Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Cant Find Virus


  • This topic is locked This topic is locked
25 replies to this topic

#1 Garavar

Garavar

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:08:33 AM

Posted 14 August 2014 - 03:34 PM

A few weeks ago I opened a .pdf from what I thought was Wells Fargo. Turns out it was an .exe disguised as a pdf.

 

Since then my computer takes a good 10 minutes to start up. Sometimes it doesnt start at all and I have to shut down and try again. (It gets stuck on black loading windows screen). I ran Norton (bought a new copy just for this and still nothing).

 

Attached are my logs

 

Thanks.

Attached Files



BC AdBot (Login to Remove)

 


#2 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:08:33 AM

Posted 14 August 2014 - 05:25 PM





Hello Garavar

I would like to welcome you to the Malware Removal section of the forum.

Around here they call me Gringo and I will be glad to help you with your malware problems.

Very Important --> Please read this post completely, I have spent my time to put together somethings for you to keep in mind while I am helping you to make things go easier, faster and smoother for both of us!

  • Please do not run any tools unless instructed to do so.
    • We ask you to run different tools in a specific order to ensure the malware is completely removed from your machine, and running any additional tools may detect false positives, interfere with our tools, or cause unforeseen damage or system instability.
  • Please do not attach logs or use code boxes, just copy and paste the text.
    • Due to the high volume of logs we receive it helps to receive everything in the same format, and code boxes make the logs very difficult to read. Also, attachments require us to download and open the reports when it is easier to just read the reports in your post.
  • Please read every post completely before doing anything.
    • Pay special attention to the NOTE: lines, these entries identify an individual issue or important step in the cleanup process.
  • Please provide feedback about your experience as we go.
    • A short statement describing how the computer is working helps us understand where to go next, for example: I am still getting redirected, the computer is running normally, etc. Please do not describe the computer as "the same", this requires the extra step of looking back at your previous post.
NOTE: At the top of your post, click on the "Follow This Topic" Button, make sure that the "Receive notification" box is checked and that it is set to "Instantly" - This will send you an e-mail as soon as I reply to your topic, allowing us to resolve the issue faster.

NOTE: Backup any files that cannot be replaced. Removing malware can be unpredictable and this step can save a lot of heartaches if things don't go as planed. You can put them on a CD/DVD, external drive or a pen drive, anywhere except on the computer.

NOTE: It is good practice to copy and paste the instructions into notepad and print them in case it is necessary for you to go offline during the cleanup process. To open notepad, navigate to Start Menu > All Programs > Accessories > Notepad. Please remember to copy the entire post so you do not miss any instructions.

I would like you to run this program for me.

Please download Farbar Recovery Scan Tool and save it to your desktop.

Note: You need to run the version compatibale with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.
  • Double-click to run it. When the tool opens click Yes to disclaimer.
  • Press Scan button.
  • It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
  • The first time the tool is run, it makes also another log (Addition.txt). Please attach it to your reply.
Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#3 Garavar

Garavar
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:08:33 AM

Posted 14 August 2014 - 05:57 PM

FRST.TXT
 
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 14-08-2014 01
Ran by RyanLaptop (administrator) on RYANLAPTOP-PC on 14-08-2014 18:53:04
Running from C:\Users\RyanLaptop\Desktop
Platform: Windows 7 Professional Service Pack 1 (X64) OS Language: English (United States)
Internet Explorer Version 11
Boot Mode: Normal
 
The only official download link for FRST:
Download link from any site other than Bleeping Computer is unpermitted or outdated.
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(IDT, Inc.) C:\Program Files\IDT\WDM\stacsv64.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Intel® Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe
(Microsoft Corporation) C:\Program Files (x86)\Common Files\microsoft shared\VS7Debug\mdm.exe
(Microsoft Corporation) C:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\sqlservr.exe
(Symantec Corporation) C:\Program Files (x86)\Norton Internet Security\Engine\21.4.0.13\NIS.exe
(IDT, Inc.) C:\Program Files\IDT\WDM\sttray64.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(AMD) C:\Program Files (x86)\ATI Technologies\HydraVision\HydraDM.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Symantec Corporation) C:\Program Files (x86)\Norton Internet Security\Engine\21.4.0.13\NIS.exe
(AMD) C:\Program Files (x86)\ATI Technologies\HydraVision\HydraDM64.exe
() C:\Windows\SysWOW64\PnkBstrA.exe
(Intel® Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
() C:\ProgramData\Rpcnet\Bin\rpcld.exe
() C:\Windows\System32\rpcnetp.exe
(Microsoft Corporation) C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Intel® Corporation) C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Adobe Systems Inc.) C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\acrotray.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(Intel Corporation) C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe
(Intel® Corporation) C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Google Inc.) C:\Users\RyanLaptop\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\RyanLaptop\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\RyanLaptop\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\RyanLaptop\AppData\Local\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Google Inc.) C:\Users\RyanLaptop\AppData\Local\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Google Inc.) C:\Users\RyanLaptop\AppData\Local\Google\Chrome\Application\chrome.exe
 
 
==================== Registry (Whitelisted) ==================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [SysTrayApp] => C:\Program Files\IDT\WDM\sttray64.exe [1664000 2012-11-16] (IDT, Inc.)
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2804976 2014-07-18] (Synaptics Incorporated)
HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [642816 2013-05-30] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [932288 2010-10-25] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [Adobe Acrobat Speed Launcher] => C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrobat_sl.exe [36760 2010-10-25] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Acrobat Assistant 8.0] => C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrotray.exe [821144 2010-10-25] (Adobe Systems Inc.)
HKLM\...\RunOnce: [NCPluginUpdater] => C:\Program Files (x86)\Hewlett-Packard\HP Health Check\ActiveCheck\product_line\NCPluginUpdater.exe [21720 2014-07-23] (Hewlett-Packard)
Winlogon\Notify\ScCertProp: wlnotify.dll [X]
HKU\S-1-5-21-2937270282-1843250493-475737815-1009\...\Run: [HydraVisionDesktopManager] => C:\Program Files (x86)\ATI Technologies\HydraVision\HydraDM.exe [393216 2011-10-03] (AMD)
HKU\S-1-5-21-2937270282-1843250493-475737815-1009\...\MountPoints2: F - F:\LaunchU3.exe -a
HKU\S-1-5-21-2937270282-1843250493-475737815-1009\...\MountPoints2: {76655c62-d020-11e0-970e-e02a82f8fa75} - F:\LaunchU3.exe -a
ShellIconOverlayIdentifiers: "DropboxExt1" -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\RyanLaptop\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: "DropboxExt2" -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\RyanLaptop\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: "DropboxExt3" -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\RyanLaptop\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: "DropboxExt4" -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\RyanLaptop\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: "DropboxExt5" -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\RyanLaptop\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: "DropboxExt6" -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\RyanLaptop\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: "DropboxExt7" -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\RyanLaptop\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: "DropboxExt8" -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\RyanLaptop\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: "DropboxExt1" -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\RyanLaptop\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: "DropboxExt2" -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\RyanLaptop\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: "DropboxExt3" -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\RyanLaptop\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: "DropboxExt4" -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\RyanLaptop\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: "DropboxExt5" -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\RyanLaptop\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: "DropboxExt6" -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\RyanLaptop\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: "DropboxExt7" -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\RyanLaptop\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: "DropboxExt8" -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\RyanLaptop\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll (Dropbox, Inc.)
BootExecute: autocheck autochk * sdnclean64.exe
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0x770450806A41CE01
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/?ocid=iehp
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-US
BHO: Norton Identity Protection -> {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} -> C:\Program Files (x86)\Norton Internet Security\Engine64\21.4.0.13\coIEPlg.dll (Symantec Corporation)
BHO-x32: Adobe PDF Link Helper -> {18DF081C-E8AD-4283-A596-FA578C2EBDC3} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
BHO-x32: Norton Identity Protection -> {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} -> C:\Program Files (x86)\Norton Internet Security\Engine\21.4.0.13\coIEPlg.dll (Symantec Corporation)
BHO-x32: Norton Vulnerability Protection -> {6D53EC84-6AAE-4787-AEEE-F4628F01010C} -> C:\Program Files (x86)\Norton Internet Security\Engine\21.4.0.13\IPS\IPSBHO.DLL (Symantec Corporation)
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: No Name -> {9FDDE16B-836F-4806-AB1F-1455CBEFF289} ->  No File
BHO-x32: Adobe PDF Conversion Toolbar Helper -> {AE7CD045-E861-484f-8273-0445EE161910} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: SmartSelect Class -> {F4971EE7-DAA0-4053-9964-665D8EE6A077} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
Toolbar: HKLM - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine64\21.4.0.13\coIEPlg.dll (Symantec Corporation)
Toolbar: HKLM-x32 - Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
Toolbar: HKLM-x32 - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\21.4.0.13\coIEPlg.dll (Symantec Corporation)
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} -  No File
Handler-x32: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 75.75.75.75 75.75.76.76 192.168.1.1
 
FireFox:
========
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_14_0_0_145.dll ()
FF Plugin: @java.com/DTPlugin,version=10.4.0 -> C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_14_0_0_145.dll ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @esn.me/esnsonar,version=0.70.0 -> C:\Program Files (x86)\Battlelog Web Plugins\Sonar\0.70.0\npesnsonar.dll No File
FF Plugin-x32: @esn.me/esnsonar,version=0.70.3 -> C:\Program Files (x86)\Battlelog Web Plugins\Sonar\0.70.3\npesnsonar.dll (ESN Social Software AB)
FF Plugin-x32: @esn/esnlaunch,version=1.96.0 -> C:\Program Files (x86)\Battlelog Web Plugins\1.96.0\npesnlaunch.dll (ESN Social Software AB)
FF Plugin-x32: @java.com/DTPlugin,version=10.67.2 -> C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.67.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll No File
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3538.0513 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll No File
FF Plugin-x32: @pandonetworks.com/PandoWebPlugin -> C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll No File
FF Plugin-x32: @videolan.org/vlc,version=2.0.5 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin HKCU: @tools.google.com/Google Update;version=3 -> C:\Users\RyanLaptop\AppData\Local\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKCU: @tools.google.com/Google Update;version=9 -> C:\Users\RyanLaptop\AppData\Local\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF HKLM-x32\...\Firefox\Extensions: [web2pdfextension@web2pdf.adobedotcom] - C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Browser\WCFirefoxExtn
FF Extension: Adobe Acrobat - Create PDF - C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Browser\WCFirefoxExtn [2014-07-15]
FF HKLM-x32\...\Firefox\Extensions: [{BBDA0591-3099-440a-AA10-41764D9DB4DB}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_21.4.0.13\IPSFF
FF Extension: Norton Vulnerability Protection - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_21.4.0.13\IPSFF [2014-07-15]
FF HKLM-x32\...\Firefox\Extensions: [{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_21.4.0.13\coFFPlgn
FF Extension: Norton Toolbar - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_21.4.0.13\coFFPlgn [2014-08-14]
 
Chrome: 
=======
CHR HomePage: hxxp://www.google.com/
CHR Plugin: (Remoting Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Users\RyanLaptop\AppData\Local\Google\Chrome\Application\35.0.1916.153\ppGoogleNaClPluginChrome.dll ()
CHR Plugin: (Chrome PDF Viewer) - C:\Users\RyanLaptop\AppData\Local\Google\Chrome\Application\35.0.1916.153\pdf.dll ()
CHR Plugin: (Shockwave Flash) - C:\Users\RyanLaptop\AppData\Local\Google\Chrome\Application\35.0.1916.153\gcswf32.dll No File
CHR Plugin: (Shockwave Flash) - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_2_202_235.dll No File
CHR Plugin: (Skype Toolbars) - C:\Users\RyanLaptop\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\5.6.0.8312_0\npSkypeChromePlugin.dll No File
CHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll No File
CHR Plugin: (Java Deployment Toolkit 6.0.300.12) - C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll No File
CHR Plugin: (Java™ Platform SE 6 U30) - C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll No File
CHR Plugin: (QuickTime Plug-in 7.6.9) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.6.9) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin2.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.6.9) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin3.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.6.9) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin4.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.6.9) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin5.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.6.9) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin6.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.6.9) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin7.dll (Apple Inc.)
CHR Plugin: (ESN Launch Mozilla Plugin) - C:\Program Files (x86)\Battlelog Web Plugins\1.96.0\npesnlaunch.dll (ESN Social Software AB)
CHR Plugin: (ESN Sonar API) - C:\Program Files (x86)\Battlelog Web Plugins\Sonar\0.70.3\npesnsonar.dll (ESN Social Software AB)
CHR Plugin: (Downloader Detector) - C:\Program Files (x86)\Downloader\npdd.dll No File
CHR Plugin: (iTunes Application Detector) - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
CHR Plugin: (Google Update) - C:\Users\RyanLaptop\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll No File
CHR Plugin: (Silverlight Plug-In) - c:\Program Files (x86)\Microsoft Silverlight\4.1.10111.0\npctrl.dll No File
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\RyanLaptop\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-05-30]
CHR Extension: (Adblock Plus) - C:\Users\RyanLaptop\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2013-09-27]
CHR Extension: (Skype Click to Call) - C:\Users\RyanLaptop\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl [2012-06-06]
CHR Extension: (Google Wallet) - C:\Users\RyanLaptop\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-09-03]
CHR HKLM-x32\...\Chrome\Extension: [bejbohlohkkgompgecdcbbglkpjfjgdj] - C:\Users\RYANLA~1\AppData\Local\Temp\crx9C46.tmp [2013-09-03]
CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files (x86)\Skype\Toolbars\Skype for Chromium\skype_chrome_extension.crx [2011-09-21]
CHR HKLM-x32\...\Chrome\Extension: [mkfokfffehpeedafpekjeddnmnjhmcmk] - C:\Program Files (x86)\Norton Internet Security\Engine\21.4.0.13\Exts\Chrome.crx [2014-07-15]
 
==================== Services (Whitelisted) =================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
S4 AbsoluteNotifier; C:\Program Files (x86)\Absolute Software\Absolute Notifier\AbsoluteNotifierService.exe [11112 2013-10-28] (Absolute Software)
R2 HP Support Assistant Service; C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe [86528 2012-09-27] (Hewlett-Packard Company) [File not signed]
S4 IDriverT; C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [69632 2005-04-04] (Macrovision Corporation) [File not signed]
R2 MDM; C:\Program Files (x86)\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe [335872 2006-10-26] (Microsoft Corporation) [File not signed]
R2 MSSQL$SQLEXPRESS; c:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\sqlservr.exe [57966424 2010-09-17] (Microsoft Corporation)
R2 NIS; C:\Program Files (x86)\Norton Internet Security\Engine\21.4.0.13\NIS.exe [276376 2014-06-27] (Symantec Corporation)
R2 PnkBstrA; C:\Windows\SysWOW64\PnkBstrA.exe [75136 2011-10-26] ()
S4 SQLAgent$SQLEXPRESS; c:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE [430424 2010-09-17] (Microsoft Corporation)
R2 STacSV; C:\Program Files\IDT\WDM\STacSV64.exe [323072 2012-11-16] (IDT, Inc.) [File not signed]
R2 ZeroConfigService; C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe [3325232 2012-06-25] (Intel® Corporation)
R2 rpcld; C:\ProgramData\Rpcnet\Bin\rpcld.exe [X]
 
==================== Drivers (Whitelisted) ====================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
R1 BHDrvx64; C:\Program Files (x86)\Norton Internet Security\NortonData\21.4.0.13\Definitions\BASHDefs\20140801.001\BHDrvx64.sys [1530160 2014-07-03] (Symantec Corporation)
R1 ccSet_NIS; C:\Windows\system32\drivers\NISx64\1504000.00D\ccSetx64.sys [162392 2014-02-20] (Symantec Corporation)
R1 eeCtrl; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys [486192 2014-07-15] (Symantec Corporation)
U3 EraserUtilDrv11313; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilDrv11313.sys [142128 2014-08-14] (Symantec Corporation)
R1 IDSVia64; C:\Program Files (x86)\Norton Internet Security\NortonData\21.4.0.13\Definitions\IPSDefs\20140813.001_e6d\IDSvia64.sys [525016 2014-07-14] (Symantec Corporation)
R3 johci; C:\Windows\System32\DRIVERS\johci.sys [26208 2013-01-11] (JMicron Technology Corp.)
R3 NAVENG; C:\Program Files (x86)\Norton Internet Security\NortonData\21.4.0.13\Definitions\VirusDefs\20140814.002\ENG64.SYS [126040 2014-08-14] (Symantec Corporation)
R3 NAVEX15; C:\Program Files (x86)\Norton Internet Security\NortonData\21.4.0.13\Definitions\VirusDefs\20140814.002\EX64.SYS [2099288 2014-08-14] (Symantec Corporation)
S3 RICOH SmartCard Reader; C:\Windows\System32\DRIVERS\rismcx64.sys [79488 2006-10-03] (RICOH Company, Ltd.)
R3 SNP2UVC; C:\Windows\System32\DRIVERS\snp2uvc.sys [1866080 2012-11-28] ()
R3 SRTSP; C:\Windows\system32\drivers\NISx64\1504000.00D\SRTSP64.SYS [875736 2014-02-12] (Symantec Corporation)
R1 SRTSPX; C:\Windows\system32\drivers\NISx64\1504000.00D\SRTSPX64.SYS [36952 2013-10-30] (Symantec Corporation)
R0 SymDS; C:\Windows\System32\drivers\NISx64\1504000.00D\SYMDS64.SYS [493656 2013-10-30] (Symantec Corporation)
R0 SymEFA; C:\Windows\System32\drivers\NISx64\1504000.00D\SYMEFA64.SYS [1148120 2014-03-04] (Symantec Corporation)
R3 SymEvent; C:\Windows\system32\Drivers\SYMEVENT64x86.SYS [177752 2014-07-15] (Symantec Corporation)
R1 SymIRON; C:\Windows\system32\drivers\NISx64\1504000.00D\Ironx64.SYS [264280 2013-10-30] (Symantec Corporation)
R1 SymNetS; C:\Windows\system32\drivers\NISx64\1504000.00D\SYMNETS.SYS [593112 2014-02-17] (Symantec Corporation)
S3 EagleX64; \??\C:\Windows\system32\drivers\EagleX64.sys [X]
S3 X6va005; \??\C:\Users\RYANLA~1\AppData\Local\Temp\005C1AE.tmp [X]
 
==================== NetSvcs (Whitelisted) ===================
 
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
 
 
==================== One Month Created Files and Folders ========
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2014-08-14 18:51 - 2014-08-14 18:52 - 00053758 _____ () C:\Users\RyanLaptop\Desktop\Addition.txt
2014-08-14 18:49 - 2014-08-14 18:53 - 00023270 _____ () C:\Users\RyanLaptop\Desktop\FRST.txt
2014-08-14 18:49 - 2014-08-14 18:53 - 00000000 ____D () C:\FRST
2014-08-14 18:48 - 2014-08-14 18:48 - 02100224 _____ (Farbar) C:\Users\RyanLaptop\Desktop\FRST64.exe
2014-08-14 17:58 - 2014-03-28 12:56 - 00000000 ____D () C:\Users\RyanLaptop\Documents\KBCT - Boca Raton
2014-08-14 17:57 - 2014-08-14 17:57 - 01642055 _____ () C:\Users\RyanLaptop\Downloads\KBCT - Boca Raton.zip
2014-08-14 17:43 - 2011-11-22 13:58 - 00000000 ____D () C:\Users\RyanLaptop\Documents\Fort Lauderdale Exec
2014-08-14 17:42 - 2014-08-14 17:42 - 00106367 _____ () C:\Users\RyanLaptop\Downloads\Fort Lauderdale Exec.zip
2014-08-14 16:29 - 2014-08-14 16:29 - 00020683 _____ () C:\Users\RyanLaptop\Desktop\dds.txt
2014-08-14 16:29 - 2014-08-14 16:29 - 00016231 _____ () C:\Users\RyanLaptop\Desktop\attach.txt
2014-08-14 16:23 - 2014-08-14 16:24 - 00688992 ____R (Swearware) C:\Users\RyanLaptop\Downloads\dds.com
2014-08-11 16:08 - 2014-08-11 16:09 - 00000000 ____D () C:\NPE
2014-08-11 15:47 - 2014-08-11 16:21 - 00000000 ____D () C:\Users\RyanLaptop\AppData\Local\NPE
2014-08-11 14:54 - 2013-10-01 22:22 - 00056832 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\TsUsbFlt.sys
2014-08-11 14:54 - 2013-10-01 22:11 - 00013824 _____ (Microsoft Corporation) C:\Windows\system32\TsUsbRedirectionGroupPolicyControl.exe
2014-08-11 14:54 - 2013-10-01 22:08 - 00012800 _____ (Microsoft Corporation) C:\Windows\system32\TsUsbRedirectionGroupPolicyExtension.dll
2014-08-11 14:54 - 2013-10-01 21:48 - 00056832 _____ (Microsoft Corporation) C:\Windows\system32\MsRdpWebAccess.dll
2014-08-11 14:54 - 2013-10-01 21:48 - 00018944 _____ (Microsoft Corporation) C:\Windows\system32\wksprtPS.dll
2014-08-11 14:54 - 2013-10-01 21:29 - 00062976 _____ (Microsoft Corporation) C:\Windows\system32\tsgqec.dll
2014-08-11 14:54 - 2013-10-01 21:10 - 00044544 _____ (Microsoft Corporation) C:\Windows\system32\TsUsbGDCoInstaller.dll
2014-08-11 14:54 - 2013-10-01 20:15 - 01057280 _____ (Microsoft Corporation) C:\Windows\system32\rdvidcrl.dll
2014-08-11 14:54 - 2013-10-01 20:14 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MsRdpWebAccess.dll
2014-08-11 14:54 - 2013-10-01 20:14 - 00017920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wksprtPS.dll
2014-08-11 14:54 - 2013-10-01 20:08 - 00083968 _____ (Microsoft Corporation) C:\Windows\system32\TSWbPrxy.exe
2014-08-11 14:54 - 2013-10-01 20:01 - 00420864 _____ (Microsoft Corporation) C:\Windows\system32\wksprt.exe
2014-08-11 14:54 - 2013-10-01 19:58 - 00053248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tsgqec.dll
2014-08-11 14:54 - 2013-10-01 19:31 - 01147392 _____ (Microsoft Corporation) C:\Windows\system32\mstsc.exe
2014-08-11 14:54 - 2013-10-01 19:08 - 00855552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rdvidcrl.dll
2014-08-11 14:54 - 2013-10-01 18:34 - 01068544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mstsc.exe
2014-08-11 14:54 - 2013-10-01 16:57 - 06578176 _____ (Microsoft Corporation) C:\Windows\system32\mstscax.dll
2014-08-11 14:54 - 2013-10-01 16:55 - 05698048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mstscax.dll
2014-08-11 14:53 - 2012-08-23 10:13 - 00243200 _____ (Microsoft Corporation) C:\Windows\system32\rdpudd.dll
2014-08-11 14:53 - 2012-08-23 10:10 - 00019456 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\rdpvideominiport.sys
2014-08-11 14:53 - 2012-08-23 09:24 - 00015360 _____ (Microsoft Corporation) C:\Windows\system32\RdpGroupPolicyExtension.dll
2014-08-11 14:53 - 2012-08-23 07:12 - 00192000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rdpendp_winip.dll
2014-08-11 14:53 - 2012-08-23 06:51 - 00228864 _____ (Microsoft Corporation) C:\Windows\system32\rdpendp_winip.dll
2014-08-11 14:53 - 2012-08-23 05:51 - 03174912 _____ (Microsoft Corporation) C:\Windows\system32\rdpcorets.dll
2014-08-11 14:50 - 2013-09-24 22:23 - 01030144 _____ (Microsoft Corporation) C:\Windows\system32\TSWorkspace.dll
2014-08-11 14:50 - 2013-09-24 21:57 - 00792576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSWorkspace.dll
2014-08-11 14:50 - 2012-05-04 07:00 - 00366592 _____ (Microsoft Corporation) C:\Windows\system32\qdvd.dll
2014-08-11 14:50 - 2012-05-04 05:59 - 00514560 _____ (Microsoft Corporation) C:\Windows\SysWOW64\qdvd.dll
2014-08-11 14:39 - 2014-08-11 14:39 - 00000000 ____D () C:\Users\RyanLaptop\AppData\Roaming\Oracle
2014-08-11 14:38 - 2014-08-11 14:38 - 00000000 ____D () C:\Windows\Sun
2014-08-11 14:38 - 2014-07-25 12:49 - 00272808 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe
2014-08-11 14:37 - 2014-08-11 14:37 - 00004162 _____ () C:\Windows\SysWOW64\jupdate-1.7.0_67-b01.log
2014-08-11 14:37 - 2014-07-25 12:55 - 00098216 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2014-08-11 14:37 - 2014-07-25 12:49 - 00175528 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe
2014-08-11 14:37 - 2014-07-25 12:49 - 00175528 _____ (Oracle Corporation) C:\Windows\SysWOW64\java.exe
2014-08-11 14:35 - 2014-08-11 14:35 - 00918440 _____ (Oracle Corporation) C:\Users\RyanLaptop\Downloads\chromeinstall-7u67.exe
2014-08-11 13:55 - 2014-08-11 13:58 - 00000000 ____D () C:\Users\RyanLaptop\Documents\Desktop Clean up
2014-08-11 13:51 - 2014-08-11 13:53 - 00000286 _____ () C:\Users\RyanLaptop\AppData\Roaming\OpenSceneryX Installer.plist
2014-08-11 13:51 - 2014-08-11 13:51 - 00003284 _____ () C:\Windows\System32\Tasks\{D98D1220-4F87-4EC2-807C-699FB2CD7C24}
2014-08-11 12:50 - 2014-08-11 12:50 - 02815615 _____ () C:\Users\RyanLaptop\Downloads\OpenSceneryX-Installer-Windows.zip
2014-08-09 19:28 - 2014-08-09 19:28 - 00147995 _____ () C:\Users\RyanLaptop\Downloads\KFLL 1.2.zip
2014-08-09 18:10 - 2014-08-09 18:14 - 312475724 _____ () C:\Users\RyanLaptop\Downloads\xp10_hd_mesh_v2_+20-090-north_america.zip
2014-08-09 15:36 - 2014-08-09 16:56 - 00000000 ____D () C:\Program Files\X-Plane 10
2014-08-05 18:09 - 2014-08-05 18:09 - 00288588 _____ () C:\Windows\msxml4-KB973688-enu.LOG
2014-08-05 18:08 - 2014-08-05 18:09 - 00291222 _____ () C:\Windows\msxml4-KB954430-enu.LOG
2014-08-05 16:41 - 2014-08-05 16:41 - 00000000 ____D () C:\Users\RyanLaptop\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\FSFlyingSchool for X-Plane 10
2014-08-05 16:41 - 2014-08-05 16:41 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\FSFlyingSchool for X-Plane 10
2014-08-05 16:40 - 2014-08-14 17:41 - 00000000 ____D () C:\Program Files (x86)\FSFlyingSchoolXPlane10
2014-08-05 16:36 - 2014-08-05 16:37 - 35093073 _____ () C:\Users\RyanLaptop\Downloads\FSFlyingSchool_XPlane_10_Setup.exe
2014-08-04 15:30 - 2014-08-04 15:30 - 00099906 _____ () C:\Windows\DirectX.log
2014-08-04 15:30 - 2014-08-04 15:30 - 00000000 ____D () C:\Program Files (x86)\MSXML 4.0
2014-08-04 15:28 - 2014-08-09 15:26 - 00000000 ____D () C:\Program Files (x86)\Microsoft Games
2014-08-04 15:05 - 2014-08-04 15:12 - 837056344 _____ () C:\Users\RyanLaptop\Downloads\FSXDemo.exe
2014-07-31 12:41 - 2014-08-14 18:10 - 00000073 _____ () C:\Users\RyanLaptop\AppData\Local\X-Plane_drm.prf
2014-07-31 12:41 - 2014-08-09 16:56 - 00000080 _____ () C:\Users\RyanLaptop\AppData\Local\X-Plane Installer.prf
2014-07-31 11:42 - 2014-08-12 10:28 - 00000117 _____ () C:\Users\RyanLaptop\AppData\Local\x-plane_install_10.txt
2014-07-31 11:41 - 2014-07-31 11:41 - 04305431 _____ () C:\Users\RyanLaptop\Downloads\X-Plane10DemoInstallerWindows.zip
2014-07-29 11:01 - 2014-07-29 11:01 - 00000000 ____D () C:\Users\RyanLaptop\AppData\Roaming\Canon
2014-07-29 11:01 - 2014-07-29 11:01 - 00000000 _____ () C:\Users\RyanLaptop\Sti_Trace.log
2014-07-28 11:25 - 2014-08-14 17:25 - 00003216 _____ () C:\Windows\System32\Tasks\HPCeeScheduleForRyanLaptop
2014-07-28 11:25 - 2014-08-14 17:25 - 00000352 _____ () C:\Windows\Tasks\HPCeeScheduleForRyanLaptop.job
2014-07-25 11:46 - 2014-07-25 11:46 - 00000000 ____D () C:\ProgramData\PreEmptive Solutions
2014-07-25 11:44 - 2014-07-25 11:44 - 00000000 ____D () C:\Users\Default\Documents\Visual Studio 2008
2014-07-25 11:44 - 2014-07-25 11:44 - 00000000 ____D () C:\Users\Default User\Documents\Visual Studio 2008
2014-07-24 15:15 - 2014-07-25 11:11 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WCF RIA Services V1.0 SP1
2014-07-24 15:15 - 2014-07-25 11:10 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight 4 SDK
2014-07-24 15:15 - 2014-07-24 15:15 - 00000000 ____D () C:\ProgramData\VS
2014-07-24 15:12 - 2014-07-24 15:12 - 00000000 ____D () C:\4a31c8cfb6f82bab4c144d
2014-07-22 16:31 - 2014-08-09 16:56 - 00000000 ____D () C:\Users\RyanLaptop\AppData\Local\CrashDumps
2014-07-18 16:52 - 2014-07-18 16:52 - 00723184 _____ (Synaptics Incorporated) C:\Windows\system32\SynCOM.dll
2014-07-18 16:52 - 2014-07-18 16:52 - 00549104 _____ (Synaptics Incorporated) C:\Windows\system32\Drivers\SynTP.sys
2014-07-18 16:52 - 2014-07-18 16:52 - 00422640 _____ (Synaptics Incorporated) C:\Windows\system32\SynTPCo19.dll
2014-07-18 16:52 - 2014-07-18 16:52 - 00400624 _____ (Synaptics Incorporated) C:\Windows\SysWOW64\SynCom.dll
2014-07-18 16:52 - 2014-07-18 16:52 - 00252144 _____ (Synaptics Incorporated) C:\Windows\system32\SynTPAPI.dll
2014-07-18 16:52 - 2014-07-18 16:52 - 00169712 _____ (Synaptics Incorporated) C:\Windows\SysWOW64\SynTPCom.dll
2014-07-18 16:49 - 2014-07-18 16:54 - 00013854 _____ () C:\Windows\DPINST.LOG
2014-07-18 16:49 - 2014-07-18 16:54 - 00001336 _____ () C:\Windows\Synaptics.log
2014-07-18 16:48 - 2014-07-18 16:48 - 00161880 _____ () C:\Windows\system32\pca-manta.bin
2014-07-15 13:57 - 2014-07-15 13:57 - 00000000 ____D () C:\Windows\System32\Tasks\Norton Internet Security
2014-07-15 13:57 - 2014-07-15 13:57 - 00000000 ____D () C:\Users\RyanLaptop\Documents\Symantec
2014-07-15 13:55 - 2014-07-15 13:55 - 00177752 _____ (Symantec Corporation) C:\Windows\system32\Drivers\SYMEVENT64x86.SYS
2014-07-15 13:55 - 2014-07-15 13:55 - 00008222 _____ () C:\Windows\system32\Drivers\SYMEVENT64x86.CAT
2014-07-15 13:55 - 2014-07-15 13:55 - 00003234 _____ () C:\Windows\System32\Tasks\Norton WSC Integration
2014-07-15 13:55 - 2014-07-15 13:55 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Norton Internet Security
2014-07-15 13:55 - 2014-07-15 13:55 - 00000000 ____D () C:\Windows\system32\Drivers\NISx64
2014-07-15 13:55 - 2014-07-15 13:55 - 00000000 ____D () C:\Program Files\Common Files\Symantec Shared
2014-07-15 13:55 - 2014-07-15 13:55 - 00000000 ____D () C:\Program Files (x86)\Norton Internet Security
2014-07-15 13:52 - 2014-08-14 20:09 - 00000000 ____D () C:\ProgramData\Norton
2014-07-15 13:52 - 2014-07-15 13:56 - 00000000 ____D () C:\Users\RyanLaptop\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Norton
2014-07-15 13:35 - 2014-07-15 13:35 - 00002465 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Acrobat Distiller X.lnk
2014-07-15 13:35 - 2014-07-15 13:35 - 00002453 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Acrobat X Pro.lnk
2014-07-15 13:35 - 2014-07-15 13:35 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe LiveCycle ES2
2014-07-15 12:51 - 2014-07-15 13:44 - 00000000 ____D () C:\ProgramData\regid.1986-12.com.adobe
2014-07-15 12:41 - 2014-07-15 13:37 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Master Collection CS5.5
2014-07-15 12:41 - 2014-07-15 13:33 - 00000000 ____D () C:\Program Files (x86)\Adobe
2014-07-15 12:41 - 2014-07-15 12:41 - 00000000 ____D () C:\Program Files\Common Files\Adobe
2014-07-15 12:41 - 2014-07-15 12:41 - 00000000 ____D () C:\Program Files\Adobe
2014-07-15 11:17 - 2014-07-15 11:24 - 152139472 _____ () C:\Users\RyanLaptop\Downloads\hdjndgwi.exe
 
==================== One Month Modified Files and Folders =======
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2014-08-14 20:09 - 2014-07-15 13:52 - 00000000 ____D () C:\ProgramData\Norton
2014-08-14 20:09 - 2011-08-13 14:49 - 00000000 ___HD () C:\ProgramData\Rpcnet
2014-08-14 20:09 - 2011-08-11 16:21 - 00000000 ____D () C:\Users\RyanLaptop
2014-08-14 20:09 - 2009-07-13 23:20 - 00000000 ____D () C:\Windows\rescache
2014-08-14 20:09 - 2009-07-13 23:20 - 00000000 ____D () C:\Windows\registration
2014-08-14 18:53 - 2014-08-14 18:49 - 00023270 _____ () C:\Users\RyanLaptop\Desktop\FRST.txt
2014-08-14 18:53 - 2014-08-14 18:49 - 00000000 ____D () C:\FRST
2014-08-14 18:52 - 2014-08-14 18:51 - 00053758 _____ () C:\Users\RyanLaptop\Desktop\Addition.txt
2014-08-14 18:48 - 2014-08-14 18:48 - 02100224 _____ (Farbar) C:\Users\RyanLaptop\Desktop\FRST64.exe
2014-08-14 18:10 - 2014-07-31 12:41 - 00000073 _____ () C:\Users\RyanLaptop\AppData\Local\X-Plane_drm.prf
2014-08-14 17:57 - 2014-08-14 17:57 - 01642055 _____ () C:\Users\RyanLaptop\Downloads\KBCT - Boca Raton.zip
2014-08-14 17:56 - 2011-08-11 21:19 - 01168431 _____ () C:\Windows\WindowsUpdate.log
2014-08-14 17:42 - 2014-08-14 17:42 - 00106367 _____ () C:\Users\RyanLaptop\Downloads\Fort Lauderdale Exec.zip
2014-08-14 17:41 - 2014-08-05 16:40 - 00000000 ____D () C:\Program Files (x86)\FSFlyingSchoolXPlane10
2014-08-14 17:25 - 2014-07-28 11:25 - 00003216 _____ () C:\Windows\System32\Tasks\HPCeeScheduleForRyanLaptop
2014-08-14 17:25 - 2014-07-28 11:25 - 00000352 _____ () C:\Windows\Tasks\HPCeeScheduleForRyanLaptop.job
2014-08-14 16:29 - 2014-08-14 16:29 - 00020683 _____ () C:\Users\RyanLaptop\Desktop\dds.txt
2014-08-14 16:29 - 2014-08-14 16:29 - 00016231 _____ () C:\Users\RyanLaptop\Desktop\attach.txt
2014-08-14 16:26 - 2009-07-14 00:45 - 00017824 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-08-14 16:26 - 2009-07-14 00:45 - 00017824 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-08-14 16:24 - 2014-08-14 16:23 - 00688992 ____R (Swearware) C:\Users\RyanLaptop\Downloads\dds.com
2014-08-14 16:24 - 2011-08-30 11:35 - 00003966 _____ () C:\Windows\System32\Tasks\User_Feed_Synchronization-{9FEE330D-88C8-49B4-89E3-9BE148B15ADF}
2014-08-14 16:11 - 2014-06-09 11:09 - 00004942 _____ () C:\Windows\setupact.log
2014-08-14 16:11 - 2011-08-14 20:57 - 00017920 _____ () C:\Windows\SysWOW64\rpcnetp.dll
2014-08-14 16:11 - 2009-07-14 01:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-08-14 16:10 - 2011-08-14 20:56 - 00017920 _____ () C:\Windows\SysWOW64\rpcnetp.exe
2014-08-14 16:10 - 2011-08-14 20:56 - 00017920 _____ () C:\Windows\system32\rpcnetp.exe
2014-08-12 10:28 - 2014-07-31 11:42 - 00000117 _____ () C:\Users\RyanLaptop\AppData\Local\x-plane_install_10.txt
2014-08-11 16:21 - 2014-08-11 15:47 - 00000000 ____D () C:\Users\RyanLaptop\AppData\Local\NPE
2014-08-11 16:09 - 2014-08-11 16:08 - 00000000 ____D () C:\NPE
2014-08-11 15:42 - 2009-07-13 23:20 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories
2014-08-11 15:40 - 2014-06-17 15:18 - 00137204 _____ () C:\Windows\PFRO.log
2014-08-11 15:17 - 2009-07-13 23:20 - 00000000 ____D () C:\Windows\PolicyDefinitions
2014-08-11 14:39 - 2014-08-11 14:39 - 00000000 ____D () C:\Users\RyanLaptop\AppData\Roaming\Oracle
2014-08-11 14:38 - 2014-08-11 14:38 - 00000000 ____D () C:\Windows\Sun
2014-08-11 14:38 - 2013-10-18 10:26 - 00000000 ____D () C:\ProgramData\Oracle
2014-08-11 14:37 - 2014-08-11 14:37 - 00004162 _____ () C:\Windows\SysWOW64\jupdate-1.7.0_67-b01.log
2014-08-11 14:37 - 2012-09-07 17:18 - 00000000 ____D () C:\Program Files (x86)\Java
2014-08-11 14:35 - 2014-08-11 14:35 - 00918440 _____ (Oracle Corporation) C:\Users\RyanLaptop\Downloads\chromeinstall-7u67.exe
2014-08-11 13:58 - 2014-08-11 13:55 - 00000000 ____D () C:\Users\RyanLaptop\Documents\Desktop Clean up
2014-08-11 13:53 - 2014-08-11 13:51 - 00000286 _____ () C:\Users\RyanLaptop\AppData\Roaming\OpenSceneryX Installer.plist
2014-08-11 13:51 - 2014-08-11 13:51 - 00003284 _____ () C:\Windows\System32\Tasks\{D98D1220-4F87-4EC2-807C-699FB2CD7C24}
2014-08-11 12:50 - 2014-08-11 12:50 - 02815615 _____ () C:\Users\RyanLaptop\Downloads\OpenSceneryX-Installer-Windows.zip
2014-08-11 10:21 - 2009-07-14 00:45 - 00422232 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-08-09 19:28 - 2014-08-09 19:28 - 00147995 _____ () C:\Users\RyanLaptop\Downloads\KFLL 1.2.zip
2014-08-09 18:14 - 2014-08-09 18:10 - 312475724 _____ () C:\Users\RyanLaptop\Downloads\xp10_hd_mesh_v2_+20-090-north_america.zip
2014-08-09 16:56 - 2014-08-09 15:36 - 00000000 ____D () C:\Program Files\X-Plane 10
2014-08-09 16:56 - 2014-07-31 12:41 - 00000080 _____ () C:\Users\RyanLaptop\AppData\Local\X-Plane Installer.prf
2014-08-09 16:56 - 2014-07-22 16:31 - 00000000 ____D () C:\Users\RyanLaptop\AppData\Local\CrashDumps
2014-08-09 16:26 - 2011-08-11 16:23 - 00110088 _____ () C:\Users\RyanLaptop\AppData\Local\GDIPFONTCACHEV1.DAT
2014-08-09 15:28 - 2011-07-28 17:35 - 00000000 ___HD () C:\Program Files (x86)\InstallShield Installation Information
2014-08-09 15:26 - 2014-08-04 15:28 - 00000000 ____D () C:\Program Files (x86)\Microsoft Games
2014-08-09 15:26 - 2009-07-14 01:32 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games
2014-08-09 15:06 - 2011-08-11 16:34 - 00069792 _____ (Absolute Software Corp.) C:\Windows\SysWOW64\rpcnet.dll
2014-08-05 18:09 - 2014-08-05 18:09 - 00288588 _____ () C:\Windows\msxml4-KB973688-enu.LOG
2014-08-05 18:09 - 2014-08-05 18:08 - 00291222 _____ () C:\Windows\msxml4-KB954430-enu.LOG
2014-08-05 17:33 - 2009-07-14 01:13 - 00880054 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-08-05 16:41 - 2014-08-05 16:41 - 00000000 ____D () C:\Users\RyanLaptop\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\FSFlyingSchool for X-Plane 10
2014-08-05 16:41 - 2014-08-05 16:41 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\FSFlyingSchool for X-Plane 10
2014-08-05 16:41 - 2009-07-13 22:34 - 00000672 _____ () C:\Windows\win.ini
2014-08-05 16:37 - 2014-08-05 16:36 - 35093073 _____ () C:\Users\RyanLaptop\Downloads\FSFlyingSchool_XPlane_10_Setup.exe
2014-08-04 15:30 - 2014-08-04 15:30 - 00099906 _____ () C:\Windows\DirectX.log
2014-08-04 15:30 - 2014-08-04 15:30 - 00000000 ____D () C:\Program Files (x86)\MSXML 4.0
2014-08-04 15:12 - 2014-08-04 15:05 - 837056344 _____ () C:\Users\RyanLaptop\Downloads\FSXDemo.exe
2014-07-31 11:41 - 2014-07-31 11:41 - 04305431 _____ () C:\Users\RyanLaptop\Downloads\X-Plane10DemoInstallerWindows.zip
2014-07-30 17:54 - 2012-06-06 19:07 - 00000000 ___RD () C:\Users\RyanLaptop\Dropbox
2014-07-30 15:55 - 2012-11-15 20:31 - 00002078 ____H () C:\Users\RyanLaptop\Documents\Default.rdp
2014-07-29 11:01 - 2014-07-29 11:01 - 00000000 ____D () C:\Users\RyanLaptop\AppData\Roaming\Canon
2014-07-29 11:01 - 2014-07-29 11:01 - 00000000 _____ () C:\Users\RyanLaptop\Sti_Trace.log
2014-07-29 10:51 - 2012-06-06 19:05 - 00000000 ____D () C:\Users\RyanLaptop\AppData\Roaming\Dropbox
2014-07-28 17:32 - 2011-01-28 18:24 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Visual Studio 2010
2014-07-28 11:24 - 2011-08-22 12:52 - 00000052 _____ () C:\Windows\SysWOW64\DOErrors.log
2014-07-28 11:23 - 2011-11-05 14:37 - 00000000 _____ () C:\Windows\system32\HP_ActiveX_Patch_NOT_DETECTED.txt
2014-07-25 12:55 - 2014-08-11 14:37 - 00098216 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2014-07-25 12:49 - 2014-08-11 14:38 - 00272808 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe
2014-07-25 12:49 - 2014-08-11 14:37 - 00175528 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe
2014-07-25 12:49 - 2014-08-11 14:37 - 00175528 _____ (Oracle Corporation) C:\Windows\SysWOW64\java.exe
2014-07-25 11:50 - 2011-01-28 18:24 - 00000000 ____D () C:\Program Files (x86)\Microsoft Visual Studio 10.0
2014-07-25 11:50 - 2009-07-14 01:32 - 00000000 ____D () C:\Program Files\MSBuild
2014-07-25 11:46 - 2014-07-25 11:46 - 00000000 ____D () C:\ProgramData\PreEmptive Solutions
2014-07-25 11:44 - 2014-07-25 11:44 - 00000000 ____D () C:\Users\Default\Documents\Visual Studio 2008
2014-07-25 11:44 - 2014-07-25 11:44 - 00000000 ____D () C:\Users\Default User\Documents\Visual Studio 2008
2014-07-25 11:11 - 2014-07-24 15:15 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WCF RIA Services V1.0 SP1
2014-07-25 11:11 - 2011-08-13 14:31 - 00110088 _____ () C:\Users\Default\AppData\Local\GDIPFONTCACHEV1.DAT
2014-07-25 11:11 - 2011-08-13 14:31 - 00110088 _____ () C:\Users\Default User\AppData\Local\GDIPFONTCACHEV1.DAT
2014-07-25 11:10 - 2014-07-24 15:15 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight 4 SDK
2014-07-25 11:08 - 2012-06-06 19:06 - 00000000 ____D () C:\Users\RyanLaptop\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
2014-07-25 10:47 - 2012-09-10 23:49 - 00000000 ____D () C:\Program Files\Microsoft Silverlight
2014-07-25 10:47 - 2012-09-10 23:49 - 00000000 ____D () C:\Program Files (x86)\Microsoft Silverlight
2014-07-24 15:15 - 2014-07-24 15:15 - 00000000 ____D () C:\ProgramData\VS
2014-07-24 15:15 - 2011-01-28 18:10 - 00000000 ____D () C:\Program Files (x86)\Microsoft SDKs
2014-07-24 15:12 - 2014-07-24 15:12 - 00000000 ____D () C:\4a31c8cfb6f82bab4c144d
2014-07-24 15:06 - 2012-09-10 23:49 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
2014-07-18 16:54 - 2014-07-18 16:49 - 00013854 _____ () C:\Windows\DPINST.LOG
2014-07-18 16:54 - 2014-07-18 16:49 - 00001336 _____ () C:\Windows\Synaptics.log
2014-07-18 16:52 - 2014-07-18 16:52 - 00723184 _____ (Synaptics Incorporated) C:\Windows\system32\SynCOM.dll
2014-07-18 16:52 - 2014-07-18 16:52 - 00549104 _____ (Synaptics Incorporated) C:\Windows\system32\Drivers\SynTP.sys
2014-07-18 16:52 - 2014-07-18 16:52 - 00422640 _____ (Synaptics Incorporated) C:\Windows\system32\SynTPCo19.dll
2014-07-18 16:52 - 2014-07-18 16:52 - 00400624 _____ (Synaptics Incorporated) C:\Windows\SysWOW64\SynCom.dll
2014-07-18 16:52 - 2014-07-18 16:52 - 00252144 _____ (Synaptics Incorporated) C:\Windows\system32\SynTPAPI.dll
2014-07-18 16:52 - 2014-07-18 16:52 - 00169712 _____ (Synaptics Incorporated) C:\Windows\SysWOW64\SynTPCom.dll
2014-07-18 16:52 - 2011-01-28 17:27 - 00000000 ____D () C:\SWSetup
2014-07-18 16:48 - 2014-07-18 16:48 - 00161880 _____ () C:\Windows\system32\pca-manta.bin
2014-07-18 11:32 - 2014-06-03 12:02 - 00011545 _____ () C:\Users\RyanLaptop\Documents\C1 L.A. Riots Summer Roster.xlsx
2014-07-15 13:57 - 2014-07-15 13:57 - 00000000 ____D () C:\Windows\System32\Tasks\Norton Internet Security
2014-07-15 13:57 - 2014-07-15 13:57 - 00000000 ____D () C:\Users\RyanLaptop\Documents\Symantec
2014-07-15 13:56 - 2014-07-15 13:52 - 00000000 ____D () C:\Users\RyanLaptop\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Norton
2014-07-15 13:55 - 2014-07-15 13:55 - 00177752 _____ (Symantec Corporation) C:\Windows\system32\Drivers\SYMEVENT64x86.SYS
2014-07-15 13:55 - 2014-07-15 13:55 - 00008222 _____ () C:\Windows\system32\Drivers\SYMEVENT64x86.CAT
2014-07-15 13:55 - 2014-07-15 13:55 - 00003234 _____ () C:\Windows\System32\Tasks\Norton WSC Integration
2014-07-15 13:55 - 2014-07-15 13:55 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Norton Internet Security
2014-07-15 13:55 - 2014-07-15 13:55 - 00000000 ____D () C:\Windows\system32\Drivers\NISx64
2014-07-15 13:55 - 2014-07-15 13:55 - 00000000 ____D () C:\Program Files\Common Files\Symantec Shared
2014-07-15 13:55 - 2014-07-15 13:55 - 00000000 ____D () C:\Program Files (x86)\Norton Internet Security
2014-07-15 13:54 - 2012-06-06 19:31 - 00001945 _____ () C:\Windows\epplauncher.mif
2014-07-15 13:44 - 2014-07-15 12:51 - 00000000 ____D () C:\ProgramData\regid.1986-12.com.adobe
2014-07-15 13:37 - 2014-07-15 12:41 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Master Collection CS5.5
2014-07-15 13:37 - 2011-08-14 21:06 - 00000000 ____D () C:\Users\RyanLaptop\AppData\Local\Adobe
2014-07-15 13:36 - 2011-08-11 19:23 - 00000000 ____D () C:\Users\RyanLaptop\AppData\Roaming\Adobe
2014-07-15 13:35 - 2014-07-15 13:35 - 00002465 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Acrobat Distiller X.lnk
2014-07-15 13:35 - 2014-07-15 13:35 - 00002453 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Acrobat X Pro.lnk
2014-07-15 13:35 - 2014-07-15 13:35 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe LiveCycle ES2
2014-07-15 13:34 - 2011-08-14 21:06 - 00000000 ____D () C:\ProgramData\Adobe
2014-07-15 13:33 - 2014-07-15 12:41 - 00000000 ____D () C:\Program Files (x86)\Adobe
2014-07-15 12:41 - 2014-07-15 12:41 - 00000000 ____D () C:\Program Files\Common Files\Adobe
2014-07-15 12:41 - 2014-07-15 12:41 - 00000000 ____D () C:\Program Files\Adobe
2014-07-15 11:24 - 2014-07-15 11:17 - 152139472 _____ () C:\Users\RyanLaptop\Downloads\hdjndgwi.exe
2014-07-15 11:12 - 2014-07-14 17:58 - 00000000 ____D () C:\Program Files (x86)\Spybot - Search & Destroy 2
2014-07-15 11:10 - 2014-07-14 18:07 - 00000085 _____ () C:\Windows\wininit.ini
2014-07-15 11:08 - 2014-07-14 17:58 - 00000000 ____D () C:\ProgramData\Spybot - Search & Destroy
 
Some content of TEMP:
====================
C:\Users\RyanLaptop\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpfkzrlc.dll
C:\Users\RyanLaptop\AppData\Local\Temp\Extract.exe
C:\Users\RyanLaptop\AppData\Local\Temp\Installer_Windows.exe
C:\Users\RyanLaptop\AppData\Local\Temp\SP64284.exe
C:\Users\RyanLaptop\AppData\Local\Temp\SP66111.exe
 
 
==================== Bamital & volsnap Check =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
 
 
LastRegBack: 2014-08-11 11:29
 
==================== End Of Log ============================

Addition

 

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 14-08-2014 01
Ran by RyanLaptop at 2014-08-14 18:54:32
Running from C:\Users\RyanLaptop\Desktop
Boot Mode: Normal
==========================================================
 
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
AV: Norton Internet Security (Disabled - Up to date) {D87FA2C0-F526-77B1-D6EC-0EDF3936CEDB}
AS: Norton Internet Security (Enabled - Up to date) {631E4324-D31C-783F-EC5C-35AD42B18466}
AS: Windows Defender (Disabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: Norton Internet Security (Enabled) {E04423E5-BF49-76E9-FDB3-A7EAC7E589A0}
 
==================== Installed Programs ======================
 
(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
 Update for Microsoft Office 2007 (KB2508958) (HKLM-x32\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{0C5823AA-7B6F-44E1-8D5B-8FD1FF0E6438}) (Version:  - Microsoft)
µTorrent (HKLM-x32\...\uTorrent) (Version: 3.0.0 - )
7-Zip 9.20 (x64 edition) (HKLM\...\{23170F69-40C1-2702-0920-000001000000}) (Version: 9.20.00.0 - Igor Pavlov)
Absolute Notifier (HKLM-x32\...\{EBE939ED-4612-45FD-A39E-77AC199C4273}) (Version: 1.4.3.20 - Absolute Software)
Adobe Acrobat X Pro - English, Français, Deutsch (HKLM-x32\...\{AC76BA86-1033-F400-7760-000000000005}) (Version: 10.0.0 - Adobe Systems)
Adobe Creative Suite 5.5 Master Collection (HKLM-x32\...\{D57FC112-312E-4D70-860F-2DB8FB6858F0}) (Version: 5.5 - Adobe Systems Incorporated)
Adobe Flash Player 14 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 14.0.0.145 - Adobe Systems Incorporated)
Adobe Flash Player 14 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 14.0.0.145 - Adobe Systems Incorporated)
AMD Accelerated Video Transcoding (Version: 12.10.100.30530 - Advanced Micro Devices, Inc.) Hidden
AMD APP SDK Runtime (Version: 2.5.793.1 - Advanced Micro Devices Inc.) Hidden
AMD AVIVO64 Codecs (Version: 11.6.0.11003 - Advanced Micro Devices, Inc.) Hidden
AMD Catalyst Install Manager (HKLM\...\{935D195D-0E7A-3D63-5B66-70E6D13E6C03}) (Version: 8.0.911.0 - Advanced Micro Devices, Inc.)
AMD Drag and Drop Transcoding (Version: 2.00.0000 - Advanced Micro Devices, Inc.) Hidden
AMD Media Foundation Decoders (Version: 1.0.61003.1205 - Advanced Micro Devices, Inc.) Hidden
Bonjour (HKLM\...\{CA0D2F09-F811-48D4-843E-C87696C6A9D9}) (Version: 3.0.0.2 - Apple Inc.)
Canon MF8300C Series (HKLM\...\{DB3D2C81-EF11-4b1f-9B55-3959AEE09E55}) (Version: 3.9.0.0 - CANON INC.)
Catalyst Control Center - Branding (x32 Version: 1.00.0000 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center (x32 Version: 2013.0530.352.5022 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Graphics Previews Common (x32 Version: 2013.0530.352.5022 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center InstallProxy (x32 Version: 2013.0530.352.5022 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Localization All (x32 Version: 2013.0530.352.5022 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Profiles Mobile (x32 Version: 2013.0530.352.5022 - Advanced Micro Devices, Inc.) Hidden
CCC Help Chinese Standard (x32 Version: 2013.0530.0351.5022 - Advanced Micro Devices, Inc.) Hidden
CCC Help Chinese Traditional (x32 Version: 2013.0530.0351.5022 - Advanced Micro Devices, Inc.) Hidden
CCC Help Czech (x32 Version: 2013.0530.0351.5022 - Advanced Micro Devices, Inc.) Hidden
CCC Help Danish (x32 Version: 2013.0530.0351.5022 - Advanced Micro Devices, Inc.) Hidden
CCC Help Dutch (x32 Version: 2013.0530.0351.5022 - Advanced Micro Devices, Inc.) Hidden
CCC Help English (x32 Version: 2013.0530.0351.5022 - Advanced Micro Devices, Inc.) Hidden
CCC Help Finnish (x32 Version: 2013.0530.0351.5022 - Advanced Micro Devices, Inc.) Hidden
CCC Help French (x32 Version: 2013.0530.0351.5022 - Advanced Micro Devices, Inc.) Hidden
CCC Help German (x32 Version: 2013.0530.0351.5022 - Advanced Micro Devices, Inc.) Hidden
CCC Help Greek (x32 Version: 2013.0530.0351.5022 - Advanced Micro Devices, Inc.) Hidden
CCC Help Hungarian (x32 Version: 2013.0530.0351.5022 - Advanced Micro Devices, Inc.) Hidden
CCC Help Italian (x32 Version: 2013.0530.0351.5022 - Advanced Micro Devices, Inc.) Hidden
CCC Help Japanese (x32 Version: 2013.0530.0351.5022 - Advanced Micro Devices, Inc.) Hidden
CCC Help Korean (x32 Version: 2013.0530.0351.5022 - Advanced Micro Devices, Inc.) Hidden
CCC Help Norwegian (x32 Version: 2013.0530.0351.5022 - Advanced Micro Devices, Inc.) Hidden
CCC Help Polish (x32 Version: 2013.0530.0351.5022 - Advanced Micro Devices, Inc.) Hidden
CCC Help Portuguese (x32 Version: 2013.0530.0351.5022 - Advanced Micro Devices, Inc.) Hidden
CCC Help Russian (x32 Version: 2013.0530.0351.5022 - Advanced Micro Devices, Inc.) Hidden
CCC Help Spanish (x32 Version: 2013.0530.0351.5022 - Advanced Micro Devices, Inc.) Hidden
CCC Help Swedish (x32 Version: 2013.0530.0351.5022 - Advanced Micro Devices, Inc.) Hidden
CCC Help Thai (x32 Version: 2013.0530.0351.5022 - Advanced Micro Devices, Inc.) Hidden
CCC Help Turkish (x32 Version: 2013.0530.0351.5022 - Advanced Micro Devices, Inc.) Hidden
ccc-utility64 (Version: 2013.0530.352.5022 - Advanced Micro Devices, Inc.) Hidden
CCleaner (HKLM\...\CCleaner) (Version: 4.14 - Piriform)
Console Color for Visual Studio 2010 (HKLM-x32\...\{488E1459-FA1F-4F91-BAFF-448A51CE0631}) (Version: 2.8.30 - Full Sail University)
Critical Update for Microsoft Visual Studio 2010 Professional - ENU (KB2938807) (HKLM-x32\...\{D6B15AE6-B052-363E-B6BB-C4714CBA6509}.KB2938807) (Version: 1 - Microsoft Corporation)
Crystal Reports for Visual Studio (x32 Version: 12.51.0.240 - SAP) Hidden
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
Dead Island (HKLM-x32\...\Steam App 91310) (Version:  - Techland)
District 187 (HKLM-x32\...\Steam App 221080) (Version:  - )
Dotfuscator Software Services - Community Edition (HKLM-x32\...\{1AA5BD63-6614-44B2-88A7-605191EDB835}) (Version: 5.0.2500.0 - PreEmptive Solutions)
Driver San Francisco (HKLM-x32\...\Driver San Francisco) (Version: 1.1.0.0 - Ubisoft)
Dropbox (HKCU\...\Dropbox) (Version: 2.10.3 - Dropbox, Inc.)
ESN Sonar (HKLM-x32\...\ESN Sonar-0.70.0) (Version: 0.70.0 - ESN Social Software AB)
ESN Sonar (HKLM-x32\...\ESN Sonar-0.70.3) (Version: 0.70.3 - ESN Social Software AB)
FSFlyingSchool for X-Plane 10 - Cessna 172 Edition (HKLM-x32\...\FSFlyingSchool for X-Plane 10 - Cessna 172 Edition) (Version:  - )
Google Chrome (HKCU\...\Google Chrome) (Version: 35.0.1916.153 - Google Inc.)
GTA San Andreas (HKLM-x32\...\{E0303B6A-C675-4102-95DA-C013625BFA99}) (Version: 1.00.00001 - Rockstar Games)
Hewlett-Packard ACLM.NET v1.2.1.1 (x32 Version: 1.00.0000 - Hewlett-Packard Company) Hidden
HP Customer Experience Enhancements (x32 Version: 6.0.1.7 - Hewlett-Packard) Hidden
HP ESU for Microsoft Windows 7 (HKLM-x32\...\{D562B3BB-4405-4FA8-BCE2-D5DB89E8D5CE}) (Version: 2.2.1 - Hewlett-Packard Company)
HP Officejet Pro 8500 A910 Basic Device Software (HKLM\...\{33A06AC3-F20D-417A-B621-83A73771624E}) (Version: 22.0.334.0 - Hewlett-Packard Co.)
HP Officejet Pro 8500 A910 Help (HKLM-x32\...\{13D324E9-9DB1-478D-944C-28BBE1BB80DC}) (Version: 140.0.2.2 - Hewlett Packard)
HP SoftPaq Download Manager (HKLM-x32\...\{FE465061-894A-4023-8580-56FCDD4F23F9}) (Version: 3.4.4.0 - Hewlett-Packard Company)
HP Software Framework (HKLM-x32\...\{675D093B-815D-47FD-AB2C-192EC751E8E2}) (Version: 4.6.10.1 - Hewlett-Packard Company)
HP Support Assistant (HKLM-x32\...\{EE202411-2C26-49E8-9784-1BC1DBF7DE96}) (Version: 7.0.39.15 - Hewlett-Packard Company)
HP Update (HKLM-x32\...\{787D1A33-A97B-4245-87C0-7174609A540C}) (Version: 5.002.005.003 - Hewlett-Packard)
HP Web Camera (Version: 1.0.0 - Hewlett-Packard) Hidden
HP Webcam (HKLM-x32\...\{1D61E881-43CD-447B-9E6B-D2C6138B2862}) (Version: 1.0.26.3 - Roxio)
HydraVision (x32 Version: 4.2.212.0 - Advanced Micro Devices, Inc.) Hidden
I.R.I.S. OCR (HKLM-x32\...\{CA6BCA2F-EDEB-408F-850B-31404BE16A61}) (Version: 12.3.4 - HP)
IDT Audio (HKLM-x32\...\{E3A5A8AB-58F6-45FF-AFCB-C9AE18C05001}) (Version: 1.0.6428.0 - IDT)
Intel PROSet Wireless (Version:  - ) Hidden
Intel® Control Center (HKLM-x32\...\{F8A9085D-4C7A-41a9-8A77-C8998A96C421}) (Version: 1.2.1.1007 - Intel Corporation)
Intel® Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 7.0.0.1144 - Intel Corporation)
Intel® Network Connections Drivers (HKLM\...\PROSet) (Version: 17.3 - Intel)
Intel® PROSet/Wireless for Bluetooth® + High Speed (HKLM\...\{BEE86606-EFB5-4353-9F34-29E0C59CDCFA}) (Version: 15.2.0.0284 - Intel Corporation)
Intel® PROSet/Wireless WiFi Software (HKLM\...\{181BBF43-CA17-4E1A-A78D-81E67A57B8A4}) (Version: 15.02.0000.1258 - Intel Corporation)
iTunes (HKLM\...\{B613A9BB-2B34-4824-A4BE-2427653D59D6}) (Version: 10.4.0.80 - Apple Inc.)
Java 7 Update 67 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83217025FF}) (Version: 7.0.670 - Oracle)
Java Auto Updater (x32 Version: 2.1.67.1 - Oracle, Inc.) Hidden
JMicron 1394 Filter Driver (HKLM-x32\...\{13C96625-28E4-4c58-ADE0-CDAFC64752EB}) (Version: 1.00.25.03 - JMicron Technology Corp.)
JMicron Flash Media Controller Driver (HKLM-x32\...\{26604C7E-A313-4D12-867F-7C6E7820BE4C}) (Version: 1.0.72.4 - JMicron Technology Corp.)
Junk Mail filter update (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Killing Floor (HKLM-x32\...\Steam App 1250) (Version:  - Tripwire Interactive)
Kingsoft Office 2012 (8.1.0.3375) (HKLM-x32\...\Kingsoft Office) (Version: 8.1.0.3375 - Kingsoft Corp.)
L.A. Noire (HKLM-x32\...\Steam App 110800) (Version:  - Rockstar)
Left 4 Dead (HKLM-x32\...\Steam App 500) (Version:  - Valve)
Left 4 Dead 2 (HKLM-x32\...\Steam App 550) (Version:  - Valve)
Left 4 Dead 2 Authoring Tools (HKLM-x32\...\Steam App 563) (Version:  - Valve)
Left 4 Dead 2 Dedicated Server (HKLM-x32\...\Steam App 560) (Version:  - Valve)
LSI HDA Modem (HKLM\...\LSI Soft Modem) (Version: 2.2.100 - LSI Corporation)
Lua 5.1.4.23 (HKLM-x32\...\Lua_is1) (Version: 5.1.4.23 - Lua and Tecgraf, PUC-Rio)
Malwarebytes Anti-Malware version 2.0.2.1012 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.2.1012 - Malwarebytes Corporation)
Max Payne 3 (HKLM-x32\...\Steam App 204100) (Version:  - Rockstar)
Mesh Runtime (x32 Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Messenger Companion (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4 Multi-Targeting Pack (HKLM-x32\...\{CFEF48A8-BFB8-3EAC-8BA5-DE4F8AA267CE}) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (Version: 4.5.50938 - Microsoft Corporation) Hidden
Microsoft Application Error Reporting (Version: 12.0.6015.5000 - Microsoft Corporation) Hidden
Microsoft Application Error Reporting (x32 Version: 12.0.6012.5000 - Microsoft Corporation) Hidden
Microsoft ASP.NET MVC 2 - Visual Studio 2010 Tools (HKLM-x32\...\{40416836-56CC-4C0E-A6AF-5C34BADCE483}) (Version: 2.0.50217.0 - Microsoft Corporation)
Microsoft ASP.NET MVC 2 (HKLM-x32\...\{1803A630-3C38-4D2B-9B9A-0CB37243539C}) (Version: 2.0.50217.0 - Microsoft Corporation)
Microsoft DirectX SDK (June 2010) (HKLM-x32\...\Microsoft DirectX SDK (June 2010)) (Version: 9.29.1962.0 - Microsoft Corporation)
Microsoft Games for Windows - LIVE  (HKLM-x32\...\{4D243BA7-9AC4-46D1-90E5-EEB88974F501}) (Version: 2.0.687.0 - Microsoft Corporation)
Microsoft Games for Windows - LIVE Redistributable (HKLM-x32\...\{832D9DE0-8AFC-4689-9819-4DBBDEBD3E4F}) (Version: 3.5.92.0 - Microsoft Corporation)
Microsoft Help Viewer 1.1 (HKLM\...\Microsoft Help Viewer 1.1) (Version: 1.1.40219 - Microsoft Corporation)
Microsoft Help Viewer 1.1 (Version: 1.1.40219 - Microsoft Corporation) Hidden
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM-x32\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version:  - Microsoft)
Microsoft Office 2007 Service Pack 3 (SP3) (x32 Version:  - Microsoft) Hidden
Microsoft Office Access MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Access Setup Metadata MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Enterprise 2007 (HKLM-x32\...\ENTERPRISE) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Office Enterprise 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Excel MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office File Validation Add-In (HKLM-x32\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
Microsoft Office Groove MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Groove Setup Metadata MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office InfoPath MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Office 64-bit Components 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office OneNote MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Outlook Connector (HKLM-x32\...\{95140000-007A-0409-0000-0000000FF1CE}) (Version: 14.0.5118.5000 - Microsoft Corporation)
Microsoft Office Outlook MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office PowerPoint MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (French) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (Spanish) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proofing (English) 2007 (x32 Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) (x32 Version:  - Microsoft) Hidden
Microsoft Office Publisher MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared 64-bit MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared Setup Metadata MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Word MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft Silverlight 3 SDK (HKLM-x32\...\{2012098D-EEE9-4769-8DD3-B038050854D4}) (Version: 3.0.40818.0 - Microsoft Corporation)
Microsoft Silverlight 4 SDK (HKLM-x32\...\{05855322-BE43-41FE-B583-D3AE0C326D58}) (Version: 4.0.50826.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft SQL Server 2008 (64-bit) (HKLM\...\Microsoft SQL Server 10 Release) (Version:  - Microsoft Corporation)
Microsoft SQL Server 2008 (64-bit) (Version:  - Microsoft Corporation) Hidden
Microsoft SQL Server 2008 Browser (HKLM-x32\...\{C688457E-03FD-4941-923B-A27F4D42A7DD}) (Version: 10.2.4000.0 - Microsoft Corporation)
Microsoft SQL Server 2008 Common Files (Version: 10.2.4000.0 - Microsoft Corporation) Hidden
Microsoft SQL Server 2008 Database Engine Services (Version: 10.2.4000.0 - Microsoft Corporation) Hidden
Microsoft SQL Server 2008 Database Engine Shared (Version: 10.2.4000.0 - Microsoft Corporation) Hidden
Microsoft SQL Server 2008 Native Client (HKLM\...\{C3AF5BD8-30D5-41F5-AF61-705D98146B0F}) (Version: 10.2.4000.0 - Microsoft Corporation)
Microsoft SQL Server 2008 R2 Data-Tier Application Framework (HKLM-x32\...\{BC537AE0-88AF-47ED-B762-33B0D62B5188}) (Version: 10.50.1750.9 - Microsoft Corporation)
Microsoft SQL Server 2008 R2 Data-Tier Application Project (HKLM-x32\...\{7A56D81D-6406-40E7-9184-8AC1769C4D69}) (Version: 10.50.1750.9 - Microsoft Corporation)
Microsoft SQL Server 2008 R2 Management Objects (HKLM-x32\...\{77F1F8AD-51B8-4490-AEEC-BF480073E0FC}) (Version: 10.50.1750.9 - Microsoft Corporation)
Microsoft SQL Server 2008 R2 Management Objects (x64) (HKLM\...\{EAEBF166-B06A-4D7F-BAF7-6615303D5C7C}) (Version: 10.50.1750.9 - Microsoft Corporation)
Microsoft SQL Server 2008 R2 Transact-SQL Language Service (HKLM-x32\...\{09C52940-A4D1-4409-A7CC-1AAE630CF578}) (Version: 10.50.1750.9 - Microsoft Corporation)
Microsoft SQL Server 2008 RsFx Driver (Version: 10.2.4000.0 - Microsoft Corporation) Hidden
Microsoft SQL Server 2008 Setup Support Files  (HKLM\...\{C0C690C8-F335-4BA4-A2AD-675EAD1DFA90}) (Version: 10.2.4000.0 - Microsoft Corporation)
Microsoft SQL Server Compact 3.5 SP2 ENU (HKLM-x32\...\{3A9FC03D-C685-4831-94CF-4EDFD3749497}) (Version: 3.5.8080.0 - Microsoft Corporation)
Microsoft SQL Server Compact 3.5 SP2 x64 ENU (HKLM\...\{D4AD39AD-091E-4D33-BB2B-59F6FCB8ADC3}) (Version: 3.5.8080.0 - Microsoft Corporation)
Microsoft SQL Server Database Publishing Wizard 1.4 (HKLM-x32\...\{ACE28263-76A4-4BF5-B6F4-8BD719595969}) (Version: 10.1.2512.8 - Microsoft Corporation)
Microsoft SQL Server System CLR Types (HKLM-x32\...\{877B76B2-F83F-4F5A-B28D-3F398641ADB6}) (Version: 10.50.1750.9 - Microsoft Corporation)
Microsoft SQL Server System CLR Types (x64) (HKLM\...\{1E6ED082-E32D-4B2B-8B6A-70B094815135}) (Version: 10.50.1750.9 - Microsoft Corporation)
Microsoft SQL Server VSS Writer (HKLM\...\{0826F9E4-787E-481D-83E0-BC6A57B056D5}) (Version: 10.2.4000.0 - Microsoft Corporation)
Microsoft Sync Framework Runtime v1.0 SP1 (x64) (HKLM\...\{8438EC02-B8A9-462D-AC72-1B521349C001}) (Version: 1.0.3010.0 - Microsoft Corporation)
Microsoft Sync Framework SDK v1.0 SP1 (HKLM-x32\...\{0E3DFC64-CC49-4BE2-8C9C-58EF129675DB}) (Version: 1.0.3010.0 - Microsoft Corporation)
Microsoft Sync Framework Services v1.0 SP1 (x64) (HKLM\...\{034106B5-54B7-467F-B477-5B7DBB492624}) (Version: 1.0.3010.0 - Microsoft Corporation)
Microsoft Sync Services for ADO.NET v2.0 SP1 (x64) (HKLM\...\{1D1CEEF8-3741-45BD-8E77-963E1DEBDDD3}) (Version: 2.0.3010.0 - Microsoft Corporation)
Microsoft Team Foundation Server 2010 Object Model - ENU (HKLM\...\Microsoft Team Foundation Server 2010 Object Model - ENU) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Team Foundation Server 2010 Object Model - ENU (Version: 10.0.40219 - Microsoft Corporation) Hidden
Microsoft Visual C++  Compilers 2010 Standard - enu - x64 (Version: 10.0.40219 - Microsoft Corporation) Hidden
Microsoft Visual C++  Compilers 2010 Standard - enu - x86 (x32 Version: 10.0.40219 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{A49F249F-0C91-497F-86DF-B2585E8E76B7}) (Version: 8.0.50727.42 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022 (HKLM\...\{350AA351-21FA-3270-8B7A-835434E766AD}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (HKLM-x32\...\{6AFCA4E1-9B78-3640-8F72-A7BF33448200}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4974 (HKLM-x32\...\{B7E38540-E355-3503-AFD7-635B2F2F76E1}) (Version: 9.0.30729.4974 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Designtime - 10.0.30319 (HKLM\...\{F5079164-1DB9-3BDA-853B-F78AF67CE071}) (Version: 10.0.30319 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Runtime - 10.0.40219 (HKLM\...\{1C7C8AAF-A16D-32E8-89E5-F6D165DE0BCE}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Runtime - 10.0.40219 (HKLM-x32\...\{5D9ED403-94DE-3BA0-B1D6-71F4BDA412E6}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual F# 2.0 Runtime (HKLM-x32\...\{85467CBC-7A39-33C9-8940-D72D9269B84F}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual Studio 2010 ADO.NET Entity Framework Tools (HKLM-x32\...\{14DD7530-CCD2-3798-B37D-3839ED6A441C}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual Studio 2010 Office Developer Tools (x64) (Version: 10.0.40219 - Microsoft Corporation) Hidden
Microsoft Visual Studio 2010 Professional - ENU (HKLM-x32\...\Microsoft Visual Studio 2010 Professional - ENU) (Version: 10.0.30319 - Microsoft Corporation)
Microsoft Visual Studio 2010 Professional - ENU (x32 Version: 10.0.40219 - Microsoft Corporation) Hidden
Microsoft Visual Studio 2010 Service Pack 1 (HKLM-x32\...\Microsoft Visual Studio 2010 Service Pack 1) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual Studio 2010 Service Pack 1 (x32 Version: 10.0.40219 - Microsoft Corporation) Hidden
Microsoft Visual Studio 2010 SharePoint Developer Tools (x32 Version: 10.0.40219 - Microsoft Corporation) Hidden
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.31007 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (Version: 10.0.31010 - Microsoft Corporation) Hidden
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (Version: 10.0.50330 - Microsoft Corporation) Hidden
Microsoft Visual Studio Macro Tools (HKLM-x32\...\Microsoft Visual Studio Macro Tools) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual Studio Macro Tools (x32 Version: 9.0.30729 - Microsoft Corporation) Hidden
Microsoft XNA Framework Redistributable 4.0 (HKLM-x32\...\{2BFC7AA0-544C-4E3A-8796-67F3BE655BE9}) (Version: 4.0.20823.0 - Microsoft Corporation)
Microsoft_VC80_ATL_x86 (x32 Version: 8.0.50727.4053 - Adobe) Hidden
Microsoft_VC80_CRT_x86 (x32 Version: 8.0.50727.4053 - Adobe) Hidden
Microsoft_VC80_MFC_x86 (x32 Version: 8.0.50727.4053 - Adobe) Hidden
Microsoft_VC80_MFCLOC_x86 (x32 Version: 8.0.50727.4053 - Adobe) Hidden
Microsoft_VC90_ATL_x86 (x32 Version: 1.00.0000 - Adobe) Hidden
Microsoft_VC90_CRT_x86 (x32 Version: 1.00.0000 - Adobe) Hidden
Microsoft_VC90_MFC_x86 (x32 Version: 1.00.0000 - Adobe) Hidden
Microsoft_VC90_MFCLOC_x86 (x32 Version: 1.00.0000 - Adobe) Hidden
MSVCRT (x32 Version: 15.4.2862.0708 - Microsoft) Hidden
MSVCRT_amd64 (x32 Version: 15.4.2862.0708 - Microsoft) Hidden
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
MSXML 4.0 SP2 Parser and SDK (HKLM-x32\...\{716E0306-8318-4364-8B8F-0CC4E9376BAC}) (Version: 4.20.9818.0 - Microsoft Corporation)
Napoleon: Total War (HKLM-x32\...\Steam App 34030) (Version:  - The Creative Assembly)
Nitronic Rush (2011-11-11) version 20111111.0 (HKLM-x32\...\{9B55759D-424F-4CB1-B84E-AAE83CC1D20A}_is1) (Version: 20111111.0 - DigiPen)
Norton Internet Security (HKLM-x32\...\NIS) (Version: 21.4.0.13 - Symantec Corporation)
Notepad++ (HKLM-x32\...\Notepad++) (Version: 5.9.3 - )
NppConfig (HKLM-x32\...\{E2B655D6-0416-4978-9106-FBADA8395840}) (Version: 2.0.0 - Full Sail University)
NVIDIA PhysX (HKLM-x32\...\{64467D47-FFE4-4FBC-ABBA-A0DB829A17EB}) (Version: 9.12.0613 - NVIDIA Corporation)
Omerta - City of Gangsters (HKLM-x32\...\Steam App 208520) (Version:  - )
OpenAL (HKLM-x32\...\OpenAL) (Version:  - )
Organ Trail: Director's Cut (HKLM-x32\...\Steam App 233740) (Version:  - The Men Who Wear Many Hats)
PAYDAY: The Heist (HKLM-x32\...\Steam App 24240) (Version:  - Overkill)
QuickTime (HKLM-x32\...\{AF0CE7C0-A3E4-4D73-988B-B29187EC6E9A}) (Version: 7.73.80.64 - Apple Inc.)
Renesas Electronics USB 3.0 Host Controller Driver (HKLM-x32\...\InstallShield_{5442DAB8-7177-49E1-8B22-09A049EA5996}) (Version: 2.1.19.0 - Renesas Electronics Corporation)
Renesas Electronics USB 3.0 Host Controller Driver (x32 Version: 2.1.19.0 - Renesas Electronics Corporation) Hidden
Resident Evil 5 (HKLM-x32\...\Steam App 21690) (Version:  - Capcom)
Rockstar Games Social Club (HKLM-x32\...\Rockstar Games Social Club) (Version: 1.1.0.1 - Rockstar Games)
Service Pack 2 for SQL Server 2008 (KB2285068) (64-bit) (HKLM\...\KB2285068) (Version: 10.2.4000.0 - Microsoft Corporation)
Skype Click to Call (HKLM-x32\...\{B6CF2967-C81E-40C0-9815-C05774FEF120}) (Version: 5.6.8312 - Skype Technologies S.A.)
Sql Server Customer Experience Improvement Program (Version: 10.2.4000.0 - Microsoft Corporation) Hidden
Steam (HKLM-x32\...\{048298C9-A4D3-490B-9FF9-AB023A9238F3}) (Version: 1.0.0.0 - Valve Corporation)
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 17.0.18.8 - Synaptics Incorporated)
TeamViewer 9 (HKLM-x32\...\TeamViewer 9) (Version: 9.0.29947 - TeamViewer)
The Walking Dead (HKLM-x32\...\Steam App 207610) (Version:  - )
Ultima Online Classic Client (HKLM-x32\...\Ultima Online Classic) (Version:  - Electronic Arts)
Update for 2007 Microsoft Office System (KB967642) (HKLM-x32\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version:  - Microsoft)
Update for Microsoft Office 2007 Help for Common Features (KB963673) (HKLM-x32\...\{90120000-006E-0409-0000-0000000FF1CE}_ENTERPRISE_{AB365889-0395-4FAD-B702-CA5985D53D42}) (Version:  - Microsoft)
Update for Microsoft Office 2007 suites (KB2596620) 32-Bit Edition (HKLM-x32\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{A024FC7B-77DE-45DE-A058-1C049A17BFB3}) (Version:  - Microsoft)
Update for Microsoft Office 2007 suites (KB2767849) 32-Bit Edition (HKLM-x32\...\{90120000-002A-0000-1000-0000000FF1CE}_ENTERPRISE_{CB68A5B0-3508-4193-AEB9-AF636DAECE0F}) (Version:  - Microsoft)
Update for Microsoft Office 2007 suites (KB2767849) 32-Bit Edition (HKLM-x32\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{CB68A5B0-3508-4193-AEB9-AF636DAECE0F}) (Version:  - Microsoft)
Update for Microsoft Office 2007 suites (KB2767916) 32-Bit Edition (HKLM-x32\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{E9A82945-BA29-4EE8-8F2A-2F49545E9CF2}) (Version:  - Microsoft)
Update for Microsoft Office Access 2007 Help (KB963663) (HKLM-x32\...\{90120000-0015-0409-0000-0000000FF1CE}_ENTERPRISE_{6B76A18A-AA1E-42AB-A7AD-6C84BBB43987}) (Version:  - Microsoft)
Update for Microsoft Office Excel 2007 Help (KB963678) (HKLM-x32\...\{90120000-0016-0409-0000-0000000FF1CE}_ENTERPRISE_{199DF7B6-169C-448C-B511-1054101BE9C9}) (Version:  - Microsoft)
Update for Microsoft Office Infopath 2007 Help (KB963662) (HKLM-x32\...\{90120000-0044-0409-0000-0000000FF1CE}_ENTERPRISE_{716B81B8-B13C-41DF-8EAC-7A2F656CAB63}) (Version:  - Microsoft)
Update for Microsoft Office OneNote 2007 Help (KB963670) (HKLM-x32\...\{90120000-00A1-0409-0000-0000000FF1CE}_ENTERPRISE_{2744EF05-38E1-4D5D-B333-E021EDAEA245}) (Version:  - Microsoft)
Update for Microsoft Office Outlook 2007 (KB2687404) 32-Bit Edition (HKLM-x32\...\{90120000-001A-0409-0000-0000000FF1CE}_ENTERPRISE_{ED38F8A3-4F61-494E-8BCA-E3AC7760C924}) (Version:  - Microsoft)
Update for Microsoft Office Outlook 2007 (KB2863811) 32-Bit Edition (HKLM-x32\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{53DEC068-4690-4F6B-9946-7D21EF02236B}) (Version:  - Microsoft)
Update for Microsoft Office Outlook 2007 Help (KB963677) (HKLM-x32\...\{90120000-001A-0409-0000-0000000FF1CE}_ENTERPRISE_{0451F231-E3E3-4943-AB9F-58EB96171784}) (Version:  - Microsoft)
Update for Microsoft Office Outlook 2007 Junk Email Filter (KB2883030) 32-Bit Edition (HKLM-x32\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{F5DCAB53-C2FD-4E5A-8C83-0F37485E5E89}) (Version:  - Microsoft)
Update for Microsoft Office Powerpoint 2007 Help (KB963669) (HKLM-x32\...\{90120000-0018-0409-0000-0000000FF1CE}_ENTERPRISE_{397B1D4F-ED7B-4ACA-A637-43B670843876}) (Version:  - Microsoft)
Update for Microsoft Office Publisher 2007 Help (KB963667) (HKLM-x32\...\{90120000-0019-0409-0000-0000000FF1CE}_ENTERPRISE_{2E40DE55-B289-4C8B-8901-5D369B16814F}) (Version:  - Microsoft)
Update for Microsoft Office Script Editor Help (KB963671) (HKLM-x32\...\{90120000-006E-0409-0000-0000000FF1CE}_ENTERPRISE_{CD11C6A2-FFC6-4271-8EAB-79C3582F505C}) (Version:  - Microsoft)
Update for Microsoft Office Word 2007 Help (KB963665) (HKLM-x32\...\{90120000-001B-0409-0000-0000000FF1CE}_ENTERPRISE_{80E762AA-C921-4839-9D7D-DB62A72C0726}) (Version:  - Microsoft)
Validity Fingerprint Sensor Driver (HKLM\...\{697E5298-CF76-43A3-AC9D-6AE2FA0F2B43}) (Version: 4.3.226.0 - Validity Sensors, Inc.)
Visual Studio 2010 Prerequisites - English (HKLM\...\{662014D2-0450-37ED-ABAE-157C88127BEB}) (Version: 10.0.40219 - Microsoft Corporation)
Visual Studio 2010 Tools for SQL Server Compact 3.5 SP2 ENU (HKLM-x32\...\{112C23F2-C036-4D40-BED4-0CB47BF5555C}) (Version: 4.0.8080.0 - Microsoft Corporation)
VLC media player 2.0.5 (HKLM-x32\...\VLC media player) (Version: 2.0.5 - VideoLAN)
WCF RIA Services V1.0 SP1 (HKLM-x32\...\{D9E6001A-5DC3-4620-AF7A-80B6CD48645D}) (Version: 4.1.60114.0 - Microsoft Corporation)
Web Deployment Tool (HKLM\...\{0F37D969-1260-419E-B308-EF7D29ABDE20}) (Version: 1.1.0618 - Microsoft Corporation)
Where in the USA is Carmen Sandiego? (HKLM-x32\...\Where in the USA is Carmen Sandiego?) (Version:  - )
Windows Live Communications Platform (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Essentials (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Family Safety (Version: 15.4.3538.0513 - Microsoft Corporation) Hidden
Windows Live ID Sign-in Assistant (Version: 7.250.4232.0 - Microsoft Corporation) Hidden
Windows Live Installer (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Language Selector (Version: 15.4.3538.0513 - Microsoft Corporation) Hidden
Windows Live Mail (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Mesh (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Mesh ActiveX Control for Remote Connections (HKLM-x32\...\{2902F983-B4C1-44BA-B85D-5C6D52E2C441}) (Version: 15.4.5722.2 - Microsoft Corporation)
Windows Live Messenger (x32 Version: 15.4.3538.0513 - Microsoft Corporation) Hidden
Windows Live Messenger Companion Core (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live MIME IFilter (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Movie Maker (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Photo Common (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Photo Gallery (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live PIMT Platform (x32 Version: 15.4.3508.1109 - Microsoft Corporation) Hidden
Windows Live Remote Client (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Windows Live Remote Client Resources (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Windows Live Remote Service (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Windows Live Remote Service Resources (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Windows Live SOXE (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live SOXE Definitions (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live UX Platform (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live UX Platform Language Pack (x32 Version: 15.4.3508.1109 - Microsoft Corporation) Hidden
Windows Live Writer (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Writer Resources (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
WinRAR 4.01 (64-bit) (HKLM\...\WinRAR archiver) (Version: 4.01.0 - win.rar GmbH)
 
==================== Custom CLSID (selected items): ==========================
 
(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)
 
CustomCLSID: HKU\S-1-5-21-2937270282-1843250493-475737815-1009_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Users\RyanLaptop\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2937270282-1843250493-475737815-1009_Classes\CLSID\{90B3DFBF-AF6A-4EA0-8899-F332194690F8}\InprocServer32 -> C:\Users\RyanLaptop\AppData\Local\Google\Update\1.3.24.15\psuser_64.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-2937270282-1843250493-475737815-1009_Classes\CLSID\{E8CF3E55-F919-49D9-ABC0-948E6CB34B9F}\InprocServer32 -> C:\Users\RyanLaptop\AppData\Local\Google\Update\1.3.24.15\psuser_64.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-2937270282-1843250493-475737815-1009_Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\RyanLaptop\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2937270282-1843250493-475737815-1009_Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\RyanLaptop\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2937270282-1843250493-475737815-1009_Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\RyanLaptop\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2937270282-1843250493-475737815-1009_Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\RyanLaptop\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2937270282-1843250493-475737815-1009_Classes\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\RyanLaptop\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2937270282-1843250493-475737815-1009_Classes\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\RyanLaptop\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2937270282-1843250493-475737815-1009_Classes\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\RyanLaptop\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2937270282-1843250493-475737815-1009_Classes\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\RyanLaptop\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
 
==================== Restore Points  =========================
 
05-08-2014 22:06:51 Windows Update
06-08-2014 22:17:18 Windows Update
07-08-2014 22:22:18 Windows Update
09-08-2014 19:22:13 Configured Microsoft Flight Simulator X Demo
09-08-2014 23:37:39 Windows Update
11-08-2014 18:36:23 Installed Java 7 Update 67
11-08-2014 18:41:28 Windows Update
11-08-2014 18:43:25 Windows Update
11-08-2014 18:45:11 Windows Update
11-08-2014 18:50:45 Windows Update
12-08-2014 07:00:11 Windows Update
12-08-2014 18:08:10 Windows Update
 
==================== Hosts content: ==========================
 
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 
2009-07-13 22:34 - 2012-03-23 09:47 - 00003715 ____A C:\Windows\system32\Drivers\etc\hosts
127.0.0.1 activate.adobe.com
127.0.0.1 practivate.adobe.com
127.0.0.1 ereg.adobe.com
127.0.0.1 activate.wip3.adobe.com
127.0.0.1 wip3.adobe.com
127.0.0.1 3dns-3.adobe.com
127.0.0.1 3dns-2.adobe.com
127.0.0.1 adobe-dns.adobe.com
127.0.0.1 adobe-dns-2.adobe.com
127.0.0.1 adobe-dns-3.adobe.com
127.0.0.1 ereg.wip3.adobe.com
127.0.0.1 activate-sea.adobe.com
127.0.0.1 wwis-dubc1-vip60.adobe.com
127.0.0.1 activate-sjc0.adobe.com
127.0.0.1                               adobe.activate.com
127.0.0.1                               adobeereg.com                        
127.0.0.1                               www.adobeereg.com                    
127.0.0.1                               wwis-dubc1-vip60.adobe.com           
127.0.0.1                               125.252.224.90                       
127.0.0.1                               125.252.224.91
127.0.0.1                               hl2rcv.adobe.com
127.0.0.1 localhost
127.0.0.1 3dns.adobe.com 3dns-1.adobe.com 3dns-2.adobe.com 3dns-3.adobe.com 3dns-4.adobe.com activate.adobe.com activate-sea.adobe.com activate-sjc0.adobe.com activate.wip.adobe.com
127.0.0.1 activate.wip1.adobe.com activate.wip2.adobe.com activate.wip3.adobe.com activate.wip4.adobe.com adobe-dns.adobe.com adobe-dns-1.adobe.com adobe-dns-2.adobe.com adobe-dns-3.adobe.com adobe-dns-4.adobe.com
127.0.0.1 adobeereg.com practivate.adobe practivate.adobe.com practivate.adobe.newoa practivate.adobe.ntp practivate.adobe.ipp ereg.adobe.com ereg.wip.adobe.com ereg.wip1.adobe.com
127.0.0.1 ereg.wip2.adobe.com ereg.wip3.adobe.com ereg.wip4.adobe.com hl2rcv.adobe.com wip.adobe.com wip1.adobe.com wip2.adobe.com wip3.adobe.com wip4.adobe.com
127.0.0.1 www.adobeereg.com wwis-dubc1-vip60.adobe.com www.wip.adobe.com www.wip1.adobe.com
127.0.0.1 www.wip2.adobe.com www.wip3.adobe.com www.wip4.adobe.com wwis-dubc1-vip60.adobe.com crl.verisign.net CRL.VERISIGN.NET ood.opsource.net
127.0.0.1 activate.adobe.com
 
There are 23 more lines.
 
 
==================== Scheduled Tasks (whitelisted) =============
 
(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)
 
Task: {0BDDE661-2F3B-40B0-8072-18B15A3F779F} - System32\Tasks\Hewlett-Packard\HP Support Assistant\PC Health Analysis => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2012-09-27] (Hewlett-Packard Company)
Task: {1FE47086-C0DE-4F5B-AD14-520ED0CFA663} - System32\Tasks\HPCeeScheduleForRyanLaptop => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2010-09-13] (Hewlett-Packard)
Task: {29318E29-4588-453C-A656-9FF03BEF681C} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HPSFUpdaterRedux => C:\ProgramData\Hewlett-Packard\HP Support Framework\Resources\Updater7\HPSFUpdater.exe [2014-05-12] (Hewlett-Packard Company)
Task: {634A0DA2-07D8-41F4-AC1E-2B6A12AAC4BD} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Assistant Quick Start => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2012-09-27] (Hewlett-Packard Company)
Task: {A5A0D9A8-5D0D-4A77-8455-983B9835D9F6} - System32\Tasks\Norton WSC Integration => C:\Program Files (x86)\Norton Internet Security\Engine\21.4.0.13\WSCStub.exe [2014-06-26] (Symantec Corporation)
Task: {AEE3EF9E-470D-4A8E-A4D9-C9E15F6FB178} - System32\Tasks\Norton Internet Security\Norton Error Analyzer => C:\Program Files (x86)\Norton Internet Security\Engine\21.4.0.13\SymErr.exe [2014-01-30] (Symantec Corporation)
Task: {C2F6BA03-4E2B-4E88-83BC-1B41A1749872} - System32\Tasks\Norton Internet Security\Norton Error Processor => C:\Program Files (x86)\Norton Internet Security\Engine\21.4.0.13\SymErr.exe [2014-01-30] (Symantec Corporation)
Task: {C9978D16-92D6-4CDF-A901-AE2DF27B39D1} - System32\Tasks\Hewlett-Packard\HP Support Assistant\Update Check => C:\ProgramData\Hewlett-Packard\HP Support Framework\Resources\Updater7\HPSFUpdater.exe [2014-05-12] (Hewlett-Packard Company)
Task: {E8800741-9675-4806-B2A7-D5CA622BADDD} - System32\Tasks\Microsoft\Windows\WindowsBackup\AutomaticBackup => Rundll32.exe /d sdengin2.dll,ExecuteScheduledBackup
Task: C:\Windows\Tasks\HPCeeScheduleForRyanLaptop.job => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe
 
==================== Loaded Modules (whitelisted) =============
 
2011-09-27 22:49 - 2011-05-28 22:05 - 00164864 _____ () C:\Program Files\WinRAR\rarext.dll
2011-08-11 22:54 - 2011-10-26 03:45 - 00075136 _____ () C:\Windows\SysWOW64\PnkBstrA.exe
2011-08-14 20:56 - 2014-08-14 16:10 - 00017920 _____ () C:\Windows\System32\rpcnetp.exe
2013-01-22 15:50 - 2013-01-22 15:50 - 00098304 _____ () C:\Program Files (x86)\ATI Technologies\ATI.ACE\Branding\BrandingNet4.dll
2013-01-22 15:50 - 2013-01-22 15:50 - 00024576 _____ () C:\Program Files (x86)\ATI Technologies\ATI.ACE\Branding\BrandingResourcesNet4.dll
2014-06-12 16:35 - 2014-06-05 09:58 - 00716616 _____ () C:\Users\RyanLaptop\AppData\Local\Google\Chrome\Application\35.0.1916.153\libglesv2.dll
2014-06-12 16:35 - 2014-06-05 09:58 - 00126280 _____ () C:\Users\RyanLaptop\AppData\Local\Google\Chrome\Application\35.0.1916.153\libegl.dll
2014-06-12 16:35 - 2014-06-05 09:58 - 04217672 _____ () C:\Users\RyanLaptop\AppData\Local\Google\Chrome\Application\35.0.1916.153\pdf.dll
2014-06-12 16:35 - 2014-06-05 09:58 - 00414536 _____ () C:\Users\RyanLaptop\AppData\Local\Google\Chrome\Application\35.0.1916.153\ppGoogleNaClPluginChrome.dll
2014-06-12 16:35 - 2014-06-05 09:58 - 01732424 _____ () C:\Users\RyanLaptop\AppData\Local\Google\Chrome\Application\35.0.1916.153\ffmpegsumo.dll
 
==================== Alternate Data Streams (whitelisted) =========
 
(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)
 
 
==================== Safe Mode (whitelisted) ===================
 
(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
 
 
==================== EXE Association (whitelisted) =============
 
(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)
 
 
==================== MSCONFIG/TASK MANAGER disabled items =========
 
(Currently there is no automatic fix for this section.)
 
MSCONFIG\Services: AbsoluteNotifier => 2
MSCONFIG\Services: AdobeFlashPlayerUpdateSvc => 3
MSCONFIG\Services: AESTFilters => 2
MSCONFIG\Services: AgereModemAudio => 2
MSCONFIG\Services: AMD External Events Utility => 2
MSCONFIG\Services: Bonjour Service => 2
MSCONFIG\Services: HP Support Assistant Service => 2
MSCONFIG\Services: HPDrvMntSvc.exe => 2
MSCONFIG\Services: hpqwmiex => 3
MSCONFIG\Services: hpsrv => 2
MSCONFIG\Services: IDriverT => 3
MSCONFIG\Services: iPod Service => 3
MSCONFIG\Services: rpcnet => 2
MSCONFIG\Services: Steam Client Service => 3
MSCONFIG\Services: TeamViewer9 => 2
MSCONFIG\Services: vcsFPService => 2
MSCONFIG\startupreg: Absolute Notifier => "C:\Program Files (x86)\Absolute Software\Absolute Notifier\AbsoluteNotifier.exe"
MSCONFIG\startupreg: APSDaemon => "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
MSCONFIG\startupreg: Google Update => "C:\Users\RyanLaptop\AppData\Local\Google\Update\GoogleUpdate.exe" /c
MSCONFIG\startupreg: GrooveMonitor => "C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe"
MSCONFIG\startupreg: HP Software Update => C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe
MSCONFIG\startupreg: HydraVisionDesktopManager => "C:\Program Files (x86)\ATI Technologies\HydraVision\HydraDM.exe"
MSCONFIG\startupreg: iTunesHelper => "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
MSCONFIG\startupreg: Logitech Download Assistant => C:\Windows\system32\rundll32.exe C:\Windows\System32\LogiLDA.dll,LogiFetch
MSCONFIG\startupreg: LogMeIn Hamachi Ui => "C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe" --auto-start
MSCONFIG\startupreg: MFNetworkScanUtility => C:\Program Files\Canon\Canon MF Network Scan Utility\CNMFSUT6.EXE
MSCONFIG\startupreg: NCPluginUpdater => "C:\Program Files (x86)\Hewlett-Packard\HP Health Check\ActiveCheck\product_line\NCPluginUpdater.exe" Update
MSCONFIG\startupreg: NUSB3MON => "C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe"
MSCONFIG\startupreg: QuickTime Task => "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
MSCONFIG\startupreg: Sidebar => C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
MSCONFIG\startupreg: Steam => "C:\Program Files (x86)\Steam\Steam.exe" -silent
MSCONFIG\startupreg: SunJavaUpdateSched => "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
 
==================== Faulty Device Manager Devices =============
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (08/13/2014 01:50:48 PM) (Source: SideBySide) (EventID: 75) (User: )
Description: Activation context generation failed for "1".Error in manifest or policy file "2" on line 3.
Multiple requestedPrivileges elements are not allowed in manifest.
 
Error: (08/12/2014 02:09:23 PM) (Source: MsiInstaller) (EventID: 1013) (User: NT AUTHORITY)
Description: Product: Microsoft Visual Studio 2010 Tools for Office Runtime (x64) -- A later version of Microsoft Visual Studio 2010 Tools for Office Runtime (x64) is already installed.
 
Error: (08/12/2014 02:08:11 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: Cryptographic Services failed while processing the OnIdentity() call in the System Writer Object.
 
 
Details:
AddWin32ServiceFiles: Unable to back up image of service rpcnetp since QueryServiceConfig API failed
 
System Error:
The system cannot find the file specified.
.
 
Error: (08/12/2014 03:01:27 AM) (Source: MsiInstaller) (EventID: 1013) (User: NT AUTHORITY)
Description: Product: Microsoft Visual Studio 2010 Tools for Office Runtime (x64) -- A later version of Microsoft Visual Studio 2010 Tools for Office Runtime (x64) is already installed.
 
Error: (08/12/2014 03:00:13 AM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: Cryptographic Services failed while processing the OnIdentity() call in the System Writer Object.
 
 
Details:
AddWin32ServiceFiles: Unable to back up image of service rpcnetp since QueryServiceConfig API failed
 
System Error:
The system cannot find the file specified.
.
 
Error: (08/12/2014 01:10:31 AM) (Source: SideBySide) (EventID: 75) (User: )
Description: Activation context generation failed for "1".Error in manifest or policy file "2" on line 3.
Multiple requestedPrivileges elements are not allowed in manifest.
 
Error: (08/11/2014 02:50:46 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: Cryptographic Services failed while processing the OnIdentity() call in the System Writer Object.
 
 
Details:
AddWin32ServiceFiles: Unable to back up image of service rpcnetp since QueryServiceConfig API failed
 
System Error:
The system cannot find the file specified.
.
 
Error: (08/11/2014 02:46:24 PM) (Source: MsiInstaller) (EventID: 1013) (User: RyanLaptop-PC)
Description: Product: Microsoft Visual Studio 2010 Tools for Office Runtime (x64) -- A later version of Microsoft Visual Studio 2010 Tools for Office Runtime (x64) is already installed.
 
Error: (08/11/2014 02:45:12 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: Cryptographic Services failed while processing the OnIdentity() call in the System Writer Object.
 
 
Details:
AddWin32ServiceFiles: Unable to back up image of service rpcnetp since QueryServiceConfig API failed
 
System Error:
The system cannot find the file specified.
.
 
Error: (08/11/2014 02:44:32 PM) (Source: MsiInstaller) (EventID: 1013) (User: RyanLaptop-PC)
Description: Product: Microsoft Visual Studio 2010 Tools for Office Runtime (x64) -- A later version of Microsoft Visual Studio 2010 Tools for Office Runtime (x64) is already installed.
 
 
System errors:
=============
Error: (08/14/2014 04:12:25 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: application-specificLocalLaunch{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}{344ED43D-D086-4961-86A6-1106F4ACAD9B}NT AUTHORITYSYSTEMS-1-5-18LocalHost (Using LRPC)
 
Error: (08/13/2014 11:17:23 AM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: application-specificLocalLaunch{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}{344ED43D-D086-4961-86A6-1106F4ACAD9B}NT AUTHORITYSYSTEMS-1-5-18LocalHost (Using LRPC)
 
Error: (08/12/2014 05:22:26 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: application-specificLocalLaunch{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}{344ED43D-D086-4961-86A6-1106F4ACAD9B}NT AUTHORITYSYSTEMS-1-5-18LocalHost (Using LRPC)
 
Error: (08/12/2014 02:09:25 PM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT AUTHORITY)
Description: Installation Failure: Windows failed to install the following update with error 0x80070643: Update for Microsoft Visual Studio 2010 Tools for Office Runtime (KB2796590).
 
Error: (08/12/2014 03:02:20 AM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT AUTHORITY)
Description: Installation Failure: Windows failed to install the following update with error 0x80070643: Update for Microsoft Visual Studio 2010 Tools for Office Runtime (KB2796590).
 
Error: (08/11/2014 04:09:17 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: application-specificLocalLaunch{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}{344ED43D-D086-4961-86A6-1106F4ACAD9B}NT AUTHORITYSYSTEMS-1-5-18LocalHost (Using LRPC)
 
Error: (08/11/2014 03:48:27 PM) (Source: Service Control Manager) (EventID: 7030) (User: )
Description: The NPEService service is marked as an interactive service.  However, the system is configured to not allow interactive services.  This service may not function properly.
 
Error: (08/11/2014 03:43:25 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: application-specificLocalLaunch{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}{344ED43D-D086-4961-86A6-1106F4ACAD9B}NT AUTHORITYSYSTEMS-1-5-18LocalHost (Using LRPC)
 
Error: (08/11/2014 02:53:06 PM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT AUTHORITY)
Description: Installation Failure: Windows failed to install the following update with error 0x800f020b: Synaptics - Other hardware, Pointing Drawing - Synaptics PS/2 Port TouchPad.
 
Error: (08/11/2014 02:53:01 PM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT AUTHORITY)
Description: Installation Failure: Windows failed to install the following update with error 0x800f020b: Intel - Network, Other hardware - Intel® 82579LM Gigabit Network Connection.
 
 
Microsoft Office Sessions:
=========================
 
==================== Memory info =========================== 
 
Processor: Intel® Core™ i5-2540M CPU @ 2.60GHz
Percentage of memory in use: 31%
Total physical RAM: 8142.36 MB
Available physical RAM: 5602.96 MB
Total Pagefile: 16282.9 MB
Available Pagefile: 13431.71 MB
Total Virtual: 8192 MB
Available Virtual: 8191.83 MB
 
==================== Drives ================================
 
Drive c: () (Fixed) (Total:294.29 GB) (Free:33.84 GB) NTFS
Drive d: (HP_TOOLS) (Fixed) (Total:3.24 GB) (Free:3.23 GB) FAT32
Drive e: (XPLANE10) (CDROM) (Total:7.15 GB) (Free:0 GB) CDFS
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 298 GB) (Disk ID: 2BD2C32A)
Partition 1: (Not Active) - (Size=294 GB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=3 GB) - (Type=0C)
Partition 3: (Active) - (Size=562 MB) - (Type=07 NTFS)
 
==================== End Of Log ============================


#4 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:08:33 AM

Posted 15 August 2014 - 03:39 AM



Hello Garavar

These are the programs I would like you to run next, if you have any problems with one of these just skip it and move on to the next one.

-AdwCleaner-

Please download AdwCleaner by Xplode onto your desktop.
  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click on Scan.
  • After the scan is complete click on "Clean"
  • Confirm each time with Ok.
  • Your computer will be rebooted automatically. A text file will open after the restart.
  • Please post the content of that logfile with your next answer.
  • You can find the logfile at C:\AdwCleaner[S1].txt as well.
-Junkware-Removal-Tool-

Please download Junkware Removal Tool to your desktop.
  • Shut down your protection software now to avoid potential conflicts.
  • Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete depending on your system's specifications.
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • Post the contents of JRT.txt into your next message.
When they are complete let me have the two reports and let me know how things are running.

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#5 Garavar

Garavar
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:08:33 AM

Posted 15 August 2014 - 10:41 AM

# AdwCleaner v3.305 - Report created 15/08/2014 at 11:29:20
# Updated 14/08/2014 by Xplode
# Operating System : Windows 7 Professional Service Pack 1 (64 bits)
# Username : RyanLaptop - RYANLAPTOP-PC
# Running from : C:\Users\RyanLaptop\Downloads\AdwCleaner.exe
# Option : Scan
 
***** [ Services ] *****
 
 
***** [ Files / Folders ] *****
 
Folder Found : C:\Program Files (x86)\Conduit
Folder Found : C:\Users\RyanLaptop\AppData\Local\Max Secure Software
Folder Found : C:\Users\RyanLaptop\AppData\LocalLow\Conduit
 
***** [ Scheduled Tasks ] *****
 
 
***** [ Shortcuts ] *****
 
 
***** [ Registry ] *****
 
Key Found : HKCU\Software\AppDataLow\Software\Conduit
Key Found : HKCU\Software\AppDataLow\Software\SmartBar
Key Found : HKCU\Software\YahooPartnerToolbar
Key Found : [x64] HKCU\Software\YahooPartnerToolbar
Key Found : HKLM\Software\Conduit
Key Found : HKLM\SOFTWARE\Google\Chrome\Extensions\bejbohlohkkgompgecdcbbglkpjfjgdj
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{74F475FA-6C75-43BD-AAB9-ECDA6184F600}
 
***** [ Browsers ] *****
 
-\\ Internet Explorer v11.0.9600.17239
 
 
-\\ Google Chrome v
 
[ File : C:\Users\RyanLaptop\AppData\Local\Google\Chrome\User Data\Default\preferences ]
 
Found [Search Provider] : hxxp://search.aol.com/aol/search?query={searchTerms}
Found [Search Provider] : hxxp://www.ask.com/web?q={searchTerms}
 
*************************
 
AdwCleaner[R0].txt - [1438 octets] - [15/08/2014 11:29:20]
 
########## EOF - C:\AdwCleaner\AdwCleaner[R0].txt - [1498 octets] ##########


#6 Garavar

Garavar
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:08:33 AM

Posted 15 August 2014 - 11:14 AM

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.1.4 (04.06.2014:1)
OS: Windows 7 Professional x64
Ran by RyanLaptop on Fri 08/15/2014 at 11:43:41.80
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 
 
 
 
~~~ Services
 
 
 
~~~ Registry Values
 
 
 
~~~ Registry Keys
 
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\yahoopartnertoolbar
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\AppDataLow\software\conduit
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\AppDataLow\software\smartbar
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\AppDataLow\software\utorrentbar
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\conduit
 
 
 
~~~ Files
 
 
 
~~~ Folders
 
Successfully deleted: [Folder] "C:\Users\RyanLaptop\AppData\Roaming\getrighttogo"
Successfully deleted: [Folder] "C:\Users\RyanLaptop\appdata\locallow\conduit"
Successfully deleted: [Folder] "C:\Users\RyanLaptop\appdata\locallow\utorrentbar"
Successfully deleted: [Folder] "C:\Program Files (x86)\conduit"
Successfully deleted: [Empty Folder] C:\Users\RyanLaptop\appdata\local\{0001C9D1-E78E-4793-8C0A-9B98438ED6B6}
Successfully deleted: [Empty Folder] C:\Users\RyanLaptop\appdata\local\{00721BA6-03CF-4848-8F04-087A6D307029}
Successfully deleted: [Empty Folder] C:\Users\RyanLaptop\appdata\local\{00B02B49-DBCD-41D9-8BCB-C2969C214541}
Successfully deleted: [Empty Folder] C:\Users\RyanLaptop\appdata\local\{029D33CF-3CFE-464B-8723-3ABFF4066A8C}
Successfully deleted: [Empty Folder] C:\Users\RyanLaptop\appdata\local\{02F43014-4CFB-460E-8BA9-749B94AAC8A0}
Successfully deleted: [Empty Folder] C:\Users\RyanLaptop\appdata\local\{0423DBD2-CF12-4C35-AA1B-0736C36E3E69}
Successfully deleted: [Empty Folder] C:\Users\RyanLaptop\appdata\local\{054A6DF4-C0BA-4B9B-862D-6869D2C022FE}
Successfully deleted: [Empty Folder] C:\Users\RyanLaptop\appdata\local\{059A7E3A-4795-48ED-ACA2-9A12BC0A75E0}
Successfully deleted: [Empty Folder] C:\Users\RyanLaptop\appdata\local\{0685E9E5-64BF-43DC-B2D1-09223CBA59AD}
Successfully deleted: [Empty Folder] C:\Users\RyanLaptop\appdata\local\{06941B56-7BC2-401B-8AB3-96AE1FB37439}
Successfully deleted: [Empty Folder] C:\Users\RyanLaptop\appdata\local\{07E0C4A2-0ABD-4DB6-9155-D8961533327B}
Successfully deleted: [Empty Folder] C:\Users\RyanLaptop\appdata\local\{094447F2-A93A-4520-B471-0C41F9899325}
Successfully deleted: [Empty Folder] C:\Users\RyanLaptop\appdata\local\{0A37AC88-FFA0-4D7C-8B88-C0B3BD6DC5FC}
Successfully deleted: [Empty Folder] C:\Users\RyanLaptop\appdata\local\{0A87E3E5-374B-482B-BA57-F243611A9811}
Successfully deleted: [Empty Folder] C:\Users\RyanLaptop\appdata\local\{0B43ED64-15AF-465F-A775-5973D5DC280A}
Successfully deleted: [Empty Folder] C:\Users\RyanLaptop\appdata\local\{0B6AD3FC-5E87-4010-91AE-2575D1750AA0}
Successfully deleted: [Empty Folder] C:\Users\RyanLaptop\appdata\local\{0CDE12B9-0AA1-40F5-9900-7EC76EC25751}
Successfully deleted: [Empty Folder] C:\Users\RyanLaptop\appdata\local\{0D40409E-12F2-42D4-B14F-D0950EBDB63C}
Successfully deleted: [Empty Folder] C:\Users\RyanLaptop\appdata\local\{0DBC59BD-1E0D-47E2-B865-10580BE3CFA6}
Successfully deleted: [Empty Folder] C:\Users\RyanLaptop\appdata\local\{0DE51AD9-A7D8-4B2C-B821-484D3D360599}
Successfully deleted: [Empty Folder] C:\Users\RyanLaptop\appdata\local\{101C248F-3902-4DD8-B2EE-B55CA906314F}
Successfully deleted: [Empty Folder] C:\Users\RyanLaptop\appdata\local\{107D2BBF-FE84-4553-9CFF-5EDD900DAB46}
Successfully deleted: [Empty Folder] C:\Users\RyanLaptop\appdata\local\{10ECB1F9-DAEF-4368-B83E-C89EE981B91F}
Successfully deleted: [Empty Folder] C:\Users\RyanLaptop\appdata\local\{115D1761-4A90-4810-9D04-73EB096323E5}
Successfully deleted: [Empty Folder] C:\Users\RyanLaptop\appdata\local\{11ACCBFE-CED1-4321-B02B-1753F2B13FA0}
Successfully deleted: [Empty Folder] C:\Users\RyanLaptop\appdata\local\{1454412B-E41D-47D8-AB78-B0248AC6477E}
Successfully deleted: [Empty Folder] C:\Users\RyanLaptop\appdata\local\{15C1DC8C-4F78-4AFA-9242-DC66D9E29E2D}
Successfully deleted: [Empty Folder] C:\Users\RyanLaptop\appdata\local\{160A1D5C-9155-48B5-88DB-264F97714464}
Successfully deleted: [Empty Folder] C:\Users\RyanLaptop\appdata\local\{168649EC-999A-45B8-A7EF-5AB533D56191}
Successfully deleted: [Empty Folder] C:\Users\RyanLaptop\appdata\local\{1696A266-F8B1-4C03-A004-F57F02000E14}
Successfully deleted: [Empty Folder] C:\Users\RyanLaptop\appdata\local\{16D37695-BBD7-429F-B4A2-113568CB2400}
Successfully deleted: [Empty Folder] C:\Users\RyanLaptop\appdata\local\{18681DE8-F49D-4529-92B8-20B27A5134C7}
Successfully deleted: [Empty Folder] C:\Users\RyanLaptop\appdata\local\{19469FC1-7B6D-4D41-BAD6-EFD3DE43A55E}
Successfully deleted: [Empty Folder] C:\Users\RyanLaptop\appdata\local\{1A8225EB-ED33-4CCC-8E98-0DFA2737A921}
Successfully deleted: [Empty Folder] C:\Users\RyanLaptop\appdata\local\{1B1365A5-987F-4B7D-9502-FF3E7BFBAEE2}
Successfully deleted: [Empty Folder] C:\Users\RyanLaptop\appdata\local\{1B1F9D59-17C4-4E34-8DFC-2C6C9526343C}
Successfully deleted: [Empty Folder] C:\Users\RyanLaptop\appdata\local\{1E0ADD22-D411-4310-89C5-930CA399D1A7}
Successfully deleted: [Empty Folder] C:\Users\RyanLaptop\appdata\local\{21F1FDDA-885E-4318-BE3C-74DD47A21208}
Successfully deleted: [Empty Folder] C:\Users\RyanLaptop\appdata\local\{223D5C57-1D55-46C8-B5E8-489CA611255A}
Successfully deleted: [Empty Folder] C:\Users\RyanLaptop\appdata\local\{2245CADC-B1DB-4C59-8BE8-AA5A3C6D07AB}
Successfully deleted: [Empty Folder] C:\Users\RyanLaptop\appdata\local\{2440BE4F-1942-40DF-BE87-E757A4ACD730}
Successfully deleted: [Empty Folder] C:\Users\RyanLaptop\appdata\local\{2774EFB7-0EC5-4C82-ADA5-7EAEB935C384}
Successfully deleted: [Empty Folder] C:\Users\RyanLaptop\appdata\local\{27839009-741B-4B8A-9791-57097BAF8208}
Successfully deleted: [Empty Folder] C:\Users\RyanLaptop\appdata\local\{2E2780E9-087A-45E8-BACE-D083D7DBA675}
Successfully deleted: [Empty Folder] C:\Users\RyanLaptop\appdata\local\{30411984-D28F-428A-9C05-A63B01E2FC06}
Successfully deleted: [Empty Folder] C:\Users\RyanLaptop\appdata\local\{3221613C-0733-4CDD-9168-EFC2B8CBA2EE}
Successfully deleted: [Empty Folder] C:\Users\RyanLaptop\appdata\local\{37330506-F9B6-40AE-B423-AB9D6446B8D2}
Successfully deleted: [Empty Folder] C:\Users\RyanLaptop\appdata\local\{37599CCE-3042-46A5-B4C0-D02B1BC24E8D}
Successfully deleted: [Empty Folder] C:\Users\RyanLaptop\appdata\local\{38CE89F5-3435-42C1-8EBD-663BD82CD2B3}
Successfully deleted: [Empty Folder] C:\Users\RyanLaptop\appdata\local\{3A30591F-B53D-45F1-8D4A-16D1CB1F1DF9}
Successfully deleted: [Empty Folder] C:\Users\RyanLaptop\appdata\local\{3B7BB44D-5BC0-4257-BD2B-5F86DE24ABC0}
Successfully deleted: [Empty Folder] C:\Users\RyanLaptop\appdata\local\{3BBB6234-AF25-4A13-A337-51FF7CCA3789}
Successfully deleted: [Empty Folder] C:\Users\RyanLaptop\appdata\local\{3BBFD003-6D1C-439C-B578-CC9184516FCD}
Successfully deleted: [Empty Folder] C:\Users\RyanLaptop\appdata\local\{3C79616E-9620-4252-B14C-D101934CC5D9}
Successfully deleted: [Empty Folder] C:\Users\RyanLaptop\appdata\local\{3EAF1328-ADBC-45DA-BF92-25D4E714D21D}
Successfully deleted: [Empty Folder] C:\Users\RyanLaptop\appdata\local\{3F61ED61-51F8-49A1-B19D-C36A5352CE14}
Successfully deleted: [Empty Folder] C:\Users\RyanLaptop\appdata\local\{40D3218F-B941-4D17-92AF-FDC7C59666BA}
Successfully deleted: [Empty Folder] C:\Users\RyanLaptop\appdata\local\{4167CEF5-4ABE-4E8F-BB7A-390256BCEE2F}
Successfully deleted: [Empty Folder] C:\Users\RyanLaptop\appdata\local\{4192B7EA-0FA0-45E9-A026-C413A430155F}
Successfully deleted: [Empty Folder] C:\Users\RyanLaptop\appdata\local\{44889B11-1EC4-4101-9D6C-5A03EC30E26B}
Successfully deleted: [Empty Folder] C:\Users\RyanLaptop\appdata\local\{45B753A4-19F3-491D-A1FD-3F08D6C2E4A3}
Successfully deleted: [Empty Folder] C:\Users\RyanLaptop\appdata\local\{461A4202-8039-4E30-A483-0753B73A71D5}
Successfully deleted: [Empty Folder] C:\Users\RyanLaptop\appdata\local\{4631A563-48DE-403B-8473-F87573C466C4}
Successfully deleted: [Empty Folder] C:\Users\RyanLaptop\appdata\local\{481CBFAF-BA29-4256-9416-16FC2078A351}
Successfully deleted: [Empty Folder] C:\Users\RyanLaptop\appdata\local\{4881B6E6-B807-4A87-BFA7-F7163B868196}
Successfully deleted: [Empty Folder] C:\Users\RyanLaptop\appdata\local\{48A28E4A-E4F2-4298-B58B-68D7B2E8D25B}
Successfully deleted: [Empty Folder] C:\Users\RyanLaptop\appdata\local\{4AAFC82A-A49C-4D68-96BA-012B8C313D5D}
Successfully deleted: [Empty Folder] C:\Users\RyanLaptop\appdata\local\{4BC39021-D3DE-4A9C-8C75-5AF72BB36BB8}
Successfully deleted: [Empty Folder] C:\Users\RyanLaptop\appdata\local\{4C61103B-7AFE-428D-B4D5-9CF3E274F812}
Successfully deleted: [Empty Folder] C:\Users\RyanLaptop\appdata\local\{4CD8ED98-AB99-4E1E-9E14-84208379FA1B}
Successfully deleted: [Empty Folder] C:\Users\RyanLaptop\appdata\local\{4CFC3441-F38A-41B5-B682-30F73A6BC8BB}
Successfully deleted: [Empty Folder] C:\Users\RyanLaptop\appdata\local\{4E2AD55C-2D7B-4D6A-9BCA-6F53FB6A4BEA}
Successfully deleted: [Empty Folder] C:\Users\RyanLaptop\appdata\local\{4E79A402-A45C-4746-AE47-36A7EAF016E3}
Successfully deleted: [Empty Folder] C:\Users\RyanLaptop\appdata\local\{4EA0B836-4055-4DF2-883F-3DB31352E25A}
Successfully deleted: [Empty Folder] C:\Users\RyanLaptop\appdata\local\{4EAFE12B-CEB2-439B-A1F4-05EEBA1C5A1C}
Successfully deleted: [Empty Folder] C:\Users\RyanLaptop\appdata\local\{514E88D9-413A-4934-9692-28C1C359EC83}
Successfully deleted: [Empty Folder] C:\Users\RyanLaptop\appdata\local\{515FF3D2-E400-4327-930B-654600A45344}
Successfully deleted: [Empty Folder] C:\Users\RyanLaptop\appdata\local\{5197CA46-66C6-4300-BF8C-F6C1D7C50C16}
Successfully deleted: [Empty Folder] C:\Users\RyanLaptop\appdata\local\{51CC9F34-0732-4188-A1E9-34331CFE2397}
Successfully deleted: [Empty Folder] C:\Users\RyanLaptop\appdata\local\{52E313D2-B016-47BF-B1A2-608C9EC65CB6}
Successfully deleted: [Empty Folder] C:\Users\RyanLaptop\appdata\local\{54C13878-DE4E-411B-BFBA-7CE08C697DA3}
Successfully deleted: [Empty Folder] C:\Users\RyanLaptop\appdata\local\{560044E1-EA0D-4AB7-A2AA-4A3744066042}
Successfully deleted: [Empty Folder] C:\Users\RyanLaptop\appdata\local\{5735DBB6-8145-4316-83EA-25A57E76E25F}
Successfully deleted: [Empty Folder] C:\Users\RyanLaptop\appdata\local\{58DF8355-20D2-4AA2-A5A8-81CCE896EF8C}
Successfully deleted: [Empty Folder] C:\Users\RyanLaptop\appdata\local\{5953E775-998A-4CC9-9142-F304AB4F1E10}
Successfully deleted: [Empty Folder] C:\Users\RyanLaptop\appdata\local\{5A360015-5935-457D-BE47-EE2531C53CD4}
Successfully deleted: [Empty Folder] C:\Users\RyanLaptop\appdata\local\{5BF597BD-AF76-4310-B539-3C827C0D9883}
Successfully deleted: [Empty Folder] C:\Users\RyanLaptop\appdata\local\{5C72A4A1-AD19-4618-B20A-5786A6799E83}
Successfully deleted: [Empty Folder] C:\Users\RyanLaptop\appdata\local\{5C950330-B03A-4F52-A5A9-0AB91245483D}
Successfully deleted: [Empty Folder] C:\Users\RyanLaptop\appdata\local\{5CAA4D7C-3B17-44C7-9AA5-B3D0076B25E9}
Successfully deleted: [Empty Folder] C:\Users\RyanLaptop\appdata\local\{5E846F99-1170-42A1-BD9D-6F5B9219165D}
Successfully deleted: [Empty Folder] C:\Users\RyanLaptop\appdata\local\{613B1E34-8E18-4106-89B1-2ED92291E247}
Successfully deleted: [Empty Folder] C:\Users\RyanLaptop\appdata\local\{6274DC3F-6CE0-4627-9F7B-F8C177A08B57}
Successfully deleted: [Empty Folder] C:\Users\RyanLaptop\appdata\local\{62F0F9F4-AB78-448A-B2F8-1F95505A9E84}
Successfully deleted: [Empty Folder] C:\Users\RyanLaptop\appdata\local\{632AEFE0-55FB-4B0C-9C75-4D216AF98C19}
Successfully deleted: [Empty Folder] C:\Users\RyanLaptop\appdata\local\{647065FB-DB42-494A-A8CF-06155D63320A}
Successfully deleted: [Empty Folder] C:\Users\RyanLaptop\appdata\local\{64DA5F1F-8715-4F81-A5F2-2550B0344986}
Successfully deleted: [Empty Folder] C:\Users\RyanLaptop\appdata\local\{6586C8DE-332D-451B-9226-14907191A345}
Successfully deleted: [Empty Folder] C:\Users\RyanLaptop\appdata\local\{65B68E29-FE5A-4703-B2CE-BA8AFE351371}
Successfully deleted: [Empty Folder] C:\Users\RyanLaptop\appdata\local\{679FF84A-0FF0-4E65-A55D-C52396B7FFCC}
Successfully deleted: [Empty Folder] C:\Users\RyanLaptop\appdata\local\{6882A068-EC6D-4DE7-918E-045ACF251F3E}
Successfully deleted: [Empty Folder] C:\Users\RyanLaptop\appdata\local\{696A006D-4303-405C-8119-1DABA5158C31}
Successfully deleted: [Empty Folder] C:\Users\RyanLaptop\appdata\local\{699C841D-1F57-4111-AFF1-C6AEB9A926E2}
Successfully deleted: [Empty Folder] C:\Users\RyanLaptop\appdata\local\{6B5E4222-A20C-4BC1-9C4B-58BE21044DAA}
Successfully deleted: [Empty Folder] C:\Users\RyanLaptop\appdata\local\{6BEEA12F-DBCB-4E0F-B1C1-0C0B7D1277A2}
Successfully deleted: [Empty Folder] C:\Users\RyanLaptop\appdata\local\{6CFEBD63-07BF-4B38-B84B-B92E0439F663}
Successfully deleted: [Empty Folder] C:\Users\RyanLaptop\appdata\local\{6E3DFABC-FDE7-4540-89DF-7C37C0DF90D1}
Successfully deleted: [Empty Folder] C:\Users\RyanLaptop\appdata\local\{6EAA4D22-A919-4032-B3E9-5A8FA3ACFFD8}
Successfully deleted: [Empty Folder] C:\Users\RyanLaptop\appdata\local\{6F48514A-BAB1-492A-B3E5-2F6A465D0D65}
Successfully deleted: [Empty Folder] C:\Users\RyanLaptop\appdata\local\{70F30462-02E2-4F03-9D5B-4C69221AD7F3}
Successfully deleted: [Empty Folder] C:\Users\RyanLaptop\appdata\local\{713E3FE0-DACD-4106-B3CF-37B46CB302C1}
Successfully deleted: [Empty Folder] C:\Users\RyanLaptop\appdata\local\{7293B8F0-37F9-47FC-B60F-376781DB0736}
Successfully deleted: [Empty Folder] C:\Users\RyanLaptop\appdata\local\{73D15D40-4CF3-43B3-84AE-3C39DA41AA37}
Successfully deleted: [Empty Folder] C:\Users\RyanLaptop\appdata\local\{73F17DDF-4D4B-4D3C-B849-4FED70BDCBCA}
Successfully deleted: [Empty Folder] C:\Users\RyanLaptop\appdata\local\{741E2FE1-E0F9-4EFF-9784-5D5865326654}
Successfully deleted: [Empty Folder] C:\Users\RyanLaptop\appdata\local\{745B07E8-87C9-413C-9F3F-5F5DB950499F}
Successfully deleted: [Empty Folder] C:\Users\RyanLaptop\appdata\local\{74831E79-8BAA-4EF3-B454-F980F6E1B22C}
Successfully deleted: [Empty Folder] C:\Users\RyanLaptop\appdata\local\{74A85032-5805-48FA-86C7-675A26BA2B9D}
Successfully deleted: [Empty Folder] C:\Users\RyanLaptop\appdata\local\{7578D73F-16D1-4F9A-94E4-242F60D1F318}
Successfully deleted: [Empty Folder] C:\Users\RyanLaptop\appdata\local\{75B6A042-992C-4B39-A0E2-C79E02B34831}
Successfully deleted: [Empty Folder] C:\Users\RyanLaptop\appdata\local\{76F67FC0-CE49-4A3E-85E1-07EB887EBB5F}
Successfully deleted: [Empty Folder] C:\Users\RyanLaptop\appdata\local\{77F4D6CB-CCDC-4FC1-AAB7-93BE5EEBED8B}
Successfully deleted: [Empty Folder] C:\Users\RyanLaptop\appdata\local\{7CB0DBD1-14AF-4167-84A9-232289543F1E}
Successfully deleted: [Empty Folder] C:\Users\RyanLaptop\appdata\local\{7D2A272F-4306-4318-B848-55FAF3B7E993}
Successfully deleted: [Empty Folder] C:\Users\RyanLaptop\appdata\local\{7E3597B1-85B4-4EC4-8B4F-B3AB004A7D7B}
Successfully deleted: [Empty Folder] C:\Users\RyanLaptop\appdata\local\{7E376F89-F4A3-4767-AD6E-5445A1DE6E70}
Successfully deleted: [Empty Folder] C:\Users\RyanLaptop\appdata\local\{7F4A16A9-762F-4CD1-81FA-B4FD893A597A}
Successfully deleted: [Empty Folder] C:\Users\RyanLaptop\appdata\local\{7FE25F49-AF4D-42A7-AF5D-C71FA292ED53}
Successfully deleted: [Empty Folder] C:\Users\RyanLaptop\appdata\local\{817F093C-8140-4AF3-992F-7D3524B92887}
Successfully deleted: [Empty Folder] C:\Users\RyanLaptop\appdata\local\{81EA69B3-C67B-4257-904B-DF95F90621A3}
Successfully deleted: [Empty Folder] C:\Users\RyanLaptop\appdata\local\{82A6B4CE-142F-4402-8D6F-ACB30D0A6361}
Successfully deleted: [Empty Folder] C:\Users\RyanLaptop\appdata\local\{832A26DA-70B2-4A34-9423-04186A7641E3}
Successfully deleted: [Empty Folder] C:\Users\RyanLaptop\appdata\local\{838C5A67-9683-48BB-8648-C8CB816A036E}
Successfully deleted: [Empty Folder] C:\Users\RyanLaptop\appdata\local\{83E434C9-C504-447E-A108-8BBD658C3A75}
Successfully deleted: [Empty Folder] C:\Users\RyanLaptop\appdata\local\{846929A3-3FBF-416C-A2E1-ADF839EFE56D}
Successfully deleted: [Empty Folder] C:\Users\RyanLaptop\appdata\local\{8652B993-F2E5-4AE5-AB61-76C009F455DB}
Successfully deleted: [Empty Folder] C:\Users\RyanLaptop\appdata\local\{868D28C1-20A7-4248-AA31-C9F2A00C41C0}
Successfully deleted: [Empty Folder] C:\Users\RyanLaptop\appdata\local\{869276D2-FA84-4933-A77B-3C704560A5AF}
Successfully deleted: [Empty Folder] C:\Users\RyanLaptop\appdata\local\{870F3031-BDCB-4173-8DFC-05CCCBF69386}
Successfully deleted: [Empty Folder] C:\Users\RyanLaptop\appdata\local\{880A1EC9-3800-4944-9D50-CCA44539D09D}
Successfully deleted: [Empty Folder] C:\Users\RyanLaptop\appdata\local\{8873BD11-54C3-4441-8919-B54DAB3DAF11}
Successfully deleted: [Empty Folder] C:\Users\RyanLaptop\appdata\local\{894F4269-DEF4-4C67-89D1-505D2AEFF91E}
Successfully deleted: [Empty Folder] C:\Users\RyanLaptop\appdata\local\{8ABD1643-C04E-4595-BA7B-F4EB95FDB30D}
Successfully deleted: [Empty Folder] C:\Users\RyanLaptop\appdata\local\{8B37AD14-64EC-4F79-954D-F6B082466106}
Successfully deleted: [Empty Folder] C:\Users\RyanLaptop\appdata\local\{8C8283CF-1239-42B7-B6BC-913269699EC9}
Successfully deleted: [Empty Folder] C:\Users\RyanLaptop\appdata\local\{8D7ED084-AEAF-49D3-A1F5-A16F819E483C}
Successfully deleted: [Empty Folder] C:\Users\RyanLaptop\appdata\local\{8F0CC9BD-7461-4596-B5A5-86C1268123B3}
Successfully deleted: [Empty Folder] C:\Users\RyanLaptop\appdata\local\{910D6889-B16C-4CE4-B981-C286C71C0D64}
Successfully deleted: [Empty Folder] C:\Users\RyanLaptop\appdata\local\{91B0F56E-2216-488B-8871-27D692EB1BA1}
Successfully deleted: [Empty Folder] C:\Users\RyanLaptop\appdata\local\{93476129-04C4-479C-8D88-1A61985854BB}
Successfully deleted: [Empty Folder] C:\Users\RyanLaptop\appdata\local\{9371AAB3-9A1E-4587-B259-D96358B37BAF}
Successfully deleted: [Empty Folder] C:\Users\RyanLaptop\appdata\local\{941130A4-1729-4D94-AC44-663DC32ED27F}
Successfully deleted: [Empty Folder] C:\Users\RyanLaptop\appdata\local\{94BBDF42-AA6F-42E9-81A2-9A5C72E864A9}
Successfully deleted: [Empty Folder] C:\Users\RyanLaptop\appdata\local\{94EA6AD9-D080-4E7B-A596-C71CE9551E96}
Successfully deleted: [Empty Folder] C:\Users\RyanLaptop\appdata\local\{957D13F2-14F3-419D-9935-367FED11765C}
Successfully deleted: [Empty Folder] C:\Users\RyanLaptop\appdata\local\{973B3413-2F91-4283-8BD5-747753BE33D2}
Successfully deleted: [Empty Folder] C:\Users\RyanLaptop\appdata\local\{985E2A5F-E96F-4A5E-A24A-5414B356320F}
Successfully deleted: [Empty Folder] C:\Users\RyanLaptop\appdata\local\{99AAFD37-6DE6-4AA8-8186-F83978AC960F}
Successfully deleted: [Empty Folder] C:\Users\RyanLaptop\appdata\local\{9AE557D5-6268-4D8D-8EE6-37DF642736C5}
Successfully deleted: [Empty Folder] C:\Users\RyanLaptop\appdata\local\{9D0755BA-EDA9-4592-9330-269F785BAC60}
Successfully deleted: [Empty Folder] C:\Users\RyanLaptop\appdata\local\{9D4A7663-0A6E-4681-8046-9F0D4257108A}
Successfully deleted: [Empty Folder] C:\Users\RyanLaptop\appdata\local\{A01B6E80-9DDD-4DF5-B56B-A8C7AF273DBD}
Successfully deleted: [Empty Folder] C:\Users\RyanLaptop\appdata\local\{A1ECE1D8-AF26-4A93-A768-7C02AF479607}
Successfully deleted: [Empty Folder] C:\Users\RyanLaptop\appdata\local\{A2CEC63A-2B2D-49BB-B036-7F1EE8710ABD}
Successfully deleted: [Empty Folder] C:\Users\RyanLaptop\appdata\local\{A2D02E65-D10D-48AB-94FF-C34F45E3A62D}
Successfully deleted: [Empty Folder] C:\Users\RyanLaptop\appdata\local\{A2D15A39-D37D-4F87-A784-1B80BD4AFE53}
Successfully deleted: [Empty Folder] C:\Users\RyanLaptop\appdata\local\{A38B6D26-9FE4-44F2-926D-4714791A18A4}
Successfully deleted: [Empty Folder] C:\Users\RyanLaptop\appdata\local\{A48C3C72-5BBF-4F18-90FB-B5A9BE3CAEF0}
Successfully deleted: [Empty Folder] C:\Users\RyanLaptop\appdata\local\{A50448A9-C2C5-44CA-816E-AB30D6DDB85D}
Successfully deleted: [Empty Folder] C:\Users\RyanLaptop\appdata\local\{A5FD4E02-539C-4A73-BB28-192A3EECB150}
Successfully deleted: [Empty Folder] C:\Users\RyanLaptop\appdata\local\{A7205060-C4A4-4E9D-83CD-65129A7C0BCE}
Successfully deleted: [Empty Folder] C:\Users\RyanLaptop\appdata\local\{A89BEE30-A3BA-4CA1-9153-ADBFF8AFC70A}
Successfully deleted: [Empty Folder] C:\Users\RyanLaptop\appdata\local\{A9A4895C-BBFC-4D63-B9FB-6F98AC41A254}
Successfully deleted: [Empty Folder] C:\Users\RyanLaptop\appdata\local\{AACA9E26-560B-4776-99DB-DE5549EDCFC9}
Successfully deleted: [Empty Folder] C:\Users\RyanLaptop\appdata\local\{AB326580-8E6D-484D-8DE0-4E9435E59FFC}
Successfully deleted: [Empty Folder] C:\Users\RyanLaptop\appdata\local\{ACA4A323-3F6B-4C1F-A1F3-9FD74F9D4842}
Successfully deleted: [Empty Folder] C:\Users\RyanLaptop\appdata\local\{AF2B1AD5-1DD8-4208-AF36-E87FC4E6C7FD}
Successfully deleted: [Empty Folder] C:\Users\RyanLaptop\appdata\local\{AFA19502-60D4-41F2-950A-C161830DF904}
Successfully deleted: [Empty Folder] C:\Users\RyanLaptop\appdata\local\{B0C75CAD-D943-4080-A220-A2B3028F7700}
Successfully deleted: [Empty Folder] C:\Users\RyanLaptop\appdata\local\{B163CF4D-2A59-41A2-B907-7B0AF4163D5F}
Successfully deleted: [Empty Folder] C:\Users\RyanLaptop\appdata\local\{B25D83E9-5BCC-4763-AFFE-7735351088A9}
Successfully deleted: [Empty Folder] C:\Users\RyanLaptop\appdata\local\{B2986E9B-0A97-4634-A158-F0C068450376}
Successfully deleted: [Empty Folder] C:\Users\RyanLaptop\appdata\local\{B4CBE29A-2D99-461A-B031-C4B1CED8EEC9}
Successfully deleted: [Empty Folder] C:\Users\RyanLaptop\appdata\local\{B6514B40-3EDA-455A-BC82-0356C982072E}
Successfully deleted: [Empty Folder] C:\Users\RyanLaptop\appdata\local\{B67FE0BD-2130-4057-A17C-5CE5803E31FA}
Successfully deleted: [Empty Folder] C:\Users\RyanLaptop\appdata\local\{B9CB5A2E-5738-4165-9346-9CAB11E785C2}
Successfully deleted: [Empty Folder] C:\Users\RyanLaptop\appdata\local\{BA3C7F76-F469-4A2C-8F43-E4FFF6D191CE}
Successfully deleted: [Empty Folder] C:\Users\RyanLaptop\appdata\local\{BC102863-1968-475D-9515-66230AB6B432}
Successfully deleted: [Empty Folder] C:\Users\RyanLaptop\appdata\local\{BCDE7151-C28D-43BB-99CF-8954ACE2D7D8}
Successfully deleted: [Empty Folder] C:\Users\RyanLaptop\appdata\local\{BD7C25AD-E9AA-4731-A5B7-8B5147DB50B2}
Successfully deleted: [Empty Folder] C:\Users\RyanLaptop\appdata\local\{BED7D873-7FE2-4ABE-B662-22156B1F7F4D}
Successfully deleted: [Empty Folder] C:\Users\RyanLaptop\appdata\local\{BF715C59-31B3-42D6-92B6-70917CA55857}
Successfully deleted: [Empty Folder] C:\Users\RyanLaptop\appdata\local\{BFC5D73D-D1CA-4060-8293-1A9D358309AC}
Successfully deleted: [Empty Folder] C:\Users\RyanLaptop\appdata\local\{C02FA278-2FD1-49F1-8FC7-8C52F86302BC}
Successfully deleted: [Empty Folder] C:\Users\RyanLaptop\appdata\local\{C0D7206C-1D7A-4DE1-BFA1-C3DD4195EDD8}
Successfully deleted: [Empty Folder] C:\Users\RyanLaptop\appdata\local\{C1BB92E8-1039-4A50-91DD-6660FFFB4831}
Successfully deleted: [Empty Folder] C:\Users\RyanLaptop\appdata\local\{C1E131AD-BC36-4D20-A532-359390105FFD}
Successfully deleted: [Empty Folder] C:\Users\RyanLaptop\appdata\local\{C28AA2E8-D1F5-48D9-8A33-C61F911331E6}
Successfully deleted: [Empty Folder] C:\Users\RyanLaptop\appdata\local\{C471DEAC-02C6-4AEA-864F-641FE328F8A4}
Successfully deleted: [Empty Folder] C:\Users\RyanLaptop\appdata\local\{C50A82E6-8583-4708-B906-A69446C57850}
Successfully deleted: [Empty Folder] C:\Users\RyanLaptop\appdata\local\{C81941A9-2E6F-4693-94E3-9BAB47009708}
Successfully deleted: [Empty Folder] C:\Users\RyanLaptop\appdata\local\{C8793E6C-95F8-4008-B5DE-2EE68DBCC132}
Successfully deleted: [Empty Folder] C:\Users\RyanLaptop\appdata\local\{C9E83D8D-6988-4ADB-B597-147A3142C642}
Successfully deleted: [Empty Folder] C:\Users\RyanLaptop\appdata\local\{CC11E9B4-E49F-4B5C-B63D-CD31B4DFAFF0}
Successfully deleted: [Empty Folder] C:\Users\RyanLaptop\appdata\local\{CDE2673A-788C-47D3-AA5C-CE2392A132E3}
Successfully deleted: [Empty Folder] C:\Users\RyanLaptop\appdata\local\{CE6C580A-666C-4EF1-B9FA-0D62F0D9AA2B}
Successfully deleted: [Empty Folder] C:\Users\RyanLaptop\appdata\local\{CF21EED9-26D3-4DF8-891D-960271E6B35D}
Successfully deleted: [Empty Folder] C:\Users\RyanLaptop\appdata\local\{D0557C16-FB4D-462E-B7AC-6E989D5D967D}
Successfully deleted: [Empty Folder] C:\Users\RyanLaptop\appdata\local\{D1724A6B-8F5E-40F9-BFA6-3BF92529CA1A}
Successfully deleted: [Empty Folder] C:\Users\RyanLaptop\appdata\local\{D2289DED-654F-44EE-9F72-A4D231535B33}
Successfully deleted: [Empty Folder] C:\Users\RyanLaptop\appdata\local\{D33A1F62-472E-4A3D-895F-96447F17F725}
Successfully deleted: [Empty Folder] C:\Users\RyanLaptop\appdata\local\{D40BD6EF-0925-466E-ABCF-80934F015A5B}
Successfully deleted: [Empty Folder] C:\Users\RyanLaptop\appdata\local\{DA8F310D-C80B-4E21-BC6D-9CADD9E5B9D4}
Successfully deleted: [Empty Folder] C:\Users\RyanLaptop\appdata\local\{DB21A2AD-4A1F-43E8-AAC3-89DEBED104E6}
Successfully deleted: [Empty Folder] C:\Users\RyanLaptop\appdata\local\{DB7882CF-1C06-4282-B206-F6597BBCC1A2}
Successfully deleted: [Empty Folder] C:\Users\RyanLaptop\appdata\local\{DD37ADBB-D1A3-4446-90AB-A517A4F0CCA6}
Successfully deleted: [Empty Folder] C:\Users\RyanLaptop\appdata\local\{DE38FA41-694A-4BE2-BD7D-2D09ADA5A76A}
Successfully deleted: [Empty Folder] C:\Users\RyanLaptop\appdata\local\{E058D462-BBBF-4E7D-A5D4-D025D3A95C06}
Successfully deleted: [Empty Folder] C:\Users\RyanLaptop\appdata\local\{E1D86B02-9D5A-4CD5-BA7E-D8532C413509}
Successfully deleted: [Empty Folder] C:\Users\RyanLaptop\appdata\local\{E1E75FF0-3467-43DA-B9F6-90A682AA9F17}
Successfully deleted: [Empty Folder] C:\Users\RyanLaptop\appdata\local\{E26B82EB-354D-4B4A-B850-913EBB209295}
Successfully deleted: [Empty Folder] C:\Users\RyanLaptop\appdata\local\{E5E6AF7B-F87A-4546-81FE-CD9B28F3288A}
Successfully deleted: [Empty Folder] C:\Users\RyanLaptop\appdata\local\{E749AE5F-306E-43B0-9F5E-EA02B3B2C9C6}
Successfully deleted: [Empty Folder] C:\Users\RyanLaptop\appdata\local\{E7514BF8-457D-4739-82D3-F8DD1AB2B30E}
Successfully deleted: [Empty Folder] C:\Users\RyanLaptop\appdata\local\{E75B7E47-6AE9-4A37-8C8D-FD5E7EE10EBB}
Successfully deleted: [Empty Folder] C:\Users\RyanLaptop\appdata\local\{E77189EF-0BAD-4BF4-9CCE-758FA57D97F6}
Successfully deleted: [Empty Folder] C:\Users\RyanLaptop\appdata\local\{E82E1BA9-ACB8-4691-B81C-BE3043542C9D}
Successfully deleted: [Empty Folder] C:\Users\RyanLaptop\appdata\local\{E8855133-187E-4D30-A4B8-3F94DF2A474D}
Successfully deleted: [Empty Folder] C:\Users\RyanLaptop\appdata\local\{E8DED3F8-EABB-41AE-A005-2DEC81D658E2}
Successfully deleted: [Empty Folder] C:\Users\RyanLaptop\appdata\local\{EA298ACD-59A0-4D17-B432-852587CC3081}
Successfully deleted: [Empty Folder] C:\Users\RyanLaptop\appdata\local\{EB77CD7E-3539-49CC-B416-77DD35DE2B97}
Successfully deleted: [Empty Folder] C:\Users\RyanLaptop\appdata\local\{ED62F29F-186F-4D1B-AA73-2E4D797C1F0F}
Successfully deleted: [Empty Folder] C:\Users\RyanLaptop\appdata\local\{EDF4030B-03F3-4A2F-B032-E9014CFA48CD}
Successfully deleted: [Empty Folder] C:\Users\RyanLaptop\appdata\local\{EF85269C-DC31-4A88-821F-DE2613EF6240}
Successfully deleted: [Empty Folder] C:\Users\RyanLaptop\appdata\local\{EFB15EE8-5531-4ADE-A219-127577ED40B2}
Successfully deleted: [Empty Folder] C:\Users\RyanLaptop\appdata\local\{F1EF7E6F-8661-45CE-97D7-00C75308F8E2}
Successfully deleted: [Empty Folder] C:\Users\RyanLaptop\appdata\local\{F2669145-87A2-4CF1-ACBA-004DD83EC292}
Successfully deleted: [Empty Folder] C:\Users\RyanLaptop\appdata\local\{F39AF5A8-4B5C-459E-BAB9-B93FB509931D}
Successfully deleted: [Empty Folder] C:\Users\RyanLaptop\appdata\local\{F51216C1-D06E-4CE9-889A-24D30C1A225C}
Successfully deleted: [Empty Folder] C:\Users\RyanLaptop\appdata\local\{F5ADBAD2-DBD1-47E2-99C7-2EC98CD6999E}
Successfully deleted: [Empty Folder] C:\Users\RyanLaptop\appdata\local\{F70ECDE2-3813-422A-BD0E-2FAA7D148967}
Successfully deleted: [Empty Folder] C:\Users\RyanLaptop\appdata\local\{F792787E-8443-40E5-B8EF-3B34185304A8}
Successfully deleted: [Empty Folder] C:\Users\RyanLaptop\appdata\local\{F7D0A8B3-0834-4372-BE4C-E907B1414635}
Successfully deleted: [Empty Folder] C:\Users\RyanLaptop\appdata\local\{F98D2EBB-0553-486B-9EB8-D36AF562BAA0}
Successfully deleted: [Empty Folder] C:\Users\RyanLaptop\appdata\local\{F9C7E699-E3AA-4197-AF4C-E9908EEE9575}
Successfully deleted: [Empty Folder] C:\Users\RyanLaptop\appdata\local\{FAE1BD5A-4FA8-47EA-861A-79947992EB96}
Successfully deleted: [Empty Folder] C:\Users\RyanLaptop\appdata\local\{FE8908EA-A194-4990-BB6F-DBDED60C6BED}
Successfully deleted: [Empty Folder] C:\Users\RyanLaptop\appdata\local\{FF6DA2C0-EAC2-4ED2-99B3-756F6B3FE64D}
 
 
 
~~~ Event Viewer Logs were cleared
 
 
 
 
 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Fri 08/15/2014 at 12:09:47.83
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~


#7 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:08:33 AM

Posted 15 August 2014 - 11:20 AM


Hello Garavar

I Would like you to do the following.

Please print out or make a copy in notepad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.

Run Combofix:

You may be asked to install or update the Recovery Console (Win XP Only) if this happens please allow it to do so (you will need to be connected to the internet for this)

Before you run Combofix I will need you to turn off any security software you have running, If you do not know how to do this you can find out >here< or >here<

Combofix may need to reboot your computer more than once to do its job this is normal.

You can download Combofix from one of these links. I want you to save it to the desktop and run it from there.1. Close any open browsers or any other programs that are open.
2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Double click on combofix.exe & follow the prompts.
When finished, it will produce a report for you.

Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall

Note 2: If you receive an error "Illegal operation attempted on a registry key that has been marked for deletion." Please restart the computer

"information and logs"
  • In your next post I need the following
  • Log from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now?
Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#8 Garavar

Garavar
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:08:33 AM

Posted 15 August 2014 - 02:38 PM

ComboFix 14-08-15.01 - RyanLaptop 08/15/2014  15:16:09.1.4 - x64
Microsoft Windows 7 Professional   6.1.7601.1.1252.1.1033.18.8142.5935 [GMT -4:00]
Running from: c:\users\RyanLaptop\Desktop\ComboFix.exe
AV: Norton Internet Security *Disabled/Updated* {D87FA2C0-F526-77B1-D6EC-0EDF3936CEDB}
FW: Norton Internet Security *Disabled* {E04423E5-BF49-76E9-FDB3-A7EAC7E589A0}
SP: Norton Internet Security *Enabled/Updated* {631E4324-D31C-783F-EC5C-35AD42B18466}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
C:\install.exe
c:\programdata\Roaming
.
.
(((((((((((((((((((((((((   Files Created from 2014-07-15 to 2014-08-15  )))))))))))))))))))))))))))))))
.
.
2014-08-15 19:30 . 2014-08-15 19:30 -------- d-----w- c:\users\Default\AppData\Local\temp
2014-08-15 15:45 . 2014-08-15 15:46 -------- d-----w- c:\windows\system32\drivers\NISx64\1505000.013
2014-08-15 15:43 . 2014-08-15 15:43 -------- d-----w- c:\windows\ERUNT
2014-08-15 15:31 . 2010-08-30 12:34 536576 ----a-w- c:\windows\SysWow64\sqlite3.dll
2014-08-15 15:28 . 2014-08-15 15:31 -------- d-----w- C:\AdwCleaner
2014-08-14 23:01 . 2014-03-09 21:48 171160 ----a-w- c:\windows\system32\infocardapi.dll
2014-08-14 23:01 . 2014-03-09 21:48 1389208 ----a-w- c:\windows\system32\icardagt.exe
2014-08-14 23:01 . 2014-03-09 21:47 99480 ----a-w- c:\windows\SysWow64\infocardapi.dll
2014-08-14 23:01 . 2014-03-09 21:47 619672 ----a-w- c:\windows\SysWow64\icardagt.exe
2014-08-14 23:01 . 2014-06-30 22:24 8856 ----a-w- c:\windows\system32\icardres.dll
2014-08-14 23:01 . 2014-06-30 22:14 8856 ----a-w- c:\windows\SysWow64\icardres.dll
2014-08-14 23:00 . 2014-06-06 06:16 35480 ----a-w- c:\windows\SysWow64\TsWpfWrp.exe
2014-08-14 23:00 . 2014-06-06 06:12 35480 ----a-w- c:\windows\system32\TsWpfWrp.exe
2014-08-14 22:49 . 2014-08-14 22:55 -------- d-----w- C:\FRST
2014-08-14 20:32 . 2014-06-25 02:05 14175744 ----a-w- c:\windows\system32\shell32.dll
2014-08-14 20:31 . 2014-07-14 02:02 1216000 ----a-w- c:\windows\system32\rpcrt4.dll
2014-08-14 20:31 . 2014-07-14 01:40 664064 ----a-w- c:\windows\SysWow64\rpcrt4.dll
2014-08-14 20:31 . 2014-05-08 09:32 3178496 ----a-w- c:\windows\system32\rdpcorets.dll
2014-08-14 20:31 . 2014-05-08 09:32 16384 ----a-w- c:\windows\system32\RdpGroupPolicyExtension.dll
2014-08-14 20:30 . 2014-01-09 02:22 5694464 ----a-w- c:\windows\SysWow64\mstscax.dll
2014-08-14 20:30 . 2014-01-03 22:44 6574592 ----a-w- c:\windows\system32\mstscax.dll
2014-08-14 20:30 . 2014-08-07 02:06 529920 ----a-w- c:\windows\system32\aepdu.dll
2014-08-14 20:30 . 2014-08-07 02:01 424448 ----a-w- c:\windows\system32\aeinv.dll
2014-08-11 20:08 . 2014-08-11 20:09 -------- d-----w- C:\NPE
2014-08-11 19:47 . 2014-08-11 20:21 -------- d-----w- c:\users\RyanLaptop\AppData\Local\NPE
2014-08-11 18:53 . 2012-08-23 14:10 19456 ----a-w- c:\windows\system32\drivers\rdpvideominiport.sys
2014-08-11 18:53 . 2012-08-23 11:12 192000 ----a-w- c:\windows\SysWow64\rdpendp_winip.dll
2014-08-11 18:53 . 2012-08-23 14:13 243200 ----a-w- c:\windows\system32\rdpudd.dll
2014-08-11 18:53 . 2012-08-23 10:51 228864 ----a-w- c:\windows\system32\rdpendp_winip.dll
2014-08-11 18:50 . 2013-09-25 02:23 1030144 ----a-w- c:\windows\system32\TSWorkspace.dll
2014-08-11 18:50 . 2013-09-25 01:57 792576 ----a-w- c:\windows\SysWow64\TSWorkspace.dll
2014-08-11 18:50 . 2012-05-04 09:59 514560 ----a-w- c:\windows\SysWow64\qdvd.dll
2014-08-11 18:50 . 2012-05-04 11:00 366592 ----a-w- c:\windows\system32\qdvd.dll
2014-08-11 18:39 . 2014-08-11 18:39 -------- d-----w- c:\users\RyanLaptop\AppData\Roaming\Oracle
2014-08-11 18:38 . 2014-08-11 18:38 -------- d-----w- c:\windows\Sun
2014-08-11 18:38 . 2014-08-11 18:38 -------- d-----w- c:\program files (x86)\Common Files\Java
2014-08-11 18:37 . 2014-07-25 16:55 98216 ----a-w- c:\windows\SysWow64\WindowsAccessBridge-32.dll
2014-08-09 19:36 . 2014-08-09 20:56 -------- d-----w- c:\program files\X-Plane 10
2014-08-05 20:40 . 2014-08-14 21:41 -------- d-----w- c:\program files (x86)\FSFlyingSchoolXPlane10
2014-08-04 19:30 . 2014-08-04 19:30 -------- d-----w- c:\program files (x86)\MSXML 4.0
2014-08-04 19:28 . 2014-08-09 19:26 -------- d-----w- c:\program files (x86)\Microsoft Games
2014-07-29 15:01 . 2014-07-29 15:01 -------- d-----w- c:\users\RyanLaptop\AppData\Roaming\Canon
2014-07-25 15:46 . 2014-07-25 15:46 -------- d-----w- c:\programdata\PreEmptive Solutions
2014-07-24 19:15 . 2014-07-24 19:15 -------- d-----w- c:\programdata\VS
2014-07-24 19:12 . 2014-07-24 19:12 -------- d-----w- C:\4a31c8cfb6f82bab4c144d
2014-07-22 20:31 . 2014-08-09 20:56 -------- d-----w- c:\users\RyanLaptop\AppData\Local\CrashDumps
2014-07-18 20:52 . 2014-07-18 20:52 549104 ----a-w- c:\windows\system32\drivers\SynTP.sys
2014-07-18 20:52 . 2014-07-18 20:52 422640 ----a-w- c:\windows\system32\SynTPCo19.dll
2014-07-18 20:52 . 2014-07-18 20:52 252144 ----a-w- c:\windows\system32\SynTPAPI.dll
2014-07-18 20:52 . 2014-07-18 20:52 169712 ----a-w- c:\windows\SysWow64\SynTPCom.dll
2014-07-18 20:52 . 2014-07-18 20:52 723184 ----a-w- c:\windows\system32\SynCOM.dll
2014-07-18 20:52 . 2014-07-18 20:52 400624 ----a-w- c:\windows\SysWow64\SynCom.dll
2014-07-18 20:48 . 2014-07-18 20:48 161880 ----a-w- c:\windows\system32\pca-manta.bin
.
.
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2014-08-15 15:21 . 2011-08-15 00:57 17920 ----a-w- c:\windows\SysWow64\rpcnetp.dll
2014-08-15 15:18 . 2011-08-15 00:56 17920 ----a-w- c:\windows\SysWow64\rpcnetp.exe
2014-08-15 15:18 . 2011-08-15 00:56 17920 ----a-w- c:\windows\system32\rpcnetp.exe
2014-08-14 23:14 . 2011-01-28 21:55 99218768 ----a-w- c:\windows\system32\MRT.exe
2014-08-09 19:06 . 2011-08-11 20:34 69792 ----a-w- c:\windows\SysWow64\rpcnet.dll
2014-07-28 21:33 . 2011-01-28 22:32 3642528 ----a-w- c:\programdata\Microsoft\VisualStudio\10.0\1033\ResourceCache.dll
2014-07-15 17:55 . 2014-07-15 17:55 177752 ----a-w- c:\windows\system32\drivers\SYMEVENT64x86.SYS
2014-07-14 21:21 . 2014-07-14 21:20 122584 ----a-w- c:\windows\system32\drivers\MBAMSwissArmy.sys
2014-07-14 18:36 . 2012-06-04 23:45 699056 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2014-07-14 18:36 . 2011-08-12 02:06 71344 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2014-06-18 02:18 . 2014-07-14 17:48 692736 ----a-w- c:\windows\system32\osk.exe
2014-06-18 01:51 . 2014-07-14 17:48 646144 ----a-w- c:\windows\SysWow64\osk.exe
2014-06-06 10:10 . 2014-07-14 17:48 624128 ----a-w- c:\windows\system32\qedit.dll
2014-06-06 09:44 . 2014-07-14 17:48 509440 ----a-w- c:\windows\SysWow64\qedit.dll
2014-06-05 14:45 . 2014-07-14 17:43 1460736 ----a-w- c:\windows\system32\lsasrv.dll
2014-06-05 14:26 . 2014-07-14 17:43 22016 ----a-w- c:\windows\SysWow64\secur32.dll
2014-06-05 14:25 . 2014-07-14 17:43 96768 ----a-w- c:\windows\SysWow64\sspicli.dll
2014-05-30 08:08 . 2014-07-14 17:48 210944 ----a-w- c:\windows\system32\wdigest.dll
2014-05-30 08:08 . 2014-07-14 17:48 86528 ----a-w- c:\windows\system32\TSpkg.dll
2014-05-30 08:08 . 2014-07-14 17:48 340992 ----a-w- c:\windows\system32\schannel.dll
2014-05-30 08:08 . 2014-07-14 17:48 314880 ----a-w- c:\windows\system32\msv1_0.dll
2014-05-30 08:08 . 2014-07-14 17:48 307200 ----a-w- c:\windows\system32\ncrypt.dll
2014-05-30 08:08 . 2014-07-14 17:48 728064 ----a-w- c:\windows\system32\kerberos.dll
2014-05-30 08:08 . 2014-07-14 17:48 22016 ----a-w- c:\windows\system32\credssp.dll
2014-05-30 07:52 . 2014-07-14 17:48 172032 ----a-w- c:\windows\SysWow64\wdigest.dll
2014-05-30 07:52 . 2014-07-14 17:48 65536 ----a-w- c:\windows\SysWow64\TSpkg.dll
2014-05-30 07:52 . 2014-07-14 17:48 247808 ----a-w- c:\windows\SysWow64\schannel.dll
2014-05-30 07:52 . 2014-07-14 17:48 220160 ----a-w- c:\windows\SysWow64\ncrypt.dll
2014-05-30 07:52 . 2014-07-14 17:48 259584 ----a-w- c:\windows\SysWow64\msv1_0.dll
2014-05-30 07:52 . 2014-07-14 17:48 550912 ----a-w- c:\windows\SysWow64\kerberos.dll
2014-05-30 07:52 . 2014-07-14 17:48 17408 ----a-w- c:\windows\SysWow64\credssp.dll
2014-05-30 06:45 . 2014-07-14 17:48 497152 ----a-w- c:\windows\system32\drivers\afd.sys
.
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown 
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt1"]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2014-06-24 22:04 131480 ----a-w- c:\users\RyanLaptop\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt2"]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2014-06-24 22:04 131480 ----a-w- c:\users\RyanLaptop\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt3"]
@="{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}]
2014-06-24 22:04 131480 ----a-w- c:\users\RyanLaptop\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt4"]
@="{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}]
2014-06-24 22:04 131480 ----a-w- c:\users\RyanLaptop\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt5"]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2014-06-24 22:04 131480 ----a-w- c:\users\RyanLaptop\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt6"]
@="{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}]
2014-06-24 22:04 131480 ----a-w- c:\users\RyanLaptop\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt7"]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2014-06-24 22:04 131480 ----a-w- c:\users\RyanLaptop\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt8"]
@="{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}]
2014-06-24 22:04 131480 ----a-w- c:\users\RyanLaptop\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"HydraVisionDesktopManager"="c:\program files (x86)\ATI Technologies\HydraVision\HydraDM.exe" [2011-10-03 393216]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2013-05-30 642816]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-10-25 932288]
"Adobe Acrobat Speed Launcher"="c:\program files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrobat_sl.exe" [2010-10-25 36760]
"Acrobat Assistant 8.0"="c:\program files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrotray.exe" [2010-10-25 821144]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ   autocheck autochk *\0\0sdnclean64.exe
.
R0 rpcnetp;rpcnetp;rpcnetp [x]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R3 AMPPALP;Intel® Centrino® Wireless Bluetooth® + High Speed Protocol;c:\windows\system32\DRIVERS\amppal.sys;c:\windows\SYSNATIVE\DRIVERS\amppal.sys [x]
R3 e1kexpress;Intel® PRO/1000 PCI Express Network Connection Driver K;c:\windows\system32\DRIVERS\e1k62x64.sys;c:\windows\SYSNATIVE\DRIVERS\e1k62x64.sys [x]
R3 EagleX64;EagleX64;c:\windows\system32\drivers\EagleX64.sys;c:\windows\SYSNATIVE\drivers\EagleX64.sys [x]
R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe;c:\windows\SYSNATIVE\IEEtwCollector.exe [x]
R3 NETw5s64;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 64 Bit;c:\windows\system32\DRIVERS\NETw5s64.sys;c:\windows\SYSNATIVE\DRIVERS\NETw5s64.sys [x]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys;c:\windows\SYSNATIVE\drivers\rdpvideominiport.sys [x]
R3 RICOH SmartCard Reader;RICOH SmartCard Reader;c:\windows\system32\DRIVERS\rismcx64.sys;c:\windows\SYSNATIVE\DRIVERS\rismcx64.sys [x]
R4 AbsoluteNotifier;Absolute Notifier;c:\program files (x86)\Absolute Software\Absolute Notifier\AbsoluteNotifierService.exe;c:\program files (x86)\Absolute Software\Absolute Notifier\AbsoluteNotifierService.exe [x]
R4 AESTFilters;Andrea ST Filters Service;c:\program files\IDT\WDM\AESTSr64.exe;c:\program files\IDT\WDM\AESTSr64.exe [x]
R4 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe;c:\windows\SYSNATIVE\atiesrxx.exe [x]
R4 HPDrvMntSvc.exe;HP Quick Synchronization Service;c:\program files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe;c:\program files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe [x]
R4 hpsrv;HP Service;c:\windows\system32\Hpservice.exe;c:\windows\SYSNATIVE\Hpservice.exe [x]
R4 MSSQLServerADHelper100;SQL Active Directory Helper Service;c:\program files\Microsoft SQL Server\100\Shared\SQLADHLP.EXE;c:\program files\Microsoft SQL Server\100\Shared\SQLADHLP.EXE [x]
S1 BHDrvx64;BHDrvx64;c:\program files (x86)\Norton Internet Security\NortonData\21.4.0.13\Definitions\BASHDefs\20140801.001\BHDrvx64.sys;c:\program files (x86)\Norton Internet Security\NortonData\21.4.0.13\Definitions\BASHDefs\20140801.001\BHDrvx64.sys [x]
S1 ccSet_NIS;NIS Settings Manager;c:\windows\system32\drivers\NISx64\1505000.013\ccSetx64.sys;c:\windows\SYSNATIVE\drivers\NISx64\1505000.013\ccSetx64.sys [x]
S1 IDSVia64;IDSVia64;c:\program files (x86)\Norton Internet Security\NortonData\21.4.0.13\Definitions\IPSDefs\20140813.001_e6d\IDSvia64.sys;c:\program files (x86)\Norton Internet Security\NortonData\21.4.0.13\Definitions\IPSDefs\20140813.001_e6d\IDSvia64.sys [x]
S2 AMPPALR3;Intel® Centrino® Wireless Bluetooth® + High Speed Service;c:\program files\Intel\BluetoothHS\BTHSAmpPalService.exe;c:\program files\Intel\BluetoothHS\BTHSAmpPalService.exe [x]
S2 BTHSSecurityMgr;Intel® Centrino® Wireless Bluetooth® + High Speed Security Service;c:\program files\Intel\BluetoothHS\BTHSSecurityMgr.exe;c:\program files\Intel\BluetoothHS\BTHSSecurityMgr.exe [x]
S2 HP Support Assistant Service;HP Support Assistant Service;c:\program files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe;c:\program files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe [x]
S2 NIS;Norton Internet Security;c:\program files (x86)\Norton Internet Security\Engine\21.5.0.19\NIS.exe;c:\program files (x86)\Norton Internet Security\Engine\21.5.0.19\NIS.exe [x]
S2 rpcld;Remote Procedure Call (RPC) LD;c:\programdata\Rpcnet\Bin\rpcld.exe;c:\programdata\Rpcnet\Bin\rpcld.exe [x]
S3 AMPPAL;Intel® Centrino® Wireless Bluetooth® + High Speed Virtual Adapter;c:\windows\system32\DRIVERS\AMPPAL.sys;c:\windows\SYSNATIVE\DRIVERS\AMPPAL.sys [x]
S3 AtiHDAudioService;AMD Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys;c:\windows\SYSNATIVE\drivers\AtihdW76.sys [x]
S3 btusbflt;Bluetooth USB Filter;c:\windows\system32\drivers\btusbflt.sys;c:\windows\SYSNATIVE\drivers\btusbflt.sys [x]
S3 JMCR;JMCR;c:\windows\system32\DRIVERS\jmcr.sys;c:\windows\SYSNATIVE\DRIVERS\jmcr.sys [x]
S3 johci;JMicron 1394 Filter Driver;c:\windows\system32\DRIVERS\johci.sys;c:\windows\SYSNATIVE\DRIVERS\johci.sys [x]
S3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;c:\windows\system32\DRIVERS\nusb3hub.sys;c:\windows\SYSNATIVE\DRIVERS\nusb3hub.sys [x]
S3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;c:\windows\system32\DRIVERS\nusb3xhc.sys;c:\windows\SYSNATIVE\DRIVERS\nusb3xhc.sys [x]
.
.
--- Other Services/Drivers In Memory ---
.
*Deregistered* - EraserUtilDrv11313
.
Contents of the 'Scheduled Tasks' folder
.
2014-08-14 c:\windows\Tasks\HPCeeScheduleForRyanLaptop.job
- c:\program files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2010-09-14 02:15]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt1"]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2014-06-24 22:04 164760 ----a-w- c:\users\RyanLaptop\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt2"]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2014-06-24 22:04 164760 ----a-w- c:\users\RyanLaptop\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt3"]
@="{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}]
2014-06-24 22:04 164760 ----a-w- c:\users\RyanLaptop\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt4"]
@="{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}]
2014-06-24 22:04 164760 ----a-w- c:\users\RyanLaptop\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt5"]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2014-06-24 22:04 164760 ----a-w- c:\users\RyanLaptop\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt6"]
@="{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}]
2014-06-24 22:04 164760 ----a-w- c:\users\RyanLaptop\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt7"]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2014-06-24 22:04 164760 ----a-w- c:\users\RyanLaptop\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt8"]
@="{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}]
2014-06-24 22:04 164760 ----a-w- c:\users\RyanLaptop\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SysTrayApp"="c:\program files\IDT\WDM\sttray64.exe" [2012-11-17 1664000]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"NCPluginUpdater"="c:\program files (x86)\Hewlett-Packard\HP Health Check\ActiveCheck\product_line\NCPluginUpdater.exe" [2014-07-23 21720]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~2\MIF5BA~1\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 75.75.75.75 75.75.76.76 192.168.1.1
.
- - - - ORPHANS REMOVED - - - -
.
Wow6432Node-HKLM-Run-<NO NAME> - (no file)
HKLM_Wow6432Node-ActiveSetup-{2D46B6DC-2207-486B-B523-A557E6D54B47} - start
HKLM-Run-SynTPEnh - c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe
AddRemove-Driver San Francisco - c:\program files (x86)\Black_Box\Driver San Francisco\Uninstall\Uninstall.exe
AddRemove-{EE202411-2C26-49E8-9784-1BC1DBF7DE96} - c:\program files (x86)\InstallShield Installation Information\{EE202411-2C26-49E8-9784-1BC1DBF7DE96}\setup.exe
.
.
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\NIS]
"ImagePath"="\"c:\program files (x86)\Norton Internet Security\Engine\21.5.0.19\NIS.exe\" /s \"NIS\" /m \"c:\program files (x86)\Norton Internet Security\Engine\21.5.0.19\diMaster.dll\" /prefetch:1"
"ImagePath"="\SystemRoot\system32\drivers\NISx64\1504000.00D\SYMNETS.SYS"
"TrustedImagePaths"="c:\program files (x86)\Norton Internet Security\Engine\21.4.0.13;c:\program files (x86)\Norton Internet Security\Engine64\21.4.0.13"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\X6va005]
"ImagePath"="\??\c:\users\RYANLA~1\AppData\Local\Temp\005C1AE.tmp"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_14_0_0_145_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_14_0_0_145_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_14_0_0_145_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_14_0_0_145_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_14_0_0_145.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.14"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_14_0_0_145.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_14_0_0_145.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_14_0_0_145.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\VideoLAN.VLCPlugin.*1*]
@="?????????????????? v1"
.
[HKEY_LOCAL_MACHINE\software\Classes\VideoLAN.VLCPlugin.*1*\CLSID]
@="{E23FE9C6-778E-49D4-B537-38FCDE4887D8}"
.
[HKEY_LOCAL_MACHINE\software\Classes\VideoLAN.VLCPlugin.*2*]
@="?????????????????? v2"
.
[HKEY_LOCAL_MACHINE\software\Classes\VideoLAN.VLCPlugin.*2*\CLSID]
@="{9BE31822-FDAD-461B-AD51-BE1D1C159921}"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:000000b5
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2014-08-15  15:36:22
ComboFix-quarantined-files.txt  2014-08-15 19:36
.
Pre-Run: 39,962,591,232 bytes free
Post-Run: 41,019,023,360 bytes free
.
- - End Of File - - 4B29BEA525D1B7922DAA494EC923688B
A36C5E4F47E84449FF07ED3517B43A31


#9 Garavar

Garavar
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:08:33 AM

Posted 15 August 2014 - 03:28 PM

Computer starts up significantly faster now (doesnt take over 20 minutes anymore) but it is still slower than before. Apps still seem to take a little while to load. Only other problem I witness is that windows cannot update, gives me error every single time. 



#10 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:08:33 AM

Posted 17 August 2014 - 05:58 AM


Hello Garavar

At this time I would like you to run this script for me and it is a good time to check out the computer to see if there is anything else that needs to be addressed.

:Run CFScript:

Please start by opening Notepad and copy/paste the text in the box into the window:

ClearJavaCache::


 
Save it to your desktop as CFScript.txt

Referring to the picture above, drag CFScript.txt into ComboFix.exe
CFScriptB-4.gif
This will let ComboFix run again.
Restart if you have to.
Save the produced logfile to your desktop.

Note: Do not mouseclick combofix's window whilst it's running. That may cause it to stall

Note 2: If you receive an error "Illegal operation attempted on a registry key that has been marked for deletion." Please restart the computer

"information and logs"
  • In your next post I need the following
    • report from Combofix
    • let me know of any problems you may have had
    • How is the computer doing now after running the script?
Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#11 Garavar

Garavar
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:08:33 AM

Posted 18 August 2014 - 10:53 AM

I am not sure if I did it right cause ComboFix got deleted by Norton because I didnt remember to turn off antivirus before running the script....
 
So this is what happened....
 
Created notepad doc, put it on the combofix on desktop, it started running and stopped. Norton popped up said it was deleting combo fix. I redownloaded combo fix to desktop, turned off norton and dropped notepad onto combo fix then ran it and got this log. I dont see any "produced logfile"
 
ComboFix 14-08-17.01 - RyanLaptop 08/18/2014  11:26:34.2.4 - x64
Microsoft Windows 7 Professional   6.1.7601.1.1252.1.1033.18.8142.6194 [GMT -4:00]
Running from: c:\users\RyanLaptop\Desktop\ComboFix.exe
Command switches used :: c:\users\RyanLaptop\Desktop\CFScript.txt
AV: Norton Internet Security *Disabled/Updated* {D87FA2C0-F526-77B1-D6EC-0EDF3936CEDB}
FW: Norton Internet Security *Disabled* {E04423E5-BF49-76E9-FDB3-A7EAC7E589A0}
SP: Norton Internet Security *Disabled/Updated* {631E4324-D31C-783F-EC5C-35AD42B18466}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((((   Files Created from 2014-07-18 to 2014-08-18  )))))))))))))))))))))))))))))))
.
.
2014-08-18 15:42 . 2014-08-18 15:42 -------- d-----w- c:\users\gd\AppData\Local\temp
2014-08-18 15:42 . 2014-08-18 15:42 -------- d-----w- c:\users\Default\AppData\Local\temp
2014-08-15 20:17 . 2011-09-23 01:06 109416 ----a-w- c:\windows\system32\perf-MSSQL$SQLEXPRESS-sqlctr10.3.5500.0.dll
2014-08-15 20:17 . 2011-09-22 21:18 73064 ----a-w- c:\windows\SysWow64\perf-MSSQL$SQLEXPRESS-sqlctr10.3.5500.0.dll
2014-08-15 20:07 . 2014-08-15 20:07 -------- d-----w- c:\program files\Microsoft.NET
2014-08-15 15:45 . 2014-08-15 19:39 -------- d-----w- c:\windows\system32\drivers\NISx64\1505000.013
2014-08-15 15:43 . 2014-08-15 15:43 -------- d-----w- c:\windows\ERUNT
2014-08-15 15:31 . 2010-08-30 12:34 536576 ----a-w- c:\windows\SysWow64\sqlite3.dll
2014-08-15 15:28 . 2014-08-15 15:31 -------- d-----w- C:\AdwCleaner
2014-08-14 23:01 . 2014-03-09 21:48 171160 ----a-w- c:\windows\system32\infocardapi.dll
2014-08-14 23:01 . 2014-03-09 21:48 1389208 ----a-w- c:\windows\system32\icardagt.exe
2014-08-14 23:01 . 2014-03-09 21:47 99480 ----a-w- c:\windows\SysWow64\infocardapi.dll
2014-08-14 23:01 . 2014-03-09 21:47 619672 ----a-w- c:\windows\SysWow64\icardagt.exe
2014-08-14 23:01 . 2014-06-30 22:24 8856 ----a-w- c:\windows\system32\icardres.dll
2014-08-14 23:01 . 2014-06-30 22:14 8856 ----a-w- c:\windows\SysWow64\icardres.dll
2014-08-14 23:00 . 2014-06-06 06:16 35480 ----a-w- c:\windows\SysWow64\TsWpfWrp.exe
2014-08-14 23:00 . 2014-06-06 06:12 35480 ----a-w- c:\windows\system32\TsWpfWrp.exe
2014-08-14 22:49 . 2014-08-14 22:55 -------- d-----w- C:\FRST
2014-08-14 20:32 . 2014-06-25 02:05 14175744 ----a-w- c:\windows\system32\shell32.dll
2014-08-14 20:31 . 2014-07-14 02:02 1216000 ----a-w- c:\windows\system32\rpcrt4.dll
2014-08-14 20:31 . 2014-07-14 01:40 664064 ----a-w- c:\windows\SysWow64\rpcrt4.dll
2014-08-14 20:31 . 2014-05-08 09:32 3178496 ----a-w- c:\windows\system32\rdpcorets.dll
2014-08-14 20:31 . 2014-05-08 09:32 16384 ----a-w- c:\windows\system32\RdpGroupPolicyExtension.dll
2014-08-14 20:30 . 2014-01-09 02:22 5694464 ----a-w- c:\windows\SysWow64\mstscax.dll
2014-08-14 20:30 . 2014-01-03 22:44 6574592 ----a-w- c:\windows\system32\mstscax.dll
2014-08-14 20:30 . 2014-08-07 02:06 529920 ----a-w- c:\windows\system32\aepdu.dll
2014-08-14 20:30 . 2014-08-07 02:01 424448 ----a-w- c:\windows\system32\aeinv.dll
2014-08-11 20:08 . 2014-08-11 20:09 -------- d-----w- C:\NPE
2014-08-11 19:47 . 2014-08-11 20:21 -------- d-----w- c:\users\RyanLaptop\AppData\Local\NPE
2014-08-11 18:53 . 2012-08-23 14:10 19456 ----a-w- c:\windows\system32\drivers\rdpvideominiport.sys
2014-08-11 18:53 . 2012-08-23 11:12 192000 ----a-w- c:\windows\SysWow64\rdpendp_winip.dll
2014-08-11 18:53 . 2012-08-23 14:13 243200 ----a-w- c:\windows\system32\rdpudd.dll
2014-08-11 18:53 . 2012-08-23 10:51 228864 ----a-w- c:\windows\system32\rdpendp_winip.dll
2014-08-11 18:50 . 2013-09-25 02:23 1030144 ----a-w- c:\windows\system32\TSWorkspace.dll
2014-08-11 18:50 . 2013-09-25 01:57 792576 ----a-w- c:\windows\SysWow64\TSWorkspace.dll
2014-08-11 18:50 . 2012-05-04 09:59 514560 ----a-w- c:\windows\SysWow64\qdvd.dll
2014-08-11 18:50 . 2012-05-04 11:00 366592 ----a-w- c:\windows\system32\qdvd.dll
2014-08-11 18:39 . 2014-08-11 18:39 -------- d-----w- c:\users\RyanLaptop\AppData\Roaming\Oracle
2014-08-11 18:38 . 2014-08-11 18:38 -------- d-----w- c:\windows\Sun
2014-08-11 18:38 . 2014-08-11 18:38 -------- d-----w- c:\program files (x86)\Common Files\Java
2014-08-11 18:37 . 2014-07-25 16:55 98216 ----a-w- c:\windows\SysWow64\WindowsAccessBridge-32.dll
2014-08-09 19:36 . 2014-08-09 20:56 -------- d-----w- c:\program files\X-Plane 10
2014-08-05 20:40 . 2014-08-14 21:41 -------- d-----w- c:\program files (x86)\FSFlyingSchoolXPlane10
2014-08-04 19:30 . 2014-08-04 19:30 -------- d-----w- c:\program files (x86)\MSXML 4.0
2014-08-04 19:28 . 2014-08-09 19:26 -------- d-----w- c:\program files (x86)\Microsoft Games
2014-07-29 15:01 . 2014-07-29 15:01 -------- d-----w- c:\users\RyanLaptop\AppData\Roaming\Canon
2014-07-25 15:46 . 2014-07-25 15:46 -------- d-----w- c:\programdata\PreEmptive Solutions
2014-07-24 19:15 . 2014-07-24 19:15 -------- d-----w- c:\programdata\VS
2014-07-24 19:12 . 2014-07-24 19:12 -------- d-----w- C:\4a31c8cfb6f82bab4c144d
2014-07-22 20:31 . 2014-08-18 15:17 -------- d-----w- c:\users\RyanLaptop\AppData\Local\CrashDumps
.
.
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2014-08-18 15:08 . 2011-03-28 22:36 23256 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
2014-08-18 15:08 . 2011-08-15 00:57 17920 ----a-w- c:\windows\SysWow64\rpcnetp.dll
2014-08-18 15:08 . 2011-08-15 00:56 17920 ----a-w- c:\windows\SysWow64\rpcnetp.exe
2014-08-18 15:08 . 2011-08-15 00:56 17920 ----a-w- c:\windows\system32\rpcnetp.exe
2014-08-14 23:14 . 2011-01-28 21:55 99218768 ----a-w- c:\windows\system32\MRT.exe
2014-08-09 19:06 . 2011-08-11 20:34 69792 ----a-w- c:\windows\SysWow64\rpcnet.dll
2014-07-28 21:33 . 2011-01-28 22:32 3642528 ----a-w- c:\programdata\Microsoft\VisualStudio\10.0\1033\ResourceCache.dll
2014-07-18 20:48 . 2014-07-18 20:48 555760 ----a-w- c:\windows\system32\drivers\SynTP.sys
2014-07-18 20:48 . 2014-07-18 20:48 422640 ----a-w- c:\windows\system32\SynTPCo19.dll
2014-07-18 20:48 . 2014-07-18 20:48 252144 ----a-w- c:\windows\system32\SynTPAPI.dll
2014-07-18 20:48 . 2014-07-18 20:48 169712 ----a-w- c:\windows\SysWow64\SynTPCom.dll
2014-07-18 20:48 . 2014-07-18 20:48 723184 ----a-w- c:\windows\system32\SynCOM.dll
2014-07-18 20:48 . 2014-07-18 20:48 400624 ----a-w- c:\windows\SysWow64\SynCom.dll
2014-07-18 20:48 . 2014-07-18 20:48 161880 ----a-w- c:\windows\system32\pca-manta.bin
2014-07-15 17:55 . 2014-07-15 17:55 177752 ----a-w- c:\windows\system32\drivers\SYMEVENT64x86.SYS
2014-07-14 21:21 . 2014-07-14 21:20 122584 ----a-w- c:\windows\system32\drivers\MBAMSwissArmy.sys
2014-07-14 18:36 . 2012-06-04 23:45 699056 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2014-07-14 18:36 . 2011-08-12 02:06 71344 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2014-06-18 02:18 . 2014-07-14 17:48 692736 ----a-w- c:\windows\system32\osk.exe
2014-06-18 01:51 . 2014-07-14 17:48 646144 ----a-w- c:\windows\SysWow64\osk.exe
2014-06-06 10:10 . 2014-07-14 17:48 624128 ----a-w- c:\windows\system32\qedit.dll
2014-06-06 09:44 . 2014-07-14 17:48 509440 ----a-w- c:\windows\SysWow64\qedit.dll
2014-06-05 14:45 . 2014-07-14 17:43 1460736 ----a-w- c:\windows\system32\lsasrv.dll
2014-06-05 14:26 . 2014-07-14 17:43 22016 ----a-w- c:\windows\SysWow64\secur32.dll
2014-06-05 14:25 . 2014-07-14 17:43 96768 ----a-w- c:\windows\SysWow64\sspicli.dll
2014-05-30 08:08 . 2014-07-14 17:48 210944 ----a-w- c:\windows\system32\wdigest.dll
2014-05-30 08:08 . 2014-07-14 17:48 86528 ----a-w- c:\windows\system32\TSpkg.dll
2014-05-30 08:08 . 2014-07-14 17:48 340992 ----a-w- c:\windows\system32\schannel.dll
2014-05-30 08:08 . 2014-07-14 17:48 314880 ----a-w- c:\windows\system32\msv1_0.dll
2014-05-30 08:08 . 2014-07-14 17:48 307200 ----a-w- c:\windows\system32\ncrypt.dll
2014-05-30 08:08 . 2014-07-14 17:48 728064 ----a-w- c:\windows\system32\kerberos.dll
2014-05-30 08:08 . 2014-07-14 17:48 22016 ----a-w- c:\windows\system32\credssp.dll
2014-05-30 07:52 . 2014-07-14 17:48 172032 ----a-w- c:\windows\SysWow64\wdigest.dll
2014-05-30 07:52 . 2014-07-14 17:48 65536 ----a-w- c:\windows\SysWow64\TSpkg.dll
2014-05-30 07:52 . 2014-07-14 17:48 247808 ----a-w- c:\windows\SysWow64\schannel.dll
2014-05-30 07:52 . 2014-07-14 17:48 220160 ----a-w- c:\windows\SysWow64\ncrypt.dll
2014-05-30 07:52 . 2014-07-14 17:48 259584 ----a-w- c:\windows\SysWow64\msv1_0.dll
2014-05-30 07:52 . 2014-07-14 17:48 550912 ----a-w- c:\windows\SysWow64\kerberos.dll
2014-05-30 07:52 . 2014-07-14 17:48 17408 ----a-w- c:\windows\SysWow64\credssp.dll
2014-05-30 06:45 . 2014-07-14 17:48 497152 ----a-w- c:\windows\system32\drivers\afd.sys
.
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown 
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt1"]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2014-06-24 22:04 131480 ----a-w- c:\users\RyanLaptop\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt2"]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2014-06-24 22:04 131480 ----a-w- c:\users\RyanLaptop\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt3"]
@="{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}]
2014-06-24 22:04 131480 ----a-w- c:\users\RyanLaptop\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt4"]
@="{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}]
2014-06-24 22:04 131480 ----a-w- c:\users\RyanLaptop\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt5"]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2014-06-24 22:04 131480 ----a-w- c:\users\RyanLaptop\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt6"]
@="{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}]
2014-06-24 22:04 131480 ----a-w- c:\users\RyanLaptop\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt7"]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2014-06-24 22:04 131480 ----a-w- c:\users\RyanLaptop\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt8"]
@="{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}]
2014-06-24 22:04 131480 ----a-w- c:\users\RyanLaptop\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"HydraVisionDesktopManager"="c:\program files (x86)\ATI Technologies\HydraVision\HydraDM.exe" [2011-10-03 393216]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2013-05-30 642816]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-10-25 932288]
"Adobe Acrobat Speed Launcher"="c:\program files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrobat_sl.exe" [2010-10-25 36760]
"Acrobat Assistant 8.0"="c:\program files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrotray.exe" [2010-10-25 821144]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ   autocheck autochk *\0\0sdnclean64.exe
.
R0 rpcnetp;rpcnetp;rpcnetp [x]
R3 AMPPALP;Intel® Centrino® Wireless Bluetooth® + High Speed Protocol;c:\windows\system32\DRIVERS\amppal.sys;c:\windows\SYSNATIVE\DRIVERS\amppal.sys [x]
R3 e1kexpress;Intel® PRO/1000 PCI Express Network Connection Driver K;c:\windows\system32\DRIVERS\e1k62x64.sys;c:\windows\SYSNATIVE\DRIVERS\e1k62x64.sys [x]
R3 EagleX64;EagleX64;c:\windows\system32\drivers\EagleX64.sys;c:\windows\SYSNATIVE\drivers\EagleX64.sys [x]
R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe;c:\windows\SYSNATIVE\IEEtwCollector.exe [x]
R3 NETw5s64;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 64 Bit;c:\windows\system32\DRIVERS\NETw5s64.sys;c:\windows\SYSNATIVE\DRIVERS\NETw5s64.sys [x]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys;c:\windows\SYSNATIVE\drivers\rdpvideominiport.sys [x]
R3 RICOH SmartCard Reader;RICOH SmartCard Reader;c:\windows\system32\DRIVERS\rismcx64.sys;c:\windows\SYSNATIVE\DRIVERS\rismcx64.sys [x]
R4 AbsoluteNotifier;Absolute Notifier;c:\program files (x86)\Absolute Software\Absolute Notifier\AbsoluteNotifierService.exe;c:\program files (x86)\Absolute Software\Absolute Notifier\AbsoluteNotifierService.exe [x]
R4 AESTFilters;Andrea ST Filters Service;c:\program files\IDT\WDM\AESTSr64.exe;c:\program files\IDT\WDM\AESTSr64.exe [x]
R4 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe;c:\windows\SYSNATIVE\atiesrxx.exe [x]
R4 HPDrvMntSvc.exe;HP Quick Synchronization Service;c:\program files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe;c:\program files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe [x]
R4 hpsrv;HP Service;c:\windows\system32\Hpservice.exe;c:\windows\SYSNATIVE\Hpservice.exe [x]
R4 MSSQLServerADHelper100;SQL Active Directory Helper Service;c:\program files\Microsoft SQL Server\100\Shared\SQLADHLP.EXE;c:\program files\Microsoft SQL Server\100\Shared\SQLADHLP.EXE [x]
S1 BHDrvx64;BHDrvx64;c:\program files (x86)\Norton Internet Security\NortonData\21.4.0.13\Definitions\BASHDefs\20140801.001\BHDrvx64.sys;c:\program files (x86)\Norton Internet Security\NortonData\21.4.0.13\Definitions\BASHDefs\20140801.001\BHDrvx64.sys [x]
S1 ccSet_NIS;NIS Settings Manager;c:\windows\system32\drivers\NISx64\1505000.013\ccSetx64.sys;c:\windows\SYSNATIVE\drivers\NISx64\1505000.013\ccSetx64.sys [x]
S1 IDSVia64;IDSVia64;c:\program files (x86)\Norton Internet Security\NortonData\21.4.0.13\Definitions\IPSDefs\20140813.001_e6d\IDSvia64.sys;c:\program files (x86)\Norton Internet Security\NortonData\21.4.0.13\Definitions\IPSDefs\20140813.001_e6d\IDSvia64.sys [x]
S2 AMPPALR3;Intel® Centrino® Wireless Bluetooth® + High Speed Service;c:\program files\Intel\BluetoothHS\BTHSAmpPalService.exe;c:\program files\Intel\BluetoothHS\BTHSAmpPalService.exe [x]
S2 BTHSSecurityMgr;Intel® Centrino® Wireless Bluetooth® + High Speed Security Service;c:\program files\Intel\BluetoothHS\BTHSSecurityMgr.exe;c:\program files\Intel\BluetoothHS\BTHSSecurityMgr.exe [x]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
S2 HP Support Assistant Service;HP Support Assistant Service;c:\program files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe;c:\program files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe [x]
S2 NIS;Norton Internet Security;c:\program files (x86)\Norton Internet Security\Engine\21.5.0.19\NIS.exe;c:\program files (x86)\Norton Internet Security\Engine\21.5.0.19\NIS.exe [x]
S2 rpcld;Remote Procedure Call (RPC) LD;c:\programdata\Rpcnet\Bin\rpcld.exe;c:\programdata\Rpcnet\Bin\rpcld.exe [x]
S3 AMPPAL;Intel® Centrino® Wireless Bluetooth® + High Speed Virtual Adapter;c:\windows\system32\DRIVERS\AMPPAL.sys;c:\windows\SYSNATIVE\DRIVERS\AMPPAL.sys [x]
S3 AtiHDAudioService;AMD Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys;c:\windows\SYSNATIVE\drivers\AtihdW76.sys [x]
S3 btusbflt;Bluetooth USB Filter;c:\windows\system32\drivers\btusbflt.sys;c:\windows\SYSNATIVE\drivers\btusbflt.sys [x]
S3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys;c:\program files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [x]
S3 JMCR;JMCR;c:\windows\system32\DRIVERS\jmcr.sys;c:\windows\SYSNATIVE\DRIVERS\jmcr.sys [x]
S3 johci;JMicron 1394 Filter Driver;c:\windows\system32\DRIVERS\johci.sys;c:\windows\SYSNATIVE\DRIVERS\johci.sys [x]
S3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;c:\windows\system32\DRIVERS\nusb3hub.sys;c:\windows\SYSNATIVE\DRIVERS\nusb3hub.sys [x]
S3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;c:\windows\system32\DRIVERS\nusb3xhc.sys;c:\windows\SYSNATIVE\DRIVERS\nusb3xhc.sys [x]
.
.
Contents of the 'Scheduled Tasks' folder
.
2014-08-14 c:\windows\Tasks\HPCeeScheduleForRyanLaptop.job
- c:\program files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2010-09-14 02:15]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt1"]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2014-06-24 22:04 164760 ----a-w- c:\users\RyanLaptop\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt2"]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2014-06-24 22:04 164760 ----a-w- c:\users\RyanLaptop\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt3"]
@="{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}]
2014-06-24 22:04 164760 ----a-w- c:\users\RyanLaptop\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt4"]
@="{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}]
2014-06-24 22:04 164760 ----a-w- c:\users\RyanLaptop\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt5"]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2014-06-24 22:04 164760 ----a-w- c:\users\RyanLaptop\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt6"]
@="{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}]
2014-06-24 22:04 164760 ----a-w- c:\users\RyanLaptop\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt7"]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2014-06-24 22:04 164760 ----a-w- c:\users\RyanLaptop\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt8"]
@="{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}]
2014-06-24 22:04 164760 ----a-w- c:\users\RyanLaptop\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SysTrayApp"="c:\program files\IDT\WDM\sttray64.exe" [2012-11-17 1664000]
"SynTPEnh"="c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe" [BU]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"NCPluginUpdater"="c:\program files (x86)\Hewlett-Packard\HP Health Check\ActiveCheck\product_line\NCPluginUpdater.exe" [2014-08-06 21720]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: E&xport to Microsoft Excel - c:\progra~2\MIF5BA~1\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 75.75.75.75 75.75.76.76 192.168.1.1
.
- - - - ORPHANS REMOVED - - - -
.
Wow6432Node-HKLM-Run-<NO NAME> - (no file)
AddRemove-Driver San Francisco - c:\program files (x86)\Black_Box\Driver San Francisco\Uninstall\Uninstall.exe
AddRemove-{EE202411-2C26-49E8-9784-1BC1DBF7DE96} - c:\program files (x86)\InstallShield Installation Information\{EE202411-2C26-49E8-9784-1BC1DBF7DE96}\setup.exe
.
.
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\NIS]
"ImagePath"="\"c:\program files (x86)\Norton Internet Security\Engine\21.5.0.19\NIS.exe\" /s \"NIS\" /m \"c:\program files (x86)\Norton Internet Security\Engine\21.5.0.19\diMaster.dll\" /prefetch:1"
"ImagePath"="\SystemRoot\System32\Drivers\NISx64\1505000.013\SYMNETS.SYS"
"TrustedImagePaths"="c:\program files (x86)\Norton Internet Security\Engine\21.5.0.19;c:\program files (x86)\Norton Internet Security\Engine64\21.5.0.19"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\X6va005]
"ImagePath"="\??\c:\users\RYANLA~1\AppData\Local\Temp\005C1AE.tmp"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_14_0_0_145_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_14_0_0_145_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_14_0_0_145_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_14_0_0_145_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_14_0_0_145.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.14"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_14_0_0_145.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_14_0_0_145.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_14_0_0_145.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\VideoLAN.VLCPlugin.*1*]
@="?????????????????? v1"
.
[HKEY_LOCAL_MACHINE\software\Classes\VideoLAN.VLCPlugin.*1*\CLSID]
@="{E23FE9C6-778E-49D4-B537-38FCDE4887D8}"
.
[HKEY_LOCAL_MACHINE\software\Classes\VideoLAN.VLCPlugin.*2*]
@="?????????????????? v2"
.
[HKEY_LOCAL_MACHINE\software\Classes\VideoLAN.VLCPlugin.*2*\CLSID]
@="{9BE31822-FDAD-461B-AD51-BE1D1C159921}"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:000000b5
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2014-08-18  11:48:49
ComboFix-quarantined-files.txt  2014-08-18 15:48
ComboFix2.txt  2014-08-15 19:36
.
Pre-Run: 49,819,144,192 bytes free
Post-Run: 49,510,912,000 bytes free
.
- - End Of File - - 4B917A84BC7FBE9E93A1947B2F16E3D2
A36C5E4F47E84449FF07ED3517B43A31


#12 Garavar

Garavar
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:08:33 AM

Posted 18 August 2014 - 10:54 AM

If I need to run it again correctly, let me know, cause computer is still lagging. 



#13 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:08:33 AM

Posted 18 August 2014 - 03:16 PM


Hello Garavar

I would like to see a report that combofix makes.

extra combofix report
  • push the "windows key" + "R" (between the "Ctrl" button and "Alt" Button)
  • please copy and past the following into the box
C:\Qoobox\Add-Remove Programs.txt
  • click ok
copy and paste the report into this topic for me to review

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#14 Garavar

Garavar
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:08:33 AM

Posted 18 August 2014 - 03:58 PM

 Update for Microsoft Office 2007 (KB2508958)
µTorrent
Absolute Notifier
Adobe Acrobat X Pro - English, Français, Deutsch
Adobe Creative Suite 5.5 Master Collection
Adobe Flash Player 14 ActiveX
Adobe Flash Player 14 Plugin
Catalyst Control Center
Catalyst Control Center - Branding
Catalyst Control Center Graphics Previews Common
Catalyst Control Center InstallProxy
Catalyst Control Center Localization All
Catalyst Control Center Profiles Mobile
CCC Help Chinese Standard
CCC Help Chinese Traditional
CCC Help Czech
CCC Help Danish
CCC Help Dutch
CCC Help English
CCC Help Finnish
CCC Help French
CCC Help German
CCC Help Greek
CCC Help Hungarian
CCC Help Italian
CCC Help Japanese
CCC Help Korean
CCC Help Norwegian
CCC Help Polish
CCC Help Portuguese
CCC Help Russian
CCC Help Spanish
CCC Help Swedish
CCC Help Thai
CCC Help Turkish
Console Color for Visual Studio 2010
Crazy Taxi 1.0
Critical Update for Microsoft Visual Studio 2010 Professional - ENU (KB2938807)
Crystal Reports for Visual Studio
D3DX10
Dead Island
Dotfuscator Software Services - Community Edition
Driver San Francisco
Dropbox
ESN Sonar
FSFlyingSchool for X-Plane 10 - Cessna 172 Edition
Google Chrome
GTA San Andreas
Hewlett-Packard ACLM.NET v1.2.1.1
Hotfix for Microsoft Team Foundation Server 2010 Object Model - ENU (KB2890573)
Hotfix for Microsoft Visual Studio 2010 Professional - ENU (KB2529927)
Hotfix for Microsoft Visual Studio 2010 Professional - ENU (KB2542054)
Hotfix for Microsoft Visual Studio 2010 Professional - ENU (KB2548139)
Hotfix for Microsoft Visual Studio 2010 Professional - ENU (KB2549864)
Hotfix for Microsoft Visual Studio 2010 Professional - ENU (KB2635973)
Hotfix for Microsoft Visual Studio 2010 Professional - ENU (KB2890573)
Hotfix for Visual C++ Standard 2010 Beta 1 - ENU (KB2280741)
Hotfix for Visual C++ Standard 2010 Beta 1 - ENU (KB2284668)
Hotfix for Visual C++ Standard 2010 Beta 1 - ENU (KB2295689)
Hotfix for Visual C++ Standard 2010 Beta 1 - ENU (KB2420513)
Hotfix for Visual C++ Standard 2010 Beta 1 - ENU (KB2452649)
Hotfix for Visual C++ Standard 2010 Beta 1 - ENU (KB2455033)
Hotfix for Visual C++ Standard 2010 Beta 1 - ENU (KB2485545)
Hotfix for Visual C++ Standard 2010 Beta 1 - ENU (KB982517)
Hotfix for Visual C++ Standard 2010 Beta 1 - ENU (KB982721)
Hotfix for Visual C++ Standard 2010 Beta 1 - ENU (KB983233)
HP Customer Experience Enhancements
HP ESU for Microsoft Windows 7
HP Officejet Pro 8500 A910 Help
HP SoftPaq Download Manager
HP Software Framework
HP Support Assistant
HP Update
HP Webcam
HydraVision
IDT Audio
Intel® Control Center
Intel® Management Engine Components
Java 7 Update 67
Java Auto Updater
JMicron 1394 Filter Driver
JMicron Flash Media Controller Driver
Junk Mail filter update
Killing Floor
Kingsoft Office 2012 (8.1.0.3375)
L.A. Noire
Left 4 Dead
Left 4 Dead 2
Left 4 Dead 2 Authoring Tools
Left 4 Dead 2 Dedicated Server
Lua 5.1.4.23
Malwarebytes Anti-Malware version 2.0.2.1012
Max Payne 3
Mesh Runtime
Messenger Companion
Microsoft .NET Framework 4 Multi-Targeting Pack
Microsoft Application Error Reporting
Microsoft ASP.NET MVC 2
Microsoft ASP.NET MVC 2 - Visual Studio 2010 Tools
Microsoft DirectX SDK (June 2010)
Microsoft Games for Windows - LIVE 
Microsoft Games for Windows - LIVE Redistributable
Microsoft Office 2007 Service Pack 3 (SP3)
Microsoft Office Access MUI (English) 2007
Microsoft Office Access Setup Metadata MUI (English) 2007
Microsoft Office Enterprise 2007
Microsoft Office Excel MUI (English) 2007
Microsoft Office File Validation Add-In
Microsoft Office Groove MUI (English) 2007
Microsoft Office Groove Setup Metadata MUI (English) 2007
Microsoft Office InfoPath MUI (English) 2007
Microsoft Office OneNote MUI (English) 2007
Microsoft Office Outlook Connector
Microsoft Office Outlook MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
Microsoft Office Publisher MUI (English) 2007
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Word MUI (English) 2007
Microsoft Silverlight 3 SDK
Microsoft Silverlight 4 SDK
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft SQL Server 2008 Browser
Microsoft SQL Server 2008 R2 Data-Tier Application Framework
Microsoft SQL Server 2008 R2 Data-Tier Application Project
Microsoft SQL Server 2008 R2 Management Objects
Microsoft SQL Server 2008 R2 Transact-SQL Language Service
Microsoft SQL Server Compact 3.5 SP2 ENU
Microsoft SQL Server Database Publishing Wizard 1.4
Microsoft SQL Server System CLR Types
Microsoft Sync Framework SDK v1.0 SP1
Microsoft Visual C++  Compilers 2010 Standard - enu - x86
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4974
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
Microsoft Visual C++ 2010  x86 Runtime - 10.0.40219
Microsoft Visual F# 2.0 Runtime
Microsoft Visual Studio 2010 ADO.NET Entity Framework Tools
Microsoft Visual Studio 2010 Professional - ENU
Microsoft Visual Studio 2010 Service Pack 1
Microsoft Visual Studio 2010 SharePoint Developer Tools
Microsoft Visual Studio Macro Tools
Microsoft XNA Framework Redistributable 4.0
Microsoft_VC80_ATL_x86
Microsoft_VC80_CRT_x86
Microsoft_VC80_MFC_x86
Microsoft_VC80_MFCLOC_x86
Microsoft_VC90_ATL_x86
Microsoft_VC90_CRT_x86
Microsoft_VC90_MFC_x86
Microsoft_VC90_MFCLOC_x86
MSVCRT
MSVCRT_amd64
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
MSXML 4.0 SP2 Parser and SDK
Napoleon: Total War
Norton Internet Security
Notepad++
NVIDIA PhysX
Omerta - City of Gangsters
OpenAL
Organ Trail: Director's Cut
PAYDAY: The Heist
QuickTime
Renesas Electronics USB 3.0 Host Controller Driver
Resident Evil 5
Rockstar Games Social Club
Security Update for CAPICOM (KB931906)
Security Update for Microsoft .NET Framework 4.5.1 (KB2898869)
Security Update for Microsoft .NET Framework 4.5.1 (KB2901126)
Security Update for Microsoft .NET Framework 4.5.1 (KB2931368)
Security Update for Microsoft Office 2007 suites (KB2596744) 32-Bit Edition 
Security Update for Microsoft Office 2007 suites (KB2596754) 32-Bit Edition 
Security Update for Microsoft Office 2007 suites (KB2596792) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596825) 32-Bit Edition 
Security Update for Microsoft Office 2007 suites (KB2596871) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2597969) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2597973) 32-Bit Edition 
Security Update for Microsoft Office 2007 suites (KB2687439) 32-Bit Edition 
Security Update for Microsoft Office 2007 suites (KB2760411) 32-Bit Edition 
Security Update for Microsoft Office 2007 suites (KB2760415) 32-Bit Edition 
Security Update for Microsoft Office 2007 suites (KB2760585) 32-Bit Edition 
Security Update for Microsoft Office 2007 suites (KB2760591) 32-Bit Edition 
Security Update for Microsoft Office 2007 suites (KB2817330) 32-Bit Edition 
Security Update for Microsoft Office 2007 suites (KB2827326) 32-Bit Edition 
Security Update for Microsoft Office 2007 suites (KB2850022) 32-Bit Edition 
Security Update for Microsoft Office 2007 suites (KB2878233) 32-Bit Edition 
Security Update for Microsoft Office 2007 suites (KB2880507) 32-Bit Edition 
Security Update for Microsoft Office 2007 suites (KB2880508) 32-Bit Edition 
Security Update for Microsoft Office 2007 suites (KB2880513) 32-Bit Edition 
Security Update for Microsoft Office 2007 suites (KB2881069) 32-Bit Edition 
Security Update for Microsoft Office Excel 2007 (KB2827324) 32-Bit Edition 
Security Update for Microsoft Office InfoPath 2007 (KB2687440) 32-Bit Edition 
Security Update for Microsoft Office OneNote 2007 (KB2596857) 32-Bit Edition 
Security Update for Microsoft Office PowerPoint 2007 (KB2596764) 32-Bit Edition
Security Update for Microsoft Office PowerPoint 2007 (KB2596912) 32-Bit Edition
Security Update for Microsoft Office Publisher 2007 (KB2817565) 32-Bit Edition 
Security Update for Microsoft Office Word 2007 (KB2880515) 32-Bit Edition 
Security Update for Microsoft Visual Studio 2010 Professional - ENU (KB2644980)
Security Update for Microsoft Visual Studio 2010 Professional - ENU (KB2645410)
Security Update for Microsoft Visual Studio Macro Tools (KB2669970)
Steam
TeamViewer 9
The Walking Dead
Ultima Online Classic Client
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft Office 2007 Help for Common Features (KB963673)
Update for Microsoft Office 2007 suites (KB2596620) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2767849) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2767916) 32-Bit Edition
Update for Microsoft Office Access 2007 Help (KB963663)
Update for Microsoft Office Excel 2007 Help (KB963678)
Update for Microsoft Office Infopath 2007 Help (KB963662)
Update for Microsoft Office OneNote 2007 Help (KB963670)
Update for Microsoft Office Outlook 2007 (KB2687404) 32-Bit Edition
Update for Microsoft Office Outlook 2007 (KB2863811) 32-Bit Edition
Update for Microsoft Office Outlook 2007 Help (KB963677)
Update for Microsoft Office Outlook 2007 Junk Email Filter (KB2883097) 32-Bit Edition
Update for Microsoft Office Powerpoint 2007 Help (KB963669)
Update for Microsoft Office Publisher 2007 Help (KB963667)
Update for Microsoft Office Script Editor Help (KB963671)
Update for Microsoft Office Word 2007 Help (KB963665)
Visual Studio 2010 Tools for SQL Server Compact 3.5 SP2 ENU
VLC media player 2.0.5
WCF RIA Services V1.0 SP1
Where in the USA is Carmen Sandiego?
Windows Live Communications Platform
Windows Live Essentials
Windows Live Installer
Windows Live Mail
Windows Live Mesh
Windows Live Mesh ActiveX Control for Remote Connections
Windows Live Messenger
Windows Live Messenger Companion Core
Windows Live Movie Maker
Windows Live Photo Common
Windows Live Photo Gallery
Windows Live PIMT Platform
Windows Live SOXE
Windows Live SOXE Definitions
Windows Live UX Platform
Windows Live UX Platform Language Pack
Windows Live Writer
Windows Live Writer Resources


#15 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:08:33 AM

Posted 18 August 2014 - 07:05 PM


Hello

These logs are looking allot better. But we still have some work to do.

Please print out these instructions, or copy them to a Notepad file. It will make it easier for you to follow the instructions and complete all of the necessary steps..

Clean Out Temp Files
  • This small application you may want to keep and use once a week to keep the computer clean.

    Download CCleaner from here CCleaner
    • Run the installer to install the application.
    • When it gives you the option to install Yahoo toolbar uncheck the box next to it.
    • Run CCleaner. default settings are fine
    • Click Run Cleaner.
    • Close CCleaner.
: Malwarebytes' Anti-Malware :

I see that you have MBAM installed - That is great!! and at this time I would like you to update it and run me a threat scan

1.On the Dashboard, click the 'Update Now >>' link
2.After the update completes, click the 'Scan Now >>' button.
Or, on the Dashboard, click the Scan Now >> button.
3.If an update is available, click the Update Now button.
4.A Threat Scan will begin.
5.When the scan is complete, if there have been detections, click "Quarantine all" to allow MBAM to clean what was detected.
6.In most cases, a restart will be required.
7.Wait for the prompt to restart the computer to appear, then click on Yes.

Get the report

1.After the restart once you are back at your desktop, open MBAM once more.
2.Click on the History tab at the top
3. Click on the Application Logs at the left
4.Double click on the scan log which shows the Date and time of the scan just performed.
5.Click 'Export'.
6.Click 'Text file (*.txt)'
7.In the Save File dialog box which appears, click on Desktop.
8.In the File name: box type a name for your scan log.
9.A message box named 'File Saved' should appear stating "Your file has been successfully exported".
10.Click Ok
11. Attach that saved log to your next reply.


Download HijackThis
  • Go Here to download HijackThis program
  • Save HijackThis to your desktop.
  • Right Click on Hijackthis and select "Run as Admin" (XP users just need to double click to run)
  • Click on "Do A system scan and save a logfile" (if you do not see "Do A system scan and save a logfile" then click on main menu)
  • copy and paste hijackthis report into the topic
"information and logs"
  • In your next post I need the following
    • Log From MBAM
    • report from Hijackthis
    • let me know of any problems you may have had
    • How is the computer doing now?
Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users