Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Pop ups & Ads in new tabs and new windows


  • This topic is locked This topic is locked
11 replies to this topic

#1 fastback

fastback

  • Members
  • 41 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:06:20 AM

Posted 06 April 2015 - 04:12 PM

I'm getting pop ups, redirects and ads which my open in home window or buy clicking on a link which then opens ads in another tab or a new window. Please help

here is my hijackthis log.

 

Windows Vista Home Premium 

Service Pack 2

Intel Core 2 Quad CPU Q660 @ 2.40GHz 2.39GHz

4.00 GB

32-bit Operating System

 

 

Logfile of Trend Micro HijackThis v2.0.5
Scan saved at 2:07:25 PM, on 4/6/2015
Platform: Windows Vista SP2 (WinNT 6.00.1906)
MSIE: Internet Explorer v9.00 (9.00.8112.16633)
 
FIREFOX: 37.0 (x86 en-US)
Boot mode: Normal
 
Running processes:
C:\Windows\system32\taskeng.exe
C:\Program Files\Common Files\McAfee\Platform\mcuicnt.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Raxco\PerfectDisk\PDAgentS1.exe
C:\TRENDnet\TEW-MFP1\Control Center.exe
M:\iTunes\iTunesHelper.exe
C:\Program Files\Intel\Intel Desktop Utilities\iptray.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\CyberLink\Power2Go9\CLMLSvc_P2G9.exe
C:\Program Files\CyberLink\Shared Files\brs.exe
C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Audials\Audials 10\AudialsNotifier.exe
C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
C:\ProgramData\FLEXnet\Connect\11\ISUSPM.exe
C:\Program Files\NVIDIA Corporation\Update Core\NvBackend.exe
C:\Program Files\CodeMeter\Runtime\bin\CodeMeterCC.exe
C:\Program Files\McAfee Security Scan\3.8.150\SSScheduler.exe
C:\Program Files\ArcSoft\TotalMedia Extreme 3\BackUp & Recorder\uBBMonitor.exe
C:\Program Files\ArcSoft\TotalMedia Extreme 3\Digital Theatre\TotalMedia Server\TM Server.exe
C:\Windows\System32\mobsync.exe
C:\Users\daustin\Downloads\HijackThis.exe
 
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = 
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: MSS+ Identifier - {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} - C:\Program Files\McAfee Security Scan\3.8.150\McAfeeMSS_IE.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: PlusIEEventHelper Class - {551A852F-39A6-44A7-9C13-AFBEC9185A9D} - C:\Program Files\Nuance\PDF Viewer Plus\Bin\PlusIEContextMenu.dll
O2 - BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.8.0_40\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: Adobe Acrobat Create PDF Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll
O2 - BHO: McAfee SiteAdvisor BHO - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O2 - BHO: Browser Address Error Redirector - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - c:\windows\system32\BAE.dll
O2 - BHO: ZeonIEEventHelper Class - {DA986D7D-CCAF-47B2-84FE-BFA1549BEBF9} - C:\Program Files\Nuance\PDFCreate\Bin\ZeonIEFavClient.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre1.8.0_40\bin\jp2ssv.dll
O2 - BHO: SmartSelect - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll
O3 - Toolbar: McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O3 - Toolbar: Adobe Acrobat Create PDF Toolbar - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll
O3 - Toolbar: DocuCom PDF - {E3286BF1-E654-42FF-B4A6-5E111731DF6B} - C:\Program Files\Nuance\PDFCreate\Bin\ZeonIEFavClient.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O4 - HKLM\..\Run: [TRENDnet UDS Control Center] C:\TRENDnet\TEW-MFP1\Control Center.exe -mini
O4 - HKLM\..\Run: [mcpltui_exe] "C:\Program Files\Common Files\McAfee\Platform\mcuicnt.exe" /platui /runkey
O4 - HKLM\..\Run: [iTunesHelper] "M:\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [AdobeAAMUpdater-1.0] "C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe"
O4 - HKLM\..\Run: [AdobeCS6ServiceManager] "C:\Program Files\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe" -launchedbylogin
O4 - HKLM\..\Run: [ipTray.exe] "C:\Program Files\Intel\Intel Desktop Utilities\ipTray.exe"
O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [CLVirtualDrive9] "C:\Program Files\CyberLink\Power2Go9\VirtualDrive9.exe" /R
O4 - HKLM\..\Run: [CLMLServer_For_P2G9] "C:\Program Files\CyberLink\Power2Go9\CLMLSvc_P2G9.exe"
O4 - HKLM\..\Run: [BDRegion] C:\Program Files\Cyberlink\Shared Files\brs.exe
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [IndexSearch] "C:\Program Files\Nuance\PaperPort\IndexSearch.exe"
O4 - HKLM\..\RunOnce: [Launcher] %WINDIR%\SMINST\launcher.exe
O4 - HKCU\..\Run: [LightScribe Control Panel] C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe -hidden
O4 - HKCU\..\Run: [E4AEAF793D20A0532DC72C6CD6A9AB90883AB3DD._service_run] "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=service
O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
O4 - HKCU\..\Run: [AudialsNotifier] C:\Program Files\Audials\Audials 10\AudialsNotifier.exe
O4 - HKCU\..\Run: [ISUSPM] C:\ProgramData\FLEXnet\Connect\11\isuspm.exe -scheduler
O4 - HKCU\..\RunOnce: [Adobe Speed Launcher] 1428351157
O4 - Global Startup: CodeMeter Control Center.lnk = C:\Program Files\CodeMeter\Runtime\bin\CodeMeterCC.exe
O4 - Global Startup: McAfee Security Scan Plus.lnk = C:\Program Files\McAfee Security Scan\3.8.150\SSScheduler.exe
O4 - Global Startup: TotalMedia BackUp & Recorder Monitor.lnk = C:\Program Files\ArcSoft\TotalMedia Extreme 3\BackUp & Recorder\uBBMonitor.exe
O4 - Global Startup: TotalMedia Server.lnk = C:\Program Files\ArcSoft\TotalMedia Extreme 3\Digital Theatre\TotalMedia Server\TM Server.exe
O8 - Extra context menu item: Append Link Target to Existing PDF - res://C:\Program Files\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Append to Existing PDF - res://C:\Program Files\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert Link Target to Adobe PDF - res://C:\Program Files\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.8.0_40\bin\jp2iexp.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.8.0_40\bin\jp2iexp.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O16 - DPF: {CF84DAC5-A4F5-419E-A0BA-C01FFD71112F} (SysInfo Class) - http://content.systemrequirementslab.com/bin/srldetect_intel_4.5.24.0.cab
O18 - Protocol: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O18 - Protocol: intu-help-qb6 - {6898B29B-BF49-43CB-A0B1-D0B9496AF491} - C:\Program Files\Intuit\QuickBooks 2013\HelpAsyncPluggableProtocol.dll
O18 - Protocol: qbwc - {FC598A64-626C-4447-85B8-53150405FD57} - mscoree.dll (file missing)
O18 - Protocol: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O18 - Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\PROGRA~1\mcafee\msc\mcsniepl.dll
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~1\GoogleDesktopNetwork3.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\Windows\system32\browseui.dll
O23 - Service: McAfee Application Installer Cleanup (0198371428337110) (0198371428337110mcinstcleanup) - McAfee, Inc. - C:\Windows\TEMP\019837~1.EXE
O23 - Service: ArcSoft Exchange Service (ADExchange) - ArcSoft Inc. - C:\Program Files\Common Files\ArcSoft\esinter\Bin\eservutil.exe
O23 - Service: Intel® Alert Service (AlertService) - Intel® Corporation - C:\Program Files\Intel\IntelDH\CCU\AlertService.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: CodeMeter Runtime Server (CodeMeter.exe) - WIBU-SYSTEMS AG - C:\Program Files\CodeMeter\Runtime\bin\CodeMeter.exe
O23 - Service: DQLWinService - Unknown owner - C:\Program Files\Common Files\Intel\IntelDH\NMS\AdpPlugins\DQLWinService.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: McAfee Home Network (HomeNetSvc) - McAfee, Inc. - C:\Program Files\Common Files\Mcafee\Platform\McSvcHost\McSvHost.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: Intel® Desktop Utilities Service (IduService) - Intel® Corporation - C:\Program Files\Intel\Intel Desktop Utilities\iduServ.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: McAfee SiteAdvisor Service - McAfee, Inc. - C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
O23 - Service: McAfee AP Service (McAPExe) - McAfee, Inc. - C:\Program Files\McAfee\MSC\McAPExe.exe
O23 - Service: McAfee Security Scan Component Host Service (McComponentHostService) - McAfee, Inc. - C:\Program Files\McAfee Security Scan\3.8.150\McCHSvc.exe
O23 - Service: McAfee Personal Firewall Service (McMPFSvc) - McAfee, Inc. - C:\Program Files\Common Files\Mcafee\Platform\McSvcHost\McSvHost.exe
O23 - Service: McAfee VirusScan Announcer (McNaiAnn) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan\mcods.exe
O23 - Service: McAfee Platform Services (mcpltsvc) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe
O23 - Service: McAfee Anti-Malware Core (mfecore) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\AMCore\mcshield.exe
O23 - Service: McAfee Firewall Core Service (mfefire) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe
O23 - Service: McAfee Validation Trust Protection Service (mfevtp) - McAfee, Inc. - C:\Windows\system32\mfevtps.exe
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: Nalpeiron Licensing Service (nlsX86cc) - Nalpeiron Ltd. - C:\Windows\system32\nlssrv32.exe
O23 - Service: NVIDIA Network Service (NvNetworkService) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\NetService\NvNetworkService.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe
O23 - Service: PC Tools Startup and Shutdown Monitor service (PCToolsSSDMonitorSvc) - Unknown owner - C:\Program Files\Common Files\PC Tools\sMonitor\StartManSvc.exe
O23 - Service: PDAgent - Raxco Software, Inc. - C:\Program Files\Raxco\PerfectDisk\PDAgent.exe
O23 - Service: PDEngine - Raxco Software, Inc. - C:\Program Files\Common Files\Raxco\Shared\PDEngine.exe
O23 - Service: PDFProFiltSrvPP - Nuance Communications, Inc. - C:\Program Files\Nuance\PaperPort\PDFProFiltSrvPP.exe
O23 - Service: Intel® Remoting Service (Remote UI Service) - Intel® Corporation - C:\Program Files\Intel\IntelDH\Intel Media Server\Shells\Remote UI Service.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
O23 - Service: SwitchBoard - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe
 
--
End of file - 13888 bytes

Edited by fastback, 06 April 2015 - 04:16 PM.


BC AdBot (Login to Remove)

 


#2 fireman4it

fireman4it

    Bleepin' Fireman


  • Malware Response Team
  • 13,505 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Greenup, Ill USA
  • Local time:08:20 AM

Posted 06 April 2015 - 07:19 PM

Hello 

fastback

,

  • Welcome to Bleeping Computer.
  • My name is fireman4it and I will be helping you with your Malware problem.

    Please take note of some guidelines for this fix:
  • Refrain from making any changes to your computer including installing/uninstall programs, deleting files, modifying the registry, and running scanners or tools.
      
  • If you do not understand any step(s) provided, please do not hesitate to ask before continuing.
      
  • Even if things appear to be better, it might not mean we are finished. Please continue to follow my instructions and reply back until I give you the "all clean".
  • In the upper right hand corner of the topic you will see a button called Follow This Topic.I suggest you click it and select Immediate E-Mail notification and click on Follow This Topic. This way you will be advised when we respond to your topic and facilitate the cleaning of your machine.

      
  • Finally, please reply using the Post  button in the lower right hand corner of your screen. Do not start a new topic. The logs that you post should be pasted directly into the reply, unless they do not fit into the post.
  •   I will be analyzing your log. I will get back to you with instructions.

 

 

1.

Please download AdwCleaner by Xplode and save to your Desktop.

  • Double click on AdwCleaner.exe to run the tool .
  • Click on the Scan button.
  • AdwCleaner will begin to scan your computer.
  • After the scan has finished...
  • Click on the Clean button.
  • Press OK when asked to close all programs and follow the onscreen prompts.
  • Press OK again to allow AdwCleaner to restart the computer and complete the removal process.
  • After rebooting, a logfile report (AdwCleaner[S#].txt) will open automatically (where the largest value of # represents the most recent report).
  • Copy and paste the contents of that logfile in your next reply.
  • A copy of that logfile will also be saved in the C:\AdwCleaner folder.

 

2.

Please download Farbar Recovery Scan Tool and save it to your Desktop.

Note: You need to run the version compatible with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.

  • Right click to run as administrator (XP users click run after receipt of Windows Security Warning - Open File). When the tool opens click Yes to disclaimer.
  • Press Scan button.
  • It will produce a log called FRST.txt in the same directory the tool is run from.
  • Please copy and paste log back here.
  • The first time the tool is run it generates another log (Addition.txt - also located in the same directory as FRST.exe/FRST64.exe). Please also paste that along with the FRST.txt into your reply.


" Extinguishing Malware from the world"

The Virus, Trojan, Spyware, and Malware Removal forum is very busy. If I'm helping you and I've not posted back within 24 hrs., send a PM with your topic link. Thank you.

ALL OTHER HELP REQUESTS VIA THE PM SYSTEM WILL BE IGNORED. The Forums are there for a reason!
Thanks-


  userbar_eis_500.gif

If I have helped you, consider making a donation to help me continue the fight against Malware! Just click btn_donate_LG.gif


#3 fastback

fastback
  • Topic Starter

  • Members
  • 41 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:06:20 AM

Posted 06 April 2015 - 08:29 PM

Just to let you know, I ran AdwCleaner and FRST a couple of days ago so there is not an addition.txt file this time.

Here are the reports for todays scan.

 

 

 

# AdwCleaner v4.200 - Logfile created 06/04/2015 at 17:39:33
# Updated 29/03/2015 by Xplode
# Database : 2015-04-06.3 [Server]
# Operating system : Windows Vista ™ Home Premium Service Pack 2 (x86)
# Username : daustin - MAIN_ADMIN-PC
# Running from : C:\Users\daustin\Downloads\adwcleaner_4.200.exe
# Option : Cleaning
 
***** [ Services ] *****
 
[#] Service Deleted : 0198371428337110mcinstcleanup
 
***** [ Files / Folders ] *****
 
Folder Deleted : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\registry mechanic
Folder Deleted : C:\Program Files\registry mechanic
File Deleted : C:\Users\daustin\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.reimageplus.com_0.localstorage
File Deleted : C:\Users\daustin\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.reimageplus.com_0.localstorage-journal
 
***** [ Scheduled tasks ] *****
 
 
***** [ Shortcuts ] *****
 
 
***** [ Registry ] *****
 
 
***** [ Web browsers ] *****
 
-\\ Internet Explorer v9.0.8112.16633
 
 
-\\ Mozilla Firefox v37.0 (x86 en-US)
 
 
-\\ Google Chrome v41.0.2272.118
 
[C:\Users\daustin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences] - Deleted [Default_Search_Provider_Data] : 
 
*************************
 
AdwCleaner[R0].txt - [25239 bytes] - [31/03/2015 15:34:08]
AdwCleaner[R1].txt - [14871 bytes] - [06/04/2015 17:30:26]
AdwCleaner[S0].txt - [9188 bytes] - [31/03/2015 15:40:09]
AdwCleaner[S1].txt - [1459 bytes] - [06/04/2015 17:39:33]
 
########## EOF - C:\AdwCleaner\AdwCleaner[S1].txt - [1518  bytes] ##########
 
 
 
 
Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 11-03-2015
Ran by daustin (administrator) on MAIN_ADMIN-PC on 06-04-2015 18:02:36
Running from C:\Users\daustin\Downloads
Loaded Profiles: daustin (Available profiles: IUSR_NMPR & main_admin & daustin)
Platform: Microsoft® Windows Vista™ Home Premium  Service Pack 2 (X86) OS Language: English (United States)
Internet Explorer Version 9 (Default browser: IE)
Boot Mode: Normal
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(NVIDIA Corporation) C:\WINDOWS\System32\nvvsvc.exe
(Microsoft Corporation) C:\WINDOWS\System32\SLsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\WINDOWS\System32\nvvsvc.exe
(ArcSoft Inc.) C:\Program Files\Common Files\ArcSoft\esinter\Bin\eservutil.exe
(Intel® Corporation) C:\Program Files\Intel\IntelDH\CCU\AlertService.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
() C:\Program Files\Common Files\Intel\IntelDH\NMS\AdpPlugins\DQLWinService.exe
(Intel® Corporation) C:\Program Files\Intel\Intel Desktop Utilities\iduServ.exe
(Hewlett-Packard Company) C:\Program Files\Common Files\LightScribe\LSSrvc.exe
(McAfee, Inc.) C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
(McAfee, Inc.) C:\WINDOWS\System32\mfevtps.exe
(Nalpeiron Ltd.) C:\WINDOWS\System32\nlssrv32.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NetService\NvNetworkService.exe
(PC Tools) C:\Program Files\Common Files\PC Tools\sMonitor\StartManSvc.exe
(Raxco Software, Inc.) C:\Program Files\Common Files\Raxco\Shared\PDEngine.exe
(Nuance Communications, Inc.) C:\Program Files\Nuance\PaperPort\PDFProFiltSrvPP.exe
() C:\Program Files\CyberLink\Shared Files\RichVideo.exe
(Microsoft Corporation) C:\WINDOWS\System32\rundll32.exe
(Conexant Systems, Inc.) C:\WINDOWS\System32\drivers\XAudio.exe
(WIBU-SYSTEMS AG) C:\Program Files\CodeMeter\Runtime\bin\CodeMeter.exe
(McAfee, Inc.) C:\Program Files\McAfee\MSC\McAPExe.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\AMCore\mcshield.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe
(Raxco Software, Inc.) C:\Program Files\Raxco\PerfectDisk\PDAgent.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe
(Raxco Software, Inc.) C:\Program Files\Raxco\PerfectDisk\PDAgentS1.exe
() C:\TRENDnet\TEW-MFP1\Control Center.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\Platform\McUICnt.exe
(Apple Inc.) M:\iTunes\iTunesHelper.exe
(Intel® Corporation) C:\Program Files\Intel\Intel Desktop Utilities\iptray.exe
(Cyberlink Corp.) C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
(CyberLink) C:\Program Files\CyberLink\Power2Go9\CLMLSvc_P2G9.exe
(cyberlink) C:\Program Files\CyberLink\Shared Files\brs.exe
(Hewlett-Packard Company) C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
() C:\Program Files\Audials\Audials 10\AudialsNotifier.exe
(Flexera Software, Inc.) C:\ProgramData\FLEXnet\Connect\11\ISUSPM.exe
(WIBU-SYSTEMS AG) C:\Program Files\CodeMeter\Runtime\bin\CodeMeterCC.exe
(McAfee, Inc.) C:\Program Files\McAfee Security Scan\3.8.150\SSScheduler.exe
(ArcSoft, Inc.) C:\Program Files\ArcSoft\TotalMedia Extreme 3\BackUp & Recorder\uBBMonitor.exe
(ArcSoft Inc.) C:\Program Files\ArcSoft\TotalMedia Extreme 3\Digital Theatre\TotalMedia Server\TM Server.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Update Core\NvBackend.exe
(Microsoft Corporation) C:\WINDOWS\System32\mobsync.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
 
 
==================== Registry (Whitelisted) ==================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [TRENDnet UDS Control Center] => C:\TRENDnet\TEW-MFP1\Control Center.exe [4407296 2011-10-06] ()
HKLM\...\Run: [mcpltui_exe] => C:\Program Files\Common Files\McAfee\Platform\mcuicnt.exe [499352 2014-09-17] (McAfee, Inc.)
HKLM\...\Run: [iTunesHelper] => M:\iTunes\iTunesHelper.exe [152392 2014-09-01] (Apple Inc.)
HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [444904 2012-09-20] (Adobe Systems Incorporated)
HKLM\...\Run: [AdobeCS6ServiceManager] => C:\Program Files\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe [1073312 2012-03-09] (Adobe Systems Incorporated)
HKLM\...\Run: [ipTray.exe] => C:\Program Files\Intel\Intel Desktop Utilities\ipTray.exe [1649152 2009-01-22] (Intel® Corporation)
HKLM\...\Run: [RemoteControl] => C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe [87336 2008-07-21] (Cyberlink Corp.)
HKLM\...\Run: [CLVirtualDrive9] => C:\Program Files\CyberLink\Power2Go9\VirtualDrive9.exe [979208 2013-08-15] (CyberLink Corp.)
HKLM\...\Run: [CLMLServer_For_P2G9] => C:\Program Files\CyberLink\Power2Go9\CLMLSvc_P2G9.exe [110344 2013-08-15] (CyberLink)
HKLM\...\Run: [BDRegion] => C:\Program Files\Cyberlink\Shared Files\brs.exe [75048 2008-10-06] (cyberlink)
HKLM\...\Run: [Adobe ARM] => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1021128 2014-12-02] (Adobe Systems Incorporated)
HKLM\...\Run: [IndexSearch] => C:\Program Files\Nuance\PaperPort\IndexSearch.exe [46952 2011-08-13] (Nuance Communications, Inc.)
HKLM\...\RunOnce: [Launcher] => C:\Windows\SMINST\launcher.exe [40072 2007-07-03] (soft thinks)
HKLM\...\Policies\Explorer: [NoFolderOptions] 0
HKLM\...\Policies\Explorer: [NoControlPanel] 0
HKU\S-1-5-21-908084168-186713400-116910121-1003\...\Run: [LightScribe Control Panel] => C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe [2736128 2013-01-16] (Hewlett-Packard Company)
HKU\S-1-5-21-908084168-186713400-116910121-1003\...\Run: [E4AEAF793D20A0532DC72C6CD6A9AB90883AB3DD._service_run] => C:\Program Files\Google\Chrome\Application\chrome.exe [809288 2015-03-30] (Google Inc.)
HKU\S-1-5-21-908084168-186713400-116910121-1003\...\Run: [swg] => C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [39408 2014-07-20] (Google Inc.)
HKU\S-1-5-21-908084168-186713400-116910121-1003\...\Run: [AudialsNotifier] => C:\Program Files\Audials\Audials 10\AudialsNotifier.exe [529160 2013-10-07] ()
HKU\S-1-5-21-908084168-186713400-116910121-1003\...\Run: [ISUSPM] => C:\ProgramData\FLEXnet\Connect\11\isuspm.exe [324976 2010-05-21] (Flexera Software, Inc.)
HKU\S-1-5-21-908084168-186713400-116910121-1003\...\RunOnce: [Adobe Speed Launcher] => 1428368402
HKU\S-1-5-21-908084168-186713400-116910121-1003\...\Policies\Explorer: [CDRAutoRun] 0
HKU\S-1-5-21-908084168-186713400-116910121-1003\...\Policies\Explorer: [NoFolderOptions] 0
HKU\S-1-5-21-908084168-186713400-116910121-1003\...\Policies\Explorer: [NoControlPanel] 0
AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~1\GoogleDesktopNetwork3.dll => C:\Program Files\Google\Google Desktop Search\GoogleDesktopNetwork3.dll [172544 2014-07-20] (Google)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\CodeMeter Control Center.lnk
ShortcutTarget: CodeMeter Control Center.lnk -> C:\Program Files\CodeMeter\Runtime\bin\CodeMeterCC.exe (WIBU-SYSTEMS AG)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk
ShortcutTarget: McAfee Security Scan Plus.lnk -> C:\Program Files\McAfee Security Scan\3.8.150\SSScheduler.exe (McAfee, Inc.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\TotalMedia BackUp & Recorder Monitor.lnk
ShortcutTarget: TotalMedia BackUp & Recorder Monitor.lnk -> C:\Program Files\ArcSoft\TotalMedia Extreme 3\BackUp & Recorder\uBBMonitor.exe (ArcSoft, Inc.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\TotalMedia Server.lnk
ShortcutTarget: TotalMedia Server.lnk -> C:\Program Files\ArcSoft\TotalMedia Extreme 3\Digital Theatre\TotalMedia Server\TM Server.exe (ArcSoft Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt1"] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\daustin\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt2"] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\daustin\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt3"] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\daustin\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt4"] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\daustin\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt5"] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\daustin\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt6"] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\daustin\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt7"] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\daustin\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt8"] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\daustin\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll (Dropbox, Inc.)
BootExecute: PDBoot.exeautocheck autochk * 
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\S-1-5-21-908084168-186713400-116910121-1003\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Default_page_URL = http://www.gateway.com/g/startpage.html?Ch=Retail&SubCH=nofound&Br=GTW&Loc=ENG_US&Sys=DTP&M=
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\S-1-5-21-908084168-186713400-116910121-1003\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\S-1-5-21-908084168-186713400-116910121-1003\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-21-908084168-186713400-116910121-1003 -> {A23F1E74-EB5D-4FAB-A322-C16DD45D9D60} URL = https://search.yahoo.com/search?fr=mcafee&type=B011US679D20140723&p={searchTerms}
BHO: Adobe PDF Reader Link Helper -> {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} -> C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll [2012-09-23] (Adobe Systems Incorporated)
BHO: MSS+ Identifier -> {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} -> C:\Program Files\McAfee Security Scan\3.8.150\McAfeeMSS_IE.dll [2014-04-09] (McAfee, Inc.)
BHO: Spybot-S&D IE Protection -> {53707962-6F74-2D53-2644-206D7942484F} -> C:\Program Files\Spybot - Search & Destroy\SDHelper.dll [2009-01-26] (Safer Networking Limited)
BHO: PlusIEEventHelper Class -> {551A852F-39A6-44A7-9C13-AFBEC9185A9D} -> C:\Program Files\Nuance\PDF Viewer Plus\Bin\PlusIEContextMenu.dll [2011-06-30] (Zeon Corporation)
BHO: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_40\bin\ssv.dll [2015-03-16] (Oracle Corporation)
BHO: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll [2015-03-02] (Google Inc.)
BHO: Adobe Acrobat Create PDF Helper -> {AE7CD045-E861-484f-8273-0445EE161910} -> C:\Program Files\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll [2013-12-20] (Adobe Systems Incorporated)
BHO: McAfee SiteAdvisor BHO -> {B164E929-A1B6-4A06-B104-2CD0E90A88FF} -> c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll [2015-01-28] (McAfee, Inc.)
BHO: CBrowserHelperObject Object -> {CA6319C0-31B7-401E-A518-A07C3DB8F777} -> c:\windows\system32\BAE.dll [2006-02-01] (Gateway Inc.)
BHO: ZeonIEEventHelper Class -> {DA986D7D-CCAF-47B2-84FE-BFA1549BEBF9} -> C:\Program Files\Nuance\PDFCreate\Bin\ZeonIEFavClient.dll [2011-03-26] (Zeon Corporation)
BHO: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_40\bin\jp2ssv.dll [2015-03-16] (Oracle Corporation)
BHO: Adobe Acrobat Create PDF from Selection -> {F4971EE7-DAA0-4053-9964-665D8EE6A077} -> C:\Program Files\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll [2013-12-20] (Adobe Systems Incorporated)
Toolbar: HKLM - McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll [2015-01-28] (McAfee, Inc.)
Toolbar: HKLM - Adobe Acrobat Create PDF Toolbar - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll [2013-12-20] (Adobe Systems Incorporated)
Toolbar: HKLM - DocuCom PDF - {E3286BF1-E654-42FF-B4A6-5E111731DF6B} - C:\Program Files\Nuance\PDFCreate\Bin\ZeonIEFavClient.dll [2011-03-26] (Zeon Corporation)
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll [2015-03-02] (Google Inc.)
Toolbar: HKU\S-1-5-21-908084168-186713400-116910121-1003 -> Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll [2015-03-02] (Google Inc.)
Toolbar: HKU\S-1-5-21-908084168-186713400-116910121-1003 -> Adobe Acrobat Create PDF Toolbar - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll [2013-12-20] (Adobe Systems Incorporated)
Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll [2015-01-28] (McAfee, Inc.)
Handler: intu-help-qb6 - {6898B29B-BF49-43cb-A0B1-D0B9496AF491} - C:\Program Files\Intuit\QuickBooks 2013\HelpAsyncPluggableProtocol.dll [2012-08-18] (Intuit, Inc.)
Handler: ms-itss - {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\msitss.dll [2001-06-20] (Microsoft Corporation)
Handler: qbwc - {FC598A64-626C-4447-85B8-53150405FD57} - C:\Windows\system32\mscoree.dll [2009-11-08] (Microsoft Corporation)
Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll [2015-01-28] (McAfee, Inc.)
Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files\McAfee\MSC\McSnIePl.dll [2015-01-13] (McAfee, Inc.)
Winsock: Catalog5 07 C:\Program Files\Bonjour\mdnsNSP.dll [121704] (Apple Inc.)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.254
 
FireFox:
========
FF ProfilePath: C:\Users\daustin\AppData\Roaming\Mozilla\Firefox\Profiles\cdp5vt5x.default-1423630399631
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF32_17_0_0_134.dll [2015-03-16] ()
FF Plugin: @Apple.com/iTunes,version=1.0 -> M:\iTunes\Mozilla Plugins\npitunes.dll [2014-05-06] ()
FF Plugin: @divx.com/DivX VOD Helper,version=1.0.0 -> C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll [2014-05-22] (DivX, LLC.)
FF Plugin: @divx.com/DivX Web Player Plug-In,version=1.0.0 -> C:\Program Files\DivX\DivX Web Player\npdivx32.dll [2014-07-16] (DivX, LLC)
FF Plugin: @Google.com/GoogleEarthPlugin -> C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll [2013-09-05] (Google)
FF Plugin: @java.com/DTPlugin,version=11.40.2 -> C:\Program Files\Java\jre1.8.0_40\bin\dtplugin\npDeployJava1.dll [2015-03-16] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.40.2 -> C:\Program Files\Java\jre1.8.0_40\bin\plugin2\npjp2.dll [2015-03-16] (Oracle Corporation)
FF Plugin: @mcafee.com/MSC,version=10 -> c:\PROGRA~1\mcafee\msc\NPMCSN~1.DLL [2015-01-13] ()
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll [2014-05-13] ( Microsoft Corporation)
FF Plugin: @microsoft.com/WPF,version=3.5 -> C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll [2008-07-29] (Microsoft Corporation)
FF Plugin: @Nero.com/KM -> C:\PROGRA~1\COMMON~1\Nero\BROWSE~1\NPBROW~1.DLL [2014-08-29] (Nero AG)
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-02-05] (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-02-05] (Google Inc.)
FF Plugin: Adobe Acrobat -> C:\Program Files\Adobe\Acrobat 11.0\Acrobat\Air\nppdf32.dll [2013-12-20] (Adobe Systems Inc.)
FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2014-12-02] (Adobe Systems Inc.)
FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect32.dll [2012-09-20] (Adobe Systems)
FF Plugin: ZEON/PDF,version=2.0 -> C:\Program Files\Nuance\PDF Viewer Plus\bin\nppdf.dll [2011-02-16] (Zeon Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nppdf32.dll [2014-12-02] (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin.dll [2014-11-07] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin2.dll [2014-11-07] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin3.dll [2014-11-07] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin4.dll [2014-11-07] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin5.dll [2014-11-07] (Apple Inc.)
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\McSiteAdvisor.xml [2015-02-28]
FF Extension: Express Find - C:\Users\daustin\AppData\Roaming\Mozilla\Firefox\Profiles\6hksbfbg.default\Extensions\{c1c2292b-1e63-4789-80ef-a6c78d8308b6}.xpi [2015-03-30]
FF Extension: Flash Video Downloader - YouTube Full HD Download - C:\Users\daustin\AppData\Roaming\Mozilla\Firefox\Profiles\hffbepkt.daustin\Extensions\artur.dubovoy@gmail.com [2014-07-30]
FF Extension: Universal Downloader - C:\Users\daustin\AppData\Roaming\Mozilla\Firefox\Profiles\hffbepkt.daustin\Extensions\{9051303c-7e41-4311-a783-d6fe5ef2832d} [2014-07-23]
FF Extension: FlashGot - C:\Users\daustin\AppData\Roaming\Mozilla\Firefox\Profiles\hffbepkt.daustin\Extensions\{19503e42-ca3c-4c27-b1e2-9cdb2170ee34}.xpi [2014-07-23]
FF Extension: Express Find - C:\Users\daustin\AppData\Roaming\Mozilla\Firefox\Profiles\hffbepkt.daustin\Extensions\{c1c2292b-1e63-4789-80ef-a6c78d8308b6}.xpi [2015-03-30]
FF Extension: Pixlr Grabber - C:\Users\daustin\AppData\Roaming\Mozilla\Firefox\Profiles\hffbepkt.daustin\Extensions\{d47a9f51-8281-43fa-f450-f28ef8735e9a}.xpi [2014-07-23]
FF Extension: No Name - C:\Users\daustin\AppData\Roaming\Mozilla\Firefox\Profiles\cdp5vt5x.default-1423630399631\Extensions\jsonview@brh.numbera.com.xpi [2015-02-26]
FF Extension: No Name - C:\Users\daustin\AppData\Roaming\Mozilla\Firefox\Profiles\cdp5vt5x.default-1423630399631\Extensions\SQLiteManager@mrinalkant.blogspot.com.xpi [2015-02-14]
FF Extension: Express Find - C:\Users\daustin\AppData\Roaming\Mozilla\Firefox\Profiles\cdp5vt5x.default-1423630399631\Extensions\{c1c2292b-1e63-4789-80ef-a6c78d8308b6}.xpi [2015-03-30]
FF Extension: No Name - C:\Users\daustin\AppData\Roaming\Mozilla\Firefox\Profiles\cdp5vt5x.default-1423630399631\Extensions\{d47a9f51-8281-43fa-f450-f28ef8735e9a}.xpi [2015-02-14]
FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF Extension: Microsoft .NET Framework Assistant - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension [2014-07-20]
FF HKLM\...\Firefox\Extensions: [{4ED1F68A-5463-4931-9384-8FFF5ED91D92}] - C:\Program Files\McAfee\SiteAdvisor
FF Extension: McAfee SiteAdvisor - C:\Program Files\McAfee\SiteAdvisor [2014-07-22]
FF HKLM\...\Firefox\Extensions: [web2pdfextension@web2pdf.adobedotcom] - C:\Program Files\Adobe\Acrobat 11.0\Acrobat\Browser\WCFirefoxExtn
FF Extension: Adobe Acrobat - Create PDF - C:\Program Files\Adobe\Acrobat 11.0\Acrobat\Browser\WCFirefoxExtn [2014-07-27]
FF HKU\S-1-5-21-908084168-186713400-116910121-1003\...\Firefox\Extensions: [{e4f94d1e-2f53-401e-8885-681602c0ddd8}] - C:\ProgramData\McAfee Security Scan\Extensions\{e4f94d1e-2f53-401e-8885-681602c0ddd8}.xpi
FF Extension: No Name - C:\ProgramData\McAfee Security Scan\Extensions\{e4f94d1e-2f53-401e-8885-681602c0ddd8}.xpi [2014-04-04]
 
Chrome: 
=======
CHR HomePage: Default -> hxxp://att.my.yahoo.com/
CHR StartupUrls: Default -> "hxxp://att.my.yahoo.com/", "hxxp://us.mg205.mail.yahoo.com/neo/launch?.partner=sbc&.rand=5pglpni0jm4uo", "https://www.google.com/bookmarks/lookup?month=1&day=4&yr=2012&hl=en", "https://maps.google.com/", "https://thd.eagleview.com/Login.aspx", "https://www.myhealth.va.gov/mhv-portal-web/anonymous.portal?_nfpb=true&_pageLabel=mhvHome", "hxxp://www.flickr.com/", "https://discussions.apple.com/index.jspa"
CHR Profile: C:\Users\daustin\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Floorplanner) - C:\Users\daustin\AppData\Local\Google\Chrome\User Data\Default\Extensions\abopacaefhbognnmeigicfpgnmpideag [2014-07-24]
CHR Extension: (Google Docs) - C:\Users\daustin\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-07-24]
CHR Extension: (Google Drive) - C:\Users\daustin\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-07-24]
CHR Extension: (YouTube) - C:\Users\daustin\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-07-24]
CHR Extension: (Google Search) - C:\Users\daustin\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-07-24]
CHR Extension: (Adobe Acrobat - Create PDF) - C:\Users\daustin\AppData\Local\Google\Chrome\User Data\Default\Extensions\efaidnbmnnnibpcajpcglclefindmkaj [2014-07-27]
CHR Extension: (SiteAdvisor) - C:\Users\daustin\AppData\Local\Google\Chrome\User Data\Default\Extensions\fheoggkfdfchfphceeifdbepaooicaho [2014-07-24]
CHR Extension: (MagicScroll eBook Reader) - C:\Users\daustin\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghgnmgfdoiplfmhgghbmlphanpfmjble [2014-07-24]
CHR Extension: (Baseball Game) - C:\Users\daustin\AppData\Local\Google\Chrome\User Data\Default\Extensions\ihoblfbdnpgpamhionmopdcjbmkfingh [2014-07-24]
CHR Extension: (SparkChess 7) - C:\Users\daustin\AppData\Local\Google\Chrome\User Data\Default\Extensions\khgabmflimjjbclkmljlpmgaleanedem [2014-07-24]
CHR Extension: (Chrome Hotword Shared Module) - C:\Users\daustin\AppData\Local\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg [2015-03-12]
CHR Extension: (Numerics Calculator & Converter) - C:\Users\daustin\AppData\Local\Google\Chrome\User Data\Default\Extensions\liglcienpnkhdajdfmnpbgmpjglonipe [2014-07-24]
CHR Extension: (Google Maps) - C:\Users\daustin\AppData\Local\Google\Chrome\User Data\Default\Extensions\lneaknkopdijkpnocmklfnjbeapigfbh [2014-07-24]
CHR Extension: (Google Wallet) - C:\Users\daustin\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-07-24]
CHR Extension: (Gmail) - C:\Users\daustin\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-07-24]
CHR HKLM\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj] - C:\Program Files\Adobe\Acrobat 11.0\Acrobat\Browser\WCChromeExtn\WCChromeExtn.crx [2013-12-20]
CHR HKLM\...\Chrome\Extension: [fheoggkfdfchfphceeifdbepaooicaho] - C:\Program Files\McAfee\SiteAdvisor\McChPlg.crx [2014-07-22]
 
========================== Services (Whitelisted) =================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 ADExchange; C:\Program Files\Common Files\ArcSoft\esinter\Bin\eservutil.exe [43112 2012-02-16] (ArcSoft Inc.)
R2 AlertService; C:\Program Files\Intel\IntelDH\CCU\AlertService.exe [195032 2006-11-18] (Intel® Corporation)
S4 CCALib8; C:\Program Files\Canon\CAL\CALMAIN.exe [96341 2006-03-30] (Canon Inc.) [File not signed]
R2 CodeMeter.exe; C:\Program Files\CodeMeter\Runtime\bin\CodeMeter.exe [2077072 2010-09-06] (WIBU-SYSTEMS AG)
S4 Diskeeper; C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe [2164600 2012-07-28] (Diskeeper Corporation)
R2 DQLWinService; C:\Program Files\Common Files\Intel\IntelDH\NMS\AdpPlugins\DQLWinService.exe [208896 2006-10-29] () [File not signed]
S4 GfExperienceService; C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe [915600 2014-12-12] (NVIDIA Corporation)
S4 GoogleDesktopManager; C:\Program Files\Google\Google Desktop Search\GoogleDesktopManager.exe [81408 2014-07-20] (Google) [File not signed]
R2 HomeNetSvc; C:\Program Files\Common Files\Mcafee\Platform\McSvcHost\McSvHost.exe [286672 2014-10-31] (McAfee, Inc.)
S3 IDriverT; C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe [73728 2004-10-22] (Macrovision Corporation) [File not signed]
R2 IduService; C:\Program Files\Intel\Intel Desktop Utilities\iduServ.exe [124928 2009-01-22] (Intel® Corporation) [File not signed]
S4 ISSM; C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\ISSM.exe [81880 2006-11-18] (Intel® Corporation)
R2 LightScribeService; C:\Program Files\Common Files\LightScribe\LSSrvc.exe [73728 2013-01-16] (Hewlett-Packard Company) [File not signed]
S4 M1 Server; C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\mediaserver.exe [32216 2006-11-18] ()
R2 McAfee SiteAdvisor Service; C:\Program Files\McAfee\SiteAdvisor\McSACore.exe [132160 2015-02-19] (McAfee, Inc.)
R2 McAPExe; C:\Program Files\McAfee\MSC\McAPExe.exe [529216 2015-01-13] (McAfee, Inc.)
S3 McComponentHostService; C:\Program Files\McAfee Security Scan\3.8.150\McCHSvc.exe [235696 2014-04-09] (McAfee, Inc.)
S4 MCLServiceATL; C:\Program Files\Intel\IntelDH\Intel Media Server\Shells\MCLServiceATL.exe [174552 2006-11-18] (Intel® Corporation)
R2 McMPFSvc; C:\Program Files\Common Files\Mcafee\Platform\McSvcHost\McSvHost.exe [286672 2014-10-31] (McAfee, Inc.)
R2 McNaiAnn; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [286672 2014-10-31] (McAfee, Inc.)
S3 McODS; C:\Program Files\McAfee\VirusScan\mcods.exe [471560 2015-01-07] (McAfee, Inc.)
R2 mcpltsvc; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [286672 2014-10-31] (McAfee, Inc.)
R2 McProxy; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [286672 2014-10-31] (McAfee, Inc.)
R2 mfecore; C:\Program Files\Common Files\McAfee\AMCore\mcshield.exe [661088 2014-11-06] (McAfee, Inc.)
R2 mfefire; C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe [171368 2014-10-01] (McAfee, Inc.)
R2 mfevtp; C:\Windows\system32\mfevtps.exe [179608 2014-10-01] (McAfee, Inc.)
S4 NAUpdate; C:\Program Files\Nero\Update\NASvc.exe [786256 2014-07-14] (Nero AG)
R2 NvNetworkService; C:\Program Files\NVIDIA Corporation\NetService\NvNetworkService.exe [1701520 2014-12-12] (NVIDIA Corporation)
R2 PCToolsSSDMonitorSvc; C:\Program Files\Common Files\PC Tools\sMonitor\StartManSvc.exe [583640 2010-08-05] (PC Tools)
R2 PDAgent; C:\Program Files\Raxco\PerfectDisk\PDAgent.exe [2066224 2013-12-12] (Raxco Software, Inc.)
R2 PDEngine; C:\Program Files\Common Files\Raxco\Shared\PDEngine.exe [2189616 2013-12-12] (Raxco Software, Inc.)
R2 PDFProFiltSrvPP; C:\Program Files\Nuance\PaperPort\PDFProFiltSrvPP.exe [138600 2011-08-13] (Nuance Communications, Inc.)
S4 QBCFMonitorService; C:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe [45056 2012-08-18] (Intuit) [File not signed]
S4 QBFCService; C:\Program Files\Common Files\Intuit\QuickBooks\FCS\Intuit.QuickBooks.FCS.exe [61440 2012-08-18] (Intuit Inc.) [File not signed]
S4 QBVSS; C:\Program Files\Common Files\Intuit\DataProtect\QBIDPService.exe [1248256 2012-08-18] (Intuit Inc.) [File not signed]
S2 Remote UI Service; C:\Program Files\Intel\IntelDH\Intel Media Server\Shells\Remote UI Service.exe [550872 2006-11-18] (Intel® Corporation)
R2 RichVideo; C:\Program Files\CyberLink\Shared Files\RichVideo.exe [254552 2012-08-08] ()
S4 SBSDWSCService; C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe [1153368 2009-01-26] (Safer Networking Ltd.)
S3 SwitchBoard; C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated) [File not signed]
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [272952 2008-01-18] (Microsoft Corporation)
S2 xtu; C:\Program Files\Microsoft ISATAP Adapter\tunnel.exe [40960 2011-02-11] (Microsoft Corporation) [File not signed]
 
==================== Drivers (Whitelisted) ====================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
S3 ac97intc; C:\Windows\System32\drivers\ac97intc.sys [108032 2006-11-02] (Intel Corporation)
R3 Afc; C:\Windows\System32\drivers\Afc.sys [11776 2005-02-23] (Arcsoft, Inc.) [File not signed]
R1 ArcSec; C:\Windows\System32\drivers\ArcSec.sys [198720 2011-11-10] ()
R3 AV88BASE; C:\Windows\System32\drivers\av88base.sys [423936 2007-04-12] (Conexant, Inc.)
S3 BioNTDrv; C:\Program Files\Paragon Software\Hard Disk Manager 14 Professional\program\BioNTDrv.SYS [16648 2014-02-10] (Paragon Software Group)
R1 Cdr4_xp; C:\Windows\system32\Drivers\Cdr4_xp.sys [44288 2005-09-07] (Sonic Solutions) [File not signed]
R1 Cdralw2k; C:\Windows\system32\Drivers\Cdralw2k.sys [24960 2005-09-07] (Sonic Solutions) [File not signed]
R3 cfwids; C:\Windows\System32\drivers\cfwids.sys [62840 2014-10-01] (McAfee, Inc.)
R1 CLVirtualDrive1.1; C:\Windows\System32\DRIVERS\CLVirtualDrive1_1.sys [76760 2013-06-03] (CyberLink)
R2 DefragFS; C:\Windows\system32\Drivers\DefragFS.sys [104088 2012-09-11] (Raxco Software, Inc.)
S3 DKRtWrt; C:\Windows\System32\DRIVERS\DKRtWrt.sys [38608 2011-02-14] (Diskeeper Corporation)
R3 HipShieldK; C:\Windows\System32\drivers\HipShieldK.sys [147912 2013-09-23] (McAfee, Inc.)
R3 IntelDH; C:\Windows\System32\Drivers\IntelDH.sys [5504 2014-07-20] (Intel Corporation)
R3 mfeapfk; C:\Windows\System32\drivers\mfeapfk.sys [135880 2014-10-01] (McAfee, Inc.)
R3 mfeavfk; C:\Windows\System32\drivers\mfeavfk.sys [238312 2014-10-01] (McAfee, Inc.)
S3 mfebopk; C:\Windows\System32\drivers\mfebopk.sys [67824 2014-10-01] (McAfee, Inc.)
R3 mfefirek; C:\Windows\System32\drivers\mfefirek.sys [371712 2014-10-01] (McAfee, Inc.)
R0 mfehidk; C:\Windows\System32\drivers\mfehidk.sys [575992 2014-10-01] (McAfee, Inc.)
R3 mfencbdc; C:\Windows\System32\DRIVERS\mfencbdc.sys [352360 2014-09-19] (McAfee, Inc.)
S3 mfencrk; C:\Windows\System32\DRIVERS\mfencrk.sys [81304 2014-09-19] (McAfee, Inc.)
S4 mfetdi2k; C:\Windows\System32\drivers\mfetdi2k.sys [92216 2014-04-03] (McAfee, Inc.)
R0 mfewfpk; C:\Windows\System32\drivers\mfewfpk.sys [217232 2014-10-01] (McAfee, Inc.)
S3 NETw2v32; C:\Windows\System32\DRIVERS\NETw2v32.sys [2589184 2006-11-02] (Intel® Corporation)
R2 nmsgopro; C:\Windows\System32\DRIVERS\nmsgopro.sys [28672 2006-09-27] (Gteko Ltd.)
R2 nmsunidr; C:\Windows\System32\DRIVERS\nmsunidr.sys [7424 2006-10-19] (Gteko Ltd.)
R2 osaio; C:\Windows\system32\drivers\osaio.sys [15352 2014-12-20] (OSA Technologies, An Avocent Company)
R2 PDFSFilter; C:\Windows\System32\DRIVERS\PDFsFilter.sys [69016 2012-08-23] (Raxco Software, Inc.)
R2 ppsio2; C:\Windows\system32\Drivers\ppsio2.sys [23200 2001-08-15] ()
R1 RrNetCapFilterDriver; C:\Windows\System32\DRIVERS\RrNetCapFilterDriver.sys [22184 2013-10-07] (Audials AG)
R1 SASDIFSV; C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS [12872 2010-02-17] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
R1 SASKUTIL; C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS [67656 2010-05-10] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
R3 STHDA; C:\Windows\System32\drivers\stwrt.sys [647680 2006-11-22] (SigmaTel, Inc.) [File not signed]
R3 TASCAM_US122144; C:\Windows\System32\Drivers\tascusb2.sys [341848 2011-04-28] (TASCAM)
R3 TASCAM_US144_MK2_MIDI; C:\Windows\System32\drivers\tscusb2m.sys [26968 2011-04-28] (TASCAM)
R3 TASCAM_US144_MK2_WDM; C:\Windows\System32\drivers\tscusb2a.sys [43352 2011-04-28] (TASCAM)
R3 tbhsd; C:\Windows\System32\drivers\tbhsd.sys [39048 2013-10-07] (RapidSolution Software AG)
R3 TRENDnetUdsMBus; C:\Windows\System32\Drivers\TRENDnetUdsMBus.sys [86912 2011-09-22] (Windows ® Codename Longhorn DDK provider) [File not signed]
R3 TRENDnetUdsTcpBus; C:\Windows\System32\Drivers\TrendNetUDSTcpBus.sys [141312 2011-09-22] (Windows ® Codename Longhorn DDK provider) [File not signed]
S3 TSHWMDTCP; C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\TSHWMDTCP.sys [18904 2006-11-18] ()
R1 UimBus; C:\Windows\System32\DRIVERS\UimBus.sys [91016 2014-02-10] ()
R1 Uim_DEVIM; C:\Windows\System32\DRIVERS\uim_devim.sys [20616 2014-02-10] ()
R1 Uim_IM; C:\Windows\System32\DRIVERS\uim_im.sys [540168 2014-02-10] ()
R2 {95808DC4-FA4A-4C74-92FE-5B863F82066B}; C:\Program Files\CyberLink\PowerDVD\000.fcl [61424 2008-10-07] (Cyberlink Corp.)
S0 AFS; No ImagePath
U5 AppMgmt; C:\Windows\system32\svchost.exe [21504 2008-01-18] (Microsoft Corporation)
S4 blbdrive; \SystemRoot\system32\drivers\blbdrive.sys [X]
S3 catchme; \??\C:\ComboFix\catchme.sys [X]
S3 CLVirtualBus01; system32\DRIVERS\CLVirtualBus01.sys [X]
S3 IpInIp; system32\DRIVERS\ipinip.sys [X]
S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [X]
S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [X]
S3 SDDMI2; \??\C:\Windows\system32\DDMI2.sys [X]
 
==================== NetSvcs (Whitelisted) ===================
 
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
 
 
==================== One Month Created Files and Folders ========
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2015-04-06 18:02 - 2015-04-06 18:02 - 00036045 _____ () C:\Users\daustin\Downloads\FRST.txt
2015-04-06 18:00 - 2015-04-06 18:00 - 00001598 _____ () C:\Users\daustin\Desktop\AdwCleaner[S1].txt
2015-04-06 17:28 - 2015-04-06 17:28 - 01135104 _____ (Farbar) C:\Users\daustin\Downloads\FRST (1).exe
2015-04-06 17:26 - 2015-04-06 17:26 - 02208768 _____ () C:\Users\daustin\Downloads\adwcleaner_4.200.exe
2015-04-06 17:09 - 2015-04-06 17:09 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee
2015-04-06 14:07 - 2015-04-06 14:07 - 00013890 _____ () C:\Users\daustin\Documents\hijackthis04062015.log
2015-04-06 00:43 - 2015-04-06 00:43 - 01489009 _____ () C:\Users\daustin\AppData\Local\census.cache
2015-04-06 00:43 - 2015-04-06 00:43 - 00000000 _____ () C:\Users\daustin\AppData\Local\ars.cache
2015-04-05 02:31 - 2015-04-05 02:31 - 00000010 _____ () C:\Users\daustin\AppData\Local\sponge.last.runtime.cache
2015-04-05 02:20 - 2015-04-05 02:20 - 02073512 _____ (Trend Micro Inc.) C:\Users\daustin\Downloads\HousecallLauncher.exe
2015-04-05 02:20 - 2013-09-27 19:56 - 00289352 _____ (Trend Micro Inc.) C:\Windows\system32\Drivers\tmcomm.sys
2015-04-05 02:19 - 2015-04-05 02:19 - 00000036 _____ () C:\Users\daustin\AppData\Local\housecall.guid.cache
2015-04-05 01:54 - 2015-04-05 01:54 - 00585467 _____ () C:\Users\daustin\Documents\3D Mango Tree.skp
2015-04-05 00:39 - 2015-04-05 01:25 - 11992131 _____ () C:\Users\daustin\Documents\Scobey Test 03162015_new15.skb
2015-04-05 00:38 - 2015-04-05 01:48 - 12119542 _____ () C:\Users\daustin\Documents\Scobey Test 03162015_new15.skp
2015-04-04 21:49 - 2015-04-04 23:19 - 12052884 _____ () C:\Users\daustin\Documents\Scobey Test 03162015_new14.skp
2015-04-02 19:31 - 2015-04-03 21:25 - 12057086 _____ () C:\Users\daustin\Documents\Scobey Test 03162015_new13.skb
2015-04-02 19:19 - 2015-04-03 21:32 - 12056421 _____ () C:\Users\daustin\Documents\Scobey Test 03162015_new13.skp
2015-04-02 18:51 - 2015-04-01 23:43 - 11905146 _____ () C:\Users\daustin\Documents\Scobey Test 03162015_new12.skb
2015-04-01 23:42 - 2015-04-02 18:51 - 11899388 _____ () C:\Users\daustin\Documents\Scobey Test 03162015_new12.skp
2015-04-01 22:20 - 2015-04-01 22:20 - 11868339 _____ () C:\Users\daustin\Documents\AutoSave_Scobey Test 03162015_new10.skp
2015-04-01 21:18 - 2015-04-01 21:18 - 00025245 _____ () C:\Users\daustin\Documents\combofix_report.txt
2015-04-01 20:55 - 2015-04-01 20:55 - 00025245 _____ () C:\ComboFix.txt
2015-04-01 19:56 - 2015-04-01 20:55 - 00000000 ____D () C:\Qoobox
2015-04-01 19:56 - 2011-06-25 23:45 - 00256000 _____ () C:\Windows\PEV.exe
2015-04-01 19:56 - 2010-11-07 10:20 - 00208896 _____ () C:\Windows\MBR.exe
2015-04-01 19:56 - 2009-04-19 21:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2015-04-01 19:56 - 2000-08-30 17:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2015-04-01 19:56 - 2000-08-30 17:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2015-04-01 19:56 - 2000-08-30 17:00 - 00098816 _____ () C:\Windows\sed.exe
2015-04-01 19:56 - 2000-08-30 17:00 - 00080412 _____ () C:\Windows\grep.exe
2015-04-01 19:56 - 2000-08-30 17:00 - 00068096 _____ () C:\Windows\zip.exe
2015-04-01 19:55 - 2015-04-01 20:52 - 00000000 ____D () C:\Windows\erdnt
2015-04-01 19:35 - 2015-04-01 19:36 - 00067490 _____ () C:\Users\daustin\Downloads\Addition_old.txt
2015-04-01 19:35 - 2015-04-01 19:36 - 00062482 _____ () C:\Users\daustin\Downloads\FRST_old.txt
2015-04-01 19:34 - 2015-04-06 18:02 - 00000000 ____D () C:\FRST
2015-04-01 19:34 - 2015-04-01 19:34 - 01135104 _____ (Farbar) C:\Users\daustin\Downloads\FRST.exe
2015-04-01 19:30 - 2015-04-01 19:31 - 05617096 ____R (Swearware) C:\Users\daustin\Downloads\ComboFix.exe
2015-03-31 15:34 - 2015-04-06 17:40 - 00000000 ____D () C:\AdwCleaner
2015-03-31 15:23 - 2015-03-31 15:23 - 00000000 ____D () C:\Program Files\Mozilla Firefox
2015-03-30 23:42 - 2015-03-30 23:42 - 00000228 _____ () C:\rb_config.js
2015-03-30 23:42 - 2015-03-30 23:42 - 00000070 _____ () C:\history.js
2015-03-30 23:03 - 2015-04-01 22:15 - 96731188 _____ () C:\Users\daustin\Documents\New Help Me Vocal05ext.record
2015-03-30 01:05 - 2015-03-30 01:05 - 00001040 _____ () C:\Users\daustin\Desktop\DriverMax.lnk
2015-03-30 01:05 - 2015-03-30 01:05 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DriverMax
2015-03-29 23:54 - 2015-03-29 23:40 - 00131000 ____R (Microsoft Corporation) C:\Windows\system32\Drivers\WimFltr.sys
2015-03-29 23:41 - 2015-03-30 00:22 - 00000000 ____D () C:\Program Files\vLite
2015-03-29 23:41 - 2015-03-29 23:41 - 00000773 _____ () C:\Users\daustin\Desktop\vLite.lnk
2015-03-29 23:41 - 2015-03-29 23:41 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\vLite
2015-03-29 22:40 - 2015-03-29 22:40 - 00002092 _____ () C:\Users\daustin\Documents\Help Me Lyrics.txt
2015-03-29 16:48 - 2015-03-29 16:48 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Windows AIK
2015-03-29 16:48 - 2015-03-29 16:48 - 00000000 ____D () C:\Program Files\Windows Imaging
2015-03-29 16:47 - 2015-03-29 16:48 - 00000000 ____D () C:\Program Files\Windows AIK
2015-03-29 16:01 - 2015-03-29 16:01 - 00002079 _____ () C:\Users\daustin\Desktop\RT 7 Lite (32-Bit).lnk
2015-03-29 16:01 - 2015-03-29 16:01 - 00000000 ____D () C:\Windows\system32\RT 7 Lite
2015-03-29 16:01 - 2015-03-29 16:01 - 00000000 ____D () C:\Users\daustin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Rockers Team
2015-03-29 16:01 - 2015-03-29 16:01 - 00000000 ____D () C:\Program Files\Rockers Team
2015-03-29 15:12 - 2015-03-31 23:46 - 00000000 ____D () C:\Users\daustin\Downloads\Windows Slipstream Installation Files
2015-03-29 13:17 - 2015-03-30 23:03 - 96469044 _____ () C:\Users\daustin\Documents\New Help Me Vocal04ext.record
2015-03-29 01:11 - 2015-03-29 01:11 - 11864845 _____ () C:\Users\daustin\Documents\AutoSave_Scobey Test 03162015_new11.skp
2015-03-29 01:06 - 2015-03-29 01:06 - 11864845 _____ () C:\Users\daustin\Documents\Scobey Test 03162015_new11.skp
2015-03-29 01:01 - 2015-03-29 13:17 - 50855988 _____ () C:\Users\daustin\Documents\New Help Me Vocal03ext.record
2015-03-28 23:58 - 2015-04-01 20:12 - 00011858 _____ () C:\Windows\PFRO.log
2015-03-28 16:00 - 2013-12-23 20:18 - 03786601 _____ () C:\Users\daustin\Downloads\Tree_Winter_2.skp
2015-03-28 16:00 - 2013-12-17 02:13 - 01313477 _____ () C:\Users\daustin\Downloads\sri rejeki.skp
2015-03-28 16:00 - 2013-12-17 02:07 - 01614310 _____ () C:\Users\daustin\Downloads\WILLOW TREE HIGH POLY.skp
2015-03-28 16:00 - 2013-12-17 02:07 - 01332413 _____ () C:\Users\daustin\Downloads\Palmilla.skp
2015-03-28 16:00 - 2013-12-17 02:07 - 00611926 _____ () C:\Users\daustin\Downloads\(SUVN) Hoa sua.skp
2015-03-28 16:00 - 2013-12-17 02:07 - 00189710 _____ () C:\Users\daustin\Downloads\splitleaf501.skp
2015-03-28 16:00 - 2013-12-17 02:07 - 00180552 _____ () C:\Users\daustin\Downloads\Bannana4.skp
2015-03-28 16:00 - 2013-12-17 02:07 - 00170508 _____ () C:\Users\daustin\Downloads\date_201_nt.skp
2015-03-28 16:00 - 2013-12-17 02:07 - 00154433 _____ () C:\Users\daustin\Downloads\coconut_e.skp
2015-03-28 16:00 - 2013-12-17 02:07 - 00135826 _____ () C:\Users\daustin\Downloads\Adonidia Palm_Manila Palm.skp
2015-03-28 16:00 - 2013-12-17 02:07 - 00104283 _____ () C:\Users\daustin\Downloads\QueenPalm_next2.skp
2015-03-28 16:00 - 2013-12-17 02:07 - 00101862 _____ () C:\Users\daustin\Downloads\tall tree.skp
2015-03-28 16:00 - 2013-12-17 02:07 - 00088454 _____ () C:\Users\daustin\Downloads\mango tree.skp
2015-03-28 16:00 - 2013-12-17 02:07 - 00037402 _____ () C:\Users\daustin\Downloads\Tree_Winter.skp
2015-03-28 16:00 - 2013-12-17 02:06 - 08866262 _____ () C:\Users\daustin\Downloads\jephTREE 12.skp
2015-03-28 16:00 - 2013-12-17 02:06 - 07811175 _____ () C:\Users\daustin\Downloads\jephTREE 10.skp
2015-03-28 16:00 - 2013-12-17 02:06 - 05343188 _____ () C:\Users\daustin\Downloads\Group_55.skp
2015-03-28 16:00 - 2013-12-17 02:06 - 03138382 _____ () C:\Users\daustin\Downloads\Group_4.skp
2015-03-28 16:00 - 2013-12-17 02:06 - 02155926 _____ () C:\Users\daustin\Downloads\Arbre2.skp
2015-03-28 16:00 - 2013-12-17 02:06 - 01006344 _____ () C:\Users\daustin\Downloads\Group_49.skp
2015-03-28 16:00 - 2013-12-17 02:06 - 00846466 _____ () C:\Users\daustin\Downloads\Group_64.skp
2015-03-28 16:00 - 2013-12-17 02:06 - 00743409 _____ () C:\Users\daustin\Downloads\Ilex _Soft Touch_.skp
2015-03-28 16:00 - 2013-12-17 02:06 - 00603097 _____ () C:\Users\daustin\Downloads\LandFX_ST-CycasRev-21-h.skp
2015-03-28 16:00 - 2013-12-17 02:06 - 00336300 _____ () C:\Users\daustin\Downloads\Group_63.skp
2015-03-28 16:00 - 2013-12-17 02:06 - 00217502 _____ () C:\Users\daustin\Downloads\small tree 3.skp
2015-03-28 16:00 - 2013-12-17 02:06 - 00165763 _____ () C:\Users\daustin\Downloads\tree trunk.skp
2015-03-28 16:00 - 2013-12-17 02:06 - 00134627 _____ () C:\Users\daustin\Downloads\coconut 2.skp
2015-03-28 16:00 - 2013-12-17 02:06 - 00126401 _____ () C:\Users\daustin\Downloads\small maple summer.skp
2015-03-28 16:00 - 2013-12-17 02:06 - 00126401 _____ () C:\Users\daustin\Downloads\small maple summer (1).skp
2015-03-28 16:00 - 2013-12-17 02:06 - 00123550 _____ () C:\Users\daustin\Downloads\young tree.skp
2015-03-28 16:00 - 2013-12-17 02:06 - 00118745 _____ () C:\Users\daustin\Downloads\t PineTree.skp
2015-03-28 16:00 - 2013-12-17 02:06 - 00098896 _____ () C:\Users\daustin\Downloads\tall pine.skp
2015-03-28 16:00 - 2013-12-17 02:05 - 08929031 _____ () C:\Users\daustin\Downloads\Untitled.skp
2015-03-28 16:00 - 2013-12-17 02:05 - 08118308 _____ () C:\Users\daustin\Downloads\Untitled (2).skp
2015-03-28 16:00 - 2013-12-17 02:05 - 04619291 _____ () C:\Users\daustin\Downloads\Untitled (1).skp
2015-03-28 16:00 - 2013-12-17 02:05 - 02717851 _____ () C:\Users\daustin\Downloads\Jeph-T Bamboo with Shrub.skp
2015-03-28 16:00 - 2013-12-17 02:05 - 00918131 _____ () C:\Users\daustin\Downloads\Group_92.skp
2015-03-28 16:00 - 2013-12-17 02:05 - 00887917 _____ () C:\Users\daustin\Downloads\Bamboo 2.skp
2015-03-28 16:00 - 2013-12-17 02:05 - 00189453 _____ () C:\Users\daustin\Downloads\Fern.skp
2015-03-28 01:51 - 2015-03-28 01:51 - 02510311 _____ () C:\Users\daustin\Documents\vista drivers.nru
2015-03-27 23:08 - 2015-03-28 17:32 - 11771958 _____ () C:\Users\daustin\Documents\Scobey Test 03162015_new10.skb
2015-03-27 23:06 - 2015-03-29 01:19 - 11869541 _____ () C:\Users\daustin\Documents\Scobey Test 03162015_new10.skp
2015-03-27 22:46 - 2015-03-27 22:46 - 08578243 _____ () C:\Users\daustin\Documents\AutoSave_Scobey Test 03162015_new9_4.skp
2015-03-26 22:22 - 2015-03-26 22:22 - 08578259 _____ () C:\Users\daustin\Documents\Scobey Test 03162015_new9.skb
2015-03-26 21:25 - 2015-03-26 22:00 - 08565259 _____ () C:\Users\daustin\Documents\AutoSave_Scobey Test 03162015_new9_3.skp
2015-03-26 11:48 - 2015-03-26 11:48 - 08516799 _____ () C:\Users\daustin\Documents\AutoSave_Scobey Test 03162015_new9_2.skp
2015-03-24 22:11 - 2015-03-24 22:20 - 08521193 _____ () C:\Users\daustin\Documents\AutoSave_Scobey Test 03162015_new9_1.skp
2015-03-24 21:59 - 2015-03-24 21:59 - 08494467 _____ () C:\Users\daustin\Documents\AutoSave_Scobey Test 03162015_new9.skp
2015-03-24 21:44 - 2015-03-26 22:23 - 08578011 _____ () C:\Users\daustin\Documents\Scobey Test 03162015_new9.skp
2015-03-24 21:22 - 2015-03-24 21:32 - 08411403 _____ () C:\Users\daustin\Documents\AutoSave_Scobey Test 03162015_new8_6.skp
2015-03-24 20:54 - 2015-03-28 16:24 - 00000000 ____D () C:\Users\daustin\Downloads\VRay Stucco
2015-03-24 18:55 - 2015-03-24 19:40 - 08155696 _____ () C:\Users\daustin\Documents\AutoSave_Scobey Test 03162015_new8_5.skp
2015-03-23 22:01 - 2015-03-23 23:24 - 00013610 _____ () C:\Users\daustin\Documents\Scobey Exterior Paint Dimensions.xlsx
2015-03-23 19:19 - 2015-03-23 20:40 - 08227276 _____ () C:\Users\daustin\Documents\AutoSave_Scobey Test 03162015_new8_4.skp
2015-03-23 16:50 - 2015-03-23 16:50 - 01474758 _____ () C:\Users\daustin\Desktop\Project_Scobey.bmp
2015-03-23 16:14 - 2015-03-23 16:24 - 00000000 ____D () C:\Users\daustin\Documents\Scobey Test Export 3ds
2015-03-22 23:03 - 2015-03-22 23:03 - 07905453 _____ () C:\Users\daustin\Documents\AutoSave_Scobey Test 03162015_new8_3.skp
2015-03-22 22:25 - 2015-03-22 22:35 - 07851365 _____ () C:\Users\daustin\Documents\AutoSave_Scobey Test 03162015_new8_2.skp
2015-03-22 18:38 - 2015-03-22 18:38 - 07854128 _____ () C:\Users\daustin\Documents\AutoSave_Scobey Test 03162015_new8_1.skp
2015-03-22 18:27 - 2015-03-22 18:27 - 07838487 _____ () C:\Users\daustin\Documents\AutoSave_Scobey Test 03162015_new8.skp
2015-03-22 00:28 - 2015-03-24 11:14 - 08119970 _____ () C:\Users\daustin\Documents\Scobey Test 03162015_new8.skb
2015-03-22 00:25 - 2015-03-24 18:46 - 08116460 _____ () C:\Users\daustin\Documents\Scobey Test 03162015_new8.skp
2015-03-21 23:49 - 2015-03-22 00:16 - 07632169 _____ () C:\Users\daustin\Documents\AutoSave_Scobey Test 03162015_new7.skp
2015-03-21 23:37 - 2015-03-21 22:12 - 07619172 _____ () C:\Users\daustin\Documents\Scobey Test 03162015_new7.skb
2015-03-21 22:12 - 2015-03-21 23:37 - 07629269 _____ () C:\Users\daustin\Documents\Scobey Test 03162015_new7.skp
2015-03-20 11:24 - 2015-03-21 22:08 - 07642450 _____ () C:\Users\daustin\Documents\Scobey Test 03162015_new6.skb
2015-03-19 23:30 - 2015-03-21 22:08 - 07636679 _____ () C:\Users\daustin\Documents\Scobey Test 03162015_new6.skp
2015-03-19 22:31 - 2015-03-23 20:31 - 00000000 ____D () C:\Users\daustin\Downloads\Sliding Windows
2015-03-19 22:25 - 2015-03-19 22:25 - 06993252 _____ () C:\Users\daustin\Documents\AutoSave_Scobey Test 03162015_new5.skp
2015-03-17 23:41 - 2015-03-19 22:50 - 07058828 _____ () C:\Users\daustin\Documents\Scobey Test 03162015_new5.skb
2015-03-17 21:19 - 2015-03-19 22:54 - 07058880 _____ () C:\Users\daustin\Documents\Scobey Test 03162015_new5.skp
2015-03-16 23:19 - 2015-03-16 23:07 - 02617125 _____ () C:\Users\daustin\Documents\Scobey Test 03162015_new4.skb
2015-03-16 23:07 - 2015-03-16 23:19 - 02618838 _____ () C:\Users\daustin\Documents\Scobey Test 03162015_new4.skp
2015-03-16 18:57 - 2015-03-16 18:57 - 02623402 _____ () C:\Users\daustin\Documents\Scobey Test 03162015_new3.skp
2015-03-16 14:15 - 2015-03-16 14:15 - 00000000 ____D () C:\Windows\Sun
2015-03-16 01:02 - 2015-03-16 01:08 - 02611778 _____ () C:\Users\daustin\Documents\Scobey Test 03162015_new2.skb
2015-03-16 00:33 - 2015-03-16 16:59 - 02615941 _____ () C:\Users\daustin\Documents\Scobey Test 03162015_new2.skp
2015-03-16 00:10 - 2015-03-15 23:41 - 00810071 _____ () C:\Users\daustin\Documents\Scobey Test 03162015_new.skb
2015-03-15 23:41 - 2015-03-16 00:10 - 00817357 _____ () C:\Users\daustin\Documents\Scobey Test 03162015_new.skp
2015-03-15 17:41 - 2015-03-15 17:44 - 00409758 _____ () C:\Users\daustin\Documents\Scobey Test 03162015.skb
2015-03-15 16:28 - 2015-03-15 18:26 - 00413415 _____ () C:\Users\daustin\Documents\Scobey Test 03162015.skp
2015-03-15 00:26 - 2015-03-14 23:59 - 00192048 _____ () C:\Users\daustin\Documents\Scobey Test 03042015.skb
2015-03-14 23:59 - 2015-03-15 00:26 - 00198491 _____ () C:\Users\daustin\Documents\Scobey Test 03042015.skp
2015-03-14 23:45 - 2015-03-14 23:45 - 00534621 _____ () C:\Users\daustin\Desktop\scobey_layout 2.dxf
2015-03-14 22:48 - 2015-03-14 22:48 - 00138913 _____ () C:\Users\daustin\Desktop\Scobey_Layout.dxf
2015-03-12 18:31 - 2015-03-16 12:48 - 00000000 ____D () C:\Users\daustin\Documents\BankStatements 2014
2015-03-11 00:50 - 2015-01-28 18:35 - 00369664 _____ (Microsoft Corporation) C:\Windows\system32\WMPhoto.dll
2015-03-11 00:49 - 2015-01-28 18:35 - 00975360 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecs.dll
2015-03-11 00:48 - 2015-02-25 17:18 - 02064384 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2015-03-11 00:35 - 2015-02-19 19:03 - 00034304 _____ (Adobe Systems) C:\Windows\system32\atmlib.dll
2015-03-11 00:35 - 2015-02-19 17:28 - 00296960 _____ (Adobe Systems Incorporated) C:\Windows\system32\atmfd.dll
2015-03-11 00:34 - 2015-02-25 19:01 - 03604408 _____ (Microsoft Corporation) C:\Windows\system32\ntkrnlpa.exe
2015-03-11 00:34 - 2015-02-25 19:01 - 03552184 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2015-03-11 00:34 - 2015-01-20 19:02 - 00807936 _____ (Microsoft Corporation) C:\Windows\system32\msctf.dll
2015-03-11 00:34 - 2015-01-08 19:04 - 00049152 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll
2015-03-11 00:34 - 2015-01-08 17:18 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\smss.exe
2015-03-11 00:33 - 2015-03-05 21:01 - 00279040 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2015-03-11 00:33 - 2014-10-12 18:12 - 02264064 _____ (Microsoft Corporation) C:\Windows\system32\msi.dll
2015-03-11 00:32 - 2015-02-17 19:02 - 11587584 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll
2015-03-11 00:29 - 2015-02-21 10:37 - 12375040 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2015-03-11 00:29 - 2015-02-21 10:34 - 00367104 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2015-03-11 00:29 - 2015-02-21 10:29 - 09747968 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2015-03-11 00:29 - 2015-02-21 10:28 - 01810944 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2015-03-11 00:29 - 2015-02-21 10:22 - 01139200 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2015-03-11 00:29 - 2015-02-21 10:21 - 01427968 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2015-03-11 00:29 - 2015-02-21 10:21 - 01129472 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2015-03-11 00:29 - 2015-02-21 10:20 - 00231936 _____ (Microsoft Corporation) C:\Windows\system32\url.dll
2015-03-11 00:29 - 2015-02-21 10:20 - 00065536 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2015-03-11 00:29 - 2015-02-21 10:19 - 01803264 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2015-03-11 00:29 - 2015-02-21 10:19 - 00717824 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2015-03-11 00:29 - 2015-02-21 10:19 - 00607744 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2015-03-11 00:29 - 2015-02-21 10:19 - 00421376 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2015-03-11 00:29 - 2015-02-21 10:19 - 00142848 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2015-03-11 00:29 - 2015-02-21 10:18 - 02382848 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2015-03-11 00:29 - 2015-02-21 10:18 - 00353792 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2015-03-11 00:29 - 2015-02-21 10:18 - 00223232 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2015-03-11 00:29 - 2015-02-21 10:18 - 00073216 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2015-03-11 00:29 - 2015-02-21 10:18 - 00041472 _____ (Microsoft Corporation) C:\Windows\system32\msfeedsbs.dll
2015-03-11 00:29 - 2015-02-21 10:18 - 00011776 _____ (Microsoft Corporation) C:\Windows\system32\mshta.exe
2015-03-11 00:29 - 2015-02-21 10:18 - 00010752 _____ (Microsoft Corporation) C:\Windows\system32\msfeedssync.exe
2015-03-11 00:29 - 2015-02-21 10:17 - 00176640 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2015-03-10 21:35 - 2015-03-10 21:35 - 00174705 _____ () C:\Users\daustin\Documents\furniture mirror.skp
2015-03-09 22:18 - 2015-03-09 22:18 - 00001456 _____ () C:\Users\daustin\AppData\Local\Adobe Save for Web 12.0 Prefs
2015-03-09 21:25 - 2015-03-09 21:25 - 00402919 _____ () C:\Users\daustin\Documents\Wall Mirror Test.skb
2015-03-08 16:31 - 2015-03-08 16:31 - 00025686 _____ () C:\Users\daustin\Desktop\eStmt_2014-03-21.xlsx
2015-03-07 22:29 - 2015-03-07 22:29 - 00025508 _____ () C:\Users\daustin\Documents\statement042014_checksheet.xlsx
2015-03-07 19:48 - 2015-03-07 19:56 - 00000000 ____D () C:\Users\daustin\Documents\Jim Robinson
2015-03-07 14:49 - 2015-03-07 14:49 - 00000000 ____D () C:\Users\daustin\Documents\2214 Escrow
2015-03-07 00:21 - 2015-03-07 18:45 - 00019753 _____ () C:\Users\daustin\Documents\stmt03052015.xlsx
2015-03-07 00:20 - 2015-03-07 00:20 - 00019510 _____ () C:\Users\daustin\Documents\stmt03052015.csv
 
==================== One Month Modified Files and Folders =======
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2015-04-06 17:58 - 2014-07-20 20:08 - 00000882 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-04-06 17:58 - 2006-11-02 06:01 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-04-06 17:58 - 2006-11-02 05:47 - 00005072 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
2015-04-06 17:58 - 2006-11-02 05:47 - 00005072 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
2015-04-06 17:43 - 2014-07-20 11:08 - 01893195 _____ () C:\Windows\WindowsUpdate.log
2015-04-06 17:43 - 2006-11-02 06:01 - 00032582 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2015-04-06 17:35 - 2014-11-14 14:25 - 00000886 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA1d00051784acd07.job
2015-04-06 17:30 - 2014-07-20 20:08 - 00000886 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-04-06 17:22 - 2014-07-21 23:49 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-04-06 16:27 - 2014-07-21 01:03 - 00000000 ____D () C:\ProgramData\Temp
2015-04-05 10:04 - 2014-08-23 02:50 - 00000000 ____D () C:\Users\daustin\AppData\Local\CrashDumps
2015-04-05 02:19 - 2014-07-22 10:40 - 00000000 ____D () C:\Users\daustin\AppData\Local\Google
2015-04-04 19:40 - 2006-11-02 03:23 - 00000224 _____ () C:\Windows\win.ini
2015-04-03 23:14 - 2015-02-08 16:09 - 00000000 ____D () C:\Users\daustin\AppData\Local\Deployment
2015-04-02 21:18 - 2014-07-22 01:22 - 00000000 ____D () C:\Program Files\McAfee
2015-04-02 18:34 - 2014-07-24 21:50 - 00001984 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2015-04-02 18:04 - 2015-02-08 16:10 - 00000938 _____ () C:\ProgramData\Microsoft.SqlServer.Compact.351.32.bc
2015-04-02 18:04 - 2006-11-02 03:33 - 00758370 _____ () C:\Windows\system32\PerfStringBackup.INI
2015-04-01 20:55 - 2014-08-01 08:09 - 00000000 ____D () C:\Users\daustin\AppData\Local\Apps\2.0
2015-04-01 20:55 - 2006-11-02 04:18 - 00000000 __RHD () C:\Users\Default
2015-04-01 20:55 - 2006-11-02 04:18 - 00000000 ___RD () C:\Users\Public
2015-04-01 20:50 - 2006-11-02 03:23 - 00000215 _____ () C:\Windows\system.ini
2015-04-01 20:10 - 2014-07-27 00:43 - 00000000 ____D () C:\Users\daustin\AppData\Roaming\Propellerhead Software
2015-04-01 07:24 - 2014-07-22 00:08 - 00114904 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-03-31 21:51 - 2014-07-28 20:14 - 00000132 _____ () C:\Users\daustin\AppData\Roaming\Adobe PNG Format CS5 Prefs
2015-03-31 21:16 - 2014-08-19 11:02 - 00000000 ____D () C:\Users\daustin\Documents\Nero
2015-03-31 19:54 - 2014-07-21 18:47 - 00000000 ____D () C:\Program Files\Mozilla Maintenance Service
2015-03-31 13:36 - 2014-07-22 10:48 - 00086016 _____ () C:\Users\daustin\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2015-03-31 13:14 - 2014-07-22 11:17 - 00000000 ____D () C:\Users\daustin\AppData\Roaming\uTorrent
2015-03-30 17:41 - 2014-09-17 17:51 - 00000000 ____D () C:\ProgramData\Spybot - Search & Destroy
2015-03-26 22:01 - 2015-01-02 20:31 - 00000000 ____D () C:\Users\daustin\Desktop\Stucco 3 Shader Map
2015-03-22 00:44 - 2015-03-03 22:53 - 06029364 _____ () C:\Users\daustin\Documents\Nothing But The Funk.record
2015-03-18 01:11 - 2014-08-26 17:15 - 00000000 ____D () C:\Users\daustin\AppData\Local\Nero
2015-03-16 21:52 - 2014-07-26 22:46 - 00000000 ____D () C:\Program Files\Common Files\Adobe AIR
2015-03-16 20:27 - 2014-10-07 12:50 - 00000000 ____D () C:\Users\daustin\Documents\DesignCAD 3D MAX 19
2015-03-16 14:15 - 2014-09-16 22:10 - 00000000 ____D () C:\ProgramData\Oracle
2015-03-16 14:13 - 2014-09-16 22:09 - 00096680 _____ (Oracle Corporation) C:\Windows\system32\WindowsAccessBridge.dll
2015-03-16 14:13 - 2014-07-20 13:13 - 00000000 ____D () C:\Program Files\Common Files\Java
2015-03-16 14:12 - 2014-07-20 13:13 - 00000000 ____D () C:\Program Files\Java
2015-03-16 12:49 - 2014-08-13 19:47 - 00000000 ____D () C:\Users\daustin\AppData\Local\Adobe
2015-03-16 12:49 - 2014-07-21 23:49 - 00778928 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe
2015-03-16 12:49 - 2014-07-21 23:49 - 00142512 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl
2015-03-15 00:47 - 2014-10-21 17:22 - 00000000 ____D () C:\Users\daustin\AppData\Roaming\Mp3tag
2015-03-14 22:55 - 2014-09-27 19:35 - 00165030 _____ () C:\Users\daustin\Documents\Untitled.skp
2015-03-11 00:57 - 2006-11-02 05:47 - 03720296 _____ () C:\Windows\system32\FNTCACHE.DAT
2015-03-11 00:50 - 2014-07-22 22:06 - 00000000 ____D () C:\ProgramData\Microsoft Help
2015-03-11 00:48 - 2014-07-20 22:04 - 00000000 ____D () C:\Windows\system32\MRT
2015-03-11 00:36 - 2006-11-02 03:24 - 119837696 _____ (Microsoft Corporation) C:\Windows\system32\mrt.exe
2015-03-10 21:26 - 2015-02-25 22:10 - 00000000 ____D () C:\Users\daustin\Documents\Wells Fargo
2015-03-09 21:28 - 2015-03-05 21:32 - 00401578 _____ () C:\Users\daustin\Documents\Wall Mirror Test.skp
2015-03-09 16:09 - 2015-01-27 19:32 - 36962356 _____ () C:\Users\daustin\Documents\Soul Music 01272015.record
2015-03-07 00:19 - 2015-03-06 23:18 - 00012986 _____ () C:\Users\daustin\Documents\Profit_Loss_2015.xlsx
 
==================== Files in the root of some directories =======
 
2013-01-19 00:44 - 2013-01-19 00:44 - 2174976 _____ (Advanced Micro Devices Inc.) C:\Program Files\Common Files\atimpenc.dll
2015-01-27 01:00 - 2015-01-27 01:00 - 0000132 _____ () C:\Users\daustin\AppData\Roaming\Adobe BMP Format CS5 Prefs
2014-12-20 16:34 - 2014-12-20 16:36 - 0000132 _____ () C:\Users\daustin\AppData\Roaming\Adobe GIF Format CS5 Prefs
2014-07-28 20:14 - 2015-03-31 21:51 - 0000132 _____ () C:\Users\daustin\AppData\Roaming\Adobe PNG Format CS5 Prefs
2014-08-01 09:23 - 2015-02-03 01:33 - 0000151 _____ () C:\Users\daustin\AppData\Roaming\default.pls
2014-09-27 14:57 - 2015-02-12 00:00 - 0000016 _____ () C:\Users\daustin\AppData\Roaming\msregsvv.dll
2014-11-07 23:25 - 2014-11-07 23:25 - 0007887 _____ () C:\Users\daustin\AppData\Roaming\pcouffin.cat
2014-11-07 23:25 - 2014-11-07 23:25 - 0001144 _____ () C:\Users\daustin\AppData\Roaming\pcouffin.inf
2014-11-07 23:27 - 2014-11-07 23:27 - 0000034 _____ () C:\Users\daustin\AppData\Roaming\pcouffin.log
2014-11-07 23:25 - 2014-11-07 23:25 - 0047360 _____ (VSO Software) C:\Users\daustin\AppData\Roaming\pcouffin.sys
2015-03-09 22:18 - 2015-03-09 22:18 - 0001456 _____ () C:\Users\daustin\AppData\Local\Adobe Save for Web 12.0 Prefs
2015-04-06 00:43 - 2015-04-06 00:43 - 0000000 _____ () C:\Users\daustin\AppData\Local\ars.cache
2015-04-06 00:43 - 2015-04-06 00:43 - 1489009 _____ () C:\Users\daustin\AppData\Local\census.cache
2014-10-17 20:40 - 2015-01-12 15:41 - 0001356 _____ () C:\Users\daustin\AppData\Local\d3d9caps.dat
2014-07-22 10:48 - 2015-03-31 13:36 - 0086016 _____ () C:\Users\daustin\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2015-04-05 02:19 - 2015-04-05 02:19 - 0000036 _____ () C:\Users\daustin\AppData\Local\housecall.guid.cache
2015-04-05 02:31 - 2015-04-05 02:31 - 0000010 _____ () C:\Users\daustin\AppData\Local\sponge.last.runtime.cache
2014-09-27 14:57 - 2015-02-12 00:00 - 0000016 _____ () C:\ProgramData\autobk.inc
2014-07-21 10:49 - 2014-07-21 11:48 - 0000191 _____ () C:\ProgramData\hpzinstall.log
2015-02-08 16:10 - 2015-04-02 18:04 - 0000938 _____ () C:\ProgramData\Microsoft.SqlServer.Compact.351.32.bc
 
Some content of TEMP:
====================
C:\Users\daustin\AppData\Local\temp\Quarantine.exe
C:\Users\daustin\AppData\Local\temp\sqlite3.dll
 
 
==================== Bamital & volsnap Check =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed
 
 
LastRegBack: 2015-04-06 06:27
 
==================== End Of Log ============================


#4 fireman4it

fireman4it

    Bleepin' Fireman


  • Malware Response Team
  • 13,505 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Greenup, Ill USA
  • Local time:08:20 AM

Posted 07 April 2015 - 09:34 AM

Can you please post the Addition.txt that was made when you ran it the first time. If you no longer have it please delete FRST and download a fresh copy and run it.


" Extinguishing Malware from the world"

The Virus, Trojan, Spyware, and Malware Removal forum is very busy. If I'm helping you and I've not posted back within 24 hrs., send a PM with your topic link. Thank you.

ALL OTHER HELP REQUESTS VIA THE PM SYSTEM WILL BE IGNORED. The Forums are there for a reason!
Thanks-


  userbar_eis_500.gif

If I have helped you, consider making a donation to help me continue the fight against Malware! Just click btn_donate_LG.gif


#5 fastback

fastback
  • Topic Starter

  • Members
  • 41 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:06:20 AM

Posted 07 April 2015 - 02:35 PM

This is the additional text ran a few days ago on 04/01/2015

 

 

Additional scan result of Farbar Recovery Scan Tool (x86) Version: 11-03-2015
Ran by daustin at 2015-04-01 19:35:58
Running from C:\Users\daustin\Downloads
Boot Mode: Normal
==========================================================
 
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
AV: McAfee Anti-Virus and Anti-Spyware (Disabled - Up to date) {DA9F8ED0-D0DE-39CC-F55A-51AB4CC1B556}
AS: McAfee Anti-Virus and Anti-Spyware (Disabled - Up to date) {61FE6F34-F6E4-3642-CFEA-6AD93746FFEB}
FW: McAfee Firewall (Enabled) {E2A40FF5-9AB1-3894-DE05-F89EB212F22D}
 
==================== Installed Programs ======================
 
(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
µTorrent (HKU\S-1-5-21-908084168-186713400-116910121-1003\...\uTorrent) (Version: 3.4.2.38656 - BitTorrent Inc.)
Adobe Acrobat XI Pro (HKLM\...\{AC76BA86-1033-FFFF-7760-000000000006}) (Version: 11.0.06 - Adobe Systems)
Adobe AIR (HKLM\...\Adobe AIR) (Version: 17.0.0.124 - Adobe Systems Incorporated)
Adobe Dreamweaver CS6 (HKLM\...\{A4ED5E53-7AA0-11E1-BF04-B2D4D4A5360E}) (Version: 12 - Adobe Systems Incorporated)
Adobe Flash Player 16 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 16.0.0.296 - Adobe Systems Incorporated)
Adobe Flash Player 17 NPAPI (HKLM\...\Adobe Flash Player NPAPI) (Version: 17.0.0.134 - Adobe Systems Incorporated)
Adobe Help Manager (HKLM\...\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1) (Version: 4.0.244 - Adobe Systems Incorporated)
Adobe Illustrator CS5 (HKLM\...\{9B97EC91-B3FD-4BFF-88FC-5345A26AC2E7}) (Version: 15.0 - Adobe Systems Incorporated)
Adobe Media Player (HKLM\...\com.adobe.amp.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1) (Version: 1.8 - Adobe Systems Incorporated)
Adobe Photoshop CS5 (HKLM\...\{15FEDA5F-141C-4127-8D7E-B962D1742728}) (Version: 12.0 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.10) (HKLM\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.10 - Adobe Systems Incorporated)
Adobe Widget Browser (HKLM\...\com.adobe.WidgetBrowser) (Version: 2.0 Build 348 - Adobe Systems Incorporated.)
Aiseesoft iPhone Transfer 6.2.8 (HKLM\...\{ED0F3D85-995D-4605-88C5-226644C25DF1}_is1) (Version:  - )
Apple Application Support (HKLM\...\{78002155-F025-4070-85B3-7C0453561701}) (Version: 3.0.6 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{C0CC75CD-F5B7-46AD-B016-17C0F5171718}) (Version: 8.0.0.23 - Apple Inc.)
Apple Software Update (HKLM\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
ArcSoft TotalMedia Extreme (HKLM\...\{2E627CB1-3B50-417D-AD5E-0BD6634F2272}) (Version: 3.0.6.0 - ArcSoft)
Audials (HKLM\...\{CA48D0B4-6323-4B8F-8CDA-036E407BB0DD}) (Version: 10.3.34300.0 - Audials AG)
Authorizer 1.0.3 (HKLM\...\Authorizer_is1) (Version: 1.0.3 - Propellerhead Software AB)
Authorizer Ignition Key Support (Version: 1.0.1.0 - Propellerhead Software AB) Hidden
Bejeweled 2 Deluxe (HKLM\...\WT022707) (Version: WT022707 - WildTangent)
BigFix (HKLM\...\{34FF0741-EC67-4C05-AC2A-6D257123DF2E}) (Version: 2.1.1.03 - BigFix)
Blackhawk Striker 2 (HKLM\...\WT022755) (Version: WT022755 - WildTangent)
Bonjour (HKLM\...\{79155F2B-9895-49D7-8612-D92580E0DE5B}) (Version: 3.0.0.10 - Apple Inc.)
Browser Address Error Redirector (HKLM\...\{3EE33958-7381-4E7B-A4F3-6E43098E9E9C}) (Version:  - )
Camtasia Studio 8 (HKLM\...\{B9691991-64D3-435B-8A83-69CC21016936}) (Version: 8.4.0.1699 - TechSmith Corporation)
Canon Auto Update Service (HKLM\...\Auto Update Service) (Version: 1.1.2.18 - Canon Inc.)
Canon Camera Access Library (HKLM\...\CAL) (Version: 8.2.0.1 - )
Canon Camera Window DC_DV 6 for ZoomBrowser EX (HKLM\...\CameraWindowDVC6) (Version: 6.3.0.11 - )
Canon G.726 WMP-Decoder (HKLM\...\Canon G.726 WMP-Decoder) (Version: 1.0.1.3 - )
Canon MOV Decoder (HKLM\...\Canon MOV Decoder) (Version: 1.9.0.8 - Canon Inc.)
Canon MOV Encoder (HKLM\...\Canon MOV Encoder) (Version: 1.8.0.1 - Canon Inc.)
Canon MovieEdit Task for ZoomBrowser EX (HKLM\...\MovieEditTask) (Version: 3.9.0.6 - Canon Inc.)
Canon RAW Image Task for ZoomBrowser EX (HKLM\...\RAW Image Task) (Version: 2.4.0.7 - )
Canon RemoteCapture Task for ZoomBrowser EX (HKLM\...\RemoteCaptureTask) (Version: 1.6.0.9 - )
Canon Utilities EOS Utility (HKLM\...\EOS Utility) (Version: 1.0.4.18 - )
Canon Utilities EOS Video Snapshot Task for ZoomBrowser EX (HKLM\...\EOS Video Snapshot Task) (Version: 1.0.0.10 - Canon Inc.)
Canon Utilities PhotoStitch (HKLM\...\PhotoStitch) (Version: 3.1.18.42 - )
Canon Utilities ZoomBrowser EX (HKLM\...\ZoomBrowser EX) (Version: 6.9.0.1 - Canon Inc.)
Canon ZoomBrowser EX Memory Card Utility (HKLM\...\ZoomBrowser EX Memory Card Utility) (Version: 1.6.0.15 - Canon Inc.)
CCleaner (HKLM\...\CCleaner) (Version: 4.07 - Piriform)
Custom Shop version 1.5.0 (HKLM\...\{21BAD046-50EC-49E2-BE7B-F9729704F2C3}_is1) (Version: 1.5.0 - IK Multimedia)
CutePDF Writer 3.0 (HKLM\...\CutePDF Writer Installation) (Version:  3.0 - Acro Software Inc.)
CyberLink BD Advisor 2.0 (HKLM\...\{2D2D8FE2-605C-4D3C-B706-36E981E7EEF0}) (Version:  - )
CyberLink Blu-ray Disc Suite (HKLM\...\InstallShield_{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}) (Version: 6.0.2201 - CyberLink Corp.)
CyberLink Director Suite 2 (HKLM\...\InstallShield_{A30E37E0-F17E-4488-B0DB-6863BDA521F0}) (Version: 2.0 - CyberLink Corp.)
CyberLink LabelPrint (HKLM\...\{C59C179C-668D-49A9-B6EA-0121CCFC1243}) (Version: 2.0.3301 - CyberLink Corp.)
CyberLink MediaShow (HKLM\...\InstallShield_{80E158EA-7181-40FE-A701-301CE6BE64AB}) (Version: 4.1.2124 - CyberLink Corp.)
CyberLink Power2Go 9 (HKLM\...\InstallShield_{57D68FAE-CB5E-4fd6-AE3B-A0B43375AF18}) (Version: 9.0.0809.0 - CyberLink Corp.)
CyberLink PowerBackup (HKLM\...\{ADD5DB49-72CF-11D8-9D75-000129760D75}) (Version: 2.5.4511 - CyberLink Corp.)
CyberLink PowerDVD (HKLM\...\{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}) (Version: 7.3.4617.0 - CyberLink Corp.)
CyberLink PowerProducer (HKLM\...\InstallShield_{B7A0CE06-068E-11D6-97FD-0050BACBF861}) (Version: 5.0819 - CyberLink Corp.)
CyberLink WaveEditor 2 (HKLM\...\InstallShield_{324F76CC-D8DD-4D87-B77D-D4AF5E1AA7B3}) (Version: 2.0.0.4203 - CyberLink Corp.)
DesignCAD 3D Max 19 (HKLM\...\{B2B06452-8AA5-4938-8D3D-BC5D19352217}) (Version: 19.1 - IMSIDesign)
Digital Media Reader (HKLM\...\InstallShield_{BE2CC4A5-2128-4EA2-941D-14F7A6A1AB61}) (Version: 2.01.03.01 - AlcorMicro)
Digital Media Reader (Version: 2.01.03.01 - AlcorMicro) Hidden
Diner Dash (HKLM\...\WT023134) (Version: WT023134 - WildTangent)
Diskeeper 2011 Home (HKLM\...\{C437FB48-53B0-4F61-994F-D287D74439EA}) (Version: 15.0.968.32 - Diskeeper Corporation)
DivX Setup (HKLM\...\DivX Setup) (Version: 2.6.3.52 - DivX, LLC)
DriverMax 7 (HKLM\...\DMX5_is1) (Version: 7.53.0.1091 - Innovative Solutions)
Dropbox (HKU\S-1-5-21-908084168-186713400-116910121-1003\...\Dropbox) (Version: 3.2.6 - Dropbox, Inc.)
EaseUS Data Recovery Wizard 7.0 (HKLM\...\EaseUS Data Recovery Wizard 7.0_is1) (Version:  - EaseUS)
ESET Online Scanner v3 (HKLM\...\ESET Online Scanner) (Version:  - )
EVGA PrecisionX 16 (HKLM\...\{DD747735-7FA7-4F0F-903A-271D0DCE7240}) (Version: 5.2.7 - EVGA Corporation)
Family Feud 2 (HKLM\...\WT023296) (Version: WT023296 - WildTangent)
FATE (HKLM\...\WT023314) (Version: WT023314 - WildTangent)
Gateway Connect (HKLM\...\{EE5EEDAF-F932-462B-A2CB-EEBDF819D5F5}) (Version: 1.1.0 - Acceller)
Gateway Game Console (HKLM\...\Gateway Game Console) (Version:  - WildTangent)
Gateway Recovery Center Installer (HKLM\...\{7F3BCF8A-8E02-4659-AF25-F9AB66BD6718}) (Version: 1.01.031 - Gateway)
Google Chrome (HKLM\...\Google Chrome) (Version: 41.0.2272.101 - Google Inc.)
Google Desktop (HKLM\...\Google Desktop) (Version: - - Google)
Google Earth (HKLM\...\{A2264E8F-1649-11E3-8BED-B8AC6F98CCE3}) (Version: 7.1.2.2019 - Google)
Google Toolbar for Internet Explorer (HKLM\...\{2318C2B1-4965-11d4-9B18-009027A5CD4F}) (Version: 7.5.6227.252 - Google Inc.)
Google Toolbar for Internet Explorer (Version: 1.0.0 - Google Inc.) Hidden
Google Update Helper (Version: 1.3.25.11 - Google Inc.) Hidden
Google Update Helper (Version: 1.3.26.9 - Google Inc.) Hidden
HostsMan 4.3.99 (HKLM\...\{1A3DD1A9-7B7B-4ECA-AD2F-98466F49F62C}_is1) (Version: 4.3.99.0 - abelhadigital.com)
HP Memories Disc (HKLM\...\{B376402D-58EA-45EA-BD50-DD924EB67A70}) (Version: 1.0.4.805 - Hewlett-Packard Company)
IK Multimedia Authorization Manager version 1.0.11 (HKLM\...\{85BC0DCB-69E5-4279-AA25-F108EF896588}_is1) (Version: 1.0.11 - IK Multimedia)
ImTOO iPod Computer Transfer (HKLM\...\ImTOO iPod Computer Transfer) (Version: 5.2.0.20120302 - ImTOO)
Intel® Desktop Utilities (HKLM\...\InstallShield_{3DCA6119-DBCF-4AB4-808C-C5214C50D2F6}) (Version: 3.0.15 - Intel® Corporation)
Intel® Graphics Media Accelerator Driver (HKLM\...\HDMI) (Version:  - )
Intel® Management Engine Interface (HKLM\...\HECI) (Version:  - Intel Corporation)
Intel® PRO Network Connections Drivers (HKLM\...\PROSet) (Version:  - )
Intel® Viiv™ Software (HKLM\...\Intel® Configuration Center) (Version: 1.6.429.0 - Intel Corporation)
Intel® Driver Update Utility (HKLM\...\{8409c4f7-2340-4933-a304-5d37db4fb48b}) (Version: 2.0.0.29 - Intel)
iTunes (HKLM\...\{F32DC846-4457-40A8-BECA-BCC0E960BC53}) (Version: 11.4.0.18 - Apple Inc.)
Java 7 Update 67 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F03217067FF}) (Version: 7.0.670 - Oracle)
Java 8 Update 25 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F83218025F0}) (Version: 8.0.250 - Oracle Corporation)
Java 8 Update 40 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F83218040F0}) (Version: 8.0.400 - Oracle Corporation)
Java SE Development Kit 8 Update 25 (HKLM\...\{32A3A4F4-B792-11D6-A78A-00B0D0180250}) (Version: 8.0.250.18 - Oracle Corporation)
Java™ SE Runtime Environment 6 Update 1 (HKLM\...\{3248F0A8-6813-11D6-A77B-00B0D0160010}) (Version: 1.6.0.10 - Sun Microsystems, Inc.)
KWorld PCI ATSC Driver (HKLM\...\ATSCCNXT) (Version:  - )
LightScribe System Software (HKLM\...\{F132000C-1CBA-458F-BF2F-FD43D59410F9}) (Version: 1.18.27.10 - LightScribe)
LightScribe Template Labeler (HKLM\...\{8A03241E-7A3C-401D-B0CE-B3096F50AE6F}) (Version: 1.18.27.10 - LightScribe)
Magic DVD Copier Version 4.9.2 (HKLM\...\Magic DVD Copier_is1) (Version:  - Magic DVD Software, Inc.)
Magic DVD Ripper V5.4 (HKLM\...\Magic DVD Ripper_is1) (Version:  - Magic DVD Software, Inc.)
Magic ISO Maker v5.5 (build 0272) (HKLM\...\Magic ISO Maker v5.5 (build 0272)) (Version:  - )
Malwarebytes Anti-Malware version 2.0.4.1028 (HKLM\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.4.1028 - Malwarebytes Corporation)
M-Audio Oxygen DirectLink for Reason 1.1.0 (x86) (HKLM\...\{6E25D0BD-FD46-4113-82C8-4357642EB726}) (Version: 1.1.0 - M-Audio)
McAfee Security Scan Plus (HKLM\...\McAfee Security Scan) (Version: 3.8.150.1 - McAfee, Inc.)
McAfee SecurityCenter (HKLM\...\MSC) (Version: 13.6.1529 - McAfee, Inc.)
McAfee SiteAdvisor (HKLM\...\{35ED3F83-4BDC-4c44-8EC6-6A8301C7413A}) (Version: 3.7.194 - McAfee, Inc.)
Microsoft .NET Framework 3.5 SP1 (HKLM\...\Microsoft .NET Framework 3.5 SP1) (Version:  - Microsoft Corporation)
Microsoft .NET Framework 4.5.2 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.51209 - Microsoft Corporation)
Microsoft ASP.NET MVC 4 Runtime (HKLM\...\{3FE312D5-B862-40CE-8E4E-A6D8ABF62736}) (Version: 4.0.40804.0 - Microsoft Corporation)
Microsoft Money Essentials (HKLM\...\Money2007b) (Version: 16 - Microsoft)
Microsoft Office 2007 Primary Interop Assemblies (HKLM\...\{50120000-1105-0000-0000-0000000FF1CE}) (Version: 12.0.4518.1014 - Microsoft Corporation)
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM\...\{90120000-0011-0000-0000-0000000FF1CE}_PROPLUS_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version:  - Microsoft)
Microsoft Office File Validation Add-In (HKLM\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
Microsoft Office Professional Plus 2007 (HKLM\...\PROPLUS) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{A49F249F-0C91-497F-86DF-B2585E8E76B7}) (Version: 8.0.50727.42 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4048 (HKLM\...\{5B1F2843-B379-3FF2-B0D3-64DD143ED53A}) (Version: 9.0.30729.4048 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual Studio 2005 Tools for Office Runtime (HKLM\...\Microsoft Visual Studio 2005 Tools for Office Runtime) (Version:  - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x86) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x86)) (Version: 10.0.50903 - Microsoft Corporation)
Microsoft Works (HKLM\...\{6D52C408-B09A-4520-9B18-475B81D393F1}) (Version: 08.05.0818 - Microsoft Corporation)
Microsoft WSE 2.0 SP3 Runtime (HKLM\...\{F3CA9611-CD42-4562-ADAB-A554CF8E17F1}) (Version: 2.0.5050.0 - Microsoft Corp.)
MiniTool Power Data Recovery (HKLM\...\MiniTool Power Data Recovery_is1) (Version:  - MiniTool Solution Ltd.)
MozBackup 1.5.1 (HKLM\...\MozBackup) (Version:  - Pavel Cvrcek)
Mozilla Firefox 37.0 (x86 en-US) (HKLM\...\Mozilla Firefox 37.0 (x86 en-US)) (Version: 37.0 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 34.0.5 - Mozilla)
Mp3tag v2.66 (HKLM\...\Mp3tag) (Version: v2.66 - Florian Heidenreich)
MSXML 4.0 SP2 (KB954430) (HKLM\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
Napster (HKLM\...\{BBBCAE4B-B416-4182-A6F2-438180894A81}) (Version: 3.7.3.3 - Napster)
Napster Burn Engine (Version: 3.5.0000 - Roxio) Hidden
Nero 2015 (HKLM\...\{763EF8DC-4CC0-47CA-BE1C-BDE731462250}) (Version: 16.0.02900 - Nero AG)
Nero Info (HKLM\...\{B791E0AB-87A9-41A4-8D98-D13C2E37D928}) (Version: 16.0.1003 - Nero AG)
NewBlue Video Essentials for PowerDirector (HKLM\...\NewBlue Video Essentials for Cyberlink) (Version: 3.0 - NewBlue)
Nuance PaperPort 14 (HKLM\...\{7884A50C-47D3-4F51-B187-CD6DE873B2F0}) (Version: 14.0.0000 - Nuance Communications, Inc.)
Nuance PDF Create 7 (HKLM\...\{9F66A3CC-F4D6-4808-9391-4B5D06A26C61}) (Version: 7.10.2332 - Nuance Communications, Inc.)
Nuance PDF Viewer Plus (HKLM\...\{042A6F10-F770-4886-A502-B795DCF2D3B5}) (Version: 7.10.3211 - Nuance Communications, Inc.)
NVIDIA 3D Vision Controller Driver 347.09 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB) (Version: 347.09 - NVIDIA Corporation)
NVIDIA GeForce Experience 2.1.5 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 2.1.5 - NVIDIA Corporation)
NVIDIA Graphics Driver 347.09 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 347.09 - NVIDIA Corporation)
NVIDIA HD Audio Driver 1.3.33.0 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.33.0 - NVIDIA Corporation)
NVIDIA PhysX System Software 9.14.0702 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.14.0702 - NVIDIA Corporation)
PaperPort Anywhere 1.1.4241.14593 powered by OfficeDrop (HKLM\...\{52357C6C-FE7F-4E8C-B045-EDE5146A1F9C}) (Version: 1.1.4241.14593 - OfficeDrop)
PaperPort Image Printer (HKLM\...\{6EF2FDAB-7FBF-4AB9-92CD-594BDDB6A56B}) (Version: 14.00.0000 - Nuance Communications, Inc.)
Paragon Hard Disk Manager™ 14 Professional (HKLM\...\{1E104AF0-EA49-11DE-AC07-005056C00008}) (Version: 90.00.0003 - Paragon Software)
PDF Settings CS5 (Version: 10.0 - Adobe Systems Incorporated) Hidden
Penguins! (HKLM\...\WT023902) (Version: WT023902 - WildTangent)
Perfect Mask 5.2.3 (HKLM\...\{2DFAC810-6DD8-4E23-96A4-BEB118408203}) (Version: 5.2.3 - onOne Software)
PerfectDisk Professional Business (HKLM\...\{682B22AB-EAAA-4B1C-83AF-B26E7D4ED01E}) (Version: 13.0.783 - Raxco Software Inc.)
Playlist Creator 3.6.2 (HKLM\...\Playlist Creator 3.6.2) (Version: 3.6.2.0 - oddgravity)
Polar Bowler (HKLM\...\WT023950) (Version: WT023950 - WildTangent)
Polar Golfer (HKLM\...\WT023956) (Version: WT023956 - WildTangent)
Power2Go 5.0 (HKLM\...\{40BF1E83-20EB-11D8-97C5-0009C5020658}) (Version:  - )
Prerequisite installer (Version: 16.0.0000 - Nero AG) Hidden
QuickBooks (Version: 23.0.4001.2305 - Intuit Inc.) Hidden
QuickBooks Pro 2013 (HKLM\...\{3C631966-387E-4054-85D9-BBFFABE32BD8}) (Version: 23.0.4001.2305 - Intuit Inc.)
QuickTime 7 (HKLM\...\{3D2CBC2C-65D4-4463-87AB-BB2C859C1F3E}) (Version: 7.76.80.95 - Apple Inc.)
REAPER (HKLM\...\REAPER) (Version:  - )
Reason 5.0.1 (HKLM\...\Reason5_is1) (Version: 5.0.1 - Propellerhead Software AB)
Record 1.5.1 (HKLM\...\Record1.5_is1) (Version: 1.5.1 - Propellerhead Software AB)
Record Ignition Key Support (Version: 1.0.1.0 - Propellerhead Software AB) Hidden
ReCycle 2.2.3 (HKLM\...\ReCycle2.2_32_is1) (Version: 2.2.3 - Propellerhead Software AB)
ReFill Packer 4.1.1 (HKLM\...\ReFillPacker5_is1) (Version: 4.1.1 - Propellerhead Software AB)
Registry Mechanic 10.0 (HKLM\...\Registry Mechanic_is1) (Version: 10.0 - PC Tools)
Rhapsody (HKU\S-1-5-21-908084168-186713400-116910121-1003\...\8aa854a199af1b36) (Version: 6.10.6.0 - Rhapsody International Inc.)
R-Studio 5.1 (HKLM\...\R-Studio 5.1NSIS) (Version: 5.1.130016 - R-Tools Technology Inc.)
RT 7 Lite (32-Bit) (HKU\S-1-5-21-908084168-186713400-116910121-1003\...\RT 7 Lite x86) (Version: 1.7.0 - Rockers Team)
RT 7 Lite x86 (Version: 1.7.0 - Rockers Team) Hidden
Scansoft PDF Create (Version:  - ) Hidden
ShaderMap 2.0.7 (HKLM\...\ShaderMap™ 2_is1) (Version:  - Rendering Systems Inc.)
SHIELD Wireless Controller Driver (Version: 16.18.9 - NVIDIA Corporation) Hidden
SigmaTel Audio (HKLM\...\{A462213D-EED4-42C2-9A60-7BDD4D4B0B17}) (Version: 5.10.5003.0 - SigmaTel)
SketchUp 2013 (HKLM\...\{E74C0D09-8730-4714-8C6F-019FBF7F1B42}) (Version: 13.0.3689 - Trimble Navigation Limited)
Soft Data Fax Modem with SmartCP (HKLM\...\CNXT_MODEM_PCI_HSF) (Version:  - )
Spare Backup (HKLM\...\{A57C6094-FC5A-4DEC-B1E0-1B2F48EEE8F4}) (Version: 3.2 - Spare Backup, Inc)
Spybot - Search & Destroy (HKLM\...\{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1) (Version: 1.6.2 - Safer Networking Limited)
Stellar Phoenix Windows Data Recovery - Professional (HKLM\...\Stellar Phoenix Windows Data Recovery - Professional_is1) (Version: 5.0.0.0 - Stellar Information Systems Ltd)
SUPERAntiSpyware (HKLM\...\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}) (Version: 4.54.1000 - SUPERAntiSpyware.com)
System Requirements Lab for Intel (HKLM\...\{04C4B49D-45D9-4A28-9ED1-B45CBD99B8C7}) (Version: 4.5.24.0 - Husdawg, LLC)
T-RackS CS version 4.7.0 (HKLM\...\{E931EBCC-55F9-4D67-BA0E-D57C4A893A44}_is1) (Version: 4.7.0 - IK Multimedia)
Tradewinds (HKLM\...\WT024398) (Version: WT024398 - WildTangent)
TRENDnet USB Control Center Utility  (HKLM\...\{7D7F33FA-F9DB-41E8-B242-9D01145DE4BE}) (Version: 2.04 - TRENDnet, INC)
Tune Sweeper (HKLM\...\{361212C9-3B5A-4A63-A9FC-A082A93BBBAD}) (Version: 3.08 - Wide Angle Software)
TURBOFloorPlan3D Home & Landscape PRO (HKLM\...\InstallShield_{32D91AAF-5073-4A14-928A-A1289A3C7B98}) (Version: 16.0 - IMSIDesign)
Update for 2007 Microsoft Office System (KB967642) (HKLM\...\{90120000-0011-0000-0000-0000000FF1CE}_PROPLUS_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version:  - Microsoft)
US-122 MKII / US-144 MKII (HKLM\...\USB_AUDIO_DEusb-audio.deTascam) (Version:  - )
VC80CRTRedist - 8.0.50727.6195 (Version: 1.2.0 - DivX, Inc) Hidden
Virtual Villagers - A New Home (HKLM\...\WT023233) (Version: WT023233 - WildTangent)
Visioneer 8100 Scanner (HKLM\...\Visioneer 8100 Scanner) (Version:  - )
Visual Studio Tools for the Office system 3.0 Runtime (HKLM\...\Visual Studio Tools for the Office system 3.0 Runtime) (Version:  - Microsoft Corporation)
Visual Studio Tools for the Office system 3.0 Runtime Service Pack 1 (KB949258) (HKLM\...\{8FB53850-246A-3507-8ADE-0060093FFEA6}.KB949258) (Version: 1 - Microsoft Corporation)
vLite (HKLM\...\vLite_is1) (Version: 1.2 - Dino Nuhagic (nuhi))
V-Ray for SketchUp adv (HKLM\...\V-Ray for SketchUp adv 2.00.23490) (Version: 2.00.23490 - Chaos Software, Ltd)
Windows Automated Installation Kit (HKLM\...\{31E8F586-4EF7-4500-844D-BA8756474FF1}) (Version: 2.0.0.0 - Microsoft Corporation)
WinHex (HKLM\...\WinHex) (Version:  - )
WinRAR 5.01 (32-bit) (HKLM\...\WinRAR archiver) (Version: 5.01.0 - win.rar GmbH)
Xilisoft Video Converter Ultimate (HKLM\...\Xilisoft Video Converter Ultimate) (Version: 7.7.2.20130122 - Xilisoft)
 
==================== Custom CLSID (selected items): ==========================
 
(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)
 
CustomCLSID: HKU\S-1-5-21-908084168-186713400-116910121-1003_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Users\daustin\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-908084168-186713400-116910121-1003_Classes\CLSID\{05EC5C13-D255-4592-9CCB-98615172F0D6}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-908084168-186713400-116910121-1003_Classes\CLSID\{0ADF9C35-0D5E-4B75-88DD-B64868907E17}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-908084168-186713400-116910121-1003_Classes\CLSID\{0FCCF14A-321F-4583-A1ED-9EE7F39B5F7B}\localserver32 -> C:\Users\daustin\AppData\Local\Apps\2.0\0L5MXQ3X.950\CX5AYL2P.EN5\rhap..tion_d5fe5acc6e16c835_0006.000a_f4193d3a595330bc\RhapsodyDevices.exe (Rhapsody International Inc.)
CustomCLSID: HKU\S-1-5-21-908084168-186713400-116910121-1003_Classes\CLSID\{123FAF7F-3FB1-4B8F-AD18-0047401D436A}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-908084168-186713400-116910121-1003_Classes\CLSID\{1B3210AF-E236-46D4-83EF-6421F2FF543C}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBDTVIEW.OCx No File
CustomCLSID: HKU\S-1-5-21-908084168-186713400-116910121-1003_Classes\CLSID\{1E78DD72-771E-42BF-8B4B-363CEB18E07B}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBDTVIEW.OCx No File
CustomCLSID: HKU\S-1-5-21-908084168-186713400-116910121-1003_Classes\CLSID\{22664BE2-0806-4BA4-8643-DE40C9149176}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\BbfDepCalc.ocx No File
CustomCLSID: HKU\S-1-5-21-908084168-186713400-116910121-1003_Classes\CLSID\{23CEE673-F947-4d94-9D54-F4BA00C8B73D}\localserver32 -> C:\Program Files\Intuit\QuickBooks 2013\qbw32.exe (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-908084168-186713400-116910121-1003_Classes\CLSID\{247BE012-C3BF-45CF-9FA2-36A1C6D64A60}\localserver32 -> C:\Users\daustin\AppData\Local\Apps\2.0\0L5MXQ3X.950\CX5AYL2P.EN5\rhap..tion_d5fe5acc6e16c835_0006.000a_f4193d3a595330bc\RhapsodyDevices.exe (Rhapsody International Inc.)
CustomCLSID: HKU\S-1-5-21-908084168-186713400-116910121-1003_Classes\CLSID\{2A9EBDB5-0600-4E8C-B910-4001BEB2DD8C}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\BbfDepCalc.ocx No File
CustomCLSID: HKU\S-1-5-21-908084168-186713400-116910121-1003_Classes\CLSID\{349D777D-F7A2-4AAE-967F-A54F05A7FF3B}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBFinder.dll No File
CustomCLSID: HKU\S-1-5-21-908084168-186713400-116910121-1003_Classes\CLSID\{37A2FC00-1795-4679-94A3-A153F1A8BB54}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-908084168-186713400-116910121-1003_Classes\CLSID\{37A2FC02-1795-4679-94A3-A153F1A8BB54}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-908084168-186713400-116910121-1003_Classes\CLSID\{38F58721-5F93-11D5-9F94-0008C7AA5BD9}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\COMObjectFactory.dll No File
CustomCLSID: HKU\S-1-5-21-908084168-186713400-116910121-1003_Classes\CLSID\{38F58742-5F93-11D5-9F94-0008C7AA5BD9}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\ViewSrcColumns.dll No File
CustomCLSID: HKU\S-1-5-21-908084168-186713400-116910121-1003_Classes\CLSID\{38F58743-5F93-11D5-9F94-0008C7AA5BD9}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\ViewSrcColumns.dll No File
CustomCLSID: HKU\S-1-5-21-908084168-186713400-116910121-1003_Classes\CLSID\{38F58744-5F93-11D5-9F94-0008C7AA5BD9}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\ViewSrcColumns.dll No File
CustomCLSID: HKU\S-1-5-21-908084168-186713400-116910121-1003_Classes\CLSID\{4716D3CE-55DB-4D2A-818C-87D912895890}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-908084168-186713400-116910121-1003_Classes\CLSID\{4844F3F7-2161-4AC4-B219-B3B4311782AA}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-908084168-186713400-116910121-1003_Classes\CLSID\{4A56F19E-9F50-4F43-93C8-050E44AA83A9}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-908084168-186713400-116910121-1003_Classes\CLSID\{4E5E74B5-8EB5-4859-A335-837EED412620}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-908084168-186713400-116910121-1003_Classes\CLSID\{513C367B-848F-46F9-BE41-16AE19A5C55E}\localserver32 -> C:\Users\daustin\AppData\Local\Apps\2.0\0L5MXQ3X.950\CX5AYL2P.EN5\rhap..tion_d5fe5acc6e16c835_0006.000a_f4193d3a595330bc\RhapsodyDevices.exe (Rhapsody International Inc.)
CustomCLSID: HKU\S-1-5-21-908084168-186713400-116910121-1003_Classes\CLSID\{5249684A-D7A2-4DBE-94F4-B90923A7BC64}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\BbfDepCalc.ocx No File
CustomCLSID: HKU\S-1-5-21-908084168-186713400-116910121-1003_Classes\CLSID\{5428A9ED-6CD8-11D6-9C8A-0001023DCAA2}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-908084168-186713400-116910121-1003_Classes\CLSID\{547C8F00-5567-4AE3-8BB0-CC3CE2AB9070}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-908084168-186713400-116910121-1003_Classes\CLSID\{5693E306-C88D-48BE-B6EE-36B8A98322F2}\localserver32 -> C:\Users\daustin\AppData\Local\Apps\2.0\0L5MXQ3X.950\CX5AYL2P.EN5\rhap..tion_d5fe5acc6e16c835_0006.000a_f4193d3a595330bc\RhapsodyDevices.exe (Rhapsody International Inc.)
CustomCLSID: HKU\S-1-5-21-908084168-186713400-116910121-1003_Classes\CLSID\{57D590F1-91EB-44CE-8088-AE4AE19D30A1}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-908084168-186713400-116910121-1003_Classes\CLSID\{596801D8-2C9D-4627-9C67-195CB81B655A}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-908084168-186713400-116910121-1003_Classes\CLSID\{5B7331FA-8910-4748-A8A4-60B445041F28}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-908084168-186713400-116910121-1003_Classes\CLSID\{5E2663C1-51B3-49B7-B081-70181C2AF816}\InprocServer32 -> C:\Program Files\CyberLink\PowerDVD\AudioFilter\ComTruSurroundXT.dll (SRS Labs, Inc.)
CustomCLSID: HKU\S-1-5-21-908084168-186713400-116910121-1003_Classes\CLSID\{5ED8AC89-B2DE-476D-8EEA-E170B2FCB058}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-908084168-186713400-116910121-1003_Classes\CLSID\{6723BF3B-5666-4BE8-8B3F-D52A001A4F2B}\localserver32 -> C:\Users\daustin\AppData\Local\Apps\2.0\0L5MXQ3X.950\CX5AYL2P.EN5\rhap..tion_d5fe5acc6e16c835_0006.000a_f4193d3a595330bc\RhapsodyDevices.exe (Rhapsody International Inc.)
CustomCLSID: HKU\S-1-5-21-908084168-186713400-116910121-1003_Classes\CLSID\{70478C56-E77F-4134-B3E3-3B18EE036D71}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBDTRatios.dll No File
CustomCLSID: HKU\S-1-5-21-908084168-186713400-116910121-1003_Classes\CLSID\{7694F1CD-A55B-4B7C-8820-A90892EB4E9E}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-908084168-186713400-116910121-1003_Classes\CLSID\{7D243442-BE9A-4099-8F1F-C8374CDCC53A}\localserver32 -> C:\Users\daustin\AppData\Local\Apps\2.0\0L5MXQ3X.950\CX5AYL2P.EN5\rhap..tion_d5fe5acc6e16c835_0006.000a_f4193d3a595330bc\RhapsodyDevices.exe (Rhapsody International Inc.)
CustomCLSID: HKU\S-1-5-21-908084168-186713400-116910121-1003_Classes\CLSID\{7DBF8260-30AD-4D1B-876A-8032B87B809F}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-908084168-186713400-116910121-1003_Classes\CLSID\{7E474A88-3D27-4BE3-93A0-AEFCC1BC3D4E}\localserver32 -> C:\Users\daustin\AppData\Local\Apps\2.0\0L5MXQ3X.950\CX5AYL2P.EN5\rhap..tion_d5fe5acc6e16c835_0006.000a_f4193d3a595330bc\RhapsodyWindowsMedia.exe (Rhapsody International Inc.)
CustomCLSID: HKU\S-1-5-21-908084168-186713400-116910121-1003_Classes\CLSID\{828E5386-74CF-4019-B356-C857CD028A7D}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-908084168-186713400-116910121-1003_Classes\CLSID\{82CC31B3-53B4-4161-A4E9-6B4F1290A6C8}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-908084168-186713400-116910121-1003_Classes\CLSID\{8572570D-12D9-4F2C-8BB8-EB8848178B94}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-908084168-186713400-116910121-1003_Classes\CLSID\{88007BE6-7171-46F0-858B-852DAD96016D}\InprocServer32 -> C:\Program Files\CyberLink\PowerDVD\AudioFilter\ComTruSurroundXT.dll (SRS Labs, Inc.)
CustomCLSID: HKU\S-1-5-21-908084168-186713400-116910121-1003_Classes\CLSID\{8E590317-1329-11D1-B70B-00805F29CD16}\localserver32 -> C:\Program Files\Intuit\QuickBooks 2013\qbw32.exe (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-908084168-186713400-116910121-1003_Classes\CLSID\{8FEDE364-AB37-4551-80C9-6D468E222AB2}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-908084168-186713400-116910121-1003_Classes\CLSID\{9D9B61F2-9E2B-492A-81B3-AA5A1CCFBC3A}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-908084168-186713400-116910121-1003_Classes\CLSID\{9D9B61F3-9E2B-492A-81B3-AA5A1CCFBC3A}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-908084168-186713400-116910121-1003_Classes\CLSID\{9D9B61F4-9E2B-492A-81B3-AA5A1CCFBC3A}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-908084168-186713400-116910121-1003_Classes\CLSID\{9D9B61F5-9E2B-492A-81B3-AA5A1CCFBC3A}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-908084168-186713400-116910121-1003_Classes\CLSID\{9D9B61F6-9E2B-492A-81B3-AA5A1CCFBC3A}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-908084168-186713400-116910121-1003_Classes\CLSID\{9D9B61F7-9E2B-492A-81B3-AA5A1CCFBC3A}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-908084168-186713400-116910121-1003_Classes\CLSID\{A58C4EAB-2DB8-445E-9CAE-2AE197A5C708}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\BbfDepCalc.ocx No File
CustomCLSID: HKU\S-1-5-21-908084168-186713400-116910121-1003_Classes\CLSID\{A63E42D0-9C63-47B5-ABF2-0C839EC20778}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-908084168-186713400-116910121-1003_Classes\CLSID\{A63E42D2-9C63-47B5-ABF2-0C839EC20778}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-908084168-186713400-116910121-1003_Classes\CLSID\{AF5E0A13-CEAB-47CE-991D-77E82CD1BF3F}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-908084168-186713400-116910121-1003_Classes\CLSID\{AFA95F79-06AC-4B9A-B261-D415063DC2B3}\InprocServer32 -> C:\Program Files\CyberLink\PowerDVD\AudioFilter\ComTruSurroundXT.dll (SRS Labs, Inc.)
CustomCLSID: HKU\S-1-5-21-908084168-186713400-116910121-1003_Classes\CLSID\{B10BFAC3-EFF1-40D9-ADA0-BEBE037C24CA}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-908084168-186713400-116910121-1003_Classes\CLSID\{B66F2BF1-91EB-44CE-8088-AE4AE19D30A1}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-908084168-186713400-116910121-1003_Classes\CLSID\{BCD594EA-15C3-4FD8-B92B-114BB9694537}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBCtrIPMDS2.dll No File
CustomCLSID: HKU\S-1-5-21-908084168-186713400-116910121-1003_Classes\CLSID\{CE18240D-F3F8-43AE-9EA0-A0DC85A95375}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBDTRatios.dll No File
CustomCLSID: HKU\S-1-5-21-908084168-186713400-116910121-1003_Classes\CLSID\{D14FD6B3-6A9F-4537-9460-07B836707127}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-908084168-186713400-116910121-1003_Classes\CLSID\{D4A12AAF-E15E-470B-A6B6-63032186F91F}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-908084168-186713400-116910121-1003_Classes\CLSID\{D9B9C060-0954-11D3-9E07-00104BD2BE34}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\ViewSource.dll (Intuit, Inc.)
CustomCLSID: HKU\S-1-5-21-908084168-186713400-116910121-1003_Classes\CLSID\{D9BC6F81-A54B-11D4-A516-0050DA68678D}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\cominifile.dll (Intuit, Inc.)
CustomCLSID: HKU\S-1-5-21-908084168-186713400-116910121-1003_Classes\CLSID\{D9BC6F84-A54B-11D4-A516-0050DA68678D}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\cominifile.dll (Intuit, Inc.)
CustomCLSID: HKU\S-1-5-21-908084168-186713400-116910121-1003_Classes\CLSID\{D9BC6F87-A54B-11D4-A516-0050DA68678D}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\cominifile.dll (Intuit, Inc.)
CustomCLSID: HKU\S-1-5-21-908084168-186713400-116910121-1003_Classes\CLSID\{D9BC6FA1-A54B-11D4-A516-0050DA68678D}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\GraphSeriesCol.dll (Intuit, Inc.)
CustomCLSID: HKU\S-1-5-21-908084168-186713400-116910121-1003_Classes\CLSID\{D9BC6FA6-A54B-11D4-A516-0050DA68678D}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\GraphSeriesCol.dll (Intuit, Inc.)
CustomCLSID: HKU\S-1-5-21-908084168-186713400-116910121-1003_Classes\CLSID\{D9BC6FB2-A54B-11D4-A516-0050DA68678D}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\StorageClasses.dll (Intuit, Inc.)
CustomCLSID: HKU\S-1-5-21-908084168-186713400-116910121-1003_Classes\CLSID\{D9BC6FC1-A54B-11D4-A516-0050DA68678D}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\ViewSrcColumns.dll No File
CustomCLSID: HKU\S-1-5-21-908084168-186713400-116910121-1003_Classes\CLSID\{DCB2B478-EFF6-48F6-B718-13E98876854E}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-908084168-186713400-116910121-1003_Classes\CLSID\{DFD0AF10-B86C-4AF3-B609-1348D513E565}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-908084168-186713400-116910121-1003_Classes\CLSID\{E1A173E1-D957-4C3E-A098-43756A3DB454}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-908084168-186713400-116910121-1003_Classes\CLSID\{E1A173E3-D957-4C3E-A098-43756A3DB454}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-908084168-186713400-116910121-1003_Classes\CLSID\{E6E4DF8B-17CE-43ED-B2C7-2CE10457552D}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\BbfDepCalc.ocx No File
CustomCLSID: HKU\S-1-5-21-908084168-186713400-116910121-1003_Classes\CLSID\{E7D2D0F6-B754-438D-B5C9-BF848D311A0F}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBDTRatios.dll No File
CustomCLSID: HKU\S-1-5-21-908084168-186713400-116910121-1003_Classes\CLSID\{EADA914E-5B08-4E85-8440-5A087504DF87}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-908084168-186713400-116910121-1003_Classes\CLSID\{EAEF733D-5B08-4E85-8440-5A087504DF87}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-908084168-186713400-116910121-1003_Classes\CLSID\{ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C}\InprocServer32 -> C:\Users\daustin\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-908084168-186713400-116910121-1003_Classes\CLSID\{F2C593CC-74B2-4F71-8556-DD4D426D0409}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-908084168-186713400-116910121-1003_Classes\CLSID\{F69B7E4A-4A83-4485-8860-85DAA196D745}\InprocServer32 -> C:\Program Files\CyberLink\PowerDVD\AudioFilter\ComTruSurroundXT.dll (SRS Labs, Inc.)
CustomCLSID: HKU\S-1-5-21-908084168-186713400-116910121-1003_Classes\CLSID\{F9EF917A-E55E-4242-B205-E778395AC313}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\BbfDepCalc.ocx No File
CustomCLSID: HKU\S-1-5-21-908084168-186713400-116910121-1003_Classes\CLSID\{FAC93D42-FFC2-11d1-9DEB-0008C7A08EBA}\localserver32 -> C:\Program Files\Intuit\QuickBooks 2013\qbw32.exe (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-908084168-186713400-116910121-1003_Classes\CLSID\{FB17915F-06D1-4214-A902-CC5EE05186E9}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-908084168-186713400-116910121-1003_Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\daustin\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-908084168-186713400-116910121-1003_Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\daustin\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-908084168-186713400-116910121-1003_Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\daustin\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-908084168-186713400-116910121-1003_Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\daustin\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-908084168-186713400-116910121-1003_Classes\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\daustin\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-908084168-186713400-116910121-1003_Classes\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\daustin\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-908084168-186713400-116910121-1003_Classes\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\daustin\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-908084168-186713400-116910121-1003_Classes\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\daustin\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll (Dropbox, Inc.)
 
==================== Restore Points  =========================
 
21-03-2015 01:24:32 Scheduled Checkpoint
22-03-2015 12:47:23 Scheduled Checkpoint
23-03-2015 01:58:02 Scheduled Checkpoint
24-03-2015 00:53:46 Scheduled Checkpoint
25-03-2015 01:26:56 Scheduled Checkpoint
27-03-2015 01:22:55 Scheduled Checkpoint
28-03-2015 02:56:55 Scheduled Checkpoint
29-03-2015 05:34:07 Scheduled Checkpoint
29-03-2015 16:01:33 Installed RT 7 Lite x86
29-03-2015 16:47:00 Installed Windows Automated Installation Kit
30-03-2015 18:38:56 Scheduled Checkpoint
01-04-2015 03:37:33 Scheduled Checkpoint
 
==================== Hosts content: ==========================
 
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 
2006-11-02 03:23 - 2014-11-30 17:12 - 00000845 ____A C:\Windows\system32\Drivers\etc\hosts
127.0.0.1 localhost
127.0.0.1 activate.adobe.com
127.0.0.1 activation.cloud.techsmith.com
127.0.0.1 shop.audials.com
 
 
==================== Scheduled Tasks (whitelisted) =============
 
(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)
 
Task: {00D50806-9989-48D1-91D3-5DABA09C8502} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files\Google\Update\GoogleUpdate.exe [2014-10-21] (Google Inc.)
Task: {01752860-83C0-437E-9AF6-279C9588A66E} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files\Google\Update\GoogleUpdate.exe [2014-10-21] (Google Inc.)
Task: {20A9CA67-4716-48EC-A6FD-8D564D75C354} - System32\Tasks\20140810_100120_iTunes_08102014 => C:\Program Files\Nero\Nero8\Nero BackItUp\BackItUp.exe
Task: {2C6D5992-7216-4B0A-AF46-7A47A2074F5C} - \ArcadeGiant Updater No Task File <==== ATTENTION
Task: {40277835-6FC4-40A2-9A41-B9231F05110A} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2015-03-16] (Adobe Systems Incorporated)
Task: {5D9EB66F-E88E-4547-9784-3DF24040296F} - System32\Tasks\{E9543FB8-D62A-4B42-92E6-14CC47FD6948} => pcalua.exe -a "C:\Program Files\Temp\Renditioner-Pro-v2.exe" -d "C:\Program Files\Temp"
Task: {6E826336-9D81-464D-ACE8-E2946EBFDE32} - System32\Tasks\Application Starter - 8882161c434ab0fd43dca37f474f4351 => C:\Program Files\Innovative Solutions\DriverMax\innostp.exe
Task: {7E00D35B-103C-4700-B1A8-CAC8F5FDC4BC} - System32\Tasks\GoogleUpdateTaskMachineUA1d00051784acd07 => C:\Program Files\Google\Update\GoogleUpdate.exe [2014-10-21] (Google Inc.)
Task: {7F55C6CB-E33F-43BF-9E12-8D382C4BB939} - System32\Tasks\Microsoft\Windows\Customer Experience Improvement Program\VistaSP1CEIP => C:\Windows\servicing\vsp1ceip.exe [2008-01-18] (Microsoft Corporation)
Task: {A5CB83B6-8704-4DDC-8BD3-0991D43C8E65} - System32\Tasks\RMSmartUpdate => C:\Program Files\Registry Mechanic\update.exe [2010-08-05] (PC Tools)
Task: {B3E2014F-7263-4026-82D6-3235A176BBE4} - System32\Tasks\DriverMaxWelcome => C:\Program Files\Innovative Solutions\DriverMax\drivermax.exe
Task: {B830B219-342C-4B42-B118-6CB66A3A9FF6} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {C18A4C1C-BFB3-41C8-986F-434813AFFB1A} - System32\Tasks\{C8C4F25E-FCDC-404D-87E8-BC8E88E304E3} => pcalua.exe -a "C:\Users\main_admin\AppData\Local\Temp\Temp1_powerdefragmentergui.zip\Power Defragmenter GUI.exe"
Task: {C537675C-A28A-43A3-877E-D83CA661178B} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2013-10-21] (Piriform Ltd)
Task: {CA587116-0C75-4325-BEEE-6A05A088F8CD} - System32\Tasks\{43F15987-C7A8-4ECF-A7BE-222027EFCCA4} => pcalua.exe -a C:\Users\daustin\Downloads\Corel_Knockout\SetUp\Setup.exe -d C:\Users\daustin\Downloads\Corel_Knockout\SetUp
Task: {D55BA405-ACF1-454D-B227-F8C0B1683631} - System32\Tasks\Nero\Nero Info => C:\Program Files\Common Files\Nero\Nero Info\NeroInfo.exe [2014-07-21] (Nero AG)
 
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
 
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\Application Starter - 8882161c434ab0fd43dca37f474f4351.job => C:\Program Files\Innovative Solutions\DriverMax\innostp.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA1d00051784acd07.job => C:\Program Files\Google\Update\GoogleUpdate.exe
 
==================== Loaded Modules (whitelisted) ==============
 
2014-12-23 18:56 - 2013-10-23 16:23 - 00089136 _____ () C:\Windows\System32\cpwmon2k.dll
2014-07-31 12:16 - 2014-07-31 12:16 - 00073544 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
2014-07-31 12:16 - 2014-07-31 12:16 - 01044776 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
2006-10-29 09:03 - 2006-10-29 09:03 - 00208896 _____ () C:\Program Files\Common Files\Intel\IntelDH\NMS\AdpPlugins\DQLWinService.exe
2014-07-21 01:09 - 2012-08-08 21:36 - 00254552 ____N () C:\Program Files\CyberLink\Shared Files\RichVideo.exe
2014-07-21 01:09 - 2012-08-08 21:36 - 00037392 ____N () C:\Program Files\Cyberlink\Shared files\RichVideops.dll
2011-10-06 09:42 - 2011-10-06 09:42 - 04407296 _____ () C:\TRENDnet\TEW-MFP1\Control Center.exe
2014-08-18 01:25 - 2013-05-19 20:01 - 00627672 _____ () C:\Program Files\CyberLink\Power2Go9\CLMediaLibrary.dll
2013-05-20 11:02 - 2013-05-20 11:02 - 00016856 _____ () C:\Program Files\CyberLink\Power2Go9\CLMLSvcPS.dll
2013-01-16 12:58 - 2013-01-16 12:58 - 02408448 _____ () C:\Program Files\Common Files\LightScribe\QtCore4.dll
2013-01-16 12:58 - 2013-01-16 12:58 - 08626176 _____ () C:\Program Files\Common Files\LightScribe\QtGui4.dll
2013-01-16 12:58 - 2013-01-16 12:58 - 00212992 _____ () C:\Program Files\Common Files\LightScribe\plugins\imageformats\qjpeg4.dll
2013-10-07 10:01 - 2013-10-07 10:01 - 00529160 _____ () C:\Program Files\Audials\Audials 10\AudialsNotifier.exe
2013-10-07 10:01 - 2013-10-07 10:01 - 00046080 _____ () C:\Program Files\Audials\Audials 10\boost_thread-vc90-mt-1_39.dll
2013-10-07 10:01 - 2013-10-07 10:01 - 00045056 _____ () C:\Program Files\Audials\Audials 10\boost_date_time-vc90-mt-1_39.dll
2013-10-07 10:02 - 2013-10-07 10:02 - 00545032 _____ () C:\Program Files\Audials\Audials 10\StreamingClient.dll
2013-10-07 10:01 - 2013-10-07 10:01 - 00012800 _____ () C:\Program Files\Audials\Audials 10\boost_system-vc90-mt-1_39.dll
2013-10-07 10:01 - 2013-10-07 10:01 - 00068360 _____ () C:\Program Files\Audials\Audials 10\CrashRpt.dll
2013-10-07 10:02 - 2013-10-07 10:02 - 00409352 _____ () C:\Program Files\Audials\Audials 10\SQLite3.dll
2013-10-07 10:01 - 2013-10-07 10:01 - 00614912 _____ () C:\Program Files\Audials\Audials 10\boost_regex-vc90-mt-1_39.dll
2015-01-13 15:37 - 2015-01-13 15:37 - 00270848 _____ () C:\Windows\assembly\NativeImages_v4.0.30319_32\Utils\5374dcadae84706c9d5eaff3a3d61190\Utils.ni.dll
2015-01-13 15:37 - 2015-01-13 15:37 - 00526848 _____ () C:\Windows\assembly\NativeImages_v4.0.30319_32\ManagedInterfaces\f0dc8326ccb2df39d4545670c0534341\ManagedInterfaces.ni.dll
2015-01-13 15:37 - 2015-01-13 15:37 - 02534912 _____ () C:\Windows\assembly\NativeImages_v4.0.30319_32\AudialsComponents\0cbea1b4604a523ae53cd1c4be57ef41\AudialsComponents.ni.dll
2015-01-13 15:37 - 2015-01-13 15:37 - 00172032 _____ () C:\Windows\assembly\NativeImages_v4.0.30319_32\fastJSON\e878d91e1aecd9e25878d45e8bbe9442\fastJSON.ni.dll
 
==================== Alternate Data Streams (whitelisted) =========
 
(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)
 
AlternateDataStreams: C:\WINDOWS:nlsPreferences
AlternateDataStreams: C:\ProgramData\Temp:2AB12556
AlternateDataStreams: C:\ProgramData\Temp:C6070AC3
AlternateDataStreams: C:\ProgramData\Temp:D083E4C6
AlternateDataStreams: C:\ProgramData\Temp:D1B5B4F1
AlternateDataStreams: C:\ProgramData\Temp:D5FBE8F9
AlternateDataStreams: C:\ProgramData\Temp:FD9CE1F3
 
==================== Safe Mode (whitelisted) ===================
 
(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
 
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcpltsvc => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\McMPFSvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MCODS => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mcpltsvc => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefire => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefirek => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefirek.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfehidk => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfehidk.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfevtp => ""="Driver"
 
==================== EXE Association (whitelisted) ===============
 
(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)
 
 
==================== Other Areas ============================
 
(Currently there is no automatic fix for this section.)
 
HKU\S-1-5-21-908084168-186713400-116910121-1003\Control Panel\Desktop\\Wallpaper -> C:\windows\Web\Wallpaper\img24.jpg
DNS Servers: 192.168.1.254
 
==================== MSCONFIG/TASK MANAGER disabled items ==
 
(Currently there is no automatic fix for this section.)
 
MSCONFIG\Services: AdobeARMservice => 2
MSCONFIG\Services: AdobeFlashPlayerUpdateSvc => 3
MSCONFIG\Services: CCALib8 => 2
MSCONFIG\Services: Diskeeper => 2
MSCONFIG\Services: GfExperienceService => 2
MSCONFIG\Services: GoogleDesktopManager => 3
MSCONFIG\Services: gupdate => 2
MSCONFIG\Services: gupdatem => 3
MSCONFIG\Services: gusvc => 3
MSCONFIG\Services: ISSM => 2
MSCONFIG\Services: M1 Server => 2
MSCONFIG\Services: MBAMService => 2
MSCONFIG\Services: MCLServiceATL => 2
MSCONFIG\Services: NAUpdate => 2
MSCONFIG\Services: Nero BackItUp Scheduler 3 => 2
MSCONFIG\Services: NMIndexingService => 3
MSCONFIG\Services: nvUpdatusService => 2
MSCONFIG\Services: QBCFMonitorService => 2
MSCONFIG\Services: QBFCService => 3
MSCONFIG\Services: QBVSS => 2
MSCONFIG\Services: SBSDWSCService => 2
MSCONFIG\Services: Stereo Service => 2
MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Intuit Data Protect.lnk => C:\Windows\pss\Intuit Data Protect.lnk.CommonStartup
MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^QuickBooks Update Agent.lnk => C:\Windows\pss\QuickBooks Update Agent.lnk.CommonStartup
MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^QuickBooks_Standard_21.lnk => C:\Windows\pss\QuickBooks_Standard_21.lnk.CommonStartup
MSCONFIG\startupfolder: C:^Users^daustin^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^3113068.lnk => C:\Windows\pss\3113068.lnk.Startup
MSCONFIG\startupfolder: C:^Users^daustin^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^_uninst_45646224.lnk => C:\Windows\pss\_uninst_45646224.lnk.Startup
MSCONFIG\startupreg: Acrobat Assistant 8.0 => "C:\Program Files\Adobe\Acrobat 11.0\Acrobat\Acrotray.exe"
MSCONFIG\startupreg: Adobe ARM => "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
MSCONFIG\startupreg: AdobeAAMUpdater-1.0 => "C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe"
MSCONFIG\startupreg: AdobeCS5ServiceManager => "C:\Program Files\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" -launchedbylogin
MSCONFIG\startupreg: AudialsNotifier => C:\Program Files\Audials\Audials 10\AudialsNotifier.exe
MSCONFIG\startupreg: BigFix => c:\program files\Bigfix\bigfix.exe /atstartup
MSCONFIG\startupreg: CCUTRAYICON => C:\Program Files\Intel\IntelDH\CCU\CCU_TrayIcon.exe
MSCONFIG\startupreg: DivXMediaServer => C:\Program Files\DivX\DivX Media Server\DivXMediaServer.exe
MSCONFIG\startupreg: DivXUpdate => "C:\Program Files\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW
MSCONFIG\startupreg: DriverMax => "C:\Program Files\Innovative Solutions\DriverMax\drivermax.exe" -agent
MSCONFIG\startupreg: E4AEAF793D20A0532DC72C6CD6A9AB90883AB3DD._service_run => "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=service
MSCONFIG\startupreg: Google Desktop Search => "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
MSCONFIG\startupreg: IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA} => "C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe" ASO-616B5711-6DAE-4795-A05F-39A1E5104020
MSCONFIG\startupreg: Intuit SyncManager => C:\Program Files\Common Files\Intuit\Sync\IntuitSyncManager.exe  startup
MSCONFIG\startupreg: LanguageShortcut => "C:\Program Files\CyberLink\PowerDVD\Language\Language.exe"
MSCONFIG\startupreg: NapsterShell => C:\Program Files\Napster\napster.exe /systray
MSCONFIG\startupreg: NBKeyScan => "C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"
MSCONFIG\startupreg: NMSSupport => "C:\Program Files\Common Files\Intel\IntelDH\NMS\Support\IntelHCTAgent.exe" /startup
MSCONFIG\startupreg: NvBackend => "C:\Program Files\NVIDIA Corporation\Update Core\NvBackend.exe"
MSCONFIG\startupreg: OneTouch Monitor => C:\PROGRA~1\VISION~1\ONETOU~2.EXE
MSCONFIG\startupreg: PaperPort PTD => "C:\Program Files\Nuance\PaperPort\pptd40nt.exe"
MSCONFIG\startupreg: PDF7 Registry Controller => C:\Program Files\Nuance\PDFCreate\RegistryController.exe
MSCONFIG\startupreg: PDFCreHook => C:\Program Files\Nuance\PDFCreate\pdfcreate7hook.exe
MSCONFIG\startupreg: PDFProHook => C:\Program Files\Nuance\PDF Viewer Plus\pdfpro7hook.exe
MSCONFIG\startupreg: Power2GoExpress9 => NA
MSCONFIG\startupreg: PPort14reminder => "C:\Program Files\Nuance\PaperPort\Ereg\Ereg.exe" -r "C:\ProgramData\ScanSoft\PaperPort\14\Config\Ereg\Ereg.ini"
MSCONFIG\startupreg: QuickTime Task => "C:\Program Files\QuickTime\QTTask.exe" -atboottime
MSCONFIG\startupreg: SigmatelSysTrayApp => sttray.exe
MSCONFIG\startupreg: SpybotSD TeaTimer => C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
MSCONFIG\startupreg: SSDMonitor => C:\Program Files\Common Files\PC Tools\sMonitor\SSDMonitor.exe
MSCONFIG\startupreg: SunJavaUpdateSched => "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
MSCONFIG\startupreg: SUPERAntiSpyware => C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
MSCONFIG\startupreg: swg => "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
MSCONFIG\startupreg: SwitchBoard => C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
MSCONFIG\startupreg: UpdateLBPShortCut => "C:\Program Files\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe" "C:\Program Files\CyberLink\LabelPrint" UpdateWithCreateOnce "Software\CyberLink\LabelPrint\2.0"
MSCONFIG\startupreg: UpdatePPShortCut => "C:\Program Files\CyberLink\PowerProducer\MUITransfer\MUIStartMenu.exe" "C:\Program Files\CyberLink\PowerProducer" update "Software\CyberLink\PowerProducer\5.0"
MSCONFIG\startupreg: UpdatePSTShortCut => "C:\Program Files\CyberLink\Blu-ray Disc Suite\MUITransfer\MUIStartMenu.exe" "C:\Program Files\CyberLink\Blu-ray Disc Suite" UpdateWithCreateOnce "Software\CyberLink\PowerStarter"
MSCONFIG\startupreg: Windows Defender => %ProgramFiles%\Windows Defender\MSASCui.exe -hide
 
==================== Accounts: =============================
 
Administrator (S-1-5-21-908084168-186713400-116910121-500 - Administrator - Disabled)
admin_backup2 (S-1-5-21-908084168-186713400-116910121-1004 - Administrator - Enabled)
daustin (S-1-5-21-908084168-186713400-116910121-1003 - Administrator - Enabled) => C:\Users\daustin
Guest (S-1-5-21-908084168-186713400-116910121-501 - Limited - Disabled)
IUSR_NMPR (S-1-5-21-908084168-186713400-116910121-1000 - Limited - Enabled) => C:\Users\IUSR_NMPR
main_admin (S-1-5-21-908084168-186713400-116910121-1001 - Administrator - Enabled) => C:\Users\main_admin
 
==================== Faulty Device Manager Devices =============
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (03/31/2015 08:31:29 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program Power2Go.exe version 5.50.1.2322 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Problem Reports and Solutions control panel.
Process ID: 1374
Start Time: 01d06c2ba5318a85
Termination Time: 16126
 
Error: (03/31/2015 06:41:41 PM) (Source: Windows Search Service) (EventID: 3013) (User: )
Description: The entry <C:\PROGRAMDATA\MICROSOFT\WINDOWS\START MENU\PROGRAMS\MCAFEE\MCAFEE SECURITYCENTER.LNK> in the hash map cannot be updated.
 
Context:  Application, SystemIndex Catalog
 
 
Details:
A device attached to the system is not functioning.   (0x8007001f)
 
Error: (03/31/2015 06:41:41 PM) (Source: Windows Search Service) (EventID: 3013) (User: )
Description: The entry <C:\PROGRAMDATA\MICROSOFT\WINDOWS\START MENU\PROGRAMS\MCAFEE\MCAFEE SECURITYCENTER.LNK> in the hash map cannot be updated.
 
Context:  Application, SystemIndex Catalog
 
 
Details:
A device attached to the system is not functioning.   (0x8007001f)
 
Error: (03/31/2015 06:34:32 PM) (Source: WinMgmt) (EventID: 28) (User: )
Description: 0x800706bf
 
Error: (03/31/2015 06:33:31 PM) (Source: Distributed Link Tracking Client) (EventID: 12502) (User: )
Description: 8007000e
 
Error: (03/31/2015 06:33:31 PM) (Source: Distributed Link Tracking Client) (EventID: 12500) (User: )
Description: 8007000e
 
Error: (03/31/2015 06:33:27 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application tunnel.exe, version 6.0.6002.18209, time stamp 0x511c12e0, faulting module ntdll.dll, version 6.0.6002.18881, time stamp 0x51da3e27, exception code 0xc0000005, fault offset 0x00066666,
process id 0x788, application start time 0xtunnel.exe0.
 
Error: (03/31/2015 06:33:25 PM) (Source: Alert Service) (EventID: 22) (User: )
Description: Failed to initialize security
 
Error: (03/31/2015 06:25:04 PM) (Source: EventSystem) (EventID: 4609) (User: )
Description: d:\longhorn\com\complus\src\events\tier1\eventsystemobj.cpp458007043c
 
Error: (03/31/2015 06:19:18 PM) (Source: EventSystem) (EventID: 4609) (User: )
Description: d:\longhorn\com\complus\src\events\tier1\eventsystemobj.cpp458007043c
 
 
System errors:
=============
Error: (04/01/2015 10:09:58 AM) (Source: DCOM) (EventID: 10010) (User: )
Description: {6295DF2D-35EE-11D1-8707-00C04FD93327}
 
Error: (03/31/2015 11:26:54 PM) (Source: cdrom) (EventID: 7) (User: )
Description: The device, \Device\CdRom1, has a bad block.
 
Error: (03/31/2015 11:26:45 PM) (Source: cdrom) (EventID: 7) (User: )
Description: The device, \Device\CdRom1, has a bad block.
 
Error: (03/31/2015 11:26:36 PM) (Source: cdrom) (EventID: 7) (User: )
Description: The device, \Device\CdRom1, has a bad block.
 
Error: (03/31/2015 11:26:27 PM) (Source: cdrom) (EventID: 7) (User: )
Description: The device, \Device\CdRom1, has a bad block.
 
Error: (03/31/2015 11:26:18 PM) (Source: cdrom) (EventID: 7) (User: )
Description: The device, \Device\CdRom1, has a bad block.
 
Error: (03/31/2015 11:25:07 PM) (Source: cdrom) (EventID: 7) (User: )
Description: The device, \Device\CdRom1, has a bad block.
 
Error: (03/31/2015 11:24:58 PM) (Source: cdrom) (EventID: 7) (User: )
Description: The device, \Device\CdRom1, has a bad block.
 
Error: (03/31/2015 10:42:20 PM) (Source: cdrom) (EventID: 7) (User: )
Description: The device, \Device\CdRom0, has a bad block.
 
Error: (03/31/2015 08:40:52 PM) (Source: cdrom) (EventID: 7) (User: )
Description: The device, \Device\CdRom0, has a bad block.
 
 
Microsoft Office Sessions:
=========================
 
CodeIntegrity Errors:
===================================
  Date: 2015-04-01 09:12:40.521
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\AdwCleaner\Quarantine\C\Windows\system32\drivers\68180025.sys.vir because the set of per-page image hashes could not be found on the system.
 
  Date: 2015-04-01 09:12:40.380
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\AdwCleaner\Quarantine\C\Windows\system32\drivers\68180025.sys.vir because the set of per-page image hashes could not be found on the system.
 
  Date: 2015-04-01 09:12:40.224
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\AdwCleaner\Quarantine\C\Windows\system32\drivers\68180025.sys.vir because the set of per-page image hashes could not be found on the system.
 
  Date: 2015-04-01 09:12:40.068
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\AdwCleaner\Quarantine\C\Windows\system32\drivers\68180025.sys.vir because the set of per-page image hashes could not be found on the system.
 
  Date: 2015-04-01 09:12:39.912
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\AdwCleaner\Quarantine\C\Windows\system32\drivers\68180025.sys.vir because the set of per-page image hashes could not be found on the system.
 
  Date: 2015-04-01 09:12:39.755
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\AdwCleaner\Quarantine\C\Windows\system32\drivers\68180025.sys.vir because the set of per-page image hashes could not be found on the system.
 
  Date: 2015-04-01 09:06:36.057
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\WINDOWS\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6001.18311_none_b3144862666d6db3\tcpip.sys because the set of per-page image hashes could not be found on the system.
 
  Date: 2015-04-01 09:06:35.901
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\WINDOWS\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6001.18311_none_b3144862666d6db3\tcpip.sys because the set of per-page image hashes could not be found on the system.
 
  Date: 2015-04-01 09:06:35.745
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\WINDOWS\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6001.18311_none_b3144862666d6db3\tcpip.sys because the set of per-page image hashes could not be found on the system.
 
  Date: 2015-04-01 09:06:35.587
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\WINDOWS\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6001.18311_none_b3144862666d6db3\tcpip.sys because the set of per-page image hashes could not be found on the system.
 
 
==================== Memory info =========================== 
 
Processor: Intel® Core™2 Quad CPU Q6600 @ 2.40GHz
Percentage of memory in use: 41%
Total physical RAM: 3324.97 MB
Available physical RAM: 1952.67 MB
Total Pagefile: 3843.8 MB
Available Pagefile: 2012.18 MB
Total Virtual: 2047.88 MB
Available Virtual: 1896.88 MB
 
==================== Drives ================================
 
Drive c: (Windows Vista) (Fixed) (Total:500 GB) (Free:214.64 GB) NTFS ==>[Drive with boot components (obtained from BCD)]
Drive d: () (Fixed) (Total:10.03 GB) (Free:5.32 GB) NTFS ==>[System with boot components (obtained from reading drive)]
Drive h: (My Backup) (Fixed) (Total:500 GB) (Free:197.02 GB) NTFS
Drive l: (My Backup 2) (Fixed) (Total:352.99 GB) (Free:137.71 GB) NTFS
Drive m: (My Music) (Fixed) (Total:500 GB) (Free:124.88 GB) NTFS
Drive o: (New Volume) (Fixed) (Total:500 GB) (Free:350.26 GB) NTFS
Drive p: (New Volume) (Fixed) (Total:500 GB) (Free:319.5 GB) NTFS
Drive q: (New Volume) (Fixed) (Total:363.01 GB) (Free:113.92 GB) NTFS
Drive t: (Record Files) (Fixed) (Total:500 GB) (Free:287.47 GB) NTFS
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (MBR Code: Windows 7 or Vista) (Size: 1863 GB) (Disk ID: F84F1332)
Partition 1: (Not Active) - (Size=10 GB) - (Type=07 NTFS)
Partition 2: (Active) - (Size=500 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=500 GB) - (Type=07 NTFS)
Partition 4: (Not Active) - (Size=853 GB) - (Type=OF Extended)
 
========================================================
Disk: 1 (MBR Code: Windows 7 or Vista) (Size: 1863 GB) (Disk ID: 7783182F)
Partition 1: (Active) - (Size=500 GB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=500 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=500 GB) - (Type=07 NTFS)
Partition 4: (Not Active) - (Size=363 GB) - (Type=07 NTFS)
 
==================== End Of Log ============================


#6 fastback

fastback
  • Topic Starter

  • Members
  • 41 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:06:20 AM

Posted 07 April 2015 - 02:38 PM

I could be wrong but, it appears that Google Chrome maybe okay now but Firefox still has pop ups and ads, but I'm not really sure of this.


Edited by fastback, 07 April 2015 - 02:39 PM.


#7 fireman4it

fireman4it

    Bleepin' Fireman


  • Malware Response Team
  • 13,505 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Greenup, Ill USA
  • Local time:08:20 AM

Posted 08 April 2015 - 03:35 PM

Download attached fixlist.txt file and save it to the Desktop.

NOTE. It's important that both files, FRST/FRST64 and fixlist.txt are in the same location or the fix will not work.

NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

Run FRST/FRST64 and press the Fix button just once and wait.
If for some reason the tool needs a restart, please make sure you let the system restart normally. After that let the tool complete its run.
When finished FRST will generate a log on the Desktop (Fixlog.txt). Please post it to your reply.

 

 

Attached File  fixlist.txt   14.32KB   5 downloads

 

 

Let me know how the machine is running after this fix.

 


" Extinguishing Malware from the world"

The Virus, Trojan, Spyware, and Malware Removal forum is very busy. If I'm helping you and I've not posted back within 24 hrs., send a PM with your topic link. Thank you.

ALL OTHER HELP REQUESTS VIA THE PM SYSTEM WILL BE IGNORED. The Forums are there for a reason!
Thanks-


  userbar_eis_500.gif

If I have helped you, consider making a donation to help me continue the fight against Malware! Just click btn_donate_LG.gif


#8 fastback

fastback
  • Topic Starter

  • Members
  • 41 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:06:20 AM

Posted 09 April 2015 - 10:33 AM

After running FRST there was no system restart required in this instance. Thank you so much for

getting me up and running, pc appears to be running smooth. No pops, redirects or ads so far in

Firefox or Google Chrome. Here is the Fixlog.txt report that you requested.

 

 

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x86) Version: 11-03-2015
Ran by daustin at 2015-04-08 16:30:13 Run:1
Running from C:\Users\daustin\Downloads
Loaded Profiles: daustin (Available profiles: IUSR_NMPR & main_admin & daustin)
Boot Mode: Normal
 
==============================================
 
Content of fixlist:
*****************
FF ProfilePath: C:\Users\daustin\AppData\Roaming\Mozilla\Firefox\Profiles\cdp5vt5x.default-1423630399631
HKU\S-1-5-21-908084168-186713400-116910121-1003\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
HKU\S-1-5-21-908084168-186713400-116910121-1003\...\RunOnce: [Adobe Speed Launcher] => 1428368402
FF Extension: Express Find - C:\Users\daustin\AppData\Roaming\Mozilla\Firefox\Profiles\hffbepkt.daustin\Extensions\{c1c2292b-1e63-4789-80ef-a6c78d8308b6}.xpi [2015-03-30]
FF Extension: No Name - C:\Users\daustin\AppData\Roaming\Mozilla\Firefox\Profiles\cdp5vt5x.default-1423630399631\Extensions\jsonview@brh.numbera.com.xpi [2015-02-26]
FF Extension: No Name - C:\Users\daustin\AppData\Roaming\Mozilla\Firefox\Profiles\cdp5vt5x.default-1423630399631\Extensions\SQLiteManager@mrinalkant.blogspot.com.xpi [2015-02-14]
FF Extension: Express Find - C:\Users\daustin\AppData\Roaming\Mozilla\Firefox\Profiles\cdp5vt5x.default-1423630399631\Extensions\{c1c2292b-1e63-4789-80ef-a6c78d8308b6}.xpi [2015-03-30]
FF Extension: No Name - C:\Users\daustin\AppData\Roaming\Mozilla\Firefox\Profiles\cdp5vt5x.default-1423630399631\Extensions\{d47a9f51-8281-43fa-f450-f28ef8735e9a}.xpi [2015-02-14]
CHR StartupUrls: Default -> "hxxp://att.my.yahoo.com/", "hxxp://us.mg205.mail.yahoo.com/neo/launch?.partner=sbc&.rand=5pglpni0jm4uo", "https://www.google.com/bookmarks/lookup?month=1&day=4&yr=2012&hl=en", "https://maps.google.com/", "https://thd.eagleview.com/Login.aspx", "https://www.myhealth.va.gov/mhv-portal-web/anonymous.portal?_nfpb=true&_pageLabel=mhvHome", "hxxp://www.flickr.com/", "https://discussions.apple.com/index.jspa"
CHR Extension: (Chrome Hotword Shared Module) - C:\Users\daustin\AppData\Local\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg [2015-03-12]
S0 AFS; No ImagePath
S4 blbdrive; \SystemRoot\system32\drivers\blbdrive.sys [X]
S3 catchme; \??\C:\ComboFix\catchme.sys [X]
S3 CLVirtualBus01; system32\DRIVERS\CLVirtualBus01.sys [X]
S3 IpInIp; system32\DRIVERS\ipinip.sys [X]
S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [X]
S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [X]
S3 SDDMI2; \??\C:\Windows\system32\DDMI2.sys [X]
CustomCLSID: HKU\S-1-5-21-908084168-186713400-116910121-1003_Classes\CLSID\{1B3210AF-E236-46D4-83EF-6421F2FF543C}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBDTVIEW.OCx No File
CustomCLSID: HKU\S-1-5-21-908084168-186713400-116910121-1003_Classes\CLSID\{1E78DD72-771E-42BF-8B4B-363CEB18E07B}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBDTVIEW.OCx No File
CustomCLSID: HKU\S-1-5-21-908084168-186713400-116910121-1003_Classes\CLSID\{22664BE2-0806-4BA4-8643-DE40C9149176}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\BbfDepCalc.ocx No File
CustomCLSID: HKU\S-1-5-21-908084168-186713400-116910121-1003_Classes\CLSID\{2A9EBDB5-0600-4E8C-B910-4001BEB2DD8C}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\BbfDepCalc.ocx No File
CustomCLSID: HKU\S-1-5-21-908084168-186713400-116910121-1003_Classes\CLSID\{349D777D-F7A2-4AAE-967F-A54F05A7FF3B}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBFinder.dll No File
CustomCLSID: HKU\S-1-5-21-908084168-186713400-116910121-1003_Classes\CLSID\{38F58721-5F93-11D5-9F94-0008C7AA5BD9}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\COMObjectFactory.dll No File
CustomCLSID: HKU\S-1-5-21-908084168-186713400-116910121-1003_Classes\CLSID\{38F58742-5F93-11D5-9F94-0008C7AA5BD9}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\ViewSrcColumns.dll No File
CustomCLSID: HKU\S-1-5-21-908084168-186713400-116910121-1003_Classes\CLSID\{38F58743-5F93-11D5-9F94-0008C7AA5BD9}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\ViewSrcColumns.dll No File
CustomCLSID: HKU\S-1-5-21-908084168-186713400-116910121-1003_Classes\CLSID\{38F58744-5F93-11D5-9F94-0008C7AA5BD9}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\ViewSrcColumns.dll No File
CustomCLSID: HKU\S-1-5-21-908084168-186713400-116910121-1003_Classes\CLSID\{5249684A-D7A2-4DBE-94F4-B90923A7BC64}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\BbfDepCalc.ocx No File
CustomCLSID: HKU\S-1-5-21-908084168-186713400-116910121-1003_Classes\CLSID\{70478C56-E77F-4134-B3E3-3B18EE036D71}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBDTRatios.dll No File
CustomCLSID: HKU\S-1-5-21-908084168-186713400-116910121-1003_Classes\CLSID\{A58C4EAB-2DB8-445E-9CAE-2AE197A5C708}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\BbfDepCalc.ocx No File
CustomCLSID: HKU\S-1-5-21-908084168-186713400-116910121-1003_Classes\CLSID\{BCD594EA-15C3-4FD8-B92B-114BB9694537}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBCtrIPMDS2.dll No File
CustomCLSID: HKU\S-1-5-21-908084168-186713400-116910121-1003_Classes\CLSID\{CE18240D-F3F8-43AE-9EA0-A0DC85A95375}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBDTRatios.dll No File
CustomCLSID: HKU\S-1-5-21-908084168-186713400-116910121-1003_Classes\CLSID\{D9BC6FC1-A54B-11D4-A516-0050DA68678D}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\ViewSrcColumns.dll No File
CustomCLSID: HKU\S-1-5-21-908084168-186713400-116910121-1003_Classes\CLSID\{E6E4DF8B-17CE-43ED-B2C7-2CE10457552D}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\BbfDepCalc.ocx No File
CustomCLSID: HKU\S-1-5-21-908084168-186713400-116910121-1003_Classes\CLSID\{E7D2D0F6-B754-438D-B5C9-BF848D311A0F}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBDTRatios.dll No File
Task: {2C6D5992-7216-4B0A-AF46-7A47A2074F5C} - \ArcadeGiant Updater No Task File <==== ATTENTION
Task: {A5CB83B6-8704-4DDC-8BD3-0991D43C8E65} - System32\Tasks\RMSmartUpdate => C:\Program Files\Registry Mechanic\update.exe [2010-08-05] (PC Tools)
Task: {6E826336-9D81-464D-ACE8-E2946EBFDE32} - System32\Tasks\Application Starter - 8882161c434ab0fd43dca37f474f4351 => C:\Program Files\Innovative Solutions\DriverMax\innostp.exe
Task: C:\Windows\Tasks\Application Starter - 8882161c434ab0fd43dca37f474f4351.job => C:\Program Files\Innovative Solutions\DriverMax\innostp.exe
AlternateDataStreams: C:\WINDOWS:nlsPreferences
AlternateDataStreams: C:\ProgramData\Temp:2AB12556
AlternateDataStreams: C:\ProgramData\Temp:C6070AC3
AlternateDataStreams: C:\ProgramData\Temp:D083E4C6
AlternateDataStreams: C:\ProgramData\Temp:D1B5B4F1
AlternateDataStreams: C:\ProgramData\Temp:D5FBE8F9
AlternateDataStreams: C:\ProgramData\Temp:FD9CE1F3
 
 
 
 
*****************
 
FF ProfilePath: C:\Users\daustin\AppData\Roaming\Mozilla\Firefox\Profiles\cdp5vt5x.default-1423630399631 => Should not be moved.
Firefox homepage deleted successfully.
HKU\S-1-5-21-908084168-186713400-116910121-1003\Software\Microsoft\Internet Explorer\Main\\Start Page => Value was restored successfully.
HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value deleted successfully.
HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value deleted successfully.
HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value deleted successfully.
HKU\S-1-5-21-908084168-186713400-116910121-1003\Software\Microsoft\Windows\CurrentVersion\RunOnce\\Adobe Speed Launcher => value deleted successfully.
C:\Users\daustin\AppData\Roaming\Mozilla\Firefox\Profiles\hffbepkt.daustin\Extensions\{c1c2292b-1e63-4789-80ef-a6c78d8308b6}.xpi => Moved successfully.
C:\Users\daustin\AppData\Roaming\Mozilla\Firefox\Profiles\cdp5vt5x.default-1423630399631\Extensions\jsonview@brh.numbera.com.xpi => Moved successfully.
C:\Users\daustin\AppData\Roaming\Mozilla\Firefox\Profiles\cdp5vt5x.default-1423630399631\Extensions\SQLiteManager@mrinalkant.blogspot.com.xpi => Moved successfully.
C:\Users\daustin\AppData\Roaming\Mozilla\Firefox\Profiles\cdp5vt5x.default-1423630399631\Extensions\{c1c2292b-1e63-4789-80ef-a6c78d8308b6}.xpi => Moved successfully.
C:\Users\daustin\AppData\Roaming\Mozilla\Firefox\Profiles\cdp5vt5x.default-1423630399631\Extensions\{d47a9f51-8281-43fa-f450-f28ef8735e9a}.xpi => Moved successfully.
Chrome StartupUrls deleted successfully.
C:\Users\daustin\AppData\Local\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg => Moved successfully.
AFS => Service deleted successfully.
blbdrive => Service deleted successfully.
catchme => Service deleted successfully.
CLVirtualBus01 => Service deleted successfully.
IpInIp => Service deleted successfully.
NwlnkFlt => Service deleted successfully.
NwlnkFwd => Service deleted successfully.
SDDMI2 => Service deleted successfully.
"HKU\S-1-5-21-908084168-186713400-116910121-1003_Classes\CLSID\{1B3210AF-E236-46D4-83EF-6421F2FF543C}" => Key deleted successfully.
"HKU\S-1-5-21-908084168-186713400-116910121-1003_Classes\CLSID\{1E78DD72-771E-42BF-8B4B-363CEB18E07B}" => Key deleted successfully.
"HKU\S-1-5-21-908084168-186713400-116910121-1003_Classes\CLSID\{22664BE2-0806-4BA4-8643-DE40C9149176}" => Key deleted successfully.
"HKU\S-1-5-21-908084168-186713400-116910121-1003_Classes\CLSID\{2A9EBDB5-0600-4E8C-B910-4001BEB2DD8C}" => Key deleted successfully.
"HKU\S-1-5-21-908084168-186713400-116910121-1003_Classes\CLSID\{349D777D-F7A2-4AAE-967F-A54F05A7FF3B}" => Key deleted successfully.
"HKU\S-1-5-21-908084168-186713400-116910121-1003_Classes\CLSID\{38F58721-5F93-11D5-9F94-0008C7AA5BD9}" => Key deleted successfully.
"HKU\S-1-5-21-908084168-186713400-116910121-1003_Classes\CLSID\{38F58742-5F93-11D5-9F94-0008C7AA5BD9}" => Key deleted successfully.
"HKU\S-1-5-21-908084168-186713400-116910121-1003_Classes\CLSID\{38F58743-5F93-11D5-9F94-0008C7AA5BD9}" => Key deleted successfully.
"HKU\S-1-5-21-908084168-186713400-116910121-1003_Classes\CLSID\{38F58744-5F93-11D5-9F94-0008C7AA5BD9}" => Key deleted successfully.
"HKU\S-1-5-21-908084168-186713400-116910121-1003_Classes\CLSID\{5249684A-D7A2-4DBE-94F4-B90923A7BC64}" => Key deleted successfully.
"HKU\S-1-5-21-908084168-186713400-116910121-1003_Classes\CLSID\{70478C56-E77F-4134-B3E3-3B18EE036D71}" => Key deleted successfully.
"HKU\S-1-5-21-908084168-186713400-116910121-1003_Classes\CLSID\{A58C4EAB-2DB8-445E-9CAE-2AE197A5C708}" => Key deleted successfully.
"HKU\S-1-5-21-908084168-186713400-116910121-1003_Classes\CLSID\{BCD594EA-15C3-4FD8-B92B-114BB9694537}" => Key deleted successfully.
"HKU\S-1-5-21-908084168-186713400-116910121-1003_Classes\CLSID\{CE18240D-F3F8-43AE-9EA0-A0DC85A95375}" => Key deleted successfully.
"HKU\S-1-5-21-908084168-186713400-116910121-1003_Classes\CLSID\{D9BC6FC1-A54B-11D4-A516-0050DA68678D}" => Key deleted successfully.
"HKU\S-1-5-21-908084168-186713400-116910121-1003_Classes\CLSID\{E6E4DF8B-17CE-43ED-B2C7-2CE10457552D}" => Key deleted successfully.
"HKU\S-1-5-21-908084168-186713400-116910121-1003_Classes\CLSID\{E7D2D0F6-B754-438D-B5C9-BF848D311A0F}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{2C6D5992-7216-4B0A-AF46-7A47A2074F5C}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{2C6D5992-7216-4B0A-AF46-7A47A2074F5C}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\ArcadeGiant Updater" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{A5CB83B6-8704-4DDC-8BD3-0991D43C8E65}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{A5CB83B6-8704-4DDC-8BD3-0991D43C8E65}" => Key deleted successfully.
C:\Windows\System32\Tasks\RMSmartUpdate => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\RMSmartUpdate" => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{6E826336-9D81-464D-ACE8-E2946EBFDE32} => Key not found. 
C:\Windows\System32\Tasks\Application Starter - 8882161c434ab0fd43dca37f474f4351 not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Application Starter - 8882161c434ab0fd43dca37f474f4351 => Key not found. 
C:\Windows\Tasks\Application Starter - 8882161c434ab0fd43dca37f474f4351.job not found.
"C:\WINDOWS" => ":nlsPreferences" ADS not found.
C:\ProgramData\Temp => ":2AB12556" ADS removed successfully.
C:\ProgramData\Temp => ":C6070AC3" ADS removed successfully.
C:\ProgramData\Temp => ":D083E4C6" ADS removed successfully.
C:\ProgramData\Temp => ":D1B5B4F1" ADS removed successfully.
C:\ProgramData\Temp => ":D5FBE8F9" ADS removed successfully.
C:\ProgramData\Temp => ":FD9CE1F3" ADS removed successfully.
 
==== End of Fixlog 16:30:14 ====


#9 fireman4it

fireman4it

    Bleepin' Fireman


  • Malware Response Team
  • 13,505 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Greenup, Ill USA
  • Local time:08:20 AM

Posted 09 April 2015 - 11:13 AM

Lets run a couple other scans to make sure there are no leftover files around.

 

1.

Please download Malwarebytes Anti-Malware photo.jpg?sz=48 and save it to your desktop.

  • Double-click on the setup file (mbam-setup.exe), then click on Run to install.
  • Malwarebytes will automatically open to it's Dashboard. If you have never run this version, you should see a red note at the top indicating "A scan has never been run on your system"
     
    malwarebytes-anti-malware-fix-now.jpg
    .
  • Click on Update Now to download the current database definitions, then click the Scan Now >> button.
    .
  • If you have run this version before, you should see a green note at the top indicating "Your system is fully protected".
  • You will be prompted to update Malwarebytes...click on the Update Now button.
     
    malwarebytes-anti-malware-2-0-update-now
    .
  • The THREAT SCAN will automatically begin.
     
    malwarebytes-anti-malware-scan.jpg
    .
  • When the scan has completed, the results will be displayed. Click on Quarantine All, then click on Apply Actions.
     
    malwarebytes-anti-malware-potential-thre
    .
  • To complete any actions taken you will be prompted to restart your computer...click on Yes. Failure to reboot normally will prevent Malwarebytes from removing all the malware.
     
    mbam4_zps490948cc.png
    .
  • After rebooting the computer, copy and past the mbam.log in your next reply.

.
To retrieve the Malwarebytes Anti-Malware 2.0 scan log information (Method 1)
  • Open Malwarebytes Anti-Malware.
  • Click the History Tab at the top and select Application Logs.
  • Select (check) the box next to Scan Log. Choose the most current scan.
  • Click the View button.
  • Click Copy to Clipboard at the bottom...come back to this thread, click Add Reply, then right-click and choose Paste.
  • Alternatively, you can click Export and save the log as a .txt file on your Desktop or another location.
  • Be sure to post the complete log to include the top portion which shows MBAM's database version and your operating system.

To retrieve the Malwarebytes Anti-Malware 2.0 scan log information (Method 2)
  • Open Malwarebytes Anti-Malware.
  • Click the Scan Tab at the top.
  • Click the View detailed log link on the right.
  • Click Copy to Clipboard at the bottom...come back to this thread, click Add Reply, then right-click and choose Paste.
  • Alternatively, you can click Export and save the log as a .txt file on your Desktop or another location.
  • Be sure to post the complete log to include the top portion which shows MBAM's database version and your operating system.


Logs are named by the date of scan in the following format: mbam-log-yyyy-mm-dd and automatically saved to the following locations:
-- XP: C:\Documents and Settings\<Username>\Application Data\Malwarebytes\Malwarebytes Anti-Malware\Logs\mbam-log-yyyy-mm-dd
-- Vista, Windows 7/8: C:\ProgramData\Malwarebytes\Malwarebytes Anti-Malware\Logs\mbam-log-yyyy-mm-dd

 

 

2.

  • Download Emsisoft Emergency Kit and save it to your desktop.
  • Double click on the EmsisoftEmergencyKit.exe icon, click Run then Extract
  • Double click the Start Emsisoft Emergency Kit icon that will appear after extraction
  • Click Yes to update the program
  • Once the update is completed click the Back button
  • Click on 2. Scan (not Quick Scan or Smart Scan)
  • Click Yes to detect Potentially Unwanted Programs (PUPs)
  • Patiently wait for the thorough scan to complete, this can be a lengthy process
  • Once completed click Quarantine selected objects (if computer is clean you will not have this option) then click OK
  • Click View Report
  • Attach the report to your reply
  • Close the program then click Close


" Extinguishing Malware from the world"

The Virus, Trojan, Spyware, and Malware Removal forum is very busy. If I'm helping you and I've not posted back within 24 hrs., send a PM with your topic link. Thank you.

ALL OTHER HELP REQUESTS VIA THE PM SYSTEM WILL BE IGNORED. The Forums are there for a reason!
Thanks-


  userbar_eis_500.gif

If I have helped you, consider making a donation to help me continue the fight against Malware! Just click btn_donate_LG.gif


#10 fastback

fastback
  • Topic Starter

  • Members
  • 41 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:06:20 AM

Posted 10 April 2015 - 10:45 PM

Here are the Malwarebytes & Emsisoft reports

 

Malwarebytes Anti-Malware
www.malwarebytes.org
 
Scan Date: 4/9/2015
Scan Time: 7:37:52 PM
Logfile: malwarebytes_04092015.txt
Administrator: Yes
 
Version: 2.00.4.1028
Malware Database: v2015.04.10.01
Rootkit Database: v2015.03.31.01
License: Free
Malware Protection: Disabled
Malicious Website Protection: Disabled
Self-protection: Disabled
 
OS: Windows Vista Service Pack 2
CPU: x86
File System: NTFS
User: daustin
 
Scan Type: Threat Scan
Result: Completed
Objects Scanned: 477700
Time Elapsed: 13 min, 11 sec
 
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Enabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled
 
Processes: 0
(No malicious items detected)
 
Modules: 0
(No malicious items detected)
 
Registry Keys: 0
(No malicious items detected)
 
Registry Values: 0
(No malicious items detected)
 
Registry Data: 0
(No malicious items detected)
 
Folders: 0
(No malicious items detected)
 
Files: 3
PUP.Optional.ExpressFind.A, C:\Users\daustin\AppData\Roaming\Mozilla\Firefox\Profiles\6hksbfbg.default\extensions\{c1c2292b-1e63-4789-80ef-a6c78d8308b6}.xpi, Quarantined, [d43f2a22a3e7251107428931aa59c43c], 
PUP.OptionalExpressFind..A, C:\Users\daustin\AppData\Local\Google\Chrome\User Data\Default\Local Storage\https_expressfind-a.akamaihd.net_0.localstorage, Quarantined, [9a79b597cbbfe4522291823840c30cf4], 
PUP.OptionalExpressFind..A, C:\Users\daustin\AppData\Local\Google\Chrome\User Data\Default\Local Storage\https_expressfind-a.akamaihd.net_0.localstorage-journal, Quarantined, [f1223814404a4de9644f9327f80bb947], 
 
Physical Sectors: 0
(No malicious items detected)
 
 
(end)
 
 
Emsisoft Emergency Kit - Version 9.0
Last update: 4/10/2015 1:14:53 AM
User account: main_admin-PC\daustin
 
Scan settings:
 
Scan type: Custom Scan
Objects: Rootkits, Memory, Traces, C:\
 
Detect PUPs: On
Scan archives: On
ADS Scan: On
File extension filter: Off
Advanced caching: On
Direct disk access: Off
 
Scan start: 4/10/2015 1:18:27 AM
C:\Program Files\bigfix detected: Application.AppInstall (A)
Value: HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\POLICIES\SYSTEM -> DISABLETASKMGR detected: Setting.DisableTaskMgr (A)
Value: HKEY_USERS\S-1-5-21-908084168-186713400-116910121-1003\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\POLICIES\SYSTEM -> DISABLETASKMGR detected: Setting.DisableTaskMgr (A)
Value: HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\POLICIES\SYSTEM -> DISABLEREGISTRYTOOLS detected: Setting.DisableRegistryTools (A)
Value: HKEY_USERS\S-1-5-21-908084168-186713400-116910121-1003\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\POLICIES\SYSTEM -> DISABLEREGISTRYTOOLS detected: Setting.DisableRegistryTools (A)
Value: HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\POLICIES\EXPLORER -> NORUN detected: Setting.NoRun (A)
Value: HKEY_USERS\S-1-5-21-908084168-186713400-116910121-1003\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\POLICIES\EXPLORER -> NORUN detected: Setting.NoRun (A)
Value: HKEY_USERS\S-1-5-21-908084168-186713400-116910121-1003\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\POLICIES\EXPLORER -> NOFOLDEROPTIONS detected: Setting.NoFolderOptions (A)
Value: HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\POLICIES\EXPLORER -> NOFOLDEROPTIONS detected: Setting.NoFolderOptions (A)
Key: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\INSTALLER\UPGRADECODES\F928123A039649549966D4C29D35B1C9 detected: Application.AdReg (A)
Key: HKEY_USERS\S-1-5-21-908084168-186713400-116910121-1000\SOFTWARE\BIGFIX detected: Application.InstallAd (A)
Key: HKEY_USERS\S-1-5-21-908084168-186713400-116910121-1001\SOFTWARE\BIGFIX detected: Application.InstallAd (A)
Key: HKEY_LOCAL_MACHINE\SOFTWARE\BIGFIX detected: Application.InstallAd (A)
C:\KVRT_Data\Quarantine\KVRTQ0000\kvrt0000.klq -> (Quarantine-6) -> Revelaᅢ댃o Entre 2013 A 2014 Cd Completo ( Bobby Lyle ) Ouvir mᅢᄎsica na Rᅢᄀdio UOL.exe detected: Gen:Trojan.Heur.xoKfrvED6xkOi (B)
C:\Users\daustin\Documents\KnockOut.iso -> Setup.exe -> (NSIS o) -> bzip2_solid_nsis0001 -> (RAR Sfx o) -> c2cdll.exe detected: Dropped:Trojan.Downloader.JMRR (B)
C:\Users\daustin\Documents\KnockOut.iso -> Setup.exe -> (NSIS o) -> bzip2_solid_nsis0001 -> (Dropped 1) -> (NSIS o) -> bzip2_nsis0001 detected: Trojan.Downloader.JMRR (B)
C:\Users\daustin\Documents\KnockOut.iso -> Setup.exe -> (NSIS o) -> bzip2_solid_nsis0001 -> (Dropped 1) -> (NSIS o) -> bzip2_nsis0002 detected: Trojan.Downloader.JMRR (B)
C:\Users\daustin\Downloads\IMSI Renditioner Pro 2.0.4  - Acrtivator -.rar -> IMSI Renditioner Pro 2.0.4  - Acrtivator -.exe detected: Trojan.Generic.KDV.521437 (B)
 
Scanned 441954
Found 18
 
Scan end: 4/10/2015 2:50:56 AM
Scan time: 1:32:29
 
C:\KVRT_Data\Quarantine\KVRTQ0000\kvrt0000.klq Quarantined Gen:Trojan.Heur.xoKfrvED6xkOi (B)
Key: HKEY_LOCAL_MACHINE\SOFTWARE\BIGFIX Quarantined Application.InstallAd (A)
Key: HKEY_USERS\S-1-5-21-908084168-186713400-116910121-1001\SOFTWARE\BIGFIX Quarantined Application.InstallAd (A)
Key: HKEY_USERS\S-1-5-21-908084168-186713400-116910121-1000\SOFTWARE\BIGFIX Quarantined Application.InstallAd (A)
Key: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\INSTALLER\UPGRADECODES\F928123A039649549966D4C29D35B1C9 Quarantined Application.AdReg (A)
Value: HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\POLICIES\EXPLORER -> NOFOLDEROPTIONS Quarantined Setting.NoFolderOptions (A)
Value: HKEY_USERS\S-1-5-21-908084168-186713400-116910121-1003\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\POLICIES\EXPLORER -> NOFOLDEROPTIONS Quarantined Setting.NoFolderOptions (A)
Value: HKEY_USERS\S-1-5-21-908084168-186713400-116910121-1003\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\POLICIES\EXPLORER -> NORUN Quarantined Setting.NoRun (A)
Value: HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\POLICIES\EXPLORER -> NORUN Quarantined Setting.NoRun (A)
Value: HKEY_USERS\S-1-5-21-908084168-186713400-116910121-1003\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\POLICIES\SYSTEM -> DISABLEREGISTRYTOOLS Quarantined Setting.DisableRegistryTools (A)
Value: HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\POLICIES\SYSTEM -> DISABLEREGISTRYTOOLS Quarantined Setting.DisableRegistryTools (A)
Value: HKEY_USERS\S-1-5-21-908084168-186713400-116910121-1003\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\POLICIES\SYSTEM -> DISABLETASKMGR Quarantined Setting.DisableTaskMgr (A)
Value: HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\POLICIES\SYSTEM -> DISABLETASKMGR Quarantined Setting.DisableTaskMgr (A)
C:\Program Files\bigfix Quarantined Application.AppInstall (A)
 
Quarantined 14
 

Edited by fastback, 10 April 2015 - 10:48 PM.


#11 fireman4it

fireman4it

    Bleepin' Fireman


  • Malware Response Team
  • 13,505 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Greenup, Ill USA
  • Local time:08:20 AM

Posted 12 April 2015 - 02:54 PM

How is the computer running now?


" Extinguishing Malware from the world"

The Virus, Trojan, Spyware, and Malware Removal forum is very busy. If I'm helping you and I've not posted back within 24 hrs., send a PM with your topic link. Thank you.

ALL OTHER HELP REQUESTS VIA THE PM SYSTEM WILL BE IGNORED. The Forums are there for a reason!
Thanks-


  userbar_eis_500.gif

If I have helped you, consider making a donation to help me continue the fight against Malware! Just click btn_donate_LG.gif


#12 fireman4it

fireman4it

    Bleepin' Fireman


  • Malware Response Team
  • 13,505 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Greenup, Ill USA
  • Local time:08:20 AM

Posted 20 April 2015 - 03:17 PM

Due to the lack of feedback, this topic is now closed.

In the event you still have problems, please send me or any Moderator a Private Message and ask them to reopen this topic within the next 5 days.

Please include a link to your topic in the Private Message. Thank you.

" Extinguishing Malware from the world"

The Virus, Trojan, Spyware, and Malware Removal forum is very busy. If I'm helping you and I've not posted back within 24 hrs., send a PM with your topic link. Thank you.

ALL OTHER HELP REQUESTS VIA THE PM SYSTEM WILL BE IGNORED. The Forums are there for a reason!
Thanks-


  userbar_eis_500.gif

If I have helped you, consider making a donation to help me continue the fight against Malware! Just click btn_donate_LG.gif





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users