Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

How do you remove the underlined green pop-ups?


  • This topic is locked This topic is locked
19 replies to this topic

#1 hazelludlow

hazelludlow

  • Members
  • 40 posts
  • OFFLINE
  •  
  • Local time:12:23 PM

Posted 23 October 2014 - 06:12 PM

I've just come across these links and they are a bit annoying, though avoidable.  How do i remove them from my browsers?  I have fixed the Chrome incident, but Firefox still alludes me.  I have tried the simple methods (remove extensions) and four different malware/virus programs as well as opting out from the companies, but this doesn't seem to work.  Are they at all harmful or just more advertising...that is my main question other than their removal.  

 

thanks much,

 

 



BC AdBot (Login to Remove)

 


#2 LiquidTension

LiquidTension

  • Malware Response Team
  • 1,278 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:06:23 PM

Posted 27 October 2014 - 02:31 PM

Hello hazelludlow, welcome to Bleeping Computer's Malware Removal forum!
 
My username is LiquidTension, but you can call me Adam. I will be assisting you with your malware-related problems.
If you would allow me to call you by your first name I would prefer that.  smile.png
 
======================================================
 
Please read through the points below to ensure this process moves as quickly and efficiently as possible.

  • Please read through my instructions thoroughly, and ensure you carry out each step in the order specified.
  • Please do not post logs using the CODEQUOTE or ATTACHMENT format. Logs should be posted directly in plain text. If you receive an error whilst posting, please break the log in half and use multiple posts.
  • Please do not run any tools or take any steps other than those I provide for you. Independent efforts may make matters worse, and will affect my ability in ascertaining the current situation and providing the best set of instructions for you.
  • Please backup important files before proceeding with my instructions. Malware removal can be unpredictable.  
  • If you come across any issues whilst following my instructions, please stop and inform me of the issue in as much detail as possible. Please do not hesitate to ask before proceeding.
  • Topics are locked if no response is made after 4 days. Please inform me if you require additional time to complete my instructions.
  • Ensure you are following this topic. Click etYzdbu.png at the top of the page. 
     

======================================================
 

and four different malware/virus programs

Which programmes have you run?

STEP 1
BY4dvz9.png AdwCleaner

  • Please download AdwCleaner and save the file to your Desktop.
  • Right-Click AdwCleaner.exe and select AVOiBNU.jpg Run as administrator to run the programme.
  • Follow the prompts. 
  • Click Scan
  • Upon completion, click Report. A log (AdwCleaner[R0].txt) will open. Briefly check the log for anything you know to be legitimate. 
  • Ensure anything you know to be legitimate does not have a checkmark, and click Clean
  • Follow the prompts and allow your computer to reboot
  • After rebooting, a log (AdwCleaner[S0].txt) will open. Copy the contents of the log and paste in your next reply.

-- File and registry key backups are made for anything removed using this tool. Should a legitimate entry be removed (otherwise known as a 'false-positive'), simple steps can be taken to restore the entry. Please do not overly concern yourself with the contents of AdwCleaner[R0].txt.
 

STEP 2
xlK5Hdb.png Farbar Recovery Scan Tool (FRST) Scan

  • Please download Farbar Recovery Scan Tool (x32) or Farbar Recovery Scan Tool (x64) and save the file to your Desktop.
  • Note: Download and run the version compatible with your system (32 or 64-bit). Download both if you're unsure; only one will run.
  • Right-Click FRST.exe / FRST64.exe and select AVOiBNU.jpg Run as administrator to run the programme.
  • Click Yes to the disclaimer.
  • Ensure the Addition.txt box is checked.
  • Click the Scan button and let the programme run.
  • Upon completion, click OK, then OK on the Addition.txt pop up screen.
  • Two logs (FRST.txt & Addition.txt) will now be open on your Desktop. Copy the contents of both logs and paste in your next reply. 
     

======================================================
 
STEP 3
pfNZP4A.png Logs
In your next reply please include the following logs. Please be sure to copy and paste the requested logs, as well as provide information on any questions I may have asked.

  • Which programmes have you run?
  • AdwCleaner[S0].txt
  • FRST.txt
  • Addition.txt

Posted Image

#3 hazelludlow

hazelludlow
  • Topic Starter

  • Members
  • 40 posts
  • OFFLINE
  •  
  • Local time:12:23 PM

Posted 28 October 2014 - 02:10 PM

am about to go through the process...

 

thank you, adam



#4 LiquidTension

LiquidTension

  • Malware Response Team
  • 1,278 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:06:23 PM

Posted 28 October 2014 - 02:18 PM

No problem. 

Please answer my question as well. Which programmes did you run before posting here?


Posted Image

#5 hazelludlow

hazelludlow
  • Topic Starter

  • Members
  • 40 posts
  • OFFLINE
  •  
  • Local time:12:23 PM

Posted 28 October 2014 - 02:35 PM

here ya go...

 

AdwCleaner

AdAware

Malwarebytes 

JRT

Avast

 

# AdwCleaner v4.002 - Report created 28/10/2014 at 13:16:34
# DB v2014-10-26.6
# Updated 27/10/2014 by Xplode
# Operating System : Windows 7 Home Premium Service Pack 1 (64 bits)
# Username : brian - ARKHAMCOUNTY
# Running from : C:\Users\brian\Desktop\AdwCleaner.exe
# Option : Clean
 
***** [ Services ] *****
 
 
***** [ Files / Folders ] *****
 
 
***** [ Scheduled Tasks ] *****
 
 
***** [ Shortcuts ] *****
 
 
***** [ Registry ] *****
 
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\GoogleUpdate.exe
 
***** [ Browsers ] *****
 
-\\ Internet Explorer v11.0.9600.17344
 
 
-\\ Mozilla Firefox v32.0.3 (x86 en-US)
 
 
-\\ Google Chrome v
 
 
*************************
 
AdwCleaner[R0].txt - [21275 octets] - [25/02/2014 20:50:56]
AdwCleaner[R1].txt - [2198 octets] - [23/10/2014 12:57:33]
AdwCleaner[R2].txt - [1343 octets] - [23/10/2014 15:08:30]
AdwCleaner[R3].txt - [1274 octets] - [24/10/2014 17:24:33]
AdwCleaner[R4].txt - [1366 octets] - [28/10/2014 13:13:51]
AdwCleaner[S0].txt - [21312 octets] - [25/02/2014 20:52:49]
AdwCleaner[S1].txt - [2212 octets] - [23/10/2014 12:59:38]
AdwCleaner[S2].txt - [1405 octets] - [23/10/2014 15:11:57]
AdwCleaner[S3].txt - [1331 octets] - [24/10/2014 17:27:21]
AdwCleaner[S4].txt - [1283 octets] - [28/10/2014 13:16:34]
 
########## EOF - C:\AdwCleaner\AdwCleaner[S4].txt - [1343 octets] ##########
 
 
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 27-10-2014 01
Ran by brian (administrator) on ARKHAMCOUNTY on 28-10-2014 13:24:22
Running from C:\Users\brian\Desktop
Loaded Profile: brian (Available profiles: brian & Mcx1-ARKHAMCITY & DefaultAppPool)
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: English (United States)
Internet Explorer Version 11
Boot Mode: Normal
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(Microsoft Corporation) C:\Windows\System32\audiodg.exe
(Wacom Technology, Corp.) C:\Program Files\Tablet\Pen\WTabletServiceCon.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Elements Organizer 8.0\PhotoshopElementsFileAgent.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe
(Hewlett-Packard Company) C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
(Native Instruments GmbH) C:\Program Files\Common Files\Native Instruments\Hardware\NIHardwareService.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
() C:\Windows\SysWOW64\PnkBstrA.exe
(GlavSoft LLC.) C:\Program Files\TightVNC\tvnserver.exe
(M-Audio) C:\Program Files (x86)\M-Audio\USB MIDI Series\AudioDevMon.exe
(WDC) C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(Wacom Technology, Corp.) C:\Program Files\Tablet\Pen\Pen_TabletUser.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(Wacom Technology) C:\Program Files\Tablet\Pen\WacomHost.exe
(Wacom Technology, Corp.) C:\Program Files\Tablet\Pen\Pen_Tablet.exe
(Wacom Technology, Corp.) C:\Program Files\Tablet\Pen\Pen_TouchUser.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.25.5\GoogleCrashHandler.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.25.5\GoogleCrashHandler64.exe
(Hewlett-Packard) C:\Program Files (x86)\Hewlett-Packard\HP Odometer\hpsysdrv.exe
(Microsoft Corporation) C:\Program Files\Microsoft Xbox 360 Accessories\XBoxStat.exe
(Logitech, Inc.) C:\Program Files\Logitech\SetPointP\SetPoint.exe
() C:\Program Files (x86)\mysms\mysms.exe
(Logitech, Inc.) C:\Program Files\Common Files\LogiShrd\KHAL3\KHALMNPR.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(DonationCoder) C:\Program Files (x86)\ScreenshotCaptor\ScreenshotCaptor.exe
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
(Actual Tools) C:\Program Files (x86)\Actual Multiple Monitors\ActualMultipleMonitorsCenter.exe
(Hewlett-Packard) C:\Program Files (x86)\Hp\HP Software Update\hpwuschd2.exe
(Evernote Corp., 305 Walnut Street, Redwood City, CA 94063) C:\Program Files (x86)\Evernote\Evernote\EvernoteTray.exe
(Razer Inc.) C:\Program Files (x86)\Razer\Synapse\RzSynapse.exe
(VIA TECH) C:\Program Files (x86)\VIA\VIAudioi\EnvyADeck\EnMixCPL.exe
(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe
(Evernote Corp., 305 Walnut Street, Redwood City, CA 94063) C:\Program Files (x86)\Evernote\Evernote\Evernote.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe
(Actual Tools) C:\Program Files (x86)\Actual Multiple Monitors\ActualMultipleMonitorsCenter64.exe
(Actual Tools) C:\Program Files (x86)\Actual Multiple Monitors\ActualMultipleMonitorsShellCenter64.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(Evernote Corp., 305 Walnut Street, Redwood City, CA 94063) C:\Program Files (x86)\Evernote\Evernote\EvernoteClipper.exe
(Google Inc.) C:\Users\brian\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\brian\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\brian\AppData\Local\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Google Inc.) C:\Users\brian\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\brian\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\brian\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\brian\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\brian\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\brian\AppData\Local\Google\Chrome\Application\chrome.exe
(Valve Corporation) C:\Program Files (x86)\Steam\Steam.exe
(Valve Corporation) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
(Valve Corporation) C:\Program Files (x86)\Common Files\Steam\SteamService.exe
(Google Inc.) C:\Users\brian\AppData\Local\Google\Chrome\Application\chrome.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
 
 
==================== Registry (Whitelisted) ==================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [hpsysdrv] => c:\program files (x86)\hewlett-packard\HP odometer\hpsysdrv.exe [62768 2008-11-20] (Hewlett-Packard)
HKLM\...\Run: [XboxStat] => C:\Program Files\Microsoft Xbox 360 Accessories\XboxStat.exe [825184 2009-09-30] (Microsoft Corporation)
HKLM\...\Run: [Logitech Download Assistant] => C:\Windows\system32\rundll32.exe C:\Windows\System32\LogiLDA.dll,LogiFetch
HKLM\...\Run: [EvtMgr6] => C:\Program Files\Logitech\SetPointP\SetPoint.exe [3100440 2014-05-19] (Logitech, Inc.)
HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2461504 2014-09-16] (NVIDIA Corporation)
HKLM\...\Run: [ShadowPlay] => C:\windows\system32\rundll32.exe C:\windows\system32\nvspcap64.dll,ShadowPlayOnSystemStart
HKLM-x32\...\Run: [HP Software Update] => c:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe [49208 2011-05-10] (Hewlett-Packard)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959176 2014-08-21] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Razer Synapse] => C:\Program Files (x86)\Razer\Synapse\RzSynapse.exe [585536 2014-09-29] (Razer Inc.)
HKLM-x32\...\Run: [EnvyHFCPL] => C:\Program Files (x86)\VIA\VIAudioi\EnvyADeck\EnMixCPL.exe [543352 2012-11-23] (VIA TECH)
HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [157480 2014-10-15] (Apple Inc.)
HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [5223016 2014-10-23] (AVAST Software)
HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2014-10-02] (Apple Inc.)
HKLM\...\RunOnce: [NCPluginUpdater] => C:\Program Files (x86)\Hewlett-Packard\HP Health Check\ActiveCheck\product_line\NCPluginUpdater.exe [21720 2014-10-21] (Hewlett-Packard)
Winlogon\Notify\igfxcui: C:\WINDOWS\SYSTEM32\igfxdev.dll (Intel Corporation)
Winlogon\Notify\LBTWlgn: c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll (Logitech, Inc.)
HKU\S-1-5-21-675510566-695927744-2032809450-1000\...\Run: [Google Update] => C:\Users\brian\AppData\Local\Google\Update\GoogleUpdate.exe [116648 2012-09-26] (Google Inc.)
HKU\S-1-5-21-675510566-695927744-2032809450-1000\...\Run: [mysms] => C:\Program Files (x86)\mysms\mysms.exe [709632 2014-07-31] ()
HKU\S-1-5-21-675510566-695927744-2032809450-1000\...\Run: [AVG-Secure-Search-Update_1113a] => C:\Users\brian\AppData\Roaming\AVG 1113a Campaign\AVG-Secure-Search-Update-1113a.exe /PROMPT /mid=01d2a1b5c0cc47d082753909b497f74b-292a3202723fddab8aa9c1d45efcd6bc36186266 /CMPID=1113a
HKU\S-1-5-21-675510566-695927744-2032809450-1000\...\Run: [Steam] => C:\Program Files (x86)\Steam\steam.exe [1940672 2014-10-28] (Valve Corporation)
HKU\S-1-5-21-675510566-695927744-2032809450-1000\...\Run: [AvgUpdater] => C:\ProgramData\Avg_Update_0414b\0414b_AVG-Secure-Search-Update.exe  /SETINFO /CMPID=0414b /INFORETRY=2
HKU\S-1-5-21-675510566-695927744-2032809450-1000\...\Run: [Screenshot Captor] => C:\Program Files (x86)\ScreenshotCaptor\ScreenshotCaptor.exe [6852376 2012-07-06] (DonationCoder)
HKU\S-1-5-21-675510566-695927744-2032809450-1000\...\Run: [Actual Multiple Monitors] => C:\Program Files (x86)\Actual Multiple Monitors\ActualMultipleMonitorsCenter.exe [1735472 2013-04-15] (Actual Tools)
HKU\S-1-5-21-675510566-695927744-2032809450-1000\...\MountPoints2: {f480df1a-aef0-11e1-9229-806e6f6e6963} - E:\autorun.exe
HKU\S-1-5-18\...\Run: [Copy] => "C:\Users\brian\AppData\Roaming\Copy\CopyAgent.exe"
Startup: C:\Users\brian\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\EvernoteTray.lnk
ShortcutTarget: EvernoteTray.lnk -> C:\Program Files (x86)\Evernote\Evernote\EvernoteTray.exe (Evernote Corp., 305 Walnut Street, Redwood City, CA 94063)
ShellIconOverlayIdentifiers: [000BoxDesktopFileLocked] -> {C253B817-3A00-475f-A5A3-6F2DD704B48D} => C:\WINDOWS\SYSTEM32\mscoree.dll (Microsoft Corporation)
ShellIconOverlayIdentifiers: [000BoxDesktopNotSynced] -> {19ACC806-F7AA-46AA-A80A-726A07CA6637} => C:\WINDOWS\SYSTEM32\mscoree.dll (Microsoft Corporation)
ShellIconOverlayIdentifiers: [000BoxDesktopNotSyncedCollabs] -> {337D9DE0-3F8B-4430-AF0F-FFC24A95AE8F} => C:\WINDOWS\SYSTEM32\mscoree.dll (Microsoft Corporation)
ShellIconOverlayIdentifiers: [000BoxDesktopSynced] -> {B7AC9C6D-F15B-4B1A-A88D-F518D13861D9} => C:\WINDOWS\SYSTEM32\mscoree.dll (Microsoft Corporation)
ShellIconOverlayIdentifiers: [000BoxDesktopSyncedCollab] -> {9E48C232-F601-4E41-BB3E-16CBAF317AA4} => C:\WINDOWS\SYSTEM32\mscoree.dll (Microsoft Corporation)
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll (AVAST Software)
ShellIconOverlayIdentifiers: [1aCopyShExtError] -> {83BEA36E-7680-4598-A4DF-994426F6E78D} => C:\Users\brian\AppData\Roaming\Copy\overlay\CopyShExt.dll No File
ShellIconOverlayIdentifiers: [2aCopyShExtSynced] -> {845B7388-6F85-4F32-9FD5-F02DC7882B89} => C:\Users\brian\AppData\Roaming\Copy\overlay\CopyShExt.dll No File
ShellIconOverlayIdentifiers: [3aCopyShExtSyncing] -> {F6378A7A-F753-449B-AE1B-997A96132E61} => C:\Users\brian\AppData\Roaming\Copy\overlay\CopyShExt.dll No File
ShellIconOverlayIdentifiers: [4aCopyShExtSyncingProg1] -> {3A511828-777D-46F8-82F4-5B530C1B3D9E} => C:\Users\brian\AppData\Roaming\Copy\overlay\CopyShExt.dll No File
ShellIconOverlayIdentifiers: [5aCopyShExtSyncingProg2] -> {C8C88204-5B14-40EC-BA72-8AEBC762047E} => C:\Users\brian\AppData\Roaming\Copy\overlay\CopyShExt.dll No File
ShellIconOverlayIdentifiers: [6aCopyShExtSyncingProg3] -> {ACFF45C3-3EEB-4351-86C2-6696BA264239} => C:\Users\brian\AppData\Roaming\Copy\overlay\CopyShExt.dll No File
ShellIconOverlayIdentifiers: [7aCopyShExtSyncingProg4] -> {29AF997F-488B-46F0-AE78-7146F1B89CC3} => C:\Users\brian\AppData\Roaming\Copy\overlay\CopyShExt.dll No File
ShellIconOverlayIdentifiers: [8aCopyShExtSyncingProg5] -> {03F9AD29-1C78-4B66-8890-B177B5430C53} => C:\Users\brian\AppData\Roaming\Copy\overlay\CopyShExt.dll No File
ShellIconOverlayIdentifiers: [DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\brian\AppData\Roaming\Dropbox\bin\DropboxExt64.19.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\brian\AppData\Roaming\Dropbox\bin\DropboxExt64.19.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [DropboxExt3] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\brian\AppData\Roaming\Dropbox\bin\DropboxExt64.19.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [DropboxExt4] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\brian\AppData\Roaming\Dropbox\bin\DropboxExt64.19.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\brian\AppData\Roaming\Dropbox\bin\DropboxExt.19.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\brian\AppData\Roaming\Dropbox\bin\DropboxExt.19.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [DropboxExt3] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\brian\AppData\Roaming\Dropbox\bin\DropboxExt.19.dll (Dropbox, Inc.)
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-US
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://hp-desktop.us.msn.com/
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0x16D9133A9A97CE01
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.com
SearchScopes: HKLM-x32 - {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = http://rover.ebay.com/rover/1/711-30572-11896-1/4?mpre=http://www.ebay.com/sch/i.html?_nkw={searchTerms}
SearchScopes: HKCU - {3E1BCB98-8F6E-429C-9D10-180B59AD12BF} URL = http://search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&ilc=12&type=293224&p={searchTerms}
SearchScopes: HKCU - {D874E16D-B481-44A6-805B-014721441E10} URL = https://search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&ilc=12&type=282369&p={searchTerms}
SearchScopes: HKCU - {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = 
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Logitech SetPoint -> {AF949550-9094-4807-95EC-D1C317803333} -> C:\Program Files\Logitech\SetPointP\SetPointSmooth.dll (Logitech, Inc.)
BHO: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPluginx64.dll (Hewlett-Packard)
BHO-x32: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Evernote extension -> {92EF2EAD-A7CE-4424-B0DB-499CF856608E} -> C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll (Evernote Corp., 305 Walnut Street, Redwood City, CA 94063)
BHO-x32: Logitech SetPoint -> {AF949550-9094-4807-95EC-D1C317803333} -> C:\Program Files\Logitech\SetPointP\32-bit\SetPointSmooth.dll (Logitech, Inc.)
BHO-x32: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll (Hewlett-Packard)
Toolbar: HKCU - No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} -  No File
Handler: belarc - {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} -  No File
Handler-x32: belarc - {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - C:\Program Files (x86)\Belarc\Advisor\System\BAVoilaX.dll (Belarc, Inc.)
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{05ADDD4D-FF42-47F4-A6F6-A367BB55109F}: [NameServer] 8.8.8.8,8.8.4.4
 
FireFox:
========
FF ProfilePath: C:\Users\brian\AppData\Roaming\Mozilla\Firefox\Profiles\brian
FF Homepage: hxxp://www.amesburyma.gov/
FF Plugin: @adobe.com/FlashPlayer -> C:\windows\system32\Macromed\Flash\NPSWF64_15_0_0_189.dll ()
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @wacom.com/wtPlugin,version=2.1.0.2 -> C:\Program Files\TabletPlugins\npWacomTabletPlugin.dll (Wacom)
FF Plugin-x32: @3dvia.com/3DVIAVirtualMachine -> C:\Program Files (x86)\3DVIA\3DVIAStudioPlayer\bin\win32_dynamic\release_licensed\np3DVIAplayer.dll (© 2011 Dassault Systèmes)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\windows\SysWOW64\Macromed\Flash\NPSWF32_15_0_0_189.dll ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @canon.com/MycameraPlugin -> C:\Program Files (x86)\Canon\MyCamera Download Plugin\NPCIG.dll (CANON INC.)
FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin-x32: @MagellanGPS.com/CommunicationPlugin -> C:\Program Files (x86)\Magellan\Magellan Communicator\npMgnPlg.dll (Magellan Navigation, Inc.)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3538.0513 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3555.0308 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @nullsoft.com/winampDetector;version=1 -> C:\Program Files (x86)\Winamp Detect\npwachk.dll (Nullsoft, Inc.)
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.25.5\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.25.5\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.0.8 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.1.1 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.1.3 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.1.5 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: @wacom.com/wacom-plugin,version=1.1.0.10 -> C:\Program Files (x86)\TabletPlugins\npwacom.dll (Wacom, Inc.)
FF Plugin-x32: @wacom.com/wtPlugin,version=2.0.0.1 -> C:\Program Files (x86)\TabletPlugins\npWacomTabletPlugin.dll (Wacom)
FF Plugin-x32: @wacom.com/wtPlugin,version=2.1.0.2 -> C:\Program Files (x86)\TabletPlugins\npWacomTabletPlugin.dll (Wacom)
FF Plugin-x32: @wacom.com/wtPlugin,version=2.1.0.3 -> C:\Program Files (x86)\TabletPlugins\npWacomTabletPlugin.dll (Wacom)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: @tools.google.com/Google Update;version=3 -> C:\Users\brian\AppData\Local\Google\Update\1.3.25.5\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKCU: @tools.google.com/Google Update;version=9 -> C:\Users\brian\AppData\Local\Google\Update\1.3.25.5\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKCU: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\brian\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
FF Plugin HKCU: wacom.com/WacomTabletPlugin -> C:\Program Files (x86)\TabletPlugins\npWacomTabletPlugin.dll (Wacom)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\np32dsw.dll (Macromedia, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin2.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin3.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin4.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin5.dll (Apple Inc.)
FF SearchPlugin: C:\Users\brian\AppData\Roaming\Mozilla\Firefox\Profiles\brian\searchplugins\duckduckgo-http.xml
FF SearchPlugin: C:\Users\brian\AppData\Roaming\Mozilla\Firefox\Profiles\brian\searchplugins\google-default.xml
FF SearchPlugin: C:\Users\brian\AppData\Roaming\Mozilla\Firefox\Profiles\brian\searchplugins\yahoo_ff.xml
FF Extension: Flash Video Downloader - YouTube Full HD Download - C:\Users\brian\AppData\Roaming\Mozilla\Firefox\Profiles\brian\Extensions\artur.dubovoy@gmail.com [2014-07-31]
FF Extension: Xmarks - C:\Users\brian\AppData\Roaming\Mozilla\Firefox\Profiles\brian\Extensions\foxmarks@kei.com [2014-07-25]
FF Extension: AddThis - C:\Users\brian\AppData\Roaming\Mozilla\Firefox\Profiles\brian\Extensions\{3e0e7d2a-070f-4a47-b019-91fe5385ba79} [2014-01-26]
FF Extension: Evernote Web Clipper - C:\Users\brian\AppData\Roaming\Mozilla\Firefox\Profiles\brian\Extensions\{E0B8C461-F8FB-49b4-8373-FE32E9252800} [2014-01-26]
FF Extension: QRSrc - C:\Users\brian\AppData\Roaming\Mozilla\Firefox\Profiles\brian\Extensions\extension@qrsrc.com.xpi [2014-01-26]
FF Extension: Flagfox - C:\Users\brian\AppData\Roaming\Mozilla\Firefox\Profiles\brian\Extensions\{1018e4d6-728f-4b20-ad56-37578a4de76b}.xpi [2014-03-08]
FF HKLM-x32\...\Firefox\Extensions: [{F003DA68-8256-4b37-A6C4-350FA04494DF}] - C:\Program Files\Logitech\SetPointP\LogiSmoothFirefoxExt
FF Extension: Logitech SetPoint - C:\Program Files\Logitech\SetPointP\LogiSmoothFirefoxExt [2014-06-11]
FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: Avast Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2014-10-23]
 
Chrome: 
=======
CHR HomePage: Default -> hxxp://search.conduit.com/?ctid=CT3317187&octid=EB_ORIGINAL_CTID&SearchSource=55&CUI=&UM=2&UP=SP69E55F87-CF5F-4502-92E7-B4B07DBA3790&SSPV=
CHR StartupUrls: Default -> "hxxp://www.miskatonic-university.org/"
CHR Plugin: (Widevine Content Decryption Module) - C:\Users\brian\AppData\Local\Google\Chrome\User Data\WidevineCDM\1.4.5.671\_platform_specific\win_x86\widevinecdmadapter.dll No File
CHR Plugin: (Shockwave Flash) - C:\Users\brian\AppData\Local\Google\Chrome\Application\38.0.2125.111\PepperFlash\pepflashplayer.dll ()
CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Users\brian\AppData\Local\Google\Chrome\Application\38.0.2125.111\ppGoogleNaClPluginChrome.dll No File
CHR Plugin: (Chrome PDF Viewer) - C:\Users\brian\AppData\Local\Google\Chrome\Application\38.0.2125.111\pdf.dll ()
CHR Plugin: (Shockwave for Director) - C:\Program Files (x86)\Mozilla Firefox\plugins\np32dsw.dll (Macromedia, Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.5) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.5) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin2.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.5) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin3.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.5) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin4.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.5) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin5.dll (Apple Inc.)
CHR Plugin: (3DVIAStudioPlayer) - C:\Program Files (x86)\3DVIA\3DVIAStudioPlayer\bin\win32_dynamic\release_licensed\np3DVIAplayer.dll (© 2011 Dassault Systèmes)
CHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
CHR Plugin: (NPCIG.dll) - C:\Program Files (x86)\Canon\MyCamera Download Plugin\NPCIG.dll (CANON INC.)
CHR Plugin: (Google Earth Plugin) - C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
CHR Plugin: (Java Deployment Toolkit 7.0.670.1) - C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll No File
CHR Plugin: (Java™ Platform SE 7 U67) - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll No File
CHR Plugin: (Magellan Plug-In) - C:\Program Files (x86)\Magellan\Magellan Communicator\npMgnPlg.dll (Magellan Navigation, Inc.)
CHR Plugin: (Silverlight Plug-In) - C:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
CHR Plugin: (NVIDIA 3D Vision) - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
CHR Plugin: (NVIDIA 3D VISION) - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
CHR Plugin: (WacomTabletPlugin) - C:\Program Files (x86)\TabletPlugins\npWacomTabletPlugin.dll (Wacom)
CHR Plugin: ( Wacom Dynamic Link Library) - C:\Program Files (x86)\TabletPlugins\npwacom.dll (Wacom, Inc.)
CHR Plugin: (VLC Web Plugin) - C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
CHR Plugin: (Winamp Application Detector) - C:\Program Files (x86)\Winamp Detect\npwachk.dll (Nullsoft, Inc.)
CHR Plugin: (Windows Live™ Photo Gallery) - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
CHR Plugin: (iTunes Application Detector) - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
CHR Plugin: (Unity Player) - C:\Users\brian\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
CHR Plugin: (Google Update) - C:\Users\brian\AppData\Local\Google\Update\1.3.24.15\npGoogleUpdate3.dll No File
CHR Plugin: (Shockwave Flash) - C:\windows\SysWOW64\Macromed\Flash\NPSWF32_15_0_0_152.dll No File
CHR Profile: C:\Users\brian\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Drive) - C:\Users\brian\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-01-01]
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\brian\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-05-25]
CHR Extension: (YouTube) - C:\Users\brian\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-01-01]
CHR Extension: (Google Search) - C:\Users\brian\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-01-01]
CHR Extension: (FVD Downloader) - C:\Users\brian\AppData\Local\Google\Chrome\User Data\Default\Extensions\lfmhcpmkbdkbgbmkjoiopeeegenkdikp [2014-10-23]
CHR Extension: (Black carbon + silver metal) - C:\Users\brian\AppData\Local\Google\Chrome\User Data\Default\Extensions\lodhggoaglindpoejnjldimdlikkphph [2014-10-27]
CHR Extension: (deviantART muro) - C:\Users\brian\AppData\Local\Google\Chrome\User Data\Default\Extensions\namljbfbglehfnlonjmebceimaalofei [2014-01-01]
CHR Extension: (Google Wallet) - C:\Users\brian\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-01-01]
CHR Extension: (Evernote Web Clipper) - C:\Users\brian\AppData\Local\Google\Chrome\User Data\Default\Extensions\pioclpoplcdbaefihamjohnefbikjilc [2014-10-23]
CHR Extension: (Gmail) - C:\Users\brian\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-01-01]
CHR HKCU\...\Chrome\Extension: [nemfjadlboooiffmcelkafilagddogim] - C:\Users\brian\AppData\Local\CRE\nemfjadlboooiffmcelkafilagddogim.crx []
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2014-10-23]
CHR HKLM-x32\...\Chrome\Extension: [nemfjadlboooiffmcelkafilagddogim] - C:\Users\brian\AppData\Local\CRE\nemfjadlboooiffmcelkafilagddogim.crx [2014-10-23]
 
==================== Services (Whitelisted) =================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [50344 2014-10-23] (AVAST Software)
R2 GfExperienceService; C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe [1149760 2014-09-16] (NVIDIA Corporation)
R2 HP Support Assistant Service; C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe [92160 2013-11-04] (Hewlett-Packard Company) [File not signed]
S3 IDriverT; C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [69632 2005-04-04] (Macrovision Corporation) [File not signed]
R2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1796928 2014-09-16] (NVIDIA Corporation)
R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [19440960 2014-09-16] (NVIDIA Corporation)
R2 PnkBstrA; C:\windows\SysWOW64\PnkBstrA.exe [75064 2014-03-23] ()
R2 tvnserver; C:\Program Files\TightVNC\tvnserver.exe [2179056 2013-07-19] (GlavSoft LLC.)
R2 USBMIDIAudioDevMon; C:\Program Files (x86)\M-Audio\USB MIDI Series\AudioDevMon.exe [1636872 2010-04-13] (M-Audio)
R2 W3SVC; C:\Windows\system32\inetsrv\iisw3adm.dll [453120 2010-11-20] (Microsoft Corporation)
R2 WDDMService; C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe [311296 2011-08-01] (WDC) [File not signed]
R2 WTabletServiceCon; C:\Program Files\Tablet\Pen\WTabletServiceCon.exe [619904 2012-12-11] (Wacom Technology, Corp.)
 
==================== Drivers (Whitelisted) ====================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [29208 2014-10-23] ()
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [82768 2014-10-23] (AVAST Software)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [93568 2014-10-23] (AVAST Software)
R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65776 2014-10-23] ()
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1049920 2014-10-23] (AVAST Software)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [436624 2014-10-23] (AVAST Software)
R2 aswStm; C:\Windows\system32\drivers\aswStm.sys [116728 2014-10-23] (AVAST Software)
R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [267632 2014-10-23] ()
S3 bcbtums; C:\Windows\System32\drivers\bcbtums.sys [163368 2012-03-31] (Broadcom Corporation.)
S3 BVRPMPR5; C:\windows\SysWOW64\drivers\BVRPMPR5.SYS [44224 2006-10-05] (BVRP Software) [File not signed]
S3 CMUSBDAC; C:\Windows\System32\DRIVERS\CMUSBDAC.sys [386560 2013-10-15] (C-Media Inc.)
R3 Envy24HFS; C:\Windows\System32\drivers\Envy24HF.sys [228368 2012-10-25] (VIA - IC Ensemble, Inc.)
S3 ffusb2audio; C:\Windows\System32\DRIVERS\ffusb2audio.sys [60248 2012-01-05] (Focusrite Audio Engineering Limited.)
S3 igfx; C:\Windows\System32\DRIVERS\igdkmd64.sys [12273408 2011-09-19] (Intel Corporation) [File not signed]
S3 LGSHidFilt; C:\Windows\System32\DRIVERS\LGSHidFilt.Sys [66360 2012-10-02] (Logitech Inc.)
S3 MAUSBMIDI; C:\Windows\System32\DRIVERS\MAudioUSBMIDI.sys [200200 2010-04-13] (M-Audio)
R3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [20288 2014-09-16] (NVIDIA Corporation)
R3 nvvad_WaveExtensible; C:\Windows\System32\drivers\nvvad64v.sys [38048 2014-09-04] (NVIDIA Corporation)
S3 pwdrvio; C:\windows\system32\pwdrvio.sys [19152 2013-09-30] ()
S3 pwdspio; C:\windows\system32\pwdspio.sys [12504 2013-09-30] ()
S3 rzjoystk; C:\Windows\System32\DRIVERS\rzjoystk.sys [19968 2011-03-24] (Razer USA Ltd)
R3 rzjstk; C:\Windows\System32\DRIVERS\rzjstk.sys [27816 2014-09-04] (Razer Inc)
R3 rzkeypadendpt; C:\Windows\System32\DRIVERS\rzkeypadendpt.sys [32936 2014-05-19] (Razer Inc)
S3 RzSynapse; C:\Windows\System32\DRIVERS\RzSynapse.sys [157184 2011-07-14] (Razer USA Ltd) [File not signed]
R3 SaiMini; C:\Windows\System32\DRIVERS\SaiMini.sys [25120 2013-02-01] (Saitek)
R3 SaiNtBus; C:\Windows\System32\drivers\SaiBus.sys [52640 2013-02-01] (Saitek)
S3 btwampfl; \??\C:\windows\system32\drivers\btwampfl.sys [X]
S3 btwaudio; system32\drivers\btwaudio.sys [X]
S3 btwavdt; system32\DRIVERS\btwavdt.sys [X]
S3 btwl2cap; system32\DRIVERS\btwl2cap.sys [X]
S3 btwrchid; system32\DRIVERS\btwrchid.sys [X]
S3 IntcAzAudAddService; system32\drivers\RTKVHD64.sys [X]
S3 wacommousefilter; system32\DRIVERS\wacommousefilter.sys [X]
S3 wacomvhid; system32\DRIVERS\wacomvhid.sys [X]
 
==================== NetSvcs (Whitelisted) ===================
 
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
 
 
==================== One Month Created Files and Folders ========
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2014-10-28 13:24 - 2014-10-28 13:24 - 00035042 _____ () C:\Users\brian\Desktop\FRST.txt
2014-10-28 13:24 - 2014-10-28 13:24 - 00000000 ____D () C:\FRST
2014-10-28 13:22 - 2014-10-28 13:22 - 02113024 _____ (Farbar) C:\Users\brian\Desktop\FRST64.exe
2014-10-28 13:20 - 2014-10-28 13:20 - 00001423 _____ () C:\Users\brian\Desktop\AdwCleaner[S4].txt
2014-10-28 13:12 - 2014-10-28 13:12 - 01998336 _____ () C:\Users\brian\Desktop\AdwCleaner.exe
2014-10-28 10:29 - 2014-10-28 11:54 - 00000000 ___RD () C:\Users\brian\Downloads\Radical Matters
2014-10-28 09:26 - 2014-10-28 09:26 - 00000000 ____D () C:\Program Files (x86)\QuickTime
2014-10-23 22:12 - 2014-10-23 22:12 - 00000000 ____D () C:\Users\brian\AppData\Roaming\AVAST Software
2014-10-23 22:11 - 2014-10-27 16:51 - 00004182 _____ () C:\windows\System32\Tasks\avast! Emergency Update
2014-10-23 22:11 - 2014-10-23 22:11 - 01049920 _____ (AVAST Software) C:\windows\system32\Drivers\aswSnx.sys
2014-10-23 22:11 - 2014-10-23 22:11 - 00436624 _____ (AVAST Software) C:\windows\system32\Drivers\aswSP.sys
2014-10-23 22:11 - 2014-10-23 22:11 - 00364512 _____ (AVAST Software) C:\windows\system32\aswBoot.exe
2014-10-23 22:11 - 2014-10-23 22:11 - 00267632 _____ () C:\windows\system32\Drivers\aswVmm.sys
2014-10-23 22:11 - 2014-10-23 22:11 - 00116728 _____ (AVAST Software) C:\windows\system32\Drivers\aswStm.sys
2014-10-23 22:11 - 2014-10-23 22:11 - 00093568 _____ (AVAST Software) C:\windows\system32\Drivers\aswRdr2.sys
2014-10-23 22:11 - 2014-10-23 22:11 - 00082768 _____ (AVAST Software) C:\windows\system32\Drivers\aswMonFlt.sys
2014-10-23 22:11 - 2014-10-23 22:11 - 00065776 _____ () C:\windows\system32\Drivers\aswRvrt.sys
2014-10-23 22:11 - 2014-10-23 22:11 - 00043152 _____ (AVAST Software) C:\windows\avastSS.scr
2014-10-23 22:11 - 2014-10-23 22:11 - 00029208 _____ () C:\windows\system32\Drivers\aswHwid.sys
2014-10-23 22:10 - 2014-10-23 22:10 - 00000000 ____D () C:\Program Files\AVAST Software
2014-10-23 22:09 - 2014-10-23 22:10 - 00000000 ____D () C:\ProgramData\AVAST Software
2014-10-23 16:07 - 2014-10-28 13:13 - 00000830 _____ () C:\windows\Tasks\Adobe Flash Player Updater.job
2014-10-23 16:07 - 2014-10-26 13:49 - 00701104 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerApp.exe
2014-10-23 16:07 - 2014-10-26 13:49 - 00071344 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-10-23 16:07 - 2014-10-26 13:49 - 00003768 _____ () C:\windows\System32\Tasks\Adobe Flash Player Updater
2014-10-23 12:17 - 2014-10-23 12:17 - 00000000 ____D () C:\Users\brian\AppData\Roaming\LavasoftStatistics
2014-10-22 16:37 - 2014-10-22 16:37 - 00000000 ____D () C:\Program Files (x86)\AGEIA Technologies
2014-10-22 16:36 - 2014-10-16 06:27 - 00614544 _____ (NVIDIA Corporation) C:\windows\SysWOW64\nvStreaming.exe
2014-10-22 16:33 - 2014-10-16 10:54 - 31890064 _____ (NVIDIA Corporation) C:\windows\system32\nvoglv64.dll
2014-10-22 16:33 - 2014-10-16 10:54 - 24555840 _____ (NVIDIA Corporation) C:\windows\SysWOW64\nvoglv32.dll
2014-10-22 16:33 - 2014-10-16 10:54 - 20922696 _____ (NVIDIA Corporation) C:\windows\system32\nvcompiler.dll
2014-10-22 16:33 - 2014-10-16 10:54 - 17260864 _____ (NVIDIA Corporation) C:\windows\SysWOW64\nvcompiler.dll
2014-10-22 16:33 - 2014-10-16 10:54 - 14029400 _____ (NVIDIA Corporation) C:\windows\system32\nvopencl.dll
2014-10-22 16:33 - 2014-10-16 10:54 - 13942368 _____ (NVIDIA Corporation) C:\windows\system32\nvcuda.dll
2014-10-22 16:33 - 2014-10-16 10:54 - 13190288 _____ (NVIDIA Corporation) C:\windows\system32\Drivers\nvlddmkm.sys
2014-10-22 16:33 - 2014-10-16 10:54 - 11395672 _____ (NVIDIA Corporation) C:\windows\SysWOW64\nvopencl.dll
2014-10-22 16:33 - 2014-10-16 10:54 - 11333848 _____ (NVIDIA Corporation) C:\windows\SysWOW64\nvcuda.dll
2014-10-22 16:33 - 2014-10-16 10:54 - 04289856 _____ (NVIDIA Corporation) C:\windows\system32\nvcuvid.dll
2014-10-22 16:33 - 2014-10-16 10:54 - 04009672 _____ (NVIDIA Corporation) C:\windows\SysWOW64\nvcuvid.dll
2014-10-22 16:33 - 2014-10-16 10:54 - 01876296 _____ (NVIDIA Corporation) C:\windows\system32\nvdispco6434448.dll
2014-10-22 16:33 - 2014-10-16 10:54 - 01539272 _____ (NVIDIA Corporation) C:\windows\system32\nvdispgenco6434448.dll
2014-10-22 16:33 - 2014-10-16 10:54 - 00962376 _____ (NVIDIA Corporation) C:\windows\system32\NvIFR64.dll
2014-10-22 16:33 - 2014-10-16 10:54 - 00931984 _____ (NVIDIA Corporation) C:\windows\system32\NvFBC64.dll
2014-10-22 16:33 - 2014-10-16 10:54 - 00921928 _____ (NVIDIA Corporation) C:\windows\SysWOW64\NvIFR.dll
2014-10-22 16:33 - 2014-10-16 10:54 - 00895176 _____ (NVIDIA Corporation) C:\windows\SysWOW64\NvFBC.dll
2014-10-22 16:33 - 2014-10-16 10:54 - 00870112 _____ (NVIDIA Corporation) C:\windows\SysWOW64\nvumdshim.dll
2014-10-22 16:33 - 2014-10-16 10:54 - 00352016 _____ (NVIDIA Corporation) C:\windows\system32\nvoglshim64.dll
2014-10-22 16:33 - 2014-10-16 10:54 - 00303600 _____ (NVIDIA Corporation) C:\windows\SysWOW64\nvoglshim32.dll
2014-10-22 16:33 - 2014-10-16 10:54 - 00174856 _____ (NVIDIA Corporation) C:\windows\system32\nvinitx.dll
2014-10-22 16:33 - 2014-10-16 10:54 - 00156840 _____ (NVIDIA Corporation) C:\windows\SysWOW64\nvinit.dll
2014-10-21 10:22 - 2014-10-21 10:22 - 00000000 ____D () C:\ProgramData\E1864A66-75E3-486a-BD95-D1B7D99A84A7
2014-10-21 10:22 - 2014-10-21 10:22 - 00000000 ____D () C:\Program Files\iTunes
2014-10-21 10:22 - 2014-10-21 10:22 - 00000000 ____D () C:\Program Files\iPod
2014-10-21 10:22 - 2014-10-21 10:22 - 00000000 ____D () C:\Program Files (x86)\iTunes
2014-10-15 03:09 - 2014-10-15 03:09 - 00000000 ____D () C:\Program Files (x86)\Microsoft ASP.NET
2014-10-14 17:16 - 2014-10-06 20:54 - 00378552 _____ (Microsoft Corporation) C:\windows\system32\iedkcs32.dll
2014-10-14 17:16 - 2014-10-06 20:04 - 00331448 _____ (Microsoft Corporation) C:\windows\SysWOW64\iedkcs32.dll
2014-10-14 17:16 - 2014-09-28 18:58 - 03198976 _____ (Microsoft Corporation) C:\windows\system32\win32k.sys
2014-10-14 17:16 - 2014-09-25 16:50 - 13619200 _____ (Microsoft Corporation) C:\windows\system32\ieframe.dll
2014-10-14 17:16 - 2014-09-25 16:46 - 00365056 _____ (Microsoft Corporation) C:\windows\SysWOW64\dxtmsft.dll
2014-10-14 17:16 - 2014-09-25 16:46 - 00243200 _____ (Microsoft Corporation) C:\windows\SysWOW64\dxtrans.dll
2014-10-14 17:16 - 2014-09-25 16:46 - 00069632 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtmled.dll
2014-10-14 17:16 - 2014-09-25 16:43 - 11807232 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieframe.dll
2014-10-14 17:16 - 2014-09-25 16:32 - 02017280 _____ (Microsoft Corporation) C:\windows\SysWOW64\inetcpl.cpl
2014-10-14 17:16 - 2014-09-25 16:31 - 02108416 _____ (Microsoft Corporation) C:\windows\system32\inetcpl.cpl
2014-10-14 17:16 - 2014-09-18 20:25 - 23631360 _____ (Microsoft Corporation) C:\windows\system32\mshtml.dll
2014-10-14 17:16 - 2014-09-18 19:56 - 02724864 _____ (Microsoft Corporation) C:\windows\system32\mshtml.tlb
2014-10-14 17:16 - 2014-09-18 19:55 - 00004096 _____ (Microsoft Corporation) C:\windows\system32\ieetwcollectorres.dll
2014-10-14 17:16 - 2014-09-18 19:44 - 17484800 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.dll
2014-10-14 17:16 - 2014-09-18 19:41 - 02796032 _____ (Microsoft Corporation) C:\windows\system32\iertutil.dll
2014-10-14 17:16 - 2014-09-18 19:40 - 00547328 _____ (Microsoft Corporation) C:\windows\system32\vbscript.dll
2014-10-14 17:16 - 2014-09-18 19:40 - 00066048 _____ (Microsoft Corporation) C:\windows\system32\iesetup.dll
2014-10-14 17:16 - 2014-09-18 19:39 - 00048640 _____ (Microsoft Corporation) C:\windows\system32\ieetwproxystub.dll
2014-10-14 17:16 - 2014-09-18 19:38 - 00083968 _____ (Microsoft Corporation) C:\windows\system32\MshtmlDac.dll
2014-10-14 17:16 - 2014-09-18 19:36 - 05829632 _____ (Microsoft Corporation) C:\windows\system32\jscript9.dll
2014-10-14 17:16 - 2014-09-18 19:31 - 00051200 _____ (Microsoft Corporation) C:\windows\system32\jsproxy.dll
2014-10-14 17:16 - 2014-09-18 19:30 - 00033792 _____ (Microsoft Corporation) C:\windows\system32\iernonce.dll
2014-10-14 17:16 - 2014-09-18 19:27 - 00595968 _____ (Microsoft Corporation) C:\windows\system32\ieui.dll
2014-10-14 17:16 - 2014-09-18 19:26 - 00139264 _____ (Microsoft Corporation) C:\windows\system32\ieUnatt.exe
2014-10-14 17:16 - 2014-09-18 19:25 - 04201472 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript9.dll
2014-10-14 17:16 - 2014-09-18 19:25 - 00758272 _____ (Microsoft Corporation) C:\windows\system32\jscript9diag.dll
2014-10-14 17:16 - 2014-09-18 19:25 - 00111616 _____ (Microsoft Corporation) C:\windows\system32\ieetwcollector.exe
2014-10-14 17:16 - 2014-09-18 19:18 - 00940032 _____ (Microsoft Corporation) C:\windows\system32\MsSpellCheckingFacility.exe
2014-10-14 17:16 - 2014-09-18 19:14 - 02724864 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.tlb
2014-10-14 17:16 - 2014-09-18 19:14 - 00446464 _____ (Microsoft Corporation) C:\windows\system32\dxtmsft.dll
2014-10-14 17:16 - 2014-09-18 19:06 - 00072704 _____ (Microsoft Corporation) C:\windows\system32\JavaScriptCollectionAgent.dll
2014-10-14 17:16 - 2014-09-18 19:02 - 00454656 _____ (Microsoft Corporation) C:\windows\SysWOW64\vbscript.dll
2014-10-14 17:16 - 2014-09-18 19:01 - 00195584 _____ (Microsoft Corporation) C:\windows\system32\msrating.dll
2014-10-14 17:16 - 2014-09-18 19:01 - 00061952 _____ (Microsoft Corporation) C:\windows\SysWOW64\iesetup.dll
2014-10-14 17:16 - 2014-09-18 19:01 - 00051200 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieetwproxystub.dll
2014-10-14 17:16 - 2014-09-18 19:00 - 00085504 _____ (Microsoft Corporation) C:\windows\system32\mshtmled.dll
2014-10-14 17:16 - 2014-09-18 18:59 - 00061952 _____ (Microsoft Corporation) C:\windows\SysWOW64\MshtmlDac.dll
2014-10-14 17:16 - 2014-09-18 18:58 - 00289280 _____ (Microsoft Corporation) C:\windows\system32\dxtrans.dll
2014-10-14 17:16 - 2014-09-18 18:55 - 02187264 _____ (Microsoft Corporation) C:\windows\SysWOW64\iertutil.dll
2014-10-14 17:16 - 2014-09-18 18:54 - 00043008 _____ (Microsoft Corporation) C:\windows\SysWOW64\jsproxy.dll
2014-10-14 17:16 - 2014-09-18 18:53 - 00032768 _____ (Microsoft Corporation) C:\windows\SysWOW64\iernonce.dll
2014-10-14 17:16 - 2014-09-18 18:51 - 00440320 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieui.dll
2014-10-14 17:16 - 2014-09-18 18:50 - 00112128 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieUnatt.exe
2014-10-14 17:16 - 2014-09-18 18:49 - 00597504 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript9diag.dll
2014-10-14 17:16 - 2014-09-18 18:42 - 00731136 _____ (Microsoft Corporation) C:\windows\system32\msfeeds.dll
2014-10-14 17:16 - 2014-09-18 18:42 - 00710656 _____ (Microsoft Corporation) C:\windows\system32\ie4uinit.exe
2014-10-14 17:16 - 2014-09-18 18:40 - 01249280 _____ (Microsoft Corporation) C:\windows\system32\mshtmlmedia.dll
2014-10-14 17:16 - 2014-09-18 18:36 - 00060416 _____ (Microsoft Corporation) C:\windows\SysWOW64\JavaScriptCollectionAgent.dll
2014-10-14 17:16 - 2014-09-18 18:33 - 02309632 _____ (Microsoft Corporation) C:\windows\system32\wininet.dll
2014-10-14 17:16 - 2014-09-18 18:32 - 00164864 _____ (Microsoft Corporation) C:\windows\SysWOW64\msrating.dll
2014-10-14 17:16 - 2014-09-18 18:20 - 00607744 _____ (Microsoft Corporation) C:\windows\SysWOW64\msfeeds.dll
2014-10-14 17:16 - 2014-09-18 18:18 - 01068032 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtmlmedia.dll
2014-10-14 17:16 - 2014-09-18 18:14 - 01447936 _____ (Microsoft Corporation) C:\windows\system32\urlmon.dll
2014-10-14 17:16 - 2014-09-18 17:59 - 01810944 _____ (Microsoft Corporation) C:\windows\SysWOW64\wininet.dll
2014-10-14 17:16 - 2014-09-18 17:59 - 00775168 _____ (Microsoft Corporation) C:\windows\system32\ieapfltr.dll
2014-10-14 17:16 - 2014-09-18 17:53 - 01190400 _____ (Microsoft Corporation) C:\windows\SysWOW64\urlmon.dll
2014-10-14 17:16 - 2014-09-18 17:52 - 00678400 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieapfltr.dll
2014-10-14 17:16 - 2014-08-18 21:11 - 00693176 _____ (Microsoft Corporation) C:\windows\system32\winload.efi
2014-10-14 17:16 - 2014-08-18 21:10 - 00616352 _____ (Microsoft Corporation) C:\windows\system32\winresume.efi
2014-10-14 17:16 - 2014-08-18 21:08 - 00503808 _____ (Microsoft Corporation) C:\windows\system32\srcore.dll
2014-10-14 17:16 - 2014-08-18 21:08 - 00063488 _____ (Microsoft Corporation) C:\windows\system32\setbcdlocale.dll
2014-10-14 17:16 - 2014-08-18 21:08 - 00050176 _____ (Microsoft Corporation) C:\windows\system32\srclient.dll
2014-10-14 17:16 - 2014-08-18 21:07 - 00296960 _____ (Microsoft Corporation) C:\windows\system32\rstrui.exe
2014-10-14 17:16 - 2014-08-18 21:07 - 00146944 _____ (Microsoft Corporation) C:\windows\system32\appidpolicyconverter.exe
2014-10-14 17:16 - 2014-08-18 21:07 - 00058880 _____ (Microsoft Corporation) C:\windows\system32\appidapi.dll
2014-10-14 17:16 - 2014-08-18 21:07 - 00032256 _____ (Microsoft Corporation) C:\windows\system32\appidsvc.dll
2014-10-14 17:16 - 2014-08-18 21:07 - 00017920 _____ (Microsoft Corporation) C:\windows\system32\appidcertstorecheck.exe
2014-10-14 17:16 - 2014-08-18 20:41 - 00050688 _____ (Microsoft Corporation) C:\windows\SysWOW64\appidapi.dll
2014-10-14 17:16 - 2014-08-18 20:41 - 00043008 _____ (Microsoft Corporation) C:\windows\SysWOW64\srclient.dll
2014-10-14 17:16 - 2014-08-18 20:06 - 00061440 _____ (Microsoft Corporation) C:\windows\system32\Drivers\appid.sys
2014-10-14 17:16 - 2014-07-06 20:07 - 14632960 _____ (Microsoft Corporation) C:\windows\system32\wmp.dll
2014-10-14 17:16 - 2014-07-06 20:07 - 00782848 _____ (Microsoft Corporation) C:\windows\system32\wmdrmsdk.dll
2014-10-14 17:16 - 2014-07-06 20:07 - 00229376 _____ (Microsoft Corporation) C:\windows\system32\wintrust.dll
2014-10-14 17:16 - 2014-07-06 20:06 - 05551032 _____ (Microsoft Corporation) C:\windows\system32\ntoskrnl.exe
2014-10-14 17:16 - 2014-07-06 20:06 - 04120576 _____ (Microsoft Corporation) C:\windows\system32\mf.dll
2014-10-14 17:16 - 2014-07-06 20:06 - 01574400 _____ (Microsoft Corporation) C:\windows\system32\quartz.dll
2014-10-14 17:16 - 2014-07-06 20:06 - 01480192 _____ (Microsoft Corporation) C:\windows\system32\crypt32.dll
2014-10-14 17:16 - 2014-07-06 20:06 - 01202176 _____ (Microsoft Corporation) C:\windows\system32\drmv2clt.dll
2014-10-14 17:16 - 2014-07-06 20:06 - 01069056 _____ (Microsoft Corporation) C:\windows\system32\cryptui.dll
2014-10-14 17:16 - 2014-07-06 20:06 - 00842240 _____ (Microsoft Corporation) C:\windows\system32\blackbox.dll
2014-10-14 17:16 - 2014-07-06 20:06 - 00679424 _____ (Microsoft Corporation) C:\windows\system32\audiosrv.dll
2014-10-14 17:16 - 2014-07-06 20:06 - 00641024 _____ (Microsoft Corporation) C:\windows\system32\msscp.dll
2014-10-14 17:16 - 2014-07-06 20:06 - 00631808 _____ (Microsoft Corporation) C:\windows\system32\evr.dll
2014-10-14 17:16 - 2014-07-06 20:06 - 00500224 _____ (Microsoft Corporation) C:\windows\system32\AUDIOKSE.dll
2014-10-14 17:16 - 2014-07-06 20:06 - 00497664 _____ (Microsoft Corporation) C:\windows\system32\drmmgrtn.dll
2014-10-14 17:16 - 2014-07-06 20:06 - 00440832 _____ (Microsoft Corporation) C:\windows\system32\AudioEng.dll
2014-10-14 17:16 - 2014-07-06 20:06 - 00432128 _____ (Microsoft Corporation) C:\windows\system32\mfplat.dll
2014-10-14 17:16 - 2014-07-06 20:06 - 00325632 _____ (Microsoft Corporation) C:\windows\system32\msnetobj.dll
2014-10-14 17:16 - 2014-07-06 20:06 - 00296448 _____ (Microsoft Corporation) C:\windows\system32\AudioSes.dll
2014-10-14 17:16 - 2014-07-06 20:06 - 00284672 _____ (Microsoft Corporation) C:\windows\system32\EncDump.dll
2014-10-14 17:16 - 2014-07-06 20:06 - 00206848 _____ (Microsoft Corporation) C:\windows\system32\mfps.dll
2014-10-14 17:16 - 2014-07-06 20:06 - 00188416 _____ (Microsoft Corporation) C:\windows\system32\pcasvc.dll
2014-10-14 17:16 - 2014-07-06 20:06 - 00187904 _____ (Microsoft Corporation) C:\windows\system32\cryptsvc.dll
2014-10-14 17:16 - 2014-07-06 20:06 - 00082432 _____ (Microsoft Corporation) C:\windows\system32\cryptsp.dll
2014-10-14 17:16 - 2014-07-06 20:06 - 00055808 _____ (Microsoft Corporation) C:\windows\system32\rrinstaller.exe
2014-10-14 17:16 - 2014-07-06 20:06 - 00024576 _____ (Microsoft Corporation) C:\windows\system32\mfpmp.exe
2014-10-14 17:16 - 2014-07-06 20:06 - 00009728 _____ (Microsoft Corporation) C:\windows\system32\spwmp.dll
2014-10-14 17:16 - 2014-07-06 20:06 - 00005120 _____ (Microsoft Corporation) C:\windows\system32\msdxm.ocx
2014-10-14 17:16 - 2014-07-06 20:06 - 00005120 _____ (Microsoft Corporation) C:\windows\system32\dxmasf.dll
2014-10-14 17:16 - 2014-07-06 20:05 - 12625920 _____ (Microsoft Corporation) C:\windows\system32\wmploc.DLL
2014-10-14 17:16 - 2014-07-06 20:05 - 00126464 _____ (Microsoft Corporation) C:\windows\system32\audiodg.exe
2014-10-14 17:16 - 2014-07-06 20:02 - 00002048 _____ (Microsoft Corporation) C:\windows\system32\mferror.dll
2014-10-14 17:16 - 2014-07-06 19:52 - 00663552 _____ (Microsoft Corporation) C:\windows\system32\Drivers\PEAuth.sys
2014-10-14 17:16 - 2014-07-06 19:40 - 11411456 _____ (Microsoft Corporation) C:\windows\SysWOW64\wmp.dll
2014-10-14 17:16 - 2014-07-06 19:40 - 03208704 _____ (Microsoft Corporation) C:\windows\SysWOW64\mf.dll
2014-10-14 17:16 - 2014-07-06 19:40 - 01329664 _____ (Microsoft Corporation) C:\windows\SysWOW64\quartz.dll
2014-10-14 17:16 - 2014-07-06 19:40 - 01174528 _____ (Microsoft Corporation) C:\windows\SysWOW64\crypt32.dll
2014-10-14 17:16 - 2014-07-06 19:40 - 01005056 _____ (Microsoft Corporation) C:\windows\SysWOW64\cryptui.dll
2014-10-14 17:16 - 2014-07-06 19:40 - 00988160 _____ (Microsoft Corporation) C:\windows\SysWOW64\drmv2clt.dll
2014-10-14 17:16 - 2014-07-06 19:40 - 00744960 _____ (Microsoft Corporation) C:\windows\SysWOW64\blackbox.dll
2014-10-14 17:16 - 2014-07-06 19:40 - 00617984 _____ (Microsoft Corporation) C:\windows\SysWOW64\wmdrmsdk.dll
2014-10-14 17:16 - 2014-07-06 19:40 - 00504320 _____ (Microsoft Corporation) C:\windows\SysWOW64\msscp.dll
2014-10-14 17:16 - 2014-07-06 19:40 - 00489984 _____ (Microsoft Corporation) C:\windows\SysWOW64\evr.dll
2014-10-14 17:16 - 2014-07-06 19:40 - 00442880 _____ (Microsoft Corporation) C:\windows\SysWOW64\AUDIOKSE.dll
2014-10-14 17:16 - 2014-07-06 19:40 - 00406016 _____ (Microsoft Corporation) C:\windows\SysWOW64\drmmgrtn.dll
2014-10-14 17:16 - 2014-07-06 19:40 - 00374784 _____ (Microsoft Corporation) C:\windows\SysWOW64\AudioEng.dll
2014-10-14 17:16 - 2014-07-06 19:40 - 00354816 _____ (Microsoft Corporation) C:\windows\SysWOW64\mfplat.dll
2014-10-14 17:16 - 2014-07-06 19:40 - 00265216 _____ (Microsoft Corporation) C:\windows\SysWOW64\msnetobj.dll
2014-10-14 17:16 - 2014-07-06 19:40 - 00195584 _____ (Microsoft Corporation) C:\windows\SysWOW64\AudioSes.dll
2014-10-14 17:16 - 2014-07-06 19:40 - 00179200 _____ (Microsoft Corporation) C:\windows\SysWOW64\wintrust.dll
2014-10-14 17:16 - 2014-07-06 19:40 - 00143872 _____ (Microsoft Corporation) C:\windows\SysWOW64\cryptsvc.dll
2014-10-14 17:16 - 2014-07-06 19:40 - 00103424 _____ (Microsoft Corporation) C:\windows\SysWOW64\mfps.dll
2014-10-14 17:16 - 2014-07-06 19:40 - 00081408 _____ (Microsoft Corporation) C:\windows\SysWOW64\cryptsp.dll
2014-10-14 17:16 - 2014-07-06 19:40 - 00008192 _____ (Microsoft Corporation) C:\windows\SysWOW64\spwmp.dll
2014-10-14 17:16 - 2014-07-06 19:40 - 00004096 _____ (Microsoft Corporation) C:\windows\SysWOW64\msdxm.ocx
2014-10-14 17:16 - 2014-07-06 19:40 - 00004096 _____ (Microsoft Corporation) C:\windows\SysWOW64\dxmasf.dll
2014-10-14 17:16 - 2014-07-06 19:39 - 12625408 _____ (Microsoft Corporation) C:\windows\SysWOW64\wmploc.DLL
2014-10-14 17:16 - 2014-07-06 19:39 - 03970488 _____ (Microsoft Corporation) C:\windows\SysWOW64\ntkrnlpa.exe
2014-10-14 17:16 - 2014-07-06 19:39 - 03914680 _____ (Microsoft Corporation) C:\windows\SysWOW64\ntoskrnl.exe
2014-10-14 17:16 - 2014-07-06 19:39 - 00050176 _____ (Microsoft Corporation) C:\windows\SysWOW64\rrinstaller.exe
2014-10-14 17:16 - 2014-07-06 19:39 - 00023040 _____ (Microsoft Corporation) C:\windows\SysWOW64\mfpmp.exe
2014-10-14 17:16 - 2014-07-06 19:37 - 00002048 _____ (Microsoft Corporation) C:\windows\SysWOW64\mferror.dll
2014-10-14 17:16 - 2014-06-27 18:21 - 00619056 _____ (Microsoft Corporation) C:\windows\system32\winload.exe
2014-10-14 17:16 - 2014-06-27 18:21 - 00532176 _____ (Microsoft Corporation) C:\windows\system32\winresume.exe
2014-10-14 17:16 - 2014-06-27 18:21 - 00457400 _____ (Microsoft Corporation) C:\windows\system32\ci.dll
2014-10-14 17:16 - 2014-06-18 16:23 - 01943696 _____ (Microsoft Corporation) C:\windows\system32\dfshim.dll
2014-10-14 17:16 - 2014-06-18 16:23 - 01131664 _____ (Microsoft Corporation) C:\windows\SysWOW64\dfshim.dll
2014-10-14 17:16 - 2014-06-18 16:23 - 00156824 _____ (Microsoft Corporation) C:\windows\SysWOW64\mscorier.dll
2014-10-14 17:16 - 2014-06-18 16:23 - 00156312 _____ (Microsoft Corporation) C:\windows\system32\mscorier.dll
2014-10-14 17:16 - 2014-06-18 16:23 - 00081560 _____ (Microsoft Corporation) C:\windows\SysWOW64\mscories.dll
2014-10-14 17:16 - 2014-06-18 16:23 - 00073880 _____ (Microsoft Corporation) C:\windows\system32\mscories.dll
2014-10-14 17:15 - 2014-09-17 20:00 - 03241472 _____ (Microsoft Corporation) C:\windows\system32\msi.dll
2014-10-14 17:15 - 2014-09-17 19:32 - 02363904 _____ (Microsoft Corporation) C:\windows\SysWOW64\msi.dll
2014-10-14 17:15 - 2014-09-12 19:58 - 00077312 _____ (Microsoft Corporation) C:\windows\system32\packager.dll
2014-10-14 17:15 - 2014-09-12 19:40 - 00067072 _____ (Microsoft Corporation) C:\windows\SysWOW64\packager.dll
2014-10-14 17:15 - 2014-09-03 23:23 - 00424448 _____ (Microsoft Corporation) C:\windows\system32\rastls.dll
2014-10-14 17:15 - 2014-09-03 23:04 - 00372736 _____ (Microsoft Corporation) C:\windows\SysWOW64\rastls.dll
2014-10-14 17:15 - 2014-07-16 20:07 - 03722240 _____ (Microsoft Corporation) C:\windows\system32\mstscax.dll
2014-10-14 17:15 - 2014-07-16 20:07 - 01118720 _____ (Microsoft Corporation) C:\windows\system32\mstsc.exe
2014-10-14 17:15 - 2014-07-16 20:07 - 00681984 _____ (Microsoft Corporation) C:\windows\system32\termsrv.dll
2014-10-14 17:15 - 2014-07-16 20:07 - 00455168 _____ (Microsoft Corporation) C:\windows\system32\winlogon.exe
2014-10-14 17:15 - 2014-07-16 20:07 - 00235520 _____ (Microsoft Corporation) C:\windows\system32\winsta.dll
2014-10-14 17:15 - 2014-07-16 20:07 - 00150528 _____ (Microsoft Corporation) C:\windows\system32\rdpcorekmts.dll
2014-10-14 17:15 - 2014-07-16 20:07 - 00086528 _____ (Microsoft Corporation) C:\windows\system32\TSpkg.dll
2014-10-14 17:15 - 2014-07-16 20:07 - 00022016 _____ (Microsoft Corporation) C:\windows\system32\credssp.dll
2014-10-14 17:15 - 2014-07-16 19:40 - 00157696 _____ (Microsoft Corporation) C:\windows\SysWOW64\winsta.dll
2014-10-14 17:15 - 2014-07-16 19:39 - 03221504 _____ (Microsoft Corporation) C:\windows\SysWOW64\mstscax.dll
2014-10-14 17:15 - 2014-07-16 19:39 - 01051136 _____ (Microsoft Corporation) C:\windows\SysWOW64\mstsc.exe
2014-10-14 17:15 - 2014-07-16 19:39 - 00131584 _____ (Microsoft Corporation) C:\windows\SysWOW64\aaclient.dll
2014-10-14 17:15 - 2014-07-16 19:39 - 00065536 _____ (Microsoft Corporation) C:\windows\SysWOW64\TSpkg.dll
2014-10-14 17:15 - 2014-07-16 19:39 - 00017408 _____ (Microsoft Corporation) C:\windows\SysWOW64\credssp.dll
2014-10-14 17:15 - 2014-07-16 19:21 - 00212480 _____ (Microsoft Corporation) C:\windows\system32\Drivers\rdpwd.sys
2014-10-14 17:15 - 2014-07-16 19:21 - 00039936 _____ (Microsoft Corporation) C:\windows\system32\Drivers\tssecsrv.sys
2014-10-02 14:23 - 2014-10-02 14:23 - 00094208 _____ (Apple Inc.) C:\windows\SysWOW64\QuickTimeVR.qtx
2014-10-02 14:23 - 2014-10-02 14:23 - 00069632 _____ (Apple Inc.) C:\windows\SysWOW64\QuickTime.qts
2014-09-30 17:09 - 2014-09-24 20:08 - 00371712 _____ (Microsoft Corporation) C:\windows\system32\qdvd.dll
2014-09-30 17:09 - 2014-09-24 19:40 - 00519680 _____ (Microsoft Corporation) C:\windows\SysWOW64\qdvd.dll
2014-09-29 23:32 - 2014-09-29 23:32 - 00901632 _____ (Razer Inc) C:\windows\SysWOW64\rzdevicedll.dll
2014-09-29 23:32 - 2014-09-29 23:32 - 00419840 _____ (Razer Inc) C:\windows\SysWOW64\rzaudiodll.dll
 
==================== One Month Modified Files and Folders =======
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2014-10-28 13:24 - 2012-07-13 15:46 - 01202034 _____ () C:\windows\WindowsUpdate.log
2014-10-28 13:21 - 2012-08-16 11:00 - 00000000 ____D () C:\Program Files (x86)\Steam
2014-10-28 13:19 - 2013-11-17 20:42 - 00000894 _____ () C:\windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-10-28 13:18 - 2012-08-05 12:25 - 00000258 __RSH () C:\ProgramData\ntuser.pol
2014-10-28 13:18 - 2012-07-13 16:06 - 00000000 ____D () C:\ProgramData\NVIDIA
2014-10-28 13:18 - 2009-07-13 23:08 - 00000006 ____H () C:\windows\Tasks\SA.DAT
2014-10-28 13:18 - 2009-07-13 22:51 - 00694891 _____ () C:\windows\setupact.log
2014-10-28 13:17 - 2010-11-20 21:47 - 00970852 _____ () C:\windows\PFRO.log
2014-10-28 13:16 - 2014-02-25 20:50 - 00000000 ____D () C:\AdwCleaner
2014-10-28 12:52 - 2009-07-13 22:45 - 00024608 ____H () C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-10-28 12:52 - 2009-07-13 22:45 - 00024608 ____H () C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-10-28 12:38 - 2013-11-17 20:42 - 00000898 _____ () C:\windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-10-28 12:32 - 2012-09-26 14:11 - 00000908 _____ () C:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-675510566-695927744-2032809450-1000UA.job
2014-10-28 09:25 - 2014-06-19 13:42 - 00000000 ____D () C:\Users\brian\AppData\Roaming\vlc
2014-10-28 03:32 - 2012-09-26 14:11 - 00000856 _____ () C:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-675510566-695927744-2032809450-1000Core.job
2014-10-27 20:00 - 2009-07-13 23:13 - 00862832 _____ () C:\windows\system32\PerfStringBackup.INI
2014-10-27 16:59 - 2014-06-19 15:38 - 00003844 _____ () C:\windows\System32\Tasks\Opera scheduled Autoupdate 1398832462
2014-10-27 16:59 - 2012-11-26 10:52 - 00000000 ____D () C:\Program Files (x86)\Opera
2014-10-26 20:23 - 2012-07-28 18:37 - 00000000 ____D () C:\Users\brian\AppData\Local\CrashDumps
2014-10-26 19:02 - 2014-09-26 11:01 - 00000000 ____D () C:\Users\brian\AppData\Roaming\uTorrent
2014-10-26 13:49 - 2014-09-03 09:34 - 00000000 ____D () C:\Users\brian\AppData\Local\Adobe
2014-10-25 14:41 - 2013-07-20 14:49 - 00003186 _____ () C:\windows\System32\Tasks\HPCeeScheduleForbrian
2014-10-25 14:41 - 2013-07-20 14:49 - 00000332 _____ () C:\windows\Tasks\HPCeeScheduleForbrian.job
2014-10-25 14:13 - 2012-07-21 14:18 - 00000000 _____ () C:\windows\system32\HP_ActiveX_Patch_NOT_DETECTED.txt
2014-10-25 14:13 - 2012-07-14 14:17 - 00000052 _____ () C:\windows\SysWOW64\DOErrors.log
2014-10-24 20:02 - 2012-09-30 19:51 - 00000000 ___RD () C:\Users\brian\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\deck
2014-10-23 22:23 - 2012-07-27 18:12 - 00000000 ____D () C:\Program Files\7-Zip
2014-10-22 18:47 - 2012-08-08 15:03 - 00000000 ____D () C:\Users\brian\AppData\Roaming\Audacity
2014-10-22 16:41 - 2009-07-13 23:08 - 00032564 _____ () C:\windows\Tasks\SCHEDLGU.TXT
2014-10-22 16:36 - 2012-07-13 16:05 - 00000000 ____D () C:\Program Files (x86)\NVIDIA Corporation
2014-10-21 10:22 - 2012-08-20 15:35 - 00000000 ____D () C:\Program Files\Common Files\Apple
2014-10-21 10:21 - 2014-09-16 07:37 - 00000000 ____D () C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
2014-10-20 11:42 - 2012-07-14 14:25 - 00311498 _____ () C:\windows\DPINST.LOG
2014-10-20 03:27 - 2012-09-26 14:11 - 00003878 _____ () C:\windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-675510566-695927744-2032809450-1000UA
2014-10-20 03:27 - 2012-09-26 14:11 - 00003482 _____ () C:\windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-675510566-695927744-2032809450-1000Core
2014-10-19 19:52 - 2012-07-24 02:11 - 00000000 ____D () C:\ProgramData\Ableton
2014-10-19 17:43 - 2012-07-14 13:58 - 00000000 ____D () C:\Users\brian\AppData\Roaming\Adobe
2014-10-19 10:45 - 2014-09-26 16:09 - 00000000 ____D () C:\Users\brian\AppData\Roaming\BitTorrent
2014-10-19 09:37 - 2012-07-24 02:11 - 00000000 ____D () C:\Users\brian\AppData\Roaming\Ableton
2014-10-18 23:00 - 2013-10-20 01:24 - 00000000 ____D () C:\ProgramData\Oracle
2014-10-18 11:33 - 2013-11-17 20:42 - 00003894 _____ () C:\windows\System32\Tasks\GoogleUpdateTaskMachineUA
2014-10-18 11:33 - 2013-11-17 20:42 - 00003642 _____ () C:\windows\System32\Tasks\GoogleUpdateTaskMachineCore
2014-10-16 10:54 - 2014-09-20 15:01 - 18499648 _____ (NVIDIA Corporation) C:\windows\SysWOW64\nvwgf2um.dll
2014-10-16 10:54 - 2013-11-20 12:53 - 19966856 _____ (NVIDIA Corporation) C:\windows\system32\nvd3dumx.dll
2014-10-16 10:54 - 2013-10-08 23:01 - 16886168 _____ (NVIDIA Corporation) C:\windows\SysWOW64\nvd3dum.dll
2014-10-16 10:54 - 2012-10-08 13:50 - 00072904 _____ (Khronos Group) C:\windows\system32\OpenCL.dll
2014-10-16 10:54 - 2012-10-08 13:50 - 00060560 _____ (Khronos Group) C:\windows\SysWOW64\OpenCL.dll
2014-10-16 10:54 - 2012-07-13 16:05 - 20968040 _____ (NVIDIA Corporation) C:\windows\system32\nvwgf2umx.dll
2014-10-16 10:54 - 2012-07-13 16:05 - 03237528 _____ (NVIDIA Corporation) C:\windows\system32\nvapi64.dll
2014-10-16 10:54 - 2012-07-13 16:05 - 00027024 _____ () C:\windows\system32\nvinfo.pb
2014-10-16 10:54 - 2012-02-09 22:43 - 02849224 _____ (NVIDIA Corporation) C:\windows\SysWOW64\nvapi.dll
2014-10-16 10:54 - 2012-02-09 22:43 - 00987008 _____ (NVIDIA Corporation) C:\windows\system32\nvumdshimx.dll
2014-10-16 08:11 - 2012-11-19 04:01 - 02559808 _____ (NVIDIA Corporation) C:\windows\system32\nvsvcr.dll
2014-10-16 08:11 - 2012-10-08 13:50 - 06883136 _____ (NVIDIA Corporation) C:\windows\system32\nvcpl.dll
2014-10-16 08:11 - 2012-10-08 13:50 - 03533632 _____ (NVIDIA Corporation) C:\windows\system32\nvsvc64.dll
2014-10-16 08:11 - 2012-10-08 13:50 - 00933064 _____ (NVIDIA Corporation) C:\windows\system32\nvvsvc.exe
2014-10-16 08:11 - 2012-10-08 13:50 - 00384200 _____ (NVIDIA Corporation) C:\windows\system32\nvmctray.dll
2014-10-16 08:11 - 2012-10-08 13:50 - 00061640 _____ (NVIDIA Corporation) C:\windows\system32\nvshext.dll
2014-10-15 08:04 - 2009-07-13 23:09 - 00000000 ____D () C:\windows\System32\Tasks\WPD
2014-10-15 04:08 - 2009-07-13 21:20 - 00000000 ____D () C:\windows\rescache
2014-10-15 03:32 - 2009-07-13 22:45 - 04996264 _____ () C:\windows\system32\FNTCACHE.DAT
2014-10-15 03:29 - 2009-07-13 21:20 - 00000000 ____D () C:\windows\SysWOW64\Dism
2014-10-15 03:29 - 2009-07-13 21:20 - 00000000 ____D () C:\windows\system32\Dism
2014-10-15 03:09 - 2013-07-12 03:00 - 00000000 ____D () C:\windows\system32\MRT
2014-10-15 03:00 - 2012-07-14 18:44 - 103265616 _____ (Microsoft Corporation) C:\windows\system32\MRT.exe
2014-10-14 18:48 - 2012-10-08 13:50 - 04047877 _____ () C:\windows\system32\nvcoproc.bin
2014-10-11 11:08 - 2012-09-14 18:08 - 00000000 ____D () C:\Users\brian\Documents\My Games
2014-10-02 15:53 - 2010-11-20 21:27 - 00278152 ____N (Microsoft Corporation) C:\windows\system32\MpSigStub.exe
2014-09-30 14:14 - 2013-12-13 16:27 - 00000000 ____D () C:\Users\brian\AppData\Roaming\HandBrake
2014-09-29 15:00 - 2013-08-04 20:05 - 00000000 ___RD () C:\Users\brian\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\map
2014-09-29 12:10 - 2012-07-14 14:08 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2014-09-29 10:14 - 2012-07-27 17:35 - 00000000 ____D () C:\Users\brian\AppData\Roaming\Malwarebytes
2014-09-29 10:14 - 2012-07-27 17:35 - 00000000 ____D () C:\ProgramData\Malwarebytes
 
Some content of TEMP:
====================
C:\Users\brian\AppData\Local\Temp\ammemb.dll
C:\Users\brian\AppData\Local\Temp\ammemb64.dll
C:\Users\brian\AppData\Local\Temp\CmdLineExt03.dll
C:\Users\brian\AppData\Local\Temp\jre-7u71-windows-i586-iftw.exe
C:\Users\brian\AppData\Local\Temp\Nv3DVisionIePlugin64.dll
C:\Users\brian\AppData\Local\Temp\nvSCPAPI.dll
C:\Users\brian\AppData\Local\Temp\nvSCPAPI64.dll
C:\Users\brian\AppData\Local\Temp\nvStInst.exe
C:\Users\brian\AppData\Local\Temp\Quarantine.exe
C:\Users\brian\AppData\Local\Temp\SIntf16.dll
C:\Users\brian\AppData\Local\Temp\SIntf32.dll
C:\Users\brian\AppData\Local\Temp\SIntfNT.dll
C:\Users\brian\AppData\Local\Temp\sqlite3.dll
 
 
==================== Bamital & volsnap Check =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
 
 
LastRegBack: 2014-10-26 02:32
 
==================== End Of Log ============================
 
 
 
Ran by brian at 2014-10-28 13:26:14
Running from C:\Users\brian\Desktop
Boot Mode: Normal
==========================================================
 
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
AV: avast! Antivirus (Enabled - Up to date) {17AD7D40-BA12-9C46-7131-94903A54AD8B}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: avast! Antivirus (Enabled - Up to date) {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}
 
==================== Installed Programs ======================
 
(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
_123DMerge (Version: 1.0.0.0 - _123DMerge) Hidden
µTorrent (HKCU\...\uTorrent) (Version: 3.4.2.34309 - BitTorrent Inc.)
3DCrafter (HKLM-x32\...\{2B9873F7-BCA1-454A-A1F6-B131C1A34C6F}) (Version: 9.2.2.1546 - Amabilis Software)
3DVIA Player (HKLM-x32\...\{9F6D0711-B6CF-46F5-A909-4144FDCA4CA9}) (Version: 2.14.391 - Dassault Systemes)
3DVIA Shape (HKLM-x32\...\{64374640-CFDA-4F4C-887A-1CA665B9294C}) (Version: 6.210.11008 - Dassault Systemes)
3DVIA Studio Public Beta (HKLM-x32\...\{545D8088-0FC4-49C2-B40B-E57D59DBBB41}) (Version: 2.14.391 - Dassault Systemes)
7-Zip 9.22 (x64 edition) (HKLM\...\{23170F69-40C1-2702-0922-000001000000}) (Version: 9.22.00.0 - Igor Pavlov)
Actual Multiple Monitors 5.1.1 (HKLM-x32\...\Actual Multiple Monitors_is1) (Version: 5.1.1 - Actual Tools)
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 15.0.0.293 - Adobe Systems Incorporated)
Adobe Flash Player 15 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 15.0.0.189 - Adobe Systems Incorporated)
Adobe Photoshop Elements 8.0 (HKLM-x32\...\Adobe Photoshop Elements 8.0) (Version: 8.0 - Adobe Systems Incorporated)
Adobe Photoshop.com Inspiration Browser (HKLM-x32\...\PhotoshopdotcomInspirationBrowser.4C35C4D325D350FE0114230CBADCA2DDD0AC8D25.1) (Version: 3.04 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.09) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.09 - Adobe Systems Incorporated)
Alan Wake (HKLM-x32\...\Steam App 108710) (Version:  - Remedy Entertainment)
Alice in Wonderland (HKLM-x32\...\{E935DF41-EB7A-4519-93E8-C5822EB5B6D6}) (Version: 1.00.0000 - Disney Interactive Studios)
Alice: Madness Returns (HKLM-x32\...\Steam App 19680) (Version:  - Electronic Arts)
American McGee's Alice™ (HKLM-x32\...\{77B5AD60-8F14-11D4-9BC9-0050041A1090}) (Version:  - )
Amnesia: The Dark Descent (HKLM-x32\...\Steam App 57300) (Version:  - )
Anna - Extended Edition (HKLM-x32\...\Steam App 217690) (Version:  - Dreampainters)
Apple Application Support (HKLM-x32\...\{83CAF0DE-8D3B-4C37-A631-2B8F16EC3031}) (Version: 3.1 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{BDD99690-3541-4619-9D2A-3CDDB3E15F9E}) (Version: 8.0.5.6 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
ASIO4ALL (HKLM-x32\...\ASIO4ALL) (Version: 2.11 Beta2 - Michael Tippach)
Audacity 2.0.5 (HKLM-x32\...\Audacity_is1) (Version: 2.0.5 - Audacity Team)
Audio Generator (HKLM-x32\...\{2A571352-11F3-46A1-B562-733E160B2C60}) (Version: 1.15 - WD6CNF)
AudioNoise 1.1 (HKLM-x32\...\AudioNoise_is1) (Version:  - Marc Scherer)
Autodesk 123D Beta (HKLM\...\123D) (Version: 1.1.9.38 - Autodesk, Inc.)
Autodesk 123D Catch (HKLM-x32\...\{557D8894-215C-4328-BD92-DA0AC2A92533}) (Version: 1.0.106 - Autodesk)
Autodesk 123D Make 1.0 (HKLM-x32\...\{88FF8A21-F198-43DF-A5D9-5F9E0EB620A8}) (Version: 1.00.0000 - Autodesk)
Autodesk Material Library 2013 (HKLM-x32\...\{117EBEEB-5DB0-43C8-9FD6-DD583DB152DD}) (Version: 3.0.14 - Autodesk)
Autodesk Material Library Base Resolution Image Library 2013 (HKLM-x32\...\{606E12B9-641F-4644-A22A-FF38AE980AFD}) (Version: 3.0.14 - Autodesk)
Autodesk SketchBookExpress 2011 (HKLM-x32\...\{AF322EC1-3499-45FD-9EDD-DCC7FD5C18DF}) (Version: 5.00.0000 - Autodesk)
Autodesk Softimage Mod Tool 7.5 (HKLM-x32\...\{471DCE2E-75B0-4B4F-B6B1-C4EA5A3D1E2C}) (Version: 1.00.0000 - Autodesk)
Autodesk Softimage Mod Tool 7.5 (x32 Version: 1.00.0000 - Autodesk) Hidden
AutoREALM Version 2.2.1 (HKLM-x32\...\AutoREALM_is1) (Version:  - )
Avast Free Antivirus (HKLM-x32\...\Avast) (Version: 10.0.2206 - AVAST Software)
Bamboo Dock (HKLM-x32\...\Bamboo Dock) (Version: 4.1 - Wacom Co., Ltd.)
Bamboo Dock (x32 Version: 4.1.0 - Wacom Europe GmbH) Hidden
Batman: Arkham Asylum GOTY Edition (HKLM-x32\...\Steam App 35140) (Version:  - Rocksteady Studios Ltd.)
Battlefield 1942 (HKLM-x32\...\{698D7E61-E4BF-4CA6-8A09-CF6BDBFDEF65}) (Version:  - )
Battlefield 1942: Secret Weapons of WWII (HKLM-x32\...\{B73B4A99-4173-4747-BBEC-0F05E966F9D2}) (Version:  - )
Battlefield 1942: The Road To Rome (HKLM-x32\...\{D057AA08-8CBF-42E3-9EAB-23B8FED1C279}) (Version:  - )
Battlefield: Bad Company 2 (HKLM-x32\...\Steam App 24960) (Version:  - DICE)
Belarc Advisor 8.2 (HKLM-x32\...\Belarc Advisor) (Version: 8.2.7.14 - Belarc Inc.)
BioShock (HKLM-x32\...\Steam App 7670) (Version:  - 2K Boston)
BitTorrent (HKCU\...\BitTorrent) (Version: 7.9.2.34312 - BitTorrent Inc.)
Blood Bowl: Chaos Edition (HKLM-x32\...\Steam App 216890) (Version:  - Cyanide Studios)
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
Box Sync (64 bit) (HKLM\...\{C9756801-C8EF-44FC-BD97-F2AE6728A432}) (Version: 3.3.51.0 - Box, Inc)
BrainWave Generator (HKLM-x32\...\BrainWave Generator) (Version:  - )
butt (HKLM-x32\...\butt) (Version:  - )
Call Change Ringer (HKLM-x32\...\CallChg) (Version:  - )
Call Of Cthulhu DCoTE (HKLM-x32\...\{E4406ED3-B04C-44F1-ABB4-08775B74934F}) (Version: 1.00.000 - )
Call of Duty 4: Modern Warfare (HKLM-x32\...\Steam App 7940) (Version:  - Infinity Ward)
Call of Juarez: Bound in Blood (HKLM-x32\...\Steam App 21980) (Version:  - Techland)
Canon Auto Update Service (HKLM-x32\...\Auto Update Service) (Version: 1.1.0.13 - Canon Inc.)
Canon DIGITAL CAMERA Solution Disk Software Guide (HKLM-x32\...\Software Guide) (Version: 1.6.0.1 - Canon Inc.)
CANON iMAGE GATEWAY MyCamera Download Plugin (HKLM-x32\...\MyCamera Download Plugin) (Version: 3.1.1.2 - Canon Inc.)
CANON iMAGE GATEWAY Task for ZoomBrowser EX (HKLM-x32\...\CANON iMAGE GATEWAY Task) (Version: 1.9.0.9 - Canon Inc.)
Canon MOV Decoder (HKLM-x32\...\Canon MOV Decoder) (Version: 1.9.0.8 - Canon Inc.)
Canon MOV Encoder (HKLM-x32\...\Canon MOV Encoder) (Version: 1.8.0.1 - Canon Inc.)
Canon MovieEdit Task for ZoomBrowser EX (HKLM-x32\...\MovieEditTask) (Version: 3.9.0.6 - Canon Inc.)
Canon PowerShot SX150 IS Camera User Guide (HKLM-x32\...\CameraUserGuide-PSSX150IS) (Version: 1.0.0.1 - Canon Inc.)
Canon Utilities CameraWindow DC 8 (HKLM-x32\...\CameraWindowDC8) (Version: 8.6.0.11 - Canon Inc.)
Canon Utilities CameraWindow Launcher (HKLM-x32\...\CameraWindowLauncher) (Version: 7.6.0.1 - Canon Inc.)
Canon Utilities Movie Uploader for YouTube (HKLM-x32\...\MovieUploaderForYouTube) (Version: 1.3.0.3 - Canon Inc.)
Canon Utilities MyCamera (HKLM-x32\...\MyCamera) (Version: 7.5.0.1 - Canon Inc.)
Canon Utilities PhotoStitch (HKLM-x32\...\PhotoStitch) (Version: 3.1.22.46 - Canon Inc.)
Canon Utilities ZoomBrowser EX (HKLM-x32\...\ZoomBrowser EX) (Version: 6.8.0.10 - Canon Inc.)
Canon ZoomBrowser EX Memory Card Utility (HKLM-x32\...\ZoomBrowser EX Memory Card Utility) (Version: 1.6.0.15 - Canon Inc.)
Castle of Illusion (HKLM-x32\...\Steam App 227600) (Version:  - )
Color Efex Pro 3.0 Wacom Edition 3 (HKLM-x32\...\Color Efex Pro 3.0 Wacom Edition 3) (Version: 3.0.0.1 - Nik Software, Inc.)
Company of Heroes (HKLM-x32\...\Steam App 4560) (Version:  - Relic)
Contrast (HKLM-x32\...\Steam App 224460) (Version:  - Compulsion Games)
Costume Quest (HKLM-x32\...\Steam App 115100) (Version:  - Double Fine Productions)
CPUID CPU-Z 1.69.2 (HKLM\...\CPUID CPU-Z_is1) (Version:  - )
Crusader Kings Complete (HKLM-x32\...\Steam App 204940) (Version:  - Paradox Development Studio)
CryptoLab 1.02.2 (HKLM-x32\...\{4E8B2389-01C9-4FAC-8E56-CEF739FB1722}_is1) (Version: 1.02 - EJC Cryptography)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
D'Accord Metronome (HKLM-x32\...\Metronome_is1) (Version:  - D'Accord Music Software)
Dangerous High School Girls in Trouble! (HKLM-x32\...\Steam App 27400) (Version:  - Mousechief)
Dark Fall 1: The Journal (HKLM-x32\...\Steam App 260690) (Version:  - Darkling Room)
DarksidersInstaller (HKLM-x32\...\{B93EEE50-9C8F-45DF-95E4-3D85A6E242F3}) (Version: 1.00.1000 - THQ)
Dassault Systemes Software VC9 Prerequisites x86-x64 (HKLM\...\{F2F2DEA7-36AB-4E13-907C-D8BDE775EF97}) (Version: 9.1.2 - Dassault Systemes)
DCS World (HKLM\...\DCS World_is1) (Version: 1.2.4.12913 - )
Dear Esther (HKLM-x32\...\Steam App 203810) (Version:  - thechineseroom & Robert Briscoe)
Deus Ex: Human Revolution - Director's Cut (HKLM-x32\...\Steam App 238010) (Version:  - Eidos Montreal)
DirectX for Managed Code Update (Summer 2004) (x32 Version: 9.02.2904 - Microsoft) Hidden
Dirk's Metronome V1.0 Full version (HKLM-x32\...\Dirk's Metronome V1.0 Full version) (Version:  - Dirk's Projects)
Dishonored (HKLM-x32\...\Steam App 205100) (Version: 1.0 - Bethesda Softworks)
Don't Starve (HKLM-x32\...\Steam App 219740) (Version:  - Klei Entertainment)
Dowce (HKCU\...\e1c70abc38d757d8) (Version: 1.2.0.2 - Dowce)
Dracula: Origin (HKLM-x32\...\Steam App 11050) (Version:  - Frogwares)
Dragon's Lair (HKLM-x32\...\Dragon's Lair_is1) (Version:  - R.G. Origami)
Dropbox (HKCU\...\Dropbox) (Version: 2.0.22 - Dropbox, Inc.)
Dungeon Crafter III (remove only) (HKLM-x32\...\DCrafter3) (Version:  - )
DVD Shrink 3.2 (HKLM-x32\...\DVD Shrink_is1) (Version:  - DVD Shrink)
Dysfunctional Systems: Learning to Manage Chaos (HKLM-x32\...\Steam App 248800) (Version:  - )
eMachineShop (HKLM-x32\...\eMachineShop_is1) (Version:  - )
eReg (x32 Version: 1.20.138.34 - Logitech, Inc.) Hidden
Euro Truck Simulator 2 (HKLM-x32\...\Steam App 227300) (Version:  - SCS Software)
Europa Universalis: Rome - Gold Edition (HKLM-x32\...\Steam App 23420) (Version:  - Paradox Development Studio)
Europa Universalis: Rome - Vae Victis (HKLM-x32\...\Steam App 23440) (Version:  - Realmforge Studios)
Evernote v. 5.6.4 (HKLM-x32\...\{DFDF0BE2-2D71-11E4-9454-00163E98E7D6}) (Version: 5.6.4.4632 - Evernote Corp.)
EVGA Precision X 4.2.0 (HKLM-x32\...\PrecisionX) (Version: 4.2.0 - EVGA Corporation)
F1 2012 (HKLM-x32\...\Steam App 208500) (Version:  - Codemasters Birmingham)
FileZilla Client 3.8.0 (HKCU\...\FileZilla Client) (Version: 3.8.0 - Tim Kosse)
Focusrite USB 2.0 Audio Driver 2.3 (HKLM\...\Focusrite USB 2.0 Audio Driver_is1) (Version: 2.3 - Focusrite Audio Engineering Limited.)
Free Metronome V.1.00 (HKLM-x32\...\Free Metronome) (Version:  - )
Free Stopwatch 2.7.0 (HKLM-x32\...\{A1FAC1AF-5615-47FE-B5C8-5E981EC8522B}_is1) (Version: 2.7 - Comfort Software Group)
GCH Guitar academy (HKLM-x32\...\GCH Guitar academy) (Version:  - )
GiveMeTac 1.1 (HKLM-x32\...\GiveMeTac_is1) (Version:  - Graphys © 2001-2004)
Google Chrome (HKCU\...\Google Chrome) (Version: 38.0.2125.111 - Google Inc.)
Google Drive (HKLM-x32\...\{C6640705-7479-4EE5-BC86-879F05F65E74}) (Version: 1.17.7290.4094 - Google, Inc.)
Google Earth (HKLM-x32\...\{4D2A6330-2F8B-11E3-9C40-B8AC6F97B88E}) (Version: 7.1.2.2041 - Google)
Google Update Helper (x32 Version: 1.3.25.5 - Google Inc.) Hidden
GRID (HKLM-x32\...\Steam App 12750) (Version:  - Codemasters Studios)
Grimind (HKLM-x32\...\Steam App 265380) (Version:  - Paweł Mogiła)
Guild Wars 2 (HKLM-x32\...\Guild Wars 2) (Version:  - NCsoft Corporation, Ltd.)
Gunman Clive (HKLM-x32\...\Steam App 262550) (Version:  - Hörberg Productions)
HandBrake 0.9.9.1 (HKLM-x32\...\HandBrake) (Version: 0.9.9.1 - )
Haunted Memories (HKLM-x32\...\Steam App 241640) (Version:  - MadMan Theory Games)
Hearts of Iron III (HKLM-x32\...\Steam App 25890) (Version:  - Paradox Interactive)
Hewlett-Packard ACLM.NET v1.2.2.3 (x32 Version: 1.00.0000 - Hewlett-Packard Company) Hidden
Home (HKLM-x32\...\Steam App 215670) (Version:  - Benjamin Rivers)
HP Auto (Version: 1.0.12935.3667 - Hewlett-Packard Company) Hidden
HP Client Services (Version: 1.1.12938.3539 - Hewlett-Packard) Hidden
HP Customer Experience Enhancements (x32 Version: 6.0.1.8 - Hewlett-Packard) Hidden
HP IDF Software (HKLM-x32\...\{974025B1-769B-49E9-817C-C638ABE8F372}) (Version: 11.15.1000 - Hewlett-Packard Company)
HP LinkUp (HKLM-x32\...\{7E750542-55BC-4300-8B7B-AC2A762FB435}) (Version: 2.01.029 - Hewlett-Packard)
HP Odometer (HKLM-x32\...\{B8AC1A89-FFD1-4F97-8051-E505A160F562}) (Version: 2.10.0000 - Hewlett-Packard)
HP Setup (HKLM-x32\...\{F5E7D9AF-60F6-4A30-87E3-4EA94D322CE1}) (Version: 9.0.15130.3904 - Hewlett-Packard Company)
HP Setup Manager (HKLM-x32\...\{AE856388-AFAD-4753-81DF-D96B19D0A17C}) (Version: 1.2.15145.3905 - Hewlett-Packard Company)
HP Support Assistant (HKLM-x32\...\{E35A3B13-78CD-4967-8AC8-AA9FDA693EDE}) (Version: 7.4.45.4 - Hewlett-Packard Company)
HP Support Information (HKLM-x32\...\{B2B7B1C8-7C8B-476C-BE2C-049731C55992}) (Version: 11.00.0001 - Hewlett-Packard)
HP Update (HKLM-x32\...\{2EFA4E4C-7B5F-48F7-A1C0-1AA882B7A9C3}) (Version: 5.003.001.001 - Hewlett-Packard)
HP Vision Hardware Diagnostics (HKLM\...\{D79A02E9-6713-4335-9668-AAC7474C0C0E}) (Version: 2.12.1.0 - Hewlett-Packard)
H-Series_ASIO64 (HKLM\...\{F9A11F80-49DA-11E0-B577-00269E8DC781}) (Version: 1.0.2 - ZOOM)
HTML TADS Author's Kit (HKLM-x32\...\htmltdb.exe) (Version:  - )
HTML TADS Player Kit (HKLM-x32\...\htmltads.exe) (Version:  - )
Hydrogen 0.9.6 preview release for windows (HKLM-x32\...\{B24839E5-A70C-48AD-B4D9-B9FB46B4B038}_is1) (Version:  - hydrogen-music.org)
iCloud (HKLM\...\{6096C0CC-7E19-4355-87F0-627EC5AA146D}) (Version: 4.0.3.56 - Apple Inc.)
ImgBurn (HKLM-x32\...\ImgBurn) (Version: 2.5.7.0 - LIGHTNING UK!)
Inform 7 (HKLM-x32\...\Inform 7) (Version:  - )
Intel® Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 7.0.0.1144 - Intel Corporation)
Intel® Rapid Storage Technology (HKLM-x32\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 10.5.0.1026 - Intel Corporation)
iTunes (HKLM\...\{2ABBBD91-91E5-4AD7-929A-FE15D1DC0576}) (Version: 12.0.1.26 - Apple Inc.)
Junk Mail filter update (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
LabelPrint (HKLM-x32\...\InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}) (Version: 2.5.4507 - CyberLink Corp.)
LabelPrint (x32 Version: 2.5.4507 - CyberLink Corp.) Hidden
LADSPA_plugins-win-0.4.15 (HKLM-x32\...\LADSPA_plugins-win_is1) (Version:  - Audacity Team)
LAME v3.99.3 (for Windows) (HKLM-x32\...\LAME_is1) (Version:  - )
LDraw All-In-One-Installer 2012-01 (HKLM-x32\...\LDraw2012-01) (Version: 2012-01 - LDraw.org)
Legend of Grimrock (HKLM-x32\...\Steam App 207170) (Version:  - Almost Human Games)
LEGO Batman 2 (HKLM-x32\...\Steam App 213330) (Version:  - TT Games)
LEGO Digital Designer (HKLM-x32\...\New LEGO Digital Designer) (Version:  - LEGO A/S)
LIMBO (HKLM-x32\...\Steam App 48000) (Version:  - Playdead)
Logitech Gaming Software (Version: 8.40.83 - Logitech Inc.) Hidden
Logitech SetPoint 6.65 (HKLM\...\sp6) (Version: 6.65.62 - Logitech)
Logitech Unifying Software 2.50 (HKLM\...\Logitech Unifying) (Version: 2.50.25 - Logitech)
Long Live The Queen (HKLM-x32\...\Steam App 251990) (Version:  - Hanako Games)
Magellan Communicator (HKLM-x32\...\InstallShield_{0FD5FD0B-4BA6-47A1-99C3-F8A964C3CCA5}) (Version: 1.15.020 - Magellan Navigation, Inc.)
Magellan Communicator (x32 Version: 1.15.020 - Magellan Navigation, Inc.) Hidden
MAGIX notation (HKLM-x32\...\MAGIX notation) (Version:  - )
Majestic Chess (HKLM-x32\...\{7CDD0F65-641F-4637-888A-208713EE0ED6}) (Version: 1.01.0003 - Fluent Entertainment)
MakeMKV v1.8.11 (HKLM-x32\...\MakeMKV) (Version: v1.8.11 - GuinpinSoft inc)
Manhunt (HKLM-x32\...\Steam App 12130) (Version:  - Rockstar North)
M-Audio USB MIDI Series Driver 5.0.1 (x64) (HKLM\...\{32ED2629-C9B1-4C29-A32A-F3E04A5EE303}) (Version: 5.0.1 - M-Audio)
Mesh Runtime (x32 Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Method Tutor (HKLM-x32\...\MethodTutor) (Version:  - )
Method Workshop (HKLM-x32\...\WkShop) (Version:  - )
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft ASP.NET MVC 4 Runtime (HKLM-x32\...\{3FE312D5-B862-40CE-8E4E-A6D8ABF62736}) (Version: 4.0.40804.0 - Microsoft Corporation)
Microsoft Flight Simulator X (HKLM-x32\...\InstallShield_{9527A496-5DF9-412A-ADC7-168BA5379CA6}) (Version: 10.0.60905 - Microsoft Game Studios)
Microsoft Games for Windows - LIVE Redistributable (HKLM-x32\...\{F2508213-9989-4E85-A078-72BE483917EF}) (Version: 3.5.88.0 - Microsoft Corporation)
Microsoft Games for Windows Marketplace (HKLM-x32\...\{4CB0307C-565E-4441-86BE-0DF2E4FB828C}) (Version: 3.5.50.0 - Microsoft Corporation)
Microsoft Mathematics (HKLM-x32\...\{4D090F70-6F08-4B60-9357-A1DFD4458F09}) (Version: 4.0 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C# 2010 Express - ENU (HKLM-x32\...\Microsoft Visual C# 2010 Express - ENU) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{A49F249F-0C91-497F-86DF-B2585E8E76B7}) (Version: 8.0.50727.42 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual Studio 2010 Service Pack 1 (HKLM-x32\...\Microsoft Visual Studio 2010 Service Pack 1) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Xbox 360 Accessories 1.2 (HKLM\...\{D9C50188-12D5-4D3E-8F00-682346C2AA5F}) (Version: 1.20.146.0 - Microsoft)
Mini Motor Racing EVO (HKLM-x32\...\Steam App 209520) (Version:  - The Binary Mill)
MiniTool Partition Wizard Home Edition 8.1.1 (HKLM-x32\...\{05D996FA-ADCB-4D23-BA3C-A7C184A8FAC6}_is1) (Version:  - MiniTool Solution Ltd.)
Missing (HKLM-x32\...\Missing) (Version:  - )
Mixlr version 2.0.11 (HKLM-x32\...\{F021F776-6BD4-4301-985D-0C1D27EEC8ED}_is1) (Version: 2.0.11 - Mixlr, Ltd.)
MonkeyJam 3_050529 (HKLM-x32\...\MonkeyJam_is1) (Version:  - GiantScreamingRobotMonkeys)
MouseServer version 1.5.0.0 (HKLM-x32\...\{E13018F5-FFC7-4729-9C1B-1A85807D03E6}_is1) (Version: 1.5.0.0 - Necta Co.)
Mozilla Firefox 32.0.3 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 32.0.3 (x86 en-US)) (Version: 32.0.3 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 29.0 - Mozilla)
MSVCRT (x32 Version: 15.4.2862.0708 - Microsoft) Hidden
MSVCRT_amd64 (x32 Version: 15.4.2862.0708 - Microsoft) Hidden
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
MSXML 4.0 SP2 Parser and SDK (HKLM-x32\...\{716E0306-8318-4364-8B8F-0CC4E9376BAC}) (Version: 4.20.9818.0 - Microsoft Corporation)
MuseBook Metronome 1.2 (HKLM-x32\...\{7297C0B6-0C79-48DB-B7F9-BF40538F418D}) (Version: 1.20 - AMuseTec Co., Ltd.)
MUSHclient (remove only) (HKLM-x32\...\MUSHclient) (Version:  - )
mysms version 2.1.1 (HKLM-x32\...\{48F31003-B5A3-4E17-917A-5DDFF60B9FA2}_is1) (Version: 2.1.1 - Up to Eleven Digital Solutions GmbH)
Native Instruments Controller Editor (HKLM-x32\...\Native Instruments Controller Editor) (Version: 1.6.0.1528 - Native Instruments)
Native Instruments Controller Editor (Version: 1.6.0.1528 - Native Instruments) Hidden
Native Instruments Traktor 2 (HKLM-x32\...\Native Instruments Traktor 2) (Version: 2.6.2.112 - Native Instruments)
Native Instruments Traktor 2 (Version: 2.5.0.13594 - Native Instruments) Hidden
Nihilumbra (HKLM-x32\...\Steam App 252670) (Version:  - Beautifun Games)
NVIDIA 3D Vision Controller Driver 344.46 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB) (Version: 344.46 - NVIDIA Corporation)
NVIDIA 3D Vision Driver 344.48 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 344.48 - NVIDIA Corporation)
NVIDIA Control Panel 344.48 (Version: 344.48 - NVIDIA Corporation) Hidden
NVIDIA GeForce Experience 2.1.2 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 2.1.2 - NVIDIA Corporation)
NVIDIA GeForce Experience Service (Version: 16.13.42 - NVIDIA Corporation) Hidden
NVIDIA Graphics Driver 344.48 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 344.48 - NVIDIA Corporation)
NVIDIA HD Audio Driver 1.3.32.1 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.32.1 - NVIDIA Corporation)
NVIDIA Install Application (Version: 2.1002.162.1284 - NVIDIA Corporation) Hidden
NVIDIA LED Visualizer 1.0 (Version: 1.0 - NVIDIA Corporation) Hidden
NVIDIA Network Service (Version: 2.0 - NVIDIA Corporation) Hidden
NVIDIA PhysX (Legacy) (HKLM-x32\...\{6F9D5A0B-202C-4161-BC7F-0664EA39E7E7}) (Version: 9.12.1031 - NVIDIA Corporation)
NVIDIA PhysX (x32 Version: 9.14.0702 - NVIDIA Corporation) Hidden
NVIDIA PhysX System Software 9.14.0702 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.14.0702 - NVIDIA Corporation)
NVIDIA ShadowPlay 16.13.42 (Version: 16.13.42 - NVIDIA Corporation) Hidden
NVIDIA Stereoscopic 3D Driver (x32 Version: 7.17.12.6514 - NVIDIA Corporation) Hidden
NVIDIA Update 16.13.42 (Version: 16.13.42 - NVIDIA Corporation) Hidden
NVIDIA Update Core (Version: 16.13.42 - NVIDIA Corporation) Hidden
NVIDIA Virtual Audio 1.2.25 (Version: 1.2.25 - NVIDIA Corporation) Hidden
Open Metronome (HKLM-x32\...\{4B200398-CA2D-4F67-8D00-C618F04020A7}) (Version: 1.0.0.0 - code::Biscuit)
OpenAL (HKLM-x32\...\OpenAL) (Version:  - )
opensource (x32 Version: 1.0.14960.3876 - Your Company Name) Hidden
Opera Stable 25.0.1614.63 (HKLM-x32\...\Opera 25.0.1614.63) (Version: 25.0.1614.63 - Opera Software ASA)
Outlast (HKLM-x32\...\Steam App 238320) (Version:  - Red Barrels)
Pad2Pad 1.9.22 (HKLM-x32\...\Pad2Pad_is1) (Version:  - Pad2Pad.com)
PandoraRecovery (Remove Only) (HKLM-x32\...\PandoraRecovery) (Version:  - )
Papers, Please (HKLM-x32\...\Steam App 239030) (Version:  - 3909)
Pd-0.43.4-extended (HKLM-x32\...\pd_is1) (Version:  - puredata.info)
Platform (x32 Version: 1.34 - VIA Technologies, Inc.) Hidden
PlayReady PC Runtime amd64 (HKLM\...\{BCA9334F-B6C9-4F65-9A73-AC5A329A4D04}) (Version: 1.3.0 - Microsoft Corporation)
PlayReady PC Runtime x86 (HKLM-x32\...\{CCA5EAAD-92F4-4B7A-B5EE-14294C66AB61}) (Version: 1.3.0 - Microsoft Corporation)
Pooh Knows Your Name (HKLM-x32\...\{EC086D1D-9D76-44A5-B093-480D53FBA428}) (Version: 1.00.0000 - Fisher-Price)
POV-Ray for Windows v3.6.1c (HKLM-x32\...\POV-Ray for Windows v3.6) (Version: 3.6 - Persistence of Vision Raytracer Pty. Ltd.)
Power2Go (HKLM-x32\...\InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}) (Version: 6.1.5706 - CyberLink Corp.)
Power2Go (x32 Version: 6.1.5706 - CyberLink Corp.) Hidden
Puddle (HKLM-x32\...\Steam App 222140) (Version:  - Neko Entertainment)
PunkBuster for Battlefield 1942 (HKLM-x32\...\{127B684B-A002-44C8-99A7-6CF8F1E26873}) (Version:  - )
PunkBuster Services (HKLM-x32\...\PunkBusterSvc) (Version: 0.988 - Even Balance, Inc.)
PuTTY version 0.63 (HKLM-x32\...\PuTTY_is1) (Version: 0.63 - Simon Tatham)
Python 3.3.0 (HKLM-x32\...\{526b1417-92c1-3737-8247-4abc49ccc8e4}) (Version: 3.3.150 - Python Software Foundation)
QuickTime 7 (HKLM-x32\...\{3D2CBC2C-65D4-4463-87AB-BB2C859C1F3E}) (Version: 7.76.80.95 - Apple Inc.)
Razer Nostromo Firmware Updater (HKLM-x32\...\{49C5BD36-F5B9-4E6A-9DC1-04818B9D55E3}) (Version: 1.02.03 - Razer USA Ltd.)
Razer Synapse 2.0 (HKLM-x32\...\{0D78BEE2-F8FF-4498-AF1A-3FF81CED8AC6}) (Version: 1.18.17.22533 - Razer Inc.)
Recovery Manager (x32 Version: 5.5.0.4424 - CyberLink Corp.) Hidden
Remote Graphics Receiver (HKLM-x32\...\{16FC3056-90C0-4757-8A68-64D8DA846ADA}) (Version: 5.4.5 - Hewlett-Packard)
RingBell Ropesight Tutor (HKLM-x32\...\RingBell) (Version:  - )
RivaTuner Statistics Server 5.0.1 (HKLM-x32\...\RTSS) (Version: 5.0.1 - Unwinder)
Robin Hood (HKLM-x32\...\Steam App 46560) (Version:  - )
Safari (HKLM-x32\...\{C779648B-410E-4BBA-B75B-5815BCEFE71D}) (Version: 5.34.57.2 - Apple Inc.)
SAMSUNG USB Driver for Mobile Phones (HKLM\...\{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}) (Version: 1.5.27.0 - SAMSUNG Electronics Co., Ltd.)
Sang-Froid - Tales of Werewolves (HKLM-x32\...\Steam App 227220) (Version:  - Artifice Studio)
Scarlett Plug-in Suite 1.2.3 (HKLM-x32\...\{D7F912D4-C237-4079-966A-5044A5025CBF}}_is1) (Version: 1.2.3 - Focusrite)
Screenshot Captor 3.08.01 (HKLM-x32\...\ScreenshotCaptor_is1) (Version:  - )
SDFormatter (HKLM-x32\...\{179324FF-7B16-4BA8-9836-055CAAEE4F08}) (Version: 4.0.0 - SD Association)
SecondLifeViewer (remove only) (HKLM-x32\...\SecondLifeViewer) (Version:  - )
SES Driver (HKLM\...\{D8CC254C-C671-4664-9A38-FA368D1E2C97}) (Version: 1.0.0 - Western Digital)
SHIELD Streaming (Version: 3.1.200 - NVIDIA Corporation) Hidden
SHIELD Wireless Controller Driver (Version: 16.13.42 - NVIDIA Corporation) Hidden
Shockwave (HKLM-x32\...\Shockwave) (Version:  - )
SI ColorPicker by Software Institute (remove only) (HKCU\...\SI ColorPicker) (Version:  - Software Institute)
SILENT HILL 3 (HKLM-x32\...\InstallShield_{14D10AAC-9737-454E-A247-8075C26C30E1}) (Version: 1.00.0000 - Konami Computer Entertainment Tokyo, Inc.)
SILENT HILL 3 (x32 Version: 1.00.0000 - Konami Computer Entertainment Tokyo, Inc.) Hidden
SilentEye (HKLM-x32\...\SilentEye 0.4.1) (Version: 0.4.1 - SilentEye)
Sir, You Are Being Hunted (HKLM-x32\...\Steam App 242880) (Version:  - )
SketchUp 2014 (HKLM-x32\...\{A608A8D3-E77C-4BEE-8F2A-F8124F5F0FE2}) (Version: 14.0.4900 - Trimble Navigation Limited)
Sonic Visualiser (HKLM-x32\...\{CC669D3A-6580-4FC6-A0BF-38A3453C3CB0}) (Version: 2.1.0 - Queen Mary, University of London)
Spectrum Lab V2.79 (HKLM-x32\...\Spectrum Lab_is1) (Version:  - Wolfgang Buescher (DL4YHF))
Spelunky (HKLM-x32\...\Steam App 239350) (Version:  - )
Steam (HKLM-x32\...\{048298C9-A4D3-490B-9FF9-AB023A9238F3}) (Version: 1.0.0.0 - Valve Corporation)
Stop Motion Animator 1.1.XP (HKLM-x32\...\Stop Motion Animator 1.1.XP) (Version:  - )
TeamSpeak 3 Client (HKLM\...\TeamSpeak 3 Client) (Version: 3.0.8.1 - TeamSpeak Systems GmbH)
TempoPerfect Metronome Software (HKLM-x32\...\TempoPerfect) (Version:  - NCH Software)
The 39 Steps (HKLM-x32\...\Steam App 234940) (Version:  - The Story Mechanics)
The Cat Lady (HKLM-x32\...\Steam App 253110) (Version:  - Harvester Games)
The Elder Scrolls IV: Oblivion  (HKLM-x32\...\Steam App 22330) (Version:  - Bethesda Softworks)
The Endless Forest (HKLM-x32\...\The Endless Forest_is1) (Version:  - Tale of Tales)
The Last Express Gold Edition (HKLM-x32\...\Steam App 252710) (Version:  - )
The Secret World (HKLM-x32\...\Steam App 215280) (Version:  - Funcom)
Thief (HKLM-x32\...\Steam App 239160) (Version:  - Eidos-Montréal)
Ticket to Ride (HKLM-x32\...\Steam App 108200) (Version:  - )
TightVNC (HKLM\...\{D2372F87-7DA2-47F7-A102-AF2181B8EAA2}) (Version: 2.7.10.0 - GlavSoft LLC.)
Tomb Raider (HKLM-x32\...\Steam App 203160) (Version:  - Crystal Dynamics)
Toy Soldiers (HKLM-x32\...\Steam App 98300) (Version:  - Signal Studios)
Train Simulator 2014 (HKLM-x32\...\Steam App 24010) (Version:  - RailSimulator.com)
Trainz 'Blue Comet' Addon Pack (HKLM-x32\...\AuranTS2009_DLC0_is1) (Version:  - Auran)
Trainz 'PRR T1 - A Fleet of Modernism' Addon Pack (HKLM-x32\...\AuranTS2009_DLC2_is1) (Version:  - Auran)
Trainz Simulator 12 (HKLM-x32\...\AuranTS2009_is1) (Version:  - Auran)
Trainz: Classic Cabon City (HKLM-x32\...\Steam App 24640) (Version:  - )
Trine (HKLM-x32\...\Steam App 35700) (Version:  - Frozenbyte)
TSHostedAppLauncher (x32 Version: 5.1.15.0 - Hewlett-Packard) Hidden
Twine 1.4.1 (remove only) (HKLM-x32\...\Twine) (Version:  - )
Type light 3.2.023 (HKLM-x32\...\{3CC31D3E-369B-4029-A83E-251BB58A144C}_is1) (Version: 023 - CR8 Software Solutions)
Unity Web Player (HKCU\...\UnityWebPlayer) (Version: 2.6.1f3_31223 - Unity Technologies ApS)
Universe Sandbox (HKLM-x32\...\Steam App 72200) (Version:  - )
Uplink (remove only) (HKLM-x32\...\Uplink) (Version:  - )
VIA Platform Device Manager (HKLM-x32\...\InstallShield_{20D4A895-748C-4D88-871C-FDB1695B0169}) (Version: 1.34 - VIA Technologies, Inc.)
VirtualDJ PRO Full (HKLM-x32\...\{C515E2A3-4878-4C85-A519-52630C7AB08B}) (Version: 7.3 - Atomix Productions)
Visual Studio 2008 x64 Redistributables (HKLM-x32\...\{FCDBEA60-79F0-4FAE-BBA8-55A26C609A49}) (Version: 10.0.0.2 - AVG Technologies)
Visual Studio 2010 x64 Redistributables (HKLM\...\{21B133D6-5979-47F0-BE1C-F6A6B304693F}) (Version: 13.0.0.1 - AVG Technologies)
Visual Studio 2012 x64 Redistributables (HKLM\...\{8C775E70-A791-4DA8-BCC3-6AB7136F4484}) (Version: 14.0.0.1 - AVG Technologies)
Visual Studio 2012 x86 Redistributables (HKLM-x32\...\{98EFF19A-30AB-4E4B-B943-F06B1C63EBF8}) (Version: 14.0.0.1 - AVG Technologies CZ, s.r.o.)
VLC media player (HKLM-x32\...\VLC media player) (Version: 2.1.5 - VideoLAN)
VSO ConvertXToDVD (HKLM-x32\...\{CE1F93C0-4353-4C9D-84DA-AB4E7C63ED32}_is1) (Version: 5.1.0.14 - VSO Software)
Wacom (HKLM\...\Pen Tablet Driver) (Version: 5.3.2-1 - Wacom Technology Corp.)
WD SmartWare Drive Manager (HKLM\...\{BEC2EFB7-93E4-4F5F-B056-602ACEC2B759}) (Version: 1.5.0 - Western Digital)
WebTablet FB Plugin 32 bit (HKLM-x32\...\Wacom WebTabletPlugin for Internet Explorer and Netscape) (Version: 2.1.0.3 - Wacom Technology Corp.)
WebTablet FB Plugin 64 bit (HKLM\...\Wacom WebTabletPlugin for Internet Explorer and Netscape) (Version: 2.1.0.2 - Wacom Technology Corp.)
WebTablet IE Plugin (HKLM-x32\...\Wacom WebTabletPlugin for IE) (Version: 1.1.0.12 - Wacom Technology Corp.)
WebTablet Netscape Plugin (HKLM-x32\...\Wacom WebTabletPlugin for Netscape) (Version: 1.1.0.10 - Wacom Technology Corp.)
Win32DiskImager version 0.9.5 (HKLM-x32\...\{D074CE74-912A-4AD3-A0BF-3937D9D01F17}_is1) (Version: 0.9.5 - ImageWriter Developers)
Winamp (HKLM-x32\...\Winamp) (Version: 5.65  - Nullsoft, Inc)
Winamp Detector Plug-in (HKCU\...\Winamp Detect) (Version: 1.0.0.1 - Nullsoft, Inc)
Windows Driver Package - Focusrite USB 2.0 Audio Driver (01/05/2012 2.3.128.0) (HKLM\...\0B8B34F4BB96072BB79F86A0EDC21145F80BC191) (Version: 01/05/2012 2.3.128.0 - Focusrite)
Windows Driver Package - Western Digital Technologies (WDC_SAM) WDC_SAM  (01/19/2011 1.0.0009.0) (HKLM\...\4CA7CFBB29889F25ACB3DF6E3A42BAE29EB43B20) (Version: 01/19/2011 1.0.0009.0 - Western Digital Technologies)
Windows Frotz (HKLM-x32\...\WindowsFrotz) (Version:  - )
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3555.0308 - Microsoft Corporation)
World of Goo (HKLM-x32\...\Steam App 22000) (Version:  - 2D BOY)
ZD Soft Screen Recorder (HKLM-x32\...\{F0A56F04-4C9B-4408-9D65-5E0700BACCEB}) (Version: 5.4.0 - ZD Soft)
 
==================== Custom CLSID (selected items): ==========================
 
(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)
 
CustomCLSID: HKU\S-1-5-21-675510566-695927744-2032809450-1000_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Users\brian\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-675510566-695927744-2032809450-1000_Classes\CLSID\{092dfa86-5807-5a94-bf3b-5a53ba9e5308}\InprocServer32 -> C:\Program Files\TabletPlugins\npWacomTabletPlugin.dll (Wacom)
CustomCLSID: HKU\S-1-5-21-675510566-695927744-2032809450-1000_Classes\CLSID\{0E299B3E-7F99-4DEB-B0D5-0A112857C054}\InprocServer32 -> AcSmComponents.dll No File
CustomCLSID: HKU\S-1-5-21-675510566-695927744-2032809450-1000_Classes\CLSID\{0F22A205-CFB0-4679-8499-A6F44A80A208}\InprocServer32 -> C:\Users\brian\AppData\Local\Google\Update\1.3.25.5\psuser_64.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-675510566-695927744-2032809450-1000_Classes\CLSID\{1045CF6C-B363-4AE9-9BAA-E4CA726D380C}\InprocServer32 -> AcSmComponents.dll No File
CustomCLSID: HKU\S-1-5-21-675510566-695927744-2032809450-1000_Classes\CLSID\{1A1F2E99-0AA9-4639-8318-2B15EA3B7CF3}\InprocServer32 -> AcETransmit.dll No File
CustomCLSID: HKU\S-1-5-21-675510566-695927744-2032809450-1000_Classes\CLSID\{1A960ECE-0E57-4A68-B694-8373114F1FF4}\InprocServer32 -> C:\Program Files\Autodesk\123D\TDxInput.dll (3Dconnexion - a Logitech Company)
CustomCLSID: HKU\S-1-5-21-675510566-695927744-2032809450-1000_Classes\CLSID\{1B918443-5C9F-4853-A180-1337C6030A14}\InprocServer32 -> AcSmComponents.dll No File
CustomCLSID: HKU\S-1-5-21-675510566-695927744-2032809450-1000_Classes\CLSID\{203a7c10-dc7b-4355-8803-982860b6258d}\InprocServer32 -> C:\Program Files\Autodesk\123D\AcSignCore16.dll (Autodesk, Inc.)
CustomCLSID: HKU\S-1-5-21-675510566-695927744-2032809450-1000_Classes\CLSID\{211F0577-D1EE-4761-9367-4A755331B6CE}\localserver32 -> C:\Program Files\Common Files\Autodesk Shared\WSCommCntr4\lib\\WSCommCntr4.exe (Autodesk, Inc.)
CustomCLSID: HKU\S-1-5-21-675510566-695927744-2032809450-1000_Classes\CLSID\{25BBE090-583A-4903-A61B-D0EC629AC4EC}\InprocServer32 -> C:\Program Files\Autodesk\123D\TDxInput.dll (3Dconnexion - a Logitech Company)
CustomCLSID: HKU\S-1-5-21-675510566-695927744-2032809450-1000_Classes\CLSID\{28F0687D-E7A6-4A88-9521-DE3EE57DE566}\localserver32 -> C:\Program Files\Autodesk\123D\SketchUpServer.exe (Autodesk, Inc.)
CustomCLSID: HKU\S-1-5-21-675510566-695927744-2032809450-1000_Classes\CLSID\{2A45DA6A-F580-4F3F-81D3-F263C4F5C44B}\InprocServer32 -> AcETransmit.dll No File
CustomCLSID: HKU\S-1-5-21-675510566-695927744-2032809450-1000_Classes\CLSID\{2C7216D4-43C4-46E4-B583-EA2FAC118DD3}\localserver32 -> C:\Program Files\Common Files\Autodesk Shared\WSCommCntr4\lib\\WSCommCntr4.exe (Autodesk, Inc.)
CustomCLSID: HKU\S-1-5-21-675510566-695927744-2032809450-1000_Classes\CLSID\{2E7A2C6C-B938-40A4-BA1C-C7EC982DC202}\InprocServer32 -> C:\Program Files (x86)\Common Files\Autodesk Shared\AcShellEx\AcShellExtension.dll (Autodesk)
CustomCLSID: HKU\S-1-5-21-675510566-695927744-2032809450-1000_Classes\CLSID\{31AADAA2-C699-4D85-B906-8C3811AD197D}\InprocServer32 -> AcSmComponents.dll No File
CustomCLSID: HKU\S-1-5-21-675510566-695927744-2032809450-1000_Classes\CLSID\{32B4FA75-069D-496C-98AC-FFE9D731DAB7}\localserver32 -> C:\Program Files\Common Files\Autodesk Shared\WSCommCntr4\lib\\WSCommCntr4.exe (Autodesk, Inc.)
CustomCLSID: HKU\S-1-5-21-675510566-695927744-2032809450-1000_Classes\CLSID\{34d71ea5-7e74-4bb5-84da-fd59b4f63c52}\InprocServer32 -> C:\Program Files\Common Files\Autodesk Shared\AcInetEngineps19.dll (Autodesk, Inc.)
CustomCLSID: HKU\S-1-5-21-675510566-695927744-2032809450-1000_Classes\CLSID\{34E84AEF-17E9-4DB8-BB82-F52B2BB24235}\InprocServer32 -> AcSmComponents.dll No File
CustomCLSID: HKU\S-1-5-21-675510566-695927744-2032809450-1000_Classes\CLSID\{355EC88A-02E2-4547-9DEE-F87426484BD1}\InprocServer32 -> C:\Users\brian\AppData\Local\Google\Update\1.3.23.9\psuser_64.dll No File
CustomCLSID: HKU\S-1-5-21-675510566-695927744-2032809450-1000_Classes\CLSID\{386D8DA3-AC63-4C36-8081-524C43FAF8D4}\localserver32 -> C:\Program Files\Common Files\Autodesk Shared\WSCommCntr4\lib\\WSCommCntr4.exe (Autodesk, Inc.)
CustomCLSID: HKU\S-1-5-21-675510566-695927744-2032809450-1000_Classes\CLSID\{3F6DB624-D7DD-47A2-8B69-E63E100AAC0B}\localserver32 -> C:\Program Files\Common Files\Autodesk Shared\WSCommCntr4\lib\\WSCommCntr4.exe (Autodesk, Inc.)
CustomCLSID: HKU\S-1-5-21-675510566-695927744-2032809450-1000_Classes\CLSID\{406C401B-13BB-49E7-8BCD-85686595726D}\InprocServer32 -> AcSmComponents.dll No File
CustomCLSID: HKU\S-1-5-21-675510566-695927744-2032809450-1000_Classes\CLSID\{41E3897F-6CDF-4206-A153-32D5EBD78A54}\InprocServer32 -> AcSmComponents.dll No File
CustomCLSID: HKU\S-1-5-21-675510566-695927744-2032809450-1000_Classes\CLSID\{4452AD45-620C-4218-BE0A-3A9BA71D5B47}\InprocServer32 -> AcSmComponents.dll No File
CustomCLSID: HKU\S-1-5-21-675510566-695927744-2032809450-1000_Classes\CLSID\{4640EC59-3C2B-4844-8675-6FE7B2EC19C5}\localserver32 -> C:\Program Files\Common Files\Autodesk Shared\WSCommCntr4\lib\\WSCommCntr4.exe (Autodesk, Inc.)
CustomCLSID: HKU\S-1-5-21-675510566-695927744-2032809450-1000_Classes\CLSID\{46BFCC8B-D25B-4A00-842A-99C17C4DA3A2}\InprocServer32 -> C:\Program Files\Autodesk\123D\AcSignCore16.dll (Autodesk, Inc.)
CustomCLSID: HKU\S-1-5-21-675510566-695927744-2032809450-1000_Classes\CLSID\{47775DA0-E874-4EAF-A28C-20C6E2D387A0}\InprocServer32 -> C:\Program Files\Autodesk\123D\AcSignCore16.dll (Autodesk, Inc.)
CustomCLSID: HKU\S-1-5-21-675510566-695927744-2032809450-1000_Classes\CLSID\{4B229979-A2BA-40EC-9F9D-7725BCBF058B}\InprocServer32 -> C:\Program Files\Common Files\Autodesk Shared\AcInetEngine19.dll (Autodesk, Inc.)
CustomCLSID: HKU\S-1-5-21-675510566-695927744-2032809450-1000_Classes\CLSID\{4C1EB057-910A-4FE3-B1EE-53DD86A5726E}\localserver32 -> C:\Program Files\Common Files\Autodesk Shared\WSCommCntr4\lib\\WSCommCntr4.exe (Autodesk, Inc.)
CustomCLSID: HKU\S-1-5-21-675510566-695927744-2032809450-1000_Classes\CLSID\{4F7FBFD2-24D7-493B-9142-553EF563CAC4}\localserver32 -> C:\Program Files\Common Files\Autodesk Shared\WSCommCntr4\lib\\WSCommCntr4.exe (Autodesk, Inc.)
CustomCLSID: HKU\S-1-5-21-675510566-695927744-2032809450-1000_Classes\CLSID\{512A6C3E-3010-401B-8623-E413E2ACC138}\InprocServer32 -> C:\Program Files\Autodesk\123D\TDxInput.dll (3Dconnexion - a Logitech Company)
CustomCLSID: HKU\S-1-5-21-675510566-695927744-2032809450-1000_Classes\CLSID\{52F0135C-64A3-42A2-95AC-D65B951DC67E}\localserver32 -> C:\Program Files\Common Files\Autodesk Shared\WSCommCntr4\lib\\WSCommCntr4.exe (Autodesk, Inc.)
CustomCLSID: HKU\S-1-5-21-675510566-695927744-2032809450-1000_Classes\CLSID\{54B24080-8684-4CCD-B23D-84550AD6C302}\InprocServer32 -> AcSmComponents.dll No File
CustomCLSID: HKU\S-1-5-21-675510566-695927744-2032809450-1000_Classes\CLSID\{55582F98-D4CE-4BA6-BDE5-3565F3291286}\InprocServer32 -> AcSmComponents.dll No File
CustomCLSID: HKU\S-1-5-21-675510566-695927744-2032809450-1000_Classes\CLSID\{5800AD5B-72C1-477B-9A08-CA112DF06D97}\InprocServer32 -> C:\Program Files (x86)\Common Files\Autodesk Shared\AcShellEx\AcShellExtension.dll (Autodesk)
CustomCLSID: HKU\S-1-5-21-675510566-695927744-2032809450-1000_Classes\CLSID\{5C049B27-1284-412E-B28B-B8BD99B21492}\InprocServer32 -> C:\Program Files\Common Files\Autodesk Shared\WebServices1.dll (Autodesk, Inc.)
CustomCLSID: HKU\S-1-5-21-675510566-695927744-2032809450-1000_Classes\CLSID\{5DE62586-0DAB-4EFB-AF8F-7C1DF1D65326}\InprocServer32 -> AcSmComponents.dll No File
CustomCLSID: HKU\S-1-5-21-675510566-695927744-2032809450-1000_Classes\CLSID\{67216A8C-511A-42F1-8129-A4831F29CAF3}\InprocServer32 -> AcSmComponents.dll No File
CustomCLSID: HKU\S-1-5-21-675510566-695927744-2032809450-1000_Classes\CLSID\{71AE45C8-7317-44CF-8FD8-16A4CB9BC2E9}\InprocServer32 -> AcETransmit.dll No File
CustomCLSID: HKU\S-1-5-21-675510566-695927744-2032809450-1000_Classes\CLSID\{72EC5935-3EC3-4E94-A3F1-D2FC478521C2}\InprocServer32 -> C:\Program Files\Autodesk\123D\AcSignCore16.dll (Autodesk, Inc.)
CustomCLSID: HKU\S-1-5-21-675510566-695927744-2032809450-1000_Classes\CLSID\{740A7479-C7C1-44DA-8A84-B5DE63C78B32}\InprocServer32 -> C:\Program Files\Autodesk\123D\TDxInput.dll (3Dconnexion - a Logitech Company)
CustomCLSID: HKU\S-1-5-21-675510566-695927744-2032809450-1000_Classes\CLSID\{76C3138F-E2FC-4905-977E-4032E827EF64}\InprocServer32 -> AcSmComponents.dll No File
CustomCLSID: HKU\S-1-5-21-675510566-695927744-2032809450-1000_Classes\CLSID\{7811B785-E8F9-4024-88F3-4B5511DEAE48}\InprocServer32 -> AcSmComponents.dll No File
CustomCLSID: HKU\S-1-5-21-675510566-695927744-2032809450-1000_Classes\CLSID\{7889CD73-6054-42B8-A3A3-12FEA1BE42A4}\InprocServer32 -> AcSmComponents.dll No File
CustomCLSID: HKU\S-1-5-21-675510566-695927744-2032809450-1000_Classes\CLSID\{7C6A1883-3BD8-4954-9598-24331E1D93DB}\InprocServer32 -> AcSmComponents.dll No File
CustomCLSID: HKU\S-1-5-21-675510566-695927744-2032809450-1000_Classes\CLSID\{7DF322D1-3CF6-463D-918C-5E47126DE789}\InprocServer32 -> C:\Program Files\Common Files\Autodesk Shared\LiveUpdate16.dll (Autodesk)
CustomCLSID: HKU\S-1-5-21-675510566-695927744-2032809450-1000_Classes\CLSID\{7FC39A6D-C429-4796-9A7B-0852AB53DF97}\localserver32 -> C:\Program Files\Common Files\Autodesk Shared\WSCommCntr4\lib\\WSCommCntr4.exe (Autodesk, Inc.)
CustomCLSID: HKU\S-1-5-21-675510566-695927744-2032809450-1000_Classes\CLSID\{80022404-EF31-42EF-BA6A-2D26D6E6A9BC}\localserver32 -> C:\Program Files\Common Files\Autodesk Shared\WSCommCntr4\lib\\WSCommCntr4.exe (Autodesk, Inc.)
CustomCLSID: HKU\S-1-5-21-675510566-695927744-2032809450-1000_Classes\CLSID\{82C5AB54-C92C-4D52-AAC5-27E25E22604C}\InprocServer32 -> C:\Program Files\Autodesk\123D\TDxInput.dll (3Dconnexion - a Logitech Company)
CustomCLSID: HKU\S-1-5-21-675510566-695927744-2032809450-1000_Classes\CLSID\{85004B00-1AA7-4777-B1CE-8427301B942D}\InprocServer32 -> C:\Program Files\Autodesk\123D\TDxInput.dll (3Dconnexion - a Logitech Company)
CustomCLSID: HKU\S-1-5-21-675510566-695927744-2032809450-1000_Classes\CLSID\{881A9759-8DE9-4989-9EEB-846609F6374E}\localserver32 -> C:\Program Files\Common Files\Autodesk Shared\WSCommCntr4\lib\\WSCommCntr4.exe (Autodesk, Inc.)
CustomCLSID: HKU\S-1-5-21-675510566-695927744-2032809450-1000_Classes\CLSID\{88A10E3A-F60F-473A-80EB-9CC16BA1F489}\InprocServer32 -> C:\Program Files\Autodesk\123D\AcSignCore16.dll (Autodesk, Inc.)
CustomCLSID: HKU\S-1-5-21-675510566-695927744-2032809450-1000_Classes\CLSID\{89EC7921-729B-4116-A819-DF86A4A5776B}\InprocServer32 -> C:\Program Files\Common Files\Autodesk Shared\LiveUpdate16.dll (Autodesk)
CustomCLSID: HKU\S-1-5-21-675510566-695927744-2032809450-1000_Classes\CLSID\{8A0BC933-7552-42E2-A228-3BE055777227}\InprocServer32 -> C:\Program Files (x86)\Common Files\Autodesk Shared\AcShellEx\AcShellExtension.dll (Autodesk)
CustomCLSID: HKU\S-1-5-21-675510566-695927744-2032809450-1000_Classes\CLSID\{8A49EFAD-D16A-4502-BE91-55332DE5D665}\InprocServer32 -> AcSmComponents.dll No File
CustomCLSID: HKU\S-1-5-21-675510566-695927744-2032809450-1000_Classes\CLSID\{8DB5D791-0074-4EBD-A8F0-58D26AAD4A10}\localserver32 -> C:\Program Files\Common Files\Autodesk Shared\WSCommCntr4\lib\\WSCommCntr4.exe (Autodesk, Inc.)
CustomCLSID: HKU\S-1-5-21-675510566-695927744-2032809450-1000_Classes\CLSID\{90B3DFBF-AF6A-4EA0-8899-F332194690F8}\InprocServer32 -> C:\Users\brian\AppData\Local\Google\Update\1.3.24.15\psuser_64.dll No File
CustomCLSID: HKU\S-1-5-21-675510566-695927744-2032809450-1000_Classes\CLSID\{9BD10691-3E41-4A8E-8059-D1D7D417CCA1}\InprocServer32 -> AcSmComponents.dll No File
CustomCLSID: HKU\S-1-5-21-675510566-695927744-2032809450-1000_Classes\CLSID\{9E928A7C-095E-4F44-81C5-D4F14F4F0265}\localserver32 -> C:\Program Files\Common Files\Autodesk Shared\WSCommCntr4\lib\\WSCommCntr4.exe (Autodesk, Inc.)
CustomCLSID: HKU\S-1-5-21-675510566-695927744-2032809450-1000_Classes\CLSID\{A5E300EF-0784-4445-8298-6C2569E3992E}\localserver32 -> C:\Program Files\Common Files\Autodesk Shared\WSCommCntr4\lib\\WSCommCntr4.exe (Autodesk, Inc.)
CustomCLSID: HKU\S-1-5-21-675510566-695927744-2032809450-1000_Classes\CLSID\{A746B08D-3E25-4C93-8BEB-CAC8208AEC62}\InprocServer32 -> C:\Program Files\Autodesk\123D\AcSignCore16.dll (Autodesk, Inc.)
CustomCLSID: HKU\S-1-5-21-675510566-695927744-2032809450-1000_Classes\CLSID\{AA13284A-B9A6-4000-9AFC-B5275AD611C4}\InprocServer32 -> AcSmComponents.dll No File
CustomCLSID: HKU\S-1-5-21-675510566-695927744-2032809450-1000_Classes\CLSID\{AD1F611D-8D79-46F5-B7D1-9FF883002138}\InprocServer32 -> C:\Program Files\Autodesk\123D\AcSignCore16.dll (Autodesk, Inc.)
CustomCLSID: HKU\S-1-5-21-675510566-695927744-2032809450-1000_Classes\CLSID\{B2E79109-7DF6-4831-8392-2697271093F3}\InprocServer32 -> AcSmComponents.dll No File
CustomCLSID: HKU\S-1-5-21-675510566-695927744-2032809450-1000_Classes\CLSID\{B76A05EF-0798-43E0-BE89-B064295B3A3A}\InprocServer32 -> AcSmComponents.dll No File
CustomCLSID: HKU\S-1-5-21-675510566-695927744-2032809450-1000_Classes\CLSID\{BB64B2BC-3B7E-4DFB-ACFC-3D723A021132}\InprocServer32 -> AcSmComponents.dll No File
CustomCLSID: HKU\S-1-5-21-675510566-695927744-2032809450-1000_Classes\CLSID\{BF7227D0-D41D-48FC-B545-8263F2CDA621}\InprocServer32 -> C:\Program Files\Autodesk\123D\AcSignCore16.dll (Autodesk, Inc.)
CustomCLSID: HKU\S-1-5-21-675510566-695927744-2032809450-1000_Classes\CLSID\{C3815367-4A1C-4D69-BD31-4E495B70FE4D}\InprocServer32 -> C:\Program Files\Common Files\Autodesk Shared\LiveUpdate16.dll (Autodesk)
CustomCLSID: HKU\S-1-5-21-675510566-695927744-2032809450-1000_Classes\CLSID\{C55DBA91-3CC5-49AB-97F1-AB3466570D28}\InprocServer32 -> AcSmComponents.dll No File
CustomCLSID: HKU\S-1-5-21-675510566-695927744-2032809450-1000_Classes\CLSID\{C7473D35-5A80-4F0D-8096-18BA34A35702}\InprocServer32 -> C:\Program Files\Common Files\Autodesk Shared\AcInetEngine19.dll (Autodesk, Inc.)
CustomCLSID: HKU\S-1-5-21-675510566-695927744-2032809450-1000_Classes\CLSID\{C8B039D1-9581-4512-8B53-319A36038DD9}\localserver32 -> C:\Program Files\Common Files\Autodesk Shared\WSCommCntr4\lib\\WSCommCntr4.exe (Autodesk, Inc.)
CustomCLSID: HKU\S-1-5-21-675510566-695927744-2032809450-1000_Classes\CLSID\{CD2C7309-ED63-40D9-A291-E34F4EE697D8}\InprocServer32 -> AcSmComponents.dll No File
CustomCLSID: HKU\S-1-5-21-675510566-695927744-2032809450-1000_Classes\CLSID\{CE2FD73C-A232-46E7-A341-B4C907C2F1B2}\InprocServer32 -> AcSmComponents.dll No File
CustomCLSID: HKU\S-1-5-21-675510566-695927744-2032809450-1000_Classes\CLSID\{CE55492D-7CF5-4F60-A838-CB4504D26707}\InprocServer32 -> AcSmComponents.dll No File
CustomCLSID: HKU\S-1-5-21-675510566-695927744-2032809450-1000_Classes\CLSID\{CEE92F99-D9C7-4E46-9AB7-E3F705B9A543}\localserver32 -> C:\Program Files\Common Files\Autodesk Shared\WSCommCntr4\lib\\WSCommCntr4.exe (Autodesk, Inc.)
CustomCLSID: HKU\S-1-5-21-675510566-695927744-2032809450-1000_Classes\CLSID\{D373C933-D51C-46A6-97BC-7473B2536E0E}\InprocServer32 -> C:\Program Files\Common Files\Autodesk Shared\LiveUpdate16.dll (Autodesk)
CustomCLSID: HKU\S-1-5-21-675510566-695927744-2032809450-1000_Classes\CLSID\{D8152A45-F445-41AE-BA20-CD81D99CE330}\localserver32 -> C:\Program Files\Common Files\Autodesk Shared\WSCommCntr4\lib\\WSCommCntr4.exe (Autodesk, Inc.)
CustomCLSID: HKU\S-1-5-21-675510566-695927744-2032809450-1000_Classes\CLSID\{D8C4556C-2407-4DD5-874F-0407D1FCCF85}\InprocServer32 -> C:\Program Files\Autodesk\123D\AcSignCore16.dll (Autodesk, Inc.)
CustomCLSID: HKU\S-1-5-21-675510566-695927744-2032809450-1000_Classes\CLSID\{DE572F8D-67CB-42FD-8E6D-38F68EDFCF77}\localserver32 -> C:\Program Files\Common Files\Autodesk Shared\WSCommCntr4\lib\\WSCommCntr4.exe (Autodesk, Inc.)
CustomCLSID: HKU\S-1-5-21-675510566-695927744-2032809450-1000_Classes\CLSID\{DF49A8DC-41C7-49B0-83AF-88775B522D39}\InprocServer32 -> AcSmComponents.dll No File
CustomCLSID: HKU\S-1-5-21-675510566-695927744-2032809450-1000_Classes\CLSID\{E0B80D76-6471-45D2-8788-87081D4B1205}\InprocServer32 -> AcSmComponents.dll No File
CustomCLSID: HKU\S-1-5-21-675510566-695927744-2032809450-1000_Classes\CLSID\{E0CECA44-0399-4AA7-92A6-2957E2C1F492}\InprocServer32 -> AcSmComponents.dll No File
CustomCLSID: HKU\S-1-5-21-675510566-695927744-2032809450-1000_Classes\CLSID\{E241C669-FAD1-4B7D-BFC3-0EAE8C2AC54A}\InprocServer32 -> AcSmComponents.dll No File
CustomCLSID: HKU\S-1-5-21-675510566-695927744-2032809450-1000_Classes\CLSID\{E461448D-16E6-4171-8E87-F318F00F25B7}\InprocServer32 -> AcETransmit.dll No File
CustomCLSID: HKU\S-1-5-21-675510566-695927744-2032809450-1000_Classes\CLSID\{E519390B-4446-42A2-8DC6-831C23A7B39B}\InprocServer32 -> AcSmComponents.dll No File
CustomCLSID: HKU\S-1-5-21-675510566-695927744-2032809450-1000_Classes\CLSID\{E8409617-E1C7-4EEC-8D79-BD05A6C05E07}\InprocServer32 -> C:\Program Files\Common Files\Autodesk Shared\WebServices1.dll (Autodesk, Inc.)
CustomCLSID: HKU\S-1-5-21-675510566-695927744-2032809450-1000_Classes\CLSID\{E8CF3E55-F919-49D9-ABC0-948E6CB34B9F}\InprocServer32 -> C:\Users\brian\AppData\Local\Google\Update\1.3.25.5\psuser_64.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-675510566-695927744-2032809450-1000_Classes\CLSID\{F2F14534-E917-4F0B-B16E-A6231097A57E}\InprocServer32 -> AcSmComponents.dll No File
CustomCLSID: HKU\S-1-5-21-675510566-695927744-2032809450-1000_Classes\CLSID\{F53A2DDF-75D5-4D4F-93EC-A3738B377441}\InprocServer32 -> AcSmComponents.dll No File
CustomCLSID: HKU\S-1-5-21-675510566-695927744-2032809450-1000_Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\brian\AppData\Roaming\Dropbox\bin\DropboxExt64.19.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-675510566-695927744-2032809450-1000_Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\brian\AppData\Roaming\Dropbox\bin\DropboxExt64.19.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-675510566-695927744-2032809450-1000_Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\brian\AppData\Roaming\Dropbox\bin\DropboxExt64.19.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-675510566-695927744-2032809450-1000_Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\brian\AppData\Roaming\Dropbox\bin\DropboxExt64.19.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-675510566-695927744-2032809450-1000_Classes\CLSID\{FE280FAA-6D4F-4E69-8B02-8A93BE9B35B7}\InprocServer32 -> C:\Program Files\Common Files\Autodesk Shared\LiveUpdate16.dll (Autodesk)
CustomCLSID: HKU\S-1-5-21-675510566-695927744-2032809450-1000_Classes\CLSID\{FE498BAB-CB4C-4F88-AC3F-3641AAAF5E9E}\InprocServer32 -> C:\Users\brian\AppData\Local\Google\Update\1.3.24.7\psuser_64.dll No File
CustomCLSID: HKU\S-1-5-21-675510566-695927744-2032809450-1000_Classes\CLSID\{FED36DDA-3FF0-4F37-859C-1D703F79C166}\InprocServer32 -> C:\Program Files\Common Files\Autodesk Shared\WebServices1.dll (Autodesk, Inc.)
 
==================== Restore Points  =========================
 
23-10-2014 18:14:44 AA11
23-10-2014 19:27:55 Removed AVG 2015
23-10-2014 19:29:59 Removed AVG 2015
23-10-2014 19:31:24 Removed Java 7 Update 71
23-10-2014 20:23:13 AA11
23-10-2014 20:24:38 Windows Update
24-10-2014 04:07:56 AA11
24-10-2014 04:10:04 avast! antivirus system restore point
28-10-2014 17:52:12 Windows Update
 
==================== Hosts content: ==========================
 
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 
2009-07-13 20:34 - 2014-02-26 20:58 - 00443881 ____R C:\windows\system32\Drivers\etc\hosts
127.0.0.1 www.007guard.com
127.0.0.1 007guard.com
127.0.0.1 008i.com
127.0.0.1 www.008k.com
127.0.0.1 008k.com
127.0.0.1 www.00hq.com
127.0.0.1 00hq.com
127.0.0.1 010402.com
127.0.0.1 www.032439.com
127.0.0.1 032439.com
127.0.0.1 www.0scan.com
127.0.0.1 0scan.com
127.0.0.1 www.1000gratisproben.com
127.0.0.1 1000gratisproben.com
127.0.0.1 1001namen.com
127.0.0.1 www.1001namen.com
127.0.0.1 100888290cs.com
127.0.0.1 www.100888290cs.com
127.0.0.1 www.100sexlinks.com
127.0.0.1 100sexlinks.com
127.0.0.1 www.10sek.com
127.0.0.1 10sek.com
127.0.0.1 www.1-2005-search.com
127.0.0.1 1-2005-search.com
127.0.0.1 www.123fporn.info
127.0.0.1 123fporn.info
127.0.0.1 123haustiereundmehr.com
127.0.0.1 www.123haustiereundmehr.com
127.0.0.1 123moviedownload.com
 
There are 1000 more lines.
 
 
==================== Scheduled Tasks (whitelisted) =============
 
(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)
 
Task: {04C50745-1933-4953-97D5-9F159E350B97} - System32\Tasks\Adobe Flash Player Updater => C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-10-26] (Adobe Systems Incorporated)
Task: {0648BA3B-560F-4686-B6D4-FD2224623E7E} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-675510566-695927744-2032809450-1000UA => C:\Users\brian\AppData\Local\Google\Update\GoogleUpdate.exe [2012-09-26] (Google Inc.)
Task: {0FE1948E-B7C1-45ED-9FCB-298ECFB1A2ED} - System32\Tasks\Hewlett-Packard\HP Support Assistant\PC Health Analysis => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2013-11-04] (Hewlett-Packard Company)
Task: {123A9D7B-4BD3-45A4-8F8A-7B9D68BD123D} - System32\Tasks\0414bUpdateInfo => C:\ProgramData\Avg_Update_0414b\0414b_AVG-Secure-Search-Update.exe
Task: {16DD2423-33F6-4D9C-AFFE-BF3B8BE9575F} - System32\Tasks\Opera scheduled Autoupdate 1398832462 => C:\Program Files (x86)\Opera\launcher.exe [2014-10-23] (Opera Software)
Task: {20402312-CD9A-429F-8AE8-6A85D44D1E94} - System32\Tasks\avast! Emergency Update => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe [2014-10-23] (AVAST Software)
Task: {2AA6EC45-3B89-443E-B43F-3E7F14604A3B} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-675510566-695927744-2032809450-1000Core => C:\Users\brian\AppData\Local\Google\Update\GoogleUpdate.exe [2012-09-26] (Google Inc.)
Task: {2D977AF5-10CC-4841-A32A-F9A12D2F5DD4} - System32\Tasks\Hewlett-Packard\HP Support Assistant\WarrantyChecker_DeviceScan => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPWarrantyChecker.exe [2014-09-22] (Hewlett-Packard)
Task: {326FD8D6-B4CE-40B4-BF79-A6C6B2CFA030} - System32\Tasks\HPCeeScheduleForbrian => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2011-07-15] (Hewlett-Packard)
Task: {34FE09DE-C649-4AA3-B73A-19274EF55924} - System32\Tasks\Hewlett-Packard\HP Support Assistant\Update Check => C:\ProgramData\Hewlett-Packard\HP Support Framework\Resources\Updater7\HPSFUpdater.exe [2014-05-12] (Hewlett-Packard Company)
Task: {42649AD4-BF71-4166-8B3B-424CC2589402} - System32\Tasks\Microsoft\Windows\Media Center\Extender\Update media permissions for Mcx1-ARKHAMCITY => C:\Windows\ehome\McxTask.exe [2009-07-13] (Microsoft Corporation)
Task: {459423A7-CFD7-4648-B95D-6FAD8F58A261} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-11-17] (Google Inc.)
Task: {5AA636D4-5109-4FE6-A7D4-E3ED2CC5F397} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {6AB086B0-E62D-47EF-AC16-B3632D90939A} - System32\Tasks\ROC_REG_JAN_DELETE => C:\ProgramData\AVG January 2013 Campaign\ROC.exe
Task: {730B5AB9-5EB1-4B7B-96BF-991F3105311C} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-11-17] (Google Inc.)
Task: {74FEA202-59EA-494B-87B9-45B7BD0C0963} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Assistant Quick Start => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2013-11-04] (Hewlett-Packard Company)
Task: {7544D085-D078-4D21-AF46-1D1AEF9D2E71} - System32\Tasks\Microsoft\Windows\WindowsBackup\AutomaticBackup => Rundll32.exe /d sdengin2.dll,ExecuteScheduledBackup
Task: {78E26254-CD12-4E79-B40F-F4E27DCF5979} - System32\Tasks\{9DF9B52D-FE5A-4819-ABA4-01FB09E2886F} => E:\Setup.exe [2003-08-01] (Konami Computer Entertainment Tokyo, Inc.                   )
Task: {7F8DE54B-1278-4AC1-A9A9-B4CC1E12DF1F} - System32\Tasks\Hewlett-Packard\HP Support Assistant\WarrantyChecker => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPWarrantyChecker.exe [2014-09-22] (Hewlett-Packard)
Task: {FB2567C0-8F6A-4F54-AC44-70EA1F3B7412} - System32\Tasks\{D0D2ED38-7876-4C90-A3D9-048AE1DAD3B0} => C:\Program Files (x86)\mysms\mysms.exe [2014-07-31] ()
Task: {FDB7AE45-1ED1-4731-8ED4-608D8CAC209C} - System32\Tasks\{87485819-13DE-4254-A99A-BF4248EAE4C1} => E:\Setup.exe [2003-08-01] (Konami Computer Entertainment Tokyo, Inc.                   )
Task: C:\windows\Tasks\Adobe Flash Player Updater.job => C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-675510566-695927744-2032809450-1000Core.job => C:\Users\brian\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-675510566-695927744-2032809450-1000UA.job => C:\Users\brian\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\windows\Tasks\HPCeeScheduleForbrian.job => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe
Task: C:\windows\Tasks\ROC_REG_JAN_DELETE.job => C:\ProgramData\AVG January 2013 Campaign\ROC.exe
 
==================== Loaded Modules (whitelisted) =============
 
2012-10-08 13:50 - 2014-10-16 08:11 - 00116880 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll
2014-03-23 20:52 - 2014-03-23 20:52 - 00075064 _____ () C:\windows\SysWOW64\PnkBstrA.exe
2012-07-14 14:49 - 2012-12-11 13:07 - 01184640 _____ () C:\Program Files\Tablet\Pen\libxml2.dll
2013-08-07 16:08 - 2014-07-31 15:59 - 00709632 _____ () C:\Program Files (x86)\mysms\mysms.exe
2014-10-28 04:55 - 2014-10-28 04:55 - 02898432 _____ () C:\Program Files\AVAST Software\Avast\defs\14102800\algo.dll
2014-01-20 14:17 - 2014-01-20 14:17 - 00073544 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
2014-10-11 13:05 - 2014-10-11 13:05 - 01044776 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
2014-08-13 18:06 - 2014-03-07 20:56 - 00117262 _____ () C:\Program Files (x86)\mysms\libgcc_s_dw2-1.dll
2014-08-13 18:06 - 2014-03-07 20:56 - 00970766 _____ () C:\Program Files (x86)\mysms\libstdc++-6.dll
2014-08-13 18:06 - 2014-01-15 10:36 - 03347428 _____ () C:\Program Files (x86)\mysms\icuin52.dll
2014-08-13 18:06 - 2014-01-15 10:36 - 01992280 _____ () C:\Program Files (x86)\mysms\icuuc52.dll
2014-08-13 18:06 - 2014-01-15 10:36 - 23544786 _____ () C:\Program Files (x86)\mysms\icudt52.dll
2014-08-13 18:06 - 2014-06-19 13:08 - 01276416 _____ () C:\Program Files (x86)\mysms\platforms\qwindows.dll
2014-08-13 18:06 - 2014-06-19 13:05 - 00031232 _____ () C:\Program Files (x86)\mysms\imageformats\qgif.dll
2014-08-13 18:06 - 2014-06-19 13:06 - 00242176 _____ () C:\Program Files (x86)\mysms\imageformats\qjpeg.dll
2014-05-26 00:46 - 2012-11-23 10:18 - 00174712 _____ () C:\Program Files (x86)\VIA\VIAudioi\EnvyADeck\Envy24Api.dll
2014-05-26 00:46 - 2012-11-23 10:18 - 00076408 _____ () C:\Program Files (x86)\VIA\VIAudioi\EnvyADeck\QsApoApi.dll
2014-08-26 16:47 - 2014-08-26 16:47 - 21118304 _____ () C:\Program Files (x86)\Evernote\Evernote\libcef.dll
2014-08-26 16:47 - 2014-08-26 16:47 - 00436576 _____ () C:\Program Files (x86)\Evernote\Evernote\libxml2.dll
2014-08-26 16:47 - 2014-08-26 16:47 - 00318304 _____ () C:\Program Files (x86)\Evernote\Evernote\libtidy.dll
2014-08-26 16:47 - 2014-08-26 16:47 - 00985968 _____ () C:\Program Files (x86)\Evernote\Evernote\avcodec-54.dll
2014-08-26 16:47 - 2014-08-26 16:47 - 00136048 _____ () C:\Program Files (x86)\Evernote\Evernote\avutil-51.dll
2014-08-26 16:47 - 2014-08-26 16:47 - 00192368 _____ () C:\Program Files (x86)\Evernote\Evernote\avformat-54.dll
2014-10-23 22:11 - 2014-10-23 22:11 - 38561576 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll
2014-10-27 17:00 - 2014-10-21 22:04 - 01042760 _____ () C:\Users\brian\AppData\Local\Google\Chrome\Application\38.0.2125.111\libglesv2.dll
2014-10-27 17:00 - 2014-10-21 22:04 - 00211272 _____ () C:\Users\brian\AppData\Local\Google\Chrome\Application\38.0.2125.111\libegl.dll
2014-10-27 17:00 - 2014-10-21 22:04 - 08910664 _____ () C:\Users\brian\AppData\Local\Google\Chrome\Application\38.0.2125.111\pdf.dll
2014-10-27 17:00 - 2014-10-21 22:04 - 01681224 _____ () C:\Users\brian\AppData\Local\Google\Chrome\Application\38.0.2125.111\ffmpegsumo.dll
2014-08-29 19:02 - 2014-08-21 12:15 - 01171456 _____ () C:\Program Files (x86)\Steam\libavcodec-56.dll
2014-08-29 19:02 - 2014-08-21 12:15 - 00442368 _____ () C:\Program Files (x86)\Steam\libavutil-54.dll
2014-08-29 19:02 - 2014-08-21 12:15 - 00332800 _____ () C:\Program Files (x86)\Steam\libavresample-2.dll
2013-02-28 11:52 - 2014-10-01 17:16 - 00774656 _____ () C:\Program Files (x86)\Steam\SDL2.dll
2014-05-01 13:30 - 2014-10-28 13:12 - 02227904 _____ () C:\Program Files (x86)\Steam\video.dll
2014-08-29 19:02 - 2014-08-21 12:15 - 00403968 _____ () C:\Program Files (x86)\Steam\libavformat-56.dll
2014-08-29 19:02 - 2014-08-21 12:15 - 00485888 _____ () C:\Program Files (x86)\Steam\libswscale-3.dll
2012-08-16 11:02 - 2014-10-28 13:12 - 00690368 _____ () C:\Program Files (x86)\Steam\bin\chromehtml.DLL
2012-08-16 11:02 - 2014-10-27 12:53 - 34589888 _____ () C:\Program Files (x86)\Steam\bin\libcef.dll
2014-10-27 17:00 - 2014-10-21 22:05 - 14902600 _____ () C:\Users\brian\AppData\Local\Google\Chrome\Application\38.0.2125.111\PepperFlash\pepflashplayer.dll
 
==================== Alternate Data Streams (whitelisted) =========
 
(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)
 
 
==================== Safe Mode (whitelisted) ===================
 
(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
 
 
==================== EXE Association (whitelisted) =============
 
(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)
 
 
==================== MSCONFIG/TASK MANAGER disabled items =========
 
(Currently there is no automatic fix for this section.)
 
MSCONFIG\startupreg: Actual Multiple Monitors => "C:\Program Files (x86)\Actual Multiple Monitors\ActualMultipleMonitorsCenter.exe"
MSCONFIG\startupreg: ApplePhotoStreams => C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe
MSCONFIG\startupreg: APSDaemon => "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
MSCONFIG\startupreg: AVG-Secure-Search-Update_0913a => C:\Users\brian\AppData\Roaming\AVG 0913a Campaign\AVG-Secure-Search-Update-0913a.exe /PROMPT --mid 01d2a1b5c0cc47d082753909b497f74b-292a3202723fddab8aa9c1d45efcd6bc36186266 --CMPID 0913a
MSCONFIG\startupreg: BambooCore => C:\Program Files (x86)\Bamboo Dock\BambooCore.exe
MSCONFIG\startupreg: BoxSyncHelper => "C:\Program Files\Box Sync\BoxSyncHelper.exe"
MSCONFIG\startupreg: com.apple.dav.bookmarks.daemon => C:\Program Files (x86)\Common Files\Apple\Internet Services\BookmarkDAV_client.exe
MSCONFIG\startupreg: Copy => "C:\Users\brian\AppData\Roaming\Copy\CopyAgent.exe"
MSCONFIG\startupreg: Dowce => C:\Users\brian\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dowce\Dowce.appref-ms
MSCONFIG\startupreg: GoogleDriveSync => "C:\Program Files (x86)\Google\Drive\googledrivesync.exe" /autostart
MSCONFIG\startupreg: iCloudServices => C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe
MSCONFIG\startupreg: iTunesHelper => "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
MSCONFIG\startupreg: KiesAirMessage => C:\Program Files (x86)\Samsung\Kies\KiesAirMessage.exe -startup
MSCONFIG\startupreg: KiesPreload => C:\Program Files (x86)\Samsung\Kies\Kies.exe /preload
MSCONFIG\startupreg: KiesTrayAgent => C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe
MSCONFIG\startupreg: Launch LCore => C:\Program Files\Logitech Gaming Software\LCore.exe /minimized
MSCONFIG\startupreg: LightShot => C:\Users\brian\AppData\Local\Skillbrains\lightshot\Lightshot.exe
MSCONFIG\startupreg: Logitech Download Assistant => C:\Windows\system32\rundll32.exe C:\Windows\System32\LogiLDA.dll,LogiFetch
MSCONFIG\startupreg: mysms => "C:\Program Files (x86)\mysms\mysms.exe" min
MSCONFIG\startupreg: QuickTime Task => "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
MSCONFIG\startupreg: Razer Nostromo Driver => C:\Program Files (x86)\Razer\Nostromo\RazerNostromoSysTray.exe
MSCONFIG\startupreg: ROC_ROC_APR2013_AV => C:\Users\brian\AppData\Roaming\AVG April 2013 Campaign\AVG-Secure-Search-Update.exe /PROMPT --mid 01d2a1b5c0cc47d082753909b497f74b-292a3202723fddab8aa9c1d45efcd6bc36186266 --CMPID ROC_APR2013_AV --CMPIDEXTRA 2013
MSCONFIG\startupreg: Screenshot Captor => "C:\Program Files (x86)\ScreenshotCaptor\ScreenshotCaptor.exe" /autorun
MSCONFIG\startupreg: SearchProtection => "C:\Users\brian\AppData\Roaming\Search Protection\SearchProtection.EXE" /autostart
MSCONFIG\startupreg: Start WingMan Profiler => C:\Program Files\Logitech\Gaming Software\LWEMon.exe /noui
MSCONFIG\startupreg: tvncontrol => "C:\Program Files\TightVNC\tvnserver.exe" -controlservice -slave
MSCONFIG\startupreg: WinampAgent => "C:\Program Files (x86)\Winamp\winampa.exe"
MSCONFIG\startupreg: WLSync => "C:\Program Files (x86)\Windows Live\Mesh\WLSync.exe" /background
MSCONFIG\startupreg: Xpadder => "C:\Users\brian\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\deck\INPUT\[press marble]\moon\gaming tools\Xpadder.exe" /m
 
========================= Accounts: ==========================
 
Administrator (S-1-5-21-675510566-695927744-2032809450-500 - Administrator - Disabled)
brian (S-1-5-21-675510566-695927744-2032809450-1000 - Administrator - Enabled) => C:\Users\brian
Guest (S-1-5-21-675510566-695927744-2032809450-501 - Limited - Enabled)
HomeGroupUser$ (S-1-5-21-675510566-695927744-2032809450-1006 - Limited - Enabled)
Mcx1-ARKHAMCITY (S-1-5-21-675510566-695927744-2032809450-1007 - Limited - Enabled) => C:\Users\Mcx1-ARKHAMCITY
 
==================== Faulty Device Manager Devices =============
 
Name: Programmable Root Enumerator
Description: Programming Support
Class Guid: {678dcf40-e2e6-11d5-8cd5-e960089ea00a}
Manufacturer: Mad Catz
Service: SaiNtBus
Problem: : This device is not working properly because Windows cannot load the drivers required for this device. (Code 31)
Resolution: Update the driver
 
Name: Programmable Root Enumerator
Description: Programming Support
Class Guid: {678dcf40-e2e6-11d5-8cd5-e960089ea00a}
Manufacturer: Mad Catz
Service: SaiNtBus
Problem: : This device is not working properly because Windows cannot load the drivers required for this device. (Code 31)
Resolution: Update the driver
 
Name: Programmable Root Enumerator
Description: Programming Support
Class Guid: {678dcf40-e2e6-11d5-8cd5-e960089ea00a}
Manufacturer: Mad Catz
Service: SaiNtBus
Problem: : This device is not working properly because Windows cannot load the drivers required for this device. (Code 31)
Resolution: Update the driver
 
Name: Programmable Root Enumerator
Description: Programming Support
Class Guid: {678dcf40-e2e6-11d5-8cd5-e960089ea00a}
Manufacturer: Mad Catz
Service: SaiNtBus
Problem: : This device is not working properly because Windows cannot load the drivers required for this device. (Code 31)
Resolution: Update the driver
 
Name: Programmable Root Enumerator
Description: Programming Support
Class Guid: {678dcf40-e2e6-11d5-8cd5-e960089ea00a}
Manufacturer: Mad Catz
Service: SaiNtBus
Problem: : This device is not working properly because Windows cannot load the drivers required for this device. (Code 31)
Resolution: Update the driver
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (10/27/2014 09:01:45 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: ERROR: handle_resolve_request bad interfaceIndex 24
 
Error: (10/27/2014 09:01:45 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: ERROR: handle_resolve_request bad interfaceIndex 23
 
Error: (10/27/2014 09:01:45 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: ERROR: handle_resolve_request bad interfaceIndex 22
 
Error: (10/27/2014 09:01:45 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: ERROR: handle_resolve_request bad interfaceIndex 21
 
Error: (10/27/2014 09:01:45 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: ERROR: handle_resolve_request bad interfaceIndex 20
 
Error: (10/27/2014 09:01:45 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: ERROR: handle_resolve_request bad interfaceIndex 19
 
Error: (10/27/2014 09:01:45 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: ERROR: handle_resolve_request bad interfaceIndex 18
 
Error: (10/27/2014 09:01:45 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: ERROR: handle_resolve_request bad interfaceIndex 17
 
Error: (10/27/2014 09:01:45 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: ERROR: handle_resolve_request bad interfaceIndex 16
 
Error: (10/27/2014 09:01:45 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: ERROR: handle_resolve_request bad interfaceIndex 15
 
 
System errors:
=============
Error: (10/28/2014 01:22:11 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Steam Client Service service failed to start due to the following error: 
%%1053
 
Error: (10/28/2014 01:22:11 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the Steam Client Service service to connect.
 
Error: (10/28/2014 00:45:13 PM) (Source: EventLog) (EventID: 6008) (User: )
Description: The previous system shutdown at 12:32:20 PM on ‎10/‎28/‎2014 was unexpected.
 
Error: (10/27/2014 04:56:44 PM) (Source: Service Control Manager) (EventID: 7022) (User: )
Description: The Windows Update service hung on starting.
 
Error: (10/27/2014 04:50:29 PM) (Source: EventLog) (EventID: 6008) (User: )
Description: The previous system shutdown at 4:38:21 PM on ‎10/‎27/‎2014 was unexpected.
 
 
Microsoft Office Sessions:
=========================
Error: (10/27/2014 09:01:45 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: ERROR: handle_resolve_request bad interfaceIndex 24
 
Error: (10/27/2014 09:01:45 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: ERROR: handle_resolve_request bad interfaceIndex 23
 
Error: (10/27/2014 09:01:45 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: ERROR: handle_resolve_request bad interfaceIndex 22
 
Error: (10/27/2014 09:01:45 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: ERROR: handle_resolve_request bad interfaceIndex 21
 
Error: (10/27/2014 09:01:45 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: ERROR: handle_resolve_request bad interfaceIndex 20
 
Error: (10/27/2014 09:01:45 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: ERROR: handle_resolve_request bad interfaceIndex 19
 
Error: (10/27/2014 09:01:45 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: ERROR: handle_resolve_request bad interfaceIndex 18
 
Error: (10/27/2014 09:01:45 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: ERROR: handle_resolve_request bad interfaceIndex 17
 
Error: (10/27/2014 09:01:45 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: ERROR: handle_resolve_request bad interfaceIndex 16
 
Error: (10/27/2014 09:01:45 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: ERROR: handle_resolve_request bad interfaceIndex 15
 
 
CodeIntegrity Errors:
===================================
  Date: 2012-10-09 19:20:22.348
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\SaiBus.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2012-10-09 19:20:22.348
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\SaiBus.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2012-10-09 19:20:22.301
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\SaiBus.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2012-10-09 19:20:22.285
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\SaiBus.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2012-10-09 19:03:09.942
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\SaiBus.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2012-10-09 19:03:09.942
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\SaiBus.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2012-10-09 19:03:09.895
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\SaiBus.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2012-10-09 19:03:09.880
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\SaiBus.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2012-10-08 14:05:03.387
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\SaiBus.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2012-10-08 14:05:03.371
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\SaiBus.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
 
==================== Memory info =========================== 
 
Processor: Intel® Core™ i5-2500 CPU @ 3.30GHz
Percentage of memory in use: 40%
Total physical RAM: 8174.56 MB
Available physical RAM: 4891.22 MB
Total Pagefile: 16347.3 MB
Available Pagefile: 12477.59 MB
Total Virtual: 8192 MB
Available Virtual: 8191.8 MB
 
==================== Drives ================================
 
Drive c: (OS) (Fixed) (Total:931.29 GB) (Free:142.17 GB) NTFS ==>[System with boot components (obtained from reading drive)]
Drive d: (THE STAR) (Fixed) (Total:232.88 GB) (Free:159.16 GB) NTFS
Drive e: (Disk1) (CDROM) (Total:0.49 GB) (Free:0 GB) CDFS
Drive f: (ARCHIVE) (Fixed) (Total:74.5 GB) (Free:20.07 GB) NTFS
Drive l: (PROJECTS) (Fixed) (Total:465.76 GB) (Free:465.65 GB) NTFS
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (Size: 931.5 GB) (Disk ID: 8EDD6ED3)
 
Partition: GPT Partition Type.
 
========================================================
Disk: 1 (MBR Code: Windows XP) (Size: 74.5 GB) (Disk ID: 480F8E2C)
Partition 1: (Active) - (Size=74.5 GB) - (Type=07 NTFS)
 
========================================================
Disk: 6 (Size: 232.9 GB) (Disk ID: 5C74AE42)
Partition 1: (Not Active) - (Size=232.9 GB) - (Type=07 NTFS)
 
========================================================
Disk: 7 (MBR Code: Windows XP) (Size: 465.8 GB) (Disk ID: 00055FE4)
Partition 1: (Not Active) - (Size=465.8 GB) - (Type=07 NTFS)
 
==================== End Of Log ============================
 
 
i was able to get the green words to stop showing ads by opting out of them, but i don't know if this is a permanent fix
 
thanks again


#6 LiquidTension

LiquidTension

  • Malware Response Team
  • 1,278 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:06:23 PM

Posted 28 October 2014 - 02:57 PM

Thank you. I'm heading off now, but will return with instructions for you later. 


Posted Image

#7 hazelludlow

hazelludlow
  • Topic Starter

  • Members
  • 40 posts
  • OFFLINE
  •  
  • Local time:12:23 PM

Posted 28 October 2014 - 03:23 PM

no problem...it's getting late over there...



#8 LiquidTension

LiquidTension

  • Malware Response Team
  • 1,278 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:06:23 PM

Posted 28 October 2014 - 07:04 PM

Hello, 
 
Please consider the following warning, and complete the instructions below. 
 

goGMWSt.gifP2P WARNING

------------------------------

I see you have peer-to-peer (P2P) file sharing software installed on your computer (uTorrent & BitTorrent). I advise you avoid P2P file sharing programmes; they are a security risk which can make your computer susceptible to malware. File sharing networks are thoroughly infected and infested with malware - wormsbackdoor TrojansIRCBots, and rootkits propagate via P2P file sharing networks, gaming, and underground sites. Users visiting such pages may see innocuous-looking banner ads containing code which can trigger pop-up ads and malicious Flash ads that install viruses, Trojans, and spyware. The best way to reduce the risk of infection is to avoid these types of web sites and not use P2P applications. Please read the following articles for more information.

Your P2P software can be removed by following the instructions below.
  • Press the Windows Key pdKOQKY.png + r on your keyboard at the same time. Type appwiz.cpl and click OK.
  • Search for the aforementioned programmes, right-click and click Uninstall.
If you choose not to, please refrain from using the programme(s) during this process.

 
Do you recognise the following programmes?

  • butt
  • Missing 

Do you recognise this Firefox extension? AddThis
 

STEP 1
xlK5Hdb.png Farbar Recovery Scan Tool (FRST) Script

  • Press the Windows Key pdKOQKY.png + r on your keyboard at the same time. Type Notepad and click OK.
  • Copy the entire contents of the codebox below and paste into the Notepad document.
    start
    HKLM-x32\...\Run: [] => [X]
    HKU\S-1-5-21-675510566-695927744-2032809450-1000\...\Run: [AVG-Secure-Search-Update_1113a] => C:\Users\brian\AppData\Roaming\AVG 1113a Campaign\AVG-Secure-Search-Update-1113a.exe /PROMPT /mid=01d2a1b5c0cc47d082753909b497f74b-292a3202723fddab8aa9c1d45efcd6bc36186266 /CMPID=1113a
    HKU\S-1-5-21-675510566-695927744-2032809450-1000\...\Run: [AvgUpdater] => C:\ProgramData\Avg_Update_0414b\0414b_AVG-Secure-Search-Update.exe  /SETINFO /CMPID=0414b /INFORETRY=2
    HKU\S-1-5-21-675510566-695927744-2032809450-1000\...\MountPoints2: {f480df1a-aef0-11e1-9229-806e6f6e6963} - E:\autorun.exe
    ShellIconOverlayIdentifiers: [1aCopyShExtError] -> {83BEA36E-7680-4598-A4DF-994426F6E78D} => C:\Users\brian\AppData\Roaming\Copy\overlay\CopyShExt.dll No File
    ShellIconOverlayIdentifiers: [2aCopyShExtSynced] -> {845B7388-6F85-4F32-9FD5-F02DC7882B89} => C:\Users\brian\AppData\Roaming\Copy\overlay\CopyShExt.dll No File
    ShellIconOverlayIdentifiers: [3aCopyShExtSyncing] -> {F6378A7A-F753-449B-AE1B-997A96132E61} => C:\Users\brian\AppData\Roaming\Copy\overlay\CopyShExt.dll No File
    ShellIconOverlayIdentifiers: [4aCopyShExtSyncingProg1] -> {3A511828-777D-46F8-82F4-5B530C1B3D9E} => C:\Users\brian\AppData\Roaming\Copy\overlay\CopyShExt.dll No File
    ShellIconOverlayIdentifiers: [5aCopyShExtSyncingProg2] -> {C8C88204-5B14-40EC-BA72-8AEBC762047E} => C:\Users\brian\AppData\Roaming\Copy\overlay\CopyShExt.dll No File
    ShellIconOverlayIdentifiers: [6aCopyShExtSyncingProg3] -> {ACFF45C3-3EEB-4351-86C2-6696BA264239} => C:\Users\brian\AppData\Roaming\Copy\overlay\CopyShExt.dll No File
    ShellIconOverlayIdentifiers: [7aCopyShExtSyncingProg4] -> {29AF997F-488B-46F0-AE78-7146F1B89CC3} => C:\Users\brian\AppData\Roaming\Copy\overlay\CopyShExt.dll No File
    ShellIconOverlayIdentifiers: [8aCopyShExtSyncingProg5] -> {03F9AD29-1C78-4B66-8890-B177B5430C53} => C:\Users\brian\AppData\Roaming\Copy\overlay\CopyShExt.dll No File
    SearchScopes: HKCU - {3E1BCB98-8F6E-429C-9D10-180B59AD12BF} URL = http://search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&ilc=12&type=293224&p={searchTerms}
    SearchScopes: HKCU - {D874E16D-B481-44A6-805B-014721441E10} URL = https://search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&ilc=12&type=282369&p={searchTerms}
    SearchScopes: HKCU - {D944BB61-2E34-4DBF-A683-47E505C587DC} URL =
    Toolbar: HKCU - No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} -  No File
    Handler: belarc - {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} -  No File
    FF Keyword.URL: https://search.yahoo.com/search?fr=greentree_ff1&ei=utf-8&ilc=12&type=282369&p=
    FF SearchPlugin: C:\Users\brian\AppData\Roaming\Mozilla\Firefox\Profiles\brian\searchplugins\duckduckgo-http.xml
    FF SearchPlugin: C:\Users\brian\AppData\Roaming\Mozilla\Firefox\Profiles\brian\searchplugins\yahoo_ff.xml
    CHR HomePage: Default -> hxxp://search.conduit.com/?ctid=CT3317187&octid=EB_ORIGINAL_CTID&SearchSource=55&CUI=&UM=2&UP=SP69E55F87-CF5F-4502-92E7-B4B07DBA3790&SSPV=
    CHR HKCU\...\Chrome\Extension: [nemfjadlboooiffmcelkafilagddogim] - C:\Users\brian\AppData\Local\CRE\nemfjadlboooiffmcelkafilagddogim.crx []
    CHR HKLM-x32\...\Chrome\Extension: [nemfjadlboooiffmcelkafilagddogim] - C:\Users\brian\AppData\Local\CRE\nemfjadlboooiffmcelkafilagddogim.crx [2014-10-23]
    CustomCLSID: HKU\S-1-5-21-675510566-695927744-2032809450-1000_Classes\CLSID\{0E299B3E-7F99-4DEB-B0D5-0A112857C054}\InprocServer32 -> AcSmComponents.dll No File
    CustomCLSID: HKU\S-1-5-21-675510566-695927744-2032809450-1000_Classes\CLSID\{1045CF6C-B363-4AE9-9BAA-E4CA726D380C}\InprocServer32 -> AcSmComponents.dll No File
    CustomCLSID: HKU\S-1-5-21-675510566-695927744-2032809450-1000_Classes\CLSID\{1A1F2E99-0AA9-4639-8318-2B15EA3B7CF3}\InprocServer32 -> AcETransmit.dll No File
    CustomCLSID: HKU\S-1-5-21-675510566-695927744-2032809450-1000_Classes\CLSID\{1B918443-5C9F-4853-A180-1337C6030A14}\InprocServer32 -> AcSmComponents.dll No File
    CustomCLSID: HKU\S-1-5-21-675510566-695927744-2032809450-1000_Classes\CLSID\{2A45DA6A-F580-4F3F-81D3-F263C4F5C44B}\InprocServer32 -> AcETransmit.dll No File
    CustomCLSID: HKU\S-1-5-21-675510566-695927744-2032809450-1000_Classes\CLSID\{31AADAA2-C699-4D85-B906-8C3811AD197D}\InprocServer32 -> AcSmComponents.dll No File
    CustomCLSID: HKU\S-1-5-21-675510566-695927744-2032809450-1000_Classes\CLSID\{34E84AEF-17E9-4DB8-BB82-F52B2BB24235}\InprocServer32 -> AcSmComponents.dll No File
    CustomCLSID: HKU\S-1-5-21-675510566-695927744-2032809450-1000_Classes\CLSID\{355EC88A-02E2-4547-9DEE-F87426484BD1}\InprocServer32 -> C:\Users\brian\AppData\Local\Google\Update\1.3.23.9\psuser_64.dll No File
    CustomCLSID: HKU\S-1-5-21-675510566-695927744-2032809450-1000_Classes\CLSID\{406C401B-13BB-49E7-8BCD-85686595726D}\InprocServer32 -> AcSmComponents.dll No File
    CustomCLSID: HKU\S-1-5-21-675510566-695927744-2032809450-1000_Classes\CLSID\{41E3897F-6CDF-4206-A153-32D5EBD78A54}\InprocServer32 -> AcSmComponents.dll No File
    CustomCLSID: HKU\S-1-5-21-675510566-695927744-2032809450-1000_Classes\CLSID\{4452AD45-620C-4218-BE0A-3A9BA71D5B47}\InprocServer32 -> AcSmComponents.dll No File
    CustomCLSID: HKU\S-1-5-21-675510566-695927744-2032809450-1000_Classes\CLSID\{54B24080-8684-4CCD-B23D-84550AD6C302}\InprocServer32 -> AcSmComponents.dll No File
    CustomCLSID: HKU\S-1-5-21-675510566-695927744-2032809450-1000_Classes\CLSID\{55582F98-D4CE-4BA6-BDE5-3565F3291286}\InprocServer32 -> AcSmComponents.dll No File
    CustomCLSID: HKU\S-1-5-21-675510566-695927744-2032809450-1000_Classes\CLSID\{5DE62586-0DAB-4EFB-AF8F-7C1DF1D65326}\InprocServer32 -> AcSmComponents.dll No File
    CustomCLSID: HKU\S-1-5-21-675510566-695927744-2032809450-1000_Classes\CLSID\{67216A8C-511A-42F1-8129-A4831F29CAF3}\InprocServer32 -> AcSmComponents.dll No File
    CustomCLSID: HKU\S-1-5-21-675510566-695927744-2032809450-1000_Classes\CLSID\{71AE45C8-7317-44CF-8FD8-16A4CB9BC2E9}\InprocServer32 -> AcETransmit.dll No File
    CustomCLSID: HKU\S-1-5-21-675510566-695927744-2032809450-1000_Classes\CLSID\{76C3138F-E2FC-4905-977E-4032E827EF64}\InprocServer32 -> AcSmComponents.dll No File
    CustomCLSID: HKU\S-1-5-21-675510566-695927744-2032809450-1000_Classes\CLSID\{7811B785-E8F9-4024-88F3-4B5511DEAE48}\InprocServer32 -> AcSmComponents.dll No File
    CustomCLSID: HKU\S-1-5-21-675510566-695927744-2032809450-1000_Classes\CLSID\{7889CD73-6054-42B8-A3A3-12FEA1BE42A4}\InprocServer32 -> AcSmComponents.dll No File
    CustomCLSID: HKU\S-1-5-21-675510566-695927744-2032809450-1000_Classes\CLSID\{7C6A1883-3BD8-4954-9598-24331E1D93DB}\InprocServer32 -> AcSmComponents.dll No File
    CustomCLSID: HKU\S-1-5-21-675510566-695927744-2032809450-1000_Classes\CLSID\{8A49EFAD-D16A-4502-BE91-55332DE5D665}\InprocServer32 -> AcSmComponents.dll No File
    CustomCLSID: HKU\S-1-5-21-675510566-695927744-2032809450-1000_Classes\CLSID\{90B3DFBF-AF6A-4EA0-8899-F332194690F8}\InprocServer32 -> C:\Users\brian\AppData\Local\Google\Update\1.3.24.15\psuser_64.dll No File
    CustomCLSID: HKU\S-1-5-21-675510566-695927744-2032809450-1000_Classes\CLSID\{9BD10691-3E41-4A8E-8059-D1D7D417CCA1}\InprocServer32 -> AcSmComponents.dll No File
    CustomCLSID: HKU\S-1-5-21-675510566-695927744-2032809450-1000_Classes\CLSID\{AA13284A-B9A6-4000-9AFC-B5275AD611C4}\InprocServer32 -> AcSmComponents.dll No File
    CustomCLSID: HKU\S-1-5-21-675510566-695927744-2032809450-1000_Classes\CLSID\{B2E79109-7DF6-4831-8392-2697271093F3}\InprocServer32 -> AcSmComponents.dll No File
    CustomCLSID: HKU\S-1-5-21-675510566-695927744-2032809450-1000_Classes\CLSID\{B76A05EF-0798-43E0-BE89-B064295B3A3A}\InprocServer32 -> AcSmComponents.dll No File
    CustomCLSID: HKU\S-1-5-21-675510566-695927744-2032809450-1000_Classes\CLSID\{BB64B2BC-3B7E-4DFB-ACFC-3D723A021132}\InprocServer32 -> AcSmComponents.dll No File
    CustomCLSID: HKU\S-1-5-21-675510566-695927744-2032809450-1000_Classes\CLSID\{C55DBA91-3CC5-49AB-97F1-AB3466570D28}\InprocServer32 -> AcSmComponents.dll No File
    CustomCLSID: HKU\S-1-5-21-675510566-695927744-2032809450-1000_Classes\CLSID\{CD2C7309-ED63-40D9-A291-E34F4EE697D8}\InprocServer32 -> AcSmComponents.dll No File
    CustomCLSID: HKU\S-1-5-21-675510566-695927744-2032809450-1000_Classes\CLSID\{CE2FD73C-A232-46E7-A341-B4C907C2F1B2}\InprocServer32 -> AcSmComponents.dll No File
    CustomCLSID: HKU\S-1-5-21-675510566-695927744-2032809450-1000_Classes\CLSID\{CE55492D-7CF5-4F60-A838-CB4504D26707}\InprocServer32 -> AcSmComponents.dll No File
    CustomCLSID: HKU\S-1-5-21-675510566-695927744-2032809450-1000_Classes\CLSID\{DF49A8DC-41C7-49B0-83AF-88775B522D39}\InprocServer32 -> AcSmComponents.dll No File
    CustomCLSID: HKU\S-1-5-21-675510566-695927744-2032809450-1000_Classes\CLSID\{E0B80D76-6471-45D2-8788-87081D4B1205}\InprocServer32 -> AcSmComponents.dll No File
    CustomCLSID: HKU\S-1-5-21-675510566-695927744-2032809450-1000_Classes\CLSID\{E0CECA44-0399-4AA7-92A6-2957E2C1F492}\InprocServer32 -> AcSmComponents.dll No File
    CustomCLSID: HKU\S-1-5-21-675510566-695927744-2032809450-1000_Classes\CLSID\{E241C669-FAD1-4B7D-BFC3-0EAE8C2AC54A}\InprocServer32 -> AcSmComponents.dll No File
    CustomCLSID: HKU\S-1-5-21-675510566-695927744-2032809450-1000_Classes\CLSID\{E461448D-16E6-4171-8E87-F318F00F25B7}\InprocServer32 -> AcETransmit.dll No File
    CustomCLSID: HKU\S-1-5-21-675510566-695927744-2032809450-1000_Classes\CLSID\{E519390B-4446-42A2-8DC6-831C23A7B39B}\InprocServer32 -> AcSmComponents.dll No File
    CustomCLSID: HKU\S-1-5-21-675510566-695927744-2032809450-1000_Classes\CLSID\{F2F14534-E917-4F0B-B16E-A6231097A57E}\InprocServer32 -> AcSmComponents.dll No File
    CustomCLSID: HKU\S-1-5-21-675510566-695927744-2032809450-1000_Classes\CLSID\{F53A2DDF-75D5-4D4F-93EC-A3738B377441}\InprocServer32 -> AcSmComponents.dll No File
    CustomCLSID: HKU\S-1-5-21-675510566-695927744-2032809450-1000_Classes\CLSID\{FE498BAB-CB4C-4F88-AC3F-3641AAAF5E9E}\InprocServer32 -> C:\Users\brian\AppData\Local\Google\Update\1.3.24.7\psuser_64.dll No File
    Task: {123A9D7B-4BD3-45A4-8F8A-7B9D68BD123D} - System32\Tasks\0414bUpdateInfo => C:\ProgramData\Avg_Update_0414b\0414b_AVG-Secure-Search-Update.exe
    C:\ProgramData\Avg_Update_0414b
    C:\Users\brian\AppData\Roaming\AVG 0913a Campaign
    C:\Users\brian\AppData\Roaming\AVG April 2013 Campaign
    C:\Users\brian\AppData\Roaming\Search Protection
    reg: reg delete "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\AVG-Secure-Search-Update_0913a" /f
    reg: reg delete "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\ROC_ROC_APR2013_AV" /f
    reg: reg delete "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\SearchProtection" /f
    CMD: ipconfig /flushdns
    CMD: netsh winsock reset all
    CMD: netsh int ipv4 reset
    CMD: netsh int ipv6 reset
    EmptyTemp:
    end
  • Click FileSave As and type fixlist.txt as the File Name
  • Important: The file must be saved in the same location as FRST64.exe. 

NOTICE: This script is intended for use on this particular machine. Do not use this script on any other machine; doing so may cause damage to your Operating System.

  • Right-Click FRST64.exe and select AVOiBNU.jpg Run as administrator to run the programme.
  • Click Fix.
  • A log (Fixlog.txt) will open on your desktop. Copy the contents of the log and paste in your next reply.
     

STEP 2
gxJsKn9.png Farbar Service Scanner (FSS)

  • Please download FSS and save the file to your Desktop.
  • Right-Click FSS.exe and select AVOiBNU.jpg Run as administrator to run the programme.
  • Ensure the following items are checked:
    • H5woOOZ.png.
    • TA6BLVm.png.
    • e1PK1mD.png.
    • mQdJltp.png.
    • 7wCHunX.png.
    • wU6iCZ5.png.
  • Click YMLYaf6.png.
  • A log (FSS.txt) will be created on your Desktop. Copy the contents of the log and paste in your next reply.
     

======================================================
 
STEP 3
xpfNZP4A.png.pagespeed.ic.bp5cRl1pJg.jpg Logs
In your next reply please include the following logs. Please be sure to copy and paste the requested logs, as well as provide information on any questions I may have asked.

  • Do you recognise the programmes and FF extensions?
  • Fixlog.txt
  • FSS.txt

Posted Image

#9 hazelludlow

hazelludlow
  • Topic Starter

  • Members
  • 40 posts
  • OFFLINE
  •  
  • Local time:12:23 PM

Posted 28 October 2014 - 10:55 PM

good morning, Adam

 

yes, i recognize the programs and extension...

 

 

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 27-10-2014 01
Ran by brian at 2014-10-28 21:40:08 Run:1
Running from C:\Users\brian\Desktop
Loaded Profile: brian (Available profiles: brian & Mcx1-ARKHAMCITY & DefaultAppPool)
Boot Mode: Normal
==============================================
 
Content of fixlist:
*****************
start
HKLM-x32\...\Run: [] => [X]
HKU\S-1-5-21-675510566-695927744-2032809450-1000\...\Run: [AVG-Secure-Search-Update_1113a] => C:\Users\brian\AppData\Roaming\AVG 1113a Campaign\AVG-Secure-Search-Update-1113a.exe /PROMPT /mid=01d2a1b5c0cc47d082753909b497f74b-292a3202723fddab8aa9c1d45efcd6bc36186266 /CMPID=1113a
HKU\S-1-5-21-675510566-695927744-2032809450-1000\...\Run: [AvgUpdater] => C:\ProgramData\Avg_Update_0414b\0414b_AVG-Secure-Search-Update.exe  /SETINFO /CMPID=0414b /INFORETRY=2
HKU\S-1-5-21-675510566-695927744-2032809450-1000\...\MountPoints2: {f480df1a-aef0-11e1-9229-806e6f6e6963} - E:\autorun.exe
ShellIconOverlayIdentifiers: [1aCopyShExtError] -> {83BEA36E-7680-4598-A4DF-994426F6E78D} => C:\Users\brian\AppData\Roaming\Copy\overlay\CopyShExt.dll No File
ShellIconOverlayIdentifiers: [2aCopyShExtSynced] -> {845B7388-6F85-4F32-9FD5-F02DC7882B89} => C:\Users\brian\AppData\Roaming\Copy\overlay\CopyShExt.dll No File
ShellIconOverlayIdentifiers: [3aCopyShExtSyncing] -> {F6378A7A-F753-449B-AE1B-997A96132E61} => C:\Users\brian\AppData\Roaming\Copy\overlay\CopyShExt.dll No File
ShellIconOverlayIdentifiers: [4aCopyShExtSyncingProg1] -> {3A511828-777D-46F8-82F4-5B530C1B3D9E} => C:\Users\brian\AppData\Roaming\Copy\overlay\CopyShExt.dll No File
ShellIconOverlayIdentifiers: [5aCopyShExtSyncingProg2] -> {C8C88204-5B14-40EC-BA72-8AEBC762047E} => C:\Users\brian\AppData\Roaming\Copy\overlay\CopyShExt.dll No File
ShellIconOverlayIdentifiers: [6aCopyShExtSyncingProg3] -> {ACFF45C3-3EEB-4351-86C2-6696BA264239} => C:\Users\brian\AppData\Roaming\Copy\overlay\CopyShExt.dll No File
ShellIconOverlayIdentifiers: [7aCopyShExtSyncingProg4] -> {29AF997F-488B-46F0-AE78-7146F1B89CC3} => C:\Users\brian\AppData\Roaming\Copy\overlay\CopyShExt.dll No File
ShellIconOverlayIdentifiers: [8aCopyShExtSyncingProg5] -> {03F9AD29-1C78-4B66-8890-B177B5430C53} => C:\Users\brian\AppData\Roaming\Copy\overlay\CopyShExt.dll No File
SearchScopes: HKCU - {3E1BCB98-8F6E-429C-9D10-180B59AD12BF} URL = http://search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&ilc=12&type=293224&p={searchTerms}
SearchScopes: HKCU - {D874E16D-B481-44A6-805B-014721441E10} URL = https://search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&ilc=12&type=282369&p={searchTerms}
SearchScopes: HKCU - {D944BB61-2E34-4DBF-A683-47E505C587DC} URL =
Toolbar: HKCU - No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} -  No File
Handler: belarc - {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} -  No File
FF SearchPlugin: C:\Users\brian\AppData\Roaming\Mozilla\Firefox\Profiles\brian\searchplugins\duckduckgo-http.xml
FF SearchPlugin: C:\Users\brian\AppData\Roaming\Mozilla\Firefox\Profiles\brian\searchplugins\yahoo_ff.xml
CHR HomePage: Default -> hxxp://search.conduit.com/?ctid=CT3317187&octid=EB_ORIGINAL_CTID&SearchSource=55&CUI=&UM=2&UP=SP69E55F87-CF5F-4502-92E7-B4B07DBA3790&SSPV=
CHR HKCU\...\Chrome\Extension: [nemfjadlboooiffmcelkafilagddogim] - C:\Users\brian\AppData\Local\CRE\nemfjadlboooiffmcelkafilagddogim.crx []
CHR HKLM-x32\...\Chrome\Extension: [nemfjadlboooiffmcelkafilagddogim] - C:\Users\brian\AppData\Local\CRE\nemfjadlboooiffmcelkafilagddogim.crx [2014-10-23]
CustomCLSID: HKU\S-1-5-21-675510566-695927744-2032809450-1000_Classes\CLSID\{0E299B3E-7F99-4DEB-B0D5-0A112857C054}\InprocServer32 -> AcSmComponents.dll No File
CustomCLSID: HKU\S-1-5-21-675510566-695927744-2032809450-1000_Classes\CLSID\{1045CF6C-B363-4AE9-9BAA-E4CA726D380C}\InprocServer32 -> AcSmComponents.dll No File
CustomCLSID: HKU\S-1-5-21-675510566-695927744-2032809450-1000_Classes\CLSID\{1A1F2E99-0AA9-4639-8318-2B15EA3B7CF3}\InprocServer32 -> AcETransmit.dll No File
CustomCLSID: HKU\S-1-5-21-675510566-695927744-2032809450-1000_Classes\CLSID\{1B918443-5C9F-4853-A180-1337C6030A14}\InprocServer32 -> AcSmComponents.dll No File
CustomCLSID: HKU\S-1-5-21-675510566-695927744-2032809450-1000_Classes\CLSID\{2A45DA6A-F580-4F3F-81D3-F263C4F5C44B}\InprocServer32 -> AcETransmit.dll No File
CustomCLSID: HKU\S-1-5-21-675510566-695927744-2032809450-1000_Classes\CLSID\{31AADAA2-C699-4D85-B906-8C3811AD197D}\InprocServer32 -> AcSmComponents.dll No File
CustomCLSID: HKU\S-1-5-21-675510566-695927744-2032809450-1000_Classes\CLSID\{34E84AEF-17E9-4DB8-BB82-F52B2BB24235}\InprocServer32 -> AcSmComponents.dll No File
CustomCLSID: HKU\S-1-5-21-675510566-695927744-2032809450-1000_Classes\CLSID\{355EC88A-02E2-4547-9DEE-F87426484BD1}\InprocServer32 -> C:\Users\brian\AppData\Local\Google\Update\1.3.23.9\psuser_64.dll No File
CustomCLSID: HKU\S-1-5-21-675510566-695927744-2032809450-1000_Classes\CLSID\{406C401B-13BB-49E7-8BCD-85686595726D}\InprocServer32 -> AcSmComponents.dll No File
CustomCLSID: HKU\S-1-5-21-675510566-695927744-2032809450-1000_Classes\CLSID\{41E3897F-6CDF-4206-A153-32D5EBD78A54}\InprocServer32 -> AcSmComponents.dll No File
CustomCLSID: HKU\S-1-5-21-675510566-695927744-2032809450-1000_Classes\CLSID\{4452AD45-620C-4218-BE0A-3A9BA71D5B47}\InprocServer32 -> AcSmComponents.dll No File
CustomCLSID: HKU\S-1-5-21-675510566-695927744-2032809450-1000_Classes\CLSID\{54B24080-8684-4CCD-B23D-84550AD6C302}\InprocServer32 -> AcSmComponents.dll No File
CustomCLSID: HKU\S-1-5-21-675510566-695927744-2032809450-1000_Classes\CLSID\{55582F98-D4CE-4BA6-BDE5-3565F3291286}\InprocServer32 -> AcSmComponents.dll No File
CustomCLSID: HKU\S-1-5-21-675510566-695927744-2032809450-1000_Classes\CLSID\{5DE62586-0DAB-4EFB-AF8F-7C1DF1D65326}\InprocServer32 -> AcSmComponents.dll No File
CustomCLSID: HKU\S-1-5-21-675510566-695927744-2032809450-1000_Classes\CLSID\{67216A8C-511A-42F1-8129-A4831F29CAF3}\InprocServer32 -> AcSmComponents.dll No File
CustomCLSID: HKU\S-1-5-21-675510566-695927744-2032809450-1000_Classes\CLSID\{71AE45C8-7317-44CF-8FD8-16A4CB9BC2E9}\InprocServer32 -> AcETransmit.dll No File
CustomCLSID: HKU\S-1-5-21-675510566-695927744-2032809450-1000_Classes\CLSID\{76C3138F-E2FC-4905-977E-4032E827EF64}\InprocServer32 -> AcSmComponents.dll No File
CustomCLSID: HKU\S-1-5-21-675510566-695927744-2032809450-1000_Classes\CLSID\{7811B785-E8F9-4024-88F3-4B5511DEAE48}\InprocServer32 -> AcSmComponents.dll No File
CustomCLSID: HKU\S-1-5-21-675510566-695927744-2032809450-1000_Classes\CLSID\{7889CD73-6054-42B8-A3A3-12FEA1BE42A4}\InprocServer32 -> AcSmComponents.dll No File
CustomCLSID: HKU\S-1-5-21-675510566-695927744-2032809450-1000_Classes\CLSID\{7C6A1883-3BD8-4954-9598-24331E1D93DB}\InprocServer32 -> AcSmComponents.dll No File
CustomCLSID: HKU\S-1-5-21-675510566-695927744-2032809450-1000_Classes\CLSID\{8A49EFAD-D16A-4502-BE91-55332DE5D665}\InprocServer32 -> AcSmComponents.dll No File
CustomCLSID: HKU\S-1-5-21-675510566-695927744-2032809450-1000_Classes\CLSID\{90B3DFBF-AF6A-4EA0-8899-F332194690F8}\InprocServer32 -> C:\Users\brian\AppData\Local\Google\Update\1.3.24.15\psuser_64.dll No File
CustomCLSID: HKU\S-1-5-21-675510566-695927744-2032809450-1000_Classes\CLSID\{9BD10691-3E41-4A8E-8059-D1D7D417CCA1}\InprocServer32 -> AcSmComponents.dll No File
CustomCLSID: HKU\S-1-5-21-675510566-695927744-2032809450-1000_Classes\CLSID\{AA13284A-B9A6-4000-9AFC-B5275AD611C4}\InprocServer32 -> AcSmComponents.dll No File
CustomCLSID: HKU\S-1-5-21-675510566-695927744-2032809450-1000_Classes\CLSID\{B2E79109-7DF6-4831-8392-2697271093F3}\InprocServer32 -> AcSmComponents.dll No File
CustomCLSID: HKU\S-1-5-21-675510566-695927744-2032809450-1000_Classes\CLSID\{B76A05EF-0798-43E0-BE89-B064295B3A3A}\InprocServer32 -> AcSmComponents.dll No File
CustomCLSID: HKU\S-1-5-21-675510566-695927744-2032809450-1000_Classes\CLSID\{BB64B2BC-3B7E-4DFB-ACFC-3D723A021132}\InprocServer32 -> AcSmComponents.dll No File
CustomCLSID: HKU\S-1-5-21-675510566-695927744-2032809450-1000_Classes\CLSID\{C55DBA91-3CC5-49AB-97F1-AB3466570D28}\InprocServer32 -> AcSmComponents.dll No File
CustomCLSID: HKU\S-1-5-21-675510566-695927744-2032809450-1000_Classes\CLSID\{CD2C7309-ED63-40D9-A291-E34F4EE697D8}\InprocServer32 -> AcSmComponents.dll No File
CustomCLSID: HKU\S-1-5-21-675510566-695927744-2032809450-1000_Classes\CLSID\{CE2FD73C-A232-46E7-A341-B4C907C2F1B2}\InprocServer32 -> AcSmComponents.dll No File
CustomCLSID: HKU\S-1-5-21-675510566-695927744-2032809450-1000_Classes\CLSID\{CE55492D-7CF5-4F60-A838-CB4504D26707}\InprocServer32 -> AcSmComponents.dll No File
CustomCLSID: HKU\S-1-5-21-675510566-695927744-2032809450-1000_Classes\CLSID\{DF49A8DC-41C7-49B0-83AF-88775B522D39}\InprocServer32 -> AcSmComponents.dll No File
CustomCLSID: HKU\S-1-5-21-675510566-695927744-2032809450-1000_Classes\CLSID\{E0B80D76-6471-45D2-8788-87081D4B1205}\InprocServer32 -> AcSmComponents.dll No File
CustomCLSID: HKU\S-1-5-21-675510566-695927744-2032809450-1000_Classes\CLSID\{E0CECA44-0399-4AA7-92A6-2957E2C1F492}\InprocServer32 -> AcSmComponents.dll No File
CustomCLSID: HKU\S-1-5-21-675510566-695927744-2032809450-1000_Classes\CLSID\{E241C669-FAD1-4B7D-BFC3-0EAE8C2AC54A}\InprocServer32 -> AcSmComponents.dll No File
CustomCLSID: HKU\S-1-5-21-675510566-695927744-2032809450-1000_Classes\CLSID\{E461448D-16E6-4171-8E87-F318F00F25B7}\InprocServer32 -> AcETransmit.dll No File
CustomCLSID: HKU\S-1-5-21-675510566-695927744-2032809450-1000_Classes\CLSID\{E519390B-4446-42A2-8DC6-831C23A7B39B}\InprocServer32 -> AcSmComponents.dll No File
CustomCLSID: HKU\S-1-5-21-675510566-695927744-2032809450-1000_Classes\CLSID\{F2F14534-E917-4F0B-B16E-A6231097A57E}\InprocServer32 -> AcSmComponents.dll No File
CustomCLSID: HKU\S-1-5-21-675510566-695927744-2032809450-1000_Classes\CLSID\{F53A2DDF-75D5-4D4F-93EC-A3738B377441}\InprocServer32 -> AcSmComponents.dll No File
CustomCLSID: HKU\S-1-5-21-675510566-695927744-2032809450-1000_Classes\CLSID\{FE498BAB-CB4C-4F88-AC3F-3641AAAF5E9E}\InprocServer32 -> C:\Users\brian\AppData\Local\Google\Update\1.3.24.7\psuser_64.dll No File
Task: {123A9D7B-4BD3-45A4-8F8A-7B9D68BD123D} - System32\Tasks\0414bUpdateInfo => C:\ProgramData\Avg_Update_0414b\0414b_AVG-Secure-Search-Update.exe
C:\ProgramData\Avg_Update_0414b
C:\Users\brian\AppData\Roaming\AVG 0913a Campaign
C:\Users\brian\AppData\Roaming\AVG April 2013 Campaign
C:\Users\brian\AppData\Roaming\Search Protection
reg: reg delete "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\AVG-Secure-Search-Update_0913a" /f
reg: reg delete "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\ROC_ROC_APR2013_AV" /f
reg: reg delete "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\SearchProtection" /f
CMD: ipconfig /flushdns
CMD: netsh winsock reset all
CMD: netsh int ipv4 reset
CMD: netsh int ipv6 reset
EmptyTemp:
end
*****************
 
HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\ => value deleted successfully.
HKU\S-1-5-21-675510566-695927744-2032809450-1000\Software\Microsoft\Windows\CurrentVersion\Run\\AVG-Secure-Search-Update_1113a => value deleted successfully.
HKU\S-1-5-21-675510566-695927744-2032809450-1000\Software\Microsoft\Windows\CurrentVersion\Run\\AvgUpdater => value deleted successfully.
"HKU\S-1-5-21-675510566-695927744-2032809450-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{f480df1a-aef0-11e1-9229-806e6f6e6963}" => Key deleted successfully.
"HKCR\CLSID\{f480df1a-aef0-11e1-9229-806e6f6e6963}" => Key not found.
"HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\1aCopyShExtError" => Key deleted successfully.
"HKCR\CLSID\{83BEA36E-7680-4598-A4DF-994426F6E78D}" => Key deleted successfully.
"HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\2aCopyShExtSynced" => Key deleted successfully.
"HKCR\CLSID\{845B7388-6F85-4F32-9FD5-F02DC7882B89}" => Key deleted successfully.
"HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\3aCopyShExtSyncing" => Key deleted successfully.
"HKCR\CLSID\{F6378A7A-F753-449B-AE1B-997A96132E61}" => Key deleted successfully.
"HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\4aCopyShExtSyncingProg1" => Key deleted successfully.
"HKCR\CLSID\{3A511828-777D-46F8-82F4-5B530C1B3D9E}" => Key deleted successfully.
"HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\5aCopyShExtSyncingProg2" => Key deleted successfully.
"HKCR\CLSID\{C8C88204-5B14-40EC-BA72-8AEBC762047E}" => Key deleted successfully.
"HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\6aCopyShExtSyncingProg3" => Key deleted successfully.
"HKCR\CLSID\{ACFF45C3-3EEB-4351-86C2-6696BA264239}" => Key deleted successfully.
"HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\7aCopyShExtSyncingProg4" => Key deleted successfully.
"HKCR\CLSID\{29AF997F-488B-46F0-AE78-7146F1B89CC3}" => Key deleted successfully.
"HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\8aCopyShExtSyncingProg5" => Key deleted successfully.
"HKCR\CLSID\{03F9AD29-1C78-4B66-8890-B177B5430C53}" => Key deleted successfully.
"HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{3E1BCB98-8F6E-429C-9D10-180B59AD12BF}" => Key deleted successfully.
"HKCR\CLSID\{3E1BCB98-8F6E-429C-9D10-180B59AD12BF}" => Key not found.
"HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{D874E16D-B481-44A6-805B-014721441E10}" => Key deleted successfully.
"HKCR\CLSID\{D874E16D-B481-44A6-805B-014721441E10}" => Key not found.
"HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{D944BB61-2E34-4DBF-A683-47E505C587DC}" => Key deleted successfully.
"HKCR\CLSID\{D944BB61-2E34-4DBF-A683-47E505C587DC}" => Key not found.
HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} => value deleted successfully.
"HKCR\CLSID\{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA}" => Key not found.
"HKCR\PROTOCOLS\Handler\belarc" => Key deleted successfully.
"HKCR\CLSID\{6318E0AB-2E93-11D1-B8ED-00608CC9A71F}" => Key not found.
Firefox Keyword.URL deleted successfully.
C:\Users\brian\AppData\Roaming\Mozilla\Firefox\Profiles\brian\searchplugins\duckduckgo-http.xml => Moved successfully.
C:\Users\brian\AppData\Roaming\Mozilla\Firefox\Profiles\brian\searchplugins\yahoo_ff.xml => Moved successfully.
Chrome HomePage deleted successfully.
"HKCU\SOFTWARE\Google\Chrome\Extensions\nemfjadlboooiffmcelkafilagddogim" => Key deleted successfully.
"C:\Users\brian\AppData\Local\CRE\nemfjadlboooiffmcelkafilagddogim.crx" => File/Directory not found.
"HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\nemfjadlboooiffmcelkafilagddogim" => Key deleted successfully.
"C:\Users\brian\AppData\Local\CRE\nemfjadlboooiffmcelkafilagddogim.crx" => File/Directory not found.
"HKU\S-1-5-21-675510566-695927744-2032809450-1000_Classes\CLSID\{0E299B3E-7F99-4DEB-B0D5-0A112857C054}" => Key deleted successfully.
"HKU\S-1-5-21-675510566-695927744-2032809450-1000_Classes\CLSID\{1045CF6C-B363-4AE9-9BAA-E4CA726D380C}" => Key deleted successfully.
"HKU\S-1-5-21-675510566-695927744-2032809450-1000_Classes\CLSID\{1A1F2E99-0AA9-4639-8318-2B15EA3B7CF3}" => Key deleted successfully.
"HKU\S-1-5-21-675510566-695927744-2032809450-1000_Classes\CLSID\{1B918443-5C9F-4853-A180-1337C6030A14}" => Key deleted successfully.
"HKU\S-1-5-21-675510566-695927744-2032809450-1000_Classes\CLSID\{2A45DA6A-F580-4F3F-81D3-F263C4F5C44B}" => Key deleted successfully.
"HKU\S-1-5-21-675510566-695927744-2032809450-1000_Classes\CLSID\{31AADAA2-C699-4D85-B906-8C3811AD197D}" => Key deleted successfully.
"HKU\S-1-5-21-675510566-695927744-2032809450-1000_Classes\CLSID\{34E84AEF-17E9-4DB8-BB82-F52B2BB24235}" => Key deleted successfully.
"HKU\S-1-5-21-675510566-695927744-2032809450-1000_Classes\CLSID\{355EC88A-02E2-4547-9DEE-F87426484BD1}" => Key deleted successfully.
"HKU\S-1-5-21-675510566-695927744-2032809450-1000_Classes\CLSID\{406C401B-13BB-49E7-8BCD-85686595726D}" => Key deleted successfully.
"HKU\S-1-5-21-675510566-695927744-2032809450-1000_Classes\CLSID\{41E3897F-6CDF-4206-A153-32D5EBD78A54}" => Key deleted successfully.
"HKU\S-1-5-21-675510566-695927744-2032809450-1000_Classes\CLSID\{4452AD45-620C-4218-BE0A-3A9BA71D5B47}" => Key deleted successfully.
"HKU\S-1-5-21-675510566-695927744-2032809450-1000_Classes\CLSID\{54B24080-8684-4CCD-B23D-84550AD6C302}" => Key deleted successfully.
"HKU\S-1-5-21-675510566-695927744-2032809450-1000_Classes\CLSID\{55582F98-D4CE-4BA6-BDE5-3565F3291286}" => Key deleted successfully.
"HKU\S-1-5-21-675510566-695927744-2032809450-1000_Classes\CLSID\{5DE62586-0DAB-4EFB-AF8F-7C1DF1D65326}" => Key deleted successfully.
"HKU\S-1-5-21-675510566-695927744-2032809450-1000_Classes\CLSID\{67216A8C-511A-42F1-8129-A4831F29CAF3}" => Key deleted successfully.
"HKU\S-1-5-21-675510566-695927744-2032809450-1000_Classes\CLSID\{71AE45C8-7317-44CF-8FD8-16A4CB9BC2E9}" => Key deleted successfully.
"HKU\S-1-5-21-675510566-695927744-2032809450-1000_Classes\CLSID\{76C3138F-E2FC-4905-977E-4032E827EF64}" => Key deleted successfully.
"HKU\S-1-5-21-675510566-695927744-2032809450-1000_Classes\CLSID\{7811B785-E8F9-4024-88F3-4B5511DEAE48}" => Key deleted successfully.
"HKU\S-1-5-21-675510566-695927744-2032809450-1000_Classes\CLSID\{7889CD73-6054-42B8-A3A3-12FEA1BE42A4}" => Key deleted successfully.
"HKU\S-1-5-21-675510566-695927744-2032809450-1000_Classes\CLSID\{7C6A1883-3BD8-4954-9598-24331E1D93DB}" => Key deleted successfully.
"HKU\S-1-5-21-675510566-695927744-2032809450-1000_Classes\CLSID\{8A49EFAD-D16A-4502-BE91-55332DE5D665}" => Key deleted successfully.
"HKU\S-1-5-21-675510566-695927744-2032809450-1000_Classes\CLSID\{90B3DFBF-AF6A-4EA0-8899-F332194690F8}" => Key deleted successfully.
"HKU\S-1-5-21-675510566-695927744-2032809450-1000_Classes\CLSID\{9BD10691-3E41-4A8E-8059-D1D7D417CCA1}" => Key deleted successfully.
"HKU\S-1-5-21-675510566-695927744-2032809450-1000_Classes\CLSID\{AA13284A-B9A6-4000-9AFC-B5275AD611C4}" => Key deleted successfully.
"HKU\S-1-5-21-675510566-695927744-2032809450-1000_Classes\CLSID\{B2E79109-7DF6-4831-8392-2697271093F3}" => Key deleted successfully.
"HKU\S-1-5-21-675510566-695927744-2032809450-1000_Classes\CLSID\{B76A05EF-0798-43E0-BE89-B064295B3A3A}" => Key deleted successfully.
"HKU\S-1-5-21-675510566-695927744-2032809450-1000_Classes\CLSID\{BB64B2BC-3B7E-4DFB-ACFC-3D723A021132}" => Key deleted successfully.
"HKU\S-1-5-21-675510566-695927744-2032809450-1000_Classes\CLSID\{C55DBA91-3CC5-49AB-97F1-AB3466570D28}" => Key deleted successfully.
"HKU\S-1-5-21-675510566-695927744-2032809450-1000_Classes\CLSID\{CD2C7309-ED63-40D9-A291-E34F4EE697D8}" => Key deleted successfully.
"HKU\S-1-5-21-675510566-695927744-2032809450-1000_Classes\CLSID\{CE2FD73C-A232-46E7-A341-B4C907C2F1B2}" => Key deleted successfully.
"HKU\S-1-5-21-675510566-695927744-2032809450-1000_Classes\CLSID\{CE55492D-7CF5-4F60-A838-CB4504D26707}" => Key deleted successfully.
"HKU\S-1-5-21-675510566-695927744-2032809450-1000_Classes\CLSID\{DF49A8DC-41C7-49B0-83AF-88775B522D39}" => Key deleted successfully.
"HKU\S-1-5-21-675510566-695927744-2032809450-1000_Classes\CLSID\{E0B80D76-6471-45D2-8788-87081D4B1205}" => Key deleted successfully.
"HKU\S-1-5-21-675510566-695927744-2032809450-1000_Classes\CLSID\{E0CECA44-0399-4AA7-92A6-2957E2C1F492}" => Key deleted successfully.
"HKU\S-1-5-21-675510566-695927744-2032809450-1000_Classes\CLSID\{E241C669-FAD1-4B7D-BFC3-0EAE8C2AC54A}" => Key deleted successfully.
"HKU\S-1-5-21-675510566-695927744-2032809450-1000_Classes\CLSID\{E461448D-16E6-4171-8E87-F318F00F25B7}" => Key deleted successfully.
"HKU\S-1-5-21-675510566-695927744-2032809450-1000_Classes\CLSID\{E519390B-4446-42A2-8DC6-831C23A7B39B}" => Key deleted successfully.
"HKU\S-1-5-21-675510566-695927744-2032809450-1000_Classes\CLSID\{F2F14534-E917-4F0B-B16E-A6231097A57E}" => Key deleted successfully.
"HKU\S-1-5-21-675510566-695927744-2032809450-1000_Classes\CLSID\{F53A2DDF-75D5-4D4F-93EC-A3738B377441}" => Key deleted successfully.
"HKU\S-1-5-21-675510566-695927744-2032809450-1000_Classes\CLSID\{FE498BAB-CB4C-4F88-AC3F-3641AAAF5E9E}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{123A9D7B-4BD3-45A4-8F8A-7B9D68BD123D}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{123A9D7B-4BD3-45A4-8F8A-7B9D68BD123D}" => Key deleted successfully.
C:\Windows\System32\Tasks\0414bUpdateInfo => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\0414bUpdateInfo" => Key deleted successfully.
"C:\ProgramData\Avg_Update_0414b" => File/Directory not found.
"C:\Users\brian\AppData\Roaming\AVG 0913a Campaign" => File/Directory not found.
"C:\Users\brian\AppData\Roaming\AVG April 2013 Campaign" => File/Directory not found.
"C:\Users\brian\AppData\Roaming\Search Protection" => File/Directory not found.
 
========= reg delete "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\AVG-Secure-Search-Update_0913a" /f =========
 
The operation completed successfully.
 
 
 
========= End of Reg: =========
 
 
========= reg delete "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\ROC_ROC_APR2013_AV" /f =========
 
The operation completed successfully.
 
 
 
========= End of Reg: =========
 
 
========= reg delete "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\SearchProtection" /f =========
 
The operation completed successfully.
 
 
 
========= End of Reg: =========
 
 
=========  ipconfig /flushdns =========
 
 
Windows IP Configuration
 
Successfully flushed the DNS Resolver Cache.
 
========= End of CMD: =========
 
 
=========  netsh winsock reset all =========
 
 
Sucessfully reset the Winsock Catalog.
You must restart the computer in order to complete the reset.
 
 
========= End of CMD: =========
 
 
=========  netsh int ipv4 reset =========
 
Reseting Global, OK!
Reseting Interface, OK!
Reseting Subinterface, OK!
Restart the computer to complete this action.
 
 
========= End of CMD: =========
 
 
=========  netsh int ipv6 reset =========
 
Reseting Interface, OK!
Reseting Subinterface, OK!
Restart the computer to complete this action.
 
 
========= End of CMD: =========
 
EmptyTemp: => Removed 4.8 GB temporary data.
 
 
The system needed a reboot. 
 
==== End of Fixlog ====
 
 
 
Farbar Service Scanner Version: 21-07-2014
Ran by brian (administrator) on 28-10-2014 at 21:51:37
Running from "C:\Users\brian\Desktop"
Microsoft Windows 7 Home Premium  Service Pack 1 (X64)
Boot Mode: Normal
****************************************************************
 
Internet Services:
============
 
Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Google.com is accessible.
Yahoo.com is accessible.
 
 
Windows Firewall:
=============
 
Firewall Disabled Policy: 
==================
 
 
System Restore:
============
 
System Restore Disabled Policy: 
========================
 
 
Action Center:
============
 
 
Windows Defender:
==============
 
Other Services:
==============
 
 
File Check:
========
C:\Windows\System32\nsisvc.dll => File is digitally signed
C:\Windows\System32\drivers\nsiproxy.sys => File is digitally signed
C:\Windows\System32\dhcpcore.dll => File is digitally signed
C:\Windows\System32\drivers\afd.sys => File is digitally signed
C:\Windows\System32\drivers\tdx.sys => File is digitally signed
C:\Windows\System32\Drivers\tcpip.sys => File is digitally signed
C:\Windows\System32\dnsrslvr.dll => File is digitally signed
C:\Windows\System32\mpssvc.dll => File is digitally signed
C:\Windows\System32\bfe.dll => File is digitally signed
C:\Windows\System32\drivers\mpsdrv.sys => File is digitally signed
C:\Windows\System32\SDRSVC.dll => File is digitally signed
C:\Windows\System32\vssvc.exe => File is digitally signed
C:\Windows\System32\wscsvc.dll => File is digitally signed
C:\Windows\System32\wbem\WMIsvc.dll => File is digitally signed
C:\Program Files\Windows Defender\MpSvc.dll => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
 
 
**** End of log ****


#10 LiquidTension

LiquidTension

  • Malware Response Team
  • 1,278 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:06:23 PM

Posted 29 October 2014 - 04:34 AM

Good job. How is your computer performing? 


Posted Image

#11 LiquidTension

LiquidTension

  • Malware Response Team
  • 1,278 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:06:23 PM

Posted 31 October 2014 - 06:29 PM

Hello, 

 

Do you still require assistance?


Posted Image

#12 hazelludlow

hazelludlow
  • Topic Starter

  • Members
  • 40 posts
  • OFFLINE
  •  
  • Local time:12:23 PM

Posted 01 November 2014 - 11:12 AM

hey, adam...no, everything seems to be fine...i have come to accept the underlined green words on sites that allow the advertising...mostly sites that i do not visit unless i am tractor beamed into nonsense and pop culture

 

i see it as more of a slight on the sites advertising blitz...i just opted out of the ads and just don't hover on the words

 

 

thanks very much, adam



#13 LiquidTension

LiquidTension

  • Malware Response Team
  • 1,278 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:06:23 PM

Posted 01 November 2014 - 03:32 PM

OK. 

Some sites will have that kind of advertising - as long as you don't see the adverts on every site, it's unlikely to be related to something on your computer. 

 

Lets continue this process and check for possible remnants. 

 

STEP 1

GfiJrQ9.png Malwarebytes Anti-Malware (MBAM)

  • Please download the Malwarebytes Anti-Malware setup file to your Desktop.
  • Open mbam-setup.x.x.xxxx.exe (x represents the version #) and follow the prompts to install the programme. 
  • Open Malwarebytes Anti-Malware and click Update Now.
  • Once updated, click the Settings tab, followed by Detection and Protection and tick Scan for rootkits.
  • Click the Scan tab, ensure Threat Scan is checked and click Scan Now.
  • Note: You may see the following message, "Could not load DDA driver". Click Yes, allow your PC to reboot and continue afterwards. 
  • If threats are detected, click the Apply Actions button. You will now be prompted to reboot. Click Yes.
  • Upon completion of the scan (or after the reboot), click the History tab.
  • Click Application Logs and double-click the Scan Log.
  • Click Copy to Clipboard and paste the log in your next reply. 
     

STEP 2
GzlsbnV.png ESET Online Scan
Note: This scan may take a long time to complete. Please do not browse the Internet whilst your Anti-Virus is disabled.

  • Please download ESET Online Scan and save the file to your Desktop.
  • Temporarily disable your anti-virus software. For instructions, please refer to the following link.
  • Double-click esetsmartinstaller_enu.exe to run the programme. 
  • Agree to the EULA by placing a checkmark next to Yes, I accept the Terms of Use. Then click Start.
  • Agree to the Terms of Use once more and click Start. Allow components to download.
  • Place a checkmark next to Enable detection of potentially unwanted applications.
  • Click Hide advanced settings. Place a checkmark next to:
    • Scan archives
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth technology
  • Ensure Remove found threats is unchecked.
  • Click Start.
  • Wait for the scan to finish. Please be patient as this can take some time.
  • Upon completion, click esetListThreats.png. If no threats were found, skip the next two bullet points. 
  • Click esetExport.png and save the file to your Desktop, naming it something such as "MyEsetScan".
  • Push the Back button.
  • Place a checkmark next to xKN1w2nv.png.pagespeed.ic.JWqIaEgZi7.png and click SzOC1p0.png.pagespeed.ce.OWDP45O6oG.png.
  • Re-enable your anti-virus software.
  • Copy the contents of the log and paste in your next reply.
     

======================================================
 
STEP 3
pfNZP4A.png Logs
In your next reply please include the following logs. Please be sure to copy and paste the requested logs, as well as provide information on any questions I may have asked.

  • MBAM Scan log
  • ESET Online Scan log

Posted Image

#14 LiquidTension

LiquidTension

  • Malware Response Team
  • 1,278 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:06:23 PM

Posted 03 November 2014 - 07:35 PM

Hello, 

 

Do you still require assistance?


Posted Image

#15 LiquidTension

LiquidTension

  • Malware Response Team
  • 1,278 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:06:23 PM

Posted 06 November 2014 - 11:25 PM

Due to the lack of feedback, this topic is now closed.

In the event you still have problems, please send me or any Moderator a Private Message and ask them to reopen this topic within the next 5 days.

Please include a link to your topic in the Private Message. Thank you.
Posted Image




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users