Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Fake Google Chrome Process/Virus -Cannot close or remove


  • This topic is locked This topic is locked
43 replies to this topic

#1 TxBrandi

TxBrandi

  • Members
  • 24 posts
  • OFFLINE
  •  
  • Local time:12:05 AM

Posted 14 January 2015 - 11:32 AM

Please forgive me that I do not understand a lot about these types of things!  I have been reading other posts with similar situations, but do not understand what I read -as I don't know what a log is or even understand some of the steps.  If you can, please speak in "Crayola" for me!  I was able to follow the directions I found for creating the DDS and attach files (thanks to through instructions even though I don't know what they are!).   So here's my problem.

 

My computer (Dell -Windows 7 Home Premium -64 bit) started running really slow suddenly.  I opened up the task manager and saw that there were 12 instances of the same thing running -the image name was: vlvfbmxlyv.exe *32  - The description said:  Google Chrome.  The memory column for all of these said anywhere between 25,000 and 140,000.  I had Google Chrome installed, but we never use it (I use mostly IE 11.0 and sometimes Firefox as required by my son's homeschool).  I tried closing the processes and after a couple of them, more would generate so it was impossible.  I knew enough to know this sounds like a virus. I typed in the image name in a search but not a thing came up. I went and uninstalled Google Chrome (just in case it was something else) -restarted the computer and checked, but they were still there.  I ran a full scan with Microsoft Security Essentials (my only virus protection as it has worked for years for me) but it found nothing (and took a very long time).   Restarted -still there.  After all of this, I did see one message pop up -something about Google Chrome (that I had uninstalled) had to close -did I want to re-open or something along those lines -I just clicked the red x to close it.

 

Can you help (with detailed instructions?)  Thanks for your time in advance!

 

p.s.  I don't know what a DDS is, but I just pasted it and browsed through it -I do see that image file name there under:  C:\Users\TheMills\AppData\LocalLow\Temp\eezredtglcs\Tyqxlrhfp\vlvfbmxlyv.exe  -not sure what that means -just thought I'd call attention to it.

 

Here is the DDS:

 

DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 11.0.9600.17496  BrowserJavaVersion: 10.71.2
Run by TheMills at 10:59:46 on 2015-01-14
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.1.1033.18.6049.2152 [GMT -5:00]
.
AV: Microsoft Security Essentials *Enabled/Updated* {4F35CFC4-45A3-FC37-EF17-759A02E39AB1}
SP: Microsoft Security Essentials *Enabled/Updated* {F4542E20-6399-F3B9-D5A7-4EE87964D00C}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
C:\Windows\system32\svchost.exe -k RPCSS
c:\Program Files\Microsoft Security Client\MsMpEng.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Program Files (x86)\Sensible Vision\Fast Access\FAService.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\svchost.exe -k NetworkService
C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
C:\Windows\system32\nvvsvc.exe
C:\Windows\SYSTEM32\WISPTIS.EXE
C:\Windows\SYSTEM32\WISPTIS.EXE
C:\Program Files\Common Files\microsoft shared\ink\TabTip.exe
C:\Windows\system32\WLANExt.exe
C:\Program Files (x86)\Common Files\Microsoft Shared\Ink\TabTip32.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\taskhost.exe
C:\Program Files (x86)\Common Files\EPSON\EBAPI\eEBSVC.exe
c:\Program Files (x86)\Adobe\Elements 9 Organizer\PhotoshopElementsFileAgent.exe
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files (x86)\Dell Wireless\Ath_CoexAgent.exe
C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\adminservice.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe
C:\Windows\system32\Dwm.exe
C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe
C:\Windows\Explorer.EXE
C:\Program Files (x86)\CheckPoint\SSL Network Extender\slimsvc.exe
C:\Program Files (x86)\DELL\DELLOSD\DellOSDService.exe
C:\Program Files (x86)\DELL\DELLOSD\TestDispChangedEvent.exe
C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_S50STB.EXE
C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_S50RPB.EXE
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files (x86)\Fitbit Connect\FitbitConnectService.exe
C:\Program Files (x86)\Garmin\Core Update Service\Garmin.Cartography.MapUpdate.CoreService.exe
C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
C:\Program Files\Microsoft Security Client\msseces.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files (x86)\Garmin\Express Tray\ExpressTray.exe
C:\Users\TheMills\AppData\Local\Programs\Google\MusicManager\MusicManager.exe
C:\Program Files (x86)\Fitbit Connect\Fitbit Connect.exe
C:\Program Files (x86)\Siber Systems\AI RoboForm\robotaskbaricon.exe
C:\Users\TheMills\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe
C:\Windows\System32\regsvr32.exe
C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
C:\Program Files (x86)\DELL\DELLOSD\FastUserSwitching.exe
C:\Program Files (x86)\DELL\Dell KM632 Wireless Keyboard Caps Lock Indicator\LaunchOSDSrv.exe
C:\Users\TheMills\AppData\Roaming\Dropbox\bin\Dropbox.exe
C:\Program Files (x86)\Sensible Vision\Fast Access\FATrayMon.exe
C:\Program Files (x86)\Dell Stage\Dell Stage\AccuWeather\accuweather.exe
C:\Program Files (x86)\DELL\DELLOSD\MediaButtons.exe
C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe
C:\Program Files (x86)\Sensible Vision\Fast Access\FATrayAlert.exe
C:\Program Files (x86)\DELL\DELLOSD\DELLOSD.exe
C:\Windows\SysWOW64\regsvr32.exe
C:\Program Files (x86)\Epson Software\FAX Utility\FUFAXSTM.exe
C:\Program Files (x86)\Sensible Vision\Fast Access\Vendor\FastAccessChatAssist.exe
C:\Program Files (x86)\dcmsvc\dcmsvc.exe
C:\Program Files (x86)\Seagate\Seagate Dashboard\MemeoDashboard.exe
C:\Program Files\Siber Systems\GoodSync\Gs-Server.exe
C:\Program Files (x86)\Memeo\AutoBackup\MemeoBackgroundService.exe
C:\Program Files (x86)\Memeo\AutoBackup\InstantBackup.exe
C:\Program Files (x86)\Dell\Dell Datasafe Online\NOBuAgent.exe
C:\Program Files (x86)\Dell\Dell KM632 Wireless Keyboard Caps Lock Indicator\OSDSrv.exe
c:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe
C:\Program Files (x86)\Dell\Dell KM632 Wireless Keyboard Caps Lock Indicator\IndicatorOSD.exe
C:\Program Files (x86)\Seagate\Seagate Dashboard\SeagateDashboardService.exe
C:\Program Files (x86)\Dell DataSafe Local Backup\sftservice.EXE
C:\Windows\SysWOW64\SAgent4.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files (x86)\Dell DataSafe Local Backup\TOASTER.EXE
C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpd.exe
C:\Program Files\VMware\VMware View\Client\bin\wsnm.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files\VMware\VMware View\Client\bin\wsnm_usbctrl.exe
C:\Program Files (x86)\Dell DataSafe Local Backup\COMPONENTS\SCHEDULER\STSERVICE.EXE
c:\Program Files\Microsoft Security Client\NisSrv.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\svchost.exe -k bthsvcs
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files (x86)\Seagate\Seagate Dashboard\HipServAgent\HipServAgent.exe
C:\Program Files\Common Files\Microsoft Shared\Ink\InputPersonalization.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Program Files (x86)\Adobe\Elements 9 Organizer\Mozilla\updater.exe
C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
C:\Program Files (x86)\Nero\Update\NASvc.exe
C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
C:\Windows\system32\svchost.exe -k SDRSVC
C:\Windows\system32\Macromed\Flash\FlashUtil64_16_0_0_257_ActiveX.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
C:\Windows\System32\MsSpellCheckingFacility.exe
C:\Program Files (x86)\Windows Live\Mail\wlmail.exe
C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
C:\Users\TheMills\AppData\LocalLow\Temp\eezredtglcs\Tyqxlrhfp\vlvfbmxlyv.exe
C:\Users\TheMills\AppData\LocalLow\Temp\eezredtglcs\Tyqxlrhfp\vlvfbmxlyv.exe
C:\Users\TheMills\AppData\LocalLow\Temp\eezredtglcs\Tyqxlrhfp\vlvfbmxlyv.exe
C:\Users\TheMills\AppData\LocalLow\Temp\eezredtglcs\Tyqxlrhfp\vlvfbmxlyv.exe
C:\Users\TheMills\AppData\LocalLow\Temp\eezredtglcs\Tyqxlrhfp\vlvfbmxlyv.exe
C:\Users\TheMills\AppData\LocalLow\Temp\eezredtglcs\Tyqxlrhfp\vlvfbmxlyv.exe
C:\Users\TheMills\AppData\LocalLow\Temp\eezredtglcs\Tyqxlrhfp\vlvfbmxlyv.exe
C:\Users\TheMills\AppData\LocalLow\Temp\eezredtglcs\Tyqxlrhfp\vlvfbmxlyv.exe
C:\Users\TheMills\AppData\LocalLow\Temp\eezredtglcs\Tyqxlrhfp\vlvfbmxlyv.exe
C:\Users\TheMills\AppData\LocalLow\Temp\eezredtglcs\Tyqxlrhfp\vlvfbmxlyv.exe
C:\Users\TheMills\AppData\LocalLow\Temp\eezredtglcs\Tyqxlrhfp\vlvfbmxlyv.exe
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.bing.com/
mWinlogon: Userinit = userinit.exe
BHO: RoboForm Toolbar Helper: {724d43a9-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll
BHO: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
BHO: CIESpeechBHO Class: {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} - C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\IEPlugIn.dll
BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Evernote extension: {92EF2EAD-A7CE-4424-B0DB-499CF856608E} - C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll
BHO: Skype Click to Call for Internet Explorer: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL
BHO: Face recognition web login for FastAccess: {DA5BCE70-D057-4D63-943D-5F3927EC59F1} - C:\Program Files (x86)\Sensible Vision\Fast Access\FAIESSO.dll
BHO: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
TB: &RoboForm Toolbar: {724D43A0-0D85-11D4-9908-00400523E39A} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll
TB: &RoboForm Toolbar: {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll
uRun: [Google Update] "C:\Users\TheMills\AppData\Local\Google\Update\GoogleUpdate.exe" /c
uRun: [GarminExpressTrayApp] "C:\Program Files (x86)\Garmin\Express Tray\ExpressTray.exe"
uRun: [MusicManager] "C:\Users\TheMills\AppData\Local\Programs\Google\MusicManager\MusicManager.exe"
uRun: [Fitbit Connect] "C:\Program Files (x86)\Fitbit Connect\Fitbit Connect.exe" /autorun
uRun: [RoboForm] "C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe"
uRun: [3D70DC1269DB14D748698F73CDF518823E0DB99A._service_run] "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=service
uRun: [SkyDrive] "C:\Users\TheMills\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe" /background
uRun: [Lmbbszgsc] regsvr32.exe /s "C:\Users\TheMills\AppData\Local\{CF5ACE5A-F84D-46BD-B183-75934EFC9B5B}\Lmbbszgsc.dll"
uRunOnce: [Uninstall C:\Users\TheMills\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\amd64] C:\Windows\System32\cmd.exe /q /c rmdir /s /q "C:\Users\TheMills\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\amd64"
uRunOnce: [Uninstall C:\Users\TheMills\AppData\Local\Microsoft\SkyDrive\17.0.4024.1220\amd64] C:\Windows\System32\cmd.exe /q /c rmdir /s /q "C:\Users\TheMills\AppData\Local\Microsoft\SkyDrive\17.0.4024.1220\amd64"
uRunOnce: [Uninstall C:\Users\TheMills\AppData\Local\Microsoft\SkyDrive\17.0.4035.0328\amd64] C:\Windows\System32\cmd.exe /q /c rmdir /s /q "C:\Users\TheMills\AppData\Local\Microsoft\SkyDrive\17.0.4035.0328\amd64"
mRun: [DELLOSD] C:\Program Files (x86)\DELL\DELLOSD\FastUserSwitching.exe
mRun: [Chicony_OSD] "C:\Program Files (x86)\Dell\Dell KM632 Wireless Keyboard Caps Lock Indicator\LaunchOSDSrv.exe"
mRun: [StickyNotesWidget] "c:\Program Files (x86)\Dell Touch Software Suite\StickyNotes\notes_startup_widgets.exe" "c:\Program Files (x86)\Dell Touch Software Suite\StickyNotes\start.umj"
mRun: [FATrayAlert] C:\Program Files (x86)\Sensible Vision\Fast Access\FATrayMon.exe
mRun: [FAStartup] <no file>
dRun: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
dRun: [GarminExpressTrayApp] "C:\Program Files (x86)\Garmin\Express Tray\ExpressTray.exe"
StartupFolder: C:\Users\TheMills\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\Dropbox.lnk - C:\Users\TheMills\AppData\Roaming\Dropbox\bin\Dropbox.exe
mPolicies-Explorer: NoActiveDesktop = dword:1
mPolicies-Explorer: NoActiveDesktopChanges = dword:1
mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
IE: {320AF880-6646-11D3-ABEE-C5DBF3571F46} - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll
IE: {320AF880-6646-11D3-ABEE-C5DBF3571F49} - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll
IE: {724d43aa-0d85-11d4-9908-00400523e39a} - {724d43aa-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll
IE: {7815BE26-237D-41A8-A98F-F7BD75F71086} - {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} - C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\IEPlugIn.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
IE: {A95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\Program Files (x86)\Evernote\Evernote\\EvernoteIERes\AddNote.html
Trusted Zone: facebook.com
Trusted Zone: teletech.com
Trusted Zone: teletech.com
Trusted Zone: teletech.com
Trusted Zone: workbooth.com
Trusted Zone: workbooth.com
Trusted Zone: workbooth.com
DPF: Garmin Communicator Plug-In - hxxps://static.garmincdn.com/gcp/ie/4.1.0.0/GarminAxControl_32.CAB
DPF: {414FB93D-DEDD-4FEF-AD7F-167992EBDB52} - hxxps://portal1.workbooth.com//SNX/CSHELL/extender.cab
DPF: {6C269571-C6D7-4818-BCA4-32A035E8C884} - hxxp://ccfiles.creative.com/Web/softwareupdate/su/ocx/15102/CTSUEng.cab
DPF: {74F4F118-91E6-4AFC-B8D2-04066781F239} - hxxps://www.member-data.com/rdc/EZTwainX.cab
DPF: {D4B68B83-8710-488B-A692-D74B50BA558E} - hxxp://ccfiles.creative.com/Web/softwareupdate/ocx/15113/CTPIDPDE.cab
DPF: {F6962361-AD4A-4897-A356-3E10A15A102C} - hxxps://conference.teletech.com/client/T27LD/webex/ieatgpc1.cab
DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} - hxxp://ccfiles.creative.com/Web/softwareupdate/ocx/110926/CTPID.cab
TCP: NameServer = 209.18.47.61 209.18.47.62
TCP: Interfaces\{0791C761-C522-4749-AFEF-8CEEE0834913} : DHCPNameServer = 209.18.47.61 209.18.47.62
TCP: Interfaces\{C9B8179D-8EF7-4B98-98B1-141461FB6E8C} : DHCPNameServer = 209.18.47.61 209.18.47.62
TCP: Interfaces\{C9B8179D-8EF7-4B98-98B1-141461FB6E8C}\C496E6B637973754874756E64656270333634363 : DHCPNameServer = 192.168.1.1
TCP: Interfaces\{C9B8179D-8EF7-4B98-98B1-141461FB6E8C}\C696E6B63797370256874756E6465627 : DHCPNameServer = 192.168.1.1
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
Handler: belarc - {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - C:\Program Files (x86)\Belarc\BelarcAdvisor\System\BAVoilaX.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll
Handler: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
Notify: FastAccess - C:\Program Files (x86)\Sensible Vision\Fast Access\FALogNot.dll
AppInit_DLLs= C:\Windows\SysWOW64\nvinit.dll
SSODL: WebCheck - <orphaned>
LSA: Notification Packages =  scecli FAPassSync
LSA: Security Packages =  kerberos msv1_0 schannel wdigest tspkg pku2u livessp wsauth
x64-BHO: RoboForm Toolbar Helper: {724d43a9-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboForm-x64.dll
x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
x64-BHO: Skype Click to Call for Internet Explorer: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll
x64-BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL
x64-BHO: Face recognition web login for FastAccess: {DA5BCE70-D057-4D63-943D-5F3927EC59F1} - C:\Program Files (x86)\Sensible Vision\Fast Access\x64\FAIESSO.dll
x64-BHO: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
x64-TB: &RoboForm Toolbar: {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboForm-x64.dll
x64-Run: [RTHDVCPL] C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe -s
x64-Run: [MSC] "c:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey
x64-Run: [IgfxTray] "C:\Windows\System32\igfxtray.exe"
x64-Run: [HotKeysCmds] "C:\Windows\System32\hkcmd.exe"
x64-Run: [Persistence] "C:\Windows\System32\igfxpers.exe"
x64-IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll
x64-IE: {320AF880-6646-11D3-ABEE-C5DBF3571F46} - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboForm-x64.dll
x64-IE: {320AF880-6646-11D3-ABEE-C5DBF3571F49} - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboForm-x64.dll
x64-IE: {724d43aa-0d85-11d4-9908-00400523e39a} - {724d43aa-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboForm-x64.dll
x64-IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
x64-IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll
x64-IE: {A95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\Program Files (x86)\Evernote\Evernote\EvernoteIERes\AddNote.html
x64-DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_27-windows-i586.cab
x64-DPF: {CAFEEFAC-0016-0000-0027-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_27-windows-i586.cab
x64-DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_27-windows-i586.cab
x64-Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
x64-Handler: belarc - {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - <orphaned>
x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned>
x64-Handler: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll
x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned>
x64-Notify: igfxcui - igfxdev.dll
x64-SSODL: WebCheck - <orphaned>
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\TheMills\AppData\Roaming\Mozilla\Firefox\Profiles\f7je90h8.default\
FF - prefs.js: browser.startup.homepage - about:home
FF - plugin: C:\PROGRA~2\MICROS~3\Office14\NPAUTHZ.DLL
FF - plugin: C:\PROGRA~2\MICROS~3\Office14\NPSPWRAP.DLL
FF - plugin: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll
FF - plugin: C:\Program Files (x86)\Amazon\MP3 Downloader\npAmazonMP3DownloaderPlugin1017325.dll
FF - plugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Java\jre7\bin\dtplugin\npdeployJava1.dll
FF - plugin: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll
FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrlui.dll
FF - plugin: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll
FF - plugin: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll
FF - plugin: C:\Program Files (x86)\Virtual Earth 3D\npVE3D.dll
FF - plugin: C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll
FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: C:\Users\TheMills\AppData\Local\Citrix\Plugins\104\npappdetector.dll
FF - plugin: C:\Users\TheMills\AppData\Local\Google\Update\1.3.25.11\npGoogleUpdate3.dll
FF - plugin: C:\Users\TheMills\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_15_0_0_246.dll
.
============= SERVICES / DRIVERS ===============
.
R0 MpFilter;Microsoft Malware Protection Driver;C:\Windows\System32\drivers\MpFilter.sys [2014-7-17 269008]
R0 nvpciflt;nvpciflt;C:\Windows\System32\drivers\nvpciflt.sys [2012-1-8 25960]
R0 PxHlpa64;PxHlpa64;C:\Windows\System32\drivers\PxHlpa64.sys [2012-1-8 55856]
R2 AdobeActiveFileMonitor9.0;Adobe Active File Monitor V9;C:\Program Files (x86)\Adobe\Elements 9 Organizer\PhotoshopElementsFileAgent.exe [2010-9-30 169408]
R2 AERTFilters;Andrea RT Filters Service;C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe [2012-1-8 98208]
R2 Atheros Bt&Wlan Coex Agent;Atheros Bt&Wlan Coex Agent;C:\Program Files (x86)\Dell Wireless\Ath_CoexAgent.exe [2012-1-8 135168]
R2 AtherosSvc;AtherosSvc;C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\AdminService.exe [2011-3-31 77984]
R2 c2cautoupdatesvc;Skype Click to Call Updater;C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [2014-7-14 1390176]
R2 c2cpnrsvc;Skype Click to Call PNR Service;C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [2014-7-14 1767520]
R2 cpextender;Check Point SSL Network Extender;C:\Program Files (x86)\CheckPoint\SSL Network Extender\slimsvc.exe [2014-2-19 368280]
R2 Dell WMI Service;Dell WMI Service;C:\Program Files (x86)\DELL\DELLOSD\DellOSDService.exe [2012-1-8 98304]
R2 EPSON_EB_RPCV4_04;EPSON V5 Service4(04);C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_S50STB.EXE [2012-3-7 166400]
R2 EPSON_PM_RPCV4_04;EPSON V3 Service4(04);C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_S50RPB.EXE [2012-3-7 128512]
R2 FAService;FAService;C:\Program Files (x86)\Sensible Vision\Fast Access\FAService.exe [2011-8-19 2451440]
R2 Fitbit Connect;Fitbit Connect Service;C:\Program Files (x86)\Fitbit Connect\FitbitConnectService.exe [2013-2-25 1239584]
R2 Garmin Core Update Service;Garmin Core Update Service;C:\Program Files (x86)\Garmin\Core Update Service\Garmin.Cartography.MapUpdate.CoreService.exe [2014-8-7 438616]
R2 GsServer;GoodSync Server;C:\Program Files\Siber Systems\GoodSync\Gs-Server.exe [2012-3-5 4975792]
R2 MemeoBackgroundService;MemeoBackgroundService;C:\Program Files (x86)\Memeo\AutoBackup\MemeoBackgroundService.exe [2012-11-21 26496]
R2 NAUpdate;Nero Update;C:\Program Files (x86)\Nero\Update\NASvc.exe [2011-11-25 687400]
R2 NisDrv;Microsoft Network Inspection System;C:\Windows\System32\drivers\NisDrvWFP.sys [2014-3-11 125584]
R2 NOBU;Dell DataSafe Online;C:\Program Files (x86)\DELL\Dell Datasafe Online\NOBuAgent.exe [2010-8-25 2823000]
R2 OSDSvc;ChiconyOSDService;C:\Program Files (x86)\DELL\Dell KM632 Wireless Keyboard Caps Lock Indicator\OSDSrv.exe [2012-1-8 176128]
R2 SeagateDashboardService;Seagate Dashboard Service;C:\Program Files (x86)\Seagate\Seagate Dashboard\SeagateDashboardService.exe [2011-6-1 14088]
R2 SftService;SoftThinks Agent Service;C:\Program Files (x86)\Dell DataSafe Local Backup\SftService.exe [2012-1-8 1692480]
R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2013-8-9 413472]
R2 UNS;Intel® Management and Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2012-1-8 2656280]
R2 wsnm;VMware View Client;C:\Program Files\VMware\VMware View\Client\bin\wsnm.exe [2012-3-2 494192]
R2 wsnm_usbctrl;VMware View USB Control;C:\Program Files\VMware\VMware View\Client\bin\wsnm_usbctrl.exe [2012-3-2 1125488]
R3 AthBTPort;Atheros Virtual Bluetooth Class;C:\Windows\System32\drivers\btath_flt.sys [2011-3-31 36000]
R3 BTATH_A2DP;Bluetooth A2DP Audio Driver;C:\Windows\System32\drivers\btath_a2dp.sys [2011-3-31 298656]
R3 BTATH_BUS;Atheros Bluetooth Bus;C:\Windows\System32\drivers\btath_bus.sys [2011-3-31 28832]
R3 BTATH_HCRP;Bluetooth HCRP Server driver;C:\Windows\System32\drivers\btath_hcrp.sys [2011-3-31 201376]
R3 BTATH_LWFLT;Bluetooth LWFLT Device;C:\Windows\System32\drivers\btath_lwflt.sys [2011-3-31 55456]
R3 BTATH_RCP;Bluetooth AVRCP Device;C:\Windows\System32\drivers\btath_rcp.sys [2011-3-31 154272]
R3 BtFilter;BtFilter;C:\Windows\System32\drivers\btfilter.sys [2012-1-8 281248]
R3 CtClsFlt;Creative Camera Class Upper Filter Driver;C:\Windows\System32\drivers\CtClsFlt.sys [2012-1-8 176096]
R3 dfmirage;dfmirage;C:\Windows\System32\drivers\dfmirage.sys [2014-9-5 36432]
R3 NisSrv;Microsoft Network Inspection;C:\Program Files\Microsoft Security Client\NisSrv.exe [2014-8-22 368624]
R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\System32\drivers\Rt64win7.sys [2011-6-10 539240]
R3 vmwvusb;VMware View Generic USB Driver;C:\Windows\System32\drivers\vmwvusb.sys [2014-9-5 48240]
R3 VNA;Check Point Virtual Network Adapter;C:\Windows\System32\drivers\vna.sys [2014-2-19 161256]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2013-9-11 105144]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2013-9-11 124088]
S2 RoxWatch12;Roxio Hard Drive Watcher 12;C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatch12OEM.exe [2010-11-25 219632]
S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2013-10-23 172192]
S3 cricut;cricut;C:\Windows\System32\drivers\cricut_x64.sys [2013-5-15 72248]
S3 DCDhcpService;DCDhcpService;C:\Program Files (x86)\Atheros Direct Connect\DCDhcpService.exe [2012-1-8 100352]
S3 FACAP;facap, FastAccess Video Capture;C:\Windows\System32\drivers\facap.sys [2008-9-24 238848]
S3 fssfltr;fssfltr;C:\Windows\System32\drivers\fssfltr.sys [2013-10-15 57840]
S3 fsssvc;Windows Live Family Safety Service;C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe [2014-3-31 1512640]
S3 GamesAppService;GamesAppService;C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe [2010-10-12 206072]
S3 IEEtwCollectorService;Internet Explorer ETW Collector Service;C:\Windows\System32\ieetwcollector.exe [2014-12-10 114688]
S3 Impcd;Impcd;C:\Windows\System32\drivers\Impcd.sys [2012-1-8 158976]
S3 ISWKLP;ISWKLP;C:\Windows\System32\drivers\ISWKLP.sys [2014-9-5 43368]
S3 mini;mini;C:\Windows\System32\drivers\mini_x64.sys [2012-4-18 70672]
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;C:\Windows\System32\drivers\rdpvideominiport.sys [2014-11-11 19456]
S3 RoxMediaDB12OEM;RoxMediaDB12OEM;C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxMediaDB12OEM.exe [2010-11-25 1116656]
S3 RSUSBVSTOR;RtsUVStor.Sys Realtek USB Card Reader;C:\Windows\System32\drivers\RtsUVStor.sys [2012-1-8 311400]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2014-11-11 56832]
S3 TsUsbGD;Remote Desktop Generic USB Device;C:\Windows\System32\drivers\TsUsbGD.sys [2014-11-11 30208]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2012-3-7 1255736]
S3 WSDScan;WSD Scan Support via UMB;C:\Windows\System32\drivers\WSDScan.sys [2009-7-13 25088]
.
=============== Created Last 30 ================
.
2015-01-14 15:15:30 1188440 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{94DF0FD2-89F5-4603-8751-E7D5D1817894}\gapaengine.dll
2015-01-14 15:15:09 11870360 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{51499EA8-BB0B-44BB-BD2A-F9B8BFA30C6B}\mpengine.dll
2015-01-13 04:56:24 1188440 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{8769418A-BF66-4652-9ECB-0C6303B1DAC7}\gapaengine.dll
2015-01-13 04:55:30 11870360 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2015-01-07 22:09:58 -------- d--h--w- C:\OneDriveTemp
2015-01-07 21:40:15 -------- d-----r- C:\Users\TheMills\OneDrive
2015-01-05 03:28:32 38056472 ----a-w- C:\Users\TheMills\mds_2_3_10_quiet_update.exe
2015-01-05 03:27:20 -------- d-----w- C:\Users\TheMills\.swt
2015-01-05 03:14:41 -------- d-----w- C:\Program Files (x86)\My Digital Studio
2014-12-18 19:00:45 115712 ----a-w- C:\Windows\SysWow64\ieUnatt.exe
2014-12-18 19:00:22 144384 ----a-w- C:\Windows\System32\ieUnatt.exe
.
==================== Find3M  ====================
.
2015-01-14 00:42:14 71344 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2015-01-14 00:42:14 701616 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
2014-12-31 11:14:31 298120 ------w- C:\Windows\System32\MpSigStub.exe
2014-12-04 02:50:55 413184 ----a-w- C:\Windows\System32\generaltel.dll
2014-12-04 02:50:45 741376 ----a-w- C:\Windows\System32\invagent.dll
2014-12-04 02:50:40 396800 ----a-w- C:\Windows\System32\devinv.dll
2014-12-04 02:50:38 830976 ----a-w- C:\Windows\System32\appraiser.dll
2014-12-04 02:50:37 227328 ----a-w- C:\Windows\System32\aepdu.dll
2014-12-04 02:50:37 192000 ----a-w- C:\Windows\System32\aepic.dll
2014-12-04 02:44:48 1083392 ----a-w- C:\Windows\System32\aeinv.dll
2014-12-01 23:28:44 1232040 ----a-w- C:\Windows\System32\aitstatic.exe
2014-11-22 03:06:23 2724864 ----a-w- C:\Windows\System32\mshtml.tlb
2014-11-22 03:06:11 4096 ----a-w- C:\Windows\System32\ieetwcollectorres.dll
2014-11-22 02:50:39 66560 ----a-w- C:\Windows\System32\iesetup.dll
2014-11-22 02:50:10 580096 ----a-w- C:\Windows\System32\vbscript.dll
2014-11-22 02:49:54 48640 ----a-w- C:\Windows\System32\ieetwproxystub.dll
2014-11-22 02:48:20 88064 ----a-w- C:\Windows\System32\MshtmlDac.dll
2014-11-22 02:35:29 114688 ----a-w- C:\Windows\System32\ieetwcollector.exe
2014-11-22 02:34:51 814080 ----a-w- C:\Windows\System32\jscript9diag.dll
2014-11-22 02:34:07 6039552 ----a-w- C:\Windows\System32\jscript9.dll
2014-11-22 02:26:31 968704 ----a-w- C:\Windows\System32\MsSpellCheckingFacility.exe
2014-11-22 02:20:44 2724864 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2014-11-22 02:14:16 77824 ----a-w- C:\Windows\System32\JavaScriptCollectionAgent.dll
2014-11-22 02:07:43 501248 ----a-w- C:\Windows\SysWow64\vbscript.dll
2014-11-22 02:07:17 62464 ----a-w- C:\Windows\SysWow64\iesetup.dll
2014-11-22 02:06:32 47616 ----a-w- C:\Windows\SysWow64\ieetwproxystub.dll
2014-11-22 02:05:02 64000 ----a-w- C:\Windows\SysWow64\MshtmlDac.dll
2014-11-22 01:54:30 620032 ----a-w- C:\Windows\SysWow64\jscript9diag.dll
2014-11-22 01:47:10 1359360 ----a-w- C:\Windows\System32\mshtmlmedia.dll
2014-11-22 01:46:58 2125312 ----a-w- C:\Windows\System32\inetcpl.cpl
2014-11-22 01:40:04 60416 ----a-w- C:\Windows\SysWow64\JavaScriptCollectionAgent.dll
2014-11-22 01:29:26 4299264 ----a-w- C:\Windows\SysWow64\jscript9.dll
2014-11-22 01:28:21 2358272 ----a-w- C:\Windows\System32\wininet.dll
2014-11-22 01:22:49 2052096 ----a-w- C:\Windows\SysWow64\inetcpl.cpl
2014-11-22 01:21:57 1155072 ----a-w- C:\Windows\SysWow64\mshtmlmedia.dll
2014-11-22 01:00:20 1888256 ----a-w- C:\Windows\SysWow64\wininet.dll
2014-11-19 09:31:16 1217192 ----a-w- C:\Windows\SysWow64\FM20.DLL
2014-11-11 03:09:06 1424384 ----a-w- C:\Windows\System32\WindowsCodecs.dll
2014-11-11 03:08:52 241152 ----a-w- C:\Windows\System32\pku2u.dll
2014-11-11 03:08:48 728064 ----a-w- C:\Windows\System32\kerberos.dll
2014-11-11 02:44:45 1230336 ----a-w- C:\Windows\SysWow64\WindowsCodecs.dll
2014-11-11 02:44:32 186880 ----a-w- C:\Windows\SysWow64\pku2u.dll
2014-11-11 02:44:25 550912 ----a-w- C:\Windows\SysWow64\kerberos.dll
2014-11-11 01:46:26 119296 ----a-w- C:\Windows\System32\drivers\tdx.sys
2014-11-08 03:16:08 2048 ----a-w- C:\Windows\System32\tzres.dll
2014-11-08 02:45:09 2048 ----a-w- C:\Windows\SysWow64\tzres.dll
2014-10-30 02:03:43 165888 ----a-w- C:\Windows\System32\charmap.exe
2014-10-30 01:45:43 155136 ----a-w- C:\Windows\SysWow64\charmap.exe
2014-10-25 01:57:59 77824 ----a-w- C:\Windows\System32\packager.dll
2014-10-25 01:32:37 67584 ----a-w- C:\Windows\SysWow64\packager.dll
2014-10-22 05:32:29 98216 ----a-w- C:\Windows\SysWow64\WindowsAccessBridge-32.dll
2014-10-18 02:05:23 861696 ----a-w- C:\Windows\System32\oleaut32.dll
2014-10-18 02:05:21 4121600 ----a-w- C:\Windows\System32\mf.dll
2014-10-18 01:33:18 571904 ----a-w- C:\Windows\SysWow64\oleaut32.dll
2014-10-18 01:33:13 3209728 ----a-w- C:\Windows\SysWow64\mf.dll
.
============= FINISH: 11:03:29.74 ===============
 

Attached Files



BC AdBot (Login to Remove)

 


#2 deeprybka

deeprybka

  • Malware Response Team
  • 5,198 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:07:05 AM

Posted 14 January 2015 - 11:52 AM

Hi & :welcome: to Bleeping Computer Forums!
My name is Jürgen and I will be assisting you with your Malware related problems.

Before we move on, please read the following points carefully: :exclame:
  • My native language isn't English. So please do not use slang or idioms. It could be hard for me to read. Thanks for your understanding.
  • Please read my instructions completely. If there is anything that you do not understand kindly ask before proceeding.
  • Perform everything in the correct order. Sometimes one step requires the previous one.
  • If you have any problems while you are follow my instructions, Stop there and tell me the exact nature of your problem.
  • Do not run any other scans without instruction or Add/ Remove Software unless I tell you to do so. This would change the output of our tools and could be confusing for me.
  • Post all Logfiles as a reply rather than as an attachment unless I specifically ask you. If you can not post all logfiles in one reply, feel free to use more posts.
  • If I don't hear from you within 5 days from this initial or any subsequent post, then this thread will be closed.
  • If I don't reply within 24 hours please PM me!
  • Stay with me. I will give you some advice about prevention after the cleanup process. Absence of symptoms does not always mean the computer is clean.
Step 1

Please run a FRST scan. This will help us diagnose your problem.

frst.pngfrstscan.png
Please download Farbar Recovery Scan Tool and save it to your Desktop.
(If you are not sure which version (32-/64-bit) applies to your system, download and try to start both of them as just the right one will run.)
  • Start FRST with administator privileges.
  • Make sure the option Addition.txt is checked and press the Scan button.
  • When finished, FRST will produce two logs (FRST.txt and Addition.txt) in the same directory the tool was run from.
  • Please copy and paste these logs in your next reply.
Step 2

Please download 51a612a8b27e2-Zoek.pngZOEK by Smeenk and save it to your desktop (preferred version is the *.exe one)
Temporary disable your AntiVirus and AntiSpyware protection - instructions here.
  • Right-click on 51a612a8b27e2-Zoek.png icon and select RunAsAdmin.jpg Run as Administrator to start the tool.
  • Wait patiently until the main console will appear, it may take a minute or two.
  • In the main box please paste in the following script:
    process;
    services-list;
    systemspecs;
    startupall;
    filesrcm;
    
  • Make sure that Scan All Users option is checked.
  • Push Run Script and wait patiently. The scan may take a couple of minutes.
  • When the scan completes, a zoek-results logfile should open in notepad.
  • If a reboot is needed, it will be opened after it. You may also find it at your main drive (usually C:\ drive)
Post its content into your next reply.
regards,
deeprybka
:busy:
Neminem laede, immo omnes, quantum potes, iuva. Arthur Schopenhauer
 
unite_blue.png
asap.png

#3 TxBrandi

TxBrandi
  • Topic Starter

  • Members
  • 24 posts
  • OFFLINE
  •  
  • Local time:12:05 AM

Posted 14 January 2015 - 12:18 PM

Thank you very much for helping! I hope I am able to follow your directions correctly! Here are the items from your step 1 above (FRST & Addition. I will post this and then move on to step 2.

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 12-01-2015 02
Ran by TheMills (administrator) on MILLSDESKTOP on 14-01-2015 12:08:51
Running from C:\Users\TheMills\Desktop
Loaded Profile: TheMills (Available profiles: UpdatusUser & TheMills & Charles)
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: English (United States)
Internet Explorer Version 11 (Default browser: IE)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(Sensible Vision ) C:\Program Files (x86)\Sensible Vision\Fast Access\FAService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\NvXDSync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Microsoft Corporation) C:\Windows\System32\wisptis.exe
(Microsoft Corporation) C:\Windows\System32\wisptis.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(SEIKO EPSON CORPORATION) C:\Program Files (x86)\Common Files\EPSON\EBAPI\eEBSvc.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Elements 9 Organizer\PhotoshopElementsFileAgent.exe
(Andrea Electronics Corporation) C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Atheros) C:\Program Files (x86)\Dell Wireless\Ath_CoexAgent.exe
(Atheros Commnucations) C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\AdminService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe
(Check Point Software Technologies) C:\Program Files (x86)\CheckPoint\SSL Network Extender\slimsvc.exe
() C:\Program Files (x86)\DELL\DELLOSD\DellOSDService.exe
() C:\Program Files (x86)\DELL\DELLOSD\TestDispChangedEvent.exe
(SEIKO EPSON CORPORATION) C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_S50STB.EXE
(SEIKO EPSON CORPORATION) C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_S50RPB.EXE
(Fitbit, Inc.) C:\Program Files (x86)\Fitbit Connect\FitbitConnectService.exe
(Garmin Ltd or its subsidiaries) C:\Program Files (x86)\Garmin\Core Update Service\Garmin.Cartography.MapUpdate.CoreService.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Garmin Ltd or its subsidiaries) C:\Program Files (x86)\Garmin\Express Tray\ExpressTray.exe
(Google Inc.) C:\Users\TheMills\AppData\Local\Programs\Google\MusicManager\MusicManager.exe
(Fitbit, Inc.) C:\Program Files (x86)\Fitbit Connect\Fitbit Connect.exe
(Siber Systems) C:\Program Files (x86)\Siber Systems\AI RoboForm\robotaskbaricon.exe
(Microsoft Corporation) C:\Users\TheMills\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe
(Microsoft Corporation) C:\Windows\System32\regsvr32.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
() C:\Program Files (x86)\DELL\DELLOSD\FastUserSwitching.exe
() C:\Program Files (x86)\DELL\Dell KM632 Wireless Keyboard Caps Lock Indicator\LaunchOSDSrv.exe
(Dropbox, Inc.) C:\Users\TheMills\AppData\Roaming\Dropbox\bin\Dropbox.exe
(Sensible Vision ) C:\Program Files (x86)\Sensible Vision\Fast Access\FATrayMon.exe
() C:\Program Files (x86)\Dell Stage\Dell Stage\AccuWeather\accuweather.exe
() C:\Program Files (x86)\DELL\DELLOSD\MediaButtons.exe
(SEIKO EPSON CORPORATION) C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe
(Sensible Vision ) C:\Program Files (x86)\Sensible Vision\Fast Access\FATrayAlert.exe
(DELL COMPUTER INC.) C:\Program Files (x86)\DELL\DELLOSD\DELLOSD.exe
(Microsoft Corporation) C:\Windows\SysWOW64\regsvr32.exe
(SEIKO EPSON CORPORATION) C:\Program Files (x86)\Epson Software\FAX Utility\FUFAXSTM.exe
(Sensible Vision) C:\Program Files (x86)\Sensible Vision\Fast Access\Vendor\FastAccessChatAssist.exe
() C:\Program Files (x86)\dcmsvc\dcmsvc.exe
(Memeo) C:\Program Files (x86)\Seagate\Seagate Dashboard\MemeoDashboard.exe
() C:\Program Files\Siber Systems\GoodSync\Gs-Server.exe
(Memeo) C:\Program Files (x86)\Memeo\AutoBackup\MemeoBackgroundService.exe
() C:\Program Files (x86)\Memeo\AutoBackup\InstantBackup.exe
(Dell, Inc.) C:\Program Files (x86)\DELL\Dell Datasafe Online\NOBuAgent.exe
(Chicony) C:\Program Files (x86)\DELL\Dell KM632 Wireless Keyboard Caps Lock Indicator\OSDSrv.exe
(Protexis Inc.) C:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe
(DELL) C:\Program Files (x86)\DELL\Dell KM632 Wireless Keyboard Caps Lock Indicator\IndicatorOSD.exe
(Memeo) C:\Program Files (x86)\Seagate\Seagate Dashboard\SeagateDashboardService.exe
(SoftThinks SAS) C:\Program Files (x86)\Dell DataSafe Local Backup\SftService.exe
(SEIKO EPSON CORPORATION) C:\Windows\SysWOW64\SAgent4.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(SoftThinks - Dell) C:\Program Files (x86)\Dell DataSafe Local Backup\Toaster.exe
(SoftThinks - Dell) C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpd.exe
(VMware, Inc.) C:\Program Files\VMware\VMware View\Client\bin\wsnm.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(VMware, Inc.) C:\Program Files\VMware\VMware View\Client\bin\wsnm_usbctrl.exe
() C:\Program Files (x86)\Dell DataSafe Local Backup\Components\Scheduler\STService.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\NisSrv.exe
(Axentra Corporation) C:\Program Files (x86)\Seagate\Seagate Dashboard\HipServAgent\HipServAgent.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\ink\InputPersonalization.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Mozilla Foundation) C:\Program Files (x86)\Adobe\Elements 9 Organizer\Mozilla\updater.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(Nero AG) C:\Program Files (x86)\Nero\Update\NASvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
(Microsoft Corporation) C:\Program Files (x86)\Windows Live\Mail\wlmail.exe
(Microsoft Corporation) C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
(Microsoft Corporation) C:\Windows\System32\taskmgr.exe
(PC-Doctor, Inc.) C:\Program Files\My Dell\uaclauncher.exe
(Google Inc.) C:\Users\TheMills\AppData\LocalLow\Temp\eezredtglcs\Tyqxlrhfp\vlvfbmxlyv.exe
(Google Inc.) C:\Users\TheMills\AppData\LocalLow\Temp\eezredtglcs\Tyqxlrhfp\vlvfbmxlyv.exe
(Google Inc.) C:\Users\TheMills\AppData\LocalLow\Temp\eezredtglcs\Tyqxlrhfp\vlvfbmxlyv.exe
(Google Inc.) C:\Users\TheMills\AppData\LocalLow\Temp\eezredtglcs\Tyqxlrhfp\vlvfbmxlyv.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Adobe Systems Incorporated) C:\Windows\System32\Macromed\Flash\FlashUtil64_16_0_0_257_ActiveX.exe
(Microsoft Corporation) C:\Windows\splwow64.exe
(Google Inc.) C:\Users\TheMills\AppData\LocalLow\Temp\eezredtglcs\Tyqxlrhfp\vlvfbmxlyv.exe
(Google Inc.) C:\Users\TheMills\AppData\LocalLow\Temp\eezredtglcs\Tyqxlrhfp\vlvfbmxlyv.exe
(Google Inc.) C:\Users\TheMills\AppData\LocalLow\Temp\eezredtglcs\Tyqxlrhfp\vlvfbmxlyv.exe
(Google Inc.) C:\Users\TheMills\AppData\LocalLow\Temp\eezredtglcs\Tyqxlrhfp\vlvfbmxlyv.exe
(Google Inc.) C:\Users\TheMills\AppData\LocalLow\Temp\eezredtglcs\Tyqxlrhfp\vlvfbmxlyv.exe
(Google Inc.) C:\Users\TheMills\AppData\LocalLow\Temp\eezredtglcs\Tyqxlrhfp\vlvfbmxlyv.exe
(Google Inc.) C:\Users\TheMills\AppData\LocalLow\Temp\eezredtglcs\Tyqxlrhfp\vlvfbmxlyv.exe
(Google Inc.) C:\Users\TheMills\AppData\LocalLow\Temp\eezredtglcs\Tyqxlrhfp\vlvfbmxlyv.exe
(Google Inc.) C:\Users\TheMills\AppData\LocalLow\Temp\eezredtglcs\Tyqxlrhfp\vlvfbmxlyv.exe
(Google Inc.) C:\Users\TheMills\AppData\LocalLow\Temp\eezredtglcs\Tyqxlrhfp\vlvfbmxlyv.exe
(Google Inc.) C:\Users\TheMills\AppData\LocalLow\Temp\eezredtglcs\Tyqxlrhfp\vlvfbmxlyv.exe
(Google Inc.) C:\Users\TheMills\AppData\LocalLow\Temp\eezredtglcs\Tyqxlrhfp\vlvfbmxlyv.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [7214696 2011-05-25] (Realtek Semiconductor)
HKLM\...\Run: [MSC] => c:\Program Files\Microsoft Security Client\msseces.exe [1331288 2014-08-22] (Microsoft Corporation)
HKLM-x32\...\Run: [DELLOSD] => C:\Program Files (x86)\DELL\DELLOSD\FastUserSwitching.exe [49152 2010-12-06] ()
HKLM-x32\...\Run: [Chicony_OSD] => C:\Program Files (x86)\Dell\Dell KM632 Wireless Keyboard Caps Lock Indicator\LaunchOSDSrv.exe [53248 2011-01-12] ()
HKLM-x32\...\Run: [StickyNotesWidget] => c:\Program Files (x86)\Dell Touch Software Suite\StickyNotes\notes_startup_widgets.exe [666344 2011-03-18] ()
HKLM-x32\...\Run: [FATrayAlert] => C:\Program Files (x86)\Sensible Vision\Fast Access\FATrayMon.exe [96240 2011-08-19] (Sensible Vision )
HKLM-x32\...\Run: [FAStartup] => [X]
HKLM-x32\...\Run: [RoxWatchTray] => C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatchTray12OEM.exe [240112 2010-11-25] (Sonic Solutions)
HKLM-x32\...\Run: [AccuWeatherWidget] => C:\Program Files (x86)\Dell Stage\Dell Stage\AccuWeather\accuweather.exe [968048 2012-02-01] ()
HKLM-x32\...\Run: [EEventManager] => C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe [976320 2009-12-03] (SEIKO EPSON CORPORATION)
HKLM-x32\...\Run: [FUFAXSTM] => C:\Program Files (x86)\Epson Software\FAX Utility\FUFAXSTM.exe [847872 2009-12-03] (SEIKO EPSON CORPORATION)
HKLM-x32\...\Run: [Memeo Instant Backup] => C:\Program Files (x86)\Memeo\AutoBackup\MemeoLauncher2.exe [137088 2012-11-21] (Memeo Inc.)
HKLM-x32\...\Run: [Memeo AutoSync] => C:\Program Files (x86)\Memeo\AutoSync\MemeoLauncher2.exe [144608 2011-05-04] (Memeo Inc.)
HKLM-x32\...\Run: [Seagate Dashboard] => C:\Program Files (x86)\Seagate\Seagate Dashboard\MemeoLauncher.exe [79112 2011-06-01] ()
HKLM-x32\...\Run: [dcmsvc] => C:\Program Files (x86)\dcmsvc\dcmsvc.exe [30440 2009-04-07] ()
HKLM-x32\...\Run: [Fitbit Connect] => C:\Program Files (x86)\Fitbit Connect\Fitbit Connect.exe [3093024 2013-02-25] (Fitbit, Inc.)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [271744 2014-09-26] (Oracle Corporation)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
Winlogon\Notify\FastAccess-x32: C:\Program Files (x86)\Sensible Vision\Fast Access\FALogNot.dll (Sensible Vision )
HKU\S-1-5-21-1973055484-1563379939-3891434950-1001\...\Run: [Google Update] => C:\Users\TheMills\AppData\Local\Google\Update\GoogleUpdate.exe [116648 2013-05-02] (Google Inc.)
HKU\S-1-5-21-1973055484-1563379939-3891434950-1001\...\Run: [GarminExpressTrayApp] => C:\Program Files (x86)\Garmin\Express Tray\ExpressTray.exe [688984 2014-08-07] (Garmin Ltd or its subsidiaries)
HKU\S-1-5-21-1973055484-1563379939-3891434950-1001\...\Run: [MusicManager] => C:\Users\TheMills\AppData\Local\Programs\Google\MusicManager\MusicManager.exe [7475200 2014-11-13] (Google Inc.)
HKU\S-1-5-21-1973055484-1563379939-3891434950-1001\...\Run: [Fitbit Connect] => C:\Program Files (x86)\Fitbit Connect\Fitbit Connect.exe [3093024 2013-02-25] (Fitbit, Inc.)
HKU\S-1-5-21-1973055484-1563379939-3891434950-1001\...\Run: [RoboForm] => C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe [109784 2014-08-13] (Siber Systems)
HKU\S-1-5-21-1973055484-1563379939-3891434950-1001\...\Run: [3D70DC1269DB14D748698F73CDF518823E0DB99A._service_run] => "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=service
HKU\S-1-5-21-1973055484-1563379939-3891434950-1001\...\Run: [SkyDrive] => C:\Users\TheMills\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe [277672 2015-01-07] (Microsoft Corporation)
HKU\S-1-5-21-1973055484-1563379939-3891434950-1001\...\Run: [Lmbbszgsc] => regsvr32.exe /s "C:\Users\TheMills\AppData\Local\{CF5ACE5A-F84D-46BD-B183-75934EFC9B5B}\Lmbbszgsc.dll" <===== ATTENTION
HKU\S-1-5-21-1973055484-1563379939-3891434950-1001\...\RunOnce: [Uninstall C:\Users\TheMills\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\amd64] => C:\Windows\system32\cmd.exe /q /c rmdir /s /q "C:\Users\TheMills\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\amd64"
HKU\S-1-5-21-1973055484-1563379939-3891434950-1001\...\RunOnce: [Uninstall C:\Users\TheMills\AppData\Local\Microsoft\SkyDrive\17.0.4024.1220\amd64] => C:\Windows\system32\cmd.exe /q /c rmdir /s /q "C:\Users\TheMills\AppData\Local\Microsoft\SkyDrive\17.0.4024.1220\amd64"
HKU\S-1-5-21-1973055484-1563379939-3891434950-1001\...\RunOnce: [Uninstall C:\Users\TheMills\AppData\Local\Microsoft\SkyDrive\17.0.4035.0328\amd64] => C:\Windows\system32\cmd.exe /q /c rmdir /s /q "C:\Users\TheMills\AppData\Local\Microsoft\SkyDrive\17.0.4035.0328\amd64"
HKU\S-1-5-21-1973055484-1563379939-3891434950-1001\...\MountPoints2: {77a63ca4-9554-11e1-82fe-e4d53d778e6a} - E:\LaunchU3.exe -a
HKU\S-1-5-21-1973055484-1563379939-3891434950-1001\...\MountPoints2: {b8444a7c-686e-11e1-8053-e4d53d778e6a} - E:\LaunchU3.exe -a
HKU\S-1-5-18\...\Run: [GarminExpressTrayApp] => C:\Program Files (x86)\Garmin\Express Tray\ExpressTray.exe [688984 2014-08-07] (Garmin Ltd or its subsidiaries)
AppInit_DLLs: C:\Windows\system32\nvinitx.dll => C:\Windows\system32\nvinitx.dll [266448 2013-08-27] (NVIDIA Corporation)
AppInit_DLLs-x32: C:\Windows\SysWOW64\nvinit.dll => C:\Windows\SysWOW64\nvinit.dll [214960 2013-08-27] (NVIDIA Corporation)
Lsa: [Notification Packages] scecli FAPassSync
Startup: C:\Users\TheMills\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk -> C:\Users\TheMills\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKU\S-1-5-21-1973055484-1563379939-3891434950-1001\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.bing.com/
SearchScopes: HKLM -> {49606DC7-976D-4030-A74E-9FB5C842FA68} URL = http://www.bing.com/search?q={searchTerms}&form=DLCDF8&pc=MDDC&src=IE-SearchBox
SearchScopes: HKLM-x32 -> {49606DC7-976D-4030-A74E-9FB5C842FA68} URL = http://www.bing.com/search?q={searchTerms}&form=DLCDF8&pc=MDDC&src=IE-SearchBox
SearchScopes: HKU\S-1-5-21-1973055484-1563379939-3891434950-1001 -> {103ff47a-deeb-4445-b593-e774cb8f2867} URL = http://isearch.shopathome.com?user_id={029b4ec9-8ef6-41fb-ba1b-b14fd9be451c}&q={searchTerms}
SearchScopes: HKU\S-1-5-21-1973055484-1563379939-3891434950-1001 -> {49606DC7-976D-4030-A74E-9FB5C842FA68} URL =
SearchScopes: HKU\S-1-5-21-1973055484-1563379939-3891434950-1001 -> {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL =
BHO: RoboForm Toolbar Helper -> {724d43a9-0d85-11d4-9908-00400523e39a} -> C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboForm-x64.dll (Siber Systems Inc.)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Microsoft Corporation)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO: Face recognition web login for FastAccess -> {DA5BCE70-D057-4D63-943D-5F3927EC59F1} -> C:\Program Files (x86)\Sensible Vision\Fast Access\x64\FAIESSO.dll (Sensible Vision )
BHO: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
BHO-x32: RoboForm Toolbar Helper -> {724d43a9-0d85-11d4-9908-00400523e39a} -> C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.)
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: CIESpeechBHO Class -> {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} -> C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\IEPlugIn.dll (Atheros Commnucations)
BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Evernote extension -> {92EF2EAD-A7CE-4424-B0DB-499CF856608E} -> C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll (Evernote Corp., 305 Walnut Street, Redwood City, CA 94063)
BHO-x32: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Microsoft Corporation)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Face recognition web login for FastAccess -> {DA5BCE70-D057-4D63-943D-5F3927EC59F1} -> C:\Program Files (x86)\Sensible Vision\Fast Access\FAIESSO.dll (Sensible Vision )
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKLM - &RoboForm Toolbar - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboForm-x64.dll (Siber Systems Inc.)
Toolbar: HKLM-x32 - &RoboForm Toolbar - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.)
Toolbar: HKU\S-1-5-21-1973055484-1563379939-3891434950-1001 -> No Name - {D4027C7F-154A-4066-A1AD-4243D8127440} - No File
Toolbar: HKU\S-1-5-21-1973055484-1563379939-3891434950-1001 -> &RoboForm Toolbar - {724D43A0-0D85-11D4-9908-00400523E39A} - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboForm-x64.dll (Siber Systems Inc.)
Toolbar: HKU\S-1-5-21-1973055484-1563379939-3891434950-1001 -> No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File
DPF: HKLM-x32 {414FB93D-DEDD-4FEF-AD7F-167992EBDB52} https://portal1.workbooth.com//SNX/CSHELL/extender.cab
DPF: HKLM-x32 {6C269571-C6D7-4818-BCA4-32A035E8C884} http://ccfiles.creative.com/Web/softwareupdate/su/ocx/15102/CTSUEng.cab
DPF: HKLM-x32 {74F4F118-91E6-4AFC-B8D2-04066781F239} https://www.member-data.com/rdc/EZTwainX.cab
DPF: HKLM-x32 {D4B68B83-8710-488B-A692-D74B50BA558E} http://ccfiles.creative.com/Web/softwareupdate/ocx/15113/CTPIDPDE.cab
DPF: HKLM-x32 {F6962361-AD4A-4897-A356-3E10A15A102C} https://conference.teletech.com/client/T27LD/webex/ieatgpc1.cab
DPF: HKLM-x32 {F6ACF75C-C32C-447B-9BEF-46B766368D29} http://ccfiles.creative.com/Web/softwareupdate/ocx/110926/CTPID.cab
Handler-x32: belarc - {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - C:\Program Files (x86)\Belarc\BelarcAdvisor\System\BAVoilaX.dll (Belarc, Inc.)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Handler: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Microsoft Corporation)
Handler-x32: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Microsoft Corporation)
Tcpip\Parameters: [DhcpNameServer] 209.18.47.61 209.18.47.62

FireFox:
========
FF ProfilePath: C:\Users\TheMills\AppData\Roaming\Mozilla\Firefox\Profiles\f7je90h8.default
FF Homepage: about:home
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_16_0_0_257.dll ()
FF Plugin: @garmin.com/GpsControl -> C:\Program Files\Garmin GPS Plugin\npGarmin.dll (GARMIN Corp.)
FF Plugin: @java.com/JavaPlugin -> C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin: @microsoft.com/VirtualEarth3D,version=4.0 -> C:\Program Files (x86)\Virtual Earth 3D\ ()
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_16_0_0_257.dll ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @garmin.com/GpsControl -> C:\Program Files (x86)\Garmin GPS Plugin\npGarmin.dll (GARMIN Corp.)
FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin-x32: @java.com/DTPlugin,version=10.71.2 -> C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.71.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~3\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~3\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/VirtualEarth3D,version=4.0 -> C:\Program Files (x86)\Virtual Earth 3D\ ()
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3538.0513 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3528.0331 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @WildTangent.com/GamesAppPresenceDetector,Version=1.0 -> C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll ()
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-1973055484-1563379939-3891434950-1001: @citrixonline.com/appdetectorplugin -> C:\Users\TheMills\AppData\Local\Citrix\Plugins\104\npappdetector.dll (Citrix Online)
FF Plugin HKU\S-1-5-21-1973055484-1563379939-3891434950-1001: @tools.google.com/Google Update;version=3 -> C:\Users\TheMills\AppData\Local\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKU\S-1-5-21-1973055484-1563379939-3891434950-1001: @tools.google.com/Google Update;version=9 -> C:\Users\TheMills\AppData\Local\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKU\S-1-5-21-1973055484-1563379939-3891434950-1001: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\TheMills\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
FF Plugin HKU\S-1-5-21-1973055484-1563379939-3891434950-1001: amazon.com/AmazonMP3DownloaderPlugin -> C:\Program Files (x86)\Amazon\MP3 Downloader\npAmazonMP3DownloaderPlugin1017325.dll (Amazon.com, Inc.)
FF HKLM-x32\...\Firefox\Extensions: [fassoxpcom@sensiblevision.com] - C:\Program Files (x86)\Sensible Vision\Fast Access\xpcom_fasso
FF Extension: FastAccess Web Login - C:\Program Files (x86)\Sensible Vision\Fast Access\xpcom_fasso [2012-01-08]
FF HKLM-x32\...\Firefox\Extensions: [virtualKeyboard@kaspersky.ru] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2012\FFExt\virtualKeyboard@kaspersky.ru
FF HKLM-x32\...\Firefox\Extensions: [{22119944-ED35-4ab1-910B-E619EA06A115}] - C:\Program Files (x86)\Siber Systems\AI RoboForm\Firefox
FF Extension: RoboForm Toolbar for Firefox - C:\Program Files (x86)\Siber Systems\AI RoboForm\Firefox [2012-03-07]
FF HKU\S-1-5-21-1973055484-1563379939-3891434950-1001\...\Firefox\Extensions: [{22119944-ED35-4ab1-910B-E619EA06A115}] - C:\Program Files (x86)\Siber Systems\AI RoboForm\Firefox

Chrome:
=======
CHR HomePage: Default -> hxxp://www.bing.com/
CHR StartupUrls: Default -> "hxxp://search.conduit.com/?CUI=UN25628324036515304&ctid=CT3272718&SearchSource=48"
CHR DefaultSearchKeyword: Default -> bing.com
CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\39.0.2171.95\PepperFlash\pepflashplayer.dll No File
CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\39.0.2171.95\ppGoogleNaClPluginChrome.dll No File
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\39.0.2171.95\pdf.dll No File
CHR Plugin: (Kaspersky Anti-Virus) - C:\Users\TheMills\AppData\Local\Google\Chrome\User Data\Default\Extensions\dchlnpcodkpfdpacogkljefecpegganj\12.0.0.477_0\plugin/npUrlAdvisor.dll No File
CHR Plugin: (Kaspersky Anti-Virus) - C:\Users\TheMills\AppData\Local\Google\Chrome\User Data\Default\Extensions\jagncdcchgajhfhijbbhecadmaiegcmh\12.0.0.477_0\plugin/npVKPlugin.dll No File
CHR Plugin: (RoboForm Plugin for Google Chrome/Opera/etc.) - C:\Program Files (x86)\Siber Systems\AI RoboForm\Chrome\plugin/np-rf-plugin.dll (Siber Systems Inc.)
CHR Plugin: (Kaspersky Anti-Virus) - C:\Users\TheMills\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjldcfjmnllhmgjclecdnfampinooman\12.0.0.374_0\plugin/npABPlugin.dll No File
CHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll No File
CHR Plugin: (Coupons Inc., Coupon Printer Manager ) - C:\Program Files (x86)\Google\Chrome\Application\plugins\npMozCouponPrinter.dll No File
CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~2\MICROS~3\Office14\NPAUTHZ.DLL (Microsoft Corporation)
CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~2\MICROS~3\Office14\NPSPWRAP.DLL (Microsoft Corporation)
CHR Plugin: (AmazonMP3DownloaderPlugin) - C:\Program Files (x86)\Amazon\MP3 Downloader\npAmazonMP3DownloaderPlugin1017325.dll (Amazon.com, Inc.)
CHR Plugin: (Google Earth Plugin) - C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll No File
CHR Plugin: (Java™ Platform SE 6 U31) - C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll No File
CHR Plugin: (Windows Live? Photo Gallery) - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
CHR Plugin: (iTunes Application Detector) - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
CHR Plugin: (Silverlight Plug-In) - c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll No File
CHR Profile: C:\Users\TheMills\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Drive) - C:\Users\TheMills\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2013-05-15]
CHR Extension: (Kaspersky URL Advisor) - C:\Users\TheMills\AppData\Local\Google\Chrome\User Data\Default\Extensions\dchlnpcodkpfdpacogkljefecpegganj [2012-04-01]
CHR Extension: (Content Blocker) - C:\Users\TheMills\AppData\Local\Google\Chrome\User Data\Default\Extensions\hghkgaeecgjhjkannahfamoehjmkjail [2013-03-05]
CHR Extension: (Virtual Keyboard) - C:\Users\TheMills\AppData\Local\Google\Chrome\User Data\Default\Extensions\jagncdcchgajhfhijbbhecadmaiegcmh [2012-04-01]
CHR Extension: (Love Smoke) - C:\Users\TheMills\AppData\Local\Google\Chrome\User Data\Default\Extensions\jgibfhhccaknggplelmbaepoikkcnllb [2013-05-15]
CHR Extension: (Skype Click to Call) - C:\Users\TheMills\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl [2014-11-28]
CHR Extension: (Google Wallet) - C:\Users\TheMills\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-01-25]
CHR Extension: (MixiDJ) - C:\Users\TheMills\AppData\Local\Google\Chrome\User Data\Default\Extensions\pbofibgamhkgoonaocfgemncghhadmgb [2013-03-27]
CHR Extension: (RoboForm) - C:\Users\TheMills\AppData\Local\Google\Chrome\User Data\Default\Extensions\pnlccmojcmeohlpggmfnbbiapkmbliob [2014-11-28]
CHR HKLM\...\Chrome\Extension: [feocblgcojafilfbgoineopkngchgaei] - C:\Program Files (x86)\Sensible Vision\Fast Access\chrome_fasso\extension.crx [Not Found]
CHR HKU\S-1-5-21-1973055484-1563379939-3891434950-1001\...\Chrome\Extension: [apdfllckaahabafndbhieahigkjlhalf] - C:\Users\TheMills\AppData\Local\Google\Drive\apdfllckaahabafndbhieahigkjlhalf_live.crx [2013-05-07]
CHR HKU\S-1-5-21-1973055484-1563379939-3891434950-1001\...\Chrome\Extension: [pbofibgamhkgoonaocfgemncghhadmgb] - C:\Users\TheMills\AppData\Local\CRE\pbofibgamhkgoonaocfgemncghhadmgb.crx [2013-02-07]
CHR HKLM-x32\...\Chrome\Extension: [feocblgcojafilfbgoineopkngchgaei] - C:\Program Files (x86)\Sensible Vision\Fast Access\chrome_fasso\extension.crx [Not Found]
CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files (x86)\Skype\Toolbars\ChromeExtension\skype_chrome_extension.crx [2014-07-14]
CHR HKLM-x32\...\Chrome\Extension: [pbofibgamhkgoonaocfgemncghhadmgb] - C:\Users\TheMills\AppData\Local\CRE\pbofibgamhkgoonaocfgemncghhadmgb.crx [2013-02-07]
CHR HKLM-x32\...\Chrome\Extension: [pnlccmojcmeohlpggmfnbbiapkmbliob] - C:\Program Files (x86)\Siber Systems\AI RoboForm\Chrome\rf-chrome.crx [2014-02-20]

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 Atheros Bt&Wlan Coex Agent; C:\Program Files (x86)\Dell Wireless\Ath_CoexAgent.exe [135168 2011-02-16] (Atheros) [File not signed]
R2 AtherosSvc; C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\adminservice.exe [77984 2011-03-31] (Atheros Commnucations) [File not signed]
R2 c2cautoupdatesvc; C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [1390176 2014-07-14] (Microsoft Corporation)
R2 c2cpnrsvc; C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [1767520 2014-07-14] (Microsoft Corporation)
R2 cpextender; C:\Program Files (x86)\CheckPoint\SSL Network Extender\slimsvc.exe [368280 2014-02-19] (Check Point Software Technologies)
S3 DCDhcpService; C:\Program Files (x86)\Atheros Direct Connect\DCDhcpService.exe [100352 2011-03-31] (Atheros Communication Inc.) [File not signed]
R2 Dell WMI Service; C:\Program Files (x86)\DELL\DELLOSD\DellOSDService.exe [98304 2011-05-27] () [File not signed]
R2 EpsonBidirectionalService; C:\Program Files (x86)\Common Files\EPSON\EBAPI\eEBSVC.exe [94208 2006-12-19] (SEIKO EPSON CORPORATION) [File not signed]
R2 FAService; C:\Program Files (x86)\Sensible Vision\Fast Access\FAService.exe [2451440 2011-08-19] (Sensible Vision ) [File not signed]
R2 Fitbit Connect; C:\Program Files (x86)\Fitbit Connect\FitbitConnectService.exe [1239584 2013-02-25] (Fitbit, Inc.) [File not signed]
R2 Garmin Core Update Service; C:\Program Files (x86)\Garmin\Core Update Service\Garmin.Cartography.MapUpdate.CoreService.exe [438616 2014-08-07] (Garmin Ltd or its subsidiaries)
R2 GsServer; C:\Program Files\Siber Systems\GoodSync\Gs-Server.exe [4975792 2012-03-05] ()
R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [23784 2014-08-22] (Microsoft Corporation)
R3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [368624 2014-08-22] (Microsoft Corporation)
R2 OSDSvc; C:\Program Files (x86)\Dell\Dell KM632 Wireless Keyboard Caps Lock Indicator\OSDSrv.exe [176128 2010-12-01] (Chicony) [File not signed]
R2 StatusAgent4; C:\Windows\SysWOW64\SAgent4.exe [131072 2010-07-28] (SEIKO EPSON CORPORATION) [File not signed]
S3 COMSysApp; %SystemRoot%\system32\dllhost.exe /Processid:{02D4B3F1-FD88-11D1-960D-00805FC79235}

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

S3 cricut; C:\Windows\System32\DRIVERS\cricut_x64.sys [72248 2013-05-15] ()
R3 dfmirage; C:\Windows\System32\DRIVERS\dfmirage.sys [36432 2008-03-04] (DemoForge, LLC)
S3 ISWKLP; C:\Windows\System32\drivers\ISWKLP.sys [43368 2014-09-05] (Check Point Software Technologies)
S3 mini; C:\Windows\System32\DRIVERS\mini_x64.sys [70672 2012-04-18] ()
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [269008 2014-07-17] (Microsoft Corporation)
R2 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [125584 2014-07-17] (Microsoft Corporation)
R3 VNA; C:\Windows\System32\DRIVERS\vna.sys [161256 2014-02-19] (Check Point Software Technologies)

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-01-14 12:08 - 2015-01-14 12:11 - 00034678 _____ () C:\Users\TheMills\Desktop\FRST.txt
2015-01-14 12:07 - 2015-01-14 12:09 - 00000000 ____D () C:\FRST
2015-01-14 12:07 - 2015-01-14 12:07 - 02124288 _____ (Farbar) C:\Users\TheMills\Desktop\FRST64.exe
2015-01-14 11:03 - 2015-01-14 11:04 - 00033000 _____ () C:\Users\TheMills\Desktop\dds.txt
2015-01-14 11:03 - 2015-01-14 11:04 - 00016208 _____ () C:\Users\TheMills\Desktop\attach.txt
2015-01-14 10:50 - 2015-01-14 10:50 - 00688992 ____R (Swearware) C:\Users\TheMills\Desktop\dds.com
2015-01-14 10:49 - 2015-01-14 10:49 - 00688992 _____ (Swearware) C:\Users\TheMills\Downloads\dds (1).com
2015-01-14 10:46 - 2015-01-14 10:46 - 00688992 _____ (Swearware) C:\Users\TheMills\Downloads\dds.com
2015-01-07 17:09 - 2015-01-07 17:09 - 00000000 ___HD () C:\OneDriveTemp
2015-01-07 16:40 - 2015-01-14 09:49 - 00000000 ___RD () C:\Users\TheMills\OneDrive
2015-01-04 22:28 - 2015-01-04 22:28 - 38056472 _____ (Stampin' Up!) C:\Users\TheMills\mds_2_3_10_quiet_update.exe
2015-01-04 22:27 - 2015-01-05 00:42 - 00001715 _____ () C:\Users\TheMills\mydigitalstudio2.prefs
2015-01-04 22:27 - 2015-01-04 22:27 - 00000031 _____ () C:\Users\TheMills\mds2Custom.prefs
2015-01-04 22:27 - 2015-01-04 22:27 - 00000000 ____D () C:\Users\TheMills\Documents\My Digital Studio Projects
2015-01-04 22:27 - 2015-01-04 22:27 - 00000000 ____D () C:\Users\TheMills\.swt
2015-01-04 22:26 - 2015-01-04 22:26 - 00002047 _____ () C:\Users\Public\Desktop\My Digital Studio.lnk
2015-01-04 22:25 - 2015-01-04 22:25 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\My Digital Studio
2015-01-04 22:14 - 2015-01-04 22:55 - 00000000 ____D () C:\Program Files (x86)\My Digital Studio
2015-01-04 21:00 - 2015-01-04 21:02 - 00005431 _____ () C:\Users\TheMills\Downloads\MDS TRIAL.exe
2014-12-31 00:14 - 2014-12-31 00:14 - 00003886 _____ () C:\Windows\System32\Tasks\Adobe Acrobat Update Task
2014-12-31 00:08 - 2014-12-31 00:10 - 01069560 _____ () C:\Windows\Minidump\123114-39546-01.dmp
2014-12-18 14:00 - 2014-12-13 00:09 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-12-18 14:00 - 2014-12-12 22:33 - 00115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-12-15 09:18 - 2014-12-15 09:18 - 00000000 ____D () C:\Windows\system32\appraiser
2014-12-15 08:52 - 2014-10-17 21:05 - 04121600 _____ (Microsoft Corporation) C:\Windows\system32\mf.dll
2014-12-15 08:52 - 2014-10-17 20:33 - 03209728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mf.dll
2014-12-15 08:52 - 2014-07-06 21:06 - 00206848 _____ (Microsoft Corporation) C:\Windows\system32\mfps.dll
2014-12-15 08:52 - 2014-07-06 21:06 - 00055808 _____ (Microsoft Corporation) C:\Windows\system32\rrinstaller.exe
2014-12-15 08:52 - 2014-07-06 21:06 - 00024576 _____ (Microsoft Corporation) C:\Windows\system32\mfpmp.exe
2014-12-15 08:52 - 2014-07-06 21:02 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\mferror.dll
2014-12-15 08:52 - 2014-07-06 20:40 - 00103424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfps.dll
2014-12-15 08:52 - 2014-07-06 20:39 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rrinstaller.exe
2014-12-15 08:52 - 2014-07-06 20:39 - 00023040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfpmp.exe
2014-12-15 08:52 - 2014-07-06 20:37 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mferror.dll

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-01-14 12:08 - 2014-02-28 15:50 - 00000580 _____ () C:\Windows\Tasks\G2MUpdateTask-S-1-5-21-1973055484-1563379939-3891434950-1001.job
2015-01-14 12:08 - 2013-05-02 14:44 - 00000920 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1973055484-1563379939-3891434950-1001UA.job
2015-01-14 11:40 - 2012-03-30 09:54 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-01-14 11:39 - 2009-07-13 23:45 - 00028352 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-01-14 11:39 - 2009-07-13 23:45 - 00028352 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-01-14 11:13 - 2012-03-25 09:07 - 00000898 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-01-14 11:10 - 2012-01-08 21:37 - 01268181 _____ () C:\Windows\WindowsUpdate.log
2015-01-14 10:13 - 2012-03-13 12:55 - 00000000 ____D () C:\Users\TheMills\AppData\Local\CrashDumps
2015-01-14 09:54 - 2009-07-14 00:13 - 00782470 _____ () C:\Windows\system32\PerfStringBackup.INI
2015-01-14 09:49 - 2013-02-20 12:19 - 00000000 ___RD () C:\Users\TheMills\Dropbox
2015-01-14 09:49 - 2013-02-20 12:09 - 00000000 ____D () C:\Users\TheMills\AppData\Roaming\Dropbox
2015-01-14 09:48 - 2012-01-08 22:14 - 00000000 ____D () C:\Users\Default\AppData\Local\SoftThinks
2015-01-14 09:48 - 2012-01-08 22:14 - 00000000 ____D () C:\Users\Default User\AppData\Local\SoftThinks
2015-01-14 09:48 - 2012-01-08 22:05 - 00000000 ____D () C:\Program Files (x86)\Dell DataSafe Local Backup
2015-01-14 09:47 - 2012-03-25 09:07 - 00000894 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-01-14 09:46 - 2012-03-25 09:07 - 00000000 ____D () C:\Program Files\Google
2015-01-14 09:46 - 2012-03-25 09:07 - 00000000 ____D () C:\Program Files (x86)\Google
2015-01-14 09:46 - 2012-01-08 23:31 - 00000000 ____D () C:\ProgramData\NVIDIA
2015-01-14 09:46 - 2010-11-20 22:47 - 00333486 _____ () C:\Windows\PFRO.log
2015-01-14 09:46 - 2009-07-14 00:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-01-14 09:46 - 2009-07-13 23:51 - 00077384 _____ () C:\Windows\setupact.log
2015-01-14 09:14 - 2013-02-01 11:40 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Drive
2015-01-14 09:09 - 2012-04-18 12:37 - 00000000 ____D () C:\Program Files\Provocraft
2015-01-14 09:07 - 2012-01-08 22:07 - 00000000 ____D () C:\ProgramData\Cozi
2015-01-14 01:08 - 2013-05-02 14:44 - 00000868 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1973055484-1563379939-3891434950-1001Core.job
2015-01-13 19:42 - 2012-03-30 09:54 - 00701616 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2015-01-13 19:42 - 2012-03-30 09:54 - 00003768 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2015-01-13 19:42 - 2012-01-08 21:39 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2015-01-13 17:50 - 2012-03-25 09:07 - 00000000 ____D () C:\Users\TheMills\AppData\Local\Google
2015-01-13 17:50 - 2012-03-25 09:07 - 00000000 ____D () C:\ProgramData\Google
2015-01-13 16:46 - 2013-03-21 10:04 - 00000000 ____D () C:\Users\TheMills\AppData\Local\{CF5ACE5A-F84D-46BD-B183-75934EFC9B5B}
2015-01-13 15:17 - 2014-10-19 22:44 - 00003954 _____ () C:\Windows\System32\Tasks\User_Feed_Synchronization-{116CCF82-5BB0-485E-A8CB-680DC15BBFBF}
2015-01-13 15:15 - 2014-08-06 12:45 - 00000198 _____ () C:\Users\TheMills\BullseyeCoverageError.txt
2015-01-13 12:21 - 2013-06-04 18:07 - 00003440 _____ () C:\Windows\System32\Tasks\PCDEventLauncherTask
2015-01-11 20:18 - 2013-03-31 10:31 - 00000000 ____D () C:\Users\TheMills\AppData\Local\Deployment
2015-01-07 16:40 - 2012-03-04 20:22 - 00000000 ____D () C:\Users\TheMills
2015-01-07 16:38 - 2014-03-15 19:58 - 00002195 _____ () C:\Users\TheMills\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Microsoft OneDrive.lnk
2015-01-04 20:27 - 2013-11-21 19:44 - 00000000 ____D () C:\ProgramData\boost_interprocess
2015-01-03 15:33 - 2014-02-28 15:50 - 00003620 _____ () C:\Windows\System32\Tasks\G2MUpdateTask-S-1-5-21-1973055484-1563379939-3891434950-1001
2014-12-31 06:14 - 2010-11-20 22:27 - 00298120 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe
2014-12-31 00:09 - 2009-07-13 23:45 - 00834872 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-12-31 00:08 - 2012-05-22 16:55 - 1096731207 _____ () C:\Windows\MEMORY.DMP
2014-12-31 00:08 - 2012-05-22 16:55 - 00000000 ____D () C:\Windows\Minidump
2014-12-30 23:50 - 2012-09-14 03:02 - 00000000 ____D () C:\Users\TheMills\AppData\Roaming\Skype
2014-12-23 02:01 - 2013-05-19 18:12 - 00000000 ____D () C:\Users\TheMills\AppData\Roaming\com.aspexsoftware.Silhouette_Studio
2014-12-22 13:43 - 2012-03-04 20:24 - 00220936 _____ () C:\Users\TheMills\AppData\Local\GDIPFONTCACHEV1.DAT
2014-12-17 06:35 - 2013-02-20 12:19 - 00001034 _____ () C:\Users\TheMills\Desktop\Dropbox.lnk
2014-12-17 06:35 - 2013-02-20 12:10 - 00000000 ____D () C:\Users\TheMills\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
2014-12-16 00:01 - 2013-06-27 14:12 - 00000000 ____D () C:\Users\TheMills\Documents\DIY & Crafts
2014-12-16 00:01 - 2013-01-06 10:38 - 00361984 ___SH () C:\Users\TheMills\Documents\Thumbs.db
2014-12-16 00:00 - 2013-08-16 15:57 - 00000000 ____D () C:\Users\TheMills\Documents\Rhinestones
2014-12-15 23:58 - 2012-03-30 20:55 - 00000000 ____D () C:\Users\TheMills\Documents\Recipes
2014-12-15 13:02 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\rescache
2014-12-15 09:18 - 2014-05-07 02:01 - 00000000 ___SD () C:\Windows\system32\CompatTel
2014-12-15 09:18 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\PolicyDefinitions
2014-12-15 09:18 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\AppCompat
2014-12-15 09:03 - 2012-03-07 17:41 - 00000000 ____D () C:\ProgramData\Microsoft Help
2014-12-15 09:02 - 2013-08-15 03:03 - 00000000 ____D () C:\Windows\system32\MRT
2014-12-15 08:55 - 2012-03-07 10:57 - 112710672 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-12-15 08:41 - 2014-07-25 16:05 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service

Files to move or delete:
====================
C:\Users\Public\dcmsvcsetup.exe
C:\Users\Public\invokesi.exe
C:\Users\TheMills\mds_2_3_10_quiet_update.exe


Some content of TEMP:
====================
C:\Users\Charles\AppData\Local\Temp\FAInstallV3.001.082.Dell.exe
C:\Users\TheMills\AppData\Local\Temp\BullseyeCoverage-2-x86.dll
C:\Users\TheMills\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpkiso7r.dll
C:\Users\TheMills\AppData\Local\Temp\i4jdel0.exe
C:\Users\TheMills\AppData\Local\Temp\jre-7u71-windows-i586-iftw.exe


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2015-01-04 01:40

==================== End Of Log ============================

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 12-01-2015 02
Ran by TheMills at 2015-01-14 12:11:59
Running from C:\Users\TheMills\Desktop
Boot Mode: Normal
==========================================================


==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Microsoft Security Essentials (Enabled - Up to date) {4F35CFC4-45A3-FC37-EF17-759A02E39AB1}
AS: Microsoft Security Essentials (Enabled - Up to date) {F4542E20-6399-F3B9-D5A7-4EE87964D00C}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 3.9.0.1210 - Adobe Systems Incorporated)
Adobe Community Help (HKLM-x32\...\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1) (Version: 3.2.1.650 - Adobe Systems Incorporated)
Adobe Flash Player 16 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 16.0.0.257 - Adobe Systems Incorporated)
Adobe Flash Player 16 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 16.0.0.257 - Adobe Systems Incorporated)
Adobe Photoshop Elements 9 (HKLM-x32\...\Adobe Photoshop Elements 9) (Version: 9.0 - Adobe Systems Incorporated)
Adobe Premiere Elements 9 (HKLM-x32\...\PremElem90) (Version: 9.0 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.10) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.10 - Adobe Systems Incorporated)
Advanced Audio FX Engine (HKLM-x32\...\Advanced Audio FX Engine) (Version: 1.12.05 - Creative Technology Ltd)
Amazon Cloud Drive (HKLM-x32\...\{BF55B950-4227-49DF-914B-A8F63D236DB8}) (Version: 0.09.25.3 - Amazon.com)
Amazon Kindle (HKU\S-1-5-21-1973055484-1563379939-3891434950-1001\...\Amazon Kindle) (Version: - Amazon)
Amazon MP3 Downloader 1.0.17 (HKLM-x32\...\Amazon MP3 Downloader) (Version: 1.0.17 - Amazon Services LLC)
Amazon Music Importer (HKLM-x32\...\com.amazon.music.uploader) (Version: 2.0.1 - Amazon Services LLC)
Amazon Music Importer (x32 Version: 2.0.1 - Amazon Services LLC) Hidden
ANT Drivers Installer x64 (Version: 2.3.4 - Garmin Ltd or its subsidiaries) Hidden
Apple Application Support (HKLM-x32\...\{46F044A5-CE8B-4196-984E-5BD6525E361D}) (Version: 2.3.6 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{2EF5D87E-B7BD-458F-8428-E4D0B8B4E65C}) (Version: 7.0.0.117 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
Atheros Direct Connect (HKLM-x32\...\{21DD6041-7251-40FA-9D06-C5EB30268E0F}) (Version: 3.0 - Atheros)
Aurora SVG Viewer & Converter version 12.01 (HKLM-x32\...\{086EADE2-99F8-40BB-AFB0-C9B950501AF5}_is1) (Version: 12.01 - Aurora3D, Inc.)
AVS Video Editor 6.5 (HKLM-x32\...\AVS Video Editor_is1) (Version: 6.5.1.246 - Online Media Technologies Ltd.)
Azteca (x32 Version: 2.2.0.95 - WildTangent) Hidden
Bejeweled 2 Deluxe (x32 Version: 2.2.0.95 - WildTangent) Hidden
Belarc Advisor 8.4 (HKLM-x32\...\Belarc Advisor) (Version: 8.4.0.0 - Belarc Inc.)
Bing Maps 3D (HKLM\...\{6ACE7F46-FACE-4125-AE86-672F4F2A6A28}) (Version: 4.0.903.16005 - Microsoft Corporation)
BitMeter (HKLM-x32\...\BitMeter) (Version: - )
Blio (HKLM-x32\...\{400182B4-CA55-46A9-9D88-F8413DCFB36D}) (Version: 2.3.7140 - K-NFB Reading Technology, Inc.)
Bluetooth Win7 Suite (64) (HKLM\...\{230D1595-57DA-4933-8C4E-375797EBB7E1}) (Version: 7.2.0.70 - Atheros Communications)
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
Bounce Symphony (x32 Version: 2.2.0.95 - WildTangent) Hidden
Build-a-lot 2 (x32 Version: 2.2.0.95 - WildTangent) Hidden
Bullzip PDF Printer 9.10.0.1629 (HKLM\...\Bullzip PDF Printer_is1) (Version: 9.10.0.1629 - Bullzip)
Cake Mania (x32 Version: 2.2.0.95 - WildTangent) Hidden
calibre (HKLM-x32\...\{915C56D7-1EFD-4BF3-9FBE-2B0D39F36525}) (Version: 0.8.50 - Kovid Goyal)
Check Point Deployment Shell (HKLM-x32\...\{cc11996c-1401-4b23-9b09-41cbeabb5e83}) (Version: 8.00.0000 - Check Point)
Check Point SSL Network Extender Service (HKLM-x32\...\{cc1550f2-f81f-49d8-b834-4cd9660d8430}) (Version: 7.01.0000 - CheckPoint)
Chicken Invaders v1.30 (HKLM-x32\...\Chicken Invaders_is1) (Version: - InterAction studios)
Chuzzle Deluxe (x32 Version: 2.2.0.95 - WildTangent) Hidden
CIR Registry (HKLM-x32\...\{AFA1FCA1-626E-403C-9BCA-968FECB62C4D}) (Version: 1.00.0000 - ITE)
Cisco WebEx Meetings (HKU\S-1-5-21-1973055484-1563379939-3891434950-1001\...\ActiveTouchMeetingClient) (Version: - Cisco WebEx LLC)
Citrix Online Launcher (HKLM-x32\...\{75B8A55E-0762-4676-AAC0-6FDF025B034B}) (Version: 1.0.220 - Citrix)
Corel Graphics - Windows Shell Extension (HKLM-x32\...\_{B6BFCD02-BA0E-41A9-9C9C-6624C4BB475F}) (Version: 15.2.0.686 - Corel Corporation)
Corel Graphics - Windows Shell Extension (x32 Version: 15.2.686 - Corel Corporation) Hidden
Corel Graphics - Windows Shell Extension 64 Bit (Version: 15.2.686 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X5 - BR (x32 Version: 15.3 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X5 - Capture (x32 Version: 15.3 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X5 - Common (x32 Version: 15.3 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X5 - Connect (x32 Version: 15.3 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X5 - Custom Data (x32 Version: 15.3 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X5 - Draw (x32 Version: 15.3 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X5 - EN (x32 Version: 15.3 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X5 - ES (x32 Version: 15.3 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X5 - Extra Content (HKLM-x32\...\_{D0291D38-D7AE-47B6-AD64-4FAB908FDB9F}) (Version: - Corel Corporation)
CorelDRAW Graphics Suite X5 - Extra Content (x32 Version: 15.0 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X5 - Filters (x32 Version: 15.3 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X5 - FontNav (x32 Version: 15.3 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X5 - FR (x32 Version: 15.3 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X5 - IPM (x32 Version: 15.3 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X5 - PHOTO-PAINT (x32 Version: 15.3 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X5 - Photozoom Plugin (x32 Version: 15.0 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X5 - Premium Fonts (x32 Version: 1.00.0000 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X5 - Redist (x32 Version: 15.0 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X5 - Setup Files (x32 Version: 15.3 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X5 - VBA (x32 Version: 15.3 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X5 - VideoBrowser (x32 Version: 15.3 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X5 - VSTA (x32 Version: 15.3 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X5 - WT (x32 Version: 15.3 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X5 (x32 Version: 15.3 - Corel Corporation) Hidden
CorelDRAW® Graphics Suite X5 (HKLM-x32\...\_{CE54DCE1-E00A-4D91-ACB9-A2D916C24051}) (Version: 15.2.0.686 - Corel Corporation)
Coupon Printer for Windows (HKLM-x32\...\Coupon Printer for Windows5.0.0.1) (Version: 5.0.0.1 - Coupons.com Incorporated)
CyberLink YouPaint (HKLM-x32\...\InstallShield_{72BF1DA0-2B00-4794-9173-159722019B74}) (Version: 1.2.2124 - CyberLink Corp.)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
dcmsvc 1.0 (HKLM-x32\...\dcmsvc_is1) (Version: - )
Dell Bluetooth Installation (HKLM-x32\...\{28006915-2739-4EBE-B5E8-49B25D32EB33}) (Version: 9.0 - Dell Inc.)
Dell DataSafe Local Backup - Support Software (HKLM-x32\...\{A9668246-FB70-4103-A1E3-66C9BC2EFB49}) (Version: 9.4.61 - Dell Inc.)
Dell DataSafe Local Backup (HKLM-x32\...\{0ED7EE95-6A97-47AA-AD73-152C08A15B04}) (Version: 9.4.61 - Dell Inc.)
Dell DataSafe Online (HKLM-x32\...\{7EC66A95-AC2D-4127-940B-0445A526AB2F}) (Version: 2.1.19634 - Dell)
Dell Edoc Viewer (HKLM\...\{8EBA8727-ADC2-477B-9D9A-1A1836BE4E05}) (Version: 1.0.0 - Dell Inc)
Dell Getting Started Guide (HKLM-x32\...\{7DB9F1E5-9ACB-410D-A7DC-7A3D023CE045}) (Version: 1.00.0000 - Dell Inc.)
Dell KM632 Wireless Keyboard Caps Lock Indicator (HKLM-x32\...\{55586382-6704-4237-AAA7-85FF9C055022}) (Version: 2.1.9.0401 - Dell)
Dell MusicStage (HKLM-x32\...\{91AF2672-F5BC-42CF-8037-A9D2F92BBCC0}) (Version: 1.5.201.0 - Fingertapps)
Dell PhotoStage (HKLM-x32\...\{0D98F04D-11A1-4B64-A406-43292B9EEE90}) (Version: 1.5.0.67 - ArcSoft)
Dell PhotoStage (HKLM-x32\...\{E4335E82-17B3-460F-9E70-39D9BC269DB3}) (Version: 1.5.0.67 - ArcSoft)
Dell Stage (HKLM-x32\...\{FE182796-F6BA-486A-8590-89B7E8D1D60F}) (Version: 1.7.209.0 - Fingertapps)
Dell Stage Remote (HKLM-x32\...\{2299EEBD-0A83-4B26-AA4A-057AE9E5BAE8}) (Version: 2.0.0.50 - ArcSoft)
Dell Stage Remote (HKLM-x32\...\{AF4D3C63-009B-4A17-B02E-D395065DD3F0}) (Version: 2.0.0.50 - ArcSoft)
Dell Touch Software Suite Games (HKLM-x32\...\{6FB3428E-23AA-4CA1-BA9D-E6D5F3F692E4}) (Version: 1.5.133.0 - Fingertapps)
Dell VideoStage (HKLM-x32\...\InstallShield_{DCE0E79A-B9AC-41AC-98C1-7EF0538BCA7F}) (Version: 1.2.0.1712 - CyberLink Corp.)
Dell VideoStage (x32 Version: 1.2.0.1712 - CyberLink Corp.) Hidden
Dell Webcam Central (HKLM-x32\...\Dell Webcam Central) (Version: 2.00.44 - Creative Technology Ltd)
DELLOSD (HKLM-x32\...\{B0F29C6D-C7A9-40AC-9658-921961818E2B}) (Version: 1.0.0.10 - DELL)
DemoForge Mirage Driver for TightVNC 2.0 (HKLM\...\DemoForge Mirage Driver for TightVNC_is1) (Version: 2.0 - DemoForge LLC)
Diner Dash 2 Restaurant Rescue (x32 Version: 2.2.0.95 - WildTangent) Hidden
DirectX 9 Runtime (x32 Version: 1.00.0000 - Sonic Solutions) Hidden
Dora's World Adventure (x32 Version: 2.2.0.95 - WildTangent) Hidden
Dropbox (HKU\S-1-5-21-1973055484-1563379939-3891434950-1001\...\Dropbox) (Version: 3.0.3 - Dropbox, Inc.)
eBay (HKLM-x32\...\{A8B88634-7F90-402F-B66A-86429755F6A5}) (Version: 1.4.0 - eBay Inc.)
Elements 9 Organizer (x32 Version: 9.0 - Adobe Systems Incorporated) Hidden
Elements STI Installer (x32 Version: 1.0 - Adobe Systems Incorporated) Hidden
Elevated Installer (x32 Version: 3.2.17.0 - Garmin Ltd or its subsidiaries) Hidden
Epson Event Manager (HKLM-x32\...\{03B8AA32-F23C-4178-B8E6-09ECD07EAA47}) (Version: 2.40.0001 - SEIKO EPSON CORPORATION)
Epson FAX Utility (HKLM-x32\...\{0CBE6C93-CB2E-4378-91EE-12BE6D4E2E4A}) (Version: 1.10.00 - SEIKO EPSON CORPORATION)
Epson PC-FAX Driver (HKLM-x32\...\EPSON PC-FAX Driver 2) (Version: - )
EPSON Scan (HKLM-x32\...\EPSON Scanner) (Version: - Seiko Epson Corporation)
EPSON WorkForce 630 Series Printer Uninstall (HKLM\...\EPSON WorkForce 630 Series) (Version: - SEIKO EPSON Corporation)
EpsonNet Print (HKLM-x32\...\{3E31400D-274E-4647-916C-2CACC3741799}) (Version: 2.5.00 - SEIKO EPSON CORPORATION)
EpsonNet Setup 3.3 (HKLM-x32\...\{C9D8A041-2963-4B31-8FFC-1500F3DB9293}) (Version: 3.3b - SEIKO EPSON CORPORATION)
Escape Whisper Valley ™ (x32 Version: 2.2.0.95 - WildTangent) Hidden
Evernote v. 5.1.1 (HKLM-x32\...\{19ABCFE2-7EED-11E3-B98A-00163E98E7D6}) (Version: 5.1.1.2334 - Evernote Corp.)
Face Recognition (HKLM\...\{B132D631-AD31-41C1-BC8A-9715104C633F}) (Version: 3.1.70.1 - Sensible Vision)
Farm Frenzy (x32 Version: 2.2.0.95 - WildTangent) Hidden
FATE (x32 Version: 2.2.0.95 - WildTangent) Hidden
FileViewPro (HKLM\...\{29938C06-6962-4C27-A94C-25E4F424A665}_is1) (Version: 1.5 - Solvusoft Corporation)
Final Drive Fury (x32 Version: 2.2.0.95 - WildTangent) Hidden
Final Drive Nitro (x32 Version: 2.2.0.95 - WildTangent) Hidden
Fitbit Connect (HKLM-x32\...\Fitbit Connect) (Version: 1.0.0.2578 - Fitbit Inc.)
Flixster (HKU\S-1-5-21-1973055484-1563379939-3891434950-1001\...\404b9336c7552828) (Version: 1.7.9.178 - Flixster)
Garmin Communicator Plugin (HKLM-x32\...\{032A13FF-D26D-4844-9597-7EF698627985}) (Version: 4.1.0 - Garmin Ltd or its subsidiaries)
Garmin Communicator Plugin x64 (HKLM\...\{AFA301E1-B410-4F1B-B1C0-2E92FDCD94AD}) (Version: 4.1.0 - Garmin Ltd or its subsidiaries)
Garmin Express (HKLM-x32\...\{b43ffffb-1adc-4bcb-b277-7844ebff94da}) (Version: 3.2.17.0 - Garmin Ltd or its subsidiaries)
Garmin Express (x32 Version: 3.2.17.0 - Garmin Ltd or its subsidiaries) Hidden
Garmin Express Tray (x32 Version: 3.2.17.0 - Garmin Ltd or its subsidiaries) Hidden
Ghostscript GPL 8.64 (Msi Setup) (HKLM-x32\...\_{06CD45E6-FF5E-4D8E-BC01-B276A90DADF2}) (Version: 8.64 - Corel Corporation)
Ghostscript GPL 8.64 (Msi Setup) (x32 Version: 8.64 - Corel Corporation) Hidden
GoodSync (HKLM\...\{B26B00DA-2E5D-4CF2-83C5-911198C0F009}) (Version: 9.1.1.1 - Siber Systems)
Google Drive (HKLM-x32\...\{240D2B48-E06E-446F-A806-01CF36882EB7}) (Version: 1.19.8268.4572 - Google, Inc.)
Google Earth Plug-in (HKLM-x32\...\{4AB54F11-2F8C-11E3-B09F-B8AC6F97B88E}) (Version: 7.1.2.2041 - Google)
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
GoToMeeting 7.0.5.2152 (HKU\S-1-5-21-1973055484-1563379939-3891434950-1001\...\GoToMeeting) (Version: 7.0.5.2152 - CitrixOnline)
High-Definition Video Playback (x32 Version: 7.3.10000.0.0 - Nero AG) Hidden
Inkscape 0.48.2 (HKLM-x32\...\Inkscape) (Version: 0.48.2 - )
Intel® Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 7.0.0.1144 - Intel Corporation)
Intel® Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 9.17.10.3347 - Intel Corporation)
iTunes (HKLM\...\{A04DCB25-7040-4935-A30D-8E0A893ABF2D}) (Version: 11.1.2.32 - Apple Inc.)
Java 7 Update 71 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F03217071FF}) (Version: 7.0.710 - Oracle)
Java™ 6 Update 27 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86416027FF}) (Version: 6.0.270 - Oracle)
Jewel Quest (x32 Version: 2.2.0.95 - WildTangent) Hidden
Jewel Quest Solitaire 2 (x32 Version: 2.2.0.95 - WildTangent) Hidden
join.me (HKU\S-1-5-21-1973055484-1563379939-3891434950-1001\...\JoinMe) (Version: 1.12.3.173 - LogMeIn, Inc.)
Junk Mail filter update (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
LaunchSip (HKLM-x32\...\{B1EAC0C6-B620-46AD-ABDF-EADF31063F76}) (Version: 1.0.0 - Teletech)
Luxor (x32 Version: 2.2.0.95 - WildTangent) Hidden
MDS DWNLDA TAGS TIL CHRISTMAS STAMP BRUSH SET (HKLM-x32\...\9883-5023-5794-0266) (Version: - Stampin Up and StoryRock Inc.)
Memeo AutoSync (HKLM-x32\...\{75B7F766-7998-44d8-A202-F1EC76A121BA}) (Version: - Memeo Inc.)
Memeo Instant Backup (HKLM-x32\...\{8E666407-AC41-46a2-9692-6C7BFCBFDD37}) (Version: 4.70.0.7970 - Memeo Inc.)
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft Office Home and Student 2010 (HKLM-x32\...\Office14.SingleImage) (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-1973055484-1563379939-3891434950-1001\...\OneDriveSetup.exe) (Version: 17.3.1229.0918 - Microsoft Corporation)
Microsoft Security Essentials (HKLM\...\Microsoft Security Client) (Version: 4.6.305.0 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Touch Pack for Windows 7 (HKLM-x32\...\{8FF90DB8-6DED-44A3-B182-244FEC09012F}) (Version: 1.0.40517.00 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (HKLM-x32\...\{820B6609-4C97-3A2B-B644-573B06A0F0CC}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319 (HKLM-x32\...\{196BB40D-1578-3D01-B289-BEFC77A11A1E}) (Version: 10.0.30319 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.50727 (HKLM-x32\...\{22154f09-719a-4619-bb71-5b3356999fbf}) (Version: 11.0.50727.1 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005 (HKLM-x32\...\{ce085a78-074e-4823-8dc1-8a721b94b76d}) (Version: 12.0.21005.1 - Microsoft Corporation)
Microsoft Visual Studio Tools for Applications 2.0 - ENU (HKLM-x32\...\{AA4A4B2C-0465-3CF8-BA76-27A027D8ACAB}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual Studio Tools for Applications 2.0 Runtime (HKLM-x32\...\{299C0434-4F4E-341F-A916-4E07AEB35E79}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft XNA Framework Redistributable 3.0 (HKLM-x32\...\{3898934B-05AE-41CD-96BE-70DA9BFBCE1F}) (Version: 3.0.11010.0 - Microsoft Corporation)
Movie Maker (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Mozilla Firefox 34.0.5 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 34.0.5 (x86 en-US)) (Version: 34.0.5 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 31.0 - Mozilla)
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
Music Manager (HKU\S-1-5-21-1973055484-1563379939-3891434950-1001\...\MusicManager) (Version: - Google, Inc.)
My Dell (HKLM\...\PC-Doctor for Windows) (Version: 3.5.6426.22 - PC-Doctor, Inc.)
My Digital Studio 2.3 (HKLM-x32\...\9883-5023-5794-0994) (Version: 2.3.10.656 - Stampin' Up!)
Namco All-Stars PAC-MAN (x32 Version: 2.2.0.95 - WildTangent) Hidden
NVIDIA 3D Vision Driver 320.78 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 320.78 - NVIDIA Corporation)
NVIDIA Graphics Driver 320.78 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 320.78 - NVIDIA Corporation)
NVIDIA PhysX System Software 9.10.0514 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.10.0514 - NVIDIA Corporation)
NVIDIA Update 1.14.17 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update) (Version: 1.14.17 - NVIDIA Corporation)
Paint.NET v3.5.10 (HKLM\...\{529125EF-E3AC-4B74-97E6-F688A7C0F1C0}) (Version: 3.60.0 - dotPDN LLC)
Penguins! (x32 Version: 2.2.0.95 - WildTangent) Hidden
PhotoShowExpress (x32 Version: 2.0.063 - Sonic Solutions) Hidden
Plants vs. Zombies - Game of the Year (x32 Version: 2.2.0.95 - WildTangent) Hidden
PlayReady PC Runtime x86 (HKLM-x32\...\{CCA5EAAD-92F4-4B7A-B5EE-14294C66AB61}) (Version: 1.3.0 - Microsoft Corporation)
Polar Bowler (x32 Version: 2.2.0.95 - WildTangent) Hidden
Polar Golfer (x32 Version: 2.2.0.95 - WildTangent) Hidden
PrintMaster 2012 Gold (HKLM-x32\...\5354-7805-5584-7015) (Version: 4.0.0.230 - Encore Software Inc.)
RBVirtualFolder64Inst (Version: 1.00.0000 - Roxio, Inc.) Hidden
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6382 - Realtek Semiconductor Corp.)
RoboForm 7-9-8-5 (All Users) (HKLM-x32\...\AI RoboForm) (Version: 7-9-8-5 - Siber Systems)
Roxio Creator Starter (HKLM-x32\...\{6F0BBEFE-BE1C-419B-BA1F-D36C9E7915BC}) (Version: 12.1.77.0 - Roxio)
Roxio File Backup (Version: 1.3.2 - Roxio) Hidden
Samantha Swift (x32 Version: 2.2.0.95 - WildTangent) Hidden
School Zone - Golden Scholar (HKLM-x32\...\Golden Scholar Club) (Version: 1.0 - School Zone Publishing)
Seagate Dashboard (HKLM-x32\...\{C3A11907-930D-41AC-A135-CC3B12F92011}) (Version: 1.1.0.1421 - Memeo Inc.)
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{DE28B448-32E8-4E8F-84F0-A52B21A49B5B}) (Version: - Microsoft)
Silhouette Connect (HKLM-x32\...\{C72DD854-4217-4B2A-989F-C784278E2BAD}) (Version: 1.0.159 - Silhouette America)
Silhouette Studio (HKLM-x32\...\{7A1096AA-9B25-4290-A3F6-B5A814976B25}) (Version: 3.0.531 - Silhouette America)
Skype Click to Call (HKLM-x32\...\{6D1221A9-17BF-4EC0-81F2-27D30EC30701}) (Version: 7.3.16540.9015 - Microsoft Corporation)
Skype™ 6.14 (HKLM-x32\...\{7A3C7E05-EE37-47D6-99E1-2EB05A3DA3F7}) (Version: 6.14.104 - Skype Technologies S.A.)
SmartSound Quicktracks for Premiere Elements 9.0 (HKLM-x32\...\InstallShield_{6748E773-5DA0-4D19-8AA5-273B4133A09B}) (Version: 3.12.3090 - SmartSound Software Inc)
SmartSound Quicktracks for Premiere Elements 9.0 (x32 Version: 3.12.3090 - SmartSound Software Inc) Hidden
Sonic CinePlayer Decoder Pack (x32 Version: 4.3.0 - Sonic Solutions) Hidden
StickyNotes (HKLM-x32\...\{B0789AE7-70D4-454A-90D1-5BA5728E254A}) (Version: 1.5.135.0 - Dell)
SWiSH miniMax2 (HKLM-x32\...\SWiSH miniMax2) (Version: 09.06.02.000 - SWiSHzone.com)
SyncUP (HKLM-x32\...\{40F06490-8C14-43AA-99D3-EEEFDBAC3CFC}) (Version: 1.10.11100.8.106 - Nero AG)
SyncUP (HKLM-x32\...\{D92C9CCE-E5F0-4125-977A-0590F3225B74}) (Version: 10.2.15400 - Nero AG)
TeleTech SIP (HKLM-x32\...\{44F7A4BB-C5D7-4608-8460-DEA9F36475D0}) (Version: 35.7.3858 - TeleTech)
TeleTech VNC 2.0 (remove) (HKLM-x32\...\TeleTech-VNC) (Version: 2.0 - )
TeleTech WB ISA (HKLM-x32\...\TeleTech ISA) (Version: 1.2.2.0 - TeleTech)
TeleTech WB Launcher (HKLM-x32\...\TeleTech WBLauncher) (Version: 1.2.3.0 - TeleTech)
TeleTech WB Project Messages (HKLM-x32\...\TeleTech WBProjectMessages) (Version: 1.2.2.0 - TeleTech)
TeleTech WB URT Audio (HKLM-x32\...\TeleTech AudioURT) (Version: 1.2.3.0 - TeleTech)
Unity Web Player (HKU\S-1-5-21-1973055484-1563379939-3891434950-1001\...\UnityWebPlayer) (Version: - Unity Technologies ApS)
Update Installer for WildTangent Games App (x32 Version: - WildTangent) Hidden
VMware View Client (HKLM\...\{62552A33-CD67-44E0-9A89-0B971221BC40}) (Version: 5.0.1.640055 - VMware, Inc.)
VUDU To Go (HKLM-x32\...\com.vudu.air.Downloader) (Version: 2.0.7 - Vudu)
VUDU To Go (x32 Version: 2.0.7 - Vudu) Hidden
Warner Bros. Digital Copy Manager (HKLM-x32\...\com.warnerbros.DigitalCopyManager.449F66ACC381FDC604DC2AA255FEECEEBBBEE1E5.1) (Version: 1.70 - Warner Bros. Entertainment Inc.)
Warner Bros. Digital Copy Manager (x32 Version: 1.70 - Warner Bros. Entertainment Inc.) Hidden
Wedding Dash - Ready, Aim, Love! (x32 Version: 2.2.0.95 - WildTangent) Hidden
WildTangent Games (HKLM-x32\...\WildTangent dell Master Uninstall) (Version: 1.0.2.5 - WildTangent)
WildTangent Games App (Dell Games) (x32 Version: 4.0.5.2 - WildTangent) Hidden
Windows Driver Package - Dynastream Innovations, Inc. ANT LibUSB Drivers (04/11/2012 1.2.40.201) (HKLM\...\F9D2A789F9CFF8CEC36B544F53877C80F1F73C46) (Version: 04/11/2012 1.2.40.201 - Dynastream Innovations, Inc.)
Windows Driver Package - FTDI CDM Driver Package (02/17/2009 2.04.16) (HKLM\...\F2113B6DA5013A2F764FDB4C8A187CF2DB1F025C) (Version: 02/17/2009 2.04.16 - FTDI)
Windows Driver Package - FTDI CDM Driver Package (02/17/2009 2.04.16) (HKLM\...\F9F460BE83F391EACD49DEEE78C1D44988396991) (Version: 02/17/2009 2.04.16 - FTDI)
Windows Driver Package - Silicon Labs Software (DSI_SiUSBXp_3_1) USB (02/06/2007 3.1) (HKLM\...\D1506E0025B5A3F9EB8270FE81C1EEDD9388B8A2) (Version: 02/06/2007 3.1 - Silicon Labs Software)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3528.0331 - Microsoft Corporation)
Zuma Deluxe (x32 Version: 2.2.0.95 - WildTangent) Hidden

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)

CustomCLSID: HKU\S-1-5-21-1973055484-1563379939-3891434950-1001_Classes\CLSID\{004B49B7-11B9-5058-FF22-08DD093ADC4B}\InprocServer32 -> {1F19F644-9468-D082-1266-68EE85889A47} No File
CustomCLSID: HKU\S-1-5-21-1973055484-1563379939-3891434950-1001_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Users\TheMills\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1973055484-1563379939-3891434950-1001_Classes\CLSID\{0F22A205-CFB0-4679-8499-A6F44A80A208}\InprocServer32 -> C:\Users\TheMills\AppData\Local\Google\Update\1.3.25.5\psuser_64.dll No File
CustomCLSID: HKU\S-1-5-21-1973055484-1563379939-3891434950-1001_Classes\CLSID\{355EC88A-02E2-4547-9DEE-F87426484BD1}\InprocServer32 -> C:\Users\TheMills\AppData\Local\Google\Update\1.3.23.9\psuser_64.dll No File
CustomCLSID: HKU\S-1-5-21-1973055484-1563379939-3891434950-1001_Classes\CLSID\{84B5A313-CD5D-4904-8BA2-AFDC81C1B309}\InprocServer32 -> C:\Users\TheMills\AppData\Local\Citrix\GoToMeeting\1312\G2MOutlookAddin64.dll (Citrix Online, a division of Citrix Systems, Inc.)
CustomCLSID: HKU\S-1-5-21-1973055484-1563379939-3891434950-1001_Classes\CLSID\{90B3DFBF-AF6A-4EA0-8899-F332194690F8}\InprocServer32 -> C:\Users\TheMills\AppData\Local\Google\Update\1.3.24.15\psuser_64.dll No File
CustomCLSID: HKU\S-1-5-21-1973055484-1563379939-3891434950-1001_Classes\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}\InprocServer32 -> C:\Users\TheMills\AppData\Local\Microsoft\SkyDrive\17.3.1229.0918\amd64\SkyDriveShell64.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1973055484-1563379939-3891434950-1001_Classes\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524}\InprocServer32 -> C:\Users\TheMills\AppData\Local\Microsoft\SkyDrive\17.3.1229.0918\amd64\SkyDriveShell64.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1973055484-1563379939-3891434950-1001_Classes\CLSID\{CB3D0F55-BC2C-4C1A-85ED-23ED75B5106B}\InprocServer32 -> C:\Users\TheMills\AppData\Local\Microsoft\SkyDrive\17.3.1229.0918\amd64\SkyDriveShell64.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1973055484-1563379939-3891434950-1001_Classes\CLSID\{D0336C0B-7919-4C04-8CCE-2EBAE2ECE8C9}\InprocServer32 -> C:\Users\TheMills\AppData\Local\Google\Update\1.3.25.11\psuser_64.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-1973055484-1563379939-3891434950-1001_Classes\CLSID\{DD0822FF-3A09-4BDC-B749-4B00B9115850}\InprocServer32 -> {4368FA63-9468-D082-356A-19B285889A47} No File
CustomCLSID: HKU\S-1-5-21-1973055484-1563379939-3891434950-1001_Classes\CLSID\{E8CF3E55-F919-49D9-ABC0-948E6CB34B9F}\InprocServer32 -> C:\Users\TheMills\AppData\Local\Google\Update\1.3.25.11\psuser_64.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-1973055484-1563379939-3891434950-1001_Classes\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A}\InprocServer32 -> C:\Users\TheMills\AppData\Local\Microsoft\SkyDrive\17.3.1229.0918\amd64\SkyDriveShell64.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1973055484-1563379939-3891434950-1001_Classes\CLSID\{F8071786-1FD0-4A66-81A1-3CBE29274458}\InprocServer32 -> C:\Users\TheMills\AppData\Local\Microsoft\SkyDrive\17.3.1229.0918\amd64\FileSyncApi64.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1973055484-1563379939-3891434950-1001_Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\TheMills\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1973055484-1563379939-3891434950-1001_Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\TheMills\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1973055484-1563379939-3891434950-1001_Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\TheMills\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1973055484-1563379939-3891434950-1001_Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\TheMills\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1973055484-1563379939-3891434950-1001_Classes\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\TheMills\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1973055484-1563379939-3891434950-1001_Classes\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\TheMills\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1973055484-1563379939-3891434950-1001_Classes\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\TheMills\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1973055484-1563379939-3891434950-1001_Classes\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\TheMills\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1973055484-1563379939-3891434950-1001_Classes\CLSID\{FE498BAB-CB4C-4F88-AC3F-3641AAAF5E9E}\InprocServer32 -> C:\Users\TheMills\AppData\Local\Google\Update\1.3.24.7\psuser_64.dll No File

==================== Restore Points =========================

01-01-2015 06:24:13 Windows Update
04-01-2015 15:04:56 Windows Update
08-01-2015 01:45:22 Windows Update
11-01-2015 21:16:28 Windows Update
14-01-2015 09:05:55 Removed Cozi
14-01-2015 09:09:48 Removed Cricut Craft Room®

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-13 21:34 - 2009-06-10 16:00 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts

==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

Task: {1AFBF14F-FCBA-4D45-892B-54D9314DBC4E} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2014-12-19] (Adobe Systems Incorporated)
Task: {1D56A0D3-98C9-496D-A327-F5D02D7E5DC7} - System32\Tasks\Run RoboForm Process => C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe [2014-08-13] (Siber Systems)
Task: {3181CE1E-1390-4037-BA6A-C35246CA562E} - System32\Tasks\{61E4EBC2-6DDF-42BE-9FF8-DC5C661C808E} => pcalua.exe -a "C:\Users\TheMills\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\8H22L3VL\g2m_codec.exe" -d C:\Users\TheMills\Desktop
Task: {3D5565BC-2D43-415B-8289-1EF8024A0ED6} - System32\Tasks\GarminUpdaterTask => C:\Program Files (x86)\Garmin\Express Self Updater\ExpressSelfUpdater.exe [2014-08-07] ()
Task: {408AD02B-C739-4D3A-98DD-1E7518EA2472} - System32\Tasks\G2MUpdateTask-S-1-5-21-1973055484-1563379939-3891434950-1001 => C:\Users\TheMills\AppData\Local\Citrix\GoToMeeting\2152\g2mupdate.exe [2015-01-03] (Citrix Online, a division of Citrix Systems, Inc.)
Task: {4697FB01-8E96-48E7-A5AA-FC7FE111BC2A} - System32\Tasks\SystemToolsDailyTest => uaclauncher.exe
Task: {4FEB715B-A84C-47C8-BF29-B4B1579FF8D4} - System32\Tasks\Open URL by RoboForm => Rundll32.exe url.dll,FileProtocolHandler "http://www.roboform.com/test-pass.html?aaa=KICMHMOMNJPMOMMMJJPMCNPMPMGMKJCNLMOMOMMMCNHMLJJMIMCNOMIMOMLJMJOMMJPMJJMJMMJJJNJICMIMCNGMCNHMFMOMOMCNPMCNGMJMPMPMFMJMCNOMCNIMJMPMOMCNNMJNPICMOMFMEKMICNJJCKFMIMNMJMJNHICMMJBJKJLIMJJNBJCMLKHJKJCLGJDJDJMIJNKJCMJNNICMJNDJCMKJBJJNMJCMOMFMMMJMMMFMPMJNFICMGJLJKJBJLIGJLIGJKJMIBNKJHIKJ"
Task: {591678F3-74B7-441D-9E4E-5F5029235AE9} - System32\Tasks\AdobeAAMUpdater-1.0-MILLSDESKTOP-TheMills => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [2010-07-29] (Adobe Systems Incorporated)
Task: {60F6E559-34D6-43DF-BC1E-366294D9DC3D} - System32\Tasks\OfficeSoftwareProtectionPlatform\SvcRestartTask => Sc.exe start osppsvc
Task: {65239015-76FE-4E5D-9003-9C754B9F3915} - System32\Tasks\StickyNotes Updater => c:\Program Files (x86)\Dell Touch Software Suite\StickyNotes\updater.exe [2011-03-18] (Caphyon LTD)
Task: {6AAFF66C-F43B-4F1B-8CEF-236A3C77EA35} - System32\Tasks\{3FEC5F26-8E57-41C1-9D01-0E0E4C3F65A9} => pcalua.exe -a "C:\Users\TheMills\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\X93MK4G0\wlsetup-web.exe" -d C:\Users\TheMills\Desktop
Task: {83DE5FB9-4342-43EA-A489-B7C1564C76D3} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {87395A07-AD25-4525-81E9-707B4F2457E0} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-10-19] (Google Inc.)
Task: {9E89AE13-AD9F-4687-BC1C-817A64E6DD1C} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-01-13] (Adobe Systems Incorporated)
Task: {AA02C5ED-2C2B-4733-A43F-8340A35DAAB1} - System32\Tasks\PCDoctorBackgroundMonitorTask => C:\Program Files\My Dell\uaclauncher.exe [2014-01-31] (PC-Doctor, Inc.)
Task: {B5CA0D41-7B6B-4C8E-B62C-5073D3154334} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-10-19] (Google Inc.)
Task: {B906BC54-B199-48D9-9034-774ABEF1D010} - System32\Tasks\Run RoboForm TaskBar Icon => C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe [2014-08-13] (Siber Systems)
Task: {C08A5558-1F07-4D3B-9660-AB1213C76D32} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-1973055484-1563379939-3891434950-1001UA => C:\Users\TheMills\AppData\Local\Google\Update\GoogleUpdate.exe [2013-05-02] (Google Inc.)
Task: {C1EBB200-2D5C-4E99-8DEB-6F0BE51707A7} - System32\Tasks\Go to RoboForm Install page => Rundll32.exe url.dll,FileProtocolHandler "http://www.roboform.com/test-pass.html?aaa=KICMHMOMNJPMOMMMJJPMCNPMPMGMKJCNLMOMOMMMCNHMLJJMIMCNOMIMOMLJMJOMMJPMJJMJMMJJJNJICMJMCNOMPMCNNMFMGMCNPMCNHMOMOMNMFMJMCNOMCNIMJMPMOMCNNMJNPICMLMFMEKMICNJJCKFMPMJNHICMEKMICNJJCKJNBJCMLKHJKJCLGJDJDJMIJNKJCMJNNICMJNDJCMKJBJ"
Task: {D8A53B2C-9D11-4EBB-8E84-A9C587577EA3} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-1973055484-1563379939-3891434950-1001Core => C:\Users\TheMills\AppData\Local\Google\Update\GoogleUpdate.exe [2013-05-02] (Google Inc.)
Task: {E77DB29B-336D-4714-9462-5D6F10C6AADF} - System32\Tasks\Microsoft\Windows\TabletPC\InputPersonalization => C:\Program Files\Common Files\Microsoft Shared\Ink\InputPersonalization.exe [2009-07-13] (Microsoft Corporation)
Task: {F318B6A1-0AC5-4F52-B76C-9F63FBA2FC4E} - System32\Tasks\PCDEventLauncherTask => C:\Program Files\My Dell\sessionchecker.exe [2014-01-31] (PC-Doctor, Inc.)
Task: {FE7B28CD-D3EA-466B-B955-C7E3A6B8C919} - System32\Tasks\{8D96B872-4A26-441C-AE55-4106E100E9FC} => pcalua.exe -a "C:\Users\TheMills\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\WGQBJHL8\wlsetup-web.exe" -d C:\Users\TheMills\Desktop
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\G2MUpdateTask-S-1-5-21-1973055484-1563379939-3891434950-1001.job => C:\Users\TheMills\AppData\Local\Citrix\GoToMeeting\2152\g2mupdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1973055484-1563379939-3891434950-1001Core.job => C:\Users\TheMills\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1973055484-1563379939-3891434950-1001UA.job => C:\Users\TheMills\AppData\Local\Google\Update\GoogleUpdate.exe

==================== Loaded Modules (whitelisted) =============

2011-08-19 12:34 - 2011-08-19 12:34 - 00095216 _____ () C:\Windows\system32\FAIEExtension.DLL
2011-04-28 17:21 - 2013-08-09 15:07 - 00087328 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll
2012-01-08 21:57 - 2011-05-27 18:33 - 00098304 _____ () C:\Program Files (x86)\DELL\DELLOSD\DellOSDService.exe
2012-01-08 21:57 - 2011-06-08 21:05 - 00017408 _____ () C:\Program Files (x86)\DELL\DELLOSD\TestDispChangedEvent.exe
2012-01-08 23:05 - 2011-05-21 15:32 - 00094208 _____ () C:\Windows\System32\IccLibDll_x64.dll
2012-01-08 21:57 - 2010-12-06 16:37 - 00049152 _____ () C:\Program Files (x86)\DELL\DELLOSD\FastUserSwitching.exe
2012-01-08 22:01 - 2011-01-12 20:17 - 00053248 _____ () C:\Program Files (x86)\DELL\Dell KM632 Wireless Keyboard Caps Lock Indicator\LaunchOSDSrv.exe
2012-02-01 12:50 - 2012-02-01 12:50 - 00968048 _____ () C:\Program Files (x86)\Dell Stage\Dell Stage\AccuWeather\accuweather.exe
2012-01-08 21:57 - 2011-06-02 15:27 - 00237568 _____ () C:\Program Files (x86)\DELL\DELLOSD\MediaButtons.exe
2013-03-31 17:34 - 2009-04-07 13:53 - 00030440 _____ () C:\Program Files (x86)\dcmsvc\dcmsvc.exe
2012-03-05 17:03 - 2012-03-05 17:03 - 04975792 _____ () C:\Program Files\Siber Systems\GoodSync\Gs-Server.exe
2012-11-21 14:00 - 2012-11-21 14:00 - 00325504 _____ () C:\Program Files (x86)\Memeo\AutoBackup\InstantBackup.exe
2012-01-08 22:05 - 2011-09-22 11:14 - 02751808 ____N () C:\Program Files (x86)\Dell DataSafe Local Backup\COMPONENTS\SCHEDULER\STSERVICE.EXE
2012-08-27 21:33 - 2012-08-27 21:33 - 00087912 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
2012-08-27 21:33 - 2012-08-27 21:33 - 01242512 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
2014-09-03 14:15 - 2014-09-03 14:15 - 10683392 _____ () C:\Users\TheMills\AppData\Local\Programs\Google\MusicManager\QtWebKit4.dll
2014-09-03 14:15 - 2014-09-03 14:15 - 07741952 _____ () C:\Users\TheMills\AppData\Local\Programs\Google\MusicManager\QtGui4.dll
2014-09-03 14:15 - 2014-09-03 14:15 - 02248192 _____ () C:\Users\TheMills\AppData\Local\Programs\Google\MusicManager\QtCore4.dll
2014-09-03 14:15 - 2014-09-03 14:15 - 01681408 _____ () C:\Users\TheMills\AppData\Local\Programs\Google\MusicManager\QtNetwork4.dll
2014-11-13 13:57 - 2014-11-13 13:57 - 00117248 _____ () C:\Users\TheMills\AppData\Local\Programs\Google\MusicManager\libaacdec.dll
2014-11-13 13:57 - 2014-11-13 13:57 - 00231936 _____ () C:\Users\TheMills\AppData\Local\Programs\Google\MusicManager\libmpgdec.dll
2014-11-13 13:57 - 2014-11-13 13:57 - 00253440 _____ () C:\Users\TheMills\AppData\Local\Programs\Google\MusicManager\libid3tag.dll
2014-11-13 13:57 - 2014-11-13 13:57 - 00344064 _____ () C:\Users\TheMills\AppData\Local\Programs\Google\MusicManager\libaudioenc.dll
2014-09-03 14:15 - 2014-09-03 14:15 - 00026624 _____ () C:\Users\TheMills\AppData\Local\Programs\Google\MusicManager\imageformats\qgif4.dll
2015-01-07 16:38 - 2015-01-07 16:38 - 00081056 _____ () C:\Users\TheMills\AppData\Local\Microsoft\SkyDrive\17.3.1229.0918\LoggingPlatform.DLL
2015-01-07 16:38 - 2015-01-07 16:38 - 00081056 _____ () C:\Users\TheMills\AppData\Local\Microsoft\SkyDrive\17.3.1229.0918\LoggingPlatform.dll
2014-10-21 19:22 - 2014-10-21 19:22 - 00750080 _____ () C:\Users\TheMills\AppData\Roaming\Dropbox\bin\libGLESv2.dll
2015-01-14 09:48 - 2015-01-14 09:48 - 00043008 _____ () c:\users\themills\appdata\local\temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpkiso7r.dll
2014-10-21 19:22 - 2014-10-21 19:22 - 00047616 _____ () C:\Users\TheMills\AppData\Roaming\Dropbox\bin\libEGL.dll
2014-10-21 19:22 - 2014-10-21 19:22 - 00863744 _____ () C:\Users\TheMills\AppData\Roaming\Dropbox\bin\plugins\platforms\qwindows.dll
2014-10-21 19:22 - 2014-10-21 19:22 - 00200704 _____ () C:\Users\TheMills\AppData\Roaming\Dropbox\bin\plugins\imageformats\qjpeg.dll
2012-02-01 12:44 - 2012-02-01 12:44 - 08151040 _____ () C:\Program Files (x86)\Dell Stage\Dell Stage\AccuWeather\QtGui4.dll
2012-02-01 12:44 - 2012-02-01 12:44 - 02278400 _____ () C:\Program Files (x86)\Dell Stage\Dell Stage\AccuWeather\QtCore4.dll
2011-06-01 11:42 - 2011-06-01 11:42 - 00108296 _____ () C:\Program Files (x86)\Seagate\Seagate Dashboard\Memeo.Progress.dll
2011-06-01 11:46 - 2011-06-01 11:46 - 00030984 _____ () C:\Program Files (x86)\Seagate\Seagate Dashboard\Plugins\Memeo.Dashboard.SeagateSharePlusPlugin.dll
2012-11-21 14:01 - 2012-11-21 14:01 - 02897280 _____ () C:\Program Files (x86)\Memeo\AutoBackup\Memeo.Client.UI.dll
2012-11-21 14:01 - 2012-11-21 14:01 - 00028032 _____ () C:\Program Files (x86)\Memeo\AutoBackup\Memeo.Client.DriveDetection.dll
2010-03-22 17:59 - 2010-03-22 17:59 - 00504293 _____ () C:\Program Files (x86)\Memeo\AutoBackup\sqlite3.DLL
2012-01-08 22:01 - 2011-03-11 12:09 - 00028672 _____ () C:\Program Files (x86)\Dell\Dell KM632 Wireless Keyboard Caps Lock Indicator\INDICATOR_OSD.DLL
2011-06-01 11:16 - 2011-06-01 11:16 - 00241664 _____ () C:\Program Files (x86)\Seagate\Seagate Dashboard\HipServAgent\libupnp.dll
2011-06-01 11:16 - 2011-06-01 11:16 - 00971776 _____ () C:\Program Files (x86)\Seagate\Seagate Dashboard\HipServAgent\libxml2.dll
2014-03-31 20:35 - 2014-03-31 20:35 - 00270016 _____ () C:\Program Files (x86)\Windows Live\Writer\en\WindowsLive.Writer.Localization.resources.dll
2015-01-13 16:49 - 2015-01-13 16:49 - 00718152 _____ () C:\Users\TheMills\AppData\LocalLow\Temp\eezredtglcs\Tyqxlrhfp\36.0.1985.143\libglesv2.dll
2015-01-13 16:49 - 2015-01-13 16:49 - 00126280 _____ () C:\Users\TheMills\AppData\LocalLow\Temp\eezredtglcs\Tyqxlrhfp\36.0.1985.143\libegl.dll
2015-01-13 16:49 - 2015-01-13 16:49 - 08537928 _____ () C:\Users\TheMills\AppData\LocalLow\Temp\eezredtglcs\Tyqxlrhfp\36.0.1985.143\pdf.dll
2015-01-13 16:49 - 2015-01-13 16:49 - 00353096 _____ () C:\Users\TheMills\AppData\LocalLow\Temp\eezredtglcs\Tyqxlrhfp\36.0.1985.143\ppGoogleNaClPluginChrome.dll
2015-01-13 16:49 - 2015-01-13 16:49 - 01732936 _____ () C:\Users\TheMills\AppData\LocalLow\Temp\eezredtglcs\Tyqxlrhfp\36.0.1985.143\ffmpegsumo.dll
2015-01-13 16:49 - 2015-01-13 16:49 - 14669128 _____ () C:\Users\TheMills\AppData\LocalLow\Temp\eezredtglcs\Tyqxlrhfp\36.0.1985.143\PepperFlash\pepflashplayer.dll

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)

AlternateDataStreams: C:\Users\TheMills\Documents\HAFC0142804 CSRE CLMS DPS CLAIM FILING INFORMATION.eml:OECustomProperty

==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)


==================== EXE Association (whitelisted) =============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)


==================== MSCONFIG/TASK MANAGER disabled items =========

(Currently there is no automatic fix for this section.)

MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Bitmeter2.lnk => C:\Windows\pss\Bitmeter2.lnk.CommonStartup
MSCONFIG\startupfolder: C:^Users^TheMills^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^EvernoteClipper.lnk => C:\Windows\pss\EvernoteClipper.lnk.Startup
MSCONFIG\startupfolder: C:^Users^TheMills^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Warner Bros.lnk => C:\Windows\pss\Warner Bros.lnk.Startup
MSCONFIG\startupreg: 3D70DC1269DB14D748698F73CDF518823E0DB99A._service_run => "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=service
MSCONFIG\startupreg: Adobe ARM => "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
MSCONFIG\startupreg: Adobe Reader Speed Launcher => "C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe"
MSCONFIG\startupreg: AdobeAAMUpdater-1.0 => "C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe"
MSCONFIG\startupreg: Amazon Cloud Drive => C:\Users\TheMills\AppData\Local\Amazon\Cloud Drive\AmazonCloudDrive.exe
MSCONFIG\startupreg: APSDaemon => "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
MSCONFIG\startupreg: AthBtTray => "C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\AthBtTray.exe"
MSCONFIG\startupreg: AtherosBtStack => "C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\BtvStack.exe"
MSCONFIG\startupreg: DCHostUI => "C:\Program Files (x86)\Atheros Direct Connect\P2PUIMain.exe" -nogui
MSCONFIG\startupreg: Dell DataSafe Online => C:\Program Files (x86)\Dell\Dell Datasafe Online\NOBuClient.exe
MSCONFIG\startupreg: Dell Webcam Central => "C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe" /mode2
MSCONFIG\startupreg: DellStage => "C:\Program Files (x86)\Dell Stage\Dell Stage\stage_primary.exe" "C:\Program Files (x86)\Dell Stage\Dell Stage\start.umj" --startup
MSCONFIG\startupreg: Desktop Disc Tool => "C:\Program Files (x86)\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe"
MSCONFIG\startupreg: GoogleDriveSync => "C:\Program Files (x86)\Google\Drive\googledrivesync.exe" /autostart
MSCONFIG\startupreg: iTunesHelper => "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
MSCONFIG\startupreg: mcui_exe => "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey
MSCONFIG\startupreg: msnmsgr => "C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe" /background
MSCONFIG\startupreg: MusicManager => "C:\Users\TheMills\AppData\Local\Programs\Google\MusicManager\MusicManager.exe"
MSCONFIG\startupreg: NeroLauncher => C:\Program Files (x86)\Nero\SyncUP\NeroLauncher.exe 900
MSCONFIG\startupreg: Skype => "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun
MSCONFIG\startupreg: Stage Remote => C:\Program Files (x86)\Dell\Stage Remote\StageRemote.exe -Quiet

========================= Accounts: ==========================

Administrator (S-1-5-21-1973055484-1563379939-3891434950-500 - Administrator - Disabled)
Charles (S-1-5-21-1973055484-1563379939-3891434950-1004 - Administrator - Enabled) => C:\Users\Charles
Guest (S-1-5-21-1973055484-1563379939-3891434950-501 - Limited - Enabled)
HomeGroupUser$ (S-1-5-21-1973055484-1563379939-3891434950-1003 - Limited - Enabled)
TheMills (S-1-5-21-1973055484-1563379939-3891434950-1001 - Administrator - Enabled) => C:\Users\TheMills
UpdatusUser (S-1-5-21-1973055484-1563379939-3891434950-1000 - Limited - Enabled) => C:\Users\UpdatusUser

==================== Faulty Device Manager Devices =============

Name: Mirage Driver
Description: Mirage Driver
Class Guid: {4d36e968-e325-11ce-bfc1-08002be10318}
Manufacturer: DemoForge
Service: dfmirage
Problem: : This device cannot start. (Code10)
Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.

Name: Mirage Driver
Description: Mirage Driver
Class Guid: {4d36e968-e325-11ce-bfc1-08002be10318}
Manufacturer: DemoForge
Service: dfmirage
Problem: : This device cannot start. (Code10)
Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.

Name: Mirage Driver
Description: Mirage Driver
Class Guid: {4d36e968-e325-11ce-bfc1-08002be10318}
Manufacturer: DemoForge
Service: dfmirage
Problem: : This device cannot start. (Code10)
Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.

Name: facap, FastAccess Video Capture
Description: facap, FastAccess Video Capture
Class Guid: {6bdd1fc6-810f-11d0-bec7-08002be2092f}
Manufacturer: Sensible Vision
Service: FACAP
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.


==================== Event log errors: =========================

Application errors:
==================
Error: (01/14/2015 10:13:23 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: vlvfbmxlyv.exe, version: 36.0.1985.143, time stamp: 0x53e2e515
Faulting module name: Lmbbszgsc.dll, version: 6.0.11.452, time stamp: 0x54b4f32f
Exception code: 0xc0000005
Fault offset: 0x000140fb
Faulting process id: 0x2f34
Faulting application start time: 0xvlvfbmxlyv.exe0
Faulting application path: vlvfbmxlyv.exe1
Faulting module path: vlvfbmxlyv.exe2
Report Id: vlvfbmxlyv.exe3

Error: (01/14/2015 09:48:32 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (01/13/2015 05:41:58 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (01/13/2015 00:49:12 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 15600

Error: (01/13/2015 00:49:12 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 15600

Error: (01/13/2015 00:48:59 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (01/13/2015 01:27:50 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 15600

Error: (01/13/2015 01:27:50 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 15600

Error: (01/13/2015 01:27:49 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (01/13/2015 01:26:05 AM) (Source: SideBySide) (EventID: 33) (User: )
Description: Activation context generation failed for "Microsoft.Windows.Common-Controls,language="*",processorArchitecture="ia64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"1".
Dependent Assembly Microsoft.Windows.Common-Controls,language="*",processorArchitecture="ia64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0" could not be found.
Please use sxstrace.exe for detailed diagnosis.


System errors:
=============
Error: (01/14/2015 09:55:15 AM) (Source: Service Control Manager) (EventID: 7022) (User: )
Description: The Intel® Management and Security Application User Notification Service service hung on starting.

Error: (01/14/2015 09:52:03 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The NVIDIA Update Service Daemon service failed to start due to the following error:
%%1069

Error: (01/14/2015 09:52:03 AM) (Source: Service Control Manager) (EventID: 7038) (User: )
Description: The nvUpdatusService service was unable to log on as .\UpdatusUser with the currently configured password due to the following error:
%%1330

To ensure that the service is configured properly, use the Services snap-in in Microsoft Management Console (MMC).

Error: (01/14/2015 07:20:21 AM) (Source: bowser) (EventID: 8003) (User: )
Description: The master browser has received a server announcement from the computer BRANDI-ACER
that believes that it is the master browser for the domain on transport NetBT_Tcpip_{C9B8179D-8EF7-4B98-98B1-141461FB6E8C}.
The master browser is stopping or an election is being forced.

Error: (01/13/2015 05:50:55 PM) (Source: Service Control Manager) (EventID: 7022) (User: )
Description: The Intel® Management and Security Application User Notification Service service hung on starting.

Error: (01/13/2015 05:48:24 PM) (Source: Service Control Manager) (EventID: 7022) (User: )
Description: The Windows Update service hung on starting.

Error: (01/13/2015 05:44:19 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The NVIDIA Update Service Daemon service failed to start due to the following error:
%%1069

Error: (01/13/2015 05:44:19 PM) (Source: Service Control Manager) (EventID: 7038) (User: )
Description: The nvUpdatusService service was unable to log on as .\UpdatusUser with the currently configured password due to the following error:
%%1330

To ensure that the service is configured properly, use the Services snap-in in Microsoft Management Console (MMC).

Error: (01/13/2015 04:41:33 PM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: A timeout (120000 milliseconds) was reached while waiting for a transaction response from the OSDSvc service.

Error: (01/13/2015 04:40:41 PM) (Source: Schannel) (EventID: 4120) (User: NT AUTHORITY)
Description: The following fatal alert was generated: 40. The internal error state is 252.


Microsoft Office Sessions:
=========================
Error: (01/14/2015 10:13:23 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: vlvfbmxlyv.exe36.0.1985.14353e2e515Lmbbszgsc.dll6.0.11.45254b4f32fc0000005000140fb2f3401d0300c3c1385e2C:\Users\TheMills\AppData\LocalLow\Temp\eezredtglcs\Tyqxlrhfp\vlvfbmxlyv.exeC:\Users\TheMills\AppData\Local\{CF5ACE5A-F84D-46BD-B183-75934EFC9B5B}\Lmbbszgsc.dlle10505c8-9bff-11e4-b521-e4d53d778e6a

Error: (01/14/2015 09:48:32 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (01/13/2015 05:41:58 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (01/13/2015 00:49:12 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 15600

Error: (01/13/2015 00:49:12 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 15600

Error: (01/13/2015 00:48:59 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (01/13/2015 01:27:50 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 15600

Error: (01/13/2015 01:27:50 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 15600

Error: (01/13/2015 01:27:49 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (01/13/2015 01:26:05 AM) (Source: SideBySide) (EventID: 33) (User: )
Description: Microsoft.Windows.Common-Controls,language="*",processorArchitecture="ia64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"C:\Program Files (x86)\Cricut-Craft Room\Drivers\Cricut Expression Drivers ia64.exe


CodeIntegrity Errors:
===================================
Date: 2014-08-14 16:13:37.226
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\ELAMBKUP\klelam.sys because the set of per-page image hashes could not be found on the system.

Date: 2014-08-14 16:13:37.211
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\ELAMBKUP\klelam.sys because the set of per-page image hashes could not be found on the system.

Date: 2014-08-14 16:13:37.195
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2013\KLELAMX64\klelam.sys because the set of per-page image hashes could not be found on the system.

Date: 2014-08-14 16:13:37.195
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2013\KLELAMX64\klelam.sys because the set of per-page image hashes could not be found on the system.

Date: 2014-08-14 16:12:42.298
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\ELAMBKUP\klelam.sys because the set of per-page image hashes could not be found on the system.

Date: 2014-08-14 16:12:42.283
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2013\KLELAMX64\klelam.sys because the set of per-page image hashes could not be found on the system.

Date: 2014-08-14 12:46:14.469
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\ELAMBKUP\klelam.sys because the set of per-page image hashes could not be found on the system.

Date: 2014-08-14 12:46:14.469
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\ELAMBKUP\klelam.sys because the set of per-page image hashes could not be found on the system.

Date: 2014-08-14 12:46:14.449
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2013\KLELAMX64\klelam.sys because the set of per-page image hashes could not be found on the system.

Date: 2014-08-14 12:46:14.439
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2013\KLELAMX64\klelam.sys because the set of per-page image hashes could not be found on the system.


==================== Memory info ===========================

Processor: Intel® Core™ i5-2400S CPU @ 2.50GHz
Percentage of memory in use: 60%
Total physical RAM: 6049.09 MB
Available physical RAM: 2410.75 MB
Total Pagefile: 12096.36 MB
Available Pagefile: 7092.89 MB
Total Virtual: 8192 MB
Available Virtual: 8191.82 MB

==================== Drives ================================

Drive c: (OS) (Fixed) (Total:910.66 GB) (Free:749.57 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or Vista) (Size: 931.5 GB) (Disk ID: 200AC638)
Partition 1: (Not Active) - (Size=39 MB) - (Type=DE)
Partition 2: (Active) - (Size=20.8 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=910.7 GB) - (Type=07 NTFS)

==================== End Of Log ============================

#4 TxBrandi

TxBrandi
  • Topic Starter

  • Members
  • 24 posts
  • OFFLINE
  •  
  • Local time:12:05 AM

Posted 14 January 2015 - 12:41 PM

Here is the Zoek:

 

Zoek.exe v5.0.0.0 Updated 14-01-2015
Tool run by TheMills on Wed 01/14/2015 at 12:23:04.37.
Microsoft Windows 7 Home Premium  6.1.7601 Service Pack 1 x64
Running in: Normal Mode Internet Access Detected
Launched: C:\Users\TheMills\Desktop\zoek.exe [Scan all users] [Script inserted]

==== System Restore Info ======================

1/14/2015 12:26:51 PM Zoek.exe System Restore Point Created Succesfully.

==== Running Processes ======================

C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
C:\Program Files (x86)\Sensible Vision\Fast Access\FAService.exe
C:\Program Files (x86)\Common Files\Microsoft Shared\Ink\TabTip32.exe
C:\Program Files (x86)\Common Files\EPSON\EBAPI\eEBSVC.exe
c:\Program Files (x86)\Adobe\Elements 9 Organizer\PhotoshopElementsFileAgent.exe
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files (x86)\Dell Wireless\Ath_CoexAgent.exe
C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe
C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe
C:\Program Files (x86)\CheckPoint\SSL Network Extender\slimsvc.exe
C:\Program Files (x86)\DELL\DELLOSD\DellOSDService.exe
C:\Program Files (x86)\Fitbit Connect\FitbitConnectService.exe
C:\Program Files (x86)\Garmin\Core Update Service\Garmin.Cartography.MapUpdate.CoreService.exe
C:\Users\TheMills\AppData\Local\Programs\Google\MusicManager\MusicManager.exe
C:\Program Files (x86)\Fitbit Connect\Fitbit Connect.exe
C:\Program Files (x86)\Siber Systems\AI RoboForm\robotaskbaricon.exe
C:\Users\TheMills\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe
C:\Program Files (x86)\DELL\DELLOSD\FastUserSwitching.exe
C:\Program Files (x86)\DELL\Dell KM632 Wireless Keyboard Caps Lock Indicator\LaunchOSDSrv.exe
C:\Users\TheMills\AppData\Roaming\Dropbox\bin\Dropbox.exe
C:\Program Files (x86)\Sensible Vision\Fast Access\FATrayMon.exe
C:\Program Files (x86)\Dell Stage\Dell Stage\AccuWeather\accuweather.exe
C:\Program Files (x86)\DELL\DELLOSD\MediaButtons.exe
C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe
C:\Program Files (x86)\Sensible Vision\Fast Access\FATrayAlert.exe
C:\Program Files (x86)\DELL\DELLOSD\DELLOSD.exe
C:\Windows\SysWOW64\regsvr32.exe
C:\Program Files (x86)\Epson Software\FAX Utility\FUFAXSTM.exe
C:\Program Files (x86)\dcmsvc\dcmsvc.exe
C:\Program Files (x86)\Seagate\Seagate Dashboard\MemeoDashboard.exe
C:\Program Files (x86)\Memeo\AutoBackup\InstantBackup.exe
C:\Program Files (x86)\Dell\Dell KM632 Wireless Keyboard Caps Lock Indicator\OSDSrv.exe
c:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe
C:\Program Files (x86)\Dell\Dell KM632 Wireless Keyboard Caps Lock Indicator\IndicatorOSD.exe
C:\Program Files (x86)\Seagate\Seagate Dashboard\SeagateDashboardService.exe
C:\Program Files (x86)\Dell DataSafe Local Backup\sftservice.EXE
C:\Windows\SysWOW64\SAgent4.exe
C:\Program Files (x86)\Dell DataSafe Local Backup\TOASTER.EXE
C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpd.exe
C:\Program Files\VMware\VMware View\Client\bin\wsnm.exe
C:\Program Files (x86)\Dell DataSafe Local Backup\COMPONENTS\SCHEDULER\STSERVICE.EXE
C:\Program Files (x86)\Seagate\Seagate Dashboard\HipServAgent\HipServAgent.exe
C:\Program Files (x86)\Adobe\Elements 9 Organizer\Mozilla\updater.exe
C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
C:\Program Files (x86)\Nero\Update\NASvc.exe
C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
C:\Program Files (x86)\Windows Live\Mail\wlmail.exe
C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
C:\Users\TheMills\AppData\LocalLow\Temp\eezredtglcs\Tyqxlrhfp\vlvfbmxlyv.exe
C:\Users\TheMills\AppData\LocalLow\Temp\eezredtglcs\Tyqxlrhfp\vlvfbmxlyv.exe
C:\Users\TheMills\AppData\LocalLow\Temp\eezredtglcs\Tyqxlrhfp\vlvfbmxlyv.exe
C:\Users\TheMills\AppData\LocalLow\Temp\eezredtglcs\Tyqxlrhfp\vlvfbmxlyv.exe
C:\Users\TheMills\AppData\LocalLow\Temp\eezredtglcs\Tyqxlrhfp\vlvfbmxlyv.exe
C:\Users\TheMills\AppData\LocalLow\Temp\eezredtglcs\Tyqxlrhfp\vlvfbmxlyv.exe
C:\Users\TheMills\AppData\LocalLow\Temp\eezredtglcs\Tyqxlrhfp\vlvfbmxlyv.exe
C:\Users\TheMills\AppData\LocalLow\Temp\eezredtglcs\Tyqxlrhfp\vlvfbmxlyv.exe
C:\Users\TheMills\Desktop\zoek.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\SysWOW64\cmd.exe
C:\Users\TheMills\AppData\LocalLow\Temp\eezredtglcs\Tyqxlrhfp\vlvfbmxlyv.exe
C:\Users\TheMills\AppData\LocalLow\Temp\eezredtglcs\Tyqxlrhfp\vlvfbmxlyv.exe
C:\Users\TheMills\AppData\LocalLow\Temp\eezredtglcs\Tyqxlrhfp\vlvfbmxlyv.exe
C:\Users\TheMills\AppData\LocalLow\Temp\eezredtglcs\Tyqxlrhfp\vlvfbmxlyv.exe
C:\Windows\SysWOW64\cmd.exe

==== Services(whitelist) ======================
Powered by E Dev

R2 - [AdobeActiveFileMonitor9.0] - Adobe Active File Monitor V9 - c:\program files (x86)\adobe\elements 9 organizer\photoshopelementsfileagent.exe
R2 - [AdobeARMservice] - Adobe Acrobat Update Service - c:\program files (x86)\common files\adobe\arm\1.0\armsvc.exe
R2 - [AERTFilters] - Andrea RT Filters Service - c:\program files\realtek\audio\hda\aertsr64.exe
R2 - [Apple Mobile Device] - Apple Mobile Device - c:\program files (x86)\common files\apple\mobile device support\applemobiledeviceservice.exe
R2 - [Atheros Bt&Wlan Coex Agent] - Atheros Bt&Wlan Coex Agent - c:\program files (x86)\dell wireless\ath_coexagent.exe
R2 - [AtherosSvc] - AtherosSvc - c:\program files (x86)\dell wireless\bluetooth suite\adminservice.exe
R2 - [Bonjour Service] - Bonjour Service - c:\program files\bonjour\mdnsresponder.exe
R2 - [c2cautoupdatesvc] - Skype Click to Call Updater - c:\program files (x86)\skype\toolbars\autoupdate\skypec2cautoupdatesvc.exe
R2 - [c2cpnrsvc] - Skype Click to Call PNR Service - c:\program files (x86)\skype\toolbars\pnrsvc\skypec2cpnrsvc.exe
R2 - [Dell WMI Service] - Dell WMI Service - c:\program files (x86)\dell\dellosd\dellosdservice.exe
R2 - [EPSON_EB_RPCV4_04] - EPSON V5 Service4(04) - c:\program files\common files\epson\epw!3 ssrp\e_s50stb.exe
R2 - [EPSON_PM_RPCV4_04] - EPSON V3 Service4(04) - c:\program files\common files\epson\epw!3 ssrp\e_s50rpb.exe
R2 - [EpsonBidirectionalService] - EpsonBidirectionalService - c:\program files (x86)\common files\epson\ebapi\eebsvc.exe
R2 - [FAService] - FAService - c:\program files (x86)\sensible vision\fast access\faservice.exe
R2 - [Fitbit Connect] - Fitbit Connect Service - c:\program files (x86)\fitbit connect\fitbitconnectservice.exe
R2 - [Garmin Core Update Service] - Garmin Core Update Service - c:\program files (x86)\garmin\core update service\garmin.cartography.mapupdate.coreservice.exe
R2 - [GsServer] - GoodSync Server - c:\program files\siber systems\goodsync\gs-server.exe
R2 - [LMS] - Intel® Management and Security Application Local Management Service - c:\program files (x86)\intel\intel® management engine components\lms\lms.exe
R2 - [MemeoBackgroundService] - MemeoBackgroundService - c:\program files (x86)\memeo\autobackup\memeobackgroundservice.exe
R2 - [MsMpSvc] - Microsoft Antimalware Service - c:\program files\microsoft security client\msmpeng.exe
R2 - [NAUpdate] - Nero Update - c:\program files (x86)\nero\update\nasvc.exe
R2 - [NOBU] - Dell DataSafe Online - c:\program files (x86)\dell\dell datasafe online\nobuagent.exe
R2 - [NVSvc] - NVIDIA Display Driver Service - c:\windows\system32\nvvsvc.exe
R2 - [OSDSvc] - ChiconyOSDService - c:\program files (x86)\dell\dell km632 wireless keyboard caps lock indicator\osdsrv.exe
R2 - [PSI_SVC_2] - Protexis Licensing V2 - c:\program files (x86)\common files\protexis\license service\psiservice_2.exe
R2 - [SeagateDashboardService] - Seagate Dashboard Service - c:\program files (x86)\seagate\seagate dashboard\seagatedashboardservice.exe
R2 - [SftService] - SoftThinks Agent Service - c:\program files (x86)\dell datasafe local backup\sftservice.exe
R2 - [StatusAgent4] - Epson Printer Status Agent4 - c:\windows\syswow64\sagent4.exe
R2 - [Stereo Service] - NVIDIA Stereoscopic 3D Driver Service - c:\program files (x86)\nvidia corporation\3d vision\nvscpapisvr.exe
R2 - [UNS] - Intel® Management and Security Application User Notification Service - c:\program files (x86)\intel\intel® management engine components\uns\uns.exe
R2 - [wlidsvc] - Windows Live ID Sign-in Assistant - c:\program files\common files\microsoft shared\windows live\wlidsvc.exe
R2 - [WMPNetworkSvc] - Windows Media Player Network Sharing Service - c:\program files\windows media player\wmpnetwk.exe
R2 - [WSearch] - Windows Search - c:\windows\system32\searchindexer.exe
R2 - [wsnm] - VMware View Client - c:\program files\vmware\vmware view\client\bin\wsnm.exe
R2 - [wsnm_usbctrl] - VMware View USB Control - c:\program files\vmware\vmware view\client\bin\wsnm_usbctrl.exe
R3 - [VSS] - Volume Shadow Copy - c:\windows\system32\vssvc.exe
S2 - [clr_optimization_v4.0.30319_32] - Microsoft .NET Framework NGEN v4.0.30319_X86 - c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe
S2 - [clr_optimization_v4.0.30319_64] - Microsoft .NET Framework NGEN v4.0.30319_X64 - c:\windows\microsoft.net\framework64\v4.0.30319\mscorsvw.exe
S2 - [gupdate] - Google Update Service (gupdate) - c:\program files (x86)\google\update\googleupdate.exe
S2 - [nvUpdatusService] - NVIDIA Update Service Daemon - c:\program files (x86)\nvidia corporation\nvidia update core\daemonu.exe
S2 - [SkypeUpdate] - Skype Updater - c:\program files (x86)\skype\updater\updater.exe
S2 - [sppsvc] - Software Protection - c:\windows\system32\sppsvc.exe
S3 - [AdobeFlashPlayerUpdateSvc] - Adobe Flash Player Update Service - c:\windows\syswow64\macromed\flash\flashplayerupdateservice.exe
S3 - [ALG] - Application Layer Gateway Service - c:\windows\system32\alg.exe
S3 - [aspnet_state] - ASP.NET State Service - c:\windows\microsoft.net\framework64\v4.0.30319\aspnet_state.exe
S3 - [COMSysApp] - COM+ System Application - c:\windows\system32\dllhost.exe
S3 - [cphs] - Intel® Content Protection HECI Service - c:\windows\syswow64\intelcphecisvc.exe
S3 - [DCDhcpService] - DCDhcpService - c:\program files (x86)\atheros direct connect\dcdhcpservice.exe
S3 - [ehRecvr] - Windows Media Center Receiver Service - c:\windows\ehome\ehrecvr.exe
S3 - [ehSched] - Windows Media Center Scheduler Service - c:\windows\ehome\ehsched.exe
S3 - [Fax] - Fax - c:\windows\system32\fxssvc.exe
S3 - [FontCache3.0.0.0] - Windows Presentation Foundation Font Cache 3.0.0.0 - c:\windows\microsoft.net\framework64\v3.0\wpf\presentationfontcache.exe
S3 - [fsssvc] - Windows Live Family Safety Service - c:\program files (x86)\windows live\family safety\fsssvc.exe
S3 - [GamesAppService] - GamesAppService - c:\program files (x86)\wildtangent games\app\gamesappservice.exe
S3 - [gupdatem] - Google Update Service (gupdatem) - c:\program files (x86)\google\update\googleupdate.exe
S3 - [IEEtwCollectorService] - Internet Explorer ETW Collector Service - c:\windows\system32\ieetwcollector.exe
S3 - [iPod Service] - iPod Service - c:\program files\ipod\bin\ipodservice.exe
S3 - [MozillaMaintenance] - Mozilla Maintenance Service - c:\program files (x86)\mozilla maintenance service\maintenanceservice.exe
S3 - [MSDTC] - Distributed Transaction Coordinator - c:\windows\system32\msdtc.exe
S3 - [msiserver] - Windows Installer - c:\windows\system32\msiexec.exe
S3 - [NisSrv] - Microsoft Network Inspection - c:\program files\microsoft security client\nissrv.exe
S3 - [ose] - Office  Source Engine - c:\program files (x86)\common files\microsoft shared\source engine\ose.exe
S3 - [osppsvc] - Office Software Protection Platform - c:\program files\common files\microsoft shared\officesoftwareprotectionplatform\osppsvc.exe
S3 - [PerfHost] - Performance Counter DLL Host - c:\windows\syswow64\perfhost.exe
S3 - [RpcLocator] - Remote Procedure Call (RPC) Locator - c:\windows\system32\locator.exe
S3 - [SNMPTRAP] - SNMP Trap - c:\windows\system32\snmptrap.exe
S3 - [stllssvr] - stllssvr - c:\program files (x86)\common files\surething shared\stllssvr.exe
S3 - [TrustedInstaller] - Windows Modules Installer - c:\windows\servicing\trustedinstaller.exe
S3 - [vds] - Virtual Disk - c:\windows\system32\vds.exe
S3 - [WatAdminSvc] - Windows Activation Technologies Service - c:\windows\system32\wat\watadminsvc.exe
S3 - [wbengine] - Block Level Backup Engine Service - c:\windows\system32\wbengine.exe
S3 - [wmiApSrv] - WMI Performance Adapter - c:\windows\system32\wbem\wmiapsrv.exe
S4 - [clr_optimization_v2.0.50727_32] - Microsoft .NET Framework NGEN v2.0.50727_X86 - c:\windows\microsoft.net\framework\v2.0.50727\mscorsvw.exe
S4 - [clr_optimization_v2.0.50727_64] - Microsoft .NET Framework NGEN v2.0.50727_X64 - c:\windows\microsoft.net\framework64\v2.0.50727\mscorsvw.exe

==== System Specs ======================

Windows: Windows 7 Home Premium Edition (64-bit) Service Pack 1 (Build 7601)
Memory (RAM): 6050 MB
CPU Info: Intel® Core™ i5-2400S CPU @ 2.50GHz
CPU Speed: 2493.9 MHz
Sound Card: Speakers (Realtek High Definiti |
Realtek Digital Output (Realtek |
Display Adapters: Intel® HD Graphics | Intel® HD Graphics | NVIDIA GeForce GT 525M | RDPDD Chained DD | RDP Encoder Mirror Driver | RDP Reflector Display Driver | Mirage Driver
Monitors: 1x; Generic PnP Monitor |
Screen Resolution: 1920 X 1080 - 32 bit
Network: Network Present
Network Adapters: Check Point Virtual Network Adapter For SSL Network Extender | Bluetooth Device (Personal Area Network) | Realtek PCIe GBE Family Controller | Dell Wireless 1702 802.11b/g/n
CD / DVD Drives: 1x (D: | ) D: PLDS    DVD+-RW DS-8A8SH
Ports: COM1 LPT Port NOT Present.
Mouse: 3 Button Wheel Mouse Present
Hard Disks: C:  910.7GB
Hard Disks - Free: C:  749.6GB
Manufacturer *: Dell Inc.
BIOS Info: AT/AT COMPATIBLE | 10/13/11 | DELL   - 1072009
Time Zone: Eastern Standard Time
Motherboard *: Dell Inc. 0CT3NM
Country: United States
Language: ENU

==== System Specs (Software) ======================

Anti-Virus: Microsoft Security Essentials On-access scanning disabled (Outdated)
Anti-Spyware: Microsoft Security Essentials disabled (Outdated)
Anti-Spyware: Windows Defender disabled (Outdated)
Internet Explorer Version: 11.0.9600.17501
Mozilla Firefox version: 34.0.5 (x86 en-US)
Adobe Reader version: 11.0.10.32
Sun Java version: 1.7.0_71 (32-bit)
Sun Java version: 1.6.0_27 (64-bit)
Flash Player version: 16.0.0.257

==== Files Recently Created / Modified ======================

====== C:\Windows ====
====== C:\Users\TheMills\AppData\Local\Temp ====
2015-01-14 14:48:45 97511FE2CA09CC2E06C3CD6519C3494E 43008 ----a-w- C:\Users\TheMills\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpkiso7r.dll
2015-01-05 02:02:33 B854B9FBE1C4A8C51A703975948D4F5F 4608 ----a-w- C:\Users\TheMills\AppData\Local\Temp\i4jdel0.exe
2015-01-03 20:33:17 C68DAB4E53EC43B2F60FC8BD93DDEC62 6406144 ----a-w- C:\Users\TheMills\AppData\Local\Temp\CitrixUpdates\GoToMeeting\2152\G2MTranscoder.exe
2015-01-03 20:33:01 4DB7319CF67F02BC012309ED84408FA9 8212840 ----a-w- C:\Users\TheMills\AppData\Local\Temp\CitrixUpdates\GoToMeeting\2152\G2MCoreInstExtractor.exe
====== Java Cache =====
====== C:\Windows\SysWOW64 =====
====== C:\Windows\SysWOW64\drivers =====
====== C:\Windows\Sysnative =====
====== C:\Windows\Sysnative\drivers =====
====== C:\Windows\Tasks ======
2014-12-31 05:14:34 B63AD96D5AB77552EFDB7D2277C3B0CB 3886 ----a-w- C:\Windows\Sysnative\Tasks\Adobe Acrobat Update Task
====== C:\Windows\Temp ======
======= C:\Program Files =====
======= C:\PROGRA~2 =====
2015-01-05 03:14:41 -------- d-----w- C:\PROGRA~2\My Digital Studio
======= C: =====
====== C:\Users\TheMills\AppData\Roaming ======
2015-01-13 21:35:08 33EA32FA3FEA5A8D05E3B261A0969A04 302080 ----a-w- C:\Users\TheMills\AppData\Locallow\fmjnwoj.dll
====== C:\Users\TheMills ======
2015-01-14 17:07:07 63BC47D1184B92BBAE42654E355E8DF7 2124288 ----a-w- C:\Users\TheMills\Desktop\FRST64.exe
2015-01-14 15:50:26 8B968045D75783A09592C3105F2865DA 688992 ------r- C:\Users\TheMills\Desktop\dds.com
2015-01-14 15:49:13 8B968045D75783A09592C3105F2865DA 688992 ----a-w- C:\Users\TheMills\Downloads\dds (1).com
2015-01-14 15:46:54 8B968045D75783A09592C3105F2865DA 688992 ----a-w- C:\Users\TheMills\Downloads\dds.com
2015-01-07 21:40:15 -------- d-----r- C:\Users\TheMills\OneDrive
2015-01-05 03:28:32 7655B998872462E99651A4FC1E155459 38056472 ----a-w- C:\Users\TheMills\mds_2_3_10_quiet_update.exe
2015-01-05 03:27:55 C2C5EDA81A5B662338F2CF85CCA00271 31 ----a-w- C:\Users\TheMills\mds2Custom.prefs
2015-01-05 03:27:43 516F097CC3DA168611CB2977F2589890 1715 ----a-w- C:\Users\TheMills\mydigitalstudio2.prefs
2015-01-05 03:27:20 -------- d-----w- C:\Users\TheMills\.swt
2015-01-05 03:25:49 -------- d-----w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\My Digital Studio
2015-01-05 02:00:36 73F464FE44E18EBA7B8920C0993807E1 5431 ----a-w- C:\Users\TheMills\Downloads\MDS TRIAL.exe

====== C: exe-files ==
=== C: other files ==
2015-01-14 17:17:22 BEFB6DC3501403994F9F715633BCF412 80549 ----a-w- C:\ProgramData\PCDr\6426\AddOnDownloaderCache\zipped\39c2333f-badf-4710-9d24-8ef988f2388f.zip
2015-01-12 02:55:54 AD641A9C04ECDDC933EE0F55B6EDD3DD 544 ----a-w- C:\$Recycle.Bin\S-1-5-21-1973055484-1563379939-3891434950-1001\$I5DQUVI.zip
2015-01-11 21:29:48 39732E064C88416426037EAC4B8F786D 544 ----a-w- C:\$Recycle.Bin\S-1-5-21-1973055484-1563379939-3891434950-1001\$IHZC7QP.zip
2015-01-11 21:13:40 F90FB43957386F3470B622045E207EBB 4229630 ----a-w- C:\$Recycle.Bin\S-1-5-21-1973055484-1563379939-3891434950-1001\$RHZC7QP.zip
2015-01-11 17:33:01 26E97B15F896D8D40545D3E1FC6A6904 544 ----a-w- C:\$Recycle.Bin\S-1-5-21-1973055484-1563379939-3891434950-1001\$IR97J3F.zip
2015-01-11 17:32:04 C36DB3E13532B33B01E3BFF712841C9C 544 ----a-w- C:\$Recycle.Bin\S-1-5-21-1973055484-1563379939-3891434950-1001\$IP6C33N.zip
2015-01-11 17:29:23 2DCB76F25E2E14CBA34AD2E51F46F984 544 ----a-w- C:\$Recycle.Bin\S-1-5-21-1973055484-1563379939-3891434950-1001\$IHLUXNC.zip

==== Startup Registry Enabled ======================

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="C:\Program Files\Windows Sidebar\sidebar.exe /autoRun"
"GarminExpressTrayApp"="C:\Program Files (x86)\Garmin\Express Tray\ExpressTray.exe"

[HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="%ProgramFiles%\Windows\Sidebar.exe /autoRun"

[HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="%ProgramFiles%\Windows\Sidebar.exe /autoRun"

[HKEY_USERS\S-1-5-21-1973055484-1563379939-3891434950-1001\Software\Microsoft\Windows\CurrentVersion\Run]
"Google Update"="C:\Users\TheMills\AppData\Local\Google\Update\GoogleUpdate.exe /c"
"GarminExpressTrayApp"="C:\Program Files (x86)\Garmin\Express Tray\ExpressTray.exe"
"MusicManager"="C:\Users\TheMills\AppData\Local\Programs\Google\MusicManager\MusicManager.exe"
"Fitbit Connect"="C:\Program Files (x86)\Fitbit Connect\Fitbit Connect.exe /autorun"
"RoboForm"="C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe"
"3D70DC1269DB14D748698F73CDF518823E0DB99A._service_run"="C:\Program Files (x86)\Google\Chrome\Application\chrome.exe --type=service"
"SkyDrive"="C:\Users\TheMills\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe /background"
"Lmbbszgsc"="regsvr32.exe /s C:\Users\TheMills\AppData\Local\{CF5ACE5A-F84D-46BD-B183-75934EFC9B5B}\Lmbbszgsc.dll"

[HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="C:\Program Files\Windows Sidebar\sidebar.exe /autoRun"
"GarminExpressTrayApp"="C:\Program Files (x86)\Garmin\Express Tray\ExpressTray.exe"

[HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"mctadmin"="C:\Windows\System32\mctadmin.exe"

[HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"mctadmin"="C:\Windows\System32\mctadmin.exe"

[HKEY_USERS\S-1-5-21-1973055484-1563379939-3891434950-1001\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"Uninstall C:\Users\TheMills\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\amd64"="C:\Windows\system32\cmd.exe /q /c rmdir /s /q C:\Users\TheMills\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\amd64"
"Uninstall C:\Users\TheMills\AppData\Local\Microsoft\SkyDrive\17.0.4024.1220\amd64"="C:\Windows\system32\cmd.exe /q /c rmdir /s /q C:\Users\TheMills\AppData\Local\Microsoft\SkyDrive\17.0.4024.1220\amd64"
"Uninstall C:\Users\TheMills\AppData\Local\Microsoft\SkyDrive\17.0.4035.0328\amd64"="C:\Windows\system32\cmd.exe /q /c rmdir /s /q C:\Users\TheMills\AppData\Local\Microsoft\SkyDrive\17.0.4035.0328\amd64"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DELLOSD"="C:\Program Files (x86)\DELL\DELLOSD\FastUserSwitching.exe"
"Chicony_OSD"="C:\Program Files (x86)\Dell\Dell KM632 Wireless Keyboard Caps Lock Indicator\LaunchOSDSrv.exe"
"FATrayAlert"="C:\Program Files (x86)\Sensible Vision\Fast Access\FATrayMon.exe"
"RoxWatchTray"="C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatchTray12OEM.exe"
"EEventManager"="C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe"
"Memeo Instant Backup"="C:\Program Files (x86)\Memeo\AutoBackup\MemeoLauncher2.exe --silent --no_ui"
"Memeo AutoSync"="C:\Program Files (x86)\Memeo\AutoSync\MemeoLauncher2.exe --silent"
"Seagate Dashboard"="C:\Program Files (x86)\Seagate\Seagate Dashboard\MemeoLauncher.exe --silent --no_ui"
"dcmsvc"="C:\Program Files (x86)\dcmsvc\dcmsvc.exe"
"Fitbit Connect"="C:\Program Files (x86)\Fitbit Connect\Fitbit Connect.exe /autorun"
"SunJavaUpdateSched"="C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
"StickyNotesWidget"=""c:\Program Files (x86)\Dell Touch Software Suite\StickyNotes\notes_startup_widgets.exe" "c:\Program Files (x86)\Dell Touch Software Suite\StickyNotes\start.umj""
"AccuWeatherWidget"=""C:\Program Files (x86)\Dell Stage\Dell Stage\AccuWeather\accuweather.exe" "C:\Program Files (x86)\Dell Stage\Dell Stage\AccuWeather\start.umj" --startup"
"FUFAXSTM"=""C:\Program Files (x86)\Epson Software\FAX Utility\FUFAXSTM.exe""

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"Google Update"="C:\Users\TheMills\AppData\Local\Google\Update\GoogleUpdate.exe /c"
"GarminExpressTrayApp"="C:\Program Files (x86)\Garmin\Express Tray\ExpressTray.exe"
"MusicManager"="C:\Users\TheMills\AppData\Local\Programs\Google\MusicManager\MusicManager.exe"
"Fitbit Connect"="C:\Program Files (x86)\Fitbit Connect\Fitbit Connect.exe /autorun"
"RoboForm"="C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe"
"3D70DC1269DB14D748698F73CDF518823E0DB99A._service_run"="C:\Program Files (x86)\Google\Chrome\Application\chrome.exe --type=service"
"SkyDrive"="C:\Users\TheMills\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe /background"
"Lmbbszgsc"="regsvr32.exe /s C:\Users\TheMills\AppData\Local\{CF5ACE5A-F84D-46BD-B183-75934EFC9B5B}\Lmbbszgsc.dll"

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"Uninstall C:\Users\TheMills\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\amd64"="C:\Windows\system32\cmd.exe /q /c rmdir /s /q C:\Users\TheMills\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\amd64"
"Uninstall C:\Users\TheMills\AppData\Local\Microsoft\SkyDrive\17.0.4024.1220\amd64"="C:\Windows\system32\cmd.exe /q /c rmdir /s /q C:\Users\TheMills\AppData\Local\Microsoft\SkyDrive\17.0.4024.1220\amd64"
"Uninstall C:\Users\TheMills\AppData\Local\Microsoft\SkyDrive\17.0.4035.0328\amd64"="C:\Windows\system32\cmd.exe /q /c rmdir /s /q C:\Users\TheMills\AppData\Local\Microsoft\SkyDrive\17.0.4035.0328\amd64"

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"="C:\\Windows\\SysWOW64\\nvinit.dll"

==== Startup Registry Enabled x64 ======================

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RTHDVCPL"="C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe -s"
"MSC"="c:\Program Files\Microsoft Security Client\msseces.exe -hide -runkey"
"IgfxTray"="C:\Windows\system32\igfxtray.exe"
"HotKeysCmds"="C:\Windows\system32\hkcmd.exe"
"Persistence"="C:\Windows\system32\igfxpers.exe"

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"="C:\\Windows\\system32\\nvinitx.dll"

==== Startup Registry Disabled x64 ======================

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\3D70DC1269DB14D748698F73CDF518823E0DB99A._service_run]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="3D70DC1269DB14D748698F73CDF518823E0DB99A._service_run"
"hkey"="HKCU"
"command"="\"C:\\Program Files (x86)\\Google\\Chrome\\Application\\chrome.exe\" --type=service"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Adobe ARM]
"key"="SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="Adobe ARM"
"hkey"="HKLM"
"command"="\"C:\\Program Files (x86)\\Common Files\\Adobe\\ARM\\1.0\\AdobeARM.exe\""

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Adobe Reader Speed Launcher]
"key"="SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="Adobe Reader Speed Launcher"
"hkey"="HKLM"
"command"="\"C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Reader_sl.exe\""

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\AdobeAAMUpdater-1.0]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="AdobeAAMUpdater-1.0"
"hkey"="HKLM"
"command"="\"C:\\Program Files (x86)\\Common Files\\Adobe\\OOBE\\PDApp\\UWA\\UpdaterStartupUtility.exe\""

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Amazon Cloud Drive]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="Amazon Cloud Drive"
"hkey"="HKCU"
"command"="C:\\Users\\TheMills\\AppData\\Local\\Amazon\\Cloud Drive\\AmazonCloudDrive.exe"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\APSDaemon]
"key"="SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="APSDaemon"
"hkey"="HKLM"
"command"="\"C:\\Program Files (x86)\\Common Files\\Apple\\Apple Application Support\\APSDaemon.exe\""

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\AthBtTray]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="AthBtTray"
"hkey"="HKLM"
"command"="\"C:\\Program Files (x86)\\Dell Wireless\\Bluetooth Suite\\AthBtTray.exe\""

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\AtherosBtStack]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="AtherosBtStack"
"hkey"="HKLM"
"command"="\"C:\\Program Files (x86)\\Dell Wireless\\Bluetooth Suite\\BtvStack.exe\""

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\DCHostUI]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="DCHostUI"
"hkey"="HKLM"
"command"="\"C:\\Program Files (x86)\\Atheros Direct Connect\\P2PUIMain.exe\" -nogui"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Dell DataSafe Online]
"key"="SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="Dell DataSafe Online"
"hkey"="HKLM"
"command"="C:\\Program Files (x86)\\Dell\\Dell Datasafe Online\\NOBuClient.exe"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Dell Webcam Central]
"key"="SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="Dell Webcam Central"
"hkey"="HKLM"
"command"="\"C:\\Program Files (x86)\\Dell Webcam\\Dell Webcam Central\\WebcamDell2.exe\" /mode2"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\DellStage]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="DellStage"
"hkey"="HKLM"
"command"="\"C:\\Program Files (x86)\\Dell Stage\\Dell Stage\\stage_primary.exe\" \"C:\\Program Files (x86)\\Dell Stage\\Dell Stage\\start.umj\" --startup"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Desktop Disc Tool]
"key"="SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="Desktop Disc Tool"
"hkey"="HKLM"
"command"="\"C:\\Program Files (x86)\\Roxio\\OEM\\Roxio Burn\\RoxioBurnLauncher.exe\""

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\GoogleDriveSync]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="GoogleDriveSync"
"hkey"="HKCU"
"command"="\"C:\\Program Files (x86)\\Google\\Drive\\googledrivesync.exe\" /autostart"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\iTunesHelper]
"key"="SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="iTunesHelper"
"hkey"="HKLM"
"command"="\"C:\\Program Files (x86)\\iTunes\\iTunesHelper.exe\""

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\mcui_exe]
"key"="SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="mcui_exe"
"hkey"="HKLM"
"command"="\"C:\\Program Files\\McAfee.com\\Agent\\mcagent.exe\" /runkey"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\msnmsgr]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="msnmsgr"
"hkey"="HKCU"
"command"="\"C:\\Program Files (x86)\\Windows Live\\Messenger\\msnmsgr.exe\" /background"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\MusicManager]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="MusicManager"
"hkey"="HKCU"
"command"="\"C:\\Users\\TheMills\\AppData\\Local\\Programs\\Google\\MusicManager\\MusicManager.exe\""

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\NeroLauncher]
"key"="SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="NeroLauncher"
"hkey"="HKLM"
"command"="C:\\Program Files (x86)\\Nero\\SyncUP\\NeroLauncher.exe 900"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Skype]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="Skype"
"hkey"="HKCU"
"command"="\"C:\\Program Files (x86)\\Skype\\Phone\\Skype.exe\" /minimized /regrun"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Stage Remote]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="Stage Remote"
"hkey"="HKLM"
"command"="C:\\Program Files (x86)\\Dell\\Stage Remote\\StageRemote.exe -Quiet"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Bitmeter2.lnk]
"path"="C:\\ProgramData\\Microsoft\\Windows\\Start Menu\\Programs\\Startup\\Bitmeter2.lnk"
"backup"="C:\\Windows\\pss\\Bitmeter2.lnk.CommonStartup"
"backupExtension"=".CommonStartup"
"command"="C:\\PROGRA~2\\Codebox\\BitMeter\\BITMET~1.EXE "
"item"="Bitmeter2"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder\C:^Users^TheMills^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^EvernoteClipper.lnk]
"path"="C:\\Users\\TheMills\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\Startup\\EvernoteClipper.lnk"
"backup"="C:\\Windows\\pss\\EvernoteClipper.lnk.Startup"
"backupExtension"=".Startup"
"command"="C:\\PROGRA~2\\Evernote\\Evernote\\EVERNO~2.EXE "
"item"="EvernoteClipper"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder\C:^Users^TheMills^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Warner Bros.lnk]
"path"="C:\\Users\\TheMills\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\Startup\\Warner Bros.lnk"
"backup"="C:\\Windows\\pss\\Warner Bros.lnk.Startup"
"backupExtension"=".Startup"
"command"="C:\\PROGRA~2\\WARNER~1.DIG\\WARNER~1.EXE "
"item"="Warner Bros"

==== Startup Folders ======================

2013-02-20 17:10:53 1152 ----a-w- C:\Users\TheMills\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk

==== Task Scheduler Jobs ======================

C:\Windows\tasks\Adobe Flash Player Updater.job --a------ C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [01/13/2015 07:42 PM]
C:\Windows\tasks\G2MUpdateTask-S-1-5-21-1973055484-1563379939-3891434950-1001.job --a------ C:\Users\TheMills\AppData\Local\Citrix\GoToMeeting\2152\g2mupdate.exe [01/03/2015 03:33 PM]
C:\Windows\tasks\GoogleUpdateTaskMachineCore.job --a------ C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [10/19/2014 08:02 PM]
C:\Windows\tasks\GoogleUpdateTaskMachineUA.job --a------ C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [10/19/2014 08:02 PM]
C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1973055484-1563379939-3891434950-1001Core.job --a------ C:\Users\TheMills\AppData\Local\Google\Update\GoogleUpdate.exe [05/02/2013 02:44 PM]
C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1973055484-1563379939-3891434950-1001UA.job --a------ C:\Users\TheMills\AppData\Local\Google\Update\GoogleUpdate.exe [05/02/2013 02:44 PM]

==== Other Scheduled Tasks ======================

"C:\Windows\SysNative\tasks\Adobe Acrobat Update Task" [C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe]
"C:\Windows\SysNative\tasks\Adobe Flash Player Updater" [C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe]
"C:\Windows\SysNative\tasks\AdobeAAMUpdater-1.0-MILLSDESKTOP-TheMills" [C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe]
"C:\Windows\SysNative\tasks\G2MUpdateTask-S-1-5-21-1973055484-1563379939-3891434950-1001" [C:\Users\TheMills\AppData\Local\Citrix\GoToMeeting\2152\g2mupdate.exe]
"C:\Windows\SysNative\tasks\GarminUpdaterTask" [C:\Program Files (x86)\Garmin\Express Self Updater\ExpressSelfUpdater.exe]
"C:\Windows\SysNative\tasks\Go to RoboForm Install page" [C:\Windows\system32\rundll32.exe url.dll,FileProtocolHandler "http://www.roboform.com/test-pass.html?aaa=KICMHMOMNJPMOMMMJJPMCNPMPMGMKJCNLMOMOMMMCNHMLJJMIMCNOMIMOMLJMJOMMJPMJJMJMMJJJNJICMJMCNOMPMCNNMFMGMCNPMCNHMOMOMNMFMJMCNOMCNIMJMPMOMCNNMJNPICMLMFMEKMICNJJCKFMPMJNHICMEKMICNJJCKJNBJCMLKHJKJCLGJDJDJMIJNKJCMJNNICMJNDJCMKJBJ"]
"C:\Windows\SysNative\tasks\GoogleUpdateTaskMachineCore" [C:\Program Files (x86)\Google\Update\GoogleUpdate.exe]
"C:\Windows\SysNative\tasks\GoogleUpdateTaskMachineUA" [C:\Program Files (x86)\Google\Update\GoogleUpdate.exe]
"C:\Windows\SysNative\tasks\GoogleUpdateTaskUserS-1-5-21-1973055484-1563379939-3891434950-1001Core" [C:\Users\TheMills\AppData\Local\Google\Update\GoogleUpdate.exe]
"C:\Windows\SysNative\tasks\GoogleUpdateTaskUserS-1-5-21-1973055484-1563379939-3891434950-1001UA" [C:\Users\TheMills\AppData\Local\Google\Update\GoogleUpdate.exe]
"C:\Windows\SysNative\tasks\Open URL by RoboForm" [C:\Windows\system32\rundll32.exe url.dll,FileProtocolHandler "http://www.roboform.com/test-pass.html?aaa=KICMHMOMNJPMOMMMJJPMCNPMPMGMKJCNLMOMOMMMCNHMLJJMIMCNOMIMOMLJMJOMMJPMJJMJMMJJJNJICMIMCNGMCNHMFMOMOMCNPMCNGMJMPMPMFMJMCNOMCNIMJMPMOMCNNMJNPICMOMFMEKMICNJJCKFMIMNMJMJNHICMMJBJKJLIMJJNBJCMLKHJKJCLGJDJDJMIJNKJCMJNNICMJNDJCMKJBJJNMJCMOMFMMMJMMMFMPMJNFICMGJLJKJBJLIGJLIGJKJMIBNKJHIKJ"]
"C:\Windows\SysNative\tasks\PCDEventLauncherTask" ["C:\Program Files\My Dell\sessionchecker.exe"]
"C:\Windows\SysNative\tasks\PCDoctorBackgroundMonitorTask" ["C:\Program Files\My Dell\uaclauncher.exe"]
"C:\Windows\SysNative\tasks\Run RoboForm Process" [C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe]
"C:\Windows\SysNative\tasks\Run RoboForm TaskBar Icon" [C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe]
"C:\Windows\SysNative\tasks\SidebarExecute" [C:\Program Files\Windows Sidebar\sidebar.exe]
"C:\Windows\SysNative\tasks\StickyNotes Updater" ["c:\Program Files (x86)\Dell Touch Software Suite\StickyNotes\updater.exe"]
"C:\Windows\SysNative\tasks\SystemToolsDailyTest" ["uaclauncher.exe"]
"C:\Windows\SysNative\tasks\User_Feed_Synchronization-{116CCF82-5BB0-485E-A8CB-680DC15BBFBF}" [C:\Windows\system32\msfeedssync.exe]
"C:\Windows\SysNative\tasks\Apple\AppleSoftwareUpdate" [C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe]
"C:\Windows\SysNative\tasks\OfficeSoftwareProtectionPlatform\SvcRestartTask" [%systemroot%\system32\sc.exe start osppsvc]

==== C:\zoek_backup content ======================

C:\zoek_backup (files=0 folders=0 0 bytes)

==== EOF on Wed 01/14/2015 at 12:37:57.57 ======================



#5 deeprybka

deeprybka

  • Malware Response Team
  • 5,198 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:07:05 AM

Posted 14 January 2015 - 01:36 PM

Hi,

warning.gif Malware Warning

If your computer was used for online banking, has credit card information or other sensitive data, using a non-infected computer/device you should immediately change all account information (including those used for banking, Email, eBay, Paypal, online forums, etc).


the computer is infected with this trojan:
https://www.virustotal.com/de/file/dafb37cc81bd8f7431be06231ec99e8431a551943bc3ef34e49fbf46b29b1fc4/analysis/
 
But no worries... :)

How is the computer running after the following fix:


Step 1

frst.pngfrstfix.png

Please download the attached fixlist txt.gif and save it in the same directory as FRST.
  • Start FRST with Administrator privileges.
  • Press the Fix button.
  • If for some reason the tool needs a restart, please make sure you let the system restart normally. (After that let the tool complete its run.)
  • When finished, a log file (Fixlog.txt) pops up and is saved to the same location the tool was run from.
    Please copy and paste its contents in your next reply.
Attached File  fixlist.txt   1.88KB   13 downloads

After the Reboot:

Step 2

frst.pngfrstscan.png

Start FRST with administator privileges.
  • Press the Scan button.
  • When finished, FRST will produce a log (FRST.txt) in the same directory the tool was run from.
    Please copy and paste the log in your next reply.

regards,
deeprybka
:busy:
Neminem laede, immo omnes, quantum potes, iuva. Arthur Schopenhauer
 
unite_blue.png
asap.png

#6 TxBrandi

TxBrandi
  • Topic Starter

  • Members
  • 24 posts
  • OFFLINE
  •  
  • Local time:12:05 AM

Posted 14 January 2015 - 02:29 PM

I clicked on the fixlist above (small pic of a piece of paper) and got this message:

 

Sorry, you don't have permission for that!

 

[#10171]

You do not have permission to view this attachment.


Need Help?

  1.  
  2. Privacy Policy
  3. Terms of Use ·



#7 deeprybka

deeprybka

  • Malware Response Team
  • 5,198 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:07:05 AM

Posted 14 January 2015 - 02:33 PM

post-864784-0-30226700-1421264142.png
 


Edited by deeprybka, 14 January 2015 - 02:37 PM.

regards,
deeprybka
:busy:
Neminem laede, immo omnes, quantum potes, iuva. Arthur Schopenhauer
 
unite_blue.png
asap.png

#8 TxBrandi

TxBrandi
  • Topic Starter

  • Members
  • 24 posts
  • OFFLINE
  •  
  • Local time:12:05 AM

Posted 14 January 2015 - 02:37 PM

Nevermind. It allowed me to once I registered for the site.



#9 deeprybka

deeprybka

  • Malware Response Team
  • 5,198 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:07:05 AM

Posted 14 January 2015 - 02:40 PM

Please have a look at the picture above... :)


Edited by deeprybka, 14 January 2015 - 02:41 PM.

regards,
deeprybka
:busy:
Neminem laede, immo omnes, quantum potes, iuva. Arthur Schopenhauer
 
unite_blue.png
asap.png

#10 TxBrandi

TxBrandi
  • Topic Starter

  • Members
  • 24 posts
  • OFFLINE
  •  
  • Local time:12:05 AM

Posted 14 January 2015 - 02:41 PM

when you say "save it in the same directory as FRST" does that mean just save it to the desktop? (since I saved FRST there) -sorry to be so dense -I just wanted to make sure I do it right.

thanks

#11 TxBrandi

TxBrandi
  • Topic Starter

  • Members
  • 24 posts
  • OFFLINE
  •  
  • Local time:12:05 AM

Posted 14 January 2015 - 02:43 PM

I think that was correct, so I'm pasting the fixlog:

 

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 14-01-2015 01
Ran by TheMills at 2015-01-14 14:41:29 Run:1
Running from C:\Users\TheMills\Desktop
Loaded Profiles: TheMills (Available profiles: UpdatusUser & TheMills & Charles)
Boot Mode: Normal
==============================================

Content of fixlist:
*****************
HKU\S-1-5-21-3655513571-3204461518-4247198270-1000\...\Run: [AS2014] - C:\ProgramData\6XDvn37n\6XDvn37n.exe
C:\ProgramData\6XDvn37n
S2 vToolbarUpdater18.0.0; C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\18.0.0\ToolbarUpdater.exe [X]
*****************

HKU\S-1-5-21-3655513571-3204461518-4247198270-1000\Software\Microsoft\Windows\CurrentVersion\Run\\HKU\S-1-5-21-3655513571-3204461518-4247198270-1000\...\Run: [AS2014] - C:\ProgramData\6XDvn37n\6XDvn37n.exe => Value not found.
"C:\ProgramData\6XDvn37n" => File/Directory not found.
vToolbarUpdater18.0.0 => Service not found.

==== End of Fixlog 14:41:30 ====


 

 



#12 deeprybka

deeprybka

  • Malware Response Team
  • 5,198 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:07:05 AM

Posted 14 January 2015 - 02:44 PM

 

does that mean just save it to the desktop?

 

That is absolutely correct! :thumbup2:

Running from C:\Users\TheMills\Desktop

regards,
deeprybka
:busy:
Neminem laede, immo omnes, quantum potes, iuva. Arthur Schopenhauer
 
unite_blue.png
asap.png

#13 deeprybka

deeprybka

  • Malware Response Team
  • 5,198 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:07:05 AM

Posted 14 January 2015 - 02:45 PM

No, this was not the attached fixlist!


regards,
deeprybka
:busy:
Neminem laede, immo omnes, quantum potes, iuva. Arthur Schopenhauer
 
unite_blue.png
asap.png

#14 deeprybka

deeprybka

  • Malware Response Team
  • 5,198 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:07:05 AM

Posted 14 January 2015 - 02:46 PM

Step 1

frst.pngfrstfix.png

Press thew7.png + R on your keyboard at the same time. Type notepad and click OK.
  • Copy the entire content of the codebox below and paste into the notepad document:
    CloseProcesses:
    C:\Users\TheMills\AppData\Locallow\fmjnwoj.dll
    C:\Users\TheMills\AppData\Local\{CF5ACE5A-F84D-46BD-B183-75934EFC9B5B}\
    C:\Users\TheMills\AppData\LocalLow\Temp\eezredtglcs
    HKU\S-1-5-21-1973055484-1563379939-3891434950-1001\...\Run: [Lmbbszgsc] => regsvr32.exe /s "C:\Users\TheMills\AppData\Local\{CF5ACE5A-F84D-46BD-B183-75934EFC9B5B}\Lmbbszgsc.dll" 
    SearchScopes: HKU\S-1-5-21-1973055484-1563379939-3891434950-1001 -> {103ff47a-deeb-4445-b593-e774cb8f2867} URL = http://isearch.shopathome.com?user_id={029b4ec9-8ef6-41fb-ba1b-b14fd9be451c}&q={searchTerms}
    SearchScopes: HKU\S-1-5-21-1973055484-1563379939-3891434950-1001 -> {49606DC7-976D-4030-A74E-9FB5C842FA68} URL =
    SearchScopes: HKU\S-1-5-21-1973055484-1563379939-3891434950-1001 -> {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL =
    Toolbar: HKU\S-1-5-21-1973055484-1563379939-3891434950-1001 -> No Name - {D4027C7F-154A-4066-A1AD-4243D8127440} - No File
    Toolbar: HKU\S-1-5-21-1973055484-1563379939-3891434950-1001 -> No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File
    FF Plugin: @microsoft.com/GENUINE -> disabled No File
    FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
    CHR StartupUrls: Default -> "hxxp://search.conduit.com/?CUI=UN25628324036515304&ctid=CT3272718&SearchSource=48"
    CHR Extension: (MixiDJ) - C:\Users\TheMills\AppData\Local\Google\Chrome\User Data\Default\Extensions\pbofibgamhkgoonaocfgemncghhadmgb [2013-03-27]
    CHR HKU\S-1-5-21-1973055484-1563379939-3891434950-1001\...\Chrome\Extension: [pbofibgamhkgoonaocfgemncghhadmgb] - C:\Users\TheMills\AppData\Local\CRE\pbofibgamhkgoonaocfgemncghhadmgb.crx [2013-02-07]
    CHR HKLM-x32\...\Chrome\Extension: [pbofibgamhkgoonaocfgemncghhadmgb] - C:\Users\TheMills\AppData\Local\CRE\pbofibgamhkgoonaocfgemncghhadmgb.crx [2013-02-07]
    C:\Users\Public\dcmsvcsetup.exe
    C:\Users\Public\invokesi.exe
    C:\Users\TheMills\mds_2_3_10_quiet_update.exe
    CreateRestorePoint:
    EmptyTemp:
    
    
  • Click File, Save As and type fixlist.txt as the File Name.
Both files, FRST and fixlist.txt have to be in the same location or the fix will not work!
  • Right-click on FRST.gif icon and select RunAsAdmin.jpg Run as Administrator to start the tool.
    (XP users click run after receipt of Windows Security Warning - Open File).
  • Press the Fix button just once and wait.
  • If for some reason the tool needs a restart, please make sure you let the system restart normally. After that let the tool complete its run.
  • When finished FRST will generate a log on the Desktop, called Fixlog.txt.
Please post it to your reply.
regards,
deeprybka
:busy:
Neminem laede, immo omnes, quantum potes, iuva. Arthur Schopenhauer
 
unite_blue.png
asap.png

#15 TxBrandi

TxBrandi
  • Topic Starter

  • Members
  • 24 posts
  • OFFLINE
  •  
  • Local time:12:05 AM

Posted 14 January 2015 - 03:18 PM

Ok. After getting your message saying that was not the correct fixlog, I went back to the correct file from your message and this time it took a long time to finish. I was in the process of copying it so I could paste it here, when I saw your message number 14 above (the one that says press the windows button plus R). I'm not sure if that is a separate step or if you were just telling me another way to do the steps from message number 5. I'm going to go ahead and paste the fixlog that I was doing before I got that message. I believe my next step (since it just rebooted is to do number 2 from message #5. (where you press the scan button). If I am mistaken, then let me know.


Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 14-01-2015 01
Ran by TheMills at 2015-01-14 14:47:41 Run:2
Running from C:\Users\TheMills\Desktop
Loaded Profiles: TheMills (Available profiles: UpdatusUser & TheMills & Charles)
Boot Mode: Normal
==============================================

Content of fixlist:
*****************
CloseProcesses:
C:\Users\TheMills\AppData\Locallow\fmjnwoj.dll
C:\Users\TheMills\AppData\Local\{CF5ACE5A-F84D-46BD-B183-75934EFC9B5B}\
C:\Users\TheMills\AppData\LocalLow\Temp\eezredtglcs
HKU\S-1-5-21-1973055484-1563379939-3891434950-1001\...\Run: [Lmbbszgsc] => regsvr32.exe /s "C:\Users\TheMills\AppData\Local\{CF5ACE5A-F84D-46BD-B183-75934EFC9B5B}\Lmbbszgsc.dll"
SearchScopes: HKU\S-1-5-21-1973055484-1563379939-3891434950-1001 -> {103ff47a-deeb-4445-b593-e774cb8f2867} URL = http://isearch.shopathome.com?user_id={029b4ec9-8ef6-41fb-ba1b-b14fd9be451c}&q={searchTerms}
SearchScopes: HKU\S-1-5-21-1973055484-1563379939-3891434950-1001 -> {49606DC7-976D-4030-A74E-9FB5C842FA68} URL =
SearchScopes: HKU\S-1-5-21-1973055484-1563379939-3891434950-1001 -> {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL =
Toolbar: HKU\S-1-5-21-1973055484-1563379939-3891434950-1001 -> No Name - {D4027C7F-154A-4066-A1AD-4243D8127440} - No File
Toolbar: HKU\S-1-5-21-1973055484-1563379939-3891434950-1001 -> No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
CHR StartupUrls: Default -> "hxxp://search.conduit.com/?CUI=UN25628324036515304&ctid=CT3272718&SearchSource=48"
CHR Extension: (MixiDJ) - C:\Users\TheMills\AppData\Local\Google\Chrome\User Data\Default\Extensions\pbofibgamhkgoonaocfgemncghhadmgb [2013-03-27]
CHR HKU\S-1-5-21-1973055484-1563379939-3891434950-1001\...\Chrome\Extension: [pbofibgamhkgoonaocfgemncghhadmgb] - C:\Users\TheMills\AppData\Local\CRE\pbofibgamhkgoonaocfgemncghhadmgb.crx [2013-02-07]
CHR HKLM-x32\...\Chrome\Extension: [pbofibgamhkgoonaocfgemncghhadmgb] - C:\Users\TheMills\AppData\Local\CRE\pbofibgamhkgoonaocfgemncghhadmgb.crx [2013-02-07]
C:\Users\Public\dcmsvcsetup.exe
C:\Users\Public\invokesi.exe
C:\Users\TheMills\mds_2_3_10_quiet_update.exe
CreateRestorePoint:
EmptyTemp:

*****************

Processes closed successfully.
C:\Users\TheMills\AppData\Locallow\fmjnwoj.dll => Moved successfully.
C:\Users\TheMills\AppData\Local\{CF5ACE5A-F84D-46BD-B183-75934EFC9B5B} => Moved successfully.
C:\Users\TheMills\AppData\LocalLow\Temp\eezredtglcs => Moved successfully.
HKU\S-1-5-21-1973055484-1563379939-3891434950-1001\Software\Microsoft\Windows\CurrentVersion\Run\\Lmbbszgsc => value deleted successfully.
"HKU\S-1-5-21-1973055484-1563379939-3891434950-1001\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{103ff47a-deeb-4445-b593-e774cb8f2867}" => Key deleted successfully.
HKCR\CLSID\{103ff47a-deeb-4445-b593-e774cb8f2867} => Key not found.
"HKU\S-1-5-21-1973055484-1563379939-3891434950-1001\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{49606DC7-976D-4030-A74E-9FB5C842FA68}" => Key deleted successfully.
HKCR\CLSID\{49606DC7-976D-4030-A74E-9FB5C842FA68} => Key not found.
"HKU\S-1-5-21-1973055484-1563379939-3891434950-1001\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}" => Key deleted successfully.
HKCR\CLSID\{6A1806CD-94D4-4689-BA73-E35EA1EA9990} => Key not found.
HKU\S-1-5-21-1973055484-1563379939-3891434950-1001\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{D4027C7F-154A-4066-A1AD-4243D8127440} => value deleted successfully.
HKCR\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440} => Key not found.
HKU\S-1-5-21-1973055484-1563379939-3891434950-1001\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{2318C2B1-4965-11D4-9B18-009027A5CD4F} => value deleted successfully.
HKCR\CLSID\{2318C2B1-4965-11D4-9B18-009027A5CD4F} => Key not found.
"HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE" => Key deleted successfully.
"HKLM\Software\Wow6432Node\MozillaPlugins\@microsoft.com/GENUINE" => Key deleted successfully.
Chrome StartupUrls deleted successfully.
C:\Users\TheMills\AppData\Local\Google\Chrome\User Data\Default\Extensions\pbofibgamhkgoonaocfgemncghhadmgb => Moved successfully.
"HKU\S-1-5-21-1973055484-1563379939-3891434950-1001\SOFTWARE\Google\Chrome\Extensions\pbofibgamhkgoonaocfgemncghhadmgb" => Key deleted successfully.
C:\Users\TheMills\AppData\Local\CRE\pbofibgamhkgoonaocfgemncghhadmgb.crx => Moved successfully.
"HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\pbofibgamhkgoonaocfgemncghhadmgb" => Key deleted successfully.
"C:\Users\TheMills\AppData\Local\CRE\pbofibgamhkgoonaocfgemncghhadmgb.crx" => File/Directory not found.
C:\Users\Public\dcmsvcsetup.exe => Moved successfully.
C:\Users\Public\invokesi.exe => Moved successfully.
C:\Users\TheMills\mds_2_3_10_quiet_update.exe => Moved successfully.
Restore point was successfully created.
EmptyTemp: => Removed 3.6 GB temporary data.


The system needed a reboot.

==== End of Fixlog 15:02:42 ====




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users