Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Popup Windows cannot find ...\Roaming\5.exe


  • This topic is locked This topic is locked
17 replies to this topic

#1 MolonLabeNV

MolonLabeNV

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Las Vegas, NV
  • Local time:02:50 AM

Posted 12 April 2015 - 11:41 AM

There was a thread on this topic in February this year but it has been closed.  I, too, have the same problem of late.  I was unsure of copying the code snippet into FRST as Kathy was instructed.  I have the impression that code was specific to her logs.

 

So, where can we start?



BC AdBot (Login to Remove)

 


#2 deeprybka

deeprybka

  • Malware Response Team
  • 5,198 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:11:50 AM

Posted 12 April 2015 - 12:19 PM

Hi & :welcome: to Bleeping Computer Forums!
My name is Jürgen and I will be assisting you with your Malware related problems. :warrior:

Before we move on, please read the following points carefully: :exclame:
  • My native language isn't English. So please do not use slang or idioms. It could be hard for me to read. Thanks for your understanding.
  • Please read my instructions completely. If there is anything that you do not understand kindly ask before proceeding.
  • Perform everything in the correct order. Sometimes one step requires the previous one.
  • If you have any problems while you are follow my instructions, Stop there and tell me the exact nature of your problem.
  • Do not run any other scans without instruction or Add/ Remove Software unless I tell you to do so. This would change the output of our tools and could be confusing for me.
  • Post all Logfiles as a reply rather than as an attachment unless I specifically ask you. If you can not post all logfiles in one reply, feel free to use more posts.
  • If you have illegal/cracked software, cracks, keygens, etc. on the system, please remove or uninstall them now!
  • If I don't hear from you within 5 days from this initial or any subsequent post, then this thread will be closed.
  • If I don't reply within 24 hours please PM me!
  • Stay with me. I will give you some advice about prevention after the cleanup process. Absence of symptoms does not always mean the computer is clean.
Step 1

Please run a FRST scan. This will help us diagnose your problem.

frst.pngfrstscan.png
Please download Farbar Recovery Scan Tool and save it to your Desktop.
(If you are not sure which version (32-/64-bit) applies to your system, download and try to start both of them as just the right one will run.)
  • Start FRST with administator privileges.
  • Make sure the option Addition.txt is checked and press the Scan button.
  • When finished, FRST will produce two logs (FRST.txt and Addition.txt) in the same directory the tool was run from.
  • Please copy and paste these logs in your next reply.

regards,
deeprybka
:busy:
Neminem laede, immo omnes, quantum potes, iuva. Arthur Schopenhauer
 
unite_blue.png
asap.png

#3 MolonLabeNV

MolonLabeNV
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Las Vegas, NV
  • Local time:02:50 AM

Posted 12 April 2015 - 01:17 PM

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 11-04-2015
Ran by Matthew (administrator) on OFFICE on 11-04-2015 10:02:28
Running from C:\Users\Matthew\Downloads\AV Malrware
Loaded Profiles: Matthew (Available profiles: Matthew & Monica)
Platform: Windows 8.1 (X64) OS Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(Stardock Software, Inc) C:\Program Files (x86)\Stardock\ModernMix\MMixSrv.exe
(Stardock Software, Inc) C:\Program Files (x86)\Stardock\Start8\Start8Srv.exe
(Stardock Software, Inc) C:\Program Files (x86)\Stardock\Start8\Start8_64.exe
(Cisco Systems, Inc.) C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnagent.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Carbonite, Inc. (www.carbonite.com)) C:\Program Files\Carbonite\Carbonite Backup\CarboniteService.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office 15\ClientX64\officeclicktorun.exe
() C:\Program Files\Everything\Everything.exe
(Microsoft Corporation) C:\Windows\System32\dasHost.exe
(Gladinet, INC) C:\Program Files (x86)\Nuance\Nuance Cloud Connector\GladFileMonSvc.exe
() C:\Program Files (x86)\Nuance\Nuance Cloud Connector\WOSVSSSvr.exe
(McAfee, Inc.) C:\Windows\System32\mfevtps.exe
(Microsoft Corporation) C:\Program Files\Microsoft SQL Server\MSSQL10_50.MYMOVIES\MSSQL\Binn\sqlservr.exe
(Microsoft Corporation) C:\Windows\SysWOW64\rundll32.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(PC Tools) C:\Program Files (x86)\Common Files\PC Tools\sMonitor\StartManSvc.exe
(Nuance Communications, Inc.) C:\Program Files (x86)\Nuance\PDF Professional 8\PDFProFiltSrv.exe
(Nuance Communications, Inc.) C:\Program Files (x86)\Nuance\PaperPort\PDFProFiltSrvPP.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft SQL Server\90\Shared\sqlbrowser.exe
(Microsoft Corporation) C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
(DEVGURU Co., LTD.) C:\Program Files\SAMSUNG\USB Drivers\25_escape\conn\ss_conn_service.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
(Stardock Software, Inc) C:\Program Files (x86)\Stardock\ModernMix\MMix_64.exe
(Microsoft Corporation) C:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe
(Microsoft Corporation) C:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe
(Xobni Corporation) C:\Program Files (x86)\Xobni\XobniService.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.26.9\GoogleCrashHandler.exe
(Apple Inc.) C:\Program Files (x86)\AirPrint\airprint.exe
(McAfee, Inc.) C:\Program Files\McAfee\MSC\McAPExe.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\AMCore\mcshield.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.26.9\GoogleCrashHandler64.exe
(Microsoft Corporation) C:\Windows\splwow64.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\TeamViewer.exe
(Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe
(Stardock Software, Inc) C:\Program Files (x86)\Stardock\ModernMix\MMix_32.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\tv_w32.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\tv_x64.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\System32\SkyDrive.exe
() C:\Program Files\Everything\Everything.exe
(Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Intuit Inc.) C:\Program Files (x86)\Quicken\bagent.exe
(Siber Systems) C:\Program Files (x86)\Siber Systems\AI RoboForm\robotaskbaricon.exe
(Sand Studio) C:\Program Files (x86)\AirDroid\AirDroid.exe
(Dropbox, Inc.) C:\Users\Matthew\AppData\Roaming\Dropbox\bin\Dropbox.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office 15\root\office15\ONENOTEM.EXE
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\System32\Taskmgr.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Nuance Communications, Inc.) C:\Program Files (x86)\Nuance\PaperPort\pptd40nt.exe
(PC Tools) C:\Program Files (x86)\Common Files\PC Tools\sMonitor\SSDMonitor.exe
(Carbonite, Inc.) C:\Program Files (x86)\Carbonite\Carbonite Backup\CarboniteUI.exe
(Microsoft Corporation) C:\Windows\SysWOW64\cmd.exe
(McAfee, Inc.) C:\Program Files (x86)\McAfee\SiteAdvisor\McChHost.exe
(Microsoft Corporation) C:\Windows\SysWOW64\cmd.exe
(Siber Systems Inc.) C:\Program Files (x86)\Siber Systems\AI RoboForm\Chrome\rf-chrome-nm-host.exe
(McAfee, Inc.) C:\Program Files (x86)\McAfee\SiteAdvisor\saUI.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
(Microsoft Corporation) C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesCommonX86\Microsoft Shared\OFFICE15\CSISYNCCLIENT.EXE
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Nero AG) C:\Program Files (x86)\Nero\Update\NASvc.exe
(Piriform Ltd) C:\Program Files\CCleaner\CCleaner64.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\Platform\McUICnt.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe
(McAfee, Inc.) C:\Program Files (x86)\McAfee\SiteAdvisor\mcsacore.exe
(Intuit Inc.) C:\Program Files (x86)\Quicken\qw.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\Office14\WINWORD.EXE
(Microsoft Corporation) C:\Windows\SysWOW64\wbem\WmiPrvSE.exe
(Microsoft Corporation) C:\Windows\splwow64.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
 
 
==================== Registry (Whitelisted) ==================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [Fences] => C:\Program Files (x86)\Stardock\Fences\Fences.exe [3993744 2014-05-22] (Stardock Corporation)
HKLM\...\Run: [Everything] => C:\Program Files\Everything\Everything.exe [1441792 2014-08-05] ()
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [169768 2015-02-13] (Apple Inc.)
HKLM-x32\...\Run: [ISUSPM] => C:\ProgramData\FLEXnet\Connect\11\\isuspm.exe [2068856 2011-10-13] (Flexera Software LLC.)
HKLM-x32\...\Run: [PDF8 Registry Controller] => C:\Program Files (x86)\Nuance\PDF Professional 8\RegistryController.exe [178576 2012-10-23] (Nuance Communications, Inc.)
HKLM-x32\...\Run: [Nuance PDF Converter Professional 8-reminder] => C:\Program Files (x86)\Nuance\PDF Professional 8\Ereg\Ereg.exe [333712 2012-10-11] (Nuance Communications, Inc.)
HKLM-x32\...\Run: [OmniPage Preload] => C:\Program Files (x86)\Nuance\OmniPage19\OmniPage19.exe [2922824 2013-04-22] (Nuance Communications, Inc.)
HKLM-x32\...\Run: [Nuance OmniPage Ultimate-reminder] => C:\Program Files (x86)\Nuance\OmniPage19\Ereg\Ereg.exe [334152 2013-01-14] (Nuance Communications, Inc.)
HKLM-x32\...\Run: [PaperPort PTD] => C:\Program Files (x86)\Nuance\PaperPort\pptd40nt.exe [38880 2012-11-12] (Nuance Communications, Inc.)
HKLM-x32\...\Run: [IndexSearch] => C:\Program Files (x86)\Nuance\PaperPort\IndexSearch.exe [51168 2012-11-12] (Nuance Communications, Inc.)
HKLM-x32\...\Run: [PPort14reminder] => C:\Program Files (x86)\Nuance\PaperPort\Ereg\Ereg.exe [333672 2012-01-03] (Nuance Communications, Inc.)
HKLM-x32\...\Run: [SSDMonitor] => C:\Program Files (x86)\Common Files\PC Tools\sMonitor\SSDMonitor.exe [105120 2012-08-21] (PC Tools)
HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [641704 2012-11-16] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [AMD AVT] => C:\Program Files (x86)\AMD AVT\bin\kdbsync.exe [20992 2012-03-19] ()
HKLM-x32\...\Run: [pdfSaver3] => [X]
HKLM-x32\...\Run: [Carbonite Backup] => C:\Program Files (x86)\Carbonite\Carbonite Backup\CarboniteUI.exe [1056976 2014-06-27] (Carbonite, Inc.)
HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [157480 2014-10-15] (Apple Inc.)
HKLM-x32\...\Run: [mcpltui_exe] => C:\Program Files\McAfee.com\Agent\mcagent.exe [537992 2014-04-25] (McAfee, Inc.)
HKLM\...\Policies\Explorer: [NoFolderOptions] 0
HKLM\...\Policies\Explorer: [NoControlPanel] 0
HKU\S-1-5-21-3331112126-1740026331-2912461648-1001\...\Run: [OpAgent] => "OpAgent.exe" /agent
HKU\S-1-5-21-3331112126-1740026331-2912461648-1001\...\Run: [uTorrent] => C:\Users\Matthew\AppData\Roaming\uTorrent\uTorrent.exe [1442384 2015-03-27] (BitTorrent Inc.)
HKU\S-1-5-21-3331112126-1740026331-2912461648-1001\...\Run: [GoogleChromeAutoLaunch_1DCACA8C0EC1716DD73D162837173624] => C:\Program Files (x86)\Google\Chrome\Application\chrome.exe [809288 2015-03-30] (Google Inc.)
HKU\S-1-5-21-3331112126-1740026331-2912461648-1001\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [7451928 2015-03-13] (Piriform Ltd)
HKU\S-1-5-21-3331112126-1740026331-2912461648-1001\...\Run: [QuickenScheduledUpdates] => C:\Program Files (x86)\Quicken\bagent.exe [77528 2015-03-23] (Intuit Inc.)
HKU\S-1-5-21-3331112126-1740026331-2912461648-1001\...\Run: [RoboForm] => C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe [110160 2015-02-21] (Siber Systems)
HKU\S-1-5-21-3331112126-1740026331-2912461648-1001\...\Run: [AirDroid 3] => C:\Program Files (x86)\AirDroid\AirDroid.exe [11662848 2015-02-05] (Sand Studio)
HKU\S-1-5-21-3331112126-1740026331-2912461648-1001\...\Policies\Explorer: [NoInstrumentation] 1
HKU\S-1-5-21-3331112126-1740026331-2912461648-1001\...\MountPoints2: {344a67ce-4b0f-11e3-824f-806e6f6e6963} - "notepad.exe" SeaToolsDOSguide.EN.txt
HKU\S-1-5-21-3331112126-1740026331-2912461648-1001\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\WINDOWS\system32\scrnsave.scr [11776 2014-10-28] (Microsoft Corporation)
Startup: C:\Users\Matthew\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk -> C:\Users\Matthew\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
Startup: C:\Users\Matthew\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Fences.lnk
ShortcutTarget: Fences.lnk -> C:\Program Files (x86)\Stardock\Fences\Fences.exe (Stardock Corporation)
Startup: C:\Users\Matthew\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2010 Screen Clipper and Launcher.lnk
ShortcutTarget: OneNote 2010 Screen Clipper and Launcher.lnk -> C:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.EXE (Microsoft Corporation)
Startup: C:\Users\Matthew\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Send to OneNote.lnk
ShortcutTarget: Send to OneNote.lnk -> C:\Program Files\Microsoft Office 15\root\office15\ONENOTEM.EXE (Microsoft Corporation)
Startup: C:\Users\Monica\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk -> C:\Users\Matthew\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt1"] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Matthew\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt2"] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Matthew\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt3"] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Matthew\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt4"] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Matthew\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt5"] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Matthew\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt6"] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Matthew\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt7"] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Matthew\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt8"] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Matthew\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [Carbonite.Green] -> {95A27763-F62A-4114-9072-E81D87DE3B68} => C:\Program Files\Carbonite\Carbonite Backup\CarboniteNSE.dll (Carbonite, Inc.)
ShellIconOverlayIdentifiers: [Carbonite.Partial] -> {E300CD91-100F-4E67-9AF3-1384A6124015} => C:\Program Files\Carbonite\Carbonite Backup\CarboniteNSE.dll (Carbonite, Inc.)
ShellIconOverlayIdentifiers: [Carbonite.Yellow] -> {5E529433-B50E-4bef-A63B-16A6B71B071A} => C:\Program Files\Carbonite\Carbonite Backup\CarboniteNSE.dll (Carbonite, Inc.)
ShellIconOverlayIdentifiers: [GladinetIconOverlay] -> {3C3DC57A-7535-48AF-BB9E-C3576A4F34D0} => C:\Program Files (x86)\Nuance\Nuance Cloud Connector\GlOverlayIcon.dll (Gladinet, INC)
ShellIconOverlayIdentifiers: [GladinetUploading] -> {959A18D3-9CC9-41e8-B76F-34ED9A89D4EA} => C:\Program Files (x86)\Nuance\Nuance Cloud Connector\GlOverlayIconU.dll (Gladinet, INC)
ShellIconOverlayIdentifiers-x32: [Carbonite.Green] -> {95A27763-F62A-4114-9072-E81D87DE3B68} => C:\Program Files (x86)\Carbonite\Carbonite Backup\CarboniteNSE.dll (Carbonite, Inc.)
ShellIconOverlayIdentifiers-x32: [Carbonite.Partial] -> {E300CD91-100F-4E67-9AF3-1384A6124015} => C:\Program Files (x86)\Carbonite\Carbonite Backup\CarboniteNSE.dll (Carbonite, Inc.)
ShellIconOverlayIdentifiers-x32: [Carbonite.Yellow] -> {5E529433-B50E-4bef-A63B-16A6B71B071A} => C:\Program Files (x86)\Carbonite\Carbonite Backup\CarboniteNSE.dll (Carbonite, Inc.)
ShellIconOverlayIdentifiers-x32: [GladinetIconOverlay] -> {3C3DC57A-7535-48AF-BB9E-C3576A4F34D0} => C:\Program Files (x86)\Nuance\Nuance Cloud Connector\GlOverlayIcon32.dll (Gladinet, INC)
ShellIconOverlayIdentifiers-x32: [GladinetUploading] -> {959A18D3-9CC9-41e8-B76F-34ED9A89D4EA} => C:\Program Files (x86)\Nuance\Nuance Cloud Connector\GlOverlayIconU32.dll (Gladinet, INC)
GroupPolicy: Group Policy on Chrome detected <======= ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\S-1-5-21-3331112126-1740026331-2912461648-1001\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKU\S-1-5-21-3331112126-1740026331-2912461648-1001\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.bing.com/search?q={searchTerms}&FORM=INMODF&PC=IN01
HKU\S-1-5-21-3331112126-1740026331-2912461648-1001\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKU\S-1-5-21-3331112126-1740026331-2912461648-1001\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://t.msn.com/
HKU\S-1-5-21-3331112126-1740026331-2912461648-1001\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = http://drudgereport.com/
HKU\S-1-5-21-3331112126-1740026331-2912461648-1001\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.bing.com/search?q={searchTerms}&FORM=INMODF&PC=IN01
SearchScopes: HKLM-x32 -> DefaultScope {006ee092-9658-4fd6-bd8e-a21a348e59f5} URL = http://www.bing.com/search?q={searchTerms}&FORM=INMODF&PC=IN01
SearchScopes: HKLM-x32 -> {006ee092-9658-4fd6-bd8e-a21a348e59f5} URL = http://www.bing.com/search?q={searchTerms}&FORM=INMODF&PC=IN01
SearchScopes: HKU\S-1-5-21-3331112126-1740026331-2912461648-1001 -> DefaultScope {006ee092-9658-4fd6-bd8e-a21a348e59f5} URL = http://www.bing.com/search?q={searchTerms}&FORM=INMODF&PC=IN01
SearchScopes: HKU\S-1-5-21-3331112126-1740026331-2912461648-1001 -> {006ee092-9658-4fd6-bd8e-a21a348e59f5} URL = http://www.bing.com/search?q={searchTerms}&FORM=INMODF&PC=IN01
SearchScopes: HKU\S-1-5-21-3331112126-1740026331-2912461648-1001 -> {8A97923E-96A0-4B99-9D1B-A38E40E1EBD3} URL = https://search.yahoo.com/search?fr=mcafee&type=B011US636D20150201&p={SearchTerms}
BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll [2015-03-14] (Microsoft Corporation)
BHO: RoboForm Toolbar Helper -> {724d43a9-0d85-11d4-9908-00400523e39a} -> C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboForm-x64.dll [2015-02-21] (Siber Systems Inc.)
BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL [2013-12-19] (Microsoft Corporation)
BHO: adTech Class -> {934B156A-3D17-3981-B78A-5C138F423AD6} -> C:\Users\Matthew\AppData\Roaming\pdfie\PdfConv_64.dll [2014-12-09] ()
BHO: McAfee SiteAdvisor BHO -> {B164E929-A1B6-4A06-B104-2CD0E90A88FF} -> c:\Program Files (x86)\McAfee\siteadvisor\x64\McIEPlg.dll [2015-01-28] (McAfee, Inc.)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL [2015-03-14] (Microsoft Corporation)
BHO-x32: PlusIEEventHelper Class -> {551A852F-39A6-44A7-9C13-AFBEC9185A9D} -> C:\Program Files (x86)\Nuance\PDF Professional 8\Bin\PlusIEContextMenu.dll [2012-07-19] (Zeon Corporation)
BHO-x32: RoboForm Toolbar Helper -> {724d43a9-0d85-11d4-9908-00400523e39a} -> C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll [2015-02-21] (Siber Systems Inc.)
BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL [2013-12-19] (Microsoft Corporation)
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_40\bin\ssv.dll [2015-04-10] (Oracle Corporation)
BHO-x32: adTech Class -> {934B156A-3D17-3981-B78A-5C138F423AD6} -> C:\Users\Matthew\AppData\Roaming\pdfie\PdfConv_32.dll [2014-12-09] ()
BHO-x32: McAfee SiteAdvisor BHO -> {B164E929-A1B6-4A06-B104-2CD0E90A88FF} -> c:\Program Files (x86)\McAfee\siteadvisor\McIEPlg.dll [2015-01-28] (McAfee, Inc.)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
BHO-x32: ZeonIEEventHelper Class -> {C7DA0384-42AA-428c-B832-88AC343DE1A8} -> C:\Program Files (x86)\Nuance\PDF Professional 8\Bin\GZeonIEFavClient.dll [2013-03-07] (Zeon Corporation)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_40\bin\jp2ssv.dll [2015-04-10] (Oracle Corporation)
Toolbar: HKLM - &RoboForm Toolbar - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboForm-x64.dll [2015-02-21] (Siber Systems Inc.)
Toolbar: HKLM - McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files (x86)\McAfee\siteadvisor\x64\McIEPlg.dll [2015-01-28] (McAfee, Inc.)
Toolbar: HKLM - No Name - {ae07101b-46d4-4a98-af68-0333ea26e113} -  No File
Toolbar: HKLM-x32 - &RoboForm Toolbar - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll [2015-02-21] (Siber Systems Inc.)
Toolbar: HKLM-x32 - Nuance PDF - {BCCE15AE-AC7E-4bc9-94AF-2A714A412BCB} - C:\Program Files (x86)\Nuance\PDF Professional 8\Bin\GZeonIEFavClient.dll [2013-03-07] (Zeon Corporation)
Toolbar: HKLM-x32 - McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files (x86)\McAfee\siteadvisor\McIEPlg.dll [2015-01-28] (McAfee, Inc.)
Toolbar: HKLM-x32 - No Name - {ae07101b-46d4-4a98-af68-0333ea26e113} -  No File
Toolbar: HKU\S-1-5-21-3331112126-1740026331-2912461648-1001 -> &RoboForm Toolbar - {724D43A0-0D85-11D4-9908-00400523E39A} - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboForm-x64.dll [2015-02-21] (Siber Systems Inc.)
DPF: HKLM-x32 {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} http://qtinstall.apple.com/qtactivex/qtplugin.cab
DPF: HKLM-x32 {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} https://akamaicdn.webex.com/client/WBXclient-T29L10NSP4EP2-2/event/ieatgpc1.cab
DPF: HKLM-x32 {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} https://secure.logmein.com//activex/ractrl.cab?lmi=1058
Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\siteadvisor\x64\McIEPlg.dll [2015-01-28] (McAfee, Inc.)
Handler-x32: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\siteadvisor\McIEPlg.dll [2015-01-28] (McAfee, Inc.)
Handler-x32: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\Office15\MSOSB.DLL [2015-03-14] (Microsoft Corporation)
Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\siteadvisor\x64\McIEPlg.dll [2015-01-28] (McAfee, Inc.)
Handler-x32: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\siteadvisor\McIEPlg.dll [2015-01-28] (McAfee, Inc.)
Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files\McAfee\MSC\mcsniepl64.dll [2014-04-25] (McAfee, Inc.)
Filter-x32: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files (x86)\McAfee\MSC\McSnIePl.dll [2014-04-25] (McAfee, Inc.)
Tcpip\Parameters: [DhcpNameServer] 68.105.28.16 68.105.29.16 68.105.28.17
 
FireFox:
========
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_17_0_0_134.dll [2015-03-20] ()
FF Plugin: @mcafee.com/MSC,version=10 -> c:\PROGRA~1\mcafee\msc\npmcsnffpl64.dll [2014-04-25] ()
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll [2014-05-13] ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_17_0_0_134.dll [2015-03-20] ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2014-02-18] ()
FF Plugin-x32: @cnw.com/cnwplugin -> C:\Program Files (x86)\AnyMeeting Plug-in\npcnwplugin.dll [2013-11-07] (AnyMeeting, Inc.)
FF Plugin-x32: @java.com/DTPlugin,version=11.40.2 -> C:\Program Files (x86)\Java\jre1.8.0_40\bin\dtplugin\npDeployJava1.dll [2015-04-10] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.40.2 -> C:\Program Files (x86)\Java\jre1.8.0_40\bin\plugin2\npjp2.dll [2015-04-10] (Oracle Corporation)
FF Plugin-x32: @mcafee.com/MSC,version=10 -> c:\PROGRA~2\mcafee\msc\npmcsnffpl.dll [2014-04-25] ()
FF Plugin-x32: @mcafee.com/MVT -> C:\Program Files (x86)\McAfee\Supportability\MVT\NPMVTPlugin.dll [2014-12-08] (McAfee, Inc.)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll [2014-05-13] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL [2014-12-19] (Microsoft Corporation)
FF Plugin-x32: @Nero.com/KM -> C:\PROGRA~2\COMMON~1\Nero\BrowserPlugin\npBrowserPlugin.dll [2013-11-07] (Nero AG)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-02-06] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-02-06] (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.1.1 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2015-02-27] (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.1.2 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2015-02-27] (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.1.3 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2015-02-27] (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.1.5 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2015-02-27] (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.2.0 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2015-02-27] (VideoLAN)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2015-03-17] (Adobe Systems Inc.)
FF Plugin-x32: ZEON/PDF,version=2.0 -> C:\Program Files (x86)\Nuance\PDF Professional 8\bin\nppdf.dll [2012-07-31] (Zeon Corporation)
FF Plugin HKU\S-1-5-21-3331112126-1740026331-2912461648-1001: @citrixonline.com/appdetectorplugin -> C:\Users\Matthew\AppData\Local\Citrix\Plugins\104\npappdetector.dll [2014-11-25] (Citrix Online)
FF Plugin HKU\S-1-5-21-3331112126-1740026331-2912461648-1001: LWAPlugin15.8 -> C:\Users\Matthew\AppData\Roaming\Mozilla\Plugins\npLWAPlugin15.8.dll [2013-03-13] (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Users\Matthew\AppData\Roaming\mozilla\plugins\npatgpc.dll [2015-02-23] (Cisco WebEx LLC)
FF Plugin ProgramFiles/Appdata: C:\Users\Matthew\AppData\Roaming\mozilla\plugins\npLWAPlugin15.8.dll [2013-03-13] (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Users\Matthew\AppData\Roaming\mozilla\plugins\npMeetingJoinPluginAOCUser.dll [2013-05-25] ()
FF HKLM-x32\...\Firefox\Extensions: [{22119944-ED35-4ab1-910B-E619EA06A115}] - C:\Program Files (x86)\Siber Systems\AI RoboForm\Firefox
FF Extension: RoboForm Toolbar for Firefox - C:\Program Files (x86)\Siber Systems\AI RoboForm\Firefox [2013-08-26]
FF HKLM-x32\...\Firefox\Extensions: [{4ED1F68A-5463-4931-9384-8FFF5ED91D92}] - C:\Program Files (x86)\McAfee\SiteAdvisor
FF Extension: McAfee SiteAdvisor - C:\Program Files (x86)\McAfee\SiteAdvisor [2015-02-01]
FF HKLM-x32\...\Thunderbird\Extensions: [msktbird@mcafee.com] - C:\Program Files\McAfee\MSK
FF Extension: McAfee Anti-Spam Thunderbird Extension - C:\Program Files\McAfee\MSK [2015-02-01]
 
Chrome: 
=======
CHR HomePage: Default -> hxxp://www.drudgereport.com/
CHR StartupUrls: Default -> "hxxp://www.drudgereport.com/", "hxxp://www.theblaze.com/", "hxxp://www.foxnews.com/", "hxxp://intranet.ballytech.com/", "https://www.siriusxm.com/player/#view=login"
CHR DefaultSearchKeyword: Default -> bing.com
CHR DefaultNewTabURL: Default -> https://www.bing.com/chrome/newtab
CHR Profile: C:\Users\Matthew\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Docs) - C:\Users\Matthew\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-04-29]
CHR Extension: (Google Drive) - C:\Users\Matthew\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-04-29]
CHR Extension: (MindMeister) - C:\Users\Matthew\AppData\Local\Google\Chrome\User Data\Default\Extensions\bdehgigffdnkjpaindemkaniebfaepjm [2014-06-19]
CHR Extension: (Gliffy Diagrams) - C:\Users\Matthew\AppData\Local\Google\Chrome\User Data\Default\Extensions\bhmicilclplefnflapjmnngmkkkkpfad [2014-06-20]
CHR Extension: (YouTube) - C:\Users\Matthew\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-04-29]
CHR Extension: (GeoGebra) - C:\Users\Matthew\AppData\Local\Google\Chrome\User Data\Default\Extensions\bnbaboaihhkjoaolfnfoablhllahjnee [2014-06-20]
CHR Extension: (Google Search) - C:\Users\Matthew\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-04-29]
CHR Extension: (Lucidchart Diagrams - Desktop) - C:\Users\Matthew\AppData\Local\Google\Chrome\User Data\Default\Extensions\djejicklhojeokkfmdelnempiecmdomj [2014-06-19]
CHR Extension: (SiteAdvisor) - C:\Users\Matthew\AppData\Local\Google\Chrome\User Data\Default\Extensions\fheoggkfdfchfphceeifdbepaooicaho [2015-02-06]
CHR Extension: (USMC Semper Fidelis) - C:\Users\Matthew\AppData\Local\Google\Chrome\User Data\Default\Extensions\fkbkpfdkgpjpbmibdidphjodachgkddg [2014-07-21]
CHR Extension: (Office Editing for Docs, Sheets & Slides) - C:\Users\Matthew\AppData\Local\Google\Chrome\User Data\Default\Extensions\gbkeegbaiigmenfmjfclcdgdpimamgkj [2014-07-18]
CHR Extension: (Planetarium) - C:\Users\Matthew\AppData\Local\Google\Chrome\User Data\Default\Extensions\gheikhdfflhlbemfmhcfpeblehemeklp [2014-06-20]
CHR Extension: (Chrome to Mobile) - C:\Users\Matthew\AppData\Local\Google\Chrome\User Data\Default\Extensions\idknbmbdnapjicclomlijcgfpikmndhd [2014-07-18]
CHR Extension: (Cisco WebEx Extension) - C:\Users\Matthew\AppData\Local\Google\Chrome\User Data\Default\Extensions\jlhmfgmfgeifomenelglieieghnjghma [2014-10-30]
CHR Extension: (Wave Accounting) - C:\Users\Matthew\AppData\Local\Google\Chrome\User Data\Default\Extensions\knpkfcpnjfbniadmfchjpcigfhookhaa [2014-06-19]
CHR Extension: (Chrome Hotword Shared Module) - C:\Users\Matthew\AppData\Local\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg [2015-03-09]
CHR Extension: (UberConference) - C:\Users\Matthew\AppData\Local\Google\Chrome\User Data\Default\Extensions\nhhfpdlccblfofockeabmalggfhelcgj [2014-06-19]
CHR Extension: (Google Wallet) - C:\Users\Matthew\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-04-29]
CHR Extension: (Sidekick by HubSpot) - C:\Users\Matthew\AppData\Local\Google\Chrome\User Data\Default\Extensions\oiiaigjnkhngdbnoookogelabohpglmd [2014-08-22]
CHR Extension: (Google Quick Scroll) - C:\Users\Matthew\AppData\Local\Google\Chrome\User Data\Default\Extensions\okanipcmceoeemlbjnmnbdibhgpbllgc [2015-02-17]
CHR Extension: (Gmail) - C:\Users\Matthew\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-04-29]
CHR Extension: (RoboForm) - C:\Users\Matthew\AppData\Local\Google\Chrome\User Data\Default\Extensions\pnlccmojcmeohlpggmfnbbiapkmbliob [2014-05-27]
CHR HKLM\...\Chrome\Extension: [fheoggkfdfchfphceeifdbepaooicaho] - C:\Program Files (x86)\McAfee\SiteAdvisor\McChPlg.crx [2015-01-28]
CHR HKLM\...\Chrome\Extension: [pnlccmojcmeohlpggmfnbbiapkmbliob] - C:\Program Files (x86)\Siber Systems\AI RoboForm\Chrome\rf-chrome.crx [2014-02-21]
CHR HKLM-x32\...\Chrome\Extension: [fheoggkfdfchfphceeifdbepaooicaho] - C:\Program Files (x86)\McAfee\SiteAdvisor\McChPlg.crx [2015-01-28]
CHR HKLM-x32\...\Chrome\Extension: [pnlccmojcmeohlpggmfnbbiapkmbliob] - C:\Program Files (x86)\Siber Systems\AI RoboForm\Chrome\rf-chrome.crx [2014-02-21]
 
==================== Services (Whitelisted) =================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 AirPrint; C:\Program Files (x86)\AirPrint\airprint.exe [234784 2015-03-11] (Apple Inc.)
R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [77128 2015-01-20] (Apple Inc.)
S3 BthHFSrv; C:\Windows\System32\BthHFSrv.dll [324608 2014-10-28] (Microsoft Corporation)
R2 ClickToRunSvc; C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe [2714800 2015-02-10] (Microsoft Corporation)
R2 Everything; C:\Program Files\Everything\Everything.exe [1441792 2014-08-05] () [File not signed]
R2 GladFileMonSvc; C:\Program Files (x86)\Nuance\Nuance Cloud Connector\GladFileMonSvc.exe [29592 2012-09-24] (Gladinet, INC)
R2 HomeNetSvc; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [328928 2013-07-30] (McAfee, Inc.)
R2 McAfee SiteAdvisor Service; C:\Program Files (x86)\McAfee\SiteAdvisor\McSACore.exe [155368 2015-02-19] (McAfee, Inc.)
R2 McAPExe; C:\Program Files\McAfee\MSC\McAPExe.exe [178528 2014-04-25] (McAfee, Inc.)
R2 McMPFSvc; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [328928 2013-07-30] (McAfee, Inc.)
R2 McNaiAnn; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [328928 2013-07-30] (McAfee, Inc.)
S3 McODS; C:\Program Files\McAfee\VirusScan\mcods.exe [603424 2014-10-08] (McAfee, Inc.)
R2 mcpltsvc; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [328928 2013-07-30] (McAfee, Inc.)
R2 McProxy; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [328928 2013-07-30] (McAfee, Inc.)
R2 mfecore; C:\Program Files\Common Files\McAfee\AMCore\mcshield.exe [1041192 2014-08-20] (McAfee, Inc.)
R2 mfefire; C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe [219752 2014-06-20] (McAfee, Inc.)
R2 mfevtp; C:\WINDOWS\system32\mfevtps.exe [189912 2014-06-20] (McAfee, Inc.)
R2 ModernMix; C:\Program Files (x86)\Stardock\ModernMix\MMixSrv.exe [74864 2014-03-10] (Stardock Software, Inc)
R2 MSK80Service; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [328928 2013-07-30] (McAfee, Inc.)
R2 MSSQL$MYMOVIES; c:\Program Files\Microsoft SQL Server\MSSQL10_50.MYMOVIES\MSSQL\Binn\sqlservr.exe [62379184 2014-07-10] (Microsoft Corporation)
R2 PCToolsSSDMonitorSvc; C:\Program Files (x86)\Common Files\PC Tools\sMonitor\StartManSvc.exe [794272 2012-08-21] (PC Tools)
R2 PDFProFiltSrv; C:\Program Files (x86)\Nuance\PDF Professional 8\PDFProFiltSrv.exe [135056 2012-10-23] (Nuance Communications, Inc.)
R2 PDFProFiltSrvPP; C:\Program Files (x86)\Nuance\PaperPort\PDFProFiltSrvPP.exe [220048 2012-11-12] (Nuance Communications, Inc.)
S4 SQLAgent$MYMOVIES; c:\Program Files\Microsoft SQL Server\MSSQL10_50.MYMOVIES\MSSQL\Binn\SQLAGENT.EXE [442536 2014-07-10] (Microsoft Corporation)
R2 ss_conn_service; C:\Program Files\SAMSUNG\USB Drivers\25_escape\conn\ss_conn_service.exe [741640 2014-05-12] (DEVGURU Co., LTD.)
R2 Start8; C:\Program Files (x86)\Stardock\Start8\Start8Srv.exe [143288 2014-06-18] (Stardock Software, Inc)
R2 TeamViewer; C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe [5448464 2015-03-30] (TeamViewer GmbH)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [366520 2015-02-03] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23792 2015-02-03] (Microsoft Corporation)
R2 XobniService; C:\Program Files (x86)\Xobni\XobniService.exe [59000 2013-06-28] (Xobni Corporation)
 
==================== Drivers (Whitelisted) ====================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
R3 cfwids; C:\Windows\System32\drivers\cfwids.sys [72128 2014-06-20] (McAfee, Inc.)
S3 HipShieldK; C:\Windows\System32\drivers\HipShieldK.sys [197704 2013-09-23] (McAfee, Inc.)
S4 LMIRfsClientNP; No ImagePath
R3 mfeapfk; C:\Windows\System32\drivers\mfeapfk.sys [181704 2014-06-20] (McAfee, Inc.)
R3 mfeavfk; C:\Windows\System32\drivers\mfeavfk.sys [313544 2014-06-20] (McAfee, Inc.)
S0 mfeelamk; C:\Windows\System32\drivers\mfeelamk.sys [70600 2014-06-20] (McAfee, Inc.)
R3 mfefirek; C:\Windows\System32\drivers\mfefirek.sys [523792 2014-06-20] (McAfee, Inc.)
R0 mfehidk; C:\Windows\System32\drivers\mfehidk.sys [786296 2014-06-20] (McAfee, Inc.)
R3 mfencbdc; C:\Windows\system32\DRIVERS\mfencbdc.sys [445512 2014-08-20] (McAfee, Inc.)
S3 mfencrk; C:\Windows\system32\DRIVERS\mfencrk.sys [96592 2014-08-20] (McAfee, Inc.)
R0 mfewfpk; C:\Windows\System32\drivers\mfewfpk.sys [348552 2014-06-20] (McAfee, Inc.)
R1 RsFx0153; C:\Windows\System32\DRIVERS\RsFx0153.sys [322736 2014-07-10] (Microsoft Corporation)
S3 ss_conn_usb_driver; C:\Windows\System32\Drivers\ss_conn_usb_driver.sys [26368 2014-05-12] (DEVGURU Co., LTD.)
S3 vpnva; C:\Windows\system32\DRIVERS\vpnva64-6.sys [52080 2013-10-10] (Cisco Systems, Inc.)
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [114496 2015-02-03] (Microsoft Corporation)
S2 LMIInfo; \??\C:\Program Files (x86)\LogMeIn\x64\RaInfo.sys [X]
 
==================== NetSvcs (Whitelisted) ===================
 
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
 
 
==================== One Month Created Files and Folders ========
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2015-04-11 10:02 - 2015-04-11 10:02 - 00000000 ____D () C:\FRST
2015-04-11 09:45 - 2015-04-11 10:04 - 00000000 ____D () C:\Users\Matthew\Downloads\AV Malrware
2015-04-11 08:53 - 2015-04-11 08:53 - 00001860 _____ () C:\Users\Public\Desktop\McAfee Security Center.lnk
2015-04-11 00:26 - 2015-04-11 00:26 - 00483952 _____ () C:\WINDOWS\system32\FNTCACHE.DAT
2015-04-11 00:26 - 2015-04-11 00:26 - 00000077 _____ () C:\WINDOWS\setupact.log
2015-04-11 00:26 - 2015-04-11 00:26 - 00000000 _____ () C:\WINDOWS\setuperr.log
2015-04-11 00:25 - 2015-04-11 00:25 - 00000766 _____ () C:\WINDOWS\PFRO.log
2015-04-10 18:59 - 2015-04-10 18:59 - 00098216 _____ (Oracle Corporation) C:\WINDOWS\SysWOW64\WindowsAccessBridge-32.dll
2015-04-10 18:57 - 2015-04-10 18:57 - 00003886 _____ () C:\WINDOWS\System32\Tasks\Adobe Acrobat Update Task
2015-04-10 18:56 - 2015-04-10 18:56 - 00002487 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk
2015-04-10 18:56 - 2015-04-10 18:56 - 00002075 _____ () C:\Users\Public\Desktop\Acrobat Reader DC.lnk
2015-04-09 01:31 - 2015-04-11 09:48 - 00000588 _____ () C:\WINDOWS\Tasks\G2MUpdateTask-S-1-5-21-3331112126-1740026331-2912461648-1001.job
2015-04-08 09:25 - 2015-04-08 09:25 - 00001071 _____ () C:\Users\Matthew\Desktop\Dropbox.lnk
2015-04-08 09:04 - 2015-04-08 09:04 - 00000000 ____D () C:\WINDOWS\system32\appraiser
2015-04-08 08:56 - 2015-03-22 15:45 - 00227328 _____ (Microsoft Corporation) C:\WINDOWS\system32\aepdu.dll
2015-04-08 08:56 - 2015-03-22 15:09 - 01111552 _____ (Microsoft Corporation) C:\WINDOWS\system32\aeinv.dll
2015-04-08 08:56 - 2015-03-22 15:09 - 00957440 _____ (Microsoft Corporation) C:\WINDOWS\system32\appraiser.dll
2015-04-08 08:56 - 2015-03-22 15:09 - 00769024 _____ (Microsoft Corporation) C:\WINDOWS\system32\invagent.dll
2015-04-08 08:56 - 2015-03-22 15:09 - 00726528 _____ (Microsoft Corporation) C:\WINDOWS\system32\generaltel.dll
2015-04-08 08:56 - 2015-03-22 15:09 - 00419328 _____ (Microsoft Corporation) C:\WINDOWS\system32\devinv.dll
2015-04-08 08:56 - 2015-03-22 15:09 - 00030720 _____ (Microsoft Corporation) C:\WINDOWS\system32\acmigration.dll
2015-04-08 08:56 - 2015-02-20 16:49 - 00780800 _____ (Microsoft Corporation) C:\WINDOWS\system32\lsm.dll
2015-04-08 08:56 - 2014-12-02 16:09 - 00192000 _____ (Microsoft Corporation) C:\WINDOWS\system32\aepic.dll
2015-04-02 07:34 - 2015-04-11 09:03 - 01154991 _____ () C:\WINDOWS\WindowsUpdate.log
2015-04-01 09:52 - 2015-04-01 09:52 - 05344528 _____ (Piriform Ltd) C:\Users\Matthew\Downloads\ccsetup504.exe
2015-04-01 08:26 - 2015-04-01 08:26 - 00000987 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TeamViewer 10.lnk
2015-04-01 08:26 - 2015-04-01 08:26 - 00000975 _____ () C:\Users\Public\Desktop\TeamViewer 10.lnk
2015-03-31 09:23 - 2015-03-31 09:27 - 00000000 ___SD () C:\WINDOWS\system32\GWX
2015-03-31 09:23 - 2015-03-31 09:23 - 00000000 ___SD () C:\WINDOWS\SysWOW64\GWX
2015-03-31 09:23 - 2015-03-31 09:23 - 00000000 ____D () C:\Users\Matthew\AppData\Local\Skype
2015-03-31 09:22 - 2015-04-10 21:15 - 00000000 ____D () C:\Users\Matthew\AppData\Roaming\Skype
2015-03-31 09:22 - 2015-04-10 18:53 - 00000000 ___RD () C:\Program Files (x86)\Skype
2015-03-31 09:22 - 2015-04-10 18:53 - 00000000 ____D () C:\ProgramData\Skype
2015-03-31 09:22 - 2015-03-31 09:22 - 00002743 _____ () C:\Users\Public\Desktop\Skype.lnk
2015-03-31 09:22 - 2015-03-31 09:22 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
2015-03-31 08:50 - 2015-03-14 01:20 - 01385256 _____ (Microsoft Corporation) C:\WINDOWS\system32\msctf.dll
2015-03-31 08:50 - 2015-03-14 01:13 - 01124352 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msctf.dll
2015-03-20 19:07 - 2015-03-20 19:11 - 00000000 ____D () C:\Users\Matthew\Downloads\Pictures of gate
2015-03-20 01:29 - 2015-03-20 09:53 - 00000000 ____D () C:\WINDOWS\Minidump
2015-03-20 01:02 - 2015-03-20 01:02 - 08867840 _____ () C:\Users\Matthew\Downloads\SeaToolsDOS223ALL.ISO
2015-03-20 00:28 - 2015-03-20 00:28 - 00001439 _____ () C:\Users\Public\Desktop\SeaTools for Windows.lnk
2015-03-20 00:12 - 2015-03-20 00:12 - 00000000 ____D () C:\Users\Matthew\Downloads\HDDScan_v33
2015-03-20 00:10 - 2015-03-20 00:10 - 03820088 _____ () C:\Users\Matthew\Downloads\HDDScan_v33.zip
2015-03-20 00:10 - 2015-03-20 00:10 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Seagate
2015-03-20 00:10 - 2015-03-20 00:10 - 00000000 ____D () C:\Program Files (x86)\Seagate
2015-03-20 00:09 - 2015-03-20 00:09 - 26771088 _____ () C:\Users\Matthew\Downloads\SeaToolsforWindowsSetup.exe
2015-03-15 20:57 - 2015-03-04 14:24 - 00792032 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
2015-03-15 20:57 - 2015-03-04 14:24 - 00178144 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl
2015-03-15 20:40 - 2015-03-15 20:40 - 00000134 _____ () C:\Users\Matthew\Desktop\Surprise- U.S. Economic Data Have Been the World's Most Disappointing - Bloomberg Business.url
2015-03-15 13:10 - 2012-07-04 11:55 - 01354240 _____ (CANON INC.) C:\WINDOWS\system32\CNC280C.dll
2015-03-15 13:10 - 2012-07-04 11:55 - 00112128 _____ (CANON INC.) C:\WINDOWS\system32\CNC280I.dll
2015-03-15 13:10 - 2012-07-04 11:29 - 00106496 _____ (CANON INC.) C:\WINDOWS\SysWOW64\CNC280U.dll
2015-03-15 13:10 - 2010-03-18 19:26 - 00348672 _____ (CANON INC.) C:\WINDOWS\system32\CNC280L.dll
2015-03-15 13:10 - 2010-03-18 19:25 - 00307200 _____ (CANON INC.) C:\WINDOWS\SysWOW64\CNC280L.dll
2015-03-15 13:10 - 2009-11-13 14:38 - 00012800 _____ () C:\WINDOWS\SysWOW64\CNC1746D.TBL
2015-03-15 13:10 - 2008-08-25 18:02 - 00017920 _____ (CANON INC.) C:\WINDOWS\system32\CNHMCA6.dll
2015-03-15 13:10 - 2008-08-25 18:02 - 00015872 _____ (CANON INC.) C:\WINDOWS\SysWOW64\CNHMCA.dll
2015-03-13 06:58 - 2015-04-10 09:58 - 00000000 ____D () C:\Users\Matthew\Documents\AirDroid
2015-03-13 06:58 - 2015-03-13 07:03 - 00000000 ____D () C:\Program Files (x86)\AirDroid
2015-03-13 06:58 - 2015-03-13 06:58 - 00001901 _____ () C:\Users\Public\Desktop\AirDroid.lnk
2015-03-13 06:58 - 2015-03-13 06:58 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AirDroid
 
==================== One Month Modified Files and Folders =======
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2015-04-11 10:02 - 2013-08-22 08:36 - 00000000 ____D () C:\WINDOWS\system32\sru
2015-04-11 09:47 - 2015-02-06 09:42 - 00000920 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2015-04-11 09:47 - 2013-09-03 08:59 - 00000830 _____ () C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
2015-04-11 09:36 - 2013-08-27 11:14 - 00000000 ____D () C:\Users\Matthew\Documents\Outlook Files
2015-04-11 08:59 - 2013-08-26 21:53 - 00003598 _____ () C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-3331112126-1740026331-2912461648-1001
2015-04-11 08:53 - 2014-07-28 09:47 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee
2015-04-11 08:47 - 2013-11-11 14:17 - 00003782 _____ () C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{37CC501B-D7B7-4B23-B524-5183D7ABB6CF}
2015-04-11 08:45 - 2014-12-19 20:08 - 00004974 _____ () C:\WINDOWS\System32\Tasks\Microsoft Office 15 Sync Maintenance for OFFICE-Matthew Office
2015-04-11 00:32 - 2014-09-26 08:49 - 00000000 ____D () C:\Users\Matthew\AppData\Roaming\Sidekick
2015-04-11 00:32 - 2014-02-27 19:54 - 00000000 ____D () C:\Users\Matthew\AppData\Local\Deployment
2015-04-11 00:30 - 2013-11-11 14:15 - 00000000 __RDO () C:\Users\Matthew\SkyDrive
2015-04-11 00:30 - 2013-08-27 08:01 - 00000000 ____D () C:\ProgramData\TEMP
2015-04-11 00:30 - 2013-08-26 22:45 - 00000000 ___RD () C:\Users\Matthew\Dropbox
2015-04-11 00:30 - 2013-08-26 22:40 - 00000000 ____D () C:\Users\Matthew\AppData\Roaming\Dropbox
2015-04-11 00:28 - 2014-01-18 20:39 - 00000000 ____D () C:\Users\Matthew\AppData\Roaming\uTorrent
2015-04-11 00:26 - 2013-11-22 13:43 - 00000320 _____ () C:\WINDOWS\Tasks\RMAutoUpdate.job
2015-04-11 00:26 - 2013-08-22 07:45 - 00000006 ____H () C:\WINDOWS\Tasks\SA.DAT
2015-04-11 00:23 - 2014-08-10 10:30 - 00000000 ____D () C:\Users\Matthew\AppData\Roaming\Everything
2015-04-10 22:24 - 2013-08-28 07:45 - 00108032 ___SH () C:\Users\Matthew\Desktop\Thumbs.db
2015-04-10 21:26 - 2014-03-08 20:11 - 00000000 ____D () C:\Users\Matthew\AppData\Roaming\TeamViewer
2015-04-10 18:58 - 2014-02-10 16:42 - 00000000 ____D () C:\Program Files (x86)\Java
2015-04-10 18:56 - 2014-02-22 14:25 - 00000000 ____D () C:\Program Files (x86)\Adobe
2015-04-10 18:55 - 2014-02-22 14:25 - 00000000 ____D () C:\ProgramData\Adobe
2015-04-10 17:58 - 2013-08-22 08:36 - 00000000 ____D () C:\WINDOWS\AppReadiness
2015-04-10 16:16 - 2014-01-26 21:04 - 00000000 ____D () C:\Users\Matthew\AppData\Roaming\Kodi
2015-04-09 21:27 - 2014-02-06 09:15 - 00000465 _____ () C:\Users\Matthew\Desktop\Sniper Basics For The SHTF Survivalist.website
2015-04-09 21:18 - 2013-08-22 06:25 - 00262144 ___SH () C:\WINDOWS\system32\config\ELAM
2015-04-09 21:16 - 2013-08-22 06:25 - 00524288 ___SH () C:\WINDOWS\system32\config\BBI
2015-04-09 17:26 - 2013-10-02 08:26 - 00000000 ____D () C:\Users\Matthew\AppData\Local\CutePDF Writer
2015-04-09 14:34 - 2013-08-27 08:00 - 00000000 ____D () C:\Users\Matthew\AppData\Roaming\.oit
2015-04-09 01:31 - 2014-11-25 17:59 - 00003588 _____ () C:\WINDOWS\System32\Tasks\G2MUpdateTask-S-1-5-21-3331112126-1740026331-2912461648-1001
2015-04-08 09:25 - 2014-08-05 12:27 - 00000000 ____D () C:\Users\Matthew\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
2015-04-08 09:14 - 2013-08-22 08:36 - 00000000 ____D () C:\WINDOWS\AppCompat
2015-04-08 09:04 - 2014-12-03 11:13 - 00000000 ___SD () C:\WINDOWS\system32\CompatTel
2015-04-08 08:57 - 2012-07-26 00:59 - 00000000 ____D () C:\WINDOWS\CbsTemp
2015-04-08 08:11 - 2014-03-08 20:11 - 00000000 ____D () C:\Program Files (x86)\TeamViewer
2015-04-03 13:48 - 2014-04-29 07:09 - 00002205 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2015-04-02 09:30 - 2013-08-27 10:36 - 00000000 ____D () C:\Users\Matthew\Documents\Jump Velvet
2015-04-01 09:53 - 2014-06-21 11:46 - 00000836 _____ () C:\Users\Public\Desktop\CCleaner.lnk
2015-04-01 09:53 - 2014-06-21 11:46 - 00000000 ____D () C:\Program Files\CCleaner
2015-03-30 09:03 - 2014-04-07 11:03 - 00000000 __SHD () C:\Users\Matthew\Documents\cache
2015-03-30 09:03 - 2014-01-23 14:53 - 00000000 ____D () C:\Users\Matthew\AppData\Roaming\webex
2015-03-29 22:06 - 2013-08-27 11:14 - 00000000 ____D () C:\Users\Matthew\Documents\My Maps
2015-03-27 10:17 - 2013-08-30 16:29 - 00000000 ____D () C:\Users\Matthew\Documents\7118 Puetollano Dr
2015-03-27 09:32 - 2013-08-27 10:35 - 00000000 ____D () C:\Users\Matthew\Documents\Medical
2015-03-25 08:31 - 2015-01-15 10:18 - 00000000 ____D () C:\Program Files (x86)\Quicken
2015-03-20 16:05 - 2013-09-29 21:04 - 00959332 _____ () C:\WINDOWS\system32\PerfStringBackup.INI
2015-03-20 09:30 - 2013-09-03 08:59 - 00003718 _____ () C:\WINDOWS\System32\Tasks\Adobe Flash Player Updater
2015-03-20 09:29 - 2014-02-17 01:25 - 00001086 _____ () C:\Users\Public\Desktop\VLC media player.lnk
2015-03-20 01:38 - 2013-11-11 13:44 - 00000000 ____D () C:\Users\Matthew
2015-03-20 00:28 - 2014-04-30 07:36 - 00000000 ____D () C:\ProgramData\Package Cache
2015-03-19 20:15 - 2013-08-27 10:39 - 00000000 ____D () C:\Users\Matthew\Documents\Household Miscellaneous
2015-03-19 19:28 - 2013-11-11 16:42 - 00000000 ____D () C:\Users\Matthew\AppData\Local\gladinet
2015-03-17 20:19 - 2013-08-27 10:39 - 00000000 ____D () C:\Users\Matthew\Documents\_P90X
2015-03-15 20:59 - 2013-10-03 08:55 - 00000000 ___RD () C:\Users\Matthew\Podcasts
2015-03-15 20:56 - 2013-08-28 09:22 - 00000000 ____D () C:\Program Files (x86)\McAfee
2015-03-15 20:47 - 2013-08-22 08:36 - 00000000 ___RD () C:\WINDOWS\ToastData
2015-03-15 20:47 - 2013-08-22 08:36 - 00000000 ___RD () C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools
2015-03-15 20:47 - 2013-08-22 08:36 - 00000000 ___RD () C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools
2015-03-15 20:47 - 2013-08-22 08:36 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories
2015-03-15 20:47 - 2013-08-22 08:36 - 00000000 ____D () C:\WINDOWS\WinStore
2015-03-15 20:47 - 2013-08-22 08:36 - 00000000 ____D () C:\Program Files\Windows Defender
2015-03-15 20:47 - 2013-08-22 08:36 - 00000000 ____D () C:\Program Files (x86)\Windows Defender
2015-03-15 13:10 - 2013-08-22 08:36 - 00000000 __RSD () C:\WINDOWS\Media
2015-03-14 09:44 - 2014-12-19 20:07 - 00000000 ___RD () C:\Users\Matthew\OneDrive
2015-03-14 09:43 - 2014-12-19 20:02 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2013
2015-03-14 09:41 - 2014-12-19 20:01 - 00000000 ____D () C:\Program Files\Microsoft Office 15
2015-03-14 09:38 - 2013-03-26 11:09 - 00000000 ____D () C:\Users\Matthew\Downloads\Microsoft Office 2010
2015-03-13 17:49 - 2013-08-26 22:37 - 00000000 ____D () C:\ProgramData\Microsoft Help
2015-03-13 17:48 - 2012-07-25 22:26 - 00000167 _____ () C:\WINDOWS\win.ini
2015-03-13 17:35 - 2013-08-27 09:11 - 00000000 ____D () C:\WINDOWS\system32\MRT
2015-03-13 17:21 - 2013-08-27 09:11 - 122905848 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
 
==================== Files in the root of some directories =======
 
2014-04-18 13:00 - 2014-06-21 10:38 - 0099384 _____ () C:\Users\Matthew\AppData\Roaming\inst.exe
2014-04-18 13:00 - 2014-06-21 10:38 - 0007859 _____ () C:\Users\Matthew\AppData\Roaming\pcouffin.cat
2014-04-18 13:00 - 2014-06-21 10:38 - 0001167 _____ () C:\Users\Matthew\AppData\Roaming\pcouffin.inf
2014-04-18 13:04 - 2014-06-21 10:38 - 0000033 _____ () C:\Users\Matthew\AppData\Roaming\pcouffin.log
2014-04-18 13:00 - 2014-06-21 10:38 - 0082816 _____ (VSO Software) C:\Users\Matthew\AppData\Roaming\pcouffin.sys
2014-04-15 17:49 - 2014-04-15 17:49 - 0000000 _____ () C:\Users\Matthew\AppData\Roaming\Stardockfences_debug_snapshot.dat
2014-04-06 19:29 - 2013-04-18 18:53 - 0000241 _____ () C:\Users\Matthew\AppData\Local\myFavorites.mdb
2014-07-14 21:06 - 2014-07-16 09:06 - 0000600 _____ () C:\Users\Matthew\AppData\Local\PUTTY.RND
2015-02-16 12:21 - 2015-02-16 12:21 - 0000402 _____ () C:\Users\Matthew\AppData\Local\te7dm.vbs
2014-06-26 20:46 - 2014-06-26 20:47 - 0000152 _____ () C:\Users\Matthew\AppData\Local\xobni_installer_updater.log
 
Some content of TEMP:
====================
C:\Users\Matthew\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmp7uj0sh.dll
C:\Users\Monica\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpkyqcgm.dll
 
 
==================== Bamital & volsnap Check =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
 
 
LastRegBack: 2013-11-22 13:12
 
==================== End Of Log ============================
 
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 11-04-2015
Ran by Matthew at 2015-04-11 10:04:57
Running from C:\Users\Matthew\Downloads\AV Malrware
Boot Mode: Normal
==========================================================
 
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
AV: McAfee Anti-Virus and Anti-Spyware (Enabled - Up to date) {ADA629C7-7F48-5689-624A-3B76997E0892}
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: McAfee Anti-Virus and Anti-Spyware (Enabled - Up to date) {16C7C823-5972-5907-58FA-0004E2F9422F}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: McAfee Firewall (Enabled) {959DA8E2-3527-57D1-4915-924367AD4FE9}
 
==================== Installed Programs ======================
 
(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
µTorrent (HKU\S-1-5-21-3331112126-1740026331-2912461648-1001\...\uTorrent) (Version: 3.4.2.39710 - BitTorrent Inc.)
7-Zip 9.20 (HKLM-x32\...\{23170F69-40C1-2701-0920-000001000000}) (Version: 9.20.00.0 - Igor Pavlov)
7-Zip 9.20 (x64 edition) (HKLM\...\{23170F69-40C1-2702-0920-000001000000}) (Version: 9.20.00.0 - Igor Pavlov)
Adobe Acrobat Reader DC (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}) (Version: 15.007.20033 - Adobe Systems Incorporated)
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 15.0.0.258 - Adobe Systems Incorporated)
Adobe Flash Player 17 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 17.0.0.134 - Adobe Systems Incorporated)
AirDroid 3.0.4.0 (HKLM-x32\...\AirDroid) (Version: 3.0.4.0 - Sand Studio)
AMD Catalyst Install Manager (HKLM\...\{A70B905D-2E57-66A0-3BFE-66B8E71E0C70}) (Version: 8.0.877.0 - Advanced Micro Devices, Inc.)
AnyMeeting Plug-in (HKLM-x32\...\{CC322A28-34BF-47F3-B2F0-69DBFC46A9F3}) (Version: 2.1.0 - AnyMeeting, Inc.)
Apple Application Support (32-bit) (HKLM-x32\...\{447CDCE5-F555-429B-BFA6-642C3C6D684F}) (Version: 3.1.2 - Apple Inc.)
Apple Application Support (64-bit) (HKLM\...\{0DF7096B-715A-4233-8633-C7A16ED6D616}) (Version: 3.1.2 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{C4123106-B685-48E6-B9BD-E4F911841EB4}) (Version: 8.1.1.3 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
Artisteer 4 (HKLM-x32\...\Artisteer 4) (Version: 4.1 - Extensoft)
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
Carbonite (HKLM-x32\...\Carbonite Backup) (Version: 5.5.5 build 4151  (Jun-27-2014) - Carbonite)
CCleaner (HKLM\...\CCleaner) (Version: 5.04 - Piriform)
Cisco AnyConnect Secure Mobility Client  (HKLM-x32\...\Cisco AnyConnect Secure Mobility Client) (Version: 3.1.04072 - Cisco Systems, Inc.)
Cisco AnyConnect Secure Mobility Client (x32 Version: 3.1.04072 - Cisco Systems, Inc.) Hidden
Cisco WebEx Meetings (HKU\S-1-5-21-3331112126-1740026331-2912461648-1001\...\ActiveTouchMeetingClient) (Version:  - Cisco WebEx LLC)
Citrix Online Launcher (HKLM-x32\...\{77463C86-BB3A-426E-A6C2-06B4D28C250F}) (Version: 1.0.223 - Citrix)
CoffeeCup Visual Site Designer 7.0 (HKLM-x32\...\CoffeeCup Visual Site Designer 7.0) (Version: 7.0 - CoffeeCup Software, Inc.)
CoolSign Content Creator (HKLM-x32\...\{4705061E-7A8B-48DE-A72F-8022B5894156}) (Version: 13.2 - Bally Technologies)
CoolSign Manager (HKLM-x32\...\{4CCD4A37-C0AD-4CD8-BC55-27F11C74D283}) (Version: 13.2 - Bally Technologies)
CutePDF Writer 3.0 (HKLM\...\CutePDF Writer Installation) (Version:  3.0 - CutePDF.com)
Dropbox (HKU\S-1-5-21-3331112126-1740026331-2912461648-1001\...\Dropbox) (Version: 3.4.3 - Dropbox, Inc.)
Elecard MPEG-2 Decoder Pack G4 (HKLM-x32\...\Elecard MPEG-2 Decoder Pack G4 1.3.1.91211) (Version: 1.3.1.91211 - Elecard)
Everything 1.2.1.371 (HKLM-x32\...\Everything) (Version:  - )
Everything 1.3.4.686 (x64) (HKLM\...\Everything) (Version:  - )
Fences 2 (HKLM-x32\...\Fences 22.01) (Version: 2.01 - Stardock Corporation)
FileZilla Client 3.8.1 (HKLM-x32\...\FileZilla Client) (Version: 3.8.1 - Tim Kosse)
GDR 4033 for SQL Server 2008 R2 (KB2977320) (64-bit) (HKLM\...\KB2977320) (Version: 10.52.4033.0 - Microsoft Corporation)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 41.0.2272.118 - Google Inc.)
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.26.9 - Google Inc.) Hidden
GoToMeeting 7.1.7.2539 (HKU\S-1-5-21-3331112126-1740026331-2912461648-1001\...\GoToMeeting) (Version: 7.1.7.2539 - CitrixOnline)
Hijacker Removal Tool (HKLM-x32\...\Hijacker Removal Tool_is1) (Version: 1.0 - Security Stronghold)
IP Video System Design Tool 8 v.8.0.0.1081 (HKLM-x32\...\IP Video System Design Tool 8_is1) (Version:  - www.jvsg.com)
iSEEK AnswerWorks English Runtime (HKLM-x32\...\{18A8E78B-9EF2-496E-B310-BCD8E4C1DAB3}) (Version: 010.000.0101 - Vantage Linguistics)
iTunes (HKLM\...\{B8BA155B-1E75-405F-9CB4-8A99615D09DC}) (Version: 11.1.5.5 - Apple Inc.)
iTunes (HKLM\...\{D227565A-0033-40AD-89BA-653A205CDC11}) (Version: 12.1.1.4 - Apple Inc.)
Java 8 Update 31 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218031F0}) (Version: 8.0.310 - Oracle Corporation)
Java 8 Update 40 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218040F0}) (Version: 8.0.400 - Oracle Corporation)
Kodi (HKU\S-1-5-21-3331112126-1740026331-2912461648-1001\...\Kodi) (Version:  - XBMC-Foundation)
McAfee SecurityCenter (HKLM-x32\...\MSC) (Version: 12.8.992 - McAfee, Inc.)
McAfee SiteAdvisor (HKLM-x32\...\{35ED3F83-4BDC-4c44-8EC6-6A8301C7413A}) (Version: 3.7.194 - McAfee, Inc.)
McAfee Virtual Technician (HKLM-x32\...\McAfee Virtual Technician) (Version: 7.6.0.202 - McAfee, Inc.)
Microsoft Lync 2010 Attendee (HKLM-x32\...\{6F72D695-5188-4484-B21E-E16CD89C4008}) (Version: 4.0.7577.4391 - Microsoft Corporation)
Microsoft Lync Web App Plug-in (HKLM\...\{D8228565-6CD7-40EF-B2EA-C7C95183EDEB}) (Version: 15.8.8308.577 - Microsoft Corporation)
Microsoft Mouse and Keyboard Center (HKLM\...\Microsoft Mouse and Keyboard Center) (Version: 2.3.188.0 - Microsoft Corporation)
Microsoft Office Professional Plus 2010 (HKLM-x32\...\Office14.PROPLUSR) (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-3331112126-1740026331-2912461648-1001\...\OneDriveSetup.exe) (Version: 17.3.1171.0714 - Microsoft Corporation)
Microsoft OneNote 2013 - en-us (HKLM\...\OneNoteFreeRetail - en-us) (Version: 15.0.4701.1002 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft SQL Server 2008 R2 (64-bit) (HKLM\...\Microsoft SQL Server 2008 R2) (Version:  - Microsoft Corporation)
Microsoft SQL Server 2008 R2 Native Client (HKLM\...\{E8F7904A-4780-4F3F-B153-21BE32857120}) (Version: 10.52.4033.0 - Microsoft Corporation)
Microsoft SQL Server 2008 R2 Setup (English) (HKLM\...\{1D4A3734-9328-440F-960C-42B4CE481EB4}) (Version: 10.52.4033.0 - Microsoft Corporation)
Microsoft SQL Server 2008 Setup Support Files  (HKLM\...\{B40EE88B-400A-4266-A17B-E3DE64E94431}) (Version: 10.1.2731.0 - Microsoft Corporation)
Microsoft SQL Server Browser (HKLM-x32\...\{BF9BF038-FE03-429D-9B26-2FA0FD756052}) (Version: 10.52.4000.0 - Microsoft Corporation)
Microsoft SQL Server VSS Writer (HKLM\...\{288D79EE-A2D1-42AF-9597-B0ADCC23A8ED}) (Version: 10.52.4000.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4048 (HKLM\...\{91415F19-4C22-3609-A105-92ED3522D83C}) (Version: 9.0.30729.4048 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (HKLM-x32\...\{887868A2-D6DE-3255-AA92-AA0B5A59B874}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4048 (HKLM-x32\...\{5B1F2843-B379-3FF2-B0D3-64DD143ED53A}) (Version: 9.0.30729.4048 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.51106 (HKLM-x32\...\{8e70e4e1-06d7-470b-9f74-a51bef21088e}) (Version: 11.0.51106.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005 (HKLM-x32\...\{ce085a78-074e-4823-8dc1-8a721b94b76d}) (Version: 12.0.21005.1 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)
Microsoft_VC90_CRT_x86 (HKLM-x32\...\{DF2035BE-5820-4965-BD97-7FAF8D4A7879}) (Version: 1.0.0 - Microsoft Corporation)
MindManager X5 Pro (HKLM-x32\...\{B702FCEF-5875-491C-B50C-A4B457617EC6}) (Version: 5.2.344 - Mindjet LLC)
MSXML 4.0 SP3 Parser (HKLM-x32\...\{196467F1-C11F-4F76-858B-5812ADC83B94}) (Version: 4.30.2100.0 - Microsoft Corporation)
Nero 2014 (HKLM-x32\...\{F384C1E1-3A16-4073-95C3-7271FE0ED4C2}) (Version: 15.0.02200 - Nero AG)
Nero 2014 Content Pack (HKLM-x32\...\{204A26F0-01B8-4656-8607-5CCEDE820BC2}) (Version: 15.0.00200 - Nero AG)
Nero Prerequisite Installer 1.0 (HKLM-x32\...\{011E92F1-AF76-4983-8707-79F8F1956439}) (Version: 11.0.11500 - Nero AG)
Nuance Cloud Connector (HKLM-x32\...\{33D3472C-CC4D-4FC5-95FB-2615C6B5E4F3}) (Version: 3.2.960 - Nuance Communications, Inc.)
Nuance OmniPage Ultimate (HKLM-x32\...\{419512F9-D5E7-4ED2-BF99-E7F2C0176B6A}) (Version: 19.00.0000 - Nuance Communications, Inc.)
Nuance PaperPort 14 (HKLM-x32\...\{D0328ED7-EE97-48A0-80EB-693AED5D76AB}) (Version: 14.2.0000 - Nuance Communications, Inc.)
Nuance PDF Converter Professional 8 (HKLM\...\{4131723B-BF21-4372-AFFD-82F31C31E50A}) (Version: 8.10.6267 - Nuance Communications, Inc.)
Nuance PDF Converter Professional 8 (HKLM-x32\...\{4131723B-BF21-4372-AFFD-82F31C31E50A}) (Version: 8.10.6267 - Nuance Communications, Inc.)
Nuance PDF Converter Professional 8 Update x64 (HKLM\...\{45AE5880-34A1-4575-92A6-11D0DC182F24}) (Version: 8.11.0000 - Nuance Communications, Inc.)
Office 15 Click-to-Run Extensibility Component (x32 Version: 15.0.4701.1002 - Microsoft Corporation) Hidden
Office 15 Click-to-Run Licensing Component (Version: 15.0.4701.1002 - Microsoft Corporation) Hidden
Office 15 Click-to-Run Localization Component (x32 Version: 15.0.4693.1002 - Microsoft Corporation) Hidden
PaperPort Image Printer 64-bit (HKLM\...\{715CAACC-579B-4831-A5F4-A83A8DE3EFE2}) (Version: 14.00.0001 - Nuance Communications, Inc.)
PC Tools Registry Mechanic 11.1 (HKLM-x32\...\Registry Mechanic_is1) (Version: 11.1 - PC Tools)
PDF-XChange 3.0 (HKLM-x32\...\PDF-XChange 3_is1) (Version:  - Tracker Software)
Prerequisite installer (x32 Version: 15.0.0005 - Nero AG) Hidden
Protection Portfolio 1.0 (HKLM-x32\...\Protection Portfolio) (Version: 1.0 - Suze Orman Media, Inc.)
Quicken 2013 (HKLM-x32\...\{034DD4BB-F0D6-4ECF-B064-8E39E3EF7076}) (Version: 22.1.12.7 - Intuit)
Quicken 2015 (HKLM-x32\...\{00C2D443-43D9-4550-ABEA-318288E23E57}) (Version: 24.1.5.11 - Intuit)
RoboForm 7-9-12-2 (All Users) (HKLM-x32\...\AI RoboForm) (Version: 7-9-12-2 - Siber Systems)
Samsung SideSync 3.0 (HKLM-x32\...\Samsung SideSync) (Version: 3.0.2.546 - Samsung Electronics Co., Ltd.)
SAMSUNG USB Driver for Mobile Phones (HKLM\...\{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}) (Version: 1.5.44.0 - SAMSUNG Electronics Co., Ltd.)
Scansoft PDF Professional (x32 Version:  - ) Hidden
SeaTools for Windows (HKLM-x32\...\SeaTools for Windows) (Version:  - Seagate Technology)
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM-x32\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{DE28B448-32E8-4E8F-84F0-A52B21A49B5B}) (Version:  - Microsoft)
Service Pack 2 for SQL Server 2008 R2 (KB2630458) (64-bit) (HKLM\...\KB2630458) (Version: 10.52.4000.0 - Microsoft Corporation)
Shared C Run-time for x64 (HKLM\...\{EF79C448-6946-4D71-8134-03407888C054}) (Version: 10.0.0 - McAfee)
Sidekick Outlook plugin (HKLM-x32\...\{7CE903D9-5DC8-432C-AF74-F4053090F09B}) (Version: 1.3.0.79 - HubSpot, Inc.)
SketchUp 2013 (HKLM-x32\...\{B75BC01B-4586-43F8-9349-D250DB98F26F}) (Version: 13.0.4812 - Trimble Navigation Limited)
Skype™ 7.3 (HKLM-x32\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 7.3.101 - Skype Technologies S.A.)
SQL Server 2008 R2 SP2 Common Files (Version: 10.52.4000.0 - Microsoft Corporation) Hidden
SQL Server 2008 R2 SP2 Database Engine Services (Version: 10.52.4000.0 - Microsoft Corporation) Hidden
SQL Server 2008 R2 SP2 Database Engine Shared (Version: 10.52.4000.0 - Microsoft Corporation) Hidden
Sql Server Customer Experience Improvement Program (Version: 10.50.1600.1 - Microsoft Corporation) Hidden
Stardock Central (HKU\S-1-5-21-3331112126-1740026331-2912461648-1001\...\Stardock Central) (Version:  - Stardock Corporation)
Stardock Decor8 (HKLM-x32\...\Stardock Decor8) (Version: 1.07 - Stardock Software, Inc.)
Stardock Fences 2 (HKLM-x32\...\Stardock Fences 2) (Version: 2.13 - Stardock Software, Inc.)
Stardock ModernMix (HKLM-x32\...\Stardock ModernMix) (Version: 1.20 - Stardock Software, Inc.)
Stardock Start8 (HKLM-x32\...\Stardock Start8) (Version: 1.45 - Stardock Software, Inc.)
SUPER © v2014.build.63+Recorder (2014/11/27) version v2014.buil (HKLM-x32\...\{8E2A19E2-96BF-8659-4DA7-5C06C90719A4}_is1) (Version: v2014.build.63+Recorder - eRightSoft)
SUPER © v2015.build.64+Recorder (2015/02/13) version v2015.buil (HKLM-x32\...\{8E2A29E2-96BF-8759-4DA7-5C16C90729A4}_is1) (Version: v2015.build.64+Recorder - eRightSoft)
TeamViewer 10 (HKLM-x32\...\TeamViewer) (Version: 10.0.40798 - TeamViewer)
ToutApp (HKU\S-1-5-21-3331112126-1740026331-2912461648-1001\...\fd238403fa467654) (Version: 5.1.5.0 - ToutApp, Inc.)
UltraVnc (HKLM\...\Ultravnc2_is1) (Version: 1.1.9.3 - uvnc bvba)
VLC media player (HKLM-x32\...\VLC media player) (Version: 2.2.0 - VideoLAN)
VTech Download Agent Library (x32 Version: 1.00.0000 - VTech) Hidden
Xerox Phaser 6180MFP Scanner Driver (HKLM-x32\...\{1C0DF253-53CA-41CA-B2A3-FC53EE13947D}) (Version: 1.2.1.0 - Xerox)
Xobni (HKLM-x32\...\XobniMain) (Version: 2.0.0.1 - Xobni Corp.)
Xobni Core (x32 Version: 1.0.0 - Xobni, Inc.) Hidden
XtremeFit Pro Plus (HKLM-x32\...\com.workoutsoft.xtremefitproplus.9F6DDB401BEA4FBA2DBE02CCDEF8E2D58FFF169A.1) (Version: 1.1.908 - WorkoutSoft, LLC)
XtremeFit Pro Plus (x32 Version: 1.1.908 - WorkoutSoft, LLC) Hidden
Zune (HKLM\...\Zune) (Version: 04.08.2345.00 - Microsoft Corporation)
 
==================== Custom CLSID (selected items): ==========================
 
(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)
 
CustomCLSID: HKU\S-1-5-21-3331112126-1740026331-2912461648-1001_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Users\Matthew\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3331112126-1740026331-2912461648-1001_Classes\CLSID\{00796370-DFAC-3B9D-B8D1-157389236F91}\InprocServer32 -> C:\WINDOWS\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3331112126-1740026331-2912461648-1001_Classes\CLSID\{0185C0C4-4A11-3D9C-85BE-1A2DEFAF9B4F}\InprocServer32 -> C:\WINDOWS\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3331112126-1740026331-2912461648-1001_Classes\CLSID\{01C261A6-CC6D-3F9E-B3EF-04EDD6C40EE0}\InprocServer32 -> C:\WINDOWS\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3331112126-1740026331-2912461648-1001_Classes\CLSID\{030DC0E1-B475-327C-835F-0C185CCAB794}\InprocServer32 -> C:\WINDOWS\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3331112126-1740026331-2912461648-1001_Classes\CLSID\{0530929A-0A62-386D-AA7E-3D375B825100}\InprocServer32 -> C:\WINDOWS\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3331112126-1740026331-2912461648-1001_Classes\CLSID\{056FCB85-0C0D-3907-9E07-46802745D616}\InprocServer32 -> C:\WINDOWS\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3331112126-1740026331-2912461648-1001_Classes\CLSID\{06576F43-9B3B-3A51-A11F-D285A5437683}\InprocServer32 -> C:\WINDOWS\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3331112126-1740026331-2912461648-1001_Classes\CLSID\{07247C81-27F1-31AC-B316-FA0A4ED338F9}\InprocServer32 -> C:\WINDOWS\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3331112126-1740026331-2912461648-1001_Classes\CLSID\{0880A5AA-C61F-3D39-B913-CDEB74A7B607}\InprocServer32 -> C:\WINDOWS\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3331112126-1740026331-2912461648-1001_Classes\CLSID\{0B9FC5F3-B715-3676-AF62-E537529C51A7}\InprocServer32 -> C:\WINDOWS\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3331112126-1740026331-2912461648-1001_Classes\CLSID\{0BFE3510-1F07-3C2F-8B7C-141DA001E887}\InprocServer32 -> C:\WINDOWS\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3331112126-1740026331-2912461648-1001_Classes\CLSID\{0C3B3EE4-29F8-382B-970A-5BA636167615}\InprocServer32 -> C:\WINDOWS\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3331112126-1740026331-2912461648-1001_Classes\CLSID\{0CFDA0A5-6755-367F-AE99-6F0F913CC1A0}\InprocServer32 -> C:\WINDOWS\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3331112126-1740026331-2912461648-1001_Classes\CLSID\{0D511346-41FC-3593-B3AD-1CCBFA7746D6}\InprocServer32 -> C:\WINDOWS\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3331112126-1740026331-2912461648-1001_Classes\CLSID\{0DCAD95A-5ECB-3C25-BBBE-B0378E3335EB}\InprocServer32 -> C:\WINDOWS\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3331112126-1740026331-2912461648-1001_Classes\CLSID\{0DDBE06B-DF27-3260-80D3-A8BB5431E789}\InprocServer32 -> C:\WINDOWS\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3331112126-1740026331-2912461648-1001_Classes\CLSID\{0FC138B0-9C27-34A3-A361-4A466C371F92}\InprocServer32 -> C:\WINDOWS\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3331112126-1740026331-2912461648-1001_Classes\CLSID\{1199976B-CCD5-3FC6-8165-BA1D0716D07E}\InprocServer32 -> C:\WINDOWS\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3331112126-1740026331-2912461648-1001_Classes\CLSID\{11D73BAC-E53E-3653-9632-67D7ED2AD255}\InprocServer32 -> C:\WINDOWS\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3331112126-1740026331-2912461648-1001_Classes\CLSID\{11D8AFE1-8CD6-3E99-A970-9C4AAC675460}\InprocServer32 -> C:\WINDOWS\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3331112126-1740026331-2912461648-1001_Classes\CLSID\{11EB15F0-21BC-3BD9-AEC9-AF2250662464}\InprocServer32 -> C:\WINDOWS\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3331112126-1740026331-2912461648-1001_Classes\CLSID\{13E47BD6-5475-30D9-A4C2-339B0574F0E2}\InprocServer32 -> C:\WINDOWS\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3331112126-1740026331-2912461648-1001_Classes\CLSID\{14ABABCF-5799-385B-86D1-0EE769BD9BB6}\InprocServer32 -> C:\WINDOWS\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3331112126-1740026331-2912461648-1001_Classes\CLSID\{14ADC999-3D99-3958-AD61-0B81F1496211}\InprocServer32 -> C:\WINDOWS\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3331112126-1740026331-2912461648-1001_Classes\CLSID\{14BF3FF1-8E05-3BEC-B3E3-3A53DA115594}\InprocServer32 -> C:\WINDOWS\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3331112126-1740026331-2912461648-1001_Classes\CLSID\{155CFF9D-F39A-34AF-8F5E-CAF79204B9EE}\InprocServer32 -> C:\WINDOWS\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3331112126-1740026331-2912461648-1001_Classes\CLSID\{16489716-E0E3-3091-8700-DB23B5F39503}\InprocServer32 -> C:\WINDOWS\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3331112126-1740026331-2912461648-1001_Classes\CLSID\{164D4630-55EA-3DBB-8B2E-0948931636D8}\InprocServer32 -> C:\WINDOWS\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3331112126-1740026331-2912461648-1001_Classes\CLSID\{16678DB3-4E01-3F9E-9543-E0EE9E32222F}\InprocServer32 -> C:\WINDOWS\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3331112126-1740026331-2912461648-1001_Classes\CLSID\{1668F5AE-5832-36E9-A24E-ADD4A6693F89}\InprocServer32 -> C:\WINDOWS\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3331112126-1740026331-2912461648-1001_Classes\CLSID\{176EE2AF-D709-3B69-A825-A8A3BC271053}\InprocServer32 -> C:\WINDOWS\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3331112126-1740026331-2912461648-1001_Classes\CLSID\{177E9383-0779-34E7-B2D8-DB4C748A5127}\InprocServer32 -> C:\WINDOWS\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3331112126-1740026331-2912461648-1001_Classes\CLSID\{17F8B9E1-8613-31D7-B882-76CCC0A91917}\InprocServer32 -> C:\WINDOWS\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3331112126-1740026331-2912461648-1001_Classes\CLSID\{18B9AF94-CF39-3622-921E-A99E2A8ED049}\InprocServer32 -> C:\WINDOWS\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3331112126-1740026331-2912461648-1001_Classes\CLSID\{18F860D6-6C9A-3594-AE3D-7C44B418E338}\InprocServer32 -> C:\WINDOWS\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3331112126-1740026331-2912461648-1001_Classes\CLSID\{1908511F-ADE2-338C-A737-0A6081A90FAA}\InprocServer32 -> C:\WINDOWS\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3331112126-1740026331-2912461648-1001_Classes\CLSID\{192BBB1E-9192-3D63-A686-E3F8A1618C78}\InprocServer32 -> C:\WINDOWS\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3331112126-1740026331-2912461648-1001_Classes\CLSID\{1931045C-11D5-3FB6-8F3A-BD68A2BAF1A6}\InprocServer32 -> C:\WINDOWS\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3331112126-1740026331-2912461648-1001_Classes\CLSID\{1948260E-6116-36AB-A075-176EE321A1EC}\InprocServer32 -> C:\WINDOWS\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3331112126-1740026331-2912461648-1001_Classes\CLSID\{19B81BC4-6FF3-3383-BA81-24B2ACFDBB6C}\InprocServer32 -> C:\WINDOWS\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3331112126-1740026331-2912461648-1001_Classes\CLSID\{1AFE4CC2-E903-3438-903C-83E935BF9B74}\InprocServer32 -> C:\WINDOWS\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3331112126-1740026331-2912461648-1001_Classes\CLSID\{1B62625C-690B-3DD8-B8EC-8393F19A3558}\InprocServer32 -> C:\WINDOWS\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3331112126-1740026331-2912461648-1001_Classes\CLSID\{1BFBDB7E-B19D-32ED-8C55-7524BA100269}\InprocServer32 -> C:\WINDOWS\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3331112126-1740026331-2912461648-1001_Classes\CLSID\{1C10F804-5C99-3982-AD9A-AFD2A48AFE95}\InprocServer32 -> C:\WINDOWS\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3331112126-1740026331-2912461648-1001_Classes\CLSID\{1C9F4A34-66B9-357B-9441-1600C4A97BB0}\InprocServer32 -> C:\WINDOWS\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3331112126-1740026331-2912461648-1001_Classes\CLSID\{1D099BA9-48B0-32AC-955F-DDE8004CFC9D}\InprocServer32 -> C:\WINDOWS\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3331112126-1740026331-2912461648-1001_Classes\CLSID\{1F77250E-A5C1-3D90-BFF3-B1BE65100DC4}\InprocServer32 -> C:\WINDOWS\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3331112126-1740026331-2912461648-1001_Classes\CLSID\{20A551E2-29D3-360B-A1C4-84915109EE71}\InprocServer32 -> C:\WINDOWS\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3331112126-1740026331-2912461648-1001_Classes\CLSID\{214FDC65-4DD2-3D69-977A-ABD893FD8AC5}\InprocServer32 -> C:\WINDOWS\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3331112126-1740026331-2912461648-1001_Classes\CLSID\{21BF5B26-8CA5-3C02-9856-6C2CDD9CFAF0}\InprocServer32 -> C:\WINDOWS\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3331112126-1740026331-2912461648-1001_Classes\CLSID\{227A32B4-A30B-361C-B603-38B4DF7CBD73}\InprocServer32 -> C:\WINDOWS\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3331112126-1740026331-2912461648-1001_Classes\CLSID\{23C4E332-F017-3A24-ACC5-6EFE8F20CDEB}\InprocServer32 -> C:\WINDOWS\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3331112126-1740026331-2912461648-1001_Classes\CLSID\{23F7C79A-D048-3BB7-A2B4-284A19EBC5D6}\InprocServer32 -> C:\WINDOWS\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3331112126-1740026331-2912461648-1001_Classes\CLSID\{2453E26A-6E66-3A16-ACDF-3CE4B505F1E8}\InprocServer32 -> C:\WINDOWS\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3331112126-1740026331-2912461648-1001_Classes\CLSID\{24951569-8FEB-3CC1-A580-C5BCF734F414}\InprocServer32 -> C:\WINDOWS\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3331112126-1740026331-2912461648-1001_Classes\CLSID\{24FD5F00-A5A0-35D3-9ACE-A391E3D49F74}\InprocServer32 -> C:\WINDOWS\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3331112126-1740026331-2912461648-1001_Classes\CLSID\{25449F88-9822-3D3C-8CD3-C79999A53F7B}\InprocServer32 -> C:\WINDOWS\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3331112126-1740026331-2912461648-1001_Classes\CLSID\{259E7804-547A-39C1-8DF2-B2CEAF878C63}\InprocServer32 -> C:\WINDOWS\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3331112126-1740026331-2912461648-1001_Classes\CLSID\{261A0EF1-E787-3421-83FB-55D3F9575992}\InprocServer32 -> C:\WINDOWS\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3331112126-1740026331-2912461648-1001_Classes\CLSID\{273E4150-F979-3412-B5B1-0456A2A18AF2}\InprocServer32 -> C:\WINDOWS\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3331112126-1740026331-2912461648-1001_Classes\CLSID\{286E11D5-DF55-36E7-AA82-5BE29C658A7A}\InprocServer32 -> C:\WINDOWS\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3331112126-1740026331-2912461648-1001_Classes\CLSID\{29A6E216-B130-3852-9CA4-84E06AC57790}\InprocServer32 -> C:\WINDOWS\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3331112126-1740026331-2912461648-1001_Classes\CLSID\{29C0BE72-2E6E-345A-AF06-3CA818D5D9BD}\InprocServer32 -> C:\WINDOWS\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3331112126-1740026331-2912461648-1001_Classes\CLSID\{2A7B6F30-BE22-3D51-9AD3-26A4DFD46774}\InprocServer32 -> C:\WINDOWS\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3331112126-1740026331-2912461648-1001_Classes\CLSID\{2A7C18FC-CA09-3F1B-B72B-A01A4F2E5C1B}\InprocServer32 -> C:\WINDOWS\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3331112126-1740026331-2912461648-1001_Classes\CLSID\{2B179C00-E3F4-3D48-9888-E706137DA30B}\InprocServer32 -> C:\WINDOWS\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3331112126-1740026331-2912461648-1001_Classes\CLSID\{2B601383-7DF4-3F5A-914B-57A9F2E289B2}\InprocServer32 -> C:\WINDOWS\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3331112126-1740026331-2912461648-1001_Classes\CLSID\{2B75F788-E383-32B0-AAB0-6E7EC1CF8A33}\InprocServer32 -> C:\WINDOWS\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3331112126-1740026331-2912461648-1001_Classes\CLSID\{2CC9F486-A308-3338-8C57-B55D4C5CB537}\InprocServer32 -> C:\WINDOWS\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3331112126-1740026331-2912461648-1001_Classes\CLSID\{2D5958FF-36A1-39F8-8E76-B5C0E16A8551}\InprocServer32 -> C:\WINDOWS\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3331112126-1740026331-2912461648-1001_Classes\CLSID\{2D650C76-ADCD-3C0A-ABB9-E31DC786A800}\InprocServer32 -> C:\WINDOWS\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3331112126-1740026331-2912461648-1001_Classes\CLSID\{2EBCA724-FB96-368F-9A91-23FA837BD935}\InprocServer32 -> C:\WINDOWS\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3331112126-1740026331-2912461648-1001_Classes\CLSID\{2ED09861-1A21-3DC1-A17A-9F5FCB72C9DB}\InprocServer32 -> C:\WINDOWS\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3331112126-1740026331-2912461648-1001_Classes\CLSID\{2EF63CD2-7A67-37E3-939D-2010D7CBD53A}\InprocServer32 -> C:\WINDOWS\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3331112126-1740026331-2912461648-1001_Classes\CLSID\{2F5EC8F4-29F7-382E-8DF4-B2E43E767FD4}\InprocServer32 -> C:\WINDOWS\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3331112126-1740026331-2912461648-1001_Classes\CLSID\{2FB8AF9B-B82D-33F7-8C8B-CF9DC3EFCAD8}\InprocServer32 -> C:\WINDOWS\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3331112126-1740026331-2912461648-1001_Classes\CLSID\{2FFF5FB9-FF6D-3FB7-95E4-73E76B134C81}\InprocServer32 -> C:\WINDOWS\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3331112126-1740026331-2912461648-1001_Classes\CLSID\{32EC42DB-5D79-3CAA-A24E-16FD8724C907}\InprocServer32 -> C:\WINDOWS\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3331112126-1740026331-2912461648-1001_Classes\CLSID\{350EBA67-BE07-311E-8DB8-F71A247311E3}\InprocServer32 -> C:\WINDOWS\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3331112126-1740026331-2912461648-1001_Classes\CLSID\{354C06C1-AF66-3088-B900-C547FF890915}\InprocServer32 -> C:\WINDOWS\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3331112126-1740026331-2912461648-1001_Classes\CLSID\{35CD179A-6AA1-3456-94EB-958D73F48803}\InprocServer32 -> C:\WINDOWS\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3331112126-1740026331-2912461648-1001_Classes\CLSID\{36147D05-A90A-38F4-98ED-C455E0D30A3F}\InprocServer32 -> C:\WINDOWS\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3331112126-1740026331-2912461648-1001_Classes\CLSID\{368935C0-BE13-3D8C-A031-30E023619090}\InprocServer32 -> C:\WINDOWS\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3331112126-1740026331-2912461648-1001_Classes\CLSID\{36AE629F-BC5A-31E3-B148-956829D9C37E}\InprocServer32 -> C:\WINDOWS\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3331112126-1740026331-2912461648-1001_Classes\CLSID\{3730BDEE-BAA9-3EA8-8896-5DAF43080A83}\InprocServer32 -> C:\WINDOWS\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3331112126-1740026331-2912461648-1001_Classes\CLSID\{37BC6F86-1703-3F37-A848-313694A7EC24}\InprocServer32 -> C:\WINDOWS\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3331112126-1740026331-2912461648-1001_Classes\CLSID\{3991E80E-5FB4-326B-9216-722C3D13148F}\InprocServer32 -> C:\WINDOWS\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3331112126-1740026331-2912461648-1001_Classes\CLSID\{39A67220-B721-3547-B1C2-8A2CA34E02CB}\InprocServer32 -> C:\WINDOWS\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3331112126-1740026331-2912461648-1001_Classes\CLSID\{3A20609D-0687-359B-ADC8-08A311689537}\InprocServer32 -> C:\WINDOWS\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3331112126-1740026331-2912461648-1001_Classes\CLSID\{3ACB1A64-298F-3346-BC1D-7E2A735045B5}\InprocServer32 -> C:\WINDOWS\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3331112126-1740026331-2912461648-1001_Classes\CLSID\{3AD681E7-BC19-308B-9AD4-433AA95B8FFA}\InprocServer32 -> C:\WINDOWS\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3331112126-1740026331-2912461648-1001_Classes\CLSID\{3B3D982F-3148-392A-BA22-E735C3968FB4}\InprocServer32 -> C:\WINDOWS\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3331112126-1740026331-2912461648-1001_Classes\CLSID\{3B5C625D-4AC0-3946-B82D-8D991EA660ED}\InprocServer32 -> C:\WINDOWS\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3331112126-1740026331-2912461648-1001_Classes\CLSID\{3C264564-9F4D-3E27-AC8E-73AAE5A92693}\InprocServer32 -> C:\WINDOWS\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3331112126-1740026331-2912461648-1001_Classes\CLSID\{3C86BF51-128D-3993-B638-ADA64B3EF47B}\InprocServer32 -> C:\WINDOWS\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3331112126-1740026331-2912461648-1001_Classes\CLSID\{3CF1FBAC-3C95-39C1-A732-2D7205DCB436}\InprocServer32 -> C:\WINDOWS\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3331112126-1740026331-2912461648-1001_Classes\CLSID\{3D1D3ADB-C31A-32D8-9002-439D5DF46151}\InprocServer32 -> C:\WINDOWS\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3331112126-1740026331-2912461648-1001_Classes\CLSID\{3D1D7B16-DBCF-329C-B864-CEFD77D9B8D8}\InprocServer32 -> C:\WINDOWS\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3331112126-1740026331-2912461648-1001_Classes\CLSID\{3D61E81A-CF06-3C48-B310-1C40AFF98B33}\InprocServer32 -> C:\WINDOWS\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3331112126-1740026331-2912461648-1001_Classes\CLSID\{3D9C9F05-2AF1-356C-AD9A-4F91E63018C1}\InprocServer32 -> C:\WINDOWS\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3331112126-1740026331-2912461648-1001_Classes\CLSID\{3E904604-5644-3BB9-BE8B-53C695C2DFD4}\InprocServer32 -> C:\WINDOWS\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3331112126-1740026331-2912461648-1001_Classes\CLSID\{3E9F3F64-41EC-322B-A7CF-08EFDBEDDE0D}\InprocServer32 -> C:\WINDOWS\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3331112126-1740026331-2912461648-1001_Classes\CLSID\{3EFF8A4D-079D-3188-A8C1-9202B40F074E}\InprocServer32 -> C:\WINDOWS\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3331112126-1740026331-2912461648-1001_Classes\CLSID\{3F8286BA-265A-35CA-9C0E-9E3E50DE5E9C}\InprocServer32 -> C:\WINDOWS\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3331112126-1740026331-2912461648-1001_Classes\CLSID\{3F9388F5-8B94-3B09-8A15-605DC8E22F4E}\InprocServer32 -> C:\WINDOWS\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3331112126-1740026331-2912461648-1001_Classes\CLSID\{405DFCF5-AF5B-38EA-8850-E9F5B7A116DB}\InprocServer32 -> C:\WINDOWS\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3331112126-1740026331-2912461648-1001_Classes\CLSID\{40C8F80B-2306-3964-BF01-D8E415C3F6F3}\InprocServer32 -> C:\WINDOWS\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3331112126-1740026331-2912461648-1001_Classes\CLSID\{40E743CE-A93C-3A58-ACE4-EB6D2564D73D}\InprocServer32 -> C:\WINDOWS\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3331112126-1740026331-2912461648-1001_Classes\CLSID\{4144B296-8927-3FAB-B060-D32D6E581FC7}\InprocServer32 -> C:\WINDOWS\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3331112126-1740026331-2912461648-1001_Classes\CLSID\{41ABB9FA-DE4E-3AB5-B733-E4E8740421B1}\InprocServer32 -> C:\WINDOWS\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3331112126-1740026331-2912461648-1001_Classes\CLSID\{4464F316-AC6F-3FC9-8DCE-8F53C3A48DE1}\InprocServer32 -> C:\WINDOWS\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3331112126-1740026331-2912461648-1001_Classes\CLSID\{447371C8-0F47-3B41-8AD2-7DE41EEC31BB}\InprocServer32 -> C:\WINDOWS\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3331112126-1740026331-2912461648-1001_Classes\CLSID\{44DAEC41-40D0-341B-8EC6-2BF312D07D40}\InprocServer32 -> C:\WINDOWS\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3331112126-1740026331-2912461648-1001_Classes\CLSID\{460D0027-01EA-395D-A002-634BAC1060FB}\InprocServer32 -> C:\WINDOWS\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3331112126-1740026331-2912461648-1001_Classes\CLSID\{474AE637-729A-3CBB-93B1-5567B1CC1EEF}\InprocServer32 -> C:\WINDOWS\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3331112126-1740026331-2912461648-1001_Classes\CLSID\{477AFF39-C7C4-3494-BEB3-870B38E516EB}\InprocServer32 -> C:\WINDOWS\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3331112126-1740026331-2912461648-1001_Classes\CLSID\{47E90B6F-9429-3FAE-9877-745475B29AF1}\InprocServer32 -> C:\WINDOWS\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3331112126-1740026331-2912461648-1001_Classes\CLSID\{47F986A9-B4C0-3DFF-8949-C430AEE509D1}\InprocServer32 -> C:\WINDOWS\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3331112126-1740026331-2912461648-1001_Classes\CLSID\{49B6FE7A-D768-3FBD-B5C7-96EAC7C377FB}\InprocServer32 -> C:\WINDOWS\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3331112126-1740026331-2912461648-1001_Classes\CLSID\{4A8B7CF7-D4AE-3371-ACC5-3BDEFD4CDEE4}\InprocServer32 -> C:\WINDOWS\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3331112126-1740026331-2912461648-1001_Classes\CLSID\{4B6C6A4A-EF69-3FE2-82BA-123E70BB049F}\InprocServer32 -> C:\WINDOWS\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3331112126-1740026331-2912461648-1001_Classes\CLSID\{4D1DCBA9-0811-3722-B3A2-8C5ADB94FB4A}\InprocServer32 -> C:\WINDOWS\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3331112126-1740026331-2912461648-1001_Classes\CLSID\{4D665116-F095-3B6B-9939-BA043EACD231}\InprocServer32 -> C:\WINDOWS\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3331112126-1740026331-2912461648-1001_Classes\CLSID\{4F043CF7-52C2-3D66-953E-661EE9B2D3D9}\InprocServer32 -> C:\WINDOWS\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3331112126-1740026331-2912461648-1001_Classes\CLSID\{52937E2A-62D9-3661-9C2B-8036353661CA}\InprocServer32 -> C:\WINDOWS\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3331112126-1740026331-2912461648-1001_Classes\CLSID\{529677C4-FA8D-37BB-9E30-466FA2307234}\InprocServer32 -> C:\WINDOWS\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3331112126-1740026331-2912461648-1001_Classes\CLSID\{52E7A379-F0BF-3E64-86F9-E66B203A7C25}\InprocServer32 -> C:\WINDOWS\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3331112126-1740026331-2912461648-1001_Classes\CLSID\{52FFE553-C84C-3736-8C25-5267729CA5FE}\InprocServer32 -> C:\WINDOWS\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3331112126-1740026331-2912461648-1001_Classes\CLSID\{542DFDA6-99E6-3009-94EC-E583068EA1C8}\InprocServer32 -> C:\WINDOWS\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3331112126-1740026331-2912461648-1001_Classes\CLSID\{543391AA-E359-4EAA-8386-B36DFCA19A7C}\InprocServer32 -> C:\Users\Matthew\AppData\Local\Apps\2.0\BOWV98H2.JO7\Z6B6534T.TDK\toutapp_4be7ebe30a39a08e_0005.0001_bed387ebb894f9c3\adxloader64.dll ()
CustomCLSID: HKU\S-1-5-21-3331112126-1740026331-2912461648-1001_Classes\CLSID\{55B85C37-6EDC-3978-9681-BA0F2612DEDE}\InprocServer32 -> C:\WINDOWS\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3331112126-1740026331-2912461648-1001_Classes\CLSID\{55DDA14F-4F2C-3A8F-A0FB-646196484E89}\InprocServer32 -> C:\WINDOWS\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3331112126-1740026331-2912461648-1001_Classes\CLSID\{5670EE48-25BA-3D02-BAD6-FC1E2F56E5B0}\InprocServer32 -> C:\WINDOWS\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3331112126-1740026331-2912461648-1001_Classes\CLSID\{56D9AF86-A578-3DD1-983C-B3F7715679AF}\InprocServer32 -> C:\WINDOWS\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3331112126-1740026331-2912461648-1001_Classes\CLSID\{57797413-657E-3042-AB83-D95B3146C377}\InprocServer32 -> C:\WINDOWS\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3331112126-1740026331-2912461648-1001_Classes\CLSID\{57FF9900-88E0-3527-A580-72EB0F6072D6}\InprocServer32 -> C:\WINDOWS\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3331112126-1740026331-2912461648-1001_Classes\CLSID\{5811883A-1657-3FC1-92CA-62B38C3E4AC4}\InprocServer32 -> C:\WINDOWS\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3331112126-1740026331-2912461648-1001_Classes\CLSID\{585A5679-EBB1-3088-82D7-CA1611657EC6}\InprocServer32 -> C:\WINDOWS\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3331112126-1740026331-2912461648-1001_Classes\CLSID\{59193D5E-E6E3-3564-A181-8EEE0ED253C2}\InprocServer32 -> C:\WINDOWS\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3331112126-1740026331-2912461648-1001_Classes\CLSID\{594F4647-5284-31EC-9210-EC591534412D}\InprocServer32 -> C:\WINDOWS\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3331112126-1740026331-2912461648-1001_Classes\CLSID\{5B9377CF-F3A7-3DFF-9972-4C2D85537DC6}\InprocServer32 -> C:\WINDOWS\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3331112126-1740026331-2912461648-1001_Classes\CLSID\{5BC5028F-EC42-33F5-A9E3-7FE9A3CE554D}\InprocServer32 -> C:\WINDOWS\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3331112126-1740026331-2912461648-1001_Classes\CLSID\{5C2C4617-66C7-3C9C-B304-4FF2C5B6BA0E}\InprocServer32 -> C:\WINDOWS\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3331112126-1740026331-2912461648-1001_Classes\CLSID\{5C91369F-90CC-3430-8F86-25368CCD9326}\InprocServer32 -> C:\WINDOWS\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3331112126-1740026331-2912461648-1001_Classes\CLSID\{5D712CD4-9944-3690-80F8-D11050444492}\InprocServer32 -> C:\WINDOWS\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3331112126-1740026331-2912461648-1001_Classes\CLSID\{5D9A9700-E728-3C83-90C3-F60CD5BCAC8F}\InprocServer32 -> C:\WINDOWS\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3331112126-1740026331-2912461648-1001_Classes\CLSID\{5DC1A72F-52EA-31B7-8C6E-A3A189886DFE}\InprocServer32 -> C:\WINDOWS\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3331112126-1740026331-2912461648-1001_Classes\CLSID\{5DD7B95A-31AD-3ED0-8D1B-0B1E9E70A4F3}\InprocServer32 -> C:\WINDOWS\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3331112126-1740026331-2912461648-1001_Classes\CLSID\{5EAC2E55-0607-326A-BBB8-8EADF0B74C04}\InprocServer32 -> C:\WINDOWS\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3331112126-1740026331-2912461648-1001_Classes\CLSID\{5EC94159-7CC7-3ABA-BDC5-9B961CD79A7B}\InprocServer32 -> C:\WINDOWS\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3331112126-1740026331-2912461648-1001_Classes\CLSID\{60149060-2F4E-357C-B35D-AB87482C829E}\InprocServer32 -> C:\WINDOWS\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3331112126-1740026331-2912461648-1001_Classes\CLSID\{6036C585-C023-36C5-B400-D45C824487C6}\InprocServer32 -> C:\WINDOWS\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3331112126-1740026331-2912461648-1001_Classes\CLSID\{606C6514-B0B6-3C0A-AA1F-473C9A2A95F2}\InprocServer32 -> C:\WINDOWS\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3331112126-1740026331-2912461648-1001_Classes\CLSID\{60A7AAD8-2EB3-37D8-AADA-575E7BA1D607}\InprocServer32 -> C:\WINDOWS\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3331112126-1740026331-2912461648-1001_Classes\CLSID\{60CE2E80-FB0B-3FDE-821D-2C76B6361A77}\InprocServer32 -> C:\WINDOWS\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3331112126-1740026331-2912461648-1001_Classes\CLSID\{6188AEFB-A20D-33F9-848D-FAFF2AF6D81E}\InprocServer32 -> C:\WINDOWS\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3331112126-1740026331-2912461648-1001_Classes\CLSID\{61C00D36-6957-36AE-94E3-362849F1046E}\InprocServer32 -> C:\WINDOWS\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3331112126-1740026331-2912461648-1001_Classes\CLSID\{61CBA091-512B-3A38-BDB4-C9B2976692BB}\InprocServer32 -> C:\WINDOWS\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3331112126-1740026331-2912461648-1001_Classes\CLSID\{61F77F2E-2948-3FD0-B1CF-F8AA0CAF0FAC}\InprocServer32 -> C:\WINDOWS\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3331112126-1740026331-2912461648-1001_Classes\CLSID\{6212C42B-2DCA-3FBB-9BF8-23814E0E2049}\InprocServer32 -> C:\WINDOWS\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3331112126-1740026331-2912461648-1001_Classes\CLSID\{6275150A-C24A-3EAB-9055-E2D36F1EDF3E}\InprocServer32 -> C:\WINDOWS\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3331112126-1740026331-2912461648-1001_Classes\CLSID\{62C97A89-3E5A-3E4B-8BF5-9EE83270E4BF}\InprocServer32 -> C:\WINDOWS\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3331112126-1740026331-2912461648-1001_Classes\CLSID\{63716343-C205-32C5-BE3B-615E93275E5C}\InprocServer32 -> C:\WINDOWS\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3331112126-1740026331-2912461648-1001_Classes\CLSID\{639B66AE-71EC-372D-9D4B-26DDA410A440}\InprocServer32 -> C:\WINDOWS\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3331112126-1740026331-2912461648-1001_Classes\CLSID\{64025645-6DB1-34C7-A81D-4519DCAA35DF}\InprocServer32 -> C:\WINDOWS\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3331112126-1740026331-2912461648-1001_Classes\CLSID\{64869D13-9A70-3E48-9717-E33769BCB1F1}\InprocServer32 -> C:\WINDOWS\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3331112126-1740026331-2912461648-1001_Classes\CLSID\{64AE23C2-6DA9-30DE-850E-5DE8AF887C5E}\InprocServer32 -> C:\WINDOWS\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3331112126-1740026331-2912461648-1001_Classes\CLSID\{650A8841-4E27-31B1-AB74-17B9944AE216}\InprocServer32 -> C:\WINDOWS\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3331112126-1740026331-2912461648-1001_Classes\CLSID\{6576AE5A-8157-3E10-9D29-AC9524DB09A1}\InprocServer32 -> C:\WINDOWS\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3331112126-1740026331-2912461648-1001_Classes\CLSID\{657B1373-E74A-3C67-A0B8-8A62C1C2C39F}\InprocServer32 -> C:\WINDOWS\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3331112126-1740026331-2912461648-1001_Classes\CLSID\{65B828DC-D977-3822-BF24-931E3BE0F031}\InprocServer32 -> C:\WINDOWS\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3331112126-1740026331-2912461648-1001_Classes\CLSID\{65FAF79B-3C93-3A9B-8236-194D50A17B55}\InprocServer32 -> C:\WINDOWS\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3331112126-1740026331-2912461648-1001_Classes\CLSID\{667D4EC2-5DA3-3108-A24E-95D29DE50D60}\InprocServer32 -> C:\WINDOWS\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3331112126-1740026331-2912461648-1001_Classes\CLSID\{67A5405C-2A17-32BE-AA7E-0B518A8510EB}\InprocServer32 -> C:\WINDOWS\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3331112126-1740026331-2912461648-1001_Classes\CLSID\{67C5236A-0511-394F-B0A0-088D005C2DB8}\InprocServer32 -> C:\WINDOWS\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3331112126-1740026331-2912461648-1001_Classes\CLSID\{6980CF33-0C76-3E57-AA3D-CF3CAE95A81A}\InprocServer32 -> C:\WINDOWS\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3331112126-1740026331-2912461648-1001_Classes\CLSID\{698DF722-67DC-3625-8C76-6D998D8413AA}\InprocServer32 -> C:\WINDOWS\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3331112126-1740026331-2912461648-1001_Classes\CLSID\{69F11048-9F7D-330B-81BB-5DCADB8F34BA}\InprocServer32 -> C:\WINDOWS\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3331112126-1740026331-2912461648-1001_Classes\CLSID\{6A486739-FA77-3FBE-9ED6-16CB158611A5}\InprocServer32 -> C:\WINDOWS\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3331112126-1740026331-2912461648-1001_Classes\CLSID\{6A4DC0B5-BAAD-39AC-A092-A4DA6AD1DF6F}\InprocServer32 -> C:\WINDOWS\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3331112126-1740026331-2912461648-1001_Classes\CLSID\{6AA4BE40-ECB1-312C-9276-E377F0FFDF44}\InprocServer32 -> C:\WINDOWS\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3331112126-1740026331-2912461648-1001_Classes\CLSID\{6AE5F636-DD44-3616-AF5F-6397AF24C06B}\InprocServer32 -> C:\WINDOWS\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3331112126-1740026331-2912461648-1001_Classes\CLSID\{6AEF9D9D-1C0A-3B48-9273-99805D4B60DA}\InprocServer32 -> C:\WINDOWS\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3331112126-1740026331-2912461648-1001_Classes\CLSID\{6C06C902-CFF4-317C-B839-AC20776B6BF6}\InprocServer32 -> C:\WINDOWS\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3331112126-1740026331-2912461648-1001_Classes\CLSID\{6C086AD1-4FA4-32A3-9624-5C06B5BE38E0}\InprocServer32 -> C:\WINDOWS\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3331112126-1740026331-2912461648-1001_Classes\CLSID\{6C289FCE-AB53-3D9F-B3DA-4D7994072000}\InprocServer32 -> C:\WINDOWS\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3331112126-1740026331-2912461648-1001_Classes\CLSID\{6CD082D9-E680-3113-8971-DBC985026F47}\InprocServer32 -> C:\WINDOWS\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3331112126-1740026331-2912461648-1001_Classes\CLSID\{6DFEF2FE-3F74-33A7-AB38-65D284A65023}\InprocServer32 -> C:\WINDOWS\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3331112126-1740026331-2912461648-1001_Classes\CLSID\{6E0F675A-1455-3F6A-8862-6460B9472303}\InprocServer32 -> C:\WINDOWS\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3331112126-1740026331-2912461648-1001_Classes\CLSID\{6EB21FD1-0E56-3828-AD75-F2FA3A1A7860}\InprocServer32 -> C:\WINDOWS\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3331112126-1740026331-2912461648-1001_Classes\CLSID\{7147E1EA-B2F8-3C57-8D27-006A4A99A2CB}\InprocServer32 -> C:\WINDOWS\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3331112126-1740026331-2912461648-1001_Classes\CLSID\{71F150E5-B80D-37A0-9EEB-A932035C7A67}\InprocServer32 -> C:\WINDOWS\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3331112126-1740026331-2912461648-1001_Classes\CLSID\{729D9031-A8BE-3D62-92A2-717951BF4416}\InprocServer32 -> C:\WINDOWS\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3331112126-1740026331-2912461648-1001_Classes\CLSID\{73DC632C-A04A-3257-A4DD-1C7EADD432CB}\InprocServer32 -> C:\WINDOWS\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3331112126-1740026331-2912461648-1001_Classes\CLSID\{75E6E66D-E81C-3F55-BE19-31C0CF24C9F0}\InprocServer32 -> C:\WINDOWS\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3331112126-1740026331-2912461648-1001_Classes\CLSID\{78654CAB-0DB5-36B8-8B7A-817939306167}\InprocServer32 -> C:\WINDOWS\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3331112126-1740026331-2912461648-1001_Classes\CLSID\{7A3C450E-56BE-3380-B0E3-2B4BA3D75978}\InprocServer32 -> C:\WINDOWS\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3331112126-1740026331-2912461648-1001_Classes\CLSID\{7A89FABC-6C74-3BCC-BE1E-22BDC916BB73}\InprocServer32 -> C:\WINDOWS\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3331112126-1740026331-2912461648-1001_Classes\CLSID\{7B3209CD-09AE-30AE-AD08-36B0FBC68069}\InprocServer32 -> C:\WINDOWS\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3331112126-1740026331-2912461648-1001_Classes\CLSID\{7B37F05A-3381-3045-B5B1-7EFED86FB78F}\InprocServer32 -> C:\WINDOWS\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3331112126-1740026331-2912461648-1001_Classes\CLSID\{7B93800B-B590-306E-83B4-7758298B5D8D}\InprocServer32 -> C:\WINDOWS\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3331112126-1740026331-2912461648-1001_Classes\CLSID\{7D52B8F3-4EE6-36AE-BAA4-8AD49D18EB53}\InprocServer32 -> C:\WINDOWS\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3331112126-1740026331-2912461648-1001_Classes\CLSID\{80A3675E-DF05-33CD-8DCE-F18AD5C2A436}\InprocServer32 -> C:\WINDOWS\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3331112126-1740026331-2912461648-1001_Classes\CLSID\{80D7F026-9949-38AE-A117-D0A2CE8D1040}\InprocServer32 -> C:\WINDOWS\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3331112126-1740026331-2912461648-1001_Classes\CLSID\{81BA8870-48EB-39D7-BA78-3ED1EC009F13}\InprocServer32 -> C:\WINDOWS\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3331112126-1740026331-2912461648-1001_Classes\CLSID\{81F606A5-7D58-3190-BBF4-A6287AEE6069}\InprocServer32 -> C:\WINDOWS\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3331112126-1740026331-2912461648-1001_Classes\CLSID\{8382A303-9092-3236-950F-2B262E180843}\InprocServer32 -> C:\WINDOWS\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3331112126-1740026331-2912461648-1001_Classes\CLSID\{84B5A313-CD5D-4904-8BA2-AFDC81C1B309}\InprocServer32 -> C:\Users\Matthew\AppData\Local\Citrix\GoToMeeting\1865\G2MOutlookAddin64.dll (Citrix Online, a division of Citrix Systems, Inc.)
CustomCLSID: HKU\S-1-5-21-3331112126-1740026331-2912461648-1001_Classes\CLSID\{84BDD49E-5568-3241-B427-593C4CBE8DC7}\InprocServer32 -> C:\WINDOWS\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3331112126-1740026331-2912461648-1001_Classes\CLSID\{859DDAA1-64F5-3F3F-BF6C-70816F80DD13}\InprocServer32 -> C:\WINDOWS\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3331112126-1740026331-2912461648-1001_Classes\CLSID\{86AEB387-199E-3488-875F-2460590A8D28}\InprocServer32 -> C:\WINDOWS\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3331112126-1740026331-2912461648-1001_Classes\CLSID\{898F3A1A-1463-398B-8CB9-0325C66E2949}\InprocServer32 -> C:\WINDOWS\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3331112126-1740026331-2912461648-1001_Classes\CLSID\{89E5544C-8DC0-3608-B4B8-351644C3F213}\InprocServer32 -> C:\WINDOWS\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3331112126-1740026331-2912461648-1001_Classes\CLSID\{8B82C66F-D589-38C9-B8F7-10773124928E}\InprocServer32 -> C:\WINDOWS\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3331112126-1740026331-2912461648-1001_Classes\CLSID\{8B9C3696-A9B2-3FAB-A7C3-2134E3D9DB39}\InprocServer32 -> C:\WINDOWS\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3331112126-1740026331-2912461648-1001_Classes\CLSID\{8CA5210E-E8C7-30D5-B9D0-C52F79BA2AEC}\InprocServer32 -> C:\WINDOWS\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3331112126-1740026331-2912461648-1001_Classes\CLSID\{8CCE51C0-D1D6-321B-A08F-E778E16198DF}\InprocServer32 -> C:\WINDOWS\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3331112126-1740026331-2912461648-1001_Classes\CLSID\{8D74518E-C230-3DD8-88E3-97BC3C1C51A9}\InprocServer32 -> C:\WINDOWS\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3331112126-1740026331-2912461648-1001_Classes\CLSID\{8DB9F797-18DA-334D-A91D-4D0CB0AA87D6}\InprocServer32 -> C:\WINDOWS\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3331112126-1740026331-2912461648-1001_Classes\CLSID\{8E03AFE0-0C7E-370D-ACA5-C4E8193FA2D2}\InprocServer32 -> C:\WINDOWS\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3331112126-1740026331-2912461648-1001_Classes\CLSID\{8F254497-FFEF-35FE-AA91-7006728B677C}\InprocServer32 -> C:\WINDOWS\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3331112126-1740026331-2912461648-1001_Classes\CLSID\{8F3D0A38-6759-3E92-80AD-FBED2FBB36EF}\InprocServer32 -> C:\WINDOWS\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3331112126-1740026331-2912461648-1001_Classes\CLSID\{8F771DA5-1798-3E8C-843F-A9C6FA9FF5E4}\InprocServer32 -> C:\WINDOWS\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3331112126-1740026331-2912461648-1001_Classes\CLSID\{9111D06A-6312-35D0-8E8A-2600651F18BA}\InprocServer32 -> C:\WINDOWS\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3331112126-1740026331-2912461648-1001_Classes\CLSID\{9265B9E2-8102-3B3A-A134-3FD275ADEA8E}\InprocServer32 -> C:\WINDOWS\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3331112126-1740026331-2912461648-1001_Classes\CLSID\{92923564-81CA-3F8E-A2A6-FF729E0D6FC4}\InprocServer32 -> C:\WINDOWS\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3331112126-1740026331-2912461648-1001_Classes\CLSID\{92D9DD82-6D8E-34D3-8C9F-4137292F0932}\InprocServer32 -> C:\WINDOWS\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3331112126-1740026331-2912461648-1001_Classes\CLSID\{939E7932-1449-315A-86A6-B5288D0E7A4C}\InprocServer32 -> C:\WINDOWS\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3331112126-1740026331-2912461648-1001_Classes\CLSID\{93EB1B56-A3EA-3363-9A74-A6E7A33596D7}\InprocServer32 -> C:\WINDOWS\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3331112126-1740026331-2912461648-1001_Classes\CLSID\{94168EF2-7638-3790-92B8-242A13D47263}\InprocServer32 -> C:\WINDOWS\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3331112126-1740026331-2912461648-1001_Classes\CLSID\{9493DD85-D951-34C0-A01D-5293C58DDCBA}\InprocServer32 -> C:\WINDOWS\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3331112126-1740026331-2912461648-1001_Classes\CLSID\{94A269F0-443C-38B3-8145-69F3FF8F85DD}\InprocServer32 -> C:\WINDOWS\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3331112126-1740026331-2912461648-1001_Classes\CLSID\{956757EB-0E2C-3ECA-B713-9815D5473535}\InprocServer32 -> C:\WINDOWS\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3331112126-1740026331-2912461648-1001_Classes\CLSID\{95990083-FBEA-3385-A4A0-B09D0C5E0E83}\InprocServer32 -> C:\WINDOWS\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3331112126-1740026331-2912461648-1001_Classes\CLSID\{9601F788-32E0-4513-998A-4C5346228657}\InprocServer32 -> C:\Users\Matthew\AppData\Roaming\Sidekick\adxloader64.dll ()
CustomCLSID: HKU\S-1-5-21-3331112126-1740026331-2912461648-1001_Classes\CLSID\{96943547-BBA4-3494-94A2-28F767634EBE}\InprocServer32 -> C:\WINDOWS\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3331112126-1740026331-2912461648-1001_Classes\CLSID\{9697632B-8040-306D-AFFB-807D9B0027C4}\InprocServer32 -> C:\WINDOWS\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3331112126-1740026331-2912461648-1001_Classes\CLSID\{96A00C5D-81C7-31BE-A800-902D54A8C978}\InprocServer32 -> C:\WINDOWS\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3331112126-1740026331-2912461648-1001_Classes\CLSID\{96E90871-D0C3-3CBD-BF40-45E2471A5485}\InprocServer32 -> C:\WINDOWS\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3331112126-1740026331-2912461648-1001_Classes\CLSID\{98214CDD-A131-3495-9DCE-F5A1A0965A7B}\InprocServer32 -> C:\WINDOWS\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3331112126-1740026331-2912461648-1001_Classes\CLSID\{983C6590-CBFD-3F41-8BEB-9AE8C3F1A888}\InprocServer32 -> C:\WINDOWS\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3331112126-1740026331-2912461648-1001_Classes\CLSID\{99684244-1349-396C-B976-4F0DD51D3F24}\InprocServer32 -> C:\WINDOWS\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3331112126-1740026331-2912461648-1001_Classes\CLSID\{9A31B44A-EEB2-3755-886A-C470EBD0453C}\InprocServer32 -> C:\WINDOWS\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3331112126-1740026331-2912461648-1001_Classes\CLSID\{9B206DF8-56C6-30DD-92B1-8130E3384653}\InprocServer32 -> C:\WINDOWS\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3331112126-1740026331-2912461648-1001_Classes\CLSID\{9CC1B085-CD19-3B2D-B926-5F7C3ABB02CB}\InprocServer32 -> C:\WINDOWS\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3331112126-1740026331-2912461648-1001_Classes\CLSID\{9CF9A7C7-1260-358D-A280-198C93B76F01}\InprocServer32 -> C:\WINDOWS\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3331112126-1740026331-2912461648-1001_Classes\CLSID\{9D1829FF-1F3D-3D3A-83F3-1E3810FD388A}\InprocServer32 -> C:\WINDOWS\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3331112126-1740026331-2912461648-1001_Classes\CLSID\{9E17BA79-272F-3C30-8C98-15D013238814}\InprocServer32 -> C:\WINDOWS\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3331112126-1740026331-2912461648-1001_Classes\CLSID\{9F4BE125-8853-348F-B384-4086BDE46093}\InprocServer32 -> C:\WINDOWS\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3331112126-1740026331-2912461648-1001_Classes\CLSID\{9FEE440E-F4CA-345B-B1EA-F367226854AA}\InprocServer32 -> C:\WINDOWS\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3331112126-1740026331-2912461648-1001_Classes\CLSID\{9FFD79A6-1151-3983-BA14-343FF02744CC}\InprocServer32 -> C:\WINDOWS\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3331112126-1740026331-2912461648-1001_Classes\CLSID\{A00B56EA-9694-3EB4-BB05-4C7A91744A92}\InprocServer32 -> C:\WINDOWS\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3331112126-1740026331-2912461648-1001_Classes\CLSID\{A0160984-A728-3D91-BB9F-B0860C6C6841}\InprocServer32 -> C:\WINDOWS\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3331112126-1740026331-2912461648-1001_Classes\CLSID\{A1BA5364-0E45-3EE3-B68A-FC6018C3A94D}\InprocServer32 -> C:\WINDOWS\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3331112126-1740026331-2912461648-1001_Classes\CLSID\{A1C5F652-47C9-357D-AB2C-EF2DC510AA8F}\InprocServer32 -> C:\WINDOWS\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3331112126-1740026331-2912461648-1001_Classes\CLSID\{A2C27C50-D0F9-319E-86C2-E314025E33F1}\InprocServer32 -> C:\WINDOWS\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3331112126-1740026331-2912461648-1001_Classes\CLSID\{A2EE011B-3AFE-3816-B687-6D032C875CEA}\InprocServer32 -> C:\WINDOWS\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3331112126-1740026331-2912461648-1001_Classes\CLSID\{A3DCC962-8052-385B-83CF-BEBE6CC31CB5}\InprocServer32 -> C:\WINDOWS\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3331112126-1740026331-2912461648-1001_Classes\CLSID\{A41DB9D7-01CA-3ACA-9B8E-27554F3410C7}\InprocServer32 -> C:\WINDOWS\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3331112126-1740026331-2912461648-1001_Classes\CLSID\{A44DA0DE-625A-3233-9880-10FDC4A39527}\InprocServer32 -> C:\WINDOWS\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3331112126-1740026331-2912461648-1001_Classes\CLSID\{A46F295E-777A-30D9-B719-CEE5C88D8DE8}\InprocServer32 -> C:\WINDOWS\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3331112126-1740026331-2912461648-1001_Classes\CLSID\{A60A744F-28A9-32E2-ABEC-3EDA85A8171C}\InprocServer32 -> C:\WINDOWS\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3331112126-1740026331-2912461648-1001_Classes\CLSID\{A654F4D2-EDE6-3BB8-AA27-3E9BBD86FF84}\InprocServer32 -> C:\WINDOWS\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3331112126-1740026331-2912461648-1001_Classes\CLSID\{A67EF337-D6B0-3AA4-9A14-EA6116526671}\InprocServer32 -> C:\WINDOWS\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3331112126-1740026331-2912461648-1001_Classes\CLSID\{A6903307-8015-3552-94A7-D25731F4B5A0}\InprocServer32 -> C:\WINDOWS\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3331112126-1740026331-2912461648-1001_Classes\CLSID\{A6F9A450-0328-37EC-962B-D30F72B82D49}\InprocServer32 -> C:\WINDOWS\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3331112126-1740026331-2912461648-1001_Classes\CLSID\{A76F9456-F02A-32F1-8750-E4D875DEC50E}\InprocServer32 -> C:\WINDOWS\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3331112126-1740026331-2912461648-1001_Classes\CLSID\{A826C840-7D4E-307A-98C3-B64FC3F7A497}\InprocServer32 -> C:\WINDOWS\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3331112126-1740026331-2912461648-1001_Classes\CLSID\{A83D42FD-1A5E-3738-A8DC-DBFB6A933FF2}\InprocServer32 -> C:\WINDOWS\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3331112126-1740026331-2912461648-1001_Classes\CLSID\{A95C8355-5979-3BC4-AAF0-AB098E50E13D}\InprocServer32 -> C:\WINDOWS\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3331112126-1740026331-2912461648-1001_Classes\CLSID\{AA51DE18-64AB-3DEB-AE09-809025A89436}\InprocServer32 -> C:\WINDOWS\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3331112126-1740026331-2912461648-1001_Classes\CLSID\{AA686530-701D-35F3-A4BA-ED7335D9236F}\InprocServer32 -> C:\WINDOWS\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3331112126-1740026331-2912461648-1001_Classes\CLSID\{AB263CC4-2645-3C61-B75C-E5E2FF11897F}\InprocServer32 -> C:\WINDOWS\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3331112126-1740026331-2912461648-1001_Classes\CLSID\{AB38A790-ADA7-3072-9369-E9F23BE7BBF8}\InprocServer32 -> C:\WINDOWS\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3331112126-1740026331-2912461648-1001_Classes\CLSID\{AB3BCEDD-1DD8-30E8-824E-43770F6D8B6B}\InprocServer32 -> C:\WINDOWS\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3331112126-1740026331-2912461648-1001_Classes\CLSID\{ABEAE84F-9745-3D4C-81A6-AB5C9CE243DF}\InprocServer32 -> C:\WINDOWS\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3331112126-1740026331-2912461648-1001_Classes\CLSID\{AC56EA65-77CD-36F8-A368-3ED096F57770}\InprocServer32 -> C:\WINDOWS\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3331112126-1740026331-2912461648-1001_Classes\CLSID\{ACA4A18D-40CB-3DD9-808D-599A270ED174}\InprocServer32 -> C:\WINDOWS\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3331112126-1740026331-2912461648-1001_Classes\CLSID\{AD209664-2DF1-3EA0-A3AC-7C81CFC7ABFE}\InprocServer32 -> C:\WINDOWS\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3331112126-1740026331-2912461648-1001_Classes\CLSID\{AD4F3B39-2E75-3249-BE8F-FF763BC127D3}\InprocServer32 -> C:\WINDOWS\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3331112126-1740026331-2912461648-1001_Classes\CLSID\{AE747C8E-1433-3C67-841F-1EF1993372E8}\InprocServer32 -> C:\WINDOWS\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3331112126-1740026331-2912461648-1001_Classes\CLSID\{AECBBA55-4145-3642-A941-618EBD21E471}\InprocServer32 -> C:\WINDOWS\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3331112126-1740026331-2912461648-1001_Classes\CLSID\{AEFC5837-B643-3A53-B00D-98F030ED2FD2}\InprocServer32 -> C:\WINDOWS\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3331112126-1740026331-2912461648-1001_Classes\CLSID\{AF6484F1-18DF-36BD-BC55-B9F50341C43A}\InprocServer32 -> C:\WINDOWS\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3331112126-1740026331-2912461648-1001_Classes\CLSID\{B02F6405-4006-34FC-BAD5-EBE78E5DD1CE}\InprocServer32 -> C:\WINDOWS\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3331112126-1740026331-2912461648-1001_Classes\CLSID\{B2638D66-74AE-3F10-B7F2-96D414C5CCB3}\InprocServer32 -> C:\WINDOWS\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3331112126-1740026331-2912461648-1001_Classes\CLSID\{B2BBBBB1-FA45-357A-A8F2-60F9AD081CF1}\InprocServer32 -> C:\WINDOWS\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3331112126-1740026331-2912461648-1001_Classes\CLSID\{B2EFCB36-6CCC-30F0-9EE3-063A1891E81F}\InprocServer32 -> C:\WINDOWS\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3331112126-1740026331-2912461648-1001_Classes\CLSID\{B3211D86-42EE-370D-A673-8AD89DA10AD2}\InprocServer32 -> C:\WINDOWS\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3331112126-1740026331-2912461648-1001_Classes\CLSID\{B3DB1AD9-7040-3E40-BBC1-37A6CE5F8A9E}\InprocServer32 -> C:\WINDOWS\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3331112126-1740026331-2912461648-1001_Classes\CLSID\{B451487F-8D89-310A-AB8B-37B389AB2922}\InprocServer32 -> C:\WINDOWS\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3331112126-1740026331-2912461648-1001_Classes\CLSID\{B46F7B4C-FE37-3A49-8798-3A0AE89B9E5D}\InprocServer32 -> C:\WINDOWS\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3331112126-1740026331-2912461648-1001_Classes\CLSID\{B471D131-AB92-3DAD-9525-C3C434EB8689}\InprocServer32 -> C:\WINDOWS\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3331112126-1740026331-2912461648-1001_Classes\CLSID\{B496FF7F-7115-3B20-B8E8-7CA3CC8D08F2}\InprocServer32 -> C:\WINDOWS\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3331112126-1740026331-2912461648-1001_Classes\CLSID\{B51F1B72-2E8A-3AE5-AEA8-1619B3E2517F}\InprocServer32 -> C:\WINDOWS\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3331112126-1740026331-2912461648-1001_Classes\CLSID\{B520F843-130C-3BA4-B99A-07F7829DA3B1}\InprocServer32 -> C:\WINDOWS\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3331112126-1740026331-2912461648-1001_Classes\CLSID\{B5B5B7D5-DC1F-31E7-9855-C492CA9CD3CD}\InprocServer32 -> C:\WINDOWS\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3331112126-1740026331-2912461648-1001_Classes\CLSID\{B5BA239F-AAA1-3E9E-A22F-98DFAEB7EDF0}\InprocServer32 -> C:\WINDOWS\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3331112126-1740026331-2912461648-1001_Classes\CLSID\{B72C5929-112F-3543-B8D4-1D4D0EC8111E}\InprocServer32 -> C:\WINDOWS\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3331112126-1740026331-2912461648-1001_Classes\CLSID\{B74395D4-083D-309E-BDF1-83E47C8CA35B}\InprocServer32 -> C:\WINDOWS\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3331112126-1740026331-2912461648-1001_Classes\CLSID\{B8A71631-A7F5-3133-BEE3-24AFABDD1ECE}\InprocServer32 -> C:\WINDOWS\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3331112126-1740026331-2912461648-1001_Classes\CLSID\{B9158A00-41C1-37EB-829D-FE83C91931D1}\InprocServer32 -> C:\WINDOWS\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3331112126-1740026331-2912461648-1001_Classes\CLSID\{BC0B125D-7B4F-35B1-AE53-FAE2386F05C2}\InprocServer32 -> C:\WINDOWS\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3331112126-1740026331-2912461648-1001_Classes\CLSID\{BC68BBFE-0F2F-39B0-BEC2-96A814982C33}\InprocServer32 -> C:\WINDOWS\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3331112126-1740026331-2912461648-1001_Classes\CLSID\{BE33460D-0B7E-365F-A074-A08AFAEA09A8}\InprocServer32 -> C:\WINDOWS\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3331112126-1740026331-2912461648-1001_Classes\CLSID\{BF0B86A4-BA3A-3A91-B4B6-A5028246DE9F}\InprocServer32 -> C:\WINDOWS\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3331112126-1740026331-2912461648-1001_Classes\CLSID\{BF79DBF1-FCAF-30AC-8254-02C7DC52782B}\InprocServer32 -> C:\WINDOWS\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3331112126-1740026331-2912461648-1001_Classes\CLSID\{BFAFE4AB-825D-327B-BFCE-A3AA9A127FF5}\InprocServer32 -> C:\WINDOWS\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3331112126-1740026331-2912461648-1001_Classes\CLSID\{C0741A85-64BD-359A-A53A-4E8293449CBC}\InprocServer32 -> C:\WINDOWS\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3331112126-1740026331-2912461648-1001_Classes\CLSID\{C1116516-74BA-3D79-91FB-A7986A8FB97A}\InprocServer32 -> C:\WINDOWS\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3331112126-1740026331-2912461648-1001_Classes\CLSID\{C113CC47-6EEA-3535-A562-87EE8F937104}\InprocServer32 -> C:\WINDOWS\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3331112126-1740026331-2912461648-1001_Classes\CLSID\{C2DEC7A8-76AB-3BD1-904B-C4F33F0A5E1A}\InprocServer32 -> C:\WINDOWS\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3331112126-1740026331-2912461648-1001_Classes\CLSID\{C3BD9FE9-4EA6-3D65-9618-CEC42EC602C7}\InprocServer32 -> C:\WINDOWS\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3331112126-1740026331-2912461648-1001_Classes\CLSID\{C5CEC094-1285-3FB9-8E9D-938534A8181C}\InprocServer32 -> C:\WINDOWS\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3331112126-1740026331-2912461648-1001_Classes\CLSID\{C5EE4A5D-53F1-3244-88B1-1C7B573EA422}\InprocServer32 -> C:\WINDOWS\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3331112126-1740026331-2912461648-1001_Classes\CLSID\{C5F7B5BB-C070-3891-8FB7-CD81E2188ECF}\InprocServer32 -> C:\WINDOWS\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3331112126-1740026331-2912461648-1001_Classes\CLSID\{C6AD888D-D9D6-3A79-9C54-382BBA2D3BCB}\InprocServer32 -> C:\WINDOWS\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3331112126-1740026331-2912461648-1001_Classes\CLSID\{C73884DC-8893-3F02-86BE-B16F54ADF545}\InprocServer32 -> C:\WINDOWS\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3331112126-1740026331-2912461648-1001_Classes\CLSID\{C74D4480-801E-3632-B789-FBD8FA8109C7}\InprocServer32 -> C:\WINDOWS\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3331112126-1740026331-2912461648-1001_Classes\CLSID\{C983CAF4-730D-3164-A4D4-C98DF4E66A33}\InprocServer32 -> C:\WINDOWS\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3331112126-1740026331-2912461648-1001_Classes\CLSID\{CD78317F-EDF7-3C7F-8E2A-5214BD5F4EF4}\InprocServer32 -> C:\WINDOWS\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3331112126-1740026331-2912461648-1001_Classes\CLSID\{CE183C3A-DA48-3DF4-9E49-523DA9A104A9}\InprocServer32 -> C:\WINDOWS\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3331112126-1740026331-2912461648-1001_Classes\CLSID\{D06FC0CC-BD6E-3CC3-B381-390AA96A9CF8}\InprocServer32 -> C:\WINDOWS\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3331112126-1740026331-2912461648-1001_Classes\CLSID\{D0947A33-C64D-3CD7-80B0-4140363417FF}\InprocServer32 -> C:\WINDOWS\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3331112126-1740026331-2912461648-1001_Classes\CLSID\{D0A6BBDE-AC5D-38DB-A881-265CD8222D74}\InprocServer32 -> C:\WINDOWS\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3331112126-1740026331-2912461648-1001_Classes\CLSID\{D2E76781-EFCA-3935-9F9F-81114744347C}\InprocServer32 -> C:\WINDOWS\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3331112126-1740026331-2912461648-1001_Classes\CLSID\{D3318798-67AD-30BF-AEF0-36B90115DEF8}\InprocServer32 -> C:\WINDOWS\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3331112126-1740026331-2912461648-1001_Classes\CLSID\{D4485613-816F-30FC-9393-475780F822F6}\InprocServer32 -> C:\WINDOWS\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3331112126-1740026331-2912461648-1001_Classes\CLSID\{D495F4FF-8020-3EDA-A0AE-5C6F5C2C98A1}\InprocServer32 -> C:\WINDOWS\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3331112126-1740026331-2912461648-1001_Classes\CLSID\{D51DC0C3-B6F5-37A9-99B0-42AACE700EEF}\InprocServer32 -> C:\WINDOWS\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3331112126-1740026331-2912461648-1001_Classes\CLSID\{D54C9411-692B-3DC6-B283-AAD2E98A97B2}\InprocServer32 -> C:\WINDOWS\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3331112126-1740026331-2912461648-1001_Classes\CLSID\{D567CE72-2628-3557-8180-14C3E54A316B}\InprocServer32 -> C:\WINDOWS\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3331112126-1740026331-2912461648-1001_Classes\CLSID\{D5EB0447-CD03-33D1-BA56-BD8AA8481420}\InprocServer32 -> C:\WINDOWS\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3331112126-1740026331-2912461648-1001_Classes\CLSID\{D63C4A89-5002-3AFB-B7A2-EEC9FD5D0535}\InprocServer32 -> C:\WINDOWS\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3331112126-1740026331-2912461648-1001_Classes\CLSID\{D63E0428-704B-3FE1-A48A-0A596AE04608}\InprocServer32 -> C:\WINDOWS\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3331112126-1740026331-2912461648-1001_Classes\CLSID\{D64C2038-1074-324F-966F-6D9C0BEC440D}\InprocServer32 -> C:\WINDOWS\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3331112126-1740026331-2912461648-1001_Classes\CLSID\{D6CB7456-0FFF-3D1F-AD0C-250CB03D2B43}\InprocServer32 -> C:\WINDOWS\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3331112126-1740026331-2912461648-1001_Classes\CLSID\{D6FC576C-C1AA-3257-B94F-2CFA9B8D6A46}\InprocServer32 -> C:\WINDOWS\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3331112126-1740026331-2912461648-1001_Classes\CLSID\{D81E2970-AC18-392D-814B-7DA76E97287E}\InprocServer32 -> C:\WINDOWS\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3331112126-1740026331-2912461648-1001_Classes\CLSID\{D8F0ACC7-352E-3D21-9889-DA799E836F87}\InprocServer32 -> C:\WINDOWS\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3331112126-1740026331-2912461648-1001_Classes\CLSID\{DA0CD44A-F804-3F53-8735-D706F4C31EBD}\InprocServer32 -> C:\WINDOWS\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3331112126-1740026331-2912461648-1001_Classes\CLSID\{DA0F3667-4450-3181-9E49-70878226EF57}\InprocServer32 -> C:\WINDOWS\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3331112126-1740026331-2912461648-1001_Classes\CLSID\{DA544BF6-2CCC-3A03-BBA0-85F196153EE0}\InprocServer32 -> C:\WINDOWS\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3331112126-1740026331-2912461648-1001_Classes\CLSID\{DB80E8A5-74DE-3F44-BAEC-B3E06D7DC193}\InprocServer32 -> C:\WINDOWS\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3331112126-1740026331-2912461648-1001_Classes\CLSID\{DC66EB6D-5A96-3634-A0BA-0E73DEFF8865}\InprocServer32 -> C:\WINDOWS\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3331112126-1740026331-2912461648-1001_Classes\CLSID\{DC79B200-75D3-3BF2-9E34-DA326A76E008}\InprocServer32 -> C:\WINDOWS\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3331112126-1740026331-2912461648-1001_Classes\CLSID\{DF08F8BD-B9AF-3F72-B986-2940D8D34750}\InprocServer32 -> C:\WINDOWS\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3331112126-1740026331-2912461648-1001_Classes\CLSID\{DF10688D-BC17-33F5-ABF6-DC219D39051E}\InprocServer32 -> C:\WINDOWS\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3331112126-1740026331-2912461648-1001_Classes\CLSID\{DF21E332-EA9F-340C-BF83-3489E71C3FD1}\InprocServer32 -> C:\WINDOWS\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3331112126-1740026331-2912461648-1001_Classes\CLSID\{DFB1EFAB-07E7-3B0D-8E98-2843AFCF3783}\InprocServer32 -> C:\WINDOWS\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3331112126-1740026331-2912461648-1001_Classes\CLSID\{E01CA8F5-F0BA-342D-AD02-C830D4C47BA3}\InprocServer32 -> C:\WINDOWS\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3331112126-1740026331-2912461648-1001_Classes\CLSID\{E0D7F0EB-8CE0-3F42-B03F-BEED65534573}\InprocServer32 -> C:\WINDOWS\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3331112126-1740026331-2912461648-1001_Classes\CLSID\{E33C1B0D-C5C1-3D95-A47E-A3F8CD6DF4B3}\InprocServer32 -> C:\WINDOWS\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3331112126-1740026331-2912461648-1001_Classes\CLSID\{E4B8FC21-EFD6-393F-B605-615EB7876FD7}\InprocServer32 -> C:\WINDOWS\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3331112126-1740026331-2912461648-1001_Classes\CLSID\{E6EC7A34-FCD5-3A7E-963C-1130F8422108}\InprocServer32 -> C:\WINDOWS\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3331112126-1740026331-2912461648-1001_Classes\CLSID\{E8B1DD99-7183-35A3-B1C6-F8A7A94B16FF}\InprocServer32 -> C:\WINDOWS\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3331112126-1740026331-2912461648-1001_Classes\CLSID\{E94573A8-CD58-386E-B997-DC7275572FAE}\InprocServer32 -> C:\WINDOWS\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3331112126-1740026331-2912461648-1001_Classes\CLSID\{E954F880-C220-3063-985A-D80D98769096}\InprocServer32 -> C:\WINDOWS\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3331112126-1740026331-2912461648-1001_Classes\CLSID\{EAAFF83D-1A98-3C46-9EE8-5825497A07A3}\InprocServer32 -> C:\WINDOWS\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3331112126-1740026331-2912461648-1001_Classes\CLSID\{EACE8FB6-5B14-3AAF-9BE2-BE78965626EE}\InprocServer32 -> C:\WINDOWS\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3331112126-1740026331-2912461648-1001_Classes\CLSID\{EB1A5207-6B0D-32BA-9E04-403179646E4F}\InprocServer32 -> C:\WINDOWS\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3331112126-1740026331-2912461648-1001_Classes\CLSID\{EB8EAFCD-FD51-3BB7-ABD3-CC162315699D}\InprocServer32 -> C:\WINDOWS\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3331112126-1740026331-2912461648-1001_Classes\CLSID\{EC0F3F2F-49C9-3DC7-A5F6-7D89EFB8FB80}\InprocServer32 -> C:\WINDOWS\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3331112126-1740026331-2912461648-1001_Classes\CLSID\{EC4B5D8C-D341-324D-8008-77B7CD70E73C}\InprocServer32 -> C:\WINDOWS\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3331112126-1740026331-2912461648-1001_Classes\CLSID\{EC6D7A43-639F-3AFF-8F01-D66BFB56D6F4}\InprocServer32 -> C:\WINDOWS\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3331112126-1740026331-2912461648-1001_Classes\CLSID\{EC8E60E8-8D57-343C-9499-C2D2EC7843A9}\InprocServer32 -> C:\WINDOWS\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3331112126-1740026331-2912461648-1001_Classes\CLSID\{ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C}\InprocServer32 -> C:\Users\Matthew\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3331112126-1740026331-2912461648-1001_Classes\CLSID\{ECF4738D-DBC5-3C2E-8D9C-C484BF676043}\InprocServer32 -> C:\WINDOWS\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3331112126-1740026331-2912461648-1001_Classes\CLSID\{ED16A475-5D04-3CC5-A823-99D1869FF248}\InprocServer32 -> C:\WINDOWS\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3331112126-1740026331-2912461648-1001_Classes\CLSID\{EE06E3AB-EEF0-3561-A173-AD8B2C431E54}\InprocServer32 -> C:\WINDOWS\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3331112126-1740026331-2912461648-1001_Classes\CLSID\{EF278401-FFD7-3E33-9A6A-BBF5433C5553}\InprocServer32 -> C:\WINDOWS\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3331112126-1740026331-2912461648-1001_Classes\CLSID\{EF2DC0DA-0B52-3D8A-9F69-43786A96BD93}\InprocServer32 -> C:\WINDOWS\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3331112126-1740026331-2912461648-1001_Classes\CLSID\{EF656A5C-D963-3325-9689-B8DF762F39E1}\InprocServer32 -> C:\WINDOWS\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3331112126-1740026331-2912461648-1001_Classes\CLSID\{EFEF4502-1B99-3DBF-B3BD-8F596A67DE9C}\InprocServer32 -> C:\WINDOWS\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3331112126-1740026331-2912461648-1001_Classes\CLSID\{F06E5365-774A-35FC-BEBA-3F047A03EBEA}\InprocServer32 -> C:\WINDOWS\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3331112126-1740026331-2912461648-1001_Classes\CLSID\{F13258B8-4E7A-3A60-A315-82168A074E4B}\InprocServer32 -> C:\WINDOWS\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3331112126-1740026331-2912461648-1001_Classes\CLSID\{F1E6769B-7CAF-386E-8923-736462014F05}\InprocServer32 -> C:\WINDOWS\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3331112126-1740026331-2912461648-1001_Classes\CLSID\{F3108C88-72AE-335F-9520-C8FB7900D4C9}\InprocServer32 -> C:\WINDOWS\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3331112126-1740026331-2912461648-1001_Classes\CLSID\{F3425581-E164-38B0-B9B3-2A742A809A31}\InprocServer32 -> C:\WINDOWS\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3331112126-1740026331-2912461648-1001_Classes\CLSID\{F3CBA9E9-9E8A-3F00-B6EE-B4E810EE9A64}\InprocServer32 -> C:\WINDOWS\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3331112126-1740026331-2912461648-1001_Classes\CLSID\{F3D04D81-1C2A-3892-87EF-EB79B62CBA98}\InprocServer32 -> C:\WINDOWS\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3331112126-1740026331-2912461648-1001_Classes\CLSID\{F441C5D9-15B8-3F1B-B766-F358DBB4639D}\InprocServer32 -> C:\WINDOWS\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3331112126-1740026331-2912461648-1001_Classes\CLSID\{F4CA6B26-5137-31F6-ABB4-F09F390894EE}\InprocServer32 -> C:\WINDOWS\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3331112126-1740026331-2912461648-1001_Classes\CLSID\{F8071786-1FD0-4A66-81A1-3CBE29274458}\InprocServer32 -> C:\Users\Matthew\AppData\Local\Microsoft\SkyDrive\17.3.1171.0714_1\amd64\FileSyncApi64.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3331112126-1740026331-2912461648-1001_Classes\CLSID\{F8170F5A-26E6-3B77-82C8-01219C3950BF}\InprocServer32 -> C:\WINDOWS\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3331112126-1740026331-2912461648-1001_Classes\CLSID\{F82A41B0-B01B-30D3-B867-BD677D42787B}\InprocServer32 -> C:\WINDOWS\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3331112126-1740026331-2912461648-1001_Classes\CLSID\{F8858444-7C47-3A00-9A53-32AF44A2653B}\InprocServer32 -> C:\WINDOWS\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3331112126-1740026331-2912461648-1001_Classes\CLSID\{F9EAD0B1-31C8-301C-9E37-66E06A983E56}\InprocServer32 -> C:\WINDOWS\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3331112126-1740026331-2912461648-1001_Classes\CLSID\{FA1925FE-E29C-3103-9056-046614EEA4B6}\InprocServer32 -> C:\WINDOWS\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3331112126-1740026331-2912461648-1001_Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Matthew\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3331112126-1740026331-2912461648-1001_Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Matthew\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3331112126-1740026331-2912461648-1001_Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Matthew\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3331112126-1740026331-2912461648-1001_Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Matthew\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3331112126-1740026331-2912461648-1001_Classes\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Matthew\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3331112126-1740026331-2912461648-1001_Classes\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Matthew\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3331112126-1740026331-2912461648-1001_Classes\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Matthew\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3331112126-1740026331-2912461648-1001_Classes\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Matthew\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3331112126-1740026331-2912461648-1001_Classes\CLSID\{FBA568B8-A8D4-36E7-BB65-9AE8AFEA8050}\InprocServer32 -> C:\WINDOWS\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3331112126-1740026331-2912461648-1001_Classes\CLSID\{FC397966-3DE1-39E0-8690-B170671067E7}\InprocServer32 -> C:\WINDOWS\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3331112126-1740026331-2912461648-1001_Classes\CLSID\{FC48E4A8-B140-3F5C-B7A2-EEA952AFBC5F}\InprocServer32 -> C:\WINDOWS\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3331112126-1740026331-2912461648-1001_Classes\CLSID\{FC4F65A1-B16B-3EA3-BC54-2E10D7ED77AD}\InprocServer32 -> C:\WINDOWS\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3331112126-1740026331-2912461648-1001_Classes\CLSID\{FC6F82BD-3EA7-3F97-B8F8-B50A18A2A845}\InprocServer32 -> C:\WINDOWS\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3331112126-1740026331-2912461648-1001_Classes\CLSID\{FD75FF76-AB6C-372A-ACFA-662A11A58E4F}\InprocServer32 -> C:\WINDOWS\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3331112126-1740026331-2912461648-1001_Classes\CLSID\{FDB48521-4E14-3EEB-9EDC-CD4FDBC25F89}\InprocServer32 -> C:\WINDOWS\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3331112126-1740026331-2912461648-1001_Classes\CLSID\{FDF3063A-4CCB-3034-AB04-8CF7D844618A}\InprocServer32 -> C:\WINDOWS\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3331112126-1740026331-2912461648-1001_Classes\CLSID\{FE31BEFC-574C-37D6-B051-F60829F5E9F2}\InprocServer32 -> C:\WINDOWS\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3331112126-1740026331-2912461648-1001_Classes\CLSID\{FED9EC69-1EC7-3157-B843-530F5B7DE565}\InprocServer32 -> C:\WINDOWS\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3331112126-1740026331-2912461648-1001_Classes\CLSID\{FEF810A0-AE09-33A3-B5F0-A4F10BBDD689}\InprocServer32 -> C:\WINDOWS\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3331112126-1740026331-2912461648-1001_Classes\CLSID\{FF5C588D-BB30-3B61-94CB-49FB0D46213E}\InprocServer32 -> C:\WINDOWS\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3331112126-1740026331-2912461648-1001_Classes\CLSID\{FF6504E8-804D-3048-BC6C-2740BC9D248D}\InprocServer32 -> C:\WINDOWS\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3331112126-1740026331-2912461648-1001_Classes\CLSID\{FFFBCD81-E703-37CC-825E-9A35F40354B0}\InprocServer32 -> C:\WINDOWS\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3331112126-1740026331-2912461648-1001_Classes\CLSID\{FFFF5A68-6BAF-3EAA-9DA1-7E07964263F7}\InprocServer32 -> C:\WINDOWS\system32\mscoree.dll (Microsoft Corporation)
 
==================== Restore Points  =========================
 
10-04-2015 18:49:29 McAfee Vulnerability Scanner
 
==================== Hosts content: ==========================
 
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 
2013-08-22 06:25 - 2014-09-20 09:33 - 00000824 ____A C:\WINDOWS\system32\Drivers\etc\hosts
 
==================== Scheduled Tasks (whitelisted) =============
 
(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)
 
Task: {0013F1D0-93EB-41B1-8D1D-EBA959611075} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2015-03-07] (Adobe Systems Incorporated)
Task: {122E0B9C-9F8C-4AE2-9035-974DD230AF52} - System32\Tasks\G2MUpdateTask-S-1-5-21-3331112126-1740026331-2912461648-1001 => C:\Users\Matthew\AppData\Local\Citrix\GoToMeeting\2539\g2mupdate.exe [2015-04-09] (Citrix Online, a division of Citrix Systems, Inc.)
Task: {190B05A8-354F-48F1-A6CA-11BD931F3280} - System32\Tasks\Microsoft_MKC_Logon_Task_itype.exe => c:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe [2014-03-19] (Microsoft Corporation)
Task: {19880BEA-ADFF-42E4-A923-7737325479F0} - System32\Tasks\OfficeSoftwareProtectionPlatform\SvcRestartTask => Sc.exe start osppsvc
Task: {19F7E4B5-6D7C-4663-8C4A-A697F273DBE5} - System32\Tasks\Run RoboForm TaskBar Icon => C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe [2015-02-21] (Siber Systems)
Task: {1B70AF80-CB4D-4F2C-AA24-91A34DF2F055} - System32\Tasks\Microsoft Office 15 Sync Maintenance for OFFICE-Matthew Office => C:\Program Files\Microsoft Office 15\Root\Office15\MsoSync.exe [2015-03-14] (Microsoft Corporation)
Task: {239670D0-87EF-4F8E-8B1C-B220E7E4A489} - System32\Tasks\Stardock Central-S-1-5-21-3331112126-1740026331-2912461648-1001 => C:\Users\Matthew\AppData\Local\Stardock\StardockCentral\Stardock Central.exe [2013-10-25] (Stardock)
Task: {2E9A83E7-03C7-4D42-AF27-D3ADD0D50978} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-03-20] (Adobe Systems Incorporated)
Task: {3AB996EB-4378-4109-9E63-4428BA48A464} - System32\Tasks\Microsoft\Windows\Setup\gwx\refreshgwxconfig => C:\Windows\system32\GWX\GWXConfigManager.exe [2015-03-23] (Microsoft Corporation)
Task: {507A30F3-679E-4ECE-8850-6CE5AC4566E2} - System32\Tasks\Microsoft_Hardware_Launch_ipoint_exe => c:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe [2014-03-19] (Microsoft Corporation)
Task: {5BC5C2B3-D7C6-4800-B09A-EA6FDDAC0743} - System32\Tasks\{5F6010C8-60E5-41f3-BF5B-C3AF5DBE12D4} => C:\ProgramData\Carbonite\Carbonite Backup\CarboniteUpgrade.exe
Task: {7432419B-CD0F-4AF4-9DB0-F09213A8AD56} - System32\Tasks\WinKit => C:\Users\Matthew\AppData\Roaming\WinKit\Updater.exe [2015-01-29] ()
Task: {7C5320EF-52F8-4870-AFAF-5E2919FEA602} - System32\Tasks\MsgUpdateCheck (4e8e012a-0fc6-4d0a-af3d-a6fd9253ccd4) => C:\SmartDraw CI\MarkedUp\tray\TrayNotifierNET35.exe [2014-06-20] (MarkedUp Inc)
Task: {7EE4E43F-B36D-43D9-9A3C-8F19A0D6E057} - System32\Tasks\DriverMgr => C:\Users\Matthew\AppData\Roaming\jellylam\rinti.exe [2014-12-09] ()
Task: {82F22262-0ACE-41CA-BFA3-0CA41E6749F7} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2015-03-13] (Piriform Ltd)
Task: {85100BF2-B00A-4BAE-B1F8-C15E050D755F} - System32\Tasks\Winsta Update => C:\Users\Matthew\AppData\Roaming\Winsta\Winsta.exe [2015-01-29] ()
Task: {9732E65B-6C18-401D-92F5-3056AE970144} - System32\Tasks\SDMsgUpdate (Local) => C:\SmartDraw CI\Messages\SDNotify.exe [2012-08-13] ()
Task: {A4DEDA15-665E-4680-ADD1-D83EE467446E} - System32\Tasks\Microsoft\Windows\Setup\gwx\refreshgwxcontent => C:\Windows\system32\GWX\GWXConfigManager.exe [2015-03-23] (Microsoft Corporation)
Task: {AA3E0E53-4F86-4FF4-A4FF-AA68966EF2C9} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {B3BDC82B-1C59-4EFB-B350-DDFD7CE5DF71} - System32\Tasks\Microsoft\Windows\Setup\gwx\launchtrayprocess => C:\Windows\system32\GWX\GWX.exe [2015-03-23] (Microsoft Corporation)
Task: {B579B8AB-710B-40CD-B0B2-75F2D31D6616} - System32\Tasks\Microsoft\Office\Office Automatic Updates => C:\Program Files\Microsoft Office 15\ClientX64\OfficeC2RClient.exe [2015-02-10] (Microsoft Corporation)
Task: {BC9CCEAF-68DB-4943-97CE-7AE846610983} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Microsoft Office 15\ClientX64\OfficeC2RClient.exe [2015-02-10] (Microsoft Corporation)
Task: {C01BEDB4-75A3-4110-AB53-889D0E7DA3B1} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-04-29] (Google Inc.)
Task: {C13110A2-B043-49EA-8275-A6C4F7DAE419} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\WINDOWS\system32\MRT.exe [2015-03-13] (Microsoft Corporation)
Task: {C371BD2B-9FA5-43DB-B657-A8E2BA61F55B} - System32\Tasks\RMSchedule => C:\Program Files (x86)\PC Tools\PC Tools Registry Mechanic\RegMech.exe [2012-08-21] (PC Tools)
Task: {C69101F1-8D05-4D75-AD2E-ECE44C30B81C} - System32\Tasks\Convertor => C:\Users\Matthew\AppData\Roaming\Convertor\Convertor.exe [2015-01-29] ()
Task: {C7B0963F-9AC7-4910-BAF8-4F270B40F127} - System32\Tasks\Microsoft\Windows\Setup\gwx\runappraiser => C:\Windows\system32\GWX\GWXConfigManager.exe [2015-03-23] (Microsoft Corporation)
Task: {C81F896E-FFC3-42A6-B005-81E90B1D1D35} - System32\Tasks\SDMsgUpdate (TE) => C:\SmartDraw CI\Messages\SDNotify.exe [2012-08-13] ()
Task: {D261CCA1-72D4-4425-931D-6E50A95FF495} - System32\Tasks\Microsoft OneDrive Auto Update Task-S-1-5-21-3331112126-1740026331-2912461648-1001 => %localappdata%\Microsoft\SkyDrive\SkyDrive.exe
Task: {D590622C-2743-40D3-B2F4-F4A6B8C947F4} - System32\Tasks\Microsoft_Hardware_Launch_itype_exe => c:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe [2014-03-19] (Microsoft Corporation)
Task: {D87235E5-99F3-46C9-80F4-84EAAAA32FEA} - System32\Tasks\Microsoft_Hardware_Launch_mousekeyboardcenter_exe => c:\Program Files\Microsoft Mouse and Keyboard Center\mousekeyboardcenter.exe [2014-03-19] (Microsoft)
Task: {F255AE4A-1536-42E0-ACC1-FEFD8645C021} - System32\Tasks\Nero\Nero Info => C:\Program Files (x86)\Common Files\Nero\Nero Info\NeroInfo.exe [2013-10-16] (Nero AG)
Task: {F37F8D17-7495-4AD4-A79C-48E128BA71AD} - System32\Tasks\RMAutoUpdate => C:\Program Files (x86)\PC Tools\PC Tools Registry Mechanic\SULauncher.exe [2012-08-21] (PC Tools)
Task: {F48579F7-F5B7-4DCD-8D9E-5273FCFE2F6F} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-04-29] (Google Inc.)
Task: {FD14D131-A19A-4161-AB5F-9A135285DC95} - System32\Tasks\Microsoft_MKC_Logon_Task_ipoint.exe => c:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe [2014-03-19] (Microsoft Corporation)
Task: C:\WINDOWS\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\WINDOWS\Tasks\G2MUpdateTask-S-1-5-21-3331112126-1740026331-2912461648-1001.job => C:\Users\Matthew\AppData\Local\Citrix\GoToMeeting\2539\g2mupdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\RMAutoUpdate.job => C:\Program Files (x86)\PC Tools\PC Tools Registry Mechanic\SULauncher.exe
Task: C:\WINDOWS\Tasks\RMSchedule.job => C:\Program Files (x86)\PC Tools\PC Tools Registry Mechanic\RegMech.exe
 
==================== Loaded Modules (whitelisted) ==============
 
2013-10-02 08:25 - 2012-10-04 19:49 - 00087152 _____ () C:\WINDOWS\System32\cpwmon64.dll
2015-01-20 23:35 - 2015-01-20 23:35 - 00085832 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
2015-01-20 23:35 - 2015-01-20 23:35 - 01346344 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
2014-05-01 12:29 - 2014-05-01 12:29 - 00098304 _____ () C:\Program Files (x86)\FileZilla FTP Client\fzshellext_64.dll
2015-03-14 09:39 - 2014-05-20 08:19 - 00105640 _____ () C:\Program Files\Microsoft Office 15\ClientX64\ApiClient.dll
2014-08-10 10:30 - 2014-08-05 18:04 - 01441792 _____ () C:\Program Files\Everything\Everything.exe
2012-09-24 01:42 - 2012-09-24 01:42 - 00222104 _____ () C:\Program Files (x86)\Nuance\Nuance Cloud Connector\WOSVSSSvr.exe
2015-03-14 09:42 - 2015-03-14 09:42 - 08898720 _____ () C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\1033\GrooveIntlResource.dll
2010-10-20 15:23 - 2010-10-20 15:23 - 08801632 _____ () C:\Program Files\Microsoft Office\Office14\1033\GrooveIntlResource.dll
2013-09-05 01:17 - 2013-09-05 01:17 - 04300456 _____ () C:\Program Files\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF
2013-10-10 14:48 - 2013-10-10 14:48 - 00063376 _____ () C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\zlib1.dll
2012-09-24 01:30 - 2012-09-24 01:30 - 00292760 _____ () C:\Program Files (x86)\Nuance\Nuance Cloud Connector\sqlite3.dll
2012-09-24 01:30 - 2012-09-24 01:30 - 00079768 _____ () C:\Program Files (x86)\Nuance\Nuance Cloud Connector\zlib125.dll
2012-09-24 01:30 - 2012-09-24 01:30 - 00016280 _____ () C:\Program Files (x86)\Nuance\Nuance Cloud Connector\WOSMui.dll
2014-06-01 02:08 - 2014-06-01 02:08 - 00035328 _____ () C:\Program Files (x86)\FileZilla FTP Client\fzshellext.dll
2014-05-24 09:41 - 2014-05-24 09:41 - 00091648 _____ () C:\Program Files (x86)\FileZilla FTP Client\libgcc_s_sjlj-1.dll
2014-05-24 09:41 - 2014-05-24 09:41 - 00892416 _____ () C:\Program Files (x86)\FileZilla FTP Client\libstdc++-6.dll
2013-09-05 01:14 - 2013-09-05 01:14 - 04300456 _____ () C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\Cultures\OFFICE.ODF
2010-10-20 15:45 - 2010-10-20 15:45 - 08801120 _____ () C:\Program Files (x86)\Microsoft Office\Office14\1033\GrooveIntlResource.dll
2014-03-19 06:18 - 2014-03-19 06:18 - 00630784 _____ () C:\Program Files (x86)\AirDroid\System.Data.SQLite.dll
2015-04-11 00:29 - 2015-04-11 00:29 - 00043008 _____ () c:\users\matthew\appdata\local\temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmp7uj0sh.dll
2015-03-04 14:45 - 2015-03-04 14:45 - 00750080 _____ () C:\Users\Matthew\AppData\Roaming\Dropbox\bin\libGLESv2.dll
2015-03-04 14:45 - 2015-03-04 14:45 - 00047616 _____ () C:\Users\Matthew\AppData\Roaming\Dropbox\bin\libEGL.dll
2015-03-04 14:45 - 2015-03-04 14:45 - 00865280 _____ () C:\Users\Matthew\AppData\Roaming\Dropbox\bin\plugins\platforms\qwindows.dll
2015-03-04 14:45 - 2015-03-04 14:45 - 00200704 _____ () C:\Users\Matthew\AppData\Roaming\Dropbox\bin\plugins\imageformats\qjpeg.dll
2014-12-19 20:01 - 2014-12-19 20:01 - 00316576 _____ () C:\Program Files\Microsoft Office 15\root\office15\AppVIsvStream32.dll
2015-04-03 13:48 - 2015-03-30 14:07 - 01174856 _____ () C:\Program Files (x86)\Google\Chrome\Application\41.0.2272.118\libglesv2.dll
2015-04-03 13:48 - 2015-03-30 14:07 - 00080200 _____ () C:\Program Files (x86)\Google\Chrome\Application\41.0.2272.118\libegl.dll
2015-04-03 13:48 - 2015-03-30 14:07 - 09279304 _____ () C:\Program Files (x86)\Google\Chrome\Application\41.0.2272.118\pdf.dll
2015-04-03 13:48 - 2015-03-30 14:07 - 14974280 _____ () C:\Program Files (x86)\Google\Chrome\Application\41.0.2272.118\PepperFlash\pepflashplayer.dll
2014-12-19 20:02 - 2014-12-19 20:03 - 00316576 _____ () C:\Program Files\Microsoft Office 15\Root\VFS\ProgramFilesCommonX86\Microsoft Shared\OFFICE15\AppVIsvStream32.dll
2015-03-23 15:36 - 2015-03-23 13:47 - 36632280 _____ () C:\Program Files (x86)\Quicken\libcef.dll
2013-09-05 01:14 - 2013-09-05 01:14 - 04300456 _____ () C:\Program Files (x86)\Common Files\Microsoft Shared\office14\Cultures\office.odf
2013-03-12 04:31 - 2013-03-12 04:31 - 00481608 _____ () C:\Program Files (x86)\Nuance\PDF Professional 8\PDFCOffice2007Addin.dll
 
==================== Alternate Data Streams (whitelisted) =========
 
(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)
 
AlternateDataStreams: C:\ProgramData\TEMP:5C321E34
AlternateDataStreams: C:\ProgramData\TEMP:A303874F
AlternateDataStreams: C:\ProgramData\TEMP:AEC0AC81
AlternateDataStreams: C:\ProgramData\TEMP:D1B5B4F1
AlternateDataStreams: C:\ProgramData\TEMP:FD9CE1F3
AlternateDataStreams: C:\Users\Matthew\SkyDrive:ms-properties
AlternateDataStreams: C:\Users\Matthew\Desktop\The Henry J. Kaiser Family Foundation.website:DESTICON_b22031b922f9f3421c12b066a3411734-253806620
AlternateDataStreams: C:\Users\Matthew\Desktop\The Henry J. Kaiser Family Foundation.website:DESTICON_b22031b922f9f3421c12b066a3411734-648642675
AlternateDataStreams: C:\Users\Matthew\Desktop\The Henry J. Kaiser Family Foundation.website:DESTICON_b22031b922f9f3421c12b066a3411734190836914
AlternateDataStreams: C:\Users\Matthew\Desktop\The Henry J. Kaiser Family Foundation.website:DESTICON_b22031b922f9f3421c12b066a341173420995289
AlternateDataStreams: C:\Users\Matthew\Desktop\The Henry J. Kaiser Family Foundation.website:DESTICON_b22031b922f9f3421c12b066a3411734973580938
AlternateDataStreams: C:\Users\Matthew\Desktop\The Henry J. Kaiser Family Foundation.website:TASKICON_0b22031b922f9f3421c12b066a3411734825525334
AlternateDataStreams: C:\Users\Matthew\Downloads\flag_burning.jpg:Q30lsldxJoudresxAaaqpcawXc
AlternateDataStreams: C:\Users\Matthew\Downloads\flag_burning.jpg:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d}
AlternateDataStreams: C:\Users\Matthew\Documents\flag_burning.jpg:Q30lsldxJoudresxAaaqpcawXc
AlternateDataStreams: C:\Users\Matthew\Documents\flag_burning.jpg:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d}
AlternateDataStreams: C:\Users\Monica\OneDrive:ms-properties
 
==================== Safe Mode (whitelisted) ===================
 
(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
 
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcpltsvc => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\McMPFSvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MCODS => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mcpltsvc => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefire => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefirek => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefirek.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfehidk => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfehidk.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfevtp => ""="Driver"
 
==================== EXE Association (whitelisted) ===============
 
(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)
 
 
==================== Other Areas ============================
 
(Currently there is no automatic fix for this section.)
 
HKU\S-1-5-21-3331112126-1740026331-2912461648-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\Matthew\AppData\Roaming\Microsoft\Windows Photo Viewer\Windows Photo Viewer Wallpaper.jpg
DNS Servers: 68.105.28.16 - 68.105.29.16
 
==================== MSCONFIG/TASK MANAGER disabled items ==
 
(Currently there is no automatic fix for this section.)
 
HKLM\...\StartupApproved\Run32: => "BingDesktop"
 
==================== Accounts: =============================
 
Administrator (S-1-5-21-3331112126-1740026331-2912461648-500 - Administrator - Disabled)
AirPrint (S-1-5-21-3331112126-1740026331-2912461648-1011 - Limited - Enabled)
Guest (S-1-5-21-3331112126-1740026331-2912461648-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-3331112126-1740026331-2912461648-1006 - Limited - Enabled)
Matthew (S-1-5-21-3331112126-1740026331-2912461648-1001 - Administrator - Enabled) => C:\Users\Matthew
Monica (S-1-5-21-3331112126-1740026331-2912461648-1004 - Limited - Enabled) => C:\Users\Monica
 
==================== Faulty Device Manager Devices =============
 
Name: Cisco AnyConnect Secure Mobility Client Virtual Miniport Adapter for Windows x64
Description: Cisco AnyConnect Secure Mobility Client Virtual Miniport Adapter for Windows x64
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Cisco Systems
Service: vpnva
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (04/11/2015 08:45:31 AM) (Source: SideBySide) (EventID: 78) (User: )
Description: Activation context generation failed for "C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17415_none_6240486fecbd8abb.manifest1".Error in manifest or policy file "C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17415_none_6240486fecbd8abb.manifest2" on line C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17415_none_6240486fecbd8abb.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17415_none_6240486fecbd8abb.manifest.
Component 2: C:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17415_none_a9ed7f470139b3c1.manifest.
 
Error: (04/11/2015 00:37:45 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 1954
 
Error: (04/11/2015 00:37:45 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 1954
 
Error: (04/11/2015 00:37:45 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second
 
 
System errors:
=============
Error: (04/11/2015 00:37:46 AM) (Source: Microsoft-Windows-HAL) (EventID: 12) (User: )
Description: The platform firmware has corrupted memory across the previous system power transition.  Please check for updated firmware for your system.
 
Error: (04/11/2015 00:33:43 AM) (Source: Service Control Manager) (EventID: 7022) (User: )
Description: The McAfee VirusScan Announcer service hung on starting.
 
Error: (04/11/2015 00:31:43 AM) (Source: Service Control Manager) (EventID: 7022) (User: )
Description: The McAfee Home Network service hung on starting.
 
Error: (04/11/2015 00:26:25 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The LogMeIn Kernel Information Provider service failed to start due to the following error: 
%%3
 
Error: (04/11/2015 00:24:40 AM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the mfevtp service.
 
Error: (04/11/2015 00:24:40 AM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the McAPExe service.
 
Error: (04/11/2015 00:24:40 AM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the ClickToRunSvc service.
 
Error: (04/11/2015 00:24:40 AM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the CarboniteService service.
 
Error: (04/11/2015 00:23:58 AM) (Source: DCOM) (EventID: 10010) (User: OFFICE)
Description: {4AA0A5C4-1B9B-4F2E-99D7-99C6AEC83474}
 
Error: (04/11/2015 00:23:58 AM) (Source: DCOM) (EventID: 10010) (User: OFFICE)
Description: {4AA0A5C4-1B9B-4F2E-99D7-99C6AEC83474}
 
 
Microsoft Office Sessions:
=========================
Error: (04/11/2015 08:45:31 AM) (Source: SideBySide) (EventID: 78) (User: )
Description: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17415_none_6240486fecbd8abb.manifestC:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17415_none_a9ed7f470139b3c1.manifestC:\Program Files (x86)\Samsung\SideSync3\SideSync3.exe
 
Error: (04/11/2015 00:37:45 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 1954
 
Error: (04/11/2015 00:37:45 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 1954
 
Error: (04/11/2015 00:37:45 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second
 
 
CodeIntegrity Errors:
===================================
  Date: 2015-02-01 11:19:23.036
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2015-02-01 11:19:16.546
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2015-02-01 10:54:01.823
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2015-02-01 10:54:01.467
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2015-02-01 10:54:01.110
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2015-02-01 10:54:00.727
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2015-02-01 10:54:00.395
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2015-02-01 10:54:00.041
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2015-02-01 10:53:58.400
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2015-02-01 10:53:58.012
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 


#4 deeprybka

deeprybka

  • Malware Response Team
  • 5,198 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:11:50 AM

Posted 12 April 2015 - 01:21 PM

Hi there,

 

warning.gif P2P warning

Going over your logs I noticed that you have µTorrent installed.

  • Avoid gaming sites, pirated software, cracking tools, keygens, and peer-to-peer (P2P) file sharing programs.
  • They are a security risk which can make your computer susceptible to a wide variety of malware infections, remote attacks, exposure of personal information, and identity theft. Many malicious worms and Trojans spread across P2P file sharing networks, gaming and underground sites.
  • Users visiting such pages may see innocuous-looking banner ads containing code which can trigger pop-up ads and malicious Flash ads that install viruses, Trojans and spyware. Ads are a target for hackers because they offer a stealthy way to distribute malware to a wide range of Internet users.
  • The best way to reduce the risk of infection is to avoid these types of web sites and not use any P2P applications.

It is pretty much certain that if you continue to use P2P programs, you will get infected again.
I would recommend that you uninstall µTorrent, however that choice is up to you.

If you wish to keep it, please do not use it until your computer is cleaned.

 

Step 1

Please download adwcleaner.png AdwCleaner (by Xplode) and save it to your Desktop.

  • Double click on AdwCleaner.exe to run the tool.
    Vista/Windows 7/8 users right-click and select "Run As Administrator"
  • Click on the Scan button.
  • After the scan has finished, click on the Clean button.
  • Press OK when asked to close all programs and follow the onscreen prompts.
  • After rebooting, a log file (that is saved in C:\AdwCleaner[S#].txt) will open automatically.
    Copy and paste the contents of that logfile in your next reply.

 

Step 2

v21logo.PNG

Please download and install Malwarebytes Anti-Malware.

  • Please open Malwarebytes Anti-Malware and update the database.
  • Click "Settings" [1] and go to "Detection and Protection" [2]
  • Make sure "Scan for Rootkits" is checked.
  • Click on Dashboard [3], then click on Scan Now [4] to start the scan.
    :exclame: If Malware or Potentially Unwanted Programs [PUPs] are found, you will receive a prompt:
    m21p.png
  • Click on "Remove Selected" [5].
  • Then click "Save Results" [6] and select
    m21p4.png

  • Return to our forum. Paste your log into your next reply and then click Finish [7].

mbamv21.gif


regards,
deeprybka
:busy:
Neminem laede, immo omnes, quantum potes, iuva. Arthur Schopenhauer
 
unite_blue.png
asap.png

#5 MolonLabeNV

MolonLabeNV
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Las Vegas, NV
  • Local time:02:50 AM

Posted 12 April 2015 - 07:24 PM

Malwarebytes Anti-Malware
www.malwarebytes.org
 
Scan Date: 4/12/2015
Scan Time: 4:43:18 PM
Logfile: 
Administrator: Yes
 
Version: 2.01.4.1018
Malware Database: v2015.04.12.04
Rootkit Database: v2015.03.31.01
License: Trial
Malware Protection: Enabled
Malicious Website Protection: Enabled
Self-protection: Disabled
 
OS: Windows 8.1
CPU: x64
File System: NTFS
User: Matthew
 
Scan Type: Threat Scan
Result: Completed
Objects Scanned: 424273
Time Elapsed: 30 min, 0 sec
 
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Enabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled
 
Processes: 0
(No malicious items detected)
 
Modules: 0
(No malicious items detected)
 
Registry Keys: 22
PUP.Optional.AdTech.A, HKLM\SOFTWARE\CLASSES\CLSID\{934B156A-3D17-3981-B78A-5C138F423AD6}, Quarantined, [8b291952652587afe09540f66d96e61a], 
PUP.Optional.AdTech.A, HKLM\SOFTWARE\CLASSES\CLSID\{934B156A-3D17-3981-B78A-5C138F423AD6}\INPROCSERVER32, Quarantined, [8b291952652587afe09540f66d96e61a], 
PUP.Optional.AdTech.A, HKLM\SOFTWARE\CLASSES\TYPELIB\{3FC2D59A-5C76-1E97-30DC-1EC6784419E5}, Quarantined, [8b291952652587afe09540f66d96e61a], 
PUP.Optional.AdTech.A, HKLM\SOFTWARE\CLASSES\INTERFACE\{63D2A451-3351-178C-7BC4-13C4D58A7652}, Quarantined, [8b291952652587afe09540f66d96e61a], 
PUP.Optional.AdTech.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{63D2A451-3351-178C-7BC4-13C4D58A7652}, Quarantined, [8b291952652587afe09540f66d96e61a], 
PUP.Optional.AdTech.A, HKLM\SOFTWARE\CLASSES\WOW6432NODE\INTERFACE\{63D2A451-3351-178C-7BC4-13C4D58A7652}, Quarantined, [8b291952652587afe09540f66d96e61a], 
PUP.Optional.AdTech.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\TYPELIB\{3FC2D59A-5C76-1E97-30DC-1EC6784419E5}, Quarantined, [8b291952652587afe09540f66d96e61a], 
PUP.Optional.AdTech.A, HKLM\SOFTWARE\CLASSES\WOW6432NODE\TYPELIB\{3FC2D59A-5C76-1E97-30DC-1EC6784419E5}, Quarantined, [8b291952652587afe09540f66d96e61a], 
PUP.Optional.AdTech.A, HKLM\SOFTWARE\CLASSES\adTech.adTech.1, Quarantined, [8b291952652587afe09540f66d96e61a], 
PUP.Optional.AdTech.A, HKLM\SOFTWARE\CLASSES\adTech.adTech, Quarantined, [8b291952652587afe09540f66d96e61a], 
PUP.Optional.AdTech.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\adTech.adTech, Quarantined, [8b291952652587afe09540f66d96e61a], 
PUP.Optional.AdTech.A, HKLM\SOFTWARE\CLASSES\WOW6432NODE\adTech.adTech, Quarantined, [8b291952652587afe09540f66d96e61a], 
PUP.Optional.AdTech.A, HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXPLORER\BROWSER HELPER OBJECTS\{934B156A-3D17-3981-B78A-5C138F423AD6}, Quarantined, [8b291952652587afe09540f66d96e61a], 
PUP.Optional.AdTech.A, HKU\S-1-5-21-3331112126-1740026331-2912461648-1001\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXPLORER\BROWSER HELPER OBJECTS\{934B156A-3D17-3981-B78A-5C138F423AD6}, Quarantined, [8b291952652587afe09540f66d96e61a], 
PUP.Optional.AdTech.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\adTech.adTech.1, Quarantined, [8b291952652587afe09540f66d96e61a], 
PUP.Optional.AdTech.A, HKLM\SOFTWARE\CLASSES\WOW6432NODE\adTech.adTech.1, Quarantined, [8b291952652587afe09540f66d96e61a], 
PUP.Optional.AdTech.A, HKU\S-1-5-21-3331112126-1740026331-2912461648-1001\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\SETTINGS\{934B156A-3D17-3981-B78A-5C138F423AD6}, Quarantined, [8b291952652587afe09540f66d96e61a], 
PUP.Optional.AdTech.A, HKU\S-1-5-21-3331112126-1740026331-2912461648-1001\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\STATS\{934B156A-3D17-3981-B78A-5C138F423AD6}, Quarantined, [8b291952652587afe09540f66d96e61a], 
PUP.Optional.Snapdo.T, HKU\S-1-5-21-3331112126-1740026331-2912461648-1001\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{006ee092-9658-4fd6-bd8e-a21a348e59f5}, Quarantined, [bef69dcee7a30432747387f0b251b749], 
PUP.Optional.Snapdo.T, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{006EE092-9658-4FD6-BD8E-A21A348E59F5}, Quarantined, [bef69dcee7a30432747387f0b251b749], 
PUP.Optional.NoVooIT.A, HKU\S-1-5-21-3331112126-1740026331-2912461648-1001\SOFTWARE\NoVooITSet, Quarantined, [387ca1caf694a294c1494e7f758edf21], 
PUP.Optional.BlockAndSurf.A, HKU\S-1-5-21-3331112126-1740026331-2912461648-1001\SOFTWARE\APPDATALOW\SOFTWARE\BlockAndSurf, Quarantined, [bff539328604da5c0d179652768d6997], 
 
Registry Values: 2
PUP.Optional.SmartBar, HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\TOOLBAR|{ae07101b-46d4-4a98-af68-0333ea26e113}, Smartbar, Quarantined, [f0c4dc8f5a30fd39e44c637f7a89fd03]
PUP.Optional.Snapdo.T, HKU\S-1-5-21-3331112126-1740026331-2912461648-1001\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES|DefaultScope, {006ee092-9658-4fd6-bd8e-a21a348e59f5}, Quarantined, [4b691556395156e09d3dedfdd330de22]
 
Registry Data: 0
(No malicious items detected)
 
Folders: 2
PUP.Optional.WinKit.A, C:\Users\Matthew\AppData\Roaming\WinKit, Quarantined, [09ab74f72664a690841d1ab3f90afc04], 
PUP.Optional.AdTech.A, C:\Users\Matthew\AppData\Roaming\pdfie, Quarantined, [4d67f576a4e6eb4bf356793b659e7888], 
 
Files: 10
PUP.Optional.WebTInst.A, C:\Windows\System32\drivers\MSFT_KERNEL_WEBTINSTMK_01009.WDF, Delete-on-Reboot, , 
PUP.Optional.AdTech.A, C:\Users\Matthew\AppData\Roaming\pdfie\PDFCONV_64.DLL, Quarantined, [8b291952652587afe09540f66d96e61a], 
PUP.Optional.AdTech.A, C:\Users\Matthew\AppData\Roaming\pdfie\PDFCONV_32.DLL, Quarantined, [8b291952652587afe09540f66d96e61a], 
PUP.Optional.Downloader, C:\Users\Matthew\AppData\Roaming\jellylam\rinti.exe, Quarantined, [61535e0dd8b2f4426add33306c995fa1], 
PUP.Optional.Winsta.A, C:\Users\Matthew\AppData\Roaming\Winsta\Winsta.exe, Quarantined, [60549dcecac048eeaca9e8e3996a41bf], 
PUP.Optional.WinKit.A, C:\Users\Matthew\AppData\Roaming\WinKit\tosty.dat, Quarantined, [09ab74f72664a690841d1ab3f90afc04], 
PUP.Optional.WinKit.A, C:\Users\Matthew\AppData\Roaming\WinKit\Updater.exe, Quarantined, [09ab74f72664a690841d1ab3f90afc04], 
PUP.Optional.Spigot.A, C:\Users\Matthew\AppData\Roaming\Mozilla\Firefox\Profiles\o1g57lby.default\searchplugins\yahoo_ff.xml, Quarantined, [3f75105b5634d363a32a6668b84b37c9], 
PUP.Optional.Spigot.A, C:\Users\Matthew\AppData\Roaming\Mozilla\Firefox\Profiles\o1g57lby.default\prefs.js, Good: (), Bad: (user_pref("keyword.URL", "http://search.yahoo.com/search?fr=greentree_ff1&ei=utf-8&ilc=12&type=903578&p=");), Replaced,[5163bcaf157596a0b884c07daf577789]
PUP.Optional.Spigot.A, C:\Users\Matthew\AppData\Roaming\Mozilla\Firefox\Profiles\o1g57lby.default\prefs.js, Good: (), Bad: (user_pref("browser.startup.homepage", "http://search.yahoo.com/?type=903578&fr=spigot-yhp-ff");), Replaced,[aa0ab8b3f09a04321ec04df245c1fe02]
 
Physical Sectors: 0
(No malicious items detected)
 
 
(end)


#6 deeprybka

deeprybka

  • Malware Response Team
  • 5,198 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:11:50 AM

Posted 13 April 2015 - 02:47 AM

What about step 1? :)
regards,
deeprybka
:busy:
Neminem laede, immo omnes, quantum potes, iuva. Arthur Schopenhauer
 
unite_blue.png
asap.png

#7 MolonLabeNV

MolonLabeNV
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Las Vegas, NV
  • Local time:02:50 AM

Posted 13 April 2015 - 02:56 PM

# AdwCleaner v4.201 - Logfile created 13/04/2015 at 12:45:28
# Updated 08/04/2015 by Xplode
# Database : 2015-04-08.1 [Server]
# Operating system : Windows 8.1  (x64)
# Username : Matthew - OFFICE
# Running from : C:\Users\Matthew\Downloads\AV Malware\adwcleaner_4.201.exe
# Option : Cleaning
 
***** [ Services ] *****
 
 
***** [ Files / Folders ] *****
 
Folder Deleted : C:\Program Files (x86)\Convertor
Folder Deleted : C:\Program Files (x86)\Winsta
Folder Deleted : C:\Users\Matthew\AppData\Roaming\Convertor
Folder Deleted : C:\Users\Matthew\AppData\Roaming\Winsta
File Deleted : C:\Users\Matthew\AppData\Roaming\Mozilla\Firefox\Profiles\o1g57lby.default\user.js
 
***** [ Scheduled tasks ] *****
 
Task Deleted : Convertor
Task Deleted : WinKit
Task Deleted : Winsta Update
 
***** [ Shortcuts ] *****
 
 
***** [ Registry ] *****
 
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{AE07101B-46D4-4A98-AF68-0333EA26E113}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{AE07101B-46D4-4A98-AF68-0333EA26E113}
Key Deleted : HKCU\Software\Softonic
Key Deleted : HKCU\Software\AppDataLow\Software\adawarebp
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\649A52D257CA5DB4EAAE8BA9EB23E467
Data Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings [ProxyOverride] - *.local;localhost
 
***** [ Web browsers ] *****
 
-\\ Internet Explorer v11.0.9600.17416
 
 
-\\ Mozilla Firefox v
 
 
-\\ Google Chrome v41.0.2272.118
 
[C:\Users\Matthew\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences] - Deleted [Default_Search_Provider_Data] : 
 
*************************
 
AdwCleaner[R0].txt - [22423 bytes] - [13/04/2015 12:35:50]
AdwCleaner[S0].txt - [1738 bytes] - [13/04/2015 12:45:28]
 
########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [1797  bytes] ##########


#8 deeprybka

deeprybka

  • Malware Response Team
  • 5,198 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:11:50 AM

Posted 13 April 2015 - 02:57 PM

OK, please re-run FRST now.

Step 1

frst.pngfrstscan.png

Start FRST with administator privileges.
  • Make sure the following option is checked: addition.png
  • Press the Scan button.
  • When finished, FRST will produce two logs (FRST.txt and Addition.txt) in the same directory the tool was run from.
    Please copy and paste these logs in your next reply.

regards,
deeprybka
:busy:
Neminem laede, immo omnes, quantum potes, iuva. Arthur Schopenhauer
 
unite_blue.png
asap.png

#9 MolonLabeNV

MolonLabeNV
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Las Vegas, NV
  • Local time:02:50 AM

Posted 13 April 2015 - 03:04 PM

FRST.txt log
 
 
LastRegBack: 2013-11-22 13:12
 
==================== End Of Log ============================

Addition.txt

 
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 13-04-2015
Ran by Matthew at 2015-04-13 13:00:37
Running from C:\Users\Matthew\Downloads\AV Malware
Boot Mode: Normal
==========================================================
 
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
AV: McAfee Anti-Virus and Anti-Spyware (Enabled - Up to date) {ADA629C7-7F48-5689-624A-3B76997E0892}
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: McAfee Anti-Virus and Anti-Spyware (Enabled - Up to date) {16C7C823-5972-5907-58FA-0004E2F9422F}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: McAfee Firewall (Enabled) {959DA8E2-3527-57D1-4915-924367AD4FE9}
 
==================== Installed Programs ======================
 
(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
µTorrent (HKU\S-1-5-21-3331112126-1740026331-2912461648-1001\...\uTorrent) (Version: 3.4.2.39710 - BitTorrent Inc.)
7-Zip 9.20 (HKLM-x32\...\{23170F69-40C1-2701-0920-000001000000}) (Version: 9.20.00.0 - Igor Pavlov)
7-Zip 9.20 (x64 edition) (HKLM\...\{23170F69-40C1-2702-0920-000001000000}) (Version: 9.20.00.0 - Igor Pavlov)
Adobe Acrobat Reader DC (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}) (Version: 15.007.20033 - Adobe Systems Incorporated)
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 15.0.0.258 - Adobe Systems Incorporated)
Adobe Flash Player 17 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 17.0.0.134 - Adobe Systems Incorporated)
AirDroid 3.0.4.0 (HKLM-x32\...\AirDroid) (Version: 3.0.4.0 - Sand Studio)
AMD Catalyst Install Manager (HKLM\...\{A70B905D-2E57-66A0-3BFE-66B8E71E0C70}) (Version: 8.0.877.0 - Advanced Micro Devices, Inc.)
AnyMeeting Plug-in (HKLM-x32\...\{CC322A28-34BF-47F3-B2F0-69DBFC46A9F3}) (Version: 2.1.0 - AnyMeeting, Inc.)
Apple Application Support (32-bit) (HKLM-x32\...\{AFA1153A-F547-409B-B837-3A0D6C5A3FEC}) (Version: 3.1.3 - Apple Inc.)
Apple Application Support (64-bit) (HKLM\...\{0DF7096B-715A-4233-8633-C7A16ED6D616}) (Version: 3.1.2 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{C4123106-B685-48E6-B9BD-E4F911841EB4}) (Version: 8.1.1.3 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
Artisteer 4 (HKLM-x32\...\Artisteer 4) (Version: 4.1 - Extensoft)
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
Carbonite (HKLM-x32\...\Carbonite Backup) (Version: 5.5.5 build 4151  (Jun-27-2014) - Carbonite)
CCleaner (HKLM\...\CCleaner) (Version: 5.04 - Piriform)
Cisco AnyConnect Secure Mobility Client  (HKLM-x32\...\Cisco AnyConnect Secure Mobility Client) (Version: 3.1.04072 - Cisco Systems, Inc.)
Cisco AnyConnect Secure Mobility Client (x32 Version: 3.1.04072 - Cisco Systems, Inc.) Hidden
Cisco WebEx Meetings (HKU\S-1-5-21-3331112126-1740026331-2912461648-1001\...\ActiveTouchMeetingClient) (Version:  - Cisco WebEx LLC)
Citrix Online Launcher (HKLM-x32\...\{77463C86-BB3A-426E-A6C2-06B4D28C250F}) (Version: 1.0.223 - Citrix)
CoffeeCup Visual Site Designer 7.0 (HKLM-x32\...\CoffeeCup Visual Site Designer 7.0) (Version: 7.0 - CoffeeCup Software, Inc.)
CoolSign Content Creator (HKLM-x32\...\{4705061E-7A8B-48DE-A72F-8022B5894156}) (Version: 13.2 - Bally Technologies)
CoolSign Manager (HKLM-x32\...\{4CCD4A37-C0AD-4CD8-BC55-27F11C74D283}) (Version: 13.2 - Bally Technologies)
CutePDF Writer 3.0 (HKLM\...\CutePDF Writer Installation) (Version:  3.0 - CutePDF.com)
Dropbox (HKU\S-1-5-21-3331112126-1740026331-2912461648-1001\...\Dropbox) (Version: 3.4.3 - Dropbox, Inc.)
Elecard MPEG-2 Decoder Pack G4 (HKLM-x32\...\Elecard MPEG-2 Decoder Pack G4 1.3.1.91211) (Version: 1.3.1.91211 - Elecard)
Everything 1.2.1.371 (HKLM-x32\...\Everything) (Version:  - )
Everything 1.3.4.686 (x64) (HKLM\...\Everything) (Version:  - )
Fences 2 (HKLM-x32\...\Fences 22.01) (Version: 2.01 - Stardock Corporation)
FileZilla Client 3.8.1 (HKLM-x32\...\FileZilla Client) (Version: 3.8.1 - Tim Kosse)
GDR 4033 for SQL Server 2008 R2 (KB2977320) (64-bit) (HKLM\...\KB2977320) (Version: 10.52.4033.0 - Microsoft Corporation)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 41.0.2272.118 - Google Inc.)
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.26.9 - Google Inc.) Hidden
GoToMeeting 7.1.7.2539 (HKU\S-1-5-21-3331112126-1740026331-2912461648-1001\...\GoToMeeting) (Version: 7.1.7.2539 - CitrixOnline)
Hijacker Removal Tool (HKLM-x32\...\Hijacker Removal Tool_is1) (Version: 1.0 - Security Stronghold)
IP Video System Design Tool 8 v.8.0.0.1081 (HKLM-x32\...\IP Video System Design Tool 8_is1) (Version:  - www.jvsg.com)
iSEEK AnswerWorks English Runtime (HKLM-x32\...\{18A8E78B-9EF2-496E-B310-BCD8E4C1DAB3}) (Version: 010.000.0101 - Vantage Linguistics)
iTunes (HKLM\...\{5D239A92-31A4-4FCA-967D-F9EA8E1FDF6A}) (Version: 12.1.2.27 - Apple Inc.)
iTunes (HKLM\...\{B8BA155B-1E75-405F-9CB4-8A99615D09DC}) (Version: 11.1.5.5 - Apple Inc.)
Java 8 Update 31 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218031F0}) (Version: 8.0.310 - Oracle Corporation)
Java 8 Update 40 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218040F0}) (Version: 8.0.400 - Oracle Corporation)
Kodi (HKU\S-1-5-21-3331112126-1740026331-2912461648-1001\...\Kodi) (Version:  - XBMC-Foundation)
Malwarebytes Anti-Malware version 2.1.4.1018 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.1.4.1018 - Malwarebytes Corporation)
McAfee SecurityCenter (HKLM-x32\...\MSC) (Version: 12.8.992 - McAfee, Inc.)
McAfee SiteAdvisor (HKLM-x32\...\{35ED3F83-4BDC-4c44-8EC6-6A8301C7413A}) (Version: 3.7.194 - McAfee, Inc.)
McAfee Virtual Technician (HKLM-x32\...\McAfee Virtual Technician) (Version: 7.6.0.202 - McAfee, Inc.)
Microsoft Lync 2010 Attendee (HKLM-x32\...\{6F72D695-5188-4484-B21E-E16CD89C4008}) (Version: 4.0.7577.4391 - Microsoft Corporation)
Microsoft Lync Web App Plug-in (HKLM\...\{D8228565-6CD7-40EF-B2EA-C7C95183EDEB}) (Version: 15.8.8308.577 - Microsoft Corporation)
Microsoft Mouse and Keyboard Center (HKLM\...\Microsoft Mouse and Keyboard Center) (Version: 2.3.188.0 - Microsoft Corporation)
Microsoft Office Professional Plus 2010 (HKLM-x32\...\Office14.PROPLUSR) (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-3331112126-1740026331-2912461648-1001\...\OneDriveSetup.exe) (Version: 17.3.1171.0714 - Microsoft Corporation)
Microsoft OneNote 2013 - en-us (HKLM\...\OneNoteFreeRetail - en-us) (Version: 15.0.4701.1002 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft SQL Server 2008 R2 (64-bit) (HKLM\...\Microsoft SQL Server 2008 R2) (Version:  - Microsoft Corporation)
Microsoft SQL Server 2008 R2 Native Client (HKLM\...\{E8F7904A-4780-4F3F-B153-21BE32857120}) (Version: 10.52.4033.0 - Microsoft Corporation)
Microsoft SQL Server 2008 R2 Setup (English) (HKLM\...\{1D4A3734-9328-440F-960C-42B4CE481EB4}) (Version: 10.52.4033.0 - Microsoft Corporation)
Microsoft SQL Server 2008 Setup Support Files  (HKLM\...\{B40EE88B-400A-4266-A17B-E3DE64E94431}) (Version: 10.1.2731.0 - Microsoft Corporation)
Microsoft SQL Server Browser (HKLM-x32\...\{BF9BF038-FE03-429D-9B26-2FA0FD756052}) (Version: 10.52.4000.0 - Microsoft Corporation)
Microsoft SQL Server VSS Writer (HKLM\...\{288D79EE-A2D1-42AF-9597-B0ADCC23A8ED}) (Version: 10.52.4000.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4048 (HKLM\...\{91415F19-4C22-3609-A105-92ED3522D83C}) (Version: 9.0.30729.4048 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (HKLM-x32\...\{887868A2-D6DE-3255-AA92-AA0B5A59B874}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4048 (HKLM-x32\...\{5B1F2843-B379-3FF2-B0D3-64DD143ED53A}) (Version: 9.0.30729.4048 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.51106 (HKLM-x32\...\{8e70e4e1-06d7-470b-9f74-a51bef21088e}) (Version: 11.0.51106.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005 (HKLM-x32\...\{ce085a78-074e-4823-8dc1-8a721b94b76d}) (Version: 12.0.21005.1 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)
Microsoft_VC90_CRT_x86 (HKLM-x32\...\{DF2035BE-5820-4965-BD97-7FAF8D4A7879}) (Version: 1.0.0 - Microsoft Corporation)
MindManager X5 Pro (HKLM-x32\...\{B702FCEF-5875-491C-B50C-A4B457617EC6}) (Version: 5.2.344 - Mindjet LLC)
MSXML 4.0 SP3 Parser (HKLM-x32\...\{196467F1-C11F-4F76-858B-5812ADC83B94}) (Version: 4.30.2100.0 - Microsoft Corporation)
Nero 2014 (HKLM-x32\...\{F384C1E1-3A16-4073-95C3-7271FE0ED4C2}) (Version: 15.0.02200 - Nero AG)
Nero 2014 Content Pack (HKLM-x32\...\{204A26F0-01B8-4656-8607-5CCEDE820BC2}) (Version: 15.0.00200 - Nero AG)
Nero Prerequisite Installer 1.0 (HKLM-x32\...\{011E92F1-AF76-4983-8707-79F8F1956439}) (Version: 11.0.11500 - Nero AG)
Nuance Cloud Connector (HKLM-x32\...\{33D3472C-CC4D-4FC5-95FB-2615C6B5E4F3}) (Version: 3.2.960 - Nuance Communications, Inc.)
Nuance OmniPage Ultimate (HKLM-x32\...\{419512F9-D5E7-4ED2-BF99-E7F2C0176B6A}) (Version: 19.00.0000 - Nuance Communications, Inc.)
Nuance PaperPort 14 (HKLM-x32\...\{D0328ED7-EE97-48A0-80EB-693AED5D76AB}) (Version: 14.2.0000 - Nuance Communications, Inc.)
Nuance PDF Converter Professional 8 (HKLM\...\{4131723B-BF21-4372-AFFD-82F31C31E50A}) (Version: 8.10.6267 - Nuance Communications, Inc.)
Nuance PDF Converter Professional 8 (HKLM-x32\...\{4131723B-BF21-4372-AFFD-82F31C31E50A}) (Version: 8.10.6267 - Nuance Communications, Inc.)
Nuance PDF Converter Professional 8 Update x64 (HKLM\...\{45AE5880-34A1-4575-92A6-11D0DC182F24}) (Version: 8.11.0000 - Nuance Communications, Inc.)
Office 15 Click-to-Run Extensibility Component (x32 Version: 15.0.4701.1002 - Microsoft Corporation) Hidden
Office 15 Click-to-Run Licensing Component (Version: 15.0.4701.1002 - Microsoft Corporation) Hidden
Office 15 Click-to-Run Localization Component (x32 Version: 15.0.4693.1002 - Microsoft Corporation) Hidden
PaperPort Image Printer 64-bit (HKLM\...\{715CAACC-579B-4831-A5F4-A83A8DE3EFE2}) (Version: 14.00.0001 - Nuance Communications, Inc.)
PC Tools Registry Mechanic 11.1 (HKLM-x32\...\Registry Mechanic_is1) (Version: 11.1 - PC Tools)
PDF-XChange 3.0 (HKLM-x32\...\PDF-XChange 3_is1) (Version:  - Tracker Software)
Prerequisite installer (x32 Version: 15.0.0005 - Nero AG) Hidden
Protection Portfolio 1.0 (HKLM-x32\...\Protection Portfolio) (Version: 1.0 - Suze Orman Media, Inc.)
Quicken 2013 (HKLM-x32\...\{034DD4BB-F0D6-4ECF-B064-8E39E3EF7076}) (Version: 22.1.12.7 - Intuit)
Quicken 2015 (HKLM-x32\...\{00C2D443-43D9-4550-ABEA-318288E23E57}) (Version: 24.1.5.11 - Intuit)
RoboForm 7-9-12-2 (All Users) (HKLM-x32\...\AI RoboForm) (Version: 7-9-12-2 - Siber Systems)
Samsung SideSync 3.0 (HKLM-x32\...\Samsung SideSync) (Version: 3.0.2.546 - Samsung Electronics Co., Ltd.)
SAMSUNG USB Driver for Mobile Phones (HKLM\...\{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}) (Version: 1.5.44.0 - SAMSUNG Electronics Co., Ltd.)
Scansoft PDF Professional (x32 Version:  - ) Hidden
SeaTools for Windows (HKLM-x32\...\SeaTools for Windows) (Version:  - Seagate Technology)
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM-x32\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{DE28B448-32E8-4E8F-84F0-A52B21A49B5B}) (Version:  - Microsoft)
Service Pack 2 for SQL Server 2008 R2 (KB2630458) (64-bit) (HKLM\...\KB2630458) (Version: 10.52.4000.0 - Microsoft Corporation)
Shared C Run-time for x64 (HKLM\...\{EF79C448-6946-4D71-8134-03407888C054}) (Version: 10.0.0 - McAfee)
Sidekick Outlook plugin (HKLM-x32\...\{7CE903D9-5DC8-432C-AF74-F4053090F09B}) (Version: 1.3.0.79 - HubSpot, Inc.)
SketchUp 2013 (HKLM-x32\...\{B75BC01B-4586-43F8-9349-D250DB98F26F}) (Version: 13.0.4812 - Trimble Navigation Limited)
Skype™ 7.3 (HKLM-x32\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 7.3.101 - Skype Technologies S.A.)
SQL Server 2008 R2 SP2 Common Files (Version: 10.52.4000.0 - Microsoft Corporation) Hidden
SQL Server 2008 R2 SP2 Database Engine Services (Version: 10.52.4000.0 - Microsoft Corporation) Hidden
SQL Server 2008 R2 SP2 Database Engine Shared (Version: 10.52.4000.0 - Microsoft Corporation) Hidden
Sql Server Customer Experience Improvement Program (Version: 10.50.1600.1 - Microsoft Corporation) Hidden
Stardock Central (HKU\S-1-5-21-3331112126-1740026331-2912461648-1001\...\Stardock Central) (Version:  - Stardock Corporation)
Stardock Decor8 (HKLM-x32\...\Stardock Decor8) (Version: 1.07 - Stardock Software, Inc.)
Stardock Fences 2 (HKLM-x32\...\Stardock Fences 2) (Version: 2.13 - Stardock Software, Inc.)
Stardock ModernMix (HKLM-x32\...\Stardock ModernMix) (Version: 1.20 - Stardock Software, Inc.)
Stardock Start8 (HKLM-x32\...\Stardock Start8) (Version: 1.45 - Stardock Software, Inc.)
SUPER © v2014.build.63+Recorder (2014/11/27) version v2014.buil (HKLM-x32\...\{8E2A19E2-96BF-8659-4DA7-5C06C90719A4}_is1) (Version: v2014.build.63+Recorder - eRightSoft)
SUPER © v2015.build.64+Recorder (2015/02/13) version v2015.buil (HKLM-x32\...\{8E2A29E2-96BF-8759-4DA7-5C16C90729A4}_is1) (Version: v2015.build.64+Recorder - eRightSoft)
TeamViewer 10 (HKLM-x32\...\TeamViewer) (Version: 10.0.40798 - TeamViewer)
ToutApp (HKU\S-1-5-21-3331112126-1740026331-2912461648-1001\...\fd238403fa467654) (Version: 5.1.5.0 - ToutApp, Inc.)
UltraVnc (HKLM\...\Ultravnc2_is1) (Version: 1.1.9.3 - uvnc bvba)
VLC media player (HKLM-x32\...\VLC media player) (Version: 2.2.0 - VideoLAN)
VTech Download Agent Library (x32 Version: 1.00.0000 - VTech) Hidden
Xerox Phaser 6180MFP Scanner Driver (HKLM-x32\...\{1C0DF253-53CA-41CA-B2A3-FC53EE13947D}) (Version: 1.2.1.0 - Xerox)
Xobni (HKLM-x32\...\XobniMain) (Version: 2.0.0.1 - Xobni Corp.)
Xobni Core (x32 Version: 1.0.0 - Xobni, Inc.) Hidden
XtremeFit Pro Plus (HKLM-x32\...\com.workoutsoft.xtremefitproplus.9F6DDB401BEA4FBA2DBE02CCDEF8E2D58FFF169A.1) (Version: 1.1.908 - WorkoutSoft, LLC)
XtremeFit Pro Plus (x32 Version: 1.1.908 - WorkoutSoft, LLC) Hidden
Zune (HKLM\...\Zune) (Version: 04.08.2345.00 - Microsoft Corporation)
 
==================== Custom CLSID (selected items): ==========================
 
(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)
 
CustomCLSID: HKU\S-1-5-21-3331112126-1740026331-2912461648-1001_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Users\Matthew\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3331112126-1740026331-2912461648-1001_Classes\CLSID\{00796370-DFAC-3B9D-B8D1-157389236F91}\InprocServer32 -> C:\WINDOWS\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3331112126-1740026331-2912461648-1001_Classes\CLSID\{01C261A6-CC6D-3F9E-B3EF-04EDD6C40EE0}\InprocServer32 -> C:\WINDOWS\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3331112126-1740026331-2912461648-1001_Classes\CLSID\{0530929A-0A62-386D-AA7E-3D375B825100}\InprocServer32 -> C:\WINDOWS\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3331112126-1740026331-2912461648-1001_Classes\CLSID\{056FCB85-0C0D-3907-9E07-46802745D616}\InprocServer32 -> C:\WINDOWS\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3331112126-1740026331-2912461648-1001_Classes\CLSID\{07247C81-27F1-31AC-B316-FA0A4ED338F9}\InprocServer32 -> C:\WINDOWS\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3331112126-1740026331-2912461648-1001_Classes\CLSID\{0C3B3EE4-29F8-382B-970A-5BA636167615}\InprocServer32 -> C:\WINDOWS\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3331112126-1740026331-2912461648-1001_Classes\CLSID\{0CFDA0A5-6755-367F-AE99-6F0F913CC1A0}\InprocServer32 -> C:\WINDOWS\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3331112126-1740026331-2912461648-1001_Classes\CLSID\{0DDBE06B-DF27-3260-80D3-A8BB5431E789}\InprocServer32 -> C:\WINDOWS\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3331112126-1740026331-2912461648-1001_Classes\CLSID\{1199976B-CCD5-3FC6-8165-BA1D0716D07E}\InprocServer32 -> C:\WINDOWS\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3331112126-1740026331-2912461648-1001_Classes\CLSID\{11D73BAC-E53E-3653-9632-67D7ED2AD255}\InprocServer32 -> C:\WINDOWS\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3331112126-1740026331-2912461648-1001_Classes\CLSID\{11D8AFE1-8CD6-3E99-A970-9C4AAC675460}\InprocServer32 -> C:\WINDOWS\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3331112126-1740026331-2912461648-1001_Classes\CLSID\{14ABABCF-5799-385B-86D1-0EE769BD9BB6}\InprocServer32 -> C:\WINDOWS\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3331112126-1740026331-2912461648-1001_Classes\CLSID\{177E9383-0779-34E7-B2D8-DB4C748A5127}\InprocServer32 -> C:\WINDOWS\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3331112126-1740026331-2912461648-1001_Classes\CLSID\{18B9AF94-CF39-3622-921E-A99E2A8ED049}\InprocServer32 -> C:\WINDOWS\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3331112126-1740026331-2912461648-1001_Classes\CLSID\{18F860D6-6C9A-3594-AE3D-7C44B418E338}\InprocServer32 -> C:\WINDOWS\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3331112126-1740026331-2912461648-1001_Classes\CLSID\{1908511F-ADE2-338C-A737-0A6081A90FAA}\InprocServer32 -> C:\WINDOWS\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3331112126-1740026331-2912461648-1001_Classes\CLSID\{192BBB1E-9192-3D63-A686-E3F8A1618C78}\InprocServer32 -> C:\WINDOWS\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3331112126-1740026331-2912461648-1001_Classes\CLSID\{1948260E-6116-36AB-A075-176EE321A1EC}\InprocServer32 -> C:\WINDOWS\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3331112126-1740026331-2912461648-1001_Classes\CLSID\{19B81BC4-6FF3-3383-BA81-24B2ACFDBB6C}\InprocServer32 -> C:\WINDOWS\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3331112126-1740026331-2912461648-1001_Classes\CLSID\{1AFE4CC2-E903-3438-903C-83E935BF9B74}\InprocServer32 -> C:\WINDOWS\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3331112126-1740026331-2912461648-1001_Classes\CLSID\{1B62625C-690B-3DD8-B8EC-8393F19A3558}\InprocServer32 -> C:\WINDOWS\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3331112126-1740026331-2912461648-1001_Classes\CLSID\{1C10F804-5C99-3982-AD9A-AFD2A48AFE95}\InprocServer32 -> C:\WINDOWS\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3331112126-1740026331-2912461648-1001_Classes\CLSID\{1D099BA9-48B0-32AC-955F-DDE8004CFC9D}\InprocServer32 -> C:\WINDOWS\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3331112126-1740026331-2912461648-1001_Classes\CLSID\{1F77250E-A5C1-3D90-BFF3-B1BE65100DC4}\InprocServer32 -> C:\WINDOWS\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3331112126-1740026331-2912461648-1001_Classes\CLSID\{214FDC65-4DD2-3D69-977A-ABD893FD8AC5}\InprocServer32 -> C:\WINDOWS\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3331112126-1740026331-2912461648-1001_Classes\CLSID\{21BF5B26-8CA5-3C02-9856-6C2CDD9CFAF0}\InprocServer32 -> C:\WINDOWS\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3331112126-1740026331-2912461648-1001_Classes\CLSID\{25449F88-9822-3D3C-8CD3-C79999A53F7B}\InprocServer32 -> C:\WINDOWS\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3331112126-1740026331-2912461648-1001_Classes\CLSID\{259E7804-547A-39C1-8DF2-B2CEAF878C63}\InprocServer32 -> C:\WINDOWS\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3331112126-1740026331-2912461648-1001_Classes\CLSID\{273E4150-F979-3412-B5B1-0456A2A18AF2}\InprocServer32 -> C:\WINDOWS\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3331112126-1740026331-2912461648-1001_Classes\CLSID\{29A6E216-B130-3852-9CA4-84E06AC57790}\InprocServer32 -> C:\WINDOWS\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3331112126-1740026331-2912461648-1001_Classes\CLSID\{2B179C00-E3F4-3D48-9888-E706137DA30B}\InprocServer32 -> C:\WINDOWS\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3331112126-1740026331-2912461648-1001_Classes\CLSID\{2B601383-7DF4-3F5A-914B-57A9F2E289B2}\InprocServer32 -> C:\WINDOWS\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3331112126-1740026331-2912461648-1001_Classes\CLSID\{2EBCA724-FB96-368F-9A91-23FA837BD935}\InprocServer32 -> C:\WINDOWS\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3331112126-1740026331-2912461648-1001_Classes\CLSID\{2ED09861-1A21-3DC1-A17A-9F5FCB72C9DB}\InprocServer32 -> C:\WINDOWS\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3331112126-1740026331-2912461648-1001_Classes\CLSID\{2EF63CD2-7A67-37E3-939D-2010D7CBD53A}\InprocServer32 -> C:\WINDOWS\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3331112126-1740026331-2912461648-1001_Classes\CLSID\{2F5EC8F4-29F7-382E-8DF4-B2E43E767FD4}\InprocServer32 -> C:\WINDOWS\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3331112126-1740026331-2912461648-1001_Classes\CLSID\{2FB8AF9B-B82D-33F7-8C8B-CF9DC3EFCAD8}\InprocServer32 -> C:\WINDOWS\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3331112126-1740026331-2912461648-1001_Classes\CLSID\{2FFF5FB9-FF6D-3FB7-95E4-73E76B134C81}\InprocServer32 -> C:\WINDOWS\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3331112126-1740026331-2912461648-1001_Classes\CLSID\{32EC42DB-5D79-3CAA-A24E-16FD8724C907}\InprocServer32 -> C:\WINDOWS\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3331112126-1740026331-2912461648-1001_Classes\CLSID\{35CD179A-6AA1-3456-94EB-958D73F48803}\InprocServer32 -> C:\WINDOWS\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3331112126-1740026331-2912461648-1001_Classes\CLSID\{368935C0-BE13-3D8C-A031-30E023619090}\InprocServer32 -> C:\WINDOWS\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3331112126-1740026331-2912461648-1001_Classes\CLSID\{3730BDEE-BAA9-3EA8-8896-5DAF43080A83}\InprocServer32 -> C:\WINDOWS\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3331112126-1740026331-2912461648-1001_Classes\CLSID\{3991E80E-5FB4-326B-9216-722C3D13148F}\InprocServer32 -> C:\WINDOWS\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3331112126-1740026331-2912461648-1001_Classes\CLSID\{3A20609D-0687-359B-ADC8-08A311689537}\InprocServer32 -> C:\WINDOWS\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3331112126-1740026331-2912461648-1001_Classes\CLSID\{3AD681E7-BC19-308B-9AD4-433AA95B8FFA}\InprocServer32 -> C:\WINDOWS\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3331112126-1740026331-2912461648-1001_Classes\CLSID\{3B5C625D-4AC0-3946-B82D-8D991EA660ED}\InprocServer32 -> C:\WINDOWS\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3331112126-1740026331-2912461648-1001_Classes\CLSID\{3C264564-9F4D-3E27-AC8E-73AAE5A92693}\InprocServer32 -> C:\WINDOWS\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3331112126-1740026331-2912461648-1001_Classes\CLSID\{3D1D7B16-DBCF-329C-B864-CEFD77D9B8D8}\InprocServer32 -> C:\WINDOWS\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3331112126-1740026331-2912461648-1001_Classes\CLSID\{3D9C9F05-2AF1-356C-AD9A-4F91E63018C1}\InprocServer32 -> C:\WINDOWS\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3331112126-1740026331-2912461648-1001_Classes\CLSID\{3F8286BA-265A-35CA-9C0E-9E3E50DE5E9C}\InprocServer32 -> C:\WINDOWS\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3331112126-1740026331-2912461648-1001_Classes\CLSID\{405DFCF5-AF5B-38EA-8850-E9F5B7A116DB}\InprocServer32 -> C:\WINDOWS\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3331112126-1740026331-2912461648-1001_Classes\CLSID\{40C8F80B-2306-3964-BF01-D8E415C3F6F3}\InprocServer32 -> C:\WINDOWS\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3331112126-1740026331-2912461648-1001_Classes\CLSID\{44DAEC41-40D0-341B-8EC6-2BF312D07D40}\InprocServer32 -> C:\WINDOWS\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3331112126-1740026331-2912461648-1001_Classes\CLSID\{47F986A9-B4C0-3DFF-8949-C430AEE509D1}\InprocServer32 -> C:\WINDOWS\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3331112126-1740026331-2912461648-1001_Classes\CLSID\{49B6FE7A-D768-3FBD-B5C7-96EAC7C377FB}\InprocServer32 -> C:\WINDOWS\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3331112126-1740026331-2912461648-1001_Classes\CLSID\{4D1DCBA9-0811-3722-B3A2-8C5ADB94FB4A}\InprocServer32 -> C:\WINDOWS\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3331112126-1740026331-2912461648-1001_Classes\CLSID\{4D665116-F095-3B6B-9939-BA043EACD231}\InprocServer32 -> C:\WINDOWS\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3331112126-1740026331-2912461648-1001_Classes\CLSID\{52937E2A-62D9-3661-9C2B-8036353661CA}\InprocServer32 -> C:\WINDOWS\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3331112126-1740026331-2912461648-1001_Classes\CLSID\{52E7A379-F0BF-3E64-86F9-E66B203A7C25}\InprocServer32 -> C:\WINDOWS\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3331112126-1740026331-2912461648-1001_Classes\CLSID\{542DFDA6-99E6-3009-94EC-E583068EA1C8}\InprocServer32 -> C:\WINDOWS\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3331112126-1740026331-2912461648-1001_Classes\CLSID\{543391AA-E359-4EAA-8386-B36DFCA19A7C}\InprocServer32 -> C:\Users\Matthew\AppData\Local\Apps\2.0\BOWV98H2.JO7\Z6B6534T.TDK\toutapp_4be7ebe30a39a08e_0005.0001_bed387ebb894f9c3\adxloader64.dll ()
CustomCLSID: HKU\S-1-5-21-3331112126-1740026331-2912461648-1001_Classes\CLSID\{55DDA14F-4F2C-3A8F-A0FB-646196484E89}\InprocServer32 -> C:\WINDOWS\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3331112126-1740026331-2912461648-1001_Classes\CLSID\{57FF9900-88E0-3527-A580-72EB0F6072D6}\InprocServer32 -> C:\WINDOWS\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3331112126-1740026331-2912461648-1001_Classes\CLSID\{5811883A-1657-3FC1-92CA-62B38C3E4AC4}\InprocServer32 -> C:\WINDOWS\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3331112126-1740026331-2912461648-1001_Classes\CLSID\{594F4647-5284-31EC-9210-EC591534412D}\InprocServer32 -> C:\WINDOWS\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3331112126-1740026331-2912461648-1001_Classes\CLSID\{5B9377CF-F3A7-3DFF-9972-4C2D85537DC6}\InprocServer32 -> C:\WINDOWS\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3331112126-1740026331-2912461648-1001_Classes\CLSID\{5C2C4617-66C7-3C9C-B304-4FF2C5B6BA0E}\InprocServer32 -> C:\WINDOWS\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3331112126-1740026331-2912461648-1001_Classes\CLSID\{5D9A9700-E728-3C83-90C3-F60CD5BCAC8F}\InprocServer32 -> C:\WINDOWS\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3331112126-1740026331-2912461648-1001_Classes\CLSID\{5EC94159-7CC7-3ABA-BDC5-9B961CD79A7B}\InprocServer32 -> C:\WINDOWS\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3331112126-1740026331-2912461648-1001_Classes\CLSID\{60149060-2F4E-357C-B35D-AB87482C829E}\InprocServer32 -> C:\WINDOWS\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3331112126-1740026331-2912461648-1001_Classes\CLSID\{6036C585-C023-36C5-B400-D45C824487C6}\InprocServer32 -> C:\WINDOWS\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3331112126-1740026331-2912461648-1001_Classes\CLSID\{606C6514-B0B6-3C0A-AA1F-473C9A2A95F2}\InprocServer32 -> C:\WINDOWS\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3331112126-1740026331-2912461648-1001_Classes\CLSID\{61C00D36-6957-36AE-94E3-362849F1046E}\InprocServer32 -> C:\WINDOWS\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3331112126-1740026331-2912461648-1001_Classes\CLSID\{61F77F2E-2948-3FD0-B1CF-F8AA0CAF0FAC}\InprocServer32 -> C:\WINDOWS\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3331112126-1740026331-2912461648-1001_Classes\CLSID\{6275150A-C24A-3EAB-9055-E2D36F1EDF3E}\InprocServer32 -> C:\WINDOWS\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3331112126-1740026331-2912461648-1001_Classes\CLSID\{639B66AE-71EC-372D-9D4B-26DDA410A440}\InprocServer32 -> C:\WINDOWS\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3331112126-1740026331-2912461648-1001_Classes\CLSID\{64025645-6DB1-34C7-A81D-4519DCAA35DF}\InprocServer32 -> C:\WINDOWS\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3331112126-1740026331-2912461648-1001_Classes\CLSID\{64AE23C2-6DA9-30DE-850E-5DE8AF887C5E}\InprocServer32 -> C:\WINDOWS\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3331112126-1740026331-2912461648-1001_Classes\CLSID\{650A8841-4E27-31B1-AB74-17B9944AE216}\InprocServer32 -> C:\WINDOWS\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3331112126-1740026331-2912461648-1001_Classes\CLSID\{6576AE5A-8157-3E10-9D29-AC9524DB09A1}\InprocServer32 -> C:\WINDOWS\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3331112126-1740026331-2912461648-1001_Classes\CLSID\{67A5405C-2A17-32BE-AA7E-0B518A8510EB}\InprocServer32 -> C:\WINDOWS\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3331112126-1740026331-2912461648-1001_Classes\CLSID\{69F11048-9F7D-330B-81BB-5DCADB8F34BA}\InprocServer32 -> C:\WINDOWS\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3331112126-1740026331-2912461648-1001_Classes\CLSID\{6A486739-FA77-3FBE-9ED6-16CB158611A5}\InprocServer32 -> C:\WINDOWS\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3331112126-1740026331-2912461648-1001_Classes\CLSID\{6CD082D9-E680-3113-8971-DBC985026F47}\InprocServer32 -> C:\WINDOWS\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3331112126-1740026331-2912461648-1001_Classes\CLSID\{6E0F675A-1455-3F6A-8862-6460B9472303}\InprocServer32 -> C:\WINDOWS\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3331112126-1740026331-2912461648-1001_Classes\CLSID\{75E6E66D-E81C-3F55-BE19-31C0CF24C9F0}\InprocServer32 -> C:\WINDOWS\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3331112126-1740026331-2912461648-1001_Classes\CLSID\{7A3C450E-56BE-3380-B0E3-2B4BA3D75978}\InprocServer32 -> C:\WINDOWS\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3331112126-1740026331-2912461648-1001_Classes\CLSID\{7B3209CD-09AE-30AE-AD08-36B0FBC68069}\InprocServer32 -> C:\WINDOWS\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3331112126-1740026331-2912461648-1001_Classes\CLSID\{7D52B8F3-4EE6-36AE-BAA4-8AD49D18EB53}\InprocServer32 -> C:\WINDOWS\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3331112126-1740026331-2912461648-1001_Classes\CLSID\{80A3675E-DF05-33CD-8DCE-F18AD5C2A436}\InprocServer32 -> C:\WINDOWS\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3331112126-1740026331-2912461648-1001_Classes\CLSID\{84B5A313-CD5D-4904-8BA2-AFDC81C1B309}\InprocServer32 -> C:\Users\Matthew\AppData\Local\Citrix\GoToMeeting\1865\G2MOutlookAddin64.dll (Citrix Online, a division of Citrix Systems, Inc.)
CustomCLSID: HKU\S-1-5-21-3331112126-1740026331-2912461648-1001_Classes\CLSID\{86AEB387-199E-3488-875F-2460590A8D28}\InprocServer32 -> C:\WINDOWS\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3331112126-1740026331-2912461648-1001_Classes\CLSID\{8B82C66F-D589-38C9-B8F7-10773124928E}\InprocServer32 -> C:\WINDOWS\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3331112126-1740026331-2912461648-1001_Classes\CLSID\{8B9C3696-A9B2-3FAB-A7C3-2134E3D9DB39}\InprocServer32 -> C:\WINDOWS\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3331112126-1740026331-2912461648-1001_Classes\CLSID\{8CA5210E-E8C7-30D5-B9D0-C52F79BA2AEC}\InprocServer32 -> C:\WINDOWS\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3331112126-1740026331-2912461648-1001_Classes\CLSID\{8CCE51C0-D1D6-321B-A08F-E778E16198DF}\InprocServer32 -> C:\WINDOWS\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3331112126-1740026331-2912461648-1001_Classes\CLSID\{8DB9F797-18DA-334D-A91D-4D0CB0AA87D6}\InprocServer32 -> C:\WINDOWS\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3331112126-1740026331-2912461648-1001_Classes\CLSID\{92D9DD82-6D8E-34D3-8C9F-4137292F0932}\InprocServer32 -> C:\WINDOWS\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3331112126-1740026331-2912461648-1001_Classes\CLSID\{939E7932-1449-315A-86A6-B5288D0E7A4C}\InprocServer32 -> C:\WINDOWS\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3331112126-1740026331-2912461648-1001_Classes\CLSID\{94168EF2-7638-3790-92B8-242A13D47263}\InprocServer32 -> C:\WINDOWS\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3331112126-1740026331-2912461648-1001_Classes\CLSID\{9493DD85-D951-34C0-A01D-5293C58DDCBA}\InprocServer32 -> C:\WINDOWS\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3331112126-1740026331-2912461648-1001_Classes\CLSID\{9601F788-32E0-4513-998A-4C5346228657}\InprocServer32 -> C:\Users\Matthew\AppData\Roaming\Sidekick\adxloader64.dll ()
CustomCLSID: HKU\S-1-5-21-3331112126-1740026331-2912461648-1001_Classes\CLSID\{96943547-BBA4-3494-94A2-28F767634EBE}\InprocServer32 -> C:\WINDOWS\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3331112126-1740026331-2912461648-1001_Classes\CLSID\{96A00C5D-81C7-31BE-A800-902D54A8C978}\InprocServer32 -> C:\WINDOWS\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3331112126-1740026331-2912461648-1001_Classes\CLSID\{96E90871-D0C3-3CBD-BF40-45E2471A5485}\InprocServer32 -> C:\WINDOWS\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3331112126-1740026331-2912461648-1001_Classes\CLSID\{98214CDD-A131-3495-9DCE-F5A1A0965A7B}\InprocServer32 -> C:\WINDOWS\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3331112126-1740026331-2912461648-1001_Classes\CLSID\{983C6590-CBFD-3F41-8BEB-9AE8C3F1A888}\InprocServer32 -> C:\WINDOWS\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3331112126-1740026331-2912461648-1001_Classes\CLSID\{99684244-1349-396C-B976-4F0DD51D3F24}\InprocServer32 -> C:\WINDOWS\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3331112126-1740026331-2912461648-1001_Classes\CLSID\{9CF9A7C7-1260-358D-A280-198C93B76F01}\InprocServer32 -> C:\WINDOWS\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3331112126-1740026331-2912461648-1001_Classes\CLSID\{9D1829FF-1F3D-3D3A-83F3-1E3810FD388A}\InprocServer32 -> C:\WINDOWS\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3331112126-1740026331-2912461648-1001_Classes\CLSID\{9FEE440E-F4CA-345B-B1EA-F367226854AA}\InprocServer32 -> C:\WINDOWS\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3331112126-1740026331-2912461648-1001_Classes\CLSID\{A0160984-A728-3D91-BB9F-B0860C6C6841}\InprocServer32 -> C:\WINDOWS\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3331112126-1740026331-2912461648-1001_Classes\CLSID\{A1C5F652-47C9-357D-AB2C-EF2DC510AA8F}\InprocServer32 -> C:\WINDOWS\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3331112126-1740026331-2912461648-1001_Classes\CLSID\{A2EE011B-3AFE-3816-B687-6D032C875CEA}\InprocServer32 -> C:\WINDOWS\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3331112126-1740026331-2912461648-1001_Classes\CLSID\{A46F295E-777A-30D9-B719-CEE5C88D8DE8}\InprocServer32 -> C:\WINDOWS\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3331112126-1740026331-2912461648-1001_Classes\CLSID\{A60A744F-28A9-32E2-ABEC-3EDA85A8171C}\InprocServer32 -> C:\WINDOWS\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3331112126-1740026331-2912461648-1001_Classes\CLSID\{A654F4D2-EDE6-3BB8-AA27-3E9BBD86FF84}\InprocServer32 -> C:\WINDOWS\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3331112126-1740026331-2912461648-1001_Classes\CLSID\{A67EF337-D6B0-3AA4-9A14-EA6116526671}\InprocServer32 -> C:\WINDOWS\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3331112126-1740026331-2912461648-1001_Classes\CLSID\{A6903307-8015-3552-94A7-D25731F4B5A0}\InprocServer32 -> C:\WINDOWS\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3331112126-1740026331-2912461648-1001_Classes\CLSID\{A826C840-7D4E-307A-98C3-B64FC3F7A497}\InprocServer32 -> C:\WINDOWS\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3331112126-1740026331-2912461648-1001_Classes\CLSID\{A83D42FD-1A5E-3738-A8DC-DBFB6A933FF2}\InprocServer32 -> C:\WINDOWS\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3331112126-1740026331-2912461648-1001_Classes\CLSID\{AA51DE18-64AB-3DEB-AE09-809025A89436}\InprocServer32 -> C:\WINDOWS\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3331112126-1740026331-2912461648-1001_Classes\CLSID\{AB38A790-ADA7-3072-9369-E9F23BE7BBF8}\InprocServer32 -> C:\WINDOWS\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3331112126-1740026331-2912461648-1001_Classes\CLSID\{ACA4A18D-40CB-3DD9-808D-599A270ED174}\InprocServer32 -> C:\WINDOWS\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3331112126-1740026331-2912461648-1001_Classes\CLSID\{AD209664-2DF1-3EA0-A3AC-7C81CFC7ABFE}\InprocServer32 -> C:\WINDOWS\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3331112126-1740026331-2912461648-1001_Classes\CLSID\{AD4F3B39-2E75-3249-BE8F-FF763BC127D3}\InprocServer32 -> C:\WINDOWS\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3331112126-1740026331-2912461648-1001_Classes\CLSID\{AEFC5837-B643-3A53-B00D-98F030ED2FD2}\InprocServer32 -> C:\WINDOWS\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3331112126-1740026331-2912461648-1001_Classes\CLSID\{AF6484F1-18DF-36BD-BC55-B9F50341C43A}\InprocServer32 -> C:\WINDOWS\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3331112126-1740026331-2912461648-1001_Classes\CLSID\{B2BBBBB1-FA45-357A-A8F2-60F9AD081CF1}\InprocServer32 -> C:\WINDOWS\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3331112126-1740026331-2912461648-1001_Classes\CLSID\{B46F7B4C-FE37-3A49-8798-3A0AE89B9E5D}\InprocServer32 -> C:\WINDOWS\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3331112126-1740026331-2912461648-1001_Classes\CLSID\{B471D131-AB92-3DAD-9525-C3C434EB8689}\InprocServer32 -> C:\WINDOWS\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3331112126-1740026331-2912461648-1001_Classes\CLSID\{B520F843-130C-3BA4-B99A-07F7829DA3B1}\InprocServer32 -> C:\WINDOWS\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3331112126-1740026331-2912461648-1001_Classes\CLSID\{B5BA239F-AAA1-3E9E-A22F-98DFAEB7EDF0}\InprocServer32 -> C:\WINDOWS\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3331112126-1740026331-2912461648-1001_Classes\CLSID\{B72C5929-112F-3543-B8D4-1D4D0EC8111E}\InprocServer32 -> C:\WINDOWS\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3331112126-1740026331-2912461648-1001_Classes\CLSID\{B8A71631-A7F5-3133-BEE3-24AFABDD1ECE}\InprocServer32 -> C:\WINDOWS\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3331112126-1740026331-2912461648-1001_Classes\CLSID\{BF0B86A4-BA3A-3A91-B4B6-A5028246DE9F}\InprocServer32 -> C:\WINDOWS\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3331112126-1740026331-2912461648-1001_Classes\CLSID\{C1116516-74BA-3D79-91FB-A7986A8FB97A}\InprocServer32 -> C:\WINDOWS\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3331112126-1740026331-2912461648-1001_Classes\CLSID\{C113CC47-6EEA-3535-A562-87EE8F937104}\InprocServer32 -> C:\WINDOWS\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3331112126-1740026331-2912461648-1001_Classes\CLSID\{C5CEC094-1285-3FB9-8E9D-938534A8181C}\InprocServer32 -> C:\WINDOWS\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3331112126-1740026331-2912461648-1001_Classes\CLSID\{C5F7B5BB-C070-3891-8FB7-CD81E2188ECF}\InprocServer32 -> C:\WINDOWS\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3331112126-1740026331-2912461648-1001_Classes\CLSID\{C6AD888D-D9D6-3A79-9C54-382BBA2D3BCB}\InprocServer32 -> C:\WINDOWS\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3331112126-1740026331-2912461648-1001_Classes\CLSID\{C74D4480-801E-3632-B789-FBD8FA8109C7}\InprocServer32 -> C:\WINDOWS\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3331112126-1740026331-2912461648-1001_Classes\CLSID\{D06FC0CC-BD6E-3CC3-B381-390AA96A9CF8}\InprocServer32 -> C:\WINDOWS\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3331112126-1740026331-2912461648-1001_Classes\CLSID\{D0A6BBDE-AC5D-38DB-A881-265CD8222D74}\InprocServer32 -> C:\WINDOWS\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3331112126-1740026331-2912461648-1001_Classes\CLSID\{D4485613-816F-30FC-9393-475780F822F6}\InprocServer32 -> C:\WINDOWS\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3331112126-1740026331-2912461648-1001_Classes\CLSID\{D51DC0C3-B6F5-37A9-99B0-42AACE700EEF}\InprocServer32 -> C:\WINDOWS\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3331112126-1740026331-2912461648-1001_Classes\CLSID\{D567CE72-2628-3557-8180-14C3E54A316B}\InprocServer32 -> C:\WINDOWS\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3331112126-1740026331-2912461648-1001_Classes\CLSID\{D5EB0447-CD03-33D1-BA56-BD8AA8481420}\InprocServer32 -> C:\WINDOWS\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3331112126-1740026331-2912461648-1001_Classes\CLSID\{D6CB7456-0FFF-3D1F-AD0C-250CB03D2B43}\InprocServer32 -> C:\WINDOWS\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3331112126-1740026331-2912461648-1001_Classes\CLSID\{D6FC576C-C1AA-3257-B94F-2CFA9B8D6A46}\InprocServer32 -> C:\WINDOWS\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3331112126-1740026331-2912461648-1001_Classes\CLSID\{DB80E8A5-74DE-3F44-BAEC-B3E06D7DC193}\InprocServer32 -> C:\WINDOWS\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3331112126-1740026331-2912461648-1001_Classes\CLSID\{DC66EB6D-5A96-3634-A0BA-0E73DEFF8865}\InprocServer32 -> C:\WINDOWS\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3331112126-1740026331-2912461648-1001_Classes\CLSID\{DC79B200-75D3-3BF2-9E34-DA326A76E008}\InprocServer32 -> C:\WINDOWS\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3331112126-1740026331-2912461648-1001_Classes\CLSID\{DF10688D-BC17-33F5-ABF6-DC219D39051E}\InprocServer32 -> C:\WINDOWS\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3331112126-1740026331-2912461648-1001_Classes\CLSID\{E01CA8F5-F0BA-342D-AD02-C830D4C47BA3}\InprocServer32 -> C:\WINDOWS\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3331112126-1740026331-2912461648-1001_Classes\CLSID\{E33C1B0D-C5C1-3D95-A47E-A3F8CD6DF4B3}\InprocServer32 -> C:\WINDOWS\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3331112126-1740026331-2912461648-1001_Classes\CLSID\{E6EC7A34-FCD5-3A7E-963C-1130F8422108}\InprocServer32 -> C:\WINDOWS\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3331112126-1740026331-2912461648-1001_Classes\CLSID\{E94573A8-CD58-386E-B997-DC7275572FAE}\InprocServer32 -> C:\WINDOWS\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3331112126-1740026331-2912461648-1001_Classes\CLSID\{EB1A5207-6B0D-32BA-9E04-403179646E4F}\InprocServer32 -> C:\WINDOWS\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3331112126-1740026331-2912461648-1001_Classes\CLSID\{EB8EAFCD-FD51-3BB7-ABD3-CC162315699D}\InprocServer32 -> C:\WINDOWS\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3331112126-1740026331-2912461648-1001_Classes\CLSID\{EC0F3F2F-49C9-3DC7-A5F6-7D89EFB8FB80}\InprocServer32 -> C:\WINDOWS\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3331112126-1740026331-2912461648-1001_Classes\CLSID\{ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C}\InprocServer32 -> C:\Users\Matthew\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3331112126-1740026331-2912461648-1001_Classes\CLSID\{EE06E3AB-EEF0-3561-A173-AD8B2C431E54}\InprocServer32 -> C:\WINDOWS\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3331112126-1740026331-2912461648-1001_Classes\CLSID\{EF278401-FFD7-3E33-9A6A-BBF5433C5553}\InprocServer32 -> C:\WINDOWS\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3331112126-1740026331-2912461648-1001_Classes\CLSID\{EF2DC0DA-0B52-3D8A-9F69-43786A96BD93}\InprocServer32 -> C:\WINDOWS\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3331112126-1740026331-2912461648-1001_Classes\CLSID\{EF656A5C-D963-3325-9689-B8DF762F39E1}\InprocServer32 -> C:\WINDOWS\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3331112126-1740026331-2912461648-1001_Classes\CLSID\{F13258B8-4E7A-3A60-A315-82168A074E4B}\InprocServer32 -> C:\WINDOWS\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3331112126-1740026331-2912461648-1001_Classes\CLSID\{F3108C88-72AE-335F-9520-C8FB7900D4C9}\InprocServer32 -> C:\WINDOWS\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3331112126-1740026331-2912461648-1001_Classes\CLSID\{F3425581-E164-38B0-B9B3-2A742A809A31}\InprocServer32 -> C:\WINDOWS\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3331112126-1740026331-2912461648-1001_Classes\CLSID\{F3CBA9E9-9E8A-3F00-B6EE-B4E810EE9A64}\InprocServer32 -> C:\WINDOWS\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3331112126-1740026331-2912461648-1001_Classes\CLSID\{F4CA6B26-5137-31F6-ABB4-F09F390894EE}\InprocServer32 -> C:\WINDOWS\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3331112126-1740026331-2912461648-1001_Classes\CLSID\{F8071786-1FD0-4A66-81A1-3CBE29274458}\InprocServer32 -> C:\Users\Matthew\AppData\Local\Microsoft\SkyDrive\17.3.1171.0714_1\amd64\FileSyncApi64.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3331112126-1740026331-2912461648-1001_Classes\CLSID\{F82A41B0-B01B-30D3-B867-BD677D42787B}\InprocServer32 -> C:\WINDOWS\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3331112126-1740026331-2912461648-1001_Classes\CLSID\{FA1925FE-E29C-3103-9056-046614EEA4B6}\InprocServer32 -> C:\WINDOWS\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3331112126-1740026331-2912461648-1001_Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Matthew\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3331112126-1740026331-2912461648-1001_Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Matthew\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3331112126-1740026331-2912461648-1001_Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Matthew\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3331112126-1740026331-2912461648-1001_Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Matthew\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3331112126-1740026331-2912461648-1001_Classes\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Matthew\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3331112126-1740026331-2912461648-1001_Classes\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Matthew\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3331112126-1740026331-2912461648-1001_Classes\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Matthew\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3331112126-1740026331-2912461648-1001_Classes\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Matthew\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3331112126-1740026331-2912461648-1001_Classes\CLSID\{FC48E4A8-B140-3F5C-B7A2-EEA952AFBC5F}\InprocServer32 -> C:\WINDOWS\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3331112126-1740026331-2912461648-1001_Classes\CLSID\{FC4F65A1-B16B-3EA3-BC54-2E10D7ED77AD}\InprocServer32 -> C:\WINDOWS\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3331112126-1740026331-2912461648-1001_Classes\CLSID\{FC6F82BD-3EA7-3F97-B8F8-B50A18A2A845}\InprocServer32 -> C:\WINDOWS\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3331112126-1740026331-2912461648-1001_Classes\CLSID\{FDB48521-4E14-3EEB-9EDC-CD4FDBC25F89}\InprocServer32 -> C:\WINDOWS\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3331112126-1740026331-2912461648-1001_Classes\CLSID\{FDF3063A-4CCB-3034-AB04-8CF7D844618A}\InprocServer32 -> C:\WINDOWS\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3331112126-1740026331-2912461648-1001_Classes\CLSID\{FE31BEFC-574C-37D6-B051-F60829F5E9F2}\InprocServer32 -> C:\WINDOWS\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3331112126-1740026331-2912461648-1001_Classes\CLSID\{FEF810A0-AE09-33A3-B5F0-A4F10BBDD689}\InprocServer32 -> C:\WINDOWS\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3331112126-1740026331-2912461648-1001_Classes\CLSID\{FF5C588D-BB30-3B61-94CB-49FB0D46213E}\InprocServer32 -> C:\WINDOWS\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3331112126-1740026331-2912461648-1001_Classes\CLSID\{FF6504E8-804D-3048-BC6C-2740BC9D248D}\InprocServer32 -> C:\WINDOWS\system32\mscoree.dll (Microsoft Corporation)
 
==================== Restore Points  =========================
 
 
==================== Hosts content: ==========================
 
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 
2013-08-22 06:25 - 2014-09-20 09:33 - 00000824 ____A C:\WINDOWS\system32\Drivers\etc\hosts
 
==================== Scheduled Tasks (whitelisted) =============
 
(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)
 
Task: {0013F1D0-93EB-41B1-8D1D-EBA959611075} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2015-03-07] (Adobe Systems Incorporated)
Task: {122E0B9C-9F8C-4AE2-9035-974DD230AF52} - System32\Tasks\G2MUpdateTask-S-1-5-21-3331112126-1740026331-2912461648-1001 => C:\Users\Matthew\AppData\Local\Citrix\GoToMeeting\2539\g2mupdate.exe [2015-04-09] (Citrix Online, a division of Citrix Systems, Inc.)
Task: {190B05A8-354F-48F1-A6CA-11BD931F3280} - System32\Tasks\Microsoft_MKC_Logon_Task_itype.exe => c:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe [2014-03-19] (Microsoft Corporation)
Task: {19880BEA-ADFF-42E4-A923-7737325479F0} - System32\Tasks\OfficeSoftwareProtectionPlatform\SvcRestartTask => Sc.exe start osppsvc
Task: {19F7E4B5-6D7C-4663-8C4A-A697F273DBE5} - System32\Tasks\Run RoboForm TaskBar Icon => C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe [2015-02-21] (Siber Systems)
Task: {1B70AF80-CB4D-4F2C-AA24-91A34DF2F055} - System32\Tasks\Microsoft Office 15 Sync Maintenance for OFFICE-Matthew Office => C:\Program Files\Microsoft Office 15\Root\Office15\MsoSync.exe [2015-03-14] (Microsoft Corporation)
Task: {239670D0-87EF-4F8E-8B1C-B220E7E4A489} - System32\Tasks\Stardock Central-S-1-5-21-3331112126-1740026331-2912461648-1001 => C:\Users\Matthew\AppData\Local\Stardock\StardockCentral\Stardock Central.exe [2013-10-25] (Stardock)
Task: {2E9A83E7-03C7-4D42-AF27-D3ADD0D50978} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-03-20] (Adobe Systems Incorporated)
Task: {3AB996EB-4378-4109-9E63-4428BA48A464} - System32\Tasks\Microsoft\Windows\Setup\gwx\refreshgwxconfig => C:\Windows\system32\GWX\GWXConfigManager.exe [2015-03-23] (Microsoft Corporation)
Task: {507A30F3-679E-4ECE-8850-6CE5AC4566E2} - System32\Tasks\Microsoft_Hardware_Launch_ipoint_exe => c:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe [2014-03-19] (Microsoft Corporation)
Task: {5BC5C2B3-D7C6-4800-B09A-EA6FDDAC0743} - System32\Tasks\{5F6010C8-60E5-41f3-BF5B-C3AF5DBE12D4} => C:\ProgramData\Carbonite\Carbonite Backup\CarboniteUpgrade.exe
Task: {7C5320EF-52F8-4870-AFAF-5E2919FEA602} - System32\Tasks\MsgUpdateCheck (4e8e012a-0fc6-4d0a-af3d-a6fd9253ccd4) => C:\SmartDraw CI\MarkedUp\tray\TrayNotifierNET35.exe [2014-06-20] (MarkedUp Inc)
Task: {7EE4E43F-B36D-43D9-9A3C-8F19A0D6E057} - System32\Tasks\DriverMgr => C:\Users\Matthew\AppData\Roaming\jellylam\rinti.exe
Task: {82F22262-0ACE-41CA-BFA3-0CA41E6749F7} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2015-03-13] (Piriform Ltd)
Task: {9732E65B-6C18-401D-92F5-3056AE970144} - System32\Tasks\SDMsgUpdate (Local) => C:\SmartDraw CI\Messages\SDNotify.exe [2012-08-13] ()
Task: {A4DEDA15-665E-4680-ADD1-D83EE467446E} - System32\Tasks\Microsoft\Windows\Setup\gwx\refreshgwxcontent => C:\Windows\system32\GWX\GWXConfigManager.exe [2015-03-23] (Microsoft Corporation)
Task: {AA3E0E53-4F86-4FF4-A4FF-AA68966EF2C9} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {B3BDC82B-1C59-4EFB-B350-DDFD7CE5DF71} - System32\Tasks\Microsoft\Windows\Setup\gwx\launchtrayprocess => C:\Windows\system32\GWX\GWX.exe [2015-03-23] (Microsoft Corporation)
Task: {B579B8AB-710B-40CD-B0B2-75F2D31D6616} - System32\Tasks\Microsoft\Office\Office Automatic Updates => C:\Program Files\Microsoft Office 15\ClientX64\OfficeC2RClient.exe [2015-02-10] (Microsoft Corporation)
Task: {BC9CCEAF-68DB-4943-97CE-7AE846610983} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Microsoft Office 15\ClientX64\OfficeC2RClient.exe [2015-02-10] (Microsoft Corporation)
Task: {C01BEDB4-75A3-4110-AB53-889D0E7DA3B1} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-04-29] (Google Inc.)
Task: {C13110A2-B043-49EA-8275-A6C4F7DAE419} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\WINDOWS\system32\MRT.exe [2015-03-13] (Microsoft Corporation)
Task: {C7B0963F-9AC7-4910-BAF8-4F270B40F127} - System32\Tasks\Microsoft\Windows\Setup\gwx\runappraiser => C:\Windows\system32\GWX\GWXConfigManager.exe [2015-03-23] (Microsoft Corporation)
Task: {C81F896E-FFC3-42A6-B005-81E90B1D1D35} - System32\Tasks\SDMsgUpdate (TE) => C:\SmartDraw CI\Messages\SDNotify.exe [2012-08-13] ()
Task: {D261CCA1-72D4-4425-931D-6E50A95FF495} - System32\Tasks\Microsoft OneDrive Auto Update Task-S-1-5-21-3331112126-1740026331-2912461648-1001 => %localappdata%\Microsoft\SkyDrive\SkyDrive.exe
Task: {D590622C-2743-40D3-B2F4-F4A6B8C947F4} - System32\Tasks\Microsoft_Hardware_Launch_itype_exe => c:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe [2014-03-19] (Microsoft Corporation)
Task: {D87235E5-99F3-46C9-80F4-84EAAAA32FEA} - System32\Tasks\Microsoft_Hardware_Launch_mousekeyboardcenter_exe => c:\Program Files\Microsoft Mouse and Keyboard Center\mousekeyboardcenter.exe [2014-03-19] (Microsoft)
Task: {F255AE4A-1536-42E0-ACC1-FEFD8645C021} - System32\Tasks\Nero\Nero Info => C:\Program Files (x86)\Common Files\Nero\Nero Info\NeroInfo.exe [2013-10-16] (Nero AG)
Task: {F37F8D17-7495-4AD4-A79C-48E128BA71AD} - System32\Tasks\RMAutoUpdate => C:\Program Files (x86)\PC Tools\PC Tools Registry Mechanic\SULauncher.exe [2012-08-21] (PC Tools)
Task: {F48579F7-F5B7-4DCD-8D9E-5273FCFE2F6F} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-04-29] (Google Inc.)
Task: {FD14D131-A19A-4161-AB5F-9A135285DC95} - System32\Tasks\Microsoft_MKC_Logon_Task_ipoint.exe => c:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe [2014-03-19] (Microsoft Corporation)
Task: C:\WINDOWS\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\WINDOWS\Tasks\G2MUpdateTask-S-1-5-21-3331112126-1740026331-2912461648-1001.job => C:\Users\Matthew\AppData\Local\Citrix\GoToMeeting\2539\g2mupdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\RMAutoUpdate.job => C:\Program Files (x86)\PC Tools\PC Tools Registry Mechanic\SULauncher.exe
 
==================== Loaded Modules (whitelisted) ==============
 
2013-10-02 08:25 - 2012-10-04 19:49 - 00087152 _____ () C:\WINDOWS\System32\cpwmon64.dll
2015-01-20 23:35 - 2015-01-20 23:35 - 00085832 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
2015-01-20 23:35 - 2015-01-20 23:35 - 01346344 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
2014-05-01 12:29 - 2014-05-01 12:29 - 00098304 _____ () C:\Program Files (x86)\FileZilla FTP Client\fzshellext_64.dll
2015-03-14 09:39 - 2014-05-20 08:19 - 00105640 _____ () C:\Program Files\Microsoft Office 15\ClientX64\ApiClient.dll
2014-08-10 10:30 - 2014-08-05 18:04 - 01441792 _____ () C:\Program Files\Everything\Everything.exe
2012-09-24 01:42 - 2012-09-24 01:42 - 00222104 _____ () C:\Program Files (x86)\Nuance\Nuance Cloud Connector\WOSVSSSvr.exe
2015-03-14 09:42 - 2015-03-14 09:42 - 08898720 _____ () C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\1033\GrooveIntlResource.dll
2013-09-05 01:17 - 2013-09-05 01:17 - 04300456 _____ () C:\Program Files\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF
2010-10-20 15:23 - 2010-10-20 15:23 - 08801632 _____ () C:\Program Files\Microsoft Office\Office14\1033\GrooveIntlResource.dll
2013-10-10 14:48 - 2013-10-10 14:48 - 00063376 _____ () C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\zlib1.dll
2012-09-24 01:30 - 2012-09-24 01:30 - 00292760 _____ () C:\Program Files (x86)\Nuance\Nuance Cloud Connector\sqlite3.dll
2012-09-24 01:30 - 2012-09-24 01:30 - 00079768 _____ () C:\Program Files (x86)\Nuance\Nuance Cloud Connector\zlib125.dll
2012-09-24 01:30 - 2012-09-24 01:30 - 00016280 _____ () C:\Program Files (x86)\Nuance\Nuance Cloud Connector\WOSMui.dll
2013-09-05 01:14 - 2013-09-05 01:14 - 04300456 _____ () C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\Cultures\OFFICE.ODF
2010-10-20 15:45 - 2010-10-20 15:45 - 08801120 _____ () C:\Program Files (x86)\Microsoft Office\Office14\1033\GrooveIntlResource.dll
2014-06-01 02:08 - 2014-06-01 02:08 - 00035328 _____ () C:\Program Files (x86)\FileZilla FTP Client\fzshellext.dll
2014-05-24 09:41 - 2014-05-24 09:41 - 00091648 _____ () C:\Program Files (x86)\FileZilla FTP Client\libgcc_s_sjlj-1.dll
2014-05-24 09:41 - 2014-05-24 09:41 - 00892416 _____ () C:\Program Files (x86)\FileZilla FTP Client\libstdc++-6.dll
2014-03-19 06:18 - 2014-03-19 06:18 - 00630784 _____ () C:\Program Files (x86)\AirDroid\System.Data.SQLite.dll
2015-04-13 12:50 - 2015-04-13 12:50 - 00043008 _____ () c:\users\matthew\appdata\local\temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpfqvwza.dll
2015-03-04 14:45 - 2015-03-04 14:45 - 00750080 _____ () C:\Users\Matthew\AppData\Roaming\Dropbox\bin\libGLESv2.dll
2015-03-04 14:45 - 2015-03-04 14:45 - 00047616 _____ () C:\Users\Matthew\AppData\Roaming\Dropbox\bin\libEGL.dll
2015-03-04 14:45 - 2015-03-04 14:45 - 00865280 _____ () C:\Users\Matthew\AppData\Roaming\Dropbox\bin\plugins\platforms\qwindows.dll
2015-03-04 14:45 - 2015-03-04 14:45 - 00200704 _____ () C:\Users\Matthew\AppData\Roaming\Dropbox\bin\plugins\imageformats\qjpeg.dll
2014-12-19 20:01 - 2014-12-19 20:01 - 00316576 _____ () C:\Program Files\Microsoft Office 15\root\office15\AppVIsvStream32.dll
2015-04-03 13:48 - 2015-03-30 14:07 - 01174856 _____ () C:\Program Files (x86)\Google\Chrome\Application\41.0.2272.118\libglesv2.dll
2015-04-03 13:48 - 2015-03-30 14:07 - 00080200 _____ () C:\Program Files (x86)\Google\Chrome\Application\41.0.2272.118\libegl.dll
2015-04-03 13:48 - 2015-03-30 14:07 - 09279304 _____ () C:\Program Files (x86)\Google\Chrome\Application\41.0.2272.118\pdf.dll
2014-12-19 20:02 - 2014-12-19 20:03 - 00316576 _____ () C:\Program Files\Microsoft Office 15\Root\VFS\ProgramFilesCommonX86\Microsoft Shared\OFFICE15\AppVIsvStream32.dll
2015-04-03 13:48 - 2015-03-30 14:07 - 14974280 _____ () C:\Program Files (x86)\Google\Chrome\Application\41.0.2272.118\PepperFlash\pepflashplayer.dll
2013-09-05 01:14 - 2013-09-05 01:14 - 04300456 _____ () C:\Program Files (x86)\Common Files\Microsoft Shared\office14\Cultures\office.odf
2015-04-06 15:51 - 2015-04-06 15:51 - 00593920 _____ () C:\Users\Matthew\AppData\Roaming\Sidekick\adxloader.dll
2012-10-24 00:28 - 2012-10-24 00:28 - 00623504 _____ () C:\Program Files (x86)\Common Files\ScanSoft Shared\PDF8\OutlookAddin.dll
2013-03-12 04:32 - 2013-03-12 04:32 - 00341832 _____ () C:\Program Files (x86)\Common Files\ScanSoft Shared\PDF8\MailProcessor7.dll
2014-12-18 09:04 - 2014-12-18 09:04 - 00528384 _____ () C:\Users\Matthew\AppData\Local\Apps\2.0\BOWV98H2.JO7\Z6B6534T.TDK\toutapp_4be7ebe30a39a08e_0005.0001_bed387ebb894f9c3\adxloader.dll
2013-02-14 15:46 - 2013-02-14 15:46 - 01044048 _____ () C:\Program Files (x86)\Microsoft Office\Office14\ADDINS\UmOutlookAddin.dll
2013-06-28 12:27 - 2013-06-28 12:27 - 00004608 _____ () C:\Program Files (x86)\Xobni\ManagedAggregator.dll
2013-06-28 12:30 - 2013-06-28 12:30 - 00063096 _____ () C:\Program Files (x86)\Xobni\XobniMainConnector.dll
2014-06-26 20:46 - 2014-06-26 20:46 - 00003072 _____ () C:\WINDOWS\assembly\GAC_MSIL\Extensibility\7.0.3300.0__6298d2d1fcfb5d85\Extensibility.dll
2014-06-26 20:46 - 2014-06-26 20:46 - 00405504 _____ () C:\WINDOWS\assembly\GAC_MSIL\Microsoft.Office.Interop.Outlook\11.0.0.0__6298d2d1fcfb5d85\Microsoft.Office.Interop.Outlook.dll
2014-06-26 20:46 - 2014-06-26 20:46 - 00516096 _____ () C:\WINDOWS\assembly\GAC_32\Xobni.XMapiAccessor\2.0.0.1__6298d2d1fcfb5d85\Xobni.XMapiAccessor.dll
2014-06-26 20:46 - 2013-06-28 12:00 - 00904704 _____ () C:\Program Files (x86)\Xobni\System.Data.SQLite.dll
2014-06-26 20:46 - 2014-06-26 20:46 - 00212992 _____ () C:\WINDOWS\assembly\GAC_MSIL\office\11.0.0.0__6298d2d1fcfb5d85\office.dll
2014-06-26 20:46 - 2014-06-26 20:46 - 00064512 _____ () C:\WINDOWS\assembly\GAC_MSIL\LinqBridge\1.0.0.0__c2b14eb747628076\LinqBridge.dll
2013-06-28 12:27 - 2013-06-28 12:27 - 00125440 _____ () C:\Program Files (x86)\Xobni\WindowDriver.dll
 
==================== Alternate Data Streams (whitelisted) =========
 
(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)
 
AlternateDataStreams: C:\ProgramData\TEMP:5C321E34
AlternateDataStreams: C:\ProgramData\TEMP:A303874F
AlternateDataStreams: C:\ProgramData\TEMP:AEC0AC81
AlternateDataStreams: C:\ProgramData\TEMP:D1B5B4F1
AlternateDataStreams: C:\ProgramData\TEMP:FD9CE1F3
AlternateDataStreams: C:\Users\Matthew\SkyDrive:ms-properties
AlternateDataStreams: C:\Users\Matthew\Desktop\The Henry J. Kaiser Family Foundation.website:DESTICON_b22031b922f9f3421c12b066a3411734-253806620
AlternateDataStreams: C:\Users\Matthew\Desktop\The Henry J. Kaiser Family Foundation.website:DESTICON_b22031b922f9f3421c12b066a3411734-648642675
AlternateDataStreams: C:\Users\Matthew\Desktop\The Henry J. Kaiser Family Foundation.website:DESTICON_b22031b922f9f3421c12b066a3411734190836914
AlternateDataStreams: C:\Users\Matthew\Desktop\The Henry J. Kaiser Family Foundation.website:DESTICON_b22031b922f9f3421c12b066a341173420995289
AlternateDataStreams: C:\Users\Matthew\Desktop\The Henry J. Kaiser Family Foundation.website:DESTICON_b22031b922f9f3421c12b066a3411734973580938
AlternateDataStreams: C:\Users\Matthew\Desktop\The Henry J. Kaiser Family Foundation.website:TASKICON_0b22031b922f9f3421c12b066a3411734825525334
AlternateDataStreams: C:\Users\Matthew\Downloads\flag_burning.jpg:Q30lsldxJoudresxAaaqpcawXc
AlternateDataStreams: C:\Users\Matthew\Downloads\flag_burning.jpg:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d}
AlternateDataStreams: C:\Users\Matthew\Documents\flag_burning.jpg:Q30lsldxJoudresxAaaqpcawXc
AlternateDataStreams: C:\Users\Matthew\Documents\flag_burning.jpg:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d}
AlternateDataStreams: C:\Users\Monica\OneDrive:ms-properties
 
==================== Safe Mode (whitelisted) ===================
 
(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
 
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcpltsvc => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\McMPFSvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MCODS => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mcpltsvc => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefire => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefirek => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefirek.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfehidk => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfehidk.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfevtp => ""="Driver"
 
==================== EXE Association (whitelisted) ===============
 
(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)
 
 
==================== Other Areas ============================
 
(Currently there is no automatic fix for this section.)
 
HKU\S-1-5-21-3331112126-1740026331-2912461648-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\Matthew\AppData\Roaming\Microsoft\Windows Photo Viewer\Windows Photo Viewer Wallpaper.jpg
DNS Servers: 68.105.28.16 - 68.105.29.16
 
==================== MSCONFIG/TASK MANAGER disabled items ==
 
(Currently there is no automatic fix for this section.)
 
HKLM\...\StartupApproved\Run32: => "BingDesktop"
 
==================== Accounts: =============================
 
Administrator (S-1-5-21-3331112126-1740026331-2912461648-500 - Administrator - Disabled)
AirPrint (S-1-5-21-3331112126-1740026331-2912461648-1011 - Limited - Enabled)
Guest (S-1-5-21-3331112126-1740026331-2912461648-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-3331112126-1740026331-2912461648-1006 - Limited - Enabled)
Matthew (S-1-5-21-3331112126-1740026331-2912461648-1001 - Administrator - Enabled) => C:\Users\Matthew
Monica (S-1-5-21-3331112126-1740026331-2912461648-1004 - Limited - Enabled) => C:\Users\Monica
 
==================== Faulty Device Manager Devices =============
 
Name: Cisco AnyConnect Secure Mobility Client Virtual Miniport Adapter for Windows x64
Description: Cisco AnyConnect Secure Mobility Client Virtual Miniport Adapter for Windows x64
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Cisco Systems
Service: vpnva
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (04/13/2015 00:51:05 PM) (Source: SideBySide) (EventID: 78) (User: )
Description: Activation context generation failed for "C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17415_none_6240486fecbd8abb.manifest1".Error in manifest or policy file "C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17415_none_6240486fecbd8abb.manifest2" on line C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17415_none_6240486fecbd8abb.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17415_none_6240486fecbd8abb.manifest.
Component 2: C:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17415_none_a9ed7f470139b3c1.manifest.
 
Error: (04/13/2015 00:37:45 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: OUTLOOK.EXE, version: 14.0.7143.5000, time stamp: 0x54b56e39
Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
Exception code: 0xc0000005
Fault offset: 0x00000000
Faulting process id: 0x16e0
Faulting application start time: 0xOUTLOOK.EXE0
Faulting application path: OUTLOOK.EXE1
Faulting module path: OUTLOOK.EXE2
Report Id: OUTLOOK.EXE3
Faulting package full name: OUTLOOK.EXE4
Faulting package-relative application ID: OUTLOOK.EXE5
 
Error: (04/12/2015 07:38:43 PM) (Source: SideBySide) (EventID: 78) (User: )
Description: Activation context generation failed for "C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17415_none_6240486fecbd8abb.manifest1".Error in manifest or policy file "C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17415_none_6240486fecbd8abb.manifest2" on line C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17415_none_6240486fecbd8abb.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17415_none_6240486fecbd8abb.manifest.
Component 2: C:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17415_none_a9ed7f470139b3c1.manifest.
 
Error: (04/12/2015 05:42:32 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: OFFICE)
Description: Activation of app winstore_cw5n1h2txyewy!Windows.Store failed with error: -2144927142 See the Microsoft-Windows-TWinUI/Operational log for additional information.
 
Error: (04/12/2015 05:40:29 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: OFFICE)
Description: Activation of app winstore_cw5n1h2txyewy!Windows.Store failed with error: -2144927142 See the Microsoft-Windows-TWinUI/Operational log for additional information.
 
Error: (04/12/2015 05:30:20 PM) (Source: SideBySide) (EventID: 78) (User: )
Description: Activation context generation failed for "C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17415_none_6240486fecbd8abb.manifest1".Error in manifest or policy file "C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17415_none_6240486fecbd8abb.manifest2" on line C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17415_none_6240486fecbd8abb.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17415_none_6240486fecbd8abb.manifest.
Component 2: C:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17415_none_a9ed7f470139b3c1.manifest.
 
Error: (04/12/2015 05:20:58 PM) (Source: SideBySide) (EventID: 78) (User: )
Description: Activation context generation failed for "C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17415_none_6240486fecbd8abb.manifest1".Error in manifest or policy file "C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17415_none_6240486fecbd8abb.manifest2" on line C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17415_none_6240486fecbd8abb.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17415_none_6240486fecbd8abb.manifest.
Component 2: C:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17415_none_a9ed7f470139b3c1.manifest.
 
Error: (04/12/2015 04:42:10 PM) (Source: SideBySide) (EventID: 78) (User: )
Description: Activation context generation failed for "C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17415_none_6240486fecbd8abb.manifest1".Error in manifest or policy file "C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17415_none_6240486fecbd8abb.manifest2" on line C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17415_none_6240486fecbd8abb.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17415_none_6240486fecbd8abb.manifest.
Component 2: C:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17415_none_a9ed7f470139b3c1.manifest.
 
Error: (04/12/2015 11:12:57 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program Explorer.EXE version 6.3.9600.17667 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.
 
Process ID: acc
 
Start Time: 01d07428d51e4144
 
Termination Time: 13221
 
Application Path: C:\WINDOWS\Explorer.EXE
 
Report Id: 7f8a47f1-e13f-11e4-bee1-001cc06d7622
 
Faulting package full name: 
 
Faulting package-relative application ID:
 
Error: (04/12/2015 11:09:37 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program qw.exe version 24.1.5.11 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.
 
Process ID: b94
 
Start Time: 01d0753fd5154fde
 
Termination Time: 4294967295
 
Application Path: C:\Program Files (x86)\Quicken\qw.exe
 
Report Id: 104f214e-e13f-11e4-bee1-001cc06d7622
 
Faulting package full name: 
 
Faulting package-relative application ID:
 
 
System errors:
=============
Error: (04/13/2015 00:54:52 PM) (Source: Service Control Manager) (EventID: 7022) (User: )
Description: The McAfee VirusScan Announcer service hung on starting.
 
Error: (04/13/2015 00:52:49 PM) (Source: Service Control Manager) (EventID: 7022) (User: )
Description: The McAfee Home Network service hung on starting.
 
Error: (04/13/2015 00:47:36 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The LogMeIn Kernel Information Provider service failed to start due to the following error: 
%%3
 
Error: (04/13/2015 00:46:32 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The SQL Server Browser service failed to start due to the following error: 
%%1069
 
Error: (04/13/2015 00:46:32 PM) (Source: Service Control Manager) (EventID: 7038) (User: )
Description: The SQLBrowser service was unable to log on as NT AUTHORITY\LOCALSERVICE with the currently configured password due to the following error: 
%%50
 
To ensure that the service is configured properly, use the Services snap-in in Microsoft Management Console (MMC).
 
Error: (04/13/2015 00:46:32 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The CarboniteService service failed to start due to the following error: 
%%109
 
Error: (04/13/2015 00:46:32 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Apple Mobile Device Service service failed to start due to the following error: 
%%109
 
Error: (04/13/2015 00:46:13 PM) (Source: DCOM) (EventID: 10010) (User: OFFICE)
Description: {4AA0A5C4-1B9B-4F2E-99D7-99C6AEC83474}
 
Error: (04/13/2015 00:46:13 PM) (Source: DCOM) (EventID: 10010) (User: OFFICE)
Description: {4AA0A5C4-1B9B-4F2E-99D7-99C6AEC83474}
 
Error: (04/13/2015 00:45:53 PM) (Source: Service Control Manager) (EventID: 7032) (User: )
Description: The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the Windows Search service, but this action failed with the following error: 
%%1056
 
 
Microsoft Office Sessions:
=========================
Error: (04/13/2015 00:51:05 PM) (Source: SideBySide) (EventID: 78) (User: )
Description: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17415_none_6240486fecbd8abb.manifestC:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17415_none_a9ed7f470139b3c1.manifestC:\Program Files (x86)\Samsung\SideSync3\SideSync3.exe
 
Error: (04/13/2015 00:37:45 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: OUTLOOK.EXE14.0.7143.500054b56e39unknown0.0.0.000000000c00000050000000016e001d0761f823ce09fC:\Program Files (x86)\Microsoft Office\Office14\OUTLOOK.EXEunknown8e3e68d0-e214-11e4-bee2-001cc06d7622
 
Error: (04/12/2015 07:38:43 PM) (Source: SideBySide) (EventID: 78) (User: )
Description: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17415_none_6240486fecbd8abb.manifestC:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17415_none_a9ed7f470139b3c1.manifestC:\Program Files (x86)\Samsung\SideSync3\SideSync3.exe
 
Error: (04/12/2015 05:42:32 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: OFFICE)
Description: winstore_cw5n1h2txyewy!Windows.Store-2144927142
 
Error: (04/12/2015 05:40:29 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: OFFICE)
Description: winstore_cw5n1h2txyewy!Windows.Store-2144927142
 
Error: (04/12/2015 05:30:20 PM) (Source: SideBySide) (EventID: 78) (User: )
Description: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17415_none_6240486fecbd8abb.manifestC:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17415_none_a9ed7f470139b3c1.manifestC:\Program Files (x86)\Samsung\SideSync3\SideSync3.exe
 
Error: (04/12/2015 05:20:58 PM) (Source: SideBySide) (EventID: 78) (User: )
Description: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17415_none_6240486fecbd8abb.manifestC:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17415_none_a9ed7f470139b3c1.manifestC:\Program Files (x86)\Samsung\SideSync3\SideSync3.exe
 
Error: (04/12/2015 04:42:10 PM) (Source: SideBySide) (EventID: 78) (User: )
Description: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17415_none_6240486fecbd8abb.manifestC:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17415_none_a9ed7f470139b3c1.manifestC:\Program Files (x86)\Samsung\SideSync3\SideSync3.exe
 
Error: (04/12/2015 11:12:57 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Explorer.EXE6.3.9600.17667acc01d07428d51e414413221C:\WINDOWS\Explorer.EXE7f8a47f1-e13f-11e4-bee1-001cc06d7622
 
Error: (04/12/2015 11:09:37 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: qw.exe24.1.5.11b9401d0753fd5154fde4294967295C:\Program Files (x86)\Quicken\qw.exe104f214e-e13f-11e4-bee1-001cc06d7622
 
 
==================== Memory info =========================== 
 
Processor: Intel® Core™2 Quad CPU Q9550 @ 2.83GHz
Percentage of memory in use: 59%
Total physical RAM: 8186.21 MB
Available physical RAM: 3324.2 MB
Total Pagefile: 16378.21 MB
Available Pagefile: 10927.8 MB
Total Virtual: 131072 MB
Available Virtual: 131071.84 MB
 
==================== Drives ================================
 
Drive c: () (Fixed) (Total:465.42 GB) (Free:56.38 GB) NTFS
Drive e: (TeraByteInTheAss) (Fixed) (Total:931.51 GB) (Free:135.83 GB) NTFS
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 465.8 GB) (Disk ID: 9FD58EB4)
Partition 1: (Active) - (Size=350 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=465.4 GB) - (Type=07 NTFS)
 
========================================================
Disk: 1 (Size: 931.5 GB) (Disk ID: 6E697373)
No partition Table on disk 1.
 
========================================================
Disk: 2 (MBR Code: Windows 7 or 8) (Size: 931.5 GB) (Disk ID: 5391AB91)
 
Partition: GPT Partition Type.
 
==================== End Of Log ============================


#10 deeprybka

deeprybka

  • Malware Response Team
  • 5,198 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:11:50 AM

Posted 13 April 2015 - 03:13 PM

Please post the FRST.txt as well. :)
regards,
deeprybka
:busy:
Neminem laede, immo omnes, quantum potes, iuva. Arthur Schopenhauer
 
unite_blue.png
asap.png

#11 MolonLabeNV

MolonLabeNV
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Las Vegas, NV
  • Local time:02:50 AM

Posted 13 April 2015 - 03:36 PM

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 13-04-2015
Ran by Matthew (administrator) on OFFICE on 13-04-2015 13:32:43
Running from C:\Users\Matthew\Downloads\AV Malware
Loaded Profiles: Matthew (Available profiles: Matthew & Monica)
Platform: Windows 8.1 (X64) OS Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(Stardock Software, Inc) C:\Program Files (x86)\Stardock\ModernMix\MMixSrv.exe
(Stardock Software, Inc) C:\Program Files (x86)\Stardock\Start8\Start8Srv.exe
(Stardock Software, Inc) C:\Program Files (x86)\Stardock\Start8\Start8_64.exe
(Cisco Systems, Inc.) C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnagent.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Carbonite, Inc. (www.carbonite.com)) C:\Program Files\Carbonite\Carbonite Backup\CarboniteService.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office 15\ClientX64\officeclicktorun.exe
() C:\Program Files\Everything\Everything.exe
(Microsoft Corporation) C:\Windows\System32\dasHost.exe
(Gladinet, INC) C:\Program Files (x86)\Nuance\Nuance Cloud Connector\GladFileMonSvc.exe
() C:\Program Files (x86)\Nuance\Nuance Cloud Connector\WOSVSSSvr.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
(McAfee, Inc.) C:\Program Files (x86)\McAfee\SiteAdvisor\mcsacore.exe
(McAfee, Inc.) C:\Windows\System32\mfevtps.exe
(Microsoft Corporation) C:\Program Files\Microsoft SQL Server\MSSQL10_50.MYMOVIES\MSSQL\Binn\sqlservr.exe
(Microsoft Corporation) C:\Windows\SysWOW64\rundll32.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(PC Tools) C:\Program Files (x86)\Common Files\PC Tools\sMonitor\StartManSvc.exe
(Nuance Communications, Inc.) C:\Program Files (x86)\Nuance\PDF Professional 8\PDFProFiltSrv.exe
(Nuance Communications, Inc.) C:\Program Files (x86)\Nuance\PaperPort\PDFProFiltSrvPP.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft SQL Server\90\Shared\sqlbrowser.exe
(Microsoft Corporation) C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
(DEVGURU Co., LTD.) C:\Program Files\SAMSUNG\USB Drivers\25_escape\conn\ss_conn_service.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
(Xobni Corporation) C:\Program Files (x86)\Xobni\XobniService.exe
(Stardock Software, Inc) C:\Program Files (x86)\Stardock\ModernMix\MMix_64.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
(Apple Inc.) C:\Program Files (x86)\AirPrint\airprint.exe
(McAfee, Inc.) C:\Program Files\McAfee\MSC\McAPExe.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\AMCore\mcshield.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe
(Microsoft Corporation) C:\Windows\splwow64.exe
(Microsoft Corporation) C:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe
(Microsoft Corporation) C:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe
(Microsoft Corporation) C:\Windows\System32\SkyDrive.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.26.9\GoogleCrashHandler.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.26.9\GoogleCrashHandler64.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\TeamViewer.exe
(Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\tv_w32.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\tv_x64.exe
(Stardock Software, Inc) C:\Program Files (x86)\Stardock\ModernMix\MMix_32.exe
() C:\Program Files\Everything\Everything.exe
(Intuit Inc.) C:\Program Files (x86)\Quicken\bagent.exe
(Sand Studio) C:\Program Files (x86)\AirDroid\AirDroid.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Dropbox, Inc.) C:\Users\Matthew\AppData\Roaming\Dropbox\bin\Dropbox.exe
(Piriform Ltd) C:\Program Files\CCleaner\CCleaner64.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Nuance Communications, Inc.) C:\Program Files (x86)\Nuance\PaperPort\pptd40nt.exe
(PC Tools) C:\Program Files (x86)\Common Files\PC Tools\sMonitor\SSDMonitor.exe
(Carbonite, Inc.) C:\Program Files (x86)\Carbonite\Carbonite Backup\CarboniteUI.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesCommonX86\Microsoft Shared\OFFICE15\CSISYNCCLIENT.EXE
(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\Platform\McUICnt.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Microsoft Corporation) C:\Windows\SysWOW64\wbem\WmiPrvSE.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\Office14\OUTLOOK.EXE
(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Microsoft Corporation) C:\Windows\SysWOW64\SearchProtocolHost.exe
(Nero AG) C:\Program Files (x86)\Nero\Update\NASvc.exe
(Microsoft Corporation) C:\Windows\System32\Taskmgr.exe
(Siber Systems) C:\Program Files (x86)\Siber Systems\AI RoboForm\robotaskbaricon.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\SysWOW64\cmd.exe
(Microsoft Corporation) C:\Windows\SysWOW64\cmd.exe
(McAfee, Inc.) C:\Program Files (x86)\McAfee\SiteAdvisor\McChHost.exe
(Siber Systems Inc.) C:\Program Files (x86)\Siber Systems\AI RoboForm\Chrome\rf-chrome-nm-host.exe
(McAfee, Inc.) C:\Program Files (x86)\McAfee\SiteAdvisor\saUI.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Adobe Systems Incorporated) C:\Windows\System32\Macromed\Flash\FlashUtil_ActiveX.exe
 
 
==================== Registry (Whitelisted) ==================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [Fences] => C:\Program Files (x86)\Stardock\Fences\Fences.exe [3993744 2014-05-22] (Stardock Corporation)
HKLM\...\Run: [Everything] => C:\Program Files\Everything\Everything.exe [1441792 2014-08-05] ()
HKLM\...\Run: [iTunesHelper] => "C:\Program Files\iTunes\iTunesHelper.exe"
HKLM-x32\...\Run: [PDF8 Registry Controller] => C:\Program Files (x86)\Nuance\PDF Professional 8\RegistryController.exe [178576 2012-10-23] (Nuance Communications, Inc.)
HKLM-x32\...\Run: [Nuance PDF Converter Professional 8-reminder] => C:\Program Files (x86)\Nuance\PDF Professional 8\Ereg\Ereg.exe [333712 2012-10-11] (Nuance Communications, Inc.)
HKLM-x32\...\Run: [OmniPage Preload] => C:\Program Files (x86)\Nuance\OmniPage19\OmniPage19.exe [2922824 2013-04-22] (Nuance Communications, Inc.)
HKLM-x32\...\Run: [Nuance OmniPage Ultimate-reminder] => C:\Program Files (x86)\Nuance\OmniPage19\Ereg\Ereg.exe [334152 2013-01-14] (Nuance Communications, Inc.)
HKLM-x32\...\Run: [PaperPort PTD] => C:\Program Files (x86)\Nuance\PaperPort\pptd40nt.exe [38880 2012-11-12] (Nuance Communications, Inc.)
HKLM-x32\...\Run: [IndexSearch] => C:\Program Files (x86)\Nuance\PaperPort\IndexSearch.exe [51168 2012-11-12] (Nuance Communications, Inc.)
HKLM-x32\...\Run: [PPort14reminder] => C:\Program Files (x86)\Nuance\PaperPort\Ereg\Ereg.exe [333672 2012-01-03] (Nuance Communications, Inc.)
HKLM-x32\...\Run: [SSDMonitor] => C:\Program Files (x86)\Common Files\PC Tools\sMonitor\SSDMonitor.exe [105120 2012-08-21] (PC Tools)
HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [641704 2012-11-16] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [AMD AVT] => C:\Program Files (x86)\AMD AVT\bin\kdbsync.exe [20992 2012-03-19] ()
HKLM-x32\...\Run: [pdfSaver3] => [X]
HKLM-x32\...\Run: [Carbonite Backup] => C:\Program Files (x86)\Carbonite\Carbonite Backup\CarboniteUI.exe [1056976 2014-06-27] (Carbonite, Inc.)
HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [157480 2015-04-07] (Apple Inc.)
HKLM-x32\...\Run: [mcpltui_exe] => C:\Program Files\McAfee.com\Agent\mcagent.exe [537992 2014-04-25] (McAfee, Inc.)
HKLM\...\Policies\Explorer: [NoFolderOptions] 0
HKLM\...\Policies\Explorer: [NoControlPanel] 0
HKU\S-1-5-21-3331112126-1740026331-2912461648-1001\...\Run: [OpAgent] => "OpAgent.exe" /agent
HKU\S-1-5-21-3331112126-1740026331-2912461648-1001\...\Run: [uTorrent] => C:\Users\Matthew\AppData\Roaming\uTorrent\uTorrent.exe [1442384 2015-03-27] (BitTorrent Inc.)
HKU\S-1-5-21-3331112126-1740026331-2912461648-1001\...\Run: [GoogleChromeAutoLaunch_1DCACA8C0EC1716DD73D162837173624] => C:\Program Files (x86)\Google\Chrome\Application\chrome.exe [809288 2015-03-30] (Google Inc.)
HKU\S-1-5-21-3331112126-1740026331-2912461648-1001\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [7451928 2015-03-13] (Piriform Ltd)
HKU\S-1-5-21-3331112126-1740026331-2912461648-1001\...\Run: [QuickenScheduledUpdates] => C:\Program Files (x86)\Quicken\bagent.exe [77528 2015-03-23] (Intuit Inc.)
HKU\S-1-5-21-3331112126-1740026331-2912461648-1001\...\Run: [AirDroid 3] => C:\Program Files (x86)\AirDroid\AirDroid.exe [11662848 2015-02-05] (Sand Studio)
HKU\S-1-5-21-3331112126-1740026331-2912461648-1001\...\Run: [RoboForm] => C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe [110160 2015-04-13] (Siber Systems)
HKU\S-1-5-21-3331112126-1740026331-2912461648-1001\...\Policies\Explorer: [NoInstrumentation] 1
HKU\S-1-5-21-3331112126-1740026331-2912461648-1001\...\MountPoints2: {344a67ce-4b0f-11e3-824f-806e6f6e6963} - "notepad.exe" SeaToolsDOSguide.EN.txt
HKU\S-1-5-21-3331112126-1740026331-2912461648-1001\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\WINDOWS\system32\scrnsave.scr [11776 2014-10-28] (Microsoft Corporation)
Startup: C:\Users\Matthew\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk -> C:\Users\Matthew\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
Startup: C:\Users\Matthew\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Fences.lnk
ShortcutTarget: Fences.lnk -> C:\Program Files (x86)\Stardock\Fences\Fences.exe (Stardock Corporation)
Startup: C:\Users\Matthew\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2010 Screen Clipper and Launcher.lnk
ShortcutTarget: OneNote 2010 Screen Clipper and Launcher.lnk -> C:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.EXE (Microsoft Corporation)
Startup: C:\Users\Matthew\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Send to OneNote.lnk
ShortcutTarget: Send to OneNote.lnk -> C:\Program Files\Microsoft Office 15\root\office15\ONENOTEM.EXE (Microsoft Corporation)
Startup: C:\Users\Monica\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk -> C:\Users\Matthew\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt1"] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Matthew\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt2"] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Matthew\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt3"] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Matthew\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt4"] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Matthew\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt5"] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Matthew\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt6"] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Matthew\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt7"] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Matthew\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt8"] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Matthew\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [Carbonite.Green] -> {95A27763-F62A-4114-9072-E81D87DE3B68} => C:\Program Files\Carbonite\Carbonite Backup\CarboniteNSE.dll (Carbonite, Inc.)
ShellIconOverlayIdentifiers: [Carbonite.Partial] -> {E300CD91-100F-4E67-9AF3-1384A6124015} => C:\Program Files\Carbonite\Carbonite Backup\CarboniteNSE.dll (Carbonite, Inc.)
ShellIconOverlayIdentifiers: [Carbonite.Yellow] -> {5E529433-B50E-4bef-A63B-16A6B71B071A} => C:\Program Files\Carbonite\Carbonite Backup\CarboniteNSE.dll (Carbonite, Inc.)
ShellIconOverlayIdentifiers: [GladinetIconOverlay] -> {3C3DC57A-7535-48AF-BB9E-C3576A4F34D0} => C:\Program Files (x86)\Nuance\Nuance Cloud Connector\GlOverlayIcon.dll (Gladinet, INC)
ShellIconOverlayIdentifiers: [GladinetUploading] -> {959A18D3-9CC9-41e8-B76F-34ED9A89D4EA} => C:\Program Files (x86)\Nuance\Nuance Cloud Connector\GlOverlayIconU.dll (Gladinet, INC)
ShellIconOverlayIdentifiers-x32: [Carbonite.Green] -> {95A27763-F62A-4114-9072-E81D87DE3B68} => C:\Program Files (x86)\Carbonite\Carbonite Backup\CarboniteNSE.dll (Carbonite, Inc.)
ShellIconOverlayIdentifiers-x32: [Carbonite.Partial] -> {E300CD91-100F-4E67-9AF3-1384A6124015} => C:\Program Files (x86)\Carbonite\Carbonite Backup\CarboniteNSE.dll (Carbonite, Inc.)
ShellIconOverlayIdentifiers-x32: [Carbonite.Yellow] -> {5E529433-B50E-4bef-A63B-16A6B71B071A} => C:\Program Files (x86)\Carbonite\Carbonite Backup\CarboniteNSE.dll (Carbonite, Inc.)
ShellIconOverlayIdentifiers-x32: [GladinetIconOverlay] -> {3C3DC57A-7535-48AF-BB9E-C3576A4F34D0} => C:\Program Files (x86)\Nuance\Nuance Cloud Connector\GlOverlayIcon32.dll (Gladinet, INC)
ShellIconOverlayIdentifiers-x32: [GladinetUploading] -> {959A18D3-9CC9-41e8-B76F-34ED9A89D4EA} => C:\Program Files (x86)\Nuance\Nuance Cloud Connector\GlOverlayIconU32.dll (Gladinet, INC)
GroupPolicy: Group Policy on Chrome detected <======= ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
HKU\S-1-5-21-3331112126-1740026331-2912461648-1001\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKU\S-1-5-21-3331112126-1740026331-2912461648-1001\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.bing.com/search?q={searchTerms}&FORM=INMODF&PC=IN01
HKU\S-1-5-21-3331112126-1740026331-2912461648-1001\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKU\S-1-5-21-3331112126-1740026331-2912461648-1001\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://t.msn.com/
HKU\S-1-5-21-3331112126-1740026331-2912461648-1001\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = http://drudgereport.com/
HKU\S-1-5-21-3331112126-1740026331-2912461648-1001\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.bing.com/search?q={searchTerms}&FORM=INMODF&PC=IN01
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-21-3331112126-1740026331-2912461648-1001 -> {8A97923E-96A0-4B99-9D1B-A38E40E1EBD3} URL = https://search.yahoo.com/search?fr=mcafee&type=B011US636D20150201&p={SearchTerms}
BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll [2015-03-14] (Microsoft Corporation)
BHO: RoboForm Toolbar Helper -> {724d43a9-0d85-11d4-9908-00400523e39a} -> C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboForm-x64.dll [2015-04-13] (Siber Systems Inc.)
BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL [2013-12-19] (Microsoft Corporation)
BHO: McAfee SiteAdvisor BHO -> {B164E929-A1B6-4A06-B104-2CD0E90A88FF} -> c:\Program Files (x86)\McAfee\siteadvisor\x64\McIEPlg.dll [2015-01-28] (McAfee, Inc.)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL [2015-03-14] (Microsoft Corporation)
BHO-x32: PlusIEEventHelper Class -> {551A852F-39A6-44A7-9C13-AFBEC9185A9D} -> C:\Program Files (x86)\Nuance\PDF Professional 8\Bin\PlusIEContextMenu.dll [2012-07-19] (Zeon Corporation)
BHO-x32: RoboForm Toolbar Helper -> {724d43a9-0d85-11d4-9908-00400523e39a} -> C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll [2015-04-13] (Siber Systems Inc.)
BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL [2013-12-19] (Microsoft Corporation)
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_40\bin\ssv.dll [2015-04-10] (Oracle Corporation)
BHO-x32: McAfee SiteAdvisor BHO -> {B164E929-A1B6-4A06-B104-2CD0E90A88FF} -> c:\Program Files (x86)\McAfee\siteadvisor\McIEPlg.dll [2015-01-28] (McAfee, Inc.)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
BHO-x32: ZeonIEEventHelper Class -> {C7DA0384-42AA-428c-B832-88AC343DE1A8} -> C:\Program Files (x86)\Nuance\PDF Professional 8\Bin\GZeonIEFavClient.dll [2013-03-07] (Zeon Corporation)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_40\bin\jp2ssv.dll [2015-04-10] (Oracle Corporation)
Toolbar: HKLM - &RoboForm Toolbar - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboForm-x64.dll [2015-04-13] (Siber Systems Inc.)
Toolbar: HKLM - McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files (x86)\McAfee\siteadvisor\x64\McIEPlg.dll [2015-01-28] (McAfee, Inc.)
Toolbar: HKLM-x32 - &RoboForm Toolbar - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll [2015-04-13] (Siber Systems Inc.)
Toolbar: HKLM-x32 - Nuance PDF - {BCCE15AE-AC7E-4bc9-94AF-2A714A412BCB} - C:\Program Files (x86)\Nuance\PDF Professional 8\Bin\GZeonIEFavClient.dll [2013-03-07] (Zeon Corporation)
Toolbar: HKLM-x32 - McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files (x86)\McAfee\siteadvisor\McIEPlg.dll [2015-01-28] (McAfee, Inc.)
Toolbar: HKU\S-1-5-21-3331112126-1740026331-2912461648-1001 -> &RoboForm Toolbar - {724D43A0-0D85-11D4-9908-00400523E39A} - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboForm-x64.dll [2015-04-13] (Siber Systems Inc.)
DPF: HKLM-x32 {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} http://qtinstall.apple.com/qtactivex/qtplugin.cab
DPF: HKLM-x32 {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} https://akamaicdn.webex.com/client/WBXclient-T29L10NSP4EP2-2/event/ieatgpc1.cab
DPF: HKLM-x32 {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} https://secure.logmein.com//activex/ractrl.cab?lmi=1058
Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\siteadvisor\x64\McIEPlg.dll [2015-01-28] (McAfee, Inc.)
Handler-x32: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\siteadvisor\McIEPlg.dll [2015-01-28] (McAfee, Inc.)
Handler-x32: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\Office15\MSOSB.DLL [2015-03-14] (Microsoft Corporation)
Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\siteadvisor\x64\McIEPlg.dll [2015-01-28] (McAfee, Inc.)
Handler-x32: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\siteadvisor\McIEPlg.dll [2015-01-28] (McAfee, Inc.)
Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files\McAfee\MSC\mcsniepl64.dll [2014-04-25] (McAfee, Inc.)
Filter-x32: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files (x86)\McAfee\MSC\McSnIePl.dll [2014-04-25] (McAfee, Inc.)
Tcpip\Parameters: [DhcpNameServer] 68.105.28.16 68.105.29.16 68.105.28.17
 
FireFox:
========
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_17_0_0_134.dll [2015-03-20] ()
FF Plugin: @mcafee.com/MSC,version=10 -> c:\PROGRA~1\mcafee\msc\npmcsnffpl64.dll [2014-04-25] ()
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll [2014-05-13] ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_17_0_0_134.dll [2015-03-20] ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2014-02-18] ()
FF Plugin-x32: @cnw.com/cnwplugin -> C:\Program Files (x86)\AnyMeeting Plug-in\npcnwplugin.dll [2013-11-07] (AnyMeeting, Inc.)
FF Plugin-x32: @java.com/DTPlugin,version=11.40.2 -> C:\Program Files (x86)\Java\jre1.8.0_40\bin\dtplugin\npDeployJava1.dll [2015-04-10] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.40.2 -> C:\Program Files (x86)\Java\jre1.8.0_40\bin\plugin2\npjp2.dll [2015-04-10] (Oracle Corporation)
FF Plugin-x32: @mcafee.com/MSC,version=10 -> c:\PROGRA~2\mcafee\msc\npmcsnffpl.dll [2014-04-25] ()
FF Plugin-x32: @mcafee.com/MVT -> C:\Program Files (x86)\McAfee\Supportability\MVT\NPMVTPlugin.dll [2014-12-08] (McAfee, Inc.)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll [2014-05-13] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL [2014-12-19] (Microsoft Corporation)
FF Plugin-x32: @Nero.com/KM -> C:\PROGRA~2\COMMON~1\Nero\BrowserPlugin\npBrowserPlugin.dll [2013-11-07] (Nero AG)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-02-06] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-02-06] (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.1.1 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2015-02-27] (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.1.2 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2015-02-27] (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.1.3 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2015-02-27] (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.1.5 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2015-02-27] (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.2.0 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2015-02-27] (VideoLAN)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2015-03-17] (Adobe Systems Inc.)
FF Plugin-x32: ZEON/PDF,version=2.0 -> C:\Program Files (x86)\Nuance\PDF Professional 8\bin\nppdf.dll [2012-07-31] (Zeon Corporation)
FF Plugin HKU\S-1-5-21-3331112126-1740026331-2912461648-1001: @citrixonline.com/appdetectorplugin -> C:\Users\Matthew\AppData\Local\Citrix\Plugins\104\npappdetector.dll [2014-11-25] (Citrix Online)
FF Plugin HKU\S-1-5-21-3331112126-1740026331-2912461648-1001: LWAPlugin15.8 -> C:\Users\Matthew\AppData\Roaming\Mozilla\Plugins\npLWAPlugin15.8.dll [2013-03-13] (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Users\Matthew\AppData\Roaming\mozilla\plugins\npatgpc.dll [2015-02-23] (Cisco WebEx LLC)
FF Plugin ProgramFiles/Appdata: C:\Users\Matthew\AppData\Roaming\mozilla\plugins\npLWAPlugin15.8.dll [2013-03-13] (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Users\Matthew\AppData\Roaming\mozilla\plugins\npMeetingJoinPluginAOCUser.dll [2013-05-25] ()
FF HKLM-x32\...\Firefox\Extensions: [{22119944-ED35-4ab1-910B-E619EA06A115}] - C:\Program Files (x86)\Siber Systems\AI RoboForm\Firefox
FF Extension: RoboForm Toolbar for Firefox - C:\Program Files (x86)\Siber Systems\AI RoboForm\Firefox [2013-08-26]
FF HKLM-x32\...\Firefox\Extensions: [{4ED1F68A-5463-4931-9384-8FFF5ED91D92}] - C:\Program Files (x86)\McAfee\SiteAdvisor
FF Extension: McAfee SiteAdvisor - C:\Program Files (x86)\McAfee\SiteAdvisor [2015-02-01]
FF HKLM-x32\...\Thunderbird\Extensions: [msktbird@mcafee.com] - C:\Program Files\McAfee\MSK
FF Extension: McAfee Anti-Spam Thunderbird Extension - C:\Program Files\McAfee\MSK [2015-02-01]
 
Chrome: 
=======
CHR HomePage: Default -> hxxp://www.drudgereport.com/
CHR StartupUrls: Default -> "hxxp://www.drudgereport.com/", "hxxp://www.theblaze.com/", "hxxp://www.foxnews.com/", "hxxp://intranet.ballytech.com/", "https://www.siriusxm.com/player/#view=login"
CHR Profile: C:\Users\Matthew\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Docs) - C:\Users\Matthew\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-04-29]
CHR Extension: (Google Drive) - C:\Users\Matthew\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-04-29]
CHR Extension: (MindMeister) - C:\Users\Matthew\AppData\Local\Google\Chrome\User Data\Default\Extensions\bdehgigffdnkjpaindemkaniebfaepjm [2014-06-19]
CHR Extension: (Gliffy Diagrams) - C:\Users\Matthew\AppData\Local\Google\Chrome\User Data\Default\Extensions\bhmicilclplefnflapjmnngmkkkkpfad [2014-06-20]
CHR Extension: (YouTube) - C:\Users\Matthew\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-04-29]
CHR Extension: (GeoGebra) - C:\Users\Matthew\AppData\Local\Google\Chrome\User Data\Default\Extensions\bnbaboaihhkjoaolfnfoablhllahjnee [2014-06-20]
CHR Extension: (Google Search) - C:\Users\Matthew\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-04-29]
CHR Extension: (Lucidchart Diagrams - Desktop) - C:\Users\Matthew\AppData\Local\Google\Chrome\User Data\Default\Extensions\djejicklhojeokkfmdelnempiecmdomj [2014-06-19]
CHR Extension: (SiteAdvisor) - C:\Users\Matthew\AppData\Local\Google\Chrome\User Data\Default\Extensions\fheoggkfdfchfphceeifdbepaooicaho [2015-02-06]
CHR Extension: (USMC Semper Fidelis) - C:\Users\Matthew\AppData\Local\Google\Chrome\User Data\Default\Extensions\fkbkpfdkgpjpbmibdidphjodachgkddg [2014-07-21]
CHR Extension: (Office Editing for Docs, Sheets & Slides) - C:\Users\Matthew\AppData\Local\Google\Chrome\User Data\Default\Extensions\gbkeegbaiigmenfmjfclcdgdpimamgkj [2014-07-18]
CHR Extension: (Planetarium) - C:\Users\Matthew\AppData\Local\Google\Chrome\User Data\Default\Extensions\gheikhdfflhlbemfmhcfpeblehemeklp [2014-06-20]
CHR Extension: (Chrome to Mobile) - C:\Users\Matthew\AppData\Local\Google\Chrome\User Data\Default\Extensions\idknbmbdnapjicclomlijcgfpikmndhd [2014-07-18]
CHR Extension: (Cisco WebEx Extension) - C:\Users\Matthew\AppData\Local\Google\Chrome\User Data\Default\Extensions\jlhmfgmfgeifomenelglieieghnjghma [2014-10-30]
CHR Extension: (Wave Accounting) - C:\Users\Matthew\AppData\Local\Google\Chrome\User Data\Default\Extensions\knpkfcpnjfbniadmfchjpcigfhookhaa [2014-06-19]
CHR Extension: (Chrome Hotword Shared Module) - C:\Users\Matthew\AppData\Local\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg [2015-03-09]
CHR Extension: (UberConference) - C:\Users\Matthew\AppData\Local\Google\Chrome\User Data\Default\Extensions\nhhfpdlccblfofockeabmalggfhelcgj [2014-06-19]
CHR Extension: (Google Wallet) - C:\Users\Matthew\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-04-29]
CHR Extension: (Sidekick by HubSpot) - C:\Users\Matthew\AppData\Local\Google\Chrome\User Data\Default\Extensions\oiiaigjnkhngdbnoookogelabohpglmd [2014-08-22]
CHR Extension: (Google Quick Scroll) - C:\Users\Matthew\AppData\Local\Google\Chrome\User Data\Default\Extensions\okanipcmceoeemlbjnmnbdibhgpbllgc [2015-02-17]
CHR Extension: (Gmail) - C:\Users\Matthew\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-04-29]
CHR Extension: (RoboForm) - C:\Users\Matthew\AppData\Local\Google\Chrome\User Data\Default\Extensions\pnlccmojcmeohlpggmfnbbiapkmbliob [2014-05-27]
CHR HKLM\...\Chrome\Extension: [fheoggkfdfchfphceeifdbepaooicaho] - C:\Program Files (x86)\McAfee\SiteAdvisor\McChPlg.crx [2015-01-28]
CHR HKLM\...\Chrome\Extension: [pnlccmojcmeohlpggmfnbbiapkmbliob] - C:\Program Files (x86)\Siber Systems\AI RoboForm\Chrome\rf-chrome.crx [2014-02-21]
CHR HKLM-x32\...\Chrome\Extension: [fheoggkfdfchfphceeifdbepaooicaho] - C:\Program Files (x86)\McAfee\SiteAdvisor\McChPlg.crx [2015-01-28]
CHR HKLM-x32\...\Chrome\Extension: [pnlccmojcmeohlpggmfnbbiapkmbliob] - C:\Program Files (x86)\Siber Systems\AI RoboForm\Chrome\rf-chrome.crx [2014-02-21]
 
==================== Services (Whitelisted) =================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 AirPrint; C:\Program Files (x86)\AirPrint\airprint.exe [234784 2015-03-11] (Apple Inc.)
R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [77128 2015-01-20] (Apple Inc.)
S3 BthHFSrv; C:\Windows\System32\BthHFSrv.dll [324608 2014-10-28] (Microsoft Corporation)
R2 ClickToRunSvc; C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe [2714800 2015-02-10] (Microsoft Corporation)
R2 Everything; C:\Program Files\Everything\Everything.exe [1441792 2014-08-05] () [File not signed]
R2 GladFileMonSvc; C:\Program Files (x86)\Nuance\Nuance Cloud Connector\GladFileMonSvc.exe [29592 2012-09-24] (Gladinet, INC)
R2 HomeNetSvc; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [328928 2013-07-30] (McAfee, Inc.)
R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1871160 2015-03-17] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1080120 2015-03-17] (Malwarebytes Corporation)
R2 McAfee SiteAdvisor Service; C:\Program Files (x86)\McAfee\SiteAdvisor\McSACore.exe [155368 2015-02-19] (McAfee, Inc.)
R2 McAPExe; C:\Program Files\McAfee\MSC\McAPExe.exe [178528 2014-04-25] (McAfee, Inc.)
R2 McMPFSvc; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [328928 2013-07-30] (McAfee, Inc.)
R2 McNaiAnn; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [328928 2013-07-30] (McAfee, Inc.)
S3 McODS; C:\Program Files\McAfee\VirusScan\mcods.exe [603424 2014-10-08] (McAfee, Inc.)
R2 mcpltsvc; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [328928 2013-07-30] (McAfee, Inc.)
R2 McProxy; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [328928 2013-07-30] (McAfee, Inc.)
R2 mfecore; C:\Program Files\Common Files\McAfee\AMCore\mcshield.exe [1041192 2014-08-20] (McAfee, Inc.)
R2 mfefire; C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe [219752 2014-06-20] (McAfee, Inc.)
R2 mfevtp; C:\WINDOWS\system32\mfevtps.exe [189912 2014-06-20] (McAfee, Inc.)
R2 ModernMix; C:\Program Files (x86)\Stardock\ModernMix\MMixSrv.exe [74864 2014-03-10] (Stardock Software, Inc)
R2 MSK80Service; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [328928 2013-07-30] (McAfee, Inc.)
R2 MSSQL$MYMOVIES; c:\Program Files\Microsoft SQL Server\MSSQL10_50.MYMOVIES\MSSQL\Binn\sqlservr.exe [62379184 2014-07-10] (Microsoft Corporation)
R2 PCToolsSSDMonitorSvc; C:\Program Files (x86)\Common Files\PC Tools\sMonitor\StartManSvc.exe [794272 2012-08-21] (PC Tools)
R2 PDFProFiltSrv; C:\Program Files (x86)\Nuance\PDF Professional 8\PDFProFiltSrv.exe [135056 2012-10-23] (Nuance Communications, Inc.)
R2 PDFProFiltSrvPP; C:\Program Files (x86)\Nuance\PaperPort\PDFProFiltSrvPP.exe [220048 2012-11-12] (Nuance Communications, Inc.)
S4 SQLAgent$MYMOVIES; c:\Program Files\Microsoft SQL Server\MSSQL10_50.MYMOVIES\MSSQL\Binn\SQLAGENT.EXE [442536 2014-07-10] (Microsoft Corporation)
R2 ss_conn_service; C:\Program Files\SAMSUNG\USB Drivers\25_escape\conn\ss_conn_service.exe [741640 2014-05-12] (DEVGURU Co., LTD.)
R2 Start8; C:\Program Files (x86)\Stardock\Start8\Start8Srv.exe [143288 2014-06-18] (Stardock Software, Inc)
R2 TeamViewer; C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe [5448464 2015-03-30] (TeamViewer GmbH)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [366520 2015-02-03] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23792 2015-02-03] (Microsoft Corporation)
R2 XobniService; C:\Program Files (x86)\Xobni\XobniService.exe [59000 2013-06-28] (Xobni Corporation)
 
==================== Drivers (Whitelisted) ====================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
R3 cfwids; C:\Windows\System32\drivers\cfwids.sys [72128 2014-06-20] (McAfee, Inc.)
S3 HipShieldK; C:\Windows\System32\drivers\HipShieldK.sys [197704 2013-09-23] (McAfee, Inc.)
S4 LMIRfsClientNP; No ImagePath
R3 MBAMProtector; C:\WINDOWS\system32\drivers\mbam.sys [25816 2015-03-17] (Malwarebytes Corporation)
R3 MBAMSwissArmy; C:\WINDOWS\system32\drivers\MBAMSwissArmy.sys [136408 2015-04-13] (Malwarebytes Corporation)
R3 MBAMWebAccessControl; C:\WINDOWS\system32\drivers\mwac.sys [64216 2015-03-17] (Malwarebytes Corporation)
R3 mfeapfk; C:\Windows\System32\drivers\mfeapfk.sys [181704 2014-06-20] (McAfee, Inc.)
R3 mfeavfk; C:\Windows\System32\drivers\mfeavfk.sys [313544 2014-06-20] (McAfee, Inc.)
S0 mfeelamk; C:\Windows\System32\drivers\mfeelamk.sys [70600 2014-06-20] (McAfee, Inc.)
R3 mfefirek; C:\Windows\System32\drivers\mfefirek.sys [523792 2014-06-20] (McAfee, Inc.)
R0 mfehidk; C:\Windows\System32\drivers\mfehidk.sys [786296 2014-06-20] (McAfee, Inc.)
R3 mfencbdc; C:\Windows\system32\DRIVERS\mfencbdc.sys [445512 2014-08-20] (McAfee, Inc.)
S3 mfencrk; C:\Windows\system32\DRIVERS\mfencrk.sys [96592 2014-08-20] (McAfee, Inc.)
R0 mfewfpk; C:\Windows\System32\drivers\mfewfpk.sys [348552 2014-06-20] (McAfee, Inc.)
R1 RsFx0153; C:\Windows\System32\DRIVERS\RsFx0153.sys [322736 2014-07-10] (Microsoft Corporation)
S3 ss_conn_usb_driver; C:\Windows\System32\Drivers\ss_conn_usb_driver.sys [26368 2014-05-12] (DEVGURU Co., LTD.)
S3 vpnva; C:\Windows\system32\DRIVERS\vpnva64-6.sys [52080 2013-10-10] (Cisco Systems, Inc.)
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [114496 2015-02-03] (Microsoft Corporation)
S2 LMIInfo; \??\C:\Program Files (x86)\LogMeIn\x64\RaInfo.sys [X]
 
==================== NetSvcs (Whitelisted) ===================
 
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
 
 
==================== One Month Created Files and Folders ========
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2015-04-13 13:09 - 2015-04-13 13:09 - 00004120 _____ () C:\WINDOWS\System32\Tasks\Open URL by RoboForm
2015-04-13 13:09 - 2015-04-13 13:09 - 00003492 _____ () C:\WINDOWS\System32\Tasks\Run RoboForm TaskBar Icon
2015-04-13 12:54 - 2015-04-13 12:54 - 00001860 _____ () C:\Users\Public\Desktop\McAfee Security Center.lnk
2015-04-13 12:29 - 2015-04-13 12:45 - 00000000 ____D () C:\AdwCleaner
2015-04-12 17:26 - 2015-04-13 12:47 - 00002978 _____ () C:\WINDOWS\PFRO.log
2015-04-12 17:26 - 2015-04-13 12:47 - 00000154 _____ () C:\WINDOWS\setupact.log
2015-04-12 17:26 - 2015-04-12 17:26 - 00483952 _____ () C:\WINDOWS\system32\FNTCACHE.DAT
2015-04-12 17:26 - 2015-04-12 17:26 - 00000000 _____ () C:\WINDOWS\setuperr.log
2015-04-12 17:20 - 2015-04-12 17:20 - 00001795 _____ () C:\Users\Public\Desktop\iTunes.lnk
2015-04-12 17:19 - 2015-04-12 17:20 - 00000000 ____D () C:\ProgramData\E1864A66-75E3-486a-BD95-D1B7D99A84A7
2015-04-12 17:19 - 2015-04-12 17:20 - 00000000 ____D () C:\Program Files\iTunes
2015-04-12 16:42 - 2015-04-13 12:49 - 00136408 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2015-04-12 16:42 - 2015-04-12 16:42 - 00001134 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2015-04-12 16:42 - 2015-04-12 16:42 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2015-04-12 16:41 - 2015-04-12 16:41 - 00000000 ____D () C:\ProgramData\Malwarebytes
2015-04-12 16:41 - 2015-04-12 16:41 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2015-04-12 16:41 - 2015-03-17 06:15 - 00107736 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbamchameleon.sys
2015-04-12 16:41 - 2015-03-17 06:15 - 00064216 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mwac.sys
2015-04-12 16:41 - 2015-03-17 06:15 - 00025816 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbam.sys
2015-04-11 12:34 - 2015-04-11 12:34 - 00001742 _____ () C:\Users\Matthew\Desktop\JRT.txt
2015-04-11 12:26 - 2015-04-11 12:26 - 00000207 _____ () C:\WINDOWS\tweaking.com-regbackup-OFFICE-Windows-8.1-(64-bit).dat
2015-04-11 12:26 - 2015-04-11 12:26 - 00000000 ____D () C:\RegBackup
2015-04-11 10:02 - 2015-04-13 13:32 - 00000000 ____D () C:\FRST
2015-04-11 09:45 - 2015-04-13 13:32 - 00000000 ____D () C:\Users\Matthew\Downloads\AV Malware
2015-04-10 18:59 - 2015-04-10 18:59 - 00098216 _____ (Oracle Corporation) C:\WINDOWS\SysWOW64\WindowsAccessBridge-32.dll
2015-04-10 18:57 - 2015-04-10 18:57 - 00003886 _____ () C:\WINDOWS\System32\Tasks\Adobe Acrobat Update Task
2015-04-10 18:56 - 2015-04-10 18:56 - 00002487 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk
2015-04-10 18:56 - 2015-04-10 18:56 - 00002075 _____ () C:\Users\Public\Desktop\Acrobat Reader DC.lnk
2015-04-09 01:31 - 2015-04-13 12:48 - 00000588 _____ () C:\WINDOWS\Tasks\G2MUpdateTask-S-1-5-21-3331112126-1740026331-2912461648-1001.job
2015-04-08 09:25 - 2015-04-08 09:25 - 00001071 _____ () C:\Users\Matthew\Desktop\Dropbox.lnk
2015-04-08 09:04 - 2015-04-08 09:04 - 00000000 ____D () C:\WINDOWS\system32\appraiser
2015-04-08 08:56 - 2015-03-22 15:45 - 00227328 _____ (Microsoft Corporation) C:\WINDOWS\system32\aepdu.dll
2015-04-08 08:56 - 2015-03-22 15:09 - 01111552 _____ (Microsoft Corporation) C:\WINDOWS\system32\aeinv.dll
2015-04-08 08:56 - 2015-03-22 15:09 - 00957440 _____ (Microsoft Corporation) C:\WINDOWS\system32\appraiser.dll
2015-04-08 08:56 - 2015-03-22 15:09 - 00769024 _____ (Microsoft Corporation) C:\WINDOWS\system32\invagent.dll
2015-04-08 08:56 - 2015-03-22 15:09 - 00726528 _____ (Microsoft Corporation) C:\WINDOWS\system32\generaltel.dll
2015-04-08 08:56 - 2015-03-22 15:09 - 00419328 _____ (Microsoft Corporation) C:\WINDOWS\system32\devinv.dll
2015-04-08 08:56 - 2015-03-22 15:09 - 00030720 _____ (Microsoft Corporation) C:\WINDOWS\system32\acmigration.dll
2015-04-08 08:56 - 2015-02-20 16:49 - 00780800 _____ (Microsoft Corporation) C:\WINDOWS\system32\lsm.dll
2015-04-08 08:56 - 2014-12-02 16:09 - 00192000 _____ (Microsoft Corporation) C:\WINDOWS\system32\aepic.dll
2015-04-02 07:34 - 2015-04-13 13:23 - 01557853 _____ () C:\WINDOWS\WindowsUpdate.log
2015-04-01 09:52 - 2015-04-01 09:52 - 05344528 _____ (Piriform Ltd) C:\Users\Matthew\Downloads\ccsetup504.exe
2015-04-01 08:26 - 2015-04-01 08:26 - 00000987 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TeamViewer 10.lnk
2015-04-01 08:26 - 2015-04-01 08:26 - 00000975 _____ () C:\Users\Public\Desktop\TeamViewer 10.lnk
2015-03-31 09:23 - 2015-03-31 09:27 - 00000000 ___SD () C:\WINDOWS\system32\GWX
2015-03-31 09:23 - 2015-03-31 09:23 - 00000000 ___SD () C:\WINDOWS\SysWOW64\GWX
2015-03-31 09:23 - 2015-03-31 09:23 - 00000000 ____D () C:\Users\Matthew\AppData\Local\Skype
2015-03-31 09:22 - 2015-04-10 21:15 - 00000000 ____D () C:\Users\Matthew\AppData\Roaming\Skype
2015-03-31 09:22 - 2015-04-10 18:53 - 00000000 ___RD () C:\Program Files (x86)\Skype
2015-03-31 09:22 - 2015-04-10 18:53 - 00000000 ____D () C:\ProgramData\Skype
2015-03-31 09:22 - 2015-03-31 09:22 - 00002743 _____ () C:\Users\Public\Desktop\Skype.lnk
2015-03-31 09:22 - 2015-03-31 09:22 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
2015-03-31 08:50 - 2015-03-14 01:20 - 01385256 _____ (Microsoft Corporation) C:\WINDOWS\system32\msctf.dll
2015-03-31 08:50 - 2015-03-14 01:13 - 01124352 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msctf.dll
2015-03-20 19:07 - 2015-03-20 19:11 - 00000000 ____D () C:\Users\Matthew\Downloads\Pictures of gate
2015-03-20 01:29 - 2015-03-20 09:53 - 00000000 ____D () C:\WINDOWS\Minidump
2015-03-20 01:02 - 2015-03-20 01:02 - 08867840 _____ () C:\Users\Matthew\Downloads\SeaToolsDOS223ALL.ISO
2015-03-20 00:28 - 2015-03-20 00:28 - 00001439 _____ () C:\Users\Public\Desktop\SeaTools for Windows.lnk
2015-03-20 00:12 - 2015-03-20 00:12 - 00000000 ____D () C:\Users\Matthew\Downloads\HDDScan_v33
2015-03-20 00:10 - 2015-03-20 00:10 - 03820088 _____ () C:\Users\Matthew\Downloads\HDDScan_v33.zip
2015-03-20 00:10 - 2015-03-20 00:10 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Seagate
2015-03-20 00:10 - 2015-03-20 00:10 - 00000000 ____D () C:\Program Files (x86)\Seagate
2015-03-20 00:09 - 2015-03-20 00:09 - 26771088 _____ () C:\Users\Matthew\Downloads\SeaToolsforWindowsSetup.exe
2015-03-15 20:57 - 2015-03-04 14:24 - 00792032 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
2015-03-15 20:57 - 2015-03-04 14:24 - 00178144 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl
2015-03-15 20:40 - 2015-03-15 20:40 - 00000134 _____ () C:\Users\Matthew\Desktop\Surprise- U.S. Economic Data Have Been the World's Most Disappointing - Bloomberg Business.url
2015-03-15 13:10 - 2012-07-04 11:55 - 01354240 _____ (CANON INC.) C:\WINDOWS\system32\CNC280C.dll
2015-03-15 13:10 - 2012-07-04 11:55 - 00112128 _____ (CANON INC.) C:\WINDOWS\system32\CNC280I.dll
2015-03-15 13:10 - 2012-07-04 11:29 - 00106496 _____ (CANON INC.) C:\WINDOWS\SysWOW64\CNC280U.dll
2015-03-15 13:10 - 2010-03-18 19:26 - 00348672 _____ (CANON INC.) C:\WINDOWS\system32\CNC280L.dll
2015-03-15 13:10 - 2010-03-18 19:25 - 00307200 _____ (CANON INC.) C:\WINDOWS\SysWOW64\CNC280L.dll
2015-03-15 13:10 - 2009-11-13 14:38 - 00012800 _____ () C:\WINDOWS\SysWOW64\CNC1746D.TBL
2015-03-15 13:10 - 2008-08-25 18:02 - 00017920 _____ (CANON INC.) C:\WINDOWS\system32\CNHMCA6.dll
2015-03-15 13:10 - 2008-08-25 18:02 - 00015872 _____ (CANON INC.) C:\WINDOWS\SysWOW64\CNHMCA.dll
 
==================== One Month Modified Files and Folders =======
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2015-04-13 13:32 - 2013-08-27 11:14 - 00000000 ____D () C:\Users\Matthew\Documents\Outlook Files
2015-04-13 13:17 - 2014-01-18 20:39 - 00000000 ____D () C:\Users\Matthew\AppData\Roaming\uTorrent
2015-04-13 13:14 - 2013-08-26 21:53 - 00003598 _____ () C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-3331112126-1740026331-2912461648-1001
2015-04-13 13:08 - 2013-08-26 22:42 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RoboForm
2015-04-13 13:02 - 2013-08-22 08:36 - 00000000 ____D () C:\WINDOWS\system32\sru
2015-04-13 13:00 - 2014-12-19 20:08 - 00004974 _____ () C:\WINDOWS\System32\Tasks\Microsoft Office 15 Sync Maintenance for OFFICE-Matthew Office
2015-04-13 12:54 - 2014-07-28 09:47 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee
2015-04-13 12:52 - 2014-09-26 08:49 - 00000000 ____D () C:\Users\Matthew\AppData\Roaming\Sidekick
2015-04-13 12:52 - 2014-02-27 19:54 - 00000000 ____D () C:\Users\Matthew\AppData\Local\Deployment
2015-04-13 12:51 - 2013-08-26 22:45 - 00000000 ___RD () C:\Users\Matthew\Dropbox
2015-04-13 12:51 - 2013-08-26 22:40 - 00000000 ____D () C:\Users\Matthew\AppData\Roaming\Dropbox
2015-04-13 12:50 - 2013-08-27 08:01 - 00000000 ____D () C:\ProgramData\TEMP
2015-04-13 12:49 - 2013-11-11 14:15 - 00000000 ___DO () C:\Users\Matthew\SkyDrive
2015-04-13 12:48 - 2013-11-22 13:43 - 00000320 _____ () C:\WINDOWS\Tasks\RMAutoUpdate.job
2015-04-13 12:47 - 2013-08-22 07:45 - 00000006 ____H () C:\WINDOWS\Tasks\SA.DAT
2015-04-13 12:41 - 2013-11-11 14:17 - 00003782 _____ () C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{37CC501B-D7B7-4B23-B524-5183D7ABB6CF}
2015-04-13 12:28 - 2014-08-10 10:30 - 00000000 ____D () C:\Users\Matthew\AppData\Roaming\Everything
2015-04-12 20:47 - 2015-02-06 09:42 - 00000920 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2015-04-12 20:47 - 2013-09-03 08:59 - 00000830 _____ () C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
2015-04-12 19:43 - 2013-08-22 08:36 - 00000000 ____D () C:\WINDOWS\AppReadiness
2015-04-12 19:38 - 2013-08-26 21:47 - 00000000 ____D () C:\Users\Matthew\AppData\Local\Packages
2015-04-12 17:26 - 2012-07-26 01:12 - 00000000 ____D () C:\WINDOWS\SchCache
2015-04-12 17:23 - 2015-02-17 17:32 - 00000000 ____D () C:\Users\Matthew\AppData\Roaming\jellylam
2015-04-12 17:20 - 2015-01-12 21:13 - 00000000 ____D () C:\Program Files (x86)\iTunes
2015-04-12 17:20 - 2014-08-27 08:54 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
2015-04-12 17:19 - 2015-01-12 21:13 - 00000000 ____D () C:\Program Files\iPod
2015-04-12 17:19 - 2015-01-12 21:12 - 00000000 ____D () C:\Program Files\Common Files\Apple
2015-04-12 08:31 - 2013-08-28 07:45 - 00108032 ___SH () C:\Users\Matthew\Desktop\Thumbs.db
2015-04-11 22:28 - 2014-01-26 21:04 - 00000000 ____D () C:\Users\Matthew\AppData\Roaming\Kodi
2015-04-11 12:35 - 2013-08-26 21:47 - 00000000 ____D () C:\Users\Matthew\AppData\Roaming\Adobe
2015-04-11 12:34 - 2013-09-03 08:58 - 00000000 ____D () C:\Users\Matthew\AppData\Local\Adobe
2015-04-10 21:26 - 2014-03-08 20:11 - 00000000 ____D () C:\Users\Matthew\AppData\Roaming\TeamViewer
2015-04-10 18:58 - 2014-02-10 16:42 - 00000000 ____D () C:\Program Files (x86)\Java
2015-04-10 18:56 - 2014-02-22 14:25 - 00000000 ____D () C:\Program Files (x86)\Adobe
2015-04-10 18:55 - 2014-02-22 14:25 - 00000000 ____D () C:\ProgramData\Adobe
2015-04-10 09:58 - 2015-03-13 06:58 - 00000000 ____D () C:\Users\Matthew\Documents\AirDroid
2015-04-09 21:27 - 2014-02-06 09:15 - 00000465 _____ () C:\Users\Matthew\Desktop\Sniper Basics For The SHTF Survivalist.website
2015-04-09 21:18 - 2013-08-22 06:25 - 00262144 ___SH () C:\WINDOWS\system32\config\ELAM
2015-04-09 21:16 - 2013-08-22 06:25 - 00524288 ___SH () C:\WINDOWS\system32\config\BBI
2015-04-09 17:26 - 2013-10-02 08:26 - 00000000 ____D () C:\Users\Matthew\AppData\Local\CutePDF Writer
2015-04-09 14:34 - 2013-08-27 08:00 - 00000000 ____D () C:\Users\Matthew\AppData\Roaming\.oit
2015-04-09 01:31 - 2014-11-25 17:59 - 00003588 _____ () C:\WINDOWS\System32\Tasks\G2MUpdateTask-S-1-5-21-3331112126-1740026331-2912461648-1001
2015-04-08 09:25 - 2014-08-05 12:27 - 00000000 ____D () C:\Users\Matthew\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
2015-04-08 09:14 - 2013-08-22 08:36 - 00000000 ____D () C:\WINDOWS\AppCompat
2015-04-08 09:04 - 2014-12-03 11:13 - 00000000 ___SD () C:\WINDOWS\system32\CompatTel
2015-04-08 08:57 - 2012-07-26 00:59 - 00000000 ____D () C:\WINDOWS\CbsTemp
2015-04-08 08:11 - 2014-03-08 20:11 - 00000000 ____D () C:\Program Files (x86)\TeamViewer
2015-04-03 13:48 - 2014-04-29 07:09 - 00002205 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2015-04-02 09:30 - 2013-08-27 10:36 - 00000000 ____D () C:\Users\Matthew\Documents\Jump Velvet
2015-04-01 09:53 - 2014-06-21 11:46 - 00000836 _____ () C:\Users\Public\Desktop\CCleaner.lnk
2015-04-01 09:53 - 2014-06-21 11:46 - 00000000 ____D () C:\Program Files\CCleaner
2015-03-30 09:03 - 2014-04-07 11:03 - 00000000 __SHD () C:\Users\Matthew\Documents\cache
2015-03-30 09:03 - 2014-01-23 14:53 - 00000000 ____D () C:\Users\Matthew\AppData\Roaming\webex
2015-03-29 22:06 - 2013-08-27 11:14 - 00000000 ____D () C:\Users\Matthew\Documents\My Maps
2015-03-27 10:17 - 2013-08-30 16:29 - 00000000 ____D () C:\Users\Matthew\Documents\7118 Puetollano Dr
2015-03-27 09:32 - 2013-08-27 10:35 - 00000000 ____D () C:\Users\Matthew\Documents\Medical
2015-03-25 08:31 - 2015-01-15 10:18 - 00000000 ____D () C:\Program Files (x86)\Quicken
2015-03-20 16:05 - 2013-09-29 21:04 - 00959332 _____ () C:\WINDOWS\system32\PerfStringBackup.INI
2015-03-20 09:30 - 2013-09-03 08:59 - 00003718 _____ () C:\WINDOWS\System32\Tasks\Adobe Flash Player Updater
2015-03-20 09:29 - 2014-02-17 01:25 - 00001086 _____ () C:\Users\Public\Desktop\VLC media player.lnk
2015-03-20 01:38 - 2013-11-11 13:44 - 00000000 ____D () C:\Users\Matthew
2015-03-20 00:28 - 2014-04-30 07:36 - 00000000 ____D () C:\ProgramData\Package Cache
2015-03-19 20:15 - 2013-08-27 10:39 - 00000000 ____D () C:\Users\Matthew\Documents\Household Miscellaneous
2015-03-19 19:28 - 2013-11-11 16:42 - 00000000 ____D () C:\Users\Matthew\AppData\Local\gladinet
2015-03-17 20:19 - 2013-08-27 10:39 - 00000000 ____D () C:\Users\Matthew\Documents\_P90X
2015-03-15 20:59 - 2013-10-03 08:55 - 00000000 ___RD () C:\Users\Matthew\Podcasts
2015-03-15 20:56 - 2013-08-28 09:22 - 00000000 ____D () C:\Program Files (x86)\McAfee
2015-03-15 20:47 - 2013-08-22 08:36 - 00000000 ___RD () C:\WINDOWS\ToastData
2015-03-15 20:47 - 2013-08-22 08:36 - 00000000 ___RD () C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools
2015-03-15 20:47 - 2013-08-22 08:36 - 00000000 ___RD () C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools
2015-03-15 20:47 - 2013-08-22 08:36 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories
2015-03-15 20:47 - 2013-08-22 08:36 - 00000000 ____D () C:\WINDOWS\WinStore
2015-03-15 20:47 - 2013-08-22 08:36 - 00000000 ____D () C:\Program Files\Windows Defender
2015-03-15 20:47 - 2013-08-22 08:36 - 00000000 ____D () C:\Program Files (x86)\Windows Defender
2015-03-15 13:10 - 2013-08-22 08:36 - 00000000 __RSD () C:\WINDOWS\Media
2015-03-14 09:44 - 2014-12-19 20:07 - 00000000 ___RD () C:\Users\Matthew\OneDrive
2015-03-14 09:43 - 2014-12-19 20:02 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2013
2015-03-14 09:41 - 2014-12-19 20:01 - 00000000 ____D () C:\Program Files\Microsoft Office 15
2015-03-14 09:38 - 2013-03-26 11:09 - 00000000 ____D () C:\Users\Matthew\Downloads\Microsoft Office 2010
 
==================== Files in the root of some directories =======
 
2014-04-18 13:00 - 2014-06-21 10:38 - 0099384 _____ () C:\Users\Matthew\AppData\Roaming\inst.exe
2014-04-18 13:00 - 2014-06-21 10:38 - 0007859 _____ () C:\Users\Matthew\AppData\Roaming\pcouffin.cat
2014-04-18 13:00 - 2014-06-21 10:38 - 0001167 _____ () C:\Users\Matthew\AppData\Roaming\pcouffin.inf
2014-04-18 13:04 - 2014-06-21 10:38 - 0000033 _____ () C:\Users\Matthew\AppData\Roaming\pcouffin.log
2014-04-18 13:00 - 2014-06-21 10:38 - 0082816 _____ (VSO Software) C:\Users\Matthew\AppData\Roaming\pcouffin.sys
2014-04-15 17:49 - 2014-04-15 17:49 - 0000000 _____ () C:\Users\Matthew\AppData\Roaming\Stardockfences_debug_snapshot.dat
2014-04-06 19:29 - 2013-04-18 18:53 - 0000241 _____ () C:\Users\Matthew\AppData\Local\myFavorites.mdb
2014-07-14 21:06 - 2014-07-16 09:06 - 0000600 _____ () C:\Users\Matthew\AppData\Local\PUTTY.RND
2015-02-16 12:21 - 2015-02-16 12:21 - 0000402 _____ () C:\Users\Matthew\AppData\Local\te7dm.vbs
2014-06-26 20:46 - 2014-06-26 20:47 - 0000152 _____ () C:\Users\Matthew\AppData\Local\xobni_installer_updater.log
 
Some content of TEMP:
====================
C:\Users\Matthew\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpfqvwza.dll
C:\Users\Matthew\AppData\Local\Temp\IntResource.dll
C:\Users\Matthew\AppData\Local\Temp\Quarantine.exe
C:\Users\Matthew\AppData\Local\Temp\RoboForm-Setup.exe
C:\Users\Matthew\AppData\Local\Temp\sqlite3.dll
C:\Users\Monica\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpkyqcgm.dll
 
 
==================== Bamital & volsnap Check =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
 
 
LastRegBack: 2013-11-22 13:12
 
==================== End Of Log ============================


#12 deeprybka

deeprybka

  • Malware Response Team
  • 5,198 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:11:50 AM

Posted 13 April 2015 - 04:04 PM

Hi there,

Step 1

frst.pngfrstfix.png

Press the w8.png + R on your keyboard at the same time. Type notepad and click OK.

  • Copy the entire content of the codebox below and paste into the notepad document:
    CloseProcesses:
    GroupPolicy: Group Policy on Chrome detected 
    CHR HKLM\SOFTWARE\Policies\Google: Policy restriction
    HKU\S-1-5-21-3331112126-1740026331-2912461648-1001\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction 
    SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
    SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
    SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
    AlternateDataStreams: C:\ProgramData\TEMP:5C321E34
    AlternateDataStreams: C:\ProgramData\TEMP:A303874F
    AlternateDataStreams: C:\ProgramData\TEMP:AEC0AC81
    AlternateDataStreams: C:\ProgramData\TEMP:D1B5B4F1
    AlternateDataStreams: C:\ProgramData\TEMP:FD9CE1F3
    AlternateDataStreams: C:\Users\Matthew\Desktop\The Henry J. Kaiser Family Foundation.website:DESTICON_b22031b922f9f3421c12b066a3411734-253806620
    AlternateDataStreams: C:\Users\Matthew\Desktop\The Henry J. Kaiser Family Foundation.website:DESTICON_b22031b922f9f3421c12b066a3411734-648642675
    AlternateDataStreams: C:\Users\Matthew\Desktop\The Henry J. Kaiser Family Foundation.website:DESTICON_b22031b922f9f3421c12b066a3411734190836914
    AlternateDataStreams: C:\Users\Matthew\Desktop\The Henry J. Kaiser Family Foundation.website:DESTICON_b22031b922f9f3421c12b066a341173420995289
    AlternateDataStreams: C:\Users\Matthew\Desktop\The Henry J. Kaiser Family Foundation.website:DESTICON_b22031b922f9f3421c12b066a3411734973580938
    AlternateDataStreams: C:\Users\Matthew\Desktop\The Henry J. Kaiser Family Foundation.website:TASKICON_0b22031b922f9f3421c12b066a3411734825525334
    AlternateDataStreams: C:\Users\Matthew\Downloads\flag_burning.jpg:Q30lsldxJoudresxAaaqpcawXc
    AlternateDataStreams: C:\Users\Matthew\Downloads\flag_burning.jpg:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d}
    Task: {7EE4E43F-B36D-43D9-9A3C-8F19A0D6E057} - System32\Tasks\DriverMgr => C:\Users\Matthew\AppData\Roaming\jellylam\rinti.exe
    C:\Users\Matthew\AppData\Roaming\jellylam\
    
    
  • Click File, Save As and type fixlist.txt as the File Name.

Both files, FRST and fixlist.txt have to be in the same location or the fix will not work!

  • Right-click on FRST.gif icon and select RunAsAdmin.jpg Run as Administrator to start the tool.
    (XP users click run after receipt of Windows Security Warning - Open File).
  • Press the Fix button just once and wait.
  • If for some reason the tool needs a restart, please make sure you let the system restart normally. After that let the tool complete its run.
  • When finished FRST will generate a log on the Desktop, called Fixlog.txt.

Please post it to your reply.


Is this pop-up now gone or is it still there?


regards,
deeprybka
:busy:
Neminem laede, immo omnes, quantum potes, iuva. Arthur Schopenhauer
 
unite_blue.png
asap.png

#13 MolonLabeNV

MolonLabeNV
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Las Vegas, NV
  • Local time:02:50 AM

Posted 13 April 2015 - 04:14 PM

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 13-04-2015
Ran by Matthew at 2015-04-13 14:07:53 Run:1
Running from C:\Users\Matthew\Downloads\AV Malware
Loaded Profiles: Matthew (Available profiles: Matthew & Monica)
Boot Mode: Normal
==============================================
 
Content of fixlist:
*****************
CloseProcesses:
GroupPolicy: Group Policy on Chrome detected 
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction
HKU\S-1-5-21-3331112126-1740026331-2912461648-1001\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction 
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
AlternateDataStreams: C:\ProgramData\TEMP:5C321E34
AlternateDataStreams: C:\ProgramData\TEMP:A303874F
AlternateDataStreams: C:\ProgramData\TEMP:AEC0AC81
AlternateDataStreams: C:\ProgramData\TEMP:D1B5B4F1
AlternateDataStreams: C:\ProgramData\TEMP:FD9CE1F3
AlternateDataStreams: C:\Users\Matthew\Desktop\The Henry J. Kaiser Family Foundation.website:DESTICON_b22031b922f9f3421c12b066a3411734-253806620
AlternateDataStreams: C:\Users\Matthew\Desktop\The Henry
J. Kaiser Family Foundation.website:DESTICON_b22031b922f9f3421c12b066a3411734-648642675
AlternateDataStreams: C:\Users\Matthew\Desktop\The Henry J. Kaiser Family Foundation.website:DESTICON_b22031b922f9f3421c12b066a3411734190836914
AlternateDataStreams: C:\Users\Matthew\Desktop\The Henry J. Kaiser Family Foundation.website:DESTICON_b22031b922f9f3421c12b066a341173420995289
AlternateDataStreams: C:\Users\Matthew\Desktop\The Henry J. Kaiser Family Foundation.website:DESTICON_b22031b922f9f3421c12b066a3411734973580938
AlternateDataStreams: C:\Users\Matthew\Desktop\The Henry J. Kaiser Family Foundation.website:TASKICON_0b22031b922f9f3421c12b066a3411734825525334
AlternateDataStreams: C:\Users\Matthew\Downloads\flag_burning.jpg:Q30lsldxJoudresxAaaqpcawXc
AlternateDataStreams: C:\Users\Matthew\Downloads\flag_burning.jpg:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d}
Task: {7EE4E43F-B36D-43D9-9A3C-8F19A0D6E057} - System32\Tasks\DriverMgr =>
C:\Users\Matthew\AppData\Roaming\jellylam\rinti.exe
C:\Users\Matthew\AppData\Roaming\jellylam\
 
*****************
 
Processes closed successfully.
C:\WINDOWS\system32\GroupPolicy\Machine => Moved successfully.
C:\WINDOWS\system32\GroupPolicy\GPT.ini => Moved successfully.
C:\WINDOWS\SysWOW64\GroupPolicy\GPT.ini => Moved successfully.
"HKLM\SOFTWARE\Policies\Google" => Key deleted successfully.
"HKU\S-1-5-21-3331112126-1740026331-2912461648-1001\SOFTWARE\Policies\Microsoft\Internet Explorer" => Key deleted successfully.
HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value deleted successfully.
HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value deleted successfully.
HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value deleted successfully.
C:\ProgramData\TEMP => ":5C321E34" ADS removed successfully.
C:\ProgramData\TEMP => ":A303874F" ADS removed successfully.
C:\ProgramData\TEMP => ":AEC0AC81" ADS removed successfully.
C:\ProgramData\TEMP => ":D1B5B4F1" ADS removed successfully.
C:\ProgramData\TEMP => ":FD9CE1F3" ADS removed successfully.
C:\Users\Matthew\Desktop\The Henry J. Kaiser Family Foundation.website => ":DESTICON_b22031b922f9f3421c12b066a3411734-253806620" ADS removed successfully.
"AlternateDataStreams: C:\Users\Matthew\Desktop\The Henry" => "AlternateDataStreams: C:\Users\Matthew\Desktop\The Henry" ADS not found.
J. Kaiser Family Foundation.website:DESTICON_b22031b922f9f3421c12b066a3411734-648642675 => Error: No automatic fix found for this entry.
C:\Users\Matthew\Desktop\The Henry J. Kaiser Family Foundation.website => ":DESTICON_b22031b922f9f3421c12b066a3411734190836914" ADS removed successfully.
C:\Users\Matthew\Desktop\The Henry J. Kaiser Family Foundation.website => ":DESTICON_b22031b922f9f3421c12b066a341173420995289" ADS removed successfully.
C:\Users\Matthew\Desktop\The Henry J. Kaiser Family Foundation.website => ":DESTICON_b22031b922f9f3421c12b066a3411734973580938" ADS removed successfully.
C:\Users\Matthew\Desktop\The Henry J. Kaiser Family Foundation.website => ":TASKICON_0b22031b922f9f3421c12b066a3411734825525334" ADS removed successfully.
"C:\Users\Matthew\Downloads\flag_burning.jpg" => ":Q30lsldxJoudresxAaaqpcawXc" ADS not found.
C:\Users\Matthew\Downloads\flag_burning.jpg => ":{4c8cc155-6c1e-11d1-8e41-00c04fb9386d}" ADS removed successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{7EE4E43F-B36D-43D9-9A3C-8F19A0D6E057}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{7EE4E43F-B36D-43D9-9A3C-8F19A0D6E057}" => Key deleted successfully.
C:\Windows\System32\Tasks\DriverMgr => not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\DriverMgr => => Key not found. 
"C:\Users\Matthew\AppData\Roaming\jellylam\rinti.exe" => File/Directory not found.
C:\Users\Matthew\AppData\Roaming\jellylam => Moved successfully.
 
 
The system needed a reboot. 
 
==== End of Fixlog 14:07:57 ====


#14 MolonLabeNV

MolonLabeNV
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Las Vegas, NV
  • Local time:02:50 AM

Posted 13 April 2015 - 04:15 PM

Pop up is gone.  Thanks!



#15 deeprybka

deeprybka

  • Malware Response Team
  • 5,198 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:11:50 AM

Posted 13 April 2015 - 04:27 PM

Let's do a final checkup:

Step 1

Please downloadesetlogo.pngOnline Scanner and save it to your Desktop.
  • Disable the realtime-protection of your antivirus and anti-malware programs because they might interfere with the scan.
  • Start installer.pngwith administartor privileges.
  • Select the option Yes, I accept the Terms of Use and click on Start.
  • Choose the following settings:
settings.png
  • Click on Start. The virus signature database will begin to download. This may take some time.
  • When completed the Online Scan will begin automatically.
    Note: This scan might take a long time! Please be patient.
  • When completed, click on Finish.
  • A log filelog.pngis created at logpath.png
    Copy and paste the content of this log file in your next reply.
esetlog.png

Note: Do not forget to re-enable your antivirus application after running the above scan!
eset.gif
regards,
deeprybka
:busy:
Neminem laede, immo omnes, quantum potes, iuva. Arthur Schopenhauer
 
unite_blue.png
asap.png




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users