Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Infected with Stolen.data and Trojan.Agent.AI, Ccleaner question...


  • This topic is locked This topic is locked
74 replies to this topic

#1 4youte

4youte

  • Members
  • 173 posts
  • OFFLINE
  •  
  • Local time:09:58 PM

Posted 14 November 2014 - 03:25 AM

Well I have to come back here cause I believe a stupid decision may have caused this, but I am not sure. I had an old registry backup when my computer was working alot better, and I restored it. I'm thinking I restored it at a time when I was infected with Stolen.data before it got cleared up. So I may have gotten it again that way, but I'm not sure. Restoring the registry back to the state it was before I ran the backup did not fix it, and getting rid of it through malwarebytes virus software doesn't prevent it from coming back. Also, I'm sure you guys are familiar with the program Ccleaner. I use it regularly to delete temp files. I never tried it's registry tools since I believe using registry tools on old computers I had with windows xp ruined them. I don't know how it would be on windows 7. I see I have all kinds of registry issues that were found, and I'm wondering if I fixed them with Ccleaner if it would help my computer, or just do more harm than good. It seems it could help. I will attach the registry log since it's too long too post. Here is the mbam log.

Malwarebytes Anti-Malware
www.malwarebytes.org

Scan Date: 11/14/2014
Scan Time: 1:50:15 AM
Logfile: Mbam.txt
Administrator: Yes

Version: 2.00.3.1025
Malware Database: v2014.11.14.03
Rootkit Database: v2014.11.12.01
License: Free
Malware Protection: Disabled
Malicious Website Protection: Disabled
Self-protection: Disabled

OS: Windows 7 Service Pack 1
CPU: x64
File System: NTFS
User: Jeremy

Scan Type: Threat Scan
Result: Completed
Objects Scanned: 445231
Time Elapsed: 21 min, 54 sec

Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled

Processes: 0
(No malicious items detected)

Modules: 0
(No malicious items detected)

Registry Keys: 1
Malware.Trace, HKU\S-1-5-21-4055183432-471262313-3685020261-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\DC3_FEXEC, Quarantined, [3f6c3308493394a21e3972a02cd8cd33],

Registry Values: 1
Trojan.Agent.AI, HKU\S-1-5-21-4055183432-471262313-3685020261-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUNONCE|16io23yni, C:\Users\Jeremy\16io23yni\91235.vbs, Quarantined, [8823a596136995a1af157cc7d62d22de]

Registry Data: 0
(No malicious items detected)

Folders: 1
Stolen.Data, C:\Users\Jeremy\AppData\Roaming\dclogs, Quarantined, [8d1e63d8b5c74beb94707dc4f11341bf],

Files: 55
PUP.Optional.DomaIQ, C:\Users\Jeremy\AppData\Local\Temp\CC75.tmp, Quarantined, [3279013aa5d774c2dccbaab35ca458a8],
PUP.Optional.DomaIQ, C:\Users\Jeremy\AppData\Local\Temp\EC72.tmp, Quarantined, [b3f8b982b8c476c0eabd5ffe0000c23e],
PUP.Optional.DomaIQ, C:\Users\Jeremy\AppData\Local\Temp\ED39.tmp, Quarantined, [307b70cb9be1fd3982255607ae52e020],
PUP.Optional.Somoto, C:\Users\Jeremy\AppData\Local\Temp\B01A.tmp, Quarantined, [2685c4778cf0a492cc4ce456db2a2fd1],
PUP.Optional.DomaIQ, C:\Users\Jeremy\AppData\Local\Temp\B5CA.tmp, Quarantined, [9c0f9e9dbac280b604a34a13f50b817f],
PUP.Optional.DomaIQ, C:\Users\Jeremy\AppData\Local\Temp\BCD.tmp, Quarantined, [13982714cdafec4a416661fc10f02dd3],
PUP.Optional.Somoto, C:\Users\Jeremy\AppData\Local\Temp\BF26.tmp, Quarantined, [9f0cf14a4834b08683950c2ed03547b9],
PUP.Optional.DomaIQ, C:\Users\Jeremy\AppData\Local\Temp\C441.tmp, Quarantined, [d3d83a01601c5adc00a7a9b4a7598b75],
PUP.Optional.DomaIQ, C:\Users\Jeremy\AppData\Local\Temp\83DB.tmp, Quarantined, [22890536552738fea4039cc1738dbd43],
PUP.Optional.Somoto, C:\Users\Jeremy\AppData\Local\Temp\8B50.tmp, Quarantined, [c1ea6ad1fc808fa7d93f70ca9b6acb35],
PUP.Optional.DomaIQ, C:\Users\Jeremy\AppData\Local\Temp\603B.tmp, Quarantined, [5754b08b0f6dbd798735c19cd030f60a],
PUP.Optional.DomaIQ, C:\Users\Jeremy\AppData\Local\Temp\616E.tmp, Quarantined, [f8b31d1e314b62d40b9cb5a8f40c2cd4],
PUP.Optional.Ekoblock, C:\Users\Jeremy\AppData\Local\Temp\635A.tmp, Quarantined, [1299ce6d94e8fe38dbda618108f921df],
PUP.Optional.DomaIQ, C:\Users\Jeremy\AppData\Local\Temp\6632.tmp, Quarantined, [e0cbed4e1a6289ad42653b22fa066a96],
PUP.Optional.DomaIQ, C:\Users\Jeremy\AppData\Local\Temp\6A06.tmp, Quarantined, [2a8119227705cf67bdeacc91748cd12f],
PUP.Optional.DomaIQ, C:\Users\Jeremy\AppData\Local\Temp\6AA9.tmp, Quarantined, [aefd3b00621ab87e0eae0b527f817789],
PUP.Optional.DomaIQ, C:\Users\Jeremy\AppData\Local\Temp\6B35.tmp, Quarantined, [f6b50c2f097379bd5864233a738d8977],
PUP.Optional.Ekoblock, C:\Users\Jeremy\AppData\Local\Temp\6F2.tmp, Quarantined, [1596f348ea92171f0de9a142c63b9868],
PUP.Optional.DomaIQ, C:\Users\Jeremy\AppData\Local\Temp\7248.tmp, Quarantined, [64471823f98337ff5a4dc19c35cb847c],
PUP.Optional.Bundle, C:\Users\Jeremy\AppData\Local\Temp\F6D1.tmp, Quarantined, [beedfe3db1cb072fe8347966e9187c84],
PUP.Optional.Ekoblock, C:\Users\Jeremy\AppData\Local\Temp\F6E9.tmp, Quarantined, [76356ecdea921b1b56a0647f55ac4fb1],
PUP.Optional.DomaIQ, C:\Users\Jeremy\AppData\Local\Temp\9189.tmp, Quarantined, [2289d863126a5adc18a4b3aac33dfd03],
PUP.Optional.DomaIQ, C:\Users\Jeremy\AppData\Local\Temp\987C.tmp, Quarantined, [8b20ff3ca9d35adc12aa64f902fe3bc5],
PUP.Optional.DomaIQ, C:\Users\Jeremy\AppData\Local\Temp\A661.tmp, Quarantined, [aa01c07b6f0d3cfa01a6a2bb619f0bf5],
PUP.Optional.Ekoblock, C:\Users\Jeremy\AppData\Local\Temp\A675.tmp, Quarantined, [c3e8ff3cb1cb91a5e4d19c4616eb6898],
PUP.Optional.DomaIQ, C:\Users\Jeremy\AppData\Local\Temp\2AA3.tmp, Quarantined, [3c6f3308ec90b284baed8fce39c7df21],
PUP.Optional.SaferInstall, C:\Users\Jeremy\AppData\Local\Temp\2D1F.tmp, Quarantined, [b3f82615bdbfbc7afc390bceae538e72],
PUP.Optional.DomaIQ, C:\Users\Jeremy\AppData\Local\Temp\3048.tmp, Quarantined, [34773dfe413b66d0f3c9d08d9f616c94],
PUP.Optional.SaferInstall, C:\Users\Jeremy\AppData\Local\Temp\37F7.tmp, Quarantined, [406b2c0faad2142291a48455ec157e82],
PUP.Optional.DomaIQ, C:\Users\Jeremy\AppData\Local\Temp\3BBD.tmp, Quarantined, [acff89b223592a0cbceb61fc47b9d52b],
PUP.Optional.DomaIQ, C:\Users\Jeremy\AppData\Local\Temp\4117.tmp, Quarantined, [9714b08b0a72e056c8df18458e7205fb],
PUP.Optional.Somoto, C:\Users\Jeremy\AppData\Local\Temp\4373.tmp, Quarantined, [acff0a31403cfe38c751e55563a223dd],
PUP.Optional.DomaIQ, C:\Users\Jeremy\AppData\Local\Temp\55B3.tmp, Quarantined, [7a3185b689f3ac8a1aa288d5a8587f81],
PUP.Optional.DomaIQ, C:\Users\Jeremy\AppData\Local\Temp\56C.tmp, Quarantined, [307b63d87ffd41f5cfd84815a25e8779],
PUP.Optional.DomaIQ, C:\Users\Jeremy\AppData\Local\Temp\5861.tmp, Quarantined, [4269e45781fb6cca348874e948b8916f],
PUP.Optional.Bundle, C:\Users\Jeremy\AppData\Local\Temp\5940.tmp, Quarantined, [3b707bc0710bba7c31eb6f7012efeb15],
PUP.Optional.SaferInstall, C:\Users\Jeremy\AppData\Local\Temp\59B2.tmp, Quarantined, [109b81ba47359a9cd65fedec05fcd32d],
PUP.Optional.DomaIQ, C:\Users\Jeremy\AppData\Local\Temp\D3C.tmp, Quarantined, [2a81cb7090ec79bd317668f534cc7987],
PUP.Optional.DomaIQ, C:\Users\Jeremy\AppData\Local\Temp\D59C.tmp, Quarantined, [258665d6c8b4a98d9a220e4fc0403ec2],
PUP.Optional.DomaIQ, C:\Users\Jeremy\AppData\Local\Temp\DEB6.tmp, Quarantined, [9a116dce017b68ced4d3b2ab649ce61a],
PUP.Optional.Somoto, C:\Users\Jeremy\AppData\Local\Temp\E103.tmp, Quarantined, [3c6fe556daa2f244c553b28815f0768a],
PUP.Optional.DomaIQ, C:\Users\Jeremy\AppData\Local\Temp\E6C4.tmp, Quarantined, [0f9c1d1e37456fc748743825f80852ae],
PUP.Optional.DomaIQ, C:\Users\Jeremy\AppData\Local\Temp\74C0.tmp, Quarantined, [c0eb5fdc1c601224d0ece57848b8e11f],
PUP.Optional.DomaIQ, C:\Users\Jeremy\AppData\Local\Temp\26EF.tmp, Quarantined, [8526ff3c4339f83ed1d6a2bb8c747f81],
PUP.Optional.AstroNet, C:\Users\Jeremy\AppData\Local\Temp\2828.tmp, Quarantined, [6942ed4ef28ac076f6a486b425e0bf41],
PUP.Optional.DomaIQ, C:\Users\Jeremy\AppData\Local\Temp\1A47.tmp, Quarantined, [b1fa77c4ed8fde58c0e7015cdb25ae52],
PUP.Optional.DomaIQ, C:\Users\Jeremy\AppData\Local\Temp\1E3F.tmp, Quarantined, [753650eb007cd85e3785c19cfe0229d7],
Stolen.Data, C:\Users\Jeremy\AppData\Roaming\dclogs\2014-11-07-6.dc, Quarantined, [8d1e63d8b5c74beb94707dc4f11341bf],
Stolen.Data, C:\Users\Jeremy\AppData\Roaming\dclogs\2014-11-08-7.dc, Quarantined, [8d1e63d8b5c74beb94707dc4f11341bf],
Stolen.Data, C:\Users\Jeremy\AppData\Roaming\dclogs\2014-11-09-1.dc, Quarantined, [8d1e63d8b5c74beb94707dc4f11341bf],
Stolen.Data, C:\Users\Jeremy\AppData\Roaming\dclogs\2014-11-10-2.dc, Quarantined, [8d1e63d8b5c74beb94707dc4f11341bf],
Stolen.Data, C:\Users\Jeremy\AppData\Roaming\dclogs\2014-11-11-3.dc, Quarantined, [8d1e63d8b5c74beb94707dc4f11341bf],
Stolen.Data, C:\Users\Jeremy\AppData\Roaming\dclogs\2014-11-12-4.dc, Quarantined, [8d1e63d8b5c74beb94707dc4f11341bf],
Stolen.Data, C:\Users\Jeremy\AppData\Roaming\dclogs\2014-11-13-5.dc, Quarantined, [8d1e63d8b5c74beb94707dc4f11341bf],
Trojan.Agent.AI, C:\Users\Jeremy\16io23yni\91235.vbs, Quarantined, [8823a596136995a1af157cc7d62d22de],

Physical Sectors: 0
(No malicious items detected)


(end)

 

EDIT: Moved topic from Aii to MRL. ~bloopie


Edited by bloopie, 22 November 2014 - 09:57 PM.
Moved from Aii. ~bloopie


BC AdBot (Login to Remove)

 


#2 4youte

4youte
  • Topic Starter

  • Members
  • 173 posts
  • OFFLINE
  •  
  • Local time:09:58 PM

Posted 14 November 2014 - 03:29 AM

Hmmm where is the option to attach files? I really want you to take a look at this registry log and let me know how to proceed with Ccleaner. I'm hoping I can use it and it's safe, but I want your consent.



#3 4youte

4youte
  • Topic Starter

  • Members
  • 173 posts
  • OFFLINE
  •  
  • Local time:09:58 PM

Posted 14 November 2014 - 03:37 AM

Sorry for another post, but I also can't install most of the latest windows 7 updates. It keeps telling me it failed to update. Didn't say anything cause I didn't want to hear how I should re-install my operating system again, because I don't know how to set everything up again since there's so many programs to set up that a friend used to always do for me. So I would be so lost.



#4 bloopie

bloopie

    Bleepin' Sith Turner


  • Malware Response Team
  • 7,927 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:New York
  • Local time:09:58 PM

Posted 22 November 2014 - 10:34 PM

Hello 4youte, and welcome to the forums! :thumbsup:

I'm stepping in here as Alex&Vanko has been banned (please disregard his posts) and he will no longer be able to reply here. I will remove his posts from this topic once I hear back from you in case you decided to follow his instructions. If you did already, please let me know.

 

EDIT: I have removed Alex&Vanko's previous replies in this topic, as I saw that you logged on to BC at 06:44 am

Please do not use Ccleaner's "Registry Cleaner part" of the program as it could cause unforseen results...Ccleaner is a very good program, but if you don't understand what it's going to do to the registry, then do not use it! You mention the log is quite large, so let's not make any large changes to the registry before we even begin! :wink: We need to take care of any malware (active or not) first, okay?

 

Nevertheless, we'll get to the bottom of what is ailing your computer! :)

(Also, just to let you know, I have moved this topic to the Malware Removal Logs forum where it will stay so that we can get the proper logs posted.)

====================

My name is bloopie and I'll be helping you with your problems as best I can! :thumbup2:

A few things to keep in mind while we are working together:

  • If you have since resolved the original problem you were having, I would appreciate it if you let me know.
  • If you are unsure about any of the steps just post what you can and I will guide you!
  • Please tell me if you have your original Windows CD/DVD available.
  • Please copy and paste all logs here unless otherwise instructed!
  • Please stay with me until I give you the "All Clean" post!
  • Please do not run any other tools without my instruction to do so!

==========

Now, let's get a couple of logs so that we can see what's happening with your machine:

Please download Farbar Recovery Scan Tool and save it to your Desktop.

Note: You need to run the version compatible with your system. If you are not sure which version applies to your system, download both of them and try to run them. Only one of them will run on your system, that will be the right version.

  • Right-click FRST then click "Run as administrator" (XP users: click run after receipt of Windows Security Warning - Open File).
  • When the tool opens, click Yes to disclaimer.
  • Press the Scan button.
  • When finished, it will produce a log called FRST.txt in the same directory the tool was run from.
  • Please copy and paste the log in your next reply.

Note 2: The first time the tool is run it generates another log (Addition.txt - also located in the same directory the tool was run from). Please also paste that, along with the FRST.txt into your next reply.

bloopie

-->P.S.- You could not attach files because they are not allowed in the Am I Infected forum where this topic was located. But now that I've moved this topic, you are now able to attach files. :wink:

But please do not attach any files unless instructed to do so. I appreciate your cooperation! :)
<--


Edited by bloopie, 23 November 2014 - 05:03 PM.
Removed A&V's replies here. ~bloopie


#5 4youte

4youte
  • Topic Starter

  • Members
  • 173 posts
  • OFFLINE
  •  
  • Local time:09:58 PM

Posted 24 November 2014 - 02:44 PM

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 23-11-2014 01
Ran by Jeremy (administrator) on JEREMY-PC on 24-11-2014 14:39:25
Running from C:\Users\Jeremy\Desktop
Loaded Profile: Jeremy (Available profiles: Jeremy)
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: English (United States)
Internet Explorer Version 10
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(Logitech Inc.) C:\Program Files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe
(tzuk) C:\Program Files\Sandboxie\SbieSvc.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(BlueStack Systems, Inc.) C:\Program Files (x86)\BlueStacks\HD-LogRotatorService.exe
(Microsoft Corporation) C:\Windows\SysWOW64\svchost.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version9\TeamViewer_Service.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\NisSrv.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(tzuk) C:\Program Files\Sandboxie\SbieCtrl.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Integrated Clock Controller Service\ICCProxy.exe
(Piriform Ltd) C:\Program Files\CCleaner\CCleaner64.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Elements 10 Organizer\PhotoshopElementsFileAgent.exe
() C:\Program Files (x86)\HitLeap\HitLeap Viewer 2.8\core\control\hitleap-viewer.exe
(Dropbox, Inc.) C:\Users\Jeremy\AppData\Roaming\Dropbox\bin\Dropbox.exe
(tzuk) C:\Program Files\Sandboxie\SandboxieRpcSs.exe
(tzuk) C:\Program Files\Sandboxie\SandboxieDcomLaunch.exe
() C:\Program Files (x86)\HitLeap\HitLeap Viewer 2.8\core\control\hitleap-viewer.exe
(tzuk) C:\Program Files\Sandboxie\SandboxieRpcSs.exe
(tzuk) C:\Program Files\Sandboxie\SandboxieDcomLaunch.exe
() C:\Program Files (x86)\HitLeap\HitLeap Viewer 2.8\core\control\hitleap-viewer.exe
(tzuk) C:\Program Files\Sandboxie\SandboxieCrypto.exe
(VideoLAN) C:\Program Files (x86)\VideoLAN\VLC\vlc.exe
(tzuk) C:\Program Files\Sandboxie\SandboxieCrypto.exe
(Microsoft Corporation) C:\Program Files\Windows NT\Accessories\wordpad.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Microsoft Corporation) C:\Windows\System32\SndVol.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\System32\msiexec.exe
() C:\Program Files (x86)\HitLeap\HitLeap Viewer 2.8\core\cef\hitleap-viewer-browser.exe
() C:\Program Files (x86)\HitLeap\HitLeap Viewer 2.8\core\cef\hitleap-viewer-browser.exe
() C:\Program Files (x86)\HitLeap\HitLeap Viewer 2.8\core\cef\hitleap-viewer-browser.exe
() C:\Program Files (x86)\HitLeap\HitLeap Viewer 2.8\core\cef\hitleap-viewer-browser.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [MSC] => C:\Program Files\Microsoft Security Client\msseces.exe [1331288 2014-08-22] (Microsoft Corporation)
HKLM-x32\...\RunOnce: [Del D:\- Jeremy\- Images\Me\- Facebook\- JaizMusic\- Social Pics\Kissing\GEDC0557\GEDC0557.psd OnNextReboot] => D:\- Jeremy\- Images\Me\- Facebook\- JaizMusic\- Social Pics\Kissing\GEDC0557\GEDC0557.psd [69218238 2012-11-11] ()
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-4055183432-471262313-3685020261-1000\...\Run: [SandboxieControl] => C:\Program Files\Sandboxie\SbieCtrl.exe [570600 2010-02-03] (tzuk)
HKU\S-1-5-21-4055183432-471262313-3685020261-1000\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [6501656 2014-10-29] (Piriform Ltd)
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\S-1-5-21-4055183432-471262313-3685020261-1000\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\S-1-5-21-4055183432-471262313-3685020261-1000\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-US
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\.DEFAULT\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\S-1-5-21-4055183432-471262313-3685020261-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
SearchScopes: HKU\S-1-5-21-4055183432-471262313-3685020261-1000 -> DefaultScope {736CBB01-850B-4D59-81FC-F5B9985C1B27} URL = https://search.yahoo.com/search?fr=sp_tr_ie&ei=utf-8&ilc=12&type=711278&p={searchTerms}
SearchScopes: HKU\S-1-5-21-4055183432-471262313-3685020261-1000 -> {736CBB01-850B-4D59-81FC-F5B9985C1B27} URL = https://search.yahoo.com/search?fr=sp_tr_ie&ei=utf-8&ilc=12&type=711278&p={searchTerms}
BHO: iMacros Browser Helper Object -> {34D5A80A-992D-4F07-9509-66E9E133BAAF} -> C:\Program Files\Ipswitch\iMacros\iMacrosBHO.dll ()
BHO: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: iMacros Browser Helper Object -> {34D5A80A-992D-4F07-9509-66E9E133BAAF} -> C:\Program Files (x86)\Ipswitch\iMacros\iMacrosBHO.dll ()
BHO-x32: Canon Easy-WebPrint EX BHO -> {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} -> C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexbho.dll (CANON INC.)
Toolbar: HKLM-x32 - Canon Easy-WebPrint EX - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexhlp.dll (CANON INC.)
DPF: HKLM-x32 {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab
Tcpip\Parameters: [DhcpNameServer] 208.59.247.45 208.59.247.46

FireFox:
========
FF ProfilePath: C:\Users\Jeremy\AppData\Roaming\Mozilla\Firefox\Profiles\6b4yms8m.default-1379773998789
FF DefaultSearchEngine: Web Search (powered by Google)
FF SelectedSearchEngine: Web Search (powered by Google)
FF Homepage: hxxp://www.google.com/
FF Keyword.URL: hxxp://search.toolbars.alexa.com/?ver=alxf-2.21&src=ab&aid=zQYck10BT%2B002X&q=
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_15_0_0_152.dll ()
FF Plugin: @java.com/DTPlugin,version=10.60.2 -> C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.60.2 -> C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll (Adobe Systems)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_15_0_0_152.dll ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @canon.com/EPPEX -> C:\Program Files (x86)\Canon\My Image Garden\AddOn\CIG\npmigfpi.dll (CANON INC.)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.1.3 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.1.5 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin-x32: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect32.dll (Adobe Systems)
FF SearchPlugin: C:\Users\Jeremy\AppData\Roaming\Mozilla\Firefox\Profiles\6b4yms8m.default-1379773998789\searchplugins\web-search-powered-by-google.xml
FF SearchPlugin: C:\Users\Jeremy\AppData\Roaming\Mozilla\Firefox\Profiles\6b4yms8m.default-1379773998789\searchplugins\yahoo_ff.xml
FF SearchPlugin: C:\Users\Jeremy\AppData\Roaming\Mozilla\Firefox\Profiles\8f4qdz7l.default-1402660292683\searchplugins\yahoo_ff.xml
FF SearchPlugin: C:\Users\Jeremy\AppData\Roaming\Mozilla\Firefox\Profiles\cgycrtqe.default-1402660470974\searchplugins\yahoo_ff.xml
FF SearchPlugin: C:\Users\Jeremy\AppData\Roaming\Mozilla\Firefox\Profiles\9y5e8u3x.default-1403413156680\searchplugins\yahoo_ff.xml
FF SearchPlugin: C:\Users\Jeremy\AppData\Roaming\Mozilla\Firefox\Profiles\azjjvadi.default-1404385278039\searchplugins\yahoo_ff.xml
FF SearchPlugin: C:\Users\Jeremy\AppData\Roaming\Mozilla\Firefox\Profiles\a7c2hw7e.default-1404385333048\searchplugins\yahoo_ff.xml
FF SearchPlugin: C:\Users\Jeremy\AppData\Roaming\Mozilla\Firefox\Profiles\4w7d6w9p.default-1404570108397\searchplugins\yahoo_ff.xml
FF SearchPlugin: C:\Users\Jeremy\AppData\Roaming\Mozilla\Firefox\Profiles\yq9mi55j.default-1404813201892\searchplugins\yahoo_ff.xml
FF SearchPlugin: C:\Users\Jeremy\AppData\Roaming\Mozilla\Firefox\Profiles\9p0vh9af.default-1405050136102\searchplugins\yahoo_ff.xml
FF SearchPlugin: C:\Users\Jeremy\AppData\Roaming\Mozilla\Firefox\Profiles\lxjep663.default-1405050195456\searchplugins\yahoo_ff.xml
FF SearchPlugin: C:\Users\Jeremy\AppData\Roaming\Mozilla\Firefox\Profiles\pbsvfida.default-1405185529215\searchplugins\yahoo_ff.xml
FF SearchPlugin: C:\Users\Jeremy\AppData\Roaming\Mozilla\Firefox\Profiles\6zrtda3a.default-1405185566574\searchplugins\yahoo_ff.xml
FF Extension: Muter - C:\Users\Jeremy\AppData\Roaming\Mozilla\Firefox\Profiles\6b4yms8m.default-1379773998789\Extensions\muter@yxl.name [2014-03-16]
FF Extension: iMacros for Firefox - C:\Users\Jeremy\AppData\Roaming\Mozilla\Firefox\Profiles\6b4yms8m.default-1379773998789\Extensions\{81BF1D23-5F17-408D-AC6B-BD6DF7CAF670} [2014-11-12]
FF Extension: DownloadHelper - C:\Users\Jeremy\AppData\Roaming\Mozilla\Firefox\Profiles\6b4yms8m.default-1379773998789\Extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d} [2014-09-05]
FF Extension: Firebug - C:\Users\Jeremy\AppData\Roaming\Mozilla\Firefox\Profiles\6b4yms8m.default-1379773998789\Extensions\firebug@software.joehewitt.com.xpi [2014-10-06]
FF Extension: Dm0nKs Spotify Link Redirector - C:\Users\Jeremy\AppData\Roaming\Mozilla\Firefox\Profiles\6b4yms8m.default-1379773998789\Extensions\jid0-Xl3Oy6TJVT4qdRxyRor2JAAl3hU@jetpack.xpi [2014-05-18]
FF Extension: Alexa Toolbar - C:\Users\Jeremy\AppData\Roaming\Mozilla\Firefox\Profiles\6b4yms8m.default-1379773998789\Extensions\toolbar@alexa.com.xpi [2014-10-07]
FF Extension: X-notifier - C:\Users\Jeremy\AppData\Roaming\Mozilla\Firefox\Profiles\6b4yms8m.default-1379773998789\Extensions\{37fa1426-b82d-11db-8314-0800200c9a66}.xpi [2014-09-13]
FF Extension: ReloadEvery - C:\Users\Jeremy\AppData\Roaming\Mozilla\Firefox\Profiles\6b4yms8m.default-1379773998789\Extensions\{888d99e7-e8b5-46a3-851e-1ec45da1e644}.xpi [2014-02-21]
FF Extension: Modify Headers - C:\Users\Jeremy\AppData\Roaming\Mozilla\Firefox\Profiles\6b4yms8m.default-1379773998789\Extensions\{b749fc7c-e949-447f-926c-3f4eed6accfe}.xpi [2014-05-16]
FF Extension: Download YouTube Videos as MP4 - C:\Users\Jeremy\AppData\Roaming\Mozilla\Firefox\Profiles\6b4yms8m.default-1379773998789\Extensions\{b9bfaf1c-a63f-47cd-8b9a-29526ced9060}.xpi [2014-02-20]
FF Extension: Adblock Plus - C:\Users\Jeremy\AppData\Roaming\Mozilla\Firefox\Profiles\6b4yms8m.default-1379773998789\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2013-09-21]
FF Extension: Greasemonkey - C:\Users\Jeremy\AppData\Roaming\Mozilla\Firefox\Profiles\6b4yms8m.default-1379773998789\Extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}.xpi [2013-10-06]
FF HKLM-x32\...\Firefox\Extensions: [smartwebprinting@hp.com] - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
FF Extension: HP Smart Web Printing - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2012-10-08]
FF HKU\S-1-5-21-4055183432-471262313-3685020261-1000\...\Firefox\Extensions: [smartwebprinting@hp.com] - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3

Chrome:
=======
CHR HomePage: Default -> https://search.yahoo.com/?type=711278&fr=sp_tr_gc
CHR StartupUrls: Default -> "hxxp://google.com/"
CHR DefaultSearchKeyword: Default -> yahoo.com search
CHR DefaultSearchURL: Default -> https://search.yahoo.com/search?fr=sp_tr_gc&ei=utf-8&ilc=12&type=711278&p={searchTerms}
CHR DefaultSuggestURL: Default -> https://ff.search.yahoo.com/gossip?output=fxjson&command={searchTerms}
CHR Plugin: (Widevine Content Decryption Module) - C:\Users\Jeremy\AppData\Local\Google\Chrome\User Data\WidevineCDM\1.4.2.464\_platform_specific\win_x86\widevinecdmadapter.dll No File
CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\39.0.2171.65\PepperFlash\pepflashplayer.dll ()
CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\39.0.2171.65\ppGoogleNaClPluginChrome.dll No File
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\39.0.2171.65\pdf.dll ()
CHR Plugin: (BitCometAgent) - C:\Program Files (x86)\Mozilla Firefox\plugins\npBitCometAgent.dll No File
CHR Plugin: (QuickTime Plug-in 7.7.4) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.4) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin2.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.4) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin3.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.4) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin4.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.4) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin5.dll (Apple Inc.)
CHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
CHR Plugin: (CANON iMAGE GATEWAY Album Plugin Utility for IJ) - C:\Program Files (x86)\Canon\My Image Garden\AddOn\CIG\npmigfpi.dll (CANON INC.)
CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.24.7\npGoogleUpdate3.dll No File
CHR Plugin: (iTunes Application Detector) - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
CHR Plugin: (Facebook Video Calling Plugin) - C:\Users\Jeremy\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll No File
CHR Plugin: (Shockwave Flash) - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_13_0_0_214.dll No File
CHR Plugin: (Silverlight Plug-In) - c:\Program Files (x86)\Microsoft Silverlight\5.1.30214.0\npctrl.dll No File
CHR Profile: C:\Users\Jeremy\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Easy Auto Refresh) - C:\Users\Jeremy\AppData\Local\Google\Chrome\User Data\Default\Extensions\aabcgdmkeabbnleenpncegpcngjpnjkc [2014-11-22]
CHR Extension: (Google Drive) - C:\Users\Jeremy\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-02-16]
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\Jeremy\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-05-21]
CHR Extension: (YouTube) - C:\Users\Jeremy\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-02-16]
CHR Extension: (Nanny for Google Chrome ™) - C:\Users\Jeremy\AppData\Local\Google\Chrome\User Data\Default\Extensions\cljcgchbnolheggdgaeclffeagnnmhno [2014-02-21]
CHR Extension: (Google Search) - C:\Users\Jeremy\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-02-16]
CHR Extension: (iMacros for Chrome) - C:\Users\Jeremy\AppData\Local\Google\Chrome\User Data\Default\Extensions\cplklnmnlbnpmjogncfgfijoopmnlemp [2014-11-21]
CHR Extension: (Tampermonkey) - C:\Users\Jeremy\AppData\Local\Google\Chrome\User Data\Default\Extensions\dhdgffkkebhmkfjojejmpbldmpobfkfo [2014-10-02]
CHR Extension: (Avast Online Security) - C:\Users\Jeremy\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki [2014-02-21]
CHR Extension: (Website Blocker (Beta)) - C:\Users\Jeremy\AppData\Local\Google\Chrome\User Data\Default\Extensions\hclgegipaehbigmbhdpfapmjadbaldib [2014-02-21]
CHR Extension: (Enhance Views) - C:\Users\Jeremy\AppData\Local\Google\Chrome\User Data\Default\Extensions\ippgbgjbkciiodailobdhilppmfglgma [2014-08-16]
CHR Extension: (MuteTab) - C:\Users\Jeremy\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmkbaaijgpppbokgnhhoakihofedkgcc [2014-03-16]
CHR Extension: (Google Wallet) - C:\Users\Jeremy\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-02-16]
CHR Extension: (Gmail) - C:\Users\Jeremy\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-02-16]

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 AdobeActiveFileMonitor10.0; C:\Program Files (x86)\Adobe\Elements 10 Organizer\PhotoshopElementsFileAgent.exe [169624 2011-09-01] (Adobe Systems Incorporated)
S2 BstHdAndroidSvc; C:\Program Files (x86)\BlueStacks\HD-Service.exe [402192 2013-12-20] (BlueStack Systems, Inc.)
R2 BstHdLogRotatorSvc; C:\Program Files (x86)\BlueStacks\HD-LogRotatorService.exe [385808 2013-12-20] (BlueStack Systems, Inc.)
R3 hpqcxs08; C:\Program Files (x86)\HP\Digital Imaging\bin\hpqcxs08.dll [249344 2009-09-20] (Hewlett-Packard Co.) [File not signed]
R2 hpqddsvc; C:\Program Files (x86)\HP\Digital Imaging\bin\hpqddsvc.dll [133120 2009-09-20] (Hewlett-Packard Co.) [File not signed]
R2 HPSLPSVC; C:\Program Files (x86)\HP\Digital Imaging\bin\HPSLPSVC64.DLL [1039360 2010-10-22] (Hewlett-Packard Co.) [File not signed]
S3 IDriverT; C:\Program Files (x86)\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe [73728 2004-10-22] (Macrovision Corporation) [File not signed]
R2 MsMpSvc; C:\Program Files\Microsoft Security Client\MsMpEng.exe [23784 2014-08-22] (Microsoft Corporation)
R2 Net Driver HPZ12; C:\Windows\system32\HPZinw12.dll [71680 2010-08-06] (Hewlett-Packard) [File not signed]
R3 NisSrv; C:\Program Files\Microsoft Security Client\NisSrv.exe [368624 2014-08-22] (Microsoft Corporation)
R2 Pml Driver HPZ12; C:\Windows\system32\HPZipm12.dll [89600 2010-08-06] (Hewlett-Packard) [File not signed]
R2 SbieSvc; C:\Program Files\Sandboxie\SbieSvc.exe [94440 2010-02-03] (tzuk)
S3 SwitchBoard; C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated) [File not signed]

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

S3 Apowersoft_AudioDevice; C:\Windows\System32\drivers\Apowersoft_AudioDevice.sys [29288 2010-12-24] (Wondershare)
U5 AppMgmt; C:\Windows\system32\svchost.exe [27136 2009-07-13] (Microsoft Corporation)
R2 BstHdDrv; C:\Program Files (x86)\BlueStacks\HD-Hypervisor-amd64.sys [114448 2013-12-20] (BlueStack Systems)
R3 dtsoftbus01; C:\Windows\System32\DRIVERS\dtsoftbus01.sys [283200 2012-02-03] (DT Soft Ltd)
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [269008 2014-07-17] (Microsoft Corporation)
R2 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [125584 2014-07-17] (Microsoft Corporation)
S3 pfc; C:\Windows\SysWOW64\drivers\pfc.sys [10368 2004-04-01] (Padus, Inc.) [File not signed]
R3 SbieDrv; C:\Program Files\Sandboxie\SbieDrv.sys [134760 2010-02-03] (tzuk)
R3 USBMULCD; C:\Windows\System32\drivers\CM10664.sys [1307648 2009-09-30] (C-Media Electronics Inc)
R3 VSTWinDriver6; C:\Windows\System32\drivers\VSTwindrvr6.sys [252928 2008-07-03] (Jungo)

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-11-24 14:30 - 2014-11-24 14:30 - 00001161 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2014-11-24 14:30 - 2014-11-24 14:30 - 00001149 _____ () C:\Users\Public\Desktop\Mozilla Firefox.lnk
2014-11-24 14:30 - 2014-11-24 14:30 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2014-11-24 14:28 - 2014-11-24 14:28 - 36480824 _____ () C:\Users\Jeremy\Desktop\Firefox Setup 33.1.1.exe
2014-11-24 14:20 - 2014-11-24 14:20 - 00003152 _____ () C:\Windows\System32\Tasks\{A469897D-04DB-45D2-BAC2-D7D455525B00}
2014-11-24 13:43 - 2014-11-24 13:52 - 00068185 _____ () C:\Users\Jeremy\Desktop\Addition.txt
2014-11-24 13:41 - 2014-11-24 14:39 - 00022319 _____ () C:\Users\Jeremy\Desktop\FRST.txt
2014-11-24 13:41 - 2014-11-24 14:39 - 00000000 ____D () C:\FRST
2014-11-24 13:40 - 2014-11-24 13:41 - 02118144 _____ (Farbar) C:\Users\Jeremy\Desktop\FRST64.exe
2014-11-22 11:03 - 2014-11-22 11:03 - 00000000 ____D () C:\Users\Jeremy\Documents\My Cheat Tables
2014-11-21 05:56 - 2014-11-21 05:56 - 00080256 _____ () C:\Windows\PFRO.log
2014-11-21 05:56 - 2014-11-21 05:56 - 00000056 _____ () C:\Windows\setupact.log
2014-11-21 05:56 - 2014-11-21 05:56 - 00000000 _____ () C:\Windows\setuperr.log
2014-11-18 10:14 - 2014-11-18 10:14 - 00000000 ____D () C:\Program Files (x86)\Dropbox
2014-11-16 15:01 - 2014-11-16 15:01 - 00000000 ____D () C:\Program Files (x86)\Cok Software
2014-11-16 14:31 - 2014-11-18 02:21 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Auto Clicker Asoftech
2014-11-12 23:28 - 2014-11-18 02:22 - 00000000 ____D () C:\Windows\CheckSur
2014-11-12 02:19 - 2014-08-11 21:02 - 00878080 _____ (Microsoft Corporation) C:\Windows\system32\IMJP10K.DLL
2014-11-12 02:19 - 2014-08-11 20:36 - 00701440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\IMJP10K.DLL
2014-11-12 02:18 - 2014-10-17 21:05 - 00861696 _____ (Microsoft Corporation) C:\Windows\system32\oleaut32.dll
2014-11-12 02:18 - 2014-10-17 20:33 - 00571904 _____ (Microsoft Corporation) C:\Windows\SysWOW64\oleaut32.dll
2014-11-11 13:05 - 2014-11-11 13:05 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sonic Foundry
2014-11-11 13:05 - 2014-11-11 13:05 - 00000000 ____D () C:\Program Files (x86)\Sonic Foundry
2014-11-11 13:04 - 2014-11-11 13:04 - 00000000 ____D () C:\Program Files (x86)\Sonic Foundry Setup
2014-11-11 12:53 - 2014-11-11 12:53 - 00000000 ____D () C:\Program Files\Sonic Foundry Setup
2014-11-07 06:55 - 2014-11-24 14:30 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-11-04 12:20 - 2014-11-04 12:20 - 00000000 ____D () C:\ProgramData\Wondershare
2014-11-04 12:20 - 2014-11-04 12:20 - 00000000 ____D () C:\Program Files\Wondershare
2014-11-04 12:19 - 2014-11-07 04:13 - 00000000 ____D () C:\Users\Public\Documents\Wondershare
2014-11-04 11:50 - 2014-11-04 11:50 - 00000000 ____D () C:\Users\Jeremy\AppData\Local\Spotify
2014-11-04 05:49 - 2014-11-04 05:41 - 44302336 _____ () C:\Windows\system32\config\components.old
2014-11-02 10:42 - 2014-11-24 13:50 - 00000000 ____D () C:\Users\Jeremy\Desktop\- Docs
2014-10-29 07:58 - 2014-10-29 07:58 - 80654242 _____ () C:\Users\Jeremy\Documents\Damon Clawson (MAutoVolume).wav
2014-10-29 07:58 - 2014-10-29 07:58 - 00315036 _____ () C:\Users\Jeremy\Documents\Damon Clawson (MAutoVolume).pkf
2014-10-29 06:51 - 2014-10-29 06:51 - 00003296 _____ () C:\Windows\System32\Tasks\{1B214636-DCD7-4DC4-95D9-CC08794B4AEB}
2014-10-27 12:39 - 2014-10-27 12:40 - 00000000 ____D () C:\Users\Jeremy\AppData\Local\Enhanceviews_Autowatcher
2014-10-25 05:53 - 2014-10-25 05:54 - 00000000 ____D () C:\ProgramData\Sony
2014-10-25 05:53 - 2014-10-25 05:54 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sony
2014-10-25 05:01 - 2014-10-25 05:55 - 00000000 ____D () C:\Users\Jeremy\AppData\Local\Sony
2014-10-25 04:57 - 2014-10-25 05:54 - 00000000 ____D () C:\Program Files (x86)\Sony
2014-10-25 04:39 - 2014-10-25 04:44 - 00000180 _____ () C:\Users\Jeremy\Desktop.lnk
2014-10-25 03:11 - 2014-10-25 03:11 - 00000000 ____D () C:\Users\Jeremy\AppData\Roaming\VST3 Presets
2014-10-25 03:11 - 2014-10-25 03:11 - 00000000 ____D () C:\ProgramData\Steinberg
2014-10-25 03:03 - 2014-10-25 03:11 - 00000000 ____D () C:\Users\Jeremy\AppData\Roaming\Steinberg

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-11-24 14:38 - 2014-08-27 04:49 - 00000000 ____D () C:\Users\Jeremy\AppData\Roaming\Spotify
2014-11-24 14:35 - 2012-02-03 04:22 - 00000000 ____D () C:\Users\Jeremy\AppData\Roaming\foobar2000
2014-11-24 14:16 - 2012-02-02 21:31 - 00000000 ____D () C:\Users\Jeremy\AppData\Local\Deployment
2014-11-24 14:13 - 2013-05-11 03:21 - 00000000 ____D () C:\Program Files (x86)\AAMS
2014-11-24 14:12 - 2013-07-02 13:25 - 00000000 ____D () C:\Program Files (x86)\Thread Manager
2014-11-24 13:46 - 2014-05-22 05:22 - 00000898 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-11-24 09:32 - 2014-02-08 07:15 - 00000000 ____D () C:\Users\Jeremy\AppData\Local\CrashDumps
2014-11-24 08:53 - 2012-01-20 17:32 - 01946064 _____ () C:\Windows\WindowsUpdate.log
2014-11-24 03:39 - 2009-07-13 23:45 - 00027744 _____ () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-11-24 03:39 - 2009-07-13 23:45 - 00027744 _____ () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-11-23 17:21 - 2014-04-27 15:28 - 00000193 _____ () C:\Windows\WORDPAD.INI
2014-11-23 16:09 - 2014-05-30 07:18 - 00000000 ____D () C:\Users\Jeremy\AppData\Roaming\MeldaProduction
2014-11-23 09:00 - 2012-02-03 03:04 - 00000000 ____D () C:\Users\Jeremy\AppData\Roaming\vlc
2014-11-22 11:55 - 2012-02-25 04:54 - 00000132 _____ () C:\Users\Jeremy\AppData\Roaming\Adobe PNG Format CS5 Prefs
2014-11-21 06:37 - 2014-09-09 23:20 - 00007462 _____ () C:\Windows\Sandboxie.ini
2014-11-21 06:31 - 2012-02-03 02:34 - 00000000 ___RD () C:\Users\Jeremy\Dropbox
2014-11-21 06:31 - 2012-02-03 02:09 - 00000000 ____D () C:\Users\Jeremy\AppData\Roaming\Dropbox
2014-11-21 05:56 - 2009-07-14 00:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-11-21 05:54 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\Resources
2014-11-21 05:32 - 2014-05-26 07:24 - 00129752 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-11-20 13:47 - 2014-02-25 09:59 - 00000000 ____D () C:\RegBackup
2014-11-20 13:44 - 2012-02-02 21:17 - 00000000 ____D () C:\Users\Jeremy
2014-11-18 10:13 - 2012-02-03 02:10 - 00000000 ____D () C:\Users\Jeremy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
2014-11-18 10:11 - 2009-07-14 00:13 - 00833198 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-11-18 08:20 - 2012-02-07 04:28 - 00000000 ____D () C:\Users\Jeremy\Desktop\WrestlingAudio.com
2014-11-18 02:21 - 2012-10-18 05:18 - 00000000 ____D () C:\Windows\pss
2014-11-18 02:21 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\registration
2014-11-14 02:58 - 2014-07-17 13:37 - 00000000 _RSHD () C:\Users\Jeremy\16io23yni
2014-11-13 01:41 - 2014-05-22 05:22 - 00003894 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2014-11-13 01:41 - 2014-05-22 05:22 - 00003642 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2014-11-13 01:41 - 2014-05-22 05:22 - 00000894 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-11-12 03:28 - 2012-02-03 07:24 - 00000000 ____D () C:\ProgramData\Microsoft Help
2014-11-12 03:21 - 2013-07-22 22:41 - 00000000 ____D () C:\Windows\system32\MRT
2014-11-12 03:11 - 2012-02-03 03:13 - 103374192 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-11-07 07:33 - 2013-06-28 09:36 - 00000000 ____D () C:\Program Files\CCleaner
2014-11-07 07:33 - 2011-02-10 09:02 - 00000000 ____D () C:\Windows\panther
2014-11-07 07:09 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\TAPI
2014-11-07 04:13 - 2012-02-03 04:12 - 00000000 ____D () C:\Program Files (x86)\Steinberg
2014-11-03 09:24 - 2014-08-02 02:59 - 00000000 ____D () C:\Users\Jeremy\Desktop\Market
2014-10-31 07:02 - 2013-09-23 00:45 - 00000000 ____D () C:\Users\Jeremy\AppData\Roaming\Publish Providers
2014-10-30 22:32 - 2013-04-18 05:07 - 00000000 ____D () C:\Users\Jeremy\AppData\Roaming\Audacity
2014-10-30 06:25 - 2010-11-20 22:27 - 00275080 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe
2014-10-29 07:25 - 2014-04-27 09:16 - 00000000 ____D () C:\Users\Jeremy\AppData\Roaming\Waves Audio
2014-10-29 05:28 - 2013-09-23 01:02 - 00000000 ____D () C:\Users\Jeremy\AppData\Roaming\Sony
2014-10-27 14:14 - 2014-09-22 02:25 - 00191868 ____H () C:\Windows\SysWOW64\mlfcache.dat
2014-10-27 11:03 - 2014-05-26 07:22 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-10-27 06:32 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\rescache
2014-10-27 04:44 - 2012-02-03 00:20 - 00000000 ____D () C:\Program Files (x86)\JDownloader
2014-10-27 04:18 - 2014-05-26 07:22 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-10-26 05:20 - 2012-05-10 07:02 - 00000000 ____D () C:\Users\Jeremy\AppData\Roaming\FileZilla
2014-10-26 05:04 - 2012-05-24 21:32 - 00000600 _____ () C:\Users\Jeremy\AppData\Local\PUTTY.RND
2014-10-25 04:56 - 2013-09-23 00:51 - 00000000 ____D () C:\Program Files (x86)\Sony Setup
2014-10-25 03:09 - 2014-04-27 05:18 - 00000000 ____D () C:\Program Files\Steinberg
2014-10-25 03:02 - 2014-10-23 19:39 - 00000000 ____D () C:\Users\Jeremy\AppData\Roaming\PreSonus
2014-10-25 02:56 - 2012-02-02 21:22 - 00111952 _____ () C:\Users\Jeremy\AppData\Local\GDIPFONTCACHEV1.DAT
2014-10-25 02:54 - 2014-10-23 20:58 - 00000000 ____D () C:\Program Files\PreSonus
2014-10-25 02:54 - 2014-04-27 09:06 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Waves
2014-10-25 02:54 - 2014-04-27 09:01 - 00000000 ____D () C:\Program Files\Waves
2014-10-25 02:54 - 2012-02-03 07:42 - 00000000 ____D () C:\Program Files (x86)\InstallShield Installation Information
2014-10-25 02:54 - 2012-02-02 23:07 - 00000000 ____D () C:\Users\Jeremy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\ASIO4ALL v2
2014-10-25 02:54 - 2012-02-02 23:07 - 00000000 ____D () C:\Program Files (x86)\ASIO4ALL v2
2014-10-25 02:53 - 2014-10-24 01:04 - 00000000 ____D () C:\Program Files (x86)\Avid

Some content of TEMP:
====================
C:\Users\Jeremy\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmp_e28ko.dll
C:\Users\Jeremy\AppData\Local\Temp\SpotifyUninstall.exe
C:\Users\Jeremy\AppData\Local\Temp\Uninstall.exe


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2014-11-18 07:39

==================== End Of Log ============================

 

 

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 23-11-2014 01
Ran by Jeremy at 2014-11-24 14:39:56
Running from C:\Users\Jeremy\Desktop
Boot Mode: Normal
==========================================================


==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Microsoft Security Essentials (Enabled - Up to date) {4F35CFC4-45A3-FC37-EF17-759A02E39AB1}
AS: Microsoft Security Essentials (Enabled - Up to date) {F4542E20-6399-F3B9-D5A7-4EE87964D00C}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

64 Bit HP CIO Components Installer (Version: 7.2.8 - Hewlett-Packard) Hidden
7-Zip 9.19 (x64 edition) (HKLM\...\{23170F69-40C1-2702-0919-000001000000}) (Version: 9.19.00.0 - Igor Pavlov)
7-Zip 9.20 (HKLM-x32\...\7-Zip) (Version:  - )
Abbeyroadplugins EMI RS 124 Compressor VST RTAS v1.0.1 (HKLM-x32\...\Abbeyroadplugins EMI RS 124 Compressor_is1) (Version:  - )
Acon Digital DeVerberate (32 bit) 1.1.0 (HKLM-x32\...\{A0168B60-0FA2-45A7-8871-DD25B65E8B38}_is1) (Version: 1.1.0 - Acon AS)
Adobe Audition 1.5 (HKLM-x32\...\{86EF9FC4-F209-4520-B7E1-C7FF0EEBDFFF}) (Version: 1.5 - Adobe Systems)
Adobe Audition CS6 (HKLM-x32\...\{30FD541D-3C9D-41C4-B240-A994EE4E0231}) (Version: 5.0 - Adobe Systems Incorporated)
Adobe Flash Player 15 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 15.0.0.152 - Adobe Systems Incorporated)
Adobe Flash Player 15 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 15.0.0.152 - Adobe Systems Incorporated)
Adobe Help Manager (HKLM-x32\...\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1) (Version: 4.0.244 - Adobe Systems Incorporated)
Adobe Photoshop CS5.1 (HKLM-x32\...\{9158FF30-78D7-40EF-B83E-451AC5334640}) (Version: 12.1 - Adobe Systems Incorporated)
Adobe Premiere Elements 10 (HKLM\...\PremElem100) (Version: 10.0 - Adobe Systems Incorporated)
Adobe Premiere Elements 10 (Version: 10.0 - Adobe Systems Incorporated) Hidden
Adobe Premiere Elements 10 Content (HKLM-x32\...\Adobe Premiere Elements 10 Content) (Version: 10.0 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.07) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.07 - Adobe Systems Incorporated)
AIM for Windows (HKU\S-1-5-21-4055183432-471262313-3685020261-1000\...\AIM) (Version:  - AOL Inc.)
AIPL WarmTone DX v2.2 (HKLM-x32\...\AIPL WarmTone DX v2.2) (Version:  - )
Antares Autotune VST v5.09 (HKLM-x32\...\Antares Autotune VST_is1) (Version:  - )
Antares Microphone Modeler - ZONE (HKLM-x32\...\Antares Microphone Modeler - ZONE) (Version:  - )
Apple Application Support (HKLM-x32\...\{21ECABC3-40B2-42DF-8E21-ACF3A4D0D95A}) (Version: 3.0.5 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{6AF2AC2A-3532-43FD-9F4D-BDC9C0D724C7}) (Version: 7.1.2.6 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
ASIO4ALL (HKLM-x32\...\ASIO4ALL) (Version: 2.10 - Michael Tippach)
Asoftech Data Recovery (HKLM-x32\...\{1AED6EB7-8FEA-4021-B8FD-EBAA6B21679F}) (Version: 1.00 - )
Audacity 2.0.3 (HKLM-x32\...\Audacity_is1) (Version: 2.0.3 - Audacity Team)
Badoo Desktop (HKLM-x32\...\{D0AF8BD9-79A6-45D6-8B71-25281B1300A7}) (Version: 1.6.58.1220 - Badoo)
bl (x32 Version: 1.0.0 - Your Company Name) Hidden
Blaine's Alias Title (HKLM\...\{2758AEE7-EDC9-49B6-9498-7FF378944F3C}) (Version: 1.0.1 - Blaine's Movie Maker Blog)
Blaine's Bloom/Negative Effects (HKLM\...\{4FC89A20-FA00-4AD7-B5E6-AC64E67C4273}) (Version: 1.1.0 - Blaine's Movie Maker Blog)
Blaine's Cartoonify Effects (HKLM\...\{442935B7-87F8-4D86-9E76-41F5A0D82132}) (Version: 1.0.1 - Blaine's Movie Maker Blog)
Blaine's Color Fade Effects (HKLM\...\{1A2D9795-4979-447B-BB34-B8DE7A45B8CE}) (Version: 1.0.1 - Blaine's Movie Maker Blog)
Blaine's Contrast Effects (HKLM\...\{B9BB9850-4A9F-4D16-8089-82EDA9F69650}) (Version: 1.0.1 - Blaine's Movie Maker Blog)
Blaine's Custom Dreamy Look Title (HKLM\...\{36F14E9E-3F89-43EF-948D-D4E1A9021508}) (Version: 2.0.1 - Blaine's Movie Maker Blog)
Blaine's Custom Speed Effects (HKLM\...\{35F7B5BB-670F-4E71-9ED2-C772F17B3C8F}) (Version: 2.0.1 - Blaine's Movie Maker Blog)
Blaine's Film Looks Effects (HKLM\...\{95BCCCA2-447E-4F8F-A4C5-49D5700BE627}) (Version: 1.0.1 - Blaine's Movie Maker Blog)
Blaine's Letterbox Effects (HKLM\...\{53EE9AAB-CD12-454C-BDD8-32BDC289757F}) (Version: 1.0.3 - Blaine's Movie Maker Blog)
Blaine's Pixelate Effects (HKLM\...\{299687D9-4E2A-41F5-84B4-2145AD3A866A}) (Version: 1.0.2 - Blaine's Movie Maker Blog)
Blaine's TV Signal Effects (HKLM\...\{344B6293-5ED2-4091-A574-8D5D14D65AB3}) (Version: 1.0.0 - Blaine's Movie Maker Blog)
BlueStacks App Player (HKLM-x32\...\BlueStacks App Player) (Version: 0.8.4.3036 - BlueStack Systems, Inc.)
BlueStacks Notification Center (HKLM-x32\...\{44181DF6-2751-48C7-B918-72F14508F127}) (Version: 0.8.4.3036 - BlueStack Systems, Inc.)
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
CameraHelperMsi (x32 Version: 13.31.1038.0 - Logitech) Hidden
Canon Easy-WebPrint EX (HKLM-x32\...\Easy-WebPrint EX) (Version: 1.3.5.0 - Canon Inc.)
Canon IJ Scan Utility (HKLM-x32\...\Canon_IJ_Scan_Utility) (Version:  - ‪Canon Inc.‬)
Canon MG2200 series MP Drivers (HKLM\...\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MG2200_series) (Version: 1.00 - Canon Inc.)
Canon MG2200 series On-screen Manual (HKLM-x32\...\Canon MG2200 series On-screen Manual) (Version: 7.5.0 - Canon Inc.)
Canon MG2200 series User Registration (HKLM-x32\...\Canon MG2200 series User Registration) (Version:  - Canon Inc.‎)
Canon My Image Garden (HKLM-x32\...\Canon My Image Garden) (Version: 1.0.0 - Canon Inc.)
Canon My Image Garden Design Files (HKLM-x32\...\Canon My Image Garden Design Files) (Version: 1.0.0 - Canon Inc.)
Canon My Printer (HKLM-x32\...\CanonMyPrinter) (Version: 3.0.0 - Canon Inc.)
Canon PowerShot ELPH 110 HS_IXUS 125 HS Camera User Guide (HKLM-x32\...\CameraUserGuide-PSELPH110HS_IXUS125HS) (Version: 1.0.0.7 - Canon Inc.)
Canon Quick Menu (HKLM-x32\...\CanonQuickMenu) (Version: 2.0.0 - Canon Inc.)
Canon Utilities CameraWindow DC 8 (HKLM-x32\...\CameraWindowDC) (Version: 8.7.0.11 - Canon Inc.)
Canon Utilities ImageBrowser EX (HKLM-x32\...\ImageBrowser EX) (Version: 1.1.1.19 - Canon Inc.)
Canon Utilities PhotoStitch (HKLM-x32\...\PhotoStitch) (Version: 3.1.23.47 - Canon Inc.)
CCleaner (HKLM\...\CCleaner) (Version: 4.19 - Piriform)
CDBurnerXP (HKLM-x32\...\{7E265513-8CDA-4631-B696-F40D983F3B07}_is1) (Version: 4.4.1.3099 - CDBurnerXP)
ClickFix Lite for Adobe Audition version 3.04 (remove only) (HKLM-x32\...\ClickFix Lite for Adobe Audition version 3.04) (Version:  - )
Conexant HD Audio (HKLM\...\CNXT_AUDIO_HDA) (Version: 8.50.4.0 - Conexant)
ContaCam (HKLM-x32\...\ContaCam) (Version: 4.0.5 - Contaware.com)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
DAEMON Tools Lite (HKLM-x32\...\DAEMON Tools Lite) (Version: 4.45.2.0287 - DT Soft Ltd)
Dell Edoc Viewer (HKLM\...\{8EBA8727-ADC2-477B-9D9A-1A1836BE4E05}) (Version: 1.0.0 - Dell Inc)
Dropbox (HKU\S-1-5-21-4055183432-471262313-3685020261-1000\...\Dropbox) (Version: 2.10.52 - Dropbox, Inc.)
Elements 10 Organizer (x32 Version: 10.0 - Adobe Systems Incorporated) Hidden
erLT (x32 Version: 1.20.138.34 - Logitech, Inc.) Hidden
ERUNT 1.1j (HKLM-x32\...\ERUNT_is1) (Version:  - Lars Hederer)
EULAlyzer 2.2 (HKLM-x32\...\EULAlyzer_is1) (Version: 2.2.0 - BrightFort LLC)
FastStone Capture 6.8 (HKLM-x32\...\FastStone Capture) (Version: 6.8 - FastStone Soft)
FileZilla Client 3.9.0.1 (HKLM-x32\...\FileZilla Client) (Version: 3.9.0.1 - Tim Kosse)
foobar2000 v1.1.10 (HKLM-x32\...\foobar2000) (Version: 1.1.10 - Peter Pawlowski)
Free Auto Clicker 4.2.5 (HKLM-x32\...\Free Auto Clicker_is1) (Version:  - FreeAutoClicker Co., Ltd.)
Free Sound Recorder v9.6.1 (HKLM-x32\...\Free Sound Recorder_is1) (Version:  - Copyright© 2005-2013 FreeSoundRecorder Technologies, Inc.)
FreeUndelete 2.1.36867.1 (HKLM-x32\...\{0F5ADA2F-C0B2-4AD6-8FF7-7DFA9D6B4CBA}) (Version: 2.1.36867.1 - Recoveronix)
GEAR driver installer for AMD64 and Intel EM64T (HKLM\...\{50CBBEC7-1010-41C5-8718-A1A6FEDD9C3A}) (Version: 2.003.1 - GEAR Software, Inc.)
GetDataBack for NTFS (HKLM-x32\...\{56582EEA-3AEF-4D84-8B9D-C87A3CD9250F}) (Version: 4.24.000 - Runtime Software)
GlaceVerb 1.01 (HKLM-x32\...\GlaceVerb_is1) (Version:  - Dasample)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 39.0.2171.65 - Google Inc.)
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
HitLeap Viewer 2.8 (HKLM-x32\...\{31B12C11-AE4E-479F-8D6D-242DC265368D}) (Version: 2.8 - HitLeap Ltd.)
HP Imaging Device Functions 13.0 (HKLM\...\HP Imaging Device Functions) (Version: 13.0 - HP)
HP Photosmart Essential 3.5 (HKLM\...\HP Photosmart Essential) (Version: 3.5 - HP)
HP Photosmart Officejet and Deskjet All-In-One Driver Software 13.0 Rel. B (HKLM\...\{B61ED343-0B14-4241-999C-490CB1A20DA4}) (Version: 13.0 - HP)
HP Smart Web Printing 4.51 (HKLM\...\HP Smart Web Printing) (Version: 4.51 - HP)
HP Solution Center 13.0 (HKLM\...\HP Solution Center & Imaging Support Tools) (Version: 13.0 - HP)
iMacros for Chrome File Access 1.0.0.805 (HKU\S-1-5-21-4055183432-471262313-3685020261-1000\...\{97ABEAC7-C6E1-46F1-957B-F395EA4662B5}_is1) (Version: 1.0.0.805 - Ipswitch, Inc)
iMacros Version 10.0.1.2816 (x64) (HKLM\...\{9C5118F7-E26D-4fc0-B7F4-4A067A0808FA}_is1) (Version: 10.0.1.2816 - Ipswitch, Inc)
Intel® Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 9.17.10.3347 - Intel Corporation)
Intel® SDK for OpenCL - CPU Only Runtime Package (HKLM-x32\...\{FCB3772C-B7D0-4933-B1A9-3707EBACC573}) (Version: 2.0.0.37149 - Intel Corporation)
IrfanView (remove only) (HKLM-x32\...\IrfanView) (Version: 4.38 - Irfan Skiljan)
iTunes (HKLM\...\{33E28B58-7BA0-47B7-AA01-9225ABA2B8A9}) (Version: 11.3.0.54 - Apple Inc.)
Java 7 Update 67 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F03217067FF}) (Version: 7.0.670 - Oracle)
JDownloader 0.9 (HKLM-x32\...\5513-1208-7298-9440) (Version: 0.9 - AppWork GmbH)
Junk Mail filter update (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
K-Lite Codec Pack 10.5.0 Standard (HKLM-x32\...\KLiteCodecPack_is1) (Version: 10.5.0 - )
Levelator (HKLM-x32\...\Levelator_is1) (Version:  - The Conversations Network)
Logitech Webcam Software (HKLM-x32\...\{D40EB009-0499-459c-A8AF-C9C110766215}) (Version: 2.30 - Logitech Inc.)
LWS VideoEffects (Version: 13.30.1379.0 - Logitech) Hidden
Malwarebytes Anti-Malware version 2.0.3.1025 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.3.1025 - Malwarebytes Corporation)
Mesh Runtime (x32 Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM-x32\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version:  - Microsoft)
Microsoft Office Enterprise 2007 (HKLM-x32\...\ENTERPRISE) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Office File Validation Add-In (HKLM-x32\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
Microsoft Security Essentials (HKLM\...\Microsoft Security Client) (Version: 4.6.305.0 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft Silverlight (HKLM-x32\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 4.1.10329.0 - Microsoft Corporation)
Microsoft SkyDrive (HKU\S-1-5-21-4055183432-471262313-3685020261-1000\...\SkyDriveSetup.exe) (Version: 17.0.2015.0811 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022 (HKLM\...\{350AA351-21FA-3270-8B7A-835434E766AD}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729 (HKLM\...\{4FFA2088-8317-3B14-93CD-4C699DB37843}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (HKLM-x32\...\{3C3D696B-0DB7-3C6D-A356-3DB8CE541918}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (HKLM-x32\...\{820B6609-4C97-3A2B-B644-573B06A0F0CC}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.60610 (HKLM-x32\...\{a1909659-0a08-4554-8af1-2175904903a1}) (Version: 11.0.60610.1 - Microsoft Corporation)
Movie Maker 6.0 for Windows 7 (64-bit) (HKLM\...\{A7395F20-2B22-4CB8-8510-B452C0F47E02}) (Version: 6.0.0 - Microsoft Corporation)
Moyea FLV to Video Converter Pro version 1.29.2.11 (HKLM-x32\...\{A777CB31-A5EC-4E32-A462-2E24F45D4D4F}_is1) (Version:  - )
Mozilla Firefox 33.1.1 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 33.1.1 (x86 en-US)) (Version: 33.1.1 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 33.1.1 - Mozilla)
MSVCRT110_amd64 (Version: 16.4.1109.0912 - Microsoft) Hidden
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
MSXML 4.0 SP2 Parser and SDK (HKLM-x32\...\{716E0306-8318-4364-8B8F-0CC4E9376BAC}) (Version: 4.20.9818.0 - Microsoft Corporation)
Network64 (Version: 130.0.572.000 - Hewlett-Packard) Hidden
Network64 (Version: 140.0.221.000 - Hewlett-Packard) Hidden
Noise Reduction Plug-In 2.0 (HKLM-x32\...\{847C6940-D852-11E2-81D2-F04DA23A5C58}) (Version: 2.0.596 - Sony)
OCR Software by I.R.I.S. 13.0 (HKLM\...\HPOCR) (Version: 13.0 - HP)
OLYMPUS Master 2 (HKLM-x32\...\{3A1AB8E6-748E-4B95-AA2D-FE9952EB3106}) (Version: 1.0.13 - OLYMPUS IMAGING CORP.)
ooVoo (HKLM-x32\...\{FAA7F8FF-3C05-4A61-8F14-D8A6E9ED6623}) (Version: 3.6.5001 - ooVoo LLC.)
Paltalk Messenger  11.2 (HKLM-x32\...\Paltalk Messenger) (Version: 11.2.0 - AVM Software Inc.)
PDF Settings CS5 (x32 Version: 10.0 - Adobe Systems Incorporated) Hidden
PeaZip 5.4.0 (HKLM-x32\...\{5A2BC38A-406C-4A5B-BF45-6991F9A05325}_is1) (Version:  - Giorgio Tani)
ph (x32 Version: 1.0.0 - Your Company Name) Hidden
PlayReady PC Runtime x86 (HKLM-x32\...\{CCA5EAAD-92F4-4B7A-B5EE-14294C66AB61}) (Version: 1.3.0 - Microsoft Corporation)
PRE10STI64Installer (x32 Version: 1.0 - Adobe Systems Incorporated) Hidden
PreSonus Studio One 2 x64 (HKLM\...\PreSonus Studio One 2) (Version: 2.6.3.27792 - PreSonus Audio Electronics)
QuickTime (HKLM-x32\...\{0E64B098-8018-4256-BA23-C316A43AD9B0}) (Version: 7.72.80.56 - Apple Inc.)
QuickTime 7 (HKLM-x32\...\{111EE7DF-FC45-40C7-98A7-753AC46B12FB}) (Version: 7.75.80.95 - Apple Inc.)
Rapture 1.2.2 (HKLM-x32\...\Rapture_is1) (Version: 18.0 - Cakewalk Music Software)
Rapture 1.2.2 (HKLM-x32\...\Rapture_x64_is1) (Version: 18.0 - Cakewalk Music Software)
Recuva (HKLM\...\Recuva) (Version: 1.37 - Piriform)
Sandboxie 3.44 (64-bit) (HKLM\...\Sandboxie) (Version:  - )
Share YouTube Videos version 1 (HKLM-x32\...\{55DAC5D1-B178-42B2-86A3-94A3E0B4F3DD}_is1) (Version: 1 - )
Simple Search-Replace (HKLM-x32\...\{85BEDB91-5AB4-4066-8946-4EE980950F82}) (Version: 1.08.0000 - RJL Software, Inc.)
Skype™ 6.11 (HKLM-x32\...\{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}) (Version: 6.11.102 - Skype Technologies S.A.)
SmartSound Common Data (HKLM-x32\...\InstallShield_{B8A2869E-30CA-40C5-9CF8-BD7354E57EF8}) (Version: 1.1.0 - SmartSound Software Inc.)
SmartSound Common Data (x32 Version: 1.1.0 - SmartSound Software Inc.) Hidden
SmartSound Premiere Elements 10 x64 Plugin (HKLM\...\{3DAE9A67-DD8D-4EDB-91F7-7B5132B1864D}) (Version: 5.70.0001 - SmartSound Software Inc.)
SmartSound Sonicfire Pro 5 (HKLM-x32\...\InstallShield_{1D273D91-D7D5-4036-8B84-EB4615FF5F81}) (Version: 5.7.1 - SmartSound Software Inc.)
SmartSound Sonicfire Pro 5 (x32 Version: 5.7.1 - SmartSound Software Inc.) Hidden
SONAR X2 Producer (HKLM-x32\...\SONARX2Producer_is1) (Version: 19.0 - Cakewalk Music Software)
Sonic Foundry ACID 4.0e (HKLM-x32\...\{9B7DE025-A6AF-446B-86BE-3BD9604B498A}) (Version: 4.0.408 - Sonic Foundry)
Sound Forge Pro 11.0 (HKLM-x32\...\{A376BDE2-EE3D-11E2-AA13-F04DA23A5C58}) (Version: 11.0.234 - Sony)
Spotify (HKU\S-1-5-21-4055183432-471262313-3685020261-1000\...\Spotify) (Version: 0.9.12.10.g89b2a4fc - Spotify AB)
SpywareBlaster 5.0 (HKLM-x32\...\SpywareBlaster_is1) (Version: 5.0.0 - BrightFort LLC)
System Requirements Lab for Intel (HKLM-x32\...\{53C63F43-B827-42D9-8886-4698D91EA33B}) (Version: 4.5.15.0 - Husdawg, LLC)
TeamViewer 9 (HKLM-x32\...\TeamViewer 9) (Version: 9.0.25942 - TeamViewer)
Universal Audio v4.4.0 Native (HKLM-x32\...\Universal Audio v4.4.0 Native) (Version:  - )
Update for 2007 Microsoft Office System (KB967642) (HKLM-x32\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version:  - Microsoft)
VLC media player (HKLM-x32\...\VLC media player) (Version: 2.1.5 - VideoLAN)
Waves Complete V9r1 (HKLM-x32\...\{90000001-C561-4E32-99EB-3C5AD3683A70}) (Version: 9.0.1 - Waves)
Waves Mercury Bundle (HKLM-x32\...\Waves Mercury Bundle) (Version: 5.0 - Team AiR)
Waves SSL Collection v1.2 (HKLM-x32\...\Waves SSL Collection v1.2) (Version:  - )
Windows 7 Upgrade Advisor (HKLM-x32\...\{AB05F2C8-F608-403b-95E1-FD8ADFACD31E}) (Version: 2.0.5000.0 - Microsoft Corporation)
Windows Installer Clean Up (HKLM-x32\...\{121634B0-2F4B-11D3-ADA3-00C04F52DD52}) (Version: 3.00.00.0000 - Microsoft Corporation)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3538.0513 - Microsoft Corporation)
Windows Live Mesh ActiveX Control for Remote Connections (HKLM-x32\...\{2902F983-B4C1-44BA-B85D-5C6D52E2C441}) (Version: 15.4.5722.2 - Microsoft Corporation)
Windows Media Encoder 9 Series x64 Edition (HKLM\...\Windows Media Encoder 9) (Version:  - )
WinRAR 5.10 (32-bit) (HKLM-x32\...\WinRAR archiver) (Version: 5.10.0 - win.rar GmbH)

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)

CustomCLSID: HKU\S-1-5-21-4055183432-471262313-3685020261-1000_Classes\CLSID\{00020420-0000-0000-C000-000000000046}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-4055183432-471262313-3685020261-1000_Classes\CLSID\{00020424-0000-0000-C000-000000000046}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-4055183432-471262313-3685020261-1000_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Users\Jeremy\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-4055183432-471262313-3685020261-1000_Classes\CLSID\{083863F1-70DE-11D0-BD40-00A0C911CE86}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-4055183432-471262313-3685020261-1000_Classes\CLSID\{275C23E2-3747-11D0-9FEA-00AA003F8646}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-4055183432-471262313-3685020261-1000_Classes\CLSID\{33156164-81D6-11D3-8006-00C04FA30A73}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-4055183432-471262313-3685020261-1000_Classes\CLSID\{33156168-81D6-11D3-8006-00C04FA30A73}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-4055183432-471262313-3685020261-1000_Classes\CLSID\{33D9A762-90C8-11D0-BD43-00A0C911CE86}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-4055183432-471262313-3685020261-1000_Classes\CLSID\{4315D437-5B8C-11D0-BD3B-00A0C911CE86}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-4055183432-471262313-3685020261-1000_Classes\CLSID\{505C2E67-8615-4CA9-9B57-48CF6EE696FD}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-4055183432-471262313-3685020261-1000_Classes\CLSID\{62BE5D10-60EB-11D0-BD3B-00A0C911CE86}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-4055183432-471262313-3685020261-1000_Classes\CLSID\{632B606A-BBC6-11D2-A329-006097C4E476}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-4055183432-471262313-3685020261-1000_Classes\CLSID\{8D52AA2E-40BE-46D7-8F36-DB7B0F636824}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-4055183432-471262313-3685020261-1000_Classes\CLSID\{8E849609-C7E8-4EC7-8BD3-D55E871A340D}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-4055183432-471262313-3685020261-1000_Classes\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}\InprocServer32 -> C:\Users\Jeremy\AppData\Local\Microsoft\SkyDrive\17.0.4029.0217\amd64\SkyDriveShell64.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-4055183432-471262313-3685020261-1000_Classes\CLSID\{A5AC04E7-3E13-48CE-A43F-9FBA59DB1544}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-4055183432-471262313-3685020261-1000_Classes\CLSID\{AB37E6C0-194D-4C33-A924-5178414DEB98}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-4055183432-471262313-3685020261-1000_Classes\CLSID\{AB406AAC-2B2B-11D3-B36B-00C04F6108FF}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-4055183432-471262313-3685020261-1000_Classes\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524}\InprocServer32 -> C:\Users\Jeremy\AppData\Local\Microsoft\SkyDrive\17.0.4029.0217\amd64\SkyDriveShell64.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-4055183432-471262313-3685020261-1000_Classes\CLSID\{C1AB3D89-6973-45A6-AA44-09CEBBF872E5}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-4055183432-471262313-3685020261-1000_Classes\CLSID\{C3043B13-E649-436A-9CE7-8DA8CB0BF7C8}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-4055183432-471262313-3685020261-1000_Classes\CLSID\{CB3D0F55-BC2C-4C1A-85ED-23ED75B5106B}\InprocServer32 -> C:\Users\Jeremy\AppData\Local\Microsoft\SkyDrive\17.0.2015.0811\amd64\SkyDriveShell64.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-4055183432-471262313-3685020261-1000_Classes\CLSID\{CDA42200-BD88-11D0-BD4E-00A0C911CE86}\InprocServer32 -> C:\Windows\System32\quartz.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-4055183432-471262313-3685020261-1000_Classes\CLSID\{DF0AD8E0-F91C-4109-AE46-1EAA5CD8AB08}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-4055183432-471262313-3685020261-1000_Classes\CLSID\{DF0AD8E1-F91C-4109-AE46-1EAA5CD8AB08}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-4055183432-471262313-3685020261-1000_Classes\CLSID\{DF0AD8E3-F91C-4109-AE46-1EAA5CD8AB08}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-4055183432-471262313-3685020261-1000_Classes\CLSID\{E297AB5E-40B0-41BD-9E06-E4144084EE5F}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-4055183432-471262313-3685020261-1000_Classes\CLSID\{E30629D2-27E5-11CE-875D-00608CB78066}\InprocServer32 -> C:\Windows\System32\qcap.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-4055183432-471262313-3685020261-1000_Classes\CLSID\{E436EBB3-524F-11CE-9F53-0020AF0BA770}\InprocServer32 -> C:\Windows\System32\quartz.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-4055183432-471262313-3685020261-1000_Classes\CLSID\{E69341A3-E6D2-4175-B60C-C9D3D6FA40F6}\localserver32 -> C:\Users\Jeremy\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-4055183432-471262313-3685020261-1000_Classes\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A}\InprocServer32 -> C:\Users\Jeremy\AppData\Local\Microsoft\SkyDrive\17.0.4029.0217\amd64\SkyDriveShell64.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-4055183432-471262313-3685020261-1000_Classes\CLSID\{F8071786-1FD0-4A66-81A1-3CBE29274458}\InprocServer32 -> C:\Users\Jeremy\AppData\Local\Microsoft\SkyDrive\17.0.4029.0217\amd64\FileSyncApi64.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-4055183432-471262313-3685020261-1000_Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Jeremy\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-4055183432-471262313-3685020261-1000_Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Jeremy\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-4055183432-471262313-3685020261-1000_Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Jeremy\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-4055183432-471262313-3685020261-1000_Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Jeremy\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-4055183432-471262313-3685020261-1000_Classes\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Jeremy\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-4055183432-471262313-3685020261-1000_Classes\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Jeremy\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-4055183432-471262313-3685020261-1000_Classes\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Jeremy\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-4055183432-471262313-3685020261-1000_Classes\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Jeremy\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)

==================== Restore Points  =========================

21-11-2014 11:36:15 Windows Update
21-11-2014 12:00:17 Windows Update
21-11-2014 12:11:27 Windows Update
22-11-2014 12:00:25 Windows Update
23-11-2014 12:00:14 Windows Update
24-11-2014 12:00:23 Windows Update
24-11-2014 18:53:36 Revo Uninstaller's restore point - Mp3 Song Plays Increaser
24-11-2014 19:09:46 Removed The Increaser

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2014-05-27 02:41 - 2014-07-27 23:02 - 00000855 ____A C:\Windows\system32\Drivers\etc\hosts
127.0.0.1       localhost

==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

Task: {000BB44C-CE99-4636-893C-73FD773565F8} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2014-10-29] (Piriform Ltd)
Task: {13EC7209-0D89-41E6-8409-CB7393D13873} - System32\Tasks\{67FC3169-38AE-4B16-AC98-C12BF2316482} => C:\Users\Jeremy\Desktop\Market\Enhanceviews Autowatcher v2.46.exe
Task: {2DFE3C3A-8F7B-4DC5-82E9-2F67327BC199} - System32\Tasks\{2E674C72-7148-40EF-B1FF-18F184C9BEC4} => C:\Users\Jeremy\Desktop\Market\ReverbnationBot\Reverbnation.exe
Task: {4A884B87-B821-4D5F-85B3-87661AD87625} - System32\Tasks\{D1C9DB01-A992-412F-859C-5077584DD956} => C:\Users\Jeremy\Desktop\Market\Enhanceviews Autowatcher v2.46.exe
Task: {68FD1AED-AB87-4272-804A-71E26C6C771A} - System32\Tasks\Open URL by RoboForm => Rundll32.exe url.dll,FileProtocolHandler "http://www.roboform.com/uninstall.html?aaa=KICMLJLMNJHMNJJMNJNJCNLJMJHMLMCNLMMJJJNJCNHMJMKJKJCNNJNJKMGMMJNJNJHMHMJJGMKJJNJICMIMCNGMCNPMFMGMCNOMPMCNGMNMPMPMFMJMCNOMCNIMJMPMOMCNNMJNPICMPMFMFMLMJNHICMEKMICNJJCKJNBJCMFLKJNIKJCJGIJNKJCMJNNICMJNDJCMKJBJ"
Task: {6D68624E-9CCB-4A52-A71B-8B6E72686DC8} - System32\Tasks\avast! Emergency Update => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe
Task: {80B8B586-A9AD-4CA2-81B1-F5D61B935D8F} - System32\Tasks\{289CFD80-442B-4951-A079-9685D5072ABB} => C:\Users\Jeremy\Desktop\Market\ReverbnationBot\Reverbnation.exe
Task: {88CBBA88-BFB9-4217-87DB-EE75CEE6B47A} - \Update Service YourFileDownloader No Task File <==== ATTENTION
Task: {944C8672-9217-4B06-B29D-B0672B4A1B49} - System32\Tasks\SidebarExecute => C:\Program Files (x86)\Windows Sidebar\sidebar.exe [2010-11-20] (Microsoft Corporation)
Task: {98143B9C-1ED8-4E0E-886A-6DB8807272A5} - System32\Tasks\OfficeSoftwareProtectionPlatform\SvcRestartTask => Sc.exe start osppsvc
Task: {C0D1F864-CDC5-4232-974C-01C2003C9936} - System32\Tasks\Run RoboForm TaskBar Icon => C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe
Task: {D231BA7A-5F2F-44B0-B6C4-D895CFDEA73D} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-05-22] (Google Inc.)
Task: {DACA1686-0AE1-46DD-B241-0901A627F733} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-05-22] (Google Inc.)
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

==================== Loaded Modules (whitelisted) =============

2012-01-20 17:07 - 2011-01-27 10:11 - 00094208 _____ () C:\Windows\System32\IccLibDll_x64.dll
2013-11-08 01:48 - 2013-11-08 01:48 - 01279512 _____ () C:\Program Files (x86)\HitLeap\HitLeap Viewer 2.8\core\control\hitleap-viewer.exe
2013-11-08 00:47 - 2013-11-08 00:47 - 01089024 _____ () C:\Program Files (x86)\HitLeap\HitLeap Viewer 2.8\core\control\..\cef\hitleap-viewer-browser.exe
2013-11-08 00:47 - 2013-11-08 00:47 - 01089024 _____ () C:\Program Files (x86)\HitLeap\HitLeap Viewer 2.8\core\cef\hitleap-viewer-browser.exe
2014-07-03 12:20 - 2014-07-03 12:20 - 00073544 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
2014-07-03 12:19 - 2014-07-03 12:19 - 01044808 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
2014-11-21 06:30 - 2014-11-21 06:30 - 00043008 _____ () c:\users\jeremy\appdata\local\temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmp_e28ko.dll
2013-08-23 14:01 - 2013-08-23 14:01 - 25100288 _____ () C:\Users\Jeremy\AppData\Roaming\Dropbox\bin\libcef.dll
2014-07-22 18:29 - 2014-07-22 18:29 - 00113171 _____ () C:\Program Files (x86)\VideoLAN\VLC\libvlc.dll
2014-07-22 18:29 - 2014-07-22 18:29 - 02396691 _____ () C:\Program Files (x86)\VideoLAN\VLC\libvlccore.dll
2014-07-22 18:29 - 2014-07-22 18:29 - 00268307 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\access\libdshow_plugin.dll
2014-07-22 18:29 - 2014-07-22 18:29 - 00027667 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\audio_output\libdirectsound_plugin.dll
2014-07-22 18:29 - 2014-07-22 18:29 - 00031251 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\audio_output\libwaveout_plugin.dll
2014-07-22 18:29 - 2014-07-22 18:29 - 00066579 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\video_output\libdirectdraw_plugin.dll
2014-07-22 18:29 - 2014-07-22 18:29 - 02043411 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\access\liblibbluray_plugin.dll
2014-07-22 18:29 - 2014-07-22 18:29 - 00100371 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\access\libaccess_bd_plugin.dll
2014-07-22 18:29 - 2014-07-22 18:29 - 00244243 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\access\libdvdnav_plugin.dll
2014-07-22 18:29 - 2014-07-22 18:29 - 00076307 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\access\libaccess_vdr_plugin.dll
2014-07-22 18:29 - 2014-07-22 18:29 - 00045587 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\access\libfilesystem_plugin.dll
2014-07-22 18:29 - 2014-07-22 18:29 - 00060947 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\stream_filter\libsmooth_plugin.dll
2014-07-22 18:29 - 2014-07-22 18:29 - 00531475 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\stream_filter\libhttplive_plugin.dll
2014-07-22 18:29 - 2014-07-22 18:29 - 00708627 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\stream_filter\libdash_plugin.dll
2014-07-22 18:29 - 2014-07-22 18:29 - 00114195 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\access\libzip_plugin.dll
2014-07-22 18:29 - 2014-07-22 18:29 - 00040467 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\access\libstream_filter_rar_plugin.dll
2014-07-22 18:29 - 2014-07-22 18:29 - 00014867 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\stream_filter\librecord_plugin.dll
2014-07-22 18:29 - 2014-07-22 18:29 - 00133139 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\demux\libplaylist_plugin.dll
2014-07-22 18:29 - 2014-07-22 18:29 - 01512467 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\meta_engine\libtaglib_plugin.dll
2014-07-22 18:29 - 2014-07-22 18:29 - 00296979 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\lua\liblua_plugin.dll
2014-07-22 18:29 - 2014-07-22 18:29 - 01248787 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\misc\libxml_plugin.dll
2014-07-22 18:29 - 2014-07-22 18:29 - 00054291 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\control\libhotkeys_plugin.dll
2014-07-22 18:29 - 2014-07-22 18:29 - 00038419 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\control\libglobalhotkeys_plugin.dll
2014-07-22 18:29 - 2014-07-22 18:29 - 00189971 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\demux\libmp4_plugin.dll
2014-07-22 18:29 - 2014-07-22 18:29 - 00091667 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\demux\libavi_plugin.dll
2014-07-22 18:29 - 2014-07-22 18:29 - 11148307 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\gui\libqt4_plugin.dll
2014-07-22 18:29 - 2014-07-22 18:29 - 00036371 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\meta_engine\libfolder_plugin.dll
2014-07-22 18:29 - 2014-07-22 18:29 - 00383507 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\services_discovery\libupnp_plugin.dll
2014-07-22 18:29 - 2014-07-22 18:29 - 00118803 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\services_discovery\libsap_plugin.dll
2014-07-22 18:29 - 2014-07-22 18:29 - 00021011 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\services_discovery\libpodcast_plugin.dll
2014-07-22 18:29 - 2014-07-22 18:29 - 00017427 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\services_discovery\libmediadirs_plugin.dll
2014-07-22 18:29 - 2014-07-22 18:29 - 00014867 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\services_discovery\libwindrive_plugin.dll
2014-07-22 18:29 - 2014-07-22 18:29 - 00292371 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\codec\libpng_plugin.dll
2014-07-22 18:29 - 2014-07-22 18:29 - 00017939 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\codec\libcdg_plugin.dll
2014-07-22 18:29 - 2014-07-22 18:29 - 01280019 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\codec\libschroedinger_plugin.dll
2014-07-22 18:29 - 2014-07-22 18:29 - 00018451 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\codec\libdts_plugin.dll
2014-07-22 18:29 - 2014-07-22 18:29 - 00336403 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\codec\libtheora_plugin.dll
2014-07-22 18:29 - 2014-07-22 18:29 - 00344595 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\codec\libfaad_plugin.dll
2014-07-22 18:29 - 2014-07-22 18:29 - 00198675 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\codec\libflac_plugin.dll
2014-07-22 18:29 - 2014-07-22 18:29 - 00027155 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\codec\libg711_plugin.dll
2014-07-22 18:29 - 2014-07-22 18:29 - 00015891 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\codec\libaes3_plugin.dll
2014-07-22 18:29 - 2014-07-22 18:29 - 01393171 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\codec\liblibass_plugin.dll
2014-07-22 18:29 - 2014-07-22 18:29 - 00146451 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\codec\libspeex_plugin.dll
2014-07-22 18:29 - 2014-07-22 18:29 - 00022035 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\codec\liblpcm_plugin.dll
2014-07-22 18:29 - 2014-07-22 18:29 - 00733203 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\codec\libvorbis_plugin.dll
2014-07-22 18:29 - 2014-07-22 18:29 - 00018963 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\codec\libmpeg_audio_plugin.dll
2014-07-22 18:29 - 2014-07-22 18:29 - 00026131 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\codec\libaraw_plugin.dll
2014-07-22 18:29 - 2014-07-22 18:29 - 00171027 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\codec\libopus_plugin.dll
2014-07-22 18:29 - 2014-07-22 18:29 - 00019475 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\codec\liba52_plugin.dll
2014-07-22 18:29 - 2014-07-22 18:29 - 00019987 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\codec\libspudec_plugin.dll
2014-07-22 18:29 - 2014-07-22 18:29 - 10447379 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\codec\libavcodec_plugin.dll
2014-07-22 18:29 - 2014-07-22 18:29 - 00746515 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\text_renderer\libfreetype_plugin.dll
2014-07-22 18:29 - 2014-07-22 18:29 - 00026643 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\sse2\libi420_yuy2_sse2_plugin.dll
2014-07-22 18:29 - 2014-07-22 18:29 - 00019987 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\mmx\libi420_yuy2_mmx_plugin.dll
2014-07-22 18:29 - 2014-07-22 18:29 - 00587283 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\video_filter\libswscale_plugin.dll
2014-07-22 18:29 - 2014-07-22 18:29 - 00113683 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\sse2\libi420_rgb_sse2_plugin.dll
2014-07-22 18:29 - 2014-07-22 18:29 - 00027667 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\sse2\libi422_yuy2_sse2_plugin.dll
2014-07-22 18:29 - 2014-07-22 18:29 - 00019987 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\mmx\libi422_yuy2_mmx_plugin.dll
2014-07-22 18:29 - 2014-07-22 18:29 - 00053779 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\mmx\libi420_rgb_mmx_plugin.dll
2014-07-22 18:29 - 2014-07-22 18:29 - 00016915 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\video_chroma\libyuy2_i422_plugin.dll
2014-07-22 18:29 - 2014-07-22 18:29 - 00015379 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\video_chroma\libgrey_yuv_plugin.dll
2014-07-22 18:29 - 2014-07-22 18:29 - 00032275 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\video_chroma\libi420_rgb_plugin.dll
2014-07-22 18:29 - 2014-07-22 18:29 - 00018963 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\video_chroma\libi420_yuy2_plugin.dll
2014-07-22 18:29 - 2014-07-22 18:29 - 00020499 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\video_chroma\libyuy2_i420_plugin.dll
2014-07-22 18:29 - 2014-07-22 18:29 - 00017427 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\video_chroma\libi422_yuy2_plugin.dll
2014-07-22 18:29 - 2014-07-22 18:29 - 00015379 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\video_chroma\libi422_i420_plugin.dll
2014-07-22 18:29 - 2014-07-22 18:29 - 00015379 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\video_filter\libscale_plugin.dll
2014-07-22 18:29 - 2014-07-22 18:29 - 00013843 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\video_filter\libyuvp_plugin.dll
2014-07-22 18:29 - 2014-07-22 18:29 - 00068115 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\video_output\libdirect3d_plugin.dll
2014-07-22 18:29 - 2014-07-22 18:29 - 00013843 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\audio_mixer\libfloat_mixer_plugin.dll
2014-07-22 18:29 - 2014-07-22 18:29 - 00018963 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\audio_filter\libscaletempo_plugin.dll
2014-07-22 18:29 - 2014-07-22 18:29 - 00130579 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\audio_filter\libmpgatofixed32_plugin.dll
2014-07-22 18:29 - 2014-07-22 18:29 - 00168979 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\audio_filter\libdtstofloat32_plugin.dll
2014-07-22 18:29 - 2014-07-22 18:29 - 00058899 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\audio_filter\liba52tofloat32_plugin.dll
2014-07-22 18:29 - 2014-07-22 18:29 - 01496083 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\audio_filter\libsamplerate_plugin.dll
2014-07-22 18:29 - 2014-07-22 18:29 - 00019475 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\audio_filter\libsimple_channel_mixer_plugin.dll
2014-07-22 18:29 - 2014-07-22 18:29 - 00013331 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\audio_filter\liba52tospdif_plugin.dll
2014-07-22 18:29 - 2014-07-22 18:29 - 00014355 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\audio_filter\libdtstospdif_plugin.dll
2014-07-22 18:29 - 2014-07-22 18:29 - 00014867 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\audio_filter\libdolby_surround_decoder_plugin.dll
2014-07-22 18:29 - 2014-07-22 18:29 - 00014355 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\audio_filter\libugly_resampler_plugin.dll
2014-07-22 18:29 - 2014-07-22 18:29 - 00015379 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\audio_filter\libtrivial_channel_mixer_plugin.dll
2014-07-22 18:29 - 2014-07-22 18:29 - 00025619 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\audio_filter\libaudio_format_plugin.dll
2014-11-24 14:30 - 2014-11-13 21:42 - 03649648 _____ () C:\Program Files (x86)\Mozilla Firefox\mozjs.dll
2014-09-09 09:25 - 2014-09-09 09:25 - 17670832 _____ () C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_15_0_0_152.dll
2014-11-21 15:47 - 2014-11-14 16:15 - 01077064 _____ () C:\Program Files (x86)\Google\Chrome\Application\39.0.2171.65\libglesv2.dll
2014-11-21 15:47 - 2014-11-14 16:15 - 00211272 _____ () C:\Program Files (x86)\Google\Chrome\Application\39.0.2171.65\libegl.dll
2014-11-21 15:47 - 2014-11-14 16:15 - 09009480 _____ () C:\Program Files (x86)\Google\Chrome\Application\39.0.2171.65\pdf.dll
2014-11-21 15:47 - 2014-11-14 16:15 - 01677128 _____ () C:\Program Files (x86)\Google\Chrome\Application\39.0.2171.65\ffmpegsumo.dll
2013-11-08 00:47 - 2013-11-08 00:47 - 36561408 _____ () C:\Program Files (x86)\HitLeap\HitLeap Viewer 2.8\core\cef\libcef.dll
2013-11-08 00:47 - 2013-11-08 00:47 - 00862208 _____ () C:\Program Files (x86)\HitLeap\HitLeap Viewer 2.8\core\cef\ffmpegsumo.dll
2013-11-08 00:47 - 2013-11-08 00:47 - 00880640 _____ () C:\Program Files (x86)\HitLeap\HitLeap Viewer 2.8\core\cef\libglesv2.dll
2013-11-08 00:47 - 2013-11-08 00:47 - 00102912 _____ () C:\Program Files (x86)\HitLeap\HitLeap Viewer 2.8\core\cef\libegl.dll

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)

AlternateDataStreams: C:\ProgramData\Temp:5C321E34

==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)


==================== EXE Association (whitelisted) =============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)


==================== MSCONFIG/TASK MANAGER disabled items =========

(Currently there is no automatic fix for this section.)

MSCONFIG\Services: Adobe LM Service => 3
MSCONFIG\Services: BITCOMET_HELPER_SERVICE => 3
MSCONFIG\Services: SbieSvc => 2
MSCONFIG\Services: TeamViewer8 => 2
MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk => C:\Windows\pss\HP Digital Imaging Monitor.lnk.CommonStartup
MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^ImageBrowser EX Agent.lnk => C:\Windows\pss\ImageBrowser EX Agent.lnk.CommonStartup
MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^MailWasher.lnk => C:\Windows\pss\MailWasher.lnk.CommonStartup
MSCONFIG\startupfolder: C:^Users^Jeremy^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Dropbox.lnk => C:\Windows\pss\Dropbox.lnk.Startup
MSCONFIG\startupfolder: C:^Users^Jeremy^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^PalTalk.lnk => C:\Windows\pss\PalTalk.lnk.Startup
MSCONFIG\startupfolder: C:^Users^Jeremy^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^start.lnk => C:\Windows\pss\start.lnk.Startup
MSCONFIG\startupfolder: C:^Users^Jeremy^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Tube Bot.lnk => C:\Windows\pss\Tube Bot.lnk.Startup
MSCONFIG\startupfolder: C:^Users^Jeremy^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^_uninst_10354613.lnk => C:\Windows\pss\_uninst_10354613.lnk.Startup
MSCONFIG\startupfolder: C:^Users^Jeremy^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^_uninst_24441005.lnk => C:\Windows\pss\_uninst_24441005.lnk.Startup
MSCONFIG\startupfolder: C:^Users^Jeremy^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^_uninst_51818170.lnk => C:\Windows\pss\_uninst_51818170.lnk.Startup
MSCONFIG\startupreg: AddMeFastBotv4.exe => D:\- Jeremy\- Programs\- Website Tools\- Bots\AddMeFastBotv4.exe
MSCONFIG\startupreg: Adobe ARM => "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
MSCONFIG\startupreg: AdobeAAMUpdater-1.0 => "C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe"
MSCONFIG\startupreg: AdobeCS5.5ServiceManager => "C:\Program Files (x86)\Common Files\Adobe\CS5.5ServiceManager\CS5.5ServiceManager.exe" -launchedbylogin
MSCONFIG\startupreg: Akamai NetSession Interface => "C:\Users\Jeremy\AppData\Local\Akamai\netsession_win.exe"
MSCONFIG\startupreg: APSDaemon => "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
MSCONFIG\startupreg: BrowseForTheCause => C:\Program Files (x86)\BrowseForTheCause\BrowseForTheCause.exe
MSCONFIG\startupreg: BrowserSync => "C:\Users\Jeremy\AppData\Roaming\BrowserSync\BrowserSyncSetup.exe"repair update startup
MSCONFIG\startupreg: CAHeadless => C:\Program Files (x86)\Adobe\Elements 10 Organizer\CAHeadless\ElementsAutoAnalyzer.exe
MSCONFIG\startupreg: CanonQuickMenu => C:\Program Files (x86)\Canon\Quick Menu\CNQMMAIN.EXE /logon
MSCONFIG\startupreg: CCleaner Monitoring => "C:\Program Files\CCleaner\CCleaner64.exe" /MONITOR
MSCONFIG\startupreg: ContaCam => C:\Program Files (x86)\ContaCam\ContaCam.exe
MSCONFIG\startupreg: DAEMON Tools Lite => "C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe" -autorun
MSCONFIG\startupreg: Dell DataSafe Online => C:\Program Files (x86)\Dell\Dell Datasafe Online\NOBuClient.exe
MSCONFIG\startupreg: EV_Autowatcher_Download-Carbon0x => C:\Users\Jeremy\Desktop\Market\Enhanceviews Autowatcher v2.45.exe
MSCONFIG\startupreg: Facebook Update => "C:\Users\Jeremy\AppData\Local\Facebook\Update\FacebookUpdate.exe" /c /nocrashserver
MSCONFIG\startupreg: FileZilla Server Interface => "C:\Program Files (x86)\FileZilla Server\FileZilla Server Interface.exe"
MSCONFIG\startupreg: Google Update => "C:\Users\Jeremy\AppData\Local\Google\Update\GoogleUpdate.exe" /c
MSCONFIG\startupreg: GoogleChromeAutoLaunch_6D3B45FEBE36B822DCB3796A57AA2386 => "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --no-startup-window
MSCONFIG\startupreg: GrooveMonitor => "C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe"
MSCONFIG\startupreg: HP Software Update => C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe
MSCONFIG\startupreg: hpqSRMon => C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSRMon.exe
MSCONFIG\startupreg: IEBrowserSync => "C:\Users\Jeremy\AppData\Roaming\BrowserSync\IE\IEBrowserSync.exe"
MSCONFIG\startupreg: iTunesHelper => "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
MSCONFIG\startupreg: LWS => C:\Program Files (x86)\Logitech\LWS\Webcam Software\LWS.exe -hide
MSCONFIG\startupreg: Media Finder => "C:\Program Files (x86)\Media Finder\Media Finder.exe" /opentotray
MSCONFIG\startupreg: OM2_Monitor => "C:\Program Files (x86)\OLYMPUS\OLYMPUS Master 2\MMonitor.exe" -NoStart
MSCONFIG\startupreg: ooVoo.exe => C:\Program Files (x86)\ooVoo\oovoo.exe /minimized
MSCONFIG\startupreg: Pinger => "C:\Program Files (x86)\Pinger\Pinger.exe"
MSCONFIG\startupreg: QuickTime Task => "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
MSCONFIG\startupreg: SandboxieControl => "C:\Program Files (x86)\Sandboxie\SbieCtrl.exe"
MSCONFIG\startupreg: Spotify => "C:\Users\Jeremy\AppData\Roaming\Spotify\Spotify.exe" /uri spotify:autostart
MSCONFIG\startupreg: Spotify Web Helper => "C:\Users\Jeremy\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe"
MSCONFIG\startupreg: SunJavaUpdateSched => "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
MSCONFIG\startupreg: SwitchBoard => C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
MSCONFIG\startupreg: ThreadManager.exe => C:\Program Files (x86)\Thread Manager\ThreadManager.exe
MSCONFIG\startupreg: tsiVideo => C:\Windows\SysWOW64\rundll32.exe C:\Users\Jeremy\AppData\Local\Temp\\mdi264.dll,runme
MSCONFIG\startupreg: urlspace => C:\Users\Jeremy\AppData\Local\Temp\7zO4B90.tmp\Ninja Sword Software.exe -h

========================= Accounts: ==========================

Administrator (S-1-5-21-4055183432-471262313-3685020261-500 - Administrator - Disabled)
Guest (S-1-5-21-4055183432-471262313-3685020261-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-4055183432-471262313-3685020261-1002 - Limited - Enabled)
Jeremy (S-1-5-21-4055183432-471262313-3685020261-1000 - Administrator - Enabled) => C:\Users\Jeremy

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (11/24/2014 02:30:28 PM) (Source: SideBySide) (EventID: 35) (User: )
Description: Activation context generation failed for "WavesQtLibs_4.7.3_Win32_Release,processorArchitecture="AMD64",type="win32",version="1.0.0.0"1".Error in manifest or policy file "WavesQtLibs_4.7.3_Win32_Release,processorArchitecture="AMD64",type="win32",version="1.0.0.0"2" on line WavesQtLibs_4.7.3_Win32_Release,processorArchitecture="AMD64",type="win32",version="1.0.0.0"3.
Component identity found in manifest does not match the identity of the component requested.
Reference is WavesQtLibs_4.7.3_Win32_Release,processorArchitecture="AMD64",type="win32",version="1.0.0.0".
Definition is WavesQtLibs_4.7.3_Win32_Release,processorArchitecture="x86",type="win32",version="1.0.0.0".
Please use sxstrace.exe for detailed diagnosis.

Error: (11/24/2014 02:30:28 PM) (Source: SideBySide) (EventID: 35) (User: )
Description: Activation context generation failed for "WavesQtLibs_4.7.3_Win32_Release,processorArchitecture="AMD64",type="win32",version="1.0.0.0"1".Error in manifest or policy file "WavesQtLibs_4.7.3_Win32_Release,processorArchitecture="AMD64",type="win32",version="1.0.0.0"2" on line WavesQtLibs_4.7.3_Win32_Release,processorArchitecture="AMD64",type="win32",version="1.0.0.0"3.
Component identity found in manifest does not match the identity of the component requested.
Reference is WavesQtLibs_4.7.3_Win32_Release,processorArchitecture="AMD64",type="win32",version="1.0.0.0".
Definition is WavesQtLibs_4.7.3_Win32_Release,processorArchitecture="x86",type="win32",version="1.0.0.0".
Please use sxstrace.exe for detailed diagnosis.

Error: (11/24/2014 02:30:28 PM) (Source: SideBySide) (EventID: 35) (User: )
Description: Activation context generation failed for "WavesQtLibs_4.7.3_Win32_Release,processorArchitecture="AMD64",type="win32",version="1.0.0.0"1".Error in manifest or policy file "WavesQtLibs_4.7.3_Win32_Release,processorArchitecture="AMD64",type="win32",version="1.0.0.0"2" on line WavesQtLibs_4.7.3_Win32_Release,processorArchitecture="AMD64",type="win32",version="1.0.0.0"3.
Component identity found in manifest does not match the identity of the component requested.
Reference is WavesQtLibs_4.7.3_Win32_Release,processorArchitecture="AMD64",type="win32",version="1.0.0.0".
Definition is WavesQtLibs_4.7.3_Win32_Release,processorArchitecture="x86",type="win32",version="1.0.0.0".
Please use sxstrace.exe for detailed diagnosis.

Error: (11/24/2014 02:30:28 PM) (Source: SideBySide) (EventID: 35) (User: )
Description: Activation context generation failed for "WavesQtLibs_4.7.3_Win32_Release,processorArchitecture="AMD64",type="win32",version="1.0.0.0"1".Error in manifest or policy file "WavesQtLibs_4.7.3_Win32_Release,processorArchitecture="AMD64",type="win32",version="1.0.0.0"2" on line WavesQtLibs_4.7.3_Win32_Release,processorArchitecture="AMD64",type="win32",version="1.0.0.0"3.
Component identity found in manifest does not match the identity of the component requested.
Reference is WavesQtLibs_4.7.3_Win32_Release,processorArchitecture="AMD64",type="win32",version="1.0.0.0".
Definition is WavesQtLibs_4.7.3_Win32_Release,processorArchitecture="x86",type="win32",version="1.0.0.0".
Please use sxstrace.exe for detailed diagnosis.

Error: (11/24/2014 02:30:28 PM) (Source: SideBySide) (EventID: 35) (User: )
Description: Activation context generation failed for "WavesQtLibs_4.7.3_Win32_Release,processorArchitecture="AMD64",type="win32",version="1.0.0.0"1".Error in manifest or policy file "WavesQtLibs_4.7.3_Win32_Release,processorArchitecture="AMD64",type="win32",version="1.0.0.0"2" on line WavesQtLibs_4.7.3_Win32_Release,processorArchitecture="AMD64",type="win32",version="1.0.0.0"3.
Component identity found in manifest does not match the identity of the component requested.
Reference is WavesQtLibs_4.7.3_Win32_Release,processorArchitecture="AMD64",type="win32",version="1.0.0.0".
Definition is WavesQtLibs_4.7.3_Win32_Release,processorArchitecture="x86",type="win32",version="1.0.0.0".
Please use sxstrace.exe for detailed diagnosis.

Error: (11/24/2014 02:26:13 PM) (Source: SideBySide) (EventID: 35) (User: )
Description: Activation context generation failed for "WavesQtLibs_4.7.3_Win32_Release,processorArchitecture="AMD64",type="win32",version="1.0.0.0"1".Error in manifest or policy file "WavesQtLibs_4.7.3_Win32_Release,processorArchitecture="AMD64",type="win32",version="1.0.0.0"2" on line WavesQtLibs_4.7.3_Win32_Release,processorArchitecture="AMD64",type="win32",version="1.0.0.0"3.
Component identity found in manifest does not match the identity of the component requested.
Reference is WavesQtLibs_4.7.3_Win32_Release,processorArchitecture="AMD64",type="win32",version="1.0.0.0".
Definition is WavesQtLibs_4.7.3_Win32_Release,processorArchitecture="x86",type="win32",version="1.0.0.0".
Please use sxstrace.exe for detailed diagnosis.

Error: (11/24/2014 02:26:13 PM) (Source: SideBySide) (EventID: 35) (User: )
Description: Activation context generation failed for "WavesQtLibs_4.7.3_Win32_Release,processorArchitecture="AMD64",type="win32",version="1.0.0.0"1".Error in manifest or policy file "WavesQtLibs_4.7.3_Win32_Release,processorArchitecture="AMD64",type="win32",version="1.0.0.0"2" on line WavesQtLibs_4.7.3_Win32_Release,processorArchitecture="AMD64",type="win32",version="1.0.0.0"3.
Component identity found in manifest does not match the identity of the component requested.
Reference is WavesQtLibs_4.7.3_Win32_Release,processorArchitecture="AMD64",type="win32",version="1.0.0.0".
Definition is WavesQtLibs_4.7.3_Win32_Release,processorArchitecture="x86",type="win32",version="1.0.0.0".
Please use sxstrace.exe for detailed diagnosis.

Error: (11/24/2014 09:32:22 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: plugin-container.exe, version: 33.0.3.5422, time stamp: 0x545b5277
Faulting module name: mozalloc.dll, version: 33.0.3.5422, time stamp: 0x545b2aeb
Exception code: 0x80000003
Fault offset: 0x00001425
Faulting process id: 0x1680
Faulting application start time: 0xplugin-container.exe0
Faulting application path: plugin-container.exe1
Faulting module path: plugin-container.exe2
Report Id: plugin-container.exe3

Error: (11/24/2014 03:35:02 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: rundll32.exe_aepdu.dll, version: 6.1.7600.16385, time stamp: 0x4a5bc9e0
Faulting module name: d3d11.dll, version: 6.2.9200.16570, time stamp: 0x5153b56b
Exception code: 0xc0000005
Fault offset: 0x000000000001e354
Faulting process id: 0x5e4c
Faulting application start time: 0xrundll32.exe_aepdu.dll0
Faulting application path: rundll32.exe_aepdu.dll1
Faulting module path: rundll32.exe_aepdu.dll2
Report Id: rundll32.exe_aepdu.dll3

Error: (11/23/2014 03:49:51 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: rundll32.exe_aepdu.dll, version: 6.1.7600.16385, time stamp: 0x4a5bc9e0
Faulting module name: d3d11.dll, version: 6.2.9200.16570, time stamp: 0x5153b56b
Exception code: 0xc0000005
Fault offset: 0x000000000001e354
Faulting process id: 0x2aa4
Faulting application start time: 0xrundll32.exe_aepdu.dll0
Faulting application path: rundll32.exe_aepdu.dll1
Faulting module path: rundll32.exe_aepdu.dll2
Report Id: rundll32.exe_aepdu.dll3


System errors:
=============
Error: (11/24/2014 07:11:12 AM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT AUTHORITY)
Description: Installation Failure: Windows failed to install the following update with error 0x80073701: Update for Windows 7 for x64-based Systems (KB2952664).

Error: (11/24/2014 07:05:44 AM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT AUTHORITY)
Description: Installation Failure: Windows failed to install the following update with error 0x8007371b: Security Update for Windows 7 for x64-based Systems (KB3003743).

Error: (11/24/2014 07:05:19 AM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT AUTHORITY)
Description: Installation Failure: Windows failed to install the following update with error 0x8007371b: Security Update for Windows 7 for x64-based Systems (KB2993958).

Error: (11/24/2014 07:05:12 AM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT AUTHORITY)
Description: Installation Failure: Windows failed to install the following update with error 0x8007371b: Security Update for Windows 7 for x64-based Systems (KB3011780).

Error: (11/24/2014 07:04:35 AM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT AUTHORITY)
Description: Installation Failure: Windows failed to install the following update with error 0x8007371b: Security Update for Windows 7 for x64-based Systems (KB3005607).

Error: (11/24/2014 07:04:18 AM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT AUTHORITY)
Description: Installation Failure: Windows failed to install the following update with error 0x8007371b: Security Update for Windows 7 for x64-based Systems (KB2992611).

Error: (11/24/2014 07:03:42 AM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT AUTHORITY)
Description: Installation Failure: Windows failed to install the following update with error 0x8007371b: Security Update for Microsoft .NET Framework 3.5.1 on Windows 7 and Windows Server 2008 R2 SP1 for x64-based Systems (KB2978120).

Error: (11/24/2014 07:03:33 AM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT AUTHORITY)
Description: Installation Failure: Windows failed to install the following update with error 0x8007371b: Security Update for Windows 7 for x64-based Systems (KB3010788).

Error: (11/24/2014 07:03:27 AM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT AUTHORITY)
Description: Installation Failure: Windows failed to install the following update with error 0x8007371b: Security Update for Windows 7 for x64-based Systems (KB3002885).

Error: (11/24/2014 07:02:55 AM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT AUTHORITY)
Description: Installation Failure: Windows failed to install the following update with error 0x8007371b: Update for Windows 7 for x64-based Systems (KB3008627).


Microsoft Office Sessions:
=========================

CodeIntegrity Errors:
===================================
  Date: 2014-07-23 01:52:56.523
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2014-07-23 01:52:56.459
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2013-10-06 01:34:22.151
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2013-10-06 01:34:22.098
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2013-10-06 01:34:22.044
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2013-10-06 01:34:21.990
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2013-08-09 15:23:06.934
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2013-08-09 15:23:06.888
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2013-08-09 15:23:06.841
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2013-08-09 15:23:06.795
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.


==================== Memory info ===========================

Processor: Intel® Core™ i5-2320 CPU @ 3.00GHz
Percentage of memory in use: 54%
Total physical RAM: 6056.63 MB
Available physical RAM: 2779.21 MB
Total Pagefile: 12111.44 MB
Available Pagefile: 8041.5 MB
Total Virtual: 8192 MB
Available Virtual: 8191.84 MB

==================== Drives ================================

Drive c: (OS) (Fixed) (Total:450.91 GB) (Free:82.38 GB) NTFS
Drive d: (Files) (Fixed) (Total:931.51 GB) (Free:287.82 GB) NTFS
Drive g: (4TB) (Fixed) (Total:3725.9 GB) (Free:2716.55 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 931.5 GB) (Disk ID: 3468B252)
Partition 1: (Not Active) - (Size=931.5 GB) - (Type=07 NTFS)

========================================================
Disk: 1 (MBR Code: Windows 7 or Vista) (Size: 465.8 GB) (Disk ID: 9D4CFAAC)
Partition 1: (Not Active) - (Size=39 MB) - (Type=DE)
Partition 2: (Active) - (Size=14.8 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=450.9 GB) - (Type=07 NTFS)
Attempted reading MBR returned 0 bytes.
 Could not read MBR for disk 3.

==================== End Of Log ============================



#6 bloopie

bloopie

    Bleepin' Sith Turner


  • Malware Response Team
  • 7,927 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:New York
  • Local time:09:58 PM

Posted 25 November 2014 - 07:09 PM

Hello again, and sorry for the delay!
 
Your system is pretty clean overall, and MBAM was able to take care of most of it...so not much to worry about. :)
 
Please run these two steps below:

Step :step1:

We need to run a fix with FRST:

  • Please download the attached fixlist.txt file and save it to the same location as FRST
    Note: It's important that both files, FRST.exe/FRST64.exe and fixlist.txt are in the same location or the fix will not work
    NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system
    Attached File  fixlist.txt   1.2KB   3 downloads
  • Run FRST.exe/FRST64.exe and press the Fix button just once and wait
  • If for some reason the tool needs a restart, please make sure you let the system restart normally, then let the tool complete its run
  • When finished, FRST will generate a log (Fixlog.txt) in the same location the tool was run, please post it to your reply

==========

Step :step2:

Now please update MBAM, run another quick/hyper scan (removing anything it finds), then post the latest log results.

==========

Please post both requested logs in your next reply and let me know if you're having any other problems with the machine as of now!

bloopie



#7 4youte

4youte
  • Topic Starter

  • Members
  • 173 posts
  • OFFLINE
  •  
  • Local time:09:58 PM

Posted 27 November 2014 - 07:37 AM

Ok, other issues I'm having is non-malware related I believe. I'm always told to re-install my OS, but I've always had a friend setting up any computer I've had so I wouldn't know how to set everything up again because there's so much I would have to set up that it feels impossible. So with that in mind, I'm hoping that there are alternative solutions for issues I'm having. You saw the errors I've been getting through the farbar scan. I can't get my latest Windows 7 updates to install. They just keep failing, and I've had this issue for weeks now I believe. Different programs that used to be able to run are no longer able to run which has been the case for many months now. I think there are some major problems with my computer's registry which is why I asked about using Ccleaner to fix up all of the registry errors it found. Can I attach the Ccleaner registry log that I wanted to attach so you can see?    

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 23-11-2014 01
Ran by Jeremy at 2014-11-26 10:59:33 Run:1
Running from C:\Users\Jeremy\Desktop
Loaded Profile: Jeremy (Available profiles: Jeremy)
Boot Mode: Normal
==============================================
 
Content of fixlist:
*****************
HKLM-x32\...\RunOnce: [Del D:\- Jeremy\- Images\Me\- Facebook\- JaizMusic\- Social Pics\Kissing\GEDC0557\GEDC0557.psd OnNextReboot] => D:\- Jeremy\- Images\Me\- Facebook\- JaizMusic\- Social Pics\Kissing\GEDC0557\GEDC0557.psd [69218238 2012-11-11] ()
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\.DEFAULT\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\S-1-5-21-4055183432-471262313-3685020261-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
SearchScopes: HKU\S-1-5-21-4055183432-471262313-3685020261-1000 -> DefaultScope {736CBB01-850B-4D59-81FC-F5B9985C1B27} URL = https://search.yahoo.com/search?fr=sp_tr_ie&ei=utf-8&ilc=12&type=711278&p={searchTerms}
SearchScopes: HKU\S-1-5-21-4055183432-471262313-3685020261-1000 -> {736CBB01-850B-4D59-81FC-F5B9985C1B27} URL = https://search.yahoo.com/search?fr=sp_tr_ie&ei=utf-8&ilc=12&type=711278&p={searchTerms}
Task: {88CBBA88-BFB9-4217-87DB-EE75CEE6B47A} - \Update Service YourFileDownloader No Task File <==== ATTENTION
AlternateDataStreams: C:\ProgramData\Temp:5C321E34
*****************
 
HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\\Del D:\- Jeremy\- Images\Me\- Facebook\- JaizMusic\- Social Pics\Kissing\GEDC0557\GEDC0557.psd OnNextReboot => value deleted successfully.
"HKLM\SOFTWARE\Policies\Google" => Key deleted successfully.
"HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer" => Key deleted successfully.
"HKU\.DEFAULT\SOFTWARE\Policies\Microsoft\Internet Explorer" => Key deleted successfully.
"HKU\S-1-5-21-4055183432-471262313-3685020261-1000\SOFTWARE\Policies\Microsoft\Internet Explorer" => Key deleted successfully.
HKU\S-1-5-21-4055183432-471262313-3685020261-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value deleted successfully.
"HKU\S-1-5-21-4055183432-471262313-3685020261-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{736CBB01-850B-4D59-81FC-F5B9985C1B27}" => Key deleted successfully.
"HKCR\CLSID\{736CBB01-850B-4D59-81FC-F5B9985C1B27}" => Key not found.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{88CBBA88-BFB9-4217-87DB-EE75CEE6B47A}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{88CBBA88-BFB9-4217-87DB-EE75CEE6B47A}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Update Service YourFileDownloader" => Key deleted successfully.
C:\ProgramData\Temp => ":5C321E34" ADS removed successfully.
 
==== End of Fixlog ====

Malwarebytes Anti-Malware
www.malwarebytes.org
 
Scan Date: 11/27/2014
Scan Time: 5:21:13 AM
Logfile: mbamlog.txt
Administrator: Yes
 
Version: 2.00.3.1025
Malware Database: v2014.11.27.04
Rootkit Database: v2014.11.22.01
License: Free
Malware Protection: Disabled
Malicious Website Protection: Disabled
Self-protection: Disabled
 
OS: Windows 7 Service Pack 1
CPU: x64
File System: NTFS
User: Jeremy
 
Scan Type: Threat Scan
Result: Completed
Objects Scanned: 448670
Time Elapsed: 20 min, 21 sec
 
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled
 
Processes: 0
(No malicious items detected)
 
Modules: 0
(No malicious items detected)
 
Registry Keys: 0
(No malicious items detected)
 
Registry Values: 0
(No malicious items detected)
 
Registry Data: 0
(No malicious items detected)
 
Folders: 0
(No malicious items detected)
 
Files: 16
PUP.Optional.SaferInstall, C:\Users\Jeremy\AppData\Local\Temp\DA39.tmp, Quarantined, [447cc57b3844e6509fa3bb206e930ef2], 
PUP.Optional.SaferInstall, C:\Users\Jeremy\AppData\Local\Temp\E44.tmp, Quarantined, [f5cb48f87ffdf442d76bab30df2237c9], 
PUP.Optional.SaferInstall, C:\Users\Jeremy\AppData\Local\Temp\E4D3.tmp, Quarantined, [58684ff1cdaf9a9cee54776421e060a0], 
PUP.Optional.SaferInstall, C:\Users\Jeremy\AppData\Local\Temp\7709.tmp, Quarantined, [9a26b18f4735e650f54d944702ff13ed], 
Trojan.Downloader.VX, C:\Users\Jeremy\AppData\Local\Temp\8699.tmp, Quarantined, [6f511828f58775c15a757d6e6f920ff1], 
Trojan.Downloader.VX, C:\Users\Jeremy\AppData\Local\Temp\A2F1.tmp, Quarantined, [635dd9674a32d26421aef2f9b8496997], 
PUP.Optional.FriedCookie, C:\Users\Jeremy\AppData\Local\Temp\A885.tmp, Quarantined, [3b850739a8d4c472b3a7aa401ae715eb], 
PUP.Optional.OutBrowse, C:\Users\Jeremy\AppData\Local\Temp\AAE3.tmp, Quarantined, [c2fe66da720a0036bca6618c02ff916f], 
PUP.Optional.DomaIQ, C:\Users\Jeremy\AppData\Local\Temp\AC5B.tmp, Quarantined, [6f519ca43a42082e19fbb4397e83bd43], 
PUP.Optional.DomaIQ, C:\Users\Jeremy\AppData\Local\Temp\AF4.tmp, Quarantined, [3d8364dcd3a99d9938dcb33a7a87ff01], 
PUP.Optional.Ibryte, C:\Users\Jeremy\AppData\Local\Temp\B096.tmp, Quarantined, [e8d889b781fb1521032078d3ec197d83], 
PUP.Optional.DomaIQ, C:\Users\Jeremy\AppData\Local\Temp\B5E9.tmp, Quarantined, [853bc67a8def6dc9d143c62726dbf907], 
PUP.Optional.SaferInstall, C:\Users\Jeremy\AppData\Local\Temp\BACB.tmp, Quarantined, [9e22023eb8c4ef47340e0ecdac55d729], 
PUP.Optional.DomaIQ, C:\Users\Jeremy\AppData\Local\Temp\3989.tmp, Quarantined, [219f3b059ede1323eb2924c9b948649c], 
PUP.Optional.SaferInstall, C:\Users\Jeremy\AppData\Local\Temp\57C4.tmp, Quarantined, [0db347f9a0dc61d571d18d4e60a17090], 
PUP.Optional.SaferInstall, C:\Users\Jeremy\AppData\Local\Temp\ECC8.tmp, Quarantined, [4c7482be5c20ac8a093913c8be43af51], 
 
Physical Sectors: 0
(No malicious items detected)
 
 
(end)


#8 bloopie

bloopie

    Bleepin' Sith Turner


  • Malware Response Team
  • 7,927 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:New York
  • Local time:09:58 PM

Posted 27 November 2014 - 08:10 AM

Hello again,

 

Thanks for letting me know! :wink:

There may be quite a bit of mere broken file registrations in the registry log which won't help anyway, but you may attach the log to your next post. :)

==========

But we have a more pressing matter, you have recurring temp files, so let's run these programs next:

Step :step1:

Run Combofix

You may be asked to install or update the Recovery Console (Win XP Only) if this happens please allow it to do so (you will need to be connected to the internet for this)

Before you run Combofix I will need you to turn off any security software you have running, If you do not know how to do this you can find out here or here

Combofix may need to reboot your computer more than once to do its job...this is normal.

You can download Combofix from one of these links.

  • Close any open browsers or any other programs that are open.
  • Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
  • Double click on combofix.exe & follow the prompts.
  • When finished, it will produce a report for you C:\Combofix.txt. Please include that in your next reply.

Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall

Note 2: If you receive an error "Illegal operation attempted on a registry key that has been marked for deletion." Please restart the computer

==========

Step :step2:

Please download aswMBR ( 4.5MB ) to your desktop.

  • Double click the aswMBR.exe icon, and click Run.
  • When asked if you'd like to "download the latest Avast! virus definitions", click Yes.
  • Click the Scan button to start the scan.
  • On completion of the scan, click the save log button, save it to your desktop, then copy and paste it in your next reply.

==========

Please post both logs (and you can attach the reg log) in your next reply!

bloopie



#9 4youte

4youte
  • Topic Starter

  • Members
  • 173 posts
  • OFFLINE
  •  
  • Local time:09:58 PM

Posted 29 November 2014 - 04:22 AM

ComboFix 14-11-25.01 - Jeremy 11/29/2014   3:41.2.4 - x64
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.1.1033.18.6057.4584 [GMT -5:00]
Running from: c:\users\Jeremy\Desktop\ComboFix.exe
AV: Microsoft Security Essentials *Disabled/Updated* {4F35CFC4-45A3-FC37-EF17-759A02E39AB1}
SP: Microsoft Security Essentials *Disabled/Updated* {F4542E20-6399-F3B9-D5A7-4EE87964D00C}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\Jeremy\AppData\Local\Adobe\downloader.dll
c:\users\Jeremy\AppData\Local\Adobe\gccheck.exe
c:\users\Jeremy\AppData\Local\Adobe\gtbcheck.exe
c:\users\Jeremy\AppData\Local\Adobe\install_flash_player.exe
.
.
(((((((((((((((((((((((((   Files Created from 2014-10-28 to 2014-11-29  )))))))))))))))))))))))))))))))
.
.
2014-11-29 08:53 . 2014-11-29 08:53 -------- d-----w- c:\users\Public\AppData\Local\temp
2014-11-28 11:29 . 2014-11-02 04:20 11632448 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{C966BFE4-8146-4610-B8C5-6CE03C0D33F4}\mpengine.dll
2014-11-27 11:29 . 2014-11-02 04:20 11632448 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2014-11-24 19:30 . 2014-11-24 19:30 -------- d-----w- c:\program files (x86)\Mozilla Maintenance Service
2014-11-24 18:41 . 2014-11-26 16:00 -------- d-----w- C:\FRST
2014-11-21 11:39 . 2014-09-17 07:07 1188440 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{7A5B5267-8787-4275-BA6E-96636A305597}\gapaengine.dll
2014-11-18 15:14 . 2014-11-18 15:14 -------- d-----w- c:\program files (x86)\Dropbox
2014-11-16 20:01 . 2014-11-16 20:01 -------- d-----w- c:\program files (x86)\Cok Software
2014-11-13 04:28 . 2014-11-18 07:22 -------- d-----w- c:\windows\CheckSur
2014-11-12 07:19 . 2014-08-12 02:02 878080 ----a-w- c:\windows\system32\IMJP10K.DLL
2014-11-12 07:19 . 2014-08-12 01:36 701440 ----a-w- c:\windows\SysWow64\IMJP10K.DLL
2014-11-12 07:18 . 2014-10-18 02:05 861696 ----a-w- c:\windows\system32\oleaut32.dll
2014-11-12 07:18 . 2014-10-18 01:33 571904 ----a-w- c:\windows\SysWow64\oleaut32.dll
2014-11-11 18:05 . 2014-11-11 18:05 -------- d-----w- c:\program files (x86)\Sonic Foundry
2014-11-11 18:04 . 2014-11-11 18:04 -------- d-----w- c:\program files (x86)\Sonic Foundry Setup
2014-11-11 17:53 . 2014-11-11 17:53 -------- d-----w- c:\program files\Sonic Foundry Setup
2014-11-04 17:20 . 2014-11-04 17:20 -------- d-----w- c:\programdata\Wondershare
2014-11-04 17:20 . 2014-11-04 17:20 -------- d-----w- c:\program files\Wondershare
2014-11-04 16:50 . 2014-11-04 16:50 -------- d-----w- c:\users\Jeremy\AppData\Local\Spotify
.
.
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2014-11-27 12:22 . 2014-05-26 12:24 129752 ----a-w- c:\windows\system32\drivers\MBAMSwissArmy.sys
2014-11-12 08:11 . 2012-02-03 08:13 103374192 ----a-w- c:\windows\system32\MRT.exe
2014-10-30 11:25 . 2010-11-21 03:27 275080 ------w- c:\windows\system32\MpSigStub.exe
2014-10-10 02:05 . 2014-10-14 23:37 276480 ----a-w- c:\windows\system32\generaltel.dll
2014-10-10 02:05 . 2014-10-14 23:37 507392 ----a-w- c:\windows\system32\aepdu.dll
2014-10-10 02:00 . 2014-10-14 23:37 424448 ----a-w- c:\windows\system32\aeinv.dll
2014-10-01 15:11 . 2014-05-26 12:22 63704 ----a-w- c:\windows\system32\drivers\mwac.sys
2014-10-01 15:11 . 2013-10-27 17:41 93400 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys
2014-10-01 15:11 . 2013-03-06 04:20 25816 ----a-w- c:\windows\system32\drivers\mbam.sys
2014-09-29 00:58 . 2014-10-14 23:38 3198976 ----a-w- c:\windows\system32\win32k.sys
2014-09-25 02:08 . 2014-10-06 12:50 371712 ----a-w- c:\windows\system32\qdvd.dll
2014-09-25 01:40 . 2014-10-06 12:50 519680 ----a-w- c:\windows\SysWow64\qdvd.dll
2014-09-20 05:18 . 2014-10-14 23:35 51712 ----a-w- c:\windows\system32\ie4uinit.exe
2014-09-20 05:17 . 2014-10-14 23:35 2236928 ----a-w- c:\windows\system32\wininet.dll
2014-09-20 05:17 . 2014-10-14 23:35 1407488 ----a-w- c:\windows\system32\urlmon.dll
2014-09-20 05:16 . 2014-10-14 23:35 197120 ----a-w- c:\windows\system32\msrating.dll
2014-09-20 05:16 . 2014-10-14 23:35 19280896 ----a-w- c:\windows\system32\mshtml.dll
2014-09-20 05:16 . 2014-10-14 23:35 97280 ----a-w- c:\windows\system32\mshtmled.dll
2014-09-20 05:16 . 2014-10-14 23:35 603136 ----a-w- c:\windows\system32\msfeeds.dll
2014-09-20 05:16 . 2014-10-14 23:35 3959296 ----a-w- c:\windows\system32\jscript9.dll
2014-09-20 05:16 . 2014-10-14 23:35 855552 ----a-w- c:\windows\system32\jscript.dll
2014-09-20 05:16 . 2014-10-14 23:35 53760 ----a-w- c:\windows\system32\jsproxy.dll
2014-09-20 05:16 . 2014-10-14 23:35 2655232 ----a-w- c:\windows\system32\iertutil.dll
2014-09-20 05:16 . 2014-10-14 23:35 526336 ----a-w- c:\windows\system32\ieui.dll
2014-09-20 05:16 . 2014-10-14 23:35 136704 ----a-w- c:\windows\system32\iesysprep.dll
2014-09-20 05:16 . 2014-10-14 23:35 39936 ----a-w- c:\windows\system32\iernonce.dll
2014-09-20 05:16 . 2014-10-14 23:35 67072 ----a-w- c:\windows\system32\iesetup.dll
2014-09-20 05:16 . 2014-10-14 23:35 15399424 ----a-w- c:\windows\system32\ieframe.dll
2014-09-20 05:16 . 2014-10-14 23:35 255488 ----a-w- c:\windows\system32\iedkcs32.dll
2014-09-20 05:15 . 2014-10-14 23:35 281600 ----a-w- c:\windows\system32\dxtrans.dll
2014-09-20 05:15 . 2014-10-14 23:35 451584 ----a-w- c:\windows\system32\dxtmsft.dll
2014-09-20 05:15 . 2014-10-14 23:35 1508864 ----a-w- c:\windows\system32\inetcpl.cpl
2014-09-20 03:57 . 2014-10-14 23:35 1762816 ----a-w- c:\windows\SysWow64\wininet.dll
2014-09-20 03:57 . 2014-10-14 23:35 2861568 ----a-w- c:\windows\SysWow64\jscript9.dll
2014-09-20 03:57 . 2014-10-14 23:35 109056 ----a-w- c:\windows\SysWow64\iesysprep.dll
2014-09-20 03:57 . 2014-10-14 23:35 61440 ----a-w- c:\windows\SysWow64\iesetup.dll
2014-09-20 03:56 . 2014-10-14 23:35 1440768 ----a-w- c:\windows\SysWow64\inetcpl.cpl
2014-09-20 03:38 . 2014-10-14 23:35 2706432 ----a-w- c:\windows\system32\mshtml.tlb
2014-09-20 03:33 . 2014-10-14 23:35 2706432 ----a-w- c:\windows\SysWow64\mshtml.tlb
2014-09-20 02:43 . 2014-10-14 23:35 89600 ----a-w- c:\windows\system32\RegisterIEPKEYs.exe
2014-09-20 02:35 . 2014-10-14 23:35 71680 ----a-w- c:\windows\SysWow64\RegisterIEPKEYs.exe
2014-09-19 06:56 . 2014-09-19 06:57 98216 ----a-w- c:\windows\SysWow64\WindowsAccessBridge-32.dll
2014-09-18 02:00 . 2014-10-14 23:36 3241472 ----a-w- c:\windows\system32\msi.dll
2014-09-18 01:32 . 2014-10-14 23:36 2363904 ----a-w- c:\windows\SysWow64\msi.dll
2014-09-17 07:07 . 2014-07-23 01:27 1188440 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\NISBackup\gapaengine.dll
2014-09-13 01:58 . 2014-10-14 23:35 77312 ----a-w- c:\windows\system32\packager.dll
2014-09-13 01:40 . 2014-10-14 23:35 67072 ----a-w- c:\windows\SysWow64\packager.dll
2014-09-09 22:19 . 2012-07-17 19:37 23256 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
2014-09-09 22:11 . 2014-09-24 06:42 2048 ----a-w- c:\windows\system32\tzres.dll
2014-09-09 21:47 . 2014-09-24 06:42 2048 ----a-w- c:\windows\SysWow64\tzres.dll
2014-09-09 14:25 . 2014-09-09 14:24 71344 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2014-09-09 14:25 . 2014-09-09 14:24 701104 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2014-09-05 02:11 . 2014-10-14 23:35 6584320 ----a-w- c:\windows\system32\mstscax.dll
2014-09-05 01:52 . 2014-10-14 23:35 5703168 ----a-w- c:\windows\SysWow64\mstscax.dll
2014-09-04 05:23 . 2014-10-14 23:36 424448 ----a-w- c:\windows\system32\rastls.dll
2014-09-04 05:04 . 2014-10-14 23:36 372736 ----a-w- c:\windows\SysWow64\rastls.dll
.
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown 
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt1"]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2014-06-24 21:08 131480 ----a-w- c:\users\Jeremy\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt2"]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2014-06-24 21:08 131480 ----a-w- c:\users\Jeremy\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt3"]
@="{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}]
2014-06-24 21:08 131480 ----a-w- c:\users\Jeremy\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt4"]
@="{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}]
2014-06-24 21:08 131480 ----a-w- c:\users\Jeremy\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt5"]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2014-06-24 21:08 131480 ----a-w- c:\users\Jeremy\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt6"]
@="{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}]
2014-06-24 21:08 131480 ----a-w- c:\users\Jeremy\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt7"]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2014-06-24 21:08 131480 ----a-w- c:\users\Jeremy\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt8"]
@="{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}]
2014-06-24 21:08 131480 ----a-w- c:\users\Jeremy\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SandboxieControl"="c:\program files\Sandboxie\SbieCtrl.exe" [2010-02-03 570600]
"CCleaner Monitoring"="c:\program files\CCleaner\CCleaner64.exe" [2014-10-29 6501656]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
"EnableSecureUIAPath"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=1 (0x1)
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
R2 BstHdAndroidSvc;BlueStacks Android Service;c:\program files (x86)\BlueStacks\HD-Service.exe BstHdAndroidSvc Android;c:\program files (x86)\BlueStacks\HD-Service.exe BstHdAndroidSvc Android [x]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe;c:\program files (x86)\Skype\Updater\Updater.exe [x]
R3 Apowersoft_AudioDevice;Apowersoft_AudioDevice;c:\windows\system32\drivers\Apowersoft_AudioDevice.sys;c:\windows\SYSNATIVE\drivers\Apowersoft_AudioDevice.sys [x]
R3 CompFilter64;UVCCompositeFilter;c:\windows\system32\DRIVERS\lvbflt64.sys;c:\windows\SYSNATIVE\DRIVERS\lvbflt64.sys [x]
R3 LVRS64;Logitech RightSound Filter Driver;c:\windows\system32\DRIVERS\lvrs64.sys;c:\windows\SYSNATIVE\DRIVERS\lvrs64.sys [x]
R3 LVUVC64;Logitech HD Webcam C510(UVC);c:\windows\system32\DRIVERS\lvuvc64.sys;c:\windows\SYSNATIVE\DRIVERS\lvuvc64.sys [x]
R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys;c:\windows\SYSNATIVE\DRIVERS\NisDrvWFP.sys [x]
R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\NisSrv.exe;c:\program files\Microsoft Security Client\NisSrv.exe [x]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys;c:\windows\SYSNATIVE\drivers\rdpvideominiport.sys [x]
R3 SwitchBoard;Adobe SwitchBoard;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys;c:\windows\SYSNATIVE\drivers\TsUsbGD.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]
S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys;c:\windows\SYSNATIVE\Drivers\PxHlpa64.sys [x]
S2 AdobeActiveFileMonitor10.0;Adobe Active File Monitor V10;c:\program files (x86)\Adobe\Elements 10 Organizer\PhotoshopElementsFileAgent.exe;c:\program files (x86)\Adobe\Elements 10 Organizer\PhotoshopElementsFileAgent.exe [x]
S2 BstHdDrv;BlueStacks Hypervisor;c:\program files (x86)\BlueStacks\HD-Hypervisor-amd64.sys;c:\program files (x86)\BlueStacks\HD-Hypervisor-amd64.sys [x]
S2 BstHdLogRotatorSvc;BlueStacks Log Rotator Service;c:\program files (x86)\BlueStacks\HD-LogRotatorService.exe;c:\program files (x86)\BlueStacks\HD-LogRotatorService.exe [x]
S2 TeamViewer9;TeamViewer 9;c:\program files (x86)\TeamViewer\Version9\TeamViewer_Service.exe;c:\program files (x86)\TeamViewer\Version9\TeamViewer_Service.exe [x]
S2 UMVPFSrv;UMVPFSrv;c:\program files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe;c:\program files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe [x]
S3 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys;c:\windows\SYSNATIVE\DRIVERS\dtsoftbus01.sys [x]
S3 ICCS;Intel® Integrated Clock Controller Service - Intel® ICCS;c:\program files (x86)\Intel\Intel® Integrated Clock Controller Service\ICCProxy.exe;c:\program files (x86)\Intel\Intel® Integrated Clock Controller Service\ICCProxy.exe [x]
S3 IntcDAud;Intel® Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys;c:\windows\SYSNATIVE\DRIVERS\IntcDAud.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys;c:\windows\SYSNATIVE\DRIVERS\Rt64win7.sys [x]
S3 USBMULCD;USB Multi-Channel Audio Device Interface;c:\windows\system32\drivers\CM10664.sys;c:\windows\SYSNATIVE\drivers\CM10664.sys [x]
S3 VSTWinDriver6;VSTWinDriver6;c:\windows\system32\drivers\VSTwindrvr6.sys;c:\windows\SYSNATIVE\drivers\VSTwindrvr6.sys [x]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
hpdevmgmt REG_MULTI_SZ   hpqcxs08 hpqddsvc
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2014-11-26 15:47 1087304 ----a-w- c:\program files (x86)\Google\Chrome\Application\39.0.2171.71\Installer\chrmstp.exe
.
Contents of the 'Scheduled Tasks' folder
.
2014-11-13 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2014-05-22 10:22]
.
2014-11-29 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2014-05-22 10:22]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt1"]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2014-06-24 21:08 164760 ----a-w- c:\users\Jeremy\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt2"]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2014-06-24 21:08 164760 ----a-w- c:\users\Jeremy\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt3"]
@="{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}]
2014-06-24 21:08 164760 ----a-w- c:\users\Jeremy\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt4"]
@="{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}]
2014-06-24 21:08 164760 ----a-w- c:\users\Jeremy\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt5"]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2014-06-24 21:08 164760 ----a-w- c:\users\Jeremy\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt6"]
@="{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}]
2014-06-24 21:08 164760 ----a-w- c:\users\Jeremy\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt7"]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2014-06-24 21:08 164760 ----a-w- c:\users\Jeremy\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt8"]
@="{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}]
2014-06-24 21:08 164760 ----a-w- c:\users\Jeremy\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2013-11-07 171992]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2013-11-07 399832]
"Persistence"="c:\windows\system32\igfxpers.exe" [2013-11-07 442328]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2014-08-22 1331288]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.google.com
mLocal Page = c:\windows\SysWOW64\blank.htm
uSearchAssistant = hxxp://www.google.com
TCP: DhcpNameServer = 208.59.247.45 208.59.247.46
FF - ProfilePath - c:\users\Jeremy\AppData\Roaming\Mozilla\Firefox\Profiles\6b4yms8m.default-1379773998789\
FF - prefs.js: browser.search.selectedEngine - Web Search (powered by Google)
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/
FF - prefs.js: keyword.URL - hxxp://search.toolbars.alexa.com/?ver=alxf-2.21&src=ab&aid=zQYck10BT%2B002X&q=
FF - ExtSQL: !HIDDEN! 2012-10-08 22:35; smartwebprinting@hp.com; c:\program files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-Locked - (no file)
HKLM_Wow6432Node-ActiveSetup-{2D46B6DC-2207-486B-B523-A557E6D54B47} - start
Toolbar-Locked - (no file)
AddRemove-{D4D7D75D-00A0-CCD9-8303-9D1E2E193749} - c:\progra~3\INSTAL~2\{61B99~1\Setup.exe
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\software\BlueStacks]
"SymbolicLinkValue"=hex(6):5c,00,52,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
   00,5c,00,4d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,6f,00,66,00,\
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_15_0_0_152_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_15_0_0_152_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}]
@Denied: (A 2) (Everyone)
@="IFlashBroker6"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_15_0_0_152_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_15_0_0_152_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_15_0_0_152.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.15"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_15_0_0_152.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_15_0_0_152.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_15_0_0_152.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}]
@Denied: (A 2) (Everyone)
@="IFlashBroker6"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\McAfee]
"SymbolicLinkValue"=hex(6):5c,00,72,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
   00,5c,00,6d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,6f,00,66,00,\
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Wondershare\Wondershare Helper Compact\1684957527\ows*TEMP=c:\users\Jeremy\AppData\Local\Temp*TMP=c:\users\Jeremy\AppData\Local\Temp*USERDOMAIN=Jeremy-PC*USERNAME=Jeremy*USERPROFILE=c:\users\Jeremy*windir=c:\windows*windows_tracing_flags=3*windows_tracing_logfile=c:\BVTBin\Tests\installpackage\csilogfile.]
"JoinUserExperience"=dword:00000001
.
Completion time: 2014-11-29  03:55:41
ComboFix-quarantined-files.txt  2014-11-29 08:55
.
Pre-Run: 86,883,033,088 bytes free
Post-Run: 86,654,554,112 bytes free
.
- - End Of File - - B26B6BF8A15309D09BCB91A041B82175
F1BC9A487FAD21118DA4D5B596310BA4
 
aswMBR version 1.0.1.2252 Copyright© 2014 AVAST Software
Run date: 2014-11-29 03:56:00
-----------------------------
03:56:00.141    OS Version: Windows x64 6.1.7601 Service Pack 1
03:56:00.141    Number of processors: 4 586 0x2A07
03:56:00.141    ComputerName: JEREMY-PC  UserName: Jeremy
03:56:02.074    Initialize success
03:56:02.152    VM: initialized successfully
03:56:02.154    VM: Intel CPU supported 
03:57:02.723    VM: supported disk I/O ataport.SYS
03:59:06.799    AVAST engine defs: 14112801
03:59:13.148    Disk 0  \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP3T0L0-4
03:59:13.151    Disk 0 Vendor: SAMSUNG_HD103UJ 1AA01113 Size: 953869MB BusType: 3
03:59:13.154    Disk 1 (boot) \Device\Harddisk1\DR1 -> \Device\Ide\IdeDeviceP0T0L0-0
03:59:13.157    Disk 1 Vendor: ST3500413AS JC49 Size: 476940MB BusType: 3
03:59:13.246    VM: Disk 1 MBR read successfully
03:59:13.248    Disk 1 MBR scan
03:59:13.252    Disk 1 Windows VISTA default MBR code
03:59:13.256    Disk 1 Partition 1 00     DE Dell Utility DELL 4.1       39 MB offset 63
03:59:13.268    Disk 1 Partition 2 80 (A) 07    HPFS/NTFS NTFS        15166 MB offset 81920
03:59:13.272    Disk 1 Boot: NTFS     code=1
03:59:13.286    Disk 1 Partition 3 00     07    HPFS/NTFS NTFS       461733 MB offset 31141888
03:59:13.314    Disk 1 scanning C:\Windows\system32\drivers
03:59:22.781    Service scanning
03:59:39.342    Modules scanning
03:59:39.348    Disk 1 trace - called modules:
03:59:39.368    ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys ataport.SYS intelide.sys PCIIDEX.SYS hal.dll atapi.sys 
03:59:39.371    1 nt!IofCallDriver -> \Device\Harddisk1\DR1[0xfffffa800658e060]
03:59:39.373    3 CLASSPNP.SYS[fffff8800193143f] -> nt!IofCallDriver -> [0xfffffa8005f6b520]
03:59:39.376    5 ACPI.sys[fffff88000f267a1] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-0[0xfffffa8005f67680]
03:59:40.629    AVAST engine scan C:\Windows
03:59:42.712    AVAST engine scan C:\Windows\system32
04:02:52.258    AVAST engine scan C:\Windows\system32\drivers
04:03:08.815    AVAST engine scan C:\Users\Jeremy
04:15:14.142    Disk 1 MBR has been saved successfully to "C:\Users\Jeremy\Desktop\MBR.dat"
04:15:14.146    The log file has been saved successfully to "C:\Users\Jeremy\Desktop\aswMBR.txt"
 
 


#10 4youte

4youte
  • Topic Starter

  • Members
  • 173 posts
  • OFFLINE
  •  
  • Local time:09:58 PM

Posted 29 November 2014 - 04:23 AM

I tried to attach the Ccleaner registry file, but it says the file is too big. 



#11 bloopie

bloopie

    Bleepin' Sith Turner


  • Malware Response Team
  • 7,927 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:New York
  • Local time:09:58 PM

Posted 29 November 2014 - 04:56 PM

Hello again,
 
Alright, let's clear up a few things and then you can grab another registry log later. Also, you can upload the file to an online host for viewing (like Dropbox or others), but let's get be sure of any root problems first. :wink:

 

For now, things aren't looking too bad, so I'd like you to run the following steps for me next to see how the temp files are progressing:
 
Step :step1:

We need to run another fix with FRST:

  • Please download the attached fixlist.txt file and save it to the same location as FRST
    Note: It's important that both files, FRST.exe/FRST64.exe and fixlist.txt are in the same location or the fix will not work
    NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system
    Attached File  fixlist.txt   10bytes   2 downloads
  • Run FRST.exe/FRST64.exe and press the Fix button just once and wait
  • If for some reason the tool needs a restart, please make sure you let the system restart normally, then let the tool complete its run
  • When finished, FRST will generate a log (Fixlog.txt) in the same location the tool was run, please post it to your reply

==========

Step :step2:

Please run a Hyper Scan (if available this time, otherwise "Threat Scan" as before) with MBAM (remove anything found) and post the results in your next reply.

==========

In your next reply please post both logs for analysis, and let me know how the system is running...any changes?

Assuming things are still doing well, we'll run a couple of other scans, and then we'll see if we can get your system updating again (possibly system file damage that we should be able to repair)! :wink:

 

Don't get discouraged either, we're making good progress and you are doing very well! I just want to make sure your system is clean so that nothing can then interfere with the updating processes. :)

bloopie


Edited by bloopie, 29 November 2014 - 05:36 PM.
Added fixlist.txt attachment


#12 4youte

4youte
  • Topic Starter

  • Members
  • 173 posts
  • OFFLINE
  •  
  • Local time:09:58 PM

Posted 01 December 2014 - 03:53 AM

It always makes me happy when there's a fix text file for my computer lol I surprisingly didn't have any malware detected with Mbam. 
 

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 30-11-2014 01
Ran by Jeremy at 2014-12-01 3:00:52 Run:2
Running from C:\Users\Jeremy\Desktop
Loaded Profile: Jeremy (Available profiles: Jeremy)
Boot Mode: Normal
==============================================
 
Content of fixlist:
*****************
EmptyTemp:
*****************
 
EmptyTemp: => Removed 1.4 GB temporary data.
 
 
The system needed a reboot. 
 
==== End of Fixlog ====

Malwarebytes Anti-Malware
www.malwarebytes.org
 
Scan Date: 12/01/2014
Scan Time: 3:30:10 AM
Logfile: mbam.txt
Administrator: Yes
 
Version: 2.00.3.1025
Malware Database: v2014.11.30.10
Rootkit Database: v2014.11.30.01
License: Free
Malware Protection: Disabled
Malicious Website Protection: Disabled
Self-protection: Disabled
 
OS: Windows 7 Service Pack 1
CPU: x64
File System: NTFS
User: Jeremy
 
Scan Type: Threat Scan
Result: Completed
Objects Scanned: 446132
Time Elapsed: 17 min, 3 sec
 
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled
 
Processes: 0
(No malicious items detected)
 
Modules: 0
(No malicious items detected)
 
Registry Keys: 0
(No malicious items detected)
 
Registry Values: 0
(No malicious items detected)
 
Registry Data: 0
(No malicious items detected)
 
Folders: 0
(No malicious items detected)
 
Files: 0
(No malicious items detected)
 
Physical Sectors: 0
(No malicious items detected)
 
 
(end)

 



#13 bloopie

bloopie

    Bleepin' Sith Turner


  • Malware Response Team
  • 7,927 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:New York
  • Local time:09:58 PM

Posted 01 December 2014 - 06:17 PM

Hello again,
 

I surprisingly didn't have any malware detected with Mbam.

Good, that's what I was hoping to see. :thumbup2:  How is the system running at this point? Everything still running okay?
 
==========
 
Now, this next scan may take some time depending on the size of your hard drive and the speed of your internet connection:

ESET Online Scanner:

Note: You can use either Internet Explorer or Mozilla FireFox for this scan. You will however need to disable your currently installed Anti-Virus, how to do so can be read here:

 

MICROSOFT SECURITY ESSENTIALS - How to temporarily disable Microsoft Security Essentials

  • Right-click on the MSE icon in the system tray and choose Open.
  • Click the Settings tab, then click Real Time Protection.
  • Uncheck the box next to "Turn on real time protection".
  • Click the "Save changes" button.
  • Exit MSE when done.

 

Vista/Windows 7 users: You will need to right-click on either the IE or FF icon in the Start Menu or Quick Launch Bar on the Taskbar and select Run as Administrator from the context menu.

  • Please go here to run the scan.

    Note: If using Mozilla Firefox you will need to download esetsmartinstaller_enu.exe when prompted then double click on it to install.
    All of the below instructions are compatible with either Internet Explorer or Mozilla FireFox.

  • Select the option YES, I accept the Terms of Use then click on: EOLS2.gif
  • When prompted allow the Add-On/Active X to install.
  • Make sure that the option Remove found threats is NOT checked, and the option Scan archives is checked.
  • Now click on Advanced Settings and select the following:
    • Scan for potentially unwanted applications
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth Technology
  • Now click on: EOLS3.gif
  • The virus signature database... will begin to download. Be patient this make take some time depending on the speed of your Internet Connection.
  • When completed the Online Scan will begin automatically.
  • Do not touch either the Mouse or keyboard during the scan otherwise it may stall.
  • When completed select Uninstall application on close if you so wish, make sure you copy the logfile first!
  • Now click on: EOLS4.gif
  • Use notepad to open the logfile located at C:\Program Files\ESET\EsetOnlineScanner\log.txt.
  • Copy and paste that log as a reply to this topic.

Note: Do not forget to re-enable your Anti-Virus application after running the above scan!

==========

Once this is done we'll remove what ESET finds (if necessary), and then we'll tackle your updates! :)

bloopie



#14 bloopie

bloopie

    Bleepin' Sith Turner


  • Malware Response Team
  • 7,927 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:New York
  • Local time:09:58 PM

Posted 04 December 2014 - 06:41 PM

Hello again,
 
This is a 3-Day Bump!
 
If you'd like to continue receiving help, please follow the instructions in my previous post. If you do not respond in another 48 hours, I will be forced to close this topic!
 
bloopie



#15 4youte

4youte
  • Topic Starter

  • Members
  • 173 posts
  • OFFLINE
  •  
  • Local time:09:58 PM

Posted 06 December 2014 - 10:02 AM

I'm a bit lost as to what I should be doing. 






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users