Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

I've had Scorpion Saver for a while now and I can't get rid of it


  • This topic is locked This topic is locked
27 replies to this topic

#1 Manned Corn

Manned Corn

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:04:07 PM

Posted 27 August 2014 - 07:41 PM

So, I found Scorpion Saver in my installed program files a few months ago and since then I have tried everything I can find online/think of to get rid of it from running malware bytes to using combofix, but it is the most resilient thing I have ever come across. I usually use Google Chrome as my browser and I have the Adblocker extension running all the time. Strangely, I have no issues while running Chrome with this extension but when I try to run Firefox using the same extension I get dozens of popups and new tabs opening constantly making it impossible for me to use Firefox. So even though I can simply use Chrome and not have any issues it still worries me that this is on my computer and I would like any help you can offer to remove it.

Thanks,

Manned Corn



BC AdBot (Login to Remove)

 


#2 fireman4it

fireman4it

    Bleepin' Fireman


  • Malware Response Team
  • 13,512 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Greenup, Ill USA
  • Local time:03:07 PM

Posted 27 August 2014 - 07:58 PM

Hello 

Manned Corn

,

  • Welcome to Bleeping Computer.
  • My name is fireman4it and I will be helping you with your Malware problem.

    Please take note of some guidelines for this fix:
  • Refrain from making any changes to your computer including installing/uninstall programs, deleting files, modifying the registry, and running scanners or tools.
      
  • If you do not understand any step(s) provided, please do not hesitate to ask before continuing.
      
  • Even if things appear to be better, it might not mean we are finished. Please continue to follow my instructions and reply back until I give you the "all clean".
  • In the upper right hand corner of the topic you will see a button called Follow This Topic.I suggest you click it and select Immediate E-Mail notification and click on Follow This Topic. This way you will be advised when we respond to your topic and facilitate the cleaning of your machine.

      
  • Finally, please reply using the Post  button in the lower right hand corner of your screen. Do not start a new topic. The logs that you post should be pasted directly into the reply, unless they do not fit into the post.
  •   I will be analyzing your log. I will get back to you with instructions.

 

 

1.

Please download AdwCleaner by Xplode and save to your Desktop.

  • Double click on AdwCleaner.exe to run the tool .
  • Click on the Scan button.
  • AdwCleaner will begin to scan your computer.
  • After the scan has finished...
  • Click on the Clean button.
  • Press OK when asked to close all programs and follow the onscreen prompts.
  • Press OK again to allow AdwCleaner to restart the computer and complete the removal process.
  • After rebooting, a logfile report (AdwCleaner[S#].txt) will open automatically (where the largest value of # represents the most recent report).
  • Copy and paste the contents of that logfile in your next reply.
  • A copy of that logfile will also be saved in the C:\AdwCleaner folder.

 

2.

Please download Farbar Recovery Scan Tool and save it to your Desktop.

Note: You need to run the version compatible with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.

  • Right click to run as administrator (XP users click run after receipt of Windows Security Warning - Open File). When the tool opens click Yes to disclaimer.
  • Press Scan button.
  • It will produce a log called FRST.txt in the same directory the tool is run from.
  • Please copy and paste log back here.
  • The first time the tool is run it generates another log (Addition.txt - also located in the same directory as FRST.exe/FRST64.exe). Please also paste that along with the FRST.txt into your reply.


" Extinguishing Malware from the world"

The Virus, Trojan, Spyware, and Malware Removal forum is very busy. If I'm helping you and I've not posted back within 24 hrs., send a PM with your topic link. Thank you.

ALL OTHER HELP REQUESTS VIA THE PM SYSTEM WILL BE IGNORED. The Forums are there for a reason!
Thanks-


  userbar_eis_500.gif

If I have helped you, consider making a donation to help me continue the fight against Malware! Just click btn_donate_LG.gif


#3 Manned Corn

Manned Corn
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:04:07 PM

Posted 28 August 2014 - 09:22 AM

Thanks for the quick response fireman4it.

Here is the log from AdwCleaner[S0].txt:

# AdwCleaner v3.308 - Report created 28/08/2014 at 10:06:29
# Updated 20/08/2014 by Xplode
# Operating System : Windows 7 Enterprise Service Pack 1 (64 bits)
# Username : NBurwin - NBURWIN-LT
# Running from : C:\Users\Nick\Downloads\AdwCleaner.exe
# Option : Clean
 
***** [ Services ] *****
 
 
***** [ Files / Folders ] *****
 
Folder Deleted : C:\ProgramData\Conduit
Folder Deleted : C:\ProgramData\NCH Software
Folder Deleted : C:\ProgramData\StarApp
Folder Deleted : C:\Program Files (x86)\Bench
Folder Deleted : C:\Program Files (x86)\Conduit
Folder Deleted : C:\Program Files (x86)\Mobogenie
Folder Deleted : C:\Users\Nick\AppData\Local\Conduit
Folder Deleted : C:\Users\Nick\AppData\Local\genienext
Folder Deleted : C:\Users\Nick\AppData\Local\Mobogenie
Folder Deleted : C:\Users\Nick\AppData\LocalLow\Conduit
Folder Deleted : C:\Users\Nick\AppData\Roaming\DigitalSites
Folder Deleted : C:\Users\Nick\AppData\Roaming\Mozilla\Firefox\Profiles\p223oxtt.default\Smartbar
Folder Deleted : C:\Users\Nick\AppData\Roaming\Mozilla\Firefox\Profiles\p223oxtt.default\Extensions\ScorpionSaver@jetpack
File Deleted : C:\END
File Deleted : C:\Users\Nick\AppData\Roaming\Mozilla\Firefox\Profiles\p223oxtt.default\user.js
 
***** [ Scheduled Tasks ] *****
 
Task Deleted : bench-sys
Task Deleted : bench-Updater removing
 
***** [ Shortcuts ] *****
 
 
***** [ Registry ] *****
 
Key Deleted : HKLM\SOFTWARE\Classes\iMesh.AudioCD
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{74F475FA-6C75-43BD-AAB9-ECDA6184F600}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\MobogenieAdd
Value Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [mobilegeni daemon]
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{9DC8FA51-B596-4F77-802C-5B295919C205}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{C292AD0A-C11F-479B-B8DB-743E72D283B0}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{1663C10B-0D55-438D-8496-19A3DBAEC0E4}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{1AA60054-57D9-4F99-9A55-D0FBFBE7ECD3}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{3BF72F68-72D8-461D-A884-329D936C5581}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{6D4506CE-F855-4657-AA38-DB6B1F733982}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{78E9D883-93CD-4072-BEF3-38EE581E2839}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{83AC1413-FCE4-4A46-9DD5-4F31F306E71F}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{A43DE495-3D00-47D4-9D2C-303115707939}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{065C1A21-97F8-45FB-A9F0-861B60FACEC8}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{3204358F-5904-46A6-841F-D6B5BE3EF4E3}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{3AE67737-0E3E-44AA-AA5E-46A68BF017FF}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{3EE5B726-044A-48D2-AA7B-049BD9A0F62A}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{60FBBE03-57FF-49D8-B38E-053D3F489825}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{6A5182F1-C0B8-42B8-96CC-7F329CD46913}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{6C153418-8E4D-4FAF-AF27-5201E38463A7}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{A26A2F05-AC4D-4A1E-9531-9125F7309B78}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{CC5D6240-7DF0-435D-9B9B-F8586A99DE86}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{F343045E-E20A-46E1-82D8-9962C43EFC9E}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{FBB360DC-CB6C-4D6A-808A-2C773151BFFF}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{FFD7DDAC-EC28-42A5-8D39-917B9078604B}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{3408AC0D-510E-4808-8F7B-6B70B1F88534}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{79FB5FC8-44B9-4AF5-BADD-CCE547F953E5}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{03771AEF-400D-4A13-B712-25878EC4A3F5}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{C4C4F1F4-3074-4CB6-9FB8-0A64273166F0}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{7C3B01BC-53A5-48A0-A43B-0C67731134B9}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{0ABE0FED-50E7-4E42-A125-57C0A11DBCDE}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{3408AC0D-510E-4808-8F7B-6B70B1F88534}
Key Deleted : HKCU\Software\APN PIP
Key Deleted : HKCU\Software\Conduit
Key Deleted : HKCU\Software\dsiteproducts
Key Deleted : HKCU\Software\Imesh
Key Deleted : HKCU\Software\AppDataLow\Software\ConduitSearchScopes
Key Deleted : HKCU\Software\AppDataLow\Software\SmartBar
Key Deleted : HKLM\SOFTWARE\Bench
Key Deleted : HKLM\SOFTWARE\Conduit
Key Deleted : HKLM\SOFTWARE\Classes\Installer\Features\6BA018E6E43F3A949AF3E90563067F81
Key Deleted : HKLM\SOFTWARE\Classes\Installer\Products\6BA018E6E43F3A949AF3E90563067F81
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\070C83CAC0BBFE455B6212FB4397793C
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\08121C32A9C319F4CB0C11FF059552A4
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\1C19AC53289098045B06B0DD1D37CBAB
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\23D9E9D21B4E77E41B9F50DD22F24E20
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\23EEA1F105A7F45449974D9B95E7AC89
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\26982796A8AFD1246B95E00265A95BF9
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\32DA746012E6D4F488AAD113D6FA4A44
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\382E585E62B6F595CB727CEBAB9E48A0
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\3B786268CB4A7F156A3BDF6701444F22
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\3FB1AAC4382437047A03618BF727B859
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\42D92D0D75AFEF74297E03876C8D9D33
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\4D2EB987C8C8A46578D4943D5A9A1467
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\50FFE845C555A6E4BADB7CB7A145BFEB
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\6FB4398202577895B83B74B08F79C3A2
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\715A3348920B6534690067594BB69F60
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\7617C782A0FD4D15288CD4E4ECF84C67
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\7AB2AE85638F6255CA2F35481D3A8828
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\7B7B13B037A7C2A42AC3E3EAF14D7107
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\7D05B2942E9CC80499F397F6114DFB35
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\8591B8948E1C4A04F90505B3CDEE8555
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\8D841C5FEC311624CB88D49DB3884FA7
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\9BBBCEE5468FF9C569B1F7A24F6ED3D8
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\A1A8F5D2D938A495DBE3BC97E2BC5FA3
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\AD746BF3B3B3FD8409B86604BA85982A
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\D2E5AC6B3591558529A290643010F81B
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\D5E8CD27C9B1C435AAB81D8619DCEFE3
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\F355F0DB7A2E3A14B8E7A568FBA25937
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\6BA018E6E43F3A949AF3E90563067F81
 
***** [ Browsers ] *****
 
-\\ Internet Explorer v11.0.9600.17239
 
 
-\\ Mozilla Firefox v22.0 (en-US)
 
[ File : C:\Users\Nick\AppData\Roaming\Mozilla\Firefox\Profiles\p223oxtt.default\prefs.js ]
 
Line Deleted : user_pref("CT3306061.ConnectTB_activeApp.enc", "aW5zdGFncmFt");
Line Deleted : user_pref("CT3306061.ENABALE_HISTORY", "{\"dataType\":\"string\",\"data\":\"true\"}");
Line Deleted : user_pref("CT3306061.ENABLE_RETURN_WEB_SEARCH_ON_THE_PAGE", "{\"dataType\":\"string\",\"data\":\"true\"}");
Line Deleted : user_pref("CT3306061.FF19Solved", "true");
Line Deleted : user_pref("CT3306061.FirstTime", "true");
Line Deleted : user_pref("CT3306061.FirstTimeFF3", "true");
Line Deleted : user_pref("CT3306061.UserID", "UN33229283831675201");
Line Deleted : user_pref("CT3306061.addressBarTakeOverEnabledInHidden", "true");
Line Deleted : user_pref("CT3306061.browser.search.defaultthis.engineName", "true");
Line Deleted : user_pref("CT3306061.countryCode", "US");
Line Deleted : user_pref("CT3306061.defaultSearch", "true");
Line Deleted : user_pref("CT3306061.embeddedsData", "[{\"appId\":\"130158552044204297\",\"apiPermissions\":{\"crossDomainAjax\":true,\"getMainFrameTitle\":true,\"getMainFrameUrl\":true,\"getSearchTerm\":true,\"insta[...]
Line Deleted : user_pref("CT3306061.enableAlerts", "true");
Line Deleted : user_pref("CT3306061.enableSearchFromAddressBar", "true");
Line Deleted : user_pref("CT3306061.firstTimeDialogOpened", "true");
Line Deleted : user_pref("CT3306061.fixPageNotFoundError", "true");
Line Deleted : user_pref("CT3306061.fixPageNotFoundErrorByUser", "true");
Line Deleted : user_pref("CT3306061.fixPageNotFoundErrorInHidden", "true");
Line Deleted : user_pref("CT3306061.fullUserID", "UN33229283831675201.IN.20131122131100");
Line Deleted : user_pref("CT3306061.installDate", "22/11/2013 13:11:02");
Line Deleted : user_pref("CT3306061.installId", "stub.exe");
Line Deleted : user_pref("CT3306061.installSessionId", "{1B95A48D-9DD4-4DC9-A82F-2F5F5070DD0F}");
Line Deleted : user_pref("CT3306061.installSp", "TRUE");
Line Deleted : user_pref("CT3306061.installType", "conduitnsisintegration");
Line Deleted : user_pref("CT3306061.installUsage", "2013-12-19T23:57:33.2366223+03:00");
Line Deleted : user_pref("CT3306061.installUsageEarly", "2013-12-19T23:57:21.8457057+03:00");
Line Deleted : user_pref("CT3306061.installerVersion", "1.8.1.4");
Line Deleted : user_pref("CT3306061.isCheckedStartAsHidden", true);
Line Deleted : user_pref("CT3306061.isEnableAllDialogs", "{\"dataType\":\"string\",\"data\":\"true\"}");
Line Deleted : user_pref("CT3306061.isFirstTimeToolbarLoading", "false");
Line Deleted : user_pref("CT3306061.isToolbarShrinked", "{\"dataType\":\"string\",\"data\":\"false\"}");
Line Deleted : user_pref("CT3306061.keyword", "true");
Line Deleted : user_pref("CT3306061.lastVersion", "10.22.5.10");
Line Deleted : user_pref("CT3306061.mam_gk_installer_preapproved.enc", "ZmFsc2U=");
Line Deleted : user_pref("CT3306061.navigationAliasesJson", "{\"EB_SEARCH_TERM\":\"656-2720\",\"EB_MAIN_FRAME_URL\":\"hxxp%3A%2F%2Fwww.clemson.edu%2Fccit%2Fhelp_support%2Fsupport_center%2Fhours.html\",\"EB_MAIN_FRAM[...]
Line Deleted : user_pref("CT3306061.newSettings", "{\"dataType\":\"boolean\",\"data\":\"true\"}");
Line Deleted : user_pref("CT3306061.openThankYouPage", "false");
Line Deleted : user_pref("CT3306061.openUninstallPage", "true");
Line Deleted : user_pref("CT3306061.originalHomepage", "hxxp://www.clemson.edu");
Line Deleted : user_pref("CT3306061.originalSearchAddressUrl", "");
Line Deleted : user_pref("CT3306061.originalSearchEngine", "");
Line Deleted : user_pref("CT3306061.originalSearchEngineName", "");
Line Deleted : user_pref("CT3306061.revertSettingsEnabled", "true");
Line Deleted : user_pref("CT3306061.search.searchAppId", "130158552044204297");
Line Deleted : user_pref("CT3306061.search.searchCount", "0");
Line Deleted : user_pref("CT3306061.searchFromAddressBarEnabledByUser", "true");
Line Deleted : user_pref("CT3306061.searchInNewTabEnabledByUser", "true");
Line Deleted : user_pref("CT3306061.searchInNewTabEnabledInHidden", "true");
Line Deleted : user_pref("CT3306061.searchProtector.notifyChanges", "{\"dataType\":\"string\",\"data\":\"false\"}");
Line Deleted : user_pref("CT3306061.searchRevert", "true");
Line Deleted : user_pref("CT3306061.searchSuggestEnabledByUser", "true");
Line Deleted : user_pref("CT3306061.searchUninstallUserMode", "2");
Line Deleted : user_pref("CT3306061.searchUserMode", "2");
Line Deleted : user_pref("CT3306061.selectToSearchBoxEnabled", "{\"dataType\":\"string\",\"data\":\"true\"}");
Line Deleted : user_pref("CT3306061.serviceLayer_service_login_isFirstLoginInvoked", "{\"dataType\":\"boolean\",\"data\":\"true\"}");
Line Deleted : user_pref("CT3306061.serviceLayer_service_login_loginCount", "{\"dataType\":\"number\",\"data\":\"4\"}");
Line Deleted : user_pref("CT3306061.serviceLayer_service_toolbarGrouping_activeCTID", "{\"dataType\":\"string\",\"data\":\"CT3306061\"}");
Line Deleted : user_pref("CT3306061.serviceLayer_service_toolbarGrouping_activeDownloadUrl", "{\"dataType\":\"string\",\"data\":\"hxxp://ConnectDLC5.OurToolbar.com//xpi\"}");
Line Deleted : user_pref("CT3306061.serviceLayer_service_toolbarGrouping_activeToolbarName", "{\"dataType\":\"string\",\"data\":\"Connect DLC 5 \"}");
Line Deleted : user_pref("CT3306061.serviceLayer_service_toolbarGrouping_invoked", "{\"dataType\":\"string\",\"data\":\"true\"}");
Line Deleted : user_pref("CT3306061.serviceLayer_service_usage_toolbarUsageCount", "{\"dataType\":\"number\",\"data\":\"2\"}");
Line Deleted : user_pref("CT3306061.serviceLayer_services_Configuration_lastUpdate", "1389392185702");
Line Deleted : user_pref("CT3306061.serviceLayer_services_appTrackingFirstTime_lastUpdate", "1389392186256");
Line Deleted : user_pref("CT3306061.serviceLayer_services_appsMetadata_lastUpdate", "1389392185316");
Line Deleted : user_pref("CT3306061.serviceLayer_services_gottenAppsContextMenu_lastUpdate", "1389392186282");
Line Deleted : user_pref("CT3306061.serviceLayer_services_installUsage_ToolbarInstallEarly_lastUpdate", "1387486646457");
Line Deleted : user_pref("CT3306061.serviceLayer_services_installUsage_ToolbarInstall_lastUpdate", "1387486657278");
Line Deleted : user_pref("CT3306061.serviceLayer_services_login_10.22.5.10_lastUpdate", "1389392185171");
Line Deleted : user_pref("CT3306061.serviceLayer_services_otherAppsContextMenu_lastUpdate", "1389392186305");
Line Deleted : user_pref("CT3306061.serviceLayer_services_searchAPI_lastUpdate", "1389392185678");
Line Deleted : user_pref("CT3306061.serviceLayer_services_serviceMap_lastUpdate", "1389392185336");
Line Deleted : user_pref("CT3306061.serviceLayer_services_toolbarContextMenu_lastUpdate", "1389392186261");
Line Deleted : user_pref("CT3306061.serviceLayer_services_toolbarSettings_lastUpdate", "1389392185324");
Line Deleted : user_pref("CT3306061.serviceLayer_services_translation_lastUpdate", "1389392185308");
Line Deleted : user_pref("CT3306061.settingsINI", true);
Line Deleted : user_pref("CT3306061.shouldFirstTimeDialog", "false");
Line Deleted : user_pref("CT3306061.showToolbarPermission", "false");
Line Deleted : user_pref("CT3306061.smartbar.CTID", "CT3306061");
Line Deleted : user_pref("CT3306061.smartbar.Uninstall", "0");
Line Deleted : user_pref("CT3306061.smartbar.homepage", "true");
Line Deleted : user_pref("CT3306061.smartbar.toolbarName", "Connect DLC 5 ");
Line Deleted : user_pref("CT3306061.startPage", "true");
Line Deleted : user_pref("CT3306061.toolbarBornServerTime", "19-12-2013");
Line Deleted : user_pref("CT3306061.toolbarCurrentServerTime", "11-1-2014");
Line Deleted : user_pref("CT3306061.toolbarDisabled", "true");
Line Deleted : user_pref("CT3306061.toolbarInstallDate", "22-11-2013 13:11:00");
Line Deleted : user_pref("CT3306061.toolbarLoginClientTime", "Thu Dec 19 2013 15:57:37 GMT-0500 (Eastern Standard Time)");
Line Deleted : user_pref("CT3306061.versionFromInstaller", "10.22.5.10");
Line Deleted : user_pref("CT3306061.xpeMode", "0");
Line Deleted : user_pref("CT3306061_Firefox.csv", "[{\"from\":\"Abs Layer\",\"action\":\"loading toolbar\",\"time\":1389392182062,\"isWithState\":\"\",\"timeFromStart\":0,\"timeFromPrev\":0}]");
Line Deleted : user_pref("Smartbar.ConduitHomepagesList", "hxxp://search.conduit.com/?ctid=CT3306061&CUI=UN33229283831675201&UM=2&SearchSource=13");
Line Deleted : user_pref("Smartbar.ConduitSearchEngineList", "Connect DLC 5 Customized Web Search");
Line Deleted : user_pref("Smartbar.ConduitSearchUrlList", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3306061&SearchSource=2&CUI=UN33229283831675201&UM=2&q=");
Line Deleted : user_pref("Smartbar.SearchFromAddressBarSavedUrl", "");
Line Deleted : user_pref("Smartbar.keywordURLSelectedCTID", "CT3306061");
Line Deleted : user_pref("browser.search.defaultthis.engineName", "Connect DLC 5 Customized Web Search");
Line Deleted : user_pref("extensions.irmysearch.aflt", "dsites0101");
Line Deleted : user_pref("extensions.irmysearch.cd", "2XzuyEtN2Y1L1Qzu0FtDtC0F0A0FtC0A0E0DtDyEzzzyzytCtN0D0Tzu0SyByEtCtN1L2XzutBtFtBtFtCyEtFtCtAyBzytN1L1CzutDzytDtC0B");
Line Deleted : user_pref("extensions.irmysearch.cr", "613991516");
Line Deleted : user_pref("extensions.irmysearch.instlRef", "");
Line Deleted : user_pref("plugin.state.npconduitfirefoxplugin", 2);
Line Deleted : user_pref("smartbar.addressBarOwnerCTID", "CT3306061");
Line Deleted : user_pref("smartbar.conduitHomepageList", "hxxp://search.conduit.com/?ctid=CT3306061&CUI=UN33229283831675201&UM=2&SearchSource=13,hxxp://search.conduit.com/?ctid=CT3306061&octid=CT3306061&SearchSource[...]
Line Deleted : user_pref("smartbar.conduitSearchAddressUrlList", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3306061&SearchSource=2&CUI=UN33229283831675201&UM=2&q=");
Line Deleted : user_pref("smartbar.defaultSearchOwnerCTID", "CT3306061");
Line Deleted : user_pref("smartbar.homePageOwnerCTID", "CT3306061");
Line Deleted : user_pref("smartbar.machineId", "YTJICB56PAKI2LP6QFYV7MZT2FASFVGHJOLKKEABKORFPZ6Y1037WNG0ZQKP4GMGKGTGMH0J4M0LJPEXQRPRIQ");
Line Deleted : user_pref("smartbar.originalHomepage", "hxxp://search.conduit.com/?ctid=CT3306061&CUI=UN33229283831675201&UM=2&SearchSource=13");
Line Deleted : user_pref("valueApps.CT3306061.mam_gk_currentVersion", "312E31322E302E35");
Line Deleted : user_pref("valueApps.CT3306061.mam_gk_currentVersion.storedInFile", false);
Line Deleted : user_pref("valueApps.CT3306061.mam_gk_migrated_from_ls", "31");
Line Deleted : user_pref("valueApps.CT3306061.mam_gk_migrated_from_ls.storedInFile", false);
 
[ File : C:\Users\Nick\AppData\Roaming\Mozilla\Firefox\Profiles\p223oxtt.default\prefs.js ]
 
 
[ File : C:\Users\Nick\AppData\Roaming\Mozilla\Firefox\Profiles\p223oxtt.default\prefs.js ]
 
 
[ File : C:\Users\Nick\AppData\Roaming\Mozilla\Firefox\Profiles\p223oxtt.default\prefs.js ]
 
 
[ File : C:\Users\Nick\AppData\Roaming\Mozilla\Firefox\Profiles\p223oxtt.default\prefs.js ]
 
 
[ File : C:\Users\Nick\AppData\Roaming\Mozilla\Firefox\Profiles\p223oxtt.default\prefs.js ]
 
 
[ File : C:\Users\Nick\AppData\Roaming\Mozilla\Firefox\Profiles\p223oxtt.default\prefs.js ]
 
 
[ File : C:\Users\Nick\AppData\Roaming\Mozilla\Firefox\Profiles\p223oxtt.default\prefs.js ]
 
 
[ File : C:\Users\Nick\AppData\Roaming\Mozilla\Firefox\Profiles\p223oxtt.default\prefs.js ]
 
 
[ File : C:\Users\Nick\AppData\Roaming\Mozilla\Firefox\Profiles\p223oxtt.default\prefs.js ]
 
 
[ File : C:\Users\Nick\AppData\Roaming\Mozilla\Firefox\Profiles\p223oxtt.default\prefs.js ]
 
 
[ File : C:\Users\Nick\AppData\Roaming\Mozilla\Firefox\Profiles\p223oxtt.default\prefs.js ]
 
 
[ File : C:\Users\Nick\AppData\Roaming\Mozilla\Firefox\Profiles\p223oxtt.default\prefs.js ]
 
 
[ File : C:\Users\Nick\AppData\Roaming\Mozilla\Firefox\Profiles\p223oxtt.default\prefs.js ]
 
 
[ File : C:\Users\Nick\AppData\Roaming\Mozilla\Firefox\Profiles\p223oxtt.default\prefs.js ]
 
 
[ File : C:\Users\Nick\AppData\Roaming\Mozilla\Firefox\Profiles\p223oxtt.default\prefs.js ]
 
 
[ File : C:\Users\Nick\AppData\Roaming\Mozilla\Firefox\Profiles\p223oxtt.default\prefs.js ]
 
 
[ File : C:\Users\Nick\AppData\Roaming\Mozilla\Firefox\Profiles\p223oxtt.default\prefs.js ]
 
 
-\\ Google Chrome v36.0.1985.143
 
[ File : C:\Users\Nick\AppData\Local\Google\Chrome\User Data\Default\preferences ]
 
Deleted [Search Provider] : hxxp://search.aol.com/aol/search?q={searchTerms}
Deleted [Search Provider] : hxxp://www.ask.com/web?q={searchTerms}
Deleted [Extension] : booedmolknjekdopkepjjeckmjkdpfgl
Deleted [Extension] : flpcjncodpafbgdpnkljologafpionhb
 
[ File : C:\Users\Nick\AppData\Local\Google\Chrome\User Data\Default\preferences ]
 
 
[ File : C:\Users\Nick\AppData\Local\Google\Chrome\User Data\Default\preferences ]
 
 
[ File : C:\Users\Nick\AppData\Local\Google\Chrome\User Data\Default\preferences ]
 
 
[ File : C:\Users\Nick\AppData\Local\Google\Chrome\User Data\Default\preferences ]
 
 
[ File : C:\Users\Nick\AppData\Local\Google\Chrome\User Data\Default\preferences ]
 
 
[ File : C:\Users\Nick\AppData\Local\Google\Chrome\User Data\Default\preferences ]
 
 
[ File : C:\Users\Nick\AppData\Local\Google\Chrome\User Data\Default\preferences ]
 
 
[ File : C:\Users\Nick\AppData\Local\Google\Chrome\User Data\Default\preferences ]
 
 
[ File : C:\Users\Nick\AppData\Local\Google\Chrome\User Data\Default\preferences ]
 
 
[ File : C:\Users\Nick\AppData\Local\Google\Chrome\User Data\Default\preferences ]
 
 
[ File : C:\Users\Nick\AppData\Local\Google\Chrome\User Data\Default\preferences ]
 
 
[ File : C:\Users\Nick\AppData\Local\Google\Chrome\User Data\Default\preferences ]
 
 
[ File : C:\Users\Nick\AppData\Local\Google\Chrome\User Data\Default\preferences ]
 
 
[ File : C:\Users\Nick\AppData\Local\Google\Chrome\User Data\Default\preferences ]
 
 
[ File : C:\Users\Nick\AppData\Local\Google\Chrome\User Data\Default\preferences ]
 
 
[ File : C:\Users\Nick\AppData\Local\Google\Chrome\User Data\Default\preferences ]
 
 
*************************
 
AdwCleaner[R0].txt - [202708 octets] - [28/08/2014 10:04:04]
AdwCleaner[S0].txt - [22714 octets] - [28/08/2014 10:06:29]
 
########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [22775 octets] ##########
 
Here is the log from FRST.txt:
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 25-08-2014
Ran by NBurwin (administrator) on NBURWIN-LT on 28-08-2014 10:18:43
Running from C:\Users\Nick\Downloads
Platform: Windows 7 Enterprise Service Pack 1 (X64) OS Language: English (United States)
Internet Explorer Version 11
Boot Mode: Normal
 
The only official download link for FRST:
Download link from any site other than Bleeping Computer is unpermitted or outdated.
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(AMD) C:\Windows\System32\atiesrxx.exe
(IDT, Inc.) C:\Program Files\IDT\WDM\stacsv64.exe
(Cisco Systems, Inc.) C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnagent.exe
(SEIKO EPSON CORPORATION) C:\Program Files (x86)\Common Files\EPSON\EBAPI\eEBSvc.exe
(ABBYY) C:\Program Files (x86)\Common Files\ABBYY\FineReaderSprint\9.00\Licensing\NetworkLicenseServer.exe
(Absolute Software) C:\Program Files (x86)\Absolute Software\Absolute Notifier\AbsoluteNotifierService.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(BlueStack Systems, Inc.) C:\Program Files (x86)\BlueStacks\HD-LogRotatorService.exe
(BlueStack Systems, Inc.) C:\Program Files (x86)\BlueStacks\HD-UpdaterService.exe
(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
(SEIKO EPSON CORPORATION) C:\Program Files\EPSON\EpsonCustomerParticipation\EPCP.exe
(Intel® Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\Jhi_service.exe
(Pharos Systems International) C:\Program Files (x86)\PharosSystems\Core\CTskMstr.exe
() C:\ProgramData\Rpcnet\Bin\rpcld.exe
(Absolute Software Corp.) C:\Windows\SysWOW64\rpcnet.exe
(WDC) C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe
(Memeo) C:\Program Files (x86)\Western Digital\WD SmartWare\Front Parlor\WDSmartWareBackgroundService.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(BlueStack Systems, Inc.) C:\Program Files (x86)\BlueStacks\HD-Service.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Seiko Epson Corporation) C:\Windows\System32\escsvc64.exe
(BlueStack Systems) C:\Program Files (x86)\BlueStacks\HD-Network.exe
(BlueStack Systems) C:\Program Files (x86)\BlueStacks\HD-BlockDevice.exe
(BlueStack Systems) C:\Program Files (x86)\BlueStacks\HD-SharedFolder.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\NisSrv.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Alps Electric Co., Ltd.) C:\Program Files\DellTPad\Apoint.exe
(IDT, Inc.) C:\Program Files\IDT\WDM\sttray64.exe
(Logitech, Inc.) C:\Program Files\Logitech\SetPointP\SetPoint.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(Alps Electric Co., Ltd.) C:\Program Files\DellTPad\ApMsgFwd.exe
(Alps Electric Co., Ltd.) C:\Program Files\DellTPad\hidfind.exe
(Alps Electric Co., Ltd.) C:\Program Files\DellTPad\ApntEx.exe
(Logitech, Inc.) C:\Program Files\Common Files\LogiShrd\KHAL3\KHALMNPR.exe
(AMD) C:\Program Files (x86)\ATI Technologies\HydraVision\HydraDM.exe
(AMD) C:\Program Files (x86)\ATI Technologies\HydraVision\HydraDM64.exe
() C:\Users\Nick\AppData\Local\Amazon Cloud Player\Amazon Music Helper.exe
(Google) C:\Program Files (x86)\Google\Drive\googledrivesync.exe
(Cristi) C:\Program Files (x86)\Dual Monitor\DualMonitor.exe
(SEIKO EPSON CORPORATION) C:\Windows\System32\spool\drivers\x64\3\E_YATIIVE.EXE
(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
(WDC) C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMStatus.exe
(Western Digital) C:\Program Files (x86)\Western Digital\WD SmartWare\Front Parlor\WDSmartWare.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe
() C:\Program Files (x86)\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe
(CyberLink Corp.) C:\Program Files (x86)\CyberLink\PowerDVD9\PDVD9Serv.exe
(Absolute Software) C:\Program Files (x86)\Absolute Software\Absolute Notifier\AbsoluteNotifier.exe
(SEIKO EPSON CORPORATION) C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Cisco Systems, Inc.) C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnui.exe
(SEIKO EPSON CORPORATION) C:\Program Files (x86)\Epson Software\FAX Utility\FUFAXRCV.exe
(SEIKO EPSON CORPORATION) C:\Program Files (x86)\Epson Software\FAX Utility\FUFAXSTM.exe
(Microsoft Corporation) C:\Windows\SysWOW64\rundll32.exe
(BlueStack Systems, Inc.) C:\Program Files (x86)\BlueStacks\HD-Agent.exe
(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\BTStackServer.exe
(Adobe Systems Inc.) C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\acrotray.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google) C:\Program Files (x86)\Google\Drive\googledrivesync.exe
(Microsoft Corporation) C:\Windows\System32\msiexec.exe
(Microsoft Corporation) C:\Windows\CCM\CcmExec.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(O2Micro International) C:\Windows\System32\o2flash.exe
() C:\Windows\SysWOW64\srvany.exe
(O2Micro.) C:\Windows\SysWOW64\SDIOAssist.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
(Microsoft Corporation) C:\Program Files\Microsoft Policy Platform\policyHost.exe
(Microsoft Corporation) C:\Windows\CCM\SCNotification.exe
 
 
==================== Registry (Whitelisted) ==================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [Apoint] => C:\Program Files\DellTPad\Apoint.exe [684016 2012-12-21] (Alps Electric Co., Ltd.)
HKLM\...\Run: [SysTrayApp] => C:\Program Files\IDT\WDM\sttray64.exe [1702912 2013-02-05] (IDT, Inc.)
HKLM\...\Run: [EvtMgr6] => C:\Program Files\Logitech\SetPointP\SetPoint.exe [1612880 2010-01-27] (Logitech, Inc.)
HKLM\...\Run: [MSC] => c:\Program Files\Microsoft Security Client\msseces.exe [1271072 2014-03-11] (Microsoft Corporation)
HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [558496 2014-02-27] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [USB3MON] => C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe [292088 2013-02-22] (Intel Corporation)
HKLM-x32\...\Run: [BCSSync] => C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe [89184 2012-11-05] (Microsoft Corporation)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [RoxWatchTray] => C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatchTray12OEM.exe [240112 2010-11-25] (Sonic Solutions)
HKLM-x32\...\Run: [Desktop Disc Tool] => C:\Program Files (x86)\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe [514544 2010-11-17] ()
HKLM-x32\...\Run: [RemoteControl9] => C:\Program Files (x86)\CyberLink\PowerDVD9\PDVD9Serv.exe [87336 2010-10-01] (CyberLink Corp.)
HKLM-x32\...\Run: [PDVD9LanguageShortcut] => C:\Program Files (x86)\CyberLink\PowerDVD9\Language\Language.exe [50472 2010-09-17] (CyberLink Corp.)
HKLM-x32\...\Run: [Dell Webcam Central] => C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe [462974 2011-12-16] (Creative Technology Ltd)
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [43816 2014-07-31] (Apple Inc.)
HKLM-x32\...\Run: [Absolute Notifier] => C:\Program Files (x86)\Absolute Software\Absolute Notifier\AbsoluteNotifier.exe [91688 2014-07-02] (Absolute Software)
HKLM-x32\...\Run: [EEventManager] => C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe [1058400 2012-01-26] (SEIKO EPSON CORPORATION)
HKLM-x32\...\Run: [CanonQuickMenu] => C:\Program Files (x86)\Canon\Quick Menu\CNQMMAIN.EXE [1273448 2012-04-03] (CANON INC.)
HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2013-05-01] (Apple Inc.)
HKLM-x32\...\Run: [Cisco AnyConnect Secure Mobility Agent for Windows] => C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnui.exe [707984 2013-10-10] (Cisco Systems, Inc.)
HKLM-x32\...\Run: [iSkysoft Helper Compact.exe] => C:\Program Files (x86)\Common Files\iSkysoft\iSkysoft Helper Compact\ISHelper.exe
HKLM-x32\...\Run: [Aimersoft Helper Compact.exe] => C:\Program Files (x86)\Common Files\Aimersoft\Aimersoft Helper Compact\ASHelper.exe
HKLM-x32\...\Run: [FUFAXRCV] => C:\Program Files (x86)\Epson Software\FAX Utility\FUFAXRCV.exe [502912 2012-02-29] (SEIKO EPSON CORPORATION)
HKLM-x32\...\Run: [FUFAXSTM] => C:\Program Files (x86)\Epson Software\FAX Utility\FUFAXSTM.exe [863360 2012-02-29] (SEIKO EPSON CORPORATION)
HKLM-x32\...\Run: [BlueStacks Agent] => C:\Program Files (x86)\BlueStacks\HD-Agent.exe [835288 2014-07-22] (BlueStack Systems, Inc.)
HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2014-08-01] (Apple Inc.)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [256896 2014-07-25] (Oracle Corporation)
HKLM-x32\...\Run: [Adobe Creative Cloud] => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe [2694040 2014-07-22] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Acrobat Assistant 8.0] => C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Acrotray.exe [3499896 2014-05-08] (Adobe Systems Inc.)
Winlogon\Notify\LBTWlgn: c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll (Logitech, Inc.)
HKLM\...\Policies\Explorer: [AllowLegacyWebView] 1
HKLM\...\Policies\Explorer: [AllowUnhashedWebView] 1
HKU\S-1-5-21-997238165-3031810234-1435239162-1001\...\Run: [Google Update] => C:\Users\Nick\AppData\Local\Google\Update\GoogleUpdate.exe [116648 2013-07-26] (Google Inc.)
HKU\S-1-5-21-997238165-3031810234-1435239162-1001\...\Run: [WorkForce 310(Network)] => C:\windows\system32\spool\DRIVERS\x64\3\E_IATIFHA.EXE [223232 2008-11-17] (SEIKO EPSON CORPORATION)
HKU\S-1-5-21-997238165-3031810234-1435239162-1001\...\Run: [HydraVisionDesktopManager] => C:\Program Files (x86)\ATI Technologies\HydraVision\HydraDM.exe [389120 2013-05-30] (AMD)
HKU\S-1-5-21-997238165-3031810234-1435239162-1001\...\Run: [Amazon Cloud Player] => C:\Users\Nick\AppData\Local\Amazon Cloud Player\Amazon Music Helper.exe [3168576 2014-03-07] ()
HKU\S-1-5-21-997238165-3031810234-1435239162-1001\...\Run: [DellSystemDetect] => C:\Users\Nick\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dell\Dell System Detect.appref-ms
HKU\S-1-5-21-997238165-3031810234-1435239162-1001\...\Run: [GoogleDriveSync] => C:\Program Files (x86)\Google\Drive\googledrivesync.exe [22734160 2014-08-08] (Google)
HKU\S-1-5-21-997238165-3031810234-1435239162-1001\...\Run: [iFunBox Price Watch] => C:\Program Files (x86)\iFunbox 2014\iFunBox2014.exe [7748096 2013-11-26] (i-Funbox.com)
HKU\S-1-5-21-997238165-3031810234-1435239162-1001\...\Run: [dualmonitor] => C:\Program Files (x86)\Dual Monitor\DualMonitor.exe [478720 2013-02-18] (Cristi)
HKU\S-1-5-21-997238165-3031810234-1435239162-1001\...\Run: [EPLTarget\P0000000000000001] => C:\windows\system32\spool\DRIVERS\x64\3\E_YATIIVE.EXE [283232 2012-02-27] (SEIKO EPSON CORPORATION)
HKU\S-1-5-21-997238165-3031810234-1435239162-1001\...\MountPoints2: {4b30614d-de06-11e2-ac5b-24fd522f697a} - "F:\WD SmartWare.exe" autoplay=true
HKU\S-1-5-21-997238165-3031810234-1435239162-1001\...\MountPoints2: {52f8314a-c247-11e2-b99b-806e6f6e6963} - D:\ImageDirect_Capture_Tool.exe
Lsa: [Notification Packages] scecli C:\Program Files\WIDCOMM\Bluetooth Software\BtwProximityCP.dll
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Bluetooth.lnk
ShortcutTarget: Bluetooth.lnk -> C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe (Broadcom Corporation.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\WDDMStatus.lnk
ShortcutTarget: WDDMStatus.lnk -> C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMStatus.exe (WDC)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\WDSmartWare.lnk
ShortcutTarget: WDSmartWare.lnk -> C:\Program Files (x86)\Western Digital\WD SmartWare\Front Parlor\WDSmartWare.exe (Western Digital)
ShellIconOverlayIdentifiers:  AccExtIco1 -> {AB9CF9F8-8A96-4F9D-BF21-CE85714C3A47} => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSync\CoreSync_x64.dll ()
ShellIconOverlayIdentifiers:  AccExtIco2 -> {853B7E05-C47D-4985-909A-D0DC5C6D7303} => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSync\CoreSync_x64.dll ()
ShellIconOverlayIdentifiers:  AccExtIco3 -> {42D38F2E-98E9-4382-B546-E24E4D6D04BB} => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSync\CoreSync_x64.dll ()
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Adobe Acrobat Create PDF Helper -> {AE7CD045-E861-484f-8273-0445EE161910} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\x64\AcroIEFavClient.dll (Adobe Systems Incorporated)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO: Adobe Acrobat Create PDF from Selection -> {F4971EE7-DAA0-4053-9964-665D8EE6A077} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\x64\AcroIEFavClient.dll (Adobe Systems Incorporated)
BHO-x32: Canon Easy-WebPrint EX BHO -> {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} -> C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexbho.dll (CANON INC.)
BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Adobe Acrobat Create PDF Helper -> {AE7CD045-E861-484f-8273-0445EE161910} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: Adobe Acrobat Create PDF from Selection -> {F4971EE7-DAA0-4053-9964-665D8EE6A077} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
Toolbar: HKLM - Adobe Acrobat Create PDF Toolbar - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\x64\AcroIEFavClient.dll (Adobe Systems Incorporated)
Toolbar: HKLM-x32 - Canon Easy-WebPrint EX - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexhlp.dll (CANON INC.)
Toolbar: HKLM-x32 - Adobe Acrobat Create PDF Toolbar - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
Toolbar: HKCU - No Name - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} -  No File
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 130.127.255.250 130.127.255.251
 
FireFox:
========
FF ProfilePath: C:\Users\Nick\AppData\Roaming\Mozilla\Firefox\Profiles\p223oxtt.default
FF Homepage: hxxp://www.clemson.edu
FF Plugin: @adobe.com/FlashPlayer -> C:\windows\system32\Macromed\Flash\NPSWF64_14_0_0_145.dll ()
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin: adobe.com/AdobeAAMDetect_x86_64 -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect64.dll (Adobe Systems)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\windows\SysWOW64\Macromed\Flash\NPSWF32_14_0_0_145.dll ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @canon.com/EPPEX -> C:\Program Files (x86)\Canon\My Image Garden\AddOn\CIG\npmigfpi.dll (CANON INC.)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.1.42 -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=10.67.2 -> C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.67.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3508.0205 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @pandonetworks.com/PandoWebPlugin -> C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll No File
FF Plugin-x32: @tamarack-software.com/TGPlugin,version=7.5 -> C:\Program Files (x86)\Mozilla Firefox\Plugins\nptgeqplugin.dll (Tamarack Software, Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.1.3 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.1.5 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: Adobe Acrobat -> C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Air\nppdf32.dll (Adobe Systems Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin-x32: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect32.dll (Adobe Systems)
FF Plugin HKCU: @tools.google.com/Google Update;version=3 -> C:\Users\Nick\AppData\Local\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKCU: @tools.google.com/Google Update;version=9 -> C:\Users\Nick\AppData\Local\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nptgeqplugin.dll (Tamarack Software, Inc.)
FF Extension: Adblock Plus - C:\Users\Nick\AppData\Roaming\Mozilla\Firefox\Profiles\p223oxtt.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2014-08-27]
FF HKLM-x32\...\Firefox\Extensions: [web2pdfextension@web2pdf.adobedotcom] - C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Browser\WCFirefoxExtn
FF Extension: Adobe Acrobat - Create PDF - C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Browser\WCFirefoxExtn [2014-08-15]
 
Chrome: 
=======
CHR HomePage: Default -> hxxp://www.clemson.edu/
CHR StartupUrls: Default -> "chrome://apps/"
CHR Profile: C:\Users\Nick\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Docs) - C:\Users\Nick\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2013-06-24]
CHR Extension: (Google Drive) - C:\Users\Nick\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2013-06-24]
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\Nick\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-05-21]
CHR Extension: (Brushed) - C:\Users\Nick\AppData\Local\Google\Chrome\User Data\Default\Extensions\bfjgbcjfpbbfepcccpaffkjofcmglifg [2014-01-10]
CHR Extension: (Google+) - C:\Users\Nick\AppData\Local\Google\Chrome\User Data\Default\Extensions\dlppkpafhbajpcmmoheippocdidnckmm [2013-06-24]
CHR Extension: (Adobe Acrobat - Create PDF) - C:\Users\Nick\AppData\Local\Google\Chrome\User Data\Default\Extensions\efaidnbmnnnibpcajpcglclefindmkaj [2014-08-15]
CHR Extension: (AdBlock Premium) - C:\Users\Nick\AppData\Local\Google\Chrome\User Data\Default\Extensions\fndlhnanhedoklpdaacidomdnplcjcpj [2014-07-17]
CHR Extension: (Google Play Music) - C:\Users\Nick\AppData\Local\Google\Chrome\User Data\Default\Extensions\icppfcnhkcmnfdhfhphakoifcfokfdhg [2013-06-24]
CHR Extension: (Dropbox) - C:\Users\Nick\AppData\Local\Google\Chrome\User Data\Default\Extensions\ioekoebejdcmnlefjiknokhhafglcjdl [2013-06-24]
CHR Extension: (Google Maps) - C:\Users\Nick\AppData\Local\Google\Chrome\User Data\Default\Extensions\lneaknkopdijkpnocmklfnjbeapigfbh [2013-06-24]
CHR Extension: (Google Dictionary (by Google)) - C:\Users\Nick\AppData\Local\Google\Chrome\User Data\Default\Extensions\mgijmajocgfcbeboacabfgobmjgjcoja [2013-06-24]
CHR Extension: (Google Wallet) - C:\Users\Nick\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-08-31]
CHR Extension: (Gmail) - C:\Users\Nick\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2013-06-24]
CHR HKLM-x32\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj] - C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Browser\WCChromeExtn\WCChromeExtn.crx [2014-05-08]
 
==================== Services (Whitelisted) =================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 ABBYY.Licensing.FineReader.Sprint.9.0; C:\Program Files (x86)\Common Files\ABBYY\FineReaderSprint\9.00\Licensing\NetworkLicenseServer.exe [759048 2009-05-14] (ABBYY)
R2 AbsoluteNotifier; C:\Program Files (x86)\Absolute Software\Absolute Notifier\AbsoluteNotifierService.exe [15400 2014-07-02] (Absolute Software)
R2 BstHdAndroidSvc; C:\Program Files (x86)\BlueStacks\HD-Service.exe [409304 2014-07-22] (BlueStack Systems, Inc.)
R2 BstHdLogRotatorSvc; C:\Program Files (x86)\BlueStacks\HD-LogRotatorService.exe [384728 2014-07-22] (BlueStack Systems, Inc.)
R2 BstHdUpdaterSvc; C:\Program Files (x86)\BlueStacks\HD-UpdaterService.exe [777944 2014-07-22] (BlueStack Systems, Inc.)
R2 CcmExec; C:\windows\CCM\CcmExec.exe [1840208 2012-11-21] (Microsoft Corporation)
S2 ccmsetup; C:\windows\ccmsetup\ccmsetup.exe [1614520 2013-09-11] (Microsoft Corporation)
S4 CmRcService; C:\windows\CCM\RemCtrl\CmRcService.exe [633952 2012-11-21] (Microsoft Corporation)
R2 EpsonBidirectionalService; C:\Program Files (x86)\Common Files\EPSON\EBAPI\eEBSVC.exe [94208 2006-12-19] (SEIKO EPSON CORPORATION) [File not signed]
R2 EpsonScanSvc; C:\windows\system32\EscSvc64.exe [135824 2011-12-12] (Seiko Epson Corporation)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [166720 2012-07-19] (Intel Corporation)
R3 lpasvc; C:\Program Files\Microsoft Policy Platform\policyHost.exe [50280 2012-08-02] (Microsoft Corporation)
S3 lppsvc; C:\Program Files\Microsoft Policy Platform\policyHost.exe [50280 2012-08-02] (Microsoft Corporation)
R2 MsMpSvc; C:\Program Files\Microsoft Security Client\MsMpEng.exe [23808 2014-03-11] (Microsoft Corporation)
R2 Net Driver HPZ12; C:\Windows\system32\HPZinw12.dll [50688 2013-11-14] (Hewlett-Packard) [File not signed]
R3 NisSrv; C:\Program Files\Microsoft Security Client\NisSrv.exe [347872 2014-03-11] (Microsoft Corporation)
R2 O2FLASH; C:\Windows\system32\o2flash.exe [244328 2011-11-16] (O2Micro International)
R2 O2SDIOAssist; C:\windows\SysWOW64\srvany.exe [8192 2003-04-18] () [File not signed]
R2 Pharos Systems ComTaskMaster; C:\Program Files (x86)\PharosSystems\Core\CTskMstr.exe [339456 2013-07-30] (Pharos Systems International) [File not signed]
R2 Pml Driver HPZ12; C:\Windows\system32\HPZipm12.dll [66048 2013-11-14] (Hewlett-Packard) [File not signed]
S3 Remote Solver for Flow Simulation 2012; c:\Program Files\SolidWorks Corp\SolidWorks Flow Simulation\binCFW\StandAloneSlv.exe [114824 2012-04-09] (Mentor Graphics Corporation)
S3 smstsmgr; C:\windows\CCM\TSManager.exe [402000 2012-11-21] (Microsoft Corporation)
S3 SolidWorks Licensing Service; C:\Program Files (x86)\Common Files\SolidWorks Shared\Service\SolidWorksLicensing.exe [79360 2014-02-09] (SolidWorks) [File not signed]
R2 WDDMService; C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe [130048 2010-01-21] (WDC) [File not signed]
R2 WDSmartWareBackgroundService; C:\Program Files (x86)\Western Digital\WD SmartWare\Front Parlor\WDSmartWareBackgroundService.exe [20480 2009-06-16] (Memeo) [File not signed]
S3 aspnet_state; %SystemRoot%\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [X]
S4 ntrtscan; c:\Program Files (x86)\Trend Micro\OfficeScan Client\NTRtScan.exe [X]
R2 rpcld; C:\ProgramData\Rpcnet\Bin\rpcld.exe [X]
S4 tmlisten; c:\Program Files (x86)\Trend Micro\OfficeScan Client\TmListen.exe [X]
 
==================== Drivers (Whitelisted) ====================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
R3 bcbtums; C:\Windows\System32\drivers\bcbtums.sys [165688 2014-01-15] (Broadcom Corporation.)
R2 BstHdDrv; C:\Program Files (x86)\BlueStacks\HD-Hypervisor-amd64.sys [122072 2014-07-22] (BlueStack Systems)
S3 HBtnKey; C:\Windows\system32\drivers\HBtnKey.sys [20424 2011-07-19] (Dell Inc.)
S3 irstrtdv; C:\Windows\system32\drivers\irstrtdv.sys [26504 2012-02-06] (Intel Corporation)
S3 ISCT; C:\Windows\system32\drivers\ISCTD64.sys [44992 2012-02-09] ()
S3 libusb0; C:\Windows\System32\DRIVERS\libusb0.sys [52832 2013-09-10] (http://libusb-win32.sourceforge.net)
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [268512 2014-01-25] (Microsoft Corporation)
R2 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [133928 2014-03-11] (Microsoft Corporation)
R3 prepdrvr; C:\Windows\System32\DRIVERS\prepdrv.sys [26984 2012-11-21] (Microsoft Corporation)
S3 RTL8023x64; C:\Windows\System32\DRIVERS\Rtnic64.sys [51712 2009-06-10] (Realtek Semiconductor Corporation                           )
R3 ST_ACCEL; C:\Windows\system32\drivers\ST_ACCEL.sys [68208 2012-05-21] (STMicroelectronics)
S3 vpnva; C:\Windows\System32\DRIVERS\vpnva64-6.sys [52080 2013-10-10] (Cisco Systems, Inc.)
S3 WsAudio_Device(1); C:\Windows\System32\drivers\VirtualAudio1.sys [31080 2013-01-25] (Wondershare)
S3 WsAudio_Device(2); C:\Windows\System32\drivers\VirtualAudio2.sys [31080 2013-01-25] (Wondershare)
S3 WsAudio_Device(3); C:\Windows\System32\drivers\VirtualAudio3.sys [31080 2013-01-25] (Wondershare)
S3 WsAudio_Device(4); C:\Windows\System32\drivers\VirtualAudio4.sys [31080 2013-01-25] (Wondershare)
S3 WsAudio_Device(5); C:\Windows\System32\drivers\VirtualAudio5.sys [31080 2013-01-25] (Wondershare)
S3 btwl2cap; system32\DRIVERS\btwl2cap.sys [X]
S3 btwrchid; system32\DRIVERS\btwrchid.sys [X]
S3 VGPU; System32\drivers\rdvgkmd.sys [X]
 
==================== NetSvcs (Whitelisted) ===================
 
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
 
 
==================== One Month Created Files and Folders ========
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2014-08-28 10:18 - 2014-08-28 10:19 - 00030435 _____ () C:\Users\Nick\Downloads\FRST.txt
2014-08-28 10:18 - 2014-08-28 10:18 - 00000000 ____D () C:\FRST
2014-08-28 10:16 - 2014-08-28 10:16 - 02103296 _____ (Farbar) C:\Users\Nick\Downloads\FRST64.exe
2014-08-28 10:04 - 2014-08-28 10:07 - 00000000 ____D () C:\AdwCleaner
2014-08-28 10:04 - 2010-08-30 08:34 - 00536576 _____ (SQLite Development Team) C:\windows\SysWOW64\sqlite3.dll
2014-08-28 10:03 - 2014-08-28 10:03 - 01364531 _____ () C:\Users\Nick\Downloads\AdwCleaner.exe
2014-08-27 20:29 - 2014-08-27 20:29 - 00019475 _____ () C:\Users\Nick\Downloads\ScheduleME201F14 (1).xlsx
2014-08-27 18:26 - 2014-08-22 22:07 - 00404480 _____ (Microsoft Corporation) C:\windows\system32\gdi32.dll
2014-08-27 18:26 - 2014-08-22 21:45 - 00311808 _____ (Microsoft Corporation) C:\windows\SysWOW64\gdi32.dll
2014-08-27 18:26 - 2014-08-22 20:59 - 03163648 _____ (Microsoft Corporation) C:\windows\system32\win32k.sys
2014-08-26 19:20 - 2014-08-26 19:20 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft System Center 2012 R2
2014-08-26 18:22 - 2014-08-26 18:22 - 00019475 _____ () C:\Users\Nick\Downloads\ScheduleME201F14.xlsx
2014-08-20 11:15 - 2014-08-20 11:15 - 02793660 _____ () C:\Users\Nick\Downloads\Ch19.pptx
2014-08-17 12:19 - 2014-08-22 16:12 - 00000000 ____D () C:\Users\Nick\Scan
2014-08-17 11:50 - 2014-08-17 11:50 - 00000678 _____ () C:\Users\Nick\Documents\NBurwin - Shortcut.lnk
2014-08-17 11:49 - 2014-08-17 11:49 - 00000365 _____ () C:\Users\Nick\Sti_Trace.log
2014-08-17 11:34 - 2014-08-17 11:34 - 00000000 ____D () C:\Users\Nick\AppData\Local\ABBYY
2014-08-17 11:33 - 2014-08-17 12:09 - 00000000 ____D () C:\Program Files (x86)\ABBYY FineReader 9.0 Sprint
2014-08-17 11:33 - 2014-08-17 11:33 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ABBYY FineReader 9.0 Sprint
2014-08-17 11:33 - 2014-08-17 11:33 - 00000000 ____D () C:\ProgramData\ABBYY
2014-08-17 11:23 - 2011-04-18 19:03 - 00120320 _____ (SEIKO EPSON CORPORATION) C:\windows\system32\E_YLMIVE.DLL
2014-08-17 11:23 - 2011-03-13 19:03 - 00083968 _____ (SEIKO EPSON CORPORATION) C:\windows\system32\E_YD4BIVE.DLL
2014-08-17 11:22 - 2014-08-17 12:03 - 00000081 _____ () C:\windows\WF-2530.ini
2014-08-15 18:11 - 2014-08-15 18:11 - 00000000 ____D () C:\Users\Nick\AppData\Roaming\com.adobe.formscentral.FormsCentralForAcrobat
2014-08-15 18:10 - 2014-08-17 11:28 - 00002453 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Acrobat XI Pro.lnk
2014-08-15 18:10 - 2014-08-17 11:28 - 00002210 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe FormsCentral.lnk
2014-08-15 18:10 - 2014-08-17 11:28 - 00002049 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Acrobat Distiller XI.lnk
2014-08-15 18:10 - 2014-08-15 18:11 - 00000000 ____D () C:\ProgramData\regid.1986-12.com.adobe
2014-08-15 18:04 - 2014-08-15 18:04 - 00000000 ___RD () C:\Users\Nick\Creative Cloud Files
2014-08-15 18:03 - 2014-08-15 18:03 - 00001309 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Creative Cloud.lnk
2014-08-15 18:03 - 2014-08-15 18:03 - 00000000 ____D () C:\ProgramData\Package Cache
2014-08-15 18:00 - 2014-08-15 18:00 - 00614792 _____ (Adobe Systems Incorporated) C:\Users\Nick\Downloads\CreativeCloudSet-Up.exe
2014-08-15 16:13 - 2014-08-15 16:13 - 00272808 _____ (Oracle Corporation) C:\windows\SysWOW64\javaws.exe
2014-08-15 16:13 - 2014-08-15 16:13 - 00175528 _____ (Oracle Corporation) C:\windows\SysWOW64\javaw.exe
2014-08-15 16:13 - 2014-08-15 16:13 - 00175528 _____ (Oracle Corporation) C:\windows\SysWOW64\java.exe
2014-08-15 16:13 - 2014-08-15 16:13 - 00098216 _____ (Oracle Corporation) C:\windows\SysWOW64\WindowsAccessBridge-32.dll
2014-08-15 16:13 - 2014-08-15 16:13 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2014-08-14 02:40 - 2014-06-30 18:24 - 00008856 _____ (Microsoft Corporation) C:\windows\system32\icardres.dll
2014-08-14 02:40 - 2014-06-30 18:14 - 00008856 _____ (Microsoft Corporation) C:\windows\SysWOW64\icardres.dll
2014-08-14 02:40 - 2014-06-06 02:16 - 00035480 _____ (Microsoft Corporation) C:\windows\SysWOW64\TsWpfWrp.exe
2014-08-14 02:40 - 2014-06-06 02:12 - 00035480 _____ (Microsoft Corporation) C:\windows\system32\TsWpfWrp.exe
2014-08-14 02:40 - 2014-03-09 17:48 - 01389208 _____ (Microsoft Corporation) C:\windows\system32\icardagt.exe
2014-08-14 02:40 - 2014-03-09 17:48 - 00171160 _____ (Microsoft Corporation) C:\windows\system32\infocardapi.dll
2014-08-14 02:40 - 2014-03-09 17:47 - 00619672 _____ (Microsoft Corporation) C:\windows\SysWOW64\icardagt.exe
2014-08-14 02:40 - 2014-03-09 17:47 - 00099480 _____ (Microsoft Corporation) C:\windows\SysWOW64\infocardapi.dll
2014-08-13 13:38 - 2014-07-31 19:41 - 00348856 _____ (Microsoft Corporation) C:\windows\system32\iedkcs32.dll
2014-08-13 13:38 - 2014-07-31 19:16 - 00307384 _____ (Microsoft Corporation) C:\windows\SysWOW64\iedkcs32.dll
2014-08-13 13:38 - 2014-07-25 10:52 - 23645696 _____ (Microsoft Corporation) C:\windows\system32\mshtml.dll
2014-08-13 13:38 - 2014-07-25 10:02 - 02724864 _____ (Microsoft Corporation) C:\windows\system32\mshtml.tlb
2014-08-13 13:38 - 2014-07-25 10:01 - 00004096 _____ (Microsoft Corporation) C:\windows\system32\ieetwcollectorres.dll
2014-08-13 13:38 - 2014-07-25 09:51 - 17524224 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.dll
2014-08-13 13:38 - 2014-07-25 09:30 - 00066048 _____ (Microsoft Corporation) C:\windows\system32\iesetup.dll
2014-08-13 13:38 - 2014-07-25 09:28 - 00548352 _____ (Microsoft Corporation) C:\windows\system32\vbscript.dll
2014-08-13 13:38 - 2014-07-25 09:28 - 00048640 _____ (Microsoft Corporation) C:\windows\system32\ieetwproxystub.dll
2014-08-13 13:38 - 2014-07-25 09:25 - 02774528 _____ (Microsoft Corporation) C:\windows\system32\iertutil.dll
2014-08-13 13:38 - 2014-07-25 09:25 - 00083968 _____ (Microsoft Corporation) C:\windows\system32\MshtmlDac.dll
2014-08-13 13:38 - 2014-07-25 09:11 - 00051200 _____ (Microsoft Corporation) C:\windows\system32\jsproxy.dll
2014-08-13 13:38 - 2014-07-25 09:10 - 00033792 _____ (Microsoft Corporation) C:\windows\system32\iernonce.dll
2014-08-13 13:38 - 2014-07-25 09:04 - 02724864 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.tlb
2014-08-13 13:38 - 2014-07-25 09:03 - 00598016 _____ (Microsoft Corporation) C:\windows\system32\ieui.dll
2014-08-13 13:38 - 2014-07-25 09:00 - 00139264 _____ (Microsoft Corporation) C:\windows\system32\ieUnatt.exe
2014-08-13 13:38 - 2014-07-25 09:00 - 00111616 _____ (Microsoft Corporation) C:\windows\system32\ieetwcollector.exe
2014-08-13 13:38 - 2014-07-25 08:59 - 00758272 _____ (Microsoft Corporation) C:\windows\system32\jscript9diag.dll
2014-08-13 13:38 - 2014-07-25 08:47 - 00940032 _____ (Microsoft Corporation) C:\windows\system32\MsSpellCheckingFacility.exe
2014-08-13 13:38 - 2014-07-25 08:40 - 00452096 _____ (Microsoft Corporation) C:\windows\system32\dxtmsft.dll
2014-08-13 13:38 - 2014-07-25 08:34 - 00455168 _____ (Microsoft Corporation) C:\windows\SysWOW64\vbscript.dll
2014-08-13 13:38 - 2014-07-25 08:34 - 00061952 _____ (Microsoft Corporation) C:\windows\SysWOW64\iesetup.dll
2014-08-13 13:38 - 2014-07-25 08:33 - 00051200 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieetwproxystub.dll
2014-08-13 13:38 - 2014-07-25 08:30 - 00061952 _____ (Microsoft Corporation) C:\windows\SysWOW64\MshtmlDac.dll
2014-08-13 13:38 - 2014-07-25 08:28 - 05824512 _____ (Microsoft Corporation) C:\windows\system32\jscript9.dll
2014-08-13 13:38 - 2014-07-25 08:28 - 00072704 _____ (Microsoft Corporation) C:\windows\system32\JavaScriptCollectionAgent.dll
2014-08-13 13:38 - 2014-07-25 08:21 - 02184704 _____ (Microsoft Corporation) C:\windows\SysWOW64\iertutil.dll
2014-08-13 13:38 - 2014-07-25 08:19 - 00195584 _____ (Microsoft Corporation) C:\windows\system32\msrating.dll
2014-08-13 13:38 - 2014-07-25 08:18 - 00043008 _____ (Microsoft Corporation) C:\windows\SysWOW64\jsproxy.dll
2014-08-13 13:38 - 2014-07-25 08:17 - 00085504 _____ (Microsoft Corporation) C:\windows\system32\mshtmled.dll
2014-08-13 13:38 - 2014-07-25 08:17 - 00032768 _____ (Microsoft Corporation) C:\windows\SysWOW64\iernonce.dll
2014-08-13 13:38 - 2014-07-25 08:12 - 00438784 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieui.dll
2014-08-13 13:38 - 2014-07-25 08:10 - 00292864 _____ (Microsoft Corporation) C:\windows\system32\dxtrans.dll
2014-08-13 13:38 - 2014-07-25 08:10 - 00112128 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieUnatt.exe
2014-08-13 13:38 - 2014-07-25 08:08 - 00597504 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript9diag.dll
2014-08-13 13:38 - 2014-07-25 08:06 - 04204032 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript9.dll
2014-08-13 13:38 - 2014-07-25 07:52 - 00367104 _____ (Microsoft Corporation) C:\windows\SysWOW64\dxtmsft.dll
2014-08-13 13:38 - 2014-07-25 07:47 - 00631808 _____ (Microsoft Corporation) C:\windows\system32\msfeeds.dll
2014-08-13 13:38 - 2014-07-25 07:43 - 00060416 _____ (Microsoft Corporation) C:\windows\SysWOW64\JavaScriptCollectionAgent.dll
2014-08-13 13:38 - 2014-07-25 07:42 - 00692736 _____ (Microsoft Corporation) C:\windows\system32\ie4uinit.exe
2014-08-13 13:38 - 2014-07-25 07:39 - 02087936 _____ (Microsoft Corporation) C:\windows\system32\inetcpl.cpl
2014-08-13 13:38 - 2014-07-25 07:39 - 01249280 _____ (Microsoft Corporation) C:\windows\system32\mshtmlmedia.dll
2014-08-13 13:38 - 2014-07-25 07:36 - 00164864 _____ (Microsoft Corporation) C:\windows\SysWOW64\msrating.dll
2014-08-13 13:38 - 2014-07-25 07:34 - 00069632 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtmled.dll
2014-08-13 13:38 - 2014-07-25 07:29 - 00239616 _____ (Microsoft Corporation) C:\windows\SysWOW64\dxtrans.dll
2014-08-13 13:38 - 2014-07-25 07:23 - 13547008 _____ (Microsoft Corporation) C:\windows\system32\ieframe.dll
2014-08-13 13:38 - 2014-07-25 07:13 - 00526336 _____ (Microsoft Corporation) C:\windows\SysWOW64\msfeeds.dll
2014-08-13 13:38 - 2014-07-25 07:07 - 02001920 _____ (Microsoft Corporation) C:\windows\SysWOW64\inetcpl.cpl
2014-08-13 13:38 - 2014-07-25 07:07 - 01068032 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtmlmedia.dll
2014-08-13 13:38 - 2014-07-25 07:03 - 11772928 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieframe.dll
2014-08-13 13:38 - 2014-07-25 06:52 - 02266624 _____ (Microsoft Corporation) C:\windows\system32\wininet.dll
2014-08-13 13:38 - 2014-07-25 06:26 - 01431040 _____ (Microsoft Corporation) C:\windows\system32\urlmon.dll
2014-08-13 13:38 - 2014-07-25 06:17 - 00846336 _____ (Microsoft Corporation) C:\windows\system32\ieapfltr.dll
2014-08-13 13:38 - 2014-07-25 06:09 - 00704512 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieapfltr.dll
2014-08-13 13:38 - 2014-07-25 06:05 - 01792512 _____ (Microsoft Corporation) C:\windows\SysWOW64\wininet.dll
2014-08-13 13:38 - 2014-07-25 06:00 - 01169920 _____ (Microsoft Corporation) C:\windows\SysWOW64\urlmon.dll
2014-08-13 13:38 - 2014-07-15 23:23 - 00002048 _____ (Microsoft Corporation) C:\windows\system32\tzres.dll
2014-08-13 13:38 - 2014-07-15 22:46 - 00002048 _____ (Microsoft Corporation) C:\windows\SysWOW64\tzres.dll
2014-08-13 13:38 - 2014-07-08 22:03 - 00007168 _____ (Microsoft Corporation) C:\windows\system32\KBDYAK.DLL
2014-08-13 13:38 - 2014-07-08 22:03 - 00007168 _____ (Microsoft Corporation) C:\windows\system32\KBDTAT.DLL
2014-08-13 13:38 - 2014-07-08 22:03 - 00007168 _____ (Microsoft Corporation) C:\windows\system32\KBDRU1.DLL
2014-08-13 13:38 - 2014-07-08 22:03 - 00007168 _____ (Microsoft Corporation) C:\windows\system32\KBDBASH.DLL
2014-08-13 13:38 - 2014-07-08 22:03 - 00006656 _____ (Microsoft Corporation) C:\windows\system32\KBDRU.DLL
2014-08-13 13:38 - 2014-07-08 21:31 - 00007168 _____ (Microsoft Corporation) C:\windows\SysWOW64\KBDYAK.DLL
2014-08-13 13:38 - 2014-07-08 21:31 - 00007168 _____ (Microsoft Corporation) C:\windows\SysWOW64\KBDTAT.DLL
2014-08-13 13:38 - 2014-07-08 21:31 - 00006656 _____ (Microsoft Corporation) C:\windows\SysWOW64\KBDRU1.DLL
2014-08-13 13:38 - 2014-07-08 21:31 - 00006656 _____ (Microsoft Corporation) C:\windows\SysWOW64\KBDRU.DLL
2014-08-13 13:38 - 2014-07-08 21:31 - 00006656 _____ (Microsoft Corporation) C:\windows\SysWOW64\KBDBASH.DLL
2014-08-13 13:38 - 2014-07-08 18:38 - 00419992 _____ () C:\windows\system32\locale.nls
2014-08-13 13:38 - 2014-07-08 18:30 - 00419992 _____ () C:\windows\SysWOW64\locale.nls
2014-08-13 13:38 - 2014-06-24 22:05 - 14175744 _____ (Microsoft Corporation) C:\windows\system32\shell32.dll
2014-08-13 13:38 - 2014-06-24 21:41 - 12874240 _____ (Microsoft Corporation) C:\windows\SysWOW64\shell32.dll
2014-08-13 13:38 - 2014-06-15 22:10 - 00985536 _____ (Microsoft Corporation) C:\windows\system32\Drivers\dxgkrnl.sys
2014-08-13 13:38 - 2014-06-03 06:02 - 03241984 _____ (Microsoft Corporation) C:\windows\system32\msi.dll
2014-08-13 13:38 - 2014-06-03 06:02 - 01941504 _____ (Microsoft Corporation) C:\windows\system32\authui.dll
2014-08-13 13:38 - 2014-06-03 06:02 - 00504320 _____ (Microsoft Corporation) C:\windows\system32\msihnd.dll
2014-08-13 13:38 - 2014-06-03 06:02 - 00112064 _____ (Microsoft Corporation) C:\windows\system32\consent.exe
2014-08-13 13:38 - 2014-06-03 05:29 - 02363392 _____ (Microsoft Corporation) C:\windows\SysWOW64\msi.dll
2014-08-13 13:38 - 2014-06-03 05:29 - 01805824 _____ (Microsoft Corporation) C:\windows\SysWOW64\authui.dll
2014-08-13 13:38 - 2014-06-03 05:29 - 00337408 _____ (Microsoft Corporation) C:\windows\SysWOW64\msihnd.dll
2014-08-13 13:37 - 2014-08-06 22:06 - 00529920 _____ (Microsoft Corporation) C:\windows\system32\aepdu.dll
2014-08-13 13:37 - 2014-08-06 22:01 - 00424448 _____ (Microsoft Corporation) C:\windows\system32\aeinv.dll
2014-08-13 13:37 - 2014-07-13 22:02 - 01216000 _____ (Microsoft Corporation) C:\windows\system32\rpcrt4.dll
2014-08-13 13:37 - 2014-07-13 21:40 - 00664064 _____ (Microsoft Corporation) C:\windows\SysWOW64\rpcrt4.dll
2014-08-12 23:11 - 2014-08-12 23:11 - 01943376 _____ (BitTorrent Inc.) C:\Users\Nick\Downloads\uTorrent.exe
2014-08-08 12:34 - 2014-08-08 12:34 - 00001783 _____ () C:\Users\Public\Desktop\iTunes.lnk
2014-08-08 12:34 - 2014-08-08 12:34 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
2014-08-02 12:20 - 2014-05-14 12:23 - 02477536 _____ (Microsoft Corporation) C:\windows\system32\wuaueng.dll
2014-08-02 12:20 - 2014-05-14 12:23 - 00700384 _____ (Microsoft Corporation) C:\windows\system32\wuapi.dll
2014-08-02 12:20 - 2014-05-14 12:23 - 00581600 _____ (Microsoft Corporation) C:\windows\SysWOW64\wuapi.dll
2014-08-02 12:20 - 2014-05-14 12:23 - 00058336 _____ (Microsoft Corporation) C:\windows\system32\wuauclt.exe
2014-08-02 12:20 - 2014-05-14 12:23 - 00044512 _____ (Microsoft Corporation) C:\windows\system32\wups2.dll
2014-08-02 12:20 - 2014-05-14 12:23 - 00038880 _____ (Microsoft Corporation) C:\windows\system32\wups.dll
2014-08-02 12:20 - 2014-05-14 12:23 - 00036320 _____ (Microsoft Corporation) C:\windows\SysWOW64\wups.dll
2014-08-02 12:20 - 2014-05-14 12:21 - 02620928 _____ (Microsoft Corporation) C:\windows\system32\wucltux.dll
2014-08-02 12:20 - 2014-05-14 12:20 - 00097792 _____ (Microsoft Corporation) C:\windows\system32\wudriver.dll
2014-08-02 12:20 - 2014-05-14 12:17 - 00092672 _____ (Microsoft Corporation) C:\windows\SysWOW64\wudriver.dll
2014-08-02 12:20 - 2014-05-14 09:23 - 00198600 _____ (Microsoft Corporation) C:\windows\system32\wuwebv.dll
2014-08-02 12:20 - 2014-05-14 09:23 - 00179656 _____ (Microsoft Corporation) C:\windows\SysWOW64\wuwebv.dll
2014-08-02 12:20 - 2014-05-14 09:20 - 00036864 _____ (Microsoft Corporation) C:\windows\system32\wuapp.exe
2014-08-02 12:20 - 2014-05-14 09:17 - 00033792 _____ (Microsoft Corporation) C:\windows\SysWOW64\wuapp.exe
 
==================== One Month Modified Files and Folders =======
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2014-08-28 10:19 - 2014-08-28 10:18 - 00030435 _____ () C:\Users\Nick\Downloads\FRST.txt
2014-08-28 10:18 - 2014-08-28 10:18 - 00000000 ____D () C:\FRST
2014-08-28 10:18 - 2013-06-24 14:55 - 01105256 _____ () C:\windows\WindowsUpdate.log
2014-08-28 10:16 - 2014-08-28 10:16 - 02103296 _____ (Farbar) C:\Users\Nick\Downloads\FRST64.exe
2014-08-28 10:16 - 2009-07-14 00:45 - 00027696 ____H () C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-08-28 10:16 - 2009-07-14 00:45 - 00027696 ____H () C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-08-28 10:15 - 2013-06-24 17:49 - 00000898 _____ () C:\windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-08-28 10:15 - 2013-06-24 14:58 - 00000569 _____ () C:\windows\SMSCFG.ini
2014-08-28 10:14 - 2013-08-21 13:58 - 00000548 _____ () C:\windows\Tasks\MATLAB R2013a Startup Accelerator.job
2014-08-28 10:13 - 2013-06-24 20:06 - 00000000 ___RD () C:\Users\Nick\Google Drive
2014-08-28 10:13 - 2013-06-24 19:28 - 00000000 ____D () C:\Users\Nick\AppData\Local\Adobe
2014-08-28 10:13 - 2013-05-01 16:03 - 00000000 ____D () C:\ProgramData\Sonic
2014-08-28 10:12 - 2013-06-24 17:49 - 00000894 _____ () C:\windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-08-28 10:10 - 2014-01-09 17:21 - 00023148 _____ () C:\windows\setupact.log
2014-08-28 10:10 - 2013-04-30 12:14 - 00017408 _____ () C:\windows\system32\rpcnetp.exe
2014-08-28 10:10 - 2013-04-30 09:57 - 00069792 _____ (Absolute Software Corp.) C:\windows\SysWOW64\rpcnet.dll
2014-08-28 10:10 - 2009-07-14 01:08 - 00000006 ____H () C:\windows\Tasks\SA.DAT
2014-08-28 10:10 - 2009-07-14 00:45 - 00492760 _____ () C:\windows\system32\FNTCACHE.DAT
2014-08-28 10:09 - 2014-01-09 17:21 - 00345040 _____ () C:\windows\PFRO.log
2014-08-28 10:07 - 2014-08-28 10:04 - 00000000 ____D () C:\AdwCleaner
2014-08-28 10:03 - 2014-08-28 10:03 - 01364531 _____ () C:\Users\Nick\Downloads\AdwCleaner.exe
2014-08-28 10:02 - 2013-07-26 01:41 - 00000910 _____ () C:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-997238165-3031810234-1435239162-1001UA.job
2014-08-28 10:01 - 2013-06-24 20:28 - 00000000 ____D () C:\Users\Nick\Documents\Outlook Files
2014-08-28 10:01 - 2013-05-01 15:52 - 00000830 _____ () C:\windows\Tasks\Adobe Flash Player Updater.job
2014-08-27 20:29 - 2014-08-27 20:29 - 00019475 _____ () C:\Users\Nick\Downloads\ScheduleME201F14 (1).xlsx
2014-08-27 20:02 - 2013-06-24 20:02 - 00000000 ____D () C:\Users\Nick\AppData\Roaming\Skype
2014-08-27 18:24 - 2013-07-26 01:41 - 00000858 _____ () C:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-997238165-3031810234-1435239162-1001Core.job
2014-08-26 23:24 - 2009-07-14 01:13 - 00833586 _____ () C:\windows\system32\PerfStringBackup.INI
2014-08-26 19:20 - 2014-08-26 19:20 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft System Center 2012 R2
2014-08-26 18:22 - 2014-08-26 18:22 - 00019475 _____ () C:\Users\Nick\Downloads\ScheduleME201F14.xlsx
2014-08-24 23:57 - 2013-06-24 20:06 - 00000000 ___RD () C:\Users\Nick\Dropbox
2014-08-24 23:49 - 2013-06-24 20:04 - 00000000 ____D () C:\Users\Nick\AppData\Roaming\Dropbox
2014-08-22 22:07 - 2014-08-27 18:26 - 00404480 _____ (Microsoft Corporation) C:\windows\system32\gdi32.dll
2014-08-22 21:45 - 2014-08-27 18:26 - 00311808 _____ (Microsoft Corporation) C:\windows\SysWOW64\gdi32.dll
2014-08-22 20:59 - 2014-08-27 18:26 - 03163648 _____ (Microsoft Corporation) C:\windows\system32\win32k.sys
2014-08-22 16:12 - 2014-08-17 12:19 - 00000000 ____D () C:\Users\Nick\Scan
2014-08-20 17:37 - 2013-07-28 15:31 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Epson Software
2014-08-20 17:37 - 2013-07-28 15:30 - 00000000 ____D () C:\Program Files (x86)\Epson Software
2014-08-20 17:22 - 2013-06-24 14:58 - 00000000 ____D () C:\windows\ccmcache
2014-08-20 11:15 - 2014-08-20 11:15 - 02793660 _____ () C:\Users\Nick\Downloads\Ch19.pptx
2014-08-18 10:39 - 2013-06-24 19:45 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Drive
2014-08-17 12:19 - 2013-06-24 14:55 - 00000000 ____D () C:\Users\Nick
2014-08-17 12:16 - 2013-07-29 10:38 - 00000000 ____D () C:\Users\Nick\AppData\Roaming\Epson
2014-08-17 12:09 - 2014-08-17 11:33 - 00000000 ____D () C:\Program Files (x86)\ABBYY FineReader 9.0 Sprint
2014-08-17 12:08 - 2013-07-28 15:28 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\EPSON
2014-08-17 12:08 - 2013-07-28 15:28 - 00000000 ____D () C:\Program Files (x86)\epson
2014-08-17 12:03 - 2014-08-17 11:22 - 00000081 _____ () C:\windows\WF-2530.ini
2014-08-17 11:50 - 2014-08-17 11:50 - 00000678 _____ () C:\Users\Nick\Documents\NBurwin - Shortcut.lnk
2014-08-17 11:49 - 2014-08-17 11:49 - 00000365 _____ () C:\Users\Nick\Sti_Trace.log
2014-08-17 11:49 - 2013-07-28 15:29 - 00000000 ____D () C:\ProgramData\EPSON
2014-08-17 11:46 - 2009-07-14 01:32 - 00000000 ____D () C:\windows\system32\FxsTmp
2014-08-17 11:34 - 2014-08-17 11:34 - 00000000 ____D () C:\Users\Nick\AppData\Local\ABBYY
2014-08-17 11:33 - 2014-08-17 11:33 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ABBYY FineReader 9.0 Sprint
2014-08-17 11:33 - 2014-08-17 11:33 - 00000000 ____D () C:\ProgramData\ABBYY
2014-08-17 11:29 - 2013-06-24 14:55 - 00000000 ____D () C:\Users\Nick\AppData\Roaming\Adobe
2014-08-17 11:28 - 2014-08-15 18:10 - 00002453 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Acrobat XI Pro.lnk
2014-08-17 11:28 - 2014-08-15 18:10 - 00002210 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe FormsCentral.lnk
2014-08-17 11:28 - 2014-08-15 18:10 - 00002049 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Acrobat Distiller XI.lnk
2014-08-15 18:13 - 2013-06-24 14:56 - 00142952 _____ () C:\Users\Nick\AppData\Local\GDIPFONTCACHEV1.DAT
2014-08-15 18:11 - 2014-08-15 18:11 - 00000000 ____D () C:\Users\Nick\AppData\Roaming\com.adobe.formscentral.FormsCentralForAcrobat
2014-08-15 18:11 - 2014-08-15 18:10 - 00000000 ____D () C:\ProgramData\regid.1986-12.com.adobe
2014-08-15 18:10 - 2013-04-30 09:49 - 00000000 ____D () C:\ProgramData\Adobe
2014-08-15 18:09 - 2013-05-01 14:08 - 00000000 ____D () C:\Program Files (x86)\Adobe
2014-08-15 18:04 - 2014-08-15 18:04 - 00000000 ___RD () C:\Users\Nick\Creative Cloud Files
2014-08-15 18:03 - 2014-08-15 18:03 - 00001309 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Creative Cloud.lnk
2014-08-15 18:03 - 2014-08-15 18:03 - 00000000 ____D () C:\ProgramData\Package Cache
2014-08-15 18:00 - 2014-08-15 18:00 - 00614792 _____ (Adobe Systems Incorporated) C:\Users\Nick\Downloads\CreativeCloudSet-Up.exe
2014-08-15 16:47 - 2013-06-24 20:05 - 00000000 ____D () C:\Users\Nick\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
2014-08-15 16:14 - 2013-10-20 16:26 - 00000000 ____D () C:\ProgramData\Oracle
2014-08-15 16:13 - 2014-08-15 16:13 - 00272808 _____ (Oracle Corporation) C:\windows\SysWOW64\javaws.exe
2014-08-15 16:13 - 2014-08-15 16:13 - 00175528 _____ (Oracle Corporation) C:\windows\SysWOW64\javaw.exe
2014-08-15 16:13 - 2014-08-15 16:13 - 00175528 _____ (Oracle Corporation) C:\windows\SysWOW64\java.exe
2014-08-15 16:13 - 2014-08-15 16:13 - 00098216 _____ (Oracle Corporation) C:\windows\SysWOW64\WindowsAccessBridge-32.dll
2014-08-15 16:13 - 2014-08-15 16:13 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2014-08-14 16:06 - 2009-07-13 23:20 - 00000000 ____D () C:\windows\rescache
2014-08-14 10:24 - 2009-07-13 23:20 - 00000000 ____D () C:\windows\PolicyDefinitions
2014-08-14 02:51 - 2013-04-30 10:19 - 00000000 ____D () C:\ProgramData\Microsoft Help
2014-08-14 02:47 - 2013-08-06 02:19 - 00000000 ____D () C:\windows\system32\MRT
2014-08-14 02:44 - 2013-04-30 11:06 - 99218768 _____ (Microsoft Corporation) C:\windows\system32\MRT.exe
2014-08-14 02:40 - 2014-05-07 11:00 - 00000000 ___SD () C:\windows\system32\CompatTel
2014-08-14 01:58 - 2014-03-20 11:48 - 00000000 ____D () C:\Users\Nick\Downloads\Movies
2014-08-13 10:26 - 2013-08-09 20:01 - 00000000 ____D () C:\Users\Nick\AppData\Roaming\uTorrent
2014-08-12 23:33 - 2014-06-24 14:41 - 00122584 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\MBAMSwissArmy.sys
2014-08-12 23:11 - 2014-08-12 23:11 - 01943376 _____ (BitTorrent Inc.) C:\Users\Nick\Downloads\uTorrent.exe
2014-08-10 14:15 - 2014-06-14 12:00 - 00001066 _____ () C:\Users\Public\Desktop\VLC media player.lnk
2014-08-09 09:31 - 2009-07-13 23:20 - 00000000 ____D () C:\windows\system32\NDF
2014-08-08 12:34 - 2014-08-08 12:34 - 00001783 _____ () C:\Users\Public\Desktop\iTunes.lnk
2014-08-08 12:34 - 2014-08-08 12:34 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
2014-08-08 12:34 - 2013-08-18 14:42 - 00000000 ____D () C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
2014-08-08 12:34 - 2013-08-18 14:42 - 00000000 ____D () C:\Program Files\iTunes
2014-08-08 12:34 - 2013-08-18 14:42 - 00000000 ____D () C:\Program Files (x86)\iTunes
2014-08-08 12:33 - 2013-08-18 14:42 - 00000000 ____D () C:\Program Files\iPod
2014-08-06 22:06 - 2014-08-13 13:37 - 00529920 _____ (Microsoft Corporation) C:\windows\system32\aepdu.dll
2014-08-06 22:01 - 2014-08-13 13:37 - 00424448 _____ (Microsoft Corporation) C:\windows\system32\aeinv.dll
2014-08-03 13:21 - 2014-01-21 12:02 - 00000000 ____D () C:\Users\Nick\Documents\MATLAB
2014-07-31 19:41 - 2014-08-13 13:38 - 00348856 _____ (Microsoft Corporation) C:\windows\system32\iedkcs32.dll
2014-07-31 19:16 - 2014-08-13 13:38 - 00307384 _____ (Microsoft Corporation) C:\windows\SysWOW64\iedkcs32.dll
 
Some content of TEMP:
====================
C:\Users\Nick\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpqtb79h.dll
C:\Users\Nick\AppData\Local\Temp\i4jdel0.exe
C:\Users\Nick\AppData\Local\Temp\jre-7u65-windows-i586-iftw.exe
C:\Users\Nick\AppData\Local\Temp\jre-7u67-windows-i586-iftw.exe
C:\Users\Nick\AppData\Local\Temp\Quarantine.exe
C:\Users\Nick\AppData\Local\Temp\vlc-2.1.5-win32.exe
 
 
==================== Bamital & volsnap Check =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
 
 
LastRegBack: 2014-08-17 16:03
 
==================== End Of Log ============================
 
Here is the log from Addition.txt:
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 25-08-2014
Ran by NBurwin at 2014-08-28 10:19:24
Running from C:\Users\Nick\Downloads
Boot Mode: Normal
==========================================================
 
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
AV: Microsoft Security Essentials (Enabled - Up to date) {641105E6-77ED-3F35-A304-765193BCB75F}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Microsoft Security Essentials (Enabled - Up to date) {DF70E402-51D7-30BB-99B4-4D23E83BFDE2}
 
==================== Installed Programs ======================
 
(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
µTorrent (HKCU\...\uTorrent) (Version: 3.4.2.32891 - BitTorrent Inc.)
64 Bit HP CIO Components Installer (Version: 16.2.1 - Hewlett-Packard) Hidden
ABBYY FineReader 9.0 Sprint (HKLM-x32\...\ABBYY FineReader 9.0 Sprint) (Version: 9.00.15.58233 - ABBYY)
ABBYY FineReader 9.0 Sprint (x32 Version: 9.00.15.58233 - ABBYY) Hidden
Absolute Notifier (HKLM-x32\...\{EBE939ED-4612-45FD-A39E-77AC199C4273}) (Version: 1.4.3.24 - Absolute Software)
Adobe Acrobat XI Pro (HKLM-x32\...\{23D3F585-AE29-4670-8E3E-64A0EFB29240}) (Version: 11.0 - Adobe Systems Incorporated)
Adobe Acrobat XI Pro (HKLM-x32\...\{AC76BA86-1033-FFFF-7760-000000000006}) (Version: 11.0.08 - Adobe Systems)
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 3.8.0.1430 - Adobe Systems Incorporated)
Adobe AIR (x32 Version: 3.8.0.1430 - Adobe Systems Incorporated) Hidden
Adobe Creative Cloud (HKLM-x32\...\Adobe Creative Cloud) (Version: 2.7.1.418 - Adobe Systems Incorporated)
Adobe Flash Player 14 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 14.0.0.145 - Adobe Systems Incorporated)
Adobe Flash Player 14 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 14.0.0.145 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.07) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.07 - Adobe Systems Incorporated)
Amazon Cloud Player (HKCU\...\Amazon Amazon Cloud Player) (Version: 2.4.0.26 - Amazon Services LLC)
Amazon Music Importer (HKLM-x32\...\com.amazon.music.uploader) (Version: 2.1.0 - Amazon Services LLC)
Amazon Music Importer (x32 Version: 2.1.0 - Amazon Services LLC) Hidden
AMD Accelerated Video Transcoding (Version: 12.10.100.30530 - Advanced Micro Devices, Inc.) Hidden
AMD Catalyst Install Manager (HKLM\...\{21D62CA5-5B85-E397-92D3-1B8E25CF31B7}) (Version: 8.0.911.0 - Advanced Micro Devices, Inc.)
Apple Application Support (HKLM-x32\...\{78002155-F025-4070-85B3-7C0453561701}) (Version: 3.0.6 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{6AF2AC2A-3532-43FD-9F4D-BDC9C0D724C7}) (Version: 7.1.2.6 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
BlueStacks App Player (HKLM-x32\...\BlueStacks App Player) (Version: 0.9.0.4049 - BlueStack Systems, Inc.)
BlueStacks Notification Center (HKLM-x32\...\{50DA15C1-0161-40EE-A325-0BE5BA03C026}) (Version: 0.9.0.4049 - BlueStack Systems, Inc.)
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
Canon Easy-WebPrint EX (HKLM-x32\...\Easy-WebPrint EX) (Version: 1.3.5.0 - Canon Inc.)
Canon IJ Scan Utility (HKLM-x32\...\Canon_IJ_Scan_Utility) (Version:  - ‪Canon Inc.‬)
Canon MG3200 series MP Drivers (HKLM\...\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MG3200_series) (Version: 1.01 - Canon Inc.)
Canon MG3200 series On-screen Manual (HKLM-x32\...\Canon MG3200 series On-screen Manual) (Version: 7.5.0 - Canon Inc.)
Canon MG3200 series User Registration (HKLM-x32\...\Canon MG3200 series User Registration) (Version:  - Canon Inc.‎)
Canon My Image Garden (HKLM-x32\...\Canon My Image Garden) (Version: 1.0.0 - Canon Inc.)
Canon My Image Garden Design Files (HKLM-x32\...\Canon My Image Garden Design Files) (Version: 1.0.0 - Canon Inc.)
Canon My Printer (HKLM-x32\...\CanonMyPrinter) (Version: 3.0.0 - Canon Inc.)
Canon Quick Menu (HKLM-x32\...\CanonQuickMenu) (Version: 2.0.0 - Canon Inc.)
Catalyst Control Center InstallProxy (x32 Version: 2013.0530.352.5022 - Advanced Micro Devices, Inc.) Hidden
CCIT Software Center (HKLM\...\CCIT Software Center Update) (Version: 1.1 - Clemson University - CCIT)
CCIT Software Center (HKLM\...\CCIT Software Center) (Version: 1.1 - Clemson University - CCIT)
CCleaner (HKLM\...\CCleaner) (Version: 4.09 - Piriform)
Cisco AnyConnect Secure Mobility Client  (HKLM-x32\...\Cisco AnyConnect Secure Mobility Client) (Version: 3.1.04072 - Cisco Systems, Inc.)
Cisco AnyConnect Secure Mobility Client (x32 Version: 3.1.04072 - Cisco Systems, Inc.) Hidden
Configuration Manager Client (Version: 5.00.7804.1000 - Microsoft Corporation) Hidden
CutePDF Writer 3.0 (HKLM\...\CutePDF Writer Installation) (Version:  3.0 - CutePDF.com)
CyberLink PowerDVD 9.5 (HKLM-x32\...\InstallShield_{A8516AC9-AAF1-47F9-9766-03E2D4CDBCF8}) (Version: 9.5.1.3426 - CyberLink Corp.)
CyberLink PowerDVD 9.5 (x32 Version: 9.5.1.3426 - CyberLink Corp.) Hidden
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{132D27B8-C656-44BD-8C16-73C54EA8A85F}) (Version:  - Microsoft)
Dell System Detect Bootstrapper (HKCU\...\8e3135b376bd523e) (Version: 1.1.0.15 - Dell)
Dell Touchpad (HKLM\...\{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}) (Version: 8.1200.101.124 - ALPS ELECTRIC CO., LTD.)
Dell Webcam Central (HKLM-x32\...\Dell Webcam Central) (Version: 1.40.54 - Creative Technology Ltd)
DirectX 9 Runtime (x32 Version: 1.00.0000 - Sonic Solutions) Hidden
Dropbox (HKCU\...\Dropbox) (Version: 2.10.27 - Dropbox, Inc.)
Dual Monitor 1.22 (HKLM-x32\...\{64AA3F94-ED4A-4A4B-B72C-B7A1481ED5D8}_is1) (Version: 1.22.021813 - Cristi Diaconu)
eduroam wireless (HKLM\...\eduroam wireless) (Version: 1.0 - Clemson University - CCIT)
EPSON Connect version 1.0 (HKLM-x32\...\EPSON Connect_is1) (Version: 1.0 - Epson America Inc.)
Epson Customer Participation (HKLM\...\{814FA673-A085-403C-9545-747FC1495069}) (Version: 1.4.0.0 - SEIKO EPSON CORPORATION)
Epson Event Manager (HKLM-x32\...\{44F72193-F59C-4303-BAE8-E3E4BC1C122C}) (Version: 3.01.0003 - Seiko Epson Corporation)
Epson FAX Utility (HKLM-x32\...\{0CBE6C93-CB2E-4378-91EE-12BE6D4E2E4A}) (Version: 1.30.00 - SEIKO EPSON CORPORATION)
Epson PC-FAX Driver (HKLM-x32\...\EPSON PC-FAX Driver 2) (Version:  - )
EPSON Scan (HKLM-x32\...\EPSON Scanner) (Version:  - Seiko Epson Corporation)
EPSON WF-2530 Series Printer Uninstall (HKLM\...\EPSON WF-2530 Series) (Version:  - SEIKO EPSON Corporation)
EPSON WF-3540 Series Printer Uninstall (HKLM\...\EPSON WF-3540 Series) (Version:  - SEIKO EPSON Corporation)
EPSON WorkForce 310 Series Printer Uninstall (HKLM\...\EPSON WorkForce 310 Series) (Version:  - SEIKO EPSON Corporation)
EpsonNet Print (HKLM-x32\...\{3E31400D-274E-4647-916C-2CACC3741799}) (Version: 2.5.00 - SEIKO EPSON CORPORATION)
eReg (x32 Version: 1.20.138.34 - Logitech, Inc.) Hidden
Google Chrome (HKLM-x32\...\{415F5878-42E8-3443-AEA3-3F066A8B260B}) (Version: 65.39.83 - Google, Inc.)
Google Drive (HKLM-x32\...\{C6640705-7479-4EE5-BC86-879F05F65E74}) (Version: 1.17.7290.4094 - Google, Inc.)
Google Update Helper (x32 Version: 1.3.24.15 - Google Inc.) Hidden
HydraVision (x32 Version: 4.2.252.0 - Advanced Micro Devices, Inc.) Hidden
Intel® Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 8.1.0.1281 - Intel Corporation)
Intel® Network Connections Drivers (HKLM\...\PROSet) (Version: 18.1 - Intel)
Intel® USB 3.0 eXtensible Host Controller Driver (HKLM-x32\...\{240C3DDD-C5E9-4029-9DF7-95650D040CF2}) (Version: 1.0.8.251 - Intel Corporation)
Intel® Trusted Connect Service Client (Version: 1.24.738.1 - Intel Corporation) Hidden
iTunes (HKLM\...\{77DE5105-D05E-448C-96CB-7FA381903753}) (Version: 11.3.1.2 - Apple Inc.)
Java 7 Update 67 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F03217067FF}) (Version: 7.0.670 - Oracle)
Java Auto Updater (x32 Version: 2.1.67.1 - Oracle, Inc.) Hidden
League of Legends (HKLM-x32\...\League of Legends 3.0.0) (Version: 3.0.0 - Riot Games)
League of Legends (x32 Version: 3.0.0 - Riot Games) Hidden
LEGO MINDSTORMS NXT Driver for x64 (HKLM\...\{AE1D4582-D449-495C-9DC6-B92E16C7DB63}) (Version: 1.19.768 - LEGO)
Logitech SetPoint 6.0 (HKLM\...\SP6) (Version: 6.00.68 - Logitech)
Logitech Unifying Software 2.10 (HKLM\...\Logitech Unifying) (Version: 2.10.37 - Logitech)
Magic DVD Ripper V5.4.2 (HKLM-x32\...\Magic DVD Ripper_is1) (Version:  - Magic DVD Software, Inc.)
Malwarebytes Anti-Malware version 2.0.2.1012 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.2.1012 - Malwarebytes Corporation)
MATLAB R2013a (HKLM\...\Matlab R2013a) (Version: 8.1 - The MathWorks, Inc.)
Microsoft .NET Framework 1.1 (HKLM-x32\...\{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}) (Version: 1.1.4322 - Microsoft)
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (Version: 4.5.50938 - Microsoft Corporation) Hidden
Microsoft Application Error Reporting (Version: 12.0.6015.5000 - Microsoft Corporation) Hidden
Microsoft Office 2003 Web Components (HKLM-x32\...\{90120000-00A4-0409-0000-0000000FF1CE}) (Version: 12.0.6213.1000 - Microsoft Corporation)
Microsoft Office Access MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Access Setup Metadata MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Excel MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Groove MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office InfoPath MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Office 64-bit Components 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office OneNote MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Outlook MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office PowerPoint MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Professional Plus 2010 (HKLM-x32\...\Office14.PROPLUS) (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft Office Professional Plus 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (French) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (Spanish) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proofing (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Publisher MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared 64-bit MUI (English) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared Setup Metadata MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Word MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Policy Platform (Version: 1.2.3602.0 - Microsoft Corporation) Hidden
Microsoft Security Client (Version: 4.5.0216.0 - Microsoft Corporation) Hidden
Microsoft Security Essentials (HKLM\...\Microsoft Security Client) (Version: 4.5.216.0 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft SkyDrive (HKCU\...\SkyDriveSetup.exe) (Version: 17.0.2010.0530 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 x86 Additional Runtime - 11.0.61030 (x32 Version: 11.0.61030 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x86 Minimum Runtime - 11.0.61030 (x32 Version: 11.0.61030 - Microsoft Corporation) Hidden
Microsoft Visual Studio 2005 Remote Debugger Light (x64) - ENU (HKLM\...\Microsoft Visual Studio 2005 Remote Debugger Light (x64) - ENU) (Version:  - Microsoft Corporation)
Microsoft Visual Studio 2005 Remote Debugger Light (x64) - ENU (Version: 8.0.52572 - Microsoft Corporation) Hidden
Microsoft Visual Studio 2005 Tools for Applications - ENU (HKLM-x32\...\Microsoft Visual Studio 2005 Tools for Applications - ENU) (Version:  - Microsoft Corporation)
Microsoft Visual Studio 2005 Tools for Applications - ENU (x32 Version: 8.0.50727.146 - Microsoft Corporation) Hidden
Movie Maker (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Mozilla Firefox 22.0 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 22.0 (x86 en-US)) (Version: 22.0 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 22.0 - Mozilla)
MSVCRT (x32 Version: 15.4.2862.0708 - Microsoft) Hidden
MSVCRT110 (x32 Version: 16.4.1108.0727 - Microsoft) Hidden
MSVCRT110_amd64 (Version: 16.4.1109.0912 - Microsoft) Hidden
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
Music Manager (HKCU\...\MusicManager) (Version:  - Google, Inc.)
O2Micro Flash Memory Card Windows Driver (HKLM-x32\...\InstallShield_{D535FC73-1F63-4347-896A-C97A45F11E9C}) (Version: 3.0.07.44 - O2Micro International LTD.)
O2Micro Flash Memory Card Windows Driver (x32 Version: 3.0.07.44 - O2Micro International LTD.) Hidden
Pharos (HKLM-x32\...\Pharos) (Version:  - )
Photo Gallery (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
PhotoShowExpress (x32 Version: 2.0.063 - Sonic Solutions) Hidden
QuickTime (HKLM-x32\...\{B67BAFBA-4C9F-48FA-9496-933E3B255044}) (Version: 7.74.80.86 - Apple Inc.)
RBVirtualFolder64Inst (Version: 1.00.0000 - Roxio, Inc.) Hidden
Roxio Activation Module (x32 Version: 1.0 - Roxio) Hidden
Roxio BackOnTrack (x32 Version: 1.3.3 - Roxio) Hidden
Roxio Burn (x32 Version: 1.8 - Roxio) Hidden
Roxio Creator Starter (HKLM-x32\...\{6F0BBEFE-BE1C-419B-BA1F-D36C9E7915BC}) (Version: 12.1.77.0 - Roxio)
Roxio Creator Starter (x32 Version: 1.0.439 - Roxio) Hidden
Roxio Creator Starter (x32 Version: 5.0.0 - Roxio) Hidden
Roxio Express Labeler 3 (x32 Version: 3.2.2 - Roxio) Hidden
Roxio File Backup (Version: 1.3.2 - Roxio) Hidden
ScorpionSaver (HKLM-x32\...\{9B65F9A3-9D24-452A-B6EF-1457D65E4259}) (Version: 1.0.0.0 - Adpeak, Inc.) <==== ATTENTION
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{DE28B448-32E8-4E8F-84F0-A52B21A49B5B}) (Version:  - Microsoft)
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (x32 Version:  - Microsoft) Hidden
Skype™ 6.16 (HKLM-x32\...\{7A3C7E05-EE37-47D6-99E1-2EB05A3DA3F7}) (Version: 6.16.105 - Skype Technologies S.A.)
Software Updater (HKLM-x32\...\{B307472F-7BD9-4040-9255-CE6D6A1196A3}) (Version: 4.3.1 - SEIKO EPSON CORPORATION)
SolidWorks 2012 x64 Edition SP04 (HKLM-x32\...\SolidWorks Installation Manager 20120-40400-1100-100) (Version: 20.4.0.64 - SolidWorks Corporation)
SolidWorks 2012 x64 Edition SP04 (Version: 20.140.64 - SolidWorks) Hidden
SolidWorks eDrawings 2012 x64 Edition SP04 (Version: 12.4.108 - Dassault Systèmes SolidWorks Corp) Hidden
SolidWorks Flow Simulation 2012 SP04 x64 Edition  (Version: 20.40.65 - SolidWorks Corporation) Hidden
Sonic CinePlayer Decoder Pack (x32 Version: 4.3.0 - Sonic Solutions) Hidden
ST Microelectronics 3 Axis Digital Accelerometer Solution (HKLM-x32\...\{9C24F411-9CA7-4A8A-91F3-F08A4A38EB31}) (Version: 4.10.0036 - ST Microelectronics)
SYNC My iTunes v1.1.61 (HKLM-x32\...\SYNC My iTunes_is1) (Version: 1.1.61 - Ford Motor Company)
TI Connect™ (HKLM-x32\...\{D06BA64C-4447-49B4-B99D-E85BEA9E1035}) (Version: 4.0.0.218 - Texas Instruments Inc.)
TI NoteFolio Creator (HKLM-x32\...\{F07AE5AB-516C-4CEB-A0AA-AD083B9182C6}) (Version: 1.1.0.276 - Texas Instruments Incorporated)
Update for Microsoft Access 2010 (KB2553446) 32-Bit Edition (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{B4A38370-2ADB-46B0-A1B0-0C4A2F7DCA31}) (Version:  - Microsoft)
Update for Microsoft Excel 2010 (KB2837600) 32-Bit Edition (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{4ACD847E-547D-493F-9A86-F73EAE1B5174}) (Version:  - Microsoft)
Update for Microsoft Filter Pack 2.0 (KB2878281) 32-Bit Edition (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{302A8FE3-EBF5-486C-A431-16A1CD914443}) (Version:  - Microsoft)
Update for Microsoft Filter Pack 2.0 (KB2878281) 32-Bit Edition (HKLM-x32\...\{90140000-002A-0000-1000-0000000FF1CE}_Office14.PROPLUS_{302A8FE3-EBF5-486C-A431-16A1CD914443}) (Version:  - Microsoft)
Update for Microsoft InfoPath 2010 (KB2817369) 32-Bit Edition (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{4EEA3D3E-989C-4DF4-AB0A-3042C0C12AA3}) (Version:  - Microsoft)
Update for Microsoft InfoPath 2010 (KB2817396) 32-Bit Edition (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{39767ECA-1731-45DB-AB5B-6BF40E151D66}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2589298) 32-Bit Edition (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{DADF7E25-FFA4-4D02-BE84-1DAE62C18516}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2589352) 32-Bit Edition (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{F4284D93-7AE8-4309-8CF3-9AD394F35F3A}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2589352) 32-Bit Edition (HKLM-x32\...\{90140000-002A-0000-1000-0000000FF1CE}_Office14.PROPLUS_{F4284D93-7AE8-4309-8CF3-9AD394F35F3A}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2589375) 32-Bit Edition (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{287A1E92-9E41-4BC1-8920-B3D0E9220800}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2597087) 32-Bit Edition (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{9D69691D-823D-4C3E-9B12-563A3F520366}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2687502) 32-Bit Edition (HKLM-x32\...\{90140000-001F-0409-0000-0000000FF1CE}_Office14.PROPLUS_{7DE7DF97-82FE-4B3A-AB8D-1621F9CC464A}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2760598) 32-Bit Edition (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{ECFE33A3-B8B7-439A-ADE4-59FBD29EF9B8}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2760598) 32-Bit Edition (HKLM-x32\...\{90140000-002A-0000-1000-0000000FF1CE}_Office14.PROPLUS_{ECFE33A3-B8B7-439A-ADE4-59FBD29EF9B8}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2760631) 32-Bit Edition (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{35698CB7-AAA2-4577-B505-DBFF504AEF23}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2794737) 32-Bit Edition (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{5AA578BB-759C-40FD-9661-A737C0884541}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2825635) 32-Bit Edition (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{F1A20C69-9FE5-40FD-9CD5-84EABC2EF64A}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2825640) 32-Bit Edition (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{BA610006-2C39-4419-9834-CF61AB24810A}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2837581) 32-Bit Edition (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{334FB202-28D7-4BA4-8BC9-4FE4AB233EA0}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2837606) 32-Bit Edition (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{B0D672F7-883E-4279-8E75-D97A5445AB46}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2878252) 32-Bit Edition (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{B0DB9F71-E0F7-4FE6-8925-35B860CAC0C4}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2881028) 32-Bit Edition (HKLM-x32\...\{90140000-001F-040C-0000-0000000FF1CE}_Office14.PROPLUS_{089DBFD7-8211-43B2-AAAE-5BDD8C23E3A8}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2881028) 32-Bit Edition (HKLM-x32\...\{90140000-001F-0C0A-0000-0000000FF1CE}_Office14.PROPLUS_{794A0574-4E2F-4D58-B2A0-D7460ACDC85C}) (Version:  - Microsoft)
Update for Microsoft OneNote 2010 (KB2837595) 32-Bit Edition (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{51CCA922-A0CC-47C4-8910-6936D97CAC2E}) (Version:  - Microsoft)
Update for Microsoft OneNote 2010 (KB2837595) 32-Bit Edition (HKLM-x32\...\{90140000-002A-0000-1000-0000000FF1CE}_Office14.PROPLUS_{51CCA922-A0CC-47C4-8910-6936D97CAC2E}) (Version:  - Microsoft)
Update for Microsoft Outlook 2010 (KB2687567) 32-Bit Edition (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{2AB483F1-C86E-427A-83B4-23889B03512D}) (Version:  - Microsoft)
Update for Microsoft Outlook 2010 (KB2687567) 32-Bit Edition (HKLM-x32\...\{90140000-001A-0409-0000-0000000FF1CE}_Office14.PROPLUS_{DCE104A1-1875-4469-A83D-A5BFA6C4640F}) (Version:  - Microsoft)
Update for Microsoft PowerPoint 2010 (KB2837579) 32-Bit Edition (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{2BA40F82-F3A4-441C-BF1A-ED4C42FF4872}) (Version:  - Microsoft)
Update for Microsoft PowerPoint 2010 (KB2837579) 32-Bit Edition (HKLM-x32\...\{90140000-0018-0409-0000-0000000FF1CE}_Office14.PROPLUS_{334AA0A1-2BB1-4D74-B66A-2B2C4D9C2C87}) (Version:  - Microsoft)
Update for Microsoft SharePoint Workspace 2010 (KB2760601) 32-Bit Edition (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{F9F5A080-AF38-4966-9A6B-C43DCA465035}) (Version:  - Microsoft)
Update for Microsoft SharePoint Workspace 2010 (KB2760601) 32-Bit Edition (HKLM-x32\...\{90140000-002A-0000-1000-0000000FF1CE}_Office14.PROPLUS_{F9F5A080-AF38-4966-9A6B-C43DCA465035}) (Version:  - Microsoft)
Update for Microsoft Visio 2010 (KB2880526) 32-Bit Edition (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{7B29D8B8-6A87-496C-A65E-B935E740448A}) (Version:  - Microsoft)
Update for Microsoft Visio Viewer 2010 (KB2837587) 32-Bit Edition (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{38CF30E4-3348-4BD1-A859-B630C355A56F}) (Version:  - Microsoft)
Update for Microsoft Word 2010 (KB2880529) 32-Bit Edition (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{B9B89E01-5B6B-4F73-BC34-B2C0D8ACB4CD}) (Version:  - Microsoft)
VLC media player (HKLM-x32\...\VLC media player) (Version: 2.1.5 - VideoLAN)
WD SmartWare (HKLM\...\{604CB4FC-3D32-405F-A109-165F170529B6}) (Version: 1.2.0.20 - Western Digital)
WIDCOMM Bluetooth Software (HKLM\...\{A1439D4F-FD46-47F2-A1D3-FEE097C29A09}) (Version: 6.5.1.4000 - Broadcom Corporation)
Windows Driver Package - Texas Instruments Inc. (SilvrLnk) USB  (06/11/2009 1.0.0.0) (HKLM\...\EC3E466026556D3EB760B01C4772277614354E11) (Version: 06/11/2009 1.0.0.0 - Texas Instruments Inc.)
Windows Driver Package - Texas Instruments Inc. (TIEHDUSB) USB  (09/02/2009 1.0.0.1) (HKLM\...\7511B29C86C398B4D11A0B0E4176CAD68D1B7057) (Version: 09/02/2009 1.0.0.1 - Texas Instruments Inc.)
Windows Live Communications Platform (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3508.0205 - Microsoft Corporation)
Windows Live Essentials (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Windows Live ID Sign-in Assistant (Version: 7.250.4311.0 - Microsoft Corporation) Hidden
Windows Live Installer (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Windows Live Photo Common (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Windows Live PIMT Platform (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Windows Live SOXE (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Windows Live SOXE Definitions (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Windows Live UX Platform (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Windows Live UX Platform Language Pack (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
WinRAR 4.20 (64-bit) (HKLM\...\WinRAR archiver) (Version: 4.20.0 - win.rar GmbH)
XImage (HKLM-x32\...\{F998B3B6-B961-4060-9375-9B9961030C93}) (Version: 7.1.6 - Dell Inc.)
 
==================== Custom CLSID (selected items): ==========================
 
(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)
 
CustomCLSID: HKU\S-1-5-21-997238165-3031810234-1435239162-1001_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Users\Nick\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-997238165-3031810234-1435239162-1001_Classes\CLSID\{355EC88A-02E2-4547-9DEE-F87426484BD1}\InprocServer32 -> C:\Users\Nick\AppData\Local\Google\Update\1.3.23.9\psuser_64.dll No File
CustomCLSID: HKU\S-1-5-21-997238165-3031810234-1435239162-1001_Classes\CLSID\{90B3DFBF-AF6A-4EA0-8899-F332194690F8}\InprocServer32 -> C:\Users\Nick\AppData\Local\Google\Update\1.3.24.15\psuser_64.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-997238165-3031810234-1435239162-1001_Classes\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}\InprocServer32 -> C:\Users\Nick\AppData\Local\Microsoft\SkyDrive\17.0.2010.0530\amd64\SkyDriveShell64.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-997238165-3031810234-1435239162-1001_Classes\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524}\InprocServer32 -> C:\Users\Nick\AppData\Local\Microsoft\SkyDrive\17.0.2010.0530\amd64\SkyDriveShell64.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-997238165-3031810234-1435239162-1001_Classes\CLSID\{CB3D0F55-BC2C-4C1A-85ED-23ED75B5106B}\InprocServer32 -> C:\Users\Nick\AppData\Local\Microsoft\SkyDrive\17.0.2010.0530\amd64\SkyDriveShell64.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-997238165-3031810234-1435239162-1001_Classes\CLSID\{E8CF3E55-F919-49D9-ABC0-948E6CB34B9F}\InprocServer32 -> C:\Users\Nick\AppData\Local\Google\Update\1.3.24.15\psuser_64.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-997238165-3031810234-1435239162-1001_Classes\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A}\InprocServer32 -> C:\Users\Nick\AppData\Local\Microsoft\SkyDrive\17.0.2010.0530\amd64\SkyDriveShell64.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-997238165-3031810234-1435239162-1001_Classes\CLSID\{F8071786-1FD0-4A66-81A1-3CBE29274458}\InprocServer32 -> C:\Users\Nick\AppData\Local\Microsoft\SkyDrive\17.0.2010.0530\amd64\FileSyncApi64.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-997238165-3031810234-1435239162-1001_Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Nick\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-997238165-3031810234-1435239162-1001_Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Nick\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-997238165-3031810234-1435239162-1001_Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Nick\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-997238165-3031810234-1435239162-1001_Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Nick\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-997238165-3031810234-1435239162-1001_Classes\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Nick\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-997238165-3031810234-1435239162-1001_Classes\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Nick\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-997238165-3031810234-1435239162-1001_Classes\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Nick\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-997238165-3031810234-1435239162-1001_Classes\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Nick\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-997238165-3031810234-1435239162-1001_Classes\CLSID\{FE498BAB-CB4C-4F88-AC3F-3641AAAF5E9E}\InprocServer32 -> C:\Users\Nick\AppData\Local\Google\Update\1.3.24.7\psuser_64.dll No File
 
==================== Restore Points  =========================
 
20-08-2014 21:36:58 Installed Software Updater
21-08-2014 05:15:07 Windows Update
24-08-2014 06:27:13 Windows Update
27-08-2014 14:14:57 Windows Update
28-08-2014 14:02:28 Windows Update
 
==================== Hosts content: ==========================
 
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 
2009-07-13 22:34 - 2009-06-10 17:00 - 00000824 ____A C:\windows\system32\Drivers\etc\hosts
 
==================== Scheduled Tasks (whitelisted) =============
 
(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)
 
Task: {082D3D97-6D5B-4B46-AD20-246E6FCF322F} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-06-24] (Google Inc.)
Task: {1994B7C0-0C7B-416B-A84E-7724A939C1E6} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {1EF90CC3-E826-4868-B337-4986366783BD} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-997238165-3031810234-1435239162-1001UA => C:\Users\Nick\AppData\Local\Google\Update\GoogleUpdate.exe [2013-07-26] (Google Inc.)
Task: {237A1CBB-8C5E-41C7-873E-DEBE1FEA8117} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2013-12-17] (Piriform Ltd)
Task: {442A31BE-7F57-4B2B-88D8-64A509A7FBFE} - System32\Tasks\MATLAB R2013a Startup Accelerator => C:\Program Files\MATLAB\R2013a\bin\win64\MATLABStartupAccelerator.exe [2013-01-16] ()
Task: {84C1EE2E-2E19-4603-9496-BA901348B17B} - System32\Tasks\Microsoft\Configuration Manager\Configuration Manager Idle Detection
Task: {894D5B4F-3DCA-4048-8DA4-744A98604E0C} - System32\Tasks\Microsoft\Configuration Manager\Configuration Manager Health Evaluation => C:\windows\CCM\ccmeval.exe [2012-11-21] (Microsoft Corporation)
Task: {89E0D757-1367-4385-BC29-1B7E308801CD} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-06-24] (Google Inc.)
Task: {99E59A22-F074-412B-B4FF-5AA06E4AC05C} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-997238165-3031810234-1435239162-1001Core => C:\Users\Nick\AppData\Local\Google\Update\GoogleUpdate.exe [2013-07-26] (Google Inc.)
Task: {9E1A2547-0572-425A-8095-003F5FE7EE11} - System32\Tasks\Microsoft\Windows\WindowsBackup\AutomaticBackup => Rundll32.exe /d sdengin2.dll,ExecuteScheduledBackup
Task: {B9B9823C-2B93-4C02-ABA6-433140CB7C0E} - System32\Tasks\{A82F8A66-210F-4298-8F2C-05EC620DF7FE} => C:\Program Files (x86)\Microsoft Office\Office14\OUTLOOK.EXE [2013-11-08] (Microsoft Corporation)
Task: {F31BDF32-4112-4645-8A04-93400F4F7FC6} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-07-09] (Adobe Systems Incorporated)
Task: C:\windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-997238165-3031810234-1435239162-1001Core.job => C:\Users\Nick\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-997238165-3031810234-1435239162-1001UA.job => C:\Users\Nick\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\windows\Tasks\MATLAB R2013a Startup Accelerator.job => C:\Program Files\MATLAB\R2013a\bin\win64\MATLABStartupAccelerator.exe
 
==================== Loaded Modules (whitelisted) =============
 
2013-06-24 19:16 - 2012-10-04 19:49 - 00087152 _____ () C:\windows\System32\cpwmon64.dll
2014-07-16 11:06 - 2014-07-16 11:06 - 00672416 _____ () C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSync\CoreSync_x64.dll
2014-07-08 18:57 - 2013-02-18 08:23 - 00695808 _____ () C:\Program Files (x86)\Dual Monitor\ExplorerHook64.dll
2010-11-10 22:53 - 2010-11-10 22:53 - 00817136 _____ () C:\Program Files\Roxio\Roxio Burn\RBVirtualFolder64.dll
2013-09-10 17:49 - 2014-03-07 16:39 - 03168576 _____ () C:\Users\Nick\AppData\Local\Amazon Cloud Player\Amazon Music Helper.exe
2009-08-19 15:49 - 2009-08-19 15:49 - 00049152 _____ () C:\Program Files (x86)\Western Digital\WD SmartWare\Front Parlor\Memeo.API.dll
2009-02-25 14:18 - 2009-02-25 14:18 - 01196032 _____ () C:\Program Files (x86)\Western Digital\WD SmartWare\Front Parlor\sqlite3.DLL
2010-11-17 10:35 - 2010-11-17 10:35 - 00514544 _____ () C:\Program Files (x86)\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe
2013-06-19 23:02 - 2003-04-18 08:36 - 00008192 _____ () C:\windows\SysWOW64\srvany.exe
2013-10-10 17:48 - 2013-10-10 17:48 - 00063376 _____ () C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\zlib1.dll
2014-01-20 14:17 - 2014-01-20 14:17 - 00073544 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
2014-01-20 14:16 - 2014-01-20 14:16 - 01044808 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
2010-11-24 22:44 - 2010-11-24 22:44 - 00375280 _____ () c:\program files (x86)\common files\roxio shared\dllshared\SQLite352.dll
2013-09-05 01:14 - 2013-09-05 01:14 - 04300456 _____ () C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF
2010-10-20 15:45 - 2010-10-20 15:45 - 08801120 _____ () C:\Program Files (x86)\Microsoft Office\Office14\1033\GrooveIntlResource.dll
2009-07-13 17:03 - 2009-07-13 21:15 - 00364544 _____ () C:\Windows\SysWOW64\msjetoledb40.dll
2014-08-14 12:32 - 2014-08-06 23:20 - 00718152 _____ () C:\Program Files (x86)\Google\Chrome\Application\36.0.1985.143\libglesv2.dll
2014-08-14 12:32 - 2014-08-06 23:20 - 00126280 _____ () C:\Program Files (x86)\Google\Chrome\Application\36.0.1985.143\libegl.dll
2014-08-14 12:32 - 2014-08-06 23:20 - 08537928 _____ () C:\Program Files (x86)\Google\Chrome\Application\36.0.1985.143\pdf.dll
2014-08-14 12:32 - 2014-08-06 23:20 - 00353096 _____ () C:\Program Files (x86)\Google\Chrome\Application\36.0.1985.143\ppGoogleNaClPluginChrome.dll
2014-08-14 12:32 - 2014-08-06 23:20 - 01732936 _____ () C:\Program Files (x86)\Google\Chrome\Application\36.0.1985.143\ffmpegsumo.dll
2014-08-28 10:12 - 2014-08-28 10:12 - 00098816 _____ () C:\Users\Nick\AppData\Local\Temp\_MEI43882\win32api.pyd
2014-08-28 10:12 - 2014-08-28 10:12 - 00110080 _____ () C:\Users\Nick\AppData\Local\Temp\_MEI43882\pywintypes27.dll
2014-08-28 10:12 - 2014-08-28 10:12 - 00364544 _____ () C:\Users\Nick\AppData\Local\Temp\_MEI43882\pythoncom27.dll
2014-08-28 10:12 - 2014-08-28 10:12 - 00045568 _____ () C:\Users\Nick\AppData\Local\Temp\_MEI43882\_socket.pyd
2014-08-28 10:12 - 2014-08-28 10:12 - 01160704 _____ () C:\Users\Nick\AppData\Local\Temp\_MEI43882\_ssl.pyd
2014-08-28 10:12 - 2014-08-28 10:12 - 00320512 _____ () C:\Users\Nick\AppData\Local\Temp\_MEI43882\win32com.shell.shell.pyd
2014-08-28 10:12 - 2014-08-28 10:12 - 00713216 _____ () C:\Users\Nick\AppData\Local\Temp\_MEI43882\_hashlib.pyd
2014-08-28 10:12 - 2014-08-28 10:12 - 01175040 _____ () C:\Users\Nick\AppData\Local\Temp\_MEI43882\wx._core_.pyd
2014-08-28 10:12 - 2014-08-28 10:12 - 00805888 _____ () C:\Users\Nick\AppData\Local\Temp\_MEI43882\wx._gdi_.pyd
2014-08-28 10:12 - 2014-08-28 10:12 - 00811008 _____ () C:\Users\Nick\AppData\Local\Temp\_MEI43882\wx._windows_.pyd
2014-08-28 10:12 - 2014-08-28 10:12 - 01062400 _____ () C:\Users\Nick\AppData\Local\Temp\_MEI43882\wx._controls_.pyd
2014-08-28 10:12 - 2014-08-28 10:12 - 00735232 _____ () C:\Users\Nick\AppData\Local\Temp\_MEI43882\wx._misc_.pyd
2014-08-28 10:12 - 2014-08-28 10:12 - 00128512 _____ () C:\Users\Nick\AppData\Local\Temp\_MEI43882\_elementtree.pyd
2014-08-28 10:12 - 2014-08-28 10:12 - 00127488 _____ () C:\Users\Nick\AppData\Local\Temp\_MEI43882\pyexpat.pyd
2014-08-28 10:12 - 2014-08-28 10:12 - 00557056 _____ () C:\Users\Nick\AppData\Local\Temp\_MEI43882\pysqlite2._sqlite.pyd
2014-08-28 10:12 - 2014-08-28 10:12 - 00007168 _____ () C:\Users\Nick\AppData\Local\Temp\_MEI43882\hashobjs_ext.pyd
2014-08-28 10:12 - 2014-08-28 10:12 - 00087552 _____ () C:\Users\Nick\AppData\Local\Temp\_MEI43882\_ctypes.pyd
2014-08-28 10:12 - 2014-08-28 10:12 - 00119808 _____ () C:\Users\Nick\AppData\Local\Temp\_MEI43882\win32file.pyd
2014-08-28 10:12 - 2014-08-28 10:12 - 00108544 _____ () C:\Users\Nick\AppData\Local\Temp\_MEI43882\win32security.pyd
2014-08-28 10:12 - 2014-08-28 10:12 - 00018432 _____ () C:\Users\Nick\AppData\Local\Temp\_MEI43882\win32event.pyd
2014-08-28 10:12 - 2014-08-28 10:12 - 00038912 _____ () C:\Users\Nick\AppData\Local\Temp\_MEI43882\win32inet.pyd
2014-08-28 10:12 - 2014-08-28 10:12 - 00070656 _____ () C:\Users\Nick\AppData\Local\Temp\_MEI43882\wx._html2.pyd
2014-08-28 10:12 - 2014-08-28 10:12 - 00167936 _____ () C:\Users\Nick\AppData\Local\Temp\_MEI43882\win32gui.pyd
2014-08-28 10:12 - 2014-08-28 10:12 - 00011264 _____ () C:\Users\Nick\AppData\Local\Temp\_MEI43882\win32crypt.pyd
2014-08-28 10:12 - 2014-08-28 10:12 - 00027136 _____ () C:\Users\Nick\AppData\Local\Temp\_MEI43882\_multiprocessing.pyd
2014-08-28 10:12 - 2014-08-28 10:12 - 00686080 _____ () C:\Users\Nick\AppData\Local\Temp\_MEI43882\unicodedata.pyd
2014-08-28 10:12 - 2014-08-28 10:12 - 00122368 _____ () C:\Users\Nick\AppData\Local\Temp\_MEI43882\wx._wizard.pyd
2014-08-28 10:12 - 2014-08-28 10:12 - 00010240 _____ () C:\Users\Nick\AppData\Local\Temp\_MEI43882\select.pyd
2014-08-28 10:12 - 2014-08-28 10:12 - 00024064 _____ () C:\Users\Nick\AppData\Local\Temp\_MEI43882\win32pipe.pyd
2014-08-28 10:12 - 2014-08-28 10:12 - 00025600 _____ () C:\Users\Nick\AppData\Local\Temp\_MEI43882\win32pdh.pyd
2014-08-28 10:12 - 2014-08-28 10:12 - 00525640 _____ () C:\Users\Nick\AppData\Local\Temp\_MEI43882\windows._lib_cacheinvalidation.pyd
2014-08-28 10:12 - 2014-08-28 10:12 - 00035840 _____ () C:\Users\Nick\AppData\Local\Temp\_MEI43882\win32process.pyd
2014-08-28 10:12 - 2014-08-28 10:12 - 00017408 _____ () C:\Users\Nick\AppData\Local\Temp\_MEI43882\win32profile.pyd
2014-08-28 10:12 - 2014-08-28 10:12 - 00022528 _____ () C:\Users\Nick\AppData\Local\Temp\_MEI43882\win32ts.pyd
2014-08-28 10:12 - 2014-08-28 10:12 - 00078336 _____ () C:\Users\Nick\AppData\Local\Temp\_MEI43882\wx._animate.pyd
2014-01-15 16:38 - 2012-07-18 12:55 - 01198912 _____ () C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\ACE.dll
 
==================== Alternate Data Streams (whitelisted) =========
 
(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)
 
 
==================== Safe Mode (whitelisted) ===================
 
(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
 
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PEVSystemStart => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\procexp90.Sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\PEVSystemStart => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\procexp90.Sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Wdf01000.sys => ""="Driver"
 
==================== EXE Association (whitelisted) =============
 
(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)
 
 
==================== MSCONFIG/TASK MANAGER disabled items =========
 
(Currently there is no automatic fix for this section.)
 
 
==================== Faulty Device Manager Devices =============
 
Name: Cisco AnyConnect Secure Mobility Client Virtual Miniport Adapter for Windows x64
Description: Cisco AnyConnect Secure Mobility Client Virtual Miniport Adapter for Windows x64
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Cisco Systems
Service: vpnva
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (08/28/2014 10:13:37 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (08/28/2014 10:13:21 AM) (Source: MsiInstaller) (EventID: 1024) (User: NBURWIN-LT)
Description: Product: Adobe Reader XI (11.0.07) - Update '{AC76BA86-7AD7-0000-2550-7A8C40011008}' could not be installed. Error code 1625. Windows Installer can create logs to help troubleshoot issues with installing software packages. Use the following link for instructions on turning on logging support: http://go.microsoft.com/fwlink/?LinkId=23127
 
Error: (08/27/2014 10:07:28 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: 488: ERROR: read_msg errno 0 (The operation completed successfully.)
 
Error: (08/27/2014 10:07:28 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: ERROR: mDNSPlatformReadTCP - recv: 10053
 
Error: (08/27/2014 10:07:28 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: 488: ERROR: read_msg errno 0 (The operation completed successfully.)
 
Error: (08/27/2014 10:07:28 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: ERROR: mDNSPlatformReadTCP - recv: 10053
 
Error: (08/27/2014 10:07:28 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: 488: ERROR: read_msg errno 0 (The operation completed successfully.)
 
Error: (08/27/2014 10:07:28 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: ERROR: mDNSPlatformReadTCP - recv: 10053
 
Error: (08/27/2014 10:07:28 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: 488: ERROR: read_msg errno 0 (The operation completed successfully.)
 
Error: (08/27/2014 10:07:28 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: ERROR: mDNSPlatformReadTCP - recv: 10053
 
 
System errors:
=============
Error: (08/28/2014 10:14:44 AM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: application-specificLocalLaunch{05D1D5D8-18D1-4B83-85ED-A0F99D53C885}{AD65A69D-3831-40D7-9629-9B0B50A93843}NT AUTHORITYSYSTEMS-1-5-18LocalHost (Using LRPC)
 
Error: (08/28/2014 10:01:51 AM) (Source: Disk) (EventID: 11) (User: )
Description: The driver detected a controller error on \Device\Harddisk1\DR23.
 
Error: (08/27/2014 09:35:00 PM) (Source: bowser) (EventID: 8003) (User: )
Description: The master browser has received a server announcement from the computer SARAH-PC
that believes that it is the master browser for the domain on transport NetBT_Tcpip_{7064B6CF-2B7A-4A38-AB4F-9E119F428F74}.
The master browser is stopping or an election is being forced.
 
Error: (08/27/2014 09:22:58 PM) (Source: bowser) (EventID: 8003) (User: )
Description: The master browser has received a server announcement from the computer SARAH-PC
that believes that it is the master browser for the domain on transport NetBT_Tcpip_{7064B6CF-2B7A-4A38-AB4F-9E119F428F74}.
The master browser is stopping or an election is being forced.
 
Error: (08/27/2014 08:26:57 PM) (Source: bowser) (EventID: 8003) (User: )
Description: The master browser has received a server announcement from the computer SARAH-PC
that believes that it is the master browser for the domain on transport NetBT_Tcpip_{7064B6CF-2B7A-4A38-AB4F-9E119F428F74}.
The master browser is stopping or an election is being forced.
 
Error: (08/27/2014 06:14:27 PM) (Source: Disk) (EventID: 11) (User: )
Description: The driver detected a controller error on \Device\Harddisk1\DR23.
 
Error: (08/27/2014 06:14:27 PM) (Source: Disk) (EventID: 11) (User: )
Description: The driver detected a controller error on \Device\Harddisk1\DR23.
 
Error: (08/27/2014 06:14:26 PM) (Source: Disk) (EventID: 11) (User: )
Description: The driver detected a controller error on \Device\Harddisk1\DR23.
 
Error: (08/27/2014 06:14:26 PM) (Source: Disk) (EventID: 11) (User: )
Description: The driver detected a controller error on \Device\Harddisk1\DR23.
 
Error: (08/27/2014 06:14:25 PM) (Source: Disk) (EventID: 11) (User: )
Description: The driver detected a controller error on \Device\Harddisk1\DR23.
 
 
Microsoft Office Sessions:
=========================
Error: (08/28/2014 10:13:37 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (08/28/2014 10:13:21 AM) (Source: MsiInstaller) (EventID: 1024) (User: NBURWIN-LT)
Description: Adobe Reader XI (11.0.07){AC76BA86-7AD7-0000-2550-7A8C40011008}1625(NULL)(NULL)(NULL)
 
Error: (08/27/2014 10:07:28 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: 488: ERROR: read_msg errno 0 (The operation completed successfully.)
 
Error: (08/27/2014 10:07:28 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: ERROR: mDNSPlatformReadTCP - recv: 10053
 
Error: (08/27/2014 10:07:28 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: 488: ERROR: read_msg errno 0 (The operation completed successfully.)
 
Error: (08/27/2014 10:07:28 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: ERROR: mDNSPlatformReadTCP - recv: 10053
 
Error: (08/27/2014 10:07:28 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: 488: ERROR: read_msg errno 0 (The operation completed successfully.)
 
Error: (08/27/2014 10:07:28 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: ERROR: mDNSPlatformReadTCP - recv: 10053
 
Error: (08/27/2014 10:07:28 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: 488: ERROR: read_msg errno 0 (The operation completed successfully.)
 
Error: (08/27/2014 10:07:28 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: ERROR: mDNSPlatformReadTCP - recv: 10053
 
 
CodeIntegrity Errors:
===================================
  Date: 2014-02-19 00:39:36.482
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Program Files (x86)\ATI Technologies\HydraVision\HydraDMH64.dll because the set of per-page image hashes could not be found on the system.
 
  Date: 2014-02-19 00:39:36.449
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Program Files (x86)\ATI Technologies\HydraVision\HydraDMH64.dll because the set of per-page image hashes could not be found on the system.
 
  Date: 2014-02-19 00:39:36.416
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Program Files (x86)\ATI Technologies\HydraVision\HydraDMH64.dll because the set of per-page image hashes could not be found on the system.
 
  Date: 2014-02-19 00:39:36.382
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Program Files (x86)\ATI Technologies\HydraVision\HydraDMH64.dll because the set of per-page image hashes could not be found on the system.
 
  Date: 2014-02-19 00:39:36.349
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Program Files (x86)\ATI Technologies\HydraVision\HydraDMH64.dll because the set of per-page image hashes could not be found on the system.
 
  Date: 2014-02-19 00:39:36.316
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Program Files (x86)\ATI Technologies\HydraVision\HydraDMH64.dll because the set of per-page image hashes could not be found on the system.
 
  Date: 2014-02-19 00:39:36.283
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Program Files (x86)\ATI Technologies\HydraVision\HydraDMH64.dll because the set of per-page image hashes could not be found on the system.
 
  Date: 2014-02-19 00:39:36.250
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Program Files (x86)\ATI Technologies\HydraVision\HydraDMH64.dll because the set of per-page image hashes could not be found on the system.
 
  Date: 2014-02-19 00:39:36.216
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Program Files (x86)\ATI Technologies\HydraVision\HydraDMH64.dll because the set of per-page image hashes could not be found on the system.
 
  Date: 2014-02-19 00:39:36.183
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Program Files (x86)\ATI Technologies\HydraVision\HydraDMH64.dll because the set of per-page image hashes could not be found on the system.
 
 
==================== Memory info =========================== 
 
Processor: Intel® Core™ i7-3740QM CPU @ 2.70GHz
Percentage of memory in use: 48%
Total physical RAM: 8133.72 MB
Available physical RAM: 4187.51 MB
Total Pagefile: 16265.62 MB
Available Pagefile: 12199.58 MB
Total Virtual: 8192 MB
Available Virtual: 8191.83 MB
 
==================== Drives ================================
 
Drive c: () (Fixed) (Total:698.3 GB) (Free:588.76 GB) NTFS
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (MBR Code: Windows 7 or Vista) (Size: 698.6 GB) (Disk ID: 2D9CBF65)
Partition 1: (Not Active) - (Size=39 MB) - (Type=DE)
Partition 2: (Active) - (Size=300 MB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=698.3 GB) - (Type=07 NTFS)
 
==================== End Of Log ============================


#4 fireman4it

fireman4it

    Bleepin' Fireman


  • Malware Response Team
  • 13,512 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Greenup, Ill USA
  • Local time:03:07 PM

Posted 28 August 2014 - 08:12 PM

1.

Uninstalling A Program Through "add/remove"

Click "start" on the taskbar and then click on the "Control Panel" icon.
Please doubleclick the "Add or Remove Programs" icon
A list of programs installed will be "populated" this may take a bit of time.
If they exist, uninstall the following by clicking on the following entries and selecting "remove":

ScorpionSaver

Additional instructions can be found here if needed.

 

 

 

2.

Download attached fixlist.txt file and save it to the Desktop.

NOTE. It's important that both files, FRST/FRST64 and fixlist.txt are in the same location or the fix will not work.

NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

Run FRST/FRST64 and press the Fix button just once and wait.
If for some reason the tool needs a restart, please make sure you let the system restart normally. After that let the tool complete its run.
When finished FRST will generate a log on the Desktop (Fixlog.txt). Please post it to your reply.

 

 

Attached File  fixlist.txt   1.19KB   4 downloads

 

 

3.

Download and run Junkware Removal Tool. ***Your Anti Virus may see this download as malicious, don't worry continue on. 

Please download Junkware Removal Tool to your desktop.

 

  • shut down your protection software now to avoid potential conflicts.
  • run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator"
    the tool will open and start scanning your system
  • please be patient as this can take a while to complete depending on your system's specifications
  • on completion, a log (JRT.txt) is saved to your desktop and will automatically open
  • post the contents of JRT.txt into your next Reply.

 

 

How is your machine running now?

 

 

 

 


" Extinguishing Malware from the world"

The Virus, Trojan, Spyware, and Malware Removal forum is very busy. If I'm helping you and I've not posted back within 24 hrs., send a PM with your topic link. Thank you.

ALL OTHER HELP REQUESTS VIA THE PM SYSTEM WILL BE IGNORED. The Forums are there for a reason!
Thanks-


  userbar_eis_500.gif

If I have helped you, consider making a donation to help me continue the fight against Malware! Just click btn_donate_LG.gif


#5 Manned Corn

Manned Corn
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:04:07 PM

Posted 29 August 2014 - 12:05 AM

I have tried to uninstall Scorpion Saver from my program list many times. Whenever I try, I get a screen that says "The feature you are trying to use is on a network resourse that is unavailable." Then it gives me a box to select to use as a source to uninstall the program. (I took a screen shot of this menu for you but I can't figure out how to post the .PNG file here for you, sorry).

Here is the Fixlog.txt:

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 25-08-2014
Ran by NBurwin at 2014-08-29 00:47:50 Run:1
Running from C:\Users\Nick\Desktop
Boot Mode: Normal
==============================================
 
Content of fixlist:
*****************
HKU\S-1-5-21-997238165-3031810234-1435239162-1001\...\Run: [iFunBox Price Watch] => C:\Program Files (x86)\iFunbox 2014\iFunBox2014.exe [7748096 2013-11-26] (i-Funbox.com)
S3 aspnet_state; %SystemRoot%\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [X]
S4 ntrtscan; c:\Program Files (x86)\Trend Micro\OfficeScan Client\NTRtScan.exe [X]
R2 rpcld; C:\ProgramData\Rpcnet\Bin\rpcld.exe [X]
S4 tmlisten; c:\Program Files (x86)\Trend Micro\OfficeScan Client\TmListen.exe [X]
S3 btwl2cap; system32\DRIVERS\btwl2cap.sys [X]
S3 btwrchid; system32\DRIVERS\btwrchid.sys [X]
S3 VGPU; System32\drivers\rdvgkmd.sys [X]
C:\Users\Nick\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpqtb79h.dll
C:\Users\Nick\AppData\Local\Temp\i4jdel0.exe
C:\Users\Nick\AppData\Local\Temp\jre-7u65-windows-i586-iftw.exe
C:\Users\Nick\AppData\Local\Temp\jre-7u67-windows-i586-iftw.exe
C:\Users\Nick\AppData\Local\Temp\Quarantine.exe
C:\Users\Nick\AppData\Local\Temp\vlc-2.1.5-win32.exe
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
*****************
 
HKU\S-1-5-21-997238165-3031810234-1435239162-1001\Software\Microsoft\Windows\CurrentVersion\Run\\iFunBox Price Watch => value deleted successfully.
"HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{6FEC9E9D-9B84-444B-A94A-DA22FBAC5811}" => Key deleted successfully.
"HKCR\CLSID\{6FEC9E9D-9B84-444B-A94A-DA22FBAC5811}" => Key not found.
aspnet_state => Service deleted successfully.
ntrtscan => Service deleted successfully.
rpcld => Service stopped successfully.
rpcld => Service deleted successfully.
tmlisten => Service deleted successfully.
btwl2cap => Service deleted successfully.
btwrchid => Service deleted successfully.
VGPU => Service deleted successfully.
C:\Users\Nick\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpqtb79h.dll => Moved successfully.
C:\Users\Nick\AppData\Local\Temp\i4jdel0.exe => Moved successfully.
C:\Users\Nick\AppData\Local\Temp\jre-7u65-windows-i586-iftw.exe => Moved successfully.
C:\Users\Nick\AppData\Local\Temp\jre-7u67-windows-i586-iftw.exe => Moved successfully.
C:\Users\Nick\AppData\Local\Temp\Quarantine.exe => Moved successfully.
C:\Users\Nick\AppData\Local\Temp\vlc-2.1.5-win32.exe => Moved successfully.
 
==== End of Fixlog ====
 
Here is the JRT.txt:
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.1.4 (04.06.2014:1)
OS: Windows 7 Enterprise x64
Ran by NBurwin on Fri 08/29/2014 at  0:49:51.17
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 
 
 
 
~~~ Services
 
 
 
~~~ Registry Values
 
 
 
~~~ Registry Keys
 
 
 
~~~ Files
 
 
 
~~~ Folders
 
Successfully deleted: [Folder] "C:\windows\syswow64\ai_recyclebin"
 
 
 
~~~ FireFox
 
Emptied folder: C:\Users\Nick\AppData\Roaming\mozilla\firefox\profiles\p223oxtt.default\minidumps [3 files]
 
 
 
~~~ Event Viewer Logs were cleared
 
 
 
 
 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Fri 08/29/2014 at  0:54:34.41
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 
 
As far as how my machine is running now, although Scorpion Saver is still listed in my program list, when I opened Firefox, there weren't any of the popups or random tabs that I mentioned in my original post so it is definitely working! Thank you for all your help so far!


#6 fireman4it

fireman4it

    Bleepin' Fireman


  • Malware Response Team
  • 13,512 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Greenup, Ill USA
  • Local time:03:07 PM

Posted 29 August 2014 - 10:58 PM

Lets check for any leftovers.

 

1.

Please download Malwarebytes Anti-Malware photo.jpg?sz=48 and save it to your desktop.

  • Double-click on the setup file (mbam-setup.exe), then click on Run to install.
  • Malwarebytes will automatically open to it's Dashboard. If you have never run this version, you should see a red note at the top indicating "A scan has never been run on your system"
     
    malwarebytes-anti-malware-fix-now.jpg
    .
  • Click on Update Now to download the current database definitions, then click the Scan Now >> button.
    .
  • If you have run this version before, you should see a green note at the top indicating "Your system is fully protected".
  • You will be prompted to update Malwarebytes...click on the Update Now button.
     
    malwarebytes-anti-malware-2-0-update-now
    .
  • The THREAT SCAN will automatically begin.
     
    malwarebytes-anti-malware-scan.jpg
    .
  • When the scan has completed, the results will be displayed. Click on Quarantine All, then click on Apply Actions.
     
    malwarebytes-anti-malware-potential-thre
    .
  • To complete any actions taken you will be prompted to restart your computer...click on Yes. Failure to reboot normally will prevent Malwarebytes from removing all the malware.
     
    mbam4_zps490948cc.png
    .
  • After rebooting the computer, copy and past the mbam.log in your next reply.

.
To retrieve the Malwarebytes Anti-Malware 2.0 scan log information (Method 1)
  • Open Malwarebytes Anti-Malware.
  • Click the History Tab at the top and select Application Logs.
  • Select (check) the box next to Scan Log. Choose the most current scan.
  • Click the View button.
  • Click Copy to Clipboard at the bottom...come back to this thread, click Add Reply, then right-click and choose Paste.
  • Alternatively, you can click Export and save the log as a .txt file on your Desktop or another location.
  • Be sure to post the complete log to include the top portion which shows MBAM's database version and your operating system.

To retrieve the Malwarebytes Anti-Malware 2.0 scan log information (Method 2)
  • Open Malwarebytes Anti-Malware.
  • Click the Scan Tab at the top.
  • Click the View detailed log link on the right.
  • Click Copy to Clipboard at the bottom...come back to this thread, click Add Reply, then right-click and choose Paste.
  • Alternatively, you can click Export and save the log as a .txt file on your Desktop or another location.
  • Be sure to post the complete log to include the top portion which shows MBAM's database version and your operating system.


Logs are named by the date of scan in the following format: mbam-log-yyyy-mm-dd and automatically saved to the following locations:
-- XP: C:\Documents and Settings\<Username>\Application Data\Malwarebytes\Malwarebytes Anti-Malware\Logs\mbam-log-yyyy-mm-dd
-- Vista, Windows 7/8: C:\ProgramData\Malwarebytes\Malwarebytes Anti-Malware\Logs\mbam-log-yyyy-mm-dd

 

2.

 ESET Online Scanner

Note: You can use either Internet Explorer or Mozilla FireFox for this scan. You will however need to disable your current installed Anti-Virus, how to do so can be read here.

  • Please go >>HERE<< then click on: ESET1st.jpg

    Note: If using Mozilla Firefox you will need to download esetsmartinstaller_enu.exe when prompted then double click on the ESETexe.jpg icon to install.

    All of the below instructions are compatible with either Internet Explorer or Mozilla FireFox.
  • Select the option YES, I accept the Terms of Use then click on: ESETsave.jpg
  • When prompted allow the Add-On/Active X to install.
  • Make sure that the option Remove found threats IS checked, and the option Scan archives is checked.
  • Now click on Advanced Settings and select the following:
  • Scan for potentially unwanted applications
  • Scan for potentially unsafe applications
  • Enable Anti-Stealth Technology
  • Now click on: EOLS3.gif
  • The virus signature database... will begin to download. Be patient this make take some time depending on the speed of your Internet Connection.
  • When completed the Online Scan will begin automatically.
  • Do not touch either the Mouse or keyboard during the scan otherwise it may stall.
  • When completed make sure you first copy the logfile located at C:\Program Files\ESET\EsetOnlineScanner\log.txt
  • Copy and paste that log as a reply to this topic.
  • Now click on: EOLS4.gif
    (Selecting Uninstall application on close if you so wish)

 

 

 

Things to include inyour next reply::

MBAM log

Eset log

How is your machine running now?


" Extinguishing Malware from the world"

The Virus, Trojan, Spyware, and Malware Removal forum is very busy. If I'm helping you and I've not posted back within 24 hrs., send a PM with your topic link. Thank you.

ALL OTHER HELP REQUESTS VIA THE PM SYSTEM WILL BE IGNORED. The Forums are there for a reason!
Thanks-


  userbar_eis_500.gif

If I have helped you, consider making a donation to help me continue the fight against Malware! Just click btn_donate_LG.gif


#7 Manned Corn

Manned Corn
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:04:07 PM

Posted 01 September 2014 - 05:20 PM

Hey fireman,

Here is the mbam log:

Malwarebytes Anti-Malware
www.malwarebytes.org

Scan Date: 8/31/2014
Scan Time: 4:01:31 PM
Logfile: MBAMLog.txt
Administrator: Yes

Version: 2.00.2.1012
Malware Database: v2014.08.31.06
Rootkit Database: v2014.08.21.01
License: Free
Malware Protection: Disabled
Malicious Website Protection: Disabled
Self-protection: Disabled

OS: Windows 7 Service Pack 1
CPU: x64
File System: NTFS
User: NBurwin

Scan Type: Threat Scan
Result: Completed
Objects Scanned: 353476
Time Elapsed: 33 min, 3 sec

Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Warn
PUM: Enabled

Processes: 0
(No malicious items detected)

Modules: 0
(No malicious items detected)

Registry Keys: 0
(No malicious items detected)

Registry Values: 0
(No malicious items detected)

Registry Data: 0
(No malicious items detected)

Folders: 0
(No malicious items detected)

Files: 1
PUP.Optional.OptimunInstaller, C:\Users\Nick\AppData\Local\Temp\OUAngg2o.exe.part, Quarantined, [49d9379663180f27e2f842074cb404fc],

Physical Sectors: 0
(No malicious items detected)


(end)

 

I ran the ESET scanner but I can't find the log for the scan. When i go to C:\Program Files\ESET\EsetOnline Scanner the only items in that directory are OnlineScanner.ocx, OnlineScannerApp.exe, and OnlineScannerUninstaller.exe. When the scan completed it said it found 27 items but they were all toolbars of some sort. Do you know where else I should look to get you the log file?

My computer is running better now though, I don't get the popups or tabs I had originally. However Scorpion Saver is still in my program list.

 

Thanks,

Manned Corn



#8 fireman4it

fireman4it

    Bleepin' Fireman


  • Malware Response Team
  • 13,512 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Greenup, Ill USA
  • Local time:03:07 PM

Posted 02 September 2014 - 09:24 AM

You have unwanted programs on your computer system that should be removed. In your case Scorpion Saver.
I recommend using the following program to do this because it is good at removing any stray remnants that uninstallers often leave behind.

1. Please download REVO UNINSTALLER and save it on your computer.

2. Install Revo Uninstaller on your computer system.

3. Once the program is installed start the program and insure the uninstaller tab is active. (See image below)

revo-main-menu.png

Icons from all your installed programs will appear alphabetically in the main window.

4. Right click the program you wish to uninstall by selecting the program's icon in the main window. A menu will appear such as that shown below.
revo-uninstall.png

5. Next, choose Uninstall from this menu.

A confirmation from the program you wish to uninstall will appear on your screen, such as the one shown in the image below.

6. Please choose YES that you wish to uninstall the program.

revo-confirm.png

By default, Revo Uninstaller will be set to Moderate uninstall Mode.
Please change it to Advanced by clicking the radio button near Advanced as shown below and then click the NEXT button.

revo-advanced1.png

7. Next, you will see this screen where a system restore back up is made.

uninstall-1.png

The program's built in uninstaller will appear on screen, confirm removal and the uninstall procedure will begin.

confirm.png

The program you uninstalled will confirm it has been uninstalled and may ask for user feedback as shown below. It is really your choice if you wish to take the time to answer their survey, however it is not important if you do or not and you can skip it by clicking NO

uninstall-complete.png

If you are told to reboot to complete the uninstall, choose NO! We still have other things we need to remove from your computer using Revo Uninstaller's other features.

8. Once the program has been successfully uninstalled, click the NEXT button.

next-button.png

Revo Uninstaller will scan your computer for leftover information, files and registry entries.

leftover-info.png

If any registry entries are found, Revo Uninstaller will list those in BOLD text as shown below.

leftover-registry.png

It is safe to remove those entries as they are often only associated with the program you have just removed from your computer system.

9. Look for the Select All button and click it.
All the BOLD entries should now be checked off like shown in the image below.

select-all.png

Look for the DELETE button and click it.
When asked to confirm the deletion, click YES

confirm-delete-registry.png

When finished click the Next button.

Revo may confirm the uninstall is complete and offer a FINISH button. This means the program has been successfully uninstalled and no further action is needed.

If however, any leftover files and folders are found those will be presented. If you want to get rid of them click Select All then Delete.
This will remove those and send them to your RECYCLE BIN. You can then either retrieve them or clean your recycle bin permanently removing them from your computer system.

revo5.png

You can use Revo Uninstaller to remove other unwanted programs from your computer by performing the above procedures for each one.

Edited by fireman4it, 02 September 2014 - 09:26 AM.

" Extinguishing Malware from the world"

The Virus, Trojan, Spyware, and Malware Removal forum is very busy. If I'm helping you and I've not posted back within 24 hrs., send a PM with your topic link. Thank you.

ALL OTHER HELP REQUESTS VIA THE PM SYSTEM WILL BE IGNORED. The Forums are there for a reason!
Thanks-


  userbar_eis_500.gif

If I have helped you, consider making a donation to help me continue the fight against Malware! Just click btn_donate_LG.gif


#9 Manned Corn

Manned Corn
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:04:07 PM

Posted 02 September 2014 - 10:43 PM

Ok I tried running the revo uninstaller, but when I tried to uninstall scorpion saver it gave me the same window it gives me when I tried to uninstall the program from the control panel. It says "The feature you are trying to use is on a network resource that is unavailable." This is a screen shot of the menu.Capture.png



#10 fireman4it

fireman4it

    Bleepin' Fireman


  • Malware Response Team
  • 13,512 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Greenup, Ill USA
  • Local time:03:07 PM

Posted 03 September 2014 - 04:53 PM

Download CCleaner from here and save it to your desktop.  Make sure to choose the author's site

Install CCleaner.

Once installed run CCleaner and Select the TOOLS Tab on the left.

Then click on Scorpion Saver and click the Delete Button on the Right hand side.


" Extinguishing Malware from the world"

The Virus, Trojan, Spyware, and Malware Removal forum is very busy. If I'm helping you and I've not posted back within 24 hrs., send a PM with your topic link. Thank you.

ALL OTHER HELP REQUESTS VIA THE PM SYSTEM WILL BE IGNORED. The Forums are there for a reason!
Thanks-


  userbar_eis_500.gif

If I have helped you, consider making a donation to help me continue the fight against Malware! Just click btn_donate_LG.gif


#11 Manned Corn

Manned Corn
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:04:07 PM

Posted 03 September 2014 - 06:18 PM

I tried to use CCleaner to delete it but it gave me an error saying "Cannot delete MSI installer.

Capture.png



#12 fireman4it

fireman4it

    Bleepin' Fireman


  • Malware Response Team
  • 13,512 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Greenup, Ill USA
  • Local time:03:07 PM

Posted 04 September 2014 - 11:52 AM

Have you tried uninstalling Scorpion Saver in Safe mode? Try uninstalling and delete the entry in safemode.

 

Now reboot into Safe Mode.
This can be done tapping the F8 key as soon as you start your computer
You will be brought to a menu where you can choose to boot into safe mode.
Make sure you choose the option without networking support.
Please see here for additional details.


" Extinguishing Malware from the world"

The Virus, Trojan, Spyware, and Malware Removal forum is very busy. If I'm helping you and I've not posted back within 24 hrs., send a PM with your topic link. Thank you.

ALL OTHER HELP REQUESTS VIA THE PM SYSTEM WILL BE IGNORED. The Forums are there for a reason!
Thanks-


  userbar_eis_500.gif

If I have helped you, consider making a donation to help me continue the fight against Malware! Just click btn_donate_LG.gif


#13 Manned Corn

Manned Corn
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:04:07 PM

Posted 04 September 2014 - 01:22 PM

Ok I will try using safe mode. How should I try uninstalling I though? Through the control panel or one of the other programs you've given me?

#14 fireman4it

fireman4it

    Bleepin' Fireman


  • Malware Response Team
  • 13,512 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Greenup, Ill USA
  • Local time:03:07 PM

Posted 04 September 2014 - 04:07 PM

I would try all 3


" Extinguishing Malware from the world"

The Virus, Trojan, Spyware, and Malware Removal forum is very busy. If I'm helping you and I've not posted back within 24 hrs., send a PM with your topic link. Thank you.

ALL OTHER HELP REQUESTS VIA THE PM SYSTEM WILL BE IGNORED. The Forums are there for a reason!
Thanks-


  userbar_eis_500.gif

If I have helped you, consider making a donation to help me continue the fight against Malware! Just click btn_donate_LG.gif


#15 Manned Corn

Manned Corn
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:04:07 PM

Posted 04 September 2014 - 08:19 PM

Ok, I tried all 3 in safe mode. This was the result of all three:
Capture1.png






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users