Date: 2016-11-15 17:34:49.182
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\mbamchameleon.sys because the set of per-page image hashes could not be found on the system.

Date: 2016-11-15 17:34:48.631
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\mbamchameleon.sys because the set of per-page image hashes could not be found on the system.

Date: 2016-11-15 17:34:22.930
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\PSINReg.sys because the set of per-page image hashes could not be found on the system.

Date: 2016-11-15 17:34:22.388
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\PSINReg.sys because the set of per-page image hashes could not be found on the system.


==================== Memory info ===========================

Processor: Intel(R) Core(TM)2 Duo CPU T5550 @ 1.83GHz
Percentage of memory in use: 54%
Total physical RAM: 3069.21 MB
Available physical RAM: 1384.29 MB
Total Virtual: 6342.66 MB
Available Virtual: 4655.18 MB

==================== Drives ================================

Drive c: (SQ004710V01) (Fixed) (Total:184.85 GB) (Free:15.24 GB) NTFS ==>[drive with boot components (obtained from BCD)]
Drive d: () (Fixed) (Total:186.31 GB) (Free:92.98 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 186.3 GB) (Disk ID: 9C9CF735)
Partition 1: (Not Active) - (Size=800 MB) - (Type=27)
Partition 2: (Active) - (Size=184.8 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=698 MB) - (Type=OF Extended)

========================================================
Disk: 1 (Size: 186.3 GB) (Disk ID: 33D68AE6)
Partition 1: (Not Active) - (Size=186.3 GB) - (Type=07 NTFS)

==================== End of Addition.txt ============================

 

[Malnutrition]

Looking, give me about 30 mins...

 

[Malnutrition]

Go ahead and free up some space with Privazer while you wait, windows performs best when there is at least 15% free space. You have 15 gigs free of 184, 15% is around 30 gigs.