Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Blocking of .exe's, can't run anything from BleepingComputer


  • This topic is locked This topic is locked
31 replies to this topic

#1 Math.

Math.

  • Members
  • 36 posts
  • OFFLINE
  •  
  • Local time:12:25 PM

Posted 23 October 2014 - 01:49 PM

Hello! Here is my thread from Am I Infected: http://www.bleepingcomputer.com/forums/t/552454/lots-of-oddities

 

I can't download any specialized security programs (blocked by a firewall that's not even on my router), my battery dies in about 45 minutes when it used to last 4 hours, and I have been having some problems with sound input.

 

I wish I could post DDS or HiJackThis logs but none of them will download. I do have an RSIT log that I can post, though. HiJackThis failed to download via that method.

 

 

Mod Edit:  Reopened topic per OP request - Hamluis.


Edited by hamluis, 02 November 2014 - 06:15 PM.


BC AdBot (Login to Remove)

 


#2 HelpBot

HelpBot

    Bleepin' Binary Bot


  • Bots
  • 12,765 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:12:25 PM

Posted 28 October 2014 - 01:50 PM

Hello and welcome to Bleeping Computer!

I am HelpBot: an automated program designed to help the Bleeping Computer Staff better assist you! This message contains very important information, so please read through all of it before doing anything.

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

To help Bleeping Computer better assist you please perform the following steps:

***************************************************

step1.gif In order to continue receiving help at BleepingComputer.com, YOU MUST tell me if you still need help or if your issue has already been resolved on your own or through another resource! To tell me this, please click on the following link and follow the instructions there.

CLICK THIS LINK >>> http://www.bleepingcomputer.com/logreply/553052 <<< CLICK THIS LINK



If you no longer need help, then all you needed to do was the previous instructions of telling me so. You can skip the rest of this post. If you do need help please continue with Step 2 below.

***************************************************

step2.gifIf you still need help, I would like you to post a Reply to this topic (click the "Add Reply" button in the lower right hand of this page). In that reply, please include the following information:

  • If you have not done so already, include a clear description of the problems you're having, along with any steps you may have performed so far.
  • A new DDS log. For your convenience, you will find the instructions for generating these logs repeated at the bottom of this post.
    • Please do this even if you have previously posted logs for us.
    • If you were unable to produce the logs originally please try once more.
    • If you are unable to create a log please provide detailed information about your installed Windows Operating System including the Version, Edition and if it is a 32bit or a 64bit system.
    • If you are unsure about any of these characteristics just post what you can and we will guide you.
  • Please tell us if you have your original Windows CD/DVD available.
  • Upon completing the above steps and posting a reply, another staff member will review your topic and do their best to resolve your issues.

Thank you for your patience, and again sorry for the delay.

***************************************************

We need to see some information about what is happening in your machine. Please perform the following scan again:

  • Download DDS by sUBs from the following link if you no longer have it available and save it to your destop.

    DDS.com Download Link
  • Double click on the DDS icon, allow it to run.
  • A small box will open, with an explanation about the tool. No input is needed, the scan is running.
  • Notepad will open with the results.
  • Follow the instructions that pop up for posting the results.
  • Close the program window, and delete the program from your desktop.
Please note: You may have to disable any script protection running if the scan fails to run. After downloading the tool, disconnect from the internet and disable all antivirus protection. Run the scan, enable your A/V and reconnect to the internet.

Information on A/V control can be found HERE.

As I am just a silly little program running on the BleepingComputer.com servers, please do not send me private messages as I do not know how to read and reply to them! Thanks!

#3 Math.

Math.
  • Topic Starter

  • Members
  • 36 posts
  • OFFLINE
  •  
  • Local time:12:25 PM

Posted 02 November 2014 - 01:05 PM

Hello! Sorry for the delay on my end. I couldn't get DDS to run (running Windows 8.1) but I could get FRST to run!

 

The only issues I have left are my battery dying really quickly, there are squares next to the names of programs in Volume Mixer, and a couple sketchy entries in my FRST log.

 

Am I Infected? log here: http://www.bleepingcomputer.com/forums/t/552454/lots-of-oddities/

 

I've run MBAM, Avast, HitManPro, MiniToolBox, TDSSKiller, ADWCleaner, JRT, and ESET wouldn't run due to incompatiblity issues. The programs cleared up some remnants and a corrupt Hosts file was resolved.

 

FRST log:

 

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 02-11-2014
Ran by mathb_000 (administrator) on ADAMLAPTOP2 on 02-11-2014 12:41:29
Running from C:\Users\mathb_000\Downloads
Loaded Profile: mathb_000 (Available profiles: mathb_000)
Platform: Windows 8.1 (X64) OS Language: English (United States)
Internet Explorer Version 11
Boot Mode: Normal
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(AMD) C:\Windows\System32\atiesrxx.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Sandboxie Holdings, LLC) C:\Program Files\Sandboxie\SbieSvc.exe
(SurfRight B.V.) C:\Program Files\HitmanPro\hmpsched.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
() C:\Program Files (x86)\Toshiba\Password Utility\GFNEXSrv.exe
(Advanced Micro Devices, Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
() C:\Program Files (x86)\AMD\OverDrive\AODAssist.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(BlueStack Systems, Inc.) C:\Program Files (x86)\BlueStacks\HD-LogRotatorService.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Carbonite, Inc. (www.carbonite.com)) C:\Program Files\Carbonite\Carbonite Backup\CarboniteService.exe
(Microsoft Corporation) C:\Windows\System32\dasHost.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.25.5\GoogleCrashHandler.exe
(Firebird Project) C:\Program Files (x86)\Firebird\Firebird_2_5\bin\fbguard.exe
() C:\Program Files (x86)\Icecast2 Win32\icecastService.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office 15\ClientX64\integratedoffice.exe
() C:\Program Files (x86)\SimracewayUpdater\SRWUpdate.exe
(TOSHIBA Corporation) C:\Windows\System32\TODDSrv.exe
(RaMMicHaeL) C:\Program Files (x86)\Unchecky\bin\unchecky_svc.exe
(TOSHIBA Corporation) C:\Program Files\Toshiba\Teco\TecoService.exe
(RaMMicHaeL) C:\Program Files (x86)\Unchecky\bin\unchecky_bg.exe
(Firebird Project) C:\Program Files (x86)\Firebird\Firebird_2_5\bin\fbserver.exe
(Flux Software LLC) C:\Users\mathb_000\AppData\Local\FluxSoftware\Flux\flux.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.25.5\GoogleCrashHandler64.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\avastui.exe
(Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(TOSHIBA Corporation) C:\Program Files\Toshiba\TOSHIBA Service Station\ToshibaServiceStation.exe
(TOSHIBA Corporation) C:\Program Files\Toshiba\TOSHIBA Service Station\TMachInfo.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
() C:\Program Files (x86)\TunnelBear\TBear.Maintenance.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Last.fm) C:\Program Files (x86)\Last.fm\Last.fm Scrobbler.exe
(Microsoft Corporation) C:\Windows\System32\SnippingTool.exe
(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe
(Spotify Ltd) C:\Users\mathb_000\AppData\Roaming\Spotify\spotify.exe
() C:\Users\mathb_000\AppData\Roaming\Spotify\Data\SpotifyHelper.exe
() C:\Users\mathb_000\AppData\Roaming\Spotify\Data\SpotifyHelper.exe
() C:\Users\mathb_000\AppData\Roaming\Spotify\Data\SpotifyHelper.exe
() C:\Users\mathb_000\AppData\Roaming\Spotify\Data\SpotifyHelper.exe
(Skype Technologies S.A.) C:\Program Files (x86)\Skype\Phone\Skype.exe
(Microsoft Corporation) C:\Windows\splwow64.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\Office12\WINWORD.EXE
() C:\Users\mathb_000\AppData\Roaming\Spotify\Data\SpotifyHelper.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Valve Corporation) C:\Program Files (x86)\Steam\Steam.exe
(Valve Corporation) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
(Valve Corporation) C:\Program Files (x86)\Common Files\Steam\SteamService.exe
(Image-Line) C:\Program Files (x86)\Image-Line\FL Studio 11\FL.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\Office12\OIS.EXE
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\Office12\OIS.EXE
(Alexander Roshal) C:\Program Files\WinRAR\WinRAR.exe
(Electronic Arts) C:\Program Files (x86)\Origin\Origin.exe
(Electronic Arts) C:\Program Files (x86)\Origin\OriginClientService.exe
(Microsoft Corporation) C:\Windows\System32\Taskmgr.exe
() C:\Users\mathb_000\AppData\Roaming\Spotify\Data\SpotifyHelper.exe
() C:\Users\mathb_000\AppData\Roaming\Spotify\Data\SpotifyHelper.exe
(Valve Corporation) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
(Valve Corporation) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
(Valve Corporation) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\Office12\EXCEL.EXE
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\Office12\EXCEL.EXE
(Microsoft Corporation) C:\Windows\ImmersiveControlPanel\SystemSettings.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Apple Inc.) C:\Program Files (x86)\iTunes\iTunes.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceHelper.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Apple Application Support\distnoted.exe
(Alexander Roshal) C:\Program Files\WinRAR\WinRAR.exe
(Alexander Roshal) C:\Program Files\WinRAR\WinRAR.exe
(Apple Inc.) C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe
(Microsoft Corporation) C:\Windows\System32\WWAHost.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
 
 
==================== Registry (Whitelisted) ==================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [SRS Premium Sound HD] => C:\Program Files\SRS Labs\SRS Control Panel\SRSPanel_64.exe [2170784 2012-07-27] (SRS Labs, Inc.)
HKLM\...\Run: [TCrdMain] => C:\Program Files\TOSHIBA\Hotkey\TCrdMain_Win8.exe [2608040 2012-08-13] (TOSHIBA Corporation)
HKLM\...\Run: [TecoResident] => C:\Program Files\TOSHIBA\Teco\TecoResident.exe [169896 2012-08-13] (TOSHIBA Corporation)
HKLM\...\Run: [TosWaitSrv] => C:\Program Files\TOSHIBA\TPHM\TosWaitSrv.exe [356776 2012-07-11] (TOSHIBA Corporation)
HKLM\...\Run: [TSleepSrv] => C:\Program Files (x86)\TOSHIBA\System Setting\TSleepSrv.exe [1548952 2012-08-04] (TOSHIBA Corporation)
HKLM\...\Run: [TODDMain] => C:\Program Files (x86)\TOSHIBA\System Setting\TODDMain.exe [213136 2012-08-04] ()
HKLM\...\Run: [Logitech Download Assistant] => C:\Windows\system32\rundll32.exe C:\Windows\System32\LogiLDA.dll,LogiFetch
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2916152 2012-08-14] (Synaptics Incorporated)
HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [12936848 2012-07-13] (Realtek Semiconductor)
HKLM-x32\...\Run: [TPUReg] => C:\Program Files (x86)\TOSHIBA\Password Utility\Reg.exe [2085376 2012-07-09] (TODO: <公司名稱>)
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [60712 2014-10-11] (Apple Inc.)
HKLM-x32\...\Run: [AmazonGSDownloaderTray] => C:\Program Files (x86)\Amazon\Amazon Games & Software Downloader\AmazonGSDownloaderTray.exe [326144 2009-10-23] (Amazon.com)
HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [642216 2012-12-02] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2012-10-25] (Apple Inc.)
HKLM-x32\...\Run: [BlueStacks Agent] => C:\Program Files (x86)\BlueStacks\HD-Agent.exe [597880 2012-12-05] (BlueStack Systems, Inc.)
HKLM-x32\...\Run: [WinampAgent] => C:\Program Files (x86)\Winamp\winampa.exe [74752 2012-06-28] (Nullsoft, Inc.)
HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [4085896 2014-07-31] (AVAST Software)
HKLM-x32\...\Run: [Carbonite Backup] => C:\Program Files (x86)\Carbonite\Carbonite Backup\CarboniteUI.exe [1056976 2014-06-27] (Carbonite, Inc.)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [256896 2014-07-25] (Oracle Corporation)
HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [157480 2014-10-15] (Apple Inc.)
HKU\S-1-5-21-3713096268-3473879634-948429423-1001\...\Run: [Steam] => C:\Program Files (x86)\Steam\steam.exe [1938624 2014-10-21] (Valve Corporation)
HKU\S-1-5-21-3713096268-3473879634-948429423-1001\...\Run: [F.lux] => C:\Users\mathb_000\AppData\Local\FluxSoftware\Flux\flux.exe [1016712 2013-10-15] (Flux Software LLC)
HKU\S-1-5-21-3713096268-3473879634-948429423-1001\...\Run: [Spotify Web Helper] => C:\Users\mathb_000\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe [1514040 2014-10-08] (Spotify Ltd)
HKU\S-1-5-21-3713096268-3473879634-948429423-1001\...\Run: [Spotify] => C:\Users\mathb_000\AppData\Roaming\Spotify\spotify.exe [6553144 2014-10-08] (Spotify Ltd)
HKU\S-1-5-21-3713096268-3473879634-948429423-1001\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [21648480 2014-07-02] (Skype Technologies S.A.)
HKU\S-1-5-21-3713096268-3473879634-948429423-1001\...\Run: [Google Update] => C:\Users\mathb_000\AppData\Local\Google\Update\GoogleUpdate.exe [116648 2012-12-18] (Google Inc.)
HKU\S-1-5-21-3713096268-3473879634-948429423-1001\...\Run: [GoogleChromeAutoLaunch_473C14A47C446AAFF9E3FDD3FD4D72D2] => C:\Program Files (x86)\Google\Chrome\Application\chrome.exe [854344 2014-10-21] (Google Inc.)
HKU\S-1-5-21-3713096268-3473879634-948429423-1001\...\RunOnce: [FlashPlayerUpdate] => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashUtil32_15_0_0_152_Plugin.exe [854192 2014-09-09] (Adobe Systems Incorporated)
Startup: C:\Users\mathb_000\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk -> C:\Users\mathb_000\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
SSODL-x32: IconPackager Repair - {1799460C-0BC8-4865-B9DF-4A36CD703FF0} - C:\Program Files (x86)\Stardock\Object Desktop\IconPackager\iprepair.dll (Stardock.net, Inc)
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll (AVAST Software)
ShellIconOverlayIdentifiers: [Carbonite.Green] -> {95A27763-F62A-4114-9072-E81D87DE3B68} => C:\Program Files\Carbonite\Carbonite Backup\CarboniteNSE.dll (Carbonite, Inc.)
ShellIconOverlayIdentifiers: [Carbonite.Partial] -> {E300CD91-100F-4E67-9AF3-1384A6124015} => C:\Program Files\Carbonite\Carbonite Backup\CarboniteNSE.dll (Carbonite, Inc.)
ShellIconOverlayIdentifiers: [Carbonite.Yellow] -> {5E529433-B50E-4bef-A63B-16A6B71B071A} => C:\Program Files\Carbonite\Carbonite Backup\CarboniteNSE.dll (Carbonite, Inc.)
ShellIconOverlayIdentifiers: [DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\mathb_000\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\mathb_000\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [DropboxExt3] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\mathb_000\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [DropboxExt4] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\mathb_000\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ SkyDrivePro1 (ErrorConflict)] -> {8BA85C75-763B-4103-94EB-9470F12FE0F7} => C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL (Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [ SkyDrivePro2 (SyncInProgress)] -> {CD55129A-B1A1-438E-A425-CEBC7DC684EE} => C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL (Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [ SkyDrivePro3 (InSync)] -> {E768CD3B-BDDC-436D-9C13-E1B39CA257B1} => C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL (Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [Carbonite.Green] -> {95A27763-F62A-4114-9072-E81D87DE3B68} => C:\Program Files (x86)\Carbonite\Carbonite Backup\CarboniteNSE.dll (Carbonite, Inc.)
ShellIconOverlayIdentifiers-x32: [Carbonite.Partial] -> {E300CD91-100F-4E67-9AF3-1384A6124015} => C:\Program Files (x86)\Carbonite\Carbonite Backup\CarboniteNSE.dll (Carbonite, Inc.)
ShellIconOverlayIdentifiers-x32: [Carbonite.Yellow] -> {5E529433-B50E-4bef-A63B-16A6B71B071A} => C:\Program Files (x86)\Carbonite\Carbonite Backup\CarboniteNSE.dll (Carbonite, Inc.)
ShellIconOverlayIdentifiers-x32: [DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\mathb_000\AppData\Roaming\Dropbox\bin\DropboxExt.22.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\mathb_000\AppData\Roaming\Dropbox\bin\DropboxExt.22.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [DropboxExt3] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\mathb_000\AppData\Roaming\Dropbox\bin\DropboxExt.22.dll (Dropbox, Inc.)
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://google.com/
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://toshiba13.msn.com
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://toshiba13.msn.com
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://toshiba13.msn.com
SearchScopes: HKLM - {9F4F8C9A-201E-45B4-8AE7-5CC91141DEBC} URL = http://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=MATBJS
SearchScopes: HKLM-x32 - {9F4F8C9A-201E-45B4-8AE7-5CC91141DEBC} URL = http://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=MATBJS
SearchScopes: HKCU - {9F4F8C9A-201E-45B4-8AE7-5CC91141DEBC} URL = http://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=MATBJS
BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation)
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\URLREDIR.DLL (Microsoft Corporation)
BHO: Microsoft SPFS Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation)
BHO-x32: Adobe PDF Link Helper -> {18DF081C-E8AD-4283-A596-FA578C2EBDC3} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
BHO-x32: Evernote extension -> {92EF2EAD-A7CE-4424-B0DB-499CF856608E} -> C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll (Evernote Corp., 305 Walnut Street, Redwood City, CA 94063)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office 15\root\Office15\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Microsoft SPFS Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL (Microsoft Corporation)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Handler-x32: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\Office15\MSOSB.DLL (Microsoft Corporation)
Tcpip\Parameters: [DhcpNameServer] 209.18.47.61 209.18.47.62 192.168.1.1
 
FireFox:
========
FF ProfilePath: C:\Users\mathb_000\AppData\Roaming\Mozilla\Firefox\Profiles\3siszp71.default
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_15_0_0_152.dll ()
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_15_0_0_152.dll ()
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\windows\SysWOW64\Adobe\Director\np32dsw_1168638.dll (Adobe Systems, Inc.)
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @esn.me/esnsonar,version=0.70.4 -> C:\Program Files (x86)\Battlelog Web Plugins\Sonar\0.70.4\npesnsonar.dll (ESN Social Software AB)
FF Plugin-x32: @esn/esnlaunch,version=2.1.3 -> C:\Program Files (x86)\Battlelog Web Plugins\2.1.3\npesnlaunch.dll (ESN Social Software AB)
FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin-x32: @google.com/npPicasa3,version=3.0.0 -> C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF Plugin-x32: @java.com/DTPlugin,version=10.67.2 -> C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.67.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3505.0912 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.25.5\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.25.5\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.0.5 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: @citrixonline.com/appdetectorplugin -> C:\Users\mathb_000\AppData\Local\Citrix\Plugins\104\npappdetector.dll (Citrix Online)
FF Plugin HKCU: @hulu.com/Hulu Desktop -> C:\Users\mathb_000\AppData\Local\HuluDesktop\instances\0.9.14.1\npHDPlg.dll (Hulu LLC)
FF Plugin HKCU: @talk.google.com/GoogleTalkPlugin -> C:\Users\mathb_000\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll (Google)
FF Plugin HKCU: @talk.google.com/O1DPlugin -> C:\Users\mathb_000\AppData\Roaming\Mozilla\plugins\npo1d.dll (Google)
FF Plugin HKCU: @tools.google.com/Google Update;version=3 -> C:\Users\mathb_000\AppData\Local\Google\Update\1.3.25.5\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKCU: @tools.google.com/Google Update;version=9 -> C:\Users\mathb_000\AppData\Local\Google\Update\1.3.25.5\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKCU: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\mathb_000\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
FF Plugin HKCU: amazon.com/AmazonMP3DownloaderPlugin -> C:\Program Files (x86)\Amazon\MP3 Downloader\npAmazonMP3DownloaderPlugin101721.dll (Amazon.com, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npwachk.dll (Nullsoft, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Users\mathb_000\AppData\Roaming\mozilla\plugins\npatgpc.dll (Cisco WebEx LLC)
FF Plugin ProgramFiles/Appdata: C:\Users\mathb_000\AppData\Roaming\mozilla\plugins\npgoogletalk.dll (Google)
FF Plugin ProgramFiles/Appdata: C:\Users\mathb_000\AppData\Roaming\mozilla\plugins\npo1d.dll (Google)
FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: avast! Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2013-05-15]
 
Chrome: 
=======
CHR HomePage: Default -> 
CHR StartupUrls: Default -> "hxxp://www.google.com"
CHR Profile: C:\Users\mathb_000\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Magic Actions for YouTube™) - C:\Users\mathb_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\abjcfabbhafbcdfjoecdgepllmpfceif [2013-05-03]
CHR Extension: (Simple Profanity Filter) - C:\Users\mathb_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\ackkocjhcalcpgpfjcoinogdejibgbho [2013-11-02]
CHR Extension: (Task Timer) - C:\Users\mathb_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\aomfjmibjhhfdenfkpaodhnlhkolngif [2014-01-12]
CHR Extension: (Google Drive) - C:\Users\mathb_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2012-12-18]
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\mathb_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-06-12]
CHR Extension: (ColorZilla) - C:\Users\mathb_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\bhlhnicpbhignbdhedgjhgdocnmhomnp [2014-02-26]
CHR Extension: (WOT) - C:\Users\mathb_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\bhmmomiinigofkjcapegjjndpbikblnp [2012-12-18]
CHR Extension: (YouTube) - C:\Users\mathb_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2012-12-18]
CHR Extension: (Honey) - C:\Users\mathb_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\bmnlcjabgnpnenekpadlanbbkooimhnj [2013-03-10]
CHR Extension: (Ratings Preview for YouTube™) - C:\Users\mathb_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\cgbhdenfmgbagncdmgbholejjpmmiank [2014-09-16]
CHR Extension: (Add to Amazon Wish List) - C:\Users\mathb_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\ciagpekplgpbepdgggflgmahnjgiaced [2014-10-28]
CHR Extension: (Google Search) - C:\Users\mathb_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2012-12-18]
CHR Extension: (Reddit Widget [ANTP]) - C:\Users\mathb_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\cpcomccnnochpjdakpakbieihbglblcn [2013-02-08]
CHR Extension: (Youtube Auto Like) - C:\Users\mathb_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\doieigdiffomodifhffomcffhcpnfhgo [2013-05-03]
CHR Extension: (Chrome Connectivity Diagnostics) - C:\Users\mathb_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\eemlkeanncmjljgehlbplemhmdmalhdc [2014-09-12]
CHR Extension: (Fake Followers) - C:\Users\mathb_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\eklhkfonoplfidhhblionobmfpphpgfa [2013-11-07]
CHR Extension: (AdBlock) - C:\Users\mathb_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2014-05-13]
CHR Extension: (Last.fm play statistics!) - C:\Users\mathb_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\gjdlbgpikbcnmfhbdbgehdcbbokhfpoa [2013-05-31]
CHR Extension: (Countdown) - C:\Users\mathb_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\gjpgobmdmbpekdmokakiajlcdljldhbm [2013-06-24]
CHR Extension: (Hola Better Internet) - C:\Users\mathb_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\gkojfkhlekighikafcpjkiklfbnlmeio [2014-10-25]
CHR Extension: (Avast Online Security) - C:\Users\mathb_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki [2013-12-26]
CHR Extension: (TweetDeck by Twitter) - C:\Users\mathb_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\hbdpomandigafcibbmofojjchbcdagbl [2013-09-21]
CHR Extension: (LastPass: Free Password Manager) - C:\Users\mathb_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\hdokiejnpimakedhajhdlcegeplioahd [2013-12-09]
CHR Extension: (Grooveshark Scrobbler) - C:\Users\mathb_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\hdppnkfcjdlepmeimhfjjglnhoddlmmj [2013-08-01]
CHR Extension: (Word Filter) - C:\Users\mathb_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\hhcjejiphdooogohnbfompmnglmgeiol [2013-11-02]
CHR Extension: (Last.fm Scrobbler) - C:\Users\mathb_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\hhinaapppaileiechjoiifaancjggfjm [2013-09-21]
CHR Extension: (Don't Starve) - C:\Users\mathb_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\hiledapehlkhdehbhppgmekfalnlfajc [2012-12-18]
CHR Extension: (Turntable Plus) - C:\Users\mathb_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\icgjnmfceciegoonlpegpcaaeggghemc [2013-06-14]
CHR Extension: (Auto Replay for YouTube™) - C:\Users\mathb_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\kanbnempkjnhadplbfgdaagijdbdbjeb [2013-01-28]
CHR Extension: (Reddit Enhancement Suite) - C:\Users\mathb_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\kbmfpngjjgdllneeigpgjifpgocmfgmb [2012-12-18]
CHR Extension: (Autodesk Homestyler) - C:\Users\mathb_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\kdmmkfaghgcicheaimnpffeeekheafkb [2013-01-22]
CHR Extension: (MindCrack Chrome Extension) - C:\Users\mathb_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\kfeomebmlimdnjbppjajddcpeiceflhk [2013-01-02]
CHR Extension: (StayFocusd) - C:\Users\mathb_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\laankejkbhbdhmipfmgcngdelahlfoji [2014-08-20]
CHR Extension: (ColumnCopy) - C:\Users\mathb_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\lapbbfoohlcmlbdaakldmmallcbcbpjb [2013-09-12]
CHR Extension: (InvisibleHand) - C:\Users\mathb_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\lghjfnfolmcikomdjmoiemllfnlmmoko [2013-02-24]
CHR Extension: (SoundCloud Last.fm Scrobbler) - C:\Users\mathb_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\lkfldhagnkkkglcgieodhchgjbgdkhgk [2013-05-26]
CHR Extension: (Lazarus: Form Recovery) - C:\Users\mathb_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\loljledaigphbcpfhfmgopdkppkifgno [2013-12-10]
CHR Extension: (Awesome New Tab Page) - C:\Users\mathb_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\mgmiemnjjchgkmgbeljfocdjjnpjnmcg [2013-02-08]
CHR Extension: (Google Mail Checker) - C:\Users\mathb_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\mihcahmgecmbnbcchbopgniflfhgnkff [2013-06-22]
CHR Extension: (Need for Speed World) - C:\Users\mathb_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\mnnelgnkomjdakpkjpkfehdipjifjmbk [2013-01-22]
CHR Extension: (The Official Charts Company | The UK Charts | Top 40) - C:\Users\mathb_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\mpcdkmeeodakekpdljpfgkhkajgmnlco [2013-04-18]
CHR Extension: (Google Wallet) - C:\Users\mathb_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-09-01]
CHR Extension: (Auto Refresh Plus) - C:\Users\mathb_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\oilipfekkmncanaajkapbpancpelijih [2013-12-10]
CHR Extension: (Enhanced Steam) - C:\Users\mathb_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\okadibdjfemgnhjiembecghcbfknbfhg [2014-06-19]
CHR Extension: (Evernote Web Clipper) - C:\Users\mathb_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\pioclpoplcdbaefihamjohnefbikjilc [2013-06-26]
CHR Extension: (Gmail) - C:\Users\mathb_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2012-12-18]
CHR Extension: (unedditreddit) - C:\Users\mathb_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\ppgcnpiddlbiemncalhbpgkcgecfofpj [2013-02-07]
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2014-07-27]
 
==================== Services (Whitelisted) =================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 AMD FUEL Service; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [361984 2012-12-02] (Advanced Micro Devices, Inc.) [File not signed]
R2 AODService; C:\Program Files (x86)\AMD\OverDrive\AODAssist.exe [136648 2012-09-20] ()
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [50344 2014-07-27] (AVAST Software)
S2 BstHdAndroidSvc; C:\Program Files (x86)\BlueStacks\HD-Service.exe [393080 2012-12-05] (BlueStack Systems, Inc.)
R2 BstHdLogRotatorSvc; C:\Program Files (x86)\BlueStacks\HD-LogRotatorService.exe [384888 2012-12-05] (BlueStack Systems, Inc.)
S2 Fabs; C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\FABS.exe [1253376 2009-08-27] (MAGIX AG) [File not signed]
R2 FirebirdGuardianDefaultInstance; C:\Program Files (x86)\Firebird\Firebird_2_5\bin\fbguard.exe [98304 2013-03-19] (Firebird Project) [File not signed]
R3 FirebirdServerDefaultInstance; C:\Program Files (x86)\Firebird\Firebird_2_5\bin\fbserver.exe [3784704 2013-03-19] (Firebird Project) [File not signed]
S3 FirebirdServerMAGIXInstance; C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\fbserver.exe [3276800 2008-08-07] (MAGIX®) [File not signed]
R2 GFNEXSrv; C:\Program Files (x86)\Toshiba\Password Utility\GFNEXSrv.exe [156672 2011-10-13] () [File not signed]
R2 HitmanProScheduler; C:\Program Files\HitmanPro\hmpsched.exe [127752 2014-09-08] (SurfRight B.V.)
R2 Icecast-trunk; C:\Program Files (x86)\Icecast2 Win32\icecastService.exe [417792 2008-05-24] () [File not signed]
R3 KeyIso; C:\Windows\SysWOW64\keyiso.dll [44032 2013-08-21] (Microsoft Corporation)
S3 lfsvc; C:\Windows\SysWOW64\GeofenceMonitorService.dll [357376 2014-07-18] (Microsoft Corporation)
S3 Netlogon; C:\Windows\SysWOW64\netlogon.dll [688640 2014-07-18] (Microsoft Corporation)
R2 OfficeSvc; C:\Program Files\Microsoft Office 15\ClientX64\integratedoffice.exe [1494144 2012-09-11] (Microsoft Corporation)
R2 SbieSvc; C:\Program Files\Sandboxie\SbieSvc.exe [174088 2014-05-29] (Sandboxie Holdings, LLC)
R2 Simraceway Update Service; C:\Program Files (x86)\SimracewayUpdater\SRWUpdate.exe [1046016 2012-12-18] () [File not signed]
S3 smphost; C:\Windows\SysWOW64\smphost.dll [11776 2013-08-21] (Microsoft Corporation)
S3 StorSvc; C:\Windows\SysWOW64\storsvc.dll [18944 2013-08-21] (Microsoft Corporation)
R3 TunnelBearMaintenance; C:\Program Files (x86)\TunnelBear\TBear.Maintenance.exe [26048 2014-06-18] ()
R2 Unchecky; C:\Program Files (x86)\Unchecky\bin\unchecky_svc.exe [111208 2014-10-22] (RaMMicHaeL)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [347880 2014-07-18] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23824 2014-07-18] (Microsoft Corporation)
 
==================== Drivers (Whitelisted) ====================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 AODDriver4.2.0; C:\Program Files (x86)\AMD\OverDrive\amd64\AODDriver2.sys [57512 2012-09-20] (Advanced Micro Devices)
S2 APXACC; C:\Windows\system32\DRIVERS\appexDrv.sys [199008 2012-06-23] (AppEx Networks Corporation)
R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [29208 2014-07-27] ()
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [79184 2014-07-27] (AVAST Software)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [93568 2014-07-27] (AVAST Software)
R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65776 2014-07-27] ()
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1041168 2014-07-27] (AVAST Software)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [427360 2014-07-27] (AVAST Software)
R2 aswStm; C:\Windows\system32\drivers\aswStm.sys [92008 2014-07-27] (AVAST Software)
R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [224896 2014-07-27] ()
R3 AtiHDAudioService; C:\Windows\system32\drivers\AtihdW86.sys [98472 2012-07-17] (Advanced Micro Devices)
S2 BstHdDrv; C:\Program Files (x86)\BlueStacks\HD-Hypervisor-amd64.sys [71032 2012-12-05] (BlueStack Systems)
S3 DIRECTIO; C:\Program Files\PerformanceTest\DirectIo64.sys [25704 2012-08-13] ()
R2 PEGAGFN; C:\Program Files (x86)\Toshiba\Password Utility\PEGAGFN.sys [14344 2009-09-11] (PEGATRON)
R3 RTWlanE; C:\Windows\system32\DRIVERS\rtwlane.sys [1936088 2013-07-31] (Realtek Semiconductor Corporation                           )
R3 SbieDrv; C:\Program Files\Sandboxie\SbieDrv.sys [185352 2014-05-29] (Sandboxie Holdings, LLC)
R3 tap-tb-0901; C:\Windows\system32\DRIVERS\tap-tb-0901.sys [39168 2014-06-17] (The OpenVPN Project)
R3 Thotkey; C:\Windows\System32\drivers\Thotkey.sys [28632 2012-07-31] (Windows ® Win 7 DDK provider)
S3 USBAAPL64; C:\Windows\System32\Drivers\usbaapl64.sys [54784 2012-12-13] (Apple, Inc.) [File not signed]
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [123224 2014-07-18] (Microsoft Corporation)
 
==================== NetSvcs (Whitelisted) ===================
 
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
 
 
==================== One Month Created Files and Folders ========
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2014-11-02 12:40 - 2014-11-02 12:41 - 00000000 ____D () C:\FRST
2014-11-02 12:39 - 2014-11-02 12:40 - 02114560 _____ (Farbar) C:\Users\mathb_000\Downloads\FRST64.exe
2014-11-02 08:50 - 2014-11-02 08:50 - 00007845 _____ () C:\Users\mathb_000\Documents\bjsc 70 ~.xlsx
2014-11-02 08:50 - 2014-11-02 08:50 - 00000165 ____H () C:\Users\mathb_000\Documents\~$bjsc 70 ~.xlsx
2014-11-02 08:29 - 2014-11-02 08:31 - 113931124 _____ () C:\Users\mathb_000\Downloads\Semifinal 1 part 2.zip
2014-11-02 08:28 - 2014-11-02 08:28 - 00000000 ____D () C:\Users\mathb_000\Documents\BJSC 70
2014-11-02 08:26 - 2014-11-02 08:28 - 128070633 _____ () C:\Users\mathb_000\Downloads\Semifinal 1 part 1.zip
2014-10-31 19:30 - 2014-10-31 19:30 - 00010027 _____ () C:\Users\mathb_000\Documents\aesc7 ip.xlsx
2014-10-31 19:30 - 2014-10-31 19:30 - 00000165 ____H () C:\Users\mathb_000\Documents\~$aesc7 ip.xlsx
2014-10-31 12:31 - 2014-10-31 12:31 - 00370995 _____ () C:\Users\mathb_000\Downloads\APRIL_2014.SV6
2014-10-29 12:56 - 2014-10-29 12:56 - 03210534 _____ () C:\Users\mathb_000\Desktop\AttendeeViewerImage007.bmp
2014-10-29 09:40 - 2014-10-29 09:44 - 132727365 _____ () C:\Users\mathb_000\Downloads\UP_18_DISC_2.zip
2014-10-29 09:40 - 2014-10-29 09:43 - 106869395 _____ () C:\Users\mathb_000\Downloads\UP_18_DISC_1.zip
2014-10-28 20:21 - 2014-10-28 20:21 - 00008688 _____ () C:\Users\mathb_000\Downloads\Youth Squared Website Crew meeting
2014-10-27 14:51 - 2014-10-27 14:52 - 00000000 ____D () C:\Users\mathb_000\AppData\Roaming\com.amazon.music.uploader
2014-10-27 14:51 - 2014-10-27 14:51 - 00001263 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Amazon Music Importer.lnk
2014-10-27 14:51 - 2014-10-27 14:51 - 00000000 ____D () C:\Users\mathb_000\Documents\Amazon Music Importer
2014-10-27 14:51 - 2014-10-27 14:51 - 00000000 ____D () C:\Users\Default\AppData\Roaming\Macromedia
2014-10-27 14:51 - 2014-10-27 14:51 - 00000000 ____D () C:\Users\Default User\AppData\Roaming\Macromedia
2014-10-27 14:49 - 2014-10-27 14:49 - 09659608 _____ () C:\Users\mathb_000\Downloads\AmazonMusicImporterInstaller-2.1.0._V337128703_.exe
2014-10-26 09:53 - 2014-10-26 09:53 - 00013917 _____ () C:\Users\mathb_000\Documents\The Voice ;;;.xlsx
2014-10-25 12:51 - 2014-10-25 12:51 - 00014405 _____ () C:\Users\mathb_000\Documents\kworbtest1025.txt
2014-10-25 12:51 - 2014-10-25 12:51 - 00014405 _____ () C:\Users\mathb_000\Documents\kworbtest1025.html
2014-10-25 12:43 - 2014-10-25 12:45 - 00012200 _____ () C:\Users\mathb_000\Documents\kworb.html
2014-10-25 12:41 - 2014-10-25 12:41 - 00012140 _____ () C:\Users\mathb_000\Documents\kworb.txt
2014-10-24 18:07 - 2014-10-26 17:51 - 00015533 _____ () C:\Users\mathb_000\Documents\Compilations (Autosaved).xlsx
2014-10-23 13:27 - 2014-10-23 13:27 - 01222144 _____ () C:\Users\mathb_000\Downloads\RSITx64 (1).exe
2014-10-23 13:24 - 2014-10-23 13:24 - 00688992 _____ (Swearware) C:\Users\mathb_000\Downloads\dds.com
2014-10-23 13:22 - 2014-10-23 13:29 - 00000000 ____D () C:\Program Files\trend micro
2014-10-23 13:22 - 2014-10-23 13:22 - 00000000 ____D () C:\rsit
2014-10-23 13:21 - 2014-10-23 13:21 - 01222144 _____ () C:\Users\mathb_000\Downloads\RSITx64.exe
2014-10-23 12:50 - 2014-10-23 12:50 - 02333906 _____ () C:\Users\mathb_000\Documents\Taylor Swift Snippet 2.mp4
2014-10-23 12:47 - 2014-10-23 12:47 - 02058776 _____ () C:\Users\mathb_000\Documents\Taylor Swift - Wildest Dreams Snippet.mp4
2014-10-23 09:08 - 2014-10-23 09:08 - 00001182 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2014-10-23 09:08 - 2014-10-23 09:08 - 00001170 _____ () C:\Users\Public\Desktop\Mozilla Firefox.lnk
2014-10-23 09:08 - 2014-10-23 09:08 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2014-10-23 09:06 - 2014-10-23 09:06 - 00244032 _____ () C:\Users\mathb_000\Downloads\Firefox Setup Stub 33.0.exe
2014-10-22 20:53 - 2014-10-22 20:53 - 00003954 _____ () C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{744F28E1-18FB-4223-B479-52C3B3BFF004}
2014-10-22 20:37 - 2014-10-22 20:37 - 00001299 _____ () C:\Users\mathb_000\Desktop\JRT.txt
2014-10-22 20:22 - 2014-10-22 20:22 - 01706144 _____ (Thisisu) C:\Users\mathb_000\Downloads\JRT.exe
2014-10-22 20:13 - 2014-10-22 20:13 - 01962496 _____ () C:\Users\mathb_000\Downloads\AdwCleaner (1).exe
2014-10-22 20:09 - 2014-10-22 20:09 - 04161313 _____ () C:\Users\mathb_000\Downloads\tdsskiller.zip
2014-10-22 20:05 - 2014-10-22 20:05 - 00068423 _____ () C:\Users\mathb_000\Desktop\Result.txt
2014-10-22 20:04 - 2014-10-22 20:04 - 00401920 _____ (Farbar) C:\Users\mathb_000\Desktop\MiniToolBox.exe
2014-10-22 12:56 - 2014-10-22 12:56 - 03722994 _____ () C:\Users\mathb_000\Desktop\AttendeeViewerImage006.bmp
2014-10-22 12:54 - 2014-10-22 12:54 - 03722994 _____ () C:\Users\mathb_000\Desktop\AttendeeViewerImage005.bmp
2014-10-19 20:00 - 2014-10-19 20:00 - 00000720 _____ () C:\Users\mathb_000\Downloads\kasperskyReport.txt
2014-10-19 16:47 - 2014-10-19 16:47 - 00001806 _____ () C:\Users\Public\Desktop\iTunes.lnk
2014-10-19 16:47 - 2014-10-19 16:47 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
2014-10-19 16:45 - 2014-10-19 16:45 - 00000000 ____D () C:\Program Files\iPod
2014-10-19 16:44 - 2014-10-19 16:47 - 00000000 ____D () C:\ProgramData\E1864A66-75E3-486a-BD95-D1B7D99A84A7
2014-10-19 16:44 - 2014-10-19 16:47 - 00000000 ____D () C:\Program Files\iTunes
2014-10-19 08:51 - 2014-10-19 08:51 - 00004544 _____ () C:\Users\mathb_000\Downloads\est scan 10 19 14.txt
2014-10-18 09:25 - 2014-10-18 09:34 - 00954539 _____ () C:\Users\mathb_000\Downloads\esetsmartinstaller_enu (2).exe
2014-10-15 12:55 - 2014-10-15 12:55 - 03210534 _____ () C:\Users\mathb_000\Desktop\AttendeeViewerImage004.bmp
2014-10-15 11:45 - 2014-09-13 01:02 - 02779648 _____ (Microsoft Corporation) C:\WINDOWS\system32\msi.dll
2014-10-15 11:45 - 2014-09-13 00:30 - 03117568 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msi.dll
2014-10-15 11:45 - 2014-09-03 19:10 - 00118272 _____ (Microsoft Corporation) C:\WINDOWS\system32\winbici.dll
2014-10-15 11:45 - 2014-09-03 18:57 - 00921600 _____ (Microsoft Corporation) C:\WINDOWS\system32\MrmCoreR.dll
2014-10-15 11:45 - 2014-09-03 18:49 - 00626688 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MrmCoreR.dll
2014-10-15 11:45 - 2014-08-28 20:58 - 00109568 _____ (Microsoft Corporation) C:\WINDOWS\system32\appinfo.dll
2014-10-15 11:45 - 2014-08-28 18:56 - 02646016 _____ (Microsoft Corporation) C:\WINDOWS\system32\authui.dll
2014-10-15 11:45 - 2014-08-28 18:47 - 02321920 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\authui.dll
2014-10-15 11:15 - 2014-08-15 23:08 - 21195616 _____ (Microsoft Corporation) C:\WINDOWS\system32\shell32.dll
2014-10-15 11:15 - 2014-08-15 23:08 - 01507648 _____ (Microsoft Corporation) C:\WINDOWS\system32\propsys.dll
2014-10-15 11:15 - 2014-08-15 23:01 - 01710184 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntdll.dll
2014-10-15 11:15 - 2014-08-15 22:58 - 01112512 _____ (Microsoft Corporation) C:\WINDOWS\system32\KernelBase.dll
2014-10-15 11:15 - 2014-08-15 22:57 - 02498880 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\tcpip.sys
2014-10-15 11:15 - 2014-08-15 22:57 - 00428864 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\FWPKCLNT.SYS
2014-10-15 11:15 - 2014-08-15 22:16 - 18722600 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\shell32.dll
2014-10-15 11:15 - 2014-08-15 22:16 - 01205976 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\propsys.dll
2014-10-15 11:15 - 2014-08-15 22:03 - 01467384 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ntdll.dll
2014-10-15 11:15 - 2014-08-15 20:31 - 00838144 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\KernelBase.dll
2014-10-15 11:15 - 2014-08-15 20:04 - 00359424 _____ (Microsoft Corporation) C:\WINDOWS\system32\Wldap32.dll
2014-10-15 11:15 - 2014-08-15 19:58 - 00287744 _____ (Microsoft Corporation) C:\WINDOWS\system32\SystemEventsBrokerServer.dll
2014-10-15 11:15 - 2014-08-15 19:53 - 00118272 _____ (Microsoft Corporation) C:\WINDOWS\system32\httpprxm.dll
2014-10-15 11:15 - 2014-08-15 19:46 - 00290816 _____ (Microsoft Corporation) C:\WINDOWS\system32\ProximityService.dll
2014-10-15 11:15 - 2014-08-15 19:45 - 00267776 _____ (Microsoft Corporation) C:\WINDOWS\system32\bisrv.dll
2014-10-15 11:15 - 2014-08-15 19:43 - 00321024 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Wldap32.dll
2014-10-15 11:15 - 2014-08-15 19:43 - 00075776 _____ (Microsoft Corporation) C:\WINDOWS\system32\adhsvc.dll
2014-10-15 11:15 - 2014-08-15 19:31 - 00914432 _____ (Microsoft Corporation) C:\WINDOWS\system32\iphlpsvc.dll
2014-10-15 11:15 - 2014-08-15 19:31 - 00286208 _____ (Microsoft Corporation) C:\WINDOWS\system32\pcsvDevice.dll
2014-10-15 11:15 - 2014-08-15 19:29 - 00249344 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.ApplicationModel.Store.TestingFramework.dll
2014-10-15 11:15 - 2014-08-15 19:23 - 01106432 _____ (Microsoft Corporation) C:\WINDOWS\system32\SearchFolder.dll
2014-10-15 11:15 - 2014-08-15 19:22 - 00717824 _____ (Microsoft Corporation) C:\WINDOWS\system32\SkyDriveTelemetry.dll
2014-10-15 11:15 - 2014-08-15 19:22 - 00286208 _____ (Microsoft Corporation) C:\WINDOWS\system32\SkyDriveShell.dll
2014-10-15 11:15 - 2014-08-15 19:19 - 00189952 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.ApplicationModel.Store.TestingFramework.dll
2014-10-15 11:15 - 2014-08-15 19:18 - 04758528 _____ (Microsoft Corporation) C:\WINDOWS\system32\SyncEngine.dll
2014-10-15 11:15 - 2014-08-15 19:17 - 08757760 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Search.dll
2014-10-15 11:15 - 2014-08-15 19:14 - 00265216 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SkyDriveShell.dll
2014-10-15 11:15 - 2014-08-15 19:13 - 06649344 _____ (Microsoft Corporation) C:\WINDOWS\system32\mstscax.dll
2014-10-15 11:15 - 2014-08-15 19:13 - 05902848 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Search.dll
2014-10-15 11:15 - 2014-08-15 19:13 - 00840192 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SearchFolder.dll
2014-10-15 11:15 - 2014-08-15 19:11 - 00920064 _____ (Microsoft Corporation) C:\WINDOWS\system32\WSShared.dll
2014-10-15 11:15 - 2014-08-15 19:10 - 01120768 _____ (Microsoft Corporation) C:\WINDOWS\system32\SkyDrive.exe
2014-10-15 11:15 - 2014-08-15 19:08 - 05777408 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mstscax.dll
2014-10-15 11:15 - 2014-08-15 19:07 - 00756224 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WSShared.dll
2014-10-15 11:15 - 2014-07-31 18:22 - 00388729 _____ () C:\WINDOWS\system32\ApnDatabase.xml
2014-10-15 11:05 - 2014-09-27 17:25 - 04183040 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32k.sys
2014-10-15 11:04 - 2014-09-25 17:50 - 13619200 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2014-10-15 11:04 - 2014-09-25 17:46 - 00243200 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dxtrans.dll
2014-10-15 11:04 - 2014-09-25 17:46 - 00069632 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtmled.dll
2014-10-15 11:04 - 2014-09-25 17:43 - 11807232 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
2014-10-15 11:04 - 2014-09-25 17:32 - 02017280 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcpl.cpl
2014-10-15 11:04 - 2014-09-25 17:31 - 02108416 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcpl.cpl
2014-10-15 11:04 - 2014-09-18 21:25 - 23631360 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2014-10-15 11:04 - 2014-09-18 20:44 - 17484800 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2014-10-15 11:04 - 2014-09-18 20:41 - 02796032 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll
2014-10-15 11:04 - 2014-09-18 20:40 - 00547328 _____ (Microsoft Corporation) C:\WINDOWS\system32\vbscript.dll
2014-10-15 11:04 - 2014-09-18 20:38 - 00083968 _____ (Microsoft Corporation) C:\WINDOWS\system32\MshtmlDac.dll
2014-10-15 11:04 - 2014-09-18 20:36 - 05829632 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
2014-10-15 11:04 - 2014-09-18 20:25 - 04201472 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll
2014-10-15 11:04 - 2014-09-18 20:25 - 00758272 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9diag.dll
2014-10-15 11:04 - 2014-09-18 20:00 - 00085504 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtmled.dll
2014-10-15 11:04 - 2014-09-18 19:59 - 00061952 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MshtmlDac.dll
2014-10-15 11:04 - 2014-09-18 19:58 - 00289280 _____ (Microsoft Corporation) C:\WINDOWS\system32\dxtrans.dll
2014-10-15 11:04 - 2014-09-18 19:55 - 02187264 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll
2014-10-15 11:04 - 2014-09-18 19:42 - 00731136 _____ (Microsoft Corporation) C:\WINDOWS\system32\msfeeds.dll
2014-10-15 11:04 - 2014-09-18 19:42 - 00710656 _____ (Microsoft Corporation) C:\WINDOWS\system32\ie4uinit.exe
2014-10-15 11:04 - 2014-09-18 19:42 - 00363008 _____ (Microsoft Corporation) C:\WINDOWS\system32\iedkcs32.dll
2014-10-15 11:04 - 2014-09-18 19:33 - 02309632 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll
2014-10-15 11:04 - 2014-09-18 19:20 - 00607744 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msfeeds.dll
2014-10-15 11:04 - 2014-09-18 19:20 - 00315904 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iedkcs32.dll
2014-10-15 11:04 - 2014-09-18 19:14 - 01447936 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
2014-10-15 11:04 - 2014-09-18 18:59 - 01810944 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll
2014-10-15 11:04 - 2014-09-18 18:53 - 01190400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll
2014-10-15 11:03 - 2014-09-18 20:02 - 00454656 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\vbscript.dll
2014-10-15 11:03 - 2014-09-18 18:59 - 00775168 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieapfltr.dll
2014-10-15 11:03 - 2014-09-18 18:52 - 00678400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieapfltr.dll
2014-10-15 11:03 - 2014-09-07 22:15 - 00054752 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuauclt.exe
2014-10-15 11:03 - 2014-09-07 20:46 - 00059904 _____ (Microsoft Corporation) C:\WINDOWS\system32\wups.dll
2014-10-15 11:03 - 2014-09-07 20:46 - 00050688 _____ (Microsoft Corporation) C:\WINDOWS\system32\wups2.dll
2014-10-15 11:03 - 2014-09-07 19:08 - 00035328 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuapp.exe
2014-10-15 11:03 - 2014-09-07 19:07 - 00137728 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuwebv.dll
2014-10-15 11:03 - 2014-09-07 19:05 - 03448320 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuaueng.dll
2014-10-15 11:03 - 2014-09-07 19:04 - 00388608 _____ (Microsoft Corporation) C:\WINDOWS\system32\WUSettingsProvider.dll
2014-10-15 11:03 - 2014-09-07 19:04 - 00093696 _____ (Microsoft Corporation) C:\WINDOWS\system32\wudriver.dll
2014-10-15 11:03 - 2014-09-07 19:03 - 01702400 _____ (Microsoft Corporation) C:\WINDOWS\system32\wucltux.dll
2014-10-15 11:03 - 2014-09-07 19:03 - 00839680 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuapi.dll
2014-10-15 11:03 - 2014-09-07 18:59 - 00123904 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wuwebv.dll
2014-10-15 11:03 - 2014-09-07 18:59 - 00031232 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wuapp.exe
2014-10-15 11:03 - 2014-09-07 18:56 - 00672256 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wuapi.dll
2014-10-15 11:03 - 2014-09-07 18:56 - 00080896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wudriver.dll
2014-10-15 11:02 - 2014-09-13 01:29 - 00076288 _____ (Microsoft Corporation) C:\WINDOWS\system32\packager.dll
2014-10-15 11:02 - 2014-09-13 00:49 - 00068608 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\packager.dll
2014-10-15 11:01 - 2014-09-03 19:12 - 00590336 _____ (Microsoft Corporation) C:\WINDOWS\system32\rastls.dll
2014-10-15 11:01 - 2014-09-03 19:01 - 00514048 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rastls.dll
2014-10-14 19:34 - 2014-10-14 19:34 - 00000000 ____D () C:\Users\mathb_000\Documents\Need for Speed World
2014-10-14 13:21 - 2014-10-14 13:22 - 12940197 _____ () C:\Users\mathb_000\Downloads\MWRMac.zip
2014-10-13 09:08 - 2014-10-13 09:08 - 00008714 _____ () C:\Users\mathb_000\Documents\New Microsoft Office Excel Worksheet.xlsx
2014-10-12 08:20 - 2014-10-12 08:22 - 220852514 _____ () C:\Users\mathb_000\Downloads\Final Tracks.zip
2014-10-10 10:00 - 2014-10-10 10:00 - 00002327 _____ () C:\Users\mathb_000\Downloads\eset1.txt
2014-10-08 13:01 - 2014-10-08 13:01 - 03983670 _____ () C:\Users\mathb_000\Desktop\AttendeeViewerImage003.bmp
2014-10-08 13:00 - 2014-10-08 13:00 - 03983670 _____ () C:\Users\mathb_000\Desktop\AttendeeViewerImage002.bmp
2014-10-07 17:54 - 2014-10-07 17:54 - 00027312 _____ () C:\Users\mathb_000\Downloads\HitmanPro_20140906_1752 (1).log
2014-10-03 18:49 - 2014-10-13 09:06 - 00018883 _____ () C:\Users\mathb_000\Documents\bjsc 69 ~.xlsx
2014-10-03 14:36 - 2014-10-03 14:36 - 00001755 _____ () C:\Users\mathb_000\Downloads\tmex-unlock.zip
2014-10-03 09:41 - 2014-10-03 20:22 - 00000000 ____D () C:\Users\mathb_000\Documents\BJSC 69
2014-10-03 09:40 - 2014-10-03 10:25 - 215970727 _____ () C:\Users\mathb_000\Downloads\Semi 02.zip
 
==================== One Month Modified Files and Folders =======
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2014-11-02 12:44 - 2014-08-11 16:37 - 00035097 _____ () C:\Users\mathb_000\Downloads\FRST.txt
2014-11-02 12:44 - 2012-12-18 15:32 - 00000000 ____D () C:\Users\mathb_000\AppData\Roaming\Skype
2014-11-02 12:42 - 2013-02-01 12:35 - 00000830 _____ () C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
2014-11-02 12:38 - 2014-07-18 11:24 - 01359863 _____ () C:\WINDOWS\WindowsUpdate.log
2014-11-02 12:25 - 2013-05-15 09:57 - 00000406 _____ () C:\WINDOWS\Tasks\WpsUpdateTask_mathb_000.job
2014-11-02 12:13 - 2012-12-28 19:47 - 00000000 ____D () C:\Users\mathb_000\AppData\Roaming\Spotify
2014-11-02 12:11 - 2014-06-22 17:34 - 00000610 _____ () C:\WINDOWS\Tasks\G2MUpdateTask-S-1-5-21-3713096268-3473879634-948429423-1001.job
2014-11-02 12:10 - 2012-12-26 14:07 - 00000948 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-3713096268-3473879634-948429423-1001UA.job
2014-11-02 12:00 - 2013-08-22 10:36 - 00000000 ____D () C:\WINDOWS\system32\sru
2014-11-02 11:48 - 2012-12-18 14:04 - 00000930 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2014-11-02 10:49 - 2013-04-11 18:05 - 00000000 ____D () C:\Users\mathb_000\AppData\Local\Last.fm
2014-11-02 10:10 - 2012-12-26 14:07 - 00000896 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-3713096268-3473879634-948429423-1001Core.job
2014-11-02 08:22 - 2014-03-18 05:03 - 00863592 _____ () C:\WINDOWS\system32\PerfStringBackup.INI
2014-11-01 11:56 - 2012-12-19 17:36 - 00000000 ____D () C:\Program Files (x86)\Steam
2014-11-01 11:02 - 2012-12-18 18:24 - 00000000 ____D () C:\Users\mathb_000\AppData\Local\CrashDumps
2014-11-01 11:01 - 2014-07-08 09:14 - 00000000 ____D () C:\Users\mathb_000\Documents\Back Up
2014-11-01 09:05 - 2013-08-22 10:36 - 00000000 ____D () C:\WINDOWS\AppReadiness
2014-10-31 19:20 - 2014-09-19 14:35 - 00000000 ____D () C:\Users\mathb_000\Documents\AESC
2014-10-29 22:27 - 2012-12-28 19:47 - 00000000 ____D () C:\Users\mathb_000\AppData\Local\Spotify
2014-10-29 16:11 - 2012-12-18 14:05 - 00003598 _____ () C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-3713096268-3473879634-948429423-1001
2014-10-29 14:35 - 2014-10-01 11:30 - 00001373 _____ () C:\Users\Public\Desktop\The Sims 4.lnk
2014-10-29 14:28 - 2012-08-18 06:21 - 00000000 ____D () C:\Program Files (x86)\Origin
2014-10-29 12:56 - 2012-12-30 18:39 - 00242176 ___SH () C:\Users\mathb_000\Desktop\Thumbs.db
2014-10-29 09:37 - 2014-08-29 09:46 - 00000000 ____D () C:\Users\Public\Documents\TT Algebra 2
2014-10-29 09:17 - 2014-06-22 17:34 - 00003624 _____ () C:\WINDOWS\System32\Tasks\G2MUpdateTask-S-1-5-21-3713096268-3473879634-948429423-1001
2014-10-27 14:51 - 2012-12-26 15:58 - 00000000 ____D () C:\Program Files (x86)\Amazon
2014-10-27 14:51 - 2012-08-18 06:20 - 00000000 ____D () C:\Program Files (x86)\Adobe
2014-10-27 14:51 - 2012-08-18 06:19 - 00000000 ____D () C:\ProgramData\Adobe
2014-10-27 14:50 - 2012-12-18 13:58 - 00000000 ____D () C:\Users\mathb_000\AppData\Roaming\Adobe
2014-10-27 14:49 - 2013-01-09 17:33 - 00000000 ____D () C:\Users\mathb_000\AppData\Local\Adobe
2014-10-27 07:34 - 2014-01-26 18:55 - 00000000 ____D () C:\Users\mathb_000\Documents\Covers
2014-10-23 09:08 - 2014-08-07 12:45 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-10-23 09:00 - 2014-07-01 11:30 - 00000000 ____D () C:\Program Files (x86)\TunnelBear
2014-10-22 20:58 - 2014-06-12 07:44 - 00004182 _____ () C:\WINDOWS\System32\Tasks\avast! Emergency Update
2014-10-22 20:57 - 2013-08-22 09:45 - 00000006 ____H () C:\WINDOWS\Tasks\SA.DAT
2014-10-22 20:56 - 2013-08-22 08:25 - 00262144 ___SH () C:\WINDOWS\system32\config\BBI
2014-10-22 20:46 - 2014-03-18 04:54 - 00091444 _____ () C:\WINDOWS\PFRO.log
2014-10-22 20:45 - 2014-09-30 20:05 - 00000000 ____D () C:\AdwCleaner
2014-10-22 20:43 - 2012-12-18 14:04 - 00003902 _____ () C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineUA
2014-10-22 20:43 - 2012-12-18 14:04 - 00003666 _____ () C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineCore
2014-10-22 20:43 - 2012-12-18 14:04 - 00000926 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2014-10-22 16:48 - 2014-09-29 14:21 - 00000000 ____D () C:\Users\mathb_000\Documents\U.S. History ; English 8
2014-10-20 15:10 - 2012-12-20 06:13 - 02407936 ___SH () C:\Users\mathb_000\Downloads\Thumbs.db
2014-10-20 10:01 - 2013-08-22 10:36 - 00000000 ____D () C:\WINDOWS\rescache
2014-10-19 16:47 - 2013-03-17 10:54 - 00000000 ____D () C:\Program Files (x86)\iTunes
2014-10-19 16:45 - 2012-12-24 12:26 - 00000000 ____D () C:\Program Files\Common Files\Apple
2014-10-19 16:44 - 2013-11-10 17:42 - 00000000 ____D () C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
2014-10-19 10:44 - 2012-12-24 12:26 - 00000000 ____D () C:\ProgramData\Apple
2014-10-19 10:09 - 2013-08-22 09:44 - 00608896 _____ () C:\WINDOWS\system32\FNTCACHE.DAT
2014-10-19 10:05 - 2013-08-22 10:36 - 00000000 ___RD () C:\WINDOWS\ToastData
2014-10-19 10:05 - 2013-08-22 10:36 - 00000000 ____D () C:\WINDOWS\WinStore
2014-10-19 10:05 - 2013-08-22 10:36 - 00000000 ____D () C:\WINDOWS\MediaViewer
2014-10-19 10:05 - 2013-08-22 10:36 - 00000000 ____D () C:\WINDOWS\FileManager
2014-10-19 10:05 - 2013-08-22 10:36 - 00000000 ____D () C:\WINDOWS\Camera
2014-10-19 10:02 - 2013-08-14 19:54 - 00000000 ____D () C:\WINDOWS\system32\MRT
2014-10-19 09:45 - 2012-12-19 15:13 - 103265616 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2014-10-16 09:33 - 2013-04-18 18:39 - 00000000 ____D () C:\ProgramData\Microsoft Help
2014-10-16 09:33 - 2012-07-26 02:59 - 00000000 ____D () C:\WINDOWS\CbsTemp
2014-10-16 09:05 - 2012-12-26 14:07 - 00003902 _____ () C:\WINDOWS\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-3713096268-3473879634-948429423-1001UA
2014-10-16 09:05 - 2012-12-26 14:07 - 00003522 _____ () C:\WINDOWS\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-3713096268-3473879634-948429423-1001Core
2014-10-14 16:37 - 2014-09-15 17:37 - 00000000 ____D () C:\Users\mathb_000\Documents\BJSC 68 semi 2
2014-10-13 15:57 - 2012-12-18 20:53 - 01205248 ___SH () C:\Users\mathb_000\Documents\Thumbs.db
2014-10-13 10:56 - 2014-09-21 17:31 - 00014513 _____ () C:\Users\mathb_000\Documents\AESC4.xlsx
2014-10-13 10:55 - 2014-09-23 10:01 - 00012507 _____ () C:\Users\mathb_000\Documents\AESC5.xlsx
2014-10-12 09:55 - 2014-03-30 11:56 - 00122584 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2014-10-12 09:53 - 2013-08-22 09:46 - 00286686 _____ () C:\WINDOWS\setupact.log
2014-10-10 15:30 - 2012-12-18 14:29 - 00000000 ____D () C:\Users\mathb_000\AppData\Roaming\.minecraft
 
Some content of TEMP:
====================
C:\Users\mathb_000\AppData\Local\Temp\Quarantine.exe
C:\Users\mathb_000\AppData\Local\Temp\Setup.exe
C:\Users\mathb_000\AppData\Local\Temp\SkypeSetup.exe
C:\Users\mathb_000\AppData\Local\Temp\sqlite3.dll
C:\Users\mathb_000\AppData\Local\Temp\SRLDetectionLibrary4063846617482048774.dll
 
 
==================== Bamital & volsnap Check =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
 
 
LastRegBack: 2014-10-25 09:56
 
==================== End Of Log ============================
 
The UP, AESC, and BJSC files are part of online contests I participate in.


#4 HelpBot

HelpBot

    Bleepin' Binary Bot


  • Bots
  • 12,765 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:12:25 PM

Posted 02 November 2014 - 02:55 PM

Hello again!

I haven't heard from you in 5 days. Therefore, I am going to assume that you no longer need our help, and close this topic.

If you do still need help, please send a Private Message to any Moderator within the next five days. Be sure to include a link to your topic in your Private Message.

Thank you for using Bleeping Computer, and have a great day!

#5 Math.

Math.
  • Topic Starter

  • Members
  • 36 posts
  • OFFLINE
  •  
  • Local time:12:25 PM

Posted 02 November 2014 - 08:23 PM

Sorry for the lack of info in the first post(s), I do not have a Windows CD and I am running Windows 8.1 64bit.



#6 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 37,998 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:08:25 AM

Posted 03 November 2014 - 06:23 PM

Greetings Math. and :welcome: to BleepingComputer's Virus/Trojan/Spyware/Malware Removal forum.

My name is Oh My! and I am here to help you! Now that we are "friends" please call me Gary.

If you would allow me to call you by your first name I would prefer to do that. :thumbup2:

===================================================

Ground Rules:
  • First, I would like to inform you that most of us here at Bleeping Computer offer our expert assistance out of the goodness of our hearts. Please try to match our commitment to you with your patience toward us. If this was easy we would never have met. :)
  • Please do not run any tools or take any steps other than those I will provide for you while we work on your computer together. I need to be certain about the state of your computer in order to provide appropriate and effective steps for you to take. Most often "well intentioned" (and usually panic driven!) independent efforts can make things much worse for both of us. If at any point you would prefer to take your own steps please let me know, I will not be offended. I would be happy to focus on the many others who are waiting in line for assistance.
  • Please perform all steps in the order they are listed in each set of instructions. Some steps may be a bit complicated. If things are not clear, be sure to stop and let me know. We need to work on this together with confidence.
  • Please copy and paste all logs into your post unless directed otherwise. Please do not re-run any programs I suggest. If you encounter problems simply stop and tell me.
  • When you post your reply, use the Replytopic.jpg button instead.
  • In the upper right hand corner of the topic you will see the Followtopic.jpg button. Click on this then choose Immediate E-Mail notification and then Proceed and you will be sent an email once I have posted a response.
  • If you do not reply to your topic after 5 days we assume it has been abandoned and I will close it.
  • When your computer is clean I will alert you of such. I will also provide for you detailed information about how you can combat future infections.
  • I would like to remind you to make no further changes to your computer unless I direct you to do so.
  • Now let's get started :thumbup2:
===================================================

Now that I am assisting you, you can expect that I will be very responsive to your situation. If you are able, I would request you check this thread at least once per day so that we can try to resolve your issues effectively and efficiently. If you are going to be delayed please be considerate and post that information so that I know you are still with me. Unfortunately, there are many people waiting to be assisted and not enough of us at BleepingComputer to go around. I appreciate your understanding and diligence.

Thank you for your patience thus far. I am not sure I can be of much help with the battery issue but we can check to make sure your computer is clean. Please do this for me while I review what you have posted.

===================================================

System Summary Information

--------------------
  • Press the windows key Windows_Logo_key.gif + r on your keyboard at the same time
  • Type msinfo32 and press Enter
  • Left click on System Summary
  • Click File, Save, and name the file Summary
  • Zip and attach the file to your reply
===================================================

Things I would like to see in your next reply. Please be sure to copy and paste any requested log information unless you are asked to attach it. :thumbsup2:
  • System Summary information

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#7 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 37,998 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:08:25 AM

Posted 03 November 2014 - 06:38 PM

Greetings, 

there are squares next to the names of programs in Volume Mixer, and a couple sketchy entries in my FRST log.

Can you take a screen shot of the Volume Mixer and attach it to your reply.  Please identify the FRST entries you have concerns about.
Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#8 Math.

Math.
  • Topic Starter

  • Members
  • 36 posts
  • OFFLINE
  •  
  • Local time:12:25 PM

Posted 03 November 2014 - 08:34 PM

Greetings, 

there are squares next to the names of programs in Volume Mixer, and a couple sketchy entries in my FRST log.

Can you take a screen shot of the Volume Mixer and attach it to your reply.  Please identify the FRST entries you have concerns about.

 

I had concerns about the Quarantine.exe in the log due to you guys removing it in fixlists on other posts on this site and the Alternate Data Streams looked suspicious to me.

 

The System Summary and the screenshot should be attached!

 

I know you don't specialize in this but I was wondering if there was a place to check and see if all my hardware is fine, Windows 8 forum didn't give me any help so I was wondering the official place to get help with that.

 

P.S. My name is Adam, I'm a 12 year old security enthusiast! I love this site because of all the amazing services it provides.

Attached Files


Edited by Math., 03 November 2014 - 08:36 PM.


#9 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 37,998 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:08:25 AM

Posted 03 November 2014 - 09:13 PM

Hi Adam,

Nice to meet you young man!

The first thing we need to do is cut FRST from your Downloads folder and paste it onto your desktop.

Running from C:\Users\mathb_000\Downloads


Please copy and paste the contents of the Addition.txt report in your reply. The file should be on your desktop.

Please do this.

===================================================

Farbar's Recovery Scan Tool - Run Fix in Normal or Safe Mode

--------------------
  • Press the Windows key Windows_Logo_key.gif + r on your keyboard at the same time. Type in notepad and press Enter
  • Please copy and paste the contents of the below code box into the open notepad and save it to your desktop (<<<Important) as fixlist.txt
C:\Users\mathb_000\AppData\Local\Temp\Quarantine.exe
C:\Users\mathb_000\AppData\Local\Temp\Setup.exe
C:\Users\mathb_000\AppData\Local\Temp\SkypeSetup.exe
C:\Users\mathb_000\AppData\Local\Temp\sqlite3.dll
C:\Users\mathb_000\AppData\Local\TempSRLDetectionLibrary4063846617482048774.dll
cmd: ren C:\Windows\System32\FNTCACHE.DAT FNTCACHE.DAT.OLD
Reboot:
  • Launch FRST and press the Fix button just once and wait, the program will automatically launch fixlist.txt.
  • The tool will create a log on the desktop called Fixlog.txt. Please copy and paste the contents of the file in your reply.
  • Your computer will automatically reboot
  • Check your Volume Mixer
===================================================

Things I would like to see in your next reply. Please be sure to copy and paste any requested log information unless you are asked to attach it. :thumbsup2:
  • Addition.txt
  • Fixlog
  • How is the Volume Mixer?

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#10 Math.

Math.
  • Topic Starter

  • Members
  • 36 posts
  • OFFLINE
  •  
  • Local time:12:25 PM

Posted 04 November 2014 - 08:26 PM

Sorry for the (slight) delay, I'm sick with a sore throat / real-life virus that has kept me off the computer most of today.

 

The computer rebooted, and I have FRST64 on my desktop but I don't see a fixlog.txt. Even checked the Desktop folder in Windows Explorer and I didn't see it, but none of the files are present in the Temp folder. The volume mixer is back to normal, though!

 

Addition.txt:

 

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 02-11-2014
Ran by mathb_000 at 2014-11-04 19:54:33
Running from C:\Users\mathb_000\Desktop
Boot Mode: Normal
==========================================================
 
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: avast! Antivirus (Enabled - Up to date) {17AD7D40-BA12-9C46-7131-94903A54AD8B}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: avast! Antivirus (Enabled - Up to date) {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}
 
==================== Installed Programs ======================
 
(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
3DMark 11 (HKLM-x32\...\{46EDCFA5-7EDB-46A9-B093-1C6237470CEC}) (Version: 1.0.3 - Futuremark Corporation)
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 15.0.0.293 - Adobe Systems Incorporated)
Adobe Flash Player 15 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 15.0.0.152 - Adobe Systems Incorporated)
Adobe Reader X (10.1.3) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AA1000000001}) (Version: 10.1.3 - Adobe Systems Incorporated)
Adobe Shockwave Player 11.6 (HKLM-x32\...\Adobe Shockwave Player) (Version: 11.6.8.638 - Adobe Systems, Inc.)
Algebra 2 Teaching Textbook (HKLM-x32\...\Algebra 2 Teaching Textbook) (Version:  - Teaching Textbooks Inc.)
Amazon Cloud Player (HKCU\...\Amazon Amazon Cloud Player) (Version: 1.5.0.341 - Amazon Services LLC)
Amazon Games & Software Downloader (HKLM-x32\...\Amazon Games & Software Downloader_is1) (Version: 2.0.2.0 - Amazon)
Amazon MP3 Downloader 1.0.17 (HKLM-x32\...\Amazon MP3 Downloader) (Version: 1.0.17 - Amazon Services LLC)
Amazon Music Importer (HKLM-x32\...\com.amazon.music.uploader) (Version: 3.0.0 - Amazon Services LLC)
Amazon Music Importer (x32 Version: 3.0.0 - Amazon Services LLC) Hidden
AMD Catalyst Install Manager (HKLM\...\{F436A08B-63BB-72A2-17C0-6D8E5182CA49}) (Version: 8.0.903.0 - Advanced Micro Devices, Inc.)
AMD OverDrive Beta (HKLM-x32\...\{69438B37-FC57-40E1-BB40-C4C64AC98305}) (Version: 4.2.3.0625 - Advanced Micro Devices, Inc.)
AMD Quick Stream (HKLM\...\{E9EED4AE-682B-4501-9574-D09A21717599}_is1) (Version: 3.3.26.0 - AppEx Networks)
Apple Application Support (HKLM-x32\...\{83CAF0DE-8D3B-4C37-A631-2B8F16EC3031}) (Version: 3.1 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{BDD99690-3541-4619-9D2A-3CDDB3E15F9E}) (Version: 8.0.5.6 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
ASIO4ALL (HKLM-x32\...\ASIO4ALL) (Version: 2.11 Beta2 - Michael Tippach)
Audacity 2.0.3 (HKLM-x32\...\Audacity_is1) (Version: 2.0.3 - Audacity Team)
Audible Download Manager (HKLM-x32\...\AudibleDownloadManager) (Version: 6.6.0.15 - Audible, Inc.)
avast! Free Antivirus (HKLM-x32\...\Avast) (Version: 9.0.2021 - AVAST Software)
Banished (HKLM-x32\...\Steam App 242920) (Version:  - Shining Rock Software LLC)
BattleBlock Theater (HKLM-x32\...\Steam App 238460) (Version:  - The Behemoth)
Battlelog Web Plugins (HKLM-x32\...\Battlelog Web Plugins) (Version: 2.1.3 - EA Digital Illusions CE AB)
BBC Radio Scrobbler (HKCU\...\54f9a171e37203f2) (Version: 0.0.7.0 - Dariusz Woźniak)
Bestseller (Demo) (HKLM-x32\...\Bestseller (Demo)) (Version: 1.0 - Myrtilus Entertainment)
Big Fish: Game Manager (HKLM-x32\...\BFGC) (Version: 3.3.0.2 - )
BlueStacks App Player (HKLM-x32\...\BlueStacks App Player) (Version: 0.7.8.829 - BlueStack Systems, Inc.)
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
Capsule (HKLM-x32\...\Capsule) (Version: 1.0.000 - Green Man Gaming Limited)
Carbonite (HKLM-x32\...\Carbonite Backup) (Version: 5.5.5 build 4151  (Jun-27-2014) - Carbonite)
Castle Crashers (HKLM-x32\...\Steam App 204360) (Version:  - The Behemoth)
CCleaner (HKLM\...\CCleaner) (Version: 3.25 - Piriform)
Chunky (HKLM-x32\...\Chunky) (Version:  - )
Cinema Tycoon 2: Movie Mania (HKLM-x32\...\BFG-Cinema Tycoon 2 - Movie Mania) (Version:  - )
Cisco Connect (HKLM-x32\...\Cisco Connect) (Version: 1.4.11299.0 - Cisco Consumer Products LLC)
Cisco WebEx Meetings (HKCU\...\ActiveTouchMeetingClient) (Version:  - Cisco WebEx LLC)
Cities in Motion 2 (HKLM-x32\...\Steam App 225420) (Version:  - Colossal Order Ltd.)
Cities XL 2011 (HKLM-x32\...\Steam App 58510) (Version:  - Monte Cristo)
Citrix Online Launcher (HKLM-x32\...\{3E7E6F1E-7376-475A-8BC9-E3126B20CF5F}) (Version: 1.0.198 - Citrix)
Cook, Serve, Delicious! (HKLM-x32\...\Steam App 247020) (Version:  - Vertigo Gaming)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
Defraggler (HKLM\...\Defraggler) (Version: 2.18 - Piriform)
Democracy 3 (HKLM-x32\...\Steam App 245470) (Version:  - Positech Games)
DesignCAD 3D Max 22 (HKLM-x32\...\{D9971B6C-3CB7-4D58-8BCC-BA8AEF5911FB}) (Version: 22.0.0 - IMSIDesign)
DiskAid 5.46 (HKLM-x32\...\DiskAid_is1) (Version: 5.46 - DigiDNA)
DLC Quest (HKLM-x32\...\Steam App 230050) (Version:  - Going Loud Studios)
Don't Starve (HKLM-x32\...\Steam App 219740) (Version:  - )
Dota 2 (HKLM-x32\...\Steam App 570) (Version:  - Valve)
Dropbox (HKCU\...\Dropbox) (Version: 2.8.3 - Dropbox, Inc.)
DVD Decrypter (Remove Only) (HKLM-x32\...\DVD Decrypter) (Version:  - )
ESET Online Scanner v3 (HKLM-x32\...\ESET Online Scanner) (Version:  - )
ESN Sonar (HKLM-x32\...\ESN Sonar-0.70.4) (Version: 0.70.4 - ESN Social Software AB)
Euro Truck Simulator 2 (HKLM-x32\...\Steam App 227300) (Version:  - )
Evernote v. 4.6.6 (HKLM-x32\...\{6146B9DC-C33D-11E2-BDE1-984BE15F174E}) (Version: 4.6.6.8360 - Evernote Corp.)
f.lux (HKCU\...\Flux) (Version:  - )
FFmpeg v0.6.2 for Audacity (HKLM-x32\...\FFmpeg for Audacity_is1) (Version:  - )
FileZilla Client 3.7.4.1 (HKLM-x32\...\FileZilla Client) (Version: 3.7.4.1 - Tim Kosse)
Firebird 2.5.2.26540 (Win32) (HKLM-x32\...\FBDBServer_2_5_is1) (Version: 2.5.2.26540 - Firebird Project)
Firebird SQL Server - MAGIX Edition (HKLM-x32\...\{34EB6245-C8D0-4D8A-B8D8-EEBFF7A91485}) (Version: 2.1.27.0 - MAGIX AG)
FL Studio 10 (HKLM-x32\...\FL Studio 10) (Version:  - Image-Line)
FL Studio 11 (HKLM-x32\...\FL Studio 11) (Version:  - Image-Line)
FlowStone FL 3.0 (HKLM-x32\...\FlowStone) (Version:  - )
Football Manager 2013 (HKLM-x32\...\Steam App 207890) (Version:  - Sports Interactive)
Fraps (remove only) (HKLM-x32\...\Fraps) (Version:  - )
Futuremark SystemInfo (HKLM-x32\...\{BEE64C14-BEF1-4610-8A68-A16EAA47B882}) (Version: 4.6.0 - Futuremark Corporation)
Game Dev Tycoon (HKLM-x32\...\Steam App 239820) (Version:  - Greenheart Games)
GameFly (HKLM-x32\...\GameFly) (Version: 1.2.378 - GameFly, Inc.)
GameFly Download Manager (HKCU\...\7998bdbe8c95db7f) (Version: 1.0.0.96 - GameFly)
Garry's Mod (HKLM-x32\...\Steam App 4000) (Version:  - Garry)
GIMP 2.8.2 (HKLM\...\GIMP-2_is1) (Version: 2.8.2 - The GIMP Team)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 38.0.2125.111 - Google Inc.)
Google Drive (HKLM-x32\...\{C6640705-7479-4EE5-BC86-879F05F65E74}) (Version: 1.17.7290.4094 - Google, Inc.)
Google Earth (HKLM-x32\...\{4D2A6330-2F8B-11E3-9C40-B8AC6F97B88E}) (Version: 7.1.2.2041 - Google)
Google Talk Plugin (HKLM-x32\...\{95763F66-297E-30CE-9728-6D0F20BF97F5}) (Version: 5.38.5.0 - Google)
Google Update Helper (x32 Version: 1.3.25.5 - Google Inc.) Hidden
GoToMeeting 6.4.5.1865 (HKCU\...\GoToMeeting) (Version: 6.4.5.1865 - CitrixOnline)
HandBrake 0.9.8 (HKLM-x32\...\HandBrake) (Version: 0.9.8 - )
herdProtect Anti-Malware Scanner (HKLM-x32\...\herdProtectScan) (Version: 1.0 - Reason Company Software Inc.)
HitmanPro 3.7 (HKLM\...\HitmanPro37) (Version: 3.7.9.225 - SurfRight B.V.)
Hotline Miami (HKLM-x32\...\Steam App 219150) (Version:  - )
Hulu Desktop (HKCU\...\HuluDesktop) (Version: 0.9.14 - Hulu LLC)
Icecast 2.3.2 (HKLM-x32\...\Icecast2 Win32_is1) (Version:  - )
IconPackager (HKLM-x32\...\IconPackager) (Version: 5.10 - Stardock Corporation)
IL Download Manager (HKLM-x32\...\IL Download Manager) (Version:  - Image-Line)
IL Shared Libraries (HKLM-x32\...\IL Shared Libraries) (Version:  - Image-Line)
Instagiffer version 1.33 (HKLM-x32\...\{13DEF8F8-5280-4555-95A4-E815C3F9540F}_is1) (Version: 1.33 - Justin Todd)
iTunes (HKLM\...\{2ABBBD91-91E5-4AD7-929A-FE15D1DC0576}) (Version: 12.0.1.26 - Apple Inc.)
Java 7 Update 60 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F03217060FF}) (Version: 7.0.600 - Oracle)
Just Cause 2 (HKLM-x32\...\Steam App 8190) (Version:  - Avalanche Studios)
Kerbal Space Program (HKLM-x32\...\Steam App 220200) (Version:  - Squad)
Kingsoft Writer  (8.1.0.3030) (HKLM-x32\...\Kingsoft Writer) (Version: 8.1.0.3030 - Kingsoft Corp.)
LAME v3.99.3 (for Windows) (HKLM-x32\...\LAME_is1) (Version:  - )
Last.fm Scrobbler 2.1.35 (HKLM-x32\...\LastFM_is1) (Version:  - Last.fm)
LibreOffice 3.6 (HKLM-x32\...\{7FDEBC17-F2F8-4B66-BE25-A2DD59B44F61}) (Version: 3.6.5.2 - The Document Foundation)
MAGIX Goya burnR (MSI) (HKLM-x32\...\{71F51705-0AC8-46B8-B016-C0848D9A54AD}) (Version: 4.3.1.6 - MAGIX AG)
MAGIX Music Maker MX Download Version (HKLM-x32\...\MAGIX_MSI_mm18) (Version: 18.0.0.42 - MAGIX AG)
MAGIX Music Maker MX Download Version (Instrument package 1) (HKLM-x32\...\{0F51C8ED-F63F-4411-A39E-103C019D118B}) (Version: 1.0.0.0 - MAGIX AG)
MAGIX Music Maker MX Download Version (Instrument package 2) (HKLM-x32\...\{B1670D58-7C99-4A86-8030-5D0514802911}) (Version: 1.0.0.0 - MAGIX AG)
MAGIX Music Maker MX Download Version (Sound package) (HKLM-x32\...\{3C94E6A5-0E14-42C6-9AE4-3CE601D07A9F}) (Version: 1.0.0.0 - MAGIX AG)
MAGIX Music Maker MX Download Version (Synthesizer and effects) (HKLM-x32\...\{641E2955-559D-4C91-AF9A-CAB94F890AE4}) (Version: 1.0.0.0 - MAGIX AG)
MAGIX Music Maker MX Download Version (x32 Version: 18.0.0.42 - MAGIX AG) Hidden
MAGIX Screenshare (HKLM-x32\...\{F5E68EFB-F916-4A37-9F13-628F42C1B683}) (Version: 4.3.6.1987 - MAGIX AG)
Malwarebytes Anti-Malware version 2.0.2.1012 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.2.1012 - Malwarebytes Corporation)
Microsoft Office (HKLM-x32\...\{95140000-0070-0000-0000-0000000FF1CE}) (Version: 14.0.6120.5004 - Microsoft Corporation)
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM-x32\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version:  - Microsoft)
Microsoft Office 365 Home Premium Preview - en-us (HKLM\...\Microsoft Office Professional 15 (Technical Preview) - en-us) (Version: 15.0.4128.1025 - Microsoft Corporation)
Microsoft Office File Validation Add-In (HKLM-x32\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
Microsoft Office Home and Student 2007 (HKLM-x32\...\HOMESTUDENTR) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft SkyDrive (HKCU\...\SkyDriveSetup.exe) (Version: 17.0.2015.0811 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{A49F249F-0C91-497F-86DF-B2585E8E76B7}) (Version: 8.0.50727.42 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6E8E85E8-CE4B-4FF5-91F7-04999C9FAE6A}) (Version: 8.0.50727.42 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022 (HKLM\...\{350AA351-21FA-3270-8B7A-835434E766AD}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.51106 (HKLM-x32\...\{6e8f74e0-43bd-4dce-8477-6ff6828acc07}) (Version: 11.0.51106.1 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005 (HKLM-x32\...\{ce085a78-074e-4823-8dc1-8a721b94b76d}) (Version: 12.0.21005.1 - Microsoft Corporation)
Microsoft WSE 3.0 Runtime (HKLM-x32\...\{E3E71D07-CD27-46CB-8448-16D4FB29AA13}) (Version: 3.0.5305.0 - Microsoft Corp.)
Microsoft XNA Framework Redistributable 4.0 Refresh (HKLM-x32\...\{D69C8EDE-BBC5-436B-8E0E-C5A6D311CF4F}) (Version: 4.0.30901.0 - Microsoft Corporation)
Mirror's Edge (HKLM-x32\...\Steam App 17410) (Version:  - DICE)
Movie Maker (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Mozilla Firefox 33.0 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 33.0 (x86 en-US)) (Version: 33.0 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 33.0 - Mozilla)
MSI to redistribute MS VS2005 CRT libraries (HKLM-x32\...\{A8D93648-9F7F-407D-915C-62044644C3DA}) (Version: 8.0.50727.42 - The Firebird Project)
MSVCRT110_amd64 (Version: 16.4.1109.0912 - Microsoft) Hidden
MSXML 4.0 SP3 Parser (HKLM-x32\...\{196467F1-C11F-4F76-858B-5812ADC83B94}) (Version: 4.30.2100.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (KB2758694) (HKLM-x32\...\{1D95BA90-F4F8-47EC-A882-441C99D30C1E}) (Version: 4.30.2117.0 - Microsoft Corporation)
Mumble 1.2.7 (HKLM-x32\...\{CF8BBFA2-5502-4904-A9E9-8D5CAA8DF785}) (Version: 1.2.7 - Thorvald Natvig)
Music Wars Rebirth (HKLM-x32\...\{961FEB7B-FEF5-4F18-BB93-04B9F411E13E}) (Version: 1.0.0 - Wolverine Studios)
Music Wars Rebirth (HKLM-x32\...\{E68D186D-6B7B-4AD6-A56F-4C84763349F1}) (Version: 1.05 - Wolverine Studios)
Music Wars Rebirth 2 (HKLM-x32\...\{F4FD334A-98DA-4673-BFCB-CB4A3A456D16}) (Version: 1.0.0 - Wolverine Studios)
Need For Speed™ World (HKLM-x32\...\{7B2CC3DF-64FA-44AE-8F57-B0F915147E4F}_is1) (Version: 1.0.0.1229 - Electronic Arts)
Norton Security Dashboard (HKLM-x32\...\NortonSD) (Version: 1.1.1.9 - Symantec Corporation)
Notepad++ (HKLM-x32\...\Notepad++) (Version: 6.4.2 - Notepad++ Team)
Notification Center (HKLM-x32\...\{FDAD2767-11CA-4D38-9CC4-48770CE3CC7B}) (Version: 0.7.8.829 - BlueStack Systems, Inc.)
NVIDIA PhysX v8.10.17 (HKLM-x32\...\{E4D15328-8C89-484B-B9AA-F5BE9EA6D01C}) (Version: 8.10.17 - NVIDIA Corporation)
Office 15 Click-to-Run Extensibility Component (x32 Version: 15.0.4128.1025 - Microsoft Corporation) Hidden
Office 15 Click-to-Run Licensing Component (Version: 15.0.4128.1022 - Microsoft Corporation) Hidden
Open Broadcaster Software (HKLM-x32\...\Open Broadcaster Software) (Version:  - )
OpenAL (HKLM-x32\...\OpenAL) (Version:  - )
OpenOffice.org 3.4.1 (HKLM-x32\...\{9F1F2AEA-C72A-4DD6-991E-C5506A5625E4}) (Version: 3.41.9593 - Apache Software Foundation)
OpenTTD 1.3.2 (HKLM-x32\...\OpenTTD) (Version: 1.3.2 - OpenTTD)
Orcs Must Die! 2 (HKLM-x32\...\Steam App 201790) (Version:  - )
Origin (HKLM-x32\...\Origin) (Version: 9.1.10.2728 - Electronic Arts, Inc.)
Outerra - Anteworld - Outerra Anteworld Demo (HKLM-x32\...\Outerra Anteworld) (Version: "0.7.16-3782" - "Outerra")
Papers, Please (HKLM-x32\...\Steam App 239030) (Version:  - 3909)
PerformanceTest v8.0 (HKLM\...\PerformanceTest 8_is1) (Version: 8.0.1010.0 - Passmark Software)
Photo Common (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Photo Gallery (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Picasa 3 (HKLM-x32\...\Picasa 3) (Version: 3.9 - Google, Inc.)
Plants vs. Zombies™ (HKLM-x32\...\{5E6536C2-E79A-49CF-83EA-817AD81F9FC8}) (Version: 1.2.0.1093 - Electronic Arts, Inc.)
PlayReady PC Runtime amd64 (HKLM\...\{BCA9334F-B6C9-4F65-9A73-AC5A329A4D04}) (Version: 1.3.0 - Microsoft Corporation)
Portal 2 (HKLM-x32\...\Steam App 620) (Version:  - Valve)
Premium Sound HD (HKLM\...\{94F03B8E-CB73-4653-AFE9-79112C01FED2}) (Version: 1.12.4600 - SRS Labs, Inc.)
Prison Architect (HKLM-x32\...\Steam App 233450) (Version:  - Introversion Software)
PunkBuster Services (HKLM-x32\...\PunkBusterSvc) (Version: 0.991 - Even Balance, Inc.)
QuickTime (HKLM-x32\...\{AF0CE7C0-A3E4-4D73-988B-B29187EC6E9A}) (Version: 7.73.80.64 - Apple Inc.)
Rainmeter (HKLM-x32\...\Rainmeter) (Version: 2.5 beta r1767 - )
Real Lives 2004 (HKLM-x32\...\Real Lives 2004) (Version: 2005.1 - Educational Simulations)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 8.3.730.2012 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6687 - Realtek Semiconductor Corp.)
Realtek USB 2.0 Card Reader (HKLM-x32\...\{96AE7E41-E34E-47D0-AC07-1091A8127911}) (Version: 6.1.8400.30136 - Realtek Semiconductor Corp.)
Realtek WLAN Driver (HKLM-x32\...\{9D3D8C60-A55F-4fed-B2B9-173001290E16}) (Version: 2.00.0020 - REALTEK Semiconductor Corp.)
Revo Uninstaller 1.95 (HKLM-x32\...\Revo Uninstaller) (Version: 1.95 - VS Revo Group)
RollerCoaster Tycoon 2 Triple Thrill Pack (HKLM-x32\...\{4C5D15D2-5351-4F05-A96E-56C20554F977}) (Version: 1.00.000 - )
RollerCoaster Tycoon 3 Platinum (HKLM-x32\...\{907B4640-266B-4A21-92FB-CD1A86CD0F63}) (Version: 1.00.000 - Atari)
S3S Browser (HKCU\...\2f63f5a1b4d80a1e) (Version: 0.9.3.9 - Crin&Hubby)
SAM Broadcaster 2013 (HKLM-x32\...\SAM3) (Version: 2013 - Spacial Audio Solutions, LLC)
Sandboxie 4.12 (64-bit) (HKLM\...\Sandboxie) (Version: 4.12 - Sandboxie Holdings, LLC)
Scribblenauts Unlimited (HKLM-x32\...\Steam App 218680) (Version:  - )
Should I Remove It (HKCU\...\Should I Remove It 1.0.4) (Version: 1.0.4 - Reason Software Company Inc.)
Should I Remove It (x32 Version: 1.0.4 - Reason Software Company Inc.) Hidden
Sid Meier's Civilization V (HKLM-x32\...\Steam App 8930) (Version:  - 2K Games, Inc.)
SimCity 4 Deluxe (HKLM-x32\...\{A7A34FC9-DF24-4A36-00AD-D4EFE94CC116}) (Version:  - )
SimCity™ (HKLM-x32\...\{F70FDE4B-8F86-4eb6-8C8E-636EC89F6419}) (Version: 4.0.86.0859 - Electronic Arts)
SimCity™ Closed Beta (HKLM-x32\...\{CB6284F3-308A-4c0b-B2CF-401F78AA8881}) (Version: 1.0.0.0 - Electronic Arts)
Simraceway 28.81 (HKLM-x32\...\Simraceway) (Version: 28.81 - Simraceway)
Sims 3 UIC (HKLM-x32\...\{5726F077-5643-4B62-8E50-C40BC97275F1}) (Version: 2.0 - Zindas Golden Sims)
SketchUp 8 (HKLM-x32\...\{8EB62C87-AAA6-4850-A5BC-64155884B973}) (Version: 3.0.16846 - Trimble Navigation Limited)
Ski Resort Extreme (HKLM-x32\...\{92880CC4-55BD-4C01-B172-F12B3B213F74}) (Version: 1.00.0000 - Cat Daddy Games)
Skype™ 6.18 (HKLM-x32\...\{7A3C7E05-EE37-47D6-99E1-2EB05A3DA3F7}) (Version: 6.18.105 - Skype Technologies S.A.)
Spotify (HKCU\...\Spotify) (Version: 0.9.14.13.gba5645ad - Spotify AB)
Steam (HKLM-x32\...\{048298C9-A4D3-490B-9FF9-AB023A9238F3}) (Version: 1.0.0.0 - Valve Corporation)
Super Meat Boy (HKLM-x32\...\Steam App 40800) (Version:  - )
swMSM (x32 Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 16.2.10.3 - Synaptics Incorporated)
Synekism 0.5.1.63 (HKLM-x32\...\Synekism) (Version: 0.5.1.63 - Idimoris)
System Requirements Lab CYRI (HKLM-x32\...\{19B0831B-0C18-4103-86E4-90FCD04CD3B9}) (Version: 6.0.12.5 - Husdawg, LLC)
Team Fortress 2 (HKLM-x32\...\Steam App 440) (Version:  - Valve)
TechPowerUp GPU-Z (HKLM-x32\...\TechPowerUp GPU-Z) (Version:  - TechPowerUp)
Terraria (HKLM-x32\...\Steam App 105600) (Version:  - )
Text-To-Speech-Runtime (HKLM-x32\...\{7B3F0113-E63C-4D6D-AF19-111A3165CCA2}) (Version: 1.0.0.0 - Magix Development GmbH)
The Binding of Isaac (HKLM-x32\...\Steam App 113200) (Version:  - )
The Binding of Isaac: Rebirth (HKLM-x32\...\Steam App 250900) (Version:  - Nicalis, Inc.)
The Road 2 Success Game version 1.1.0.8 (HKLM-x32\...\{B2D85E81-695B-4A25-86CC-591947F11AB3}_is1) (Version: 1.1.0.8 - The Road to Success Games)
The Sims 2: Ultimate Collection (HKLM-x32\...\{04450C18-F039-4B81-A621-70C3B0F523D5}) (Version: 1.0.0.0 - Electronic Arts)
The Sims™ Medieval (HKLM-x32\...\{D3F66B94-DF84-4686-832E-D5761B478BF0}) (Version: 2.0.113.00107 - Electronic Arts)
The Sims™ 3 (HKLM-x32\...\{C05D8CDB-417D-4335-A38C-A0659EDFD6B8}) (Version: 1.63.5 - Electronic Arts)
The Sims™ 3 70s, 80s, & 90s Stuff (HKLM-x32\...\{E1868CAE-E3B9-4099-8C18-AA8944D336FD}) (Version: 17.0.77 - Electronic Arts)
The Sims™ 3 Ambitions (HKLM-x32\...\{910F4A29-1134-49E0-AD8B-56E4A3152BD1}) (Version: 4.0.87 - Electronic Arts)
The Sims™ 3 Create a Pattern Tool (HKLM-x32\...\{44EAFE3D-09A9-4478-A2BF-0EED22F4E49F}) (Version: 1.0.0 - Electronic Arts)
The Sims™ 3 Create a World Tool - Beta (HKLM-x32\...\{65761BAE-11E8-48FE-B30F-1F01011AB906}) (Version: 1.18.8 - Electronic Arts)
The Sims™ 3 Diesel Stuff (HKLM-x32\...\{1C9B6173-6DC9-4EEE-9EFC-6BA115CFBE43}) (Version: 14.0.48 - Electronic Arts)
The Sims™ 3 Generations (HKLM-x32\...\{E6B88BD6-E4B2-4701-A648-B6DAC6E491CC}) (Version: 8.0.152 - Electronic Arts)
The Sims™ 3 High-End Loft Stuff (HKLM-x32\...\{71828142-5A24-4BD0-97E7-976DA08CE6CF}) (Version: 3.0.38 - Electronic Arts)
The Sims™ 3 Into the Future (HKLM-x32\...\{A0BBD6C7-B546-4048-B33A-F21F5C9F5B09}) (Version: 21.0.150 - Electronic Arts)
The Sims™ 3 Island Paradise (HKLM-x32\...\{DB21639E-FE55-432C-BCA2-0C5249E3F79E}) (Version: 19.0.101 - Electronic Arts)
The Sims™ 3 Late Night (HKLM-x32\...\{45057FCE-5784-48BE-8176-D9D00AF56C3C}) (Version: 6.0.81 - Electronic Arts)
The Sims™ 3 Master Suite Stuff (HKLM-x32\...\{08A25478-C5DD-4EA7-B168-3D687CA987FF}) (Version: 11.0.84 - Electronic Arts)
The Sims™ 3 Pets (HKLM-x32\...\{C12631C6-804D-4B32-B0DD-8A496462F106}) (Version: 10.0.96 - Electronic Arts)
The Sims™ 3 Seasons (HKLM-x32\...\{3DE92282-CB49-434F-81BF-94E5B380E889}) (Version: 16.0.136 - Electronic Arts)
The Sims™ 3 Showtime (HKLM-x32\...\{3BBFD444-5FAB-49F6-98B1-A1954E831399}) (Version: 12.0.273 - Electronic Arts)
The Sims™ 3 Supernatural (HKLM-x32\...\{B37DAFA5-717D-41F8-BDFB-3A4B68C0B3A1}) (Version: 15.0.135 - Electronic Arts)
The Sims™ 3 Town Life Stuff (HKLM-x32\...\{7B11296A-F894-449C-8DF6-6AAAA7D4D118}) (Version: 9.0.73 - Electronic Arts)
The Sims™ 3 University Life (HKLM-x32\...\{F26DE8EF-F2CF-40DC-8CDA-CC0D82D11B36}) (Version: 18.0.126 - Electronic Arts)
The Sims™ 3 World Adventures (HKLM-x32\...\{BA26FFA5-6D47-47DB-BE56-34C357B5F8CC}) (Version: 2.0.86 - Electronic Arts)
The Sims™ 4 (HKLM-x32\...\{48EBEBBF-B9F8-4520-A3CF-89A730721917}) (Version: 1.2.16.10 - Electronic Arts Inc.)
The Sims™ 4 Create A Sim Demo (HKLM-x32\...\{6908ED99-F02B-4E99-A202-3FAC99C510ED}) (Version: 1.0.237.100 - Electronic Arts Inc.)
Toki Tori (HKLM-x32\...\Steam App 38700) (Version:  - Two Tribes)
TOSHIBA Application Installer (HKLM-x32\...\{970472D0-F5F9-4158-A6E3-1AE49EFEF2D3}) (Version: 9.0.1.4 - TOSHIBA)
Toshiba Book Place (HKLM-x32\...\{24B45620-22B6-4E4A-B836-FF30A0B0404E}) (Version: 3.1.9534 - K-NFB Reading Technology, Inc.)
TOSHIBA Desktop Assist (HKLM\...\{95CCACF0-010D-45F0-82BF-858643D8BC02}) (Version: 1.00.0007.00002 - Toshiba Corporation)
TOSHIBA eco Utility (HKLM\...\{5944B9D4-3C2A-48DE-931E-26B31714A2F7}) (Version: 2.0.0.6414 - Toshiba Corporation)
TOSHIBA Function Key (HKLM\...\{16562A90-71BC-41A0-B890-D91B0C267120}) (Version: 1.00.6425 - Toshiba Corporation)
Toshiba Password Utility (HKLM-x32\...\InstallShield_{6D35FF17-A8B3-43D3-917E-5A1F2C3FB628}) (Version: 2.00.800 - Toshiba Corporation)
TOSHIBA PC Health Monitor (HKLM\...\{9DECD0F9-D3E8-48B0-A390-1CF09F54E3A4}) (Version: 1.8.17.640104 - Toshiba Corporation)
TOSHIBA Recovery Media Creator (HKLM-x32\...\{B65BBB06-1F8E-48F5-8A54-B024A9E15FDF}) (Version: 2.2.0.54043005 - Toshiba Corporation)
TOSHIBA Resolution+ Plug-in for Windows Media Player (HKLM-x32\...\{6CB76C9D-80C2-4CB3-A4CD-D96B239E3F94}) (Version: 1.2.1.00 - TOSHIBA Corporation)
TOSHIBA Service Station (HKLM\...\{B8C8422F-01F1-4791-B084-047AAFF9BFCC}) (Version: 2.4.4 - TOSHIBA)
TOSHIBA System Driver (HKLM-x32\...\{1E6A96A1-2BAB-43EF-8087-30437593C66C}) (Version: 1.00.0012 - Toshiba Corporation)
TOSHIBA System Settings (HKLM-x32\...\{05A55927-DB9B-4E26-BA44-828EBFF829F0}) (Version: 1.00.0001.32002 - Toshiba Corporation)
TOSHIBA User's Guide (HKLM-x32\...\{3384E1D9-3F18-4A98-8655-180FEF0DFC02}) (Version: 1.00.02 - TOSHIBA)
TOSHIBA VIDEO PLAYER (HKLM\...\{FF07604E-C860-40E9-A230-E37FA41F103A}) (Version: 5.1.0.12-A - Toshiba Corporation)
Total Pro Golf 3 1.1 (HKLM-x32\...\{73E46DE3-0DF1-438C-8941-7E475DE6BE97}_is1) (Version:  - Wolverine Studios)
TrackMania Nations Forever (HKLM-x32\...\Steam App 11020) (Version:  - Nadeo)
TreeSize Free V3.0.1 (HKLM-x32\...\TreeSize Free_is1) (Version: 3.0.1 - JAM Software)
TunnelBear (HKLM-x32\...\{999ba698-39f4-4489-9872-487f763703ee}) (Version: 2.2.23.0 - TunnelBear)
TunnelBear (x32 Version: 2.2.23.0 - TunnelBear) Hidden
Turbo Dismount (HKLM-x32\...\Steam App 263760) (Version:  - Secret Exit Ltd.)
Unchecky v0.3.3 (HKLM-x32\...\Unchecky) (Version: 0.3.3 - RaMMicHaeL)
Unity Web Player (HKCU\...\UnityWebPlayer) (Version:  - Unity Technologies ApS)
Universe Sandbox (HKLM-x32\...\Steam App 72200) (Version:  - Giant Army)
Unlocker 1.9.2 (HKLM\...\Unlocker) (Version: 1.9.2 - Cedrick Collomb)
Unturned (HKLM-x32\...\Steam App 304930) (Version:  - Nelson Sexton)
Update for 2007 Microsoft Office System (KB967642) (HKLM-x32\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version:  - Microsoft)
VLC media player 2.0.5 (HKLM-x32\...\VLC media player) (Version: 2.0.5 - VideoLAN)
War Thunder (HKLM-x32\...\Steam App 236390) (Version:  - Gaijin Entertainment)
Winamp (HKLM-x32\...\Winamp) (Version: 5.63  - Nullsoft, Inc)
Winamp Detector Plug-in (HKCU\...\Winamp Detect) (Version: 1.0.0.1 - Nullsoft, Inc)
WinDirStat 1.1.2 (HKCU\...\WinDirStat) (Version:  - )
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3505.0912 - Microsoft Corporation)
WinRAR 4.20 (32-bit) (HKLM-x32\...\WinRAR archiver) (Version: 4.20.0 - win.rar GmbH)
WinRAR 4.20 (64-bit) (HKLM\...\WinRAR archiver) (Version: 4.20.0 - win.rar GmbH)
WinSCP 5.5.3 (HKLM-x32\...\winscp3_is1) (Version: 5.5.3 - Martin Prikryl)
WinX DVD Ripper 5.5.14 (HKLM-x32\...\WinX DVD Ripper_is1) (Version:  - Digiarty Software, Inc.)
XBMC (HKCU\...\XBMC) (Version:  - Team XBMC)
XLNation User Interface Mod (HKLM-x32\...\{A6115951-1FCD-499D-88D7-AE413229E4EC}) (Version: 1.79.0 - Altiris)
 
==================== Custom CLSID (selected items): ==========================
 
(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)
 
CustomCLSID: HKU\S-1-5-21-3713096268-3473879634-948429423-1001_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Users\mathb_000\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3713096268-3473879634-948429423-1001_Classes\CLSID\{355EC88A-02E2-4547-9DEE-F87426484BD1}\InprocServer32 -> C:\Users\mathb_000\AppData\Local\Google\Update\1.3.23.9\psuser_64.dll No File
CustomCLSID: HKU\S-1-5-21-3713096268-3473879634-948429423-1001_Classes\CLSID\{84B5A313-CD5D-4904-8BA2-AFDC81C1B309}\InprocServer32 -> C:\Users\mathb_000\AppData\Local\Citrix\GoToMeeting\1350\G2MOutlookAddin64.dll (Citrix Online, a division of Citrix Systems, Inc.)
CustomCLSID: HKU\S-1-5-21-3713096268-3473879634-948429423-1001_Classes\CLSID\{90B3DFBF-AF6A-4EA0-8899-F332194690F8}\InprocServer32 -> C:\Users\mathb_000\AppData\Local\Google\Update\1.3.24.15\psuser_64.dll No File
CustomCLSID: HKU\S-1-5-21-3713096268-3473879634-948429423-1001_Classes\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}\InprocServer32 -> C:\Users\mathb_000\AppData\Local\Microsoft\SkyDrive\17.0.2015.0811\amd64\SkyDriveShell64.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3713096268-3473879634-948429423-1001_Classes\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524}\InprocServer32 -> C:\Users\mathb_000\AppData\Local\Microsoft\SkyDrive\17.0.2015.0811\amd64\SkyDriveShell64.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3713096268-3473879634-948429423-1001_Classes\CLSID\{CB3D0F55-BC2C-4C1A-85ED-23ED75B5106B}\InprocServer32 -> C:\Users\mathb_000\AppData\Local\Microsoft\SkyDrive\17.0.2015.0811\amd64\SkyDriveShell64.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3713096268-3473879634-948429423-1001_Classes\CLSID\{E8CF3E55-F919-49D9-ABC0-948E6CB34B9F}\InprocServer32 -> C:\Users\mathb_000\AppData\Local\Google\Update\1.3.24.15\psuser_64.dll No File
CustomCLSID: HKU\S-1-5-21-3713096268-3473879634-948429423-1001_Classes\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A}\InprocServer32 -> C:\Users\mathb_000\AppData\Local\Microsoft\SkyDrive\17.0.2015.0811\amd64\SkyDriveShell64.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3713096268-3473879634-948429423-1001_Classes\CLSID\{F8071786-1FD0-4A66-81A1-3CBE29274458}\InprocServer32 -> C:\Users\mathb_000\AppData\Local\Microsoft\SkyDrive\17.0.2015.0811\amd64\FileSyncApi64.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3713096268-3473879634-948429423-1001_Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\mathb_000\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3713096268-3473879634-948429423-1001_Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\mathb_000\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3713096268-3473879634-948429423-1001_Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\mathb_000\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3713096268-3473879634-948429423-1001_Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\mathb_000\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3713096268-3473879634-948429423-1001_Classes\CLSID\{FE498BAB-CB4C-4F88-AC3F-3641AAAF5E9E}\InprocServer32 -> C:\Users\mathb_000\AppData\Local\Google\Update\1.3.24.7\psuser_64.dll No File
 
==================== Restore Points  =========================
 
02-11-2014 18:58:47 Scheduled Checkpoint
 
==================== Hosts content: ==========================
 
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 
2014-10-23 09:02 - 2014-10-23 09:02 - 00000833 ____A C:\WINDOWS\system32\Drivers\etc\hosts
 
==================== Scheduled Tasks (whitelisted) =============
 
(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)
 
Task: {05293577-D647-4185-B859-C94839A0B2E3} - System32\Tasks\Microsoft\Windows\SettingSync\NetworkStateChangeTask
Task: {0B545118-B563-42FC-8D07-B78F602FCF34} - System32\Tasks\Microsoft\Windows\WS\WSRefreshBannedAppsListTask => Rundll32.exe WSClient.dll,RefreshBannedAppsList
Task: {2085BF56-520D-4951-B7C0-DF34AF90CC6A} - System32\Tasks\Microsoft\Windows\Sysmain\WsSwapAssessmentTask => Rundll32.exe sysmain.dll,PfSvWsSwapAssessmentTask
Task: {2C9C0C6C-2A74-46F2-858A-4389D253EAD0} - System32\Tasks\Microsoft\Windows\Sysmain\HybridDriveCachePrepopulate
Task: {2CF83E6F-3169-440A-9F37-078296392018} - System32\Tasks\Microsoft\Windows\Shell\FamilySafetyUpload
Task: {30948F8C-6CD4-4011-962F-2EC948AE7FB7} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-3713096268-3473879634-948429423-1001Core => C:\Users\mathb_000\AppData\Local\Google\Update\GoogleUpdate.exe [2012-12-18] (Google Inc.)
Task: {30A98B9C-3858-4828-A78A-A192A8F0B346} - System32\Tasks\avast! Emergency Update => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe [2014-07-27] (AVAST Software)
Task: {34245570-D944-443E-94B4-C7EFC36BCBB1} - System32\Tasks\G2MUpdateTask-S-1-5-21-3713096268-3473879634-948429423-1001 => C:\Users\mathb_000\AppData\Local\Citrix\GoToMeeting\1865\g2mupdate.exe [2014-10-29] (Citrix Online, a division of Citrix Systems, Inc.)
Task: {352E6CA0-7314-4DF4-89C4-682368D80D57} - System32\Tasks\Microsoft\Windows\Workplace Join\Automatic-Workplace-Join => C:\Windows\System32\AutoWorkplace.exe [2013-08-22] (Microsoft Corporation)
Task: {3A4FE2D8-16DF-4025-80F6-6FAFEE26FFA7} - System32\Tasks\Microsoft\Office\Office Automatic Updates => C:\Program Files\Microsoft Office 15\ClientX64\integratedoffice.exe [2012-09-11] (Microsoft Corporation)
Task: {3B6D8A73-F20B-4C93-B8FB-56A154F172D2} - System32\Tasks\Microsoft\Windows\Time Zone\SynchronizeTimeZone => C:\Windows\system32\tzsync.exe [2013-08-22] (Microsoft Corporation)
Task: {3C7B8A9F-84C9-4C6A-9CE6-01C94DE934DD} - System32\Tasks\Synaptics TouchPad Enhancements => \Program Files\Synaptics\SynTP\SynTPEnh.exe [2012-08-14] (Synaptics Incorporated)
Task: {3E584224-C1E8-4C48-B0E7-27458CE411F7} - System32\Tasks\TunnelBear => C:\Program Files (x86)\TunnelBear\TBear.Client.exe [2014-06-18] (TunnelBear)
Task: {49754026-21E1-41FC-94FD-727AFE414FE7} - System32\Tasks\Microsoft\Windows\Sysmain\HybridDriveCacheRebalance
Task: {499B82E6-F119-41C4-9B92-0A5641222AA4} - System32\Tasks\TOSHIBA\Service Station => C:\Program Files\TOSHIBA\Toshiba Service Station\ToshibaServiceStation.exe [2012-07-27] (TOSHIBA Corporation)
Task: {4DA7172B-7F86-418C-B38C-D43B7594C079} - System32\Tasks\Adobe Flash Player Updater => C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-09-09] (Adobe Systems Incorporated)
Task: {562AB13D-9D03-4182-8B71-C3D2580C54AC} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-10-22] (Google Inc.)
Task: {6261F509-97FD-431B-8699-3CB32C4CADDD} - System32\Tasks\{5F6010C8-60E5-41f3-BF5B-C3AF5DBE12D4} => C:\ProgramData\Carbonite\Carbonite Backup\CarboniteUpgrade.exe
Task: {635F2284-B7FC-418E-9DD9-12E5D7F19FD1} - System32\Tasks\Microsoft\Windows\WindowsUpdate\Scheduled Start With Network => Sc.exe start wuauserv
Task: {6AA91E8C-DDBD-4979-8464-4062F7681A19} - System32\Tasks\Microsoft\Windows\Plug and Play\Plug and Play Cleanup
Task: {6CB236BC-73AC-4563-A04F-2B65EF04B63F} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\WINDOWS\system32\MRT.exe [2014-10-19] (Microsoft Corporation)
Task: {6DFCB649-0769-4F83-BB10-F60F235F6D3D} - System32\Tasks\Microsoft\Windows\SkyDrive\Idle Sync Maintenance Task
Task: {73B1B253-CE67-4501-AE1A-377DD1D68B65} - System32\Tasks\Microsoft\Windows\Application Experience\StartupAppTask => Rundll32.exe Startupscan.dll,SusRunTask
Task: {77F1D869-6E65-4079-A2A0-E2023408EF97} - System32\Tasks\Microsoft\Windows\ApplicationData\CleanupTemporaryState => Rundll32.exe Windows.Storage.ApplicationData.dll,CleanupTemporaryState
Task: {798D18A1-8CFB-4F11-BE00-70D575F0B67E} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-10-22] (Google Inc.)
Task: {83FA6424-0D15-4292-916E-45A6BD8D3A34} - System32\Tasks\Norton Anti-Theft\Norton Error Analyzer => C:\Program Files (x86)\Norton Anti-Theft\Engine\1.5.0.38\SymErr.exe
Task: {872D0E53-FD2E-41E3-B431-698AF82882CE} - System32\Tasks\Microsoft\Windows\SkyDrive\Routine Maintenance Task
Task: {8CC813C9-712A-41EF-9512-B233444FC669} - System32\Tasks\Microsoft\Windows\AppxDeploymentClient\Pre-staged app cleanup => Rundll32.exe %windir%\system32\AppxDeploymentClient.dll,AppxPreStageCleanupRunTask
Task: {943D3440-FD16-4727-AF6B-646FC44728F3} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-3713096268-3473879634-948429423-1001UA => C:\Users\mathb_000\AppData\Local\Google\Update\GoogleUpdate.exe [2012-12-18] (Google Inc.)
Task: {9FF4C139-5234-410C-B7FA-23EE2FD2AB53} - System32\Tasks\Microsoft\Windows\Work Folders\Work Folders Maintenance Work
Task: {A1924CAA-A25D-4241-A08F-DB42C741B098} - System32\Tasks\WpsUpdateTask_mathb_000 => C:\Program Files (x86)\Kingsoft\Kingsoft Writer\office6\wpsupdate.exe [2013-06-05] (Kingsoft Corp. Ltd.)
Task: {A281A3B6-A4BB-448F-88B1-017D519BFDD5} - System32\Tasks\Microsoft\Office\Office Subscription Maintenance => C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesCommonx86\Microsoft Shared\OFFICE15\OLicenseHeartbeat.exe [2013-01-01] (Microsoft Corporation)
Task: {A40DDB87-B931-4B3E-8003-1051EFF3493A} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2012-11-23] (Piriform Ltd)
Task: {BF58E14B-1069-43E0-80DD-BB525A2FD9CD} - System32\Tasks\Microsoft\Windows\DiskFootprint\Diagnostics
Task: {CFD7C21A-808B-487B-A6EC-8A10E44E8360} - System32\Tasks\Microsoft\Windows\SettingSync\BackupTask
Task: {D08F1AB1-8F5E-4779-937E-7A750E734C77} - System32\Tasks\Microsoft\Windows\DiskCleanup\SilentCleanup => C:\Windows\system32\cleanmgr.exe [2014-03-18] (Microsoft Corporation)
Task: {D88FEC9E-A82A-46F9-87E2-B6B97B301C1A} - System32\Tasks\Microsoft\Windows\WS\License Validation => Rundll32.exe WSClient.dll,WSpTLR licensing
Task: {DA46820F-FF8A-4B5E-A6B2-B12185DCFFFB} - System32\Tasks\Microsoft\Windows\Work Folders\Work Folders Logon Synchronization
Task: {E2ACF668-4308-4463-9ECA-B3DD4467FB01} - System32\Tasks\Microsoft\Windows\WOF\WIM-Hash-Validation
Task: {E3BDCA69-0278-4D27-AE94-D673C4802877} - System32\Tasks\Microsoft\Windows\WOF\WIM-Hash-Management
Task: {E61C5806-2737-4632-872F-5B2C7F31D072} - System32\Tasks\Norton Anti-Theft\Norton Error Processor => C:\Program Files (x86)\Norton Anti-Theft\Engine\1.5.0.38\SymErr.exe
Task: {E6D378FA-E068-4BCB-80DE-56D43A249507} - System32\Tasks\Microsoft\Windows\RecoveryEnvironment\VerifyWinRE
Task: {F4C1C82C-7593-42BF-B269-8352349B5180} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: C:\WINDOWS\Tasks\Adobe Flash Player Updater.job => C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\WINDOWS\Tasks\G2MUpdateTask-S-1-5-21-3713096268-3473879634-948429423-1001.job => C:\Users\mathb_000\AppData\Local\Citrix\GoToMeeting\1865\g2mupdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-3713096268-3473879634-948429423-1001Core.job => C:\Users\mathb_000\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-3713096268-3473879634-948429423-1001UA.job => C:\Users\mathb_000\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\Synaptics TouchPad Enhancements.job => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
Task: C:\WINDOWS\Tasks\WpsUpdateTask_mathb_000.job => C:\Program Files (x86)\Kingsoft\Kingsoft Writer\office6\wpsupdate.exe
 
==================== Loaded Modules (whitelisted) =============
 
2011-10-13 17:38 - 2011-10-13 17:38 - 00156672 _____ () C:\Program Files (x86)\Toshiba\Password Utility\GFNEXSrv.exe
2012-12-02 03:14 - 2012-12-02 03:14 - 00073728 _____ () C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Container.Wlan.dll
2012-09-20 22:55 - 2012-09-20 22:55 - 00136648 _____ () C:\Program Files (x86)\AMD\OverDrive\AODAssist.exe
2013-01-01 21:22 - 2013-01-01 21:27 - 06307952 _____ () C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\1033\GrooveIntlResource.dll
2010-01-02 09:42 - 2010-01-02 09:42 - 00098304 _____ () C:\Program Files (x86)\FileZilla FTP Client\fzshellext_64.dll
2010-07-14 23:44 - 2010-07-14 23:44 - 00020032 _____ () C:\Program Files\Unlocker\UnlockerCOM.dll
2012-06-18 10:24 - 2012-06-18 10:24 - 00222720 _____ () C:\Program Files (x86)\Notepad++\NppShell_05.dll
2013-04-18 20:09 - 2008-05-24 14:02 - 00417792 _____ () C:\Program Files (x86)\Icecast2 Win32\icecastService.exe
2013-01-01 21:11 - 2012-08-16 22:56 - 00266864 _____ () C:\Program Files\Microsoft Office 15\ClientX64\c2rui.dll
2013-01-01 21:11 - 2012-08-16 22:57 - 00469616 _____ () C:\Program Files\Microsoft Office 15\ClientX64\c2r64.dll
2013-01-01 21:11 - 2012-09-11 18:13 - 00538224 _____ () C:\Program Files\Microsoft Office 15\ClientX64\StreamServer.dll
2012-12-18 11:49 - 2012-12-18 11:49 - 01046016 _____ () C:\Program Files (x86)\SimracewayUpdater\SRWUpdate.exe
2014-10-20 09:27 - 2014-10-20 09:27 - 01459712 _____ () C:\WINDOWS\assembly\NativeImages_v4.0.30319_64\Windows.UI\4bd80968bf666252841ca7792faaff11\Windows.UI.ni.dll
2014-10-20 09:27 - 2014-10-20 09:27 - 00521216 _____ () C:\WINDOWS\assembly\NativeImages_v4.0.30319_64\Windows.Data\fae2b750f87849ca11806d20b2504bf2\Windows.Data.ni.dll
2014-10-20 09:27 - 2014-10-20 09:27 - 00363520 _____ () C:\WINDOWS\assembly\NativeImages_v4.0.30319_64\Windows.Foundation\6382e6f5ad8b7a9db4f5cd4817e70319\Windows.Foundation.ni.dll
2014-06-18 17:19 - 2014-06-18 17:19 - 00026048 _____ () C:\Program Files (x86)\TunnelBear\TBear.Maintenance.exe
2013-09-25 07:38 - 2014-10-08 08:56 - 00613944 _____ () C:\Users\mathb_000\AppData\Roaming\Spotify\Data\SpotifyHelper.exe
2014-07-27 21:05 - 2014-07-27 21:05 - 00301152 _____ () C:\Program Files\AVAST Software\Avast\aswProperty.dll
2014-10-22 16:16 - 2014-10-22 16:16 - 02896896 _____ () C:\Program Files\AVAST Software\Avast\defs\14102201\algo.dll
2014-11-04 17:57 - 2014-11-04 17:57 - 02899456 _____ () C:\Program Files\AVAST Software\Avast\defs\14110401\algo.dll
2012-09-20 22:55 - 2012-09-20 22:55 - 00579016 _____ () C:\Program Files (x86)\AMD\OverDrive\Device.dll
2012-09-20 22:55 - 2012-09-20 22:55 - 03859912 _____ () C:\Program Files (x86)\AMD\OverDrive\Platform.dll
2012-09-20 22:55 - 2012-09-20 22:55 - 01586632 _____ () C:\Program Files (x86)\AMD\OverDrive\QtCore4.dll
2012-09-20 22:55 - 2012-09-20 22:55 - 06440392 _____ () C:\Program Files (x86)\AMD\OverDrive\QtGui4.dll
2012-09-20 22:56 - 2012-09-20 22:56 - 00361928 _____ () C:\Program Files (x86)\AMD\OverDrive\QtXml4.dll
2014-10-11 12:06 - 2014-10-11 12:06 - 00073544 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
2014-10-11 12:05 - 2014-10-11 12:05 - 01044776 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
2013-04-18 20:09 - 2008-02-08 16:00 - 00930816 _____ () C:\Program Files (x86)\Icecast2 Win32\libxml2.dll
2013-04-18 20:09 - 2008-02-08 16:46 - 00161792 _____ () C:\Program Files (x86)\Icecast2 Win32\libxslt.dll
2013-04-18 20:09 - 2004-06-22 07:08 - 00053300 _____ () C:\Program Files (x86)\Icecast2 Win32\pthreadVSE.dll
2013-04-18 20:09 - 2006-02-26 16:46 - 00073728 _____ () C:\Program Files (x86)\Icecast2 Win32\zlib1.dll
2012-12-18 11:48 - 2012-12-18 11:48 - 00252832 _____ () C:\Program Files (x86)\SimracewayUpdater\PATCHW32.dll
2014-07-27 21:05 - 2014-07-27 21:05 - 19329904 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll
2013-04-11 18:05 - 2013-03-06 12:11 - 00757248 _____ () C:\Program Files (x86)\Last.fm\unicorn.dll
2013-04-11 18:05 - 2013-03-06 12:11 - 00126976 _____ () C:\Program Files (x86)\Last.fm\listener.dll
2013-04-11 18:05 - 2013-03-06 12:11 - 00032768 _____ () C:\Program Files (x86)\Last.fm\logger.dll
2013-04-11 18:05 - 2013-03-05 12:25 - 00350720 _____ () C:\Program Files (x86)\Last.fm\lastfm.dll
2013-04-11 18:06 - 2013-01-18 10:39 - 00302592 _____ () C:\Program Files (x86)\Last.fm\phonon.dll
2013-04-11 18:06 - 2013-01-18 10:49 - 00182784 _____ () C:\Program Files (x86)\Last.fm\plugins\phonon_backend\phonon_vlc.dll
2013-04-11 18:06 - 2012-12-12 23:12 - 00111104 _____ () C:\Program Files (x86)\Last.fm\libvlc.dll
2013-04-11 18:06 - 2012-12-12 23:13 - 02286592 _____ () C:\Program Files (x86)\Last.fm\libvlccore.dll
2013-04-11 18:06 - 2012-12-12 23:13 - 00049664 _____ () C:\Program Files (x86)\Last.fm\plugins\audio_output\libaout_directx_plugin.dll
2013-07-10 17:07 - 2013-07-10 17:07 - 00756888 _____ () C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\MSPTLS.DLL
2013-01-01 21:22 - 2013-01-01 21:24 - 06307952 _____ () C:\Program Files\Microsoft Office 15\root\Office15\1033\GrooveIntlResource.dll
2014-07-10 09:18 - 2014-07-10 09:18 - 26094712 _____ () C:\Program Files (x86)\Image-Line\Shared\dsp_ipp.dll
2014-03-30 02:32 - 2014-03-30 02:32 - 00514168 _____ () C:\Program Files (x86)\Image-Line\Shared\QuickFontCache.dll
2012-08-15 05:01 - 2012-08-15 05:01 - 00487032 _____ () C:\Program Files (x86)\Image-Line\Shared\freetype.dll
2011-03-10 11:45 - 2011-03-10 11:45 - 00368248 _____ () C:\Program Files (x86)\Image-Line\Shared\LAMEEnc.dll
2014-03-20 08:23 - 2014-03-20 08:23 - 01526880 _____ () C:\Program Files (x86)\Image-Line\FL Studio 11\Plugins\Fruity\Effects\Fruity Limiter\Fruity Limiter.dll
2014-02-04 20:11 - 2014-09-25 20:13 - 00962560 _____ () C:\Program Files (x86)\Origin\platforms\qwindows.dll
2014-02-04 20:11 - 2014-09-25 20:13 - 00024064 _____ () C:\Program Files (x86)\Origin\imageformats\qgif.dll
2014-02-04 20:11 - 2014-09-25 20:13 - 00025088 _____ () C:\Program Files (x86)\Origin\imageformats\qico.dll
2014-02-04 20:11 - 2014-09-25 20:13 - 00217088 _____ () C:\Program Files (x86)\Origin\imageformats\qjpeg.dll
2014-02-04 20:11 - 2014-09-25 20:13 - 00261632 _____ () C:\Program Files (x86)\Origin\imageformats\qmng.dll
2014-02-04 20:11 - 2014-09-25 20:13 - 00019968 _____ () C:\Program Files (x86)\Origin\imageformats\qtga.dll
2014-02-04 20:11 - 2014-09-25 20:13 - 00302592 _____ () C:\Program Files (x86)\Origin\imageformats\qtiff.dll
2014-02-04 20:11 - 2014-09-25 20:13 - 00018944 _____ () C:\Program Files (x86)\Origin\imageformats\qwbmp.dll
2014-10-11 12:05 - 2014-10-11 12:05 - 00237352 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxslt.dll
2014-02-11 14:29 - 2014-02-11 14:29 - 00093696 _____ () C:\Program Files (x86)\FileZilla FTP Client\fzshellext.dll
2014-10-28 18:59 - 2014-10-21 23:04 - 01042760 _____ () C:\Program Files (x86)\Google\Chrome\Application\38.0.2125.111\libglesv2.dll
2014-10-28 18:58 - 2014-10-21 23:04 - 00211272 _____ () C:\Program Files (x86)\Google\Chrome\Application\38.0.2125.111\libegl.dll
2014-10-28 18:59 - 2014-10-21 23:04 - 08910664 _____ () C:\Program Files (x86)\Google\Chrome\Application\38.0.2125.111\pdf.dll
2014-10-28 18:58 - 2014-10-21 23:04 - 01681224 _____ () C:\Program Files (x86)\Google\Chrome\Application\38.0.2125.111\ffmpegsumo.dll
2014-08-27 15:21 - 2014-08-21 13:15 - 01171456 _____ () C:\Program Files (x86)\Steam\libavcodec-56.dll
2014-08-27 15:21 - 2014-08-21 13:15 - 00332800 _____ () C:\Program Files (x86)\Steam\libavresample-2.dll
2014-08-27 15:21 - 2014-08-21 13:15 - 00442368 _____ () C:\Program Files (x86)\Steam\libavutil-54.dll
2013-03-12 16:10 - 2014-10-01 18:16 - 00774656 _____ () C:\Program Files (x86)\Steam\SDL2.dll
2014-06-04 13:43 - 2014-10-21 14:22 - 02226880 _____ () C:\Program Files (x86)\Steam\video.dll
2014-08-27 15:21 - 2014-08-21 13:15 - 00403968 _____ () C:\Program Files (x86)\Steam\libavformat-56.dll
2014-08-27 15:21 - 2014-08-21 13:15 - 00485888 _____ () C:\Program Files (x86)\Steam\libswscale-3.dll
2012-12-19 17:37 - 2014-10-21 14:22 - 00682176 _____ () C:\Program Files (x86)\Steam\bin\chromehtml.DLL
2012-12-19 17:37 - 2014-09-04 18:29 - 34589376 _____ () C:\Program Files (x86)\Steam\bin\libcef.dll
2014-07-23 15:56 - 2014-09-04 18:29 - 00837824 _____ () C:\Program Files (x86)\Steam\bin\ffmpegsumo.dll
2012-12-28 19:47 - 2014-10-08 08:56 - 36966968 _____ () C:\Users\mathb_000\AppData\Roaming\Spotify\Data\libcef.dll
2014-07-18 07:44 - 2014-10-08 08:56 - 00867896 _____ () C:\Users\mathb_000\AppData\Roaming\Spotify\Data\ffmpegsumo.dll
2013-09-25 07:38 - 2014-10-08 08:56 - 00886840 _____ () C:\Users\mathb_000\AppData\Roaming\Spotify\Data\libglesv2.dll
2013-09-25 07:38 - 2014-10-08 08:56 - 00108600 _____ () C:\Users\mathb_000\AppData\Roaming\Spotify\Data\libegl.dll
 
==================== Alternate Data Streams (whitelisted) =========
 
(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)
 
AlternateDataStreams: C:\ProgramData\TEMP:8D09CB9B
AlternateDataStreams: C:\ProgramData\TEMP:A41FEAA2
AlternateDataStreams: C:\Users\mathb_000\Downloads\Registration approved for Web seminar_ Meet the Greeks 1 - The Land and the History.eml:OECustomProperty
 
==================== Safe Mode (whitelisted) ===================
 
(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
 
 
==================== EXE Association (whitelisted) =============
 
(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)
 
 
==================== MSCONFIG/TASK MANAGER disabled items =========
 
(Currently there is no automatic fix for this section.)
 
HKLM\...\StartupApproved\StartupFolder: => "Audible Download Manager.lnk"
HKLM\...\StartupApproved\Run: => "RtHDVCpl"
HKLM\...\StartupApproved\Run: => "TecoResident"
HKLM\...\StartupApproved\Run: => "TSleepSrv"
HKLM\...\StartupApproved\Run: => "SRS Premium Sound HD"
HKLM\...\StartupApproved\Run: => "TCrdMain"
HKLM\...\StartupApproved\Run: => "TODDMain"
HKLM\...\StartupApproved\Run: => "TosWaitSrv"
HKLM\...\StartupApproved\Run: => "Logitech Download Assistant"
HKLM\...\StartupApproved\Run: => "hola"
HKLM\...\StartupApproved\Run32: => "StartCCC"
HKLM\...\StartupApproved\Run32: => "SunJavaUpdateSched"
HKLM\...\StartupApproved\Run32: => "TPUReg"
HKLM\...\StartupApproved\Run32: => "APSDaemon"
HKLM\...\StartupApproved\Run32: => "AmazonGSDownloaderTray"
HKLM\...\StartupApproved\Run32: => "BlueStacks Agent"
HKLM\...\StartupApproved\Run32: => "QuickTime Task"
HKLM\...\StartupApproved\Run32: => "WinampAgent"
HKLM\...\StartupApproved\Run32: => "Carbonite Backup"
HKCU\...\StartupApproved\StartupFolder: => "Rainmeter.lnk"
HKCU\...\StartupApproved\StartupFolder: => "OpenOffice.org 3.4.1.lnk"
HKCU\...\StartupApproved\StartupFolder: => "EvernoteClipper.lnk"
HKCU\...\StartupApproved\StartupFolder: => "Dropbox.lnk"
HKCU\...\StartupApproved\Run: => "Skype"
HKCU\...\StartupApproved\Run: => "Google Update"
HKCU\...\StartupApproved\Run: => "Steam"
HKCU\...\StartupApproved\Run: => "Spotify"
HKCU\...\StartupApproved\Run: => "EADM"
HKCU\...\StartupApproved\Run: => "Spotify Web Helper"
HKCU\...\StartupApproved\Run: => "Amazon Cloud Player"
HKCU\...\StartupApproved\Run: => "GoogleChromeAutoLaunch_473C14A47C446AAFF9E3FDD3FD4D72D2"
HKCU\...\StartupApproved\Run: => "Octoshape Streaming Services"
HKCU\...\StartupApproved\Run: => "SandboxieControl"
 
========================= Accounts: ==========================
 
Administrator (S-1-5-21-3713096268-3473879634-948429423-500 - Administrator - Disabled)
Guest (S-1-5-21-3713096268-3473879634-948429423-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-3713096268-3473879634-948429423-1105 - Limited - Enabled)
mathb_000 (S-1-5-21-3713096268-3473879634-948429423-1001 - Administrator - Enabled) => C:\Users\mathb_000
 
==================== Faulty Device Manager Devices =============
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (11/04/2014 03:35:33 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 3693453
 
Error: (11/04/2014 03:35:33 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 3693453
 
Error: (11/04/2014 03:35:33 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second
 
Error: (11/04/2014 03:35:31 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Client application bug: DNSServiceResolve(A4F44644C76DB199._appletv-v2._tcp.local.) active for over two minutes. This places considerable burden on the network.
 
Error: (11/04/2014 02:34:05 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 4562
 
Error: (11/04/2014 02:34:05 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 4562
 
Error: (11/04/2014 02:34:05 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second
 
Error: (11/04/2014 02:34:03 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 3093
 
Error: (11/04/2014 02:34:03 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 3093
 
Error: (11/04/2014 02:34:03 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second
 
 
System errors:
=============
Error: (11/04/2014 03:36:04 PM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the FDResPub service.
 
Error: (11/04/2014 01:21:11 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Steam Client Service service failed to start due to the following error: 
%%1053
 
Error: (11/04/2014 01:21:11 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the Steam Client Service service to connect.
 
Error: (11/03/2014 10:42:18 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Steam Client Service service failed to start due to the following error: 
%%1053
 
Error: (11/03/2014 10:42:18 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the Steam Client Service service to connect.
 
Error: (11/03/2014 10:39:15 PM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the BFE service.
 
Error: (11/03/2014 10:38:43 PM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the TimeBroker service.
 
Error: (11/03/2014 10:38:13 PM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the upnphost service.
 
Error: (11/03/2014 10:37:43 PM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the FDResPub service.
 
Error: (11/03/2014 01:20:34 PM) (Source: DCOM) (EventID: 10010) (User: ADAMLAPTOP2)
Description: {1B1F472E-3221-4826-97DB-2C2324D389AE}
 
 
Microsoft Office Sessions:
=========================
 
CodeIntegrity Errors:
===================================
  Date: 2013-05-02 09:25:36.098
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\RtkAPO64.dll because the set of per-page image hashes could not be found on the system.
 
 
==================== Memory info =========================== 
 
Processor: AMD A10-4600M APU with Radeon™ HD Graphics 
Percentage of memory in use: 77%
Total physical RAM: 5596.73 MB
Available physical RAM: 1278.85 MB
Total Pagefile: 13706.39 MB
Available Pagefile: 6303.83 MB
Total Virtual: 131072 MB
Available Virtual: 131071.85 MB
 
==================== Drives ================================
 
Drive c: (TI10649600G) (Fixed) (Total:585.55 GB) (Free:185.36 GB) NTFS
Drive e: (Alg2-3) (CDROM) (Total:3.76 GB) (Free:0 GB) CDFS
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (Size: 596.2 GB) (Disk ID: 00000000)
 
Partition: GPT Partition Type.
 
==================== End Of Log ============================


#11 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 37,998 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:08:25 AM

Posted 04 November 2014 - 08:40 PM

Greetings,

If your Volume Mixer is back to normal then the fix worked. Now please do this.

===================================================

Farbar's Recovery Scan Tool - Run Fix in Normal or Safe Mode

--------------------
  • Press the Windows key Windows_Logo_key.gif + r on your keyboard at the same time. Type in notepad and press Enter
  • Please copy and paste the contents of the below code box into the open notepad and save it to your desktop (<<<Important) as fixlist.txt
AlternateDataStreams: C:\ProgramData\TEMP:8D09CB9B
AlternateDataStreams: C:\ProgramData\TEMP:A41FEAA2
AlternateDataStreams: C:\Users\mathb_000\Downloads\Registration approved for Web seminar_ Meet the Greeks 1 - The Land and the History.eml:OECustomProperty
CustomCLSID: HKU\S-1-5-21-3713096268-3473879634-948429423-1001_Classes\CLSID\{355EC88A-02E2-4547-9DEE-F87426484BD1}\InprocServer32 -> C:\Users\mathb_000\AppData\Local\Google\Update\1.3.23.9\psuser_64.dll No File
CustomCLSID: HKU\S-1-5-21-3713096268-3473879634-948429423-1001_Classes\CLSID\{90B3DFBF-AF6A-4EA0-8899-F332194690F8}\InprocServer32 -> C:\Users\mathb_000\AppData\Local\Google\Update\1.3.24.15\psuser_64.dll No File
CustomCLSID: HKU\S-1-5-21-3713096268-3473879634-948429423-1001_Classes\CLSID\{E8CF3E55-F919-49D9-ABC0-948E6CB34B9F}\InprocServer32 -> C:\Users\mathb_000\AppData\Local\Google\Update\1.3.24.15\psuser_64.dll No File
CustomCLSID: HKU\S-1-5-21-3713096268-3473879634-948429423-1001_Classes\CLSID\{FE498BAB-CB4C-4F88-AC3F-3641AAAF5E9E}\InprocServer32 -> C:\Users\mathb_000\AppData\Local\Google\Update\1.3.24.7\psuser_64.dll No File
  • Launch FRST and press the Fix button just once and wait, the program will automatically launch fixlist.txt.
  • The tool will create a log on the desktop called Fixlog.txt. Please copy and paste the contents of the file in your reply.
===================================================

Things I would like to see in your next reply. Please be sure to copy and paste any requested log information unless you are asked to attach it. :thumbsup2:
  • Fixlist

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#12 Math.

Math.
  • Topic Starter

  • Members
  • 36 posts
  • OFFLINE
  •  
  • Local time:12:25 PM

Posted 04 November 2014 - 08:48 PM

Got the fixlist this time! Only after accidentally running the old one again though...

 

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 02-11-2014
Ran by mathb_000 at 2014-11-04 20:47:33 Run:3
Running from C:\Users\mathb_000\Desktop
Loaded Profile: mathb_000 (Available profiles: mathb_000)
Boot Mode: Normal
==============================================
 
Content of fixlist:
*****************
AlternateDataStreams: C:\ProgramData\TEMP:8D09CB9B
AlternateDataStreams: C:\ProgramData\TEMP:A41FEAA2
AlternateDataStreams: C:\Users\mathb_000\Downloads\Registration approved for Web seminar_ Meet the Greeks 1 - The Land and the History.eml:OECustomProperty
CustomCLSID: HKU\S-1-5-21-3713096268-3473879634-948429423-1001_Classes\CLSID\{355EC88A-02E2-4547-9DEE-F87426484BD1}\InprocServer32 -> C:\Users\mathb_000\AppData\Local\Google\Update\1.3.23.9\psuser_64.dll No File
CustomCLSID: HKU\S-1-5-21-3713096268-3473879634-948429423-1001_Classes\CLSID\{90B3DFBF-AF6A-4EA0-8899-F332194690F8}\InprocServer32 -> C:\Users\mathb_000\AppData\Local\Google\Update\1.3.24.15\psuser_64.dll No File
CustomCLSID: HKU\S-1-5-21-3713096268-3473879634-948429423-1001_Classes\CLSID\{E8CF3E55-F919-49D9-ABC0-948E6CB34B9F}\InprocServer32 -> C:\Users\mathb_000\AppData\Local\Google\Update\1.3.24.15\psuser_64.dll No File
CustomCLSID: HKU\S-1-5-21-3713096268-3473879634-948429423-1001_Classes\CLSID\{FE498BAB-CB4C-4F88-AC3F-3641AAAF5E9E}\InprocServer32 -> C:\Users\mathb_000\AppData\Local\Google\Update\1.3.24.7\psuser_64.dll No File
*****************
 
C:\ProgramData\TEMP => ":8D09CB9B" ADS removed successfully.
C:\ProgramData\TEMP => ":A41FEAA2" ADS removed successfully.
C:\Users\mathb_000\Downloads\Registration approved for Web seminar_ Meet the Greeks 1 - The Land and the History.eml => ":OECustomProperty" ADS removed successfully.
"HKU\S-1-5-21-3713096268-3473879634-948429423-1001_Classes\CLSID\{355EC88A-02E2-4547-9DEE-F87426484BD1}" => Key deleted successfully.
"HKU\S-1-5-21-3713096268-3473879634-948429423-1001_Classes\CLSID\{90B3DFBF-AF6A-4EA0-8899-F332194690F8}" => Key deleted successfully.
"HKU\S-1-5-21-3713096268-3473879634-948429423-1001_Classes\CLSID\{E8CF3E55-F919-49D9-ABC0-948E6CB34B9F}" => Key deleted successfully.
"HKU\S-1-5-21-3713096268-3473879634-948429423-1001_Classes\CLSID\{FE498BAB-CB4C-4F88-AC3F-3641AAAF5E9E}" => Key deleted successfully.
 
==== End of Fixlog ====

Edited by Math., 04 November 2014 - 08:49 PM.


#13 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 37,998 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:08:25 AM

Posted 04 November 2014 - 08:49 PM

That looks good. Are you having any issues?
Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#14 Math.

Math.
  • Topic Starter

  • Members
  • 36 posts
  • OFFLINE
  •  
  • Local time:12:25 PM

Posted 04 November 2014 - 08:52 PM

Other then the battery dying rather rapidly and the disk spinning really fast during light internet browsing (System taking up 60-70% of the Disk, mostly after ending a process, just recently started), then no.


Edited by Math., 04 November 2014 - 08:57 PM.


#15 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 37,998 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:08:25 AM

Posted 04 November 2014 - 09:07 PM

Hi Adam,

I would like to run one more scan to make sure these are not malware issues. Please do this.

===================================================

Emsisoft Emergency Kit Scan

--------------------
  • Download Emsisoft Emergency Kit and save it to your desktop.
  • Double click on the EmsisoftEmergencyKit.exe icon, click Run then Extract
  • Double click the Start Emsisoft Emergency Kit icon that will appear after extraction
  • Click Yes to update the program
  • Once the update is completed click the Back button
  • Click on 2. Scan (not Quick Scan or Smart Scan)
  • Click Yes to detect Potentially Unwanted Programs (PUPs)
  • Patiently wait for the thorough scan to complete, this can be a lengthy process
  • Once completed click Quarantine selected objects (if computer is clean you will not have this option) then click OK
  • Click View Report
  • Attach the report to your reply
  • Close the program then click Close
===================================================

Things I would like to see in your next reply. Please be sure to copy and paste any requested log information unless you are asked to attach it. :thumbsup2:
  • Attached Emsisoft report

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users