Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

KeyHolder ransomware log


  • This topic is locked This topic is locked
23 replies to this topic

#1 TheBladeRoden

TheBladeRoden

  • Members
  • 30 posts
  • OFFLINE
  •  
  • Local time:09:35 AM

Posted 09 December 2014 - 07:30 PM

We have a created a dedicated KEYHolder support topic here:

KEYHolder Support and Discussion Topic

- The BC Management


 

I got a Trojan or something because Microsoft Security Essentials was sounding alarm bells and a scan with Anti-Malware was bringing up stuff too. After some guaranteeing and rebooting I thought I had gotten rid of the problem.

But later when I started Firefox all my addons were missing, which was weird but restoring its Appdata folder to an earlier date fixed it. Then a couple text files looked like they had part of the text corrupted. Restoring those worked too. Then I saw that there were a lot of files that were Last Modified around the same time.

So I went and did a System Restore, upon rebooting the PC, Windows said System Restore failed because one file didn't restore correctly. But now there are no other System Restore points to pick (I know there was at least one extra) none of the corrupted files have previous versions available anymore, and my C: drive suddenly has 20 more GB of space (gulp)

It was after that I saw every folder in My Documents had a how_decrypt.gif and how_decript.html

VxoK2ym.gif

Malwarebytes Anti-Malware
Malwarebytes | Free Anti-Malware & Internet Security Software

Scan Date: 12/8/2014
Scan Time: 5:39:00 PM
Logfile: malwarebytes.txt
Administrator: Yes

Version: 2.00.4.1028
Malware Database: v2014.12.08.09
Rootkit Database: v2014.12.08.01
License: Free
Malware Protection: Disabled
Malicious Website Protection: Disabled
Self-protection: Disabled

OS: Windows 7 Service Pack 1
CPU: x64
File System: NTFS
User: Josh

Scan Type: Threat Scan
Result: Completed
Objects Scanned: 470430
Time Elapsed: 2 hr, 33 min, 49 sec

Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Enabled
Heuristics: Enabled
PUP: Warn
PUM: Warn

Processes: 4
Trojan.Clicker, C:\Users\Josh\AppData\Local\Temp\conhost.exe, 46460, Delete-on-Reboot, [065fe57bb5c7e05692800be269987789]
Trojan.Agent.ED, C:\Windows\temp\A4F6.tmp, 62736, Delete-on-Reboot, [b8ad520ec6b6072f343230be36cbf20e]
Trojan.Zemot, C:\Windows\SysWOW64\owuhgyfu.exe, 18692, Delete-on-Reboot, [a9bcd28ee993cc6a5952b03a12ef6997]
Trojan.Zemot, C:\Users\Josh\AppData\Roaming\Hymyfi\rasyag.exe, 38488, Delete-on-Reboot, [73f2ff61b8c463d3ebc01cce3ec3be42]

Modules: 0
(No malicious items detected)

Registry Keys: 2
Trojan.Zemot, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\SecurityCenterServer737721932, Quarantined, [a9bcd28ee993cc6a5952b03a12ef6997],
Trojan.Poweliks.B, HKU\S-1-5-18-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\CLASSES\CLSID\{AB8902B4-09CA-4bb6-B78D-A8F59079A8D5}, Quarantined,

[85e02040c2ba60d6e188ef131de3bf41],

Registry Values: 3
Trojan.Zemot, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN|Cyecigruywgut, C:\Users\Josh\AppData\Roaming\Hymyfi\rasyag.exe, Quarantined,

[73f2ff61b8c463d3ebc01cce3ec3be42]
Trojan.Zemot, HKU\S-1-5-21-1096825299-2601053131-2088073329-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN|Cyecigruywgut,

C:\Users\Josh\AppData\Roaming\Hymyfi\rasyag.exe, Quarantined, [73f2ff61b8c463d3ebc01cce3ec3be42]
Trojan.Zemot, HKU\S-1-5-21-1096825299-2601053131-2088073329-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0

\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN|Cyecigruywgut, C:\Users\Josh\AppData\Roaming\Hymyfi\rasyag.exe, Quarantined, [73f2ff61b8c463d3ebc01cce3ec3be42]

Registry Data: 0
(No malicious items detected)

Folders: 0
(No malicious items detected)

Files: 18
Trojan.Clicker, C:\Users\Josh\AppData\Local\Temp\conhost.exe, Delete-on-Reboot, [065fe57bb5c7e05692800be269987789],
Trojan.Agent.ED, C:\Windows\temp\A4F6.tmp, Delete-on-Reboot, [b8ad520ec6b6072f343230be36cbf20e],
Trojan.Zemot, C:\Windows\SysWOW64\owuhgyfu.exe, Delete-on-Reboot, [a9bcd28ee993cc6a5952b03a12ef6997],
Trojan.Zemot, C:\Users\Josh\AppData\Roaming\Hymyfi\rasyag.exe, Delete-on-Reboot, [73f2ff61b8c463d3ebc01cce3ec3be42],
Trojan.Clicker, C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\conhost.exe, Quarantined, [fb6a59076e0edb5b3bd77a73b051f808],
Trojan.GIFFU.ED, C:\Users\Josh\AppData\Local\Temp\UpdateFlashPlayer_97b76ed1.exe, Quarantined, [bca9243cdba15fd76d00f0fb69989e62],
Trojan.Agent.ED, C:\Users\Josh\AppData\Local\Temp\UpdateFlashPlayer_dd86d5a3.exe, Quarantined, [ee77c799b0cc4beb487704e0f60bf30d],
Trojan.Zemot, C:\Users\Josh\AppData\Local\Temp\UpdateFlashPlayer_f43266db.exe, Quarantined, [67fe5f018af296a02e7d1cce2dd4ae52],
Trojan.Clicker, C:\Users\Josh\AppData\Local\Temp\Low\SessionWin32k\3450\conhost.exe, Quarantined, [86df92ce106cae88ce447b72e21ffd03],
Trojan.Clicker, C:\Users\Josh\AppData\Local\Temp\Low\SessionWin32k\3900\conhost.exe, Quarantined, [3f26f46c3844b97d070bdc1116eb1de3],
Trojan.FakeMS, C:\Windows\temp\33.tmp, Quarantined, [4e1778e86715dd597d0a39995aa7cc34],
Trojan.Clicker, C:\Windows\temp\conhost.exe, Delete-on-Reboot, [ef76362a77050630b35fd914ef12cd33],
Trojan.Agent.ED, C:\Windows\temp\7942.tmp, Quarantined, [006564fc6a1238feab1493518d749d63],
Trojan.GIFFU.ED, C:\Windows\temp\7AFB.tmp, Quarantined, [ee773030df9d55e1e68778731fe2f808],
Trojan.Clicker, C:\Windows\temp\Low\SessionWin32k\7446\conhost.exe, Quarantined, [72f3e878e993b086987aa84538c93fc1],
CryptoDefence.Trace, C:\Users\Josh\Desktop\how_decrypt.gif, Quarantined, [84e15907245859dd786681d90cf709f7],
CryptoDefence.Trace, C:\Users\Josh\Desktop\how_decrypt.html, Quarantined, [ea7bc9972f4dc670518d3a20db2826da],
Trojan.Agent.RvGen, C:\Windows\Tasks\Security Center Update - 737721932.job, Quarantined, [d88dd68acdaf0b2b8ba31d6f48bc26da],

Physical Sectors: 0
(No malicious items detected)


(end)

I haven't noticed any more weird behavior yet, but can you help me rid my comp of this thing if it isn't gone for good, and is there a way to get my files back?

BC AdBot (Login to Remove)

 


#2 HelpBot

HelpBot

    Bleepin' Binary Bot


  • Bots
  • 12,730 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:10:35 AM

Posted 14 December 2014 - 07:35 PM

Hello and welcome to Bleeping Computer!

I am HelpBot: an automated program designed to help the Bleeping Computer Staff better assist you! This message contains very important information, so please read through all of it before doing anything.

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

To help Bleeping Computer better assist you please perform the following steps:

***************************************************

step1.gif In order to continue receiving help at BleepingComputer.com, YOU MUST tell me if you still need help or if your issue has already been resolved on your own or through another resource! To tell me this, please click on the following link and follow the instructions there.

CLICK THIS LINK >>> http://www.bleepingcomputer.com/logreply/559242 <<< CLICK THIS LINK



If you no longer need help, then all you needed to do was the previous instructions of telling me so. You can skip the rest of this post. If you do need help please continue with Step 2 below.

***************************************************

step2.gifIf you still need help, I would like you to post a Reply to this topic (click the "Add Reply" button in the lower right hand of this page). In that reply, please include the following information:

  • If you have not done so already, include a clear description of the problems you're having, along with any steps you may have performed so far.
  • A new DDS log. For your convenience, you will find the instructions for generating these logs repeated at the bottom of this post.
    • Please do this even if you have previously posted logs for us.
    • If you were unable to produce the logs originally please try once more.
    • If you are unable to create a log please provide detailed information about your installed Windows Operating System including the Version, Edition and if it is a 32bit or a 64bit system.
    • If you are unsure about any of these characteristics just post what you can and we will guide you.
  • Please tell us if you have your original Windows CD/DVD available.
  • Upon completing the above steps and posting a reply, another staff member will review your topic and do their best to resolve your issues.

Thank you for your patience, and again sorry for the delay.

***************************************************

We need to see some information about what is happening in your machine. Please perform the following scan again:

  • Download DDS by sUBs from the following link if you no longer have it available and save it to your destop.

    DDS.com Download Link
  • Double click on the DDS icon, allow it to run.
  • A small box will open, with an explanation about the tool. No input is needed, the scan is running.
  • Notepad will open with the results.
  • Follow the instructions that pop up for posting the results.
  • Close the program window, and delete the program from your desktop.
Please note: You may have to disable any script protection running if the scan fails to run. After downloading the tool, disconnect from the internet and disable all antivirus protection. Run the scan, enable your A/V and reconnect to the internet.

Information on A/V control can be found HERE.

As I am just a silly little program running on the BleepingComputer.com servers, please do not send me private messages as I do not know how to read and reply to them! Thanks!

#3 TheBladeRoden

TheBladeRoden
  • Topic Starter

  • Members
  • 30 posts
  • OFFLINE
  •  
  • Local time:09:35 AM

Posted 14 December 2014 - 10:09 PM

DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 11.0.9600.17420 BrowserJavaVersion: 10.9.2
Run by Josh at 21:17:01 on 2014-12-14
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.8135.1963 [GMT -5:00]
.
AV: Microsoft Security Essentials *Enabled/Updated* {4F35CFC4-45A3-FC37-EF17-759A02E39AB1}
SP: Microsoft Security Essentials *Enabled/Updated* {F4542E20-6399-F3B9-D5A7-4EE87964D00C}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Program Files\Microsoft Security Client\MsMpEng.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\taskhost.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe
C:\Windows\system32\Dwm.exe
C:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe
C:\Windows\Explorer.EXE
C:\Program Files (x86)\ASUS\AI Suite III\Push Notice\PushNotifyServer.exe
C:\Program Files (x86)\ASUS\AI Suite III\DIP4\GpuFanHelper.exe
C:\Program Files (x86)\ASUS\AI Suite III\EZ Update\EzUpdt.exe
C:\Program Files (x86)\ASUS\AI Suite III\AISuite3.exe
C:\Program Files (x86)\ASUS\AXSP\1.02.00\atkexComSvc.exe
C:\Program Files (x86)\ASUS\AAHM\1.00.22\aaHMSvc.exe
C:\Program Files (x86)\ASUS\AsusFanControlService\1.05.08\AsusFanControlService.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\SysWOW64\PnkBstrA.exe
C:\Program Files (x86)\Google\Update\1.3.25.11\GoogleCrashHandler.exe
C:\Program Files (x86)\Google\Update\1.3.25.11\GoogleCrashHandler64.exe
C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\Microsoft Security Client\NisSrv.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\SearchIndexer.exe
C:\Windows\System32\WUDFHost.exe
C:\Program Files\Microsoft Security Client\msseces.exe
C:\Users\Josh\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe
C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe
C:\Program Files (x86)\ASUS\AI Suite III\USB 3.0 Boost\U3BoostSvr64.exe
C:\Program Files (x86)\AOL Desktop 9.7e\waol.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Program Files (x86)\Common Files\AOL\ACS\AOLacsd.exe
C:\Program Files (x86)\AOL Desktop 9.7e\shellmon.exe
C:\Program Files (x86)\Common Files\aol\1326676198\ee\aolsoftware.exe
C:\Program Files\Ventrilo\Ventrilo.exe
C:\Program Files (x86)\ASUS\AI Suite III\Push Notice\PushNoticeMonitor.exe
C:\Program Files (x86)\ASUS\AI Suite III\Push Notice\PushNotify_PCCtrl.exe
C:\Program Files (x86)\Intel\Intel® Integrated Clock Controller Service\ICCProxy.exe
C:\Windows\system32\wuauclt.exe
C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\AAM Updates Notifier.exe
C:\Windows\system32\taskmgr.exe
C:\Program Files (x86)\Mumble\mumble.exe
C:\Windows\SysWOW64\DllHost.exe
H:\Program Files (x86)\Runtime Software\GetDataBack Simple\gdbsim.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\rundll32.exe
C:\Windows\syswow64\windowspowershell\v1.0\powershell.exe
C:\Users\Josh\AppData\Local\Temp\conhost.exe
C:\Users\Josh\AppData\Local\Temp\Low\SessionWin32k\8288\Clicker3.exe
C:\Users\Josh\AppData\Local\Temp\Low\SessionWin32k\8288\Clicker3.exe
C:\Users\Josh\AppData\Local\Temp\Low\SessionWin32k\8288\Clicker3.exe
C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
C:\Users\Josh\AppData\Local\Temp\Low\SessionWin32k\8288\Clicker3.exe
C:\Program Files (x86)\Process Explorer\procexp64.exe
C:\Windows\explorer.exe
C:\Program Files (x86)\HP\HP Deskjet 2510 series\bin\HPScan.exe
C:\Windows\explorer.exe
C:\Program Files (x86)\Common Files\AOL\Topspeed\3.0\aoltpsd3.exe
C:\Program Files (x86)\AOL Desktop 9.7e\aolbrowser.exe
C:\Windows\TEMP\conhost.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
C:\Windows\system32\msconfig.exe
C:\Users\Josh\AppData\Local\Google\Update\GoogleUpdate.exe
C:\Program Files\Microsoft Security Client\MpCmdRun.exe
C:\Program Files\Microsoft Security Client\MpCmdRun.exe
C:\Windows\system32\wuauclt.exe
C:\Windows\SoftwareDistribution\Download\Install\AM_Delta_Patch_1.189.2082.0.exe
C:\Windows\system32\MpSigStub.exe
C:\Windows\system32\notepad.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\System32\WUDFHost.exe
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uSearch Bar = Preserve
BHO: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
BHO: Skype Browser Helper: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
BHO: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
uRun: [SkyDrive] "C:\Users\Josh\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe" /background
uRun: [AdobeBridge] <no file>
mRun: [USB3MON] "C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe"
mRunOnce: [Malwarebytes Anti-Malware (cleanup)] "C:\ProgramData\Malwarebytes\Malwarebytes Anti-Malware\mbamdor.exe" "C:\ProgramData\Malwarebytes\Malwarebytes Anti-Malware"
dRun: [CtxfiReg] CTXFIREG.exe /FAIL1
uPolicies-Explorer: NoDriveTypeAutoRun = dword:145
uPolicies-Explorer: NoDrives = dword:0
mPolicies-Explorer: NoDrives = dword:0
mPolicies-System: ConsentPromptBehaviorAdmin = dword:0
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableLUA = dword:0
mPolicies-System: EnableUIADesktopToggle = dword:0
mPolicies-System: PromptOnSecureDesktop = dword:0
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
Trusted Zone: clonewarsadventures.com
Trusted Zone: freerealms.com
Trusted Zone: linkedin.com
Trusted Zone: rockfishdigital.com
Trusted Zone: soe.com
Trusted Zone: sony.com
DPF: {74DBCB52-F298-4110-951D-AD2FF67BC8AB} - hxxp://www.nvidia.com/content/DriverDownload/nforce/NvidiaSmartScan.cab
DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab
DPF: {CAFEEFAC-0015-0000-0005-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_05-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://active.macromedia.com/flash2/cabs/swflash.cab
DPF: {D4B68B83-8710-488B-A692-D74B50BA558E} - hxxp://ccfiles.creative.com/Web/softwareupdate/ocx/15113/CTPIDPDE.cab
DPF: {E705A591-DA3C-4228-B0D5-A356DBA42FBF} - hxxp://ccfiles.creative.com/Web/softwareupdate/su2/ocx/20015/CTSUEng.cab
DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} - hxxp://ccfiles.creative.com/Web/softwareupdate/ocx/130321/CTPID.cab
TCP: NameServer = 192.168.200.1
TCP: Interfaces\{589B0F6E-EE75-4BFB-9239-E5FDDA3A27FE} : DHCPNameServer = 192.168.200.1
TCP: Interfaces\{C570ADBF-9A81-4D39-AFAC-CFF5DFF5C42A} : DHCPNameServer = 192.168.200.1
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll
x64-BHO: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll
x64-BHO: Skype add-on for Internet Explorer: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll
x64-BHO: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll
x64-Run: [MSC] "C:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey
x64-IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll
x64-Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll
x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned>
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Josh\AppData\Roaming\Mozilla\Firefox\Profiles\ln9glt2m.default\
FF - prefs.js: browser.startup.homepage - www.google.com
FF - plugin: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll
FF - plugin: C:\Program Files (x86)\Battlelog Web Plugins\2.3.0\npesnlaunch.dll
FF - plugin: C:\Program Files (x86)\Battlelog Web Plugins\Sonar\0.70.4\npesnsonar.dll
FF - plugin: C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll
FF - plugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll
FF - plugin: C:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrlui.dll
FF - plugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll
FF - plugin: C:\Program Files (x86)\Photosynth\npPhotosynthMozilla.dll
FF - plugin: C:\Program Files (x86)\Sibelius Software\Scorch\NPSibelius.dll
FF - plugin: C:\Program Files (x86)\TabletPlugins\npWacomTabletPlugin.dll
FF - plugin: C:\Program Files\TabletPlugins\npWacomTabletPlugin.dll
FF - plugin: C:\Users\Josh\AppData\Local\Google\Update\1.3.25.11\npGoogleUpdate3.dll
FF - plugin: C:\Users\Josh\AppData\LocalLow\Sony Online Entertainment\npsoe.dll
FF - plugin: C:\Users\Josh\AppData\LocalLow\Sony Online Entertainment\npsoeact.dll
FF - plugin: C:\Users\Josh\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll
FF - plugin: C:\Users\Josh\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll
FF - plugin: C:\Users\Josh\AppData\Roaming\Mozilla\plugins\npo1d.dll
FF - plugin: C:\Windows\SysWOW64\Adobe\Director\np32dsw_1204144.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_6_602_175.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_165.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_170.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_15_0_0_189.dll
.
============= SERVICES / DRIVERS ===============
.
R0 iusb3hcs;Intel® USB 3.0 Host Controller Switch Driver;C:\Windows\System32\drivers\iusb3hcs.sys [2014-7-18 20464]
R0 MpFilter;Microsoft Malware Protection Driver;C:\Windows\System32\drivers\MpFilter.sys [2014-7-17 269008]
R1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;C:\Windows\System32\drivers\dtsoftbus01.sys [2013-1-5 283200]
R2 asComSvc;ASUS Com Service;C:\Program Files (x86)\ASUS\AXSP\1.02.00\atkexComSvc.exe [2014-1-27 936728]
R2 asHmComSvc;ASUS HM Com Service;C:\Program Files (x86)\ASUS\AAHM\1.00.22\aaHMSvc.exe [2014-1-27 954648]
R2 AsusFanControlService;AsusFanControlService;C:\Program Files (x86)\ASUS\AsusFanControlService\1.05.08\AsusFanControlService.exe [2014-7-18 387896]
R2 NisDrv;Microsoft Network Inspection System;C:\Windows\System32\drivers\NisDrvWFP.sys [2011-4-27 125584]
R2 rzpmgrk;rzpmgrk;C:\Windows\System32\drivers\rzpmgrk.sys [2014-11-18 37184]
R2 rzpnk;rzpnk;C:\Windows\System32\drivers\rzpnk.sys [2014-11-18 129600]
R3 CT20XUT.SYS;CT20XUT.SYS;C:\Windows\System32\drivers\CT20XUT.sys [2010-5-5 202840]
R3 CTEXFIFX.SYS;CTEXFIFX.SYS;C:\Windows\System32\drivers\CTEXFIFX.sys [2010-5-5 1417304]
R3 CTHWIUT.SYS;CTHWIUT.SYS;C:\Windows\System32\drivers\CTHWIUT.sys [2010-5-5 94808]
R3 ICCS;Intel® Integrated Clock Controller Service - Intel® ICCS;C:\Program Files (x86)\Intel\Intel® Integrated Clock Controller Service\ICCProxy.exe [2014-7-18 171632]
R3 IOMap;IOMap;C:\Windows\System32\drivers\IOMap64.sys [2014-7-18 24824]
R3 iusb3hub;Intel® USB 3.0 Hub Driver;C:\Windows\System32\drivers\iusb3hub.sys [2014-7-18 370672]
R3 iusb3xhc;Intel® USB 3.0 eXtensible Host Controller Driver;C:\Windows\System32\drivers\iusb3xhc.sys [2014-7-18 791024]
R3 MBAMSwissArmy;MBAMSwissArmy;C:\Windows\System32\drivers\MBAMSwissArmy.sys [2014-10-20 129752]
R3 NisSrv;Microsoft Network Inspection;C:\Program Files\Microsoft Security Client\NisSrv.exe [2014-8-22 368624]
R3 nvvad_WaveExtensible;NVIDIA Virtual Audio Device (Wave Extensible) (WDM);C:\Windows\System32\drivers\nvvad64v.sys [2014-6-2 40392]
R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\System32\drivers\Rt64win7.sys [2014-7-18 888536]
R3 RZMAELSTROMVADService;Razer Surround Audio Enhancer Service;C:\Windows\System32\drivers\RzMaelstromVAD.sys [2014-6-9 32768]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2013-9-11 105144]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2013-9-11 124088]
S3 androidusb;SAMSUNG Android Composite ADB Interface Driver;C:\Windows\System32\drivers\ssadadb.sys [2011-5-13 36328]
S3 CT20XUT;CT20XUT;C:\Windows\System32\drivers\CT20XUT.sys [2010-5-5 202840]
S3 CTEXFIFX;CTEXFIFX;C:\Windows\System32\drivers\CTEXFIFX.sys [2010-5-5 1417304]
S3 CTHWIUT;CTHWIUT;C:\Windows\System32\drivers\CTHWIUT.sys [2010-5-5 94808]
S3 EverestDriver;Lavalys EVEREST Kernel Driver;C:\Program Files (x86)\Lavalys\EVEREST Ultimate Edition\kerneld.amd64 [2014-3-31 26752]
S3 HECIx64;Intel® Management Engine Interface;C:\Windows\System32\drivers\HECIx64.sys [2010-1-11 70424]
S3 hidkmdf;KMDF Driver;C:\Windows\System32\drivers\hidkmdf.sys [2012-5-10 13728]
S3 IEEtwCollectorService;Internet Explorer ETW Collector Service;C:\Windows\System32\ieetwcollector.exe [2014-11-12 114688]
S3 ManyCam;ManyCam Virtual Webcam;C:\Windows\System32\drivers\mcvidrv_x64.sys [2012-10-10 44928]
S3 mcaudrv_simple;ManyCam Virtual Microphone;C:\Windows\System32\drivers\mcaudrv_x64.sys [2013-1-31 28160]
S3 NvStreamKms;NvStreamKms;C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [2014-6-2 20256]
S3 pbfilter;pbfilter;C:\Program Files\PeerBlock\pbfilter.sys [2009-12-4 22600]
S3 PPJoyBus;Parallel Port Joystick Bus Enumerator;C:\Windows\System32\drivers\PPJoyBus64.sys [2009-11-3 20032]
S3 Razerlow;Razer Pro|Solutions;C:\Windows\System32\drivers\Razerlow.sys [2005-11-7 21120]
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;C:\Windows\System32\drivers\rdpvideominiport.sys [2014-2-17 19456]
S3 RTCore64;RTCore64;C:\Program Files (x86)\MSI Afterburner\RTCore64.sys [2014-6-10 13480]
S3 ssadbus;SAMSUNG Android USB Composite Device driver (WDM);C:\Windows\System32\drivers\ssadbus.sys [2011-5-13 157672]
S3 ssadmdfl;SAMSUNG Android USB Modem (Filter);C:\Windows\System32\drivers\ssadmdfl.sys [2011-5-13 16872]
S3 ssadmdm;SAMSUNG Android USB Modem Drivers;C:\Windows\System32\drivers\ssadmdm.sys [2011-5-13 177640]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2014-2-17 56832]
S3 TsUsbGD;Remote Desktop Generic USB Device;C:\Windows\System32\drivers\TsUsbGD.sys [2014-2-17 30208]
S3 VsEtwService120;Visual Studio ETW Event Collection Service;C:\Program Files (x86)\Microsoft Visual Studio 12.0\Common7\Packages\Debugger\Services\VsEtwService.exe [2013-10-4 87728]
S3 WacHidRouter;Wacom Hid Router;C:\Windows\System32\drivers\wachidrouter.sys [2012-9-15 68512]
S3 wacomrouterfilter;Wacom Router Filter Driver;C:\Windows\System32\drivers\wacomrouterfilter.sys [2012-9-15 15736]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2012-1-11 1255736]
S4 AdAppMgrSvc;Autodesk Application Manager Service;C:\Program Files (x86)\Common Files\Autodesk Shared\AppManager\R1\AdAppMgrSvc.exe [2014-4-27 581000]
S4 Apache2.4;Apache2.4;C:\xampp\apache\bin\httpd.exe [2012-8-18 22016]
S4 Creative ALchemy AL6 Licensing Service;Creative ALchemy AL6 Licensing Service;C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\AL6Licensing.exe [2012-9-13 79360]
S4 Creative Audio Engine Licensing Service;Creative Audio Engine Licensing Service;C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe [2012-9-13 79360]
S4 FileZillaServer;FileZillaServer;C:\xampp\FileZillaFTP\FileZillaServer.exe [2012-5-11 632320]
S4 FlexNet Licensing Service 64;FlexNet Licensing Service 64;C:\Program Files\Common Files\Macrovision Shared\FlexNet Publisher\FNPLicensingService64.exe [2014-4-27 1357104]
S4 Futuremark SystemInfo Service;Futuremark SystemInfo Service;C:\Program Files (x86)\Futuremark\SystemInfo\FMSISvc.exe [2013-11-21 520416]
S4 HiPatchService;Hi-Rez Studios Authenticate and Update Service;F:\Program Files (x86)\Hi-Rez Studios\HiPatchService.exe [2012-7-21 8704]
S4 lxdq_device;lxdq_device;C:\Windows\System32\lxdqcoms.exe -service --> C:\Windows\System32\lxdqcoms.exe -service [?]
S4 lxdqCATSCustConnectService;lxdqCATSCustConnectService;C:\Windows\System32\spool\drivers\x64\3\lxdqserv.exe [2009-4-28 29184]
S4 mi-raysat_3dsmax2015_64;mental ray Satellite for Autodesk 3ds Max 2015 64-bit;F:\Program Files\Autodesk\3ds Max 2015\NVIDIA\Satellite\raysat_3dsmax2015_64server.exe [2011-9-14 86016]
S4 NvNetworkService;NVIDIA Network Service;C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [2014-3-22 1720608]
S4 NvStreamSvc;NVIDIA Streamer Service;C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [2014-6-2 18956064]
S4 Razer Game Scanner Service;Razer Game Scanner;C:\Program Files (x86)\Razer\Razer Services\GSS\GameScannerService.exe [2014-10-31 183488]
S4 RzMaelstromVADStreamingService;Razer Surround Audio Service;C:\ProgramData\Razer\Synapse\Devices\Razer Surround\Driver\RzMaelstromVADStreamingService.exe [2014-6-9 4250624]
S4 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2013-10-23 172192]
S4 SwitchBoard;Adobe SwitchBoard;C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-2-19 517096]
S4 TabletServiceWacom;TabletServiceWacom;C:\Program Files\Tablet\Wacom\Wacom_Tablet.exe [2012-9-15 8786848]
S4 TouchServiceWacom;Wacom Professional Touch Service;C:\Program Files\Tablet\Wacom\Wacom_TouchService.exe [2012-9-15 565152]
.
=============== Created Last 30 ================
.
2014-12-15 00:50:09 11632448 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{F0437789-0348-4832-BAD4-7A2E843B6516}\mpengine.dll
2014-12-14 21:40:08 79064 ----a-w- C:\Windows\System32\drivers\gfwky.sys
2014-12-14 11:47:45 79064 ----a-w- C:\Windows\System32\drivers\xcmjef.sys
2014-12-14 11:38:53 75888 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{13E11B02-BA76-4466-9F26-28A96BBAE3BC}\offreg.dll
2014-12-14 00:40:50 11632448 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{13E11B02-BA76-4466-9F26-28A96BBAE3BC}\mpengine.dll
2014-12-11 11:01:14 -------- d-----w- C:\Windows\SysWow64\%LOCALAPPDATA%
2014-12-10 22:12:39 1188440 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{F81CAE02-11D3-4A2D-8DC7-400751337159}\gapaengine.dll
2014-12-10 22:08:24 11632448 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2014-12-10 03:00:32 -------- d-----w- C:\Program Files (x86)\ESET
2014-12-09 17:14:35 -------- d-----w- C:\FRST
2014-12-09 14:26:22 -------- d-----w- C:\Users\Josh\AppData\Roaming\www.shadowexplorer.com
2014-12-07 13:57:08 -------- d-sh--w- C:\Users\Josh\AppData\Local\EmieBrowserModeList
2014-11-30 07:27:18 -------- d-----w- C:\Users\Josh\AppData\Local\Deshaker
2014-11-30 06:47:11 -------- d-----w- C:\Program Files\Hugin
2014-11-30 06:45:39 -------- d-----w- C:\Program Files (x86)\Hugin
2014-11-18 23:29:47 728064 ----a-w- C:\Windows\System32\kerberos.dll
2014-11-18 23:29:47 550912 ----a-w- C:\Windows\SysWow64\kerberos.dll
2014-11-18 23:29:47 155064 ----a-w- C:\Windows\System32\drivers\ksecpkg.sys
2014-11-18 23:29:47 1460736 ----a-w- C:\Windows\System32\lsasrv.dll
2014-11-18 23:29:46 96768 ----a-w- C:\Windows\SysWow64\sspicli.dll
2014-11-18 23:29:46 241152 ----a-w- C:\Windows\System32\pku2u.dll
2014-11-18 23:29:46 22016 ----a-w- C:\Windows\SysWow64\secur32.dll
2014-11-18 23:29:46 186880 ----a-w- C:\Windows\SysWow64\pku2u.dll
2014-11-18 06:05:38 -------- d-----w- C:\Users\Josh\AppData\Local\RzStats
2014-11-18 05:09:48 129600 ----a-w- C:\Windows\System32\drivers\rzpnk.sys
2014-11-18 05:08:43 37184 ----a-w- C:\Windows\System32\drivers\rzpmgrk.sys
2014-11-18 05:07:07 -------- d-----w- C:\ProgramData\RzMaelstromVAD_1.1.58.1854
.
==================== Find3M ====================
.
2014-12-14 22:21:20 129752 ----a-w- C:\Windows\System32\drivers\MBAMSwissArmy.sys
2014-12-08 18:02:03 233472 ----a-w- C:\VC_RED.MSI
2014-11-21 11:14:22 63704 ----a-w- C:\Windows\System32\drivers\mwac.sys
2014-11-21 11:14:12 93400 ----a-w- C:\Windows\System32\drivers\mbamchameleon.sys
2014-11-21 11:14:08 25816 ----a-w- C:\Windows\System32\drivers\mbam.sys
2014-11-07 02:23:36 9728 ----a-w- C:\Windows\SysWow64\RzStats.IPC.dll
2014-11-06 04:04:03 2724864 ----a-w- C:\Windows\System32\mshtml.tlb
2014-11-06 04:03:50 4096 ----a-w- C:\Windows\System32\ieetwcollectorres.dll
2014-11-06 03:47:03 66560 ----a-w- C:\Windows\System32\iesetup.dll
2014-11-06 03:46:12 580096 ----a-w- C:\Windows\System32\vbscript.dll
2014-11-06 03:46:12 48640 ----a-w- C:\Windows\System32\ieetwproxystub.dll
2014-11-06 03:44:28 88064 ----a-w- C:\Windows\System32\MshtmlDac.dll
2014-11-06 03:30:22 144384 ----a-w- C:\Windows\System32\ieUnatt.exe
2014-11-06 03:30:08 114688 ----a-w- C:\Windows\System32\ieetwcollector.exe
2014-11-06 03:29:18 814080 ----a-w- C:\Windows\System32\jscript9diag.dll
2014-11-06 03:28:20 2724864 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2014-11-06 03:23:57 6040064 ----a-w- C:\Windows\System32\jscript9.dll
2014-11-06 03:20:18 968704 ----a-w- C:\Windows\System32\MsSpellCheckingFacility.exe
2014-11-06 03:13:43 501248 ----a-w- C:\Windows\SysWow64\vbscript.dll
2014-11-06 03:13:36 62464 ----a-w- C:\Windows\SysWow64\iesetup.dll
2014-11-06 03:12:44 47616 ----a-w- C:\Windows\SysWow64\ieetwproxystub.dll
2014-11-06 03:10:58 64000 ----a-w- C:\Windows\SysWow64\MshtmlDac.dll
2014-11-06 03:07:29 77824 ----a-w- C:\Windows\System32\JavaScriptCollectionAgent.dll
2014-11-06 02:59:36 115712 ----a-w- C:\Windows\SysWow64\ieUnatt.exe
2014-11-06 02:58:38 620032 ----a-w- C:\Windows\SysWow64\jscript9diag.dll
2014-11-06 02:42:36 60416 ----a-w- C:\Windows\SysWow64\JavaScriptCollectionAgent.dll
2014-11-06 02:39:39 1359360 ----a-w- C:\Windows\System32\mshtmlmedia.dll
2014-11-06 02:38:25 2124288 ----a-w- C:\Windows\System32\inetcpl.cpl
2014-11-06 02:21:49 4298240 ----a-w- C:\Windows\SysWow64\jscript9.dll
2014-11-06 02:21:25 2051072 ----a-w- C:\Windows\SysWow64\inetcpl.cpl
2014-11-06 02:20:37 1155072 ----a-w- C:\Windows\SysWow64\mshtmlmedia.dll
2014-11-06 02:17:24 2365440 ----a-w- C:\Windows\System32\wininet.dll
2014-11-06 01:52:35 1892864 ----a-w- C:\Windows\SysWow64\wininet.dll
2014-11-05 17:56:54 304640 ----a-w- C:\Windows\System32\generaltel.dll
2014-11-05 17:56:36 228864 ----a-w- C:\Windows\System32\aepdu.dll
2014-11-05 17:52:22 424448 ----a-w- C:\Windows\System32\aeinv.dll
2014-10-30 11:25:26 275080 ------w- C:\Windows\System32\MpSigStub.exe
2014-10-25 01:57:59 77824 ----a-w- C:\Windows\System32\packager.dll
2014-10-25 01:32:37 67584 ----a-w- C:\Windows\SysWow64\packager.dll
2014-10-21 09:42:45 34808 ----a-w- C:\Windows\System32\drivers\TrueSight.sys
2014-10-20 04:39:21 0 ----a-w- C:\Windows\System32\hfvfa.dll
2014-10-18 02:05:23 861696 ----a-w- C:\Windows\System32\oleaut32.dll
2014-10-18 01:33:18 571904 ----a-w- C:\Windows\SysWow64\oleaut32.dll
2014-10-16 20:19:26 71344 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2014-10-16 20:19:26 701104 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
2014-10-14 02:13:06 683520 ----a-w- C:\Windows\System32\termsrv.dll
2014-10-14 02:13:00 3241984 ----a-w- C:\Windows\System32\msi.dll
2014-10-14 02:09:31 146432 ----a-w- C:\Windows\System32\msaudite.dll
2014-10-14 02:07:31 681984 ----a-w- C:\Windows\System32\adtschema.dll
2014-10-14 01:50:41 2363904 ----a-w- C:\Windows\SysWow64\msi.dll
2014-10-14 01:47:30 146432 ----a-w- C:\Windows\SysWow64\msaudite.dll
2014-10-14 01:46:02 681984 ----a-w- C:\Windows\SysWow64\adtschema.dll
2014-10-10 00:57:42 3198976 ----a-w- C:\Windows\System32\win32k.sys
2014-10-06 18:00:00 127488 ----a-w- C:\Windows\System32\ff_vfw.dll
2014-10-06 18:00:00 112640 ----a-w- C:\Windows\SysWow64\ff_vfw.dll
2014-10-03 02:12:00 500224 ----a-w- C:\Windows\System32\AUDIOKSE.dll
2014-10-03 02:11:54 284672 ----a-w- C:\Windows\System32\EncDump.dll
2014-10-03 02:11:51 680960 ----a-w- C:\Windows\System32\audiosrv.dll
2014-10-03 02:11:51 440832 ----a-w- C:\Windows\System32\AudioEng.dll
2014-10-03 02:11:51 296448 ----a-w- C:\Windows\System32\AudioSes.dll
2014-10-03 01:44:42 442880 ----a-w- C:\Windows\SysWow64\AUDIOKSE.dll
2014-10-03 01:44:26 374784 ----a-w- C:\Windows\SysWow64\AudioEng.dll
2014-10-03 01:44:26 195584 ----a-w- C:\Windows\SysWow64\AudioSes.dll
2014-09-25 02:08:38 371712 ----a-w- C:\Windows\System32\qdvd.dll
2014-09-25 01:40:50 519680 ----a-w- C:\Windows\SysWow64\qdvd.dll
2014-09-20 11:22:03 466520 ----a-w- C:\Windows\System32\wrap_oal.dll
2014-09-20 11:22:03 123480 ----a-w- C:\Windows\System32\OpenAL32.dll
2014-09-20 11:22:02 445016 ----a-w- C:\Windows\SysWow64\wrap_oal.dll
2014-09-20 11:22:02 109144 ----a-w- C:\Windows\SysWow64\OpenAL32.dll
2014-09-19 09:42:52 210944 ----a-w- C:\Windows\System32\wdigest.dll
2014-09-19 09:42:51 86528 ----a-w- C:\Windows\System32\TSpkg.dll
2014-09-19 09:42:49 342016 ----a-w- C:\Windows\System32\schannel.dll
2014-09-19 09:42:47 314880 ----a-w- C:\Windows\System32\msv1_0.dll
2014-09-19 09:42:47 309760 ----a-w- C:\Windows\System32\ncrypt.dll
2014-09-19 09:42:41 22016 ----a-w- C:\Windows\System32\credssp.dll
2014-09-19 09:23:55 172032 ----a-w- C:\Windows\SysWow64\wdigest.dll
2014-09-19 09:23:52 65536 ----a-w- C:\Windows\SysWow64\TSpkg.dll
2014-09-19 09:23:49 248832 ----a-w- C:\Windows\SysWow64\schannel.dll
2014-09-19 09:23:46 221184 ----a-w- C:\Windows\SysWow64\ncrypt.dll
2014-09-19 09:23:45 259584 ----a-w- C:\Windows\SysWow64\msv1_0.dll
2014-09-19 09:23:36 17408 ----a-w- C:\Windows\SysWow64\credssp.dll
.
============= FINISH: 21:35:19.22 ===============

Attached Files



#4 xXToffeeXx

xXToffeeXx

    Bleepin' Polar Bear


  • Malware Response Instructor
  • 6,085 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:The Arctic Circle
  • Local time:03:35 PM

Posted 15 December 2014 - 07:35 AM

Greetings and :welcome: to BleepingComputer,
My name is xXToffeeXx, but feel free to call me Toffee if it is easier for you. I will be helping you with your malware problems.
 
A few points to cover before we start:

  • Do not run any tools without being instructed to as this makes my job much harder in trying to figure out what you have done.
  • Make sure to read my instructions fully before attempting a step.
  • If you have problems or questions with any of the steps, feel free to ask me. I will be happy to answer any questions you have.
  • Please follow the topic by clicking on the "Follow this topic" button, and make sure a tick is in the "receive notifications" and is set to "Instantly". Any replies should be made in this topic by clicking the "Reply to this topic" button.
  • Important information in my posts will often be in bold, make sure to take note of these.
  • I will attempt to reply as soon as possible, and normally within 24 hours of your reply. If this is not possible or I have a delay then I will let you know.
  • I will bump a topic after 3 days of no activity, and then will give you another 2 days to reply before a topic is closed. If you need more time than this please let me know.
  • Lets get going now :thumbup2:

==========================
 
Hi TheBladeRoden,

I must give you this warning:
 
Looking through your logs, one or more of your infections has been identified as a Backdoor Trojan. These threats have backdoor functionality which allows hackers to remotely control your computer, steal critical system information, and download and execute files.
 
I highly suggest you to disconnect this PC from the Internet immediately, and if possible use a clean computer and a flash drive to transfer the programs I request for you to run. If you do any banking or other financial transactions on the PC or if it should contain any other sensitive information, please get to a known clean computer and change all passwords where applicable. It would be wise to contact those same financial institutions to notify them of your situation.
 
Due to the nature of this trojan, your computer is very likely to be compromised. There is no way to be sure your computer can ever again be trusted. Many experts in the security community believe that once infected with this type of trojan, the best course of action would be a reformat and reinstall of the OS. Please read these for more information:
 
How Do I Handle Possible Identify Theft, Internet Fraud and CC Fraud?
When Should I Format, How Should I Reinstall
 
We can still clean this machine, but I can't guarantee that it will be 100% secure afterwards. If you decide to continue cleaning this machine, follow on with the rest of the steps posted below. If you do not want to clean this machine, please let me know.
 
--------------

Please download Farbar Recovery Scan Tool and save it to your Desktop.
 
Note: You need to run the version compatible with your system. If you are not sure which version applies to your system, download both of them and try to run them. Only one of them will run on your system, that will be the right version.

  • Right-click FRST then click "Run as administrator" (XP users: click run after receipt of Windows Security Warning - Open File).
  • When the tool opens, click Yes to disclaimer.
  • Press the Scan button.
  • When finished, it will produce a log called FRST.txt in the same directory the tool was run from.
  • Please copy and paste the log in your next reply.

Note 2: The first time the tool is run it generates another log (Addition.txt - also located in the same directory the tool was run from). Please also paste that, along with the FRST.txt into your next reply.
 
--------------
 
To recap, in your next reply I would like to see the following. Make sure to copy & paste them unless I ask otherwise:

  • FRST.txt
  • Addition.txt

xXToffeeXx~


~If I am helping you and you have not had a reply from me in two days, please send me a PM~

 

logo-25.pngID Ransomware - Identify What Ransomware Encrypted Your Files [Support Topic] - If we have helped you out and you want to support what we do, you can do so here

 

 ~Twitter~ | ~Malware Analyst at Emsisoft~


#5 TheBladeRoden

TheBladeRoden
  • Topic Starter

  • Members
  • 30 posts
  • OFFLINE
  •  
  • Local time:09:35 AM

Posted 15 December 2014 - 10:22 AM

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 13-12-2014
Ran by Josh (administrator) on JOSH-PC on 15-12-2014 10:02:31
Running from H:\
Loaded Profiles: Josh & (Available profiles: Josh)
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: English (United States)
Internet Explorer Version 11
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(Microsoft Corporation) C:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe
(Microsoft Corporation) C:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe
(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\AI Suite III\Push Notice\PushNotifyServer.exe
(TODO: <Company name>) C:\Program Files (x86)\ASUS\AI Suite III\DIP4\GpuFanHelper.exe
() C:\Program Files (x86)\ASUS\AI Suite III\EZ Update\EzUpdt.exe
(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\AI Suite III\AISuite3.exe
() C:\Program Files (x86)\ASUS\AXSP\1.02.00\atkexComSvc.exe
(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\AAHM\1.00.22\aaHMSvc.exe
(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\AsusFanControlService\1.05.08\AsusFanControlService.exe
() C:\Windows\SysWOW64\PnkBstrA.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.25.11\GoogleCrashHandler.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.25.11\GoogleCrashHandler64.exe
(Microsoft Corporation) C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\NisSrv.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(Microsoft Corporation) C:\Users\Josh\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe
(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\AI Suite III\USB 3.0 Boost\U3BoostSvr64.exe
(Flagship Industries, Inc.) C:\Program Files\Ventrilo\Ventrilo.exe
() C:\Program Files (x86)\ASUS\AI Suite III\Push Notice\PushNoticeMonitor.exe
() C:\Program Files (x86)\ASUS\AI Suite III\Push Notice\PushNotify_PCCtrl.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Integrated Clock Controller Service\ICCProxy.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\AAM Updates Notifier.exe
(Microsoft Corporation) C:\Windows\System32\taskmgr.exe
(Thorvald Natvig) C:\Program Files (x86)\Mumble\mumble.exe
(Microsoft Corporation) C:\Windows\SysWOW64\dllhost.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Microsoft Corporation) C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
(Hewlett-Packard Co.) C:\Program Files (x86)\HP\HP Deskjet 2510 series\bin\HPScan.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Google Inc.) C:\Users\Josh\AppData\Local\Google\Update\GoogleUpdate.exe
() C:\Program Files\AutoHotkey\AutoHotkey.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\updaterstartuputility.exe
(Console Window Host) C:\Users\Josh\AppData\Local\Temp\conhost.exe
(Sysinternals - www.sysinternals.com) C:\Program Files (x86)\Process Explorer\procexp64.exe
(Console Window Host) C:\Users\Josh\AppData\Local\Temp\conhost.exe
(Console Window Host) C:\Users\Josh\AppData\Local\Temp\conhost.exe
(Console Window Host) C:\Users\Josh\AppData\Local\Temp\conhost.exe
(Console Window Host) C:\Users\Josh\AppData\Local\Temp\conhost.exe
(Console Window Host) C:\Windows\temp\conhost.exe
(Console Window Host) C:\Users\Josh\AppData\Local\Temp\conhost.exe
(Console Window Host) C:\Users\Josh\AppData\Local\Temp\conhost.exe
(Console Window Host) C:\Users\Josh\AppData\Local\Temp\conhost.exe
(Console Window Host) C:\Users\Josh\AppData\Local\Temp\conhost.exe
(Console Window Host) C:\Users\Josh\AppData\Local\Temp\conhost.exe
(Console Window Host) C:\Users\Josh\AppData\Local\Temp\conhost.exe
(Console Window Host) C:\Users\Josh\AppData\Local\Temp\conhost.exe
(Console Window Host) C:\Users\Josh\AppData\Local\Temp\conhost.exe
(Console Window Host) C:\Users\Josh\AppData\Local\Temp\conhost.exe
(Console Window Host) C:\Users\Josh\AppData\Local\Temp\conhost.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Console Window Host) C:\Users\Josh\AppData\Local\Temp\conhost.exe
(Console Window Host) C:\Users\Josh\AppData\Local\Temp\conhost.exe
(Console Window Host) C:\Users\Josh\AppData\Local\Temp\conhost.exe
(Console Window Host) C:\Users\Josh\AppData\Local\Temp\conhost.exe
(Console Window Host) C:\Users\Josh\AppData\Local\Temp\conhost.exe
(Console Window Host) C:\Users\Josh\AppData\Local\Temp\conhost.exe
(Console Window Host) C:\Users\Josh\AppData\Local\Temp\conhost.exe
(Console Window Host) C:\Users\Josh\AppData\Local\Temp\conhost.exe
(Console Window Host) C:\Users\Josh\AppData\Local\Temp\conhost.exe
(Console Window Host) C:\Users\Josh\AppData\Local\Temp\conhost.exe
(Console Window Host) C:\Users\Josh\AppData\Local\Temp\conhost.exe
(Console Window Host) C:\Users\Josh\AppData\Local\Temp\conhost.exe
(Console Window Host) C:\Users\Josh\AppData\Local\Temp\conhost.exe
(Console Window Host) C:\Users\Josh\AppData\Local\Temp\conhost.exe
(Console Window Host) C:\Users\Josh\AppData\Local\Temp\conhost.exe
(Console Window Host) C:\Users\Josh\AppData\Local\Temp\conhost.exe
(Console Window Host) C:\Users\Josh\AppData\Local\Temp\conhost.exe
(Console Window Host) C:\Users\Josh\AppData\Local\Temp\conhost.exe
(Console Window Host) C:\Users\Josh\AppData\Local\Temp\conhost.exe
(Console Window Host) C:\Users\Josh\AppData\Local\Temp\conhost.exe
(Console Window Host) C:\Users\Josh\AppData\Local\Temp\conhost.exe
(Console Window Host) C:\Users\Josh\AppData\Local\Temp\conhost.exe
(Console Window Host) C:\Users\Josh\AppData\Local\Temp\conhost.exe
(Console Window Host) C:\Users\Josh\AppData\Local\Temp\conhost.exe
(Console Window Host) C:\Users\Josh\AppData\Local\Temp\conhost.exe
(Console Window Host) C:\Users\Josh\AppData\Local\Temp\conhost.exe
(Console Window Host) C:\Users\Josh\AppData\Local\Temp\conhost.exe
(Console Window Host) C:\Users\Josh\AppData\Local\Temp\conhost.exe
(Console Window Host) C:\Users\Josh\AppData\Local\Temp\conhost.exe
(Console Window Host) C:\Users\Josh\AppData\Local\Temp\conhost.exe
(Console Window Host) C:\Users\Josh\AppData\Local\Temp\conhost.exe
(Console Window Host) C:\Users\Josh\AppData\Local\Temp\conhost.exe
(Console Window Host) C:\Users\Josh\AppData\Local\Temp\conhost.exe
(Console Window Host) C:\Users\Josh\AppData\Local\Temp\conhost.exe
(Console Window Host) C:\Users\Josh\AppData\Local\Temp\conhost.exe
(Console Window Host) C:\Users\Josh\AppData\Local\Temp\conhost.exe
(Console Window Host) C:\Users\Josh\AppData\Local\Temp\conhost.exe
(Console Window Host) C:\Users\Josh\AppData\Local\Temp\conhost.exe
(Console Window Host) C:\Users\Josh\AppData\Local\Temp\conhost.exe
(Console Window Host) C:\Users\Josh\AppData\Local\Temp\conhost.exe
(Console Window Host) C:\Users\Josh\AppData\Local\Temp\conhost.exe
(Console Window Host) C:\Users\Josh\AppData\Local\Temp\conhost.exe
(Console Window Host) C:\Users\Josh\AppData\Local\Temp\conhost.exe
(Console Window Host) C:\Users\Josh\AppData\Local\Temp\conhost.exe
(Console Window Host) C:\Users\Josh\AppData\Local\Temp\conhost.exe
(Console Window Host) C:\Users\Josh\AppData\Local\Temp\conhost.exe
(Console Window Host) C:\Users\Josh\AppData\Local\Temp\conhost.exe
(Console Window Host) C:\Users\Josh\AppData\Local\Temp\conhost.exe
(Console Window Host) C:\Users\Josh\AppData\Local\Temp\conhost.exe
(Console Window Host) C:\Users\Josh\AppData\Local\Temp\conhost.exe
(Console Window Host) C:\Users\Josh\AppData\Local\Temp\conhost.exe
(Console Window Host) C:\Users\Josh\AppData\Local\Temp\conhost.exe
(Console Window Host) C:\Users\Josh\AppData\Local\Temp\conhost.exe
(Console Window Host) C:\Users\Josh\AppData\Local\Temp\conhost.exe
(Console Window Host) C:\Users\Josh\AppData\Local\Temp\conhost.exe
(Console Window Host) C:\Users\Josh\AppData\Local\Temp\conhost.exe
(Console Window Host) C:\Users\Josh\AppData\Local\Temp\conhost.exe
(Console Window Host) C:\Users\Josh\AppData\Local\Temp\conhost.exe
(Console Window Host) C:\Users\Josh\AppData\Local\Temp\conhost.exe
(Console Window Host) C:\Users\Josh\AppData\Local\Temp\conhost.exe
(Console Window Host) C:\Users\Josh\AppData\Local\Temp\conhost.exe
(Console Window Host) C:\Users\Josh\AppData\Local\Temp\conhost.exe
(Console Window Host) C:\Users\Josh\AppData\Local\Temp\conhost.exe
(Console Window Host) C:\Users\Josh\AppData\Local\Temp\conhost.exe
(Console Window Host) C:\Users\Josh\AppData\Local\Temp\conhost.exe
(Console Window Host) C:\Users\Josh\AppData\Local\Temp\conhost.exe
(Console Window Host) C:\Users\Josh\AppData\Local\Temp\conhost.exe
(Console Window Host) C:\Users\Josh\AppData\Local\Temp\conhost.exe
(Console Window Host) C:\Users\Josh\AppData\Local\Temp\conhost.exe
(Console Window Host) C:\Users\Josh\AppData\Local\Temp\conhost.exe
(Console Window Host) C:\Users\Josh\AppData\Local\Temp\conhost.exe
(Microsoft Corporation) C:\Windows\SysWOW64\WerFault.exe
(Console Window Host) C:\Windows\temp\conhost.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Console Window Host) C:\Windows\temp\conhost.exe
(Console Window Host) C:\Windows\temp\conhost.exe
(Console Window Host) C:\Windows\temp\conhost.exe
(Microsoft Corporation) C:\Windows\System32\sdclt.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [MSC] => C:\Program Files\Microsoft Security Client\msseces.exe [1331288 2014-08-22] (Microsoft Corporation)
HKLM-x32\...\Run: [USB3MON] => C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe [292848 2014-02-21] (Intel Corporation)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\RunOnce: [Malwarebytes Anti-Malware (cleanup)] => C:\ProgramData\Malwarebytes\Malwarebytes Anti-Malware\mbamdor.exe [54072 2014-11-21] (Malwarebytes Corporation)
HKU\S-1-5-18-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [CtxfiReg] => CTXFIREG.exe /FAIL1
HKU\S-1-5-18-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...A8F59079A8D5}\localserver32: <==== ATTENTION!
HKU\S-1-5-21-1096825299-2601053131-2088073329-1001\...\Run: [SkyDrive] => C:\Users\Josh\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe [277672 2014-10-21] (Microsoft Corporation)
HKU\S-1-5-21-1096825299-2601053131-2088073329-1001\...\Run: [AdobeBridge] => [X]
HKU\S-1-5-21-1096825299-2601053131-2088073329-1001\...\Run: [AOL Fast Start] => C:\Program Files (x86)\AOL Desktop 9.7e\AOL.EXE [72296 2014-08-19] (AOL Inc.)
HKU\S-1-5-21-1096825299-2601053131-2088073329-1001\...A8F59079A8D5}\localserver32: <==== ATTENTION!
HKU\S-1-5-21-1096825299-2601053131-2088073329-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [SkyDrive] => C:\Users\Josh\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe [277672 2014-10-21] (Microsoft Corporation)
HKU\S-1-5-21-1096825299-2601053131-2088073329-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [AdobeBridge] => [X]
HKU\S-1-5-21-1096825299-2601053131-2088073329-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [AOL Fast Start] => C:\Program Files (x86)\AOL Desktop 9.7e\AOL.EXE [72296 2014-08-19] (AOL Inc.)
HKU\S-1-5-18\...\Run: [CtxfiReg] => CTXFIREG.exe /FAIL1
HKU\S-1-5-18\...A8F59079A8D5}\localserver32: <==== ATTENTION!
ShellIconOverlayIdentifiers: [1TortoiseNormal] -> {C5994560-53D9-4125-87C9-F193FC689CB2} => C:\Program Files\Common Files\TortoiseOverlays\TortoiseOverlays.dll (http://tortoisesvn.net)
ShellIconOverlayIdentifiers: [2TortoiseModified] -> {C5994561-53D9-4125-87C9-F193FC689CB2} => C:\Program Files\Common Files\TortoiseOverlays\TortoiseOverlays.dll (http://tortoisesvn.net)
ShellIconOverlayIdentifiers: [3TortoiseConflict] -> {C5994562-53D9-4125-87C9-F193FC689CB2} => C:\Program Files\Common Files\TortoiseOverlays\TortoiseOverlays.dll (http://tortoisesvn.net)
ShellIconOverlayIdentifiers: [4TortoiseLocked] -> {C5994563-53D9-4125-87C9-F193FC689CB2} => C:\Program Files\Common Files\TortoiseOverlays\TortoiseOverlays.dll (http://tortoisesvn.net)
ShellIconOverlayIdentifiers: [5TortoiseReadOnly] -> {C5994564-53D9-4125-87C9-F193FC689CB2} => C:\Program Files\Common Files\TortoiseOverlays\TortoiseOverlays.dll (http://tortoisesvn.net)
ShellIconOverlayIdentifiers: [6TortoiseDeleted] -> {C5994565-53D9-4125-87C9-F193FC689CB2} => C:\Program Files\Common Files\TortoiseOverlays\TortoiseOverlays.dll (http://tortoisesvn.net)
ShellIconOverlayIdentifiers: [7TortoiseAdded] -> {C5994566-53D9-4125-87C9-F193FC689CB2} => C:\Program Files\Common Files\TortoiseOverlays\TortoiseOverlays.dll (http://tortoisesvn.net)
ShellIconOverlayIdentifiers: [8TortoiseIgnored] -> {C5994567-53D9-4125-87C9-F193FC689CB2} => C:\Program Files\Common Files\TortoiseOverlays\TortoiseOverlays.dll (http://tortoisesvn.net)
ShellIconOverlayIdentifiers: [9TortoiseUnversioned] -> {C5994568-53D9-4125-87C9-F193FC689CB2} => C:\Program Files\Common Files\TortoiseOverlays\TortoiseOverlays.dll (http://tortoisesvn.net)
ShellIconOverlayIdentifiers-x32: [1TortoiseNormal] -> {C5994560-53D9-4125-87C9-F193FC689CB2} => C:\Program Files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll (http://tortoisesvn.net)
ShellIconOverlayIdentifiers-x32: [2TortoiseModified] -> {C5994561-53D9-4125-87C9-F193FC689CB2} => C:\Program Files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll (http://tortoisesvn.net)
ShellIconOverlayIdentifiers-x32: [3TortoiseConflict] -> {C5994562-53D9-4125-87C9-F193FC689CB2} => C:\Program Files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll (http://tortoisesvn.net)
ShellIconOverlayIdentifiers-x32: [4TortoiseLocked] -> {C5994563-53D9-4125-87C9-F193FC689CB2} => C:\Program Files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll (http://tortoisesvn.net)
ShellIconOverlayIdentifiers-x32: [5TortoiseReadOnly] -> {C5994564-53D9-4125-87C9-F193FC689CB2} => C:\Program Files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll (http://tortoisesvn.net)
ShellIconOverlayIdentifiers-x32: [6TortoiseDeleted] -> {C5994565-53D9-4125-87C9-F193FC689CB2} => C:\Program Files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll (http://tortoisesvn.net)
ShellIconOverlayIdentifiers-x32: [7TortoiseAdded] -> {C5994566-53D9-4125-87C9-F193FC689CB2} => C:\Program Files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll (http://tortoisesvn.net)
ShellIconOverlayIdentifiers-x32: [8TortoiseIgnored] -> {C5994567-53D9-4125-87C9-F193FC689CB2} => C:\Program Files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll (http://tortoisesvn.net)
ShellIconOverlayIdentifiers-x32: [9TortoiseUnversioned] -> {C5994568-53D9-4125-87C9-F193FC689CB2} => C:\Program Files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll (http://tortoisesvn.net)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKU\S-1-5-21-1096825299-2601053131-2088073329-1001\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\S-1-5-21-1096825299-2601053131-2088073329-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/?ocid=iehp
HKU\S-1-5-21-1096825299-2601053131-2088073329-1001\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/?ocid=iehp
HKU\S-1-5-21-1096825299-2601053131-2088073329-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/?ocid=iehp
BHO: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: Skype add-on for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.)
BHO: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Skype Browser Helper -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
DPF: HKLM-x32 {74DBCB52-F298-4110-951D-AD2FF67BC8AB} http://www.nvidia.com/content/DriverDownload/nforce/NvidiaSmartScan.cab
DPF: HKLM-x32 {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab
DPF: HKLM-x32 {D27CDB6E-AE6D-11CF-96B8-444553540000} http://active.macromedia.com/flash2/cabs/swflash.cab
DPF: HKLM-x32 {D4B68B83-8710-488B-A692-D74B50BA558E} http://ccfiles.creative.com/Web/softwareupdate/ocx/15113/CTPIDPDE.cab
DPF: HKLM-x32 {E705A591-DA3C-4228-B0D5-A356DBA42FBF} http://ccfiles.creative.com/Web/softwareupdate/su2/ocx/20015/CTSUEng.cab
DPF: HKLM-x32 {F6ACF75C-C32C-447B-9BEF-46B766368D29} http://ccfiles.creative.com/Web/softwareupdate/ocx/130321/CTPID.cab
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.)
Handler-x32: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.200.1

FireFox:
========
FF ProfilePath: C:\Users\Josh\AppData\Roaming\Mozilla\Firefox\Profiles\ln9glt2m.default
FF DefaultSearchEngine: Yahoo
FF Homepage: www.google.com
FF NetworkProxy: "no_proxies_on", "*.local"
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_15_0_0_189.dll ()
FF Plugin: @java.com/DTPlugin,version=10.45.2 -> C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.45.2 -> C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @wacom.com/wtPlugin,version=2.1.0.2 -> C:\Program Files\TabletPlugins\npWacomTabletPlugin.dll (Wacom)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_15_0_0_189.dll ()
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\Windows\SysWOW64\Adobe\Director\np32dsw_1204144.dll (Adobe Systems, Inc.)
FF Plugin-x32: @esn.me/esnsonar,version=0.70.4 -> C:\Program Files (x86)\Battlelog Web Plugins\Sonar\0.70.4\npesnsonar.dll (ESN Social Software AB)
FF Plugin-x32: @esn/esnlaunch,version=1.110.0 -> C:\Program Files (x86)\Battlelog Web Plugins\1.110.0\npesnlaunch.dll No File
FF Plugin-x32: @esn/esnlaunch,version=2.3.0 -> C:\Program Files (x86)\Battlelog Web Plugins\2.3.0\npesnlaunch.dll (ESN Social Software AB)
FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/pdf -> C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll (Foxit Corporation)
FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin-x32: @java.com/JavaPlugin,version=10.9.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/Photosynth,version=2.0 -> C:\Program Files (x86)\Photosynth\npPhotosynthMozilla.dll ()
FF Plugin-x32: @pandonetworks.com/PandoWebPlugin -> C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF Plugin-x32: @Sibelius.com/Scorch Plugin,version=6.2.0.88 -> C:\Program Files (x86)\Sibelius Software\Scorch\npsibelius.dll ()
FF Plugin-x32: @soe.sony.com/installer,version=1.0.3 -> C:\Users\Josh\AppData\LocalLow\Sony Online Entertainment\npsoe.dll ()
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @wacom.com/wtPlugin,version=2.0.0.6 -> C:\Program Files (x86)\TabletPlugins\npWacomTabletPlugin.dll (Wacom)
FF Plugin-x32: @wacom.com/wtPlugin,version=2.1.0.2 -> C:\Program Files (x86)\TabletPlugins\npWacomTabletPlugin.dll (Wacom)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-1096825299-2601053131-2088073329-1001: @talk.google.com/GoogleTalkPlugin -> C:\Users\Josh\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll (Google)
FF Plugin HKU\S-1-5-21-1096825299-2601053131-2088073329-1001: @talk.google.com/O1DPlugin -> C:\Users\Josh\AppData\Roaming\Mozilla\plugins\npo1d.dll (Google)
FF Plugin HKU\S-1-5-21-1096825299-2601053131-2088073329-1001: @tools.google.com/Google Update;version=3 -> C:\Users\Josh\AppData\Local\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKU\S-1-5-21-1096825299-2601053131-2088073329-1001: @tools.google.com/Google Update;version=9 -> C:\Users\Josh\AppData\Local\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKU\S-1-5-21-1096825299-2601053131-2088073329-1001: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\Josh\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
FF Plugin HKU\S-1-5-21-1096825299-2601053131-2088073329-1001: pandonetworks.com/PandoWebPlugin -> C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF Plugin HKU\S-1-5-21-1096825299-2601053131-2088073329-1001: wacom.com/WacomTabletPlugin -> C:\Program Files\TabletPlugins\npWacomTabletPlugin.dll (Wacom)
FF Plugin HKU\S-1-5-21-1096825299-2601053131-2088073329-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0: @talk.google.com/GoogleTalkPlugin -> C:\Users\Josh\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll (Google)
FF Plugin HKU\S-1-5-21-1096825299-2601053131-2088073329-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0: @talk.google.com/O1DPlugin -> C:\Users\Josh\AppData\Roaming\Mozilla\plugins\npo1d.dll (Google)
FF Plugin HKU\S-1-5-21-1096825299-2601053131-2088073329-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0: @tools.google.com/Google Update;version=3 -> C:\Users\Josh\AppData\Local\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKU\S-1-5-21-1096825299-2601053131-2088073329-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0: @tools.google.com/Google Update;version=9 -> C:\Users\Josh\AppData\Local\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKU\S-1-5-21-1096825299-2601053131-2088073329-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\Josh\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
FF Plugin HKU\S-1-5-21-1096825299-2601053131-2088073329-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0: pandonetworks.com/PandoWebPlugin -> C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF Plugin HKU\S-1-5-21-1096825299-2601053131-2088073329-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0: wacom.com/WacomTabletPlugin -> C:\Program Files\TabletPlugins\npWacomTabletPlugin.dll (Wacom)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npFoxitReaderPlugin.dll (Foxit Software Company)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin2.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin3.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin4.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin5.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin6.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin7.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\NPSibelius.dll ()
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npViewpoint.dll ()
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npwachk.dll (Nullsoft, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\PDFNetC.dll (PDFTron Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\ScorchAxPlugin.dll ()
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\ScorchPDFWrapper.dll ()
FF Plugin ProgramFiles/Appdata: C:\Users\Josh\AppData\Roaming\mozilla\plugins\npgoogletalk.dll (Google)
FF Plugin ProgramFiles/Appdata: C:\Users\Josh\AppData\Roaming\mozilla\plugins\npo1d.dll (Google)
FF Extension: Linky - C:\Users\Josh\AppData\Roaming\Mozilla\Firefox\Profiles\ln9glt2m.default\Extensions\linky@gemal.dk [2010-02-25]
FF Extension: Move Media Player - C:\Users\Josh\AppData\Roaming\Mozilla\Firefox\Profiles\ln9glt2m.default\Extensions\moveplayer@movenetworks.com [2010-02-25]
FF Extension: NetVideoHunter - C:\Users\Josh\AppData\Roaming\Mozilla\Firefox\Profiles\ln9glt2m.default\Extensions\netvideohunter@netvideohunter.com [2014-07-28]
FF Extension: TooManyTabs - C:\Users\Josh\AppData\Roaming\Mozilla\Firefox\Profiles\ln9glt2m.default\Extensions\TooManyTabs@visibotech.com [2014-05-29]
FF Extension: SwitchProxy Tool - C:\Users\Josh\AppData\Roaming\Mozilla\Firefox\Profiles\ln9glt2m.default\Extensions\{27A2FD41-CB23-4518-AB5C-C25BAFFDE531} [2010-02-25]
FF Extension: All-in-One Gestures - C:\Users\Josh\AppData\Roaming\Mozilla\Firefox\Profiles\ln9glt2m.default\Extensions\{8b86149f-01fb-4842-9dd8-4d7eb02fd055} [2013-06-30]
FF Extension: Flash and Video Download - C:\Users\Josh\AppData\Roaming\Mozilla\Firefox\Profiles\ln9glt2m.default\Extensions\{bee6eb20-01e0-ebd1-da83-080329fb9a3a} [2014-12-08]
FF Extension: Memory Fox - C:\Users\Josh\AppData\Roaming\Mozilla\Firefox\Profiles\ln9glt2m.default\Extensions\{E173B749-DB5B-4fd2-BA0E-94ECEA0CA55B} [2012-12-25]
FF Extension: Copy Urls Expert - C:\Users\Josh\AppData\Roaming\Mozilla\Firefox\Profiles\ln9glt2m.default\Extensions\copy-urls-expert@kashiif-gmail.com.xpi [2014-12-08]
FF Extension: feedly - C:\Users\Josh\AppData\Roaming\Mozilla\Firefox\Profiles\ln9glt2m.default\Extensions\feedly@devhd.xpi [2014-12-08]
FF Extension: ImageBlock - C:\Users\Josh\AppData\Roaming\Mozilla\Firefox\Profiles\ln9glt2m.default\Extensions\imageblock@hemantvats.com.xpi [2014-12-08]
FF Extension: Duplicate Tab Closer - C:\Users\Josh\AppData\Roaming\Mozilla\Firefox\Profiles\ln9glt2m.default\Extensions\jid0-NJpvNmBQ6KFZ471TOMBdXkoX7O0@jetpack.xpi [2014-12-08]
FF Extension: Enhanced Steam - C:\Users\Josh\AppData\Roaming\Mozilla\Firefox\Profiles\ln9glt2m.default\Extensions\jid0-SmvlvxGpvCyG252KbVMqIKR79Uc@jetpack.xpi [2014-12-08]
FF Extension: Visited - C:\Users\Josh\AppData\Roaming\Mozilla\Firefox\Profiles\ln9glt2m.default\Extensions\jid0-xGZYdxpAkROWMUMfWKINyrXigBA@jetpack.xpi [2014-12-08]
FF Extension: NumberedTabs - C:\Users\Josh\AppData\Roaming\Mozilla\Firefox\Profiles\ln9glt2m.default\Extensions\jid1-FA0TUpd6LPmQfA@jetpack.xpi [2014-12-08]
FF Extension: Free Memory - C:\Users\Josh\AppData\Roaming\Mozilla\Firefox\Profiles\ln9glt2m.default\Extensions\jid1-n85lxPv1NAWVTQ@jetpack.xpi [2014-12-08]
FF Extension: Reddit Enhancement Suite - C:\Users\Josh\AppData\Roaming\Mozilla\Firefox\Profiles\ln9glt2m.default\Extensions\jid1-xUfzOsOFlzSOXg@jetpack.xpi [2014-12-08]
FF Extension: My Weekly Browsing Schedule - C:\Users\Josh\AppData\Roaming\Mozilla\Firefox\Profiles\ln9glt2m.default\Extensions\myweeklybrowsingschedule@gmail.com.xpi [2014-12-08]
FF Extension: ScrapBook Plus - C:\Users\Josh\AppData\Roaming\Mozilla\Firefox\Profiles\ln9glt2m.default\Extensions\scrapbookplus@addons.mozilla.org.xpi [2014-12-08]
FF Extension: FastestFox - C:\Users\Josh\AppData\Roaming\Mozilla\Firefox\Profiles\ln9glt2m.default\Extensions\smarterwiki@wikiatic.com.xpi [2014-12-08]
FF Extension: Test Pilot - C:\Users\Josh\AppData\Roaming\Mozilla\Firefox\Profiles\ln9glt2m.default\Extensions\testpilot@labs.mozilla.com.xpi [2014-12-08]
FF Extension: The Addon Bar (restored) - C:\Users\Josh\AppData\Roaming\Mozilla\Firefox\Profiles\ln9glt2m.default\Extensions\the-addon-bar@GeekInTraining-GiT.xpi [2014-12-08]
FF Extension: UnloadTab - C:\Users\Josh\AppData\Roaming\Mozilla\Firefox\Profiles\ln9glt2m.default\Extensions\unloadtab@firefox.ext.xpi [2014-12-08]
FF Extension: Session Manager - C:\Users\Josh\AppData\Roaming\Mozilla\Firefox\Profiles\ln9glt2m.default\Extensions\{1280606b-2510-4fe0-97ef-9b5a22eafe30}.xpi [2014-12-08]
FF Extension: TweakTube - C:\Users\Josh\AppData\Roaming\Mozilla\Firefox\Profiles\ln9glt2m.default\Extensions\{15e67a59-bd3d-49ae-90dd-b3d3fd14c2ed}.xpi [2014-12-08]
FF Extension: Stylish - C:\Users\Josh\AppData\Roaming\Mozilla\Firefox\Profiles\ln9glt2m.default\Extensions\{46551EC9-40F0-4e47-8E18-8E5CF550CFB8}.xpi [2014-12-08]
FF Extension: ScrapBook - C:\Users\Josh\AppData\Roaming\Mozilla\Firefox\Profiles\ln9glt2m.default\Extensions\{53A03D43-5363-4669-8190-99061B2DEBA5}.xpi [2014-12-08]
FF Extension: CacheViewer - C:\Users\Josh\AppData\Roaming\Mozilla\Firefox\Profiles\ln9glt2m.default\Extensions\{71328583-3CA7-4809-B4BA-570A85818FBB}.xpi [2014-12-08]
FF Extension: Copy Links - C:\Users\Josh\AppData\Roaming\Mozilla\Firefox\Profiles\ln9glt2m.default\Extensions\{76C80A11-FAD4-406c-8246-F5ED4F9367B5}.xpi [2012-07-10]
FF Extension: ReloadEvery - C:\Users\Josh\AppData\Roaming\Mozilla\Firefox\Profiles\ln9glt2m.default\Extensions\{888d99e7-e8b5-46a3-851e-1ec45da1e644}.xpi [2014-12-08]
FF Extension: CoolPreviews - C:\Users\Josh\AppData\Roaming\Mozilla\Firefox\Profiles\ln9glt2m.default\Extensions\{CE6E6E3B-84DD-4cac-9F63-8D2AE4F30A4B}.xpi [2014-12-08]
FF Extension: Adblock Plus - C:\Users\Josh\AppData\Roaming\Mozilla\Firefox\Profiles\ln9glt2m.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2014-12-08]
FF Extension: Tab Mix Plus - C:\Users\Josh\AppData\Roaming\Mozilla\Firefox\Profiles\ln9glt2m.default\Extensions\{dc572301-7619-498c-a57d-39143191b318}.xpi [2014-12-08]
FF Extension: DownThemAll! - C:\Users\Josh\AppData\Roaming\Mozilla\Firefox\Profiles\ln9glt2m.default\Extensions\{DDC359D1-844A-42a7-9AA1-88A850A938A8}.xpi [2014-12-08]
FF Extension: Greasemonkey - C:\Users\Josh\AppData\Roaming\Mozilla\Firefox\Profiles\ln9glt2m.default\Extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}.xpi [2014-12-08]
FF Extension: No Name - C:\Users\Josh\AppData\Roaming\Mozilla\Firefox\Profiles\lc1scjdp.Troubleshooting\Extensions\linky@gemal.dk.xpi [2013-03-07]
FF Extension: No Name - C:\Users\Josh\AppData\Roaming\Mozilla\Firefox\Profiles\lc1scjdp.Troubleshooting\Extensions\testpilot@labs.mozilla.com.xpi [2013-01-24]
FF Extension: No Name - C:\Users\Josh\AppData\Roaming\Mozilla\Firefox\Profiles\lc1scjdp.Troubleshooting\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2013-11-17]
FF Extension: No Name - C:\Users\Josh\AppData\Roaming\Mozilla\Firefox\Profiles\lc1scjdp.Troubleshooting\Extensions\{dc572301-7619-498c-a57d-39143191b318}.xpi [2013-01-24]
FF Extension: No Name - C:\Users\Josh\AppData\Roaming\Mozilla\Firefox\Profiles\lc1scjdp.Troubleshooting\Extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}.xpi [2013-11-17]
FF Extension: Skype Click to Call - C:\Program Files (x86)\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} [2014-11-10]
FF Extension: Skype Click to Call - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} [2014-11-10]

Chrome:
=======
CHR Profile: C:\Users\Josh\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (TooManyTabs for Chrome) - C:\Users\Josh\AppData\Local\Google\Chrome\User Data\Default\Extensions\amigcgbheognjmfkaieeeadojiibgbdp [2012-08-18]
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\Josh\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-05-22]
CHR Extension: (YouTube) - C:\Users\Josh\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2012-07-31]
CHR Extension: (History 2) - C:\Users\Josh\AppData\Local\Google\Chrome\User Data\Default\Extensions\cahejgbbfgmlmjgdjlibphdjeldhagkp [2012-08-24]
CHR Extension: (Google Search) - C:\Users\Josh\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2012-07-31]
CHR Extension: (Tab Manager) - C:\Users\Josh\AppData\Local\Google\Chrome\User Data\Default\Extensions\coonecdghnepgiblpccbbihiahajndda [2012-08-18]
CHR Extension: (Clear Cache) - C:\Users\Josh\AppData\Local\Google\Chrome\User Data\Default\Extensions\cppjkneekbjaeellbfkmgnhonkkjfpdn [2012-07-31]
CHR Extension: (Session Buddy) - C:\Users\Josh\AppData\Local\Google\Chrome\User Data\Default\Extensions\edacconmaakjimmfgnblocblbcdcpbko [2012-07-31]
CHR Extension: (AdBlock) - C:\Users\Josh\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2012-07-31]
CHR Extension: (Updater for Google Web History) - C:\Users\Josh\AppData\Local\Google\Chrome\User Data\Default\Extensions\ibhehjeahclandhcpbajhdfjeffnbcoa [2012-10-21]
CHR Extension: (NZBDrone Xtender) - C:\Users\Josh\AppData\Local\Google\Chrome\User Data\Default\Extensions\koaenifojgcodjmhlnhihpclekeegkce [2014-02-06]
CHR Extension: (Modified Tab Ordering) - C:\Users\Josh\AppData\Local\Google\Chrome\User Data\Default\Extensions\lhlppppejjiiinhklmlpfkafimagbcbe [2012-07-31]
CHR Extension: (Skype Click to Call) - C:\Users\Josh\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl [2014-04-28]
CHR Extension: (Reload All Tabs) - C:\Users\Josh\AppData\Local\Google\Chrome\User Data\Default\Extensions\midkcinmplflbiflboepnahkboeonkam [2012-07-31]
CHR Extension: (History Plus) - C:\Users\Josh\AppData\Local\Google\Chrome\User Data\Default\Extensions\mmeiidaaeapionnjaheefgcflidanoeg [2012-10-09]
CHR Extension: (Hangouts) - C:\Users\Josh\AppData\Local\Google\Chrome\User Data\Default\Extensions\nckgahadagoaajjgafhacjanaoiihapd [2014-03-24]
CHR Extension: (Tab Dupectomy) - C:\Users\Josh\AppData\Local\Google\Chrome\User Data\Default\Extensions\nkkedbpcfdogedipgdhgeknjdphaplbk [2012-07-31]
CHR Extension: (Google Wallet) - C:\Users\Josh\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-02-06]
CHR Extension: (NBC Olympics Scheduler) - C:\Users\Josh\AppData\Local\Google\Chrome\User Data\Default\Extensions\okhkncepdlpdblbgagmaifdgfaoincle [2012-07-31]
CHR Extension: (Gmail) - C:\Users\Josh\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2012-07-31]
CHR StartMenuInternet: Google Chrome - C:\Users\Josh\AppData\Local\Google\Chrome\Application\chrome.exe

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

S4 AdAppMgrSvc; C:\Program Files (x86)\Common Files\Autodesk Shared\AppManager\R1\AdAppMgrSvc.exe [581000 2014-04-01] (Autodesk Inc.)
S4 Apache2.4; C:\xampp\apache\bin\httpd.exe [22016 2012-08-18] (Apache Software Foundation) [File not signed]
R2 asComSvc; C:\Program Files (x86)\ASUS\AXSP\1.02.00\atkexComSvc.exe [936728 2014-01-27] ()
R2 asHmComSvc; C:\Program Files (x86)\ASUS\AAHM\1.00.22\aaHMSvc.exe [954648 2014-01-27] (ASUSTeK Computer Inc.)
R2 AsusFanControlService; C:\Program Files (x86)\ASUS\AsusFanControlService\1.05.08\AsusFanControlService.exe [387896 2014-04-06] (ASUSTeK Computer Inc.)
S4 Autodesk Licensing Service; C:\Program Files (x86)\Common Files\Autodesk Shared\Service\AdskScSrv.exe [72704 2014-04-09] (Autodesk) [File not signed]
S4 Creative ALchemy AL6 Licensing Service; C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\AL6Licensing.exe [79360 2012-09-13] (Creative Labs) [File not signed]
S4 Creative Audio Engine Licensing Service; C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe [79360 2012-09-13] (Creative Labs) [File not signed]
S4 CTAudSvcService; C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe [286720 2010-02-12] (Creative Technology Ltd) [File not signed]
S4 FileZillaServer; C:\xampp\filezillaftp\filezillaserver.exe [632320 2012-05-11] (FileZilla Project) [File not signed]
S4 Futuremark SystemInfo Service; C:\Program Files (x86)\Futuremark\SystemInfo\FMSISvc.exe [520416 2013-11-21] (Futuremark)
S4 HiPatchService; F:\Program Files (x86)\Hi-Rez Studios\HiPatchService.exe [8704 2012-08-30] (Hi-Rez Studios) [File not signed]
S4 lxdqCATSCustConnectService; C:\Windows\system32\spool\DRIVERS\x64\3\\lxdqserv.exe [29184 2009-04-28] (Lexmark International, Inc.) [File not signed]
S4 lxdq_device; C:\Windows\system32\lxdqcoms.exe [1039872 2007-11-28] ( ) [File not signed]
S4 lxdq_device; C:\Windows\SysWOW64\lxdqcoms.exe [589824 2007-11-28] ( ) [File not signed]
S4 mi-raysat_3dsmax2015_64; F:\Program Files\Autodesk\3ds Max 2015\NVIDIA\Satellite\raysat_3dsmax2015_64server.exe [86016 2011-09-14] () [File not signed]
S4 mi-raysat_3dsmax8; C:\Program Files (x86)\Autodesk\3dsMax8\mentalray\satellite\raysat_3dsmax8server.exe [65536 2005-09-21] () [File not signed]
R2 MsMpSvc; C:\Program Files\Microsoft Security Client\MsMpEng.exe [23784 2014-08-22] (Microsoft Corporation)
S4 mysql; C:\xampp\mysql\bin\mysqld.exe [8186368 2012-07-20] () [File not signed]
R3 NisSrv; C:\Program Files\Microsoft Security Client\NisSrv.exe [368624 2014-08-22] (Microsoft Corporation)
S4 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1720608 2014-07-25] (NVIDIA Corporation)
S4 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [18956064 2014-07-25] (NVIDIA Corporation)
R2 PnkBstrA; C:\Windows\SysWOW64\PnkBstrA.exe [75136 2014-05-31] ()
S4 ProtexisLicensing; C:\Windows\SysWOW64\PSIService.exe [174656 2006-11-02] () [File not signed]
S4 Razer Game Scanner Service; C:\Program Files (x86)\Razer\Razer Services\GSS\GameScannerService.exe [183488 2014-10-31] ()
S4 RzMaelstromVADStreamingService; C:\ProgramData\Razer\Synapse\Devices\Razer Surround\Driver\RzMaelstromVADStreamingService.exe [4250624 2014-06-09] (A-Volute) [File not signed]
S4 SwitchBoard; C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated) [File not signed]
S3 VsEtwService120; C:\Program Files (x86)\Microsoft Visual Studio 12.0\Common7\Packages\Debugger\Services\VsEtwService.exe [87728 2013-10-04] (Microsoft Corporation)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

U5 AppMgmt; C:\Windows\system32\svchost.exe [27136 2009-07-13] (Microsoft Corporation)
R1 AsIO; C:\Windows\SysWow64\drivers\AsIO.sys [15232 2014-01-27] ()
R1 AsUpIO; C:\Windows\SysWow64\drivers\AsUpIO.sys [14464 2014-02-24] ()
R3 ASUSFILTER; C:\Windows\SysWow64\drivers\ASUSFILTER.sys [46152 2011-09-19] (MCCI Corporation)
R1 dtsoftbus01; C:\Windows\System32\DRIVERS\dtsoftbus01.sys [283200 2013-01-05] (DT Soft Ltd)
S3 E100B; C:\Windows\System32\DRIVERS\efe5b32e.sys [192256 2009-06-10] (Intel Corporation)
S1 hwinterface; C:\Windows\SysWOW64\Drivers\hwinterface.sys [3026 2012-12-16] (Logix4u) [File not signed]
R3 IOMap; C:\Windows\system32\drivers\IOMap64.sys [24824 2014-04-06] (ASUSTeK Computer Inc.)
U0 kqvv; C:\Windows\System32\drivers\gfwky.sys [79064 2014-12-14] (Malwarebytes Corporation)
S3 ManyCam; C:\Windows\System32\DRIVERS\mcvidrv_x64.sys [44928 2012-10-10] (ManyCam LLC)
R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [129752 2014-12-14] (Malwarebytes Corporation)
S3 mcaudrv_simple; C:\Windows\System32\drivers\mcaudrv_x64.sys [28160 2013-01-31] (ManyCam LLC)
U0 mhdjds; C:\Windows\System32\drivers\xcmjef.sys [79064 2014-12-14] (Malwarebytes Corporation)
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [269008 2014-07-17] (Microsoft Corporation)
R2 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [125584 2014-07-17] (Microsoft Corporation)
S3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [20256 2014-07-25] (NVIDIA Corporation)
R3 nvvad_WaveExtensible; C:\Windows\System32\drivers\nvvad64v.sys [40392 2014-03-31] (NVIDIA Corporation)
R2 osaio; C:\Windows\system32\drivers\osaio.sys [17176 2012-02-09] (OSA Technologies, An Avocent Company)
S3 pbfilter; C:\Program Files\PeerBlock\pbfilter.sys [22600 2014-01-14] ()
S3 PPJoyBus; C:\Windows\System32\DRIVERS\PPJoyBus64.sys [20032 2009-11-03] (Deon van der Westhuysen)
S3 Razerlow; C:\Windows\System32\drivers\Razerlow.sys [21120 2005-11-07] (Razer (Asia-Pacific) Pte Ltd)
S3 RTCore64; C:\Program Files (x86)\MSI Afterburner\RTCore64.sys [13480 2014-06-10] ()
R3 RZMAELSTROMVADService; C:\Windows\System32\drivers\RzMaelstromVAD.sys [32768 2014-06-09] (Windows ® Win 7 DDK provider)
R2 rzpmgrk; C:\Windows\system32\drivers\rzpmgrk.sys [37184 2014-10-31] (Razer, Inc.)
R2 rzpnk; C:\Windows\system32\drivers\rzpnk.sys [129600 2014-10-23] (Razer, Inc.)
U3 TrueSight; C:\Windows\System32\drivers\TrueSight.sys [34808 2014-10-21] ()
S3 vhidmini; C:\Windows\System32\DRIVERS\vjoy.sys [13472 2009-10-08] (Headsoft) [File not signed]
S3 catchme; \??\C:\ComboFix\catchme.sys [X]
S3 cpuz135; \??\C:\Windows\TEMP\cpuz135\cpuz135_x64.sys [X]
S3 cpuz136; \??\C:\Windows\TEMP\cpuz136\cpuz136_x64.sys [X]
S3 EagleX64; \??\C:\Windows\system32\drivers\EagleX64.sys [X]
S3 EverestDriver; \??\C:\Program Files (x86)\Lavalys\EVEREST Ultimate Edition\kerneld.amd64 [X]
S3 STHDA; system32\drivers\stwrt64.sys [X]
S3 WacomPen; \SystemRoot\system32\drivers\wacompen.sys [X]
S3 xhunter1; \??\C:\Windows\xhunter1.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-12-14 16:40 - 2014-12-14 16:40 - 00079064 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\gfwky.sys
2014-12-14 06:47 - 2014-12-14 06:47 - 00079064 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\xcmjef.sys
2014-12-13 22:05 - 2014-12-13 22:05 - 00000842 _____ () C:\Users\Public\Desktop\GetDataBack Simple.lnk
2014-12-13 22:05 - 2014-12-13 22:05 - 00000842 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\GetDataBack Simple.lnk
2014-12-11 19:07 - 2014-12-11 19:07 - 00000000 ____H () C:\Windows\system32\Default.rdp
2014-12-11 06:01 - 2014-12-11 06:01 - 00000000 ____D () C:\Windows\SysWOW64\%LOCALAPPDATA%
2014-12-11 05:35 - 2014-12-13 22:05 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Runtime Software
2014-12-11 05:35 - 2014-12-11 05:35 - 00000845 _____ () C:\Users\Public\Desktop\GetDataBack for NTFS.lnk
2014-12-11 05:35 - 2014-12-11 05:35 - 00000845 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\GetDataBack for NTFS.lnk
2014-12-10 18:04 - 2014-12-10 18:04 - 00000917 _____ () C:\Users\Josh\malwaretext.txt
2014-12-10 17:37 - 2014-12-14 08:37 - 00000000 ____D () C:\Users\Public\Suspicious2
2014-12-10 07:04 - 2014-12-10 07:32 - 00000000 ____D () C:\Users\Public\Suspicious
2014-12-10 02:56 - 2014-12-10 02:56 - 00001058 _____ () C:\Users\Josh\Desktop\ListCWall.txt
2014-12-09 22:00 - 2014-12-09 22:00 - 00000000 ____D () C:\Program Files (x86)\ESET
2014-12-09 19:52 - 2014-12-09 19:52 - 00003132 _____ () C:\Users\Josh\photorec.cfg
2014-12-09 18:12 - 2014-12-09 19:37 - 00003184 _____ () C:\Users\Josh\Desktop\Search.txt
2014-12-09 12:14 - 2014-12-15 10:02 - 00000000 ____D () C:\FRST
2014-12-09 12:14 - 2014-12-09 12:13 - 02119680 _____ (Farbar) C:\Users\Josh\Desktop\FRST64.exe
2014-12-09 09:26 - 2014-12-09 09:26 - 00000000 ____D () C:\Users\Josh\AppData\Roaming\www.shadowexplorer.com
2014-12-09 09:13 - 2014-12-09 09:16 - 00004552 _____ () C:\Users\Public\malwarebytes.txt
2014-12-09 05:44 - 2014-12-09 05:44 - 00000222 _____ () C:\Users\Josh\Desktop\Lambda Wars Beta.url
2014-12-09 00:06 - 2014-12-09 00:06 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AutoHotkey
2014-12-08 20:38 - 2014-12-08 20:39 - 00017920 ___SH () C:\Users\Josh\Thumbs.db
2014-12-08 16:03 - 2014-12-08 16:03 - 00004651 _____ () C:\Users\Josh\Documents\how_decrypt.html
2014-12-08 14:39 - 2014-12-08 15:41 - 00004651 _____ () C:\Users\Josh\AppData\Roaming\how_decrypt.html
2014-12-08 14:01 - 2014-12-08 18:09 - 00008224 _____ () C:\Windows\SysWOW64\GDIPFONTCACHEV1.DAT
2014-12-08 13:41 - 2014-12-08 13:41 - 00004651 _____ () C:\Users\Josh\how_decrypt.html
2014-12-08 13:41 - 2014-12-08 13:41 - 00004651 _____ () C:\Users\Josh\AppData\Local\how_decrypt.html
2014-12-08 13:40 - 2014-12-08 13:40 - 00004651 _____ () C:\Users\Default\how_decrypt.html
2014-12-08 13:02 - 2014-12-08 13:02 - 00004651 _____ () C:\how_decrypt.html
2014-12-08 06:26 - 2014-12-14 06:26 - 00003730 _____ () C:\Windows\System32\Tasks\GoogleUpdater
2014-12-07 08:57 - 2014-12-07 08:57 - 00000000 __SHD () C:\Users\Josh\AppData\Local\EmieBrowserModeList
2014-12-01 20:40 - 2014-12-08 16:02 - 00024702 _____ () C:\Users\Josh\Documents\20151stquarterAppropriation.xlsx
2014-12-01 20:40 - 2014-12-01 20:40 - 00000104 ____H () C:\Users\Josh\Documents\.~lock.20151stquarterAppropriation.xlsx#
2014-12-01 17:38 - 2014-12-01 17:38 - 00000104 ____H () C:\Users\Josh\Documents\.~lock.CrazyForYouExpectationsandagreements.doc#
2014-11-30 05:49 - 2014-12-08 16:02 - 00013258 _____ () C:\Users\Josh\Documents\Christmas List 2014.odt
2014-11-30 05:39 - 2014-11-30 05:39 - 00000100 ____H () C:\Users\Josh\Documents\.~lock.Christmas 2013.odt#
2014-11-30 04:29 - 2014-11-30 04:29 - 00001456 _____ () C:\Users\Josh\AppData\Local\Adobe Save for Web 12.0 Prefs
2014-11-30 02:27 - 2014-11-30 02:28 - 00000000 ____D () C:\Users\Josh\AppData\Local\Deshaker
2014-11-30 02:01 - 2014-11-30 02:07 - 00000347 _____ () C:\Users\Josh\AppData\Roaming\.ptbt1
2014-11-30 01:53 - 2014-11-30 01:53 - 00000000 ____H () C:\Windows\system32\Drivers\Msft_User_WpdMtpDr_01_09_00.Wdf
2014-11-30 01:47 - 2014-11-30 01:48 - 00000000 ____D () C:\Program Files\Hugin
2014-11-30 01:47 - 2014-11-30 01:47 - 00000868 _____ () C:\Users\Josh\Desktop\Hugin.lnk
2014-11-30 01:47 - 2014-11-30 01:47 - 00000000 ____D () C:\Users\Josh\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Hugin
2014-11-30 01:45 - 2014-11-30 01:45 - 00000000 ____D () C:\Program Files (x86)\Hugin
2014-11-28 19:32 - 2014-12-13 19:27 - 00000986 _____ () C:\Windows\setupact.log
2014-11-28 19:32 - 2014-11-28 19:32 - 00000000 _____ () C:\Windows\setuperr.log
2014-11-28 19:31 - 2014-12-10 22:19 - 00016056 _____ () C:\Windows\PFRO.log
2014-11-26 03:34 - 2014-11-26 03:34 - 00000000 ____D () C:\Users\Josh\Documents\UnrealTournament
2014-11-25 17:39 - 2014-11-25 17:39 - 00000104 ____H () C:\Users\Josh\Documents\.~lock.20151stquarterAppropriation2.xlsx#
2014-11-25 17:38 - 2014-12-08 16:02 - 00024694 _____ () C:\Users\Josh\Documents\20151stquarterAppropriation2.xlsx
2014-11-22 19:40 - 2014-11-23 17:06 - 00000104 ____H () C:\Users\Josh\Documents\.~lock.BEINGAGATSBYCANBEMURDER.doc#
2014-11-18 18:29 - 2014-11-10 22:08 - 00728064 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2014-11-18 18:29 - 2014-11-10 22:08 - 00241152 _____ (Microsoft Corporation) C:\Windows\system32\pku2u.dll
2014-11-18 18:29 - 2014-11-10 21:44 - 00550912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2014-11-18 18:29 - 2014-11-10 21:44 - 00186880 _____ (Microsoft Corporation) C:\Windows\SysWOW64\pku2u.dll
2014-11-18 18:29 - 2014-10-13 21:16 - 00155064 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2014-11-18 18:29 - 2014-10-13 21:12 - 01460736 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2014-11-18 18:29 - 2014-10-13 20:50 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2014-11-18 18:29 - 2014-10-13 20:49 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2014-11-18 01:05 - 2014-11-18 01:05 - 00000000 ____D () C:\Users\Josh\AppData\Local\RzStats
2014-11-18 00:09 - 2014-10-23 15:05 - 00129600 _____ (Razer, Inc.) C:\Windows\system32\Drivers\rzpnk.sys
2014-11-18 00:08 - 2014-10-31 18:27 - 00037184 _____ (Razer, Inc.) C:\Windows\system32\Drivers\rzpmgrk.sys
2014-11-18 00:07 - 2014-11-18 00:07 - 00000000 ____D () C:\ProgramData\RzMaelstromVAD_1.1.58.1854
2014-11-17 02:02 - 2014-12-08 17:23 - 00000000 ____D () C:\Users\Josh\Documents\uglyholidaysweater
2014-11-17 02:02 - 2014-12-08 16:03 - 00122352 _____ () C:\Users\Josh\Documents\uglyholidaysweater.zip

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-12-15 09:53 - 2012-01-11 08:26 - 01676344 _____ () C:\Windows\WindowsUpdate.log
2014-12-15 09:41 - 2013-01-03 01:13 - 00000898 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-12-15 09:38 - 2012-07-04 23:24 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-12-15 03:00 - 2014-10-19 23:39 - 00003858 _____ () C:\Windows\System32\Tasks\{5E8D2BEB-18C3-EC00-FE13-4FCAFACCE36C}
2014-12-15 02:45 - 2012-08-02 14:58 - 00000000 ____D () C:\Users\Josh\AppData\Local\CrashDumps
2014-12-14 19:11 - 2012-07-31 03:25 - 00000852 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1096825299-2601053131-2088073329-1001Core.job
2014-12-14 17:21 - 2014-10-20 07:06 - 00129752 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-12-14 16:41 - 2013-01-03 01:13 - 00000894 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-12-14 06:47 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\Globalization
2014-12-14 02:00 - 2014-06-20 18:01 - 00000000 ____D () C:\Users\Josh\AppData\Local\Adobe
2014-12-14 01:11 - 2012-07-31 03:26 - 00002374 _____ () C:\Users\Josh\Desktop\Google Chrome.lnk
2014-12-14 00:03 - 2011-03-19 19:48 - 00000000 ____D () C:\Users\Josh\AppData\Roaming\Mumble
2014-12-13 21:47 - 2011-03-19 19:41 - 00000000 ____D () C:\Program Files (x86)\Mumble
2014-12-13 21:46 - 2012-07-28 22:25 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mumble
2014-12-13 19:35 - 2009-07-13 23:45 - 00028128 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-12-13 19:35 - 2009-07-13 23:45 - 00028128 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-12-13 19:33 - 2013-04-18 05:01 - 00000000 ___RD () C:\Users\Josh\SkyDrive
2014-12-13 19:27 - 2009-07-14 00:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-12-10 22:19 - 2014-07-18 23:28 - 00000000 ____D () C:\Windows\MEI
2014-12-10 22:19 - 2012-02-14 02:00 - 00000000 ____D () C:\Windows\Minidump
2014-12-10 22:17 - 2014-04-09 04:14 - 00000000 ____D () C:\Users\Josh\AppData\Local\TSVNCache
2014-12-10 18:04 - 2012-01-11 05:38 - 00000000 ____D () C:\Users\Josh
2014-12-10 07:38 - 2014-09-23 04:23 - 00000000 ____D () C:\Program Files (x86)\ZAR
2014-12-10 07:05 - 2014-05-29 05:35 - 00056320 ___SH () C:\Users\Public\Thumbs.db
2014-12-09 21:42 - 2014-08-17 04:59 - 00000000 ____D () C:\Program Files\Recuva
2014-12-09 09:29 - 2009-07-14 00:13 - 00782578 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-12-09 08:45 - 2010-06-04 09:33 - 00000000 ___RD () C:\Users\Josh\Documents\My Dropbox
2014-12-09 08:45 - 2010-06-04 09:31 - 00000000 ____D () C:\Users\Josh\AppData\Roaming\Dropbox
2014-12-09 06:38 - 2009-11-02 07:56 - 00000000 ____D () C:\Program Files (x86)\Steam
2014-12-09 05:51 - 2009-11-08 22:50 - 00000000 ____D () C:\Users\Josh\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Steam
2014-12-09 05:38 - 2009-11-06 03:45 - 00000000 ____D () C:\Program Files (x86)\Adobe
2014-12-09 05:35 - 2014-03-26 04:23 - 00000000 ____D () C:\Users\Josh\Documents\Unreal Projects
2014-12-09 00:06 - 2012-09-22 02:38 - 00000000 ____D () C:\Program Files\AutoHotkey
2014-12-09 00:06 - 2010-12-07 18:35 - 00000000 ____D () C:\Program Files (x86)\AutoHotkey
2014-12-08 20:27 - 2014-05-21 05:51 - 00147880 _____ () C:\Users\Josh\AppData\Local\GDIPFONTCACHEV1.DAT
2014-12-08 20:20 - 2012-05-04 13:31 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2014-12-08 19:47 - 2014-11-10 09:15 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-12-08 17:36 - 2014-10-20 06:52 - 00001116 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-12-08 17:36 - 2014-10-20 06:52 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-12-08 17:36 - 2014-10-20 06:51 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-12-08 17:23 - 2014-08-30 02:18 - 00000000 ____D () C:\Users\Josh\Documents\TheSearchforTinkerDoyleCalendar2
2014-12-08 17:23 - 2014-08-27 19:11 - 00000000 ____D () C:\Users\Josh\Documents\TheSearchforTinkerDoyleCalendar
2014-12-08 17:23 - 2013-11-19 01:40 - 00000000 ____D () C:\Users\Josh\Documents\Unity
2014-12-08 17:23 - 2013-06-19 18:32 - 00000000 ____D () C:\Users\Josh\Documents\TheTotallyTelethon
2014-12-08 17:23 - 2010-03-17 01:39 - 00000000 ____D () C:\Users\Josh\Documents\TurboTax
2014-12-08 17:23 - 2009-11-06 04:17 - 00000000 ____D () C:\Users\Josh\Documents\Tournament Time Data
2014-12-08 17:23 - 2009-11-06 04:05 - 00000000 ____D () C:\Users\Josh\Documents\TrackMania
2014-12-08 17:22 - 2014-03-11 15:56 - 00000000 ____D () C:\Users\Josh\Documents\The Royal Family
2014-12-08 17:18 - 2013-01-18 00:32 - 00000000 ____D () C:\Users\Josh\Documents\TDWLOGO
2014-12-08 17:18 - 2013-01-14 16:07 - 00000000 ____D () C:\Users\Josh\Documents\TDWWRITTENmanwhocametodinnerking
2014-12-08 17:14 - 2012-12-03 22:23 - 00000000 ____D () C:\Users\Josh\Documents\scrivenertut.scriv
2014-12-08 17:13 - 2009-11-06 15:13 - 00000000 ____D () C:\Users\Josh\Documents\RODEN_ApplicationAcknowledgmentLetter
2014-12-08 17:10 - 2012-08-20 06:20 - 00000000 ____D () C:\Users\Josh\Documents\RehearsalSchedule
2014-12-08 17:10 - 2012-07-05 01:34 - 00000000 ____D () C:\Users\Josh\Documents\recruitment_files
2014-12-08 17:10 - 2011-01-16 17:06 - 00000000 ____D () C:\Users\Josh\Documents\REAPER Media
2014-12-08 17:08 - 2013-04-17 23:59 - 00000000 ____D () C:\Users\Josh\Documents\Program Materials
2014-12-08 17:08 - 2011-06-20 21:16 - 00000000 ____D () C:\Users\Josh\Documents\People's Writing
2014-12-08 17:07 - 2009-11-06 05:58 - 00000000 ____D () C:\Users\Josh\Documents\MySpaceIM Pics
2014-12-08 17:06 - 2009-11-06 03:45 - 00000000 ____D () C:\Users\Josh\Documents\My PSP Files
2014-12-08 16:21 - 2009-11-06 03:52 - 00000000 ____D () C:\Users\Josh\Documents\My eBooks
2014-12-08 16:18 - 2009-11-06 10:23 - 00000000 ____D () C:\Users\Josh\Documents\LEFTCAMERA
2014-12-08 16:16 - 2009-11-06 16:59 - 00000000 ____D () C:\Users\Josh\Documents\JoshRodenResume
2014-12-08 16:15 - 2012-11-15 22:23 - 00000000 ____D () C:\Users\Josh\Documents\Guild Wars 2
2014-12-08 16:14 - 2009-11-06 05:49 - 00000000 ____D () C:\Users\Josh\Documents\FlexDeveloper
2014-12-08 16:13 - 2013-04-22 03:11 - 00000000 ____D () C:\Users\Josh\Documents\DSC01095
2014-12-08 16:13 - 2011-09-02 16:36 - 00000000 ____D () C:\Users\Josh\Documents\cPWyGGA0mLk_data
2014-12-08 16:13 - 2011-01-19 14:22 - 00000000 ____D () C:\Users\Josh\Documents\Dyyno
2014-12-08 16:13 - 2009-11-06 07:01 - 00000000 ____D () C:\Users\Josh\Documents\ConvertXtoDVD
2014-12-08 16:12 - 2013-09-01 08:52 - 00000000 ____D () C:\Users\Josh\Documents\Backups
2014-12-08 16:12 - 2013-04-18 05:31 - 00000000 ____D () C:\Users\Josh\Documents\barefootprogram_files
2014-12-08 16:12 - 2013-02-08 07:57 - 00000000 ____D () C:\Users\Josh\Documents\Command and Conquer Generals Data
2014-12-08 16:12 - 2013-02-07 02:18 - 00000000 ____D () C:\Users\Josh\Documents\Command and Conquer Generals Zero Hour Data
2014-12-08 16:12 - 2011-01-19 14:33 - 00000000 ____D () C:\Users\Josh\Documents\Camtasia Studio
2014-12-08 16:12 - 2009-11-06 03:59 - 00000000 ____D () C:\Users\Josh\Documents\Bulk Image Downloader
2014-12-08 16:05 - 2014-05-16 03:45 - 00000000 ____D () C:\Users\Josh\Documents\Arma 3
2014-12-08 16:05 - 2013-04-27 16:44 - 00000000 ____D () C:\Users\Josh\Documents\Arma 3 Alpha Lite
2014-12-08 16:05 - 2012-04-12 04:26 - 00000000 ____D () C:\Users\Josh\Documents\ArmA 2
2014-12-08 16:04 - 2014-11-02 17:33 - 00000000 ____D () C:\Users\Josh\Documents\ArcheAge
2014-12-08 16:04 - 2013-08-20 15:25 - 00000000 ____D () C:\Users\Josh\Documents\Algodoo
2014-12-08 16:04 - 2009-11-06 11:10 - 00000000 ____D () C:\Users\Josh\Documents\418WISkills
2014-12-08 16:03 - 2014-10-13 13:12 - 00022583 _____ () C:\Users\Josh\Documents\J. Roden Resume.odt
2014-12-08 16:03 - 2014-10-12 11:48 - 00000000 ____D () C:\Users\Josh\Documents\2014CenterStageWRITTENinheritthewindmonnig
2014-12-08 16:03 - 2014-08-19 17:16 - 00017408 _____ () C:\Users\Josh\Documents\TheSearchforTinkerDoyleCalendar.xls
2014-12-08 16:03 - 2014-06-15 21:45 - 00000000 ____D () C:\Users\Josh\Documents\20120908155516
2014-12-08 16:03 - 2014-06-03 07:55 - 00024110 _____ () C:\Users\Josh\Documents\FoodInventory7.ods_2.ods_2.ods
2014-12-08 16:03 - 2014-05-30 03:26 - 20324509 _____ () C:\Users\Josh\Documents\Leafs.zip
2014-12-08 16:03 - 2014-05-09 03:54 - 20544998 _____ () C:\Users\Josh\Documents\kenneyDonation_v6.zip
2014-12-08 16:03 - 2014-01-11 02:06 - 00013213 _____ () C:\Users\Josh\Documents\vowes.odt
2014-12-08 16:03 - 2014-01-07 06:54 - 00027436 _____ () C:\Users\Josh\Documents\TheatreCompanies.ods
2014-12-08 16:03 - 2013-12-23 03:32 - 00000000 ____D () C:\Users\Josh\Documents\3DMark
2014-12-08 16:03 - 2013-12-17 17:42 - 00115563 _____ () C:\Users\Josh\Documents\THEROYALFAMILY-Cast.zip
2014-12-08 16:03 - 2013-10-18 23:50 - 00000000 ____D () C:\Users\Josh\Documents\0001
2014-12-08 16:03 - 2013-10-18 22:51 - 00000000 ____D () C:\Users\Josh\Documents\00000DISPLAYSIGNAGE
2014-12-08 16:03 - 2013-10-18 22:05 - 00000000 ____D () C:\Users\Josh\Documents\00000HOLIDAYORDERFORM
2014-12-08 16:03 - 2013-09-08 17:34 - 00062464 _____ () C:\Users\Josh\Documents\qcracks.xls
2014-12-08 16:03 - 2013-08-12 16:37 - 00018432 _____ () C:\Users\Josh\Documents\genconsheet.xls
2014-12-08 16:03 - 2013-07-22 19:27 - 00081326 _____ () C:\Users\Josh\Documents\ts3_clientui-win64-1365064384-2013-07-22 20_27_01.607421.dmp
2014-12-08 16:03 - 2013-07-18 00:08 - 00021504 _____ () C:\Users\Josh\Documents\meijerlist.xls
2014-12-08 16:03 - 2013-07-04 03:31 - 00618352 _____ () C:\Users\Josh\Documents\firststupidness.blend
2014-12-08 16:03 - 2013-07-04 03:31 - 00616080 _____ () C:\Users\Josh\Documents\firststupidness.blend1
2014-12-08 16:03 - 2013-07-04 03:31 - 00506376 _____ () C:\Users\Josh\Documents\firststupidness.blend2
2014-12-08 16:03 - 2013-06-19 18:32 - 00468997 _____ () C:\Users\Josh\Documents\TheTotallyTelethon.zip
2014-12-08 16:03 - 2013-06-16 03:37 - 00012707 _____ () C:\Users\Josh\Documents\Risen Civ 5.ods
2014-12-08 16:03 - 2013-06-05 15:46 - 00302187 _____ () C:\Users\Josh\Documents\Real American Units.ods
2014-12-08 16:03 - 2013-05-30 19:28 - 00098250 _____ () C:\Users\Josh\Documents\ts3_clientui-win64-1365064384-2013-05-30 20_28_12.618836.dmp
2014-12-08 16:03 - 2013-05-28 15:52 - 00000000 ____D () C:\Users\Josh\Documents\2012TDWWRITTENbarefootwinkler
2014-12-08 16:03 - 2013-05-20 15:49 - 00281552 _____ () C:\Users\Josh\Documents\Wesnoth Gold Calculator.ods
2014-12-08 16:03 - 2013-05-18 00:45 - 00014221 _____ () C:\Users\Josh\Documents\LoveRidestheRailsCastandCrew.xlsx
2014-12-08 16:03 - 2013-05-17 16:21 - 00390042 _____ () C:\Users\Josh\Documents\mymap.hxm
2014-12-08 16:03 - 2013-04-22 03:42 - 00119836 _____ () C:\Users\Josh\Documents\LoveRidesTheRails.zip
2014-12-08 16:03 - 2013-04-22 03:11 - 02911673 _____ () C:\Users\Josh\Documents\DSC01095.zip
2014-12-08 16:03 - 2013-04-18 06:09 - 00338021 _____ () C:\Users\Josh\Documents\FoodInventory7.ods_2.ods
2014-12-08 16:03 - 2013-04-18 06:09 - 00277633 _____ () C:\Users\Josh\Documents\Real%20American%20Units.ods_0.ods
2014-12-08 16:03 - 2013-04-18 06:09 - 00181651 _____ () C:\Users\Josh\Documents\eCodex%20Space%20Marine%201.02.xls_0.ods
2014-12-08 16:03 - 2013-04-18 06:09 - 00104653 _____ () C:\Users\Josh\Documents\todovista.ods_0.ods
2014-12-08 16:03 - 2013-04-18 06:09 - 00021575 _____ () C:\Users\Josh\Documents\J.%20Roden%20Resume.docx_0.odt
2014-12-08 16:03 - 2013-04-18 06:09 - 00018759 _____ () C:\Users\Josh\Documents\TDWMembershipDirectory2012-13asof12-17-2012.xls_1.ods
2014-12-08 16:03 - 2013-04-14 22:52 - 00265918 _____ () C:\Users\Josh\Documents\practice program.odg
2014-12-08 16:03 - 2013-04-09 02:30 - 01239921 _____ () C:\Users\Josh\Documents\youtube_towatchlater.txt
2014-12-08 16:03 - 2013-04-09 02:30 - 00176442 _____ () C:\Users\Josh\Documents\youtube_toprocess.txt
2014-12-08 16:03 - 2013-04-05 23:32 - 00064654 _____ () C:\Users\Josh\Documents\WoWPickerderaft.py
2014-12-08 16:03 - 2013-03-19 16:13 - 03636063 _____ () C:\Users\Josh\Documents\something.txt
2014-12-08 16:03 - 2013-02-16 21:25 - 03959500 _____ () C:\Users\Josh\Documents\youtube_something.txt
2014-12-08 16:03 - 2013-02-14 06:44 - 00181180 _____ () C:\Users\Josh\Documents\youtubedigest_2013_02_14.txt
2014-12-08 16:03 - 2013-01-18 00:35 - 00366797 _____ () C:\Users\Josh\Documents\TDW Poster.ods
2014-12-08 16:03 - 2013-01-18 00:32 - 00207383 _____ () C:\Users\Josh\Documents\TDWLOGO.zip
2014-12-08 16:03 - 2013-01-14 16:07 - 00029994 _____ () C:\Users\Josh\Documents\TDWWRITTENmanwhocametodinnerking.zip
2014-12-08 16:03 - 2012-12-25 19:12 - 00047108 _____ () C:\Users\Josh\Documents\youtubedigest_2012_12_25.txt
2014-12-08 16:03 - 2012-12-19 13:05 - 00036352 _____ () C:\Users\Josh\Documents\TDWMembershipDirectory2012-13asof12-17-2012.xls
2014-12-08 16:03 - 2012-11-18 06:20 - 00068464 _____ () C:\Users\Josh\Documents\youtubedigest_2012_11_18.txt
2014-12-08 16:03 - 2012-09-10 21:29 - 00282337 _____ () C:\Users\Josh\Documents\ts3_clientui-win64-1343657352-2012-09-10 22_29_19.316406.dmp
2014-12-08 16:03 - 2012-08-31 00:55 - 00085571 _____ () C:\Users\Josh\Documents\ts3_clientui-win64-1343657352-2012-08-31 01_55_28.722656.dmp
2014-12-08 16:03 - 2012-08-20 06:20 - 00107949 _____ () C:\Users\Josh\Documents\RehearsalSchedule.zip
2014-12-08 16:03 - 2012-08-16 23:52 - 00124964 _____ () C:\Users\Josh\Documents\todosimple.txt
2014-12-08 16:03 - 2012-07-13 02:46 - 00071161 _____ () C:\Users\Josh\Documents\ts3_clientui-win64-1340260499-2012-07-13 03_46_08.862304.dmp
2014-12-08 16:03 - 2012-07-04 17:02 - 00069278 _____ () C:\Users\Josh\Documents\ts3_clientui-win64-1340260499-2012-07-04 18_02_13.212945.dmp
2014-12-08 16:03 - 2012-06-10 18:55 - 00017098 _____ () C:\Users\Josh\Documents\youtubedigest_2012_06_10.txt
2014-12-08 16:03 - 2012-06-06 00:38 - 00027928 _____ () C:\Users\Josh\Documents\youtubedigest_2012_06_06.txt
2014-12-08 16:03 - 2012-05-31 23:39 - 00026194 _____ () C:\Users\Josh\Documents\Raven Blades 1500.ros
2014-12-08 16:03 - 2012-05-31 23:07 - 00023572 _____ () C:\Users\Josh\Documents\Raven Blades 1000v2d.ros
2014-12-08 16:03 - 2012-05-26 21:17 - 00019197 _____ () C:\Users\Josh\Documents\Raven Blades 1000v2c.ros
2014-12-08 16:03 - 2012-05-25 19:35 - 00018066 _____ () C:\Users\Josh\Documents\Raven Blades 1000v2b.ros
2014-12-08 16:03 - 2012-05-25 19:10 - 00018960 _____ () C:\Users\Josh\Documents\Raven Blades 1000v2a.ros
2014-12-08 16:03 - 2012-05-24 14:31 - 00035036 _____ () C:\Users\Josh\Documents\Raven Blades 2000.ros
2014-12-08 16:03 - 2012-05-24 14:04 - 00024690 _____ () C:\Users\Josh\Documents\Raven Blades 1000.ros
2014-12-08 16:03 - 2012-05-20 21:55 - 00778752 _____ () C:\Users\Josh\Documents\eCodex Space Marine 1.02.xls
2014-12-08 16:03 - 2012-05-20 20:04 - 00143454 _____ () C:\Users\Josh\Documents\eCodex Space Marine 1.02.ods
2014-12-08 16:03 - 2012-04-04 15:41 - 00000000 ____D () C:\Users\Josh\Documents\2011_TDW_WRITTEN_Talley_&_son_vater
2014-12-08 16:03 - 2012-03-30 09:10 - 00065024 _____ () C:\Users\Josh\Documents\DidierWeddingGuestList.xls
2014-12-08 16:03 - 2012-03-30 09:08 - 00180620 _____ () C:\Users\Josh\Documents\RodenWeddingguesttracker1.xlsx
2014-12-08 16:03 - 2012-03-25 11:28 - 00033724 _____ () C:\Users\Josh\Documents\youtubedigest_2012_03_25.txt
2014-12-08 16:03 - 2012-02-18 18:18 - 00851456 _____ () C:\Users\Josh\Documents\THE THING (Oct 26 Cutoff)_O.xls
2014-12-08 16:03 - 2012-01-22 20:55 - 00016422 _____ () C:\Users\Josh\Documents\TalleyandSonRehearsalScheduleV2.odt
2014-12-08 16:03 - 2012-01-11 17:09 - 00011718 _____ () C:\Users\Josh\Documents\Planetside presentation.BPres
2014-12-08 16:03 - 2011-12-05 02:10 - 00014460 _____ () C:\Users\Josh\Documents\youtubedigest_2011_12_05.txt
2014-12-08 16:03 - 2011-11-22 03:00 - 00017686 _____ () C:\Users\Josh\Documents\Install STAR WARS The Old Republic.log
2014-12-08 16:03 - 2011-09-17 21:34 - 00011264 _____ () C:\Users\Josh\Documents\MoviesToWatch.xls
2014-12-08 16:03 - 2011-08-19 00:45 - 00108430 _____ () C:\Users\Josh\Documents\FoodInventory7.ods
2014-12-08 16:03 - 2011-07-04 01:59 - 00358912 ___SH () C:\Users\Josh\Documents\Thumbs.db
2014-12-08 16:03 - 2011-06-23 14:11 - 00821243 _____ () C:\Users\Josh\Documents\FEEDBACKFORM.zip
2014-12-08 16:03 - 2011-05-15 20:47 - 00033280 _____ () C:\Users\Josh\Documents\N64mempack2.mpk
2014-12-08 16:03 - 2011-03-29 23:15 - 00035826 _____ () C:\Users\Josh\Documents\Rodensymbols.jdip
2014-12-08 16:03 - 2011-03-27 12:00 - 00021448 _____ () C:\Users\Josh\Documents\mega_man_truetype.ttf
2014-12-08 16:03 - 2011-03-25 12:54 - 00030720 _____ () C:\Users\Josh\Documents\lame 1938.jdip
2014-12-08 16:03 - 2011-03-23 00:09 - 00094941 _____ () C:\Users\Josh\Documents\Negative World B plans4.jdip
2014-12-08 16:03 - 2011-03-22 23:42 - 00092098 _____ () C:\Users\Josh\Documents\Negative World B plans3.jdip
2014-12-08 16:03 - 2011-03-18 21:16 - 00018587 _____ () C:\Users\Josh\Documents\March Madness.ods
2014-12-08 16:03 - 2011-03-16 17:39 - 00097038 _____ () C:\Users\Josh\Documents\Negative World B plans2.jdip
2014-12-08 16:03 - 2011-03-16 17:23 - 00094746 _____ () C:\Users\Josh\Documents\Negative World B plans.jdip
2014-12-08 16:03 - 2011-03-15 03:01 - 00033280 _____ () C:\Users\Josh\Documents\N64mempack.mpk
2014-12-08 16:03 - 2011-02-08 04:09 - 00060345 _____ () C:\Users\Josh\Documents\Domination.jdip
2014-12-08 16:03 - 2011-02-07 18:11 - 00031222 _____ () C:\Users\Josh\Documents\northamericav2.ods
2014-12-08 16:03 - 2011-01-12 14:01 - 00107119 _____ () C:\Users\Josh\Documents\Negative World B.jdip
2014-12-08 16:03 - 2011-01-03 14:06 - 00160256 _____ () C:\Users\Josh\Documents\NFL Playoffs.tm2
2014-12-08 16:03 - 2010-09-29 00:38 - 02691279 _____ () C:\Users\Josh\Documents\Windows_NT6_BSOD_jcgriff2.zip
2014-12-08 16:03 - 2010-07-24 19:07 - 00034730 _____ () C:\Users\Josh\Documents\HOWTO_Windows.txt
2014-12-08 16:03 - 2010-04-11 06:20 - 00030463 _____ () C:\Users\Josh\Documents\modColorFunctions.bas
2014-12-08 16:03 - 2010-02-22 06:00 - 00030720 _____ () C:\Users\Josh\Documents\MathHammer.xls
2014-12-08 16:03 - 2009-12-13 03:07 - 00209408 _____ () C:\Users\Josh\Documents\StreetFighterIV.tm2
2014-12-08 16:03 - 2009-11-30 05:05 - 00933606 _____ () C:\Users\Josh\Documents\Left4Dead2.m3u
2014-12-08 16:03 - 2009-10-20 20:58 - 07885189 _____ () C:\Users\Josh\Documents\DSC00315.zip
2014-12-08 16:03 - 2009-10-20 20:58 - 03712638 _____ () C:\Users\Josh\Documents\level1.zip
2014-12-08 16:03 - 2009-10-20 20:58 - 02884077 _____ () C:\Users\Josh\Documents\samples.zip
2014-12-08 16:03 - 2009-10-20 20:58 - 01899741 _____ () C:\Users\Josh\Documents\Dragon.zip
2014-12-08 16:03 - 2009-10-20 20:58 - 01604719 _____ () C:\Users\Josh\Documents\TIJ-3rd-edition4.0.zip
2014-12-08 16:03 - 2009-10-20 20:58 - 01491158 _____ () C:\Users\Josh\Documents\Illuminati.zip
2014-12-08 16:03 - 2009-10-20 20:58 - 01246190 _____ () C:\Users\Josh\Documents\Templars.zip
2014-12-08 16:03 - 2009-10-20 20:58 - 01049798 _____ () C:\Users\Josh\Documents\RODEN_ApplicationAcknowledgmentLetter.zip
2014-12-08 16:03 - 2009-10-20 20:58 - 00043762 _____ () C:\Users\Josh\Documents\LEFTCAMERA.zip
2014-12-08 16:03 - 2009-10-20 20:58 - 00017641 _____ () C:\Users\Josh\Documents\FlexDeveloper.zip
2014-12-08 16:03 - 2009-10-20 20:58 - 00016027 _____ () C:\Users\Josh\Documents\JoshRodenResume.zip
2014-12-08 16:03 - 2009-10-19 05:00 - 02160689 _____ () C:\Users\Josh\Documents\tf2.wma
2014-12-08 16:03 - 2009-10-19 05:00 - 00028975 _____ () C:\Users\Josh\Documents\Untitled 1.odt
2014-12-08 16:03 - 2009-10-19 05:00 - 00021456 _____ () C:\Users\Josh\Documents\untitled_0.odt
2014-12-08 16:03 - 2009-09-28 06:43 - 01733520 _____ () C:\Users\Josh\Documents\monkoutfit.odt
2014-12-08 16:03 - 2009-09-28 06:43 - 01440566 _____ () C:\Users\Josh\Documents\smogmountain.bmp
2014-12-08 16:03 - 2009-09-28 06:43 - 00139184 _____ () C:\Users\Josh\Documents\Turok Weapons.isf
2014-12-08 16:03 - 2009-09-28 06:43 - 00087628 _____ () C:\Users\Josh\Documents\Turok Weapons2.isf
2014-12-08 16:03 - 2009-09-28 06:43 - 00033786 _____ () C:\Users\Josh\Documents\theatre_floor_plan.odt
2014-12-08 16:03 - 2009-09-28 06:43 - 00018976 _____ () C:\Users\Josh\Documents\wesnoth.m3u
2014-12-08 16:03 - 2009-09-28 06:43 - 00015751 _____ () C:\Users\Josh\Documents\resume.odt
2014-12-08 16:03 - 2009-09-23 16:53 - 00109850 _____ () C:\Users\Josh\Documents\todovista.ods
2014-12-08 16:03 - 2009-09-23 16:53 - 00014034 _____ () C:\Users\Josh\Documents\tc_allvalvemaps_night.odg
2014-12-08 16:03 - 2009-09-18 02:21 - 00035764 _____ () C:\Users\Josh\Documents\DxDiag.txt
2014-12-08 16:03 - 2009-03-20 01:38 - 00209408 _____ () C:\Users\Josh\Documents\SmashTourney.tm2
2014-12-08 16:03 - 2009-01-01 20:58 - 00857470 _____ () C:\Users\Josh\Documents\left4dead.m3u
2014-12-08 16:03 - 2008-08-07 04:45 - 00125189 _____ () C:\Users\Josh\Documents\Playlist.mpcpl
2014-12-08 16:03 - 2008-07-22 20:33 - 00012668 _____ () C:\Users\Josh\Documents\envelope.odt
2014-12-08 16:03 - 2008-05-31 19:33 - 00125941 _____ () C:\Users\Josh\Documents\L0531033.log
2014-12-08 16:03 - 2008-04-29 13:55 - 00018469 _____ () C:\Users\Josh\Documents\ravinesky.tgd_bak
2014-12-08 16:03 - 2008-04-29 03:17 - 00018469 _____ () C:\Users\Josh\Documents\ravinesky.tgd
2014-12-08 16:03 - 2008-04-28 21:43 - 00922166 _____ () C:\Users\Josh\Documents\graymountainplanet.bmp
2014-12-08 16:03 - 2008-04-19 16:34 - 00102453 _____ () C:\Users\Josh\Documents\L0419012.log
2014-12-08 16:03 - 2008-04-12 21:42 - 01992261 _____ () C:\Users\Josh\Documents\rocket003_reference.smd
2014-12-08 16:03 - 2008-04-12 21:42 - 00335739 _____ () C:\Users\Josh\Documents\lod1_rocket003_reference.smd
2014-12-08 16:03 - 2008-04-12 21:42 - 00039597 _____ () C:\Users\Josh\Documents\phymodel.smd
2014-12-08 16:02 - 2014-10-21 07:29 - 00098726 _____ () C:\Users\Josh\Documents\cc_20141021_082904.reg
2014-12-08 16:02 - 2014-10-20 16:51 - 00229521 _____ () C:\Users\Josh\Documents\acting%20resume2.doc_1_5.odt
2014-12-08 16:02 - 2014-10-12 11:48 - 00091171 _____ () C:\Users\Josh\Documents\2014CenterStageWRITTENinheritthewindmonnig.zip
2014-12-08 16:02 - 2014-09-25 16:01 - 03214573 _____ () C:\Users\Josh\Documents\20140925_150746.zip
2014-12-08 16:02 - 2014-09-19 18:10 - 00229521 _____ () C:\Users\Josh\Documents\acting%20resume2.doc_1_4.odt
2014-12-08 16:02 - 2014-09-11 17:20 - 00230596 _____ () C:\Users\Josh\Documents\acting%20resume2.doc_1_3.odt
2014-12-08 16:02 - 2014-08-17 18:11 - 00230598 _____ () C:\Users\Josh\Documents\acting%20resume2.doc_1_2.odt
2014-12-08 16:02 - 2014-08-17 18:11 - 00229145 _____ () C:\Users\Josh\Documents\acting%20resume.doc_0_3.odt
2014-12-08 16:02 - 2014-07-30 17:36 - 00230591 _____ () C:\Users\Josh\Documents\acting%20resume2.doc_1_1.odt
2014-12-08 16:02 - 2014-07-30 17:36 - 00229146 _____ () C:\Users\Josh\Documents\acting%20resume.doc_0_2.odt
2014-12-08 16:02 - 2014-07-27 17:19 - 00229140 _____ () C:\Users\Josh\Documents\acting%20resume.doc_0_1.odt
2014-12-08 16:02 - 2014-07-09 03:23 - 00229153 _____ () C:\Users\Josh\Documents\acting%20resume.doc_0.odt
2014-12-08 16:02 - 2014-06-15 21:45 - 10797595 _____ () C:\Users\Josh\Documents\20120908155516.zip
2014-12-08 16:02 - 2014-06-05 20:03 - 00032256 _____ () C:\Users\Josh\Documents\2014YARDSALELISTFORJOSH8.xls
2014-12-08 16:02 - 2014-06-03 06:10 - 00030208 _____ () C:\Users\Josh\Documents\2014YARDSALELISTFORJOSH7.xls
2014-12-08 16:02 - 2014-06-01 00:18 - 00027136 _____ () C:\Users\Josh\Documents\2014YARDSALELISTFORJOSH6.xls
2014-12-08 16:02 - 2014-05-31 07:49 - 00019968 _____ () C:\Users\Josh\Documents\2014YARDSALELISTFORJOSH5.xls
2014-12-08 16:02 - 2014-05-30 07:09 - 00019456 _____ () C:\Users\Josh\Documents\2014YARDSALELISTFORJOSH4.xls
2014-12-08 16:02 - 2014-05-28 07:57 - 00017920 _____ () C:\Users\Josh\Documents\2014YARDSALELISTFORJOSH3.xls
2014-12-08 16:02 - 2014-05-27 04:32 - 00017408 _____ () C:\Users\Josh\Documents\2014YARDSALELISTFORJOSH2.xls
2014-12-08 16:02 - 2014-05-26 00:40 - 00020383 _____ () C:\Users\Josh\Documents\acting%20resume2.doc_1.odt
2014-12-08 16:02 - 2014-05-26 00:38 - 00016896 _____ () C:\Users\Josh\Documents\2014YARDSALELISTFORJOSH.xls
2014-12-08 16:02 - 2014-05-06 01:46 - 00364194 _____ () C:\Users\Josh\Documents\cc_20140506_024557.reg
2014-12-08 16:02 - 2014-01-26 06:04 - 00024788 _____ () C:\Users\Josh\Documents\actingbio.odt
2014-12-08 16:02 - 2014-01-07 06:59 - 00000000 ____D () C:\Users\Josh\Desktop\OpenOffice 4.0.1 (en-US) Installation Files
2014-12-08 16:02 - 2013-11-19 05:38 - 00012687 _____ () C:\Users\Josh\Documents\Christmas 2013.odt
2014-12-08 16:02 - 2013-10-18 23:50 - 04853442 _____ () C:\Users\Josh\Documents\0001.zip
2014-12-08 16:02 - 2013-10-18 23:12 - 00324608 _____ () C:\Users\Josh\Documents\00000DISPLAYSIGNAGE.xls
2014-12-08 16:02 - 2013-10-18 22:51 - 00311266 _____ () C:\Users\Josh\Documents\00000DISPLAYSIGNAGE.zip
2014-12-08 16:02 - 2013-10-18 22:05 - 00010990 _____ () C:\Users\Josh\Documents\00000HOLIDAYORDERFORM.zip
2014-12-08 16:02 - 2013-10-17 23:00 - 00016384 _____ () C:\Users\Josh\Documents\00000CELEBRATIONORDERFORM.xls
2014-12-08 16:02 - 2013-10-17 23:00 - 00015872 _____ () C:\Users\Josh\Documents\00000HOLIDAYORDERFORM.xls
2014-12-08 16:02 - 2013-10-17 23:00 - 00014848 _____ () C:\Users\Josh\Documents\00000SNOWMANORDERFORM.xls
2014-12-08 16:02 - 2013-05-28 15:52 - 00032813 _____ () C:\Users\Josh\Documents\2012TDWWRITTENbarefootwinkler.zip
2014-12-08 16:02 - 2013-04-18 06:51 - 07456567 _____ () C:\Users\Josh\Documents\barefootprogram.odg
2014-12-08 16:02 - 2013-04-18 06:09 - 00336700 _____ () C:\Users\Josh\Documents\averagedeviationfrommeaninpercent.xls_0.ods
2014-12-08 16:02 - 2013-04-18 06:09 - 00229276 _____ () C:\Users\Josh\Documents\acting%20resume.doc_1.odt
2014-12-08 16:02 - 2013-04-18 06:09 - 00087532 _____ () C:\Users\Josh\Documents\Allies%20of%20Justice.ods_1.ods
2014-12-08 16:02 - 2013-04-18 05:20 - 00198500 _____ () C:\Users\Josh\Documents\barefootprogram.wmf
2014-12-08 16:02 - 2013-04-18 05:16 - 50674176 _____ () C:\Users\Josh\Documents\barefootprogram2000.pub
2014-12-08 16:02 - 2013-04-18 05:13 - 08503432 _____ () C:\Users\Josh\Documents\barefootprogram.xps
2014-12-08 16:02 - 2013-03-31 03:13 - 15684608 _____ () C:\Users\Josh\Documents\barefootprogram.pub
2014-12-08 16:02 - 2012-09-13 16:08 - 00142300 _____ () C:\Users\Josh\Documents\cc_20120913_170834.reg
2014-12-08 16:02 - 2012-04-04 15:41 - 00032952 _____ () C:\Users\Josh\Documents\2011_TDW_WRITTEN_Talley_&_son_vater.zip
2014-12-08 16:02 - 2011-11-17 06:22 - 00018432 _____ () C:\Users\Josh\Documents\averagedeviationfrommeaninpercent.xls
2014-12-08 16:02 - 2011-06-23 14:01 - 00013132 _____ () C:\Users\Josh\Documents\CreativeCauldronContactList.xlsx
2014-12-08 16:02 - 2011-04-13 01:50 - 00016725 _____ () C:\Users\Josh\Documents\ABCsofme.odt
2014-12-08 16:02 - 2011-03-28 11:43 - 00019826 _____ () C:\Users\Josh\Documents\Blank Map finished2.jdip
2014-12-08 16:02 - 2011-03-28 02:46 - 00019386 _____ () C:\Users\Josh\Documents\Blank Map finished.jdip
2014-12-08 16:02 - 2011-03-28 00:34 - 00018933 _____ () C:\Users\Josh\Documents\Blank Map.jdip
2014-12-08 16:02 - 2011-02-01 16:40 - 00014630 _____ () C:\Users\Josh\Documents\codeman38_press-start.zip
2014-12-08 16:02 - 2011-01-26 14:58 - 00155574 _____ () C:\Users\Josh\Documents\cc_20110126_145845.reg
2014-12-08 16:02 - 2010-12-30 13:08 - 00053562 _____ () C:\Users\Josh\Documents\cc_20101230_130838.reg
2014-12-08 16:02 - 2010-12-04 15:49 - 00089292 _____ () C:\Users\Josh\Documents\Allies of Justice.ods
2014-12-08 16:02 - 2010-09-17 22:32 - 00119658 _____ () C:\Users\Josh\Documents\cc_20100917_233235.reg
2014-12-08 16:02 - 2010-05-17 19:44 - 00012320 _____ () C:\Users\Josh\Documents\arsenicandoldlace.veg.bak
2014-12-08 16:02 - 2010-05-17 19:44 - 00012320 _____ () C:\Users\Josh\Documents\arsenicandoldlace.veg
2014-12-08 16:02 - 2010-04-14 13:53 - 00020794 _____ () C:\Users\Josh\Documents\contacts.csv
2014-12-08 16:02 - 2009-11-24 00:47 - 00000000 ____D () C:\Users\Josh\Desktop\OpenOffice.org 3.1 (en-US) Installation Files
2014-12-08 16:02 - 2009-10-20 20:58 - 00061171 _____ () C:\Users\Josh\Documents\Clintonletter.zip
2014-12-08 16:02 - 2009-10-20 20:58 - 00015988 _____ () C:\Users\Josh\Documents\418WISkills.zip
2014-12-08 16:02 - 2009-10-03 20:36 - 00899032 _____ () C:\Users\Josh\Documents\cc_20091003_203259.reg
2014-12-08 16:02 - 2009-09-28 06:43 - 04955674 _____ () C:\Users\Josh\Documents\Album1.alb
2014-12-08 16:02 - 2009-09-28 06:43 - 00596007 _____ () C:\Users\Josh\Documents\big_link_version_ocarine_of_time.rar
2014-12-08 16:02 - 2009-09-28 06:43 - 00069598 _____ () C:\Users\Josh\Documents\contacts.ldif
2014-12-08 16:02 - 2009-09-28 06:43 - 00026500 _____ () C:\Users\Josh\Documents\American Mythology.odt
2014-12-08 16:02 - 2009-09-24 20:00 - 00012289 _____ () C:\Users\Josh\Documents\AutoHotkey.ahk.bak
2014-12-08 16:02 - 2009-09-18 02:21 - 00026724 _____ () C:\Users\Josh\Documents\coverletterlist.odt
2014-12-08 16:02 - 2009-01-29 04:22 - 00020384 _____ () C:\Users\Josh\Documents\American Units.ods
2014-12-08 16:02 - 2008-05-31 20:02 - 00150204 _____ () C:\Users\Josh\Documents\Complexreal2.log
2014-12-08 16:02 - 2008-04-22 00:56 - 00202122 _____ () C:\Users\Josh\Documents\complexreal.log
2014-12-08 16:00 - 2010-10-18 21:21 - 00000000 ____D () C:\Users\Josh\Desktop\Adobe Premiere Pro CS5
2014-12-08 15:57 - 2014-04-08 23:55 - 00000000 ____D () C:\Users\Josh\AppData\Roaming\TortoiseSVN
2014-12-08 15:57 - 2013-11-09 07:09 - 423572719 _____ () C:\Users\Josh\Desktop\Windows6.1-KB947821-v28-x64.msu
2014-12-08 15:57 - 2012-09-15 01:47 - 00000000 ____D () C:\Users\Josh\AppData\Roaming\WTablet
2014-12-08 15:57 - 2012-08-15 02:27 - 00000000 ____D () C:\Users\Josh\AppData\Roaming\uTorrent
2014-12-08 15:57 - 2012-07-09 23:18 - 00063329 _____ () C:\Users\Josh\Desktop\Result.txt
2014-12-08 15:57 - 2012-06-25 15:30 - 00000000 ____D () C:\Users\Josh\AppData\Roaming\TS3Client
2014-12-08 15:57 - 2012-05-07 04:14 - 02662044 _____ () C:\Users\Josh\Desktop\Backup-2012.05.07-05.14.rmskin
2014-12-08 15:57 - 2012-05-06 19:01 - 02662041 _____ () C:\Users\Josh\Desktop\Backup-2012.05.06-20.01.rmskin
2014-12-08 15:57 - 2011-07-27 12:42 - 00018288 _____ () C:\Users\Josh\Desktop\hs_err_pid7908.log
2014-12-08 15:57 - 2011-05-18 15:01 - 00018188 _____ () C:\Users\Josh\Desktop\hs_err_pid6456.log
2014-12-08 15:57 - 2010-11-08 18:28 - 00000000 ____D () C:\Users\Josh\AppData\Roaming\Wirecast
2014-12-08 15:57 - 2010-04-11 16:16 - 00031273 _____ () C:\Users\Josh\Desktop\Josh.Roden.DxDiag.txt
2014-12-08 15:57 - 2009-11-30 01:10 - 00000000 ____D () C:\Users\Josh\AppData\Roaming\Winamp
2014-12-08 15:56 - 2014-11-09 04:06 - 00000000 ____D () C:\Users\Josh\AppData\Roaming\MPC-HC
2014-12-08 15:56 - 2014-04-05 22:38 - 00000000 ____D () C:\Users\Josh\AppData\Roaming\TeamViewer
2014-12-08 15:56 - 2010-12-23 20:23 - 00000000 ____D () C:\Users\Josh\AppData\Roaming\skypePM
2014-12-08 15:56 - 2010-05-17 18:33 - 00000000 ____D () C:\Users\Josh\AppData\Roaming\Publish Providers
2014-12-08 15:56 - 2009-12-11 18:27 - 00000000 ____D () C:\Users\Josh\AppData\Roaming\TF2 Statistics Parser
2014-12-08 15:56 - 2009-11-20 01:43 - 00000000 ____D () C:\Users\Josh\AppData\Roaming\Nvu
2014-12-08 15:48 - 2014-05-10 04:34 - 00000000 ____D () C:\Users\Josh\AppData\Roaming\GitHub
2014-12-08 15:48 - 2013-09-17 15:02 - 00000000 ____D () C:\Users\Josh\AppData\Roaming\Guild Wars 2
2014-12-08 15:48 - 2012-07-20 01:05 - 00000000 ____D () C:\Users\Josh\AppData\Roaming\EoN
2014-12-08 15:48 - 2012-06-23 19:58 - 00000000 ____D () C:\Users\Josh\AppData\Roaming\foobar2000
2014-12-08 15:48 - 2012-02-17 15:30 - 00000000 ____D () C:\Users\Josh\AppData\Roaming\GameMaker
2014-12-08 15:48 - 2011-06-28 15:37 - 00000000 ____D () C:\Users\Josh\AppData\Roaming\DarksporeData
2014-12-08 15:48 - 2010-04-11 19:10 - 00000000 ____D () C:\Users\Josh\AppData\Roaming\DiskSpaceFan
2014-12-08 15:48 - 2009-11-06 04:47 - 00000000 ____D () C:\Users\Josh\AppData\Roaming\FileZilla
2014-12-08 15:47 - 2014-09-25 06:41 - 00000000 ____D () C:\Users\Josh\AppData\Roaming\BitTorrent Sync
2014-12-08 15:46 - 2009-11-06 03:45 - 00000000 ____D () C:\Users\Josh\AppData\Roaming\Azureus
2014-12-08 15:42 - 2010-11-22 17:43 - 00000000 ____D () C:\Users\Josh\AppData\Roaming\.doomseeker
2014-12-08 15:42 - 2010-08-08 02:49 - 00000000 ____D () C:\Users\Josh\AppData\Roaming\.minecraft
2014-12-08 15:41 - 2013-10-31 18:55 - 00000000 ____D () C:\Users\Josh\AppData\Roaming\.dns
2014-12-08 14:39 - 2014-05-11 20:19 - 00073648 _____ () C:\Users\Josh\AppData\Roaming\Scorch_Install.log
2014-12-08 14:39 - 2010-11-12 17:08 - 00043008 ___SH () C:\Users\Josh\AppData\Roaming\Thumbs.db
2014-12-08 14:39 - 2009-11-09 05:18 - 00011190 _____ () C:\Users\Josh\AppData\Roaming\PStrip.bko
2014-12-08 14:39 - 2009-11-09 04:55 - 00011260 _____ () C:\Users\Josh\AppData\Roaming\PStrip.bk!
2014-12-08 14:39 - 2009-11-09 04:55 - 00011260 _____ () C:\Users\Josh\AppData\Roaming\PStrip.bak
2014-12-08 14:37 - 2012-08-29 01:49 - 00000000 ____D () C:\Users\Josh\AppData\Local\{3248F0A6-6813-11D6-A77B-00B0D0150050}
2014-12-08 14:37 - 2010-10-24 00:33 - 00000000 ____D () C:\Users\Josh\AppData\Local\Windows Live
2014-12-08 14:17 - 2011-04-06 21:37 - 00000000 ____D () C:\Users\Josh\AppData\Local\PMB Files
2014-12-08 14:17 - 2009-12-03 18:06 - 00000000 ____D () C:\Users\Josh\AppData\Local\Procaster
2014-12-08 13:53 - 2009-11-29 21:33 - 00000000 ____D () C:\Users\Josh\AppData\Local\MediaMonkey
2014-12-08 13:53 - 2009-11-11 03:07 - 00000000 ____D () C:\Users\Josh\AppData\Local\Installer6740
2014-12-08 13:47 - 2014-05-10 04:34 - 00000000 ____D () C:\Users\Josh\AppData\Local\GitHub
2014-12-08 13:47 - 2012-09-26 08:55 - 00000000 ____D () C:\Users\Josh\AppData\Local\EdgeOfReality
2014-12-08 13:47 - 2011-10-24 19:14 - 00000000 ____D () C:\Users\Josh\AppData\Local\ESN Sonar
2014-12-08 13:47 - 2010-10-26 22:32 - 00000000 ____D () C:\Users\Josh\AppData\Local\Doom Builder
2014-12-08 13:42 - 2014-05-16 03:45 - 00000000 ____D () C:\Users\Josh\AppData\Local\Arma 3
2014-12-08 13:42 - 2013-04-27 16:44 - 00000000 ____D () C:\Users\Josh\AppData\Local\Arma 3 Alpha Lite
2014-12-08 13:42 - 2012-04-12 04:26 - 00000000 ____D () C:\Users\Josh\AppData\Local\ArmA 2 Free
2014-12-08 13:41 - 2009-11-23 18:05 - 00524926 _____ () C:\Users\Josh\AppData\Local\installer.log
2014-12-08 13:40 - 2012-01-24 20:33 - 00000000 ____D () C:\ProgramData\Skype
2014-12-08 13:40 - 2009-07-13 22:20 - 00000000 __RHD () C:\Users\Default
2014-12-08 13:34 - 2014-02-06 04:05 - 00000000 ____D () C:\ProgramData\NzbDrone
2014-12-08 13:34 - 2013-11-21 16:26 - 00000000 ____D () C:\ProgramData\NVIDIA
2014-12-08 13:32 - 2013-07-14 15:31 - 00000000 ____D () C:\ProgramData\HP Photo Creations
2014-12-08 13:31 - 2014-04-27 05:43 - 00000000 ____D () C:\ProgramData\FLEXnet
2014-12-08 13:07 - 2010-05-17 00:38 - 00000000 ____D () C:\ArmyBuilder2
2014-12-08 13:07 - 2010-02-04 18:45 - 00000000 ____D () C:\ArmyBuilderEX
2014-12-08 13:06 - 2014-02-04 01:16 - 00000000 ____D () C:\811494c30a08bc3d8ca3
2014-12-08 13:02 - 2013-04-06 03:35 - 00091560 _____ () C:\WoWPicker3.py
2014-12-08 13:02 - 2013-04-04 15:24 - 00088825 _____ () C:\WoWPicker2.py
2014-12-08 13:02 - 2012-08-25 03:02 - 08763372 _____ () C:\HLEAudio.wav
2014-12-08 13:02 - 2012-01-06 22:29 - 00095357 _____ () C:\install.log
2014-12-08 13:02 - 2011-09-29 22:18 - 00421966 _____ () C:\shared.log
2014-12-08 13:02 - 2011-06-20 02:36 - 00022140 _____ () C:\Sound_17_1.raw
2014-12-08 13:02 - 2011-06-20 02:36 - 00019268 _____ () C:\Sound_18_1.raw
2014-12-08 13:02 - 2011-06-20 02:36 - 00019152 _____ () C:\Sound_16_1.raw
2014-12-08 13:02 - 2011-06-20 02:36 - 00016424 _____ () C:\Sound_23_1.raw
2014-12-08 13:02 - 2011-06-20 02:36 - 00015920 _____ () C:\Sound_12_1.raw
2014-12-08 13:02 - 2011-06-20 02:36 - 00013652 _____ () C:\Sound_6_1.raw
2014-12-08 13:02 - 2011-06-20 02:36 - 00013328 _____ () C:\Sound_9_1.raw
2014-12-08 13:02 - 2011-06-20 02:36 - 00013148 _____ () C:\Sound_4_1.raw
2014-12-08 13:02 - 2011-06-20 02:36 - 00013050 _____ () C:\Sound_20_1.raw
2014-12-08 13:02 - 2011-06-20 02:36 - 00012860 _____ () C:\Sound_22_1.raw
2014-12-08 13:02 - 2011-06-20 02:36 - 00012572 _____ () C:\Sound_7_1.raw
2014-12-08 13:02 - 2011-06-20 02:36 - 00011564 _____ () C:\Sound_8_1.raw
2014-12-08 13:02 - 2011-06-20 02:36 - 00010772 _____ () C:\Sound_13_1.raw
2014-12-08 13:02 - 2011-06-20 02:35 - 00022184 _____ () C:\Sound_17_1.wav
2014-12-08 13:02 - 2011-06-20 02:35 - 00019312 _____ () C:\Sound_18_1.wav
2014-12-08 13:02 - 2011-06-20 02:35 - 00019196 _____ () C:\Sound_16_1.wav
2014-12-08 13:02 - 2011-06-20 02:35 - 00016468 _____ () C:\Sound_23_1.wav
2014-12-08 13:02 - 2011-06-20 02:35 - 00015964 _____ () C:\Sound_12_1.wav
2014-12-08 13:02 - 2011-06-20 02:35 - 00013696 _____ () C:\Sound_6_1.wav
2014-12-08 13:02 - 2011-06-20 02:35 - 00013372 _____ () C:\Sound_9_1.wav
2014-12-08 13:02 - 2011-06-20 02:35 - 00013192 _____ () C:\Sound_4_1.wav
2014-12-08 13:02 - 2011-06-20 02:35 - 00013094 _____ () C:\Sound_20_1.wav
2014-12-08 13:02 - 2011-06-20 02:35 - 00012904 _____ () C:\Sound_22_1.wav
2014-12-08 13:02 - 2011-06-20 02:35 - 00012616 _____ () C:\Sound_7_1.wav
2014-12-08 13:02 - 2011-06-20 02:35 - 00011608 _____ () C:\Sound_8_1.wav
2014-12-08 13:02 - 2011-06-20 02:35 - 00010816 _____ () C:\Sound_13_1.wav
2014-12-08 13:02 - 2011-01-31 23:11 - 00145344 _____ () C:\tmpGrveg.$$$
2014-12-08 13:02 - 2011-01-31 23:11 - 00105028 _____ () C:\tmpSeafd.$$$
2014-12-08 13:02 - 2011-01-31 23:11 - 00096536 _____ () C:\tmpVeges.$$$
2014-12-08 13:02 - 2011-01-31 23:11 - 00096004 _____ () C:\tmpRMeat.$$$
2014-12-08 13:02 - 2011-01-31 23:11 - 00090520 _____ () C:\tmpPasta.$$$
2014-12-08 13:02 - 2011-01-31 23:11 - 00087440 _____ () C:\tmpPulse.$$$
2014-12-08 13:02 - 2011-01-31 23:11 - 00086016 _____ () C:\tmpPltry.$$$
2014-12-08 13:02 - 2011-01-31 23:11 - 00084348 _____ () C:\tmpBiskt.$$$
2014-12-08 13:02 - 2011-01-31 23:11 - 00072368 _____ () C:\tmpPizza.$$$
2014-12-08 13:02 - 2011-01-31 23:11 - 00071700 _____ () C:\tmpEggs.$$$
2014-12-08 13:02 - 2011-01-31 23:11 - 00070988 _____ () C:\tmpRice.$$$
2014-12-08 13:02 - 2011-01-31 23:11 - 00069972 _____ () C:\tmpSoup.$$$
2014-12-08 13:02 - 2011-01-31 23:11 - 00067812 _____ () C:\tmpPudng.$$$
2014-12-08 13:02 - 2011-01-31 23:11 - 00067336 _____ () C:\tmpReady.$$$
2014-12-08 13:02 - 2011-01-31 23:11 - 00066124 _____ () C:\tmpPie.$$$
2014-12-08 13:02 - 2011-01-31 23:11 - 00064708 _____ () C:\tmpMilk.$$$
2014-12-08 13:02 - 2011-01-31 23:11 - 00058036 _____ () C:\tmpCake.$$$
2014-12-08 13:02 - 2011-01-31 23:11 - 00049312 _____ () C:\tmpFish.$$$
2014-12-08 13:02 - 2011-01-31 23:11 - 00049112 _____ () C:\tmpBread.$$$
2014-12-08 13:02 - 2011-01-31 23:11 - 00045184 _____ () C:\tmpTnkle.$$$
2014-12-08 13:02 - 2011-01-31 23:11 - 00023424 _____ () C:\tmpBlee2.$$$
2014-12-08 13:02 - 2011-01-31 23:11 - 00021896 _____ () C:\tmpSiren.$$$
2014-12-08 13:02 - 2011-01-31 23:11 - 00021772 _____ () C:\tmpDing.$$$
2014-12-08 13:02 - 2010-02-22 11:33 - 00100813 _____ () C:\VETlog.dmp
2014-12-08 13:02 - 2009-11-16 20:56 - 228221734 _____ () C:\Thunderbird emails.zip
2014-12-08 13:02 - 2007-11-07 07:12 - 00233472 _____ () C:\VC_RED.MSI
2014-12-08 13:02 - 2007-11-07 07:09 - 01443034 _____ () C:\VC_RED.cab
2014-12-08 13:01 - 2014-07-17 11:43 - 00034304 ___SH () C:\BCD_Backup.LOG
2014-12-08 13:01 - 2012-07-10 01:26 - 00023566 _____ () C:\ComboFix.txt
2014-12-08 13:01 - 2010-12-11 05:19 - 00031316 _____ () C:\aaw7boot.log
2014-12-08 13:01 - 2007-11-07 07:00 - 00018246 _____ () C:\eula.3082.txt
2014-12-08 13:01 - 2007-11-07 07:00 - 00018246 _____ () C:\eula.2052.txt
2014-12-08 13:01 - 2007-11-07 07:00 - 00018246 _____ () C:\eula.1042.txt
2014-12-08 13:01 - 2007-11-07 07:00 - 00018246 _____ () C:\eula.1040.txt
2014-12-08 13:01 - 2007-11-07 07:00 - 00018246 _____ () C:\eula.1036.txt
2014-12-08 13:01 - 2007-11-07 07:00 - 00018246 _____ () C:\eula.1031.txt
2014-12-08 13:01 - 2007-11-07 07:00 - 00018246 _____ () C:\eula.1028.txt
2014-12-06 22:53 - 2013-02-07 05:05 - 00000000 ____D () C:\Windows\rescache
2014-12-06 20:22 - 2014-05-22 04:15 - 08806728 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-12-06 20:08 - 2014-05-24 17:32 - 00000000 ___SD () C:\Windows\system32\CompatTel
2014-12-05 06:39 - 2014-11-02 05:17 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Glyph
2014-12-01 18:26 - 2014-11-03 18:23 - 00000100 ____H () C:\Users\Josh\Documents\.~lock.acting resume2.doc#
2014-11-30 04:29 - 2009-11-08 18:50 - 00000000 ____D () C:\Users\Josh\AppData\Roaming\Adobe
2014-11-30 02:26 - 2010-10-18 23:22 - 00000000 ____D () C:\Program Files\VirtualDub
2014-11-29 06:45 - 2012-10-23 23:14 - 00000000 ____D () C:\Users\Josh\Downloads\DTA
2014-11-29 06:42 - 2013-08-15 11:15 - 00000000 ____D () C:\Windows\system32\MRT
2014-11-29 06:20 - 2012-01-11 07:10 - 103374192 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-11-24 09:53 - 2009-12-04 19:40 - 00000000 ____D () C:\Program Files\PeerBlock
2014-11-21 06:14 - 2014-10-20 06:51 - 00093400 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-11-21 06:14 - 2014-10-20 06:51 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-11-21 06:14 - 2014-10-20 06:51 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-11-18 00:11 - 2013-12-28 18:37 - 00000000 ____D () C:\Users\Josh\AppData\Local\Razer
2014-11-18 00:10 - 2013-12-28 18:37 - 00000000 ____D () C:\ProgramData\Razer
2014-11-18 00:09 - 2012-03-19 00:49 - 00000000 ____D () C:\Program Files (x86)\Razer
2014-11-17 23:56 - 2012-03-19 00:49 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Razer
2014-11-16 22:22 - 2010-06-04 09:33 - 00001025 _____ () C:\Users\Josh\Desktop\Dropbox.lnk
2014-11-16 22:22 - 2010-06-04 09:31 - 00000000 ____D () C:\Users\Josh\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox

Files to move or delete:
====================
C:\Users\Public\adwcleaner_4.001.exe
C:\Users\Public\DrawDesigner_Setup.exe
C:\Users\Public\GearUp.exe
C:\Users\Public\JRT.exe
C:\Users\Public\rcsetup151.exe
C:\Users\Public\RogueKiller.exe


Some content of TEMP:
====================
C:\Users\Josh\AppData\Local\Temp\conhost.exe
C:\Users\Josh\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpoic6jf.dll
C:\Users\Josh\AppData\Local\Temp\sfamcc00001.dll
C:\Users\Josh\AppData\Local\Temp\sfareca00001.dll


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2014-12-06 22:42

==================== End Of Log ============================

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 13-12-2014
Ran by Josh at 2014-12-15 10:03:03
Running from H:\
Boot Mode: Normal
==========================================================


==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Microsoft Security Essentials (Enabled - Up to date) {4F35CFC4-45A3-FC37-EF17-759A02E39AB1}
AS: Microsoft Security Essentials (Enabled - Up to date) {F4542E20-6399-F3B9-D5A7-4EE87964D00C}
AS: Windows Defender (Disabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

7-Zip 9.20 (x64 edition) (HKLM\...\{23170F69-40C1-2702-0920-000001000000}) (Version: 9.20.00.0 - Igor Pavlov)
Active@ KillDisk 7.5 (HKLM-x32\...\{3F36F1F6-D55E-4C60-A9DD-809FED24CED7}_is1) (Version: 7.5 - LSoft Technologies Inc)
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 3.3.0.3670 - Adobe Systems Incorporated)
Adobe Flash Player 14 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 14.0.0.145 - Adobe Systems Incorporated)
Adobe Flash Player 15 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 15.0.0.189 - Adobe Systems Incorporated)
Adobe Photoshop CS3 (HKLM-x32\...\Adobe_2ac78060bc5856b0c1cf873bb919b58) (Version: 10.0 - Adobe Systems Incorporated)
Adobe Reader X (10.1.12) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AA1000000001}) (Version: 10.1.12 - Adobe Systems Incorporated)
Adobe Shockwave Player 12.0 (HKLM-x32\...\Adobe Shockwave Player) (Version: 12.0.4.144 - Adobe Systems, Inc.)
AI Suite 3 (HKLM-x32\...\{D46DA5F0-25AD-4B77-98DA-6DD6AF39FBD9}) (Version: 1.00.78 - ASUSTeK Computer Inc.)
Algodoo v2.1.0 (HKLM-x32\...\Algodoo_is1) (Version: - Algoryx)
AOL Uninstaller (Choose which Products to Remove) (HKLM-x32\...\AOL Uninstaller) (Version: - AOL Inc.)
Apple Application Support (HKLM-x32\...\{F5266D28-E0B2-4130-BFC5-EE155AD514DC}) (Version: 2.3 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
ARMA 2: Free (HKLM-x32\...\Steam App 107400) (Version: - Bohemia Interactive)
Audacity 2.0 (HKLM-x32\...\Audacity_is1) (Version: - Audacity Team)
Autodesk 123D Catch (HKLM-x32\...\{574D2803-2A36-45D4-9A9B-DDA3E6BAD213}) (Version: 1.0.465 - Autodesk)
Autodesk Application Manager (HKLM-x32\...\Autodesk Application Manager) (Version: 2.2.12.0 - Autodesk)
Autodesk Backburner 2015 (HKLM-x32\...\{8C5F38D2-8EFE-49A4-B3F5-BF3210FED168}) (Version: 15.0.0.0 - Autodesk)
Autodesk DirectConnect 2015 64-bit (HKLM\...\Autodesk DirectConnect 2015 64-bit) (Version: 9.0.56.4 - Autodesk)
Autodesk DirectConnect 2015 64-bit (Version: 9.0.56.4 - Autodesk) Hidden
Autodesk DWF Viewer (HKLM-x32\...\Autodesk DWF Viewer) (Version: 5.1 - Autodesk, Inc.)
Autodesk FBX 2013.3 Plug-in for 3ds Max 2013 (HKLM-x32\...\Autodesk FBX 2013.3 Plug-in for 3ds Max 2013) (Version: - Autodesk)
Autodesk FBX Converter 2013.2 (HKLM-x32\...\Autodesk FBX Converter 2013.2) (Version: - Autodesk)
Autodesk FBX SDK 2014.2.1 (HKLM-x32\...\Autodesk FBX SDK 2014.2.1) (Version: - Autodesk)
Autodesk Inventor Server Engine for 3ds Max 2015 (HKLM\...\{9167CA34-4E48-49E3-8892-3C439739D2D3}) (Version: 17.0 - Autodesk)
Autodesk Material Library 2015 (HKLM-x32\...\{427F733F-4D6C-45BC-9324-EB743104C321}) (Version: 5.2.9.100 - Autodesk)
Autodesk Material Library Base Resolution Image Library 2015 (HKLM-x32\...\{ABE2F70B-8D94-44E9-AA04-F0DB35063D62}) (Version: 5.2.9.100 - Autodesk)
Autodesk Material Library Medium Resolution Image Library 2015 (HKLM-x32\...\{9F6466D9-6EFC-4A10-B931-C72D1A3F1763}) (Version: 5.2.9.100 - Autodesk)
AutoHotkey 1.1.16.05 (HKLM\...\AutoHotkey) (Version: 1.1.16.05 - Lexikos)
Battle for Wesnoth 1.11.11 (HKLM-x32\...\Battle for Wesnoth 1.11.11) (Version: 1.11.11 - )
Build Tools - amd64 (Version: 12.0.21005 - Microsoft Corporation) Hidden
Build Tools - x86 (x32 Version: 12.0.21005 - Microsoft Corporation) Hidden
Build Tools Language Resources - amd64 (Version: 12.0.21005 - Microsoft Corporation) Hidden
Build Tools Language Resources - x86 (x32 Version: 12.0.21005 - Microsoft Corporation) Hidden
Bulk Rename Utility 2.7.1.2 (HKLM\...\Bulk Rename Utility_is1) (Version: - TGRMN Software)
CCleaner (HKLM\...\CCleaner) (Version: 4.18 - Piriform)
Chk-Back (HKU\S-1-5-21-1096825299-2601053131-2088073329-1001\...\48b7c40bd557538a) (Version: 1.0.1.1 - TRC Data Recovery)
Chk-Back (HKU\S-1-5-21-1096825299-2601053131-2088073329-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\48b7c40bd557538a) (Version: 1.0.1.1 - TRC Data Recovery)
Command & Conquer Generals (HKLM-x32\...\InstallShield_{06F80017-8F98-4C94-B868-52358569FC32}) (Version: 0.50.0000 - Electronic Arts)
Command & Conquer Generals (x32 Version: 0.50.0000 - Electronic Arts) Hidden
Command and ConquerTM Generals Zero Hour (HKLM-x32\...\InstallShield_{F3E9C243-122E-4D6B-ACC1-E1FEC02F6CA1}) (Version: 1.00.0000 - Electronic Arts)
Command and ConquerTM Generals Zero Hour (x32 Version: 1.00.0000 - Electronic Arts) Hidden
Core Temp 1.0 RC4 (HKLM\...\{086D343F-8E78-4AFC-81AC-D6D414AFD8AC}_is1) (Version: 1.0 - Alcpu)
Corel Paint Shop Pro X (HKLM-x32\...\{1A15507A-8551-4626-915D-3D5FA095CC1B}) (Version: 10.10 - Corel Inc)
Creative ALchemy (HKLM-x32\...\ALchemy) (Version: 1.41 - Creative Technology Limited)
Creative Audio Control Panel (HKLM-x32\...\AudioCS) (Version: 3.00 - Creative Technology Limited)
Creative Console Launcher (HKLM-x32\...\Console Launcher) (Version: - Creative Technology Limited)
Creative Smart Recorder (HKLM-x32\...\Smart Recorder) (Version: - )
Creative Software AutoUpdate (HKLM-x32\...\Creative Software AutoUpdate) (Version: 1.41 - Creative Technology Limited)
Creative Sound Blaster Properties x64 Edition (HKLM-x32\...\Creative Sound Blaster Properties x64 Edition) (Version: 1.03 - Creative Technology Limited)
Creative WaveStudio 7 (HKLM-x32\...\WaveStudio 7) (Version: 7.14 - Creative Technology Limited)
CrystalDiskInfo 4.0.2 (HKLM-x32\...\CrystalDiskInfo_is1) (Version: 4.0.2 - Crystal Dew World)
DAEMON Tools Lite (HKLM-x32\...\DAEMON Tools Lite) (Version: 4.46.1.0327 - DT Soft Ltd)
Doom Builder 2.1 (HKLM-x32\...\Doom Builder 2_is1) (Version: - CodeImp)
Dota 2 (HKLM-x32\...\Steam App 570) (Version: - )
Dota 2 Workshop Tools Alpha (HKLM-x32\...\Steam App 316570) (Version: - )
Driver Sweeper 2.1.0 (HKLM-x32\...\{71929EC1-FDB2-4A67-AAAD-936E4539FA84}_is1) (Version: - Phyxion.net)
Dropbox (HKU\S-1-5-21-1096825299-2601053131-2088073329-1001\...\Dropbox) (Version: 2.10.52 - Dropbox, Inc.)
Dropbox (HKU\S-1-5-21-1096825299-2601053131-2088073329-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Dropbox) (Version: 2.10.52 - Dropbox, Inc.)
Dungeon Defenders (HKLM-x32\...\Steam App 65800) (Version: - )
Eastern Front (HKLM-x32\...\Eastern Front) (Version: 1.7.2.0 - )
EditPad Pro 7 DEMO 7.1.2 (HKLM\...\EditPad Pro 7) (Version: DEMO 7.1.2 - Just Great Software)
Enemy Territory - Quake Wars™ (HKLM-x32\...\{B7A585C8-CE4E-4150-84C6-A13C3CB1379F}) (Version: - )
Entity Framework Tools for Visual Studio 2013 (HKLM-x32\...\{08AEF86A-1956-4846-B906-B01350E96E30}) (Version: 12.0.20912.0 - Microsoft Corporation)
ESET Online Scanner v3 (HKLM-x32\...\ESET Online Scanner) (Version: - )
ESN Sonar (HKLM-x32\...\ESN Sonar-0.70.4) (Version: 0.70.4 - ESN Social Software AB)
EVEREST Ultimate Edition v5.50 (HKLM-x32\...\EVEREST Ultimate Edition_is1) (Version: 5.50 - Lavalys, Inc.)
Evolve (HKLM-x32\...\Steam App 273350) (Version: - Turtle Rock Studios)
Fast Duplicate File Finder 3.2.0.1 (HKLM-x32\...\{AFECFED6-0A43-488F-8511-1DC6B52F31C3}_is1) (Version: 3.2.0.1 - MindGems, Inc.)
FBX Plugin 2006.11.2 for Max 8.0 (HKLM-x32\...\FBX Plugin 2006.11.2 for Max 8.0) (Version: - )
FileZilla Client 3.9.0.5 (HKLM-x32\...\FileZilla Client) (Version: 3.9.0.5 - Tim Kosse)
foobar2000 v1.1.13 (HKLM-x32\...\foobar2000) (Version: 1.1.13 - Peter Pawlowski)
Foxit Reader 5.1 (HKLM-x32\...\Foxit Reader_is1) (Version: 5.1.4.104 - Foxit Corporation)
Fraps (remove only) (HKLM-x32\...\Fraps) (Version: - )
Futuremark SystemInfo (HKLM-x32\...\{991C8DEA-3C01-45B8-A62B-1BB69BDC277D}) (Version: 4.23.255 - Futuremark)
GameMaker 8.1 (HKU\S-1-5-21-1096825299-2601053131-2088073329-1001\...\GameMaker81) (Version: - )
GameMaker 8.1 (HKU\S-1-5-21-1096825299-2601053131-2088073329-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\GameMaker81) (Version: - )
GenTool (HKLM-x32\...\GenTool) (Version: 6.2 - xezon)
GetDataBack for NTFS (HKLM-x32\...\{56582EEA-3AEF-4D84-8B9D-C87A3CD9250F}) (Version: 4.33.000 - Runtime Software)
GetDataBack Simple (HKLM-x32\...\{D06B8000-52B4-4D0B-A003-DA83ED982B51}) (Version: 1.02.000 - Runtime Software)
GIMP 2.8.2 (HKLM\...\GIMP-2_is1) (Version: 2.8.2 - The GIMP Team)
Git version 1.9.2-preview20140411 (HKLM-x32\...\Git_is1) (Version: 1.9.2-preview20140411 - The Git Development Community)
GitHub (HKU\S-1-5-21-1096825299-2601053131-2088073329-1001\...\5f7eb300e2ea4ebf) (Version: 1.3.3.1 - GitHub, Inc.)
GitHub (HKU\S-1-5-21-1096825299-2601053131-2088073329-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\5f7eb300e2ea4ebf) (Version: 1.3.3.1 - GitHub, Inc.)
Glyph (HKLM-x32\...\Glyph) (Version: - Trion Worlds, Inc.)
gmax (HKLM-x32\...\{3FA7A919-87DA-42B1-814B-86DE8DCA17C2}) (Version: 4.4.0.125 - Discreet)
GoldenEye: Source (HKLM-x32\...\GoldenEye Source) (Version: 4.2.4 - Team GoldenEye: Source)
Google Chrome (HKU\S-1-5-21-1096825299-2601053131-2088073329-1001\...\Google Chrome) (Version: 39.0.2171.95 - Google Inc.)
Google Chrome (HKU\S-1-5-21-1096825299-2601053131-2088073329-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Google Chrome) (Version: 39.0.2171.95 - Google Inc.)
Google Earth (HKLM-x32\...\{4D2A6330-2F8B-11E3-9C40-B8AC6F97B88E}) (Version: 7.1.2.2041 - Google)
Google Talk Plugin (HKLM-x32\...\{0C5C1177-94C5-3EFB-A8BE-3F6AF1AF887F}) (Version: 5.38.6.0 - Google)
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
Guild Wars 2 (HKLM-x32\...\Guild Wars 2) (Version: - NCsoft Corporation, Ltd.)
Heaven DX11 Benchmark version 3.0 (HKLM\...\Unigine Heaven DX11 Benchmark (Basic Edition)_is1) (Version: 3.0 - Unigine Corp.)
HiJackThis (HKLM-x32\...\{45A66726-69BC-466B-A7A4-12FCBA4883D7}) (Version: 1.0.0 - Trend Micro)
Hi-Rez Studios Authenticate and Update Service (HKLM-x32\...\{3C87E0FF-BC0A-4F5E-951B-68DC3F8DF1FC}) (Version: 3.0.0.0 - Hi-Rez Studios)
HP Deskjet 2050 J510 series Basic Device Software (HKLM\...\{F2C07BE3-0F88-4D0C-957B-3557699981E9}) (Version: 22.50.231.0 - Hewlett-Packard Co.)
HP Deskjet 2050 J510 series Help (HKLM-x32\...\{7A3DF2E2-CF13-44FB-A93E-F71D5381DB3F}) (Version: 140.0.61.61 - Hewlett Packard)
HP Deskjet 2510 series Basic Device Software (HKLM\...\{293CC68A-32BA-4BA4-84BD-0DCF6583566F}) (Version: 28.0.1313.0 - Hewlett-Packard Co.)
HP Deskjet 2510 series Help (HKLM-x32\...\{234DADAD-3C3C-4FB1-90A4-0AF015D56E18}) (Version: 27.0.0 - Hewlett Packard)
HP Deskjet 2510 series Setup Guide (HKLM-x32\...\{216C7F38-4BBC-4E9A-8392-C9FA21B54386}) (Version: 27.0.0 - Hewlett Packard)
HP Photo Creations (HKLM-x32\...\HP Photo Creations) (Version: 1.0.0.7702 - HP)
HP Update (HKLM-x32\...\{97486FBE-A3FC-4783-8D55-EA37E9D171CC}) (Version: 5.005.000.002 - Hewlett-Packard)
HPDiagnosticAlert (x32 Version: 1.00.0000 - Microsoft) Hidden
HTML Combiner 1.0 (HKLM-x32\...\HTML Combiner_is1) (Version: - Christopher Folger)
Hugin 2013.0.0 (HKLM-x32\...\Hugin) (Version: 2013.0.0 hg_0d404a7088e6 - The Hugin Development Team)
Index.dat Suite (HKLM-x32\...\{B8971880-0060-11D8-87CB-C2A1A3E71907}_is1) (Version: 2.11.0 - Ur I.T. Mate Group)
Installer (x32 Version: 1.0.0 - Sierra Entertainment, Inc.) Hidden
Intel® Chipset Device Software (x32 Version: 10.0.14 - Intel® Corporation) Hidden
Intel® Desktop Utilities (HKLM-x32\...\InstallShield_{BFF26589-2D8A-4E24-BAEA-E8E3D40A491B}) (Version: 3.0.16 - Intel® Corporation)
Intel® Desktop Utilities (x32 Version: 3.0.16 - Intel® Corporation) Hidden
Intel® Management Engine Interface (HKLM\...\HECI) (Version: - Intel Corporation)
Intel® USB 3.0 eXtensible Host Controller Driver (HKLM-x32\...\{240C3DDD-C5E9-4029-9DF7-95650D040CF2}) (Version: 3.0.0.16 - Intel Corporation)
IrfanView (remove only) (HKLM-x32\...\IrfanView) (Version: 4.32 - Irfan Skiljan)
ISO Recorder (HKLM\...\{2D7ED2A0-9553-412B-939F-D6E0AEB2ABE1}) (Version: 3.1.0 - Alex Feinman)
J2SE Runtime Environment 5.0 Update 5 (HKLM-x32\...\{3248F0A8-6813-11D6-A77B-00B0D0150050}) (Version: 1.5.0.50 - Sun Microsystems, Inc.)
Jasc Animation Shop 3 (HKLM-x32\...\{7C4196CA-CA41-4F34-9C08-7724E7705D52}) (Version: 3.11 - Jasc Software Inc)
Java 7 Update 45 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86417045FF}) (Version: 7.0.450 - Oracle)
Java 7 Update 9 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83217007FF}) (Version: 7.0.90 - Oracle)
Java SE Development Kit 7 Update 10 (64-bit) (HKLM\...\{64A3A4F4-B792-11D6-A78A-00B0D0170100}) (Version: 1.7.0.100 - Oracle)
Java™ 6 Update 16 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83216016F0}) (Version: 6.0.160 - Sun Microsystems, Inc.)
Java™ 6 Update 30 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83216030FF}) (Version: 6.0.300 - Oracle)
Kerbal Space Program (HKLM-x32\...\Steam App 220200) (Version: - Squad)
Kits Configuration Installer (x32 Version: 8.59.25584 - Microsoft) Hidden
K-Lite Mega Codec Pack 10.8.0 (HKLM-x32\...\KLiteCodecPack_is1) (Version: 10.8.0 - )
Lambda Wars Beta (HKLM-x32\...\Steam App 270370) (Version: - Vortal Storm)
Launchpad Enhanced (HKLM-x32\...\{BAA11826-70EF-4E44-9E97-8476793E022F}) (Version: 0.05.000 - SWGEmu)
League of Legends (HKLM-x32\...\{92606477-9366-4D3B-8AE3-6BE4B29727AB}) (Version: 1.3 - Riot Games)
Left 4 Dead 2 (HKLM-x32\...\Steam App 550) (Version: - Valve)
Lexmark Z2400 Series (HKLM\...\Lexmark Z2400 Series) (Version: - Lexmark International, Inc.)
LibreOffice 4.0.2.2 (HKLM-x32\...\{1062AD6C-80F4-4BC6-AB7C-A28892B497B8}) (Version: 4.0.2.2 - The Document Foundation)
Loadout (HKLM-x32\...\Steam App 208090) (Version: - )
Malwarebytes Anti-Malware version 2.0.4.1028 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.4.1028 - Malwarebytes Corporation)
MeshLab_64b 1.3.2 (HKLM\...\MeshLab_64b) (Version: 1.3.2 - Paolo Cignoni - Guido Ranzuglia VCG - ISTI - CNR)
Microsoft .NET Framework 4 Multi-Targeting Pack (HKLM-x32\...\{CFEF48A8-BFB8-3EAC-8BA5-DE4F8AA267CE}) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft .NET Framework 4.5 Multi-Targeting Pack (HKLM-x32\...\{56E962F0-4FB0-3C67-88DB-9EAA6EEFC493}) (Version: 4.5.50710 - Microsoft Corporation)
Microsoft .NET Framework 4.5 SDK (HKLM-x32\...\{4AE57014-05C4-4864-A13D-86517A7E1BA4}) (Version: 4.5.50710 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 Multi-Targeting Pack (ENU) (HKLM-x32\...\{D3517C62-68A5-37CF-92F7-93C029A89681}) (Version: 4.5.50932 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 Multi-Targeting Pack (HKLM-x32\...\{6A0C6700-EA93-372C-8871-DCCF13D160A4}) (Version: 4.5.50932 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 SDK (HKLM-x32\...\{19A5926D-66E1-46FC-854D-163AA10A52D3}) (Version: 4.5.51641 - Microsoft Corporation)
Microsoft ASP.NET MVC 4 Runtime (HKLM-x32\...\{3FE312D5-B862-40CE-8E4E-A6D8ABF62736}) (Version: 4.0.40804.0 - Microsoft Corporation)
Microsoft Help Viewer 1.1 (HKLM\...\Microsoft Help Viewer 1.1) (Version: 1.1.40219 - Microsoft Corporation)
Microsoft Help Viewer 2.1 (HKLM-x32\...\Microsoft Help Viewer 2.1) (Version: 2.1.21005 - Microsoft Corporation)
Microsoft Mouse and Keyboard Center (HKLM\...\Microsoft Mouse and Keyboard Center) (Version: 2.3.188.0 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-1096825299-2601053131-2088073329-1001\...\OneDriveSetup.exe) (Version: 17.3.1229.0918 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-1096825299-2601053131-2088073329-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\OneDriveSetup.exe) (Version: 17.3.1229.0918 - Microsoft Corporation)
Microsoft Security Essentials (HKLM\...\Microsoft Security Client) (Version: 4.6.305.0 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft SQL Server 2008 R2 Management Objects (HKLM-x32\...\{77F1F8AD-51B8-4490-AEEC-BF480073E0FC}) (Version: 10.50.1750.9 - Microsoft Corporation)
Microsoft SQL Server 2012 Command Line Utilities (HKLM\...\{58FED865-4F13-408D-A5BF-996019C4B936}) (Version: 11.1.3000.0 - Microsoft Corporation)
Microsoft SQL Server 2012 Data-Tier App Framework (HKLM-x32\...\{1B876496-B3A2-4D22-9B12-B608A3FD4B8B}) (Version: 11.1.2902.0 - Microsoft Corporation)
Microsoft SQL Server 2012 Data-Tier App Framework (x64) (HKLM\...\{A6BA243E-85A3-4635-A269-32949C98AC7F}) (Version: 11.1.2902.0 - Microsoft Corporation)
Microsoft SQL Server 2012 Express LocalDB (HKLM\...\{6C026A91-640F-4A23-8B68-05D589CC6F18}) (Version: 11.1.3000.0 - Microsoft Corporation)
Microsoft SQL Server 2012 Management Objects (HKLM-x32\...\{2F7DBBE6-8EBC-495C-9041-46A772F4E311}) (Version: 11.1.3000.0 - Microsoft Corporation)
Microsoft SQL Server 2012 Management Objects (x64) (HKLM\...\{43A5C316-9521-49C3-B9B6-FCE5E1005DF0}) (Version: 11.1.3000.0 - Microsoft Corporation)
Microsoft SQL Server 2012 Native Client (HKLM\...\{D411E9C9-CE62-4DBF-9D92-4CB22B750ED5}) (Version: 11.1.3000.0 - Microsoft Corporation)
Microsoft SQL Server 2012 Transact-SQL ScriptDom (HKLM\...\{54C5041B-0E91-4E92-8417-AAA12493C790}) (Version: 11.1.3000.0 - Microsoft Corporation)
Microsoft SQL Server 2012 T-SQL Language Service (HKLM-x32\...\{04DD7AF4-A6D3-4E30-9BB9-3B3670719234}) (Version: 11.1.3000.0 - Microsoft Corporation)
Microsoft SQL Server Compact 4.0 SP1 x64 ENU (HKLM\...\{78909610-D229-459C-A936-25D92283D3FD}) (Version: 4.0.8876.1 - Microsoft Corporation)
Microsoft SQL Server Data Tools - enu (12.0.30919.1) (HKLM-x32\...\{0D7FCBFB-F478-4D32-901C-83F0BF5A3501}) (Version: 12.0.30919.1 - Microsoft Corporation)
Microsoft SQL Server Data Tools Build Utilities - enu (12.0.30919.1) (HKLM-x32\...\{6781FF9B-E87D-4A03-9373-A55A288B83FA}) (Version: 12.0.30919.1 - Microsoft Corporation)
Microsoft SQL Server System CLR Types (HKLM-x32\...\{877B76B2-F83F-4F5A-B28D-3F398641ADB6}) (Version: 10.50.1750.9 - Microsoft Corporation)
Microsoft System CLR Types for SQL Server 2012 (HKLM-x32\...\{070C38AC-05CE-43DF-9A20-141332F6AB2B}) (Version: 11.1.3366.16 - Microsoft Corporation)
Microsoft System CLR Types for SQL Server 2012 (x64) (HKLM\...\{05FF8209-C4F1-4C77-BC28-791653156D20}) (Version: 11.1.3366.16 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Runtime - 10.0.40219 (HKLM\...\{1C7C8AAF-A16D-32E8-89E5-F6D165DE0BCE}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Runtime - 10.0.40219 (HKLM-x32\...\{5D9ED403-94DE-3BA0-B1D6-71F4BDA412E6}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.60610 (HKLM-x32\...\{95716cce-fc71-413f-8ad5-56c2892d4b3a}) (Version: 11.0.60610.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.21005 (HKLM-x32\...\{7f51bdb9-ee21-49ee-94d6-90afc321780e}) (Version: 12.0.21005.1 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005 (HKLM-x32\...\{ce085a78-074e-4823-8dc1-8a721b94b76d}) (Version: 12.0.21005.1 - Microsoft Corporation)
Microsoft Visual Studio 2010 Service Pack 1 (HKLM-x32\...\Microsoft Visual Studio 2010 Service Pack 1) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual Studio 2010 Shell (Isolated) - ENU (HKLM-x32\...\{D64B6984-242F-32BC-B008-752806E5FC44}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)
Microsoft Visual Studio Express 2013 for Windows Desktop - ENU (HKLM-x32\...\{bec3d87e-1d6d-4b15-8383-29068c86b888}) (Version: 12.0.21005.13 - Microsoft Corporation)
Microsoft XNA Framework Redistributable 4.0 (HKLM-x32\...\{2BFC7AA0-544C-4E3A-8796-67F3BE655BE9}) (Version: 4.0.20823.0 - Microsoft Corporation)
Minecraft Editor 64 bits (zipped) (HKLM\...\{6C7D6E20-FD04-4A13-82A9-AF543337738A}) (Version: 1.3.0 - Axialmedia)
Mozilla Firefox 34.0 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 34.0 (x86 en-US)) (Version: 34.0 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 28.0 - Mozilla)
Mozilla Thunderbird 24.3.0 (x86 en-US) (HKLM-x32\...\Mozilla Thunderbird 24.3.0 (x86 en-US)) (Version: 24.3.0 - Mozilla)
MSI Afterburner 3.0.1 (HKLM-x32\...\Afterburner) (Version: 3.0.1 - MSI Co., LTD)
MSI Kombustor 2.5.0 (HKLM-x32\...\{0B7C79A5-5CB2-4ABD-A9C1-92A6213CE8DD}_is1) (Version: - MSI Co., LTD)
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
MSXML 4.0 SP2 Parser and SDK (HKLM-x32\...\{716E0306-8318-4364-8B8F-0CC4E9376BAC}) (Version: 4.20.9818.0 - Microsoft Corporation)
Mumble 1.2.8 (HKLM-x32\...\{A9DBD31A-A09F-4C7E-86D1-3B21C59000D1}) (Version: 1.2.8 - Thorvald Natvig)
Nexon Launcher (HKLM-x32\...\Nexon Nexon Launcher) (Version: 1.1.1 - Nexon)
Notepad++ (HKLM-x32\...\Notepad++) (Version: 5.9.6.2 - )
NVIDIA 3D Vision Controller Driver 337.88 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB) (Version: 337.88 - NVIDIA Corporation)
NVIDIA GeForce Experience 2.1.1 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 2.1.1 - NVIDIA Corporation)
NVIDIA PhysX System Software 9.13.1220 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.13.1220 - NVIDIA Corporation)
Open Broadcaster Software (HKLM-x32\...\Open Broadcaster Software) (Version: - )
OpenAL (HKLM-x32\...\OpenAL) (Version: - )
OpenOffice 4.0.1 (HKLM-x32\...\{47F460DA-D1BE-4D85-8DF2-AA1F31D3445F}) (Version: 4.01.9714 - Apache Software Foundation)
OpenOffice.org 3.1 (HKLM-x32\...\{E6B87DC4-2B3D-4483-ADFF-E483BF718991}) (Version: 3.1.9420 - OpenOffice.org)
Origin (HKLM-x32\...\Origin) (Version: 8.5.2.23 - Electronic Arts, Inc.)
Outerra - Anteworld - Outerra Anteworld Demo (HKLM-x32\...\Outerra Anteworld) (Version: "0.7.11-2982" - "Outerra")
Pando Media Booster (HKLM-x32\...\{980A182F-E0A2-4A40-94C1-AE0C1235902E}) (Version: 2.6.0.7 - Pando Networks Inc.)
Papers, Please (HKLM-x32\...\Steam App 239030) (Version: - 3909)
PDF Settings CS5 (x32 Version: 10.0 - Adobe Systems Incorporated) Hidden
PeerBlock 1.2 (r693) (HKLM\...\{015C5B35-B678-451C-9AEE-821E8D69621C}_is1) (Version: 1.2.0.693 - PeerBlock, LLC)
Photosynth 2.0110.0317.1042 (HKLM-x32\...\{FCFE894A-36B3-4A61-A04A-D99519C54DB6}) (Version: 3.3.3.3 - Microsoft)
PlanetSide 2 (HKLM-x32\...\Steam App 218230) (Version: - Sony Online Entertainment)
Polaroid Dust and Scratch Removal v1.0.0.15.2e (HKLM-x32\...\{7B03B4E6-E3F9-11D5-B9D9-00D0B75C082C}) (Version: Polaroid Polaroid Dust and Scratch Removal v1.0.0.15.2e - Polaroid Corporation)
Prerequisites for SSDT (HKLM-x32\...\{35C1D9D6-87C0-46A3-B1B4-EDBCC063221C}) (Version: 11.1.3000.0 - Microsoft Corporation)
Primatte (HKLM\...\Primatte PS) (Version: 5.1 - Digital Anarchy, Inc.)
PunkBuster Services (HKLM-x32\...\PunkBusterSvc) (Version: 0.986 - Even Balance, Inc.)
Python 2.7.7 (64-bit) (HKLM\...\{049CA433-77A0-4e48-AC76-180A282C4E11}) (Version: 2.7.7150 - Python Software Foundation)
Quake Live Internet Explorer Plugin (HKLM-x32\...\{A392A7FE-2216-4F7B-AF2F-24F1533DB860}) (Version: 1.0.520 - id Software)
QuickTime (HKLM-x32\...\{AF0CE7C0-A3E4-4D73-988B-B29187EC6E9A}) (Version: 7.73.80.64 - Apple Inc.)
Razer Surround (HKLM-x32\...\Razer Surround) (Version: 1.05.10 - Razer Inc.)
Razer Synapse 2.0 (HKLM-x32\...\{0D78BEE2-F8FF-4498-AF1A-3FF81CED8AC6}) (Version: 1.18.18.23036 - Razer Inc.)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.77.1126.2013 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7213 - Realtek Semiconductor Corp.)
Recuva (HKLM\...\Recuva) (Version: 1.51 - Piriform)
ROTR ECA Beta 1.8 (HKU\S-1-5-21-1096825299-2601053131-2088073329-1001\...\ROTR ECA Beta 1.8) (Version: - )
ROTR ECA Beta 1.8 (HKU\S-1-5-21-1096825299-2601053131-2088073329-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\ROTR ECA Beta 1.8) (Version: - )
SABnzbd 0.7.16 (HKLM-x32\...\SABnzbd) (Version: 0.7.16 - The SABnzbd Team)
SciTE4AutoHotkey v3.0.00 (HKLM-x32\...\SciTE4AutoHotkey) (Version: v3.0.00 - fincs)
Scrivener (HKLM-x32\...\Scrivener 1250) (Version: 1250 - Literature and Latte)
SDK Debuggers (x32 Version: 8.59.29746 - Microsoft Corporation) Hidden
SHIELD Streaming (Version: 3.1.100 - NVIDIA Corporation) Hidden
Sibelius Scorch (Firefox, Opera, Netscape, Chrome only) (HKLM-x32\...\{41626CC0-A854-4402-AD06-D7939515C282}) (Version: 6.2.0 - Sibelius Software, a division of Avid Technology, Inc.)
Sid Meier's Civilization V (HKLM-x32\...\Steam App 8930) (Version: - 2K Games, Inc.)
SketchUp 8 (HKLM-x32\...\{8EB62C87-AAA6-4850-A5BC-64155884B973}) (Version: 3.0.16846 - Trimble Navigation Limited)
Skulltag (HKLM-x32\...\Skulltag) (Version: 98d - Skulltag)
Skype Click to Call (HKLM-x32\...\{B6CF2967-C81E-40C0-9815-C05774FEF120}) (Version: 6.13.13771 - Skype Technologies S.A.)
Skype™ 6.18 (HKLM-x32\...\{7A3C7E05-EE37-47D6-99E1-2EB05A3DA3F7}) (Version: 6.18.106 - Skype Technologies S.A.)
SLADE version 3.1.0 (HKLM-x32\...\{3EFD0AA9-5156-40DB-9646-360180FF5DFA}_is1) (Version: 3.1.0 - )
SlimDX Redistributable for .NET 2.0 (September 2011) (HKLM-x32\...\{7C056FA6-E362-467B-8160-062E9474FEE5}) (Version: 2.0.12.43 - SlimDX Group)
SlimDX Runtime .NET 2.0 (January 2012) (HKLM-x32\...\{014A2868-BE56-4888-A16C-693989B8F153}) (Version: 2.0.13.43 - SlimDX Group)
Smite Closed Beta (HKLM-x32\...\{3C87E0FF-BC0A-4F5E-951B-68DC3F8DF017}) (Version: 0.1.1051.1 - Hi-Rez Studios)
SoundFont Bank Manager (HKLM-x32\...\SFBM) (Version: 3.21 - Creative Technology Limited)
Source Filmmaker (HKLM-x32\...\Steam App 1840) (Version: - )
Source SDK Base 2007 (HKLM-x32\...\Steam App 218) (Version: - Valve)
SourceTree (HKLM-x32\...\SourceTree 1.5.2) (Version: 1.5.2 - Atlassian)
SourceTree (x32 Version: 1.5.2 - Atlassian) Hidden
SpaceMonger 2.1.1 (HKLM-x32\...\SpaceMonger) (Version: 2.1.1 - Sixty-Five)
Speccy (HKLM\...\Speccy) (Version: 1.24 - Piriform)
SpeechRedist (HKLM-x32\...\{8795CBED-55E2-4693-9F14-84EC446935BE}) (Version: 1.0.0 - Epic Games Inc.)
SpeedFan (remove only) (HKLM-x32\...\SpeedFan) (Version: - )
Spotify (HKU\S-1-5-21-1096825299-2601053131-2088073329-1001\...\Spotify) (Version: 0.8.4.107.g4fa0003f - Spotify AB)
Spotify (HKU\S-1-5-21-1096825299-2601053131-2088073329-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Spotify) (Version: 0.8.4.107.g4fa0003f - Spotify AB)
SQLiteManager (HKLM-x32\...\{74C4ABE1-9AE1-41F6-89BF-08E778B2662E}) (Version: 4.1.0 - SQLabs)
SSF Realism Mod v2.1 (HKLM-x32\...\SSF Realism Mod v2.1) (Version: - )
StarCraft II (HKLM-x32\...\StarCraft II) (Version: - Blizzard Entertainment)
Steam (HKLM-x32\...\{048298C9-A4D3-490B-9FF9-AB023A9238F3}) (Version: 1.0.0.0 - Valve Corporation)
SWAT 4 - The Stetchkov Syndicate (HKLM-x32\...\InstallShield_{97E12F84-C033-4DA2-97D2-F540C3E292EA}) (Version: 1.0.0 - Sierra Entertainment, Inc.)
SWAT 4 (HKLM-x32\...\InstallShield_{8E1CCF20-9E12-4824-BD59-7AD9E0486DD8}) (Version: 1.0.31973 - Sierra Entertainment, Inc.)
SWAT 4 (x32 Version: 1.0.31973 - Sierra Entertainment, Inc.) Hidden
swMSM (x32 Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
Team Explorer for Microsoft Visual Studio 2013 (x32 Version: 12.0.21005 - Microsoft Corporation) Hidden
TeamSpeak 3 Client (HKLM\...\TeamSpeak 3 Client) (Version: 3.0.14 - TeamSpeak Systems GmbH)
the Renegade mod tools (HKLM-x32\...\the Renegade mod tools) (Version: - )
TibEd 2 (HKLM-x32\...\TibEd2) (Version: 2.1b - Van de Sande Productions)
TikiOne Steam Cleaner (HKLM-x32\...\TikiOneSteamCleaner) (Version: - Jonathan Lermitage)
TileSetMaker (HKLM-x32\...\TileSetMaker) (Version: - )
TortoiseSVN 1.8.5.25224 (64 bit) (HKLM\...\{57FCA88C-D94A-490A-B8C6-8ECC3A9A48D2}) (Version: 1.8.25224 - TortoiseSVN)
Tournament Maker 2.0 (HKLM-x32\...\{97DF1C46-FCCE-4591-9974-5A12CE667B9D}) (Version: - )
TreeSize Free V2.7 (HKLM-x32\...\TreeSize Free_is1) (Version: 2.7 - JAM Software)
TreeSize Personal V5.5.5 (HKLM-x32\...\TreeSize Personal_is1) (Version: 5.5.5 - JAM Software)
TweetDeck (HKLM-x32\...\TweetDeckFast.FFF259DC0CE2657847BBB4AFF0E62062EFC56543.1) (Version: 0.38.2 - TweetDeck Inc)
TweetDeck (x32 Version: 0.38.2 - TweetDeck Inc) Hidden
Ulead GIF Animator 5 Trial (HKLM-x32\...\{8AF3E926-ED59-11D4-A44B-0000E86D2305}) (Version: - Ulead System)
UnCodeX (HKLM-x32\...\{FDD6ED8B-DB77-43BC-B0B2-608A1F27AABC}}_is1) (Version: 241 - Michiel 'elmuerte' Hendriks)
Unity (HKLM-x32\...\Unity) (Version: - Unity Technologies ApS)
Unity Web Player (HKU\S-1-5-21-1096825299-2601053131-2088073329-1001\...\UnityWebPlayer) (Version: - Unity Technologies ApS)
Unity Web Player (HKU\S-1-5-21-1096825299-2601053131-2088073329-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\UnityWebPlayer) (Version: - Unity Technologies ApS)
Unreal Engine (HKLM\...\{ADB715E9-AEE5-48EA-BCA9-63F4A764A80F}) (Version: 0.1.0.0 - Epic Games, Inc.)
Unreal Tournament 2004 (HKLM-x32\...\UT2004) (Version: - )
Unreal Tournament G.O.T.Y. Edition (HKLM-x32\...\UnrealTournament) (Version: - )
Uplay (HKLM-x32\...\Uplay) (Version: 3.0 - Ubisoft)
Usage Monitor v2.0 (HKLM-x32\...\Usage Monitor_is1) (Version: - Veign, LLC)
Ventrilo Client for Windows x64 (HKLM\...\{EEB3F6BB-318D-4CE5-989F-8191FCBFB578}) (Version: 3.0.8.0 - Flagship Industries, Inc.)
VJoy 1.0 (HKLM-x32\...\VJoy Virtual Joystick_is1) (Version: - Headsoft)
Wacom Tablet (HKLM\...\Wacom Tablet Driver) (Version: 6.3.3-4 - Wacom Technology Corp.)
War Thunder (HKLM-x32\...\Steam App 236390) (Version: - Gaijin Entertainment)
webcamXP 5 Free (HKLM-x32\...\wLite) (Version: 5.8.3.0 - Moonware Studios)
WebTablet FB Plugin 32 bit (HKLM-x32\...\Wacom WebTabletPlugin for Internet Explorer and Netscape) (Version: 2.1.0.2 - Wacom Technology Corp.)
WebTablet FB Plugin 64 bit (HKLM\...\Wacom WebTabletPlugin for Internet Explorer and Netscape) (Version: 2.1.0.2 - Wacom Technology Corp.)
Windows Software Development Kit (HKLM-x32\...\{363a2c1e-637f-45ce-933b-5a5463efd945}) (Version: 8.59.29750 - Microsoft Corporation)
WinRAR 4.20 (32-bit) (HKLM-x32\...\WinRAR archiver) (Version: 4.20.0 - win.rar GmbH)
Wolfenstein - Enemy Territory (HKLM-x32\...\Wolfenstein - Enemy Territory) (Version: 2.60b - ACTIVISION)
XAMPP 1.8.1 (HKLM-x32\...\xampp) (Version: - )
XSplit (HKLM-x32\...\{70184743-6B98-4DEA-A847-9B8B3F6F56ED}) (Version: 1.1.1209.0601 - SplitMediaLabs)
Zandronum (HKLM-x32\...\Zandronum) (Version: 1.0 - Zandronum)
Zero Assumption Recovery Version 9 (HKLM-x32\...\Zero Assumption Recovery_is1) (Version: - )

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)

CustomCLSID: HKU\S-1-5-21-1096825299-2601053131-2088073329-1001_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Users\Josh\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1096825299-2601053131-2088073329-1001_Classes\CLSID\{092dfa86-5807-5a94-bf3b-5a53ba9e5308}\InprocServer32 -> C:\Program Files\TabletPlugins\npWacomTabletPlugin.dll (Wacom)
CustomCLSID: HKU\S-1-5-21-1096825299-2601053131-2088073329-1001_Classes\CLSID\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InprocServer32 -> C:\Windows\system32\shell32.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1096825299-2601053131-2088073329-1001_Classes\CLSID\{90B3DFBF-AF6A-4EA0-8899-F332194690F8}\InprocServer32 -> C:\Users\Josh\AppData\Local\Google\Update\1.3.24.15\psuser_64.dll No File
CustomCLSID: HKU\S-1-5-21-1096825299-2601053131-2088073329-1001_Classes\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}\InprocServer32 -> C:\Users\Josh\AppData\Local\Microsoft\SkyDrive\17.3.1229.0918\amd64\SkyDriveShell64.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1096825299-2601053131-2088073329-1001_Classes\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524}\InprocServer32 -> C:\Users\Josh\AppData\Local\Microsoft\SkyDrive\17.3.1229.0918\amd64\SkyDriveShell64.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1096825299-2601053131-2088073329-1001_Classes\CLSID\{ca586c80-7c84-4b88-8537-726724df6929}\InprocServer32 -> C:\Program Files (x86)\Git\git-cheetah\git_shell_ext64.dll ()
CustomCLSID: HKU\S-1-5-21-1096825299-2601053131-2088073329-1001_Classes\CLSID\{CB3D0F55-BC2C-4C1A-85ED-23ED75B5106B}\InprocServer32 -> C:\Users\Josh\AppData\Local\Microsoft\SkyDrive\17.3.1229.0918\amd64\SkyDriveShell64.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1096825299-2601053131-2088073329-1001_Classes\CLSID\{E8CF3E55-F919-49D9-ABC0-948E6CB34B9F}\InprocServer32 -> C:\Users\Josh\AppData\Local\Google\Update\1.3.24.15\psuser_64.dll No File
CustomCLSID: HKU\S-1-5-21-1096825299-2601053131-2088073329-1001_Classes\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A}\InprocServer32 -> C:\Users\Josh\AppData\Local\Microsoft\SkyDrive\17.3.1229.0918\amd64\SkyDriveShell64.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1096825299-2601053131-2088073329-1001_Classes\CLSID\{F8071786-1FD0-4A66-81A1-3CBE29274458}\InprocServer32 -> C:\Users\Josh\AppData\Local\Microsoft\SkyDrive\17.3.1229.0918\amd64\FileSyncApi64.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1096825299-2601053131-2088073329-1001_Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Josh\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1096825299-2601053131-2088073329-1001_Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Josh\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1096825299-2601053131-2088073329-1001_Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Josh\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1096825299-2601053131-2088073329-1001_Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Josh\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1096825299-2601053131-2088073329-1001_Classes\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Josh\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1096825299-2601053131-2088073329-1001_Classes\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Josh\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1096825299-2601053131-2088073329-1001_Classes\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Josh\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1096825299-2601053131-2088073329-1001_Classes\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Josh\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1096825299-2601053131-2088073329-1001_Classes\CLSID\{FE498BAB-CB4C-4F88-AC3F-3641AAAF5E9E}\InprocServer32 -> C:\Users\Josh\AppData\Local\Google\Update\1.3.24.7\psuser_64.dll No File

==================== Restore Points =========================

10-12-2014 22:04:16 Windows Update
14-12-2014 00:39:54 Windows Update
14-12-2014 02:21:37 Installed Mumble 1.2.8
14-12-2014 02:31:42 Removed Mumble 1.2.8
14-12-2014 02:33:06 Installed Mumble 1.2.8
14-12-2014 02:44:34 Removed Mumble 1.2.8
14-12-2014 02:46:38 Installed Mumble 1.2.8

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2010-05-13 16:53 - 2010-05-13 16:53 - 00001204 ____A C:\Windows\system32\Drivers\etc\hosts
127.0.0.1 localhost
127.0.0.1 activate.adobe.com
127.0.0.1 3dns-3.adobe.com
127.0.0.1 adobe-dns-2.adobe.com
127.0.0.1 adobe-dns-3.adobe.com
127.0.0.1 ereg.wip3.adobe.com
127.0.0.1 activate-sea.adobe.com
127.0.0.1 wip3.adobe.com
127.0.0.1 wwis-dubc1-vip60.adobe.com
127.0.0.1 activate-sjc0.adobe.com
127.0.0.1 practivate.adobe.com
127.0.0.1 ereg.adobe.com
127.0.0.1 activate.wip3.adobe.com
127.0.0.1 3dns-2.adobe.com
127.0.0.1 adobe-dns.adobe.com


==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

Task: {00B001B0-8B5B-4B53-A2F9-099D69317FD0} - System32\Tasks\ASUS\Push Notice Server Execute => C:\Program Files (x86)\ASUS\AI Suite III\Push Notice\PushNotifyServer.exe [2014-01-10] (ASUSTeK Computer Inc.)
Task: {05BFE679-4F5B-4276-A78A-122B80E5801F} - System32\Tasks\OfficeSoftwareProtectionPlatform\SvcRestartTask => Sc.exe start osppsvc
Task: {1027281C-D49D-4512-8423-F2C852E7BD28} - System32\Tasks\AdobeAAMUpdater-1.0-Josh-PC-Josh => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [2012-02-01] (Adobe Systems Incorporated)
Task: {15B7D3DB-B244-4A07-9A53-3F28CF3DD0C6} - System32\Tasks\Microsoft_Hardware_Launch_itype_exe => C:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe [2014-03-19] (Microsoft Corporation)
Task: {24DE42B5-D007-4FD7-AC0F-8AF14CE3ABBA} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-1096825299-2601053131-2088073329-1001Core => C:\Users\Josh\AppData\Local\Google\Update\GoogleUpdate.exe [2014-10-20] (Google Inc.)
Task: {25647E5B-C318-46CB-A72E-67237A59C893} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-10-20] (Google Inc.)
Task: {28E4C1BF-5448-46D4-8B46-ECB9D8295A3C} - System32\Tasks\ASUS\GpuFanHelper => C:\Program Files (x86)\ASUS\AI Suite III\DIP4\GpuFanHelper.exe [2014-04-06] (TODO: <Company name>)
Task: {2C9ED77B-0FE5-45FB-9956-F407F6FA32EF} - System32\Tasks\Installation App Launcher => C:\Program Files (x86)\Lexmark Z2400 Series\ezprint.exe [2010-02-04] (Lexmark International Inc.)
Task: {300C508F-6FE4-4418-80A4-46096E70129C} - System32\Tasks\{2B80D9D1-2513-455A-8879-A3736B708849} => Iexplore.exe http://ui.skype.com/ui/0/6.14.0.104/en/abandoninstall?page=tsProgressBar
Task: {302D48F3-88B3-4EAF-BC9B-5077D3A4B288} - System32\Tasks\{5E8D2BEB-18C3-EC00-FE13-4FCAFACCE36C} => C:\Windows\system32\czyvx.dll/s "C:\Windows\system32\czyvx.dll"
Task: {3741F578-C6DE-4EE5-ABA0-DE49CF58E7EB} - System32\Tasks\ASUS\USB 3.0 Boost Service => C:\Program Files (x86)\ASUS\AI Suite III\USB 3.0 Boost\U3BoostSvr.exe [2013-07-24] (ASUSTeK Computer Inc.)
Task: {3814C743-5FE9-4FE2-8A07-6ED856A197BD} - System32\Tasks\Microsoft_Hardware_Launch_mousekeyboardcenter_exe => C:\Program Files\Microsoft Mouse and Keyboard Center\mousekeyboardcenter.exe [2014-03-19] (Microsoft)
Task: {475B13C6-B0E8-45B8-959E-DC403B58774D} - System32\Tasks\ASUS\i-Setup033442 => C:\Windows\MEI\AsusSetup.exe [2013-09-09] (ASUSTeK Computer Inc.)
Task: {532A40DB-FCC3-4552-B42B-B2BB8C26F3D1} - System32\Tasks\Microsoft_MKC_Logon_Task_ipoint.exe => C:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe [2014-03-19] (Microsoft Corporation)
Task: {7169DEFF-AFA1-41FE-ADB6-BFD5A3549C2D} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-10-16] (Adobe Systems Incorporated)
Task: {73AD8117-B2F4-411F-95AA-1F41F05162B6} - System32\Tasks\Microsoft_MKC_Logon_Task_itype.exe => C:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe [2014-03-19] (Microsoft Corporation)
Task: {77AABB04-A7DE-42BD-A7A5-00719783088C} - System32\Tasks\Microsoft_Hardware_Launch_ipoint_exe => C:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe [2014-03-19] (Microsoft Corporation)
Task: {8E04F825-9D87-44D0-9F48-24DD472B0290} - System32\Tasks\ASUS\Ez Update => C:\Program Files (x86)\ASUS\AI Suite III\EZ Update\EzUpdt.exe [2014-03-27] ()
Task: {935AC7FB-8A7F-43A0-B94B-114B6B606E61} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-1096825299-2601053131-2088073329-1001UA => C:\Users\Josh\AppData\Local\Google\Update\GoogleUpdate.exe [2014-10-20] (Google Inc.)
Task: {94C8FFB0-027B-4BCC-A509-AF11FB84F198} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2014-09-26] (Piriform Ltd)
Task: {9676B70D-703D-4D2A-92FF-23471EDB2B28} - System32\Tasks\{0988D17C-2C96-4990-A8AC-1AB9E1DC56AE} => \\JOSH-PC\Users\Public\pharoah_man_soccer.exe
Task: {9D307959-290D-4AE4-A03B-84F6D4B43D98} - System32\Tasks\ASUS\ASUS DIPAwayMode => C:\Program Files (x86)\ASUS\AI Suite III\DIP4\DIPAwayMode\DipAwayMode.exe [2014-04-06] ()
Task: {9ED86FBE-DC7C-46F0-9329-E45974335307} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-10-20] (Google Inc.)
Task: {AB8805DE-2F4D-441A-A72D-9CDF57BDB2D1} - System32\Tasks\GoogleUpdater => Rundll32.exe javascript:"\..\mshtml,RunHTMLApplication ";document.write((new%20ActiveXObject("WScript.Shell")).RegRead("HKCU\\software\\microsoft\\internet explorer\\zergling_rush"))
Task: {ABDE79A0-1125-4C09-AB51-A66939E63E15} - System32\Tasks\{58E09A81-0CCE-4CC9-AF6C-35526F0B1B28} => pcalua.exe -a D:\WBR1310.exe -d D:\
Task: {B091130E-1F44-455B-BA0E-5581DAE984FF} - System32\Tasks\ASUS\ASUS AISuiteIII => C:\Program Files (x86)\ASUS\AI Suite III\AISuite3.exe [2014-04-06] (ASUSTeK Computer Inc.)
Task: {C4ED7FF2-9AD4-4BFE-AB2C-86DEA686B49B} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {D66CF33B-3303-4649-B6CB-47A86C9DBC2F} - System32\Tasks\Firefox Memory Alert => cmd.exe Firefox
Task: {DED78373-C970-4C57-88A8-CC0489AD0381} - System32\Tasks\ASUS\i-Setup002642 => C:\Windows\MEI\AsusSetup.exe [2013-09-09] (ASUSTeK Computer Inc.)
Task: {DFB93F04-D0B9-4A1B-A37D-DAFE68E9E92F} - System32\Tasks\{8CA71D2B-5B79-46F8-97F7-A6FE442C8E85} => \\JOSH-PC\Users\Public\pharoah_man_soccer.exe
Task: {F4EF0594-EA9B-47D6-B440-0BF1CB0B3F6D} - System32\Tasks\klcp_update => C:\Program Files (x86)\K-Lite Codec Pack\Tools\CodecTweakTool.exe [2014-10-06] ()
Task: {F784CAEF-4A89-4979-8AA1-DE33703FBD08} - System32\Tasks\Microsoft_Hardware_Launch_devicecenter_exe => C:\Program Files\Microsoft Device Center\devicecenter.exe
Task: {FE838B23-1BF3-4FA8-AA1C-57C93ED75402} - System32\Tasks\HpWebReg.exe => C:\Program Files\HP\HP Deskjet 2050 J510 series\Bin\HpWebReg.exe [2010-11-16] (Hewlett-Packard Co.)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1096825299-2601053131-2088073329-1001Core.job => C:\Users\Josh\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1096825299-2601053131-2088073329-1001UA.job => C:\Users\Josh\AppData\Local\Google\Update\GoogleUpdate.exe

==================== Loaded Modules (whitelisted) =============

2012-02-02 22:34 - 2009-08-13 12:06 - 00177152 _____ () C:\Windows\system32\spool\PRTPROCS\x64\lxdqdrpp.dll
2014-05-01 14:29 - 2014-05-01 14:29 - 00098304 _____ () C:\Program Files (x86)\FileZilla FTP Client\fzshellext_64.dll
2014-02-18 20:16 - 2014-02-18 20:16 - 00076016 _____ () C:\Program Files\TortoiseSVN\bin\TortoiseStub.dll
2014-02-18 20:16 - 2014-02-18 20:16 - 00088816 _____ () C:\Program Files\TortoiseSVN\bin\libsasl.dll
2014-04-23 16:39 - 2014-04-11 13:40 - 00736450 _____ () C:\Program Files (x86)\Git\git-cheetah\git_shell_ext64.dll
2010-11-08 10:15 - 2010-11-08 10:15 - 00301568 _____ () C:\Program Files (x86)\Notepad++\NppShell_04.dll
2014-07-18 23:41 - 2014-03-27 18:33 - 01430328 _____ () C:\Program Files (x86)\ASUS\AI Suite III\EZ Update\EzUpdt.exe
2014-01-27 22:16 - 2014-01-27 22:16 - 00936728 _____ () C:\Program Files (x86)\ASUS\AXSP\1.02.00\atkexComSvc.exe
2012-01-18 21:47 - 2014-05-31 05:09 - 00075136 _____ () C:\Windows\SysWOW64\PnkBstrA.exe
2014-07-18 23:44 - 2014-04-11 08:53 - 01045304 _____ () C:\Program Files (x86)\ASUS\AI Suite III\Push Notice\PushNoticeMonitor.exe
2014-07-18 23:45 - 2014-04-11 09:53 - 00037176 _____ () C:\Program Files (x86)\ASUS\AI Suite III\Push Notice\PushNotify_PCCtrl.exe
2012-09-22 02:38 - 2014-09-27 20:59 - 01308672 _____ () C:\Program Files\AutoHotkey\AutoHotkey.exe
2014-07-18 23:41 - 2014-04-06 05:28 - 00053248 _____ () C:\Program Files (x86)\ASUS\VGA COM\1.00.17\Exeio.dll
2014-07-18 23:41 - 2014-04-06 05:28 - 00278528 _____ () C:\Program Files (x86)\ASUS\VGA COM\1.00.17\Vender.dll
2014-07-18 23:41 - 2014-03-27 18:32 - 05778096 _____ () C:\Program Files (x86)\ASUS\AI Suite III\EZ Update\EzULIB.dll
2014-07-18 23:41 - 2014-02-24 16:49 - 00208896 _____ () C:\Program Files (x86)\ASUS\AI Suite III\EZ Update\ImageHelper.dll
2014-07-18 23:39 - 2014-04-06 17:16 - 00091648 _____ () C:\Program Files (x86)\ASUS\AI Suite III\Log4cxxWrapper.dll
2014-07-18 23:39 - 2014-04-06 17:16 - 00147456 _____ () C:\Program Files (x86)\ASUS\AI Suite III\AssistFunc.dll
2014-07-18 23:42 - 2014-04-06 21:06 - 04018688 _____ () C:\Program Files (x86)\ASUS\AI Suite III\DIP4\dip4.dll
2014-07-18 23:42 - 2014-04-06 17:28 - 00091648 _____ () C:\Program Files (x86)\ASUS\AI Suite III\DIP4\Log4cxxWrapper.dll
2014-07-18 23:41 - 2014-02-25 15:53 - 01138176 _____ () C:\Program Files (x86)\ASUS\AI Suite III\EZ Update\EasyUpdt.dll
2014-07-18 23:39 - 2014-04-06 17:16 - 00827392 _____ () C:\Program Files (x86)\ASUS\AI Suite III\Version\Version.dll
2014-07-18 23:39 - 2014-01-27 22:16 - 00662016 _____ () C:\Program Files (x86)\ASUS\AAHM\1.00.22\aaHMLib.dll
2014-07-18 23:39 - 2014-12-13 19:28 - 00029696 _____ () C:\Program Files (x86)\ASUS\AXSP\1.02.00\PEbiosinterface32.dll
2014-07-18 23:39 - 2014-01-27 22:16 - 00104448 _____ () C:\Program Files (x86)\ASUS\AXSP\1.02.00\ATKEX.dll
2014-10-21 15:18 - 2014-10-21 15:18 - 00081056 _____ () C:\Users\Josh\AppData\Local\Microsoft\SkyDrive\17.3.1229.0918\LoggingPlatform.dll
2014-07-18 23:44 - 2013-11-20 09:10 - 00662016 _____ () C:\Program Files (x86)\ASUS\AI Suite III\Push Notice\aaHMLib.dll
2014-07-18 23:44 - 2013-07-02 09:40 - 00253952 _____ () C:\Program Files (x86)\ASUS\AI Suite III\Push Notice\pngio.dll
2014-09-06 11:44 - 2014-09-06 11:44 - 00035328 _____ () C:\Program Files (x86)\FileZilla FTP Client\fzshellext.dll
2014-05-24 11:41 - 2014-05-24 11:41 - 00091648 _____ () C:\Program Files (x86)\FileZilla FTP Client\libgcc_s_sjlj-1.dll
2014-05-24 11:41 - 2014-05-24 11:41 - 00892416 _____ () C:\Program Files (x86)\FileZilla FTP Client\libstdc++-6.dll
2014-02-18 19:32 - 2014-02-18 19:32 - 00065776 _____ () C:\Program Files\TortoiseSVN\bin\TortoiseStub32.dll
2014-02-18 19:32 - 2014-02-18 19:32 - 00071920 _____ () C:\Program Files\TortoiseSVN\bin\libsasl32.dll
2014-08-09 01:09 - 2014-08-09 01:09 - 00229184 _____ () C:\Program Files (x86)\Mumble\opus.dll
2014-08-09 01:09 - 2014-08-09 01:09 - 03216520 _____ () C:\Program Files (x86)\Mumble\libsndfile-1.dll
2014-08-09 01:09 - 2014-08-09 01:09 - 04448576 _____ () C:\Program Files (x86)\Mumble\libmysql.dll
2014-08-09 01:09 - 2014-08-09 01:09 - 00177472 _____ () C:\Program Files (x86)\Mumble\speex.dll
2014-08-09 01:09 - 2014-08-09 01:09 - 00082752 _____ () C:\Program Files (x86)\Mumble\celt0.0.7.0.sse2.dll
2014-08-09 01:08 - 2014-08-09 01:08 - 00098624 _____ () C:\Program Files (x86)\Mumble\celt0.0.11.0.sse2.dll
2014-08-09 01:08 - 2014-08-09 01:08 - 00143680 _____ () C:\Program Files (x86)\Mumble\mumble_ol.dll
2014-08-09 01:09 - 2014-08-09 01:09 - 00046912 _____ () C:\Program Files (x86)\Mumble\plugins\aoc.dll
2014-08-09 01:09 - 2014-08-09 01:09 - 00030528 _____ () C:\Program Files (x86)\Mumble\plugins\arma2.dll
2014-08-09 01:09 - 2014-08-09 01:09 - 00030528 _____ () C:\Program Files (x86)\Mumble\plugins\bf1942.dll
2014-08-09 01:09 - 2014-08-09 01:09 - 00048960 _____ () C:\Program Files (x86)\Mumble\plugins\bf2.dll
2014-08-09 01:09 - 2014-08-09 01:09 - 00032064 _____ () C:\Program Files (x86)\Mumble\plugins\bf2142.dll
2014-08-09 01:09 - 2014-08-09 01:09 - 00048960 _____ () C:\Program Files (x86)\Mumble\plugins\bf3.dll
2014-08-09 01:09 - 2014-08-09 01:09 - 00030528 _____ () C:\Program Files (x86)\Mumble\plugins\bfbc2.dll
2014-08-09 01:09 - 2014-08-09 01:09 - 00030528 _____ () C:\Program Files (x86)\Mumble\plugins\bfheroes.dll
2014-08-09 01:09 - 2014-08-09 01:09 - 00032064 _____ () C:\Program Files (x86)\Mumble\plugins\blacklight.dll
2014-08-09 01:09 - 2014-08-09 01:09 - 00033600 _____ () C:\Program Files (x86)\Mumble\plugins\borderlands.dll
2014-08-09 01:09 - 2014-08-09 01:09 - 00032064 _____ () C:\Program Files (x86)\Mumble\plugins\borderlands2.dll
2014-08-09 01:09 - 2014-08-09 01:09 - 00030528 _____ () C:\Program Files (x86)\Mumble\plugins\breach.dll
2014-08-09 01:09 - 2014-08-09 01:09 - 00030528 _____ () C:\Program Files (x86)\Mumble\plugins\cod2.dll
2014-08-09 01:09 - 2014-08-09 01:09 - 00032576 _____ () C:\Program Files (x86)\Mumble\plugins\cod4.dll
2014-08-09 01:09 - 2014-08-09 01:09 - 00030528 _____ () C:\Program Files (x86)\Mumble\plugins\cod5.dll
2014-08-09 01:09 - 2014-08-09 01:09 - 00030528 _____ () C:\Program Files (x86)\Mumble\plugins\codmw2.dll
2014-08-09 01:09 - 2014-08-09 01:09 - 00030528 _____ () C:\Program Files (x86)\Mumble\plugins\codmw2so.dll
2014-08-09 01:09 - 2014-08-09 01:09 - 00032064 _____ () C:\Program Files (x86)\Mumble\plugins\cs.dll
2014-08-09 01:09 - 2014-08-09 01:09 - 00047424 _____ () C:\Program Files (x86)\Mumble\plugins\dys.dll
2014-08-09 01:09 - 2014-08-09 01:09 - 00032576 _____ () C:\Program Files (x86)\Mumble\plugins\etqw.dll
2014-08-09 01:09 - 2014-08-09 01:09 - 00047424 _____ () C:\Program Files (x86)\Mumble\plugins\gmod.dll
2014-08-09 01:09 - 2014-08-09 01:09 - 00031040 _____ () C:\Program Files (x86)\Mumble\plugins\gtaiv.dll
2014-08-09 01:09 - 2014-08-09 01:09 - 00032576 _____ () C:\Program Files (x86)\Mumble\plugins\gw.dll
2014-08-09 01:09 - 2014-08-09 01:09 - 00047424 _____ () C:\Program Files (x86)\Mumble\plugins\insurgency.dll
2014-08-09 01:09 - 2014-08-09 01:09 - 00030528 _____ () C:\Program Files (x86)\Mumble\plugins\jc2.dll
2014-08-09 01:09 - 2014-08-09 01:09 - 00032576 _____ () C:\Program Files (x86)\Mumble\plugins\l4d.dll
2014-08-09 01:09 - 2014-08-09 01:09 - 00041792 _____ () C:\Program Files (x86)\Mumble\plugins\l4d2.dll
2014-08-09 01:09 - 2014-08-09 01:09 - 00028992 _____ () C:\Program Files (x86)\Mumble\plugins\link.dll
2014-08-09 01:09 - 2014-08-09 01:09 - 00032576 _____ () C:\Program Files (x86)\Mumble\plugins\lol.dll
2014-08-09 01:09 - 2014-08-09 01:09 - 00032576 _____ () C:\Program Files (x86)\Mumble\plugins\lotro.dll
2014-08-09 01:09 - 2014-08-09 01:09 - 00081216 _____ () C:\Program Files (x86)\Mumble\plugins\manual.dll
2014-08-09 01:09 - 2014-08-09 01:09 - 00033088 _____ () C:\Program Files (x86)\Mumble\plugins\sto.dll
2014-08-09 01:09 - 2014-08-09 01:09 - 00030528 _____ () C:\Program Files (x86)\Mumble\plugins\ut2004.dll
2014-08-09 01:09 - 2014-08-09 01:09 - 00030528 _____ () C:\Program Files (x86)\Mumble\plugins\ut3.dll
2014-08-09 01:09 - 2014-08-09 01:09 - 00042304 _____ () C:\Program Files (x86)\Mumble\plugins\ut99.dll
2014-08-09 01:09 - 2014-08-09 01:09 - 00034624 _____ () C:\Program Files (x86)\Mumble\plugins\wolfet.dll
2014-08-09 01:09 - 2014-08-09 01:09 - 00041792 _____ () C:\Program Files (x86)\Mumble\plugins\wow.dll
2014-10-21 15:18 - 2014-10-21 15:18 - 00081056 _____ () C:\Users\Josh\AppData\Local\Microsoft\SkyDrive\17.3.1229.0918\LoggingPlatform.DLL

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)


==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)


==================== EXE Association (whitelisted) =============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)


==================== MSCONFIG/TASK MANAGER disabled items =========

(Currently there is no automatic fix for this section.)

MSCONFIG\Services: AdAppMgrSvc => 2
MSCONFIG\Services: AdobeARMservice => 2
MSCONFIG\Services: AdobeFlashPlayerUpdateSvc => 3
MSCONFIG\Services: AOL ACS => 3
MSCONFIG\Services: Apache2.4 => 2
MSCONFIG\Services: Autodesk Licensing Service => 2
MSCONFIG\Services: Creative ALchemy AL6 Licensing Service => 3
MSCONFIG\Services: Creative Audio Engine Licensing Service => 3
MSCONFIG\Services: CTAudSvcService => 2
MSCONFIG\Services: FileZillaServer => 2
MSCONFIG\Services: FLEXnet Licensing Service => 3
MSCONFIG\Services: FlexNet Licensing Service 64 => 3
MSCONFIG\Services: Futuremark SystemInfo Service => 3
MSCONFIG\Services: gupdate => 2
MSCONFIG\Services: gupdatem => 3
MSCONFIG\Services: HiPatchService => 3
MSCONFIG\Services: lxdqCATSCustConnectService => 2
MSCONFIG\Services: lxdq_device => 2
MSCONFIG\Services: MBAMScheduler => 2
MSCONFIG\Services: MBAMService => 2
MSCONFIG\Services: mi-raysat_3dsmax2015_64 => 3
MSCONFIG\Services: mi-raysat_3dsmax8 => 2
MSCONFIG\Services: MozillaMaintenance => 3
MSCONFIG\Services: mysql => 2
MSCONFIG\Services: NvNetworkService => 2
MSCONFIG\Services: NvStreamSvc => 2
MSCONFIG\Services: nvsvc => 2
MSCONFIG\Services: nvUpdatusService => 2
MSCONFIG\Services: NzbDrone => 2
MSCONFIG\Services: ProtexisLicensing => 2
MSCONFIG\Services: Razer Game Scanner Service => 2
MSCONFIG\Services: RzMaelstromVADStreamingService => 2
MSCONFIG\Services: SkypeUpdate => 2
MSCONFIG\Services: Steam Client Service => 3
MSCONFIG\Services: Stereo Service => 2
MSCONFIG\Services: SwitchBoard => 3
MSCONFIG\Services: TabletServiceWacom => 2
MSCONFIG\Services: TouchServiceWacom => 2
MSCONFIG\Services: w7Svc => 3
MSCONFIG\Services: wxpSvc => 3
MSCONFIG\startupfolder: C:^Users^Josh^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Dropbox.lnk => C:\Windows\pss\Dropbox.lnk.Startup
MSCONFIG\startupfolder: C:^Users^Josh^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Send to OneNote.lnk => C:\Windows\pss\Send to OneNote.lnk.Startup
MSCONFIG\startupreg: Adobe ARM => "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
MSCONFIG\startupreg: AdobeAAMUpdater-1.0 => "C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe"
MSCONFIG\startupreg: AdobeCS5.5ServiceManager => "C:\Program Files (x86)\Common Files\Adobe\CS5.5ServiceManager\CS5.5ServiceManager.exe" -launchedbylogin
MSCONFIG\startupreg: ADSKAppManager => "C:\Program Files (x86)\Common Files\Autodesk Shared\AppManager\R1\AdAppMgr.exe" -showminimized -checkautorun
MSCONFIG\startupreg: Akamai NetSession Interface => "C:\Users\Josh\AppData\Local\Akamai\netsession_win.exe"
MSCONFIG\startupreg: amd_dc_opt => C:\Program Files (x86)\AMD\Dual-Core Optimizer\amd_dc_opt.exe
MSCONFIG\startupreg: AOL Fast Start => "C:\Program Files (x86)\AOL Desktop 9.7e\AOL.EXE" -b
MSCONFIG\startupreg: APSDaemon => "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
MSCONFIG\startupreg: CCleaner Monitoring => "C:\Program Files\CCleaner\CCleaner64.exe" /MONITOR
MSCONFIG\startupreg: CTRegRun => C:\Windows\CTRegRun.EXE
MSCONFIG\startupreg: CTxfiHlp => CTXFIHLP.EXE
MSCONFIG\startupreg: DAEMON Tools Lite => "C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe" -autorun
MSCONFIG\startupreg: EzPrint => "C:\Program Files (x86)\Lexmark Z2400 Series\ezprint.exe"
MSCONFIG\startupreg: Google Update => "C:\Users\Josh\AppData\Local\Google\Update\GoogleUpdate.exe" /c
MSCONFIG\startupreg: HostManager => C:\Program Files (x86)\Common Files\AOL\1326676198\ee\AOLSoftware.exe
MSCONFIG\startupreg: HP Software Update => C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe
MSCONFIG\startupreg: lxdqmon.exe => "C:\Program Files (x86)\Lexmark Z2400 Series\lxdqmon.exe"
MSCONFIG\startupreg: NvBackend => "C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe"
MSCONFIG\startupreg: Nvtmru => "C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\nvtmru.exe"
MSCONFIG\startupreg: QuickTime Task => "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
MSCONFIG\startupreg: Razer Synapse => "C:\Program Files (x86)\Razer\Synapse\RzSynapse.exe"
MSCONFIG\startupreg: RTHDVCPL => "C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe" -s
MSCONFIG\startupreg: ShadowPlay => C:\Windows\system32\rundll32.exe C:\Windows\system32\nvspcap64.dll,ShadowPlayOnSystemStart
MSCONFIG\startupreg: Skype => "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun
MSCONFIG\startupreg: Spotify Web Helper => "C:\Users\Josh\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe"
MSCONFIG\startupreg: Steam => "C:\Program Files (x86)\Steam\steam.exe" -silent
MSCONFIG\startupreg: SwitchBoard => C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe

========================= Accounts: ==========================

Administrator (S-1-5-21-1096825299-2601053131-2088073329-500 - Administrator - Disabled)
Guest (S-1-5-21-1096825299-2601053131-2088073329-501 - Limited - Enabled)
HomeGroupUser$ (S-1-5-21-1096825299-2601053131-2088073329-1002 - Limited - Enabled)
Josh (S-1-5-21-1096825299-2601053131-2088073329-1001 - Administrator - Enabled) => C:\Users\Josh

==================== Faulty Device Manager Devices =============

Name: PCI Simple Communications Controller
Description: PCI Simple Communications Controller
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

Name: VJoy Virtual Joystick
Description: VJoy Virtual Joystick
Class Guid: {745a17a0-74d3-11d0-b6fe-00a0c90f57da}
Manufacturer: Headsoft
Service: vhidmini
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.


==================== Event log errors: =========================

Application errors:
==================
Error: (12/15/2014 09:53:27 AM) (Source: Application Error) (EventID: 1005) (User: )
Description: Windows cannot access the file for one of the following reasons:
there is a problem with the network connection, the disk that the file is stored on, or the storage
drivers installed on this computer; or the disk is missing.
Windows closed the program gdbsim.exe because of this error.

Program: gdbsim.exe
File:

The error value is listed in the Additional Data section.
User Action
1. Open the file again.
This situation might be a temporary problem that corrects itself when the program runs again.
2.
If the file still cannot be accessed and
- It is on the network,
your network administrator should verify that there is not a problem with the network and that the server can be contacted.
- It is on a removable disk, for example, a floppy disk or CD-ROM, verify that the disk is fully inserted into the computer.
3. Check and repair the file system by running CHKDSK. To run CHKDSK, click Start, click Run, type CMD, and then click OK. At the command prompt, type CHKDSK /F, and then press ENTER.
4. If the problem persists, restore the file from a backup copy.
5. Determine whether other files on the same disk can be opened. If not, the disk might be damaged. If it is a hard disk, contact your administrator or computer hardware vendor for
further assistance.

Additional Data
Error value: C0000098
Disk type: 0

Error: (12/15/2014 09:53:27 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: gdbsim.exe, version: 0.0.0.0, time stamp: 0x5335e672
Faulting module name: FreeImage.dll, version: 0.0.0.0, time stamp: 0x00000000
Exception code: 0xc0000006
Fault offset: 0x0015215f
Faulting process id: 0xcac
Faulting application start time: 0xgdbsim.exe0
Faulting application path: gdbsim.exe1
Faulting module path: gdbsim.exe2
Report Id: gdbsim.exe3

Error: (12/15/2014 02:45:23 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: procexp64.exe, version: 15.20.0.0, time stamp: 0x4fcd5819
Faulting module name: msvcrt.dll, version: 7.0.7601.17744, time stamp: 0x4eeb033f
Exception code: 0xc0000005
Fault offset: 0x00000000000011cb
Faulting process id: 0x22e4
Faulting application start time: 0xprocexp64.exe0
Faulting application path: procexp64.exe1
Faulting module path: procexp64.exe2
Report Id: procexp64.exe3

Error: (12/14/2014 09:16:55 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: FRST64.exe, version: 13.12.2014.0, time stamp: 0x548c1125
Faulting module name: ntdll.dll, version: 6.1.7601.18247, time stamp: 0x521eaf24
Exception code: 0xc0000005
Fault offset: 0x0000000000029af6
Faulting process id: 0x3184
Faulting application start time: 0xFRST64.exe0
Faulting application path: FRST64.exe1
Faulting module path: FRST64.exe2
Report Id: FRST64.exe3

Error: (12/13/2014 09:22:57 PM) (Source: Microsoft-Windows-RestartManager) (EventID: 10006) (User: Josh-PC)
Description: Application or service 'DipAwayMode.exe' could not be shut down.

Error: (12/11/2014 09:27:18 AM) (Source: Application Error) (EventID: 1005) (User: )
Description: Windows cannot access the file for one of the following reasons:
there is a problem with the network connection, the disk that the file is stored on, or the storage
drivers installed on this computer; or the disk is missing.
Windows closed the program qphotorec_win.exe because of this error.

Program: qphotorec_win.exe
File:

The error value is listed in the Additional Data section.
User Action
1. Open the file again.
This situation might be a temporary problem that corrects itself when the program runs again.
2.
If the file still cannot be accessed and
- It is on the network,
your network administrator should verify that there is not a problem with the network and that the server can be contacted.
- It is on a removable disk, for example, a floppy disk or CD-ROM, verify that the disk is fully inserted into the computer.
3. Check and repair the file system by running CHKDSK. To run CHKDSK, click Start, click Run, type CMD, and then click OK. At the command prompt, type CHKDSK /F, and then press ENTER.
4. If the problem persists, restore the file from a backup copy.
5. Determine whether other files on the same disk can be opened. If not, the disk might be damaged. If it is a hard disk, contact your administrator or computer hardware vendor for
further assistance.

Additional Data
Error value: C0000098
Disk type: 0

Error: (12/11/2014 09:27:18 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: qphotorec_win.exe, version: 0.0.0.0, time stamp: 0x5464f199
Faulting module name: QtGui4.dll, version: 0.0.0.0, time stamp: 0x5364fc20
Exception code: 0xc0000006
Fault offset: 0x00781830
Faulting process id: 0x584
Faulting application start time: 0xqphotorec_win.exe0
Faulting application path: qphotorec_win.exe1
Faulting module path: qphotorec_win.exe2
Report Id: qphotorec_win.exe3

Error: (12/11/2014 06:01:10 AM) (Source: Application Error) (EventID: 1005) (User: )
Description: Windows cannot access the file for one of the following reasons:
there is a problem with the network connection, the disk that the file is stored on, or the storage
drivers installed on this computer; or the disk is missing.
Windows closed the program PhotoRec because of this error.

Program: PhotoRec
File:

The error value is listed in the Additional Data section.
User Action
1. Open the file again.
This situation might be a temporary problem that corrects itself when the program runs again.
2.
If the file still cannot be accessed and
- It is on the network,
your network administrator should verify that there is not a problem with the network and that the server can be contacted.
- It is on a removable disk, for example, a floppy disk or CD-ROM, verify that the disk is fully inserted into the computer.
3. Check and repair the file system by running CHKDSK. To run CHKDSK, click Start, click Run, type CMD, and then click OK. At the command prompt, type CHKDSK /F, and then press ENTER.
4. If the problem persists, restore the file from a backup copy.
5. Determine whether other files on the same disk can be opened. If not, the disk might be damaged. If it is a hard disk, contact your administrator or computer hardware vendor for
further assistance.

Additional Data
Error value: C0000098
Disk type: 0

Error: (12/11/2014 06:01:10 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: qphotorec_win.exe, version: 7.0.0.0, time stamp: 0x5464f199
Faulting module name: QtGui4.dll, version: 4.8.6.0, time stamp: 0x5364fc20
Exception code: 0xc0000006
Fault offset: 0x00776050
Faulting process id: 0x490
Faulting application start time: 0xqphotorec_win.exe0
Faulting application path: qphotorec_win.exe1
Faulting module path: qphotorec_win.exe2
Report Id: qphotorec_win.exe3

Error: (12/11/2014 05:00:43 AM) (Source: SideBySide) (EventID: 80) (User: )
Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" on line C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.


System errors:
=============
Error: (12/15/2014 09:56:06 AM) (Source: Disk) (EventID: 11) (User: )
Description: The driver detected a controller error on \Device\Harddisk2\DR2.

Error: (12/15/2014 01:14:54 AM) (Source: Microsoft Antimalware) (EventID: 2001) (User: )
Description: %NT AUTHORITY60 has encountered an error trying to update signatures.

New Signature Version:

Previous Signature Version: 1.189.2082.0

Update Source: %NT AUTHORITY59

Update Stage: 4.6.0305.00

Source Path: 4.6.0305.01

Signature Type: %NT AUTHORITY602

Update Type: %NT AUTHORITY604

User: NT AUTHORITY\SYSTEM

Current Engine Version: %NT AUTHORITY605

Previous Engine Version: %NT AUTHORITY606

Error code: %NT AUTHORITY607

Error description: %NT AUTHORITY608

Error: (12/15/2014 01:14:54 AM) (Source: Microsoft Antimalware) (EventID: 2001) (User: )
Description: %NT AUTHORITY60 has encountered an error trying to update signatures.

New Signature Version:

Previous Signature Version: 1.189.2082.0

Update Source: %NT AUTHORITY59

Update Stage: 4.6.0305.00

Source Path: 4.6.0305.01

Signature Type: %NT AUTHORITY602

Update Type: %NT AUTHORITY604

User: NT AUTHORITY\SYSTEM

Current Engine Version: %NT AUTHORITY605

Previous Engine Version: %NT AUTHORITY606

Error code: %NT AUTHORITY607

Error description: %NT AUTHORITY608

Error: (12/15/2014 01:14:54 AM) (Source: Microsoft Antimalware) (EventID: 2001) (User: )
Description: %NT AUTHORITY60 has encountered an error trying to update signatures.

New Signature Version:

Previous Signature Version: 1.189.2082.0

Update Source: %NT AUTHORITY59

Update Stage: 4.6.0305.00

Source Path: 4.6.0305.01

Signature Type: %NT AUTHORITY602

Update Type: %NT AUTHORITY604

User: NT AUTHORITY\SYSTEM

Current Engine Version: %NT AUTHORITY605

Previous Engine Version: %NT AUTHORITY606

Error code: %NT AUTHORITY607

Error description: %NT AUTHORITY608

Error: (12/14/2014 10:00:29 PM) (Source: Disk) (EventID: 11) (User: )
Description: The driver detected a controller error on \Device\Harddisk2\DR2.

Error: (12/14/2014 09:16:19 PM) (Source: Disk) (EventID: 11) (User: )
Description: The driver detected a controller error on \Device\Harddisk3\DR5.

Error: (12/14/2014 09:16:19 PM) (Source: Disk) (EventID: 11) (User: )
Description: The driver detected a controller error on \Device\Harddisk3\DR5.

Error: (12/14/2014 09:16:18 PM) (Source: Disk) (EventID: 11) (User: )
Description: The driver detected a controller error on \Device\Harddisk3\DR5.

Error: (12/14/2014 09:16:18 PM) (Source: Disk) (EventID: 11) (User: )
Description: The driver detected a controller error on \Device\Harddisk3\DR5.

Error: (12/14/2014 09:13:10 PM) (Source: Disk) (EventID: 11) (User: )
Description: The driver detected a controller error on \Device\Harddisk2\DR2.


Microsoft Office Sessions:
=========================
Error: (12/15/2014 09:53:27 AM) (Source: Application Error) (EventID: 1005) (User: )
Description: gdbsim.exeC00000980

Error: (12/15/2014 09:53:27 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: gdbsim.exe0.0.0.05335e672FreeImage.dll0.0.0.000000000c00000060015215fcac01d0174add8cc0d5H:\Program Files (x86)\Runtime Software\GetDataBack Simple\gdbsim.exeH:\Program Files (x86)\Runtime Software\GetDataBack Simple\FreeImage.dll1ff65390-846a-11e4-a301-00038a000015

Error: (12/15/2014 02:45:23 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: procexp64.exe15.20.0.04fcd5819msvcrt.dll7.0.7601.177444eeb033fc000000500000000000011cb22e401d0179204e911dbC:\Program Files (x86)\Process Explorer\procexp64.exeC:\Windows\system32\msvcrt.dll534e35b9-842e-11e4-a301-00038a000015

Error: (12/14/2014 09:16:55 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: FRST64.exe13.12.2014.0548c1125ntdll.dll6.1.7601.18247521eaf24c00000050000000000029af6318401d017ec2bde36beH:\FRST64.exeC:\Windows\SYSTEM32\ntdll.dll703899cd-8400-11e4-a301-00038a000015

Error: (12/13/2014 09:22:57 PM) (Source: Microsoft-Windows-RestartManager) (EventID: 10006) (User: Josh-PC)
Description: 1C:\Program Files (x86)\ASUS\AI Suite III\DIP4\DIPAwayMode\DipAwayMode.exeDipAwayMode.exe0211715520

Error: (12/11/2014 09:27:18 AM) (Source: Application Error) (EventID: 1005) (User: )
Description: qphotorec_win.exeC00000980

Error: (12/11/2014 09:27:18 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: qphotorec_win.exe0.0.0.05464f199QtGui4.dll0.0.0.05364fc20c00000060078183058401d01537dba7596aH:\testdisk-7.0-WIP\qphotorec_win.exeH:\testdisk-7.0-WIP\QtGui4.dllcef9d39d-8141-11e4-90c8-00038a000015

Error: (12/11/2014 06:01:10 AM) (Source: Application Error) (EventID: 1005) (User: )
Description: PhotoRecC00000980

Error: (12/11/2014 06:01:10 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: qphotorec_win.exe7.0.0.05464f199QtGui4.dll4.8.6.05364fc20c00000060077605049001d01529882a7c4eH:\testdisk-7.0-WIP\qphotorec_win.exeH:\testdisk-7.0-WIP\QtGui4.dll030e522c-8125-11e4-90c8-00038a000015

Error: (12/11/2014 05:00:43 AM) (Source: SideBySide) (EventID: 80) (User: )
Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifestC:\Program Files (x86)\ESET\ESET Online Scanner\ESETSmartInstaller.exe


CodeIntegrity Errors:
===================================
Date: 2014-12-11 20:49:28.448
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\recovered\recovered2\recup_dir.165\f930418320.exe because the set of per-page image hashes could not be found on the system.

Date: 2014-12-11 20:49:28.401
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\recovered\recovered2\recup_dir.165\f930418320.exe because the set of per-page image hashes could not be found on the system.

Date: 2014-12-11 20:48:53.551
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\recovered\recovered2\recup_dir.164\f911252320.exe because the set of per-page image hashes could not be found on the system.

Date: 2014-12-11 20:48:53.519
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\recovered\recovered2\recup_dir.164\f911252320.exe because the set of per-page image hashes could not be found on the system.

Date: 2014-12-11 20:46:45.038
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\recovered\recovered2\recup_dir.157\f858586696.exe because the set of per-page image hashes could not be found on the system.

Date: 2014-12-11 20:46:44.913
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\recovered\recovered2\recup_dir.157\f858586696.exe because the set of per-page image hashes could not be found on the system.

Date: 2014-12-11 20:46:04.665
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\recovered\recovered2\recup_dir.155\f820123000.exe because the set of per-page image hashes could not be found on the system.

Date: 2014-12-11 20:46:04.633
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\recovered\recovered2\recup_dir.155\f820123000.exe because the set of per-page image hashes could not be found on the system.

Date: 2014-12-11 20:45:29.611
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\recovered\recovered2\recup_dir.155\f778088496.dll because the set of per-page image hashes could not be found on the system.

Date: 2014-12-11 20:45:29.518
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\recovered\recovered2\recup_dir.155\f778088496.dll because the set of per-page image hashes could not be found on the system.


==================== Memory info ===========================

Processor: Intel® Core™ i5-4690K CPU @ 3.50GHz
Percentage of memory in use: 57%
Total physical RAM: 8135.3 MB
Available physical RAM: 3478.17 MB
Total Pagefile: 24404.07 MB
Available Pagefile: 18746.62 MB
Total Virtual: 8192 MB
Available Virtual: 8191.84 MB

==================== Drives ================================

Drive c: (Local Disk) (Fixed) (Total:465.76 GB) (Free:31.08 GB) NTFS ==>[Drive with boot components (obtained from BCD)]
Drive f: (New Volume) (Fixed) (Total:298.09 GB) (Free:10.85 GB) NTFS ==>[System with boot components (obtained from reading drive)]
Drive h: (MULTIBOOT) (Removable) (Total:3.73 GB) (Free:3.51 GB) FAT32
Drive i: (FreeAgent Drive) (Fixed) (Total:931.51 GB) (Free:39.49 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 3 (MBR Code: Windows 7 or 8) (Size: 3.8 GB) (Disk ID: C3072E18)
Partition 1: (Active) - (Size=3.7 GB) - (Type=0B)

==================== End Of Log ============================

#6 xXToffeeXx

xXToffeeXx

    Bleepin' Polar Bear


  • Malware Response Instructor
  • 6,085 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:The Arctic Circle
  • Local time:03:35 PM

Posted 17 December 2014 - 12:34 PM

Hi TheBladeRoden,
 
Running Combofix:

Please download Combofix from this link and save it to your desktop

  • Close any open browsers or any other programs that are open.
  • Double click on combofix.exe & follow the prompts.
  • When finished, it will produce a report for you.
  • You can also find the log here: C:\ComboFix.txt

Please also note:

  • Do not click combofix's window while it's running. That may cause combofix to stall.
  • Combofix may reboot your computer a number of times, this is normal.
  • If you receive an error, "Illegal operation attempted on a registry key that has been marked for deletion,"  then please restart the computer to resolve this.

--------------

To recap, in your next reply I would like to see the following. Make sure to copy & paste them unless I ask otherwise:

  • ComboFix.txt

xXToffeeXx~


~If I am helping you and you have not had a reply from me in two days, please send me a PM~

 

logo-25.pngID Ransomware - Identify What Ransomware Encrypted Your Files [Support Topic] - If we have helped you out and you want to support what we do, you can do so here

 

 ~Twitter~ | ~Malware Analyst at Emsisoft~


#7 TheBladeRoden

TheBladeRoden
  • Topic Starter

  • Members
  • 30 posts
  • OFFLINE
  •  
  • Local time:09:35 AM

Posted 18 December 2014 - 01:00 PM

Well I'll be out of town for the town for the next week, so we will have to continue this then. Thanks for the help though.

#8 xXToffeeXx

xXToffeeXx

    Bleepin' Polar Bear


  • Malware Response Instructor
  • 6,085 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:The Arctic Circle
  • Local time:03:35 PM

Posted 19 December 2014 - 12:07 PM

Hi TheBladeRoden,

 

No worries, thank you for telling me. I will wait for you reply.

 

xXToffeeXx~


~If I am helping you and you have not had a reply from me in two days, please send me a PM~

 

logo-25.pngID Ransomware - Identify What Ransomware Encrypted Your Files [Support Topic] - If we have helped you out and you want to support what we do, you can do so here

 

 ~Twitter~ | ~Malware Analyst at Emsisoft~


#9 TheBladeRoden

TheBladeRoden
  • Topic Starter

  • Members
  • 30 posts
  • OFFLINE
  •  
  • Local time:09:35 AM

Posted 26 December 2014 - 07:10 PM

ComboFix 14-12-25.01 - Josh 12/26/2014  10:02:14.2.4 - x64
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.1.1033.18.8135.5435 [GMT -5:00]
Running from: H:\ComboFix.exe
AV: Microsoft Security Essentials *Enabled/Updated* {4F35CFC4-45A3-FC37-EF17-759A02E39AB1}
SP: Microsoft Security Essentials *Enabled/Updated* {F4542E20-6399-F3B9-D5A7-4EE87964D00C}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\programdata\Local Settings\Temp
C:\Thumbs.db
c:\users\Josh\AppData\Local\installer.log
c:\users\Josh\AppData\Roaming\Dyyno
c:\users\Josh\AppData\Roaming\Dyyno\dgcsrv.xml
c:\users\Josh\AppData\Roaming\Dyyno\dyyno.xml
c:\users\Josh\AppData\Roaming\Scorch_Install.log
c:\users\Josh\Documents\complexreal.log
c:\users\Josh\Documents\Complexreal2.log
c:\users\Josh\Documents\Install STAR WARS The Old Republic.log
c:\users\Josh\Documents\L0419012.log
c:\users\Josh\Documents\L0531033.log
c:\users\Josh\videos\ffmpeg.exe
c:\users\Public\JRT.exe
c:\windows\msdownld.tmp
c:\windows\SysWow64\drivers\hwinterface.sys
c:\windows\SysWow64\SET2AC3.tmp
c:\windows\SysWow64\SET51CA.tmp
c:\windows\SysWow64\SET91F6.tmp
c:\windows\SysWow64\SETE970.tmp
c:\windows\SysWow64\u
I:\install.exe
.
.
(((((((((((((((((((((((((   Files Created from 2014-11-26 to 2014-12-26  )))))))))))))))))))))))))))))))
.
.
2014-12-26 15:50 . 2014-12-26 15:50 -------- d-----w- c:\users\Public\AppData\Local\temp
2014-12-26 15:50 . 2014-12-26 15:50 -------- d-----w- c:\users\hedev\AppData\Local\temp
2014-12-26 15:50 . 2014-12-26 15:50 -------- d-----w- c:\users\Default\AppData\Local\temp
2014-12-25 22:29 . 2014-12-25 22:29 75888 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{FE4FAD40-8AB0-4925-AF27-1F400670B66A}\offreg.dll
2014-12-25 22:24 . 2014-09-17 12:43 1188440 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{13F6B1D3-A6C0-4E3D-9D23-C988B626F385}\gapaengine.dll
2014-12-25 22:16 . 2014-12-02 10:26 11870360 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{FE4FAD40-8AB0-4925-AF27-1F400670B66A}\mpengine.dll
2014-12-25 22:09 . 2014-12-25 22:09 -------- d-----w- c:\windows\system32\appraiser
2014-12-17 22:48 . 2014-07-07 02:06 55808 ----a-w- c:\windows\system32\rrinstaller.exe
2014-12-17 22:48 . 2014-07-07 02:06 24576 ----a-w- c:\windows\system32\mfpmp.exe
2014-12-17 22:48 . 2014-07-07 02:02 2048 ----a-w- c:\windows\system32\mferror.dll
2014-12-17 22:48 . 2014-07-07 01:37 2048 ----a-w- c:\windows\SysWow64\mferror.dll
2014-12-17 22:48 . 2014-10-18 01:33 3209728 ----a-w- c:\windows\SysWow64\mf.dll
2014-12-17 22:48 . 2014-07-07 02:06 206848 ----a-w- c:\windows\system32\mfps.dll
2014-12-17 22:48 . 2014-07-07 01:40 103424 ----a-w- c:\windows\SysWow64\mfps.dll
2014-12-17 22:48 . 2014-07-07 01:39 50176 ----a-w- c:\windows\SysWow64\rrinstaller.exe
2014-12-17 22:48 . 2014-07-07 01:39 23040 ----a-w- c:\windows\SysWow64\mfpmp.exe
2014-12-17 22:48 . 2014-10-18 02:05 4121600 ----a-w- c:\windows\system32\mf.dll
2014-12-17 05:34 . 2014-12-02 10:26 11870360 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2014-12-16 11:41 . 2014-12-16 11:41 79064 ----a-w- c:\windows\system32\drivers\oalohsc.sys
2014-12-11 11:01 . 2014-12-11 11:01 -------- d-----w- c:\windows\SysWow64\%LOCALAPPDATA%
2014-12-10 22:12 . 2014-09-17 12:43 1188440 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{F81CAE02-11D3-4A2D-8DC7-400751337159}\gapaengine.dll
2014-12-10 12:04 . 2014-12-10 12:32 -------- d-----w- c:\users\Public\Suspicious
2014-12-10 10:31 . 2014-10-30 02:03 165888 ----a-w- c:\windows\system32\charmap.exe
2014-12-10 10:31 . 2014-10-30 01:45 155136 ----a-w- c:\windows\SysWow64\charmap.exe
2014-12-10 10:31 . 2014-11-08 03:16 2048 ----a-w- c:\windows\system32\tzres.dll
2014-12-10 10:31 . 2014-11-08 02:45 2048 ----a-w- c:\windows\SysWow64\tzres.dll
2014-12-10 03:00 . 2014-12-10 03:00 -------- d-----w- c:\program files (x86)\ESET
2014-12-09 17:14 . 2014-12-16 06:12 -------- d-----w- C:\FRST
2014-12-09 14:26 . 2014-12-09 14:26 -------- d-----w- c:\users\Josh\AppData\Roaming\www.shadowexplorer.com
2014-12-07 13:57 . 2014-12-07 13:57 -------- d-sh--w- c:\users\Josh\AppData\Local\EmieBrowserModeList
2014-11-30 07:27 . 2014-11-30 07:28 -------- d-----w- c:\users\Josh\AppData\Local\Deshaker
2014-11-30 06:47 . 2014-11-30 06:48 -------- d-----w- c:\program files\Hugin
2014-11-30 06:45 . 2014-11-30 06:45 -------- d-----w- c:\program files (x86)\Hugin
.
.
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2014-12-17 22:50 . 2012-01-11 12:10 112710672 ----a-w- c:\windows\system32\MRT.exe
2014-12-16 12:57 . 2012-07-05 04:24 701616 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2014-12-16 12:57 . 2012-07-03 04:26 71344 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2014-12-16 11:39 . 2014-10-20 12:06 129752 ----a-w- c:\windows\system32\drivers\MBAMSwissArmy.sys
2014-12-16 05:05 . 2014-10-21 07:42 35064 ----a-w- c:\windows\system32\drivers\TrueSight.sys
2014-12-08 18:02 . 2007-11-07 12:12 233472 ----a-w- C:\VC_RED.MSI
2014-12-08 18:02 . 2009-11-17 01:56 228221734 ----a-w- C:\Thunderbird emails.zip
2014-11-21 11:14 . 2014-10-20 11:51 63704 ----a-w- c:\windows\system32\drivers\mwac.sys
2014-11-21 11:14 . 2014-10-20 11:51 93400 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys
2014-11-21 11:14 . 2014-10-20 11:51 25816 ----a-w- c:\windows\system32\drivers\mbam.sys
2014-11-11 03:08 . 2014-11-18 23:29 241152 ----a-w- c:\windows\system32\pku2u.dll
2014-11-11 03:08 . 2014-11-18 23:29 728064 ----a-w- c:\windows\system32\kerberos.dll
2014-11-11 02:44 . 2014-11-18 23:29 186880 ----a-w- c:\windows\SysWow64\pku2u.dll
2014-11-11 02:44 . 2014-11-18 23:29 550912 ----a-w- c:\windows\SysWow64\kerberos.dll
2014-11-07 02:23 . 2014-11-07 02:23 9728 ----a-w- c:\windows\SysWow64\RzStats.IPC.dll
2014-11-03 12:54 . 2014-11-03 12:54 194048 ----a-w- c:\windows\SysWow64\elshyph.dll
2014-11-03 12:54 . 2014-11-03 12:54 71680 ----a-w- c:\windows\SysWow64\RegisterIEPKEYs.exe
2014-11-03 12:54 . 2014-11-03 12:54 645120 ----a-w- c:\windows\SysWow64\jsIntl.dll
2014-11-03 12:54 . 2014-11-03 12:54 62464 ----a-w- c:\windows\SysWow64\tdc.ocx
2014-11-03 12:54 . 2014-11-03 12:54 337408 ----a-w- c:\windows\SysWow64\html.iec
2014-11-03 12:54 . 2014-11-03 12:54 24576 ----a-w- c:\windows\SysWow64\licmgr10.dll
2014-11-03 12:54 . 2014-11-03 12:54 235008 ----a-w- c:\windows\system32\elshyph.dll
2014-11-03 12:54 . 2014-11-03 12:54 182272 ----a-w- c:\windows\SysWow64\msls31.dll
2014-11-03 12:54 . 2014-11-03 12:54 139264 ----a-w- c:\windows\SysWow64\wextract.exe
2014-11-03 12:54 . 2014-11-03 12:54 36352 ----a-w- c:\windows\SysWow64\imgutil.dll
2014-11-03 12:54 . 2014-11-03 12:54 151552 ----a-w- c:\windows\SysWow64\iexpress.exe
2014-11-03 12:54 . 2014-11-03 12:54 13312 ----a-w- c:\windows\SysWow64\mshta.exe
2014-11-03 12:54 . 2014-11-03 12:54 942592 ----a-w- c:\windows\system32\jsIntl.dll
2014-11-03 12:54 . 2014-11-03 12:54 86016 ----a-w- c:\windows\SysWow64\iesysprep.dll
2014-11-03 12:54 . 2014-11-03 12:54 86016 ----a-w- c:\windows\system32\RegisterIEPKEYs.exe
2014-11-03 12:54 . 2014-11-03 12:54 74240 ----a-w- c:\windows\SysWow64\SetIEInstalledDate.exe
2014-11-03 12:54 . 2014-11-03 12:54 52224 ----a-w- c:\windows\system32\msfeedsbs.dll
2014-11-03 12:54 . 2014-11-03 12:54 48640 ----a-w- c:\windows\SysWow64\mshtmler.dll
2014-11-03 12:54 . 2014-11-03 12:54 247808 ----a-w- c:\windows\system32\msls31.dll
2014-11-03 12:54 . 2014-11-03 12:54 13312 ----a-w- c:\windows\system32\msfeedssync.exe
2014-11-03 12:54 . 2014-11-03 12:54 111616 ----a-w- c:\windows\SysWow64\IEAdvpack.dll
2014-11-03 12:54 . 2014-11-03 12:54 90112 ----a-w- c:\windows\system32\SetIEInstalledDate.exe
2014-11-03 12:54 . 2014-11-03 12:54 81408 ----a-w- c:\windows\system32\icardie.dll
2014-11-03 12:54 . 2014-11-03 12:54 774144 ----a-w- c:\windows\system32\jscript.dll
2014-11-03 12:54 . 2014-11-03 12:54 77312 ----a-w- c:\windows\system32\tdc.ocx
2014-11-03 12:54 . 2014-11-03 12:54 62464 ----a-w- c:\windows\system32\pngfilt.dll
2014-11-03 12:54 . 2014-11-03 12:54 48640 ----a-w- c:\windows\system32\mshtmler.dll
2014-11-03 12:54 . 2014-11-03 12:54 48128 ----a-w- c:\windows\system32\imgutil.dll
2014-11-03 12:54 . 2014-11-03 12:54 413696 ----a-w- c:\windows\system32\html.iec
2014-11-03 12:54 . 2014-11-03 12:54 30208 ----a-w- c:\windows\system32\licmgr10.dll
2014-11-03 12:54 . 2014-11-03 12:54 243200 ----a-w- c:\windows\system32\webcheck.dll
2014-11-03 12:54 . 2014-11-03 12:54 235520 ----a-w- c:\windows\system32\url.dll
2014-11-03 12:54 . 2014-11-03 12:54 167424 ----a-w- c:\windows\system32\iexpress.exe
2014-11-03 12:54 . 2014-11-03 12:54 147968 ----a-w- c:\windows\system32\occache.dll
2014-11-03 12:54 . 2014-11-03 12:54 143872 ----a-w- c:\windows\system32\wextract.exe
2014-11-03 12:54 . 2014-11-03 12:54 13824 ----a-w- c:\windows\system32\mshta.exe
2014-11-03 12:54 . 2014-11-03 12:54 135680 ----a-w- c:\windows\system32\iepeers.dll
2014-11-03 12:54 . 2014-11-03 12:54 131072 ----a-w- c:\windows\system32\IEAdvpack.dll
2014-11-03 12:54 . 2014-11-03 12:54 105984 ----a-w- c:\windows\system32\iesysprep.dll
2014-11-03 12:54 . 2014-11-03 12:54 101376 ----a-w- c:\windows\system32\inseng.dll
2014-10-31 23:27 . 2014-11-18 05:08 37184 ----a-w- c:\windows\system32\drivers\rzpmgrk.sys
2014-10-30 11:25 . 2010-11-21 03:27 275080 ------w- c:\windows\system32\MpSigStub.exe
2014-10-25 01:57 . 2014-11-12 07:27 77824 ----a-w- c:\windows\system32\packager.dll
2014-10-25 01:32 . 2014-11-12 07:27 67584 ----a-w- c:\windows\SysWow64\packager.dll
2014-10-23 20:05 . 2014-11-18 05:09 129600 ----a-w- c:\windows\system32\drivers\rzpnk.sys
2014-10-21 08:44 . 2014-10-21 08:44 1962496 ----a-w- c:\users\Public\adwcleaner_4.001.exe
2014-10-21 07:29 . 2014-10-21 07:28 15725144 ----a-w- c:\users\Public\RogueKiller.exe
2014-10-20 04:39 . 2014-10-20 04:39 0 ----a-w- c:\windows\system32\hfvfa.dll
2014-10-19 23:21 . 2014-10-19 23:21 1912353 ----a-w- c:\users\Public\DrawDesigner_Setup.exe
2014-10-18 02:05 . 2014-11-12 07:26 861696 ----a-w- c:\windows\system32\oleaut32.dll
2014-10-18 01:33 . 2014-11-12 07:26 571904 ----a-w- c:\windows\SysWow64\oleaut32.dll
2014-10-14 02:16 . 2014-11-18 23:29 155064 ----a-w- c:\windows\system32\drivers\ksecpkg.sys
2014-10-14 02:13 . 2014-11-12 07:27 683520 ----a-w- c:\windows\system32\termsrv.dll
2014-10-14 02:13 . 2014-11-12 07:26 3241984 ----a-w- c:\windows\system32\msi.dll
2014-10-14 02:12 . 2014-11-18 23:29 1460736 ----a-w- c:\windows\system32\lsasrv.dll
2014-10-14 02:09 . 2014-11-12 07:27 146432 ----a-w- c:\windows\system32\msaudite.dll
2014-10-14 02:07 . 2014-11-12 07:27 681984 ----a-w- c:\windows\system32\adtschema.dll
2014-10-14 01:50 . 2014-11-18 23:29 22016 ----a-w- c:\windows\SysWow64\secur32.dll
2014-10-14 01:50 . 2014-11-12 07:26 2363904 ----a-w- c:\windows\SysWow64\msi.dll
2014-10-14 01:49 . 2014-11-18 23:29 96768 ----a-w- c:\windows\SysWow64\sspicli.dll
2014-10-14 01:47 . 2014-11-12 07:27 146432 ----a-w- c:\windows\SysWow64\msaudite.dll
2014-10-14 01:46 . 2014-11-12 07:27 681984 ----a-w- c:\windows\SysWow64\adtschema.dll
2014-10-10 00:57 . 2014-11-12 07:26 3198976 ----a-w- c:\windows\system32\win32k.sys
2014-10-06 18:00 . 2014-11-06 12:46 127488 ----a-w- c:\windows\system32\ff_vfw.dll
2014-10-06 18:00 . 2014-11-06 12:45 112640 ----a-w- c:\windows\SysWow64\ff_vfw.dll
2014-10-03 02:12 . 2014-11-12 07:27 500224 ----a-w- c:\windows\system32\AUDIOKSE.dll
2014-10-03 02:11 . 2014-11-12 07:27 284672 ----a-w- c:\windows\system32\EncDump.dll
2014-10-03 02:11 . 2014-11-12 07:27 680960 ----a-w- c:\windows\system32\audiosrv.dll
2014-10-03 02:11 . 2014-11-12 07:27 440832 ----a-w- c:\windows\system32\AudioEng.dll
2014-10-03 02:11 . 2014-11-12 07:27 296448 ----a-w- c:\windows\system32\AudioSes.dll
2014-10-03 01:44 . 2014-11-12 07:27 442880 ----a-w- c:\windows\SysWow64\AUDIOKSE.dll
2014-10-03 01:44 . 2014-11-12 07:27 374784 ----a-w- c:\windows\SysWow64\AudioEng.dll
2014-10-03 01:44 . 2014-11-12 07:27 195584 ----a-w- c:\windows\SysWow64\AudioSes.dll
.
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown 
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive1]
@="{F241C880-6982-4CE5-8CF7-7085BA96DA5A}"
[HKEY_CLASSES_ROOT\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A}]
2014-10-21 20:18 239272 ----a-w- c:\users\Josh\AppData\Local\Microsoft\SkyDrive\17.3.1229.0918\SkyDriveShell.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive2]
@="{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}"
[HKEY_CLASSES_ROOT\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}]
2014-10-21 20:18 239272 ----a-w- c:\users\Josh\AppData\Local\Microsoft\SkyDrive\17.3.1229.0918\SkyDriveShell.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive3]
@="{BBACC218-34EA-4666-9D7A-C78F2274A524}"
[HKEY_CLASSES_ROOT\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524}]
2014-10-21 20:18 239272 ----a-w- c:\users\Josh\AppData\Local\Microsoft\SkyDrive\17.3.1229.0918\SkyDriveShell.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt1"]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2014-06-24 22:04 131480 ----a-w- c:\users\Josh\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt2"]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2014-06-24 22:04 131480 ----a-w- c:\users\Josh\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt3"]
@="{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}]
2014-06-24 22:04 131480 ----a-w- c:\users\Josh\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt4"]
@="{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}]
2014-06-24 22:04 131480 ----a-w- c:\users\Josh\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt5"]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2014-06-24 22:04 131480 ----a-w- c:\users\Josh\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt6"]
@="{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}]
2014-06-24 22:04 131480 ----a-w- c:\users\Josh\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt7"]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2014-06-24 22:04 131480 ----a-w- c:\users\Josh\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt8"]
@="{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}]
2014-06-24 22:04 131480 ----a-w- c:\users\Josh\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\1TortoiseNormal]
@="{C5994560-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994560-53D9-4125-87C9-F193FC689CB2}]
2011-06-13 14:20 64792 ----a-w- c:\program files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\2TortoiseModified]
@="{C5994561-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994561-53D9-4125-87C9-F193FC689CB2}]
2011-06-13 14:20 64792 ----a-w- c:\program files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\3TortoiseConflict]
@="{C5994562-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994562-53D9-4125-87C9-F193FC689CB2}]
2011-06-13 14:20 64792 ----a-w- c:\program files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\4TortoiseLocked]
@="{C5994563-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994563-53D9-4125-87C9-F193FC689CB2}]
2011-06-13 14:20 64792 ----a-w- c:\program files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\5TortoiseReadOnly]
@="{C5994564-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994564-53D9-4125-87C9-F193FC689CB2}]
2011-06-13 14:20 64792 ----a-w- c:\program files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\6TortoiseDeleted]
@="{C5994565-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994565-53D9-4125-87C9-F193FC689CB2}]
2011-06-13 14:20 64792 ----a-w- c:\program files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\7TortoiseAdded]
@="{C5994566-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994566-53D9-4125-87C9-F193FC689CB2}]
2011-06-13 14:20 64792 ----a-w- c:\program files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\8TortoiseIgnored]
@="{C5994567-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994567-53D9-4125-87C9-F193FC689CB2}]
2011-06-13 14:20 64792 ----a-w- c:\program files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\9TortoiseUnversioned]
@="{C5994568-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994568-53D9-4125-87C9-F193FC689CB2}]
2011-06-13 14:20 64792 ----a-w- c:\program files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SkyDrive"="c:\users\Josh\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe" [2014-10-21 277672]
"AdobeBridge"="" [BU]
"AOL Fast Start"="c:\program files (x86)\AOL Desktop 9.7e\AOL.EXE" [2014-08-19 72296]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"USB3MON"="c:\program files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe" [2014-02-21 292848]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CtxfiReg"="CTXFIREG.exe" [2010-05-05 47104]
.
c:\users\Josh\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dropbox.lnk - c:\users\Josh\AppData\Roaming\Dropbox\bin\Dropbox.exe /systemstartup [2014-12-8 39207112]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux2"=wdmaud.drv
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R3 androidusb;SAMSUNG Android Composite ADB Interface Driver;c:\windows\system32\Drivers\ssadadb.sys;c:\windows\SYSNATIVE\Drivers\ssadadb.sys [x]
R3 cpuz135;cpuz135;c:\windows\TEMP\cpuz135\cpuz135_x64.sys;c:\windows\TEMP\cpuz135\cpuz135_x64.sys [x]
R3 cpuz136;cpuz136;c:\windows\TEMP\cpuz136\cpuz136_x64.sys;c:\windows\TEMP\cpuz136\cpuz136_x64.sys [x]
R3 CT20XUT;CT20XUT;c:\windows\system32\drivers\CT20XUT.SYS;c:\windows\SYSNATIVE\drivers\CT20XUT.SYS [x]
R3 CTEXFIFX;CTEXFIFX;c:\windows\system32\drivers\CTEXFIFX.SYS;c:\windows\SYSNATIVE\drivers\CTEXFIFX.SYS [x]
R3 CTHWIUT;CTHWIUT;c:\windows\system32\drivers\CTHWIUT.SYS;c:\windows\SYSNATIVE\drivers\CTHWIUT.SYS [x]
R3 EagleX64;EagleX64;c:\windows\system32\drivers\EagleX64.sys;c:\windows\SYSNATIVE\drivers\EagleX64.sys [x]
R3 EverestDriver;Lavalys EVEREST Kernel Driver;c:\program files (x86)\Lavalys\EVEREST Ultimate Edition\kerneld.amd64;c:\program files (x86)\Lavalys\EVEREST Ultimate Edition\kerneld.amd64 [x]
R3 HECIx64;Intel® Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys;c:\windows\SYSNATIVE\DRIVERS\HECIx64.sys [x]
R3 hidkmdf;KMDF Driver;c:\windows\system32\DRIVERS\hidkmdf.sys;c:\windows\SYSNATIVE\DRIVERS\hidkmdf.sys [x]
R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe;c:\windows\SYSNATIVE\IEEtwCollector.exe [x]
R3 ManyCam;ManyCam Virtual Webcam;c:\windows\system32\DRIVERS\mcvidrv_x64.sys;c:\windows\SYSNATIVE\DRIVERS\mcvidrv_x64.sys [x]
R3 mcaudrv_simple;ManyCam Virtual Microphone;c:\windows\system32\drivers\mcaudrv_x64.sys;c:\windows\SYSNATIVE\drivers\mcaudrv_x64.sys [x]
R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys;c:\windows\SYSNATIVE\DRIVERS\NisDrvWFP.sys [x]
R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\NisSrv.exe;c:\program files\Microsoft Security Client\NisSrv.exe [x]
R3 NvStreamKms;NvStreamKms;c:\program files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys;c:\program files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [x]
R3 pbfilter;pbfilter;c:\program files\PeerBlock\pbfilter.sys;c:\program files\PeerBlock\pbfilter.sys [x]
R3 Point64;Microsoft Mouse and Keyboard Center Filter Driver;c:\windows\system32\DRIVERS\point64.sys;c:\windows\SYSNATIVE\DRIVERS\point64.sys [x]
R3 PPJoyBus;Parallel Port Joystick Bus Enumerator;c:\windows\system32\DRIVERS\PPJoyBus64.sys;c:\windows\SYSNATIVE\DRIVERS\PPJoyBus64.sys [x]
R3 Razerlow;Razer Pro|Solutions;c:\windows\system32\drivers\Razerlow.sys;c:\windows\SYSNATIVE\drivers\Razerlow.sys [x]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys;c:\windows\SYSNATIVE\drivers\rdpvideominiport.sys [x]
R3 RTCore64;RTCore64;c:\program files (x86)\MSI Afterburner\RTCore64.sys;c:\program files (x86)\MSI Afterburner\RTCore64.sys [x]
R3 ssadbus;SAMSUNG Android USB Composite Device driver (WDM);c:\windows\system32\DRIVERS\ssadbus.sys;c:\windows\SYSNATIVE\DRIVERS\ssadbus.sys [x]
R3 ssadmdfl;SAMSUNG Android USB Modem (Filter);c:\windows\system32\DRIVERS\ssadmdfl.sys;c:\windows\SYSNATIVE\DRIVERS\ssadmdfl.sys [x]
R3 ssadmdm;SAMSUNG Android USB Modem Drivers;c:\windows\system32\DRIVERS\ssadmdm.sys;c:\windows\SYSNATIVE\DRIVERS\ssadmdm.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys;c:\windows\SYSNATIVE\drivers\TsUsbGD.sys [x]
R3 VsEtwService120;Visual Studio ETW Event Collection Service;c:\program files (x86)\Microsoft Visual Studio 12.0\Common7\Packages\Debugger\Services\VsEtwService.exe;c:\program files (x86)\Microsoft Visual Studio 12.0\Common7\Packages\Debugger\Services\VsEtwService.exe [x]
R3 WacHidRouter;Wacom Hid Router;c:\windows\system32\DRIVERS\wachidrouter.sys;c:\windows\SYSNATIVE\DRIVERS\wachidrouter.sys [x]
R3 wacomrouterfilter;Wacom Router Filter Driver;c:\windows\system32\DRIVERS\wacomrouterfilter.sys;c:\windows\SYSNATIVE\DRIVERS\wacomrouterfilter.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]
R4 AdAppMgrSvc;Autodesk Application Manager Service;c:\program files (x86)\Common Files\Autodesk Shared\AppManager\R1\AdAppMgrSvc.exe ;c:\program files (x86)\Common Files\Autodesk Shared\AppManager\R1\AdAppMgrSvc.exe  [x]
R4 Apache2.4;Apache2.4;c:\xampp\apache\bin\httpd.exe;c:\xampp\apache\bin\httpd.exe [x]
R4 Creative ALchemy AL6 Licensing Service;Creative ALchemy AL6 Licensing Service;c:\program files (x86)\Common Files\Creative Labs Shared\Service\AL6Licensing.exe;c:\program files (x86)\Common Files\Creative Labs Shared\Service\AL6Licensing.exe [x]
R4 Creative Audio Engine Licensing Service;Creative Audio Engine Licensing Service;c:\program files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe;c:\program files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe [x]
R4 FileZillaServer;FileZillaServer;c:\xampp\filezillaftp\filezillaserver.exe;c:\xampp\filezillaftp\filezillaserver.exe [x]
R4 FlexNet Licensing Service 64;FlexNet Licensing Service 64;c:\program files\Common Files\Macrovision Shared\FlexNet Publisher\FNPLicensingService64.exe;c:\program files\Common Files\Macrovision Shared\FlexNet Publisher\FNPLicensingService64.exe [x]
R4 Futuremark SystemInfo Service;Futuremark SystemInfo Service;c:\program files (x86)\Futuremark\SystemInfo\FMSISvc.exe;c:\program files (x86)\Futuremark\SystemInfo\FMSISvc.exe [x]
R4 HiPatchService;Hi-Rez Studios Authenticate and Update Service;f:\program files (x86)\Hi-Rez Studios\HiPatchService.exe;f:\program files (x86)\Hi-Rez Studios\HiPatchService.exe [x]
R4 lxdq_device;lxdq_device;c:\windows\system32\lxdqcoms.exe;c:\windows\SYSNATIVE\lxdqcoms.exe [x]
R4 lxdqCATSCustConnectService;lxdqCATSCustConnectService;c:\windows\system32\spool\DRIVERS\x64\3\\lxdqserv.exe;c:\windows\SYSNATIVE\spool\DRIVERS\x64\3\\lxdqserv.exe [x]
R4 mi-raysat_3dsmax2015_64;mental ray Satellite for Autodesk 3ds Max 2015 64-bit;f:\program files\Autodesk\3ds Max 2015\NVIDIA\Satellite\raysat_3dsmax2015_64server.exe;f:\program files\Autodesk\3ds Max 2015\NVIDIA\Satellite\raysat_3dsmax2015_64server.exe [x]
R4 NvNetworkService;NVIDIA Network Service;c:\program files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe;c:\program files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [x]
R4 NvStreamSvc;NVIDIA Streamer Service;c:\program files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe;c:\program files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [x]
R4 Razer Game Scanner Service;Razer Game Scanner;c:\program files (x86)\Razer\Razer Services\GSS\GameScannerService.exe;c:\program files (x86)\Razer\Razer Services\GSS\GameScannerService.exe [x]
R4 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe;c:\program files (x86)\Skype\Updater\Updater.exe [x]
R4 SwitchBoard;Adobe SwitchBoard;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [x]
R4 TabletServiceWacom;TabletServiceWacom;c:\program files\Tablet\Wacom\Wacom_Tablet.exe;c:\program files\Tablet\Wacom\Wacom_Tablet.exe [x]
R4 TouchServiceWacom;Wacom Professional Touch Service;c:\program files\Tablet\Wacom\Wacom_TouchService.exe;c:\program files\Tablet\Wacom\Wacom_TouchService.exe [x]
S0 iusb3hcs;Intel® USB 3.0 Host Controller Switch Driver;c:\windows\system32\DRIVERS\iusb3hcs.sys;c:\windows\SYSNATIVE\DRIVERS\iusb3hcs.sys [x]
S1 AsUpIO;AsUpIO;SysWow64\drivers\AsUpIO.sys;SysWow64\drivers\AsUpIO.sys [x]
S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys;c:\windows\SYSNATIVE\DRIVERS\dtsoftbus01.sys [x]
S2 asComSvc;ASUS Com Service;c:\program files (x86)\ASUS\AXSP\1.02.00\atkexComSvc.exe;c:\program files (x86)\ASUS\AXSP\1.02.00\atkexComSvc.exe [x]
S2 asHmComSvc;ASUS HM Com Service;c:\program files (x86)\ASUS\AAHM\1.00.22\aaHMSvc.exe;c:\program files (x86)\ASUS\AAHM\1.00.22\aaHMSvc.exe [x]
S2 AsusFanControlService;AsusFanControlService;c:\program files (x86)\ASUS\AsusFanControlService\1.05.08\AsusFanControlService.exe;c:\program files (x86)\ASUS\AsusFanControlService\1.05.08\AsusFanControlService.exe [x]
S2 rzpmgrk;rzpmgrk;c:\windows\system32\drivers\rzpmgrk.sys;c:\windows\SYSNATIVE\drivers\rzpmgrk.sys [x]
S2 rzpnk;rzpnk;c:\windows\system32\drivers\rzpnk.sys;c:\windows\SYSNATIVE\drivers\rzpnk.sys [x]
S3 ASUSFILTER;ASUSFILTER;SysWow64\drivers\ASUSFILTER.sys;SysWow64\drivers\ASUSFILTER.sys [x]
S3 CT20XUT.SYS;CT20XUT.SYS;c:\windows\System32\drivers\CT20XUT.SYS;c:\windows\SYSNATIVE\drivers\CT20XUT.SYS [x]
S3 CTEXFIFX.SYS;CTEXFIFX.SYS;c:\windows\System32\drivers\CTEXFIFX.SYS;c:\windows\SYSNATIVE\drivers\CTEXFIFX.SYS [x]
S3 CTHWIUT.SYS;CTHWIUT.SYS;c:\windows\System32\drivers\CTHWIUT.SYS;c:\windows\SYSNATIVE\drivers\CTHWIUT.SYS [x]
S3 ICCS;Intel® Integrated Clock Controller Service - Intel® ICCS;c:\program files (x86)\Intel\Intel® Integrated Clock Controller Service\ICCProxy.exe;c:\program files (x86)\Intel\Intel® Integrated Clock Controller Service\ICCProxy.exe [x]
S3 iusb3hub;Intel® USB 3.0 Hub Driver;c:\windows\system32\DRIVERS\iusb3hub.sys;c:\windows\SYSNATIVE\DRIVERS\iusb3hub.sys [x]
S3 iusb3xhc;Intel® USB 3.0 eXtensible Host Controller Driver;c:\windows\system32\DRIVERS\iusb3xhc.sys;c:\windows\SYSNATIVE\DRIVERS\iusb3xhc.sys [x]
S3 nvvad_WaveExtensible;NVIDIA Virtual Audio Device (Wave Extensible) (WDM);c:\windows\system32\drivers\nvvad64v.sys;c:\windows\SYSNATIVE\drivers\nvvad64v.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys;c:\windows\SYSNATIVE\DRIVERS\Rt64win7.sys [x]
S3 RZMAELSTROMVADService;Razer Surround Audio Enhancer Service;c:\windows\system32\drivers\RzMaelstromVAD.sys;c:\windows\SYSNATIVE\drivers\RzMaelstromVAD.sys [x]
S4 IOMap;IOMap;c:\windows\system32\drivers\IOMap64.sys;c:\windows\SYSNATIVE\drivers\IOMap64.sys [x]
.
.
Contents of the 'Scheduled Tasks' folder
.
2014-12-26 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-07-05 12:57]
.
2014-12-25 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2009-11-25 01:25]
.
2014-12-26 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2009-11-25 01:25]
.
2014-12-26 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1096825299-2601053131-2088073329-1001Core.job
- c:\users\Josh\AppData\Local\Google\Update\GoogleUpdate.exe [2011-07-09 20:00]
.
2014-11-14 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1096825299-2601053131-2088073329-1001UA.job
- c:\users\Josh\AppData\Local\Google\Update\GoogleUpdate.exe [2011-07-09 20:00]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive1]
@="{F241C880-6982-4CE5-8CF7-7085BA96DA5A}"
[HKEY_CLASSES_ROOT\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A}]
2014-10-21 20:18 266416 ----a-w- c:\users\Josh\AppData\Local\Microsoft\SkyDrive\17.3.1229.0918\amd64\SkyDriveShell64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive2]
@="{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}"
[HKEY_CLASSES_ROOT\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}]
2014-10-21 20:18 266416 ----a-w- c:\users\Josh\AppData\Local\Microsoft\SkyDrive\17.3.1229.0918\amd64\SkyDriveShell64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive3]
@="{BBACC218-34EA-4666-9D7A-C78F2274A524}"
[HKEY_CLASSES_ROOT\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524}]
2014-10-21 20:18 266416 ----a-w- c:\users\Josh\AppData\Local\Microsoft\SkyDrive\17.3.1229.0918\amd64\SkyDriveShell64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt1"]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2014-06-24 22:04 164760 ----a-w- c:\users\Josh\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt2"]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2014-06-24 22:04 164760 ----a-w- c:\users\Josh\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt3"]
@="{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}]
2014-06-24 22:04 164760 ----a-w- c:\users\Josh\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt4"]
@="{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}]
2014-06-24 22:04 164760 ----a-w- c:\users\Josh\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt5"]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2014-06-24 22:04 164760 ----a-w- c:\users\Josh\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt6"]
@="{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}]
2014-06-24 22:04 164760 ----a-w- c:\users\Josh\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt7"]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2014-06-24 22:04 164760 ----a-w- c:\users\Josh\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt8"]
@="{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}]
2014-06-24 22:04 164760 ----a-w- c:\users\Josh\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\1TortoiseNormal]
@="{C5994560-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994560-53D9-4125-87C9-F193FC689CB2}]
2011-06-13 14:20 75544 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\2TortoiseModified]
@="{C5994561-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994561-53D9-4125-87C9-F193FC689CB2}]
2011-06-13 14:20 75544 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\3TortoiseConflict]
@="{C5994562-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994562-53D9-4125-87C9-F193FC689CB2}]
2011-06-13 14:20 75544 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\4TortoiseLocked]
@="{C5994563-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994563-53D9-4125-87C9-F193FC689CB2}]
2011-06-13 14:20 75544 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\5TortoiseReadOnly]
@="{C5994564-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994564-53D9-4125-87C9-F193FC689CB2}]
2011-06-13 14:20 75544 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\6TortoiseDeleted]
@="{C5994565-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994565-53D9-4125-87C9-F193FC689CB2}]
2011-06-13 14:20 75544 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\7TortoiseAdded]
@="{C5994566-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994566-53D9-4125-87C9-F193FC689CB2}]
2011-06-13 14:20 75544 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\8TortoiseIgnored]
@="{C5994567-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994567-53D9-4125-87C9-F193FC689CB2}]
2011-06-13 14:20 75544 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\9TortoiseUnversioned]
@="{C5994568-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994568-53D9-4125-87C9-F193FC689CB2}]
2011-06-13 14:20 75544 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2014-08-22 1331288]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local;<local>
Trusted Zone: clonewarsadventures.com
Trusted Zone: freerealms.com
Trusted Zone: linkedin.com
Trusted Zone: rockfishdigital.com
Trusted Zone: soe.com
Trusted Zone: sony.com
Trusted Zone: theresumator.com\support
TCP: DhcpNameServer = 192.168.200.1
DPF: {E705A591-DA3C-4228-B0D5-A356DBA42FBF} - hxxp://ccfiles.creative.com/Web/softwareupdate/su2/ocx/20015/CTSUEng.cab
FF - ProfilePath - c:\users\Josh\AppData\Roaming\Mozilla\Firefox\Profiles\ln9glt2m.default\
FF - prefs.js: browser.startup.homepage - www.google.com
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-Locked - (no file)
Wow6432Node-HKLM-Run-<NO NAME> - (no file)
Toolbar-Locked - (no file)
AddRemove-PunkBusterSvc - c:\windows\system32\pbsvc.exe
.
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\services\EverestDriver]
"ImagePath"="\??\c:\program files (x86)\Lavalys\EVEREST Ultimate Edition\kerneld.amd64"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\Approved Extensions]
@Denied: (2) (LocalSystem)
"{18DF081C-E8AD-4283-A596-FA578C2EBDC3}"=hex:51,66,7a,6c,4c,1d,38,12,72,0b,cc,
   1c,9f,a6,ed,07,da,80,b9,17,89,70,f9,d7
"{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}"=hex:51,66,7a,6c,4c,1d,38,12,d5,94,07,
   72,c2,98,42,03,c9,fd,97,9a,f4,87,69,57
"{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}"=hex:51,66,7a,6c,4c,1d,38,12,07,5b,93,
   aa,6e,60,ba,0b,f0,6d,b2,b7,80,44,00,83
"{DBC80044-A445-435B-BC74-9C25C1C588A9}"=hex:51,66,7a,6c,4c,1d,38,12,2a,03,db,
   df,77,ea,35,06,c3,62,df,65,c4,9b,cc,bd
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\ApprovedExtensionsMigration]
@Denied: (2) (LocalSystem)
"Timestamp"=hex:14,9c,f8,c9,f5,24,ce,01
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (LocalSystem)
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
   d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,23,6f,2d,6b,e9,bb,51,4c,8f,9d,c5,\
"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
   d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,23,6f,2d,6b,e9,bb,51,4c,8f,9d,c5,\
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_14_0_0_145_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_14_0_0_145_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_8_800_75_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_8_800_75_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}]
@Denied: (A 2) (Everyone)
@="IFlashBroker6"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_14_0_0_145_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_14_0_0_145_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_8_800_75_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_8_800_75_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_14_0_0_145.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.14"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_14_0_0_145.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_14_0_0_145.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_14_0_0_145.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}]
@Denied: (A 2) (Everyone)
@="IFlashBroker6"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
"Key"="ActionsPane3"
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2014-12-26  10:54:11
ComboFix-quarantined-files.txt  2014-12-26 15:54
ComboFix2.txt  2014-12-08 18:01
.
Pre-Run: 19,978,485,760 bytes free
Post-Run: 21,621,944,320 bytes free
.
- - End Of File - - 6FF71E1C321D234BCDC0FC959CB38504
A36C5E4F47E84449FF07ED3517B43A31


#10 xXToffeeXx

xXToffeeXx

    Bleepin' Polar Bear


  • Malware Response Instructor
  • 6,085 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:The Arctic Circle
  • Local time:03:35 PM

Posted 27 December 2014 - 01:54 PM

Hi TheBladeRoden,

 

Please re-run FRST from the desktop (like you did before) and press the scan button. It will produce a FRST.txt log located on the desktop. Please copy and paste the log into your next reply.

 

xXToffeeXx~


~If I am helping you and you have not had a reply from me in two days, please send me a PM~

 

logo-25.pngID Ransomware - Identify What Ransomware Encrypted Your Files [Support Topic] - If we have helped you out and you want to support what we do, you can do so here

 

 ~Twitter~ | ~Malware Analyst at Emsisoft~


#11 TheBladeRoden

TheBladeRoden
  • Topic Starter

  • Members
  • 30 posts
  • OFFLINE
  •  
  • Local time:09:35 AM

Posted 28 December 2014 - 08:12 AM

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 27-12-2014
Ran by Josh (administrator) on JOSH-PC on 28-12-2014 08:02:05
Running from H:\
Loaded Profile: Josh (Available profiles: Josh)
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: English (United States)
Internet Explorer Version 11
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
() C:\Program Files (x86)\ASUS\AXSP\1.02.00\atkexComSvc.exe
(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\AAHM\1.00.22\aaHMSvc.exe
(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\AsusFanControlService\1.05.08\AsusFanControlService.exe
() C:\Windows\SysWOW64\PnkBstrA.exe
(Microsoft Corporation) C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
(Microsoft Corporation) C:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe
(Microsoft Corporation) C:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe
() C:\Program Files (x86)\ASUS\AI Suite III\EZ Update\EzUpdt.exe
(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\AI Suite III\AISuite3.exe
() C:\Program Files (x86)\ASUS\AI Suite III\DIP4\DIPAwayMode\DipAwayMode.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.25.11\GoogleCrashHandler.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.25.11\GoogleCrashHandler64.exe
(AOL Inc.) C:\Program Files (x86)\Common Files\aol\1326676198\ee\aolsoftware.exe
() C:\Program Files (x86)\ASUS\AI Suite III\Push Notice\PushNoticeMonitor.exe
() C:\Program Files (x86)\ASUS\AI Suite III\Push Notice\PushNotify_PCCtrl.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Integrated Clock Controller Service\ICCProxy.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\AAM Updates Notifier.exe
() C:\Program Files\AutoHotkey\AutoHotkey.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(Microsoft Corporation) C:\Windows\System32\taskmgr.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\NisSrv.exe
(Google Inc.) C:\Users\Josh\AppData\Local\Google\Update\GoogleUpdate.exe
(Thorvald Natvig) C:\Program Files (x86)\Mumble\mumble.exe
(Microsoft Corporation) C:\Windows\SysWOW64\dllhost.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AcroRd32.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AcroRd32.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
(Microsoft Corporation) C:\Windows\splwow64.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Microsoft Corporation) C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Sysinternals - www.sysinternals.com) C:\Program Files (x86)\Process Explorer\procexp64.exe
(Valve Corporation) C:\Program Files (x86)\Steam\Steam.exe
(Valve Corporation) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
(Valve Corporation) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe

==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [MSC] => C:\Program Files\Microsoft Security Client\msseces.exe [1331288 2014-08-22] (Microsoft Corporation)
HKLM-x32\...\Run: [USB3MON] => C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe [292848 2014-02-21] (Intel Corporation)
HKLM-x32\...\Run: [] => [X]
HKU\S-1-5-21-1096825299-2601053131-2088073329-1001\...\Run: [SkyDrive] => C:\Users\Josh\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe [277672 2014-10-21] (Microsoft Corporation)
HKU\S-1-5-21-1096825299-2601053131-2088073329-1001\...\Run: [AdobeBridge] => [X]
HKU\S-1-5-21-1096825299-2601053131-2088073329-1001\...\Run: [AOL Fast Start] => C:\Program Files (x86)\AOL Desktop 9.7e\AOL.EXE [72296 2014-08-19] (AOL Inc.)
HKU\S-1-5-18\...\Run: [CtxfiReg] => CTXFIREG.exe /FAIL1
Startup: C:\Users\Josh\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk -> C:\Users\Josh\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [1TortoiseNormal] -> {C5994560-53D9-4125-87C9-F193FC689CB2} => C:\Program Files\Common Files\TortoiseOverlays\TortoiseOverlays.dll (http://tortoisesvn.net)
ShellIconOverlayIdentifiers: [2TortoiseModified] -> {C5994561-53D9-4125-87C9-F193FC689CB2} => C:\Program Files\Common Files\TortoiseOverlays\TortoiseOverlays.dll (http://tortoisesvn.net)
ShellIconOverlayIdentifiers: [3TortoiseConflict] -> {C5994562-53D9-4125-87C9-F193FC689CB2} => C:\Program Files\Common Files\TortoiseOverlays\TortoiseOverlays.dll (http://tortoisesvn.net)
ShellIconOverlayIdentifiers: [4TortoiseLocked] -> {C5994563-53D9-4125-87C9-F193FC689CB2} => C:\Program Files\Common Files\TortoiseOverlays\TortoiseOverlays.dll (http://tortoisesvn.net)
ShellIconOverlayIdentifiers: [5TortoiseReadOnly] -> {C5994564-53D9-4125-87C9-F193FC689CB2} => C:\Program Files\Common Files\TortoiseOverlays\TortoiseOverlays.dll (http://tortoisesvn.net)
ShellIconOverlayIdentifiers: [6TortoiseDeleted] -> {C5994565-53D9-4125-87C9-F193FC689CB2} => C:\Program Files\Common Files\TortoiseOverlays\TortoiseOverlays.dll (http://tortoisesvn.net)
ShellIconOverlayIdentifiers: [7TortoiseAdded] -> {C5994566-53D9-4125-87C9-F193FC689CB2} => C:\Program Files\Common Files\TortoiseOverlays\TortoiseOverlays.dll (http://tortoisesvn.net)
ShellIconOverlayIdentifiers: [8TortoiseIgnored] -> {C5994567-53D9-4125-87C9-F193FC689CB2} => C:\Program Files\Common Files\TortoiseOverlays\TortoiseOverlays.dll (http://tortoisesvn.net)
ShellIconOverlayIdentifiers: [9TortoiseUnversioned] -> {C5994568-53D9-4125-87C9-F193FC689CB2} => C:\Program Files\Common Files\TortoiseOverlays\TortoiseOverlays.dll (http://tortoisesvn.net)
ShellIconOverlayIdentifiers-x32: [1TortoiseNormal] -> {C5994560-53D9-4125-87C9-F193FC689CB2} => C:\Program Files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll (http://tortoisesvn.net)
ShellIconOverlayIdentifiers-x32: [2TortoiseModified] -> {C5994561-53D9-4125-87C9-F193FC689CB2} => C:\Program Files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll (http://tortoisesvn.net)
ShellIconOverlayIdentifiers-x32: [3TortoiseConflict] -> {C5994562-53D9-4125-87C9-F193FC689CB2} => C:\Program Files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll (http://tortoisesvn.net)
ShellIconOverlayIdentifiers-x32: [4TortoiseLocked] -> {C5994563-53D9-4125-87C9-F193FC689CB2} => C:\Program Files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll (http://tortoisesvn.net)
ShellIconOverlayIdentifiers-x32: [5TortoiseReadOnly] -> {C5994564-53D9-4125-87C9-F193FC689CB2} => C:\Program Files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll (http://tortoisesvn.net)
ShellIconOverlayIdentifiers-x32: [6TortoiseDeleted] -> {C5994565-53D9-4125-87C9-F193FC689CB2} => C:\Program Files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll (http://tortoisesvn.net)
ShellIconOverlayIdentifiers-x32: [7TortoiseAdded] -> {C5994566-53D9-4125-87C9-F193FC689CB2} => C:\Program Files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll (http://tortoisesvn.net)
ShellIconOverlayIdentifiers-x32: [8TortoiseIgnored] -> {C5994567-53D9-4125-87C9-F193FC689CB2} => C:\Program Files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll (http://tortoisesvn.net)
ShellIconOverlayIdentifiers-x32: [9TortoiseUnversioned] -> {C5994568-53D9-4125-87C9-F193FC689CB2} => C:\Program Files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll (http://tortoisesvn.net)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\S-1-5-21-1096825299-2601053131-2088073329-1001\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/?ocid=iehp
HKU\S-1-5-21-1096825299-2601053131-2088073329-1001\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
BHO: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: Skype add-on for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.)
BHO: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Skype Browser Helper -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
DPF: HKLM-x32 {74DBCB52-F298-4110-951D-AD2FF67BC8AB} http://www.nvidia.com/content/DriverDownload/nforce/NvidiaSmartScan.cab
DPF: HKLM-x32 {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab
DPF: HKLM-x32 {D27CDB6E-AE6D-11CF-96B8-444553540000} http://active.macromedia.com/flash2/cabs/swflash.cab
DPF: HKLM-x32 {D4B68B83-8710-488B-A692-D74B50BA558E} http://ccfiles.creative.com/Web/softwareupdate/ocx/15113/CTPIDPDE.cab
DPF: HKLM-x32 {E705A591-DA3C-4228-B0D5-A356DBA42FBF} http://ccfiles.creative.com/Web/softwareupdate/su2/ocx/20015/CTSUEng.cab
DPF: HKLM-x32 {F6ACF75C-C32C-447B-9BEF-46B766368D29} http://ccfiles.creative.com/Web/softwareupdate/ocx/130321/CTPID.cab
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.)
Handler-x32: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 192.168.200.1

FireFox:
========
FF ProfilePath: C:\Users\Josh\AppData\Roaming\Mozilla\Firefox\Profiles\ln9glt2m.default
FF DefaultSearchEngine: Yahoo
FF Homepage: www.google.com
FF NetworkProxy: "no_proxies_on", "*.local"
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_16_0_0_235.dll ()
FF Plugin: @java.com/DTPlugin,version=10.45.2 -> C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.45.2 -> C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @wacom.com/wtPlugin,version=2.1.0.2 -> C:\Program Files\TabletPlugins\npWacomTabletPlugin.dll (Wacom)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_16_0_0_235.dll ()
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\Windows\SysWOW64\Adobe\Director\np32dsw_1204144.dll (Adobe Systems, Inc.)
FF Plugin-x32: @esn.me/esnsonar,version=0.70.4 -> C:\Program Files (x86)\Battlelog Web Plugins\Sonar\0.70.4\npesnsonar.dll (ESN Social Software AB)
FF Plugin-x32: @esn/esnlaunch,version=1.110.0 -> C:\Program Files (x86)\Battlelog Web Plugins\1.110.0\npesnlaunch.dll No File
FF Plugin-x32: @esn/esnlaunch,version=2.3.0 -> C:\Program Files (x86)\Battlelog Web Plugins\2.3.0\npesnlaunch.dll (ESN Social Software AB)
FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/pdf -> C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll (Foxit Corporation)
FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin-x32: @java.com/JavaPlugin,version=10.9.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/Photosynth,version=2.0 -> C:\Program Files (x86)\Photosynth\npPhotosynthMozilla.dll ()
FF Plugin-x32: @pandonetworks.com/PandoWebPlugin -> C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF Plugin-x32: @Sibelius.com/Scorch Plugin,version=6.2.0.88 -> C:\Program Files (x86)\Sibelius Software\Scorch\npsibelius.dll ()
FF Plugin-x32: @soe.sony.com/installer,version=1.0.3 -> C:\Users\Josh\AppData\LocalLow\Sony Online Entertainment\npsoe.dll ()
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @wacom.com/wtPlugin,version=2.0.0.6 -> C:\Program Files (x86)\TabletPlugins\npWacomTabletPlugin.dll (Wacom)
FF Plugin-x32: @wacom.com/wtPlugin,version=2.1.0.2 -> C:\Program Files (x86)\TabletPlugins\npWacomTabletPlugin.dll (Wacom)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-1096825299-2601053131-2088073329-1001: @talk.google.com/GoogleTalkPlugin -> C:\Users\Josh\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll (Google)
FF Plugin HKU\S-1-5-21-1096825299-2601053131-2088073329-1001: @talk.google.com/O1DPlugin -> C:\Users\Josh\AppData\Roaming\Mozilla\plugins\npo1d.dll (Google)
FF Plugin HKU\S-1-5-21-1096825299-2601053131-2088073329-1001: @tools.google.com/Google Update;version=3 -> C:\Users\Josh\AppData\Local\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKU\S-1-5-21-1096825299-2601053131-2088073329-1001: @tools.google.com/Google Update;version=9 -> C:\Users\Josh\AppData\Local\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKU\S-1-5-21-1096825299-2601053131-2088073329-1001: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\Josh\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
FF Plugin HKU\S-1-5-21-1096825299-2601053131-2088073329-1001: pandonetworks.com/PandoWebPlugin -> C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF Plugin HKU\S-1-5-21-1096825299-2601053131-2088073329-1001: wacom.com/WacomTabletPlugin -> C:\Program Files\TabletPlugins\npWacomTabletPlugin.dll (Wacom)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npFoxitReaderPlugin.dll (Foxit Software Company)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin2.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin3.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin4.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin5.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin6.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin7.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\NPSibelius.dll ()
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npViewpoint.dll ()
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npwachk.dll (Nullsoft, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\PDFNetC.dll (PDFTron Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\ScorchAxPlugin.dll ()
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\ScorchPDFWrapper.dll ()
FF Plugin ProgramFiles/Appdata: C:\Users\Josh\AppData\Roaming\mozilla\plugins\npgoogletalk.dll (Google)
FF Plugin ProgramFiles/Appdata: C:\Users\Josh\AppData\Roaming\mozilla\plugins\npo1d.dll (Google)
FF Extension: Linky - C:\Users\Josh\AppData\Roaming\Mozilla\Firefox\Profiles\ln9glt2m.default\Extensions\linky@gemal.dk [2010-02-25]
FF Extension: Move Media Player - C:\Users\Josh\AppData\Roaming\Mozilla\Firefox\Profiles\ln9glt2m.default\Extensions\moveplayer@movenetworks.com [2010-02-25]
FF Extension: NetVideoHunter - C:\Users\Josh\AppData\Roaming\Mozilla\Firefox\Profiles\ln9glt2m.default\Extensions\netvideohunter@netvideohunter.com [2014-07-28]
FF Extension: TooManyTabs - C:\Users\Josh\AppData\Roaming\Mozilla\Firefox\Profiles\ln9glt2m.default\Extensions\TooManyTabs@visibotech.com [2014-05-29]
FF Extension: SwitchProxy Tool - C:\Users\Josh\AppData\Roaming\Mozilla\Firefox\Profiles\ln9glt2m.default\Extensions\{27A2FD41-CB23-4518-AB5C-C25BAFFDE531} [2010-02-25]
FF Extension: All-in-One Gestures - C:\Users\Josh\AppData\Roaming\Mozilla\Firefox\Profiles\ln9glt2m.default\Extensions\{8b86149f-01fb-4842-9dd8-4d7eb02fd055} [2013-06-30]
FF Extension: Flash and Video Download - C:\Users\Josh\AppData\Roaming\Mozilla\Firefox\Profiles\ln9glt2m.default\Extensions\{bee6eb20-01e0-ebd1-da83-080329fb9a3a} [2014-12-08]
FF Extension: Memory Fox - C:\Users\Josh\AppData\Roaming\Mozilla\Firefox\Profiles\ln9glt2m.default\Extensions\{E173B749-DB5B-4fd2-BA0E-94ECEA0CA55B} [2012-12-25]
FF Extension: Copy Urls Expert - C:\Users\Josh\AppData\Roaming\Mozilla\Firefox\Profiles\ln9glt2m.default\Extensions\copy-urls-expert@kashiif-gmail.com.xpi [2014-12-08]
FF Extension: feedly - C:\Users\Josh\AppData\Roaming\Mozilla\Firefox\Profiles\ln9glt2m.default\Extensions\feedly@devhd.xpi [2014-12-08]
FF Extension: ImageBlock - C:\Users\Josh\AppData\Roaming\Mozilla\Firefox\Profiles\ln9glt2m.default\Extensions\imageblock@hemantvats.com.xpi [2014-12-08]
FF Extension: Duplicate Tab Closer - C:\Users\Josh\AppData\Roaming\Mozilla\Firefox\Profiles\ln9glt2m.default\Extensions\jid0-NJpvNmBQ6KFZ471TOMBdXkoX7O0@jetpack.xpi [2014-12-08]
FF Extension: Enhanced Steam - C:\Users\Josh\AppData\Roaming\Mozilla\Firefox\Profiles\ln9glt2m.default\Extensions\jid0-SmvlvxGpvCyG252KbVMqIKR79Uc@jetpack.xpi [2014-12-08]
FF Extension: Visited - C:\Users\Josh\AppData\Roaming\Mozilla\Firefox\Profiles\ln9glt2m.default\Extensions\jid0-xGZYdxpAkROWMUMfWKINyrXigBA@jetpack.xpi [2014-12-08]
FF Extension: NumberedTabs - C:\Users\Josh\AppData\Roaming\Mozilla\Firefox\Profiles\ln9glt2m.default\Extensions\jid1-FA0TUpd6LPmQfA@jetpack.xpi [2014-12-08]
FF Extension: Free Memory - C:\Users\Josh\AppData\Roaming\Mozilla\Firefox\Profiles\ln9glt2m.default\Extensions\jid1-n85lxPv1NAWVTQ@jetpack.xpi [2014-12-08]
FF Extension: Reddit Enhancement Suite - C:\Users\Josh\AppData\Roaming\Mozilla\Firefox\Profiles\ln9glt2m.default\Extensions\jid1-xUfzOsOFlzSOXg@jetpack.xpi [2014-12-08]
FF Extension: My Weekly Browsing Schedule - C:\Users\Josh\AppData\Roaming\Mozilla\Firefox\Profiles\ln9glt2m.default\Extensions\myweeklybrowsingschedule@gmail.com.xpi [2014-12-08]
FF Extension: ScrapBook Plus - C:\Users\Josh\AppData\Roaming\Mozilla\Firefox\Profiles\ln9glt2m.default\Extensions\scrapbookplus@addons.mozilla.org.xpi [2014-12-08]
FF Extension: FastestFox - C:\Users\Josh\AppData\Roaming\Mozilla\Firefox\Profiles\ln9glt2m.default\Extensions\smarterwiki@wikiatic.com.xpi [2014-12-08]
FF Extension: Test Pilot - C:\Users\Josh\AppData\Roaming\Mozilla\Firefox\Profiles\ln9glt2m.default\Extensions\testpilot@labs.mozilla.com.xpi [2014-12-08]
FF Extension: The Addon Bar (restored) - C:\Users\Josh\AppData\Roaming\Mozilla\Firefox\Profiles\ln9glt2m.default\Extensions\the-addon-bar@GeekInTraining-GiT.xpi [2014-12-08]
FF Extension: UnloadTab - C:\Users\Josh\AppData\Roaming\Mozilla\Firefox\Profiles\ln9glt2m.default\Extensions\unloadtab@firefox.ext.xpi [2014-12-08]
FF Extension: Session Manager - C:\Users\Josh\AppData\Roaming\Mozilla\Firefox\Profiles\ln9glt2m.default\Extensions\{1280606b-2510-4fe0-97ef-9b5a22eafe30}.xpi [2014-12-08]
FF Extension: TweakTube - C:\Users\Josh\AppData\Roaming\Mozilla\Firefox\Profiles\ln9glt2m.default\Extensions\{15e67a59-bd3d-49ae-90dd-b3d3fd14c2ed}.xpi [2014-12-08]
FF Extension: Stylish - C:\Users\Josh\AppData\Roaming\Mozilla\Firefox\Profiles\ln9glt2m.default\Extensions\{46551EC9-40F0-4e47-8E18-8E5CF550CFB8}.xpi [2014-12-08]
FF Extension: ScrapBook - C:\Users\Josh\AppData\Roaming\Mozilla\Firefox\Profiles\ln9glt2m.default\Extensions\{53A03D43-5363-4669-8190-99061B2DEBA5}.xpi [2014-12-08]
FF Extension: CacheViewer - C:\Users\Josh\AppData\Roaming\Mozilla\Firefox\Profiles\ln9glt2m.default\Extensions\{71328583-3CA7-4809-B4BA-570A85818FBB}.xpi [2014-12-08]
FF Extension: Copy Links - C:\Users\Josh\AppData\Roaming\Mozilla\Firefox\Profiles\ln9glt2m.default\Extensions\{76C80A11-FAD4-406c-8246-F5ED4F9367B5}.xpi [2012-07-10]
FF Extension: ReloadEvery - C:\Users\Josh\AppData\Roaming\Mozilla\Firefox\Profiles\ln9glt2m.default\Extensions\{888d99e7-e8b5-46a3-851e-1ec45da1e644}.xpi [2014-12-08]
FF Extension: CoolPreviews - C:\Users\Josh\AppData\Roaming\Mozilla\Firefox\Profiles\ln9glt2m.default\Extensions\{CE6E6E3B-84DD-4cac-9F63-8D2AE4F30A4B}.xpi [2014-12-08]
FF Extension: Adblock Plus - C:\Users\Josh\AppData\Roaming\Mozilla\Firefox\Profiles\ln9glt2m.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2014-12-08]
FF Extension: Tab Mix Plus - C:\Users\Josh\AppData\Roaming\Mozilla\Firefox\Profiles\ln9glt2m.default\Extensions\{dc572301-7619-498c-a57d-39143191b318}.xpi [2014-12-08]
FF Extension: DownThemAll! - C:\Users\Josh\AppData\Roaming\Mozilla\Firefox\Profiles\ln9glt2m.default\Extensions\{DDC359D1-844A-42a7-9AA1-88A850A938A8}.xpi [2014-12-08]
FF Extension: Greasemonkey - C:\Users\Josh\AppData\Roaming\Mozilla\Firefox\Profiles\ln9glt2m.default\Extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}.xpi [2014-12-08]
FF Extension: No Name - C:\Users\Josh\AppData\Roaming\Mozilla\Firefox\Profiles\lc1scjdp.Troubleshooting\Extensions\linky@gemal.dk.xpi [2013-03-07]
FF Extension: No Name - C:\Users\Josh\AppData\Roaming\Mozilla\Firefox\Profiles\lc1scjdp.Troubleshooting\Extensions\testpilot@labs.mozilla.com.xpi [2013-01-24]
FF Extension: No Name - C:\Users\Josh\AppData\Roaming\Mozilla\Firefox\Profiles\lc1scjdp.Troubleshooting\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2013-11-17]
FF Extension: No Name - C:\Users\Josh\AppData\Roaming\Mozilla\Firefox\Profiles\lc1scjdp.Troubleshooting\Extensions\{dc572301-7619-498c-a57d-39143191b318}.xpi [2013-01-24]
FF Extension: No Name - C:\Users\Josh\AppData\Roaming\Mozilla\Firefox\Profiles\lc1scjdp.Troubleshooting\Extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}.xpi [2013-11-17]
FF Extension: Skype Click to Call - C:\Program Files (x86)\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} [2014-11-10]
FF Extension: Skype Click to Call - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} [2014-11-10]

Chrome:
=======
CHR Profile: C:\Users\Josh\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (TooManyTabs for Chrome) - C:\Users\Josh\AppData\Local\Google\Chrome\User Data\Default\Extensions\amigcgbheognjmfkaieeeadojiibgbdp [2012-08-18]
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\Josh\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-05-22]
CHR Extension: (YouTube) - C:\Users\Josh\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2012-07-31]
CHR Extension: (History 2) - C:\Users\Josh\AppData\Local\Google\Chrome\User Data\Default\Extensions\cahejgbbfgmlmjgdjlibphdjeldhagkp [2012-08-24]
CHR Extension: (Google Search) - C:\Users\Josh\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2012-07-31]
CHR Extension: (Tab Manager) - C:\Users\Josh\AppData\Local\Google\Chrome\User Data\Default\Extensions\coonecdghnepgiblpccbbihiahajndda [2012-08-18]
CHR Extension: (Clear Cache) - C:\Users\Josh\AppData\Local\Google\Chrome\User Data\Default\Extensions\cppjkneekbjaeellbfkmgnhonkkjfpdn [2012-07-31]
CHR Extension: (Session Buddy) - C:\Users\Josh\AppData\Local\Google\Chrome\User Data\Default\Extensions\edacconmaakjimmfgnblocblbcdcpbko [2012-07-31]
CHR Extension: (AdBlock) - C:\Users\Josh\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2012-07-31]
CHR Extension: (Updater for Google Web History) - C:\Users\Josh\AppData\Local\Google\Chrome\User Data\Default\Extensions\ibhehjeahclandhcpbajhdfjeffnbcoa [2012-10-21]
CHR Extension: (NZBDrone Xtender) - C:\Users\Josh\AppData\Local\Google\Chrome\User Data\Default\Extensions\koaenifojgcodjmhlnhihpclekeegkce [2014-02-06]
CHR Extension: (Modified Tab Ordering) - C:\Users\Josh\AppData\Local\Google\Chrome\User Data\Default\Extensions\lhlppppejjiiinhklmlpfkafimagbcbe [2012-07-31]
CHR Extension: (Skype Click to Call) - C:\Users\Josh\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl [2014-04-28]
CHR Extension: (Reload All Tabs) - C:\Users\Josh\AppData\Local\Google\Chrome\User Data\Default\Extensions\midkcinmplflbiflboepnahkboeonkam [2012-07-31]
CHR Extension: (History Plus) - C:\Users\Josh\AppData\Local\Google\Chrome\User Data\Default\Extensions\mmeiidaaeapionnjaheefgcflidanoeg [2012-10-09]
CHR Extension: (Hangouts) - C:\Users\Josh\AppData\Local\Google\Chrome\User Data\Default\Extensions\nckgahadagoaajjgafhacjanaoiihapd [2014-03-24]
CHR Extension: (Tab Dupectomy) - C:\Users\Josh\AppData\Local\Google\Chrome\User Data\Default\Extensions\nkkedbpcfdogedipgdhgeknjdphaplbk [2012-07-31]
CHR Extension: (Google Wallet) - C:\Users\Josh\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-02-06]
CHR Extension: (NBC Olympics Scheduler) - C:\Users\Josh\AppData\Local\Google\Chrome\User Data\Default\Extensions\okhkncepdlpdblbgagmaifdgfaoincle [2012-07-31]
CHR Extension: (Gmail) - C:\Users\Josh\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2012-07-31]
CHR StartMenuInternet: Google Chrome - C:\Users\Josh\AppData\Local\Google\Chrome\Application\chrome.exe

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

S4 AdAppMgrSvc; C:\Program Files (x86)\Common Files\Autodesk Shared\AppManager\R1\AdAppMgrSvc.exe [581000 2014-04-01] (Autodesk Inc.)
S4 Apache2.4; C:\xampp\apache\bin\httpd.exe [22016 2012-08-18] (Apache Software Foundation) [File not signed]
R2 asComSvc; C:\Program Files (x86)\ASUS\AXSP\1.02.00\atkexComSvc.exe [936728 2014-01-27] ()
R2 asHmComSvc; C:\Program Files (x86)\ASUS\AAHM\1.00.22\aaHMSvc.exe [954648 2014-01-27] (ASUSTeK Computer Inc.)
R2 AsusFanControlService; C:\Program Files (x86)\ASUS\AsusFanControlService\1.05.08\AsusFanControlService.exe [387896 2014-04-06] (ASUSTeK Computer Inc.)
S4 Autodesk Licensing Service; C:\Program Files (x86)\Common Files\Autodesk Shared\Service\AdskScSrv.exe [72704 2014-04-09] (Autodesk) [File not signed]
S4 Creative ALchemy AL6 Licensing Service; C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\AL6Licensing.exe [79360 2012-09-13] (Creative Labs) [File not signed]
S4 Creative Audio Engine Licensing Service; C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe [79360 2012-09-13] (Creative Labs) [File not signed]
S4 CTAudSvcService; C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe [286720 2010-02-12] (Creative Technology Ltd) [File not signed]
S4 FileZillaServer; C:\xampp\filezillaftp\filezillaserver.exe [632320 2012-05-11] (FileZilla Project) [File not signed]
S4 Futuremark SystemInfo Service; C:\Program Files (x86)\Futuremark\SystemInfo\FMSISvc.exe [520416 2013-11-21] (Futuremark)
S4 HiPatchService; F:\Program Files (x86)\Hi-Rez Studios\HiPatchService.exe [8704 2012-08-30] (Hi-Rez Studios) [File not signed]
S4 lxdqCATSCustConnectService; C:\Windows\system32\spool\DRIVERS\x64\3\\lxdqserv.exe [29184 2009-04-28] (Lexmark International, Inc.) [File not signed]
S4 lxdq_device; C:\Windows\system32\lxdqcoms.exe [1039872 2007-11-28] ( ) [File not signed]
S4 lxdq_device; C:\Windows\SysWOW64\lxdqcoms.exe [589824 2007-11-28] ( ) [File not signed]
R2 MsMpSvc; C:\Program Files\Microsoft Security Client\MsMpEng.exe [23784 2014-08-22] (Microsoft Corporation)
S4 mysql; C:\xampp\mysql\bin\mysqld.exe [8186368 2012-07-20] () [File not signed]
R3 NisSrv; C:\Program Files\Microsoft Security Client\NisSrv.exe [368624 2014-08-22] (Microsoft Corporation)
S4 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1720608 2014-07-25] (NVIDIA Corporation)
S4 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [18956064 2014-07-25] (NVIDIA Corporation)
R2 PnkBstrA; C:\Windows\SysWOW64\PnkBstrA.exe [75136 2014-05-31] ()
S4 ProtexisLicensing; C:\Windows\SysWOW64\PSIService.exe [174656 2006-11-02] () [File not signed]
S4 Razer Game Scanner Service; C:\Program Files (x86)\Razer\Razer Services\GSS\GameScannerService.exe [183488 2014-10-31] ()
S4 SwitchBoard; C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated) [File not signed]
S3 VsEtwService120; C:\Program Files (x86)\Microsoft Visual Studio 12.0\Common7\Packages\Debugger\Services\VsEtwService.exe [87728 2013-10-04] (Microsoft Corporation)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

U5 AppMgmt; C:\Windows\system32\svchost.exe [27136 2009-07-13] (Microsoft Corporation)
R1 AsIO; C:\Windows\SysWow64\drivers\AsIO.sys [15232 2014-01-27] ()
R1 AsUpIO; C:\Windows\SysWow64\drivers\AsUpIO.sys [14464 2014-02-24] ()
R3 ASUSFILTER; C:\Windows\SysWow64\drivers\ASUSFILTER.sys [46152 2011-09-19] (MCCI Corporation)
R1 dtsoftbus01; C:\Windows\System32\DRIVERS\dtsoftbus01.sys [283200 2013-01-05] (DT Soft Ltd)
S3 E100B; C:\Windows\System32\DRIVERS\efe5b32e.sys [192256 2009-06-10] (Intel Corporation)
S3 ManyCam; C:\Windows\System32\DRIVERS\mcvidrv_x64.sys [44928 2012-10-10] (ManyCam LLC)
S3 mcaudrv_simple; C:\Windows\System32\drivers\mcaudrv_x64.sys [28160 2013-01-31] (ManyCam LLC)
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [269008 2014-07-17] (Microsoft Corporation)
R2 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [125584 2014-07-17] (Microsoft Corporation)
S3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [20256 2014-07-25] (NVIDIA Corporation)
R3 nvvad_WaveExtensible; C:\Windows\System32\drivers\nvvad64v.sys [40392 2014-03-31] (NVIDIA Corporation)
R2 osaio; C:\Windows\system32\drivers\osaio.sys [17176 2012-02-09] (OSA Technologies, An Avocent Company)
S3 pbfilter; C:\Program Files\PeerBlock\pbfilter.sys [22600 2014-01-14] ()
S3 PPJoyBus; C:\Windows\System32\DRIVERS\PPJoyBus64.sys [20032 2009-11-03] (Deon van der Westhuysen)
S3 Razerlow; C:\Windows\System32\drivers\Razerlow.sys [21120 2005-11-07] (Razer (Asia-Pacific) Pte Ltd)
S3 RTCore64; C:\Program Files (x86)\MSI Afterburner\RTCore64.sys [13480 2014-06-10] ()
R3 RZMAELSTROMVADService; C:\Windows\System32\drivers\RzMaelstromVAD.sys [32768 2014-06-09] (Windows ® Win 7 DDK provider)
R2 rzpmgrk; C:\Windows\system32\drivers\rzpmgrk.sys [37184 2014-10-31] (Razer, Inc.)
R2 rzpnk; C:\Windows\system32\drivers\rzpnk.sys [129600 2014-10-23] (Razer, Inc.)
U3 TrueSight; C:\Windows\System32\drivers\TrueSight.sys [35064 2014-12-16] ()
S3 vhidmini; C:\Windows\System32\DRIVERS\vjoy.sys [13472 2009-10-08] (Headsoft) [File not signed]
S3 catchme; \??\C:\ComboFix\catchme.sys [X]
S3 cpuz135; \??\C:\Windows\TEMP\cpuz135\cpuz135_x64.sys [X]
S3 cpuz136; \??\C:\Windows\TEMP\cpuz136\cpuz136_x64.sys [X]
S3 EagleX64; \??\C:\Windows\system32\drivers\EagleX64.sys [X]
S3 EverestDriver; \??\C:\Program Files (x86)\Lavalys\EVEREST Ultimate Edition\kerneld.amd64 [X]
S1 hwinterface; System32\Drivers\hwinterface.sys [X]
R4 IOMap; \??\C:\Windows\system32\drivers\IOMap64.sys [X]
S3 STHDA; system32\drivers\stwrt64.sys [X]
S3 WacomPen; \SystemRoot\system32\drivers\wacompen.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)

==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-12-26 10:54 - 2014-12-26 10:54 - 00049078 _____ () C:\ComboFix.txt
2014-12-25 17:09 - 2014-12-25 17:09 - 00000000 ____D () C:\Windows\system32\appraiser
2014-12-17 17:48 - 2014-10-17 21:05 - 04121600 _____ (Microsoft Corporation) C:\Windows\system32\mf.dll
2014-12-17 17:48 - 2014-10-17 20:33 - 03209728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mf.dll
2014-12-17 17:48 - 2014-07-06 21:06 - 00206848 _____ (Microsoft Corporation) C:\Windows\system32\mfps.dll
2014-12-17 17:48 - 2014-07-06 21:06 - 00055808 _____ (Microsoft Corporation) C:\Windows\system32\rrinstaller.exe
2014-12-17 17:48 - 2014-07-06 21:06 - 00024576 _____ (Microsoft Corporation) C:\Windows\system32\mfpmp.exe
2014-12-17 17:48 - 2014-07-06 21:02 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\mferror.dll
2014-12-17 17:48 - 2014-07-06 20:40 - 00103424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfps.dll
2014-12-17 17:48 - 2014-07-06 20:39 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rrinstaller.exe
2014-12-17 17:48 - 2014-07-06 20:39 - 00023040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfpmp.exe
2014-12-17 17:48 - 2014-07-06 20:37 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mferror.dll
2014-12-16 07:34 - 2014-12-16 07:38 - 00000045 _____ () C:\Users\Josh\Documents\todosimple2.txt
2014-12-16 06:41 - 2014-12-16 06:41 - 00079064 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\oalohsc.sys
2014-12-13 22:05 - 2014-12-13 22:05 - 00000842 _____ () C:\Users\Public\Desktop\GetDataBack Simple.lnk
2014-12-13 22:05 - 2014-12-13 22:05 - 00000842 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\GetDataBack Simple.lnk
2014-12-11 19:07 - 2014-12-11 19:07 - 00000000 ____H () C:\Windows\system32\Default.rdp
2014-12-11 06:01 - 2014-12-11 06:01 - 00000000 ____D () C:\Windows\SysWOW64\%LOCALAPPDATA%
2014-12-11 05:35 - 2014-12-13 22:05 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Runtime Software
2014-12-11 05:35 - 2014-12-11 05:35 - 00000845 _____ () C:\Users\Public\Desktop\GetDataBack for NTFS.lnk
2014-12-11 05:35 - 2014-12-11 05:35 - 00000845 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\GetDataBack for NTFS.lnk
2014-12-10 18:04 - 2014-12-10 18:04 - 00000917 _____ () C:\Users\Josh\malwaretext.txt
2014-12-10 17:37 - 2014-12-15 23:47 - 00000000 ____D () C:\Users\Public\Suspicious2
2014-12-10 07:04 - 2014-12-10 07:32 - 00000000 ____D () C:\Users\Public\Suspicious
2014-12-10 05:32 - 2014-12-03 21:50 - 00830976 _____ (Microsoft Corporation) C:\Windows\system32\appraiser.dll
2014-12-10 05:32 - 2014-12-03 21:50 - 00741376 _____ (Microsoft Corporation) C:\Windows\system32\invagent.dll
2014-12-10 05:32 - 2014-12-03 21:50 - 00413184 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll
2014-12-10 05:32 - 2014-12-03 21:50 - 00396800 _____ (Microsoft Corporation) C:\Windows\system32\devinv.dll
2014-12-10 05:32 - 2014-12-03 21:50 - 00227328 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-12-10 05:32 - 2014-12-03 21:50 - 00192000 _____ (Microsoft Corporation) C:\Windows\system32\aepic.dll
2014-12-10 05:32 - 2014-12-03 21:44 - 01083392 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2014-12-10 05:32 - 2014-12-01 18:28 - 01232040 _____ (Microsoft Corporation) C:\Windows\system32\aitstatic.exe
2014-12-10 05:32 - 2014-11-26 20:43 - 00389296 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2014-12-10 05:32 - 2014-11-26 20:10 - 00342200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2014-12-10 05:32 - 2014-11-21 22:13 - 25059840 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-12-10 05:32 - 2014-11-21 22:06 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-12-10 05:32 - 2014-11-21 22:06 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-12-10 05:32 - 2014-11-21 21:50 - 00580096 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-12-10 05:32 - 2014-11-21 21:50 - 00066560 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-12-10 05:32 - 2014-11-21 21:49 - 02885120 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-12-10 05:32 - 2014-11-21 21:49 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-12-10 05:32 - 2014-11-21 21:48 - 00088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2014-12-10 05:32 - 2014-11-21 21:41 - 00054784 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-12-10 05:32 - 2014-11-21 21:40 - 00034304 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-12-10 05:32 - 2014-11-21 21:37 - 00633856 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-12-10 05:32 - 2014-11-21 21:35 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-12-10 05:32 - 2014-11-21 21:35 - 00114688 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-12-10 05:32 - 2014-11-21 21:34 - 06039552 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-12-10 05:32 - 2014-11-21 21:34 - 00814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-12-10 05:32 - 2014-11-21 21:26 - 00968704 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-12-10 05:32 - 2014-11-21 21:22 - 19749376 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-12-10 05:32 - 2014-11-21 21:22 - 00490496 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-12-10 05:32 - 2014-11-21 21:20 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-12-10 05:32 - 2014-11-21 21:14 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2014-12-10 05:32 - 2014-11-21 21:09 - 00199680 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-12-10 05:32 - 2014-11-21 21:08 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-12-10 05:32 - 2014-11-21 21:07 - 00501248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2014-12-10 05:32 - 2014-11-21 21:07 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-12-10 05:32 - 2014-11-21 21:06 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2014-12-10 05:32 - 2014-11-21 21:05 - 00316928 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-12-10 05:32 - 2014-11-21 21:05 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2014-12-10 05:32 - 2014-11-21 21:01 - 02277888 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-12-10 05:32 - 2014-11-21 20:59 - 00047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-12-10 05:32 - 2014-11-21 20:58 - 00030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-12-10 05:32 - 2014-11-21 20:56 - 00478208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-12-10 05:32 - 2014-11-21 20:55 - 00115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-12-10 05:32 - 2014-11-21 20:54 - 00620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2014-12-10 05:32 - 2014-11-21 20:49 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-12-10 05:32 - 2014-11-21 20:49 - 00718848 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-12-10 05:32 - 2014-11-21 20:47 - 01359360 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2014-12-10 05:32 - 2014-11-21 20:46 - 02125312 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-12-10 05:32 - 2014-11-21 20:45 - 00418304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2014-12-10 05:32 - 2014-11-21 20:43 - 14412800 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-12-10 05:32 - 2014-11-21 20:40 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2014-12-10 05:32 - 2014-11-21 20:36 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-12-10 05:32 - 2014-11-21 20:35 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-12-10 05:32 - 2014-11-21 20:33 - 00285696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2014-12-10 05:32 - 2014-11-21 20:29 - 04299264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-12-10 05:32 - 2014-11-21 20:28 - 02358272 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-12-10 05:32 - 2014-11-21 20:23 - 00688640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-12-10 05:32 - 2014-11-21 20:22 - 02052096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-12-10 05:32 - 2014-11-21 20:21 - 01155072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2014-12-10 05:32 - 2014-11-21 20:15 - 01548288 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-12-10 05:32 - 2014-11-21 20:13 - 12836864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-12-10 05:32 - 2014-11-21 20:03 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-12-10 05:32 - 2014-11-21 20:00 - 01888256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-12-10 05:32 - 2014-11-21 19:56 - 01307136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-12-10 05:32 - 2014-11-21 19:54 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2014-12-10 05:32 - 2014-11-10 22:09 - 01424384 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecs.dll
2014-12-10 05:32 - 2014-11-10 21:44 - 01230336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WindowsCodecs.dll
2014-12-10 05:32 - 2014-11-10 20:46 - 00119296 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tdx.sys
2014-12-10 05:31 - 2014-11-07 22:16 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
2014-12-10 05:31 - 2014-11-07 21:45 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll
2014-12-10 05:31 - 2014-10-29 21:03 - 00165888 _____ (Microsoft Corporation) C:\Windows\system32\charmap.exe
2014-12-10 05:31 - 2014-10-29 20:45 - 00155136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\charmap.exe
2014-12-10 02:56 - 2014-12-10 02:56 - 00001058 _____ () C:\Users\Josh\Desktop\ListCWall.txt
2014-12-09 22:00 - 2014-12-09 22:00 - 00000000 ____D () C:\Program Files (x86)\ESET
2014-12-09 19:52 - 2014-12-09 19:52 - 00003132 _____ () C:\Users\Josh\photorec.cfg
2014-12-09 18:12 - 2014-12-09 19:37 - 00003184 _____ () C:\Users\Josh\Desktop\Search.txt
2014-12-09 12:14 - 2014-12-28 08:02 - 00000000 ____D () C:\FRST
2014-12-09 12:14 - 2014-12-09 12:13 - 02119680 _____ (Farbar) C:\Users\Josh\Desktop\FRST64.exe
2014-12-09 09:26 - 2014-12-09 09:26 - 00000000 ____D () C:\Users\Josh\AppData\Roaming\www.shadowexplorer.com
2014-12-09 09:13 - 2014-12-09 09:16 - 00004552 _____ () C:\Users\Public\malwarebytes.txt
2014-12-09 05:44 - 2014-12-09 05:44 - 00000222 _____ () C:\Users\Josh\Desktop\Lambda Wars Beta.url
2014-12-09 00:06 - 2014-12-09 00:06 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AutoHotkey
2014-12-08 20:38 - 2014-12-08 20:39 - 00017920 ___SH () C:\Users\Josh\Thumbs.db
2014-12-08 16:03 - 2014-12-08 16:03 - 00004651 _____ () C:\Users\Josh\Documents\how_decrypt.html
2014-12-08 14:39 - 2014-12-08 15:41 - 00004651 _____ () C:\Users\Josh\AppData\Roaming\how_decrypt.html
2014-12-08 14:01 - 2014-12-08 18:09 - 00008224 _____ () C:\Windows\SysWOW64\GDIPFONTCACHEV1.DAT
2014-12-08 13:41 - 2014-12-08 13:41 - 00004651 _____ () C:\Users\Josh\how_decrypt.html
2014-12-08 13:41 - 2014-12-08 13:41 - 00004651 _____ () C:\Users\Josh\AppData\Local\how_decrypt.html
2014-12-08 13:40 - 2014-12-08 13:40 - 00004651 _____ () C:\Users\Default\how_decrypt.html
2014-12-08 13:02 - 2014-12-08 13:02 - 00004651 _____ () C:\how_decrypt.html
2014-12-08 06:26 - 2014-12-14 06:26 - 00003730 _____ () C:\Windows\System32\Tasks\GoogleUpdater
2014-12-07 08:57 - 2014-12-07 08:57 - 00000000 __SHD () C:\Users\Josh\AppData\Local\EmieBrowserModeList
2014-12-01 20:40 - 2014-12-08 16:02 - 00024702 _____ () C:\Users\Josh\Documents\20151stquarterAppropriation.xlsx
2014-12-01 20:40 - 2014-12-01 20:40 - 00000104 ____H () C:\Users\Josh\Documents\.~lock.20151stquarterAppropriation.xlsx#
2014-12-01 17:38 - 2014-12-01 17:38 - 00000104 ____H () C:\Users\Josh\Documents\.~lock.CrazyForYouExpectationsandagreements.doc#
2014-11-30 05:49 - 2014-12-08 16:02 - 00013258 _____ () C:\Users\Josh\Documents\Christmas List 2014.odt
2014-11-30 05:39 - 2014-11-30 05:39 - 00000100 ____H () C:\Users\Josh\Documents\.~lock.Christmas 2013.odt#
2014-11-30 04:29 - 2014-11-30 04:29 - 00001456 _____ () C:\Users\Josh\AppData\Local\Adobe Save for Web 12.0 Prefs
2014-11-30 02:27 - 2014-11-30 02:28 - 00000000 ____D () C:\Users\Josh\AppData\Local\Deshaker
2014-11-30 02:01 - 2014-11-30 02:07 - 00000347 _____ () C:\Users\Josh\AppData\Roaming\.ptbt1
2014-11-30 01:53 - 2014-11-30 01:53 - 00000000 ____H () C:\Windows\system32\Drivers\Msft_User_WpdMtpDr_01_09_00.Wdf
2014-11-30 01:47 - 2014-11-30 01:48 - 00000000 ____D () C:\Program Files\Hugin
2014-11-30 01:47 - 2014-11-30 01:47 - 00000868 _____ () C:\Users\Josh\Desktop\Hugin.lnk
2014-11-30 01:47 - 2014-11-30 01:47 - 00000000 ____D () C:\Users\Josh\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Hugin
2014-11-30 01:45 - 2014-11-30 01:45 - 00000000 ____D () C:\Program Files (x86)\Hugin
2014-11-28 19:32 - 2014-12-25 17:11 - 00001154 _____ () C:\Windows\setupact.log
2014-11-28 19:32 - 2014-11-28 19:32 - 00000000 _____ () C:\Windows\setuperr.log
2014-11-28 19:31 - 2014-12-25 17:09 - 00021022 _____ () C:\Windows\PFRO.log

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-12-28 07:41 - 2013-01-03 01:13 - 00000898 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-12-28 07:38 - 2012-07-04 23:24 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-12-28 05:35 - 2009-11-02 07:56 - 00000000 ____D () C:\Program Files (x86)\Steam
2014-12-28 04:46 - 2011-03-19 19:48 - 00000000 ____D () C:\Users\Josh\AppData\Roaming\Mumble
2014-12-28 02:00 - 2014-06-20 18:01 - 00000000 ____D () C:\Users\Josh\AppData\Local\Adobe
2014-12-27 19:11 - 2012-07-31 03:25 - 00000852 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1096825299-2601053131-2088073329-1001Core.job
2014-12-27 17:24 - 2012-01-11 08:26 - 02093843 _____ () C:\Windows\WindowsUpdate.log
2014-12-27 16:41 - 2013-01-03 01:13 - 00000894 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-12-26 10:54 - 2012-07-10 00:24 - 00000000 ____D () C:\Qoobox
2014-12-26 10:54 - 2010-12-30 12:53 - 00000000 ____D () C:\Users\Josh\AppData\Local\Apps\2.0
2014-12-26 10:50 - 2009-07-13 21:34 - 00000215 _____ () C:\Windows\system.ini
2014-12-26 09:56 - 2013-04-18 05:01 - 00000000 ___RD () C:\Users\Josh\SkyDrive
2014-12-26 09:19 - 2009-07-13 23:45 - 00028128 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-12-26 09:19 - 2009-07-13 23:45 - 00028128 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-12-25 22:32 - 2010-06-04 09:33 - 00000000 ___RD () C:\Users\Josh\Documents\My Dropbox
2014-12-25 20:02 - 2013-02-07 05:05 - 00000000 ____D () C:\Windows\rescache
2014-12-25 19:17 - 2010-06-04 09:31 - 00000000 ____D () C:\Users\Josh\AppData\Roaming\Dropbox
2014-12-25 17:11 - 2009-07-14 00:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-12-25 17:09 - 2014-05-24 17:32 - 00000000 ___SD () C:\Windows\system32\CompatTel
2014-12-25 17:09 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\PolicyDefinitions
2014-12-25 17:09 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\AppCompat
2014-12-17 18:05 - 2013-08-15 11:15 - 00000000 ____D () C:\Windows\system32\MRT
2014-12-17 17:50 - 2012-01-11 07:10 - 112710672 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-12-17 11:23 - 2010-06-04 09:33 - 00001025 _____ () C:\Users\Josh\Desktop\Dropbox.lnk
2014-12-17 11:23 - 2010-06-04 09:31 - 00000000 ____D () C:\Users\Josh\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
2014-12-16 07:57 - 2012-07-04 23:24 - 00701616 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-12-16 07:57 - 2012-07-04 23:24 - 00003768 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2014-12-16 07:57 - 2012-07-02 23:26 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-12-16 07:56 - 2009-11-06 03:45 - 00000000 ____D () C:\Program Files (x86)\Adobe
2014-12-16 07:00 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\Resources
2014-12-16 06:39 - 2014-10-20 07:06 - 00129752 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-12-16 00:05 - 2014-10-21 02:42 - 00035064 _____ () C:\Windows\system32\Drivers\TrueSight.sys
2014-12-16 00:01 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\registration
2014-12-15 23:23 - 2012-08-02 14:58 - 00000000 ____D () C:\Users\Josh\AppData\Local\CrashDumps
2014-12-15 03:00 - 2014-10-19 23:39 - 00003858 _____ () C:\Windows\System32\Tasks\{5E8D2BEB-18C3-EC00-FE13-4FCAFACCE36C}
2014-12-14 06:47 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\Globalization
2014-12-14 01:11 - 2012-07-31 03:26 - 00002374 _____ () C:\Users\Josh\Desktop\Google Chrome.lnk
2014-12-13 21:47 - 2011-03-19 19:41 - 00000000 ____D () C:\Program Files (x86)\Mumble
2014-12-13 21:46 - 2012-07-28 22:25 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mumble
2014-12-10 22:19 - 2014-07-18 23:28 - 00000000 ____D () C:\Windows\MEI
2014-12-10 22:19 - 2012-02-14 02:00 - 00000000 ____D () C:\Windows\Minidump
2014-12-10 22:17 - 2014-04-09 04:14 - 00000000 ____D () C:\Users\Josh\AppData\Local\TSVNCache
2014-12-10 18:04 - 2012-01-11 05:38 - 00000000 ____D () C:\Users\Josh
2014-12-10 07:38 - 2014-09-23 04:23 - 00000000 ____D () C:\Program Files (x86)\ZAR
2014-12-10 07:05 - 2014-05-29 05:35 - 00056320 ___SH () C:\Users\Public\Thumbs.db
2014-12-09 21:42 - 2014-08-17 04:59 - 00000000 ____D () C:\Program Files\Recuva
2014-12-09 09:29 - 2009-07-14 00:13 - 00782578 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-12-09 05:51 - 2009-11-08 22:50 - 00000000 ____D () C:\Users\Josh\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Steam
2014-12-09 05:35 - 2014-03-26 04:23 - 00000000 ____D () C:\Users\Josh\Documents\Unreal Projects
2014-12-09 00:06 - 2012-09-22 02:38 - 00000000 ____D () C:\Program Files\AutoHotkey
2014-12-09 00:06 - 2010-12-07 18:35 - 00000000 ____D () C:\Program Files (x86)\AutoHotkey
2014-12-08 20:27 - 2014-05-21 05:51 - 00147880 _____ () C:\Users\Josh\AppData\Local\GDIPFONTCACHEV1.DAT
2014-12-08 20:20 - 2012-05-04 13:31 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2014-12-08 19:47 - 2014-11-10 09:15 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-12-08 17:36 - 2014-10-20 06:52 - 00001116 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-12-08 17:36 - 2014-10-20 06:52 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-12-08 17:36 - 2014-10-20 06:51 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-12-08 17:23 - 2014-11-17 02:02 - 00000000 ____D () C:\Users\Josh\Documents\uglyholidaysweater
2014-12-08 17:23 - 2014-08-30 02:18 - 00000000 ____D () C:\Users\Josh\Documents\TheSearchforTinkerDoyleCalendar2
2014-12-08 17:23 - 2014-08-27 19:11 - 00000000 ____D () C:\Users\Josh\Documents\TheSearchforTinkerDoyleCalendar
2014-12-08 17:23 - 2013-11-19 01:40 - 00000000 ____D () C:\Users\Josh\Documents\Unity
2014-12-08 17:23 - 2013-06-19 18:32 - 00000000 ____D () C:\Users\Josh\Documents\TheTotallyTelethon
2014-12-08 17:23 - 2010-03-17 01:39 - 00000000 ____D () C:\Users\Josh\Documents\TurboTax
2014-12-08 17:23 - 2009-11-06 04:17 - 00000000 ____D () C:\Users\Josh\Documents\Tournament Time Data
2014-12-08 17:23 - 2009-11-06 04:05 - 00000000 ____D () C:\Users\Josh\Documents\TrackMania
2014-12-08 17:22 - 2014-03-11 15:56 - 00000000 ____D () C:\Users\Josh\Documents\The Royal Family
2014-12-08 17:18 - 2013-01-18 00:32 - 00000000 ____D () C:\Users\Josh\Documents\TDWLOGO
2014-12-08 17:18 - 2013-01-14 16:07 - 00000000 ____D () C:\Users\Josh\Documents\TDWWRITTENmanwhocametodinnerking
2014-12-08 17:14 - 2012-12-03 22:23 - 00000000 ____D () C:\Users\Josh\Documents\scrivenertut.scriv
2014-12-08 17:13 - 2009-11-06 15:13 - 00000000 ____D () C:\Users\Josh\Documents\RODEN_ApplicationAcknowledgmentLetter
2014-12-08 17:10 - 2012-08-20 06:20 - 00000000 ____D () C:\Users\Josh\Documents\RehearsalSchedule
2014-12-08 17:10 - 2012-07-05 01:34 - 00000000 ____D () C:\Users\Josh\Documents\recruitment_files
2014-12-08 17:10 - 2011-01-16 17:06 - 00000000 ____D () C:\Users\Josh\Documents\REAPER Media
2014-12-08 17:08 - 2013-04-17 23:59 - 00000000 ____D () C:\Users\Josh\Documents\Program Materials
2014-12-08 17:08 - 2011-06-20 21:16 - 00000000 ____D () C:\Users\Josh\Documents\People's Writing
2014-12-08 17:07 - 2009-11-06 05:58 - 00000000 ____D () C:\Users\Josh\Documents\MySpaceIM Pics
2014-12-08 17:06 - 2009-11-06 03:45 - 00000000 ____D () C:\Users\Josh\Documents\My PSP Files
2014-12-08 16:21 - 2009-11-06 03:52 - 00000000 ____D () C:\Users\Josh\Documents\My eBooks
2014-12-08 16:18 - 2009-11-06 10:23 - 00000000 ____D () C:\Users\Josh\Documents\LEFTCAMERA
2014-12-08 16:16 - 2009-11-06 16:59 - 00000000 ____D () C:\Users\Josh\Documents\JoshRodenResume
2014-12-08 16:15 - 2012-11-15 22:23 - 00000000 ____D () C:\Users\Josh\Documents\Guild Wars 2
2014-12-08 16:14 - 2009-11-06 05:49 - 00000000 ____D () C:\Users\Josh\Documents\FlexDeveloper
2014-12-08 16:13 - 2013-04-22 03:11 - 00000000 ____D () C:\Users\Josh\Documents\DSC01095
2014-12-08 16:13 - 2011-09-02 16:36 - 00000000 ____D () C:\Users\Josh\Documents\cPWyGGA0mLk_data
2014-12-08 16:13 - 2011-01-19 14:22 - 00000000 ____D () C:\Users\Josh\Documents\Dyyno
2014-12-08 16:13 - 2009-11-06 07:01 - 00000000 ____D () C:\Users\Josh\Documents\ConvertXtoDVD
2014-12-08 16:12 - 2013-09-01 08:52 - 00000000 ____D () C:\Users\Josh\Documents\Backups
2014-12-08 16:12 - 2013-04-18 05:31 - 00000000 ____D () C:\Users\Josh\Documents\barefootprogram_files
2014-12-08 16:12 - 2013-02-08 07:57 - 00000000 ____D () C:\Users\Josh\Documents\Command and Conquer Generals Data
2014-12-08 16:12 - 2013-02-07 02:18 - 00000000 ____D () C:\Users\Josh\Documents\Command and Conquer Generals Zero Hour Data
2014-12-08 16:12 - 2011-01-19 14:33 - 00000000 ____D () C:\Users\Josh\Documents\Camtasia Studio
2014-12-08 16:12 - 2009-11-06 03:59 - 00000000 ____D () C:\Users\Josh\Documents\Bulk Image Downloader
2014-12-08 16:05 - 2014-05-16 03:45 - 00000000 ____D () C:\Users\Josh\Documents\Arma 3
2014-12-08 16:05 - 2013-04-27 16:44 - 00000000 ____D () C:\Users\Josh\Documents\Arma 3 Alpha Lite
2014-12-08 16:05 - 2012-04-12 04:26 - 00000000 ____D () C:\Users\Josh\Documents\ArmA 2
2014-12-08 16:04 - 2014-11-02 17:33 - 00000000 ____D () C:\Users\Josh\Documents\ArcheAge
2014-12-08 16:04 - 2013-08-20 15:25 - 00000000 ____D () C:\Users\Josh\Documents\Algodoo
2014-12-08 16:04 - 2009-11-06 11:10 - 00000000 ____D () C:\Users\Josh\Documents\418WISkills
2014-12-08 16:03 - 2014-11-17 02:02 - 00122352 _____ () C:\Users\Josh\Documents\uglyholidaysweater.zip
2014-12-08 16:03 - 2014-10-13 13:12 - 00022583 _____ () C:\Users\Josh\Documents\J. Roden Resume.odt
2014-12-08 16:03 - 2014-10-12 11:48 - 00000000 ____D () C:\Users\Josh\Documents\2014CenterStageWRITTENinheritthewindmonnig
2014-12-08 16:03 - 2014-08-19 17:16 - 00017408 _____ () C:\Users\Josh\Documents\TheSearchforTinkerDoyleCalendar.xls
2014-12-08 16:03 - 2014-06-15 21:45 - 00000000 ____D () C:\Users\Josh\Documents\20120908155516
2014-12-08 16:03 - 2014-06-03 07:55 - 00024110 _____ () C:\Users\Josh\Documents\FoodInventory7.ods_2.ods_2.ods
2014-12-08 16:03 - 2014-05-30 03:26 - 20324509 _____ () C:\Users\Josh\Documents\Leafs.zip
2014-12-08 16:03 - 2014-05-09 03:54 - 20544998 _____ () C:\Users\Josh\Documents\kenneyDonation_v6.zip
2014-12-08 16:03 - 2014-01-11 02:06 - 00013213 _____ () C:\Users\Josh\Documents\vowes.odt
2014-12-08 16:03 - 2014-01-07 06:54 - 00027436 _____ () C:\Users\Josh\Documents\TheatreCompanies.ods
2014-12-08 16:03 - 2013-12-23 03:32 - 00000000 ____D () C:\Users\Josh\Documents\3DMark
2014-12-08 16:03 - 2013-12-17 17:42 - 00115563 _____ () C:\Users\Josh\Documents\THEROYALFAMILY-Cast.zip
2014-12-08 16:03 - 2013-10-18 23:50 - 00000000 ____D () C:\Users\Josh\Documents\0001
2014-12-08 16:03 - 2013-10-18 22:51 - 00000000 ____D () C:\Users\Josh\Documents\00000DISPLAYSIGNAGE
2014-12-08 16:03 - 2013-10-18 22:05 - 00000000 ____D () C:\Users\Josh\Documents\00000HOLIDAYORDERFORM
2014-12-08 16:03 - 2013-09-08 17:34 - 00062464 _____ () C:\Users\Josh\Documents\qcracks.xls
2014-12-08 16:03 - 2013-08-12 16:37 - 00018432 _____ () C:\Users\Josh\Documents\genconsheet.xls
2014-12-08 16:03 - 2013-07-22 19:27 - 00081326 _____ () C:\Users\Josh\Documents\ts3_clientui-win64-1365064384-2013-07-22 20_27_01.607421.dmp
2014-12-08 16:03 - 2013-07-18 00:08 - 00021504 _____ () C:\Users\Josh\Documents\meijerlist.xls
2014-12-08 16:03 - 2013-07-04 03:31 - 00618352 _____ () C:\Users\Josh\Documents\firststupidness.blend
2014-12-08 16:03 - 2013-07-04 03:31 - 00616080 _____ () C:\Users\Josh\Documents\firststupidness.blend1
2014-12-08 16:03 - 2013-07-04 03:31 - 00506376 _____ () C:\Users\Josh\Documents\firststupidness.blend2
2014-12-08 16:03 - 2013-06-19 18:32 - 00468997 _____ () C:\Users\Josh\Documents\TheTotallyTelethon.zip
2014-12-08 16:03 - 2013-06-16 03:37 - 00012707 _____ () C:\Users\Josh\Documents\Risen Civ 5.ods
2014-12-08 16:03 - 2013-06-05 15:46 - 00302187 _____ () C:\Users\Josh\Documents\Real American Units.ods
2014-12-08 16:03 - 2013-05-30 19:28 - 00098250 _____ () C:\Users\Josh\Documents\ts3_clientui-win64-1365064384-2013-05-30 20_28_12.618836.dmp
2014-12-08 16:03 - 2013-05-28 15:52 - 00000000 ____D () C:\Users\Josh\Documents\2012TDWWRITTENbarefootwinkler
2014-12-08 16:03 - 2013-05-20 15:49 - 00281552 _____ () C:\Users\Josh\Documents\Wesnoth Gold Calculator.ods
2014-12-08 16:03 - 2013-05-18 00:45 - 00014221 _____ () C:\Users\Josh\Documents\LoveRidestheRailsCastandCrew.xlsx
2014-12-08 16:03 - 2013-05-17 16:21 - 00390042 _____ () C:\Users\Josh\Documents\mymap.hxm
2014-12-08 16:03 - 2013-04-22 03:42 - 00119836 _____ () C:\Users\Josh\Documents\LoveRidesTheRails.zip
2014-12-08 16:03 - 2013-04-22 03:11 - 02911673 _____ () C:\Users\Josh\Documents\DSC01095.zip
2014-12-08 16:03 - 2013-04-18 06:09 - 00338021 _____ () C:\Users\Josh\Documents\FoodInventory7.ods_2.ods
2014-12-08 16:03 - 2013-04-18 06:09 - 00277633 _____ () C:\Users\Josh\Documents\Real%20American%20Units.ods_0.ods
2014-12-08 16:03 - 2013-04-18 06:09 - 00181651 _____ () C:\Users\Josh\Documents\eCodex%20Space%20Marine%201.02.xls_0.ods
2014-12-08 16:03 - 2013-04-18 06:09 - 00104653 _____ () C:\Users\Josh\Documents\todovista.ods_0.ods
2014-12-08 16:03 - 2013-04-18 06:09 - 00021575 _____ () C:\Users\Josh\Documents\J.%20Roden%20Resume.docx_0.odt
2014-12-08 16:03 - 2013-04-18 06:09 - 00018759 _____ () C:\Users\Josh\Documents\TDWMembershipDirectory2012-13asof12-17-2012.xls_1.ods
2014-12-08 16:03 - 2013-04-14 22:52 - 00265918 _____ () C:\Users\Josh\Documents\practice program.odg
2014-12-08 16:03 - 2013-04-09 02:30 - 01239921 _____ () C:\Users\Josh\Documents\youtube_towatchlater.txt
2014-12-08 16:03 - 2013-04-09 02:30 - 00176442 _____ () C:\Users\Josh\Documents\youtube_toprocess.txt
2014-12-08 16:03 - 2013-04-05 23:32 - 00064654 _____ () C:\Users\Josh\Documents\WoWPickerderaft.py
2014-12-08 16:03 - 2013-03-19 16:13 - 03636063 _____ () C:\Users\Josh\Documents\something.txt
2014-12-08 16:03 - 2013-02-16 21:25 - 03959500 _____ () C:\Users\Josh\Documents\youtube_something.txt
2014-12-08 16:03 - 2013-02-14 06:44 - 00181180 _____ () C:\Users\Josh\Documents\youtubedigest_2013_02_14.txt
2014-12-08 16:03 - 2013-01-18 00:35 - 00366797 _____ () C:\Users\Josh\Documents\TDW Poster.ods
2014-12-08 16:03 - 2013-01-18 00:32 - 00207383 _____ () C:\Users\Josh\Documents\TDWLOGO.zip
2014-12-08 16:03 - 2013-01-14 16:07 - 00029994 _____ () C:\Users\Josh\Documents\TDWWRITTENmanwhocametodinnerking.zip
2014-12-08 16:03 - 2012-12-25 19:12 - 00047108 _____ () C:\Users\Josh\Documents\youtubedigest_2012_12_25.txt
2014-12-08 16:03 - 2012-12-19 13:05 - 00036352 _____ () C:\Users\Josh\Documents\TDWMembershipDirectory2012-13asof12-17-2012.xls
2014-12-08 16:03 - 2012-11-18 06:20 - 00068464 _____ () C:\Users\Josh\Documents\youtubedigest_2012_11_18.txt
2014-12-08 16:03 - 2012-09-10 21:29 - 00282337 _____ () C:\Users\Josh\Documents\ts3_clientui-win64-1343657352-2012-09-10 22_29_19.316406.dmp
2014-12-08 16:03 - 2012-08-31 00:55 - 00085571 _____ () C:\Users\Josh\Documents\ts3_clientui-win64-1343657352-2012-08-31 01_55_28.722656.dmp
2014-12-08 16:03 - 2012-08-20 06:20 - 00107949 _____ () C:\Users\Josh\Documents\RehearsalSchedule.zip
2014-12-08 16:03 - 2012-08-16 23:52 - 00124964 _____ () C:\Users\Josh\Documents\todosimple.txt
2014-12-08 16:03 - 2012-07-13 02:46 - 00071161 _____ () C:\Users\Josh\Documents\ts3_clientui-win64-1340260499-2012-07-13 03_46_08.862304.dmp
2014-12-08 16:03 - 2012-07-04 17:02 - 00069278 _____ () C:\Users\Josh\Documents\ts3_clientui-win64-1340260499-2012-07-04 18_02_13.212945.dmp
2014-12-08 16:03 - 2012-06-10 18:55 - 00017098 _____ () C:\Users\Josh\Documents\youtubedigest_2012_06_10.txt
2014-12-08 16:03 - 2012-06-06 00:38 - 00027928 _____ () C:\Users\Josh\Documents\youtubedigest_2012_06_06.txt
2014-12-08 16:03 - 2012-05-31 23:39 - 00026194 _____ () C:\Users\Josh\Documents\Raven Blades 1500.ros
2014-12-08 16:03 - 2012-05-31 23:07 - 00023572 _____ () C:\Users\Josh\Documents\Raven Blades 1000v2d.ros
2014-12-08 16:03 - 2012-05-26 21:17 - 00019197 _____ () C:\Users\Josh\Documents\Raven Blades 1000v2c.ros
2014-12-08 16:03 - 2012-05-25 19:35 - 00018066 _____ () C:\Users\Josh\Documents\Raven Blades 1000v2b.ros
2014-12-08 16:03 - 2012-05-25 19:10 - 00018960 _____ () C:\Users\Josh\Documents\Raven Blades 1000v2a.ros
2014-12-08 16:03 - 2012-05-24 14:31 - 00035036 _____ () C:\Users\Josh\Documents\Raven Blades 2000.ros
2014-12-08 16:03 - 2012-05-24 14:04 - 00024690 _____ () C:\Users\Josh\Documents\Raven Blades 1000.ros
2014-12-08 16:03 - 2012-05-20 21:55 - 00778752 _____ () C:\Users\Josh\Documents\eCodex Space Marine 1.02.xls
2014-12-08 16:03 - 2012-05-20 20:04 - 00143454 _____ () C:\Users\Josh\Documents\eCodex Space Marine 1.02.ods
2014-12-08 16:03 - 2012-04-04 15:41 - 00000000 ____D () C:\Users\Josh\Documents\2011_TDW_WRITTEN_Talley_&_son_vater
2014-12-08 16:03 - 2012-03-30 09:10 - 00065024 _____ () C:\Users\Josh\Documents\DidierWeddingGuestList.xls
2014-12-08 16:03 - 2012-03-30 09:08 - 00180620 _____ () C:\Users\Josh\Documents\RodenWeddingguesttracker1.xlsx
2014-12-08 16:03 - 2012-03-25 11:28 - 00033724 _____ () C:\Users\Josh\Documents\youtubedigest_2012_03_25.txt
2014-12-08 16:03 - 2012-02-18 18:18 - 00851456 _____ () C:\Users\Josh\Documents\THE THING (Oct 26 Cutoff)_O.xls
2014-12-08 16:03 - 2012-01-22 20:55 - 00016422 _____ () C:\Users\Josh\Documents\TalleyandSonRehearsalScheduleV2.odt
2014-12-08 16:03 - 2012-01-11 17:09 - 00011718 _____ () C:\Users\Josh\Documents\Planetside presentation.BPres
2014-12-08 16:03 - 2011-12-05 02:10 - 00014460 _____ () C:\Users\Josh\Documents\youtubedigest_2011_12_05.txt
2014-12-08 16:03 - 2011-09-17 21:34 - 00011264 _____ () C:\Users\Josh\Documents\MoviesToWatch.xls
2014-12-08 16:03 - 2011-08-19 00:45 - 00108430 _____ () C:\Users\Josh\Documents\FoodInventory7.ods
2014-12-08 16:03 - 2011-07-04 01:59 - 00358912 ___SH () C:\Users\Josh\Documents\Thumbs.db
2014-12-08 16:03 - 2011-06-23 14:11 - 00821243 _____ () C:\Users\Josh\Documents\FEEDBACKFORM.zip
2014-12-08 16:03 - 2011-05-15 20:47 - 00033280 _____ () C:\Users\Josh\Documents\N64mempack2.mpk
2014-12-08 16:03 - 2011-03-29 23:15 - 00035826 _____ () C:\Users\Josh\Documents\Rodensymbols.jdip
2014-12-08 16:03 - 2011-03-27 12:00 - 00021448 _____ () C:\Users\Josh\Documents\mega_man_truetype.ttf
2014-12-08 16:03 - 2011-03-25 12:54 - 00030720 _____ () C:\Users\Josh\Documents\lame 1938.jdip
2014-12-08 16:03 - 2011-03-23 00:09 - 00094941 _____ () C:\Users\Josh\Documents\Negative World B plans4.jdip
2014-12-08 16:03 - 2011-03-22 23:42 - 00092098 _____ () C:\Users\Josh\Documents\Negative World B plans3.jdip
2014-12-08 16:03 - 2011-03-18 21:16 - 00018587 _____ () C:\Users\Josh\Documents\March Madness.ods
2014-12-08 16:03 - 2011-03-16 17:39 - 00097038 _____ () C:\Users\Josh\Documents\Negative World B plans2.jdip
2014-12-08 16:03 - 2011-03-16 17:23 - 00094746 _____ () C:\Users\Josh\Documents\Negative World B plans.jdip
2014-12-08 16:03 - 2011-03-15 03:01 - 00033280 _____ () C:\Users\Josh\Documents\N64mempack.mpk
2014-12-08 16:03 - 2011-02-08 04:09 - 00060345 _____ () C:\Users\Josh\Documents\Domination.jdip
2014-12-08 16:03 - 2011-02-07 18:11 - 00031222 _____ () C:\Users\Josh\Documents\northamericav2.ods
2014-12-08 16:03 - 2011-01-12 14:01 - 00107119 _____ () C:\Users\Josh\Documents\Negative World B.jdip
2014-12-08 16:03 - 2011-01-03 14:06 - 00160256 _____ () C:\Users\Josh\Documents\NFL Playoffs.tm2
2014-12-08 16:03 - 2010-09-29 00:38 - 02691279 _____ () C:\Users\Josh\Documents\Windows_NT6_BSOD_jcgriff2.zip
2014-12-08 16:03 - 2010-07-24 19:07 - 00034730 _____ () C:\Users\Josh\Documents\HOWTO_Windows.txt
2014-12-08 16:03 - 2010-04-11 06:20 - 00030463 _____ () C:\Users\Josh\Documents\modColorFunctions.bas
2014-12-08 16:03 - 2010-02-22 06:00 - 00030720 _____ () C:\Users\Josh\Documents\MathHammer.xls
2014-12-08 16:03 - 2009-12-13 03:07 - 00209408 _____ () C:\Users\Josh\Documents\StreetFighterIV.tm2
2014-12-08 16:03 - 2009-11-30 05:05 - 00933606 _____ () C:\Users\Josh\Documents\Left4Dead2.m3u
2014-12-08 16:03 - 2009-10-20 20:58 - 07885189 _____ () C:\Users\Josh\Documents\DSC00315.zip
2014-12-08 16:03 - 2009-10-20 20:58 - 03712638 _____ () C:\Users\Josh\Documents\level1.zip
2014-12-08 16:03 - 2009-10-20 20:58 - 02884077 _____ () C:\Users\Josh\Documents\samples.zip
2014-12-08 16:03 - 2009-10-20 20:58 - 01899741 _____ () C:\Users\Josh\Documents\Dragon.zip
2014-12-08 16:03 - 2009-10-20 20:58 - 01604719 _____ () C:\Users\Josh\Documents\TIJ-3rd-edition4.0.zip
2014-12-08 16:03 - 2009-10-20 20:58 - 01491158 _____ () C:\Users\Josh\Documents\Illuminati.zip
2014-12-08 16:03 - 2009-10-20 20:58 - 01246190 _____ () C:\Users\Josh\Documents\Templars.zip
2014-12-08 16:03 - 2009-10-20 20:58 - 01049798 _____ () C:\Users\Josh\Documents\RODEN_ApplicationAcknowledgmentLetter.zip
2014-12-08 16:03 - 2009-10-20 20:58 - 00043762 _____ () C:\Users\Josh\Documents\LEFTCAMERA.zip
2014-12-08 16:03 - 2009-10-20 20:58 - 00017641 _____ () C:\Users\Josh\Documents\FlexDeveloper.zip
2014-12-08 16:03 - 2009-10-20 20:58 - 00016027 _____ () C:\Users\Josh\Documents\JoshRodenResume.zip
2014-12-08 16:03 - 2009-10-19 05:00 - 02160689 _____ () C:\Users\Josh\Documents\tf2.wma
2014-12-08 16:03 - 2009-10-19 05:00 - 00028975 _____ () C:\Users\Josh\Documents\Untitled 1.odt
2014-12-08 16:03 - 2009-10-19 05:00 - 00021456 _____ () C:\Users\Josh\Documents\untitled_0.odt
2014-12-08 16:03 - 2009-09-28 06:43 - 01733520 _____ () C:\Users\Josh\Documents\monkoutfit.odt
2014-12-08 16:03 - 2009-09-28 06:43 - 01440566 _____ () C:\Users\Josh\Documents\smogmountain.bmp
2014-12-08 16:03 - 2009-09-28 06:43 - 00139184 _____ () C:\Users\Josh\Documents\Turok Weapons.isf
2014-12-08 16:03 - 2009-09-28 06:43 - 00087628 _____ () C:\Users\Josh\Documents\Turok Weapons2.isf
2014-12-08 16:03 - 2009-09-28 06:43 - 00033786 _____ () C:\Users\Josh\Documents\theatre_floor_plan.odt
2014-12-08 16:03 - 2009-09-28 06:43 - 00018976 _____ () C:\Users\Josh\Documents\wesnoth.m3u
2014-12-08 16:03 - 2009-09-28 06:43 - 00015751 _____ () C:\Users\Josh\Documents\resume.odt
2014-12-08 16:03 - 2009-09-23 16:53 - 00109850 _____ () C:\Users\Josh\Documents\todovista.ods
2014-12-08 16:03 - 2009-09-23 16:53 - 00014034 _____ () C:\Users\Josh\Documents\tc_allvalvemaps_night.odg
2014-12-08 16:03 - 2009-09-18 02:21 - 00035764 _____ () C:\Users\Josh\Documents\DxDiag.txt
2014-12-08 16:03 - 2009-03-20 01:38 - 00209408 _____ () C:\Users\Josh\Documents\SmashTourney.tm2
2014-12-08 16:03 - 2009-01-01 20:58 - 00857470 _____ () C:\Users\Josh\Documents\left4dead.m3u
2014-12-08 16:03 - 2008-08-07 04:45 - 00125189 _____ () C:\Users\Josh\Documents\Playlist.mpcpl
2014-12-08 16:03 - 2008-07-22 20:33 - 00012668 _____ () C:\Users\Josh\Documents\envelope.odt
2014-12-08 16:03 - 2008-04-29 13:55 - 00018469 _____ () C:\Users\Josh\Documents\ravinesky.tgd_bak
2014-12-08 16:03 - 2008-04-29 03:17 - 00018469 _____ () C:\Users\Josh\Documents\ravinesky.tgd
2014-12-08 16:03 - 2008-04-28 21:43 - 00922166 _____ () C:\Users\Josh\Documents\graymountainplanet.bmp
2014-12-08 16:03 - 2008-04-12 21:42 - 01992261 _____ () C:\Users\Josh\Documents\rocket003_reference.smd
2014-12-08 16:03 - 2008-04-12 21:42 - 00335739 _____ () C:\Users\Josh\Documents\lod1_rocket003_reference.smd
2014-12-08 16:03 - 2008-04-12 21:42 - 00039597 _____ () C:\Users\Josh\Documents\phymodel.smd
2014-12-08 16:02 - 2014-11-25 17:38 - 00024694 _____ () C:\Users\Josh\Documents\20151stquarterAppropriation2.xlsx
2014-12-08 16:02 - 2014-10-21 07:29 - 00098726 _____ () C:\Users\Josh\Documents\cc_20141021_082904.reg
2014-12-08 16:02 - 2014-10-20 16:51 - 00229521 _____ () C:\Users\Josh\Documents\acting%20resume2.doc_1_5.odt
2014-12-08 16:02 - 2014-10-12 11:48 - 00091171 _____ () C:\Users\Josh\Documents\2014CenterStageWRITTENinheritthewindmonnig.zip
2014-12-08 16:02 - 2014-09-25 16:01 - 03214573 _____ () C:\Users\Josh\Documents\20140925_150746.zip
2014-12-08 16:02 - 2014-09-19 18:10 - 00229521 _____ () C:\Users\Josh\Documents\acting%20resume2.doc_1_4.odt
2014-12-08 16:02 - 2014-09-11 17:20 - 00230596 _____ () C:\Users\Josh\Documents\acting%20resume2.doc_1_3.odt
2014-12-08 16:02 - 2014-08-17 18:11 - 00230598 _____ () C:\Users\Josh\Documents\acting%20resume2.doc_1_2.odt
2014-12-08 16:02 - 2014-08-17 18:11 - 00229145 _____ () C:\Users\Josh\Documents\acting%20resume.doc_0_3.odt
2014-12-08 16:02 - 2014-07-30 17:36 - 00230591 _____ () C:\Users\Josh\Documents\acting%20resume2.doc_1_1.odt
2014-12-08 16:02 - 2014-07-30 17:36 - 00229146 _____ () C:\Users\Josh\Documents\acting%20resume.doc_0_2.odt
2014-12-08 16:02 - 2014-07-27 17:19 - 00229140 _____ () C:\Users\Josh\Documents\acting%20resume.doc_0_1.odt
2014-12-08 16:02 - 2014-07-09 03:23 - 00229153 _____ () C:\Users\Josh\Documents\acting%20resume.doc_0.odt
2014-12-08 16:02 - 2014-06-15 21:45 - 10797595 _____ () C:\Users\Josh\Documents\20120908155516.zip
2014-12-08 16:02 - 2014-06-05 20:03 - 00032256 _____ () C:\Users\Josh\Documents\2014YARDSALELISTFORJOSH8.xls
2014-12-08 16:02 - 2014-06-03 06:10 - 00030208 _____ () C:\Users\Josh\Documents\2014YARDSALELISTFORJOSH7.xls
2014-12-08 16:02 - 2014-06-01 00:18 - 00027136 _____ () C:\Users\Josh\Documents\2014YARDSALELISTFORJOSH6.xls
2014-12-08 16:02 - 2014-05-31 07:49 - 00019968 _____ () C:\Users\Josh\Documents\2014YARDSALELISTFORJOSH5.xls
2014-12-08 16:02 - 2014-05-30 07:09 - 00019456 _____ () C:\Users\Josh\Documents\2014YARDSALELISTFORJOSH4.xls
2014-12-08 16:02 - 2014-05-28 07:57 - 00017920 _____ () C:\Users\Josh\Documents\2014YARDSALELISTFORJOSH3.xls
2014-12-08 16:02 - 2014-05-27 04:32 - 00017408 _____ () C:\Users\Josh\Documents\2014YARDSALELISTFORJOSH2.xls
2014-12-08 16:02 - 2014-05-26 00:40 - 00020383 _____ () C:\Users\Josh\Documents\acting%20resume2.doc_1.odt
2014-12-08 16:02 - 2014-05-26 00:38 - 00016896 _____ () C:\Users\Josh\Documents\2014YARDSALELISTFORJOSH.xls
2014-12-08 16:02 - 2014-05-06 01:46 - 00364194 _____ () C:\Users\Josh\Documents\cc_20140506_024557.reg
2014-12-08 16:02 - 2014-01-26 06:04 - 00024788 _____ () C:\Users\Josh\Documents\actingbio.odt
2014-12-08 16:02 - 2014-01-07 06:59 - 00000000 ____D () C:\Users\Josh\Desktop\OpenOffice 4.0.1 (en-US) Installation Files
2014-12-08 16:02 - 2013-11-19 05:38 - 00012687 _____ () C:\Users\Josh\Documents\Christmas 2013.odt
2014-12-08 16:02 - 2013-10-18 23:50 - 04853442 _____ () C:\Users\Josh\Documents\0001.zip
2014-12-08 16:02 - 2013-10-18 23:12 - 00324608 _____ () C:\Users\Josh\Documents\00000DISPLAYSIGNAGE.xls
2014-12-08 16:02 - 2013-10-18 22:51 - 00311266 _____ () C:\Users\Josh\Documents\00000DISPLAYSIGNAGE.zip
2014-12-08 16:02 - 2013-10-18 22:05 - 00010990 _____ () C:\Users\Josh\Documents\00000HOLIDAYORDERFORM.zip
2014-12-08 16:02 - 2013-10-17 23:00 - 00016384 _____ () C:\Users\Josh\Documents\00000CELEBRATIONORDERFORM.xls
2014-12-08 16:02 - 2013-10-17 23:00 - 00015872 _____ () C:\Users\Josh\Documents\00000HOLIDAYORDERFORM.xls
2014-12-08 16:02 - 2013-10-17 23:00 - 00014848 _____ () C:\Users\Josh\Documents\00000SNOWMANORDERFORM.xls
2014-12-08 16:02 - 2013-05-28 15:52 - 00032813 _____ () C:\Users\Josh\Documents\2012TDWWRITTENbarefootwinkler.zip
2014-12-08 16:02 - 2013-04-18 06:51 - 07456567 _____ () C:\Users\Josh\Documents\barefootprogram.odg
2014-12-08 16:02 - 2013-04-18 06:09 - 00336700 _____ () C:\Users\Josh\Documents\averagedeviationfrommeaninpercent.xls_0.ods
2014-12-08 16:02 - 2013-04-18 06:09 - 00229276 _____ () C:\Users\Josh\Documents\acting%20resume.doc_1.odt
2014-12-08 16:02 - 2013-04-18 06:09 - 00087532 _____ () C:\Users\Josh\Documents\Allies%20of%20Justice.ods_1.ods
2014-12-08 16:02 - 2013-04-18 05:20 - 00198500 _____ () C:\Users\Josh\Documents\barefootprogram.wmf
2014-12-08 16:02 - 2013-04-18 05:16 - 50674176 _____ () C:\Users\Josh\Documents\barefootprogram2000.pub
2014-12-08 16:02 - 2013-04-18 05:13 - 08503432 _____ () C:\Users\Josh\Documents\barefootprogram.xps
2014-12-08 16:02 - 2013-03-31 03:13 - 15684608 _____ () C:\Users\Josh\Documents\barefootprogram.pub
2014-12-08 16:02 - 2012-09-13 16:08 - 00142300 _____ () C:\Users\Josh\Documents\cc_20120913_170834.reg
2014-12-08 16:02 - 2012-04-04 15:41 - 00032952 _____ () C:\Users\Josh\Documents\2011_TDW_WRITTEN_Talley_&_son_vater.zip
2014-12-08 16:02 - 2011-11-17 06:22 - 00018432 _____ () C:\Users\Josh\Documents\averagedeviationfrommeaninpercent.xls
2014-12-08 16:02 - 2011-06-23 14:01 - 00013132 _____ () C:\Users\Josh\Documents\CreativeCauldronContactList.xlsx
2014-12-08 16:02 - 2011-04-13 01:50 - 00016725 _____ () C:\Users\Josh\Documents\ABCsofme.odt
2014-12-08 16:02 - 2011-03-28 11:43 - 00019826 _____ () C:\Users\Josh\Documents\Blank Map finished2.jdip
2014-12-08 16:02 - 2011-03-28 02:46 - 00019386 _____ () C:\Users\Josh\Documents\Blank Map finished.jdip
2014-12-08 16:02 - 2011-03-28 00:34 - 00018933 _____ () C:\Users\Josh\Documents\Blank Map.jdip
2014-12-08 16:02 - 2011-02-01 16:40 - 00014630 _____ () C:\Users\Josh\Documents\codeman38_press-start.zip
2014-12-08 16:02 - 2011-01-26 14:58 - 00155574 _____ () C:\Users\Josh\Documents\cc_20110126_145845.reg
2014-12-08 16:02 - 2010-12-30 13:08 - 00053562 _____ () C:\Users\Josh\Documents\cc_20101230_130838.reg
2014-12-08 16:02 - 2010-12-04 15:49 - 00089292 _____ () C:\Users\Josh\Documents\Allies of Justice.ods
2014-12-08 16:02 - 2010-09-17 22:32 - 00119658 _____ () C:\Users\Josh\Documents\cc_20100917_233235.reg
2014-12-08 16:02 - 2010-05-17 19:44 - 00012320 _____ () C:\Users\Josh\Documents\arsenicandoldlace.veg.bak
2014-12-08 16:02 - 2010-05-17 19:44 - 00012320 _____ () C:\Users\Josh\Documents\arsenicandoldlace.veg
2014-12-08 16:02 - 2010-04-14 13:53 - 00020794 _____ () C:\Users\Josh\Documents\contacts.csv
2014-12-08 16:02 - 2009-11-24 00:47 - 00000000 ____D () C:\Users\Josh\Desktop\OpenOffice.org 3.1 (en-US) Installation Files
2014-12-08 16:02 - 2009-10-20 20:58 - 00061171 _____ () C:\Users\Josh\Documents\Clintonletter.zip
2014-12-08 16:02 - 2009-10-20 20:58 - 00015988 _____ () C:\Users\Josh\Documents\418WISkills.zip
2014-12-08 16:02 - 2009-10-03 20:36 - 00899032 _____ () C:\Users\Josh\Documents\cc_20091003_203259.reg
2014-12-08 16:02 - 2009-09-28 06:43 - 04955674 _____ () C:\Users\Josh\Documents\Album1.alb
2014-12-08 16:02 - 2009-09-28 06:43 - 00596007 _____ () C:\Users\Josh\Documents\big_link_version_ocarine_of_time.rar
2014-12-08 16:02 - 2009-09-28 06:43 - 00069598 _____ () C:\Users\Josh\Documents\contacts.ldif
2014-12-08 16:02 - 2009-09-28 06:43 - 00026500 _____ () C:\Users\Josh\Documents\American Mythology.odt
2014-12-08 16:02 - 2009-09-24 20:00 - 00012289 _____ () C:\Users\Josh\Documents\AutoHotkey.ahk.bak
2014-12-08 16:02 - 2009-09-18 02:21 - 00026724 _____ () C:\Users\Josh\Documents\coverletterlist.odt
2014-12-08 16:02 - 2009-01-29 04:22 - 00020384 _____ () C:\Users\Josh\Documents\American Units.ods
2014-12-08 16:00 - 2010-10-18 21:21 - 00000000 ____D () C:\Users\Josh\Desktop\Adobe Premiere Pro CS5
2014-12-08 15:57 - 2014-04-08 23:55 - 00000000 ____D () C:\Users\Josh\AppData\Roaming\TortoiseSVN
2014-12-08 15:57 - 2013-11-09 07:09 - 423572719 _____ () C:\Users\Josh\Desktop\Windows6.1-KB947821-v28-x64.msu
2014-12-08 15:57 - 2012-09-15 01:47 - 00000000 ____D () C:\Users\Josh\AppData\Roaming\WTablet
2014-12-08 15:57 - 2012-07-09 23:18 - 00063329 _____ () C:\Users\Josh\Desktop\Result.txt
2014-12-08 15:57 - 2012-06-25 15:30 - 00000000 ____D () C:\Users\Josh\AppData\Roaming\TS3Client
2014-12-08 15:57 - 2012-05-07 04:14 - 02662044 _____ () C:\Users\Josh\Desktop\Backup-2012.05.07-05.14.rmskin
2014-12-08 15:57 - 2012-05-06 19:01 - 02662041 _____ () C:\Users\Josh\Desktop\Backup-2012.05.06-20.01.rmskin
2014-12-08 15:57 - 2011-07-27 12:42 - 00018288 _____ () C:\Users\Josh\Desktop\hs_err_pid7908.log
2014-12-08 15:57 - 2011-05-18 15:01 - 00018188 _____ () C:\Users\Josh\Desktop\hs_err_pid6456.log
2014-12-08 15:57 - 2010-11-08 18:28 - 00000000 ____D () C:\Users\Josh\AppData\Roaming\Wirecast
2014-12-08 15:57 - 2010-04-11 16:16 - 00031273 _____ () C:\Users\Josh\Desktop\Josh.Roden.DxDiag.txt
2014-12-08 15:57 - 2009-11-30 01:10 - 00000000 ____D () C:\Users\Josh\AppData\Roaming\Winamp
2014-12-08 15:56 - 2014-11-09 04:06 - 00000000 ____D () C:\Users\Josh\AppData\Roaming\MPC-HC
2014-12-08 15:56 - 2014-04-05 22:38 - 00000000 ____D () C:\Users\Josh\AppData\Roaming\TeamViewer
2014-12-08 15:56 - 2010-12-23 20:23 - 00000000 ____D () C:\Users\Josh\AppData\Roaming\skypePM
2014-12-08 15:56 - 2010-05-17 18:33 - 00000000 ____D () C:\Users\Josh\AppData\Roaming\Publish Providers
2014-12-08 15:56 - 2009-12-11 18:27 - 00000000 ____D () C:\Users\Josh\AppData\Roaming\TF2 Statistics Parser
2014-12-08 15:56 - 2009-11-20 01:43 - 00000000 ____D () C:\Users\Josh\AppData\Roaming\Nvu
2014-12-08 15:48 - 2014-05-10 04:34 - 00000000 ____D () C:\Users\Josh\AppData\Roaming\GitHub
2014-12-08 15:48 - 2013-09-17 15:02 - 00000000 ____D () C:\Users\Josh\AppData\Roaming\Guild Wars 2
2014-12-08 15:48 - 2012-07-20 01:05 - 00000000 ____D () C:\Users\Josh\AppData\Roaming\EoN
2014-12-08 15:48 - 2012-06-23 19:58 - 00000000 ____D () C:\Users\Josh\AppData\Roaming\foobar2000
2014-12-08 15:48 - 2012-02-17 15:30 - 00000000 ____D () C:\Users\Josh\AppData\Roaming\GameMaker
2014-12-08 15:48 - 2011-06-28 15:37 - 00000000 ____D () C:\Users\Josh\AppData\Roaming\DarksporeData
2014-12-08 15:48 - 2010-04-11 19:10 - 00000000 ____D () C:\Users\Josh\AppData\Roaming\DiskSpaceFan
2014-12-08 15:48 - 2009-11-06 04:47 - 00000000 ____D () C:\Users\Josh\AppData\Roaming\FileZilla
2014-12-08 15:42 - 2010-11-22 17:43 - 00000000 ____D () C:\Users\Josh\AppData\Roaming\.doomseeker
2014-12-08 15:42 - 2010-08-08 02:49 - 00000000 ____D () C:\Users\Josh\AppData\Roaming\.minecraft
2014-12-08 15:41 - 2013-10-31 18:55 - 00000000 ____D () C:\Users\Josh\AppData\Roaming\.dns
2014-12-08 14:39 - 2010-11-12 17:08 - 00043008 ___SH () C:\Users\Josh\AppData\Roaming\Thumbs.db
2014-12-08 14:39 - 2009-11-09 05:18 - 00011190 _____ () C:\Users\Josh\AppData\Roaming\PStrip.bko
2014-12-08 14:39 - 2009-11-09 04:55 - 00011260 _____ () C:\Users\Josh\AppData\Roaming\PStrip.bk!
2014-12-08 14:39 - 2009-11-09 04:55 - 00011260 _____ () C:\Users\Josh\AppData\Roaming\PStrip.bak
2014-12-08 14:37 - 2012-08-29 01:49 - 00000000 ____D () C:\Users\Josh\AppData\Local\{3248F0A6-6813-11D6-A77B-00B0D0150050}
2014-12-08 14:37 - 2010-10-24 00:33 - 00000000 ____D () C:\Users\Josh\AppData\Local\Windows Live
2014-12-08 14:17 - 2011-04-06 21:37 - 00000000 ____D () C:\Users\Josh\AppData\Local\PMB Files
2014-12-08 14:17 - 2009-12-03 18:06 - 00000000 ____D () C:\Users\Josh\AppData\Local\Procaster
2014-12-08 13:53 - 2009-11-29 21:33 - 00000000 ____D () C:\Users\Josh\AppData\Local\MediaMonkey
2014-12-08 13:53 - 2009-11-11 03:07 - 00000000 ____D () C:\Users\Josh\AppData\Local\Installer6740
2014-12-08 13:47 - 2014-05-10 04:34 - 00000000 ____D () C:\Users\Josh\AppData\Local\GitHub
2014-12-08 13:47 - 2012-09-26 08:55 - 00000000 ____D () C:\Users\Josh\AppData\Local\EdgeOfReality
2014-12-08 13:47 - 2011-10-24 19:14 - 00000000 ____D () C:\Users\Josh\AppData\Local\ESN Sonar
2014-12-08 13:47 - 2010-10-26 22:32 - 00000000 ____D () C:\Users\Josh\AppData\Local\Doom Builder
2014-12-08 13:42 - 2014-05-16 03:45 - 00000000 ____D () C:\Users\Josh\AppData\Local\Arma 3
2014-12-08 13:42 - 2013-04-27 16:44 - 00000000 ____D () C:\Users\Josh\AppData\Local\Arma 3 Alpha Lite
2014-12-08 13:42 - 2012-04-12 04:26 - 00000000 ____D () C:\Users\Josh\AppData\Local\ArmA 2 Free
2014-12-08 13:40 - 2012-01-24 20:33 - 00000000 ____D () C:\ProgramData\Skype
2014-12-08 13:40 - 2009-07-13 22:20 - 00000000 __RHD () C:\Users\Default
2014-12-08 13:34 - 2014-02-06 04:05 - 00000000 ____D () C:\ProgramData\NzbDrone
2014-12-08 13:34 - 2013-11-21 16:26 - 00000000 ____D () C:\ProgramData\NVIDIA
2014-12-08 13:32 - 2013-07-14 15:31 - 00000000 ____D () C:\ProgramData\HP Photo Creations
2014-12-08 13:31 - 2014-04-27 05:43 - 00000000 ____D () C:\ProgramData\FLEXnet
2014-12-08 13:07 - 2010-05-17 00:38 - 00000000 ____D () C:\ArmyBuilder2
2014-12-08 13:07 - 2010-02-04 18:45 - 00000000 ____D () C:\ArmyBuilderEX
2014-12-08 13:06 - 2014-02-04 01:16 - 00000000 ____D () C:\811494c30a08bc3d8ca3
2014-12-08 13:02 - 2013-04-06 03:35 - 00091560 _____ () C:\WoWPicker3.py
2014-12-08 13:02 - 2013-04-04 15:24 - 00088825 _____ () C:\WoWPicker2.py
2014-12-08 13:02 - 2012-08-25 03:02 - 08763372 _____ () C:\HLEAudio.wav
2014-12-08 13:02 - 2012-01-06 22:29 - 00095357 _____ () C:\install.log
2014-12-08 13:02 - 2011-09-29 22:18 - 00421966 _____ () C:\shared.log
2014-12-08 13:02 - 2011-06-20 02:36 - 00022140 _____ () C:\Sound_17_1.raw
2014-12-08 13:02 - 2011-06-20 02:36 - 00019268 _____ () C:\Sound_18_1.raw
2014-12-08 13:02 - 2011-06-20 02:36 - 00019152 _____ () C:\Sound_16_1.raw
2014-12-08 13:02 - 2011-06-20 02:36 - 00016424 _____ () C:\Sound_23_1.raw
2014-12-08 13:02 - 2011-06-20 02:36 - 00015920 _____ () C:\Sound_12_1.raw
2014-12-08 13:02 - 2011-06-20 02:36 - 00013652 _____ () C:\Sound_6_1.raw
2014-12-08 13:02 - 2011-06-20 02:36 - 00013328 _____ () C:\Sound_9_1.raw
2014-12-08 13:02 - 2011-06-20 02:36 - 00013148 _____ () C:\Sound_4_1.raw
2014-12-08 13:02 - 2011-06-20 02:36 - 00013050 _____ () C:\Sound_20_1.raw
2014-12-08 13:02 - 2011-06-20 02:36 - 00012860 _____ () C:\Sound_22_1.raw
2014-12-08 13:02 - 2011-06-20 02:36 - 00012572 _____ () C:\Sound_7_1.raw
2014-12-08 13:02 - 2011-06-20 02:36 - 00011564 _____ () C:\Sound_8_1.raw
2014-12-08 13:02 - 2011-06-20 02:36 - 00010772 _____ () C:\Sound_13_1.raw
2014-12-08 13:02 - 2011-06-20 02:35 - 00022184 _____ () C:\Sound_17_1.wav
2014-12-08 13:02 - 2011-06-20 02:35 - 00019312 _____ () C:\Sound_18_1.wav
2014-12-08 13:02 - 2011-06-20 02:35 - 00019196 _____ () C:\Sound_16_1.wav
2014-12-08 13:02 - 2011-06-20 02:35 - 00016468 _____ () C:\Sound_23_1.wav
2014-12-08 13:02 - 2011-06-20 02:35 - 00015964 _____ () C:\Sound_12_1.wav
2014-12-08 13:02 - 2011-06-20 02:35 - 00013696 _____ () C:\Sound_6_1.wav
2014-12-08 13:02 - 2011-06-20 02:35 - 00013372 _____ () C:\Sound_9_1.wav
2014-12-08 13:02 - 2011-06-20 02:35 - 00013192 _____ () C:\Sound_4_1.wav
2014-12-08 13:02 - 2011-06-20 02:35 - 00013094 _____ () C:\Sound_20_1.wav
2014-12-08 13:02 - 2011-06-20 02:35 - 00012904 _____ () C:\Sound_22_1.wav
2014-12-08 13:02 - 2011-06-20 02:35 - 00012616 _____ () C:\Sound_7_1.wav
2014-12-08 13:02 - 2011-06-20 02:35 - 00011608 _____ () C:\Sound_8_1.wav
2014-12-08 13:02 - 2011-06-20 02:35 - 00010816 _____ () C:\Sound_13_1.wav
2014-12-08 13:02 - 2011-01-31 23:11 - 00145344 _____ () C:\tmpGrveg.$$$
2014-12-08 13:02 - 2011-01-31 23:11 - 00105028 _____ () C:\tmpSeafd.$$$
2014-12-08 13:02 - 2011-01-31 23:11 - 00096536 _____ () C:\tmpVeges.$$$
2014-12-08 13:02 - 2011-01-31 23:11 - 00096004 _____ () C:\tmpRMeat.$$$
2014-12-08 13:02 - 2011-01-31 23:11 - 00090520 _____ () C:\tmpPasta.$$$
2014-12-08 13:02 - 2011-01-31 23:11 - 00087440 _____ () C:\tmpPulse.$$$
2014-12-08 13:02 - 2011-01-31 23:11 - 00086016 _____ () C:\tmpPltry.$$$
2014-12-08 13:02 - 2011-01-31 23:11 - 00084348 _____ () C:\tmpBiskt.$$$
2014-12-08 13:02 - 2011-01-31 23:11 - 00072368 _____ () C:\tmpPizza.$$$
2014-12-08 13:02 - 2011-01-31 23:11 - 00071700 _____ () C:\tmpEggs.$$$
2014-12-08 13:02 - 2011-01-31 23:11 - 00070988 _____ () C:\tmpRice.$$$
2014-12-08 13:02 - 2011-01-31 23:11 - 00069972 _____ () C:\tmpSoup.$$$
2014-12-08 13:02 - 2011-01-31 23:11 - 00067812 _____ () C:\tmpPudng.$$$
2014-12-08 13:02 - 2011-01-31 23:11 - 00067336 _____ () C:\tmpReady.$$$
2014-12-08 13:02 - 2011-01-31 23:11 - 00066124 _____ () C:\tmpPie.$$$
2014-12-08 13:02 - 2011-01-31 23:11 - 00064708 _____ () C:\tmpMilk.$$$
2014-12-08 13:02 - 2011-01-31 23:11 - 00058036 _____ () C:\tmpCake.$$$
2014-12-08 13:02 - 2011-01-31 23:11 - 00049312 _____ () C:\tmpFish.$$$
2014-12-08 13:02 - 2011-01-31 23:11 - 00049112 _____ () C:\tmpBread.$$$
2014-12-08 13:02 - 2011-01-31 23:11 - 00045184 _____ () C:\tmpTnkle.$$$
2014-12-08 13:02 - 2011-01-31 23:11 - 00023424 _____ () C:\tmpBlee2.$$$
2014-12-08 13:02 - 2011-01-31 23:11 - 00021896 _____ () C:\tmpSiren.$$$
2014-12-08 13:02 - 2011-01-31 23:11 - 00021772 _____ () C:\tmpDing.$$$
2014-12-08 13:02 - 2010-02-22 11:33 - 00100813 _____ () C:\VETlog.dmp
2014-12-08 13:02 - 2009-11-16 20:56 - 228221734 _____ () C:\Thunderbird emails.zip
2014-12-08 13:02 - 2007-11-07 07:12 - 00233472 _____ () C:\VC_RED.MSI
2014-12-08 13:02 - 2007-11-07 07:09 - 01443034 _____ () C:\VC_RED.cab
2014-12-08 13:01 - 2014-07-17 11:43 - 00034304 ___SH () C:\BCD_Backup.LOG
2014-12-08 13:01 - 2010-12-11 05:19 - 00031316 _____ () C:\aaw7boot.log
2014-12-08 13:01 - 2007-11-07 07:00 - 00018246 _____ () C:\eula.3082.txt
2014-12-08 13:01 - 2007-11-07 07:00 - 00018246 _____ () C:\eula.2052.txt
2014-12-08 13:01 - 2007-11-07 07:00 - 00018246 _____ () C:\eula.1042.txt
2014-12-08 13:01 - 2007-11-07 07:00 - 00018246 _____ () C:\eula.1040.txt
2014-12-08 13:01 - 2007-11-07 07:00 - 00018246 _____ () C:\eula.1036.txt
2014-12-08 13:01 - 2007-11-07 07:00 - 00018246 _____ () C:\eula.1031.txt
2014-12-08 13:01 - 2007-11-07 07:00 - 00018246 _____ () C:\eula.1028.txt
2014-12-06 20:22 - 2014-05-22 04:15 - 08806728 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-12-05 06:39 - 2014-11-02 05:17 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Glyph
2014-12-01 18:26 - 2014-11-03 18:23 - 00000100 ____H () C:\Users\Josh\Documents\.~lock.acting resume2.doc#
2014-11-30 04:29 - 2009-11-08 18:50 - 00000000 ____D () C:\Users\Josh\AppData\Roaming\Adobe
2014-11-30 02:26 - 2010-10-18 23:22 - 00000000 ____D () C:\Program Files\VirtualDub
2014-11-29 06:45 - 2012-10-23 23:14 - 00000000 ____D () C:\Users\Josh\Downloads\DTA

Files to move or delete:
====================
C:\Users\Public\adwcleaner_4.001.exe
C:\Users\Public\DrawDesigner_Setup.exe
C:\Users\Public\GearUp.exe
C:\Users\Public\rcsetup151.exe
C:\Users\Public\RogueKiller.exe

Some content of TEMP:
====================
C:\Users\Josh\AppData\Local\Temp\conhost.exe

==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2014-12-25 19:54

==================== End Of Log ============================



#12 xXToffeeXx

xXToffeeXx

    Bleepin' Polar Bear


  • Malware Response Instructor
  • 6,085 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:The Arctic Circle
  • Local time:03:35 PM

Posted 29 December 2014 - 04:36 PM

Hi TheBladeRoden,
 
We need to run a fix with FRST:

  • Press the windows key Windows_Logo_key.gif + r on your keyboard at the same time. Type in notepad and press Enter.
  • Copy and paste the script below in the notepad document:​
HKLM-x32\...\Run: [] => [X]
HKU\S-1-5-21-1096825299-2601053131-2088073329-1001\...\Run: [AdobeBridge] => [X]
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\S-1-5-21-1096825299-2601053131-2088073329-1001\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
FF DefaultSearchEngine: Yahoo
Folder: C:\Windows\SysWOW64\%LOCALAPPDATA%
Folder: C:\Users\Public\Suspicious
Folder: C:\Users\Public\Suspicious2
2014-12-08 16:03 - 2014-12-08 16:03 - 00004651 _____ () C:\Users\Josh\Documents\how_decrypt.html
2014-12-08 14:39 - 2014-12-08 15:41 - 00004651 _____ () C:\Users\Josh\AppData\Roaming\how_decrypt.html
2014-12-08 13:41 - 2014-12-08 13:41 - 00004651 _____ () C:\Users\Josh\how_decrypt.html
2014-12-08 13:41 - 2014-12-08 13:41 - 00004651 _____ () C:\Users\Josh\AppData\Local\how_decrypt.html
2014-12-08 13:40 - 2014-12-08 13:40 - 00004651 _____ () C:\Users\Default\how_decrypt.html
2014-12-08 13:02 - 2014-12-08 13:02 - 00004651 _____ () C:\how_decrypt.html
C:\Users\Josh\AppData\Local\Temp\conhost.exe
  • Save the file to your desktop and name it as fixlist.txt

Note: It's important that both files, FRST.exe/FRST64.exe and fixlist.txt are in the same location or the fix will not work
NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

  • Run FRST.exe/FRST64.exe and press the Fix button just once and wait
  • If for some reason the tool needs a restart, please make sure you let the system restart normally, then let the tool complete its run
  • When finished, FRST will generate a log (Fixlog.txt) in the same location the tool was run.
  • Please copy and paste the log in your next reply.

--------------
 
To recap, in your next reply I would like to see the following. Make sure to copy & paste them unless I ask otherwise:

  • Fixlog.txt

xXToffeeXx~


~If I am helping you and you have not had a reply from me in two days, please send me a PM~

 

logo-25.pngID Ransomware - Identify What Ransomware Encrypted Your Files [Support Topic] - If we have helped you out and you want to support what we do, you can do so here

 

 ~Twitter~ | ~Malware Analyst at Emsisoft~


#13 xXToffeeXx

xXToffeeXx

    Bleepin' Polar Bear


  • Malware Response Instructor
  • 6,085 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:The Arctic Circle
  • Local time:03:35 PM

Posted 04 January 2015 - 10:35 AM

Hi TheBladeRoden,
 
This is a 3 day bump:
 
It has been more than 3 days since my last post.

  • Do you still need help with this?
  • If after 48hrs you have not replied to this thread then it will have to be closed.

xXToffeeXx~


~If I am helping you and you have not had a reply from me in two days, please send me a PM~

 

logo-25.pngID Ransomware - Identify What Ransomware Encrypted Your Files [Support Topic] - If we have helped you out and you want to support what we do, you can do so here

 

 ~Twitter~ | ~Malware Analyst at Emsisoft~


#14 TheBladeRoden

TheBladeRoden
  • Topic Starter

  • Members
  • 30 posts
  • OFFLINE
  •  
  • Local time:09:35 AM

Posted 04 January 2015 - 05:34 PM

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 04-01-2015
Ran by Josh at 2015-01-04 17:32:38 Run:2
Running from H:\
Loaded Profile: Josh (Available profiles: Josh)
Boot Mode: Normal
==============================================

Content of fixlist:
*****************
HKLM-x32\...\Run: [] => [X]
HKU\S-1-5-21-1096825299-2601053131-2088073329-1001\...\Run: [AdobeBridge] => [X]
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\S-1-5-21-1096825299-2601053131-2088073329-1001\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
FF DefaultSearchEngine: Yahoo
Folder: C:\Windows\SysWOW64\%LOCALAPPDATA%
Folder: C:\Users\Public\Suspicious
Folder: C:\Users\Public\Suspicious2
2014-12-08 16:03 - 2014-12-08 16:03 - 00004651 _____ () C:\Users\Josh\Documents\how_decrypt.html
2014-12-08 14:39 - 2014-12-08 15:41 - 00004651 _____ () C:\Users\Josh\AppData\Roaming\how_decrypt.html
2014-12-08 13:41 - 2014-12-08 13:41 - 00004651 _____ () C:\Users\Josh\how_decrypt.html
2014-12-08 13:41 - 2014-12-08 13:41 - 00004651 _____ () C:\Users\Josh\AppData\Local\how_decrypt.html
2014-12-08 13:40 - 2014-12-08 13:40 - 00004651 _____ () C:\Users\Default\how_decrypt.html
2014-12-08 13:02 - 2014-12-08 13:02 - 00004651 _____ () C:\how_decrypt.html
C:\Users\Josh\AppData\Local\Temp\conhost.exe
*****************

HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\ => value deleted successfully.
HKU\S-1-5-21-1096825299-2601053131-2088073329-1001\Software\Microsoft\Windows\CurrentVersion\Run\\AdobeBridge => value deleted successfully.
"HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer" => Key deleted successfully.
"HKU\S-1-5-21-1096825299-2601053131-2088073329-1001\SOFTWARE\Policies\Microsoft\Internet Explorer" => Key deleted successfully.
Firefox DefaultSearchEngine deleted successfully.

========================= Folder: C:\Windows\SysWOW64\%LOCALAPPDATA% ========================

2014-12-11 06:01 - 2014-12-11 11:11 - 0000000 ____D () C:\Windows\SysWOW64\%LOCALAPPDATA%\CrashDumps
2014-12-11 06:01 - 2014-12-11 06:01 - 2776321 _____ () C:\Windows\SysWOW64\%LOCALAPPDATA%\CrashDumps\1168.dmp
2014-12-11 11:11 - 2014-12-11 11:11 - 1129880 _____ () C:\Windows\SysWOW64\%LOCALAPPDATA%\CrashDumps\1412.dmp

====== End of Folder: ======

========================= Folder: C:\Users\Public\Suspicious ========================

2014-12-10 07:05 - 2014-12-13 18:07 - 0000000 ____D () C:\Users\Public\Suspicious\clicker3a
2014-12-10 07:05 - 2014-12-13 18:07 - 0000000 ____D () C:\Users\Public\Suspicious\clicker3b
2014-12-10 07:31 - 2014-12-13 18:07 - 0000000 ____D () C:\Users\Public\Suspicious\conhost1
2014-12-10 07:32 - 2014-12-13 18:07 - 0000000 ____D () C:\Users\Public\Suspicious\conhost2

====== End of Folder: ======

========================= Folder: C:\Users\Public\Suspicious2 ========================

2014-12-11 03:46 - 2005-06-02 11:23 - 0057344 _____ () C:\Users\Public\Suspicious2\f21226904.dll
2014-12-11 03:33 - 2014-12-08 18:10 - 0147880 _____ () C:\Users\Public\Suspicious2\GDIPFONTCACHEV1.DAT
2014-12-11 03:29 - 2014-12-10 06:57 - 0084320 _____ () C:\Users\Public\Suspicious2\installer_adobe_flash_player_English[1].exe
2014-12-11 03:41 - 2014-12-08 12:14 - 0035949 _____ () C:\Users\Public\Suspicious2\ljd4sbp5vw[1].htm
2014-12-11 06:59 - 2014-12-11 06:59 - 0000000 ____D () C:\Users\Public\Suspicious2\LocalCopy
2014-12-11 06:59 - 2014-12-08 13:19 - 0000292 _____ () C:\Users\Public\Suspicious2\LocalCopy\{0B751D0F-1A83-4255-9C73-FAB836B515A3}
2014-12-11 06:59 - 2014-12-08 13:10 - 0000292 _____ () C:\Users\Public\Suspicious2\LocalCopy\{108986D8-E322-495B-9270-CEA261868A59}
2014-12-11 06:59 - 2014-12-08 20:12 - 0260327 _____ () C:\Users\Public\Suspicious2\LocalCopy\{16F04238-E29E-EFA5-561A-37B9336E00E6}-rasyag.exe
2014-12-11 06:59 - 2014-12-08 17:34 - 0260327 _____ () C:\Users\Public\Suspicious2\LocalCopy\{1846A3D1-CA1F-0B58-B1D6-3C20B6748CA8}-rasyag.exe
2014-12-11 06:59 - 2014-12-08 13:20 - 0000292 _____ () C:\Users\Public\Suspicious2\LocalCopy\{1B5DFBA4-94F0-46C3-8CCA-1DCBF829F234}
2014-12-11 06:59 - 2014-12-08 13:32 - 0325678 _____ () C:\Users\Public\Suspicious2\LocalCopy\{1D2BC9E7-760B-C3E2-AF41-1980028BBB06}-7942.tmp
2014-12-11 06:59 - 2014-12-08 17:34 - 0325166 _____ () C:\Users\Public\Suspicious2\LocalCopy\{20635102-67A8-EB03-2AD3-5AA324F057EA}-7942.tmp
2014-12-11 06:59 - 2014-12-08 13:18 - 0000292 _____ () C:\Users\Public\Suspicious2\LocalCopy\{25C5D50E-0CD2-4B09-B249-69E20FA6AE51}
2014-12-11 06:59 - 2014-12-08 17:34 - 0260327 _____ () C:\Users\Public\Suspicious2\LocalCopy\{3726C152-CF8C-2E8C-3461-A05E6A3889EE}-UpdateFlashPlayer_f43266db.exe
2014-12-11 06:59 - 2014-12-08 13:32 - 0325678 _____ () C:\Users\Public\Suspicious2\LocalCopy\{37839F41-F1D4-AFCA-B074-CF1C971901C7}-7942.tmp
2014-12-11 06:59 - 2014-12-08 20:08 - 0000768 _____ () C:\Users\Public\Suspicious2\LocalCopy\{39493C90-E73B-4694-86D5-856B27BD5455}
2014-12-11 06:59 - 2014-12-08 13:32 - 0325678 _____ () C:\Users\Public\Suspicious2\LocalCopy\{40D9F1CB-0A5A-B369-C94C-6F77487341D1}-7942.tmp
2014-12-11 06:59 - 2014-12-08 13:32 - 0325678 _____ () C:\Users\Public\Suspicious2\LocalCopy\{5E8276A2-3BC5-1E2A-9CDB-D36BA1FF513F}-7942.tmp
2014-12-11 06:59 - 2014-12-08 17:34 - 0001056 _____ () C:\Users\Public\Suspicious2\LocalCopy\{60C0EEB7-8E27-41A1-AAD8-7E2365F4229E}
2014-12-11 06:59 - 2014-12-08 13:00 - 0000292 _____ () C:\Users\Public\Suspicious2\LocalCopy\{628D35DB-0419-4460-95BC-CABE74597246}
2014-12-11 06:59 - 2014-12-08 13:32 - 0325678 _____ () C:\Users\Public\Suspicious2\LocalCopy\{6FFCCD6E-9083-3F75-9D05-A7AFC438357B}-7942.tmp
2014-12-11 06:59 - 2014-12-08 13:14 - 0000292 _____ () C:\Users\Public\Suspicious2\LocalCopy\{70F9A36E-FCD1-4DEC-BDF8-3ACED82C5060}
2014-12-11 06:59 - 2014-12-08 13:16 - 0000292 _____ () C:\Users\Public\Suspicious2\LocalCopy\{79599883-19AA-4ADF-B485-85D89597D8A2}
2014-12-11 06:59 - 2014-12-08 16:52 - 0000574 _____ () C:\Users\Public\Suspicious2\LocalCopy\{813C5044-8EE2-6250-058D-855997BBECA3}
2014-12-11 06:59 - 2014-12-08 13:32 - 0325678 _____ () C:\Users\Public\Suspicious2\LocalCopy\{82C4B5F9-75BB-68BC-5F9C-ED5D7BA39728}-7942.tmp
2014-12-11 06:59 - 2014-12-08 13:32 - 0325678 _____ () C:\Users\Public\Suspicious2\LocalCopy\{8602B1D4-8771-2EA9-3547-DB8F0FC67C3C}-7942.tmp
2014-12-11 06:59 - 2014-12-08 16:59 - 0260327 _____ () C:\Users\Public\Suspicious2\LocalCopy\{871F1C47-7FC0-CE3B-FB26-E38E4042A8E1}-UpdateFlashPlayer_f43266db.exe
2014-12-11 06:59 - 2014-12-08 20:12 - 0260327 _____ () C:\Users\Public\Suspicious2\LocalCopy\{8FE7F0C9-1CF5-1B72-AE66-A14A26F4E542}-UpdateFlashPlayer_f43266db.exe
2014-12-11 06:59 - 2014-12-08 13:32 - 0325678 _____ () C:\Users\Public\Suspicious2\LocalCopy\{96043E0E-ED38-9DBF-7E14-ED9BA869DC05}-7942.tmp
2014-12-11 06:59 - 2014-12-08 13:08 - 0000292 _____ () C:\Users\Public\Suspicious2\LocalCopy\{9ABFC93D-4626-4F48-9835-3ACF1367F453}
2014-12-11 06:59 - 2014-12-08 16:59 - 0260327 _____ () C:\Users\Public\Suspicious2\LocalCopy\{A458483C-6F0C-DB1F-2219-CD615ADB293B}-rasyag.exe
2014-12-11 06:59 - 2014-12-08 12:59 - 0000292 _____ () C:\Users\Public\Suspicious2\LocalCopy\{A675ED3A-B1E9-49AE-9E17-EF548F123BEC}
2014-12-11 06:59 - 2014-12-08 17:02 - 0325166 _____ () C:\Users\Public\Suspicious2\LocalCopy\{AB3E890B-3C76-37D6-D9D4-F7A52448A267}-7942.tmp
2014-12-11 06:59 - 2014-12-08 13:32 - 0325678 _____ () C:\Users\Public\Suspicious2\LocalCopy\{B0637160-1C67-9598-9F17-3F24D0E1CFD7}-7942.tmp
2014-12-11 06:59 - 2014-12-08 16:59 - 0325166 _____ () C:\Users\Public\Suspicious2\LocalCopy\{B4DF4715-54FB-3337-564F-008E81AF8FD5}-7942.tmp
2014-12-11 06:59 - 2014-12-08 16:59 - 0001056 _____ () C:\Users\Public\Suspicious2\LocalCopy\{BA84A588-96E8-45CE-A9E9-4A21A6F8DEB7}
2014-12-11 06:59 - 2014-12-08 13:02 - 0000292 _____ () C:\Users\Public\Suspicious2\LocalCopy\{C296B22C-A92D-4436-981E-81E23C885507}
2014-12-11 06:59 - 2014-12-08 13:16 - 0000292 _____ () C:\Users\Public\Suspicious2\LocalCopy\{C6552A29-922C-42CC-BB51-DD141160B4AD}
2014-12-11 06:59 - 2014-12-08 13:32 - 0325678 _____ () C:\Users\Public\Suspicious2\LocalCopy\{C7491061-1D91-5B59-D440-7E9877805B41}-7942.tmp
2014-12-11 06:59 - 2014-12-08 13:32 - 0325678 _____ () C:\Users\Public\Suspicious2\LocalCopy\{CEBACB1B-46A1-7F9D-807F-125A27E6F661}-7942.tmp
2014-12-11 06:59 - 2014-12-08 17:02 - 0001056 _____ () C:\Users\Public\Suspicious2\LocalCopy\{DB0C3845-69DF-4C34-8177-47859B1377F0}
2014-12-11 06:59 - 2014-12-08 13:06 - 0000292 _____ () C:\Users\Public\Suspicious2\LocalCopy\{DE1B03DE-3C75-4784-89A0-B5DD9E49D216}
2014-12-11 06:59 - 2014-12-08 13:32 - 0325678 _____ () C:\Users\Public\Suspicious2\LocalCopy\{E28E107C-3A7A-25CA-B7FE-AB98DCC17679}-7942.tmp
2014-12-11 06:59 - 2014-12-08 13:14 - 0000292 _____ () C:\Users\Public\Suspicious2\LocalCopy\{EBB9A25F-CFD9-4D46-BE90-7FBD959717F2}
2014-12-11 06:59 - 2014-12-08 20:12 - 0000768 _____ () C:\Users\Public\Suspicious2\LocalCopy\{ED0B6B7C-1170-4E58-81ED-9E11B6A14E12}
2014-12-11 06:59 - 2014-12-08 13:12 - 0000292 _____ () C:\Users\Public\Suspicious2\LocalCopy\{F50D59F3-1E63-4305-8111-6DE8973C5A9C}
2014-12-11 06:59 - 2014-12-08 13:32 - 0325678 _____ () C:\Users\Public\Suspicious2\LocalCopy\{F6F01EBB-B864-E8D4-9E8A-D5DFC33CFA2E}-7942.tmp
2014-12-11 06:59 - 2014-12-08 13:02 - 0000292 _____ () C:\Users\Public\Suspicious2\LocalCopy\{F9F4CC6C-0624-4170-AF30-FCAC5B7B050A}
2014-12-11 06:59 - 2014-12-08 13:32 - 0025445 _____ () C:\Users\Public\Suspicious2\LocalCopy\how_decrypt.gif
2014-12-11 06:59 - 2014-12-08 13:32 - 0004651 _____ () C:\Users\Public\Suspicious2\LocalCopy\how_decrypt.html
2014-12-11 04:49 - 2014-12-13 05:33 - 0000000 ____D () C:\Users\Public\Suspicious2\Temp
2014-12-11 04:49 - 2014-12-08 14:20 - 0033280 _____ () C:\Users\Public\Suspicious2\Temp\~DF183CE287A60A1F04.TMP
2014-12-11 04:49 - 2014-12-08 14:20 - 0016896 _____ () C:\Users\Public\Suspicious2\Temp\~DF5271251087B8BC07.TMP
2014-12-11 04:49 - 2014-12-08 14:20 - 0033280 _____ () C:\Users\Public\Suspicious2\Temp\~DFB723FA6E718B67DF.TMP
2014-12-11 04:49 - 2014-12-08 14:20 - 0016896 _____ () C:\Users\Public\Suspicious2\Temp\~DFC608CE9BF0CC40BD.TMP
2014-12-11 04:49 - 2014-12-08 14:19 - 0014872 _____ () C:\Users\Public\Suspicious2\Temp\dat61E5.tmp
2014-12-11 04:49 - 2014-12-08 14:19 - 0022816 _____ () C:\Users\Public\Suspicious2\Temp\dat819D.tmp
2014-12-11 04:49 - 2014-12-08 14:19 - 0021060 _____ () C:\Users\Public\Suspicious2\Temp\dat81AE.tmp
2014-12-11 04:49 - 2014-12-08 14:19 - 0020876 _____ () C:\Users\Public\Suspicious2\Temp\dat81AF.tmp
2014-12-11 04:49 - 2014-12-08 14:19 - 0020312 _____ () C:\Users\Public\Suspicious2\Temp\dat81C0.tmp
2014-12-11 04:49 - 2014-12-08 14:19 - 0014872 _____ () C:\Users\Public\Suspicious2\Temp\dat8D0D.tmp
2014-12-11 04:49 - 2014-12-08 14:19 - 0026224 _____ () C:\Users\Public\Suspicious2\Temp\dat91AD.tmp
2014-12-11 04:49 - 2014-12-08 14:19 - 0021708 _____ () C:\Users\Public\Suspicious2\Temp\dat91BD.tmp
2014-12-11 04:49 - 2014-12-08 14:19 - 0023332 _____ () C:\Users\Public\Suspicious2\Temp\dat91CE.tmp
2014-12-11 04:49 - 2014-12-08 14:19 - 0021688 _____ () C:\Users\Public\Suspicious2\Temp\dat91CF.tmp
2014-12-11 04:49 - 2014-12-08 14:19 - 0022972 _____ () C:\Users\Public\Suspicious2\Temp\dat91D0.tmp
2014-12-11 04:49 - 2014-12-08 14:19 - 0021188 _____ () C:\Users\Public\Suspicious2\Temp\dat91E0.tmp
2014-12-11 04:49 - 2014-12-08 14:19 - 0022476 _____ () C:\Users\Public\Suspicious2\Temp\dat91E1.tmp
2014-12-11 04:49 - 2014-12-08 14:19 - 0020308 _____ () C:\Users\Public\Suspicious2\Temp\dat91F2.tmp
2014-12-11 04:49 - 2014-12-08 14:19 - 0021380 _____ () C:\Users\Public\Suspicious2\Temp\dat9203.tmp
2014-12-11 04:49 - 2014-12-08 14:19 - 0026224 _____ () C:\Users\Public\Suspicious2\Temp\dat98D0.tmp
2014-12-11 04:49 - 2014-12-08 14:19 - 0021708 _____ () C:\Users\Public\Suspicious2\Temp\dat98D1.tmp
2014-12-11 04:49 - 2014-12-08 14:19 - 0023332 _____ () C:\Users\Public\Suspicious2\Temp\dat98E2.tmp
2014-12-11 04:49 - 2014-12-08 14:19 - 0021688 _____ () C:\Users\Public\Suspicious2\Temp\dat98E3.tmp
2014-12-11 04:49 - 2014-12-08 14:19 - 0022972 _____ () C:\Users\Public\Suspicious2\Temp\dat99FD.tmp
2014-12-11 04:49 - 2014-12-08 14:19 - 0021188 _____ () C:\Users\Public\Suspicious2\Temp\dat9A0D.tmp
2014-12-11 04:49 - 2014-12-08 14:19 - 0022476 _____ () C:\Users\Public\Suspicious2\Temp\dat9A1E.tmp
2014-12-11 04:49 - 2014-12-08 14:19 - 0020308 _____ () C:\Users\Public\Suspicious2\Temp\dat9A7F.tmp
2014-12-11 04:49 - 2014-12-08 14:19 - 0021380 _____ () C:\Users\Public\Suspicious2\Temp\dat9A8D.tmp
2014-12-11 04:49 - 2014-12-08 14:19 - 0021708 _____ () C:\Users\Public\Suspicious2\Temp\datC324.tmp
2014-12-11 04:49 - 2014-12-08 14:19 - 0023332 _____ () C:\Users\Public\Suspicious2\Temp\datC43E.tmp
2014-12-11 04:49 - 2014-12-08 14:19 - 0014872 _____ () C:\Users\Public\Suspicious2\Temp\datCD35.tmp
2014-12-11 04:49 - 2014-12-08 14:19 - 0026224 _____ () C:\Users\Public\Suspicious2\Temp\datD5B2.tmp
2014-12-11 04:49 - 2014-12-08 14:19 - 0021708 _____ () C:\Users\Public\Suspicious2\Temp\datD5B3.tmp
2014-12-11 04:49 - 2014-12-08 14:19 - 0023332 _____ () C:\Users\Public\Suspicious2\Temp\datD5C3.tmp
2014-12-11 04:49 - 2014-12-08 14:19 - 0021688 _____ () C:\Users\Public\Suspicious2\Temp\datD5E3.tmp
2014-12-11 04:49 - 2014-12-08 14:19 - 0022972 _____ () C:\Users\Public\Suspicious2\Temp\datD5F4.tmp
2014-12-11 04:49 - 2014-12-08 14:19 - 0021188 _____ () C:\Users\Public\Suspicious2\Temp\datD5F5.tmp
2014-12-11 04:49 - 2014-12-08 14:19 - 0022476 _____ () C:\Users\Public\Suspicious2\Temp\datD606.tmp
2014-12-11 04:49 - 2014-12-08 14:19 - 0020308 _____ () C:\Users\Public\Suspicious2\Temp\datD616.tmp
2014-12-11 04:49 - 2014-12-08 14:19 - 0021380 _____ () C:\Users\Public\Suspicious2\Temp\datD617.tmp
2014-12-11 04:49 - 2014-12-08 14:19 - 0029104 _____ () C:\Users\Public\Suspicious2\Temp\datDC94.tmp
2014-12-11 04:49 - 2014-12-08 14:19 - 0032176 _____ () C:\Users\Public\Suspicious2\Temp\datDCA5.tmp
2014-12-11 04:49 - 2014-12-08 14:19 - 0030644 _____ () C:\Users\Public\Suspicious2\Temp\datDCB5.tmp
2014-12-11 04:49 - 2014-12-08 14:19 - 0034684 _____ () C:\Users\Public\Suspicious2\Temp\datDCB6.tmp
2014-12-11 04:49 - 2014-12-08 14:19 - 0013260 _____ () C:\Users\Public\Suspicious2\Temp\datDCC7.tmp
2014-12-11 04:49 - 2014-12-08 14:19 - 0014872 _____ () C:\Users\Public\Suspicious2\Temp\datE68E.tmp
2014-12-11 04:49 - 2014-12-08 14:19 - 0021708 _____ () C:\Users\Public\Suspicious2\Temp\datEC85.tmp
2014-12-11 04:49 - 2014-12-08 14:19 - 0023332 _____ () C:\Users\Public\Suspicious2\Temp\datEC96.tmp
2014-12-11 04:49 - 2014-12-08 14:19 - 2917344 _____ () C:\Users\Public\Suspicious2\Temp\fla2D3.tmp
2014-12-11 04:49 - 2014-12-08 14:19 - 2917344 _____ () C:\Users\Public\Suspicious2\Temp\fla46C3.tmp
2014-12-11 04:49 - 2014-12-08 14:19 - 0289648 _____ () C:\Users\Public\Suspicious2\Temp\fla46C4.tmp
2014-12-11 04:49 - 2014-12-08 14:19 - 11850609 _____ () C:\Users\Public\Suspicious2\Temp\fla5814.tmp
2014-12-11 04:49 - 2014-12-08 14:19 - 1285341 _____ () C:\Users\Public\Suspicious2\Temp\fla6510.tmp
2014-12-11 04:49 - 2014-12-08 14:19 - 3578254 _____ () C:\Users\Public\Suspicious2\Temp\fla657D.tmp
2014-12-11 04:49 - 2014-12-08 14:19 - 3814258 _____ () C:\Users\Public\Suspicious2\Temp\fla658E.tmp
2014-12-11 04:49 - 2014-12-08 14:19 - 6193736 _____ () C:\Users\Public\Suspicious2\Temp\fla65EB.tmp
2014-12-11 04:49 - 2014-12-08 14:19 - 9373112 _____ () C:\Users\Public\Suspicious2\Temp\fla6715.tmp
2014-12-11 04:49 - 2014-12-08 14:19 - 1069305 _____ () C:\Users\Public\Suspicious2\Temp\fla686E.tmp
2014-12-11 04:49 - 2014-12-08 14:19 - 1630042 _____ () C:\Users\Public\Suspicious2\Temp\fla8B26.tmp
2014-12-11 04:49 - 2014-12-08 14:19 - 1834729 _____ () C:\Users\Public\Suspicious2\Temp\fla93C8.tmp
2014-12-11 04:49 - 2014-12-08 14:19 - 2917344 _____ () C:\Users\Public\Suspicious2\Temp\flaA7C3.tmp
2014-12-11 04:49 - 2014-12-08 14:19 - 0289648 _____ () C:\Users\Public\Suspicious2\Temp\flaA7E3.tmp
2014-12-11 04:49 - 2014-12-08 14:19 - 2476901 _____ () C:\Users\Public\Suspicious2\Temp\flaB6EA.tmp
2014-12-11 04:49 - 2014-12-08 14:19 - 1632054 _____ () C:\Users\Public\Suspicious2\Temp\flaE93.tmp
2014-12-11 04:49 - 2014-12-08 14:20 - 0025445 _____ () C:\Users\Public\Suspicious2\Temp\how_decrypt.gif
2014-12-11 04:49 - 2014-12-08 14:20 - 0004651 _____ () C:\Users\Public\Suspicious2\Temp\how_decrypt.html
2014-12-11 04:49 - 2014-12-08 14:20 - 2707140 _____ () C:\Users\Public\Suspicious2\Temp\KB2978128_20141129_064210941-Microsoft .NET Framework 4.5.1-MSP0.txt
2014-12-11 03:13 - 2014-12-11 03:14 - 0000000 ____D () C:\Users\Public\Suspicious2\Temporary Internet Files
2014-12-11 03:14 - 2014-11-29 05:58 - 0000128 _____ () C:\Users\Public\Suspicious2\Temporary Internet Files\counters.dat
2014-12-11 03:13 - 2014-12-11 03:14 - 0000000 ____D () C:\Users\Public\Suspicious2\Temporary Internet Files\Content.IE5
2014-12-11 03:14 - 2014-11-29 05:58 - 0000000 ___SH () C:\Users\Public\Suspicious2\Temporary Internet Files\Content.IE5\container.dat
2014-12-11 03:10 - 2014-12-11 03:14 - 0000000 ____D () C:\Users\Public\Suspicious2\Temporary Internet Files\Content.IE5\D9MUVH2Q
2014-12-11 03:14 - 2014-11-29 05:58 - 0036682 _____ () C:\Users\Public\Suspicious2\Temporary Internet Files\Content.IE5\D9MUVH2Q\cd8e0a126d3c528fce042dfb7f0f725055a04712d171ad0f94f94d5173cd90d2[1].htm
2014-12-11 03:14 - 2014-11-29 05:58 - 0025798 _____ () C:\Users\Public\Suspicious2\Temporary Internet Files\Content.IE5\D9MUVH2Q\ce200277d56ff1a33a8d04abb7213df24cfa43180504c91efcca522841287844[1].js
2014-12-11 03:14 - 2014-11-29 05:59 - 0006939 _____ () C:\Users\Public\Suspicious2\Temporary Internet Files\Content.IE5\D9MUVH2Q\e7e8ed993b30ab4d21dd13a6b4dd7367308b8b329fcc9abb47795925b3b8f9d0[1].swf

====== End of Folder: ======

C:\Users\Josh\Documents\how_decrypt.html => Moved successfully.
C:\Users\Josh\AppData\Roaming\how_decrypt.html => Moved successfully.
C:\Users\Josh\how_decrypt.html => Moved successfully.
C:\Users\Josh\AppData\Local\how_decrypt.html => Moved successfully.
C:\Users\Default\how_decrypt.html => Moved successfully.
C:\how_decrypt.html => Moved successfully.
"C:\Users\Josh\AppData\Local\Temp\conhost.exe" => File/Directory not found.

==== End of Fixlog 17:32:45 ====



#15 xXToffeeXx

xXToffeeXx

    Bleepin' Polar Bear


  • Malware Response Instructor
  • 6,085 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:The Arctic Circle
  • Local time:03:35 PM

Posted 05 January 2015 - 01:33 PM

Hi TheBladeRoden,
 
We need to run a fix with FRST:

  • Press the windows key Windows_Logo_key.gif + r on your keyboard at the same time. Type in notepad and press Enter.
  • Copy and paste the script below in the notepad document:​
C:\Users\Public\Suspicious
C:\Users\Public\Suspicious2
  • Save the file to your desktop and name it as fixlist.txt

Note: It's important that both files, FRST.exe/FRST64.exe and fixlist.txt are in the same location or the fix will not work
NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

  • Run FRST.exe/FRST64.exe and press the Fix button just once and wait
  • If for some reason the tool needs a restart, please make sure you let the system restart normally, then let the tool complete its run
  • When finished, FRST will generate a log (Fixlog.txt) in the same location the tool was run.
  • Please copy and paste the log in your next reply.

--------------

Download Emsisoft Emergency Kit and save it to your desktop. Double click on EmsisoftEmergencyKit.exe to extract its contents and create a shortcut on the desktop. Leave all settings as they are and click  Accept & Extract. A folder named EEK will be created in the root of the drive (usually c:\). .

  • After extraction an Emsisoft Emergency Kit window will open. Under "Run Directly:" click Emergency Kit Scanner.
  • When asked to run an online update, click Yes.
  • When the update is finished, click the Back to Security Status link in the left corner. On the main screen click the Scan Now button.
  • Select the Full Scan option and click the SCAN button.
  • When the scan is finished click the Quarantine selected objects button. Note, this option is only available if malicious objects were detected during the scan.
  • Click the View Report button and in the Reports window double-click on the most recent log. Note, logs are named as follows: a2scan_<date>-<time>.txt.
  • Copy/paste the report contents in your next reply.

--------------
 
This scan can take a long time, so it is best done overnight or when you do not need the computer
 
I'd like us to scan your machine with ESET OnlineScan

  • Hold down Control and click on this link to open ESET OnlineScan in a new window.
  • Click the esetonlinebtn.png button.
  • For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
    • Click on esetsmartinstaller_enu.exe to download the ESET Smart Installer. Save it to your desktop.
    • Double click on the esetsmartinstaller_enu.png icon on your desktop.
  • Check "YES, I accept the Terms of Use."
  • Click the Start button.
  • Accept any security warnings from your browser.
  • Under scan settings, check "Scan Archives" and "Remove found threats"
  • Click Advanced settings and select the following:
    • Scan potentially unwanted applications
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth technology
  • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  • When the scan completes, click List Threats
  • Click Export, and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
  • Click the Back button.
  • Click the Finish button.

--------------
 
To recap, in your next reply I would like to see the following. Make sure to copy & paste them unless I ask otherwise:

  • Fixlog.txt
  • Emsisoft log
  • ESET log

xXToffeeXx~


~If I am helping you and you have not had a reply from me in two days, please send me a PM~

 

logo-25.pngID Ransomware - Identify What Ransomware Encrypted Your Files [Support Topic] - If we have helped you out and you want to support what we do, you can do so here

 

 ~Twitter~ | ~Malware Analyst at Emsisoft~





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users