Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

windows cannot open program because software restriction policy


  • This topic is locked This topic is locked
14 replies to this topic

#1 bzncrew

bzncrew

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:06:51 PM

Posted 24 January 2015 - 05:21 PM

My AV won't start because of this error.  I assume I'm infected with something.

Also,   SYSTEM RESTORE won't start.   It says "System Restore is not able to protect your computer.  Please restart your computer, and then run System Restore again.

 

I don't know if this is related, but I also hear my floppy drive (Yea this has one) drive being randomly accessed every 30 seconds or so.

 

 

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 24-01-2015 01
Ran by Russ Baker (administrator) on RUSS on 24-01-2015 15:19:37
Running from Z:\DOWNLOADS
Loaded Profiles: Russ Baker (Available profiles: Russ Baker & Administrator)
Platform: Microsoft Windows XP Professional Service Pack 3 (X86) OS Language: English (United States)
Internet Explorer Version 8 (Default browser: Chrome)
Boot Mode: Normal
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(Bitdefender) C:\Program Files\Bitdefender\Antivirus Free Edition\gzserv.exe
(Adobe Systems Incorporated) C:\Program Files\Adobe\Elements 12 Organizer\PhotoshopElementsFileAgent.exe
(Ammyy LLC) C:\Documents and Settings\Russ Baker\Desktop\AA_v35.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Ammyy LLC) C:\Documents and Settings\Russ Baker\Desktop\AA_v35.exe
(Carbonite, Inc. (www.carbonite.com)) C:\Program Files\Carbonite\Carbonite Backup\CarboniteService.exe
(CHENGDU YIWO Tech Development Co., Ltd) C:\Program Files\EaseUS\Todo Backup\bin\Agent.exe
(SEIKO EPSON CORPORATION) C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_JT50RP.EXE
(Softland) C:\Program Files\Softland\FBackup 5\bService.exe
(CHENGDU YIWO Tech Development Co., Ltd) C:\Program Files\EaseUS\Todo Backup\bin\GuardAgent.exe
() C:\ICVERIFY\ICWin420\Jcard\JCardService.exe
(Google Inc.) C:\Program Files\Google\Update\1.3.25.11\GoogleCrashHandler.exe
(Nero AG) C:\Program Files\Nero\Update\NASvc.exe
() C:\ICVERIFY\ICWin420\PCVXWinServiceManager.exe
(Microsoft Corporation) C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
(TeamViewer GmbH) C:\Program Files\TeamViewer\TeamViewer_Service.exe
(Extended Systems, Inc.) C:\Program Files\Extended Systems\Advantage 8.1\Server\ads.exe
(TeamViewer GmbH) C:\Program Files\TeamViewer\TeamViewer.exe
(TeamViewer GmbH) C:\Program Files\TeamViewer\tv_w32.exe
(FirstData) C:\ICVERIFY\ICWin420\Firstdata.Security.PCVXFileMonitor.exe
(Sun Microsystems, Inc.) C:\ICVERIFY\ICWin420\jre1.6.0\bin\javaw.exe
(Realtek Semiconductor Corp.) C:\WINDOWS\RTHDCPL.exe
(SEIKO EPSON CORPORATION) C:\Program Files\Epson Software\Event Manager\EEventManager.exe
(SEIKO EPSON CORPORATION) C:\Program Files\Epson Software\FAX Utility\FUFAXRCV.exe
(SEIKO EPSON CORPORATION) C:\Program Files\Epson Software\FAX Utility\FUFAXSTM.exe
(CHENGDU YIWO Tech Development Co., Ltd) C:\Program Files\EaseUS\Todo Backup\bin\EuWatch.exe
(CHENGDU YIWO Tech Development Co., Ltd) C:\Program Files\EaseUS\Todo Backup\bin\TrayNotify.exe
() C:\Program Files\EaseUS\TrayPopup\TrayTipAgent.exe
(Adobe Systems Inc.) C:\Program Files\Adobe\Acrobat 9.0\Acrobat\acrotray.exe
(iSkySoft) C:\Program Files\Common Files\iSkysoft\iSkysoft Helper Compact\ISHelper.exe
(SlySoft, Inc.) C:\Program Files\SlySoft\CloneCD\CloneCDTray.exe
(Pinnacle Systems GmbH) C:\PROGRA~1\Pinnacle\SHARED~1\Programs\USBTip\USBTip.exe
(Wondershare) C:\Program Files\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe
(Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe
(Carbonite, Inc.) C:\Program Files\Carbonite\Carbonite Backup\CarboniteUI.exe
(j2 Global Communications, Inc.) C:\Program Files\eFax Messenger 4.4\J2GDllCmd.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Softland) C:\Program Files\Softland\FBackup 5\bTray.exe
(Google) C:\Program Files\Google\Drive\googledrivesync.exe
(GoPro) C:\Program Files\CineForm\Tools\GoProCineFormStatusViewer.exe
(Realtime Soft Ltd) C:\Program Files\UltraMon\UltraMon.exe
(Dropbox, Inc.) C:\Documents and Settings\Russ Baker\Application Data\Dropbox\bin\Dropbox.exe
(Realtime Soft Ltd) C:\Program Files\UltraMon\UltraMonTaskbar.exe
(j2 Global Communications, Inc.) C:\Program Files\eFax Messenger 4.4\J2GTray.exe
(Google) C:\Program Files\Google\Drive\googledrivesync.exe
(Microsoft Corporation) C:\WINDOWS\system32\dllhost.exe
(Microsoft Corporation) C:\WINDOWS\system32\dllhost.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
() Z:\DOWNLOADS\adwcleaner_4.109.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(ESET) C:\Program Files\ESET\ESET Online Scanner\OnlineScannerApp.exe
() C:\Program Files\ESET\ESET Online Scanner\OnlineCmdLineScanner.exe
(Mozilla Corporation) C:\Program Files\Mozilla Thunderbird\thunderbird.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\WINDOWS\system32\ntvdm.exe
 
 
==================== Registry (Whitelisted) ==================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [RTHDCPL] => C:\WINDOWS\RTHDCPL.EXE [16126464 2007-04-10] (Realtek Semiconductor Corp.)
HKLM\...\Run: [SkyTel] => C:\WINDOWS\SkyTel.EXE [1822720 2007-04-04] (Realtek Semiconductor Corp.)
HKLM\...\Run: [Alcmtr] => C:\WINDOWS\ALCMTR.EXE [69632 2005-05-03] (Realtek Semiconductor Corp.)
HKLM\...\Run: [Adobe ARM] => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-12-20] (Adobe Systems Incorporated)
HKLM\...\Run: [EEventManager] => C:\Program Files\Epson Software\Event Manager\EEventManager.exe [979328 2010-10-12] (SEIKO EPSON CORPORATION)
HKLM\...\Run: [FUFAXRCV] => C:\Program Files\Epson Software\FAX Utility\FUFAXRCV.exe [495616 2011-03-08] (SEIKO EPSON CORPORATION)
HKLM\...\Run: [FUFAXSTM] => C:\Program Files\Epson Software\FAX Utility\FUFAXSTM.exe [856064 2011-03-08] (SEIKO EPSON CORPORATION)
HKLM\...\Run: [EaseUs Watch] => C:\Program Files\EaseUS\Todo Backup\bin\EuWatch.exe [70728 2013-09-04] (CHENGDU YIWO Tech Development Co., Ltd)
HKLM\...\Run: [EaseUs Tray] => C:\Program Files\EaseUS\Todo Backup\bin\TrayNotify.exe [1372232 2013-09-04] (CHENGDU YIWO Tech Development Co., Ltd)
HKLM\...\Run: [EaseUs TB Tray Agent] => C:\Program Files\EaseUS\TrayPopup\TrayTipAgent.exe [253512 2013-09-04] ()
HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [472984 2013-06-03] (Adobe Systems Incorporated)
HKLM\...\Run: [AdobeCS4ServiceManager] => C:\Program Files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe [611712 2008-08-14] (Adobe Systems Incorporated)
HKLM\...\Run: [Adobe Acrobat Speed Launcher] => C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe [37232 2008-06-12] (Adobe Systems Incorporated)
HKLM\...\Run: [] => [X]
HKLM\...\Run: [Acrobat Assistant 8.0] => C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe [640376 2008-06-11] (Adobe Systems Inc.)
HKLM\...\Run: [Adobe_ID0ENQBO] => C:\Program Files\Common Files\Adobe\Adobe Version Cue CS4\Server\bin\VersionCueCS4Tray.exe [378224 2008-08-15] (Adobe Systems Incorporated)
HKLM\...\Run: [iSkysoft Helper Compact.exe] => C:\Program Files\Common Files\iSkysoft\iSkysoft Helper Compact\ISHelper.exe [2066432 2014-10-31] (iSkySoft)
HKLM\...\Run: [CloneCDTray] => C:\Program Files\SlySoft\CloneCD\CloneCDTray.exe [57344 2009-01-29] (SlySoft, Inc.)
HKLM\...\Run: [USBToolTip] => C:\Program Files\Pinnacle\Shared Files\Programs\USBTip\USBTip.exe [199752 2007-02-20] (Pinnacle Systems GmbH)
HKLM\...\Run: [Wondershare Helper Compact.exe] => C:\Program Files\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe [2024800 2014-06-04] (Wondershare)
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [157480 2014-10-15] (Apple Inc.)
HKLM\...\Run: [QuickTime Task] => C:\Program Files\QuickTime\QTTask.exe [421888 2014-10-02] (Apple Inc.)
HKLM\...\Run: [Carbonite Backup] => C:\Program Files\Carbonite\Carbonite Backup\CarboniteUI.exe [1055952 2014-12-02] (Carbonite, Inc.)
HKLM Group Policy restriction on software: C:\Documents and Settings\All Users\Application Data\McAfee <====== ATTENTION
HKLM Group Policy restriction on software: C:\Program Files\Malwarebytes' Anti-Malware <====== ATTENTION
HKLM Group Policy restriction on software: C:\Program Files\BitDefender <====== ATTENTION
HKLM Group Policy restriction on software: C:\Documents and Settings\All Users\Application Data\Microsoft\Microsoft Antimalware <====== ATTENTION
HKLM Group Policy restriction on software: C:\Documents and Settings\All Users\Application Data\Malwarebytes <====== ATTENTION
HKLM\Software\Policies\Microsoft\Windows NT\SystemRestore: [DisableSR/DisableConfig]  <===== ATTENTION
HKU\S-1-5-21-1417001333-823518204-2147118731-1003\...\Run: [eFax 4.4] => C:\Program Files\eFax Messenger 4.4\J2GDllCmd.exe [95744 2012-08-29] (j2 Global Communications, Inc.)
HKU\S-1-5-21-1417001333-823518204-2147118731-1003\...\Run: [FBackup 5 Tray Agent] => C:\Program Files\Softland\FBackup 5\bTray.exe [6754872 2014-04-01] (Softland)
HKU\S-1-5-21-1417001333-823518204-2147118731-1003\...\Run: [CAHeadless] => C:\Program Files\Adobe\Elements 12 Organizer\CAHeadless\ElementsAutoAnalyzer.exe [1046944 2013-09-03] (Adobe Systems Incorporated)
HKU\S-1-5-21-1417001333-823518204-2147118731-1003\...\Run: [AdobeBridge] => [X]
HKU\S-1-5-21-1417001333-823518204-2147118731-1003\...\Run: [GoogleDriveSync] => C:\Program Files\Google\Drive\googledrivesync.exe [23308616 2014-12-22] (Google)
HKU\S-1-5-21-1417001333-823518204-2147118731-1003\...\MountPoints2: {b69dabc7-c68f-11e3-b3a7-001d6082781d} - "D:\WD SmartWare.exe" autoplay=true
Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\CineForm Status.lnk
ShortcutTarget: CineForm Status.lnk -> C:\Program Files\CineForm\Tools\GoProCineFormStatusViewer.exe (GoPro)
Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\UltraMon.lnk
ShortcutTarget: UltraMon.lnk -> C:\WINDOWS\Installer\{537056B7-32A4-4408-9B54-0341963C7C9C}\IcoUltraMon.ico ()
Startup: C:\Documents and Settings\Russ Baker\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk -> C:\Documents and Settings\Russ Baker\Application Data\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
Startup: C:\Documents and Settings\Russ Baker\Start Menu\Programs\Startup\eFax 4.4.lnk
ShortcutTarget: eFax 4.4.lnk -> C:\Program Files\eFax Messenger 4.4\J2GTray.exe (j2 Global Communications, Inc.)
ShellIconOverlayIdentifiers: [ Carbonite.Green] -> {95A27763-F62A-4114-9072-E81D87DE3B68} => C:\Program Files\Carbonite\Carbonite Backup\CarboniteNSE.dll (Carbonite, Inc.)
ShellIconOverlayIdentifiers: [ Carbonite.Partial] -> {E300CD91-100F-4E67-9AF3-1384A6124015} => C:\Program Files\Carbonite\Carbonite Backup\CarboniteNSE.dll (Carbonite, Inc.)
ShellIconOverlayIdentifiers: [ Carbonite.Yellow] -> {5E529433-B50E-4bef-A63B-16A6B71B071A} => C:\Program Files\Carbonite\Carbonite Backup\CarboniteNSE.dll (Carbonite, Inc.)
ShellIconOverlayIdentifiers: [1SecureIconsProvider] -> {FC9D8189-520A-4417-AED7-9EAC810C6FBA} => C:\Documents and Settings\All Users\Application Data\Microsoft\Secure\Icons\SecureIconsProvider.dll No File
ShellIconOverlayIdentifiers: [GDriveBlacklistedOverlay] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42} => C:\Program Files\Google\Drive\googledrivesync32.dll (Google)
ShellIconOverlayIdentifiers: [GDriveSharedEditOverlay] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44} => C:\Program Files\Google\Drive\googledrivesync32.dll (Google)
ShellIconOverlayIdentifiers: [GDriveSharedViewOverlay] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D43} => C:\Program Files\Google\Drive\googledrivesync32.dll (Google)
ShellIconOverlayIdentifiers: [GDriveSyncedOverlay] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40} => C:\Program Files\Google\Drive\googledrivesync32.dll (Google)
ShellIconOverlayIdentifiers: [GDriveSyncingOverlay] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41} => C:\Program Files\Google\Drive\googledrivesync32.dll (Google)
AlternateShell: 
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = 
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = 
HKU\S-1-5-21-1417001333-823518204-2147118731-1003\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
BHO: Adobe PDF Link Helper -> {18DF081C-E8AD-4283-A596-FA578C2EBDC3} -> C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
BHO: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_31\bin\ssv.dll (Oracle Corporation)
BHO: Windows Live Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
BHO: Adobe PDF Conversion Toolbar Helper -> {AE7CD045-E861-484f-8273-0445EE161910} -> C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
BHO: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_31\bin\jp2ssv.dll (Oracle Corporation)
BHO: SmartSelect Class -> {F4971EE7-DAA0-4053-9964-665D8EE6A077} -> C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
Toolbar: HKLM - Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
Toolbar: HKU\S-1-5-21-1417001333-823518204-2147118731-1003 -> Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
Handler: belarc - {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - C:\Program Files\Belarc\Advisor\System\BAVoilaX.dll (Belarc, Inc.)
Handler: WSISVCUchrome - {78A543EB-3A61-4ED3 -  No File
Winsock: Catalog5 04 C:\Program Files\Bonjour\mdnsNSP.dll [121704] (Apple Inc.)
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\..\Interfaces\{29A22747-981E-4E83-8014-35712DC1E0CD}: [NameServer] 8.8.8.8
Tcpip\..\Interfaces\{7BA0CE54-2261-484B-8FBC-CD95BD2AB43B}: [NameServer] 8.8.8.8
 
FireFox:
========
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()
FF Plugin: @Apple.com/iTunes,version=1.0 -> C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin: @Google.com/GoogleEarthPlugin -> C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin: @java.com/DTPlugin,version=11.31.2 -> C:\Program Files\Java\jre1.8.0_31\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.31.2 -> C:\Program Files\Java\jre1.8.0_31\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/WLPG,version=14.0.8117.0416 -> C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin: @microsoft.com/WPF,version=3.5 -> c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF Plugin: @Nero.com/KM -> C:\PROGRA~1\COMMON~1\Nero\BROWSE~1\NPBROW~1.DLL (Nero AG)
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-1417001333-823518204-2147118731-1003: @citrixonline.com/appdetectorplugin -> C:\Documents and Settings\Russ Baker\Local Settings\Application Data\Citrix\Plugins\104\npappdetector.dll (Citrix Online)
FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF Extension: Microsoft .NET Framework Assistant - c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension [2014-04-04]
FF HKLM\...\Firefox\Extensions: [ISVCU@iSkysoft.com] - C:\Documents and Settings\All Users\Application Data\iSkysoft\Video Converter Ultimate\ISVCU@iSkysoft.com
 
Chrome: 
=======
CHR HomePage: Default -> hxxp://www.trovi.com/?gd=&ctid=CT3322288&octid=EB_ORIGINAL_CTID&ISID=M262324D9-FEFF-4554-9DA9-D8894C978B19&SearchSource=55&CUI=&UM=8&UP=SP42F80402-3083-44BB-B1AA-518CCB6431CB&SSPV=
CHR StartupUrls: Default -> ""
CHR DefaultSuggestURL: Default -> {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client={google:suggestClient}&gs_ri={google:suggestRid}&xssi=t&q={searchTerms}&{google:inputType}{google:cursorPosition}{google:currentPageUrl}{google:pageClassification}{google:searchVersion}{google:sessionToken}{google:prefetchQuery}sugkey={google:suggestAPIKeyParameter}
CHR Profile: C:\Documents and Settings\Russ Baker\Local Settings\Application Data\Google\Chrome\User Data\Default
CHR Extension: (Google Docs) - C:\Documents and Settings\Russ Baker\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-04-03]
CHR Extension: (Google Drive) - C:\Documents and Settings\Russ Baker\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-04-03]
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Documents and Settings\Russ Baker\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-08-31]
CHR Extension: (YouTube) - C:\Documents and Settings\Russ Baker\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-04-03]
CHR Extension: (Google Search) - C:\Documents and Settings\Russ Baker\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-04-03]
CHR Extension: (No Name) - C:\Documents and Settings\Russ Baker\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\gbchcmhmhahfdphkhkmpfmihenigjmpp [2014-04-30]
CHR Extension: (Application Launcher for Drive (by Google)) - C:\Documents and Settings\Russ Baker\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\lmjegmlicamnimmfhcmpkclmigmmcbeh [2014-12-27]
CHR Extension: (Google Wallet) - C:\Documents and Settings\Russ Baker\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-04-03]
CHR Extension: (LogMeIn) - C:\Documents and Settings\Russ Baker\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\omkjapkpkiciphacnalicgmmcelfolon [2014-04-16]
CHR Extension: (No Name) - C:\Documents and Settings\Russ Baker\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\pdnkcidphdcakpkheohlhocaicfamjie [2015-01-24]
CHR Extension: (Gmail) - C:\Documents and Settings\Russ Baker\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-04-03]
CHR HKU\S-1-5-21-1417001333-823518204-2147118731-1003\...\Chrome\Extension: [lmjegmlicamnimmfhcmpkclmigmmcbeh] - No Path
 
========================== Services (Whitelisted) =================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
S3 Adobe Version Cue CS4; C:\Program Files\Common Files\Adobe\Adobe Version Cue CS4\Server\bin\VersionCueCS4.exe [284016 2008-08-15] (Adobe Systems Incorporated)
R2 AdobeActiveFileMonitor12.0; C:\Program Files\Adobe\Elements 12 Organizer\PhotoshopElementsFileAgent.exe [181152 2013-09-03] (Adobe Systems Incorporated)
R2 Advantage; C:\Program Files\Extended Systems\Advantage 8.1\Server\ADS.EXE [2146352 2007-01-08] (Extended Systems, Inc.) [File not signed]
R2 AmmyyAdmin; C:\Documents and Settings\Russ Baker\Desktop\AA_v35.exe [764184 2014-07-30] (Ammyy LLC)
R2 CarboniteService; C:\Program Files\Carbonite\Carbonite Backup\carboniteservice.exe [6027984 2014-12-02] (Carbonite, Inc. (www.carbonite.com))
R2 EaseUS Agent; C:\Program Files\EaseUS\Todo Backup\bin\Agent.exe [36936 2013-12-02] (CHENGDU YIWO Tech Development Co., Ltd) [File not signed]
R2 EPSON_PM_RPCV4_05; C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_JT50RP.EXE [130944 2011-04-25] (SEIKO EPSON CORPORATION)
R2 FBackup5Srv; C:\Program Files\Softland\FBackup 5\bService.exe [3023416 2014-04-01] (Softland)
R2 Guard Agent; C:\Program Files\EaseUS\Todo Backup\bin\GuardAgent.exe [23624 2013-09-04] (CHENGDU YIWO Tech Development Co., Ltd) [File not signed]
R2 gzserv; C:\Program Files\Bitdefender\Antivirus Free Edition\gzserv.exe [57520 2013-10-23] (Bitdefender)
S3 icvmlt32; C:\ICVERIFY\ICWin420\PCVXWinServiceManager.exe [55152 2012-04-09] ()
S3 ICVTnsServer; C:\ICVERIFY\ICWin420\PCVXWinServiceManager.exe [55152 2012-04-09] ()
R2 JCard Service; C:\ICVERIFY\ICWin420\Jcard\JCardService.exe [149360 2012-04-09] ()
R2 MSSQL$ICV; C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [29293408 2010-12-10] (Microsoft Corporation)
S4 MSSQLServerADHelper; C:\Program Files\Microsoft SQL Server\90\Shared\sqladhlp90.exe [44384 2010-12-10] (Microsoft Corporation)
R2 NAUpdate; C:\Program Files\Nero\Update\NASvc.exe [786256 2014-07-14] (Nero AG)
R2 PCVXFileMonitor; C:\ICVERIFY\ICWin420\PCVXWinServiceManager.exe [55152 2012-04-09] ()
S3 SerialKeys; C:\WINDOWS\system32\skeys.exe [26112 2008-04-14] (Microsoft Corporation)
R2 TeamViewer; C:\Program Files\TeamViewer\TeamViewer_Service.exe [5426448 2014-12-15] (TeamViewer GmbH)
S3 Visual Studio Analyzer RPC bridge; C:\Program Files\Microsoft Visual Studio\Common\Tools\VS-Ent98\Vanalyzr\varpc.exe [34036 1998-06-06] (Microsoft Corporation) [File not signed]
S2 Freemake Improver; "C:\Documents and Settings\All Users\Application Data\Freemake\FreemakeUtilsService\FreemakeUtilsService.exe" [X]
 
==================== Drivers (Whitelisted) ====================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
R3 AtcL001; C:\WINDOWS\System32\DRIVERS\l151x86.sys [39424 2014-04-03] (Atheros Communications Inc.)
R0 avc3; C:\WINDOWS\System32\DRIVERS\avc3.sys [633344 2013-04-17] (BitDefender)
R3 avckf; C:\WINDOWS\System32\DRIVERS\avckf.sys [486536 2013-04-17] (BitDefender)
R3 AX88179; C:\WINDOWS\System32\DRIVERS\ax88179_178a.sys [49024 2013-07-31] (ASIX Electronics Corp.)
R1 BANTExt; C:\WINDOWS\System32\Drivers\BANTExt.sys [3840 2011-08-09] () [File not signed]
R1 bdselfpr; C:\Program Files\Bitdefender\Antivirus Free Edition\bdselfpr.sys [135472 2013-07-16] (BitDefender LLC)
S3 CCDECODE; C:\WINDOWS\System32\DRIVERS\CCDECODE.sys [17024 2008-04-14] (Microsoft Corporation)
R3 ElbyCDFL; C:\WINDOWS\System32\Drivers\ElbyCDFL.sys [34760 2007-02-15] (SlySoft, Inc.)
R1 ElbyCDIO; C:\WINDOWS\System32\Drivers\ElbyCDIO.sys [24232 2009-02-17] (Elaborate Bytes AG)
R0 EUBAKUP; C:\WINDOWS\System32\drivers\eubakup.sys [52040 2013-09-04] (CHENGDU YIWO Tech Development Co., Ltd) [File not signed]
R0 EUBKMON; C:\WINDOWS\System32\drivers\EUBKMON.sys [40776 2013-09-04] () [File not signed]
R1 EUDSKACS; C:\WINDOWS\system32\drivers\eudskacs.sys [14920 2013-09-04] (CHENGDU YIWO Tech Development Co., Ltd) [File not signed]
R1 EUFDDISK; C:\WINDOWS\system32\drivers\EuFdDisk.sys [185800 2013-09-04] (CHENGDU YIWO Tech Development Co., Ltd) [File not signed]
S3 FTDIBUS; C:\WINDOWS\System32\drivers\ftdibus.sys [65896 2013-07-12] (FTDI Ltd.)
R3 gzflt; C:\WINDOWS\System32\DRIVERS\gzflt.sys [164952 2013-04-22] (BitDefender LLC)
R3 MarvinBus; C:\WINDOWS\System32\DRIVERS\MarvinBus.sys [171520 2005-09-23] (Pinnacle Systems GmbH) [File not signed]
S3 NdisIP; C:\WINDOWS\System32\DRIVERS\NdisIP.sys [10880 2008-04-14] (Microsoft Corporation)
S3 OVT511Plus; C:\WINDOWS\System32\Drivers\omcamvid.sys [167816 2001-09-18] (OmniVision Technologies, Inc.) [File not signed]
R0 PxHelp20; C:\WINDOWS\System32\drivers\PxHelp20.sys [46096 2013-07-19] (Corel Corporation)
S3 silabenm; C:\WINDOWS\System32\DRIVERS\silabenm.sys [19656 2011-02-08] (Silicon Laboratories, Inc.) [File not signed]
S3 silabser; C:\WINDOWS\System32\DRIVERS\silabser.sys [58496 2011-02-08] (Silicon Laboratories) [File not signed]
S3 slabbus; C:\WINDOWS\System32\DRIVERS\slabbus.sys [52384 2004-03-11] (MCCI)
R0 trufos; C:\WINDOWS\System32\DRIVERS\trufos.sys [355744 2013-05-28] (BitDefender S.R.L.)
R2 UltraMonUtility; C:\Program Files\Common Files\Realtime Soft\UltraMonMirrorDrv\x32\UltraMonUtility.sys [17184 2008-11-14] (Realtime Soft Ltd)
R3 WinDriver6; C:\WINDOWS\System32\drivers\windrvr6.sys [299464 2005-11-09] (Jungo) [File not signed]
U5 avchv; C:\Windows\System32\Drivers\avchv.sys [242504 2015-01-24] (BitDefender)
S4 IntelIde; No ImagePath
U1 WS2IFSL; No ImagePath
 
==================== NetSvcs (Whitelisted) ===================
 
 
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
 
 
==================== One Month Created Files and Folders ========
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2015-01-24 14:58 - 2015-01-24 14:58 - 00000000 ____D () C:\Program Files\ESET
2015-01-24 13:18 - 2015-01-24 13:18 - 00242504 _____ (BitDefender) C:\WINDOWS\system32\Drivers\avchv.sys
2015-01-24 13:06 - 2015-01-24 13:06 - 00207815 _____ () C:\Documents and Settings\All Users\Application Data\1422129737.bdinstall.bin
2015-01-24 13:05 - 2013-04-17 14:59 - 00633344 _____ (BitDefender) C:\WINDOWS\system32\Drivers\avc3.sys
2015-01-24 13:05 - 2013-04-17 14:59 - 00486536 _____ (BitDefender) C:\WINDOWS\system32\Drivers\avckf.sys
2015-01-24 13:04 - 2015-01-24 13:05 - 00040294 _____ () C:\Report 2015-01-24 13.04.24.txt
2015-01-24 13:02 - 2013-05-28 12:11 - 00355744 _____ (BitDefender S.R.L.) C:\WINDOWS\system32\Drivers\trufos.sys
2015-01-24 13:02 - 2013-04-22 13:20 - 00164952 _____ (BitDefender LLC) C:\WINDOWS\system32\Drivers\gzflt.sys
2015-01-24 12:50 - 2015-01-24 12:50 - 00000000 ____D () C:\Documents and Settings\All Users\Desktop\CC Support
2015-01-24 12:06 - 2015-01-24 12:06 - 00000010 _____ () C:\Documents and Settings\Russ Baker\Local Settings\Application Data\sponge.last.runtime.cache
2015-01-24 10:42 - 2015-01-24 14:53 - 00003980 _____ () C:\Documents and Settings\Russ Baker\Desktop\Rkill.txt
2015-01-24 08:26 - 2015-01-24 15:19 - 00000000 ____D () C:\FRST
2015-01-24 08:17 - 2015-01-24 08:17 - 00000000 ____D () C:\WINDOWS\ERUNT
2015-01-24 08:16 - 2015-01-24 12:51 - 00000262 _____ () C:\Documents and Settings\Russ Baker\Desktop\error.txt
2015-01-24 08:16 - 2015-01-24 08:16 - 00219704 _____ () C:\Documents and Settings\All Users\Application Data\1422111302.bdinstall.bin
2015-01-24 08:11 - 2015-01-24 14:56 - 00000000 ____D () C:\AdwCleaner
2015-01-24 08:03 - 2015-01-24 13:05 - 00001867 _____ () C:\Documents and Settings\All Users\Desktop\Bitdefender Antivirus Free Edition.lnk
2015-01-24 08:03 - 2015-01-24 13:05 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\Antivirus Free Edition
2015-01-24 07:58 - 2015-01-24 08:02 - 00047850 _____ () C:\Report 2015-01-24 07.58.26.txt
2015-01-23 20:43 - 2015-01-23 20:39 - 00176552 _____ (Oracle Corporation) C:\WINDOWS\system32\javaw.exe
2015-01-23 20:43 - 2015-01-23 20:39 - 00176552 _____ (Oracle Corporation) C:\WINDOWS\system32\java.exe
2015-01-23 20:43 - 2015-01-23 20:39 - 00096680 _____ (Oracle Corporation) C:\WINDOWS\system32\WindowsAccessBridge.dll
2015-01-23 20:38 - 2015-01-23 20:47 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\Oracle
2015-01-23 20:27 - 2015-01-23 20:28 - 00039010 _____ () C:\Documents and Settings\All Users\Application Data\1422070045.4124.bin
2015-01-23 20:27 - 2015-01-23 20:28 - 00028720 _____ () C:\Documents and Settings\All Users\Application Data\1422070045.5316.bin
2015-01-23 20:27 - 2015-01-23 20:28 - 00003472 _____ () C:\Documents and Settings\All Users\Application Data\1422070045.5172.bin
2015-01-23 20:27 - 2015-01-23 20:28 - 00003069 _____ () C:\Documents and Settings\All Users\Application Data\1422070045.5176.bin
2015-01-23 20:19 - 2015-01-23 20:22 - 00027839 _____ () C:\Documents and Settings\All Users\Application Data\1422069498.5212.bin
2015-01-23 20:18 - 2015-01-23 20:22 - 00038999 _____ () C:\Documents and Settings\All Users\Application Data\1422069498.5908.bin
2015-01-23 20:18 - 2015-01-23 20:22 - 00004312 _____ () C:\Documents and Settings\All Users\Application Data\1422069498.4636.bin
2015-01-23 20:18 - 2015-01-23 20:19 - 00003389 _____ () C:\Documents and Settings\All Users\Application Data\1422069498.4668.bin
2015-01-23 03:00 - 2015-01-23 03:00 - 00297052 _____ () C:\WINDOWS\msxml4-KB2758694-enu.LOG
2015-01-22 18:38 - 2015-01-22 18:38 - 00000000 ____D () C:\Documents and Settings\NetworkService\Application Data\QuickScan
2015-01-22 18:30 - 2015-01-22 18:30 - 00224022 _____ () C:\Documents and Settings\All Users\Application Data\1421972393.bdinstall.bin
2015-01-22 17:24 - 2015-01-22 17:29 - 00051297 _____ () C:\Report 2015-01-22 17.24.30.txt
2015-01-22 14:35 - 2015-01-22 14:35 - 00031742 _____ () C:\Documents and Settings\All Users\Application Data\1421962496.bdinstall.bin
2015-01-22 14:26 - 2015-01-22 14:26 - 00028713 _____ () C:\Documents and Settings\All Users\Application Data\1421961959.5868.bin
2015-01-22 14:26 - 2015-01-22 14:26 - 00003520 _____ () C:\Documents and Settings\All Users\Application Data\1421961959.5828.bin
2015-01-22 14:26 - 2015-01-22 14:26 - 00003472 _____ () C:\Documents and Settings\All Users\Application Data\1421961959.5820.bin
2015-01-22 14:25 - 2015-01-22 14:26 - 00039004 _____ () C:\Documents and Settings\All Users\Application Data\1421961959.4352.bin
2015-01-22 14:11 - 2015-01-22 14:11 - 00000288 _____ () C:\WINDOWS\Tasks\Nero Info.job
2015-01-22 14:11 - 2015-01-22 14:11 - 00000000 ____D () C:\Documents and Settings\All Users\Nero
2015-01-22 14:01 - 2015-01-22 14:10 - 00000000 ____D () C:\Program Files\Nero
2015-01-22 14:01 - 2015-01-22 14:10 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\Nero
2015-01-22 14:00 - 2015-01-22 14:00 - 00027873 _____ () C:\Documents and Settings\All Users\Application Data\1421960391.3884.bin
2015-01-22 13:59 - 2015-01-22 14:00 - 00039057 _____ () C:\Documents and Settings\All Users\Application Data\1421960391.468.bin
2015-01-22 13:59 - 2015-01-22 14:00 - 00007398 _____ () C:\Documents and Settings\All Users\Application Data\1421960391.1832.bin
2015-01-22 13:59 - 2015-01-22 14:00 - 00004314 _____ () C:\Documents and Settings\All Users\Application Data\1421960391.5320.bin
2015-01-22 13:37 - 2015-01-22 13:38 - 00000000 ____D () C:\Documents and Settings\Russ Baker\Desktop\Salesforce
2015-01-22 12:39 - 2015-01-22 14:30 - 00000000 ____D () C:\Documents and Settings\Russ Baker\Local Settings\Application Data\Nero
2015-01-22 12:03 - 2010-05-26 11:41 - 02106216 _____ (Microsoft Corporation) C:\WINDOWS\system32\D3DCompiler_43.dll
2015-01-22 12:03 - 2010-05-26 11:41 - 01868128 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3dcsx_43.dll
2015-01-22 12:03 - 2010-05-26 11:41 - 00470880 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3dx10_43.dll
2015-01-22 12:03 - 2010-05-26 11:41 - 00248672 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3dx11_43.dll
2015-01-22 11:53 - 2015-01-22 16:34 - 00000000 ____D () C:\Documents and Settings\Russ Baker\Desktop\Video & Graphics Utils
2015-01-22 11:53 - 2015-01-22 11:57 - 00000000 ____D () C:\Documents and Settings\Russ Baker\Desktop\Utils
2015-01-20 16:41 - 2015-01-20 16:41 - 00009781 _____ () C:\WINDOWS\KB952011.log
2015-01-20 16:41 - 2015-01-20 16:41 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB952011$
2015-01-20 16:40 - 2015-01-20 20:18 - 00000000 ____D () C:\Documents and Settings\Russ Baker\My Documents\Wondershare DVD Creator
2015-01-20 09:02 - 2015-01-21 09:42 - 00000000 ____D () C:\temp bluray
2015-01-19 13:41 - 2015-01-19 13:41 - 00000000 ____D () C:\Documents and Settings\NetworkService\Local Settings\Application Data\Google
2015-01-18 11:30 - 2015-01-18 11:31 - 00000000 ____D () C:\Documents and Settings\Russ Baker\Desktop\Garrett
2015-01-18 11:21 - 2015-01-18 11:21 - 00000000 ____D () C:\Documents and Settings\LocalService\Local Settings\Application Data\Google
2015-01-18 11:09 - 2015-01-18 11:09 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\Carbonite
2015-01-18 11:08 - 2015-01-18 11:08 - 00000000 ____D () C:\Program Files\Carbonite
2015-01-18 11:08 - 2015-01-18 11:08 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\Carbonite
2015-01-18 03:00 - 2015-01-18 03:00 - 00006688 _____ () C:\WINDOWS\KB2868038.log
2015-01-18 03:00 - 2015-01-18 03:00 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2868038$
2015-01-18 02:40 - 2013-07-16 17:58 - 00046848 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\irbus.sys
2015-01-17 12:32 - 2013-07-16 17:58 - 00060160 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\usbaudio.sys
2015-01-17 12:32 - 2013-07-16 17:58 - 00060160 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\usbaudio.sys
2015-01-17 12:31 - 2013-07-16 17:58 - 00123008 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\usbvideo.sys
2015-01-17 12:31 - 2013-07-16 17:58 - 00123008 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\usbvideo.sys
2015-01-17 12:31 - 2008-04-14 05:42 - 00020992 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\dshowext.ax
2015-01-17 12:31 - 2008-04-14 05:42 - 00020992 _____ (Microsoft Corporation) C:\WINDOWS\system32\dshowext.ax
2015-01-14 15:52 - 2015-01-14 15:52 - 00000000 ____D () C:\Documents and Settings\Default User\Local Settings\Application Data\Google
2015-01-14 12:26 - 2015-01-14 12:26 - 00069940 _____ () C:\test.txt
2015-01-14 10:27 - 2015-01-14 10:28 - 00000000 ____D () C:\Program Files\Mozilla Thunderbird
2015-01-14 07:42 - 2015-01-14 07:42 - 00001444 _____ () C:\WINDOWS\COM+.log
2015-01-13 21:11 - 2015-01-13 21:11 - 00035840 _____ () C:\WINDOWS\system32\Comdlg32.oca
2015-01-13 21:02 - 2015-01-13 21:02 - 00000288 _____ () C:\WINDOWS\ODBC.INI
2015-01-13 21:02 - 2015-01-13 21:02 - 00000126 _____ () C:\WINDOWS\mdm.ini
2015-01-13 21:02 - 2015-01-13 21:02 - 00000000 ____D () C:\Documents and Settings\Russ Baker\Start Menu\Programs\OmniVision
2015-01-13 21:02 - 2015-01-13 21:02 - 00000000 ____D () C:\Documents and Settings\Russ Baker\Start Menu\Programs\Microsoft Web Publishing
2015-01-13 21:02 - 2015-01-13 21:02 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\Microsoft Visual Studio 6.0
2015-01-13 20:18 - 1998-04-24 13:55 - 00000005 _____ () C:\WINDOWS\VS98ENT.MIF
2015-01-13 19:08 - 2015-01-13 19:08 - 00190831 _____ () C:\Documents and Settings\All Users\Application Data\1421201236.bdinstall.bin
2015-01-13 19:06 - 2008-04-14 05:42 - 00016384 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\ipsink.ax
2015-01-13 19:06 - 2008-04-14 05:42 - 00016384 _____ (Microsoft Corporation) C:\WINDOWS\system32\ipsink.ax
2015-01-13 19:06 - 2008-04-14 00:16 - 00085248 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\nabtsfec.sys
2015-01-13 19:06 - 2008-04-14 00:16 - 00085248 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\NABTSFEC.sys
2015-01-13 19:06 - 2008-04-14 00:16 - 00019200 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\wstcodec.sys
2015-01-13 19:06 - 2008-04-14 00:16 - 00019200 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\WSTCODEC.SYS
2015-01-13 19:06 - 2008-04-14 00:16 - 00017024 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\ccdecode.sys
2015-01-13 19:06 - 2008-04-14 00:16 - 00017024 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\CCDECODE.sys
2015-01-13 19:06 - 2008-04-14 00:16 - 00015232 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\streamip.sys
2015-01-13 19:06 - 2008-04-14 00:16 - 00015232 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\StreamIP.sys
2015-01-13 19:06 - 2008-04-14 00:16 - 00011136 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\slip.sys
2015-01-13 19:06 - 2008-04-14 00:16 - 00011136 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\SLIP.sys
2015-01-13 19:06 - 2008-04-14 00:16 - 00010880 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\ndisip.sys
2015-01-13 19:06 - 2008-04-14 00:16 - 00010880 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\NdisIP.sys
2015-01-13 19:06 - 2008-04-14 00:09 - 00005504 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\mstee.sys
2015-01-13 19:06 - 2008-04-14 00:09 - 00005504 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\MSTEE.sys
2015-01-13 19:05 - 2015-01-13 19:05 - 00000000 ____D () C:\WINDOWS\OvtCam
2015-01-13 19:05 - 2008-04-14 05:42 - 00091136 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\kswdmcap.ax
2015-01-13 19:05 - 2008-04-14 05:42 - 00091136 _____ (Microsoft Corporation) C:\WINDOWS\system32\kswdmcap.ax
2015-01-13 19:05 - 2008-04-14 05:42 - 00061952 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\kstvtune.ax
2015-01-13 19:05 - 2008-04-14 05:42 - 00061952 _____ (Microsoft Corporation) C:\WINDOWS\system32\kstvtune.ax
2015-01-13 19:05 - 2008-04-14 05:42 - 00053760 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\vfwwdm32.dll
2015-01-13 19:05 - 2008-04-14 05:42 - 00053760 _____ (Microsoft Corporation) C:\WINDOWS\system32\vfwwdm32.dll
2015-01-13 19:05 - 2008-04-14 05:42 - 00043008 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\ksxbar.ax
2015-01-13 19:05 - 2008-04-14 05:42 - 00043008 _____ (Microsoft Corporation) C:\WINDOWS\system32\ksxbar.ax
2015-01-13 19:05 - 2008-04-14 05:42 - 00028672 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\vidcap.ax
2015-01-13 19:05 - 2008-04-14 05:42 - 00028672 _____ (Microsoft Corporation) C:\WINDOWS\system32\vidcap.ax
2015-01-13 13:17 - 2015-01-22 16:37 - 00000000 ____D () C:\Documents and Settings\Russ Baker\Local Settings\Application Data\LogMeInIgnition
2015-01-05 14:55 - 2015-01-06 14:46 - 00001243 _____ () C:\AVANTA.CSV
2015-01-05 13:14 - 2015-01-14 11:32 - 00000000 ____D () C:\Documents and Settings\Russ Baker\Desktop\World Gym
2015-01-05 11:41 - 2015-01-05 20:05 - 00000000 ____D () C:\Documents and Settings\Russ Baker\Local Settings\Application Data\LogMeIn Rescue Applet
2015-01-05 09:53 - 2015-01-05 09:53 - 00000000 ____D () C:\WINDOWS\pss
2015-01-03 15:59 - 2015-01-03 16:09 - 00000000 ____D () C:\Program Files\RegistryNuke 2014
2015-01-03 15:59 - 2015-01-03 15:59 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\RegistryNuke 2014
2015-01-03 05:30 - 2015-01-03 05:30 - 00065536 _____ () C:\WINDOWS\Minidump\Mini010315-01.dmp
2014-12-29 03:36 - 2014-12-31 09:00 - 00000000 ____D () C:\Documents and Settings\Russ Baker\Application Data\Seiwriex
2014-12-27 17:53 - 2015-01-14 15:53 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\Google Drive
2014-12-27 03:24 - 2014-12-31 07:53 - 00000000 ____D () C:\Documents and Settings\Russ Baker\Application Data\Gaoroxy
2014-12-25 13:17 - 2014-12-25 13:17 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\QuickTime
2014-12-25 13:15 - 2014-12-25 13:15 - 00001542 _____ () C:\Documents and Settings\All Users\Desktop\iTunes.lnk
2014-12-25 13:15 - 2014-12-25 13:15 - 00000000 ____D () C:\Program Files\iTunes
2014-12-25 13:15 - 2014-12-25 13:15 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\iTunes
2014-12-25 13:15 - 2014-12-25 13:15 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\B0FFCDD9-5261-4e59-B29A-17A4FABDEBAB
2014-12-25 11:00 - 2014-12-25 11:00 - 00000000 ____D () C:\Documents and Settings\Russ Baker\Local Settings\Application Data\TeamViewer
 
==================== One Month Modified Files and Folders =======
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2015-01-24 15:20 - 2014-04-03 06:28 - 00000000 ____D () C:\Documents and Settings\Russ Baker\Local Settings\Temp
2015-01-24 14:51 - 2014-04-02 22:16 - 01146707 _____ () C:\WINDOWS\WindowsUpdate.log
2015-01-24 14:47 - 2014-08-08 07:56 - 00000830 _____ () C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
2015-01-24 14:45 - 2014-04-04 10:39 - 00000000 ____D () C:\Program Files\MozBackup
2015-01-24 14:44 - 2014-12-21 12:35 - 00000000 ____D () C:\FreeOCR
2015-01-24 14:44 - 2014-12-18 16:25 - 00000000 ____D () C:\Program Files\Runtime Software
2015-01-24 14:44 - 2014-04-04 08:18 - 00000000 ____D () C:\Program Files\epson
2015-01-24 14:43 - 2014-04-03 10:08 - 00000000 ____D () C:\Program Files\Google
2015-01-24 14:43 - 2014-04-03 10:01 - 00000000 ___HD () C:\Program Files\InstallShield Installation Information
2015-01-24 14:38 - 2014-04-03 10:08 - 00000886 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2015-01-24 13:19 - 2014-04-02 22:13 - 00000000 ____D () C:\WINDOWS\Registration
2015-01-24 13:15 - 2014-12-22 12:59 - 00000000 ____D () C:\Documents and Settings\Russ Baker\Application Data\Dropbox
2015-01-24 13:14 - 2014-04-02 15:06 - 00657502 _____ () C:\WINDOWS\system32\PerfStringBackup.INI
2015-01-24 13:11 - 2008-04-14 05:00 - 00002206 _____ () C:\WINDOWS\system32\wpa.dbl
2015-01-24 13:09 - 2014-04-02 22:20 - 00000000 ____D () C:\Documents and Settings\NetworkService\Local Settings\Temp
2015-01-24 13:09 - 2014-04-02 15:10 - 00000157 _____ () C:\WINDOWS\wiadebug.log
2015-01-24 13:09 - 2014-04-02 15:10 - 00000000 _____ () C:\WINDOWS\wiaservc.log
2015-01-24 13:08 - 2014-04-03 10:08 - 00000882 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2015-01-24 13:08 - 2011-09-06 20:43 - 00000006 ____H () C:\WINDOWS\Tasks\SA.DAT
2015-01-24 13:07 - 2014-09-08 18:42 - 02117143 _____ () C:\Documents and Settings\Russ Baker\Desktop\AA_v35.log
2015-01-24 13:07 - 2014-04-03 06:28 - 00000178 ___SH () C:\Documents and Settings\Russ Baker\ntuser.ini
2015-01-24 13:07 - 2014-04-03 06:28 - 00000000 ____D () C:\Documents and Settings\Russ Baker
2015-01-24 13:07 - 2014-04-03 06:26 - 00032018 _____ () C:\WINDOWS\SchedLgU.Txt
2015-01-24 13:05 - 2014-10-13 06:49 - 00000000 ____D () C:\Program Files\Bitdefender
2015-01-24 12:55 - 2014-04-04 13:50 - 00000000 ____D () C:\Documents and Settings\Russ Baker\Local Settings\Application Data\Adobe
2015-01-24 12:26 - 2014-10-25 09:14 - 00114904 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2015-01-24 12:17 - 2014-10-25 14:20 - 00523986 _____ () C:\Documents and Settings\Russ Baker\Local Settings\Application Data\census.cache
2015-01-24 12:16 - 2014-10-25 14:20 - 00200385 _____ () C:\Documents and Settings\Russ Baker\Local Settings\Application Data\ars.cache
2015-01-24 11:56 - 2014-04-07 20:06 - 00000000 ____D () C:\Documents and Settings\Russ Baker\Application Data\QuickScan
2015-01-24 11:16 - 2014-10-13 06:38 - 01368006 _____ () C:\Documents and Settings\LocalService\Local Settings\Application Data\WPFFontCache_v0400-S-1-5-18-0.dat
2015-01-24 11:16 - 2014-04-08 08:56 - 00456518 _____ () C:\Documents and Settings\LocalService\Local Settings\Application Data\WPFFontCache_v0400-System.dat
2015-01-24 10:32 - 2014-04-03 06:38 - 00049664 _____ () C:\Documents and Settings\Russ Baker\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2015-01-24 07:51 - 2014-05-20 02:02 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2834904-v2_WM11$
2015-01-24 07:50 - 2014-04-04 20:24 - 00000000 ____D () C:\WINDOWS\system32\NtmsData
2015-01-24 02:00 - 2014-08-20 18:06 - 00000352 _____ () C:\WINDOWS\Tasks\AdobeAAMUpdater-1.0-RUSS-Russ Baker.job
2015-01-24 02:00 - 2014-04-25 14:53 - 00000496 _____ () C:\WINDOWS\Tasks\fba_PM Source.job
2015-01-23 20:39 - 2014-12-09 07:40 - 00272296 _____ (Oracle Corporation) C:\WINDOWS\system32\javaws.exe
2015-01-23 20:39 - 2014-12-09 07:40 - 00146432 _____ (Oracle Corporation) C:\WINDOWS\system32\javacpl.cpl
2015-01-23 20:37 - 2014-04-04 08:18 - 00000000 ____D () C:\Program Files\Java
2015-01-23 20:11 - 2014-04-03 11:06 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2723135-v2$
2015-01-22 20:32 - 2011-09-06 21:27 - 00001873 _____ () C:\Documents and Settings\All Users\Desktop\Google Chrome.lnk
2015-01-22 19:20 - 2014-04-04 08:26 - 00000000 ____D () C:\Documents and Settings\Russ Baker\Desktop\Images2
2015-01-22 17:17 - 2014-04-04 12:38 - 00000000 ____D () C:\Program Files\TeamViewer
2015-01-22 17:15 - 2014-04-08 08:56 - 02852846 _____ () C:\Documents and Settings\LocalService\Local Settings\Application Data\WPFFontCache_v0400-S-1-5-21-1417001333-823518204-2147118731-1003-0.dat
2015-01-22 17:08 - 2014-04-04 08:25 - 00000000 ____D () C:\Documents and Settings\Russ Baker\Application Data\Nero
2015-01-22 17:06 - 2014-04-04 08:19 - 00000000 ____D () C:\vers7
2015-01-22 17:05 - 2014-04-04 08:09 - 00000000 ____D () C:\CLP52
2015-01-22 14:30 - 2014-04-04 08:49 - 00000000 ____D () C:\Documents and Settings\Russ Baker\My Documents\NeroVideo
2015-01-22 14:21 - 2014-04-24 16:07 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\Package Cache
2015-01-22 14:05 - 2014-04-04 08:17 - 00000000 ____D () C:\Program Files\Common Files\Nero
2015-01-22 14:05 - 2014-04-04 08:11 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\Nero
2015-01-22 12:51 - 2014-09-22 13:32 - 00187664 _____ () C:\WINDOWS\setupapi.log
2015-01-22 12:21 - 2014-04-02 14:59 - 00000000 ____D () C:\WINDOWS\Cursors
2015-01-22 12:03 - 2014-04-02 22:15 - 00000000 ____D () C:\WINDOWS\system32\DirectX
2015-01-22 10:45 - 2014-04-04 08:26 - 00000000 ____D () C:\Documents and Settings\Russ Baker\Application Data\uTorrent
2015-01-20 20:20 - 2014-10-11 11:34 - 00000000 ____D () C:\Program Files\IPCam ActiveX
2015-01-20 16:58 - 2014-04-02 22:20 - 00000000 __SHD () C:\Documents and Settings\NetworkService
2015-01-20 16:45 - 2014-09-27 17:21 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\Freemake
2015-01-20 16:41 - 2014-04-02 15:06 - 01118638 _____ () C:\WINDOWS\iis6.log
2015-01-20 16:41 - 2014-04-02 15:06 - 00993265 _____ () C:\WINDOWS\FaxSetup.log
2015-01-20 16:41 - 2014-04-02 15:06 - 00493726 _____ () C:\WINDOWS\ocgen.log
2015-01-20 16:41 - 2014-04-02 15:06 - 00461898 _____ () C:\WINDOWS\tsoc.log
2015-01-20 16:41 - 2014-04-02 15:06 - 00309518 _____ () C:\WINDOWS\msmqinst.log
2015-01-20 16:41 - 2014-04-02 15:06 - 00207401 _____ () C:\WINDOWS\ntdtcsetup.log
2015-01-20 16:41 - 2014-04-02 15:06 - 00174982 _____ () C:\WINDOWS\netfxocm.log
2015-01-20 16:41 - 2014-04-02 15:06 - 00069419 _____ () C:\WINDOWS\MedCtrOC.log
2015-01-20 16:41 - 2014-04-02 15:06 - 00061191 _____ () C:\WINDOWS\comsetup.log
2015-01-20 16:41 - 2014-04-02 15:06 - 00055881 _____ () C:\WINDOWS\ocmsn.log
2015-01-20 16:41 - 2014-04-02 15:06 - 00050390 _____ () C:\WINDOWS\tabletoc.log
2015-01-20 16:41 - 2014-04-02 15:06 - 00050261 _____ () C:\WINDOWS\msgsocm.log
2015-01-20 16:41 - 2014-04-02 15:06 - 00001374 _____ () C:\WINDOWS\imsins.log
2015-01-20 12:45 - 2014-04-04 08:13 - 00000000 ____D () C:\MEW
2015-01-20 12:31 - 2014-04-04 20:33 - 00000284 _____ () C:\WINDOWS\Tasks\AppleSoftwareUpdate.job
2015-01-20 10:10 - 2014-04-04 08:13 - 00000000 ____D () C:\ICREQ
2015-01-20 09:03 - 2014-04-05 10:54 - 00000000 ____D () C:\Documents and Settings\Russ Baker\Application Data\tiger-k
2015-01-19 21:55 - 2014-04-04 08:26 - 00000000 ____D () C:\Documents and Settings\Russ Baker\Desktop\boat cover
2015-01-19 19:30 - 2014-04-04 08:08 - 00000000 ____D () C:\adsverw
2015-01-19 18:18 - 2014-04-04 13:52 - 00002315 _____ () C:\Documents and Settings\All Users\Start Menu\Programs\Adobe Reader XI.lnk
2015-01-18 03:00 - 2014-04-02 15:06 - 00001374 _____ () C:\WINDOWS\imsins.BAK
2015-01-18 01:49 - 2014-04-06 02:13 - 00000384 ____H () C:\WINDOWS\Tasks\Microsoft Antimalware Scheduled Scan.job
2015-01-17 13:20 - 2014-05-12 14:41 - 00000000 ____D () C:\Documents and Settings\Russ Baker\Desktop\BMF Invoices
2015-01-17 11:47 - 2014-04-03 11:48 - 00000000 ____D () C:\Program Files\Mozilla Maintenance Service
2015-01-15 19:23 - 2014-04-10 12:03 - 00013891 _____ () C:\ads_err.dbf
2015-01-15 13:15 - 2014-04-18 10:40 - 00007896 _____ () C:\ADSVERWP.PRM
2015-01-14 10:54 - 2014-04-05 09:54 - 00000000 ____D () C:\Documents and Settings\Russ Baker\My Documents\eFax Messenger 4.4
2015-01-14 07:45 - 2014-04-03 10:46 - 00000000 ____D () C:\WINDOWS\system32\MRT
2015-01-14 03:01 - 2014-04-03 10:46 - 110348472 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2015-01-13 21:11 - 2014-04-02 22:13 - 00000095 _____ () C:\WINDOWS\vbaddin.ini
2015-01-13 21:06 - 2014-04-02 22:13 - 00000000 ____D () C:\Program Files\ComPlus Applications
2015-01-13 21:02 - 2014-10-30 17:29 - 00000000 ____D () C:\Program Files\Web Publish
2015-01-13 21:02 - 2014-05-15 02:01 - 00000000 ____D () C:\Program Files\Common Files\DESIGNER
2015-01-13 21:02 - 2014-04-04 08:18 - 00000000 ____D () C:\Program Files\Microsoft Visual Studio
2015-01-13 21:02 - 2014-04-02 22:13 - 00001309 _____ () C:\WINDOWS\vb.ini
2015-01-13 21:02 - 2014-04-02 15:06 - 00004161 _____ () C:\WINDOWS\ODBCINST.INI
2015-01-13 21:02 - 2014-04-02 15:06 - 00000000 ____D () C:\Program Files\Common Files\Microsoft Shared
2015-01-13 21:02 - 2014-04-02 14:59 - 00000000 ____D () C:\WINDOWS\Help
2015-01-13 19:07 - 2014-04-16 15:36 - 00000000 ____D () C:\WINDOWS\Downloaded Installations
2015-01-13 19:05 - 2014-04-02 14:59 - 00000000 ____D () C:\WINDOWS\twain_32
2015-01-13 13:33 - 2014-05-09 11:02 - 00000734 _____ () C:\out.txt
2015-01-13 13:17 - 2014-04-07 15:51 - 00000000 ____D () C:\Documents and Settings\Russ Baker\Local Settings\Application Data\LogMeIn Client
2015-01-12 16:26 - 2014-09-26 15:37 - 00004950 _____ () C:\Documents and Settings\Russ Baker\Desktop\fdr.txt
2015-01-05 09:54 - 2014-12-10 19:05 - 00000000 ____D () C:\WINDOWS\FrameworkUpdate
2015-01-03 16:10 - 2014-05-22 11:07 - 00000000 ____D () C:\ADS
2015-01-03 16:10 - 2014-04-04 08:08 - 00000000 ____D () C:\adsver
2015-01-03 11:18 - 2014-04-04 08:25 - 00000000 ____D () C:\Documents and Settings\Russ Baker\Application Data\FileZilla
2015-01-03 05:30 - 2014-04-04 19:54 - 00000000 ____D () C:\WINDOWS\Minidump
2015-01-02 17:16 - 2014-12-02 12:20 - 00000000 ____D () C:\Documents and Settings\Russ Baker\Desktop\Rainbow City
2014-12-31 07:53 - 2014-12-23 02:58 - 00000000 ____D () C:\Documents and Settings\Russ Baker\Application Data\Ulwyze
2014-12-27 18:20 - 2014-04-04 08:20 - 00000000 ____D () C:\WINDOWS\Microsoft.NET
2014-12-27 17:53 - 2014-04-03 10:08 - 00000000 ____D () C:\Documents and Settings\Russ Baker\Local Settings\Application Data\Google
2014-12-27 12:53 - 2013-02-18 17:44 - 00001916 ____H () C:\Documents and Settings\Russ Baker\My Documents\Default.rdp
2014-12-25 13:17 - 2014-04-04 08:19 - 00000000 ____D () C:\Program Files\QuickTime
2014-12-25 13:15 - 2014-04-04 08:18 - 00000000 ____D () C:\Program Files\iPod
2014-12-25 13:15 - 2014-04-04 08:17 - 00000000 ____D () C:\Program Files\Common Files\Apple
2014-12-25 13:14 - 2014-09-17 13:26 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\188F1432-103A-4ffb-80F1-36B633C5C9E1
2014-12-25 12:40 - 2014-04-02 22:14 - 00000000 ____D () C:\WINDOWS\system32\Restore
2014-12-25 10:12 - 2014-04-03 10:09 - 00001324 _____ () C:\WINDOWS\system32\d3d9caps.dat
 
==================== Files in the root of some directories =======
 
2014-04-19 09:37 - 2014-04-19 09:55 - 0000040 _____ () C:\Documents and Settings\Russ Baker\Application Data\cdr.ini
2014-12-10 19:05 - 2014-12-10 19:05 - 0000480 ____H () C:\Documents and Settings\Russ Baker\Application Data\麽鎒駓覜
2014-10-25 14:20 - 2015-01-24 12:16 - 0200385 _____ () C:\Documents and Settings\Russ Baker\Local Settings\Application Data\ars.cache
2014-10-25 14:20 - 2015-01-24 12:17 - 0523986 _____ () C:\Documents and Settings\Russ Baker\Local Settings\Application Data\census.cache
2014-04-03 06:38 - 2015-01-24 10:32 - 0049664 _____ () C:\Documents and Settings\Russ Baker\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2014-04-04 09:35 - 2014-04-04 09:50 - 0007486 _____ () C:\Documents and Settings\Russ Baker\Local Settings\Application Data\FASTWiz.html
2014-04-04 07:41 - 2014-04-04 09:32 - 0673529 _____ () C:\Documents and Settings\Russ Baker\Local Settings\Application Data\FASTWiz.log
2014-10-25 14:00 - 2014-10-25 14:00 - 0000036 _____ () C:\Documents and Settings\Russ Baker\Local Settings\Application Data\housecall.guid.cache
2015-01-24 12:06 - 2015-01-24 12:06 - 0000010 _____ () C:\Documents and Settings\Russ Baker\Local Settings\Application Data\sponge.last.runtime.cache
 
Files to move or delete:
====================
C:\Documents and Settings\LocalService\NTUSER(1).DAT
C:\Documents and Settings\NetworkService\NTUSER(1).DAT
C:\Documents and Settings\Russ Baker\NTUSER(1).DAT
 
 
Some content of TEMP:
====================
C:\Documents and Settings\Russ Baker\Local Settings\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpvqocrz.dll
C:\Documents and Settings\Russ Baker\Local Settings\Temp\FreemakeVideoConverterFull.exe
C:\Documents and Settings\Russ Baker\Local Settings\Temp\jre-7u71-windows-i586-iftw.exe
C:\Documents and Settings\Russ Baker\Local Settings\Temp\jre-8u31-windows-au.exe
C:\Documents and Settings\Russ Baker\Local Settings\Temp\Quarantine.exe
C:\Documents and Settings\Russ Baker\Local Settings\Temp\sqlite3.dll
 
 
==================== Bamital & volsnap Check =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed
 
==================== End Of Log ============================
 


BC AdBot (Login to Remove)

 


#2 Machiavelli

Machiavelli

    Agent 007


  • Malware Response Instructor
  • 4,088 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:08:51 PM

Posted 25 January 2015 - 02:16 PM

Hello and Welcome on board ,

my Name is Machiavelli and I will assist you with your problem.
If you booted into safe mode on your computer then print my instructions!
I'm in the 'Malware Staff Team' and will provide you with advice:

To remove Malware on a computer can be very complicated. Malware (malicious software) is able to hide and so I may not be able to find it so easily. In order to remove Malware from you Computer, you need to follow my instructions carefully. Don't be worried if you don't know what to do. just ask me! Please stay in contact with me until the problem is fixed.

Below are a few tips:
  • Removing Malware is usually very difficult.
    We need to search and analyse a lot of files. As this is done in our free time, please be patient especially if I don't answer every day!
  • Please follow these instructions
    If you don't follow the instructions your computer may crash. If you fix your PC by yourself, this can be very risky!
  • Please stay in contact with me until your problem is resolved
    As Malware may not be totally removed in one session or in one day, please stay in contact with me until the problem is resolved.
  • Please don't run any other tools without consulting with me as this can complicate finding and removing all Malware
    Don't run any tools while I'm fixing your PC. That is counter productive and again, will only complicate finding and removing all Malware!
  • Read my post completely
    If you don't do so, you may make mistakes that could result in your System crashing by your own actions!
  • My Help is completely free of charge!
    Just if you like to donate me some money you can do it and I'd appreciate it. :)
 

What's with the Addition Log? :)

~Machiavelli

If I don't reply within 24 hours please PM me!

  • Every topic with no replies within 5 days will be closed.
  • If you like my help here please give me feedback.

unite_blue.png
 
 


#3 bzncrew

bzncrew
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:06:51 PM

Posted 25 January 2015 - 02:20 PM

Additional scan result of Farbar Recovery Scan Tool (x86) Version: 24-01-2015 01
Ran by Russ Baker at 2015-01-24 08:27:17
Running from Z:\DOWNLOADS
Boot Mode: Normal
==========================================================
 
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
AV: Bitdefender Antivirus Free Edition (Disabled - Up to date) {9488E0FA-F058-4673-850E-E755F112BABC}
 
==================== Installed Programs ======================
 
(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
 Leawo Blu-ray Creator version  5.1.0.0 (HKLM\...\{F73E2159-E3DA-4B2F-BFE7-63D57141F5D0}_is1) (Version: 5.1.0.0 - Leawo Software Co., Ltd.)
µTorrent (HKU\S-1-5-21-1417001333-823518204-2147118731-1003\...\uTorrent) (Version: 3.4.2.37754 - BitTorrent Inc.)
7-Zip 9.20 (HKLM\...\7-Zip) (Version:  - )
Adobe AIR (HKLM\...\Adobe AIR) (Version: 1.1.0.5790 - Adobe Systems Inc.)
Adobe Creative Suite 4 Design Premium (HKLM\...\Adobe_55230b0b70661df0f212e88f0b655f7) (Version: 4.0 - Adobe Systems Incorporated)
Adobe Flash Player 10 Plugin (HKLM\...\{03DEEAD2-F3B7-45BF-9006-A25D015F00D2}) (Version: 10.0.2.54 - Adobe Systems, Inc.)
Adobe Flash Player 15 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 15.0.0.223 - Adobe Systems Incorporated)
Adobe Media Player (HKLM\...\com.adobe.amp.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1) (Version: 1.1 - Adobe Systems Incorporated)
Adobe Photoshop Elements 12 (HKLM\...\Adobe Photoshop Elements 12) (Version: 12.0 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.08) (HKLM\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.08 - Adobe Systems Incorporated)
Advantage Client Engine SDK v9.10 (HKLM\...\{4F689922-2A1E-4C21-BF2B-610DA3E30F2F}) (Version: 9.10.0035 - iAnywhere, Inc.)
Advantage Data Architect v8.1 (HKLM\...\{67400809-E887-4A9E-BD97-95D473DE707B}) (Version: 8.10.0038 - Extended Systems, Inc.)
Advantage Database Server for Windows NT/2000/2003 v8.1 (USA) (HKLM\...\{5767A718-DB8E-4AFD-8895-B8EB655A420F}) (Version: 8.10.0006 - Extended Systems, Inc.)
Apple Application Support (HKLM\...\{83CAF0DE-8D3B-4C37-A631-2B8F16EC3031}) (Version: 3.1 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{235EBB33-3DA1-46DF-AADE-9955123409CB}) (Version: 8.0.5.6 - Apple Inc.)
Apple Software Update (HKLM\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
Arduino (HKLM\...\Arduino) (Version: 1.0.5-r2 - Arduino LLC)
Atheros Communications Inc.® L1 Gigabit Ethernet Driver (HKLM\...\{6E19F210-3813-4002-B561-94D66AA182B6}) (Version: 1.0.11.1 - Atheros Communications Inc.)
Auction Sentry (HKLM\...\{730AF0A6-E338-4B79-B926-95B8B41256A5}) (Version: 4.1.15 - Auction Sentry)
Banner Design Studio v5.1 (HKLM\...\Banner Design Studio v5.1) (Version: 5.1 - BannerDesignStudio)
Belarc Advisor 8.2 (HKLM\...\Belarc Advisor) (Version: 8.2.6.0 - Belarc Inc.)
Bitdefender Antivirus Free Edition (HKLM\...\BitDefender Gonzales) (Version: 1.0.21.1099 - Bitdefender)
Blue Iris 3 (HKLM\...\InstallShield_{5923C82E-6BB6-4186-AF14-3066D1F29323}) (Version: 3.63.01 - Perspective Software)
Blue Iris 3 (Version: 3.63.01 - Perspective Software) Hidden
Blue Iris ActiveX Control (HKLM\...\InstallShield_{7106E079-28CA-4FEC-A083-6577EB674526}) (Version: 3.0.0.9 - Perspective Software)
Blue Iris ActiveX Control (Version: 3.0.0.9 - Perspective Software) Hidden
Bonjour (HKLM\...\{79155F2B-9895-49D7-8612-D92580E0DE5B}) (Version: 3.0.0.10 - Apple Inc.)
Box Sync (Version: 4.0.5841.0 - Box Inc.) Hidden
Calibration Update Wizard (HKLM\...\{5A03CEC0-8805-11D4-ADFB-00000EFB3A77}) (Version: 8.17.1 - Toyota Diagnostics)
Carbonite (HKLM\...\Carbonite Backup) (Version: 5.7.1 build 4562 (Dec-02-2014) - Carbonite)
Chrome Remote Desktop Host (HKLM\...\{6FC79C95-F54F-4515-8012-01F33D894492}) (Version: 40.0.2214.44 - Google Inc.)
Citrix Online Launcher (HKLM\...\{A08A6B7D-1F21-4843-85A3-77B8D15FAE0E}) (Version: 1.0.244 - Citrix)
CloneCD (HKLM\...\CloneCD) (Version:  - SlySoft)
Colasoft Ping Tool 1.2 (HKLM\...\Colasoft Ping Tool 1.2_is1) (Version: 1.1 - Colasoft LLC.)
Connect (Version: 1.0.0.1 - Adobe Systems Incorporated) Hidden
CP2101 USB to UART Bridge Controller (HKLM\...\SLABCOMM) (Version:  - )
CP210x Software Development Kit (HKLM\...\CP210x Software Development Kit) (Version: 1.11.0.0 - Silicon Labs)
cURL (HKLM\...\{BB4D7CD0-F8A7-41C8-80B6-D1834B939661}) (Version: 7.38.0 - Confused by Code)
DeviceViewer v2.3.6.0 (HKLM\...\DeviceViewer_is1) (Version: 2.3.6.0 - )
Diagram Designer (HKLM\...\{61B4AE85-5908-43EC-84B2-8C735917448D}) (Version: 1.27.1 - MeeSoft)
DJI driver version 2.02 (HKLM\...\{EDFDE5EE-84C7-4936-804C-6563943E5754}_is1) (Version: 2.02 - DJI)
DJI NAZAM Assistant version 2.20 (HKLM\...\{407BF034-D1D3-4397-8887-72FE329100D8}_is1) (Version: 2.20 - DJI)
DriveImage XML (Private Edition) (HKLM\...\{F7E1CA14-B39D-452A-960B-39423DDDD933}) (Version: 2.50.000 - Runtime Software)
Dropbox (HKU\S-1-5-21-1417001333-823518204-2147118731-1003\...\Dropbox) (Version: 3.0.4 - Dropbox, Inc.)
EaseUS Data Recovery Wizard 8.6 (HKLM\...\EaseUS Data Recovery Wizard 8.6_is1) (Version:  - EaseUS)
EaseUS Partition Master 10.0 (HKLM\...\EaseUS Partition Master_is1) (Version:  - EaseUS)
EaseUS Todo Backup Free 6.5 (HKLM\...\EaseUS Todo Backup Free 6.5_is1) (Version: 6.5 - CHENGDU YIWO Tech Development Co., Ltd)
eFax Messenger (HKLM\...\{DF6DA606-904D-4C18-823F-A4CFC3035E53}) (Version: 4.4.2.533 - j2 Global)
Elements 12 Organizer (Version: 12.0 - Adobe Systems Incorporated) Hidden
Epson Connect (HKLM\...\{64BA551C-9AF6-495C-93F3-D1270E0045FC}) (Version:  - )
Epson Customer Participation (HKLM\...\{814FA673-A085-403C-9545-747FC1495069}) (Version: 1.0.0.0 - SEIKO EPSON CORPORATION)
Epson Event Manager (HKLM\...\{8ED43F7E-A8F6-4898-AF11-B6158F2EDF94}) (Version: 2.50.0000 - SEIKO EPSON CORPORATION)
Epson FAX Utility (HKLM\...\{0CBE6C93-CB2E-4378-91EE-12BE6D4E2E4A}) (Version: 1.20.00 - SEIKO EPSON CORPORATION)
Epson PC-FAX Driver (HKLM\...\EPSON PC-FAX Driver 2) (Version:  - )
EPSON Scan (HKLM\...\EPSON Scanner) (Version:  - Seiko Epson Corporation)
EPSON WP-4530 Series Printer Uninstall (HKLM\...\EPSON WP-4530 Series) (Version:  - SEIKO EPSON Corporation)
EpsonNet Print (HKLM\...\{3E31400D-274E-4647-916C-2CACC3741799}) (Version: 2.4j - SEIKO EPSON CORPORATION)
Express Zip (HKLM\...\ExpressZip) (Version: 2.28 - NCH Software)
FBackup 5 (Version: 5.0.414 - Softland) Hidden
FBackup 5.0 (HKLM\...\{b0384691-180a-43df-89ec-3aab4e67858a}) (Version: 5.0.414.0 - Softland)
FileZilla Client 3.8.0 (HKLM\...\FileZilla Client) (Version: 3.8.0 - Tim Kosse)
FlacSquisher 1.2.1 (HKLM\...\FlacSquisher) (Version: 1.2.1 - FlacSquisher)
Free Video Compressor (HKLM\...\{01554C33-4131-4BC7-9E6D-AF85E02BDF4F}_is1) (Version:  - freevideocompressor.com)
Freemake Video Converter version 4.1.5 (HKLM\...\Freemake Video Converter_is1) (Version: 4.1.5 - Ellora Assets Corporation)
FreeOCR v5.0 (HKLM\...\freeocr_is1) (Version:  - )
Google Chrome (HKLM\...\Google Chrome) (Version: 40.0.2214.91 - Google Inc.)
Google Drive (HKLM\...\{240D2B48-E06E-446F-A806-01CF36882EB7}) (Version: 1.19.8268.4572 - Google, Inc.)
Google Earth (HKLM\...\{4D2A6330-2F8B-11E3-9C40-B8AC6F97B88E}) (Version: 7.1.2.2041 - Google)
Google Update Helper (Version: 1.3.25.11 - Google Inc.) Hidden
GoPro Studio 2.0.1 (HKLM\...\GoPro Studio) (Version: 2.0.1 - WoodmanLabs Inc. d.b.a. GoPro)
HandBrake 0.9.9.1 (HKLM\...\HandBrake) (Version: 0.9.9.1 - )
ICVERIFY for Windows 4.2.0 (HKLM\...\{C177DBBF-E6E7-4EF5-813A-CCD24267ACAA}) (Version: 4.2.0.0 - FDMS)
ICVERIFY for Windows SDK (HKLM\...\{4B069D9F-C4B7-11D6-86EB-00B0D0D27DD0}) (Version:  - )
ICVERIFY User Manager (HKLM\...\{AA53316F-C568-4069-9EFC-CA3D39E418A6}) (Version: 1.0.8.0 - FDMS)
Image Resizer Powertoy Clone for Windows (HKLM\...\{F1B1BB41-2494-4FC2-BEF7-9C282B6815A8}) (Version: 2.0.0.0 - Brice Lambson)
ImgBurn (HKLM\...\ImgBurn) (Version: 2.5.0.0 - LIGHTNING UK!)
iTunes (HKLM\...\{5D928931-D1D2-4A93-A82D-BF60D0E7CFA5}) (Version: 12.0.1.26 - Apple Inc.)
Java 8 Update 31 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F83218031F0}) (Version: 8.0.310 - Oracle Corporation)
kuler (Version: 2.0 - Adobe Systems Incorporated) Hidden
Magical Jelly Bean KeyFinder (HKLM\...\KeyFinder_is1) (Version: 2.0.10.10 - Magical Jelly Bean)
Malwarebytes Anti-Malware version 2.0.4.1028 (HKLM\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.4.1028 - Malwarebytes Corporation)
Microsoft .NET Framework 2.0 Service Pack 2 (HKLM\...\{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}) (Version: 2.2.30729 - Microsoft Corporation)
Microsoft .NET Framework 3.0 Service Pack 2 (HKLM\...\{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}) (Version: 3.2.30729 - Microsoft Corporation)
Microsoft .NET Framework 4 Client Profile (HKLM\...\Microsoft .NET Framework 4 Client Profile) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft .NET Framework 4 Extended (HKLM\...\Microsoft .NET Framework 4 Extended) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft Compression Client Pack 1.0 for Windows XP (HKLM\...\MSCompPackV1) (Version: 1 - Microsoft Corporation)
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM\...\{90120000-0011-0000-0000-0000000FF1CE}_PROPLUS_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version:  - Microsoft)
Microsoft Office Professional Plus 2007 (HKLM\...\PROPLUS) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft SQL Server 2005 (HKLM\...\Microsoft SQL Server 2005) (Version:  - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft SQL Server Native Client (HKLM\...\{7670D32F-DAE6-4E49-8C8B-B3F08B5B1686}) (Version: 9.00.5000.00 - Microsoft Corporation)
Microsoft SQL Server Setup Support Files (English) (HKLM\...\{53F5C3EE-05ED-4830-994B-50B2F0D50FCE}) (Version: 9.00.5000.00 - Microsoft Corporation)
Microsoft SQL Server VSS Writer (HKLM\...\{E7084B89-69E0-46B3-A118-8F99D06988CD}) (Version: 9.00.5000.00 - Microsoft Corporation)
Microsoft User-Mode Driver Framework Feature Pack 1.0 (HKLM\...\Wudf01000) (Version:  - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual Studio 6.0 Enterprise Edition (HKLM\...\Visual Studio 6.0 Enterprise Edition) (Version:  - )
Microsoft Web Publishing Wizard 1.53 (HKLM\...\WebPost) (Version:  - )
Mini-VCI Driver for TOYOTA TIS (HKLM\...\{E3BB0FD0-D226-4616-AF0A-ED0C2946B221}) (Version: 2.0.1 - XHorse Electronics)
MozBackup 1.5.1 (HKLM\...\MozBackup) (Version:  - Pavel Cvrcek)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 24.5.0 - Mozilla)
Mozilla Thunderbird 31.4.0 (x86 en-US) (HKLM\...\Mozilla Thunderbird 31.4.0 (x86 en-US)) (Version: 31.4.0 - Mozilla)
MSXML 4.0 SP2 (KB954430) (HKLM\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (HKLM\...\{196467F1-C11F-4F76-858B-5812ADC83B94}) (Version: 4.30.2100.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (KB2758694) (HKLM\...\{1D95BA90-F4F8-47EC-A882-441C99D30C1E}) (Version: 4.30.2117.0 - Microsoft Corporation)
Nero 2015 (HKLM\...\{763EF8DC-4CC0-47CA-BE1C-BDE731462250}) (Version: 16.0.02900 - Nero AG)
Nero Info (HKLM\...\{B791E0AB-87A9-41A4-8D98-D13C2E37D928}) (Version: 16.0.1003 - Nero AG)
Notepad++ (HKLM\...\Notepad++) (Version: 6.5.5 - Notepad++ Team)
oPlayer (HKLM\...\{AA1B7F27-A49D-4D7F-9755-570AF5597160}) (Version: 1.0.30 - object)
PDF Settings CS4 (Version: 9.0 - Adobe Systems Incorporated) Hidden
PDFCreator (HKLM\...\{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}) (Version: 1.7.2 - pdfforge)
Photoshop Camera Raw (Version: 5.0 - Adobe Systems Incorporated) Hidden
Pinnacle Studio 15 (HKLM\...\{1362E602-9625-42D3-B57F-CDA9D26F9DA8}) (Version: 15.0.0.7593 - Pinnacle Systems)
Pinnacle Video Driver (HKLM\...\{6DE721A5-5E89-4D74-994C-652BB3C0672E}) (Version: 12.1.0.030 - Pinnacle Systems)
Pixel Bender Toolkit (Version: 1.0 - Adobe Systems Incorporated) Hidden
Pixillion Image Converter (HKLM\...\Pixillion) (Version: 2.73 - NCH Software)
PlayMemories Home (HKLM\...\{7EA1A4E8-A5CE-4626-87DC-6DEF99BAE931}) (Version: 3.1.11.04230 - Sony Corporation)
Power Management Video Capture (HKLM\...\{A4441BE3-B97C-4DF4-BC37-476D4EF4F7FC}) (Version: 1.0.0.0 - CDS)
Power Management Video Capture 6.0 (HKLM\...\{981C714B-46F0-4569-8DDC-8D979381147C}) (Version: 1.00.0000 - Custom Design Systems)
Prerequisite installer (Version: 16.0.0000 - Nero AG) Hidden
proDAD DeFishr 1.0 (HKLM\...\proDAD-DeFishr-1.0) (Version: 1.0.34.1 - proDAD GmbH)
proDAD ProDRENALIN 1.0 (HKLM\...\proDAD-ProDRENALIN-1.0) (Version: 1.0.22.1 - proDAD GmbH)
QuickTime 7 (HKLM\...\{3D2CBC2C-65D4-4463-87AB-BB2C859C1F3E}) (Version: 7.76.80.95 - Apple Inc.)
Realtek High Definition Audio Driver (HKLM\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 5.10.0.5397 - Realtek Semiconductor Corp.)
RegistryNuke 2014 version 2.1.6.80 (HKLM\...\{D9DF8D5A-2160-402B-819F-A5A964215528}_is1) (Version: 2.1.6.80 - RegistryNuke, Inc.)
Segoe UI (Version: 14.0.4327.805 - Microsoft Corp) Hidden
Silicon Laboratories CP210x VCP Drivers for Windows 2000 (HKLM\...\{F321AEF3-B5B2-48E5-B8EC-6E66BF5611C6}) (Version: 6.3a - Silicon Laboratories, Inc.)
Suite Shared Configuration CS4 (Version: 1.0 - Adobe Systems Incorporated) Hidden
TAudioConverter version 0.9.4 (HKLM\...\{35FC8349-C27B-4680-ABF1-88F7FE893586}_is1) (Version: 0.9.4 - ozok)
TeamViewer 10 (HKLM\...\TeamViewer) (Version: 10.0.36897 - TeamViewer)
Techstream Software (HKLM\...\{937CA58A-0212-431C-8F0B-0D8305225476}) (Version: 9.10.037 - DENSO CORPORATION)
Techstream Software (Version: 9.10.037 - DENSO CORPORATION) Hidden
Ubiquiti UniFi (remove only) (HKLM\...\Ubiquiti UniFi) (Version:  - )
UltraMon (HKLM\...\{537056B7-32A4-4408-9B54-0341963C7C9C}) (Version: 3.1.0 - Realtime Soft Ltd)
Update for 2007 Microsoft Office System (KB967642) (HKLM\...\{90120000-0011-0000-0000-0000000FF1CE}_PROPLUS_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version:  - Microsoft)
WavePad Sound Editor (HKLM\...\WavePad) (Version: 5.68 - NCH Software)
WebFldrs XP (Version: 9.50.7523 - Microsoft Corporation) Hidden
Windows Driver Package - ASIX (AX88178) Net  (11/24/2010 1.4.3.64) (HKLM\...\DF90277CD2363EFE1D748D8390DD55C23C15287A) (Version: 11/24/2010 1.4.3.64 - ASIX)
Windows Driver Package - ASIX (AX88179) Net  (05/24/2013 1.4.2.0) (HKLM\...\5288666BFDA285DE4DAB4F62E30791A91D666A68) (Version: 05/24/2013 1.4.2.0 - ASIX)
Windows Driver Package - ASIX (AX88772) Net  (08/13/2013 3.4.5.0) (HKLM\...\29C706C4C0F23372272C1C8E9BF736C6E2A1B0D1) (Version: 08/13/2013 3.4.5.0 - ASIX)
Windows Driver Package - FTDI CDM Driver Package - Bus/D2XX Driver (07/12/2013 2.08.30) (HKLM\...\22CCD58B53472BE3FCAFF05631111C4062959A43) (Version: 07/12/2013 2.08.30 - FTDI)
Windows Driver Package - FTDI CDM Driver Package - VCP Driver (07/12/2013 2.08.30) (HKLM\...\BD00013670D26C16E19F284BF8E15DAF813497C7) (Version: 07/12/2013 2.08.30 - FTDI)
Windows Driver Package - GoPro (WinUSB) Universal Serial Bus devices  (03/07/2012 ) (HKLM\...\0B624A43DD66DBF5CF3EDFA9741A364E688062A4) (Version: 03/07/2012  - GoPro)
Windows Driver Package - Silicon Laboratories (silabenm) Ports  (03/19/2014 6.7.0.0) (HKLM\...\B97004A400E30DCF940971EFA7A0C13C6B0A4B66) (Version: 03/19/2014 6.7.0.0 - Silicon Laboratories)
Windows Driver Package - Silicon Laboratories (silabenm) Ports  (12/10/2012 6.6.1.0) (HKLM\...\D680DEE0F68D64EC53D0C5769879D15D387054CC) (Version: 12/10/2012 6.6.1.0 - Silicon Laboratories)
Windows Feature Pack for Storage (32-bit) - IMAPI update for Blu-Ray (HKLM\...\KB952011) (Version: 1.0 - Microsoft Corporation)
Windows Genuine Advantage Notifications (KB905474) (HKLM\...\WgaNotify) (Version: 1.9.0040.0 - Microsoft Corporation)
Windows Genuine Advantage Validation Tool (KB892130) (HKLM\...\KB892130) (Version:  - Microsoft Corporation)
Windows Genuine Advantage Validation Tool (KB892130) (HKLM\...\WGA) (Version: 1.7.0069.2 - Microsoft Corporation)
Windows Internet Explorer 8 (HKLM\...\ie8) (Version: 20090308.140743 - Microsoft Corporation)
Windows Live Essentials (HKLM\...\WinLiveSuite_Wave3) (Version: 14.0.8117.0416 - Microsoft Corporation)
Windows Live Sign-in Assistant (HKLM\...\{45338B07-A236-4270-9A77-EBB4115517B5}) (Version: 5.000.818.5 - Microsoft Corporation)
Windows Live Sync (HKLM\...\{B10914FD-8812-47A4-85A1-50FCDE7F1F33}) (Version: 14.0.8117.416 - Microsoft Corporation)
Windows Live Upload Tool (HKLM\...\{205C6BDD-7B73-42DE-8505-9A093F35A238}) (Version: 14.0.8014.1029 - Microsoft Corporation)
Windows Media Format 11 runtime (HKLM\...\Windows Media Format Runtime) (Version:  - )
Windows Media Player 11 (HKLM\...\Windows Media Player) (Version:  - )
XHeader (HKLM\...\XHeader) (Version: 1.215 - Intellimon)
XviD MPEG-4 Video Codec (HKLM\...\xvid) (Version:  - XviD Development Team)
 
==================== Custom CLSID (selected items): ==========================
 
(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)
 
CustomCLSID: HKU\S-1-5-21-1417001333-823518204-2147118731-1003_Classes\CLSID\{0000002F-0000-0000-C000-000000000046}\InprocServer32 -> C:\WINDOWS\system32\oleaut32.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1417001333-823518204-2147118731-1003_Classes\CLSID\{00020420-0000-0000-C000-000000000046}\InprocServer32 -> C:\WINDOWS\system32\oleaut32.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1417001333-823518204-2147118731-1003_Classes\CLSID\{00020421-0000-0000-C000-000000000046}\InprocServer32 -> C:\WINDOWS\system32\oleaut32.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1417001333-823518204-2147118731-1003_Classes\CLSID\{00020422-0000-0000-C000-000000000046}\InprocServer32 -> C:\WINDOWS\system32\oleaut32.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1417001333-823518204-2147118731-1003_Classes\CLSID\{00020423-0000-0000-C000-000000000046}\InprocServer32 -> C:\WINDOWS\system32\oleaut32.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1417001333-823518204-2147118731-1003_Classes\CLSID\{00020424-0000-0000-C000-000000000046}\InprocServer32 -> C:\WINDOWS\system32\oleaut32.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1417001333-823518204-2147118731-1003_Classes\CLSID\{00020425-0000-0000-C000-000000000046}\InprocServer32 -> C:\WINDOWS\system32\oleaut32.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1417001333-823518204-2147118731-1003_Classes\CLSID\{0002E005-0000-0000-C000-000000000046}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-1417001333-823518204-2147118731-1003_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Documents and Settings\Russ Baker\Application Data\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1417001333-823518204-2147118731-1003_Classes\CLSID\{0713E8A2-850A-101B-AFC0-4210102A8DA7}\InprocServer32 -> C:\WINDOWS\system32\comctl32.ocx (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1417001333-823518204-2147118731-1003_Classes\CLSID\{0713E8A8-850A-101B-AFC0-4210102A8DA7}\InprocServer32 -> C:\WINDOWS\system32\comctl32.ocx (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1417001333-823518204-2147118731-1003_Classes\CLSID\{0713E8D2-850A-101B-AFC0-4210102A8DA7}\InprocServer32 -> C:\WINDOWS\system32\comctl32.ocx (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1417001333-823518204-2147118731-1003_Classes\CLSID\{0713E8D8-850A-101B-AFC0-4210102A8DA7}\InprocServer32 -> C:\WINDOWS\system32\comctl32.ocx (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1417001333-823518204-2147118731-1003_Classes\CLSID\{0BE35203-8F91-11CE-9DE3-00AA004BB851}\InprocServer32 -> C:\WINDOWS\system32\oleaut32.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1417001333-823518204-2147118731-1003_Classes\CLSID\{0BE35204-8F91-11CE-9DE3-00AA004BB851}\InprocServer32 -> C:\WINDOWS\system32\oleaut32.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1417001333-823518204-2147118731-1003_Classes\CLSID\{373FF7F0-EB8B-11CD-8820-08002B2F4F5A}\InprocServer32 -> C:\WINDOWS\system32\comctl32.ocx (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1417001333-823518204-2147118731-1003_Classes\CLSID\{373FF7F4-EB8B-11CD-8820-08002B2F4F5A}\InprocServer32 -> C:\WINDOWS\system32\comctl32.ocx (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1417001333-823518204-2147118731-1003_Classes\CLSID\{46763EE0-CAB2-11CE-8C20-00AA0051E5D4}\InprocServer32 -> C:\WINDOWS\system32\oleaut32.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1417001333-823518204-2147118731-1003_Classes\CLSID\{58DA8D8A-9D6A-101B-AFC0-4210102A8DA7}\InprocServer32 -> C:\WINDOWS\system32\comctl32.ocx (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1417001333-823518204-2147118731-1003_Classes\CLSID\{58DA8D8F-9D6A-101B-AFC0-4210102A8DA7}\InprocServer32 -> C:\WINDOWS\system32\comctl32.ocx (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1417001333-823518204-2147118731-1003_Classes\CLSID\{58DA8D93-9D6A-101B-AFC0-4210102A8DA7}\InprocServer32 -> C:\WINDOWS\system32\comctl32.ocx (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1417001333-823518204-2147118731-1003_Classes\CLSID\{58DA8D96-9D6A-101B-AFC0-4210102A8DA7}\InprocServer32 -> C:\WINDOWS\system32\comctl32.ocx (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1417001333-823518204-2147118731-1003_Classes\CLSID\{5ACBB955-5C57-11CF-8993-00AA00688B10}\InprocServer32 -> C:\WINDOWS\system32\comctl32.ocx (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1417001333-823518204-2147118731-1003_Classes\CLSID\{5ACBB956-5C57-11CF-8993-00AA00688B10}\InprocServer32 -> C:\WINDOWS\system32\comctl32.ocx (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1417001333-823518204-2147118731-1003_Classes\CLSID\{5ACBB957-5C57-11CF-8993-00AA00688B10}\InprocServer32 -> C:\WINDOWS\system32\comctl32.ocx (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1417001333-823518204-2147118731-1003_Classes\CLSID\{5ACBB958-5C57-11CF-8993-00AA00688B10}\InprocServer32 -> C:\WINDOWS\system32\comctl32.ocx (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1417001333-823518204-2147118731-1003_Classes\CLSID\{5B004CDE-0211-469C-B9B5-0552E7E63917}\InprocServer32 -> C:\Program Files\Pinnacle\Shared Files\Filter\MarvinAVRenderer.ax (Pinnacle Systems GmbH)
CustomCLSID: HKU\S-1-5-21-1417001333-823518204-2147118731-1003_Classes\CLSID\{6027C2D4-FB28-11CD-8820-08002B2F4F5A}\InprocServer32 -> C:\WINDOWS\system32\comctl32.ocx (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1417001333-823518204-2147118731-1003_Classes\CLSID\{612A8624-0FB3-11CE-8747-524153480004}\InprocServer32 -> C:\WINDOWS\system32\comctl32.ocx (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1417001333-823518204-2147118731-1003_Classes\CLSID\{612A8628-0FB3-11CE-8747-524153480004}\InprocServer32 -> C:\WINDOWS\system32\comctl32.ocx (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1417001333-823518204-2147118731-1003_Classes\CLSID\{62823C20-41A3-11CE-9E8B-0020AF039CA3}\InprocServer32 -> C:\WINDOWS\system32\comctl32.ocx (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1417001333-823518204-2147118731-1003_Classes\CLSID\{6B7E638F-850A-101B-AFC0-4210102A8DA7}\InprocServer32 -> C:\WINDOWS\system32\comctl32.ocx (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1417001333-823518204-2147118731-1003_Classes\CLSID\{6B7E6393-850A-101B-AFC0-4210102A8DA7}\InprocServer32 -> C:\WINDOWS\system32\comctl32.ocx (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1417001333-823518204-2147118731-1003_Classes\CLSID\{6B7E63A3-850A-101B-AFC0-4210102A8DA7}\InprocServer32 -> C:\WINDOWS\system32\comctl32.ocx (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1417001333-823518204-2147118731-1003_Classes\CLSID\{77D8C8C7-6B46-4429-B876-DBC006C96EB1}\InprocServer32 -> C:\Program Files\Pinnacle\Shared Files\Filter\MarvinAVRenderer.ax (Pinnacle Systems GmbH)
CustomCLSID: HKU\S-1-5-21-1417001333-823518204-2147118731-1003_Classes\CLSID\{9ED94440-E5E8-101B-B9B5-444553540000}\InprocServer32 -> C:\WINDOWS\system32\comctl32.ocx (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1417001333-823518204-2147118731-1003_Classes\CLSID\{9ED94444-E5E8-101B-B9B5-444553540000}\InprocServer32 -> C:\WINDOWS\system32\comctl32.ocx (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1417001333-823518204-2147118731-1003_Classes\CLSID\{B196B286-BAB4-101A-B69C-00AA00341D07}\InprocServer32 -> C:\WINDOWS\system32\oleaut32.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1417001333-823518204-2147118731-1003_Classes\CLSID\{B66834C6-2E60-11CE-8748-524153480004}\InprocServer32 -> C:\WINDOWS\system32\comctl32.ocx (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1417001333-823518204-2147118731-1003_Classes\CLSID\{CD37ED08-860C-4B86-AD25-5587D8386587}\InprocServer32 -> C:\Program Files\Pinnacle\Shared Files\Filter\MarvinAVRenderer.ax (Pinnacle Systems GmbH)
CustomCLSID: HKU\S-1-5-21-1417001333-823518204-2147118731-1003_Classes\CLSID\{D5DE8D20-5BB8-11D1-A1E3-00A0C90F2731}\InprocServer32 -> C:\WINDOWS\system32\msvbvm60.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1417001333-823518204-2147118731-1003_Classes\CLSID\{E69341A3-E6D2-4175-B60C-C9D3D6FA40F6}\localserver32 -> C:\Documents and Settings\Russ Baker\Application Data\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1417001333-823518204-2147118731-1003_Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Documents and Settings\Russ Baker\Application Data\Dropbox\bin\DropboxExt.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1417001333-823518204-2147118731-1003_Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Documents and Settings\Russ Baker\Application Data\Dropbox\bin\DropboxExt.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1417001333-823518204-2147118731-1003_Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Documents and Settings\Russ Baker\Application Data\Dropbox\bin\DropboxExt.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1417001333-823518204-2147118731-1003_Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Documents and Settings\Russ Baker\Application Data\Dropbox\bin\DropboxExt.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1417001333-823518204-2147118731-1003_Classes\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Documents and Settings\Russ Baker\Application Data\Dropbox\bin\DropboxExt.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1417001333-823518204-2147118731-1003_Classes\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Documents and Settings\Russ Baker\Application Data\Dropbox\bin\DropboxExt.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1417001333-823518204-2147118731-1003_Classes\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Documents and Settings\Russ Baker\Application Data\Dropbox\bin\DropboxExt.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1417001333-823518204-2147118731-1003_Classes\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Documents and Settings\Russ Baker\Application Data\Dropbox\bin\DropboxExt.24.dll (Dropbox, Inc.)
 
==================== Restore Points  =========================
 
 
==================== Hosts content: ==========================
 
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 
2008-04-14 05:00 - 2014-08-20 17:51 - 00001042 ____A C:\WINDOWS\system32\Drivers\etc\hosts
127.0.0.1       localhost
127.0.0.1                   activate.adobe.com
127.0.0.1                   practivate.adobe.com
127.0.0.1                   lmlicenses.wip4.adobe.com
127.0.0.1                   lm.licenses.adobe.com
127.0.0.1                   na1r.services.adobe.com
127.0.0.1                   hlrcv.stage.adobe.com
 
 
==================== Scheduled Tasks (whitelisted) =============
 
 
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
 
Task: C:\WINDOWS\Tasks\Adobe Flash Player Updater.job => C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\WINDOWS\Tasks\AdobeAAMUpdater-1.0-RUSS-Russ Baker.job => C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\updaterstartuputility.exe
Task: C:\WINDOWS\Tasks\AppleSoftwareUpdate.job => C:\Program Files\Apple Software Update\SoftwareUpdate.exe
Task: C:\WINDOWS\Tasks\fba_PM Source.job => C:\Program Files\Softland\FBackup 5\bSchedStarter.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\Microsoft Antimalware Scheduled Scan.job => c:\Program Files\Microsoft Security Client\MpCmdRun.exe
Task: C:\WINDOWS\Tasks\Nero Info.job => C:\Program Files\Common Files\Nero\Nero Info\NeroInfo.exe
 
==================== Loaded Modules (whitelisted) =============
 
2014-02-12 19:58 - 2014-02-12 19:58 - 00073544 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
2014-10-11 13:05 - 2014-10-11 13:05 - 01044776 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
2014-03-28 02:35 - 2014-03-28 02:35 - 00093696 _____ () C:\Program Files\FileZilla FTP Client\fzshellext.dll
2014-04-23 16:36 - 2014-04-23 16:36 - 00149528 _____ () C:\Program Files\Sony\PlayMemories Home\dfs.exe
2014-04-05 10:28 - 2013-09-04 10:19 - 00098888 _____ () C:\Program Files\EaseUS\Todo Backup\bin\CodeLog.dll
2014-04-05 10:28 - 2013-11-14 13:59 - 00031304 _____ () C:\Program Files\EaseUS\Todo Backup\bin\CheckTool.dll
2014-04-05 10:28 - 2008-11-25 16:18 - 01291264 _____ () C:\Program Files\EaseUS\Todo Backup\bin\libxml2.dll
2014-04-05 10:28 - 2004-10-05 02:08 - 00055808 _____ () C:\Program Files\EaseUS\Todo Backup\bin\zlib1.dll
2014-04-05 10:28 - 2013-09-04 10:19 - 00029768 _____ () C:\Program Files\EaseUS\Todo Backup\bin\CompressFile.dll
2014-04-05 10:28 - 2013-09-04 10:19 - 00050248 _____ () C:\Program Files\EaseUS\Todo Backup\bin\TBGetRemoteNetInfo.dll
2014-04-05 10:28 - 2014-01-13 17:06 - 00105544 _____ () C:\Program Files\EaseUS\Todo Backup\bin\ActivationOnline.dll
2014-04-05 10:28 - 2013-09-04 10:19 - 00030280 _____ () C:\Program Files\EaseUS\Todo Backup\bin\DiskSearchImg.dll
2014-04-05 10:28 - 2013-09-04 10:19 - 00293960 _____ () C:\Program Files\EaseUS\Todo Backup\bin\ExchBackupSize.dll
2014-04-05 10:28 - 2013-09-04 10:19 - 00578632 _____ () C:\Program Files\EaseUS\Todo Backup\bin\ExImage.dll
2014-04-05 10:28 - 2013-09-04 10:19 - 00468040 _____ () C:\Program Files\EaseUS\Todo Backup\bin\ExchBackupSizeEx.dll
2014-04-05 10:28 - 2013-09-04 10:19 - 00192072 _____ () C:\Program Files\EaseUS\Todo Backup\bin\EmailBackupSize.dll
2014-04-05 10:28 - 2013-12-23 10:01 - 00281672 _____ () C:\Program Files\EaseUS\Todo Backup\bin\AndroidImage.dll
2014-04-05 10:28 - 2013-09-04 10:19 - 00068680 _____ () C:\Program Files\EaseUS\Todo Backup\bin\EnumTapeDevice.dll
2014-04-05 10:28 - 2013-09-04 10:19 - 00069192 _____ () C:\Program Files\EaseUS\Todo Backup\bin\TbTapeBrowse.dll
2014-04-05 10:28 - 2013-09-04 10:19 - 00022600 _____ () C:\Program Files\EaseUS\Todo Backup\bin\AccountManager.dll
2014-04-05 10:28 - 2013-09-04 10:19 - 00115784 _____ () C:\Program Files\EaseUS\Todo Backup\bin\NasOperator.dll
2014-04-05 10:28 - 2013-09-04 10:19 - 00192584 _____ () C:\Program Files\EaseUS\Todo Backup\bin\EmailBrowser.dll
2014-04-05 10:28 - 2013-09-04 10:19 - 00135752 _____ () C:\Program Files\EaseUS\Todo Backup\bin\CloudOperator.dll
2014-04-05 10:28 - 2013-10-22 16:31 - 00037960 _____ () C:\Program Files\EaseUS\Todo Backup\bin\ActiveOnline.dll
2014-04-05 10:28 - 2013-09-04 10:19 - 00135240 _____ () C:\Program Files\EaseUS\Todo Backup\bin\VMConfig.dll
2014-04-05 10:28 - 2013-12-24 16:42 - 00017992 _____ () C:\Program Files\EaseUS\Todo Backup\bin\AndroidDeviceManager.dll
2014-04-05 10:28 - 2013-09-04 10:19 - 00096840 _____ () C:\Program Files\EaseUS\Todo Backup\bin\TBFireWall.dll
2014-04-08 08:51 - 2012-04-09 13:26 - 00149360 _____ () C:\ICVERIFY\ICWin420\Jcard\JCardService.exe
2014-04-08 08:51 - 2012-04-09 13:24 - 00055152 _____ () C:\ICVERIFY\ICWin420\PCVXWinServiceManager.exe
2008-04-14 05:00 - 2013-01-01 23:49 - 01292288 _____ () C:\WINDOWS\system32\quartz.dll
2008-04-14 05:00 - 2008-04-14 05:00 - 00059904 _____ () C:\WINDOWS\system32\devenum.dll
2008-04-14 05:00 - 2008-04-14 05:00 - 00014336 _____ () C:\WINDOWS\system32\msdmo.dll
2015-01-24 08:02 - 2013-03-19 12:07 - 00508136 _____ () C:\Program Files\Bitdefender\Antivirus Free Edition\sqlite3.dll
2015-01-24 08:02 - 2013-09-03 14:29 - 00095088 _____ () C:\Program Files\Bitdefender\Antivirus Free Edition\BDMetrics.dll
2015-01-24 08:09 - 2015-01-24 08:09 - 02194432 _____ () Z:\DOWNLOADS\adwcleaner_4.109.exe
 
==================== Alternate Data Streams (whitelisted) =========
 
(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)
 
AlternateDataStreams: C:\Documents and Settings\All Users\Application Data\TEMP:054203E4
AlternateDataStreams: C:\Documents and Settings\Russ Baker\Desktop\AA_v35.exe:BDU
 
==================== Safe Mode (whitelisted) ===================
 
(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
 
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot => "AlternateShell"=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\network\SMPCHelper => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\network\tvnserver => ""=""
 
==================== EXE Association (whitelisted) =============
 
(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)
 
 
==================== MSCONFIG/TASK MANAGER disabled items =========
 
(Currently there is no automatic fix for this section.)
 
 
========================= Accounts: ==========================
 
Administrator (S-1-5-21-1417001333-823518204-2147118731-500 - Administrator - Enabled) => %SystemDrive%\Documents and Settings\Administrator
ASPNET (S-1-5-21-1417001333-823518204-2147118731-1005 - Limited - Enabled)
Guest (S-1-5-21-1417001333-823518204-2147118731-501 - Limited - Enabled)
HelpAssistant (S-1-5-21-1417001333-823518204-2147118731-1000 - Limited - Disabled)
Russ Baker (S-1-5-21-1417001333-823518204-2147118731-1003 - Administrator - Enabled) => %SystemDrive%\Documents and Settings\Russ Baker
SUPPORT_388945a0 (S-1-5-21-1417001333-823518204-2147118731-1002 - Limited - Disabled)
VUSR_RUSS (S-1-5-21-1417001333-823518204-2147118731-1009 - Limited - Enabled)
 
==================== Faulty Device Manager Devices =============
 
Name: 
Description: 
Class Guid: {4D36E97E-E325-11CE-BFC1-08002BE10318}
Manufacturer: 
Service: 
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (01/24/2015 08:17:09 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Hanging application adwcleaner_4.109.exe, version 4.1.0.9, hang module hungapp, version 0.0.0.0, hang address 0x00000000.
 
Error: (01/23/2015 05:26:44 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Hanging application chrome.exe, version 40.0.2214.91, hang module hungapp, version 0.0.0.0, hang address 0x00000000.
 
Error: (01/23/2015 02:13:49 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application explorer.exe, version 6.0.2900.5512, faulting module CarboniteNSE.dll, version 5.7.1.4562, fault address 0x000ae8f0.
Processing media-specific event for [explorer.exe!ws!]
 
Error: (01/23/2015 06:56:53 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Hanging application chrome.exe, version 40.0.2214.91, hang module hungapp, version 0.0.0.0, hang address 0x00000000.
 
Error: (01/22/2015 02:23:10 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application carboniteservice.exe, version 5.7.1.4562, faulting module carboniteservice.exe, version 5.7.1.4562, fault address 0x001393c5.
Processing media-specific event for [carboniteservice.exe!ws!]
 
Error: (01/22/2015 01:00:36 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application carboniteservice.exe, version 5.7.1.4562, faulting module carboniteservice.exe, version 5.7.1.4562, fault address 0x001393c5.
Processing media-specific event for [carboniteservice.exe!ws!]
 
Error: (01/21/2015 09:45:15 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application carboniteservice.exe, version 5.7.1.4562, faulting module carboniteservice.exe, version 5.7.1.4562, fault address 0x001393c5.
Processing media-specific event for [carboniteservice.exe!ws!]
 
Error: (01/21/2015 05:30:58 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application carboniteservice.exe, version 5.7.1.4562, faulting module carboniteservice.exe, version 5.7.1.4562, fault address 0x001393d1.
Processing media-specific event for [carboniteservice.exe!ws!]
 
Error: (01/20/2015 07:28:37 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application chrome.exe, version 39.0.2171.99, faulting module VC32.dll, version 2.19.30.69, fault address 0x00601030.
Processing media-specific event for [chrome.exe!ws!]
 
Error: (01/20/2015 04:37:25 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Hanging application wmplayer.exe, version 11.0.5721.5145, hang module hungapp, version 0.0.0.0, hang address 0x00000000.
 
 
System errors:
=============
Error: (01/24/2015 08:18:11 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The FBackup 5 Service service terminated unexpectedly.  It has done this 1 time(s).
 
Error: (01/24/2015 08:09:36 AM) (Source: 0) (EventID: 25) (User: )
Description: \Device\HarddiskVolumeShadowCopy1C:
 
Error: (01/24/2015 08:03:26 AM) (Source: 0) (EventID: 12) (User: )
Description: \Device\HarddiskVolumeShadowCopy1C:C:
 
Error: (01/24/2015 07:54:15 AM) (Source: Service Control Manager) (EventID: 7022) (User: )
Description: The PCVXFileMonitor service hung on starting.
 
Error: (01/24/2015 07:54:11 AM) (Source: Service Control Manager) (EventID: 7022) (User: )
Description: The Freemake Improver service hung on starting.
 
Error: (01/24/2015 07:52:51 AM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: The System Restore Service service terminated with the following error: 
%%2
 
Error: (01/24/2015 07:52:36 AM) (Source: SRService) (EventID: 104) (User: )
Description: The System Restore initialization process failed.
 
Error: (01/23/2015 08:52:55 PM) (Source: 0) (EventID: 25) (User: )
Description: \Device\HarddiskVolumeShadowCopy1C:
 
Error: (01/23/2015 08:47:06 PM) (Source: 0) (EventID: 12) (User: )
Description: \Device\HarddiskVolumeShadowCopy1C:C:
 
Error: (01/23/2015 08:43:30 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The Java Quick Starter service terminated unexpectedly.  It has done this 1 time(s).
 
 
Microsoft Office Sessions:
=========================
 
==================== Memory info =========================== 
 
Processor: Intel® Core™2 CPU 6600 @ 2.40GHz
Percentage of memory in use: 33%
Total physical RAM: 3071.17 MB
Available physical RAM: 2052.86 MB
Total Pagefile: 4957.07 MB
Available Pagefile: 4029.6 MB
Total Virtual: 2047.88 MB
Available Virtual: 1925.41 MB
 
==================== Drives ================================
 
Drive c: () (Fixed) (Total:931.5 GB) (Free:772.42 GB) NTFS ==>[Drive with boot components (Windows XP)]
Drive i: () (Network) (Total:916.41 GB) (Free:396.64 GB) 
Drive o: () (Network) (Total:931.51 GB) (Free:631.09 GB) 
Drive p: () (Network) (Total:931.51 GB) (Free:631.09 GB) 
Drive w: () (Network) (Total:916.41 GB) (Free:396.64 GB) 
Drive y: () (Network) (Total:916.41 GB) (Free:396.64 GB) 
Drive z: (Big Drive) (Fixed) (Total:931.51 GB) (Free:631.09 GB) NTFS
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (MBR Code: Windows XP) (Size: 1863 GB) (Disk ID: 53DE558E)
Partition 1: (Active) - (Size=931.5 GB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=931.5 GB) - (Type=07 NTFS)
 
==================== End Of Log ============================


#4 Machiavelli

Machiavelli

    Agent 007


  • Malware Response Instructor
  • 4,088 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:08:51 PM

Posted 25 January 2015 - 02:33 PM

Hey, :)
Can you please move FRST to your Desktop. :)

Step 1: Adwarecleaner

Please download AdwCleaner (by Xplode) from the link below and save it to your Desktop:

Download Mirror #1
  • Right-click on AdwCleaner.exe and select Run as administrator. (If you have Windows XP the just run it)
  • Click Scan and let the scan run.
  • When it finishes, click Clean, following the on screen prompts
  • After your computer reboots, a log will open. Please Copy (Ctrl+C) and Paste (Ctrl+V) this into your next post.
Note: The log can also be found in here: C:\AdwCleaner\

Step 2: Malwarebytes

Please download Malwarebytes Anti-Malware to your desktop Install the progamme and select update
Once it has updated select Settings > Detection and Protection
Tick Scan for rootkits

MBAMsettings.JPG

Go back to the Dashboard and select Scan Now

MBAMScan.JPG

If threats are detected, click the Apply Actions button, MBAM will ask for a reboot.

MBAMReboot.JPG

MBAMLog.JPG

On completion of the scan (or after the reboot) select View Detailed Log
Select Export > Select text file and save to the desktop
Attach/Post that log

Step 3: Junkware Removal Tool

thisisujrt.gif  Please download Junkware Removal Tool to your desktop.
  • Shut down your protection software now to avoid potential conflicts.
  • Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete depending on your system's specifications.
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • Post the contents of JRT.txt into your next message.
Step 4: FRST Scan
  • Run FRST. (if you have Windows Vista / Windows 7 / Windows 8: Please do a Right click on the FRST icon and select Run as Administrator)
  • Click Scan to start FRST.
  • When FRST finishes scanning, a log, FRST.txt, will open.
  • Copy (Ctrl+C) and Paste (Ctrl+V) the contents of this log into your next post please.

~Machiavelli

If I don't reply within 24 hours please PM me!

  • Every topic with no replies within 5 days will be closed.
  • If you like my help here please give me feedback.

unite_blue.png
 
 


#5 bzncrew

bzncrew
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:06:51 PM

Posted 25 January 2015 - 02:58 PM

Running Malwarebytes now
 
 
 
# AdwCleaner v4.109 - Report created 25/01/2015 at 12:49:21
# Updated 24/01/2015 by Xplode
# Database : 2015-01-25.1 [Live]
# Operating System : Microsoft Windows XP Service Pack 3 (32 bits)
# Username : Russ Baker - RUSS
# Running from : Z:\DOWNLOADS\AdwCleaner.exe
# Option : Clean
 
***** [ Services ] *****
 
 
***** [ Files / Folders ] *****
 
File Deleted : C:\Documents and Settings\Russ Baker\Local Settings\Application Data\Google\Chrome\User Data\Default\Local Storage\hxxps_static.olark.com_0.localstorage-journal
 
***** [ Scheduled Tasks ] *****
 
 
***** [ Shortcuts ] *****
 
 
***** [ Registry ] *****
 
 
***** [ Browsers ] *****
 
-\\ Internet Explorer v8.0.6001.18702
 
 
-\\ Mozilla Firefox v
 
 
-\\ Google Chrome v40.0.2214.91
 
 
*************************
 
AdwCleaner[R0].txt - [7843 octets] - [24/01/2015 08:11:34]
AdwCleaner[R1].txt - [7682 octets] - [24/01/2015 11:04:47]
AdwCleaner[R2].txt - [9051 octets] - [24/01/2015 11:42:52]
AdwCleaner[R3].txt - [1423 octets] - [24/01/2015 14:55:05]
AdwCleaner[R4].txt - [1420 octets] - [25/01/2015 12:41:13]
AdwCleaner[R5].txt - [1534 octets] - [25/01/2015 12:47:08]
AdwCleaner[S0].txt - [448 octets] - [24/01/2015 08:16:29]
AdwCleaner[S1].txt - [364 octets] - [24/01/2015 11:10:07]
AdwCleaner[S2].txt - [9540 octets] - [24/01/2015 11:45:42]
AdwCleaner[S3].txt - [1488 octets] - [24/01/2015 15:31:34]
AdwCleaner[S4].txt - [1483 octets] - [25/01/2015 12:44:52]
AdwCleaner[S5].txt - [1457 octets] - [25/01/2015 12:49:21]
 
########## EOF - C:\AdwCleaner\AdwCleaner[S5].txt - [1517 octets] ##########


#6 Machiavelli

Machiavelli

    Agent 007


  • Malware Response Instructor
  • 4,088 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:08:51 PM

Posted 25 January 2015 - 03:07 PM

OK I'm waiting. :)

~Machiavelli

If I don't reply within 24 hours please PM me!

  • Every topic with no replies within 5 days will be closed.
  • If you like my help here please give me feedback.

unite_blue.png
 
 


#7 bzncrew

bzncrew
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:06:51 PM

Posted 25 January 2015 - 04:28 PM

MBAM results

 

Malwarebytes Anti-Malware
www.malwarebytes.org
 
Scan Date: 1/25/2015
Scan Time: 1:33:41 PM
Logfile: MBAM.txt
Administrator: Yes
 
Version: 2.00.4.1028
Malware Database: v2015.01.25.10
Rootkit Database: v2015.01.14.01
License: Free
Malware Protection: Disabled
Malicious Website Protection: Disabled
Self-protection: Disabled
 
OS: Windows XP Service Pack 3
CPU: x86
File System: NTFS
User: Russ Baker
 
Scan Type: Threat Scan
Result: Completed
Objects Scanned: 389699
Time Elapsed: 25 min, 39 sec
 
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Enabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled
 
Processes: 0
(No malicious items detected)
 
Modules: 0
(No malicious items detected)
 
Registry Keys: 0
(No malicious items detected)
 
Registry Values: 0
(No malicious items detected)
 
Registry Data: 0
(No malicious items detected)
 
Folders: 0
(No malicious items detected)
 
Files: 0
(No malicious items detected)
 
Physical Sectors: 0
(No malicious items detected)
 
 
(end)

JRT results

 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.4.1 (12.28.2014:1)
OS: Microsoft Windows XP x64
Ran by Russ Baker on Sun 01/25/2015 at 14:17:32.93
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 
 
 
 
~~~ Services
 
 
 
~~~ Registry Values
 
Successfully repaired: [Registry Value] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Internet Explorer\Main\\Default_Page_URL
 
 
 
~~~ Registry Keys
 
 
 
~~~ Files
 
 
 
~~~ Folders
 
 
 
 
 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Sun 01/25/2015 at 14:24:40.98
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

FRST.txt

 

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 24-01-2015 01
Ran by Russ Baker (administrator) on RUSS on 25-01-2015 14:26:47
Running from Z:\DOWNLOADS
Loaded Profiles: Russ Baker (Available profiles: Russ Baker & Administrator)
Platform: Microsoft Windows XP Professional Service Pack 3 (X86) OS Language: English (United States)
Internet Explorer Version 8 (Default browser: Chrome)
Boot Mode: Normal
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(Bitdefender) C:\Program Files\Bitdefender\Antivirus Free Edition\gzserv.exe
(Adobe Systems Incorporated) C:\Program Files\Adobe\Elements 12 Organizer\PhotoshopElementsFileAgent.exe
(Ammyy LLC) C:\Documents and Settings\Russ Baker\Desktop\AA_v35.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Ammyy LLC) C:\Documents and Settings\Russ Baker\Desktop\AA_v35.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Carbonite, Inc. (www.carbonite.com)) C:\Program Files\Carbonite\Carbonite Backup\CarboniteService.exe
(CHENGDU YIWO Tech Development Co., Ltd) C:\Program Files\EaseUS\Todo Backup\bin\Agent.exe
(SEIKO EPSON CORPORATION) C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_JT50RP.EXE
(CHENGDU YIWO Tech Development Co., Ltd) C:\Program Files\EaseUS\Todo Backup\bin\GuardAgent.exe
() C:\ICVERIFY\ICWin420\Jcard\JCardService.exe
(Google Inc.) C:\Program Files\Google\Update\1.3.25.11\GoogleCrashHandler.exe
(Nero AG) C:\Program Files\Nero\Update\NASvc.exe
() C:\ICVERIFY\ICWin420\PCVXWinServiceManager.exe
(Microsoft Corporation) C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
(TeamViewer GmbH) C:\Program Files\TeamViewer\TeamViewer_Service.exe
(Extended Systems, Inc.) C:\Program Files\Extended Systems\Advantage 8.1\Server\ads.exe
(TeamViewer GmbH) C:\Program Files\TeamViewer\TeamViewer.exe
(TeamViewer GmbH) C:\Program Files\TeamViewer\tv_w32.exe
(Realtek Semiconductor Corp.) C:\WINDOWS\RTHDCPL.exe
(SEIKO EPSON CORPORATION) C:\Program Files\Epson Software\Event Manager\EEventManager.exe
(Sun Microsystems, Inc.) C:\ICVERIFY\ICWin420\jre1.6.0\bin\javaw.exe
(SEIKO EPSON CORPORATION) C:\Program Files\Epson Software\FAX Utility\FUFAXRCV.exe
(FirstData) C:\ICVERIFY\ICWin420\Firstdata.Security.PCVXFileMonitor.exe
(SEIKO EPSON CORPORATION) C:\Program Files\Epson Software\FAX Utility\FUFAXSTM.exe
(CHENGDU YIWO Tech Development Co., Ltd) C:\Program Files\EaseUS\Todo Backup\bin\EuWatch.exe
(CHENGDU YIWO Tech Development Co., Ltd) C:\Program Files\EaseUS\Todo Backup\bin\TrayNotify.exe
() C:\Program Files\EaseUS\TrayPopup\TrayTipAgent.exe
(Adobe Systems Inc.) C:\Program Files\Adobe\Acrobat 9.0\Acrobat\acrotray.exe
(iSkySoft) C:\Program Files\Common Files\iSkysoft\iSkysoft Helper Compact\ISHelper.exe
(SlySoft, Inc.) C:\Program Files\SlySoft\CloneCD\CloneCDTray.exe
(Pinnacle Systems GmbH) C:\PROGRA~1\Pinnacle\SHARED~1\Programs\USBTip\USBTip.exe
(Wondershare) C:\Program Files\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe
(Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe
(Carbonite, Inc.) C:\Program Files\Carbonite\Carbonite Backup\CarboniteUI.exe
(j2 Global Communications, Inc.) C:\Program Files\eFax Messenger 4.4\J2GDllCmd.exe
(Softland) C:\Program Files\Softland\FBackup 5\bTray.exe
(Google) C:\Program Files\Google\Drive\googledrivesync.exe
(GoPro) C:\Program Files\CineForm\Tools\GoProCineFormStatusViewer.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Realtime Soft Ltd) C:\Program Files\UltraMon\UltraMon.exe
(Dropbox, Inc.) C:\Documents and Settings\Russ Baker\Application Data\Dropbox\bin\Dropbox.exe
(j2 Global Communications, Inc.) C:\Program Files\eFax Messenger 4.4\J2GTray.exe
(Realtime Soft Ltd) C:\Program Files\UltraMon\UltraMonTaskbar.exe
(Microsoft Corporation) C:\WINDOWS\system32\mdm.exe
(Mozilla Corporation) C:\Program Files\Mozilla Thunderbird\thunderbird.exe
(Google) C:\Program Files\Google\Drive\googledrivesync.exe
(Microsoft Corporation) C:\WINDOWS\system32\dllhost.exe
(Microsoft Corporation) C:\WINDOWS\system32\dllhost.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Farbar) Z:\DOWNLOADS\FRST (1).exe
 
 
==================== Registry (Whitelisted) ==================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [RTHDCPL] => C:\WINDOWS\RTHDCPL.EXE [16126464 2007-04-10] (Realtek Semiconductor Corp.)
HKLM\...\Run: [SkyTel] => C:\WINDOWS\SkyTel.EXE [1822720 2007-04-04] (Realtek Semiconductor Corp.)
HKLM\...\Run: [Alcmtr] => C:\WINDOWS\ALCMTR.EXE [69632 2005-05-03] (Realtek Semiconductor Corp.)
HKLM\...\Run: [Adobe ARM] => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-12-20] (Adobe Systems Incorporated)
HKLM\...\Run: [EEventManager] => C:\Program Files\Epson Software\Event Manager\EEventManager.exe [979328 2010-10-12] (SEIKO EPSON CORPORATION)
HKLM\...\Run: [FUFAXRCV] => C:\Program Files\Epson Software\FAX Utility\FUFAXRCV.exe [495616 2011-03-08] (SEIKO EPSON CORPORATION)
HKLM\...\Run: [FUFAXSTM] => C:\Program Files\Epson Software\FAX Utility\FUFAXSTM.exe [856064 2011-03-08] (SEIKO EPSON CORPORATION)
HKLM\...\Run: [EaseUs Watch] => C:\Program Files\EaseUS\Todo Backup\bin\EuWatch.exe [70728 2013-09-04] (CHENGDU YIWO Tech Development Co., Ltd)
HKLM\...\Run: [EaseUs Tray] => C:\Program Files\EaseUS\Todo Backup\bin\TrayNotify.exe [1372232 2013-09-04] (CHENGDU YIWO Tech Development Co., Ltd)
HKLM\...\Run: [EaseUs TB Tray Agent] => C:\Program Files\EaseUS\TrayPopup\TrayTipAgent.exe [253512 2013-09-04] ()
HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [472984 2013-06-03] (Adobe Systems Incorporated)
HKLM\...\Run: [AdobeCS4ServiceManager] => C:\Program Files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe [611712 2008-08-14] (Adobe Systems Incorporated)
HKLM\...\Run: [Adobe Acrobat Speed Launcher] => C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe [37232 2008-06-12] (Adobe Systems Incorporated)
HKLM\...\Run: [] => [X]
HKLM\...\Run: [Acrobat Assistant 8.0] => C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe [640376 2008-06-11] (Adobe Systems Inc.)
HKLM\...\Run: [Adobe_ID0ENQBO] => C:\Program Files\Common Files\Adobe\Adobe Version Cue CS4\Server\bin\VersionCueCS4Tray.exe [378224 2008-08-15] (Adobe Systems Incorporated)
HKLM\...\Run: [iSkysoft Helper Compact.exe] => C:\Program Files\Common Files\iSkysoft\iSkysoft Helper Compact\ISHelper.exe [2066432 2014-10-31] (iSkySoft)
HKLM\...\Run: [CloneCDTray] => C:\Program Files\SlySoft\CloneCD\CloneCDTray.exe [57344 2009-01-29] (SlySoft, Inc.)
HKLM\...\Run: [USBToolTip] => C:\Program Files\Pinnacle\Shared Files\Programs\USBTip\USBTip.exe [199752 2007-02-20] (Pinnacle Systems GmbH)
HKLM\...\Run: [Wondershare Helper Compact.exe] => C:\Program Files\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe [2024800 2014-06-04] (Wondershare)
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [157480 2014-10-15] (Apple Inc.)
HKLM\...\Run: [QuickTime Task] => C:\Program Files\QuickTime\QTTask.exe [421888 2014-10-02] (Apple Inc.)
HKLM\...\Run: [Carbonite Backup] => C:\Program Files\Carbonite\Carbonite Backup\CarboniteUI.exe [1055952 2014-12-02] (Carbonite, Inc.)
HKLM Group Policy restriction on software: C:\Documents and Settings\All Users\Application Data\McAfee <====== ATTENTION
HKLM Group Policy restriction on software: C:\Program Files\Malwarebytes' Anti-Malware <====== ATTENTION
HKLM Group Policy restriction on software: C:\Program Files\BitDefender <====== ATTENTION
HKLM Group Policy restriction on software: C:\Documents and Settings\All Users\Application Data\Microsoft\Microsoft Antimalware <====== ATTENTION
HKLM Group Policy restriction on software: C:\Documents and Settings\All Users\Application Data\Malwarebytes <====== ATTENTION
HKLM\Software\Policies\Microsoft\Windows NT\SystemRestore: [DisableSR/DisableConfig]  <===== ATTENTION
HKU\S-1-5-21-1417001333-823518204-2147118731-1003\...\Run: [eFax 4.4] => C:\Program Files\eFax Messenger 4.4\J2GDllCmd.exe [95744 2012-08-29] (j2 Global Communications, Inc.)
HKU\S-1-5-21-1417001333-823518204-2147118731-1003\...\Run: [FBackup 5 Tray Agent] => C:\Program Files\Softland\FBackup 5\bTray.exe [6754872 2014-04-01] (Softland)
HKU\S-1-5-21-1417001333-823518204-2147118731-1003\...\Run: [CAHeadless] => C:\Program Files\Adobe\Elements 12 Organizer\CAHeadless\ElementsAutoAnalyzer.exe [1046944 2013-09-03] (Adobe Systems Incorporated)
HKU\S-1-5-21-1417001333-823518204-2147118731-1003\...\Run: [AdobeBridge] => [X]
HKU\S-1-5-21-1417001333-823518204-2147118731-1003\...\Run: [GoogleDriveSync] => C:\Program Files\Google\Drive\googledrivesync.exe [23308616 2014-12-22] (Google)
HKU\S-1-5-21-1417001333-823518204-2147118731-1003\...\MountPoints2: {b69dabc7-c68f-11e3-b3a7-001d6082781d} - "D:\WD SmartWare.exe" autoplay=true
Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\CineForm Status.lnk
ShortcutTarget: CineForm Status.lnk -> C:\Program Files\CineForm\Tools\GoProCineFormStatusViewer.exe (GoPro)
Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\UltraMon.lnk
ShortcutTarget: UltraMon.lnk -> C:\WINDOWS\Installer\{537056B7-32A4-4408-9B54-0341963C7C9C}\IcoUltraMon.ico ()
Startup: C:\Documents and Settings\Russ Baker\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk -> C:\Documents and Settings\Russ Baker\Application Data\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
Startup: C:\Documents and Settings\Russ Baker\Start Menu\Programs\Startup\eFax 4.4.lnk
ShortcutTarget: eFax 4.4.lnk -> C:\Program Files\eFax Messenger 4.4\J2GTray.exe (j2 Global Communications, Inc.)
ShellIconOverlayIdentifiers: [ Carbonite.Green] -> {95A27763-F62A-4114-9072-E81D87DE3B68} => C:\Program Files\Carbonite\Carbonite Backup\CarboniteNSE.dll (Carbonite, Inc.)
ShellIconOverlayIdentifiers: [ Carbonite.Partial] -> {E300CD91-100F-4E67-9AF3-1384A6124015} => C:\Program Files\Carbonite\Carbonite Backup\CarboniteNSE.dll (Carbonite, Inc.)
ShellIconOverlayIdentifiers: [ Carbonite.Yellow] -> {5E529433-B50E-4bef-A63B-16A6B71B071A} => C:\Program Files\Carbonite\Carbonite Backup\CarboniteNSE.dll (Carbonite, Inc.)
ShellIconOverlayIdentifiers: [1SecureIconsProvider] -> {FC9D8189-520A-4417-AED7-9EAC810C6FBA} => C:\Documents and Settings\All Users\Application Data\Microsoft\Secure\Icons\SecureIconsProvider.dll No File
ShellIconOverlayIdentifiers: [GDriveBlacklistedOverlay] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42} => C:\Program Files\Google\Drive\googledrivesync32.dll (Google)
ShellIconOverlayIdentifiers: [GDriveSharedEditOverlay] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44} => C:\Program Files\Google\Drive\googledrivesync32.dll (Google)
ShellIconOverlayIdentifiers: [GDriveSharedViewOverlay] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D43} => C:\Program Files\Google\Drive\googledrivesync32.dll (Google)
ShellIconOverlayIdentifiers: [GDriveSyncedOverlay] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40} => C:\Program Files\Google\Drive\googledrivesync32.dll (Google)
ShellIconOverlayIdentifiers: [GDriveSyncingOverlay] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41} => C:\Program Files\Google\Drive\googledrivesync32.dll (Google)
AlternateShell: 
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = 
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = 
HKU\S-1-5-21-1417001333-823518204-2147118731-1003\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
BHO: Adobe PDF Link Helper -> {18DF081C-E8AD-4283-A596-FA578C2EBDC3} -> C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
BHO: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_31\bin\ssv.dll (Oracle Corporation)
BHO: Windows Live Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
BHO: Adobe PDF Conversion Toolbar Helper -> {AE7CD045-E861-484f-8273-0445EE161910} -> C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
BHO: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_31\bin\jp2ssv.dll (Oracle Corporation)
BHO: SmartSelect Class -> {F4971EE7-DAA0-4053-9964-665D8EE6A077} -> C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
Toolbar: HKLM - Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
Toolbar: HKU\S-1-5-21-1417001333-823518204-2147118731-1003 -> Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
Handler: belarc - {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - C:\Program Files\Belarc\Advisor\System\BAVoilaX.dll (Belarc, Inc.)
Handler: WSISVCUchrome - {78A543EB-3A61-4ED3 -  No File
Winsock: Catalog5 04 C:\Program Files\Bonjour\mdnsNSP.dll [121704] (Apple Inc.)
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\..\Interfaces\{29A22747-981E-4E83-8014-35712DC1E0CD}: [NameServer] 8.8.8.8
Tcpip\..\Interfaces\{7BA0CE54-2261-484B-8FBC-CD95BD2AB43B}: [NameServer] 8.8.8.8
 
FireFox:
========
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()
FF Plugin: @Apple.com/iTunes,version=1.0 -> C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin: @Google.com/GoogleEarthPlugin -> C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin: @java.com/DTPlugin,version=11.31.2 -> C:\Program Files\Java\jre1.8.0_31\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.31.2 -> C:\Program Files\Java\jre1.8.0_31\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/WLPG,version=14.0.8117.0416 -> C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin: @microsoft.com/WPF,version=3.5 -> c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF Plugin: @Nero.com/KM -> C:\PROGRA~1\COMMON~1\Nero\BROWSE~1\NPBROW~1.DLL (Nero AG)
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-1417001333-823518204-2147118731-1003: @citrixonline.com/appdetectorplugin -> C:\Documents and Settings\Russ Baker\Local Settings\Application Data\Citrix\Plugins\104\npappdetector.dll (Citrix Online)
FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF Extension: Microsoft .NET Framework Assistant - c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension [2014-04-04]
FF HKLM\...\Firefox\Extensions: [ISVCU@iSkysoft.com] - C:\Documents and Settings\All Users\Application Data\iSkysoft\Video Converter Ultimate\ISVCU@iSkysoft.com
 
Chrome: 
=======
CHR HomePage: Default -> hxxp://www.trovi.com/?gd=&ctid=CT3322288&octid=EB_ORIGINAL_CTID&ISID=M262324D9-FEFF-4554-9DA9-D8894C978B19&SearchSource=55&CUI=&UM=8&UP=SP42F80402-3083-44BB-B1AA-518CCB6431CB&SSPV=
CHR StartupUrls: Default -> ""
CHR DefaultSuggestURL: Default -> {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client={google:suggestClient}&gs_ri={google:suggestRid}&xssi=t&q={searchTerms}&{google:inputType}{google:cursorPosition}{google:currentPageUrl}{google:pageClassification}{google:searchVersion}{google:sessionToken}{google:prefetchQuery}sugkey={google:suggestAPIKeyParameter}
CHR Profile: C:\Documents and Settings\Russ Baker\Local Settings\Application Data\Google\Chrome\User Data\Default
CHR Extension: (Google Docs) - C:\Documents and Settings\Russ Baker\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-04-03]
CHR Extension: (Google Drive) - C:\Documents and Settings\Russ Baker\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-04-03]
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Documents and Settings\Russ Baker\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-08-31]
CHR Extension: (YouTube) - C:\Documents and Settings\Russ Baker\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-04-03]
CHR Extension: (Google Search) - C:\Documents and Settings\Russ Baker\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-04-03]
CHR Extension: (Application Launcher for Drive (by Google)) - C:\Documents and Settings\Russ Baker\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\lmjegmlicamnimmfhcmpkclmigmmcbeh [2014-12-27]
CHR Extension: (Google Wallet) - C:\Documents and Settings\Russ Baker\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-04-03]
CHR Extension: (LogMeIn) - C:\Documents and Settings\Russ Baker\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\omkjapkpkiciphacnalicgmmcelfolon [2014-04-16]
CHR Extension: (Gmail) - C:\Documents and Settings\Russ Baker\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-04-03]
CHR HKU\S-1-5-21-1417001333-823518204-2147118731-1003\...\Chrome\Extension: [lmjegmlicamnimmfhcmpkclmigmmcbeh] - No Path
 
========================== Services (Whitelisted) =================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
S3 Adobe Version Cue CS4; C:\Program Files\Common Files\Adobe\Adobe Version Cue CS4\Server\bin\VersionCueCS4.exe [284016 2008-08-15] (Adobe Systems Incorporated)
R2 AdobeActiveFileMonitor12.0; C:\Program Files\Adobe\Elements 12 Organizer\PhotoshopElementsFileAgent.exe [181152 2013-09-03] (Adobe Systems Incorporated)
R2 Advantage; C:\Program Files\Extended Systems\Advantage 8.1\Server\ADS.EXE [2146352 2007-01-08] (Extended Systems, Inc.) [File not signed]
R2 AmmyyAdmin; C:\Documents and Settings\Russ Baker\Desktop\AA_v35.exe [764184 2014-07-30] (Ammyy LLC)
R2 CarboniteService; C:\Program Files\Carbonite\Carbonite Backup\carboniteservice.exe [6027984 2014-12-02] (Carbonite, Inc. (www.carbonite.com))
R2 EaseUS Agent; C:\Program Files\EaseUS\Todo Backup\bin\Agent.exe [36936 2013-12-02] (CHENGDU YIWO Tech Development Co., Ltd) [File not signed]
R2 EPSON_PM_RPCV4_05; C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_JT50RP.EXE [130944 2011-04-25] (SEIKO EPSON CORPORATION)
S2 FBackup5Srv; C:\Program Files\Softland\FBackup 5\bService.exe [3023416 2014-04-01] (Softland)
R2 Guard Agent; C:\Program Files\EaseUS\Todo Backup\bin\GuardAgent.exe [23624 2013-09-04] (CHENGDU YIWO Tech Development Co., Ltd) [File not signed]
R2 gzserv; C:\Program Files\Bitdefender\Antivirus Free Edition\gzserv.exe [57520 2013-10-23] (Bitdefender)
S3 icvmlt32; C:\ICVERIFY\ICWin420\PCVXWinServiceManager.exe [55152 2012-04-09] ()
S3 ICVTnsServer; C:\ICVERIFY\ICWin420\PCVXWinServiceManager.exe [55152 2012-04-09] ()
R2 JCard Service; C:\ICVERIFY\ICWin420\Jcard\JCardService.exe [149360 2012-04-09] ()
R2 MSSQL$ICV; C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [29293408 2010-12-10] (Microsoft Corporation)
S4 MSSQLServerADHelper; C:\Program Files\Microsoft SQL Server\90\Shared\sqladhlp90.exe [44384 2010-12-10] (Microsoft Corporation)
R2 NAUpdate; C:\Program Files\Nero\Update\NASvc.exe [786256 2014-07-14] (Nero AG)
R2 PCVXFileMonitor; C:\ICVERIFY\ICWin420\PCVXWinServiceManager.exe [55152 2012-04-09] ()
S3 SerialKeys; C:\WINDOWS\system32\skeys.exe [26112 2008-04-14] (Microsoft Corporation)
R2 TeamViewer; C:\Program Files\TeamViewer\TeamViewer_Service.exe [5426448 2014-12-15] (TeamViewer GmbH)
S3 Visual Studio Analyzer RPC bridge; C:\Program Files\Microsoft Visual Studio\Common\Tools\VS-Ent98\Vanalyzr\varpc.exe [34036 1998-06-06] (Microsoft Corporation) [File not signed]
S2 Freemake Improver; "C:\Documents and Settings\All Users\Application Data\Freemake\FreemakeUtilsService\FreemakeUtilsService.exe" [X]
 
==================== Drivers (Whitelisted) ====================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
R3 AtcL001; C:\WINDOWS\System32\DRIVERS\l151x86.sys [39424 2014-04-03] (Atheros Communications Inc.)
R0 avc3; C:\WINDOWS\System32\DRIVERS\avc3.sys [633344 2013-04-17] (BitDefender)
R3 avckf; C:\WINDOWS\System32\DRIVERS\avckf.sys [486536 2013-04-17] (BitDefender)
R3 AX88179; C:\WINDOWS\System32\DRIVERS\ax88179_178a.sys [49024 2013-07-31] (ASIX Electronics Corp.)
R1 BANTExt; C:\WINDOWS\System32\Drivers\BANTExt.sys [3840 2011-08-09] () [File not signed]
R1 bdselfpr; C:\Program Files\Bitdefender\Antivirus Free Edition\bdselfpr.sys [135472 2013-07-16] (BitDefender LLC)
S3 CCDECODE; C:\WINDOWS\System32\DRIVERS\CCDECODE.sys [17024 2008-04-14] (Microsoft Corporation)
R3 ElbyCDFL; C:\WINDOWS\System32\Drivers\ElbyCDFL.sys [34760 2007-02-15] (SlySoft, Inc.)
R1 ElbyCDIO; C:\WINDOWS\System32\Drivers\ElbyCDIO.sys [24232 2009-02-17] (Elaborate Bytes AG)
R0 EUBAKUP; C:\WINDOWS\System32\drivers\eubakup.sys [52040 2013-09-04] (CHENGDU YIWO Tech Development Co., Ltd) [File not signed]
R0 EUBKMON; C:\WINDOWS\System32\drivers\EUBKMON.sys [40776 2013-09-04] () [File not signed]
R1 EUDSKACS; C:\WINDOWS\system32\drivers\eudskacs.sys [14920 2013-09-04] (CHENGDU YIWO Tech Development Co., Ltd) [File not signed]
R1 EUFDDISK; C:\WINDOWS\system32\drivers\EuFdDisk.sys [185800 2013-09-04] (CHENGDU YIWO Tech Development Co., Ltd) [File not signed]
S3 FTDIBUS; C:\WINDOWS\System32\drivers\ftdibus.sys [65896 2013-07-12] (FTDI Ltd.)
R1 gzflt; C:\WINDOWS\System32\DRIVERS\gzflt.sys [164952 2013-04-22] (BitDefender LLC)
R3 MarvinBus; C:\WINDOWS\System32\DRIVERS\MarvinBus.sys [171520 2005-09-23] (Pinnacle Systems GmbH) [File not signed]
S3 NdisIP; C:\WINDOWS\System32\DRIVERS\NdisIP.sys [10880 2008-04-14] (Microsoft Corporation)
S3 OVT511Plus; C:\WINDOWS\System32\Drivers\omcamvid.sys [167816 2001-09-18] (OmniVision Technologies, Inc.) [File not signed]
R0 PxHelp20; C:\WINDOWS\System32\drivers\PxHelp20.sys [46096 2013-07-19] (Corel Corporation)
S3 silabenm; C:\WINDOWS\System32\DRIVERS\silabenm.sys [19656 2011-02-08] (Silicon Laboratories, Inc.) [File not signed]
S3 silabser; C:\WINDOWS\System32\DRIVERS\silabser.sys [58496 2011-02-08] (Silicon Laboratories) [File not signed]
S3 slabbus; C:\WINDOWS\System32\DRIVERS\slabbus.sys [52384 2004-03-11] (MCCI)
R0 trufos; C:\WINDOWS\System32\DRIVERS\trufos.sys [355744 2013-05-28] (BitDefender S.R.L.)
R2 UltraMonUtility; C:\Program Files\Common Files\Realtime Soft\UltraMonMirrorDrv\x32\UltraMonUtility.sys [17184 2008-11-14] (Realtime Soft Ltd)
R3 WinDriver6; C:\WINDOWS\System32\drivers\windrvr6.sys [299464 2005-11-09] (Jungo) [File not signed]
U5 avchv; C:\Windows\System32\Drivers\avchv.sys [242504 2015-01-24] (BitDefender)
S4 IntelIde; No ImagePath
U1 WS2IFSL; No ImagePath
 
==================== NetSvcs (Whitelisted) ===================
 
 
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
 
 
==================== One Month Created Files and Folders ========
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2015-01-25 14:24 - 2015-01-25 14:25 - 00000728 _____ () C:\Documents and Settings\Russ Baker\Desktop\JRT.txt
2015-01-25 14:16 - 2015-01-25 14:16 - 00001062 _____ () C:\Documents and Settings\Russ Baker\Desktop\MBAM.txt
2015-01-25 11:40 - 2015-01-25 11:54 - 00000000 ____D () C:\Documents and Settings\Russ Baker\Desktop\Serenade
2015-01-25 08:14 - 2015-01-25 08:16 - 00003028 _____ () C:\SER1.TXT
2015-01-25 08:14 - 2015-01-25 08:14 - 00003027 _____ () C:\SER1.BAK
2015-01-24 18:30 - 2015-01-24 19:24 - 00004246 _____ () C:\ser.txt
2015-01-24 18:30 - 2015-01-24 18:57 - 00003969 _____ () C:\ser.BAK
2015-01-24 14:58 - 2015-01-24 14:58 - 00000000 ____D () C:\Program Files\ESET
2015-01-24 13:18 - 2015-01-24 13:18 - 00242504 _____ (BitDefender) C:\WINDOWS\system32\Drivers\avchv.sys
2015-01-24 13:06 - 2015-01-24 13:06 - 00207815 _____ () C:\Documents and Settings\All Users\Application Data\1422129737.bdinstall.bin
2015-01-24 13:05 - 2013-04-17 14:59 - 00633344 _____ (BitDefender) C:\WINDOWS\system32\Drivers\avc3.sys
2015-01-24 13:05 - 2013-04-17 14:59 - 00486536 _____ (BitDefender) C:\WINDOWS\system32\Drivers\avckf.sys
2015-01-24 13:04 - 2015-01-24 13:05 - 00040294 _____ () C:\Report 2015-01-24 13.04.24.txt
2015-01-24 13:02 - 2013-05-28 12:11 - 00355744 _____ (BitDefender S.R.L.) C:\WINDOWS\system32\Drivers\trufos.sys
2015-01-24 13:02 - 2013-04-22 13:20 - 00164952 _____ (BitDefender LLC) C:\WINDOWS\system32\Drivers\gzflt.sys
2015-01-24 12:50 - 2015-01-24 12:50 - 00000000 ____D () C:\Documents and Settings\All Users\Desktop\CC Support
2015-01-24 12:06 - 2015-01-24 12:06 - 00000010 _____ () C:\Documents and Settings\Russ Baker\Local Settings\Application Data\sponge.last.runtime.cache
2015-01-24 10:42 - 2015-01-24 14:53 - 00003980 _____ () C:\Documents and Settings\Russ Baker\Desktop\Rkill.txt
2015-01-24 08:26 - 2015-01-25 14:26 - 00000000 ____D () C:\FRST
2015-01-24 08:17 - 2015-01-24 08:17 - 00000000 ____D () C:\WINDOWS\ERUNT
2015-01-24 08:16 - 2015-01-24 12:51 - 00000262 _____ () C:\Documents and Settings\Russ Baker\Desktop\error.txt
2015-01-24 08:16 - 2015-01-24 08:16 - 00219704 _____ () C:\Documents and Settings\All Users\Application Data\1422111302.bdinstall.bin
2015-01-24 08:11 - 2015-01-25 12:49 - 00000000 ____D () C:\AdwCleaner
2015-01-24 08:03 - 2015-01-24 13:05 - 00001867 _____ () C:\Documents and Settings\All Users\Desktop\Bitdefender Antivirus Free Edition.lnk
2015-01-24 08:03 - 2015-01-24 13:05 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\Antivirus Free Edition
2015-01-24 07:58 - 2015-01-24 08:02 - 00047850 _____ () C:\Report 2015-01-24 07.58.26.txt
2015-01-23 20:43 - 2015-01-23 20:39 - 00176552 _____ (Oracle Corporation) C:\WINDOWS\system32\javaw.exe
2015-01-23 20:43 - 2015-01-23 20:39 - 00176552 _____ (Oracle Corporation) C:\WINDOWS\system32\java.exe
2015-01-23 20:43 - 2015-01-23 20:39 - 00096680 _____ (Oracle Corporation) C:\WINDOWS\system32\WindowsAccessBridge.dll
2015-01-23 20:38 - 2015-01-23 20:47 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\Oracle
2015-01-23 20:27 - 2015-01-23 20:28 - 00039010 _____ () C:\Documents and Settings\All Users\Application Data\1422070045.4124.bin
2015-01-23 20:27 - 2015-01-23 20:28 - 00028720 _____ () C:\Documents and Settings\All Users\Application Data\1422070045.5316.bin
2015-01-23 20:27 - 2015-01-23 20:28 - 00003472 _____ () C:\Documents and Settings\All Users\Application Data\1422070045.5172.bin
2015-01-23 20:27 - 2015-01-23 20:28 - 00003069 _____ () C:\Documents and Settings\All Users\Application Data\1422070045.5176.bin
2015-01-23 20:19 - 2015-01-23 20:22 - 00027839 _____ () C:\Documents and Settings\All Users\Application Data\1422069498.5212.bin
2015-01-23 20:18 - 2015-01-23 20:22 - 00038999 _____ () C:\Documents and Settings\All Users\Application Data\1422069498.5908.bin
2015-01-23 20:18 - 2015-01-23 20:22 - 00004312 _____ () C:\Documents and Settings\All Users\Application Data\1422069498.4636.bin
2015-01-23 20:18 - 2015-01-23 20:19 - 00003389 _____ () C:\Documents and Settings\All Users\Application Data\1422069498.4668.bin
2015-01-23 03:00 - 2015-01-23 03:00 - 00297052 _____ () C:\WINDOWS\msxml4-KB2758694-enu.LOG
2015-01-22 18:38 - 2015-01-22 18:38 - 00000000 ____D () C:\Documents and Settings\NetworkService\Application Data\QuickScan
2015-01-22 18:30 - 2015-01-22 18:30 - 00224022 _____ () C:\Documents and Settings\All Users\Application Data\1421972393.bdinstall.bin
2015-01-22 17:24 - 2015-01-22 17:29 - 00051297 _____ () C:\Report 2015-01-22 17.24.30.txt
2015-01-22 14:35 - 2015-01-22 14:35 - 00031742 _____ () C:\Documents and Settings\All Users\Application Data\1421962496.bdinstall.bin
2015-01-22 14:26 - 2015-01-22 14:26 - 00028713 _____ () C:\Documents and Settings\All Users\Application Data\1421961959.5868.bin
2015-01-22 14:26 - 2015-01-22 14:26 - 00003520 _____ () C:\Documents and Settings\All Users\Application Data\1421961959.5828.bin
2015-01-22 14:26 - 2015-01-22 14:26 - 00003472 _____ () C:\Documents and Settings\All Users\Application Data\1421961959.5820.bin
2015-01-22 14:25 - 2015-01-22 14:26 - 00039004 _____ () C:\Documents and Settings\All Users\Application Data\1421961959.4352.bin
2015-01-22 14:11 - 2015-01-25 14:11 - 00000288 _____ () C:\WINDOWS\Tasks\Nero Info.job
2015-01-22 14:11 - 2015-01-22 14:11 - 00000000 ____D () C:\Documents and Settings\All Users\Nero
2015-01-22 14:01 - 2015-01-22 14:10 - 00000000 ____D () C:\Program Files\Nero
2015-01-22 14:01 - 2015-01-22 14:10 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\Nero
2015-01-22 14:00 - 2015-01-22 14:00 - 00027873 _____ () C:\Documents and Settings\All Users\Application Data\1421960391.3884.bin
2015-01-22 13:59 - 2015-01-22 14:00 - 00039057 _____ () C:\Documents and Settings\All Users\Application Data\1421960391.468.bin
2015-01-22 13:59 - 2015-01-22 14:00 - 00007398 _____ () C:\Documents and Settings\All Users\Application Data\1421960391.1832.bin
2015-01-22 13:59 - 2015-01-22 14:00 - 00004314 _____ () C:\Documents and Settings\All Users\Application Data\1421960391.5320.bin
2015-01-22 13:37 - 2015-01-22 13:38 - 00000000 ____D () C:\Documents and Settings\Russ Baker\Desktop\Salesforce
2015-01-22 12:39 - 2015-01-22 14:30 - 00000000 ____D () C:\Documents and Settings\Russ Baker\Local Settings\Application Data\Nero
2015-01-22 12:03 - 2010-05-26 11:41 - 02106216 _____ (Microsoft Corporation) C:\WINDOWS\system32\D3DCompiler_43.dll
2015-01-22 12:03 - 2010-05-26 11:41 - 01868128 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3dcsx_43.dll
2015-01-22 12:03 - 2010-05-26 11:41 - 00470880 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3dx10_43.dll
2015-01-22 12:03 - 2010-05-26 11:41 - 00248672 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3dx11_43.dll
2015-01-22 11:53 - 2015-01-22 16:34 - 00000000 ____D () C:\Documents and Settings\Russ Baker\Desktop\Video & Graphics Utils
2015-01-22 11:53 - 2015-01-22 11:57 - 00000000 ____D () C:\Documents and Settings\Russ Baker\Desktop\Utils
2015-01-20 16:41 - 2015-01-20 16:41 - 00009781 _____ () C:\WINDOWS\KB952011.log
2015-01-20 16:41 - 2015-01-20 16:41 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB952011$
2015-01-20 16:40 - 2015-01-20 20:18 - 00000000 ____D () C:\Documents and Settings\Russ Baker\My Documents\Wondershare DVD Creator
2015-01-20 09:02 - 2015-01-21 09:42 - 00000000 ____D () C:\temp bluray
2015-01-19 13:41 - 2015-01-19 13:41 - 00000000 ____D () C:\Documents and Settings\NetworkService\Local Settings\Application Data\Google
2015-01-18 11:30 - 2015-01-18 11:31 - 00000000 ____D () C:\Documents and Settings\Russ Baker\Desktop\Garrett
2015-01-18 11:21 - 2015-01-18 11:21 - 00000000 ____D () C:\Documents and Settings\LocalService\Local Settings\Application Data\Google
2015-01-18 11:09 - 2015-01-18 11:09 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\Carbonite
2015-01-18 11:08 - 2015-01-18 11:08 - 00000000 ____D () C:\Program Files\Carbonite
2015-01-18 11:08 - 2015-01-18 11:08 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\Carbonite
2015-01-18 03:00 - 2015-01-18 03:00 - 00006688 _____ () C:\WINDOWS\KB2868038.log
2015-01-18 03:00 - 2015-01-18 03:00 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2868038$
2015-01-18 02:40 - 2013-07-16 17:58 - 00046848 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\irbus.sys
2015-01-17 12:32 - 2013-07-16 17:58 - 00060160 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\usbaudio.sys
2015-01-17 12:32 - 2013-07-16 17:58 - 00060160 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\usbaudio.sys
2015-01-17 12:31 - 2013-07-16 17:58 - 00123008 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\usbvideo.sys
2015-01-17 12:31 - 2013-07-16 17:58 - 00123008 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\usbvideo.sys
2015-01-17 12:31 - 2008-04-14 05:42 - 00020992 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\dshowext.ax
2015-01-17 12:31 - 2008-04-14 05:42 - 00020992 _____ (Microsoft Corporation) C:\WINDOWS\system32\dshowext.ax
2015-01-14 15:52 - 2015-01-14 15:52 - 00000000 ____D () C:\Documents and Settings\Default User\Local Settings\Application Data\Google
2015-01-14 12:26 - 2015-01-14 12:26 - 00069940 _____ () C:\test.txt
2015-01-14 10:27 - 2015-01-14 10:28 - 00000000 ____D () C:\Program Files\Mozilla Thunderbird
2015-01-14 07:42 - 2015-01-14 07:42 - 00001444 _____ () C:\WINDOWS\COM+.log
2015-01-13 21:11 - 2015-01-13 21:11 - 00035840 _____ () C:\WINDOWS\system32\Comdlg32.oca
2015-01-13 21:02 - 2015-01-13 21:02 - 00000288 _____ () C:\WINDOWS\ODBC.INI
2015-01-13 21:02 - 2015-01-13 21:02 - 00000126 _____ () C:\WINDOWS\mdm.ini
2015-01-13 21:02 - 2015-01-13 21:02 - 00000000 ____D () C:\Documents and Settings\Russ Baker\Start Menu\Programs\OmniVision
2015-01-13 21:02 - 2015-01-13 21:02 - 00000000 ____D () C:\Documents and Settings\Russ Baker\Start Menu\Programs\Microsoft Web Publishing
2015-01-13 21:02 - 2015-01-13 21:02 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\Microsoft Visual Studio 6.0
2015-01-13 20:18 - 1998-04-24 13:55 - 00000005 _____ () C:\WINDOWS\VS98ENT.MIF
2015-01-13 19:08 - 2015-01-13 19:08 - 00190831 _____ () C:\Documents and Settings\All Users\Application Data\1421201236.bdinstall.bin
2015-01-13 19:06 - 2008-04-14 05:42 - 00016384 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\ipsink.ax
2015-01-13 19:06 - 2008-04-14 05:42 - 00016384 _____ (Microsoft Corporation) C:\WINDOWS\system32\ipsink.ax
2015-01-13 19:06 - 2008-04-14 00:16 - 00085248 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\nabtsfec.sys
2015-01-13 19:06 - 2008-04-14 00:16 - 00085248 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\NABTSFEC.sys
2015-01-13 19:06 - 2008-04-14 00:16 - 00019200 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\wstcodec.sys
2015-01-13 19:06 - 2008-04-14 00:16 - 00019200 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\WSTCODEC.SYS
2015-01-13 19:06 - 2008-04-14 00:16 - 00017024 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\ccdecode.sys
2015-01-13 19:06 - 2008-04-14 00:16 - 00017024 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\CCDECODE.sys
2015-01-13 19:06 - 2008-04-14 00:16 - 00015232 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\streamip.sys
2015-01-13 19:06 - 2008-04-14 00:16 - 00015232 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\StreamIP.sys
2015-01-13 19:06 - 2008-04-14 00:16 - 00011136 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\slip.sys
2015-01-13 19:06 - 2008-04-14 00:16 - 00011136 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\SLIP.sys
2015-01-13 19:06 - 2008-04-14 00:16 - 00010880 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\ndisip.sys
2015-01-13 19:06 - 2008-04-14 00:16 - 00010880 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\NdisIP.sys
2015-01-13 19:06 - 2008-04-14 00:09 - 00005504 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\mstee.sys
2015-01-13 19:06 - 2008-04-14 00:09 - 00005504 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\MSTEE.sys
2015-01-13 19:05 - 2015-01-13 19:05 - 00000000 ____D () C:\WINDOWS\OvtCam
2015-01-13 19:05 - 2008-04-14 05:42 - 00091136 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\kswdmcap.ax
2015-01-13 19:05 - 2008-04-14 05:42 - 00091136 _____ (Microsoft Corporation) C:\WINDOWS\system32\kswdmcap.ax
2015-01-13 19:05 - 2008-04-14 05:42 - 00061952 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\kstvtune.ax
2015-01-13 19:05 - 2008-04-14 05:42 - 00061952 _____ (Microsoft Corporation) C:\WINDOWS\system32\kstvtune.ax
2015-01-13 19:05 - 2008-04-14 05:42 - 00053760 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\vfwwdm32.dll
2015-01-13 19:05 - 2008-04-14 05:42 - 00053760 _____ (Microsoft Corporation) C:\WINDOWS\system32\vfwwdm32.dll
2015-01-13 19:05 - 2008-04-14 05:42 - 00043008 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\ksxbar.ax
2015-01-13 19:05 - 2008-04-14 05:42 - 00043008 _____ (Microsoft Corporation) C:\WINDOWS\system32\ksxbar.ax
2015-01-13 19:05 - 2008-04-14 05:42 - 00028672 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\vidcap.ax
2015-01-13 19:05 - 2008-04-14 05:42 - 00028672 _____ (Microsoft Corporation) C:\WINDOWS\system32\vidcap.ax
2015-01-13 13:17 - 2015-01-22 16:37 - 00000000 ____D () C:\Documents and Settings\Russ Baker\Local Settings\Application Data\LogMeInIgnition
2015-01-05 14:55 - 2015-01-06 14:46 - 00001243 _____ () C:\AVANTA.CSV
2015-01-05 13:14 - 2015-01-14 11:32 - 00000000 ____D () C:\Documents and Settings\Russ Baker\Desktop\World Gym
2015-01-05 11:41 - 2015-01-05 20:05 - 00000000 ____D () C:\Documents and Settings\Russ Baker\Local Settings\Application Data\LogMeIn Rescue Applet
2015-01-05 09:53 - 2015-01-05 09:53 - 00000000 ____D () C:\WINDOWS\pss
2015-01-03 15:59 - 2015-01-03 16:09 - 00000000 ____D () C:\Program Files\RegistryNuke 2014
2015-01-03 15:59 - 2015-01-03 15:59 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\RegistryNuke 2014
2015-01-03 05:30 - 2015-01-03 05:30 - 00065536 _____ () C:\WINDOWS\Minidump\Mini010315-01.dmp
2014-12-29 03:36 - 2014-12-31 09:00 - 00000000 ____D () C:\Documents and Settings\Russ Baker\Application Data\Seiwriex
2014-12-27 17:53 - 2015-01-14 15:53 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\Google Drive
2014-12-27 03:24 - 2014-12-31 07:53 - 00000000 ____D () C:\Documents and Settings\Russ Baker\Application Data\Gaoroxy
 
==================== One Month Modified Files and Folders =======
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2015-01-25 14:27 - 2014-04-03 06:28 - 00000000 ____D () C:\Documents and Settings\Russ Baker\Local Settings\Temp
2015-01-25 13:47 - 2014-08-08 07:56 - 00000830 _____ () C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
2015-01-25 13:38 - 2014-04-03 10:08 - 00000886 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2015-01-25 13:33 - 2014-10-25 09:14 - 00114904 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2015-01-25 12:56 - 2014-04-02 22:13 - 00000000 ____D () C:\WINDOWS\Registration
2015-01-25 12:56 - 2014-04-02 15:06 - 00657502 _____ () C:\WINDOWS\system32\PerfStringBackup.INI
2015-01-25 12:55 - 2014-12-22 12:59 - 00000000 ____D () C:\Documents and Settings\Russ Baker\Application Data\Dropbox
2015-01-25 12:54 - 2008-04-14 05:00 - 00002206 _____ () C:\WINDOWS\system32\wpa.dbl
2015-01-25 12:52 - 2014-04-02 22:16 - 01180659 _____ () C:\WINDOWS\WindowsUpdate.log
2015-01-25 12:51 - 2014-04-03 10:08 - 00000882 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2015-01-25 12:51 - 2014-04-02 22:20 - 00000000 ____D () C:\Documents and Settings\NetworkService\Local Settings\Temp
2015-01-25 12:51 - 2014-04-02 15:10 - 00000159 _____ () C:\WINDOWS\wiadebug.log
2015-01-25 12:51 - 2014-04-02 15:10 - 00000049 _____ () C:\WINDOWS\wiaservc.log
2015-01-25 12:51 - 2011-09-06 20:43 - 00000006 ____H () C:\WINDOWS\Tasks\SA.DAT
2015-01-25 12:49 - 2014-09-08 18:42 - 02117443 _____ () C:\Documents and Settings\Russ Baker\Desktop\AA_v35.log
2015-01-25 12:49 - 2014-04-03 06:28 - 00000178 ___SH () C:\Documents and Settings\Russ Baker\ntuser.ini
2015-01-25 12:49 - 2014-04-03 06:28 - 00000000 ____D () C:\Documents and Settings\Russ Baker
2015-01-25 12:49 - 2014-04-03 06:26 - 00032086 _____ () C:\WINDOWS\SchedLgU.Txt
2015-01-25 00:49 - 2014-12-10 19:05 - 00000000 ____D () C:\WINDOWS\FrameworkUpdate
2015-01-24 14:45 - 2014-04-04 10:39 - 00000000 ____D () C:\Program Files\MozBackup
2015-01-24 14:44 - 2014-12-21 12:35 - 00000000 ____D () C:\FreeOCR
2015-01-24 14:44 - 2014-12-18 16:25 - 00000000 ____D () C:\Program Files\Runtime Software
2015-01-24 14:44 - 2014-04-04 08:18 - 00000000 ____D () C:\Program Files\epson
2015-01-24 14:43 - 2014-04-03 10:08 - 00000000 ____D () C:\Program Files\Google
2015-01-24 14:43 - 2014-04-03 10:01 - 00000000 ___HD () C:\Program Files\InstallShield Installation Information
2015-01-24 13:05 - 2014-10-13 06:49 - 00000000 ____D () C:\Program Files\Bitdefender
2015-01-24 12:55 - 2014-04-04 13:50 - 00000000 ____D () C:\Documents and Settings\Russ Baker\Local Settings\Application Data\Adobe
2015-01-24 12:17 - 2014-10-25 14:20 - 00523986 _____ () C:\Documents and Settings\Russ Baker\Local Settings\Application Data\census.cache
2015-01-24 12:16 - 2014-10-25 14:20 - 00200385 _____ () C:\Documents and Settings\Russ Baker\Local Settings\Application Data\ars.cache
2015-01-24 11:56 - 2014-04-07 20:06 - 00000000 ____D () C:\Documents and Settings\Russ Baker\Application Data\QuickScan
2015-01-24 11:16 - 2014-10-13 06:38 - 01368006 _____ () C:\Documents and Settings\LocalService\Local Settings\Application Data\WPFFontCache_v0400-S-1-5-18-0.dat
2015-01-24 11:16 - 2014-04-08 08:56 - 00456518 _____ () C:\Documents and Settings\LocalService\Local Settings\Application Data\WPFFontCache_v0400-System.dat
2015-01-24 10:32 - 2014-04-03 06:38 - 00049664 _____ () C:\Documents and Settings\Russ Baker\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2015-01-24 07:51 - 2014-05-20 02:02 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2834904-v2_WM11$
2015-01-24 07:50 - 2014-04-04 20:24 - 00000000 ____D () C:\WINDOWS\system32\NtmsData
2015-01-24 02:00 - 2014-08-20 18:06 - 00000352 _____ () C:\WINDOWS\Tasks\AdobeAAMUpdater-1.0-RUSS-Russ Baker.job
2015-01-24 02:00 - 2014-04-25 14:53 - 00000496 _____ () C:\WINDOWS\Tasks\fba_PM Source.job
2015-01-23 20:39 - 2014-12-09 07:40 - 00272296 _____ (Oracle Corporation) C:\WINDOWS\system32\javaws.exe
2015-01-23 20:39 - 2014-12-09 07:40 - 00146432 _____ (Oracle Corporation) C:\WINDOWS\system32\javacpl.cpl
2015-01-23 20:37 - 2014-04-04 08:18 - 00000000 ____D () C:\Program Files\Java
2015-01-23 20:11 - 2014-04-03 11:06 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2723135-v2$
2015-01-22 20:32 - 2011-09-06 21:27 - 00001873 _____ () C:\Documents and Settings\All Users\Desktop\Google Chrome.lnk
2015-01-22 19:20 - 2014-04-04 08:26 - 00000000 ____D () C:\Documents and Settings\Russ Baker\Desktop\Images2
2015-01-22 17:17 - 2014-04-04 12:38 - 00000000 ____D () C:\Program Files\TeamViewer
2015-01-22 17:15 - 2014-04-08 08:56 - 02852846 _____ () C:\Documents and Settings\LocalService\Local Settings\Application Data\WPFFontCache_v0400-S-1-5-21-1417001333-823518204-2147118731-1003-0.dat
2015-01-22 17:08 - 2014-04-04 08:25 - 00000000 ____D () C:\Documents and Settings\Russ Baker\Application Data\Nero
2015-01-22 17:06 - 2014-04-04 08:19 - 00000000 ____D () C:\vers7
2015-01-22 17:05 - 2014-04-04 08:09 - 00000000 ____D () C:\CLP52
2015-01-22 14:30 - 2014-04-04 08:49 - 00000000 ____D () C:\Documents and Settings\Russ Baker\My Documents\NeroVideo
2015-01-22 14:21 - 2014-04-24 16:07 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\Package Cache
2015-01-22 14:05 - 2014-04-04 08:17 - 00000000 ____D () C:\Program Files\Common Files\Nero
2015-01-22 14:05 - 2014-04-04 08:11 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\Nero
2015-01-22 12:51 - 2014-09-22 13:32 - 00187664 _____ () C:\WINDOWS\setupapi.log
2015-01-22 12:21 - 2014-04-02 14:59 - 00000000 ____D () C:\WINDOWS\Cursors
2015-01-22 12:03 - 2014-04-02 22:15 - 00000000 ____D () C:\WINDOWS\system32\DirectX
2015-01-22 10:45 - 2014-04-04 08:26 - 00000000 ____D () C:\Documents and Settings\Russ Baker\Application Data\uTorrent
2015-01-20 20:20 - 2014-10-11 11:34 - 00000000 ____D () C:\Program Files\IPCam ActiveX
2015-01-20 16:58 - 2014-04-02 22:20 - 00000000 __SHD () C:\Documents and Settings\NetworkService
2015-01-20 16:45 - 2014-09-27 17:21 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\Freemake
2015-01-20 16:41 - 2014-04-02 15:06 - 01118638 _____ () C:\WINDOWS\iis6.log
2015-01-20 16:41 - 2014-04-02 15:06 - 00993265 _____ () C:\WINDOWS\FaxSetup.log
2015-01-20 16:41 - 2014-04-02 15:06 - 00493726 _____ () C:\WINDOWS\ocgen.log
2015-01-20 16:41 - 2014-04-02 15:06 - 00461898 _____ () C:\WINDOWS\tsoc.log
2015-01-20 16:41 - 2014-04-02 15:06 - 00309518 _____ () C:\WINDOWS\msmqinst.log
2015-01-20 16:41 - 2014-04-02 15:06 - 00207401 _____ () C:\WINDOWS\ntdtcsetup.log
2015-01-20 16:41 - 2014-04-02 15:06 - 00174982 _____ () C:\WINDOWS\netfxocm.log
2015-01-20 16:41 - 2014-04-02 15:06 - 00069419 _____ () C:\WINDOWS\MedCtrOC.log
2015-01-20 16:41 - 2014-04-02 15:06 - 00061191 _____ () C:\WINDOWS\comsetup.log
2015-01-20 16:41 - 2014-04-02 15:06 - 00055881 _____ () C:\WINDOWS\ocmsn.log
2015-01-20 16:41 - 2014-04-02 15:06 - 00050390 _____ () C:\WINDOWS\tabletoc.log
2015-01-20 16:41 - 2014-04-02 15:06 - 00050261 _____ () C:\WINDOWS\msgsocm.log
2015-01-20 16:41 - 2014-04-02 15:06 - 00001374 _____ () C:\WINDOWS\imsins.log
2015-01-20 12:45 - 2014-04-04 08:13 - 00000000 ____D () C:\MEW
2015-01-20 12:31 - 2014-04-04 20:33 - 00000284 _____ () C:\WINDOWS\Tasks\AppleSoftwareUpdate.job
2015-01-20 10:10 - 2014-04-04 08:13 - 00000000 ____D () C:\ICREQ
2015-01-20 09:03 - 2014-04-05 10:54 - 00000000 ____D () C:\Documents and Settings\Russ Baker\Application Data\tiger-k
2015-01-19 21:55 - 2014-04-04 08:26 - 00000000 ____D () C:\Documents and Settings\Russ Baker\Desktop\boat cover
2015-01-19 19:30 - 2014-04-04 08:08 - 00000000 ____D () C:\adsverw
2015-01-19 18:18 - 2014-04-04 13:52 - 00002315 _____ () C:\Documents and Settings\All Users\Start Menu\Programs\Adobe Reader XI.lnk
2015-01-18 03:00 - 2014-04-02 15:06 - 00001374 _____ () C:\WINDOWS\imsins.BAK
2015-01-18 01:49 - 2014-04-06 02:13 - 00000384 ____H () C:\WINDOWS\Tasks\Microsoft Antimalware Scheduled Scan.job
2015-01-17 13:20 - 2014-05-12 14:41 - 00000000 ____D () C:\Documents and Settings\Russ Baker\Desktop\BMF Invoices
2015-01-17 11:47 - 2014-04-03 11:48 - 00000000 ____D () C:\Program Files\Mozilla Maintenance Service
2015-01-15 19:23 - 2014-04-10 12:03 - 00013891 _____ () C:\ads_err.dbf
2015-01-15 13:15 - 2014-04-18 10:40 - 00007896 _____ () C:\ADSVERWP.PRM
2015-01-14 10:54 - 2014-04-05 09:54 - 00000000 ____D () C:\Documents and Settings\Russ Baker\My Documents\eFax Messenger 4.4
2015-01-14 07:45 - 2014-04-03 10:46 - 00000000 ____D () C:\WINDOWS\system32\MRT
2015-01-14 03:01 - 2014-04-03 10:46 - 110348472 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2015-01-13 21:11 - 2014-04-02 22:13 - 00000095 _____ () C:\WINDOWS\vbaddin.ini
2015-01-13 21:06 - 2014-04-02 22:13 - 00000000 ____D () C:\Program Files\ComPlus Applications
2015-01-13 21:02 - 2014-10-30 17:29 - 00000000 ____D () C:\Program Files\Web Publish
2015-01-13 21:02 - 2014-05-15 02:01 - 00000000 ____D () C:\Program Files\Common Files\DESIGNER
2015-01-13 21:02 - 2014-04-04 08:18 - 00000000 ____D () C:\Program Files\Microsoft Visual Studio
2015-01-13 21:02 - 2014-04-02 22:13 - 00001309 _____ () C:\WINDOWS\vb.ini
2015-01-13 21:02 - 2014-04-02 15:06 - 00004161 _____ () C:\WINDOWS\ODBCINST.INI
2015-01-13 21:02 - 2014-04-02 15:06 - 00000000 ____D () C:\Program Files\Common Files\Microsoft Shared
2015-01-13 21:02 - 2014-04-02 14:59 - 00000000 ____D () C:\WINDOWS\Help
2015-01-13 19:07 - 2014-04-16 15:36 - 00000000 ____D () C:\WINDOWS\Downloaded Installations
2015-01-13 19:05 - 2014-04-02 14:59 - 00000000 ____D () C:\WINDOWS\twain_32
2015-01-13 13:33 - 2014-05-09 11:02 - 00000734 _____ () C:\out.txt
2015-01-13 13:17 - 2014-04-07 15:51 - 00000000 ____D () C:\Documents and Settings\Russ Baker\Local Settings\Application Data\LogMeIn Client
2015-01-12 16:26 - 2014-09-26 15:37 - 00004950 _____ () C:\Documents and Settings\Russ Baker\Desktop\fdr.txt
2015-01-03 16:10 - 2014-05-22 11:07 - 00000000 ____D () C:\ADS
2015-01-03 16:10 - 2014-04-04 08:08 - 00000000 ____D () C:\adsver
2015-01-03 11:18 - 2014-04-04 08:25 - 00000000 ____D () C:\Documents and Settings\Russ Baker\Application Data\FileZilla
2015-01-03 05:30 - 2014-04-04 19:54 - 00000000 ____D () C:\WINDOWS\Minidump
2015-01-02 17:16 - 2014-12-02 12:20 - 00000000 ____D () C:\Documents and Settings\Russ Baker\Desktop\Rainbow City
2014-12-31 07:53 - 2014-12-23 02:58 - 00000000 ____D () C:\Documents and Settings\Russ Baker\Application Data\Ulwyze
2014-12-27 18:20 - 2014-04-04 08:20 - 00000000 ____D () C:\WINDOWS\Microsoft.NET
2014-12-27 17:53 - 2014-04-03 10:08 - 00000000 ____D () C:\Documents and Settings\Russ Baker\Local Settings\Application Data\Google
2014-12-27 12:53 - 2013-02-18 17:44 - 00001916 ____H () C:\Documents and Settings\Russ Baker\My Documents\Default.rdp
 
==================== Files in the root of some directories =======
 
2014-04-19 09:37 - 2014-04-19 09:55 - 0000040 _____ () C:\Documents and Settings\Russ Baker\Application Data\cdr.ini
2014-12-10 19:05 - 2014-12-10 19:05 - 0000480 ____H () C:\Documents and Settings\Russ Baker\Application Data\麽鎒駓覜
2014-10-25 14:20 - 2015-01-24 12:16 - 0200385 _____ () C:\Documents and Settings\Russ Baker\Local Settings\Application Data\ars.cache
2014-10-25 14:20 - 2015-01-24 12:17 - 0523986 _____ () C:\Documents and Settings\Russ Baker\Local Settings\Application Data\census.cache
2014-04-03 06:38 - 2015-01-24 10:32 - 0049664 _____ () C:\Documents and Settings\Russ Baker\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2014-04-04 09:35 - 2014-04-04 09:50 - 0007486 _____ () C:\Documents and Settings\Russ Baker\Local Settings\Application Data\FASTWiz.html
2014-04-04 07:41 - 2014-04-04 09:32 - 0673529 _____ () C:\Documents and Settings\Russ Baker\Local Settings\Application Data\FASTWiz.log
2014-10-25 14:00 - 2014-10-25 14:00 - 0000036 _____ () C:\Documents and Settings\Russ Baker\Local Settings\Application Data\housecall.guid.cache
2015-01-24 12:06 - 2015-01-24 12:06 - 0000010 _____ () C:\Documents and Settings\Russ Baker\Local Settings\Application Data\sponge.last.runtime.cache
 
Files to move or delete:
====================
C:\Documents and Settings\LocalService\NTUSER(1).DAT
C:\Documents and Settings\NetworkService\NTUSER(1).DAT
C:\Documents and Settings\Russ Baker\NTUSER(1).DAT
 
 
Some content of TEMP:
====================
C:\Documents and Settings\Russ Baker\Local Settings\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpa0o78l.dll
C:\Documents and Settings\Russ Baker\Local Settings\Temp\FreemakeVideoConverterFull.exe
C:\Documents and Settings\Russ Baker\Local Settings\Temp\jre-7u71-windows-i586-iftw.exe
C:\Documents and Settings\Russ Baker\Local Settings\Temp\jre-8u31-windows-au.exe
C:\Documents and Settings\Russ Baker\Local Settings\Temp\Quarantine.exe
C:\Documents and Settings\Russ Baker\Local Settings\Temp\sqlite3.dll
 
 
==================== Bamital & volsnap Check =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed
 
==================== End Of Log ============================


#8 bzncrew

bzncrew
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:06:51 PM

Posted 25 January 2015 - 04:30 PM

Addition.txt

 

Additional scan result of Farbar Recovery Scan Tool (x86) Version: 24-01-2015 01
Ran by Russ Baker at 2015-01-25 14:29:56
Running from Z:\DOWNLOADS
Boot Mode: Normal
==========================================================
 
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
AV: Bitdefender Antivirus Free Edition (Disabled - Up to date) {9488E0FA-F058-4673-850E-E755F112BABC}
 
==================== Installed Programs ======================
 
(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
 Leawo Blu-ray Creator version  5.1.0.0 (HKLM\...\{F73E2159-E3DA-4B2F-BFE7-63D57141F5D0}_is1) (Version: 5.1.0.0 - Leawo Software Co., Ltd.)
µTorrent (HKU\S-1-5-21-1417001333-823518204-2147118731-1003\...\uTorrent) (Version: 3.4.2.37754 - BitTorrent Inc.)
7-Zip 9.20 (HKLM\...\7-Zip) (Version:  - )
Adobe AIR (HKLM\...\Adobe AIR) (Version: 1.1.0.5790 - Adobe Systems Inc.)
Adobe Creative Suite 4 Design Premium (HKLM\...\Adobe_55230b0b70661df0f212e88f0b655f7) (Version: 4.0 - Adobe Systems Incorporated)
Adobe Flash Player 10 Plugin (HKLM\...\{03DEEAD2-F3B7-45BF-9006-A25D015F00D2}) (Version: 10.0.2.54 - Adobe Systems, Inc.)
Adobe Flash Player 15 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 15.0.0.223 - Adobe Systems Incorporated)
Adobe Media Player (HKLM\...\com.adobe.amp.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1) (Version: 1.1 - Adobe Systems Incorporated)
Adobe Photoshop Elements 12 (HKLM\...\Adobe Photoshop Elements 12) (Version: 12.0 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.08) (HKLM\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.08 - Adobe Systems Incorporated)
Advantage Client Engine SDK v9.10 (HKLM\...\{4F689922-2A1E-4C21-BF2B-610DA3E30F2F}) (Version: 9.10.0035 - iAnywhere, Inc.)
Advantage Data Architect v8.1 (HKLM\...\{67400809-E887-4A9E-BD97-95D473DE707B}) (Version: 8.10.0038 - Extended Systems, Inc.)
Advantage Database Server for Windows NT/2000/2003 v8.1 (USA) (HKLM\...\{5767A718-DB8E-4AFD-8895-B8EB655A420F}) (Version: 8.10.0006 - Extended Systems, Inc.)
Apple Application Support (HKLM\...\{83CAF0DE-8D3B-4C37-A631-2B8F16EC3031}) (Version: 3.1 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{235EBB33-3DA1-46DF-AADE-9955123409CB}) (Version: 8.0.5.6 - Apple Inc.)
Apple Software Update (HKLM\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
Arduino (HKLM\...\Arduino) (Version: 1.0.5-r2 - Arduino LLC)
Atheros Communications Inc.® L1 Gigabit Ethernet Driver (HKLM\...\{6E19F210-3813-4002-B561-94D66AA182B6}) (Version: 1.0.11.1 - Atheros Communications Inc.)
Auction Sentry (HKLM\...\{730AF0A6-E338-4B79-B926-95B8B41256A5}) (Version: 4.1.15 - Auction Sentry)
Banner Design Studio v5.1 (HKLM\...\Banner Design Studio v5.1) (Version: 5.1 - BannerDesignStudio)
Belarc Advisor 8.2 (HKLM\...\Belarc Advisor) (Version: 8.2.6.0 - Belarc Inc.)
Bitdefender Antivirus Free Edition (HKLM\...\BitDefender Gonzales) (Version: 1.0.21.1099 - Bitdefender)
Blue Iris 3 (HKLM\...\InstallShield_{5923C82E-6BB6-4186-AF14-3066D1F29323}) (Version: 3.63.01 - Perspective Software)
Blue Iris 3 (Version: 3.63.01 - Perspective Software) Hidden
Blue Iris ActiveX Control (HKLM\...\InstallShield_{7106E079-28CA-4FEC-A083-6577EB674526}) (Version: 3.0.0.9 - Perspective Software)
Blue Iris ActiveX Control (Version: 3.0.0.9 - Perspective Software) Hidden
Bonjour (HKLM\...\{79155F2B-9895-49D7-8612-D92580E0DE5B}) (Version: 3.0.0.10 - Apple Inc.)
Box Sync (Version: 4.0.5841.0 - Box Inc.) Hidden
Carbonite (HKLM\...\Carbonite Backup) (Version: 5.7.1 build 4562 (Dec-02-2014) - Carbonite)
Citrix Online Launcher (HKLM\...\{A08A6B7D-1F21-4843-85A3-77B8D15FAE0E}) (Version: 1.0.244 - Citrix)
CloneCD (HKLM\...\CloneCD) (Version:  - SlySoft)
Colasoft Ping Tool 1.2 (HKLM\...\Colasoft Ping Tool 1.2_is1) (Version: 1.1 - Colasoft LLC.)
Connect (Version: 1.0.0.1 - Adobe Systems Incorporated) Hidden
CP210x Software Development Kit (HKLM\...\CP210x Software Development Kit) (Version: 1.11.0.0 - Silicon Labs)
Diagram Designer (HKLM\...\{61B4AE85-5908-43EC-84B2-8C735917448D}) (Version: 1.27.1 - MeeSoft)
DJI driver version 2.02 (HKLM\...\{EDFDE5EE-84C7-4936-804C-6563943E5754}_is1) (Version: 2.02 - DJI)
DJI NAZAM Assistant version 2.20 (HKLM\...\{407BF034-D1D3-4397-8887-72FE329100D8}_is1) (Version: 2.20 - DJI)
Dropbox (HKU\S-1-5-21-1417001333-823518204-2147118731-1003\...\Dropbox) (Version: 3.0.4 - Dropbox, Inc.)
EaseUS Data Recovery Wizard 8.6 (HKLM\...\EaseUS Data Recovery Wizard 8.6_is1) (Version:  - EaseUS)
EaseUS Todo Backup Free 6.5 (HKLM\...\EaseUS Todo Backup Free 6.5_is1) (Version: 6.5 - CHENGDU YIWO Tech Development Co., Ltd)
eFax Messenger (HKLM\...\{DF6DA606-904D-4C18-823F-A4CFC3035E53}) (Version: 4.4.2.533 - j2 Global)
Elements 12 Organizer (Version: 12.0 - Adobe Systems Incorporated) Hidden
Epson Connect (HKLM\...\{64BA551C-9AF6-495C-93F3-D1270E0045FC}) (Version:  - )
Epson Event Manager (HKLM\...\{8ED43F7E-A8F6-4898-AF11-B6158F2EDF94}) (Version: 2.50.0000 - SEIKO EPSON CORPORATION)
Epson FAX Utility (HKLM\...\{0CBE6C93-CB2E-4378-91EE-12BE6D4E2E4A}) (Version: 1.20.00 - SEIKO EPSON CORPORATION)
Epson PC-FAX Driver (HKLM\...\EPSON PC-FAX Driver 2) (Version:  - )
EPSON Scan (HKLM\...\EPSON Scanner) (Version:  - Seiko Epson Corporation)
EPSON WP-4530 Series Printer Uninstall (HKLM\...\EPSON WP-4530 Series) (Version:  - SEIKO EPSON Corporation)
EpsonNet Print (HKLM\...\{3E31400D-274E-4647-916C-2CACC3741799}) (Version: 2.4j - SEIKO EPSON CORPORATION)
ESET Online Scanner v3 (HKLM\...\ESET Online Scanner) (Version:  - )
FBackup 5 (Version: 5.0.414 - Softland) Hidden
FBackup 5.0 (HKLM\...\{b0384691-180a-43df-89ec-3aab4e67858a}) (Version: 5.0.414.0 - Softland)
FileZilla Client 3.8.0 (HKLM\...\FileZilla Client) (Version: 3.8.0 - Tim Kosse)
Freemake Video Converter version 4.1.5 (HKLM\...\Freemake Video Converter_is1) (Version: 4.1.5 - Ellora Assets Corporation)
Google Chrome (HKLM\...\Google Chrome) (Version: 40.0.2214.91 - Google Inc.)
Google Drive (HKLM\...\{240D2B48-E06E-446F-A806-01CF36882EB7}) (Version: 1.19.8268.4572 - Google, Inc.)
Google Earth (HKLM\...\{4D2A6330-2F8B-11E3-9C40-B8AC6F97B88E}) (Version: 7.1.2.2041 - Google)
Google Update Helper (Version: 1.3.25.11 - Google Inc.) Hidden
GoPro Studio 2.0.1 (HKLM\...\GoPro Studio) (Version: 2.0.1 - WoodmanLabs Inc. d.b.a. GoPro)
HandBrake 0.9.9.1 (HKLM\...\HandBrake) (Version: 0.9.9.1 - )
ICVERIFY for Windows 4.2.0 (HKLM\...\{C177DBBF-E6E7-4EF5-813A-CCD24267ACAA}) (Version: 4.2.0.0 - FDMS)
ICVERIFY for Windows SDK (HKLM\...\{4B069D9F-C4B7-11D6-86EB-00B0D0D27DD0}) (Version:  - )
ICVERIFY User Manager (HKLM\...\{AA53316F-C568-4069-9EFC-CA3D39E418A6}) (Version: 1.0.8.0 - FDMS)
Image Resizer Powertoy Clone for Windows (HKLM\...\{F1B1BB41-2494-4FC2-BEF7-9C282B6815A8}) (Version: 2.0.0.0 - Brice Lambson)
ImgBurn (HKLM\...\ImgBurn) (Version: 2.5.0.0 - LIGHTNING UK!)
iTunes (HKLM\...\{5D928931-D1D2-4A93-A82D-BF60D0E7CFA5}) (Version: 12.0.1.26 - Apple Inc.)
Java 8 Update 31 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F83218031F0}) (Version: 8.0.310 - Oracle Corporation)
kuler (Version: 2.0 - Adobe Systems Incorporated) Hidden
Magical Jelly Bean KeyFinder (HKLM\...\KeyFinder_is1) (Version: 2.0.10.10 - Magical Jelly Bean)
Malwarebytes Anti-Malware version 2.0.4.1028 (HKLM\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.4.1028 - Malwarebytes Corporation)
Microsoft .NET Framework 2.0 Service Pack 2 (HKLM\...\{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}) (Version: 2.2.30729 - Microsoft Corporation)
Microsoft .NET Framework 3.0 Service Pack 2 (HKLM\...\{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}) (Version: 3.2.30729 - Microsoft Corporation)
Microsoft .NET Framework 4 Client Profile (HKLM\...\Microsoft .NET Framework 4 Client Profile) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft .NET Framework 4 Extended (HKLM\...\Microsoft .NET Framework 4 Extended) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft Compression Client Pack 1.0 for Windows XP (HKLM\...\MSCompPackV1) (Version: 1 - Microsoft Corporation)
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM\...\{90120000-0011-0000-0000-0000000FF1CE}_PROPLUS_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version:  - Microsoft)
Microsoft Office Professional Plus 2007 (HKLM\...\PROPLUS) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft SQL Server 2005 (HKLM\...\Microsoft SQL Server 2005) (Version:  - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft SQL Server Native Client (HKLM\...\{7670D32F-DAE6-4E49-8C8B-B3F08B5B1686}) (Version: 9.00.5000.00 - Microsoft Corporation)
Microsoft SQL Server Setup Support Files (English) (HKLM\...\{53F5C3EE-05ED-4830-994B-50B2F0D50FCE}) (Version: 9.00.5000.00 - Microsoft Corporation)
Microsoft SQL Server VSS Writer (HKLM\...\{E7084B89-69E0-46B3-A118-8F99D06988CD}) (Version: 9.00.5000.00 - Microsoft Corporation)
Microsoft User-Mode Driver Framework Feature Pack 1.0 (HKLM\...\Wudf01000) (Version:  - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual Studio 6.0 Enterprise Edition (HKLM\...\Visual Studio 6.0 Enterprise Edition) (Version:  - )
Microsoft Web Publishing Wizard 1.53 (HKLM\...\WebPost) (Version:  - )
Mini-VCI Driver for TOYOTA TIS (HKLM\...\{E3BB0FD0-D226-4616-AF0A-ED0C2946B221}) (Version: 2.0.1 - XHorse Electronics)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 24.5.0 - Mozilla)
Mozilla Thunderbird 31.4.0 (x86 en-US) (HKLM\...\Mozilla Thunderbird 31.4.0 (x86 en-US)) (Version: 31.4.0 - Mozilla)
MSXML 4.0 SP2 (KB954430) (HKLM\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (HKLM\...\{196467F1-C11F-4F76-858B-5812ADC83B94}) (Version: 4.30.2100.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (KB2758694) (HKLM\...\{1D95BA90-F4F8-47EC-A882-441C99D30C1E}) (Version: 4.30.2117.0 - Microsoft Corporation)
Nero 2015 (HKLM\...\{763EF8DC-4CC0-47CA-BE1C-BDE731462250}) (Version: 16.0.02900 - Nero AG)
Nero Info (HKLM\...\{B791E0AB-87A9-41A4-8D98-D13C2E37D928}) (Version: 16.0.1003 - Nero AG)
Notepad++ (HKLM\...\Notepad++) (Version: 6.5.5 - Notepad++ Team)
oPlayer (HKLM\...\{AA1B7F27-A49D-4D7F-9755-570AF5597160}) (Version: 1.0.30 - object)
PDF Settings CS4 (Version: 9.0 - Adobe Systems Incorporated) Hidden
PDFCreator (HKLM\...\{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}) (Version: 1.7.2 - pdfforge)
Photoshop Camera Raw (Version: 5.0 - Adobe Systems Incorporated) Hidden
Pinnacle Studio 15 (HKLM\...\{1362E602-9625-42D3-B57F-CDA9D26F9DA8}) (Version: 15.0.0.7593 - Pinnacle Systems)
Pinnacle Video Driver (HKLM\...\{6DE721A5-5E89-4D74-994C-652BB3C0672E}) (Version: 12.1.0.030 - Pinnacle Systems)
Pixel Bender Toolkit (Version: 1.0 - Adobe Systems Incorporated) Hidden
Power Management Video Capture (HKLM\...\{A4441BE3-B97C-4DF4-BC37-476D4EF4F7FC}) (Version: 1.0.0.0 - CDS)
Power Management Video Capture 6.0 (HKLM\...\{981C714B-46F0-4569-8DDC-8D979381147C}) (Version: 1.00.0000 - Custom Design Systems)
Prerequisite installer (Version: 16.0.0000 - Nero AG) Hidden
proDAD DeFishr 1.0 (HKLM\...\proDAD-DeFishr-1.0) (Version: 1.0.34.1 - proDAD GmbH)
proDAD ProDRENALIN 1.0 (HKLM\...\proDAD-ProDRENALIN-1.0) (Version: 1.0.22.1 - proDAD GmbH)
QuickTime 7 (HKLM\...\{3D2CBC2C-65D4-4463-87AB-BB2C859C1F3E}) (Version: 7.76.80.95 - Apple Inc.)
Realtek High Definition Audio Driver (HKLM\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 5.10.0.5397 - Realtek Semiconductor Corp.)
RegistryNuke 2014 version 2.1.6.80 (HKLM\...\{D9DF8D5A-2160-402B-819F-A5A964215528}_is1) (Version: 2.1.6.80 - RegistryNuke, Inc.)
Segoe UI (Version: 14.0.4327.805 - Microsoft Corp) Hidden
Silicon Laboratories CP210x VCP Drivers for Windows 2000 (HKLM\...\{F321AEF3-B5B2-48E5-B8EC-6E66BF5611C6}) (Version: 6.3a - Silicon Laboratories, Inc.)
Suite Shared Configuration CS4 (Version: 1.0 - Adobe Systems Incorporated) Hidden
TAudioConverter version 0.9.4 (HKLM\...\{35FC8349-C27B-4680-ABF1-88F7FE893586}_is1) (Version: 0.9.4 - ozok)
TeamViewer 10 (HKLM\...\TeamViewer) (Version: 10.0.36897 - TeamViewer)
Techstream Software (HKLM\...\{937CA58A-0212-431C-8F0B-0D8305225476}) (Version: 9.10.037 - DENSO CORPORATION)
Techstream Software (Version: 9.10.037 - DENSO CORPORATION) Hidden
Ubiquiti UniFi (remove only) (HKLM\...\Ubiquiti UniFi) (Version:  - )
UltraMon (HKLM\...\{537056B7-32A4-4408-9B54-0341963C7C9C}) (Version: 3.1.0 - Realtime Soft Ltd)
Update for 2007 Microsoft Office System (KB967642) (HKLM\...\{90120000-0011-0000-0000-0000000FF1CE}_PROPLUS_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version:  - Microsoft)
WebFldrs XP (Version: 9.50.7523 - Microsoft Corporation) Hidden
Windows Driver Package - ASIX (AX88178) Net  (11/24/2010 1.4.3.64) (HKLM\...\DF90277CD2363EFE1D748D8390DD55C23C15287A) (Version: 11/24/2010 1.4.3.64 - ASIX)
Windows Driver Package - ASIX (AX88179) Net  (05/24/2013 1.4.2.0) (HKLM\...\5288666BFDA285DE4DAB4F62E30791A91D666A68) (Version: 05/24/2013 1.4.2.0 - ASIX)
Windows Driver Package - ASIX (AX88772) Net  (08/13/2013 3.4.5.0) (HKLM\...\29C706C4C0F23372272C1C8E9BF736C6E2A1B0D1) (Version: 08/13/2013 3.4.5.0 - ASIX)
Windows Driver Package - FTDI CDM Driver Package - Bus/D2XX Driver (07/12/2013 2.08.30) (HKLM\...\22CCD58B53472BE3FCAFF05631111C4062959A43) (Version: 07/12/2013 2.08.30 - FTDI)
Windows Driver Package - FTDI CDM Driver Package - VCP Driver (07/12/2013 2.08.30) (HKLM\...\BD00013670D26C16E19F284BF8E15DAF813497C7) (Version: 07/12/2013 2.08.30 - FTDI)
Windows Driver Package - GoPro (WinUSB) Universal Serial Bus devices  (03/07/2012 ) (HKLM\...\0B624A43DD66DBF5CF3EDFA9741A364E688062A4) (Version: 03/07/2012  - GoPro)
Windows Driver Package - Silicon Laboratories (silabenm) Ports  (03/19/2014 6.7.0.0) (HKLM\...\B97004A400E30DCF940971EFA7A0C13C6B0A4B66) (Version: 03/19/2014 6.7.0.0 - Silicon Laboratories)
Windows Driver Package - Silicon Laboratories (silabenm) Ports  (12/10/2012 6.6.1.0) (HKLM\...\D680DEE0F68D64EC53D0C5769879D15D387054CC) (Version: 12/10/2012 6.6.1.0 - Silicon Laboratories)
Windows Feature Pack for Storage (32-bit) - IMAPI update for Blu-Ray (HKLM\...\KB952011) (Version: 1.0 - Microsoft Corporation)
Windows Genuine Advantage Notifications (KB905474) (HKLM\...\WgaNotify) (Version: 1.9.0040.0 - Microsoft Corporation)
Windows Genuine Advantage Validation Tool (KB892130) (HKLM\...\KB892130) (Version:  - Microsoft Corporation)
Windows Genuine Advantage Validation Tool (KB892130) (HKLM\...\WGA) (Version: 1.7.0069.2 - Microsoft Corporation)
Windows Internet Explorer 8 (HKLM\...\ie8) (Version: 20090308.140743 - Microsoft Corporation)
Windows Live Essentials (HKLM\...\WinLiveSuite_Wave3) (Version: 14.0.8117.0416 - Microsoft Corporation)
Windows Live Sign-in Assistant (HKLM\...\{45338B07-A236-4270-9A77-EBB4115517B5}) (Version: 5.000.818.5 - Microsoft Corporation)
Windows Live Sync (HKLM\...\{B10914FD-8812-47A4-85A1-50FCDE7F1F33}) (Version: 14.0.8117.416 - Microsoft Corporation)
Windows Live Upload Tool (HKLM\...\{205C6BDD-7B73-42DE-8505-9A093F35A238}) (Version: 14.0.8014.1029 - Microsoft Corporation)
Windows Media Format 11 runtime (HKLM\...\Windows Media Format Runtime) (Version:  - )
Windows Media Player 11 (HKLM\...\Windows Media Player) (Version:  - )
XHeader (HKLM\...\XHeader) (Version: 1.215 - Intellimon)
XviD MPEG-4 Video Codec (HKLM\...\xvid) (Version:  - XviD Development Team)
 
==================== Custom CLSID (selected items): ==========================
 
(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)
 
CustomCLSID: HKU\S-1-5-21-1417001333-823518204-2147118731-1003_Classes\CLSID\{0000002F-0000-0000-C000-000000000046}\InprocServer32 -> C:\WINDOWS\system32\oleaut32.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1417001333-823518204-2147118731-1003_Classes\CLSID\{00020420-0000-0000-C000-000000000046}\InprocServer32 -> C:\WINDOWS\system32\oleaut32.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1417001333-823518204-2147118731-1003_Classes\CLSID\{00020421-0000-0000-C000-000000000046}\InprocServer32 -> C:\WINDOWS\system32\oleaut32.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1417001333-823518204-2147118731-1003_Classes\CLSID\{00020422-0000-0000-C000-000000000046}\InprocServer32 -> C:\WINDOWS\system32\oleaut32.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1417001333-823518204-2147118731-1003_Classes\CLSID\{00020423-0000-0000-C000-000000000046}\InprocServer32 -> C:\WINDOWS\system32\oleaut32.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1417001333-823518204-2147118731-1003_Classes\CLSID\{00020424-0000-0000-C000-000000000046}\InprocServer32 -> C:\WINDOWS\system32\oleaut32.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1417001333-823518204-2147118731-1003_Classes\CLSID\{00020425-0000-0000-C000-000000000046}\InprocServer32 -> C:\WINDOWS\system32\oleaut32.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1417001333-823518204-2147118731-1003_Classes\CLSID\{0002E005-0000-0000-C000-000000000046}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-1417001333-823518204-2147118731-1003_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Documents and Settings\Russ Baker\Application Data\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1417001333-823518204-2147118731-1003_Classes\CLSID\{0713E8A2-850A-101B-AFC0-4210102A8DA7}\InprocServer32 -> C:\WINDOWS\system32\comctl32.ocx (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1417001333-823518204-2147118731-1003_Classes\CLSID\{0713E8A8-850A-101B-AFC0-4210102A8DA7}\InprocServer32 -> C:\WINDOWS\system32\comctl32.ocx (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1417001333-823518204-2147118731-1003_Classes\CLSID\{0713E8D2-850A-101B-AFC0-4210102A8DA7}\InprocServer32 -> C:\WINDOWS\system32\comctl32.ocx (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1417001333-823518204-2147118731-1003_Classes\CLSID\{0713E8D8-850A-101B-AFC0-4210102A8DA7}\InprocServer32 -> C:\WINDOWS\system32\comctl32.ocx (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1417001333-823518204-2147118731-1003_Classes\CLSID\{0BE35203-8F91-11CE-9DE3-00AA004BB851}\InprocServer32 -> C:\WINDOWS\system32\oleaut32.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1417001333-823518204-2147118731-1003_Classes\CLSID\{0BE35204-8F91-11CE-9DE3-00AA004BB851}\InprocServer32 -> C:\WINDOWS\system32\oleaut32.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1417001333-823518204-2147118731-1003_Classes\CLSID\{373FF7F0-EB8B-11CD-8820-08002B2F4F5A}\InprocServer32 -> C:\WINDOWS\system32\comctl32.ocx (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1417001333-823518204-2147118731-1003_Classes\CLSID\{373FF7F4-EB8B-11CD-8820-08002B2F4F5A}\InprocServer32 -> C:\WINDOWS\system32\comctl32.ocx (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1417001333-823518204-2147118731-1003_Classes\CLSID\{46763EE0-CAB2-11CE-8C20-00AA0051E5D4}\InprocServer32 -> C:\WINDOWS\system32\oleaut32.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1417001333-823518204-2147118731-1003_Classes\CLSID\{58DA8D8A-9D6A-101B-AFC0-4210102A8DA7}\InprocServer32 -> C:\WINDOWS\system32\comctl32.ocx (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1417001333-823518204-2147118731-1003_Classes\CLSID\{58DA8D8F-9D6A-101B-AFC0-4210102A8DA7}\InprocServer32 -> C:\WINDOWS\system32\comctl32.ocx (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1417001333-823518204-2147118731-1003_Classes\CLSID\{58DA8D93-9D6A-101B-AFC0-4210102A8DA7}\InprocServer32 -> C:\WINDOWS\system32\comctl32.ocx (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1417001333-823518204-2147118731-1003_Classes\CLSID\{58DA8D96-9D6A-101B-AFC0-4210102A8DA7}\InprocServer32 -> C:\WINDOWS\system32\comctl32.ocx (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1417001333-823518204-2147118731-1003_Classes\CLSID\{5ACBB955-5C57-11CF-8993-00AA00688B10}\InprocServer32 -> C:\WINDOWS\system32\comctl32.ocx (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1417001333-823518204-2147118731-1003_Classes\CLSID\{5ACBB956-5C57-11CF-8993-00AA00688B10}\InprocServer32 -> C:\WINDOWS\system32\comctl32.ocx (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1417001333-823518204-2147118731-1003_Classes\CLSID\{5ACBB957-5C57-11CF-8993-00AA00688B10}\InprocServer32 -> C:\WINDOWS\system32\comctl32.ocx (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1417001333-823518204-2147118731-1003_Classes\CLSID\{5ACBB958-5C57-11CF-8993-00AA00688B10}\InprocServer32 -> C:\WINDOWS\system32\comctl32.ocx (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1417001333-823518204-2147118731-1003_Classes\CLSID\{5B004CDE-0211-469C-B9B5-0552E7E63917}\InprocServer32 -> C:\Program Files\Pinnacle\Shared Files\Filter\MarvinAVRenderer.ax (Pinnacle Systems GmbH)
CustomCLSID: HKU\S-1-5-21-1417001333-823518204-2147118731-1003_Classes\CLSID\{6027C2D4-FB28-11CD-8820-08002B2F4F5A}\InprocServer32 -> C:\WINDOWS\system32\comctl32.ocx (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1417001333-823518204-2147118731-1003_Classes\CLSID\{612A8624-0FB3-11CE-8747-524153480004}\InprocServer32 -> C:\WINDOWS\system32\comctl32.ocx (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1417001333-823518204-2147118731-1003_Classes\CLSID\{612A8628-0FB3-11CE-8747-524153480004}\InprocServer32 -> C:\WINDOWS\system32\comctl32.ocx (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1417001333-823518204-2147118731-1003_Classes\CLSID\{62823C20-41A3-11CE-9E8B-0020AF039CA3}\InprocServer32 -> C:\WINDOWS\system32\comctl32.ocx (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1417001333-823518204-2147118731-1003_Classes\CLSID\{6B7E638F-850A-101B-AFC0-4210102A8DA7}\InprocServer32 -> C:\WINDOWS\system32\comctl32.ocx (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1417001333-823518204-2147118731-1003_Classes\CLSID\{6B7E6393-850A-101B-AFC0-4210102A8DA7}\InprocServer32 -> C:\WINDOWS\system32\comctl32.ocx (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1417001333-823518204-2147118731-1003_Classes\CLSID\{6B7E63A3-850A-101B-AFC0-4210102A8DA7}\InprocServer32 -> C:\WINDOWS\system32\comctl32.ocx (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1417001333-823518204-2147118731-1003_Classes\CLSID\{77D8C8C7-6B46-4429-B876-DBC006C96EB1}\InprocServer32 -> C:\Program Files\Pinnacle\Shared Files\Filter\MarvinAVRenderer.ax (Pinnacle Systems GmbH)
CustomCLSID: HKU\S-1-5-21-1417001333-823518204-2147118731-1003_Classes\CLSID\{9ED94440-E5E8-101B-B9B5-444553540000}\InprocServer32 -> C:\WINDOWS\system32\comctl32.ocx (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1417001333-823518204-2147118731-1003_Classes\CLSID\{9ED94444-E5E8-101B-B9B5-444553540000}\InprocServer32 -> C:\WINDOWS\system32\comctl32.ocx (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1417001333-823518204-2147118731-1003_Classes\CLSID\{B196B286-BAB4-101A-B69C-00AA00341D07}\InprocServer32 -> C:\WINDOWS\system32\oleaut32.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1417001333-823518204-2147118731-1003_Classes\CLSID\{B66834C6-2E60-11CE-8748-524153480004}\InprocServer32 -> C:\WINDOWS\system32\comctl32.ocx (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1417001333-823518204-2147118731-1003_Classes\CLSID\{CD37ED08-860C-4B86-AD25-5587D8386587}\InprocServer32 -> C:\Program Files\Pinnacle\Shared Files\Filter\MarvinAVRenderer.ax (Pinnacle Systems GmbH)
CustomCLSID: HKU\S-1-5-21-1417001333-823518204-2147118731-1003_Classes\CLSID\{D5DE8D20-5BB8-11D1-A1E3-00A0C90F2731}\InprocServer32 -> C:\WINDOWS\system32\msvbvm60.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1417001333-823518204-2147118731-1003_Classes\CLSID\{E69341A3-E6D2-4175-B60C-C9D3D6FA40F6}\localserver32 -> C:\Documents and Settings\Russ Baker\Application Data\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1417001333-823518204-2147118731-1003_Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Documents and Settings\Russ Baker\Application Data\Dropbox\bin\DropboxExt.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1417001333-823518204-2147118731-1003_Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Documents and Settings\Russ Baker\Application Data\Dropbox\bin\DropboxExt.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1417001333-823518204-2147118731-1003_Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Documents and Settings\Russ Baker\Application Data\Dropbox\bin\DropboxExt.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1417001333-823518204-2147118731-1003_Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Documents and Settings\Russ Baker\Application Data\Dropbox\bin\DropboxExt.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1417001333-823518204-2147118731-1003_Classes\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Documents and Settings\Russ Baker\Application Data\Dropbox\bin\DropboxExt.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1417001333-823518204-2147118731-1003_Classes\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Documents and Settings\Russ Baker\Application Data\Dropbox\bin\DropboxExt.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1417001333-823518204-2147118731-1003_Classes\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Documents and Settings\Russ Baker\Application Data\Dropbox\bin\DropboxExt.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1417001333-823518204-2147118731-1003_Classes\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Documents and Settings\Russ Baker\Application Data\Dropbox\bin\DropboxExt.24.dll (Dropbox, Inc.)
 
==================== Restore Points  =========================
 
 
==================== Hosts content: ==========================
 
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 
2008-04-14 05:00 - 2014-08-20 17:51 - 00001042 ____A C:\WINDOWS\system32\Drivers\etc\hosts
127.0.0.1       localhost
127.0.0.1                   activate.adobe.com
127.0.0.1                   practivate.adobe.com
127.0.0.1                   lmlicenses.wip4.adobe.com
127.0.0.1                   lm.licenses.adobe.com
127.0.0.1                   na1r.services.adobe.com
127.0.0.1                   hlrcv.stage.adobe.com
 
 
==================== Scheduled Tasks (whitelisted) =============
 
 
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
 
Task: C:\WINDOWS\Tasks\Adobe Flash Player Updater.job => C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\WINDOWS\Tasks\AdobeAAMUpdater-1.0-RUSS-Russ Baker.job => C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\updaterstartuputility.exe
Task: C:\WINDOWS\Tasks\AppleSoftwareUpdate.job => C:\Program Files\Apple Software Update\SoftwareUpdate.exe
Task: C:\WINDOWS\Tasks\fba_PM Source.job => C:\Program Files\Softland\FBackup 5\bSchedStarter.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\Microsoft Antimalware Scheduled Scan.job => c:\Program Files\Microsoft Security Client\MpCmdRun.exe
Task: C:\WINDOWS\Tasks\Nero Info.job => C:\Program Files\Common Files\Nero\Nero Info\NeroInfo.exe
 
==================== Loaded Modules (whitelisted) =============
 
2015-01-24 13:05 - 2013-03-19 12:07 - 00508136 _____ () C:\Program Files\Bitdefender\Antivirus Free Edition\sqlite3.dll
2015-01-24 13:05 - 2013-09-03 14:29 - 00095088 _____ () C:\Program Files\Bitdefender\Antivirus Free Edition\BDMetrics.dll
2014-02-12 19:58 - 2014-02-12 19:58 - 00073544 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
2014-10-11 13:05 - 2014-10-11 13:05 - 01044776 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
2014-03-28 02:35 - 2014-03-28 02:35 - 00093696 _____ () C:\Program Files\FileZilla FTP Client\fzshellext.dll
2014-04-05 10:28 - 2013-09-04 10:19 - 00098888 _____ () C:\Program Files\EaseUS\Todo Backup\bin\CodeLog.dll
2014-04-05 10:28 - 2013-11-14 13:59 - 00031304 _____ () C:\Program Files\EaseUS\Todo Backup\bin\CheckTool.dll
2014-04-05 10:28 - 2008-11-25 16:18 - 01291264 _____ () C:\Program Files\EaseUS\Todo Backup\bin\libxml2.dll
2014-04-05 10:28 - 2004-10-05 02:08 - 00055808 _____ () C:\Program Files\EaseUS\Todo Backup\bin\zlib1.dll
2014-04-05 10:28 - 2013-09-04 10:19 - 00029768 _____ () C:\Program Files\EaseUS\Todo Backup\bin\CompressFile.dll
2014-04-05 10:28 - 2013-09-04 10:19 - 00050248 _____ () C:\Program Files\EaseUS\Todo Backup\bin\TBGetRemoteNetInfo.dll
2014-04-05 10:28 - 2014-01-13 17:06 - 00105544 _____ () C:\Program Files\EaseUS\Todo Backup\bin\ActivationOnline.dll
2014-04-05 10:28 - 2013-09-04 10:19 - 00030280 _____ () C:\Program Files\EaseUS\Todo Backup\bin\DiskSearchImg.dll
2014-04-05 10:28 - 2013-09-04 10:19 - 00293960 _____ () C:\Program Files\EaseUS\Todo Backup\bin\ExchBackupSize.dll
2014-04-05 10:28 - 2013-09-04 10:19 - 00578632 _____ () C:\Program Files\EaseUS\Todo Backup\bin\ExImage.dll
2014-04-05 10:28 - 2013-09-04 10:19 - 00468040 _____ () C:\Program Files\EaseUS\Todo Backup\bin\ExchBackupSizeEx.dll
2014-04-05 10:28 - 2013-09-04 10:19 - 00192072 _____ () C:\Program Files\EaseUS\Todo Backup\bin\EmailBackupSize.dll
2014-04-05 10:28 - 2013-12-23 10:01 - 00281672 _____ () C:\Program Files\EaseUS\Todo Backup\bin\AndroidImage.dll
2014-04-05 10:28 - 2013-09-04 10:19 - 00068680 _____ () C:\Program Files\EaseUS\Todo Backup\bin\EnumTapeDevice.dll
2014-04-05 10:28 - 2013-09-04 10:19 - 00069192 _____ () C:\Program Files\EaseUS\Todo Backup\bin\TbTapeBrowse.dll
2014-04-05 10:28 - 2013-09-04 10:19 - 00022600 _____ () C:\Program Files\EaseUS\Todo Backup\bin\AccountManager.dll
2014-04-05 10:28 - 2013-09-04 10:19 - 00115784 _____ () C:\Program Files\EaseUS\Todo Backup\bin\NasOperator.dll
2014-04-05 10:28 - 2013-09-04 10:19 - 00192584 _____ () C:\Program Files\EaseUS\Todo Backup\bin\EmailBrowser.dll
2014-04-05 10:28 - 2013-09-04 10:19 - 00135752 _____ () C:\Program Files\EaseUS\Todo Backup\bin\CloudOperator.dll
2014-04-05 10:28 - 2013-10-22 16:31 - 00037960 _____ () C:\Program Files\EaseUS\Todo Backup\bin\ActiveOnline.dll
2014-04-05 10:28 - 2013-09-04 10:19 - 00135240 _____ () C:\Program Files\EaseUS\Todo Backup\bin\VMConfig.dll
2014-04-05 10:28 - 2013-12-24 16:42 - 00017992 _____ () C:\Program Files\EaseUS\Todo Backup\bin\AndroidDeviceManager.dll
2014-04-05 10:28 - 2013-09-04 10:19 - 00096840 _____ () C:\Program Files\EaseUS\Todo Backup\bin\TBFireWall.dll
2014-04-08 08:51 - 2012-04-09 13:26 - 00149360 _____ () C:\ICVERIFY\ICWin420\Jcard\JCardService.exe
2014-04-08 08:51 - 2012-04-09 13:24 - 00055152 _____ () C:\ICVERIFY\ICWin420\PCVXWinServiceManager.exe
2008-04-14 05:00 - 2013-01-01 23:49 - 01292288 _____ () C:\WINDOWS\system32\quartz.dll
2008-04-14 05:00 - 2008-04-14 05:00 - 00059904 _____ () C:\WINDOWS\system32\devenum.dll
2008-04-14 05:00 - 2008-04-14 05:00 - 00014336 _____ () C:\WINDOWS\system32\msdmo.dll
2014-04-05 10:29 - 2013-09-04 10:59 - 00253512 _____ () C:\Program Files\EaseUS\TrayPopup\TrayTipAgent.exe
2014-04-05 10:29 - 2013-09-04 10:57 - 00222792 _____ () C:\Program Files\EaseUS\TrayPopup\traynet.dll
2014-04-05 10:29 - 2013-09-04 10:57 - 00275528 _____ () C:\Program Files\EaseUS\TrayPopup\libcurl.dll
2014-04-05 10:29 - 2013-08-15 08:18 - 00113166 _____ () C:\Program Files\EaseUS\TrayPopup\zlib1.dll
2014-04-05 10:29 - 2013-08-22 16:13 - 00249928 _____ () C:\Program Files\EaseUS\TrayPopup\uexper.dll
2014-09-27 15:12 - 2014-10-31 16:40 - 01498112 _____ () C:\Program Files\Common Files\iSkysoft\iSkysoft Helper Compact\DAQExp.dll
2014-09-27 15:12 - 2014-05-19 17:19 - 00137728 _____ () C:\Program Files\Common Files\iSkysoft\iSkysoft Helper Compact\CBSCreateVC.dll
2014-12-21 11:54 - 2014-06-04 10:21 - 00571904 _____ () C:\Program Files\Common Files\Wondershare\Wondershare Helper Compact\DAQExp.dll
2014-12-21 11:54 - 2014-05-19 17:19 - 00137728 _____ () C:\Program Files\Common Files\Wondershare\Wondershare Helper Compact\CBSCreateVC.dll
2014-04-01 17:17 - 2014-04-01 17:17 - 00460800 ____R () C:\Program Files\Softland\FBackup 5\bResourceStrings.bpl
2014-04-01 17:02 - 2014-04-01 17:02 - 00684032 ____R () C:\Program Files\Softland\FBackup 5\libeay32.dll
2014-04-01 17:02 - 2014-04-01 17:02 - 00155648 ____R () C:\Program Files\Softland\FBackup 5\ssleay32.dll
2014-04-01 17:02 - 2014-04-01 17:02 - 00642016 ____R () C:\Program Files\Softland\FBackup 5\sqlite3.dll
2014-12-22 13:00 - 2014-12-16 15:22 - 00750080 _____ () C:\Documents and Settings\Russ Baker\Application Data\Dropbox\bin\libGLESv2.dll
2015-01-25 12:55 - 2015-01-25 12:55 - 00043008 _____ () c:\Documents and Settings\Russ Baker\Local Settings\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpa0o78l.dll
2014-12-22 13:00 - 2014-12-16 15:22 - 00047616 _____ () C:\Documents and Settings\Russ Baker\Application Data\Dropbox\bin\libEGL.dll
2014-12-22 13:00 - 2014-12-16 15:22 - 00863744 _____ () C:\Documents and Settings\Russ Baker\Application Data\Dropbox\bin\plugins\platforms\qwindows.dll
2014-12-22 13:00 - 2014-12-16 15:22 - 00200704 _____ () C:\Documents and Settings\Russ Baker\Application Data\Dropbox\bin\plugins\imageformats\qjpeg.dll
2015-01-14 10:27 - 2015-01-14 10:27 - 03347056 _____ () C:\Program Files\Mozilla Thunderbird\mozjs.dll
2015-01-14 10:27 - 2015-01-14 10:27 - 00158832 _____ () C:\Program Files\Mozilla Thunderbird\NSLDAP32V60.dll
2015-01-14 10:27 - 2015-01-14 10:27 - 00023152 _____ () C:\Program Files\Mozilla Thunderbird\NSLDAPPR32V60.dll
2014-04-04 10:44 - 2012-11-21 06:26 - 00008704 _____ () C:\Documents and Settings\Russ Baker\Application Data\Thunderbird\Profiles\b5sikllz.default\extensions\mintrayr@tn123.ath.cx\lib\tray_x86-msvc.dll
2015-01-25 12:54 - 2015-01-25 12:54 - 00098816 _____ () C:\Documents and Settings\Russ Baker\Local Settings\Temp\_MEI28002\win32api.pyd
2015-01-25 12:54 - 2015-01-25 12:54 - 00110080 _____ () C:\Documents and Settings\Russ Baker\Local Settings\Temp\_MEI28002\pywintypes27.dll
2015-01-25 12:54 - 2015-01-25 12:54 - 00364544 _____ () C:\Documents and Settings\Russ Baker\Local Settings\Temp\_MEI28002\pythoncom27.dll
2015-01-25 12:54 - 2015-01-25 12:54 - 00045568 _____ () C:\Documents and Settings\Russ Baker\Local Settings\Temp\_MEI28002\_socket.pyd
2015-01-25 12:54 - 2015-01-25 12:54 - 01160704 _____ () C:\Documents and Settings\Russ Baker\Local Settings\Temp\_MEI28002\_ssl.pyd
2015-01-25 12:54 - 2015-01-25 12:54 - 00320512 _____ () C:\Documents and Settings\Russ Baker\Local Settings\Temp\_MEI28002\win32com.shell.shell.pyd
2015-01-25 12:54 - 2015-01-25 12:54 - 00713216 _____ () C:\Documents and Settings\Russ Baker\Local Settings\Temp\_MEI28002\_hashlib.pyd
2015-01-25 12:54 - 2015-01-25 12:54 - 01175040 _____ () C:\Documents and Settings\Russ Baker\Local Settings\Temp\_MEI28002\wx._core_.pyd
2015-01-25 12:54 - 2015-01-25 12:54 - 00805888 _____ () C:\Documents and Settings\Russ Baker\Local Settings\Temp\_MEI28002\wx._gdi_.pyd
2015-01-25 12:54 - 2015-01-25 12:54 - 00811008 _____ () C:\Documents and Settings\Russ Baker\Local Settings\Temp\_MEI28002\wx._windows_.pyd
2015-01-25 12:54 - 2015-01-25 12:54 - 01062400 _____ () C:\Documents and Settings\Russ Baker\Local Settings\Temp\_MEI28002\wx._controls_.pyd
2015-01-25 12:54 - 2015-01-25 12:54 - 00735232 _____ () C:\Documents and Settings\Russ Baker\Local Settings\Temp\_MEI28002\wx._misc_.pyd
2015-01-25 12:54 - 2015-01-25 12:54 - 00557056 _____ () C:\Documents and Settings\Russ Baker\Local Settings\Temp\_MEI28002\pysqlite2._sqlite.pyd
2015-01-25 12:54 - 2015-01-25 12:54 - 00128512 _____ () C:\Documents and Settings\Russ Baker\Local Settings\Temp\_MEI28002\_elementtree.pyd
2015-01-25 12:54 - 2015-01-25 12:54 - 00127488 _____ () C:\Documents and Settings\Russ Baker\Local Settings\Temp\_MEI28002\pyexpat.pyd
2015-01-25 12:54 - 2015-01-25 12:54 - 00087552 _____ () C:\Documents and Settings\Russ Baker\Local Settings\Temp\_MEI28002\_ctypes.pyd
2015-01-25 12:54 - 2015-01-25 12:54 - 00119808 _____ () C:\Documents and Settings\Russ Baker\Local Settings\Temp\_MEI28002\win32file.pyd
2015-01-25 12:54 - 2015-01-25 12:54 - 00108544 _____ () C:\Documents and Settings\Russ Baker\Local Settings\Temp\_MEI28002\win32security.pyd
2015-01-25 12:54 - 2015-01-25 12:54 - 00007168 _____ () C:\Documents and Settings\Russ Baker\Local Settings\Temp\_MEI28002\hashobjs_ext.pyd
2015-01-25 12:54 - 2015-01-25 12:54 - 00167936 _____ () C:\Documents and Settings\Russ Baker\Local Settings\Temp\_MEI28002\win32gui.pyd
2015-01-25 12:54 - 2015-01-25 12:54 - 00018432 _____ () C:\Documents and Settings\Russ Baker\Local Settings\Temp\_MEI28002\win32event.pyd
2015-01-25 12:54 - 2015-01-25 12:54 - 00038912 _____ () C:\Documents and Settings\Russ Baker\Local Settings\Temp\_MEI28002\win32inet.pyd
2015-01-25 12:54 - 2015-01-25 12:54 - 00011264 _____ () C:\Documents and Settings\Russ Baker\Local Settings\Temp\_MEI28002\win32crypt.pyd
2015-01-25 12:54 - 2015-01-25 12:54 - 00070656 _____ () C:\Documents and Settings\Russ Baker\Local Settings\Temp\_MEI28002\wx._html2.pyd
2015-01-25 12:54 - 2015-01-25 12:54 - 00027136 _____ () C:\Documents and Settings\Russ Baker\Local Settings\Temp\_MEI28002\_multiprocessing.pyd
2015-01-25 12:54 - 2015-01-25 12:54 - 00035840 _____ () C:\Documents and Settings\Russ Baker\Local Settings\Temp\_MEI28002\win32process.pyd
2015-01-25 12:54 - 2015-01-25 12:54 - 00686080 _____ () C:\Documents and Settings\Russ Baker\Local Settings\Temp\_MEI28002\unicodedata.pyd
2015-01-25 12:54 - 2015-01-25 12:54 - 00122368 _____ () C:\Documents and Settings\Russ Baker\Local Settings\Temp\_MEI28002\wx._wizard.pyd
2015-01-25 12:54 - 2015-01-25 12:54 - 00024064 _____ () C:\Documents and Settings\Russ Baker\Local Settings\Temp\_MEI28002\win32pipe.pyd
2015-01-25 12:54 - 2015-01-25 12:54 - 00025600 _____ () C:\Documents and Settings\Russ Baker\Local Settings\Temp\_MEI28002\win32pdh.pyd
2015-01-25 12:54 - 2015-01-25 12:54 - 00525640 _____ () C:\Documents and Settings\Russ Baker\Local Settings\Temp\_MEI28002\windows._lib_cacheinvalidation.pyd
2015-01-25 12:54 - 2015-01-25 12:54 - 00010240 _____ () C:\Documents and Settings\Russ Baker\Local Settings\Temp\_MEI28002\select.pyd
2015-01-25 12:54 - 2015-01-25 12:54 - 00017408 _____ () C:\Documents and Settings\Russ Baker\Local Settings\Temp\_MEI28002\win32profile.pyd
2015-01-25 12:54 - 2015-01-25 12:54 - 00022528 _____ () C:\Documents and Settings\Russ Baker\Local Settings\Temp\_MEI28002\win32ts.pyd
2015-01-25 12:54 - 2015-01-25 12:54 - 00078336 _____ () C:\Documents and Settings\Russ Baker\Local Settings\Temp\_MEI28002\wx._animate.pyd
2015-01-22 20:32 - 2015-01-20 20:50 - 09171272 _____ () C:\Program Files\Google\Chrome\Application\40.0.2214.91\pdf.dll
2008-05-07 20:33 - 2008-05-07 20:33 - 00417792 _____ () C:\Program Files\Adobe\Acrobat 9.0\Acrobat\AdobeXMP.dll
2008-06-11 23:00 - 2008-06-11 23:00 - 00237568 _____ () C:\Program Files\Adobe\Acrobat 9.0\Acrobat\sqlite.dll
 
==================== Alternate Data Streams (whitelisted) =========
 
(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)
 
AlternateDataStreams: C:\Documents and Settings\All Users\Application Data\TEMP:054203E4
AlternateDataStreams: C:\Documents and Settings\Russ Baker\Desktop\AA_v35.exe:BDU
 
==================== Safe Mode (whitelisted) ===================
 
(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
 
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot => "AlternateShell"=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\network\SMPCHelper => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\network\tvnserver => ""=""
 
==================== EXE Association (whitelisted) =============
 
(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)
 
 
==================== MSCONFIG/TASK MANAGER disabled items =========
 
(Currently there is no automatic fix for this section.)
 
 
========================= Accounts: ==========================
 
Administrator (S-1-5-21-1417001333-823518204-2147118731-500 - Administrator - Enabled) => %SystemDrive%\Documents and Settings\Administrator
ASPNET (S-1-5-21-1417001333-823518204-2147118731-1005 - Limited - Enabled)
Guest (S-1-5-21-1417001333-823518204-2147118731-501 - Limited - Enabled)
HelpAssistant (S-1-5-21-1417001333-823518204-2147118731-1000 - Limited - Disabled)
Russ Baker (S-1-5-21-1417001333-823518204-2147118731-1003 - Administrator - Enabled) => %SystemDrive%\Documents and Settings\Russ Baker
SUPPORT_388945a0 (S-1-5-21-1417001333-823518204-2147118731-1002 - Limited - Disabled)
VUSR_RUSS (S-1-5-21-1417001333-823518204-2147118731-1009 - Limited - Enabled)
 
==================== Faulty Device Manager Devices =============
 
Name: 
Description: 
Class Guid: {4D36E97E-E325-11CE-BFC1-08002BE10318}
Manufacturer: 
Service: 
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (01/25/2015 00:45:26 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application adwcleaner_4.109.exe, version 4.1.0.9, faulting module unknown, version 0.0.0.0, fault address 0x188052d3.
Processing media-specific event for [adwcleaner_4.109.exe!ws!]
 
Error: (01/24/2015 03:33:34 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Hanging application adwcleaner_4.109.exe, version 4.1.0.9, hang module hungapp, version 0.0.0.0, hang address 0x00000000.
 
Error: (01/24/2015 11:46:26 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application adwcleaner_4.109.exe, version 4.1.0.9, faulting module unknown, version 0.0.0.0, fault address 0x188052d3.
Processing media-specific event for [adwcleaner_4.109.exe!ws!]
 
Error: (01/24/2015 11:20:10 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application carboniteservice.exe, version 5.7.1.4562, faulting module carboniteservice.exe, version 5.7.1.4562, fault address 0x001393c5.
Processing media-specific event for [carboniteservice.exe!ws!]
 
Error: (01/24/2015 11:12:22 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application adwcleaner_4.109.exe, version 4.1.0.9, faulting module unknown, version 0.0.0.0, fault address 0x188052d3.
Processing media-specific event for [adwcleaner_4.109.exe!ws!]
 
Error: (01/24/2015 09:58:26 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application carboniteservice.exe, version 5.7.1.4562, faulting module carboniteservice.exe, version 5.7.1.4562, fault address 0x001393d1.
Processing media-specific event for [carboniteservice.exe!ws!]
 
Error: (01/24/2015 08:17:09 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Hanging application adwcleaner_4.109.exe, version 4.1.0.9, hang module hungapp, version 0.0.0.0, hang address 0x00000000.
 
Error: (01/23/2015 05:26:44 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Hanging application chrome.exe, version 40.0.2214.91, hang module hungapp, version 0.0.0.0, hang address 0x00000000.
 
Error: (01/23/2015 02:13:49 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application explorer.exe, version 6.0.2900.5512, faulting module CarboniteNSE.dll, version 5.7.1.4562, fault address 0x000ae8f0.
Processing media-specific event for [explorer.exe!ws!]
 
Error: (01/23/2015 06:56:53 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Hanging application chrome.exe, version 40.0.2214.91, hang module hungapp, version 0.0.0.0, hang address 0x00000000.
 
 
System errors:
=============
Error: (01/25/2015 02:18:54 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The FBackup 5 Service service terminated unexpectedly.  It has done this 1 time(s).
 
Error: (01/25/2015 01:04:31 PM) (Source: 0) (EventID: 12) (User: )
Description: \Device\HarddiskVolumeShadowCopy1C:C:
 
Error: (01/25/2015 01:00:46 PM) (Source: 0) (EventID: 25) (User: )
Description: \Device\HarddiskVolumeShadowCopy1C:
 
Error: (01/25/2015 00:59:12 PM) (Source: 0) (EventID: 12) (User: )
Description: \Device\HarddiskVolumeShadowCopy1C:C:
 
Error: (01/25/2015 00:53:38 PM) (Source: Service Control Manager) (EventID: 7022) (User: )
Description: The PCVXFileMonitor service hung on starting.
 
Error: (01/25/2015 00:51:49 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: The System Restore Service service terminated with the following error: 
%%2
 
Error: (01/25/2015 00:51:49 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Freemake Improver service failed to start due to the following error: 
%%3
 
Error: (01/25/2015 00:51:40 PM) (Source: SRService) (EventID: 104) (User: )
Description: The System Restore initialization process failed.
 
Error: (01/25/2015 00:51:12 PM) (Source: 0) (EventID: 4307) (User: )
Description: 
 
Error: (01/25/2015 07:59:13 AM) (Source: Service Control Manager) (EventID: 7022) (User: )
Description: The PCVXFileMonitor service hung on starting.
 
 
Microsoft Office Sessions:
=========================
 
==================== Memory info =========================== 
 
Processor: Intel® Core™2 CPU 6600 @ 2.40GHz
Percentage of memory in use: 48%
Total physical RAM: 3071.17 MB
Available physical RAM: 1589.48 MB
Total Pagefile: 4956.21 MB
Available Pagefile: 3265.89 MB
Total Virtual: 2047.88 MB
Available Virtual: 1904.39 MB
 
==================== Drives ================================
 
Drive c: () (Fixed) (Total:931.5 GB) (Free:772.95 GB) NTFS ==>[Drive with boot components (Windows XP)]
Drive i: () (Network) (Total:916.41 GB) (Free:396.64 GB) 
Drive o: () (Network) (Total:931.51 GB) (Free:630.68 GB) 
Drive p: () (Network) (Total:931.51 GB) (Free:630.68 GB) 
Drive w: () (Network) (Total:916.41 GB) (Free:396.64 GB) 
Drive y: () (Network) (Total:916.41 GB) (Free:396.64 GB) 
Drive z: (Big Drive) (Fixed) (Total:931.51 GB) (Free:630.68 GB) NTFS
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (MBR Code: Windows XP) (Size: 1863 GB) (Disk ID: 53DE558E)
Partition 1: (Active) - (Size=931.5 GB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=931.5 GB) - (Type=07 NTFS)
 
==================== End Of Log ============================


#9 bzncrew

bzncrew
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:06:51 PM

Posted 25 January 2015 - 04:32 PM

When I attempt to open Bitdefender (antivirus) it get the message

Windows cannot open this program because it has been prevented by a software restriction policy.  For more information, open Event Viewer or contact your system administrator.

 

Path is  c:\Program Files\Bitdefender\Antivirus Free Edition\gziface.exe



#10 Machiavelli

Machiavelli

    Agent 007


  • Malware Response Instructor
  • 4,088 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:08:51 PM

Posted 26 January 2015 - 10:38 AM

Hey, :)

Step 1: FRST Fix
  • Please open Notepad.exe. Make sure that you don't use any other software than Notepad.exe!
  • Copy and Paste the content of the codebox below into the empty textfile:

    HKLM\...\Run: [] => [X]
    HKLM Group Policy restriction on software: C:\Documents and Settings\All Users\Application Data\McAfee <====== ATTENTION
    HKLM Group Policy restriction on software: C:\Program Files\Malwarebytes' Anti-Malware <====== ATTENTION
    HKLM Group Policy restriction on software: C:\Program Files\BitDefender <====== ATTENTION
    HKLM Group Policy restriction on software: C:\Documents and Settings\All Users\Application Data\Microsoft\Microsoft Antimalware <====== ATTENTION
    HKLM Group Policy restriction on software: C:\Documents and Settings\All Users\Application Data\Malwarebytes <====== ATTENTION
    HKLM\Software\Policies\Microsoft\Windows NT\SystemRestore: [DisableSR/DisableConfig]  <===== ATTENTION
    HKU\S-1-5-21-1417001333-823518204-2147118731-1003\...\Run: [AdobeBridge] => [X]
    HKU\S-1-5-21-1417001333-823518204-2147118731-1003\...\MountPoints2: {b69dabc7-c68f-11e3-b3a7-001d6082781d} - "D:\WD SmartWare.exe" autoplay=true
    Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\UltraMon.lnk
    ShortcutTarget: UltraMon.lnk -> C:\WINDOWS\Installer\{537056B7-32A4-4408-9B54-0341963C7C9C}\IcoUltraMon.ico ()
    ShellIconOverlayIdentifiers: [1SecureIconsProvider] -> {FC9D8189-520A-4417-AED7-9EAC810C6FBA} => C:\Documents and Settings\All Users\Application Data\Microsoft\Secure\Icons\SecureIconsProvider.dll No File
    SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
    SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
    SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
    Handler: WSISVCUchrome - {78A543EB-3A61-4ED3 -  No File
    Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
    CHR HomePage: Default -> hxxp://www.trovi.com/?gd=&ctid=CT3322288&octid=EB_ORIGINAL_CTID&ISID=M262324D9-FEFF-4554-9DA9-D8894C978B19&SearchSource=55&CUI=&UM=8&UP=SP42F80402-3083-44BB-B1AA-518CCB6431CB&SSPV=
    CHR StartupUrls: Default -> ""
    CHR HKU\S-1-5-21-1417001333-823518204-2147118731-1003\...\Chrome\Extension: [lmjegmlicamnimmfhcmpkclmigmmcbeh] - No Path
    C:\Documents and Settings\LocalService\NTUSER(1).DAT
    C:\Documents and Settings\NetworkService\NTUSER(1).DAT
    C:\Documents and Settings\Russ Baker\NTUSER(1).DAT
    CustomCLSID: HKU\S-1-5-21-1417001333-823518204-2147118731-1003_Classes\CLSID\{0002E005-0000-0000-C000-000000000046}\InprocServer32 -> No File Path
    AlternateDataStreams: C:\Documents and Settings\All Users\Application Data\TEMP:054203E4
    AlternateDataStreams: C:\Documents and Settings\Russ Baker\Desktop\AA_v35.exe:BDU
    EmptyTemp:
  • Then click on File >> Save as
    • File Name: Fixlist.txt
    • From the Save as type drop down list, choose All Files
  • It is very important that you save this textfile on your Desktop!
Note: It's important that both files, FRST.exe/FRST64.exe and fixlist.txt are in the same location or the fix will not work
NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system
  • Run FRST.exe/FRST64.exe (Note: If FRST advises there is a new updated version to be downloaded, allow this.)and press the Fix button just once and wait
  • If for some reason the tool needs a restart, please make sure you let the system restart normally, then let the tool complete its run
  • When finished, FRST will generate a log (Fixlog.txt) in the same location the tool was run, please post it to your reply
Step 2: FRST Scan
  • Run FRST. (if you have Windows Vista / Windows 7 / Windows 8: Please do a Right click on the FRST icon and select Run as Administrator)
  • Click Scan to start FRST.
  • When FRST finishes scanning, a log, FRST.txt, will open.
  • Copy (Ctrl+C) and Paste (Ctrl+V) the contents of this log into your next post please.
Step 3: ESET

Please run a free online scan with the ESET Online Scanner:

IMPORTANT: You MUST use Internet Explorer for this step!
  • Visit the ESET Online Scanner Web Page
  • Select the blue Run ESET Online Scanner button:
    ESET1_zps23a5e840.png
  • Tick the box next to YES, I accept the Terms of Use and click Start
    ESET_EULA2_zps9451f1c3.png
  • When asked, allow the ActiveX control to install.
  • Select Enable detection of potentially unwanted applications and select Advanced Settings:
    ESET2_zpsc701c045.png
  • Make sure to check the options Remove found threats and Enable Anti-Stealth technology are checked:
    ESET4_zps0afafd0d.png
  • Click Start. (This scan can take several hours, so please be patient):
    ESET3_zpsccd1657d.png
  • Once the scan is completed, select List of found threats:
    ESET5_zpsd27be299.png
  • Select Export to text file... and save the file as ESETlog.txt on your Desktop:
    ESET6_zpsc17d154e.png
  • Click the Back button.
  • Click the Finish button:
    ESET9_zps51587217.png
  • Use Notepad to open the saved log file (on your Desktop- ESET.txt)[/b]
  • Copy and paste that log as a reply to this topic.
Step 4: Question

How is your PC running?

~Machiavelli

If I don't reply within 24 hours please PM me!

  • Every topic with no replies within 5 days will be closed.
  • If you like my help here please give me feedback.

unite_blue.png
 
 


#11 bzncrew

bzncrew
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:06:51 PM

Posted 26 January 2015 - 11:11 AM

Okay, my AV seems to open now.    Not sure what it was, but thank you so much for your help!



#12 Machiavelli

Machiavelli

    Agent 007


  • Malware Response Instructor
  • 4,088 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:08:51 PM

Posted 26 January 2015 - 12:06 PM

Can you please do the steps? We aren't finished. :)

~Machiavelli

If I don't reply within 24 hours please PM me!

  • Every topic with no replies within 5 days will be closed.
  • If you like my help here please give me feedback.

unite_blue.png
 
 


#13 bzncrew

bzncrew
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:06:51 PM

Posted 26 January 2015 - 01:24 PM

Thank you for your help.  However, this virus or whatever it is has me very nervous.  I buy things on line as bank online.  

So to be safe, I backed up my computer and wiped the drive and reloaded the OS.  It's faster now and I know the virus is gone. 

 

Again, thank you for your assistance.  This seemed like the safest way to be certain my PC is clean.



#14 Machiavelli

Machiavelli

    Agent 007


  • Malware Response Instructor
  • 4,088 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:08:51 PM

Posted 26 January 2015 - 01:28 PM

OK, good. ;)

 

Hello,
in my opinion your PC is clean. :) My help is of course completely free of charge but if you would like to donate some money to me that I can buy some beer, then click on the button paypal.gif. I'd really appreciate it, my friend. :)

Exercise common sense

Having security programs installed is very helpful to you, but none of them have the gift of human thought. The best way to make sure you don't get infected is to look before you leap. Be careful of what websites you visit - if a site looks suspicious, trust your instincts and get out of there. Be careful of what attachments you open in emails and files you download from websites - check them over carefully and look at the file extensions to make sure that you know what you're getting. Using peer-to-peer file sharing programs or downloading cracks and keygens is something else to avoid - the files you will be downloading are infected in the vast majority of cases, and the benefits simply aren't worth the risk to your computer.

Keep up on Windows updates

Along with keeping all of the security programs that you choose to use updated, it is also important to keep up on system updates from Microsoft, as these patch critical security vulnerabilities and help to keep you safe. Typically the windows update icon will appear in your taskbar when new updates are available, whenever you see it you should open the menu up and install the updates that are available. Although it may be an annoyance, that little bit of extra time it takes to stay updated is very well worth it instead of getting infected from an exploit and having to clean your PC again.

Slow computer?

If your computer begins to slow down again in the future for no particular reason, your first step should not be to come back to the malware forum. As your computer ages and is used, its parts wear, files and programs accumulate, and its performance speed can decrease. To restore your computer's performance to its best possible level, follow the steps in this guide written by tech expert Artellos.

Keep Safe! :thumbsup:

~Machiavelli

If I don't reply within 24 hours please PM me!

  • Every topic with no replies within 5 days will be closed.
  • If you like my help here please give me feedback.

unite_blue.png
 
 


#15 Machiavelli

Machiavelli

    Agent 007


  • Malware Response Instructor
  • 4,088 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:08:51 PM

Posted 30 January 2015 - 02:37 AM

It appears that this issue is resolved, therefore I am closing the topic. If that is not the case and you need or wish to continue with this topic, please send me or any Moderator a Personal Message (PM) that you would like this topic re-opened.

~Machiavelli

If I don't reply within 24 hours please PM me!

  • Every topic with no replies within 5 days will be closed.
  • If you like my help here please give me feedback.

unite_blue.png
 
 





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users