Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

FREEZING!


  • This topic is locked This topic is locked
121 replies to this topic

#1 Harris1965

Harris1965

  • Members
  • 82 posts
  • OFFLINE
  •  
  • Local time:02:39 AM

Posted 13 August 2014 - 06:47 PM

Second time trying. EVERYTHING keeps freezing including this web page! Unable to complete most anti-virus programs. Outlook freezing. HELP!

 

THX



BC AdBot (Login to Remove)

 


#2 Harris1965

Harris1965
  • Topic Starter

  • Members
  • 82 posts
  • OFFLINE
  •  
  • Local time:02:39 AM

Posted 13 August 2014 - 06:54 PM

Here's the dds!

DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 11.0.9600.17207 BrowserJavaVersion: 10.45.2
Run by Gershman Family at 19:16:44 on 2014-08-13
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.8191.5819 [GMT -4:00]
.
AV: Microsoft Security Essentials *Enabled/Updated* {108DAC43-C256-20B7-BB05-914135DA5160}
SP: Microsoft Security Essentials *Enabled/Updated* {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
C:\Windows\system32\svchost.exe -k RPCSS
C:\PROGRAM FILES\MICROSOFT SECURITY CLIENT\MSMPENG.EXE
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k netsvcs
C:\Program Files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe
C:\Windows\system32\atieclxx.exe
C:\PROGRAM FILES\NVIDIA CORPORATION\DISPLAY\NVXDSYNC.EXE
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\PROGRAM FILES\AVAST SOFTWARE\AVAST\AVASTSVC.EXE
C:\Windows\system32\kwmain.exe
C:\Windows\system32\Dwm.exe
C:\WINDOWS\SYSTEM32\TASKENG.EXE
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\SYSTEM32\SPOOLSV.EXE
C:\Windows\system32\rundll32.exe
C:\WINDOWS\SYSTEM32\TASKHOST.EXE
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\PROGRAM FILES\SUPERANTISPYWARE\SASCORE64.EXE
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files (x86)\Amazon\Amazon Games & Software Downloader\AmazonGSDownloaderService.exe
C:\Program Files (x86)\Hewlett-Packard\HP Odometer\hpsysdrv.exe
C:\PROGRAM FILES (X86)\SPYWARE TERMINATOR\SPYWARETERMINATORSHIELD.EXE
C:\Program Files\Microsoft Security Client\msseces.exe
C:\Program Files\ATI Technologies\ATI.ACE\Reservation Manager\AMD Reservation Manager.exe
C:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\PROGRAM FILES (X86)\SPYWARE TERMINATOR\SPYWARETERMINATORUPDATE.EXE
C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\PROGRAM FILES\NVIDIA CORPORATION\DISPLAY\NVTRAY.EXE
C:\PROGRAM FILES\AVAST SOFTWARE\AVAST\AVASTUI.EXE
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files (x86)\CinemaNow\CinemaNow Media Manager\CinemanowSvc.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\PROGRAM FILES (X86)\NVIDIA CORPORATION\UPDATE CORE\NVBACKEND.EXE
c:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
C:\Program Files (x86)\Motorola\MotoHelper\MotoHelperService.exe
C:\Windows\System32\svchost.exe -k HPZ12
C:\Program Files (x86)\Motorola\MotoHelper\MotoHelperAgent.exe
C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
C:\PROGRAM FILES (X86)\PDF COMPLETE\PDFSVC.EXE
C:\Windows\System32\svchost.exe -k HPZ12
C:\Windows\system32\PnkBstrA.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
c:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe
C:\PROGRAM FILES\IOMEGA\QUIKPROTECT\QpMonitor.exe
C:\PROGRAM FILES (X86)\MICROSOFT\BINGBAR\SEAPORT.EXE
C:\PROGRAM FILES\NVIDIA CORPORATION\NVSTREAMSRV\NVSTREAMSVC.EXE
C:\Program Files (x86)\Spyware Terminator\st_rsser64.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\PROGRAM FILES (X86)\TEAMVIEWER\VERSION9\TEAMVIEWER_SERVICE.EXE
C:\PROGRAM FILES\COMMON FILES\MICROSOFT SHARED\WINDOWS LIVE\WLIDSVC.EXE
C:\PROGRAM FILES (X86)\YAHOO!\SOFTWAREUPDATE\YAHOOAUSERVICE.EXE
C:\PROGRAM FILES\COMMON FILES\MICROSOFT SHARED\WINDOWS LIVE\WLIDSVCM.EXE
C:\WINDOWS\SYSTEM32\WBEM\UNSECAPP.EXE
C:\WINDOWS\SYSTEM32\WBEM\WMIPRVSE.EXE
C:\PROGRAM FILES\MICROSOFT SECURITY CLIENT\NISSRV.EXE
C:\WINDOWS\SYSTEM32\SEARCHINDEXER.EXE
C:\WINDOWS\SYSTEM32\ALG.EXE
C:\WINDOWS\SYSTEM32\WUDFHOST.EXE
C:\PROGRAM FILES\WINDOWS MEDIA PLAYER\WMPNETWK.EXE
C:\PROGRAM FILES (X86)\MICROSOFT OFFICE\OFFICE14\OUTLOOK.EXE
C:\WINDOWS\SYSTEM32\TASKMGR.EXE
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\PROGRAM FILES\COMMON FILES\MICROSOFT SHARED\OFFICESOFTWAREPROTECTIONPLATFORM\OSPPSVC.EXE
C:\WINDOWS\SYSWOW64\SEARCHPROTOCOLHOST.EXE
C:\PROGRAM FILES (X86)\HEWLETT-PACKARD\HP SUPPORT FRAMEWORK\HPSA_SERVICE.EXE
C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE
C:\Windows\system32\svchost.exe -k HPService
C:\PROGRAM FILES (X86)\INTERNET EXPLORER\IEXPLORE.EXE
C:\PROGRAM FILES (X86)\GOOGLE\GOOGLE TOOLBAR\GOOGLETOOLBARUSER_32.EXE
C:\PROGRAM FILES (X86)\COMMON FILES\INTUIT\UPDATE SERVICE\INTUITUPDATESERVICE.EXE
C:\PROGRAM FILES (X86)\COMMON FILES\INTUIT\UPDATE SERVICE V4\INTUITUPDATESERVICE.EXE
C:\WINDOWS\SYSTEM32\TASKENG.EXE
C:\WINDOWS\SYSTEM32\SEARCHFILTERHOST.EXE
C:\PROGRAM FILES (X86)\INTERNET EXPLORER\IEXPLORE.EXE
C:\WINDOWS\SYSTEM32\SEARCHPROTOCOLHOST.EXE
C:\WINDOWS\SYSTEM32\CSCRIPT.EXE
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.cnn.com/
uProxyOverride = 192.168.*.*;*.local;<local>
uSearchAssistant = hxxp://www.google.com
dURLSearchHooks: {81017EA9-9AA8-4A6A-9734-7AF40E7D593F} - <orphaned>
BHO: My Personal Homepage: {0538CF1C-8419-4800-ADBB-0C00C799FDA2} - C:\Users\Gershman Family\AppData\Roaming\Genieo\Application\IEPlugins\bin\IEWrapper.dll
BHO: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
BHO: avast! Online Security: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Evernote extension: {92EF2EAD-A7CE-4424-B0DB-499CF856608E} - C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll
BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL
BHO: WOT Helper: {C920E44A-7F78-4E64-BDD7-A57026E7FEB7} - C:\Program Files (x86)\WOT\WOT.dll
BHO: Bing Bar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} -
BHO: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
BHO: HP Network Check Helper: {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll
TB: WOT: {71576546-354D-41C9-AAE8-31F2EC22BF0D} - C:\Program Files (x86)\WOT\WOT.dll
TB: Google Toolbar: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
TB: Bing Bar: {8dcb7100-df86-4384-8842-8fa844297b3f} -
TB: WOT: {71576546-354D-41c9-AAE8-31F2EC22BF0D} - C:\Program Files (x86)\WOT\WOT.dll
TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
uRun: [AdobeBridge] <no file>
mRun: [AvastUI.exe] "C:\Program Files\AVAST Software\Avast\AvastUI.exe" /nogui
uPolicies-Explorer: NoDriveTypeAutoRun = dword:145
mPolicies-Explorer: NoActiveDesktop = dword:1
mPolicies-System: ConsentPromptBehaviorAdmin = dword:0
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
mPolicies-System: PromptOnSecureDesktop = dword:0
mPolicies-System: EnableLUA = dword:0
IE: Add to Google Photos Screensa&ver - C:\Windows\System32\GPhotos.scr/200
IE: Clip image - C:\Program Files (x86)\Evernote\Evernote\EvernoteIERes\Clip.html?clipAction=4
IE: Clip selection - C:\Program Files (x86)\Evernote\Evernote\EvernoteIERes\Clip.html?clipAction=3
IE: Clip this page - C:\Program Files (x86)\Evernote\Evernote\EvernoteIERes\Clip.html?clipAction=1
IE: Clip URL - C:\Program Files (x86)\Evernote\Evernote\EvernoteIERes\Clip.html?clipAction=0
IE: New note - C:\Program Files (x86)\Evernote\Evernote\EvernoteIERes\NewNote.html
IE: {A95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\Program Files (x86)\Evernote\Evernote\\EvernoteIERes\AddNote.html
Trusted Zone: clonewarsadventures.com
Trusted Zone: freerealms.com
Trusted Zone: soe.com
Trusted Zone: sony.com
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab
DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} - hxxp://dlm.tools.akamai.com/dlmanager/versions/activex/dlm-activex-2.2.5.7.cab
DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab
TCP: Interfaces\{0A04D516-9AB4-4AA2-8B21-93B4AD435054} : DHCPNameServer = 167.206.10.178 167.206.10.179 192.168.1.1
TCP: Interfaces\{21A9A9D1-4455-43F6-8731-7055789C187B} : DHCPNameServer = 167.206.251.129 167.206.251.130 192.168.1.1
TCP: Interfaces\{21A9A9D1-4455-43F6-8731-7055789C187B}\34963736F66373333363 : DHCPNameServer = 192.168.1.1
TCP: Interfaces\{21A9A9D1-4455-43F6-8731-7055789C187B}\745627B696E6 : DHCPNameServer = 192.168.1.1
TCP: Interfaces\{21A9A9D1-4455-43F6-8731-7055789C187B}\745627B696E6D27657563747 : DHCPNameServer = 192.168.33.1
TCP: Interfaces\{21A9A9D1-4455-43F6-8731-7055789C187B}\7496675602573702F657270266C616D696E676F6563702261636B6 : DHCPNameServer = 192.168.43.1
TCP: Interfaces\{BE900E0F-E99E-4209-9D6F-8E95916CFCB2} : DHCPNameServer = 167.206.251.130 167.206.251.129
Filter: application/x-ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
Filter: application/x-ica2 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
Filter: application/x-ica; charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
Filter: application/x-ica; charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
Filter: application/x-ica; charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
Filter: application/x-ica; charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
Filter: application/x-ica; charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
Filter: application/x-ica; charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
Filter: application/x-ica; charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
Filter: application/x-ica;charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
Filter: application/x-ica;charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
Filter: application/x-ica;charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
Filter: application/x-ica;charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
Filter: application/x-ica;charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
Filter: application/x-ica;charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
Filter: application/x-ica;charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
Filter: ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
Handler: belarc - {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - C:\Program Files (x86)\Belarc\Advisor\System\BAVoilaX.dll
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
Handler: wot - {C2A44D6B-CB9F-4663-88A6-DF2F26E4D952} - C:\Program Files (x86)\WOT\WOT.dll
SSODL: WebCheck - <orphaned>
LSA: Notification Packages = scecli ickgw32i
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\36.0.1985.125\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
x64-BHO: avast! Online Security: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll
x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
x64-BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll
x64-BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL
x64-BHO: HP Network Check Helper: {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPluginx64.dll
x64-TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll
x64-Run: [hpsysdrv] c:\program files (x86)\hewlett-packard\HP odometer\hpsysdrv.exe
x64-Run: [SpywareTerminatorShield] C:\Program Files (x86)\Spyware Terminator\SpywareTerminatorShield.exe
x64-Run: [MSC] "C:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey
x64-Run: [IntelliType Pro] "C:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe"
x64-Run: [drkly16j] rundll32.exe drkly16j.dll,ServiceCheck
x64-Run: [SpywareTerminatorUpdater] C:\Program Files (x86)\Spyware Terminator\SpywareTerminatorUpdate.exe
x64-IE: {A95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\Program Files (x86)\Evernote\Evernote\EvernoteIERes\AddNote.html
x64-Filter: application/x-ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - <orphaned>
x64-Filter: application/x-ica2 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - <orphaned>
x64-Filter: application/x-ica; charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - <orphaned>
x64-Filter: application/x-ica; charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - <orphaned>
x64-Filter: application/x-ica; charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - <orphaned>
x64-Filter: application/x-ica; charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - <orphaned>
x64-Filter: application/x-ica; charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - <orphaned>
x64-Filter: application/x-ica; charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - <orphaned>
x64-Filter: application/x-ica; charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - <orphaned>
x64-Filter: application/x-ica;charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - <orphaned>
x64-Filter: application/x-ica;charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - <orphaned>
x64-Filter: application/x-ica;charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - <orphaned>
x64-Filter: application/x-ica;charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - <orphaned>
x64-Filter: application/x-ica;charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - <orphaned>
x64-Filter: application/x-ica;charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - <orphaned>
x64-Filter: application/x-ica;charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - <orphaned>
x64-Filter: ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - <orphaned>
x64-Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
x64-Handler: belarc - {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - <orphaned>
x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned>
x64-Handler: wot - {C2A44D6B-CB9F-4663-88A6-DF2F26E4D952} - <orphaned>
x64-SSODL: WebCheck - <orphaned>
Hosts: 127.0.8.1 activate.adobe.com
============= SERVICES / DRIVERS ===============
.
R0 aswRvrt;avast! Revert;C:\Windows\System32\drivers\aswRvrt.sys [2013-7-4 65776]
R0 aswVmm;avast! VM Monitor;C:\Windows\System32\drivers\aswVmm.sys [2013-7-4 224896]
R0 bitadcab;bitadcab;C:\Windows\System32\drivers\bitadcab.sys [2009-7-13 65816]
R0 gfibto;gfibto;C:\Windows\System32\drivers\gfibto.sys [2013-2-3 14456]
R0 MpFilter;Microsoft Malware Protection Driver;C:\Windows\System32\drivers\MpFilter.sys [2013-6-18 247216]
R1 A2DDA;A2 Direct Disk Access Support Driver;C:\EEK\Run\a2ddax64.sys [2014-7-3 26176]
R1 aswSnx;aswSnx;C:\Windows\System32\drivers\aswSnx.sys [2013-7-4 1041168]
R1 aswSP;aswSP;C:\Windows\System32\drivers\aswsp.sys [2013-7-4 427360]
R1 ctxusbm;Citrix USB Monitor Driver;C:\Windows\System32\drivers\ctxusbm.sys [2013-9-24 97768]
R1 SASDIFSV;SASDIFSV;C:\Program Files\SUPERAntiSpyware\sasdifsv64.sys [2011-7-22 14928]
R1 SASKUTIL;SASKUTIL;C:\Program Files\SUPERAntiSpyware\saskutil64.sys [2011-7-12 12368]
R2 !SASCORE;SAS Core Service;C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE [2011-7-18 140672]
R2 Amazon Download Agent;Amazon Download Agent;C:\Program Files (x86)\Amazon\Amazon Games & Software Downloader\AmazonGSDownloaderService.exe [2011-1-17 401920]
R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\System32\atiesrxx.exe [2010-9-8 204288]
R2 AMD Reservation Manager;AMD Reservation Manager;C:\Program Files\ATI Technologies\ATI.ACE\Reservation Manager\AMD Reservation Manager.exe [2010-6-17 194496]
R2 aswHwid;avast! HardwareID;C:\Windows\System32\drivers\aswHwid.sys [2014-8-11 29208]
R2 aswMonFlt;aswMonFlt;C:\Windows\System32\drivers\aswMonFlt.sys [2013-7-4 79184]
R2 aswStm;aswStm;C:\Windows\System32\drivers\aswStm.sys [2014-8-11 92008]
R2 avast! Antivirus;avast! Antivirus;C:\Program Files\AVAST Software\Avast\AvastSvc.exe [2014-8-11 50344]
R2 CinemaNow Service;CinemaNow Service;C:\Program Files (x86)\CinemaNow\CinemaNow Media Manager\CinemaNowSvc.exe [2010-6-12 400368]
R2 HP Support Assistant Service;HP Support Assistant Service;C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe [2013-11-4 92160]
R2 IntuitUpdateServiceV4;Intuit Update Service v4;C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe [2013-6-28 14624]
R2 MotoHelper;MotoHelper Service;C:\Program Files (x86)\Motorola\MotoHelper\MotoHelperService.exe [2011-12-6 214896]
R2 NisDrv;Microsoft Network Inspection System;C:\Windows\System32\drivers\NisDrvWFP.sys [2010-10-24 139616]
R2 NvNetworkService;NVIDIA Network Service;C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [2013-12-2 1494304]
R2 NvStreamSvc;NVIDIA Streamer Service;C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [2013-10-5 15129376]
R2 pdfcDispatcher;PDF Document Manager;C:\Program Files (x86)\PDF Complete\pdfsvc.exe [2010-9-8 635416]
R2 QPCopyEngine;QPCopyEngine;C:\Program Files\Iomega\QuikProtect\QpMonitor.exe [2010-6-24 394544]
R2 sp_rsdrv2;Spyware Terminator Driver Filter;C:\Windows\System32\drivers\stflt.sys [2011-12-29 51496]
R2 ST2012_Svc;Spyware Terminator 2012 Realtime Shield Service;C:\Program Files (x86)\Spyware Terminator\st_rsser64.exe [2011-12-29 1148632]
R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2013-12-19 411936]
R2 TeamViewer9;TeamViewer 9;C:\Program Files (x86)\TeamViewer\Version9\TeamViewer_Service.exe [2013-12-28 5024576]
R2 UMVPFSrv;UMVPFSrv;C:\Program Files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe [2012-1-18 450848]
R3 athur;Atheros AR9271 Wireless Network Adapter Service;C:\Windows\System32\drivers\athurx.sys [2010-1-5 1847296]
R3 EuMusDesignVirtualAudioCableWdm;Virtual Audio Cable (WDM);C:\Windows\System32\drivers\vrtaucbl.sys [2012-11-17 101376]
R3 LVRS64;Logitech RightSound Filter Driver;C:\Windows\System32\drivers\lvrs64.sys [2012-1-18 351136]
R3 LVUVC64;Logitech HD Webcam C270(UVC);C:\Windows\System32\drivers\lvuvc64.sys [2012-1-18 4865568]
R3 ManyCam;ManyCam Virtual Webcam;C:\Windows\System32\drivers\mcvidrv_x64.sys [2012-1-11 34304]
R3 mcaudrv_simple;ManyCam Virtual Microphone;C:\Windows\System32\drivers\mcaudrv_x64.sys [2012-2-22 28160]
R3 NisSrv;Microsoft Network Inspection;C:\Program Files\Microsoft Security Client\NisSrv.exe [2013-6-20 366600]
R3 nvvad_WaveExtensible;NVIDIA Virtual Audio Device (Wave Extensible) (WDM);C:\Windows\System32\drivers\nvvad64v.sys [2013-12-18 39200]
R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\System32\drivers\Rt64win7.sys [2010-9-8 346144]
R3 ScreamBAudioSvc;ScreamBee Audio;C:\Windows\System32\drivers\ScreamingBAudio64.sys [2010-7-1 38992]
R3 tap0901t;TAP-Win32 Adapter V9 (Tunngle);C:\Windows\System32\drivers\tap0901t.sys [2011-11-12 31232]
R3 usbfilter;AMD USB Filter Driver;C:\Windows\System32\drivers\usbfilter.sys [2010-9-8 38456]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2013-8-13 105144]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2013-8-13 124088]
S2 Hamachi2Svc;LogMeIn Hamachi Tunneling Engine;C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe [2014-7-21 2544976]
S3 amdiox64;AMD IO Driver;C:\Windows\System32\drivers\amdiox64.sys [2011-4-22 46136]
S3 BBSvc;Bing Bar Update Service;C:\Program Files (x86)\Microsoft\BingBar\BBSvc.EXE [2011-2-28 183560]
S3 BEService;BattlEye Service;C:\Program Files (x86)\Common Files\BattlEye\BEService.exe [2014-2-13 49152]
S3 BTCFilterService;USB Networking Driver Filter Service;C:\Windows\System32\drivers\motfilt.sys [2009-1-29 6144]
S3 cleanhlp;cleanhlp;C:\EEK\Run\cleanhlp64.sys [2014-7-3 57032]
S3 dg_ssudbus;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.);C:\Windows\System32\drivers\ssudbus.sys [2014-1-22 108800]
S3 GamesAppService;GamesAppService;C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe [2010-10-12 206072]
S3 IEEtwCollectorService;Internet Explorer ETW Collector Service;C:\Windows\System32\ieetwcollector.exe [2014-8-10 111616]
S3 InternetConnectionService;InternetConnectionService;C:\Windows\System32\KWCAPTUR.EXE --> C:\Windows\System32\KWCAPTUR.EXE [?]
S3 motccgp;Motorola USB Composite Device Driver;C:\Windows\System32\drivers\motccgp.sys [2011-4-4 21504]
S3 motccgpfl;MotCcgpFlService;C:\Windows\System32\drivers\motccgpfl.sys [2009-1-29 9216]
S3 Motousbnet;Motorola USB Networking Driver Service;C:\Windows\System32\drivers\Motousbnet.sys [2010-4-1 26624]
S3 motusbdevice;Motorola USB Dev Driver;C:\Windows\System32\drivers\motusbdevice.sys [2011-11-8 11776]
S3 netr28x;Ralink 802.11n Extensible Wireless Driver;C:\Windows\System32\drivers\netr28x.sys [2010-7-21 1002848]
S3 OverwolfUpdater;Overwolf Updater Windows SCM;C:\Program Files (x86)\Overwolf\OverwolfUpdater.exe [2014-8-6 977184]
S3 QsFsFltr;QsFsFltr;C:\Windows\System32\drivers\QsFsFltr.sys [2010-6-24 22584]
S3 SaiH075C;SaiH075C;C:\Windows\System32\drivers\SaiH075C.sys [2007-5-1 171144]
S3 ssudmdm;SAMSUNG Mobile USB Modem Drivers (DEVGURU Ver.);C:\Windows\System32\drivers\ssudmdm.sys [2014-1-22 206080]
S3 SwitchBoard;Adobe SwitchBoard;C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-2-19 517096]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2011-6-23 59392]
S3 TunngleService;TunngleService;C:\Program Files (x86)\Tunngle\TnglCtrl.exe [2011-11-12 736104]
S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\System32\drivers\usbaapl64.sys [2012-12-13 54784]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2010-12-2 1255736]
S3 WinRing0_1_2_0;WinRing0_1_2_0;C:\Program Files (x86)\Razer\Razer Game Booster\Driver\WinRing0x64.sys [2012-11-13 14544]
.
=============== Created Last 30 ================
.
2014-08-13 18:34:26 -------- d-----w- C:\Program Files\Reimage
2014-08-13 18:34:16 -------- d-----w- C:\rei
2014-08-13 18:24:57 -------- d-----w- C:\Windows\ERUNT
2014-08-12 23:54:47 1031560 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{D17DC7F2-3CCF-427A-85E8-90DCC2C2BE48}\gapaengine.dll
2014-08-12 23:54:21 10924376 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{CC282551-4EC7-45FB-BE8B-DEF3F97669DB}\mpengine.dll
2014-08-12 23:45:11 -------- d-----w- C:\Users\Gershman Family\AppData\Roaming\AVAST Software
2014-08-12 02:27:54 92008 ----a-w- C:\Windows\System32\drivers\aswStm.sys
2014-08-12 02:27:44 29208 ----a-w- C:\Windows\System32\drivers\aswHwid.sys
2014-08-12 02:27:20 43152 ----a-w- C:\Windows\avastSS.scr
2014-08-12 02:00:19 -------- d-sh--w- C:\Users\Gershman Family\AppData\Local\EmieUserList
2014-08-12 02:00:19 -------- d-sh--w- C:\Users\Gershman Family\AppData\Local\EmieSiteList
2014-08-11 19:12:43 10924376 ------w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2014-08-10 21:47:59 977408 ----a-w- C:\Program Files\Common Files\Microsoft Shared\VGX\VGX.dll
2014-08-10 21:45:56 878080 ----a-w- C:\Windows\System32\advapi32.dll
2014-08-10 21:44:39 497152 ----a-w- C:\Windows\System32\drivers\afd.sys
2014-08-10 21:44:39 327168 ----a-w- C:\Windows\System32\mswsock.dll
2014-08-10 21:44:39 231424 ----a-w- C:\Windows\SysWow64\mswsock.dll
2014-08-10 21:44:39 1903552 ----a-w- C:\Windows\System32\drivers\tcpip.sys
2014-08-10 16:53:10 -------- d-----w- C:\Program Files (x86)\LogMeIn Hamachi
.
==================== Find3M ====================
.
2014-08-12 02:27:24 224896 ----a-w- C:\Windows\System32\drivers\aswVmm.sys
2014-08-12 02:27:23 79184 ----a-w- C:\Windows\System32\drivers\aswMonFlt.sys
2014-08-12 02:27:23 65776 ----a-w- C:\Windows\System32\drivers\aswRvrt.sys
2014-08-12 02:27:23 1041168 ----a-w- C:\Windows\System32\drivers\aswSnx.sys
2014-08-12 02:27:22 93568 ----a-w- C:\Windows\System32\drivers\aswRdr2.sys
2014-08-10 21:47:59 247808 ----a-w- C:\Windows\System32\msls31.dll
2014-08-10 21:45:56 859648 ----a-w- C:\Windows\System32\tdh.dll
2014-07-09 09:23:16 71344 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2014-07-09 09:23:16 699056 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
2014-06-29 01:38:24 122584 ----a-w- C:\Windows\System32\drivers\48230029.sys
2014-06-19 18:55:30 280856 ----a-w- C:\Windows\SysWow64\PnkBstrB.xtr
2014-06-19 18:55:30 280856 ----a-w- C:\Windows\SysWow64\PnkBstrB.exe
2014-06-11 02:15:32 280792 ----a-w- C:\Windows\SysWow64\PnkBstrB.ex0
2014-05-29 19:42:39 76888 ----a-w- C:\Windows\System32\PnkBstrA.exe
2014-05-29 07:40:15 75136 ----a-w- C:\Windows\SysWow64\PnkBstrA.exe
2010-03-06 12:36:24 2012912 ----a-w- C:\Program Files\SUPERANTISPYWARE.EXE
.
============= FINISH: 19:19:00.53 ===============

Attached Files

  • Attached File  dds.txt   27.24KB   5 downloads

Edited by Oh My!, 31 August 2014 - 06:24 PM.
Log posted


#3 HelpBot

HelpBot

    Bleepin' Binary Bot


  • Bots
  • 12,628 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:02:39 AM

Posted 18 August 2014 - 06:50 PM

Hello and welcome to Bleeping Computer!

I am HelpBot: an automated program designed to help the Bleeping Computer Staff better assist you! This message contains very important information, so please read through all of it before doing anything.

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

To help Bleeping Computer better assist you please perform the following steps:

***************************************************

step1.gif In order to continue receiving help at BleepingComputer.com, YOU MUST tell me if you still need help or if your issue has already been resolved on your own or through another resource! To tell me this, please click on the following link and follow the instructions there.

CLICK THIS LINK >>> http://www.bleepingcomputer.com/logreply/544339 <<< CLICK THIS LINK



If you no longer need help, then all you needed to do was the previous instructions of telling me so. You can skip the rest of this post. If you do need help please continue with Step 2 below.

***************************************************

step2.gifIf you still need help, I would like you to post a Reply to this topic (click the "Add Reply" button in the lower right hand of this page). In that reply, please include the following information:

  • If you have not done so already, include a clear description of the problems you're having, along with any steps you may have performed so far.
  • A new DDS log. For your convenience, you will find the instructions for generating these logs repeated at the bottom of this post.
    • Please do this even if you have previously posted logs for us.
    • If you were unable to produce the logs originally please try once more.
    • If you are unable to create a log please provide detailed information about your installed Windows Operating System including the Version, Edition and if it is a 32bit or a 64bit system.
    • If you are unsure about any of these characteristics just post what you can and we will guide you.
  • Please tell us if you have your original Windows CD/DVD available.
  • Upon completing the above steps and posting a reply, another staff member will review your topic and do their best to resolve your issues.

Thank you for your patience, and again sorry for the delay.

***************************************************

We need to see some information about what is happening in your machine. Please perform the following scan again:

  • Download DDS by sUBs from the following link if you no longer have it available and save it to your destop.

    DDS.com Download Link
  • Double click on the DDS icon, allow it to run.
  • A small box will open, with an explanation about the tool. No input is needed, the scan is running.
  • Notepad will open with the results.
  • Follow the instructions that pop up for posting the results.
  • Close the program window, and delete the program from your desktop.
Please note: You may have to disable any script protection running if the scan fails to run. After downloading the tool, disconnect from the internet and disable all antivirus protection. Run the scan, enable your A/V and reconnect to the internet.

Information on A/V control can be found HERE.

As I am just a silly little program running on the BleepingComputer.com servers, please do not send me private messages as I do not know how to read and reply to them! Thanks!

#4 HelpBot

HelpBot

    Bleepin' Binary Bot


  • Bots
  • 12,628 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:02:39 AM

Posted 23 August 2014 - 06:55 PM

Hello again!

I haven't heard from you in 5 days. Therefore, I am going to assume that you no longer need our help, and close this topic.

If you do still need help, please send a Private Message to any Moderator within the next five days. Be sure to include a link to your topic in your Private Message.

Thank you for using Bleeping Computer, and have a great day!

 

Topic Re-opened at request of OP.


Edited by Platypus, 31 August 2014 - 08:32 AM.


#5 Harris1965

Harris1965
  • Topic Starter

  • Members
  • 82 posts
  • OFFLINE
  •  
  • Local time:02:39 AM

Posted 31 August 2014 - 05:03 PM

Yup...back to square one...constant freezing of all programs on all drives! Got some relief two weeks ago when, after I cleared out 27 threats, my son found one lone virus on his external gaming drive via Windows Defender (?) but now we are again stuck in the mud.

 

I believe no CD came with factory installed Windows on this STAPLES/HP PC.

 

Thx.



#6 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 36,617 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:11:39 PM

Posted 31 August 2014 - 06:26 PM

Greetings Harris1965 and :welcome: to BleepingComputer's Virus/Trojan/Spyware/Malware Removal forum.

My name is Oh My! and I am here to help you! Now that we are "friends" please call me Gary.

If you would allow me to call you by your first name I would prefer to do that. :thumbup2:

===================================================

Ground Rules:
  • First, I would like to inform you that most of us here at Bleeping Computer offer our expert assistance out of the goodness of our hearts. Please try to match our commitment to you with your patience toward us. If this was easy we would never have met. :)
  • Please do not run any tools or take any steps other than those I will provide for you while we work on your computer together. I need to be certain about the state of your computer in order to provide appropriate and effective steps for you to take. Most often "well intentioned" (and usually panic driven!) independent efforts can make things much worse for both of us. If at any point you would prefer to take your own steps please let me know, I will not be offended. I would be happy to focus on the many others who are waiting in line for assistance.
  • Please perform all steps in the order they are listed in each set of instructions. Some steps may be a bit complicated. If things are not clear, be sure to stop and let me know. We need to work on this together with confidence.
  • Please copy and paste all logs into your post unless directed otherwise. Please do not re-run any programs I suggest. If you encounter problems simply stop and tell me.
  • When you post your reply, use the Replytopic.jpg button instead.
  • In the upper right hand corner of the topic you will see the Followtopic.jpg button. Click on this then choose Immediate E-Mail notification and then Proceed and you will be sent an email once I have posted a response.
  • If you do not reply to your topic after 5 days we assume it has been abandoned and I will close it.
  • When your computer is clean I will alert you of such. I will also provide for you detailed information about how you can combat future infections.
  • I would like to remind you to make no further changes to your computer unless I direct you to do so.
  • Now let's get started :thumbup2:
===================================================

Now that I am assisting you, you can expect that I will be very responsive to your situation. If you are able, I would request you check this thread at least once per day so that we can try to resolve your issues effectively and efficiently. If you are going to be delayed please be considerate and post that information so that I know you are still with me. Unfortunately, there are many people waiting to be assisted and not enough of us at BleepingComputer to go around. I appreciate your understanding and diligence.

Thank you for your patience thus far. While I review our situation please attempt to run the below for me.

===================================================

Farbar Recovery Scan Tool (FRST)

--------------------
  • Download Farbar Recover Scan Tool for either 32 bit or 64 bit systems and save it to your desktop <<< Important
  • If you are unsure if you have 32 bit or 64 bit simply download and try one. If that doesn't run properly the other one should
  • Double click the icon
  • Click Yes to the disclaimer
  • Make sure the Addition.txt box is checked
  • Click Scan and allow the program to run
  • Click OK on the Scan complete screen, then OK on the Addition.txt pop up screen
  • 2 Notepad documents should now be open on your desktop.
  • Please copy and paste the contents of both in your reply
===================================================

System Summary Information

--------------------
  • Press the windows key Windows_Logo_key.gif + r on your keyboard at the same time
  • Type msinfo32 and press Enter
  • Left click on System Summary
  • Click File, Save, and name the file Summary
  • Zip and attach the file to your reply
===================================================

Things I would like to see in your next reply. Please be sure to copy and paste any requested log information unless you are asked to attach it. :thumbsup2:
  • FRST results
  • Addition log
  • System Summary Information

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#7 Harris1965

Harris1965
  • Topic Starter

  • Members
  • 82 posts
  • OFFLINE
  •  
  • Local time:02:39 AM

Posted 31 August 2014 - 07:55 PM

FRST Log:
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 31-08-2014 02
Ran by Gershman Family (administrator) on MONGO-II on 31-08-2014 20:43:14
Running from C:\Users\GERSHMAN FAMILY\DOWNLOADS
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: English (United States)
Internet Explorer Version 11
Boot Mode: Normal

The only official download link for FRST:
Download link for 32-Bit version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/
Download link for 64-Bit Version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/
Download link from any site other than Bleeping Computer is unpermitted or outdated.
See tutorial for FRST: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(AMD) C:\Windows\System32\atiesrxx.exe
(Logitech Inc.) C:\Program Files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe
(AMD) C:\Windows\System32\atieclxx.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(Computer Business Solutions, Inc.) C:\Windows\System32\kwmain.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Hewlett-Packard) C:\Program Files (x86)\Hewlett-Packard\HP Odometer\hpsysdrv.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Crawler.com) C:\Program Files (x86)\Spyware Terminator\SpywareTerminatorShield.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(Microsoft Corporation) C:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe
(Crawler.com) C:\Program Files (x86)\Spyware Terminator\SpywareTerminatorUpdate.exe
(Google Inc.) C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
(SUPERAntiSpyware.com) C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE
(Amazon.com) C:\Program Files (x86)\Amazon\Amazon Games & Software Downloader\AmazonGSDownloaderService.exe
(Advanced Micro Devices) C:\Program Files\ATI Technologies\ATI.ACE\Reservation Manager\AMD Reservation Manager.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\avastui.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(CinemaNow, Inc.) C:\Program Files (x86)\CinemaNow\CinemaNow Media Manager\CinemaNowSvc.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
() C:\Program Files (x86)\Motorola\MotoHelper\MotoHelperService.exe
(Microsoft Corporation) C:\Windows\System32\msiexec.exe
() C:\Program Files (x86)\Motorola\MotoHelper\MotoHelperAgent.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(PDF Complete Inc) C:\Program Files (x86)\PDF Complete\pdfsvc.exe
() C:\Windows\System32\PnkBstrA.exe
(Protexis Inc.) C:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
() C:\Program Files\Iomega\QuikProtect\QpMonitor.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE
(Crawler.com) C:\Program Files (x86)\Spyware Terminator\st_rsser64.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version9\TeamViewer_Service.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Yahoo! Inc.) C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Microsoft Corporation) C:\Windows\System32\alg.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\NisSrv.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\Office14\OUTLOOK.EXE
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\ShadowPlay\nvspcaps64.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
(Microsoft Corporation) C:\Windows\SysWOW64\SearchProtocolHost.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe
(Intuit Inc.) C:\Program Files (x86)\Common Files\Intuit\Update Service\IntuitUpdateService.exe
(Intuit Inc.) C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Google Inc.) C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbarUser_32.exe

==================== Registry (Whitelisted) ==================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [hpsysdrv] => c:\program files (x86)\hewlett-packard\HP odometer\hpsysdrv.exe [62768 2008-11-20] (Hewlett-Packard)
HKLM\...\Run: [SpywareTerminatorShield] => C:\Program Files (x86)\Spyware Terminator\SpywareTerminatorShield.exe [2777296 2012-09-07] (Crawler.com)
HKLM\...\Run: [MSC] => C:\Program Files\Microsoft Security Client\msseces.exe [1356240 2013-06-20] (Microsoft Corporation)
HKLM\...\Run: [IntelliType Pro] => C:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe [1464944 2012-11-02] (Microsoft Corporation)
HKLM\...\Run: [drkly16j] => rundll32.exe drkly16j.dll,ServiceCheck
HKLM\...\Run: [SpywareTerminatorUpdater] => C:\Program Files (x86)\Spyware Terminator\SpywareTerminatorUpdate.exe [3684488 2013-04-03] (Crawler.com)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [4085896 2014-08-13] (AVAST Software)
HKLM\...\Policies\Explorer: [NoSetActiveDesktop] 0
HKU\S-1-5-21-2625895798-646920419-2108830663-1001\...\Run: [AdobeBridge] => [X]
HKU\S-1-5-21-2625895798-646920419-2108830663-1001\...\Run: [swg] => C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [39408 2010-12-04] (Google Inc.)
HKU\S-1-5-21-2625895798-646920419-2108830663-1001\...\Policies\system: [LogonHoursAction] 2
HKU\S-1-5-21-2625895798-646920419-2108830663-1001\...\Policies\system: [DontDisplayLogonHoursWarnings] 1
HKU\S-1-5-21-2625895798-646920419-2108830663-1001\...\MountPoints2: {084f504b-5adb-11e3-aca7-d48564bbaac0} - T:\VZW_Software_upgrade_assistant.exe
HKU\S-1-5-21-2625895798-646920419-2108830663-1001\...\MountPoints2: {23b8c2a5-ae7f-11e0-afb8-d48564bbaac0} - T:\TL-Bootstrap.exe
HKU\S-1-5-21-2625895798-646920419-2108830663-1001\...\MountPoints2: {38fd5281-3b34-11e2-9082-d48564bbaac0} - P:\VZW_Software_upgrade_assistant_installer.exe
HKU\S-1-5-21-2625895798-646920419-2108830663-1001\...\MountPoints2: {4fd5cdbc-2915-11e2-b46b-d48564bbaac0} - T:\setup.exe -a
HKU\S-1-5-21-2625895798-646920419-2108830663-1001\...\MountPoints2: {5d5b6767-c65f-11e2-b7ba-d48564bbaac0} - T:\VZW_Software_upgrade_assistant.exe
HKU\S-1-5-21-2625895798-646920419-2108830663-1001\...\MountPoints2: {75ac0e23-c421-11e1-8df9-d48564bbaac0} - I:\Autorun.exe
HKU\S-1-5-21-2625895798-646920419-2108830663-1001\...\MountPoints2: {9a017e3b-ea10-11e0-b2ac-d48564bbaac0} - M:\setup.exe -a
HKU\S-1-5-21-2625895798-646920419-2108830663-1001\...\MountPoints2: {a9e3a2b1-3127-11e3-a1c0-d48564bbaac0} - T:\VZW_Software_upgrade_assistant.exe
Lsa: [Notification Packages] scecli ickgw32i
Startup: C:\Users\Ben\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Rainmeter - Shortcut.lnk
ShortcutTarget: Rainmeter - Shortcut.lnk -> C:\Program Files\Rainmeter\Rainmeter.exe ()
ShellIconOverlayIdentifiers: 00avast -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll (AVAST Software)
ShellIconOverlayIdentifiers: DropboxExt1 -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Gershman Family\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: DropboxExt2 -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Gershman Family\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: DropboxExt3 -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Gershman Family\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: DropboxExt4 -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Gershman Family\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: DropboxExt1 -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Gershman Family\AppData\Roaming\Dropbox\bin\DropboxExt.22.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: DropboxExt2 -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Gershman Family\AppData\Roaming\Dropbox\bin\DropboxExt.22.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: DropboxExt3 -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Gershman Family\AppData\Roaming\Dropbox\bin\DropboxExt.22.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: DropboxExt4 -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Gershman Family\AppData\Roaming\Dropbox\bin\DropboxExt.22.dll (Dropbox, Inc.)

==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.cnn.com/
SearchScopes: HKLM - DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM - {2473503D-FB8E-493D-A6A1-150AE96499BC} URL = http://search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPDTDF
SearchScopes: HKLM - {BC29273D-26E1-4A54-944F-9E02E8FBBE73} URL = http://www.ask.com/web?q={searchterms}&l=dis&o=ushpd
SearchScopes: HKLM - {CDA7E37D-89A7-4417-8089-B21DD14C2659} URL = http://en.wikipedia.org/wiki/Special:Search?search={searchTerms}
SearchScopes: HKLM-x32 - DefaultScope value is missing.
SearchScopes: HKLM-x32 - {2473503D-FB8E-493D-A6A1-150AE96499BC} URL = http://search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPDTDF
SearchScopes: HKLM-x32 - {BC29273D-26E1-4A54-944F-9E02E8FBBE73} URL = http://www.ask.com/web?q={searchterms}&l=dis&o=ushpd
SearchScopes: HKLM-x32 - {CDA7E37D-89A7-4417-8089-B21DD14C2659} URL = http://en.wikipedia.org/wiki/Special:Search?search={searchTerms}
SearchScopes: HKCU - {2473503D-FB8E-493D-A6A1-150AE96499BC} URL = http://search.yahoo.com/search?p={searchterms}&ei=UTF-8&fr=w3i&type=W3i_DS,136,0_0,Search,20110520,6901,0,8,0
SearchScopes: HKCU - {4145C98D-1B41-41ED-9A66-927823FF48E4} URL = http://safesearch.MyActionAlert.com/IESearch?q={searchTerms}
SearchScopes: HKCU - {69C5F084-6650-4F1B-A44E-D0BBC45058D1} URL =
SearchScopes: HKCU - {BC29273D-26E1-4A54-944F-9E02E8FBBE73} URL = http://www.ask.com/web?q={searchterms}&l=dis&o=ushpd
SearchScopes: HKCU - {BF5CDBD7-EC78-41F8-A1B1-01829572104D} URL = http://us.yhs4.search.yahoo.com/yhs/search?hspart=w3i&hsimp=yhs-geneiotransfer&type=W3i_IA,206,0_0,StartPage,20120102,18570,0,0,6434&p={searchTerms}
SearchScopes: HKCU - {CDA7E37D-89A7-4417-8089-B21DD14C2659} URL = http://en.wikipedia.org/wiki/Special:Search?search={searchTerms}
SearchScopes: HKCU - {CFADB50D-DB8B-4D2A-B2FB-6E211DF1A64C} URL = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT3306058&CUI=UN45187040189002728&UM=2
SearchScopes: HKCU - {F98A05CE-C49B-426B-93FD-9F4C7E98AE73} URL = http://websearch.ask.com/redirect?client=ie&tb=ORJ&o=&src=kw&q={searchTerms}&locale=&apn_ptnrs=&apn_dtid=OSJ000&apn_uid=E3B27746-068D-47C5-ACCF-044A69FC468A&apn_sauid=6FE1F33E-02F2-4231-8548-45BC010A5F24&
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPluginx64.dll (Hewlett-Packard)
BHO-x32: My Personal Homepage -> {0538CF1C-8419-4800-ADBB-0C00C799FDA2} -> C:\Users\Gershman Family\AppData\Roaming\Genieo\Application\IEPlugins\bin\IEWrapper.dll ()
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Evernote extension -> {92EF2EAD-A7CE-4424-B0DB-499CF856608E} -> C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll (Evernote Corp., 305 Walnut Street, Redwood City, CA 94063)
BHO-x32: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: WOT Helper -> {C920E44A-7F78-4E64-BDD7-A57026E7FEB7} -> C:\Program Files (x86)\WOT\WOT.dll ()
BHO-x32: Bing Bar Helper -> {d2ce3e00-f94a-4740-988e-03dc2f38c34f} -> C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll (Hewlett-Packard)
Toolbar: HKLM - No Name - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - No File
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
Toolbar: HKLM-x32 - Bing Bar - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
Toolbar: HKLM-x32 - WOT - {71576546-354D-41c9-AAE8-31F2EC22BF0D} - C:\Program Files (x86)\WOT\WOT.dll ()
Toolbar: HKLM-x32 - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
Toolbar: HKCU - No Name - {71576546-354D-41C9-AAE8-31F2EC22BF0D} - No File
Toolbar: HKCU - Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
DPF: HKLM-x32 {17492023-C23A-453E-A040-C7C580BBF700} http://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab
DPF: HKLM-x32 {4871A87A-BFDD-4106-8153-FFDE2BAC2967} http://dlm.tools.akamai.com/dlmanager/versions/activex/dlm-activex-2.2.5.7.cab
DPF: HKLM-x32 {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab
Handler: belarc - {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - No File
Handler: wot - {C2A44D6B-CB9F-4663-88A6-DF2F26E4D952} - No File
Handler-x32: belarc - {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - C:\Program Files (x86)\Belarc\Advisor\System\BAVoilaX.dll (Belarc, Inc.)
Handler-x32: wot - {C2A44D6B-CB9F-4663-88A6-DF2F26E4D952} - C:\Program Files (x86)\WOT\WOT.dll ()
Filter: application/x-ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - No File
Filter: application/x-ica2 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - No File
Filter: application/x-ica; charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - No File
Filter: application/x-ica; charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - No File
Filter: application/x-ica; charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - No File
Filter: application/x-ica; charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - No File
Filter: application/x-ica; charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - No File
Filter: application/x-ica; charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - No File
Filter: application/x-ica; charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - No File
Filter: application/x-ica;charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - No File
Filter: application/x-ica;charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - No File
Filter: application/x-ica;charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - No File
Filter: application/x-ica;charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - No File
Filter: application/x-ica;charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - No File
Filter: application/x-ica;charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - No File
Filter: application/x-ica;charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - No File
Filter: ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - No File
Filter-x32: application/x-ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: application/x-ica2 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Hosts: 127.0.8.1 activate.adobe.com

FireFox:
========
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_14_0_0_145.dll ()
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~3\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_14_0_0_145.dll ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @Citrix.com/npican -> C:\Program Files (x86)\Citrix\ICA Client\npicaN.dll (Citrix Systems, Inc.)
FF Plugin-x32: @esn.me/esnsonar,version=0.70.0 -> C:\Program Files (x86)\Battlelog Web Plugins\Sonar\0.70.0\npesnsonar.dll No File
FF Plugin-x32: @esn.me/esnsonar,version=0.70.4 -> C:\Program Files (x86)\Battlelog Web Plugins\Sonar\0.70.4\npesnsonar.dll No File
FF Plugin-x32: @esn/esnlaunch,version=0.80.0 -> C:\Program Files (x86)\Battlelog Web Plugins\0.80.0\npesnlaunch.dll No File
FF Plugin-x32: @esn/npbattlelog,version=2.4.0 -> C:\Program Files (x86)\Battlelog Web Plugins\2.4.0\npbattlelog.dll (EA Digital Illusions CE AB)
FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin-x32: @google.com/npPicasa3,version=3.0.0 -> C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF Plugin-x32: @java.com/DTPlugin,version=10.45.2 -> C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.45.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @WildTangent.com/GamesAppPresenceDetector,Version=1.0 -> C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\3\NP_wtapp.dll ()
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: @hulu.com/Hulu Desktop -> C:\Users\Gershman Family\AppData\Local\HuluDesktop\instances\0.9.14.1\nphdplg.dll (Hulu LLC)
FF Plugin HKCU: @Skype Limited.com/Facebook Video Calling Plugin -> C:\Users\Gershman Family\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll No File
FF Plugin HKCU: @talk.google.com/GoogleTalkPlugin -> C:\Users\Gershman Family\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll (Google)
FF Plugin HKCU: @talk.google.com/O1DPlugin -> C:\Users\Gershman Family\AppData\Roaming\Mozilla\plugins\npo1d.dll (Google)
FF Plugin HKCU: @tools.google.com/Google Update;version=3 -> C:\Users\Gershman Family\AppData\Local\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKCU: @tools.google.com/Google Update;version=9 -> C:\Users\Gershman Family\AppData\Local\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKCU: ubisoft.com/uplaypc -> C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\npuplaypc.dll ()
FF Plugin ProgramFiles/Appdata: C:\Users\Gershman Family\AppData\Roaming\mozilla\plugins\cgpcfg.dll (Citrix Systems, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Users\Gershman Family\AppData\Roaming\mozilla\plugins\CgpCore.dll (Citrix Systems, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Users\Gershman Family\AppData\Roaming\mozilla\plugins\confmgr.dll ()
FF Plugin ProgramFiles/Appdata: C:\Users\Gershman Family\AppData\Roaming\mozilla\plugins\ctxlogging.dll ()
FF Plugin ProgramFiles/Appdata: C:\Users\Gershman Family\AppData\Roaming\mozilla\plugins\ctxmui.dll (Citrix Systems, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Users\Gershman Family\AppData\Roaming\mozilla\plugins\icafile.dll (Citrix Systems, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Users\Gershman Family\AppData\Roaming\mozilla\plugins\icalogon.dll (Citrix Systems, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Users\Gershman Family\AppData\Roaming\mozilla\plugins\msvcm80.dll (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Users\Gershman Family\AppData\Roaming\mozilla\plugins\msvcp80.dll (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Users\Gershman Family\AppData\Roaming\mozilla\plugins\msvcr80.dll (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Users\Gershman Family\AppData\Roaming\mozilla\plugins\npgoogletalk.dll (Google)
FF Plugin ProgramFiles/Appdata: C:\Users\Gershman Family\AppData\Roaming\mozilla\plugins\npicaN.dll ()
FF Plugin ProgramFiles/Appdata: C:\Users\Gershman Family\AppData\Roaming\mozilla\plugins\npo1d.dll (Google)
FF Plugin ProgramFiles/Appdata: C:\Users\Gershman Family\AppData\Roaming\mozilla\plugins\sslsdk_b.dll (Citrix Systems, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Users\Gershman Family\AppData\Roaming\mozilla\plugins\TcpPServ.dll (Citrix Systems, Inc.)
FF HKLM-x32\...\Firefox\Extensions: [{3252b9ae-c69a-4eaf-9502-dc9c1f6c009e}] - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DMExtension
FF Extension: Default Manager - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DMExtension [2011-01-19]
FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: avast! Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2013-07-04]

Chrome:
=======
CHR HomePage: Default -> hxxp://www.cnn.com/
CHR StartupUrls: Default -> "hxxp://www.cnn.com/", "www.bcsdny.org"
CHR DefaultSearchKeyword: Default -> 24EA97800A3A3C7C53409EAA393E0733EF51AFBE7A39E64847CE50FC48320973
CHR DefaultSearchURL: Default -> AA7B65EB32AA7865553CF94505E78DEA14A8590AAE768249248990A211F7E384
CHR Profile: C:\Users\Gershman Family\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Drive) - C:\Users\Gershman Family\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2013-08-20]
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\Gershman Family\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-05-26]
CHR Extension: (YouTube) - C:\Users\Gershman Family\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2013-08-20]
CHR Extension: (Adblock Plus) - C:\Users\Gershman Family\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2013-08-20]
CHR Extension: (Google Search) - C:\Users\Gershman Family\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2013-08-20]
CHR Extension: (Canvas Rider (browser extension)) - C:\Users\Gershman Family\AppData\Local\Google\Chrome\User Data\Default\Extensions\ebopbobaiphmoclojaeoenommfefljll [2013-08-20]
CHR Extension: (Pastebin.com) - C:\Users\Gershman Family\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghipmampnddcpdlppkkamoankmkmcbmh [2013-08-20]
CHR Extension: (Offline Exif Reader) - C:\Users\Gershman Family\AppData\Local\Google\Chrome\User Data\Default\Extensions\gnaldeojnjeeefpabehlpijbadheebag [2013-08-20]
CHR Extension: (avast! Online Security) - C:\Users\Gershman Family\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki [2014-08-31]
CHR Extension: (Don't Starve) - C:\Users\Gershman Family\AppData\Local\Google\Chrome\User Data\Default\Extensions\hiledapehlkhdehbhppgmekfalnlfajc [2013-08-20]
CHR Extension: (Troll Emoticons) - C:\Users\Gershman Family\AppData\Local\Google\Chrome\User Data\Default\Extensions\hndllphbhpadfpoikpaofkkkpkpnmjik [2013-08-20]
CHR Extension: (MetaPicz) - C:\Users\Gershman Family\AppData\Local\Google\Chrome\User Data\Default\Extensions\jakoedcbolapehebgcggfnldpijccmod [2013-08-20]
CHR Extension: (My Personal Homepage) - C:\Users\Gershman Family\AppData\Local\Google\Chrome\User Data\Default\Extensions\mdibpcceojcijhomkdgiffflkgngmapf [2013-08-20]
CHR Extension: (Google Mail Checker) - C:\Users\Gershman Family\AppData\Local\Google\Chrome\User Data\Default\Extensions\mihcahmgecmbnbcchbopgniflfhgnkff [2013-08-20]
CHR Extension: (Google Wallet) - C:\Users\Gershman Family\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-08-21]
CHR Extension: (Redstone Blog) - C:\Users\Gershman Family\AppData\Local\Google\Chrome\User Data\Default\Extensions\pipkobcjnmgncpddckbdijjmhgjabmep [2013-08-20]
CHR Extension: (Gmail) - C:\Users\Gershman Family\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2013-08-20]
CHR Extension: (Canvas Rider) - C:\Users\Gershman Family\AppData\Local\Google\Chrome\User Data\Default\Extensions\poknhlcknimnnbfcombaooklofipaibk [2013-08-20]
CHR Profile: C:\Users\Gershman Family\AppData\Local\Google\Chrome\User Data\Profile 1
CHR Extension: (YouTube) - C:\Users\Gershman Family\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2012-10-04]
CHR Extension: (Google Search) - C:\Users\Gershman Family\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2012-10-04]
CHR Extension: (No Name) - C:\Users\Gershman Family\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\ffekppndigniegkobcngkdmaadbhhonj [2013-08-10]
CHR Extension: (RewardsArcade Suite) - C:\Users\Gershman Family\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\ielefkgbofdpglioecfjcbikholflklb [2012-10-04]
CHR Extension: (My Personal Homepage) - C:\Users\Gershman Family\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\mdibpcceojcijhomkdgiffflkgngmapf [2012-10-04]
CHR Extension: (Gmail) - C:\Users\Gershman Family\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2012-10-04]
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2014-08-11]
CHR HKLM-x32\...\Chrome\Extension: [mdibpcceojcijhomkdgiffflkgngmapf] - C:\Users\Gershman Family\AppData\Roaming\Genieo\Application\chrome_ext\ChromeSensor.crx [2012-02-02]

==================== Services (Whitelisted) =================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
R2 !SASCORE; C:\PROGRAM FILES\SUPERANTISPYWARE\SASCORE64.EXE [172344 2014-08-30] (SUPERAntiSpyware.com)
R2 Amazon Download Agent; C:\Program Files (x86)\Amazon\Amazon Games & Software Downloader\AmazonGSDownloaderService.exe [401920 2009-10-23] (Amazon.com) [File not signed]
R2 AMD Reservation Manager; C:\Program Files\ATI Technologies\ATI.ACE\Reservation Manager\AMD Reservation Manager.exe [194496 2010-06-17] (Advanced Micro Devices)
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [50344 2014-08-11] (AVAST Software)
S3 BEService; C:\Program Files (x86)\Common Files\BattlEye\BEService.exe [448384 2014-08-20] ()
R2 HP Support Assistant Service; C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe [92160 2013-11-04] (Hewlett-Packard Company) [File not signed]
R2 HPSLPSVC; C:\Program Files (x86)\HP\Digital Imaging\bin\HPSLPSVC64.DLL [1039360 2010-10-22] (Hewlett-Packard Co.) [File not signed]
S3 IDriverT; C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [69632 2005-04-04] (Macrovision Corporation) [File not signed]
R2 LightScribeService; c:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe [73728 2010-05-19] (Hewlett-Packard Company) [File not signed]
R2 MotoHelper; C:\Program Files (x86)\Motorola\MotoHelper\MotoHelperService.exe [214896 2011-12-06] ()
R2 MsMpSvc; C:\Program Files\Microsoft Security Client\MsMpEng.exe [23808 2013-06-20] (Microsoft Corporation)
R2 Net Driver HPZ12; C:\WINDOWS\SYSTEM32\HPZinw12.dll [71680 2010-08-06] (Hewlett-Packard) [File not signed]
R3 NisSrv; C:\Program Files\Microsoft Security Client\NisSrv.exe [366600 2013-06-20] (Microsoft Corporation)
R2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1494304 2013-12-09] (NVIDIA Corporation)
R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [15129376 2013-12-09] (NVIDIA Corporation)
S3 OverwolfUpdater; C:\Program Files (x86)\Overwolf\OverwolfUpdater.exe [977184 2014-08-06] (Overwolf LTD)
R2 pdfcDispatcher; C:\Program Files (x86)\PDF Complete\pdfsvc.exe [635416 2009-10-14] (PDF Complete Inc)
R2 Pml Driver HPZ12; C:\WINDOWS\SYSTEM32\HPZipm12.dll [89600 2010-08-06] (Hewlett-Packard) [File not signed]
R2 PnkBstrA; C:\Windows\system32\PnkBstrA.exe [76888 2014-05-29] ()
R2 PnkBstrA; C:\Windows\SysWOW64\PnkBstrA.exe [75136 2014-05-29] ()
R2 QPCopyEngine; C:\PROGRAM FILES\IOMEGA\QUIKPROTECT\QpMonitor.exe [394544 2010-06-24] ()
R2 ST2012_Svc; C:\Program Files (x86)\Spyware Terminator\st_rsser64.exe [1148632 2011-12-23] (Crawler.com)
S3 SwitchBoard; C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated) [File not signed]
S3 TunngleService; C:\Program Files (x86)\Tunngle\TnglCtrl.exe [736104 2012-02-14] (Tunngle.net GmbH) [File not signed]
S3 InternetConnectionService; C:\WINDOWS\SYSTEM32\KWCAPTUR.EXE [X]
S3 Steam Client Service; "C:\Program Files (x86)\Common Files\Steam\SteamService.exe" /RunAsService [X]

==================== Drivers (Whitelisted) ====================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
R1 A2DDA; C:\EEK\RUN\a2ddax64.sys [26176 2013-08-13] (Emsisoft GmbH)
R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [29208 2014-08-11] ()
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [79184 2014-08-11] (AVAST Software)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [93568 2014-08-11] (AVAST Software)
R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65776 2014-08-11] ()
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1041168 2014-08-11] (AVAST Software)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [427360 2014-08-13] (AVAST Software)
R2 aswStm; C:\Windows\system32\drivers\aswStm.sys [92008 2014-08-11] (AVAST Software)
R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [224896 2014-08-11] ()
R0 bitadcab; C:\Windows\System32\DRIVERS\bitadcab.sys [65816 2009-07-13] ()
S3 cleanhlp; C:\EEK\Run\cleanhlp64.sys [57032 2013-08-13] (Emsisoft GmbH)
S3 CpqDfw; C:\Windows\System32\drivers\CpqDfw.sys [27456 2012-05-29] (Windows ® Codename Longhorn DDK provider)
S3 cqcpu; C:\Windows\System32\drivers\cqcpu.sys [24376 2010-04-27] ()
R0 gfibto; C:\Windows\System32\drivers\gfibto.sys [14456 2013-02-03] (GFI Software)
R3 ManyCam; C:\Windows\System32\DRIVERS\mcvidrv_x64.sys [34304 2012-01-11] (ManyCam LLC)
R3 mcaudrv_simple; C:\Windows\System32\drivers\mcaudrv_x64.sys [28160 2012-02-22] (ManyCam LLC)
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [247216 2013-06-18] (Microsoft Corporation)
R2 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [139616 2013-06-18] (Microsoft Corporation)
R3 nvvad_WaveExtensible; C:\Windows\System32\drivers\nvvad64v.sys [39200 2013-12-05] (NVIDIA Corporation)
S3 QsFsFltr; C:\Windows\System32\DRIVERS\QsFsFltr.sys [22584 2010-06-24] (Windows ® Win 7 DDK provider)
S3 RimUsb; C:\Windows\System32\Drivers\RimUsb_AMD64.sys [27520 2007-05-14] (Research In Motion Limited)
S3 SaiH075C; C:\Windows\System32\DRIVERS\SaiH075C.sys [171144 2007-05-01] (Saitek)
S3 SaiMini; C:\Windows\System32\DRIVERS\SaiMini.sys [22792 2010-08-10] (Saitek)
S3 SaiNtBus; C:\Windows\System32\drivers\SaiBus.sys [54016 2006-07-27] (Saitek) [File not signed]
R1 SASDIFSV; C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS [14928 2011-07-22] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
R1 SASKUTIL; C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS [12368 2011-07-12] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
S3 Serial; C:\Windows\system32\DRIVERS\serial.sys [94208 2009-07-13] (Brother Industries Ltd.)
R2 sp_rsdrv2; C:\Windows\System32\DRIVERS\stflt.sys [51496 2011-12-29] (Windows ® Win 7 DDK provider)
R3 tap0901t; C:\Windows\System32\DRIVERS\tap0901t.sys [31232 2009-09-16] (Tunngle.net)
S3 usbbus; C:\Windows\System32\DRIVERS\lgx64bus.sys [17920 2008-11-11] (LG Electronics Inc.)
S3 UsbDiag; C:\Windows\System32\DRIVERS\lgx64diag.sys [27136 2008-11-11] (LG Electronics Inc.)
S3 USBModem; C:\Windows\System32\DRIVERS\lgx64modem.sys [33792 2008-11-11] (LG Electronics Inc.)
S3 WinRing0_1_2_0; C:\Program Files (x86)\Razer\Razer Game Booster\Driver\WinRing0x64.sys [14544 2012-11-13] (OpenLibSys.org)
S0 dskohpop; jobippnp\dskohpop.sys [X]
S0 logugmid; cpyipcab\logugmid.sys [X]
S3 MotDev; system32\DRIVERS\motodrv.sys [X]
S3 TCFilter; system32\drivers\tcfilter.sys [X]

==================== NetSvcs (Whitelisted) ===================
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
==================== One Month Created Files and Folders ========
(If an entry is included in the fixlist, the file\folder will be moved.)
2014-08-31 20:43 - 2014-08-31 20:12 - 05466136 _____ () C:\Users\Gershman Family\Downloads\Summary.nfo
2014-08-31 20:12 - 2014-08-31 20:12 - 05466136 _____ () C:\Users\Gershman Family\Desktop\Summary.nfo
2014-08-31 20:08 - 2014-08-31 20:09 - 00099948 _____ () C:\Users\Gershman Family\Downloads\Addition.txt
2014-08-31 20:05 - 2014-08-31 20:44 - 00039511 _____ () C:\Users\Gershman Family\Downloads\FRST.txt
2014-08-31 20:05 - 2014-08-31 20:43 - 00000000 ____D () C:\FRST
2014-08-31 20:05 - 2014-08-31 20:05 - 02104832 _____ (Farbar) C:\Users\Gershman Family\Downloads\FRST64.exe
2014-08-31 17:55 - 2014-08-31 17:55 - 00028357 _____ () C:\Users\Gershman Family\Desktop\dds.txt
2014-08-31 17:55 - 2014-08-31 17:55 - 00026786 _____ () C:\Users\Gershman Family\Desktop\attach.txt
2014-08-31 17:52 - 2014-08-31 17:52 - 00688992 ____R (Swearware) C:\Users\Gershman Family\Downloads\dds (1).com
2014-08-31 17:49 - 2014-08-31 17:49 - 00000000 ____D () C:\Users\Gershman Family\AppData\Local\Adobe
2014-08-25 21:43 - 2014-08-25 22:06 - 2614162989 _____ () C:\Users\Ben\Downloads\15th Pack v1.5.5.zip
2014-08-23 23:54 - 2014-08-24 00:00 - 567646218 _____ () C:\Users\Ben\Downloads\@USAF.rar
2014-08-23 22:08 - 2014-08-23 22:22 - 1737132308 _____ () C:\Users\Ben\Downloads\15th Recruiting Pack v1.4.zip
2014-08-23 18:37 - 2014-08-23 18:37 - 00000929 _____ () C:\Windows\SysWOW64\collectionCache.bnk
2014-08-21 17:27 - 2014-08-21 17:27 - 16486048 _____ () C:\Users\Ben\Downloads\0.9.2.zip
2014-08-20 22:06 - 2014-08-20 22:06 - 00000221 _____ () C:\Users\Ben\Desktop\Arma 2.url
2014-08-20 22:01 - 2014-08-20 22:01 - 00000222 _____ () C:\Users\Ben\Desktop\Arma 2 Operation Arrowhead Beta (Obsolete).url
2014-08-20 22:01 - 2014-08-20 22:01 - 00000221 _____ () C:\Users\Ben\Desktop\Arma 2 Operation Arrowhead.url
2014-08-20 21:46 - 2014-08-20 21:46 - 00003250 _____ () C:\Windows\System32\Tasks\{E3124202-A696-45A5-95FF-DC682D8BC7CC}
2014-08-20 21:46 - 2014-08-20 21:46 - 00000000 ____D () C:\Users\Ben\Downloads\ARMA2_OA_Build_112555 (2)
2014-08-20 21:45 - 2014-08-20 21:45 - 11178510 _____ () C:\Users\Ben\Downloads\ARMA2_OA_Build_112555 (2).zip
2014-08-18 21:52 - 2014-08-18 21:52 - 00338151 _____ () C:\Users\Ben\Documents\ts3_clientui-win64-1382530211-2014-08-18 21_52_16.627124.dmp
2014-08-18 19:07 - 2014-08-18 19:08 - 21034132 _____ () C:\Users\Ben\Downloads\ad_helos_arma2_v1.5.rar
2014-08-18 17:25 - 2014-08-18 17:25 - 00001488 _____ () C:\Users\Ben\Downloads\fillCrate_v02.zip
2014-08-17 23:23 - 2014-08-29 20:21 - 00000324 _____ () C:\Windows\Tasks\HPCeeScheduleForBen.job
2014-08-17 23:23 - 2014-08-29 16:03 - 00003174 _____ () C:\Windows\System32\Tasks\HPCeeScheduleForBen
2014-08-17 23:18 - 2014-08-17 23:18 - 00000000 __SHD () C:\Users\Ben\AppData\Local\EmieUserList
2014-08-17 23:18 - 2014-08-17 23:18 - 00000000 __SHD () C:\Users\Ben\AppData\Local\EmieSiteList
2014-08-16 22:54 - 2014-08-16 22:55 - 14248784 _____ (SIX Networks) C:\Users\Ben\Downloads\withSIX-Play (1).exe
2014-08-16 17:26 - 2014-08-16 17:26 - 00000000 ____D () C:\Users\Ben\AppData\Roaming\AVAST Software
2014-08-14 19:46 - 2014-08-31 18:47 - 00000372 _____ () C:\Windows\Tasks\HPCeeScheduleForGershman Family.job
2014-08-14 19:46 - 2014-08-31 18:21 - 00003246 _____ () C:\Windows\System32\Tasks\HPCeeScheduleForGershman Family
2014-08-13 19:15 - 2014-08-13 19:16 - 00688992 ____R (Swearware) C:\Users\Gershman Family\Downloads\dds.com
2014-08-13 14:34 - 2014-08-13 14:34 - 00000000 ____D () C:\rei
2014-08-13 14:34 - 2014-08-13 14:34 - 00000000 ____D () C:\Program Files\Reimage
2014-08-13 14:24 - 2014-08-13 14:24 - 00000099 _____ () C:\Windows\Reimage.ini
2014-08-13 14:24 - 2014-08-13 14:24 - 00000000 ____D () C:\Windows\ERUNT
2014-08-12 19:45 - 2014-08-12 19:45 - 00000000 ____D () C:\Users\Gershman Family\AppData\Roaming\AVAST Software
2014-08-11 23:04 - 2014-08-11 23:04 - 00001968 _____ () C:\Users\Public\Desktop\avast! Free Antivirus.lnk
2014-08-11 22:27 - 2014-08-11 22:27 - 00092008 _____ (AVAST Software) C:\Windows\system32\Drivers\aswStm.sys
2014-08-11 22:27 - 2014-08-11 22:27 - 00043152 _____ (AVAST Software) C:\Windows\avastSS.scr
2014-08-11 22:27 - 2014-08-11 22:27 - 00029208 _____ () C:\Windows\system32\Drivers\aswHwid.sys
2014-08-11 22:00 - 2014-08-11 22:00 - 00000000 __SHD () C:\Users\Gershman Family\AppData\Local\EmieUserList
2014-08-11 22:00 - 2014-08-11 22:00 - 00000000 __SHD () C:\Users\Gershman Family\AppData\Local\EmieSiteList
2014-08-10 17:51 - 2013-10-14 18:00 - 00028368 _____ (Microsoft Corporation) C:\Windows\system32\IEUDINIT.EXE
2014-08-10 17:48 - 2014-08-10 17:48 - 17276416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-08-10 17:48 - 2014-08-10 17:48 - 11742208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-08-10 17:48 - 2014-08-10 17:48 - 04254720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-08-10 17:48 - 2014-08-10 17:48 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-08-10 17:48 - 2014-08-10 17:48 - 02179072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-08-10 17:48 - 2014-08-10 17:48 - 01964544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-08-10 17:48 - 2014-08-10 17:48 - 01791488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-08-10 17:48 - 2014-08-10 17:48 - 01139200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-08-10 17:48 - 2014-08-10 17:48 - 01068032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2014-08-10 17:48 - 2014-08-10 17:48 - 00942592 _____ (Microsoft Corporation) C:\Windows\system32\jsIntl.dll
2014-08-10 17:48 - 2014-08-10 17:48 - 00940032 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-08-10 17:48 - 2014-08-10 17:48 - 00704512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2014-08-10 17:48 - 2014-08-10 17:48 - 00645120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsIntl.dll
2014-08-10 17:48 - 2014-08-10 17:48 - 00616104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dat
2014-08-10 17:48 - 2014-08-10 17:48 - 00610304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2014-08-10 17:48 - 2014-08-10 17:48 - 00592896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2014-08-10 17:48 - 2014-08-10 17:48 - 00526336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-08-10 17:48 - 2014-08-10 17:48 - 00455168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2014-08-10 17:48 - 2014-08-10 17:48 - 00442368 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-08-10 17:48 - 2014-08-10 17:48 - 00367616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2014-08-10 17:48 - 2014-08-10 17:48 - 00337408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2014-08-10 17:48 - 2014-08-10 17:48 - 00240824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2014-08-10 17:48 - 2014-08-10 17:48 - 00239616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2014-08-10 17:48 - 2014-08-10 17:48 - 00235008 _____ (Microsoft Corporation) C:\Windows\system32\elshyph.dll
2014-08-10 17:48 - 2014-08-10 17:48 - 00233472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
2014-08-10 17:48 - 2014-08-10 17:48 - 00208384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll
2014-08-10 17:48 - 2014-08-10 17:48 - 00194048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\elshyph.dll
2014-08-10 17:48 - 2014-08-10 17:48 - 00182272 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msls31.dll
2014-08-10 17:48 - 2014-08-10 17:48 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-08-10 17:48 - 2014-08-10 17:48 - 00151552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iexpress.exe
2014-08-10 17:48 - 2014-08-10 17:48 - 00139264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wextract.exe
2014-08-10 17:48 - 2014-08-10 17:48 - 00127488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\occache.dll
2014-08-10 17:48 - 2014-08-10 17:48 - 00116736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iepeers.dll
2014-08-10 17:48 - 2014-08-10 17:48 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-08-10 17:48 - 2014-08-10 17:48 - 00111616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\IEAdvpack.dll
2014-08-10 17:48 - 2014-08-10 17:48 - 00086016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll
2014-08-10 17:48 - 2014-08-10 17:48 - 00083456 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inseng.dll
2014-08-10 17:48 - 2014-08-10 17:48 - 00074240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SetIEInstalledDate.exe
2014-08-10 17:48 - 2014-08-10 17:48 - 00071680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RegisterIEPKEYs.exe
2014-08-10 17:48 - 2014-08-10 17:48 - 00069632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-08-10 17:48 - 2014-08-10 17:48 - 00069120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\icardie.dll
2014-08-10 17:48 - 2014-08-10 17:48 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tdc.ocx
2014-08-10 17:48 - 2014-08-10 17:48 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2014-08-10 17:48 - 2014-08-10 17:48 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-08-10 17:48 - 2014-08-10 17:48 - 00056832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\pngfilt.dll
2014-08-10 17:48 - 2014-08-10 17:48 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2014-08-10 17:48 - 2014-08-10 17:48 - 00048640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmler.dll
2014-08-10 17:48 - 2014-08-10 17:48 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeedsbs.dll
2014-08-10 17:48 - 2014-08-10 17:48 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-08-10 17:48 - 2014-08-10 17:48 - 00036352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\imgutil.dll
2014-08-10 17:48 - 2014-08-10 17:48 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-08-10 17:48 - 2014-08-10 17:48 - 00032256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2014-08-10 17:48 - 2014-08-10 17:48 - 00024576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\licmgr10.dll
2014-08-10 17:48 - 2014-08-10 17:48 - 00013312 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshta.exe
2014-08-10 17:48 - 2014-08-10 17:48 - 00012800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeedssync.exe
2014-08-10 17:47 - 2014-08-10 17:48 - 00086016 _____ (Microsoft Corporation) C:\Windows\system32\RegisterIEPKEYs.exe
2014-08-10 17:47 - 2014-08-10 17:47 - 23464448 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-08-10 17:47 - 2014-08-10 17:47 - 13527040 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-08-10 17:47 - 2014-08-10 17:47 - 05721088 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-08-10 17:47 - 2014-08-10 17:47 - 02768384 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-08-10 17:47 - 2014-08-10 17:47 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-08-10 17:47 - 2014-08-10 17:47 - 02266112 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-08-10 17:47 - 2014-08-10 17:47 - 02040832 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-08-10 17:47 - 2014-08-10 17:47 - 01393664 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-08-10 17:47 - 2014-08-10 17:47 - 01249280 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2014-08-10 17:47 - 2014-08-10 17:47 - 00846336 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-08-10 17:47 - 2014-08-10 17:47 - 00774144 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2014-08-10 17:47 - 2014-08-10 17:47 - 00752640 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-08-10 17:47 - 2014-08-10 17:47 - 00631808 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-08-10 17:47 - 2014-08-10 17:47 - 00616104 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dat
2014-08-10 17:47 - 2014-08-10 17:47 - 00608768 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-08-10 17:47 - 2014-08-10 17:47 - 00598016 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-08-10 17:47 - 2014-08-10 17:47 - 00548352 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-08-10 17:47 - 2014-08-10 17:47 - 00452608 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-08-10 17:47 - 2014-08-10 17:47 - 00413696 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2014-08-10 17:47 - 2014-08-10 17:47 - 00292864 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-08-10 17:47 - 2014-08-10 17:47 - 00266424 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2014-08-10 17:47 - 2014-08-10 17:47 - 00247808 _____ (Microsoft Corporation) C:\Windows\system32\msls31.dll
2014-08-10 17:47 - 2014-08-10 17:47 - 00243200 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll
2014-08-10 17:47 - 2014-08-10 17:47 - 00235520 _____ (Microsoft Corporation) C:\Windows\system32\url.dll
2014-08-10 17:47 - 2014-08-10 17:47 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-08-10 17:47 - 2014-08-10 17:47 - 00167424 _____ (Microsoft Corporation) C:\Windows\system32\iexpress.exe
2014-08-10 17:47 - 2014-08-10 17:47 - 00147968 _____ (Microsoft Corporation) C:\Windows\system32\occache.dll
2014-08-10 17:47 - 2014-08-10 17:47 - 00143872 _____ (Microsoft Corporation) C:\Windows\system32\wextract.exe
2014-08-10 17:47 - 2014-08-10 17:47 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-08-10 17:47 - 2014-08-10 17:47 - 00135680 _____ (Microsoft Corporation) C:\Windows\system32\iepeers.dll
2014-08-10 17:47 - 2014-08-10 17:47 - 00131072 _____ (Microsoft Corporation) C:\Windows\system32\IEAdvpack.dll
2014-08-10 17:47 - 2014-08-10 17:47 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-08-10 17:47 - 2014-08-10 17:47 - 00105984 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll
2014-08-10 17:47 - 2014-08-10 17:47 - 00101376 _____ (Microsoft Corporation) C:\Windows\system32\inseng.dll
2014-08-10 17:47 - 2014-08-10 17:47 - 00090112 _____ (Microsoft Corporation) C:\Windows\system32\SetIEInstalledDate.exe
2014-08-10 17:47 - 2014-08-10 17:47 - 00085504 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-08-10 17:47 - 2014-08-10 17:47 - 00083968 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2014-08-10 17:47 - 2014-08-10 17:47 - 00081408 _____ (Microsoft Corporation) C:\Windows\system32\icardie.dll
2014-08-10 17:47 - 2014-08-10 17:47 - 00077312 _____ (Microsoft Corporation) C:\Windows\system32\tdc.ocx
2014-08-10 17:47 - 2014-08-10 17:47 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-08-10 17:47 - 2014-08-10 17:47 - 00062464 _____ (Microsoft Corporation) C:\Windows\system32\pngfilt.dll
2014-08-10 17:47 - 2014-08-10 17:47 - 00052224 _____ (Microsoft Corporation) C:\Windows\system32\msfeedsbs.dll
2014-08-10 17:47 - 2014-08-10 17:47 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-08-10 17:47 - 2014-08-10 17:47 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\mshtmler.dll
2014-08-10 17:47 - 2014-08-10 17:47 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-08-10 17:47 - 2014-08-10 17:47 - 00048128 _____ (Microsoft Corporation) C:\Windows\system32\imgutil.dll
2014-08-10 17:47 - 2014-08-10 17:47 - 00038400 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2014-08-10 17:47 - 2014-08-10 17:47 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-08-10 17:47 - 2014-08-10 17:47 - 00030208 _____ (Microsoft Corporation) C:\Windows\system32\licmgr10.dll
2014-08-10 17:47 - 2014-08-10 17:47 - 00013824 _____ (Microsoft Corporation) C:\Windows\system32\mshta.exe
2014-08-10 17:47 - 2014-08-10 17:47 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\msfeedssync.exe
2014-08-10 17:47 - 2014-08-10 17:47 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-08-10 17:45 - 2014-08-10 17:45 - 05549504 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2014-08-10 17:45 - 2014-08-10 17:45 - 03969472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2014-08-10 17:45 - 2014-08-10 17:45 - 03914176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2014-08-10 17:45 - 2014-08-10 17:45 - 01732032 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2014-08-10 17:45 - 2014-08-10 17:45 - 01292192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll
2014-08-10 17:45 - 2014-08-10 17:45 - 00878080 _____ (Microsoft Corporation) C:\Windows\system32\advapi32.dll
2014-08-10 17:45 - 2014-08-10 17:45 - 00859648 _____ (Microsoft Corporation) C:\Windows\system32\tdh.dll
2014-08-10 17:45 - 2014-08-10 17:45 - 00640512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\advapi32.dll
2014-08-10 17:45 - 2014-08-10 17:45 - 00619520 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tdh.dll
2014-08-10 17:45 - 2014-08-10 17:45 - 00243712 _____ (Microsoft Corporation) C:\Windows\system32\wow64.dll
2014-08-10 17:45 - 2014-08-10 17:45 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe
2014-08-10 17:45 - 2014-08-10 17:45 - 00014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll
2014-08-10 17:45 - 2014-08-10 17:45 - 00007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe
2014-08-10 17:45 - 2014-08-10 17:45 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll
2014-08-10 17:45 - 2014-08-10 17:45 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe
2014-08-10 17:44 - 2014-08-10 17:44 - 01903552 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tcpip.sys
2014-08-10 17:44 - 2014-08-10 17:44 - 00497152 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\afd.sys
2014-08-10 17:44 - 2014-08-10 17:44 - 00327168 _____ (Microsoft Corporation) C:\Windows\system32\mswsock.dll
2014-08-10 17:44 - 2014-08-10 17:44 - 00231424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mswsock.dll
2014-08-10 17:43 - 2014-08-10 17:51 - 00014462 _____ () C:\Windows\IE11_main.log
2014-08-10 17:39 - 2014-08-10 17:39 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Evernote
2014-08-10 12:53 - 2014-08-10 12:53 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LogMeIn Hamachi
2014-08-10 12:53 - 2014-08-10 12:53 - 00000000 ____D () C:\Program Files (x86)\LogMeIn Hamachi

==================== One Month Modified Files and Folders =======
(If an entry is included in the fixlist, the file\folder will be moved.)
2014-08-31 20:44 - 2014-08-31 20:05 - 00039511 _____ () C:\Users\Gershman Family\Downloads\FRST.txt
2014-08-31 20:43 - 2014-08-31 20:05 - 00000000 ____D () C:\FRST
2014-08-31 20:41 - 2010-09-08 13:09 - 01580509 _____ () C:\Windows\WindowsUpdate.log
2014-08-31 20:37 - 2010-12-01 18:27 - 00000000 ____D () C:\Users\Gershman Family\Documents\Outlook Files
2014-08-31 20:36 - 2013-03-03 12:02 - 00000435 _____ () C:\Windows\system32\Drivers\etc\hosts.ics
2014-08-31 20:35 - 2011-07-14 21:52 - 00000000 ____D () C:\Temp
2014-08-31 20:35 - 2009-07-14 00:51 - 00307243 _____ () C:\Windows\setupact.log
2014-08-31 20:34 - 2012-02-12 23:28 - 00000422 _____ () C:\Windows\Tasks\FreeFileViewerUpdateChecker.job
2014-08-31 20:34 - 2011-12-29 10:55 - 00000000 ____D () C:\ProgramData\Spyware Terminator
2014-08-31 20:34 - 2011-05-11 17:55 - 00000332 ___SH () C:\Windows\Tasks\LEVDFWSI.job
2014-08-31 20:34 - 2010-12-04 00:09 - 00000912 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-08-31 20:33 - 2013-01-05 15:54 - 00000000 ____D () C:\ProgramData\NVIDIA
2014-08-31 20:33 - 2009-07-14 01:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-08-31 20:23 - 2012-04-06 12:28 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-08-31 20:18 - 2011-03-13 20:31 - 00000948 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2625895798-646920419-2108830663-1001UA.job
2014-08-31 20:12 - 2014-08-31 20:43 - 05466136 _____ () C:\Users\Gershman Family\Downloads\Summary.nfo
2014-08-31 20:12 - 2014-08-31 20:12 - 05466136 _____ () C:\Users\Gershman Family\Desktop\Summary.nfo
2014-08-31 20:10 - 2010-12-04 00:09 - 00000916 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-08-31 20:09 - 2014-08-31 20:08 - 00099948 _____ () C:\Users\Gershman Family\Downloads\Addition.txt
2014-08-31 20:09 - 2009-07-14 00:45 - 00015792 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-08-31 20:09 - 2009-07-14 00:45 - 00015792 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-08-31 20:05 - 2014-08-31 20:05 - 02104832 _____ (Farbar) C:\Users\Gershman Family\Downloads\FRST64.exe
2014-08-31 20:00 - 2013-02-09 23:46 - 00000900 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2625895798-646920419-2108830663-1008UA.job
2014-08-31 19:58 - 2013-01-27 02:53 - 00000920 _____ () C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2625895798-646920419-2108830663-1008UA.job
2014-08-31 19:57 - 2013-07-04 11:12 - 00004182 _____ () C:\Windows\System32\Tasks\avast! Emergency Update
2014-08-31 19:50 - 2011-10-16 13:19 - 00000000 ____D () C:\Users\Ben\AppData\Roaming\Spotify
2014-08-31 19:44 - 2011-09-18 15:00 - 00000000 ____D () C:\Users\Ben\AppData\Roaming\TS3Client
2014-08-31 19:28 - 2014-02-18 01:25 - 00000000 ____D () C:\Users\Ben\AppData\Local\Purplizer
2014-08-31 19:27 - 2012-10-25 21:59 - 00000000 ____D () C:\Users\Ben\AppData\Local\Overwolf
2014-08-31 19:20 - 2010-09-08 15:09 - 00835456 _____ () C:\Windows\PFRO.log
2014-08-31 19:12 - 2011-10-01 22:02 - 00000968 _____ () C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2625895798-646920419-2108830663-1001UA.job
2014-08-31 18:47 - 2014-08-14 19:46 - 00000372 _____ () C:\Windows\Tasks\HPCeeScheduleForGershman Family.job
2014-08-31 18:21 - 2014-08-14 19:46 - 00003246 _____ () C:\Windows\System32\Tasks\HPCeeScheduleForGershman Family
2014-08-31 17:55 - 2014-08-31 17:55 - 00028357 _____ () C:\Users\Gershman Family\Desktop\dds.txt
2014-08-31 17:55 - 2014-08-31 17:55 - 00026786 _____ () C:\Users\Gershman Family\Desktop\attach.txt
2014-08-31 17:52 - 2014-08-31 17:52 - 00688992 ____R (Swearware) C:\Users\Gershman Family\Downloads\dds (1).com
2014-08-31 17:49 - 2014-08-31 17:49 - 00000000 ____D () C:\Users\Gershman Family\AppData\Local\Adobe
2014-08-31 17:47 - 2014-06-28 22:09 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-08-31 17:43 - 2010-09-08 13:10 - 00000000 ____D () C:\ProgramData\PDFC
2014-08-30 09:57 - 2011-05-15 09:22 - 00000000 ____D () C:\Program Files\SUPERAntiSpyware
2014-08-30 09:27 - 2011-03-13 20:31 - 00000896 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2625895798-646920419-2108830663-1001Core.job
2014-08-30 09:20 - 2012-04-06 12:28 - 00699568 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-08-30 09:20 - 2012-04-06 12:28 - 00003768 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2014-08-30 09:20 - 2011-05-15 15:40 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-08-29 22:12 - 2011-10-01 22:02 - 00000946 _____ () C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2625895798-646920419-2108830663-1001Core.job
2014-08-29 20:21 - 2014-08-17 23:23 - 00000324 _____ () C:\Windows\Tasks\HPCeeScheduleForBen.job
2014-08-29 16:03 - 2014-08-17 23:23 - 00003174 _____ () C:\Windows\System32\Tasks\HPCeeScheduleForBen
2014-08-29 01:58 - 2013-01-27 02:53 - 00000898 _____ () C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2625895798-646920419-2108830663-1008Core.job
2014-08-29 01:04 - 2012-04-15 17:11 - 00000000 ____D () C:\Users\Ben\AppData\Local\ArmA 2 OA
2014-08-27 03:00 - 2013-02-09 23:46 - 00000848 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2625895798-646920419-2108830663-1008Core.job
2014-08-26 19:46 - 2013-06-21 16:10 - 00000000 ____D () C:\Users\Ben\AppData\Local\Arma 3
2014-08-26 00:37 - 2011-10-16 13:19 - 00000000 ____D () C:\Users\Ben\AppData\Local\Spotify
2014-08-25 22:06 - 2014-08-25 21:43 - 2614162989 _____ () C:\Users\Ben\Downloads\15th Pack v1.5.5.zip
2014-08-25 15:00 - 2013-09-02 09:18 - 00000492 _____ () C:\Windows\Tasks\KWVacuum.job
2014-08-24 00:01 - 2013-10-05 22:33 - 00000000 ____D () C:\ProgramData\Package Cache
2014-08-24 00:00 - 2014-08-23 23:54 - 567646218 _____ () C:\Users\Ben\Downloads\@USAF.rar
2014-08-23 22:22 - 2014-08-23 22:08 - 1737132308 _____ () C:\Users\Ben\Downloads\15th Recruiting Pack v1.4.zip
2014-08-23 18:37 - 2014-08-23 18:37 - 00000929 _____ () C:\Windows\SysWOW64\collectionCache.bnk
2014-08-21 22:46 - 2010-11-30 22:35 - 00631481 _____ () C:\Windows\DirectX.log
2014-08-21 22:31 - 2013-12-28 01:56 - 00001064 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TeamViewer 9.lnk
2014-08-21 17:45 - 2013-01-19 20:04 - 15491533 _____ () C:\Windows\system32\acre.log
2014-08-21 17:43 - 2012-09-26 01:28 - 00000000 ____D () C:\Users\Ben\AppData\Local\TeamSpeak 3 Client
2014-08-21 17:27 - 2014-08-21 17:27 - 16486048 _____ () C:\Users\Ben\Downloads\0.9.2.zip
2014-08-20 22:06 - 2014-08-20 22:06 - 00000221 _____ () C:\Users\Ben\Desktop\Arma 2.url
2014-08-20 22:01 - 2014-08-20 22:01 - 00000222 _____ () C:\Users\Ben\Desktop\Arma 2 Operation Arrowhead Beta (Obsolete).url
2014-08-20 22:01 - 2014-08-20 22:01 - 00000221 _____ () C:\Users\Ben\Desktop\Arma 2 Operation Arrowhead.url
2014-08-20 21:46 - 2014-08-20 21:46 - 00003250 _____ () C:\Windows\System32\Tasks\{E3124202-A696-45A5-95FF-DC682D8BC7CC}
2014-08-20 21:46 - 2014-08-20 21:46 - 00000000 ____D () C:\Users\Ben\Downloads\ARMA2_OA_Build_112555 (2)
2014-08-20 21:45 - 2014-08-20 21:45 - 11178510 _____ () C:\Users\Ben\Downloads\ARMA2_OA_Build_112555 (2).zip
2014-08-19 23:16 - 2013-06-21 16:10 - 00000000 ____D () C:\Users\Ben\Documents\Arma 3
2014-08-19 22:52 - 2013-12-16 22:15 - 00000000 ____D () C:\Users\Ben\AppData\Local\DayZ
2014-08-18 21:52 - 2014-08-18 21:52 - 00338151 _____ () C:\Users\Ben\Documents\ts3_clientui-win64-1382530211-2014-08-18 21_52_16.627124.dmp
2014-08-18 19:08 - 2014-08-18 19:07 - 21034132 _____ () C:\Users\Ben\Downloads\ad_helos_arma2_v1.5.rar
2014-08-18 17:25 - 2014-08-18 17:25 - 00001488 _____ () C:\Users\Ben\Downloads\fillCrate_v02.zip
2014-08-17 23:18 - 2014-08-17 23:18 - 00000000 __SHD () C:\Users\Ben\AppData\Local\EmieUserList
2014-08-17 23:18 - 2014-08-17 23:18 - 00000000 __SHD () C:\Users\Ben\AppData\Local\EmieSiteList
2014-08-17 23:18 - 2013-01-18 17:27 - 00000000 ____D () C:\Users\Ben\AppData\Local\Google
2014-08-16 23:48 - 2009-07-14 01:13 - 00786514 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-08-16 23:20 - 2014-06-24 00:28 - 00000000 ____D () C:\Users\Ben\AppData\Local\SIX Networks
2014-08-16 22:57 - 2014-06-24 00:29 - 00002195 _____ () C:\Users\Ben\Desktop\Play withSIX.lnk
2014-08-16 22:55 - 2014-08-16 22:54 - 14248784 _____ (SIX Networks) C:\Users\Ben\Downloads\withSIX-Play (1).exe
2014-08-16 22:24 - 2011-05-17 10:40 - 00000000 ____D () C:\Users\Ben\Documents\Ace of Spades
2014-08-16 17:33 - 2012-10-25 22:01 - 00000000 ____D () C:\Program Files (x86)\Overwolf
2014-08-16 17:26 - 2014-08-16 17:26 - 00000000 ____D () C:\Users\Ben\AppData\Roaming\AVAST Software
2014-08-16 17:24 - 2013-01-18 17:27 - 00001415 _____ () C:\Users\Ben\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2014-08-13 19:16 - 2014-08-13 19:15 - 00688992 ____R (Swearware) C:\Users\Gershman Family\Downloads\dds.com
2014-08-13 14:34 - 2014-08-13 14:34 - 00000000 ____D () C:\rei
2014-08-13 14:34 - 2014-08-13 14:34 - 00000000 ____D () C:\Program Files\Reimage
2014-08-13 14:24 - 2014-08-13 14:24 - 00000099 _____ () C:\Windows\Reimage.ini
2014-08-13 14:24 - 2014-08-13 14:24 - 00000000 ____D () C:\Windows\ERUNT
2014-08-13 13:02 - 2013-07-04 11:12 - 00427360 _____ (AVAST Software) C:\Windows\system32\Drivers\aswsp.sys
2014-08-12 19:52 - 2010-12-04 00:09 - 00000000 ____D () C:\Users\Gershman Family\AppData\Local\Google
2014-08-12 19:45 - 2014-08-12 19:45 - 00000000 ____D () C:\Users\Gershman Family\AppData\Roaming\AVAST Software
2014-08-12 02:30 - 2009-07-13 23:20 - 00000000 ____D () C:\Windows\rescache
2014-08-11 23:04 - 2014-08-11 23:04 - 00001968 _____ () C:\Users\Public\Desktop\avast! Free Antivirus.lnk
2014-08-11 22:27 - 2014-08-11 22:27 - 00092008 _____ (AVAST Software) C:\Windows\system32\Drivers\aswStm.sys
2014-08-11 22:27 - 2014-08-11 22:27 - 00043152 _____ (AVAST Software) C:\Windows\avastSS.scr
2014-08-11 22:27 - 2014-08-11 22:27 - 00029208 _____ () C:\Windows\system32\Drivers\aswHwid.sys
2014-08-11 22:27 - 2013-07-04 11:12 - 01041168 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSnx.sys
2014-08-11 22:27 - 2013-07-04 11:12 - 00307344 _____ (AVAST Software) C:\Windows\system32\aswBoot.exe
2014-08-11 22:27 - 2013-07-04 11:12 - 00224896 _____ () C:\Windows\system32\Drivers\aswVmm.sys
2014-08-11 22:27 - 2013-07-04 11:12 - 00093568 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRdr2.sys
2014-08-11 22:27 - 2013-07-04 11:12 - 00079184 _____ (AVAST Software) C:\Windows\system32\Drivers\aswMonFlt.sys
2014-08-11 22:27 - 2013-07-04 11:12 - 00065776 _____ () C:\Windows\system32\Drivers\aswRvrt.sys
2014-08-11 22:23 - 2013-07-04 11:11 - 00000000 ____D () C:\ProgramData\AVAST Software
2014-08-11 22:19 - 2013-07-04 11:12 - 00000000 _____ () C:\Windows\SysWOW64\config.nt
2014-08-11 22:06 - 2014-07-03 10:26 - 00000000 ____D () C:\EEK
2014-08-11 22:06 - 2013-08-13 06:57 - 00000548 _____ () C:\Users\Gershman Family\Desktop\Emsisoft Emergency Kit.lnk
2014-08-11 22:02 - 2013-01-21 11:25 - 00000000 ____D () C:\Users\Gershman Family\AppData\Local\LogMeIn Hamachi
2014-08-11 22:00 - 2014-08-11 22:00 - 00000000 __SHD () C:\Users\Gershman Family\AppData\Local\EmieUserList
2014-08-11 22:00 - 2014-08-11 22:00 - 00000000 __SHD () C:\Users\Gershman Family\AppData\Local\EmieSiteList
2014-08-11 21:58 - 2010-11-30 22:44 - 00001415 _____ () C:\Users\Gershman Family\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2014-08-11 20:00 - 2009-07-13 23:20 - 00000000 ____D () C:\Windows\PolicyDefinitions
2014-08-11 19:59 - 2012-07-21 12:00 - 00000000 ____D () C:\Windows\jobippnp
2014-08-11 19:59 - 2012-03-20 21:10 - 00000000 ____D () C:\Windows\disipbas
2014-08-11 19:12 - 2012-09-16 01:50 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Drive
2014-08-10 17:51 - 2014-08-10 17:43 - 00014462 _____ () C:\Windows\IE11_main.log
2014-08-10 17:50 - 2013-05-14 22:22 - 00000000 ___HD () C:\Windows\msdownld.tmp
2014-08-10 17:48 - 2014-08-10 17:48 - 17276416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-08-10 17:48 - 2014-08-10 17:48 - 11742208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-08-10 17:48 - 2014-08-10 17:48 - 04254720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-08-10 17:48 - 2014-08-10 17:48 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-08-10 17:48 - 2014-08-10 17:48 - 02179072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-08-10 17:48 - 2014-08-10 17:48 - 01964544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-08-10 17:48 - 2014-08-10 17:48 - 01791488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-08-10 17:48 - 2014-08-10 17:48 - 01139200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-08-10 17:48 - 2014-08-10 17:48 - 01068032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2014-08-10 17:48 - 2014-08-10 17:48 - 00942592 _____ (Microsoft Corporation) C:\Windows\system32\jsIntl.dll
2014-08-10 17:48 - 2014-08-10 17:48 - 00940032 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-08-10 17:48 - 2014-08-10 17:48 - 00704512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2014-08-10 17:48 - 2014-08-10 17:48 - 00645120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsIntl.dll
2014-08-10 17:48 - 2014-08-10 17:48 - 00616104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dat
2014-08-10 17:48 - 2014-08-10 17:48 - 00610304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2014-08-10 17:48 - 2014-08-10 17:48 - 00592896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2014-08-10 17:48 - 2014-08-10 17:48 - 00526336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-08-10 17:48 - 2014-08-10 17:48 - 00455168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2014-08-10 17:48 - 2014-08-10 17:48 - 00442368 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-08-10 17:48 - 2014-08-10 17:48 - 00367616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2014-08-10 17:48 - 2014-08-10 17:48 - 00337408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2014-08-10 17:48 - 2014-08-10 17:48 - 00240824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2014-08-10 17:48 - 2014-08-10 17:48 - 00239616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2014-08-10 17:48 - 2014-08-10 17:48 - 00235008 _____ (Microsoft Corporation) C:\Windows\system32\elshyph.dll
2014-08-10 17:48 - 2014-08-10 17:48 - 00233472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
2014-08-10 17:48 - 2014-08-10 17:48 - 00208384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll
2014-08-10 17:48 - 2014-08-10 17:48 - 00194048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\elshyph.dll
2014-08-10 17:48 - 2014-08-10 17:48 - 00182272 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msls31.dll
2014-08-10 17:48 - 2014-08-10 17:48 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-08-10 17:48 - 2014-08-10 17:48 - 00151552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iexpress.exe
2014-08-10 17:48 - 2014-08-10 17:48 - 00139264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wextract.exe
2014-08-10 17:48 - 2014-08-10 17:48 - 00127488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\occache.dll
2014-08-10 17:48 - 2014-08-10 17:48 - 00116736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iepeers.dll
2014-08-10 17:48 - 2014-08-10 17:48 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-08-10 17:48 - 2014-08-10 17:48 - 00111616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\IEAdvpack.dll
2014-08-10 17:48 - 2014-08-10 17:48 - 00086016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll
2014-08-10 17:48 - 2014-08-10 17:48 - 00083456 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inseng.dll
2014-08-10 17:48 - 2014-08-10 17:48 - 00074240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SetIEInstalledDate.exe
2014-08-10 17:48 - 2014-08-10 17:48 - 00071680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RegisterIEPKEYs.exe
2014-08-10 17:48 - 2014-08-10 17:48 - 00069632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-08-10 17:48 - 2014-08-10 17:48 - 00069120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\icardie.dll
2014-08-10 17:48 - 2014-08-10 17:48 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tdc.ocx
2014-08-10 17:48 - 2014-08-10 17:48 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2014-08-10 17:48 - 2014-08-10 17:48 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-08-10 17:48 - 2014-08-10 17:48 - 00056832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\pngfilt.dll
2014-08-10 17:48 - 2014-08-10 17:48 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2014-08-10 17:48 - 2014-08-10 17:48 - 00048640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmler.dll
2014-08-10 17:48 - 2014-08-10 17:48 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeedsbs.dll
2014-08-10 17:48 - 2014-08-10 17:48 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-08-10 17:48 - 2014-08-10 17:48 - 00036352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\imgutil.dll
2014-08-10 17:48 - 2014-08-10 17:48 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-08-10 17:48 - 2014-08-10 17:48 - 00032256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2014-08-10 17:48 - 2014-08-10 17:48 - 00024576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\licmgr10.dll
2014-08-10 17:48 - 2014-08-10 17:48 - 00013312 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshta.exe
2014-08-10 17:48 - 2014-08-10 17:48 - 00012800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeedssync.exe
2014-08-10 17:48 - 2014-08-10 17:47 - 00086016 _____ (Microsoft Corporation) C:\Windows\system32\RegisterIEPKEYs.exe
2014-08-10 17:47 - 2014-08-10 17:47 - 23464448 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-08-10 17:47 - 2014-08-10 17:47 - 13527040 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-08-10 17:47 - 2014-08-10 17:47 - 05721088 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-08-10 17:47 - 2014-08-10 17:47 - 02768384 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-08-10 17:47 - 2014-08-10 17:47 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-08-10 17:47 - 2014-08-10 17:47 - 02266112 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-08-10 17:47 - 2014-08-10 17:47 - 02040832 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-08-10 17:47 - 2014-08-10 17:47 - 01393664 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-08-10 17:47 - 2014-08-10 17:47 - 01249280 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2014-08-10 17:47 - 2014-08-10 17:47 - 00846336 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-08-10 17:47 - 2014-08-10 17:47 - 00774144 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2014-08-10 17:47 - 2014-08-10 17:47 - 00752640 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-08-10 17:47 - 2014-08-10 17:47 - 00631808 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-08-10 17:47 - 2014-08-10 17:47 - 00616104 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dat
2014-08-10 17:47 - 2014-08-10 17:47 - 00608768 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-08-10 17:47 - 2014-08-10 17:47 - 00598016 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-08-10 17:47 - 2014-08-10 17:47 - 00548352 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-08-10 17:47 - 2014-08-10 17:47 - 00452608 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-08-10 17:47 - 2014-08-10 17:47 - 00413696 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2014-08-10 17:47 - 2014-08-10 17:47 - 00292864 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-08-10 17:47 - 2014-08-10 17:47 - 00266424 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2014-08-10 17:47 - 2014-08-10 17:47 - 00247808 _____ (Microsoft Corporation) C:\Windows\system32\msls31.dll
2014-08-10 17:47 - 2014-08-10 17:47 - 00243200 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll
2014-08-10 17:47 - 2014-08-10 17:47 - 00235520 _____ (Microsoft Corporation) C:\Windows\system32\url.dll
2014-08-10 17:47 - 2014-08-10 17:47 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-08-10 17:47 - 2014-08-10 17:47 - 00167424 _____ (Microsoft Corporation) C:\Windows\system32\iexpress.exe
2014-08-10 17:47 - 2014-08-10 17:47 - 00147968 _____ (Microsoft Corporation) C:\Windows\system32\occache.dll
2014-08-10 17:47 - 2014-08-10 17:47 - 00143872 _____ (Microsoft Corporation) C:\Windows\system32\wextract.exe
2014-08-10 17:47 - 2014-08-10 17:47 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-08-10 17:47 - 2014-08-10 17:47 - 00135680 _____ (Microsoft Corporation) C:\Windows\system32\iepeers.dll
2014-08-10 17:47 - 2014-08-10 17:47 - 00131072 _____ (Microsoft Corporation) C:\Windows\system32\IEAdvpack.dll
2014-08-10 17:47 - 2014-08-10 17:47 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-08-10 17:47 - 2014-08-10 17:47 - 00105984 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll
2014-08-10 17:47 - 2014-08-10 17:47 - 00101376 _____ (Microsoft Corporation) C:\Windows\system32\inseng.dll
2014-08-10 17:47 - 2014-08-10 17:47 - 00090112 _____ (Microsoft Corporation) C:\Windows\system32\SetIEInstalledDate.exe
2014-08-10 17:47 - 2014-08-10 17:47 - 00085504 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-08-10 17:47 - 2014-08-10 17:47 - 00083968 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2014-08-10 17:47 - 2014-08-10 17:47 - 00081408 _____ (Microsoft Corporation) C:\Windows\system32\icardie.dll
2014-08-10 17:47 - 2014-08-10 17:47 - 00077312 _____ (Microsoft Corporation) C:\Windows\system32\tdc.ocx
2014-08-10 17:47 - 2014-08-10 17:47 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-08-10 17:47 - 2014-08-10 17:47 - 00062464 _____ (Microsoft Corporation) C:\Windows\system32\pngfilt.dll
2014-08-10 17:47 - 2014-08-10 17:47 - 00052224 _____ (Microsoft Corporation) C:\Windows\system32\msfeedsbs.dll
2014-08-10 17:47 - 2014-08-10 17:47 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-08-10 17:47 - 2014-08-10 17:47 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\mshtmler.dll
2014-08-10 17:47 - 2014-08-10 17:47 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-08-10 17:47 - 2014-08-10 17:47 - 00048128 _____ (Microsoft Corporation) C:\Windows\system32\imgutil.dll
2014-08-10 17:47 - 2014-08-10 17:47 - 00038400 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2014-08-10 17:47 - 2014-08-10 17:47 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-08-10 17:47 - 2014-08-10 17:47 - 00030208 _____ (Microsoft Corporation) C:\Windows\system32\licmgr10.dll
2014-08-10 17:47 - 2014-08-10 17:47 - 00013824 _____ (Microsoft Corporation) C:\Windows\system32\mshta.exe
2014-08-10 17:47 - 2014-08-10 17:47 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\msfeedssync.exe
2014-08-10 17:47 - 2014-08-10 17:47 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-08-10 17:45 - 2014-08-10 17:45 - 05549504 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2014-08-10 17:45 - 2014-08-10 17:45 - 03969472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2014-08-10 17:45 - 2014-08-10 17:45 - 03914176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2014-08-10 17:45 - 2014-08-10 17:45 - 01732032 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2014-08-10 17:45 - 2014-08-10 17:45 - 01292192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll
2014-08-10 17:45 - 2014-08-10 17:45 - 00878080 _____ (Microsoft Corporation) C:\Windows\system32\advapi32.dll
2014-08-10 17:45 - 2014-08-10 17:45 - 00859648 _____ (Microsoft Corporation) C:\Windows\system32\tdh.dll
2014-08-10 17:45 - 2014-08-10 17:45 - 00640512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\advapi32.dll
2014-08-10 17:45 - 2014-08-10 17:45 - 00619520 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tdh.dll
2014-08-10 17:45 - 2014-08-10 17:45 - 00243712 _____ (Microsoft Corporation) C:\Windows\system32\wow64.dll
2014-08-10 17:45 - 2014-08-10 17:45 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe
2014-08-10 17:45 - 2014-08-10 17:45 - 00014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll
2014-08-10 17:45 - 2014-08-10 17:45 - 00007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe
2014-08-10 17:45 - 2014-08-10 17:45 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll
2014-08-10 17:45 - 2014-08-10 17:45 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe
2014-08-10 17:44 - 2014-08-10 17:44 - 01903552 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tcpip.sys
2014-08-10 17:44 - 2014-08-10 17:44 - 00497152 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\afd.sys
2014-08-10 17:44 - 2014-08-10 17:44 - 00327168 _____ (Microsoft Corporation) C:\Windows\system32\mswsock.dll
2014-08-10 17:44 - 2014-08-10 17:44 - 00231424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mswsock.dll
2014-08-10 17:39 - 2014-08-10 17:39 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Evernote
2014-08-10 12:53 - 2014-08-10 12:53 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LogMeIn Hamachi
2014-08-10 12:53 - 2014-08-10 12:53 - 00000000 ____D () C:\Program Files (x86)\LogMeIn Hamachi
2014-08-10 12:53 - 2013-05-25 17:18 - 00000888 _____ () C:\Users\Public\Desktop\LogMeIn Hamachi.lnk

Files to move or delete:
====================
C:\Users\Gershman Family\OEAccounts.reg

Some content of TEMP:
====================
C:\Users\Ben\AppData\Local\Temp\0ghpysfw.dll
C:\Users\Ben\AppData\Local\Temp\0n3ipcpq.dll
C:\Users\Ben\AppData\Local\Temp\22dokhx0.dll
C:\Users\Ben\AppData\Local\Temp\4433.exe
C:\Users\Ben\AppData\Local\Temp\4x4hvasj.dll
C:\Users\Ben\AppData\Local\Temp\5408.exe
C:\Users\Ben\AppData\Local\Temp\8E09.exe
C:\Users\Ben\AppData\Local\Temp\A21B.exe
C:\Users\Ben\AppData\Local\Temp\at5rg0rr.dll
C:\Users\Ben\AppData\Local\Temp\awesomium_setup.exe
C:\Users\Ben\AppData\Local\Temp\C4D4.exe
C:\Users\Ben\AppData\Local\Temp\CA64.exe
C:\Users\Ben\AppData\Local\Temp\COMAP.EXE
C:\Users\Ben\AppData\Local\Temp\drm_dyndata_7370014.dll
C:\Users\Ben\AppData\Local\Temp\drm_dyndata_7380014.dll
C:\Users\Ben\AppData\Local\Temp\drm_dyndata_7410004.dll
C:\Users\Ben\AppData\Local\Temp\dxwebsetup.exe
C:\Users\Ben\AppData\Local\Temp\fgtl221v.dll
C:\Users\Ben\AppData\Local\Temp\gbinit.exe
C:\Users\Ben\AppData\Local\Temp\gfucb10c.dll
C:\Users\Ben\AppData\Local\Temp\hoqsu2xc.dll
C:\Users\Ben\AppData\Local\Temp\iwdvbble.dll
C:\Users\Ben\AppData\Local\Temp\lf00vunr.dll
C:\Users\Ben\AppData\Local\Temp\MouseKeyboardCenterx64_1033.exe
C:\Users\Ben\AppData\Local\Temp\mvazqgdb.dll
C:\Users\Ben\AppData\Local\Temp\nsidll.dll
C:\Users\Ben\AppData\Local\Temp\nvSCPAPI.dll
C:\Users\Ben\AppData\Local\Temp\nvSCPAPI64.dll
C:\Users\Ben\AppData\Local\Temp\nvStInst.exe
C:\Users\Ben\AppData\Local\Temp\ping.exe
C:\Users\Ben\AppData\Local\Temp\pppngvgb.dll
C:\Users\Ben\AppData\Local\Temp\setup.exe
C:\Users\Ben\AppData\Local\Temp\SIntf16.dll
C:\Users\Ben\AppData\Local\Temp\SIntf32.dll
C:\Users\Ben\AppData\Local\Temp\SIntfNT.dll
C:\Users\Ben\AppData\Local\Temp\sivobvg2.dll
C:\Users\Ben\AppData\Local\Temp\SkypeSetup.exe
C:\Users\Ben\AppData\Local\Temp\sonarinst.exe
C:\Users\Ben\AppData\Local\Temp\sp64126.exe
C:\Users\Ben\AppData\Local\Temp\su-setup.exe
C:\Users\Ben\AppData\Local\Temp\tskmqlov.dll
C:\Users\Ben\AppData\Local\Temp\tu52gqmd.dll
C:\Users\Ben\AppData\Local\Temp\ubi9225.tmp.exe
C:\Users\Ben\AppData\Local\Temp\UninstallHPSA.exe
C:\Users\Ben\AppData\Local\Temp\Update.exe
C:\Users\Ben\AppData\Local\Temp\utt1AFC.tmp.exe
C:\Users\Ben\AppData\Local\Temp\vf232be0.dll
C:\Users\Ben\AppData\Local\Temp\xdzdutff.dll
C:\Users\Ben\AppData\Local\Temp\yk2uuhtm.dll
C:\Users\Ben\AppData\Local\Temp\ziwkd3wo.dll
C:\Users\Ben\AppData\Local\Temp\zv9huyzy.dll
C:\Users\Gershman Family\AppData\Local\Temp\enfor_mation2.exe
C:\Users\Gershman Family\AppData\Local\Temp\InstallFlashPlayer.exe
C:\Users\Gershman Family\AppData\Local\Temp\ose00000.exe
C:\Users\Gershman Family\AppData\Local\Temp\ReimagePackage.exe
C:\Users\Gershman Family\AppData\Local\Temp\ReimageRepair.exe
C:\Users\Gershman Family\AppData\Local\Temp\rootsupd.exe

==================== Bamital & volsnap Check =================
(There is no automatic fix for files that do not pass verification.)
C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2014-08-18 08:43
==================== End Of Log ============================




Addition:
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 31-08-2014 02
Ran by Gershman Family at 2014-08-31 20:45:22
Running from C:\Users\GERSHMAN FAMILY\DOWNLOADS
Boot Mode: Normal
==========================================================

==================== Security Center ========================
(If an entry is included in the fixlist, it will be removed.)
AV: Microsoft Security Essentials (Enabled - Up to date) {108DAC43-C256-20B7-BB05-914135DA5160}
AS: Microsoft Security Essentials (Enabled - Up to date) {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================
(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
64 Bit HP CIO Components Installer (Version: 7.2.8 - Hewlett-Packard) Hidden
737-700 Southwest Airlines Liveries Package v2.2 (HKLM-x32\...\737-700 Southwest Airlines Liveries Package v2.2) (Version: - )
767 Captain (767-300 Base Pack) (HKLM-x32\...\767CAPTAIN) (Version: 1.4.00 - © 1999-2009 Captain Sim)
Accu-Feel (HKLM-x32\...\Accu-Feel) (Version: - )
Ace of Spades (HKLM-x32\...\{F7046C1F-550F-4DE5-B1FF-552A8D489F55}) (Version: 0.58 - Ben Aksoy)
Aces High (HKLM-x32\...\Aces High) (Version: - )
Active Sky X (HKLM-x32\...\{A06A6679-41D7-48C5-82F8-7D3B0B654720}) (Version: 1.00.1056 - HiFi Flightware)
Addon Sync 2009 (HKLM-x32\...\{4E3AA543-09D7-401E-9DF2-2591D24C7C49}) (Version: 1.0.67 - YomaTools)
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 3.7.0.2090 - Adobe Systems Incorporated)
Adobe AIR (x32 Version: 3.7.0.2090 - Adobe Systems Incorporated) Hidden
Adobe Digital Editions (HKLM-x32\...\Digital Editions) (Version: - )
Adobe Flash Player 14 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 14.0.0.176 - Adobe Systems Incorporated)
Adobe Flash Player 14 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 14.0.0.145 - Adobe Systems Incorporated)
Adobe Photoshop CS5.1 (HKLM-x32\...\{9158FF30-78D7-40EF-B83E-451AC5334640}) (Version: 12.1 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.07) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.07 - Adobe Systems Incorporated)
aerosoft's - Huey X (HKLM-x32\...\{F8F3F4BD-A69A-4345-AE81-656862093FBE}) (Version: 1.00 - aerosoft)
AI Carriers (HKLM-x32\...\AICarriers) (Version: - )
AIM 7 (HKLM-x32\...\AIM_7) (Version: - )
AirTrafficFX (HKLM-x32\...\AirTrafficFX) (Version: 3.4 - Flight1 Software and Mudpond Development)
Akamai NetSession Interface (HKCU\...\Akamai) (Version: - Akamai Technologies, Inc)
AlphaSim AH-64D for FSX v1.00 (HKCU\...\AlphaSim AH-64D for FSX v1.00) (Version: - )
Amazon Cloud Drive (HKLM-x32\...\{66209054-3985-4125-B0CB-C69F75D2F0D9}) (Version: 1.10.00.0 - Amazon.com)
Amazon Games & Software Downloader (HKLM-x32\...\Amazon Games & Software Downloader_is1) (Version: 2.0.2.0 - Amazon)
Amazon MP3 Downloader 1.0.12 (HKLM-x32\...\Amazon MP3 Downloader) (Version: 1.0.12 - Amazon Services LLC)
AMD Catalyst Install Manager (HKLM\...\{6F483F38-6162-7606-1D0B-054852C8E011}) (Version: 3.0.851.0 - Advanced Micro Devices, Inc.)
AMD Fuel (Version: 2010.1228.2239.40637 - AMD) Hidden
Apple Application Support (HKLM-x32\...\{5D09C772-ECB3-442B-9CC6-B4341C78FDC2}) (Version: 2.3.4 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{2F72F540-1F60-4266-9506-952B21D6640D}) (Version: 6.1.0.13 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
Area 51 Simulations C-17 Globemaster for MS Flight Simulator FSX (HKLM-x32\...\Area 51 Simulations C-17 Globemaster for MS Flight Simulator FSX) (Version: - )
Area 51 Simulations MH-47E FSX Version for Windows 7 64 Bit (HKLM-x32\...\Area 51 Simulations MH-47E FSX Version for Windows 7 64 Bit) (Version: - )
Area51 Simulations UH-1Y Venom FSX Version (HKCU\...\Area51 Simulations UH-1Y Venom FSX Version) (Version: - )
Arma 2 (HKLM-x32\...\Steam App 33910) (Version: - Bohemia Interactive)
Arma 2 British Armed Forces Uninstall (HKLM-x32\...\Arma 2 British Armed Forces) (Version: - )
ArmA 2 Operation Arrowhead (HKLM-x32\...\{3D585418-C5D3-4918-ADB2-5F217F4835B6}) (Version: 1.00 - Bohemia Interactive)
ARMA 2 Operation Arrowhead Uninstall (HKLM-x32\...\ARMA 2 Operation Arrowhead) (Version: - )
Arma 2 Private Military Company Uninstall (HKLM-x32\...\Arma 2 Private Military Company) (Version: - )
ArmA 2 Uninstall (HKLM-x32\...\ArmA 2) (Version: - )
Arma 2: Operation Arrowhead (HKLM-x32\...\Steam App 33930) (Version: - Bohemia Interactive)
Arma 2: Operation Arrowhead Beta (Obsolete) (HKLM-x32\...\Steam App 219540) (Version: - )
Arma 3 Beta (HKLM-x32\...\Steam App 107410) (Version: - Bohemia Interactive)
Arma Cold War Assault Uninstall (HKLM-x32\...\Arma Cold War Assault) (Version: - )
ArmA II Launcher (HKLM-x32\...\{EACFCDA4-3286-4DEB-92D8-53006239F347}) (Version: 1.4.1.0 - Spirited Machine)
ArmA Uninstall (HKLM-x32\...\ArmA) (Version: - )
ArmA3Sync 1.2.37 (HKLM-x32\...\{F097E7D7-D093-4394-9EED-43AFCCD12B7A}_is1) (Version: 1.2.37 - The [S.o.E] team)
ASPCA TriMini Reminder by We-Care.com v5.0.5.1 (HKLM-x32\...\{1CCF681C-C203-49B3-83F4-A54F0F944416}) (Version: 5.0.5.1 - We-Care.com)
Assassin's Creed® III v1.02 (HKLM-x32\...\{9D15E813-0C26-41E7-ABC5-3EB06FF1B3CF}) (Version: 1.02 - Ubisoft)
ATI Problem Report Wizard (Version: 3.0.804.0 - ATI Technologies) Hidden
ATI Stream SDK v2 Developer (HKLM\...\{80C27FE9-C6C4-F5C8-EAD3-09E7E0102E78}) (Version: 2.2.0.0 - ATI Technologies Inc.)
Audacity 2.0.3 (HKLM-x32\...\Audacity_is1) (Version: 2.0.3 - Audacity Team)
avast! Free Antivirus (HKLM-x32\...\avast) (Version: 9.0.2021 - AVAST Software)
Awesomium Redistributable (HKLM-x32\...\{5BCB064B-9F65-4E15-BAFB-669E72E54FD9}) (Version: 1.7.4.2 - SIX Networks GmbH)
AwesomiumSetup (HKLM-x32\...\{19EF99D1-7EE6-4B5E-ABEE-0B3825F703B0}) (Version: 1.00.0000 - SIX Networks GmbH)
Battlefield 2™ (HKLM-x32\...\{04858915-9F49-4B2A-AED4-DC49A7DE6A7B}) (Version: - )
Battlefield 3™ (HKLM-x32\...\{76285C16-411A-488A-BCE3-C83CB933D8CF}) (Version: 1.6.0.0 - Electronic Arts)
Battlefield 3™ Open Beta (HKLM-x32\...\{45C8D17D-B5E0-4e93-8370-4329AB16D2A0}) (Version: 1.0.0.0 - Electronic Arts)
Battlefield 4™ (HKLM-x32\...\{ABADE36E-EC37-413B-8179-B432AD3FACE7}) (Version: 1.2.0.0 - Electronic Arts)
Battlelog Web Plugins (HKLM-x32\...\Battlelog Web Plugins) (Version: 2.4.0 - EA Digital Illusions CE AB)
BattlEye (A2Free) Uninstall (HKLM-x32\...\BattlEye A2 Free) (Version: - )
BattlEye for OA Uninstall (HKLM-x32\...\BattlEye for OA) (Version: - )
BattlEye for RFT Uninstall (HKLM-x32\...\BattlEye for RFT) (Version: - )
BattlEye Uninstall (HKLM-x32\...\BattlEye for A1) (Version: - )
BattlEye Uninstall (HKLM-x32\...\BattlEye) (Version: - )
Bejeweled 2 Deluxe (x32 Version: 2.2.0.95 - WildTangent) Hidden
Belarc Advisor 8.1 (HKLM-x32\...\Belarc Advisor) (Version: - )
Bell 212 FSX 1.0 (HKCU\...\Bell 212 FSX 1.0) (Version: - )
Bing Bar (HKLM-x32\...\{77F8A71E-3515-4832-B8B2-2F1EDBD2E0F1}) (Version: 7.0.609.0 - Microsoft Corporation)
Bing Rewards Client Installer (x32 Version: 16.0.345.0 - Microsoft Corporation) Hidden
BinMake Uninstall (HKLM-x32\...\BinMake) (Version: - )
BinPBO Personal Edition Uninstall (HKLM-x32\...\BinPBO Personal Edition) (Version: - )
BLACKHAWK for FSX by FAG (HKCU\...\BLACKHAWK for FSX by FAG) (Version: - )
Blackhawk Striker 2 (x32 Version: 2.2.0.95 - WildTangent) Hidden
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
Boxee (HKLM-x32\...\BOXEE) (Version: - Boxee)
Build-a-lot 2 (x32 Version: 2.2.0.95 - WildTangent) Hidden
calibre (HKLM-x32\...\{3D0ED490-BFAB-46F8-9AFB-0DAE0C90AC9E}) (Version: 0.8.19 - Kovid Goyal)
Call of Duty: Modern Warfare 2 - Multiplayer (HKLM-x32\...\Steam App 10190) (Version: - Infinity Ward)
Call of Duty: Modern Warfare 2 (HKLM-x32\...\Steam App 10180) (Version: - Infinity Ward)
Canon Inkjet Printer Driver Add-On Module V2.00 (HKLM\...\CANONIJINBOXADDON200) (Version: - )
CanoScan Toolbox Ver4.9 (HKLM-x32\...\{CA9BCD4D-B782-4637-8F1F-F9A328D3C244}) (Version: - )
CaptainSim 757-200 PRO 4.2 (HKLM-x32\...\{5B57D4F1-66BA-448C-97F1-23F73517C694}_is1) (Version: - komu)
Carenado C152II FSX (HKCU\...\Carenado C152II FSX) (Version: - )
Carenado C172N FSX (HKLM-x32\...\Carenado C172N FSX) (Version: 1.00.00.00 - Carenado)
Carenado C185F SKYWAGON FSX (HKCU\...\Carenado C185F SKYWAGON FSX) (Version: - )
Carenado C340 II FSX (HKLM-x32\...\Carenado C340 II FSX) (Version: 1.00.00.00 - Carenado)
Catalyst Control Center InstallProxy (x32 Version: 2011.1013.1702.28713 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Localization All (x32 Version: 2010.1228.2239.40637 - ATI) Hidden
CCC Help Chinese Standard (x32 Version: 2010.1228.2238.40637 - ATI) Hidden
CCC Help Chinese Traditional (x32 Version: 2010.1228.2238.40637 - ATI) Hidden
CCC Help Czech (x32 Version: 2010.1228.2238.40637 - ATI) Hidden
CCC Help Danish (x32 Version: 2010.1228.2238.40637 - ATI) Hidden
CCC Help Dutch (x32 Version: 2010.1228.2238.40637 - ATI) Hidden
CCC Help English (x32 Version: 2010.1228.2238.40637 - ATI) Hidden
CCC Help Finnish (x32 Version: 2010.1228.2238.40637 - ATI) Hidden
CCC Help French (x32 Version: 2010.1228.2238.40637 - ATI) Hidden
CCC Help German (x32 Version: 2010.1228.2238.40637 - ATI) Hidden
CCC Help Greek (x32 Version: 2010.1228.2238.40637 - ATI) Hidden
CCC Help Hungarian (x32 Version: 2010.1228.2238.40637 - ATI) Hidden
CCC Help Italian (x32 Version: 2010.1228.2238.40637 - ATI) Hidden
CCC Help Japanese (x32 Version: 2010.1228.2238.40637 - ATI) Hidden
CCC Help Korean (x32 Version: 2010.1228.2238.40637 - ATI) Hidden
CCC Help Norwegian (x32 Version: 2010.1228.2238.40637 - ATI) Hidden
CCC Help Polish (x32 Version: 2010.1228.2238.40637 - ATI) Hidden
CCC Help Portuguese (x32 Version: 2010.1228.2238.40637 - ATI) Hidden
CCC Help Russian (x32 Version: 2010.1228.2238.40637 - ATI) Hidden
CCC Help Spanish (x32 Version: 2010.1228.2238.40637 - ATI) Hidden
CCC Help Swedish (x32 Version: 2010.1228.2238.40637 - ATI) Hidden
CCC Help Thai (x32 Version: 2010.1228.2238.40637 - ATI) Hidden
CCFile 3.6 (HKLM-x32\...\CCFile_is1) (Version: - www.ccfile.net)
CCG Launcher version 0.4 (HKLM-x32\...\{E8BE34DD-02E6-4445-A96B-70931D747024}_is1) (Version: 0.4 - Custom Combat Gaming)
Chuzzle Deluxe (x32 Version: 2.2.0.95 - WildTangent) Hidden
CinemaNow Media Manager (HKLM-x32\...\{6C122441-1861-4CD7-B1C5-A163A6984E12}) (Version: 1.9.1.105 - CinemaNow, Inc.)
Cisco Connect (HKLM-x32\...\Cisco Connect) (Version: 1.4.11299.0 - Cisco Consumer Products LLC)
Citrix Authentication Manager (x32 Version: 5.1.0.62606 - Citrix Systems, Inc.) Hidden
Citrix Receiver (HDX Flash Redirection) (x32 Version: 14.1.0.0 - Citrix Systems, Inc.) Hidden
Citrix Receiver (HKLM-x32\...\CitrixOnlinePluginPackWeb) (Version: 14.1.0.0 - Citrix Systems, Inc.)
Citrix Receiver Inside (x32 Version: 4.1.0.56471 - Citrix Systems, Inc.) Hidden
Citrix Receiver Updater (x32 Version: 4.1.0.56461 - Citrix Systems, Inc.) Hidden
Citrix Receiver(Aero) (x32 Version: 14.1.0.0 - Citrix Systems, Inc.) Hidden
Citrix Receiver(DV) (x32 Version: 14.1.0.0 - Citrix Systems, Inc.) Hidden
Citrix Receiver(USB) (x32 Version: 14.1.0.0 - Citrix Systems, Inc.) Hidden
Citrix XenApp Web Plugin (HKLM-x32\...\{C0B165DC-F037-483F-B1C9-D89D91529CEB}) (Version: 11.0.150.5357 - Citrix Systems, Inc.)
Company of Heroes (HKLM-x32\...\Steam App 4560) (Version: - Relic)
Contents (x32 Version: 16.0.0.106 - Corel Corporation) Hidden
Corel VideoStudio Pro X6 (HKLM-x32\...\_{6688A246-F6E8-48AD-9806-8D5832E9F15D}) (Version: 16.0.0.106 - Corel Corporation)
Counter-Strike: Global Offensive (HKLM-x32\...\Steam App 730) (Version: - Valve)
CyberLink DVD Suite Deluxe (HKLM-x32\...\InstallShield_{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}) (Version: 7.0.2823 - CyberLink Corp.)
CyberLink DVD Suite Deluxe (x32 Version: 7.0.2823 - CyberLink Corp.) Hidden
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
Dash 8 Majestic American Eagle (HKLM-x32\...\Dash 8 Majestic American Eagle) (Version: - )
DayZ (HKLM-x32\...\Steam App 221100) (Version: - Bohemia Interactive)
DayZ Commander (HKLM-x32\...\{FB477816-E6FD-4F89-88D7-01B9CFE7D047}) (Version: 0.9.81 - Dotjosh Studios)
DayZ-Launcher (HKCU\...\e1cb434746b3d451) (Version: 1.0.0.15 - DayZ-Launcher)
DCS World (HKLM\...\DCS World_is1) (Version: 1.2.6.20768 - )
DCS World (HKLM-x32\...\Steam App 223750) (Version: - Eagle Dynamics)
Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{A3AD381D-848C-4478-80DC-228E37309308}) (Version: - Microsoft)
Diner Dash 2 Restaurant Rescue (x32 Version: 2.2.0.95 - WildTangent) Hidden
DodoSim 206 FSX (HKLM-x32\...\{D721220E-2D02-4785-AC88-6A67F4E8758F}) (Version: 1.0.0 - DodoSim)
Dora's Carnival Adventure (x32 Version: 2.2.0.95 - WildTangent) Hidden
Driver Genius Professional Edition (HKLM-x32\...\Driver Genius Professional Edition_is1) (Version: 11.0 - Driver-Soft Inc.)
Dropbox (HKCU\...\Dropbox) (Version: 2.8.2 - Dropbox, Inc.)
DVD Catalyst 4.2.6.0 (HKLM-x32\...\DVD Catalyst) (Version: 4.2.6.0 - Tools4Movies)
DVD Menu Pack for HP MediaSmart Video (HKLM-x32\...\InstallShield_{FB4BB287-37F9-4E27-9C4D-2D3882E08EFF}) (Version: 4.1.4030 - Hewlett-Packard)
DVD Menu Pack for HP MediaSmart Video (x32 Version: 4.1.4030 - Hewlett-Packard) Hidden
DVD to DROID (HKLM-x32\...\{CDDBBB41-7425-4B86-A6CF-C3FD5D0D8DEB}) (Version: 1.0.1 - DoTheWeb.net)
Eaglesoft Development Group Citation CII 1.5 (HKCU\...\Eaglesoft Development Group Citation CII 1.5 ) (Version: - )
Eaglesoft Development Group Citation X 2.0 FSX (HKCU\...\Eaglesoft Development Group Citation X 2.0 FSX) (Version: - )
Easy Phone Tunes (HKLM-x32\...\{1FD9325C-04E3-4914-AACE-0BD4E2AFEED0}) (Version: 66 - Easy Phone Tunes)
E-Jets Series (FSX) (HKCU\...\E-Jets Series (FSX)) (Version: - )
Escape Rosecliff Island (x32 Version: 2.2.0.95 - WildTangent) Hidden
ESET Online Scanner v3 (HKLM-x32\...\ESET Online Scanner) (Version: - )
ESN Sonar (HKLM-x32\...\ESN Sonar-0.70.0) (Version: 0.70.0 - ESN Social Software AB)
ESN Sonar (HKLM-x32\...\ESN Sonar-0.70.4) (Version: 0.70.4 - ESN Social Software AB)
Evernote v. 5.5.3 (HKLM-x32\...\{B1A0F908-1448-11E4-8684-00163E98E7D0}) (Version: 5.5.3.4236 - Evernote Corp.)
Exif Pilot 4.4.1 (HKLM-x32\...\Exif Pilot_is1) (Version: 4.4.1 - Two Pilots)
Façade (HKLM-x32\...\{24E34264-D483-477C-A9A0-4E53F69834CF}) (Version: 1.1.2 - Procedural Arts)
Facebook Video Calling 1.2.0.287 (HKLM-x32\...\{B92C5909-1D37-4C51-8397-A28BB28E5DC3}) (Version: 1.2.287 - Skype Limited)
Facebook Video Calling 3.1.0.521 (HKLM-x32\...\{2091F234-EB58-4B80-8C96-8EB78C808CF7}) (Version: 3.1.521 - Skype Limited)
FastStone Capture 6.7 (HKLM-x32\...\FastStone Capture) (Version: 6.7 - FastStone Soft)
FATE (x32 Version: 2.2.0.95 - WildTangent) Hidden
FIBzilla Backgammon 5.0.46 (HKLM-x32\...\FIBzilla_is1) (Version: - )
File Type Assistant (HKLM-x32\...\Trusted Software Assistant_is1) (Version: - Trusted Software) <==== ATTENTION
Final Drive Nitro (x32 Version: 2.2.0.95 - WildTangent) Hidden
FinalTorrent 2011 (HKLM-x32\...\FinalTorrent_is1) (Version: - Bitberry Software)
Flight Deck 5 for FSX (HKLM-x32\...\{2EE8F85E-EDF1-4CEF-828F-27BC2981434F}) (Version: 1.00.0000 - Abacus Software)
Flight Environment X (HKLM-x32\...\Flight Environment X) (Version: - )
Flight One ATR 72-500 (HKLM-x32\...\ATR_72500) (Version: - )
Flight One ATR 72-500 (HKLM-x32\...\ATR_Beta) (Version: - )
Flight Sim Nation Carrier (HKLM-x32\...\Flight Sim Nation Carrier1.0) (Version: 1.0 - Flight Sim Nation Carrier)
Flight Simulator X (HKLM-x32\...\RTMshadow_{A9729B90-D37B-4A69-B66A-7436AC1F7274}) (Version: - )
Flight Simulator X Service Pack 1 (HKLM-x32\...\SP1shadow_{A9729B90-D37B-4A69-B66A-7436AC1F7274}) (Version: - )
FlightGear v2.0.0 (HKLM-x32\...\FlightGear_is1) (Version: - The FlightGear Team)
Fraps (remove only) (HKLM-x32\...\Fraps) (Version: - )
Free File Viewer 2011 (HKLM-x32\...\FreeFileViewer_is1) (Version: - Bitberry Software) <==== ATTENTION
FSDreamTeam JFK FSX 1.2.1 (HKLM-x32\...\FSDreamTeam JFK FSX_is1) (Version: - )
fs-freeware.net - Complete April Downloads 2010 (HKCU\...\fs-freeware.net - Complete April Downloads 2010) (Version: - )
fs-freeware.net - Install Pack Dec 2010 version 1.5 (HKLM-x32\...\{026938AE-8782-4CDE-8860-3B76CC75AC50}_is1) (Version: 1.5 - fs-freeware.net)
fs-freeware.net - Installer Package Jan 2011 version 1.5 (HKLM-x32\...\{DC0460B6-81E2-45B2-9725-04D5074C6838}_is1) (Version: 1.5 - fs-freeware.net)
fs-freeware.net Install Pack April version 1.5 (HKLM-x32\...\{AADBF993-58ED-4C7B-8B4E-F3663B7EF7A5}_is1) (Version: 1.5 - fs-freeware.net)
fs-freeware.net Install Pack FEB version 1.5 (HKLM-x32\...\{3B22C38F-EC27-4488-B1F6-64EF6A28906F}_is1) (Version: 1.5 - fs-freeware.net)
fs-freeware.net Install Pack June 2010 version fs-freeware.net (HKLM-x32\...\{BD8C4EB3-7C47-41B8-8BA6-392CDEC03482}_is1) (Version: fs-freeware.net Install Pack June 2010 - fs-freeware.net)
fs-freeware.net Install Pack May version 1.5 (HKLM-x32\...\{270EDE76-0A48-43D7-B56C-40221F7A97D8}_is1) (Version: 1.5 - fs-freeware.net)
fs-freeware.net Installer Pack September version 0 (HKLM-x32\...\{F314B249-500E-4C0A-9186-92DB1417973D}_is1) (Version: 0 - fs-freeware.net)
fs-freeware.net Military Aircraft Package 1 (HKCU\...\fs-freeware.net Military Aircraft Package 1) (Version: - )
FSM Editor Personal Edition Uninstall (HKLM-x32\...\FSM Editor Personal Edition) (Version: - )
FsMovMapServer (HKLM-x32\...\FsMovMapServer) (Version: v1.02 - RahSim)
FSX A400M version 1.5 (HKLM-x32\...\{9951EF0F-3517-4754-9F11-9D0A274EB4C4}_is1) (Version: 1.5 - )
FSX Night Vision (HKLM-x32\...\FSX Night Vision1.0) (Version: 1.0 - Flight Sim Nation)
FSX Ultra-Pack (HKCU\...\FSX Ultra-Pack) (Version: - )
FTX AU GOLD Version 1.0 (HKCU\...\FTX AU GOLD Version 1.0) (Version: - )
GeForce Experience NvStream Client Components (Version: 1.6.28 - NVIDIA Corporation) Hidden
Gmask 1.70 English (HKLM-x32\...\Gmask 1.70 English) (Version: - )
Goat Simulator (HKLM-x32\...\Steam App 265930) (Version: - Coffee Stain Studios)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 37.0.2062.102 - Google Inc.)
Google Drive (HKLM-x32\...\{C6640705-7479-4EE5-BC86-879F05F65E74}) (Version: 1.17.7290.4094 - Google, Inc.)
Google Earth (HKLM-x32\...\{4D2A6330-2F8B-11E3-9C40-B8AC6F97B88E}) (Version: 7.1.2.2041 - Google)
Google Earth Pro (HKLM-x32\...\{9578C0CD-8108-4379-9026-4601F59859A0}) (Version: 4.2.180.1134 - Google)
Google Talk Plugin (HKLM-x32\...\{C1E3DFE7-4EAD-3E9E-A826-E06055BA5921}) (Version: 5.4.2.18903 - Google)
Google Toolbar for Internet Explorer (HKLM-x32\...\{2318C2B1-4965-11d4-9B18-009027A5CD4F}) (Version: 7.5.5111.1712 - Google Inc.)
Google Toolbar for Internet Explorer (x32 Version: 1.0.0 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.24.15 - Google Inc.) Hidden
Google+ Auto Backup (HKCU\...\Google+ Auto Backup) (Version: 1.0.26.151 - Google, Inc.)
Google+ Auto Backup (HKLM-x32\...\{A50DE037-B5C0-4C8A-8049-B0C576B313D1}) (Version: 1.0.21.81 - Google)
Grand Theft Auto IV (HKLM-x32\...\{579BA58C-F33D-4970-9953-B94B43768AC3}) (Version: 1.00.0000 - Rockstar Games)
Grand Theft Auto IV (HKLM-x32\...\Steam App 12210) (Version: - Rockstar North)
Grand Theft Auto: Episodes from Liberty City (HKLM-x32\...\Steam App 12220) (Version: - Rockstar North / Toronto)
GTA IV Vehicle Mod Installer v1.3 (HKLM-x32\...\GTA IV Vehicle Mod Installer v1.3_is1) (Version: - MobileD2)
Gyazo 2.0.1 (HKLM-x32\...\{6DB8C365-E719-4BA5-9594-10DFC244D3FD}_is1) (Version: - Nota Inc. & Toshiyuki Masui)
Heli Traffic 2009 1.01 (HKLM-x32\...\{33A1F604-3757-4864-BAF4-7DD037ABB09B}_is1) (Version: - komu)
Heroes of Hellas 2 - Olympia (x32 Version: 2.2.0.95 - WildTangent) Hidden
Hewlett-Packard ACLM.NET v1.2.2.3 (x32 Version: 1.00.0000 - Hewlett-Packard Company) Hidden
HiJackThis (HKLM-x32\...\{45A66726-69BC-466B-A7A4-12FCBA4883D7}) (Version: 1.0.0 - Trend Micro)
HP Advisor (HKLM-x32\...\{40FB8D7C-6FF8-4AF2-BC8B-0B1DB32AF04B}) (Version: 3.4.12850.3526 - Hewlett-Packard)
HP Customer Experience Enhancements (x32 Version: 6.0.1.8 - Hewlett-Packard) Hidden
HP Games (HKLM-x32\...\WildTangent hp Master Uninstall) (Version: 1.0.1.3 - WildTangent)
HP MediaSmart CinemaNow 2.0 (HKLM-x32\...\{9008D736-35CA-40DB-A2BE-5F32D954E5AA}) (Version: 2.0 - Hewlett-Packard)
HP MediaSmart DVD (HKLM-x32\...\InstallShield_{DCCAD079-F92C-44DA-B258-624FC6517A5A}) (Version: 4.1.4229 - Hewlett-Packard)
HP MediaSmart DVD (x32 Version: 4.1.4229 - Hewlett-Packard) Hidden
HP MediaSmart Music (HKLM-x32\...\InstallShield_{91A34181-9FAD-43AB-A35F-E7A8945B7E1C}) (Version: 4.1.4301 - Hewlett-Packard)
HP MediaSmart Music (x32 Version: 4.1.4301 - Hewlett-Packard) Hidden
HP MediaSmart Photo (HKLM-x32\...\InstallShield_{6DAF8CDC-9B04-413B-A0F2-BCC13CF8A5BF}) (Version: 4.1.4211 - Hewlett-Packard)
HP MediaSmart Photo (x32 Version: 4.1.4211 - Hewlett-Packard) Hidden
HP MediaSmart SmartMenu (HKLM\...\{5B08AF35-B699-4A44-BB89-3E51E70611E8}) (Version: 3.1.1.12 - Hewlett-Packard)
HP MediaSmart Video (HKLM-x32\...\InstallShield_{D12E3E7F-1B13-4933-A915-16C7DD37A095}) (Version: 4.1.4214 - Hewlett-Packard)
HP MediaSmart Video (x32 Version: 4.1.4214 - Hewlett-Packard) Hidden
HP MediaSmart/TouchSmart Netflix (HKLM-x32\...\{BDDA1E1E-204E-4368-B0C2-737F16B76307}) (Version: 1.0.3.0 - Hewlett-Packard)
HP Odometer (HKLM-x32\...\{B8AC1A89-FFD1-4F97-8051-E505A160F562}) (Version: 2.10.0000 - Hewlett-Packard)
HP Photosmart D110 All-In-One Driver 14.0 Rel. 7 (HKLM\...\{14BC6853-A74E-4874-B50D-679889D1544D}) (Version: 14.0 - HP)
HP Setup (HKLM-x32\...\{72D90DB3-A16A-4545-B555-868471101833}) (Version: 8.1.4186.3400 - Hewlett-Packard)
HP Support Assistant (HKLM-x32\...\{E35A3B13-78CD-4967-8AC8-AA9FDA693EDE}) (Version: 7.4.45.4 - Hewlett-Packard Company)
HP Support Information (HKLM-x32\...\{B9A03B7B-E0FF-4FB3-BA83-762E58A1B0AA}) (Version: 10.1.0002 - Hewlett-Packard)
HP Update (HKLM-x32\...\{DE77FE3F-A33D-499A-87AD-5FC406617B40}) (Version: 5.002.003.003 - Hewlett-Packard)
HP Vision Hardware Diagnostics (HKLM\...\{D79A02E9-6713-4335-9668-AAC7474C0C0E}) (Version: 2.1.2.27173 - Hewlett-Packard)
Hulu Desktop (HKCU\...\HuluDesktop) (Version: 0.9.14 - Hulu LLC)
HydraVision (x32 Version: 4.2.184.0 - ATI Technologies Inc.) Hidden
ICA (x32 Version: 16.0.0.106 - Corel Corporation) Hidden
iCloud (HKLM\...\{D0CB24F4-084F-40DE-B6B9-A03626E682F0}) (Version: 2.1.1.3 - Apple Inc.)
InstallIQ Updater (HKLM-x32\...\{8E1CB0F1-67BF-4052-AA23-FA22E94804C1}) (Version: 1.4.3.0 - W3i, LLC)
Insurgency (HKLM-x32\...\Steam App 222880) (Version: - New World Interactive)
Internet TV for Windows Media Center (HKLM-x32\...\{9D318C86-AF4C-409F-A6AC-7183FF4CF424}) (Version: 4.2.2.0 - Microsoft Corporation)
Iomega QuikProtect (64-Bit) (HKLM\...\{B53FA0E4-739C-435F-9872-E3032F2E08FC}) (Version: 1.0.2.54 - Iomega Corporation an EMC Company)
IPM_VS_Pro (x32 Version: 16.0 - Corel Corporation) Hidden
iTunes (HKLM\...\{76FF0F03-B707-4332-B5D1-A56C8303514E}) (Version: 11.0.4.4 - Apple Inc.)
iTunes Agent 1.3.4 (HKCU\...\iTunes Agent 1.3.4) (Version: - )
Java 7 Update 45 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83217045FF}) (Version: 7.0.450 - Oracle)
Java Auto Updater (x32 Version: 2.1.9.8 - Sun Microsystems, Inc.) Hidden
Java™ 6 Update 30 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83216025FF}) (Version: 6.0.300 - Oracle)
Jewel Quest 3 (x32 Version: 2.2.0.95 - WildTangent) Hidden
Jewel Quest Solitaire 2 (x32 Version: 2.2.0.95 - WildTangent) Hidden
Junk Mail filter update (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
kACARS_Free (HKLM-x32\...\{489BBE4D-F8F6-42B4-B3DD-6D51E2FCF98A}) (Version: 1.0.1010 - FS-Products)
Kerbal Space Program (HKLM-x32\...\Steam App 220200) (Version: - Squad)
KidsWatch (HKLM-x32\...\{749C0EA0-B679-11DD-6784-00A01C3A18BE}) (Version: 7.1.201.107 - Computer Business Solutions, Inc.)
Kobo (HKLM-x32\...\Kobo) (Version: - )
LabelPrint (HKLM-x32\...\InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}) (Version: 2.5.2823 - CyberLink Corp.)
LabelPrint (x32 Version: 2.5.2823 - CyberLink Corp.) Hidden
LG USB Modem driver (HKLM-x32\...\{C3ABE126-2BB2-4246-BFE1-6797679B3579}) (Version: - )
LightScribe System Software (HKLM-x32\...\{46BA053F-57B3-4153-BDB6-D37EEC8B12D7}) (Version: 1.18.15.1 - LightScribe)
LogMeIn Hamachi (HKLM-x32\...\LogMeIn Hamachi) (Version: 2.2.0.227 - LogMeIn, Inc.)
LogMeIn Hamachi (x32 Version: 2.2.0.227 - LogMeIn, Inc.) Hidden
Majestic MJC8Q400 (HKLM-x32\...\MJC8Q400) (Version: - )
ManyCam 3.0.79 (remove only) (HKLM-x32\...\ManyCam) (Version: 3.0.79 - ManyCam LLC)
Metro 2033 (HKLM-x32\...\Steam App 43110) (Version: - THQ)
Microsoft .NET Framework 4.5.1 RC (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50861 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 RC (Version: 4.5.50861 - Microsoft Corporation) Hidden
Microsoft Application Error Reporting (Version: 12.0.6015.5000 - Microsoft Corporation) Hidden
Microsoft Default Manager (x32 Version: 2.2.114.0 - Microsoft Corporation) Hidden
Microsoft Flight Simulator X (x32 Version: 10.0.61355.0 - Microsoft Game Studios) Hidden
Microsoft Flight Simulator X Service Pack 1 (x32 Version: 10.0.61355.0 - Microsoft Game Studios) Hidden
Microsoft Flight Simulator X: Acceleration (HKLM-x32\...\FlightSim_{A9729B90-D37B-4A69-B66A-7436AC1F7274}) (Version: 10.0.61637.0 - Microsoft Game Studios)
Microsoft Flight Simulator X: Acceleration (x32 Version: 10.0.61637.0 - Microsoft Game Studios) Hidden
Microsoft Games for Windows - LIVE (HKLM-x32\...\{2C9EE786-1DDB-4C98-8FA4-B1B9B5A66B77}) (Version: 3.1.186.0 - Microsoft Corporation)
Microsoft Games for Windows - LIVE Redistributable (HKLM-x32\...\{832D9DE0-8AFC-4689-9819-4DBBDEBD3E4F}) (Version: 3.5.92.0 - Microsoft Corporation)
Microsoft Mouse and Keyboard Center (HKLM\...\Microsoft Mouse and Keyboard Center) (Version: 2.0.162.0 - Microsoft Corporation)
Microsoft Mouse and Keyboard Center (Version: 2.0.162.0 - Microsoft Corporation) Hidden
Microsoft Office 2010 Service Pack 1 (SP1) (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{047B0968-E622-4FAA-9B4B-121FA109EDDE}) (Version: - Microsoft)
Microsoft Office 2010 Service Pack 1 (SP1) (x32 Version: - Microsoft) Hidden
Microsoft Office Access MUI (English) 2010 (x32 Version: 14.0.6029.1000 - Microsoft Corporation) Hidden
Microsoft Office Access Setup Metadata MUI (English) 2010 (x32 Version: 14.0.6029.1000 - Microsoft Corporation) Hidden
Microsoft Office Excel MUI (English) 2010 (x32 Version: 14.0.6029.1000 - Microsoft Corporation) Hidden
Microsoft Office Home and Business 2010 (HKLM-x32\...\Office14.SingleImage) (Version: 14.0.6029.1000 - Microsoft Corporation)
Microsoft Office Office 64-bit Components 2010 (Version: 14.0.6029.1000 - Microsoft Corporation) Hidden
Microsoft Office OneNote MUI (English) 2010 (x32 Version: 14.0.6029.1000 - Microsoft Corporation) Hidden
Microsoft Office Outlook MUI (English) 2010 (x32 Version: 14.0.6029.1000 - Microsoft Corporation) Hidden
Microsoft Office PowerPoint MUI (English) 2010 (x32 Version: 14.0.6029.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (English) 2010 (x32 Version: 14.0.6029.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (French) 2010 (x32 Version: 14.0.6029.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (Spanish) 2010 (x32 Version: 14.0.6029.1000 - Microsoft Corporation) Hidden
Microsoft Office Proofing (English) 2010 (x32 Version: 14.0.6029.1000 - Microsoft Corporation) Hidden
Microsoft Office Publisher MUI (English) 2010 (x32 Version: 14.0.6029.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared 64-bit MUI (English) 2010 (Version: 14.0.6029.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2010 (Version: 14.0.6029.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared MUI (English) 2010 (x32 Version: 14.0.6029.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared Setup Metadata MUI (English) 2010 (x32 Version: 14.0.6029.1000 - Microsoft Corporation) Hidden
Microsoft Office Single Image 2010 (x32 Version: 14.0.6029.1000 - Microsoft Corporation) Hidden
Microsoft Office Word MUI (English) 2010 (x32 Version: 14.0.6029.1000 - Microsoft Corporation) Hidden
Microsoft Security Client (Version: 4.3.0215.0 - Microsoft Corporation) Hidden
Microsoft Security Essentials (HKLM\...\Microsoft Security Client) (Version: 4.3.215.0 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.20513.0 - Microsoft Corporation)
Microsoft SkyDrive (HKCU\...\SkyDriveSetup.exe) (Version: 17.0.2003.1112 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (HKLM-x32\...\{770657D0-A123-3C07-8E44-1C83EC895118}) (Version: 8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{A49F249F-0C91-497F-86DF-B2585E8E76B7}) (Version: 8.0.50727.42 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) - KB2467175 (HKLM\...\{aac9fcc4-dd9e-4add-901c-b5496a07ab2e}) (Version: 8.0.51011 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.60610 (HKLM-x32\...\{a1909659-0a08-4554-8af1-2175904903a1}) (Version: 11.0.60610.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.60610 (HKLM-x32\...\{95716cce-fc71-413f-8ad5-56c2892d4b3a}) (Version: 11.0.60610.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 x64 Additional Runtime - 11.0.60610 (Version: 11.0.60610 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x64 Minimum Runtime - 11.0.60610 (Version: 11.0.60610 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x86 Additional Runtime - 11.0.61030 (x32 Version: 11.0.61030 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x86 Minimum Runtime - 11.0.61030 (x32 Version: 11.0.61030 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005 (HKLM-x32\...\{ce085a78-074e-4823-8dc1-8a721b94b76d}) (Version: 12.0.21005.1 - Microsoft Corporation)
Microsoft Visual C++ 2013 x86 Additional Runtime - 12.0.21005 (x32 Version: 12.0.21005 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2013 x86 Minimum Runtime - 12.0.21005 (x32 Version: 12.0.21005 - Microsoft Corporation) Hidden
Microsoft WSE 3.0 Runtime (x32 Version: 3.0.5305.0 - Microsoft Corp.) Hidden
Microsoft_VC80_ATL_x86 (x32 Version: 8.0.50727.4053 - Adobe) Hidden
Microsoft_VC80_ATL_x86_x64 (Version: 8.0.50727.4053 - Adobe) Hidden
Microsoft_VC80_CRT_x86 (x32 Version: 8.0.50727.4053 - Adobe) Hidden
Microsoft_VC80_CRT_x86_x64 (Version: 8.0.50727.4053 - Adobe) Hidden
Microsoft_VC80_MFC_x86 (x32 Version: 8.0.50727.4053 - Adobe) Hidden
Microsoft_VC80_MFC_x86_x64 (Version: 8.0.50727.4053 - Adobe) Hidden
Microsoft_VC80_MFCLOC_x86 (x32 Version: 8.0.50727.4053 - Adobe) Hidden
Microsoft_VC80_MFCLOC_x86_x64 (Version: 80.50727.4053 - Adobe) Hidden
Microsoft_VC90_ATL_x86 (x32 Version: 1.00.0000 - Adobe) Hidden
Microsoft_VC90_ATL_x86_x64 (Version: 1.00.0000 - Adobe) Hidden
Microsoft_VC90_CRT_x86 (x32 Version: 1.00.0000 - Adobe) Hidden
Microsoft_VC90_CRT_x86_x64 (Version: 1.00.0000 - Adobe) Hidden
Microsoft_VC90_MFC_x86 (x32 Version: 1.00.0000 - Adobe) Hidden
Microsoft_VC90_MFC_x86_x64 (Version: 1.00.0000 - Adobe) Hidden
Microsoft_VC90_MFCLOC_x86 (x32 Version: 1.00.0000 - Adobe) Hidden
Microsoft_VC90_MFCLOC_x86_x64 (Version: 1.00.0000 - Adobe) Hidden
MobileMe Control Panel (HKLM\...\{6DD01FF3-63CE-436B-96DB-61363EAA4EB8}) (Version: 3.1.8.0 - Apple Inc.)
MorphVOX Pro (HKLM-x32\...\{DE289787-7ECA-4BED-9D8C-99FAC407E3D6}) (Version: 4.3.13 - Screaming Bee)
MotoHelper 2.1.32 Driver 5.4.0 (HKLM-x32\...\MotoHelper) (Version: 2.1.32 - Motorola)
MotoHelper MergeModules (x32 Version: 1.2.0 - Motorola) Hidden
Motorola Mobile Drivers Installation 5.4.0 (Version: 5.4.0 - Motorola Inc.) Hidden
Movie Theme Pack for HP MediaSmart Video (HKLM-x32\...\InstallShield_{3023EBDA-BF1B-4831-B347-E5018555F26E}) (Version: 4.1.4030 - Hewlett-Packard)
Movie Theme Pack for HP MediaSmart Video (x32 Version: 4.1.4030 - Hewlett-Packard) Hidden
MSVCRT (x32 Version: 15.4.2862.0708 - Microsoft) Hidden
MSVCRT Redists (x32 Version: 1.0 - Sony Creative Software Inc.) Hidden
MSVCRT_amd64 (x32 Version: 15.4.2862.0708 - Microsoft) Hidden
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
MSXML 4.0 SP2 Parser and SDK (HKLM-x32\...\{716E0306-8318-4364-8B8F-0CC4E9376BAC}) (Version: 4.20.9818.0 - Microsoft Corporation)
Mumble 1.2.3 (HKLM-x32\...\{B4E343DD-BAAB-4D59-AD9C-DEA0AFE09DF1}) (Version: 1.2.3 - Thorvald Natvig)
Music Manager (HKCU\...\MusicManager) (Version: - Google, Inc.)
MyTraffic X 5.2 Simmarket Edition (HKLM-x32\...\MyTraffic X 5.2 Simmarket Edition) (Version: - )
NEMETH DESIGNS - Sikorski CH53-E (HKLM-x32\...\NEMETH DESIGNS - Sikorski CH53-E) (Version: 1.0 - simMarket.com)
Nemeth Designs Aerospatiale SA-2 Samson (Beta 2) (HKLM-x32\...\Nemeth Designs Aerospatiale SA-2 Samson (Beta 2)) (Version: - )
Network64 (Version: 140.0.212.000 - Hewlett-Packard) Hidden
Network64 (Version: 140.0.221.000 - Hewlett-Packard) Hidden
NOOK for PC (HKLM-x32\...\BN_DesktopReader) (Version: 2.5.5.9347 - Barnesandnoble.com)
NVIDIA 3D Vision Controller Driver 332.21 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB) (Version: 332.21 - NVIDIA Corporation)
NVIDIA 3D Vision Driver 332.21 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 332.21 - NVIDIA Corporation)
NVIDIA Control Panel 332.21 (Version: 332.21 - NVIDIA Corporation) Hidden
NVIDIA GeForce Experience 1.8.1 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 1.8.1 - NVIDIA Corporation)
NVIDIA Graphics Driver 332.21 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 332.21 - NVIDIA Corporation)
NVIDIA HD Audio Driver 1.3.30.1 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.30.1 - NVIDIA Corporation)
NVIDIA Install Application (Version: 2.1002.142.992 - NVIDIA Corporation) Hidden
NVIDIA LED Visualizer 1.0 (Version: 1.0 - NVIDIA Corporation) Hidden
NVIDIA Network Service (Version: 1.0 - NVIDIA Corporation) Hidden
NVIDIA PhysX (x32 Version: 9.13.0725 - NVIDIA Corporation) Hidden
NVIDIA PhysX System Software 9.13.0725 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.13.0725 - NVIDIA Corporation)
NVIDIA ShadowPlay 10.11.15 (Version: 10.11.15 - NVIDIA Corporation) Hidden
NVIDIA Stereoscopic 3D Driver (x32 Version: 7.17.13.3221 - NVIDIA Corporation) Hidden
NVIDIA Update 10.11.15 (Version: 10.11.15 - NVIDIA Corporation) Hidden
NVIDIA Update Core (Version: 10.11.15 - NVIDIA Corporation) Hidden
NVIDIA Virtual Audio 1.2.19 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_VirtualAudio.Driver) (Version: 1.2.19 - NVIDIA Corporation)
Octoshape add-in for Adobe Flash Player (HKCU\...\Octoshape add-in for Adobe Flash Player) (Version: - )
Online Plug-in (x32 Version: 14.1.0.0 - Citrix Systems, Inc.) Hidden
ooVoo (HKLM-x32\...\{FAA7F8FF-3C05-4A61-8F14-D8A6E9ED6623}) (Version: 3.5.9052 - ooVoo LLC.)
Opanda IExif 2.3 (HKLM-x32\...\Opanda IExif_is1) (Version: 2.3 - Opanda Studio)
OpenAL (HKLM-x32\...\OpenAL) (Version: - )
Origin (HKLM-x32\...\Origin) (Version: 9.2.1.4399 - Electronic Arts, Inc.)
Overwolf (HKLM-x32\...\Overwolf) (Version: 0.78.41.0 - Overwolf Ltd.)
Oxygen 2 Personal Edition Uninstall (HKLM-x32\...\Oxygen 2 Personal Edition) (Version: - )
P-51D Mustang v1.2 (HKLM-x32\...\P-51D Mustang v1.2) (Version: - )
Pamela Pro 4.8 (HKLM-x32\...\Pamela) (Version: 4.8 - Scendix Software-Vertriebsges. mbH)
PDF Complete Special Edition (HKLM-x32\...\PDF Complete) (Version: 3.5.111 - PDF Complete, Inc)
PDF Settings CS5 (x32 Version: 10.0 - Adobe Systems Incorporated) Hidden
Penguins! (x32 Version: 2.2.0.95 - WildTangent) Hidden
PhotoNow! (HKLM-x32\...\InstallShield_{D36DD326-7280-11D8-97C8-000129760CBE}) (Version: 1.1.6904 - CyberLink Corp.)
PhotoNow! (x32 Version: 1.1.6904 - CyberLink Corp.) Hidden
Picasa 3 (HKLM-x32\...\Picasa 3) (Version: 3.9 - Google, Inc.)
PictureMover (HKLM-x32\...\{264FE20A-757B-492a-B0C3-4009E2997D8A}) (Version: 3.5.0.28 - Hewlett-Packard Company)
PlanetSide 2 (HKLM-x32\...\Steam App 218230) (Version: - Sony Online Entertainment)
Plants vs. Zombies (x32 Version: 2.2.0.95 - WildTangent) Hidden
PlayReady PC Runtime amd64 (HKLM\...\{BCA9334F-B6C9-4F65-9A73-AC5A329A4D04}) (Version: 1.3.0 - Microsoft Corporation)
PMDG BAe JS4100 (HKLM-x32\...\{FB647DBE-2231-405D-AC36-C73246CBE305}) (Version: 1.00.0970 - PMDG Simulations, LLC.)
Poker Superstars III (x32 Version: 2.2.0.95 - WildTangent) Hidden
Polar Bowler (x32 Version: 2.2.0.95 - WildTangent) Hidden
Polar Golfer (x32 Version: 2.2.0.95 - WildTangent) Hidden
Pole to Pole FSX (HKLM-x32\...\Pole to Pole FSX) (Version: - )
POSKY Embraer ERJ 145 FSX (HKLM\...\{3DE32671-5023-4304-848A-16E912CA6D11}) (Version: FSX - Project Open Sky)
Power2Go (HKLM-x32\...\InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}) (Version: 6.1.4022 - CyberLink Corp.)
Power2Go (x32 Version: 6.1.4022 - CyberLink Corp.) Hidden
PowerDirector (HKLM-x32\...\InstallShield_{CB099890-1D5F-11D5-9EA9-0050BAE317E1}) (Version: 8.0.2906 - CyberLink Corp.)
PowerDirector (x32 Version: 8.0.2906 - CyberLink Corp.) Hidden
PR Mumble 1.0.0 (HKLM-x32\...\{AF8EEB05-8E9B-438B-B73B-DF9191DF29DD}) (Version: 1.0.0 - Project Reality Team)
PressReader (HKLM-x32\...\{912CED74-88D3-4C5B-ACB0-13231864975D}) (Version: 5.10.621.0 - NewspaperDirect Inc.)
Project Landrover Derfender (HKLM-x32\...\Project Landrover Derfender) (Version: - )
Project Reality: BF2 (HKLM-x32\...\Project Reality: BF2 (pr)_is1) (Version: 0973 - Project Reality)
PS_AIO_07_D110_SW_Min (x32 Version: 140.0.142.000 - Hewlett-Packard) Hidden
PunkBuster Services (HKLM-x32\...\PunkBusterSvc) (Version: 0.991 - Even Balance, Inc.)
QuickTime (HKLM-x32\...\{B67BAFBA-4C9F-48FA-9496-933E3B255044}) (Version: 7.74.80.86 - Apple Inc.)
Rainmeter (HKLM-x32\...\Rainmeter) (Version: 2.5 beta r1720 - )
Ralink RT2860 Wireless LAN Card (HKLM-x32\...\{8FC4F1DD-F7FD-4766-804D-3C8FF1D309B0}) (Version: - Ralink)
Razer Game Booster (HKLM-x32\...\{88F0F4FF-B514-4E32-9C17-CAF96D60EAFC}) (Version: 3.5.6.0 - Razer USA Ltd.)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6196 - Realtek Semiconductor Corp.)
Recovery Manager (x32 Version: 5.5.2926 - CyberLink Corp.) Hidden
Recuva (HKLM\...\Recuva) (Version: 1.44 - Piriform)
Red Orchestra 2: Heroes of Stalingrad Beta (HKLM-x32\...\Steam App 104320) (Version: - )
REX Essential Plus Overdrive (HKLM-x32\...\{9F30A684-44DC-4BDF-89ED-70F9021B851F}) (Version: 3.5.2012.1029 - REX Game Studios)
Rising Storm Beta (HKLM-x32\...\Steam App 224780) (Version: - )
Rising Storm/Red Orchestra 2 Multiplayer (HKLM-x32\...\Steam App 35450) (Version: - Tripwire Interactive)
Rockstar Games Social Club (HKLM-x32\...\{08B3869E-D282-424C-9AFC-870E04A4BA14}) (Version: 1.00.0000 - Rockstar Games)
Roxio CinemaNow 2.0 (x32 Version: 1.0.284 - Hewlett-Packard) Hidden
Saitek SST Programming Software (HKLM-x32\...\{967FB80D-56BD-42EF-A942-9E8C78F984A4}) (Version: 1.00.0000 - Saitek)
SAMSUNG USB Driver for Mobile Phones (HKLM\...\{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}) (Version: 1.5.24.999 - SAMSUNG Electronics Co., Ltd.)
Scan (x32 Version: 140.0.77.000 - Hewlett-Packard) Hidden
Screen Protractor (HKLM-x32\...\Screen Protractor) (Version: 4.0 - Iconico)
Seahawk & Jayhawk (HKCU\...\Seahawk & Jayhawk) (Version: - )
Self-service Plug-in (x32 Version: 4.1.0.41738 - Citrix Systems, Inc.) Hidden
Setup (x32 Version: 16.0.0.106 - Corel Corporation) Hidden
Share (x32 Version: 16.0.0.106 - Corel Corporation) Hidden
Share64 (Version: 16.0.0.106 - Corel Corporation) Hidden
SHIELD Streaming (Version: 1.6.85 - NVIDIA Corporation) Hidden
Six Updater (HKLM-x32\...\{AD42165D-FF3C-4975-A130-7AA2801AB5DD}) (Version: 2.09.7042 - Six Projects)
Smart Technology Programming Software 7.0.2.7 (HKLM\...\{6D41B4C4-FCD7-4F9B-99B9-A01F63F71F0F}) (Version: 7.0.2.7 - Mad Catz)
SmartSound Common Data (HKLM-x32\...\InstallShield_{B8A2869E-30CA-40C5-9CF8-BD7354E57EF8}) (Version: 1.1.0 - SmartSound Software Inc.)
SmartSound Common Data (x32 Version: 1.1.0 - SmartSound Software Inc.) Hidden
SmartSound Quicktracks 5 (HKLM-x32\...\InstallShield_{2F8BA3FD-1FA9-4279-B696-712ABB12F09F}) (Version: 5.1.6 - SmartSound Software Inc.)
SmartSound Quicktracks 5 (x32 Version: 5.1.6 - SmartSound Software Inc.) Hidden
Sound Tools Uninstall (HKLM-x32\...\Sound Tools) (Version: - )
Source SDK Base 2006 (HKLM-x32\...\Steam App 215) (Version: - Valve)
Space Engineers (HKLM-x32\...\Steam App 244850) (Version: - )
Space Shuttle (HKLM-x32\...\SPACESHUTTLE) (Version: 1.0.00 - © 1999-2006 Captain Sim)
Spotify (HKCU\...\Spotify) (Version: 0.8.5.1333.g822e0de8 - Spotify AB)
Spyware Terminator 2012 (HKLM-x32\...\{56736259-613E-4A3B-B428-6235F2E76F44}_is1) (Version: 3.0.0.50 - Crawler.com)
Steam (HKLM-x32\...\{048298C9-A4D3-490B-9FF9-AB023A9238F3}) (Version: 1.0.0.0 - Valve Corporation)
Super GameHouse Solitaire (HKLM-x32\...\am-supergamehousesolitaire) (Version: - )
SUPERAntiSpyware (HKLM\...\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}) (Version: 5.0.1108 - SUPERAntiSpyware.com)
Tarawa Class LHA's (HKLM-x32\...\Tarawa Class LHA's1.1) (Version: 1.1 - FSAddon Publishing)
Team Fortress 2 (HKLM-x32\...\Steam App 440) (Version: - Valve)
TeamSpeak 3 Client (HKCU\...\TeamSpeak 3 Client) (Version: 3.0.6 - TeamSpeak Systems GmbH)
TeamViewer 9 (HKLM-x32\...\TeamViewer 9) (Version: 9.0.31064 - TeamViewer)
Text-o-Matic (HKLM-x32\...\Text-o-Matic) (Version: - )
TexView 2 Uninstall (HKLM-x32\...\TexView 2) (Version: - )
The Recipe Processor 2000 VR 8.2 Shareware (HKLM-x32\...\ST6UNST #1) (Version: - )
TJSJ San Juan FSX (HKLM-x32\...\TJSJ San Juan FSX) (Version: - )
Toolbox (x32 Version: 140.0.424.000 - Hewlett-Packard) Hidden
TP-LINK Wireless Configuration Utility (HKLM-x32\...\{319D91C6-3D44-436C-9F79-36C0D22372DC}) (Version: 1.0.0 - TP-LINK)
Tunngle beta (HKLM-x32\...\Tunngle beta_is1) (Version: - Tunngle.net GmbH)
TurboTax 2010 (HKLM-x32\...\TurboTax 2010) (Version: - Intuit, Inc)
TurboTax 2010 WinPerFedFormset (x32 Version: 010.000.4227 - Intuit Inc.) Hidden
TurboTax 2010 WinPerReleaseEngine (x32 Version: 010.000.0483 - Intuit Inc.) Hidden
TurboTax 2010 WinPerTaxSupport (x32 Version: 010.000.0214 - Intuit Inc.) Hidden
TurboTax 2010 wnyiper (x32 Version: 010.000.1424 - Intuit Inc.) Hidden
TurboTax 2010 wrapper (x32 Version: 010.000.0157 - Intuit Inc.) Hidden
TurboTax 2011 (HKLM-x32\...\TurboTax 2011) (Version: - Intuit, Inc)
TurboTax 2011 WinPerFedFormset (x32 Version: 011.000.3351 - Intuit Inc.) Hidden
TurboTax 2011 WinPerReleaseEngine (x32 Version: 011.000.0496 - Intuit Inc.) Hidden
TurboTax 2011 WinPerTaxSupport (x32 Version: 011.000.0222 - Intuit Inc.) Hidden
TurboTax 2011 wnyiper (x32 Version: 011.000.1628 - Intuit Inc.) Hidden
TurboTax 2011 wrapper (x32 Version: 011.000.0121 - Intuit Inc.) Hidden
TurboTax 2012 (HKLM-x32\...\TurboTax 2012) (Version: 2012.0 - Intuit, Inc)
TurboTax 2012 WinPerFedFormset (x32 Version: 012.000.2114 - Intuit Inc.) Hidden
TurboTax 2012 WinPerReleaseEngine (x32 Version: 012.000.0451 - Intuit Inc.) Hidden
TurboTax 2012 WinPerTaxSupport (x32 Version: 012.000.0179 - Intuit Inc.) Hidden
TurboTax 2012 wnyiper (x32 Version: 012.000.1503 - Intuit Inc.) Hidden
TurboTax 2012 wrapper (x32 Version: 012.000.0127 - Intuit Inc.) Hidden
TurboTax 2013 (HKLM-x32\...\TurboTax 2013) (Version: 2013.0 - Intuit, Inc)
TurboTax 2013 WinPerFedFormset (x32 Version: 013.000.1986 - Intuit Inc.) Hidden
TurboTax 2013 WinPerReleaseEngine (x32 Version: 013.000.0492 - Intuit Inc.) Hidden
TurboTax 2013 WinPerTaxSupport (x32 Version: 013.000.0168 - Intuit Inc.) Hidden
TurboTax 2013 wnyiper (x32 Version: 013.000.1366 - Intuit Inc.) Hidden
TurboTax 2013 wrapper (x32 Version: 013.000.0135 - Intuit Inc.) Hidden
Ultimate Airliners - The Super 80 (HKLM-x32\...\Ultimate Airliners - The Super 80) (Version: - )
Ultimate Terrain X - USA (HKCU\...\Ultimate Terrain X - USA) (Version: - )
Update for Microsoft Office 2010 (KB2494150) (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{3FCFD88F-4D13-4F38-8625-ABABEA7F61EA}) (Version: - Microsoft)
Update for Microsoft Office 2010 (KB2553065) (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{A8686D24-1E89-43A1-973E-05A258D2B3F8}) (Version: - Microsoft)
Update for Microsoft Office 2010 (KB2553181) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{48E1B6C2-7299-4F3F-AA63-42F0ACE55AA4}) (Version: - Microsoft)
Update for Microsoft Office 2010 (KB2553267) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{18B3CF2A-73F7-4716-B1AE-86D68726D408}) (Version: - Microsoft)
Update for Microsoft Office 2010 (KB2553310) 32-Bit Edition (HKLM-x32\...\{90140000-006E-0409-0000-0000000FF1CE}_Office14.SingleImage_{73E67A3A-8D61-44EF-90C2-1697C3DBE668}) (Version: - Microsoft)
Update for Microsoft Office 2010 (KB2553378) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{14B7142F-D7E2-4FB0-9E3B-7CAA8D7FFC56}) (Version: - Microsoft)
Update for Microsoft Office 2010 (KB2566458) (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{EFB525A0-E1C0-4E32-9968-FE401BC87363}) (Version: - Microsoft)
Update for Microsoft Office 2010 (KB2596964) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{ED31DE9A-3E13-4E2C-9106-E0D8AFFB9FA6}) (Version: - Microsoft)
Update for Microsoft Office 2010 (KB2598242) 32-Bit Edition (HKLM-x32\...\{90140000-001F-0409-0000-0000000FF1CE}_Office14.SingleImage_{C4F26A9B-B121-4135-8084-A0D9C780C7C8}) (Version: - Microsoft)
Update for Microsoft Office 2010 (KB2598242) 32-Bit Edition (HKLM-x32\...\{90140000-001F-040C-0000-0000000FF1CE}_Office14.SingleImage_{460FF681-BC66-4C38-99DF-7012E03F1EBA}) (Version: - Microsoft)
Update for Microsoft Office 2010 (KB2598242) 32-Bit Edition (HKLM-x32\...\{90140000-001F-0C0A-0000-0000000FF1CE}_Office14.SingleImage_{C633216E-FF30-45B6-B2AB-21922A9353EF}) (Version: - Microsoft)
Update for Microsoft Office 2010 (KB2687503) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{B1FA5E8C-2342-45AF-8A62-5E860042F8DF}) (Version: - Microsoft)
Update for Microsoft Office 2010 (KB2687509) 32-Bit Edition (HKLM-x32\...\{90140000-002A-0000-1000-0000000FF1CE}_Office14.SingleImage_{1CBEDB37-C438-473F-8BA0-2535B0D237E2}) (Version: - Microsoft)
Update for Microsoft Office 2010 (KB2687509) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{1CBEDB37-C438-473F-8BA0-2535B0D237E2}) (Version: - Microsoft)
Update for Microsoft Office 2010 (KB2760631) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{35698CB7-AAA2-4577-B505-DBFF504AEF23}) (Version: - Microsoft)
Update for Microsoft Office 2010 (KB2767886) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{9CFD026D-EB1C-48C2-9DD2-8E8875F251B2}) (Version: - Microsoft)
Update for Microsoft OneNote 2010 (KB2553290) 32-Bit Edition (HKLM-x32\...\{90140000-00A1-0409-0000-0000000FF1CE}_Office14.SingleImage_{9865DC3A-2898-48D9-B96A-46397571C934}) (Version: - Microsoft)
Update for Microsoft Outlook 2010 (KB2597090) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{F1CBE095-403D-466D-BB13-B185A5F33231}) (Version: - Microsoft)
Update for Microsoft Outlook 2010 (KB2687623) 32-Bit Edition (HKLM-x32\...\{90140000-001A-0409-0000-0000000FF1CE}_Office14.SingleImage_{47894754-0FEC-4920-9A65-6C1E732587AC}) (Version: - Microsoft)
Update for Microsoft Outlook Social Connector 2010 (KB2553406) 32-Bit Edition (HKLM-x32\...\{90140000-001A-0409-0000-0000000FF1CE}_Office14.SingleImage_{1EEFF749-6F29-4F0B-AB08-4C6EA52AA110}) (Version: - Microsoft)
Update for Microsoft Outlook Social Connector 2010 (KB2553406) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{BC6DFBFD-16DD-47E1-A7EF-2C062930FA4F}) (Version: - Microsoft)
Update for Microsoft PowerPoint 2010 (KB2598240) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{6B6DDDCE-B456-4FE1-9A07-DBC1708E4158}) (Version: - Microsoft)
Update for Microsoft SharePoint Workspace 2010 (KB2589371) 32-Bit Edition (HKLM-x32\...\{90140000-002A-0000-1000-0000000FF1CE}_Office14.SingleImage_{5DA2D071-A54C-47C0-83E5-43C63DBFD936}) (Version: - Microsoft)
Update Installer for WildTangent Games App (x32 Version: - WildTangent) Hidden
Uplay (HKLM-x32\...\Uplay) (Version: 2.0 - Ubisoft)
VAT-Spy (HKLM-x32\...\VATSpy) (Version: - )
Vegas Pro 11.0 (HKLM-x32\...\{6AEFCA01-8DF1-11E1-A17B-F04DA23A5C58}) (Version: 11.0.682 - Sony)
Ventrilo Client for Windows x64 (HKLM\...\{EEB3F6BB-318D-4CE5-989F-8191FCBFB578}) (Version: 3.0.8.0 - Flagship Industries, Inc.)
Verizon Wireless Software Utility Application for Android - Samsung (HKLM-x32\...\{2E6FA5CA-1597-4219-AF62-D9B061E7C448}) (Version: 2.13.1101 - Samsung Electronics Co., Ltd.)
Virtual Audio Cable 4.12 (HKLM\...\Virtual Audio Cable 4.12) (Version: - )
Virtual Cockpit Server for DCS World (HKLM\...\{8DAF6F68-3AB9-4904-8014-48D952E27116}) (Version: 5.0.360 - Bit Shift Software, LLC)
Virtual Families (x32 Version: 2.2.0.95 - WildTangent) Hidden
Virtual Villagers - The Secret City (x32 Version: 2.2.0.95 - WildTangent) Hidden
VirtualCloneDrive (HKLM-x32\...\VirtualCloneDrive) (Version: - Elaborate Bytes)
Visitor 3 Uninstall (HKLM-x32\...\Visitor 3) (Version: - )
VRS F/A-18E Superbug X (HKLM-x32\...\{0F1F6144-F13A-433D-B66E-129C5E8D504B}_is1) (Version: 1.0.5.1 - Vertical Reality Simulations)
VSClassic (x32 Version: 16.0.0.106 - Corel Corporation) Hidden
VSHelp (x32 Version: 16.0.0.106 - Corel Corporation) Hidden
VSPro (x32 Version: 16.0.0.106 - Corel Corporation) Hidden
War Thunder Launcher 1.0.1.148 (HKLM-x32\...\{ed8deea4-29fa-3932-9612-e2122d8a62d9}}_is1) (Version: - 2012 Gaijin Entertainment Corporation)
Wheel of Fortune 2 (x32 Version: 2.2.0.95 - WildTangent) Hidden
WildTangent Games App (HKLM-x32\...\{70B446D1-E03B-4ab0-9B3C-0832142C9AA8}.WildTangent Games App-wildgames) (Version: 4.0.5.14 - WildTangent)
WildTangent Games App (HP Games) (HKLM-x32\...\{70B446D1-E03B-4ab0-9B3C-0832142C9AA8}.WildTangent Games App-hp) (Version: 4.0.5.14 - WildTangent)
WinDirStat 1.1.2 (HKCU\...\WinDirStat) (Version: - )
Windows Live Communications Platform (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3502.0922 - Microsoft Corporation)
Windows Live Essentials (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live ID Sign-in Assistant (Version: 7.250.4225.0 - Microsoft Corporation) Hidden
Windows Live Installer (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Language Selector (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Mail (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Messenger (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live MIME IFilter (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Movie Maker (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Photo Common (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Photo Gallery (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live PIMT Platform (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live SOXE (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live SOXE Definitions (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Sync (HKLM-x32\...\{84EBDF39-4B33-49D7-A0BD-EB6E2C4E81C1}) (Version: 14.0.8089.726 - Microsoft Corporation)
Windows Live UX Platform (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live UX Platform Language Pack (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Writer (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Writer Resources (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Media Encoder 9 Series (HKLM-x32\...\Windows Media Encoder 9) (Version: - )
Windows Media Encoder 9 Series (x32 Version: 9.00.2980 - Microsoft Corporation) Hidden
WinRAR 4.00 (64-bit) (HKLM\...\WinRAR archiver) (Version: 4.00.0 - win.rar GmbH)
WinRAR 4.01 (32-bit) (HKLM-x32\...\WinRAR archiver) (Version: 4.01.0 - win.rar GmbH)
WinSCP 4.3.3 (HKLM-x32\...\winscp3_is1) (Version: 4.3.3 - Martin Prikryl)
WModem Driver Installer (HKLM-x32\...\HTC_WModemDriver) (Version: 2.0.6.9 - HTC)
Wondershare MobileGo for Android ( Version 4.1.1 ) (HKLM-x32\...\{1E04C795-7359-4E05-8A0E-5644F777AA08}_is1) (Version: 4.1.1 - Wondershare)
WOT for Internet Explorer (HKLM-x32\...\{1D10C273-3F95-42A2-8371-AB6B1F59821B}) (Version: 10.12.20.0 - WOT Services Oy)
Yahoo! Software Update (HKLM-x32\...\Yahoo! Software Update) (Version: - )
Zinio Reader 4 (HKLM-x32\...\ZinioReader4.9310D8F796442B71068C511E15D70529A702D19D.1) (Version: 4.0.2811 - Zinio LLC)
Zinio Reader 4 (x32 Version: 4.0.2811 - Zinio LLC) Hidden
Zuma Deluxe (x32 Version: 2.2.0.95 - WildTangent) Hidden
ZumoCast (HKLM-x32\...\ZumoCast) (Version: - )

==================== Custom CLSID (selected items): ==========================
(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)
CustomCLSID: HKU\S-1-5-21-2625895798-646920419-2108830663-1001_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Users\Gershman Family\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2625895798-646920419-2108830663-1001_Classes\CLSID\{355EC88A-02E2-4547-9DEE-F87426484BD1}\InprocServer32 -> C:\USERS\GERSHMAN FAMILY\APPDATA\LOCAL\GOOGLE\UPDATE\1.3.23.9\psuser_64.dll No File
CustomCLSID: HKU\S-1-5-21-2625895798-646920419-2108830663-1001_Classes\CLSID\{90B3DFBF-AF6A-4EA0-8899-F332194690F8}\InprocServer32 -> C:\USERS\GERSHMAN FAMILY\APPDATA\LOCAL\GOOGLE\UPDATE\1.3.24.15\psuser_64.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-2625895798-646920419-2108830663-1001_Classes\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}\InprocServer32 -> C:\Users\Gershman Family\AppData\Local\Microsoft\SkyDrive\17.0.2003.1112\amd64\SkyDriveShell64.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-2625895798-646920419-2108830663-1001_Classes\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524}\InprocServer32 -> C:\Users\Gershman Family\AppData\Local\Microsoft\SkyDrive\17.0.2003.1112\amd64\SkyDriveShell64.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-2625895798-646920419-2108830663-1001_Classes\CLSID\{CB3D0F55-BC2C-4C1A-85ED-23ED75B5106B}\InprocServer32 -> C:\Users\Gershman Family\AppData\Local\Microsoft\SkyDrive\17.0.2003.1112\amd64\SkyDriveShell64.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-2625895798-646920419-2108830663-1001_Classes\CLSID\{E8CF3E55-F919-49D9-ABC0-948E6CB34B9F}\InprocServer32 -> C:\USERS\GERSHMAN FAMILY\APPDATA\LOCAL\GOOGLE\UPDATE\1.3.24.15\psuser_64.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-2625895798-646920419-2108830663-1001_Classes\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A}\InprocServer32 -> C:\Users\Gershman Family\AppData\Local\Microsoft\SkyDrive\17.0.2003.1112\amd64\SkyDriveShell64.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-2625895798-646920419-2108830663-1001_Classes\CLSID\{F8071786-1FD0-4A66-81A1-3CBE29274458}\InprocServer32 -> C:\Users\Gershman Family\AppData\Local\Microsoft\SkyDrive\17.0.2003.1112\amd64\FileSyncApi64.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-2625895798-646920419-2108830663-1001_Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Gershman Family\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2625895798-646920419-2108830663-1001_Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Gershman Family\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2625895798-646920419-2108830663-1001_Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Gershman Family\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2625895798-646920419-2108830663-1001_Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Gershman Family\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2625895798-646920419-2108830663-1001_Classes\CLSID\{FE498BAB-CB4C-4F88-AC3F-3641AAAF5E9E}\InprocServer32 -> C:\USERS\GERSHMAN FAMILY\APPDATA\LOCAL\GOOGLE\UPDATE\1.3.24.7\psuser_64.dll No File

==================== Restore Points =========================
==================== Hosts content: ==========================
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
2012-09-18 03:10 - 2012-09-18 03:21 - 00000852 ____A C:\Windows\system32\Drivers\etc\hosts
127.0.8.1 activate.adobe.com

==================== Scheduled Tasks (whitelisted) =============
(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)
Task: {0CB9ED11-EAB5-4D02-99F4-F0F3FAAFA884} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2010-12-04] (Google Inc.)
Task: {1CEFF199-B811-41B1-AA7D-D792C690DA42} - System32\Tasks\LEVDFWSI => Rundll32.exe "C:\Windows\SysWOW64\msacm32C.dll",bjyqhkwwq
Task: {1ECE3E74-8252-4122-8438-E5090F44EE45} - \RegClean Pro_UPDATES No Task File <==== ATTENTION
Task: {2222A8FF-63A0-4497-8FBB-951E0BD74EB9} - \Browser Manager No Task File <==== ATTENTION
Task: {22E11FF8-15D5-432A-918B-02FDA9279089} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-08-30] (Adobe Systems Incorporated)
Task: {29500F54-C0BC-4465-9965-A81BF87177A2} - System32\Tasks\avast! Emergency Update => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe [2014-08-11] (AVAST Software)
Task: {2B16A92C-AD5E-453C-8642-526B2D0A7B07} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Assistant Quick Start => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2013-11-04] (Hewlett-Packard Company)
Task: {2BFFE710-2A63-4EC3-9878-60AB1F0F5BE6} - System32\Tasks\Hewlett-Packard\HP Support Assistant\WarrantyChecker_DeviceScan => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPWarrantyChecker.exe [2014-08-04] (Hewlett-Packard)
Task: {2E216EB6-17F1-472E-8449-E78D0CB55858} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-2625895798-646920419-2108830663-1001Core => C:\Users\Gershman Family\AppData\Local\Google\Update\GoogleUpdate.exe [2010-12-04] (Google Inc.)
Task: {2FD8C741-1B3E-4D98-B756-75E92E7FCD48} - System32\Tasks\HPCeeScheduleForBen => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2011-07-15] (Hewlett-Packard)
Task: {30754B41-26E0-46B1-BA80-3A010241488F} - System32\Tasks\{B8F2BFDB-D459-4DF2-9856-DA7BC5FB9A75} => Chrome.exe http://ui.skype.com/ui/0/4.1.0.179.271/en/abandoninstall?page=tsMain&amp;installinfo=google-toolbar:notoffered;notincluded,google-chrome:notoffered;notincluded
Task: {364C49CB-7B04-46A1-ACEA-F7364AFE3D7B} - System32\Tasks\{40025CA0-AD07-4B85-B191-8E62BED78153} => Chrome.exe http://ui.skype.com/ui/0/4.1.0.179.271/en/abandoninstall?page=tsMain&amp;installinfo=google-toolbar:notoffered;notincluded,google-chrome:notoffered;notincluded
Task: {38698D07-7372-4C84-A12F-BD24CBC092BB} - System32\Tasks\FacebookUpdateTaskUserS-1-5-21-2625895798-646920419-2108830663-1001UA => C:\Users\Gershman Family\AppData\Local\Facebook\Update\FacebookUpdate.exe
Task: {42A6DD8B-B5AB-444D-897C-A402F930A2EB} - System32\Tasks\Overwolf Updater Task => C:\Program Files (x86)\Overwolf\OverwolfUpdater.exe [2014-08-06] (Overwolf LTD)
Task: {457A65E4-5A64-4278-B1D1-6E46AF9DF4CA} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-2625895798-646920419-2108830663-1001UA => C:\Users\Gershman Family\AppData\Local\Google\Update\GoogleUpdate.exe [2010-12-04] (Google Inc.)
Task: {48F4E408-41C4-471B-BCFF-BAB5101BA31B} - \RegClean Pro No Task File <==== ATTENTION
Task: {52812974-2327-4D71-8527-B0D2307D8592} - System32\Tasks\FacebookUpdateTaskUserS-1-5-21-2625895798-646920419-2108830663-1008Core => C:\Users\Ben\AppData\Local\Facebook\Update\FacebookUpdate.exe [2013-01-27] (Facebook Inc.)
Task: {568CABCE-1D14-4561-A441-12791C1B41AA} - System32\Tasks\FreeFileViewerUpdateChecker => C:\Program Files (x86)\FreeFileViewer\FFVCheckForUpdates.exe [2011-03-11] (Bitberry Software) <==== ATTENTION
Task: {59810F09-5CCD-4A70-B455-4D0C56739FB8} - System32\Tasks\Microsoft\Windows\WindowsBackup\AutomaticBackup => Rundll32.exe /d sdengin2.dll,ExecuteScheduledBackup
Task: {5EE931D5-6E93-4909-B8C0-8DB6D735824D} - System32\Tasks\{1549AFB9-F341-4052-9E31-779B10DD81D5} => Chrome.exe http://ui.skype.com/ui/0/4.1.0.179.271/en/abandoninstall?page=tsMain&amp;installinfo=google-toolbar:notoffered;notincluded,google-chrome:notoffered;notincluded
Task: {603C9426-6175-4032-959B-8A40D4E5CD4E} - System32\Tasks\ServicePlan => C:\Program Files (x86)\Hewlett-Packard\HP Setup\RemEngine.exe [2010-05-25] ()
Task: {62073C1F-095B-42E2-8AD6-7177893DA8C3} - System32\Tasks\Hewlett-Packard\HP Assistant\HPSA Upgrade => C:\ProgramData\Hewlett-Packard\HPSAUpgrade3\HpSAUpgrade.exe [2011-08-11] (Hewlett-Packard)
Task: {64225B3B-31C2-47BD-A7A8-E0FFAC3AD9A7} - System32\Tasks\FacebookUpdateTaskUserS-1-5-21-2625895798-646920419-2108830663-1008UA => C:\Users\Ben\AppData\Local\Facebook\Update\FacebookUpdate.exe [2013-01-27] (Facebook Inc.)
Task: {70DEF0DF-FA1B-429B-B965-11BFF144D5C5} - System32\Tasks\MotoHelper Routing => C:\Program Files (x86)\Motorola\MotoHelper\MotoHelperUpdate.exe [2011-12-06] ()
Task: {7DB982FE-E770-4823-ACE0-9AA928EC5C36} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-2625895798-646920419-2108830663-1008UA => C:\Users\Ben\AppData\Local\Google\Update\GoogleUpdate.exe [2013-02-07] (Google Inc.)
Task: {864D09F5-1AE5-4C5D-A8FC-FB70F7B4A191} - System32\Tasks\MotoHelper Initial Update => C:\Program Files (x86)\Motorola\MotoHelper\MotoHelperUpdate.exe [2011-12-06] ()
Task: {871DEB06-D14B-4BB1-86C4-52E3CDADC2AE} - System32\Tasks\HPCeeScheduleForGershman Family => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2011-07-15] (Hewlett-Packard)
Task: {8E4D5736-F1D9-45A6-8707-D2BBDB520AD7} - System32\Tasks\{9238A5FB-09E6-48F4-BE12-00ED0E441692} => Chrome.exe http://ui.skype.com/ui/0/4.1.0.179.271/en/abandoninstall?page=tsMain&amp;installinfo=google-toolbar:notoffered;notincluded,google-chrome:notoffered;notincluded
Task: {9021A660-957E-42D4-95DB-C98CCCCBC71D} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe
Task: {94F6FECA-53F3-49F1-8205-1E5E6293F915} - System32\Tasks\{F1A34D0A-B185-4E41-B4DE-F770A22AD73B} => Chrome.exe http://ui.skype.com/ui/0/4.1.0.179.271/en/go/help.faq.installer?LastError=1603
Task: {95B1476C-F7FC-4A19-A2EF-87E6144C30CB} - System32\Tasks\Microsoft_Hardware_Launch_IPoint_exe => C:\Program Files\Microsoft IntelliPoint\IPoint.exe
Task: {9CED1EDD-C1B0-434F-9C47-0B21DCDE9B64} - System32\Tasks\{7EBDC37A-D3A6-48F2-B18F-5E118A0E4514} => C:\Program Files (x86)\SIX Projects\Six Updater\Six Updater GUI.exe [2014-01-15] (SIX Projects)
Task: {A7865010-657E-408D-AF6D-A26E8ED6216E} - System32\Tasks\Razer_Game_Booster_AutoUpdate => C:\Program Files (x86)\Razer\Razer Game Booster\AutoUpdate.exe [2012-11-13] ()
Task: {AC4857EB-3497-47C9-99EC-CF968E5A58DB} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-2625895798-646920419-2108830663-1008Core => C:\Users\Ben\AppData\Local\Google\Update\GoogleUpdate.exe [2013-02-07] (Google Inc.)
Task: {ADE96D61-61C0-4E20-8FEF-742948C58052} - System32\Tasks\AdobeAAMUpdater-1.0-MONGO-II-Gershman Family => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [2011-03-15] (Adobe Systems Incorporated)
Task: {B4AF9639-712D-43A8-A68B-1725CD0CD4A5} - System32\Tasks\{6697E12D-BA55-47E8-B808-AA7C58EC4202} => Chrome.exe http://ui.skype.com/ui/0/4.1.0.179.271/fr/abandoninstall?page=tsMain&amp;installinfo=google-toolbar:notoffered;notincluded,google-chrome:notoffered;notincluded
Task: {B6B2D774-D6A3-47BC-BC7C-A5CC3CC89346} - System32\Tasks\{9B358590-A601-4011-83F6-645EAE60272C} => C:\Program Files (x86)\Easy Phone Tunes\Easy Phone Tunes.exe [2011-07-30] ()
Task: {BB4A4869-66BC-4E86-ACE2-24EBC82DCEC3} - System32\Tasks\{855B8E89-A965-4D9F-AF04-F02BDF069C1B} => Chrome.exe http://ui.skype.com/ui/0/6.3.0.105/en/abandoninstall?page=tsProgressBar
Task: {BB97E873-7EE5-4ADE-91EF-0D827F4B25C5} - System32\Tasks\MotoHelper Update => C:\Program Files (x86)\Motorola\MotoHelper\MotoHelperUpdate.exe [2011-12-06] ()
Task: {C7F0BECF-FEAE-4ABF-860B-951286E2A020} - System32\Tasks\Hewlett-Packard\HP Support Assistant\Update Check => C:\ProgramData\Hewlett-Packard\HP Support Framework\Resources\Updater7\HPSFUpdater.exe [2014-05-12] (Hewlett-Packard Company)
Task: {D35B08DB-FAC6-43ED-943D-0D28531AB621} - \Scheduled Update for Ask Toolbar No Task File <==== ATTENTION
Task: {D5116C1F-BBB1-48B6-BDCC-6F61A37619CF} - System32\Tasks\FacebookUpdateTaskUserS-1-5-21-2625895798-646920419-2108830663-1001Core => C:\Users\Gershman Family\AppData\Local\Facebook\Update\FacebookUpdate.exe
Task: {D6B5F881-C34F-4B57-8DCB-BB86695DA37E} - System32\Tasks\KWVacuum => C:\Program Files (x86)\Computer Business Solutions\KidsWatch\KidsWatch.exe [2013-06-18] (Computer Business Solutions, Inc.)
Task: {DFF0DA44-494B-4A0D-A267-F0A0B024C7F8} - \ProgramUpdateCheck No Task File <==== ATTENTION
Task: {E24B799B-3C14-4EFE-B861-C9F4B92FD181} - \FinalTorrent Update Checker No Task File <==== ATTENTION
Task: {E6767FD1-8CF8-4110-B2B5-9D4937A5B675} - System32\Tasks\MotoHelper MUM => C:\Program Files (x86)\Motorola\MotoHelper\MotoHelperUpdate.exe [2011-12-06] ()
Task: {EA6E2D18-0F9A-4097-B1CF-214EFF3CB877} - System32\Tasks\{DFEF38D9-8981-4582-A6CB-9BCC5BDF0E4D} => Chrome.exe http://ui.skype.com/ui/0/4.1.0.179.271/en/abandoninstall?page=tsMain&amp;installinfo=google-toolbar:notoffered;notincluded,google-chrome:notoffered;notincluded
Task: {F5CBBE22-F936-48D6-9856-C9D1B5CECA3D} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2010-12-04] (Google Inc.)
Task: {F78F45E8-3BF2-48CF-8AB9-AE8F6A7EA727} - System32\Tasks\Hewlett-Packard\HP Support Assistant\PC Health Analysis => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2013-11-04] (Hewlett-Packard Company)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2625895798-646920419-2108830663-1001Core.job => C:\Users\Gershman Family\AppData\Local\Facebook\Update\FacebookUpdate.exe
Task: C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2625895798-646920419-2108830663-1001UA.job => C:\Users\Gershman Family\AppData\Local\Facebook\Update\FacebookUpdate.exe
Task: C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2625895798-646920419-2108830663-1008Core.job => C:\Users\Ben\AppData\Local\Facebook\Update\FacebookUpdate.exe
Task: C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2625895798-646920419-2108830663-1008UA.job => C:\Users\Ben\AppData\Local\Facebook\Update\FacebookUpdate.exe
Task: C:\Windows\Tasks\FreeFileViewerUpdateChecker.job => C:\Program Files (x86)\FreeFileViewer\FFVCheckForUpdates.exe <==== ATTENTION
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2625895798-646920419-2108830663-1001Core.job => C:\Users\Gershman Family\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2625895798-646920419-2108830663-1001UA.job => C:\Users\Gershman Family\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2625895798-646920419-2108830663-1008Core.job => C:\Users\Ben\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2625895798-646920419-2108830663-1008UA.job => C:\Users\Ben\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\HPCeeScheduleForBen.job => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe
Task: C:\Windows\Tasks\HPCeeScheduleForGershman Family.job => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe
Task: C:\Windows\Tasks\KWVacuum.job => C:\Program Files (x86)\Computer Business Solutions\KidsWatch\KidsWatch.exe
Task: C:\Windows\Tasks\LEVDFWSI.job => ?

==================== Loaded Modules (whitelisted) =============
2013-01-05 15:53 - 2013-12-19 14:53 - 00117536 _____ () C:\PROGRAM FILES\NVIDIA CORPORATION\DISPLAY\NvSmartMax64.dll
2011-12-06 17:00 - 2011-12-06 17:00 - 00214896 _____ () C:\Program Files (x86)\Motorola\MotoHelper\MotoHelperService.exe
2011-12-06 17:00 - 2011-12-06 17:00 - 00784240 _____ () C:\Program Files (x86)\Motorola\MotoHelper\MotoHelperAgent.exe
2014-05-29 15:42 - 2014-05-29 15:42 - 00076888 _____ () C:\Windows\system32\PnkBstrA.exe
2010-06-24 17:04 - 2010-06-24 17:04 - 00394544 ____R () C:\PROGRAM FILES\IOMEGA\QUIKPROTECT\QpMonitor.exe
2013-12-18 23:56 - 2013-12-09 22:15 - 00093984 _____ () C:\PROGRAM FILES\NVIDIA CORPORATION\SHADOWPLAY\gamecaster64.dll
2013-12-18 23:56 - 2013-12-09 22:15 - 00874784 _____ () C:\PROGRAM FILES\NVIDIA CORPORATION\SHADOWPLAY\twitchsdk64.dll
2014-08-11 22:27 - 2014-08-11 22:27 - 00301152 _____ () C:\Program Files\AVAST Software\Avast\aswProperty.dll
2014-08-31 17:42 - 2014-08-31 17:42 - 02805248 _____ () C:\Program Files\AVAST Software\Avast\defs\14083101\algo.dll
2011-01-17 13:07 - 2009-10-23 13:31 - 00038912 _____ () C:\Program Files (x86)\Amazon\Amazon Games & Software Downloader\utility.dll
2014-08-11 22:27 - 2014-08-11 22:27 - 19329904 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll
2011-06-24 22:56 - 2011-06-24 22:56 - 00087328 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
2011-06-24 22:56 - 2011-06-24 22:56 - 01241888 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
2011-03-17 00:11 - 2011-03-17 00:11 - 04297568 _____ () C:\Program Files (x86)\Common Files\Microsoft Shared\office14\Cultures\office.odf
2010-12-21 01:15 - 2010-12-21 01:15 - 01041248 _____ () C:\Program Files (x86)\Microsoft Office\Office14\ADDINS\UmOutlookAddin.dll
2011-01-17 13:11 - 2011-01-17 13:11 - 00854016 _____ () C:\Windows\assembly\GAC_32\System.Data.SQLite\1.0.61.0__db937bc2d44ff139\System.Data.SQLite.dll
2011-01-17 13:11 - 2011-01-17 13:11 - 00476520 _____ () C:\Windows\assembly\GAC_MSIL\Intuit.Spc.Map.Reporter\5.0.136.0__7ce6deabcb36a8ea\Intuit.Spc.Map.Reporter.dll
2010-12-20 15:04 - 2010-12-20 15:04 - 01671840 _____ () C:\Program Files (x86)\WOT\WOT.dll

==================== Alternate Data Streams (whitelisted) =========
(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)
AlternateDataStreams: C:\ProgramData\Temp:430C6D84
AlternateDataStreams: C:\ProgramData\Temp:74603393
AlternateDataStreams: C:\ProgramData\Temp:DFC5A2B2
AlternateDataStreams: C:\Users\Public\.DS_Store:AFP_AfpInfo

==================== Safe Mode (whitelisted) ===================
(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\CleanHlp => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\CleanHlp.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\CleanHlp => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\CleanHlp.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Hamachi2Svc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\TCFilter => ""=""

==================== EXE Association (whitelisted) =============
(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)
==================== MSCONFIG/TASK MANAGER disabled items =========
(Currently there is no automatic fix for this section.)
MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^MobileGo Service.lnk => C:\Windows\pss\MobileGo Service.lnk.CommonStartup
MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Online plug-in.lnk => C:\Windows\pss\Online plug-in.lnk.CommonStartup
MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Snapfish PictureMover.lnk => C:\Windows\pss\Snapfish PictureMover.lnk.CommonStartup
MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^TP-LINK Wireless Configuration Utility.lnk => C:\Windows\pss\TP-LINK Wireless Configuration Utility.lnk.CommonStartup
MSCONFIG\startupfolder: C:^Users^Ben^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Verizon Wireless Software Utility Application for Android – Samsung.lnk => C:\Windows\pss\Verizon Wireless Software Utility Application for Android – Samsung.lnk.Startup
MSCONFIG\startupfolder: C:^Users^Gershman Family^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Dropbox.lnk => C:\Windows\pss\Dropbox.lnk.Startup
MSCONFIG\startupfolder: C:^Users^Gershman Family^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^EvernoteClipper.lnk => C:\Windows\pss\EvernoteClipper.lnk.Startup
MSCONFIG\startupfolder: C:^Users^Gershman Family^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^MLB.TV NexDef Plug-in.lnk => C:\Windows\pss\MLB.TV NexDef Plug-in.lnk.Startup
MSCONFIG\startupfolder: C:^Users^Gershman Family^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^MyPC Backup.lnk => C:\Windows\pss\MyPC Backup.lnk.Startup
MSCONFIG\startupfolder: C:^Users^Gershman Family^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OneNote 2010 Screen Clipper and Launcher.lnk => C:\Windows\pss\OneNote 2010 Screen Clipper and Launcher.lnk.Startup
MSCONFIG\startupfolder: C:^Users^Gershman Family^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Rainmeter.lnk => C:\Windows\pss\Rainmeter.lnk.Startup
MSCONFIG\startupreg: 20131121 => C:\Program Files\AVAST Software\Avast\setup\emupdate\2c1baf52-2a18-4e82-97eb-c79e025a5744.exe /check
MSCONFIG\startupreg: 6F1E7247F8BF79B1CD1EE681BAA94D7D920527F7._service_run => "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=service
MSCONFIG\startupreg: Ad-Aware Antivirus => "C:\Program Files (x86)\Ad-Aware Antivirus\AdAwareLauncher" --windows-run
MSCONFIG\startupreg: Ad-Aware Browsing Protection => "C:\ProgramData\Ad-Aware Browsing Protection\adawarebp.exe"
MSCONFIG\startupreg: Adobe ARM => "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
MSCONFIG\startupreg: AdobeAAMUpdater-1.0 => "C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe"
MSCONFIG\startupreg: AdobeCS5.5ServiceManager => "C:\Program Files (x86)\Common Files\Adobe\CS5.5ServiceManager\CS5.5ServiceManager.exe" -launchedbylogin
MSCONFIG\startupreg: Aim => "C:\Program Files (x86)\AIM\aim.exe" /d locale=en-US
MSCONFIG\startupreg: Akamai NetSession Interface => "C:\Users\Gershman Family\AppData\Local\Akamai\netsession_win.exe"
MSCONFIG\startupreg: AmazonGSDownloaderTray => C:\Program Files (x86)\Amazon\Amazon Games & Software Downloader\AmazonGSDownloaderTray.exe
MSCONFIG\startupreg: AppleSyncNotifier => C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe
MSCONFIG\startupreg: APSDaemon => "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
MSCONFIG\startupreg: avgnt => "C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe" /min
MSCONFIG\startupreg: Bing Bar => "C:\Program Files (x86)\MSN Toolbar\Platform\5.0.1438.0\mswinext.exe"
MSCONFIG\startupreg: Browser Infrastructure Helper => C:\Users\Gershman Family\AppData\Local\Smartbar\Application\QuickShare.exe startup
MSCONFIG\startupreg: CCFile => C:\Program Files (x86)\CCFile\ccfile.exe -mini
MSCONFIG\startupreg: CitrixReceiver => "C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Citrix\Receiver Updater.lnk"
MSCONFIG\startupreg: ConduitFloatingPlugin_ffekppndigniegkobcngkdmaadbhhonj => "C:\Windows\SysWOW64\Rundll32.exe" "C:\Program Files (x86)\Conduit\CT3306058\plugins\TBVerifier.dll",RunConduitFloatingPlugin ffekppndigniegkobcngkdmaadbhhonj
MSCONFIG\startupreg: ConnectionCenter => "C:\Program Files (x86)\Citrix\ICA Client\concentr.exe" /startup
MSCONFIG\startupreg: drkly16j => rundll32.exe drkly16j.dll,ServiceCheck
MSCONFIG\startupreg: Facebook Update => "C:\Users\Ben\AppData\Local\Facebook\Update\FacebookUpdate.exe" /c /nocrashserver
MSCONFIG\startupreg: GenieoSystemTray => "C:\Users\Gershman Family\AppData\Roaming\Genieo\Application\TrayUi\bin\gentray.exe"
MSCONFIG\startupreg: GenieoUpdaterService => "C:\Users\Gershman Family\AppData\Roaming\Genieo\Application\Updater\bin\genupdater.exe" -wait 5
MSCONFIG\startupreg: Google Update => "C:\Users\Gershman Family\AppData\Local\Google\Update\GoogleUpdate.exe" /c
MSCONFIG\startupreg: Google+ Auto Backup => "C:\Users\Gershman Family\AppData\Local\Programs\Google\Google+ Auto Backup\Google+ Auto Backup.exe" /autostart
MSCONFIG\startupreg: GoogleDriveSync => "C:\Program Files (x86)\Google\Drive\googledrivesync.exe" /autostart
MSCONFIG\startupreg: Gyazo => C:\Program Files (x86)\Gyazo\GyStation.exe
MSCONFIG\startupreg: HP Software Update => c:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe
MSCONFIG\startupreg: HPAdvisorDock => C:\Program Files (x86)\Hewlett-Packard\HP Advisor\Dock\HPAdvisorDock.exe
MSCONFIG\startupreg: Iminent => C:\Program Files (x86)\Iminent\Iminent.exe /warmup "F77F87E5-A6BD-4922-A530-EDF63D7E9F8C"
MSCONFIG\startupreg: IminentMessenger => C:\Program Files (x86)\Iminent\Iminent.Messengers.exe /startup
MSCONFIG\startupreg: InstallIQUpdater => "C:\Program Files (x86)\W3i\InstallIQUpdater\InstallIQUpdater.exe" /silent /autorun
MSCONFIG\startupreg: IntelliPoint => "C:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe"
MSCONFIG\startupreg: iTunesHelper => "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
MSCONFIG\startupreg: LogMeIn Hamachi Ui => "C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe" --auto-start
MSCONFIG\startupreg: ManyCam => "C:\Program Files (x86)\ManyCam\Bin\ManyCam.exe" /silent
MSCONFIG\startupreg: mapdisk => "C:\Users\Gershman Family\Documents\ArmAWork\mapdisk.bat"
MSCONFIG\startupreg: Microsoft Default Manager => "C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" -resume
MSCONFIG\startupreg: MobileDocuments => C:\Program Files (x86)\Common Files\Apple\Internet Services\ubd.exe
MSCONFIG\startupreg: MusicManager => "C:\Users\Gershman Family\AppData\Local\Programs\Google\MusicManager\MusicManager.exe"
MSCONFIG\startupreg: Norton Online Backup => C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuClient.exe
MSCONFIG\startupreg: NvBackend => "C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe"
MSCONFIG\startupreg: ooVoo.exe => C:\Program Files (x86)\ooVoo\oovoo.exe /minimized
MSCONFIG\startupreg: Overwolf => C:\Program Files (x86)\Overwolf\Overwolf.exe -silent
MSCONFIG\startupreg: PDF Complete => C:\Program Files (x86)\PDF Complete\pdfsty.exe
MSCONFIG\startupreg: Profiler => C:\Program Files (x86)\Saitek\Software\ProfilerU.exe
MSCONFIG\startupreg: ProfilerU => C:\Program Files\Saitek\SD6\Software\ProfilerU.exe
MSCONFIG\startupreg: QuickTime Task => "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
MSCONFIG\startupreg: QuiKProtect => C:\Program Files\Iomega\QuikProtect\StartQuikProtect.exe
MSCONFIG\startupreg: Redirector => "C:\Program Files (x86)\Citrix\ICA Client\redirector.exe" /startup
MSCONFIG\startupreg: RGSC => G:\Rockstar Games Social Club\RGSCLauncher.exe /silent
MSCONFIG\startupreg: SaiMfd => C:\Program Files\Saitek\SD6\Software\SaiMfd.exe
MSCONFIG\startupreg: Samsung Link => "S:\Samsung Link\Samsung Link Tray Agent.exe"
MSCONFIG\startupreg: ShadowPlay => C:\Windows\system32\rundll32.exe C:\Windows\system32\nvspcap64.dll,ShadowPlayOnSystemStart
MSCONFIG\startupreg: Sidebar => C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
MSCONFIG\startupreg: SkyDrive => "C:\Users\Gershman Family\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe" /background
MSCONFIG\startupreg: SmartMenu => C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe /background
MSCONFIG\startupreg: Spotify Web Helper => "C:\Users\Ben\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe"
MSCONFIG\startupreg: SpywareTerminator => "C:\Program Files (x86)\Spyware Terminator\SpywareTerminatorShield.exe"
MSCONFIG\startupreg: SpywareTerminatorUpdate => "C:\Program Files (x86)\Spyware Terminator\SpywareTerminatorUpdate.exe"
MSCONFIG\startupreg: SpywareTerminatorUpdater => C:\Program Files (x86)\Spyware Terminator\SpywareTerminatorUpdate.exe
MSCONFIG\startupreg: StartCCC => "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
MSCONFIG\startupreg: Steam => "C:\Program Files (x86)\Steam\steam.exe" -silent
MSCONFIG\startupreg: SunJavaUpdateSched => "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
MSCONFIG\startupreg: SUPERAntiSpyware => C:\PROGRAM FILES\SUPERANTISPYWARE\SUPERANTISPYWARE.EXE
MSCONFIG\startupreg: swg => "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
MSCONFIG\startupreg: SwitchBoard => C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
MSCONFIG\startupreg: TCTray => C:\Program Files (x86)\Computer Business Solutions\KidsWatch\KWTray.exe
MSCONFIG\startupreg: uTorrent => "C:\Program Files (x86)\uTorrent\uTorrent.exe" /MINIMIZED
MSCONFIG\startupreg: VirtualCloneDrive => "C:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe" /s
MSCONFIG\startupreg: VMM Mode Selection => C:\Program Files\HTC\ModeSelection\VMMModeSelection.exe
MSCONFIG\startupreg: WinampAgent => "C:\Program Files (x86)\Winamp\winampa.exe"
MSCONFIG\startupreg: Wondershare Helper Compact => "C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe"
MSCONFIG\startupreg: ZumoCast => C:\Program Files (x86)\Zecter\ZumoCast\ZumoLauncher.lnk

==================== Faulty Device Manager Devices =============
Name: 802.11n Wireless LAN Card
Description: 802.11n Wireless LAN Card
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Ralink Technology, Corp.
Service: netr28x
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.

Name: Photosmart D110 series
Description: Photosmart D110 series
Class Guid: {4d36e971-e325-11ce-bfc1-08002be10318}
Manufacturer: HP
Service:
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.

==================== Event log errors: =========================
Application errors:
==================
Error: (08/31/2014 08:37:55 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: NvBackend.exe, version: 10.11.15.0, time stamp: 0x52a6776c
Faulting module name: nvspcap.dll_unloaded, version: 0.0.0.0, time stamp: 0x52a67618
Exception code: 0xc0000005
Fault offset: 0x100077e2
Faulting process id: 0xb84
Faulting application start time: 0xNvBackend.exe0
Faulting application path: NvBackend.exe1
Faulting module path: NvBackend.exe2
Report Id: NvBackend.exe3

Error: (08/31/2014 08:37:34 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: NvBackend.exe, version: 10.11.15.0, time stamp: 0x52a6776c
Faulting module name: nvspcap.dll_unloaded, version: 0.0.0.0, time stamp: 0x52a67618
Exception code: 0xc0000005
Fault offset: 0x100be510
Faulting process id: 0xb84
Faulting application start time: 0xNvBackend.exe0
Faulting application path: NvBackend.exe1
Faulting module path: NvBackend.exe2
Report Id: NvBackend.exe3

Error: (08/31/2014 07:59:18 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: NvBackend.exe, version: 10.11.15.0, time stamp: 0x52a6776c
Faulting module name: nvspcap.dll_unloaded, version: 0.0.0.0, time stamp: 0x52a67618
Exception code: 0xc0000005
Fault offset: 0x100077e2
Faulting process id: 0x71c
Faulting application start time: 0xNvBackend.exe0
Faulting application path: NvBackend.exe1
Faulting module path: NvBackend.exe2
Report Id: NvBackend.exe3

Error: (08/31/2014 07:59:09 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: NvBackend.exe, version: 10.11.15.0, time stamp: 0x52a6776c
Faulting module name: nvspcap.dll_unloaded, version: 0.0.0.0, time stamp: 0x52a67618
Exception code: 0xc0000005
Fault offset: 0x100be510
Faulting process id: 0x71c
Faulting application start time: 0xNvBackend.exe0
Faulting application path: NvBackend.exe1
Faulting module path: NvBackend.exe2
Report Id: NvBackend.exe3

Error: (08/31/2014 06:17:17 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: NvBackend.exe, version: 10.11.15.0, time stamp: 0x52a6776c
Faulting module name: nvspcap.dll_unloaded, version: 0.0.0.0, time stamp: 0x52a67618
Exception code: 0xc0000005
Fault offset: 0x100077e2
Faulting process id: 0x360
Faulting application start time: 0xNvBackend.exe0
Faulting application path: NvBackend.exe1
Faulting module path: NvBackend.exe2
Report Id: NvBackend.exe3

Error: (08/31/2014 06:11:10 PM) (Source: Outlook) (EventID: 35) (User: )
Description: Failed to determine if the store is in the crawl scope (error=0x8007043c).

Error: (08/31/2014 06:11:10 PM) (Source: Outlook) (EventID: 34) (User: )
Description: Failed to get the Crawl Scope Manager with error=0x8007043c.

Error: (08/31/2014 06:11:10 PM) (Source: Outlook) (EventID: 35) (User: )
Description: Failed to determine if the store is in the crawl scope (error=0x8007043c).

Error: (08/31/2014 06:11:10 PM) (Source: Outlook) (EventID: 34) (User: )
Description: Failed to get the Crawl Scope Manager with error=0x8007043c.

Error: (08/31/2014 06:10:37 PM) (Source: Outlook) (EventID: 35) (User: )
Description: Failed to determine if the store is in the crawl scope (error=0x8007043c).

System errors:
=============
Error: (08/31/2014 08:46:19 PM) (Source: ipnathlp) (EventID: 31004) (User: )
Description: 0

Error: (08/31/2014 08:44:12 PM) (Source: ipnathlp) (EventID: 31004) (User: )
Description: 0

Error: (08/31/2014 08:36:48 PM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: The following boot-start or system-start driver(s) failed to load:
dskohpop
logugmid

Error: (08/31/2014 08:35:27 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: application-specificLocalLaunch{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}{344ED43D-D086-4961-86A6-1106F4ACAD9B}NT AUTHORITYSYSTEMS-1-5-18LocalHost (Using LRPC)

Error: (08/31/2014 08:35:23 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The LogMeIn Hamachi Tunneling Engine service failed to start due to the following error:
%%1053

Error: (08/31/2014 08:35:23 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the LogMeIn Hamachi Tunneling Engine service to connect.

Error: (08/31/2014 08:33:38 PM) (Source: Microsoft-Windows-WLAN-AutoConfig) (EventID: 10000) (User: NT AUTHORITY)
Description: WLAN Extensibility Module has failed to start.

Module Path: C:\Windows\system32\athExt.dll
Error Code: 126

Error: (08/31/2014 08:33:22 PM) (Source: EventLog) (EventID: 6008) (User: )
Description: The previous system shutdown at 8:30:28 PM on ‎8/‎31/‎2014 was unexpected.

Error: (08/31/2014 08:07:44 PM) (Source: ipnathlp) (EventID: 31004) (User: )
Description: 0

Error: (08/31/2014 08:02:50 PM) (Source: Service Control Manager) (EventID: 7022) (User: )
Description: The HP Network Devices Support service hung on starting.

Microsoft Office Sessions:
=========================
Error: (08/31/2014 08:37:55 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: NvBackend.exe10.11.15.052a6776cnvspcap.dll_unloaded0.0.0.052a67618c0000005100077e2b8401cfc57c7d3ece9eC:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exenvspcap.dll3623e47a-3170-11e4-82ea-d48564bbaac0

Error: (08/31/2014 08:37:34 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: NvBackend.exe10.11.15.052a6776cnvspcap.dll_unloaded0.0.0.052a67618c0000005100be510b8401cfc57c7d3ece9eC:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exenvspcap.dll29ecbae0-3170-11e4-82ea-d48564bbaac0

Error: (08/31/2014 07:59:18 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: NvBackend.exe10.11.15.052a6776cnvspcap.dll_unloaded0.0.0.052a67618c0000005100077e271c01cfc57721ebba69C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exenvspcap.dlld15fd62f-316a-11e4-b058-d48564bbaac0

Error: (08/31/2014 07:59:09 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: NvBackend.exe10.11.15.052a6776cnvspcap.dll_unloaded0.0.0.052a67618c0000005100be51071c01cfc57721ebba69C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exenvspcap.dllcbc9655d-316a-11e4-b058-d48564bbaac0

Error: (08/31/2014 06:17:17 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: NvBackend.exe10.11.15.052a6776cnvspcap.dll_unloaded0.0.0.052a67618c0000005100077e236001cfc568e8d54208C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exenvspcap.dll90995c8b-315c-11e4-83ef-d48564bbaac0

Error: (08/31/2014 06:11:10 PM) (Source: Outlook) (EventID: 35) (User: )
Description: 0x8007043c

Error: (08/31/2014 06:11:10 PM) (Source: Outlook) (EventID: 34) (User: )
Description: 0x8007043c

Error: (08/31/2014 06:11:10 PM) (Source: Outlook) (EventID: 35) (User: )
Description: 0x8007043c

Error: (08/31/2014 06:11:10 PM) (Source: Outlook) (EventID: 34) (User: )
Description: 0x8007043c

Error: (08/31/2014 06:10:37 PM) (Source: Outlook) (EventID: 35) (User: )
Description: 0x8007043c

CodeIntegrity Errors:
===================================
Date: 2014-08-31 20:32:58.856
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\SaiBus.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2014-08-31 20:32:58.732
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\SaiBus.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2014-08-31 19:54:29.803
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\SaiBus.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2014-08-31 19:54:29.663
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\SaiBus.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2014-08-31 19:21:24.732
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\SaiBus.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2014-08-31 19:21:24.607
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\SaiBus.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2014-08-31 18:46:21.624
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\SaiBus.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2014-08-31 18:46:21.484
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\SaiBus.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2014-08-31 18:12:37.878
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\SaiBus.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2014-08-31 18:12:37.754
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\SaiBus.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

==================== Memory info ===========================
Processor: AMD Phenom™ II X4 830 Processor
Percentage of memory in use: 27%
Total physical RAM: 8191.28 MB
Available physical RAM: 5940.98 MB
Total Pagefile: 16380.73 MB
Available Pagefile: 14043.06 MB
Total Virtual: 8192 MB
Available Virtual: 8191.85 MB

==================== Drives ================================
Drive c: (OS) (Fixed) (Total:686.46 GB) (Free:116.7 GB) NTFS
Drive d: (HP_RECOVERY) (Fixed) (Total:12.08 GB) (Free:1.44 GB) NTFS ==>[System with boot components (obtained from reading drive)]
Drive f: (Paging File) (Fixed) (Total:0.97 GB) (Free:0.85 GB) NTFS
Drive g: (Storage) (Fixed) (Total:244.14 GB) (Free:79 GB) NTFS
Drive h: (Deep Space) (Fixed) (Total:220.64 GB) (Free:130.97 GB) NTFS
Drive o: (Iomega HDD) (Fixed) (Total:931.51 GB) (Free:505 GB) NTFS
Drive s: (Ben Drive) (Fixed) (Total:931.48 GB) (Free:222.05 GB) NTFS

==================== MBR & Partition Table ==================
========================================================
Disk: 0 (Size: 698.6 GB) (Disk ID: 461BD980)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=686.5 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=12.1 GB) - (Type=07 NTFS)

========================================================
Disk: 1 (MBR Code: Windows XP) (Size: 465.8 GB) (Disk ID: DF0F02B6)
Partition 1: (Not Active) - (Size=996 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=244.1 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=220.6 GB) - (Type=07 NTFS)

========================================================
Disk: 2 (MBR Code: Windows XP) (Size: 931.5 GB) (Disk ID: 00023F15)
Partition 1: (Not Active) - (Size=931.5 GB) - (Type=07 NTFS)

========================================================
Disk: 3 (MBR Code: Windows XP) (Size: 931.5 GB) (Disk ID: CBCE2081)
Partition 1: (Not Active) - (Size=931.5 GB) - (Type=07 NTFS)

==================== End Of Log ============================

Edited by Oh My!, 31 August 2014 - 08:11 PM.


#8 Harris1965

Harris1965
  • Topic Starter

  • Members
  • 82 posts
  • OFFLINE
  •  
  • Local time:02:39 AM

Posted 31 August 2014 - 07:57 PM

Attached File  Summary.zip   249.78KB   2 downloads



#9 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 36,617 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:11:39 PM

Posted 31 August 2014 - 08:45 PM

Greetings and thank you for the information.

There is evidence of pirated software on your computer. Typically that type of software is downloaded by using Peer to Peer websites. Those sites are inherently dangerous and are primary means through which highly toxic malicious software is transmitted and installed on a victim's computer. Unfortunately that is precisely the case with your computer and it is seriously infected.

Before we begin proactively addressing the malware on your computer I would like to provide some information for you to consider.

===================================================

P2P Warning

--------------------

Going over your logs I noticed that you have µTorrent installed. It is pretty much certain that if you continue to use P2P programs, you will get infected again.
  • Avoid gaming sites, pirated software, cracking tools, keygens, and peer-to-peer (P2P) file sharing programs.
  • They are a security risk which can make your computer susceptible to a smörgåsbord of malware infections, remote attacks, exposure of personal information, and identity theft. Many malicious worms and Trojans spread across P2P file sharing networks, gaming and underground sites.
  • Users visiting such pages may see innocuous-looking banner ads containing code which can trigger pop-up ads and malicious Flash ads that install viruses, Trojans and spyware. Ads are a target for hackers because they offer a stealthy way to distribute malware to a wide range of Internet users.
  • The best way to reduce the risk of infection is to avoid these types of web sites and not use any P2P applications.
I would recommend that you uninstall µTorrent, however that choice is up to you. If you choose to remove the program, you can do so via Start > Control Panel > Add/Remove Programs.

If you are still leaning toward using this program, please take a look at this information about Ransomware which can be delivered via P2P file transfers. The newest variation of Ransomware can make it impossible to recover the files this malicious software encrypts. In other words, you will probably lose most if not all of your valuable information, including pictures. In addition it has recently been reported that P2P downloads may be tracked resulting in your IP address being monitored by copyright authorities. .

If you wish to keep it, please do not use it until we are completely done and your machine is determined to be clean and updated.

===================================================

Cracking Software Warning

--------------------
 

Post by quietman7, on 02 October 2009 - 05:16 AM, said:


A Keygen is a program which is used to illegally bypass copy protection on games and commercial software by generating a random serial number, or "cd key", that matches the software it is intended to be used with.

A Cracking tool is used to copy commercial software illegally by breaking the various copy-protection and registration techniques being used.

The practice of using cracking tools, keygens, warez or any pirated software is not only considered illegal activity but it is a serious security risk.

Quote
Cracking applications are used for illegally breaking (cracking) various copy-protection and registration techniques used in commercial software. These programs may be distributed via Web sites, Usenet, and P2P networks.

trendmicro.com/vinfo

Quote
...warez and crack web pages are being used by cybercriminals as download sites for malware related to VIRUT and VIRUX. Searches for serial numbers, cracks, and even antivirus products like Trend Micro yield malcodes that come in the form of executables or self-extracting files...quick links in these sites also lead to malicious files. Ads and banners are also infection vectors...

Keygen and Crack Sites Distribute VIRUX and FakeAV

Quote
...warez/piracy sites ranked the highest in downloading spyware...just opening the web page usually sets off an exploit, never mind actually downloading anything. And by the time the malware is finished downloading, often the machine is trashed and rendered useless.

University of Washington spyware study

Some of the worst types of malware infections can be contracted and spread by visiting crack, keygen, warez and other pirated software sites. In many cases, those sites are infested with a smörgåsbord of malware and an increasing source of system infection. Those who attempt to get software for free can end up with a computer system so badly damaged that recovery is not possible and it cannot be repaired. When that happens there is nothing you can do besides reformatting and reinstalling the OS.


===================================================

BACKDOOR WARNING!

--------------------

One or more of the identified infections is a Backdoor Trojan.

This allows hackers to remotely control your computer, steal critical system information and download and execute files.

I would counsel you to disconnect this PC from the Internet immediately. If you do any banking or other financial transactions on the PC or if it should contain any other sensitive information, please get to a known clean computer and change all passwords where applicable. Please let me know if you have already noticed evidences of financial institution irregularities. Those accounts should be monitored from this point forward.

Though the trojan has been identified and can be killed, because of it's backdoor functionality, your PC is very likely compromised and there is no way to be sure your computer can ever again be trusted. Many experts in the security community believe that once infected with this type of trojan, the best course of action would be a reformat and reinstall of the OS. Please read these for more information:

How Do I Handle Possible Identify Theft, Internet Fraud and CC Fraud?
When Should I Format, How Should I Reinstall
 

Here are some thoughts I have put together for people who ask what they should do in light of the infection. Ultimately each user must decide for themselves what to do and the below are things you might want to consider.

It is necessary for us to at least make you aware of the worse case scenario. This is because of the potential Backdoor Trojans bring with them, but it is not a determination on our part that your situation currently falls within this worse case scenario.

Ultimately it is a personal decision whether to reformat or not. What decision should you make to let you sleep well at night? It is different for different people. I will say whether rightly or wrongly most people decide to clean and not reformat, at least initially.

The only insight I can offer is how I evaluate the issue personally even though I have never had a Backdoor Trojan on my computer. One of the primary purposes for malicious software is to somehow separate you from your money. It seems reasonable to assume that a thief trying to take your money via a Backdoor Trojan will hit you hard, and quickly. Once your computer starts to act up and you become suspicious you have the opportunity to eliminate access to your computer and change the information taken, namely account and password information. The key to this, in my opinion, is whether or not you have noticed any irregularities in your banking or other financial institutions, or things like email and social network accounts (i.e. Facebook). If you have not seen any evidence of that then you may question whether your information has truly been stolen. If it seems it hasn't, and your critical information has been changed, it is reasonable to be more confident you are safe but you must stop short of claiming an absolute guarantee.

If, after careful consideration you decide not to reformat your computer it would be wise to continue monitoring your sensitive data and don't wait to address future symptoms on your computer which seem to be malware related.

The bottom line, the only way to be absolutely sure to be rid of a Backdoor Trojan is to reformat. The decision is yours.

Oh My


We can still clean this machine but I can't guarantee that it will be 100% secure afterwards. Let me know what you decide to do. If you decide to go through with the cleanup, please proceed with the following steps.

===================================================

If you decide to continue to clean the computer I will require you to uninstall the pirated Adobe Photoshop program. Please let me know if you are willing to do that and whether or not you would like to clean the computer or reformat and reinstall the Operating System. I would be happy to help you complete whichever you choose.
Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#10 Harris1965

Harris1965
  • Topic Starter

  • Members
  • 82 posts
  • OFFLINE
  •  
  • Local time:02:39 AM

Posted 31 August 2014 - 09:54 PM

I want to try to work away from a complete reformat as much as possible. I have uninstalled the Pirated APS and Utorrent. I would like to clean the computer



#11 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 36,617 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:11:39 PM

Posted 31 August 2014 - 10:04 PM

Very good, thank you. We are going to hit it hard right out of the gate. Before you do anything we need to move the FRST program from your Downloads folder to the desktop. If we don't the FRST fix will not work.

Running from C:\Users\GERSHMAN FAMILY\DOWNLOADS


Please do this.

===================================================

AdwCleaner by Xplode - Delete Adware

-------------------
  • Please download AdwCleaner by Xplode onto your desktop.
  • Close all open programs and internet browser
  • Double click on AdwCleaner.exe, select OK, then Run
  • Click on Delete
  • Confirm each time with OK
  • Your computer will be rebooted automatically. A text file will open after the restart
  • Copy and paste the contents in your reply
  • You can also find the logfile at C:\AdwCleaner\AdwCleaner.txt
===================================================

Junkware Removal Tool by thisisu

-------------------
  • Please download Junkware Removal Tool and save it to your desktop.
  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. (Click on this link to see a list of programs that should be disabled. The list is not all inclusive.)
  • Right-mouse click JRT.exe and select Run as administrator (Windows XP double click the icon)
  • Please allow the program time to run
  • Once completed a Notepad document will open on your desktop
  • Copy and paste the contents in your reply
===================================================

Farbar's Recovery Scan Tool - Run Fix in Normal or Safe Mode

--------------------
  • Press the Windows key Windows_Logo_key.gif + r on your keyboard at the same time. Type in notepad and press Enter
  • Please copy and paste the contents of the below code box into the open notepad and save it to your desktop (<<<Important) as fixlist.txt
HKU\S-1-5-21-2625895798-646920419-2108830663-1001\...\Run: [AdobeBridge] => [X]
HKU\S-1-5-21-2625895798-646920419-2108830663-1001\...\MountPoints2: {4fd5cdbc-2915-11e2-b46b-d48564bbaac0} - T:\setup.exe -a
HKU\S-1-5-21-2625895798-646920419-2108830663-1001\...\MountPoints2: {75ac0e23-c421-11e1-8df9-d48564bbaac0} - I:\Autorun.exe
HKU\S-1-5-21-2625895798-646920419-2108830663-1001\...\MountPoints2: {9a017e3b-ea10-11e0-b2ac-d48564bbaac0} - M:\setup.exe -a
Handler: belarc - {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - No File
Handler: wot - {C2A44D6B-CB9F-4663-88A6-DF2F26E4D952} - No File
Filter: application/x-ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - No File
Filter: application/x-ica2 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - No File
Filter: application/x-ica; charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - No File
Filter: application/x-ica; charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - No File
Filter: application/x-ica; charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - No File
Filter: application/x-ica; charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - No File
Filter: application/x-ica; charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - No File
Filter: application/x-ica; charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - No File
Filter: application/x-ica; charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - No File
Filter: application/x-ica;charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - No File
Filter: application/x-ica;charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - No File
Filter: application/x-ica;charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - No File
Filter: application/x-ica;charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - No File
Filter: application/x-ica;charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - No File
Filter: application/x-ica;charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - No File
Filter: application/x-ica;charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - No File
Filter: ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - No File
R0 bitadcab; C:\Windows\System32\DRIVERS\bitadcab.sys [65816 2009-07-13] ()
C:\Windows\System32\DRIVERS\bitadcab.sys
S0 dskohpop; jobippnp\dskohpop.sys [X]
S0 logugmid; cpyipcab\logugmid.sys [X]
S3 MotDev; system32\DRIVERS\motodrv.sys [X]
S3 TCFilter; system32\drivers\tcfilter.sys [X]
2014-08-11 19:59 - 2012-07-21 12:00 - 00000000 ____D () C:\Windows\jobippnp
2014-08-11 19:59 - 2012-03-20 21:10 - 00000000 ____D () C:\Windows\disipbas
C:\Users\Gershman Family\OEAccounts.reg
C:\Users\Ben\AppData\Local\Temp
C:\Users\Gershman Family\AppData\Local\Temp
CustomCLSID: HKU\S-1-5-21-2625895798-646920419-2108830663-1001_Classes\CLSID\{355EC88A-02E2-4547-9DEE-F87426484BD1}\InprocServer32 -> C:\USERS\GERSHMAN FAMILY\APPDATA\LOCAL\GOOGLE\UPDATE\1.3.23.9\psuser_64.dll No File
CustomCLSID: HKU\S-1-5-21-2625895798-646920419-2108830663-1001_Classes\CLSID\{FE498BAB-CB4C-4F88-AC3F-3641AAAF5E9E}\InprocServer32 -> C:\USERS\GERSHMAN FAMILY\APPDATA\LOCAL\GOOGLE\UPDATE\1.3.24.7\psuser_64.dll No File
Task: {1CEFF199-B811-41B1-AA7D-D792C690DA42} - System32\Tasks\LEVDFWSI => Rundll32.exe "C:\Windows\SysWOW64\msacm32C.dll",bjyqhkwwq
Task: {1ECE3E74-8252-4122-8438-E5090F44EE45} - \RegClean Pro_UPDATES No Task File <==== ATTENTION
Task: {2222A8FF-63A0-4497-8FBB-951E0BD74EB9} - \Browser Manager No Task File <==== ATTENTION
Task: {48F4E408-41C4-471B-BCFF-BAB5101BA31B} - \RegClean Pro No Task File <==== ATTENTION
Task: {568CABCE-1D14-4561-A441-12791C1B41AA} - System32\Tasks\FreeFileViewerUpdateChecker => C:\Program Files (x86)\FreeFileViewer\FFVCheckForUpdates.exe [2011-03-11] (Bitberry Software) <==== ATTENTION
Task: {D35B08DB-FAC6-43ED-943D-0D28531AB621} - \Scheduled Update for Ask Toolbar No Task File <==== ATTENTION
Task: {DFF0DA44-494B-4A0D-A267-F0A0B024C7F8} - \ProgramUpdateCheck No Task File <==== ATTENTION
Task: {E24B799B-3C14-4EFE-B861-C9F4B92FD181} - \FinalTorrent Update Checker No Task File <==== ATTENTION
Task: C:\Windows\Tasks\FreeFileViewerUpdateChecker.job => C:\Program Files (x86)\FreeFileViewer\FFVCheckForUpdates.exe <==== ATTENTION
C:\Windows\SysWOW64\msacm32C.dll
C:\Program Files (x86)\FreeFileViewer
AlternateDataStreams: C:\ProgramData\Temp:430C6D84
AlternateDataStreams: C:\ProgramData\Temp:74603393
AlternateDataStreams: C:\ProgramData\Temp:DFC5A2B2
AlternateDataStreams: C:\Users\Public\.DS_Store:AFP_AfpInfo
  • Launch FRST and press the Fix button just once and wait, the program will automatically launch fixlist.txt.
  • The tool will create a log on the desktop called Fixlog.txt. Please copy and paste the contents of the file in your reply.
===================================================

Run Combofix in Vista/7

--------------------

Combofix is a very powerful tool and special attention must be taken to allow it to work properly. Please pay careful attention to the following instructions.

sUBs, the author of Combofix, recommends you to uninstall AVG or CA Internet Security before running the program. If you have either of these programs on your computer please uninstall them using AppRemover which can be downloaded here. We will be sure to reinstall the Antivirus program once we are finished using Combofix.
  • Please download ComboFix from one of these locations:

BleepingComputer
ForoSpyware

  • Save Combofix.exe to your Desktop <-- Important!!!
  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. (Click on this link to see a list of programs that should be disabled. The list is not all inclusive.)
  • Double click on Combofix.exe and follow the prompts. It is important you do not mouseclick while the program is running or it may stall.
Note #1: Often times it may appear as if ComboFix has stopped working. To verify it is still running please do one of the following below. If, based on the below, you have concluded ComboFix has stopped running please stop and advise me.
  • Check your computer clock. If it is still running then so is ComboFix
  • Open Task Manager and select the Applications Tab. If the status of AutoScan is Running, then ComboFix is running
  • Open Task Manager and select the Processes Tab. Under Image Name look for files ending in .3xe. If there are fluctuating numbers under CPU and Mem Usage then ComboFix is running
Note #2: If you receive the following error "Illegal operation attempted on a registery key that has been marked for deletion" please just restart your computer to resolve this issue

If Combofix fails to run properly using the above instructions please attempt the following:
  • Right click on the Combofix icon on your desktop and select Delete
  • Download a new copy but rename it to freshcopy.exe first, then save it to your desktop
  • Now download RKill.exe (or RKill renamed as iExplore.exe if the first one doesn't work properly) and save it to your desktop
  • Restart your computer in Safe Mode
  • Right click on RKill (or iExplore) and select Run as Administrator. If you are using Windows XP simply double click the icon
  • A black DOS screen should flash and disappear. If not, try to launch the program with the second file. If neither works please stop and let me know
  • When RKill is finished running you will be presented with a text file and a copy will be saved on your desktop. Copy and paste the contents of this report in your reply
  • Do not reboot your computer
  • Double click the freshcopy.exe icon (renamed Combofix file)
  • When finished, it will produce a log. Please copy and paste the C:\Combofix.txt log information in your next reply
  • If you disabled your antivirus please enable it again. If you uninstalled it please wait for instructions to reinstall it
===================================================

Things I would like to see in your next reply. Please be sure to copy and paste any requested log information unless you are asked to attach it. :thumbsup2:
  • AdwCleaner log
  • Junkware log
  • Fixlog
  • Combofix log

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#12 Harris1965

Harris1965
  • Topic Starter

  • Members
  • 82 posts
  • OFFLINE
  •  
  • Local time:02:39 AM

Posted 01 September 2014 - 10:11 AM

Wow, what a painful two hours! Here ya go. Adwclaener log, jrt log, fixlog, rkill log and combofix (freshstart) log. Thanks for your patience and assistance.

 

ADW

# AdwCleaner v3.308 - Report created 01/09/2014 at 08:36:09
# Updated 20/08/2014 by Xplode
# Operating System : Windows 7 Home Premium Service Pack 1 (64 bits)
# Username : Gershman Family - MONGO-II
# Running from : C:\Users\Gershman Family\Desktop\AdwCleaner.exe
# Option : Clean

***** [ Services ] *****

***** [ Files / Folders ] *****

Folder Deleted : C:\Program Files\Reimage
Folder Deleted : C:\Users\Ben\AppData\Local\Google\Chrome\User Data\Default\Extensions\gkojfkhlekighikafcpjkiklfbnlmeio
File Deleted : C:\Users\Ben\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.azlyrics.com_0.localstorage
File Deleted : C:\Users\Ben\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.azlyrics.com_0.localstorage-journal
File Deleted : C:\Users\Ben\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.lyricsfreak.com_0.localstorage
File Deleted : C:\Users\Ben\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.lyricsfreak.com_0.localstorage-journal

***** [ Scheduled Tasks ] *****

Task Deleted : Browser Manager
Task Deleted : FinalTorrent Update Checker
Task Deleted : ProgramUpdateCheck
Task Deleted : RegClean Pro
Task Deleted : RegClean Pro_UPDATES
Task Deleted : Scheduled Update for Ask Toolbar

***** [ Shortcuts ] *****

***** [ Registry ] *****

Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{74F475FA-6C75-43BD-AAB9-ECDA6184F600}
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\08121C32A9C319F4CB0C11FF059552A4
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0CFE535C35F99574E8340BFA75BF92C2
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\261F213D1F55267499B1F87D0CC3BCF7
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\3152E1F19977892449DC968802CE8964
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\50A730A9A3A61BF5BA70CA8A3B7C133B
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\741B4ADF27276464790022C965AB6DA8
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\7DE196B10195F5647A2B21B761F3DE01
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\9D4F5849367142E4685ED8C25E44C5ED
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\A5875B04372C19545BEB90D4D606C472
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\A876D9E80B896EC44A8620248CC79296
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\B66FFAB725B92594C986DE826A867888
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\430E8DB44F0E90547A3564A7E858C48D
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\482AA67AD25E6E74E9F48BD5FBE8533C
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UpgradeCodes\F1057DD419AED0B468AD8888429E139A
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UpgradeCodes\F928123A039649549966D4C29D35B1C9

***** [ Browsers ] *****

-\\ Internet Explorer v11.0.9600.17207

-\\ Google Chrome v37.0.2062.102

[ File : C:\Users\Ben\AppData\Local\Google\Chrome\User Data\Default\preferences ]

Deleted [Search Provider] : hxxp://search.aol.com/aol/search?q={searchTerms}
Deleted [Search Provider] : hxxp://search.conduit.com/Results.aspx?q={searchTerms}&SearchSource=49&CUI=UN33979949862751122&ctid=CT3306058&UM=2
Deleted [Search Provider] : hxxp://search.aol.com/aol/tracking?d_ch=en_US_huffingtonpost&q={searchTerms}&s_it=search_addon
Deleted [Search Provider] : hxxp://shop.youngmarinesbx.com/searchquick-submit.sc;jsessionid=37B303006BD7C379EB7921A9AE1FD38A.m1plqscsfapp02?keywords={searchTerms}
Deleted [Search Provider] : hxxp://www.ask.com/web?q={searchTerms}&qsrc=0&o=0&l=dir
Deleted [Search Provider] : hxxp://www.netflix.com/WiSearch?raw_query=&ac_category_type=none&ac_rel_posn=-1&ac_abs_posn=-1&v1={searchTerms}&search_submit=
Deleted [Search Provider] : hxxp://en.softonic.com/s/{searchTerms}
Deleted [Search Provider] : hxxp://www.ask.com/web?q={searchTerms}
Deleted [Extension] : gkojfkhlekighikafcpjkiklfbnlmeio

[ File : C:\Users\Gershman Family\AppData\Local\Google\Chrome\User Data\Default\preferences ]

Deleted [Search Provider] : hxxp://search.aol.com/aol/search?q={searchTerms}
Deleted [Search Provider] : hxxp://www.ask.com/web?q={searchTerms}

*************************

AdwCleaner[R0].txt - [8156 octets] - [03/07/2014 09:33:48]
AdwCleaner[R1].txt - [5148 octets] - [01/09/2014 08:33:05]
AdwCleaner[S0].txt - [8365 octets] - [03/07/2014 09:36:04]
AdwCleaner[S1].txt - [5087 octets] - [01/09/2014 08:36:09]

########## EOF - C:\AdwCleaner\AdwCleaner[S1].txt - [5147 octets] ##########

 

jrt

 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.1.4 (04.06.2014:1)
OS: Windows 7 Home Premium x64
Ran by Gershman Family on Mon 09/01/2014 at  9:17:58.90
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

 

~~~ Services

 

~~~ Registry Values

Successfully deleted: [Registry Value] HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\searchprotection

 

~~~ Registry Keys

Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{4145C98D-1B41-41ED-9A66-927823FF48E4}
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{BF5CDBD7-EC78-41F8-A1B1-01829572104D}
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{CDA7E37D-89A7-4417-8089-B21DD14C2659}
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{CFADB50D-DB8B-4D2A-B2FB-6E211DF1A64C}
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{F98A05CE-C49B-426B-93FD-9F4C7E98AE73}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\SearchScopes\{CDA7E37D-89A7-4417-8089-B21DD14C2659}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{34A0D84B-CDDC-4EC4-AFDD-4F1DDE1D14E5}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{34A0D84B-CDDC-4EC4-AFDD-4F1DDE1D14E5}

 

~~~ Files

 

~~~ Folders

Successfully deleted: [Folder] "C:\Users\Gershman Family\AppData\Roaming\search protection"

 

~~~ Event Viewer Logs were cleared

 

 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Mon 09/01/2014 at  9:26:18.39
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

 

fixlog

 

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 31-08-2014 02
Ran by Gershman Family at 2014-09-01 09:30:33 Run:1
Running from C:\Users\Gershman Family\Desktop
Boot Mode: Normal
==============================================

Content of fixlist:
*****************
HKU\S-1-5-21-2625895798-646920419-2108830663-1001\...\Run: [AdobeBridge] => [X]
HKU\S-1-5-21-2625895798-646920419-2108830663-1001\...\MountPoints2: {4fd5cdbc-2915-11e2-b46b-d48564bbaac0} - T:\setup.exe -a
HKU\S-1-5-21-2625895798-646920419-2108830663-1001\...\MountPoints2: {75ac0e23-c421-11e1-8df9-d48564bbaac0} - I:\Autorun.exe
HKU\S-1-5-21-2625895798-646920419-2108830663-1001\...\MountPoints2: {9a017e3b-ea10-11e0-b2ac-d48564bbaac0} - M:\setup.exe -a
Handler: belarc - {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - No File
Handler: wot - {C2A44D6B-CB9F-4663-88A6-DF2F26E4D952} - No File
Filter: application/x-ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - No File
Filter: application/x-ica2 -
{CFB6322E-CC85-4d1b-82C7-893888A236BC} - No File
Filter: application/x-ica; charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - No File
Filter: application/x-ica; charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - No File
Filter: application/x-ica; charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - No File
Filter: application/x-ica; charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - No File
Filter: application/x-ica; charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - No File
Filter: application/x-ica; charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - No File
Filter: application/x-ica; charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - No File
Filter: application/x-ica;charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - No File
Filter: application/x-ica;charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - No File
Filter: application/x-ica;charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - No File
Filter:
application/x-ica;charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - No File
Filter: application/x-ica;charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - No File
Filter: application/x-ica;charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - No File
Filter: application/x-ica;charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - No File
Filter: ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - No File
R0 bitadcab; C:\Windows\System32\DRIVERS\bitadcab.sys [65816 2009-07-13] ()
C:\Windows\System32\DRIVERS\bitadcab.sys
S0 dskohpop; jobippnp\dskohpop.sys [X]
S0 logugmid; cpyipcab\logugmid.sys [X]
S3 MotDev; system32\DRIVERS\motodrv.sys [X]
S3 TCFilter; system32\drivers\tcfilter.sys [X]
2014-08-11 19:59 - 2012-07-21 12:00 - 00000000 ____D () C:\Windows\jobippnp
2014-08-11 19:59 - 2012-03-20 21:10 - 00000000 ____D () C:\Windows\disipbas
C:\Users\Gershman Family\OEAccounts.reg
C:\Users\Ben\AppData\Local\Temp
C:\Users\Gershman Family\AppData\Local\Temp
CustomCLSID:
HKU\S-1-5-21-2625895798-646920419-2108830663-1001_Classes\CLSID\{355EC88A-02E2-4547-9DEE-F87426484BD1}\InprocServer32 -> C:\USERS\GERSHMAN FAMILY\APPDATA\LOCAL\GOOGLE\UPDATE\1.3.23.9\psuser_64.dll No File
CustomCLSID: HKU\S-1-5-21-2625895798-646920419-2108830663-1001_Classes\CLSID\{FE498BAB-CB4C-4F88-AC3F-3641AAAF5E9E}\InprocServer32 -> C:\USERS\GERSHMAN FAMILY\APPDATA\LOCAL\GOOGLE\UPDATE\1.3.24.7\psuser_64.dll No File
Task: {1CEFF199-B811-41B1-AA7D-D792C690DA42} - System32\Tasks\LEVDFWSI => Rundll32.exe "C:\Windows\SysWOW64\msacm32C.dll",bjyqhkwwq
Task: {1ECE3E74-8252-4122-8438-E5090F44EE45} - \RegClean Pro_UPDATES No Task File <==== ATTENTION
Task: {2222A8FF-63A0-4497-8FBB-951E0BD74EB9} - \Browser Manager No Task File <==== ATTENTION
Task: {48F4E408-41C4-471B-BCFF-BAB5101BA31B} - \RegClean Pro No Task File <==== ATTENTION
Task: {568CABCE-1D14-4561-A441-12791C1B41AA} - System32\Tasks\FreeFileViewerUpdateChecker => C:\Program Files
(x86)\FreeFileViewer\FFVCheckForUpdates.exe [2011-03-11] (Bitberry Software) <==== ATTENTION
Task: {D35B08DB-FAC6-43ED-943D-0D28531AB621} - \Scheduled Update for Ask Toolbar No Task File <==== ATTENTION
Task: {DFF0DA44-494B-4A0D-A267-F0A0B024C7F8} - \ProgramUpdateCheck No Task File <==== ATTENTION
Task: {E24B799B-3C14-4EFE-B861-C9F4B92FD181} - \FinalTorrent Update Checker No Task File <==== ATTENTION
Task: C:\Windows\Tasks\FreeFileViewerUpdateChecker.job => C:\Program Files (x86)\FreeFileViewer\FFVCheckForUpdates.exe <==== ATTENTION
C:\Windows\SysWOW64\msacm32C.dll
C:\Program Files (x86)\FreeFileViewer
AlternateDataStreams: C:\ProgramData\Temp:430C6D84
AlternateDataStreams: C:\ProgramData\Temp:74603393
AlternateDataStreams: C:\ProgramData\Temp:DFC5A2B2
AlternateDataStreams: C:\Users\Public\.DS_Store:AFP_AfpInfo

*****************

HKU\S-1-5-21-2625895798-646920419-2108830663-1001\Software\Microsoft\Windows\CurrentVersion\Run\\AdobeBridge => value deleted successfully.
"HKU\S-1-5-21-2625895798-646920419-2108830663-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{4fd5cdbc-2915-11e2-b46b-d48564bbaac0}" => Key deleted successfully.
"HKCR\CLSID\{4fd5cdbc-2915-11e2-b46b-d48564bbaac0}" => Key not found.
"HKU\S-1-5-21-2625895798-646920419-2108830663-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{75ac0e23-c421-11e1-8df9-d48564bbaac0}" => Key deleted successfully.
"HKCR\CLSID\{75ac0e23-c421-11e1-8df9-d48564bbaac0}" => Key not found.
"HKU\S-1-5-21-2625895798-646920419-2108830663-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{9a017e3b-ea10-11e0-b2ac-d48564bbaac0}" => Key deleted successfully.
"HKCR\CLSID\{9a017e3b-ea10-11e0-b2ac-d48564bbaac0}" => Key not found.
"HKCR\PROTOCOLS\Handler\belarc" => Key deleted successfully.
"HKCR\CLSID\{6318E0AB-2E93-11D1-B8ED-00608CC9A71F}" => Key not found.
"HKCR\PROTOCOLS\Handler\wot" => Key deleted successfully.
"HKCR\CLSID\{C2A44D6B-CB9F-4663-88A6-DF2F26E4D952}" => Key not found.
"HKCR\PROTOCOLS\Filter\application/x-ica" => Key deleted successfully.
"HKCR\CLSID\{CFB6322E-CC85-4d1b-82C7-893888A236BC}" => Key not found.
"HKCR\PROTOCOLS\Filter\Filter: application/x-ica2 -" => Key not found.
{CFB6322E-CC85-4d1b-82C7-893888A236BC} - No File => Error: No automatic fix found for this entry.
"HKCR\PROTOCOLS\Filter\application/x-ica; charset=euc-jp" => Key deleted successfully.
"HKCR\CLSID\{CFB6322E-CC85-4d1b-82C7-893888A236BC}" => Key not found.
"HKCR\PROTOCOLS\Filter\application/x-ica; charset=ISO-8859-1" => Key deleted successfully.
"HKCR\CLSID\{CFB6322E-CC85-4d1b-82C7-893888A236BC}" => Key not found.
"HKCR\PROTOCOLS\Filter\application/x-ica; charset=MS936" => Key deleted successfully.
"HKCR\CLSID\{CFB6322E-CC85-4d1b-82C7-893888A236BC}" => Key not found.
"HKCR\PROTOCOLS\Filter\application/x-ica; charset=MS949" => Key deleted successfully.
"HKCR\CLSID\{CFB6322E-CC85-4d1b-82C7-893888A236BC}" => Key not found.
"HKCR\PROTOCOLS\Filter\application/x-ica; charset=MS950" => Key deleted successfully.
"HKCR\CLSID\{CFB6322E-CC85-4d1b-82C7-893888A236BC}" => Key not found.
"HKCR\PROTOCOLS\Filter\application/x-ica; charset=UTF-8" => Key deleted successfully.
"HKCR\CLSID\{CFB6322E-CC85-4d1b-82C7-893888A236BC}" => Key not found.
"HKCR\PROTOCOLS\Filter\application/x-ica; charset=UTF8" => Key deleted successfully.
"HKCR\CLSID\{CFB6322E-CC85-4d1b-82C7-893888A236BC}" => Key not found.
"HKCR\PROTOCOLS\Filter\application/x-ica;charset=euc-jp" => Key deleted successfully.
"HKCR\CLSID\{CFB6322E-CC85-4d1b-82C7-893888A236BC}" => Key not found.
"HKCR\PROTOCOLS\Filter\application/x-ica;charset=ISO-8859-1" => Key deleted successfully.
"HKCR\CLSID\{CFB6322E-CC85-4d1b-82C7-893888A236BC}" => Key not found.
"HKCR\PROTOCOLS\Filter\application/x-ica;charset=MS936" => Key deleted successfully.
"HKCR\CLSID\{CFB6322E-CC85-4d1b-82C7-893888A236BC}" => Key not found.
Filter: => Error: No automatic fix found for this entry.
application/x-ica;charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - No File => Error: No automatic fix found for this entry.
"HKCR\PROTOCOLS\Filter\application/x-ica;charset=MS950" => Key deleted successfully.
"HKCR\CLSID\{CFB6322E-CC85-4d1b-82C7-893888A236BC}" => Key not found.
"HKCR\PROTOCOLS\Filter\application/x-ica;charset=UTF-8" => Key deleted successfully.
"HKCR\CLSID\{CFB6322E-CC85-4d1b-82C7-893888A236BC}" => Key not found.
"HKCR\PROTOCOLS\Filter\application/x-ica;charset=UTF8" => Key deleted successfully.
"HKCR\CLSID\{CFB6322E-CC85-4d1b-82C7-893888A236BC}" => Key not found.
"HKCR\PROTOCOLS\Filter\ica" => Key deleted successfully.
"HKCR\CLSID\{CFB6322E-CC85-4d1b-82C7-893888A236BC}" => Key not found.
bitadcab => Unable to stop service
bitadcab => Service deleted successfully.
C:\Windows\System32\DRIVERS\bitadcab.sys => Moved successfully.
dskohpop => Service deleted successfully.
logugmid => Service deleted successfully.
MotDev => Service deleted successfully.
TCFilter => Service deleted successfully.
C:\Windows\jobippnp => Moved successfully.
C:\Windows\disipbas => Moved successfully.
C:\Users\Gershman Family\OEAccounts.reg => Moved successfully.
C:\Users\Ben\AppData\Local\Temp => Moved successfully.

"C:\Users\Gershman Family\AppData\Local\Temp" directory move:

Could not move "C:\Users\Gershman Family\AppData\Local\Temp" directory. => Scheduled to move on reboot.

"CustomCLSID:" => Key not found.
HKU\S-1-5-21-2625895798-646920419-2108830663-1001_Classes\CLSID\{355EC88A-02E2-4547-9DEE-F87426484BD1}\InprocServer32 -> C:\USERS\GERSHMAN FAMILY\APPDATA\LOCAL\GOOGLE\UPDATE\1.3.23.9\psuser_64.dll No File => Error: No automatic fix found for this entry.
"HKU\S-1-5-21-2625895798-646920419-2108830663-1001_Classes\CLSID\{FE498BAB-CB4C-4F88-AC3F-3641AAAF5E9E}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Boot\{1CEFF199-B811-41B1-AA7D-D792C690DA42}" => Error deleting key. The key could be protected.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{1CEFF199-B811-41B1-AA7D-D792C690DA42}" => Error deleting key. The key could be protected.
C:\Windows\System32\Tasks\LEVDFWSI => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\LEVDFWSI" => Error deleting key. The key could be protected.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{1ECE3E74-8252-4122-8438-E5090F44EE45}" => Key not found.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\RegClean Pro_UPDATES" => Key not found.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{2222A8FF-63A0-4497-8FBB-951E0BD74EB9}" => Key not found.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Browser Manager" => Key not found.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{48F4E408-41C4-471B-BCFF-BAB5101BA31B}" => Key not found.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\RegClean Pro" => Key not found.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{568CABCE-1D14-4561-A441-12791C1B41AA}" => Error deleting key. The key could be protected.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{568CABCE-1D14-4561-A441-12791C1B41AA}" => Error deleting key. The key could be protected.
C:\Windows\System32\Tasks\FreeFileViewerUpdateChecker => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\FreeFileViewerUpdateChecker" => Error deleting key. The key could be protected.
(x86)\FreeFileViewer\FFVCheckForUpdates.exe [2011-03-11] (Bitberry Software) <==== ATTENTION => Error: No automatic fix found for this entry.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{D35B08DB-FAC6-43ED-943D-0D28531AB621}" => Key not found.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Scheduled Update for Ask Toolbar" => Key not found.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{DFF0DA44-494B-4A0D-A267-F0A0B024C7F8}" => Key not found.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\ProgramUpdateCheck" => Key not found.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{E24B799B-3C14-4EFE-B861-C9F4B92FD181}" => Key not found.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\FinalTorrent Update Checker" => Key not found.
C:\Windows\Tasks\FreeFileViewerUpdateChecker.job => Moved successfully.
"C:\Windows\SysWOW64\msacm32C.dll" => File/Directory not found.
C:\Program Files (x86)\FreeFileViewer => Moved successfully.
C:\ProgramData\Temp => ":430C6D84" ADS removed successfully.
C:\ProgramData\Temp => ":74603393" ADS removed successfully.
C:\ProgramData\Temp => ":DFC5A2B2" ADS removed successfully.
C:\Users\Public\.DS_Store => ":AFP_AfpInfo" ADS removed successfully.

=> Result of Scheduled Files to move (Boot Mode: Normal) (Date&Time: 2014-09-01 09:35:17)<=

C:\Users\Gershman Family\AppData\Local\Temp => Moved successfully.

==== End of Fixlog ====

 

rkill

 

Rkill 2.6.8 by Lawrence Abrams (Grinler)
http://www.bleepingcomputer.com/
Copyright 2008-2014 BleepingComputer.com
More Information about Rkill can be found at this link:
 http://www.bleepingcomputer.com/forums/topic308364.html

Program started at: 09/01/2014 10:36:41 AM in x64 mode. (Safe Mode)
Windows Version: Windows 7 Home Premium Service Pack 1

Checking for Windows services to stop:

 * No malware services found to stop.

Checking for processes to terminate:

 * No malware processes found to kill.

Checking Registry for malware related settings:

 * No issues found in the Registry.

Resetting .EXE, .COM, & .BAT associations in the Windows Registry.
  * HKLM\Software\Classes\.exe\shell found and deleted!

Performing miscellaneous checks:

 * No issues found.

Checking Windows Service Integrity:

 * Base Filtering Engine (BFE) is not Running.
   Startup Type set to: Automatic

 * DHCP Client (Dhcp) is not Running.
   Startup Type set to: Automatic

 * DNS Client (Dnscache) is not Running.
   Startup Type set to: Automatic

 * COM+ Event System (EventSystem) is not Running.
   Startup Type set to: Automatic

 * Windows Firewall (MpsSvc) is not Running.
   Startup Type set to: Automatic

 * Network Connections (Netman) is not Running.
   Startup Type set to: Manual

 * Network Store Interface Service (nsi) is not Running.
   Startup Type set to: Automatic

 * Security Center (wscsvc) is not Running.
   Startup Type set to: Automatic (Delayed Start)

 * Windows Update (wuauserv) is not Running.
   Startup Type set to: Automatic (Delayed Start)

 * Ancillary Function Driver for Winsock (AFD) is not Running.
   Startup Type set to: System

 * Windows Firewall Authorization Driver (mpsdrv) is not Running.
   Startup Type set to: Manual

 * NetBT (NetBT) is not Running.
   Startup Type set to: System

 * NSI proxy service driver. (nsiproxy) is not Running.
   Startup Type set to: System

 * NetIO Legacy TDI Support Driver (tdx) is not Running.
   Startup Type set to: System

 * iphlpsvc [Missing ImagePath]

Searching for Missing Digital Signatures:

 * No issues found.

Checking HOSTS File:

 * HOSTS file entries found:

  127.0.8.1 activate.adobe.com

Program finished at: 09/01/2014 10:38:53 AM
Execution time: 0 hours(s), 2 minute(s), and 12 seconds(s)

 

Combofix/Fresh

ComboFix 14-08-31.01 - Gershman Family 09/01/2014  10:40:31.2.4 - x64 MINIMAL
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.1.1033.18.8191.6953 [GMT -4:00]
Running from: c:\users\Gershman Family\Desktop\freshcopy.exe
AV: Microsoft Security Essentials *Disabled/Updated* {641105E6-77ED-3F35-A304-765193BCB75F}
SP: Microsoft Security Essentials *Disabled/Updated* {DF70E402-51D7-30BB-99B4-4D23E83BFDE2}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 * Created a new restore point
.
.
(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
C:\prefs.js
c:\program files (x86)\Windows Live\Messenger\msacm32.dll
c:\users\Gershman Family\AppData\Roaming\technic-launcher.jar
c:\windows\iun6002.exe
.
.
(((((((((((((((((((((((((   Files Created from 2014-08-01 to 2014-09-01  )))))))))))))))))))))))))))))))
.
.
2014-09-01 14:52 . 2014-09-01 14:52 -------- d-----w- c:\users\UpdatusUser\AppData\Local\temp
2014-09-01 14:52 . 2014-09-01 14:52 -------- d-----w- c:\users\Default\AppData\Local\temp
2014-09-01 14:06 . 2014-09-01 14:56 -------- d-----w- c:\users\Gershman Family\AppData\Local\temp
2014-09-01 13:17 . 2014-09-01 14:25 -------- d-----w- c:\users\Gershman Family\AppData\Roaming\Browser Extensions
2014-09-01 01:12 . 2014-09-01 04:55 75888 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{EDD2D3FA-997E-4F47-AFDE-BC87B3EDD25F}\offreg.dll
2014-09-01 00:05 . 2014-09-01 13:35 -------- d-----w- C:\FRST
2014-08-31 21:51 . 2014-08-21 03:43 11319192 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{EDD2D3FA-997E-4F47-AFDE-BC87B3EDD25F}\mpengine.dll
2014-08-31 21:49 . 2014-08-31 21:49 -------- d-----w- c:\users\Gershman Family\AppData\Local\Adobe
2014-08-30 00:35 . 2014-08-20 03:28 1169712 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{4C91F68A-F0E4-4931-A1F2-E35F53A067EE}\gapaengine.dll
2014-08-30 00:35 . 2014-08-21 03:43 11319192 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2014-08-18 03:18 . 2014-08-18 03:18 -------- d-sh--w- c:\users\Ben\AppData\Local\EmieUserList
2014-08-18 03:18 . 2014-08-18 03:18 -------- d-sh--w- c:\users\Ben\AppData\Local\EmieSiteList
2014-08-16 21:26 . 2014-08-16 21:26 -------- d-----w- c:\users\Ben\AppData\Roaming\AVAST Software
2014-08-13 18:34 . 2014-08-13 18:34 -------- d-----w- C:\rei
2014-08-13 18:24 . 2014-08-13 18:24 -------- d-----w- c:\windows\ERUNT
2014-08-12 23:45 . 2014-08-12 23:45 -------- d-----w- c:\users\Gershman Family\AppData\Roaming\AVAST Software
2014-08-12 02:27 . 2014-08-12 02:27 92008 ----a-w- c:\windows\system32\drivers\aswStm.sys
2014-08-12 02:27 . 2014-08-12 02:27 29208 ----a-w- c:\windows\system32\drivers\aswHwid.sys
2014-08-12 02:27 . 2014-08-12 02:27 43152 ----a-w- c:\windows\avastSS.scr
2014-08-12 02:00 . 2014-08-12 02:00 -------- d-sh--w- c:\users\Gershman Family\AppData\Local\EmieUserList
2014-08-12 02:00 . 2014-08-12 02:00 -------- d-sh--w- c:\users\Gershman Family\AppData\Local\EmieSiteList
2014-08-10 21:51 . 2013-10-14 22:00 28368 ----a-w- c:\windows\system32\IEUDINIT.EXE
2014-08-10 21:47 . 2014-08-10 21:47 977408 ----a-w- c:\program files\Common Files\Microsoft Shared\VGX\VGX.dll
2014-08-10 21:45 . 2014-08-10 21:45 878080 ----a-w- c:\windows\system32\advapi32.dll
2014-08-10 21:44 . 2014-08-10 21:44 497152 ----a-w- c:\windows\system32\drivers\afd.sys
2014-08-10 21:44 . 2014-08-10 21:44 327168 ----a-w- c:\windows\system32\mswsock.dll
2014-08-10 21:44 . 2014-08-10 21:44 231424 ----a-w- c:\windows\SysWow64\mswsock.dll
2014-08-10 21:44 . 2014-08-10 21:44 1903552 ----a-w- c:\windows\system32\drivers\tcpip.sys
2014-08-10 16:53 . 2014-08-10 16:53 -------- d-----w- c:\program files (x86)\LogMeIn Hamachi
.
.
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2014-08-30 13:20 . 2012-04-06 16:28 699568 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2014-08-30 13:20 . 2011-05-15 19:40 71344 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2014-08-28 22:23 . 2010-06-24 16:33 23256 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
2014-08-20 03:28 . 2011-05-20 11:35 1169712 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\NISBackup\gapaengine.dll
2014-08-13 17:02 . 2013-07-04 15:12 427360 ----a-w- c:\windows\system32\drivers\aswsp.sys
2014-08-12 02:27 . 2013-07-04 15:12 224896 ----a-w- c:\windows\system32\drivers\aswVmm.sys
2014-08-12 02:27 . 2013-07-04 15:12 1041168 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2014-08-12 02:27 . 2013-07-04 15:12 65776 ----a-w- c:\windows\system32\drivers\aswRvrt.sys
2014-08-12 02:27 . 2013-07-04 15:12 79184 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2014-08-12 02:27 . 2013-07-04 15:12 307344 ----a-w- c:\windows\system32\aswBoot.exe
2014-08-12 02:27 . 2013-07-04 15:12 93568 ----a-w- c:\windows\system32\drivers\aswRdr2.sys
2014-08-10 21:45 . 2014-08-10 21:45 44032 ----a-w- c:\windows\apppatch\acwow64.dll
2014-06-29 01:38 . 2014-06-29 01:38 122584 ----a-w- c:\windows\system32\drivers\48230029.sys
2014-06-19 18:55 . 2013-12-05 22:38 280856 ----a-w- c:\windows\SysWow64\PnkBstrB.exe
2014-06-19 18:55 . 2011-10-08 20:50 280856 ----a-w- c:\windows\SysWow64\PnkBstrB.xtr
2014-06-11 02:15 . 2011-10-08 20:40 280792 ----a-w- c:\windows\SysWow64\PnkBstrB.ex0
2010-03-06 12:36 . 2010-12-17 11:00 2012912 ----a-w- c:\program files\SUPERANTISPYWARE.EXE
.
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\~\Browser Helper Objects\{0538CF1C-8419-4800-ADBB-0C00C799FDA2}]
2012-02-02 15:46 88416 ----a-w- c:\users\Gershman Family\AppData\Roaming\Genieo\Application\IEPlugins\bin\IEWrapper.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\~\Browser Helper Objects\{34A0D84B-CDDC-4EC4-AFDD-4F1DDE1D14E5}]
2014-08-26 10:27 610152 ----a-w- c:\users\Gershman Family\AppData\Roaming\Browser Extensions\Coupons.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive1]
@="{F241C880-6982-4CE5-8CF7-7085BA96DA5A}"
[HKEY_CLASSES_ROOT\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A}]
2013-02-01 13:17 222712 ----a-w- c:\users\Gershman Family\AppData\Local\Microsoft\SkyDrive\17.0.2003.1112\SkyDriveShell.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive2]
@="{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}"
[HKEY_CLASSES_ROOT\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}]
2013-02-01 13:17 222712 ----a-w- c:\users\Gershman Family\AppData\Local\Microsoft\SkyDrive\17.0.2003.1112\SkyDriveShell.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive3]
@="{BBACC218-34EA-4666-9D7A-C78F2274A524}"
[HKEY_CLASSES_ROOT\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524}]
2013-02-01 13:17 222712 ----a-w- c:\users\Gershman Family\AppData\Local\Microsoft\SkyDrive\17.0.2003.1112\SkyDriveShell.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2013-09-10 23:54 131248 ----a-w- c:\users\Gershman Family\AppData\Roaming\Dropbox\bin\DropboxExt.22.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2013-09-10 23:54 131248 ----a-w- c:\users\Gershman Family\AppData\Roaming\Dropbox\bin\DropboxExt.22.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2013-09-10 23:54 131248 ----a-w- c:\users\Gershman Family\AppData\Roaming\Dropbox\bin\DropboxExt.22.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2013-09-10 23:54 131248 ----a-w- c:\users\Gershman Family\AppData\Roaming\Dropbox\bin\DropboxExt.22.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Browser Extensions"="c:\users\Gershman Family\AppData\Roaming\Browser Extensions\CouponsHelper.exe" [2014-08-26 966504]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"AvastUI.exe"="c:\program files\AVAST Software\Avast\AvastUI.exe" [2014-08-13 4085896]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
"EnableLUA"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux9"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hitmanpro37]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hitmanpro37.sys]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
R0 aswRvrt;avast! Revert; [x]
R0 aswVmm;avast! VM Monitor; [x]
R1 A2DDA;A2 Direct Disk Access Support Driver;c:\eek\RUN\a2ddax64.sys;c:\eek\RUN\a2ddax64.sys [x]
R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys;c:\windows\SYSNATIVE\drivers\aswSnx.sys [x]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys;c:\windows\SYSNATIVE\drivers\aswSP.sys [x]
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV64.SYS;c:\program files\SUPERAntiSpyware\SASDIFSV64.SYS [x]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL64.SYS;c:\program files\SUPERAntiSpyware\SASKUTIL64.SYS [x]
R2 Amazon Download Agent;Amazon Download Agent;c:\program files (x86)\Amazon\Amazon Games & Software Downloader\AmazonGSDownloaderService.exe;c:\program files (x86)\Amazon\Amazon Games & Software Downloader\AmazonGSDownloaderService.exe [x]
R2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe;c:\windows\SYSNATIVE\atiesrxx.exe [x]
R2 AMD Reservation Manager;AMD Reservation Manager;c:\program files\ATI Technologies\ATI.ACE\Reservation Manager\AMD Reservation Manager.exe;c:\program files\ATI Technologies\ATI.ACE\Reservation Manager\AMD Reservation Manager.exe [x]
R2 aswHwid;avast! HardwareID;c:\windows\system32\drivers\aswHwid.sys;c:\windows\SYSNATIVE\drivers\aswHwid.sys [x]
R2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys;c:\windows\SYSNATIVE\drivers\aswMonFlt.sys [x]
R2 aswStm;aswStm;c:\windows\system32\drivers\aswStm.sys;c:\windows\SYSNATIVE\drivers\aswStm.sys [x]
R2 CinemaNow Service;CinemaNow Service;c:\program files (x86)\CinemaNow\CinemaNow Media Manager\CinemanowSvc.exe;c:\program files (x86)\CinemaNow\CinemaNow Media Manager\CinemanowSvc.exe [x]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R2 Hamachi2Svc;LogMeIn Hamachi Tunneling Engine;c:\program files (x86)\LogMeIn Hamachi\hamachi-2.exe;c:\program files (x86)\LogMeIn Hamachi\hamachi-2.exe [x]
R2 HP Support Assistant Service;HP Support Assistant Service;c:\program files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe;c:\program files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe [x]
R2 IntuitUpdateServiceV4;Intuit Update Service v4;c:\program files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe;c:\program files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe [x]
R2 MotoHelper;MotoHelper Service;c:\program files (x86)\Motorola\MotoHelper\MotoHelperService.exe;c:\program files (x86)\Motorola\MotoHelper\MotoHelperService.exe [x]
R2 NvNetworkService;NVIDIA Network Service;c:\program files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe;c:\program files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [x]
R2 NvStreamSvc;NVIDIA Streamer Service;c:\program files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe;c:\program files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [x]
R2 pdfcDispatcher;PDF Document Manager;c:\program files (x86)\PDF Complete\pdfsvc.exe;c:\program files (x86)\PDF Complete\pdfsvc.exe [x]
R2 QPCopyEngine;QPCopyEngine;c:\program files\IOMEGA\QUIKPROTECT\QpMonitor.exe;c:\program files\IOMEGA\QUIKPROTECT\QpMonitor.exe [x]
R2 sp_rsdrv2;Spyware Terminator Driver Filter;c:\windows\system32\DRIVERS\stflt.sys;c:\windows\SYSNATIVE\DRIVERS\stflt.sys [x]
R2 ST2012_Svc;Spyware Terminator 2012 Realtime Shield Service;c:\program files (x86)\Spyware Terminator\st_rsser64.exe;c:\program files (x86)\Spyware Terminator\st_rsser64.exe [x]
R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [x]
R2 TeamViewer9;TeamViewer 9;c:\program files (x86)\TeamViewer\Version9\TeamViewer_Service.exe;c:\program files (x86)\TeamViewer\Version9\TeamViewer_Service.exe [x]
R2 UMVPFSrv;UMVPFSrv;c:\program files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe;c:\program files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe [x]
R3 amdiox64;AMD IO Driver;c:\windows\system32\DRIVERS\amdiox64.sys;c:\windows\SYSNATIVE\DRIVERS\amdiox64.sys [x]
R3 athur;Atheros AR9271 Wireless Network Adapter Service;c:\windows\system32\DRIVERS\athurx.sys;c:\windows\SYSNATIVE\DRIVERS\athurx.sys [x]
R3 BBSvc;Bing Bar Update Service;c:\program files (x86)\Microsoft\BingBar\BBSvc.EXE;c:\program files (x86)\Microsoft\BingBar\BBSvc.EXE [x]
R3 BEService;BattlEye Service;c:\program files (x86)\Common Files\BattlEye\BEService.exe;c:\program files (x86)\Common Files\BattlEye\BEService.exe [x]
R3 BTCFilterService;USB Networking Driver Filter Service;c:\windows\system32\DRIVERS\motfilt.sys;c:\windows\SYSNATIVE\DRIVERS\motfilt.sys [x]
R3 cleanhlp;cleanhlp;c:\eek\Run\cleanhlp64.sys;c:\eek\Run\cleanhlp64.sys [x]
R3 dg_ssudbus;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.);c:\windows\system32\DRIVERS\ssudbus.sys;c:\windows\SYSNATIVE\DRIVERS\ssudbus.sys [x]
R3 EuMusDesignVirtualAudioCableWdm;Virtual Audio Cable (WDM);c:\windows\system32\DRIVERS\vrtaucbl.sys;c:\windows\SYSNATIVE\DRIVERS\vrtaucbl.sys [x]
R3 GamesAppService;GamesAppService;c:\program files (x86)\WildTangent Games\App\GamesAppService.exe;c:\program files (x86)\WildTangent Games\App\GamesAppService.exe [x]
R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe;c:\windows\SYSNATIVE\IEEtwCollector.exe [x]
R3 InternetConnectionService;InternetConnectionService;c:\windows\SYSTEM32\KWCAPTUR.EXE;c:\windows\SYSNATIVE\KWCAPTUR.EXE [x]
R3 LVRS64;Logitech RightSound Filter Driver;c:\windows\system32\DRIVERS\lvrs64.sys;c:\windows\SYSNATIVE\DRIVERS\lvrs64.sys [x]
R3 LVUVC64;Logitech HD Webcam C270(UVC);c:\windows\system32\DRIVERS\lvuvc64.sys;c:\windows\SYSNATIVE\DRIVERS\lvuvc64.sys [x]
R3 ManyCam;ManyCam Virtual Webcam;c:\windows\system32\DRIVERS\mcvidrv_x64.sys;c:\windows\SYSNATIVE\DRIVERS\mcvidrv_x64.sys [x]
R3 mcaudrv_simple;ManyCam Virtual Microphone;c:\windows\system32\drivers\mcaudrv_x64.sys;c:\windows\SYSNATIVE\drivers\mcaudrv_x64.sys [x]
R3 motccgp;Motorola USB Composite Device Driver;c:\windows\system32\DRIVERS\motccgp.sys;c:\windows\SYSNATIVE\DRIVERS\motccgp.sys [x]
R3 motccgpfl;MotCcgpFlService;c:\windows\system32\DRIVERS\motccgpfl.sys;c:\windows\SYSNATIVE\DRIVERS\motccgpfl.sys [x]
R3 Motousbnet;Motorola USB Networking Driver Service;c:\windows\system32\DRIVERS\Motousbnet.sys;c:\windows\SYSNATIVE\DRIVERS\Motousbnet.sys [x]
R3 motusbdevice;Motorola USB Dev Driver;c:\windows\system32\DRIVERS\motusbdevice.sys;c:\windows\SYSNATIVE\DRIVERS\motusbdevice.sys [x]
R3 netr28x;Ralink 802.11n Extensible Wireless Driver;c:\windows\system32\DRIVERS\netr28x.sys;c:\windows\SYSNATIVE\DRIVERS\netr28x.sys [x]
R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys;c:\windows\SYSNATIVE\DRIVERS\NisDrvWFP.sys [x]
R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\NisSrv.exe;c:\program files\Microsoft Security Client\NisSrv.exe [x]
R3 nvvad_WaveExtensible;NVIDIA Virtual Audio Device (Wave Extensible) (WDM);c:\windows\system32\drivers\nvvad64v.sys;c:\windows\SYSNATIVE\drivers\nvvad64v.sys [x]
R3 OverwolfUpdater;Overwolf Updater Windows SCM;c:\program files (x86)\Overwolf\OverwolfUpdater.exe;c:\program files (x86)\Overwolf\OverwolfUpdater.exe [x]
R3 QsFsFltr;QsFsFltr;c:\windows\system32\DRIVERS\QsFsFltr.sys;c:\windows\SYSNATIVE\DRIVERS\QsFsFltr.sys [x]
R3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys;c:\windows\SYSNATIVE\DRIVERS\Rt64win7.sys [x]
R3 SaiH075C;SaiH075C;c:\windows\system32\DRIVERS\SaiH075C.sys;c:\windows\SYSNATIVE\DRIVERS\SaiH075C.sys [x]
R3 ScreamBAudioSvc;ScreamBee Audio;c:\windows\system32\drivers\ScreamingBAudio64.sys;c:\windows\SYSNATIVE\drivers\ScreamingBAudio64.sys [x]
R3 ssudmdm;SAMSUNG  Mobile USB Modem Drivers (DEVGURU Ver.);c:\windows\system32\DRIVERS\ssudmdm.sys;c:\windows\SYSNATIVE\DRIVERS\ssudmdm.sys [x]
R3 tap0901t;TAP-Win32 Adapter V9 (Tunngle);c:\windows\system32\DRIVERS\tap0901t.sys;c:\windows\SYSNATIVE\DRIVERS\tap0901t.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 TunngleService;TunngleService;c:\program files (x86)\Tunngle\TnglCtrl.exe;c:\program files (x86)\Tunngle\TnglCtrl.exe [x]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys;c:\windows\SYSNATIVE\Drivers\usbaapl64.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]
R3 WinRing0_1_2_0;WinRing0_1_2_0;c:\program files (x86)\Razer\Razer Game Booster\Driver\WinRing0x64.sys;c:\program files (x86)\Razer\Razer Game Booster\Driver\WinRing0x64.sys [x]
S0 gfibto;gfibto;c:\windows\system32\drivers\gfibto.sys;c:\windows\SYSNATIVE\drivers\gfibto.sys [x]
S1 ctxusbm;Citrix USB Monitor Driver;c:\windows\system32\DRIVERS\ctxusbm.sys;c:\windows\SYSNATIVE\DRIVERS\ctxusbm.sys [x]
S2 !SASCORE;SAS Core Service;c:\program files\SUPERANTISPYWARE\SASCORE64.EXE;c:\program files\SUPERANTISPYWARE\SASCORE64.EXE [x]
S3 dc3d;MS Hardware Device Detection Driver (USB);c:\windows\system32\DRIVERS\dc3d.sys;c:\windows\SYSNATIVE\DRIVERS\dc3d.sys [x]
S3 Point64;Microsoft Mouse and Keyboard Center Filter Driver;c:\windows\system32\DRIVERS\point64.sys;c:\windows\SYSNATIVE\DRIVERS\point64.sys [x]
S3 usbfilter;AMD USB Filter Driver;c:\windows\system32\DRIVERS\usbfilter.sys;c:\windows\SYSNATIVE\DRIVERS\usbfilter.sys [x]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2014-08-30 01:11 1096520 ----a-w- c:\program files (x86)\Google\Chrome\Application\37.0.2062.102\Installer\chrmstp.exe
.
Contents of the 'Scheduled Tasks' folder
.
2014-09-01 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-06 13:20]
.
2014-08-29 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2625895798-646920419-2108830663-1008Core.job
- c:\users\Ben\AppData\Local\Facebook\Update\FacebookUpdate.exe [2011-10-02 06:53]
.
2014-09-01 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2625895798-646920419-2108830663-1008UA.job
- c:\users\Ben\AppData\Local\Facebook\Update\FacebookUpdate.exe [2011-10-02 06:53]
.
2014-09-01 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-12-04 04:09]
.
2014-09-01 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-12-04 04:09]
.
2014-09-01 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2625895798-646920419-2108830663-1001Core.job
- c:\users\Gershman Family\AppData\Local\Google\Update\GoogleUpdate.exe [2011-03-14 04:09]
.
2014-09-01 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2625895798-646920419-2108830663-1001UA.job
- c:\users\Gershman Family\AppData\Local\Google\Update\GoogleUpdate.exe [2011-03-14 04:09]
.
2014-08-27 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2625895798-646920419-2108830663-1008Core.job
- c:\users\Ben\AppData\Local\Google\Update\GoogleUpdate.exe [2013-02-10 21:10]
.
2014-09-01 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2625895798-646920419-2108830663-1008UA.job
- c:\users\Ben\AppData\Local\Google\Update\GoogleUpdate.exe [2013-02-10 21:10]
.
2014-09-01 c:\windows\Tasks\HPCeeScheduleForBen.job
- c:\program files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2011-07-15 09:43]
.
2014-09-01 c:\windows\Tasks\HPCeeScheduleForGershman Family.job
- c:\program files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2011-07-15 09:43]
.
2014-08-25 c:\windows\Tasks\KWVacuum.job
- c:\program files (x86)\Computer Business Solutions\KidsWatch\KidsWatch.exe [2013-06-18 21:49]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive1]
@="{F241C880-6982-4CE5-8CF7-7085BA96DA5A}"
[HKEY_CLASSES_ROOT\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A}]
2013-02-01 13:17 261624 ----a-w- c:\users\Gershman Family\AppData\Local\Microsoft\SkyDrive\17.0.2003.1112\amd64\SkyDriveShell64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive2]
@="{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}"
[HKEY_CLASSES_ROOT\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}]
2013-02-01 13:17 261624 ----a-w- c:\users\Gershman Family\AppData\Local\Microsoft\SkyDrive\17.0.2003.1112\amd64\SkyDriveShell64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive3]
@="{BBACC218-34EA-4666-9D7A-C78F2274A524}"
[HKEY_CLASSES_ROOT\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524}]
2013-02-01 13:17 261624 ----a-w- c:\users\Gershman Family\AppData\Local\Microsoft\SkyDrive\17.0.2003.1112\amd64\SkyDriveShell64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2014-08-12 02:27 634872 ----a-w- c:\program files\AVAST Software\Avast\ashShA64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2013-09-10 23:54 164016 ----a-w- c:\users\Gershman Family\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2013-09-10 23:54 164016 ----a-w- c:\users\Gershman Family\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2013-09-10 23:54 164016 ----a-w- c:\users\Gershman Family\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2013-09-10 23:54 164016 ----a-w- c:\users\Gershman Family\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveBlacklistedOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42}]
2014-08-08 14:34 777032 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedEditOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}"
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}]
2014-08-08 14:34 777032 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedEditOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}"
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}]
2014-08-08 14:34 777032 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedViewOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D43}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D43}]
2014-08-08 14:34 777032 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSyncedOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40}]
2014-08-08 14:34 777032 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSyncingOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41}]
2014-08-08 14:34 777032 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"hpsysdrv"="c:\program files (x86)\hewlett-packard\HP odometer\hpsysdrv.exe" [2008-11-20 62768]
"SpywareTerminatorShield"="c:\program files (x86)\Spyware Terminator\SpywareTerminatorShield.exe" [2012-09-07 2777296]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2013-06-21 1356240]
"IntelliType Pro"="c:\program files\Microsoft Mouse and Keyboard Center\itype.exe" [2012-11-02 1464944]
"drkly16j"="drkly16j.dll" [2013-07-02 1760992]
"SpywareTerminatorUpdater"="c:\program files (x86)\Spyware Terminator\SpywareTerminatorUpdate.exe" [2013-04-03 3684488]
.
------- Supplementary Scan -------
.
uStart Page = https://search.yahoo.com/?type=242154&fr=spigot-yhp-ie
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = 192.168.*.*;*.local;<local>
uSearchAssistant = hxxp://www.google.com
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: Clip image - c:\program files (x86)\Evernote\Evernote\EvernoteIERes\Clip.html?clipAction=4
IE: Clip selection - c:\program files (x86)\Evernote\Evernote\EvernoteIERes\Clip.html?clipAction=3
IE: Clip this page - c:\program files (x86)\Evernote\Evernote\EvernoteIERes\Clip.html?clipAction=1
IE: Clip URL - c:\program files (x86)\Evernote\Evernote\EvernoteIERes\Clip.html?clipAction=0
IE: New note - c:\program files (x86)\Evernote\Evernote\EvernoteIERes\NewNote.html
Trusted Zone: clonewarsadventures.com
Trusted Zone: freerealms.com
Trusted Zone: soe.com
Trusted Zone: sony.com
TCP: DhcpNameServer = 167.206.10.178 167.206.10.179 192.168.1.1
TCP: Interfaces\{0A04D516-9AB4-4AA2-8B21-93B4AD435054}: DhcpNameServer = 167.206.10.178 167.206.10.179 192.168.1.1
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-Locked - (no file)
Wow6432Node-HKLM-Run-<NO NAME> - (no file)
SafeBoot-CleanHlp
SafeBoot-CleanHlp.sys
HKLM_Wow6432Node-ActiveSetup-{2D46B6DC-2207-486B-B523-A557E6D54B47} - start
Toolbar-Locked - (no file)
AddRemove-737-700 Southwest Airlines Liveries Package v2.2 - c:\program files\Microsoft Games\Microsoft Flight Simulator X\Uninstal.exe
AddRemove-767CAPTAIN - c:\program files (x86)\Microsoft Games\Microsoft Flight Simulator X\csX767_uninstall.exe
AddRemove-Accu-Feel - c:\progra~2\MI233B~1\MICROS~1\\A2A\Feel\UNWISE.EXE
AddRemove-Aces High - c:\hitech~1\ACESHI~1\UNWISE.EXE
AddRemove-AICarriers - c:\program files (x86)\AICarriers\uninstall.exe
AddRemove-Area 51 Simulations C-17 Globemaster for MS Flight Simulator FSX - c:\program files (x86)\Microsoft Games\Microsoft Flight Simulator X\SimObjects\Airplanes\Globemaster\Uninstal.exe
AddRemove-Area 51 Simulations MH-47E FSX Version for Windows 7 64 Bit - c:\program files (x86)\Microsoft Games\Microsoft Flight Simulator X\SimObjects\Rotorcraft\Area51Sim MH-47\Uninstal.exe
AddRemove-ArmA - g:\program files\Bohemia Interactive\ArmA\UnInstall.exe
AddRemove-ArmA 2 - c:\program files\Bohemia Interactive\ArmA 2\UnInstall.exe
AddRemove-Arma 2 British Armed Forces - c:\program files\Bohemia Interactive\ArmA 2\BAF\UnInstall.exe
AddRemove-ARMA 2 Operation Arrowhead - c:\program files\Bohemia Interactive\ArmA 2\UnInstall_OA.exe
AddRemove-Arma 2 Private Military Company - c:\program files\Bohemia Interactive\ArmA 2\PMC\UnInstall.exe
AddRemove-Arma Cold War Assault - g:\program files\Bohemia Interactive\Arma Cold War Assault\UnInstall.exe
AddRemove-ATR_72500 - c:\windows\iun6002.exe
AddRemove-ATR_Beta - c:\windows\iun6002.exe
AddRemove-Battlelog Web Plugins - c:\program files (x86)\Battlelog Web Plugins\uninstall.exe
AddRemove-BattlEye - c:\program files\Bohemia Interactive\ArmA 2\BattlEye\UnInstallBE.exe
AddRemove-BattlEye A2 Free - c:\program files (x86)\Bohemia Interactive\ArmA 2 FreeBattlEye\UnInstallBE.exe
AddRemove-BattlEye for A1 - g:\program files\Bohemia Interactive\ArmABattlEye\UnInstallBE.exe
AddRemove-BattlEye for RFT - c:\program files (x86)\Bohemia Interactive\ArmA\Expansion\BattlEye\UnInstallBE.exe
AddRemove-BinMake - c:\program files (x86)\Bohemia Interactive\Tools\BinMake\UnInstall.exe
AddRemove-BinPBO Personal Edition - c:\program files (x86)\Bohemia Interactive\Tools\BinPBO Personal Edition\UnInstall.exe
AddRemove-BN_DesktopReader - c:\program files (x86)\Barnes & Noble\BNDesktopReader\uninstall.exe
AddRemove-BOXEE - c:\program files (x86)\Boxee\uninstall.exe
AddRemove-Carenado C172N FSX - c:\program files (x86)\Microsoft Games\Microsoft Flight Simulator X\uninstall.exe
AddRemove-Carenado C340 II FSX - c:\program files (x86)\Microsoft Games\Microsoft Flight Simulator X\uninstall.exe
AddRemove-CCFile_is1 - c:\program files (x86)\CCFile\unins000.exe
AddRemove-Driver Genius Professional Edition_is1 - c:\program files (x86)\Driver-Soft\DriverGenius\unins000.exe
AddRemove-ESET Online Scanner - c:\program files (x86)\ESET\ESET Online Scanner\OnlineScannerUninstaller.exe
AddRemove-ESN Sonar-0.70.0 - c:\program files (x86)\Battlelog Web Plugins\Sonar\esnsonar_uninstall.exe
AddRemove-ESN Sonar-0.70.4 - c:\program files (x86)\Battlelog Web Plugins\Sonar\esnsonar_uninstall.exe
AddRemove-FastStone Capture - c:\users\Gershman Family\Desktop\FastStone Capture\uninst.exe
AddRemove-FinalTorrent_is1 - c:\program files (x86)\FinalTorrent\unins000.exe
AddRemove-Flight Environment X - c:\program files (x86)\Flight One Software\Flight Environment X\UnFEX.exe
AddRemove-FlightGear_is1 - h:\program files (x86)\FlightGear\unins000.exe
AddRemove-Fraps - s:\fraps\uninstall.exe
AddRemove-FreeFileViewer_is1 - c:\program files (x86)\FreeFileViewer\unins001.exe
AddRemove-FSDreamTeam JFK FSX_is1 - c:\program files (x86)\Microsoft Games\Microsoft Flight Simulator X\unins004.exe
AddRemove-FSM Editor Personal Edition - c:\program files (x86)\Bohemia Interactive\Tools\FSM Editor Personal Edition\UnInstall.exe
AddRemove-MyTraffic X 5.2 Simmarket Edition - c:\program files (x86)\Microsoft Games\Microsoft Flight Simulator X\MyTrafficX52uninst.exe
AddRemove-NEMETH DESIGNS - Sikorski CH53-E - c:\program files (x86)\Microsoft Games\Microsoft Flight Simulator X\NDCH53E.exe
AddRemove-Nemeth Designs Aerospatiale SA-2 Samson (Beta 2) - c:\program files (x86)\Microsoft Games\Microsoft Flight Simulator X\samsonbeta2uninstall.exe
AddRemove-Oxygen 2 Personal Edition - c:\program files (x86)\Bohemia Interactive\Tools\Oxygen 2 Personal Edition\UnInstall.exe
AddRemove-P-51D Mustang v1.2 - c:\program files (x86)\Microsoft Games\Microsoft Flight Simulator X\Uninstal.exe
AddRemove-Pamela - c:\program files (x86)\Pamela\Uninst.exe
AddRemove-Pole to Pole FSX - c:\program files (x86)\Microsoft Games\Microsoft Flight Simulator X\Uninstal Pole to Pole.exe
AddRemove-Project Landrover Derfender - c:\program files (x86)\Microsoft Games\Microsoft Flight Simulator X\Uninstal.exe
AddRemove-Project Reality: BF2 (pr)_is1 - c:\program files (x86)\EA GAMES\Battlefield 2\unins000.exe
AddRemove-Sound Tools - c:\program files (x86)\Bohemia Interactive\Tools\Sound Tools\UnInstall.exe
AddRemove-SPACESHUTTLE - c:\program files (x86)\Microsoft Games\Microsoft Flight Simulator X\css001_uninstall.exe
AddRemove-Steam App 10180 - g:\steam\steam.exe
AddRemove-Steam App 10190 - c:\program files (x86)\Steam\steam.exe
AddRemove-Steam App 104320 - c:\program files (x86)\Steam\steam.exe
AddRemove-Steam App 107410 - c:\program files (x86)\Steam\steam.exe
AddRemove-Steam App 12210 - c:\program files (x86)\Steam\steam.exe
AddRemove-Steam App 12220 - c:\program files (x86)\Steam\steam.exe
AddRemove-Steam App 215 - c:\program files (x86)\Steam\steam.exe
AddRemove-Steam App 223750 - c:\program files (x86)\Steam\steam.exe
AddRemove-Steam App 224780 - c:\program files (x86)\Steam\steam.exe
AddRemove-Steam App 35450 - c:\program files (x86)\Steam\steam.exe
AddRemove-Steam App 43110 - c:\program files (x86)\Steam\steam.exe
AddRemove-Steam App 440 - c:\program files (x86)\Steam\steam.exe
AddRemove-Steam App 4560 - c:\program files (x86)\Steam\steam.exe
AddRemove-Tarawa Class LHA's1.1 - c:\users\Gershman Family\Desktop\Uninstall_Tarawa Class LHA's\uninstalPlumIsland.exe
AddRemove-Text-o-Matic - c:\program files (x86)\Microsoft Games\Microsoft Flight Simulator X\Flight One Software\Text-o-Matic\Templates\UnTextomatic.exe
AddRemove-TexView 2 - c:\program files\Bohemia Interactive\Tools\TexView 2\UnInstall.exe
AddRemove-TJSJ San Juan FSX - c:\program files (x86)\Microsoft Games\Microsoft Flight Simulator X\Uninstall TJSJ.exe
AddRemove-Trusted Software Assistant_is1 - c:\program files (x86)\File Type Assistant\unins000.exe
AddRemove-Ultimate Airliners - The Super 80 - c:\flight one software\S80Uninstall.exe
AddRemove-Visitor 3 - c:\program files (x86)\Bohemia Interactive\Tools\Visitor 3\UnInstall.exe
AddRemove-{026938AE-8782-4CDE-8860-3B76CC75AC50}_is1 - c:\program files\Microsoft Games\Microsoft Flight Simulator X\unins000.exe
AddRemove-{0F1F6144-F13A-433D-B66E-129C5E8D504B}_is1 - c:\program files (x86)\Microsoft Games\Microsoft Flight Simulator X\unins005.exe
AddRemove-{270EDE76-0A48-43D7-B56C-40221F7A97D8}_is1 - c:\program files (x86)\Microsoft Games\Microsoft Flight Simulator X\Microsoft Flight Simulator X\unins000.exe
AddRemove-{3B22C38F-EC27-4488-B1F6-64EF6A28906F}_is1 - c:\program files (x86)\Microsoft Games\Microsoft Flight Simulator X\unins000.exe
AddRemove-{5B57D4F1-66BA-448C-97F1-23F73517C694}_is1 - c:\cs 757\Microsoft Flight Simulator X\unins000.exe
AddRemove-{9951EF0F-3517-4754-9F11-9D0A274EB4C4}_is1 - c:\program files (x86)\Microsoft Games\Microsoft Flight Simulator X\Microsoft Flight Simulator X\unins001.exe
AddRemove-{AADBF993-58ED-4C7B-8B4E-F3663B7EF7A5}_is1 - c:\program files (x86)\Microsoft Games\Microsoft Flight Simulator X\Microsoft Flight Simulator X\unins002.exe
AddRemove-{BD8C4EB3-7C47-41B8-8BA6-392CDEC03482}_is1 - c:\program files (x86)\Microsoft Games\Microsoft Flight Simulator X\Microsoft Flight Simulator X\unins000.exe
AddRemove-{DC0460B6-81E2-45B2-9725-04D5074C6838}_is1 - c:\program files\Microsoft Games\Microsoft Flight Simulator X\unins001.exe
AddRemove-{E35A3B13-78CD-4967-8AC8-AA9FDA693EDE} - c:\program files (x86)\InstallShield Installation Information\{E35A3B13-78CD-4967-8AC8-AA9FDA693EDE}\setup.exe
AddRemove-{F314B249-500E-4C0A-9186-92DB1417973D}_is1 - c:\program files\Microsoft Games\Microsoft Flight Simulator X\unins002.exe
AddRemove-AlphaSim AH-64D for FSX v1.00 - c:\program files (x86)\Microsoft Games\Microsoft Flight Simulator X\Uninstal_FSXAH64D.exe
AddRemove-Area51 Simulations UH-1Y Venom FSX Version - c:\program files (x86)\Microsoft Games\Microsoft Flight Simulator X\SimObjects\Rotorcraft\Area51Sim Uh-1Y Venom\Uninstal.exe
AddRemove-Bell 212 FSX 1.0 - c:\program files (x86)\Microsoft Games\Microsoft Flight Simulator X\Uninstal Cera Bell 212.exe
AddRemove-BLACKHAWK for FSX by FAG - c:\program files (x86)\Microsoft Games\Microsoft Flight Simulator X\SimObjects\Rotorcraft\Uninstal.exe
AddRemove-Carenado C152II FSX - c:\program files (x86)\Microsoft Games\Microsoft Flight Simulator X\Uninstal.exe
AddRemove-Carenado C185F SKYWAGON FSX - c:\program files (x86)\Microsoft Games\Microsoft Flight Simulator X\Uninstal Archer FSX.exe
AddRemove-E-Jets Series (FSX) - c:\program files (x86)\Microsoft Games\Microsoft Flight Simulator X\Uninstal_ejets_fsx_wilco.exe
AddRemove-Eaglesoft Development Group  Citation CII 1.5 - c:\program files (x86)\Microsoft Games\Microsoft Flight Simulator X\CIIXUninstaller.exe
AddRemove-Eaglesoft Development Group  Citation X 2.0 FSX - c:\program files (x86)\Microsoft Games\Microsoft Flight Simulator X\CX20X Uninstaller.exe
AddRemove-fs-freeware.net - Complete April Downloads 2010 - c:\program files (x86)\Microsoft Games\Microsoft Flight Simulator X\Uninstal.exe
AddRemove-fs-freeware.net Military Aircraft Package 1 - c:\program files (x86)\Microsoft Games\Microsoft Flight Simulator X\SimObjects\Airplanes\Uninstal.exe
AddRemove-FSX Ultra-Pack - c:\program files (x86)\Microsoft Games\Microsoft Flight Simulator X\SimObjects\Airplanes\Uninstal.exe
AddRemove-FTX AU GOLD Version 1.0 - c:\program files (x86)\Microsoft Games\Microsoft Flight Simulator X\Uninstaller_Orbx_FTXAUBLUE
AddRemove-Seahawk & Jayhawk - c:\program files (x86)\Microsoft Games\Microsoft Flight Simulator X\Uninstal Seahawk&Jayhawk.exe
AddRemove-Search Protection - c:\users\Gershman Family\AppData\Roaming\Search Protection\uninstall.exe
AddRemove-Spotify - c:\users\Gershman Family\AppData\Roaming\Spotify\Spotify.exe
AddRemove-TeamSpeak 3 Client - c:\users\Gershman Family\AppData\Local\TeamSpeak 3 Client\uninstall.exe
AddRemove-Ultimate Terrain X - USA - c:\program files (x86)\Microsoft Games\Microsoft Flight Simulator X\UnInst.exe
.
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\pdfcDispatcher]
"ImagePath"="c:\program files (x86)\PDF Complete\pdfsvc.exe /startedbyscm:66B66708-40E2BE4D-pdfcService"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\ApprovedExtensionsMigration]
@Denied: (2) (LocalSystem)
"Timestamp"=hex:3c,9a,2b,f9,76,46,cc,01
.
[HKEY_USERS\S-1-5-21-2625895798-646920419-2108830663-1001\Software\SecuROM\License information*]
"datasecu"=hex:63,26,08,47,f7,65,df,a9,89,62,4c,db,18,a3,8a,08,af,16,11,94,bc,
   43,a0,bf,f0,98,b5,41,da,14,ef,2f,cf,d1,60,7c,38,09,3a,6c,bb,81,9b,f8,38,45,\
"rkeysecu"=hex:12,23,f4,26,8f,86,77,d5,1b,5d,c8,9f,c5,85,20,69
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_14_0_0_176_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_14_0_0_176_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_14_0_0_176_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_14_0_0_176_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_14_0_0_176.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.14"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_14_0_0_176.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_14_0_0_176.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_14_0_0_176.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
"Key"="ActionsPane3"
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0004\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0005\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0006\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2014-09-01  10:58:21
ComboFix-quarantined-files.txt  2014-09-01 14:58
.
Pre-Run: 167,959,310,336 bytes free
Post-Run: 168,326,107,136 bytes free
.
- - End Of File - - 36ADA8C3F0A35E6353974433886C82B3
 



#13 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 36,617 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:11:39 PM

Posted 01 September 2014 - 01:21 PM

Yes, there was a lot of work to be done. Please do these things now.

===================================================

Farbar's Recovery Scan Tool - Run Fix in Normal or Safe Mode

--------------------
  • Press the Windows key Windows_Logo_key.gif + r on your keyboard at the same time. Type in notepad and press Enter
  • Please copy and paste the contents of the below code box into the open notepad and save it to your desktop (<<<Important) as fixlist.txt
Filter: application/x-ica;charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - No File
HKU\S-1-5-21-2625895798-646920419-2108830663-1001_Classes\CLSID\{355EC88A-02E2-4547-9DEE-F87426484BD1}
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\~\Browser Helper Objects\{34A0D84B-CDDC-4EC4-AFDD-4F1DDE1D14E5}
Hosts:
EmptyTemp:
  • Launch FRST and press the Fix button just once and wait, the program will automatically launch fixlist.txt.
  • The tool will create a log on the desktop called Fixlog.txt. Please copy and paste the contents of the file in your reply.
===================================================

Farbar's MiniRegTool

--------------------
  • Please download MiniRegTool.zip (for 32 bit systems) or MiniRegTool64.zip (for 64 bit systems) and save it to your desktop
  • Unzip the folder and double click the icon
  • When you run the tool this is what you will see

MiniReg.gif

  • Copy and paste the following into the edit box:

HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Boot\{1CEFF199-B811-41B1-AA7D-D792C690DA42}
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{1CEFF199-B811-41B1-AA7D-D792C690DA42}
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\LEVDFWSI
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{568CABCE-1D14-4561-A441-12791C1B41AA}
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{568CABCE-1D14-4561-A441-12791C1B41AA}
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\FreeFileViewerUpdateChecker

  • Check the Delete Keys/Values including Locked/Null embedded radio button.
  • Press the Go button and post the result.
===================================================

Running Combofix Script

-------------------
  • Close any open browsers.
  • Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
  • Open Notepad and copy/paste the text below into the Notepad document
Registry::
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Browser Extensions"=-
  • Save this on your desktop as CFScript.txt

CFScriptB-4.gif

  • Referring to the picture above, drag CFScript.txt into ComboFix.exe
  • When finished, it will create a log for you at C:\ComboFix.txt. Please copy/paste the information in your next reply.
===================================================

Things I would like to see in your next reply. Please be sure to copy and paste any requested log information unless you are asked to attach it. :thumbsup2:
  • Fixlog
  • MiniRegTool report
  • Combofix log
  • How is your compter running?

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#14 Harris1965

Harris1965
  • Topic Starter

  • Members
  • 82 posts
  • OFFLINE
  •  
  • Local time:02:39 AM

Posted 01 September 2014 - 03:01 PM

Here's the latest. We haven't really had a chance to run the PC between scanning and logging. Maybe in the next little while we'll take her out for a spin.

 

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 31-08-2014 02
Ran by Gershman Family at 2014-09-01 14:49:51 Run:2
Running from C:\Users\GERSHMAN FAMILY\Desktop
Boot Mode: Normal
==============================================

Content of fixlist:
*****************
Filter: application/x-ica;charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - No File
HKU\S-1-5-21-2625895798-646920419-2108830663-1001_Classes\CLSID\{355EC88A-02E2-4547-9DEE-F87426484BD1}
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\~\Browser Helper Objects\{34A0D84B-CDDC-4EC4-AFDD-4F1DDE1D14E5}
Hosts:
EmptyTemp:
*****************

"HKCR\PROTOCOLS\Filter\application/x-ica;charset=MS949" => Key deleted successfully.
"HKCR\CLSID\{CFB6322E-CC85-4d1b-82C7-893888A236BC}" => Key not found.
HKU\S-1-5-21-2625895798-646920419-2108830663-1001_Classes\CLSID\{355EC88A-02E2-4547-9DEE-F87426484BD1} => Error: No automatic fix found for this entry.
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\~\Browser Helper Objects\{34A0D84B-CDDC-4EC4-AFDD-4F1DDE1D14E5} => Error: No automatic fix found for this entry.
C:\Windows\System32\Drivers\etc\hosts => Moved successfully.
Hosts was reset successfully.
EmptyTemp: => Removed 876 MB temporary data.

The system needed a reboot.

==== End of Fixlog ====

 

MiniRegTool64 by Farbar Version:21-07-2014
Ran by Gershman Family (administrator) on 2014-09-01 15:18:12

====================================
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Boot\{1CEFF199-B811-41B1-AA7D-D792C690DA42}" deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{1CEFF199-B811-41B1-AA7D-D792C690DA42}" deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\LEVDFWSI" deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{568CABCE-1D14-4561-A441-12791C1B41AA}" deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{568CABCE-1D14-4561-A441-12791C1B41AA}" deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\FreeFileViewerUpdateChecker " not found.

ComboFix 14-08-31.01 - Gershman Family 09/01/2014  15:24:13.3.4 - x64
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.1.1033.18.8191.6182 [GMT -4:00]
Running from: c:\users\Gershman Family\Desktop\freshcopy.exe
Command switches used :: c:\users\Gershman Family\Desktop\CFScript.txt
AV: avast! Antivirus *Disabled/Updated* {17AD7D40-BA12-9C46-7131-94903A54AD8B}
AV: Microsoft Security Essentials *Disabled/Updated* {641105E6-77ED-3F35-A304-765193BCB75F}
SP: avast! Antivirus *Disabled/Updated* {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}
SP: Microsoft Security Essentials *Disabled/Updated* {DF70E402-51D7-30BB-99B4-4D23E83BFDE2}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 * Created a new restore point
.
.
(((((((((((((((((((((((((   Files Created from 2014-08-01 to 2014-09-01  )))))))))))))))))))))))))))))))
.
.
2014-09-01 19:40 . 2014-09-01 19:40 -------- d-----w- c:\users\UpdatusUser\AppData\Local\temp
2014-09-01 19:40 . 2014-09-01 19:40 -------- d-----w- c:\users\Default\AppData\Local\temp
2014-09-01 19:40 . 2014-09-01 19:40 -------- d-----w- c:\users\Ben\AppData\Local\temp
2014-09-01 14:06 . 2014-09-01 19:43 -------- d-----w- c:\users\Gershman Family\AppData\Local\temp
2014-09-01 13:17 . 2014-09-01 14:25 -------- d-----w- c:\users\Gershman Family\AppData\Roaming\Browser Extensions
2014-09-01 00:05 . 2014-09-01 18:52 -------- d-----w- C:\FRST
2014-08-31 21:49 . 2014-08-31 21:49 -------- d-----w- c:\users\Gershman Family\AppData\Local\Adobe
2014-08-18 03:18 . 2014-08-18 03:18 -------- d-sh--w- c:\users\Ben\AppData\Local\EmieUserList
2014-08-18 03:18 . 2014-08-18 03:18 -------- d-sh--w- c:\users\Ben\AppData\Local\EmieSiteList
2014-08-16 21:26 . 2014-08-16 21:26 -------- d-----w- c:\users\Ben\AppData\Roaming\AVAST Software
2014-08-13 18:34 . 2014-08-13 18:34 -------- d-----w- C:\rei
2014-08-13 18:24 . 2014-08-13 18:24 -------- d-----w- c:\windows\ERUNT
2014-08-12 23:45 . 2014-08-12 23:45 -------- d-----w- c:\users\Gershman Family\AppData\Roaming\AVAST Software
2014-08-12 02:27 . 2014-08-12 02:27 92008 ----a-w- c:\windows\system32\drivers\aswStm.sys
2014-08-12 02:27 . 2014-08-12 02:27 29208 ----a-w- c:\windows\system32\drivers\aswHwid.sys
2014-08-12 02:27 . 2014-08-12 02:27 43152 ----a-w- c:\windows\avastSS.scr
2014-08-12 02:00 . 2014-08-12 02:00 -------- d-sh--w- c:\users\Gershman Family\AppData\Local\EmieUserList
2014-08-12 02:00 . 2014-08-12 02:00 -------- d-sh--w- c:\users\Gershman Family\AppData\Local\EmieSiteList
2014-08-10 21:51 . 2013-10-14 22:00 28368 ----a-w- c:\windows\system32\IEUDINIT.EXE
2014-08-10 21:47 . 2014-08-10 21:47 977408 ----a-w- c:\program files\Common Files\Microsoft Shared\VGX\VGX.dll
2014-08-10 21:45 . 2014-08-10 21:45 878080 ----a-w- c:\windows\system32\advapi32.dll
2014-08-10 21:44 . 2014-08-10 21:44 497152 ----a-w- c:\windows\system32\drivers\afd.sys
2014-08-10 21:44 . 2014-08-10 21:44 327168 ----a-w- c:\windows\system32\mswsock.dll
2014-08-10 21:44 . 2014-08-10 21:44 231424 ----a-w- c:\windows\SysWow64\mswsock.dll
2014-08-10 21:44 . 2014-08-10 21:44 1903552 ----a-w- c:\windows\system32\drivers\tcpip.sys
2014-08-10 16:53 . 2014-08-10 16:53 -------- d-----w- c:\program files (x86)\LogMeIn Hamachi
.
.
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2014-08-30 13:20 . 2012-04-06 16:28 699568 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2014-08-30 13:20 . 2011-05-15 19:40 71344 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2014-08-28 22:23 . 2010-06-24 16:33 23256 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
2014-08-21 03:43 . 2014-09-01 15:12 11319192 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{0FC5FDB5-0046-4EDF-8416-B2474BAB4458}\mpengine.dll
2014-08-21 03:43 . 2014-08-30 00:35 11319192 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2014-08-20 03:28 . 2014-08-30 00:35 1169712 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{4C91F68A-F0E4-4931-A1F2-E35F53A067EE}\gapaengine.dll
2014-08-20 03:28 . 2011-05-20 11:35 1169712 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\NISBackup\gapaengine.dll
2014-08-13 17:02 . 2013-07-04 15:12 427360 ----a-w- c:\windows\system32\drivers\aswsp.sys
2014-08-12 02:27 . 2013-07-04 15:12 224896 ----a-w- c:\windows\system32\drivers\aswVmm.sys
2014-08-12 02:27 . 2013-07-04 15:12 1041168 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2014-08-12 02:27 . 2013-07-04 15:12 65776 ----a-w- c:\windows\system32\drivers\aswRvrt.sys
2014-08-12 02:27 . 2013-07-04 15:12 79184 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2014-08-12 02:27 . 2013-07-04 15:12 307344 ----a-w- c:\windows\system32\aswBoot.exe
2014-08-12 02:27 . 2013-07-04 15:12 93568 ----a-w- c:\windows\system32\drivers\aswRdr2.sys
2014-08-10 21:45 . 2014-08-10 21:45 44032 ----a-w- c:\windows\apppatch\acwow64.dll
2014-06-29 01:38 . 2014-06-29 01:38 122584 ----a-w- c:\windows\system32\drivers\48230029.sys
2014-06-19 18:55 . 2013-12-05 22:38 280856 ----a-w- c:\windows\SysWow64\PnkBstrB.exe
2014-06-19 18:55 . 2011-10-08 20:50 280856 ----a-w- c:\windows\SysWow64\PnkBstrB.xtr
2014-06-11 02:15 . 2011-10-08 20:40 280792 ----a-w- c:\windows\SysWow64\PnkBstrB.ex0
2010-03-06 12:36 . 2010-12-17 11:00 2012912 ----a-w- c:\program files\SUPERANTISPYWARE.EXE
.
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\~\Browser Helper Objects\{0538CF1C-8419-4800-ADBB-0C00C799FDA2}]
2012-02-02 15:46 88416 ----a-w- c:\users\Gershman Family\AppData\Roaming\Genieo\Application\IEPlugins\bin\IEWrapper.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\~\Browser Helper Objects\{34A0D84B-CDDC-4EC4-AFDD-4F1DDE1D14E5}]
2014-08-26 10:27 610152 ----a-w- c:\users\Gershman Family\AppData\Roaming\Browser Extensions\Coupons.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive1]
@="{F241C880-6982-4CE5-8CF7-7085BA96DA5A}"
[HKEY_CLASSES_ROOT\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A}]
2013-02-01 13:17 222712 ----a-w- c:\users\Gershman Family\AppData\Local\Microsoft\SkyDrive\17.0.2003.1112\SkyDriveShell.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive2]
@="{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}"
[HKEY_CLASSES_ROOT\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}]
2013-02-01 13:17 222712 ----a-w- c:\users\Gershman Family\AppData\Local\Microsoft\SkyDrive\17.0.2003.1112\SkyDriveShell.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive3]
@="{BBACC218-34EA-4666-9D7A-C78F2274A524}"
[HKEY_CLASSES_ROOT\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524}]
2013-02-01 13:17 222712 ----a-w- c:\users\Gershman Family\AppData\Local\Microsoft\SkyDrive\17.0.2003.1112\SkyDriveShell.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2013-09-10 23:54 131248 ----a-w- c:\users\Gershman Family\AppData\Roaming\Dropbox\bin\DropboxExt.22.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2013-09-10 23:54 131248 ----a-w- c:\users\Gershman Family\AppData\Roaming\Dropbox\bin\DropboxExt.22.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2013-09-10 23:54 131248 ----a-w- c:\users\Gershman Family\AppData\Roaming\Dropbox\bin\DropboxExt.22.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2013-09-10 23:54 131248 ----a-w- c:\users\Gershman Family\AppData\Roaming\Dropbox\bin\DropboxExt.22.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"AvastUI.exe"="c:\program files\AVAST Software\Avast\AvastUI.exe" [2014-08-13 4085896]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
"EnableLUA"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux9"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hitmanpro37]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hitmanpro37.sys]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
R2 aswStm;aswStm;c:\windows\system32\drivers\aswStm.sys;c:\windows\SYSNATIVE\drivers\aswStm.sys [x]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R2 Hamachi2Svc;LogMeIn Hamachi Tunneling Engine;c:\program files (x86)\LogMeIn Hamachi\hamachi-2.exe;c:\program files (x86)\LogMeIn Hamachi\hamachi-2.exe [x]
R2 HP Support Assistant Service;HP Support Assistant Service;c:\program files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe;c:\program files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe [x]
R3 amdiox64;AMD IO Driver;c:\windows\system32\DRIVERS\amdiox64.sys;c:\windows\SYSNATIVE\DRIVERS\amdiox64.sys [x]
R3 BBSvc;Bing Bar Update Service;c:\program files (x86)\Microsoft\BingBar\BBSvc.EXE;c:\program files (x86)\Microsoft\BingBar\BBSvc.EXE [x]
R3 BEService;BattlEye Service;c:\program files (x86)\Common Files\BattlEye\BEService.exe;c:\program files (x86)\Common Files\BattlEye\BEService.exe [x]
R3 BTCFilterService;USB Networking Driver Filter Service;c:\windows\system32\DRIVERS\motfilt.sys;c:\windows\SYSNATIVE\DRIVERS\motfilt.sys [x]
R3 cleanhlp;cleanhlp;c:\eek\Run\cleanhlp64.sys;c:\eek\Run\cleanhlp64.sys [x]
R3 dg_ssudbus;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.);c:\windows\system32\DRIVERS\ssudbus.sys;c:\windows\SYSNATIVE\DRIVERS\ssudbus.sys [x]
R3 GamesAppService;GamesAppService;c:\program files (x86)\WildTangent Games\App\GamesAppService.exe;c:\program files (x86)\WildTangent Games\App\GamesAppService.exe [x]
R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe;c:\windows\SYSNATIVE\IEEtwCollector.exe [x]
R3 InternetConnectionService;InternetConnectionService;c:\windows\SYSTEM32\KWCAPTUR.EXE;c:\windows\SYSNATIVE\KWCAPTUR.EXE [x]
R3 motccgp;Motorola USB Composite Device Driver;c:\windows\system32\DRIVERS\motccgp.sys;c:\windows\SYSNATIVE\DRIVERS\motccgp.sys [x]
R3 motccgpfl;MotCcgpFlService;c:\windows\system32\DRIVERS\motccgpfl.sys;c:\windows\SYSNATIVE\DRIVERS\motccgpfl.sys [x]
R3 Motousbnet;Motorola USB Networking Driver Service;c:\windows\system32\DRIVERS\Motousbnet.sys;c:\windows\SYSNATIVE\DRIVERS\Motousbnet.sys [x]
R3 motusbdevice;Motorola USB Dev Driver;c:\windows\system32\DRIVERS\motusbdevice.sys;c:\windows\SYSNATIVE\DRIVERS\motusbdevice.sys [x]
R3 netr28x;Ralink 802.11n Extensible Wireless Driver;c:\windows\system32\DRIVERS\netr28x.sys;c:\windows\SYSNATIVE\DRIVERS\netr28x.sys [x]
R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys;c:\windows\SYSNATIVE\DRIVERS\NisDrvWFP.sys [x]
R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\NisSrv.exe;c:\program files\Microsoft Security Client\NisSrv.exe [x]
R3 OverwolfUpdater;Overwolf Updater Windows SCM;c:\program files (x86)\Overwolf\OverwolfUpdater.exe;c:\program files (x86)\Overwolf\OverwolfUpdater.exe [x]
R3 QsFsFltr;QsFsFltr;c:\windows\system32\DRIVERS\QsFsFltr.sys;c:\windows\SYSNATIVE\DRIVERS\QsFsFltr.sys [x]
R3 SaiH075C;SaiH075C;c:\windows\system32\DRIVERS\SaiH075C.sys;c:\windows\SYSNATIVE\DRIVERS\SaiH075C.sys [x]
R3 ssudmdm;SAMSUNG  Mobile USB Modem Drivers (DEVGURU Ver.);c:\windows\system32\DRIVERS\ssudmdm.sys;c:\windows\SYSNATIVE\DRIVERS\ssudmdm.sys [x]
R3 TCFilter;TCFilter;c:\windows\system32\drivers\tcfilter.sys;c:\windows\SYSNATIVE\drivers\tcfilter.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 TunngleService;TunngleService;c:\program files (x86)\Tunngle\TnglCtrl.exe;c:\program files (x86)\Tunngle\TnglCtrl.exe [x]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys;c:\windows\SYSNATIVE\Drivers\usbaapl64.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]
R3 WinRing0_1_2_0;WinRing0_1_2_0;c:\program files (x86)\Razer\Razer Game Booster\Driver\WinRing0x64.sys;c:\program files (x86)\Razer\Razer Game Booster\Driver\WinRing0x64.sys [x]
S0 aswRvrt;avast! Revert; [x]
S0 aswVmm;avast! VM Monitor; [x]
S0 gfibto;gfibto;c:\windows\system32\drivers\gfibto.sys;c:\windows\SYSNATIVE\drivers\gfibto.sys [x]
S1 A2DDA;A2 Direct Disk Access Support Driver;c:\eek\RUN\a2ddax64.sys;c:\eek\RUN\a2ddax64.sys [x]
S1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys;c:\windows\SYSNATIVE\drivers\aswSnx.sys [x]
S1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys;c:\windows\SYSNATIVE\drivers\aswSP.sys [x]
S1 ctxusbm;Citrix USB Monitor Driver;c:\windows\system32\DRIVERS\ctxusbm.sys;c:\windows\SYSNATIVE\DRIVERS\ctxusbm.sys [x]
S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV64.SYS;c:\program files\SUPERAntiSpyware\SASDIFSV64.SYS [x]
S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL64.SYS;c:\program files\SUPERAntiSpyware\SASKUTIL64.SYS [x]
S2 !SASCORE;SAS Core Service;c:\program files\SUPERANTISPYWARE\SASCORE64.EXE;c:\program files\SUPERANTISPYWARE\SASCORE64.EXE [x]
S2 Amazon Download Agent;Amazon Download Agent;c:\program files (x86)\Amazon\Amazon Games & Software Downloader\AmazonGSDownloaderService.exe;c:\program files (x86)\Amazon\Amazon Games & Software Downloader\AmazonGSDownloaderService.exe [x]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe;c:\windows\SYSNATIVE\atiesrxx.exe [x]
S2 AMD Reservation Manager;AMD Reservation Manager;c:\program files\ATI Technologies\ATI.ACE\Reservation Manager\AMD Reservation Manager.exe;c:\program files\ATI Technologies\ATI.ACE\Reservation Manager\AMD Reservation Manager.exe [x]
S2 aswHwid;avast! HardwareID;c:\windows\system32\drivers\aswHwid.sys;c:\windows\SYSNATIVE\drivers\aswHwid.sys [x]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys;c:\windows\SYSNATIVE\drivers\aswMonFlt.sys [x]
S2 CinemaNow Service;CinemaNow Service;c:\program files (x86)\CinemaNow\CinemaNow Media Manager\CinemanowSvc.exe;c:\program files (x86)\CinemaNow\CinemaNow Media Manager\CinemanowSvc.exe [x]
S2 IntuitUpdateServiceV4;Intuit Update Service v4;c:\program files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe;c:\program files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe [x]
S2 MotoHelper;MotoHelper Service;c:\program files (x86)\Motorola\MotoHelper\MotoHelperService.exe;c:\program files (x86)\Motorola\MotoHelper\MotoHelperService.exe [x]
S2 NvNetworkService;NVIDIA Network Service;c:\program files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe;c:\program files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [x]
S2 NvStreamSvc;NVIDIA Streamer Service;c:\program files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe;c:\program files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [x]
S2 pdfcDispatcher;PDF Document Manager;c:\program files (x86)\PDF Complete\pdfsvc.exe;c:\program files (x86)\PDF Complete\pdfsvc.exe [x]
S2 QPCopyEngine;QPCopyEngine;c:\program files\IOMEGA\QUIKPROTECT\QpMonitor.exe;c:\program files\IOMEGA\QUIKPROTECT\QpMonitor.exe [x]
S2 sp_rsdrv2;Spyware Terminator Driver Filter;c:\windows\system32\DRIVERS\stflt.sys;c:\windows\SYSNATIVE\DRIVERS\stflt.sys [x]
S2 ST2012_Svc;Spyware Terminator 2012 Realtime Shield Service;c:\program files (x86)\Spyware Terminator\st_rsser64.exe;c:\program files (x86)\Spyware Terminator\st_rsser64.exe [x]
S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [x]
S2 TeamViewer9;TeamViewer 9;c:\program files (x86)\TeamViewer\Version9\TeamViewer_Service.exe;c:\program files (x86)\TeamViewer\Version9\TeamViewer_Service.exe [x]
S2 UMVPFSrv;UMVPFSrv;c:\program files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe;c:\program files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe [x]
S3 athur;Atheros AR9271 Wireless Network Adapter Service;c:\windows\system32\DRIVERS\athurx.sys;c:\windows\SYSNATIVE\DRIVERS\athurx.sys [x]
S3 dc3d;MS Hardware Device Detection Driver (USB);c:\windows\system32\DRIVERS\dc3d.sys;c:\windows\SYSNATIVE\DRIVERS\dc3d.sys [x]
S3 EuMusDesignVirtualAudioCableWdm;Virtual Audio Cable (WDM);c:\windows\system32\DRIVERS\vrtaucbl.sys;c:\windows\SYSNATIVE\DRIVERS\vrtaucbl.sys [x]
S3 LVRS64;Logitech RightSound Filter Driver;c:\windows\system32\DRIVERS\lvrs64.sys;c:\windows\SYSNATIVE\DRIVERS\lvrs64.sys [x]
S3 LVUVC64;Logitech HD Webcam C270(UVC);c:\windows\system32\DRIVERS\lvuvc64.sys;c:\windows\SYSNATIVE\DRIVERS\lvuvc64.sys [x]
S3 ManyCam;ManyCam Virtual Webcam;c:\windows\system32\DRIVERS\mcvidrv_x64.sys;c:\windows\SYSNATIVE\DRIVERS\mcvidrv_x64.sys [x]
S3 mcaudrv_simple;ManyCam Virtual Microphone;c:\windows\system32\drivers\mcaudrv_x64.sys;c:\windows\SYSNATIVE\drivers\mcaudrv_x64.sys [x]
S3 nvvad_WaveExtensible;NVIDIA Virtual Audio Device (Wave Extensible) (WDM);c:\windows\system32\drivers\nvvad64v.sys;c:\windows\SYSNATIVE\drivers\nvvad64v.sys [x]
S3 Point64;Microsoft Mouse and Keyboard Center Filter Driver;c:\windows\system32\DRIVERS\point64.sys;c:\windows\SYSNATIVE\DRIVERS\point64.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys;c:\windows\SYSNATIVE\DRIVERS\Rt64win7.sys [x]
S3 ScreamBAudioSvc;ScreamBee Audio;c:\windows\system32\drivers\ScreamingBAudio64.sys;c:\windows\SYSNATIVE\drivers\ScreamingBAudio64.sys [x]
S3 tap0901t;TAP-Win32 Adapter V9 (Tunngle);c:\windows\system32\DRIVERS\tap0901t.sys;c:\windows\SYSNATIVE\DRIVERS\tap0901t.sys [x]
S3 usbfilter;AMD USB Filter Driver;c:\windows\system32\DRIVERS\usbfilter.sys;c:\windows\SYSNATIVE\DRIVERS\usbfilter.sys [x]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2014-08-30 01:11 1096520 ----a-w- c:\program files (x86)\Google\Chrome\Application\37.0.2062.102\Installer\chrmstp.exe
.
Contents of the 'Scheduled Tasks' folder
.
2014-09-01 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-06 13:20]
.
2014-08-29 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2625895798-646920419-2108830663-1008Core.job
- c:\users\Ben\AppData\Local\Facebook\Update\FacebookUpdate.exe [2011-10-02 06:53]
.
2014-09-01 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2625895798-646920419-2108830663-1008UA.job
- c:\users\Ben\AppData\Local\Facebook\Update\FacebookUpdate.exe [2011-10-02 06:53]
.
2014-09-01 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-12-04 04:09]
.
2014-09-01 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-12-04 04:09]
.
2014-09-01 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2625895798-646920419-2108830663-1001Core.job
- c:\users\Gershman Family\AppData\Local\Google\Update\GoogleUpdate.exe [2011-03-14 04:09]
.
2014-09-01 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2625895798-646920419-2108830663-1001UA.job
- c:\users\Gershman Family\AppData\Local\Google\Update\GoogleUpdate.exe [2011-03-14 04:09]
.
2014-08-27 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2625895798-646920419-2108830663-1008Core.job
- c:\users\Ben\AppData\Local\Google\Update\GoogleUpdate.exe [2013-02-10 21:10]
.
2014-09-01 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2625895798-646920419-2108830663-1008UA.job
- c:\users\Ben\AppData\Local\Google\Update\GoogleUpdate.exe [2013-02-10 21:10]
.
2014-09-01 c:\windows\Tasks\HPCeeScheduleForBen.job
- c:\program files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2011-07-15 09:43]
.
2014-09-01 c:\windows\Tasks\HPCeeScheduleForGershman Family.job
- c:\program files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2011-07-15 09:43]
.
2014-09-01 c:\windows\Tasks\KWVacuum.job
- c:\program files (x86)\Computer Business Solutions\KidsWatch\KidsWatch.exe [2013-06-18 21:49]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive1]
@="{F241C880-6982-4CE5-8CF7-7085BA96DA5A}"
[HKEY_CLASSES_ROOT\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A}]
2013-02-01 13:17 261624 ----a-w- c:\users\Gershman Family\AppData\Local\Microsoft\SkyDrive\17.0.2003.1112\amd64\SkyDriveShell64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive2]
@="{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}"
[HKEY_CLASSES_ROOT\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}]
2013-02-01 13:17 261624 ----a-w- c:\users\Gershman Family\AppData\Local\Microsoft\SkyDrive\17.0.2003.1112\amd64\SkyDriveShell64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive3]
@="{BBACC218-34EA-4666-9D7A-C78F2274A524}"
[HKEY_CLASSES_ROOT\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524}]
2013-02-01 13:17 261624 ----a-w- c:\users\Gershman Family\AppData\Local\Microsoft\SkyDrive\17.0.2003.1112\amd64\SkyDriveShell64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2014-08-12 02:27 634872 ----a-w- c:\program files\AVAST Software\Avast\ashShA64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2013-09-10 23:54 164016 ----a-w- c:\users\Gershman Family\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2013-09-10 23:54 164016 ----a-w- c:\users\Gershman Family\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2013-09-10 23:54 164016 ----a-w- c:\users\Gershman Family\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2013-09-10 23:54 164016 ----a-w- c:\users\Gershman Family\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveBlacklistedOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42}]
2014-08-08 14:34 777032 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedEditOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}"
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}]
2014-08-08 14:34 777032 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedEditOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}"
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}]
2014-08-08 14:34 777032 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedViewOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D43}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D43}]
2014-08-08 14:34 777032 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSyncedOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40}]
2014-08-08 14:34 777032 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSyncingOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41}]
2014-08-08 14:34 777032 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"hpsysdrv"="c:\program files (x86)\hewlett-packard\HP odometer\hpsysdrv.exe" [2008-11-20 62768]
"SpywareTerminatorShield"="c:\program files (x86)\Spyware Terminator\SpywareTerminatorShield.exe" [2012-09-07 2777296]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2013-06-21 1356240]
"IntelliType Pro"="c:\program files\Microsoft Mouse and Keyboard Center\itype.exe" [2012-11-02 1464944]
"drkly16j"="drkly16j.dll" [2013-07-02 1760992]
"SpywareTerminatorUpdater"="c:\program files (x86)\Spyware Terminator\SpywareTerminatorUpdate.exe" [2013-04-03 3684488]
.
------- Supplementary Scan -------
.
uStart Page = https://search.yahoo.com/?type=242154&fr=spigot-yhp-ie
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = 192.168.*.*;*.local;<local>
uSearchAssistant = hxxp://www.google.com
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: Clip image - c:\program files (x86)\Evernote\Evernote\EvernoteIERes\Clip.html?clipAction=4
IE: Clip selection - c:\program files (x86)\Evernote\Evernote\EvernoteIERes\Clip.html?clipAction=3
IE: Clip this page - c:\program files (x86)\Evernote\Evernote\EvernoteIERes\Clip.html?clipAction=1
IE: Clip URL - c:\program files (x86)\Evernote\Evernote\EvernoteIERes\Clip.html?clipAction=0
IE: New note - c:\program files (x86)\Evernote\Evernote\EvernoteIERes\NewNote.html
Trusted Zone: clonewarsadventures.com
Trusted Zone: freerealms.com
Trusted Zone: soe.com
Trusted Zone: sony.com
TCP: Interfaces\{0A04D516-9AB4-4AA2-8B21-93B4AD435054}: DhcpNameServer = 167.206.10.178 167.206.10.179 192.168.1.1
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-Locked - (no file)
Wow6432Node-HKLM-Run-<NO NAME> - (no file)
AddRemove-737-700 Southwest Airlines Liveries Package v2.2 - c:\program files\Microsoft Games\Microsoft Flight Simulator X\Uninstal.exe
AddRemove-767CAPTAIN - c:\program files (x86)\Microsoft Games\Microsoft Flight Simulator X\csX767_uninstall.exe
AddRemove-Accu-Feel - c:\progra~2\MI233B~1\MICROS~1\\A2A\Feel\UNWISE.EXE
AddRemove-Aces High - c:\hitech~1\ACESHI~1\UNWISE.EXE
AddRemove-AICarriers - c:\program files (x86)\AICarriers\uninstall.exe
AddRemove-Area 51 Simulations C-17 Globemaster for MS Flight Simulator FSX - c:\program files (x86)\Microsoft Games\Microsoft Flight Simulator X\SimObjects\Airplanes\Globemaster\Uninstal.exe
AddRemove-Area 51 Simulations MH-47E FSX Version for Windows 7 64 Bit - c:\program files (x86)\Microsoft Games\Microsoft Flight Simulator X\SimObjects\Rotorcraft\Area51Sim MH-47\Uninstal.exe
AddRemove-ArmA - g:\program files\Bohemia Interactive\ArmA\UnInstall.exe
AddRemove-ArmA 2 - c:\program files\Bohemia Interactive\ArmA 2\UnInstall.exe
AddRemove-Arma 2 British Armed Forces - c:\program files\Bohemia Interactive\ArmA 2\BAF\UnInstall.exe
AddRemove-ARMA 2 Operation Arrowhead - c:\program files\Bohemia Interactive\ArmA 2\UnInstall_OA.exe
AddRemove-Arma 2 Private Military Company - c:\program files\Bohemia Interactive\ArmA 2\PMC\UnInstall.exe
AddRemove-Arma Cold War Assault - g:\program files\Bohemia Interactive\Arma Cold War Assault\UnInstall.exe
AddRemove-ATR_72500 - c:\windows\iun6002.exe
AddRemove-ATR_Beta - c:\windows\iun6002.exe
AddRemove-Battlelog Web Plugins - c:\program files (x86)\Battlelog Web Plugins\uninstall.exe
AddRemove-BattlEye - c:\program files\Bohemia Interactive\ArmA 2\BattlEye\UnInstallBE.exe
AddRemove-BattlEye A2 Free - c:\program files (x86)\Bohemia Interactive\ArmA 2 FreeBattlEye\UnInstallBE.exe
AddRemove-BattlEye for A1 - g:\program files\Bohemia Interactive\ArmABattlEye\UnInstallBE.exe
AddRemove-BattlEye for RFT - c:\program files (x86)\Bohemia Interactive\ArmA\Expansion\BattlEye\UnInstallBE.exe
AddRemove-BinMake - c:\program files (x86)\Bohemia Interactive\Tools\BinMake\UnInstall.exe
AddRemove-BinPBO Personal Edition - c:\program files (x86)\Bohemia Interactive\Tools\BinPBO Personal Edition\UnInstall.exe
AddRemove-BN_DesktopReader - c:\program files (x86)\Barnes & Noble\BNDesktopReader\uninstall.exe
AddRemove-BOXEE - c:\program files (x86)\Boxee\uninstall.exe
AddRemove-Carenado C172N FSX - c:\program files (x86)\Microsoft Games\Microsoft Flight Simulator X\uninstall.exe
AddRemove-Carenado C340 II FSX - c:\program files (x86)\Microsoft Games\Microsoft Flight Simulator X\uninstall.exe
AddRemove-CCFile_is1 - c:\program files (x86)\CCFile\unins000.exe
AddRemove-Driver Genius Professional Edition_is1 - c:\program files (x86)\Driver-Soft\DriverGenius\unins000.exe
AddRemove-ESET Online Scanner - c:\program files (x86)\ESET\ESET Online Scanner\OnlineScannerUninstaller.exe
AddRemove-ESN Sonar-0.70.0 - c:\program files (x86)\Battlelog Web Plugins\Sonar\esnsonar_uninstall.exe
AddRemove-ESN Sonar-0.70.4 - c:\program files (x86)\Battlelog Web Plugins\Sonar\esnsonar_uninstall.exe
AddRemove-FastStone Capture - c:\users\Gershman Family\Desktop\FastStone Capture\uninst.exe
AddRemove-FinalTorrent_is1 - c:\program files (x86)\FinalTorrent\unins000.exe
AddRemove-Flight Environment X - c:\program files (x86)\Flight One Software\Flight Environment X\UnFEX.exe
AddRemove-FlightGear_is1 - h:\program files (x86)\FlightGear\unins000.exe
AddRemove-Fraps - s:\fraps\uninstall.exe
AddRemove-FreeFileViewer_is1 - c:\program files (x86)\FreeFileViewer\unins001.exe
AddRemove-FSDreamTeam JFK FSX_is1 - c:\program files (x86)\Microsoft Games\Microsoft Flight Simulator X\unins004.exe
AddRemove-FSM Editor Personal Edition - c:\program files (x86)\Bohemia Interactive\Tools\FSM Editor Personal Edition\UnInstall.exe
AddRemove-MyTraffic X 5.2 Simmarket Edition - c:\program files (x86)\Microsoft Games\Microsoft Flight Simulator X\MyTrafficX52uninst.exe
AddRemove-NEMETH DESIGNS - Sikorski CH53-E - c:\program files (x86)\Microsoft Games\Microsoft Flight Simulator X\NDCH53E.exe
AddRemove-Nemeth Designs Aerospatiale SA-2 Samson (Beta 2) - c:\program files (x86)\Microsoft Games\Microsoft Flight Simulator X\samsonbeta2uninstall.exe
AddRemove-Oxygen 2 Personal Edition - c:\program files (x86)\Bohemia Interactive\Tools\Oxygen 2 Personal Edition\UnInstall.exe
AddRemove-P-51D Mustang v1.2 - c:\program files (x86)\Microsoft Games\Microsoft Flight Simulator X\Uninstal.exe
AddRemove-Pamela - c:\program files (x86)\Pamela\Uninst.exe
AddRemove-Pole to Pole FSX - c:\program files (x86)\Microsoft Games\Microsoft Flight Simulator X\Uninstal Pole to Pole.exe
AddRemove-Project Landrover Derfender - c:\program files (x86)\Microsoft Games\Microsoft Flight Simulator X\Uninstal.exe
AddRemove-Project Reality: BF2 (pr)_is1 - c:\program files (x86)\EA GAMES\Battlefield 2\unins000.exe
AddRemove-Sound Tools - c:\program files (x86)\Bohemia Interactive\Tools\Sound Tools\UnInstall.exe
AddRemove-SPACESHUTTLE - c:\program files (x86)\Microsoft Games\Microsoft Flight Simulator X\css001_uninstall.exe
AddRemove-Steam App 10180 - g:\steam\steam.exe
AddRemove-Steam App 10190 - c:\program files (x86)\Steam\steam.exe
AddRemove-Steam App 104320 - c:\program files (x86)\Steam\steam.exe
AddRemove-Steam App 107410 - c:\program files (x86)\Steam\steam.exe
AddRemove-Steam App 12210 - c:\program files (x86)\Steam\steam.exe
AddRemove-Steam App 12220 - c:\program files (x86)\Steam\steam.exe
AddRemove-Steam App 215 - c:\program files (x86)\Steam\steam.exe
AddRemove-Steam App 223750 - c:\program files (x86)\Steam\steam.exe
AddRemove-Steam App 224780 - c:\program files (x86)\Steam\steam.exe
AddRemove-Steam App 35450 - c:\program files (x86)\Steam\steam.exe
AddRemove-Steam App 43110 - c:\program files (x86)\Steam\steam.exe
AddRemove-Steam App 440 - c:\program files (x86)\Steam\steam.exe
AddRemove-Steam App 4560 - c:\program files (x86)\Steam\steam.exe
AddRemove-Tarawa Class LHA's1.1 - c:\users\Gershman Family\Desktop\Uninstall_Tarawa Class LHA's\uninstalPlumIsland.exe
AddRemove-Text-o-Matic - c:\program files (x86)\Microsoft Games\Microsoft Flight Simulator X\Flight One Software\Text-o-Matic\Templates\UnTextomatic.exe
AddRemove-TexView 2 - c:\program files\Bohemia Interactive\Tools\TexView 2\UnInstall.exe
AddRemove-TJSJ San Juan FSX - c:\program files (x86)\Microsoft Games\Microsoft Flight Simulator X\Uninstall TJSJ.exe
AddRemove-Trusted Software Assistant_is1 - c:\program files (x86)\File Type Assistant\unins000.exe
AddRemove-Ultimate Airliners - The Super 80 - c:\flight one software\S80Uninstall.exe
AddRemove-Visitor 3 - c:\program files (x86)\Bohemia Interactive\Tools\Visitor 3\UnInstall.exe
AddRemove-{026938AE-8782-4CDE-8860-3B76CC75AC50}_is1 - c:\program files\Microsoft Games\Microsoft Flight Simulator X\unins000.exe
AddRemove-{0F1F6144-F13A-433D-B66E-129C5E8D504B}_is1 - c:\program files (x86)\Microsoft Games\Microsoft Flight Simulator X\unins005.exe
AddRemove-{270EDE76-0A48-43D7-B56C-40221F7A97D8}_is1 - c:\program files (x86)\Microsoft Games\Microsoft Flight Simulator X\Microsoft Flight Simulator X\unins000.exe
AddRemove-{3B22C38F-EC27-4488-B1F6-64EF6A28906F}_is1 - c:\program files (x86)\Microsoft Games\Microsoft Flight Simulator X\unins000.exe
AddRemove-{5B57D4F1-66BA-448C-97F1-23F73517C694}_is1 - c:\cs 757\Microsoft Flight Simulator X\unins000.exe
AddRemove-{9951EF0F-3517-4754-9F11-9D0A274EB4C4}_is1 - c:\program files (x86)\Microsoft Games\Microsoft Flight Simulator X\Microsoft Flight Simulator X\unins001.exe
AddRemove-{AADBF993-58ED-4C7B-8B4E-F3663B7EF7A5}_is1 - c:\program files (x86)\Microsoft Games\Microsoft Flight Simulator X\Microsoft Flight Simulator X\unins002.exe
AddRemove-{BD8C4EB3-7C47-41B8-8BA6-392CDEC03482}_is1 - c:\program files (x86)\Microsoft Games\Microsoft Flight Simulator X\Microsoft Flight Simulator X\unins000.exe
AddRemove-{DC0460B6-81E2-45B2-9725-04D5074C6838}_is1 - c:\program files\Microsoft Games\Microsoft Flight Simulator X\unins001.exe
AddRemove-{E35A3B13-78CD-4967-8AC8-AA9FDA693EDE} - c:\program files (x86)\InstallShield Installation Information\{E35A3B13-78CD-4967-8AC8-AA9FDA693EDE}\setup.exe
AddRemove-{F314B249-500E-4C0A-9186-92DB1417973D}_is1 - c:\program files\Microsoft Games\Microsoft Flight Simulator X\unins002.exe
AddRemove-Eaglesoft Development Group  Citation CII 1.5 - c:\program files (x86)\Microsoft Games\Microsoft Flight Simulator X\CIIXUninstaller.exe
.
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\pdfcDispatcher]
"ImagePath"="c:\program files (x86)\PDF Complete\pdfsvc.exe /startedbyscm:66B66708-40E2BE4D-pdfcService"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\ApprovedExtensionsMigration]
@Denied: (2) (LocalSystem)
"Timestamp"=hex:3c,9a,2b,f9,76,46,cc,01
.
[HKEY_USERS\S-1-5-21-2625895798-646920419-2108830663-1001\Software\SecuROM\License information*]
"datasecu"=hex:63,26,08,47,f7,65,df,a9,89,62,4c,db,18,a3,8a,08,af,16,11,94,bc,
   43,a0,bf,f0,98,b5,41,da,14,ef,2f,cf,d1,60,7c,38,09,3a,6c,bb,81,9b,f8,38,45,\
"rkeysecu"=hex:12,23,f4,26,8f,86,77,d5,1b,5d,c8,9f,c5,85,20,69
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_14_0_0_176_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_14_0_0_176_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_14_0_0_176_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_14_0_0_176_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_14_0_0_176.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.14"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_14_0_0_176.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_14_0_0_176.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_14_0_0_176.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
"Key"="ActionsPane3"
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0004\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0005\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0006\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files\AVAST Software\Avast\AvastSvc.exe
c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files (x86)\Common Files\LightScribe\LSSrvc.exe
c:\program files (x86)\Motorola\MotoHelper\MotoHelperAgent.exe
c:\windows\system32\PnkBstrA.exe
c:\program files (x86)\Common Files\Protexis\License Service\PsiService_2.exe
c:\program files (x86)\Microsoft\BingBar\SeaPort.EXE
c:\program files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
c:\program files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe
c:\program files (x86)\Common Files\Intuit\Update Service\IntuitUpdateService.exe
.
**************************************************************************
.
Completion time: 2014-09-01  15:52:08 - machine was rebooted
ComboFix-quarantined-files.txt  2014-09-01 19:52
ComboFix2.txt  2014-09-01 14:58
.
Pre-Run: 169,927,872,512 bytes free
Post-Run: 169,842,290,688 bytes free
.
- - End Of File - - 7E3DFCAC1F48D770858D952162B05028
 



#15 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 36,617 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:11:39 PM

Posted 01 September 2014 - 04:26 PM

While we are testing out your computer please do this for me.

===================================================

Virustotal Online Virus Scanner

--------------------
  • Please go to Virustotal
  • Select Choose File
  • Navigate to the following file (if multiple files then one at a time), double click on it so the file name is populated, then click Scan it!
  • IMPORTANT! If the file is listed as already analyzed, click on Reanalyse file now button.

c:\windows\system32\IEUDINIT.EXE

  • Once completed, highlight the information in the address bar and copy then paste the link in your reply
virustotal.jpg

===================================================

Things I would like to see in your next reply. Please be sure to copy and paste any requested log information unless you are asked to attach it. :thumbsup2:
  • Virustotal link

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users