Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Computer infected w/ rootkit from Gmer scan


  • This topic is locked This topic is locked
12 replies to this topic

#1 cer0

cer0

  • Members
  • 26 posts
  • OFFLINE
  •  
  • Local time:06:45 AM

Posted 02 October 2014 - 03:55 AM

Here are logs:

GMER 2.1.19357 - http://www.gmer.net
3rd party scan 2014-10-02 04:47:58
Windows 6.1.7601 Service Pack 1 \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0 Hitachi_HDS721010CLA330 rev.JP4OA3MA 931.51GB
Running: i7tjqdjp.exe; Driver: C:\Users\nots0\AppData\Local\Temp\fgloqpoc.sys


---- User code sections - GMER 2.1 ----

.text   C:\Program Files\DAEMON Tools Pro\DTShellHlp.exe[2912] USER32.dll!LoadStringW                                                                                   7659DFBA 5 Bytes  CALL 100011A2 C:\Program Files\DAEMON Tools Pro\BRD.dll
.text   C:\Program Files\Mozilla Firefox\firefox.exe[3900] ntdll.dll!NtCreateFile                                                                                       770D5608 5 Bytes  JMP 64A8A210 C:\Program Files\Mozilla Firefox\xul.dll
.text   C:\Program Files\Mozilla Firefox\firefox.exe[3900] ntdll.dll!NtFlushBuffersFile                                                                                 770D5998 5 Bytes  JMP 64A6EB90 C:\Program Files\Mozilla Firefox\xul.dll
.text   C:\Program Files\Mozilla Firefox\firefox.exe[3900] ntdll.dll!NtQueryFullAttributesFile                                                                          770D6028 5 Bytes  JMP 64A89C70 C:\Program Files\Mozilla Firefox\xul.dll
.text   C:\Program Files\Mozilla Firefox\firefox.exe[3900] ntdll.dll!NtReadFile                                                                                         770D62F8 5 Bytes  JMP 64A6EC80 C:\Program Files\Mozilla Firefox\xul.dll
.text   C:\Program Files\Mozilla Firefox\firefox.exe[3900] ntdll.dll!NtReadFileScatter                                                                                  770D6308 5 Bytes  JMP 65384CE1 C:\Program Files\Mozilla Firefox\xul.dll
.text   C:\Program Files\Mozilla Firefox\firefox.exe[3900] ntdll.dll!NtWriteFile                                                                                        770D6AA8 5 Bytes  JMP 64A8ACB0 C:\Program Files\Mozilla Firefox\xul.dll
.text   C:\Program Files\Mozilla Firefox\firefox.exe[3900] ntdll.dll!NtWriteFileGather                                                                                  770D6AB8 5 Bytes  JMP 65384C90 C:\Program Files\Mozilla Firefox\xul.dll
.text   C:\Program Files\Mozilla Firefox\firefox.exe[3900] ntdll.dll!LdrLoadDll                                                                                         770F22AE 5 Bytes  JMP 74091F42 C:\Program Files\Mozilla Firefox\mozglue.dll
.text   C:\Program Files\Mozilla Firefox\firefox.exe[3900] kernel32.dll!K32GetDeviceDriverBaseNameW + 5D                                                                76F2941E 7 Bytes  JMP 652F1CEB C:\Program Files\Mozilla Firefox\xul.dll
.text   C:\Program Files\Mozilla Firefox\firefox.exe[3900] kernel32.dll!QueryPerformanceCounter + 13                                                                    76F2C425 7 Bytes  JMP 652F1D0E C:\Program Files\Mozilla Firefox\xul.dll
.text   C:\Program Files\Mozilla Firefox\firefox.exe[3900] kernel32.dll!LoadAppInitDlls + 355                                                                           76F2F4E6 7 Bytes  JMP 64A86A9C C:\Program Files\Mozilla Firefox\xul.dll
.text   C:\Program Files\Mozilla Firefox\firefox.exe[3900] USER32.dll!GetWindowInfo                                                                                     765A4B5E 5 Bytes  JMP 651F78E5 C:\Program Files\Mozilla Firefox\xul.dll
.text   C:\Program Files\Mozilla Firefox\firefox.exe[3900] GDI32.dll!GetViewportOrgEx + 26C                                                                             771D884B 7 Bytes  JMP 652F1C6C C:\Program Files\Mozilla Firefox\xul.dll

---- User IAT/EAT - GMER 2.1 ----

IAT     C:\Windows\Explorer.EXE[2512] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipAlloc]                                                                                 [73A924CB] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll
IAT     C:\Windows\Explorer.EXE[2512] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdiplusStartup]                                                                            [73A7562E] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll
IAT     C:\Windows\Explorer.EXE[2512] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdiplusShutdown]                                                                           [73A756EC] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll
IAT     C:\Windows\Explorer.EXE[2512] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipFree]                                                                                  [73A92546] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll
IAT     C:\Windows\Explorer.EXE[2512] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDeleteGraphics]                                                                        [73A885AA] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll
IAT     C:\Windows\Explorer.EXE[2512] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDisposeImage]                                                                          [73A84D5E] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll
IAT     C:\Windows\Explorer.EXE[2512] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipGetImageWidth]                                                                         [73A85105] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll
IAT     C:\Windows\Explorer.EXE[2512] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipGetImageHeight]                                                                        [73A851DA] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll
IAT     C:\Windows\Explorer.EXE[2512] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateBitmapFromHBITMAP]                                                               [73A86707] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll
IAT     C:\Windows\Explorer.EXE[2512] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateFromHDC]                                                                         [73A88301] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll
IAT     C:\Windows\Explorer.EXE[2512] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipSetCompositingMode]                                                                    [73A88850] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll
IAT     C:\Windows\Explorer.EXE[2512] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipSetInterpolationMode]                                                                  [73A890B1] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll
IAT     C:\Windows\Explorer.EXE[2512] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDrawImageRectI]                                                                        [73A8E254] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll
IAT     C:\Windows\Explorer.EXE[2512] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCloneImage]                                                                            [73A84C90] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll

---- Threads - GMER 2.1 ----

Thread  System [4:1412]                                                                                                                                                 A64D8F2E

---- Registry - GMER 2.1 ----

Reg     HKLM\SYSTEM\CurrentControlSet\Control\Power\PowerSettings\528259f7-7bae-4f30-8321-8afa6e155c4c@FriendlyName                                                     C:\Windows\system32\NVSVCR.DLL (NVIDIA Driver Helper Service, Version 331.65/NVIDIA Corporation SIGNED)(2013-03-09 18:40:04)
Reg     HKLM\SYSTEM\CurrentControlSet\Control\Print\Monitors\Adobe PDF Port Monitor@Driver                                                                              C:\Windows\system32\AdobePDF.dll (Adobe PDF Port  Monitor DLL/Adobe Systems Inc SIGNED)(2012-09-24 00:43:38)
Reg     HKLM\SYSTEM\CurrentControlSet\services\AdobeFlashPlayerUpdateSvc@ImagePath                                                                                      C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe® Flash® Player Update Service 15.0 r0/CA SIGNED)(2013-03-09 18:44:03)
Reg     HKLM\SYSTEM\CurrentControlSet\services\Apple Mobile Device@ImagePath                                                                                            C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (YSLoader.exe/Apple Inc. SIGNED)(2014-02-12 20:50:20)
Reg     HKLM\SYSTEM\CurrentControlSet\services\AsIO@ImagePath                                                                                                           C:\Windows\system32\drivers\AsIO.sys(2013-03-09 19:01:27)
Reg     HKLM\SYSTEM\CurrentControlSet\services\Bonjour Service@ImagePath                                                                                                C:\Program Files\Bonjour\mDNSResponder.exe (Bonjour Service/Apple Inc. SIGNED)(2011-08-31 03:05:02)
Reg     HKLM\SYSTEM\CurrentControlSet\services\catchme@ImagePath                                                                                                        C:\Users\nots0\AppData\Local\Temp\catchme.sys(2014-10-01 18:19:12)
Reg     HKLM\SYSTEM\CurrentControlSet\services\dtsoftbus01@ImagePath                                                                                                    C:\Windows\system32\DRIVERS\dtsoftbus01.sys (DAEMON Tools Virtual Bus Driver/DT Soft Ltd SIGNED)(2013-03-10 02:12:01)
Reg     HKLM\SYSTEM\CurrentControlSet\services\eventlog\Application\Bonjour Service@EventMessageFile                                                                    C:\Program Files\Bonjour\mDNSResponder.exe (Bonjour Service/Apple Inc. SIGNED)(2011-08-31 03:05:02)
Reg     HKLM\SYSTEM\CurrentControlSet\services\eventlog\Application\XLive@EventMessageFile                                                                              c:\Windows\system32\xlive.dll (Games for Windows - LIVE DLL/Microsoft Corporation SIGNED)(2010-04-02 22:17:52)
Reg     HKLM\SYSTEM\CurrentControlSet\services\eventlog\System\mbamchameleon@EventMessageFile                                                                           C:\Windows\system32\drivers\mbamchameleon.sys (Malwarebytes Chameleon Protection Driver/Malwarebytes Corporation SIGNED)(2014-07-06 10:32:53)
Reg     HKLM\SYSTEM\CurrentControlSet\services\eventlog\System\Microsoft-Windows-Service Pack Installer@EventMessageFile                                                C:\Windows\system32\EventProviders\spcmsg.dll (SP Installer Msg Dll/Microsoft Corporation)(2013-03-10 05:04:26)
Reg     HKLM\SYSTEM\CurrentControlSet\services\eventlog\TuneUp\TuneUp.UtilitiesSvc@EventMessageFile                                                                     C:\Program Files\TuneUp Utilities 2014\TuneUpUtilitiesService32.exe (TuneUp Utilities Service/TuneUp Software SIGNED)(2014-04-15 19:59:18)
Reg     HKLM\SYSTEM\CurrentControlSet\services\FLService@ImagePath                                                                                                      C:\Windows\system32\WinFLService.exe (Service Application/New Softwares.net SIGNED)(2013-03-10 14:27:57)
Reg     HKLM\SYSTEM\CurrentControlSet\services\FolderSize@ImagePath                                                                                                     C:\Program Files\FolderSize\FolderSizeSvc.exe (FolderSize Service/Brio)(2013-02-13 04:36:46)
Reg     HKLM\SYSTEM\CurrentControlSet\services\gupdate@ImagePath                                                                                                        C:\Program Files\Google\Update\GoogleUpdate.exe (Google Installer/Google Inc. SIGNED)(2014-04-17 23:33:47)
Reg     HKLM\SYSTEM\CurrentControlSet\services\iPod Service@ImagePath                                                                                                   C:\Program Files\iPod\bin\iPodService.exe (iPodService Module (32-bit)/Apple Inc. SIGNED)(2014-02-21 07:54:26)
Reg     HKLM\SYSTEM\CurrentControlSet\services\LiveUpdateSvc@ImagePath                                                                                                  C:\Program Files\IObit\LiveUpdate\LiveUpdate.exe (Product Updater/IObit SIGNED)(2014-04-06 07:26:02)
Reg     HKLM\SYSTEM\CurrentControlSet\services\MBAMProtector@ImagePath                                                                                                  C:\Windows\system32\drivers\mbam.sys (Malwarebytes Anti-Malware/Malwarebytes Corporation SIGNED)(2014-07-06 10:32:53)
Reg     HKLM\SYSTEM\CurrentControlSet\services\MBAMScheduler@ImagePath                                                                                                  C:\Program Files\Malwarebytes Anti-Malware\mbamscheduler.exe (Malwarebytes Anti-Malware/Malwarebytes Corporation SIGNED)(2014-07-06 10:32:54)
Reg     HKLM\SYSTEM\CurrentControlSet\services\MBAMService@ImagePath                                                                                                    C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe (Malwarebytes Anti-Malware/Malwarebytes Corporation SIGNED)(2014-07-06 10:32:54)
Reg     HKLM\SYSTEM\CurrentControlSet\services\MBAMSwissArmy@ImagePath                                                                                                  C:\Windows\system32\drivers\MBAMSwissArmy.sys (Malwarebytes Anti-Malware/Malwarebytes Corporation SIGNED)(2014-07-06 10:33:16)
Reg     HKLM\SYSTEM\CurrentControlSet\services\MBAMWebAccessControl@ImagePath                                                                                           C:\Windows\system32\drivers\mwac.sys (Malwarebytes Web Access Control/Malwarebytes Corporation SIGNED)(2014-07-06 10:32:53)
Reg     HKLM\SYSTEM\CurrentControlSet\services\MozillaMaintenance@ImagePath                                                                                             C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation SIGNED)(2013-04-12 01:54:43)
Reg     HKLM\SYSTEM\CurrentControlSet\services\nvsvc@ImagePath                                                                                                          C:\Windows\system32\nvvsvc.exe (NVIDIA Driver Helper Service, Version 335.23/NVIDIA Corporation SIGNED)(2013-03-09 18:40:04)
Reg     HKLM\SYSTEM\CurrentControlSet\services\Stereo Service@ImagePath                                                                                                 C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (Stereo Vision Control Panel API Server/NVIDIA Corporation SIGNED)(2014-03-22 16:00:48)
Reg     HKLM\SYSTEM\CurrentControlSet\services\taphss@ImagePath                                                                                                         C:\Windows\system32\DRIVERS\taphss.sys (TAP-Win32 Virtual Network Driver/AnchorFree Inc SIGNED)(2012-07-24 20:11:50)
Reg     HKLM\SYSTEM\CurrentControlSet\services\taphss6@ImagePath                                                                                                        C:\Windows\system32\DRIVERS\taphss6.sys (Anchorfree HSS VPN Adapter/Anchorfree Inc. SIGNED)(2013-04-24 19:25:44)
Reg     HKLM\SYSTEM\CurrentControlSet\services\Themes@DisplayName                                                                                                       C:\Windows\System32\themeservice.dll (Windows Shell Theme Service Dll/Microsoft Corporation)(2009-07-13 23:39:00)
Reg     HKLM\SYSTEM\CurrentControlSet\services\TuneUp.UtilitiesSvc@ImagePath                                                                                            C:\Program Files\TuneUp Utilities 2014\TuneUpUtilitiesService32.exe (TuneUp Utilities Service/TuneUp Software SIGNED)(2014-04-15 19:59:18)
Reg     HKLM\SYSTEM\CurrentControlSet\services\TuneUpUtilitiesDrv@ImagePath                                                                                             C:\Program Files\TuneUp Utilities 2014\TuneUpUtilitiesDriver32.sys (TuneUp Utilities Driver/TuneUp Software SIGNED)(2014-03-26 13:03:04)
Reg     HKLM\SYSTEM\CurrentControlSet\services\WinFLAdrv@ImagePath                                                                                                      C:\Windows\system32\WinFLAdrv.sys(2013-03-10 14:28:25)
Reg     HKLM\SYSTEM\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries\000000000009@LibraryPath                                          C:\Program Files\Bonjour\mdnsNSP.dll (Bonjour Namespace Provider/Apple Inc. SIGNED)(2011-08-31 03:05:02)
Reg     HKLM\SYSTEM\CurrentControlSet\services\WinVDEDrv@ImagePath                                                                                                      C:\Windows\system32\WinVDEdrv.sys (Virtual Encryption Driver/NewSoftwares.net, Inc. SIGNED)(2013-03-10 14:28:20)
Reg     HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components\{2C7339CF-2B09-4501-B3F3-F3508C9228ED}@LocalizedName                                                  C:\Windows\system32\themeui.dll (Windows Theme API/Microsoft Corporation)(2013-03-10 04:49:59)
Reg     HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components\{8A69D345-D564-463c-AFF1-A69D9E530F96}@StubPath                                                       C:\Program Files\Google\Chrome\Application\37.0.2062.124\Installer\chrmstp.exe (Google Chrome Installer/Google Inc. SIGNED)(2014-09-24 23:51:25)
Reg     HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{5852F5ED-8BF4-11D4-A245-0080C6F74284}@AppName                                             C:\Windows\system32\javaws.exe (Java(TM) Web Start Launcher/Oracle Corporation SIGNED)(2014-01-27 16:38:29)
Reg     HKLM\SOFTWARE\Microsoft\Office\Delivery\SourceEngine\Downloads\{90150000-0011-0000-0000-0000000FF1CE}-C\Resources\setup.exe@RelativeCachePath                   C:\Users\nots0\Downloads\setup.exe(2014-05-27 19:24:45)
Reg     HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder\C:^Users^nots0^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Rainmeter.lnk@command  C:\Program Files\Rainmeter\Rainmeter.exe(2014-01-05 14:24:22)
Reg     HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\AdobeAAMUpdater-1.0@command                                                                            C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe (Adobe Updater Startup Utility/Adobe Systems Incorporated SIGNED)(2014-01-26 12:26:58)
Reg     HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\AdobeCEPServiceManager@command                                                                         C:\Program Files\Common Files\Adobe\CEPServiceManager4\CEPServiceManager.exe (Adobe CEP Service Manager/Adobe Systems Incorporated SIGNED)(2013-03-13 18:39:04)
Reg     HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\AdobeCS6ServiceManager@command                                                                         C:\Program Files\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe (Adobe CS6 Service Manager/Adobe Systems Incorporated SIGNED)(2012-03-09 20:26:58)
Reg     HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\APSDaemon@command                                                                                      C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Push/Apple Inc. SIGNED)(2014-02-13 00:57:54)
Reg     HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\HDAudDeck@command                                                                                      C:\Program Files\VIA\VIAudioi\VDeck\VDeck.exe (VIA HD Audio CPL/VIA)(2013-03-09 21:14:52)
Reg     HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\iTunesHelper@command                                                                                   C:\Program Files\iTunes\iTunesHelper.exe (iTunesHelper/Apple Inc. SIGNED)(2014-02-21 07:54:40)
Reg     HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\SunJavaUpdateSched@command                                                                             C:\Program Files\Common Files\Java\Java Update\jusched.exe (Java(TM) Update Scheduler/Oracle Corporation SIGNED)(2013-07-02 14:16:26)
Reg     HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\ccleaner.exe@                                                                                          C:\Program Files\CCleaner\CCleaner.exe (CCleaner/Piriform Ltd SIGNED)(2014-04-17 16:53:06)
Reg     HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\chrome.exe@                                                                                            C:\Program Files\Google\Chrome\Application\chrome.exe (Google Chrome/Google Inc. SIGNED)(2014-04-17 23:34:19)
Reg     HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\combofix.exe@                                                                                          C:\Users\nots0\Downloads\ComboFix.exe (ComboFix NSIS Installer/Swearware)(2014-10-01 18:13:09)
Reg     HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\firefox.exe@                                                                                           C:\Program Files\Mozilla Firefox\firefox.exe (Firefox/Mozilla Corporation SIGNED)(2014-03-31 18:08:23)
Reg     HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\Fireworks.exe@                                                                                         C:\Program Files\Adobe\Adobe Fireworks CS6\Fireworks.exe (Adobe Fireworks CS6/Adobe Systems Incorporated SIGNED)(2012-03-31 03:27:10)
Reg     HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\iTunes.exe@                                                                                            C:\Program Files\iTunes\iTunes.exe (iTunes/Apple Inc. SIGNED)(2014-02-21 07:54:38)
Reg     HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\javaws.exe@                                                                                            C:\Program Files\Java\jre7\bin\javaws.exe (Java(TM) Web Start Launcher/Oracle Corporation SIGNED)(2013-08-05 01:34:41)
Reg     HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\mbam.exe@                                                                                              C:\Program Files\Malwarebytes Anti-Malware\mbam.exe (Malwarebytes Anti-Malware/Malwarebytes Corporation SIGNED)(2014-07-06 10:32:54)
Reg     HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\Opera.exe@                                                                                             C:\Program Files\Opera\Launcher.exe (Opera Internet Browser/CA SIGNED)(2014-05-24 20:06:21)
Reg     HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\Photoshop.exe@                                                                                         C:\Program Files\Adobe\Adobe Photoshop CC\Photoshop.exe (Adobe Photoshop CC/Adobe Systems, Incorporated SIGNED)(2013-04-23 06:54:16)
Reg     HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\pidgin.exe@                                                                                            C:\Program Files\Pidgin\pidgin.exe (Pidgin/The Pidgin developer community)(2014-02-03 00:20:04)
Reg     HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\QuickPar.exe@                                                                                          C:\Program Files\QuickPar\QuickPar.exe (QuickPar/Peter B Clements)(2004-07-03 09:34:17)
Reg     HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\winamp.exe@                                                                                            C:\Program Files\Winamp\winamp.exe (Winamp/Nullsoft, Inc. SIGNED)(2013-12-13 02:47:54)
Reg     HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\WinRAR.exe@                                                                                            C:\Program Files\WinRAR\WinRAR.exe (WinRAR archiver/Alexander Roshal)(2013-03-09 21:15:56)
Reg     HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Control Panel\Cpls@Folder Size                                                                                   C:\Program Files\FolderSize\FolderSize.cpl (Folder Size Control Panel/Brio)(2013-02-13 04:36:46)
Reg     HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\AutoplayHandlers\Handlers\ImgBurnBDBurningOnArrival_BuildImage@DefaultIcon                              C:\Program Files\ImgBurn\ImgBurn.exe (ImgBurn - The Ultimate Image Burner!/LIGHTNING UK!)(2012-03-29 18:22:04)
Reg     HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\AutoplayHandlers\Handlers\iTunesBurnCDOnArrival@DefaultIcon                                             C:\Program Files\iTunes\iTunes.exe (iTunes/Apple Inc. SIGNED)(2014-02-21 07:54:38)
Reg     HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\AutoplayHandlers\Handlers\VLCPlayCDAudioOnArrival@DefaultIcon                                           C:\Program Files\VideoLAN\VLC\vlc.exe (VLC media player 2.1.0/VideoLAN)(2013-09-22 23:18:28)
Reg     HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\AutoplayHandlers\Handlers\WinampMTPHandler@DefaultIcon                                                  C:\Program Files\Winamp\winamp.exe (Winamp/Nullsoft, Inc. SIGNED)(2013-12-13 02:47:54)
Reg     HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\GameUX\Games\{21C35C68-A6C5-4A75-8FFD-DB503CE6F67B}@ConfigGDFBinaryPath                                          C:\Program Files\World of Warcraft\Wow.exe (World of Warcraft Retail/Blizzard Entertainment SIGNED)(2013-03-09 21:36:24)
Reg     HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\GameUX\Games\{BC00271C-8C03-4883-B4F7-C83B4B9061F4}@ConfigGDFBinaryPath                                          C:\GOG Games\Shovel Knight\goggame-1207664823.dll(2014-08-02 11:36:44)
Reg     HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\GameUX\Games\{BC00271C-8C03-4883-B4F7-C83B4B9061F4}@AppExePath                                                   C:\GOG Games\Shovel Knight\ShovelKnight.exe(2014-08-02 11:36:45)
Reg     HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run-@SunJavaUpdateSched                                                                                          C:\Program Files\Common Files\Java\Java Update\jusched.exe (Java(TM) Update Scheduler/Oracle Corporation SIGNED)(2013-07-02 14:16:26)
Reg     HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run-@iTunesHelper                                                                                                C:\Program Files\iTunes\iTunesHelper.exe (iTunesHelper/Apple Inc. SIGNED)(2014-02-21 07:54:40)
Reg     HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\StillImage\Registered Applications@Photoshop                                                                     C:\Program Files\Adobe\Adobe Photoshop CC\Photoshop.exe (Adobe Photoshop CC/Adobe Systems, Incorporated SIGNED)(2013-04-23 06:54:16)
Reg     HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\1207664823_is1@UninstallString                                                                         C:\GOG Games\Shovel Knight\unins000.exe(2014-08-02 11:36:44)
Reg     HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Adobe AIR@DisplayIcon                                                                                  C:\PROGRA~1\COMMON~1\ADOBEA~1\Versions\1.0\RESOUR~1\ADOBEA~1.EXE (Adobe AIR Installer/Adobe Systems Inc. SIGNED)(2013-05-06 04:16:24)
Reg     HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Adobe AIR@UninstallString                                                                              C:\Program Files\Common Files\Adobe AIR\Versions\1.0\Resources\Adobe AIR Updater.exe (Adobe AIR Installer/Adobe Systems Inc. SIGNED)(2013-05-06 04:16:24)
Reg     HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Adobe Flash Player ActiveX@UninstallString                                                             C:\Windows\system32\Macromed\Flash\FlashUtil32_15_0_0_167_ActiveX.exe (Adobe® Flash® Player Installer/Uninstaller 15.0 r0/CA SIGNED)(2014-09-24 15:01:18)
Reg     HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Adobe Flash Player Plugin@UninstallString                                                              C:\Windows\system32\Macromed\Flash\FlashUtil32_15_0_0_152_Plugin.exe (Adobe® Flash® Player Installer/Uninstaller 15.0 r0/CA SIGNED)(2014-09-11 03:01:17)
Reg     HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Angry Birds Star Wars II 1.0.4@DisplayIcon                                                             C:\Games\Angry Birds Star Wars II\Uninstall.exe(2013-10-28 20:47:14)
Reg     HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\AV Voice Changer Software DIAMOND 7.0@UninstallString                                                  C:\Program Files\AV Vcs 7.0 DIAMOND\UNWISE.EXE (WiseScript Uninstaller/Altiris)(2014-04-16 11:38:11)
Reg     HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\B521582C-6BE3-491D-BCC8-FFB8301298E9_is1@DisplayIcon                                                   C:\Program Files\Foxit Software\Foxit Advanced PDF Editor\Foxit Advanced PDF Editor.exe (Foxit Corporation)(2014-01-26 10:10:42)
Reg     HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\B521582C-6BE3-491D-BCC8-FFB8301298E9_is1@UninstallString                                               C:\Program Files\Foxit Software\Foxit Advanced PDF Editor\unins000.exe(2014-01-26 10:10:42)
Reg     HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Battle.net@DisplayIcon                                                                                 C:\Program Files\Battle.net\Battle.net.exe (Blizzard File Switcher/Blizzard Entertainment SIGNED)(2014-04-06 23:09:26)
Reg     HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Battle.net@UninstallString                                                                             C:\ProgramData\Battle.net\Agent\Blizzard Uninstaller.exe (Blizzard Uninstaller/Blizzard Entertainment SIGNED)(2013-07-26 18:41:27)
Reg     HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Better File Rename_is1@UninstallString                                                                 C:\Program Files\Better File Series\unins000.exe(2013-09-16 12:09:41)
Reg     HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Bloons TD 5 Deluxe_is1@UninstallString                                                                 C:\Games\Bloons TD 5 Deluxe\unins000.exe(2014-09-25 01:00:49)
Reg     HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\CCleaner@UninstallString                                                                               C:\Program Files\CCleaner\uninst.exe (CCleaner Installer/Piriform Ltd SIGNED)(2014-04-17 16:54:34)
Reg     HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\CCleaner@DisplayIcon                                                                                   C:\Program Files\CCleaner\CCleaner.exe (CCleaner/Piriform Ltd SIGNED)(2014-04-17 16:53:06)
Reg     HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\com.adobe.WidgetBrowser@DisplayIcon                                                                    C:\Program Files\Adobe\Adobe Widget Browser\Adobe Widget Browser.exe(2013-05-06 04:16:12)
Reg     HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\DAEMON Tools Pro@UninstallString                                                                       C:\Program Files\DAEMON Tools Pro\uninst.exe (DAEMON Tools Pro Setup/DT Soft Ltd)(2012-10-23 08:25:38)
Reg     HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\DAEMON Tools Pro@DisplayIcon                                                                           C:\Program Files\DAEMON Tools Pro\DTPro.exe (DAEMON Tools Pro/DT Soft Ltd SIGNED)(2012-10-23 08:25:30)
Reg     HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Diablo III@DisplayIcon                                                                                 C:\Program Files\Diablo III\Diablo III.exe (Diablo III Retail/Blizzard Entertainment SIGNED)(2014-04-06 23:23:17)
Reg     HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Diablo III@UninstallString                                                                             C:\ProgramData\Battle.net\Agent\Blizzard Uninstaller.exe (Blizzard Uninstaller/Blizzard Entertainment SIGNED)(2013-07-26 18:41:27)
Reg     HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Dust: An Elysian Tail_is1@UninstallString                                                              C:\Games\Dust An Elysian Tail\unins000.exe(2014-09-28 00:24:22)
Reg     HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Google Chrome@UninstallString                                                                          C:\Program Files\Google\Chrome\Application\37.0.2062.124\Installer\setup.exe (Google Chrome Installer/Google Inc. SIGNED)(2014-09-24 23:51:24)
Reg     HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Google Chrome@DisplayIcon                                                                              C:\Program Files\Google\Chrome\Application\chrome.exe (Google Chrome/Google Inc. SIGNED)(2014-04-17 23:34:19)
Reg     HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\ImgBurn@DisplayIcon                                                                                    C:\Program Files\ImgBurn\ImgBurn.exe (ImgBurn - The Ultimate Image Burner!/LIGHTNING UK!)(2012-03-29 18:22:04)
Reg     HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\ImgBurn@UninstallString                                                                                C:\Program Files\ImgBurn\uninstall.exe (ImgBurn Installer/LIGHTNING UK!)(2013-05-13 17:44:15)
Reg     HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\InstallShield_{20D4A895-748C-4D88-871C-FDB1695B0169}@UninstallString                                   C:\Program Files\Common Files\InstallShield\Driver\7\Intel 32\IDriver.exe(2002-10-04 19:49:30)
Reg     HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\MakeTorrent 2@UninstallString                                                                          C:\Program Files\Maketorrent 2\uninstall.exe(2014-06-13 00:49:25)
Reg     HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Malwarebytes Anti-Malware_is1@DisplayIcon                                                              C:\Program Files\Malwarebytes Anti-Malware\mbam.exe (Malwarebytes Anti-Malware/Malwarebytes Corporation SIGNED)(2014-07-06 10:32:54)
Reg     HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Malwarebytes Anti-Malware_is1@UninstallString                                                          C:\Program Files\Malwarebytes Anti-Malware\unins000.exe(2014-07-06 10:32:53)
Reg     HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Mark of the Ninja Special Edition_is1@UninstallString                                                  C:\Games\Mark of the Ninja Special Edition\unins000.exe(2014-09-28 00:49:55)
Reg     HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Metal Slug Complete PC@UninstallString                                                                 C:\Games\Metal Slug Complete PC\uninstall.exe(2014-09-27 20:44:31)
Reg     HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Minecraft1.7.2@DisplayIcon                                                                             C:\Users\nots0\AppData\Roaming\.minecraft\minecraft launcher\Uninstall.exe(2013-10-27 11:38:12)
Reg     HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Mozilla Firefox 32.0.3 (x86 en-US)@DisplayIcon                                                         C:\Program Files\Mozilla Firefox\firefox.exe (Firefox/Mozilla Corporation SIGNED)(2014-03-31 18:08:23)
Reg     HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Mozilla Firefox 32.0.3 (x86 en-US)@UninstallString                                                     C:\Program Files\Mozilla Firefox\uninstall\helper.exe (Firefox Helper/Mozilla Corporation SIGNED)(2014-03-31 18:08:26)
Reg     HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\MozillaMaintenanceService@UninstallString                                                              C:\Program Files\Mozilla Maintenance Service\uninstall.exe (Mozilla Maintenance Service Installer/Mozilla Corporation)(2013-04-12 01:54:45)
Reg     HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Nmap@UninstallString                                                                                   C:\Program Files\Nmap\uninstall.exe (Nmap installer/Insecure.org)(2014-10-01 16:14:26)
Reg     HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\NVIDIAStereo@DisplayIcon                                                                               C:\Program Files\NVIDIA Corporation\3D Vision\nvstreg.exe (Stereoscpic 3D Registry Tool/NVIDIA Corporation SIGNED)(2014-03-22 16:00:50)
Reg     HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\NVIDIAStereo@UninstallString                                                                           C:\Program Files\NVIDIA Corporation\3D Vision\nvStInst.exe (Stereoscpic 3D driver Installer API/NVIDIA Corporation SIGNED)(2014-03-22 16:00:50)
Reg     HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Opera 21.0.1432.67@DisplayIcon                                                                         C:\Program Files\Opera\Launcher.exe (Opera Internet Browser/CA SIGNED)(2014-05-24 20:06:21)
Reg     HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Pidgin@DisplayIcon                                                                                     C:\Program Files\Pidgin\pidgin.exe (Pidgin/The Pidgin developer community)(2014-02-03 00:20:04)
Reg     HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Pidgin@UninstallString                                                                                 C:\Program Files\Pidgin\pidgin-uninst.exe(2014-06-27 14:24:00)
Reg     HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\pidgin-otr@UninstallString                                                                             C:\Program Files\pidgin-otr\pidgin-otr-uninst.exe(2014-06-27 14:25:37)
Reg     HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\QuickPar@UninstallString                                                                               C:\Program Files\QuickPar\uninst.exe (QuickPar/Peter B Clements)(2013-09-16 21:32:41)
Reg     HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\QuickPar@DisplayIcon                                                                                   C:\Program Files\QuickPar\QuickPar.exe (QuickPar/Peter B Clements)(2004-07-03 09:34:17)
Reg     HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Rainmeter@DisplayIcon                                                                                  C:\Program Files\Rainmeter\Rainmeter.exe(2014-01-05 14:24:22)
Reg     HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Rainmeter@UninstallString                                                                              C:\Program Files\Rainmeter\uninst.exe(2014-01-28 04:41:27)
Reg     HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Sine Mora_is1@DisplayIcon                                                                              C:\Games\Sine Mora\SineMora.exe (Sine Mora/Digital Reality Software)(2014-09-28 10:52:53)
Reg     HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Sine Mora_is1@UninstallString                                                                          C:\Games\Sine Mora\unins000.exe(2014-09-28 10:50:47)
Reg     HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Subway Surfers 1.0@DisplayIcon                                                                         C:\Games\Subway Surfers\Uninstall.exe(2012-12-15 01:39:52)
Reg     HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Tag&Rename_is1@DisplayIcon                                                                             C:\Program Files\TagRename\TagRename.exe (Tag&Rename/Softpointer Inc)(2013-05-14 19:27:09)
Reg     HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Tag&Rename_is1@UninstallString                                                                         C:\Program Files\TagRename\unins000.exe(2013-05-14 19:27:08)
Reg     HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Torchlight II (c) Runic Games_is1@UninstallString                                                      C:\Games\Torchlight II\unins000.exe(2014-09-28 00:45:20)
Reg     HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Total Uninstall 6_is1@DisplayIcon                                                                      C:\Program Files\Total Uninstall 6\Tu.exe (Total Uninstall - Installation monitor, uninstaller and cleaner/Gavrila Martau SIGNED)(2014-10-01 18:59:47)
Reg     HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Total Uninstall 6_is1@UninstallString                                                                  C:\Program Files\Total Uninstall 6\unins000.exe(2014-10-01 18:59:46)
Reg     HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\TuneUp Utilities@UninstallString                                                                       C:\Program Files\TuneUp Utilities 2014\TUInstallHelper.exe (TuneUp Install Helper/TuneUp Software SIGNED)(2014-04-15 19:58:04)
Reg     HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\TuneUp Utilities@DisplayIcon                                                                           C:\Program Files\TuneUp Utilities 2014\Integrator.exe (TuneUp Utilities - Start Center/TuneUp Software SIGNED)(2014-04-15 19:57:18)
Reg     HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Uplay@DisplayIcon                                                                                      C:\Program Files\Ubisoft\Ubisoft Game Launcher\Uplay.exe(2012-10-26 17:04:14)
Reg     HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Uplay@UninstallString                                                                                  C:\Program Files\Ubisoft\Ubisoft Game Launcher\Uninstall.exe(2012-10-26 17:04:48)
Reg     HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\VirtualDUB Pack@UninstallString                                                                        C:\Program Files\VirtualDUB Pack\Uninstal.exe(2013-03-22 12:44:30)
Reg     HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\VLC media player@UninstallString                                                                       C:\Program Files\VideoLAN\VLC\uninstall.exe(2013-03-10 13:04:37)
Reg     HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\VLC media player@DisplayIcon                                                                           C:\Program Files\VideoLAN\VLC\vlc.exe (VLC media player 2.1.0/VideoLAN)(2013-09-22 23:18:28)
Reg     HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Winamp@DisplayIcon                                                                                     C:\Program Files\Winamp\winamp.exe (Winamp/Nullsoft, Inc. SIGNED)(2013-12-13 02:47:54)
Reg     HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Winamp@UninstallString                                                                                 C:\Program Files\Winamp\UninstWA.exe (Winamp Installer/Nullsoft, Inc.)(2014-02-12 23:15:05)
Reg     HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Window Hide Tool_is1@UninstallString                                                                   C:\Program Files\Window Hide Tool\unins000.exe(2014-04-29 20:08:46)
Reg     HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\WinRAR archiver@UninstallString                                                                        C:\Program Files\WinRAR\uninstall.exe (Uninstall WinRAR/Alexander Roshal)(2013-03-09 21:15:56)
Reg     HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\WinRAR archiver@DisplayIcon                                                                            C:\Program Files\WinRAR\WinRAR.exe (WinRAR archiver/Alexander Roshal)(2013-03-09 21:15:56)
Reg     HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\World of Warcraft@DisplayIcon                                                                          C:\Program Files\World of Warcraft\WoW.exe (World of Warcraft Retail/Blizzard Entertainment SIGNED)(2013-03-09 21:36:24)
Reg     HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\World of Warcraft@UninstallString                                                                      C:\ProgramData\Battle.net\Agent\Blizzard Uninstaller.exe (Blizzard Uninstaller/Blizzard Entertainment SIGNED)(2013-07-26 18:41:27)
Reg     HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Xilisoft iPhone Ringtone Maker@UninstallString                                                         C:\Program Files\Xilisoft\iPhone Ringtone Maker\Uninstall.exe(2014-03-23 00:10:42)
Reg     HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Xilisoft iPhone Ringtone Maker@DisplayIcon                                                             C:\Program Files\Xilisoft\iPhone Ringtone Maker\iphoneringtone.exe(2012-06-13 02:20:42)
Reg     HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Xvid Video Codec 1.3.2@UninstallString                                                                 C:\Program Files\Xvid\uninstall.exe (Xvid Team)(2013-03-22 13:08:58)
Reg     HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{00E094E1-A852-11E2-803D-ACEA632352B4}@UninstallString                                                 C:\Program Files\Common Files\Adobe\OOBE\PDApp\core\PDApp.exe (Adobe Application Manager/Adobe Systems Incorporated SIGNED)(2014-01-26 12:26:12)
Reg     HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{1a413f37-ed88-4fec-9666-5c48dc4b7bb7}@DisplayIcon                                                     C:\Program Files\GreenTree Applications\YTD Video Downloader\ytd.exe (YTD Video Downloader/GreenTree Applications SRL)(2014-04-10 15:37:30)
Reg     HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{1a413f37-ed88-4fec-9666-5c48dc4b7bb7}@UninstallString                                                 C:\Program Files\GreenTree Applications\YTD Video Downloader\uninstall.exe(2014-06-14 20:50:56)
Reg     HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{1a413f37-ed88-4fec-9666-5c48dc4b7bb7}@MainApp                                                         C:\Program Files\GreenTree Applications\YTD Video Downloader\ytd.exe (YTD Video Downloader/GreenTree Applications SRL)(2014-04-10 15:37:30)
Reg     HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{26A24AE4-039D-4CA4-87B4-2F83217025FF}@DisplayIcon                                                     C:\Program Files\Java\jre7\bin\javaws.exe (Java(TM) Web Start Launcher/Oracle Corporation SIGNED)(2013-08-05 01:34:41)
Reg     HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{2D99B50E-431D-4AA8-85C1-172A6F8BCF09}@UninstallString                                                 C:\Program Files\Common Files\Adobe\OOBE\PDApp\core\PDApp.exe (Adobe Application Manager/Adobe Systems Incorporated SIGNED)(2014-01-26 12:26:12)
Reg     HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{534A7A1A-7102-4AF6-23EA-7CD279C7B625}_is1@DisplayIcon                                                 C:\Program Files\Adobe\Update Management Tool\UMT.exe (Update Management Tool/PainteR)(2014-01-26 12:32:44)
Reg     HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{534A7A1A-7102-4AF6-23EA-7CD279C7B625}_is1@UninstallString                                             C:\Program Files\Adobe\Update Management Tool\unins000.exe(2014-01-26 12:32:44)
Reg     HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision@DisplayIcon                                    C:\Program Files\NVIDIA Corporation\3D Vision\nvstreg.exe (Stereoscpic 3D Registry Tool/NVIDIA Corporation SIGNED)(2014-03-22 16:00:50)
Reg     HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.ControlPanel@DisplayIcon                                C:\Program Files\NVIDIA Corporation\Installer2\installer.{4168251D-B89A-42FA-A922-B9EFC00B3407}\NVI2.dll (NVIDIA Install Core/NVIDIA Corporation SIGNED)(2014-03-22 16:00:07)
Reg     HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver@DisplayIcon                                      C:\Program Files\NVIDIA Corporation\Installer2\installer.{7DAB4A1E-BC69-4537-BE55-12D1CF064339}\NVI2.dll (NVIDIA Install Core/NVIDIA Corporation SIGNED)(2014-03-22 15:57:35)
Reg     HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{C57EA3D6-3B9F-4369-8231-53990AE74510}_is1@UninstallString                                             C:\Games\SpongeBob SquarePants Typing\unins000.exe(2013-12-05 20:32:26)
Reg     HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{CA7C485C-7A89-11E1-B2C8-CD54B377BC52}@UninstallString                                                 C:\Program Files\Common Files\Adobe\OOBE\PDApp\core\PDApp.exe (Adobe Application Manager/Adobe Systems Incorporated SIGNED)(2014-01-26 12:26:12)
Reg     HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{CE1F93C0-4353-4C9D-84DA-AB4E7C63ED32}_is1@DisplayIcon                                                 C:\Program Files\VSO\ConvertX\5\ConvertXtoDVD.exe (ConvertXToDVD transcoder/VSO Software SARL)(2013-11-26 23:38:14)
Reg     HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{CE1F93C0-4353-4C9D-84DA-AB4E7C63ED32}_is1@UninstallString                                             C:\Program Files\VSO\ConvertX\5\unins000.exe(2013-11-26 23:38:07)
Reg     HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Publishers\{62ef8b9f-ee45-4aba-a9b9-b70e878bf30a}@ResourceFileName                                        C:\Windows\system32\EventProviders\spcmsg.dll (SP Installer Msg Dll/Microsoft Corporation)(2013-03-10 05:04:26)
Reg     HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Publishers\{869fb599-80aa-485d-bca7-db18d72b7219}@ResourceFileName                                        C:\Windows\System32\themeui.dll (Windows Theme API/Microsoft Corporation)(2013-03-10 04:49:59)
Reg     HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Accessibility\ATs\Oracle_JavaAccessBridge@StartExe                                                            C:\Program Files\Java\jre7\bin\jabswitch.exe (Oracle Corporation SIGNED)(2013-08-05 01:34:40)
Reg     HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32@vidc.XVID                                                                                           C:\Windows\system32\xvidvfw.dll(2013-03-22 13:08:57)
Reg     HKLM\SOFTWARE\Classes\.ccd\shell\open.ImgBurn\command@                                                                                                          C:\Program Files\ImgBurn\ImgBurn.exe (ImgBurn - The Ultimate Image Burner!/LIGHTNING UK!)(2012-03-29 18:22:04)
Reg     HKLM\SOFTWARE\Classes\AAM\shell\open\command@                                                                                                                   C:\Program Files\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\AdobeApplicationManager(URIHandler).exe (AdobeApplicationManager(URIHandler)/Adobe Systems Incorporated SIGNED)(2014-01-26 12:27:06)
Reg     HKLM\SOFTWARE\Classes\ABDroplet\shell\open\command@                                                                                                             C:\Program Files\Better File Series\bfr.exe (bfr Application/publicspace.net)(2013-09-16 12:09:42)
Reg     HKLM\SOFTWARE\Classes\AcroExch.Document.7\shell\EditWithFoxit Advanced PDF Editor\command@                                                                      C:\Program Files\Foxit Software\Foxit Advanced PDF Editor\Foxit Advanced PDF Editor.exe (Foxit Corporation)(2014-01-26 10:10:42)
Reg     HKLM\SOFTWARE\Classes\Adobe.Extension.Information\shell\open\command@                                                                                           C:\Program Files\Adobe\Adobe Extension Manager CS6\Adobe Extension Manager CS6.exe (Adobe Extension Manager CS6/Adobe Systems Incorporated SIGNED)(2012-03-13 01:16:02)
Reg     HKLM\SOFTWARE\Classes\aim\shell\Open\command@                                                                                                                   C:\Program Files\Pidgin\pidgin.exe (Pidgin/The Pidgin developer community)(2014-02-03 00:20:04)
Reg     HKLM\SOFTWARE\Classes\AIR.InstallerPackage\shell\open\command@                                                                                                  C:\Program Files\Common Files\Adobe AIR\Versions\1.0\Adobe AIR Application Installer.exe (Adobe AIR Application Installer/Adobe Systems Inc. SIGNED)(2013-05-06 04:16:24)
Reg     HKLM\SOFTWARE\Classes\AppID\{3B29AB5C-52CB-4a36-9314-E3FEE0BA7468}@                                                                                             C:\Program Files\Winamp\Elevator.exe (Winamp Elevator/Nullsoft, Inc. SIGNED)(2013-12-13 02:47:54)
Reg     HKLM\SOFTWARE\Classes\Applications\ImgBurn.exe\shell\open\command@                                                                                              C:\Program Files\ImgBurn\ImgBurn.exe (ImgBurn - The Ultimate Image Burner!/LIGHTNING UK!)(2012-03-29 18:22:04)
Reg     HKLM\SOFTWARE\Classes\Applications\iTunes.exe\shell\open\command@                                                                                               C:\Program Files\iTunes\iTunes.exe (iTunes/Apple Inc. SIGNED)(2014-02-21 07:54:38)
Reg     HKLM\SOFTWARE\Classes\Applications\Opera.exe\shell\open\command@                                                                                                C:\Program Files\Opera\Launcher.exe (Opera Internet Browser/CA SIGNED)(2014-05-24 20:06:21)
Reg     HKLM\SOFTWARE\Classes\Applications\Photoshop.exe\shell\edit\command@                                                                                            C:\Program Files\Adobe\Adobe Photoshop CC\Photoshop.exe (Adobe Photoshop CC/Adobe Systems, Incorporated SIGNED)(2013-04-23 06:54:16)
Reg     HKLM\SOFTWARE\Classes\Applications\vlc.exe\shell\Open\command@                                                                                                  C:\Program Files\VideoLAN\VLC\vlc.exe (VLC media player 2.1.0/VideoLAN)(2013-09-22 23:18:28)
Reg     HKLM\SOFTWARE\Classes\AudioCD\shell\open.ImgBurn\command@                                                                                                       C:\Program Files\ImgBurn\ImgBurn.exe (ImgBurn - The Ultimate Image Burner!/LIGHTNING UK!)(2012-03-29 18:22:04)
Reg     HKLM\SOFTWARE\Classes\AudioCD\shell\play\command@                                                                                                               C:\Program Files\Winamp\winamp.exe (Winamp/Nullsoft, Inc. SIGNED)(2013-12-13 02:47:54)
Reg     HKLM\SOFTWARE\Classes\AudioCD\shell\PlayWithVLC\command@                                                                                                        C:\Program Files\VideoLAN\VLC\vlc.exe (VLC media player 2.1.0/VideoLAN)(2013-09-22 23:18:28)
Reg     HKLM\SOFTWARE\Classes\battlenet\shell\open\command@                                                                                                             C:\Program Files\Battle.net\Battle.net.exe (Blizzard File Switcher/Blizzard Entertainment SIGNED)(2014-04-06 23:09:26)
Reg     HKLM\SOFTWARE\Classes\cclaunch\shell\open\command@                                                                                                              C:\Program Files\CCleaner\ccleaner.exe (CCleaner/Piriform Ltd SIGNED)(2014-04-17 16:53:06)
Reg     HKLM\SOFTWARE\Classes\ChromeHTML\shell\open\command@                                                                                                            C:\Program Files\Google\Chrome\Application\chrome.exe (Google Chrome/Google Inc. SIGNED)(2014-04-17 23:34:19)
Reg     HKLM\SOFTWARE\Classes\CLSID\{00000001-4FEF-40D3-B3FA-E0531B897F98}\InprocServer32@                                                                              C:\Windows\system32\xvid.ax(2013-03-22 13:08:58)
Reg     HKLM\SOFTWARE\Classes\CLSID\{00711705-12C5-420B-A4E5-6413F2AB3C7B}\InProcServer32@                                                                              C:\Windows\System32\authuitu.dll (TuneUp WinLogon Extension/TuneUp Software SIGNED)(2014-10-01 19:06:22)
Reg     HKLM\SOFTWARE\Classes\CLSID\{00711705-12C5-420B-A4E5-6413F2AB3C7B}\Parameters@ImageRes                                                                          C:\ProgramData\TuneUp Software\TuneUp Utilities\WinStyler\LogonScreens\BlueStreak.tls.dll (TuneUp Image Resource/TuneUp Software GmbH)(2013-03-10 02:57:59)
Reg     HKLM\SOFTWARE\Classes\CLSID\{00E80F18-EC5B-4FCF-A417-7348991A8D32}\InprocServer32@                                                                              C:\Program Files\NVIDIA Corporation\Display\nvsvs.dll (NVIDIA StereoVision Server/NVIDIA Corporation SIGNED)(2013-03-09 18:40:03)
Reg     HKLM\SOFTWARE\Classes\CLSID\{01367108-5EE2-4E1C-A8DE-24438065ABC9}\InprocServer32@                                                                              C:\Program Files\NVIDIA Corporation\Display\nvdisps.dll (NVIDIA Display Server/NVIDIA Corporation SIGNED)(2013-03-09 18:40:03)
Reg     HKLM\SOFTWARE\Classes\CLSID\{01504157-8839-4BF6-9B5B-51165A967B2B}\InprocServer32@                                                                              C:\Program Files\NVIDIA Corporation\Display\nvmobls.dll (NVIDIA Mobile Server/NVIDIA Corporation SIGNED)(2013-03-09 18:40:04)
Reg     HKLM\SOFTWARE\Classes\CLSID\{02849255-07CD-4C09-97D7-017DA2AE45AA}\LocalServer32@                                                                               C:\Program Files\TuneUp Utilities 2014\TuneUpUtilitiesService32.exe (TuneUp Utilities Service/TuneUp Software SIGNED)(2014-04-15 19:59:18)
Reg     HKLM\SOFTWARE\Classes\CLSID\{04DAAD08-70EF-450E-834A-DCFAF9B48748}\InprocServer32@                                                                              C:\Program Files\FolderSize\FolderSizeColumn.dll (Folder Size column handler/Brio)(2013-02-13 04:36:46)
Reg     HKLM\SOFTWARE\Classes\CLSID\{055A7699-EAFF-47DF-8E55-41F4C0612BF3}\InprocServer32@                                                                              C:\Program Files\NVIDIA Corporation\Display\nvvitvs.dll (NVIDIA Video Server/NVIDIA Corporation SIGNED)(2013-03-09 18:40:04)
Reg     HKLM\SOFTWARE\Classes\CLSID\{05741520-C4EB-440A-AC3F-9643BBC9F847}\InprocServer32@                                                                              C:\Program Files\Microsoft Office\Office15\ADDINS\OTKLOADR.DLL (Assembly loader/Microsoft Corporation)(2012-10-02 01:32:42)
Reg     HKLM\SOFTWARE\Classes\CLSID\{063D34A4-BF84-4B8D-B699-E8CA06504DDE}\LocalServer32@                                                                               C:\Program Files\iPod\bin\iPodService.exe (iPodService Module (32-bit)/Apple Inc. SIGNED)(2014-02-21 07:54:26)
Reg     HKLM\SOFTWARE\Classes\CLSID\{06870682-6f3c-4b97-9143-f03e85c0bd3e}\LocalServer32@                                                                               C:\Program Files\Adobe\Adobe Photoshop CC\Photoshop.exe (Adobe Photoshop CC/Adobe Systems, Incorporated SIGNED)(2013-04-23 06:54:16)
Reg     HKLM\SOFTWARE\Classes\CLSID\{0713E8A2-850A-101B-AFC0-4210102A8DA7}\InprocServer32@                                                                              C:\Windows\system32\COMCTL32.OCX (Windows Common Controls ActiveX Control DLL/Microsoft Corporation SIGNED)(2012-04-04 21:04:42)
Reg     HKLM\SOFTWARE\Classes\CLSID\{07333BBD-64AF-4206-899D-2809660C61C7}\InprocServer32@                                                                              C:\Program Files\NVIDIA Corporation\Display\nvwss.dll (NVIDIA Workstation Server/NVIDIA Corporation SIGNED)(2013-03-09 18:40:04)
Reg     HKLM\SOFTWARE\Classes\CLSID\{074BFFFD-4E50-42c1-A7EB-40D9D70F2471}\InprocServer32@                                                                              C:\Program Files\NVIDIA Corporation\Display\nvdisps.dll (NVIDIA Display Server/NVIDIA Corporation SIGNED)(2013-03-09 18:40:03)
Reg     HKLM\SOFTWARE\Classes\CLSID\{08A6AF6A-8FF2-4a3b-BECF-C2FAC8630BBF}@LocalizedString                                                                              C:\Program Files\iTunes\iTunes.Resources\iTunesRegistry.dll (iTunes Resource Module/Apple Inc. SIGNED)(2014-02-21 08:25:18)
Reg     HKLM\SOFTWARE\Classes\CLSID\{08A6AF6A-8FF2-4a3b-BECF-C2FAC8630BBF}\Elevation@IconReference                                                                      C:\Program Files\iTunes\iTunes.exe (iTunes/Apple Inc. SIGNED)(2014-02-21 07:54:38)
Reg     HKLM\SOFTWARE\Classes\CLSID\{08A6AF6A-8FF2-4a3b-BECF-C2FAC8630BBF}\InprocServer32@                                                                              C:\Program Files\iTunes\iTunesAdmin.dll (iTunes Administrative DLL/Apple Inc. SIGNED)(2014-02-21 07:54:40)
Reg     HKLM\SOFTWARE\Classes\CLSID\{09935f2b-b1e6-4db8-a1a7-c2d668055c8d}\LocalServer32@                                                                               C:\Program Files\Adobe\Adobe Photoshop CC\Photoshop.exe (Adobe Photoshop CC/Adobe Systems, Incorporated SIGNED)(2013-04-23 06:54:16)
Reg     HKLM\SOFTWARE\Classes\CLSID\{0A25C695-3765-4B37-9455-4B1C113C2C04}\InprocServer32@                                                                              C:\Program Files\iTunes\iTunesOutlookAddIn.dll (iTunes Outlook Add-in/Apple Inc. SIGNED)(2014-02-21 07:54:44)
Reg     HKLM\SOFTWARE\Classes\CLSID\{0bbca823-e77d-419e-9a44-5adec2c8eeb0}@InfoTip                                                                                      C:\Program Files\NVIDIA Corporation\Control Panel Client\nvcpluir.dll (NVIDIA Control Panel Resource Library, 7.5.760.0/NVIDIA Corporation SIGNED)(2013-03-09 18:40:03)
Reg     HKLM\SOFTWARE\Classes\CLSID\{0bbca823-e77d-419e-9a44-5adec2c8eeb0}\Shell\Open\Command@                                                                          C:\Program Files\NVIDIA Corporation\Control Panel Client\nvcplui.exe (NVIDIA Control Panel Application, 7.6.740.0/NVIDIA Corporation SIGNED)(2013-03-09 18:40:03)
Reg     HKLM\SOFTWARE\Classes\CLSID\{0c2fae24-fb4f-4d63-be4d-8f1d15eecb8a}\LocalServer32@                                                                               C:\Program Files\Adobe\Adobe Photoshop CC\Photoshop.exe (Adobe Photoshop CC/Adobe Systems, Incorporated SIGNED)(2013-04-23 06:54:16)
Reg     HKLM\SOFTWARE\Classes\CLSID\{0D68D6D0-D93D-4D08-A30D-F00DD1F45B24}\InProcServer32@                                                                              C:\Program Files\Mozilla Firefox\AccessibleMarshal.dll (Mozilla Foundation SIGNED)(2014-06-24 20:17:44)
Reg     HKLM\SOFTWARE\Classes\CLSID\{0dd1b209-9750-4df8-931e-b7837ef2a639}\LocalServer32@                                                                               C:\Program Files\Adobe\Adobe Photoshop CC\Photoshop.exe (Adobe Photoshop CC/Adobe Systems, Incorporated SIGNED)(2013-04-23 06:54:16)
Reg     HKLM\SOFTWARE\Classes\CLSID\{0EEC1AF6-7664-4D17-88A5-B71EF18A93BC}\InprocServer32@                                                                              C:\Program Files\NVIDIA Corporation\Display\nvwss.dll (NVIDIA Workstation Server/NVIDIA Corporation SIGNED)(2013-03-09 18:40:04)
Reg     HKLM\SOFTWARE\Classes\CLSID\{0FB41BD0-3107-40A5-8D49-456E585947B2}\InprocServer32@                                                                              C:\Program Files\NVIDIA Corporation\Display\nvdisps.dll (NVIDIA Display Server/NVIDIA Corporation SIGNED)(2013-03-09 18:40:03)
Reg     HKLM\SOFTWARE\Classes\CLSID\{10DD084E-A5AE-456F-A3BE-DA67EBE6B090}\InprocServer32@                                                                              C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL (Skype for COM API/Skype Technologies SIGNED)(2013-02-26 19:38:30)
Reg     HKLM\SOFTWARE\Classes\CLSID\{11E4D223-C650-43F9-AB90-AB3AE4FB38F0}\InProcServer32@                                                                              C:\Program Files\iTunes\iTunesAdmin.dll (iTunes Administrative DLL/Apple Inc. SIGNED)(2014-02-21 07:54:40)
Reg     HKLM\SOFTWARE\Classes\CLSID\{12E6A993-AE52-4F99-8B89-41F985E6C952}\InprocServer32@                                                                              C:\Program Files\Common Files\Apple\Mobile Device Support\OutlookChangeNotifierAddIn.dll (OutlookChangeNotifier/Apple Inc. SIGNED)(2014-02-12 21:03:40)
Reg     HKLM\SOFTWARE\Classes\CLSID\{1397D36A-D960-4a1a-A02B-D7496833C953}\InprocServer32@                                                                              C:\Program Files\Microsoft SQL Server Compact Edition\v3.1\sqlceca30.dll (Client Agent/Microsoft Corporation)(2006-12-22 02:05:48)
Reg     HKLM\SOFTWARE\Classes\CLSID\{14300b0e-d530-4964-885f-5c1c4c760ebe}\LocalServer32@                                                                               C:\Program Files\Adobe\Adobe Photoshop CC\Photoshop.exe (Adobe Photoshop CC/Adobe Systems, Incorporated SIGNED)(2013-04-23 06:54:16)
Reg     HKLM\SOFTWARE\Classes\CLSID\{15B6FEE5-5FB3-4071-AC1F-7AEDC0E2A6BB}\InprocServer32@                                                                              C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL (Skype for COM API/Skype Technologies SIGNED)(2013-02-26 19:38:30)
Reg     HKLM\SOFTWARE\Classes\CLSID\{15D83527-0176-46bb-85BD-2C86CA096945}\Shell\Open\Command@                                                                          C:\Program Files\VIA\VIAudioi\VDeck\VDECK.exe (VIA HD Audio CPL/VIA)(2013-03-09 21:14:52)
Reg     HKLM\SOFTWARE\Classes\CLSID\{1618348E-35B3-4631-8C04-2AB15AF5007D}\InprocServer32@                                                                              C:\Program Files\NVIDIA Corporation\Display\nvwss.dll (NVIDIA Workstation Server/NVIDIA Corporation SIGNED)(2013-03-09 18:40:04)
Reg     HKLM\SOFTWARE\Classes\CLSID\{1b5d0220-7bd8-4539-a7f5-5f844275e5af}\LocalServer32@                                                                               C:\Program Files\Adobe\Adobe Photoshop CC\Photoshop.exe (Adobe Photoshop CC/Adobe Systems, Incorporated SIGNED)(2013-04-23 06:54:16)
Reg     HKLM\SOFTWARE\Classes\CLSID\{1BC39379-8D90-4F18-8817-795C57163770}\InprocServer32@                                                                              C:\Program Files\NVIDIA Corporation\Display\nvdisps.dll (NVIDIA Display Server/NVIDIA Corporation SIGNED)(2013-03-09 18:40:03)
Reg     HKLM\SOFTWARE\Classes\CLSID\{1BCA4635-F1FC-44C8-B829-48229AEB32E3}\InprocServer32@                                                                              C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL (Skype for COM API/Skype Technologies SIGNED)(2013-02-26 19:38:30)
Reg     HKLM\SOFTWARE\Classes\CLSID\{1DC715B2-9126-4671-8086-299A44543E0F}\InprocServer32@                                                                              C:\Program Files\NVIDIA Corporation\Display\nvxdbat.dll (NVIDIA User Experience Driver Component/NVIDIA Corporation SIGNED)(2013-03-09 18:40:04)
Reg     HKLM\SOFTWARE\Classes\CLSID\{1fba5ebf-cedc-44b8-9c95-fd1978db7be5}\LocalServer32@                                                                               C:\Program Files\Adobe\Adobe Photoshop CC\Photoshop.exe (Adobe Photoshop CC/Adobe Systems, Incorporated SIGNED)(2013-04-23 06:54:16)
Reg     HKLM\SOFTWARE\Classes\CLSID\{20ADDA11-8287-44D0-8C63-27CDA87ACC46}@LocalizedString                                                                              C:\Program Files\iTunes\iTunes.Resources\iTunesRegistry.dll (iTunes Resource Module/Apple Inc. SIGNED)(2014-02-21 08:25:18)
Reg     HKLM\SOFTWARE\Classes\CLSID\{20ADDA11-8287-44D0-8C63-27CDA87ACC46}\Elevation@IconReference                                                                      C:\Program Files\iTunes\iTunes.exe (iTunes/Apple Inc. SIGNED)(2014-02-21 07:54:38)
Reg     HKLM\SOFTWARE\Classes\CLSID\{20ADDA11-8287-44D0-8C63-27CDA87ACC46}\InprocServer32@                                                                              C:\Program Files\iTunes\iTunesAdmin.dll (iTunes Administrative DLL/Apple Inc. SIGNED)(2014-02-21 07:54:40)
Reg     HKLM\SOFTWARE\Classes\CLSID\{21570036-03ec-465b-a699-0934f24b2546}\LocalServer32@                                                                               C:\Program Files\Adobe\Adobe Photoshop CC\Photoshop.exe (Adobe Photoshop CC/Adobe Systems, Incorporated SIGNED)(2013-04-23 06:54:16)
Reg     HKLM\SOFTWARE\Classes\CLSID\{21BDEF47-9BFA-480a-A60F-85BC338F1B22}\InprocServer32@                                                                              C:\Program Files\Microsoft SQL Server Compact Edition\v3.1\sqlceca30.dll (Client Agent/Microsoft Corporation)(2006-12-22 02:05:48)
Reg     HKLM\SOFTWARE\Classes\CLSID\{222C0F35-3D78-4570-9F6D-BAEE289D0304}\InprocServer32@                                                                              C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL (Skype for COM API/Skype Technologies SIGNED)(2013-02-26 19:38:30)
Reg     HKLM\SOFTWARE\Classes\CLSID\{23be0557-d959-4022-985d-3abc5a658e4d}\LocalServer32@                                                                               C:\Program Files\Adobe\Adobe Photoshop CC\Photoshop.exe (Adobe Photoshop CC/Adobe Systems, Incorporated SIGNED)(2013-04-23 06:54:16)
Reg     HKLM\SOFTWARE\Classes\CLSID\{24CD4DE9-FF84-4701-9DC1-9B69E0D1090A}\InprocServer32@                                                                              C:\Windows\system32\dnssdX.dll (Bonjour COM Component Library/Apple Inc. SIGNED)(2011-08-31 03:05:04)
Reg     HKLM\SOFTWARE\Classes\CLSID\{2509ABBC-871E-42e5-A27B-F7DA394B1897}\LocalServer32@                                                                               C:\Program Files\TuneUp Utilities 2014\TuneUpUtilitiesService32.exe (TuneUp Utilities Service/TuneUp Software SIGNED)(2014-04-15 19:59:18)
Reg     HKLM\SOFTWARE\Classes\CLSID\{25461599-633D-42B1-84FB-7CD68D026E53}\LocalServer32@                                                                               C:\Program Files\Google\Update\1.3.24.15\GoogleUpdateOnDemand.exe (Google Update/Google Inc. SIGNED)(2014-06-20 16:43:53)
Reg     HKLM\SOFTWARE\Classes\CLSID\{2692A9D5-61DF-46D5-A5A1-A6CCA921D578}\LocalServer32@                                                                               C:\Program Files\Apple Software Update\SoftwareUpdate.exe (Apple Software Update/Apple Inc. SIGNED)(2011-06-01 22:57:16)
Reg     HKLM\SOFTWARE\Classes\CLSID\{26A37DC6-935D-439B-80DD-C1006AE13D71}\InprocServer32@                                                                              C:\Program Files\NVIDIA Corporation\Display\nvdisps.dll (NVIDIA Display Server/NVIDIA Corporation SIGNED)(2013-03-09 18:40:03)
Reg     HKLM\SOFTWARE\Classes\CLSID\{273C813F-46B0-4D2D-B522-73CB5D1C372A}\InprocServer32@                                                                              C:\Program Files\DAEMON Tools Pro\DTGadget32.dll (DT Gadget library/DT Soft Ltd)(2012-10-23 08:24:44)
Reg     HKLM\SOFTWARE\Classes\CLSID\{2758dffc-f9fb-4c62-82c9-fdc9bceb5e9c}\InprocServer32@                                                                              C:\Program Files\Winamp\Plugins\Gracenote\cddbcontrolwinamp.dll (CDDBControl Core Module (NSWinamp)/Gracenote, Inc.)(2011-03-16 19:19:42)
Reg     HKLM\SOFTWARE\Classes\CLSID\{27e004ee-b5a6-4854-9031-55d5dd8603cd}\LocalServer32@                                                                               C:\Program Files\Adobe\Adobe Photoshop CC\Photoshop.exe (Adobe Photoshop CC/Adobe Systems, Incorporated SIGNED)(2013-04-23 06:54:16)
Reg     HKLM\SOFTWARE\Classes\CLSID\{28041299-f00d-4156-88c7-4c663cd47b00}\InprocServer32@                                                                              C:\Program Files\Winamp\Plugins\Gracenote\CddbMusicIDWinamp.dll (CddbMusicID Module (NSWinamp)/Gracenote)(2011-03-16 19:19:42)
Reg     HKLM\SOFTWARE\Classes\CLSID\{294EC7E3-94B7-4A6C-8636-09B33674D58F}\InprocServer32@                                                                              C:\Program Files\NVIDIA Corporation\Display\nvwss.dll (NVIDIA Workstation Server/NVIDIA Corporation SIGNED)(2013-03-09 18:40:04)
Reg     HKLM\SOFTWARE\Classes\CLSID\{29DCD339-D184-469B-8BFB-199A2CCF014E}\InprocServer32@                                                                              C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL (Skype for COM API/Skype Technologies SIGNED)(2013-02-26 19:38:30)
Reg     HKLM\SOFTWARE\Classes\CLSID\{2C7DDECF-7A8E-48A5-A744-8F45D20FB1A9}\InprocServer32@                                                                              C:\Program Files\DAEMON Tools Pro\DTShl32.dll (DAEMON Tools Pro/DT Soft Ltd SIGNED)(2012-10-23 08:23:52)
Reg     HKLM\SOFTWARE\Classes\CLSID\{2DBCDA9F-1248-400B-A382-A56D71BF7B15}\InprocServer32@                                                                              C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL (Skype for COM API/Skype Technologies SIGNED)(2013-02-26 19:38:30)
Reg     HKLM\SOFTWARE\Classes\CLSID\{2DF0ACC2-6D97-491b-9581-70A6001FD25A}\InprocServer32@                                                                              C:\Program Files\NVIDIA Corporation\Display\nvsvs.dll (NVIDIA StereoVision Server/NVIDIA Corporation SIGNED)(2013-03-09 18:40:03)
Reg     HKLM\SOFTWARE\Classes\CLSID\{2E17C0EF-2851-459b-A3C8-27A41D4BC9F7}\InProcServer32@                                                                              C:\Windows\system32\themeui.dll (Windows Theme API/Microsoft Corporation)(2013-03-10 04:49:59)
Reg     HKLM\SOFTWARE\Classes\CLSID\{2E74C695-8E9C-4179-B0A0-BC2EBDEB5C2B}\InProcServer32@                                                                              C:\Program Files\Winamp\elevatorps.dll (Elevator Dynamic Link Library/Nullsoft, Inc.)(2013-12-13 02:47:56)
Reg     HKLM\SOFTWARE\Classes\CLSID\{2EEAB6D0-491E-4962-BBA1-FF1CCA6D4DD0}\InprocServer32@                                                                              C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL (Skype for COM API/Skype Technologies SIGNED)(2013-02-26 19:38:30)
Reg     HKLM\SOFTWARE\Classes\CLSID\{2FD96798-0D65-4D57-A095-B57679740E37}\InprocServer32@                                                                              C:\Program Files\NVIDIA Corporation\Display\nvgames.dll (NVIDIA 3D Settings Server/NVIDIA Corporation SIGNED)(2013-03-09 18:40:04)
Reg     HKLM\SOFTWARE\Classes\CLSID\{3020E6D8-7D1A-4D3C-8B62-C4D4B8F28434}\InprocServer32@                                                                              C:\Program Files\NVIDIA Corporation\Display\nvvitvs.dll (NVIDIA Video Server/NVIDIA Corporation SIGNED)(2013-03-09 18:40:04)
Reg     HKLM\SOFTWARE\Classes\CLSID\{3156EC84-29BD-4EAA-AE0A-817ED606FA99}\InprocServer32@                                                                              C:\Program Files\NVIDIA Corporation\Display\nvgames.dll (NVIDIA 3D Settings Server/NVIDIA Corporation SIGNED)(2013-03-09 18:40:04)
Reg     HKLM\SOFTWARE\Classes\CLSID\{31935372-7052-404a-AA4D-59496A1AF9B3}\InprocServer32@                                                                              C:\Program Files\Microsoft SQL Server Compact Edition\v3.1\sqlceca30.dll (Client Agent/Microsoft Corporation)(2006-12-22 02:05:48)
Reg     HKLM\SOFTWARE\Classes\CLSID\{32CE2952-2585-49a6-AEFF-1732076C2945}\InprocServer32@                                                                              C:\Program Files\Microsoft SQL Server Compact Edition\v3.1\sqlceoledb30.dll (OLEDB Provider/Microsoft Corporation)(2006-12-22 02:10:40)
Reg     HKLM\SOFTWARE\Classes\CLSID\{33C89616-F807-4957-BF34-A1C91D7A1A2E}\InprocServer32@                                                                              C:\Program Files\NVIDIA Corporation\Display\nvxdbat.dll (NVIDIA User Experience Driver Component/NVIDIA Corporation SIGNED)(2013-03-09 18:40:04)
Reg     HKLM\SOFTWARE\Classes\CLSID\{346355E1-7094-4321-BBE2-2EBE8BF08981}\LocalServer32@                                                                               C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\9\INTEL3~1\IDriver.exe (InstallDriver Module/InstallShield Software Corporation)(2003-09-04 19:21:52)
Reg     HKLM\SOFTWARE\Classes\CLSID\{3506CDB7-8BC6-40C0-B108-CEA0B9480130}\InprocServer32@                                                                              C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL (Skype for COM API/Skype Technologies SIGNED)(2013-02-26 19:38:30)
Reg     HKLM\SOFTWARE\Classes\CLSID\{368F81BC-9439-41A8-B532-39C8D7E7D147}\LocalServer32@                                                                               C:\Program Files\iPod\bin\iPodService.exe (iPodService Module (32-bit)/Apple Inc. SIGNED)(2014-02-21 07:54:26)
Reg     HKLM\SOFTWARE\Classes\CLSID\{36d3acf3-9e61-45b5-b3f6-809b66c0c338}\LocalServer32@                                                                               C:\Program Files\Adobe\Adobe Photoshop CC\Photoshop.exe (Adobe Photoshop CC/Adobe Systems, Incorporated SIGNED)(2013-04-23 06:54:16)
Reg     HKLM\SOFTWARE\Classes\CLSID\{373FF7F0-EB8B-11CD-8820-08002B2F4F5A}\InprocServer32@                                                                              C:\Windows\system32\COMCTL32.OCX (Windows Common Controls ActiveX Control DLL/Microsoft Corporation SIGNED)(2012-04-04 21:04:42)
Reg     HKLM\SOFTWARE\Classes\CLSID\{380f6da5-e025-4747-863b-ee9055fcfa26}\LocalServer32@                                                                               C:\Program Files\Adobe\Adobe Photoshop CC\Photoshop.exe (Adobe Photoshop CC/Adobe Systems, Incorporated SIGNED)(2013-04-23 06:54:16)
Reg     HKLM\SOFTWARE\Classes\CLSID\{39c806ec-eb0a-4f6e-b40d-c41d92281b5e}\InprocServer32@                                                                              C:\Program Files\Winamp\Plugins\Gracenote\CddbPlaylist2Winamp.dll(2011-03-16 19:19:42)
Reg     HKLM\SOFTWARE\Classes\CLSID\{3B29AB5C-52CB-4A36-9314-E3FEE0BA7468}@LocalizedString                                                                              C:\Program Files\Winamp\Elevator.exe (Winamp Elevator/Nullsoft, Inc. SIGNED)(2013-12-13 02:47:54)
Reg     HKLM\SOFTWARE\Classes\CLSID\{3C4F3BE3-47EB-101B-A3C9-08002B2F49FB}\InprocServer32@                                                                              C:\Windows\system32\COMDLG32.OCX (CMDialog ActiveX Control DLL/Microsoft Corporation SIGNED)(2012-04-04 21:04:42)
Reg     HKLM\SOFTWARE\Classes\CLSID\{3d055b64-824e-4613-b845-6afcdb888aa0}\InprocServer32@                                                                              C:\Program Files\Winamp\Plugins\Gracenote\cddbcontrolwinamp.dll (CDDBControl Core Module (NSWinamp)/Gracenote, Inc.)(2011-03-16 19:19:42)
Reg     HKLM\SOFTWARE\Classes\CLSID\{3D1975AF-48C6-4f8e-A182-AC5012248AB5}\InProcServer32@                                                                              C:\Windows\system32\nvshext.dll (NVIDIA Display Shell Extension/NVIDIA Corporation SIGNED)(2013-03-09 18:40:04)
Reg     HKLM\SOFTWARE\Classes\CLSID\{3D3E7C1B-79A7-4CC7-8925-41FA813E9913}\InprocServer32@                                                                              C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL (Skype for COM API/Skype Technologies SIGNED)(2013-02-26 19:38:30)
Reg     HKLM\SOFTWARE\Classes\CLSID\{3E500C0C-5D15-4610-8095-7CEBD4C43F24}\InprocServer32@                                                                              C:\Program Files\NVIDIA Corporation\Display\nvvitvs.dll (NVIDIA Video Server/NVIDIA Corporation SIGNED)(2013-03-09 18:40:04)
Reg     HKLM\SOFTWARE\Classes\CLSID\{3e6b5aaa-3d88-4846-b40f-88f7f133e683}\LocalServer32@                                                                               C:\Program Files\Adobe\Adobe Photoshop CC\Photoshop.exe (Adobe Photoshop CC/Adobe Systems, Incorporated SIGNED)(2013-04-23 06:54:16)
Reg     HKLM\SOFTWARE\Classes\CLSID\{40966797-8FFE-46C8-9EF8-7003F33CCF0F}\InprocServer32@                                                                              C:\Program Files\DAEMON Tools Pro\DTShl32.dll (DAEMON Tools Pro/DT Soft Ltd SIGNED)(2012-10-23 08:23:52)
Reg     HKLM\SOFTWARE\Classes\CLSID\{416b980d-f0f5-4bea-ba63-6849c5170908}\LocalServer32@                                                                               C:\Program Files\Adobe\Adobe Photoshop CC\Photoshop.exe (Adobe Photoshop CC/Adobe Systems, Incorporated SIGNED)(2013-04-23 06:54:16)
Reg     HKLM\SOFTWARE\Classes\CLSID\{41E300E0-78B6-11ce-849B-444553540000}\InProcServer32@                                                                              C:\Windows\system32\themeui.dll (Windows Theme API/Microsoft Corporation)(2013-03-10 04:49:59)
Reg     HKLM\SOFTWARE\Classes\CLSID\{4274782f-e631-487b-bc58-34f36a2b9203}\InprocServer32@                                                                              C:\Program Files\Winamp\Plugins\Gracenote\cddbuiwinamp.dll (CDDBUIControl Module (NSWinamp)/Gracenote)(2011-03-16 19:19:42)
Reg     HKLM\SOFTWARE\Classes\CLSID\{4299124F-F2C3-41b4-9C73-9236B2AD0E8F}@InfoTip                                                                                      C:\Program Files\Java\jre7\bin\javacpl.exe (Java Control Panel/Oracle Corporation SIGNED)(2013-08-05 01:34:40)
Reg     HKLM\SOFTWARE\Classes\CLSID\{42D67DD2-D956-4698-A502-9F59727E044A}\InprocServer32@                                                                              C:\Program Files\TuneUp Utilities 2014\TUTuningIndex.dll (TuneUp Tuning Index/TuneUp Software SIGNED)(2014-04-15 19:59:24)
Reg     HKLM\SOFTWARE\Classes\CLSID\{42FE718B-A148-41D6-885B-01A0AFAE8723}\InprocServer32@                                                                              C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL (Skype for COM API/Skype Technologies SIGNED)(2013-02-26 19:38:30)
Reg     HKLM\SOFTWARE\Classes\CLSID\{455c3e04-bfe9-4089-8622-f2464ec3fddb}\InprocServer32@                                                                              C:\Program Files\Microsoft SQL Server Compact Edition\v3.1\sqlceca30.dll (Client Agent/Microsoft Corporation)(2006-12-22 02:05:48)
Reg     HKLM\SOFTWARE\Classes\CLSID\{46986115-84D6-459c-8F95-52DD653E532E}\LocalServer32@                                                                               C:\Program Files\Winamp\winamp.exe (Winamp/Nullsoft, Inc. SIGNED)(2013-12-13 02:47:54)
Reg     HKLM\SOFTWARE\Classes\CLSID\{46F8ADC5-0EA1-49d7-9657-56A50133CD42}\InprocServer32@                                                                              C:\Program Files\DAEMON Tools Pro\DTGadget32.dll (DT Gadget library/DT Soft Ltd)(2012-10-23 08:24:44)
Reg     HKLM\SOFTWARE\Classes\CLSID\{4838CD50-7E5D-4811-9B17-C47A85539F28}\InProcServer32@                                                                              C:\Program Files\TuneUp Utilities 2014\DseShExt-x86.dll (TuneUp Disk Space Explorer Shell Extension/TuneUp Software SIGNED)(2014-04-15 19:59:16)
Reg     HKLM\SOFTWARE\Classes\CLSID\{4858E7D9-8E12-45a3-B6A3-1CD128C9D403}\InProcServer32@                                                                              C:\Program Files\TuneUp Utilities 2014\SDShelEx-win32.dll (TuneUp Shredder Shell Extension/TuneUp Software SIGNED)(2014-04-15 19:59:16)
Reg     HKLM\SOFTWARE\Classes\CLSID\{4997bae9-4015-4030-80aa-1477ce28e66c}\InprocServer32@                                                                              C:\Program Files\Winamp\Plugins\Gracenote\cddbcontrolwinamp.dll (CDDBControl Core Module (NSWinamp)/Gracenote, Inc.)(2011-03-16 19:19:42)
Reg     HKLM\SOFTWARE\Classes\CLSID\{49C407EF-78B9-4C82-A40B-2FE02F8E771D}\InProcServer32@                                                                              C:\Windows\system32\themeui.dll (Windows Theme API/Microsoft Corporation)(2013-03-10 04:49:59)
Reg     HKLM\SOFTWARE\Classes\CLSID\{49E6B51C-DB5F-4178-8691-412463C1A0EB}\LocalServer32@                                                                               C:\Windows\system32\nvvsvc.exe (NVIDIA Driver Helper Service, Version 335.23/NVIDIA Corporation SIGNED)(2013-03-09 18:40:04)
Reg     HKLM\SOFTWARE\Classes\CLSID\{49F585C0-CE12-4306-9100-B6A28857B10B}\InprocServer32@                                                                              C:\Program Files\NVIDIA Corporation\Display\nvdisps.dll (NVIDIA Display Server/NVIDIA Corporation SIGNED)(2013-03-09 18:40:03)
Reg     HKLM\SOFTWARE\Classes\CLSID\{4B42750B-57A1-47E7-B340-8EAE0E3126A4}\InprocServer32@                                                                              C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL (Skype for COM API/Skype Technologies SIGNED)(2013-02-26 19:38:30)
Reg     HKLM\SOFTWARE\Classes\CLSID\{4c892621-6757-4fe0-ad8c-a6301be7fba2}\InProcServer32@                                                                              C:\Windows\system32\themeui.dll (Windows Theme API/Microsoft Corporation)(2013-03-10 04:49:59)
Reg     HKLM\SOFTWARE\Classes\CLSID\{4d60fc87-14b0-48b3-93c2-5967b0fb6f96}\InprocServer32@                                                                              C:\Program Files\Winamp\Plugins\Gracenote\cddbuiwinamp.dll (CDDBUIControl Module (NSWinamp)/Gracenote)(2011-03-16 19:19:42)
Reg     HKLM\SOFTWARE\Classes\CLSID\{4FC7F090-041C-4730-BD24-AF4BA8A2A5E0}\InprocServer32@                                                                              C:\Program Files\NVIDIA Corporation\Display\nvxdbat.dll (NVIDIA User Experience Driver Component/NVIDIA Corporation SIGNED)(2013-03-09 18:40:04)
Reg     HKLM\SOFTWARE\Classes\CLSID\{50125552-EC89-4049-B1B7-5FDBE38C8509}\InprocServer32@                                                                              C:\Program Files\NVIDIA Corporation\Display\nvsvs.dll (NVIDIA StereoVision Server/NVIDIA Corporation SIGNED)(2013-03-09 18:40:03)
Reg     HKLM\SOFTWARE\Classes\CLSID\{5135A9C0-F05A-4FBD-8EC6-6B920CD387F6}\InprocServer32@                                                                              C:\Program Files\NVIDIA Corporation\Display\nvwss.dll (NVIDIA Workstation Server/NVIDIA Corporation SIGNED)(2013-03-09 18:40:04)
Reg     HKLM\SOFTWARE\Classes\CLSID\{51840041-B26F-4843-B358-22ABB067396C}\InprocServer32@                                                                              C:\Program Files\NVIDIA Corporation\Display\nvdisps.dll (NVIDIA Display Server/NVIDIA Corporation SIGNED)(2013-03-09 18:40:03)
Reg     HKLM\SOFTWARE\Classes\CLSID\{52071016-E648-4D3B-B57E-2B46CC993CE0}\InprocServer32@                                                                              C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL (Skype for COM API/Skype Technologies SIGNED)(2013-02-26 19:38:30)
Reg     HKLM\SOFTWARE\Classes\CLSID\{52dd2c00-70fb-4f7c-ae1d-687b83965b76}\LocalServer32@                                                                               C:\Program Files\Adobe\Adobe Photoshop CC\Photoshop.exe (Adobe Photoshop CC/Adobe Systems, Incorporated SIGNED)(2013-04-23 06:54:16)
Reg     HKLM\SOFTWARE\Classes\CLSID\{5387A36B-6F55-4C66-B085-E18393FCEA87}\InprocHandler32@                                                                             C:\Program Files\NVIDIA Corporation\Display\nvxdbat.dll (NVIDIA User Experience Driver Component/NVIDIA Corporation SIGNED)(2013-03-09 18:40:04)
Reg     HKLM\SOFTWARE\Classes\CLSID\{54CEE07E-E1C8-45DB-B550-417E75C4CA58}\InprocServer32@                                                                              C:\Program Files\NVIDIA Corporation\Display\nvwss.dll (NVIDIA Workstation Server/NVIDIA Corporation SIGNED)(2013-03-09 18:40:04)
Reg     HKLM\SOFTWARE\Classes\CLSID\{56CDA654-2AA2-456F-81B1-153FE7B381A2}\InprocServer32@                                                                              C:\Program Files\NVIDIA Corporation\Display\nvmobls.dll (NVIDIA Mobile Server/NVIDIA Corporation SIGNED)(2013-03-09 18:40:04)
Reg     HKLM\SOFTWARE\Classes\CLSID\{5717060C-0509-11E0-B88E-001D60AF2322}\InprocServer32@                                                                              C:\Users\nots0\AppData\Local\Strongvault Online Backup\CtxMenu.dll (Stronghold Online Backup Module/Stronghold Online Backup SIGNED)(2012-04-04 21:04:42)
Reg     HKLM\SOFTWARE\Classes\CLSID\{572ef9f6-3203-403c-810f-f5e693db8433}\LocalServer32@                                                                               C:\Program Files\Adobe\Adobe Photoshop CC\Photoshop.exe (Adobe Photoshop CC/Adobe Systems, Incorporated SIGNED)(2013-04-23 06:54:16)
Reg     HKLM\SOFTWARE\Classes\CLSID\{5792FC7D-5E1D-4F1A-BD4F-A7A50F92BC6E}\InprocServer32@                                                                              C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL (Skype for COM API/Skype Technologies SIGNED)(2013-02-26 19:38:30)
Reg     HKLM\SOFTWARE\Classes\CLSID\{57B83450-FD6E-4A1E-8B53-1320576F8054}\InprocServer32@                                                                              C:\Program Files\NVIDIA Corporation\3D Vision\Nv3DVStreamingIePlugin.dll (NVIDIA 3D Vision Streaming IE plugin/NVIDIA Corporation)(2014-03-22 16:00:52)
Reg     HKLM\SOFTWARE\Classes\CLSID\{582ebc3a-0381-45f7-9f44-ce0964606972}\LocalServer32@                                                                               C:\Program Files\Adobe\Adobe Photoshop CC\Photoshop.exe (Adobe Photoshop CC/Adobe Systems, Incorporated SIGNED)(2013-04-23 06:54:16)
Reg     HKLM\SOFTWARE\Classes\CLSID\{5852F5ED-8BF4-11D4-A245-0080C6F74284}\InprocServer32@                                                                              C:\Program Files\Java\jre7\bin\wsdetect.dll (Java Web Start ActiveX Control/Oracle Corporation SIGNED)(2013-08-05 01:34:44)
Reg     HKLM\SOFTWARE\Classes\CLSID\{58c14ee0-09f4-43f6-9f2b-00fea071ba62}\LocalServer32@                                                                               C:\Program Files\Adobe\Adobe Photoshop CC\Photoshop.exe (Adobe Photoshop CC/Adobe Systems, Incorporated SIGNED)(2013-04-23 06:54:16)
Reg     HKLM\SOFTWARE\Classes\CLSID\{58DA8D8A-9D6A-101B-AFC0-4210102A8DA7}\InprocServer32@                                                                              C:\Windows\system32\COMCTL32.OCX (Windows Common Controls ActiveX Control DLL/Microsoft Corporation SIGNED)(2012-04-04 21:04:42)
Reg     HKLM\SOFTWARE\Classes\CLSID\{598FE0E5-E02D-465D-9A9D-37974A28FD42}@LocalizedString                                                                              C:\Program Files\Google\Update\1.3.24.15\goopdate.dll (Google Update/Google Inc. SIGNED)(2014-06-20 16:43:45)
Reg     HKLM\SOFTWARE\Classes\CLSID\{598FE0E5-E02D-465D-9A9D-37974A28FD42}\LocalServer32@                                                                               C:\Program Files\Google\Update\1.3.24.15\GoogleUpdateOnDemand.exe (Google Update/Google Inc. SIGNED)(2014-06-20 16:43:53)
Reg     HKLM\SOFTWARE\Classes\CLSID\{5ACBB955-5C57-11CF-8993-00AA00688B10}\InprocServer32@                                                                              C:\Windows\system32\COMCTL32.OCX (Windows Common Controls ActiveX Control DLL/Microsoft Corporation SIGNED)(2012-04-04 21:04:42)
Reg     HKLM\SOFTWARE\Classes\CLSID\{5C65F4B0-3651-4514-B207-D10CB699B14B}\LocalServer32@                                                                               C:\Program Files\Google\Chrome\Application\37.0.2062.124\delegate_execute.exe (Google Chrome/Google Inc. SIGNED)(2014-09-24 23:51:15)
Reg     HKLM\SOFTWARE\Classes\CLSID\{5CDC744A-C333-4860-A69C-0612E7637995}\LocalServer32@                                                                               C:\Program Files\NewSoftware's\Folder Lock\FLComServ.exe ( New Softwares.net SIGNED)(2013-03-10 14:28:02)
Reg     HKLM\SOFTWARE\Classes\CLSID\{5DF4E7C5-78E3-4CCA-93CD-DF1639E165FB}\InprocServer32@                                                                              C:\Program Files\NVIDIA Corporation\Display\nvxdapix.dll (NVIDIA User Experience Driver Component/NVIDIA Corporation SIGNED)(2013-03-09 18:40:04)
Reg     HKLM\SOFTWARE\Classes\CLSID\{5E541E71-A474-4EAD-8FCB-24D400D023B7}\InprocServer32@                                                                              C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL (Skype for COM API/Skype Technologies SIGNED)(2013-02-26 19:38:30)
Reg     HKLM\SOFTWARE\Classes\CLSID\{5E93C5A9-7516-4259-A67B-41A656F6E01C}\InprocServer32@                                                                              C:\Windows\system32\dnssdX.dll (Bonjour COM Component Library/Apple Inc. SIGNED)(2011-08-31 03:05:04)
Reg     HKLM\SOFTWARE\Classes\CLSID\{5EF1CF5D-87A9-434b-8786-2A08E1C30F6C}\LocalServer32@                                                                               C:\Program Files\TuneUp Utilities 2014\TuneUpUtilitiesService32.exe (TuneUp Utilities Service/TuneUp Software SIGNED)(2014-04-15 19:59:18)
Reg     HKLM\SOFTWARE\Classes\CLSID\{6017A978-93AD-4F2F-9E2D-07CF8C8DEBC4}\InprocServer32@                                                                              C:\Program Files\NVIDIA Corporation\Display\nvdisps.dll (NVIDIA Display Server/NVIDIA Corporation SIGNED)(2013-03-09 18:40:03)
Reg     HKLM\SOFTWARE\Classes\CLSID\{6027C2D4-FB28-11CD-8820-08002B2F4F5A}\InprocServer32@                                                                              C:\Windows\system32\COMCTL32.OCX (Windows Common Controls ActiveX Control DLL/Microsoft Corporation SIGNED)(2012-04-04 21:04:42)
Reg     HKLM\SOFTWARE\Classes\CLSID\{612826E1-609E-41EF-AE0F-51D3E7BDE0FD}\LocalServer32@                                                                               C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\9\INTEL3~1\IDriver2.exe (InstallDriver Module/InstallShield Software Corporation)(2003-09-04 19:21:52)
Reg     HKLM\SOFTWARE\Classes\CLSID\{612A8624-0FB3-11CE-8747-524153480004}\InprocServer32@                                                                              C:\Windows\system32\COMCTL32.OCX (Windows Common Controls ActiveX Control DLL/Microsoft Corporation SIGNED)(2012-04-04 21:04:42)
Reg     HKLM\SOFTWARE\Classes\CLSID\{61bd27fe-604c-49f8-a979-7a260a51ea5f}\InprocServer32@                                                                              C:\Program Files\Winamp\Plugins\Gracenote\cddbcontrolwinamp.dll (CDDBControl Core Module (NSWinamp)/Gracenote, Inc.)(2011-03-16 19:19:42)
Reg     HKLM\SOFTWARE\Classes\CLSID\{61F8FAF0-82D0-407C-AE97-31441483AE40}\InprocServer32@                                                                              C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL (Skype for COM API/Skype Technologies SIGNED)(2013-02-26 19:38:30)
Reg     HKLM\SOFTWARE\Classes\CLSID\{62298306-60c5-47a5-81ab-315c0a7054fe}\LocalServer32@                                                                               C:\Program Files\Adobe\Adobe Photoshop CC\Photoshop.exe (Adobe Photoshop CC/Adobe Systems, Incorporated SIGNED)(2013-04-23 06:54:16)
Reg     HKLM\SOFTWARE\Classes\CLSID\{62823C20-41A3-11CE-9E8B-0020AF039CA3}\InprocServer32@                                                                              C:\Windows\system32\COMCTL32.OCX (Windows Common Controls ActiveX Control DLL/Microsoft Corporation SIGNED)(2012-04-04 21:04:42)
Reg     HKLM\SOFTWARE\Classes\CLSID\{62A560B8-09DB-4cc6-AE1B-9D8F7ADDB8F3}@LocalizedString                                                                              C:\Program Files\iTunes\iTunes.Resources\iTunesRegistry.dll (iTunes Resource Module/Apple Inc. SIGNED)(2014-02-21 08:25:18)
Reg     HKLM\SOFTWARE\Classes\CLSID\{62A560B8-09DB-4cc6-AE1B-9D8F7ADDB8F3}\Elevation@IconReference                                                                      C:\Program Files\iTunes\iTunes.exe (iTunes/Apple Inc. SIGNED)(2014-02-21 07:54:38)
Reg     HKLM\SOFTWARE\Classes\CLSID\{62A560B8-09DB-4cc6-AE1B-9D8F7ADDB8F3}\InprocServer32@                                                                              C:\Program Files\iTunes\iTunesAdmin.dll (iTunes Administrative DLL/Apple Inc. SIGNED)(2014-02-21 07:54:40)
Reg     HKLM\SOFTWARE\Classes\CLSID\{62d92898-9129-4a24-bc97-078ba176816b}\InprocServer32@                                                                              C:\Program Files\Winamp\Plugins\Gracenote\cddbcontrolwinamp.dll (CDDBControl Core Module (NSWinamp)/Gracenote, Inc.)(2011-03-16 19:19:42)
Reg     HKLM\SOFTWARE\Classes\CLSID\{63005CD0-8541-439c-A66A-617F4B1F2BCB}\InprocServer32@                                                                              C:\Program Files\NVIDIA Corporation\Display\nvvitvs.dll (NVIDIA Video Server/NVIDIA Corporation SIGNED)(2013-03-09 18:40:04)
Reg     HKLM\SOFTWARE\Classes\CLSID\{63530157-314D-473F-BB48-9B1B18908300}\InProcServer32@                                                                              C:\Program Files\iTunes\iTunesOutlookAddIn.dll (iTunes Outlook Add-in/Apple Inc. SIGNED)(2014-02-21 07:54:44)
Reg     HKLM\SOFTWARE\Classes\CLSID\{645FF040-5081-101B-9F08-00AA002F954E}\shell\Open CCleaner...\command@                                                              C:\Program Files\CCleaner\ccleaner.exe (CCleaner/Piriform Ltd SIGNED)(2014-04-17 16:53:06)
Reg     HKLM\SOFTWARE\Classes\CLSID\{645FF040-5081-101B-9F08-00AA002F954E}\shell\TuneUp Undelete@Icon                                                                   C:\Program Files\TuneUp Utilities 2014\Undelete.exe (TuneUp Undelete/TuneUp Software SIGNED)(2014-04-15 19:57:52)
Reg     HKLM\SOFTWARE\Classes\CLSID\{6467c6bc-f636-47cd-b989-db27846e61f6}\LocalServer32@                                                                               C:\Program Files\Adobe\Adobe Photoshop CC\Photoshop.exe (Adobe Photoshop CC/Adobe Systems, Incorporated SIGNED)(2013-04-23 06:54:16)
Reg     HKLM\SOFTWARE\Classes\CLSID\{64697678-0000-0010-8000-00AA00389B71}\InprocServer32@                                                                              C:\Windows\system32\xvid.ax(2013-03-22 13:08:58)
Reg     HKLM\SOFTWARE\Classes\CLSID\{6539579C-2657-45E5-985F-835E197959C2}\InprocServer32@                                                                              C:\Program Files\NVIDIA Corporation\Display\nvdisps.dll (NVIDIA Display Server/NVIDIA Corporation SIGNED)(2013-03-09 18:40:03)
Reg     HKLM\SOFTWARE\Classes\CLSID\{654e1149-060b-4fd1-af4b-07e1d2a83ae0}\InprocServer32@                                                                              C:\Program Files\Winamp\Plugins\Gracenote\CddbPlaylist2Winamp.dll(2011-03-16 19:19:42)
Reg     HKLM\SOFTWARE\Classes\CLSID\{6812639B-FD61-4329-9901-22CFDBD690FE}\LocalServer32@                                                                               C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Push/Apple Inc. SIGNED)(2014-02-13 00:57:54)
Reg     HKLM\SOFTWARE\Classes\CLSID\{6A10CEAB-0813-48BA-9769-BD98F03F3EB8}\InprocServer32@                                                                              C:\Program Files\NVIDIA Corporation\Display\nvwss.dll (NVIDIA Workstation Server/NVIDIA Corporation SIGNED)(2013-03-09 18:40:04)
Reg     HKLM\SOFTWARE\Classes\CLSID\{6A22E68F-887C-4221-9DF1-EE0B3AC76497}\InprocServer32@                                                                              C:\Program Files\NVIDIA Corporation\Display\nvdisps.dll (NVIDIA Display Server/NVIDIA Corporation SIGNED)(2013-03-09 18:40:03)
Reg     HKLM\SOFTWARE\Classes\CLSID\{6AC51E9C-7947-4B46-A978-0AD601C4EFC9}\InprocServer32@                                                                              C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL (Skype for COM API/Skype Technologies SIGNED)(2013-02-26 19:38:30)
Reg     HKLM\SOFTWARE\Classes\CLSID\{6B7E638F-850A-101B-AFC0-4210102A8DA7}\InprocServer32@                                                                              C:\Windows\system32\COMCTL32.OCX (Windows Common Controls ActiveX Control DLL/Microsoft Corporation SIGNED)(2012-04-04 21:04:42)
Reg     HKLM\SOFTWARE\Classes\CLSID\{6C2589C3-96F8-4863-A511-9C33EB2C7E2A}@LocalizedString                                                                              C:\Program Files\iTunes\iTunes.Resources\iTunesRegistry.dll (iTunes Resource Module/Apple Inc. SIGNED)(2014-02-21 08:25:18)
Reg     HKLM\SOFTWARE\Classes\CLSID\{6C2589C3-96F8-4863-A511-9C33EB2C7E2A}\Elevation@IconReference                                                                      C:\Program Files\iTunes\iTunes.exe (iTunes/Apple Inc. SIGNED)(2014-02-21 07:54:38)
Reg     HKLM\SOFTWARE\Classes\CLSID\{6C2589C3-96F8-4863-A511-9C33EB2C7E2A}\InprocServer32@                                                                              C:\Program Files\iTunes\iTunesAdmin.dll (iTunes Administrative DLL/Apple Inc. SIGNED)(2014-02-21 07:54:40)
Reg     HKLM\SOFTWARE\Classes\CLSID\{6c8586c1-da9f-47fe-9f16-b30ab4fc9dfa}\LocalServer32@                                                                               C:\Program Files\Adobe\Adobe Photoshop CC\Photoshop.exe (Adobe Photoshop CC/Adobe Systems, Incorporated SIGNED)(2013-04-23 06:54:16)
Reg     HKLM\SOFTWARE\Classes\CLSID\{6E4B938E-4BA1-4E8D-BCBA-8C51CE95F94F}\InprocServer32@                                                                              C:\Program Files\NVIDIA Corporation\Display\nvdisps.dll (NVIDIA Display Server/NVIDIA Corporation SIGNED)(2013-03-09 18:40:03)
Reg     HKLM\SOFTWARE\Classes\CLSID\{6F3F133D-61E3-4153-8AAE-056031E2B597}\InprocServer32@                                                                              C:\Program Files\NVIDIA Corporation\Display\nvvitvs.dll (NVIDIA Video Server/NVIDIA Corporation SIGNED)(2013-03-09 18:40:04)
Reg     HKLM\SOFTWARE\Classes\CLSID\{6f6f90b2-ff9f-4f62-8eee-6ba04a45de6c}\InprocServer32@                                                                              C:\Program Files\Winamp\Plugins\Gracenote\cddbcontrolwinamp.dll (CDDBControl Core Module (NSWinamp)/Gracenote, Inc.)(2011-03-16 19:19:42)
Reg     HKLM\SOFTWARE\Classes\CLSID\{6F8BD55B-E83D-4A47-85BE-81FFA8057A69}@LocalizedString                                                                              C:\Program Files\Google\Update\1.3.24.15\goopdate.dll (Google Update/Google Inc. SIGNED)(2014-06-20 16:43:45)
Reg     HKLM\SOFTWARE\Classes\CLSID\{6F8BD55B-E83D-4A47-85BE-81FFA8057A69}\LocalServer32@                                                                               C:\Program Files\Google\Update\1.3.24.15\GoogleUpdateBroker.exe (Google Update/Google Inc. SIGNED)(2014-06-20 16:43:53)
Reg     HKLM\SOFTWARE\Classes\CLSID\{6FA10A39-4760-4C94-A210-2398848618EC}\InprocServer32@                                                                              C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL (Skype for COM API/Skype Technologies SIGNED)(2013-02-26 19:38:30)
Reg     HKLM\SOFTWARE\Classes\CLSID\{7052a035-2aee-4d5d-be82-6b12437bfcba}\InprocServer32@                                                                              C:\Program Files\Winamp\Plugins\Gracenote\CddbPlaylist2Winamp.dll(2011-03-16 19:19:42)
Reg     HKLM\SOFTWARE\Classes\CLSID\{7112FB6A-700C-4C25-BB31-5B13CE60CC29}\InprocServer32@                                                                              C:\Program Files\NVIDIA Corporation\Display\nvmobls.dll (NVIDIA Mobile Server/NVIDIA Corporation SIGNED)(2013-03-09 18:40:04)
Reg     HKLM\SOFTWARE\Classes\CLSID\{713e7aff-c4de-4eb8-99c3-ea4af17731a3}\LocalServer32@                                                                               C:\Program Files\Adobe\Adobe Photoshop CC\Photoshop.exe (Adobe Photoshop CC/Adobe Systems, Incorporated SIGNED)(2013-04-23 06:54:16)
Reg     HKLM\SOFTWARE\Classes\CLSID\{71A1A612-F7B4-4092-8E0F-C79C8FB0391D}@LocalizedString                                                                              C:\Program Files\iTunes\iTunes.Resources\iTunesRegistry.dll (iTunes Resource Module/Apple Inc. SIGNED)(2014-02-21 08:25:18)
Reg     HKLM\SOFTWARE\Classes\CLSID\{71A1A612-F7B4-4092-8E0F-C79C8FB0391D}\Elevation@IconReference                                                                      C:\Program Files\iTunes\iTunes.exe (iTunes/Apple Inc. SIGNED)(2014-02-21 07:54:38)
Reg     HKLM\SOFTWARE\Classes\CLSID\{71A1A612-F7B4-4092-8E0F-C79C8FB0391D}\InprocServer32@                                                                              C:\Program Files\iTunes\iTunesAdmin.dll (iTunes Administrative DLL/Apple Inc. SIGNED)(2014-02-21 07:54:40)
Reg     HKLM\SOFTWARE\Classes\CLSID\{73BCA54E-6AEB-4597-8F27-E1284FF12722}\InprocServer32@                                                                              C:\Program Files\NVIDIA Corporation\Display\nvdisps.dll (NVIDIA Display Server/NVIDIA Corporation SIGNED)(2013-03-09 18:40:03)
Reg     HKLM\SOFTWARE\Classes\CLSID\{7416f5ca-8922-4516-89e8-d826a8c091c5}\InprocServer32@                                                                              C:\Program Files\Winamp\Plugins\Gracenote\cddbcontrolwinamp.dll (CDDBControl Core Module (NSWinamp)/Gracenote, Inc.)(2011-03-16 19:19:42)
Reg     HKLM\SOFTWARE\Classes\CLSID\{75ae99c2-fe58-4aa4-8135-11d794adfd48}\InprocServer32@                                                                              C:\Program Files\Winamp\Plugins\Gracenote\cddbuiwinamp.dll (CDDBUIControl Module (NSWinamp)/Gracenote)(2011-03-16 19:19:42)
Reg     HKLM\SOFTWARE\Classes\CLSID\{75BDD7A1-1224-41DA-90B4-457ACD874F12}\InprocServer32@                                                                              C:\Program Files\NVIDIA Corporation\Display\nvwss.dll (NVIDIA Workstation Server/NVIDIA Corporation SIGNED)(2013-03-09 18:40:04)
Reg     HKLM\SOFTWARE\Classes\CLSID\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}\InProcServer32@                                                                              C:\Program Files\Java\jre7\bin\ssv.dll (Java(TM) Platform SE binary/Oracle Corporation SIGNED)(2013-08-05 01:34:43)
Reg     HKLM\SOFTWARE\Classes\CLSID\{7629CFA2-3FE5-101B-A3C9-08002B2F49FB}\InprocServer32@                                                                              C:\Windows\system32\COMDLG32.OCX (CMDialog ActiveX Control DLL/Microsoft Corporation SIGNED)(2012-04-04 21:04:42)
Reg     HKLM\SOFTWARE\Classes\CLSID\{7735B86B-2EAB-43EF-B5DE-31A15F767C14}\InprocServer32@                                                                              C:\Program Files\NVIDIA Corporation\Display\nvwss.dll (NVIDIA Workstation Server/NVIDIA Corporation SIGNED)(2013-03-09 18:40:04)
Reg     HKLM\SOFTWARE\Classes\CLSID\{777C89DF-5C36-11D5-ABAF-00B0D02332EB}\InprocServer32@                                                                              C:\Program Files\Common Files\InstallShield\Driver\7\Intel 32\IScript7.dll (InstallShield (R) Script Engine/InstallShield Software Corporation)(2002-10-04 19:48:20)
Reg     HKLM\SOFTWARE\Classes\CLSID\{777C8A05-5C36-11D5-ABAF-00B0D02332EB}\InProcServer32@                                                                              C:\Program Files\Common Files\InstallShield\Driver\7\Intel 32\Objps7.dll (InstallShield (R) ObjectPS DLL/InstallShield Software Corporation)(2002-10-15 22:26:46)
Reg     HKLM\SOFTWARE\Classes\CLSID\{777C8A16-5C36-11D5-ABAF-00B0D02332EB}\InprocServer32@                                                                              C:\Program Files\Common Files\InstallShield\Driver\7\Intel 32\IUser7.dll (InstallShield (R) User DLL/InstallShield Software Corporation)(2002-10-04 19:48:14)
Reg     HKLM\SOFTWARE\Classes\CLSID\{77A366BA-2BE4-4a1e-9263-7734AA3E99A2}\LocalServer32@                                                                               C:\Program Files\Winamp\winamp.exe (Winamp/Nullsoft, Inc. SIGNED)(2013-12-13 02:47:54)
Reg     HKLM\SOFTWARE\Classes\CLSID\{783dcf23-fde3-44e1-ad01-c8100596a81b}\InprocServer32@                                                                              C:\Program Files\Winamp\Plugins\Gracenote\CddbPlaylist2Winamp.dll(2011-03-16 19:19:42)
Reg     HKLM\SOFTWARE\Classes\CLSID\{7945F814-7BFB-4506-A113-2BD66CDC713A}\InprocServer32@                                                                              C:\Program Files\NVIDIA Corporation\Display\nvdisps.dll (NVIDIA Display Server/NVIDIA Corporation SIGNED)(2013-03-09 18:40:03)
Reg     HKLM\SOFTWARE\Classes\CLSID\{7986d495-ce42-4926-8afc-26dfa299cadb}\InProcServer32@                                                                              C:\Windows\system32\authuitu.dll (TuneUp WinLogon Extension/TuneUp Software SIGNED)(2014-10-01 19:06:22)
Reg     HKLM\SOFTWARE\Classes\CLSID\{7A7FB085-6068-4898-8CCA-480A9187277C}\LocalServer32@                                                                               C:\Program Files\iPod\bin\iPodService.exe (iPodService Module (32-bit)/Apple Inc. SIGNED)(2014-02-21 07:54:26)
Reg     HKLM\SOFTWARE\Classes\CLSID\{7ACDC5B4-76A1-4BDF-918D-6962FCABBAD3}\InprocServer32@                                                                              C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL (Skype for COM API/Skype Technologies SIGNED)(2013-02-26 19:38:30)
Reg     HKLM\SOFTWARE\Classes\CLSID\{7BB17C5A-3176-4B40-A3F9-39D4A64D7E83}\InprocServer32@                                                                              C:\Program Files\NVIDIA Corporation\Display\nvwss.dll (NVIDIA Workstation Server/NVIDIA Corporation SIGNED)(2013-03-09 18:40:04)
Reg     HKLM\SOFTWARE\Classes\CLSID\{7C5E74A0-D5E0-11D0-A9BF-E886A83B9BE5}\InprocServer32@                                                                              C:\PROGRA~1\TAGREN~1\TRshell.dll (Tag&Rename 32bit shell extension/Softpointer Inc SIGNED)(2013-05-14 19:27:14)
Reg     HKLM\SOFTWARE\Classes\CLSID\{7CCCACE3-3DEE-4659-93AA-19E6C38D8EEC}\LocalServer32@                                                                               C:\Program Files\iPod\bin\iPodService.exe (iPodService Module (32-bit)/Apple Inc. SIGNED)(2014-02-21 07:54:26)
Reg     HKLM\SOFTWARE\Classes\CLSID\{7DE94008-8AFD-4C70-9728-C6FBFFF6A73E}\LocalServer32@                                                                               C:\Program Files\Google\Update\1.3.24.15\GoogleUpdateBroker.exe (Google Update/Google Inc. SIGNED)(2014-06-20 16:43:53)
Reg     HKLM\SOFTWARE\Classes\CLSID\{7dec5595-4555-4052-b777-dfb147970988}\LocalServer32@                                                                               C:\Program Files\Adobe\Adobe Photoshop CC\Photoshop.exe (Adobe Photoshop CC/Adobe Systems, Incorporated SIGNED)(2013-04-23 06:54:16)
Reg     HKLM\SOFTWARE\Classes\CLSID\{7f403f21-383b-4faf-94c7-e2c2f487f926}\InprocServer32@                                                                              C:\Program Files\Winamp\Plugins\Gracenote\CddbPlaylist2Winamp.dll(2011-03-16 19:19:42)
Reg     HKLM\SOFTWARE\Classes\CLSID\{7FD72324-63E1-45AD-B337-4D525BD98DAD}\InprocServer32@                                                                              C:\Windows\system32\dnssdX.dll (Bonjour COM Component Library/Apple Inc. SIGNED)(2011-08-31 03:05:04)
Reg     HKLM\SOFTWARE\Classes\CLSID\{80a8f856-eda2-44db-a9ae-fafaaa2f5798}\InprocServer32@                                                                              C:\Program Files\Winamp\Plugins\Gracenote\CddbMusicIDWinamp.dll (CddbMusicID Module (NSWinamp)/Gracenote)(2011-03-16 19:19:42)
Reg     HKLM\SOFTWARE\Classes\CLSID\{80BA3813-908F-4D4C-A5FF-263640AD5B7A}\InprocServer32@                                                                              C:\Program Files\NVIDIA Corporation\Display\nvdisps.dll (NVIDIA Display Server/NVIDIA Corporation SIGNED)(2013-03-09 18:40:03)
Reg     HKLM\SOFTWARE\Classes\CLSID\{80EE9910-D470-4AED-AC5D-987046FDB574}\LocalServer32@                                                                               C:\PROGRA~1\iTunes\ITUNES~1.EXE (iTunesHelper/Apple Inc. SIGNED)(2014-02-21 07:54:40)
Reg     HKLM\SOFTWARE\Classes\CLSID\{81667C73-F396-44a3-923B-3749C0840A58}\InprocServer32@                                                                              C:\Program Files\NVIDIA Corporation\Display\nvvitvs.dll (NVIDIA Video Server/NVIDIA Corporation SIGNED)(2013-03-09 18:40:04)
Reg     HKLM\SOFTWARE\Classes\CLSID\{81cae944-cf58-461f-9da9-7bc8847f4243}\LocalServer32@                                                                               C:\Program Files\Adobe\Adobe Photoshop CC\Photoshop.exe (Adobe Photoshop CC/Adobe Systems, Incorporated SIGNED)(2013-04-23 06:54:16)
Reg     HKLM\SOFTWARE\Classes\CLSID\{830690FC-BF2F-47A6-AC2D-330BCB402664}\InprocServer32@                                                                              C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL (Skype for COM API/Skype Technologies SIGNED)(2013-02-26 19:38:30)
Reg     HKLM\SOFTWARE\Classes\CLSID\{86132628-1DA5-489c-9EB9-49B39B9A5583}\InprocServer32@                                                                              C:\Program Files\Microsoft SQL Server Compact Edition\v3.1\sqlceca30.dll (Client Agent/Microsoft Corporation)(2006-12-22 02:05:48)
Reg     HKLM\SOFTWARE\Classes\CLSID\{86193C76-0DCA-4B33-83CA-6D7DCCA48D0B}\InprocServer32@                                                                              


BC AdBot (Login to Remove)

 


#2 cer0

cer0
  • Topic Starter

  • Members
  • 26 posts
  • OFFLINE
  •  
  • Local time:06:45 AM

Posted 02 October 2014 - 03:57 AM

Reg     HKLM\SOFTWARE\Classes\iTunes.aif@FriendlyTypeName                                                                                                               C:\Program Files\iTunes\iTunes.Resources\iTunesRegistry.dll (iTunes Resource Module/Apple Inc. SIGNED)(2014-02-21 08:25:18)
Reg     HKLM\SOFTWARE\Classes\iTunes.aif\shell\open\command@                                                                                                            C:\Program Files\iTunes\iTunes.exe (iTunes/Apple Inc. SIGNED)(2014-02-21 07:54:38)
Reg     HKLM\SOFTWARE\Classes\iTunes.aifc@FriendlyTypeName                                                                                                              C:\Program Files\iTunes\iTunes.Resources\iTunesRegistry.dll (iTunes Resource Module/Apple Inc. SIGNED)(2014-02-21 08:25:18)
Reg     HKLM\SOFTWARE\Classes\iTunes.aifc\shell\open\command@                                                                                                           C:\Program Files\iTunes\iTunes.exe (iTunes/Apple Inc. SIGNED)(2014-02-21 07:54:38)
Reg     HKLM\SOFTWARE\Classes\iTunes.aiff@FriendlyTypeName                                                                                                              C:\Program Files\iTunes\iTunes.Resources\iTunesRegistry.dll (iTunes Resource Module/Apple Inc. SIGNED)(2014-02-21 08:25:18)
Reg     HKLM\SOFTWARE\Classes\iTunes.aiff\shell\open\command@                                                                                                           C:\Program Files\iTunes\iTunes.exe (iTunes/Apple Inc. SIGNED)(2014-02-21 07:54:38)
Reg     HKLM\SOFTWARE\Classes\iTunes.AssocProtocol.daap@FriendlyTypeName                                                                                                C:\Program Files\iTunes\iTunes.Resources\iTunesRegistry.dll (iTunes Resource Module/Apple Inc. SIGNED)(2014-02-21 08:25:18)
Reg     HKLM\SOFTWARE\Classes\iTunes.AssocProtocol.daap\shell\open\command@                                                                                             C:\Program Files\iTunes\iTunes.exe (iTunes/Apple Inc. SIGNED)(2014-02-21 07:54:38)
Reg     HKLM\SOFTWARE\Classes\iTunes.AssocProtocol.itls@FriendlyTypeName                                                                                                C:\Program Files\iTunes\iTunes.Resources\iTunesRegistry.dll (iTunes Resource Module/Apple Inc. SIGNED)(2014-02-21 08:25:18)
Reg     HKLM\SOFTWARE\Classes\iTunes.AssocProtocol.itls\shell\open\command@                                                                                             C:\Program Files\iTunes\iTunes.exe (iTunes/Apple Inc. SIGNED)(2014-02-21 07:54:38)
Reg     HKLM\SOFTWARE\Classes\iTunes.AssocProtocol.itms@FriendlyTypeName                                                                                                C:\Program Files\iTunes\iTunes.Resources\iTunesRegistry.dll (iTunes Resource Module/Apple Inc. SIGNED)(2014-02-21 08:25:18)
Reg     HKLM\SOFTWARE\Classes\iTunes.AssocProtocol.itms\shell\open\command@                                                                                             C:\Program Files\iTunes\iTunes.exe (iTunes/Apple Inc. SIGNED)(2014-02-21 07:54:38)
Reg     HKLM\SOFTWARE\Classes\iTunes.AssocProtocol.itmss@FriendlyTypeName                                                                                               C:\Program Files\iTunes\iTunes.Resources\iTunesRegistry.dll (iTunes Resource Module/Apple Inc. SIGNED)(2014-02-21 08:25:18)
Reg     HKLM\SOFTWARE\Classes\iTunes.AssocProtocol.itmss\shell\open\command@                                                                                            C:\Program Files\iTunes\iTunes.exe (iTunes/Apple Inc. SIGNED)(2014-02-21 07:54:38)
Reg     HKLM\SOFTWARE\Classes\iTunes.AssocProtocol.itpc@FriendlyTypeName                                                                                                C:\Program Files\iTunes\iTunes.Resources\iTunesRegistry.dll (iTunes Resource Module/Apple Inc. SIGNED)(2014-02-21 08:25:18)
Reg     HKLM\SOFTWARE\Classes\iTunes.AssocProtocol.itpc\shell\open\command@                                                                                             C:\Program Files\iTunes\iTunes.exe (iTunes/Apple Inc. SIGNED)(2014-02-21 07:54:38)
Reg     HKLM\SOFTWARE\Classes\iTunes.AssocProtocol.pcast@FriendlyTypeName                                                                                               C:\Program Files\iTunes\iTunes.Resources\iTunesRegistry.dll (iTunes Resource Module/Apple Inc. SIGNED)(2014-02-21 08:25:18)
Reg     HKLM\SOFTWARE\Classes\iTunes.AssocProtocol.pcast\shell\open\command@                                                                                            C:\Program Files\iTunes\iTunes.exe (iTunes/Apple Inc. SIGNED)(2014-02-21 07:54:38)
Reg     HKLM\SOFTWARE\Classes\iTunes.cda@FriendlyTypeName                                                                                                               C:\Program Files\iTunes\iTunes.Resources\iTunesRegistry.dll (iTunes Resource Module/Apple Inc. SIGNED)(2014-02-21 08:25:18)
Reg     HKLM\SOFTWARE\Classes\iTunes.cda\shell\open\command@                                                                                                            C:\Program Files\iTunes\iTunes.exe (iTunes/Apple Inc. SIGNED)(2014-02-21 07:54:38)
Reg     HKLM\SOFTWARE\Classes\iTunes.cdda@FriendlyTypeName                                                                                                              C:\Program Files\iTunes\iTunes.Resources\iTunesRegistry.dll (iTunes Resource Module/Apple Inc. SIGNED)(2014-02-21 08:25:18)
Reg     HKLM\SOFTWARE\Classes\iTunes.cdda\shell\open\command@                                                                                                           C:\Program Files\iTunes\iTunes.exe (iTunes/Apple Inc. SIGNED)(2014-02-21 07:54:38)
Reg     HKLM\SOFTWARE\Classes\iTunes.ipa@FriendlyTypeName                                                                                                               C:\Program Files\iTunes\iTunes.Resources\iTunesRegistry.dll (iTunes Resource Module/Apple Inc. SIGNED)(2014-02-21 08:25:18)
Reg     HKLM\SOFTWARE\Classes\iTunes.ipa\shell\open\command@                                                                                                            C:\Program Files\iTunes\iTunes.exe (iTunes/Apple Inc. SIGNED)(2014-02-21 07:54:38)
Reg     HKLM\SOFTWARE\Classes\iTunes.ipg@FriendlyTypeName                                                                                                               C:\Program Files\iTunes\iTunes.Resources\iTunesRegistry.dll (iTunes Resource Module/Apple Inc. SIGNED)(2014-02-21 08:25:18)
Reg     HKLM\SOFTWARE\Classes\iTunes.ipg\shell\open\command@                                                                                                            C:\Program Files\iTunes\iTunes.exe (iTunes/Apple Inc. SIGNED)(2014-02-21 07:54:38)
Reg     HKLM\SOFTWARE\Classes\iTunes.ipsw@FriendlyTypeName                                                                                                              C:\Program Files\iTunes\iTunes.Resources\iTunesRegistry.dll (iTunes Resource Module/Apple Inc. SIGNED)(2014-02-21 08:25:18)
Reg     HKLM\SOFTWARE\Classes\iTunes.ipsw\shell\open\command@                                                                                                           C:\Program Files\iTunes\iTunes.exe (iTunes/Apple Inc. SIGNED)(2014-02-21 07:54:38)
Reg     HKLM\SOFTWARE\Classes\iTunes.itdb@FriendlyTypeName                                                                                                              C:\Program Files\iTunes\iTunes.Resources\iTunesRegistry.dll (iTunes Resource Module/Apple Inc. SIGNED)(2014-02-21 08:25:18)
Reg     HKLM\SOFTWARE\Classes\iTunes.itdb\shell\open\command@                                                                                                           C:\Program Files\iTunes\iTunes.exe (iTunes/Apple Inc. SIGNED)(2014-02-21 07:54:38)
Reg     HKLM\SOFTWARE\Classes\iTunes.ite@FriendlyTypeName                                                                                                               C:\Program Files\iTunes\iTunes.Resources\iTunesRegistry.dll (iTunes Resource Module/Apple Inc. SIGNED)(2014-02-21 08:25:18)
Reg     HKLM\SOFTWARE\Classes\iTunes.ite\shell\open\command@                                                                                                            C:\Program Files\iTunes\iTunes.exe (iTunes/Apple Inc. SIGNED)(2014-02-21 07:54:38)
Reg     HKLM\SOFTWARE\Classes\iTunes.itl@FriendlyTypeName                                                                                                               C:\Program Files\iTunes\iTunes.Resources\iTunesRegistry.dll (iTunes Resource Module/Apple Inc. SIGNED)(2014-02-21 08:25:18)
Reg     HKLM\SOFTWARE\Classes\iTunes.itl\shell\open\command@                                                                                                            C:\Program Files\iTunes\iTunes.exe (iTunes/Apple Inc. SIGNED)(2014-02-21 07:54:38)
Reg     HKLM\SOFTWARE\Classes\iTunes.itls@FriendlyTypeName                                                                                                              C:\Program Files\iTunes\iTunes.Resources\iTunesRegistry.dll (iTunes Resource Module/Apple Inc. SIGNED)(2014-02-21 08:25:18)
Reg     HKLM\SOFTWARE\Classes\iTunes.itls\shell\open\command@                                                                                                           C:\Program Files\iTunes\iTunes.exe (iTunes/Apple Inc. SIGNED)(2014-02-21 07:54:38)
Reg     HKLM\SOFTWARE\Classes\iTunes.itms@FriendlyTypeName                                                                                                              C:\Program Files\iTunes\iTunes.Resources\iTunesRegistry.dll (iTunes Resource Module/Apple Inc. SIGNED)(2014-02-21 08:25:18)
Reg     HKLM\SOFTWARE\Classes\iTunes.itms\shell\open\command@                                                                                                           C:\Program Files\iTunes\iTunes.exe (iTunes/Apple Inc. SIGNED)(2014-02-21 07:54:38)
Reg     HKLM\SOFTWARE\Classes\iTunes.itpc@FriendlyTypeName                                                                                                              C:\Program Files\iTunes\iTunes.Resources\iTunesRegistry.dll (iTunes Resource Module/Apple Inc. SIGNED)(2014-02-21 08:25:18)
Reg     HKLM\SOFTWARE\Classes\iTunes.itpc\shell\open\command@                                                                                                           C:\Program Files\iTunes\iTunes.exe (iTunes/Apple Inc. SIGNED)(2014-02-21 07:54:38)
Reg     HKLM\SOFTWARE\Classes\iTunes.m3u@FriendlyTypeName                                                                                                               C:\Program Files\iTunes\iTunes.Resources\iTunesRegistry.dll (iTunes Resource Module/Apple Inc. SIGNED)(2014-02-21 08:25:18)
Reg     HKLM\SOFTWARE\Classes\iTunes.m3u\shell\open\command@                                                                                                            C:\Program Files\iTunes\iTunes.exe (iTunes/Apple Inc. SIGNED)(2014-02-21 07:54:38)
Reg     HKLM\SOFTWARE\Classes\iTunes.m3u8@FriendlyTypeName                                                                                                              C:\Program Files\iTunes\iTunes.Resources\iTunesRegistry.dll (iTunes Resource Module/Apple Inc. SIGNED)(2014-02-21 08:25:18)
Reg     HKLM\SOFTWARE\Classes\iTunes.m3u8\shell\open\command@                                                                                                           C:\Program

C:\Program Files\iTunes\iTunes.exe (iTunes/Apple Inc. SIGNED)(2014-02-21 07:54:38)
Reg     HKLM\SOFTWARE\Classes\iTunes.m4a@FriendlyTypeName                                                                                                               C:\Program Files\iTunes\iTunes.Resources\iTunesRegistry.dll (iTunes Resource Module/Apple Inc. SIGNED)(2014-02-21 08:25:18)
Reg     HKLM\SOFTWARE\Classes\iTunes.m4a\shell\open\command@                                                                                                            C:\Program Files\iTunes\iTunes.exe (iTunes/Apple Inc. SIGNED)(2014-02-21 07:54:38)
Reg     HKLM\SOFTWARE\Classes\iTunes.m4b@FriendlyTypeName                                                                                                               C:\Program Files\iTunes\iTunes.Resources\iTunesRegistry.dll (iTunes Resource Module/Apple Inc. SIGNED)(2014-02-21 08:25:18)
Reg     HKLM\SOFTWARE\Classes\iTunes.m4b\shell\open\command@                                                                                                            C:\Program Files\iTunes\iTunes.exe (iTunes/Apple Inc. SIGNED)(2014-02-21 07:54:38)
Reg     HKLM\SOFTWARE\Classes\iTunes.m4p@FriendlyTypeName                                                                                                               C:\Program Files\iTunes\iTunes.Resources\iTunesRegistry.dll (iTunes Resource Module/Apple Inc. SIGNED)(2014-02-21 08:25:18)
Reg     HKLM\SOFTWARE\Classes\iTunes.m4p\shell\open\command@                                                                                                            C:\Program Files\iTunes\iTunes.exe (iTunes/Apple Inc. SIGNED)(2014-02-21 07:54:38)
Reg     HKLM\SOFTWARE\Classes\iTunes.m4r@FriendlyTypeName                                                                                                               C:\Program Files\iTunes\iTunes.Resources\iTunesRegistry.dll (iTunes Resource Module/Apple Inc. SIGNED)(2014-02-21 08:25:18)
Reg     HKLM\SOFTWARE\Classes\iTunes.m4r\shell\open\command@                                                                                                            C:\Program Files\iTunes\iTunes.exe (iTunes/Apple Inc. SIGNED)(2014-02-21 07:54:38)
Reg     HKLM\SOFTWARE\Classes\iTunes.m4v@FriendlyTypeName                                                                                                               C:\Program Files\iTunes\iTunes.Resources\iTunesRegistry.dll (iTunes Resource Module/Apple Inc. SIGNED)(2014-02-21 08:25:18)
Reg     HKLM\SOFTWARE\Classes\iTunes.m4v\shell\open\command@                                                                                                            C:\Program Files\iTunes\iTunes.exe (iTunes/Apple Inc. SIGNED)(2014-02-21 07:54:38)
Reg     HKLM\SOFTWARE\Classes\iTunes.mov@FriendlyTypeName                                                                                                               C:\Program Files\iTunes\iTunes.Resources\iTunesRegistry.dll (iTunes Resource Module/Apple Inc. SIGNED)(2014-02-21 08:25:18)
Reg     HKLM\SOFTWARE\Classes\iTunes.mov\shell\open\command@                                                                                                            C:\Program Files\iTunes\iTunes.exe (iTunes/Apple Inc. SIGNED)(2014-02-21 07:54:38)
Reg     HKLM\SOFTWARE\Classes\iTunes.mp2@FriendlyTypeName                                                                                                               C:\Program Files\iTunes\iTunes.Resources\iTunesRegistry.dll (iTunes Resource Module/Apple Inc. SIGNED)(2014-02-21 08:25:18)
Reg     HKLM\SOFTWARE\Classes\iTunes.mp2\shell\open\command@                                                                                                            C:\Program Files\iTunes\iTunes.exe (iTunes/Apple Inc. SIGNED)(2014-02-21 07:54:38)
Reg     HKLM\SOFTWARE\Classes\iTunes.mp3@FriendlyTypeName                                                                                                               C:\Program Files\iTunes\iTunes.Resources\iTunesRegistry.dll (iTunes Resource Module/Apple Inc. SIGNED)(2014-02-21 08:25:18)
Reg     HKLM\SOFTWARE\Classes\iTunes.mp3\shell\open\command@                                                                                                            C:\Program Files\iTunes\iTunes.exe (iTunes/Apple Inc. SIGNED)(2014-02-21 07:54:38)
Reg     HKLM\SOFTWARE\Classes\iTunes.mpeg@FriendlyTypeName                                                                                                              C:\Program Files\iTunes\iTunes.Resources\iTunesRegistry.dll (iTunes Resource Module/Apple Inc. SIGNED)(2014-02-21 08:25:18)
Reg     HKLM\SOFTWARE\Classes\iTunes.mpeg\shell\open\command@                                                                                                           C:\Program Files\iTunes\iTunes.exe (iTunes/Apple Inc. SIGNED)(2014-02-21 07:54:38)
Reg     HKLM\SOFTWARE\Classes\iTunes.mpg@FriendlyTypeName                                                                                                               C:\Program Files\iTunes\iTunes.Resources\iTunesRegistry.dll (iTunes Resource Module/Apple Inc. SIGNED)(2014-02-21 08:25:18)
Reg     HKLM\SOFTWARE\Classes\iTunes.mpg\shell\open\command@                                                                                                            C:\Program Files\iTunes\iTunes.exe (iTunes/Apple Inc. SIGNED)(2014-02-21 07:54:38)
Reg     HKLM\SOFTWARE\Classes\iTunes.pcast@FriendlyTypeName                                                                                                             C:\Program Files\iTunes\iTunes.Resources\iTunesRegistry.dll (iTunes Resource Module/Apple Inc. SIGNED)(2014-02-21 08:25:18)
Reg     HKLM\SOFTWARE\Classes\iTunes.pcast\shell\open\command@                                                                                                          C:\Program Files\iTunes\iTunes.exe (iTunes/Apple Inc. SIGNED)(2014-02-21 07:54:38)
Reg     HKLM\SOFTWARE\Classes\iTunes.pls@FriendlyTypeName                                                                                                               C:\Program Files\iTunes\iTunes.Resources\iTunesRegistry.dll (iTunes Resource Module/Apple Inc. SIGNED)(2014-02-21 08:25:18)
Reg     HKLM\SOFTWARE\Classes\iTunes.pls\shell\open\command@                                                                                                            C:\Program Files\iTunes\iTunes.exe (iTunes/Apple Inc. SIGNED)(2014-02-21 07:54:38)
Reg     HKLM\SOFTWARE\Classes\iTunes.rmp@FriendlyTypeName                                                                                                               C:\Program Files\iTunes\iTunes.Resources\iTunesRegistry.dll (iTunes Resource Module/Apple Inc. SIGNED)(2014-02-21 08:25:18)
Reg     HKLM\SOFTWARE\Classes\iTunes.rmp\shell\open\command@                                                                                                            C:\Program Files\iTunes\iTunes.exe (iTunes/Apple Inc. SIGNED)(2014-02-21 07:54:38)
Reg     HKLM\SOFTWARE\Classes\iTunes.wav@FriendlyTypeName                                                                                                               C:\Program Files\iTunes\iTunes.Resources\iTunesRegistry.dll (iTunes Resource Module/Apple Inc. SIGNED)(2014-02-21 08:25:18)
Reg     HKLM\SOFTWARE\Classes\iTunes.wav\shell\open\command@                                                                                                            C:\Program Files\iTunes\iTunes.exe (iTunes/Apple Inc. SIGNED)(2014-02-21 07:54:38)
Reg     HKLM\SOFTWARE\Classes\iTunes.wave@FriendlyTypeName                                                                                                              C:\Program Files\iTunes\iTunes.Resources\iTunesRegistry.dll (iTunes Resource Module/Apple Inc. SIGNED)(2014-02-21 08:25:18)
Reg     HKLM\SOFTWARE\Classes\iTunes.wave\shell\open\command@                                                                                                           C:\Program Files\iTunes\iTunes.exe (iTunes/Apple Inc. SIGNED)(2014-02-21 07:54:38)
Reg     HKLM\SOFTWARE\Classes\jarfile\shell\open\command@                                                                                                               C:\Program Files\Java\jre7\bin\javaw.exe (Java(TM) Platform SE binary/Oracle Corporation SIGNED)(2013-08-05 01:34:41)
Reg     HKLM\SOFTWARE\Classes\JNLPFile\Shell\Open\Command@                                                                                                              C:\Program Files\Java\jre7\bin\javaws.exe (Java(TM) Web Start Launcher/Oracle Corporation SIGNED)(2013-08-05 01:34:41)
Reg     HKLM\SOFTWARE\Classes\jpsfile\shell\open\command@                                                                                                               C:\Program Files\NVIDIA Corporation\3D Vision\NvStView.exe (NVIDIA 3D Vision Photo Viewer/NVIDIA Corporation SIGNED)(2014-03-22 16:00:50)
Reg     HKLM\SOFTWARE\Classes\MacromediaFlashPaper.MacromediaFlashPaper\shell\open\command@                                                                             C:\Program Files\Opera\Launcher.exe (Opera Internet Browser/CA SIGNED)(2014-05-24 20:06:21)
Reg     HKLM\SOFTWARE\Classes\mpofile\shell\open\command@                                                                                                               C:\Program Files\NVIDIA Corporation\3D Vision\NvStView.exe (NVIDIA 3D Vision Photo Viewer/NVIDIA Corporation SIGNED)(2014-03-22 16:00:50)
Reg     HKLM\SOFTWARE\Classes\Msi.Package\shell\TuMonitor@Icon                                                                                                          C:\Program Files\Total Uninstall 6\Tu.exe (Total Uninstall - Installation monitor, uninstaller and cleaner/Gavrila Martau SIGNED)(2014-10-01 18:59:47)
Reg     HKLM\SOFTWARE\Classes\msnim\shell\Open\command@                                                                                                                 C:\Program Files\Pidgin\pidgin.exe (Pidgin/The Pidgin developer community)(2014-02-03 00:20:04)
Reg     HKLM\SOFTWARE\Classes\msstylesfile@FriendlyTypeName                                                                                                             C:\Windows\system32\themeui.dll (Windows Theme API/Microsoft Corporation)(2013-03-10 04:49:59)
Reg     HKLM\SOFTWARE\Classes\myim\shell\Open\command@                                                                                                                  C:\Program Files\Pidgin\pidgin.exe (Pidgin/The Pidgin developer community)(2014-02-03 00:20:04)
Reg     HKLM\SOFTWARE\Classes\OperaStable\shell\open\command@                                                                                                           C:\Program Files\Opera\Launcher.exe (Opera Internet Browser/CA SIGNED)(2014-05-24 20:06:21)
Reg     HKLM\SOFTWARE\Classes\Photoshop.3DSFileType.70\shell\open\command@                                                                                              C:\Program Files\Adobe\Adobe Photoshop CC\Photoshop.exe (Adobe Photoshop CC/Adobe Systems, Incorporated SIGNED)(2013-04-23 06:54:16)
Reg     HKLM\SOFTWARE\Classes\pnsfile\shell\open\command@                                                                                                               C:\Program Files\NVIDIA Corporation\3D Vision\NvStView.exe (NVIDIA 3D Vision Photo Viewer/NVIDIA Corporation SIGNED)(2014-03-22 16:00:50)
Reg     HKLM\SOFTWARE\Classes\Rainmeter.SkinInstaller\shell\edit\command@                                                                                               C:\Program Files\Rainmeter\SkinInstaller.exe(2014-01-05 14:24:22)
Reg     HKLM\SOFTWARE\Classes\SC\shell\open\command@                                                                                                                    C:\Program Files\Winamp\winamp.exe (Winamp/Nullsoft, Inc. SIGNED)(2013-12-13 02:47:54)
Reg     HKLM\SOFTWARE\Classes\sourceaddonfile\shell\open\command@                                                                                                       C:\Games\Left 4 Dead 2\bin\addoninstaller.exe(2013-06-09 01:50:24)
Reg     HKLM\SOFTWARE\Classes\starcraft\shell\open\command@                                                                                                             C:\Program Files\Battle.net\Battle.net.exe (Blizzard File Switcher/Blizzard Entertainment SIGNED)(2014-04-06 23:09:26)
Reg     HKLM\SOFTWARE\Classes\themefile@FriendlyTypeName                                                                                                                C:\Windows\system32\themeui.dll (Windows Theme API/Microsoft Corporation)(2013-03-10 04:49:59)
Reg     HKLM\SOFTWARE\Classes\TuneUp.Boot.Screen\Shell\Open\Command@                                                                                                    C:\Program Files\TuneUp Utilities 2014\Styler.exe (TuneUp Styler/TuneUp Software SIGNED)(2014-04-15 19:57:46)
Reg     HKLM\SOFTWARE\Classes\TuneUp.Utilities.2013.Unlock.Code\Shell\Open\Command@                                                                                     C:\Program Files\TuneUp Utilities 2014\Integrator.exe (TuneUp Utilities - Start Center/TuneUp Software SIGNED)(2014-04-15 19:57:18)
Reg     HKLM\SOFTWARE\Classes\TuneUp.Visual.Style\Shell\Open\Command@                                                                                                   C:\Program Files\TuneUp Utilities 2014\Styler.exe (TuneUp Styler/TuneUp Software SIGNED)(2014-04-15 19:57:46)
Reg     HKLM\SOFTWARE\Classes\UNSV\shell\open\command@                                                                                                                  C:\Program Files\Winamp\winamp.exe (Winamp/Nullsoft, Inc. SIGNED)(2013-12-13 02:47:54)
Reg     HKLM\SOFTWARE\Classes\VLC.3g2\shell\AddToPlaylistVLC\command@                                                                                                   C:\Program Files\VideoLAN\VLC\vlc.exe (VLC media player 2.1.0/VideoLAN)(2013-09-22 23:18:28)
Reg     HKLM\SOFTWARE\Classes\WalletFile\Shell\open\command@                                                                                                            C:\Program Files\NewSoftware's\Folder Lock\Folder Lock.exe (Folder Lock Application/New Softwares.net. SIGNED)(2013-03-10 14:28:13)
Reg     HKLM\SOFTWARE\Classes\winamp\shell\open\command@                                                                                                                C:\Program Files\Winamp\winamp.exe (Winamp/Nullsoft, Inc. SIGNED)(2013-12-13 02:47:54)
Reg     HKLM\SOFTWARE\Classes\WinRAR\shell\open\command@                                                                                                                C:\Program Files\WinRAR\WinRAR.exe (WinRAR archiver/Alexander Roshal)(2013-03-09 21:15:56)
Reg     HKLM\SOFTWARE\Classes\xmpp\shell\Open\command@                                                                                                                  C:\Program Files\Pidgin\pidgin.exe (Pidgin/The Pidgin developer community)(2014-02-03 00:20:04)
Reg     HKCU\Software\Microsoft\Installer\Products\AC7F955943E573242A9D8D6564A47D72@ProductIcon                                                                         C:\Users\nots0\AppData\Roaming\Microsoft\Installer\{9559F7CA-5E34-4237-A2D9-D856464AD727}\ARPPRODUCTICON.exe (InstallShield/InstallShield Software Corp.)(2013-07-12 16:10:38)
Reg     HKCU\Software\Microsoft\IntelliPoint\AppSpecific\Adobe Extension Manager CS6.exe@Path                                                                           C:\Program Files\Adobe\Adobe Extension Manager CS6\Adobe Extension Manager CS6.exe (Adobe Extension Manager CS6/Adobe Systems Incorporated SIGNED)(2012-03-13 01:16:02)
Reg     HKCU\Software\Microsoft\IntelliPoint\AppSpecific\AngryBirds.exe@Path                                                                                            C:\Games\Angry Birds\AngryBirds.exe(2014-03-25 01:15:33)
Reg     HKCU\Software\Microsoft\IntelliPoint\AppSpecific\AngryBirdsStarWarsII.exe@Path                                                                                  C:\Games\Angry Birds Star Wars II\AngryBirdsStarWarsII.exe (Angry Birds Star Wars II/Rovio Entertainment Ltd.)(2013-10-11 19:57:30)
Reg     HKCU\Software\Microsoft\IntelliPoint\AppSpecific\Battle.net Launcher.exe@Path                                                                                   C:\Program Files\Battle.net\Battle.net Launcher.exe (Battle.net Setup/Blizzard Entertainment SIGNED)(2014-04-06 23:09:26)
Reg     HKCU\Software\Microsoft\IntelliPoint\AppSpecific\Battle.net.exe@Path                                                                                            C:\Program Files\Battle.net\Battle.net.5011\Battle.net.exe (Battle.net desktop app/Blizzard Entertainment SIGNED)(2014-09-12 17:35:17)
Reg     HKCU\Software\Microsoft\IntelliPoint\AppSpecific\Blizzard Launcher.exe@Path                                                                                     C:\ProgramData\Battle.net\Client\Blizzard Launcher.2005\Blizzard Launcher.exe (Blizzard Launcher and Installer/Blizzard Entertainment SIGNED)(2013-11-02 18:01:08)
Reg     HKCU\Software\Microsoft\IntelliPoint\AppSpecific\BloonsTD5Deluxe.exe@Path                                                                                       C:\Games\Bloons TD 5 Deluxe\BloonsTD5Deluxe.exe(2014-09-25 01:00:49)
Reg     HKCU\Software\Microsoft\IntelliPoint\AppSpecific\chrome.exe@Path                                                                                                C:\Program Files\Google\Chrome\Application\chrome.exe (Google Chrome/Google Inc. SIGNED)(2014-04-17 23:34:19)
Reg     HKCU\Software\Microsoft\IntelliPoint\AppSpecific\ConvertXtoDvd.exe@Path                                                                                         C:\Program Files\VSO\ConvertX\5\ConvertXtoDvd.exe (ConvertXToDVD transcoder/VSO Software SARL)(2013-11-26 23:38:14)
Reg     HKCU\Software\Microsoft\IntelliPoint\AppSpecific\crashreporter.exe@Path                                                                                         C:\Program Files\Mozilla Firefox\crashreporter.exe (Mozilla Foundation SIGNED)(2014-03-31 18:08:23)
Reg     HKCU\Software\Microsoft\IntelliPoint\AppSpecific\CurseClient.exe@Path                                                                                           C:\Users\nots0\AppData\Local\Apps\2.0\9R8NCC9D.QOG\7B1RDRMM.KH7\curs..tion_9e9e83ddf3ed3ead_0005.0001_36a9b6290e21932c\CurseClient.exe (Curse Client/Curse)(2014-09-27 03:22:52)
Reg     HKCU\Software\Microsoft\IntelliPoint\AppSpecific\DAMN NFO Viewer.exe@Path                                                                                       C:\Program Files\DAMN NFO Viewer\DAMN NFO Viewer.exe (DAMN NFO Viewer/DAMN)(2013-03-10 21:54:05)
Reg     HKCU\Software\Microsoft\IntelliPoint\AppSpecific\Diablo III.exe@Path                                                                                            C:\Program Files\Diablo III\Diablo III.exe (Diablo III Retail/Blizzard Entertainment SIGNED)(2014-04-06 23:23:17)
Reg     HKCU\Software\Microsoft\IntelliPoint\AppSpecific\Dreamweaver.exe@Path                                                                                           C:\Program Files\Adobe\Adobe Dreamweaver CC\Dreamweaver.exe (Adobe Dreamweaver CC/Adobe Systems, Inc. SIGNED)(2013-04-19 06:19:26)
Reg     HKCU\Software\Microsoft\IntelliPoint\AppSpecific\DTShellHlp.exe@Path                                                                                            C:\Program Files\DAEMON Tools Pro\DTShellHlp.exe (DAEMON Tools Shell Extensions Helper/DT Soft Ltd SIGNED)(2012-10-23 08:25:06)
Reg     HKCU\Software\Microsoft\IntelliPoint\AppSpecific\FaceOnBody2.exe@Path                                                                                           C:\Program Files\FaceOnBody2\FaceOnBody2.exe(2011-10-07 14:55:20)
Reg     HKCU\Software\Microsoft\IntelliPoint\AppSpecific\fceux.exe@Path                                                                                                 C:\Games\#Emulators\NINTENDO NES (FCEUX)\fceux.exe(2013-07-12 16:09:40)
Reg     HKCU\Software\Microsoft\IntelliPoint\AppSpecific\firefox.exe@Path                                                                                               C:\Program Files\Mozilla Firefox\firefox.exe (Firefox/Mozilla Corporation SIGNED)(2014-03-31 18:08:23)
Reg     HKCU\Software\Microsoft\IntelliPoint\AppSpecific\Fireworks.exe@Path                                                                                             C:\Program Files\Adobe\Adobe Fireworks CS6\Fireworks.exe (Adobe Fireworks CS6/Adobe Systems Incorporated SIGNED)(2012-03-31 03:27:10)
Reg     HKCU\Software\Microsoft\IntelliPoint\AppSpecific\FolderSize.exe@Path                                                                                            C:\Program Files\FolderSize\FolderSize.exe (Folder Size Window/Brio)(2013-02-13 04:36:48)
Reg     HKCU\Software\Microsoft\IntelliPoint\AppSpecific\Foxit Advanced PDF Editor.exe@Path                                                                             C:\Program Files\Foxit Software\Foxit Advanced PDF Editor\Foxit Advanced PDF Editor.exe (Foxit Corporation)(2014-01-26 10:10:42)
Reg     HKCU\Software\Microsoft\IntelliPoint\AppSpecific\game.exe@Path                                                                                                  C:\Games\Mark of the Ninja Special Edition\bin\game.exe (Klei Entertainment Inc.)(2014-09-28 00:49:56)
Reg     HKCU\Software\Microsoft\IntelliPoint\AppSpecific\HijackThis.exe@Path                                                                                            C:\Users\nots0\Downloads\HijackThis.exe (HijackThis/Trend Micro Inc.)(2014-10-01 15:01:14)
Reg     HKCU\Software\Microsoft\IntelliPoint\AppSpecific\ImgBurn.exe@Path                                                                                               C:\Program Files\ImgBurn\ImgBurn.exe (ImgBurn - The Ultimate Image Burner!/LIGHTNING UK!)(2012-03-29 18:22:04)
Reg     HKCU\Software\Microsoft\IntelliPoint\AppSpecific\iphoneringtone.exe@Path                                                                                        C:\Program Files\Xilisoft\iPhone Ringtone Maker\iphoneringtone.exe(2012-06-13 02:20:42)
Reg     HKCU\Software\Microsoft\IntelliPoint\AppSpecific\iTunes.exe@Path                                                                                                C:\Program Files\iTunes\iTunes.exe (iTunes/Apple Inc. SIGNED)(2014-02-21 07:54:38)
Reg     HKCU\Software\Microsoft\IntelliPoint\AppSpecific\java.exe@Path                                                                                                  C:\Program Files\Java\jre7\bin\java.exe (Java(TM) Platform SE binary/Oracle Corporation SIGNED)(2013-08-05 01:34:40)
Reg     HKCU\Software\Microsoft\IntelliPoint\AppSpecific\javaw.exe@Path                                                                                                 C:\Program Files\Java\jre7\bin\javaw.exe (Java(TM) Platform SE binary/Oracle Corporation SIGNED)(2013-08-05 01:34:41)
Reg     HKCU\Software\Microsoft\IntelliPoint\AppSpecific\jusched.exe@Path                                                                                               C:\Program Files\Common Files\Java\Java Update\jusched.exe (Java(TM) Update Scheduler/Oracle Corporation SIGNED)(2013-07-02 14:16:26)
Reg     HKCU\Software\Microsoft\IntelliPoint\AppSpecific\Keygen.exe@Path                                                                                                C:\Users\nots0\Desktop\incoming\TuneUp Utilities 2014 14.0.1000.296 Final Incl. Keygen-REPT\Keygen-REPT\Keygen.exe(2014-10-01 18:56:56)
Reg     HKCU\Software\Microsoft\IntelliPoint\AppSpecific\launcher.exe@Path                                                                                              C:\Program Files\Opera\launcher.exe (Opera Internet Browser/CA SIGNED)(2014-05-24 20:06:21)
Reg     HKCU\Software\Microsoft\IntelliPoint\AppSpecific\left4dead2.exe@Path                                                                                            C:\Games\Left 4 Dead 2\left4dead2.exe(2013-06-09 01:50:21)
Reg     HKCU\Software\Microsoft\IntelliPoint\AppSpecific\main_player.exe@Path                                                                                           C:\Program Files\Sesame Street\Sesame Street - Learn, Play and Grow\main_player.exe (Macromedia Flash Player 8.0  r22/Macromedia, Inc.)(2007-12-04 10:24:38)
Reg     HKCU\Software\Microsoft\IntelliPoint\AppSpecific\maketorrent.exe@Path                                                                                           C:\Program Files\Maketorrent 2\maketorrent.exe(2004-05-03 02:03:30)
Reg     HKCU\Software\Microsoft\IntelliPoint\AppSpecific\MetalSlug.exe@Path                                                                                             C:\Games\Metal Slug Complete PC\MetalSlug.exe(2009-06-25 16:10:05)
Reg     HKCU\Software\Microsoft\IntelliPoint\AppSpecific\mirc.exe@Path                                                                                                  C:\Program Files\mIRC\mirc.exe (mIRC/mIRC Co. Ltd.)(2013-03-14 19:57:10)
Reg     HKCU\Software\Microsoft\IntelliPoint\AppSpecific\opera.exe@Path                                                                                                 C:\Program Files\Opera\21.0.1432.67\opera.exe (Opera Internet Browser/CA SIGNED)(2014-05-24 20:06:17)
Reg     HKCU\Software\Microsoft\IntelliPoint\AppSpecific\PDapp.exe@Path                                                                                                 C:\Program Files\Common Files\Adobe\OOBE\PDApp\core\PDapp.exe (Adobe Application Manager/Adobe Systems Incorporated SIGNED)(2014-01-26 12:26:12)
Reg     HKCU\Software\Microsoft\IntelliPoint\AppSpecific\Photoshop.exe@Path                                                                                             C:\Program Files\Adobe\Adobe Photoshop CC\Photoshop.exe (Adobe Photoshop CC/Adobe Systems, Incorporated SIGNED)(2013-04-23 06:54:16)
Reg     HKCU\Software\Microsoft\IntelliPoint\AppSpecific\pidgin.exe@Path                                                                                                C:\Program Files\Pidgin\pidgin.exe (Pidgin/The Pidgin developer community)(2014-02-03 00:20:04)
Reg     HKCU\Software\Microsoft\IntelliPoint\AppSpecific\plugin-hang-ui.exe@Path                                                                                        C:\Program Files\Mozilla Firefox\plugin-hang-ui.exe (Plugin Hang UI for Firefox/Mozilla Corporation SIGNED)(2014-03-31 18:08:26)
Reg     HKCU\Software\Microsoft\IntelliPoint\AppSpecific\Project64.exe@Path                                                                                             C:\Games\#Emulators\NINTENDO 64 (Project64)\Project64.exe(2005-04-01 12:49:20)
Reg     HKCU\Software\Microsoft\IntelliPoint\AppSpecific\Rainmeter.exe@Path                                                                                             C:\Program Files\Rainmeter\Rainmeter.exe(2014-01-05 14:24:22)
Reg     HKCU\Software\Microsoft\IntelliPoint\AppSpecific\SimulationCraft.exe@Path                                                                                       C:\Users\nots0\Documents\simc-548-7-win32\simc-548-7-win32\SimulationCraft.exe(2014-08-01 20:24:01)
Reg     HKCU\Software\Microsoft\IntelliPoint\AppSpecific\snes9x.exe@Path                                                                                                C:\Games\#Emulators\SUPER NINTENDO (SNES9X)\Snes9x\snes9x.exe (Snes9XW/Gary Henderson)(2013-07-12 16:09:47)
Reg     HKCU\Software\Microsoft\IntelliPoint\AppSpecific\SPT.exe@Path                                                                                                   C:\Games\SpongeBob SquarePants Typing\SPT.exe (SpongeBob SquarePants Typing/Encore)(2013-12-05 20:32:27)
Reg     HKCU\Software\Microsoft\IntelliPoint\AppSpecific\Subway_Surfers.exe@Path                                                                                        C:\Games\Subway Surfers\Subway_Surfers.exe(2012-12-14 23:17:52)
Reg     HKCU\Software\Microsoft\IntelliPoint\AppSpecific\TagRename.exe@Path                                                                                             C:\Program Files\TagRename\TagRename.exe (Tag&Rename/Softpointer Inc)(2013-05-14 19:27:09)
Reg     HKCU\Software\Microsoft\IntelliPoint\AppSpecific\Torchlight2.exe@Path                                                                                           C:\Games\Torchlight II\Torchlight2.exe (Torchlight II/Runic Games, Inc.)(2014-09-28 00:45:22)
Reg     HKCU\Software\Microsoft\IntelliPoint\AppSpecific\uTorrent.exe@Path                                                                                              C:\Users\nots0\AppData\Local\uTorrent\uTorrent.exe (µTorrent/BitTorrent Inc. SIGNED)(2014-07-21 08:22:34)
Reg     HKCU\Software\Microsoft\IntelliPoint\AppSpecific\VcsCore.exe@Path                                                                                               C:\Program Files\AV Vcs 7.0 DIAMOND\VcsCore.exe (VCS. Core dispatcher/Avnex Ltd)(2014-04-16 11:38:12)
Reg     HKCU\Software\Microsoft\IntelliPoint\AppSpecific\VirtualDub.exe@Path                                                                                            C:\Program Files\VirtualDUB Pack\VirtualDub-1.9.1\VirtualDub.exe(2009-05-03 22:27:15)
Reg     HKCU\Software\Microsoft\IntelliPoint\AppSpecific\vlc.exe@Path                                                                                                   C:\Program Files\VideoLAN\VLC\vlc.exe (VLC media player 2.1.0/VideoLAN)(2013-09-22 23:18:28)
Reg     HKCU\Software\Microsoft\IntelliPoint\AppSpecific\winamp.exe@Path                                                                                                C:\Program Files\Winamp\winamp.exe (Winamp/Nullsoft, Inc. SIGNED)(2013-12-13 02:47:54)
Reg     HKCU\Software\Microsoft\IntelliPoint\AppSpecific\Window Hide Tool.exe@Path                                                                                      C:\Program Files\Window Hide Tool\Window Hide Tool.exe (Window Hide Tool/FOMINE SOFTWARE)(2014-04-29 20:08:47)
Reg     HKCU\Software\Microsoft\IntelliPoint\AppSpecific\WinRAR.exe@Path                                                                                                C:\Program Files\WinRAR\WinRAR.exe (WinRAR archiver/Alexander Roshal)(2013-03-09 21:15:56)
Reg     HKCU\Software\Microsoft\IntelliPoint\AppSpecific\World of Warcraft Launcher.exe@Path                                                                            C:\Program Files\World of Warcraft\World of Warcraft Launcher.exe (World of Warcraft Setup/Blizzard Entertainment SIGNED)(2013-03-09 21:36:24)
Reg     HKCU\Software\Microsoft\IntelliPoint\AppSpecific\World of Warcraft Public Test Launcher.exe@Path                                                                C:\Program Files\World of Warcraft Public Test\World of Warcraft Public Test Launcher.exe (World of Warcraft Public Test Setup/Blizzard Entertainment SIGNED)(2013-03-24 02:14:07)
Reg     HKCU\Software\Microsoft\IntelliPoint\AppSpecific\Wow.exe@Path                                                                                                   C:\Program Files\World of Warcraft\Wow.exe (World of Warcraft Retail/Blizzard Entertainment SIGNED)(2013-03-09 21:36:24)
Reg     HKCU\Software\Microsoft\IntelliPoint\AppSpecific\zenmap.exe@Path                                                                                                C:\Program Files\Nmap\zenmap.exe(2014-08-21 22:25:12)
Reg     HKCU\Software\Microsoft\IntelliPoint\AppSpecific\zsnesw.exe@Path                                                                                                C:\Games\#Emulators\SUPER NINTENDO (SNES9X)\ZSnes\zsnesw.exe(2013-07-18 18:07:26)
Reg     HKCU\Software\Microsoft\IntelliType Pro\AppSpecific\Adobe Extension Manager CS6.exe@Path                                                                        C:\Program Files\Adobe\Adobe Extension Manager CS6\Adobe Extension Manager CS6.exe (Adobe Extension Manager CS6/Adobe Systems Incorporated SIGNED)(2012-03-13 01:16:02)
Reg     HKCU\Software\Microsoft\IntelliType Pro\AppSpecific\AngryBirds.exe@Path                                                                                         C:\Games\Angry Birds\AngryBirds.exe(2014-03-25 01:15:33)
Reg     HKCU\Software\Microsoft\IntelliType Pro\AppSpecific\AngryBirdsStarWarsII.exe@Path                                                                               C:\Games\Angry Birds Star Wars II\AngryBirdsStarWarsII.exe (Angry Birds Star Wars II/Rovio Entertainment Ltd.)(2013-10-11 19:57:30)
Reg     HKCU\Software\Microsoft\IntelliType Pro\AppSpecific\Battle.net Launcher.exe@Path                                                                                C:\Program Files\Battle.net\Battle.net Launcher.exe (Battle.net Setup/Blizzard Entertainment SIGNED)(2014-04-06 23:09:26)
Reg     HKCU\Software\Microsoft\IntelliType Pro\AppSpecific\Battle.net.exe@Path                                                                                         C:\Program Files\Battle.net\Battle.net.5011\Battle.net.exe (Battle.net desktop app/Blizzard Entertainment SIGNED)(2014-09-12 17:35:17)
Reg     HKCU\Software\Microsoft\IntelliType Pro\AppSpecific\Blizzard Launcher.exe@Path                                                                                  C:\ProgramData\Battle.net\Client\Blizzard Launcher.2005\Blizzard Launcher.exe (Blizzard Launcher and Installer/Blizzard Entertainment SIGNED)(2013-11-02 18:01:08)
Reg     HKCU\Software\Microsoft\IntelliType Pro\AppSpecific\BloonsTD5Deluxe.exe@Path                                                                                    C:\Games\Bloons TD 5 Deluxe\BloonsTD5Deluxe.exe(2014-09-25 01:00:49)
Reg     HKCU\Software\Microsoft\IntelliType Pro\AppSpecific\chrome.exe@Path                                                                                             C:\Program Files\Google\Chrome\Application\chrome.exe (Google Chrome/Google Inc. SIGNED)(2014-04-17 23:34:19)
Reg     HKCU\Software\Microsoft\IntelliType Pro\AppSpecific\ConvertXtoDvd.exe@Path                                                                                      C:\Program Files\VSO\ConvertX\5\ConvertXtoDvd.exe (ConvertXToDVD transcoder/VSO Software SARL)(2013-11-26 23:38:14)
Reg     HKCU\Software\Microsoft\IntelliType Pro\AppSpecific\crashreporter.exe@Path                                                                                      C:\Program Files\Mozilla Firefox\crashreporter.exe (Mozilla Foundation SIGNED)(2014-03-31 18:08:23)
Reg     HKCU\Software\Microsoft\IntelliType Pro\AppSpecific\CurseClient.exe@Path                                                                                        C:\Users\nots0\AppData\Local\Apps\2.0\9R8NCC9D.QOG\7B1RDRMM.KH7\curs..tion_9e9e83ddf3ed3ead_0005.0001_36a9b6290e21932c\CurseClient.exe (Curse Client/Curse)(2014-09-27 03:22:52)
Reg     HKCU\Software\Microsoft\IntelliType Pro\AppSpecific\DAMN NFO Viewer.exe@Path                                                                                    C:\Program Files\DAMN NFO Viewer\DAMN NFO Viewer.exe (DAMN NFO Viewer/DAMN)(2013-03-10 21:54:05)
Reg     HKCU\Software\Microsoft\IntelliType Pro\AppSpecific\Diablo III.exe@Path                                                                                         C:\Program Files\Diablo III\Diablo III.exe (Diablo III Retail/Blizzard Entertainment SIGNED)(2014-04-06 23:23:17)
Reg     HKCU\Software\Microsoft\IntelliType Pro\AppSpecific\Dreamweaver.exe@Path                                                                                        C:\Program Files\Adobe\Adobe Dreamweaver CC\Dreamweaver.exe (Adobe Dreamweaver CC/Adobe Systems, Inc. SIGNED)(2013-04-19 06:19:26)
Reg     HKCU\Software\Microsoft\IntelliType Pro\AppSpecific\DTShellHlp.exe@Path                                                                                         C:\Program Files\DAEMON Tools Pro\DTShellHlp.exe (DAEMON Tools Shell Extensions Helper/DT Soft Ltd SIGNED)(2012-10-23 08:25:06)
Reg     HKCU\Software\Microsoft\IntelliType Pro\AppSpecific\FaceOnBody2.exe@Path                                                                                        C:\Program Files\FaceOnBody2\FaceOnBody2.exe(2011-10-07 14:55:20)
Reg     HKCU\Software\Microsoft\IntelliType Pro\AppSpecific\fceux.exe@Path                                                                                              C:\Games\#Emulators\NINTENDO NES (FCEUX)\fceux.exe(2013-07-12 16:09:40)
Reg     HKCU\Software\Microsoft\IntelliType Pro\AppSpecific\firefox.exe@Path                                                                                            C:\Program Files\Mozilla Firefox\firefox.exe (Firefox/Mozilla Corporation SIGNED)(2014-03-31 18:08:23)
Reg     HKCU\Software\Microsoft\IntelliType Pro\AppSpecific\Fireworks.exe@Path                                                                                          C:\Program Files\Adobe\Adobe Fireworks CS6\Fireworks.exe (Adobe Fireworks CS6/Adobe Systems Incorporated SIGNED)(2012-03-31 03:27:10)
Reg     HKCU\Software\Microsoft\IntelliType Pro\AppSpecific\FolderSize.exe@Path                                                                                         C:\Program Files\FolderSize\FolderSize.exe (Folder Size Window/Brio)(2013-02-13 04:36:48)
Reg     HKCU\Software\Microsoft\IntelliType Pro\AppSpecific\Foxit Advanced PDF Editor.exe@Path                                                                          C:\Program Files\Foxit Software\Foxit Advanced PDF Editor\Foxit Advanced PDF Editor.exe (Foxit Corporation)(2014-01-26 10:10:42)
Reg     HKCU\Software\Microsoft\IntelliType Pro\AppSpecific\game.exe@Path                                                                                               C:\Games\Mark of the Ninja Special Edition\bin\game.exe (Klei Entertainment Inc.)(2014-09-28 00:49:56)
Reg     HKCU\Software\Microsoft\IntelliType Pro\AppSpecific\HijackThis.exe@Path                                                                                         C:\Users\nots0\Downloads\HijackThis.exe (HijackThis/Trend Micro Inc.)(2014-10-01 15:01:14)
Reg     HKCU\Software\Microsoft\IntelliType Pro\AppSpecific\ImgBurn.exe@Path                                                                                            C:\Program Files\ImgBurn\ImgBurn.exe (ImgBurn - The Ultimate Image Burner!/LIGHTNING UK!)(2012-03-29 18:22:04)
Reg     HKCU\Software\Microsoft\IntelliType Pro\AppSpecific\iphoneringtone.exe@Path                                                                                     C:\Program Files\Xilisoft\iPhone Ringtone Maker\iphoneringtone.exe(2012-06-13 02:20:42)
Reg     HKCU\Software\Microsoft\IntelliType Pro\AppSpecific\iTunes.exe@Path                                                                                             C:\Program Files\iTunes\iTunes.exe (iTunes/Apple Inc. SIGNED)(2014-02-21 07:54:38)
Reg     HKCU\Software\Microsoft\IntelliType Pro\AppSpecific\java.exe@Path                                                                                               C:\Program Files\Java\jre7\bin\java.exe (Java(TM) Platform SE binary/Oracle Corporation SIGNED)(2013-08-05 01:34:40)
Reg     HKCU\Software\Microsoft\IntelliType Pro\AppSpecific\javaw.exe@Path                                                                                              C:\Program Files\Java\jre7\bin\javaw.exe (Java(TM) Platform SE binary/Oracle Corporation SIGNED)(2013-08-05 01:34:41)
Reg     HKCU\Software\Microsoft\IntelliType Pro\AppSpecific\jusched.exe@Path                                                                                            C:\Program Files\Common Files\Java\Java Update\jusched.exe (Java(TM) Update Scheduler/Oracle Corporation SIGNED)(2013-07-02 14:16:26)
Reg     HKCU\Software\Microsoft\IntelliType Pro\AppSpecific\Keygen.exe@Path                                                                                             C:\Users\nots0\Desktop\incoming\TuneUp Utilities 2014 14.0.1000.296 Final Incl. Keygen-REPT\Keygen-REPT\Keygen.exe(2014-10-01 18:56:56)
Reg     HKCU\Software\Microsoft\IntelliType Pro\AppSpecific\launcher.exe@Path                                                                                           C:\Program Files\Opera\launcher.exe (Opera Internet Browser/CA SIGNED)(2014-05-24 20:06:21)
Reg     HKCU\Software\Microsoft\IntelliType Pro\AppSpecific\left4dead2.exe@Path                                                                                         C:\Games\Left 4 Dead 2\left4dead2.exe(2013-06-09 01:50:21)
Reg     HKCU\Software\Microsoft\IntelliType Pro\AppSpecific\main_player.exe@Path                                                                                        C:\Program Files\Sesame Street\Sesame Street - Learn, Play and Grow\main_player.exe (Macromedia Flash Player 8.0  r22/Macromedia, Inc.)(2007-12-04 10:24:38)
Reg     HKCU\Software\Microsoft\IntelliType Pro\AppSpecific\maketorrent.exe@Path                                                                                        C:\Program Files\Maketorrent 2\maketorrent.exe(2004-05-03 02:03:30)
Reg     HKCU\Software\Microsoft\IntelliType Pro\AppSpecific\MetalSlug.exe@Path                                                                                          C:\Games\Metal Slug Complete PC\MetalSlug.exe(2009-06-25 16:10:05)
Reg     HKCU\Software\Microsoft\IntelliType Pro\AppSpecific\mirc.exe@Path                                                                                               C:\Program Files\mIRC\mirc.exe (mIRC/mIRC Co. Ltd.)(2013-03-14 19:57:10)
Reg     HKCU\Software\Microsoft\IntelliType Pro\AppSpecific\opera.exe@Path                                                                                              C:\Program Files\Opera\21.0.1432.67\opera.exe (Opera Internet Browser/CA SIGNED)(2014-05-24 20:06:17)
Reg     HKCU\Software\Microsoft\IntelliType Pro\AppSpecific\PDapp.exe@Path                                                                                              C:\Program Files\Common Files\Adobe\OOBE\PDApp\core\PDapp.exe (Adobe Application Manager/Adobe Systems Incorporated SIGNED)(2014-01-26 12:26:12)
Reg     HKCU\Software\Microsoft\IntelliType Pro\AppSpecific\Photoshop.exe@Path                                                                                          C:\Program Files\Adobe\Adobe Photoshop CC\Photoshop.exe (Adobe Photoshop CC/Adobe Systems, Incorporated SIGNED)(2013-04-23 06:54:16)
Reg     HKCU\Software\Microsoft\IntelliType Pro\AppSpecific\pidgin.exe@Path                                                                                             C:\Program Files\Pidgin\pidgin.exe (Pidgin/The Pidgin developer community)(2014-02-03 00:20:04)
Reg     HKCU\Software\Microsoft\IntelliType Pro\AppSpecific\plugin-hang-ui.exe@Path                                                                                     C:\Program Files\Mozilla Firefox\plugin-hang-ui.exe (Plugin Hang UI for Firefox/Mozilla Corporation SIGNED)(2014-03-31 18:08:26)
Reg     HKCU\Software\Microsoft\IntelliType Pro\AppSpecific\Project64.exe@Path                                                                                          C:\Games\#Emulators\NINTENDO 64 (Project64)\Project64.exe(2005-04-01 12:49:20)
Reg     HKCU\Software\Microsoft\IntelliType Pro\AppSpecific\Rainmeter.exe@Path                                                                                          C:\Program Files\Rainmeter\Rainmeter.exe(2014-01-05 14:24:22)
Reg     HKCU\Software\Microsoft\IntelliType Pro\AppSpecific\SimulationCraft.exe@Path                                                                                    C:\Users\nots0\Documents\simc-548-7-win32\simc-548-7-win32\SimulationCraft.exe(2014-08-01 20:24:01)
Reg     HKCU\Software\Microsoft\IntelliType Pro\AppSpecific\snes9x.exe@Path                                                                                             C:\Games\#Emulators\SUPER NINTENDO (SNES9X)\Snes9x\snes9x.exe (Snes9XW/Gary Henderson)(2013-07-12 16:09:47)
Reg     HKCU\Software\Microsoft\IntelliType Pro\AppSpecific\SPT.exe@Path                                                                                                C:\Games\SpongeBob SquarePants Typing\SPT.exe (SpongeBob SquarePants Typing/Encore)(2013-12-05 20:32:27)
Reg     HKCU\Software\Microsoft\IntelliType Pro\AppSpecific\Subway_Surfers.exe@Path                                                                                     C:\Games\Subway Surfers\Subway_Surfers.exe(2012-12-14 23:17:52)
Reg     HKCU\Software\Microsoft\IntelliType Pro\AppSpecific\TagRename.exe@Path                                                                                          C:\Program Files\TagRename\TagRename.exe (Tag&Rename/Softpointer Inc)(2013-05-14 19:27:09)
Reg     HKCU\Software\Microsoft\IntelliType Pro\AppSpecific\Torchlight2.exe@Path                                                                                        C:\Games\Torchlight II\Torchlight2.exe (Torchlight II/Runic Games, Inc.)(2014-09-28 00:45:22)
Reg     HKCU\Software\Microsoft\IntelliType Pro\AppSpecific\uTorrent.exe@Path                                                                                           C:\Users\nots0\AppData\Local\uTorrent\uTorrent.exe (µTorrent/BitTorrent Inc. SIGNED)(2014-07-21 08:22:34)
Reg     HKCU\Software\Microsoft\IntelliType Pro\AppSpecific\VcsCore.exe@Path                                                                                            C:\Program Files\AV Vcs 7.0 DIAMOND\VcsCore.exe (VCS. Core dispatcher/Avnex Ltd)(2014-04-16 11:38:12)
Reg     HKCU\Software\Microsoft\IntelliType Pro\AppSpecific\VirtualDub.exe@Path                                                                                         C:\Program Files\VirtualDUB Pack\VirtualDub-1.9.1\VirtualDub.exe(2009-05-03 22:27:15)
Reg     HKCU\Software\Microsoft\IntelliType Pro\AppSpecific\vlc.exe@Path                                                                                                C:\Program Files\VideoLAN\VLC\vlc.exe (VLC media player 2.1.0/VideoLAN)(2013-09-22 23:18:28)
Reg     HKCU\Software\Microsoft\IntelliType Pro\AppSpecific\winamp.exe@Path                                                                                             C:\Program Files\Winamp\winamp.exe (Winamp/Nullsoft, Inc. SIGNED)(2013-12-13 02:47:54)
Reg     HKCU\Software\Microsoft\IntelliType Pro\AppSpecific\Window Hide Tool.exe@Path                                                                                   C:\Program Files\Window Hide Tool\Window Hide Tool.exe (Window Hide Tool/FOMINE SOFTWARE)(2014-04-29 20:08:47)
Reg     HKCU\Software\Microsoft\IntelliType Pro\AppSpecific\WinRAR.exe@Path                                                                                             C:\Program Files\WinRAR\WinRAR.exe (WinRAR archiver/Alexander Roshal)(2013-03-09 21:15:56)
Reg     HKCU\Software\Microsoft\IntelliType Pro\AppSpecific\World of Warcraft Launcher.exe@Path                                                                         C:\Program Files\World of Warcraft\World of Warcraft Launcher.exe (World of Warcraft Setup/Blizzard Entertainment SIGNED)(2013-03-09 21:36:24)
Reg     HKCU\Software\Microsoft\IntelliType Pro\AppSpecific\World of Warcraft Public Test Launcher.exe@Path                                                             C:\Program Files\World of Warcraft Public Test\World of Warcraft Public Test Launcher.exe (World of Warcraft Public Test Setup/Blizzard Entertainment SIGNED)(2013-03-24 02:14:07)
Reg     HKCU\Software\Microsoft\IntelliType Pro\AppSpecific\Wow.exe@Path                                                                                                C:\Program Files\World of Warcraft\Wow.exe (World of Warcraft Retail/Blizzard Entertainment SIGNED)(2013-03-09 21:36:24)
Reg     HKCU\Software\Microsoft\IntelliType Pro\AppSpecific\zenmap.exe@Path                                                                                             C:\Program Files\Nmap\zenmap.exe(2014-08-21 22:25:12)
Reg     HKCU\Software\Microsoft\IntelliType Pro\AppSpecific\zsnesw.exe@Path                                                                                             C:\Games\#Emulators\SUPER NINTENDO (SNES9X)\ZSnes\zsnesw.exe(2013-07-18 18:07:26)
Reg     HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.dll\OpenWithList@a                                                                            C:\Program Files\Mozilla Firefox\firefox.exe (Firefox/Mozilla Corporation SIGNED)(2014-03-31 18:08:23)
Reg     HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.library-ms\OpenWithList@a                                                                     C:\Users\nots0\Downloads\uTorrent.exe (µTorrent/BitTorrent Inc. SIGNED)(2014-07-21 08:19:02)
Reg     HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.png\OpenWithList@c                                                                            C:\Program Files\Mozilla Firefox\firefox.exe (Firefox/Mozilla Corporation SIGNED)(2014-03-31 18:08:23)
Reg     HKCU\Software\Microsoft\Windows\CurrentVersion\Run@DAEMON Tools Pro Agent                                                                                       C:\Program Files\DAEMON Tools Pro\DTAgent.exe (DAEMON Tools Pro Agent/DT Soft Ltd SIGNED)(2012-10-23 08:25:10)
Reg     HKCU\Software\Microsoft\Windows\CurrentVersion\Run-@FLBackup                                                                                                    C:\Program Files\NewSoftware's\Folder Lock\FLComServCtrl.exe (New Softwares.net SIGNED)(2013-03-10 14:28:07)
Reg     HKCU\Software\Microsoft\Windows\CurrentVersion\Run-@WinFLTray                                                                                                   C:\Windows\system32\WinFLTray.exe (Tray Application/ New Softwares.net SIGNED)(2013-03-10 14:27:53)

---- Files - GMER 2.1 ----

File    C:\Program Files\NewSoftware's\Folder Lock                                                                                                                      
File    C:\Program Files\NewSoftware's\Folder Lock\FLComServ.exe                                                                                                        
File    C:\Program Files\NewSoftware's\Folder Lock\FLComServCtrl.exe                                                                                                    
File    C:\Program Files\NewSoftware's\Folder Lock\flk.ico                                                                                                              
File    C:\Program Files\NewSoftware's\Folder Lock\flka.ico                                                                                                             
File    C:\Program Files\NewSoftware's\Folder Lock\flkb.ico                                                                                                             
File    C:\Program Files\NewSoftware's\Folder Lock\flwa.ico                                                                                                             
File    C:\Program Files\NewSoftware's\Folder Lock\Folder Lock.exe                                                                                                      
File    C:\Program Files\NewSoftware's\Folder Lock\Help.chm                                                                                                             
File    C:\Program Files\NewSoftware's\Folder Lock\htmlayout.dll                                                                                                        
File    C:\Program Files\NewSoftware's\Folder Lock\uninstall.exe                                                                                                        



#3 cer0

cer0
  • Topic Starter

  • Members
  • 26 posts
  • OFFLINE
  •  
  • Local time:06:45 AM

Posted 02 October 2014 - 05:11 AM

Logfile of Trend Micro HijackThis v2.0.5
Scan saved at 5:48:37 AM, on 10/2/2014
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v11.0 (11.00.9600.16518)

FIREFOX: 32.0.3 (x86 en-US)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
c:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe
c:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe
C:\Program Files\TuneUp Utilities 2014\TuneUpUtilitiesApp32.exe
C:\Program Files\Microsoft Security Client\msseces.exe
C:\Program Files\DAEMON Tools Pro\DTShellHlp.exe
C:\Windows\system32\wuauclt.exe
C:\Program Files\VideoLAN\VLC\vlc.exe
C:\Program Files\Opera\21.0.1432.67\opera.exe
C:\Program Files\Opera\21.0.1432.67\opera_crashreporter.exe
C:\Program Files\Opera\21.0.1432.67\opera.exe
C:\Program Files\Opera\21.0.1432.67\opera.exe
C:\Program Files\Opera\21.0.1432.67\opera.exe
C:\Program Files\Opera\21.0.1432.67\opera.exe
C:\Program Files\Opera\21.0.1432.67\opera.exe
C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_15_0_0_152.exe
C:\Program Files\Opera\21.0.1432.67\opera.exe
C:\Program Files\Opera\21.0.1432.67\opera.exe
C:\Program Files\Opera\21.0.1432.67\opera.exe
C:\Users\nots0\Downloads\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = 
O2 - BHO: Drop Pad Web Backup - {25DA541F-6ACF-4052-A8AA-1D58284729C7} - mscoree.dll (file missing)
O2 - BHO: Lync Click to Call BHO - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office\Office15\OCHelper.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~1\MICROS~3\Office15\URLREDIR.DLL
O2 - BHO: Microsoft SkyDrive Pro Browser Helper - {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} - C:\PROGRA~1\MICROS~3\Office15\GROOVEEX.DLL
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll
O4 - HKLM\..\Run: [MSC] "c:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey
O4 - HKCU\..\Run: [DAEMON Tools Pro Agent] "C:\Program Files\DAEMON Tools Pro\DTAgent.exe" -autorun
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office15\EXCEL.EXE/3000
O8 - Extra context menu item: Se&nd to OneNote - res://C:\PROGRA~1\MICROS~3\Office15\ONBttnIE.dll/105
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office15\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office15\ONBttnIE.dll
O9 - Extra button: Lync Click to Call - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office\Office15\OCHelper.dll
O9 - Extra 'Tools' menuitem: Lync Click to Call - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office\Office15\OCHelper.dll
O9 - Extra button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office15\ONBttnIELinkedNotes.dll
O9 - Extra 'Tools' menuitem: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office15\ONBttnIELinkedNotes.dll
O10 - Unknown file in Winsock LSP: c:\program files\common files\microsoft shared\windows live\wlidnsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\common files\microsoft shared\windows live\wlidnsp.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O15 - Trusted Zone: *.clonewarsadventures.com
O15 - Trusted Zone: *.freerealms.com
O15 - Trusted Zone: *.soe.com
O15 - Trusted Zone: *.sony.com
O18 - Protocol: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office\Office15\MSOSB.DLL
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
O18 - Filter hijack: text/xml - {807583E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE15\MSOXMLMF.DLL
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: @comres.dll,-947 (COMSysApp) - Unknown owner - C:\Windows\system32\dllhost.exe
O23 - Service: Folder Size (FolderSize) - Brio - C:\Program Files\FolderSize\FolderSizeSvc.exe
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: MBAMScheduler - Malwarebytes Corporation - C:\Program Files\Malwarebytes Anti-Malware\mbamscheduler.exe
O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe
O23 - Service: PP Assistant Service - Unknown owner - C:\Program Files\PP??2.0\adevicehelpersvr.exe (file missing)
O23 - Service: NVIDIA Stereoscopic 3D Driver Service (Stereo Service) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
O23 - Service: TuneUp Utilities Service (TuneUp.UtilitiesSvc) - TuneUp Software - C:\Program Files\TuneUp Utilities 2014\TuneUpUtilitiesService32.exe

--
End of file - 6788 bytes



#4 cer0

cer0
  • Topic Starter

  • Members
  • 26 posts
  • OFFLINE
  •  
  • Local time:06:45 AM

Posted 02 October 2014 - 09:50 PM

Bump



#5 HelpBot

HelpBot

    Bleepin' Binary Bot


  • Bots
  • 12,730 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:07:45 AM

Posted 07 October 2014 - 04:00 AM

Hello and welcome to Bleeping Computer!

I am HelpBot: an automated program designed to help the Bleeping Computer Staff better assist you! This message contains very important information, so please read through all of it before doing anything.

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

To help Bleeping Computer better assist you please perform the following steps:

***************************************************

step1.gif In order to continue receiving help at BleepingComputer.com, YOU MUST tell me if you still need help or if your issue has already been resolved on your own or through another resource! To tell me this, please click on the following link and follow the instructions there.

CLICK THIS LINK >>> http://www.bleepingcomputer.com/logreply/550535 <<< CLICK THIS LINK



If you no longer need help, then all you needed to do was the previous instructions of telling me so. You can skip the rest of this post. If you do need help please continue with Step 2 below.

***************************************************

step2.gifIf you still need help, I would like you to post a Reply to this topic (click the "Add Reply" button in the lower right hand of this page). In that reply, please include the following information:

  • If you have not done so already, include a clear description of the problems you're having, along with any steps you may have performed so far.
  • A new DDS log. For your convenience, you will find the instructions for generating these logs repeated at the bottom of this post.
    • Please do this even if you have previously posted logs for us.
    • If you were unable to produce the logs originally please try once more.
    • If you are unable to create a log please provide detailed information about your installed Windows Operating System including the Version, Edition and if it is a 32bit or a 64bit system.
    • If you are unsure about any of these characteristics just post what you can and we will guide you.
  • Please tell us if you have your original Windows CD/DVD available.
  • Upon completing the above steps and posting a reply, another staff member will review your topic and do their best to resolve your issues.

Thank you for your patience, and again sorry for the delay.

***************************************************

We need to see some information about what is happening in your machine. Please perform the following scan again:

  • Download DDS by sUBs from the following link if you no longer have it available and save it to your destop.

    DDS.com Download Link
  • Double click on the DDS icon, allow it to run.
  • A small box will open, with an explanation about the tool. No input is needed, the scan is running.
  • Notepad will open with the results.
  • Follow the instructions that pop up for posting the results.
  • Close the program window, and delete the program from your desktop.
Please note: You may have to disable any script protection running if the scan fails to run. After downloading the tool, disconnect from the internet and disable all antivirus protection. Run the scan, enable your A/V and reconnect to the internet.

Information on A/V control can be found HERE.

As I am just a silly little program running on the BleepingComputer.com servers, please do not send me private messages as I do not know how to read and reply to them! Thanks!

#6 cer0

cer0
  • Topic Starter

  • Members
  • 26 posts
  • OFFLINE
  •  
  • Local time:06:45 AM

Posted 09 October 2014 - 06:04 PM

I got hacked into a while back and believe that my system is still infected. Thoughts are that svchost,rundll, and dcom may be infected but not positive.

 

Here is an updated DDS Log

 

DDS (Ver_2012-11-20.01) - NTFS_x86
Internet Explorer: 11.0.9600.16518  BrowserJavaVersion: 10.51.2
Run by nots0 at 18:56:44 on 2014-10-09
Microsoft Windows 7 Ultimate   6.1.7601.1.1252.1.1033.18.3327.820 [GMT -4:00]
.
AV: Microsoft Security Essentials *Enabled/Updated* {641105E6-77ED-3F35-A304-765193BCB75F}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Microsoft Security Essentials *Enabled/Updated* {DF70E402-51D7-30BB-99B4-4D23E83BFDE2}
.
============== Running Processes ================
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\nvvsvc.exe
C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
C:\Program Files\Microsoft Security Client\MsMpEng.exe
C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
C:\Windows\system32\nvvsvc.exe
C:\Program Files\FolderSize\FolderSizeSvc.exe
C:\Program Files\Malwarebytes Anti-Malware\mbamscheduler.exe
C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe
C:\Program Files\TuneUp Utilities 2014\TuneUpUtilitiesService32.exe
C:\Program Files\Malwarebytes Anti-Malware\mbam.exe
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskhost.exe
C:\Program Files\TuneUp Utilities 2014\TuneUpUtilitiesApp32.exe
C:\Program Files\Microsoft Security Client\msseces.exe
C:\Program Files\DAEMON Tools Pro\DTShellHlp.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Microsoft Security Client\NisSrv.exe
C:\Program Files\World of Warcraft\Wow.exe
C:\Program Files\World of Warcraft\Utils\WowBrowserProxy.exe
C:\Program Files\VideoLAN\VLC\vlc.exe
C:\Windows\system32\taskeng.exe
C:\Windows\explorer.exe
C:\Users\nots0\Desktop\incoming\WFN_1.9.0\Console.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_15_0_0_152.exe
C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_15_0_0_152.exe
C:\Users\nots0\Desktop\incoming\WFN_1.9.0\Notifier.exe
C:\Windows\system32\DllHost.exe
C:\Program Files\Total Uninstall 6\Tu.exe
C:\Windows\system32\taskmgr.exe
C:\Windows\system32\conhost.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\System32\svchost.exe -k WerSvcGroup
.
============== Pseudo HJT Report ===============
.
uStart Page = www.google.com
mStart Page = hxxp://www.google.com
BHO: Drop Pad Web Backup: {25DA541F-6ACF-4052-A8AA-1D58284729C7} -
BHO: Lync Browser Helper: {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - c:\program files\microsoft office\office15\OCHelper.dll
BHO: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\program files\java\jre7\bin\ssv.dll
BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - c:\program files\microsoft office\office15\URLREDIR.DLL
BHO: Microsoft SkyDrive Pro Browser Helper: {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} - c:\program files\microsoft office\office15\GROOVEEX.DLL
BHO: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - c:\program files\java\jre7\bin\jp2ssv.dll
mRun: [MSC] "c:\program files\microsoft security client\msseces.exe" -hide -runkey
mRunOnce: [Malwarebytes Anti-Malware (cleanup)] "c:\programdata\malwarebytes\malwarebytes anti-malware\mbamdor.exe" "c:\programdata\malwarebytes\Malwarebytes Anti-Malware"
uPolicies-Explorer: NoDrives = dword:0
mPolicies-Explorer: NoDrives = dword:0
mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
mPolicies-System: ConsentPromptBehaviorUser = dword:0
mPolicies-System: EnableUIADesktopToggle = dword:0
.
INFO: HKCU has more than 50 listed domains.
If you wish to scan all of them, select the 'Force scan all domains' option.
.
TCP: NameServer = 75.75.75.75 75.75.76.76
TCP: Interfaces\{A2A47B0F-8346-43CC-8B74-2212AE86D144} : DHCPNameServer = 75.75.75.75 75.75.76.76
Filter: text/xml - {807583E5-5146-11D5-A672-00B0D022E945} - c:\program files\common files\microsoft shared\office15\MSOXMLMF.DLL
Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - c:\program files\microsoft office\office15\MSOSB.DLL
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - LocalServer32 - <no file>
SSODL: WebCheck - <orphaned>
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "c:\program files\google\chrome\application\37.0.2062.124\installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\users\nots0\appdata\roaming\mozilla\firefox\profiles\tz0ans2l.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com
FF - plugin: c:\progra~1\micros~3\office15\NPSPWRAP.DLL
FF - plugin: c:\program files\common files\adobe\oobe\pdapp\ccm\utilities\npAdobeAAMDetect32.dll
FF - plugin: c:\program files\common files\adobe\oobe\pdapp\ccm\utilities\npAdobeAAMDetect64.dll
FF - plugin: c:\program files\google\update\1.3.24.15\npGoogleUpdate3.dll
FF - plugin: c:\program files\java\jre7\bin\dtplugin\npdeployJava1.dll
FF - plugin: c:\program files\java\jre7\bin\plugin2\npjp2.dll
FF - plugin: c:\program files\microsoft silverlight\5.1.30214.0\npctrlui.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npMeetingJoinPluginOC.dll
FF - plugin: c:\program files\nvidia corporation\3d vision\npnv3dv.dll
FF - plugin: c:\program files\nvidia corporation\3d vision\npnv3dvstreaming.dll
FF - plugin: c:\program files\ubisoft\ubisoft game launcher\npuplaypc.dll
FF - plugin: c:\program files\ubisoft\ubisoft game launcher\npuplaypchub.dll
FF - plugin: c:\program files\windows live\photo gallery\NPWLPG.dll
FF - plugin: c:\windows\system32\macromed\flash\NPSWF32_11_8_800_168.dll
FF - plugin: c:\windows\system32\macromed\flash\NPSWF32_15_0_0_152.dll
FF - ExtSQL: 2014-09-25 20:32; {2fab2e94-d6f9-42de-8839-3510cef6424b}; c:\users\nots0\appdata\roaming\mozilla\firefox\profiles\tz0ans2l.default\extensions\{2fab2e94-d6f9-42de-8839-3510cef6424b}
.
---- FIREFOX POLICIES ----
FF - user.js: network.http.max-persistent-connections-per-server - 4
FF - user.js: nglayout.initialpaint.delay - 600
FF - user.js: content.notify.interval - 600000
FF - user.js: content.max.tokenizing.time - 1800000
FF - user.js: content.switch.threshold - 600000
FF - user.js: yahoo.ytff.general.dontshowhpoffer - true
.
============= SERVICES / DRIVERS ===============
.
R0 MpFilter;Microsoft Malware Protection Driver;c:\windows\system32\drivers\MpFilter.sys [2014-1-25 231960]
R1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\drivers\dtsoftbus01.sys [2013-3-9 242240]
R1 MpKslb997da32;MpKslb997da32;c:\programdata\microsoft\microsoft antimalware\definition updates\{5fde2106-6fdb-4928-85c8-2a67addceac1}\MpKslb997da32.sys [2014-10-9 39464]
R1 WinFLAdrv;WinFLAdrv;c:\windows\system32\WinFLAdrv.sys [2013-3-10 29184]
R2 MBAMScheduler;MBAMScheduler;c:\program files\malwarebytes anti-malware\mbamscheduler.exe [2014-7-6 1809720]
R2 MBAMService;MBAMService;c:\program files\malwarebytes anti-malware\mbamservice.exe [2014-7-6 860472]
R2 NisDrv;Microsoft Network Inspection System;c:\windows\system32\drivers\NisDrvWFP.sys [2013-1-20 104264]
R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files\nvidia corporation\3d vision\nvSCPAPISvr.exe [2014-3-22 411936]
R2 TuneUp.UtilitiesSvc;TuneUp Utilities Service;c:\program files\tuneup utilities 2014\TuneUpUtilitiesService32.exe [2014-4-15 1774904]
R2 WinVDEDrv;WinVDEDrv;c:\windows\system32\WinVDEdrv.sys [2013-3-10 228112]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2014-7-6 23256]
R3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\MBAMSwissArmy.sys [2014-7-6 110296]
R3 MBAMWebAccessControl;MBAMWebAccessControl;c:\windows\system32\drivers\mwac.sys [2014-7-6 51928]
R3 NisSrv;Microsoft Network Inspection;c:\program files\microsoft security client\NisSrv.exe [2014-3-11 279776]
R3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\drivers\Rt86win7.sys [2011-6-10 394856]
R3 TuneUpUtilitiesDrv;TuneUpUtilitiesDrv;c:\program files\tuneup utilities 2014\TuneUpUtilitiesDriver32.sys [2014-3-26 12320]
R3 VIAHdAudAddService;VIA High Definition Audio Driver Service;c:\windows\system32\drivers\viahduaa.sys [2010-5-15 1150880]
RUnknown MpKsle9760d37;MpKsle9760d37; [x]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2012-7-9 104912]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-13 229888]
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2013-3-9 15872]
S3 rkhdrv40;Rootkit Unhooker Driver;c:\windows\system32\drivers\rkhdrv40.sys [2014-10-3 24448]
S3 taphss6;Anchorfree HSS VPN Adapter;c:\windows\system32\drivers\taphss6.sys [2013-4-24 37064]
S3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\TsUsbFlt.sys [2013-3-10 52224]
S4 FLService;FLService;c:\windows\system32\WinFLService.exe [2013-3-10 92360]
S4 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\ieetwcollector.exe [2014-2-12 108032]
S4 LiveUpdateSvc;LiveUpdate;c:\program files\iobit\liveupdate\LiveUpdate.exe [2014-4-6 2151200]
S4 SkypeUpdate;Skype Updater;c:\program files\skype\updater\Updater.exe [2013-10-23 172192]
.
=============== File Associations ===============
.
FileExt: .inf: inffile=c:\windows\system32\NOTEPAD.EXE %1 [UserChoice]
ShellExec: Opera.exe: open="c:\program files\opera\Launcher.exe" "%1"
.
=============== Created Last 30 ================
.
2014-10-09 04:57:08    39464    ----a-w-    c:\programdata\microsoft\microsoft antimalware\definition updates\{5fde2106-6fdb-4928-85c8-2a67addceac1}\MpKslb997da32.sys
2014-10-09 04:42:54    --------    d-----w-    c:\users\nots0\appdata\local\Wokhan
2014-10-08 22:00:16    --------    d-----w-    c:\users\nots0\appdata\roaming\TradeSkillMaster
2014-10-08 19:02:12    8806800    ----a-w-    c:\programdata\microsoft\microsoft antimalware\definition updates\{5fde2106-6fdb-4928-85c8-2a67addceac1}\mpengine.dll
2014-10-03 12:48:20    52440    ----a-w-    c:\windows\system32\drivers\qxuljc.sys
2014-10-03 08:30:20    24448    ----a-w-    c:\windows\system32\drivers\rkhdrv40.sys
2014-10-03 01:46:01    --------    d-----w-    c:\users\nots0\appdata\roaming\FreeFixer
2014-10-03 01:46:01    --------    d-----w-    c:\users\nots0\appdata\local\FreeFixer
2014-10-03 01:40:46    --------    d-----w-    c:\program files\FreeFixer
2014-10-03 01:11:36    8806800    ----a-w-    c:\programdata\microsoft\microsoft antimalware\definition updates\backup\mpengine.dll
2014-10-02 14:56:26    908840    ------w-    c:\programdata\microsoft\microsoft antimalware\definition updates\{4f06367a-22c0-4217-84ca-63040d217644}\gapaengine.dll
2014-10-02 08:07:45    --------    d-----w-    c:\users\nots0\appdata\roaming\FixZeroAccess
2014-10-01 19:06:25    36664    ----a-w-    c:\windows\system32\TURegOpt.exe
2014-10-01 19:06:22    25400    ----a-w-    c:\windows\system32\authuitu.dll
2014-10-01 18:56:04    --------    d-sh--w-    C:\$RECYCLE.BIN
2014-10-01 18:16:28    --------    d-s---w-    C:\ComboFix
2014-10-01 16:16:36    --------    d-----w-    c:\users\nots0\.zenmap
2014-10-01 16:14:15    --------    d-----w-    c:\program files\Nmap
2014-10-01 15:19:50    --------    d-----w-    C:\FRST
2014-10-01 14:38:04    34808    ----a-w-    c:\windows\system32\drivers\TrueSight.sys
2014-10-01 14:38:01    --------    d-----w-    c:\programdata\RogueKiller
2014-10-01 12:48:29    --------    d-----w-    c:\users\nots0\appdata\local\TuneUp Software
2014-10-01 12:48:17    --------    d-----w-    c:\program files\TuneUp Utilities 2014
2014-10-01 12:29:06    --------    d-----w-    c:\programdata\Martau
2014-10-01 12:28:50    --------    d-----w-    c:\program files\Total Uninstall 6
2014-09-28 01:55:54    --------    d-----w-    c:\programdata\RELOADED
2014-09-27 18:16:07    --------    d-----w-    c:\program files\PP??2.0
2014-09-27 14:48:08    --------    d-----w-    c:\programdata\FaceOnBody2
2014-09-27 14:43:45    --------    d-----w-    c:\program files\FaceOnBody2
2014-09-25 01:01:30    --------    d-----w-    c:\users\nots0\appdata\roaming\com.ninjakiwi.BloonsTD5Deluxe
2014-09-19 02:28:08    3231696    ----a-w-    c:\program files\mozilla firefox\d3dcompiler_46.dll
.
==================== Find3M  ====================
.
2014-10-07 03:31:54    110296    ----a-w-    c:\windows\system32\drivers\MBAMSwissArmy.sys
2014-09-24 15:01:21    701104    ----a-w-    c:\windows\system32\FlashPlayerApp.exe
2014-09-24 15:01:20    71344    ----a-w-    c:\windows\system32\FlashPlayerCPLApp.cpl
2014-09-15 13:06:04    231568    ------w-    c:\windows\system32\MpSigStub.exe
.
============= FINISH: 18:57:46.60 ===============
 

 


 

.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2012-11-20.01)
.
Microsoft Windows 7 Ultimate
Boot Device: \Device\HarddiskVolume1
Install Date: 3/9/2013 1:28:16 PM
System Uptime: 10/4/2014 11:05:59 PM (115 hours ago)
.
Motherboard: ASUSTeK Computer INC. |  | M4A79XTD EVO
Processor: AMD Phenom™ II X4 955 Processor | AM3 | 800/200mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 931 GiB total, 496.852 GiB free.
D: is CDROM (UDF)
E: is CDROM ()
.
==== Disabled Device Manager Items =============
.
Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318}
Description: WAN Miniport (IPv6)
Device ID: ROOT\MS_NDISWANIPV6\0000
Manufacturer: Microsoft
Name: WAN Miniport (IPv6)
PNP Device ID: ROOT\MS_NDISWANIPV6\0000
Service: NdisWan
.
Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318}
Description: WAN Miniport (PPPOE)
Device ID: ROOT\MS_PPPOEMINIPORT\0000
Manufacturer: Microsoft
Name: WAN Miniport (PPPOE)
PNP Device ID: ROOT\MS_PPPOEMINIPORT\0000
Service: RasPppoe
.
Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318}
Description: WAN Miniport (PPTP)
Device ID: ROOT\MS_PPTPMINIPORT\0000
Manufacturer: Microsoft
Name: WAN Miniport (PPTP)
PNP Device ID: ROOT\MS_PPTPMINIPORT\0000
Service: PptpMiniport
.
Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318}
Description: WAN Miniport (SSTP)
Device ID: ROOT\MS_SSTPMINIPORT\0000
Manufacturer: Microsoft
Name: WAN Miniport (SSTP)
PNP Device ID: ROOT\MS_SSTPMINIPORT\0000
Service: RasSstp
.
Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318}
Description: Microsoft ISATAP Adapter
Device ID: ROOT\*ISATAP\0000
Manufacturer: Microsoft
Name: Microsoft ISATAP Adapter
PNP Device ID: ROOT\*ISATAP\0000
Service: tunnel
.
Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318}
Description: Microsoft ISATAP Adapter
Device ID: ROOT\*ISATAP\0001
Manufacturer: Microsoft
Name: Microsoft ISATAP Adapter #2
PNP Device ID: ROOT\*ISATAP\0001
Service: tunnel
.
Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318}
Description: Microsoft ISATAP Adapter
Device ID: ROOT\*ISATAP\0002
Manufacturer: Microsoft
Name: Microsoft ISATAP Adapter #3
PNP Device ID: ROOT\*ISATAP\0002
Service: tunnel
.
Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318}
Description: Microsoft ISATAP Adapter
Device ID: ROOT\*ISATAP\0003
Manufacturer: Microsoft
Name: Microsoft ISATAP Adapter #4
PNP Device ID: ROOT\*ISATAP\0003
Service: tunnel
.
Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318}
Description: Microsoft ISATAP Adapter
Device ID: ROOT\*ISATAP\0004
Manufacturer: Microsoft
Name: Microsoft ISATAP Adapter #5
PNP Device ID: ROOT\*ISATAP\0004
Service: tunnel
.
Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318}
Description: WAN Miniport (IKEv2)
Device ID: ROOT\MS_AGILEVPNMINIPORT\0000
Manufacturer: Microsoft
Name: WAN Miniport (IKEv2)
PNP Device ID: ROOT\MS_AGILEVPNMINIPORT\0000
Service: RasAgileVpn
.
Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318}
Description: WAN Miniport (L2TP)
Device ID: ROOT\MS_L2TPMINIPORT\0000
Manufacturer: Microsoft
Name: WAN Miniport (L2TP)
PNP Device ID: ROOT\MS_L2TPMINIPORT\0000
Service: Rasl2tp
.
Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318}
Description: WAN Miniport (Network Monitor)
Device ID: ROOT\MS_NDISWANBH\0000
Manufacturer: Microsoft
Name: WAN Miniport (Network Monitor)
PNP Device ID: ROOT\MS_NDISWANBH\0000
Service: NdisWan
.
Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318}
Description: WAN Miniport (IP)
Device ID: ROOT\MS_NDISWANIP\0000
Manufacturer: Microsoft
Name: WAN Miniport (IP)
PNP Device ID: ROOT\MS_NDISWANIP\0000
Service: NdisWan
.
==== System Restore Points ===================
.
RP483: 10/9/2014 4:02:39 AM - Scheduled Checkpoint
RP485: 10/9/2014 3:35:46 PM - Windows Live Essentials
RP487: 10/9/2014 3:39:41 PM - Uninstalled with Total Uninstall "My Web Backups"
RP489: 10/9/2014 3:43:28 PM - Uninstalled with Total Uninstall "Windows Live Essentials"
RP491: 10/9/2014 3:44:09 PM - Windows Live Essentials
RP493: 10/9/2014 3:56:41 PM - Uninstalled with Total Uninstall "Strongvault Online Backup"
.
==== Installed Programs ======================
.
µTorrent
Adobe AIR
Adobe Dreamweaver CC
Adobe Fireworks CS6
Adobe Flash Player 15 ActiveX
Adobe Flash Player 15 Plugin
Adobe Photoshop CC
Adobe Update Management Tool
Adobe Widget Browser
Angry Birds Star Wars II 1.0.4
Apple Application Support
Apple Mobile Device Support
Apple Software Update
Battle.net
Better File Rename 5.44
Bloons TD 5 Deluxe version 1.21
Bonjour
CCleaner
Curse Client
D3DX10
DAEMON Tools Pro
Definition Update for Microsoft Office 2013 (KB2760587) 32-Bit Edition
Diablo III
Dust: An Elysian Tail
Folder Size
Foxit Advanced PDF Editor 3
Ghostbuster
Google Chrome
Google Update Helper
ImgBurn
iTunes
Java 7 Update 51
Java Auto Updater
MakeTorrent v2.1
Malwarebytes Anti-Malware version 2.0.2.1012
Mark of the Ninja Special Edition
Metal Slug Complete PC 1.0
Microsoft .NET Framework 4.5
Microsoft Access MUI (English) 2013
Microsoft Access Setup Metadata MUI (English) 2013
Microsoft Application Error Reporting
Microsoft Baseline Security Analyzer 2.2
Microsoft DCF MUI (English) 2013
Microsoft Excel MUI (English) 2013
Microsoft Games for Windows - LIVE Redistributable
Microsoft Groove MUI (English) 2013
Microsoft InfoPath MUI (English) 2013
Microsoft Lync MUI (English) 2013
Microsoft Mouse and Keyboard Center
Microsoft Office OSM MUI (English) 2013
Microsoft Office OSM UX MUI (English) 2013
Microsoft Office Professional Plus 2013
Microsoft Office Proofing (English) 2013
Microsoft Office Proofing Tools 2013 - English
Microsoft Office Proofing Tools 2013 - Español
Microsoft Office Shared MUI (English) 2013
Microsoft Office Shared Setup Metadata MUI (English) 2013
Microsoft OneNote MUI (English) 2013
Microsoft Outlook MUI (English) 2013
Microsoft PowerPoint MUI (English) 2013
Microsoft Publisher MUI (English) 2013
Microsoft Report Viewer Redistributable 2005
Microsoft Security Client
Microsoft Security Essentials
Microsoft Silverlight
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005
Microsoft Visual C++ 2013 x86 Additional Runtime - 12.0.21005
Microsoft Visual C++ 2013 x86 Minimum Runtime - 12.0.21005
Microsoft Word MUI (English) 2013
Minecraft1.7.2
Movie Maker
Mozilla Firefox 32.0.3 (x86 en-US)
Mozilla Maintenance Service
MSVCRT
MSVCRT110
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
Nmap 6.47
NVIDIA 3D Vision Driver 335.23
NVIDIA Control Panel 335.23
NVIDIA Graphics Driver 335.23
NVIDIA Install Application
NVIDIA Stereoscopic 3D Driver
Opera Stable 21.0.1432.67
Outils de vérification linguistique 2013 de Microsoft Office - Français
PDF Settings CC
Photo Common
Photo Gallery
Platform
Project64 1.6
QuickPar 0.9
Security Update for Microsoft Word 2013 (KB2863910) 32-Bit Edition
Service Pack 1 for Microsoft Office 2013 (KB2850036) 32-Bit Edition
Sesame Street - Learn, Play & Grow
Shovel Knight
Sine Mora
Skype™ 6.14
SpongeBob SquarePants Typing version 1.0
Subway Surfers 1.0
Tag&Rename 3.6.6
TopMost
Torchlight II © Runic Games version 1
Total Uninstall 6.2.1
TuneUp Utilities 2014
TuneUp Utilities 2014 (en-US)
TuneUp Utilities Language Pack (en-US)
Update for Microsoft Excel 2013 (KB2752087) 32-Bit Edition
Update for Microsoft Lync 2013 (KB2817678) 32-Bit Edition
Update for Microsoft Lync 2013 (KB2863908) 32-Bit Edition
Update for Microsoft Office 2013 (KB2760344) 32-Bit Edition
Update for Microsoft Office 2013 (KB2760544) 32-Bit Edition
Update for Microsoft Office 2013 (KB2768012) 32-Bit Edition
Update for Microsoft Office 2013 (KB2817636) 32-Bit Edition
Update for Microsoft Office 2013 (KB2825631) 32-Bit Edition
Update for Microsoft Office 2013 (KB2827272) 32-Bit Edition
Update for Microsoft Office 2013 (KB2863825) 32-Bit Edition
Update for Microsoft Office 2013 (KB2863843) 32-Bit Edition
Update for Microsoft Office 2013 (KB2863844) 32-Bit Edition
Update for Microsoft Office 2013 (KB2863860) 32-Bit Edition
Update for Microsoft OneDrive for Business (KB2863864) 32-Bit Edition
Update for Microsoft OneNote 2013 (KB2817628) 32-Bit Edition
Update for Microsoft Outlook 2013 (KB2863911) 32-Bit Edition
Update for Microsoft PowerPoint 2013 (KB2837627) 32-Bit Edition
Update for Microsoft Visio Viewer 2013 (KB2817301) 32-Bit Edition
Update for Microsoft Word 2013 (KB2863909) 32-Bit Edition
Uplay
Ventrilo Client
VIA Platform Device Manager
VirtualDUB Pack
VLC media player 2.1.0
VSO ConvertXToDVD
Winamp
Window Hide Tool 2.0
Windows 7 USB/DVD Download Tool
Windows Live Communications Platform
Windows Live ID Sign-in Assistant
Windows Live Installer
Windows Live Photo Common
Windows Live PIMT Platform
Windows Live SOXE
Windows Live SOXE Definitions
Windows Live UX Platform
Windows Live UX Platform Language Pack
Windows Mobile Device Updater Component
WinRAR 4.20 (32-bit)
World of Warcraft
World of Warcraft Public Test
Xilisoft iPhone Ringtone Maker
Xvid Video Codec
YTD Toolbar v9.0
YTD Video Downloader 4.8
Zune
Zune Language Pack (CHS)
Zune Language Pack (CHT)
Zune Language Pack (CSY)
Zune Language Pack (DAN)
Zune Language Pack (DEU)
Zune Language Pack (ELL)
Zune Language Pack (ESP)
Zune Language Pack (FIN)
Zune Language Pack (FRA)
Zune Language Pack (HUN)
Zune Language Pack (IND)
Zune Language Pack (ITA)
Zune Language Pack (JPN)
Zune Language Pack (KOR)
Zune Language Pack (MSL)
Zune Language Pack (NLD)
Zune Language Pack (NOR)
Zune Language Pack (PLK)
Zune Language Pack (PTB)
Zune Language Pack (PTG)
Zune Language Pack (RUS)
Zune Language Pack (SVE)
.
==== Event Viewer Messages From Past Week ========
.
10/9/2014 6:56:29 PM, Error: Microsoft-Windows-DistributedCOM [10000]  - Unable to start a DCOM Server: {AB8902B4-09CA-4BB6-B78D-A8F59079A8D5}. The error: "5" Happened while starting this command: C:\Windows\system32\DllHost.exe /Processid:{AB8902B4-09CA-4BB6-B78D-A8F59079A8D5}
10/9/2014 3:48:15 PM, Error: Service Control Manager [7031]  - The Apple Mobile Device service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 60000 milliseconds: Restart the service.
10/9/2014 3:21:55 PM, Error: Microsoft-Windows-DistributedCOM [10000]  - Unable to start a DCOM Server: {30D49246-D217-465F-B00B-AC9DDD652EB7}. The error: "5" Happened while starting this command: C:\Windows\system32\DllHost.exe /Processid:{30D49246-D217-465F-B00B-AC9DDD652EB7}
10/9/2014 3:18:32 PM, Error: Microsoft Antimalware [2001]  - Microsoft Antimalware has encountered an error trying to update signatures.      New Signature Version:       Previous Signature Version: 1.185.2649.0      Update Source: Microsoft Update Server      Update Stage: Search      Source Path: Default URL      Signature Type: AntiVirus      Update Type: Full      User: NT AUTHORITY\SYSTEM      Current Engine Version:       Previous Engine Version: 1.1.11005.0      Error code: 0x80070422      Error description: The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.
10/9/2014 3:17:14 PM, Error: Microsoft Antimalware [2001]  - Microsoft Antimalware has encountered an error trying to update signatures.      New Signature Version:       Previous Signature Version: 1.185.2649.0      Update Source: Microsoft Update Server      Update Stage: Search      Source Path: Default URL      Signature Type: AntiVirus      Update Type: Full      User: NT AUTHORITY\SYSTEM      Current Engine Version:       Previous Engine Version: 1.1.11005.0      Error code: 0x80070422      Error description: The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.
10/9/2014 3:13:41 PM, Error: Microsoft-Windows-DistributedCOM [10000]  - Unable to start a DCOM Server: {0358B920-0AC7-461F-98F4-58E32CD89148}. The error: "5" Happened while starting this command: C:\Windows\system32\DllHost.exe /Processid:{3EB3C877-1F16-487C-9050-104DBCD66683}
10/9/2014 12:32:45 AM, Error: Microsoft-Windows-DistributedCOM [10001]  - Unable to start a DCOM Server: {C39EE728-D419-4BD4-A3EF-EDA059DBD935} as /. The error: "5" Happened while starting this command: C:\Windows\system32\DllHost.exe /Processid:{F9717507-6651-4EDB-BFF7-AE615179BCCF}
10/9/2014 11:21:24 AM, Error: Service Control Manager [7034]  - The Bonjour Service service terminated unexpectedly.  It has done this 1 time(s).
10/8/2014 3:02:02 PM, Error: Microsoft Antimalware [2001]  - Microsoft Antimalware has encountered an error trying to update signatures.      New Signature Version:       Previous Signature Version: 1.185.2003.0      Update Source: Microsoft Update Server      Update Stage: Search      Source Path: Default URL      Signature Type: AntiVirus      Update Type: Full      User: NT AUTHORITY\SYSTEM      Current Engine Version:       Previous Engine Version: 1.1.11005.0      Error code: 0x80070422      Error description: The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.
10/8/2014 11:17:18 PM, Error: Microsoft Antimalware [2001]  - Microsoft Antimalware has encountered an error trying to update signatures.      New Signature Version:       Previous Signature Version: 1.185.2649.0      Update Source: Microsoft Update Server      Update Stage: Search      Source Path: Default URL      Signature Type: AntiVirus      Update Type: Full      User: NT AUTHORITY\SYSTEM      Current Engine Version:       Previous Engine Version: 1.1.11005.0      Error code: 0x80070422      Error description: The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.
10/8/2014 1:26:02 AM, Error: volsnap [36]  - The shadow copies of volume C: were aborted because the shadow copy storage could not grow due to a user imposed limit.
10/7/2014 8:17:11 AM, Error: Microsoft Antimalware [2001]  - Microsoft Antimalware has encountered an error trying to update signatures.      New Signature Version:       Previous Signature Version: 1.185.2003.0      Update Source: Microsoft Update Server      Update Stage: Search      Source Path: Default URL      Signature Type: AntiVirus      Update Type: Full      User: NT AUTHORITY\SYSTEM      Current Engine Version:       Previous Engine Version: 1.1.11005.0      Error code: 0x80070422      Error description: The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.
10/7/2014 12:13:47 PM, Error: Microsoft Antimalware [2001]  - Microsoft Antimalware has encountered an error trying to update signatures.      New Signature Version:       Previous Signature Version: 1.185.2003.0      Update Source: Microsoft Update Server      Update Stage: Search      Source Path: Default URL      Signature Type: AntiVirus      Update Type: Full      User: NT AUTHORITY\SYSTEM      Current Engine Version:       Previous Engine Version: 1.1.11005.0      Error code: 0x80070422      Error description: The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.
10/7/2014 11:26:52 PM, Error: Microsoft Antimalware [2001]  - Microsoft Antimalware has encountered an error trying to update signatures.      New Signature Version:       Previous Signature Version: 1.185.2003.0      Update Source: Microsoft Update Server      Update Stage: Search      Source Path: Default URL      Signature Type: AntiVirus      Update Type: Full      User: NT AUTHORITY\SYSTEM      Current Engine Version:       Previous Engine Version: 1.1.11005.0      Error code: 0x80070422      Error description: The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.
10/7/2014 1:26:04 PM, Error: Microsoft-Windows-DistributedCOM [10000]  - Unable to start a DCOM Server: {BB46F03E-7CD2-489F-8F95-BB950F395FDB}. The error: "5" Happened while starting this command: C:\Windows\system32\DllHost.exe /Processid:{16D99191-6280-4B33-A2F5-04805A0FC582}
10/6/2014 9:47:58 PM, Error: Microsoft Antimalware [2001]  - Microsoft Antimalware has encountered an error trying to update signatures.      New Signature Version:       Previous Signature Version: 1.185.2003.0      Update Source: Microsoft Update Server      Update Stage: Search      Source Path: Default URL      Signature Type: AntiVirus      Update Type: Full      User: NT AUTHORITY\SYSTEM      Current Engine Version:       Previous Engine Version: 1.1.11005.0      Error code: 0x80070422      Error description: The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.
10/6/2014 9:47:49 PM, Error: Microsoft Antimalware [2001]  - Microsoft Antimalware has encountered an error trying to update signatures.      New Signature Version:       Previous Signature Version: 1.185.2003.0      Update Source: Microsoft Update Server      Update Stage: Search      Source Path: Default URL      Signature Type: AntiVirus      Update Type: Full      User: NT AUTHORITY\SYSTEM      Current Engine Version:       Previous Engine Version: 1.1.11005.0      Error code: 0x80070422      Error description: The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.
10/5/2014 9:57:54 PM, Error: Microsoft Antimalware [2001]  - Microsoft Antimalware has encountered an error trying to update signatures.      New Signature Version:       Previous Signature Version: 1.185.2003.0      Update Source: Microsoft Update Server      Update Stage: Search      Source Path: Default URL      Signature Type: AntiVirus      Update Type: Full      User: NT AUTHORITY\SYSTEM      Current Engine Version:       Previous Engine Version: 1.1.11005.0      Error code: 0x80070422      Error description: The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.
10/5/2014 9:47:48 PM, Error: Microsoft Antimalware [2001]  - Microsoft Antimalware has encountered an error trying to update signatures.      New Signature Version:       Previous Signature Version: 1.185.2003.0      Update Source: Microsoft Update Server      Update Stage: Search      Source Path: Default URL      Signature Type: AntiVirus      Update Type: Full      User: NT AUTHORITY\SYSTEM      Current Engine Version:       Previous Engine Version: 1.1.11005.0      Error code: 0x80070422      Error description: The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.
10/5/2014 6:02:58 PM, Error: Microsoft Antimalware [2001]  - Microsoft Antimalware has encountered an error trying to update signatures.      New Signature Version:       Previous Signature Version: 1.185.2003.0      Update Source: Microsoft Update Server      Update Stage: Search      Source Path: Default URL      Signature Type: AntiVirus      Update Type: Full      User: NT AUTHORITY\SYSTEM      Current Engine Version:       Previous Engine Version: 1.1.11005.0      Error code: 0x80070422      Error description: The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.
10/4/2014 7:50:08 PM, Error: Microsoft Antimalware [2001]  - Microsoft Antimalware has encountered an error trying to update signatures.      New Signature Version:       Previous Signature Version: 1.185.2003.0      Update Source: Microsoft Update Server      Update Stage: Search      Source Path: Default URL      Signature Type: AntiVirus      Update Type: Full      User: NT AUTHORITY\SYSTEM      Current Engine Version:       Previous Engine Version: 1.1.11005.0      Error code: 0x80070422      Error description: The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.
10/4/2014 3:30:45 PM, Error: Microsoft Antimalware [2001]  - Microsoft Antimalware has encountered an error trying to update signatures.      New Signature Version:       Previous Signature Version: 1.185.2003.0      Update Source: Microsoft Update Server      Update Stage: Search      Source Path: Default URL      Signature Type: AntiVirus      Update Type: Full      User: NT AUTHORITY\SYSTEM      Current Engine Version:       Previous Engine Version: 1.1.11005.0      Error code: 0x80070422      Error description: The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.
10/4/2014 10:44:23 AM, Error: Microsoft Antimalware [2001]  - Microsoft Antimalware has encountered an error trying to update signatures.      New Signature Version:       Previous Signature Version: 1.185.2003.0      Update Source: Microsoft Update Server      Update Stage: Search      Source Path: Default URL      Signature Type: AntiVirus      Update Type: Full      User: NT AUTHORITY\SYSTEM      Current Engine Version:       Previous Engine Version: 1.1.11005.0      Error code: 0x80070422      Error description: The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.
10/4/2014 10:34:17 AM, Error: Microsoft Antimalware [2001]  - Microsoft Antimalware has encountered an error trying to update signatures.      New Signature Version:       Previous Signature Version: 1.185.2003.0      Update Source: Microsoft Update Server      Update Stage: Search      Source Path: Default URL      Signature Type: AntiVirus      Update Type: Full      User: NT AUTHORITY\SYSTEM      Current Engine Version:       Previous Engine Version: 1.1.11005.0      Error code: 0x80070422      Error description: The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.
10/3/2014 12:01:58 AM, Error: Service Control Manager [7034]  - The PP Assistant Service service terminated unexpectedly.  It has done this 1 time(s).
10/3/2014 11:25:33 PM, Error: Microsoft Antimalware [2001]  - Microsoft Antimalware has encountered an error trying to update signatures.      New Signature Version:       Previous Signature Version: 1.185.2003.0      Update Source: Microsoft Update Server      Update Stage: Search      Source Path: Default URL      Signature Type: AntiVirus      Update Type: Full      User: NT AUTHORITY\SYSTEM      Current Engine Version:       Previous Engine Version: 1.1.11005.0      Error code: 0x80070422      Error description: The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.
10/2/2014 4:22:24 AM, Error: Microsoft Antimalware [2001]  - Microsoft Antimalware has encountered an error trying to update signatures.      New Signature Version:       Previous Signature Version: 1.185.1458.0      Update Source: Microsoft Update Server      Update Stage: Search      Source Path: http://www.microsoft.com      Signature Type: AntiVirus      Update Type: Full      User: NT AUTHORITY\SYSTEM      Current Engine Version:       Previous Engine Version: 1.1.11005.0      Error code: 0x80244015      Error description: An unexpected problem occurred while checking for updates. For information on installing or troubleshooting updates, see Help and Support.
10/2/2014 4:12:13 AM, Error: Service Control Manager [7001]  - The Internet Connection Sharing (ICS) service depends on the Remote Access Connection Manager service which failed to start because of the following error:  The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.
10/2/2014 11:28:15 PM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001]  - The computer has rebooted from a bugcheck.  The bugcheck was: 0x000000ce (0xa64f82b9, 0x00000000, 0xa64f82b9, 0x00000000). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 100214-26551-01.
.
==== End Of File ===========================
 



#7 Naathim

Naathim

    Bleepin' Minion


  • Members
  • 435 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Poland
  • Local time:12:45 PM

Posted 10 October 2014 - 01:38 AM


Minion%20Welcome.jpg


My name's Naathim and I'm a GeekU Minion! Now that we are mates and will be working together to clean your machine out of any junkware, feel free to call me Naat :)

Before we start please note the following:

icon_arrow.gif Analysis and research take some time, also sometimes real life gets in the way, please be patient.
icon_arrow.gif Limit your internet access to posting here, some infections just wait to steal typed-in passwords.
icon_arrow.gif Don't run any scripts or tools on your own, unsupervised usage may cause more harm than good.
icon_arrow.gif Paste the logs in your posts, attachments make my work harder and more complicated.
icon_arrow.gif Stay with me to the end, the absence of symtoms doesn't mean that your machine is fully operational.
icon_arrow.gif Note that we may live in totally different time zones, what may cause some delays between answers.

icon_idea.gif I can't foresee everything, so if anything unexpected happens, please stop and inform me!
icon_idea.gif There are no silly questions. Never be afraid to ask if in doubt!

Let's start and enjoy the fight! :)


FRST.gif Scan with Farbar Recovery Scan Tool

Please download Farbar Recovery Scan Tool and save it to your Desktop.

  • Right-click on FRST.gif icon and select RunAsAdmin.jpg Run as Administrator to start the tool.
    > XP users click run after receipt of Windows Security Warning - Open File.
    > 8 users will be prompted about Windows SmartScreen protection - click More information and Run.
  • When the tool opens click Yes to disclaimer.
  • Make sure that Addition option is checked.
  • Press Scan button and wait.
  • The tool will produce two logfiles on your desktop: FRST.txt and Addition.txt.

Please include their content in your next reply.


Radek Naathim Pawelczyk

Malware Removal Specialist

 

staff.png


#8 cer0

cer0
  • Topic Starter

  • Members
  • 26 posts
  • OFFLINE
  •  
  • Local time:06:45 AM

Posted 10 October 2014 - 03:24 PM

 

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 08-10-2014 01

Ran by nots0 (administrator) on NOTS0-PC on 10-10-2014 16:13:05
Running from C:\Users\nots0\Downloads
Loaded Profile: nots0 (Available profiles: nots0)
Platform: Microsoft Windows 7 Ultimate  Service Pack 1 (X86) OS Language: English (United States)
Internet Explorer Version 11
Boot Mode: Normal
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Brio) C:\Program Files\FolderSize\FolderSizeSvc.exe
(Malwarebytes Corporation) C:\Program Files\Malwarebytes Anti-Malware\mbamscheduler.exe
(Malwarebytes Corporation) C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe
(TuneUp Software) C:\Program Files\TuneUp Utilities 2014\TuneUpUtilitiesService32.exe
(Malwarebytes Corporation) C:\Program Files\Malwarebytes Anti-Malware\mbam.exe
(TuneUp Software) C:\Program Files\TuneUp Utilities 2014\TuneUpUtilitiesApp32.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(DT Soft Ltd) C:\Program Files\DAEMON Tools Pro\DTShellHlp.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\NisSrv.exe
(Blizzard Entertainment) C:\Program Files\World of Warcraft\Wow.exe
(Blizzard Entertainment) C:\Program Files\World of Warcraft\Utils\WowBrowserProxy.exe
(Microsoft Corporation) C:\Windows\System32\taskmgr.exe
() C:\Users\nots0\Downloads\RogueKiller.exe
(Foxit Corporation) C:\Program Files\Foxit Software\Foxit Advanced PDF Editor\Foxit Advanced PDF Editor.exe
(VideoLAN) C:\Program Files\VideoLAN\VLC\vlc.exe
(Softpointer Inc) C:\Program Files\TagRename\TagRename.exe
(Piriform Ltd) C:\Program Files\CCleaner\CCleaner.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Opera Software) C:\Program Files\Opera\21.0.1432.67\opera.exe
() C:\Program Files\Opera\21.0.1432.67\opera_crashreporter.exe
(Opera Software) C:\Program Files\Opera\21.0.1432.67\opera.exe
(Opera Software) C:\Program Files\Opera\21.0.1432.67\opera.exe
(Opera Software) C:\Program Files\Opera\21.0.1432.67\opera.exe
(Opera Software) C:\Program Files\Opera\21.0.1432.67\opera.exe
(Opera Software) C:\Program Files\Opera\21.0.1432.67\opera.exe
(Opera Software) C:\Program Files\Opera\21.0.1432.67\opera.exe
(Opera Software) C:\Program Files\Opera\21.0.1432.67\opera.exe
(Opera Software) C:\Program Files\Opera\21.0.1432.67\opera.exe
(Opera Software) C:\Program Files\Opera\21.0.1432.67\opera.exe
(Opera Software) C:\Program Files\Opera\21.0.1432.67\opera.exe
(Opera Software) C:\Program Files\Opera\21.0.1432.67\opera.exe
(Opera Software) C:\Program Files\Opera\21.0.1432.67\opera.exe
(Opera Software) C:\Program Files\Opera\21.0.1432.67\opera.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(Opera Software) C:\Program Files\Opera\21.0.1432.67\opera.exe
(Opera Software) C:\Program Files\Opera\21.0.1432.67\opera.exe
(Opera Software) C:\Program Files\Opera\21.0.1432.67\opera.exe
(Wokhan) C:\Users\nots0\Desktop\incoming\WFN_1.9.0\Notifier.exe
(Microsoft Corporation) C:\Windows\System32\prevhost.exe
 
 
==================== Registry (Whitelisted) ==================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [MSC] => c:\Program Files\Microsoft Security Client\msseces.exe [951576 2014-03-11] (Microsoft Corporation)
HKLM\...\Run: [Malwarebytes Anti-Exploit] => C:\Program Files\Malwarebytes Anti-Exploit\mbae.exe [443216 2014-08-26] (Malwarebytes Corporation)
HKLM\...\RunOnce: [Malwarebytes Anti-Malware (cleanup)] => C:\ProgramData\Malwarebytes\Malwarebytes Anti-Malware\mbamdor.exe [54072 2014-05-12] (Malwarebytes Corporation)
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0xF2D628CCF41CCE01
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.com
SearchScopes: HKLM - DefaultScope {17C35237-2C6F-452E-B85E-66267434CAB2} URL = 
BHO: Drop Pad Web Backup -> {25DA541F-6ACF-4052-A8AA-1D58284729C7} -> C:\Windows\system32\mscoree.dll (Microsoft Corporation)
BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation)
BHO: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office15\URLREDIR.DLL (Microsoft Corporation)
BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation)
BHO: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office\Office15\MSOSB.DLL (Microsoft Corporation)
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} -  No File
Winsock: Catalog5 09 C:\Program Files\Bonjour\mdnsNSP.dll [121704] (Apple Inc.)
Tcpip\Parameters: [DhcpNameServer] 75.75.75.75 75.75.76.76
 
FireFox:
========
FF ProfilePath: C:\Users\nots0\AppData\Roaming\Mozilla\Firefox\Profiles\tz0ans2l.default
FF Homepage: hxxp://www.google.com
FF NetworkProxy: "type", 0
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF32_15_0_0_152.dll ()
FF Plugin: @Apple.com/iTunes,version=1.0 -> C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin: @java.com/DTPlugin,version=10.51.2 -> C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.51.2 -> C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @microsoft.com/Lync,version=15.0 -> C:\Program Files\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll (Microsoft Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~1\MICROS~3\Office15\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin: @nvidia.com/3DVision -> C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF Plugin: @nvidia.com/3DVisionStreaming -> C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @videolan.org/vlc,version=2.1.0 -> C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect32.dll (Adobe Systems)
FF Plugin HKCU: ubisoft.com/uplaypc -> C:\Program Files\Ubisoft\Ubisoft Game Launcher\npuplaypc.dll (Ubisoft)
FF user.js: detected! => C:\Users\nots0\AppData\Roaming\Mozilla\Firefox\Profiles\tz0ans2l.default\user.js
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npMeetingJoinPluginOC.dll (Microsoft Corporation)
FF SearchPlugin: C:\Users\nots0\AppData\Roaming\Mozilla\Firefox\Profiles\tz0ans2l.default\searchplugins\google-ssl.xml
FF SearchPlugin: C:\Users\nots0\AppData\Roaming\Mozilla\Firefox\Profiles\tz0ans2l.default\searchplugins\yahoo_ff.xml
FF Extension: Ant Video Downloader - C:\Users\nots0\AppData\Roaming\Mozilla\Firefox\Profiles\tz0ans2l.default\Extensions\anttoolbar@ant.com [2014-08-02]
FF Extension: Flash Video Downloader - YouTube Full HD Download - C:\Users\nots0\AppData\Roaming\Mozilla\Firefox\Profiles\tz0ans2l.default\Extensions\artur.dubovoy@gmail.com [2014-07-31]
FF Extension: DoNotTrackMe: Online Privacy Protection - C:\Users\nots0\AppData\Roaming\Mozilla\Firefox\Profiles\tz0ans2l.default\Extensions\donottrackplus@abine.com [2014-07-10]
FF Extension: LastPass - C:\Users\nots0\AppData\Roaming\Mozilla\Firefox\Profiles\tz0ans2l.default\Extensions\support@lastpass.com [2014-08-22]
FF Extension: Flash and Video Download - C:\Users\nots0\AppData\Roaming\Mozilla\Firefox\Profiles\tz0ans2l.default\Extensions\{bee6eb20-01e0-ebd1-da83-080329fb9a3a} [2014-09-20]
FF Extension: Custom New Tab - C:\Users\nots0\AppData\Roaming\Mozilla\Firefox\Profiles\tz0ans2l.default\Extensions\CNT@ednovak.net.xpi [2014-04-05]
FF Extension: ImageBlock - C:\Users\nots0\AppData\Roaming\Mozilla\Firefox\Profiles\tz0ans2l.default\Extensions\imageblock@hemantvats.com.xpi [2013-09-28]
FF Extension: InstantFox - C:\Users\nots0\AppData\Roaming\Mozilla\Firefox\Profiles\tz0ans2l.default\Extensions\searchy@searchy.xpi [2013-03-09]
FF Extension: YouTube to MP3 - C:\Users\nots0\AppData\Roaming\Mozilla\Firefox\Profiles\tz0ans2l.default\Extensions\youtube2mp3@mondayx.de.xpi [2014-01-27]
FF Extension: Gmail S/MIME - C:\Users\nots0\AppData\Roaming\Mozilla\Firefox\Profiles\tz0ans2l.default\Extensions\{4c197c8f-a50f-4b49-a2d2-ed922c95612f}.xpi [2013-03-12]
FF Extension: Encrypted Communication - C:\Users\nots0\AppData\Roaming\Mozilla\Firefox\Profiles\tz0ans2l.default\Extensions\{52a7f893-d228-412e-9b28-bc61491462f6}.xpi [2013-03-12]
FF Extension: Quick Translator - C:\Users\nots0\AppData\Roaming\Mozilla\Firefox\Profiles\tz0ans2l.default\Extensions\{5C655500-E712-41e7-9349-CE462F844B19}.xpi [2013-12-08]
FF Extension: Downloads Window - C:\Users\nots0\AppData\Roaming\Mozilla\Firefox\Profiles\tz0ans2l.default\Extensions\{a7213cf2-fa1e-4373-88ff-255d0abd3020}.xpi [2014-01-27]
FF Extension: Adblock Plus - C:\Users\nots0\AppData\Roaming\Mozilla\Firefox\Profiles\tz0ans2l.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2014-04-25]
FF Extension: Google Privacy - C:\Users\nots0\AppData\Roaming\Mozilla\Firefox\Profiles\tz0ans2l.default\Extensions\{ea61041c-1e22-4400-99a0-aea461e69d04}.xpi [2013-03-12]
 
Chrome: 
=======
CHR Profile: C:\Users\nots0\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Docs) - C:\Users\nots0\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-04-17]
CHR Extension: (Google Drive) - C:\Users\nots0\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-04-17]
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\nots0\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-07-11]
CHR Extension: (YouTube) - C:\Users\nots0\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-04-17]
CHR Extension: (Google Search) - C:\Users\nots0\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-04-17]
CHR Extension: (Google Wallet) - C:\Users\nots0\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-04-17]
CHR Extension: (Gmail) - C:\Users\nots0\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-04-17]
 
========================== Services (Whitelisted) =================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 FolderSize; C:\Program Files\FolderSize\FolderSizeSvc.exe [114688 2013-02-13] (Brio) [File not signed]
S4 LiveUpdateSvc; C:\Program Files\IObit\LiveUpdate\LiveUpdate.exe [2151200 2013-12-03] (IObit)
S2 MbaeSvc; C:\Program Files\Malwarebytes Anti-Exploit\mbae-svc.exe [441144 2014-08-29] (Malwarebytes Corporation)
R2 MBAMScheduler; C:\Program Files\Malwarebytes Anti-Malware\mbamscheduler.exe [1809720 2014-05-12] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe [860472 2014-05-12] (Malwarebytes Corporation)
R2 MsMpSvc; C:\Program Files\Microsoft Security Client\MsMpEng.exe [22216 2014-03-11] (Microsoft Corporation)
R3 NisSrv; C:\Program Files\Microsoft Security Client\NisSrv.exe [279776 2014-03-11] (Microsoft Corporation)
S2 PP Assistant Service; C:\Program Files\PP助手2.0\adevicehelpersvr.exe [118496 2014-08-14] () [File not signed]
R2 Themes; C:\Windows\system32\themeservice.dll [37376 2014-01-27] (Microsoft Corporation) [File not signed]
R2 TuneUp.UtilitiesSvc; C:\Program Files\TuneUp Utilities 2014\TuneUpUtilitiesService32.exe [1774904 2014-04-15] (TuneUp Software)
 
==================== Drivers (Whitelisted) ====================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
R1 AsIO; C:\Windows\System32\drivers\AsIO.sys [11296 2009-08-04] ()
R1 dtsoftbus01; C:\Windows\System32\DRIVERS\dtsoftbus01.sys [242240 2013-03-09] (DT Soft Ltd)
R1 ESProtectionDriver; C:\Program Files\Malwarebytes Anti-Exploit\mbae.sys [47896 2014-08-30] ()
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [23256 2014-05-12] (Malwarebytes Corporation)
R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [110296 2014-10-09] (Malwarebytes Corporation)
R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [51928 2014-05-12] (Malwarebytes Corporation)
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [231960 2014-01-25] (Microsoft Corporation)
R1 MpKslb997da32; c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{5FDE2106-6FDB-4928-85C8-2A67ADDCEAC1}\MpKslb997da32.sys [39464 2014-10-09] (Microsoft Corporation)
R3 MTsensor; C:\Windows\System32\DRIVERS\ASACPI.sys [13216 2009-07-16] ()
U0 naexe; C:\Windows\System32\drivers\qxuljc.sys [52440 2014-10-03] (Malwarebytes Corporation)
S3 rkhdrv40; C:\Windows\system32\Drivers\rkhdrv40.sys [24448 2014-10-03] () [File not signed]
S3 taphss; C:\Windows\System32\DRIVERS\taphss.sys [33512 2012-07-24] (AnchorFree Inc)
S3 taphss6; C:\Windows\System32\DRIVERS\taphss6.sys [37064 2013-04-24] (Anchorfree Inc.)
U3 TrueSight; C:\Windows\System32\drivers\TrueSight.sys [34808 2014-10-09] ()
R3 TuneUpUtilitiesDrv; C:\Program Files\TuneUp Utilities 2014\TuneUpUtilitiesDriver32.sys [12320 2014-03-26] (TuneUp Software)
R3 VIAHdAudAddService; C:\Windows\System32\drivers\viahduaa.sys [1150880 2013-03-09] (VIA Technologies, Inc.)
R1 WinFLAdrv; C:\Windows\System32\WinFLAdrv.sys [29184 2013-03-10] ()
S1 AntiLog32; \??\C:\Windows\system32\drivers\AntiLog32.sys [X]
S3 catchme; \??\C:\Users\nots0\AppData\Local\Temp\catchme.sys [X]
S3 keycrypt; system32\DRIVERS\KeyCrypt32.sys [X]
S3 Synth3dVsc; System32\drivers\synth3dvsc.sys [X]
S3 tsusbhub; system32\drivers\tsusbhub.sys [X]
S3 VGPU; System32\drivers\rdvgkmd.sys [X]
U3 mbr; \??\C:\Users\nots0\AppData\Local\Temp\mbr.sys [X]
 
==================== NetSvcs (Whitelisted) ===================
 
 
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
 
 
==================== One Month Created Files and Folders ========
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2014-10-10 16:13 - 2014-10-10 16:13 - 00016459 _____ () C:\Users\nots0\Downloads\FRST.txt
2014-10-10 15:16 - 2014-10-10 16:12 - 01101312 _____ (Farbar) C:\Users\nots0\Downloads\FRST.exe
2014-10-10 14:39 - 2014-10-10 14:39 - 00114704 _____ () C:\Users\nots0\AppData\Local\GDIPFONTCACHEV1.DAT
2014-10-10 14:38 - 2014-10-10 16:13 - 00000000 ____D () C:\3590F75ABA9E485486C100C1A9D4FF06ZZZ..Z.....ZZZZZ
2014-10-10 13:20 - 2014-10-10 13:20 - 00000000 ____D () C:\Users\nots0\AppData\Roaming\Aspell
2014-10-09 23:25 - 2014-10-09 23:30 - 00000000 ____D () C:\Program Files\Malwarebytes Anti-Exploit
2014-10-09 23:25 - 2014-10-09 23:25 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Exploit
2014-10-09 23:25 - 2014-10-09 23:25 - 00000000 ____D () C:\ProgramData\Malwarebytes Anti-Exploit
2014-10-09 15:30 - 2014-10-09 15:47 - 00000000 ____D () C:\Users\nots0\Documents\iTools
2014-10-09 15:29 - 2014-10-09 15:29 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTools
2014-10-09 15:28 - 2014-10-09 15:29 - 04039920 _____ () C:\Users\nots0\Downloads\iToolsSetup_1.8.4.0.exe
2014-10-09 11:32 - 2010-05-07 01:48 - 00077824 _____ (Auto Debug System) C:\Users\nots0\Downloads\KillProcess.exe
2014-10-09 11:25 - 2014-10-09 11:25 - 00029281 _____ () C:\Users\nots0\Downloads\processkill(1).zip
2014-10-09 11:23 - 2014-10-09 11:23 - 00029281 _____ () C:\Users\nots0\Downloads\processkill.zip
2014-10-09 01:09 - 2014-10-09 01:09 - 00029696 _____ (Gibson Research Corp.) C:\Users\nots0\Downloads\dcombob.exe
2014-10-09 00:54 - 2014-10-09 00:54 - 01121208 _____ () C:\Users\nots0\Downloads\ProcessMonitor.zip
2014-10-09 00:42 - 2014-10-09 00:42 - 00000000 ____D () C:\Users\nots0\AppData\Local\Wokhan
2014-10-09 00:38 - 2014-10-09 00:38 - 00162566 _____ () C:\Users\nots0\Downloads\WFN_1.9.0.zip
2014-10-09 00:30 - 2014-10-09 00:52 - 39067648 _____ () C:\Users\nots0\Downloads\Metrik-Universal_Language-NHS262DD-WEB-2014-JUSTiFY.rar.part
2014-10-08 18:00 - 2014-10-08 18:00 - 00000000 ____D () C:\Users\nots0\AppData\Roaming\TradeSkillMaster
2014-10-08 17:56 - 2014-10-08 17:56 - 00000000 ____D () C:\Users\nots0\Desktop\TSMApplication
2014-10-08 17:55 - 2014-10-08 17:55 - 07668591 _____ () C:\Users\nots0\Downloads\TSMApplication.zip
2014-10-03 08:48 - 2014-10-03 08:48 - 00052440 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\qxuljc.sys
2014-10-03 04:30 - 2014-10-03 04:30 - 00024448 _____ () C:\Windows\system32\Drivers\rkhdrv40.sys
2014-10-03 04:30 - 2014-10-03 04:30 - 00000000 ____D () C:\Users\nots0\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Rootkit Unhooker
2014-10-02 23:21 - 2014-10-02 23:21 - 14349744 _____ (Malwarebytes Corp.) C:\Users\nots0\Downloads\mbar-1.07.0.1012.exe
2014-10-02 22:56 - 2014-10-02 22:56 - 00158300 _____ () C:\Users\nots0\Downloads\RkU37300505.zip
2014-10-02 22:54 - 2014-10-02 22:54 - 00050477 _____ () C:\Users\nots0\Downloads\Defogger.exe
2014-10-02 22:54 - 2014-10-02 22:54 - 00000552 _____ () C:\Users\nots0\Downloads\defogger_disable.log
2014-10-02 22:54 - 2014-10-02 22:54 - 00000166 _____ () C:\Users\nots0\defogger_reenable
2014-10-02 21:46 - 2014-10-02 22:05 - 00000000 ____D () C:\Users\nots0\AppData\Roaming\FreeFixer
2014-10-02 21:46 - 2014-10-02 21:54 - 00000000 ____D () C:\Users\nots0\AppData\Local\FreeFixer
2014-10-02 21:40 - 2014-10-09 15:32 - 00000000 ____D () C:\Program Files\FreeFixer
2014-10-02 21:40 - 2014-10-02 21:40 - 02666167 _____ (Kephyr) C:\Users\nots0\Downloads\freefixersetup.exe
2014-10-02 21:10 - 2014-10-02 21:11 - 111461616 _____ (Microsoft Corporation) C:\Users\nots0\Downloads\mpam-fe.exe
2014-10-02 21:03 - 2014-10-09 18:57 - 00023891 _____ () C:\Users\nots0\Desktop\attach.txt
2014-10-02 21:03 - 2014-10-09 18:57 - 00013165 _____ () C:\Users\nots0\Desktop\dds.txt
2014-10-02 21:00 - 2014-10-02 21:00 - 00688992 ____R (Swearware) C:\Users\nots0\Downloads\dds(1).scr
2014-10-02 20:59 - 2014-10-02 21:00 - 00688992 _____ (Swearware) C:\Users\nots0\Downloads\dds.scr
2014-10-02 05:48 - 2014-10-02 05:48 - 00006789 _____ () C:\Users\nots0\Downloads\hijackthis2.log
2014-10-02 04:14 - 2014-10-02 04:14 - 00380416 _____ () C:\Users\nots0\Downloads\i7tjqdjp.exe
2014-10-02 04:07 - 2014-10-02 04:07 - 00000000 ____D () C:\Users\nots0\AppData\Roaming\FixZeroAccess
2014-10-02 04:06 - 2014-10-02 04:07 - 01805736 _____ (Symantec Corporation) C:\Users\nots0\Downloads\FixZeroAccess.exe
2014-10-02 00:09 - 2014-10-02 00:10 - 00068690 _____ () C:\Users\nots0\Downloads\Result.txt
2014-10-02 00:08 - 2014-10-02 00:08 - 00401920 _____ (Farbar) C:\Users\nots0\Downloads\MiniToolBox.exe
2014-10-01 15:06 - 2014-10-01 15:06 - 00002141 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TuneUp Utilities 2014.lnk
2014-10-01 15:06 - 2014-04-15 15:59 - 00036664 _____ (TuneUp Software) C:\Windows\system32\TURegOpt.exe
2014-10-01 15:06 - 2014-04-15 15:59 - 00025400 _____ (TuneUp Software) C:\Windows\system32\authuitu.dll
2014-10-01 15:00 - 2014-10-01 15:00 - 00001004 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Total Uninstall 6.lnk
2014-10-01 14:16 - 2014-10-01 14:19 - 00000000 ___SD () C:\ComboFix
2014-10-01 14:13 - 2014-10-01 14:13 - 05582345 ____R (Swearware) C:\Users\nots0\Downloads\ComboFix.exe
2014-10-01 13:06 - 2014-10-01 13:06 - 00000218 _____ () C:\Users\nots0\AppData\Local\recently-used.xbel
2014-10-01 12:16 - 2014-10-01 13:06 - 00000000 ____D () C:\Users\nots0\.zenmap
2014-10-01 12:16 - 2014-10-01 12:16 - 00000000 ____D () C:\Users\nots0\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Nmap
2014-10-01 12:14 - 2014-10-01 12:16 - 00000000 ____D () C:\Program Files\Nmap
2014-10-01 12:13 - 2014-10-01 12:13 - 27111830 _____ (Insecure.org) C:\Users\nots0\Downloads\nmap-6.47-setup.exe
2014-10-01 11:21 - 2014-10-01 11:22 - 00065144 _____ () C:\Users\nots0\Downloads\Addition.txt
2014-10-01 11:19 - 2014-10-10 16:13 - 00000000 ____D () C:\FRST
2014-10-01 11:07 - 2014-10-01 12:03 - 00007227 _____ () C:\Users\nots0\Downloads\hijackthis.log
2014-10-01 11:01 - 2014-10-01 11:01 - 00388608 _____ (Trend Micro Inc.) C:\Users\nots0\Downloads\HijackThis.exe
2014-10-01 10:45 - 2014-10-01 12:27 - 00000055 _____ () C:\Users\nots0\Downloads\FixWelch.log
2014-10-01 10:44 - 2014-10-01 10:44 - 00175256 _____ (Symantec Corporation) C:\Users\nots0\Downloads\FixWelch.exe
2014-10-01 10:38 - 2014-10-09 23:01 - 00034808 _____ () C:\Windows\system32\Drivers\TrueSight.sys
2014-10-01 10:38 - 2014-10-01 10:38 - 00000000 ____D () C:\ProgramData\RogueKiller
2014-10-01 10:37 - 2014-10-01 10:42 - 183376808 _____ (BeyondTrust, Inc.) C:\Users\nots0\Downloads\RetinaNetworkCommunity_EN.exe
2014-10-01 10:31 - 2014-10-01 10:31 - 04893784 _____ () C:\Users\nots0\Downloads\RogueKiller.exe
2014-10-01 08:48 - 2014-10-01 15:06 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TuneUp Utilities 2014
2014-10-01 08:48 - 2014-10-01 15:06 - 00000000 ____D () C:\Program Files\TuneUp Utilities 2014
2014-10-01 08:48 - 2014-10-01 08:48 - 00000000 ____D () C:\Users\nots0\AppData\Local\TuneUp Software
2014-10-01 08:29 - 2014-10-01 08:29 - 00000000 ____D () C:\ProgramData\Martau
2014-10-01 08:28 - 2014-10-01 15:00 - 00000000 ____D () C:\Program Files\Total Uninstall 6
2014-10-01 08:16 - 2014-10-01 08:16 - 00347816 _____ (Microsoft Corporation) C:\Users\nots0\Downloads\MicrosoftFixit.ProgramInstallUninstall.MATSKB.Run(1).exe
2014-09-28 06:54 - 2014-09-28 06:54 - 00001571 _____ () C:\Users\Public\Desktop\sine mora.lnk
2014-09-28 06:53 - 2014-09-28 06:53 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Kalypso Media
2014-09-27 21:55 - 2014-09-27 21:55 - 00000000 ____D () C:\ProgramData\RELOADED
2014-09-27 20:52 - 2014-09-27 20:52 - 00001853 _____ () C:\Users\Public\Desktop\mark of the ninja.lnk
2014-09-27 20:52 - 2014-09-27 20:52 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Studios
2014-09-27 20:47 - 2014-09-27 20:47 - 00000587 _____ () C:\Users\Public\Desktop\torchlight 2.lnk
2014-09-27 20:35 - 2014-09-27 20:35 - 00001104 _____ () C:\Users\nots0\Desktop\dust an elysian tail.lnk
2014-09-27 16:45 - 2014-09-27 16:45 - 00000703 _____ () C:\Users\nots0\Desktop\metal slug.lnk
2014-09-27 16:44 - 2014-09-27 16:44 - 00000000 ____D () C:\Users\nots0\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\SNK PLAYMORE
2014-09-27 14:16 - 2014-09-27 14:16 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PP助手2.0
2014-09-27 14:16 - 2014-09-27 14:16 - 00000000 ____D () C:\Program Files\PP助手2.0
2014-09-27 14:15 - 2014-09-27 14:15 - 19521328 _____ (广州铁人网络科技有限公司) C:\Users\nots0\Downloads\ppsetup(1).exe
2014-09-27 14:05 - 2014-09-27 14:05 - 21933992 _____ () C:\Users\nots0\Downloads\Tongbu_Setup_2.19.2_zsgw.exe
2014-09-27 10:48 - 2014-09-27 10:48 - 00000000 ____D () C:\ProgramData\FaceOnBody2
2014-09-27 10:43 - 2014-09-27 10:45 - 00000000 ____D () C:\Program Files\FaceOnBody2
2014-09-27 10:43 - 2014-09-27 10:43 - 00000000 ____D () C:\Users\nots0\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\FaceOnBody2
2014-09-27 10:43 - 2014-09-27 10:43 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\FaceOnBody2
2014-09-26 23:21 - 2014-09-26 23:21 - 00402696 _____ () C:\Users\nots0\Downloads\setup(1).exe
2014-09-25 20:30 - 2014-09-25 20:30 - 00699016 _____ (CNET Download.com) C:\Users\nots0\Downloads\cbsidlm-cbsi213-Always_On_Top-SEO-10674027.exe
2014-09-24 21:02 - 2014-09-27 16:46 - 00000895 _____ () C:\Users\nots0\Desktop\btd 5.lnk
2014-09-24 21:01 - 2014-09-24 21:01 - 00000000 ____D () C:\Users\nots0\AppData\Roaming\com.ninjakiwi.BloonsTD5Deluxe
2014-09-24 21:00 - 2014-09-24 21:00 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Bloons TD 5 Deluxe
 
==================== One Month Modified Files and Folders =======
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2014-10-10 16:12 - 2014-03-18 09:57 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-10-10 14:02 - 2013-11-26 19:38 - 00000000 ____D () C:\Users\nots0\AppData\Roaming\Vso
2014-10-10 14:02 - 2013-11-26 19:38 - 00000000 ____D () C:\ProgramData\VSO
2014-10-10 14:02 - 2013-03-09 22:11 - 00000000 ____D () C:\Users\nots0\AppData\Roaming\DAEMON Tools Pro
2014-10-10 14:02 - 2013-03-09 14:36 - 00000000 ____D () C:\Users\nots0\AppData\Roaming\uTorrent
2014-10-10 14:00 - 2014-07-30 04:12 - 00000000 ____D () C:\Users\nots0\AppData\Local\CrashDumps
2014-10-10 13:17 - 2013-03-10 09:04 - 00000000 ____D () C:\Users\nots0\AppData\Roaming\vlc
2014-10-09 23:22 - 2013-07-12 13:37 - 00000000 ____D () C:\Users\nots0\My Books
2014-10-09 23:20 - 2013-06-29 14:41 - 00000000 ___RD () C:\Users\nots0\Desktop\incoming
2014-10-09 23:06 - 2014-07-06 06:33 - 00110296 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-10-09 20:46 - 2013-03-09 18:27 - 00000000 ____D () C:\Users\nots0\AppData\Local\Deployment
2014-10-09 20:39 - 2014-03-18 09:36 - 00000000 ____D () C:\Program Files\Bonjour
2014-10-09 15:45 - 2014-04-29 17:41 - 00000000 ____D () C:\Users\nots0\Documents\ihelper
2014-10-09 15:38 - 2013-05-08 19:49 - 00000000 ____D () C:\Windows\Minidump
2014-10-09 15:34 - 2014-06-27 10:23 - 00000000 ____D () C:\Program Files\Pidgin
2014-10-07 12:44 - 2013-03-09 14:28 - 00000000 ____D () C:\Users\nots0
2014-10-02 23:59 - 2013-03-23 22:14 - 00000000 ____D () C:\Program Files\World of Warcraft Public Test
2014-10-02 23:57 - 2014-04-06 19:10 - 00000000 ____D () C:\Users\nots0\AppData\Local\Battle.net
2014-10-02 23:57 - 2014-04-06 19:09 - 00000000 ____D () C:\Program Files\Battle.net
2014-10-02 23:33 - 2009-07-14 00:34 - 00010016 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-10-02 23:33 - 2009-07-14 00:34 - 00010016 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-10-02 23:28 - 2013-03-09 14:40 - 00000000 ____D () C:\ProgramData\NVIDIA
2014-10-02 23:28 - 2009-07-14 00:53 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-10-02 21:26 - 2014-03-13 12:00 - 00000000 ____D () C:\Program Files\Common Files\Skype
2014-10-01 15:15 - 2014-01-26 08:10 - 00000000 __SHD () C:\ProgramData\{FE8D473A-6F06-4F99-B5F4-BED72B2A038C}
2014-10-01 14:55 - 2013-05-06 00:36 - 00000000 ____D () C:\Windows\pss
2014-10-01 14:16 - 2014-02-25 16:18 - 00000000 ____D () C:\Qoobox
2014-10-01 13:53 - 2013-03-10 00:49 - 00000000 ____D () C:\Program Files\Microsoft Baseline Security Analyzer 2
2014-10-01 13:53 - 2009-07-13 22:37 - 00000000 ____D () C:\Windows\system32\wfp
2014-10-01 13:53 - 2009-07-13 22:37 - 00000000 ____D () C:\Windows\registration
2014-10-01 13:53 - 2009-07-13 22:37 - 00000000 ____D () C:\Windows\AppCompat
2014-10-01 13:52 - 2013-12-19 17:35 - 00000000 ____D () C:\ProgramData\Apple Computer
2014-10-01 13:52 - 2013-12-19 17:34 - 00000000 ____D () C:\Users\nots0\AppData\Local\Apple
2014-10-01 13:52 - 2013-12-19 17:34 - 00000000 ____D () C:\ProgramData\Apple
2014-09-30 08:29 - 2013-04-11 21:54 - 00000000 ____D () C:\Program Files\Mozilla Maintenance Service
2014-09-28 09:05 - 2013-03-14 15:57 - 00000000 ____D () C:\Users\nots0\AppData\Roaming\mIRC
2014-09-28 06:50 - 2013-05-22 12:52 - 00000000 ____D () C:\Games
2014-09-27 21:55 - 2013-06-19 16:28 - 00000000 ____D () C:\Users\nots0\Documents\My Games
2014-09-27 20:56 - 2013-09-14 20:48 - 00000000 ____D () C:\Users\nots0\AppData\Local\SKIDROW
2014-09-27 14:08 - 2014-08-26 17:52 - 00000000 ____D () C:\Users\nots0\Documents\Tongbu
2014-09-27 10:50 - 2014-03-31 14:08 - 00000000 ____D () C:\Program Files\Mozilla Firefox
2014-09-24 11:01 - 2013-03-09 14:44 - 00701104 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe
2014-09-24 11:01 - 2013-03-09 14:44 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl
2014-09-19 21:36 - 2014-08-08 15:28 - 00000000 ____D () C:\Users\nots0\AppData\Roaming\.minecraft
2014-09-15 09:06 - 2013-03-09 14:47 - 00231568 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe
 
Files to move or delete:
====================
C:\ProgramData\win_mpwd_sys.dat
 
 
==================== Bamital & volsnap Check =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed
 
 
LastRegBack: 2014-10-06 13:32
 
==================== End Of Log ============================

 

 

 

 

Additional scan result of Farbar Recovery Scan Tool (x86) Version: 08-10-2014 01

Ran by nots0 at 2014-10-10 16:14:08
Running from C:\Users\nots0\Downloads
Boot Mode: Normal
==========================================================
 
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
AV: Microsoft Security Essentials (Enabled - Up to date) {641105E6-77ED-3F35-A304-765193BCB75F}
AS: Windows Defender (Disabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Microsoft Security Essentials (Enabled - Up to date) {DF70E402-51D7-30BB-99B4-4D23E83BFDE2}
 
==================== Installed Programs ======================
 
(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
µTorrent (HKCU\...\uTorrent) (Version: 3.4.2.32354 - BitTorrent Inc.)
Adobe AIR (HKLM\...\Adobe AIR) (Version: 3.1.0.4880 - Adobe Systems Incorporated)
Adobe AIR (Version: 3.1.0.4880 - Adobe Systems Incorporated) Hidden
Adobe Dreamweaver CC (HKLM\...\{00E094E1-A852-11E2-803D-ACEA632352B4}) (Version: 13 - Adobe Systems Incorporated)
Adobe Fireworks CS6 (HKLM\...\{CA7C485C-7A89-11E1-B2C8-CD54B377BC52}) (Version: 12.0.0 - Adobe Systems Incorporated)
Adobe Flash Player 15 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 15.0.0.167 - Adobe Systems Incorporated)
Adobe Flash Player 15 Plugin (HKLM\...\Adobe Flash Player Plugin) (Version: 15.0.0.152 - Adobe Systems Incorporated)
Adobe Photoshop CC (HKLM\...\{2D99B50E-431D-4AA8-85C1-172A6F8BCF09}) (Version: 14.0 - Adobe Systems Incorporated)
Adobe Update Management Tool (HKLM\...\{534A7A1A-7102-4AF6-23EA-7CD279C7B625}_is1) (Version: 6.2 - PainteR)
Adobe Widget Browser (HKLM\...\com.adobe.WidgetBrowser) (Version: 2.0 Build 348 - Adobe Systems Incorporated.)
Adobe Widget Browser (Version: 2.0.348 - Adobe Systems Incorporated.) Hidden
Angry Birds Star Wars II 1.0.4 (HKLM\...\Angry Birds Star Wars II 1.0.4) (Version: 1.0.4 - Cat-A-Cat)
Apple Application Support (HKLM\...\{AAC5D43E-816D-4C2D-8E51-55FFF35BE301}) (Version: 3.0.1 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{18D47FA1-0440-48D3-A7E0-DA09537FF471}) (Version: 7.1.1.3 - Apple Inc.)
Apple Software Update (HKLM\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
Battle.net (HKLM\...\Battle.net) (Version:  - Blizzard Entertainment)
Better File Rename 5.44 (HKLM\...\Better File Rename_is1) (Version:  - publicspace.net)
Bloons TD 5 Deluxe version 1.21 (HKLM\...\Bloons TD 5 Deluxe_is1) (Version: 1.21 - )
CCleaner (HKLM\...\CCleaner) (Version: 4.13 - Piriform)
D3DX10 (Version: 15.4.2368.0902 - Microsoft) Hidden
DAEMON Tools Pro (HKLM\...\DAEMON Tools Pro) (Version: 5.2.0.0348 - DT Soft Ltd)
Definition Update for Microsoft Office 2013 (KB2760587) 32-Bit Edition (HKLM\...\{90150000-0011-0000-0000-0000000FF1CE}_Office15.PROPLUS_{9D8D67FD-8FAB-4B98-A121-4CFA10380058}) (Version:  - Microsoft)
Diablo III (HKLM\...\Diablo III) (Version:  - Blizzard Entertainment)
Dust: An Elysian Tail (HKLM\...\Dust: An Elysian Tail_is1) (Version:  - Microsoft Studios)
Folder Size (HKLM\...\{FC8D21C8-7B29-4104-ADB0-FEE9CA1C7922}) (Version: 2.6 - Brio)
Foxit Advanced PDF Editor 3 (HKLM\...\B521582C-6BE3-491D-BCC8-FFB8301298E9_is1) (Version: 3.0.5.0 - Foxit Corporation)
Ghostbuster (HKCU\...\585841693e8401e3) (Version: 1.0.0.0 - Ghostbuster)
Google Chrome (HKLM\...\Google Chrome) (Version: 37.0.2062.124 - Google Inc.)
Google Update Helper (Version: 1.3.23.9 - Google Inc.) Hidden
ImgBurn (HKLM\...\ImgBurn) (Version: 2.5.7.0 - LIGHTNING UK!)
iTunes (HKLM\...\{2F21564D-DE05-4C6D-B21E-08B9D313FAB3}) (Version: 11.1.5.5 - Apple Inc.)
Java 7 Update 51 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F83217025FF}) (Version: 7.0.510 - Oracle)
Java Auto Updater (Version: 2.1.9.8 - Sun Microsystems, Inc.) Hidden
MakeTorrent v2.1 (HKLM\...\MakeTorrent 2) (Version:  - )
Malwarebytes Anti-Exploit version 1.04.1.1012 (HKLM\...\Malwarebytes Anti-Exploit_is1) (Version: 1.04.1.1012 - Malwarebytes)
Malwarebytes Anti-Malware version 2.0.2.1012 (HKLM\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.2.1012 - Malwarebytes Corporation)
Mark of the Ninja Special Edition (HKLM\...\Mark of the Ninja Special Edition_is1) (Version:  - )
Metal Slug Complete PC 1.0 (HKLM\...\Metal Slug Complete PC) (Version: 1.0 - SNK PLAYMORE)
Microsoft .NET Framework 4.5 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50709 - Microsoft Corporation)
Microsoft .NET Framework 4.5 (Version: 4.5.50709 - Microsoft Corporation) Hidden
Microsoft Access MUI (English) 2013 (Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
Microsoft Access Setup Metadata MUI (English) 2013 (Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
Microsoft Application Error Reporting (Version: 12.0.6012.5000 - Microsoft Corporation) Hidden
Microsoft Baseline Security Analyzer 2.2 (HKLM\...\{13CD417D-F1F1-4AC4-945D-FDDEB884756F}) (Version: 2.2.2170 - Microsoft Corporation)
Microsoft DCF MUI (English) 2013 (Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
Microsoft Excel MUI (English) 2013 (Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
Microsoft Games for Windows - LIVE Redistributable (HKLM\...\{8FB1B528-E260-451E-9B55-E9152F94B80B}) (Version: 3.2.3.0 - Microsoft Corporation)
Microsoft Groove MUI (English) 2013 (Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
Microsoft InfoPath MUI (English) 2013 (Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
Microsoft Lync MUI (English) 2013 (Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
Microsoft Mouse and Keyboard Center (HKLM\...\Microsoft Mouse and Keyboard Center) (Version: 2.2.173.0 - Microsoft Corporation)
Microsoft Mouse and Keyboard Center (Version: 2.2.173.0 - Microsoft Corporation) Hidden
Microsoft Office OSM MUI (English) 2013 (Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
Microsoft Office OSM UX MUI (English) 2013 (Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
Microsoft Office Professional Plus 2013 (HKLM\...\Office15.PROPLUS) (Version: 15.0.4569.1506 - Microsoft Corporation)
Microsoft Office Professional Plus 2013 (Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
Microsoft Office Proofing (English) 2013 (Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
Microsoft Office Proofing Tools 2013 - English (Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
Microsoft Office Proofing Tools 2013 - Español (Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
Microsoft Office Shared MUI (English) 2013 (Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
Microsoft Office Shared Setup Metadata MUI (English) 2013 (Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
Microsoft OneNote MUI (English) 2013 (Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
Microsoft Outlook MUI (English) 2013 (Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
Microsoft PowerPoint MUI (English) 2013 (Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
Microsoft Publisher MUI (English) 2013 (Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
Microsoft Report Viewer Redistributable 2005 (HKLM\...\Microsoft Report Viewer Redistributable 2005) (Version:  - Microsoft Corporation)
Microsoft Report Viewer Redistributable 2005 (Version: 8.0.56405 - Microsoft Corporation) Hidden
Microsoft Security Client (Version: 4.5.0216.0 - Microsoft Corporation) Hidden
Microsoft Security Essentials (HKLM\...\Microsoft Security Client) (Version: 4.5.216.0 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30214.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005 (HKLM\...\{ce085a78-074e-4823-8dc1-8a721b94b76d}) (Version: 12.0.21005.1 - Microsoft Corporation)
Microsoft Visual C++ 2013 x86 Additional Runtime - 12.0.21005 (Version: 12.0.21005 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2013 x86 Minimum Runtime - 12.0.21005 (Version: 12.0.21005 - Microsoft Corporation) Hidden
Microsoft Word MUI (English) 2013 (Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
Minecraft1.7.2 (HKLM\...\Minecraft1.7.2) (Version:  - )
Movie Maker (Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Mozilla Firefox 32.0.3 (x86 en-US) (HKLM\...\Mozilla Firefox 32.0.3 (x86 en-US)) (Version: 32.0.3 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 30.0 - Mozilla)
MSVCRT (Version: 15.4.2862.0708 - Microsoft) Hidden
MSVCRT110 (Version: 16.4.1108.0727 - Microsoft) Hidden
MSXML 4.0 SP2 (KB954430) (HKLM\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
Nmap 6.47 (HKLM\...\Nmap) (Version:  - )
NVIDIA 3D Vision Driver 335.23 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 335.23 - NVIDIA Corporation)
NVIDIA Control Panel 335.23 (Version: 335.23 - NVIDIA Corporation) Hidden
NVIDIA Graphics Driver 335.23 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 335.23 - NVIDIA Corporation)
NVIDIA Install Application (Version: 2.1002.147.1067 - NVIDIA Corporation) Hidden
NVIDIA Stereoscopic 3D Driver (Version: 7.17.13.3523 - NVIDIA Corporation) Hidden
Opera Stable 21.0.1432.67 (HKLM\...\Opera 21.0.1432.67) (Version: 21.0.1432.67 - Opera Software ASA)
Outils de vérification linguistique 2013 de Microsoft Office - Français (Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
PDF Settings CC (Version: 12.0 - Adobe Systems Incorporated) Hidden
Photo Gallery (Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Platform (Version: 1.34 - VIA Technologies, Inc.) Hidden
PP助手2.0 (HKLM\...\PP助手2.0 Win版) (Version: 2.2.1.4268 - 广州铁人网络科技有限公司)
Project64 1.6 (HKLM\...\{9559F7CA-5E34-4237-A2D9-D856464AD727}) (Version: 1.6 - Project64)
QuickPar 0.9 (HKLM\...\QuickPar) (Version: 0.9 - Peter B. Clements)
Service Pack 1 for Microsoft Office 2013 (KB2850036) 32-Bit Edition (HKLM\...\{90150000-0011-0000-0000-0000000FF1CE}_Office15.PROPLUS_{7F6C4883-A18C-459A-82C1-A2F9403F2DA6}) (Version:  - Microsoft)
Service Pack 1 for Microsoft Office 2013 (KB2850036) 32-Bit Edition (Version:  - Microsoft) Hidden
Sesame Street - Learn, Play & Grow (HKLM\...\{33785AE7-2203-4D93-B6B3-35B7CC3C4906}) (Version: 1.0.2.2 - Nova Development)
Shovel Knight (HKLM\...\1207664823_is1) (Version: 2.3.0.9 - GOG.com)
Sine Mora (HKLM\...\Sine Mora_is1) (Version:  - )
Skype™ 6.14 (HKLM\...\{7A3C7E05-EE37-47D6-99E1-2EB05A3DA3F7}) (Version: 6.14.104 - Skype Technologies S.A.)
SpongeBob SquarePants Typing version 1.0 (HKLM\...\{C57EA3D6-3B9F-4369-8231-53990AE74510}_is1) (Version: 1.0 - Encore Software)
Subway Surfers 1.0 (HKLM\...\Subway Surfers 1.0) (Version: 1.0 - Cat-A-Cat)
Tag&Rename 3.6.6 (HKLM\...\Tag&Rename_is1) (Version: 3.6.6 - Softpointer Inc)
TopMost (HKLM\...\{EC11C41E-536B-4B39-BB35-812728C0218E}) (Version: 1.0.0 - Alon Kadury)
Torchlight II © Runic Games version 1 (HKLM\...\Torchlight II © Runic Games_is1) (Version: 1 - )
Total Uninstall 6.2.1 (HKLM\...\Total Uninstall 6_is1) (Version: 6.2.1 - Gavrila Martau)
TuneUp Utilities 2014 (en-US) (Version: 14.0.1000.296 - TuneUp Software) Hidden
TuneUp Utilities 2014 (HKLM\...\TuneUp Utilities) (Version: 14.0.1000.296 - TuneUp Software)
TuneUp Utilities 2014 (Version: 14.0.1000.296 - TuneUp Software) Hidden
TuneUp Utilities Language Pack (en-US) (Version: 13.0.2013.194 - TuneUp Software) Hidden
Update for Microsoft Excel 2013 (KB2752087) 32-Bit Edition (HKLM\...\{90150000-0011-0000-0000-0000000FF1CE}_Office15.PROPLUS_{90060D4D-6BB2-4B29-B804-3C23563EEA6B}) (Version:  - Microsoft)
Update for Microsoft Excel 2013 (KB2752087) 32-Bit Edition (HKLM\...\{90150000-0016-0409-0000-0000000FF1CE}_Office15.PROPLUS_{90060D4D-6BB2-4B29-B804-3C23563EEA6B}) (Version:  - Microsoft)
Update for Microsoft Excel 2013 (KB2752087) 32-Bit Edition (HKLM\...\{90150000-0018-0409-0000-0000000FF1CE}_Office15.PROPLUS_{90060D4D-6BB2-4B29-B804-3C23563EEA6B}) (Version:  - Microsoft)
Update for Microsoft Excel 2013 (KB2752087) 32-Bit Edition (HKLM\...\{90150000-001B-0409-0000-0000000FF1CE}_Office15.PROPLUS_{90060D4D-6BB2-4B29-B804-3C23563EEA6B}) (Version:  - Microsoft)
Update for Microsoft Lync 2013 (KB2817678) 32-Bit Edition (HKLM\...\{90150000-012B-0409-0000-0000000FF1CE}_Office15.PROPLUS_{AC57CF13-C24E-4C00-969F-5394DAE589C5}) (Version:  - Microsoft)
Update for Microsoft Lync 2013 (KB2863908) 32-Bit Edition (HKLM\...\{90150000-0011-0000-0000-0000000FF1CE}_Office15.PROPLUS_{6764E50D-D076-41BC-B069-08DD488AE88B}) (Version:  - Microsoft)
Update for Microsoft Lync 2013 (KB2863908) 32-Bit Edition (HKLM\...\{90150000-012B-0409-0000-0000000FF1CE}_Office15.PROPLUS_{E9F5EDF4-654C-40A3-8181-D558AD8EFFE6}) (Version:  - Microsoft)
Update for Microsoft Office 2013 (KB2760344) 32-Bit Edition (HKLM\...\{90150000-0011-0000-0000-0000000FF1CE}_Office15.PROPLUS_{A7610F07-E844-4444-8E1D-D5BC8AD0B4C5}) (Version:  - Microsoft)
Update for Microsoft Office 2013 (KB2760544) 32-Bit Edition (HKLM\...\{90150000-0011-0000-0000-0000000FF1CE}_Office15.PROPLUS_{45B7D395-EB9B-414F-9E46-5849B42326E2}) (Version:  - Microsoft)
Update for Microsoft Office 2013 (KB2768012) 32-Bit Edition (HKLM\...\{90150000-0011-0000-0000-0000000FF1CE}_Office15.PROPLUS_{66421820-D3CA-450A-898C-78D7E40108E6}) (Version:  - Microsoft)
Update for Microsoft Office 2013 (KB2817636) 32-Bit Edition (HKLM\...\{90150000-0011-0000-0000-0000000FF1CE}_Office15.PROPLUS_{2D355F71-076A-42AD-8747-6132105441F4}) (Version:  - Microsoft)
Update for Microsoft Office 2013 (KB2817636) 32-Bit Edition (HKLM\...\{90150000-006E-0409-0000-0000000FF1CE}_Office15.PROPLUS_{2D355F71-076A-42AD-8747-6132105441F4}) (Version:  - Microsoft)
Update for Microsoft Office 2013 (KB2825631) 32-Bit Edition (HKLM\...\{90150000-0011-0000-0000-0000000FF1CE}_Office15.PROPLUS_{E458713D-E208-4098-A155-EA1152F9B301}) (Version:  - Microsoft)
Update for Microsoft Office 2013 (KB2825631) 32-Bit Edition (HKLM\...\{90150000-006E-0409-0000-0000000FF1CE}_Office15.PROPLUS_{E458713D-E208-4098-A155-EA1152F9B301}) (Version:  - Microsoft)
Update for Microsoft Office 2013 (KB2827272) 32-Bit Edition (HKLM\...\{90150000-0011-0000-0000-0000000FF1CE}_Office15.PROPLUS_{5A645CF3-3C40-4172-BCEB-19E3FC855266}) (Version:  - Microsoft)
Update for Microsoft Office 2013 (KB2827272) 32-Bit Edition (HKLM\...\{90150000-0016-0409-0000-0000000FF1CE}_Office15.PROPLUS_{5A645CF3-3C40-4172-BCEB-19E3FC855266}) (Version:  - Microsoft)
Update for Microsoft Office 2013 (KB2827272) 32-Bit Edition (HKLM\...\{90150000-0090-0409-0000-0000000FF1CE}_Office15.PROPLUS_{5A645CF3-3C40-4172-BCEB-19E3FC855266}) (Version:  - Microsoft)
Update for Microsoft Office 2013 (KB2863825) 32-Bit Edition (HKLM\...\{90150000-0011-0000-0000-0000000FF1CE}_Office15.PROPLUS_{96754DD8-5AF9-4CF8-A5A9-19770CD9AFBC}) (Version:  - Microsoft)
Update for Microsoft Office 2013 (KB2863843) 32-Bit Edition (HKLM\...\{90150000-0011-0000-0000-0000000FF1CE}_Office15.PROPLUS_{AD7045B8-1D75-4B4C-8120-12F045D206C7}) (Version:  - Microsoft)
Update for Microsoft Office 2013 (KB2863844) 32-Bit Edition (HKLM\...\{90150000-0011-0000-0000-0000000FF1CE}_Office15.PROPLUS_{8AEAF88E-A488-4C1E-B10D-F00143BA650F}) (Version:  - Microsoft)
Update for Microsoft Office 2013 (KB2863860) 32-Bit Edition (HKLM\...\{90150000-0011-0000-0000-0000000FF1CE}_Office15.PROPLUS_{4E47A3B9-D863-4CE7-9488-847F2981361B}) (Version:  - Microsoft)
Update for Microsoft OneDrive for Business (KB2863864) 32-Bit Edition (HKLM\...\{90150000-0011-0000-0000-0000000FF1CE}_Office15.PROPLUS_{48D4C003-065C-460C-A864-BB18A159F3D6}) (Version:  - Microsoft)
Update for Microsoft OneDrive for Business (KB2863864) 32-Bit Edition (HKLM\...\{90150000-00BA-0409-0000-0000000FF1CE}_Office15.PROPLUS_{48D4C003-065C-460C-A864-BB18A159F3D6}) (Version:  - Microsoft)
Update for Microsoft OneNote 2013 (KB2817628) 32-Bit Edition (HKLM\...\{90150000-0011-0000-0000-0000000FF1CE}_Office15.PROPLUS_{DF36A224-4C72-4FF4-9961-CD4873DDAE6C}) (Version:  - Microsoft)
Update for Microsoft OneNote 2013 (KB2817628) 32-Bit Edition (HKLM\...\{90150000-00A1-0409-0000-0000000FF1CE}_Office15.PROPLUS_{DF36A224-4C72-4FF4-9961-CD4873DDAE6C}) (Version:  - Microsoft)
Update for Microsoft Outlook 2013 (KB2863911) 32-Bit Edition (HKLM\...\{90150000-0011-0000-0000-0000000FF1CE}_Office15.PROPLUS_{6022B459-32A4-4318-A9A4-815C0BCEF977}) (Version:  - Microsoft)
Update for Microsoft Outlook 2013 (KB2863911) 32-Bit Edition (HKLM\...\{90150000-001A-0409-0000-0000000FF1CE}_Office15.PROPLUS_{84AA6F34-E9B5-46EC-BFE6-AFB45509AF40}) (Version:  - Microsoft)
Update for Microsoft PowerPoint 2013 (KB2837627) 32-Bit Edition (HKLM\...\{90150000-0011-0000-0000-0000000FF1CE}_Office15.PROPLUS_{CA8215E2-4E68-4BCA-BBEB-D4ED8140F037}) (Version:  - Microsoft)
Update for Microsoft PowerPoint 2013 (KB2837627) 32-Bit Edition (HKLM\...\{90150000-0018-0409-0000-0000000FF1CE}_Office15.PROPLUS_{CA8215E2-4E68-4BCA-BBEB-D4ED8140F037}) (Version:  - Microsoft)
Update for Microsoft Visio Viewer 2013 (KB2817301) 32-Bit Edition (HKLM\...\{90150000-0011-0000-0000-0000000FF1CE}_Office15.PROPLUS_{25C61889-2E44-4BE1-9E96-9364BFDCF501}) (Version:  - Microsoft)
Update for Microsoft Visio Viewer 2013 (KB2817301) 32-Bit Edition (HKLM\...\{90150000-006E-0409-0000-0000000FF1CE}_Office15.PROPLUS_{25C61889-2E44-4BE1-9E96-9364BFDCF501}) (Version:  - Microsoft)
Update for Microsoft Word 2013 (KB2863909) 32-Bit Edition (HKLM\...\{90150000-0011-0000-0000-0000000FF1CE}_Office15.PROPLUS_{FF3BD143-BA46-4948-A71F-5B07AA1706BB}) (Version:  - Microsoft)
Uplay (HKLM\...\Uplay) (Version: 2.0 - Ubisoft)
Ventrilo Client (HKLM\...\{789289CA-F73A-4A16-A331-54D498CE069F}) (Version: 3.0.8 - Flagship Industries, Inc.)
VIA Platform Device Manager (HKLM\...\InstallShield_{20D4A895-748C-4D88-871C-FDB1695B0169}) (Version: 1.34 - VIA Technologies, Inc.)
VirtualDUB Pack (HKLM\...\VirtualDUB Pack) (Version:  - )
VLC media player 2.1.0 (HKLM\...\VLC media player) (Version: 2.1.0 - VideoLAN)
VSO ConvertXToDVD (HKLM\...\{CE1F93C0-4353-4C9D-84DA-AB4E7C63ED32}_is1) (Version: 5.0.0.74 - VSO Software)
Winamp (HKLM\...\Winamp) (Version: 5.666  - Nullsoft, Inc)
Window Hide Tool 2.0 (HKLM\...\Window Hide Tool_is1) (Version:  - FOMINE SOFTWARE)
Windows 7 USB/DVD Download Tool (HKLM\...\{3577E42B-3347-4EB8-BFDA-D36E8ED3C519}) (Version: 1.0.24.0 - Microsoft Corporation)
Windows Live Communications Platform (Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Windows Live ID Sign-in Assistant (Version: 7.250.4311.0 - Microsoft Corporation) Hidden
Windows Live Installer (Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Windows Live Photo Common (Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Windows Live PIMT Platform (Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Windows Live SOXE (Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Windows Live SOXE Definitions (Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Windows Live UX Platform (Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Windows Live UX Platform Language Pack (Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Windows Mobile Device Updater Component (Version: 04.08.2345.00 - Microsoft Corporation) Hidden
WinRAR 4.20 (32-bit) (HKLM\...\WinRAR archiver) (Version: 4.20.0 - win.rar GmbH)
World of Warcraft (HKLM\...\World of Warcraft) (Version:  - Blizzard Entertainment)
World of Warcraft Public Test (HKLM\...\World of Warcraft Public Test) (Version:  - Blizzard Entertainment)
Xilisoft iPhone Ringtone Maker (HKLM\...\Xilisoft iPhone Ringtone Maker) (Version: 3.0.6.20120613 - Xilisoft)
Xvid Video Codec (HKLM\...\Xvid Video Codec 1.3.2) (Version: 1.3.2 - Xvid Team)
YTD Toolbar v9.0 (HKLM\...\{9D47532D-59B3-4E15-8069-2E3FC4DA3E92}) (Version: 9.0 - Spigot, Inc.) <==== ATTENTION
YTD Video Downloader 4.8 (HKLM\...\{1a413f37-ed88-4fec-9666-5c48dc4b7bb7}) (Version: 4.8 - GreenTree Applications SRL)
Zune (HKLM\...\Zune) (Version: 04.08.2345.00 - Microsoft Corporation)
Zune (Version: 04.08.2345.00 - Microsoft Corporation) Hidden
Zune Language Pack (CHS) (Version: 04.08.2345.00 - Microsoft Corporation) Hidden
Zune Language Pack (CHT) (Version: 04.08.2345.00 - Microsoft Corporation) Hidden
Zune Language Pack (CSY) (Version: 04.08.2345.00 - Microsoft Corporation) Hidden
Zune Language Pack (DAN) (Version: 04.08.2345.00 - Microsoft Corporation) Hidden
Zune Language Pack (DEU) (Version: 04.08.2345.00 - Microsoft Corporation) Hidden
Zune Language Pack (ELL) (Version: 04.08.2345.00 - Microsoft Corporation) Hidden
Zune Language Pack (ESP) (Version: 04.08.2345.00 - Microsoft Corporation) Hidden
Zune Language Pack (FIN) (Version: 04.08.2345.00 - Microsoft Corporation) Hidden
Zune Language Pack (FRA) (Version: 04.08.2345.00 - Microsoft Corporation) Hidden
Zune Language Pack (HUN) (Version: 04.08.2345.00 - Microsoft Corporation) Hidden
Zune Language Pack (IND) (Version: 04.08.2345.00 - Microsoft Corporation) Hidden
Zune Language Pack (ITA) (Version: 04.08.2345.00 - Microsoft Corporation) Hidden
Zune Language Pack (JPN) (Version: 04.08.2345.00 - Microsoft Corporation) Hidden
Zune Language Pack (KOR) (Version: 04.08.2345.00 - Microsoft Corporation) Hidden
Zune Language Pack (MSL) (Version: 04.08.2345.00 - Microsoft Corporation) Hidden
Zune Language Pack (NLD) (Version: 04.08.2345.00 - Microsoft Corporation) Hidden
Zune Language Pack (NOR) (Version: 04.08.2345.00 - Microsoft Corporation) Hidden
Zune Language Pack (PLK) (Version: 04.08.2345.00 - Microsoft Corporation) Hidden
Zune Language Pack (PTB) (Version: 04.08.2345.00 - Microsoft Corporation) Hidden
Zune Language Pack (PTG) (Version: 04.08.2345.00 - Microsoft Corporation) Hidden
Zune Language Pack (RUS) (Version: 04.08.2345.00 - Microsoft Corporation) Hidden
Zune Language Pack (SVE) (Version: 04.08.2345.00 - Microsoft Corporation) Hidden
 
==================== Custom CLSID (selected items): ==========================
 
(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)
 
CustomCLSID: HKU\S-1-5-21-2709076479-299211639-3247174901-1000_Classes\CLSID\{006a54e5-f216-42b7-aab2-d8fc515c9cec}\InprocServer32 -> C:\Windows\system32\dfshim.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-2709076479-299211639-3247174901-1000_Classes\CLSID\{03bb1944-9f5c-4a4b-944e-13d04065dd89}\InprocServer32 -> C:\Windows\system32\dfshim.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-2709076479-299211639-3247174901-1000_Classes\CLSID\{04a5907b-4487-41c1-aab6-2b151d7e0445}\InprocServer32 -> C:\Windows\system32\dfshim.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-2709076479-299211639-3247174901-1000_Classes\CLSID\{083f5ae0-2b0a-11dd-bd0b-0800200c9a66}\InprocServer32 -> C:\Windows\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-2709076479-299211639-3247174901-1000_Classes\CLSID\{0a7197a2-c054-4489-b3d9-14a4d7899ac2}\InprocServer32 -> C:\Windows\system32\dfshim.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-2709076479-299211639-3247174901-1000_Classes\CLSID\{0c03a24f-e0ae-49d6-bd33-3b0f1b76abd1}\InprocServer32 -> C:\Windows\system32\dfshim.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-2709076479-299211639-3247174901-1000_Classes\CLSID\{0e3dd277-8f99-4c79-98a9-daab888bbded}\InprocServer32 -> C:\Windows\system32\dfshim.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-2709076479-299211639-3247174901-1000_Classes\CLSID\{10417cbf-0903-413f-941d-bdbb8e733bbc}\InprocServer32 -> C:\Windows\system32\dfshim.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-2709076479-299211639-3247174901-1000_Classes\CLSID\{11ee3f03-d4fb-4464-be4e-2714141969cc}\InprocServer32 -> C:\Windows\system32\dfshim.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-2709076479-299211639-3247174901-1000_Classes\CLSID\{1c492e6a-2803-5ed7-83e1-1b1d4d41eb39}\InprocServer32 -> C:\Program Files\Ubisoft\Ubisoft Game Launcher\npuplaypc.dll (Ubisoft)
CustomCLSID: HKU\S-1-5-21-2709076479-299211639-3247174901-1000_Classes\CLSID\{1d092695-9610-4a8e-b14f-25036476e9e5}\InprocServer32 -> C:\Windows\system32\dfshim.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-2709076479-299211639-3247174901-1000_Classes\CLSID\{2be61b4e-1566-4c71-a117-99c9c85ef2a0}\InprocServer32 -> C:\Windows\system32\dfshim.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-2709076479-299211639-3247174901-1000_Classes\CLSID\{2fbe8a6b-18b8-45d3-9bcb-3e5f4397c665}\InprocServer32 -> C:\Windows\system32\dfshim.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-2709076479-299211639-3247174901-1000_Classes\CLSID\{33a402f9-889f-403f-9862-7e5d363338d4}\InprocServer32 -> C:\Windows\system32\dfshim.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-2709076479-299211639-3247174901-1000_Classes\CLSID\{3ed7ba09-6333-4714-9f34-7fbb3270d1db}\InprocServer32 -> C:\Windows\system32\dfshim.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-2709076479-299211639-3247174901-1000_Classes\CLSID\{4445060a-61df-42fa-8aa3-307ab0e2bec7}\InprocServer32 -> C:\Windows\system32\dfshim.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-2709076479-299211639-3247174901-1000_Classes\CLSID\{47314919-e76d-4f59-a72e-5dc3e205b2df}\InprocServer32 -> C:\Windows\system32\dfshim.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-2709076479-299211639-3247174901-1000_Classes\CLSID\{47ffaf2b-3914-46bb-94e0-4eab7c4ebd69}\InprocServer32 -> C:\Windows\system32\dfshim.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-2709076479-299211639-3247174901-1000_Classes\CLSID\{4bd74af1-49cd-4054-bfa5-91d0aa412839}\InprocServer32 -> C:\Windows\system32\dfshim.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-2709076479-299211639-3247174901-1000_Classes\CLSID\{4d798a3d-a8c1-47d4-8c61-8c3fe23e88c2}\InprocServer32 -> C:\Windows\system32\dfshim.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-2709076479-299211639-3247174901-1000_Classes\CLSID\{4dd31cec-6235-4649-9f6c-dc31fb660923}\InprocServer32 -> C:\Windows\system32\dfshim.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-2709076479-299211639-3247174901-1000_Classes\CLSID\{4e5077a9-ca06-41af-8394-254edddfb102}\InprocServer32 -> C:\Windows\system32\dfshim.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-2709076479-299211639-3247174901-1000_Classes\CLSID\{515068f1-a99b-4ac1-9a66-d0165b1142c5}\InprocServer32 -> C:\Windows\system32\dfshim.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-2709076479-299211639-3247174901-1000_Classes\CLSID\{51fc9280-d9ab-480b-8a0c-eb0b8438022f}\InprocServer32 -> C:\Windows\system32\dfshim.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-2709076479-299211639-3247174901-1000_Classes\CLSID\{5aaaac67-2535-4c7a-9060-9e4123e49be1}\InprocServer32 -> C:\Windows\system32\dfshim.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-2709076479-299211639-3247174901-1000_Classes\CLSID\{5b01473f-97a7-40f0-b281-9083010c6712}\InprocServer32 -> C:\Windows\system32\dfshim.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-2709076479-299211639-3247174901-1000_Classes\CLSID\{5b67ef2a-4cfe-4831-bf6f-d86008fadabe}\InprocServer32 -> C:\Windows\system32\dfshim.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-2709076479-299211639-3247174901-1000_Classes\CLSID\{67458a4a-7d25-4fbc-b691-5ceabf367772}\InprocServer32 -> C:\Windows\system32\dfshim.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-2709076479-299211639-3247174901-1000_Classes\CLSID\{676909ec-0ada-4a01-9ae3-59aae818ba45}\InprocServer32 -> C:\Windows\system32\dfshim.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-2709076479-299211639-3247174901-1000_Classes\CLSID\{6c580f86-eba0-4870-b65d-79eaa516583e}\InprocServer32 -> C:\Windows\system32\dfshim.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-2709076479-299211639-3247174901-1000_Classes\CLSID\{71f0a88e-7519-471b-bd4f-6154fcbdd8f7}\InprocServer32 -> C:\Windows\system32\dfshim.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-2709076479-299211639-3247174901-1000_Classes\CLSID\{723645cd-d184-4af1-b76c-fdfd891acc30}\InprocServer32 -> C:\Windows\system32\dfshim.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-2709076479-299211639-3247174901-1000_Classes\CLSID\{778c029c-ca67-4139-a713-03f2be36542d}\InprocServer32 -> C:\Windows\system32\dfshim.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-2709076479-299211639-3247174901-1000_Classes\CLSID\{78ba11d6-a818-4806-8cc5-6744097d6348}\InprocServer32 -> C:\Windows\system32\dfshim.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-2709076479-299211639-3247174901-1000_Classes\CLSID\{7bb2769a-9ab5-40d0-afb4-c5de7349dfd4}\InprocServer32 -> C:\Windows\system32\dfshim.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-2709076479-299211639-3247174901-1000_Classes\CLSID\{7e8785f2-08a9-4c29-989c-bce037d2ed15}\InprocServer32 -> C:\Windows\system32\dfshim.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-2709076479-299211639-3247174901-1000_Classes\CLSID\{7eed2dd2-6d0c-4fd2-a26d-7f2b00ed7113}\InprocServer32 -> C:\Windows\system32\dfshim.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-2709076479-299211639-3247174901-1000_Classes\CLSID\{7f5df0b5-1189-47c2-9bff-dd630da51e3e}\InprocServer32 -> C:\Windows\system32\dfshim.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-2709076479-299211639-3247174901-1000_Classes\CLSID\{8d64261b-2d59-4e29-b18f-28e7e3b9e8cb}\InprocServer32 -> C:\Windows\system32\dfshim.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-2709076479-299211639-3247174901-1000_Classes\CLSID\{8e7bd6af-b76e-40c4-a83e-b250ee23d24c}\InprocServer32 -> C:\Windows\system32\dfshim.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-2709076479-299211639-3247174901-1000_Classes\CLSID\{9c2bfcf0-77c5-4a55-a276-2055e28a3a44}\InprocServer32 -> C:\Windows\system32\dfshim.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-2709076479-299211639-3247174901-1000_Classes\CLSID\{a6e89bf4-d816-4b96-9c6f-deee4934db93}\InprocServer32 -> C:\Windows\system32\dfshim.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-2709076479-299211639-3247174901-1000_Classes\CLSID\{b602a86c-da71-43e4-afb9-06949ad636d5}\InprocServer32 -> C:\Windows\system32\dfshim.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-2709076479-299211639-3247174901-1000_Classes\CLSID\{b6b6718f-6599-42ab-b6ab-d49e9bdb499c}\InprocServer32 -> C:\Windows\system32\dfshim.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-2709076479-299211639-3247174901-1000_Classes\CLSID\{b7379dd7-40b6-4a39-92c5-0d435e0e9954}\InprocServer32 -> C:\Windows\system32\dfshim.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-2709076479-299211639-3247174901-1000_Classes\CLSID\{c6e50c7e-4ae2-4265-946c-bcc05ba7b17d}\InprocServer32 -> C:\Windows\system32\dfshim.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-2709076479-299211639-3247174901-1000_Classes\CLSID\{cb454c5c-4681-46d2-a50d-c56a9cbe7927}\InprocServer32 -> C:\Windows\system32\dfshim.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-2709076479-299211639-3247174901-1000_Classes\CLSID\{cdc7dd1a-89f8-4d4a-b828-48ba76d650dc}\InprocServer32 -> C:\Windows\system32\dfshim.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-2709076479-299211639-3247174901-1000_Classes\CLSID\{e32cca19-be55-42c8-9fdd-7a1f5303c802}\InprocServer32 -> C:\Windows\system32\dfshim.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-2709076479-299211639-3247174901-1000_Classes\CLSID\{e7652ce6-d2b1-4397-ab10-003ea39478bd}\InprocServer32 -> C:\Windows\system32\dfshim.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-2709076479-299211639-3247174901-1000_Classes\CLSID\{f325ce13-5a39-4d46-9acb-1400813405ef}\InprocServer32 -> C:\Windows\system32\dfshim.dll (Microsoft Corporation)
 
==================== Restore Points  =========================
 
09-10-2014 08:02:39 Scheduled Checkpoint
09-10-2014 19:35:46 Windows Live Essentials
09-10-2014 19:39:41 Uninstalled with Total Uninstall "My Web Backups"
09-10-2014 19:43:28 Uninstalled with Total Uninstall "Windows Live Essentials"
09-10-2014 19:44:09 Windows Live Essentials
09-10-2014 19:56:41 Uninstalled with Total Uninstall "Strongvault Online Backup"
10-10-2014 00:34:12 Uninstalled with Total Uninstall "Strongvault Online Backup"
10-10-2014 00:38:25 Uninstalled with Total Uninstall "Bonjour"
10-10-2014 00:45:33 Uninstalled with Total Uninstall "Curse Client"
 
==================== Hosts content: ==========================
 
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 
2013-03-15 15:03 - 2014-02-25 16:31 - 00000027 ____A C:\Windows\system32\Drivers\etc\hosts
127.0.0.1       localhost
 
==================== Scheduled Tasks (whitelisted) =============
 
(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)
 
Task: {0C343FF1-74A7-4274-B269-20B6B7EF1784} - System32\Tasks\Microsoft\Office\Office 15 Subscription Heartbeat => C:\Program Files\Common Files\Microsoft Shared\Office15\OLicenseHeartbeat.exe [2014-01-23] (Microsoft Corporation)
Task: {1E6848C7-1221-46B8-8AE5-CA3B389494C5} - System32\Tasks\Microsoft_Hardware_Launch_itype_exe => c:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe [2013-05-13] (Microsoft Corporation)
Task: {2AF1FCE4-D637-4B73-8CB0-FE4091A2B03A} - System32\Tasks\Microsoft_Hardware_Launch_mousekeyboardcenter_exe => c:\Program Files\Microsoft Mouse and Keyboard Center\mousekeyboardcenter.exe [2013-05-13] (Microsoft)
Task: {423A45D9-6F1D-43A2-9CEC-9FC1BD0889F4} - System32\Tasks\{ED73FD79-A505-4641-8AE9-D1CA9064280F} => Firefox.exe http://ui.skype.com/ui/0/6.14.0.104/en/go/help.faq.installer?LastError=1601
Task: {43788222-0CA6-4714-921A-5BFA2D994FDF} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2014-09-24] (Adobe Systems Incorporated)
Task: {505AE972-9AD0-491F-BCF3-FDF03BBCD6A6} - System32\Tasks\Microsoft_Hardware_Launch_ipoint_exe => c:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe [2013-05-13] (Microsoft Corporation)
Task: {532414CF-EE5D-44FA-AF39-74857BE48C37} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {6D14683B-6D4A-409B-8A1E-A11317011E99} - System32\Tasks\TuneUpUtilities_Task_BkGndMaintenance2013 => C:\Program Files\TuneUp Utilities 2014\OneClick.exe [2014-04-15] (TuneUp Software)
Task: {8AC82898-BF91-4159-82BE-99DC9B297096} - System32\Tasks\WindowsFirewallNotifierTask => C:\Users\nots0\Desktop\incoming\WFN_1.9.0\Notifier.exe [2014-03-23] (Wokhan)
Task: {8CC16C9F-C0E2-4837-A00A-9570202E65C5} - System32\Tasks\Microsoft_MKC_Logon_Task_ipoint.exe => c:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe [2013-05-13] (Microsoft Corporation)
Task: {B5635BDE-0D64-48AD-A7C3-3F13FBB30EE8} - System32\Tasks\Microsoft_MKC_Logon_Task_itype.exe => c:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe [2013-05-13] (Microsoft Corporation)
Task: {D988972E-4207-4315-8666-E7BD8FA642AB} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2014-04-17] (Piriform Ltd)
 
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
 
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
 
==================== Loaded Modules (whitelisted) =============
 
2013-03-09 14:40 - 2014-03-04 08:34 - 00109000 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax.dll
2014-04-15 15:59 - 2014-04-15 15:59 - 00568120 _____ () C:\Program Files\TuneUp Utilities 2014\avgreplibx.dll
2014-03-12 20:07 - 2014-03-12 20:07 - 08884904 _____ () C:\Program Files\Microsoft Office\Office15\1033\GrooveIntlResource.dll
2013-03-09 22:18 - 2013-03-09 22:04 - 00107520 _____ () C:\Program Files\DAEMON Tools Pro\BRD.dll
2013-05-21 09:12 - 2014-06-19 14:11 - 23950848 _____ () C:\Program Files\World of Warcraft\Utils\libcef.dll
2014-10-01 10:31 - 2014-10-01 10:31 - 04893784 _____ () C:\Users\nots0\Downloads\RogueKiller.exe
2014-01-26 06:10 - 2012-12-07 09:04 - 00515616 _____ () C:\Program Files\Foxit Software\Foxit Advanced PDF Editor\aspell.dll
2013-09-22 19:18 - 2013-09-22 19:18 - 00113664 _____ () C:\Program Files\VideoLAN\VLC\libvlc.dll
2013-09-22 19:19 - 2013-09-22 19:19 - 02341888 _____ () C:\Program Files\VideoLAN\VLC\libvlccore.dll
2013-09-22 19:18 - 2013-09-22 19:18 - 00246784 _____ () C:\Program Files\VideoLAN\VLC\plugins\access\libdshow_plugin.dll
2013-09-22 19:19 - 2013-09-22 19:19 - 00047616 _____ () C:\Program Files\VideoLAN\VLC\plugins\audio_output\libdirectsound_plugin.dll
2013-09-22 19:19 - 2013-09-22 19:19 - 00050688 _____ () C:\Program Files\VideoLAN\VLC\plugins\audio_output\libwaveout_plugin.dll
2013-09-22 19:19 - 2013-09-22 19:19 - 11749376 _____ () C:\Program Files\VideoLAN\VLC\plugins\gui\libqt4_plugin.dll
2013-09-22 19:18 - 2013-09-22 19:18 - 01283584 _____ () C:\Program Files\VideoLAN\VLC\plugins\misc\libxml_plugin.dll
2013-09-22 19:18 - 2013-09-22 19:18 - 00079360 _____ () C:\Program Files\VideoLAN\VLC\plugins\video_output\libdirectdraw_plugin.dll
2013-09-22 19:18 - 2013-09-22 19:18 - 02029568 _____ () C:\Program Files\VideoLAN\VLC\plugins\access\liblibbluray_plugin.dll
2013-09-22 19:18 - 2013-09-22 19:18 - 00100352 _____ () C:\Program Files\VideoLAN\VLC\plugins\access\libaccess_bd_plugin.dll
2013-09-22 19:18 - 2013-09-22 19:18 - 00258560 _____ () C:\Program Files\VideoLAN\VLC\plugins\access\libdvdnav_plugin.dll
2013-09-22 19:18 - 2013-09-22 19:18 - 00076288 _____ () C:\Program Files\VideoLAN\VLC\plugins\access\libaccess_vdr_plugin.dll
2013-09-22 19:18 - 2013-09-22 19:18 - 00046592 _____ () C:\Program Files\VideoLAN\VLC\plugins\access\libfilesystem_plugin.dll
2013-09-22 19:18 - 2013-09-22 19:18 - 00061440 _____ () C:\Program Files\VideoLAN\VLC\plugins\stream_filter\libsmooth_plugin.dll
2013-09-22 19:18 - 2013-09-22 19:18 - 00465920 _____ () C:\Program Files\VideoLAN\VLC\plugins\stream_filter\libhttplive_plugin.dll
2013-09-22 19:18 - 2013-09-22 19:18 - 00719872 _____ () C:\Program Files\VideoLAN\VLC\plugins\stream_filter\libdash_plugin.dll
2013-09-22 19:18 - 2013-09-22 19:18 - 00114688 _____ () C:\Program Files\VideoLAN\VLC\plugins\access\libzip_plugin.dll
2013-09-22 19:18 - 2013-09-22 19:18 - 00039936 _____ () C:\Program Files\VideoLAN\VLC\plugins\access\libstream_filter_rar_plugin.dll
2013-09-22 19:18 - 2013-09-22 19:18 - 00136704 _____ () C:\Program Files\VideoLAN\VLC\plugins\demux\libplaylist_plugin.dll
2013-09-22 19:18 - 2013-09-22 19:18 - 01409536 _____ () C:\Program Files\VideoLAN\VLC\plugins\meta_engine\libtaglib_plugin.dll
2013-09-22 19:18 - 2013-09-22 19:18 - 00300032 _____ () C:\Program Files\VideoLAN\VLC\plugins\lua\liblua_plugin.dll
2013-09-22 19:18 - 2013-09-22 19:18 - 00056320 _____ () C:\Program Files\VideoLAN\VLC\plugins\control\libhotkeys_plugin.dll
2013-09-22 19:18 - 2013-09-22 19:18 - 00038912 _____ () C:\Program Files\VideoLAN\VLC\plugins\control\libglobalhotkeys_plugin.dll
2013-09-22 19:18 - 2013-09-22 19:18 - 00378368 _____ () C:\Program Files\VideoLAN\VLC\plugins\services_discovery\libupnp_plugin.dll
2013-09-22 19:18 - 2013-09-22 19:18 - 00118272 _____ () C:\Program Files\VideoLAN\VLC\plugins\services_discovery\libsap_plugin.dll
2013-09-22 19:18 - 2013-09-22 19:18 - 00043520 _____ () C:\Program Files\VideoLAN\VLC\plugins\services_discovery\libpodcast_plugin.dll
2013-09-22 19:18 - 2013-09-22 19:18 - 00039936 _____ () C:\Program Files\VideoLAN\VLC\plugins\services_discovery\libmediadirs_plugin.dll
2013-09-22 19:18 - 2013-09-22 19:18 - 00037376 _____ () C:\Program Files\VideoLAN\VLC\plugins\services_discovery\libwindrive_plugin.dll
2013-09-22 19:18 - 2013-09-22 19:18 - 00048128 _____ () C:\Program Files\VideoLAN\VLC\plugins\demux\libes_plugin.dll
2013-09-22 19:19 - 2013-09-22 19:19 - 00350720 _____ () C:\Program Files\VideoLAN\VLC\plugins\codec\libtheora_plugin.dll
2013-09-22 19:18 - 2013-09-22 19:18 - 00038912 _____ () C:\Program Files\VideoLAN\VLC\plugins\codec\librawvideo_plugin.dll
2013-09-22 19:18 - 2013-09-22 19:18 - 00144896 _____ () C:\Program Files\VideoLAN\VLC\plugins\codec\libspeex_plugin.dll
2013-09-22 19:18 - 2013-09-22 19:18 - 01723904 _____ () C:\Program Files\VideoLAN\VLC\plugins\codec\libvorbis_plugin.dll
2013-09-22 19:19 - 2013-09-22 19:19 - 00037888 _____ () C:\Program Files\VideoLAN\VLC\plugins\codec\libaes3_plugin.dll
2013-09-22 19:18 - 2013-09-22 19:18 - 00044032 _____ () C:\Program Files\VideoLAN\VLC\plugins\codec\liblpcm_plugin.dll
2013-09-22 19:19 - 2013-09-22 19:19 - 00044032 _____ () C:\Program Files\VideoLAN\VLC\plugins\packetizer\libpacketizer_flac_plugin.dll
2013-09-22 19:19 - 2013-09-22 19:19 - 00049152 _____ () C:\Program Files\VideoLAN\VLC\plugins\packetizer\libpacketizer_dirac_plugin.dll
2013-09-22 19:19 - 2013-09-22 19:19 - 00043008 _____ () C:\Program Files\VideoLAN\VLC\plugins\packetizer\libpacketizer_mlp_plugin.dll
2013-09-22 19:19 - 2013-09-22 19:19 - 00066048 _____ () C:\Program Files\VideoLAN\VLC\plugins\packetizer\libpacketizer_mpeg4audio_plugin.dll
2013-09-22 19:19 - 2013-09-22 19:19 - 00057856 _____ () C:\Program Files\VideoLAN\VLC\plugins\packetizer\libpacketizer_vc1_plugin.dll
2013-09-22 19:18 - 2013-09-22 19:18 - 00039424 _____ () C:\Program Files\VideoLAN\VLC\plugins\codec\libsvcdsub_plugin.dll
2013-09-22 19:18 - 2013-09-22 19:18 - 00042496 _____ () C:\Program Files\VideoLAN\VLC\plugins\codec\libspudec_plugin.dll
2013-09-22 19:19 - 2013-09-22 19:19 - 00049664 _____ () C:\Program Files\VideoLAN\VLC\plugins\packetizer\libpacketizer_mpeg4video_plugin.dll
2013-09-22 19:19 - 2013-09-22 19:19 - 00047104 _____ () C:\Program Files\VideoLAN\VLC\plugins\packetizer\libpacketizer_mpegvideo_plugin.dll
2013-09-22 19:19 - 2013-09-22 19:19 - 00041472 _____ () C:\Program Files\VideoLAN\VLC\plugins\codec\libcvdsub_plugin.dll
2013-09-22 19:19 - 2013-09-22 19:19 - 00085504 _____ () C:\Program Files\VideoLAN\VLC\plugins\packetizer\libpacketizer_h264_plugin.dll
2013-09-22 19:19 - 2013-09-22 19:19 - 00041472 _____ () C:\Program Files\VideoLAN\VLC\plugins\codec\libmpeg_audio_plugin.dll
2013-09-22 19:18 - 2013-09-22 19:18 - 00192000 _____ () C:\Program Files\VideoLAN\VLC\plugins\demux\libmp4_plugin.dll
2013-09-22 19:18 - 2013-09-22 19:18 - 00091136 _____ () C:\Program Files\VideoLAN\VLC\plugins\demux\libavi_plugin.dll
2013-09-22 19:18 - 2013-09-22 19:18 - 00068096 _____ () C:\Program Files\VideoLAN\VLC\plugins\demux\libasf_plugin.dll
2013-09-22 19:18 - 2013-09-22 19:18 - 00077824 _____ () C:\Program Files\VideoLAN\VLC\plugins\demux\libflacsys_plugin.dll
2013-09-22 19:19 - 2013-09-22 19:19 - 00292864 _____ () C:\Program Files\VideoLAN\VLC\plugins\codec\libpng_plugin.dll
2013-09-22 19:19 - 2013-09-22 19:19 - 00040448 _____ () C:\Program Files\VideoLAN\VLC\plugins\codec\libcdg_plugin.dll
2013-09-22 19:18 - 2013-09-22 19:18 - 01297920 _____ () C:\Program Files\VideoLAN\VLC\plugins\codec\libschroedinger_plugin.dll
2013-09-22 19:19 - 2013-09-22 19:19 - 00041472 _____ () C:\Program Files\VideoLAN\VLC\plugins\codec\libdts_plugin.dll
2013-09-22 19:18 - 2013-09-22 19:18 - 00359424 _____ () C:\Program Files\VideoLAN\VLC\plugins\codec\libfaad_plugin.dll
2013-09-22 19:18 - 2013-09-22 19:18 - 00209408 _____ () C:\Program Files\VideoLAN\VLC\plugins\codec\libflac_plugin.dll
2013-09-22 19:19 - 2013-09-22 19:19 - 00049152 _____ () C:\Program Files\VideoLAN\VLC\plugins\codec\libg711_plugin.dll
2013-09-22 19:19 - 2013-09-22 19:19 - 01381376 _____ () C:\Program Files\VideoLAN\VLC\plugins\codec\liblibass_plugin.dll
2013-09-22 19:18 - 2013-09-22 19:18 - 00034816 _____ () C:\Program Files\VideoLAN\VLC\plugins\audio_mixer\libfloat_mixer_plugin.dll
2013-09-22 19:18 - 2013-09-22 19:18 - 00040960 _____ () C:\Program Files\VideoLAN\VLC\plugins\audio_filter\libscaletempo_plugin.dll
2013-09-22 19:18 - 2013-09-22 19:18 - 00130560 _____ () C:\Program Files\VideoLAN\VLC\plugins\audio_filter\libmpgatofixed32_plugin.dll
2013-09-22 19:18 - 2013-09-22 19:18 - 00183808 _____ () C:\Program Files\VideoLAN\VLC\plugins\audio_filter\libdtstofloat32_plugin.dll
2013-09-22 19:18 - 2013-09-22 19:18 - 00073728 _____ () C:\Program Files\VideoLAN\VLC\plugins\audio_filter\liba52tofloat32_plugin.dll
2013-09-22 19:18 - 2013-09-22 19:18 - 01518592 _____ () C:\Program Files\VideoLAN\VLC\plugins\audio_filter\libsamplerate_plugin.dll
2013-09-22 19:18 - 2013-09-22 19:18 - 00040960 _____ () C:\Program Files\VideoLAN\VLC\plugins\audio_filter\libsimple_channel_mixer_plugin.dll
2013-09-22 19:18 - 2013-09-22 19:18 - 00035328 _____ () C:\Program Files\VideoLAN\VLC\plugins\audio_filter\liba52tospdif_plugin.dll
2013-09-22 19:18 - 2013-09-22 19:18 - 00037376 _____ () C:\Program Files\VideoLAN\VLC\plugins\audio_filter\libdtstospdif_plugin.dll
2013-09-22 19:18 - 2013-09-22 19:18 - 00036352 _____ () C:\Program Files\VideoLAN\VLC\plugins\audio_filter\libdolby_surround_decoder_plugin.dll
2013-09-22 19:18 - 2013-09-22 19:18 - 00036352 _____ () C:\Program Files\VideoLAN\VLC\plugins\audio_filter\libugly_resampler_plugin.dll
2013-09-22 19:18 - 2013-09-22 19:18 - 00036864 _____ () C:\Program Files\VideoLAN\VLC\plugins\audio_filter\libtrivial_channel_mixer_plugin.dll
2013-09-22 19:18 - 2013-09-22 19:18 - 00046080 _____ () C:\Program Files\VideoLAN\VLC\plugins\audio_filter\libaudio_format_plugin.dll
2013-09-22 19:18 - 2013-09-22 19:18 - 00051712 _____ () C:\Program Files\VideoLAN\VLC\plugins\audio_filter\libequalizer_plugin.dll
2013-09-22 19:18 - 2013-09-22 19:18 - 00046080 _____ () C:\Program Files\VideoLAN\VLC\plugins\audio_filter\libcompressor_plugin.dll
2013-09-22 19:18 - 2013-09-22 19:18 - 00116736 _____ () C:\Program Files\VideoLAN\VLC\plugins\audio_filter\libspatializer_plugin.dll
2014-07-06 06:40 - 2014-07-06 06:34 - 00020288 _____ () C:\Program Files\CCleaner\branding.dll
2014-05-24 16:06 - 2014-05-12 01:51 - 01397880 _____ () C:\Program Files\Opera\21.0.1432.67\opera_crashreporter.exe
2014-05-24 16:06 - 2014-05-12 01:51 - 00877688 _____ () C:\Program Files\Opera\21.0.1432.67\libglesv2.dll
2014-05-24 16:06 - 2014-05-12 01:51 - 00135800 _____ () C:\Program Files\Opera\21.0.1432.67\libegl.dll
2014-05-24 16:06 - 2014-05-12 01:51 - 00957048 _____ () C:\Program Files\Opera\21.0.1432.67\ffmpegsumo.dll
2014-09-10 23:01 - 2014-09-10 23:01 - 16825520 _____ () C:\Windows\system32\Macromed\Flash\NPSWF32_15_0_0_152.dll
2014-03-31 14:08 - 2014-09-27 10:50 - 03715184 _____ () C:\Program Files\Mozilla Firefox\mozjs.dll
2014-08-19 02:02 - 2014-08-19 02:02 - 01020928 _____ () C:\Users\nots0\AppData\Roaming\Mozilla\Firefox\Profiles\tz0ans2l.default\extensions\support@lastpass.com\platform\WINNT_x86-msvc\components\lpxpcom.dll
 
==================== Alternate Data Streams (whitelisted) =========
 
(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)
 
AlternateDataStreams: C:\3590F75ABA9E485486C100C1A9D4FF06ZZZ..Z.....ZZZZZ:1
AlternateDataStreams: C:\ProgramData\TEMP:9A870F8B
AlternateDataStreams: C:\ProgramData\TEMP:D1B5B4F1
 
==================== Safe Mode (whitelisted) ===================
 
(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
 
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PEVSystemStart => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\procexp90.Sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinFLAdrv.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\PEVSystemStart => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\procexp90.Sys => ""="Driver"
 
==================== EXE Association (whitelisted) =============
 
(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)
 
 
==================== MSCONFIG/TASK MANAGER disabled items =========
 
(Currently there is no automatic fix for this section.)
 
MSCONFIG\Services: AxInstSV => 3
MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^StrongVaultApp.exe.lnk => C:\Windows\pss\StrongVaultApp.exe.lnk.CommonStartup
MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Who Is On My Wifi.lnk => C:\Windows\pss\Who Is On My Wifi.lnk.CommonStartup
MSCONFIG\startupfolder: C:^Users^nots0^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^CurseClientStartup.ccip => C:\Windows\pss\CurseClientStartup.ccip.Startup
MSCONFIG\startupfolder: C:^Users^nots0^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Rainmeter.lnk => C:\Windows\pss\Rainmeter.lnkStartup
MSCONFIG\startupfolder: C:^Users^nots0^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Send to OneNote.lnk => C:\Windows\pss\Send to OneNote.lnkStartup
MSCONFIG\startupreg: AdobeAAMUpdater-1.0 => "C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe"
MSCONFIG\startupreg: AdobeCEPServiceManager => "C:\Program Files\Common Files\Adobe\CEPServiceManager4\CEPServiceManager.exe" -launchedbylogin
MSCONFIG\startupreg: AdobeCS6ServiceManager => "C:\Program Files\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe" -launchedbylogin
MSCONFIG\startupreg: APSDaemon => "C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe"
MSCONFIG\startupreg: HDAudDeck => C:\Program Files\VIA\VIAudioi\VDeck\VDeck.exe -r
MSCONFIG\startupreg: iTunesHelper => "C:\Program Files\iTunes\iTunesHelper.exe"
MSCONFIG\startupreg: Skype => "C:\Program Files\Skype\Phone\Skype.exe" /minimized /regrun
MSCONFIG\startupreg: SunJavaUpdateSched => "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
MSCONFIG\startupreg: Zune Launcher => "C:\Program Files\Zune\ZuneLauncher.exe"
 
========================= Accounts: ==========================
 
Administrator (S-1-5-21-2709076479-299211639-3247174901-500 - Administrator - Disabled)
Guest (S-1-5-21-2709076479-299211639-3247174901-501 - Limited - Disabled)
nots0 (S-1-5-21-2709076479-299211639-3247174901-1000 - Administrator - Enabled) => C:\Users\nots0
 
==================== Faulty Device Manager Devices =============
 
Name: WAN Miniport (L2TP)
Description: WAN Miniport (L2TP)
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: Rasl2tp
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.
 
Name: WAN Miniport (Network Monitor)
Description: WAN Miniport (Network Monitor)
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: NdisWan
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.
 
Name: WAN Miniport (IP)
Description: WAN Miniport (IP)
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: NdisWan
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.
 
Name: WAN Miniport (IPv6)
Description: WAN Miniport (IPv6)
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: NdisWan
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.
 
Name: Microsoft ISATAP Adapter
Description: Microsoft ISATAP Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: tunnel
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.
 
Name: Microsoft ISATAP Adapter #2
Description: Microsoft ISATAP Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: tunnel
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.
 
Name: WAN Miniport (PPPOE)
Description: WAN Miniport (PPPOE)
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: RasPppoe
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.
 
Name: Microsoft ISATAP Adapter #3
Description: Microsoft ISATAP Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: tunnel
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.
 
Name: WAN Miniport (PPTP)
Description: WAN Miniport (PPTP)
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: PptpMiniport
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.
 
Name: Microsoft ISATAP Adapter #4
Description: Microsoft ISATAP Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: tunnel
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.
 
Name: Microsoft ISATAP Adapter #5
Description: Microsoft ISATAP Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: tunnel
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.
 
Name: WAN Miniport (SSTP)
Description: WAN Miniport (SSTP)
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: RasSstp
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.
 
Name: WAN Miniport (IKEv2)
Description: WAN Miniport (IKEv2)
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: RasAgileVpn
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (10/10/2014 01:14:55 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: vlc.exe, version: 2.1.0.0, time stamp: 0x523f7ac4
Faulting module name: vlc.exe, version: 2.1.0.0, time stamp: 0x523f7ac4
Exception code: 0xc0000005
Fault offset: 0x00001a5b
Faulting process id: 0x1b10
Faulting application start time: 0xvlc.exe0
Faulting application path: vlc.exe1
Faulting module path: vlc.exe2
Report Id: vlc.exe3
 
Error: (10/10/2014 04:00:31 AM) (Source: Office 2013 Licensing Service) (EventID: 0) (User: )
Description: Subscription licensing service failed: -2147023838
 
Error: (10/09/2014 08:45:36 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: Cryptographic Services failed while processing the OnIdentity() call in the System Writer Object.
 
 
Details:
AddLegacyDriverFiles: Unable to back up image of binary MpKsle9760d37.
 
System Error:
The system cannot find the file specified.
.
 
Error: (10/09/2014 08:38:29 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: Cryptographic Services failed while processing the OnIdentity() call in the System Writer Object.
 
 
Details:
AddLegacyDriverFiles: Unable to back up image of binary MpKsle9760d37.
 
System Error:
The system cannot find the file specified.
.
 
Error: (10/09/2014 08:34:21 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: Cryptographic Services failed while processing the OnIdentity() call in the System Writer Object.
 
 
Details:
AddLegacyDriverFiles: Unable to back up image of binary MpKsle9760d37.
 
System Error:
The system cannot find the file specified.
.
 
Error: (10/09/2014 03:56:41 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: Cryptographic Services failed while processing the OnIdentity() call in the System Writer Object.
 
 
Details:
AddLegacyDriverFiles: Unable to back up image of binary MpKsle9760d37.
 
System Error:
The system cannot find the file specified.
.
 
Error: (10/09/2014 03:44:09 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: Cryptographic Services failed while processing the OnIdentity() call in the System Writer Object.
 
 
Details:
AddLegacyDriverFiles: Unable to back up image of binary MpKsle9760d37.
 
System Error:
The system cannot find the file specified.
.
 
Error: (10/09/2014 03:43:32 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: Cryptographic Services failed while processing the OnIdentity() call in the System Writer Object.
 
 
Details:
AddLegacyDriverFiles: Unable to back up image of binary MpKsle9760d37.
 
System Error:
The system cannot find the file specified.
.
 
Error: (10/09/2014 03:39:41 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: Cryptographic Services failed while processing the OnIdentity() call in the System Writer Object.
 
 
Details:
AddLegacyDriverFiles: Unable to back up image of binary MpKsle9760d37.
 
System Error:
The system cannot find the file specified.
.
 
Error: (10/09/2014 03:35:53 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: Cryptographic Services failed while processing the OnIdentity() call in the System Writer Object.
 
 
Details:
AddLegacyDriverFiles: Unable to back up image of binary MpKsle9760d37.
 
System Error:
The system cannot find the file specified.
.
 
 
System errors:
=============
Error: (10/10/2014 01:21:33 PM) (Source: DCOM) (EventID: 10001) (User: )
Description: C:\Windows\system32\DllHost.exe /Processid:{F9717507-6651-4EDB-BFF7-AE615179BCCF}5{C39EE728-D419-4BD4-A3EF-EDA059DBD935}
 
Error: (10/09/2014 11:38:45 PM) (Source: Microsoft Antimalware) (EventID: 2001) (User: )
Description: %NT AUTHORITY60 has encountered an error trying to update signatures.
 
New Signature Version: 
 
Previous Signature Version: 1.185.2649.0
 
Update Source: %NT AUTHORITY59
 
Update Stage: 4.5.0216.00
 
Source Path: 4.5.0216.01
 
Signature Type: %NT AUTHORITY602
 
Update Type: %NT AUTHORITY604
 
User: NT AUTHORITY\SYSTEM
 
Current Engine Version: %NT AUTHORITY605
 
Previous Engine Version: %NT AUTHORITY606
 
Error code: %NT AUTHORITY607
 
Error description: %NT AUTHORITY608
 
Error: (10/09/2014 11:26:04 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The Malwarebytes Anti-Exploit Service service terminated unexpectedly.  It has done this 1 time(s).
 
Error: (10/09/2014 11:17:32 PM) (Source: Microsoft Antimalware) (EventID: 2001) (User: )
Description: %NT AUTHORITY60 has encountered an error trying to update signatures.
 
New Signature Version: 
 
Previous Signature Version: 1.185.2649.0
 
Update Source: %NT AUTHORITY59
 
Update Stage: 4.5.0216.00
 
Source Path: 4.5.0216.01
 
Signature Type: %NT AUTHORITY602
 
Update Type: %NT AUTHORITY604
 
User: NT AUTHORITY\SYSTEM
 
Current Engine Version: %NT AUTHORITY605
 
Previous Engine Version: %NT AUTHORITY606
 
Error code: %NT AUTHORITY607
 
Error description: %NT AUTHORITY608
 
Error: (10/09/2014 06:56:29 PM) (Source: DCOM) (EventID: 10000) (User: )
Description: C:\Windows\system32\DllHost.exe /Processid:{AB8902B4-09CA-4BB6-B78D-A8F59079A8D5}5{AB8902B4-09CA-4BB6-B78D-A8F59079A8D5}
 
Error: (10/09/2014 03:48:15 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Apple Mobile Device service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 60000 milliseconds: Restart the service.
 
Error: (10/09/2014 03:21:55 PM) (Source: DCOM) (EventID: 10000) (User: )
Description: C:\Windows\system32\DllHost.exe /Processid:{30D49246-D217-465F-B00B-AC9DDD652EB7}5{30D49246-D217-465F-B00B-AC9DDD652EB7}
 
Error: (10/09/2014 03:18:32 PM) (Source: Microsoft Antimalware) (EventID: 2001) (User: )
Description: %NT AUTHORITY60 has encountered an error trying to update signatures.
 
New Signature Version: 
 
Previous Signature Version: 1.185.2649.0
 
Update Source: %NT AUTHORITY59
 
Update Stage: 4.5.0216.00
 
Source Path: 4.5.0216.01
 
Signature Type: %NT AUTHORITY602
 
Update Type: %NT AUTHORITY604
 
User: NT AUTHORITY\SYSTEM
 
Current Engine Version: %NT AUTHORITY605
 
Previous Engine Version: %NT AUTHORITY606
 
Error code: %NT AUTHORITY607
 
Error description: %NT AUTHORITY608
 
Error: (10/09/2014 03:17:14 PM) (Source: Microsoft Antimalware) (EventID: 2001) (User: )
Description: %NT AUTHORITY60 has encountered an error trying to update signatures.
 
New Signature Version: 
 
Previous Signature Version: 1.185.2649.0
 
Update Source: %NT AUTHORITY59
 
Update Stage: 4.5.0216.00
 
Source Path: 4.5.0216.01
 
Signature Type: %NT AUTHORITY602
 
Update Type: %NT AUTHORITY604
 
User: NT AUTHORITY\SYSTEM
 
Current Engine Version: %NT AUTHORITY605
 
Previous Engine Version: %NT AUTHORITY606
 
Error code: %NT AUTHORITY607
 
Error description: %NT AUTHORITY608
 
Error: (10/09/2014 03:13:41 PM) (Source: DCOM) (EventID: 10000) (User: )
Description: C:\Windows\system32\DllHost.exe /Processid:{3EB3C877-1F16-487C-9050-104DBCD66683}5{0358B920-0AC7-461F-98F4-58E32CD89148}
 
 
Microsoft Office Sessions:
=========================
Error: (10/10/2014 01:14:55 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: vlc.exe2.1.0.0523f7ac4vlc.exe2.1.0.0523f7ac4c000000500001a5b1b1001cfe24fb533e494C:\Program Files\VideoLAN\VLC\vlc.exeC:\Program Files\VideoLAN\VLC\vlc.exef225760d-50a0-11e4-99fe-e0cb4ec5d81b
 
Error: (10/10/2014 04:00:31 AM) (Source: Office 2013 Licensing Service) (EventID: 0) (User: )
Description: Subscription licensing service failed: -2147023838
 
Error: (10/09/2014 08:45:36 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: 
Details:
AddLegacyDriverFiles: Unable to back up image of binary MpKsle9760d37.
 
System Error:
The system cannot find the file specified.
 
Error: (10/09/2014 08:38:29 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: 
Details:
AddLegacyDriverFiles: Unable to back up image of binary MpKsle9760d37.
 
System Error:
The system cannot find the file specified.
 
Error: (10/09/2014 08:34:21 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: 
Details:
AddLegacyDriverFiles: Unable to back up image of binary MpKsle9760d37.
 
System Error:
The system cannot find the file specified.
 
Error: (10/09/2014 03:56:41 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: 
Details:
AddLegacyDriverFiles: Unable to back up image of binary MpKsle9760d37.
 
System Error:
The system cannot find the file specified.
 
Error: (10/09/2014 03:44:09 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: 
Details:
AddLegacyDriverFiles: Unable to back up image of binary MpKsle9760d37.
 
System Error:
The system cannot find the file specified.
 
Error: (10/09/2014 03:43:32 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: 
Details:
AddLegacyDriverFiles: Unable to back up image of binary MpKsle9760d37.
 
System Error:
The system cannot find the file specified.
 
Error: (10/09/2014 03:39:41 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: 
Details:
AddLegacyDriverFiles: Unable to back up image of binary MpKsle9760d37.
 
System Error:
The system cannot find the file specified.
 
Error: (10/09/2014 03:35:53 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: 
Details:
AddLegacyDriverFiles: Unable to back up image of binary MpKsle9760d37.
 
System Error:
The system cannot find the file specified.
 
 
==================== Memory info =========================== 
 
Processor: AMD Phenom™ II X4 955 Processor
Percentage of memory in use: 74%
Total physical RAM: 3327.18 MB
Available physical RAM: 841.04 MB
Total Pagefile: 13221.01 MB
Available Pagefile: 8290.37 MB
Total Virtual: 2047.88 MB
Available Virtual: 1894.27 MB
 
==================== Drives ================================
 
Drive c: () (Fixed) (Total:931.41 GB) (Free:495.99 GB) NTFS
Drive d: (Repair disc Windows 7 32-bit) (CDROM) (Total:0.14 GB) (Free:0 GB) UDF
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 931.5 GB) (Disk ID: A32E54E3)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=931.4 GB) - (Type=07 NTFS)
 
==================== End Of Log ============================


#9 cer0

cer0
  • Topic Starter

  • Members
  • 26 posts
  • OFFLINE
  •  
  • Local time:06:45 AM

Posted 10 October 2014 - 03:29 PM

 

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 08-10-2014 01

Ran by nots0 (administrator) on NOTS0-PC on 10-10-2014 16:13:05
Running from C:\Users\nots0\Downloads
Loaded Profile: nots0 (Available profiles: nots0)
Platform: Microsoft Windows 7 Ultimate  Service Pack 1 (X86) OS Language: English (United States)
Internet Explorer Version 11
Boot Mode: Normal
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Brio) C:\Program Files\FolderSize\FolderSizeSvc.exe
(Malwarebytes Corporation) C:\Program Files\Malwarebytes Anti-Malware\mbamscheduler.exe
(Malwarebytes Corporation) C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe
(TuneUp Software) C:\Program Files\TuneUp Utilities 2014\TuneUpUtilitiesService32.exe
(Malwarebytes Corporation) C:\Program Files\Malwarebytes Anti-Malware\mbam.exe
(TuneUp Software) C:\Program Files\TuneUp Utilities 2014\TuneUpUtilitiesApp32.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(DT Soft Ltd) C:\Program Files\DAEMON Tools Pro\DTShellHlp.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\NisSrv.exe
(Blizzard Entertainment) C:\Program Files\World of Warcraft\Wow.exe
(Blizzard Entertainment) C:\Program Files\World of Warcraft\Utils\WowBrowserProxy.exe
(Microsoft Corporation) C:\Windows\System32\taskmgr.exe
() C:\Users\nots0\Downloads\RogueKiller.exe
(Foxit Corporation) C:\Program Files\Foxit Software\Foxit Advanced PDF Editor\Foxit Advanced PDF Editor.exe
(VideoLAN) C:\Program Files\VideoLAN\VLC\vlc.exe
(Softpointer Inc) C:\Program Files\TagRename\TagRename.exe
(Piriform Ltd) C:\Program Files\CCleaner\CCleaner.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Opera Software) C:\Program Files\Opera\21.0.1432.67\opera.exe
() C:\Program Files\Opera\21.0.1432.67\opera_crashreporter.exe
(Opera Software) C:\Program Files\Opera\21.0.1432.67\opera.exe
(Opera Software) C:\Program Files\Opera\21.0.1432.67\opera.exe
(Opera Software) C:\Program Files\Opera\21.0.1432.67\opera.exe
(Opera Software) C:\Program Files\Opera\21.0.1432.67\opera.exe
(Opera Software) C:\Program Files\Opera\21.0.1432.67\opera.exe
(Opera Software) C:\Program Files\Opera\21.0.1432.67\opera.exe
(Opera Software) C:\Program Files\Opera\21.0.1432.67\opera.exe
(Opera Software) C:\Program Files\Opera\21.0.1432.67\opera.exe
(Opera Software) C:\Program Files\Opera\21.0.1432.67\opera.exe
(Opera Software) C:\Program Files\Opera\21.0.1432.67\opera.exe
(Opera Software) C:\Program Files\Opera\21.0.1432.67\opera.exe
(Opera Software) C:\Program Files\Opera\21.0.1432.67\opera.exe
(Opera Software) C:\Program Files\Opera\21.0.1432.67\opera.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(Opera Software) C:\Program Files\Opera\21.0.1432.67\opera.exe
(Opera Software) C:\Program Files\Opera\21.0.1432.67\opera.exe
(Opera Software) C:\Program Files\Opera\21.0.1432.67\opera.exe
(Wokhan) C:\Users\nots0\Desktop\incoming\WFN_1.9.0\Notifier.exe
(Microsoft Corporation) C:\Windows\System32\prevhost.exe
 
 
==================== Registry (Whitelisted) ==================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [MSC] => c:\Program Files\Microsoft Security Client\msseces.exe [951576 2014-03-11] (Microsoft Corporation)
HKLM\...\Run: [Malwarebytes Anti-Exploit] => C:\Program Files\Malwarebytes Anti-Exploit\mbae.exe [443216 2014-08-26] (Malwarebytes Corporation)
HKLM\...\RunOnce: [Malwarebytes Anti-Malware (cleanup)] => C:\ProgramData\Malwarebytes\Malwarebytes Anti-Malware\mbamdor.exe [54072 2014-05-12] (Malwarebytes Corporation)
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0xF2D628CCF41CCE01
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.com
SearchScopes: HKLM - DefaultScope {17C35237-2C6F-452E-B85E-66267434CAB2} URL = 
BHO: Drop Pad Web Backup -> {25DA541F-6ACF-4052-A8AA-1D58284729C7} -> C:\Windows\system32\mscoree.dll (Microsoft Corporation)
BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation)
BHO: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office15\URLREDIR.DLL (Microsoft Corporation)
BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation)
BHO: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office\Office15\MSOSB.DLL (Microsoft Corporation)
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} -  No File
Winsock: Catalog5 09 C:\Program Files\Bonjour\mdnsNSP.dll [121704] (Apple Inc.)
Tcpip\Parameters: [DhcpNameServer] 75.75.75.75 75.75.76.76
 
FireFox:
========
FF ProfilePath: C:\Users\nots0\AppData\Roaming\Mozilla\Firefox\Profiles\tz0ans2l.default
FF Homepage: hxxp://www.google.com
FF NetworkProxy: "type", 0
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF32_15_0_0_152.dll ()
FF Plugin: @Apple.com/iTunes,version=1.0 -> C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin: @java.com/DTPlugin,version=10.51.2 -> C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.51.2 -> C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @microsoft.com/Lync,version=15.0 -> C:\Program Files\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll (Microsoft Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~1\MICROS~3\Office15\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin: @nvidia.com/3DVision -> C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF Plugin: @nvidia.com/3DVisionStreaming -> C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @videolan.org/vlc,version=2.1.0 -> C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect32.dll (Adobe Systems)
FF Plugin HKCU: ubisoft.com/uplaypc -> C:\Program Files\Ubisoft\Ubisoft Game Launcher\npuplaypc.dll (Ubisoft)
FF user.js: detected! => C:\Users\nots0\AppData\Roaming\Mozilla\Firefox\Profiles\tz0ans2l.default\user.js
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npMeetingJoinPluginOC.dll (Microsoft Corporation)
FF SearchPlugin: C:\Users\nots0\AppData\Roaming\Mozilla\Firefox\Profiles\tz0ans2l.default\searchplugins\google-ssl.xml
FF SearchPlugin: C:\Users\nots0\AppData\Roaming\Mozilla\Firefox\Profiles\tz0ans2l.default\searchplugins\yahoo_ff.xml
FF Extension: Ant Video Downloader - C:\Users\nots0\AppData\Roaming\Mozilla\Firefox\Profiles\tz0ans2l.default\Extensions\anttoolbar@ant.com [2014-08-02]
FF Extension: Flash Video Downloader - YouTube Full HD Download - C:\Users\nots0\AppData\Roaming\Mozilla\Firefox\Profiles\tz0ans2l.default\Extensions\artur.dubovoy@gmail.com [2014-07-31]
FF Extension: DoNotTrackMe: Online Privacy Protection - C:\Users\nots0\AppData\Roaming\Mozilla\Firefox\Profiles\tz0ans2l.default\Extensions\donottrackplus@abine.com [2014-07-10]
FF Extension: LastPass - C:\Users\nots0\AppData\Roaming\Mozilla\Firefox\Profiles\tz0ans2l.default\Extensions\support@lastpass.com [2014-08-22]
FF Extension: Flash and Video Download - C:\Users\nots0\AppData\Roaming\Mozilla\Firefox\Profiles\tz0ans2l.default\Extensions\{bee6eb20-01e0-ebd1-da83-080329fb9a3a} [2014-09-20]
FF Extension: Custom New Tab - C:\Users\nots0\AppData\Roaming\Mozilla\Firefox\Profiles\tz0ans2l.default\Extensions\CNT@ednovak.net.xpi [2014-04-05]
FF Extension: ImageBlock - C:\Users\nots0\AppData\Roaming\Mozilla\Firefox\Profiles\tz0ans2l.default\Extensions\imageblock@hemantvats.com.xpi [2013-09-28]
FF Extension: InstantFox - C:\Users\nots0\AppData\Roaming\Mozilla\Firefox\Profiles\tz0ans2l.default\Extensions\searchy@searchy.xpi [2013-03-09]
FF Extension: YouTube to MP3 - C:\Users\nots0\AppData\Roaming\Mozilla\Firefox\Profiles\tz0ans2l.default\Extensions\youtube2mp3@mondayx.de.xpi [2014-01-27]
FF Extension: Gmail S/MIME - C:\Users\nots0\AppData\Roaming\Mozilla\Firefox\Profiles\tz0ans2l.default\Extensions\{4c197c8f-a50f-4b49-a2d2-ed922c95612f}.xpi [2013-03-12]
FF Extension: Encrypted Communication - C:\Users\nots0\AppData\Roaming\Mozilla\Firefox\Profiles\tz0ans2l.default\Extensions\{52a7f893-d228-412e-9b28-bc61491462f6}.xpi [2013-03-12]
FF Extension: Quick Translator - C:\Users\nots0\AppData\Roaming\Mozilla\Firefox\Profiles\tz0ans2l.default\Extensions\{5C655500-E712-41e7-9349-CE462F844B19}.xpi [2013-12-08]
FF Extension: Downloads Window - C:\Users\nots0\AppData\Roaming\Mozilla\Firefox\Profiles\tz0ans2l.default\Extensions\{a7213cf2-fa1e-4373-88ff-255d0abd3020}.xpi [2014-01-27]
FF Extension: Adblock Plus - C:\Users\nots0\AppData\Roaming\Mozilla\Firefox\Profiles\tz0ans2l.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2014-04-25]
FF Extension: Google Privacy - C:\Users\nots0\AppData\Roaming\Mozilla\Firefox\Profiles\tz0ans2l.default\Extensions\{ea61041c-1e22-4400-99a0-aea461e69d04}.xpi [2013-03-12]
 
Chrome: 
=======
CHR Profile: C:\Users\nots0\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Docs) - C:\Users\nots0\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-04-17]
CHR Extension: (Google Drive) - C:\Users\nots0\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-04-17]
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\nots0\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-07-11]
CHR Extension: (YouTube) - C:\Users\nots0\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-04-17]
CHR Extension: (Google Search) - C:\Users\nots0\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-04-17]
CHR Extension: (Google Wallet) - C:\Users\nots0\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-04-17]
CHR Extension: (Gmail) - C:\Users\nots0\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-04-17]
 
========================== Services (Whitelisted) =================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 FolderSize; C:\Program Files\FolderSize\FolderSizeSvc.exe [114688 2013-02-13] (Brio) [File not signed]
S4 LiveUpdateSvc; C:\Program Files\IObit\LiveUpdate\LiveUpdate.exe [2151200 2013-12-03] (IObit)
S2 MbaeSvc; C:\Program Files\Malwarebytes Anti-Exploit\mbae-svc.exe [441144 2014-08-29] (Malwarebytes Corporation)
R2 MBAMScheduler; C:\Program Files\Malwarebytes Anti-Malware\mbamscheduler.exe [1809720 2014-05-12] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe [860472 2014-05-12] (Malwarebytes Corporation)
R2 MsMpSvc; C:\Program Files\Microsoft Security Client\MsMpEng.exe [22216 2014-03-11] (Microsoft Corporation)
R3 NisSrv; C:\Program Files\Microsoft Security Client\NisSrv.exe [279776 2014-03-11] (Microsoft Corporation)
S2 PP Assistant Service; C:\Program Files\PP助手2.0\adevicehelpersvr.exe [118496 2014-08-14] () [File not signed]
R2 Themes; C:\Windows\system32\themeservice.dll [37376 2014-01-27] (Microsoft Corporation) [File not signed]
R2 TuneUp.UtilitiesSvc; C:\Program Files\TuneUp Utilities 2014\TuneUpUtilitiesService32.exe [1774904 2014-04-15] (TuneUp Software)
 
==================== Drivers (Whitelisted) ====================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
R1 AsIO; C:\Windows\System32\drivers\AsIO.sys [11296 2009-08-04] ()
R1 dtsoftbus01; C:\Windows\System32\DRIVERS\dtsoftbus01.sys [242240 2013-03-09] (DT Soft Ltd)
R1 ESProtectionDriver; C:\Program Files\Malwarebytes Anti-Exploit\mbae.sys [47896 2014-08-30] ()
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [23256 2014-05-12] (Malwarebytes Corporation)
R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [110296 2014-10-09] (Malwarebytes Corporation)
R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [51928 2014-05-12] (Malwarebytes Corporation)
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [231960 2014-01-25] (Microsoft Corporation)
R1 MpKslb997da32; c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{5FDE2106-6FDB-4928-85C8-2A67ADDCEAC1}\MpKslb997da32.sys [39464 2014-10-09] (Microsoft Corporation)
R3 MTsensor; C:\Windows\System32\DRIVERS\ASACPI.sys [13216 2009-07-16] ()
U0 naexe; C:\Windows\System32\drivers\qxuljc.sys [52440 2014-10-03] (Malwarebytes Corporation)
S3 rkhdrv40; C:\Windows\system32\Drivers\rkhdrv40.sys [24448 2014-10-03] () [File not signed]
S3 taphss; C:\Windows\System32\DRIVERS\taphss.sys [33512 2012-07-24] (AnchorFree Inc)
S3 taphss6; C:\Windows\System32\DRIVERS\taphss6.sys [37064 2013-04-24] (Anchorfree Inc.)
U3 TrueSight; C:\Windows\System32\drivers\TrueSight.sys [34808 2014-10-09] ()
R3 TuneUpUtilitiesDrv; C:\Program Files\TuneUp Utilities 2014\TuneUpUtilitiesDriver32.sys [12320 2014-03-26] (TuneUp Software)
R3 VIAHdAudAddService; C:\Windows\System32\drivers\viahduaa.sys [1150880 2013-03-09] (VIA Technologies, Inc.)
R1 WinFLAdrv; C:\Windows\System32\WinFLAdrv.sys [29184 2013-03-10] ()
S1 AntiLog32; \??\C:\Windows\system32\drivers\AntiLog32.sys [X]
S3 catchme; \??\C:\Users\nots0\AppData\Local\Temp\catchme.sys [X]
S3 keycrypt; system32\DRIVERS\KeyCrypt32.sys [X]
S3 Synth3dVsc; System32\drivers\synth3dvsc.sys [X]
S3 tsusbhub; system32\drivers\tsusbhub.sys [X]
S3 VGPU; System32\drivers\rdvgkmd.sys [X]
U3 mbr; \??\C:\Users\nots0\AppData\Local\Temp\mbr.sys [X]
 
==================== NetSvcs (Whitelisted) ===================
 
 
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
 
 
==================== One Month Created Files and Folders ========
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2014-10-10 16:13 - 2014-10-10 16:13 - 00016459 _____ () C:\Users\nots0\Downloads\FRST.txt
2014-10-10 15:16 - 2014-10-10 16:12 - 01101312 _____ (Farbar) C:\Users\nots0\Downloads\FRST.exe
2014-10-10 14:39 - 2014-10-10 14:39 - 00114704 _____ () C:\Users\nots0\AppData\Local\GDIPFONTCACHEV1.DAT
2014-10-10 14:38 - 2014-10-10 16:13 - 00000000 ____D () C:\3590F75ABA9E485486C100C1A9D4FF06ZZZ..Z.....ZZZZZ
2014-10-10 13:20 - 2014-10-10 13:20 - 00000000 ____D () C:\Users\nots0\AppData\Roaming\Aspell
2014-10-09 23:25 - 2014-10-09 23:30 - 00000000 ____D () C:\Program Files\Malwarebytes Anti-Exploit
2014-10-09 23:25 - 2014-10-09 23:25 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Exploit
2014-10-09 23:25 - 2014-10-09 23:25 - 00000000 ____D () C:\ProgramData\Malwarebytes Anti-Exploit
2014-10-09 15:30 - 2014-10-09 15:47 - 00000000 ____D () C:\Users\nots0\Documents\iTools
2014-10-09 15:29 - 2014-10-09 15:29 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTools
2014-10-09 15:28 - 2014-10-09 15:29 - 04039920 _____ () C:\Users\nots0\Downloads\iToolsSetup_1.8.4.0.exe
2014-10-09 11:32 - 2010-05-07 01:48 - 00077824 _____ (Auto Debug System) C:\Users\nots0\Downloads\KillProcess.exe
2014-10-09 11:25 - 2014-10-09 11:25 - 00029281 _____ () C:\Users\nots0\Downloads\processkill(1).zip
2014-10-09 11:23 - 2014-10-09 11:23 - 00029281 _____ () C:\Users\nots0\Downloads\processkill.zip
2014-10-09 01:09 - 2014-10-09 01:09 - 00029696 _____ (Gibson Research Corp.) C:\Users\nots0\Downloads\dcombob.exe
2014-10-09 00:54 - 2014-10-09 00:54 - 01121208 _____ () C:\Users\nots0\Downloads\ProcessMonitor.zip
2014-10-09 00:42 - 2014-10-09 00:42 - 00000000 ____D () C:\Users\nots0\AppData\Local\Wokhan
2014-10-09 00:38 - 2014-10-09 00:38 - 00162566 _____ () C:\Users\nots0\Downloads\WFN_1.9.0.zip
2014-10-09 00:30 - 2014-10-09 00:52 - 39067648 _____ () C:\Users\nots0\Downloads\Metrik-Universal_Language-NHS262DD-WEB-2014-JUSTiFY.rar.part
2014-10-08 18:00 - 2014-10-08 18:00 - 00000000 ____D () C:\Users\nots0\AppData\Roaming\TradeSkillMaster
2014-10-08 17:56 - 2014-10-08 17:56 - 00000000 ____D () C:\Users\nots0\Desktop\TSMApplication
2014-10-08 17:55 - 2014-10-08 17:55 - 07668591 _____ () C:\Users\nots0\Downloads\TSMApplication.zip
2014-10-03 08:48 - 2014-10-03 08:48 - 00052440 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\qxuljc.sys
2014-10-03 04:30 - 2014-10-03 04:30 - 00024448 _____ () C:\Windows\system32\Drivers\rkhdrv40.sys
2014-10-03 04:30 - 2014-10-03 04:30 - 00000000 ____D () C:\Users\nots0\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Rootkit Unhooker
2014-10-02 23:21 - 2014-10-02 23:21 - 14349744 _____ (Malwarebytes Corp.) C:\Users\nots0\Downloads\mbar-1.07.0.1012.exe
2014-10-02 22:56 - 2014-10-02 22:56 - 00158300 _____ () C:\Users\nots0\Downloads\RkU37300505.zip
2014-10-02 22:54 - 2014-10-02 22:54 - 00050477 _____ () C:\Users\nots0\Downloads\Defogger.exe
2014-10-02 22:54 - 2014-10-02 22:54 - 00000552 _____ () C:\Users\nots0\Downloads\defogger_disable.log
2014-10-02 22:54 - 2014-10-02 22:54 - 00000166 _____ () C:\Users\nots0\defogger_reenable
2014-10-02 21:46 - 2014-10-02 22:05 - 00000000 ____D () C:\Users\nots0\AppData\Roaming\FreeFixer
2014-10-02 21:46 - 2014-10-02 21:54 - 00000000 ____D () C:\Users\nots0\AppData\Local\FreeFixer
2014-10-02 21:40 - 2014-10-09 15:32 - 00000000 ____D () C:\Program Files\FreeFixer
2014-10-02 21:40 - 2014-10-02 21:40 - 02666167 _____ (Kephyr) C:\Users\nots0\Downloads\freefixersetup.exe
2014-10-02 21:10 - 2014-10-02 21:11 - 111461616 _____ (Microsoft Corporation) C:\Users\nots0\Downloads\mpam-fe.exe
2014-10-02 21:03 - 2014-10-09 18:57 - 00023891 _____ () C:\Users\nots0\Desktop\attach.txt
2014-10-02 21:03 - 2014-10-09 18:57 - 00013165 _____ () C:\Users\nots0\Desktop\dds.txt
2014-10-02 21:00 - 2014-10-02 21:00 - 00688992 ____R (Swearware) C:\Users\nots0\Downloads\dds(1).scr
2014-10-02 20:59 - 2014-10-02 21:00 - 00688992 _____ (Swearware) C:\Users\nots0\Downloads\dds.scr
2014-10-02 05:48 - 2014-10-02 05:48 - 00006789 _____ () C:\Users\nots0\Downloads\hijackthis2.log
2014-10-02 04:14 - 2014-10-02 04:14 - 00380416 _____ () C:\Users\nots0\Downloads\i7tjqdjp.exe
2014-10-02 04:07 - 2014-10-02 04:07 - 00000000 ____D () C:\Users\nots0\AppData\Roaming\FixZeroAccess
2014-10-02 04:06 - 2014-10-02 04:07 - 01805736 _____ (Symantec Corporation) C:\Users\nots0\Downloads\FixZeroAccess.exe
2014-10-02 00:09 - 2014-10-02 00:10 - 00068690 _____ () C:\Users\nots0\Downloads\Result.txt
2014-10-02 00:08 - 2014-10-02 00:08 - 00401920 _____ (Farbar) C:\Users\nots0\Downloads\MiniToolBox.exe
2014-10-01 15:06 - 2014-10-01 15:06 - 00002141 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TuneUp Utilities 2014.lnk
2014-10-01 15:06 - 2014-04-15 15:59 - 00036664 _____ (TuneUp Software) C:\Windows\system32\TURegOpt.exe
2014-10-01 15:06 - 2014-04-15 15:59 - 00025400 _____ (TuneUp Software) C:\Windows\system32\authuitu.dll
2014-10-01 15:00 - 2014-10-01 15:00 - 00001004 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Total Uninstall 6.lnk
2014-10-01 14:16 - 2014-10-01 14:19 - 00000000 ___SD () C:\ComboFix
2014-10-01 14:13 - 2014-10-01 14:13 - 05582345 ____R (Swearware) C:\Users\nots0\Downloads\ComboFix.exe
2014-10-01 13:06 - 2014-10-01 13:06 - 00000218 _____ () C:\Users\nots0\AppData\Local\recently-used.xbel
2014-10-01 12:16 - 2014-10-01 13:06 - 00000000 ____D () C:\Users\nots0\.zenmap
2014-10-01 12:16 - 2014-10-01 12:16 - 00000000 ____D () C:\Users\nots0\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Nmap
2014-10-01 12:14 - 2014-10-01 12:16 - 00000000 ____D () C:\Program Files\Nmap
2014-10-01 12:13 - 2014-10-01 12:13 - 27111830 _____ (Insecure.org) C:\Users\nots0\Downloads\nmap-6.47-setup.exe
2014-10-01 11:21 - 2014-10-01 11:22 - 00065144 _____ () C:\Users\nots0\Downloads\Addition.txt
2014-10-01 11:19 - 2014-10-10 16:13 - 00000000 ____D () C:\FRST
2014-10-01 11:07 - 2014-10-01 12:03 - 00007227 _____ () C:\Users\nots0\Downloads\hijackthis.log
2014-10-01 11:01 - 2014-10-01 11:01 - 00388608 _____ (Trend Micro Inc.) C:\Users\nots0\Downloads\HijackThis.exe
2014-10-01 10:45 - 2014-10-01 12:27 - 00000055 _____ () C:\Users\nots0\Downloads\FixWelch.log
2014-10-01 10:44 - 2014-10-01 10:44 - 00175256 _____ (Symantec Corporation) C:\Users\nots0\Downloads\FixWelch.exe
2014-10-01 10:38 - 2014-10-09 23:01 - 00034808 _____ () C:\Windows\system32\Drivers\TrueSight.sys
2014-10-01 10:38 - 2014-10-01 10:38 - 00000000 ____D () C:\ProgramData\RogueKiller
2014-10-01 10:37 - 2014-10-01 10:42 - 183376808 _____ (BeyondTrust, Inc.) C:\Users\nots0\Downloads\RetinaNetworkCommunity_EN.exe
2014-10-01 10:31 - 2014-10-01 10:31 - 04893784 _____ () C:\Users\nots0\Downloads\RogueKiller.exe
2014-10-01 08:48 - 2014-10-01 15:06 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TuneUp Utilities 2014
2014-10-01 08:48 - 2014-10-01 15:06 - 00000000 ____D () C:\Program Files\TuneUp Utilities 2014
2014-10-01 08:48 - 2014-10-01 08:48 - 00000000 ____D () C:\Users\nots0\AppData\Local\TuneUp Software
2014-10-01 08:29 - 2014-10-01 08:29 - 00000000 ____D () C:\ProgramData\Martau
2014-10-01 08:28 - 2014-10-01 15:00 - 00000000 ____D () C:\Program Files\Total Uninstall 6
2014-10-01 08:16 - 2014-10-01 08:16 - 00347816 _____ (Microsoft Corporation) C:\Users\nots0\Downloads\MicrosoftFixit.ProgramInstallUninstall.MATSKB.Run(1).exe
2014-09-28 06:54 - 2014-09-28 06:54 - 00001571 _____ () C:\Users\Public\Desktop\sine mora.lnk
2014-09-28 06:53 - 2014-09-28 06:53 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Kalypso Media
2014-09-27 21:55 - 2014-09-27 21:55 - 00000000 ____D () C:\ProgramData\RELOADED
2014-09-27 20:52 - 2014-09-27 20:52 - 00001853 _____ () C:\Users\Public\Desktop\mark of the ninja.lnk
2014-09-27 20:52 - 2014-09-27 20:52 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Studios
2014-09-27 20:47 - 2014-09-27 20:47 - 00000587 _____ () C:\Users\Public\Desktop\torchlight 2.lnk
2014-09-27 20:35 - 2014-09-27 20:35 - 00001104 _____ () C:\Users\nots0\Desktop\dust an elysian tail.lnk
2014-09-27 16:45 - 2014-09-27 16:45 - 00000703 _____ () C:\Users\nots0\Desktop\metal slug.lnk
2014-09-27 16:44 - 2014-09-27 16:44 - 00000000 ____D () C:\Users\nots0\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\SNK PLAYMORE
2014-09-27 14:16 - 2014-09-27 14:16 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PP助手2.0
2014-09-27 14:16 - 2014-09-27 14:16 - 00000000 ____D () C:\Program Files\PP助手2.0
2014-09-27 14:15 - 2014-09-27 14:15 - 19521328 _____ (广州铁人网络科技有限公司) C:\Users\nots0\Downloads\ppsetup(1).exe
2014-09-27 14:05 - 2014-09-27 14:05 - 21933992 _____ () C:\Users\nots0\Downloads\Tongbu_Setup_2.19.2_zsgw.exe
2014-09-27 10:48 - 2014-09-27 10:48 - 00000000 ____D () C:\ProgramData\FaceOnBody2
2014-09-27 10:43 - 2014-09-27 10:45 - 00000000 ____D () C:\Program Files\FaceOnBody2
2014-09-27 10:43 - 2014-09-27 10:43 - 00000000 ____D () C:\Users\nots0\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\FaceOnBody2
2014-09-27 10:43 - 2014-09-27 10:43 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\FaceOnBody2
2014-09-26 23:21 - 2014-09-26 23:21 - 00402696 _____ () C:\Users\nots0\Downloads\setup(1).exe
2014-09-25 20:30 - 2014-09-25 20:30 - 00699016 _____ (CNET Download.com) C:\Users\nots0\Downloads\cbsidlm-cbsi213-Always_On_Top-SEO-10674027.exe
2014-09-24 21:02 - 2014-09-27 16:46 - 00000895 _____ () C:\Users\nots0\Desktop\btd 5.lnk
2014-09-24 21:01 - 2014-09-24 21:01 - 00000000 ____D () C:\Users\nots0\AppData\Roaming\com.ninjakiwi.BloonsTD5Deluxe
2014-09-24 21:00 - 2014-09-24 21:00 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Bloons TD 5 Deluxe
 
==================== One Month Modified Files and Folders =======
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2014-10-10 16:12 - 2014-03-18 09:57 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-10-10 14:02 - 2013-11-26 19:38 - 00000000 ____D () C:\Users\nots0\AppData\Roaming\Vso
2014-10-10 14:02 - 2013-11-26 19:38 - 00000000 ____D () C:\ProgramData\VSO
2014-10-10 14:02 - 2013-03-09 22:11 - 00000000 ____D () C:\Users\nots0\AppData\Roaming\DAEMON Tools Pro
2014-10-10 14:02 - 2013-03-09 14:36 - 00000000 ____D () C:\Users\nots0\AppData\Roaming\uTorrent
2014-10-10 14:00 - 2014-07-30 04:12 - 00000000 ____D () C:\Users\nots0\AppData\Local\CrashDumps
2014-10-10 13:17 - 2013-03-10 09:04 - 00000000 ____D () C:\Users\nots0\AppData\Roaming\vlc
2014-10-09 23:22 - 2013-07-12 13:37 - 00000000 ____D () C:\Users\nots0\My Books
2014-10-09 23:20 - 2013-06-29 14:41 - 00000000 ___RD () C:\Users\nots0\Desktop\incoming
2014-10-09 23:06 - 2014-07-06 06:33 - 00110296 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-10-09 20:46 - 2013-03-09 18:27 - 00000000 ____D () C:\Users\nots0\AppData\Local\Deployment
2014-10-09 20:39 - 2014-03-18 09:36 - 00000000 ____D () C:\Program Files\Bonjour
2014-10-09 15:45 - 2014-04-29 17:41 - 00000000 ____D () C:\Users\nots0\Documents\ihelper
2014-10-09 15:38 - 2013-05-08 19:49 - 00000000 ____D () C:\Windows\Minidump
2014-10-09 15:34 - 2014-06-27 10:23 - 00000000 ____D () C:\Program Files\Pidgin
2014-10-07 12:44 - 2013-03-09 14:28 - 00000000 ____D () C:\Users\nots0
2014-10-02 23:59 - 2013-03-23 22:14 - 00000000 ____D () C:\Program Files\World of Warcraft Public Test
2014-10-02 23:57 - 2014-04-06 19:10 - 00000000 ____D () C:\Users\nots0\AppData\Local\Battle.net
2014-10-02 23:57 - 2014-04-06 19:09 - 00000000 ____D () C:\Program Files\Battle.net
2014-10-02 23:33 - 2009-07-14 00:34 - 00010016 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-10-02 23:33 - 2009-07-14 00:34 - 00010016 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-10-02 23:28 - 2013-03-09 14:40 - 00000000 ____D () C:\ProgramData\NVIDIA
2014-10-02 23:28 - 2009-07-14 00:53 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-10-02 21:26 - 2014-03-13 12:00 - 00000000 ____D () C:\Program Files\Common Files\Skype
2014-10-01 15:15 - 2014-01-26 08:10 - 00000000 __SHD () C:\ProgramData\{FE8D473A-6F06-4F99-B5F4-BED72B2A038C}
2014-10-01 14:55 - 2013-05-06 00:36 - 00000000 ____D () C:\Windows\pss
2014-10-01 14:16 - 2014-02-25 16:18 - 00000000 ____D () C:\Qoobox
2014-10-01 13:53 - 2013-03-10 00:49 - 00000000 ____D () C:\Program Files\Microsoft Baseline Security Analyzer 2
2014-10-01 13:53 - 2009-07-13 22:37 - 00000000 ____D () C:\Windows\system32\wfp
2014-10-01 13:53 - 2009-07-13 22:37 - 00000000 ____D () C:\Windows\registration
2014-10-01 13:53 - 2009-07-13 22:37 - 00000000 ____D () C:\Windows\AppCompat
2014-10-01 13:52 - 2013-12-19 17:35 - 00000000 ____D () C:\ProgramData\Apple Computer
2014-10-01 13:52 - 2013-12-19 17:34 - 00000000 ____D () C:\Users\nots0\AppData\Local\Apple
2014-10-01 13:52 - 2013-12-19 17:34 - 00000000 ____D () C:\ProgramData\Apple
2014-09-30 08:29 - 2013-04-11 21:54 - 00000000 ____D () C:\Program Files\Mozilla Maintenance Service
2014-09-28 09:05 - 2013-03-14 15:57 - 00000000 ____D () C:\Users\nots0\AppData\Roaming\mIRC
2014-09-28 06:50 - 2013-05-22 12:52 - 00000000 ____D () C:\Games
2014-09-27 21:55 - 2013-06-19 16:28 - 00000000 ____D () C:\Users\nots0\Documents\My Games
2014-09-27 20:56 - 2013-09-14 20:48 - 00000000 ____D () C:\Users\nots0\AppData\Local\SKIDROW
2014-09-27 14:08 - 2014-08-26 17:52 - 00000000 ____D () C:\Users\nots0\Documents\Tongbu
2014-09-27 10:50 - 2014-03-31 14:08 - 00000000 ____D () C:\Program Files\Mozilla Firefox
2014-09-24 11:01 - 2013-03-09 14:44 - 00701104 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe
2014-09-24 11:01 - 2013-03-09 14:44 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl
2014-09-19 21:36 - 2014-08-08 15:28 - 00000000 ____D () C:\Users\nots0\AppData\Roaming\.minecraft
2014-09-15 09:06 - 2013-03-09 14:47 - 00231568 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe
 
Files to move or delete:
====================
C:\ProgramData\win_mpwd_sys.dat
 
 
==================== Bamital & volsnap Check =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed
 
 
LastRegBack: 2014-10-06 13:32
 
==================== End Of Log ============================

 

 

 

Additional scan result of Farbar Recovery Scan Tool (x86) Version: 08-10-2014 01

Ran by nots0 at 2014-10-10 16:14:08
Running from C:\Users\nots0\Downloads
Boot Mode: Normal
==========================================================
 
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
AV: Microsoft Security Essentials (Enabled - Up to date) {641105E6-77ED-3F35-A304-765193BCB75F}
AS: Windows Defender (Disabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Microsoft Security Essentials (Enabled - Up to date) {DF70E402-51D7-30BB-99B4-4D23E83BFDE2}
 
==================== Installed Programs ======================
 
(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
µTorrent (HKCU\...\uTorrent) (Version: 3.4.2.32354 - BitTorrent Inc.)
Adobe AIR (HKLM\...\Adobe AIR) (Version: 3.1.0.4880 - Adobe Systems Incorporated)
Adobe AIR (Version: 3.1.0.4880 - Adobe Systems Incorporated) Hidden
Adobe Dreamweaver CC (HKLM\...\{00E094E1-A852-11E2-803D-ACEA632352B4}) (Version: 13 - Adobe Systems Incorporated)
Adobe Fireworks CS6 (HKLM\...\{CA7C485C-7A89-11E1-B2C8-CD54B377BC52}) (Version: 12.0.0 - Adobe Systems Incorporated)
Adobe Flash Player 15 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 15.0.0.167 - Adobe Systems Incorporated)
Adobe Flash Player 15 Plugin (HKLM\...\Adobe Flash Player Plugin) (Version: 15.0.0.152 - Adobe Systems Incorporated)
Adobe Photoshop CC (HKLM\...\{2D99B50E-431D-4AA8-85C1-172A6F8BCF09}) (Version: 14.0 - Adobe Systems Incorporated)
Adobe Update Management Tool (HKLM\...\{534A7A1A-7102-4AF6-23EA-7CD279C7B625}_is1) (Version: 6.2 - PainteR)
Adobe Widget Browser (HKLM\...\com.adobe.WidgetBrowser) (Version: 2.0 Build 348 - Adobe Systems Incorporated.)
Adobe Widget Browser (Version: 2.0.348 - Adobe Systems Incorporated.) Hidden
Angry Birds Star Wars II 1.0.4 (HKLM\...\Angry Birds Star Wars II 1.0.4) (Version: 1.0.4 - Cat-A-Cat)
Apple Application Support (HKLM\...\{AAC5D43E-816D-4C2D-8E51-55FFF35BE301}) (Version: 3.0.1 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{18D47FA1-0440-48D3-A7E0-DA09537FF471}) (Version: 7.1.1.3 - Apple Inc.)
Apple Software Update (HKLM\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
Battle.net (HKLM\...\Battle.net) (Version:  - Blizzard Entertainment)
Better File Rename 5.44 (HKLM\...\Better File Rename_is1) (Version:  - publicspace.net)
Bloons TD 5 Deluxe version 1.21 (HKLM\...\Bloons TD 5 Deluxe_is1) (Version: 1.21 - )
CCleaner (HKLM\...\CCleaner) (Version: 4.13 - Piriform)
D3DX10 (Version: 15.4.2368.0902 - Microsoft) Hidden
DAEMON Tools Pro (HKLM\...\DAEMON Tools Pro) (Version: 5.2.0.0348 - DT Soft Ltd)
Definition Update for Microsoft Office 2013 (KB2760587) 32-Bit Edition (HKLM\...\{90150000-0011-0000-0000-0000000FF1CE}_Office15.PROPLUS_{9D8D67FD-8FAB-4B98-A121-4CFA10380058}) (Version:  - Microsoft)
Diablo III (HKLM\...\Diablo III) (Version:  - Blizzard Entertainment)
Dust: An Elysian Tail (HKLM\...\Dust: An Elysian Tail_is1) (Version:  - Microsoft Studios)
Folder Size (HKLM\...\{FC8D21C8-7B29-4104-ADB0-FEE9CA1C7922}) (Version: 2.6 - Brio)
Foxit Advanced PDF Editor 3 (HKLM\...\B521582C-6BE3-491D-BCC8-FFB8301298E9_is1) (Version: 3.0.5.0 - Foxit Corporation)
Ghostbuster (HKCU\...\585841693e8401e3) (Version: 1.0.0.0 - Ghostbuster)
Google Chrome (HKLM\...\Google Chrome) (Version: 37.0.2062.124 - Google Inc.)
Google Update Helper (Version: 1.3.23.9 - Google Inc.) Hidden
ImgBurn (HKLM\...\ImgBurn) (Version: 2.5.7.0 - LIGHTNING UK!)
iTunes (HKLM\...\{2F21564D-DE05-4C6D-B21E-08B9D313FAB3}) (Version: 11.1.5.5 - Apple Inc.)
Java 7 Update 51 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F83217025FF}) (Version: 7.0.510 - Oracle)
Java Auto Updater (Version: 2.1.9.8 - Sun Microsystems, Inc.) Hidden
MakeTorrent v2.1 (HKLM\...\MakeTorrent 2) (Version:  - )
Malwarebytes Anti-Exploit version 1.04.1.1012 (HKLM\...\Malwarebytes Anti-Exploit_is1) (Version: 1.04.1.1012 - Malwarebytes)
Malwarebytes Anti-Malware version 2.0.2.1012 (HKLM\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.2.1012 - Malwarebytes Corporation)
Mark of the Ninja Special Edition (HKLM\...\Mark of the Ninja Special Edition_is1) (Version:  - )
Metal Slug Complete PC 1.0 (HKLM\...\Metal Slug Complete PC) (Version: 1.0 - SNK PLAYMORE)
Microsoft .NET Framework 4.5 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50709 - Microsoft Corporation)
Microsoft .NET Framework 4.5 (Version: 4.5.50709 - Microsoft Corporation) Hidden
Microsoft Access MUI (English) 2013 (Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
Microsoft Access Setup Metadata MUI (English) 2013 (Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
Microsoft Application Error Reporting (Version: 12.0.6012.5000 - Microsoft Corporation) Hidden
Microsoft Baseline Security Analyzer 2.2 (HKLM\...\{13CD417D-F1F1-4AC4-945D-FDDEB884756F}) (Version: 2.2.2170 - Microsoft Corporation)
Microsoft DCF MUI (English) 2013 (Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
Microsoft Excel MUI (English) 2013 (Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
Microsoft Games for Windows - LIVE Redistributable (HKLM\...\{8FB1B528-E260-451E-9B55-E9152F94B80B}) (Version: 3.2.3.0 - Microsoft Corporation)
Microsoft Groove MUI (English) 2013 (Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
Microsoft InfoPath MUI (English) 2013 (Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
Microsoft Lync MUI (English) 2013 (Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
Microsoft Mouse and Keyboard Center (HKLM\...\Microsoft Mouse and Keyboard Center) (Version: 2.2.173.0 - Microsoft Corporation)
Microsoft Mouse and Keyboard Center (Version: 2.2.173.0 - Microsoft Corporation) Hidden
Microsoft Office OSM MUI (English) 2013 (Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
Microsoft Office OSM UX MUI (English) 2013 (Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
Microsoft Office Professional Plus 2013 (HKLM\...\Office15.PROPLUS) (Version: 15.0.4569.1506 - Microsoft Corporation)
Microsoft Office Professional Plus 2013 (Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
Microsoft Office Proofing (English) 2013 (Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
Microsoft Office Proofing Tools 2013 - English (Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
Microsoft Office Proofing Tools 2013 - Español (Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
Microsoft Office Shared MUI (English) 2013 (Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
Microsoft Office Shared Setup Metadata MUI (English) 2013 (Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
Microsoft OneNote MUI (English) 2013 (Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
Microsoft Outlook MUI (English) 2013 (Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
Microsoft PowerPoint MUI (English) 2013 (Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
Microsoft Publisher MUI (English) 2013 (Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
Microsoft Report Viewer Redistributable 2005 (HKLM\...\Microsoft Report Viewer Redistributable 2005) (Version:  - Microsoft Corporation)
Microsoft Report Viewer Redistributable 2005 (Version: 8.0.56405 - Microsoft Corporation) Hidden
Microsoft Security Client (Version: 4.5.0216.0 - Microsoft Corporation) Hidden
Microsoft Security Essentials (HKLM\...\Microsoft Security Client) (Version: 4.5.216.0 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30214.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005 (HKLM\...\{ce085a78-074e-4823-8dc1-8a721b94b76d}) (Version: 12.0.21005.1 - Microsoft Corporation)
Microsoft Visual C++ 2013 x86 Additional Runtime - 12.0.21005 (Version: 12.0.21005 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2013 x86 Minimum Runtime - 12.0.21005 (Version: 12.0.21005 - Microsoft Corporation) Hidden
Microsoft Word MUI (English) 2013 (Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
Minecraft1.7.2 (HKLM\...\Minecraft1.7.2) (Version:  - )
Movie Maker (Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Mozilla Firefox 32.0.3 (x86 en-US) (HKLM\...\Mozilla Firefox 32.0.3 (x86 en-US)) (Version: 32.0.3 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 30.0 - Mozilla)
MSVCRT (Version: 15.4.2862.0708 - Microsoft) Hidden
MSVCRT110 (Version: 16.4.1108.0727 - Microsoft) Hidden
MSXML 4.0 SP2 (KB954430) (HKLM\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
Nmap 6.47 (HKLM\...\Nmap) (Version:  - )
NVIDIA 3D Vision Driver 335.23 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 335.23 - NVIDIA Corporation)
NVIDIA Control Panel 335.23 (Version: 335.23 - NVIDIA Corporation) Hidden
NVIDIA Graphics Driver 335.23 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 335.23 - NVIDIA Corporation)
NVIDIA Install Application (Version: 2.1002.147.1067 - NVIDIA Corporation) Hidden
NVIDIA Stereoscopic 3D Driver (Version: 7.17.13.3523 - NVIDIA Corporation) Hidden
Opera Stable 21.0.1432.67 (HKLM\...\Opera 21.0.1432.67) (Version: 21.0.1432.67 - Opera Software ASA)
Outils de vérification linguistique 2013 de Microsoft Office - Français (Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
PDF Settings CC (Version: 12.0 - Adobe Systems Incorporated) Hidden
Photo Gallery (Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Platform (Version: 1.34 - VIA Technologies, Inc.) Hidden
PP助手2.0 (HKLM\...\PP助手2.0 Win版) (Version: 2.2.1.4268 - 广州铁人网络科技有限公司)
Project64 1.6 (HKLM\...\{9559F7CA-5E34-4237-A2D9-D856464AD727}) (Version: 1.6 - Project64)
QuickPar 0.9 (HKLM\...\QuickPar) (Version: 0.9 - Peter B. Clements)
Service Pack 1 for Microsoft Office 2013 (KB2850036) 32-Bit Edition (HKLM\...\{90150000-0011-0000-0000-0000000FF1CE}_Office15.PROPLUS_{7F6C4883-A18C-459A-82C1-A2F9403F2DA6}) (Version:  - Microsoft)
Service Pack 1 for Microsoft Office 2013 (KB2850036) 32-Bit Edition (Version:  - Microsoft) Hidden
Sesame Street - Learn, Play & Grow (HKLM\...\{33785AE7-2203-4D93-B6B3-35B7CC3C4906}) (Version: 1.0.2.2 - Nova Development)
Shovel Knight (HKLM\...\1207664823_is1) (Version: 2.3.0.9 - GOG.com)
Sine Mora (HKLM\...\Sine Mora_is1) (Version:  - )
Skype™ 6.14 (HKLM\...\{7A3C7E05-EE37-47D6-99E1-2EB05A3DA3F7}) (Version: 6.14.104 - Skype Technologies S.A.)
SpongeBob SquarePants Typing version 1.0 (HKLM\...\{C57EA3D6-3B9F-4369-8231-53990AE74510}_is1) (Version: 1.0 - Encore Software)
Subway Surfers 1.0 (HKLM\...\Subway Surfers 1.0) (Version: 1.0 - Cat-A-Cat)
Tag&Rename 3.6.6 (HKLM\...\Tag&Rename_is1) (Version: 3.6.6 - Softpointer Inc)
TopMost (HKLM\...\{EC11C41E-536B-4B39-BB35-812728C0218E}) (Version: 1.0.0 - Alon Kadury)
Torchlight II © Runic Games version 1 (HKLM\...\Torchlight II © Runic Games_is1) (Version: 1 - )
Total Uninstall 6.2.1 (HKLM\...\Total Uninstall 6_is1) (Version: 6.2.1 - Gavrila Martau)
TuneUp Utilities 2014 (en-US) (Version: 14.0.1000.296 - TuneUp Software) Hidden
TuneUp Utilities 2014 (HKLM\...\TuneUp Utilities) (Version: 14.0.1000.296 - TuneUp Software)
TuneUp Utilities 2014 (Version: 14.0.1000.296 - TuneUp Software) Hidden
TuneUp Utilities Language Pack (en-US) (Version: 13.0.2013.194 - TuneUp Software) Hidden
Update for Microsoft Excel 2013 (KB2752087) 32-Bit Edition (HKLM\...\{90150000-0011-0000-0000-0000000FF1CE}_Office15.PROPLUS_{90060D4D-6BB2-4B29-B804-3C23563EEA6B}) (Version:  - Microsoft)
Update for Microsoft Excel 2013 (KB2752087) 32-Bit Edition (HKLM\...\{90150000-0016-0409-0000-0000000FF1CE}_Office15.PROPLUS_{90060D4D-6BB2-4B29-B804-3C23563EEA6B}) (Version:  - Microsoft)
Update for Microsoft Excel 2013 (KB2752087) 32-Bit Edition (HKLM\...\{90150000-0018-0409-0000-0000000FF1CE}_Office15.PROPLUS_{90060D4D-6BB2-4B29-B804-3C23563EEA6B}) (Version:  - Microsoft)
Update for Microsoft Excel 2013 (KB2752087) 32-Bit Edition (HKLM\...\{90150000-001B-0409-0000-0000000FF1CE}_Office15.PROPLUS_{90060D4D-6BB2-4B29-B804-3C23563EEA6B}) (Version:  - Microsoft)
Update for Microsoft Lync 2013 (KB2817678) 32-Bit Edition (HKLM\...\{90150000-012B-0409-0000-0000000FF1CE}_Office15.PROPLUS_{AC57CF13-C24E-4C00-969F-5394DAE589C5}) (Version:  - Microsoft)
Update for Microsoft Lync 2013 (KB2863908) 32-Bit Edition (HKLM\...\{90150000-0011-0000-0000-0000000FF1CE}_Office15.PROPLUS_{6764E50D-D076-41BC-B069-08DD488AE88B}) (Version:  - Microsoft)
Update for Microsoft Lync 2013 (KB2863908) 32-Bit Edition (HKLM\...\{90150000-012B-0409-0000-0000000FF1CE}_Office15.PROPLUS_{E9F5EDF4-654C-40A3-8181-D558AD8EFFE6}) (Version:  - Microsoft)
Update for Microsoft Office 2013 (KB2760344) 32-Bit Edition (HKLM\...\{90150000-0011-0000-0000-0000000FF1CE}_Office15.PROPLUS_{A7610F07-E844-4444-8E1D-D5BC8AD0B4C5}) (Version:  - Microsoft)
Update for Microsoft Office 2013 (KB2760544) 32-Bit Edition (HKLM\...\{90150000-0011-0000-0000-0000000FF1CE}_Office15.PROPLUS_{45B7D395-EB9B-414F-9E46-5849B42326E2}) (Version:  - Microsoft)
Update for Microsoft Office 2013 (KB2768012) 32-Bit Edition (HKLM\...\{90150000-0011-0000-0000-0000000FF1CE}_Office15.PROPLUS_{66421820-D3CA-450A-898C-78D7E40108E6}) (Version:  - Microsoft)
Update for Microsoft Office 2013 (KB2817636) 32-Bit Edition (HKLM\...\{90150000-0011-0000-0000-0000000FF1CE}_Office15.PROPLUS_{2D355F71-076A-42AD-8747-6132105441F4}) (Version:  - Microsoft)
Update for Microsoft Office 2013 (KB2817636) 32-Bit Edition (HKLM\...\{90150000-006E-0409-0000-0000000FF1CE}_Office15.PROPLUS_{2D355F71-076A-42AD-8747-6132105441F4}) (Version:  - Microsoft)
Update for Microsoft Office 2013 (KB2825631) 32-Bit Edition (HKLM\...\{90150000-0011-0000-0000-0000000FF1CE}_Office15.PROPLUS_{E458713D-E208-4098-A155-EA1152F9B301}) (Version:  - Microsoft)
Update for Microsoft Office 2013 (KB2825631) 32-Bit Edition (HKLM\...\{90150000-006E-0409-0000-0000000FF1CE}_Office15.PROPLUS_{E458713D-E208-4098-A155-EA1152F9B301}) (Version:  - Microsoft)
Update for Microsoft Office 2013 (KB2827272) 32-Bit Edition (HKLM\...\{90150000-0011-0000-0000-0000000FF1CE}_Office15.PROPLUS_{5A645CF3-3C40-4172-BCEB-19E3FC855266}) (Version:  - Microsoft)
Update for Microsoft Office 2013 (KB2827272) 32-Bit Edition (HKLM\...\{90150000-0016-0409-0000-0000000FF1CE}_Office15.PROPLUS_{5A645CF3-3C40-4172-BCEB-19E3FC855266}) (Version:  - Microsoft)
Update for Microsoft Office 2013 (KB2827272) 32-Bit Edition (HKLM\...\{90150000-0090-0409-0000-0000000FF1CE}_Office15.PROPLUS_{5A645CF3-3C40-4172-BCEB-19E3FC855266}) (Version:  - Microsoft)
Update for Microsoft Office 2013 (KB2863825) 32-Bit Edition (HKLM\...\{90150000-0011-0000-0000-0000000FF1CE}_Office15.PROPLUS_{96754DD8-5AF9-4CF8-A5A9-19770CD9AFBC}) (Version:  - Microsoft)
Update for Microsoft Office 2013 (KB2863843) 32-Bit Edition (HKLM\...\{90150000-0011-0000-0000-0000000FF1CE}_Office15.PROPLUS_{AD7045B8-1D75-4B4C-8120-12F045D206C7}) (Version:  - Microsoft)
Update for Microsoft Office 2013 (KB2863844) 32-Bit Edition (HKLM\...\{90150000-0011-0000-0000-0000000FF1CE}_Office15.PROPLUS_{8AEAF88E-A488-4C1E-B10D-F00143BA650F}) (Version:  - Microsoft)
Update for Microsoft Office 2013 (KB2863860) 32-Bit Edition (HKLM\...\{90150000-0011-0000-0000-0000000FF1CE}_Office15.PROPLUS_{4E47A3B9-D863-4CE7-9488-847F2981361B}) (Version:  - Microsoft)
Update for Microsoft OneDrive for Business (KB2863864) 32-Bit Edition (HKLM\...\{90150000-0011-0000-0000-0000000FF1CE}_Office15.PROPLUS_{48D4C003-065C-460C-A864-BB18A159F3D6}) (Version:  - Microsoft)
Update for Microsoft OneDrive for Business (KB2863864) 32-Bit Edition (HKLM\...\{90150000-00BA-0409-0000-0000000FF1CE}_Office15.PROPLUS_{48D4C003-065C-460C-A864-BB18A159F3D6}) (Version:  - Microsoft)
Update for Microsoft OneNote 2013 (KB2817628) 32-Bit Edition (HKLM\...\{90150000-0011-0000-0000-0000000FF1CE}_Office15.PROPLUS_{DF36A224-4C72-4FF4-9961-CD4873DDAE6C}) (Version:  - Microsoft)
Update for Microsoft OneNote 2013 (KB2817628) 32-Bit Edition (HKLM\...\{90150000-00A1-0409-0000-0000000FF1CE}_Office15.PROPLUS_{DF36A224-4C72-4FF4-9961-CD4873DDAE6C}) (Version:  - Microsoft)
Update for Microsoft Outlook 2013 (KB2863911) 32-Bit Edition (HKLM\...\{90150000-0011-0000-0000-0000000FF1CE}_Office15.PROPLUS_{6022B459-32A4-4318-A9A4-815C0BCEF977}) (Version:  - Microsoft)
Update for Microsoft Outlook 2013 (KB2863911) 32-Bit Edition (HKLM\...\{90150000-001A-0409-0000-0000000FF1CE}_Office15.PROPLUS_{84AA6F34-E9B5-46EC-BFE6-AFB45509AF40}) (Version:  - Microsoft)
Update for Microsoft PowerPoint 2013 (KB2837627) 32-Bit Edition (HKLM\...\{90150000-0011-0000-0000-0000000FF1CE}_Office15.PROPLUS_{CA8215E2-4E68-4BCA-BBEB-D4ED8140F037}) (Version:  - Microsoft)
Update for Microsoft PowerPoint 2013 (KB2837627) 32-Bit Edition (HKLM\...\{90150000-0018-0409-0000-0000000FF1CE}_Office15.PROPLUS_{CA8215E2-4E68-4BCA-BBEB-D4ED8140F037}) (Version:  - Microsoft)
Update for Microsoft Visio Viewer 2013 (KB2817301) 32-Bit Edition (HKLM\...\{90150000-0011-0000-0000-0000000FF1CE}_Office15.PROPLUS_{25C61889-2E44-4BE1-9E96-9364BFDCF501}) (Version:  - Microsoft)
Update for Microsoft Visio Viewer 2013 (KB2817301) 32-Bit Edition (HKLM\...\{90150000-006E-0409-0000-0000000FF1CE}_Office15.PROPLUS_{25C61889-2E44-4BE1-9E96-9364BFDCF501}) (Version:  - Microsoft)
Update for Microsoft Word 2013 (KB2863909) 32-Bit Edition (HKLM\...\{90150000-0011-0000-0000-0000000FF1CE}_Office15.PROPLUS_{FF3BD143-BA46-4948-A71F-5B07AA1706BB}) (Version:  - Microsoft)
Uplay (HKLM\...\Uplay) (Version: 2.0 - Ubisoft)
Ventrilo Client (HKLM\...\{789289CA-F73A-4A16-A331-54D498CE069F}) (Version: 3.0.8 - Flagship Industries, Inc.)
VIA Platform Device Manager (HKLM\...\InstallShield_{20D4A895-748C-4D88-871C-FDB1695B0169}) (Version: 1.34 - VIA Technologies, Inc.)
VirtualDUB Pack (HKLM\...\VirtualDUB Pack) (Version:  - )
VLC media player 2.1.0 (HKLM\...\VLC media player) (Version: 2.1.0 - VideoLAN)
VSO ConvertXToDVD (HKLM\...\{CE1F93C0-4353-4C9D-84DA-AB4E7C63ED32}_is1) (Version: 5.0.0.74 - VSO Software)
Winamp (HKLM\...\Winamp) (Version: 5.666  - Nullsoft, Inc)
Window Hide Tool 2.0 (HKLM\...\Window Hide Tool_is1) (Version:  - FOMINE SOFTWARE)
Windows 7 USB/DVD Download Tool (HKLM\...\{3577E42B-3347-4EB8-BFDA-D36E8ED3C519}) (Version: 1.0.24.0 - Microsoft Corporation)
Windows Live Communications Platform (Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Windows Live ID Sign-in Assistant (Version: 7.250.4311.0 - Microsoft Corporation) Hidden
Windows Live Installer (Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Windows Live Photo Common (Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Windows Live PIMT Platform (Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Windows Live SOXE (Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Windows Live SOXE Definitions (Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Windows Live UX Platform (Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Windows Live UX Platform Language Pack (Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Windows Mobile Device Updater Component (Version: 04.08.2345.00 - Microsoft Corporation) Hidden
WinRAR 4.20 (32-bit) (HKLM\...\WinRAR archiver) (Version: 4.20.0 - win.rar GmbH)
World of Warcraft (HKLM\...\World of Warcraft) (Version:  - Blizzard Entertainment)
World of Warcraft Public Test (HKLM\...\World of Warcraft Public Test) (Version:  - Blizzard Entertainment)
Xilisoft iPhone Ringtone Maker (HKLM\...\Xilisoft iPhone Ringtone Maker) (Version: 3.0.6.20120613 - Xilisoft)
Xvid Video Codec (HKLM\...\Xvid Video Codec 1.3.2) (Version: 1.3.2 - Xvid Team)
YTD Toolbar v9.0 (HKLM\...\{9D47532D-59B3-4E15-8069-2E3FC4DA3E92}) (Version: 9.0 - Spigot, Inc.) <==== ATTENTION
YTD Video Downloader 4.8 (HKLM\...\{1a413f37-ed88-4fec-9666-5c48dc4b7bb7}) (Version: 4.8 - GreenTree Applications SRL)
Zune (HKLM\...\Zune) (Version: 04.08.2345.00 - Microsoft Corporation)
Zune (Version: 04.08.2345.00 - Microsoft Corporation) Hidden
Zune Language Pack (CHS) (Version: 04.08.2345.00 - Microsoft Corporation) Hidden
Zune Language Pack (CHT) (Version: 04.08.2345.00 - Microsoft Corporation) Hidden
Zune Language Pack (CSY) (Version: 04.08.2345.00 - Microsoft Corporation) Hidden
Zune Language Pack (DAN) (Version: 04.08.2345.00 - Microsoft Corporation) Hidden
Zune Language Pack (DEU) (Version: 04.08.2345.00 - Microsoft Corporation) Hidden
Zune Language Pack (ELL) (Version: 04.08.2345.00 - Microsoft Corporation) Hidden
Zune Language Pack (ESP) (Version: 04.08.2345.00 - Microsoft Corporation) Hidden
Zune Language Pack (FIN) (Version: 04.08.2345.00 - Microsoft Corporation) Hidden
Zune Language Pack (FRA) (Version: 04.08.2345.00 - Microsoft Corporation) Hidden
Zune Language Pack (HUN) (Version: 04.08.2345.00 - Microsoft Corporation) Hidden
Zune Language Pack (IND) (Version: 04.08.2345.00 - Microsoft Corporation) Hidden
Zune Language Pack (ITA) (Version: 04.08.2345.00 - Microsoft Corporation) Hidden
Zune Language Pack (JPN) (Version: 04.08.2345.00 - Microsoft Corporation) Hidden
Zune Language Pack (KOR) (Version: 04.08.2345.00 - Microsoft Corporation) Hidden
Zune Language Pack (MSL) (Version: 04.08.2345.00 - Microsoft Corporation) Hidden
Zune Language Pack (NLD) (Version: 04.08.2345.00 - Microsoft Corporation) Hidden
Zune Language Pack (NOR) (Version: 04.08.2345.00 - Microsoft Corporation) Hidden
Zune Language Pack (PLK) (Version: 04.08.2345.00 - Microsoft Corporation) Hidden
Zune Language Pack (PTB) (Version: 04.08.2345.00 - Microsoft Corporation) Hidden
Zune Language Pack (PTG) (Version: 04.08.2345.00 - Microsoft Corporation) Hidden
Zune Language Pack (RUS) (Version: 04.08.2345.00 - Microsoft Corporation) Hidden
Zune Language Pack (SVE) (Version: 04.08.2345.00 - Microsoft Corporation) Hidden
 
==================== Custom CLSID (selected items): ==========================
 
(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)
 
CustomCLSID: HKU\S-1-5-21-2709076479-299211639-3247174901-1000_Classes\CLSID\{006a54e5-f216-42b7-aab2-d8fc515c9cec}\InprocServer32 -> C:\Windows\system32\dfshim.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-2709076479-299211639-3247174901-1000_Classes\CLSID\{03bb1944-9f5c-4a4b-944e-13d04065dd89}\InprocServer32 -> C:\Windows\system32\dfshim.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-2709076479-299211639-3247174901-1000_Classes\CLSID\{04a5907b-4487-41c1-aab6-2b151d7e0445}\InprocServer32 -> C:\Windows\system32\dfshim.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-2709076479-299211639-3247174901-1000_Classes\CLSID\{083f5ae0-2b0a-11dd-bd0b-0800200c9a66}\InprocServer32 -> C:\Windows\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-2709076479-299211639-3247174901-1000_Classes\CLSID\{0a7197a2-c054-4489-b3d9-14a4d7899ac2}\InprocServer32 -> C:\Windows\system32\dfshim.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-2709076479-299211639-3247174901-1000_Classes\CLSID\{0c03a24f-e0ae-49d6-bd33-3b0f1b76abd1}\InprocServer32 -> C:\Windows\system32\dfshim.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-2709076479-299211639-3247174901-1000_Classes\CLSID\{0e3dd277-8f99-4c79-98a9-daab888bbded}\InprocServer32 -> C:\Windows\system32\dfshim.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-2709076479-299211639-3247174901-1000_Classes\CLSID\{10417cbf-0903-413f-941d-bdbb8e733bbc}\InprocServer32 -> C:\Windows\system32\dfshim.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-2709076479-299211639-3247174901-1000_Classes\CLSID\{11ee3f03-d4fb-4464-be4e-2714141969cc}\InprocServer32 -> C:\Windows\system32\dfshim.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-2709076479-299211639-3247174901-1000_Classes\CLSID\{1c492e6a-2803-5ed7-83e1-1b1d4d41eb39}\InprocServer32 -> C:\Program Files\Ubisoft\Ubisoft Game Launcher\npuplaypc.dll (Ubisoft)
CustomCLSID: HKU\S-1-5-21-2709076479-299211639-3247174901-1000_Classes\CLSID\{1d092695-9610-4a8e-b14f-25036476e9e5}\InprocServer32 -> C:\Windows\system32\dfshim.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-2709076479-299211639-3247174901-1000_Classes\CLSID\{2be61b4e-1566-4c71-a117-99c9c85ef2a0}\InprocServer32 -> C:\Windows\system32\dfshim.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-2709076479-299211639-3247174901-1000_Classes\CLSID\{2fbe8a6b-18b8-45d3-9bcb-3e5f4397c665}\InprocServer32 -> C:\Windows\system32\dfshim.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-2709076479-299211639-3247174901-1000_Classes\CLSID\{33a402f9-889f-403f-9862-7e5d363338d4}\InprocServer32 -> C:\Windows\system32\dfshim.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-2709076479-299211639-3247174901-1000_Classes\CLSID\{3ed7ba09-6333-4714-9f34-7fbb3270d1db}\InprocServer32 -> C:\Windows\system32\dfshim.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-2709076479-299211639-3247174901-1000_Classes\CLSID\{4445060a-61df-42fa-8aa3-307ab0e2bec7}\InprocServer32 -> C:\Windows\system32\dfshim.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-2709076479-299211639-3247174901-1000_Classes\CLSID\{47314919-e76d-4f59-a72e-5dc3e205b2df}\InprocServer32 -> C:\Windows\system32\dfshim.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-2709076479-299211639-3247174901-1000_Classes\CLSID\{47ffaf2b-3914-46bb-94e0-4eab7c4ebd69}\InprocServer32 -> C:\Windows\system32\dfshim.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-2709076479-299211639-3247174901-1000_Classes\CLSID\{4bd74af1-49cd-4054-bfa5-91d0aa412839}\InprocServer32 -> C:\Windows\system32\dfshim.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-2709076479-299211639-3247174901-1000_Classes\CLSID\{4d798a3d-a8c1-47d4-8c61-8c3fe23e88c2}\InprocServer32 -> C:\Windows\system32\dfshim.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-2709076479-299211639-3247174901-1000_Classes\CLSID\{4dd31cec-6235-4649-9f6c-dc31fb660923}\InprocServer32 -> C:\Windows\system32\dfshim.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-2709076479-299211639-3247174901-1000_Classes\CLSID\{4e5077a9-ca06-41af-8394-254edddfb102}\InprocServer32 -> C:\Windows\system32\dfshim.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-2709076479-299211639-3247174901-1000_Classes\CLSID\{515068f1-a99b-4ac1-9a66-d0165b1142c5}\InprocServer32 -> C:\Windows\system32\dfshim.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-2709076479-299211639-3247174901-1000_Classes\CLSID\{51fc9280-d9ab-480b-8a0c-eb0b8438022f}\InprocServer32 -> C:\Windows\system32\dfshim.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-2709076479-299211639-3247174901-1000_Classes\CLSID\{5aaaac67-2535-4c7a-9060-9e4123e49be1}\InprocServer32 -> C:\Windows\system32\dfshim.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-2709076479-299211639-3247174901-1000_Classes\CLSID\{5b01473f-97a7-40f0-b281-9083010c6712}\InprocServer32 -> C:\Windows\system32\dfshim.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-2709076479-299211639-3247174901-1000_Classes\CLSID\{5b67ef2a-4cfe-4831-bf6f-d86008fadabe}\InprocServer32 -> C:\Windows\system32\dfshim.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-2709076479-299211639-3247174901-1000_Classes\CLSID\{67458a4a-7d25-4fbc-b691-5ceabf367772}\InprocServer32 -> C:\Windows\system32\dfshim.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-2709076479-299211639-3247174901-1000_Classes\CLSID\{676909ec-0ada-4a01-9ae3-59aae818ba45}\InprocServer32 -> C:\Windows\system32\dfshim.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-2709076479-299211639-3247174901-1000_Classes\CLSID\{6c580f86-eba0-4870-b65d-79eaa516583e}\InprocServer32 -> C:\Windows\system32\dfshim.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-2709076479-299211639-3247174901-1000_Classes\CLSID\{71f0a88e-7519-471b-bd4f-6154fcbdd8f7}\InprocServer32 -> C:\Windows\system32\dfshim.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-2709076479-299211639-3247174901-1000_Classes\CLSID\{723645cd-d184-4af1-b76c-fdfd891acc30}\InprocServer32 -> C:\Windows\system32\dfshim.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-2709076479-299211639-3247174901-1000_Classes\CLSID\{778c029c-ca67-4139-a713-03f2be36542d}\InprocServer32 -> C:\Windows\system32\dfshim.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-2709076479-299211639-3247174901-1000_Classes\CLSID\{78ba11d6-a818-4806-8cc5-6744097d6348}\InprocServer32 -> C:\Windows\system32\dfshim.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-2709076479-299211639-3247174901-1000_Classes\CLSID\{7bb2769a-9ab5-40d0-afb4-c5de7349dfd4}\InprocServer32 -> C:\Windows\system32\dfshim.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-2709076479-299211639-3247174901-1000_Classes\CLSID\{7e8785f2-08a9-4c29-989c-bce037d2ed15}\InprocServer32 -> C:\Windows\system32\dfshim.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-2709076479-299211639-3247174901-1000_Classes\CLSID\{7eed2dd2-6d0c-4fd2-a26d-7f2b00ed7113}\InprocServer32 -> C:\Windows\system32\dfshim.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-2709076479-299211639-3247174901-1000_Classes\CLSID\{7f5df0b5-1189-47c2-9bff-dd630da51e3e}\InprocServer32 -> C:\Windows\system32\dfshim.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-2709076479-299211639-3247174901-1000_Classes\CLSID\{8d64261b-2d59-4e29-b18f-28e7e3b9e8cb}\InprocServer32 -> C:\Windows\system32\dfshim.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-2709076479-299211639-3247174901-1000_Classes\CLSID\{8e7bd6af-b76e-40c4-a83e-b250ee23d24c}\InprocServer32 -> C:\Windows\system32\dfshim.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-2709076479-299211639-3247174901-1000_Classes\CLSID\{9c2bfcf0-77c5-4a55-a276-2055e28a3a44}\InprocServer32 -> C:\Windows\system32\dfshim.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-2709076479-299211639-3247174901-1000_Classes\CLSID\{a6e89bf4-d816-4b96-9c6f-deee4934db93}\InprocServer32 -> C:\Windows\system32\dfshim.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-2709076479-299211639-3247174901-1000_Classes\CLSID\{b602a86c-da71-43e4-afb9-06949ad636d5}\InprocServer32 -> C:\Windows\system32\dfshim.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-2709076479-299211639-3247174901-1000_Classes\CLSID\{b6b6718f-6599-42ab-b6ab-d49e9bdb499c}\InprocServer32 -> C:\Windows\system32\dfshim.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-2709076479-299211639-3247174901-1000_Classes\CLSID\{b7379dd7-40b6-4a39-92c5-0d435e0e9954}\InprocServer32 -> C:\Windows\system32\dfshim.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-2709076479-299211639-3247174901-1000_Classes\CLSID\{c6e50c7e-4ae2-4265-946c-bcc05ba7b17d}\InprocServer32 -> C:\Windows\system32\dfshim.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-2709076479-299211639-3247174901-1000_Classes\CLSID\{cb454c5c-4681-46d2-a50d-c56a9cbe7927}\InprocServer32 -> C:\Windows\system32\dfshim.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-2709076479-299211639-3247174901-1000_Classes\CLSID\{cdc7dd1a-89f8-4d4a-b828-48ba76d650dc}\InprocServer32 -> C:\Windows\system32\dfshim.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-2709076479-299211639-3247174901-1000_Classes\CLSID\{e32cca19-be55-42c8-9fdd-7a1f5303c802}\InprocServer32 -> C:\Windows\system32\dfshim.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-2709076479-299211639-3247174901-1000_Classes\CLSID\{e7652ce6-d2b1-4397-ab10-003ea39478bd}\InprocServer32 -> C:\Windows\system32\dfshim.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-2709076479-299211639-3247174901-1000_Classes\CLSID\{f325ce13-5a39-4d46-9acb-1400813405ef}\InprocServer32 -> C:\Windows\system32\dfshim.dll (Microsoft Corporation)
 
==================== Restore Points  =========================
 
09-10-2014 08:02:39 Scheduled Checkpoint
09-10-2014 19:35:46 Windows Live Essentials
09-10-2014 19:39:41 Uninstalled with Total Uninstall "My Web Backups"
09-10-2014 19:43:28 Uninstalled with Total Uninstall "Windows Live Essentials"
09-10-2014 19:44:09 Windows Live Essentials
09-10-2014 19:56:41 Uninstalled with Total Uninstall "Strongvault Online Backup"
10-10-2014 00:34:12 Uninstalled with Total Uninstall "Strongvault Online Backup"
10-10-2014 00:38:25 Uninstalled with Total Uninstall "Bonjour"
10-10-2014 00:45:33 Uninstalled with Total Uninstall "Curse Client"
 
==================== Hosts content: ==========================
 
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 
2013-03-15 15:03 - 2014-02-25 16:31 - 00000027 ____A C:\Windows\system32\Drivers\etc\hosts
127.0.0.1       localhost
 
==================== Scheduled Tasks (whitelisted) =============
 
(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)
 
Task: {0C343FF1-74A7-4274-B269-20B6B7EF1784} - System32\Tasks\Microsoft\Office\Office 15 Subscription Heartbeat => C:\Program Files\Common Files\Microsoft Shared\Office15\OLicenseHeartbeat.exe [2014-01-23] (Microsoft Corporation)
Task: {1E6848C7-1221-46B8-8AE5-CA3B389494C5} - System32\Tasks\Microsoft_Hardware_Launch_itype_exe => c:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe [2013-05-13] (Microsoft Corporation)
Task: {2AF1FCE4-D637-4B73-8CB0-FE4091A2B03A} - System32\Tasks\Microsoft_Hardware_Launch_mousekeyboardcenter_exe => c:\Program Files\Microsoft Mouse and Keyboard Center\mousekeyboardcenter.exe [2013-05-13] (Microsoft)
Task: {423A45D9-6F1D-43A2-9CEC-9FC1BD0889F4} - System32\Tasks\{ED73FD79-A505-4641-8AE9-D1CA9064280F} => Firefox.exe http://ui.skype.com/ui/0/6.14.0.104/en/go/help.faq.installer?LastError=1601
Task: {43788222-0CA6-4714-921A-5BFA2D994FDF} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2014-09-24] (Adobe Systems Incorporated)
Task: {505AE972-9AD0-491F-BCF3-FDF03BBCD6A6} - System32\Tasks\Microsoft_Hardware_Launch_ipoint_exe => c:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe [2013-05-13] (Microsoft Corporation)
Task: {532414CF-EE5D-44FA-AF39-74857BE48C37} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {6D14683B-6D4A-409B-8A1E-A11317011E99} - System32\Tasks\TuneUpUtilities_Task_BkGndMaintenance2013 => C:\Program Files\TuneUp Utilities 2014\OneClick.exe [2014-04-15] (TuneUp Software)
Task: {8AC82898-BF91-4159-82BE-99DC9B297096} - System32\Tasks\WindowsFirewallNotifierTask => C:\Users\nots0\Desktop\incoming\WFN_1.9.0\Notifier.exe [2014-03-23] (Wokhan)
Task: {8CC16C9F-C0E2-4837-A00A-9570202E65C5} - System32\Tasks\Microsoft_MKC_Logon_Task_ipoint.exe => c:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe [2013-05-13] (Microsoft Corporation)
Task: {B5635BDE-0D64-48AD-A7C3-3F13FBB30EE8} - System32\Tasks\Microsoft_MKC_Logon_Task_itype.exe => c:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe [2013-05-13] (Microsoft Corporation)
Task: {D988972E-4207-4315-8666-E7BD8FA642AB} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2014-04-17] (Piriform Ltd)
 
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
 
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
 
==================== Loaded Modules (whitelisted) =============
 
2013-03-09 14:40 - 2014-03-04 08:34 - 00109000 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax.dll
2014-04-15 15:59 - 2014-04-15 15:59 - 00568120 _____ () C:\Program Files\TuneUp Utilities 2014\avgreplibx.dll
2014-03-12 20:07 - 2014-03-12 20:07 - 08884904 _____ () C:\Program Files\Microsoft Office\Office15\1033\GrooveIntlResource.dll
2013-03-09 22:18 - 2013-03-09 22:04 - 00107520 _____ () C:\Program Files\DAEMON Tools Pro\BRD.dll
2013-05-21 09:12 - 2014-06-19 14:11 - 23950848 _____ () C:\Program Files\World of Warcraft\Utils\libcef.dll
2014-10-01 10:31 - 2014-10-01 10:31 - 04893784 _____ () C:\Users\nots0\Downloads\RogueKiller.exe
2014-01-26 06:10 - 2012-12-07 09:04 - 00515616 _____ () C:\Program Files\Foxit Software\Foxit Advanced PDF Editor\aspell.dll
2013-09-22 19:18 - 2013-09-22 19:18 - 00113664 _____ () C:\Program Files\VideoLAN\VLC\libvlc.dll
2013-09-22 19:19 - 2013-09-22 19:19 - 02341888 _____ () C:\Program Files\VideoLAN\VLC\libvlccore.dll
2013-09-22 19:18 - 2013-09-22 19:18 - 00246784 _____ () C:\Program Files\VideoLAN\VLC\plugins\access\libdshow_plugin.dll
2013-09-22 19:19 - 2013-09-22 19:19 - 00047616 _____ () C:\Program Files\VideoLAN\VLC\plugins\audio_output\libdirectsound_plugin.dll
2013-09-22 19:19 - 2013-09-22 19:19 - 00050688 _____ () C:\Program Files\VideoLAN\VLC\plugins\audio_output\libwaveout_plugin.dll
2013-09-22 19:19 - 2013-09-22 19:19 - 11749376 _____ () C:\Program Files\VideoLAN\VLC\plugins\gui\libqt4_plugin.dll
2013-09-22 19:18 - 2013-09-22 19:18 - 01283584 _____ () C:\Program Files\VideoLAN\VLC\plugins\misc\libxml_plugin.dll
2013-09-22 19:18 - 2013-09-22 19:18 - 00079360 _____ () C:\Program Files\VideoLAN\VLC\plugins\video_output\libdirectdraw_plugin.dll
2013-09-22 19:18 - 2013-09-22 19:18 - 02029568 _____ () C:\Program Files\VideoLAN\VLC\plugins\access\liblibbluray_plugin.dll
2013-09-22 19:18 - 2013-09-22 19:18 - 00100352 _____ () C:\Program Files\VideoLAN\VLC\plugins\access\libaccess_bd_plugin.dll
2013-09-22 19:18 - 2013-09-22 19:18 - 00258560 _____ () C:\Program Files\VideoLAN\VLC\plugins\access\libdvdnav_plugin.dll
2013-09-22 19:18 - 2013-09-22 19:18 - 00076288 _____ () C:\Program Files\VideoLAN\VLC\plugins\access\libaccess_vdr_plugin.dll
2013-09-22 19:18 - 2013-09-22 19:18 - 00046592 _____ () C:\Program Files\VideoLAN\VLC\plugins\access\libfilesystem_plugin.dll
2013-09-22 19:18 - 2013-09-22 19:18 - 00061440 _____ () C:\Program Files\VideoLAN\VLC\plugins\stream_filter\libsmooth_plugin.dll
2013-09-22 19:18 - 2013-09-22 19:18 - 00465920 _____ () C:\Program Files\VideoLAN\VLC\plugins\stream_filter\libhttplive_plugin.dll
2013-09-22 19:18 - 2013-09-22 19:18 - 00719872 _____ () C:\Program Files\VideoLAN\VLC\plugins\stream_filter\libdash_plugin.dll
2013-09-22 19:18 - 2013-09-22 19:18 - 00114688 _____ () C:\Program Files\VideoLAN\VLC\plugins\access\libzip_plugin.dll
2013-09-22 19:18 - 2013-09-22 19:18 - 00039936 _____ () C:\Program Files\VideoLAN\VLC\plugins\access\libstream_filter_rar_plugin.dll
2013-09-22 19:18 - 2013-09-22 19:18 - 00136704 _____ () C:\Program Files\VideoLAN\VLC\plugins\demux\libplaylist_plugin.dll
2013-09-22 19:18 - 2013-09-22 19:18 - 01409536 _____ () C:\Program Files\VideoLAN\VLC\plugins\meta_engine\libtaglib_plugin.dll
2013-09-22 19:18 - 2013-09-22 19:18 - 00300032 _____ () C:\Program Files\VideoLAN\VLC\plugins\lua\liblua_plugin.dll
2013-09-22 19:18 - 2013-09-22 19:18 - 00056320 _____ () C:\Program Files\VideoLAN\VLC\plugins\control\libhotkeys_plugin.dll
2013-09-22 19:18 - 2013-09-22 19:18 - 00038912 _____ () C:\Program Files\VideoLAN\VLC\plugins\control\libglobalhotkeys_plugin.dll
2013-09-22 19:18 - 2013-09-22 19:18 - 00378368 _____ () C:\Program Files\VideoLAN\VLC\plugins\services_discovery\libupnp_plugin.dll
2013-09-22 19:18 - 2013-09-22 19:18 - 00118272 _____ () C:\Program Files\VideoLAN\VLC\plugins\services_discovery\libsap_plugin.dll
2013-09-22 19:18 - 2013-09-22 19:18 - 00043520 _____ () C:\Program Files\VideoLAN\VLC\plugins\services_discovery\libpodcast_plugin.dll
2013-09-22 19:18 - 2013-09-22 19:18 - 00039936 _____ () C:\Program Files\VideoLAN\VLC\plugins\services_discovery\libmediadirs_plugin.dll
2013-09-22 19:18 - 2013-09-22 19:18 - 00037376 _____ () C:\Program Files\VideoLAN\VLC\plugins\services_discovery\libwindrive_plugin.dll
2013-09-22 19:18 - 2013-09-22 19:18 - 00048128 _____ () C:\Program Files\VideoLAN\VLC\plugins\demux\libes_plugin.dll
2013-09-22 19:19 - 2013-09-22 19:19 - 00350720 _____ () C:\Program Files\VideoLAN\VLC\plugins\codec\libtheora_plugin.dll
2013-09-22 19:18 - 2013-09-22 19:18 - 00038912 _____ () C:\Program Files\VideoLAN\VLC\plugins\codec\librawvideo_plugin.dll
2013-09-22 19:18 - 2013-09-22 19:18 - 00144896 _____ () C:\Program Files\VideoLAN\VLC\plugins\codec\libspeex_plugin.dll
2013-09-22 19:18 - 2013-09-22 19:18 - 01723904 _____ () C:\Program Files\VideoLAN\VLC\plugins\codec\libvorbis_plugin.dll
2013-09-22 19:19 - 2013-09-22 19:19 - 00037888 _____ () C:\Program Files\VideoLAN\VLC\plugins\codec\libaes3_plugin.dll
2013-09-22 19:18 - 2013-09-22 19:18 - 00044032 _____ () C:\Program Files\VideoLAN\VLC\plugins\codec\liblpcm_plugin.dll
2013-09-22 19:19 - 2013-09-22 19:19 - 00044032 _____ () C:\Program Files\VideoLAN\VLC\plugins\packetizer\libpacketizer_flac_plugin.dll
2013-09-22 19:19 - 2013-09-22 19:19 - 00049152 _____ () C:\Program Files\VideoLAN\VLC\plugins\packetizer\libpacketizer_dirac_plugin.dll
2013-09-22 19:19 - 2013-09-22 19:19 - 00043008 _____ () C:\Program Files\VideoLAN\VLC\plugins\packetizer\libpacketizer_mlp_plugin.dll
2013-09-22 19:19 - 2013-09-22 19:19 - 00066048 _____ () C:\Program Files\VideoLAN\VLC\plugins\packetizer\libpacketizer_mpeg4audio_plugin.dll
2013-09-22 19:19 - 2013-09-22 19:19 - 00057856 _____ () C:\Program Files\VideoLAN\VLC\plugins\packetizer\libpacketizer_vc1_plugin.dll
2013-09-22 19:18 - 2013-09-22 19:18 - 00039424 _____ () C:\Program Files\VideoLAN\VLC\plugins\codec\libsvcdsub_plugin.dll
2013-09-22 19:18 - 2013-09-22 19:18 - 00042496 _____ () C:\Program Files\VideoLAN\VLC\plugins\codec\libspudec_plugin.dll
2013-09-22 19:19 - 2013-09-22 19:19 - 00049664 _____ () C:\Program Files\VideoLAN\VLC\plugins\packetizer\libpacketizer_mpeg4video_plugin.dll
2013-09-22 19:19 - 2013-09-22 19:19 - 00047104 _____ () C:\Program Files\VideoLAN\VLC\plugins\packetizer\libpacketizer_mpegvideo_plugin.dll
2013-09-22 19:19 - 2013-09-22 19:19 - 00041472 _____ () C:\Program Files\VideoLAN\VLC\plugins\codec\libcvdsub_plugin.dll
2013-09-22 19:19 - 2013-09-22 19:19 - 00085504 _____ () C:\Program Files\VideoLAN\VLC\plugins\packetizer\libpacketizer_h264_plugin.dll
2013-09-22 19:19 - 2013-09-22 19:19 - 00041472 _____ () C:\Program Files\VideoLAN\VLC\plugins\codec\libmpeg_audio_plugin.dll
2013-09-22 19:18 - 2013-09-22 19:18 - 00192000 _____ () C:\Program Files\VideoLAN\VLC\plugins\demux\libmp4_plugin.dll
2013-09-22 19:18 - 2013-09-22 19:18 - 00091136 _____ () C:\Program Files\VideoLAN\VLC\plugins\demux\libavi_plugin.dll
2013-09-22 19:18 - 2013-09-22 19:18 - 00068096 _____ () C:\Program Files\VideoLAN\VLC\plugins\demux\libasf_plugin.dll
2013-09-22 19:18 - 2013-09-22 19:18 - 00077824 _____ () C:\Program Files\VideoLAN\VLC\plugins\demux\libflacsys_plugin.dll
2013-09-22 19:19 - 2013-09-22 19:19 - 00292864 _____ () C:\Program Files\VideoLAN\VLC\plugins\codec\libpng_plugin.dll
2013-09-22 19:19 - 2013-09-22 19:19 - 00040448 _____ () C:\Program Files\VideoLAN\VLC\plugins\codec\libcdg_plugin.dll
2013-09-22 19:18 - 2013-09-22 19:18 - 01297920 _____ () C:\Program Files\VideoLAN\VLC\plugins\codec\libschroedinger_plugin.dll
2013-09-22 19:19 - 2013-09-22 19:19 - 00041472 _____ () C:\Program Files\VideoLAN\VLC\plugins\codec\libdts_plugin.dll
2013-09-22 19:18 - 2013-09-22 19:18 - 00359424 _____ () C:\Program Files\VideoLAN\VLC\plugins\codec\libfaad_plugin.dll
2013-09-22 19:18 - 2013-09-22 19:18 - 00209408 _____ () C:\Program Files\VideoLAN\VLC\plugins\codec\libflac_plugin.dll
2013-09-22 19:19 - 2013-09-22 19:19 - 00049152 _____ () C:\Program Files\VideoLAN\VLC\plugins\codec\libg711_plugin.dll
2013-09-22 19:19 - 2013-09-22 19:19 - 01381376 _____ () C:\Program Files\VideoLAN\VLC\plugins\codec\liblibass_plugin.dll
2013-09-22 19:18 - 2013-09-22 19:18 - 00034816 _____ () C:\Program Files\VideoLAN\VLC\plugins\audio_mixer\libfloat_mixer_plugin.dll
2013-09-22 19:18 - 2013-09-22 19:18 - 00040960 _____ () C:\Program Files\VideoLAN\VLC\plugins\audio_filter\libscaletempo_plugin.dll
2013-09-22 19:18 - 2013-09-22 19:18 - 00130560 _____ () C:\Program Files\VideoLAN\VLC\plugins\audio_filter\libmpgatofixed32_plugin.dll
2013-09-22 19:18 - 2013-09-22 19:18 - 00183808 _____ () C:\Program Files\VideoLAN\VLC\plugins\audio_filter\libdtstofloat32_plugin.dll
2013-09-22 19:18 - 2013-09-22 19:18 - 00073728 _____ () C:\Program Files\VideoLAN\VLC\plugins\audio_filter\liba52tofloat32_plugin.dll
2013-09-22 19:18 - 2013-09-22 19:18 - 01518592 _____ () C:\Program Files\VideoLAN\VLC\plugins\audio_filter\libsamplerate_plugin.dll
2013-09-22 19:18 - 2013-09-22 19:18 - 00040960 _____ () C:\Program Files\VideoLAN\VLC\plugins\audio_filter\libsimple_channel_mixer_plugin.dll
2013-09-22 19:18 - 2013-09-22 19:18 - 00035328 _____ () C:\Program Files\VideoLAN\VLC\plugins\audio_filter\liba52tospdif_plugin.dll
2013-09-22 19:18 - 2013-09-22 19:18 - 00037376 _____ () C:\Program Files\VideoLAN\VLC\plugins\audio_filter\libdtstospdif_plugin.dll
2013-09-22 19:18 - 2013-09-22 19:18 - 00036352 _____ () C:\Program Files\VideoLAN\VLC\plugins\audio_filter\libdolby_surround_decoder_plugin.dll
2013-09-22 19:18 - 2013-09-22 19:18 - 00036352 _____ () C:\Program Files\VideoLAN\VLC\plugins\audio_filter\libugly_resampler_plugin.dll
2013-09-22 19:18 - 2013-09-22 19:18 - 00036864 _____ () C:\Program Files\VideoLAN\VLC\plugins\audio_filter\libtrivial_channel_mixer_plugin.dll
2013-09-22 19:18 - 2013-09-22 19:18 - 00046080 _____ () C:\Program Files\VideoLAN\VLC\plugins\audio_filter\libaudio_format_plugin.dll
2013-09-22 19:18 - 2013-09-22 19:18 - 00051712 _____ () C:\Program Files\VideoLAN\VLC\plugins\audio_filter\libequalizer_plugin.dll
2013-09-22 19:18 - 2013-09-22 19:18 - 00046080 _____ () C:\Program Files\VideoLAN\VLC\plugins\audio_filter\libcompressor_plugin.dll
2013-09-22 19:18 - 2013-09-22 19:18 - 00116736 _____ () C:\Program Files\VideoLAN\VLC\plugins\audio_filter\libspatializer_plugin.dll
2014-07-06 06:40 - 2014-07-06 06:34 - 00020288 _____ () C:\Program Files\CCleaner\branding.dll
2014-05-24 16:06 - 2014-05-12 01:51 - 01397880 _____ () C:\Program Files\Opera\21.0.1432.67\opera_crashreporter.exe
2014-05-24 16:06 - 2014-05-12 01:51 - 00877688 _____ () C:\Program Files\Opera\21.0.1432.67\libglesv2.dll
2014-05-24 16:06 - 2014-05-12 01:51 - 00135800 _____ () C:\Program Files\Opera\21.0.1432.67\libegl.dll
2014-05-24 16:06 - 2014-05-12 01:51 - 00957048 _____ () C:\Program Files\Opera\21.0.1432.67\ffmpegsumo.dll
2014-09-10 23:01 - 2014-09-10 23:01 - 16825520 _____ () C:\Windows\system32\Macromed\Flash\NPSWF32_15_0_0_152.dll
2014-03-31 14:08 - 2014-09-27 10:50 - 03715184 _____ () C:\Program Files\Mozilla Firefox\mozjs.dll
2014-08-19 02:02 - 2014-08-19 02:02 - 01020928 _____ () C:\Users\nots0\AppData\Roaming\Mozilla\Firefox\Profiles\tz0ans2l.default\extensions\support@lastpass.com\platform\WINNT_x86-msvc\components\lpxpcom.dll
 
==================== Alternate Data Streams (whitelisted) =========
 
(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)
 
AlternateDataStreams: C:\3590F75ABA9E485486C100C1A9D4FF06ZZZ..Z.....ZZZZZ:1
AlternateDataStreams: C:\ProgramData\TEMP:9A870F8B
AlternateDataStreams: C:\ProgramData\TEMP:D1B5B4F1
 
==================== Safe Mode (whitelisted) ===================
 
(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
 
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PEVSystemStart => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\procexp90.Sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinFLAdrv.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\PEVSystemStart => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\procexp90.Sys => ""="Driver"
 
==================== EXE Association (whitelisted) =============
 
(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)
 
 
==================== MSCONFIG/TASK MANAGER disabled items =========
 
(Currently there is no automatic fix for this section.)
 
MSCONFIG\Services: AxInstSV => 3
MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^StrongVaultApp.exe.lnk => C:\Windows\pss\StrongVaultApp.exe.lnk.CommonStartup
MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Who Is On My Wifi.lnk => C:\Windows\pss\Who Is On My Wifi.lnk.CommonStartup
MSCONFIG\startupfolder: C:^Users^nots0^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^CurseClientStartup.ccip => C:\Windows\pss\CurseClientStartup.ccip.Startup
MSCONFIG\startupfolder: C:^Users^nots0^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Rainmeter.lnk => C:\Windows\pss\Rainmeter.lnkStartup
MSCONFIG\startupfolder: C:^Users^nots0^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Send to OneNote.lnk => C:\Windows\pss\Send to OneNote.lnkStartup
MSCONFIG\startupreg: AdobeAAMUpdater-1.0 => "C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe"
MSCONFIG\startupreg: AdobeCEPServiceManager => "C:\Program Files\Common Files\Adobe\CEPServiceManager4\CEPServiceManager.exe" -launchedbylogin
MSCONFIG\startupreg: AdobeCS6ServiceManager => "C:\Program Files\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe" -launchedbylogin
MSCONFIG\startupreg: APSDaemon => "C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe"
MSCONFIG\startupreg: HDAudDeck => C:\Program Files\VIA\VIAudioi\VDeck\VDeck.exe -r
MSCONFIG\startupreg: iTunesHelper => "C:\Program Files\iTunes\iTunesHelper.exe"
MSCONFIG\startupreg: Skype => "C:\Program Files\Skype\Phone\Skype.exe" /minimized /regrun
MSCONFIG\startupreg: SunJavaUpdateSched => "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
MSCONFIG\startupreg: Zune Launcher => "C:\Program Files\Zune\ZuneLauncher.exe"
 
========================= Accounts: ==========================
 
Administrator (S-1-5-21-2709076479-299211639-3247174901-500 - Administrator - Disabled)
Guest (S-1-5-21-2709076479-299211639-3247174901-501 - Limited - Disabled)
nots0 (S-1-5-21-2709076479-299211639-3247174901-1000 - Administrator - Enabled) => C:\Users\nots0
 
==================== Faulty Device Manager Devices =============
 
Name: WAN Miniport (L2TP)
Description: WAN Miniport (L2TP)
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: Rasl2tp
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.
 
Name: WAN Miniport (Network Monitor)
Description: WAN Miniport (Network Monitor)
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: NdisWan
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.
 
Name: WAN Miniport (IP)
Description: WAN Miniport (IP)
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: NdisWan
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.
 
Name: WAN Miniport (IPv6)
Description: WAN Miniport (IPv6)
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: NdisWan
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.
 
Name: Microsoft ISATAP Adapter
Description: Microsoft ISATAP Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: tunnel
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.
 
Name: Microsoft ISATAP Adapter #2
Description: Microsoft ISATAP Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: tunnel
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.
 
Name: WAN Miniport (PPPOE)
Description: WAN Miniport (PPPOE)
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: RasPppoe
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.
 
Name: Microsoft ISATAP Adapter #3
Description: Microsoft ISATAP Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: tunnel
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.
 
Name: WAN Miniport (PPTP)
Description: WAN Miniport (PPTP)
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: PptpMiniport
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.
 
Name: Microsoft ISATAP Adapter #4
Description: Microsoft ISATAP Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: tunnel
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.
 
Name: Microsoft ISATAP Adapter #5
Description: Microsoft ISATAP Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: tunnel
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.
 
Name: WAN Miniport (SSTP)
Description: WAN Miniport (SSTP)
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: RasSstp
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.
 
Name: WAN Miniport (IKEv2)
Description: WAN Miniport (IKEv2)
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: RasAgileVpn
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (10/10/2014 01:14:55 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: vlc.exe, version: 2.1.0.0, time stamp: 0x523f7ac4
Faulting module name: vlc.exe, version: 2.1.0.0, time stamp: 0x523f7ac4
Exception code: 0xc0000005
Fault offset: 0x00001a5b
Faulting process id: 0x1b10
Faulting application start time: 0xvlc.exe0
Faulting application path: vlc.exe1
Faulting module path: vlc.exe2
Report Id: vlc.exe3
 
Error: (10/10/2014 04:00:31 AM) (Source: Office 2013 Licensing Service) (EventID: 0) (User: )
Description: Subscription licensing service failed: -2147023838
 
Error: (10/09/2014 08:45:36 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: Cryptographic Services failed while processing the OnIdentity() call in the System Writer Object.
 
 
Details:
AddLegacyDriverFiles: Unable to back up image of binary MpKsle9760d37.
 
System Error:
The system cannot find the file specified.
.
 
Error: (10/09/2014 08:38:29 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: Cryptographic Services failed while processing the OnIdentity() call in the System Writer Object.
 
 
Details:
AddLegacyDriverFiles: Unable to back up image of binary MpKsle9760d37.
 
System Error:
The system cannot find the file specified.
.
 
Error: (10/09/2014 08:34:21 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: Cryptographic Services failed while processing the OnIdentity() call in the System Writer Object.
 
 
Details:
AddLegacyDriverFiles: Unable to back up image of binary MpKsle9760d37.
 
System Error:
The system cannot find the file specified.
.
 
Error: (10/09/2014 03:56:41 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: Cryptographic Services failed while processing the OnIdentity() call in the System Writer Object.
 
 
Details:
AddLegacyDriverFiles: Unable to back up image of binary MpKsle9760d37.
 
System Error:
The system cannot find the file specified.
.
 
Error: (10/09/2014 03:44:09 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: Cryptographic Services failed while processing the OnIdentity() call in the System Writer Object.
 
 
Details:
AddLegacyDriverFiles: Unable to back up image of binary MpKsle9760d37.
 
System Error:
The system cannot find the file specified.
.
 
Error: (10/09/2014 03:43:32 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: Cryptographic Services failed while processing the OnIdentity() call in the System Writer Object.
 
 
Details:
AddLegacyDriverFiles: Unable to back up image of binary MpKsle9760d37.
 
System Error:
The system cannot find the file specified.
.
 
Error: (10/09/2014 03:39:41 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: Cryptographic Services failed while processing the OnIdentity() call in the System Writer Object.
 
 
Details:
AddLegacyDriverFiles: Unable to back up image of binary MpKsle9760d37.
 
System Error:
The system cannot find the file specified.
.
 
Error: (10/09/2014 03:35:53 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: Cryptographic Services failed while processing the OnIdentity() call in the System Writer Object.
 
 
Details:
AddLegacyDriverFiles: Unable to back up image of binary MpKsle9760d37.
 
System Error:
The system cannot find the file specified.
.
 
 
System errors:
=============
Error: (10/10/2014 01:21:33 PM) (Source: DCOM) (EventID: 10001) (User: )
Description: C:\Windows\system32\DllHost.exe /Processid:{F9717507-6651-4EDB-BFF7-AE615179BCCF}5{C39EE728-D419-4BD4-A3EF-EDA059DBD935}
 
Error: (10/09/2014 11:38:45 PM) (Source: Microsoft Antimalware) (EventID: 2001) (User: )
Description: %NT AUTHORITY60 has encountered an error trying to update signatures.
 
New Signature Version: 
 
Previous Signature Version: 1.185.2649.0
 
Update Source: %NT AUTHORITY59
 
Update Stage: 4.5.0216.00
 
Source Path: 4.5.0216.01
 
Signature Type: %NT AUTHORITY602
 
Update Type: %NT AUTHORITY604
 
User: NT AUTHORITY\SYSTEM
 
Current Engine Version: %NT AUTHORITY605
 
Previous Engine Version: %NT AUTHORITY606
 
Error code: %NT AUTHORITY607
 
Error description: %NT AUTHORITY608
 
Error: (10/09/2014 11:26:04 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The Malwarebytes Anti-Exploit Service service terminated unexpectedly.  It has done this 1 time(s).
 
Error: (10/09/2014 11:17:32 PM) (Source: Microsoft Antimalware) (EventID: 2001) (User: )
Description: %NT AUTHORITY60 has encountered an error trying to update signatures.
 
New Signature Version: 
 
Previous Signature Version: 1.185.2649.0
 
Update Source: %NT AUTHORITY59
 
Update Stage: 4.5.0216.00
 
Source Path: 4.5.0216.01
 
Signature Type: %NT AUTHORITY602
 
Update Type: %NT AUTHORITY604
 
User: NT AUTHORITY\SYSTEM
 
Current Engine Version: %NT AUTHORITY605
 
Previous Engine Version: %NT AUTHORITY606
 
Error code: %NT AUTHORITY607
 
Error description: %NT AUTHORITY608
 
Error: (10/09/2014 06:56:29 PM) (Source: DCOM) (EventID: 10000) (User: )
Description: C:\Windows\system32\DllHost.exe /Processid:{AB8902B4-09CA-4BB6-B78D-A8F59079A8D5}5{AB8902B4-09CA-4BB6-B78D-A8F59079A8D5}
 
Error: (10/09/2014 03:48:15 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Apple Mobile Device service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 60000 milliseconds: Restart the service.
 
Error: (10/09/2014 03:21:55 PM) (Source: DCOM) (EventID: 10000) (User: )
Description: C:\Windows\system32\DllHost.exe /Processid:{30D49246-D217-465F-B00B-AC9DDD652EB7}5{30D49246-D217-465F-B00B-AC9DDD652EB7}
 
Error: (10/09/2014 03:18:32 PM) (Source: Microsoft Antimalware) (EventID: 2001) (User: )
Description: %NT AUTHORITY60 has encountered an error trying to update signatures.
 
New Signature Version: 
 
Previous Signature Version: 1.185.2649.0
 
Update Source: %NT AUTHORITY59
 
Update Stage: 4.5.0216.00
 
Source Path: 4.5.0216.01
 
Signature Type: %NT AUTHORITY602
 
Update Type: %NT AUTHORITY604
 
User: NT AUTHORITY\SYSTEM
 
Current Engine Version: %NT AUTHORITY605
 
Previous Engine Version: %NT AUTHORITY606
 
Error code: %NT AUTHORITY607
 
Error description: %NT AUTHORITY608
 
Error: (10/09/2014 03:17:14 PM) (Source: Microsoft Antimalware) (EventID: 2001) (User: )
Description: %NT AUTHORITY60 has encountered an error trying to update signatures.
 
New Signature Version: 
 
Previous Signature Version: 1.185.2649.0
 
Update Source: %NT AUTHORITY59
 
Update Stage: 4.5.0216.00
 
Source Path: 4.5.0216.01
 
Signature Type: %NT AUTHORITY602
 
Update Type: %NT AUTHORITY604
 
User: NT AUTHORITY\SYSTEM
 
Current Engine Version: %NT AUTHORITY605
 
Previous Engine Version: %NT AUTHORITY606
 
Error code: %NT AUTHORITY607
 
Error description: %NT AUTHORITY608
 
Error: (10/09/2014 03:13:41 PM) (Source: DCOM) (EventID: 10000) (User: )
Description: C:\Windows\system32\DllHost.exe /Processid:{3EB3C877-1F16-487C-9050-104DBCD66683}5{0358B920-0AC7-461F-98F4-58E32CD89148}
 
 
Microsoft Office Sessions:
=========================
Error: (10/10/2014 01:14:55 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: vlc.exe2.1.0.0523f7ac4vlc.exe2.1.0.0523f7ac4c000000500001a5b1b1001cfe24fb533e494C:\Program Files\VideoLAN\VLC\vlc.exeC:\Program Files\VideoLAN\VLC\vlc.exef225760d-50a0-11e4-99fe-e0cb4ec5d81b
 
Error: (10/10/2014 04:00:31 AM) (Source: Office 2013 Licensing Service) (EventID: 0) (User: )
Description: Subscription licensing service failed: -2147023838
 
Error: (10/09/2014 08:45:36 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: 
Details:
AddLegacyDriverFiles: Unable to back up image of binary MpKsle9760d37.
 
System Error:
The system cannot find the file specified.
 
Error: (10/09/2014 08:38:29 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: 
Details:
AddLegacyDriverFiles: Unable to back up image of binary MpKsle9760d37.
 
System Error:
The system cannot find the file specified.
 
Error: (10/09/2014 08:34:21 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: 
Details:
AddLegacyDriverFiles: Unable to back up image of binary MpKsle9760d37.
 
System Error:
The system cannot find the file specified.
 
Error: (10/09/2014 03:56:41 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: 
Details:
AddLegacyDriverFiles: Unable to back up image of binary MpKsle9760d37.
 
System Error:
The system cannot find the file specified.
 
Error: (10/09/2014 03:44:09 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: 
Details:
AddLegacyDriverFiles: Unable to back up image of binary MpKsle9760d37.
 
System Error:
The system cannot find the file specified.
 
Error: (10/09/2014 03:43:32 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: 
Details:
AddLegacyDriverFiles: Unable to back up image of binary MpKsle9760d37.
 
System Error:
The system cannot find the file specified.
 
Error: (10/09/2014 03:39:41 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: 
Details:
AddLegacyDriverFiles: Unable to back up image of binary MpKsle9760d37.
 
System Error:
The system cannot find the file specified.
 
Error: (10/09/2014 03:35:53 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: 
Details:
AddLegacyDriverFiles: Unable to back up image of binary MpKsle9760d37.
 
System Error:
The system cannot find the file specified.
 
 
==================== Memory info =========================== 
 
Processor: AMD Phenom™ II X4 955 Processor
Percentage of memory in use: 74%
Total physical RAM: 3327.18 MB
Available physical RAM: 841.04 MB
Total Pagefile: 13221.01 MB
Available Pagefile: 8290.37 MB
Total Virtual: 2047.88 MB
Available Virtual: 1894.27 MB
 
==================== Drives ================================
 
Drive c: () (Fixed) (Total:931.41 GB) (Free:495.99 GB) NTFS
Drive d: (Repair disc Windows 7 32-bit) (CDROM) (Total:0.14 GB) (Free:0 GB) UDF
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 931.5 GB) (Disk ID: A32E54E3)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=931.4 GB) - (Type=07 NTFS)
 
==================== End Of Log ============================


#10 cer0

cer0
  • Topic Starter

  • Members
  • 26 posts
  • OFFLINE
  •  
  • Local time:06:45 AM

Posted 10 October 2014 - 03:30 PM

 

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 08-10-2014 01

Ran by nots0 (administrator) on NOTS0-PC on 10-10-2014 16:13:05
Running from C:\Users\nots0\Downloads
Loaded Profile: nots0 (Available profiles: nots0)
Platform: Microsoft Windows 7 Ultimate  Service Pack 1 (X86) OS Language: English (United States)
Internet Explorer Version 11
Boot Mode: Normal
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Brio) C:\Program Files\FolderSize\FolderSizeSvc.exe
(Malwarebytes Corporation) C:\Program Files\Malwarebytes Anti-Malware\mbamscheduler.exe
(Malwarebytes Corporation) C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe
(TuneUp Software) C:\Program Files\TuneUp Utilities 2014\TuneUpUtilitiesService32.exe
(Malwarebytes Corporation) C:\Program Files\Malwarebytes Anti-Malware\mbam.exe
(TuneUp Software) C:\Program Files\TuneUp Utilities 2014\TuneUpUtilitiesApp32.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(DT Soft Ltd) C:\Program Files\DAEMON Tools Pro\DTShellHlp.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\NisSrv.exe
(Blizzard Entertainment) C:\Program Files\World of Warcraft\Wow.exe
(Blizzard Entertainment) C:\Program Files\World of Warcraft\Utils\WowBrowserProxy.exe
(Microsoft Corporation) C:\Windows\System32\taskmgr.exe
() C:\Users\nots0\Downloads\RogueKiller.exe
(Foxit Corporation) C:\Program Files\Foxit Software\Foxit Advanced PDF Editor\Foxit Advanced PDF Editor.exe
(VideoLAN) C:\Program Files\VideoLAN\VLC\vlc.exe
(Softpointer Inc) C:\Program Files\TagRename\TagRename.exe
(Piriform Ltd) C:\Program Files\CCleaner\CCleaner.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Opera Software) C:\Program Files\Opera\21.0.1432.67\opera.exe
() C:\Program Files\Opera\21.0.1432.67\opera_crashreporter.exe
(Opera Software) C:\Program Files\Opera\21.0.1432.67\opera.exe
(Opera Software) C:\Program Files\Opera\21.0.1432.67\opera.exe
(Opera Software) C:\Program Files\Opera\21.0.1432.67\opera.exe
(Opera Software) C:\Program Files\Opera\21.0.1432.67\opera.exe
(Opera Software) C:\Program Files\Opera\21.0.1432.67\opera.exe
(Opera Software) C:\Program Files\Opera\21.0.1432.67\opera.exe
(Opera Software) C:\Program Files\Opera\21.0.1432.67\opera.exe
(Opera Software) C:\Program Files\Opera\21.0.1432.67\opera.exe
(Opera Software) C:\Program Files\Opera\21.0.1432.67\opera.exe
(Opera Software) C:\Program Files\Opera\21.0.1432.67\opera.exe
(Opera Software) C:\Program Files\Opera\21.0.1432.67\opera.exe
(Opera Software) C:\Program Files\Opera\21.0.1432.67\opera.exe
(Opera Software) C:\Program Files\Opera\21.0.1432.67\opera.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(Opera Software) C:\Program Files\Opera\21.0.1432.67\opera.exe
(Opera Software) C:\Program Files\Opera\21.0.1432.67\opera.exe
(Opera Software) C:\Program Files\Opera\21.0.1432.67\opera.exe
(Wokhan) C:\Users\nots0\Desktop\incoming\WFN_1.9.0\Notifier.exe
(Microsoft Corporation) C:\Windows\System32\prevhost.exe
 
 
==================== Registry (Whitelisted) ==================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [MSC] => c:\Program Files\Microsoft Security Client\msseces.exe [951576 2014-03-11] (Microsoft Corporation)
HKLM\...\Run: [Malwarebytes Anti-Exploit] => C:\Program Files\Malwarebytes Anti-Exploit\mbae.exe [443216 2014-08-26] (Malwarebytes Corporation)
HKLM\...\RunOnce: [Malwarebytes Anti-Malware (cleanup)] => C:\ProgramData\Malwarebytes\Malwarebytes Anti-Malware\mbamdor.exe [54072 2014-05-12] (Malwarebytes Corporation)
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0xF2D628CCF41CCE01
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.com
SearchScopes: HKLM - DefaultScope {17C35237-2C6F-452E-B85E-66267434CAB2} URL = 
BHO: Drop Pad Web Backup -> {25DA541F-6ACF-4052-A8AA-1D58284729C7} -> C:\Windows\system32\mscoree.dll (Microsoft Corporation)
BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation)
BHO: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office15\URLREDIR.DLL (Microsoft Corporation)
BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation)
BHO: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office\Office15\MSOSB.DLL (Microsoft Corporation)
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} -  No File
Winsock: Catalog5 09 C:\Program Files\Bonjour\mdnsNSP.dll [121704] (Apple Inc.)
Tcpip\Parameters: [DhcpNameServer] 75.75.75.75 75.75.76.76
 
FireFox:
========
FF ProfilePath: C:\Users\nots0\AppData\Roaming\Mozilla\Firefox\Profiles\tz0ans2l.default
FF Homepage: hxxp://www.google.com
FF NetworkProxy: "type", 0
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF32_15_0_0_152.dll ()
FF Plugin: @Apple.com/iTunes,version=1.0 -> C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin: @java.com/DTPlugin,version=10.51.2 -> C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.51.2 -> C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @microsoft.com/Lync,version=15.0 -> C:\Program Files\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll (Microsoft Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~1\MICROS~3\Office15\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin: @nvidia.com/3DVision -> C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF Plugin: @nvidia.com/3DVisionStreaming -> C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @videolan.org/vlc,version=2.1.0 -> C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect32.dll (Adobe Systems)
FF Plugin HKCU: ubisoft.com/uplaypc -> C:\Program Files\Ubisoft\Ubisoft Game Launcher\npuplaypc.dll (Ubisoft)
FF user.js: detected! => C:\Users\nots0\AppData\Roaming\Mozilla\Firefox\Profiles\tz0ans2l.default\user.js
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npMeetingJoinPluginOC.dll (Microsoft Corporation)
FF SearchPlugin: C:\Users\nots0\AppData\Roaming\Mozilla\Firefox\Profiles\tz0ans2l.default\searchplugins\google-ssl.xml
FF SearchPlugin: C:\Users\nots0\AppData\Roaming\Mozilla\Firefox\Profiles\tz0ans2l.default\searchplugins\yahoo_ff.xml
FF Extension: Ant Video Downloader - C:\Users\nots0\AppData\Roaming\Mozilla\Firefox\Profiles\tz0ans2l.default\Extensions\anttoolbar@ant.com [2014-08-02]
FF Extension: Flash Video Downloader - YouTube Full HD Download - C:\Users\nots0\AppData\Roaming\Mozilla\Firefox\Profiles\tz0ans2l.default\Extensions\artur.dubovoy@gmail.com [2014-07-31]
FF Extension: DoNotTrackMe: Online Privacy Protection - C:\Users\nots0\AppData\Roaming\Mozilla\Firefox\Profiles\tz0ans2l.default\Extensions\donottrackplus@abine.com [2014-07-10]
FF Extension: LastPass - C:\Users\nots0\AppData\Roaming\Mozilla\Firefox\Profiles\tz0ans2l.default\Extensions\support@lastpass.com [2014-08-22]
FF Extension: Flash and Video Download - C:\Users\nots0\AppData\Roaming\Mozilla\Firefox\Profiles\tz0ans2l.default\Extensions\{bee6eb20-01e0-ebd1-da83-080329fb9a3a} [2014-09-20]
FF Extension: Custom New Tab - C:\Users\nots0\AppData\Roaming\Mozilla\Firefox\Profiles\tz0ans2l.default\Extensions\CNT@ednovak.net.xpi [2014-04-05]
FF Extension: ImageBlock - C:\Users\nots0\AppData\Roaming\Mozilla\Firefox\Profiles\tz0ans2l.default\Extensions\imageblock@hemantvats.com.xpi [2013-09-28]
FF Extension: InstantFox - C:\Users\nots0\AppData\Roaming\Mozilla\Firefox\Profiles\tz0ans2l.default\Extensions\searchy@searchy.xpi [2013-03-09]
FF Extension: YouTube to MP3 - C:\Users\nots0\AppData\Roaming\Mozilla\Firefox\Profiles\tz0ans2l.default\Extensions\youtube2mp3@mondayx.de.xpi [2014-01-27]
FF Extension: Gmail S/MIME - C:\Users\nots0\AppData\Roaming\Mozilla\Firefox\Profiles\tz0ans2l.default\Extensions\{4c197c8f-a50f-4b49-a2d2-ed922c95612f}.xpi [2013-03-12]
FF Extension: Encrypted Communication - C:\Users\nots0\AppData\Roaming\Mozilla\Firefox\Profiles\tz0ans2l.default\Extensions\{52a7f893-d228-412e-9b28-bc61491462f6}.xpi [2013-03-12]
FF Extension: Quick Translator - C:\Users\nots0\AppData\Roaming\Mozilla\Firefox\Profiles\tz0ans2l.default\Extensions\{5C655500-E712-41e7-9349-CE462F844B19}.xpi [2013-12-08]
FF Extension: Downloads Window - C:\Users\nots0\AppData\Roaming\Mozilla\Firefox\Profiles\tz0ans2l.default\Extensions\{a7213cf2-fa1e-4373-88ff-255d0abd3020}.xpi [2014-01-27]
FF Extension: Adblock Plus - C:\Users\nots0\AppData\Roaming\Mozilla\Firefox\Profiles\tz0ans2l.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2014-04-25]
FF Extension: Google Privacy - C:\Users\nots0\AppData\Roaming\Mozilla\Firefox\Profiles\tz0ans2l.default\Extensions\{ea61041c-1e22-4400-99a0-aea461e69d04}.xpi [2013-03-12]
 
Chrome: 
=======
CHR Profile: C:\Users\nots0\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Docs) - C:\Users\nots0\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-04-17]
CHR Extension: (Google Drive) - C:\Users\nots0\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-04-17]
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\nots0\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-07-11]
CHR Extension: (YouTube) - C:\Users\nots0\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-04-17]
CHR Extension: (Google Search) - C:\Users\nots0\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-04-17]
CHR Extension: (Google Wallet) - C:\Users\nots0\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-04-17]
CHR Extension: (Gmail) - C:\Users\nots0\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-04-17]
 
========================== Services (Whitelisted) =================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 FolderSize; C:\Program Files\FolderSize\FolderSizeSvc.exe [114688 2013-02-13] (Brio) [File not signed]
S4 LiveUpdateSvc; C:\Program Files\IObit\LiveUpdate\LiveUpdate.exe [2151200 2013-12-03] (IObit)
S2 MbaeSvc; C:\Program Files\Malwarebytes Anti-Exploit\mbae-svc.exe [441144 2014-08-29] (Malwarebytes Corporation)
R2 MBAMScheduler; C:\Program Files\Malwarebytes Anti-Malware\mbamscheduler.exe [1809720 2014-05-12] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe [860472 2014-05-12] (Malwarebytes Corporation)
R2 MsMpSvc; C:\Program Files\Microsoft Security Client\MsMpEng.exe [22216 2014-03-11] (Microsoft Corporation)
R3 NisSrv; C:\Program Files\Microsoft Security Client\NisSrv.exe [279776 2014-03-11] (Microsoft Corporation)
S2 PP Assistant Service; C:\Program Files\PP助手2.0\adevicehelpersvr.exe [118496 2014-08-14] () [File not signed]
R2 Themes; C:\Windows\system32\themeservice.dll [37376 2014-01-27] (Microsoft Corporation) [File not signed]
R2 TuneUp.UtilitiesSvc; C:\Program Files\TuneUp Utilities 2014\TuneUpUtilitiesService32.exe [1774904 2014-04-15] (TuneUp Software)
 
==================== Drivers (Whitelisted) ====================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
R1 AsIO; C:\Windows\System32\drivers\AsIO.sys [11296 2009-08-04] ()
R1 dtsoftbus01; C:\Windows\System32\DRIVERS\dtsoftbus01.sys [242240 2013-03-09] (DT Soft Ltd)
R1 ESProtectionDriver; C:\Program Files\Malwarebytes Anti-Exploit\mbae.sys [47896 2014-08-30] ()
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [23256 2014-05-12] (Malwarebytes Corporation)
R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [110296 2014-10-09] (Malwarebytes Corporation)
R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [51928 2014-05-12] (Malwarebytes Corporation)
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [231960 2014-01-25] (Microsoft Corporation)
R1 MpKslb997da32; c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{5FDE2106-6FDB-4928-85C8-2A67ADDCEAC1}\MpKslb997da32.sys [39464 2014-10-09] (Microsoft Corporation)
R3 MTsensor; C:\Windows\System32\DRIVERS\ASACPI.sys [13216 2009-07-16] ()
U0 naexe; C:\Windows\System32\drivers\qxuljc.sys [52440 2014-10-03] (Malwarebytes Corporation)
S3 rkhdrv40; C:\Windows\system32\Drivers\rkhdrv40.sys [24448 2014-10-03] () [File not signed]
S3 taphss; C:\Windows\System32\DRIVERS\taphss.sys [33512 2012-07-24] (AnchorFree Inc)
S3 taphss6; C:\Windows\System32\DRIVERS\taphss6.sys [37064 2013-04-24] (Anchorfree Inc.)
U3 TrueSight; C:\Windows\System32\drivers\TrueSight.sys [34808 2014-10-09] ()
R3 TuneUpUtilitiesDrv; C:\Program Files\TuneUp Utilities 2014\TuneUpUtilitiesDriver32.sys [12320 2014-03-26] (TuneUp Software)
R3 VIAHdAudAddService; C:\Windows\System32\drivers\viahduaa.sys [1150880 2013-03-09] (VIA Technologies, Inc.)
R1 WinFLAdrv; C:\Windows\System32\WinFLAdrv.sys [29184 2013-03-10] ()
S1 AntiLog32; \??\C:\Windows\system32\drivers\AntiLog32.sys [X]
S3 catchme; \??\C:\Users\nots0\AppData\Local\Temp\catchme.sys [X]
S3 keycrypt; system32\DRIVERS\KeyCrypt32.sys [X]
S3 Synth3dVsc; System32\drivers\synth3dvsc.sys [X]
S3 tsusbhub; system32\drivers\tsusbhub.sys [X]
S3 VGPU; System32\drivers\rdvgkmd.sys [X]
U3 mbr; \??\C:\Users\nots0\AppData\Local\Temp\mbr.sys [X]
 
==================== NetSvcs (Whitelisted) ===================
 
 
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
 
 
==================== One Month Created Files and Folders ========
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2014-10-10 16:13 - 2014-10-10 16:13 - 00016459 _____ () C:\Users\nots0\Downloads\FRST.txt
2014-10-10 15:16 - 2014-10-10 16:12 - 01101312 _____ (Farbar) C:\Users\nots0\Downloads\FRST.exe
2014-10-10 14:39 - 2014-10-10 14:39 - 00114704 _____ () C:\Users\nots0\AppData\Local\GDIPFONTCACHEV1.DAT
2014-10-10 14:38 - 2014-10-10 16:13 - 00000000 ____D () C:\3590F75ABA9E485486C100C1A9D4FF06ZZZ..Z.....ZZZZZ
2014-10-10 13:20 - 2014-10-10 13:20 - 00000000 ____D () C:\Users\nots0\AppData\Roaming\Aspell
2014-10-09 23:25 - 2014-10-09 23:30 - 00000000 ____D () C:\Program Files\Malwarebytes Anti-Exploit
2014-10-09 23:25 - 2014-10-09 23:25 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Exploit
2014-10-09 23:25 - 2014-10-09 23:25 - 00000000 ____D () C:\ProgramData\Malwarebytes Anti-Exploit
2014-10-09 15:30 - 2014-10-09 15:47 - 00000000 ____D () C:\Users\nots0\Documents\iTools
2014-10-09 15:29 - 2014-10-09 15:29 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTools
2014-10-09 15:28 - 2014-10-09 15:29 - 04039920 _____ () C:\Users\nots0\Downloads\iToolsSetup_1.8.4.0.exe
2014-10-09 11:32 - 2010-05-07 01:48 - 00077824 _____ (Auto Debug System) C:\Users\nots0\Downloads\KillProcess.exe
2014-10-09 11:25 - 2014-10-09 11:25 - 00029281 _____ () C:\Users\nots0\Downloads\processkill(1).zip
2014-10-09 11:23 - 2014-10-09 11:23 - 00029281 _____ () C:\Users\nots0\Downloads\processkill.zip
2014-10-09 01:09 - 2014-10-09 01:09 - 00029696 _____ (Gibson Research Corp.) C:\Users\nots0\Downloads\dcombob.exe
2014-10-09 00:54 - 2014-10-09 00:54 - 01121208 _____ () C:\Users\nots0\Downloads\ProcessMonitor.zip
2014-10-09 00:42 - 2014-10-09 00:42 - 00000000 ____D () C:\Users\nots0\AppData\Local\Wokhan
2014-10-09 00:38 - 2014-10-09 00:38 - 00162566 _____ () C:\Users\nots0\Downloads\WFN_1.9.0.zip
2014-10-09 00:30 - 2014-10-09 00:52 - 39067648 _____ () C:\Users\nots0\Downloads\Metrik-Universal_Language-NHS262DD-WEB-2014-JUSTiFY.rar.part
2014-10-08 18:00 - 2014-10-08 18:00 - 00000000 ____D () C:\Users\nots0\AppData\Roaming\TradeSkillMaster
2014-10-08 17:56 - 2014-10-08 17:56 - 00000000 ____D () C:\Users\nots0\Desktop\TSMApplication
2014-10-08 17:55 - 2014-10-08 17:55 - 07668591 _____ () C:\Users\nots0\Downloads\TSMApplication.zip
2014-10-03 08:48 - 2014-10-03 08:48 - 00052440 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\qxuljc.sys
2014-10-03 04:30 - 2014-10-03 04:30 - 00024448 _____ () C:\Windows\system32\Drivers\rkhdrv40.sys
2014-10-03 04:30 - 2014-10-03 04:30 - 00000000 ____D () C:\Users\nots0\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Rootkit Unhooker
2014-10-02 23:21 - 2014-10-02 23:21 - 14349744 _____ (Malwarebytes Corp.) C:\Users\nots0\Downloads\mbar-1.07.0.1012.exe
2014-10-02 22:56 - 2014-10-02 22:56 - 00158300 _____ () C:\Users\nots0\Downloads\RkU37300505.zip
2014-10-02 22:54 - 2014-10-02 22:54 - 00050477 _____ () C:\Users\nots0\Downloads\Defogger.exe
2014-10-02 22:54 - 2014-10-02 22:54 - 00000552 _____ () C:\Users\nots0\Downloads\defogger_disable.log
2014-10-02 22:54 - 2014-10-02 22:54 - 00000166 _____ () C:\Users\nots0\defogger_reenable
2014-10-02 21:46 - 2014-10-02 22:05 - 00000000 ____D () C:\Users\nots0\AppData\Roaming\FreeFixer
2014-10-02 21:46 - 2014-10-02 21:54 - 00000000 ____D () C:\Users\nots0\AppData\Local\FreeFixer
2014-10-02 21:40 - 2014-10-09 15:32 - 00000000 ____D () C:\Program Files\FreeFixer
2014-10-02 21:40 - 2014-10-02 21:40 - 02666167 _____ (Kephyr) C:\Users\nots0\Downloads\freefixersetup.exe
2014-10-02 21:10 - 2014-10-02 21:11 - 111461616 _____ (Microsoft Corporation) C:\Users\nots0\Downloads\mpam-fe.exe
2014-10-02 21:03 - 2014-10-09 18:57 - 00023891 _____ () C:\Users\nots0\Desktop\attach.txt
2014-10-02 21:03 - 2014-10-09 18:57 - 00013165 _____ () C:\Users\nots0\Desktop\dds.txt
2014-10-02 21:00 - 2014-10-02 21:00 - 00688992 ____R (Swearware) C:\Users\nots0\Downloads\dds(1).scr
2014-10-02 20:59 - 2014-10-02 21:00 - 00688992 _____ (Swearware) C:\Users\nots0\Downloads\dds.scr
2014-10-02 05:48 - 2014-10-02 05:48 - 00006789 _____ () C:\Users\nots0\Downloads\hijackthis2.log
2014-10-02 04:14 - 2014-10-02 04:14 - 00380416 _____ () C:\Users\nots0\Downloads\i7tjqdjp.exe
2014-10-02 04:07 - 2014-10-02 04:07 - 00000000 ____D () C:\Users\nots0\AppData\Roaming\FixZeroAccess
2014-10-02 04:06 - 2014-10-02 04:07 - 01805736 _____ (Symantec Corporation) C:\Users\nots0\Downloads\FixZeroAccess.exe
2014-10-02 00:09 - 2014-10-02 00:10 - 00068690 _____ () C:\Users\nots0\Downloads\Result.txt
2014-10-02 00:08 - 2014-10-02 00:08 - 00401920 _____ (Farbar) C:\Users\nots0\Downloads\MiniToolBox.exe
2014-10-01 15:06 - 2014-10-01 15:06 - 00002141 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TuneUp Utilities 2014.lnk
2014-10-01 15:06 - 2014-04-15 15:59 - 00036664 _____ (TuneUp Software) C:\Windows\system32\TURegOpt.exe
2014-10-01 15:06 - 2014-04-15 15:59 - 00025400 _____ (TuneUp Software) C:\Windows\system32\authuitu.dll
2014-10-01 15:00 - 2014-10-01 15:00 - 00001004 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Total Uninstall 6.lnk
2014-10-01 14:16 - 2014-10-01 14:19 - 00000000 ___SD () C:\ComboFix
2014-10-01 14:13 - 2014-10-01 14:13 - 05582345 ____R (Swearware) C:\Users\nots0\Downloads\ComboFix.exe
2014-10-01 13:06 - 2014-10-01 13:06 - 00000218 _____ () C:\Users\nots0\AppData\Local\recently-used.xbel
2014-10-01 12:16 - 2014-10-01 13:06 - 00000000 ____D () C:\Users\nots0\.zenmap
2014-10-01 12:16 - 2014-10-01 12:16 - 00000000 ____D () C:\Users\nots0\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Nmap
2014-10-01 12:14 - 2014-10-01 12:16 - 00000000 ____D () C:\Program Files\Nmap
2014-10-01 12:13 - 2014-10-01 12:13 - 27111830 _____ (Insecure.org) C:\Users\nots0\Downloads\nmap-6.47-setup.exe
2014-10-01 11:21 - 2014-10-01 11:22 - 00065144 _____ () C:\Users\nots0\Downloads\Addition.txt
2014-10-01 11:19 - 2014-10-10 16:13 - 00000000 ____D () C:\FRST
2014-10-01 11:07 - 2014-10-01 12:03 - 00007227 _____ () C:\Users\nots0\Downloads\hijackthis.log
2014-10-01 11:01 - 2014-10-01 11:01 - 00388608 _____ (Trend Micro Inc.) C:\Users\nots0\Downloads\HijackThis.exe
2014-10-01 10:45 - 2014-10-01 12:27 - 00000055 _____ () C:\Users\nots0\Downloads\FixWelch.log
2014-10-01 10:44 - 2014-10-01 10:44 - 00175256 _____ (Symantec Corporation) C:\Users\nots0\Downloads\FixWelch.exe
2014-10-01 10:38 - 2014-10-09 23:01 - 00034808 _____ () C:\Windows\system32\Drivers\TrueSight.sys
2014-10-01 10:38 - 2014-10-01 10:38 - 00000000 ____D () C:\ProgramData\RogueKiller
2014-10-01 10:37 - 2014-10-01 10:42 - 183376808 _____ (BeyondTrust, Inc.) C:\Users\nots0\Downloads\RetinaNetworkCommunity_EN.exe
2014-10-01 10:31 - 2014-10-01 10:31 - 04893784 _____ () C:\Users\nots0\Downloads\RogueKiller.exe
2014-10-01 08:48 - 2014-10-01 15:06 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TuneUp Utilities 2014
2014-10-01 08:48 - 2014-10-01 15:06 - 00000000 ____D () C:\Program Files\TuneUp Utilities 2014
2014-10-01 08:48 - 2014-10-01 08:48 - 00000000 ____D () C:\Users\nots0\AppData\Local\TuneUp Software
2014-10-01 08:29 - 2014-10-01 08:29 - 00000000 ____D () C:\ProgramData\Martau
2014-10-01 08:28 - 2014-10-01 15:00 - 00000000 ____D () C:\Program Files\Total Uninstall 6
2014-10-01 08:16 - 2014-10-01 08:16 - 00347816 _____ (Microsoft Corporation) C:\Users\nots0\Downloads\MicrosoftFixit.ProgramInstallUninstall.MATSKB.Run(1).exe
2014-09-28 06:54 - 2014-09-28 06:54 - 00001571 _____ () C:\Users\Public\Desktop\sine mora.lnk
2014-09-28 06:53 - 2014-09-28 06:53 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Kalypso Media
2014-09-27 21:55 - 2014-09-27 21:55 - 00000000 ____D () C:\ProgramData\RELOADED
2014-09-27 20:52 - 2014-09-27 20:52 - 00001853 _____ () C:\Users\Public\Desktop\mark of the ninja.lnk
2014-09-27 20:52 - 2014-09-27 20:52 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Studios
2014-09-27 20:47 - 2014-09-27 20:47 - 00000587 _____ () C:\Users\Public\Desktop\torchlight 2.lnk
2014-09-27 20:35 - 2014-09-27 20:35 - 00001104 _____ () C:\Users\nots0\Desktop\dust an elysian tail.lnk
2014-09-27 16:45 - 2014-09-27 16:45 - 00000703 _____ () C:\Users\nots0\Desktop\metal slug.lnk
2014-09-27 16:44 - 2014-09-27 16:44 - 00000000 ____D () C:\Users\nots0\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\SNK PLAYMORE
2014-09-27 14:16 - 2014-09-27 14:16 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PP助手2.0
2014-09-27 14:16 - 2014-09-27 14:16 - 00000000 ____D () C:\Program Files\PP助手2.0
2014-09-27 14:15 - 2014-09-27 14:15 - 19521328 _____ (广州铁人网络科技有限公司) C:\Users\nots0\Downloads\ppsetup(1).exe
2014-09-27 14:05 - 2014-09-27 14:05 - 21933992 _____ () C:\Users\nots0\Downloads\Tongbu_Setup_2.19.2_zsgw.exe
2014-09-27 10:48 - 2014-09-27 10:48 - 00000000 ____D () C:\ProgramData\FaceOnBody2
2014-09-27 10:43 - 2014-09-27 10:45 - 00000000 ____D () C:\Program Files\FaceOnBody2
2014-09-27 10:43 - 2014-09-27 10:43 - 00000000 ____D () C:\Users\nots0\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\FaceOnBody2
2014-09-27 10:43 - 2014-09-27 10:43 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\FaceOnBody2
2014-09-26 23:21 - 2014-09-26 23:21 - 00402696 _____ () C:\Users\nots0\Downloads\setup(1).exe
2014-09-25 20:30 - 2014-09-25 20:30 - 00699016 _____ (CNET Download.com) C:\Users\nots0\Downloads\cbsidlm-cbsi213-Always_On_Top-SEO-10674027.exe
2014-09-24 21:02 - 2014-09-27 16:46 - 00000895 _____ () C:\Users\nots0\Desktop\btd 5.lnk
2014-09-24 21:01 - 2014-09-24 21:01 - 00000000 ____D () C:\Users\nots0\AppData\Roaming\com.ninjakiwi.BloonsTD5Deluxe
2014-09-24 21:00 - 2014-09-24 21:00 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Bloons TD 5 Deluxe
 
==================== One Month Modified Files and Folders =======
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2014-10-10 16:12 - 2014-03-18 09:57 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-10-10 14:02 - 2013-11-26 19:38 - 00000000 ____D () C:\Users\nots0\AppData\Roaming\Vso
2014-10-10 14:02 - 2013-11-26 19:38 - 00000000 ____D () C:\ProgramData\VSO
2014-10-10 14:02 - 2013-03-09 22:11 - 00000000 ____D () C:\Users\nots0\AppData\Roaming\DAEMON Tools Pro
2014-10-10 14:02 - 2013-03-09 14:36 - 00000000 ____D () C:\Users\nots0\AppData\Roaming\uTorrent
2014-10-10 14:00 - 2014-07-30 04:12 - 00000000 ____D () C:\Users\nots0\AppData\Local\CrashDumps
2014-10-10 13:17 - 2013-03-10 09:04 - 00000000 ____D () C:\Users\nots0\AppData\Roaming\vlc
2014-10-09 23:22 - 2013-07-12 13:37 - 00000000 ____D () C:\Users\nots0\My Books
2014-10-09 23:20 - 2013-06-29 14:41 - 00000000 ___RD () C:\Users\nots0\Desktop\incoming
2014-10-09 23:06 - 2014-07-06 06:33 - 00110296 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-10-09 20:46 - 2013-03-09 18:27 - 00000000 ____D () C:\Users\nots0\AppData\Local\Deployment
2014-10-09 20:39 - 2014-03-18 09:36 - 00000000 ____D () C:\Program Files\Bonjour
2014-10-09 15:45 - 2014-04-29 17:41 - 00000000 ____D () C:\Users\nots0\Documents\ihelper
2014-10-09 15:38 - 2013-05-08 19:49 - 00000000 ____D () C:\Windows\Minidump
2014-10-09 15:34 - 2014-06-27 10:23 - 00000000 ____D () C:\Program Files\Pidgin
2014-10-07 12:44 - 2013-03-09 14:28 - 00000000 ____D () C:\Users\nots0
2014-10-02 23:59 - 2013-03-23 22:14 - 00000000 ____D () C:\Program Files\World of Warcraft Public Test
2014-10-02 23:57 - 2014-04-06 19:10 - 00000000 ____D () C:\Users\nots0\AppData\Local\Battle.net
2014-10-02 23:57 - 2014-04-06 19:09 - 00000000 ____D () C:\Program Files\Battle.net
2014-10-02 23:33 - 2009-07-14 00:34 - 00010016 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-10-02 23:33 - 2009-07-14 00:34 - 00010016 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-10-02 23:28 - 2013-03-09 14:40 - 00000000 ____D () C:\ProgramData\NVIDIA
2014-10-02 23:28 - 2009-07-14 00:53 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-10-02 21:26 - 2014-03-13 12:00 - 00000000 ____D () C:\Program Files\Common Files\Skype
2014-10-01 15:15 - 2014-01-26 08:10 - 00000000 __SHD () C:\ProgramData\{FE8D473A-6F06-4F99-B5F4-BED72B2A038C}
2014-10-01 14:55 - 2013-05-06 00:36 - 00000000 ____D () C:\Windows\pss
2014-10-01 14:16 - 2014-02-25 16:18 - 00000000 ____D () C:\Qoobox
2014-10-01 13:53 - 2013-03-10 00:49 - 00000000 ____D () C:\Program Files\Microsoft Baseline Security Analyzer 2
2014-10-01 13:53 - 2009-07-13 22:37 - 00000000 ____D () C:\Windows\system32\wfp
2014-10-01 13:53 - 2009-07-13 22:37 - 00000000 ____D () C:\Windows\registration
2014-10-01 13:53 - 2009-07-13 22:37 - 00000000 ____D () C:\Windows\AppCompat
2014-10-01 13:52 - 2013-12-19 17:35 - 00000000 ____D () C:\ProgramData\Apple Computer
2014-10-01 13:52 - 2013-12-19 17:34 - 00000000 ____D () C:\Users\nots0\AppData\Local\Apple
2014-10-01 13:52 - 2013-12-19 17:34 - 00000000 ____D () C:\ProgramData\Apple
2014-09-30 08:29 - 2013-04-11 21:54 - 00000000 ____D () C:\Program Files\Mozilla Maintenance Service
2014-09-28 09:05 - 2013-03-14 15:57 - 00000000 ____D () C:\Users\nots0\AppData\Roaming\mIRC
2014-09-28 06:50 - 2013-05-22 12:52 - 00000000 ____D () C:\Games
2014-09-27 21:55 - 2013-06-19 16:28 - 00000000 ____D () C:\Users\nots0\Documents\My Games
2014-09-27 20:56 - 2013-09-14 20:48 - 00000000 ____D () C:\Users\nots0\AppData\Local\SKIDROW
2014-09-27 14:08 - 2014-08-26 17:52 - 00000000 ____D () C:\Users\nots0\Documents\Tongbu
2014-09-27 10:50 - 2014-03-31 14:08 - 00000000 ____D () C:\Program Files\Mozilla Firefox
2014-09-24 11:01 - 2013-03-09 14:44 - 00701104 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe
2014-09-24 11:01 - 2013-03-09 14:44 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl
2014-09-19 21:36 - 2014-08-08 15:28 - 00000000 ____D () C:\Users\nots0\AppData\Roaming\.minecraft
2014-09-15 09:06 - 2013-03-09 14:47 - 00231568 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe
 
Files to move or delete:
====================
C:\ProgramData\win_mpwd_sys.dat
 
 
==================== Bamital & volsnap Check =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed
 
 
LastRegBack: 2014-10-06 13:32
 
==================== End Of Log ============================


#11 cer0

cer0
  • Topic Starter

  • Members
  • 26 posts
  • OFFLINE
  •  
  • Local time:06:45 AM

Posted 10 October 2014 - 04:38 PM

 

RogueKiller V10.0.1.0 [Oct 10 2014] by Adlice Software
mail : http://www.adlice.com/contact/
Feedback : http://forum.adlice.com
Website : http://www.adlice.com/softwares/roguekiller/
Blog : http://www.adlice.com

Operating System : Windows 7 (6.1.7601 Service Pack 1) 32 bits version
Started in : Normal mode
User : nots0 [Administrator]
Mode : Scan -- Date : 10/10/2014  17:24:40

¤¤¤ Processes : 2 ¤¤¤
[Suspicious.Path] Notifier.exe -- C:\Users\nots0\Desktop\incoming\WFN_1.9.0\Notifier.exe[-] -> Killed [TermProc]
[Suspicious.Path] (SVC) catchme -- \??\C:\Users\nots0\AppData\Local\Temp\catchme.sys[x] -> Stopped

¤¤¤ Registry : 10 ¤¤¤
[Suspicious.Path] HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\catchme (\??\C:\Users\nots0\AppData\Local\Temp\catchme.sys) -> Found
[Suspicious.Path] HKEY_LOCAL_MACHINE\System\ControlSet001\Services\catchme (\??\C:\Users\nots0\AppData\Local\Temp\catchme.sys) -> Found
[Suspicious.Path] HKEY_LOCAL_MACHINE\System\ControlSet002\Services\catchme (\??\C:\Users\nots0\AppData\Local\Temp\catchme.sys) -> Found
[PUM.HomePage] HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\Main | Start Page :
[PUM.HomePage] HKEY_USERS\S-1-5-21-2709076479-299211639-3247174901-1000\Software\Microsoft\Internet Explorer\Main | Start Page : www.google.com  -> Found
[PUM.HomePage] HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\Main | Start Page :
[PUM.SearchPage] HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\Main | Search Page :
[PUM.SearchPage] HKEY_USERS\S-1-5-21-2709076479-299211639-3247174901-1000\Software\Microsoft\Internet Explorer\Main | Search Page :
[PUM.SearchPage] HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\Main | Search Page :
[PUM.DesktopIcons] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {59031a47-3f72-44a7-89c5-5595fe6b30ee} : 1  -> Found

¤¤¤ Tasks : 1 ¤¤¤
[Suspicious.Path] \\WindowsFirewallNotifierTask -- C:\Users\nots0\Desktop\incoming\WFN_1.9.0\Notifier.exe (-pid $(ProcessID) -ip $(DestAddress) -port $(DestPort) -protocol $(Protocol) -localport $(SourcePort) -path "$(Application)") -> Found

¤¤¤ Files : 0 ¤¤¤

¤¤¤ Hosts File : 1 ¤¤¤
[C:\Windows\System32\drivers\etc\hosts] 127.0.0.1       localhost

¤¤¤ Antirootkit : 1 (Driver: Loaded) ¤¤¤
[Filter()] \Driver\atapi @ Unknown : \Driver\cdrom @ \Device\CdRom0 (\SystemRoot\system32\DRIVERS\dtsoftbus01.sys)

¤¤¤ Web browsers : 1 ¤¤¤
[PUP][FIREFX:Addon] tz0ans2l.default : Ant Video Downloader [anttoolbar@ant.com] -> Found

¤¤¤ MBR Check : ¤¤¤
+++++ PhysicalDrive0: Hitachi HDS721010CLA330 ATA Device +++++
--- User ---
[MBR] cd04d84b0efc3232cd296b55375e2169
[BSP] cbdfd08a3689b3b5026ddf27e2652060 : Windows Vista/7/8 MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x7) [VISIBLE] Offset (sectors): 2048 | Size: 100 MB
1 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 206848 | Size: 953767 MB
User = LL1 ... OK
User = LL2 ... OK


============================================
RKreport_SCN_10012014_105502.log - RKreport_SCN_10012014_125545.log - RKreport_SCN_10092014_234033.log - RKreport_SCN_10092014_234701.log



#12 Naathim

Naathim

    Bleepin' Minion


  • Members
  • 435 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Poland
  • Local time:12:45 PM

Posted 11 October 2014 - 04:00 AM

Please, do not use quote or code boxes. Just plain text when pasting the logs :)

Also I see that you did lots of scans using malware tools. These are not to be used on your own and if used improperly, may render the system unstable. Stop doin any self-help fixes from now on while I am helping you.



ckscanner.jpg Scan with CKScanner

Download CKScanner by askey127 and save it to your desktop.

  • Right-click on ckscanner.jpg icon and select RunAsAdmin.jpg Run as Administrator to start the tool.
  • click Search For Files.
  • When finished, click Save List To File.
  • Remember to run this tool once only, if not asked to run it again.

Please include the content of CKFiles.txt in your next reply.


Edited by Naathim, 11 October 2014 - 04:01 AM.

Radek Naathim Pawelczyk

Malware Removal Specialist

 

staff.png


#13 Naathim

Naathim

    Bleepin' Minion


  • Members
  • 435 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Poland
  • Local time:12:45 PM

Posted 11 October 2014 - 05:29 AM

You are being helped at

 GeeksToGo. Please stop wasting my time.

 

This topic is now closed.


Radek Naathim Pawelczyk

Malware Removal Specialist

 

staff.png





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users