Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Found ZeroAccess


  • This topic is locked This topic is locked
11 replies to this topic

#1 jxm1092

jxm1092

  • Members
  • 26 posts
  • OFFLINE
  •  
  • Local time:11:37 AM

Posted 07 February 2015 - 11:46 AM

Sorry I thought the FRST and addition logs were already taken care of by the last post. They are both pasted below because I can't figure out how to attach the addition log

 

FRST Log

 

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 07-02-2015
Ran by Josh (administrator) on JOSH-PC on 07-02-2015 11:28:24
Running from C:\Users\Josh\Downloads
Loaded Profiles: Josh & Tiff (Available profiles: Josh & Tiff)
Platform: Microsoft Windows 7 Professional  Service Pack 1 (X86) OS Language: English (United States)
Internet Explorer Version 10 (Default browser: Chrome)
Boot Mode: Normal
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Google Inc.) C:\Program Files\Google\Update\1.3.25.11\GoogleCrashHandler.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
(Microsoft Corporation) C:\Program Files\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe
(Microsoft Corporation) C:\Program Files\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe
(Juniper Networks) C:\Program Files\Juniper Networks\Common Files\dsNcService.exe
(Company) C:\Program Files\Popcorn Time\Updater.exe
(Western Digital Technologies, Inc.) C:\Program Files\Western Digital\WD Drive Manager\WDDriveService.exe
(Microsoft Corp.) C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE
(Western Digital Technologies, Inc.) C:\Program Files\Western Digital\WD SmartWare\WDBackupEngine.exe
(Microsoft Corp.) C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Adobe Systems Incorporated) C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
(Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe
(Creative Technology Ltd.) C:\Windows\OEM02Mon.exe
(Oracle Corporation) C:\Program Files\Common Files\Java\Java Update\jusched.exe
(Western Digital Technologies, Inc.) C:\Program Files\Western Digital\WD Quick View\WDDMStatus.exe
(Google Inc.) C:\Users\Josh\AppData\Local\Google\Update\GoogleUpdate.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe
(Creative Technology Ltd.) C:\Windows\OEM02Mon.exe
(Oracle Corporation) C:\Program Files\Common Files\Java\Java Update\jusched.exe
(Western Digital Technologies, Inc.) C:\Program Files\Western Digital\WD Quick View\WDDMStatus.exe
(Google Inc.) C:\Users\Tiff\AppData\Local\Google\Update\GoogleUpdate.exe
(Google Inc.) C:\Users\Tiff\AppData\Local\Programs\Google\MusicManager\MusicManager.exe
(Dropbox, Inc.) C:\Users\Tiff\AppData\Roaming\Dropbox\bin\Dropbox.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\System32\LogonUI.exe
(Microsoft Corporation) C:\Windows\System32\wuauclt.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
 
 
==================== Registry (Whitelisted) ==================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [APSDaemon] => C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-04-21] (Apple Inc.)
HKLM\...\Run: [Adobe ARM] => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-05-10] (Adobe Systems Incorporated)
HKLM\...\Run: [QuickTime Task] => C:\Program Files\QuickTime\QTTask.exe [421888 2013-05-01] (Apple Inc.)
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [152392 2013-11-02] (Apple Inc.)
HKLM\...\Run: [OEM02Mon.exe] => C:\Windows\OEM02Mon.exe [36864 2007-05-09] (Creative Technology Ltd.)
HKLM\...\Run: [Aimersoft Helper Compact.exe] => C:\Program Files\Common Files\Aimersoft\Aimersoft Helper Compact\ASHelper.exe [1667072 2012-02-28] 
 
(AimerSoft)
HKLM\...\Run: [SunJavaUpdateSched] => C:\Program Files\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)
HKLM\...\Run: [WD Quick View] => C:\Program Files\Western Digital\WD Quick View\WDDMStatus.exe [5545328 2014-02-28] (Western Digital Technologies, 
 
Inc.)
HKLM\...\Run: [Onboard] => C:\Program Files\Western Digital\WD SmartWare\WDSmartWare.exe [3192176 2014-02-28] (Western Digital Technologies, Inc.)
HKU\S-1-5-21-562459901-1482382580-3887097223-1000\...\Run: [uTorrent] => C:\Users\Josh\AppData\Roaming\uTorrent\uTorrent.exe [1377872 2015-01-22] 
 
(BitTorrent Inc.)
HKU\S-1-5-21-562459901-1482382580-3887097223-1000\...\Run: [Google Update] => C:\Users\Josh\AppData\Local\Google\Update\GoogleUpdate.exe [107912 
 
2014-10-26] (Google Inc.)
HKU\S-1-5-21-562459901-1482382580-3887097223-1000\...\Run: [GoogleDriveSync] => C:\Program Files\Google\Drive\googledrivesync.exe [23308616 2014-12-
 
22] (Google)
HKU\S-1-5-21-562459901-1482382580-3887097223-1000\...\Policies\Explorer: [HideSCAHealth] 1
HKU\S-1-5-21-562459901-1482382580-3887097223-1004\...\Run: [Google Update] => C:\Users\Tiff\AppData\Local\Google\Update\GoogleUpdate.exe [116648 
 
2014-02-13] (Google Inc.)
HKU\S-1-5-21-562459901-1482382580-3887097223-1004\...\Run: [MusicManager] => C:\Users\Tiff\AppData\Local\Programs\Google\MusicManager
 
\MusicManager.exe [7631872 2014-04-23] (Google Inc.)
Startup: C:\Users\Josh\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk -> C:\Users\Josh\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
Startup: C:\Users\Tiff\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk -> C:\Users\Josh\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
Startup: C:\Users\Tiff\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 Screen Clipper and Launcher.lnk
ShortcutTarget: OneNote 2007 Screen Clipper and Launcher.lnk -> C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE (Microsoft Corporation)
ShellIconOverlayIdentifiers: [AutoCAD Digital Signatures Icon Overlay Handler] -> {36A21736-36C2-4C11-8ACB-D4136F2B57BD} => C:\Windows
 
\system32\AcSignIcon.dll (Autodesk, Inc.)
ShellIconOverlayIdentifiers: [GDriveBlacklistedOverlay] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42} => C:\Program Files\Google\Drive
 
\googledrivesync32.dll (Google)
ShellIconOverlayIdentifiers: [GDriveSharedEditOverlay] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44} => C:\Program Files\Google\Drive
 
\googledrivesync32.dll (Google)
ShellIconOverlayIdentifiers: [GDriveSharedViewOverlay] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D43} => C:\Program Files\Google\Drive
 
\googledrivesync32.dll (Google)
ShellIconOverlayIdentifiers: [GDriveSyncedOverlay] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40} => C:\Program Files\Google\Drive\googledrivesync32.dll 
 
(Google)
ShellIconOverlayIdentifiers: [GDriveSyncingOverlay] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41} => C:\Program Files\Google\Drive\googledrivesync32.dll 
 
(Google)
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
HKU\S-1-5-21-562459901-1482382580-3887097223-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
HKU\S-1-5-21-562459901-1482382580-3887097223-1000\Software\Microsoft\Internet Explorer\Main,Start Page Restore = http://www.yahoo.com/
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-21-562459901-1482382580-3887097223-1004 -> DefaultScope {0B4A10D1-FBD6-451d-BFDA-F03252B05984} URL = 
BHO: HP Print Enhancer -> {0347C33E-8762-4905-BF09-768834316C61} -> C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll 
 
(Hewlett-Packard Co.)
BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll 
 
(Microsoft Corporation)
BHO: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live
 
\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Windows Live Messenger Companion Helper -> {9FDDE16B-836F-4806-AB1F-1455CBEFF289} -> C:\Program Files\Windows Live\Companion\companioncore.dll 
 
(Microsoft Corporation)
BHO: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files\Skype\Toolbars\Internet Explorer
 
\SkypeIEPlugin.dll (Microsoft Corporation)
BHO: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO: HP Smart BHO Class -> {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} -> C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll (Hewlett-
 
Packard Co.)
DPF: {0E8D0700-75DF-11D3-8B4A-0008C7450C4A} http://aic.lgservice.com/DjvuViewer/DjVuControl-6.1.4.cab
DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab
DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} 
DPF: {F27237D7-93C8-44C2-AC6E-D6057B9A918F} https://juniper.net/dana-cached/sc/JuniperSetupClient.cab
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft 
 
Corporation)
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Handler: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Microsoft 
 
Corporation)
ShellExecuteHooks:  - {AEB6717E-7E19-11d0-97EE-00C04FD91972} -  No File [ ]
Winsock: Catalog5 10 C:\Program Files\Bonjour\mdnsNSP.dll [121704] (Apple Inc.)
Hosts: Hosts file not detected in the default directory
Tcpip\Parameters: [DhcpNameServer] 192.168.2.1
 
FireFox:
========
FF ProfilePath: C:\Users\Josh\AppData\Roaming\Mozilla\Firefox\Profiles\ds7b9x07.default
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF32_16_0_0_305.dll ()
FF Plugin: @Apple.com/iTunes,version=1.0 -> C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin: @Google.com/GoogleEarthPlugin -> C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin: @google.com/npPicasa3,version=3.0.0 -> C:\Program Files\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF Plugin: @java.com/DTPlugin,version=10.51.2 -> C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.51.2 -> C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin: @microsoft.com/WLPG,version=15.4.3508.1109 -> C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-562459901-1482382580-3887097223-1000: @talk.google.com/GoogleTalkPlugin -> C:\Users\Josh\AppData\Roaming\Mozilla\plugins
 
\npgoogletalk.dll (Google)
FF Plugin HKU\S-1-5-21-562459901-1482382580-3887097223-1000: @talk.google.com/O1DPlugin -> C:\Users\Josh\AppData\Roaming\Mozilla\plugins\npo1d.dll 
 
(Google)
FF Plugin HKU\S-1-5-21-562459901-1482382580-3887097223-1000: @tools.google.com/Google Update;version=3 -> C:\Users\Josh\AppData\Local\Google\Update
 
\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKU\S-1-5-21-562459901-1482382580-3887097223-1000: @tools.google.com/Google Update;version=9 -> C:\Users\Josh\AppData\Local\Google\Update
 
\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKU\S-1-5-21-562459901-1482382580-3887097223-1000: CouponNetwork.com/CMDUniversalCouponPrintActivator -> C:\Users\Josh\AppData\Roaming
 
\CATALI~1\NPBCSK~1.DLL (Catalina Marketing Corporation)
FF Plugin HKU\S-1-5-21-562459901-1482382580-3887097223-1004: @tools.google.com/Google Update;version=3 -> C:\Users\Tiff\AppData\Local\Google\Update
 
\1.3.24.7\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKU\S-1-5-21-562459901-1482382580-3887097223-1004: @tools.google.com/Google Update;version=9 -> C:\Users\Tiff\AppData\Local\Google\Update
 
\1.3.24.7\npGoogleUpdate3.dll (Google Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\np-mswmp.dll (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\NPOFF12.DLL (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin2.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin3.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin4.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin5.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Users\Josh\AppData\Roaming\mozilla\plugins\npgoogletalk.dll (Google)
FF Plugin ProgramFiles/Appdata: C:\Users\Josh\AppData\Roaming\mozilla\plugins\npo1d.dll (Google)
FF SearchPlugin: C:\Users\Josh\AppData\Roaming\Mozilla\Firefox\Profiles\ds7b9x07.default\searchplugins\aim-search.xml
FF Extension: 50Ceouponss - C:\Users\Josh\AppData\Roaming\Mozilla\Firefox\Profiles\ds7b9x07.default\Extensions\6@v.co.uk [2015-01-14]
FF Extension: boomcheap - C:\Users\Josh\AppData\Roaming\Mozilla\Firefox\Profiles\ds7b9x07.default\Extensions\9FWgpYbIf@q.edu [2015-01-14]
FF Extension: BiiTSaever - C:\Users\Josh\AppData\Roaming\Mozilla\Firefox\Profiles\ds7b9x07.default\Extensions\Wtb@w9XfgReC.net [2015-01-14]
FF Extension: Skype Click to Call - C:\Program Files\Mozilla Firefox\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}.xpi [2014-07-14]
FF HKLM\...\Firefox\Extensions: [smartwebprinting@hp.com] - C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
FF Extension: HP Smart Web Printing - C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2010-01-03]
FF HKU\S-1-5-21-562459901-1482382580-3887097223-1000\...\Firefox\Extensions: [smartwebprinting@hp.com] - C:\Program Files\HP\Digital Imaging\Smart 
 
Web Printing\MozillaAddOn3
 
Chrome: 
=======
CHR dev: Chrome dev build detected! <======= ATTENTION
CHR Profile: C:\Users\Josh\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Slides) - C:\Users\Josh\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-01-31]
CHR Extension: (Google Docs) - C:\Users\Josh\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-01-31]
CHR Extension: (Google Drive) - C:\Users\Josh\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-01-15]
CHR Extension: (YouTube) - C:\Users\Josh\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-01-31]
CHR Extension: (Google Search) - C:\Users\Josh\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-01-31]
CHR Extension: (Google Sheets) - C:\Users\Josh\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-01-31]
CHR Extension: (Skype Click to Call) - C:\Users\Josh\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl [2015
 
-01-31]
CHR Extension: (Application Launcher for Drive (by Google)) - C:\Users\Josh\AppData\Local\Google\Chrome\User Data\Default\Extensions
 
\lmjegmlicamnimmfhcmpkclmigmmcbeh [2015-01-15]
CHR Extension: (Gmail) - C:\Users\Josh\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-01-31]
CHR HKLM\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files\Skype\Toolbars\ChromeExtension\skype_chrome_extension.crx [2014
 
-07-14]
CHR HKU\S-1-5-21-562459901-1482382580-3887097223-1000\...\Chrome\Extension: [apdfllckaahabafndbhieahigkjlhalf] - C:\Users\Josh\AppData\Local\Google
 
\Drive\user_default\apdfllckaahabafndbhieahigkjlhalf_live.crx [2015-01-14]
CHR HKU\S-1-5-21-562459901-1482382580-3887097223-1000\...\Chrome\Extension: [lmjegmlicamnimmfhcmpkclmigmmcbeh] - No Path
 
========================== Services (Whitelisted) =================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 c2cautoupdatesvc; C:\Program Files\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [1390176 2014-07-14] (Microsoft Corporation)
R2 c2cpnrsvc; C:\Program Files\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [1767520 2014-07-14] (Microsoft Corporation)
R2 dsNcService; C:\Program Files\Juniper Networks\Common Files\dsNcService.exe [688232 2013-12-18] (Juniper Networks)
S3 FLEXnet Licensing Service; C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe [1044816 2013-08-28] 
 
(Flexera Software, Inc.)
R3 hpqcxs08; C:\Program Files\HP\Digital Imaging\bin\hpqcxs08.dll [249344 2009-09-20] (Hewlett-Packard Co.) [File not signed]
R2 hpqddsvc; C:\Program Files\HP\Digital Imaging\bin\hpqddsvc.dll [133120 2009-09-20] (Hewlett-Packard Co.) [File not signed]
R2 HPSLPSVC; C:\Program Files\HP\Digital Imaging\bin\HPSLPSVC32.DLL [694784 2009-09-20] (Hewlett-Packard Co.) [File not signed]
S4 msvsmon80; C:\Program Files\Microsoft Visual Studio 8\Common7\IDE\Remote Debugger\x86\msvsmon.exe [2799808 2005-09-23] (Microsoft Corporation)
S2 Net Driver HPZ12; C:\Windows\system32\HPZinw12.dll [44544 2008-12-03] (Hewlett-Packard) [File not signed]
S2 Pml Driver HPZ12; C:\Windows\system32\HPZipm12.dll [53760 2008-12-03] (Hewlett-Packard) [File not signed]
R2 Update service; C:\Program Files\Popcorn Time\Updater.exe [179200 2014-09-21] (Company) [File not signed]
R2 WDBackup; C:\Program Files\Western Digital\WD SmartWare\WDBackupEngine.exe [1042808 2014-02-28] (Western Digital Technologies, Inc.)
R2 WDDriveService; C:\Program Files\Western Digital\WD Drive Manager\WDDriveService.exe [271728 2014-02-28] (Western Digital Technologies, Inc.)
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [680960 2013-05-26] (Microsoft Corporation)
S2 22c5205d; "C:\Windows\system32\rundll32.exe" "c:\Program Files\VideoCnv\Zet.dll",serv
 
==================== Drivers (Whitelisted) ====================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
S3 AlteraUSBBlaster; C:\Windows\System32\drivers\usbblstr.sys [58960 2009-08-19] (FTDI Ltd.)
R1 c2scsi; C:\Windows\System32\DRIVERS\c2scsi.sys [251248 2009-07-24] (Sonic Solutions)
S3 CVirtA; C:\Windows\System32\DRIVERS\CVirtA.sys [5275 2007-01-18] (Cisco Systems, Inc.)
R3 dsNcAdpt; C:\Windows\System32\DRIVERS\dsNcAdpt.sys [27648 2013-12-18] (Juniper Networks)
S3 FTDIBUS; C:\Windows\System32\drivers\ftdibus.sys [62216 2012-04-13] (FTDI Ltd.)
R3 jumi; C:\Windows\System32\DRIVERS\jumi.sys [13112 2010-06-03] (Windows ® Win 7 DDK provider)
S3 mbamchameleon; C:\Windows\system32\drivers\mbamchameleon.sys [82648 2015-01-31] (Malwarebytes Corporation)
R2 Sentinel; C:\Windows\System32\Drivers\SENTINEL.SYS [76288 2009-10-21] (Rainbow Technologies, Inc.) [File not signed]
S3 Sntnlusb; C:\Windows\System32\DRIVERS\SNTNLUSB.SYS [26120 2009-10-21] (Rainbow Technologies Inc.)
R3 WsAudio_Device(1); C:\Windows\System32\drivers\VirtualAudio1.sys [27496 2013-01-25] (Wondershare)
R3 WsAudio_Device(2); C:\Windows\System32\drivers\VirtualAudio2.sys [27496 2013-01-25] (Wondershare)
R3 WsAudio_Device(3); C:\Windows\System32\drivers\VirtualAudio3.sys [27496 2013-01-25] (Wondershare)
R3 WsAudio_Device(4); C:\Windows\System32\drivers\VirtualAudio4.sys [27496 2013-01-25] (Wondershare)
R3 WsAudio_Device(5); C:\Windows\System32\drivers\VirtualAudio5.sys [27496 2013-01-25] (Wondershare)
S3 EverestDriver; \??\C:\Program Files\Lavalys\EVEREST Home Edition\kerneld.wnt [X]
S3 VBoxNetFlt; system32\DRIVERS\VBoxNetFlt.sys [X]
S3 vpnva; system32\DRIVERS\vpnva.sys [X]
 
==================== NetSvcs (Whitelisted) ===================
 
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
 
 
==================== One Month Created Files and Folders ========
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2015-02-07 11:27 - 2015-02-07 11:27 - 00000000 ____D () C:\Users\Josh\Downloads\FRST-OlderVersion
2015-02-03 13:29 - 2015-02-03 13:33 - 00000000 ____D () C:\Users\Tiff\AppData\Roaming\vlc
2015-02-03 13:29 - 2015-02-03 13:29 - 00000000 ____D () C:\Users\Tiff\AppData\Roaming\dvdcss
2015-01-31 17:18 - 2015-01-31 17:19 - 00852573 _____ () C:\Users\Josh\Downloads\SecurityCheck.exe
2015-01-31 16:00 - 2015-01-31 17:13 - 00000000 ____D () C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2015-01-31 16:00 - 2015-01-31 17:06 - 00000000 ____D () C:\Users\Josh\Desktop\mbar
2015-01-31 15:59 - 2015-01-31 15:59 - 16466552 _____ (Malwarebytes Corp.) C:\Users\Josh\Downloads\mbar-1.08.3.1004.exe
2015-01-31 15:41 - 2015-01-31 15:41 - 00290304 _____ (Microsoft Corporation) C:\Windows\system32\subinacl.exe
2015-01-31 15:41 - 2015-01-31 15:41 - 00000000 ____D () C:\Program Files\Adware-Removal-Tool
2015-01-31 15:40 - 2015-01-31 15:40 - 00753184 _____ () C:\Users\Josh\Downloads\Adware-Removal-Tool-v3.9.1.exe
2015-01-31 15:32 - 2015-01-31 15:33 - 02194432 _____ () C:\Users\Josh\Downloads\adwcleaner_4.109.exe
2015-01-31 15:32 - 2015-01-31 15:32 - 00001735 _____ () C:\Users\Josh\Desktop\JRT.txt
2015-01-31 15:30 - 2015-01-31 17:19 - 00000000 ____D () C:\Users\Josh\Desktop\computer results
2015-01-31 15:26 - 2015-01-31 15:26 - 01707939 _____ (Thisisu) C:\Users\Josh\Downloads\JRT (1).exe
2015-01-31 15:23 - 2015-01-31 15:23 - 00401920 _____ (Farbar) C:\Users\Josh\Downloads\MiniToolBox (1).exe
2015-01-30 20:20 - 2015-01-30 20:20 - 00000000 ____D () C:\Users\Josh\Desktop\Intuit QuickBooks Premier Accountant Edition 2014 + Patch
2015-01-30 20:08 - 2015-01-30 20:17 - 00000000 ____D () C:\Users\Josh\Downloads\Intuit QuickBooks Premier Accountant Edition 2014 + Patch
2015-01-30 20:08 - 2015-01-30 20:08 - 00078208 _____ () C:\Users\Josh\Downloads\Intuit_QuickBooks_Premier_Accountant_Edition_2014_+_Patch.torrent
2015-01-30 19:57 - 2015-01-30 19:58 - 00371478 ____R () C:\Users\Josh\Downloads\Intuit_QuickBooks_Activator_V0.6_Build_70_TEST_-_BEAST.rar
2015-01-30 19:57 - 2015-01-30 19:57 - 00000926 _____ () C:\Users\Josh\Downloads\Intuit_QuickBooks_Activator_V0_6_Build_70_TEST_-_BEAST_rar.torrent
2015-01-30 19:54 - 2015-01-30 19:54 - 00591792 _____ () C:\Users\Josh\Downloads\Quickbooks_(2013)_Activator_v0_13.exe
2015-01-30 19:18 - 2015-01-30 19:18 - 00000000 ____D () C:\Users\Josh\Desktop\QB2013_Activator v0.14
2015-01-30 19:18 - 2015-01-30 19:18 - 00000000 ____D () C:\Users\Josh\Desktop\Intuit Quickbooks Pro 2013
2015-01-22 22:29 - 2015-01-22 22:29 - 00058847 _____ () C:\Users\Josh\Downloads\Addition.txt
2015-01-22 22:27 - 2015-02-07 11:30 - 00022728 _____ () C:\Users\Josh\Downloads\FRST.txt
2015-01-22 22:26 - 2015-02-07 11:28 - 00000000 ____D () C:\FRST
2015-01-22 22:23 - 2015-02-07 11:27 - 01124352 _____ (Farbar) C:\Users\Josh\Downloads\FRST.exe
2015-01-22 22:04 - 2015-01-22 22:04 - 00012872 _____ (SurfRight B.V.) C:\Windows\system32\bootdelete.exe
2015-01-22 21:47 - 2015-01-22 22:07 - 00000000 ____D () C:\ProgramData\HitmanPro
2015-01-22 21:41 - 2015-01-31 16:14 - 467159049 _____ () C:\Windows\MEMORY.DMP
2015-01-22 21:30 - 2015-01-22 21:37 - 10285456 _____ (SurfRight B.V.) C:\Users\Josh\Downloads\HitmanPro.exe
2015-01-22 21:12 - 2015-01-22 21:13 - 02186752 _____ () C:\Users\Josh\Downloads\adwcleaner_4.108.exe
2015-01-14 22:03 - 2015-01-14 22:03 - 00166760 _____ () C:\Windows\Minidump\011415-30186-01.dmp
2015-01-14 21:46 - 2015-01-31 17:13 - 00000000 ___RD () C:\Users\Josh\Google Drive
2015-01-14 21:46 - 2015-01-14 21:46 - 00001685 _____ () C:\Users\Josh\Desktop\Google Drive.lnk
2015-01-14 21:38 - 2015-01-14 21:38 - 00001962 _____ () C:\Users\Public\Desktop\Google Slides.lnk
2015-01-14 21:38 - 2015-01-14 21:38 - 00001960 _____ () C:\Users\Public\Desktop\Google Sheets.lnk
2015-01-14 21:38 - 2015-01-14 21:38 - 00001950 _____ () C:\Users\Public\Desktop\Google Docs.lnk
2015-01-14 21:38 - 2015-01-14 21:38 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Drive
2015-01-14 19:11 - 2015-01-14 19:11 - 00166760 _____ () C:\Windows\Minidump\011415-23509-01.dmp
2015-01-13 18:36 - 2015-01-13 18:36 - 00000000 ____D () C:\ProgramData\takeitcheap
2015-01-13 18:16 - 2015-01-13 18:16 - 00000000 ____D () C:\Users\Tiff\AppData\Local\CrashDumps
 
==================== One Month Modified Files and Folders =======
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2015-02-07 11:25 - 2011-11-05 20:35 - 00000886 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-02-07 11:25 - 2009-11-17 15:10 - 02037913 _____ () C:\Windows\WindowsUpdate.log
2015-02-07 11:20 - 2011-04-07 19:40 - 00000904 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-562459901-1482382580-3887097223-1000UA.job
2015-02-07 10:59 - 2013-12-27 21:08 - 00000000 ___RD () C:\Users\Tiff\Dropbox
2015-02-07 10:44 - 2009-07-13 23:34 - 00013808 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-
 
601632D005A0
2015-02-07 10:44 - 2009-07-13 23:34 - 00013808 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-
 
601632D005A0
2015-02-07 10:41 - 2014-02-13 21:49 - 00000904 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-562459901-1482382580-3887097223-1004UA.job
2015-02-07 10:40 - 2012-11-11 20:11 - 00701616 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe
2015-02-07 10:40 - 2012-11-11 20:11 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-02-07 10:40 - 2011-05-25 08:34 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl
2015-02-07 10:39 - 2014-02-13 21:49 - 00000852 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-562459901-1482382580-3887097223-1004Core.job
2015-02-07 10:39 - 2011-04-07 19:40 - 00000852 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-562459901-1482382580-3887097223-1000Core.job
2015-02-05 19:50 - 2014-11-22 21:17 - 00000000 ____D () C:\Users\Josh\AppData\Roaming\XBMC
2015-02-03 13:28 - 2013-12-27 21:06 - 00000000 ____D () C:\Users\Tiff\AppData\Roaming\Dropbox
2015-02-03 13:25 - 2011-11-05 20:35 - 00000882 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-02-03 13:25 - 2009-07-13 21:37 - 00000000 ____D () C:\Windows\system32\NDF
2015-02-03 13:23 - 2013-11-03 20:55 - 00000000 ____D () C:\Users\Tiff\AppData\Local\Google
2015-01-31 17:14 - 2013-11-24 21:01 - 00000000 ___RD () C:\Users\Josh\Dropbox
2015-01-31 17:14 - 2013-11-24 20:59 - 00000000 ____D () C:\Users\Josh\AppData\Roaming\Dropbox
2015-01-31 17:14 - 2010-09-28 08:31 - 00000000 ____D () C:\Users\Josh\AppData\Roaming\uTorrent
2015-01-31 17:13 - 2014-03-26 20:40 - 00008192 _____ () C:\Windows\system32\WDPABKP.dat
2015-01-31 17:11 - 2014-03-23 00:00 - 00012502 _____ () C:\Windows\setupact.log
2015-01-31 17:11 - 2009-07-13 23:53 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-01-31 16:18 - 2014-06-25 14:52 - 00119512 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-01-31 16:14 - 2010-03-01 16:07 - 00000000 ____D () C:\Windows\Minidump
2015-01-31 16:00 - 2014-06-25 14:52 - 00082648 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2015-01-31 15:57 - 2009-07-13 23:52 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games
2015-01-31 15:41 - 2012-08-19 14:18 - 00177088 _____ () C:\Windows\system32\GDIPFONTCACHEV1.DAT
2015-01-31 15:37 - 2014-03-23 09:48 - 00012788 _____ () C:\Windows\PFRO.log
2015-01-31 15:36 - 2014-03-23 09:54 - 00000000 ____D () C:\AdwCleaner
2015-01-31 15:26 - 2012-09-12 20:19 - 00059428 _____ () C:\Users\Josh\Downloads\Result.txt
2015-01-30 19:38 - 2010-10-29 22:36 - 00000000 ____D () C:\ProgramData\Roxio
2015-01-15 20:37 - 2014-03-30 09:00 - 00000000 ____D () C:\Users\Josh\AppData\Local\CrashDumps
2015-01-14 21:46 - 2009-11-17 20:35 - 00000000 ___HD () C:\Users\Josh
2015-01-14 21:38 - 2011-09-05 17:10 - 00000000 ____D () C:\Program Files\Google
2015-01-14 21:38 - 2011-04-07 19:40 - 00000000 ___HD () C:\Users\Josh\AppData\Local\Google
2015-01-14 21:34 - 2009-11-17 16:24 - 00782510 _____ () C:\Windows\system32\PerfStringBackup.INI
2015-01-14 19:59 - 2009-07-14 02:50 - 00000000 ____D () C:\Windows\CSC
2015-01-14 17:57 - 2014-06-25 14:52 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2015-01-14 17:57 - 2014-06-25 14:52 - 00000000 ____D () C:\Program Files\Malwarebytes Anti-Malware
2015-01-14 17:57 - 2013-11-07 13:30 - 00001022 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2015-01-14 17:55 - 2013-12-27 21:08 - 00001017 _____ () C:\Users\Tiff\Desktop\Dropbox.lnk
2015-01-14 17:55 - 2013-12-27 21:07 - 00000000 ____D () C:\Users\Tiff\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
 
==================== Files in the root of some directories =======
 
2011-07-05 21:23 - 2011-07-05 21:24 - 4182178 _____ (The Public) C:\Users\Josh\AppData\Roaming\Avisynth.exe
2011-07-05 21:26 - 2011-07-05 21:28 - 5243208 _____ (                                                            ) C:\Users\Josh\AppData\Roaming
 
\AvsP.exe
2011-07-05 21:25 - 2011-07-05 21:26 - 4284535 _____ (ffdshow                                                     ) C:\Users\Josh\AppData\Roaming
 
\ffdshow.exe
2011-07-05 21:24 - 2011-07-05 21:25 - 5514668 _____ (LIGHTNING UK!) C:\Users\Josh\AppData\Roaming\Imgburn.exe
2011-07-05 21:28 - 2011-07-05 21:31 - 7760687 _____ (Boraxsoft) C:\Users\Josh\AppData\Roaming\SetupGFD.exe
2011-07-05 21:25 - 2011-07-05 21:25 - 0642685 _____ (Xvid team                                                   ) C:\Users\Josh\AppData\Roaming
 
\xvid.exe
2011-05-25 08:33 - 2011-05-25 09:00 - 0010872 ___SH () C:\Users\Josh\AppData\Local\15356tu05oq8gyvi734qjr0nd853831h8hnu8u
2013-12-09 09:18 - 2013-12-09 09:18 - 0893239 _____ () C:\Users\Josh\AppData\Local\a.zip
2013-12-09 09:18 - 2013-12-09 09:18 - 2162416 _____ (Catalina Marketing Corp) C:\Users\Josh\AppData\Local\BcsKtYcHW.dll
2012-08-19 14:35 - 2013-12-30 10:21 - 0007605 _____ () C:\Users\Josh\AppData\Local\Resmon.ResmonCfg
2011-09-03 12:20 - 2013-12-07 22:09 - 0004216 ____H () C:\Users\Josh\AppData\Local\rx_audio.Cache
2011-01-16 21:54 - 2013-12-07 22:09 - 0000144 ____H () C:\Users\Josh\AppData\Local\rx_image32.Cache
2011-05-25 08:33 - 2011-05-25 09:00 - 0010872 ___SH () C:\ProgramData\15356tu05oq8gyvi734qjr0nd853831h8hnu8u
2011-10-26 11:57 - 2011-10-26 11:57 - 8673792 _____ () C:\ProgramData\atscie.msi
2010-09-25 18:33 - 2010-09-25 18:33 - 0000056 ____H () C:\ProgramData\ezsidmv.dat
2010-01-03 20:41 - 2010-01-03 20:46 - 0000819 _____ () C:\ProgramData\hpzinstall.log
 
Some content of TEMP:
====================
C:\Users\Josh\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmp1fz2pg.dll
C:\Users\Tiff\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpjg9aq8.dll
 
 
==================== Bamital & volsnap Check =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed
 
 
LastRegBack: 2015-01-31 09:40
 

 

==================== End Of Log ============================
 
 
 
 
 
 
Addition Log
 
Additional scan result of Farbar Recovery Scan Tool (x86) Version: 07-02-2015
Ran by Josh at 2015-02-07 11:31:18
Running from C:\Users\Josh\Downloads
Boot Mode: Normal
==========================================================
 
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 
==================== Installed Programs ======================
 
(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
µTorrent (HKU\S-1-5-21-562459901-1482382580-3887097223-1000\...\uTorrent) (Version: 3.4.2.37754 - BitTorrent Inc.)
32 Bit HP CIO Components Installer (Version: 6.1.1 - Hewlett-Packard) Hidden
Adobe AIR (HKLM\...\Adobe AIR) (Version: 2.6.0.19120 - Adobe Systems Incorporated)
Adobe Flash Player 16 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 16.0.0.305 - Adobe Systems Incorporated)
Adobe Flash Player 16 NPAPI (HKLM\...\Adobe Flash Player NPAPI) (Version: 16.0.0.305 - Adobe Systems Incorporated)
Adobe Reader X (10.1.8) (HKLM\...\{AC76BA86-7AD7-1033-7B44-AA1000000001}) (Version: 10.1.8 - Adobe Systems Incorporated)
Aimersoft DRM Media Converter(Build 1.5.5.0) (HKLM\...\Aimersoft DRM Media Converter_is1) (Version:  - Aimersoft Software)
Apple Application Support (HKLM\...\{46F044A5-CE8B-4196-984E-5BD6525E361D}) (Version: 2.3.6 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{0592EF96-69D8-4E4B-9CC9-88F58EA86F01}) (Version: 7.0.0.117 - Apple Inc.)
Apple Software Update (HKLM\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
Audacity 1.2.6 (HKLM\...\Audacity_is1) (Version:  - )
AutoCAD 2010 VBA Enabler (HKLM\...\{918EC17B-AC18-42E8-8312-5C37D81831A4}) (Version: 1.0.0.0 - Autodesk)
AutoCAD Mechanical 2010 (HKLM\...\AutoCAD Mechanical 2010) (Version: 14.0.48.300 - Autodesk)
AutoCAD Mechanical 2010 (Version: 14.0.48.300 - Autodesk) Hidden
AutoCAD Mechanical 2010 Language Pack - English (Version: 14.0.48.300 - Autodesk) Hidden
Autodesk Design Review 2010 (HKLM\...\Autodesk Design Review 2010) (Version: 10.0.0.108 - Autodesk, Inc.)
Autodesk Design Review 2010 (Version: 10.0.0.108 - Autodesk, Inc.) Hidden
Autodesk Inventor View 2010 (HKLM\...\Autodesk Inventor View 2010) (Version: 5.0.0 - Autodesk, Inc.)
Autodesk Inventor View 2010 (Version: 5.0.0 - Autodesk, Inc.) Hidden
Autodesk Inventor View 2010 English Language Pack (Version: 5.0.0 - Autodesk, Inc.) Hidden
Autodesk Vault 2010 (Client) (HKLM\...\Autodesk Vault 2010 (Client)) (Version: 14.0.63.0 - Autodesk, Inc.)
Autodesk Vault 2010 (Client) (Version: 14.0.63.0 - Autodesk, Inc.) Hidden
Autodesk Vault 2010 (Client) English Language Pack (Version: 14.0.63.0 - Autodesk, Inc.) Hidden
AutoQuoterX (HKLM\...\InstallShield_{8ADC4A0F-3407-4052-8CAD-5FFB9A46EE79}) (Version: 1.11.14.15 - 80/20 Inc.)
AutoQuoterX (Version: 1.11.14.15 - 80/20 Inc.) Hidden
AVIC FEEDS (HKLM\...\{1D8BBD52-90D4-4B20-8C4C-2160C21A07DE}) (Version: 2.01.0100 - )
AviSynth 2.5 (HKLM\...\AviSynth) (Version:  - )
AvsP (HKLM\...\AvsP_is1) (Version:  - )
Bonjour (HKLM\...\{79155F2B-9895-49D7-8612-D92580E0DE5B}) (Version: 3.0.0.10 - Apple Inc.)
BufferChm (Version: 130.0.331.000 - Hewlett-Packard) Hidden
C6300 (Version: 130.0.365.000 - Hewlett-Packard) Hidden
CASIO USB Driver V1.2.2474.0623 (HKLM\...\{08DEC21F-F7E5-46F9-81D1-3ED30BD3AEC9}) (Version: 1.2.2474.0623 - CASIO)
CCleaner (HKLM\...\CCleaner) (Version: 4.07 - Piriform)
Cisco Unified Presenter Add-in 6x5 (HKU\S-1-5-21-562459901-1482382580-3887097223-1000\...\Cisco Unified Presenter Add-in 6x5) (Version:  - )
D3DX10 (Version: 15.4.2368.0902 - Microsoft) Hidden
Destinations (Version: 130.0.0.0 - Hewlett-Packard) Hidden
DeviceDiscovery (Version: 130.0.465.000 - Hewlett-Packard) Hidden
DirectX 9 Runtime (Version: 1.00.0000 - Sonic Solutions) Hidden
DocProc (Version: 13.0.0.0 - Hewlett-Packard) Hidden
Dropbox (HKU\S-1-5-21-562459901-1482382580-3887097223-1000\...\Dropbox) (Version: 3.0.3 - Dropbox, Inc.)
Dropbox (HKU\S-1-5-21-562459901-1482382580-3887097223-1004\...\Dropbox) (Version: 3.0.5 - Dropbox, Inc.)
DVD slideshow GUI 0.9.4.1 (HKLM\...\BE37E547-62DF-43C8-AE6A-D03E82BC67A2_is1) (Version: DVD slideshow GUI 0.9.4.1 - Tin2tin)
DVDFab 8.1.3.8 (09/12/2011) Qt (HKLM\...\DVDFab 8 Qt_is1) (Version:  - Fengtao Software Inc.)
DWG TrueView 2010 (HKLM\...\DWG TrueView 2010) (Version: 18.0.55.0 - Autodesk)
DWG TrueView 2010 (Version: 18.0.55.0 - Autodesk) Hidden
EaseUS Data Recovery Wizard 5.6.1 (HKLM\...\EaseUS Data Recovery Wizard 5.6.1_is1) (Version:  - EaseUS)
EZ Fonts (HKLM\...\{02F5BEE7-0AB6-4E42-9BF8-2588AAECC7F2}) (Version: 1.0.0 - EZ Fonts)
GIMP 2.6.11 (HKLM\...\WinGimp-2.0_is1) (Version: 2.6.11 - The GIMP Team)
Google Chrome (HKLM\...\Google Chrome) (Version: 38.0.2125.111 - Google Inc.)
Google Drive (HKLM\...\{240D2B48-E06E-446F-A806-01CF36882EB7}) (Version: 1.19.8268.4572 - Google, Inc.)
Google Earth (HKLM\...\{4D2A6330-2F8B-11E3-9C40-B8AC6F97B88E}) (Version: 7.1.2.2041 - Google)
Google Talk Plugin (HKLM\...\{0C5C1177-94C5-3EFB-A8BE-3F6AF1AF887F}) (Version: 5.38.6.0 - Google)
Google Update Helper (Version: 1.3.25.11 - Google Inc.) Hidden
GPBaseService2 (Version: 130.0.371.000 - Hewlett-Packard) Hidden
Guitar Pro 5.2 (HKLM\...\Guitar Pro 5_is1) (Version:  - Arobas Music)
Helium (HKLM\...\{9A781940-AC41-4D5E-8E1E-76A04B916FB9}) (Version: 1.0.0 - ClockworkMod)
HP Customer Participation Program 13.0 (HKLM\...\HPExtendedCapabilities) (Version: 13.0 - HP)
HP Imaging Device Functions 13.0 (HKLM\...\HP Imaging Device Functions) (Version: 13.0 - HP)
HP Photosmart C6300 All-In-One Driver Software 13.0 Rel. 4 (HKLM\...\{E5A24F8D-40E1-45CB-B509-81186D795735}) (Version: 13.0 - HP)
HP Photosmart Essential 3.5 (HKLM\...\HP Photosmart Essential) (Version: 3.5 - HP)
HP Smart Web Printing 4.51 (HKLM\...\HP Smart Web Printing) (Version: 4.51 - HP)
HP Solution Center 13.0 (HKLM\...\HP Solution Center & Imaging Support Tools) (Version: 13.0 - HP)
HP Update (HKLM\...\{7059BDA7-E1DB-442C-B7A1-6144596720A4}) (Version: 4.000.011.006 - Hewlett-Packard)
HPPhotoGadget (Version: 130.0.282.000 - Hewlett-Packard) Hidden
HPPhotoSmartDiscLabelContent1 (Version: 2.04.0000 - Hewlett-Packard) Hidden
HPPhotosmartEssential (Version: 2.04.0000 - Hewlett-Packard) Hidden
HPProductAssistant (Version: 130.0.371.000 - Hewlett-Packard) Hidden
HPSSupply (Version: 130.0.371.000 - Hewlett-Packard) Hidden
iCamSource (HKLM\...\{2B07ABFF-CB40-41EE-922B-CA39E6CC4A00}) (Version: 2.4.4 - SKJM, LLC)
iTunes (HKLM\...\{C197BC08-3D82-4651-8886-E68C21578A38}) (Version: 11.1.3.8 - Apple Inc.)
Java 7 Update 51 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F83217045FF}) (Version: 7.0.510 - Oracle)
Java™ 6 Update 22 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F83216022FF}) (Version: 6.0.220 - Oracle)
JavaFX 2.1.0 (HKLM\...\{1111706F-666A-4037-7777-210328764D10}) (Version: 2.1.0 - Oracle Corporation)
JuiceboxBuilder-Lite (HKLM\...\JuiceboxBuilder-Lite) (Version: 1.3.3 - SimpleViewer Inc)
JuiceboxBuilder-Lite (Version: 1.3.3 - SimpleViewer Inc) Hidden
Juniper Networks Network Connect 7.1.12 (HKLM\...\Juniper Network Connect 7.1.12) (Version: 7.1.12.21827 - Juniper Networks)
Juniper Networks Network Connect 7.4.0 (HKLM\...\Juniper Network Connect 7.4.0) (Version: 7.4.0.28485 - Juniper Networks)
Juniper Networks, Inc. Setup Client (HKU\S-1-5-21-562459901-1482382580-3887097223-1000\...\Juniper_Setup_Client) (Version: 7.4.8.42127 - Juniper 
 
Networks, Inc.)
Juniper Networks, Inc. Setup Client Activex Control (HKLM\...\Juniper_Setup_Client Activex Control) (Version: 2.1.1.1 - Juniper Networks, Inc.)
Junk Mail filter update (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
K-Lite Codec Pack 10.6.5 Basic (HKLM\...\KLiteCodecPack_is1) (Version: 10.6.5 - )
Laptop Integrated Webcam Driver (1.04.01.1011)   (HKLM\...\Creative OEM002) (Version:  - )
LegalSounds Music Downloader 1.8 (HKLM\...\LegalSounds Music Downloader_is1) (Version:  - )
LG USB Modem driver (HKLM\...\{C3ABE126-2BB2-4246-BFE1-6797679B3579}) (Version: 4.9.4 - LG Electronics)
Malwarebytes Anti-Malware version 2.0.4.1028 (HKLM\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.4.1028 - Malwarebytes Corporation)
MarketResearch (Version: 130.0.374.000 - Hewlett-Packard) Hidden
Mesh Runtime (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Messenger Companion (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft Office 2003 Web Components (HKLM\...\{90120000-00A4-0409-0000-0000000FF1CE}) (Version: 12.0.6213.1000 - Microsoft Corporation)
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM\...\{91120000-002E-0000-0000-0000000FF1CE}_ULTIMATER_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) 
 
(Version:  - Microsoft)
Microsoft Office File Validation Add-In (HKLM\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
Microsoft Office Outlook Connector (HKLM\...\{95140000-007A-0409-0000-0000000FF1CE}) (Version: 14.0.5118.5000 - Microsoft Corporation)
Microsoft Office Project 2007 Service Pack 3 (SP3) (HKLM\...\{90120000-003B-0000-0000-0000000FF1CE}_PRJPRO_{8446EB22-A746-46DC-B1BD-E0DFA1F3CDDA}) 
 
(Version:  - Microsoft)
Microsoft Office Project Professional 2007 (HKLM\...\PRJPRO) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Office Ultimate 2007 (HKLM\...\ULTIMATER) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Office Visio 2007 Service Pack 3 (SP3) (HKLM\...\{90120000-0051-0000-0000-0000000FF1CE}_VISPRO_{CE144BF4-4950-4CDB-A5F7-CCE1888F49CB}) 
 
(Version:  - Microsoft)
Microsoft Office Visio Professional 2007 (HKLM\...\VISPRO) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30214.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022.218 (HKLM\...\{E503B4BF-F7BB-3D5F-8BC8-F694B1CFF942}) (Version: 9.0.21022.218 - Microsoft 
 
Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft 
 
Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft 
 
Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft 
 
Corporation)
Microsoft Visual Studio 2005 Tools for Applications - ENU (HKLM\...\Microsoft Visual Studio 2005 Tools for Applications - ENU) (Version:  - Microsoft 
 
Corporation)
Microsoft Works 6-9 Converter (HKLM\...\{95140000-0137-0409-0000-0000000FF1CE}) (Version: 14.0.6120.5002 - Microsoft Corporation)
Microsoft WSE 3.0 Runtime (HKLM\...\{E3E71D07-CD27-46CB-8448-16D4FB29AA13}) (Version: 3.0.5305.0 - Microsoft Corp.)
Motorola Driver Installation 3.9.0 (HKLM\...\{FB068BA4-C6EA-4D47-A491-C40E23E77F89}) (Version: 3.9.0 - Motorola Inc.)
Mozilla Firefox 26.0 (x86 en-US) (HKLM\...\Mozilla Firefox 26.0 (x86 en-US)) (Version: 26.0 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 26.0 - Mozilla)
MSXML 4.0 SP2 (KB954430) (HKLM\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
Music Manager (HKU\S-1-5-21-562459901-1482382580-3887097223-1000\...\MusicManager) (Version:  - Google, Inc.)
Music Manager (HKU\S-1-5-21-562459901-1482382580-3887097223-1004\...\MusicManager) (Version:  - Google, Inc.)
MusicSphere (HKLM\...\{D23FC915-AAEF-4FB7-836F-E34D756F5BCB}) (Version: 1.00.0010 - )
Napster Download Manager (HKLM\...\{3CB4A7B0-007D-4722-AF1D-891B53E04606}) (Version: 1.0.0 - Napster)
Network (Version: 130.0.572.000 - Hewlett-Packard) Hidden
NVIDIA Drivers (HKLM\...\NVIDIA Drivers) (Version: 1.9 - NVIDIA Corporation)
NVIDIA PhysX (HKLM\...\{B83FC356-B7C0-441F-8A4D-D71E088E7974}) (Version: 9.09.0428 - NVIDIA Corporation)
OCR Software by I.R.I.S. 13.0 (HKLM\...\HPOCR) (Version: 13.0 - HP)
Picasa 3 (HKLM\...\Picasa 3) (Version: 3.9 - Google, Inc.)
Popcorn Time (HKLM\...\Popcorn Time_is1) (Version: Beta 4.3 - Popcorn Time)
PS_AIO_04_C6300_Software_Min (Version: 130.0.365.000 - Hewlett-Packard) Hidden
QuickTime (HKLM\...\{B67BAFBA-4C9F-48FA-9496-933E3B255044}) (Version: 7.74.80.86 - Apple Inc.)
Recover Keys (HKLM\...\Recover Keys_is1) (Version: 5.0.2.58 - Recover Keys)
Rhapsody (HKLM\...\Rhapsody) (Version:  - )
RICOH R5C83x/84x Flash Media Controller Driver Ver.3.54.06 (HKLM\...\{59F6A514-9813-47A3-948C-8A155460CC2A}) (Version: 3.54.06 - RICOH)
Roxio Creator 2010 (HKLM\...\{89A15676-78AE-4D51-BF5B-DEE3E0D46C94}) (Version: 12.0 - Roxio)
Roxio PhotoShow (HKLM\...\Roxio PhotoShow) (Version: 6.0 - Roxio)
Samsung Kies3 (HKLM\...\InstallShield_{88547073-C566-4895-9005-EBE98EA3F7C7}) (Version: 3.2.14055.3 - Samsung Electronics Co., Ltd.)
Samsung Kies3 (Version: 3.2.14055.3 - Samsung Electronics Co., Ltd.) Hidden
SAMSUNG USB Driver for Mobile Phones (HKLM\...\{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}) (Version: 1.4.4.0 - SAMSUNG Electronics Co., Ltd.)
Scan (Version: 13.0.0.0 - Hewlett-Packard) Hidden
Sentinel System Driver (HKLM\...\Rainbow Sentinel Driver) (Version:  - )
SES Driver (HKLM\...\{0673654C-5296-453B-9798-B61CD7E03FEB}) (Version: 1.0.0 - Western Digital)
Shop for HP Supplies (HKLM\...\Shop for HP Supplies) (Version: 13.0 - HP)
Skype Click to Call (HKLM\...\{6D1221A9-17BF-4EC0-81F2-27D30EC30701}) (Version: 7.3.16540.9015 - Microsoft Corporation)
Skype™ 6.11 (HKLM\...\{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}) (Version: 6.11.102 - Skype Technologies S.A.)
SmartSound Quicktracks Plugin (HKLM\...\InstallShield_{4A7FDA4D-F4D7-4A49-934A-066D59A43C7E}) (Version: 3.0.8.0 - SmartSound Software Inc)
SmartSound Quicktracks Plugin (Version: 3.0.8.0 - SmartSound Software Inc) Hidden
SmartWebPrinting (Version: 130.0.457.000 - Hewlett-Packard) Hidden
SolutionCenter (Version: 130.0.373.000 - Hewlett-Packard) Hidden
Speccy (HKLM\...\Speccy) (Version: 1.17 - Piriform)
Status (Version: 130.0.469.000 - Hewlett-Packard) Hidden
System Requirements Lab (HKLM\...\SystemRequirementsLab) (Version:  - )
Toolbox (Version: 130.0.648.000 - Hewlett-Packard) Hidden
TrayApp (Version: 130.0.422.000 - Hewlett-Packard) Hidden
UnloadSupport (Version: 11.0.0 - Hewlett-Packard) Hidden
Update for 2007 Microsoft Office System (KB967642) (HKLM\...\{90120000-003B-0000-0000-0000000FF1CE}_PRJPRO_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) 
 
(Version:  - Microsoft)
Update for 2007 Microsoft Office System (KB967642) (HKLM\...\{90120000-0051-0000-0000-0000000FF1CE}_VISPRO_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) 
 
(Version:  - Microsoft)
Update for 2007 Microsoft Office System (KB967642) (HKLM\...\{91120000-002E-0000-0000-0000000FF1CE}_ULTIMATER_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) 
 
(Version:  - Microsoft)
VBA (Version: 6.03.00.9402 - Microsoft Corporation) Hidden
VLC media player 1.0.3 (HKLM\...\VLC media player) (Version: 1.0.3 - VideoLAN Team)
WD Quick View (HKLM\...\{63911503-7EA4-4685-B2FD-D391EF622FB9}) (Version: 2.3.0.20 - Western Digital Technologies, Inc.)
WD SmartWare (HKLM\...\{8DC2DD9D-7687-4108-83D6-ACE73ABF2D69}) (Version: 2.3.0.20 - Western Digital Technologies, Inc.)
WD SmartWare Installer (HKLM\...\{1ec9e03a-452b-48fb-8e1b-27ee0477985f}) (Version: 2.3.0.20 - Western Digital Technologies, Inc.)
WebEx Support Manager for Internet Explorer (HKLM\...\{C34FAEF3-4241-4C4E-9CFF-7BBD8BCEABE7}) (Version: 6.5.47 - WebEx Communications Inc.)
WebLinkActiveX (HKLM\...\{78E8A28A-DDB2-4FB4-A31A-C68273E502FB}) (Version: 6.3.6 - ADS)
WebReg (Version: 130.0.132.017 - Hewlett-Packard) Hidden
WIDCOMM Bluetooth Software (HKLM\...\{9E9D49A4-1DF4-4138-B7DB-5D87A893088E}) (Version: 6.2.1.100 - Broadcom Corporation)
WinDirStat 1.1.2 (HKU\S-1-5-21-562459901-1482382580-3887097223-1000\...\WinDirStat) (Version:  - )
Windows Driver Package - Broadcom Bluetooth  (06/15/2009 6.2.0.9000) (HKLM\...\B7541EC5F72AA713F557569278EB6273725F5607) (Version: 06/15/2009 
 
6.2.0.9000 - Broadcom)
Windows Driver Package - Broadcom Bluetooth  (07/30/2009 6.2.0.9405) (HKLM\...\A6A8668C0A13640CA28FE2A7D9654BE4AE478B13) (Version: 07/30/2009 
 
6.2.0.9405 - Broadcom)
Windows Driver Package - Broadcom HIDClass  (07/28/2009 6.2.0.9800) (HKLM\...\BF20603967CFDCB2BBF91950E8A56DFBC5C833FE) (Version: 07/28/2009 
 
6.2.0.9800 - Broadcom)
Windows Driver Package - Weblink USB (usbser) Ports  (06/19/2012 1.0.0.0) (HKLM\...\4465E01C1ED0AE4228C3E5242C6C686557088CA7) (Version: 06/19/2012 
 
1.0.0.0 - Weblink USB)
Windows Live Essentials (HKLM\...\WinLiveSuite) (Version: 15.4.3508.1109 - Microsoft Corporation)
Windows Live Mesh ActiveX Control for Remote Connections (HKLM\...\{2902F983-B4C1-44BA-B85D-5C6D52E2C441}) (Version: 15.4.5722.2 - Microsoft 
 
Corporation)
Windows Media Player Firefox Plugin (HKLM\...\{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}) (Version: 1.0.0.8 - Microsoft Corp)
WinRAR archiver (HKLM\...\WinRAR archiver) (Version:  - )
WinRAS_va 2013.01 (HKLM\...\WinRAS_va_is1) (Version:  - Revenu Québec)
WinZip 14.5 (HKLM\...\{CD95F661-A5C4-44F5-A6AA-ECDD91C240BD}) (Version: 14.5.9095 - WinZip Computing, S.L. )
WModem Driver Installer (HKLM\...\HTC_WModemDriver) (Version: 2.0.6.7 - HTC)
XBMC (HKU\S-1-5-21-562459901-1482382580-3887097223-1000\...\XBMC) (Version:  - Team XBMC)
Xvid 1.1.3 final uninstall (HKLM\...\Xvid_is1) (Version: 1.1 - Xvid team (Koepi))
 
==================== Custom CLSID (selected items): ==========================
 
(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)
 
CustomCLSID: HKU\S-1-5-21-562459901-1482382580-3887097223-1000_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Users\Josh
 
\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-562459901-1482382580-3887097223-1000_Classes\CLSID\{022105BD-948A-40C9-AB42-A3300DDF097F}\localserver32 -> C:\Users\Josh
 
\AppData\Local\Google\Update\GoogleUpdate.exe (Google Inc.)
CustomCLSID: HKU\S-1-5-21-562459901-1482382580-3887097223-1000_Classes\CLSID\{035FBE31-3755-450A-A775-5E6BBD43D344}\InprocServer32 -> C:\Users\Josh
 
\AppData\Local\Google\Update\1.3.21.135\psuser.dll No File
CustomCLSID: HKU\S-1-5-21-562459901-1482382580-3887097223-1000_Classes\CLSID\{039B2CA5-3B41-4D93-AD77-47D3293FC5CB}\InprocServer32 -> C:\Program 
 
Files\Skype\Plugin Manager\ezPMUtils.dll No File
CustomCLSID: HKU\S-1-5-21-562459901-1482382580-3887097223-1000_Classes\CLSID\{095A2EEC-F7FE-42E8-96FB-C20E53081908}\InprocServer32 -> C:\Users\Josh
 
\AppData\Local\Google\Update\1.3.21.99\psuser.dll No File
CustomCLSID: HKU\S-1-5-21-562459901-1482382580-3887097223-1000_Classes\CLSID\{0E55CBE1-B06A-49B6-AD8D-9EFAA0160C6F}\InprocServer32 -> C:\Users\Josh
 
\AppData\Local\Google\Update\1.3.21.57\psuser.dll No File
CustomCLSID: HKU\S-1-5-21-562459901-1482382580-3887097223-1000_Classes\CLSID\{0F22A205-CFB0-4679-8499-A6F44A80A208}\InprocServer32 -> C:\Users\Josh
 
\AppData\Local\Google\Update\1.3.25.5\psuser.dll No File
CustomCLSID: HKU\S-1-5-21-562459901-1482382580-3887097223-1000_Classes\CLSID\{149C77B3-1CBE-387A-99A2-DF2B405333EC}\InprocServer32 -> C:\Windows
 
\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-562459901-1482382580-3887097223-1000_Classes\CLSID\{1C3148E8-B17F-329F-BC04-423CCD47C218}\InprocServer32 -> C:\Windows
 
\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-562459901-1482382580-3887097223-1000_Classes\CLSID\{218D2740-5A50-42A8-AB9F-62FF1B168782}\InprocServer32 -> C:\Users\Josh
 
\AppData\Local\Google\Update\1.3.21.69\psuser.dll No File
CustomCLSID: HKU\S-1-5-21-562459901-1482382580-3887097223-1000_Classes\CLSID\{22181302-A8A6-4F84-A541-E5CBFC70CC43}\localserver32 -> C:\Users\Josh
 
\AppData\Local\Google\Update\1.3.25.11\GoogleUpdateOnDemand.exe (Google Inc.)
CustomCLSID: HKU\S-1-5-21-562459901-1482382580-3887097223-1000_Classes\CLSID\{29A96789-9595-4947-BEDB-0FCC776F7DB8}\InprocServer32 -> C:\Users\Josh
 
\AppData\Local\Google\Update\1.2.183.39\goopdate.dll No File
CustomCLSID: HKU\S-1-5-21-562459901-1482382580-3887097223-1000_Classes\CLSID\{2F0E2680-9FF5-43C0-B76E-114A56E93598}\localserver32 -> C:\Users\Josh
 
\AppData\Local\Google\Update\1.3.25.11\GoogleUpdateOnDemand.exe (Google Inc.)
CustomCLSID: HKU\S-1-5-21-562459901-1482382580-3887097223-1000_Classes\CLSID\{320F0FDB-BE0A-4648-9D18-4A2C3448C007}\InprocServer32 -> C:\Users\Josh
 
\AppData\Local\Google\Update\1.3.21.79\psuser.dll No File
CustomCLSID: HKU\S-1-5-21-562459901-1482382580-3887097223-1000_Classes\CLSID\{355EC88A-02E2-4547-9DEE-F87426484BD1}\InprocServer32 -> C:\Users\Josh
 
\AppData\Local\Google\Update\1.3.23.9\psuser.dll No File
CustomCLSID: HKU\S-1-5-21-562459901-1482382580-3887097223-1000_Classes\CLSID\{39125640-8D80-11DC-A2FE-C5C455D89593}\InprocServer32 -> C:\Users\Josh
 
\AppData\Local\Google\Google Talk Plugin\googletalkax.dll (Google)
CustomCLSID: HKU\S-1-5-21-562459901-1482382580-3887097223-1000_Classes\CLSID\{3faa4380-a399-11cf-a466-00805fe418f6}\InprocServer32 -> C:\Program 
 
Files\DWG TrueView 2010\DWGVIEWRficn.dll (Autodesk, Inc.)
CustomCLSID: HKU\S-1-5-21-562459901-1482382580-3887097223-1000_Classes\CLSID\{42481700-CF3C-4D05-8EC6-F9A1C57E8DC0}\InprocServer32 -> C:\Program 
 
Files\Skype\Plugin Manager\ezPMUtils.dll No File
CustomCLSID: HKU\S-1-5-21-562459901-1482382580-3887097223-1000_Classes\CLSID\{43C8123B-FBF8-38FC-B4CA-0F2462E53146}\InprocServer32 -> C:\Windows
 
\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-562459901-1482382580-3887097223-1000_Classes\CLSID\{51F9E8EF-59D7-475B-A106-C7EA6F30C119}\localserver32 -> C:\Users\Josh
 
\AppData\Local\Google\Update\1.3.25.11\GoogleUpdateOnDemand.exe (Google Inc.)
CustomCLSID: HKU\S-1-5-21-562459901-1482382580-3887097223-1000_Classes\CLSID\{591E5416-DDC3-45E6-BE9D-C40D0B418F6E}\localserver32 -> C:\Program 
 
Files\DWG TrueView 2010\DWGVIEWR.exe (Autodesk, Inc.)
CustomCLSID: HKU\S-1-5-21-562459901-1482382580-3887097223-1000_Classes\CLSID\{62A0D750-DED9-448C-B693-406B34BB0892}\InprocServer32 -> C:\Users\Josh
 
\AppData\Local\Google\Update\1.3.21.145\psuser.dll No File
CustomCLSID: HKU\S-1-5-21-562459901-1482382580-3887097223-1000_Classes\CLSID\{634059C0-D264-4B2C-AE80-F73E48D33E5B}\InprocServer32 -> C:\Users\Josh
 
\AppData\Local\Google\Update\1.3.21.123\psuser.dll No File
CustomCLSID: HKU\S-1-5-21-562459901-1482382580-3887097223-1000_Classes\CLSID\{6D7374DE-63AA-473C-8C02-60D9CDCD84C5}\InprocServer32 -> C:\Users\Josh
 
\AppData\Local\Google\Update\1.3.21.153\psuser.dll No File
CustomCLSID: HKU\S-1-5-21-562459901-1482382580-3887097223-1000_Classes\CLSID\{6D7AE628-FF41-4CD3-91DD-34825BB1A251}\localserver32 -> C:\Program 
 
Files\Autodesk\ACADM 2010\acad.exe (Autodesk, Inc.)
CustomCLSID: HKU\S-1-5-21-562459901-1482382580-3887097223-1000_Classes\CLSID\{741CD584-7E70-397D-9CB7-2B2E627DCE23}\InprocServer32 -> C:\Windows
 
\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-562459901-1482382580-3887097223-1000_Classes\CLSID\{7A85781B-2381-4315-B02F-534D29006018}\localserver32 -> C:\Program 
 
Files\Napster\Napster Download Manager\NapsterDownloadManager.exe (napster)
CustomCLSID: HKU\S-1-5-21-562459901-1482382580-3887097223-1000_Classes\CLSID\{8E4D40FF-AAC8-4211-A59C-04839137BA12}\InprocServer32 -> C:\Windows
 
\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-562459901-1482382580-3887097223-1000_Classes\CLSID\{90B3DFBF-AF6A-4EA0-8899-F332194690F8}\InprocServer32 -> C:\Users\Josh
 
\AppData\Local\Google\Update\1.3.24.15\psuser.dll No File
CustomCLSID: HKU\S-1-5-21-562459901-1482382580-3887097223-1000_Classes\CLSID\{91EFB276-CEFE-48EC-BB3A-57795A7B4008}\InprocServer32 -> C:\Users\Josh
 
\AppData\Local\Google\Update\1.3.21.149\psuser.dll No File
CustomCLSID: HKU\S-1-5-21-562459901-1482382580-3887097223-1000_Classes\CLSID\{9D5B8BA7-8FEA-3AA3-9F5A-11EF853EDCC9}\InprocServer32 -> C:\Windows
 
\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-562459901-1482382580-3887097223-1000_Classes\CLSID\{9F1FD6D3-CDFA-354A-A1A2-B4E7B870D7DB}\InprocServer32 -> C:\Windows
 
\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-562459901-1482382580-3887097223-1000_Classes\CLSID\{A45426FB-E444-42B2-AA56-419F8FBEEC61}\InprocServer32 -> C:\Users\Josh
 
\AppData\Local\Google\Update\1.3.22.3\psuser.dll No File
CustomCLSID: HKU\S-1-5-21-562459901-1482382580-3887097223-1000_Classes\CLSID\{A54D478D-4F70-4F72-9A74-17C9986E35AB}\InprocServer32 -> C:\Users\Josh
 
\AppData\Local\Google\Update\1.3.21.165\psuser.dll No File
CustomCLSID: HKU\S-1-5-21-562459901-1482382580-3887097223-1000_Classes\CLSID\{AB9F4455-E591-4132-A386-0B91EAEDB96C}\InprocServer32 -> C:\Users\Josh
 
\AppData\Local\Google\Google Talk Plugin\o1dax.dll (Google)
CustomCLSID: HKU\S-1-5-21-562459901-1482382580-3887097223-1000_Classes\CLSID\{AD848A76-F236-5EE2-819B-2BDE7ED40AE7}\InprocServer32 -> C:\Users\Josh
 
\AppData\Roaming\Catalina – Print Savings\npBcsKtTcHW.dll (Catalina Marketing Corporation)
CustomCLSID: HKU\S-1-5-21-562459901-1482382580-3887097223-1000_Classes\CLSID\{C3101A8B-0EE1-4612-BFE9-41FFC1A3C19D}\InprocServer32 -> C:\Users\Josh
 
\AppData\Local\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-562459901-1482382580-3887097223-1000_Classes\CLSID\{C442AC41-9200-4770-8CC0-7CDB4F245C55}\InprocServer32 -> C:\Users\Josh
 
\AppData\Local\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-562459901-1482382580-3887097223-1000_Classes\CLSID\{C5A2122B-A05B-4FD8-AE49-91990AE10998}\InprocServer32 -> C:\Users\Josh
 
\AppData\Local\Google\Update\1.3.21.115\psuser.dll No File
CustomCLSID: HKU\S-1-5-21-562459901-1482382580-3887097223-1000_Classes\CLSID\{D0336C0B-7919-4C04-8CCE-2EBAE2ECE8C9}\InprocServer32 -> C:\Users\Josh
 
\AppData\Local\Google\Update\1.3.25.11\psuser.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-562459901-1482382580-3887097223-1000_Classes\CLSID\{D0D38C6E-BF64-4C42-840D-3E0019D9F7A6}\InprocServer32 -> C:\Program 
 
Files\Skype\Plugin Manager\ezPMUtils.dll No File
CustomCLSID: HKU\S-1-5-21-562459901-1482382580-3887097223-1000_Classes\CLSID\{D66C3DCC-B078-3AFA-9862-071479F7FCE5}\InprocServer32 -> C:\Windows
 
\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-562459901-1482382580-3887097223-1000_Classes\CLSID\{D70E31AD-2614-49F2-B0FC-ACA781D81F3E}\localserver32 -> C:\Program 
 
Files\Autodesk\ACADM 2010\acad.exe (Autodesk, Inc.)
CustomCLSID: HKU\S-1-5-21-562459901-1482382580-3887097223-1000_Classes\CLSID\{DB25D157-76D4-41C1-97B5-359E4A4CECEB}\InprocServer32 -> C:\Users\Josh
 
\AppData\Local\Google\Update\1.3.21.65\psuser.dll No File
CustomCLSID: HKU\S-1-5-21-562459901-1482382580-3887097223-1000_Classes\CLSID\{E2C40589-DE61-11ce-BAE0-0020AF6D7005}\InprocServer32 -> C:\Program 
 
Files\Autodesk\ACADM 2010\acadficn.dll (Autodesk, Inc.)
CustomCLSID: HKU\S-1-5-21-562459901-1482382580-3887097223-1000_Classes\CLSID\{E67BE843-BBBE-4484-95FB-05271AE86750}\localserver32 -> C:\Users\Josh
 
\AppData\Local\Google\Update\1.3.25.11\GoogleUpdateOnDemand.exe (Google Inc.)
CustomCLSID: HKU\S-1-5-21-562459901-1482382580-3887097223-1000_Classes\CLSID\{E8538EA2-9E3C-47EC-A5C5-74A4D9D1C3E2}\InprocServer32 -> C:\Windows
 
\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-562459901-1482382580-3887097223-1000_Classes\CLSID\{E8CF3E55-F919-49D9-ABC0-948E6CB34B9F}\InprocServer32 -> C:\Users\Josh
 
\AppData\Local\Google\Update\1.3.25.11\psuser.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-562459901-1482382580-3887097223-1000_Classes\CLSID\{EB06378B-ABB6-4B3C-9B40-D488DD8A6E93}\InprocServer32 -> C:\Users\Josh
 
\AppData\Local\Google\Update\1.3.22.5\psuser.dll No File
CustomCLSID: HKU\S-1-5-21-562459901-1482382580-3887097223-1000_Classes\CLSID\{F349C335-D2C5-3F1A-A68A-DBF6B1F2919B}\InprocServer32 -> C:\Windows
 
\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-562459901-1482382580-3887097223-1000_Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Josh
 
\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-562459901-1482382580-3887097223-1000_Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Josh
 
\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-562459901-1482382580-3887097223-1000_Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Josh
 
\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-562459901-1482382580-3887097223-1000_Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Josh
 
\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-562459901-1482382580-3887097223-1000_Classes\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Josh
 
\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-562459901-1482382580-3887097223-1000_Classes\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Josh
 
\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-562459901-1482382580-3887097223-1000_Classes\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Josh
 
\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-562459901-1482382580-3887097223-1000_Classes\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Josh
 
\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-562459901-1482382580-3887097223-1000_Classes\CLSID\{FB994D36-B312-46CE-A40B-CF63980641F9}\InprocServer32 -> C:\Users\Josh
 
\AppData\Local\Google\Update\1.3.21.111\psuser.dll No File
CustomCLSID: HKU\S-1-5-21-562459901-1482382580-3887097223-1000_Classes\CLSID\{FDD82C37-330A-37BD-ABC7-FE97A2FD7F30}\InprocServer32 -> C:\Windows
 
\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-562459901-1482382580-3887097223-1000_Classes\CLSID\{FE498BAB-CB4C-4F88-AC3F-3641AAAF5E9E}\InprocServer32 -> C:\Users\Josh
 
\AppData\Local\Google\Update\1.3.24.7\psuser.dll No File
CustomCLSID: HKU\S-1-5-21-562459901-1482382580-3887097223-1004_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Users\Tiff
 
\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-562459901-1482382580-3887097223-1004_Classes\CLSID\{022105BD-948A-40C9-AB42-A3300DDF097F}\localserver32 -> C:\Users\Tiff
 
\AppData\Local\Google\Update\GoogleUpdate.exe (Google Inc.)
CustomCLSID: HKU\S-1-5-21-562459901-1482382580-3887097223-1004_Classes\CLSID\{035FBE31-3755-450A-A775-5E6BBD43D344}\InprocServer32 -> C:\Users\Tiff
 
\AppData\Local\Google\Update\1.3.21.135\psuser.dll No File
CustomCLSID: HKU\S-1-5-21-562459901-1482382580-3887097223-1004_Classes\CLSID\{039B2CA5-3B41-4D93-AD77-47D3293FC5CB}\InprocServer32 -> C:\Program 
 
Files\Skype\Plugin Manager\ezPMUtils.dll No File
CustomCLSID: HKU\S-1-5-21-562459901-1482382580-3887097223-1004_Classes\CLSID\{095A2EEC-F7FE-42E8-96FB-C20E53081908}\InprocServer32 -> C:\Users\Tiff
 
\AppData\Local\Google\Update\1.3.21.99\psuser.dll No File
CustomCLSID: HKU\S-1-5-21-562459901-1482382580-3887097223-1004_Classes\CLSID\{0E55CBE1-B06A-49B6-AD8D-9EFAA0160C6F}\InprocServer32 -> C:\Users\Tiff
 
\AppData\Local\Google\Update\1.3.21.57\psuser.dll No File
CustomCLSID: HKU\S-1-5-21-562459901-1482382580-3887097223-1004_Classes\CLSID\{218D2740-5A50-42A8-AB9F-62FF1B168782}\InprocServer32 -> C:\Users\Tiff
 
\AppData\Local\Google\Update\1.3.21.69\psuser.dll No File
CustomCLSID: HKU\S-1-5-21-562459901-1482382580-3887097223-1004_Classes\CLSID\{22181302-A8A6-4F84-A541-E5CBFC70CC43}\localserver32 -> C:\Users\Tiff
 
\AppData\Local\Google\Update\1.3.24.7\GoogleUpdateOnDemand.exe (Google Inc.)
CustomCLSID: HKU\S-1-5-21-562459901-1482382580-3887097223-1004_Classes\CLSID\{29A96789-9595-4947-BEDB-0FCC776F7DB8}\InprocServer32 -> C:\Users\Tiff
 
\AppData\Local\Google\Update\1.2.183.39\goopdate.dll No File
CustomCLSID: HKU\S-1-5-21-562459901-1482382580-3887097223-1004_Classes\CLSID\{2D1FB0E4-646C-31D4-BDC9-9D54F9C8F137}\InprocServer32 -> C:\Windows
 
\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-562459901-1482382580-3887097223-1004_Classes\CLSID\{2F0E2680-9FF5-43C0-B76E-114A56E93598}\localserver32 -> C:\Users\Tiff
 
\AppData\Local\Google\Update\1.3.24.7\GoogleUpdateOnDemand.exe (Google Inc.)
CustomCLSID: HKU\S-1-5-21-562459901-1482382580-3887097223-1004_Classes\CLSID\{320F0FDB-BE0A-4648-9D18-4A2C3448C007}\InprocServer32 -> C:\Users\Tiff
 
\AppData\Local\Google\Update\1.3.21.79\psuser.dll No File
CustomCLSID: HKU\S-1-5-21-562459901-1482382580-3887097223-1004_Classes\CLSID\{355EC88A-02E2-4547-9DEE-F87426484BD1}\InprocServer32 -> C:\Users\Tiff
 
\AppData\Local\Google\Update\1.3.23.9\psuser.dll No File
CustomCLSID: HKU\S-1-5-21-562459901-1482382580-3887097223-1004_Classes\CLSID\{39125640-8D80-11DC-A2FE-C5C455D89593}\InprocServer32 -> C:\Users\Josh
 
\AppData\Local\Google\Google Talk Plugin\googletalkax.dll (Google)
CustomCLSID: HKU\S-1-5-21-562459901-1482382580-3887097223-1004_Classes\CLSID\{3faa4380-a399-11cf-a466-00805fe418f6}\InprocServer32 -> C:\Program 
 
Files\DWG TrueView 2010\DWGVIEWRficn.dll (Autodesk, Inc.)
CustomCLSID: HKU\S-1-5-21-562459901-1482382580-3887097223-1004_Classes\CLSID\{42481700-CF3C-4D05-8EC6-F9A1C57E8DC0}\InprocServer32 -> C:\Program 
 
Files\Skype\Plugin Manager\ezPMUtils.dll No File
CustomCLSID: HKU\S-1-5-21-562459901-1482382580-3887097223-1004_Classes\CLSID\{51F9E8EF-59D7-475B-A106-C7EA6F30C119}\localserver32 -> C:\Users\Tiff
 
\AppData\Local\Google\Update\1.3.24.7\GoogleUpdateOnDemand.exe (Google Inc.)
CustomCLSID: HKU\S-1-5-21-562459901-1482382580-3887097223-1004_Classes\CLSID\{591E5416-DDC3-45E6-BE9D-C40D0B418F6E}\localserver32 -> C:\Program 
 
Files\DWG TrueView 2010\DWGVIEWR.exe (Autodesk, Inc.)
CustomCLSID: HKU\S-1-5-21-562459901-1482382580-3887097223-1004_Classes\CLSID\{5D3474C2-CA0D-33D5-86FD-0309D40C7B1F}\InprocServer32 -> C:\Windows
 
\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-562459901-1482382580-3887097223-1004_Classes\CLSID\{62A0D750-DED9-448C-B693-406B34BB0892}\InprocServer32 -> C:\Users\Tiff
 
\AppData\Local\Google\Update\1.3.21.145\psuser.dll No File
CustomCLSID: HKU\S-1-5-21-562459901-1482382580-3887097223-1004_Classes\CLSID\{634059C0-D264-4B2C-AE80-F73E48D33E5B}\InprocServer32 -> C:\Users\Tiff
 
\AppData\Local\Google\Update\1.3.21.123\psuser.dll No File
CustomCLSID: HKU\S-1-5-21-562459901-1482382580-3887097223-1004_Classes\CLSID\{6D7374DE-63AA-473C-8C02-60D9CDCD84C5}\InprocServer32 -> C:\Users\Tiff
 
\AppData\Local\Google\Update\1.3.21.153\psuser.dll No File
CustomCLSID: HKU\S-1-5-21-562459901-1482382580-3887097223-1004_Classes\CLSID\{6D7AE628-FF41-4CD3-91DD-34825BB1A251}\localserver32 -> C:\Program 
 
Files\Autodesk\ACADM 2010\acad.exe (Autodesk, Inc.)
CustomCLSID: HKU\S-1-5-21-562459901-1482382580-3887097223-1004_Classes\CLSID\{77D45635-D3A5-344D-94C9-AA31CB4A6F5B}\InprocServer32 -> C:\Windows
 
\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-562459901-1482382580-3887097223-1004_Classes\CLSID\{7A85781B-2381-4315-B02F-534D29006018}\localserver32 -> C:\Program 
 
Files\Napster\Napster Download Manager\NapsterDownloadManager.exe (napster)
CustomCLSID: HKU\S-1-5-21-562459901-1482382580-3887097223-1004_Classes\CLSID\{8F800796-5C75-3A25-AA94-487DF3AFC7F4}\InprocServer32 -> C:\Windows
 
\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-562459901-1482382580-3887097223-1004_Classes\CLSID\{91EFB276-CEFE-48EC-BB3A-57795A7B4008}\InprocServer32 -> C:\Users\Tiff
 
\AppData\Local\Google\Update\1.3.21.149\psuser.dll No File
CustomCLSID: HKU\S-1-5-21-562459901-1482382580-3887097223-1004_Classes\CLSID\{9793fbbf-e9db-3b01-b322-3430cbcf3cd5}\InprocServer32 -> C:\Users\Tiff
 
\AppData\Local\Google\Google Talk Plugin\gtpo3d_host.dll No File
CustomCLSID: HKU\S-1-5-21-562459901-1482382580-3887097223-1004_Classes\CLSID\{A45426FB-E444-42B2-AA56-419F8FBEEC61}\InprocServer32 -> C:\Users\Tiff
 
\AppData\Local\Google\Update\1.3.22.3\psuser.dll No File
CustomCLSID: HKU\S-1-5-21-562459901-1482382580-3887097223-1004_Classes\CLSID\{A54D478D-4F70-4F72-9A74-17C9986E35AB}\InprocServer32 -> C:\Users\Tiff
 
\AppData\Local\Google\Update\1.3.21.165\psuser.dll No File
CustomCLSID: HKU\S-1-5-21-562459901-1482382580-3887097223-1004_Classes\CLSID\{AB9F4455-E591-4132-A386-0B91EAEDB96C}\InprocServer32 -> C:\Users\Josh
 
\AppData\Local\Google\Google Talk Plugin\o1dax.dll (Google)
CustomCLSID: HKU\S-1-5-21-562459901-1482382580-3887097223-1004_Classes\CLSID\{B867D396-2E38-3DBE-9000-9D5E99BA8A97}\InprocServer32 -> C:\Windows
 
\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-562459901-1482382580-3887097223-1004_Classes\CLSID\{C3101A8B-0EE1-4612-BFE9-41FFC1A3C19D}\InprocServer32 -> C:\Users\Tiff
 
\AppData\Local\Google\Update\1.3.24.7\npGoogleUpdate3.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-562459901-1482382580-3887097223-1004_Classes\CLSID\{C442AC41-9200-4770-8CC0-7CDB4F245C55}\InprocServer32 -> C:\Users\Tiff
 
\AppData\Local\Google\Update\1.3.24.7\npGoogleUpdate3.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-562459901-1482382580-3887097223-1004_Classes\CLSID\{C5A2122B-A05B-4FD8-AE49-91990AE10998}\InprocServer32 -> C:\Users\Tiff
 
\AppData\Local\Google\Update\1.3.21.115\psuser.dll No File
CustomCLSID: HKU\S-1-5-21-562459901-1482382580-3887097223-1004_Classes\CLSID\{D0D38C6E-BF64-4C42-840D-3E0019D9F7A6}\InprocServer32 -> C:\Program 
 
Files\Skype\Plugin Manager\ezPMUtils.dll No File
CustomCLSID: HKU\S-1-5-21-562459901-1482382580-3887097223-1004_Classes\CLSID\{D70E31AD-2614-49F2-B0FC-ACA781D81F3E}\localserver32 -> C:\Program 
 
Files\Autodesk\ACADM 2010\acad.exe (Autodesk, Inc.)
CustomCLSID: HKU\S-1-5-21-562459901-1482382580-3887097223-1004_Classes\CLSID\{DB25D157-76D4-41C1-97B5-359E4A4CECEB}\InprocServer32 -> C:\Users\Tiff
 
\AppData\Local\Google\Update\1.3.21.65\psuser.dll No File
CustomCLSID: HKU\S-1-5-21-562459901-1482382580-3887097223-1004_Classes\CLSID\{E2C40589-DE61-11ce-BAE0-0020AF6D7005}\InprocServer32 -> C:\Program 
 
Files\Autodesk\ACADM 2010\acadficn.dll (Autodesk, Inc.)
CustomCLSID: HKU\S-1-5-21-562459901-1482382580-3887097223-1004_Classes\CLSID\{E67BE843-BBBE-4484-95FB-05271AE86750}\localserver32 -> C:\Users\Tiff
 
\AppData\Local\Google\Update\1.3.24.7\GoogleUpdateOnDemand.exe (Google Inc.)
CustomCLSID: HKU\S-1-5-21-562459901-1482382580-3887097223-1004_Classes\CLSID\{E8CF3E55-F919-49D9-ABC0-948E6CB34B9F}\InprocServer32 -> C:\Users\Tiff
 
\AppData\Local\Google\Update\1.3.24.7\psuser.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-562459901-1482382580-3887097223-1004_Classes\CLSID\{EB06378B-ABB6-4B3C-9B40-D488DD8A6E93}\InprocServer32 -> C:\Users\Tiff
 
\AppData\Local\Google\Update\1.3.22.5\psuser.dll No File
CustomCLSID: HKU\S-1-5-21-562459901-1482382580-3887097223-1004_Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Tiff
 
\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-562459901-1482382580-3887097223-1004_Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Tiff
 
\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-562459901-1482382580-3887097223-1004_Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Tiff
 
\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-562459901-1482382580-3887097223-1004_Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Tiff
 
\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-562459901-1482382580-3887097223-1004_Classes\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Tiff
 
\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-562459901-1482382580-3887097223-1004_Classes\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Tiff
 
\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-562459901-1482382580-3887097223-1004_Classes\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Tiff
 
\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-562459901-1482382580-3887097223-1004_Classes\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Tiff
 
\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-562459901-1482382580-3887097223-1004_Classes\CLSID\{FB994D36-B312-46CE-A40B-CF63980641F9}\InprocServer32 -> C:\Users\Tiff
 
\AppData\Local\Google\Update\1.3.21.111\psuser.dll No File
CustomCLSID: HKU\S-1-5-21-562459901-1482382580-3887097223-1004_Classes\CLSID\{FE498BAB-CB4C-4F88-AC3F-3641AAAF5E9E}\InprocServer32 -> C:\Users\Tiff
 
\AppData\Local\Google\Update\1.3.24.7\psuser.dll (Google Inc.)
 
==================== Restore Points  =========================
 
31-01-2015 17:05:27 Malwarebytes Anti-Rootkit Restore Point
 
==================== Scheduled Tasks (whitelisted) =============
 
(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)
 
Task: {018A3125-BB0D-48D5-B809-2A9304F3A98E} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files\Google\Update\GoogleUpdate.exe [2014-10-
 
20] (Google Inc.)
Task: {044A1146-2CEE-4160-90C0-2777524E865D} - System32\Tasks\4bc7f3e0 => C:\Users\Josh\AppData\Local\Temp\\setup757764480.exe <==== ATTENTION
Task: {09F85459-C1C5-4EEB-9428-3BC99262753B} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files\Google\Update\GoogleUpdate.exe [2014-
 
10-20] (Google Inc.)
Task: {18E459C6-F6CC-41A3-A173-941F901DB49C} - System32\Tasks\b4a7ca60 => C:\Users\Josh\AppData\Local\Temp\\setup2774079792.exe <==== ATTENTION
Task: {21AB76FE-8AD2-4DCE-8E45-CD04BFEBB3AA} - System32\Tasks\{D4FB16BA-0032-4CA6-9EC9-9AA039A322CE} => pcalua.exe -a "C:\Users\Josh\AppData\Local
 
\Microsoft\Windows\Temporary Internet Files\Content.IE5\R0QH8V0A\Firefox%20Setup%203.5.5[1].exe" -d C:\Users\Josh\Desktop
Task: {2FD3FAA4-FCC2-490A-922D-1D9F5B589B5F} - System32\Tasks\c2fdb7a0 => C:\Users\Josh\AppData\Local\Temp\\setup2603691568.exe <==== ATTENTION
Task: {40E69768-2443-4E4E-964D-E8C843471D61} - System32\Tasks\ed7b1c80 => C:\Users\Josh\AppData\Local\Temp\\setup4099320224.exe <==== ATTENTION
Task: {4A84CF1F-4DD4-4BD2-AB29-AA0E8759AF26} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2013-10-21] (Piriform Ltd)
Task: {4BE06CED-C70E-4668-8B6A-C6FE9454741D} - System32\Tasks\{0F4BA678-1381-40D2-819A-C13238A68129} => pcalua.exe -a C:\Users\Josh\AppData\Local
 
\Temp\Temp2_OrCAD_Demo_162.zip\setup.exe
Task: {5103D370-A924-43D2-A330-009AFF328010} - System32\Tasks\{FFA9A7FC-1749-4535-8ADE-F94EE76D30AB} => C:\Program Files\Skype\Phone\Skype.exe [2013
 
-11-14] (Skype Technologies S.A.)
Task: {51DF6848-04E6-439B-A39F-CA4F98DFA0A7} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files\Apple Software Update\SoftwareUpdate.exe 
 
[2011-06-01] (Apple Inc.)
Task: {71A65B78-41B4-4302-850C-768D10C90282} - System32\Tasks\b5f4b9b0 => C:\Users\Josh\AppData\Local\Temp\\setup2641813872.exe <==== ATTENTION
Task: {7399AA1B-95A7-4ED9-8C5A-44F29BB0FFC8} - System32\Tasks\a02592c0 => C:\Users\Josh\AppData\Local\Temp\\setup2173191280.exe <==== ATTENTION
Task: {8B5C1C2B-D748-447C-A55E-D348FBF599E1} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-562459901-1482382580-3887097223-1004Core => C:\Users\Tiff
 
\AppData\Local\Google\Update\GoogleUpdate.exe [2014-02-13] (Google Inc.)
Task: {9587B937-D8C5-4A5C-8F4F-8217F1482F39} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-562459901-1482382580-3887097223-1004UA => C:\Users\Tiff
 
\AppData\Local\Google\Update\GoogleUpdate.exe [2014-02-13] (Google Inc.)
Task: {9A10DE5F-18F8-43BF-9BED-3283126FBB4E} - System32\Tasks\4d63b6f0 => C:\Users\Josh\AppData\Local\Temp\\setup938839984.exe <==== ATTENTION
Task: {9C2ABBE7-E51A-4E9B-B7B9-D67F84A15C4D} - System32\Tasks\{8E5D37E3-8D96-49C2-A43B-464B9D7B7937} => pcalua.exe -a "C:\Users\Josh\AppData\Local
 
\Microsoft\Windows\Temporary Internet Files\Content.IE5\1CU2FYBB\Firefox%20Setup%203.5.5[1].exe" -d C:\Users\Josh\Desktop
Task: {9D28E2E7-D526-418D-B4C6-5140D8CE1746} - System32\Tasks\{22116563-108C-42c0-A7CE-60161B75E508} => C:\Users\Josh\AppData\Local\Temp\Ovl.exe 
 
<==== ATTENTION
Task: {A2F85635-D6D9-4A36-BB24-26DBB8F0198E} - System32\Tasks\b956d9e0 => C:\Users\Josh\AppData\Local\Temp\\setup2493126016.exe <==== ATTENTION
Task: {A4A405A0-3E2C-4488-AE76-F41CFE87768D} - System32\Tasks\fff6f990 => C:\Users\Josh\AppData\Local\Temp\\setup3832110144.exe <==== ATTENTION
Task: {BB83C3A3-0373-40AB-893A-D2C0E8C17E5E} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\system32\Macromed\Flash
 
\FlashPlayerUpdateService.exe [2015-02-07] (Adobe Systems Incorporated)
Task: {C9F2AC3D-3BB2-4790-9683-4259ADEB96CD} - System32\Tasks\9cdfade0 => C:\Users\Josh\AppData\Local\Temp\\setup2477814464.exe <==== ATTENTION
Task: {E36AB2B0-4CCB-4D3D-86B9-A047D7E132CC} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-562459901-1482382580-3887097223-1000Core => C:\Users\Josh
 
\AppData\Local\Google\Update\GoogleUpdate.exe [2014-10-26] (Google Inc.)
Task: {EBB17C6D-F1EA-48C1-ADDF-46EEC58C2186} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-562459901-1482382580-3887097223-1000UA => C:\Users\Josh
 
\AppData\Local\Google\Update\GoogleUpdate.exe [2014-10-26] (Google Inc.)
Task: {EF171C89-BCE6-49BD-B598-F677AA0D9DD2} - System32\Tasks\{88738D09-C069-435F-A442-BD6755C1518D} => C:\Program Files\Skype\Phone\Skype.exe [2013
 
-11-14] (Skype Technologies S.A.)
Task: {FF4EEA82-E1DB-48D7-A96B-C989921760AD} - System32\Tasks\{E28AA919-7500-4928-8371-919154587ABD} => pcalua.exe -a C:\Users\Josh\Downloads
 
\vidalia-bundle-0.2.1.26-0.2.9.exe -d "C:\Program Files\Mozilla Firefox"
 
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
 
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-562459901-1482382580-3887097223-1000Core.job => C:\Users\Josh\AppData\Local\Google\Update
 
\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-562459901-1482382580-3887097223-1000UA.job => C:\Users\Josh\AppData\Local\Google\Update
 
\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-562459901-1482382580-3887097223-1004Core.job => C:\Users\Tiff\AppData\Local\Google\Update
 
\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-562459901-1482382580-3887097223-1004UA.job => C:\Users\Tiff\AppData\Local\Google\Update
 
\GoogleUpdate.exe
 
==================== Loaded Modules (whitelisted) ==============
 
2011-09-27 06:23 - 2011-09-27 06:23 - 00087912 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
2011-09-27 06:22 - 2011-09-27 06:22 - 01242472 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
2013-12-10 16:06 - 2013-12-10 16:06 - 10683392 _____ () C:\Users\Tiff\AppData\Local\Programs\Google\MusicManager\QtWebKit4.dll
2013-12-10 16:06 - 2013-12-10 16:06 - 07741952 _____ () C:\Users\Tiff\AppData\Local\Programs\Google\MusicManager\QtGui4.dll
2013-12-10 16:06 - 2013-12-10 16:06 - 02248192 _____ () C:\Users\Tiff\AppData\Local\Programs\Google\MusicManager\QtCore4.dll
2013-12-10 16:06 - 2013-12-10 16:06 - 01681408 _____ () C:\Users\Tiff\AppData\Local\Programs\Google\MusicManager\QtNetwork4.dll
2014-04-23 17:38 - 2014-04-23 17:38 - 00117248 _____ () C:\Users\Tiff\AppData\Local\Programs\Google\MusicManager\libaacdec.dll
2014-04-23 17:39 - 2014-04-23 17:39 - 00231936 _____ () C:\Users\Tiff\AppData\Local\Programs\Google\MusicManager\libmpgdec.dll
2014-04-23 17:40 - 2014-04-23 17:40 - 00253440 _____ () C:\Users\Tiff\AppData\Local\Programs\Google\MusicManager\libid3tag.dll
2014-04-23 17:38 - 2014-04-23 17:38 - 00344064 _____ () C:\Users\Tiff\AppData\Local\Programs\Google\MusicManager\libaudioenc.dll
2013-12-10 16:06 - 2013-12-10 16:06 - 00026624 _____ () C:\Users\Tiff\AppData\Local\Programs\Google\MusicManager\imageformats\qgif4.dll
2015-01-08 15:44 - 2015-01-08 15:44 - 00750080 _____ () C:\Users\Tiff\AppData\Roaming\Dropbox\bin\libGLESv2.dll
2015-02-03 13:24 - 2015-02-03 13:24 - 00043008 _____ () c:\users\tiff\appdata\local\temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-
 
3e3e7ecf0d81}.tmpjg9aq8.dll
2015-01-08 15:44 - 2015-01-08 15:44 - 00047616 _____ () C:\Users\Tiff\AppData\Roaming\Dropbox\bin\libEGL.dll
2015-01-08 15:44 - 2015-01-08 15:44 - 00863744 _____ () C:\Users\Tiff\AppData\Roaming\Dropbox\bin\plugins\platforms\qwindows.dll
2015-01-08 15:44 - 2015-01-08 15:44 - 00200704 _____ () C:\Users\Tiff\AppData\Roaming\Dropbox\bin\plugins\imageformats\qjpeg.dll
2014-10-27 19:03 - 2014-10-21 23:04 - 01042760 _____ () C:\Program Files\Google\Chrome\Application\38.0.2125.111\libglesv2.dll
2014-10-27 19:03 - 2014-10-21 23:04 - 00211272 _____ () C:\Program Files\Google\Chrome\Application\38.0.2125.111\libegl.dll
2014-10-27 19:03 - 2014-10-21 23:04 - 08910664 _____ () C:\Program Files\Google\Chrome\Application\38.0.2125.111\pdf.dll
2014-10-27 19:03 - 2014-10-21 23:04 - 01681224 _____ () C:\Program Files\Google\Chrome\Application\38.0.2125.111\ffmpegsumo.dll
2014-10-27 19:03 - 2014-10-21 23:05 - 14902600 _____ () C:\Program Files\Google\Chrome\Application\38.0.2125.111\PepperFlash\pepflashplayer.dll
 
==================== Alternate Data Streams (whitelisted) =========
 
(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)
 
 
==================== Safe Mode (whitelisted) ===================
 
(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
 
 
==================== EXE Association (whitelisted) ===============
 
(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)
 
 
==================== Other Registry Areas =====================
 
(Currently there is no automatic fix for this section.)
 
HKU\S-1-5-21-562459901-1482382580-3887097223-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\Josh\AppData\Roaming\Mozilla\Firefox\Desktop 
 
Background.bmp
HKU\S-1-5-21-562459901-1482382580-3887097223-1004\Control Panel\Desktop\\Wallpaper -> C:\Users\Tiff\AppData\Roaming\Microsoft\Windows\Themes
 
\TranscodedWallpaper.jpg
 
==================== MSCONFIG/TASK MANAGER disabled items ==
 
(Currently there is no automatic fix for this section.)
 
MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Bluetooth.lnk => C:\Windows\pss\Bluetooth.lnk.CommonStartup
MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk => C:\Windows\pss\HP Digital 
 
Imaging Monitor.lnk.CommonStartup
MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^VPN Client.lnk => C:\Windows\pss\VPN Client.lnk.CommonStartup
MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^WDDMStatus.lnk => C:\Windows\pss\WDDMStatus.lnk.CommonStartup
MSCONFIG\startupreg: APSDaemon => "C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe"
MSCONFIG\startupreg: ctfmon.exe => C:\WINDOWS\system32\ctfmon.exe
MSCONFIG\startupreg: Google Update => "C:\Users\Josh\AppData\Local\Google\Update\GoogleUpdate.exe" /c
MSCONFIG\startupreg: GrooveMonitor => "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
MSCONFIG\startupreg: iTunesHelper => "C:\Program Files\iTunes\iTunesHelper.exe"
MSCONFIG\startupreg: JumiController => C:\Program Files\Jumi\jumi.exe
MSCONFIG\startupreg: nmctxth => "C:\Program Files\Common Files\Pure Networks Shared\Platform\nmctxth.exe"
MSCONFIG\startupreg: QuickTime Task => "C:\Program Files\QuickTime\QTTask.exe" -atboottime
MSCONFIG\startupreg: SunJavaUpdateSched => "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
MSCONFIG\startupreg: uTorrent => "C:\Program Files\uTorrent\uTorrent.exe"
 
==================== Accounts: =============================
 
Administrator (S-1-5-21-562459901-1482382580-3887097223-500 - Administrator - Disabled)
Guest (S-1-5-21-562459901-1482382580-3887097223-501 - Limited - Enabled)
HomeGroupUser$ (S-1-5-21-562459901-1482382580-3887097223-1002 - Limited - Enabled)
Josh (S-1-5-21-562459901-1482382580-3887097223-1000 - Administrator - Enabled) => C:\Users\Josh
Tiff (S-1-5-21-562459901-1482382580-3887097223-1004 - Administrator - Enabled) => C:\Users\Tiff
 
==================== Faulty Device Manager Devices =============
 
Name: Officejet 6500 E709n
Description: Officejet 6500 E709n
Class Guid: 
Manufacturer: 
Service: 
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.
 
Name: HP LaserJet M1522nf MFP
Description: HP LaserJet M1522nf MFP
Class Guid: {4d36e971-e325-11ce-bfc1-08002be10318}
Manufacturer: Hewlett-Packard
Service: 
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.
 
Name: Officejet J4680 series
Description: Officejet J4680 series
Class Guid: {4d36e971-e325-11ce-bfc1-08002be10318}
Manufacturer: HP
Service: 
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.
 
Name: Officejet 6500 E709n
Description: Officejet 6500 E709n
Class Guid: {4d36e971-e325-11ce-bfc1-08002be10318}
Manufacturer: HP
Service: 
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.
 
Name: Deskjet 6800
Description: Deskjet 6800
Class Guid: {4d36e971-e325-11ce-bfc1-08002be10318}
Manufacturer: HP
Service: 
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.
 
Name: Photosmart C6300 series
Description: Photosmart C6300 series
Class Guid: {4d36e971-e325-11ce-bfc1-08002be10318}
Manufacturer: HP
Service: 
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.
 
Name: Photosmart C6300 series
Description: Photosmart C6300 series
Class Guid: 
Manufacturer: 
Service: 
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.
 
Name: Photosmart C6300 series
Description: Photosmart C6300 series
Class Guid: 
Manufacturer: 
Service: 
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.
 
Name: Photosmart 6510 series
Description: Photosmart 6510 series
Class Guid: {4d36e971-e325-11ce-bfc1-08002be10318}
Manufacturer: HP
Service: 
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (01/31/2015 05:05:24 PM) (Source: VSS) (EventID: 8194) (User: )
Description: Volume Shadow Copy Service error: Unexpected error querying for the IVssWriterCallback interface.  hr = 0x80070005, Access is denied.
.
This is often caused by incorrect security settings in either the writer or requestor process.
 
 
Operation:
   Gathering Writer Data
 
Context:
   Writer Class Id: {e8132975-6f93-4464-a53e-1050253ae220}
   Writer Name: System Writer
   Writer Instance 
 
ID: {2fc80be3-7177-48ef-8ff3-74971b0cefb4}
 
Error: (01/31/2015 04:25:23 PM) (Source: ESENT) (EventID: 104) (User: )
Description: wuaueng.dll (872) SUS20ClientDataStore: The database engine stopped the instance (0) with error (-1022).
 
Error: (01/31/2015 04:25:01 PM) (Source: ESENT) (EventID: 439) (User: )
Description: wuaueng.dll (872) SUS20ClientDataStore: Unable to write a shadowed header for file C:\Windows\SoftwareDistribution\DataStore\Logs
 
\edb.chk. Error -1022.
 
Error: (01/31/2015 04:25:01 PM) (Source: ESENT) (EventID: 482) (User: )
Description: wuaueng.dll (872) SUS20ClientDataStore: An attempt to write to the file "C:\Windows\SoftwareDistribution\DataStore\Logs\edb.chk" at 
 
offset 0 (0x0000000000000000) for 4096 (0x00001000) bytes failed after wuaueng.dll0 seconds with system error 1117 (0x0000045d): "The request could 
 
not be performed because of an I/O device error. ".  The write operation will fail with error -1022 (0xfffffc02).  If this error persists then the 
 
file may be damaged and may need to be restored from a previous backup.
 
 
System errors:
=============
Error: (02/07/2015 10:39:01 AM) (Source: Microsoft-Windows-DNS-Client) (EventID: 1012) (User: NT AUTHORITY)
Description: There was an error while attempting to read the local hosts file.
 
Error: (02/07/2015 10:39:00 AM) (Source: Microsoft-Windows-DNS-Client) (EventID: 1012) (User: NT AUTHORITY)
Description: There was an error while attempting to read the local hosts file.
 
Error: (02/07/2015 10:38:59 AM) (Source: Microsoft-Windows-DNS-Client) (EventID: 1012) (User: NT AUTHORITY)
Description: There was an error while attempting to read the local hosts file.
 
Error: (02/07/2015 10:38:59 AM) (Source: Microsoft-Windows-DNS-Client) (EventID: 1012) (User: NT AUTHORITY)
Description: There was an error while attempting to read the local hosts file.
 
Error: (02/07/2015 10:38:59 AM) (Source: Microsoft-Windows-DNS-Client) (EventID: 1012) (User: NT AUTHORITY)
Description: There was an error while attempting to read the local hosts file.
 
Error: (02/07/2015 10:38:54 AM) (Source: Microsoft-Windows-DNS-Client) (EventID: 1012) (User: NT AUTHORITY)
Description: There was an error while attempting to read the local hosts file.
 
Error: (02/05/2015 07:59:41 PM) (Source: Microsoft-Windows-DNS-Client) (EventID: 1012) (User: NT AUTHORITY)
Description: There was an error while attempting to read the local hosts file.
 
Error: (02/05/2015 07:50:38 PM) (Source: Microsoft-Windows-DNS-Client) (EventID: 1012) (User: NT AUTHORITY)
Description: There was an error while attempting to read the local hosts file.
 
Error: (02/05/2015 07:50:37 PM) (Source: Microsoft-Windows-DNS-Client) (EventID: 1012) (User: NT AUTHORITY)
Description: There was an error while attempting to read the local hosts file.
 
Error: (02/05/2015 07:49:42 PM) (Source: Microsoft-Windows-DNS-Client) (EventID: 1012) (User: NT AUTHORITY)
Description: There was an error while attempting to read the local hosts file.
 
 
Microsoft Office Sessions:
=========================
Error: (04/01/2014 07:22:57 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 6, Application Name: Microsoft Office Outlook, Application Version: 12.0.6680.5000, Microsoft Office Version: 12.0.6612.1000. This 
 
session lasted 144 seconds with 0 seconds of active time.  This session ended with a crash.
 
Error: (01/22/2014 08:35:56 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6683.5002, Microsoft Office Version: 12.0.6612.1000. This 
 
session lasted 518273 seconds with 240 seconds of active time.  This session ended with a crash.
 
Error: (11/28/2013 09:20:20 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6683.5002, Microsoft Office Version: 12.0.6612.1000. This 
 
session lasted 21 seconds with 0 seconds of active time.  This session ended with a crash.
 
Error: (11/28/2013 09:19:35 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6683.5002, Microsoft Office Version: 12.0.6612.1000. This 
 
session lasted 492 seconds with 60 seconds of active time.  This session ended with a crash.
 
Error: (11/28/2013 09:12:20 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6683.5002, Microsoft Office Version: 12.0.6612.1000. This 
 
session lasted 57 seconds with 0 seconds of active time.  This session ended with a crash.
 
Error: (11/28/2013 09:07:30 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6683.5002, Microsoft Office Version: 12.0.6612.1000. This 
 
session lasted 24 seconds with 0 seconds of active time.  This session ended with a crash.
 
Error: (11/28/2013 09:05:58 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6683.5002, Microsoft Office Version: 12.0.6612.1000. This 
 
session lasted 42 seconds with 0 seconds of active time.  This session ended with a crash.
 
Error: (11/28/2013 09:05:37 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6683.5002, Microsoft Office Version: 12.0.6612.1000. This 
 
session lasted 21 seconds with 0 seconds of active time.  This session ended with a crash.
 
Error: (11/28/2013 08:54:54 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6683.5002, Microsoft Office Version: 12.0.6612.1000. This 
 
session lasted 36 seconds with 0 seconds of active time.  This session ended with a crash.
 
Error: (11/28/2013 08:53:16 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6683.5002, Microsoft Office Version: 12.0.6612.1000. This 
 
session lasted 21 seconds with 0 seconds of active time.  This session ended with a crash.
 
 
CodeIntegrity Errors:
===================================
  Date: 2013-11-29 09:12:47.225
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\winsxs\x86_microsoft-windows-tpm-
 
driver-wmi_31bf3856ad364e35_6.0.6000.16386_none_6d564c64c358b59e\Win32_Tpm.dll because the set of per-page image hashes could not be found on the 
 
system.
 
  Date: 2013-11-29 09:12:47.007
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\winsxs\x86_microsoft-windows-tpm-
 
driver-wmi_31bf3856ad364e35_6.0.6000.16386_none_6d564c64c358b59e\Win32_Tpm.dll because the set of per-page image hashes could not be found on the 
 
system.
 
  Date: 2013-11-29 09:12:46.804
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\winsxs\x86_microsoft-windows-tpm-
 
driver-wmi_31bf3856ad364e35_6.0.6000.16386_none_6d564c64c358b59e\Win32_Tpm.dll because the set of per-page image hashes could not be found on the 
 
system.
 
  Date: 2013-11-29 09:12:43.731
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\winsxs\x86_microsoft-windows-
 
securestartup-core_31bf3856ad364e35_6.0.6000.16386_none_32a3e3ecf533e7fe\fveapi.dll because the set of per-page image hashes could not be found on 
 
the system.
 
  Date: 2013-11-29 09:12:43.528
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\winsxs\x86_microsoft-windows-
 
securestartup-core_31bf3856ad364e35_6.0.6000.16386_none_32a3e3ecf533e7fe\fveapi.dll because the set of per-page image hashes could not be found on 
 
the system.
 
  Date: 2013-11-29 09:12:43.309
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\winsxs\x86_microsoft-windows-
 
securestartup-core_31bf3856ad364e35_6.0.6000.16386_none_32a3e3ecf533e7fe\fveapi.dll because the set of per-page image hashes could not be found on 
 
the system.
 
  Date: 2013-11-29 09:12:21.813
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\winsxs\x86_microsoft-windows-
 
bcrypt-dll_31bf3856ad364e35_6.0.6000.16386_none_ec55d170f27a97bb\bcrypt.dll because the set of per-page image hashes could not be found on the 
 
system.
 
  Date: 2013-11-29 09:12:21.625
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\winsxs\x86_microsoft-windows-
 
bcrypt-dll_31bf3856ad364e35_6.0.6000.16386_none_ec55d170f27a97bb\bcrypt.dll because the set of per-page image hashes could not be found on the 
 
system.
 
  Date: 2013-11-29 09:12:21.407
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\winsxs\x86_microsoft-windows-
 
bcrypt-dll_31bf3856ad364e35_6.0.6000.16386_none_ec55d170f27a97bb\bcrypt.dll because the set of per-page image hashes could not be found on the 
 
system.
 
  Date: 2013-11-29 09:11:54.435
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\winsxs\Backup\x86_microsoft-
 
windows-bcrypt-dll_31bf3856ad364e35_6.0.6000.16386_none_ec55d170f27a97bb_bcrypt.dll_e2f091ac because the set of per-page image hashes could not be 
 
found on the system.
 
 
==================== Memory info =========================== 
 
Processor: Intel® Core™2 Duo CPU T7250 @ 2.00GHz
Percentage of memory in use: 43%
Total physical RAM: 3070.06 MB
Available physical RAM: 1743 MB
Total Pagefile: 6138.41 MB
Available Pagefile: 4228.64 MB
Total Virtual: 2047.88 MB
Available Virtual: 1917.73 MB
 
==================== Drives ================================
 
Drive c: (OS) (Fixed) (Total:173.71 GB) (Free:10.89 GB) NTFS ==>[Drive with boot components (obtained from BCD)]
Drive d: (RECOVERY) (Fixed) (Total:10 GB) (Free:3.29 GB) NTFS
Drive e: (MONSTERS_UNIVERSITY) (CDROM) (Total:7.94 GB) (Free:0 GB) UDF
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 186.3 GB) (Disk ID: D0000000)
Partition 1: (Not Active) - (Size=102 MB) - (Type=DE)
Partition 2: (Not Active) - (Size=10 GB) - (Type=07 NTFS)
Partition 3: (Active) - (Size=173.7 GB) - (Type=07 NTFS)
Partition 4: (Not Active) - (Size=2.5 GB) - (Type=OF Extended)
 
==================== End Of Log ============================


BC AdBot (Login to Remove)

 


m

#2 nasdaq

nasdaq

  • Malware Response Team
  • 38,262 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:11:37 AM

Posted 11 February 2015 - 09:31 AM

Hello, Welcome to BleepingComputer.
I'm nasdaq and will be helping you.

If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps in the order listed.
===

Run this tool to clean your Temporary files/Folders.

Download TFC to your desktop
  • Close any open windows.
  • Double click the TFC icon to run the program.
  • TFC will close all open programs itself in order to run.
  • Click the Start button to begin the process.
  • Allow TFC to run uninterrupted, it should not take long to finish.
  • Once it's finished, click OK to reboot.
  • If it does not reboot, reboot your system manually.
===

Open notepad (Start =>All Programs => Accessories => Notepad). Please copy the entire contents of the code box below.


start

CloseProcesses:

(Company) C:\Program Files\Popcorn Time\Updater.exe
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
HKU\S-1-5-21-562459901-1482382580-3887097223-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
ShellExecuteHooks:  - {AEB6717E-7E19-11d0-97EE-00C04FD91972} -  No File [ ]
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin HKU\S-1-5-21-562459901-1482382580-3887097223-1000: CouponNetwork.com/CMDUniversalCouponPrintActivator -> C:\Users\Josh\AppData\Roaming
\CATALI~1\NPBCSK~1.DLL (Catalina Marketing Corporation)
FF Extension: 50Ceouponss - C:\Users\Josh\AppData\Roaming\Mozilla\Firefox\Profiles\ds7b9x07.default\Extensions\6@v.co.uk [2015-01-14]
FF Extension: boomcheap - C:\Users\Josh\AppData\Roaming\Mozilla\Firefox\Profiles\ds7b9x07.default\Extensions\9FWgpYbIf@q.edu [2015-01-14]
FF Extension: BiiTSaever - C:\Users\Josh\AppData\Roaming\Mozilla\Firefox\Profiles\ds7b9x07.default\Extensions\Wtb@w9XfgReC.net [2015-01-14]
CHR HKU\S-1-5-21-562459901-1482382580-3887097223-1000\...\Chrome\Extension: [lmjegmlicamnimmfhcmpkclmigmmcbeh] - No Path
R2 Update service; C:\Program Files\Popcorn Time\Updater.exe [179200 2014-09-21] (Company) [File not signed]
S2 22c5205d; "C:\Windows\system32\rundll32.exe" "c:\Program Files\VideoCnv\Zet.dll",serv
S3 EverestDriver; \??\C:\Program Files\Lavalys\EVEREST Home Edition\kerneld.wnt [X]
S3 VBoxNetFlt; system32\DRIVERS\VBoxNetFlt.sys [X]
S3 vpnva; system32\DRIVERS\vpnva.sys [X]
Task: {044A1146-2CEE-4160-90C0-2777524E865D} - System32\Tasks\4bc7f3e0 => C:\Users\Josh\AppData\Local\Temp\\setup757764480.exe <==== ATTENTION
Task: {18E459C6-F6CC-41A3-A173-941F901DB49C} - System32\Tasks\b4a7ca60 => C:\Users\Josh\AppData\Local\Temp\\setup2774079792.exe <==== ATTENTION
Task: {21AB76FE-8AD2-4DCE-8E45-CD04BFEBB3AA} - System32\Tasks\{D4FB16BA-0032-4CA6-9EC9-9AA039A322CE} => pcalua.exe -a "C:\Users\Josh\AppData\Local
 \Microsoft\Windows\Temporary Internet Files\Content.IE5\R0QH8V0A\Firefox%20Setup%203.5.5[1].exe" -d C:\Users\Josh\Desktop
Task: {2FD3FAA4-FCC2-490A-922D-1D9F5B589B5F} - System32\Tasks\c2fdb7a0 => C:\Users\Josh\AppData\Local\Temp\\setup2603691568.exe <==== ATTENTION
Task: {40E69768-2443-4E4E-964D-E8C843471D61} - System32\Tasks\ed7b1c80 => C:\Users\Josh\AppData\Local\Temp\\setup4099320224.exe <==== ATTENTION
Task: {71A65B78-41B4-4302-850C-768D10C90282} - System32\Tasks\b5f4b9b0 => C:\Users\Josh\AppData\Local\Temp\\setup2641813872.exe <==== ATTENTION
Task: {7399AA1B-95A7-4ED9-8C5A-44F29BB0FFC8} - System32\Tasks\a02592c0 => C:\Users\Josh\AppData\Local\Temp\\setup2173191280.exe <==== ATTENTION
Task: {9A10DE5F-18F8-43BF-9BED-3283126FBB4E} - System32\Tasks\4d63b6f0 => C:\Users\Josh\AppData\Local\Temp\\setup938839984.exe <==== ATTENTION
Task: {9D28E2E7-D526-418D-B4C6-5140D8CE1746} - System32\Tasks\{22116563-108C-42c0-A7CE-60161B75E508} => C:\Users\Josh\AppData\Local\Temp\Ovl.exe   <==== ATTENTION
Task: {A2F85635-D6D9-4A36-BB24-26DBB8F0198E} - System32\Tasks\b956d9e0 => C:\Users\Josh\AppData\Local\Temp\\setup2493126016.exe <==== ATTENTION
Task: {A4A405A0-3E2C-4488-AE76-F41CFE87768D} - System32\Tasks\fff6f990 => C:\Users\Josh\AppData\Local\Temp\\setup3832110144.exe <==== ATTENTION
C:\Program Files\Popcorn Time
C:\Users\Josh\AppData\Roaming\Mozilla\Firefox\Profiles\ds7b9x07.default\Extensions\Wtb@w9XfgReC.net
C:\Users\Josh\AppData\Roaming\Mozilla\Firefox\Profiles\ds7b9x07.default\Extensions\9FWgpYbIf@q.edu
C:\Users\Josh\AppData\Roaming\Mozilla\Firefox\Profiles\ds7b9x07.default\Extensions\6@v.co.uk
End
Save the files as fixlist.txt into the same folder as FRST

Run FRST and click Fix only once and wait.

Restart the computer normally to reset the registry.

The tool will create a log (Fixlog.txt) please post it to your reply.
===

Please download AdwCleaner by Xplode onto your Desktop.
  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click the Scan button and wait for the process to complete.
  • Click the Report button and the report will open in Notepad.
IMPORTANT
  • If you click the Clean button all items listed in the report will be removed.
If you find some false positive items or programs that you wish to keep, Close the AdwCleaner windows.
  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click the Scan button and wait for the process to complete.
  • Check off the element(s) you wish to keep.
  • Click on the Clean button follow the prompts.
  • A log file will automatically open after the scan has finished.
  • Please post the content of that log file with your next answer.
  • You can find the log file at C:\AdwCleaner[Sn].txt (n is a number).
===

How is the computer running now?

#3 nasdaq

nasdaq

  • Malware Response Team
  • 38,262 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:11:37 AM

Posted 16 February 2015 - 08:55 AM

Due to the lack of feedback, this topic is now closed.

In the event you still have problems, please send me or any Moderator a Private Message and ask them to reopen this topic within the next 5 days.

Please include a link to your topic in the Private Message. Thank you.

#4 nasdaq

nasdaq

  • Malware Response Team
  • 38,262 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:11:37 AM

Posted 16 February 2015 - 11:35 AM

This topic has been re-opened at the request of the person who originally posted.

#5 jxm1092

jxm1092
  • Topic Starter

  • Members
  • 26 posts
  • OFFLINE
  •  
  • Local time:11:37 AM

Posted 16 February 2015 - 05:19 PM

The computer seems to be running normally again. The ad windows are gone as well as the random ads in google search. Firefox and chrome are now running at normal usage sizes as well and not at 600k+. Thank you for the help.



#6 nasdaq

nasdaq

  • Malware Response Team
  • 38,262 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:11:37 AM

Posted 17 February 2015 - 09:25 AM

Good news.

One last scan.
Download Security Check by screen317 from here
  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.
p.s.
If the SecurityCheck program fails to run for any reason, run it as an Administrator.

If the site is busy or not available use this mirror site:
http://www.bleepingcomputer.com/download/securitycheck/


======

#7 nasdaq

nasdaq

  • Malware Response Team
  • 38,262 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:11:37 AM

Posted 21 February 2015 - 10:00 AM

Are you still with me?

#8 jxm1092

jxm1092
  • Topic Starter

  • Members
  • 26 posts
  • OFFLINE
  •  
  • Local time:11:37 AM

Posted 21 February 2015 - 02:15 PM

My apologies I was out of town for work and this is a secondary home computer. Although I reported that the issue seemed to be gone from Firefox, it appears to still be intruding on Chrome and Firefox still with random pop ups and randomly inserted ad words on things that would not be ads otherwise. Below is the posting of my security scan you requested in the previous post.

 

 Results of screen317's Security Check version 0.99.96  
 Windows 7arrow-10x10.png Service Pack 1 x86 (UAC is enabled)  
``````````````Antivirusarrow-10x10.png/Firewall Check:``````````````
 Windows Firewall Enabled!  
 WMI entry may not exist for antivirusarrow-10x10.png; attempting automatic update.
`````````Anti-malware/Other Utilities Check:`````````
 CCleaner     
 JavaFX 2.1.0    
 Java™ 6 Update 22  
 Java 7 Update 51  
 Java version 32-bit out of Date!
  Java 64-bit 8 Update 31
 Adobe Flash Player 16.0.0.305  
 Adobe Reader 10.1.8 Adobe Reader out of Date!
 Mozilla Firefox 34.0.5 Firefox out of Date!
 Google Chrome 38.0.2125.111 Google Chromearrow-10x10.png out of date!
````````Process Check: objlist.exe by Laurent````````
`````````````````System Health check`````````````````
 Total Fragmentation on Drive C: 2% 
````````````````````End of Log``````````````````````

Edited by jxm1092, 21 February 2015 - 02:40 PM.


#9 nasdaq

nasdaq

  • Malware Response Team
  • 38,262 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:11:37 AM

Posted 22 February 2015 - 08:37 AM

Using the Add/Remove programs applet delete these old versions of Java.

JavaFX 2.1.0
Java 6 Update 22
Java 7 Update 51

===

Get the latest version of the Adobe Reader.
http://get.adobe.com/reader/
Before your download I suggest you unckeck the box on the top right "Yes, install McAfee Security Scan Plus - optional" this is not required if you are not a McAfee subscriber. While the installation is in progress you can also deny the installation of any other programs that may be suggested.

When installed remove your old version of the Reader using the Add/Remove Programs applet if present.
<<<>>>

Reset the browsers that have been compromised.

Reset Chrome...
Open Google Chrome, click on menu icon google-chrome-setting-icon.png which is located right side top of the google chrome.
 
Click "Settings" then "Show advanced settings" at the bottom of the screen.
 
Click "Reset browser settings" button.
 
Restart Chrome.
====

Firefox:
Reset Default Browsing settings:
https://support.mozilla.org/en-US/kb/reset-firefox-easily-fix-problems?utm_expid=65912487-41.djHNRQY0RhaLvvtvcd0BQA.2&utm_referrer=https%3A%2F%2Fwww.google.ca%2F
===

Reset Internet Explorer:
Menu > Tools > Internet Options > Advanced Tab.
Click the Reset button on the bottom of the pane.
Click the Apply button.
Close IE.

===

How is it now?

#10 jxm1092

jxm1092
  • Topic Starter

  • Members
  • 26 posts
  • OFFLINE
  •  
  • Local time:11:37 AM

Posted 22 February 2015 - 01:57 PM

Everything seems back to normal now. I would like to monitor for a few days before confirming it is good since last time it appeared firefox was good and it really wasn't.



#11 nasdaq

nasdaq

  • Malware Response Team
  • 38,262 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:11:37 AM

Posted 23 February 2015 - 09:24 AM

If all is well.

To learn more about how to protect yourself while on the internet read this little guide Best security practices Keep safe.
http://www.bleepingcomputer.com/forums/t/407147/answers-to-common-security-questions-best-practices/

#12 nasdaq

nasdaq

  • Malware Response Team
  • 38,262 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:11:37 AM

Posted 01 March 2015 - 09:46 AM

It appears that this issue is resolved, therefore I am closing the topic. If that is not the case and you need or wish to continue with this topic, please send me or any Moderator a Personal Message (PM) that you would like this topic re-opened.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users