Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Hijack This Log


  • This topic is locked This topic is locked
15 replies to this topic

#1 benexclaimed

benexclaimed

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:10:46 AM

Posted 14 April 2015 - 10:58 PM

I've been getting a ton of pop-ups in browser (Chrome), redirected Google results, etc. I've run Malwarebytes and SuperAntiSpyware. They seem to fix the problem temporarily but it always comes back within a day or two. Windows Defender doesn't find anything at all.

 

I've found extensions called "ActiveCoupon", "DEalSpacE", and "SalePluS".

 

-------

 

Logfile of Trend Micro HijackThis v2.0.5
Scan saved at 10:58:03 PM, on 4/14/2015
Platform: Unknown Windows (WinNT 6.02.1008)
MSIE: Internet Explorer v11.0 (11.00.9600.17416)
 
FIREFOX: 37.0.1 (x86 en-US)
Boot mode: Normal
 
Running processes:
C:\Program Files (x86)\ASUS\AI Suite II\Ai Charger II\AsChargerIITray.exe
C:\Program Files (x86)\InstallShield Installation Information\{11F6707B-88F9-4D2D-A138-27B657BAE4D2}\AiChargerDT.exe
C:\Program Files (x86)\ASUS\AI Suite II\AsRoutineController.exe
C:\Program Files (x86)\Common Files\Microsoft Shared\Ink\TabTip32.exe
C:\Program Files (x86)\ASUS\AI Suite II\AI Suite II.exe
C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
C:\Program Files (x86)\ASUS\AI Suite II\Sensor\AlertHelper\AlertHelper.exe
C:\Users\Ben\AppData\Local\Akamai\netsession_win.exe
C:\Users\Ben\AppData\Local\Akamai\netsession_win.exe
C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe
C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe
C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe
F:\Program Files (x86)\AirVideoServer HD\AirVideoServerStarter.exe
F:\Program Files (x86)\Fitbit Connect\Fitbit Connect.exe
C:\Users\Ben\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe
F:\Program Files (x86)\AirVideoServer HD\AirVideoServerUI.exe
C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudDrive.exe
C:\Users\Ben\AppData\Local\Programs\Google\MusicManager\MusicManager.exe
C:\Program Files\CrashPlan\CrashPlanTray.exe
C:\Program Files (x86)\Hewlett-Packard\HP Keyboard\BATINDICATOR.exe
C:\Program Files (x86)\Hewlett-Packard\HP Keyboard\BATINDICATOR_HIDList.exe
C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
F:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Users\Ben\AppData\Roaming\Dropbox\bin\Dropbox.exe
F:\Program Files (x86)\Launchy\Launchy.exe
F:\Program Files (x86)\AirVideoServer HD\ExternalEncoder.exe
F:\Program Files (x86)\Steam\Steam.exe
F:\Program Files (x86)\Steam\bin\steamwebhelper.exe
F:\Program Files (x86)\Steam\bin\steamwebhelper.exe
C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreamsDownloader.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\WINDOWS\SysWOW64\cmd.exe
F:\Program Files (x86)\LastPass\nplastpass.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
F:\Users\Ben\Downloads\HijackThis.exe
 
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/p/?LinkId=255141
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/p/?LinkId=255141
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = 
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = 
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local;<local>
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = 
F2 - REG:system.ini: UserInit=userinit.exe,
O4 - HKLM\..\Run: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
O4 - HKLM\..\Run: [BATINDICATOR] C:\Program Files (x86)\Hewlett-Packard\HP Keyboard\BATINDICATOR.exe
O4 - HKLM\..\Run: [BATINDICATORHL] C:\Program Files (x86)\Hewlett-Packard\HP Keyboard\BATINDICATOR_HIDList.exe
O4 - HKLM\..\Run: [IAStorIcon] C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
O4 - HKLM\..\Run: [VirtualCloneDrive] "F:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe" /s
O4 - HKLM\..\Run: [Fitbit Connect] "F:\Program Files (x86)\Fitbit Connect\Fitbit Connect.exe" /autorun
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
O4 - HKCU\..\Run: [Akamai NetSession Interface] "C:\Users\Ben\AppData\Local\Akamai\netsession_win.exe"
O4 - HKCU\..\Run: [ApplePhotoStreams] C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe
O4 - HKCU\..\Run: [Steam] "F:\Program Files (x86)\Steam\steam.exe" -silent
O4 - HKCU\..\Run: [Uploadinator] "F:\Program Files (x86)\FluffyApp\FluffyApp.exe"
O4 - HKCU\..\Run: [iCloudServices] C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe
O4 - HKCU\..\Run: [AirVideoServerHD] F:\Program Files (x86)\AirVideoServer HD\AirVideoServerStarter.exe
O4 - HKCU\..\Run: [Fitbit Connect] "F:\Program Files (x86)\Fitbit Connect\Fitbit Connect.exe" /autorun
O4 - HKCU\..\Run: [Spotify Web Helper] "C:\Users\Ben\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe"
O4 - HKCU\..\Run: [iCloudDrive] C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudDrive.exe
O4 - HKCU\..\Run: [Google Update] "C:\Users\Ben\AppData\Local\Google\Update\GoogleUpdate.exe" /c
O4 - HKCU\..\Run: [MusicManager] "C:\Users\Ben\AppData\Local\Programs\Google\MusicManager\MusicManager.exe"
O4 - HKCU\..\Run: [Spotify] "C:\Users\Ben\AppData\Roaming\Spotify\Spotify.exe" /uri spotify:autostart
O4 - HKCU\..\RunOnce: [Application Restart #3] F:\Program Files (x86)\Google\Chrome\Application\chrome.exe  --flag-switches-begin --enable-panels --touch-events=disabled --flag-switches-end --restore-last-session http://store.steampowered.com/news/externalpost/steam_community_announcements/524998195248589412
O4 - HKCU\..\RunOnce: [Application Restart #4] C:\Users\Ben\AppData\Local\Pokki\Engine\pokki.exe  --disable-internal-flash --noerrdialogs --no-message-box --disable-extensions --disable-web-security --disable-web-resources --disable-client-side-phishing-detection --enable-file-cookies --disable-sync --disable-breakpad --disable-bundled-ppapi-flash --disable-sync-tabs --disable-speech-input --disable-custom-jumplist --process-per-tab --debug-devtools-frontend="C:\Users\Ben\AppData\Local\Pokki\Engine\inspector" --no-first-run --lang=en-US --disable-component-update --disable-prompt-on-repost --no-startup-window --disable-translate --disable-logging --disable-desktop-notifications --disable-gpu-process-prelaunch --enable-touch-events --flag-switches-begin --flag-switches-end --restore-last-session
O4 - Startup: BB_FuturePress_GameStop_MiniGuide.pdf.lnk = C:\ProgramData\{ed5b755c-bea7-212f-ed5b-b755cbead572}\BB_FuturePress_GameStop_MiniGuide.pdf.exe
O4 - Startup: Dropbox.lnk = Ben\AppData\Roaming\Dropbox\bin\Dropbox.exe
O4 - Startup: Launchy.lnk = F:\Program Files (x86)\Launchy\Launchy.exe
O4 - Startup: Send to OneNote.lnk = C:\Program Files\Microsoft Office 15\root\office15\ONENOTEM.EXE
O4 - Startup: ToggleHiddenFiles.exe - Shortcut.lnk = Toggle HF\ToggleHiddenFiles.exe
O4 - Global Startup: CrashPlan Tray.lnk = C:\Program Files\CrashPlan\CrashPlanTray.exe
O4 - Global Startup: Install LastPass FF RunOnce.lnk = C:\Program Files (x86)\Common Files\lpuninstall.exe
O4 - Global Startup: Universal Media Server.lnk = F:\Program Files (x86)\Universal Media Server\UMS.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://E:\PROGRA~3\MICROS~1\Office15\EXCEL.EXE/3000
O8 - Extra context menu item: Se&nd to OneNote - res://E:\PROGRA~3\MICROS~1\Office15\ONBttnIE.dll/105
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX86\Microsoft Office\Office15\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX86\Microsoft Office\Office15\ONBttnIE.dll
O9 - Extra button: Lync Click to Call - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX86\Microsoft Office\Office15\OCHelper.dll
O9 - Extra 'Tools' menuitem: Lync Click to Call - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX86\Microsoft Office\Office15\OCHelper.dll
O9 - Extra button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX86\Microsoft Office\Office15\ONBttnIELinkedNotes.dll
O9 - Extra 'Tools' menuitem: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX86\Microsoft Office\Office15\ONBttnIELinkedNotes.dll
O9 - Extra button: PlayOn - {936CEA21-9A68-46D9-A31B-1173A976D896} - C:\Program Files (x86)\MediaMall\toolbar\pobho.dll
O9 - Extra 'Tools' menuitem: PlayOn - {936CEA21-9A68-46D9-A31B-1173A976D896} - C:\Program Files (x86)\MediaMall\toolbar\pobho.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O15 - Trusted Zone: *.clonewarsadventures.com
O15 - Trusted Zone: *.freerealms.com
O15 - Trusted Zone: *.soe.com
O15 - Trusted Zone: *.sony.com
O18 - Protocol: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX86\Microsoft Office\Office15\MSOSB.DLL
O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
O21 - SSODL: EldosMountNotificator - {5FF49FE8-B332-4CB9-B102-FB6951629E55} - C:\Windows\SysWOW64\CbFsMntNtf3.dll
O22 - SharedTaskScheduler: Virtual Storage Mount Notification - {5FF49FE8-B332-4CB9-B102-FB6951629E55} - C:\Windows\SysWOW64\CbFsMntNtf3.dll
O23 - Service: SAS Core Service (!SASCORE) - SUPERAntiSpyware.com - F:\Program Files\SUPERAntiSpyware\SASCORE64.EXE
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\WINDOWS\System32\alg.exe (file missing)
O23 - Service: Apple Mobile Device Service - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: ASUS Com Service (asComSvc) - Unknown owner - C:\Program Files (x86)\ASUS\AXSP\1.00.19\atkexComSvc.exe
O23 - Service: ASUS HM Com Service (asHmComSvc) - ASUSTeK Computer Inc. - C:\Program Files (x86)\ASUS\AAHM\1.00.20\aaHMSvc.exe
O23 - Service: ASUS System Control Service (AsSysCtrlService) - ASUSTeK Computer Inc. - C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.13\AsSysCtrlService.exe
O23 - Service: AsusFanControlService - ASUSTeK Computer Inc. - C:\Program Files (x86)\ASUS\AsusFanControlService\1.01.04\AsusFanControlService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Chrome Remote Desktop Service (chromoting) - Google Inc. - C:\Program Files (x86)\Google\Chrome Remote Desktop\42.0.2311.39\remoting_host.exe
O23 - Service: CrashPlan Backup Service (CrashPlanService) - Code 42 Software - C:\Program Files\CrashPlan\CrashPlanService.exe
O23 - Service: Dragon Age: Origins - Content Updater (DAUpdaterSvc) - Unknown owner - E:\Program Files (x86)\Origin Games\Dragon Age Origins Ultimate Edition\\bin_ship\DAUpdaterSvc.Service.exe (file missing)
O23 - Service: Desura Install Service - Desura Net Pty Ltd - C:\Program Files (x86)\Common Files\Desura\desura_service.exe
O23 - Service: DokanMounter - Unknown owner - C:\Program Files (x86)\Dokan\DokanLibrary\mounter.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\WINDOWS\System32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\WINDOWS\system32\fxssvc.exe (file missing)
O23 - Service: Fitbit Connect Service (Fitbit Connect) - Fitbit, Inc. - F:\Program Files (x86)\Fitbit Connect\FitbitConnectService.exe
O23 - Service: Futuremark SystemInfo Service - Futuremark - C:\Program Files (x86)\Futuremark\SystemInfo\FMSISvc.exe
O23 - Service: GalaxyService - GOG.com - C:\Program Files (x86)\GalaxyClient\GalaxyService.exe
O23 - Service: NVIDIA GeForce Experience Service (GfExperienceService) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Intel® Rapid Storage Technology (IAStorDataMgrSvc) - Intel Corporation - C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
O23 - Service: @%SystemRoot%\system32\ieetwcollectorres.dll,-1000 (IEEtwCollectorService) - Unknown owner - C:\WINDOWS\system32\IEEtwCollector.exe (file missing)
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing)
O23 - Service: MBAMService - Malwarebytes Corporation - F:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
O23 - Service: MediaMall Server - MediaMall Technologies, Inc. - C:\Program Files (x86)\MediaMall\MediaMallServer.exe
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\WINDOWS\System32\msdtc.exe (file missing)
O23 - Service: @mqutil.dll,-6102 (MSMQ) - Unknown owner - C:\WINDOWS\system32\mqsvc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing)
O23 - Service: NVIDIA Network Service (NvNetworkService) - NVIDIA Corporation - C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
O23 - Service: NVIDIA Streamer Service (NvStreamSvc) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - Unknown owner - C:\WINDOWS\system32\nvvsvc.exe (file missing)
O23 - Service: Origin Client Service - Electronic Arts - F:\Program Files (x86)\Origin\OriginClientService.exe
O23 - Service: PandoraService (PanService) - Pandora.TV - C:\Program Files (x86)\PANDORA.TV\PanService\PandoraService.exe
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\WINDOWS\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\WINDOWS\System32\snmptrap.exe (file missing)
O23 - Service: Splashtop® Remote Service (SplashtopRemoteService) - Splashtop Inc. - C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\SRService.exe
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\WINDOWS\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\WINDOWS\system32\sppsvc.exe (file missing)
O23 - Service: Splashtop Software Updater Service (SSUService) - Splashtop Inc. - C:\Program Files (x86)\Splashtop\Splashtop Software Updater\SSUService.exe
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files (x86)\Common Files\Steam\SteamService.exe
O23 - Service: NVIDIA Stereoscopic 3D Driver Service (Stereo Service) - NVIDIA Corporation - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
O23 - Service: TightVNC Server (tvnserver) - GlavSoft LLC. - F:\Program Files\TightVNC\tvnserver.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\WINDOWS\system32\UI0Detect.exe (file missing)
O23 - Service: Update service - Company - C:\Program Files (x86)\Popcorn Time\Updater.exe
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\WINDOWS\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\WINDOWS\system32\vssvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\WINDOWS\system32\wbengine.exe (file missing)
O23 - Service: @%ProgramFiles%\Windows Defender\MpAsDesc.dll,-320 (WdNisSvc) - Unknown owner - C:\Program Files (x86)\Windows Defender\NisSrv.exe (file missing)
O23 - Service: @%ProgramFiles%\Windows Defender\MpAsDesc.dll,-310 (WinDefend) - Unknown owner - C:\Program Files (x86)\Windows Defender\MsMpEng.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\WINDOWS\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)
 
--
End of file - 19305 bytes
 


BC AdBot (Login to Remove)

 


#2 nasdaq

nasdaq

  • Malware Response Team
  • 39,567 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:11:46 AM

Posted 19 April 2015 - 07:43 AM

Hello, Welcome to BleepingComputer.
I'm nasdaq and will be helping you.

If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps in the order listed.
===

Please download AdwCleaner by Xplode onto your Desktop.
  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click the Scan button and wait for the process to complete.
  • Click the Report button and the report will open in Notepad.
IMPORTANT
  • If you click the Clean button all items listed in the report will be removed.
If you find some false positive items or programs that you wish to keep, Close the AdwCleaner windows.
  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click the Scan button and wait for the process to complete.
  • Check off the element(s) you wish to keep.
  • Click on the Clean button follow the prompts.
  • A log file will automatically open after the scan has finished.
  • Please post the content of that log file with your next answer.
  • You can find the log file at C:\AdwCleaner[Sn].txt (n is a number).
===

Download the version of this tool for your operating system.
Farbar Recovery Scan Tool (64 bit)
Farbar Recovery Scan Tool (32 bit)
and save it to a folder on your computer's Desktop.
Double-click to run it. When the tool opens click Yes to disclaimer.
Press Scan button.
It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
The first time the tool is run, it makes also another log (Addition.txt). Please attach it to your reply.
===

How is the computer running?
Wait for further instructions.

p.s.
HijackThis is not compatible with Windows 7 and above.
I suggest your remove it using the Add/Remove Programs.

From now on when reporting problems use the Farbar tool.

#3 benexclaimed

benexclaimed
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:10:46 AM

Posted 19 April 2015 - 12:12 PM

Thanks!

 

AdwCleaner log:

 

# AdwCleaner v4.201 - Logfile created 19/04/2015 at 12:06:32
# Updated 08/04/2015 by Xplode
# Database : 2015-04-19.3 [Server]
# Operating system : Windows 8.1 Pro  (x64)
# Username : Ben - BEN-PC
# Running from : F:\Users\Ben\Downloads\adwcleaner_4.201.exe
# Option : Cleaning
 
***** [ Services ] *****
 
[#] Service Deleted : PanService
[#] Service Deleted : 423248f1
 
***** [ Files / Folders ] *****
 
Folder Deleted : C:\ProgramData\blekko toolbars
Folder Deleted : C:\ProgramData\86b9a3d000001140
Folder Deleted : C:\Program Files (x86)\PANDORA.TV
Folder Deleted : C:\Users\Ben\AppData\Local\FreeFixer
Folder Deleted : C:\Users\Ben\AppData\Local\PackageAware
Folder Deleted : C:\Users\Ben\AppData\Roaming\FreeFixer
Folder Deleted : C:\Users\Ben\AppData\Roaming\goforfiles
Folder Deleted : C:\Users\Ben\AppData\Roaming\download Manager
Folder Deleted : C:\Users\hmaur_000.BEN-PC\AppData\Local\pokki
Folder Deleted : C:\Users\Ben\AppData\Local\Google\Chrome\User Data\Default\Extensions\pbjikboenpfhbbejgkoklgkhjpfogcam
Folder Deleted : C:\Users\Ben\AppData\Local\Google\Chrome\User Data\Default\Extensions\mphdppdgoagghpmmhodmfajjlloijnbd
Folder Deleted : C:\Users\Ben\AppData\Local\Google\Chrome\User Data\Default\Extensions\ahdfdhcljjiogoabcemgldinhgoemmjc
File Deleted : C:\Users\Ben\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\pbjikboenpfhbbejgkoklgkhjpfogcam
File Deleted : C:\Users\Ben\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_mphdppdgoagghpmmhodmfajjlloijnbd_0.localstorage
File Deleted : C:\Users\Ben\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_mphdppdgoagghpmmhodmfajjlloijnbd_0.localstorage-journal
[x] Not Deleted : C:\Users\Ben\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_asus-ai-charger.en.softonic.com_0.localstorage
File Deleted : C:\Users\Ben\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_deltawareinc.blogspot.com_0.localstorage
File Deleted : C:\Users\Ben\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_deltawareinc.blogspot.com_0.localstorage-journal
File Deleted : C:\Users\Ben\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_plarium.com_0.localstorage
File Deleted : C:\Users\Ben\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_plarium.com_0.localstorage-journal
File Deleted : C:\Users\Ben\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_st.chatango.com_0.localstorage
File Deleted : C:\Users\Ben\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_st.chatango.com_0.localstorage-journal
File Deleted : C:\Users\Ben\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.ask.com_0.localstorage
File Deleted : C:\Users\Ben\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.ask.com_0.localstorage-journal
File Deleted : C:\Users\hmaur_000.BEN-PC\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.ask.com_0.localstorage-journal
 
***** [ Scheduled tasks ] *****
 
Task Deleted : GoforFilesUpdate
Task Deleted : update-sys
Task Deleted : update-S-1-5-21-2166418066-2980520373-1048856590-1000
 
***** [ Shortcuts ] *****
 
 
***** [ Registry ] *****
 
Key Deleted : HKCU\Software\Classes\pokki
Key Deleted : HKLM\SOFTWARE\d3d0343f-196f-d815-fd50-53a2665f5062
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{12DA0E6F-5543-440C-BAA2-28BF01070AFA}{423248f1}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{12DA0E6F-5543-440C-BAA2-28BF01070AFA}{4b190172}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{1AA60054-57D9-4F99-9A55-D0FBFBE7ECD3}
Key Deleted : HKCU\Software\APN PIP
Key Deleted : HKCU\Software\Conduit
Key Deleted : HKCU\Software\GoforFiles
Key Deleted : HKCU\Software\Softonic
Key Deleted : HKCU\Software\AppDataLow\{12DA0E6F-5543-440C-BAA2-28BF01070AFA}
Key Deleted : HKLM\SOFTWARE\{3A7D3E19-1B79-4E4E-BD96-5467DA2C4EF0}
Key Deleted : HKLM\SOFTWARE\Conduit
Key Deleted : HKLM\SOFTWARE\GoforFiles
Key Deleted : HKLM\SOFTWARE\Trymedia Systems
Key Deleted : HKLM\SOFTWARE\{12DA0E6F-5543-440C-BAA2-28BF01070AFA}
Key Deleted : HKLM\SOFTWARE\{12A61307-94CD-4F8E-94BC-918E511FAA81}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{37476589-E48E-439E-A706-56189E2ED4C4}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{E957849A-94AC-6F46-4623-C31474E3C170}
Data Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings [ProxyOverride] - *.local;<local>
 
***** [ Web browsers ] *****
 
-\\ Internet Explorer v11.0.9600.17416
 
 
-\\ Mozilla Firefox v37.0.1 (x86 en-US)
 
 
-\\ Google Chrome v42.0.2311.90
 
[C:\Users\Ben\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://www.portlandonline.com/index.cfm?search_action=SearchResults&mode=search&search_words={searchTerms}&filter_category_tree_id=25777
[C:\Users\Ben\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://www.timewellspentgames.com/html/searchresults.php?gcat_type=0&key_words={searchTerms}
[C:\Users\Ben\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://www.netflix.com/WiSearch?raw_query=&ac_category_type=none&ac_rel_posn=-1&ac_abs_posn=-1&v1={searchTerms}&search_submit=
[C:\Users\Ben\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://en.softonic.com/s/{searchTerms}
[C:\Users\Ben\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://www.ask.com/web?q={searchTerms}
[C:\Users\Ben\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://search.aol.com/aol/search?q={searchTerms}
[C:\Users\Ben\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences] - Deleted [Extension] : ejocekekgcaldnmjngfdbmbeebcekelc
[C:\Users\Ben\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences] - Deleted [Extension] : lbfehkoinhhcknnbdgnnmjhiladcgbol
[C:\Users\Ben\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences] - Deleted [Extension] : pbjikboenpfhbbejgkoklgkhjpfogcam
[C:\Users\Ben\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences] - Deleted [Extension] : jliolpcnkmolaaecncdfeofombdekjcp
[C:\Users\Ben\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences] - Deleted [Extension] : mphdppdgoagghpmmhodmfajjlloijnbd
[C:\Users\Ben\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences] - Deleted [Extension] : ahdfdhcljjiogoabcemgldinhgoemmjc
[C:\Users\hmaur_000.BEN-PC\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://search.aol.com/aol/search?q={searchTerms}
[C:\Users\hmaur_000.BEN-PC\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://www.ask.com/web?q={searchTerms}
 
-\\ Chromium v
 
 
*************************
 
AdwCleaner[R0].txt - [7248 bytes] - [19/04/2015 12:02:23]
AdwCleaner[S0].txt - [7117 bytes] - [19/04/2015 12:06:32]
 
########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [7176  bytes] ##########
-------------------------
 
Addition Log:
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 19-04-2015 01
Ran by Ben at 2015-04-19 12:11:07
Running from F:\Users\Ben\Downloads
Boot Mode: Normal
==========================================================
 
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 
==================== Installed Programs ======================
 
(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
µTorrent (HKU\S-1-5-21-2166418066-2980520373-1048856590-1000\...\uTorrent) (Version: 3.4.2.31515 - BitTorrent Inc.)
3DMark (HKLM-x32\...\Steam App 223850) (Version:  - Futuremark)
7-Zip 9.20 (x64 edition) (HKLM\...\{23170F69-40C1-2702-0920-000001000000}) (Version: 9.20.00.0 - Igor Pavlov)
A Golden Wake (HKLM-x32\...\Steam App 307570) (Version:  - Grundislav Games)
A Valley Without Wind 2 (HKLM-x32\...\Steam App 228320) (Version:  - )
A Wizard's Lizard (HKLM-x32\...\Steam App 280040) (Version:  - Lost Decade Games)
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 17.0.0.124 - Adobe Systems Incorporated)
Adobe Flash Player 17 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 17.0.0.169 - Adobe Systems Incorporated)
AI Suite II (HKLM-x32\...\{34D3688E-A737-44C5-9E2A-FF73618728E1}) (Version: 2.01.01 - ASUSTeK Computer Inc.)
Air Video Server HD 2.0.2 (HKLM-x32\...\Air Video Server HD) (Version: 2.0.2 - InMethod, s.r.o.)
Akamai NetSession Interface (HKU\S-1-5-21-2166418066-2980520373-1048856590-1000\...\Akamai) (Version:  - Akamai Technologies, Inc)
Anodyne (HKLM-x32\...\Steam App 234900) (Version:  - )
Apple Application Support (32-bit) (HKLM-x32\...\{447CDCE5-F555-429B-BFA6-642C3C6D684F}) (Version: 3.1.2 - Apple Inc.)
Apple Application Support (64-bit) (HKLM\...\{0DF7096B-715A-4233-8633-C7A16ED6D616}) (Version: 3.1.2 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{C4123106-B685-48E6-B9BD-E4F911841EB4}) (Version: 8.1.1.3 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{C6579A65-9CAE-4B31-8B6B-3306E0630A66}) (Version: 2.1.3.127 - Apple Inc.)
applicationupdater (HKU\S-1-5-21-2166418066-2980520373-1048856590-1000\...\SOE-C:/Users/Ben/AppData/Local/Sony Online Entertainment/ApplicationUpdater) (Version:  - Sony Online Entertainment)
Ascendant (HKLM-x32\...\Steam App 296930) (Version:  - Hapa Games)
Asmedia ASM104x USB 3.0 Host Controller Driver (HKLM-x32\...\{E4FB0B39-C991-4EE7-95DD-1A1A7857D33D}) (Version: 1.16.2.0 - Asmedia Technology)
AviSynth (HKLM-x32\...\AviSynth) (Version: 2.6.0 MT - )
Battle.net (HKLM-x32\...\Battle.net) (Version:  - Blizzard Entertainment)
Battlelog Web Plugins (HKLM-x32\...\Battlelog Web Plugins) (Version: 2.1.7 - EA Digital Illusions CE AB)
Ben There, Dan That! (HKLM-x32\...\Steam App 37420) (Version:  - Zombie Cow Studios)
Besiege (HKLM-x32\...\Steam App 346010) (Version:  - Spiderling Studios)
Bionic Dues (HKLM-x32\...\Steam App 238910) (Version:  - Arcen Games, LLC)
BioShock Infinite (HKLM-x32\...\Steam App 8870) (Version:  - Irrational Games)
BIT.TRIP BEAT (HKLM-x32\...\Steam App 63700) (Version:  - Gaijin Games)
BIT.TRIP Presents... Runner2: Future Legend of Rhythm Alien (HKLM-x32\...\Steam App 218060) (Version:  - )
BIT.TRIP RUNNER (HKLM-x32\...\Steam App 63710) (Version:  - Gaijin Games)
Black Shell Games - SanctuaryRPG -  (HKLM-x32\...\Black Shell Games SanctuaryRPG) (Version: "1.1.0.1.1.0.1.1.0" - "Black Shell Games")
Blackwell Bundle (HKLM-x32\...\GOGPACKBLACKWELLBUNDLE_is1) (Version: 2.0.0.9 - GOG.com)
Blackwell Deception (HKLM-x32\...\Steam App 80360) (Version:  - )
Blackwell Epiphany (HKLM-x32\...\Steam App 236930) (Version:  - Wadjet Eye Games)
Blocks That Matter (HKLM-x32\...\Steam App 111800) (Version:  - )
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
calibre (HKLM-x32\...\{7C1B7566-C44C-4436-B08D-636337C7C665}) (Version: 2.19.0 - Kovid Goyal)
Call of Juarez Gunslinger (HKLM-x32\...\Steam App 204450) (Version:  - Techland)
Capsule (HKLM-x32\...\Capsule) (Version: 1.0.000 - Green Man Gaming Limited)
Cart Life (HKLM-x32\...\Steam App 233390) (Version:  - )
Castle Crashers (HKLM-x32\...\Steam App 204360) (Version:  - The Behemoth)
Catacomb Kids (HKLM-x32\...\Steam App 315840) (Version:  - FourbitFriday)
Cave Story+ (HKLM-x32\...\Steam App 200900) (Version:  - )
CCleaner (HKLM\...\CCleaner) (Version: 5.04 - Piriform)
Child of Light (HKLM-x32\...\Steam App 256290) (Version:  - Ubisoft Montréal)
Chivalry: Medieval Warfare (HKLM-x32\...\Steam App 219640) (Version:  - )
Chrome Remote Desktop Host (HKLM-x32\...\{A1A724F3-F1A6-479C-AE98-208946717E2B}) (Version: 42.0.2311.39 - Google Inc.)
Classic Shell (HKLM\...\{840C85B7-D3D6-4143-9AF9-DAE80FD54CFC}) (Version: 4.1.0 - IvoSoft)
Claustrophobia: The Downward Struggle (HKLM-x32\...\Steam App 269590) (Version:  - The Indie Forge)
Contraption Maker (HKLM-x32\...\Steam App 241240) (Version:  - )
Cortex Command (HKLM-x32\...\Steam App 209670) (Version:  - )
CrashPlan (HKLM\...\{056FE336-5B2D-44A8-B013-EBF0343B0DC5}) (Version: 3.6.3 - Code 42 Software)
Crusader Kings II (HKLM-x32\...\Steam App 203770) (Version:  - Paradox Development Studio)
Crypt of the NecroDancer (HKLM-x32\...\Steam App 247080) (Version:  - Brace Yourself Games)
Crysis®3 (HKLM-x32\...\{4198AE83-A3C6-4C41-85C8-EC63E990696E}) (Version: 1.0.0.0 - Electronic Arts)
CutePDF Writer 3.0 (HKLM\...\CutePDF Writer Installation) (Version:  3.0 - Acro Software Inc.)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
Dark Souls: Prepare to Die Edition (HKLM-x32\...\Steam App 211420) (Version:  - FromSoftware)
Darksiders II (HKLM-x32\...\Steam App 50650) (Version:  - Vigil Games)
Deadlight (HKLM-x32\...\Steam App 211400) (Version:  - Tequila Works, S.L.)
Dear Esther (HKLM-x32\...\Steam App 203810) (Version:  - )
Delver (HKLM-x32\...\Steam App 249630) (Version:  - Chad Alan Cuddigan)
Delver's Drop PAX East++ version 0.7.5 (HKLM-x32\...\{1A4C387F-EF49-4CD7-A163-7ACDA8267246}_is1) (Version: 0.7.5 - Pixelscopic LLC)
Desktop Dungeons (HKLM-x32\...\Steam App 226620) (Version:  - QCF Design)
Desura (HKLM-x32\...\Desura) (Version: 100.59 - Desura)
Deus Ex: Human Revolution - Director's Cut (HKLM-x32\...\Steam App 238010) (Version:  - Eidos Montreal)
Dishonored (HKLM-x32\...\Steam App 205100) (Version: 1.0 - Bethesda Softworks)
Divinity: Original Sin (HKLM-x32\...\Steam App 230230) (Version:  - Larian Studios)
DMG Extractor (HKU\S-1-5-21-2166418066-2980520373-1048856590-1000\...\DMG Extractor) (Version: 1.2.1.0 - Reincubate Ltd)
Dokan Library 0.5.3 (HKLM-x32\...\DokanLibrary) (Version:  - )
Don't Starve (HKLM-x32\...\Steam App 219740) (Version:  - )
Dropbox (HKU\S-1-5-21-2166418066-2980520373-1048856590-1000\...\Dropbox) (Version: 3.4.3 - Dropbox, Inc.)
Dungeon of the Endless (HKLM-x32\...\Steam App 249050) (Version:  - AMPLITUDE Studios)
Dungeonmans (HKLM-x32\...\Steam App 288120) (Version:  - Adventurepro Games LLC)
Dustforce (HKLM-x32\...\Steam App 65300) (Version:  - )
EA Shared Game Component: Activation (HKLM-x32\...\com.ea.Activation.919CACB699904AC5D41B606703500DD39747C02D.1) (Version: 2.2.0.62 - Electronic Arts)
EA Shared Game Component: Activation (x32 Version: 2.2.0 - Electronic Arts) Hidden
Eldritch (HKLM-x32\...\Steam App 252630) (Version:  - Minor Key Games)
ESN Sonar (HKLM-x32\...\ESN Sonar-0.70.4) (Version: 0.70.4 - ESN Social Software AB)
Eversion  (HKLM-x32\...\Steam App 33680) (Version:  - )
Famaze (HKLM-x32\...\Steam App 297210) (Version:  - Oryx Design Lab)
Fancy Skulls (HKLM-x32\...\Steam App 307090) (Version:  - tequibo)
Far Cry® 3 Blood Dragon (HKLM-x32\...\Steam App 233270) (Version:  - )
FileHippo.com Update Checker (HKLM-x32\...\FileHippo.com) (Version:  - )
FileZilla Client 3.10.3 (HKLM-x32\...\FileZilla Client) (Version: 3.10.3 - Tim Kosse)
Fitbit Connect (HKLM-x32\...\{D3CD091B-296B-48E9-9F0F-E9FE53E02E41}) (Version: 1.0.3.5511 - Fitbit Inc.)
FluffyApp (HKU\S-1-5-21-2166418066-2980520373-1048856590-1000\...\Uploadinator) (Version: 3.0.4 - Richard Z.H. Wang)
FTL: Faster Than Light (HKLM-x32\...\Steam App 212680) (Version:  - )
Full Mojo Rampage (HKLM-x32\...\Steam App 225280) (Version:  - Over the Top Games)
Futuremark SystemInfo (HKLM-x32\...\{2FE4C157-30AD-47F3-9D93-D9A2AFF25D3F}) (Version: 4.33.485.0 - Futuremark)
Gabriel Knight - Sins of the Fathers Demo (HKLM-x32\...\Steam App 318170) (Version:  - Phoenix Online Studios)
Galaxy Client (HKLM-x32\...\{D6D1DA54-531F-4FA0-B683-CE66ACE3543F}_is1) (Version: 0.1.0.398 - GOG.com)
GameFly Download Manager (HKU\S-1-5-21-2166418066-2980520373-1048856590-1000\...\7998bdbe8c95db7f) (Version: 1.0.0.98 - GameFly)
gamelauncher-ps2-live (HKU\S-1-5-21-2166418066-2980520373-1048856590-1000\...\SOE-E:/Users/Public/Sony Online Entertainment/Installed Games/PlanetSide 2) (Version:  - Sony Online Entertainment)
GameStop App (HKLM-x32\...\GameStop App) (Version: 4.00 - GameStop)
GameStop App (x32 Version: 4.00 - GameStop) Hidden
Gateways (HKLM-x32\...\Steam App 216290) (Version:  - )
Gemini Rue (HKLM-x32\...\Steam App 80310) (Version:  - )
Giana Sisters: Twisted Dreams (HKLM-x32\...\Steam App 223220) (Version:  - )
Goat Simulator (HKLM-x32\...\Steam App 265930) (Version:  - Coffee Stain Studios)
GOG.com Downloader version 3.6.0 (HKLM-x32\...\{456A5815-604D-4D72-94DF-346D2B978A59}_is1) (Version: 3.6.0 - GOG.com)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 42.0.2311.90 - Google Inc.)
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.26.9 - Google Inc.) Hidden
Guacamelee! Gold Edition (HKLM-x32\...\Steam App 214770) (Version:  - DrinkBox Studios)
Gunpoint (HKLM-x32\...\Steam App 206190) (Version:  - )
Hack 'n' Slash (HKLM-x32\...\Steam App 246070) (Version:  - Double Fine Productions)
Hack, Slash, Loot (HKLM-x32\...\Steam App 207430) (Version:  - )
Hammerwatch (HKLM-x32\...\Steam App 239070) (Version:  - )
Hand Of Fate (HKLM-x32\...\Steam App 266510) (Version:  - Defiant Development)
Hearthstone (HKLM-x32\...\Hearthstone) (Version:  - Blizzard Entertainment)
Heavy Bullets (HKLM-x32\...\Steam App 297120) (Version:  - Terri Vellmann)
Hero Siege (HKLM-x32\...\Steam App 269210) (Version:  - Elias Viglione)
Heroine's Quest: The Herald of Ragnarok (HKLM-x32\...\Steam App 283880) (Version:  - Crystal Shard)
Hotline Miami (HKLM-x32\...\Steam App 219150) (Version:  - )
Hotline Miami 2: Wrong Number (HKLM-x32\...\Steam App 274170) (Version:  - Dennaton Games)
HP Keyboard (HKLM-x32\...\{B40D7926-AE5F-41EA-8AC6-56C0E2F00E9D}) (Version: 1.5.0.6 - Hewlett-Packard)
iCloud (HKLM\...\{309768A4-A2BB-4930-A5A2-8169678C9B4C}) (Version: 4.0.6.28 - Apple Inc.)
iExplorer 3.6.3.0 (HKLM-x32\...\{7FD8B0C1-CDDA-4B4D-A577-B2E3570EA3A3}_is1) (Version:  - Macroplant LLC)
Incredipede (HKLM-x32\...\Steam App 230150) (Version:  - Colin Northway with art by Thomas Shahan)
Infinite Space III: Sea of Stars (HKLM-x32\...\Steam App 269990) (Version:  - Digital Eel)
Intel® Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 7.0.0.1144 - Intel Corporation)
Intel® Rapid Storage Technology (HKLM-x32\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 10.1.0.1008 - Intel Corporation)
Intel® Watchdog Timer Driver (Intel® WDT) (HKLM-x32\...\{3FD0C489-0F02-481a-A3E1-9754CD396761}) (Version:  - Intel Corporation)
Intrusion 2 (HKLM-x32\...\Steam App 214970) (Version:  - )
Ironclad Tactics (HKLM-x32\...\Steam App 226960) (Version:  - Zachtronics)
Ittle Dew (HKLM-x32\...\Steam App 241320) (Version:  - Ludosity)
iTunes (HKLM\...\{D227565A-0033-40AD-89BA-653A205CDC11}) (Version: 12.1.1.4 - Apple Inc.)
Jamestown (HKLM-x32\...\Steam App 94200) (Version:  - )
Java 8 Update 31 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86418031F0}) (Version: 8.0.310 - Oracle Corporation)
Java 8 Update 31 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218031F0}) (Version: 8.0.310 - Oracle Corporation)
Java 8 Update 40 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86418040F0}) (Version: 8.0.400 - Oracle Corporation)
Java 8 Update 40 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218040F0}) (Version: 8.0.400 - Oracle Corporation)
Jazzpunk (HKLM-x32\...\Steam App 250260) (Version:  - Necrophone Games)
JunctionMaster (HKLM-x32\...\JunctionMaster) (Version:  - )
KeeperRL (HKLM-x32\...\Steam App 329970) (Version:  - Michal Brzozowski)
Kentucky Route Zero (HKLM-x32\...\Steam App 231200) (Version:  - )
K-Lite Codec Pack 10.6.5 Basic (HKLM-x32\...\KLiteCodecPack_is1) (Version: 10.6.5 - )
Knock-knock (HKLM-x32\...\Steam App 250380) (Version:  - Ice-pick Lodge)
LastPass (uninstall only) (HKLM-x32\...\LastPass) (Version:  - LastPass)
Launchy 2.6 Beta 2 (HKLM-x32\...\Launchy_21344213_is1) (Version:  - Code Jelly)
Legend of Dungeon (HKLM-x32\...\Steam App 238280) (Version:  - )
Legend of Grimrock (HKLM-x32\...\Steam App 207170) (Version:  - )
LEGO MARVEL Super Heroes (HKLM-x32\...\Steam App 249130) (Version:  - Traveller's Tales)
Link Shell Extension (HKLM\...\HardlinkShellExt) (Version: 3.7.5.9 - Hermann Schinagl)
Little Inferno (HKLM-x32\...\Steam App 221260) (Version:  - )
Lone Survivor (HKLM-x32\...\Steam App 209830) (Version:  - )
Machinarium (HKLM-x32\...\Steam App 40700) (Version:  - Amanita Design)
Magicite (HKLM-x32\...\Steam App 268750) (Version:  - SmashGames)
Magicka: Wizard Wars (HKLM-x32\...\Steam App 202090) (Version:  - Paradox North)
Malwarebytes Anti-Malware version 2.1.4.1018 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.1.4.1018 - Malwarebytes Corporation)
Mark of the Ninja (HKLM-x32\...\Steam App 214560) (Version:  - )
Microsoft ASP.NET MVC 4 Runtime (HKLM-x32\...\{3FE312D5-B862-40CE-8E4E-A6D8ABF62736}) (Version: 4.0.40804.0 - Microsoft Corporation)
Microsoft Games for Windows - LIVE Redistributable (HKLM-x32\...\{42AA4CA8-DCD8-4308-BCAB-0B6D75856A9D}) (Version: 3.5.95.0 - Microsoft Corporation)
Microsoft Games for Windows Marketplace (HKLM-x32\...\{4CB0307C-565E-4441-86BE-0DF2E4FB828C}) (Version: 3.5.50.0 - Microsoft Corporation)
Microsoft Office 365 - en-us (HKLM\...\O365HomePremRetail - en-us) (Version: 15.0.4701.1002 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft SkyDrive (HKU\S-1-5-21-2166418066-2980520373-1048856590-1000\...\SkyDriveSetup.exe) (Version: 17.0.2015.0811 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022 (HKLM\...\{350AA351-21FA-3270-8B7A-835434E766AD}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)
Microsoft Xbox 360 Accessories 1.2 (HKLM\...\{D9C50188-12D5-4D3E-8F00-682346C2AA5F}) (Version: 1.20.146.0 - Microsoft)
Microsoft XNA Framework Redistributable 3.1 (HKLM-x32\...\{19BFDA5D-1FE2-4F25-97F9-1A79DD04EE20}) (Version: 3.1.10527.0 - Microsoft Corporation)
Microsoft XNA Framework Redistributable 4.0 (HKLM-x32\...\{2BFC7AA0-544C-4E3A-8796-67F3BE655BE9}) (Version: 4.0.20823.0 - Microsoft Corporation)
Microsoft XNA Framework Redistributable 4.0 Refresh (HKLM-x32\...\{D69C8EDE-BBC5-436B-8E0E-C5A6D311CF4F}) (Version: 4.0.30901.0 - Microsoft Corporation)
MirrorMoon EP (HKLM-x32\...\Steam App 231310) (Version:  - Santa Ragione)
MishraReader (HKU\S-1-5-21-2166418066-2980520373-1048856590-1000\...\d7cd08a9fd8b94ec) (Version: 1.0.0.17 - David Catuhe)
Monaco (HKLM-x32\...\Steam App 113020) (Version:  - )
Mozilla Firefox 35.0.1 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 35.0.1 (x86 en-US)) (Version: 35.0.1 - Mozilla)
Mozilla Firefox 37.0.1 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 37.0.1 (x86 en-US)) (Version: 37.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 37.0.1 - Mozilla)
Mozilla Thunderbird 24.4.0 (x86 en-GB) (HKLM-x32\...\Mozilla Thunderbird 24.4.0 (x86 en-GB)) (Version: 24.4.0 - Mozilla)
Mozilla Thunderbird 31.3.0 (x86 en-US) (HKLM-x32\...\Mozilla Thunderbird 31.3.0 (x86 en-US)) (Version: 31.3.0 - Mozilla)
MSI Afterburner 4.0.0 (HKLM-x32\...\Afterburner) (Version: 4.0.0 - MSI Co., LTD)
MSI Kombustor 2.5.0 (HKLM-x32\...\{0B7C79A5-5CB2-4ABD-A9C1-92A6213CE8DD}_is1) (Version:  - MSI Co., LTD)
Music Manager (HKU\S-1-5-21-2166418066-2980520373-1048856590-1000\...\MusicManager) (Version:  - Google, Inc.)
MusicBee 2.3 (HKLM-x32\...\MusicBee) (Version: 2.3 - Steven Mayall)
My Game Long Name (HKLM\...\UDK-03ae52bd-0f2a-4db6-9765-959b467d6726) (Version:  - Epic Games, Inc.)
My Game Long Name (HKLM\...\UDK-6d8f19c6-9a15-4b7b-abd9-adb44b89e06d) (Version:  - Epic Games, Inc.)
myPhoneDesktop 2.2.0 (HKLM-x32\...\4142-5230-3826-1062) (Version: 2.2.0 - jProductivity, LLC)
NEO Scavenger (HKLM-x32\...\Steam App 248860) (Version:  - Blue Bottle Games)
Nexus Mod Manager (HKLM\...\6af12c54-643b-4752-87d0-8335503010de_is1) (Version: 0.49.3 - Black Tree Gaming)
Notepad++ (HKLM-x32\...\Notepad++) (Version: 6.7.5 - Notepad++ Team)
Nuclear Throne (HKLM-x32\...\Steam App 242680) (Version:  - )
NVIDIA 3D Vision Controller Driver 347.09 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB) (Version: 347.09 - NVIDIA Corporation)
NVIDIA 3D Vision Driver 347.52 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 347.52 - NVIDIA Corporation)
NVIDIA GeForce Experience 2.1.5 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 2.1.5 - NVIDIA Corporation)
NVIDIA Graphics Driver 347.52 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 347.52 - NVIDIA Corporation)
NVIDIA HD Audio Driver 1.3.33.0 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.33.0 - NVIDIA Corporation)
NVIDIA Miracast Virtual Audio 340.43 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Miracast.VirtualAudio) (Version: 340.43 - NVIDIA Corporation)
NVIDIA PhysX System Software 9.14.0702 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.14.0702 - NVIDIA Corporation)
Office 15 Click-to-Run Extensibility Component (Version: 15.0.4701.1002 - Microsoft Corporation) Hidden
Office 15 Click-to-Run Licensing Component (Version: 15.0.4701.1002 - Microsoft Corporation) Hidden
Office 15 Click-to-Run Localization Component (Version: 15.0.4701.1002 - Microsoft Corporation) Hidden
Offspring Fling! (HKLM-x32\...\Steam App 211360) (Version:  - )
One Way Heroics (HKLM-x32\...\Steam App 266210) (Version:  - Smoking WOLF)
OpenAL (HKLM-x32\...\OpenAL) (Version:  - )
Origin (HKLM-x32\...\Origin) (Version: 9.4.6.2792 - Electronic Arts, Inc.)
Our Darker Purpose (HKLM-x32\...\Steam App 262790) (Version:  - )
paint.net (HKLM\...\{19BD2C33-16A8-4ED1-B9EA-D9E35B21EC42}) (Version: 4.0.5 - dotPDN LLC)
Pandora Service (HKLM-x32\...\4F6D5E84-5826-4394-9F40-3A9A19165651_is1) (Version:  - Pandora.TV) <==== ATTENTION
Papers, Please (HKLM-x32\...\Steam App 239030) (Version:  - 3909)
Paranautical Activity (HKLM-x32\...\Steam App 250580) (Version:  - Code Avarice)
Pid  (HKLM-x32\...\Steam App 218740) (Version:  - )
Planescape Torment (HKLM-x32\...\Planescape Torment_is1) (Version:  - GOG.com)
PlayOn (HKLM-x32\...\{99C4F0B1-E1A0-4B72-8E2B-184A8505BC2F}) (Version: 3.10.2 - MediaMall Technologies, Inc.)
Popcorn Time (HKLM-x32\...\Popcorn Time_is1) (Version: Beta 4.3 - Popcorn Time)
Potplayer (HKLM-x32\...\PotPlayer) (Version:  - Daum Kakao Corp.)
Primordia (HKLM-x32\...\Steam App 227000) (Version:  - )
Probability 0 (HKLM-x32\...\Steam App 258070) (Version:  - Droqen)
Project Zomboid (HKLM-x32\...\Steam App 108600) (Version:  - Indie Stone Studios)
PunkBuster Services (HKLM-x32\...\PunkBusterSvc) (Version: 0.991 - Even Balance, Inc.)
Quantum Conundrum (HKLM-x32\...\Steam App 200010) (Version:  - Airtight Games)
Quest for Glory Pack (HKLM-x32\...\GOGPACKQUESTFORGLORY_is1) (Version: 2.0.0.32 - GOG.com)
QuickTime 7 (HKLM-x32\...\{3D2CBC2C-65D4-4463-87AB-BB2C859C1F3E}) (Version: 7.76.80.95 - Apple Inc.)
Realm of the Mad God (HKLM-x32\...\Steam App 200210) (Version:  - )
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.41.216.2011 - Realtek)
Realtek Ethernet Diagnostic Utility (HKLM-x32\...\{DADC7AB0-E554-4705-9F6A-83EA82ED708E}) (Version: 1.00.0000 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7083 - Realtek Semiconductor Corp.)
Receiver (HKLM-x32\...\Steam App 234190) (Version:  - Wolfire Games)
Reflector (HKLM\...\{355C1E06-D3C3-480C-B1FB-93F49E4F29D2}) (Version: 1.5.0.0 - Squirrels)
Resonance (HKLM-x32\...\Steam App 212050) (Version:  - )
Risk of Rain (HKLM-x32\...\Steam App 248820) (Version:  - )
RivaTuner Statistics Server 6.2.0 (HKLM-x32\...\RTSS) (Version: 6.2.0 - Unwinder)
Rogue Legacy (HKLM-x32\...\Steam App 241600) (Version:  - Cellar Door Games)
Rogue's Tale (HKLM-x32\...\Steam App 265990) (Version:  - Epixx.org)
Samorost 2 (HKLM-x32\...\Steam App 40720) (Version:  - Amanita Design)
Scrolls (HKLM-x32\...\{F7F74F7F-C458-4B7C-A6F4-80A28ED7AF0B}) (Version: 1.0.2.0 - Mojang)
ScummVM 1.7.0 (HKLM-x32\...\ScummVM_is1) (Version:  - The ScummVM Team)
SEGA Genesis & Mega Drive Classics (HKLM-x32\...\Steam App 34270) (Version:  - Sega)
Sepulchre version 1.0 (HKLM-x32\...\{5BDD845F-7C78-4F21-97CF-3B87A1728E2F}_is1) (Version: 1.0 - Owl Cave)
Shadowrun Returns (HKLM-x32\...\Steam App 234650) (Version:  - Harebrained Schemes)
Shadows on the Vatican - Act I: Greed (HKLM-x32\...\Steam App 286360) (Version:  - 10th Art Studio)
Shank (HKLM-x32\...\Steam App 6120) (Version:  - Electronic Arts)
Shattered Haven (HKLM-x32\...\Steam App 234370) (Version:  - )
Shelter (HKLM-x32\...\Steam App 244710) (Version:  - Might and Delight)
SHIELD Streaming (Version: 3.1.3000 - NVIDIA Corporation) Hidden
SHIELD Wireless Controller Driver (Version: 16.18.9 - NVIDIA Corporation) Hidden
Sid Meier's Civilization V (HKLM-x32\...\Steam App 8930) (Version:  - 2K Games, Inc.)
Sine Mora (HKLM-x32\...\Steam App 207040) (Version:  - )
Sir, You Are Being Hunted (HKLM-x32\...\Steam App 242880) (Version:  - )
Skulls of the Shogun (HKLM-x32\...\Steam App 228960) (Version:  - 17-BIT)
Sky Rogue Alpha version 19 (HKLM-x32\...\{7A64CD8F-9A3B-48F7-923D-C817F7C9E703}_is1) (Version: 19 - Kenny Backus)
SpaceChem (HKLM-x32\...\Steam App 92800) (Version:  - )
Spec Ops: The Line (HKLM-x32\...\Steam App 50300) (Version:  - YAGER)
Spelunky (HKLM-x32\...\Steam App 239350) (Version:  - )
Splashtop Software Updater (HKLM-x32\...\Splashtop Software Updater) (Version: 1.5.6.15 - Splashtop Inc.)
Splashtop Streamer (HKLM-x32\...\{B7C5EA94-B96A-41F5-BE95-25D78B486678}) (Version: 2.5.8.6 - Splashtop Inc.)
Spotify (HKU\S-1-5-21-2166418066-2980520373-1048856590-1000\...\Spotify) (Version: 0.9.14.13.gba5645ad - Spotify AB)
Sproggiwood (HKLM-x32\...\Steam App 311720) (Version:  - Freehold Games)
SQL Server 2008 R2 Analysis Services OLE DB Provider (HKLM\...\{F7F09973-7C6D-474D-82D9-D954D7C184E4}) (Version: 10.50.1600.1 - Microsoft Corporation)
Star Realms version 1.04 (HKLM-x32\...\{F4DEB22F-AC61-4111-89B2-CF434A2BABFB}_is1) (Version: 1.04 - White Wizard Games)
Starbound (HKLM-x32\...\Steam App 211820) (Version:  - )
Starseed Pilgrim (HKLM-x32\...\Steam App 230980) (Version:  - Droqen)
State of Decay (HKLM-x32\...\Steam App 241540) (Version:  - Undead Labs)
Stealth Bastard Deluxe (HKLM-x32\...\Steam App 209190) (Version:  - )
Steam (HKLM-x32\...\Steam) (Version:  - Valve Corporation)
Steam Marines (HKLM-x32\...\Steam App 253630) (Version:  - )
SteamWorld Dig (HKLM-x32\...\Steam App 252410) (Version:  - Image&amp;Form)
SumatraPDF (HKLM-x32\...\SumatraPDF) (Version: 3.0 - Krzysztof Kowalczyk)
Sunless Sea (HKLM-x32\...\Steam App 304650) (Version:  - Failbetter Games)
Super Meat Boy (HKLM-x32\...\Steam App 40800) (Version:  - )
SUPERAntiSpyware (HKLM\...\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}) (Version: 6.0.1186 - SUPERAntiSpyware.com)
Surgeon Simulator 2013 (HKLM-x32\...\Steam App 233720) (Version:  - Bossa Studios)
swMSM (x32 Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
Sword of the Stars: The Pit (HKLM-x32\...\Steam App 233700) (Version:  - )
System Requirements Lab CYRI (HKLM-x32\...\{F3FCB08B-E752-444D-86A0-0634A4F3B23D}) (Version: 6.0.8.0 - Husdawg, LLC)
Tales of Maj'Eyal (HKLM-x32\...\Steam App 259680) (Version:  - DarkGod)
Teleglitch: Die More Edition (HKLM-x32\...\Steam App 234390) (Version:  - Test3 Projects)
TeraCopy 2.3 (HKLM\...\TeraCopy_is1) (Version:  - Code Sector)
The Banner Saga (HKLM-x32\...\Steam App 237990) (Version:  - Stoic)
The Binding Of Isaac (HKLM-x32\...\Steam App 113200) (Version:  - )
The Dark Eye: Chains of Satinav (HKLM-x32\...\Steam App 203830) (Version:  - Daedalic Entertainment)
The Depths of Tolagal (HKLM-x32\...\Steam App 340600) (Version:  - Angry Toad Studios)
The Dream Machine (HKLM-x32\...\Steam App 94300) (Version:  - Cockroach Ink.)
The Dungeoning (HKLM-x32\...\Steam App 295870) (Version:  - Nick Donnelly)
The Elder Scrolls V: Skyrim (HKLM-x32\...\Steam App 72850) (Version:  - Bethesda Game Studios)
The Last Door - Collector's Edition (HKLM-x32\...\Steam App 284390) (Version:  - The Game Kitchen)
The Long Dark (HKLM-x32\...\Steam App 305620) (Version:  - Hinterland Studio Inc.)
The Raven - Legacy of a Master Thief (HKLM-x32\...\Steam App 233370) (Version:  - KING Art)
The Swapper (HKLM-x32\...\Steam App 231160) (Version:  - Olli Harjola, Otto Hantula, Tom Jubert, Carlo Castellano)
The Testament of Sherlock Holmes (HKLM-x32\...\Steam App 205650) (Version:  - Frogwares)
The Witcher Adventure Game (HKLM-x32\...\1207664653_is1) (Version: 2.0.33.36 - GOG.com)
The Wolf Among Us (HKLM-x32\...\Steam App 250320) (Version:  - )
They Bleed Pixels (HKLM-x32\...\Steam App 211260) (Version:  - )
Thief Gold (HKLM-x32\...\Steam App 211600) (Version:  - )
Thomas Was Alone (HKLM-x32\...\Steam App 220780) (Version:  - )
TightVNC (HKLM\...\{D2372F87-7DA2-47F7-A102-AF2181B8EAA2}) (Version: 2.7.10.0 - GlavSoft LLC.)
Time Gentlemen, Please! (HKLM-x32\...\Steam App 37400) (Version:  - Size Five Games)
Tiny and Big: Grandpa's Leftovers (HKLM-x32\...\Steam App 205910) (Version:  - )
Titanfall™ (HKLM-x32\...\{347EE0C3-0690-48F6-A231-53853C2A80D6}) (Version: 1.0.9.6 - Electronic Arts)
Tower of Guns (HKLM-x32\...\Steam App 266110) (Version:  - Terrible Posture Games)
Tropico 5 (HKLM-x32\...\Steam App 245620) (Version:  - Haemimont Games)
Unepic (HKLM-x32\...\Steam App 233980) (Version:  - Francisco Téllez de Meneses)
Unity Web Player (HKU\S-1-5-21-2166418066-2980520373-1048856590-1000\...\UnityWebPlayer) (Version: 4.5.5f1 - Unity Technologies ApS)
Universal Media Server (HKLM-x32\...\Universal Media Server) (Version: 4.2.1 - Universal Media Server)
Uplay (HKLM-x32\...\Uplay) (Version: 3.0 - Ubisoft)
Uplink (HKLM-x32\...\Steam App 1510) (Version:  - Introversion Software)
UxStyle Core Beta (HKLM\...\{8E363055-15E5-4D8A-9C69-A0A9DE9A3337}) (Version: 0.2.2.0 - The Within Network, LLC)
Vagante (HKLM-x32\...\Steam App 323220) (Version:  - Nuke Nine)
Valdis Story: Abyssal City (HKLM-x32\...\Steam App 252030) (Version:  - )
Vampire - The Masquerade Bloodlines (HKLM-x32\...\InstallShield_{C4E2A4A7-B623-40CB-8EEA-72F577E49D56}) (Version: 1.00.0000 - Activision)
Vampire - The Masquerade Bloodlines (x32 Version: 1.00.0000 - Activision) Hidden
Vampire - The Masquerade Bloodlines (x32 Version: 1.2 - Activision) Hidden
Vessel (HKLM-x32\...\Steam App 108500) (Version:  - Strange Loop Games)
VirtualCloneDrive (HKLM-x32\...\VirtualCloneDrive) (Version: 5.4.7.0 - Elaborate Bytes)
VLC media player (HKLM\...\VLC media player) (Version: 2.2.0 - VideoLAN)
WazHack (HKLM-x32\...\Steam App 264160) (Version:  - Waz)
WinDirStat 1.1.2 (HKU\S-1-5-21-2166418066-2980520373-1048856590-1000\...\WinDirStat) (Version:  - )
Windows Driver Package - LeapFrog (FlyUsb) USB  (11/05/2008 1.1.1.0) (HKLM\...\781745E87AFF80C0C1388CFF79D19ECAB2E9BB47) (Version: 11/05/2008 1.1.1.0 - LeapFrog)
Windows Driver Package - Leapfrog (Leapfrog-USBLAN) Net  (09/10/2009 02.03.05.012) (HKLM\...\8F14F2ECEDE68D26EA515B48DC25B39103C4FE8D) (Version: 09/10/2009 02.03.05.012 - Leapfrog)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3538.0513 - Microsoft Corporation)
Windows Media Player Firefox Plugin (HKLM-x32\...\{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}) (Version: 1.0.0.8 - Microsoft Corp)
World of Warcraft (HKLM-x32\...\World of Warcraft) (Version:  - Blizzard Entertainment)
XCOM: Enemy Unknown (HKLM-x32\...\Steam App 200510) (Version:  - )
Xiph.Org Open Codecs 0.85.17777 (HKLM-x32\...\Open Codecs) (Version: 0.85.17777 - Xiph.Org)
Ziggurat (HKLM-x32\...\Steam App 308420) (Version:  - Milkstone Studios)
 
==================== Custom CLSID (selected items): ==========================
 
(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)
 
CustomCLSID: HKU\S-1-5-21-2166418066-2980520373-1048856590-1000_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Users\Ben\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2166418066-2980520373-1048856590-1000_Classes\CLSID\{C3BC25C0-FCD3-4F01-AFDD-41373F017C9A}\InprocServer32 -> C:\Users\Ben\AppData\Local\Google\Update\1.3.26.9\psuser_64.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-2166418066-2980520373-1048856590-1000_Classes\CLSID\{D0336C0B-7919-4C04-8CCE-2EBAE2ECE8C9}\InprocServer32 -> C:\Users\Ben\AppData\Local\Google\Update\1.3.25.11\psuser_64.dll No File
CustomCLSID: HKU\S-1-5-21-2166418066-2980520373-1048856590-1000_Classes\CLSID\{E8CF3E55-F919-49D9-ABC0-948E6CB34B9F}\InprocServer32 -> C:\Users\Ben\AppData\Local\Google\Update\1.3.26.9\psuser_64.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-2166418066-2980520373-1048856590-1000_Classes\CLSID\{ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C}\InprocServer32 -> C:\Users\Ben\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2166418066-2980520373-1048856590-1000_Classes\CLSID\{F8071786-1FD0-4A66-81A1-3CBE29274458}\InprocServer32 -> C:\Users\Ben\AppData\Local\Microsoft\SkyDrive\17.0.2015.0811_1\amd64\FileSyncApi64.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-2166418066-2980520373-1048856590-1000_Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Ben\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2166418066-2980520373-1048856590-1000_Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Ben\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2166418066-2980520373-1048856590-1000_Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Ben\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2166418066-2980520373-1048856590-1000_Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Ben\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2166418066-2980520373-1048856590-1000_Classes\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Ben\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2166418066-2980520373-1048856590-1000_Classes\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Ben\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2166418066-2980520373-1048856590-1000_Classes\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Ben\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2166418066-2980520373-1048856590-1000_Classes\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Ben\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
 
==================== Restore Points  =========================
 
15-04-2015 23:39:07 Windows Update
 
==================== Hosts content: ==========================
 
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 
2013-08-22 08:25 - 2014-02-14 20:13 - 00000824 ____A C:\WINDOWS\system32\Drivers\etc\hosts
 
==================== Scheduled Tasks (whitelisted) =============
 
(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)
 
Task: {09DD58F1-F2FA-485F-B570-7CC23C8C7EA5} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-03-09] (Google Inc.)
Task: {101BAF78-7E0E-403F-AE7C-5DDE6FFEF0A5} - System32\Tasks\Microsoft\Office\Office Automatic Updates => C:\Program Files\Microsoft Office 15\ClientX64\OfficeC2RClient.exe [2015-02-10] (Microsoft Corporation)
Task: {10758C1A-792A-487E-B2C3-8552A0E7C3CF} - System32\Tasks\ASUS\ASUS AiCharger_II TrayIcon => C:\Program Files (x86)\ASUS\AI Suite II\Ai Charger II\AsChargerIITray.exe [2013-03-06] (ASUSTeK)
Task: {10C61844-4670-4EB3-9426-CA5480E86BBE} - System32\Tasks\{A1947D8A-5E7F-408E-BEE4-35C39D905116} => pcalua.exe -a E:\Users\Ben\Downloads\uninstall.exe
Task: {139DDA50-11F6-45CC-8DFC-D0B306091791} - System32\Tasks\Microsoft\Windows\Setup\gwx\launchtrayprocess => C:\Windows\system32\GWX\GWX.exe [2015-03-23] (Microsoft Corporation)
Task: {17C94961-DAA0-40CD-9D8C-66BC407AAF27} - System32\Tasks\Microsoft\Windows\Setup\gwx\refreshgwxcontent => C:\Windows\system32\GWX\GWXConfigManager.exe [2015-03-23] (Microsoft Corporation)
Task: {1B28459B-195F-4324-B447-C455B896F39A} - System32\Tasks\CCleanerSkipUAC => F:\Program Files\CCleaner\CCleaner.exe [2015-03-13] (Piriform Ltd)
Task: {1EDBA800-0D4A-4A72-9FA7-A18333BFB722} - System32\Tasks\Microsoft\Windows\Media Center\PvrScheduleTask => C:\Windows\ehome\mcupdate.exe
Task: {2124C94F-836D-43DD-A68E-A23CF2EA3132} - System32\Tasks\Microsoft\Office\Office Subscription Maintenance => C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesCommonx64\Microsoft Shared\OFFICE15\OLicenseHeartbeat.exe [2015-02-10] (Microsoft Corporation)
Task: {249D5594-6917-400E-B20D-A6CE60D0E0F4} - System32\Tasks\ASUS\ASUS AiCharger_Desktop Execute => C:\Program Files (x86)\InstallShield Installation Information\{11F6707B-88F9-4D2D-A138-27B657BAE4D2}\AiChargerDT.exe [2013-03-06] (ASUSTek Computer Inc.)
Task: {2DFDCD66-DB4E-4E96-84B1-9E2FCA9CFC7C} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\WINDOWS\system32\MRT.exe [2015-04-14] (Microsoft Corporation)
Task: {33746A8E-5991-43FA-8189-7419AC56719F} - System32\Tasks\Microsoft\Windows\Media Center\mcupdate => C:\Windows\ehome\mcupdate.exe
Task: {37251F28-7F5F-472F-B54E-581F0B9F9DE5} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscoveryW1 => C:\Windows\ehome\ehPrivJob.exe
Task: {37FF3300-D3B8-4193-B389-2752942CE6BF} - System32\Tasks\Microsoft\Windows\Media Center\ObjectStoreRecoveryTask => C:\Windows\ehome\mcupdate.exe
Task: {4560FB05-F968-4660-A42B-88476795A43F} - System32\Tasks\Patch My PC => F:\Users\Ben\Documents\PatchMyPC.exe [2015-04-05] (www.patchmypc.net)
Task: {494DA377-1538-4CFA-801D-3777BCE84135} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-2166418066-2980520373-1048856590-1000Core => C:\Users\Ben\AppData\Local\Google\Update\GoogleUpdate.exe [2015-01-31] (Google Inc.)
Task: {57B01F0C-E4F3-4AF2-9538-5731C85F09CC} - System32\Tasks\Microsoft\Windows\Media Center\ReindexSearchRoot => C:\Windows\ehome\ehPrivJob.exe
Task: {5C1E2BF5-2A99-4E85-BBB3-0EBC6D7A8C53} - System32\Tasks\Razer_Game_Booster_AutoUpdate => E:\Program Files (x86)\Razer\Razer Game Booster\AutoUpdate.exe
Task: {64EBF1C8-FC59-454C-AE17-2F7A044F6B01} - System32\Tasks\ASUS\Easy Update => C:\Program Files (x86)\ASUS\AI Suite II\EasyUpdate\EzUpdt.exe [2012-10-08] ()
Task: {67062151-9960-4386-A29C-C64B645AA831} - System32\Tasks\Microsoft\Windows\Media Center\MediaCenterRecoveryTask => C:\Windows\ehome\mcupdate.exe
Task: {68BD0939-0442-42B3-B1B4-0A61F82E8316} - System32\Tasks\Microsoft\Windows\Media Center\mcupdate_scheduled => C:\Windows\ehome\mcupdate.exe
Task: {6F08EF40-54DC-4362-9CED-83322C814A43} - System32\Tasks\Microsoft\Windows\Setup\gwx\runappraiser => C:\Windows\system32\GWX\GWXConfigManager.exe [2015-03-23] (Microsoft Corporation)
Task: {734A4AD1-E22E-4818-BC99-E4379BD02700} - System32\Tasks\Microsoft\Windows\Media Center\ActivateWindowsSearch => C:\Windows\ehome\ehPrivJob.exe
Task: {744B485E-73BC-4C4A-8005-628BCCCF0155} - System32\Tasks\Microsoft\Windows\Media Center\ConfigureInternetTimeService => C:\Windows\ehome\ehPrivJob.exe
Task: {753694AF-3760-4BEA-96FA-75FC511A4B91} - System32\Tasks\Microsoft\Windows\Media Center\SqlLiteRecoveryTask => C:\Windows\ehome\mcupdate.exe
Task: {76E50C91-66D2-4252-B6B0-0ACD81DFEB47} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-03-09] (Google Inc.)
Task: {80A492CC-09D6-4A44-8D8F-6AA96B96522E} - System32\Tasks\Microsoft\Windows\Media Center\UpdateRecordPath => C:\Windows\ehome\ehPrivJob.exe
Task: {8315EC2F-6578-43AB-8D1D-0974985B6B0E} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscovery => C:\Windows\ehome\ehPrivJob.exe
Task: {83C18685-65C0-43EC-BEF3-C1515EC7B2BD} - System32\Tasks\Microsoft\Windows\Media Center\OCURDiscovery => C:\Windows\ehome\ehPrivJob.exe
Task: {84649D52-9BB3-43E1-A31A-AEA6BDC0FFDF} - System32\Tasks\ASUS\ASUS AI Suite II Execute => C:\Program Files (x86)\ASUS\AI Suite II\AsRoutineController.exe [2012-03-13] (ASUSTeK Computer Inc.)
Task: {870A4DDB-9633-4CC3-81A1-4C7506840B8B} - System32\Tasks\Microsoft Office 15 Sync Maintenance for BEN-PC-Ben Ben-PC => C:\Program Files\Microsoft Office 15\Root\Office15\MsoSync.exe [2015-02-10] (Microsoft Corporation)
Task: {882F02A4-8523-4633-AAD2-41BEBD6E27B9} - System32\Tasks\Microsoft\Windows\Media Center\StartRecording => C:\Windows\ehome\ehrec.exe
Task: {9698DE7C-E88A-421D-9EBD-B4668D40D971} - System32\Tasks\{A4C16DB6-B351-4EE7-A106-0915F5880922} => pcalua.exe -a E:\Users\Ben\Downloads\windirstat1_1_2_setup.exe -d "E:\Program Files (x86)\Mozilla Firefox"
Task: {98A58BEF-52C2-4414-92EE-DE23928CD3CC} - System32\Tasks\Adobe Flash Player Updater => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-04-14] (Adobe Systems Incorporated)
Task: {9A5449F9-0307-4614-B49D-BBD66E7BDCFD} - System32\Tasks\Microsoft\Windows\Media Center\PvrRecoveryTask => C:\Windows\ehome\mcupdate.exe
Task: {9ADCBAF2-D627-41FC-A66D-1C4CA103D0C0} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Microsoft Office 15\ClientX64\OfficeC2RClient.exe [2015-02-10] (Microsoft Corporation)
Task: {A890ABA0-1C2A-475B-9C4F-758596076E1C} - System32\Tasks\OfficeSoftwareProtectionPlatform\SvcRestartTask => Sc.exe start osppsvc
Task: {ACA0335B-9F37-4723-AF96-D2657EA4C1A3} - System32\Tasks\Microsoft\Windows\Media Center\Extender\Update media permissions for Mcx1-BEN-PC => C:\Windows\ehome\McxTask.exe
Task: {ACA49BAE-341A-4534-8755-F20CD1DCC3E6} - System32\Tasks\Microsoft\Windows\Media Center\RecordingRestart => C:\Windows\ehome\ehrec.exe
Task: {B52BFD19-BEF2-423A-BD00-8210A77D12B4} - System32\Tasks\Microsoft\Windows\Media Center\ehDRMInit => C:\Windows\ehome\ehPrivJob.exe
Task: {C14E2B0B-5EAF-4B6A-97E3-66210DEAC906} - System32\Tasks\Microsoft\Windows\Media Center\PeriodicScanRetry => C:\Windows\ehome\MCUpdate.exe
Task: {C3996672-36BF-4884-9737-DAF0423B2DC6} - System32\Tasks\Microsoft\Windows\Media Center\InstallPlayReady => C:\Windows\ehome\ehPrivJob.exe
Task: {C5938451-527E-41C3-A6C4-54A9689BD508} - System32\Tasks\Microsoft\Office\Office 15 Subscription Heartbeat => C:\Program Files\Common Files\Microsoft Shared\Office15\OLicenseHeartbeat.exe
Task: {DFC2AD29-34A4-4677-82A7-AF63477AF832} - System32\Tasks\{5461A566-AE57-4CFC-A881-AA6613BAD7A6} => pcalua.exe -a "E:\Program Files (x86)\Resonance Demo\winsetup.exe" -d "E:\Program Files (x86)\Resonance Demo"
Task: {E852ED4F-5BA2-4B32-B9EC-94FA7F77F5D3} - System32\Tasks\Microsoft\Windows\Setup\gwx\refreshgwxconfig => C:\Windows\system32\GWX\GWXConfigManager.exe [2015-03-23] (Microsoft Corporation)
Task: {E8DAF9EF-8C18-4A17-8257-13BB3ACC9469} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscoveryW2 => C:\Windows\ehome\ehPrivJob.exe
Task: {EE0F0DA9-60C3-4FD8-B977-0B25F5B65FEA} - System32\Tasks\Microsoft\Windows\Media Center\OCURActivate => C:\Windows\ehome\ehPrivJob.exe
Task: {F1B0690B-CB9B-4E4C-B6D8-B42861EAE063} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-2166418066-2980520373-1048856590-1000UA => C:\Users\Ben\AppData\Local\Google\Update\GoogleUpdate.exe [2015-01-31] (Google Inc.)
Task: {F1C84FE1-C1AF-4560-BFC1-EC081F8D79DF} - System32\Tasks\Microsoft\Windows\Media Center\DispatchRecoveryTasks => C:\Windows\ehome\ehPrivJob.exe
Task: {FCC5F6B4-39F4-496E-9421-1866D53B3706} - System32\Tasks\Microsoft\Windows\Media Center\RegisterSearch => C:\Windows\ehome\ehPrivJob.exe
Task: C:\WINDOWS\Tasks\Adobe Flash Player Updater.job => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-2166418066-2980520373-1048856590-1000Core.job => C:\Users\Ben\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-2166418066-2980520373-1048856590-1000UA.job => C:\Users\Ben\AppData\Local\Google\Update\GoogleUpdate.exe
 
==================== Loaded Modules (whitelisted) ==============
 
2013-10-18 21:45 - 2015-02-05 14:07 - 00117576 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll
2015-04-18 18:26 - 2013-10-23 15:24 - 00087600 _____ () C:\WINDOWS\System32\cpwmon64.dll
2015-01-20 23:35 - 2015-01-20 23:35 - 00085832 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
2015-01-20 23:35 - 2015-01-20 23:35 - 01346344 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
2012-11-04 21:56 - 2012-10-05 14:59 - 00920736 ____N () C:\Program Files (x86)\ASUS\AXSP\1.00.19\atkexComSvc.exe
2014-04-09 18:19 - 2014-05-20 08:19 - 00105640 _____ () C:\Program Files\Microsoft Office 15\ClientX64\ApiClient.dll
2014-02-19 18:17 - 2014-02-19 18:17 - 00014848 _____ () C:\Program Files\CrashPlan\md564.dll
2015-01-13 22:06 - 2015-01-13 22:06 - 00230400 _____ () C:\Program Files\CrashPlan\cpnative64.dll
2010-07-05 07:37 - 2010-07-05 07:37 - 00011776 _____ () C:\Program Files (x86)\Dokan\DokanLibrary\mounter.exe
2015-03-29 05:25 - 2015-03-29 05:25 - 00043480 _____ () F:\Program Files (x86)\FileZilla FTP Client\fzshellext_64.dll
2004-09-30 13:15 - 2004-09-30 13:15 - 00192000 _____ () F:\Program Files\LinkShellExtension\RockallDLL.dll
2014-11-24 21:05 - 2014-11-24 21:05 - 00183296 _____ () C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.5.9600.20689_x64__8wekyb3d8bbwe\ErrorReporting.dll
2012-11-04 21:57 - 2012-10-08 18:48 - 01404800 _____ () C:\Program Files (x86)\ASUS\AI Suite II\EasyUpdate\EzUpdt.exe
2014-04-10 20:15 - 2014-04-10 20:15 - 00044032 _____ () F:\Program Files (x86)\FluffyApp\Splat.dll
2014-04-10 20:15 - 2014-04-10 20:15 - 00081408 _____ () F:\Program Files (x86)\FluffyApp\Akavache.dll
2014-04-10 20:15 - 2014-04-10 20:15 - 00212992 _____ () F:\Program Files (x86)\FluffyApp\ReactiveUI.dll
2014-04-10 20:15 - 2014-04-10 20:15 - 00041984 _____ () F:\Program Files (x86)\FluffyApp\ReactiveUI.Xaml.dll
2014-04-10 20:15 - 2014-04-10 20:15 - 00035328 _____ () F:\Program Files (x86)\FluffyApp\ReactiveUI.Winforms.dll
2014-04-10 20:15 - 2014-04-10 20:15 - 00262656 _____ () F:\Program Files (x86)\FluffyApp\SparkleDotNET.dll
2014-04-10 20:15 - 2014-04-10 20:15 - 00006144 _____ () F:\Program Files (x86)\FluffyApp\Plugins\Chrome.TriggerPlugin.dll
2014-09-29 12:15 - 2014-09-29 12:15 - 00775432 _____ () F:\Program Files (x86)\AirVideoServer HD\ExternalEncoder.exe
2014-04-10 20:55 - 2010-11-10 19:28 - 00405504 _____ () F:\Program Files (x86)\Launchy\Launchy.exe
2014-11-19 14:15 - 2014-11-19 14:15 - 00393376 _____ () C:\Program Files\Microsoft Office 15\root\office15\AppVIsvStream64.dll
2014-11-19 14:15 - 2014-11-19 14:15 - 00393376 _____ () C:\Program Files\Microsoft Office 15\Root\Office15\AppVIsvStream64.dll
2014-11-19 14:16 - 2014-11-19 14:16 - 00393376 _____ () C:\Program Files\Microsoft Office 15\Root\VFS\ProgramFilesCommonX64\Microsoft Shared\OFFICE15\AppVIsvStream64.dll
2012-11-04 21:56 - 2015-04-19 12:07 - 00020992 _____ () C:\Program Files (x86)\ASUS\AXSP\1.00.19\PEbiosinterface32.dll
2012-11-04 21:56 - 2010-06-29 11:58 - 00104448 ____N () C:\Program Files (x86)\ASUS\AXSP\1.00.19\ATKEX.dll
2012-11-04 21:57 - 2012-09-19 16:38 - 05012856 _____ () C:\Program Files (x86)\ASUS\AI Suite II\EasyUpdate\EzULIB.dll
2012-11-04 21:57 - 2010-06-21 16:21 - 00208896 _____ () C:\Program Files (x86)\ASUS\AI Suite II\EasyUpdate\ImageHelper.dll
2013-10-18 22:52 - 2011-07-12 20:14 - 00147456 _____ () C:\Program Files (x86)\ASUS\AI Suite II\AssistFunc.dll
2013-10-18 22:52 - 2010-10-05 09:22 - 00253952 _____ () C:\Program Files (x86)\ASUS\AI Suite II\pngio.dll
2013-10-18 22:52 - 2012-03-21 13:07 - 00972288 _____ () C:\Program Files (x86)\ASUS\AI Suite II\BarGadget\BarGadget.dll
2014-12-26 20:19 - 2012-08-01 11:51 - 01040896 _____ () C:\Program Files (x86)\ASUS\AI Suite II\EasyUpdate\EasyUpdt.dll
2013-10-18 22:52 - 2012-06-19 12:56 - 01305600 ____N () C:\Program Files (x86)\ASUS\AI Suite II\MyLogo\MyLogo.dll
2013-10-18 22:52 - 2012-05-25 11:33 - 00883712 _____ () C:\Program Files (x86)\ASUS\AI Suite II\Sensor\Sensor.dll
2013-10-18 22:52 - 2012-05-28 22:27 - 01622528 _____ () C:\Program Files (x86)\ASUS\AI Suite II\Sensor Graph\SensorGraph.dll
2013-10-18 22:52 - 2011-09-19 21:18 - 01243136 _____ () C:\Program Files (x86)\ASUS\AI Suite II\Settings\Settings.dll
2013-10-18 22:52 - 2011-07-21 10:06 - 00846848 _____ () C:\Program Files (x86)\ASUS\AI Suite II\Splitter\Splitter.dll
2013-10-18 22:52 - 2011-10-14 21:03 - 00885248 _____ () C:\Program Files (x86)\ASUS\AI Suite II\TabGadget\TabGadget.dll
2012-11-04 21:56 - 2010-08-23 11:17 - 00662016 _____ () C:\Program Files (x86)\ASUS\AAHM\1.00.20\aaHMLib.dll
2013-10-18 22:52 - 2010-10-05 09:22 - 00208896 _____ () C:\Program Files (x86)\ASUS\AI Suite II\ImageHelper.dll
2013-10-18 22:52 - 2009-08-12 21:15 - 00253952 _____ () C:\Program Files (x86)\ASUS\AI Suite II\Sensor\AlertHelper\pngio.dll
2015-01-20 23:35 - 2015-01-20 23:35 - 01044776 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
2015-03-11 20:55 - 2015-03-10 01:37 - 00775680 _____ () F:\Program Files (x86)\Steam\SDL2.dll
2014-12-02 20:09 - 2014-12-01 19:29 - 05002752 _____ () F:\Program Files (x86)\Steam\v8.dll
2015-04-14 08:10 - 2015-04-13 18:44 - 02371776 _____ () F:\Program Files (x86)\Steam\video.dll
2014-12-02 20:09 - 2014-12-01 19:29 - 01612800 _____ () F:\Program Files (x86)\Steam\icui18n.dll
2014-12-02 20:09 - 2014-12-01 19:29 - 01210368 _____ () F:\Program Files (x86)\Steam\icuuc.dll
2014-12-02 20:09 - 2014-12-01 16:31 - 02396672 _____ () F:\Program Files (x86)\Steam\libavcodec-56.dll
2014-12-02 20:09 - 2014-12-01 16:31 - 00479744 _____ () F:\Program Files (x86)\Steam\libavformat-56.dll
2014-12-02 20:09 - 2014-12-01 16:31 - 00332800 _____ () F:\Program Files (x86)\Steam\libavresample-2.dll
2014-12-02 20:09 - 2014-12-01 16:31 - 00442880 _____ () F:\Program Files (x86)\Steam\libavutil-54.dll
2014-12-02 20:09 - 2014-12-01 16:31 - 00485888 _____ () F:\Program Files (x86)\Steam\libswscale-3.dll
2015-04-14 08:10 - 2015-04-13 18:44 - 00702656 _____ () F:\Program Files (x86)\Steam\bin\chromehtml.DLL
2014-09-28 13:02 - 2014-09-28 13:02 - 00759808 _____ () F:\Program Files (x86)\AirVideoServer HD\gstreamer-0.11.dll
2014-09-28 13:02 - 2014-09-28 13:02 - 00282112 _____ () F:\Program Files (x86)\AirVideoServer HD\gstbase-0.11.dll
2014-09-28 13:02 - 2014-09-28 13:02 - 00233984 _____ () F:\Program Files (x86)\AirVideoServer HD\gstaudio-0.11.dll
2014-09-28 13:02 - 2014-09-28 13:02 - 00214528 _____ () F:\Program Files (x86)\AirVideoServer HD\gstvideo-0.11.dll
2014-04-15 10:38 - 2014-04-15 10:38 - 00917504 _____ () F:\Program Files (x86)\AirVideoServer HD\libiconv.dll
2014-04-15 14:41 - 2014-04-15 14:41 - 00649216 _____ () F:\Program Files (x86)\AirVideoServer HD\tag.dll
2014-09-28 13:03 - 2014-09-28 13:03 - 00036864 _____ () F:\Program Files (x86)\AirVideoServer HD\gstapp-0.11.dll
2014-09-28 13:03 - 2014-09-28 13:03 - 00117760 _____ () F:\Program Files (x86)\AirVideoServer HD\gstpbutils-0.11.dll
2014-09-28 13:04 - 2014-09-28 13:04 - 00161792 _____ () F:\Program Files (x86)\AirVideoServer HD\gstcodecparsers-0.11.dll
2014-09-28 13:02 - 2014-09-28 13:02 - 00176640 _____ () F:\Program Files (x86)\AirVideoServer HD\gsttag-0.11.dll
2014-04-15 10:38 - 2014-04-15 10:38 - 00069632 _____ () F:\Program Files (x86)\AirVideoServer HD\fribidi.dll
2014-08-14 12:19 - 2014-08-14 12:19 - 01680427 _____ () F:\Program Files (x86)\AirVideoServer HD\liborc-0.4-0.dll
2014-09-03 14:15 - 2014-09-03 14:15 - 10683392 _____ () C:\Users\Ben\AppData\Local\Programs\Google\MusicManager\QtWebKit4.dll
2014-09-03 14:15 - 2014-09-03 14:15 - 07741952 _____ () C:\Users\Ben\AppData\Local\Programs\Google\MusicManager\QtGui4.dll
2014-09-03 14:15 - 2014-09-03 14:15 - 01681408 _____ () C:\Users\Ben\AppData\Local\Programs\Google\MusicManager\QtNetwork4.dll
2014-09-03 14:15 - 2014-09-03 14:15 - 02248192 _____ () C:\Users\Ben\AppData\Local\Programs\Google\MusicManager\QtCore4.dll
2015-03-31 17:33 - 2015-03-31 17:33 - 00117248 _____ () C:\Users\Ben\AppData\Local\Programs\Google\MusicManager\libaacdec.dll
2015-03-31 17:33 - 2015-03-31 17:33 - 00231936 _____ () C:\Users\Ben\AppData\Local\Programs\Google\MusicManager\libmpgdec.dll
2015-03-31 17:33 - 2015-03-31 17:33 - 00253440 _____ () C:\Users\Ben\AppData\Local\Programs\Google\MusicManager\libid3tag.dll
2015-03-31 17:33 - 2015-03-31 17:33 - 00344064 _____ () C:\Users\Ben\AppData\Local\Programs\Google\MusicManager\libaudioenc.dll
2014-09-03 14:15 - 2014-09-03 14:15 - 00026624 _____ () C:\Users\Ben\AppData\Local\Programs\Google\MusicManager\imageformats\qgif4.dll
2015-02-25 09:14 - 2015-02-24 20:58 - 34641288 _____ () F:\Program Files (x86)\Steam\bin\libcef.dll
2015-04-19 12:08 - 2015-04-19 12:08 - 00043008 _____ () c:\users\ben\appdata\local\temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpxbyk5l.dll
2015-03-04 16:45 - 2015-03-04 16:45 - 00750080 _____ () C:\Users\Ben\AppData\Roaming\Dropbox\bin\libGLESv2.dll
2015-03-04 16:45 - 2015-03-04 16:45 - 00047616 _____ () C:\Users\Ben\AppData\Roaming\Dropbox\bin\libEGL.dll
2015-03-04 16:45 - 2015-03-04 16:45 - 00865280 _____ () C:\Users\Ben\AppData\Roaming\Dropbox\bin\plugins\platforms\qwindows.dll
2015-03-04 16:45 - 2015-03-04 16:45 - 00200704 _____ () C:\Users\Ben\AppData\Roaming\Dropbox\bin\plugins\imageformats\qjpeg.dll
2015-03-04 16:45 - 2015-03-04 16:45 - 00010240 _____ () C:\Users\Ben\AppData\Roaming\Dropbox\bin\QtQuick.2\qtquick2plugin.dll
2015-03-04 16:45 - 2015-03-04 16:45 - 00726016 _____ () C:\Users\Ben\AppData\Roaming\Dropbox\bin\QtQuick\Controls\qtquickcontrolsplugin.dll
2015-03-04 16:45 - 2015-03-04 16:45 - 00010240 _____ () C:\Users\Ben\AppData\Roaming\Dropbox\bin\QtQuick\Window.2\windowplugin.dll
2014-04-10 20:55 - 2009-12-16 22:13 - 08314880 _____ () F:\Program Files (x86)\Launchy\QtGui4.dll
2014-04-10 20:55 - 2009-12-16 21:56 - 00712704 _____ () F:\Program Files (x86)\Launchy\QtNetwork4.dll
2014-04-10 20:55 - 2009-12-16 21:54 - 02236416 _____ () F:\Program Files (x86)\Launchy\QtCore4.dll
2014-04-10 20:55 - 2009-12-17 00:18 - 00233472 _____ () F:\Program Files (x86)\Launchy\imageformats\qmng4.dll
2014-04-10 20:55 - 2010-11-05 15:08 - 00118784 _____ () F:\Program Files (x86)\Launchy\plugins\calcy.dll
2014-04-10 20:55 - 2010-08-24 18:40 - 00110592 _____ () F:\Program Files (x86)\Launchy\plugins\controly.dll
2014-04-10 20:55 - 2010-08-24 18:40 - 00030208 _____ () F:\Program Files (x86)\Launchy\plugins\gcalc.dll
2014-04-10 20:55 - 2010-08-24 18:40 - 00106496 _____ () F:\Program Files (x86)\Launchy\plugins\runner.dll
2014-04-10 20:55 - 2010-08-24 18:40 - 00043520 _____ () F:\Program Files (x86)\Launchy\plugins\verby.dll
2014-04-10 20:55 - 2010-11-05 15:03 - 00122880 _____ () F:\Program Files (x86)\Launchy\plugins\weby.dll
2011-07-18 16:07 - 2011-07-18 16:07 - 00014336 _____ () F:\Program Files (x86)\Notepad++\plugins\NppExport.dll
2015-01-25 19:47 - 2015-01-25 19:47 - 02748416 _____ () F:\Program Files (x86)\Notepad++\plugins\NppFTP.dll
2015-03-17 21:29 - 2015-01-27 09:13 - 08898720 _____ () C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX86\Microsoft Office\Office15\1033\GrooveIntlResource.dll
2004-09-30 12:09 - 2004-09-30 12:09 - 00155648 _____ () F:\Program Files\LinkShellExtension\32\RockallDLL.dll
2015-03-29 05:25 - 2015-03-29 05:25 - 00039384 _____ () F:\Program Files (x86)\FileZilla FTP Client\fzshellext.dll
2015-04-16 17:33 - 2015-04-13 16:55 - 01252680 _____ () C:\Program Files (x86)\Google\Chrome\Application\42.0.2311.90\libglesv2.dll
2015-04-16 17:33 - 2015-04-13 16:55 - 00080712 _____ () C:\Program Files (x86)\Google\Chrome\Application\42.0.2311.90\libegl.dll
2014-10-15 04:31 - 2014-10-15 04:31 - 00169984 _____ () C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\IsdiInterop\0f39016152ed88ffc9f5a97b72a52d33\IsdiInterop.ni.dll
2011-08-19 22:18 - 2010-11-06 00:50 - 00058880 _____ () C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IsdiInterop.dll
 
==================== Alternate Data Streams (whitelisted) =========
 
(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)
 
AlternateDataStreams: C:\Users\Ben\SkyDrive:ms-properties
AlternateDataStreams: C:\Users\hmaur_000.BEN-PC\SkyDrive:ms-properties
 
==================== Safe Mode (whitelisted) ===================
 
(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
 
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\SplashtopRemoteService => ""="Service"
 
==================== EXE Association (whitelisted) ===============
 
(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)
 
 
==================== Other Areas ============================
 
(Currently there is no automatic fix for this section.)
 
HKU\S-1-5-21-2166418066-2980520373-1048856590-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\Ben\AppData\Roaming\Microsoft\Windows Photo Viewer\Windows Photo Viewer Wallpaper.jpg
DNS Servers: 75.75.75.75 - 75.75.76.76
 
==================== MSCONFIG/TASK MANAGER disabled items ==
 
(Currently there is no automatic fix for this section.)
 
 
==================== Accounts: =============================
 
Administrator (S-1-5-21-2166418066-2980520373-1048856590-500 - Administrator - Disabled)
Ben (S-1-5-21-2166418066-2980520373-1048856590-1000 - Administrator - Enabled) => C:\Users\Ben
Guest (S-1-5-21-2166418066-2980520373-1048856590-501 - Limited - Disabled)
hmaur_000 (S-1-5-21-2166418066-2980520373-1048856590-1024 - Administrator - Enabled) => C:\Users\hmaur_000.BEN-PC
HomeGroupUser$ (S-1-5-21-2166418066-2980520373-1048856590-1019 - Limited - Enabled)
Mcx1-BEN-PC (S-1-5-21-2166418066-2980520373-1048856590-1009 - Limited - Enabled) => C:\Users\Mcx1-BEN-PC
 
==================== Faulty Device Manager Devices =============
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (04/19/2015 00:07:52 PM) (Source: Windows Search Service) (EventID: 1006) (User: )
Description: The Windows Search Service has failed to create the new search index. Internal error <1, 0x80070003, Failed to create application directory: E:\ProgramData\Microsoft\Search\Data\Applications\>.
 
Error: (04/19/2015 00:07:52 PM) (Source: Windows Search Service) (EventID: 1006) (User: )
Description: The Windows Search Service has failed to create the new search index. Internal error <1, 0x80070003, Failed to create application directory: E:\ProgramData\Microsoft\Search\Data\Applications\>.
 
Error: (04/19/2015 00:07:52 PM) (Source: Windows Search Service) (EventID: 3030) (User: )
Description: The gatherer service cannot be initialized.
 
 
Details:
The Temp folder is on a drive that is full or is inaccessible. Free up space on the drive or verify that you have write permission on the Temp folder.  (HRESULT : 0x80070660) (0x80070660)
 
Error: (04/19/2015 00:07:52 PM) (Source: Windows Search Service) (EventID: 1006) (User: )
Description: The Windows Search Service has failed to create the new search index. Internal error <1, 0x80070003, Failed to create application directory: E:\ProgramData\Microsoft\Search\Data\Applications\>.
 
Error: (04/19/2015 00:07:52 PM) (Source: Windows Search Service) (EventID: 3030) (User: )
Description: The gatherer service cannot be initialized.
 
 
Details:
The Temp folder is on a drive that is full or is inaccessible. Free up space on the drive or verify that you have write permission on the Temp folder.  (HRESULT : 0x80070660) (0x80070660)
 
Error: (04/19/2015 00:07:51 PM) (Source: Windows Search Service) (EventID: 1006) (User: )
Description: The Windows Search Service has failed to create the new search index. Internal error <1, 0x80070003, Failed to create application directory: E:\ProgramData\Microsoft\Search\Data\Applications\>.
 
Error: (04/19/2015 00:07:51 PM) (Source: Windows Search Service) (EventID: 3030) (User: )
Description: The gatherer service cannot be initialized.
 
 
Details:
The Temp folder is on a drive that is full or is inaccessible. Free up space on the drive or verify that you have write permission on the Temp folder.  (HRESULT : 0x80070660) (0x80070660)
 
Error: (04/19/2015 00:07:51 PM) (Source: Windows Search Service) (EventID: 1006) (User: )
Description: The Windows Search Service has failed to create the new search index. Internal error <1, 0x80070003, Failed to create application directory: E:\ProgramData\Microsoft\Search\Data\Applications\>.
 
Error: (04/19/2015 00:07:51 PM) (Source: Windows Search Service) (EventID: 3030) (User: )
Description: The gatherer service cannot be initialized.
 
 
Details:
The Temp folder is on a drive that is full or is inaccessible. Free up space on the drive or verify that you have write permission on the Temp folder.  (HRESULT : 0x80070660) (0x80070660)
 
Error: (04/19/2015 00:07:51 PM) (Source: Windows Search Service) (EventID: 1006) (User: )
Description: The Windows Search Service has failed to create the new search index. Internal error <1, 0x80070003, Failed to create application directory: E:\ProgramData\Microsoft\Search\Data\Applications\>.
 
 
System errors:
=============
Error: (04/19/2015 00:10:54 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The Windows Search service terminated unexpectedly.  It has done this 78 time(s).
 
Error: (04/19/2015 00:10:54 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: The Windows Search service terminated with the following error: 
%%3
 
Error: (04/19/2015 00:10:50 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The Windows Search service terminated unexpectedly.  It has done this 77 time(s).
 
Error: (04/19/2015 00:10:50 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: The Windows Search service terminated with the following error: 
%%3
 
Error: (04/19/2015 00:10:19 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The Windows Search service terminated unexpectedly.  It has done this 76 time(s).
 
Error: (04/19/2015 00:10:19 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: The Windows Search service terminated with the following error: 
%%3
 
Error: (04/19/2015 00:10:19 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The Windows Search service terminated unexpectedly.  It has done this 75 time(s).
 
Error: (04/19/2015 00:10:19 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: The Windows Search service terminated with the following error: 
%%3
 
Error: (04/19/2015 00:10:19 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The Windows Search service terminated unexpectedly.  It has done this 74 time(s).
 
Error: (04/19/2015 00:10:19 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: The Windows Search service terminated with the following error: 
%%3
 
 
Microsoft Office Sessions:
=========================
Error: (04/19/2015 00:07:52 PM) (Source: Windows Search Service) (EventID: 1006) (User: )
Description: 10x80070003Failed to create application directory: E:\ProgramData\Microsoft\Search\Data\Applications\
 
Error: (04/19/2015 00:07:52 PM) (Source: Windows Search Service) (EventID: 1006) (User: )
Description: 10x80070003Failed to create application directory: E:\ProgramData\Microsoft\Search\Data\Applications\
 
Error: (04/19/2015 00:07:52 PM) (Source: Windows Search Service) (EventID: 3030) (User: )
Description: 
Details:
The Temp folder is on a drive that is full or is inaccessible. Free up space on the drive or verify that you have write permission on the Temp folder.  (HRESULT : 0x80070660) (0x80070660)
 
Error: (04/19/2015 00:07:52 PM) (Source: Windows Search Service) (EventID: 1006) (User: )
Description: 10x80070003Failed to create application directory: E:\ProgramData\Microsoft\Search\Data\Applications\
 
Error: (04/19/2015 00:07:52 PM) (Source: Windows Search Service) (EventID: 3030) (User: )
Description: 
Details:
The Temp folder is on a drive that is full or is inaccessible. Free up space on the drive or verify that you have write permission on the Temp folder.  (HRESULT : 0x80070660) (0x80070660)
 
Error: (04/19/2015 00:07:51 PM) (Source: Windows Search Service) (EventID: 1006) (User: )
Description: 10x80070003Failed to create application directory: E:\ProgramData\Microsoft\Search\Data\Applications\
 
Error: (04/19/2015 00:07:51 PM) (Source: Windows Search Service) (EventID: 3030) (User: )
Description: 
Details:
The Temp folder is on a drive that is full or is inaccessible. Free up space on the drive or verify that you have write permission on the Temp folder.  (HRESULT : 0x80070660) (0x80070660)
 
Error: (04/19/2015 00:07:51 PM) (Source: Windows Search Service) (EventID: 1006) (User: )
Description: 10x80070003Failed to create application directory: E:\ProgramData\Microsoft\Search\Data\Applications\
 
Error: (04/19/2015 00:07:51 PM) (Source: Windows Search Service) (EventID: 3030) (User: )
Description: 
Details:
The Temp folder is on a drive that is full or is inaccessible. Free up space on the drive or verify that you have write permission on the Temp folder.  (HRESULT : 0x80070660) (0x80070660)
 
Error: (04/19/2015 00:07:51 PM) (Source: Windows Search Service) (EventID: 1006) (User: )
Description: 10x80070003Failed to create application directory: E:\ProgramData\Microsoft\Search\Data\Applications\
 
 
CodeIntegrity Errors:
===================================
  Date: 2015-04-14 23:31:18.453
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe) attempted to load \Device\HarddiskVolume2\Windows\assembly\GAC\Microsoft.StdFormat\7.0.3300.0__b03f5f7f11d50a3a\Microsoft.stdformat.dll that did not meet the Microsoft signing level requirements.
 
  Date: 2015-04-14 23:31:18.348
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe) attempted to load \Device\HarddiskVolume2\Windows\assembly\GAC\ADODB\7.0.3300.0__b03f5f7f11d50a3a\adodb.dll that did not meet the Microsoft signing level requirements.
 
  Date: 2015-04-14 23:31:18.273
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe) attempted to load \Device\HarddiskVolume2\Windows\assembly\GAC\MSDATASRC\7.0.3300.0__b03f5f7f11d50a3a\msdatasrc.dll that did not meet the Microsoft signing level requirements.
 
  Date: 2015-04-14 23:31:18.162
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe) attempted to load \Device\HarddiskVolume2\Windows\assembly\GAC\Microsoft.StdFormat\7.0.3300.0__b03f5f7f11d50a3a\Microsoft.stdformat.dll that did not meet the Microsoft signing level requirements.
 
  Date: 2015-04-14 23:31:18.093
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe) attempted to load \Device\HarddiskVolume2\Windows\assembly\GAC\ADODB\7.0.3300.0__b03f5f7f11d50a3a\adodb.dll that did not meet the Microsoft signing level requirements.
 
  Date: 2015-04-14 23:31:18.022
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe) attempted to load \Device\HarddiskVolume2\Windows\assembly\GAC\MSDATASRC\7.0.3300.0__b03f5f7f11d50a3a\msdatasrc.dll that did not meet the Microsoft signing level requirements.
 
  Date: 2015-04-14 23:31:17.409
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe) attempted to load \Device\HarddiskVolume2\Windows\assembly\GAC\stdole\7.0.3300.0__b03f5f7f11d50a3a\stdole.dll that did not meet the Microsoft signing level requirements.
 
  Date: 2015-04-14 23:31:17.255
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe) attempted to load \Device\HarddiskVolume2\Windows\assembly\GAC\stdole\7.0.3300.0__b03f5f7f11d50a3a\stdole.dll that did not meet the Microsoft signing level requirements.
 
  Date: 2015-03-28 21:32:53.368
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2015-03-28 21:32:53.230
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
 
==================== Memory info =========================== 
 
Processor: Intel® Core™ i5-2500K CPU @ 3.30GHz
Percentage of memory in use: 39%
Total physical RAM: 8156.87 MB
Available physical RAM: 4914.03 MB
Total Pagefile: 16348.87 MB
Available Pagefile: 12287.15 MB
Total Virtual: 131072 MB
Available Virtual: 131071.84 MB
 
==================== Drives ================================
 
Drive c: () (Fixed) (Total:59.53 GB) (Free:11.67 GB) NTFS
Drive f: (2TB Barracuda) (Fixed) (Total:1862.89 GB) (Free:973.59 GB) NTFS
Drive h: (FreeAgent Drive) (Fixed) (Total:1397.26 GB) (Free:405.91 GB) NTFS
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 59.6 GB) (Disk ID: DD86ADA8)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=59.5 GB) - (Type=07 NTFS)
 
========================================================
Disk: 1 (MBR Code: Windows 7 or 8) (Size: 1863 GB) (Disk ID: 00000000)
 
Partition: GPT Partition Type.
 
========================================================
Disk: 2 (MBR Code: Windows XP) (Size: 1397.3 GB) (Disk ID: DA3B62C0)
Partition 1: (Not Active) - (Size=1397.3 GB) - (Type=07 NTFS)
 
==================== End Of Log ============================
 
FRST Log:
 
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 19-04-2015 01
Ran by Ben (administrator) on BEN-PC on 19-04-2015 12:10:39
Running from F:\Users\Ben\Downloads
Loaded Profiles: Ben (Available profiles: Ben & Mcx1-BEN-PC & hmaur_000 & DefaultAppPool)
Platform: Windows 8.1 Pro (X64) OS Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(SUPERAntiSpyware.com) F:\Program Files\SUPERAntiSpyware\SASCore64.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
() C:\Program Files (x86)\ASUS\AXSP\1.00.19\atkexComSvc.exe
(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\AAHM\1.00.20\aaHMSvc.exe
(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.13\AsSysCtrlService.exe
(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\AsusFanControlService\1.01.04\AsusFanControlService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Google Inc.) F:\Program Files (x86)\Google\Chrome Remote Desktop\42.0.2311.39\remoting_host.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office 15\ClientX64\officeclicktorun.exe
(Google Inc.) F:\Program Files (x86)\Google\Chrome Remote Desktop\42.0.2311.39\remoting_host.exe
(Code 42 Software) C:\Program Files\CrashPlan\CrashPlanService.exe
() C:\Program Files (x86)\Dokan\DokanLibrary\mounter.exe
(Microsoft Corporation) C:\Windows\System32\dasHost.exe
(Fitbit, Inc.) F:\Program Files (x86)\Fitbit Connect\FitbitConnectService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe
(MediaMall Technologies, Inc.) C:\Program Files (x86)\MediaMall\MediaMallServer.exe
(Microsoft Corporation) C:\Windows\System32\mqsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(Splashtop Inc.) C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\SRService.exe
(Splashtop Inc.) C:\Program Files (x86)\Splashtop\Splashtop Software Updater\SSUService.exe
(GlavSoft LLC.) F:\Program Files\TightVNC\tvnserver.exe
(Company) C:\Program Files (x86)\Popcorn Time\Updater.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MsMpEng.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\NisSrv.exe
(IvoSoft) F:\Program Files\Classic Shell\ClassicStartMenu.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.5.9600.20689_x64__8wekyb3d8bbwe\livecomm.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(Splashtop Inc.) C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\SRServer.exe
(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\AI Suite II\AsRoutineController.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\InstallShield Installation Information\{11F6707B-88F9-4D2D-A138-27B657BAE4D2}\AiChargerDT.exe
() C:\Program Files (x86)\ASUS\AI Suite II\EasyUpdate\EzUpdt.exe
(ASUSTeK) C:\Program Files (x86)\ASUS\AI Suite II\Ai Charger II\AsChargerIITray.exe
(Splashtop Inc.) C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\SRFeature.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
(NVIDIA Corporation) C:\Users\Ben\AppData\Local\NVIDIA\NvBackend\ApplicationOntology\NvOAWrapperCache.exe
(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\AI Suite II\AI Suite II.exe
(Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe
(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\AI Suite II\Sensor\AlertHelper\AlertHelper.exe
(Microsoft Corporation) C:\Program Files\Microsoft Xbox 360 Accessories\XBoxStat.exe
(GlavSoft LLC.) F:\Program Files\TightVNC\tvnserver.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
(Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe
(Akamai Technologies, Inc.) C:\Users\Ben\AppData\Local\Akamai\netsession_win.exe
(Akamai Technologies, Inc.) C:\Users\Ben\AppData\Local\Akamai\netsession_win.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe
(Valve Corporation) F:\Program Files (x86)\Steam\Steam.exe
(Richard Z.H. Wang) F:\Program Files (x86)\FluffyApp\FluffyApp.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe
(inMethod) F:\Program Files (x86)\AirVideoServer HD\AirVideoServerStarter.exe
(inMethod) F:\Program Files (x86)\AirVideoServer HD\AirVideoServerUI.exe
(Fitbit, Inc.) F:\Program Files (x86)\Fitbit Connect\Fitbit Connect.exe
(Spotify Ltd) C:\Users\Ben\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudDrive.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Google Inc.) C:\Users\Ben\AppData\Local\Programs\Google\MusicManager\MusicManager.exe
(Valve Corporation) F:\Program Files (x86)\Steam\bin\steamwebhelper.exe
(Code 42 Software, Inc.) C:\Program Files\CrashPlan\CrashPlanTray.exe
() F:\Program Files (x86)\AirVideoServer HD\ExternalEncoder.exe
(Hewlett-Packard) C:\Program Files (x86)\Hewlett-Packard\HP Keyboard\BATINDICATOR.exe
(Valve Corporation) C:\Program Files (x86)\Common Files\Steam\SteamService.exe
(Hewlett-Packard) C:\Program Files (x86)\Hewlett-Packard\HP Keyboard\BATINDICATOR_HIDList.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
(Elaborate Bytes AG) F:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Dropbox, Inc.) C:\Users\Ben\AppData\Roaming\Dropbox\bin\Dropbox.exe
() F:\Program Files (x86)\Launchy\Launchy.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office 15\root\office15\ONENOTEM.EXE
(Microsoft Corporation) C:\Windows\SysWOW64\wbem\WmiPrvSE.exe
(Don HO don.h@free.fr) F:\Program Files (x86)\Notepad++\notepad++.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office 15\root\office15\msosync.exe
(Microsoft Corporation) C:\Windows\System32\SkyDrive.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesCommonX64\Microsoft Shared\OFFICE15\csisyncclient.exe
(Google Inc.) F:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) F:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) F:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) F:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) F:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) F:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) F:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) F:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) F:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) F:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) F:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) F:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) F:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) F:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) F:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) F:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) F:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) F:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) F:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) F:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) F:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\SysWOW64\cmd.exe
(LastPass) F:\Program Files (x86)\LastPass\nplastpass.exe
(Google Inc.) F:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) F:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) F:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) F:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) F:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
 
 
==================== Registry (Whitelisted) ==================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [XboxStat] => C:\Program Files\Microsoft Xbox 360 Accessories\XboxStat.exe [825184 2009-09-30] (Microsoft Corporation)
HKLM\...\Run: [tvncontrol] => F:\Program Files\TightVNC\tvnserver.exe [2179056 2013-07-19] (GlavSoft LLC.)
HKLM\...\Run: [ShadowPlay] => C:\WINDOWS\system32\rundll32.exe C:\WINDOWS\system32\nvspcap64.dll,ShadowPlayOnSystemStart
HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2531472 2014-12-12] (NVIDIA Corporation)
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [7204568 2013-11-04] (Realtek Semiconductor)
HKLM\...\Run: [Classic Start Menu] => F:\Program Files\Classic Shell\ClassicStartMenu.exe [161984 2014-04-20] (IvoSoft)
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [169768 2015-02-13] (Apple Inc.)
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [60712 2015-02-13] (Apple Inc.)
HKLM-x32\...\Run: [BATINDICATOR] => C:\Program Files (x86)\Hewlett-Packard\HP Keyboard\BATINDICATOR.exe [2068992 2011-12-14] (Hewlett-Packard)
HKLM-x32\...\Run: [BATINDICATORHL] => C:\Program Files (x86)\Hewlett-Packard\HP Keyboard\BATINDICATOR_HIDList.exe [557056 2010-07-23] (Hewlett-Packard)
HKLM-x32\...\Run: [IAStorIcon] => C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe [283160 2010-11-06] (Intel Corporation)
HKLM-x32\...\Run: [VirtualCloneDrive] => F:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe [88984 2013-03-10] (Elaborate Bytes AG)
HKLM-x32\...\Run: [Fitbit Connect] => F:\Program Files (x86)\Fitbit Connect\Fitbit Connect.exe [3414560 2014-05-19] (Fitbit, Inc.)
HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2014-10-02] (Apple Inc.)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [335232 2015-02-10] (Oracle Corporation)
HKU\S-1-5-21-2166418066-2980520373-1048856590-1000\...\Run: [Akamai NetSession Interface] => C:\Users\Ben\AppData\Local\Akamai\netsession_win.exe [4673432 2014-10-30] (Akamai Technologies, Inc.)
HKU\S-1-5-21-2166418066-2980520373-1048856590-1000\...\Run: [ApplePhotoStreams] => C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe [43816 2014-11-21] (Apple Inc.)
HKU\S-1-5-21-2166418066-2980520373-1048856590-1000\...\Run: [Steam] => F:\Program Files (x86)\Steam\steam.exe [2889408 2015-04-13] (Valve Corporation)
HKU\S-1-5-21-2166418066-2980520373-1048856590-1000\...\Run: [Uploadinator] => F:\Program Files (x86)\FluffyApp\FluffyApp.exe [351232 2014-04-10] (Richard Z.H. Wang)
HKU\S-1-5-21-2166418066-2980520373-1048856590-1000\...\Run: [iCloudServices] => C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe [43816 2014-11-21] (Apple Inc.)
HKU\S-1-5-21-2166418066-2980520373-1048856590-1000\...\Run: [AirVideoServerHD] => F:\Program Files (x86)\AirVideoServer HD\AirVideoServerStarter.exe [2217736 2014-09-29] (inMethod)
HKU\S-1-5-21-2166418066-2980520373-1048856590-1000\...\Run: [Fitbit Connect] => F:\Program Files (x86)\Fitbit Connect\Fitbit Connect.exe [3414560 2014-05-19] (Fitbit, Inc.)
HKU\S-1-5-21-2166418066-2980520373-1048856590-1000\...\Run: [Spotify Web Helper] => C:\Users\Ben\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe [1514040 2015-03-13] (Spotify Ltd)
HKU\S-1-5-21-2166418066-2980520373-1048856590-1000\...\Run: [iCloudDrive] => C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudDrive.exe [43816 2014-11-21] (Apple Inc.)
HKU\S-1-5-21-2166418066-2980520373-1048856590-1000\...\Run: [Google Update] => C:\Users\Ben\AppData\Local\Google\Update\GoogleUpdate.exe [107912 2015-01-31] (Google Inc.)
HKU\S-1-5-21-2166418066-2980520373-1048856590-1000\...\Run: [MusicManager] => C:\Users\Ben\AppData\Local\Programs\Google\MusicManager\MusicManager.exe [7475200 2015-03-31] (Google Inc.)
HKU\S-1-5-21-2166418066-2980520373-1048856590-1000\...\Run: [Spotify] => C:\Users\Ben\AppData\Roaming\Spotify\Spotify.exe [6553144 2015-03-13] (Spotify Ltd)
HKU\S-1-5-21-2166418066-2980520373-1048856590-1000\...\RunOnce: [Application Restart #3] => F:\Program Files (x86)\Google\Chrome\Application\chrome.exe [812872 2015-04-13] (Google Inc.)
HKU\S-1-5-21-2166418066-2980520373-1048856590-1000\...\RunOnce: [Application Restart #4] => C:\Users\Ben\AppData\Local\Pokki\Engine\pokki.exe  --disable-internal-flash --noerrdialogs --no-message-box --disable-extensions --disable-web-security --disable-web-resources --disable-client-side-ph (the data entry has 558 more characters).
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\CrashPlan Tray.lnk [2014-04-11]
ShortcutTarget: CrashPlan Tray.lnk -> C:\Program Files\CrashPlan\CrashPlanTray.exe (Code 42 Software, Inc.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Install LastPass FF RunOnce.lnk [2014-04-11]
ShortcutTarget: Install LastPass FF RunOnce.lnk -> C:\Program Files (x86)\Common Files\lpuninstall.exe (LastPass)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Universal Media Server.lnk [2014-10-24]
ShortcutTarget: Universal Media Server.lnk -> F:\Program Files (x86)\Universal Media Server\UMS.exe (Universal Media Server)
Startup: C:\Users\Ben\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\BB_FuturePress_GameStop_MiniGuide.pdf.lnk [2015-03-24]
ShortcutTarget: BB_FuturePress_GameStop_MiniGuide.pdf.lnk -> C:\ProgramData\{ed5b755c-bea7-212f-ed5b-b755cbead572}\BB_FuturePress_GameStop_MiniGuide.pdf.exe (No File)
Startup: C:\Users\Ben\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk [2013-06-29]
ShortcutTarget: Dropbox.lnk -> C:\Users\Ben\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
Startup: C:\Users\Ben\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Launchy.lnk [2014-04-10]
ShortcutTarget: Launchy.lnk -> F:\Program Files (x86)\Launchy\Launchy.exe ()
Startup: C:\Users\Ben\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Send to OneNote.lnk [2014-02-23]
ShortcutTarget: Send to OneNote.lnk -> C:\Program Files\Microsoft Office 15\root\office15\ONENOTEM.EXE (Microsoft Corporation)
Startup: C:\Users\Ben\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ToggleHiddenFiles.exe - Shortcut.lnk [2011-12-14]
ShortcutTarget: ToggleHiddenFiles.exe - Shortcut.lnk -> E:\Users\Ben\Documents\Toggle HF\ToggleHiddenFiles.exe (No File)
SSODL: EldosMountNotificator - {5FF49FE8-B332-4CB9-B102-FB6951629E55} - C:\Windows\system32\CbFsMntNtf3.dll (EldoS Corporation)
SSODL-x32: EldosMountNotificator - {5FF49FE8-B332-4CB9-B102-FB6951629E55} - C:\Windows\SysWOW64\CbFsMntNtf3.dll (EldoS Corporation)
ShellIconOverlayIdentifiers: [DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Ben\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll [2015-02-10] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Ben\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll [2015-02-10] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [DropboxExt3] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Ben\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll [2015-02-10] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [DropboxExt4] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Ben\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll [2015-02-10] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [EldosIconOverlay] -> {5BB532A2-BF14-4CCC-86B7-71B81EF6F8BC} => C:\Windows\system32\CbFsMntNtf3.dll [2012-04-09] (EldoS Corporation)
ShellIconOverlayIdentifiers: [HardLinkMenu] -> {0A479751-02BC-11d3-A855-0004AC2568AA} => F:\Program Files\LinkShellExtension\HardlinkShellExt.dll [2013-12-29] (Hermann Schinagl)
ShellIconOverlayIdentifiers: [IconOverlayHardLink] -> {0A479751-02BC-11d3-A855-0004AC2568DD} => F:\Program Files\LinkShellExtension\HardlinkShellExt.dll [2013-12-29] (Hermann Schinagl)
ShellIconOverlayIdentifiers: [IconOverlaySymbolicLink] -> {0A479751-02BC-11d3-A855-0004AC2568EE} => F:\Program Files\LinkShellExtension\HardlinkShellExt.dll [2013-12-29] (Hermann Schinagl)
ShellIconOverlayIdentifiers-x32: [DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Ben\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll [2015-02-10] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Ben\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll [2015-02-10] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [DropboxExt3] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Ben\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll [2015-02-10] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [EldosIconOverlay] -> {5BB532A2-BF14-4CCC-86B7-71B81EF6F8BC} => C:\Windows\SysWOW64\CbFsMntNtf3.dll [2012-04-09] (EldoS Corporation)
ShellIconOverlayIdentifiers-x32: [HardLinkMenu] -> {0A479751-02BC-11d3-A855-0004AC2568AA} => F:\Program Files\LinkShellExtension\32\HardlinkShellExt.dll [2013-12-29] (Hermann Schinagl)
ShellIconOverlayIdentifiers-x32: [IconOverlayHardLink] -> {0A479751-02BC-11d3-A855-0004AC2568DD} => F:\Program Files\LinkShellExtension\32\HardlinkShellExt.dll [2013-12-29] (Hermann Schinagl)
ShellIconOverlayIdentifiers-x32: [IconOverlaySymbolicLink] -> {0A479751-02BC-11d3-A855-0004AC2568EE} => F:\Program Files\LinkShellExtension\32\HardlinkShellExt.dll [2013-12-29] (Hermann Schinagl)
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
HKU\S-1-5-21-2166418066-2980520373-1048856590-1000\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/?ocid=iehp
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\Office15\MSOSB.DLL [2014-04-08] (Microsoft Corporation)
Handler-x32: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX86\Microsoft Office\Office15\MSOSB.DLL [2015-02-03] (Microsoft Corporation)
Tcpip\Parameters: [DhcpNameServer] 75.75.75.75 75.75.76.76
 
FireFox:
========
FF ProfilePath: C:\Users\Ben\AppData\Roaming\Mozilla\Firefox\Profiles\06xy0nyz.default
FF DefaultSearchEngine.US: Google
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_17_0_0_169.dll [2015-04-14] ()
FF Plugin: @java.com/DTPlugin,version=11.40.2 -> C:\Program Files\Java\jre1.8.0_40\bin\dtplugin\npDeployJava1.dll [2015-03-22] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.40.2 -> C:\Program Files\Java\jre1.8.0_40\bin\plugin2\npjp2.dll [2015-03-22] (Oracle Corporation)
FF Plugin: @lastpass.com/NPLastPass -> F:\Program Files (x86)\LastPass\nplastpass64.dll [2014-04-11] (LastPass)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll [2014-05-13] ( Microsoft Corporation)
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL [2014-02-11] (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_17_0_0_169.dll [2015-04-14] ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2014-10-30] ()
FF Plugin-x32: @esn.me/esnsonar,version=0.70.4 -> C:\Program Files (x86)\Battlelog Web Plugins\Sonar\0.70.4\npesnsonar.dll [2011-11-03] (ESN Social Software AB)
FF Plugin-x32: @esn/esnlaunch,version=2.1.7 -> C:\Program Files (x86)\Battlelog Web Plugins\2.1.7\npesnlaunch.dll [2013-05-30] (ESN Social Software AB)
FF Plugin-x32: @java.com/DTPlugin,version=11.40.2 -> C:\Program Files (x86)\Java\jre1.8.0_40\bin\dtplugin\npDeployJava1.dll [2015-03-22] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.40.2 -> C:\Program Files (x86)\Java\jre1.8.0_40\bin\plugin2\npjp2.dll [2015-03-22] (Oracle Corporation)
FF Plugin-x32: @lastpass.com/NPLastPass -> F:\Program Files (x86)\LastPass\nplastpass.dll [2014-04-11] (LastPass)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll [2014-05-13] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX86\Microsoft Office\Office15\NPSPWRAP.DLL [2014-02-11] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2011-05-13] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3538.0513 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2011-05-13] (Microsoft Corporation)
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [2015-02-05] (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2015-02-05] (NVIDIA Corporation)
FF Plugin-x32: @playon.tv/PlayOnToolbar -> C:\Program Files (x86)\MediaMall\toolbar\npVT.dll [2014-09-26] (MediaMall Technologies, Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-02-03] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-02-03] (Google Inc.)
FF Plugin HKU\S-1-5-21-2166418066-2980520373-1048856590-1000: @onlive.com/OnLiveGameClientDetector,version=1.0.0 -> C:\Program Files (x86)\OnLive\Plugin\npolgdet.dll No File
FF Plugin HKU\S-1-5-21-2166418066-2980520373-1048856590-1000: @tools.google.com/Google Update;version=3 -> C:\Users\Ben\AppData\Local\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-02-04] (Google Inc.)
FF Plugin HKU\S-1-5-21-2166418066-2980520373-1048856590-1000: @tools.google.com/Google Update;version=9 -> C:\Users\Ben\AppData\Local\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-02-04] (Google Inc.)
FF Plugin HKU\S-1-5-21-2166418066-2980520373-1048856590-1000: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\Ben\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll [2014-10-08] (Unity Technologies ApS)
FF Plugin HKU\S-1-5-21-2166418066-2980520373-1048856590-1000: ubisoft.com/uplaypc -> C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\npuplaypc.dll [2014-05-18] ()
FF Extension: Print pages to PDF - C:\Users\Ben\AppData\Roaming\Mozilla\Firefox\Profiles\06xy0nyz.default\Extensions\printPages2Pdf@reinhold.ripper [2015-04-18]
 
Chrome: 
=======
CHR dev: Chrome dev build detected! <======= ATTENTION
CHR HomePage: Default -> hxxp://www.google.com/
CHR DefaultSuggestURL: Default -> {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client={google:suggestClient}&gs_ri={google:suggestRid}&xssi=t&q={searchTerms}&{google:inputType}{google:cursorPosition}{google:currentPageUrl}{google:pageClassification}{google:searchVersion}{google:sessionToken}{google:prefetchQuery}sugkey={google:suggestAPIKeyParameter}
CHR Profile: C:\Users\Ben\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (CheapShark Deal Search) - C:\Users\Ben\AppData\Local\Google\Chrome\User Data\Default\Extensions\ahdfdhcljjiogoabcemgldinhgoemmjc [2015-04-19]
CHR Extension: (Unfriend Notify for Facebook) - C:\Users\Ben\AppData\Local\Google\Chrome\User Data\Default\Extensions\ahigpjeolkfgjdaeodlmaceggigbpeoh [2014-01-18]
CHR Extension: (Google Docs) - C:\Users\Ben\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-04-09]
CHR Extension: (Google Drive) - C:\Users\Ben\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-04-09]
CHR Extension: (YouTube) - C:\Users\Ben\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-04-09]
CHR Extension: (Google Cast) - C:\Users\Ben\AppData\Local\Google\Chrome\User Data\Default\Extensions\boadgeojelhgndaghljhdicfkmllpafd [2014-12-09]
CHR Extension: (Panel Tabs) - C:\Users\Ben\AppData\Local\Google\Chrome\User Data\Default\Extensions\cafiainadjhopgdkmgcjiokknjkbhbha [2014-12-06]
CHR Extension: (Pushbullet) - C:\Users\Ben\AppData\Local\Google\Chrome\User Data\Default\Extensions\chlffgpmiacpedhhbkiomidkjlcfhogd [2014-09-20]
CHR Extension: (Videostream for Google Chromecast™) - C:\Users\Ben\AppData\Local\Google\Chrome\User Data\Default\Extensions\cnciopoikihiagdjbjpnocolokfelagl [2014-12-14]
CHR Extension: (Spotify - Music for every moment) - C:\Users\Ben\AppData\Local\Google\Chrome\User Data\Default\Extensions\cnkjkdjlofllcpbemipjbcpfnglbgieh [2014-02-11]
CHR Extension: (Google Search) - C:\Users\Ben\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-04-09]
CHR Extension: (Tampermonkey) - C:\Users\Ben\AppData\Local\Google\Chrome\User Data\Default\Extensions\dhdgffkkebhmkfjojejmpbldmpobfkfo [2013-09-14]
CHR Extension: (Google News) - C:\Users\Ben\AppData\Local\Google\Chrome\User Data\Default\Extensions\dllkocilcinkggkchnjgegijklcililc [2013-09-14]
CHR Extension: (Share link via email) - C:\Users\Ben\AppData\Local\Google\Chrome\User Data\Default\Extensions\ejdbkikfbnnhmachnnomjfgjbgkcnjkb [2013-09-29]
CHR Extension: (Wikiwand: Wikipedia Modernized) - C:\Users\Ben\AppData\Local\Google\Chrome\User Data\Default\Extensions\emffkefkbkpkgpdeeooapgaicgmcbolj [2014-08-08]
CHR Extension: (Flix Plus by Lifehacker) - C:\Users\Ben\AppData\Local\Google\Chrome\User Data\Default\Extensions\fcjjgdnadfneaamhipplgpfkdnbfagla [2014-10-01]
CHR Extension: (Chrome Remote Desktop) - C:\Users\Ben\AppData\Local\Google\Chrome\User Data\Default\Extensions\gbchcmhmhahfdphkhkmpfmihenigjmpp [2015-01-13]
CHR Extension: (The Camelizer) - C:\Users\Ben\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghnomdcacenbmilgjigehppbamfndblo [2014-12-23]
CHR Extension: (AdBlock) - C:\Users\Ben\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2014-03-06]
CHR Extension: (Bookmark Manager) - C:\Users\Ben\AppData\Local\Google\Chrome\User Data\Default\Extensions\gmlllbghnfkpflemihljekbapjopfjik [2014-10-29]
CHR Extension: (AmazonSmile 1Button for Chrome) - C:\Users\Ben\AppData\Local\Google\Chrome\User Data\Default\Extensions\hdgenjhkjihnmigcommchefpajjhdmba [2014-08-13]
CHR Extension: (LastPass: Free Password Manager) - C:\Users\Ben\AppData\Local\Google\Chrome\User Data\Default\Extensions\hdokiejnpimakedhajhdlcegeplioahd [2013-09-14]
CHR Extension: (feedly) - C:\Users\Ben\AppData\Local\Google\Chrome\User Data\Default\Extensions\hipbfijinpcgfogaopmgehiegacbhmob [2013-09-14]
CHR Extension: (Smile Always) - C:\Users\Ben\AppData\Local\Google\Chrome\User Data\Default\Extensions\jgpmhnmjbhgkhpbgelalfpplebgfjmbf [2014-12-23]
CHR Extension: (Floating YouTube™) - C:\Users\Ben\AppData\Local\Google\Chrome\User Data\Default\Extensions\jjphmlaoffndcnecccgemfdaaoighkel [2014-10-05]
CHR Extension: (Cisco WebEx Extension) - C:\Users\Ben\AppData\Local\Google\Chrome\User Data\Default\Extensions\jlhmfgmfgeifomenelglieieghnjghma [2014-10-08]
CHR Extension: (Chrome Hotword Shared Module) - C:\Users\Ben\AppData\Local\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg [2015-04-18]
CHR Extension: (Play Midnight for Google Play Music™) - C:\Users\Ben\AppData\Local\Google\Chrome\User Data\Default\Extensions\ljmjmhjkcgfmfdhgplikncgndbdeckci [2015-01-05]
CHR Extension: (Google Play Last.fm Scrobbler) - C:\Users\Ben\AppData\Local\Google\Chrome\User Data\Default\Extensions\llpepekkleeoeiloijhcafgpjdnhhcbl [2015-04-05]
CHR Extension: (Google Maps) - C:\Users\Ben\AppData\Local\Google\Chrome\User Data\Default\Extensions\lneaknkopdijkpnocmklfnjbeapigfbh [2013-09-14]
CHR Extension: (Humble New Tab Page) - C:\Users\Ben\AppData\Local\Google\Chrome\User Data\Default\Extensions\mfgdmpfihlmdekaclngibpjhdebndhdj [2014-10-16]
CHR Extension: (Pinboard Plus) - C:\Users\Ben\AppData\Local\Google\Chrome\User Data\Default\Extensions\mphdppdgoagghpmmhodmfajjlloijnbd [2015-04-19]
CHR Extension: (Google Wallet) - C:\Users\Ben\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-08-30]
CHR Extension: (Pickpocket) - C:\Users\Ben\AppData\Local\Google\Chrome\User Data\Default\Extensions\ohfomjjafcdfkdodojjgkhlepcofaail [2013-09-14]
CHR Extension: (Wunderlist for Chrome) - C:\Users\Ben\AppData\Local\Google\Chrome\User Data\Default\Extensions\ojcflmmmcfpacggndoaaflkmcoblhnbh [2014-08-01]
CHR Extension: (Enhanced Steam) - C:\Users\Ben\AppData\Local\Google\Chrome\User Data\Default\Extensions\okadibdjfemgnhjiembecghcbfknbfhg [2014-10-28]
CHR Extension: (Amazon 1Button App for Chrome) - C:\Users\Ben\AppData\Local\Google\Chrome\User Data\Default\Extensions\pbjikboenpfhbbejgkoklgkhjpfogcam [2015-04-19]
CHR Extension: (Gmail) - C:\Users\Ben\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-04-09]
CHR Extension: (Popout for YouTube™) - C:\Users\Ben\AppData\Local\Google\Chrome\User Data\Default\Extensions\pofekaindcmmojfnfgbpklepkjfilcep [2014-05-07]
CHR HKLM-x32\...\Chrome\Extension: [lggaaajacmlhgbpldaboipiinndchjgm] - C:\Program Files (x86)\MediaMall\toolbar\ce.crx [2014-06-13]
 
Opera: 
=======
StartMenuInternet: (HKLM) Opera - E:\Program Files (x86)\Opera\Opera.exe
 
==================== Services (Whitelisted) =================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 !SASCORE; F:\Program Files\SUPERAntiSpyware\SASCORE64.EXE [172344 2014-07-22] (SUPERAntiSpyware.com)
R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [77128 2015-01-20] (Apple Inc.)
R2 asComSvc; C:\Program Files (x86)\ASUS\AXSP\1.00.19\atkexComSvc.exe [920736 2012-10-05] ()
R2 asHmComSvc; C:\Program Files (x86)\ASUS\AAHM\1.00.20\aaHMSvc.exe [951936 2012-10-05] (ASUSTeK Computer Inc.)
R2 AsSysCtrlService; C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.13\AsSysCtrlService.exe [149120 2012-02-17] (ASUSTeK Computer Inc.)
R2 AsusFanControlService; C:\Program Files (x86)\ASUS\AsusFanControlService\1.01.04\AsusFanControlService.exe [1473664 2012-04-10] (ASUSTeK Computer Inc.)
S3 BthHFSrv; C:\Windows\System32\BthHFSrv.dll [324608 2014-10-28] (Microsoft Corporation)
R2 chromoting; C:\Program Files (x86)\Google\Chrome Remote Desktop\42.0.2311.39\remoting_host.exe [56648 2015-03-08] (Google Inc.)
R2 ClickToRunSvc; C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe [2714800 2015-02-10] (Microsoft Corporation)
R2 CrashPlanService; C:\Program Files\CrashPlan\CrashPlanService.exe [223232 2014-02-19] (Code 42 Software) [File not signed]
R2 DokanMounter; C:\Program Files (x86)\Dokan\DokanLibrary\mounter.exe [11776 2010-07-05] () [File not signed]
R2 Fitbit Connect; F:\Program Files (x86)\Fitbit Connect\FitbitConnectService.exe [1436192 2014-05-19] (Fitbit, Inc.)
S3 Futuremark SystemInfo Service; C:\Program Files (x86)\Futuremark\SystemInfo\FMSISvc.exe [614624 2014-12-10] (Futuremark)
S3 GalaxyService; C:\Program Files (x86)\GalaxyClient\GalaxyService.exe [1885472 2014-07-17] (GOG.com)
R2 GfExperienceService; C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe [1148560 2014-12-12] (NVIDIA Corporation)
S2 MBAMService; F:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1080120 2015-03-17] (Malwarebytes Corporation)
R2 MediaMall Server; C:\Program Files (x86)\MediaMall\MediaMallServer.exe [5826352 2014-11-24] (MediaMall Technologies, Inc.)
R2 MSMQ; C:\Windows\system32\mqsvc.exe [25600 2013-10-19] (Microsoft Corporation)
R2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1701520 2014-12-12] (NVIDIA Corporation)
R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [19823248 2014-12-12] (NVIDIA Corporation)
S3 Origin Client Service; F:\Program Files (x86)\Origin\OriginClientService.exe [1910128 2015-02-22] (Electronic Arts)
R2 tvnserver; F:\Program Files\TightVNC\tvnserver.exe [2179056 2013-07-19] (GlavSoft LLC.)
R2 Update service; C:\Program Files (x86)\Popcorn Time\Updater.exe [179712 2014-10-14] (Company) [File not signed]
S3 w3logsvc; C:\Windows\system32\inetsrv\w3logsvc.dll [76800 2014-07-02] (Microsoft Corporation)
R2 W3SVC; C:\Windows\system32\inetsrv\iisw3adm.dll [546304 2013-10-19] (Microsoft Corporation)
R3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [366520 2015-02-03] (Microsoft Corporation)
R2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23792 2015-02-03] (Microsoft Corporation)
S3 DAUpdaterSvc; E:\Program Files (x86)\Origin Games\Dragon Age Origins Ultimate Edition\\bin_ship\DAUpdaterSvc.Service.exe [X]
 
==================== Drivers (Whitelisted) ====================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
S3 AiCharger; C:\Windows\SysWow64\drivers\AiCharger.sys [14848 2012-03-22] (ASUSTek Computer Inc.)
R3 AiChargerDT; C:\Windows\SysWow64\drivers\AiChargerDT.sys [14880 2012-10-18] (ASUSTek Computer Inc.)
R1 AsIO; C:\Windows\SysWow64\drivers\AsIO.sys [15232 2012-08-22] ()
R1 AsUpIO; C:\Windows\SysWow64\drivers\AsUpIO.sys [14464 2010-08-03] ()
R2 Dokan; C:\Windows\system32\drivers\dokan.sys [106888 2010-07-05] (Windows ® Win 7 DDK provider)
S3 FlyUsb; C:\Windows\System32\drivers\FlyUsb.sys [24576 2013-10-31] (LeapFrog)
S3 HTCAND64; C:\Windows\System32\Drivers\ANDROIDUSB.sys [33736 2009-11-02] (HTC, Corporation) [File not signed]
R3 MBAMProtector; C:\WINDOWS\system32\drivers\mbam.sys [25816 2015-03-17] (Malwarebytes Corporation)
S3 MBAMWebAccessControl; C:\WINDOWS\system32\drivers\mwac.sys [64216 2015-03-17] (Malwarebytes Corporation)
R3 MQAC; C:\Windows\System32\drivers\mqac.sys [173568 2013-10-19] (Microsoft Corporation)
R3 msvad_simple; C:\Windows\system32\drivers\povrtdev.sys [28528 2012-03-29] (MediaMall Technologies, Inc.)
R3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [19600 2014-12-12] (NVIDIA Corporation)
R3 nvvad_WaveExtensible; C:\Windows\system32\drivers\nvvad64v.sys [38032 2014-11-22] (NVIDIA Corporation)
R1 RawDisk3; C:\WINDOWS\system32\drivers\rawdsk3.sys [32912 2014-08-12] (EldoS Corporation)
R1 SASDIFSV; F:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS [14928 2011-07-22] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
R1 SASKUTIL; F:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS [12368 2011-07-12] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
R3 sthid; C:\Windows\System32\drivers\sthid.sys [21216 2014-03-18] (Splashtop Inc.)
S3 VLAN; C:\Windows\System32\DRIVERS\RtVLAN60.sys [29472 2010-01-14] (Windows ® Codename Longhorn DDK provider)
R3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [114496 2015-02-03] (Microsoft Corporation)
R3 xusb22; C:\Windows\System32\drivers\xusb22.sys [87040 2014-03-18] (Microsoft Corporation)
S3 7ByteIo; \??\F:\Program Files (x86)\Hot CPU Tester Pro 4 LE\SysInfoX64.sys [X]
S3 cpuz138; \??\C:\WINDOWS\TEMP\cpuz138\cpuz138_x64.sys [X]
S3 GPUZ; \??\C:\WINDOWS\TEMP\GPUZ.sys [X]
U3 idsvc; No ImagePath
 
==================== NetSvcs (Whitelisted) ===================
 
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
 
 
==================== One Month Created Files and Folders ========
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2015-04-19 12:07 - 2015-04-19 12:07 - 00000231 _____ () C:\WINDOWS\setupact.log
2015-04-19 12:07 - 2015-04-19 12:07 - 00000000 _____ () C:\WINDOWS\setuperr.log
2015-04-19 12:01 - 2015-04-19 12:10 - 00000000 ____D () C:\FRST
2015-04-19 12:00 - 2015-04-19 12:06 - 00000000 ____D () C:\AdwCleaner
2015-04-18 18:26 - 2015-04-18 18:27 - 00000000 ____D () C:\Users\Ben\AppData\Local\CutePDF Writer
2015-04-18 18:26 - 2015-04-18 18:26 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CutePDF
2015-04-18 18:26 - 2015-04-18 18:26 - 00000000 ____D () C:\Program Files (x86)\GPLGS
2015-04-18 18:26 - 2015-04-18 18:26 - 00000000 ____D () C:\Program Files (x86)\Acro Software
2015-04-18 18:26 - 2013-10-23 15:24 - 00087600 _____ () C:\WINDOWS\system32\cpwmon64.dll
2015-04-18 14:25 - 2015-04-19 03:52 - 00132400 _____ () C:\WINDOWS\WindowsUpdate.log
2015-04-14 23:16 - 2015-04-14 23:16 - 00000000 ____D () C:\WINDOWS\system32\appraiser
2015-04-14 22:13 - 2015-03-23 16:59 - 07476032 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe
2015-04-14 22:13 - 2015-03-23 16:59 - 01733952 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntdll.dll
2015-04-14 22:13 - 2015-03-23 16:59 - 00360480 _____ (Microsoft Corporation) C:\WINDOWS\system32\sechost.dll
2015-04-14 22:13 - 2015-03-23 16:58 - 01498872 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ntdll.dll
2015-04-14 22:13 - 2015-03-23 16:45 - 00257216 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\sechost.dll
2015-04-14 22:13 - 2015-03-19 23:12 - 00246272 _____ (Microsoft Corporation) C:\WINDOWS\system32\microsoft-windows-system-events.dll
2015-04-14 22:13 - 2015-03-19 23:10 - 00285184 _____ (Microsoft Corporation) C:\WINDOWS\system32\wow64.dll
2015-04-14 22:13 - 2015-03-19 23:10 - 00013312 _____ (Microsoft Corporation) C:\WINDOWS\system32\wow64cpu.dll
2015-04-14 22:13 - 2015-03-19 22:17 - 00411648 _____ (Microsoft Corporation) C:\WINDOWS\system32\tracerpt.exe
2015-04-14 22:13 - 2015-03-19 21:41 - 00369152 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tracerpt.exe
2015-04-14 22:13 - 2015-03-19 21:40 - 00950784 _____ (Microsoft Corporation) C:\WINDOWS\system32\tdh.dll
2015-04-14 22:13 - 2015-03-19 21:16 - 00749568 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tdh.dll
2015-04-14 22:13 - 2015-03-14 03:20 - 01385256 _____ (Microsoft Corporation) C:\WINDOWS\system32\msctf.dll
2015-04-14 22:13 - 2015-03-14 03:13 - 01124352 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msctf.dll
2015-04-14 22:13 - 2015-03-12 21:58 - 00259072 _____ (Microsoft Corporation) C:\WINDOWS\system32\pku2u.dll
2015-04-14 22:13 - 2015-03-12 21:37 - 00208896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\pku2u.dll
2015-04-14 22:13 - 2015-02-20 18:49 - 00780800 _____ (Microsoft Corporation) C:\WINDOWS\system32\lsm.dll
2015-04-14 22:12 - 2015-03-22 17:45 - 00227328 _____ (Microsoft Corporation) C:\WINDOWS\system32\aepdu.dll
2015-04-14 22:12 - 2015-03-22 17:09 - 01111552 _____ (Microsoft Corporation) C:\WINDOWS\system32\aeinv.dll
2015-04-14 22:12 - 2015-03-22 17:09 - 00957440 _____ (Microsoft Corporation) C:\WINDOWS\system32\appraiser.dll
2015-04-14 22:12 - 2015-03-22 17:09 - 00769024 _____ (Microsoft Corporation) C:\WINDOWS\system32\invagent.dll
2015-04-14 22:12 - 2015-03-22 17:09 - 00726528 _____ (Microsoft Corporation) C:\WINDOWS\system32\generaltel.dll
2015-04-14 22:12 - 2015-03-22 17:09 - 00419328 _____ (Microsoft Corporation) C:\WINDOWS\system32\devinv.dll
2015-04-14 22:12 - 2015-03-22 17:09 - 00030720 _____ (Microsoft Corporation) C:\WINDOWS\system32\acmigration.dll
2015-04-14 22:12 - 2015-03-14 03:54 - 00133256 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuauclt.exe
2015-04-14 22:12 - 2015-03-13 20:56 - 00066048 _____ (Microsoft Corporation) C:\WINDOWS\system32\wups.dll
2015-04-14 22:12 - 2015-03-13 20:56 - 00052224 _____ (Microsoft Corporation) C:\WINDOWS\system32\wups2.dll
2015-04-14 22:12 - 2015-03-13 20:51 - 00015360 _____ (Microsoft Corporation) C:\WINDOWS\system32\wu.upgrade.ps.dll
2015-04-14 22:12 - 2015-03-13 20:37 - 00267264 _____ (Microsoft Corporation) C:\WINDOWS\system32\WinSetupUI.dll
2015-04-14 22:12 - 2015-03-13 20:14 - 00027136 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wups.dll
2015-04-14 22:12 - 2015-03-13 19:22 - 03678720 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuaueng.dll
2015-04-14 22:12 - 2015-03-13 19:12 - 00140288 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuwebv.dll
2015-04-14 22:12 - 2015-03-13 19:12 - 00035840 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuapp.exe
2015-04-14 22:12 - 2015-03-13 19:09 - 00200192 _____ (Microsoft Corporation) C:\WINDOWS\system32\storewuauth.dll
2015-04-14 22:12 - 2015-03-13 19:08 - 00408064 _____ (Microsoft Corporation) C:\WINDOWS\system32\WUSettingsProvider.dll
2015-04-14 22:12 - 2015-03-13 19:08 - 00095744 _____ (Microsoft Corporation) C:\WINDOWS\system32\wudriver.dll
2015-04-14 22:12 - 2015-03-13 19:06 - 02373632 _____ (Microsoft Corporation) C:\WINDOWS\system32\wucltux.dll
2015-04-14 22:12 - 2015-03-13 19:06 - 00891392 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuapi.dll
2015-04-14 22:12 - 2015-03-13 19:02 - 00124928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wuwebv.dll
2015-04-14 22:12 - 2015-03-13 19:02 - 00029696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wuapp.exe
2015-04-14 22:12 - 2015-03-13 18:59 - 00721920 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wuapi.dll
2015-04-14 22:12 - 2015-03-13 18:59 - 00081920 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wudriver.dll
2015-04-14 22:12 - 2015-03-12 23:32 - 24980480 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2015-04-14 22:12 - 2015-03-12 23:08 - 00584192 _____ (Microsoft Corporation) C:\WINDOWS\system32\vbscript.dll
2015-04-14 22:12 - 2015-03-12 23:07 - 02886144 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll
2015-04-14 22:12 - 2015-03-12 22:53 - 00816128 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript.dll
2015-04-14 22:12 - 2015-03-12 22:50 - 06025216 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
2015-04-14 22:12 - 2015-03-12 22:42 - 19695616 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2015-04-14 22:12 - 2015-03-12 22:28 - 00503296 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\vbscript.dll
2015-04-14 22:12 - 2015-03-12 22:26 - 00092160 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtmled.dll
2015-04-14 22:12 - 2015-03-12 22:22 - 02278400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll
2015-04-14 22:12 - 2015-03-12 22:17 - 01032704 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcomm.dll
2015-04-14 22:12 - 2015-03-12 22:16 - 00664064 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript.dll
2015-04-14 22:12 - 2015-03-12 22:08 - 00720384 _____ (Microsoft Corporation) C:\WINDOWS\system32\ie4uinit.exe
2015-04-14 22:12 - 2015-03-12 22:07 - 00801280 _____ (Microsoft Corporation) C:\WINDOWS\system32\msfeeds.dll
2015-04-14 22:12 - 2015-03-12 22:00 - 14397440 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2015-04-14 22:12 - 2015-03-12 21:50 - 00880128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcomm.dll
2015-04-14 22:12 - 2015-03-12 21:49 - 04305408 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll
2015-04-14 22:12 - 2015-03-12 21:45 - 02358784 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll
2015-04-14 22:12 - 2015-03-12 21:44 - 00689152 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msfeeds.dll
2015-04-14 22:12 - 2015-03-12 21:34 - 12825600 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
2015-04-14 22:12 - 2015-03-12 21:33 - 01548288 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
2015-04-14 22:12 - 2015-03-12 21:22 - 00800768 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieapfltr.dll
2015-04-14 22:12 - 2015-03-12 21:20 - 01888256 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll
2015-04-14 22:12 - 2015-03-12 21:16 - 01311232 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll
2015-04-14 22:12 - 2015-03-12 21:14 - 00710144 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieapfltr.dll
2015-04-14 22:12 - 2015-03-04 05:25 - 00377152 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\clfs.sys
2015-04-14 22:12 - 2015-03-03 22:04 - 00075264 _____ (Microsoft Corporation) C:\WINDOWS\system32\clfsw32.dll
2015-04-14 22:12 - 2015-03-03 21:19 - 00058880 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\clfsw32.dll
2015-04-14 22:12 - 2015-02-24 03:32 - 00991552 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\http.sys
2015-04-14 22:12 - 2014-12-02 18:09 - 00192000 _____ (Microsoft Corporation) C:\WINDOWS\system32\aepic.dll
2015-04-12 14:08 - 2015-04-12 14:08 - 00000000 ____D () C:\PatchMyPCUpdates
2015-04-10 17:47 - 2015-04-18 11:09 - 00000020 _____ () C:\Users\Ben\AppData\Roaming\appdataFr3.bin
2015-04-09 17:58 - 2015-04-09 17:58 - 00000000 ____D () C:\ProgramData\{6ccc42bb-942c-43ee-6ccc-c42bb9420aee}
2015-04-09 17:45 - 2015-04-09 18:26 - 00000000 ____D () C:\Program Files (x86)\AppendInit
2015-04-09 17:44 - 2015-04-09 18:26 - 00000000 ____D () C:\Program Files (x86)\BruowsinngClearr
2015-04-09 17:44 - 2015-04-09 17:44 - 00000000 ____D () C:\Program Files (x86)\DiscountExt
2015-04-09 09:47 - 2015-04-14 22:46 - 00000020 _____ () C:\Users\hmaur_000.BEN-PC\AppData\Roaming\appdataFr3.bin
2015-04-08 07:05 - 2015-04-09 18:26 - 00000000 ____D () C:\Program Files (x86)\IncludeRunner
2015-04-04 14:07 - 2015-04-04 14:07 - 00000000 ____D () C:\Users\Ben\AppData\Roaming\SUPERAntiSpyware.com
2015-04-03 22:24 - 2015-04-03 22:24 - 00000000 ___SD () C:\WINDOWS\SysWOW64\GWX
2015-04-03 22:24 - 2015-04-03 22:24 - 00000000 ___SD () C:\WINDOWS\system32\GWX
2015-03-26 23:21 - 2015-04-14 21:00 - 00136408 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2015-03-26 23:21 - 2015-03-26 23:21 - 00000832 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2015-03-26 23:21 - 2015-03-26 23:21 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2015-03-26 23:21 - 2015-03-26 23:21 - 00000000 ____D () C:\ProgramData\Malwarebytes
2015-03-26 23:21 - 2015-03-17 06:15 - 00107736 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbamchameleon.sys
2015-03-26 23:21 - 2015-03-17 06:15 - 00064216 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mwac.sys
2015-03-26 23:21 - 2015-03-17 06:15 - 00025816 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbam.sys
2015-03-26 22:00 - 2015-03-26 22:00 - 00000903 _____ () C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk
2015-03-26 22:00 - 2015-03-26 22:00 - 00000000 ____D () C:\Users\hmaur_000.BEN-PC\AppData\Roaming\SUPERAntiSpyware.com
2015-03-26 22:00 - 2015-03-26 22:00 - 00000000 ____D () C:\ProgramData\SUPERAntiSpyware.com
2015-03-24 13:46 - 2015-04-09 17:44 - 00000000 ____D () C:\ProgramData\2558436458772984200
2015-03-24 13:45 - 2015-04-09 18:14 - 00000000 ____D () C:\ProgramData\{ed5b755c-bea7-212f-ed5b-b755cbead572}
 
==================== One Month Modified Files and Folders =======
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2015-04-19 12:10 - 2014-12-21 22:00 - 00000000 ____D () C:\Users\Ben\AppData\Roaming\ClassicShell
2015-04-19 12:08 - 2014-10-24 18:47 - 00000000 ____D () C:\ProgramData\UMS
2015-04-19 12:08 - 2014-10-19 16:28 - 00000000 ___RD () C:\Users\Ben\iCloudDrive
2015-04-19 12:08 - 2014-02-11 20:11 - 00004958 _____ () C:\WINDOWS\System32\Tasks\Microsoft Office 15 Sync Maintenance for BEN-PC-Ben Ben-PC
2015-04-19 12:08 - 2013-10-18 22:01 - 00000000 __RDO () C:\Users\Ben\SkyDrive
2015-04-19 12:08 - 2012-05-19 17:56 - 00000000 ____D () C:\ProgramData\MediaMall
2015-04-19 12:08 - 2011-09-02 20:58 - 00000000 ____D () C:\Users\Ben\AppData\Roaming\Dropbox
2015-04-19 12:08 - 2011-08-21 22:15 - 00000000 ____D () C:\Users\Ben\AppData\Roaming\Spotify
2015-04-19 12:07 - 2013-12-19 21:53 - 00000916 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2015-04-19 12:07 - 2013-10-18 21:45 - 00000000 ____D () C:\ProgramData\NVIDIA
2015-04-19 12:07 - 2013-08-22 09:45 - 00000006 ____H () C:\WINDOWS\Tasks\SA.DAT
2015-04-19 12:07 - 2013-08-22 08:25 - 00786432 ___SH () C:\WINDOWS\system32\config\BBI
2015-04-19 12:03 - 2014-07-09 21:12 - 00000830 _____ () C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
2015-04-19 12:02 - 2013-08-22 10:36 - 00000000 ____D () C:\WINDOWS\system32\sru
2015-04-19 11:57 - 2012-11-04 21:27 - 00003598 _____ () C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-2166418066-2980520373-1048856590-1000
2015-04-19 11:35 - 2015-01-31 22:25 - 00000914 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-2166418066-2980520373-1048856590-1000UA.job
2015-04-19 11:33 - 2013-12-19 21:53 - 00000920 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2015-04-19 10:34 - 2013-12-19 21:52 - 00003910 _____ () C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{4BFFC691-929E-4BE7-9BB1-A97964BC0E33}
2015-04-19 00:35 - 2015-01-31 22:25 - 00000862 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-2166418066-2980520373-1048856590-1000Core.job
2015-04-18 11:17 - 2013-10-19 13:05 - 00000000 ____D () C:\WINDOWS\Minidump
2015-04-18 11:17 - 2011-08-20 12:28 - 00000000 ____D () C:\Users\Ben\AppData\Roaming\Thunderbird
2015-04-18 04:48 - 2013-08-22 10:36 - 00000000 ____D () C:\WINDOWS\AppReadiness
2015-04-17 18:05 - 2014-07-27 18:26 - 00000000 ____D () C:\Users\Ben\AppData\Roaming\FileZilla
2015-04-16 19:38 - 2013-10-18 21:49 - 00000000 ____D () C:\Users\Ben
2015-04-16 19:10 - 2013-09-29 23:04 - 00994132 _____ () C:\WINDOWS\system32\PerfStringBackup.INI
2015-04-16 17:56 - 2014-04-09 19:43 - 00000000 ____D () C:\Users\Ben\AppData\Local\Spotify
2015-04-16 17:13 - 2013-10-18 21:49 - 00000000 ____D () C:\Users\hmaur_000.BEN-PC
2015-04-16 14:43 - 2013-02-10 14:39 - 00000000 ____D () C:\Users\hmaur_000.BEN-PC\AppData\Roaming\Spotify
2015-04-16 12:02 - 2013-10-19 12:44 - 00003934 _____ () C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{42229D0F-A9F9-4CAA-824D-E89DA53BFAA3}
2015-04-15 23:39 - 2012-07-26 02:59 - 00000000 ____D () C:\WINDOWS\CbsTemp
2015-04-15 22:53 - 2013-10-19 09:51 - 00000000 __RDO () C:\Users\hmaur_000.BEN-PC\SkyDrive
2015-04-15 22:53 - 2013-02-10 14:39 - 00000000 ____D () C:\Users\hmaur_000.BEN-PC\AppData\Local\Spotify
2015-04-14 23:41 - 2013-08-22 10:36 - 00000000 ____D () C:\WINDOWS\rescache
2015-04-14 23:33 - 2013-08-22 10:36 - 00000000 ____D () C:\WINDOWS\AppCompat
2015-04-14 23:16 - 2014-12-17 21:21 - 00000000 ___SD () C:\WINDOWS\system32\CompatTel
2015-04-14 22:46 - 2014-12-22 09:20 - 00000000 ____D () C:\Users\hmaur_000.BEN-PC\AppData\Roaming\ClassicShell
2015-04-14 22:46 - 2012-11-27 23:33 - 00000000 ____D () C:\Users\hmaur_000.BEN-PC\AppData\Local\CrashDumps
2015-04-14 22:44 - 2013-08-13 21:00 - 00000000 ____D () C:\WINDOWS\system32\MRT
2015-04-14 22:38 - 2011-08-19 23:39 - 128913832 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2015-04-14 12:03 - 2014-07-09 21:12 - 00003718 _____ () C:\WINDOWS\System32\Tasks\Adobe Flash Player Updater
2015-04-13 18:24 - 2013-08-22 10:38 - 00792056 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
2015-04-13 18:24 - 2013-08-22 10:38 - 00178168 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl
2015-04-11 15:56 - 2011-08-20 00:20 - 00000000 ____D () C:\Users\Ben\AppData\Local\Apple Computer
2015-04-10 17:50 - 2013-08-30 18:02 - 00007601 _____ () C:\Users\Ben\AppData\Local\Resmon.ResmonCfg
2015-04-10 17:48 - 2011-09-02 20:58 - 00000000 ____D () C:\Users\Ben\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
2015-04-09 18:00 - 2014-04-10 21:42 - 00002794 _____ () C:\WINDOWS\System32\Tasks\CCleanerSkipUAC
2015-04-09 17:44 - 2015-03-01 15:08 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2015-04-06 20:44 - 2012-11-27 23:23 - 00003600 _____ () C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-2166418066-2980520373-1048856590-1024
2015-04-06 20:02 - 2014-11-01 11:39 - 00001890 _____ () C:\Users\hmaur_000.BEN-PC\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Spotify.lnk
2015-04-05 19:38 - 2012-03-18 15:53 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2015-04-05 14:10 - 2012-11-22 20:56 - 00000000 ____D () C:\Users\Ben\AppData\Local\CrashDumps
2015-04-05 14:10 - 2011-08-20 00:49 - 00000000 ____D () C:\Users\Ben\AppData\Roaming\uTorrent
2015-04-05 14:09 - 2014-07-27 18:26 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\FileZilla FTP Client
2015-04-05 14:08 - 2015-03-01 15:08 - 00001163 _____ () C:\Users\Public\Desktop\Mozilla Firefox.lnk
2015-04-05 14:08 - 2015-02-22 13:20 - 00001175 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2015-04-03 19:48 - 2015-02-28 16:17 - 00000000 ____D () C:\Users\Ben\AppData\Roaming\vlc
2015-03-28 16:20 - 2015-03-01 15:08 - 00000719 _____ () C:\Users\Public\Desktop\CCleaner.lnk
2015-03-26 22:00 - 2014-02-25 18:02 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SUPERAntiSpyware
2015-03-23 19:05 - 2014-05-28 18:26 - 00000000 ____D () C:\Users\Ben\AppData\Roaming\Dungeonmans
2015-03-22 14:11 - 2015-02-22 17:34 - 00098216 _____ (Oracle Corporation) C:\WINDOWS\SysWOW64\WindowsAccessBridge-32.dll
2015-03-22 14:11 - 2014-07-27 18:33 - 00111016 _____ (Oracle Corporation) C:\WINDOWS\system32\WindowsAccessBridge-64.dll
2015-03-22 14:11 - 2014-07-27 18:33 - 00000000 ____D () C:\Program Files\Java
2015-03-22 14:10 - 2015-02-22 17:34 - 00000000 ____D () C:\Program Files (x86)\Java
2015-03-22 14:10 - 2014-07-20 19:49 - 00000000 ____D () C:\Users\Ben\AppData\Local\Adobe
2015-03-22 13:37 - 2015-02-25 21:27 - 00000000 ____D () C:\Users\Ben\AppData\Local\depths-of-tolagal
2015-03-21 19:23 - 2014-06-22 14:25 - 00000000 ____D () C:\Users\Ben\AppData\Local\nuclearthrone
 
==================== Files in the root of some directories =======
 
2014-01-25 15:20 - 2014-04-11 23:04 - 14883840 _____ (LastPass) C:\Program Files (x86)\Common Files\lpuninstall.exe
2015-04-10 17:47 - 2015-04-18 11:09 - 0000020 _____ () C:\Users\Ben\AppData\Roaming\appdataFr3.bin
2011-09-08 00:27 - 2015-03-18 21:12 - 0000382 _____ () C:\Users\Ben\AppData\Roaming\com.richardwang.FluffyApp.plist
2013-03-30 21:06 - 2013-03-30 21:06 - 1065984 _____ () C:\Users\Ben\AppData\Local\file__0.localstorage
2014-05-29 20:10 - 2014-05-29 20:10 - 0001751 _____ () C:\Users\Ben\AppData\Local\recently-used.xbel
2013-08-30 18:02 - 2015-04-10 17:50 - 0007601 _____ () C:\Users\Ben\AppData\Local\Resmon.ResmonCfg
2012-11-27 19:16 - 2012-11-27 19:16 - 0000003 _____ () C:\Users\Ben\AppData\Local\updater.log
2012-11-27 19:16 - 2013-11-23 20:30 - 0000059 _____ () C:\Users\Ben\AppData\Local\UserProducts.xml
2014-04-09 18:19 - 2014-04-09 18:19 - 0000000 ____H () C:\ProgramData\DP45977C.lfl
2012-10-28 20:23 - 2012-11-05 21:42 - 0000193 _____ () C:\ProgramData\Microsoft.SqlServer.Compact.351.64.bc
2012-04-05 19:38 - 2012-04-05 20:13 - 0000469 _____ () C:\ProgramData\Microsoft.SqlServer.Compact.400.32.bc
 
Some content of TEMP:
====================
C:\Users\Ben\AppData\Local\Temp\converter.exe
C:\Users\Ben\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpxbyk5l.dll
C:\Users\Ben\AppData\Local\Temp\Quarantine.exe
C:\Users\Ben\AppData\Local\Temp\sqlite3.dll
 
 
==================== Bamital & volsnap Check =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
 
 
LastRegBack: 2015-04-19 06:56
 
==================== End Of Log ============================
 
 
So far everything seems okay. 


#4 nasdaq

nasdaq

  • Malware Response Team
  • 39,567 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:11:46 AM

Posted 19 April 2015 - 01:27 PM

Splashtop tracks your surfing habits.
If you WANT TO KEEP IT remove the lines in bold before you save the fixlist.txt file.
(Splashtop Inc.) C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\SRService.exe
(Splashtop Inc.) C:\Program Files (x86)\Splashtop\Splashtop Software Updater\SSUService.exe
(Company) C:\Program Files (x86)\Popcorn Time\Updater.exe
(Splashtop Inc.) C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\SRServer.exe
(Splashtop Inc.) C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\SRFeature.exe
C:\Program Files (x86)\Splashtop


Open notepad (Start =>All Programs => Accessories => Notepad). Please copy the entire contents of the code box below.
start

CloseProcesses:

(Splashtop Inc.) C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\SRService.exe
(Splashtop Inc.) C:\Program Files (x86)\Splashtop\Splashtop Software Updater\SSUService.exe
(Company) C:\Program Files (x86)\Popcorn Time\Updater.exe
(Splashtop Inc.) C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\SRServer.exe
(Splashtop Inc.) C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\SRFeature.exe
C:\Program Files (x86)\Splashtop
(Company) C:\Program Files (x86)\Popcorn Time\Updater.exe
ShortcutTarget: BB_FuturePress_GameStop_MiniGuide.pdf.lnk -> C:\ProgramData\{ed5b755c-bea7-212f-ed5b-b755cbead572}\BB_FuturePress_GameStop_MiniGuide.pdf.exe (No File)
ShortcutTarget: ToggleHiddenFiles.exe - Shortcut.lnk -> E:\Users\Ben\Documents\Toggle HF\ToggleHiddenFiles.exe (No File)
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
FF Plugin HKU\S-1-5-21-2166418066-2980520373-1048856590-1000: @onlive.com/OnLiveGameClientDetector,version=1.0.0 -> C:\Program Files (x86)\OnLive\Plugin\npolgdet.dll No File
CHR dev: Chrome dev build detected! <======= ATTENTION
CHR Extension: (Amazon 1Button App for Chrome) - C:\Users\Ben\AppData\Local\Google\Chrome\User Data\Default\Extensions\pbjikboenpfhbbejgkoklgkhjpfogcam [2015-04-19]
R2 Update service; C:\Program Files (x86)\Popcorn Time\Updater.exe [179712 2014-10-14] (Company) [File not signed]
S3 DAUpdaterSvc; E:\Program Files (x86)\Origin Games\Dragon Age Origins Ultimate Edition\\bin_ship\DAUpdaterSvc.Service.exe [X]
S3 7ByteIo; \??\F:\Program Files (x86)\Hot CPU Tester Pro 4 LE\SysInfoX64.sys [X]
S3 cpuz138; \??\C:\WINDOWS\TEMP\cpuz138\cpuz138_x64.sys [X]
S3 GPUZ; \??\C:\WINDOWS\TEMP\GPUZ.sys [X]
U3 idsvc; No ImagePath
C:\Program Files (x86)\Popcorn Time

End
Save the files as fixlist.txt into the same folder as FRST

Run FRST and click Fix only once and wait.

Restart the computer normally to reset the registry.

The tool will create a log Fixlog.txt please post it to your reply.
===

How is the computer running now?

Edited by nasdaq, 19 April 2015 - 01:28 PM.


#5 benexclaimed

benexclaimed
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:10:46 AM

Posted 20 April 2015 - 08:14 AM

So far so good. Thanks again for the help!

 

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 19-04-2015 01
Ran by Ben at 2015-04-19 21:45:39 Run:1
Running from F:\Users\Ben\Downloads
Loaded Profiles: Ben (Available profiles: Ben & Mcx1-BEN-PC & hmaur_000 & DefaultAppPool)
Boot Mode: Normal
==============================================
 
Content of fixlist:
*****************
start
 
CloseProcesses:
 
(Splashtop Inc.) C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\SRService.exe
(Splashtop Inc.) C:\Program Files (x86)\Splashtop\Splashtop Software Updater\SSUService.exe
(Company) C:\Program Files (x86)\Popcorn Time\Updater.exe
(Splashtop Inc.) C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\SRServer.exe
(Splashtop Inc.) C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\SRFeature.exe
C:\Program Files (x86)\Splashtop
(Company) C:\Program Files (x86)\Popcorn Time\Updater.exe
ShortcutTarget: BB_FuturePress_GameStop_MiniGuide.pdf.lnk -> C:\ProgramData\{ed5b755c-bea7-212f-ed5b-b755cbead572}\BB_FuturePress_GameStop_MiniGuide.pdf.exe (No File)
ShortcutTarget: ToggleHiddenFiles.exe - Shortcut.lnk -> E:\Users\Ben\Documents\Toggle HF\ToggleHiddenFiles.exe (No File)
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
FF Plugin HKU\S-1-5-21-2166418066-2980520373-1048856590-1000: @onlive.com/OnLiveGameClientDetector,version=1.0.0 -> C:\Program Files (x86)\OnLive\Plugin\npolgdet.dll No File
CHR dev: Chrome dev build detected! <======= ATTENTION
CHR Extension: (Amazon 1Button App for Chrome) - C:\Users\Ben\AppData\Local\Google\Chrome\User Data\Default\Extensions\pbjikboenpfhbbejgkoklgkhjpfogcam [2015-04-19]
R2 Update service; C:\Program Files (x86)\Popcorn Time\Updater.exe [179712 2014-10-14] (Company) [File not signed]
S3 DAUpdaterSvc; E:\Program Files (x86)\Origin Games\Dragon Age Origins Ultimate Edition\\bin_ship\DAUpdaterSvc.Service.exe [X]
S3 7ByteIo; \??\F:\Program Files (x86)\Hot CPU Tester Pro 4 LE\SysInfoX64.sys [X]
S3 cpuz138; \??\C:\WINDOWS\TEMP\cpuz138\cpuz138_x64.sys [X]
S3 GPUZ; \??\C:\WINDOWS\TEMP\GPUZ.sys [X]
U3 idsvc; No ImagePath
C:\Program Files (x86)\Popcorn Time
 
End
*****************
 
Processes closed successfully.
C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\SRService.exe => No running process found
C:\Program Files (x86)\Splashtop\Splashtop Software Updater\SSUService.exe => No running process found
C:\Program Files (x86)\Popcorn Time\Updater.exe => No running process found
C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\SRServer.exe => No running process found
C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\SRFeature.exe => No running process found
C:\Program Files (x86)\Splashtop => Moved successfully.
C:\Program Files (x86)\Popcorn Time\Updater.exe => No running process found
C:\ProgramData\{ed5b755c-bea7-212f-ed5b-b755cbead572}\BB_FuturePress_GameStop_MiniGuide.pdf.exe not found.
E:\Users\Ben\Documents\Toggle HF\ToggleHiddenFiles.exe not found.
"HKLM\SOFTWARE\Policies\Google" => Key deleted successfully.
"HKU\S-1-5-21-2166418066-2980520373-1048856590-1000\Software\MozillaPlugins\@onlive.com/OnLiveGameClientDetector,version=1.0.0" => Key deleted successfully.
C:\Program Files (x86)\OnLive\Plugin\npolgdet.dll not found.
CHR dev: Chrome dev build detected! <======= ATTENTION => Error: No automatic fix found for this entry.
C:\Users\Ben\AppData\Local\Google\Chrome\User Data\Default\Extensions\pbjikboenpfhbbejgkoklgkhjpfogcam => Moved successfully.
Update service => Service deleted successfully.
DAUpdaterSvc => Service deleted successfully.
7ByteIo => Service deleted successfully.
cpuz138 => Service deleted successfully.
GPUZ => Service deleted successfully.
idsvc => Service deleted successfully.
C:\Program Files (x86)\Popcorn Time => Moved successfully.
 
 
The system needed a reboot. 
 
==== End of Fixlog 21:45:45 ====


#6 nasdaq

nasdaq

  • Malware Response Team
  • 39,567 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:11:46 AM

Posted 20 April 2015 - 12:34 PM

Glad we could help.

If all is well.

To learn more about how to protect yourself while on the internet read this little guide best security practices keep safe.
http://www.bleepingcomputer.com/forums/t/407147/answers-to-common-security-questions-best-practices/
===

#7 benexclaimed

benexclaimed
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:10:46 AM

Posted 22 April 2015 - 06:49 PM

Oh no -- bad stuff again. This time lots of "DiscountSmasher" ads popping up all over the place.

 

New log:

 

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 22-04-2015 01
Ran by hmaur_000 (administrator) on BEN-PC on 22-04-2015 18:47:41
Running from F:\Users\Ben\Downloads
Loaded Profiles: Ben & hmaur_000 (Available profiles: Ben & Mcx1-BEN-PC & hmaur_000 & DefaultAppPool)
Platform: Windows 8.1 Pro (X64) OS Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
() C:\Program Files (x86)\ASUS\AXSP\1.00.19\atkexComSvc.exe
(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\AAHM\1.00.20\aaHMSvc.exe
(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.13\AsSysCtrlService.exe
(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\AsusFanControlService\1.01.04\AsusFanControlService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Google Inc.) F:\Program Files (x86)\Google\Chrome Remote Desktop\42.0.2311.39\remoting_host.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office 15\ClientX64\officeclicktorun.exe
(Code 42 Software) C:\Program Files\CrashPlan\CrashPlanService.exe
(Google Inc.) F:\Program Files (x86)\Google\Chrome Remote Desktop\42.0.2311.39\remoting_host.exe
() C:\Program Files (x86)\Dokan\DokanLibrary\mounter.exe
(Microsoft Corporation) C:\Windows\System32\dasHost.exe
(Fitbit, Inc.) F:\Program Files (x86)\Fitbit Connect\FitbitConnectService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe
(Microsoft Corporation) C:\Windows\System32\mqsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(GlavSoft LLC.) F:\Program Files\TightVNC\tvnserver.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MsMpEng.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\NisSrv.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
(ASUSTeK) C:\Program Files (x86)\ASUS\AI Suite II\Ai Charger II\AsChargerIITray.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\InstallShield Installation Information\{11F6707B-88F9-4D2D-A138-27B657BAE4D2}\AiChargerDT.exe
() C:\Program Files (x86)\ASUS\AI Suite II\EasyUpdate\EzUpdt.exe
(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\AI Suite II\AsRoutineController.exe
(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\AI Suite II\AI Suite II.exe
(Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe
(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\AI Suite II\Sensor\AlertHelper\AlertHelper.exe
(IvoSoft) F:\Program Files\Classic Shell\ClassicStartMenu.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
(Microsoft Corporation) C:\Program Files\Microsoft Xbox 360 Accessories\XBoxStat.exe
(GlavSoft LLC.) F:\Program Files\TightVNC\tvnserver.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
(Akamai Technologies, Inc.) C:\Users\Ben\AppData\Local\Akamai\netsession_win.exe
(Akamai Technologies, Inc.) C:\Users\Ben\AppData\Local\Akamai\netsession_win.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe
(Valve Corporation) F:\Program Files (x86)\Steam\Steam.exe
(Apple Inc.) C:\Config.Msi\468b5e9.rbf
(Richard Z.H. Wang) F:\Program Files (x86)\FluffyApp\FluffyApp.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe
(inMethod) F:\Program Files (x86)\AirVideoServer HD\AirVideoServerStarter.exe
(Fitbit, Inc.) F:\Program Files (x86)\Fitbit Connect\Fitbit Connect.exe
(inMethod) F:\Program Files (x86)\AirVideoServer HD\AirVideoServerUI.exe
(Spotify Ltd) C:\Users\Ben\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudDrive.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreamsDownloader.exe
(Google Inc.) C:\Users\Ben\AppData\Local\Programs\Google\MusicManager\MusicManager.exe
(Code 42 Software, Inc.) C:\Program Files\CrashPlan\CrashPlanTray.exe
() F:\Program Files (x86)\AirVideoServer HD\ExternalEncoder.exe
(Hewlett-Packard) C:\Program Files (x86)\Hewlett-Packard\HP Keyboard\BATINDICATOR.exe
(Hewlett-Packard) C:\Program Files (x86)\Hewlett-Packard\HP Keyboard\BATINDICATOR_HIDList.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
(Elaborate Bytes AG) F:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe
(Dropbox, Inc.) C:\Users\Ben\AppData\Roaming\Dropbox\bin\Dropbox.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
() F:\Program Files (x86)\Launchy\Launchy.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office 15\root\office15\ONENOTEM.EXE
(Microsoft Corporation) C:\Windows\System32\SkyDrive.exe
(Valve Corporation) F:\Program Files (x86)\Steam\bin\steamwebhelper.exe
(Valve Corporation) C:\Program Files (x86)\Common Files\Steam\SteamService.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesCommonX64\Microsoft Shared\OFFICE15\csisyncclient.exe
(Valve Corporation) F:\Program Files (x86)\Steam\bin\steamwebhelper.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe
(BitTorrent Inc.) C:\Users\Ben\AppData\Roaming\uTorrent\uTorrent.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Apple Application Support\distnoted.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\SyncServer.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Google Inc.) F:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) F:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) F:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) F:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) F:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) F:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) F:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) F:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) F:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) F:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) F:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) F:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) F:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) F:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) F:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) F:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) F:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) F:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) F:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) F:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) F:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\SysWOW64\cmd.exe
(LastPass) F:\Program Files (x86)\LastPass\nplastpass.exe
(Google Inc.) F:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\AI Suite II\AsRoutineController.exe
(ASUSTeK) C:\Program Files (x86)\ASUS\AI Suite II\Ai Charger II\AsChargerIITray.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\InstallShield Installation Information\{11F6707B-88F9-4D2D-A138-27B657BAE4D2}\AiChargerDT.exe
(IvoSoft) F:\Program Files\Classic Shell\ClassicStartMenu.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\AI Suite II\AI Suite II.exe
(Google Inc.) F:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) F:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) F:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) F:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\AI Suite II\Sensor\AlertHelper\AlertHelper.exe
(Google Inc.) F:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Program Files\Microsoft Xbox 360 Accessories\XBoxStat.exe
(GlavSoft LLC.) F:\Program Files\TightVNC\tvnserver.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
(Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe
(Spotify Ltd) C:\Users\hmaur_000.BEN-PC\AppData\Roaming\Spotify\SpotifyWebHelper.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe
(Code 42 Software, Inc.) C:\Program Files\CrashPlan\CrashPlanTray.exe
(Hewlett-Packard) C:\Program Files (x86)\Hewlett-Packard\HP Keyboard\BATINDICATOR.exe
(Hewlett-Packard) C:\Program Files (x86)\Hewlett-Packard\HP Keyboard\BATINDICATOR_HIDList.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
(Elaborate Bytes AG) F:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe
(Oracle Corporation) C:\Program Files\Java\jre1.8.0_40\bin\javaw.exe
(Fitbit, Inc.) F:\Program Files (x86)\Fitbit Connect\Fitbit Connect.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Piriform Ltd) F:\Program Files\CCleaner\CCleaner64.exe
(Microsoft Corporation) C:\Windows\System32\SkyDrive.exe
(Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe
(Google Inc.) F:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.5.9600.20689_x64__8wekyb3d8bbwe\livecomm.exe
(MediaMall Technologies, Inc.) C:\Program Files (x86)\MediaMall\MediaMallServer.exe
 
 
==================== Registry (Whitelisted) ==================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [XboxStat] => C:\Program Files\Microsoft Xbox 360 Accessories\XboxStat.exe [825184 2009-09-30] (Microsoft Corporation)
HKLM\...\Run: [tvncontrol] => F:\Program Files\TightVNC\tvnserver.exe [2179056 2013-07-19] (GlavSoft LLC.)
HKLM\...\Run: [ShadowPlay] => C:\WINDOWS\system32\rundll32.exe C:\WINDOWS\system32\nvspcap64.dll,ShadowPlayOnSystemStart
HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2531472 2014-12-12] (NVIDIA Corporation)
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [7204568 2013-11-04] (Realtek Semiconductor)
HKLM\...\Run: [Classic Start Menu] => F:\Program Files\Classic Shell\ClassicStartMenu.exe [161984 2014-04-20] (IvoSoft)
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [169768 2015-04-07] (Apple Inc.)
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [60712 2015-03-20] (Apple Inc.)
HKLM-x32\...\Run: [BATINDICATOR] => C:\Program Files (x86)\Hewlett-Packard\HP Keyboard\BATINDICATOR.exe [2068992 2011-12-14] (Hewlett-Packard)
HKLM-x32\...\Run: [BATINDICATORHL] => C:\Program Files (x86)\Hewlett-Packard\HP Keyboard\BATINDICATOR_HIDList.exe [557056 2010-07-23] (Hewlett-Packard)
HKLM-x32\...\Run: [IAStorIcon] => C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe [283160 2010-11-06] (Intel Corporation)
HKLM-x32\...\Run: [VirtualCloneDrive] => F:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe [88984 2013-03-10] (Elaborate Bytes AG)
HKLM-x32\...\Run: [Fitbit Connect] => F:\Program Files (x86)\Fitbit Connect\Fitbit Connect.exe [3414560 2014-05-19] (Fitbit, Inc.)
HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2014-10-02] (Apple Inc.)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [335232 2015-02-10] (Oracle Corporation)
HKU\S-1-5-21-2166418066-2980520373-1048856590-1000\...\Run: [Akamai NetSession Interface] => C:\Users\Ben\AppData\Local\Akamai\netsession_win.exe [4673432 2014-10-30] (Akamai Technologies, Inc.)
HKU\S-1-5-21-2166418066-2980520373-1048856590-1000\...\Run: [ApplePhotoStreams] => C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe [43816 2014-11-21] (Apple Inc.)
HKU\S-1-5-21-2166418066-2980520373-1048856590-1000\...\Run: [Steam] => F:\Program Files (x86)\Steam\steam.exe [2889408 2015-04-13] (Valve Corporation)
HKU\S-1-5-21-2166418066-2980520373-1048856590-1000\...\Run: [Uploadinator] => F:\Program Files (x86)\FluffyApp\FluffyApp.exe [351232 2014-04-10] (Richard Z.H. Wang)
HKU\S-1-5-21-2166418066-2980520373-1048856590-1000\...\Run: [iCloudServices] => C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe [43816 2014-11-21] (Apple Inc.)
HKU\S-1-5-21-2166418066-2980520373-1048856590-1000\...\Run: [AirVideoServerHD] => F:\Program Files (x86)\AirVideoServer HD\AirVideoServerStarter.exe [2217736 2014-09-29] (inMethod)
HKU\S-1-5-21-2166418066-2980520373-1048856590-1000\...\Run: [Fitbit Connect] => F:\Program Files (x86)\Fitbit Connect\Fitbit Connect.exe [3414560 2014-05-19] (Fitbit, Inc.)
HKU\S-1-5-21-2166418066-2980520373-1048856590-1000\...\Run: [Spotify Web Helper] => C:\Users\Ben\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe [1514040 2015-03-13] (Spotify Ltd)
HKU\S-1-5-21-2166418066-2980520373-1048856590-1000\...\Run: [iCloudDrive] => C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudDrive.exe [43816 2014-11-21] (Apple Inc.)
HKU\S-1-5-21-2166418066-2980520373-1048856590-1000\...\Run: [Google Update] => C:\Users\Ben\AppData\Local\Google\Update\GoogleUpdate.exe [107912 2015-01-31] (Google Inc.)
HKU\S-1-5-21-2166418066-2980520373-1048856590-1000\...\Run: [MusicManager] => C:\Users\Ben\AppData\Local\Programs\Google\MusicManager\MusicManager.exe [7475200 2015-03-31] (Google Inc.)
HKU\S-1-5-21-2166418066-2980520373-1048856590-1000\...\Run: [Spotify] => C:\Users\Ben\AppData\Roaming\Spotify\Spotify.exe [6553144 2015-03-13] (Spotify Ltd)
HKU\S-1-5-21-2166418066-2980520373-1048856590-1000\...\RunOnce: [Application Restart #3] => F:\Program Files (x86)\Google\Chrome\Application\chrome.exe [812872 2015-04-13] (Google Inc.)
HKU\S-1-5-21-2166418066-2980520373-1048856590-1000\...\RunOnce: [Application Restart #4] => C:\Users\Ben\AppData\Local\Pokki\Engine\pokki.exe  --disable-internal-flash --noerrdialogs --no-message-box --disable-extensions --disable-web-security --disable-web-resources --disable-client-side-ph (the data entry has 558 more characters).
HKU\S-1-5-21-2166418066-2980520373-1048856590-1024\...\Run: [Spotify Web Helper] => C:\Users\hmaur_000.BEN-PC\AppData\Roaming\Spotify\SpotifyWebHelper.exe [2018360 2015-04-06] (Spotify Ltd)
HKU\S-1-5-21-2166418066-2980520373-1048856590-1024\...\Run: [AirVideoServer] => E:\Program Files (x86)\AirVideoServer\AirVideoServer.exe
HKU\S-1-5-21-2166418066-2980520373-1048856590-1024\...\Run: [Akamai NetSession Interface] => C:\Users\Ben\AppData\Local\Akamai\netsession_win.exe [4673432 2014-10-30] (Akamai Technologies, Inc.)
HKU\S-1-5-21-2166418066-2980520373-1048856590-1024\...\Run: [ApplePhotoStreams] => C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe [43816 2014-11-21] (Apple Inc.)
HKU\S-1-5-21-2166418066-2980520373-1048856590-1024\...\Run: [LightShot] => C:\Users\hmaur_000.BEN-PC\AppData\Local\Skillbrains\lightshot\LightShot.exe Flags: uninsdeletevalue
HKU\S-1-5-21-2166418066-2980520373-1048856590-1024\...\Run: [Facebook Update] => "C:\Users\Ben\AppData\Local\Facebook\Update\FacebookUpdate.exe" /c /nocrashserver
HKU\S-1-5-21-2166418066-2980520373-1048856590-1024\...\Run: [Google Update] => C:\Users\Ben\AppData\Local\Google\Update\GoogleUpdate.exe [107912 2015-01-31] (Google Inc.)
HKU\S-1-5-21-2166418066-2980520373-1048856590-1024\...\Run: [MusicManager] => C:\Users\Ben\AppData\Local\Programs\Google\MusicManager\MusicManager.exe [7475200 2015-03-31] (Google Inc.)
HKU\S-1-5-21-2166418066-2980520373-1048856590-1024\...\Run: [Uploadinator] => "E:\Users\Ben\AppData\Local\Richard_Z.H._Wang\FluffyApp\FluffyApp.exe"
HKU\S-1-5-21-2166418066-2980520373-1048856590-1024\...\Run: [iCloudServices] => C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe [43816 2014-11-21] (Apple Inc.)
HKU\S-1-5-21-2166418066-2980520373-1048856590-1024\...\Run: [Spotify] => C:\Users\hmaur_000.BEN-PC\AppData\Roaming\Spotify\Spotify.exe [7112248 2015-04-06] (Spotify Ltd)
HKU\S-1-5-21-2166418066-2980520373-1048856590-1024\...\Run: [GoogleChromeAutoLaunch_269834B8AB8398BE997682896EDC877D] => C:\Program Files (x86)\Google\Chrome\Application\chrome.exe [812872 2015-04-13] (Google Inc.)
HKU\S-1-5-21-2166418066-2980520373-1048856590-1024\...\Run: [SUPERAntiSpyware] => F:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
HKU\S-1-5-21-2166418066-2980520373-1048856590-1024\...\Run: [CCleaner Monitoring] => F:\Program Files\CCleaner\CCleaner64.exe [7451928 2015-03-13] (Piriform Ltd)
HKU\S-1-5-21-2166418066-2980520373-1048856590-1024\...\RunOnce: [Application Restart #2] => C:\Users\hmaur_000.BEN-PC\AppData\Local\Pokki\Engine\pokki.exe  --disable-internal-flash --noerrdialogs --no-message-box --disable-extensions --disable-web-security --disable-web-resources --disable-c (the data entry has 584 more characters).
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\CrashPlan Tray.lnk [2014-04-11]
ShortcutTarget: CrashPlan Tray.lnk -> C:\Program Files\CrashPlan\CrashPlanTray.exe (Code 42 Software, Inc.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Install LastPass FF RunOnce.lnk [2014-04-11]
ShortcutTarget: Install LastPass FF RunOnce.lnk -> C:\Program Files (x86)\Common Files\lpuninstall.exe (LastPass)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Universal Media Server.lnk [2014-10-24]
ShortcutTarget: Universal Media Server.lnk -> F:\Program Files (x86)\Universal Media Server\UMS.exe (Universal Media Server)
Startup: C:\Users\Ben\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\BB_FuturePress_GameStop_MiniGuide.pdf.lnk [2015-03-24]
ShortcutTarget: BB_FuturePress_GameStop_MiniGuide.pdf.lnk -> C:\ProgramData\{ed5b755c-bea7-212f-ed5b-b755cbead572}\BB_FuturePress_GameStop_MiniGuide.pdf.exe (No File)
Startup: C:\Users\Ben\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk [2013-06-29]
ShortcutTarget: Dropbox.lnk -> C:\Users\hmaur_000.BEN-PC\AppData\Roaming\Dropbox\bin\Dropbox.exe (No File)
Startup: C:\Users\Ben\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Launchy.lnk [2014-04-10]
ShortcutTarget: Launchy.lnk -> F:\Program Files (x86)\Launchy\Launchy.exe ()
Startup: C:\Users\Ben\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Send to OneNote.lnk [2014-02-23]
ShortcutTarget: Send to OneNote.lnk -> C:\Program Files\Microsoft Office 15\root\office15\ONENOTEM.EXE (Microsoft Corporation)
Startup: C:\Users\Ben\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ToggleHiddenFiles.exe - Shortcut.lnk [2011-12-14]
ShortcutTarget: ToggleHiddenFiles.exe - Shortcut.lnk -> E:\Users\Ben\Documents\Toggle HF\ToggleHiddenFiles.exe (No File)
SSODL: EldosMountNotificator - {5FF49FE8-B332-4CB9-B102-FB6951629E55} - C:\Windows\system32\CbFsMntNtf3.dll (EldoS Corporation)
SSODL-x32: EldosMountNotificator - {5FF49FE8-B332-4CB9-B102-FB6951629E55} - C:\Windows\SysWOW64\CbFsMntNtf3.dll (EldoS Corporation)
ShellIconOverlayIdentifiers: [DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} =>  No File
ShellIconOverlayIdentifiers: [DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} =>  No File
ShellIconOverlayIdentifiers: [DropboxExt3] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} =>  No File
ShellIconOverlayIdentifiers: [DropboxExt4] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} =>  No File
ShellIconOverlayIdentifiers: [EldosIconOverlay] -> {5BB532A2-BF14-4CCC-86B7-71B81EF6F8BC} => C:\Windows\system32\CbFsMntNtf3.dll [2012-04-09] (EldoS Corporation)
ShellIconOverlayIdentifiers: [HardLinkMenu] -> {0A479751-02BC-11d3-A855-0004AC2568AA} => F:\Program Files\LinkShellExtension\HardlinkShellExt.dll [2013-12-29] (Hermann Schinagl)
ShellIconOverlayIdentifiers: [IconOverlayHardLink] -> {0A479751-02BC-11d3-A855-0004AC2568DD} => F:\Program Files\LinkShellExtension\HardlinkShellExt.dll [2013-12-29] (Hermann Schinagl)
ShellIconOverlayIdentifiers: [IconOverlaySymbolicLink] -> {0A479751-02BC-11d3-A855-0004AC2568EE} => F:\Program Files\LinkShellExtension\HardlinkShellExt.dll [2013-12-29] (Hermann Schinagl)
ShellIconOverlayIdentifiers-x32: [DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\hmaur_000.BEN-PC\AppData\Roaming\Dropbox\bin\DropboxExt.22.dll No File
ShellIconOverlayIdentifiers-x32: [DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\hmaur_000.BEN-PC\AppData\Roaming\Dropbox\bin\DropboxExt.22.dll No File
ShellIconOverlayIdentifiers-x32: [DropboxExt3] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\hmaur_000.BEN-PC\AppData\Roaming\Dropbox\bin\DropboxExt.22.dll No File
ShellIconOverlayIdentifiers-x32: [EldosIconOverlay] -> {5BB532A2-BF14-4CCC-86B7-71B81EF6F8BC} => C:\Windows\SysWOW64\CbFsMntNtf3.dll [2012-04-09] (EldoS Corporation)
ShellIconOverlayIdentifiers-x32: [HardLinkMenu] -> {0A479751-02BC-11d3-A855-0004AC2568AA} => F:\Program Files\LinkShellExtension\32\HardlinkShellExt.dll [2013-12-29] (Hermann Schinagl)
ShellIconOverlayIdentifiers-x32: [IconOverlayHardLink] -> {0A479751-02BC-11d3-A855-0004AC2568DD} => F:\Program Files\LinkShellExtension\32\HardlinkShellExt.dll [2013-12-29] (Hermann Schinagl)
ShellIconOverlayIdentifiers-x32: [IconOverlaySymbolicLink] -> {0A479751-02BC-11d3-A855-0004AC2568EE} => F:\Program Files\LinkShellExtension\32\HardlinkShellExt.dll [2013-12-29] (Hermann Schinagl)
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
HKU\S-1-5-21-2166418066-2980520373-1048856590-1000\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/?ocid=iehp
HKU\S-1-5-21-2166418066-2980520373-1048856590-1024\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/?ocid=iehp
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\Office15\MSOSB.DLL [2014-04-08] (Microsoft Corporation)
Handler-x32: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX86\Microsoft Office\Office15\MSOSB.DLL [2015-02-03] (Microsoft Corporation)
Tcpip\Parameters: [DhcpNameServer] 75.75.75.75 75.75.76.76
 
FireFox:
========
FF ProfilePath: C:\Users\hmaur_000.BEN-PC\AppData\Roaming\Mozilla\Firefox\Profiles\u1fl9mfu.default
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_17_0_0_169.dll [2015-04-14] ()
FF Plugin: @java.com/DTPlugin,version=11.40.2 -> C:\Program Files\Java\jre1.8.0_40\bin\dtplugin\npDeployJava1.dll [2015-03-22] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.40.2 -> C:\Program Files\Java\jre1.8.0_40\bin\plugin2\npjp2.dll [2015-03-22] (Oracle Corporation)
FF Plugin: @lastpass.com/NPLastPass -> F:\Program Files (x86)\LastPass\nplastpass64.dll [2014-04-11] (LastPass)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll [2014-05-13] ( Microsoft Corporation)
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL [2014-02-11] (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_17_0_0_169.dll [2015-04-14] ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2014-10-30] ()
FF Plugin-x32: @esn.me/esnsonar,version=0.70.4 -> C:\Program Files (x86)\Battlelog Web Plugins\Sonar\0.70.4\npesnsonar.dll [2011-11-03] (ESN Social Software AB)
FF Plugin-x32: @esn/esnlaunch,version=2.1.7 -> C:\Program Files (x86)\Battlelog Web Plugins\2.1.7\npesnlaunch.dll [2013-05-30] (ESN Social Software AB)
FF Plugin-x32: @java.com/DTPlugin,version=11.40.2 -> C:\Program Files (x86)\Java\jre1.8.0_40\bin\dtplugin\npDeployJava1.dll [2015-03-22] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.40.2 -> C:\Program Files (x86)\Java\jre1.8.0_40\bin\plugin2\npjp2.dll [2015-03-22] (Oracle Corporation)
FF Plugin-x32: @lastpass.com/NPLastPass -> F:\Program Files (x86)\LastPass\nplastpass.dll [2014-04-11] (LastPass)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll [2014-05-13] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX86\Microsoft Office\Office15\NPSPWRAP.DLL [2014-02-11] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2011-05-13] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3538.0513 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2011-05-13] (Microsoft Corporation)
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [2015-02-05] (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2015-02-05] (NVIDIA Corporation)
FF Plugin-x32: @playon.tv/PlayOnToolbar -> C:\Program Files (x86)\MediaMall\toolbar\npVT.dll [2014-09-26] (MediaMall Technologies, Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-02-03] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-02-03] (Google Inc.)
FF Plugin HKU\S-1-5-21-2166418066-2980520373-1048856590-1000: @tools.google.com/Google Update;version=3 -> C:\Users\Ben\AppData\Local\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-02-04] (Google Inc.)
FF Plugin HKU\S-1-5-21-2166418066-2980520373-1048856590-1000: @tools.google.com/Google Update;version=9 -> C:\Users\Ben\AppData\Local\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-02-04] (Google Inc.)
FF Plugin HKU\S-1-5-21-2166418066-2980520373-1048856590-1000: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\Ben\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll [2014-10-08] (Unity Technologies ApS)
FF Plugin HKU\S-1-5-21-2166418066-2980520373-1048856590-1000: ubisoft.com/uplaypc -> C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\npuplaypc.dll [2014-05-18] ()
FF Plugin HKU\S-1-5-21-2166418066-2980520373-1048856590-1024: @onlive.com/OnLiveGameClientDetector,version=1.0.0 -> C:\Program Files (x86)\OnLive\Plugin\npolgdet.dll No File
FF Plugin HKU\S-1-5-21-2166418066-2980520373-1048856590-1024: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\hmaur_000.BEN-PC\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll [2014-07-12] (Unity Technologies ApS)
FF Plugin HKU\S-1-5-21-2166418066-2980520373-1048856590-1024: ubisoft.com/uplaypc -> C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\npuplaypc.dll [2014-05-18] ()
FF SearchPlugin: C:\Users\hmaur_000.BEN-PC\AppData\Roaming\Mozilla\Firefox\Profiles\u1fl9mfu.default\searchplugins\youtube-video-search.xml [2013-01-31]
FF Extension: No Name - C:\Users\hmaur_000.BEN-PC\AppData\Roaming\Mozilla\Firefox\Profiles\u1fl9mfu.default\extensions\amznUWL2@amazon.com.xpi [Not Found]
FF Extension: No Name - C:\Users\hmaur_000.BEN-PC\AppData\Roaming\Mozilla\Firefox\Profiles\u1fl9mfu.default\extensions\testpilot@labs.mozilla.com.xpi [Not Found]
 
Chrome: 
=======
CHR dev: Chrome dev build detected! <======= ATTENTION
CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\42.0.2311.90\PepperFlash\pepflashplayer.dll ()
CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\42.0.2311.90\ppGoogleNaClPluginChrome.dll No File
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\42.0.2311.90\pdf.dll No File
CHR Plugin: (Microsoft® Windows Media Player Firefox Plugin) - E:\Program Files (x86)\Mozilla Firefox\plugins\np-mswmp.dll No File
CHR Plugin: (QuickTime Plug-in 7.7.4) - E:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin.dll No File
CHR Plugin: (QuickTime Plug-in 7.7.4) - E:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin2.dll No File
CHR Plugin: (QuickTime Plug-in 7.7.4) - E:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin3.dll No File
CHR Plugin: (QuickTime Plug-in 7.7.4) - E:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin4.dll No File
CHR Plugin: (QuickTime Plug-in 7.7.4) - E:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin5.dll No File
CHR Plugin: (Winamp Application Detector) - E:\Program Files (x86)\Mozilla Firefox\plugins\npwachk.dll No File
CHR Plugin: (ESN Launch Mozilla Plugin) - C:\Program Files (x86)\Battlelog Web Plugins\2.1.7\npesnlaunch.dll (ESN Social Software AB)
CHR Plugin: (ESN Sonar API) - C:\Program Files (x86)\Battlelog Web Plugins\Sonar\0.70.4\npesnsonar.dll (ESN Social Software AB)
CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.153\npGoogleUpdate3.dll No File
CHR Plugin: (Java™ Platform SE 7 U25) - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll No File
CHR Plugin: (PlayMark Plug-in) - C:\Program Files (x86)\MediaMall\toolbar\npVT.dll (MediaMall Technologies, Inc.)
CHR Plugin: (Silverlight Plug-In) - C:\Program Files (x86)\Microsoft Silverlight\5.1.20513.0\npctrl.dll No File
CHR Plugin: (NVIDIA 3D Vision) - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
CHR Plugin: (NVIDIA 3D VISION) - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
CHR Plugin: (Windows Live Photo Gallery) - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
CHR Plugin: (Unity Player) - C:\Users\hmaur_000.BEN-PC\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
CHR Plugin: (Shockwave Flash) - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_8_800_168.dll No File
CHR Plugin: (Java Deployment Toolkit 7.0.250.17) - C:\Windows\SysWOW64\npDeployJava1.dll No File
CHR Plugin: (iTunes Application Detector) - E:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll No File
CHR Profile: C:\Users\hmaur_000.BEN-PC\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Docs) - C:\Users\hmaur_000.BEN-PC\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2013-09-18]
CHR Extension: (Google Drive) - C:\Users\hmaur_000.BEN-PC\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2013-09-18]
CHR Extension: (YouTube) - C:\Users\hmaur_000.BEN-PC\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2013-09-18]
CHR Extension: (Add to Amazon Wish List) - C:\Users\hmaur_000.BEN-PC\AppData\Local\Google\Chrome\User Data\Default\Extensions\ciagpekplgpbepdgggflgmahnjgiaced [2014-01-01]
CHR Extension: (Google Search) - C:\Users\hmaur_000.BEN-PC\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2013-09-18]
CHR Extension: (Chrome Hotword Shared Module) - C:\Users\hmaur_000.BEN-PC\AppData\Local\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg [2015-04-21]
CHR Extension: (PlayOn) - C:\Users\hmaur_000.BEN-PC\AppData\Local\Google\Chrome\User Data\Default\Extensions\lggaaajacmlhgbpldaboipiinndchjgm [2014-09-09]
CHR Extension: (Google Wallet) - C:\Users\hmaur_000.BEN-PC\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-09-18]
CHR Extension: (Gmail) - C:\Users\hmaur_000.BEN-PC\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2013-09-18]
CHR HKLM-x32\...\Chrome\Extension: [lggaaajacmlhgbpldaboipiinndchjgm] - C:\Program Files (x86)\MediaMall\toolbar\ce.crx [2014-06-13]
 
Opera: 
=======
StartMenuInternet: (HKLM) Opera - E:\Program Files (x86)\Opera\Opera.exe
 
==================== Services (Whitelisted) =================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [77128 2015-01-20] (Apple Inc.)
R2 asComSvc; C:\Program Files (x86)\ASUS\AXSP\1.00.19\atkexComSvc.exe [920736 2012-10-05] ()
R2 asHmComSvc; C:\Program Files (x86)\ASUS\AAHM\1.00.20\aaHMSvc.exe [951936 2012-10-05] (ASUSTeK Computer Inc.)
R2 AsSysCtrlService; C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.13\AsSysCtrlService.exe [149120 2012-02-17] (ASUSTeK Computer Inc.)
R2 AsusFanControlService; C:\Program Files (x86)\ASUS\AsusFanControlService\1.01.04\AsusFanControlService.exe [1473664 2012-04-10] (ASUSTeK Computer Inc.)
S3 BthHFSrv; C:\Windows\System32\BthHFSrv.dll [324608 2014-10-28] (Microsoft Corporation)
R2 chromoting; C:\Program Files (x86)\Google\Chrome Remote Desktop\42.0.2311.39\remoting_host.exe [56648 2015-03-08] (Google Inc.)
R2 ClickToRunSvc; C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe [2714800 2015-02-10] (Microsoft Corporation)
R2 CrashPlanService; C:\Program Files\CrashPlan\CrashPlanService.exe [223232 2014-02-19] (Code 42 Software) [File not signed]
R2 DokanMounter; C:\Program Files (x86)\Dokan\DokanLibrary\mounter.exe [11776 2010-07-05] () [File not signed]
R2 Fitbit Connect; F:\Program Files (x86)\Fitbit Connect\FitbitConnectService.exe [1436192 2014-05-19] (Fitbit, Inc.)
S3 Futuremark SystemInfo Service; C:\Program Files (x86)\Futuremark\SystemInfo\FMSISvc.exe [614624 2014-12-10] (Futuremark)
S3 GalaxyService; C:\Program Files (x86)\GalaxyClient\GalaxyService.exe [1885472 2014-07-17] (GOG.com)
R2 GfExperienceService; C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe [1148560 2014-12-12] (NVIDIA Corporation)
R2 MediaMall Server; C:\Program Files (x86)\MediaMall\MediaMallServer.exe [5826352 2014-11-24] (MediaMall Technologies, Inc.)
R2 MSMQ; C:\Windows\system32\mqsvc.exe [25600 2013-10-19] (Microsoft Corporation)
R2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1701520 2014-12-12] (NVIDIA Corporation)
R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [19823248 2014-12-12] (NVIDIA Corporation)
S3 Origin Client Service; F:\Program Files (x86)\Origin\OriginClientService.exe [1910128 2015-02-22] (Electronic Arts)
R2 tvnserver; F:\Program Files\TightVNC\tvnserver.exe [2179056 2013-07-19] (GlavSoft LLC.)
S3 w3logsvc; C:\Windows\system32\inetsrv\w3logsvc.dll [76800 2014-07-02] (Microsoft Corporation)
R2 W3SVC; C:\Windows\system32\inetsrv\iisw3adm.dll [546304 2013-10-19] (Microsoft Corporation)
R3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [366520 2015-02-03] (Microsoft Corporation)
R2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23792 2015-02-03] (Microsoft Corporation)
S2 SplashtopRemoteService; "C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\SRService.exe" [X]
S2 SSUService; C:\Program Files (x86)\Splashtop\Splashtop Software Updater\SSUService.exe [X]
 
==================== Drivers (Whitelisted) ====================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
S3 AiCharger; C:\Windows\SysWow64\drivers\AiCharger.sys [14848 2012-03-22] (ASUSTek Computer Inc.)
R3 AiChargerDT; C:\Windows\SysWow64\drivers\AiChargerDT.sys [14880 2012-10-18] (ASUSTek Computer Inc.)
R1 AsIO; C:\Windows\SysWow64\drivers\AsIO.sys [15232 2012-08-22] ()
R1 AsUpIO; C:\Windows\SysWow64\drivers\AsUpIO.sys [14464 2010-08-03] ()
R2 Dokan; C:\Windows\system32\drivers\dokan.sys [106888 2010-07-05] (Windows ® Win 7 DDK provider)
S3 FlyUsb; C:\Windows\System32\drivers\FlyUsb.sys [24576 2013-10-31] (LeapFrog)
S3 HTCAND64; C:\Windows\System32\Drivers\ANDROIDUSB.sys [33736 2009-11-02] (HTC, Corporation) [File not signed]
R3 MQAC; C:\Windows\System32\drivers\mqac.sys [173568 2013-10-19] (Microsoft Corporation)
R3 msvad_simple; C:\Windows\system32\drivers\povrtdev.sys [28528 2012-03-29] (MediaMall Technologies, Inc.)
R3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [19600 2014-12-12] (NVIDIA Corporation)
R3 nvvad_WaveExtensible; C:\Windows\system32\drivers\nvvad64v.sys [38032 2014-11-22] (NVIDIA Corporation)
R1 RawDisk3; C:\WINDOWS\system32\drivers\rawdsk3.sys [32912 2014-08-12] (EldoS Corporation)
R3 sthid; C:\Windows\System32\drivers\sthid.sys [21216 2014-03-18] (Splashtop Inc.)
S3 VLAN; C:\Windows\System32\DRIVERS\RtVLAN60.sys [29472 2010-01-14] (Windows ® Codename Longhorn DDK provider)
R3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [114496 2015-02-03] (Microsoft Corporation)
R3 xusb22; C:\Windows\System32\drivers\xusb22.sys [87040 2014-03-18] (Microsoft Corporation)
 
==================== NetSvcs (Whitelisted) ===================
 
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
 
 
==================== One Month Created Files and Folders ========
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2015-04-20 18:20 - 2015-04-20 18:20 - 00001765 _____ () C:\Users\Public\Desktop\iTunes.lnk
2015-04-20 18:20 - 2015-04-20 18:20 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
2015-04-20 18:20 - 2015-04-20 18:20 - 00000000 ____D () C:\ProgramData\E1864A66-75E3-486a-BD95-D1B7D99A84A7
2015-04-20 18:20 - 2015-04-20 18:20 - 00000000 ____D () C:\Program Files\iTunes
2015-04-20 18:20 - 2015-04-20 18:20 - 00000000 ____D () C:\Program Files\iPod
2015-04-20 18:20 - 2015-04-20 18:20 - 00000000 ____D () C:\Program Files (x86)\iTunes
2015-04-19 14:08 - 2015-04-19 14:08 - 00000000 ____D () C:\PatchMyPCUpdates
2015-04-19 12:07 - 2015-04-19 21:46 - 00000462 _____ () C:\WINDOWS\setupact.log
2015-04-19 12:07 - 2015-04-19 12:07 - 00000000 _____ () C:\WINDOWS\setuperr.log
2015-04-19 12:01 - 2015-04-22 18:47 - 00000000 ____D () C:\FRST
2015-04-19 12:00 - 2015-04-19 12:06 - 00000000 ____D () C:\AdwCleaner
2015-04-18 18:26 - 2015-04-18 18:27 - 00000000 ____D () C:\Users\Ben\AppData\Local\CutePDF Writer
2015-04-18 18:26 - 2015-04-18 18:26 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CutePDF
2015-04-18 18:26 - 2015-04-18 18:26 - 00000000 ____D () C:\Program Files (x86)\GPLGS
2015-04-18 18:26 - 2015-04-18 18:26 - 00000000 ____D () C:\Program Files (x86)\Acro Software
2015-04-18 18:26 - 2013-10-23 15:24 - 00087600 _____ () C:\WINDOWS\system32\cpwmon64.dll
2015-04-18 14:25 - 2015-04-22 10:34 - 00637515 _____ () C:\WINDOWS\WindowsUpdate.log
2015-04-14 23:16 - 2015-04-14 23:16 - 00000000 ____D () C:\WINDOWS\system32\appraiser
2015-04-14 22:13 - 2015-03-23 16:59 - 07476032 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe
2015-04-14 22:13 - 2015-03-23 16:59 - 01733952 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntdll.dll
2015-04-14 22:13 - 2015-03-23 16:59 - 00360480 _____ (Microsoft Corporation) C:\WINDOWS\system32\sechost.dll
2015-04-14 22:13 - 2015-03-23 16:58 - 01498872 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ntdll.dll
2015-04-14 22:13 - 2015-03-23 16:45 - 00257216 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\sechost.dll
2015-04-14 22:13 - 2015-03-19 23:12 - 00246272 _____ (Microsoft Corporation) C:\WINDOWS\system32\microsoft-windows-system-events.dll
2015-04-14 22:13 - 2015-03-19 23:10 - 00285184 _____ (Microsoft Corporation) C:\WINDOWS\system32\wow64.dll
2015-04-14 22:13 - 2015-03-19 23:10 - 00013312 _____ (Microsoft Corporation) C:\WINDOWS\system32\wow64cpu.dll
2015-04-14 22:13 - 2015-03-19 22:17 - 00411648 _____ (Microsoft Corporation) C:\WINDOWS\system32\tracerpt.exe
2015-04-14 22:13 - 2015-03-19 21:41 - 00369152 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tracerpt.exe
2015-04-14 22:13 - 2015-03-19 21:40 - 00950784 _____ (Microsoft Corporation) C:\WINDOWS\system32\tdh.dll
2015-04-14 22:13 - 2015-03-19 21:16 - 00749568 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tdh.dll
2015-04-14 22:13 - 2015-03-14 03:20 - 01385256 _____ (Microsoft Corporation) C:\WINDOWS\system32\msctf.dll
2015-04-14 22:13 - 2015-03-14 03:13 - 01124352 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msctf.dll
2015-04-14 22:13 - 2015-03-12 21:58 - 00259072 _____ (Microsoft Corporation) C:\WINDOWS\system32\pku2u.dll
2015-04-14 22:13 - 2015-03-12 21:37 - 00208896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\pku2u.dll
2015-04-14 22:13 - 2015-02-20 18:49 - 00780800 _____ (Microsoft Corporation) C:\WINDOWS\system32\lsm.dll
2015-04-14 22:12 - 2015-03-22 17:45 - 00227328 _____ (Microsoft Corporation) C:\WINDOWS\system32\aepdu.dll
2015-04-14 22:12 - 2015-03-22 17:09 - 01111552 _____ (Microsoft Corporation) C:\WINDOWS\system32\aeinv.dll
2015-04-14 22:12 - 2015-03-22 17:09 - 00957440 _____ (Microsoft Corporation) C:\WINDOWS\system32\appraiser.dll
2015-04-14 22:12 - 2015-03-22 17:09 - 00769024 _____ (Microsoft Corporation) C:\WINDOWS\system32\invagent.dll
2015-04-14 22:12 - 2015-03-22 17:09 - 00726528 _____ (Microsoft Corporation) C:\WINDOWS\system32\generaltel.dll
2015-04-14 22:12 - 2015-03-22 17:09 - 00419328 _____ (Microsoft Corporation) C:\WINDOWS\system32\devinv.dll
2015-04-14 22:12 - 2015-03-22 17:09 - 00030720 _____ (Microsoft Corporation) C:\WINDOWS\system32\acmigration.dll
2015-04-14 22:12 - 2015-03-14 03:54 - 00133256 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuauclt.exe
2015-04-14 22:12 - 2015-03-13 20:56 - 00066048 _____ (Microsoft Corporation) C:\WINDOWS\system32\wups.dll
2015-04-14 22:12 - 2015-03-13 20:56 - 00052224 _____ (Microsoft Corporation) C:\WINDOWS\system32\wups2.dll
2015-04-14 22:12 - 2015-03-13 20:51 - 00015360 _____ (Microsoft Corporation) C:\WINDOWS\system32\wu.upgrade.ps.dll
2015-04-14 22:12 - 2015-03-13 20:37 - 00267264 _____ (Microsoft Corporation) C:\WINDOWS\system32\WinSetupUI.dll
2015-04-14 22:12 - 2015-03-13 20:14 - 00027136 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wups.dll
2015-04-14 22:12 - 2015-03-13 19:22 - 03678720 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuaueng.dll
2015-04-14 22:12 - 2015-03-13 19:12 - 00140288 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuwebv.dll
2015-04-14 22:12 - 2015-03-13 19:12 - 00035840 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuapp.exe
2015-04-14 22:12 - 2015-03-13 19:09 - 00200192 _____ (Microsoft Corporation) C:\WINDOWS\system32\storewuauth.dll
2015-04-14 22:12 - 2015-03-13 19:08 - 00408064 _____ (Microsoft Corporation) C:\WINDOWS\system32\WUSettingsProvider.dll
2015-04-14 22:12 - 2015-03-13 19:08 - 00095744 _____ (Microsoft Corporation) C:\WINDOWS\system32\wudriver.dll
2015-04-14 22:12 - 2015-03-13 19:06 - 02373632 _____ (Microsoft Corporation) C:\WINDOWS\system32\wucltux.dll
2015-04-14 22:12 - 2015-03-13 19:06 - 00891392 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuapi.dll
2015-04-14 22:12 - 2015-03-13 19:02 - 00124928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wuwebv.dll
2015-04-14 22:12 - 2015-03-13 19:02 - 00029696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wuapp.exe
2015-04-14 22:12 - 2015-03-13 18:59 - 00721920 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wuapi.dll
2015-04-14 22:12 - 2015-03-13 18:59 - 00081920 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wudriver.dll
2015-04-14 22:12 - 2015-03-12 23:32 - 24980480 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2015-04-14 22:12 - 2015-03-12 23:08 - 00584192 _____ (Microsoft Corporation) C:\WINDOWS\system32\vbscript.dll
2015-04-14 22:12 - 2015-03-12 23:07 - 02886144 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll
2015-04-14 22:12 - 2015-03-12 22:53 - 00816128 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript.dll
2015-04-14 22:12 - 2015-03-12 22:50 - 06025216 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
2015-04-14 22:12 - 2015-03-12 22:42 - 19695616 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2015-04-14 22:12 - 2015-03-12 22:28 - 00503296 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\vbscript.dll
2015-04-14 22:12 - 2015-03-12 22:26 - 00092160 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtmled.dll
2015-04-14 22:12 - 2015-03-12 22:22 - 02278400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll
2015-04-14 22:12 - 2015-03-12 22:17 - 01032704 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcomm.dll
2015-04-14 22:12 - 2015-03-12 22:16 - 00664064 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript.dll
2015-04-14 22:12 - 2015-03-12 22:08 - 00720384 _____ (Microsoft Corporation) C:\WINDOWS\system32\ie4uinit.exe
2015-04-14 22:12 - 2015-03-12 22:07 - 00801280 _____ (Microsoft Corporation) C:\WINDOWS\system32\msfeeds.dll
2015-04-14 22:12 - 2015-03-12 22:00 - 14397440 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2015-04-14 22:12 - 2015-03-12 21:50 - 00880128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcomm.dll
2015-04-14 22:12 - 2015-03-12 21:49 - 04305408 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll
2015-04-14 22:12 - 2015-03-12 21:45 - 02358784 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll
2015-04-14 22:12 - 2015-03-12 21:44 - 00689152 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msfeeds.dll
2015-04-14 22:12 - 2015-03-12 21:34 - 12825600 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
2015-04-14 22:12 - 2015-03-12 21:33 - 01548288 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
2015-04-14 22:12 - 2015-03-12 21:22 - 00800768 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieapfltr.dll
2015-04-14 22:12 - 2015-03-12 21:20 - 01888256 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll
2015-04-14 22:12 - 2015-03-12 21:16 - 01311232 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll
2015-04-14 22:12 - 2015-03-12 21:14 - 00710144 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieapfltr.dll
2015-04-14 22:12 - 2015-03-04 05:25 - 00377152 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\clfs.sys
2015-04-14 22:12 - 2015-03-03 22:04 - 00075264 _____ (Microsoft Corporation) C:\WINDOWS\system32\clfsw32.dll
2015-04-14 22:12 - 2015-03-03 21:19 - 00058880 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\clfsw32.dll
2015-04-14 22:12 - 2015-02-24 03:32 - 00991552 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\http.sys
2015-04-14 22:12 - 2014-12-02 18:09 - 00192000 _____ (Microsoft Corporation) C:\WINDOWS\system32\aepic.dll
2015-04-10 17:47 - 2015-04-18 11:09 - 00000020 _____ () C:\Users\Ben\AppData\Roaming\appdataFr3.bin
2015-04-09 17:58 - 2015-04-09 17:58 - 00000000 ____D () C:\ProgramData\{6ccc42bb-942c-43ee-6ccc-c42bb9420aee}
2015-04-09 17:45 - 2015-04-09 18:26 - 00000000 ____D () C:\Program Files (x86)\AppendInit
2015-04-09 17:44 - 2015-04-09 18:26 - 00000000 ____D () C:\Program Files (x86)\BruowsinngClearr
2015-04-09 17:44 - 2015-04-09 17:44 - 00000000 ____D () C:\Program Files (x86)\DiscountExt
2015-04-09 09:47 - 2015-04-21 19:44 - 00000020 _____ () C:\Users\hmaur_000.BEN-PC\AppData\Roaming\appdataFr3.bin
2015-04-08 07:05 - 2015-04-09 18:26 - 00000000 ____D () C:\Program Files (x86)\IncludeRunner
2015-04-03 22:24 - 2015-04-03 22:24 - 00000000 ___SD () C:\WINDOWS\SysWOW64\GWX
2015-04-03 22:24 - 2015-04-03 22:24 - 00000000 ___SD () C:\WINDOWS\system32\GWX
2015-03-26 23:21 - 2015-03-26 23:21 - 00000000 ____D () C:\ProgramData\Malwarebytes
2015-03-26 22:00 - 2015-03-26 22:00 - 00000000 ____D () C:\Users\hmaur_000.BEN-PC\AppData\Roaming\SUPERAntiSpyware.com
2015-03-24 13:46 - 2015-04-09 17:44 - 00000000 ____D () C:\ProgramData\2558436458772984200
2015-03-24 13:45 - 2015-04-09 18:14 - 00000000 ____D () C:\ProgramData\{ed5b755c-bea7-212f-ed5b-b755cbead572}
 
==================== One Month Modified Files and Folders =======
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2015-04-22 18:46 - 2014-12-22 09:20 - 00000000 ____D () C:\Users\hmaur_000.BEN-PC\AppData\Roaming\ClassicShell
2015-04-22 18:46 - 2013-02-10 14:39 - 00000000 ____D () C:\Users\hmaur_000.BEN-PC\AppData\Local\Spotify
2015-04-22 18:46 - 2011-08-20 00:49 - 00000000 ____D () C:\Users\Ben\AppData\Roaming\uTorrent
2015-04-22 18:35 - 2015-01-31 22:25 - 00000914 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-2166418066-2980520373-1048856590-1000UA.job
2015-04-22 18:33 - 2013-12-19 21:53 - 00000920 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2015-04-22 18:19 - 2013-02-10 14:39 - 00000000 ____D () C:\Users\hmaur_000.BEN-PC\AppData\Roaming\Spotify
2015-04-22 18:16 - 2013-10-19 12:44 - 00003934 _____ () C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{42229D0F-A9F9-4CAA-824D-E89DA53BFAA3}
2015-04-22 18:03 - 2014-07-09 21:12 - 00000830 _____ () C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
2015-04-22 18:00 - 2013-08-22 10:36 - 00000000 ____D () C:\WINDOWS\system32\sru
2015-04-22 13:22 - 2013-12-19 21:52 - 00003910 _____ () C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{4BFFC691-929E-4BE7-9BB1-A97964BC0E33}
2015-04-22 09:16 - 2014-02-11 20:11 - 00004958 _____ () C:\WINDOWS\System32\Tasks\Microsoft Office 15 Sync Maintenance for BEN-PC-Ben Ben-PC
2015-04-22 02:53 - 2012-05-19 17:56 - 00000000 ____D () C:\ProgramData\MediaMall
2015-04-22 00:35 - 2015-01-31 22:25 - 00000862 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-2166418066-2980520373-1048856590-1000Core.job
2015-04-21 21:33 - 2013-12-19 21:53 - 00000916 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2015-04-21 20:00 - 2012-11-27 23:23 - 00003600 _____ () C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-2166418066-2980520373-1048856590-1024
2015-04-21 19:55 - 2013-08-22 10:36 - 00000000 ____D () C:\WINDOWS\AppReadiness
2015-04-21 19:45 - 2013-10-19 09:51 - 00000000 __RDO () C:\Users\hmaur_000.BEN-PC\SkyDrive
2015-04-21 19:44 - 2014-10-24 18:47 - 00000000 ____D () C:\ProgramData\UMS
2015-04-21 08:21 - 2012-11-04 21:27 - 00003600 _____ () C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-2166418066-2980520373-1048856590-1000
2015-04-21 08:17 - 2014-12-21 22:00 - 00000000 ____D () C:\Users\Ben\AppData\Roaming\ClassicShell
2015-04-21 08:14 - 2011-08-21 22:15 - 00000000 ____D () C:\Users\Ben\AppData\Roaming\Spotify
2015-04-20 18:21 - 2014-02-25 18:02 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SUPERAntiSpyware
2015-04-20 18:20 - 2011-08-20 00:20 - 00000000 ____D () C:\Program Files\Common Files\Apple
2015-04-20 18:18 - 2013-08-30 18:02 - 00007601 _____ () C:\Users\Ben\AppData\Local\Resmon.ResmonCfg
2015-04-20 08:14 - 2014-10-19 16:28 - 00000000 ___RD () C:\Users\Ben\iCloudDrive
2015-04-20 08:14 - 2014-04-09 19:43 - 00000000 ____D () C:\Users\Ben\AppData\Local\Spotify
2015-04-20 08:14 - 2013-10-18 22:01 - 00000000 ___DO () C:\Users\Ben\SkyDrive
2015-04-20 08:14 - 2011-09-02 20:58 - 00000000 ____D () C:\Users\Ben\AppData\Roaming\Dropbox
2015-04-19 21:53 - 2013-09-29 23:04 - 00994132 _____ () C:\WINDOWS\system32\PerfStringBackup.INI
2015-04-19 21:46 - 2013-10-18 21:45 - 00000000 ____D () C:\ProgramData\NVIDIA
2015-04-19 21:46 - 2013-08-22 09:45 - 00000006 ____H () C:\WINDOWS\Tasks\SA.DAT
2015-04-19 21:45 - 2013-08-22 08:25 - 00786432 ___SH () C:\WINDOWS\system32\config\BBI
2015-04-18 11:17 - 2013-10-19 13:05 - 00000000 ____D () C:\WINDOWS\Minidump
2015-04-18 11:17 - 2011-08-20 12:28 - 00000000 ____D () C:\Users\Ben\AppData\Roaming\Thunderbird
2015-04-17 18:05 - 2014-07-27 18:26 - 00000000 ____D () C:\Users\Ben\AppData\Roaming\FileZilla
2015-04-16 19:38 - 2013-10-18 21:49 - 00000000 ____D () C:\Users\Ben
2015-04-16 17:13 - 2013-10-18 21:49 - 00000000 ____D () C:\Users\hmaur_000.BEN-PC
2015-04-15 23:39 - 2012-07-26 02:59 - 00000000 ____D () C:\WINDOWS\CbsTemp
2015-04-14 23:41 - 2013-08-22 10:36 - 00000000 ____D () C:\WINDOWS\rescache
2015-04-14 23:33 - 2013-08-22 10:36 - 00000000 ____D () C:\WINDOWS\AppCompat
2015-04-14 23:16 - 2014-12-17 21:21 - 00000000 ___SD () C:\WINDOWS\system32\CompatTel
2015-04-14 22:46 - 2012-11-27 23:33 - 00000000 ____D () C:\Users\hmaur_000.BEN-PC\AppData\Local\CrashDumps
2015-04-14 22:44 - 2013-08-13 21:00 - 00000000 ____D () C:\WINDOWS\system32\MRT
2015-04-14 22:38 - 2011-08-19 23:39 - 128913832 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2015-04-14 12:03 - 2014-07-09 21:12 - 00003718 _____ () C:\WINDOWS\System32\Tasks\Adobe Flash Player Updater
2015-04-13 18:24 - 2013-08-22 10:38 - 00792056 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
2015-04-13 18:24 - 2013-08-22 10:38 - 00178168 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl
2015-04-11 15:56 - 2011-08-20 00:20 - 00000000 ____D () C:\Users\Ben\AppData\Local\Apple Computer
2015-04-10 17:48 - 2011-09-02 20:58 - 00000000 ____D () C:\Users\Ben\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
2015-04-09 18:00 - 2014-04-10 21:42 - 00002794 _____ () C:\WINDOWS\System32\Tasks\CCleanerSkipUAC
2015-04-09 17:44 - 2015-03-01 15:08 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2015-04-06 20:02 - 2014-11-01 11:39 - 00001890 _____ () C:\Users\hmaur_000.BEN-PC\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Spotify.lnk
2015-04-05 19:38 - 2012-03-18 15:53 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2015-04-05 14:10 - 2012-11-22 20:56 - 00000000 ____D () C:\Users\Ben\AppData\Local\CrashDumps
2015-04-05 14:09 - 2014-07-27 18:26 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\FileZilla FTP Client
2015-04-05 14:08 - 2015-03-01 15:08 - 00001163 _____ () C:\Users\Public\Desktop\Mozilla Firefox.lnk
2015-04-05 14:08 - 2015-02-22 13:20 - 00001175 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2015-04-03 19:48 - 2015-02-28 16:17 - 00000000 ____D () C:\Users\Ben\AppData\Roaming\vlc
2015-03-28 16:20 - 2015-03-01 15:08 - 00000719 _____ () C:\Users\Public\Desktop\CCleaner.lnk
2015-03-23 19:05 - 2014-05-28 18:26 - 00000000 ____D () C:\Users\Ben\AppData\Roaming\Dungeonmans
 
==================== Files in the root of some directories =======
 
2014-01-25 15:20 - 2014-04-11 23:04 - 14883840 _____ (LastPass) C:\Program Files (x86)\Common Files\lpuninstall.exe
2015-04-09 09:47 - 2015-04-21 19:44 - 0000020 _____ () C:\Users\hmaur_000.BEN-PC\AppData\Roaming\appdataFr3.bin
2015-04-09 18:00 - 2015-04-09 18:01 - 0011944 _____ () C:\Users\hmaur_000.BEN-PC\AppData\Local\Temp-log.txt
2014-04-09 18:19 - 2014-04-09 18:19 - 0000000 ____H () C:\ProgramData\DP45977C.lfl
2012-10-28 20:23 - 2012-11-05 21:42 - 0000193 _____ () C:\ProgramData\Microsoft.SqlServer.Compact.351.64.bc
2012-04-05 19:38 - 2012-04-05 20:13 - 0000469 _____ () C:\ProgramData\Microsoft.SqlServer.Compact.400.32.bc
 
Some content of TEMP:
====================
C:\Users\Ben\AppData\Local\Temp\converter.exe
C:\Users\Ben\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmprlpk8d.dll
C:\Users\Ben\AppData\Local\Temp\Quarantine.exe
C:\Users\Ben\AppData\Local\Temp\sqlite3.dll
 
 
==================== Bamital & volsnap Check =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
 
 
LastRegBack: 2015-04-20 06:02
 
==================== End Of Log ============================


#8 benexclaimed

benexclaimed
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:10:46 AM

Posted 22 April 2015 - 07:08 PM

Also, as a little bit of extra info, I ran all of the first logs, scans, etc., on my user profile. This one was run of my girlfriend's profile (which is the only place where I'm seeing those ads, etc., right now). 



#9 nasdaq

nasdaq

  • Malware Response Team
  • 39,567 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:11:46 AM

Posted 23 April 2015 - 07:48 AM



Open notepad (Start =>All Programs => Accessories => Notepad). Please copy the entire contents of the code box below.
start

CloseProcesses:

ShortcutTarget: BB_FuturePress_GameStop_MiniGuide.pdf.lnk -> C:\ProgramData\{ed5b755c-bea7-212f-ed5b-b755cbead572}\BB_FuturePress_GameStop_MiniGuide.pdf.exe (No File)
ShortcutTarget: Dropbox.lnk -> C:\Users\hmaur_000.BEN-PC\AppData\Roaming\Dropbox\bin\Dropbox.exe (No File)
ShortcutTarget: ToggleHiddenFiles.exe - Shortcut.lnk -> E:\Users\Ben\Documents\Toggle HF\ToggleHiddenFiles.exe (No File)
ShellIconOverlayIdentifiers: [DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} =>  No File
ShellIconOverlayIdentifiers: [DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} =>  No File
ShellIconOverlayIdentifiers: [DropboxExt3] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} =>  No File
ShellIconOverlayIdentifiers: [DropboxExt4] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} =>  No File
ShellIconOverlayIdentifiers-x32: [DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\hmaur_000.BEN-PC\AppData\Roaming\Dropbox\bin\DropboxExt.22.dll No File
ShellIconOverlayIdentifiers-x32: [DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\hmaur_000.BEN-PC\AppData\Roaming\Dropbox\bin\DropboxExt.22.dll No File
ShellIconOverlayIdentifiers-x32: [DropboxExt3] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\hmaur_000.BEN-PC\AppData\Roaming\Dropbox\bin\DropboxExt.22.dll No File
FF Plugin HKU\S-1-5-21-2166418066-2980520373-1048856590-1024: @onlive.com/OnLiveGameClientDetector,version=1.0.0 -> C:\Program Files (x86)\OnLive\Plugin\npolgdet.dll No File
FF Extension: No Name - C:\Users\hmaur_000.BEN-PC\AppData\Roaming\Mozilla\Firefox\Profiles\u1fl9mfu.default\extensions\amznUWL2@amazon.com.xpi [Not Found]
FF Extension: No Name - C:\Users\hmaur_000.BEN-PC\AppData\Roaming\Mozilla\Firefox\Profiles\u1fl9mfu.default\extensions\testpilot@labs.mozilla.com.xpi [Not Found]
CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\42.0.2311.90\ppGoogleNaClPluginChrome.dll No File
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\42.0.2311.90\pdf.dll No File
CHR Plugin: (Microsoft® Windows Media Player Firefox Plugin) - E:\Program Files (x86)\Mozilla Firefox\plugins\np-mswmp.dll No File
CHR Plugin: (QuickTime Plug-in 7.7.4) - E:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin.dll No File
CHR Plugin: (QuickTime Plug-in 7.7.4) - E:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin2.dll No File
CHR Plugin: (QuickTime Plug-in 7.7.4) - E:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin3.dll No File
CHR Plugin: (QuickTime Plug-in 7.7.4) - E:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin4.dll No File
CHR Plugin: (QuickTime Plug-in 7.7.4) - E:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin5.dll No File
CHR Plugin: (Winamp Application Detector) - E:\Program Files (x86)\Mozilla Firefox\plugins\npwachk.dll No File
CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.153\npGoogleUpdate3.dll No File
CHR Plugin: (Java Platform SE 7 U25) - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll No File
CHR Plugin: (Silverlight Plug-In) - C:\Program Files (x86)\Microsoft Silverlight\5.1.20513.0\npctrl.dll No File
CHR Plugin: (Shockwave Flash) - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_8_800_168.dll No File
CHR Plugin: (Java Deployment Toolkit 7.0.250.17) - C:\Windows\SysWOW64\npDeployJava1.dll No File
CHR Plugin: (iTunes Application Detector) - E:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll No File
CHR HKLM-x32\...\Chrome\Extension: [lggaaajacmlhgbpldaboipiinndchjgm] - C:\Program Files (x86)\MediaMall\toolbar\ce.crx [2014-06-13]
S2 SplashtopRemoteService; "C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\SRService.exe" [X]
S2 SSUService; C:\Program Files (x86)\Splashtop\Splashtop Software Updater\SSUService.exe [X]
C:\Users\Ben\AppData\Local\Temp\converter.exe
C:\Users\Ben\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmprlpk8d.dll
C:\Users\Ben\AppData\Local\Temp\Quarantine.exe
C:\Users\Ben\AppData\Local\Temp\sqlite3.dl
 C:\Program Files (x86)\MediaMall

End
Save the files as fixlist.txt into the same folder as FRST

Run FRST and click Fix only once and wait.

Restart the computer normally to reset the registry.

The tool will create a log Fixlog.txt please post it to your reply.
===

Please run the AdwCleaner tool and remove everything that will be found.

===

CHR dev: Chrome dev build detected! <======= ATTENTION

Chrome was compromised I suggest your remove Chrome using the the instructions on this page.
https://support.google.com/chrome/answer/95319?hl=en

Before you do Export your Bookmarks
Chrome will export your bookmarks as a HTML file, which you can then import into another browser.

Re-install Chrome and the Bookmarks.

If you want to save all your settings refer to this page.
Follow the instructions before removing Chrome.
http://juan2geek.com/how-to-backup-and-restore-entire-google-chrome-setting/
<<<>>>

How is the computer running now?

#10 benexclaimed

benexclaimed
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:10:46 AM

Posted 23 April 2015 - 08:58 PM

When I used Firefox to redownload Chrome I saw "DiscountExt" (or something similar) in the extension list. I removed it. But this was after I ran the Adw tool and the Fixlist, so I don't know whether or not that's a bad sign.

 

Here are the logs:

 

Farbar log:

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 22-04-2015 01
Ran by Ben at 2015-04-23 20:40:55 Run:2
Running from F:\Users\Ben\Downloads
Loaded Profiles: Ben (Available profiles: Ben & Mcx1-BEN-PC & hmaur_000 & DefaultAppPool)
Boot Mode: Normal
==============================================
 
Content of fixlist:
*****************
start
 
CloseProcesses:
 
ShortcutTarget: BB_FuturePress_GameStop_MiniGuide.pdf.lnk -> C:\ProgramData\{ed5b755c-bea7-212f-ed5b-b755cbead572}\BB_FuturePress_GameStop_MiniGuide.pdf.exe (No File)
ShortcutTarget: Dropbox.lnk -> C:\Users\hmaur_000.BEN-PC\AppData\Roaming\Dropbox\bin\Dropbox.exe (No File)
ShortcutTarget: ToggleHiddenFiles.exe - Shortcut.lnk -> E:\Users\Ben\Documents\Toggle HF\ToggleHiddenFiles.exe (No File)
ShellIconOverlayIdentifiers: [DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} =>  No File
ShellIconOverlayIdentifiers: [DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} =>  No File
ShellIconOverlayIdentifiers: [DropboxExt3] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} =>  No File
ShellIconOverlayIdentifiers: [DropboxExt4] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} =>  No File
ShellIconOverlayIdentifiers-x32: [DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\hmaur_000.BEN-PC\AppData\Roaming\Dropbox\bin\DropboxExt.22.dll No File
ShellIconOverlayIdentifiers-x32: [DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\hmaur_000.BEN-PC\AppData\Roaming\Dropbox\bin\DropboxExt.22.dll No File
ShellIconOverlayIdentifiers-x32: [DropboxExt3] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\hmaur_000.BEN-PC\AppData\Roaming\Dropbox\bin\DropboxExt.22.dll No File
FF Plugin HKU\S-1-5-21-2166418066-2980520373-1048856590-1024: @onlive.com/OnLiveGameClientDetector,version=1.0.0 -> C:\Program Files (x86)\OnLive\Plugin\npolgdet.dll No File
FF Extension: No Name - C:\Users\hmaur_000.BEN-PC\AppData\Roaming\Mozilla\Firefox\Profiles\u1fl9mfu.default\extensions\amznUWL2@amazon.com.xpi [Not Found]
FF Extension: No Name - C:\Users\hmaur_000.BEN-PC\AppData\Roaming\Mozilla\Firefox\Profiles\u1fl9mfu.default\extensions\testpilot@labs.mozilla.com.xpi [Not Found]
CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\42.0.2311.90\ppGoogleNaClPluginChrome.dll No File
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\42.0.2311.90\pdf.dll No File
CHR Plugin: (Microsoft® Windows Media Player Firefox Plugin) - E:\Program Files (x86)\Mozilla Firefox\plugins\np-mswmp.dll No File
CHR Plugin: (QuickTime Plug-in 7.7.4) - E:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin.dll No File
CHR Plugin: (QuickTime Plug-in 7.7.4) - E:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin2.dll No File
CHR Plugin: (QuickTime Plug-in 7.7.4) - E:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin3.dll No File
CHR Plugin: (QuickTime Plug-in 7.7.4) - E:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin4.dll No File
CHR Plugin: (QuickTime Plug-in 7.7.4) - E:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin5.dll No File
CHR Plugin: (Winamp Application Detector) - E:\Program Files (x86)\Mozilla Firefox\plugins\npwachk.dll No File
CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.153\npGoogleUpdate3.dll No File
CHR Plugin: (Java Platform SE 7 U25) - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll No File
CHR Plugin: (Silverlight Plug-In) - C:\Program Files (x86)\Microsoft Silverlight\5.1.20513.0\npctrl.dll No File
CHR Plugin: (Shockwave Flash) - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_8_800_168.dll No File
CHR Plugin: (Java Deployment Toolkit 7.0.250.17) - C:\Windows\SysWOW64\npDeployJava1.dll No File
CHR Plugin: (iTunes Application Detector) - E:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll No File
CHR HKLM-x32\...\Chrome\Extension: [lggaaajacmlhgbpldaboipiinndchjgm] - C:\Program Files (x86)\MediaMall\toolbar\ce.crx [2014-06-13]
S2 SplashtopRemoteService; "C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\SRService.exe" [X]
S2 SSUService; C:\Program Files (x86)\Splashtop\Splashtop Software Updater\SSUService.exe [X]
C:\Users\Ben\AppData\Local\Temp\converter.exe
C:\Users\Ben\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmprlpk8d.dll
C:\Users\Ben\AppData\Local\Temp\Quarantine.exe
C:\Users\Ben\AppData\Local\Temp\sqlite3.dl
 C:\Program Files (x86)\MediaMall
 
End
*****************
 
Processes closed successfully.
C:\ProgramData\{ed5b755c-bea7-212f-ed5b-b755cbead572}\BB_FuturePress_GameStop_MiniGuide.pdf.exe not found.
C:\Users\hmaur_000.BEN-PC\AppData\Roaming\Dropbox\bin\Dropbox.exe not found.
E:\Users\Ben\Documents\Toggle HF\ToggleHiddenFiles.exe not found.
"HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\DropboxExt1" => Key deleted successfully.
"HKCR\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}" => Key deleted successfully.
"HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\DropboxExt2" => Key deleted successfully.
"HKCR\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}" => Key deleted successfully.
"HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\DropboxExt3" => Key deleted successfully.
"HKCR\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}" => Key deleted successfully.
"HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\DropboxExt4" => Key deleted successfully.
"HKCR\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}" => Key deleted successfully.
"HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\DropboxExt1" => Key deleted successfully.
"HKCR\Wow6432Node\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}" => Key deleted successfully.
"HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\DropboxExt2" => Key deleted successfully.
"HKCR\Wow6432Node\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}" => Key deleted successfully.
"HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\DropboxExt3" => Key deleted successfully.
"HKCR\Wow6432Node\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}" => Key deleted successfully.
HKU\S-1-5-21-2166418066-2980520373-1048856590-1024\Software\MozillaPlugins\@onlive.com/OnLiveGameClientDetector,version=1.0.0 => Key not found. 
C:\Program Files (x86)\OnLive\Plugin\npolgdet.dll not found.
C:\Users\hmaur_000.BEN-PC\AppData\Roaming\Mozilla\Firefox\Profiles\u1fl9mfu.default\extensions\amznUWL2@amazon.com.xpi not found.
C:\Users\hmaur_000.BEN-PC\AppData\Roaming\Mozilla\Firefox\Profiles\u1fl9mfu.default\extensions\testpilot@labs.mozilla.com.xpi not found.
C:\Program Files (x86)\Google\Chrome\Application\42.0.2311.90\ppGoogleNaClPluginChrome.dll not found.
C:\Program Files (x86)\Google\Chrome\Application\42.0.2311.90\pdf.dll not found.
E:\Program Files (x86)\Mozilla Firefox\plugins\np-mswmp.dll not found.
E:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin.dll not found.
E:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin2.dll not found.
E:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin3.dll not found.
E:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin4.dll not found.
E:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin5.dll not found.
E:\Program Files (x86)\Mozilla Firefox\plugins\npwachk.dll not found.
C:\Program Files (x86)\Google\Update\1.3.21.153\npGoogleUpdate3.dll not found.
C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll not found.
C:\Program Files (x86)\Microsoft Silverlight\5.1.20513.0\npctrl.dll not found.
C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_8_800_168.dll not found.
C:\Windows\SysWOW64\npDeployJava1.dll not found.
E:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll not found.
"HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\lggaaajacmlhgbpldaboipiinndchjgm" => Key deleted successfully.
C:\Program Files (x86)\MediaMall\toolbar\ce.crx => Moved successfully.
SplashtopRemoteService => Service deleted successfully.
SSUService => Service deleted successfully.
C:\Users\Ben\AppData\Local\Temp\converter.exe => Moved successfully.
C:\Users\Ben\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmprlpk8d.dll => Moved successfully.
C:\Users\Ben\AppData\Local\Temp\Quarantine.exe => Moved successfully.
"C:\Users\Ben\AppData\Local\Temp\sqlite3.dl" => File/Directory not found.
C:\Program Files (x86)\MediaMall => Moved successfully.
 
 
The system needed a reboot. 
 
==== End of Fixlog 20:41:01 ====
 
Adw Log:
 
# AdwCleaner v4.202 - Logfile created 23/04/2015 at 20:47:27
# Updated 23/04/2015 by Xplode
# Database : 2015-04-23.2 [Server]
# Operating system : Windows 8.1 Pro  (x64)
# Username : Ben - BEN-PC
# Running from : F:\Users\Ben\Downloads\adwcleaner_4.202.exe
# Option : Cleaning
 
***** [ Services ] *****
 
 
***** [ Files / Folders ] *****
 
Folder Deleted : C:\ProgramData\2558436458772984200
Folder Deleted : C:\ProgramData\{6ccc42bb-942c-43ee-6ccc-c42bb9420aee}
Folder Deleted : C:\ProgramData\{ed5b755c-bea7-212f-ed5b-b755cbead572}
 
***** [ Scheduled tasks ] *****
 
 
***** [ Shortcuts ] *****
 
 
***** [ Registry ] *****
 
Key Deleted : HKCU\Software\Local AppWizard-Generated Applications
Data Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings [ProxyOverride] - <local>
 
***** [ Web browsers ] *****
 
-\\ Internet Explorer v11.0.9600.17416
 
 
-\\ Mozilla Firefox v37.0.1 (x86 en-US)
 
 
-\\ Chromium v
 
 
*************************
 
AdwCleaner[R0].txt - [7248 bytes] - [19/04/2015 12:02:23]
AdwCleaner[R1].txt - [1308 bytes] - [23/04/2015 20:46:31]
AdwCleaner[S0].txt - [7256 bytes] - [19/04/2015 12:06:32]
AdwCleaner[S1].txt - [1171 bytes] - [23/04/2015 20:47:27]
 
########## EOF - C:\AdwCleaner\AdwCleaner[S1].txt - [1230  bytes] ##########
 

 

And here's a new Farbar log (from after my Chrome reinstall):

 

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 22-04-2015 01
Ran by Ben (administrator) on BEN-PC on 23-04-2015 20:56:10
Running from F:\Users\Ben\Downloads
Loaded Profiles: Ben (Available profiles: Ben & Mcx1-BEN-PC & hmaur_000 & DefaultAppPool)
Platform: Windows 8.1 Pro (X64) OS Language: English (United States)
Internet Explorer Version 11 (Default browser: IE)
Boot Mode: Normal
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
() C:\Program Files (x86)\ASUS\AXSP\1.00.19\atkexComSvc.exe
(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\AAHM\1.00.20\aaHMSvc.exe
(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.13\AsSysCtrlService.exe
(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\AsusFanControlService\1.01.04\AsusFanControlService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Google Inc.) F:\Program Files (x86)\Google\Chrome Remote Desktop\42.0.2311.39\remoting_host.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office 15\ClientX64\officeclicktorun.exe
(Google Inc.) F:\Program Files (x86)\Google\Chrome Remote Desktop\42.0.2311.39\remoting_host.exe
(Code 42 Software) C:\Program Files\CrashPlan\CrashPlanService.exe
(Microsoft Corporation) C:\Windows\System32\dasHost.exe
() C:\Program Files (x86)\Dokan\DokanLibrary\mounter.exe
(Fitbit, Inc.) F:\Program Files (x86)\Fitbit Connect\FitbitConnectService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe
(Microsoft Corporation) C:\Windows\System32\mqsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(GlavSoft LLC.) F:\Program Files\TightVNC\tvnserver.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MsMpEng.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\NisSrv.exe
(ASUSTeK) C:\Program Files (x86)\ASUS\AI Suite II\Ai Charger II\AsChargerIITray.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\InstallShield Installation Information\{11F6707B-88F9-4D2D-A138-27B657BAE4D2}\AiChargerDT.exe
() C:\Program Files (x86)\ASUS\AI Suite II\EasyUpdate\EzUpdt.exe
(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\AI Suite II\AsRoutineController.exe
(IvoSoft) F:\Program Files\Classic Shell\ClassicStartMenu.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\AI Suite II\AI Suite II.exe
(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\AI Suite II\Sensor\AlertHelper\AlertHelper.exe
(Microsoft Corporation) C:\Program Files\Microsoft Xbox 360 Accessories\XBoxStat.exe
(GlavSoft LLC.) F:\Program Files\TightVNC\tvnserver.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
(Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe
(Akamai Technologies, Inc.) C:\Users\Ben\AppData\Local\Akamai\netsession_win.exe
(Akamai Technologies, Inc.) C:\Users\Ben\AppData\Local\Akamai\netsession_win.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Valve Corporation) F:\Program Files (x86)\Steam\Steam.exe
(Richard Z.H. Wang) F:\Program Files (x86)\FluffyApp\FluffyApp.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe
(inMethod) F:\Program Files (x86)\AirVideoServer HD\AirVideoServerStarter.exe
(inMethod) F:\Program Files (x86)\AirVideoServer HD\AirVideoServerUI.exe
(Fitbit, Inc.) F:\Program Files (x86)\Fitbit Connect\Fitbit Connect.exe
(Spotify Ltd) C:\Users\Ben\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudDrive.exe
(Google Inc.) C:\Users\Ben\AppData\Local\Programs\Google\MusicManager\MusicManager.exe
(Code 42 Software, Inc.) C:\Program Files\CrashPlan\CrashPlanTray.exe
(Hewlett-Packard) C:\Program Files (x86)\Hewlett-Packard\HP Keyboard\BATINDICATOR.exe
() F:\Program Files (x86)\AirVideoServer HD\ExternalEncoder.exe
(Hewlett-Packard) C:\Program Files (x86)\Hewlett-Packard\HP Keyboard\BATINDICATOR_HIDList.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
(Elaborate Bytes AG) F:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe
(Dropbox, Inc.) C:\Users\Ben\AppData\Roaming\Dropbox\bin\Dropbox.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
() F:\Program Files (x86)\Launchy\Launchy.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office 15\root\office15\ONENOTEM.EXE
(Microsoft Corporation) C:\Windows\SysWOW64\wbem\WmiPrvSE.exe
(Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe
(Valve Corporation) F:\Program Files (x86)\Steam\bin\steamwebhelper.exe
(Valve Corporation) C:\Program Files (x86)\Common Files\Steam\SteamService.exe
(Microsoft Corporation) C:\Windows\System32\SkyDrive.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesCommonX64\Microsoft Shared\OFFICE15\csisyncclient.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office 15\root\office15\msosync.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
(Google Inc.) F:\Program Files (x86)\Google\Update\GoogleUpdate.exe
(Google Inc.) F:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) F:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) F:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) F:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) F:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) F:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) F:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) F:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) F:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) F:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) F:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) F:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) F:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) F:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) F:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) F:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) F:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) F:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) F:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) F:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) F:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe
 
 
==================== Registry (Whitelisted) ==================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [XboxStat] => C:\Program Files\Microsoft Xbox 360 Accessories\XboxStat.exe [825184 2009-09-30] (Microsoft Corporation)
HKLM\...\Run: [tvncontrol] => F:\Program Files\TightVNC\tvnserver.exe [2179056 2013-07-19] (GlavSoft LLC.)
HKLM\...\Run: [ShadowPlay] => C:\WINDOWS\system32\rundll32.exe C:\WINDOWS\system32\nvspcap64.dll,ShadowPlayOnSystemStart
HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2531472 2014-12-12] (NVIDIA Corporation)
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [7204568 2013-11-04] (Realtek Semiconductor)
HKLM\...\Run: [Classic Start Menu] => F:\Program Files\Classic Shell\ClassicStartMenu.exe [161984 2014-04-20] (IvoSoft)
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [169768 2015-04-07] (Apple Inc.)
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [60712 2015-03-20] (Apple Inc.)
HKLM-x32\...\Run: [BATINDICATOR] => C:\Program Files (x86)\Hewlett-Packard\HP Keyboard\BATINDICATOR.exe [2068992 2011-12-14] (Hewlett-Packard)
HKLM-x32\...\Run: [BATINDICATORHL] => C:\Program Files (x86)\Hewlett-Packard\HP Keyboard\BATINDICATOR_HIDList.exe [557056 2010-07-23] (Hewlett-Packard)
HKLM-x32\...\Run: [IAStorIcon] => C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe [283160 2010-11-06] (Intel Corporation)
HKLM-x32\...\Run: [VirtualCloneDrive] => F:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe [88984 2013-03-10] (Elaborate Bytes AG)
HKLM-x32\...\Run: [Fitbit Connect] => F:\Program Files (x86)\Fitbit Connect\Fitbit Connect.exe [3414560 2014-05-19] (Fitbit, Inc.)
HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2014-10-02] (Apple Inc.)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [335232 2015-02-10] (Oracle Corporation)
HKU\S-1-5-21-2166418066-2980520373-1048856590-1000\...\Run: [Akamai NetSession Interface] => C:\Users\Ben\AppData\Local\Akamai\netsession_win.exe [4673432 2014-10-30] (Akamai Technologies, Inc.)
HKU\S-1-5-21-2166418066-2980520373-1048856590-1000\...\Run: [ApplePhotoStreams] => C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe [43816 2014-11-21] (Apple Inc.)
HKU\S-1-5-21-2166418066-2980520373-1048856590-1000\...\Run: [Steam] => F:\Program Files (x86)\Steam\steam.exe [2888384 2015-04-23] (Valve Corporation)
HKU\S-1-5-21-2166418066-2980520373-1048856590-1000\...\Run: [Uploadinator] => F:\Program Files (x86)\FluffyApp\FluffyApp.exe [351232 2014-04-10] (Richard Z.H. Wang)
HKU\S-1-5-21-2166418066-2980520373-1048856590-1000\...\Run: [iCloudServices] => C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe [43816 2014-11-21] (Apple Inc.)
HKU\S-1-5-21-2166418066-2980520373-1048856590-1000\...\Run: [AirVideoServerHD] => F:\Program Files (x86)\AirVideoServer HD\AirVideoServerStarter.exe [2217736 2014-09-29] (inMethod)
HKU\S-1-5-21-2166418066-2980520373-1048856590-1000\...\Run: [Fitbit Connect] => F:\Program Files (x86)\Fitbit Connect\Fitbit Connect.exe [3414560 2014-05-19] (Fitbit, Inc.)
HKU\S-1-5-21-2166418066-2980520373-1048856590-1000\...\Run: [Spotify Web Helper] => C:\Users\Ben\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe [1514040 2015-03-13] (Spotify Ltd)
HKU\S-1-5-21-2166418066-2980520373-1048856590-1000\...\Run: [iCloudDrive] => C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudDrive.exe [43816 2014-11-21] (Apple Inc.)
HKU\S-1-5-21-2166418066-2980520373-1048856590-1000\...\Run: [Google Update] => C:\Users\Ben\AppData\Local\Google\Update\GoogleUpdate.exe [107912 2015-01-31] (Google Inc.)
HKU\S-1-5-21-2166418066-2980520373-1048856590-1000\...\Run: [MusicManager] => C:\Users\Ben\AppData\Local\Programs\Google\MusicManager\MusicManager.exe [7475200 2015-03-31] (Google Inc.)
HKU\S-1-5-21-2166418066-2980520373-1048856590-1000\...\Run: [Spotify] => C:\Users\Ben\AppData\Roaming\Spotify\Spotify.exe [6553144 2015-03-13] (Spotify Ltd)
HKU\S-1-5-21-2166418066-2980520373-1048856590-1000\...\Run: [GoogleChromeAutoLaunch_8B4B86C2A5661DC92D9A84E265233F91] => C:\Program Files (x86)\Google\Chrome\Application\chrome.exe [812872 2015-04-13] (Google Inc.)
HKU\S-1-5-21-2166418066-2980520373-1048856590-1000\...\RunOnce: [Application Restart #3] => F:\Program Files (x86)\Google\Chrome\Application\chrome.exe [812872 2015-04-13] (Google Inc.)
HKU\S-1-5-21-2166418066-2980520373-1048856590-1000\...\RunOnce: [Application Restart #4] => C:\Users\Ben\AppData\Local\Pokki\Engine\pokki.exe  --disable-internal-flash --noerrdialogs --no-message-box --disable-extensions --disable-web-security --disable-web-resources --disable-client-side-ph (the data entry has 558 more characters).
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\CrashPlan Tray.lnk [2014-04-11]
ShortcutTarget: CrashPlan Tray.lnk -> C:\Program Files\CrashPlan\CrashPlanTray.exe (Code 42 Software, Inc.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Install LastPass FF RunOnce.lnk [2014-04-11]
ShortcutTarget: Install LastPass FF RunOnce.lnk -> C:\Program Files (x86)\Common Files\lpuninstall.exe (LastPass)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Universal Media Server.lnk [2014-10-24]
ShortcutTarget: Universal Media Server.lnk -> F:\Program Files (x86)\Universal Media Server\UMS.exe (Universal Media Server)
Startup: C:\Users\Ben\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\BB_FuturePress_GameStop_MiniGuide.pdf.lnk [2015-03-24]
ShortcutTarget: BB_FuturePress_GameStop_MiniGuide.pdf.lnk -> C:\ProgramData\{ed5b755c-bea7-212f-ed5b-b755cbead572}\BB_FuturePress_GameStop_MiniGuide.pdf.exe (No File)
Startup: C:\Users\Ben\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk [2013-06-29]
ShortcutTarget: Dropbox.lnk -> C:\Users\Ben\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
Startup: C:\Users\Ben\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Launchy.lnk [2014-04-10]
ShortcutTarget: Launchy.lnk -> F:\Program Files (x86)\Launchy\Launchy.exe ()
Startup: C:\Users\Ben\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Send to OneNote.lnk [2014-02-23]
ShortcutTarget: Send to OneNote.lnk -> C:\Program Files\Microsoft Office 15\root\office15\ONENOTEM.EXE (Microsoft Corporation)
Startup: C:\Users\Ben\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ToggleHiddenFiles.exe - Shortcut.lnk [2011-12-14]
ShortcutTarget: ToggleHiddenFiles.exe - Shortcut.lnk -> E:\Users\Ben\Documents\Toggle HF\ToggleHiddenFiles.exe (No File)
SSODL: EldosMountNotificator - {5FF49FE8-B332-4CB9-B102-FB6951629E55} - C:\Windows\system32\CbFsMntNtf3.dll (EldoS Corporation)
SSODL-x32: EldosMountNotificator - {5FF49FE8-B332-4CB9-B102-FB6951629E55} - C:\Windows\SysWOW64\CbFsMntNtf3.dll (EldoS Corporation)
ShellIconOverlayIdentifiers: [EldosIconOverlay] -> {5BB532A2-BF14-4CCC-86B7-71B81EF6F8BC} => C:\Windows\system32\CbFsMntNtf3.dll [2012-04-09] (EldoS Corporation)
ShellIconOverlayIdentifiers: [HardLinkMenu] -> {0A479751-02BC-11d3-A855-0004AC2568AA} => F:\Program Files\LinkShellExtension\HardlinkShellExt.dll [2013-12-29] (Hermann Schinagl)
ShellIconOverlayIdentifiers: [IconOverlayHardLink] -> {0A479751-02BC-11d3-A855-0004AC2568DD} => F:\Program Files\LinkShellExtension\HardlinkShellExt.dll [2013-12-29] (Hermann Schinagl)
ShellIconOverlayIdentifiers: [IconOverlaySymbolicLink] -> {0A479751-02BC-11d3-A855-0004AC2568EE} => F:\Program Files\LinkShellExtension\HardlinkShellExt.dll [2013-12-29] (Hermann Schinagl)
ShellIconOverlayIdentifiers-x32: [EldosIconOverlay] -> {5BB532A2-BF14-4CCC-86B7-71B81EF6F8BC} => C:\Windows\SysWOW64\CbFsMntNtf3.dll [2012-04-09] (EldoS Corporation)
ShellIconOverlayIdentifiers-x32: [HardLinkMenu] -> {0A479751-02BC-11d3-A855-0004AC2568AA} => F:\Program Files\LinkShellExtension\32\HardlinkShellExt.dll [2013-12-29] (Hermann Schinagl)
ShellIconOverlayIdentifiers-x32: [IconOverlayHardLink] -> {0A479751-02BC-11d3-A855-0004AC2568DD} => F:\Program Files\LinkShellExtension\32\HardlinkShellExt.dll [2013-12-29] (Hermann Schinagl)
ShellIconOverlayIdentifiers-x32: [IconOverlaySymbolicLink] -> {0A479751-02BC-11d3-A855-0004AC2568EE} => F:\Program Files\LinkShellExtension\32\HardlinkShellExt.dll [2013-12-29] (Hermann Schinagl)
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
HKU\S-1-5-21-2166418066-2980520373-1048856590-1000\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/?ocid=iehp
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\Office15\MSOSB.DLL [2014-04-08] (Microsoft Corporation)
Handler-x32: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX86\Microsoft Office\Office15\MSOSB.DLL [2015-02-03] (Microsoft Corporation)
Tcpip\Parameters: [DhcpNameServer] 75.75.75.75 75.75.76.76
 
FireFox:
========
FF ProfilePath: C:\Users\Ben\AppData\Roaming\Mozilla\Firefox\Profiles\06xy0nyz.default
FF DefaultSearchEngine.US: Google
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_17_0_0_169.dll [2015-04-14] ()
FF Plugin: @java.com/DTPlugin,version=11.40.2 -> C:\Program Files\Java\jre1.8.0_40\bin\dtplugin\npDeployJava1.dll [2015-03-22] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.40.2 -> C:\Program Files\Java\jre1.8.0_40\bin\plugin2\npjp2.dll [2015-03-22] (Oracle Corporation)
FF Plugin: @lastpass.com/NPLastPass -> F:\Program Files (x86)\LastPass\nplastpass64.dll [2014-04-11] (LastPass)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll [2014-05-13] ( Microsoft Corporation)
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL [2014-02-11] (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_17_0_0_169.dll [2015-04-14] ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2014-10-30] ()
FF Plugin-x32: @esn.me/esnsonar,version=0.70.4 -> C:\Program Files (x86)\Battlelog Web Plugins\Sonar\0.70.4\npesnsonar.dll [2011-11-03] (ESN Social Software AB)
FF Plugin-x32: @esn/esnlaunch,version=2.1.7 -> C:\Program Files (x86)\Battlelog Web Plugins\2.1.7\npesnlaunch.dll [2013-05-30] (ESN Social Software AB)
FF Plugin-x32: @java.com/DTPlugin,version=11.40.2 -> C:\Program Files (x86)\Java\jre1.8.0_40\bin\dtplugin\npDeployJava1.dll [2015-03-22] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.40.2 -> C:\Program Files (x86)\Java\jre1.8.0_40\bin\plugin2\npjp2.dll [2015-03-22] (Oracle Corporation)
FF Plugin-x32: @lastpass.com/NPLastPass -> F:\Program Files (x86)\LastPass\nplastpass.dll [2014-04-11] (LastPass)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll [2014-05-13] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX86\Microsoft Office\Office15\NPSPWRAP.DLL [2014-02-11] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2011-05-13] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3538.0513 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2011-05-13] (Microsoft Corporation)
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [2015-02-05] (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2015-02-05] (NVIDIA Corporation)
FF Plugin-x32: @playon.tv/PlayOnToolbar -> C:\Program Files (x86)\MediaMall\toolbar\npVT.dll No File
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-02-03] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-02-03] (Google Inc.)
FF Plugin HKU\S-1-5-21-2166418066-2980520373-1048856590-1000: @tools.google.com/Google Update;version=3 -> C:\Users\Ben\AppData\Local\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-02-04] (Google Inc.)
FF Plugin HKU\S-1-5-21-2166418066-2980520373-1048856590-1000: @tools.google.com/Google Update;version=9 -> C:\Users\Ben\AppData\Local\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-02-04] (Google Inc.)
FF Plugin HKU\S-1-5-21-2166418066-2980520373-1048856590-1000: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\Ben\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll [2014-10-08] (Unity Technologies ApS)
FF Plugin HKU\S-1-5-21-2166418066-2980520373-1048856590-1000: ubisoft.com/uplaypc -> C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\npuplaypc.dll [2014-05-18] ()
 
Chrome: 
=======
CHR HomePage: Default -> hxxp://www.google.com/
CHR Profile: C:\Users\Ben\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Slides) - C:\Users\Ben\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-04-23]
CHR Extension: (CheapShark Deal Search) - C:\Users\Ben\AppData\Local\Google\Chrome\User Data\Default\Extensions\ahdfdhcljjiogoabcemgldinhgoemmjc [2015-04-23]
CHR Extension: (Unfriend Notify for Facebook) - C:\Users\Ben\AppData\Local\Google\Chrome\User Data\Default\Extensions\ahigpjeolkfgjdaeodlmaceggigbpeoh [2015-04-23]
CHR Extension: (Google Docs) - C:\Users\Ben\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-04-23]
CHR Extension: (Google Drive) - C:\Users\Ben\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-04-23]
CHR Extension: (YouTube) - C:\Users\Ben\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-04-23]
CHR Extension: (Google Cast) - C:\Users\Ben\AppData\Local\Google\Chrome\User Data\Default\Extensions\boadgeojelhgndaghljhdicfkmllpafd [2015-04-23]
CHR Extension: (Pushbullet) - C:\Users\Ben\AppData\Local\Google\Chrome\User Data\Default\Extensions\chlffgpmiacpedhhbkiomidkjlcfhogd [2015-04-23]
CHR Extension: (Videostream for Google Chromecast™) - C:\Users\Ben\AppData\Local\Google\Chrome\User Data\Default\Extensions\cnciopoikihiagdjbjpnocolokfelagl [2015-04-23]
CHR Extension: (Spotify - Music for every moment) - C:\Users\Ben\AppData\Local\Google\Chrome\User Data\Default\Extensions\cnkjkdjlofllcpbemipjbcpfnglbgieh [2015-04-23]
CHR Extension: (Google Search) - C:\Users\Ben\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-04-23]
CHR Extension: (Google News) - C:\Users\Ben\AppData\Local\Google\Chrome\User Data\Default\Extensions\dllkocilcinkggkchnjgegijklcililc [2015-04-23]
CHR Extension: (Share link via email) - C:\Users\Ben\AppData\Local\Google\Chrome\User Data\Default\Extensions\ejdbkikfbnnhmachnnomjfgjbgkcnjkb [2015-04-23]
CHR Extension: (Wikiwand: Wikipedia Modernized) - C:\Users\Ben\AppData\Local\Google\Chrome\User Data\Default\Extensions\emffkefkbkpkgpdeeooapgaicgmcbolj [2015-04-23]
CHR Extension: (Flix Plus by Lifehacker) - C:\Users\Ben\AppData\Local\Google\Chrome\User Data\Default\Extensions\fcjjgdnadfneaamhipplgpfkdnbfagla [2015-04-23]
CHR Extension: (Google Sheets) - C:\Users\Ben\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-04-23]
CHR Extension: (Chrome Remote Desktop) - C:\Users\Ben\AppData\Local\Google\Chrome\User Data\Default\Extensions\gbchcmhmhahfdphkhkmpfmihenigjmpp [2015-04-23]
CHR Extension: (The Camelizer) - C:\Users\Ben\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghnomdcacenbmilgjigehppbamfndblo [2015-04-23]
CHR Extension: (BetaFish Adblocker) - C:\Users\Ben\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2015-04-23]
CHR Extension: (Bookmark Manager) - C:\Users\Ben\AppData\Local\Google\Chrome\User Data\Default\Extensions\gmlllbghnfkpflemihljekbapjopfjik [2015-04-23]
CHR Extension: (AmazonSmile 1Button for Chrome) - C:\Users\Ben\AppData\Local\Google\Chrome\User Data\Default\Extensions\hdgenjhkjihnmigcommchefpajjhdmba [2015-04-23]
CHR Extension: (LastPass: Free Password Manager) - C:\Users\Ben\AppData\Local\Google\Chrome\User Data\Default\Extensions\hdokiejnpimakedhajhdlcegeplioahd [2015-04-23]
CHR Extension: (feedly) - C:\Users\Ben\AppData\Local\Google\Chrome\User Data\Default\Extensions\hipbfijinpcgfogaopmgehiegacbhmob [2015-04-23]
CHR Extension: (Smile Always) - C:\Users\Ben\AppData\Local\Google\Chrome\User Data\Default\Extensions\jgpmhnmjbhgkhpbgelalfpplebgfjmbf [2015-04-23]
CHR Extension: (Floating YouTube™) - C:\Users\Ben\AppData\Local\Google\Chrome\User Data\Default\Extensions\jjphmlaoffndcnecccgemfdaaoighkel [2015-04-23]
CHR Extension: (Cisco WebEx Extension) - C:\Users\Ben\AppData\Local\Google\Chrome\User Data\Default\Extensions\jlhmfgmfgeifomenelglieieghnjghma [2015-04-23]
CHR Extension: (Chrome Hotword Shared Module) - C:\Users\Ben\AppData\Local\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg [2015-04-23]
CHR Extension: (Play Midnight for Google Play Music™) - C:\Users\Ben\AppData\Local\Google\Chrome\User Data\Default\Extensions\ljmjmhjkcgfmfdhgplikncgndbdeckci [2015-04-23]
CHR Extension: (Google Play Last.fm Scrobbler) - C:\Users\Ben\AppData\Local\Google\Chrome\User Data\Default\Extensions\llpepekkleeoeiloijhcafgpjdnhhcbl [2015-04-23]
CHR Extension: (Google Maps) - C:\Users\Ben\AppData\Local\Google\Chrome\User Data\Default\Extensions\lneaknkopdijkpnocmklfnjbeapigfbh [2015-04-23]
CHR Extension: (Humble New Tab Page) - C:\Users\Ben\AppData\Local\Google\Chrome\User Data\Default\Extensions\mfgdmpfihlmdekaclngibpjhdebndhdj [2015-04-23]
CHR Extension: (Pinboard Plus) - C:\Users\Ben\AppData\Local\Google\Chrome\User Data\Default\Extensions\mphdppdgoagghpmmhodmfajjlloijnbd [2015-04-23]
CHR Extension: (Google Wallet) - C:\Users\Ben\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-04-23]
CHR Extension: (Pickpocket) - C:\Users\Ben\AppData\Local\Google\Chrome\User Data\Default\Extensions\ohfomjjafcdfkdodojjgkhlepcofaail [2015-04-23]
CHR Extension: (Wunderlist for Chrome) - C:\Users\Ben\AppData\Local\Google\Chrome\User Data\Default\Extensions\ojcflmmmcfpacggndoaaflkmcoblhnbh [2015-04-23]
CHR Extension: (Enhanced Steam) - C:\Users\Ben\AppData\Local\Google\Chrome\User Data\Default\Extensions\okadibdjfemgnhjiembecghcbfknbfhg [2015-04-23]
CHR Extension: (Gmail) - C:\Users\Ben\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-04-23]
CHR Extension: (Popout for YouTube™) - C:\Users\Ben\AppData\Local\Google\Chrome\User Data\Default\Extensions\pofekaindcmmojfnfgbpklepkjfilcep [2015-04-23]
 
Opera: 
=======
StartMenuInternet: (HKLM) Opera - E:\Program Files (x86)\Opera\Opera.exe
 
==================== Services (Whitelisted) =================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [77128 2015-01-20] (Apple Inc.)
R2 asComSvc; C:\Program Files (x86)\ASUS\AXSP\1.00.19\atkexComSvc.exe [920736 2012-10-05] ()
R2 asHmComSvc; C:\Program Files (x86)\ASUS\AAHM\1.00.20\aaHMSvc.exe [951936 2012-10-05] (ASUSTeK Computer Inc.)
R2 AsSysCtrlService; C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.13\AsSysCtrlService.exe [149120 2012-02-17] (ASUSTeK Computer Inc.)
R2 AsusFanControlService; C:\Program Files (x86)\ASUS\AsusFanControlService\1.01.04\AsusFanControlService.exe [1473664 2012-04-10] (ASUSTeK Computer Inc.)
S3 BthHFSrv; C:\Windows\System32\BthHFSrv.dll [324608 2014-10-28] (Microsoft Corporation)
R2 chromoting; C:\Program Files (x86)\Google\Chrome Remote Desktop\42.0.2311.39\remoting_host.exe [56648 2015-03-08] (Google Inc.)
R2 ClickToRunSvc; C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe [2714800 2015-02-10] (Microsoft Corporation)
R2 CrashPlanService; C:\Program Files\CrashPlan\CrashPlanService.exe [223232 2014-02-19] (Code 42 Software) [File not signed]
R2 DokanMounter; C:\Program Files (x86)\Dokan\DokanLibrary\mounter.exe [11776 2010-07-05] () [File not signed]
R2 Fitbit Connect; F:\Program Files (x86)\Fitbit Connect\FitbitConnectService.exe [1436192 2014-05-19] (Fitbit, Inc.)
S3 Futuremark SystemInfo Service; C:\Program Files (x86)\Futuremark\SystemInfo\FMSISvc.exe [614624 2014-12-10] (Futuremark)
S3 GalaxyService; C:\Program Files (x86)\GalaxyClient\GalaxyService.exe [1885472 2014-07-17] (GOG.com)
R2 GfExperienceService; C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe [1148560 2014-12-12] (NVIDIA Corporation)
R2 MSMQ; C:\Windows\system32\mqsvc.exe [25600 2013-10-19] (Microsoft Corporation)
R2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1701520 2014-12-12] (NVIDIA Corporation)
R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [19823248 2014-12-12] (NVIDIA Corporation)
S3 Origin Client Service; F:\Program Files (x86)\Origin\OriginClientService.exe [1910128 2015-02-22] (Electronic Arts)
R2 tvnserver; F:\Program Files\TightVNC\tvnserver.exe [2179056 2013-07-19] (GlavSoft LLC.)
S3 w3logsvc; C:\Windows\system32\inetsrv\w3logsvc.dll [76800 2014-07-02] (Microsoft Corporation)
R2 W3SVC; C:\Windows\system32\inetsrv\iisw3adm.dll [546304 2013-10-19] (Microsoft Corporation)
R3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [366520 2015-02-03] (Microsoft Corporation)
R2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23792 2015-02-03] (Microsoft Corporation)
S2 MediaMall Server; "C:\Program Files (x86)\MediaMall\MediaMallServer.exe" [X]
 
==================== Drivers (Whitelisted) ====================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
S3 AiCharger; C:\Windows\SysWow64\drivers\AiCharger.sys [14848 2012-03-22] (ASUSTek Computer Inc.)
R3 AiChargerDT; C:\Windows\SysWow64\drivers\AiChargerDT.sys [14880 2012-10-18] (ASUSTek Computer Inc.)
R1 AsIO; C:\Windows\SysWow64\drivers\AsIO.sys [15232 2012-08-22] ()
R1 AsUpIO; C:\Windows\SysWow64\drivers\AsUpIO.sys [14464 2010-08-03] ()
R2 Dokan; C:\Windows\system32\drivers\dokan.sys [106888 2010-07-05] (Windows ® Win 7 DDK provider)
S3 FlyUsb; C:\Windows\System32\drivers\FlyUsb.sys [24576 2013-10-31] (LeapFrog)
S3 HTCAND64; C:\Windows\System32\Drivers\ANDROIDUSB.sys [33736 2009-11-02] (HTC, Corporation) [File not signed]
R3 MQAC; C:\Windows\System32\drivers\mqac.sys [173568 2013-10-19] (Microsoft Corporation)
R3 msvad_simple; C:\Windows\system32\drivers\povrtdev.sys [28528 2012-03-29] (MediaMall Technologies, Inc.)
R3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [19600 2014-12-12] (NVIDIA Corporation)
R3 nvvad_WaveExtensible; C:\Windows\system32\drivers\nvvad64v.sys [38032 2014-11-22] (NVIDIA Corporation)
R1 RawDisk3; C:\WINDOWS\system32\drivers\rawdsk3.sys [32912 2014-08-12] (EldoS Corporation)
R3 sthid; C:\Windows\System32\drivers\sthid.sys [21216 2014-03-18] (Splashtop Inc.)
S3 VLAN; C:\Windows\System32\DRIVERS\RtVLAN60.sys [29472 2010-01-14] (Windows ® Codename Longhorn DDK provider)
R3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [114496 2015-02-03] (Microsoft Corporation)
R3 xusb22; C:\Windows\System32\drivers\xusb22.sys [87040 2014-03-18] (Microsoft Corporation)
 
==================== NetSvcs (Whitelisted) ===================
 
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
 
 
==================== One Month Created Files and Folders ========
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2015-04-23 20:51 - 2015-04-23 20:51 - 00002281 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2015-04-23 20:51 - 2015-04-23 20:51 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
2015-04-20 18:20 - 2015-04-20 18:20 - 00001765 _____ () C:\Users\Public\Desktop\iTunes.lnk
2015-04-20 18:20 - 2015-04-20 18:20 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
2015-04-20 18:20 - 2015-04-20 18:20 - 00000000 ____D () C:\ProgramData\E1864A66-75E3-486a-BD95-D1B7D99A84A7
2015-04-20 18:20 - 2015-04-20 18:20 - 00000000 ____D () C:\Program Files\iTunes
2015-04-20 18:20 - 2015-04-20 18:20 - 00000000 ____D () C:\Program Files\iPod
2015-04-20 18:20 - 2015-04-20 18:20 - 00000000 ____D () C:\Program Files (x86)\iTunes
2015-04-19 14:08 - 2015-04-19 14:08 - 00000000 ____D () C:\PatchMyPCUpdates
2015-04-19 12:07 - 2015-04-23 20:48 - 00000924 _____ () C:\WINDOWS\setupact.log
2015-04-19 12:07 - 2015-04-19 12:07 - 00000000 _____ () C:\WINDOWS\setuperr.log
2015-04-19 12:01 - 2015-04-23 20:56 - 00000000 ____D () C:\FRST
2015-04-19 12:00 - 2015-04-23 20:47 - 00000000 ____D () C:\AdwCleaner
2015-04-18 18:26 - 2015-04-18 18:27 - 00000000 ____D () C:\Users\Ben\AppData\Local\CutePDF Writer
2015-04-18 18:26 - 2015-04-18 18:26 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CutePDF
2015-04-18 18:26 - 2015-04-18 18:26 - 00000000 ____D () C:\Program Files (x86)\GPLGS
2015-04-18 18:26 - 2015-04-18 18:26 - 00000000 ____D () C:\Program Files (x86)\Acro Software
2015-04-18 18:26 - 2013-10-23 15:24 - 00087600 _____ () C:\WINDOWS\system32\cpwmon64.dll
2015-04-18 14:25 - 2015-04-23 20:48 - 00795318 _____ () C:\WINDOWS\WindowsUpdate.log
2015-04-14 23:16 - 2015-04-14 23:16 - 00000000 ____D () C:\WINDOWS\system32\appraiser
2015-04-14 22:13 - 2015-03-23 16:59 - 07476032 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe
2015-04-14 22:13 - 2015-03-23 16:59 - 01733952 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntdll.dll
2015-04-14 22:13 - 2015-03-23 16:59 - 00360480 _____ (Microsoft Corporation) C:\WINDOWS\system32\sechost.dll
2015-04-14 22:13 - 2015-03-23 16:58 - 01498872 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ntdll.dll
2015-04-14 22:13 - 2015-03-23 16:45 - 00257216 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\sechost.dll
2015-04-14 22:13 - 2015-03-19 23:12 - 00246272 _____ (Microsoft Corporation) C:\WINDOWS\system32\microsoft-windows-system-events.dll
2015-04-14 22:13 - 2015-03-19 23:10 - 00285184 _____ (Microsoft Corporation) C:\WINDOWS\system32\wow64.dll
2015-04-14 22:13 - 2015-03-19 23:10 - 00013312 _____ (Microsoft Corporation) C:\WINDOWS\system32\wow64cpu.dll
2015-04-14 22:13 - 2015-03-19 22:17 - 00411648 _____ (Microsoft Corporation) C:\WINDOWS\system32\tracerpt.exe
2015-04-14 22:13 - 2015-03-19 21:41 - 00369152 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tracerpt.exe
2015-04-14 22:13 - 2015-03-19 21:40 - 00950784 _____ (Microsoft Corporation) C:\WINDOWS\system32\tdh.dll
2015-04-14 22:13 - 2015-03-19 21:16 - 00749568 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tdh.dll
2015-04-14 22:13 - 2015-03-14 03:20 - 01385256 _____ (Microsoft Corporation) C:\WINDOWS\system32\msctf.dll
2015-04-14 22:13 - 2015-03-14 03:13 - 01124352 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msctf.dll
2015-04-14 22:13 - 2015-03-12 21:58 - 00259072 _____ (Microsoft Corporation) C:\WINDOWS\system32\pku2u.dll
2015-04-14 22:13 - 2015-03-12 21:37 - 00208896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\pku2u.dll
2015-04-14 22:13 - 2015-02-20 18:49 - 00780800 _____ (Microsoft Corporation) C:\WINDOWS\system32\lsm.dll
2015-04-14 22:12 - 2015-03-22 17:45 - 00227328 _____ (Microsoft Corporation) C:\WINDOWS\system32\aepdu.dll
2015-04-14 22:12 - 2015-03-22 17:09 - 01111552 _____ (Microsoft Corporation) C:\WINDOWS\system32\aeinv.dll
2015-04-14 22:12 - 2015-03-22 17:09 - 00957440 _____ (Microsoft Corporation) C:\WINDOWS\system32\appraiser.dll
2015-04-14 22:12 - 2015-03-22 17:09 - 00769024 _____ (Microsoft Corporation) C:\WINDOWS\system32\invagent.dll
2015-04-14 22:12 - 2015-03-22 17:09 - 00726528 _____ (Microsoft Corporation) C:\WINDOWS\system32\generaltel.dll
2015-04-14 22:12 - 2015-03-22 17:09 - 00419328 _____ (Microsoft Corporation) C:\WINDOWS\system32\devinv.dll
2015-04-14 22:12 - 2015-03-22 17:09 - 00030720 _____ (Microsoft Corporation) C:\WINDOWS\system32\acmigration.dll
2015-04-14 22:12 - 2015-03-14 03:54 - 00133256 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuauclt.exe
2015-04-14 22:12 - 2015-03-13 20:56 - 00066048 _____ (Microsoft Corporation) C:\WINDOWS\system32\wups.dll
2015-04-14 22:12 - 2015-03-13 20:56 - 00052224 _____ (Microsoft Corporation) C:\WINDOWS\system32\wups2.dll
2015-04-14 22:12 - 2015-03-13 20:51 - 00015360 _____ (Microsoft Corporation) C:\WINDOWS\system32\wu.upgrade.ps.dll
2015-04-14 22:12 - 2015-03-13 20:37 - 00267264 _____ (Microsoft Corporation) C:\WINDOWS\system32\WinSetupUI.dll
2015-04-14 22:12 - 2015-03-13 20:14 - 00027136 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wups.dll
2015-04-14 22:12 - 2015-03-13 19:22 - 03678720 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuaueng.dll
2015-04-14 22:12 - 2015-03-13 19:12 - 00140288 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuwebv.dll
2015-04-14 22:12 - 2015-03-13 19:12 - 00035840 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuapp.exe
2015-04-14 22:12 - 2015-03-13 19:09 - 00200192 _____ (Microsoft Corporation) C:\WINDOWS\system32\storewuauth.dll
2015-04-14 22:12 - 2015-03-13 19:08 - 00408064 _____ (Microsoft Corporation) C:\WINDOWS\system32\WUSettingsProvider.dll
2015-04-14 22:12 - 2015-03-13 19:08 - 00095744 _____ (Microsoft Corporation) C:\WINDOWS\system32\wudriver.dll
2015-04-14 22:12 - 2015-03-13 19:06 - 02373632 _____ (Microsoft Corporation) C:\WINDOWS\system32\wucltux.dll
2015-04-14 22:12 - 2015-03-13 19:06 - 00891392 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuapi.dll
2015-04-14 22:12 - 2015-03-13 19:02 - 00124928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wuwebv.dll
2015-04-14 22:12 - 2015-03-13 19:02 - 00029696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wuapp.exe
2015-04-14 22:12 - 2015-03-13 18:59 - 00721920 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wuapi.dll
2015-04-14 22:12 - 2015-03-13 18:59 - 00081920 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wudriver.dll
2015-04-14 22:12 - 2015-03-12 23:32 - 24980480 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2015-04-14 22:12 - 2015-03-12 23:08 - 00584192 _____ (Microsoft Corporation) C:\WINDOWS\system32\vbscript.dll
2015-04-14 22:12 - 2015-03-12 23:07 - 02886144 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll
2015-04-14 22:12 - 2015-03-12 22:53 - 00816128 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript.dll
2015-04-14 22:12 - 2015-03-12 22:50 - 06025216 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
2015-04-14 22:12 - 2015-03-12 22:42 - 19695616 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2015-04-14 22:12 - 2015-03-12 22:28 - 00503296 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\vbscript.dll
2015-04-14 22:12 - 2015-03-12 22:26 - 00092160 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtmled.dll
2015-04-14 22:12 - 2015-03-12 22:22 - 02278400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll
2015-04-14 22:12 - 2015-03-12 22:17 - 01032704 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcomm.dll
2015-04-14 22:12 - 2015-03-12 22:16 - 00664064 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript.dll
2015-04-14 22:12 - 2015-03-12 22:08 - 00720384 _____ (Microsoft Corporation) C:\WINDOWS\system32\ie4uinit.exe
2015-04-14 22:12 - 2015-03-12 22:07 - 00801280 _____ (Microsoft Corporation) C:\WINDOWS\system32\msfeeds.dll
2015-04-14 22:12 - 2015-03-12 22:00 - 14397440 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2015-04-14 22:12 - 2015-03-12 21:50 - 00880128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcomm.dll
2015-04-14 22:12 - 2015-03-12 21:49 - 04305408 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll
2015-04-14 22:12 - 2015-03-12 21:45 - 02358784 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll
2015-04-14 22:12 - 2015-03-12 21:44 - 00689152 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msfeeds.dll
2015-04-14 22:12 - 2015-03-12 21:34 - 12825600 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
2015-04-14 22:12 - 2015-03-12 21:33 - 01548288 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
2015-04-14 22:12 - 2015-03-12 21:22 - 00800768 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieapfltr.dll
2015-04-14 22:12 - 2015-03-12 21:20 - 01888256 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll
2015-04-14 22:12 - 2015-03-12 21:16 - 01311232 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll
2015-04-14 22:12 - 2015-03-12 21:14 - 00710144 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieapfltr.dll
2015-04-14 22:12 - 2015-03-04 05:25 - 00377152 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\clfs.sys
2015-04-14 22:12 - 2015-03-03 22:04 - 00075264 _____ (Microsoft Corporation) C:\WINDOWS\system32\clfsw32.dll
2015-04-14 22:12 - 2015-03-03 21:19 - 00058880 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\clfsw32.dll
2015-04-14 22:12 - 2015-02-24 03:32 - 00991552 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\http.sys
2015-04-14 22:12 - 2014-12-02 18:09 - 00192000 _____ (Microsoft Corporation) C:\WINDOWS\system32\aepic.dll
2015-04-10 17:47 - 2015-04-23 20:42 - 00000020 _____ () C:\Users\Ben\AppData\Roaming\appdataFr3.bin
2015-04-09 17:45 - 2015-04-09 18:26 - 00000000 ____D () C:\Program Files (x86)\AppendInit
2015-04-09 17:44 - 2015-04-09 18:26 - 00000000 ____D () C:\Program Files (x86)\BruowsinngClearr
2015-04-09 17:44 - 2015-04-09 17:44 - 00000000 ____D () C:\Program Files (x86)\DiscountExt
2015-04-09 09:47 - 2015-04-21 19:44 - 00000020 _____ () C:\Users\hmaur_000.BEN-PC\AppData\Roaming\appdataFr3.bin
2015-04-08 07:05 - 2015-04-09 18:26 - 00000000 ____D () C:\Program Files (x86)\IncludeRunner
2015-04-03 22:24 - 2015-04-03 22:24 - 00000000 ___SD () C:\WINDOWS\SysWOW64\GWX
2015-04-03 22:24 - 2015-04-03 22:24 - 00000000 ___SD () C:\WINDOWS\system32\GWX
2015-03-26 23:21 - 2015-03-26 23:21 - 00000000 ____D () C:\ProgramData\Malwarebytes
2015-03-26 22:00 - 2015-03-26 22:00 - 00000000 ____D () C:\Users\hmaur_000.BEN-PC\AppData\Roaming\SUPERAntiSpyware.com
 
==================== One Month Modified Files and Folders =======
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2015-04-23 20:54 - 2013-09-29 23:04 - 00994132 _____ () C:\WINDOWS\system32\PerfStringBackup.INI
2015-04-23 20:53 - 2012-11-04 21:27 - 00003598 _____ () C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-2166418066-2980520373-1048856590-1000
2015-04-23 20:51 - 2011-08-19 22:52 - 00000000 ____D () C:\Users\Ben\AppData\Local\Google
2015-04-23 20:49 - 2014-02-11 20:11 - 00004958 _____ () C:\WINDOWS\System32\Tasks\Microsoft Office 15 Sync Maintenance for BEN-PC-Ben Ben-PC
2015-04-23 20:49 - 2013-10-18 22:01 - 00000000 __RDO () C:\Users\Ben\SkyDrive
2015-04-23 20:49 - 2011-08-21 22:15 - 00000000 ____D () C:\Users\Ben\AppData\Roaming\Spotify
2015-04-23 20:48 - 2014-10-24 18:47 - 00000000 ____D () C:\ProgramData\UMS
2015-04-23 20:48 - 2014-10-19 16:28 - 00000000 ___RD () C:\Users\Ben\iCloudDrive
2015-04-23 20:48 - 2013-12-19 21:53 - 00000916 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2015-04-23 20:48 - 2013-10-18 21:45 - 00000000 ____D () C:\ProgramData\NVIDIA
2015-04-23 20:48 - 2013-08-22 09:45 - 00000006 ____H () C:\WINDOWS\Tasks\SA.DAT
2015-04-23 20:48 - 2011-09-02 20:58 - 00000000 ____D () C:\Users\Ben\AppData\Roaming\Dropbox
2015-04-23 20:47 - 2013-08-22 08:25 - 00786432 ___SH () C:\WINDOWS\system32\config\BBI
2015-04-23 20:45 - 2014-12-21 22:00 - 00000000 ____D () C:\Users\Ben\AppData\Roaming\ClassicShell
2015-04-23 20:43 - 2014-04-09 19:43 - 00000000 ____D () C:\Users\Ben\AppData\Local\Spotify
2015-04-23 20:37 - 2011-08-20 00:49 - 00000000 ____D () C:\Users\Ben\AppData\Roaming\uTorrent
2015-04-23 20:35 - 2015-01-31 22:25 - 00000914 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-2166418066-2980520373-1048856590-1000UA.job
2015-04-23 20:33 - 2013-12-19 21:53 - 00000920 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2015-04-23 20:03 - 2014-07-09 21:12 - 00000830 _____ () C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
2015-04-23 20:00 - 2013-08-22 10:36 - 00000000 ____D () C:\WINDOWS\system32\sru
2015-04-23 14:49 - 2013-12-19 21:52 - 00003910 _____ () C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{4BFFC691-929E-4BE7-9BB1-A97964BC0E33}
2015-04-23 02:30 - 2012-05-19 17:56 - 00000000 ____D () C:\ProgramData\MediaMall
2015-04-23 00:35 - 2015-01-31 22:25 - 00000862 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-2166418066-2980520373-1048856590-1000Core.job
2015-04-22 19:03 - 2014-12-22 09:20 - 00000000 ____D () C:\Users\hmaur_000.BEN-PC\AppData\Roaming\ClassicShell
2015-04-22 19:02 - 2013-02-10 14:39 - 00000000 ____D () C:\Users\hmaur_000.BEN-PC\AppData\Roaming\Spotify
2015-04-22 19:02 - 2013-02-10 14:39 - 00000000 ____D () C:\Users\hmaur_000.BEN-PC\AppData\Local\Spotify
2015-04-22 18:16 - 2013-10-19 12:44 - 00003934 _____ () C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{42229D0F-A9F9-4CAA-824D-E89DA53BFAA3}
2015-04-21 20:00 - 2012-11-27 23:23 - 00003600 _____ () C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-2166418066-2980520373-1048856590-1024
2015-04-21 19:55 - 2013-08-22 10:36 - 00000000 ____D () C:\WINDOWS\AppReadiness
2015-04-21 19:45 - 2013-10-19 09:51 - 00000000 __RDO () C:\Users\hmaur_000.BEN-PC\SkyDrive
2015-04-20 18:21 - 2014-02-25 18:02 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SUPERAntiSpyware
2015-04-20 18:20 - 2011-08-20 00:20 - 00000000 ____D () C:\Program Files\Common Files\Apple
2015-04-20 18:18 - 2013-08-30 18:02 - 00007601 _____ () C:\Users\Ben\AppData\Local\Resmon.ResmonCfg
2015-04-18 11:17 - 2013-10-19 13:05 - 00000000 ____D () C:\WINDOWS\Minidump
2015-04-18 11:17 - 2011-08-20 12:28 - 00000000 ____D () C:\Users\Ben\AppData\Roaming\Thunderbird
2015-04-17 18:05 - 2014-07-27 18:26 - 00000000 ____D () C:\Users\Ben\AppData\Roaming\FileZilla
2015-04-16 19:38 - 2013-10-18 21:49 - 00000000 ____D () C:\Users\Ben
2015-04-16 17:13 - 2013-10-18 21:49 - 00000000 ____D () C:\Users\hmaur_000.BEN-PC
2015-04-15 23:39 - 2012-07-26 02:59 - 00000000 ____D () C:\WINDOWS\CbsTemp
2015-04-14 23:41 - 2013-08-22 10:36 - 00000000 ____D () C:\WINDOWS\rescache
2015-04-14 23:33 - 2013-08-22 10:36 - 00000000 ____D () C:\WINDOWS\AppCompat
2015-04-14 23:16 - 2014-12-17 21:21 - 00000000 ___SD () C:\WINDOWS\system32\CompatTel
2015-04-14 22:46 - 2012-11-27 23:33 - 00000000 ____D () C:\Users\hmaur_000.BEN-PC\AppData\Local\CrashDumps
2015-04-14 22:44 - 2013-08-13 21:00 - 00000000 ____D () C:\WINDOWS\system32\MRT
2015-04-14 22:38 - 2011-08-19 23:39 - 128913832 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2015-04-14 12:03 - 2014-07-09 21:12 - 00003718 _____ () C:\WINDOWS\System32\Tasks\Adobe Flash Player Updater
2015-04-13 18:24 - 2013-08-22 10:38 - 00792056 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
2015-04-13 18:24 - 2013-08-22 10:38 - 00178168 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl
2015-04-11 15:56 - 2011-08-20 00:20 - 00000000 ____D () C:\Users\Ben\AppData\Local\Apple Computer
2015-04-10 17:48 - 2011-09-02 20:58 - 00000000 ____D () C:\Users\Ben\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
2015-04-09 18:00 - 2014-04-10 21:42 - 00002794 _____ () C:\WINDOWS\System32\Tasks\CCleanerSkipUAC
2015-04-09 17:44 - 2015-03-01 15:08 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2015-04-06 20:02 - 2014-11-01 11:39 - 00001890 _____ () C:\Users\hmaur_000.BEN-PC\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Spotify.lnk
2015-04-05 19:38 - 2012-03-18 15:53 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2015-04-05 14:10 - 2012-11-22 20:56 - 00000000 ____D () C:\Users\Ben\AppData\Local\CrashDumps
2015-04-05 14:09 - 2014-07-27 18:26 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\FileZilla FTP Client
2015-04-05 14:08 - 2015-03-01 15:08 - 00001163 _____ () C:\Users\Public\Desktop\Mozilla Firefox.lnk
2015-04-05 14:08 - 2015-02-22 13:20 - 00001175 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2015-04-03 19:48 - 2015-02-28 16:17 - 00000000 ____D () C:\Users\Ben\AppData\Roaming\vlc
2015-03-28 16:20 - 2015-03-01 15:08 - 00000719 _____ () C:\Users\Public\Desktop\CCleaner.lnk
 
==================== Files in the root of some directories =======
 
2014-01-25 15:20 - 2014-04-11 23:04 - 14883840 _____ (LastPass) C:\Program Files (x86)\Common Files\lpuninstall.exe
2015-04-10 17:47 - 2015-04-23 20:42 - 0000020 _____ () C:\Users\Ben\AppData\Roaming\appdataFr3.bin
2011-09-08 00:27 - 2015-03-18 21:12 - 0000382 _____ () C:\Users\Ben\AppData\Roaming\com.richardwang.FluffyApp.plist
2013-03-30 21:06 - 2013-03-30 21:06 - 1065984 _____ () C:\Users\Ben\AppData\Local\file__0.localstorage
2014-05-29 20:10 - 2014-05-29 20:10 - 0001751 _____ () C:\Users\Ben\AppData\Local\recently-used.xbel
2013-08-30 18:02 - 2015-04-20 18:18 - 0007601 _____ () C:\Users\Ben\AppData\Local\Resmon.ResmonCfg
2012-11-27 19:16 - 2012-11-27 19:16 - 0000003 _____ () C:\Users\Ben\AppData\Local\updater.log
2012-11-27 19:16 - 2013-11-23 20:30 - 0000059 _____ () C:\Users\Ben\AppData\Local\UserProducts.xml
2014-04-09 18:19 - 2014-04-09 18:19 - 0000000 ____H () C:\ProgramData\DP45977C.lfl
2012-10-28 20:23 - 2012-11-05 21:42 - 0000193 _____ () C:\ProgramData\Microsoft.SqlServer.Compact.351.64.bc
2012-04-05 19:38 - 2012-04-05 20:13 - 0000469 _____ () C:\ProgramData\Microsoft.SqlServer.Compact.400.32.bc
 
Some content of TEMP:
====================
C:\Users\Ben\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpckezxi.dll
C:\Users\Ben\AppData\Local\Temp\Quarantine.exe
C:\Users\Ben\AppData\Local\Temp\sqlite3.dll
 
 
==================== Bamital & volsnap Check =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
 
 
LastRegBack: 2015-04-20 06:02
 
==================== End Of Log ============================


#11 nasdaq

nasdaq

  • Malware Response Team
  • 39,567 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:11:46 AM

Posted 24 April 2015 - 10:14 AM

When I used Firefox to redownload Chrome I saw "DiscountExt" (or something similar) in the extension list. I removed it.

Good choice.
===


Nothing suspicious just a cleanup.

Open notepad (Start =>All Programs => Accessories => Notepad). Please copy the entire contents of the code box below.
start

CloseProcesses:

ShortcutTarget: BB_FuturePress_GameStop_MiniGuide.pdf.lnk -> C:\ProgramData\{ed5b755c-bea7-212f-ed5b-b755cbead572}\BB_FuturePress_GameStop_MiniGuide.pdf.exe (No File)
ShortcutTarget: ToggleHiddenFiles.exe - Shortcut.lnk -> E:\Users\Ben\Documents\Toggle HF\ToggleHiddenFiles.exe (No File)
FF Plugin-x32: @playon.tv/PlayOnToolbar -> C:\Program Files (x86)\MediaMall\toolbar\npVT.dll No File
S2 MediaMall Server; "C:\Program Files (x86)\MediaMall\MediaMallServer.exe" [X]
C:\Users\Ben\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpckezxi.dll

End
Save the files as fixlist.txt into the same folder as FRST

Run FRST and click Fix only once and wait.

Restart the computer normally to reset the registry.

The tool will create a log Fixlog.txt please post it to your reply.
===

If all is well.

To learn more about how to protect yourself while on the internet read this little guide best security practices keep safe.
http://www.bleepingcomputer.com/forums/t/407147/answers-to-common-security-questions-best-practices/
===

#12 benexclaimed

benexclaimed
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:10:46 AM

Posted 25 April 2015 - 03:23 PM

So far so good again. Thanks! 

 

I'm fairly certain my trouble started with this file: "BB_FuturePress_GameStop_MiniGuide.pdf.lnk". I used a download service and stupidly double clicked a PDF that actually had an EXE extension. I noticed this keeps appearing in your fixlist text -- does this mean it isn't going away?

 

Here's the log:

 

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 22-04-2015 01

Ran by Ben at 2015-04-25 15:20:55 Run:3
Running from F:\Users\Ben\Downloads
Loaded Profiles: Ben (Available profiles: Ben & Mcx1-BEN-PC & hmaur_000 & DefaultAppPool)
Boot Mode: Normal
==============================================
 
Content of fixlist:
*****************
start
 
CloseProcesses:
 
ShortcutTarget: BB_FuturePress_GameStop_MiniGuide.pdf.lnk -> C:\ProgramData\{ed5b755c-bea7-212f-ed5b-b755cbead572}\BB_FuturePress_GameStop_MiniGuide.pdf.exe (No File)
ShortcutTarget: ToggleHiddenFiles.exe - Shortcut.lnk -> E:\Users\Ben\Documents\Toggle HF\ToggleHiddenFiles.exe (No File)
FF Plugin-x32: @playon.tv/PlayOnToolbar -> C:\Program Files (x86)\MediaMall\toolbar\npVT.dll No File
S2 MediaMall Server; "C:\Program Files (x86)\MediaMall\MediaMallServer.exe" [X]
C:\Users\Ben\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpckezxi.dll
 
End
*****************
 
Processes closed successfully.
C:\ProgramData\{ed5b755c-bea7-212f-ed5b-b755cbead572}\BB_FuturePress_GameStop_MiniGuide.pdf.exe not found.
E:\Users\Ben\Documents\Toggle HF\ToggleHiddenFiles.exe not found.
"HKLM\Software\Wow6432Node\MozillaPlugins\@playon.tv/PlayOnToolbar" => Key deleted successfully.
MediaMall Server => Service deleted successfully.
C:\Users\Ben\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpckezxi.dll => Moved successfully.
 
 
The system needed a reboot. 
 
==== End of Fixlog 15:20:59 ====


#13 nasdaq

nasdaq

  • Malware Response Team
  • 39,567 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:11:46 AM

Posted 26 April 2015 - 07:31 AM

C:\ProgramData\{ed5b755c-bea7-212f-ed5b-b755cbead572}\BB_FuturePress_GameStop_MiniGuide.pdf.exe not found.


The process was not found in the registry.

If this folder in bold is present in your computer delete it.
C:\ProgramData\{ed5b755c-bea7-212f-ed5b-b755cbead572}

How is the computer running now?

#14 benexclaimed

benexclaimed
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:10:46 AM

Posted 26 April 2015 - 10:36 AM

Folder was not present. No issues over the past couple of days, though that was the case a couple of times and it seems to come back. Hopefully the Chrome uninstall is going to prevent that, though.

 

Thanks!



#15 nasdaq

nasdaq

  • Malware Response Team
  • 39,567 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:11:46 AM

Posted 26 April 2015 - 12:49 PM

If all is well.

To learn more about how to protect yourself while on the internet read this little guide best security practices keep safe.
http://www.bleepingcomputer.com/forums/t/407147/answers-to-common-security-questions-best-practices/
===

p.s.
I will keep this topic open for a few days.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users