Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Maine Turnpike Authority Phishing Scam Virus [Closed]

Started by plante , Aug 15 2014 04:15 PM

  • This topic is locked This topic is locked

#1
plante
Posted 15 August 2014 - 04:15 PM

plante

    Member

  • Member
  • PipPip
  • 63 posts

Hello!  We received an email that our payment method needed to be updated at the MTA.  Our credit card had just expired so we clicked on the link.  As soon as my husband reached the site, that looked like the MTA, a virus pop-up came up from AVG and he closed the site.  Since then, my husband receives emails several times a day from the Email Delivery System that say "Warning: message 1X(always the same, then a variation in the letters and numbers that follow) for example: IOfS-0005BD-OM delayed 24 (or 48,72) hrs.  Different variations all day.  When he rebooted the computer, the User Account Control keeps popping up, asking if he will allow an unknown publisher to modify the program UpdateFlashPlayer_(then a variation of letters and numbers that vary every time) for example 40640e11.  He says no and then in about a minute it pops up again with a different sequence.

 

I tried cleaned on the default setting of cccleaner, no change.  After running OTL, got the following report:

 

OTL logfile created on: 8/15/2014 5:19:32 PM - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Isaiah\Downloads
64bit- Home Premium Edition  (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
 
3.68 Gb Total Physical Memory | 1.63 Gb Available Physical Memory | 44.27% Memory free
7.35 Gb Paging File | 4.16 Gb Available in Paging File | 56.53% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 451.07 Gb Total Space | 195.87 Gb Free Space | 43.42% Space Free | Partition Type: NTFS
Drive E: | 968.25 Mb Total Space | 729.28 Mb Free Space | 75.32% Space Free | Partition Type: FAT
 
Computer Name: DELLSTUDIO17 | User Name: Isaiah | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - File not found --
PRC - [2014/08/15 17:18:40 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Isaiah\Downloads\OTL.exe
PRC - [2014/08/13 10:00:08 | 000,375,296 | ---- | M] () -- C:\Users\Isaiah\AppData\Local\Temp\UpdateFlashPlayer_b6d7836f.exe
PRC - [2014/08/13 09:41:53 | 000,375,296 | ---- | M] () -- C:\Users\Isaiah\AppData\Local\Temp\UpdateFlashPlayer_c9679ef6.exe
PRC - [2014/08/12 07:37:44 | 000,307,412 | ---- | M] () -- C:\Users\Isaiah\AppData\Local\Temp\UpdateFlashPlayer_eaeca3a2.exe
PRC - [2014/08/11 17:46:59 | 000,305,701 | ---- | M] () -- C:\Users\Isaiah\AppData\Local\Temp\UpdateFlashPlayer_d10f5fbd.exe
PRC - [2014/08/11 16:39:13 | 000,306,353 | ---- | M] () -- C:\Users\Isaiah\AppData\Local\Temp\UpdateFlashPlayer_f6864052.exe
PRC - [2014/08/11 16:37:28 | 002,640,408 | ---- | M] () -- C:\Program Files (x86)\AVG Secure Search\vprot.exe
PRC - [2014/08/11 16:37:28 | 001,820,184 | ---- | M] (AVG Secure Search) -- C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\18.1.9\ToolbarUpdater.exe
PRC - [2014/08/11 16:37:28 | 000,159,768 | ---- | M] () -- C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\18.1.9\loggingserver.exe
PRC - [2014/08/11 09:56:33 | 000,305,828 | ---- | M] () -- C:\Users\Isaiah\AppData\Local\Temp\UpdateFlashPlayer_b2f30712.exe
PRC - [2014/08/11 07:34:13 | 000,305,828 | ---- | M] () -- C:\Users\Isaiah\AppData\Local\Temp\UpdateFlashPlayer_2f9d6e57.exe
PRC - [2014/08/05 14:58:18 | 001,957,784 | ---- | M] (APN) -- C:\Program Files (x86)\AskPartnerNetwork\Toolbar\Updater\TBNotifier.exe
PRC - [2014/07/30 14:16:51 | 000,275,568 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe
PRC - [2014/07/10 19:23:28 | 002,640,152 | ---- | M] (Trusteer Ltd.) -- C:\Program Files (x86)\Trusteer\Rapport\bin\RapportService.exe
PRC - [2014/07/10 19:23:28 | 001,886,488 | ---- | M] (Trusteer Ltd.) -- C:\Program Files (x86)\Trusteer\Rapport\bin\RapportMgmtService.exe
PRC - [2014/07/09 21:12:13 | 001,869,488 | ---- | M] (Adobe Systems, Inc.) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_14_0_0_145.exe
PRC - [2014/06/23 19:58:10 | 000,165,784 | ---- | M] (APN LLC.) -- C:\Program Files (x86)\AskPartnerNetwork\Toolbar\apnmcp.exe
PRC - [2014/06/17 12:18:53 | 000,230,792 | ---- | M] (Google Inc.) -- C:\Program Files (x86)\Google\Update\1.3.24.15\GoogleCrashHandler.exe
PRC - [2014/04/17 21:07:28 | 004,672,920 | ---- | M] (Akamai Technologies, Inc.) -- C:\Users\Isaiah\AppData\Local\Akamai\netsession_win.exe
PRC - [2013/10/10 15:25:58 | 001,056,264 | R--- | M] (Carbonite, Inc.) -- C:\Program Files (x86)\Carbonite\Carbonite Backup\CarboniteUI.exe
PRC - [2013/06/26 19:21:50 | 000,207,528 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
PRC - [2013/06/26 19:21:46 | 000,523,944 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
PRC - [2012/08/01 04:48:54 | 002,345,592 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG10\avgtray.exe
PRC - [2012/05/14 15:10:58 | 001,156,968 | ---- | M] (Intuit Inc.) -- C:\Program Files (x86)\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe
PRC - [2012/05/14 15:09:32 | 001,178,984 | ---- | M] (Intuit Inc.) -- C:\Program Files (x86)\Intuit\QuickBooks 2011\QBW32.EXE
PRC - [2012/05/14 14:07:42 | 000,045,056 | ---- | M] (Intuit) -- C:\Program Files (x86)\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe
PRC - [2012/01/31 16:02:52 | 007,391,072 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe
PRC - [2011/06/30 13:25:52 | 001,248,256 | ---- | M] (Intuit Inc.) -- C:\Program Files (x86)\Common Files\Intuit\DataProtect\QBIDPService.exe
PRC - [2011/02/25 10:46:22 | 000,249,648 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE
PRC - [2011/02/10 07:55:18 | 001,148,256 | ---- | M] () -- C:\Program Files (x86)\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSMonitor.exe
PRC - [2011/02/08 05:33:42 | 000,269,520 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG10\avgwdsvc.exe
PRC - [2011/02/08 05:32:42 | 000,750,432 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG10\avgam.exe
PRC - [2010/10/12 14:56:40 | 000,979,328 | ---- | M] (SEIKO EPSON CORPORATION) -- C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe
PRC - [2010/08/20 16:53:08 | 000,689,472 | ---- | M] (SoftThinks SAS) -- C:\Program Files (x86)\Dell DataSafe Local Backup\SftService.exe
PRC - [2010/02/09 14:34:00 | 001,807,680 | ---- | M] () -- C:\Program Files (x86)\Dell DataSafe Online\DataSafeOnline.exe
PRC - [2009/12/29 17:35:38 | 000,140,520 | ---- | M] (CyberLink Corp.) -- C:\Program Files (x86)\CyberLink\PowerDVD DX\PDVDDXSrv.exe
PRC - [2009/10/15 04:10:28 | 000,498,160 | ---- | M] () -- C:\Program Files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe
PRC - [2009/10/01 00:01:32 | 002,320,920 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
PRC - [2009/10/01 00:01:30 | 000,268,824 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
PRC - [2009/06/24 17:21:38 | 000,409,744 | ---- | M] (Creative Technology Ltd) -- C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe
PRC - [2009/06/09 10:11:14 | 000,155,648 | ---- | M] (Stardock Corporation) -- C:\Program Files\Dell\DellDock\DockLogin.exe
PRC - [2009/05/21 09:59:08 | 000,206,064 | ---- | M] (SupportSoft, Inc.) -- C:\Program Files (x86)\Dell Support Center\bin\sprtsvc.exe
PRC - [2009/05/21 09:59:08 | 000,206,064 | ---- | M] (SupportSoft, Inc.) -- C:\Program Files (x86)\Dell Support Center\bin\sprtcmd.exe
PRC - [2009/01/08 08:36:42 | 002,521,464 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\Updater6\Adobe_Updater.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2014/08/13 10:00:08 | 000,375,296 | ---- | M] () -- C:\Users\Isaiah\AppData\Local\Temp\UpdateFlashPlayer_b6d7836f.exe
MOD - [2014/08/13 09:41:53 | 000,375,296 | ---- | M] () -- C:\Users\Isaiah\AppData\Local\Temp\UpdateFlashPlayer_c9679ef6.exe
MOD - [2014/08/12 07:37:44 | 000,307,412 | ---- | M] () -- C:\Users\Isaiah\AppData\Local\Temp\UpdateFlashPlayer_eaeca3a2.exe
MOD - [2014/08/11 17:46:59 | 000,305,701 | ---- | M] () -- C:\Users\Isaiah\AppData\Local\Temp\UpdateFlashPlayer_d10f5fbd.exe
MOD - [2014/08/11 16:39:13 | 000,306,353 | ---- | M] () -- C:\Users\Isaiah\AppData\Local\Temp\UpdateFlashPlayer_f6864052.exe
MOD - [2014/08/11 16:37:30 | 000,693,784 | ---- | M] () -- C:\Program Files (x86)\Common Files\AVG Secure Search\NativeBrowserApi\18.1.9\NativeBrowserApi.dll
MOD - [2014/08/11 16:37:30 | 000,519,704 | ---- | M] () -- C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\18.1.9\log4cplusU.dll
MOD - [2014/08/11 16:37:28 | 002,640,408 | ---- | M] () -- C:\Program Files (x86)\AVG Secure Search\vprot.exe
MOD - [2014/08/11 09:56:33 | 000,305,828 | ---- | M] () -- C:\Users\Isaiah\AppData\Local\Temp\UpdateFlashPlayer_b2f30712.exe
MOD - [2014/08/11 07:34:13 | 000,305,828 | ---- | M] () -- C:\Users\Isaiah\AppData\Local\Temp\UpdateFlashPlayer_2f9d6e57.exe
MOD - [2014/07/30 14:16:49 | 003,800,688 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\mozjs.dll
MOD - [2014/07/09 21:12:12 | 017,029,808 | ---- | M] () -- C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_14_0_0_145.dll
MOD - [2014/07/06 10:18:54 | 001,404,120 | ---- | M] () -- C:\ProgramData\Trusteer\Rapport\store\exts\RapportMS\baseline\RapportMS.dll
MOD - [2014/03/23 17:04:20 | 000,557,056 | ---- | M] () -- C:\Program Files (x86)\Trusteer\Rapport\bin\js32.dll
MOD - [2014/02/12 20:58:32 | 000,073,544 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2014/02/12 20:58:10 | 001,044,808 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
MOD - [2013/08/09 08:26:25 | 000,382,464 | ---- | M] () -- C:\Program Files (x86)\Intuit\QuickBooks 2011\FtuEngine.DLL
MOD - [2013/08/09 08:26:25 | 000,092,672 | ---- | M] () -- C:\Program Files (x86)\Intuit\QuickBooks 2011\Webification.DLL
MOD - [2013/02/14 04:46:19 | 001,840,640 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Web.Services\9e64c6dea847aec2685eec4da29ea9b0\System.Web.Services.ni.dll
MOD - [2013/02/14 04:46:03 | 012,433,920 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\05682429807d34d6ff05a77ea153935f\System.Windows.Forms.ni.dll
MOD - [2013/01/10 05:21:28 | 002,295,296 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Core\7d3a95d2123d5a7982a451f1319fab8d\System.Core.ni.dll
MOD - [2013/01/10 05:21:23 | 000,997,888 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Management\ee4683cbfd60ee35d95e2e6d32fc3981\System.Management.ni.dll
MOD - [2013/01/10 05:17:54 | 000,368,128 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\0aeaf4f1629dbe8eafc8f47b1795b18a\PresentationFramework.Aero.ni.dll
MOD - [2013/01/10 05:17:12 | 014,325,760 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\36b839247bd1d22a7fd014a74abe9729\PresentationFramework.ni.dll
MOD - [2013/01/10 05:16:48 | 001,592,832 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\e2ee5d77ebe0bd025e7a7a317a43d677\System.Drawing.ni.dll
MOD - [2013/01/10 05:16:44 | 000,060,928 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\UIAutomationProvider\930ad5bf14fdb7600756c8b8b11f4373\UIAutomationProvider.ni.dll
MOD - [2013/01/10 05:16:42 | 012,218,880 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationCore\549690bfac66934b7c7fd5cf8b120b7c\PresentationCore.ni.dll
MOD - [2013/01/10 05:16:29 | 003,325,952 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\82a4c4666ad83c3a375210247e69646b\WindowsBase.ni.dll
MOD - [2013/01/10 05:16:21 | 005,453,312 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\816e1f3b6d8812d4ae88c13e12192412\System.Xml.ni.dll
MOD - [2013/01/10 05:16:16 | 000,971,264 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\96a3b737db1e72adaf32d2b350e50c23\System.Configuration.ni.dll
MOD - [2013/01/10 05:16:14 | 007,974,400 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\c54750e64ba10d0fb7b6a636fb3695ca\System.ni.dll
MOD - [2013/01/10 05:15:37 | 011,490,816 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\b0b8554c05f194f546a8ed531320760b\mscorlib.ni.dll
MOD - [2012/05/14 15:10:38 | 000,101,224 | ---- | M] () -- C:\Program Files (x86)\Intuit\QuickBooks 2011\ReportBridge.DLL
MOD - [2012/05/14 15:10:26 | 000,125,800 | ---- | M] () -- C:\Program Files (x86)\Intuit\QuickBooks 2011\QBMAPILibrary.dll
MOD - [2012/05/14 15:10:22 | 000,020,840 | ---- | M] () -- C:\Program Files (x86)\Intuit\QuickBooks 2011\QBCompressor.DLL
MOD - [2012/05/14 15:10:20 | 000,069,992 | ---- | M] () -- C:\Program Files (x86)\Intuit\QuickBooks 2011\QB2WPFBridge.dll
MOD - [2012/05/14 15:10:10 | 000,042,344 | ---- | M] () -- C:\Program Files (x86)\Intuit\QuickBooks 2011\mbpopup.dll
MOD - [2012/05/14 15:10:08 | 000,093,032 | ---- | M] () -- C:\Program Files (x86)\Intuit\QuickBooks 2011\IPDWidgetInterop.dll
MOD - [2012/05/14 15:10:06 | 000,070,504 | ---- | M] () -- C:\Program Files (x86)\Intuit\QuickBooks 2011\IPDWidgetBridge.DLL
MOD - [2012/05/14 15:10:02 | 000,057,704 | ---- | M] () -- C:\Program Files (x86)\Intuit\QuickBooks 2011\htmlhelper.dll
MOD - [2012/05/14 15:09:42 | 000,176,488 | ---- | M] () -- C:\Program Files (x86)\Intuit\QuickBooks 2011\boost_serialization-vc90-mt-p-1_33.dll
MOD - [2012/05/14 15:09:40 | 000,268,648 | ---- | M] () -- C:\Program Files (x86)\Intuit\QuickBooks 2011\boost_regex-vc90-mt-p-1_33.dll
MOD - [2012/05/14 15:09:38 | 000,348,008 | ---- | M] () -- C:\Program Files (x86)\Intuit\QuickBooks 2011\BackupLib.dll
MOD - [2011/02/10 07:55:18 | 001,148,256 | ---- | M] () -- C:\Program Files (x86)\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSMonitor.exe
MOD - [2010/02/09 14:34:00 | 001,807,680 | ---- | M] () -- C:\Program Files (x86)\Dell DataSafe Online\DataSafeOnline.exe
MOD - [2010/02/09 14:34:00 | 000,275,776 | ---- | M] () -- C:\Program Files (x86)\Dell DataSafe Online\SdbShared.dll
MOD - [2010/02/09 14:34:00 | 000,152,896 | ---- | M] () -- C:\Program Files (x86)\Dell DataSafe Online\SdbShared.XmlSerializers.dll
MOD - [2010/02/09 14:34:00 | 000,095,552 | ---- | M] () -- C:\Program Files (x86)\Dell DataSafe Online\SdbUI.dll
MOD - [2010/02/09 14:34:00 | 000,058,688 | ---- | M] () -- C:\Program Files (x86)\Dell DataSafe Online\BalloonWindow.dll
MOD - [2010/02/09 14:34:00 | 000,017,728 | ---- | M] () -- C:\Program Files (x86)\Dell DataSafe Online\CppUtils.dll
MOD - [2009/10/15 04:10:28 | 000,498,160 | ---- | M] () -- C:\Program Files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe
MOD - [2005/07/19 23:18:00 | 000,059,904 | ---- | M] () -- C:\Program Files (x86)\Intuit\QuickBooks 2011\zlib1.dll
 
 
========== Services (SafeList) ==========
 
SRV:64bit: - [2013/10/10 15:12:18 | 007,627,784 | R--- | M] (Carbonite, Inc. (www.carbonite.com)) [Auto | Running] -- C:\Program Files\Carbonite\Carbonite Backup\CarboniteService.exe -- (CarboniteService)
SRV:64bit: - [2013/09/06 13:32:06 | 000,288,776 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Program Files\McAfee Security Scan\3.8.130\McCHSvc.exe -- (McComponentHostService)
SRV:64bit: - [2011/06/09 14:01:00 | 000,555,392 | ---- | M] (SEIKO EPSON CORPORATION) [Auto | Running] -- C:\Program Files\EPSON\EpsonCustomerParticipation\EPCP.exe -- (EpsonCustomerParticipation)
SRV:64bit: - [2010/01/20 16:10:00 | 000,244,736 | ---- | M] (IDT, Inc.) [Auto | Running] -- C:\Windows\SysNative\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_0057cbec48a2d7cf\stacsv64.exe -- (STacSV)
SRV:64bit: - [2009/12/16 09:16:30 | 000,048,128 | ---- | M] (Dell Inc.) [Auto | Running] -- C:\Program Files\Dell\DW WLAN Card\WLTRYSVC.EXE -- (wltrysvc)
SRV:64bit: - [2009/07/13 21:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2009/06/09 10:11:14 | 000,155,648 | ---- | M] (Stardock Corporation) [Auto | Running] -- C:\Program Files\Dell\DellDock\DockLogin.exe -- (DockLoginService)
SRV:64bit: - [2009/03/02 14:42:00 | 000,089,600 | ---- | M] (Andrea Electronics Corporation) [Auto | Running] -- C:\Windows\SysNative\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_0057cbec48a2d7cf\AESTSr64.exe -- (AESTFilters)
SRV:64bit: - [2007/02/12 04:43:00 | 000,065,536 | ---- | M] (O2Micro International) [Auto | Running] -- C:\Windows\SysNative\drivers\o2flash.exe -- (O2FLASH)
SRV - [2014/08/11 16:37:28 | 001,820,184 | ---- | M] (AVG Secure Search) [Auto | Running] -- C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\18.1.9\ToolbarUpdater.exe -- (vToolbarUpdater18.1.9)
SRV - [2014/07/30 14:16:50 | 000,119,408 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2014/07/10 19:23:28 | 001,886,488 | ---- | M] (Trusteer Ltd.) [Auto | Running] -- C:\Program Files (x86)\Trusteer\Rapport\bin\RapportMgmtService.exe -- (RapportMgmtService)
SRV - [2014/07/09 21:12:14 | 000,262,320 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2014/06/23 19:58:10 | 000,165,784 | ---- | M] (APN LLC.) [Auto | Running] -- C:\Program Files (x86)\AskPartnerNetwork\Toolbar\apnmcp.exe -- (APNMCP)
SRV - [2013/10/23 09:15:08 | 000,172,192 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2013/06/26 19:21:50 | 000,207,528 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe -- (sftvsa)
SRV - [2013/06/26 19:21:46 | 000,523,944 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe -- (sftlist)
SRV - [2012/05/14 14:07:42 | 000,045,056 | ---- | M] (Intuit) [Auto | Running] -- C:\Program Files (x86)\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe -- (QBCFMonitorService)
SRV - [2012/01/31 16:02:52 | 007,391,072 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files (x86)\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe -- (AVGIDSAgent)
SRV - [2011/11/10 09:17:31 | 000,167,264 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files (x86)\AVG\AVG10\Toolbar\ToolbarBroker.exe -- (AVG Security Toolbar Service)
SRV - [2011/06/30 13:25:52 | 001,248,256 | ---- | M] (Intuit Inc.) [Auto | Running] -- C:\Program Files (x86)\Common Files\Intuit\DataProtect\QBIDPService.exe -- (QBVSS)
SRV - [2011/02/28 18:44:14 | 000,183,560 | ---- | M] (Microsoft Corporation.) [On_Demand | Stopped] -- C:\Program Files (x86)\Microsoft\BingBar\BBSvc.EXE -- (BBSvc)
SRV - [2011/02/25 10:46:22 | 000,249,648 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE -- (SeaPort)
SRV - [2011/02/08 05:33:42 | 000,269,520 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files (x86)\AVG\AVG10\avgwdsvc.exe -- (avgwd)
SRV - [2010/08/20 16:53:08 | 000,689,472 | ---- | M] (SoftThinks SAS) [Auto | Running] -- C:\Program Files (x86)\Dell DataSafe Local Backup\SftService.exe -- (SftService)
SRV - [2010/07/15 23:13:43 | 000,016,680 | ---- | M] (Citrix Online, a division of Citrix Systems, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\Citrix\GoToAssist\514\g2aservice.exe -- (GoToAssist)
SRV - [2010/03/18 14:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010/01/20 16:10:00 | 000,244,736 | ---- | M] (IDT, Inc.) [Auto | Running] -- C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_0057cbec48a2d7cf\STacSV64.exe -- (STacSV)
SRV - [2009/10/01 00:01:32 | 002,320,920 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe -- (UNS)
SRV - [2009/10/01 00:01:30 | 000,268,824 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe -- (LMS)
SRV - [2009/07/23 21:10:38 | 000,061,440 | ---- | M] (Intuit Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Intuit\QuickBooks\FCS\Intuit.QuickBooks.FCS.exe -- (QBFCService)
SRV - [2009/06/10 17:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2009/06/05 20:07:28 | 000,250,616 | ---- | M] (WildTangent, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\WildTangent\Dell Games\Dell Game Console\GameConsoleService.exe -- (GameConsoleService)
SRV - [2009/05/21 09:59:08 | 000,206,064 | ---- | M] (SupportSoft, Inc.) [Auto | Running] -- C:\Program Files (x86)\Dell Support Center\bin\sprtsvc.exe -- (sprtsvc_DellSupportCenter)
SRV - [2009/03/02 14:42:00 | 000,089,600 | ---- | M] (Andrea Electronics Corporation) [Auto | Running] -- C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_0057cbec48a2d7cf\AESTSr64.exe -- (AESTFilters)
SRV - [2007/05/31 17:11:54 | 000,443,784 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\WindowsMobile\wcescomm.dll -- (WcesComm)
SRV - [2007/05/31 17:11:46 | 000,225,672 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\WindowsMobile\rapimgr.dll -- (RapiMgr)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - [2014/08/11 16:37:31 | 000,050,976 | ---- | M] (AVG Technologies) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avgtpx64.sys -- (avgtp)
DRV:64bit: - [2014/07/10 19:23:38 | 000,358,616 | ---- | M] (Trusteer Ltd.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\RapportKE64.sys -- (RapportKE64)
DRV:64bit: - [2013/11/06 11:45:46 | 000,073,216 | ---- | M] (Silicon Laboratories) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\silabser.sys -- (silabser)
DRV:64bit: - [2013/11/06 11:45:46 | 000,027,336 | ---- | M] (Silicon Laboratories) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\silabenm.sys -- (silabenm)
DRV:64bit: - [2013/07/25 16:53:46 | 000,023,040 | ---- | M] (Apple Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\netaapl64.sys -- (Netaapl)
DRV:64bit: - [2013/06/26 19:21:50 | 000,023,208 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftvollh.sys -- (Sftvol)
DRV:64bit: - [2013/06/26 19:21:48 | 000,028,840 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftredirlh.sys -- (Sftredir)
DRV:64bit: - [2013/06/26 19:21:46 | 000,273,576 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftplaylh.sys -- (Sftplay)
DRV:64bit: - [2013/06/26 19:21:44 | 000,767,144 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftfslh.sys -- (Sftfs)
DRV:64bit: - [2013/02/12 10:02:24 | 000,019,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usb8023x.sys -- (usb_rndisx)
DRV:64bit: - [2012/12/13 14:50:36 | 000,054,784 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64)
DRV:64bit: - [2012/11/12 05:47:46 | 000,312,160 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avgldx64.sys -- (Avgldx64)
DRV:64bit: - [2012/08/21 14:01:20 | 000,033,240 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2012/03/01 02:54:38 | 000,022,896 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2011/06/30 15:57:42 | 000,013,120 | ---- | M] (Pro Softnet Crop provider) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\RemotePCHelpDesk.sys -- (RemotePCHelpDesk)
DRV:64bit: - [2011/05/27 19:05:26 | 000,118,864 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AVGIDSDriver.sys -- (AVGIDSDriver)
DRV:64bit: - [2011/04/05 00:59:54 | 000,377,936 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avgtdia.sys -- (Avgtdia)
DRV:64bit: - [2011/03/16 16:03:18 | 000,037,456 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\avgrkx64.sys -- (Avgrkx64)
DRV:64bit: - [2011/03/11 02:22:41 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011/03/11 02:22:40 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2011/03/01 14:25:18 | 000,041,552 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\Windows\SysNative\drivers\avgmfx64.sys -- (Avgmfx64)
DRV:64bit: - [2011/02/22 08:12:46 | 000,026,704 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\AVGIDSEH.sys -- (AVGIDSEH)
DRV:64bit: - [2011/02/10 07:53:34 | 000,029,264 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AVGIDSFilter.sys -- (AVGIDSFilter)
DRV:64bit: - [2010/07/16 01:44:51 | 000,109,056 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\sdbus.sys -- (sdbus)
DRV:64bit: - [2010/03/31 10:47:10 | 010,322,848 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)
DRV:64bit: - [2010/02/26 11:32:14 | 000,158,976 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Impcd.sys -- (Impcd)
DRV:64bit: - [2010/02/03 01:38:32 | 000,271,872 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\IntcDAud.sys -- (IntcDAud)
DRV:64bit: - [2010/01/20 16:10:00 | 000,505,856 | ---- | M] (IDT, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\stwrt64.sys -- (STHDA)
DRV:64bit: - [2010/01/14 07:59:52 | 000,304,176 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SynTP.sys -- (SynTP)
DRV:64bit: - [2009/12/16 09:16:20 | 000,022,520 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\bcm42rly.sys -- (BCM42RLY)
DRV:64bit: - [2009/12/16 09:16:14 | 003,053,560 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\BCMWL664.SYS -- (BCM43XX)
DRV:64bit: - [2009/11/13 02:42:52 | 000,074,272 | ---- | M] (O2Micro ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\o2mdgx64.sys -- (O2MDGRDR)
DRV:64bit: - [2009/09/17 16:54:54 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (HECIx64)
DRV:64bit: - [2009/09/17 14:33:00 | 000,023,912 | ---- | M] (ST Microelectronics) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Acceler.sys -- (Acceler)
DRV:64bit: - [2009/08/20 12:05:06 | 000,239,616 | ---- | M] (Realtek                                            ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2009/07/13 21:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/13 21:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/13 21:47:48 | 000,077,888 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2009/07/13 21:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/07/13 20:39:20 | 000,023,040 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\WSDPrint.sys -- (WSDPrintDevice)
DRV:64bit: - [2009/07/13 20:35:37 | 000,025,088 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\WSDScan.sys -- (WSDScan)
DRV:64bit: - [2009/07/09 04:00:00 | 000,055,280 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\PxHlpa64.sys -- (PxHlpa64)
DRV:64bit: - [2009/06/15 14:06:42 | 000,172,704 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\CtClsFlt.sys -- (CtClsFlt)
DRV:64bit: - [2009/06/10 16:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 16:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 16:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 16:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2006/11/01 12:51:00 | 000,151,656 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WimFltr.sys -- (WimFltr)
DRV - [2014/07/28 17:11:14 | 000,631,128 | ---- | M] () [Kernel | System | Running] -- C:\ProgramData\Trusteer\Rapport\store\exts\RapportCerberus\baseline\RapportCerberus64_69875.sys -- (RapportCerberus_69875)
DRV - [2014/07/10 19:23:38 | 000,414,296 | ---- | M] (Trusteer Ltd.) [Kernel | System | Running] -- C:\Program Files (x86)\Trusteer\Rapport\bin\x64\RapportPG64.sys -- (RapportPG64)
DRV - [2014/07/10 19:23:38 | 000,299,736 | ---- | M] (Trusteer Ltd.) [Kernel | System | Running] -- C:\Program Files (x86)\Trusteer\Rapport\bin\x64\RapportEI64.sys -- (RapportEI64)
DRV - [2009/07/13 21:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
DRV - [2002/04/15 10:21:10 | 000,030,720 | ---- | M] () [Kernel | System | Running] -- C:\Program Files (x86)\Common Files\Autodesk Shared\GIS\ImportExport\2.0\null.dll -- (Null)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0D27E54B-747F-4A12-9445-14DDEE88339C}
IE:64bit: - HKLM\..\SearchScopes\{0D27E54B-747F-4A12-9445-14DDEE88339C}: "URL" = http://www.bing.com/...rc=IE-SearchBox
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = {E184A77E-6398-42D9-B934-551C43026200}
IE - HKLM\..\SearchScopes\{E184A77E-6398-42D9-B934-551C43026200}: "URL" = http://www.bing.com/...rc=IE-SearchBox
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/USCON/1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.bing.com/...UGO&form=ZGAPHP
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Restore = http://g.msn.com/USCON/1
IE - HKCU\..\URLSearchHook: {00000000-6E41-4FD3-8538-502F5495E5FC} - SOFTWARE\Classes\CLSID\{00000000-6E41-4FD3-8538-502F5495E5FC}\InprocServer32 File not found
IE - HKCU\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - No CLSID value found
IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKCU\..\SearchScopes\{57BE1FB1-D6F2-4BE6-BE8D-386E34C114CE}: "URL" = http://websearch.ask...94-5067A2D4CADF
IE - HKCU\..\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}: "URL" = http://isearch.avg.com/search?cid={AAE5314A-7F88-4262-A25F-329E68AED4DD}&mid=d8a9d6b82b65a80ebca44f2f87cf65bf-0d66df40ef3fdea07c8e26474b906d04a24817a0&lang=us&ds=AVG&pr=pa&d=2011-12-08 06:32:42&v=15.3.0.11&pid=avg&sg=0&sap=dsp&q={searchTerms}
IE - HKCU\..\SearchScopes\{D5042721-6DFD-85DD-AD1C-6B852F3F6275}: "URL" = http://www.bing.com/...UGO&form=ZGAIDF
IE - HKCU\..\SearchScopes\{E184A77E-6398-42D9-B934-551C43026200}: "URL" = http://www.bing.com/...rc=IE-SearchBox
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local;<local>
 
========== FireFox ==========
 
FF - prefs.js..browser.search.defaultengine: "Ask.com"
FF - prefs.js..browser.search.defaultenginename: "Ask Search"
FF - prefs.js..browser.search.defaulturl: "http://www.bing.com/...TDF&PC=WLEM&q="
FF - prefs.js..browser.search.order.1: "Ask.com"
FF - prefs.js..browser.search.selectedEngine: "Ask Search"
FF - prefs.js..browser.search.suggest.enabled: false
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "www.yahoo.com"
FF - prefs.js..extensions.enabledAddons: %7B195A3098-0BD5-4e90-AE22-BA1C540AFD1E%7D:4.1.0
FF - prefs.js..extensions.enabledAddons: %7Ba0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7%7D:20131118
FF - prefs.js..extensions.enabledAddons: %7Bf13b157f-b174-47e7-a34d-4815ddfdfeb8%7D:0.9.89
FF - prefs.js..extensions.enabledAddons: %7BE6C1199F-E687-42da-8C24-E7770CC3AE66%7D:2.0.4
FF - prefs.js..extensions.enabledAddons: avg%40toolbar:18.1.9.786
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:31.0
FF - prefs.js..extensions.enabledItems: {a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}:20111107
FF - prefs.js..extensions.enabledItems: [email protected]:1.2
FF - prefs.js..extensions.enabledItems: {1E73965B-8B48-48be-9C8D-68B920ABC1C4}:10.0.0.1416
FF - prefs.js..extensions.enabledItems: avg@toolbar:10.0.0.7
FF - user.js - File not found
 
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_14_0_0_145.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.7.2: C:\Windows\system32\npDeployJava1.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.7.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_14_0_0_145.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:  File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin: C:\Program Files (x86)\Common Files\AVG Secure Search\SiteSafetyInstaller\18.1.9\\npsitesafety.dll File not found
FF - HKLM\Software\MozillaPlugins\@garmin.com/GpsControl: C:\Program Files (x86)\Garmin GPS Plugin\npGarmin.dll (GARMIN Corp.)
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.65.2: C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.65.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@mcafee.com/McAfeeMssPlugin: C:\Program Files\McAfee Security Scan\3.8.130\npMcAfeeMss.dll (McAfee, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MIF5BA~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Isaiah\AppData\Local\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Isaiah\AppData\Local\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{1E73965B-8B48-48be-9C8D-68B920ABC1C4}: C:\Program Files (x86)\AVG\AVG10\Firefox4\ [2013/04/10 09:14:06 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\avg@toolbar: C:\ProgramData\AVG Secure Search\FireFoxExt\18.1.9.786\ [2014/08/11 16:40:28 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 31.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 31.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2014/06/18 09:26:30 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 31.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 31.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2014/06/18 09:26:30 | 000,000,000 | ---D | M]
 
[2010/07/20 22:07:27 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Isaiah\AppData\Roaming\Mozilla\Extensions
[2014/08/06 11:31:31 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Isaiah\AppData\Roaming\Mozilla\Firefox\Profiles\pqvjg8a6.default\extensions
[2013/11/20 08:00:39 | 000,000,000 | ---D | M] (Garmin Communicator) -- C:\Users\Isaiah\AppData\Roaming\Mozilla\Firefox\Profiles\pqvjg8a6.default\extensions\{195A3098-0BD5-4e90-AE22-BA1C540AFD1E}
[2013/11/26 09:44:57 | 000,000,000 | ---D | M] (WOT) -- C:\Users\Isaiah\AppData\Roaming\Mozilla\Firefox\Profiles\pqvjg8a6.default\extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}
[2011/02/19 09:51:32 | 000,000,000 | ---D | M] (Search Toolbar) -- C:\Users\Isaiah\AppData\Roaming\Mozilla\Firefox\Profiles\pqvjg8a6.default\extensions\[email protected]
[2014/08/06 10:07:16 | 000,656,866 | ---- | M] () (No name found) -- C:\Users\Isaiah\AppData\Roaming\Mozilla\Firefox\Profiles\pqvjg8a6.default\extensions\[email protected]
[2014/08/06 11:31:31 | 000,521,957 | ---- | M] () (No name found) -- C:\Users\Isaiah\AppData\Roaming\Mozilla\Firefox\Profiles\pqvjg8a6.default\extensions\[email protected]
[2014/02/05 09:24:42 | 000,024,626 | ---- | M] () (No name found) -- C:\Users\Isaiah\AppData\Roaming\Mozilla\Firefox\Profiles\pqvjg8a6.default\extensions\{E6C1199F-E687-42da-8C24-E7770CC3AE66}.xpi
[2012/03/24 19:48:14 | 000,210,138 | ---- | M] () (No name found) -- C:\Users\Isaiah\AppData\Roaming\Mozilla\Firefox\Profiles\pqvjg8a6.default\extensions\{f13b157f-b174-47e7-a34d-4815ddfdfeb8}.xpi
[2014/07/29 11:03:10 | 000,002,553 | ---- | M] () -- C:\Users\Isaiah\AppData\Roaming\Mozilla\Firefox\Profiles\pqvjg8a6.default\searchplugins\ask-search.xml
[2012/05/04 15:40:46 | 000,002,333 | ---- | M] () -- C:\Users\Isaiah\AppData\Roaming\Mozilla\Firefox\Profiles\pqvjg8a6.default\searchplugins\askcom.xml
[2011/02/19 09:51:33 | 000,001,919 | ---- | M] () -- C:\Users\Isaiah\AppData\Roaming\Mozilla\Firefox\Profiles\pqvjg8a6.default\searchplugins\bing-zugo.xml
[2010/12/03 14:07:53 | 000,001,832 | ---- | M] () -- C:\Users\Isaiah\AppData\Roaming\Mozilla\Firefox\Profiles\pqvjg8a6.default\searchplugins\bing.xml
[2014/06/18 09:26:28 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2014/06/18 09:26:28 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA}
[2014/06/18 09:26:27 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\browser\extensions
[2014/07/30 14:16:53 | 000,000,000 | ---D | M] (Default) -- C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2014/08/11 16:40:28 | 000,000,000 | ---D | M] (AVG Security Toolbar) -- C:\PROGRAMDATA\AVG SECURE SEARCH\FIREFOXEXT\18.1.9.786
 
========== Chrome  ==========
 
CHR - default_search_provider: AVG Secure Search (Enabled)
CHR - default_search_provider: search_url = http://isearch.avg.com/search?cid={AAE5314A-7F88-4262-A25F-329E68AED4DD}&mid=d8a9d6b82b65a80ebca44f2f87cf65bf-0d66df40ef3fdea07c8e26474b906d04a24817a0&lang=us&ds=AVG&pr=pa&d=2011-12-08 06:32:42&v=15.3.0.11&pid=avg&sg=0&sap=dsp&q={searchTerms}
CHR - default_search_provider: suggest_url = http://toolbar.avg.c...archTerms}&o=1,
CHR - homepage: http://isearch.avg.com/?cid={AAE5314A-7F88-4262-A25F-329E68AED4DD}&mid=d8a9d6b82b65a80ebca44f2f87cf65bf-0d66df40ef3fdea07c8e26474b906d04a24817a0&lang=us&ds=AVG&pr=pa&d=2011-12-08 06:32:42&v=18.1.9.786&pid=avg&sg=0&sap=hp
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\Isaiah\AppData\Local\Google\Chrome\Application\34.0.1847.116\gcswf32.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Users\Isaiah\AppData\Local\Google\Chrome\Application\34.0.1847.116\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\Isaiah\AppData\Local\Google\Chrome\Application\34.0.1847.116\pdf.dll
CHR - plugin: AVG Internet Security (Enabled) = C:\Users\Isaiah\AppData\Local\Google\Chrome\User Data\Default\Extensions\jmfkcklnlgedgbglfkkgedjfmejoahla\10.0.0.1409_0\plugins/avgnpss.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll
CHR - plugin: Java Deployment Toolkit 6.0.300.12 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
CHR - plugin: Java™ Platform SE 6 U30 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin7.dll
CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~2\MIF5BA~1\Office14\NPSPWRAP.DLL
CHR - plugin: Garmin Communicator Plug-In (Enabled) = C:\Program Files (x86)\Garmin GPS Plugin\npGarmin.dll
CHR - plugin: Google Earth Plugin (Enabled) = C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.99\npGoogleUpdate3.dll
CHR - plugin: Windows Live™ Photo Gallery (Enabled) = C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files (x86)\Microsoft Silverlight\4.0.60831.0\npctrl.dll
CHR - plugin: Default Plug-in (Enabled) = default_plugin
CHR - Extension: YouTube = C:\Users\Isaiah\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0\
CHR - Extension: Google Search = C:\Users\Isaiah\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0\
CHR - Extension: AVG Safe Search = C:\Users\Isaiah\AppData\Local\Google\Chrome\User Data\Default\Extensions\jmfkcklnlgedgbglfkkgedjfmejoahla\10.0.0.1409_0\
CHR - Extension: Google Wallet = C:\Users\Isaiah\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.1_0\
CHR - Extension: Gmail = C:\Users\Isaiah\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_1\
 
O1 HOSTS File: ([2009/06/10 17:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG10\avgssiea.dll (AVG Technologies CZ, s.r.o.)
O2:64bit: - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2:64bit: - BHO: (Ask Shopping Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\AskPartnerNetwork\Toolbar\ORJ\Passport_x64.dll (APN LLC.)
O2:64bit: - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (MSS+ Identifier) - {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} - C:\Program Files\McAfee Security Scan\3.8.130\McAfeeMSS_IE.dll (McAfee, Inc.)
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG10\avgssie.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (AVG Security Toolbar) - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG Secure Search\18.1.9.786\AVG Secure Search_toolbar.dll (AVG Secure Search)
O2 - BHO: (Search Toolbar) - {9D425283-D487-4337-BAB6-AB8354A81457} - C:\Program Files (x86)\Search Toolbar\SearchToolbar.dll ()
O2 - BHO: (Skype add-on for Internet Explorer) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (Bing Bar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
O2 - BHO: (Ask Shopping Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\AskPartnerNetwork\Toolbar\ORJ\Passport.dll (APN LLC.)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O3:64bit: - HKLM\..\Toolbar: (Ask Shopping Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\AskPartnerNetwork\Toolbar\ORJ\Passport_x64.dll (APN LLC.)
O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKLM\..\Toolbar: (Bing Bar) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
O3 - HKLM\..\Toolbar: (AVG Security Toolbar) - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG Secure Search\18.1.9.786\AVG Secure Search_toolbar.dll (AVG Secure Search)
O3 - HKLM\..\Toolbar: (Search Toolbar) - {9D425283-D487-4337-BAB6-AB8354A81457} - C:\Program Files (x86)\Search Toolbar\SearchToolbar.dll ()
O3 - HKLM\..\Toolbar: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No CLSID value found.
O3 - HKLM\..\Toolbar: (Ask Shopping Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\AskPartnerNetwork\Toolbar\ORJ\Passport.dll (APN LLC.)
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (Search Toolbar) - {9D425283-D487-4337-BAB6-AB8354A81457} - C:\Program Files (x86)\Search Toolbar\SearchToolbar.dll ()
O3:64bit: - HKCU\..\Toolbar\WebBrowser: (Ask Shopping Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\AskPartnerNetwork\Toolbar\ORJ\Passport_x64.dll (APN LLC.)
O3 - HKCU\..\Toolbar\WebBrowser: (Ask Shopping Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\AskPartnerNetwork\Toolbar\ORJ\Passport.dll (APN LLC.)
O4:64bit: - HKLM..\Run: [Broadcom Wireless Manager UI] C:\Program Files\Dell\DW WLAN Card\WLTRAY.EXE (Dell Inc.)
O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [Logitech Download Assistant] C:\Windows\SysNative\LogiLDA.dll (Logitech, Inc.)
O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [QuickSet] C:\Program Files\Dell\QuickSet\quickset.exe (Dell Inc.)
O4:64bit: - HKLM..\Run: [SysTrayApp] C:\Program Files\IDT\WDM\sttray64.exe (IDT, Inc.)
O4:64bit: - HKLM..\Run: [Windows Mobile Device Center] C:\Windows\WindowsMobile\wmdc.exe (Microsoft Corporation)
O4 - HKLM..\Run: [ApnTBMon] C:\Program Files (x86)\AskPartnerNetwork\Toolbar\Updater\TBNotifier.exe (APN)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [AVG_TRAY] C:\Program Files (x86)\AVG\AVG10\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [Carbonite Backup] C:\Program Files (x86)\Carbonite\Carbonite Backup\CarboniteUI.exe (Carbonite, Inc.)
O4 - HKLM..\Run: [Dell DataSafe Online] C:\Program Files (x86)\Dell DataSafe Online\DataSafeOnline.exe ()
O4 - HKLM..\Run: [Dell Webcam Central] C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe (Creative Technology Ltd)
O4 - HKLM..\Run: [DellSupportCenter] C:\Program Files (x86)\Dell Support Center\bin\sprtcmd.exe (SupportSoft, Inc.)
O4 - HKLM..\Run: [Desktop Disc Tool] c:\Program Files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe ()
O4 - HKLM..\Run: [EEventManager] C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe (SEIKO EPSON CORPORATION)
O4 - HKLM..\Run: [FUFAXRCV] C:\Program Files (x86)\Epson Software\FAX Utility\FUFAXRCV.exe (SEIKO EPSON CORPORATION)
O4 - HKLM..\Run: [FUFAXSTM] C:\Program Files (x86)\Epson Software\FAX Utility\FUFAXSTM.exe (SEIKO EPSON CORPORATION)
O4 - HKLM..\Run: [Intuit SyncManager] C:\Program Files (x86)\Common Files\Intuit\Sync\IntuitSyncManager.exe (Intuit Inc. All rights reserved.)
O4 - HKLM..\Run: [LTCM Client] C:\Program Files (x86)\LTCM Client\ltcmClient.exe (Leader Technologies Inc.)
O4 - HKLM..\Run: [PDVDDXSrv] C:\Program Files (x86)\CyberLink\PowerDVD DX\PDVDDXSrv.exe (CyberLink Corp.)
O4 - HKLM..\Run: [vProt] C:\Program Files (x86)\AVG Secure Search\vprot.exe ()
O4 - HKCU..\Run: [Akamai NetSession Interface] C:\Users\Isaiah\AppData\Local\Akamai\netsession_win.exe (Akamai Technologies, Inc.)
O4 - HKCU..\Run: [EPLTarget\P0000000000000000] C:\Windows\system32\spool\DRIVERS\x64\3\E_YATIHVA.EXE /EPT "EPLTarget\P0000000000000000" /M "WorkForce 645" File not found
O4 - HKCU..\Run: [fdjfvowh] C:\Users\Isaiah\AppData\Local\ncsakshk.exe ()
O4 - HKCU..\Run: [jbffjmng] C:\Users\Isaiah\AppData\Local\vufontvv.exe ()
O4 - HKCU..\Run: [jpsvbbtb] C:\Users\Isaiah\AppData\Local\mnevmcsq.exe ()
O4 - HKCU..\Run: [lmkuiwqa] C:\Users\Isaiah\AppData\Local\pltlcdfj.exe ()
O4 - HKCU..\Run: [lvqcpjha] C:\Users\Isaiah\AppData\Local\fkewwvtk.exe ()
O4 - HKCU..\Run: [moqknlab] C:\Users\Isaiah\AppData\Local\mlxchjql.exe ()
O4 - HKCU..\Run: [pmbreear] C:\Users\Isaiah\AppData\Local\kuvothvh.exe ()
O4 - HKLM..\RunOnce: ["C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpdate.exe"] C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpdate.exe (Dell)
O4 - HKLM..\RunOnce: [DSUpdateLauncher] C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\hstart.exe (Dell)
O4 - HKCU..\RunOnce: [FlashPlayerUpdate] C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_14_0_0_145_Plugin.exe (Adobe Systems Incorporated)
O4 - Startup: C:\Users\Isaiah\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\Isaiah\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O9 - Extra Button: @C:\Windows\WindowsMobile\INetRepl.dll,-222 - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : @C:\Windows\WindowsMobile\INetRepl.dll,-223 - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll (Microsoft Corporation)
O9 - Extra Button: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000009 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000009 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O15 - HKCU\..Trusted Domains: localhost ([]* in Local intranet)
O16:64bit: - DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_20)
O16:64bit: - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 10.7.2)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 10.65.2)
O16 - DPF: {CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_35)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 10.65.2)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{10BAE1CA-19B8-4D9A-A6CB-8F9843993830}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{C610CA4F-B83A-4F94-8136-94946BC0EC6B}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{E679E928-E231-4D71-9354-6E08173ED602}: DhcpNameServer = 172.20.10.1
O18:64bit: - Protocol\Handler\intu-help-qb4 - No CLSID value found
O18:64bit: - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG10\avgppa.dll (AVG Technologies CZ, s.r.o.)
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp\0x00000001 - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp\oledb - No CLSID value found
O18:64bit: - Protocol\Handler\ms-itss - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\mso-offdap11 - No CLSID value found
O18:64bit: - Protocol\Handler\qbwc - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18:64bit: - Protocol\Handler\skype-ie-addon-data - No CLSID value found
O18:64bit: - Protocol\Handler\viprotocol - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O18 - Protocol\Handler\intu-help-qb4 {ACE22922-D07C-4860-B51B-8CF472FEC2CB} - C:\Program Files (x86)\Intuit\QuickBooks 2011\HelpAsyncPluggableProtocol.dll (Intuit, Inc.)
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG10\avgpp.dll (AVG Technologies CZ, s.r.o.)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O18 - Protocol\Handler\viprotocol {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\18.1.9\ViProtocol.dll (AVG Secure Search)
O18:64bit: - Protocol\Filter\text/xml - No CLSID value found
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20:64bit: - Winlogon\Notify\GoToAssist: DllName - (C:\Program Files (x86)\Citrix\GoToAssist\514\G2AWinLogon_x64.dll) - C:\Program Files (x86)\Citrix\GoToAssist\514\G2AWINLOGON_X64.DLL ()
O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2012/08/05 09:51:20 | 000,000,000 | ---D | M] - C:\AutoCad -- [ NTFS ]
O32 - AutoRun File - [2014/02/24 09:36:52 | 000,000,000 | ---D | M] - C:\AutoCad Files Burn to Disc -- [ NTFS ]
O32 - AutoRun File - [2012/05/22 20:02:14 | 000,000,000 | ---D | M] - C:\Autodesk -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O34 - HKLM BootExecute: (C:\PROGRA~2\AVG\AVG10\avgchsva.exe /sync)
O34 - HKLM BootExecute: (C:\PROGRA~2\AVG\AVG10\avgrsa.exe /sync /restart)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2014/08/15 17:02:27 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
[2014/08/15 17:02:24 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner
[2014/08/13 09:42:01 | 000,000,000 | ---D | C] -- C:\Users\Isaiah\AppData\Roaming\Ybryti
[2014/08/12 07:37:46 | 000,000,000 | ---D | C] -- C:\Users\Isaiah\AppData\Roaming\Wiolico
[2014/08/11 07:34:14 | 000,000,000 | ---D | C] -- C:\Users\Isaiah\AppData\Roaming\Luedzyo
[2014/08/09 14:41:10 | 000,000,000 | ---D | C] -- C:\Users\Isaiah\AppData\Roaming\Liamevx
[2014/08/06 17:52:43 | 000,000,000 | ---D | C] -- C:\Users\Isaiah\AppData\Roaming\Reynabre
[2014/07/30 08:50:36 | 000,000,000 | ---D | C] -- C:\Users\Isaiah\AppData\Roaming\Ondyys
[2014/07/29 13:46:17 | 000,000,000 | ---D | C] -- C:\Users\Isaiah\AppData\Roaming\Ytraes
[2014/07/29 10:11:27 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Java
[40 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ]
[1 C:\Users\Isaiah\Documents\*.tmp files -> C:\Users\Isaiah\Documents\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2014/08/15 17:24:06 | 000,000,898 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2014/08/15 17:02:27 | 000,000,824 | ---- | M] () -- C:\Users\Public\Desktop\CCleaner.lnk
[2014/08/15 17:00:00 | 000,000,912 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-928644344-3032971394-1657302220-1001UA.job
[2014/08/15 17:00:00 | 000,000,808 | ---- | M] () -- C:\Windows\tasks\Security Center Update - 3360333312.job
[2014/08/15 16:45:43 | 000,000,000 | ---- | M] () -- C:\Users\Isaiah\AppData\Local\prvlcl.dat
[2014/08/15 16:43:52 | 000,160,768 | ---- | M] () -- C:\Users\Isaiah\AppData\Local\mnevmcsq.exe
[2014/08/15 16:36:00 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2014/08/15 16:34:43 | 000,000,894 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2014/08/15 16:30:01 | 170,427,438 | ---- | M] () -- C:\Windows\SysNative\drivers\AVG\incavi.avm
[2014/08/15 16:26:38 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2014/08/15 08:41:40 | 000,000,860 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-928644344-3032971394-1657302220-1001Core.job
[2014/08/14 23:05:41 | 000,157,696 | ---- | M] () -- C:\Users\Isaiah\AppData\Local\kuvothvh.exe
[2014/08/14 07:49:46 | 000,157,696 | ---- | M] () -- C:\Users\Isaiah\AppData\Local\mlxchjql.exe
[2014/08/13 10:05:39 | 000,014,240 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2014/08/13 10:05:39 | 000,014,240 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2014/08/13 09:00:37 | 000,002,377 | ---- | M] () -- C:\Users\Isaiah\Desktop\Google Chrome.lnk
[2014/08/12 15:47:51 | 000,159,744 | ---- | M] () -- C:\Users\Isaiah\AppData\Local\pltlcdfj.exe
[2014/08/12 15:33:40 | 001,008,944 | ---- | M] () -- C:\Windows\SysNative\drivers\AVG\iavichjg.avm
[2014/08/11 16:55:23 | 005,576,978 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2014/08/11 16:55:23 | 001,836,616 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2014/08/11 16:55:23 | 000,006,812 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2014/08/11 16:52:52 | 000,158,720 | ---- | M] () -- C:\Users\Isaiah\AppData\Local\vufontvv.exe
[2014/08/11 16:37:31 | 000,050,976 | ---- | M] (AVG Technologies) -- C:\Windows\SysNative\drivers\avgtpx64.sys
[2014/08/11 07:32:53 | 000,148,992 | ---- | M] () -- C:\Users\Isaiah\AppData\Local\ncsakshk.exe
[2014/08/11 07:25:25 | 000,000,354 | ---- | M] () -- C:\Windows\tasks\ROC_JAN2013_TB_rmv.job
[2014/08/11 07:25:21 | 000,000,350 | ---- | M] () -- C:\Windows\tasks\AVG-Secure-Search-Update_JUNE2013_TB_rmv.job
[2014/08/10 12:42:46 | 2960,560,128 | -HS- | M] () -- C:\hiberfil.sys
[2014/08/08 16:26:06 | 000,154,112 | ---- | M] () -- C:\Users\Isaiah\AppData\Local\fkewwvtk.exe
[2014/07/29 10:05:03 | 000,036,601 | ---- | M] () -- C:\Users\Isaiah\AppData\Local\mwvaelve
[2014/07/29 09:48:00 | 000,036,601 | ---- | M] () -- C:\Users\Isaiah\AppData\Local\rekvldnw
[2014/07/28 17:05:11 | 000,001,058 | ---- | M] () -- C:\Users\Isaiah\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
[2014/07/28 17:04:43 | 000,001,028 | ---- | M] () -- C:\Users\Isaiah\Desktop\Dropbox.lnk
[40 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ]
[1 C:\Users\Isaiah\Documents\*.tmp files -> C:\Users\Isaiah\Documents\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2014/08/15 17:02:27 | 000,000,824 | ---- | C] () -- C:\Users\Public\Desktop\CCleaner.lnk
[2014/08/15 16:43:52 | 000,160,768 | ---- | C] () -- C:\Users\Isaiah\AppData\Local\mnevmcsq.exe
[2014/08/14 23:05:41 | 000,157,696 | ---- | C] () -- C:\Users\Isaiah\AppData\Local\kuvothvh.exe
[2014/08/14 07:49:46 | 000,157,696 | ---- | C] () -- C:\Users\Isaiah\AppData\Local\mlxchjql.exe
[2014/08/12 15:47:51 | 000,159,744 | ---- | C] () -- C:\Users\Isaiah\AppData\Local\pltlcdfj.exe
[2014/08/11 16:52:52 | 000,158,720 | ---- | C] () -- C:\Users\Isaiah\AppData\Local\vufontvv.exe
[2014/08/11 07:32:53 | 000,148,992 | ---- | C] () -- C:\Users\Isaiah\AppData\Local\ncsakshk.exe
[2014/08/09 14:41:10 | 000,000,808 | ---- | C] () -- C:\Windows\tasks\Security Center Update - 3360333312.job
[2014/08/08 16:26:06 | 000,154,112 | ---- | C] () -- C:\Users\Isaiah\AppData\Local\fkewwvtk.exe
[2014/07/29 10:05:03 | 000,036,601 | ---- | C] () -- C:\Users\Isaiah\AppData\Local\mwvaelve
[2014/07/29 09:48:00 | 000,036,601 | ---- | C] () -- C:\Users\Isaiah\AppData\Local\rekvldnw
[2014/06/21 15:33:58 | 000,000,017 | ---- | C] () -- C:\Windows\SysWow64\shortcut_ex.dat
[2014/06/06 15:53:28 | 065,204,224 | ---- | C] () -- C:\Users\Isaiah\Blackstone Consultants, Inc. (Backup Jun 06,2014  03 53 PM).QBB
[2013/05/20 20:26:35 | 000,003,728 | ---- | C] () -- C:\Program Files (x86)\Mozilla Firefoxavg-secure-search.xml
[2013/03/13 14:28:05 | 031,858,688 | ---- | C] () -- C:\Users\Isaiah\Blackstone Consultants, Inc. (Backup Mar 13,2013  02 26 PM).QBB
[2011/11/13 20:05:07 | 000,007,605 | ---- | C] () -- C:\Users\Isaiah\AppData\Local\resmon.resmoncfg
[2011/07/22 17:50:55 | 000,000,000 | ---- | C] () -- C:\Users\Isaiah\AppData\Local\{069D41F3-E8C5-410A-A7D1-83840257C269}
[2011/02/19 09:55:25 | 000,001,534 | ---- | C] () -- C:\ProgramData\ss.ini
[2010/09/27 10:14:23 | 000,000,000 | ---- | C] () -- C:\Users\Isaiah\AppData\Local\prvlcl.dat
[2010/07/20 17:51:04 | 000,000,094 | ---- | C] () -- C:\Users\Isaiah\AppData\Local\fusioncache.dat
 
========== ZeroAccess Check ==========
 
[2009/07/14 00:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2012/06/09 01:30:56 | 014,165,504 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012/06/09 00:46:56 | 012,868,608 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/13 21:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2009/07/13 21:15:20 | 000,605,696 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/13 21:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
 
========== LOP Check ==========
 
[2012/05/22 20:29:04 | 000,000,000 | ---D | M] -- C:\Users\Isaiah\AppData\Roaming\Autodesk
[2010/11/19 18:43:55 | 000,000,000 | ---D | M] -- C:\Users\Isaiah\AppData\Roaming\AVG10
[2010/10/24 16:07:45 | 000,000,000 | ---D | M] -- C:\Users\Isaiah\AppData\Roaming\AVG9
[2014/08/11 07:27:09 | 000,000,000 | ---D | M] -- C:\Users\Isaiah\AppData\Roaming\Dropbox
[2012/01/09 22:04:36 | 000,000,000 | ---D | M] -- C:\Users\Isaiah\AppData\Roaming\Epson
[2012/05/05 12:40:51 | 000,000,000 | ---D | M] -- C:\Users\Isaiah\AppData\Roaming\GARMIN
[2011/12/08 07:29:19 | 000,000,000 | ---D | M] -- C:\Users\Isaiah\AppData\Roaming\Leader Technologies
[2011/12/07 16:33:29 | 000,000,000 | ---D | M] -- C:\Users\Isaiah\AppData\Roaming\Leadertech
[2014/08/10 12:45:01 | 000,000,000 | ---D | M] -- C:\Users\Isaiah\AppData\Roaming\Liamevx
[2014/08/11 07:34:14 | 000,000,000 | ---D | M] -- C:\Users\Isaiah\AppData\Roaming\Luedzyo
[2014/07/30 08:51:48 | 000,000,000 | ---D | M] -- C:\Users\Isaiah\AppData\Roaming\Ondyys
[2010/10/08 07:56:46 | 000,000,000 | ---D | M] -- C:\Users\Isaiah\AppData\Roaming\PDF Writer
[2014/08/06 17:52:43 | 000,000,000 | ---D | M] -- C:\Users\Isaiah\AppData\Roaming\Reynabre
[2011/04/21 21:37:19 | 000,000,000 | ---D | M] -- C:\Users\Isaiah\AppData\Roaming\Smart PDF Converter
[2014/06/21 15:32:04 | 000,000,000 | ---D | M] -- C:\Users\Isaiah\AppData\Roaming\SoftGrid Client
[2010/09/17 20:47:56 | 000,000,000 | ---D | M] -- C:\Users\Isaiah\AppData\Roaming\TP
[2010/07/20 19:56:44 | 000,000,000 | ---D | M] -- C:\Users\Isaiah\AppData\Roaming\WildTangent
[2014/08/12 07:37:46 | 000,000,000 | ---D | M] -- C:\Users\Isaiah\AppData\Roaming\Wiolico
[2014/08/13 09:42:01 | 000,000,000 | ---D | M] -- C:\Users\Isaiah\AppData\Roaming\Ybryti
[2014/07/29 13:46:17 | 000,000,000 | ---D | M] -- C:\Users\Isaiah\AppData\Roaming\Ytraes
 
========== Purity Check ==========
 
 

< End of report >
 

 

Thank you for your help!  I have gotten great help in the past and always know where to come!

 

Karen


  • 0

Advertisements

#2
plante
Posted 16 August 2014 - 08:35 AM

plante

    Member

  • Topic Starter
  • Member
  • PipPip
  • 63 posts

Hello again!  A few more details from starting up this morning.  AVG poppped up wiht numerous files to quarentine- all variations on C:USERS\ISAIAH\APPDATA\LOCAL\TEMP\UPDATEFLASHPLAYER_then a varying sequence of numbers and letters.  Threat name: IDP.Trojan.5ED7CA5D.  Category: Trojan, a know trojan..  Also saw- Threat detected, C:\USERS\ISAIAH\APPDATA\LOCAL\WSXGXKJQ.EXE.  Had it quarentine all of those files.  Finally, saw Threat Removal complete C:\USERS\ISAIAH\APPDATA\LOCAL\VUFONTVV.EXE.

 

But the pop-ups just keep continuing.

 

Thank you!


  • 0

#3
Naathim
Posted 16 August 2014 - 09:52 AM

Naathim

    GeekU Minion

  • Expert
  • 4,568 posts

Minion%20Welcome.jpg


My name's Naathim and I'm a GeekU Minion! Now that we are mates and will be working together to clean your machine out of any junkware, feel free to call me Naat :)

Before we start please note the following:

icon_arrow.gif Analysis and research take some time, also sometimes real life gets in the way, please be patient.
icon_arrow.gif Limit your internet access to posting here, some infections just wait to steal typed-in passwords.
icon_arrow.gif Don't run any scripts or tools on your own, unsupervised usage may cause more harm than good.
icon_arrow.gif Paste the logs in your posts, attachments make my work harder and more complicated.
icon_arrow.gif Stay with me to the end, the absence of symtoms doesn't mean that your machine is fully operational.
icon_arrow.gif Note that we may live in totally different time zones, what may cause some delays between answers.

icon_idea.gif I can't foresee everything, so if anything unexpected happens, please stop and inform me!
icon_idea.gif There are no silly questions. Never be afraid to ask if in doubt!

Let's start and enjoy the fight! :)


FRST.gif Scan with Farbar Recovery Scan Tool

Please download Farbar Recovery Scan Tool x64 and save it to your Desktop.

  • Right-click on FRST.gif icon and select RunAsAdmin.jpg Run as Administrator to start the tool.
    > Windows 8 users will be prompted about Windows SmartScreen protection - click More information and Run.
  • When the tool opens click Yes to disclaimer.
  • Make sure that Addition option is checked.
  • Press Scan button and wait.
  • The tool will produce two logfiles on your desktop: FRST.txt and Addition.txt.

Please include their content in your next reply.


aswMBR.png Scan with aswMBR

Please download aswMBR by Avast! & Gmer and save it to your desktop.
Temporary disable your AntiVirus and AntiSpyware protection - instructions here.

  • Right-click on the aswMBR.png icon and select RunAsAdmin.jpg Run as Administrator to start the tool.
  • Allow virtualisation if offered.
  • If you are prompted to download the latest anti-virus definitions from avast!, click No.
  • Select Scan.
  • Upon completion, you will see Scan finished successfully. Click Save log.

Do NOT click Fix or FixMBR!
A file (MBR.dat) will be created on your desktop. Do NOT click or delete it!

Copy the contents of the logfile ans paste in into your next reply.
Do not forget to re-enable your previously switched-off protection software


  • 0

#4
plante
Posted 16 August 2014 - 04:22 PM

plante

    Member

  • Topic Starter
  • Member
  • PipPip
  • 63 posts

Hi Naat,

 

Thank you for your help with this!  Here are the results of the scans:

 

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 16-08-2014 04
Ran by Isaiah (administrator) on DELLSTUDIO17 on 16-08-2014 18:06:06
Running from C:\Users\Isaiah\Downloads
Platform: Windows 7 Home Premium (X64) OS Language: English (United States)
Internet Explorer Version 8
Boot Mode: Normal

The only official download link for FRST:
Download link for 32-Bit version: http://www.bleepingc...can-tool/dl/81/
Download link for 64-Bit Version: http://www.bleepingc...can-tool/dl/82/
Download link from any site other than Bleeping Computer is unpermitted or outdated.
See tutorial for FRST: http://www.geekstogo...very-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG10\avgchsva.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG10\avgrsa.exe
(Trusteer Ltd.) C:\Program Files (x86)\Trusteer\Rapport\bin\RapportMgmtService.exe
(IDT, Inc.) C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_0057cbec48a2d7cf\stacsv64.exe
(Stardock Corporation) C:\Program Files\Dell\DellDock\DockLogin.exe
(Dell Inc.) C:\Program Files\Dell\DW WLAN Card\WLTRYSVC.EXE
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Dell Inc.) C:\Program Files\Dell\DW WLAN Card\BCMWLTRY.EXE
(Andrea Electronics Corporation) C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_0057cbec48a2d7cf\AESTSr64.exe
(APN LLC.) C:\Program Files (x86)\AskPartnerNetwork\Toolbar\apnmcp.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG10\avgwdsvc.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Carbonite, Inc. (www.carbonite.com)) C:\Program Files\Carbonite\Carbonite Backup\CarboniteService.exe
(SEIKO EPSON CORPORATION) C:\Program Files\EPSON\EpsonCustomerParticipation\EPCP.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(Microsoft Corporation) C:\Program Files (x86)\Common Files\microsoft shared\VS7DEBUG\MDM.EXE
(O2Micro International) C:\Windows\System32\drivers\o2flash.exe
(Intuit) C:\Program Files (x86)\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe
(Intuit Inc.) C:\Program Files (x86)\Common Files\Intuit\DataProtect\QBIDPService.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE
(SoftThinks SAS) C:\Program Files (x86)\Dell DataSafe Local Backup\SftService.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
(AVG Secure Search) C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\18.1.9\ToolbarUpdater.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
() C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\18.1.9\loggingserver.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG10\avgam.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG10\avgnsa.exe
(Microsoft Corporation) C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG10\avgcsrva.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.24.15\GoogleCrashHandler.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.24.15\GoogleCrashHandler64.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG10\avgrsa.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG10\avgcsrva.exe
(Trusteer Ltd.) C:\Program Files (x86)\Trusteer\Rapport\bin\RapportService.exe
() C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpd.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(IDT, Inc.) C:\Program Files\IDT\WDM\sttray64.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Dell Inc.) C:\Program Files\Dell\QuickSet\quickset.exe
(Dell Inc.) C:\Program Files\Dell\DW WLAN Card\WLTRAY.EXE
(Microsoft Corporation) C:\Windows\WindowsMobile\wmdc.exe
(Microsoft Corporation) C:\Windows\System32\MRT.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Microsoft Corporation) C:\Windows\System32\consent.exe
(Akamai Technologies, Inc.) C:\Users\Isaiah\AppData\Local\Akamai\netsession_win.exe
(SEIKO EPSON CORPORATION) C:\Windows\System32\spool\drivers\x64\3\E_YATIHVA.EXE
(Akamai Technologies, Inc.) C:\Users\Isaiah\AppData\Local\Akamai\netsession_win.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Microsoft Corporation) C:\Windows\SysWOW64\svchost.exe
(McAfee, Inc.) C:\Program Files\McAfee Security Scan\3.8.130\SSScheduler.exe
(Intuit Inc.) C:\Program Files (x86)\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe
(Intuit Inc.) C:\Program Files (x86)\Intuit\QuickBooks 2011\QBW32.EXE
() C:\Program Files (x86)\Dell DataSafe Online\DataSafeOnline.exe
(Dropbox, Inc.) C:\Users\Isaiah\AppData\Roaming\Dropbox\bin\Dropbox.exe
(CyberLink Corp.) C:\Program Files (x86)\CyberLink\PowerDVD DX\PDVDDXSrv.exe
(Creative Technology Ltd) C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe
() C:\Program Files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe
(SupportSoft, Inc.) C:\Program Files (x86)\Dell Support Center\bin\sprtcmd.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG10\avgtray.exe
(SEIKO EPSON CORPORATION) C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe
() C:\Program Files (x86)\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSMonitor.exe
() C:\Program Files (x86)\AVG Secure Search\vprot.exe
(Carbonite, Inc.) C:\Program Files (x86)\Carbonite\Carbonite Backup\CarboniteUI.exe
(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe
(APN) C:\Program Files (x86)\AskPartnerNetwork\Toolbar\Updater\TBNotifier.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Microsoft Corporation) C:\Windows\SysWOW64\svchost.exe
(Microsoft Corporation) C:\Windows\System32\consent.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [1909032 2010-01-14] (Synaptics Incorporated)
HKLM\...\Run: [SysTrayApp] => C:\Program Files\IDT\WDM\sttray64.exe [487424 2010-01-20] (IDT, Inc.)
HKLM\...\Run: [QuickSet] => C:\Program Files\Dell\QuickSet\QuickSet.exe [3168336 2009-11-03] (Dell Inc.)
HKLM\...\Run: [Broadcom Wireless Manager UI] => C:\Program Files\Dell\DW WLAN Card\WLTRAY.exe [5470208 2009-12-16] (Dell Inc.)
HKLM\...\Run: [Windows Mobile Device Center] => C:\Windows\WindowsMobile\wmdc.exe [660360 2007-05-31] (Microsoft Corporation)
HKLM\...\Run: [Logitech Download Assistant] => C:\Windows\system32\rundll32.exe C:\Windows\System32\LogiLDA.dll,LogiFetch
HKLM\...\Run: [MRT] => C:\Windows\system32\MRT.exe [99218768 2014-08-16] (Microsoft Corporation)
HKLM-x32\...\Run: [Adobe Reader Speed Launcher] => C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe [35696 2009-02-27] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Dell DataSafe Online] => C:\Program Files (x86)\Dell DataSafe Online\DataSafeOnline.exe [1807680 2010-02-09] ()
HKLM-x32\...\Run: [PDVDDXSrv] => C:\Program Files (x86)\CyberLink\PowerDVD DX\PDVDDXSrv.exe [140520 2009-12-29] (CyberLink Corp.)
HKLM-x32\...\Run: [Dell Webcam Central] => C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe [409744 2009-06-24] (Creative Technology Ltd)
HKLM-x32\...\Run: [Desktop Disc Tool] => c:\Program Files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe [498160 2009-10-15] ()
HKLM-x32\...\Run: [DellSupportCenter] => C:\Program Files (x86)\Dell Support Center\bin\sprtcmd.exe [206064 2009-05-21] (SupportSoft, Inc.)
HKLM-x32\...\Run: [AVG_TRAY] => C:\Program Files (x86)\AVG\AVG10\avgtray.exe [2345592 2012-08-01] (AVG Technologies CZ, s.r.o.)
HKLM-x32\...\Run: [Intuit SyncManager] => C:\Program Files (x86)\Common Files\Intuit\Sync\IntuitSyncManager.exe [2215768 2011-09-30] (Intuit Inc. All rights reserved.)
HKLM-x32\...\Run: [EEventManager] => C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe [979328 2010-10-12] (SEIKO EPSON CORPORATION)
HKLM-x32\...\Run: [FUFAXRCV] => C:\Program Files (x86)\Epson Software\FAX Utility\FUFAXRCV.exe [495616 2011-03-09] (SEIKO EPSON CORPORATION)
HKLM-x32\...\Run: [FUFAXSTM] => C:\Program Files (x86)\Epson Software\FAX Utility\FUFAXSTM.exe [856064 2011-03-09] (SEIKO EPSON CORPORATION)
HKLM-x32\...\Run: [LTCM Client] => C:\Program Files (x86)\LTCM Client\ltcmClient.exe [1596096 2009-08-05] (Leader Technologies Inc.)
HKLM-x32\...\Run: [vProt] => C:\Program Files (x86)\AVG Secure Search\vprot.exe [2640408 2014-08-11] ()
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [43848 2014-02-12] (Apple Inc.)
HKLM-x32\...\Run: [Carbonite Backup] => C:\Program Files (x86)\Carbonite\Carbonite Backup\CarboniteUI.exe [1056264 2013-10-10] (Carbonite, Inc.)
HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2014-01-17] (Apple Inc.)
HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2014-02-21] (Apple Inc.)
HKLM-x32\...\Run: [ApnTBMon] => C:\Program Files (x86)\AskPartnerNetwork\Toolbar\Updater\TBNotifier.exe [1957784 2014-08-05] (APN)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [256896 2014-07-11] (Oracle Corporation)
HKLM-x32\...\RunOnce: ["C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpdate.exe"] => C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpdate.exe [560128 2010-09-26] (Dell)
HKLM-x32\...\RunOnce: [DSUpdateLauncher] => C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpd.exe [161088 2010-07-21] ()
Winlogon\Notify\GoToAssist: C:\Program Files (x86)\Citrix\GoToAssist\514\G2AWinLogon_x64.dll ()
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-928644344-3032971394-1657302220-1001\...\Run: [Google Update] => C:\Users\Isaiah\AppData\Local\Google\Update\GoogleUpdate.exe [136176 2012-02-11] (Google Inc.)
HKU\S-1-5-21-928644344-3032971394-1657302220-1001\...\Run: [Akamai NetSession Interface] => C:\Users\Isaiah\AppData\Local\Akamai\netsession_win.exe [4672920 2014-04-17] (Akamai Technologies, Inc.)
HKU\S-1-5-21-928644344-3032971394-1657302220-1001\...\Run: [EPLTarget\P0000000000000000] => C:\Windows\system32\spool\DRIVERS\x64\3\E_YATIHVA.EXE [241280 2014-07-01] (SEIKO EPSON CORPORATION)
HKU\S-1-5-21-928644344-3032971394-1657302220-1001\...\Run: [lvqcpjha] => C:\Users\Isaiah\AppData\Local\fkewwvtk.exe [154112 2014-08-08] ()
HKU\S-1-5-21-928644344-3032971394-1657302220-1001\...\Run: [fdjfvowh] => C:\Users\Isaiah\AppData\Local\ncsakshk.exe [148992 2014-08-11] ()
HKU\S-1-5-21-928644344-3032971394-1657302220-1001\...\Run: [lmkuiwqa] => C:\Users\Isaiah\AppData\Local\pltlcdfj.exe [159744 2014-08-12] ()
HKU\S-1-5-21-928644344-3032971394-1657302220-1001\...\Run: [moqknlab] => C:\Users\Isaiah\AppData\Local\mlxchjql.exe [157696 2014-08-14] ()
HKU\S-1-5-21-928644344-3032971394-1657302220-1001\...\Run: [jpsvbbtb] => C:\Users\Isaiah\AppData\Local\mnevmcsq.exe [160768 2014-08-15] ()
HKU\S-1-5-21-928644344-3032971394-1657302220-1003\...\Run: [ROC_JAN2013_TB] => C:\Program Files (x86)\AVG Secure Search\ROC_JAN2013_TB.exe [1177168 2013-01-22] ()
HKU\S-1-5-21-928644344-3032971394-1657302220-1003\...\Run: [AVG-Secure-Search-Update_JUNE2013_TB] => C:\Program Files (x86)\AVG Secure Search\AVG-Secure-Search-Update_JUNE2013_TB.exe [1266712 2013-06-03] (AVG Secure Search)
HKU\S-1-5-21-928644344-3032971394-1657302220-1003\...\RunOnce: [spchecker] => C:\Program Files (x86)\AVG\AVG10\Notification\SPCheckerTE.exe [390472 2011-05-11] ()
HKU\S-1-5-21-928644344-3032971394-1657302220-500\...\Run: [ROC_JAN2013_TB] => C:\Program Files (x86)\AVG Secure Search\ROC_JAN2013_TB.exe [1177168 2013-01-22] ()
HKU\S-1-5-21-928644344-3032971394-1657302220-500\...\Run: [AVG-Secure-Search-Update_JUNE2013_TB] => C:\Program Files (x86)\AVG Secure Search\AVG-Secure-Search-Update_JUNE2013_TB.exe [1266712 2013-06-03] (AVG Secure Search)
HKU\S-1-5-21-928644344-3032971394-1657302220-500\...\RunOnce: [spchecker] => C:\Program Files (x86)\AVG\AVG10\Notification\SPCheckerTE.exe [390472 2011-05-11] ()
Startup: C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock First Run.lnk
ShortcutTarget: Dell Dock First Run.lnk -> C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Intuit Data Protect.lnk
ShortcutTarget: Intuit Data Protect.lnk -> C:\Program Files (x86)\Common Files\Intuit\DataProtect\IntuitDataProtect.exe (Intuit Inc.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk
ShortcutTarget: McAfee Security Scan Plus.lnk -> C:\Program Files\McAfee Security Scan\3.8.130\SSScheduler.exe (McAfee, Inc.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\QuickBooks Update Agent.lnk
ShortcutTarget: QuickBooks Update Agent.lnk -> C:\Program Files (x86)\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe (Intuit Inc.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\QuickBooks_Standard_21.lnk
ShortcutTarget: QuickBooks_Standard_21.lnk -> C:\Program Files (x86)\Intuit\QuickBooks 2011\QBW32.EXE (Intuit Inc.)
Startup: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock First Run.lnk
ShortcutTarget: Dell Dock First Run.lnk -> C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation)
Startup: C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock First Run.lnk
ShortcutTarget: Dell Dock First Run.lnk -> C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation)
Startup: C:\Users\Isaiah\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk -> C:\Users\Isaiah\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
Startup: C:\Users\QBDataServiceUser\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock First Run.lnk
ShortcutTarget: Dell Dock First Run.lnk -> C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation)
ShellIconOverlayIdentifiers: AutoCAD Digital Signatures Icon Overlay Handler -> {36A21736-36C2-4C11-8ACB-D4136F2B57BD} => C:\Windows\system32\AcSignIcon.dll (Autodesk, Inc.)
ShellIconOverlayIdentifiers: Carbonite.Green -> {95A27763-F62A-4114-9072-E81D87DE3B68} => C:\Program Files\Carbonite\Carbonite Backup\CarboniteNSE.dll (Carbonite, Inc.)
ShellIconOverlayIdentifiers: Carbonite.Partial -> {E300CD91-100F-4E67-9AF3-1384A6124015} => C:\Program Files\Carbonite\Carbonite Backup\CarboniteNSE.dll (Carbonite, Inc.)
ShellIconOverlayIdentifiers: Carbonite.Yellow -> {5E529433-B50E-4bef-A63B-16A6B71B071A} => C:\Program Files\Carbonite\Carbonite Backup\CarboniteNSE.dll (Carbonite, Inc.)
ShellIconOverlayIdentifiers: DropboxExt1 -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Isaiah\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: DropboxExt2 -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Isaiah\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: DropboxExt3 -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Isaiah\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: DropboxExt4 -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Isaiah\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: AutoCAD Digital Signatures Icon Overlay Handler -> {36A21736-36C2-4C11-8ACB-D4136F2B57BD} => C:\Windows\SysWOW64\AcSignIcon.dll (Autodesk)
ShellIconOverlayIdentifiers-x32: Carbonite.Green -> {95A27763-F62A-4114-9072-E81D87DE3B68} => C:\Program Files (x86)\Carbonite\Carbonite Backup\CarboniteNSE.dll (Carbonite, Inc.)
ShellIconOverlayIdentifiers-x32: Carbonite.Partial -> {E300CD91-100F-4E67-9AF3-1384A6124015} => C:\Program Files (x86)\Carbonite\Carbonite Backup\CarboniteNSE.dll (Carbonite, Inc.)
ShellIconOverlayIdentifiers-x32: Carbonite.Yellow -> {5E529433-B50E-4bef-A63B-16A6B71B071A} => C:\Program Files (x86)\Carbonite\Carbonite Backup\CarboniteNSE.dll (Carbonite, Inc.)
ShellIconOverlayIdentifiers-x32: DropboxExt1 -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Isaiah\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: DropboxExt2 -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Isaiah\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: DropboxExt3 -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Isaiah\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll (Dropbox, Inc.)
BootExecute: autocheck autochk * C:\PROGRA~2\AVG\AVG10\avgchsva.exe /syncC:\PROGRA~2\AVG\AVG10\avgrsa.exe /sync /restart

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.bing.com/...UGO&form=ZGAPHP
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/USCON/1
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Restore = http://g.msn.com/USCON/1
URLSearchHook: HKCU - UrlSearchHook Class - {00000000-6E41-4FD3-8538-502F5495E5FC} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll No File
URLSearchHook: HKCU - (No Name) - {A3BC75A2-1F87-4686-AA43-5347D756017C} - No File
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
SearchScopes: HKCU - DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKCU - {0D27E54B-747F-4A12-9445-14DDEE88339C} URL =
SearchScopes: HKCU - {57BE1FB1-D6F2-4BE6-BE8D-386E34C114CE} URL = http://websearch.ask...94-5067A2D4CADF
SearchScopes: HKCU - {95B7759C-8C7F-4BF1-B163-73684A933233} URL = http://isearch.avg.com/search?cid={AAE5314A-7F88-4262-A25F-329E68AED4DD}&mid=d8a9d6b82b65a80ebca44f2f87cf65bf-0d66df40ef3fdea07c8e26474b906d04a24817a0&lang=us&ds=AVG&pr=pa&d=2011-12-08 06:32:42&v=15.3.0.11&pid=avg&sg=0&sap=dsp&q={searchTerms}
SearchScopes: HKCU - {D5042721-6DFD-85DD-AD1C-6B852F3F6275} URL = http://www.bing.com/...UGO&form=ZGAIDF
BHO: AVG Safe Search -> {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} -> C:\Program Files (x86)\AVG\AVG10\avgssiea.dll (AVG Technologies CZ, s.r.o.)
BHO: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Ask Shopping Toolbar -> {D4027C7F-154A-4066-A1AD-4243D8127440} -> C:\Program Files (x86)\AskPartnerNetwork\Toolbar\ORJ\Passport_x64.dll (APN LLC.)
BHO: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: MSS+ Identifier -> {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} -> C:\Program Files\McAfee Security Scan\3.8.130\McAfeeMSS_IE.dll (McAfee, Inc.)
BHO-x32: Adobe PDF Link Helper -> {18DF081C-E8AD-4283-A596-FA578C2EBDC3} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
BHO-x32: AVG Safe Search -> {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} -> C:\Program Files (x86)\AVG\AVG10\avgssie.dll (AVG Technologies CZ, s.r.o.)
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: AVG Security Toolbar -> {95B7759C-8C7F-4BF1-B163-73684A933233} -> C:\Program Files (x86)\AVG Secure Search\18.1.9.786\AVG Secure Search_toolbar.dll (AVG Secure Search)
BHO-x32: Search Toolbar -> {9D425283-D487-4337-BAB6-AB8354A81457} -> C:\Program Files (x86)\Search Toolbar\SearchToolbar.dll ()
BHO-x32: Skype add-on for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
BHO-x32: Bing Bar Helper -> {d2ce3e00-f94a-4740-988e-03dc2f38c34f} -> C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
BHO-x32: Ask Shopping Toolbar -> {D4027C7F-154A-4066-A1AD-4243D8127440} -> C:\Program Files (x86)\AskPartnerNetwork\Toolbar\ORJ\Passport.dll (APN LLC.)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKLM - Ask Shopping Toolbar - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\AskPartnerNetwork\Toolbar\ORJ\Passport_x64.dll (APN LLC.)
Toolbar: HKLM-x32 - No Name - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} -  No File
Toolbar: HKLM-x32 - Search Toolbar - {9D425283-D487-4337-BAB6-AB8354A81457} - C:\Program Files (x86)\Search Toolbar\SearchToolbar.dll ()
Toolbar: HKLM-x32 - Bing Bar - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
Toolbar: HKLM-x32 - AVG Security Toolbar - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG Secure Search\18.1.9.786\AVG Secure Search_toolbar.dll (AVG Secure Search)
Toolbar: HKLM-x32 - Ask Shopping Toolbar - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\AskPartnerNetwork\Toolbar\ORJ\Passport.dll (APN LLC.)
Toolbar: HKCU - No Name - {21FA44EF-376D-4D53-9B0F-8A89D3229068} -  No File
Toolbar: HKCU - No Name - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} -  No File
Toolbar: HKCU - No Name - {9D425283-D487-4337-BAB6-AB8354A81457} -  No File
Toolbar: HKCU - No Name - {E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} -  No File
Toolbar: HKCU - Ask Shopping Toolbar - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\AskPartnerNetwork\Toolbar\ORJ\Passport_x64.dll (APN LLC.)
Handler: intu-help-qb4 - {ACE22922-D07C-4860-B51B-8CF472FEC2CB} -  No File
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG10\avgppa.dll (AVG Technologies CZ, s.r.o.)
Handler: qbwc - {FC598A64-626C-4447-85B8-53150405FD57} -  No File
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} -  No File
Handler-x32: http\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: http\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: https\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: https\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: intu-help-qb4 - {ACE22922-D07C-4860-B51B-8CF472FEC2CB} - C:\Program Files (x86)\Intuit\QuickBooks 2011\HelpAsyncPluggableProtocol.dll (Intuit, Inc.)
Handler-x32: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG10\avgpp.dll (AVG Technologies CZ, s.r.o.)
Handler-x32: msdaipp\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: msdaipp\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: qbwc - {FC598A64-626C-4447-85B8-53150405FD57} - C:\Windows\SysWOW64\mscoree.dll (Microsoft Corporation)
Handler-x32: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Handler-x32: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\18.1.9\ViProtocol.dll (AVG Secure Search)
Filter: text/xml - {807553E5-5146-11D5-A672-00B0D022E945} -  No File
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1

FireFox:
========
FF ProfilePath: C:\Users\Isaiah\AppData\Roaming\Mozilla\Firefox\Profiles\pqvjg8a6.default
FF DefaultSearchEngine: Ask Search
FF SearchEngineOrder.1: Ask.com
FF SelectedSearchEngine: Ask Search
FF Homepage: www.yahoo.com
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_14_0_0_145.dll ()
FF Plugin: @java.com/DTPlugin,version=10.7.2 -> C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.7.2 -> C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_14_0_0_145.dll ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin -> C:\Program Files (x86)\Common Files\AVG Secure Search\SiteSafetyInstaller\18.1.9\\npsitesafety.dll No File
FF Plugin-x32: @garmin.com/GpsControl -> C:\Program Files (x86)\Garmin GPS Plugin\npGarmin.dll (GARMIN Corp.)
FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin-x32: @java.com/DTPlugin,version=10.65.2 -> C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.65.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @mcafee.com/McAfeeMssPlugin -> C:\Program Files\McAfee Security Scan\3.8.130\npMcAfeeMss.dll (McAfee, Inc.)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MIF5BA~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKCU: @tools.google.com/Google Update;version=3 -> C:\Users\Isaiah\AppData\Local\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKCU: @tools.google.com/Google Update;version=9 -> C:\Users\Isaiah\AppData\Local\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\NPOFFICE.DLL (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin2.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin3.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin4.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin5.dll (Apple Inc.)
FF SearchPlugin: C:\Users\Isaiah\AppData\Roaming\Mozilla\Firefox\Profiles\pqvjg8a6.default\searchplugins\ask-search.xml
FF SearchPlugin: C:\Users\Isaiah\AppData\Roaming\Mozilla\Firefox\Profiles\pqvjg8a6.default\searchplugins\askcom.xml
FF SearchPlugin: C:\Users\Isaiah\AppData\Roaming\Mozilla\Firefox\Profiles\pqvjg8a6.default\searchplugins\bing-zugo.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\avg-secure-search.xml
FF Extension: Search Toolbar - C:\Users\Isaiah\AppData\Roaming\Mozilla\Firefox\Profiles\pqvjg8a6.default\Extensions\[email protected] [2011-02-19]
FF Extension: Garmin Communicator - C:\Users\Isaiah\AppData\Roaming\Mozilla\Firefox\Profiles\pqvjg8a6.default\Extensions\{195A3098-0BD5-4e90-AE22-BA1C540AFD1E} [2013-11-20]
FF Extension: WOT - C:\Users\Isaiah\AppData\Roaming\Mozilla\Firefox\Profiles\pqvjg8a6.default\Extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7} [2013-11-26]
FF Extension: Ask Toolbar - C:\Users\Isaiah\AppData\Roaming\Mozilla\Firefox\Profiles\pqvjg8a6.default\Extensions\[email protected] [2014-06-24]
FF Extension: Shopping App by Ask - C:\Users\Isaiah\AppData\Roaming\Mozilla\Firefox\Profiles\pqvjg8a6.default\Extensions\[email protected] [2014-06-25]
FF Extension: QuickJava - C:\Users\Isaiah\AppData\Roaming\Mozilla\Firefox\Profiles\pqvjg8a6.default\Extensions\{E6C1199F-E687-42da-8C24-E7770CC3AE66}.xpi [2012-02-10]
FF Extension: JavaScript Debugger - C:\Users\Isaiah\AppData\Roaming\Mozilla\Firefox\Profiles\pqvjg8a6.default\Extensions\{f13b157f-b174-47e7-a34d-4815ddfdfeb8}.xpi [2012-02-10]
FF Extension: Java Console - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA} [2014-06-18]
FF HKLM-x32\...\Firefox\Extensions: [{1E73965B-8B48-48be-9C8D-68B920ABC1C4}] - C:\Program Files (x86)\AVG\AVG10\Firefox4
FF Extension: AVG Safe Search - C:\Program Files (x86)\AVG\AVG10\Firefox4 [2011-03-30]
FF HKLM-x32\...\Firefox\Extensions: [avg@toolbar] - C:\ProgramData\AVG Secure Search\FireFoxExt\18.1.9.786
FF Extension: AVG Security Toolbar - C:\ProgramData\AVG Secure Search\FireFoxExt\18.1.9.786 [2014-08-11]

Chrome:
=======
CHR HomePage: hxxp://isearch.avg.com/?cid={AAE5314A-7F88-4262-A25F-329E68AED4DD}&mid=d8a9d6b82b65a80ebca44f2f87cf65bf-0d66df40ef3fdea07c8e26474b906d04a24817a0&lang=us&ds=AVG&pr=pa&d=2011-12-08 06:32:42&v=18.1.9.786&pid=avg&sg=0&sap=hp
CHR StartupUrls: "hxxp://isearch.avg.com/?cid={AAE5314A-7F88-4262-A25F-329E68AED4DD}&mid=d8a9d6b82b65a80ebca44f2f87cf65bf-0d66df40ef3fdea07c8e26474b906d04a24817a0&lang=us&ds=AVG&pr=pa&d=2011-12-08 06:32:42&v=18.1.9.786&pid=avg&sg=0&sap=hp"
CHR DefaultSearchKeyword: isearch.avg.com
CHR DefaultSearchProvider: name
CHR DefaultSearchURL: http://isearch.avg.com/search?cid={AAE5314A-7F88-4262-A25F-329E68AED4DD}&mid=d8a9d6b82b65a80ebca44f2f87cf65bf-0d66df40ef3fdea07c8e26474b906d04a24817a0&lang=us&ds=AVG&pr=pa&d=2011-12-08 06:32:42&v=15.3.0.11&pid=avg&sg=0&sap=dsp&q={searchTerms}
CHR DefaultNewTabURL:
CHR Plugin: (Shockwave Flash) - C:\Users\Isaiah\AppData\Local\Google\Chrome\Application\34.0.1847.116\gcswf32.dll No File
CHR Plugin: (Shockwave Flash) - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll No File
CHR Plugin: (Remoting Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Users\Isaiah\AppData\Local\Google\Chrome\Application\34.0.1847.116\ppGoogleNaClPluginChrome.dll No File
CHR Plugin: (Chrome PDF Viewer) - C:\Users\Isaiah\AppData\Local\Google\Chrome\Application\34.0.1847.116\pdf.dll No File
CHR Plugin: (AVG Internet Security) - C:\Users\Isaiah\AppData\Local\Google\Chrome\User Data\Default\Extensions\jmfkcklnlgedgbglfkkgedjfmejoahla\10.0.0.1409_0\plugins/avgnpss.dll (AVG Technologies CZ, s.r.o.)
CHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll (Adobe Systems Inc.)
CHR Plugin: (Java Deployment Toolkit 6.0.300.12) - C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll No File
CHR Plugin: (Java™ Platform SE 6 U30) - C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll No File
CHR Plugin: (QuickTime Plug-in 7.6.9) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.6.9) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin2.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.6.9) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin3.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.6.9) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin4.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.6.9) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin5.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.6.9) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin6.dll No File
CHR Plugin: (QuickTime Plug-in 7.6.9) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin7.dll No File
CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~2\MIF5BA~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
CHR Plugin: (Garmin Communicator Plug-In) - C:\Program Files (x86)\Garmin GPS Plugin\npGarmin.dll (GARMIN Corp.)
CHR Plugin: (Google Earth Plugin) - C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.99\npGoogleUpdate3.dll No File
CHR Plugin: (Windows Live Photo Gallery) - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
CHR Plugin: (iTunes Application Detector) - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
CHR Plugin: (Silverlight Plug-In) - c:\Program Files (x86)\Microsoft Silverlight\4.0.60831.0\npctrl.dll No File
CHR Plugin: (Default Plug-in) - default_plugin No File
CHR Extension: (YouTube) - C:\Users\Isaiah\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2012-02-11]
CHR Extension: (Google Search) - C:\Users\Isaiah\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2012-02-11]
CHR Extension: (AVG Safe Search) - C:\Users\Isaiah\AppData\Local\Google\Chrome\User Data\Default\Extensions\jmfkcklnlgedgbglfkkgedjfmejoahla [2012-02-11]
CHR Extension: (Google Wallet) - C:\Users\Isaiah\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-08-23]
CHR Extension: (Gmail) - C:\Users\Isaiah\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2012-02-11]
CHR HKLM-x32\...\Chrome\Extension: [jmfkcklnlgedgbglfkkgedjfmejoahla] - C:\Program Files (x86)\AVG\AVG10\Chrome\safesearch.crx [2011-09-09]
CHR HKLM-x32\...\Chrome\Extension: [ndibdjnfmopecpmkdieinmbadjfpblof] - C:\ProgramData\AVG Secure Search\ChromeExt\17.3.0.49\avg.crx [2011-09-09]
CHR StartMenuInternet: Google Chrome - C:\Users\Isaiah\AppData\Local\Google\Chrome\Application\chrome.exe

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 APNMCP; C:\Program Files (x86)\AskPartnerNetwork\Toolbar\apnmcp.exe [165784 2014-06-23] (APN LLC.)
S3 AVG Security Toolbar Service; C:\Program Files (x86)\AVG\AVG10\Toolbar\ToolbarBroker.exe [167264 2011-11-10] ()
R2 AVGIDSAgent; C:\Program Files (x86)\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe [7391072 2012-01-31] (AVG Technologies CZ, s.r.o.)
R2 avgwd; C:\Program Files (x86)\AVG\AVG10\avgwdsvc.exe [269520 2011-02-08] (AVG Technologies CZ, s.r.o.)
R2 DockLoginService; C:\Program Files\Dell\DellDock\DockLogin.exe [155648 2009-06-09] (Stardock Corporation) [File not signed]
S3 McComponentHostService; C:\Program Files\McAfee Security Scan\3.8.130\McCHSvc.exe [288776 2013-09-06] (McAfee, Inc.)
R2 QBCFMonitorService; C:\Program Files (x86)\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe [45056 2012-05-14] (Intuit) [File not signed]
S3 QBFCService; C:\Program Files (x86)\Common Files\Intuit\QuickBooks\FCS\Intuit.QuickBooks.FCS.exe [61440 2009-07-23] (Intuit Inc.) [File not signed]
R2 QBVSS; C:\Program Files (x86)\Common Files\Intuit\DataProtect\QBIDPService.exe [1248256 2011-06-30] (Intuit Inc.) [File not signed]
R2 RapportMgmtService; C:\Program Files (x86)\Trusteer\Rapport\bin\RapportMgmtService.exe [1886488 2014-07-10] (Trusteer Ltd.)
R2 STacSV; C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_0057cbec48a2d7cf\STacSV64.exe [244736 2010-01-20] (IDT, Inc.)
R2 vToolbarUpdater18.1.9; C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\18.1.9\ToolbarUpdater.exe [1820184 2014-08-11] (AVG Secure Search)
R2 wltrysvc; C:\Program Files\Dell\DW WLAN Card\bcmwltry.exe [4950016 2009-12-16] (Dell Inc.) [File not signed]
S2 RHDCStarter; Ú\Dummy.exe [X]

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R3 AVGIDSDriver; C:\Windows\System32\DRIVERS\AVGIDSDriver.Sys [118864 2011-05-27] (AVG Technologies CZ, s.r.o. )
R0 AVGIDSEH; C:\Windows\System32\DRIVERS\AVGIDSEH.Sys [26704 2011-02-22] (AVG Technologies CZ, s.r.o. )
R3 AVGIDSFilter; C:\Windows\System32\DRIVERS\AVGIDSFilter.Sys [29264 2011-02-10] (AVG Technologies CZ, s.r.o. )
R1 Avgldx64; C:\Windows\System32\DRIVERS\avgldx64.sys [312160 2012-11-12] (AVG Technologies CZ, s.r.o.)
R1 Avgmfx64; C:\Windows\System32\DRIVERS\avgmfx64.sys [41552 2011-03-01] (AVG Technologies CZ, s.r.o.)
R0 Avgrkx64; C:\Windows\System32\DRIVERS\avgrkx64.sys [37456 2011-03-16] (AVG Technologies CZ, s.r.o.)
R1 Avgtdia; C:\Windows\System32\DRIVERS\avgtdia.sys [377936 2011-04-05] (AVG Technologies CZ, s.r.o.)
R1 avgtp; C:\Windows\system32\drivers\avgtpx64.sys [50976 2014-08-11] (AVG Technologies)
R1 RapportCerberus_69875; C:\ProgramData\Trusteer\Rapport\store\exts\RapportCerberus\baseline\RapportCerberus64_69875.sys [631128 2014-07-28] ()
R1 RapportEI64; C:\Program Files (x86)\Trusteer\Rapport\bin\x64\RapportEI64.sys [299736 2014-07-10] (Trusteer Ltd.)
R0 RapportKE64; C:\Windows\System32\Drivers\RapportKE64.sys [358616 2014-07-10] (Trusteer Ltd.)
R1 RapportPG64; C:\Program Files (x86)\Trusteer\Rapport\bin\x64\RapportPG64.sys [414296 2014-07-10] (Trusteer Ltd.)
R3 RemotePCHelpDesk; C:\Windows\System32\DRIVERS\RemotePCHelpDesk.sys [13120 2011-06-30] (Pro Softnet Crop provider)

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-08-16 18:06 - 2014-08-16 18:06 - 00040534 _____ () C:\Users\Isaiah\Downloads\FRST.txt
2014-08-16 18:05 - 2014-08-16 18:06 - 00000000 ____D () C:\FRST
2014-08-16 18:04 - 2014-08-16 18:05 - 02101760 _____ (Farbar) C:\Users\Isaiah\Downloads\FRST64.exe
2014-08-16 03:31 - 2014-08-16 03:31 - 00000000 _____ () C:\Windows\SysWOW64\sho76FE.tmp
2014-08-16 03:15 - 2014-08-16 03:15 - 00000000 ____D () C:\Users\Isaiah\AppData\Roaming\Uhxyzu
2014-08-16 03:00 - 2014-08-16 03:00 - 00086016 _____ () C:\Users\Isaiah\AppData\Local\pxamonqk.exe
2014-08-16 00:22 - 2014-08-16 00:22 - 00086016 _____ () C:\Users\Isaiah\AppData\Local\mssrogwi.exe
2014-08-15 18:02 - 2014-08-15 18:02 - 00000000 ____D () C:\Users\Isaiah\AppData\Roaming\Teyfpau
2014-08-15 17:58 - 2014-08-15 17:58 - 00122880 _____ () C:\Users\Isaiah\AppData\Local\blvmvngu.exe
2014-08-15 17:47 - 2014-08-16 09:36 - 00000168 _____ () C:\Windows\setupact.log
2014-08-15 17:47 - 2014-08-15 17:47 - 00000378 _____ () C:\Windows\PFRO.log
2014-08-15 17:47 - 2014-08-15 17:47 - 00000000 _____ () C:\Windows\setuperr.log
2014-08-15 17:45 - 2014-08-15 17:45 - 00145368 _____ () C:\Users\Isaiah\Desktop\OTL.Txt
2014-08-15 17:36 - 2014-08-15 17:36 - 00099396 _____ () C:\Users\Isaiah\Downloads\Extras.Txt
2014-08-15 17:33 - 2014-08-15 17:33 - 00145368 _____ () C:\Users\Isaiah\Downloads\OTL.Txt
2014-08-15 17:18 - 2014-08-15 17:18 - 00602112 _____ (OldTimer Tools) C:\Users\Isaiah\Downloads\OTL.exe
2014-08-15 17:02 - 2014-08-15 17:02 - 00002774 _____ () C:\Windows\System32\Tasks\CCleanerSkipUAC
2014-08-15 17:02 - 2014-08-15 17:02 - 00000824 _____ () C:\Users\Public\Desktop\CCleaner.lnk
2014-08-15 17:02 - 2014-08-15 17:02 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
2014-08-15 17:02 - 2014-08-15 17:02 - 00000000 ____D () C:\Program Files\CCleaner
2014-08-15 17:00 - 2014-08-15 17:00 - 04813544 _____ (Piriform Ltd) C:\Users\Isaiah\Downloads\ccsetup416.exe
2014-08-15 16:43 - 2014-08-15 16:43 - 00160768 _____ () C:\Users\Isaiah\AppData\Local\mnevmcsq.exe
2014-08-14 07:49 - 2014-08-14 07:49 - 00157696 _____ () C:\Users\Isaiah\AppData\Local\mlxchjql.exe
2014-08-13 09:42 - 2014-08-13 09:42 - 00000000 ____D () C:\Users\Isaiah\AppData\Roaming\Ybryti
2014-08-12 15:47 - 2014-08-12 15:47 - 00159744 _____ () C:\Users\Isaiah\AppData\Local\pltlcdfj.exe
2014-08-12 07:37 - 2014-08-12 07:37 - 00000000 ____D () C:\Users\Isaiah\AppData\Roaming\Wiolico
2014-08-11 07:34 - 2014-08-11 07:34 - 00000000 ____D () C:\Users\Isaiah\AppData\Roaming\Luedzyo
2014-08-11 07:32 - 2014-08-11 07:32 - 00148992 _____ () C:\Users\Isaiah\AppData\Local\ncsakshk.exe
2014-08-09 14:41 - 2014-08-16 18:00 - 00000808 _____ () C:\Windows\Tasks\Security Center Update - 3360333312.job
2014-08-09 14:41 - 2014-08-10 12:45 - 00000000 ____D () C:\Users\Isaiah\AppData\Roaming\Liamevx
2014-08-09 14:41 - 2014-08-09 14:41 - 00003818 _____ () C:\Windows\System32\Tasks\Security Center Update - 3360333312
2014-08-08 16:26 - 2014-08-08 16:26 - 00154112 _____ () C:\Users\Isaiah\AppData\Local\fkewwvtk.exe
2014-08-07 15:44 - 2014-08-07 15:46 - 00054932 _____ () C:\Users\Isaiah\Downloads\AMX-Battery-Driver-Update.CAB
2014-08-06 17:52 - 2014-08-06 17:52 - 00000000 ____D () C:\Users\Isaiah\AppData\Roaming\Reynabre
2014-07-30 08:50 - 2014-07-30 08:51 - 00000000 ____D () C:\Users\Isaiah\AppData\Roaming\Ondyys
2014-07-29 13:46 - 2014-07-29 13:46 - 00000000 ____D () C:\Users\Isaiah\AppData\Roaming\Ytraes
2014-07-29 10:11 - 2014-07-11 02:56 - 00272808 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe
2014-07-29 10:10 - 2014-07-11 03:02 - 00098216 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2014-07-29 10:10 - 2014-07-11 02:56 - 00175528 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe
2014-07-29 10:10 - 2014-07-11 02:55 - 00175528 _____ (Oracle Corporation) C:\Windows\SysWOW64\java.exe
2014-07-29 10:09 - 2014-07-29 10:10 - 00004578 _____ () C:\Windows\SysWOW64\jupdate-1.7.0_65-b20.log
2014-07-29 10:07 - 2014-07-29 10:07 - 00918440 _____ (Oracle Corporation) C:\Users\Isaiah\Downloads\jxpiinstall.exe
2014-07-29 10:05 - 2014-07-29 10:05 - 00036601 _____ () C:\Users\Isaiah\AppData\Local\mwvaelve
2014-07-29 09:48 - 2014-07-29 09:48 - 00036601 _____ () C:\Users\Isaiah\AppData\Local\rekvldnw
2014-07-19 18:32 - 2014-07-19 18:32 - 00000000 _____ () C:\Windows\SysWOW64\sho38E8.tmp

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-08-16 18:06 - 2014-08-16 18:06 - 00040534 _____ () C:\Users\Isaiah\Downloads\FRST.txt
2014-08-16 18:06 - 2014-08-16 18:05 - 00000000 ____D () C:\FRST
2014-08-16 18:05 - 2014-08-16 18:04 - 02101760 _____ (Farbar) C:\Users\Isaiah\Downloads\FRST64.exe
2014-08-16 18:00 - 2014-08-09 14:41 - 00000808 _____ () C:\Windows\Tasks\Security Center Update - 3360333312.job
2014-08-16 18:00 - 2012-02-11 09:41 - 00000912 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-928644344-3032971394-1657302220-1001UA.job
2014-08-16 17:51 - 2009-07-14 01:10 - 01859773 _____ () C:\Windows\WindowsUpdate.log
2014-08-16 17:36 - 2012-09-19 16:26 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-08-16 17:24 - 2010-08-15 07:27 - 00000898 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-08-16 17:04 - 2010-08-15 07:27 - 00000894 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-08-16 16:58 - 2010-11-19 18:31 - 00000000 ____D () C:\Windows\system32\Drivers\AVG
2014-08-16 10:28 - 2012-01-04 10:00 - 00000000 ___RD () C:\Users\Isaiah\Dropbox
2014-08-16 10:28 - 2012-01-04 09:56 - 00000000 ____D () C:\Users\Isaiah\AppData\Roaming\Dropbox
2014-08-16 10:27 - 2013-06-03 12:38 - 00000350 _____ () C:\Windows\Tasks\AVG-Secure-Search-Update_JUNE2013_TB_rmv.job
2014-08-16 10:27 - 2013-01-22 16:29 - 00000354 _____ () C:\Windows\Tasks\ROC_JAN2013_TB_rmv.job
2014-08-16 09:45 - 2009-07-14 00:45 - 00014240 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-08-16 09:45 - 2009-07-14 00:45 - 00014240 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-08-16 09:37 - 2010-11-19 18:31 - 00000000 ____D () C:\ProgramData\AVG10
2014-08-16 09:36 - 2014-08-15 17:47 - 00000168 _____ () C:\Windows\setupact.log
2014-08-16 09:36 - 2009-07-14 01:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-08-16 03:31 - 2014-08-16 03:31 - 00000000 _____ () C:\Windows\SysWOW64\sho76FE.tmp
2014-08-16 03:15 - 2014-08-16 03:15 - 00000000 ____D () C:\Users\Isaiah\AppData\Roaming\Uhxyzu
2014-08-16 03:02 - 2014-03-31 07:15 - 00000000 ____D () C:\Windows\system32\MRT
2014-08-16 03:02 - 2010-10-28 10:41 - 99218768 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-08-16 03:00 - 2014-08-16 03:00 - 00086016 _____ () C:\Users\Isaiah\AppData\Local\pxamonqk.exe
2014-08-16 00:22 - 2014-08-16 00:22 - 00086016 _____ () C:\Users\Isaiah\AppData\Local\mssrogwi.exe
2014-08-15 18:02 - 2014-08-15 18:02 - 00000000 ____D () C:\Users\Isaiah\AppData\Roaming\Teyfpau
2014-08-15 17:59 - 2012-01-04 10:00 - 00001028 _____ () C:\Users\Isaiah\Desktop\Dropbox.lnk
2014-08-15 17:59 - 2012-01-04 09:57 - 00000000 ____D () C:\Users\Isaiah\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
2014-08-15 17:58 - 2014-08-15 17:58 - 00122880 _____ () C:\Users\Isaiah\AppData\Local\blvmvngu.exe
2014-08-15 17:47 - 2014-08-15 17:47 - 00000378 _____ () C:\Windows\PFRO.log
2014-08-15 17:47 - 2014-08-15 17:47 - 00000000 _____ () C:\Windows\setuperr.log
2014-08-15 17:45 - 2014-08-15 17:45 - 00145368 _____ () C:\Users\Isaiah\Desktop\OTL.Txt
2014-08-15 17:36 - 2014-08-15 17:36 - 00099396 _____ () C:\Users\Isaiah\Downloads\Extras.Txt
2014-08-15 17:33 - 2014-08-15 17:33 - 00145368 _____ () C:\Users\Isaiah\Downloads\OTL.Txt
2014-08-15 17:18 - 2014-08-15 17:18 - 00602112 _____ (OldTimer Tools) C:\Users\Isaiah\Downloads\OTL.exe
2014-08-15 17:15 - 2013-08-22 08:10 - 00000000 ____D () C:\Windows\Minidump
2014-08-15 17:15 - 2010-07-20 15:33 - 00000000 ___DC () C:\Users\Isaiah\AppData\Local\MigWiz
2014-08-15 17:15 - 2010-07-16 01:29 - 00000000 ____D () C:\Windows\Panther
2014-08-15 17:02 - 2014-08-15 17:02 - 00002774 _____ () C:\Windows\System32\Tasks\CCleanerSkipUAC
2014-08-15 17:02 - 2014-08-15 17:02 - 00000824 _____ () C:\Users\Public\Desktop\CCleaner.lnk
2014-08-15 17:02 - 2014-08-15 17:02 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
2014-08-15 17:02 - 2014-08-15 17:02 - 00000000 ____D () C:\Program Files\CCleaner
2014-08-15 17:00 - 2014-08-15 17:00 - 04813544 _____ (Piriform Ltd) C:\Users\Isaiah\Downloads\ccsetup416.exe
2014-08-15 16:45 - 2010-09-27 10:14 - 00000000 _____ () C:\Users\Isaiah\AppData\Local\prvlcl.dat
2014-08-15 16:43 - 2014-08-15 16:43 - 00160768 _____ () C:\Users\Isaiah\AppData\Local\mnevmcsq.exe
2014-08-15 10:40 - 2009-07-14 01:32 - 00000000 ____D () C:\Windows\system32\FxsTmp
2014-08-15 08:41 - 2012-02-11 09:41 - 00000860 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-928644344-3032971394-1657302220-1001Core.job
2014-08-14 07:49 - 2014-08-14 07:49 - 00157696 _____ () C:\Users\Isaiah\AppData\Local\mlxchjql.exe
2014-08-13 11:23 - 2010-07-20 19:33 - 00000000 ____D () C:\Land Projects 2004
2014-08-13 09:42 - 2014-08-13 09:42 - 00000000 ____D () C:\Users\Isaiah\AppData\Roaming\Ybryti
2014-08-13 09:00 - 2012-02-11 09:41 - 00002377 _____ () C:\Users\Isaiah\Desktop\Google Chrome.lnk
2014-08-12 15:47 - 2014-08-12 15:47 - 00159744 _____ () C:\Users\Isaiah\AppData\Local\pltlcdfj.exe
2014-08-12 07:37 - 2014-08-12 07:37 - 00000000 ____D () C:\Users\Isaiah\AppData\Roaming\Wiolico
2014-08-11 16:55 - 2009-07-14 01:13 - 00006812 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-08-11 16:40 - 2014-04-27 23:10 - 00000000 ____D () C:\ProgramData\AVG Secure Search
2014-08-11 16:38 - 2011-12-08 07:33 - 00000000 ____D () C:\Program Files (x86)\AVG Secure Search
2014-08-11 16:37 - 2012-11-08 13:24 - 00050976 _____ (AVG Technologies) C:\Windows\system32\Drivers\avgtpx64.sys
2014-08-11 07:34 - 2014-08-11 07:34 - 00000000 ____D () C:\Users\Isaiah\AppData\Roaming\Luedzyo
2014-08-11 07:32 - 2014-08-11 07:32 - 00148992 _____ () C:\Users\Isaiah\AppData\Local\ncsakshk.exe
2014-08-10 12:45 - 2014-08-09 14:41 - 00000000 ____D () C:\Users\Isaiah\AppData\Roaming\Liamevx
2014-08-09 14:41 - 2014-08-09 14:41 - 00003818 _____ () C:\Windows\System32\Tasks\Security Center Update - 3360333312
2014-08-08 16:26 - 2014-08-08 16:26 - 00154112 _____ () C:\Users\Isaiah\AppData\Local\fkewwvtk.exe
2014-08-08 12:21 - 2010-07-20 15:49 - 00000000 ____D () C:\Users\Administrator
2014-08-07 15:46 - 2014-08-07 15:44 - 00054932 _____ () C:\Users\Isaiah\Downloads\AMX-Battery-Driver-Update.CAB
2014-08-06 17:52 - 2014-08-06 17:52 - 00000000 ____D () C:\Users\Isaiah\AppData\Roaming\Reynabre
2014-08-06 11:25 - 2012-04-25 06:34 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2014-07-30 14:16 - 2014-06-18 09:26 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-07-30 08:51 - 2014-07-30 08:50 - 00000000 ____D () C:\Users\Isaiah\AppData\Roaming\Ondyys
2014-07-29 13:46 - 2014-07-29 13:46 - 00000000 ____D () C:\Users\Isaiah\AppData\Roaming\Ytraes
2014-07-29 10:11 - 2014-01-29 13:19 - 00000000 ____D () C:\ProgramData\Oracle
2014-07-29 10:10 - 2014-07-29 10:09 - 00004578 _____ () C:\Windows\SysWOW64\jupdate-1.7.0_65-b20.log
2014-07-29 10:10 - 2012-09-11 14:23 - 00000000 ____D () C:\Program Files (x86)\Java
2014-07-29 10:07 - 2014-07-29 10:07 - 00918440 _____ (Oracle Corporation) C:\Users\Isaiah\Downloads\jxpiinstall.exe
2014-07-29 10:05 - 2014-07-29 10:05 - 00036601 _____ () C:\Users\Isaiah\AppData\Local\mwvaelve
2014-07-29 09:48 - 2014-07-29 09:48 - 00036601 _____ () C:\Users\Isaiah\AppData\Local\rekvldnw
2014-07-28 17:07 - 2013-08-22 08:19 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Trusteer Endpoint Protection
2014-07-28 16:57 - 2013-03-14 03:06 - 00000000 ____D () C:\Program Files\Microsoft Silverlight
2014-07-28 16:57 - 2013-03-14 03:06 - 00000000 ____D () C:\Program Files (x86)\Microsoft Silverlight
2014-07-25 03:03 - 2013-03-14 03:08 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
2014-07-24 20:13 - 2011-03-03 20:48 - 00019456 _____ () C:\Users\Isaiah\Documents\Moose Permits.xls
2014-07-19 18:32 - 2014-07-19 18:32 - 00000000 _____ () C:\Windows\SysWOW64\sho38E8.tmp

Some content of TEMP:
====================
C:\Users\Isaiah\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpqusb7g.dll
C:\Users\Isaiah\AppData\Local\Temp\UpdateFlashPlayer_1df7af7d.exe
C:\Users\Isaiah\AppData\Local\Temp\UpdateFlashPlayer_2f9d6e57.exe
C:\Users\Isaiah\AppData\Local\Temp\UpdateFlashPlayer_413cdfdf.exe
C:\Users\Isaiah\AppData\Local\Temp\UpdateFlashPlayer_8a690420.exe
C:\Users\Isaiah\AppData\Local\Temp\UpdateFlashPlayer_b2f30712.exe
C:\Users\Isaiah\AppData\Local\Temp\UpdateFlashPlayer_b64f764c.exe
C:\Users\Isaiah\AppData\Local\Temp\UpdateFlashPlayer_b6d7836f.exe
C:\Users\Isaiah\AppData\Local\Temp\UpdateFlashPlayer_c9679ef6.exe
C:\Users\Isaiah\AppData\Local\Temp\UpdateFlashPlayer_d10f5fbd.exe
C:\Users\Isaiah\AppData\Local\Temp\UpdateFlashPlayer_eaeca3a2.exe
C:\Users\Isaiah\AppData\Local\Temp\UpdateFlashPlayer_f6864052.exe


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2014-08-07 08:20

==================== End Of Log ============================

 

 

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 16-08-2014 04
Ran by Isaiah at 2014-08-16 18:07:21
Running from C:\Users\Isaiah\Downloads
Boot Mode: Normal
==========================================================


==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: AVG Anti-Virus 2011 (Enabled - Up to date) {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}
AS: AVG Anti-Virus 2011 (Enabled - Up to date) {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}
AS: Windows Defender (Disabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Adobe Digital Editions (HKLM-x32\...\Digital Editions) (Version:  - )
Adobe Flash Player 10 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 10.0.42.34 - Adobe Systems Incorporated)
Adobe Flash Player 14 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 14.0.0.145 - Adobe Systems Incorporated)
Adobe Reader 9.1.2 (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-A91000000001}) (Version: 9.1.2 - Adobe Systems Incorporated)
Advanced Audio FX Engine (HKLM-x32\...\Advanced Audio FX Engine) (Version: 1.12.05 - Creative Technology Ltd)
Akamai NetSession Interface (HKCU\...\Akamai) (Version:  - Akamai Technologies, Inc)
Any PDF to DWG Converter 2013 (HKLM-x32\...\Any PDF to DWG Converter_is1) (Version:  - AnyDWG Software, Inc.)
Apple Application Support (HKLM-x32\...\{AAC5D43E-816D-4C2D-8E51-55FFF35BE301}) (Version: 3.0.1 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{787136D2-F0F8-4625-AA3F-72D7795AC842}) (Version: 7.1.1.3 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
Ask Shopping Toolbar (HKLM-x32\...\{4F524A00-6A76-A76A-76A7-A758B70C0F05}) (Version: 12.15.5.6 - APN, LLC) <==== ATTENTION
AutoCAD Express Tools Volumes 1-9 (HKLM-x32\...\{5783F2D7-0211-0409-0000-0060B0CE6BBA}) (Version: 1.0.0.0 - Autodesk)
Autodesk Civil Series 2004 (HKLM-x32\...\{5783F2D7-0218-0409-0000-0060B0CE6BBA}) (Version: 7.26.0.118 - Autodesk)
Autodesk Express Viewer (HKLM-x32\...\Autodesk Express Viewer) (Version: 3.1 - Autodesk, Inc.)
Autodesk Land 2004 Object Enabler (HKLM-x32\...\{F9045147-2659-4942-8CB8-318EB7A375CA}) (Version: 4.0.017 - Autodesk, Inc.)
AutoTURN 7 Demo (HKLM-x32\...\AutoTURN 7 Demo) (Version: 7.0 Demo - Transoft Solutions)
AVG 2011 (HKLM\...\AVG) (Version: 10.0.1432 - AVG Technologies)
AVG 2011 (Version: 10.0.1432 - AVG Technologies) Hidden
AVG 2011 (Version: 10.0.3955 - AVG Technologies) Hidden
AVG Security Toolbar (HKLM-x32\...\AVG Secure Search) (Version: 18.1.9.786 - AVG Technologies)
Banctec Service Agreement (HKLM-x32\...\{42D68A86-DB1C-4256-B8C9-5D0D92919AF5}) (Version: 2.0.0 - Dell Inc.)
Bing Bar (HKLM-x32\...\{77F8A71E-3515-4832-B8B2-2F1EDBD2E0F1}) (Version: 7.0.609.0 - Microsoft Corporation)
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
Bullzip PDF Printer 7.1.0.1218 (HKLM\...\Bullzip PDF Printer_is1) (Version: 7.1.0.1218 - Bullzip)
Carbonite (HKLM-x32\...\Carbonite Backup) (Version: 5.5.0 build 3621  (Oct-10-2013) - Carbonite)
Carlson X-Port (HKLM-x32\...\Carlson X-Port) (Version:  - )
CCleaner (HKLM\...\CCleaner) (Version: 4.16 - Piriform)
Cisco EAP-FAST Module (HKLM-x32\...\{64BF0187-F3D2-498B-99EA-163AF9AE6EC9}) (Version: 2.2.14 - Cisco Systems, Inc.)
Cisco LEAP Module (HKLM-x32\...\{51C7AD07-C3F6-4635-8E8A-231306D810FE}) (Version: 1.0.19 - Cisco Systems, Inc.)
Cisco PEAP Module (HKLM-x32\...\{ED5776D5-59B4-46B7-AF81-5F2D94D7C640}) (Version: 1.1.6 - Cisco Systems, Inc.)
Compatibility Pack for the 2007 Office system (HKLM-x32\...\{90120000-0020-0409-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
Dell DataSafe Local Backup - Support Software (HKLM-x32\...\{A9668246-FB70-4103-A1E3-66C9BC2EFB49}) (Version: 2.41 - Dell)
Dell DataSafe Local Backup (HKLM-x32\...\{0ED7EE95-6A97-47AA-AD73-152C08A15B04}) (Version: 9.4.45 - Dell)
Dell DataSafe Online (HKLM-x32\...\{13766F76-6C8C-4E57-A9F3-3212D1C6E0D1}) (Version: 1.2.0011 - Dell, Inc.)
Dell Dock (HKLM-x32\...\Dell Dock) (Version:  - Stardock Corporation)
Dell Dock (Version: 2.0 - Stardock Corporation) Hidden
Dell Edoc Viewer (HKLM\...\{8EBA8727-ADC2-477B-9D9A-1A1836BE4E05}) (Version: 1.0.0 - Dell Inc)
Dell Getting Started Guide (HKLM-x32\...\{7DB9F1E5-9ACB-410D-A7DC-7A3D023CE045}) (Version: 1.00.0000 - Dell Inc.)
Dell Support Center (Support Software) (HKLM-x32\...\{E3BFEE55-39E2-4BE0-B966-89FE583822C1}) (Version: 2.5.09100 - Dell)
Dell Webcam Central (HKLM-x32\...\Dell Webcam Central) (Version: 1.40.05 - Creative Technology Ltd)
Dropbox (HKCU\...\Dropbox) (Version: 2.10.27 - Dropbox, Inc.)
DW WLAN Card Utility (HKLM\...\DW WLAN Card Utility) (Version: 5.60.48.18 - Dell Inc.)
DWG TrueView 2013 (HKLM\...\DWG TrueView 2013) (Version: 19.0.55.0 - Autodesk)
DWG TrueView 2013 (Version: 19.0.55.0 - Autodesk) Hidden
Epson Connect (HKLM-x32\...\{64BA551C-9AF6-495C-93F3-D1270E0045FC}) (Version:  - )
Epson Connect Printer Setup (HKLM-x32\...\{D9B1D51B-EB56-410D-AEB5-1CCFAC4B6C8C}) (Version: 1.0.2 - SEIKO EPSON CORPORATION)
Epson Customer Participation (HKLM\...\{814FA673-A085-403C-9545-747FC1495069}) (Version: 1.0.0.0 - SEIKO EPSON CORPORATION)
Epson Download Navigator (HKLM-x32\...\{10F63395-157F-4B93-AB4D-702A2FF11942}) (Version: 1.0.1 - SEIKO EPSON CORPORATION)
Epson Event Manager (HKLM-x32\...\{FA9D303D-0FB2-49C7-9397-8E6B11EA892D}) (Version: 2.50.0001 - SEIKO EPSON CORPORATION)
Epson FAX Utility (HKLM-x32\...\{0CBE6C93-CB2E-4378-91EE-12BE6D4E2E4A}) (Version: 1.20.00 - SEIKO EPSON CORPORATION)
Epson PC-FAX Driver (HKLM-x32\...\EPSON PC-FAX Driver 2) (Version:  - )
EPSON Scan (HKLM-x32\...\EPSON Scanner) (Version:  - Seiko Epson Corporation)
EPSON WorkForce 645 Series Printer Uninstall (HKLM\...\EPSON WorkForce 645 Series) (Version:  - SEIKO EPSON Corporation)
EpsonNet Print (HKLM-x32\...\{3E31400D-274E-4647-916C-2CACC3741799}) (Version: 2.4j - SEIKO EPSON CORPORATION)
FreeRIP v3.5 (HKLM-x32\...\{501451DE-5808-4599-B544-8BD0915B6B24}_is1) (Version: 3.5 - MGShareware)
Garmin Communicator Plugin (HKLM-x32\...\{B1EE1CC5-6CED-4801-BFFF-8454F21A245A}) (Version: 2.9.3 - Garmin Ltd or its subsidiaries)
Garmin USB Drivers (HKLM-x32\...\{510D2239-6C2E-457B-9590-485EC552D94D}) (Version: 2.3.0.0 - Garmin Ltd or its subsidiaries)
GeoMax Assistant Zenith25 (HKLM-x32\...\InstallShield_{1D4627BB-93FF-492C-A913-81BF9A143CCA}) (Version: 1.83 - Hexagon)
GeoMax Assistant Zenith25 (x32 Version: 1.83 - Hexagon) Hidden
Google Chrome (HKCU\...\Google Chrome) (Version: 36.0.1985.143 - Google Inc.)
Google Earth (HKLM-x32\...\{4D2A6330-2F8B-11E3-9C40-B8AC6F97B88E}) (Version: 7.1.2.2041 - Google)
Google Earth Pro (HKLM-x32\...\{9BCC60E1-EAE1-11E2-A9F0-B8AC6F98CCE3}) (Version: 7.1.1.1888 - Google)
Google Update Helper (x32 Version: 1.3.24.15 - Google Inc.) Hidden
GoToAssist 8.0.0.514 (HKLM-x32\...\GoToAssist) (Version:  - )
GPL Ghostscript Lite 8.70 (HKLM-x32\...\GPL Ghostscript Lite_is1) (Version:  - )
HydroCAD (HKLM-x32\...\HydroCAD) (Version:  - )
iCloud (HKLM\...\{81E20D41-C277-4526-934D-F2380AF91B78}) (Version: 3.1.0.40 - Apple Inc.)
Intel® Graphics Media Accelerator Driver (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 8.15.10.2104 - Intel Corporation)
Intel® Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 6.0.0.1179 - Intel Corporation)
iTunes (HKLM\...\{B8BA155B-1E75-405F-9CB4-8A99615D09DC}) (Version: 11.1.5.5 - Apple Inc.)
Java 7 Update 65 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83217051FF}) (Version: 7.0.650 - Oracle)
Java 7 Update 7 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86417007FF}) (Version: 7.0.70 - Oracle)
Java Auto Updater (x32 Version: 2.1.65.20 - Oracle, Inc.) Hidden
Java™ 6 Update 20 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86416020FF}) (Version: 6.0.200 - Sun Microsystems, Inc.)
Java™ 6 Update 35 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83216035FF}) (Version: 6.0.350 - Oracle)
Junk Mail filter update (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Live! Cam Avatar Creator (HKLM-x32\...\{65D0C510-D7B6-4438-9FC8-E6B91115AB0D}) (Version: 4.6.3009.1 - Creative Technology Ltd)
LoJack Factory Installer (HKLM-x32\...\{40F4FF7A-B214-4453-B973-080B09CED019}) (Version: 1.0.0 - Absolute Software)
LTCM Client (HKLM-x32\...\LTCM Client) (Version:  - Leader Technologies Inc.)
McAfee Security Scan Plus (HKLM\...\McAfee Security Scan) (Version: 3.8.130.10 - McAfee, Inc.)
MdbConverter (HKLM-x32\...\{00DA624A-4D28-470A-A3F7-F833FD9C69B7}) (Version: 4.2.0 - GeoSystems)
Microsoft .NET Framework 1.1 (HKLM-x32\...\{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}) (Version: 1.1.4322 - Microsoft)
Microsoft .NET Framework 4 Client Profile (HKLM\...\Microsoft .NET Framework 4 Client Profile) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4 Extended (HKLM\...\Microsoft .NET Framework 4 Extended) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft .NET Framework 4 Extended (Version: 4.0.30319 - Microsoft Corporation) Hidden
Microsoft Application Error Reporting (Version: 12.0.6015.5000 - Microsoft Corporation) Hidden
Microsoft Office 2003 Primary Interop Assemblies (HKLM-x32\...\{91490409-6000-11D3-8CFE-0150048383C9}) (Version: 11.0.6553.0 - Microsoft Corporation)
Microsoft Office 2010 (HKLM-x32\...\{95140000-0070-0000-0000-0000000FF1CE}) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Office Basic Edition 2003 (HKLM-x32\...\{91130409-6000-11D3-8CFE-0150048383C9}) (Version: 11.0.8173.0 - Microsoft Corporation)
Microsoft Office Click-to-Run 2010 (HKLM-x32\...\Office14.Click2Run) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Office Click-to-Run 2010 (Version: 14.0.4763.1000 - Microsoft Corporation) Hidden
Microsoft Office File Validation Add-In (HKLM-x32\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
Microsoft Office Starter 2010 - English (HKLM-x32\...\{90140011-0066-0409-0000-0000000FF1CE}) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053 (HKLM\...\{B6E3757B-5E77-3915-866A-CCFC4B8D194C}) (Version: 8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable - KB2467175 (HKLM-x32\...\{a0fe116e-9a8a-466f-aee0-625cb7c207e3}) (Version: 8.0.51011 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{052bac4a-6f79-46d4-a024-1ce1b4f73cd4}) (Version: 8.0.58299 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) - KB2467175 (HKLM\...\{aac9fcc4-dd9e-4add-901c-b5496a07ab2e}) (Version: 8.0.51011 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 ATL Update kb973924 - x64 9.0.30729.4148 (HKLM\...\{EE936C7A-EA40-31D5-9B65-8E3E089C3828}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x64 9.0.30729.5570 (HKLM\...\{8338783A-0968-3B85-AFC7-BAAE0A63DC50}) (Version: 9.0.30729.5570 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 (HKLM-x32\...\{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}) (Version: 9.0.30729.5570 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (HKLM-x32\...\{820B6609-4C97-3A2B-B644-573B06A0F0CC}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual Studio 2005 Tools for Office Runtime (HKLM-x32\...\Microsoft Visual Studio 2005 Tools for Office Runtime) (Version:  - Microsoft Corporation)
Microsoft Visual Studio 2005 Tools for Office Runtime (x32 Version: 8.0.60940.0 - Microsoft Corporation) Hidden
Mozilla Firefox 31.0 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 31.0 (x86 en-US)) (Version: 31.0 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 29.0 - Mozilla)
MSVCRT (x32 Version: 15.4.2862.0708 - Microsoft) Hidden
MSVCRT_amd64 (x32 Version: 15.4.2862.0708 - Microsoft) Hidden
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
MSXML 4.0 SP2 Parser and SDK (HKLM-x32\...\{716E0306-8318-4364-8B8F-0CC4E9376BAC}) (Version: 4.20.9818.0 - Microsoft Corporation)
OfficeSharedAddInSetup (HKLM-x32\...\{3D316CFB-1825-4030-A13A-29D18DC6B177}) (Version: 1.0.0 - Smart Soft)
PDFill PDF Editor with FREE Writer and FREE Tools (HKLM\...\{D1399216-81B2-457C-A0F7-73B9A2EF6902}) (Version: 10.0 - PlotSoft LLC)
PowerDVD DX (HKLM-x32\...\{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}) (Version: 8.3.6029 - CyberLink Corp.)
QuickBooks (x32 Version: 21.0.4011.904 - Intuit Inc.) Hidden
QuickBooks Pro 2011 (HKLM-x32\...\{11E0AC7D-6822-4F67-865F-EE1C13D28C38}) (Version: 21.0.4011.904 - Intuit Inc.)
Quickset64 (HKLM\...\{87CF757E-C1F1-4D22-865C-00C6950B5258}) (Version: 10.3.2 - Dell Inc.)
QuickTime 7 (HKLM-x32\...\{111EE7DF-FC45-40C7-98A7-753AC46B12FB}) (Version: 7.75.80.95 - Apple Inc.)
Rapport (Version: 3.5.1205.20 - Trusteer) Hidden
Rapport (x32 Version: 3.5.1307.109 - Trusteer) Hidden
Roxio Burn (HKLM-x32\...\{B2E47DE7-800B-40BB-BD1F-9F221C3AEE87}) (Version: 1.01 - Roxio)
Roxio Burn (x32 Version: 1.01 - Roxio) Hidden
Search Toolbar (HKLM-x32\...\Search Toolbar) (Version: 1.2 - Zugo Ltd) <==== ATTENTION
Shopping App by Ask (HKLM-x32\...\{4F524A2D-5354-2D53-5045-A758B70C0F01}) (Version: 12.15.1.21 - APN, LLC)
Skype Toolbars (HKLM-x32\...\{981029E0-7FC9-4CF3-AB39-6F133621921A}) (Version: 1.0.4051 - Skype Technologies S.A.)
Skype™ 6.11 (HKLM-x32\...\{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}) (Version: 6.11.102 - Skype Technologies S.A.)
Smart PDF Converter 6.1.0.425 (HKLM\...\Smart PDF Converter_is1) (Version: 6.1.0.425 - Smart Soft)
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 15.0.3.0 - Synaptics Incorporated)
SyncBack (HKLM-x32\...\SyncBack_is1) (Version:  - 2BrightSparks)
TOPO! (HKLM-x32\...\TOPO!) (Version:  - )
Trusteer Endpoint Protection (HKLM-x32\...\Rapport_msi) (Version: 3.5.1307.109 - Trusteer)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871) (HKLM-x32\...\{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}.KB2468871) (Version: 1 - Microsoft Corporation)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523) (HKLM-x32\...\{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}.KB2533523) (Version: 1 - Microsoft Corporation)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217) (HKLM-x32\...\{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}.KB2600217) (Version: 1 - Microsoft Corporation)
Update for Microsoft .NET Framework 4 Extended (KB2468871) (HKLM-x32\...\{8E34682C-8118-31F1-BC4C-98CD9675E1C2}.KB2468871) (Version: 1 - Microsoft Corporation)
Update for Microsoft .NET Framework 4 Extended (KB2533523) (HKLM-x32\...\{8E34682C-8118-31F1-BC4C-98CD9675E1C2}.KB2533523) (Version: 1 - Microsoft Corporation)
Update for Microsoft .NET Framework 4 Extended (KB2600217) (HKLM-x32\...\{8E34682C-8118-31F1-BC4C-98CD9675E1C2}.KB2600217) (Version: 1 - Microsoft Corporation)
Visual C++ 8.0 Runtime Setup Package (x64) (HKLM-x32\...\{2FDBBCEA-62DB-45F4-B6E5-0E1FB2A1F29D}) (Version: 9.0.0.623 - AVG Technologies CZ, s.r.o.)
Visual Studio 2008 x64 Redistributables (HKLM-x32\...\{FCDBEA60-79F0-4FAE-BBA8-55A26C609A49}) (Version: 10.0.0.2 - AVG Technologies)
WildTangent Games (HKLM-x32\...\WildTangent dell Master Uninstall) (Version: 1.0.0.71 - WildTangent)
Windows Driver Package - Garmin (grmnusb) GARMIN Devices  (06/03/2009 2.3.0.0) (HKLM\...\49CF605F02C7954F4E139D18828DE298CD59217C) (Version: 06/03/2009 2.3.0.0 - Garmin)
Windows Driver Package - Silicon Laboratories (silabenm) Ports  (12/10/2012 6.6.1.0) (HKLM\...\D680DEE0F68D64EC53D0C5769879D15D387054CC) (Version: 12/10/2012 6.6.1.0 - Silicon Laboratories)
Windows Live Communications Platform (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3502.0922 - Microsoft Corporation)
Windows Live Essentials (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live ID Sign-in Assistant (Version: 7.250.4225.0 - Microsoft Corporation) Hidden
Windows Live Installer (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Language Selector (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Mail (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Messenger (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live MIME IFilter (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Movie Maker (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Photo Common (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Photo Gallery (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live PIMT Platform (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live SOXE (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live SOXE Definitions (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Sync (HKLM-x32\...\{84EBDF39-4B33-49D7-A0BD-EB6E2C4E81C1}) (Version: 14.0.8089.726 - Microsoft Corporation)
Windows Live UX Platform (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live UX Platform Language Pack (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Writer (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Writer Resources (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Mobile Device Center (HKLM\...\{626672CD-BFCF-49A9-AEFE-AB0FED3BFC5B}) (Version: 6.1.6965.0 - Microsoft Corporation)

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)

CustomCLSID: HKU\S-1-5-21-928644344-3032971394-1657302220-1001_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Users\Isaiah\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-928644344-3032971394-1657302220-1001_Classes\CLSID\{355EC88A-02E2-4547-9DEE-F87426484BD1}\InprocServer32 -> C:\Users\Isaiah\AppData\Local\Google\Update\1.3.23.9\psuser_64.dll No File
CustomCLSID: HKU\S-1-5-21-928644344-3032971394-1657302220-1001_Classes\CLSID\{3faa4380-a399-11cf-a466-00805fe418f6}\InprocServer32 -> C:\Program Files\Autodesk\DWG TrueView 2013\en-US\dwgviewrficn.dll (Autodesk, Inc.)
CustomCLSID: HKU\S-1-5-21-928644344-3032971394-1657302220-1001_Classes\CLSID\{6A221957-2D85-42A7-8E19-BE33950D1DEB}\localserver32 -> C:\Program Files\Autodesk\DWG TrueView 2013\dwgviewr.exe (Autodesk, Inc.)
CustomCLSID: HKU\S-1-5-21-928644344-3032971394-1657302220-1001_Classes\CLSID\{90B3DFBF-AF6A-4EA0-8899-F332194690F8}\InprocServer32 -> C:\Users\Isaiah\AppData\Local\Google\Update\1.3.24.15\psuser_64.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-928644344-3032971394-1657302220-1001_Classes\CLSID\{E8CF3E55-F919-49D9-ABC0-948E6CB34B9F}\InprocServer32 -> C:\Users\Isaiah\AppData\Local\Google\Update\1.3.24.15\psuser_64.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-928644344-3032971394-1657302220-1001_Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Isaiah\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-928644344-3032971394-1657302220-1001_Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Isaiah\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-928644344-3032971394-1657302220-1001_Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Isaiah\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-928644344-3032971394-1657302220-1001_Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Isaiah\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-928644344-3032971394-1657302220-1001_Classes\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Isaiah\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-928644344-3032971394-1657302220-1001_Classes\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Isaiah\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-928644344-3032971394-1657302220-1001_Classes\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Isaiah\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-928644344-3032971394-1657302220-1001_Classes\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Isaiah\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-928644344-3032971394-1657302220-1001_Classes\CLSID\{FE498BAB-CB4C-4F88-AC3F-3641AAAF5E9E}\InprocServer32 -> C:\Users\Isaiah\AppData\Local\Google\Update\1.3.24.7\psuser_64.dll No File

==================== Restore Points  =========================

28-07-2014 21:04:01 Installed Rapport
29-07-2014 14:08:09 Installed Java 7 Update 65
06-08-2014 21:20:59 Scheduled Checkpoint
13-08-2014 23:34:33 Scheduled Checkpoint
16-08-2014 07:00:23 Windows Update

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-13 22:34 - 2009-06-10 17:00 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts

==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

Task: {1EB3B4C9-D130-4EC3-A9B6-1670EF52E140} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-07-09] (Adobe Systems Incorporated)
Task: {282BFEFD-F447-4641-B0A4-F043F4FFE20C} - System32\Tasks\AVG-Secure-Search-Update_JUNE2013_TB_rmv => C:\Windows\TEMP\{1BA31749-4BE2-4952-9D91-7653DE074AF3}.exe
Task: {4B0B8DCA-C5B3-4DF9-9458-814D4915CD1B} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-928644344-3032971394-1657302220-1001Core => C:\Users\Isaiah\AppData\Local\Google\Update\GoogleUpdate.exe [2012-02-11] (Google Inc.)
Task: {4DE2B731-5EFF-4EFD-B81C-B77581D8AB06} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2010-08-15] (Google Inc.)
Task: {5AD027FC-E3A8-4BEC-9043-56FAC6297C8C} - System32\Tasks\Security Center Update - 3360333312 => C:\Users\Isaiah\AppData\Roaming\Liamevx\erqeat.exe
Task: {7BEAC62A-833B-4328-9C17-E6EA8DDE41B2} - System32\Tasks\{5F6010C8-60E5-41f3-BF5B-C3AF5DBE12D4} => C:\ProgramData\Carbonite\Carbonite Backup\CarboniteUpgrade.exe
Task: {7FF6B4FC-AAAE-4E6E-800E-666332081D23} - System32\Tasks\ROC_JAN2013_TB_rmv => C:\Program Files (x86)\AVG Secure Search\PostInstall\ROC.exe [2013-01-31] ()
Task: {8634F19C-EE42-4F3F-B188-6B4C163163A2} - System32\Tasks\LoJack for Laptops Install => C:\Program Files (x86)\Absolute Software\LoJack Install\FactoryInstaller.exe [2009-11-26] (Absolute Software)
Task: {8B8A27AD-9935-49FA-91A6-8F8E69FB37EF} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2010-08-15] (Google Inc.)
Task: {AC391964-C694-4427-852F-FA53BC9F0399} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-928644344-3032971394-1657302220-1001UA => C:\Users\Isaiah\AppData\Local\Google\Update\GoogleUpdate.exe [2012-02-11] (Google Inc.)
Task: {AFDFB340-D9B0-40A5-B9E2-E834071B71FC} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {B2C24EA5-76DD-4D9E-B975-CD732E5F7098} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2014-07-23] (Piriform Ltd)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\AVG-Secure-Search-Update_JUNE2013_TB_rmv.job => C:\Windows\TEMP\{1BA31749-4BE2-4952-9D91-7653DE074AF3}.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-928644344-3032971394-1657302220-1001Core.job => C:\Users\Isaiah\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-928644344-3032971394-1657302220-1001UA.job => C:\Users\Isaiah\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\ROC_JAN2013_TB_rmv.job => C:\Program Files (x86)\AVG Secure Search\PostInstall\ROC.exe
Task: C:\Windows\Tasks\Security Center Update - 3360333312.job => C:\Users\Isaiah\AppData\Roaming\Liamevx\erqeat.exe <==== ATTENTION
Task: C:\Windows\Tasks\SyncBack Dell Studio 17 Backup.job => C:\Program Files (x86)\2BrightSparks\SyncBackIsaiahTask created by SyncBack.exe
Task: C:\Windows\Tasks\SyncBack Kimball Files Backup.job => C:\Program Files (x86)\2BrightSparks\SyncBackIsaiahTask created by SyncBack.exe
Task: C:\Windows\Tasks\SyncBack My Pictures Backup.job => C:\Program Files (x86)\2BrightSparks\SyncBackIsaiahTask created by SyncBack.exe

==================== Loaded Modules (whitelisted) =============

2014-08-11 16:39 - 2014-08-11 16:37 - 00159768 _____ () C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\18.1.9\loggingserver.exe
2010-07-15 23:21 - 2010-07-21 11:35 - 00161088 _____ () C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpd.exe
2010-02-09 14:34 - 2010-02-09 14:34 - 01807680 _____ () C:\Program Files (x86)\Dell DataSafe Online\DataSafeOnline.exe
2009-10-15 04:10 - 2009-10-15 04:10 - 00498160 _____ () C:\Program Files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe
2011-02-10 07:55 - 2011-02-10 07:55 - 01148256 _____ () C:\Program Files (x86)\AVG\AVG10\Identity Protection\agent\bin\avgidsmonitor.exe
2011-12-08 07:33 - 2014-08-11 16:37 - 02640408 _____ () C:\Program Files (x86)\AVG Secure Search\vprot.exe
2012-08-07 20:58 - 2014-07-06 10:18 - 01404120 _____ () C:\ProgramData\Trusteer\Rapport\store\exts\RapportMS\baseline\RapportMS.dll
2014-02-12 20:58 - 2014-02-12 20:58 - 00073544 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
2014-02-12 20:58 - 2014-02-12 20:58 - 01044808 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
2010-07-15 23:19 - 2010-07-21 11:33 - 00058688 _____ () C:\Program Files (x86)\Dell DataSafe Local Backup\STCoreXml.dll
2010-07-15 23:19 - 2010-07-21 11:33 - 00116032 _____ () C:\Program Files (x86)\Dell DataSafe Local Backup\PSTVdsDisk.dll
2010-07-15 23:19 - 2010-07-21 11:33 - 00128320 _____ () C:\Program Files (x86)\Dell DataSafe Local Backup\STLog.dll
2014-08-11 16:39 - 2014-08-11 16:37 - 00519704 _____ () C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\18.1.9\log4cplusU.dll
2014-03-23 17:04 - 2014-03-23 17:04 - 00557056 _____ () C:\Program Files (x86)\Trusteer\Rapport\bin\js32.dll
2014-06-18 09:26 - 2014-07-30 14:16 - 03800688 _____ () C:\Program Files (x86)\Mozilla Firefox\mozjs.dll
2014-08-11 16:40 - 2014-08-11 16:37 - 00693784 _____ () C:\Program Files (x86)\Common Files\AVG Secure Search\NativeBrowserApi\18.1.9\NativeBrowserApi.dll
2012-05-14 15:09 - 2012-05-14 15:09 - 00268648 _____ () C:\Program Files (x86)\Intuit\QuickBooks 2011\boost_regex-vc90-mt-p-1_33.dll
2012-05-14 15:10 - 2012-05-14 15:10 - 00020840 _____ () C:\Program Files (x86)\Intuit\QuickBooks 2011\QBCompressor.dll
2005-07-19 23:18 - 2005-07-19 23:18 - 00059904 _____ () C:\Program Files (x86)\Intuit\QuickBooks 2011\zlib1.dll
2012-05-14 15:09 - 2012-05-14 15:09 - 00348008 _____ () C:\Program Files (x86)\Intuit\QuickBooks 2011\BackupLib.dll
2012-05-14 15:10 - 2012-05-14 15:10 - 00125800 _____ () C:\Program Files (x86)\Intuit\QuickBooks 2011\QBMAPILibrary.dll
2012-05-14 15:09 - 2012-05-14 15:09 - 00176488 _____ () C:\Program Files (x86)\Intuit\QuickBooks 2011\boost_serialization-vc90-mt-p-1_33.dll
2012-05-14 15:10 - 2012-05-14 15:10 - 00042344 _____ () C:\Program Files (x86)\Intuit\QuickBooks 2011\mbpopup.dll
2010-02-09 14:34 - 2010-02-09 14:34 - 00275776 _____ () C:\Program Files (x86)\Dell DataSafe Online\SdbShared.dll
2010-02-09 14:34 - 2010-02-09 14:34 - 00058688 _____ () C:\Program Files (x86)\Dell DataSafe Online\BalloonWindow.dll
2010-02-09 14:34 - 2010-02-09 14:34 - 00095552 _____ () C:\Program Files (x86)\Dell DataSafe Online\SdbUI.dll
2010-02-09 14:34 - 2010-02-09 14:34 - 00152896 _____ () C:\Program Files (x86)\Dell DataSafe Online\SdbShared.XmlSerializers.dll
2010-02-09 14:34 - 2010-02-09 14:34 - 00017728 _____ () C:\Program Files (x86)\Dell DataSafe Online\cpputils.dll
2014-08-16 10:27 - 2014-08-16 10:27 - 00043008 _____ () c:\users\isaiah\appdata\local\temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpqusb7g.dll
2013-08-23 15:01 - 2013-08-23 15:01 - 25100288 _____ () C:\Users\Isaiah\AppData\Roaming\Dropbox\bin\libcef.dll

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)


==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\GoToAssist => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\McMPFSvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\remote support => "(Default)"="Service"

==================== EXE Association (whitelisted) =============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)

HKU\S-1-5-21-928644344-3032971394-1657302220-1001\Software\Classes\.exe:  =>  <===== ATTENTION!

==================== MSCONFIG/TASK MANAGER disabled items =========

(Currently there is no automatic fix for this section.)


==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (08/16/2014 04:58:58 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: GoogleUpdate.exe, version: 1.2.183.21, time stamp: 0x4b95e661
Faulting module name: ntdll.dll, version: 6.1.7600.16915, time stamp: 0x4ec49d10
Exception code: 0xc0000005
Fault offset: 0x00022360
Faulting process id: 0x16e4
Faulting application start time: 0xGoogleUpdate.exe0
Faulting application path: GoogleUpdate.exe1
Faulting module path: GoogleUpdate.exe2
Report Id: GoogleUpdate.exe3

Error: (08/16/2014 10:27:59 AM) (Source: QuickBooks) (EventID: 4) (User: )
Description: An unexpected error has occured in "QuickBooks":
Returning NULL QBWinInstance Handle

Error: (08/16/2014 10:27:59 AM) (Source: QuickBooks) (EventID: 4) (User: )
Description: An unexpected error has occured in "QuickBooks":
Returning NULL QBWinInstance Handle

Error: (08/16/2014 10:27:59 AM) (Source: QuickBooks) (EventID: 4) (User: )
Description: An unexpected error has occured in "QuickBooks":
Returning NULL QBWinInstance Handle

Error: (08/16/2014 09:14:00 AM) (Source: QuickBooks) (EventID: 4) (User: )
Description: An unexpected error has occured in "QuickBooks":
Returning NULL QBWinInstance Handle

Error: (08/16/2014 09:14:00 AM) (Source: QuickBooks) (EventID: 4) (User: )
Description: An unexpected error has occured in "QuickBooks":
Returning NULL QBWinInstance Handle

Error: (08/16/2014 09:14:00 AM) (Source: QuickBooks) (EventID: 4) (User: )
Description: An unexpected error has occured in "QuickBooks":
Returning NULL QBWinInstance Handle

Error: (08/16/2014 00:24:49 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 3167

Error: (08/16/2014 00:24:49 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 3167

Error: (08/16/2014 00:24:49 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second


System errors:
=============
Error: (08/16/2014 04:57:58 PM) (Source: DCOM) (EventID: 10010) (User: )
Description: {CA3A5461-96B5-46DD-9341-5350D3C94615}

Error: (08/16/2014 09:39:50 AM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the SupportSoft Sprocket Service (DellSupportCenter) service to connect.

Error: (08/16/2014 09:38:38 AM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: application-specificLocalLaunch{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}{344ED43D-D086-4961-86A6-1106F4ACAD9B}NT AUTHORITYLOCAL SERVICES-1-5-19LocalHost (Using LRPC)

Error: (08/16/2014 09:37:41 AM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: application-specificLocalLaunch{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}{344ED43D-D086-4961-86A6-1106F4ACAD9B}NT AUTHORITYSYSTEMS-1-5-18LocalHost (Using LRPC)

Error: (08/16/2014 09:36:45 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The RPCHD service failed to start due to the following error:
%%2

Error: (08/16/2014 09:16:16 AM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the IPBusEnum service.

Error: (08/16/2014 09:16:12 AM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the SupportSoft Sprocket Service (DellSupportCenter) service to connect.

Error: (08/16/2014 09:12:42 AM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: application-specificLocalLaunch{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}{344ED43D-D086-4961-86A6-1106F4ACAD9B}NT AUTHORITYLOCAL SERVICES-1-5-19LocalHost (Using LRPC)

Error: (08/16/2014 09:11:31 AM) (Source: VDS Basic Provider) (EventID: 1) (User: )
Description: Unexpected failure. Error code: D@01010004

Error: (08/16/2014 09:11:31 AM) (Source: VDS Basic Provider) (EventID: 1) (User: )
Description: Unexpected failure. Error code: D@01010004


Microsoft Office Sessions:
=========================
Error: (08/16/2014 04:58:58 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: GoogleUpdate.exe1.2.183.214b95e661ntdll.dll6.1.7600.169154ec49d10c00000050002236016e401cfb95e2bec7afeC:\Users\Isaiah\AppData\Local\Google\Update\GoogleUpdate.exeC:\Windows\SysWOW64\ntdll.dll2418f02f-2588-11e4-8c90-0026b9b5c916

Error: (08/16/2014 10:27:59 AM) (Source: QuickBooks) (EventID: 4) (User: )
Description: QuickBooksReturning NULL QBWinInstance Handle

Error: (08/16/2014 10:27:59 AM) (Source: QuickBooks) (EventID: 4) (User: )
Description: QuickBooksReturning NULL QBWinInstance Handle

Error: (08/16/2014 10:27:59 AM) (Source: QuickBooks) (EventID: 4) (User: )
Description: QuickBooksReturning NULL QBWinInstance Handle

Error: (08/16/2014 09:14:00 AM) (Source: QuickBooks) (EventID: 4) (User: )
Description: QuickBooksReturning NULL QBWinInstance Handle

Error: (08/16/2014 09:14:00 AM) (Source: QuickBooks) (EventID: 4) (User: )
Description: QuickBooksReturning NULL QBWinInstance Handle

Error: (08/16/2014 09:14:00 AM) (Source: QuickBooks) (EventID: 4) (User: )
Description: QuickBooksReturning NULL QBWinInstance Handle

Error: (08/16/2014 00:24:49 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 3167

Error: (08/16/2014 00:24:49 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 3167

Error: (08/16/2014 00:24:49 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second


==================== Memory info ===========================

Processor: Intel® Core™ i3 CPU M 350 @ 2.27GHz
Percentage of memory in use: 58%
Total physical RAM: 3764.55 MB
Available physical RAM: 1571.26 MB
Total Pagefile: 7527.23 MB
Available Pagefile: 5029.84 MB
Total Virtual: 8192 MB
Available Virtual: 8191.81 MB

==================== Drives ================================

Drive c: (OS) (Fixed) (Total:451.07 GB) (Free:196.22 GB) NTFS
Drive e: () (Removable) (Total:0.95 GB) (Free:0.71 GB) FAT

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or Vista) (Size: 465.8 GB) (Disk ID: 71EC67E7)
Partition 1: (Not Active) - (Size=39 MB) - (Type=DE)
Partition 2: (Active) - (Size=14.6 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=451.1 GB) - (Type=07 NTFS)

========================================================
Disk: 1 (Size: 968.8 MB) (Disk ID: 00000000)

Partition: GPT Partition Type.

==================== End Of Log ============================

 

aswMBR version 1.0.1.2041 Copyright© 2014 AVAST Software
Run date: 2014-08-16 18:14:58
-----------------------------
18:14:58.615    OS Version: Windows x64 6.1.7600
18:14:58.615    Number of processors: 4 586 0x2502
18:14:58.615    ComputerName: DELLSTUDIO17  UserName: Isaiah
18:15:01.407    Initialize success
18:15:01.501    VM: initialized successfully
18:15:01.532    VM: Intel CPU supported
18:15:20.299    VM: supported disk I/O ataport.SYS
18:15:38.277    Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0
18:15:38.277    Disk 0 Vendor: WDC_WD5000BEVT-75A0RT0 01.01A01 Size: 476940MB BusType: 11
18:15:38.292    Disk 1  \Device\Harddisk1\SR0 -> \Device\SdBus-0
18:15:38.292    Disk 1 Vendor: (  Size: 968MB BusType: 12
18:15:38.558    VM: Disk 0 MBR read successfully
18:15:38.573    Disk 0 MBR scan
18:15:38.573    Disk 0 Windows VISTA default MBR code
18:15:38.589    Disk 0 Partition 1 00     DE Dell Utility Dell 8.0       39 MB offset 63
18:15:38.604    Disk 0 Partition 2 80 (A) 07    HPFS/NTFS NTFS        15000 MB offset 81920
18:15:38.620    Disk 0 Boot: NTFS     code=1
18:15:38.636    Disk 0 Partition 3 00     07    HPFS/NTFS NTFS       461899 MB offset 30801920
18:15:38.901    Disk 0 scanning C:\Windows\system32\drivers
18:15:56.140    Service scanning
18:16:30.430    Modules scanning
18:16:30.430    Disk 0 trace - called modules:
18:16:30.461    ntoskrnl.exe CLASSPNP.SYS disk.sys ataport.SYS PCIIDEX.SYS hal.dll msahci.sys
18:16:30.476    1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8004be1060]
18:16:30.476    3 CLASSPNP.SYS[fffff8800191743f] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-0[0xfffffa800492b1f0]
18:16:30.492    Scan finished successfully
18:17:40.695    Disk 0 MBR has been saved successfully to "C:\Users\Isaiah\Desktop\MBR.dat"
18:17:40.695    The log file has been saved successfully to "C:\Users\Isaiah\Desktop\aswMBR.txt"

Thanks!  Karen


  • 0

#5
Naathim
Posted 16 August 2014 - 05:01 PM

Naathim

    GeekU Minion

  • Expert
  • 4,568 posts
Hi :)


51a5bf3d99e8a-ComboFixlogo16.png Scan with ComboFix

This is a very powerful tool that should be used only if advised by Malware Analyst.
Do not run ComboFix on your own!

Referring to this instruction, please download ComboFix by sUBs and save it to your desktop.
Temporary disable your AntiVirus and AntiSpyware protection - instructions here.

  • Right-click on 51a5bf3d99e8a-ComboFixlogo16.png icon and select RunAsAdmin.jpg Run as Administrator to start the tool.
  • Accept the disclaimer and agree if prompted to install Recovery Console.
  • Do not take any actions while ComboFix goes through your System - it may cause it to stall!
  • This scan may take some time!
  • When finished - it will display a logfile (located also on your main drive, usually C:\ComboFix.txt).

Include that log in your next reply.
icon_idea.gif If you'll encounter any issues with internet connection after running ComboFix, please visit this link.
icon_idea.gif If an error about operation on the key marked for deletion will appear after running the tool, please reboot your machine.
  • 0

#6
plante
Posted 16 August 2014 - 09:05 PM

plante

    Member

  • Topic Starter
  • Member
  • PipPip
  • 63 posts

Hi Naat,

 

Here are the results from the Combofix:

 

ComboFix 14-08-15.01 - Isaiah 08/16/2014  21:32:38.1.4 - x64
Microsoft Windows 7 Home Premium   6.1.7600.0.1252.1.1033.18.3765.1530 [GMT -4:00]
Running from: c:\users\Isaiah\Downloads\ComboFix.exe
AV: AVG Anti-Virus 2011 *Disabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}
SP: AVG Anti-Virus 2011 *Disabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\Isaiah\AppData\Local\blvmvngu.exe
c:\users\Isaiah\AppData\Local\fkewwvtk.exe
c:\users\Isaiah\AppData\Local\mlxchjql.exe
c:\users\Isaiah\AppData\Local\mnevmcsq.exe
c:\users\Isaiah\AppData\Local\mssrogwi.exe
c:\users\Isaiah\AppData\Local\ncsakshk.exe
c:\users\Isaiah\AppData\Local\pltlcdfj.exe
c:\users\Isaiah\AppData\Local\pxamonqk.exe
c:\users\Isaiah\AppData\Local\txvqbrcd.exe
c:\users\Isaiah\AppData\Roaming\Mozilla\Firefox\Profiles\pqvjg8a6.default\searchplugins\bing-zugo.xml
c:\users\Isaiah\Documents\~WRL0398.tmp
.
.
(((((((((((((((((((((((((   Files Created from 2014-07-17 to 2014-08-17  )))))))))))))))))))))))))))))))
.
.
2014-08-17 01:53 . 2014-08-17 01:53    --------    d-----w-    c:\users\QBDataServiceUser\AppData\Local\temp
2014-08-17 01:53 . 2014-08-17 01:53    --------    d-----w-    c:\users\Default\AppData\Local\temp
2014-08-17 01:53 . 2014-08-17 01:53    --------    d-----w-    c:\users\Administrator\AppData\Local\temp
2014-08-16 22:05 . 2014-08-16 22:08    --------    d-----w-    C:\FRST
2014-08-16 07:31 . 2014-08-16 07:31    0    ----a-w-    c:\windows\SysWow64\sho76FE.tmp
2014-08-16 07:15 . 2014-08-16 07:15    --------    d-----w-    c:\users\Isaiah\AppData\Roaming\Uhxyzu
2014-08-15 22:02 . 2014-08-15 22:02    --------    d-----w-    c:\users\Isaiah\AppData\Roaming\Teyfpau
2014-08-15 21:02 . 2014-08-15 21:02    --------    d-----w-    c:\program files\CCleaner
2014-08-13 13:42 . 2014-08-13 13:42    --------    d-----w-    c:\users\Isaiah\AppData\Roaming\Ybryti
2014-08-12 11:37 . 2014-08-12 11:37    --------    d-----w-    c:\users\Isaiah\AppData\Roaming\Wiolico
2014-08-11 11:34 . 2014-08-11 11:34    --------    d-----w-    c:\users\Isaiah\AppData\Roaming\Luedzyo
2014-08-09 18:41 . 2014-08-10 16:45    --------    d-----w-    c:\users\Isaiah\AppData\Roaming\Liamevx
2014-08-06 21:52 . 2014-08-06 21:52    --------    d-----w-    c:\users\Isaiah\AppData\Roaming\Reynabre
2014-07-30 12:50 . 2014-07-30 12:51    --------    d-----w-    c:\users\Isaiah\AppData\Roaming\Ondyys
2014-07-29 17:46 . 2014-07-29 17:46    --------    d-----w-    c:\users\Isaiah\AppData\Roaming\Ytraes
2014-07-29 14:11 . 2014-07-29 14:11    --------    d-----w-    c:\program files (x86)\Common Files\Java
2014-07-29 14:10 . 2014-07-11 07:02    98216    ----a-w-    c:\windows\SysWow64\WindowsAccessBridge-32.dll
2014-07-19 22:32 . 2014-07-19 22:32    0    ----a-w-    c:\windows\SysWow64\sho38E8.tmp
.
.
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2014-08-16 07:02 . 2010-10-28 14:41    99218768    ----a-w-    c:\windows\system32\MRT.exe
2014-08-11 20:37 . 2012-11-08 17:24    50976    ----a-w-    c:\windows\system32\drivers\avgtpx64.sys
2014-07-15 21:20 . 2014-07-15 21:20    0    ----a-w-    c:\windows\SysWow64\sho1CD9.tmp
2014-07-10 23:23 . 2012-08-08 00:58    358616    ----a-w-    c:\windows\system32\drivers\RapportKE64.sys
2014-07-10 07:29 . 2014-07-10 07:29    0    ----a-w-    c:\windows\SysWow64\sho96B7.tmp
2014-07-10 01:12 . 2012-09-19 20:26    699056    ----a-w-    c:\windows\SysWow64\FlashPlayerApp.exe
2014-07-10 01:12 . 2012-02-28 01:32    71344    ----a-w-    c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2014-07-01 13:17 . 2014-07-01 13:20    83968    ----a-w-    c:\windows\system32\E_YD4BHVA.DLL
2014-07-01 13:17 . 2014-07-01 13:20    120320    ----a-w-    c:\windows\system32\E_YLMHVA.DLL
2014-07-01 01:56 . 2014-07-10 01:15    516096    ----a-w-    c:\windows\system32\aepdu.dll
2014-07-01 01:50 . 2014-07-10 01:15    424448    ----a-w-    c:\windows\system32\aeinv.dll
1997-07-21 23:30    1045776    --sha-w-    c:\windows\SysWOW64\Msjet35.dll
1997-06-23 07:00    123664    --sha-w-    c:\windows\SysWOW64\Msjint35.dll
1997-06-23 16:06    24848    --sha-w-    c:\windows\SysWOW64\Msjter35.dll
1997-06-23 16:06    252176    --sha-w-    c:\windows\SysWOW64\Msrd2x35.dll
1997-06-23 16:06    287504    --sha-w-    c:\windows\SysWOW64\Msxbse35.dll
.
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\~\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233}]
2014-08-11 20:37    3627032    ----a-w-    c:\program files (x86)\AVG Secure Search\18.1.9.786\AVG Secure Search_toolbar.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\~\Browser Helper Objects\{9D425283-D487-4337-BAB6-AB8354A81457}]
2010-04-08 14:52    271024    ----a-w-    c:\program files (x86)\Search Toolbar\SearchToolbar.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\~\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}]
2014-06-23 23:58    12184    ----a-w-    c:\program files (x86)\AskPartnerNetwork\Toolbar\ORJ\Passport.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar]
"{9D425283-D487-4337-BAB6-AB8354A81457}"= "c:\program files (x86)\Search Toolbar\SearchToolbar.dll" [2010-04-08 271024]
"{95B7759C-8C7F-4BF1-B163-73684A933233}"= "c:\program files (x86)\AVG Secure Search\18.1.9.786\AVG Secure Search_toolbar.dll" [2014-08-11 3627032]
"{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files (x86)\AskPartnerNetwork\Toolbar\ORJ\Passport.dll" [2014-06-23 12184]
.
[HKEY_CLASSES_ROOT\clsid\{9d425283-d487-4337-bab6-ab8354a81457}]
[HKEY_CLASSES_ROOT\SearchToolbarLib.CSearchToolbarImpl.1]
[HKEY_CLASSES_ROOT\TypeLib\{E43AD97A-5248-46A7-BB03-35574058224C}]
[HKEY_CLASSES_ROOT\SearchToolbarLib.CSearchToolbarImpl]
.
[HKEY_CLASSES_ROOT\clsid\{95b7759c-8c7f-4bf1-b163-73684a933233}]
[HKEY_CLASSES_ROOT\AVG Secure Search.PugiObj.1]
[HKEY_CLASSES_ROOT\AVG Secure Search.PugiObj]
.
[HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
[HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\Carbonite.Green]
@="{95A27763-F62A-4114-9072-E81D87DE3B68}"
[HKEY_CLASSES_ROOT\CLSID\{95A27763-F62A-4114-9072-E81D87DE3B68}]
2013-10-10 19:26    1021448    ----a-r-    c:\program files (x86)\Carbonite\Carbonite Backup\CarboniteNSE.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\Carbonite.Partial]
@="{E300CD91-100F-4E67-9AF3-1384A6124015}"
[HKEY_CLASSES_ROOT\CLSID\{E300CD91-100F-4E67-9AF3-1384A6124015}]
2013-10-10 19:26    1021448    ----a-r-    c:\program files (x86)\Carbonite\Carbonite Backup\CarboniteNSE.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\Carbonite.Yellow]
@="{5E529433-B50E-4bef-A63B-16A6B71B071A}"
[HKEY_CLASSES_ROOT\CLSID\{5E529433-B50E-4bef-A63B-16A6B71B071A}]
2013-10-10 19:26    1021448    ----a-r-    c:\program files (x86)\Carbonite\Carbonite Backup\CarboniteNSE.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2014-06-24 22:04    131480    ----a-w-    c:\users\Isaiah\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2014-06-24 22:04    131480    ----a-w-    c:\users\Isaiah\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2014-06-24 22:04    131480    ----a-w-    c:\users\Isaiah\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll
.
c:\users\Isaiah\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dropbox.lnk - c:\users\Isaiah\AppData\Roaming\Dropbox\bin\Dropbox.exe /systemstartup [2014-7-29 36414496]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Intuit Data Protect.lnk - c:\program files (x86)\Common Files\Intuit\DataProtect\IntuitDataProtect.exe /Startup [2012-3-9 5969752]
McAfee Security Scan Plus.lnk - c:\program files\McAfee Security Scan\3.8.130\SSScheduler.exe [2013-9-6 324320]
QuickBooks Update Agent.lnk - c:\program files (x86)\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe [2012-5-14 1156968]
QuickBooks_Standard_21.lnk - c:\program files (x86)\Intuit\QuickBooks 2011\QBW32.EXE -silent [2012-5-14 1178984]
.
c:\users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dell Dock First Run.lnk - c:\program files\Dell\DellDock\DellDock.exe /firstrun [2009-12-15 1324384]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"NoActiveDesktop"= 1 (0x1)
"NoActiveDesktopChanges"= 1 (0x1)
"ForceActiveDesktopOn"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute    REG_MULTI_SZ       autocheck autochk *\0c:\progra~2\AVG\AVG10\avgchsva.exe /sync\0c:\progra~2\AVG\AVG10\avgrsa.exe /sync /restart
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R2 RHDCStarter;RPCHD;Ú\Dummy.exe;Ú\Dummy.exe [x]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe;c:\program files (x86)\Skype\Updater\Updater.exe [x]
R3 AVG Security Toolbar Service;AVG Security Toolbar Service;c:\program files (x86)\AVG\AVG10\Toolbar\ToolbarBroker.exe;c:\program files (x86)\AVG\AVG10\Toolbar\ToolbarBroker.exe [x]
R3 BBSvc;Bing Bar Update Service;c:\program files (x86)\Microsoft\BingBar\BBSvc.EXE;c:\program files (x86)\Microsoft\BingBar\BBSvc.EXE [x]
R3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files\McAfee Security Scan\3.8.130\McCHSvc.exe;c:\program files\McAfee Security Scan\3.8.130\McCHSvc.exe [x]
R3 Netaapl;Apple Mobile Device Ethernet Service;c:\windows\system32\DRIVERS\netaapl64.sys;c:\windows\SYSNATIVE\DRIVERS\netaapl64.sys [x]
R3 silabenm;Silicon Labs CP210x USB to UART Bridge Serial Port Enumerator Driver;c:\windows\system32\DRIVERS\silabenm.sys;c:\windows\SYSNATIVE\DRIVERS\silabenm.sys [x]
R3 silabser;Silicon Labs CP210x USB to UART Bridge Driver;c:\windows\system32\DRIVERS\silabser.sys;c:\windows\SYSNATIVE\DRIVERS\silabser.sys [x]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys;c:\windows\SYSNATIVE\Drivers\usbaapl64.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]
S0 AVGIDSEH;AVGIDSEH;c:\windows\system32\DRIVERS\AVGIDSEH.Sys;c:\windows\SYSNATIVE\DRIVERS\AVGIDSEH.Sys [x]
S0 Avgrkx64;AVG Anti-Rootkit Driver;c:\windows\system32\DRIVERS\avgrkx64.sys;c:\windows\SYSNATIVE\DRIVERS\avgrkx64.sys [x]
S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys;c:\windows\SYSNATIVE\Drivers\PxHlpa64.sys [x]
S0 RapportKE64;RapportKE64;c:\windows\System32\Drivers\RapportKE64.sys;c:\windows\SYSNATIVE\Drivers\RapportKE64.sys [x]
S1 Avgldx64;AVG AVI Loader Driver;c:\windows\system32\DRIVERS\avgldx64.sys;c:\windows\SYSNATIVE\DRIVERS\avgldx64.sys [x]
S1 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\DRIVERS\avgmfx64.sys;c:\windows\SYSNATIVE\DRIVERS\avgmfx64.sys [x]
S1 Avgtdia;AVG TDI Driver;c:\windows\system32\DRIVERS\avgtdia.sys;c:\windows\SYSNATIVE\DRIVERS\avgtdia.sys [x]
S1 avgtp;avgtp;c:\windows\system32\drivers\avgtpx64.sys;c:\windows\SYSNATIVE\drivers\avgtpx64.sys [x]
S1 RapportCerberus_69875;RapportCerberus_69875;c:\programdata\Trusteer\Rapport\store\exts\RapportCerberus\baseline\RapportCerberus64_69875.sys;c:\programdata\Trusteer\Rapport\store\exts\RapportCerberus\baseline\RapportCerberus64_69875.sys [x]
S1 RapportEI64;RapportEI64;c:\program files (x86)\Trusteer\Rapport\bin\x64\RapportEI64.sys;c:\program files (x86)\Trusteer\Rapport\bin\x64\RapportEI64.sys [x]
S1 RapportPG64;RapportPG64;c:\program files (x86)\Trusteer\Rapport\bin\x64\RapportPG64.sys;c:\program files (x86)\Trusteer\Rapport\bin\x64\RapportPG64.sys [x]
S2 AESTFilters;Andrea ST Filters Service;c:\windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_0057cbec48a2d7cf\AESTSr64.exe;c:\windows\SYSNATIVE\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_0057cbec48a2d7cf\AESTSr64.exe [x]
S2 APNMCP;Ask Update Service;c:\program files (x86)\AskPartnerNetwork\Toolbar\apnmcp.exe;c:\program files (x86)\AskPartnerNetwork\Toolbar\apnmcp.exe [x]
S2 AVGIDSAgent;AVGIDSAgent;c:\program files (x86)\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe;c:\program files (x86)\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe [x]
S2 avgwd;AVG WatchDog;c:\program files (x86)\AVG\AVG10\avgwdsvc.exe;c:\program files (x86)\AVG\AVG10\avgwdsvc.exe [x]
S2 cvhsvc;Client Virtualization Handler;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE [x]
S2 DockLoginService;Dock Login Service;c:\program files\Dell\DellDock\DockLogin.exe;c:\program files\Dell\DellDock\DockLogin.exe [x]
S2 EpsonCustomerParticipation;EpsonCustomerParticipation;c:\program files\EPSON\EpsonCustomerParticipation\EPCP.exe;c:\program files\EPSON\EpsonCustomerParticipation\EPCP.exe [x]
S2 QBVSS;QBIDPService;c:\program files (x86)\Common Files\Intuit\DataProtect\QBIDPService.exe;c:\program files (x86)\Common Files\Intuit\DataProtect\QBIDPService.exe [x]
S2 RapportMgmtService;Rapport Management Service;c:\program files (x86)\Trusteer\Rapport\bin\RapportMgmtService.exe;c:\program files (x86)\Trusteer\Rapport\bin\RapportMgmtService.exe [x]
S2 sftlist;Application Virtualization Client;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe [x]
S2 SftService;SoftThinks Agent Service;c:\program files (x86)\Dell DataSafe Local Backup\sftservice.EXE;c:\program files (x86)\Dell DataSafe Local Backup\sftservice.EXE [x]
S2 UNS;Intel® Management & Security Application User Notification Service;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [x]
S2 vToolbarUpdater18.1.9;vToolbarUpdater18.1.9;c:\program files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\18.1.9\ToolbarUpdater.exe;c:\program files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\18.1.9\ToolbarUpdater.exe [x]
S3 Acceler;Accelerometer Service;c:\windows\system32\DRIVERS\Acceler.sys;c:\windows\SYSNATIVE\DRIVERS\Acceler.sys [x]
S3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\DRIVERS\AVGIDSDriver.Sys;c:\windows\SYSNATIVE\DRIVERS\AVGIDSDriver.Sys [x]
S3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\DRIVERS\AVGIDSFilter.Sys;c:\windows\SYSNATIVE\DRIVERS\AVGIDSFilter.Sys [x]
S3 CtClsFlt;Creative Camera Class Upper Filter Driver;c:\windows\system32\DRIVERS\CtClsFlt.sys;c:\windows\SYSNATIVE\DRIVERS\CtClsFlt.sys [x]
S3 HECIx64;Intel® Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys;c:\windows\SYSNATIVE\DRIVERS\HECIx64.sys [x]
S3 Impcd;Impcd;c:\windows\system32\DRIVERS\Impcd.sys;c:\windows\SYSNATIVE\DRIVERS\Impcd.sys [x]
S3 IntcDAud;Intel® Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys;c:\windows\SYSNATIVE\DRIVERS\IntcDAud.sys [x]
S3 O2MDGRDR;O2MDGRDR;c:\windows\system32\DRIVERS\o2mdgx64.sys;c:\windows\SYSNATIVE\DRIVERS\o2mdgx64.sys [x]
S3 RemotePCHelpDesk;RemotePCHelpDesk;c:\windows\system32\DRIVERS\RemotePCHelpDesk.sys;c:\windows\SYSNATIVE\DRIVERS\RemotePCHelpDesk.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys;c:\windows\SYSNATIVE\DRIVERS\Rt64win7.sys [x]
S3 Sftfs;Sftfs;c:\windows\system32\DRIVERS\Sftfslh.sys;c:\windows\SYSNATIVE\DRIVERS\Sftfslh.sys [x]
S3 Sftplay;Sftplay;c:\windows\system32\DRIVERS\Sftplaylh.sys;c:\windows\SYSNATIVE\DRIVERS\Sftplaylh.sys [x]
S3 Sftredir;Sftredir;c:\windows\system32\DRIVERS\Sftredirlh.sys;c:\windows\SYSNATIVE\DRIVERS\Sftredirlh.sys [x]
S3 Sftvol;Sftvol;c:\windows\system32\DRIVERS\Sftvollh.sys;c:\windows\SYSNATIVE\DRIVERS\Sftvollh.sys [x]
S3 sftvsa;Application Virtualization Service Agent;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [x]
S3 WSDScan;WSD Scan Support via UMB;c:\windows\system32\DRIVERS\WSDScan.sys;c:\windows\SYSNATIVE\DRIVERS\WSDScan.sys [x]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - ASWMBR
*NewlyCreated* - ASWVMM
*Deregistered* - aswMBR
*Deregistered* - aswVmm
.
Contents of the 'Scheduled Tasks' folder
.
2014-08-17 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-09-19 01:12]
.
2014-08-16 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-08-15 11:27]
.
2014-08-17 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-08-15 11:27]
.
2014-08-15 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-928644344-3032971394-1657302220-1001Core.job
- c:\users\Isaiah\AppData\Local\Google\Update\GoogleUpdate.exe [2012-02-11 13:41]
.
2014-08-17 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-928644344-3032971394-1657302220-1001UA.job
- c:\users\Isaiah\AppData\Local\Google\Update\GoogleUpdate.exe [2012-02-11 13:41]
.
2014-08-16 c:\windows\Tasks\ROC_JAN2013_TB_rmv.job
- c:\program files (x86)\AVG Secure Search\PostInstall\ROC.exe [2013-01-22 12:07]
.
2012-01-13 c:\windows\Tasks\SyncBack Dell Studio 17 Backup.job
- c:\program files (x86)\2BrightSparks\SyncBack\SyncBack.exe [2010-10-01 22:45]
.
2012-01-13 c:\windows\Tasks\SyncBack Kimball Files Backup.job
- c:\program files (x86)\2BrightSparks\SyncBack\SyncBack.exe [2010-10-01 22:45]
.
2012-02-07 c:\windows\Tasks\SyncBack My Pictures Backup.job
- c:\program files (x86)\2BrightSparks\SyncBack\SyncBack.exe [2010-10-01 22:45]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\Carbonite.Green]
@="{95A27763-F62A-4114-9072-E81D87DE3B68}"
[HKEY_CLASSES_ROOT\CLSID\{95A27763-F62A-4114-9072-E81D87DE3B68}]
2013-10-10 19:12    1294344    ----a-r-    c:\program files\Carbonite\Carbonite Backup\CarboniteNSE.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\Carbonite.Partial]
@="{E300CD91-100F-4E67-9AF3-1384A6124015}"
[HKEY_CLASSES_ROOT\CLSID\{E300CD91-100F-4E67-9AF3-1384A6124015}]
2013-10-10 19:12    1294344    ----a-r-    c:\program files\Carbonite\Carbonite Backup\CarboniteNSE.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\Carbonite.Yellow]
@="{5E529433-B50E-4bef-A63B-16A6B71B071A}"
[HKEY_CLASSES_ROOT\CLSID\{5E529433-B50E-4bef-A63B-16A6B71B071A}]
2013-10-10 19:12    1294344    ----a-r-    c:\program files\Carbonite\Carbonite Backup\CarboniteNSE.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2014-06-24 22:04    164760    ----a-w-    c:\users\Isaiah\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2014-06-24 22:04    164760    ----a-w-    c:\users\Isaiah\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2014-06-24 22:04    164760    ----a-w-    c:\users\Isaiah\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2014-06-24 22:04    164760    ----a-w-    c:\users\Isaiah\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SysTrayApp"="c:\program files\IDT\WDM\sttray64.exe" [2010-01-20 487424]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2010-04-07 166424]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2010-04-07 391192]
"Persistence"="c:\windows\system32\igfxpers.exe" [2010-04-07 413720]
"QuickSet"="c:\program files\Dell\QuickSet\QuickSet.exe" [2009-11-03 3168336]
"Broadcom Wireless Manager UI"="c:\program files\Dell\DW WLAN Card\WLTRAY.exe" [2009-12-16 5470208]
"Windows Mobile Device Center"="c:\windows\WindowsMobile\wmdc.exe" [2007-05-31 660360]
"Logitech Download Assistant"="c:\windows\System32\LogiLDA.dll" [2012-09-20 1832760]
"MRT"="c:\windows\system32\MRT.exe" [2014-08-16 99218768]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x1
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.bing.com/?pc=ZUGO&form=ZGAPHP
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local;<local>
Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - c:\program files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\18.1.9\ViProtocol.dll
FF - ProfilePath - c:\users\Isaiah\AppData\Roaming\Mozilla\Firefox\Profiles\pqvjg8a6.default\
FF - prefs.js: browser.search.defaulturl - hxxp://www.bing.com/search?FORM=WLETDF&PC=WLEM&q=
FF - prefs.js: browser.search.selectedEngine - Ask Search
FF - prefs.js: browser.startup.homepage - www.yahoo.com
.
.
------- File Associations -------
.
regedit=regedit.exe "%1"
.
- - - - ORPHANS REMOVED - - - -
.
URLSearchHooks-{00000000-6E41-4FD3-8538-502F5495E5FC} - c:\program files (x86)\Ask.com\GenericAskToolbar.dll
URLSearchHooks-{A3BC75A2-1F87-4686-AA43-5347D756017C} - (no file)
Toolbar-Locked - (no file)
Toolbar-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
Toolbar-Locked - (no file)
WebBrowser-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
HKLM-Run-SynTPEnh - c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe
.
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\.NET CLR Data]
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\.NET CLR Networking]
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\.NET CLR Networking 4.0.0.0]
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\.NET Data Provider for Oracle]
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\.NET Data Provider for SqlServer]
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\.NET Memory Cache 4.0]
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\.NETFramework]
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\1394ohci]
"ImagePath"="system32\DRIVERS\1394ohci.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Acceler]
"ImagePath"="system32\DRIVERS\Acceler.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\ACPI]
"ImagePath"="system32\DRIVERS\ACPI.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\AcpiPmi]
"ImagePath"="\SystemRoot\system32\DRIVERS\acpipmi.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\AdobeFlashPlayerUpdateSvc]
"ImagePath"="c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\adp94xx]
"ImagePath"="\SystemRoot\system32\DRIVERS\adp94xx.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\adpahci]
"ImagePath"="\SystemRoot\system32\DRIVERS\adpahci.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\adpu320]
"ImagePath"="\SystemRoot\system32\DRIVERS\adpu320.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\adsi]
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\AeLookupSvc]
"ServiceDll"="%SystemRoot%\System32\aelupsvc.dll"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\AESTFilters]
"ImagePath"="c:\windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_0057cbec48a2d7cf\AESTSr64.exe"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\AFD]
"ImagePath"="\SystemRoot\system32\drivers\afd.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\agp440]
"ImagePath"="\SystemRoot\system32\DRIVERS\agp440.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\ALG]
"ImagePath"="%SystemRoot%\System32\alg.exe"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\aliide]
"ImagePath"="\SystemRoot\system32\DRIVERS\aliide.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\amdide]
"ImagePath"="\SystemRoot\system32\DRIVERS\amdide.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\AmdK8]
"ImagePath"="\SystemRoot\system32\DRIVERS\amdk8.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\AmdPPM]
"ImagePath"="\SystemRoot\system32\DRIVERS\amdppm.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\amdsata]
"ImagePath"="\SystemRoot\system32\drivers\amdsata.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\amdsbs]
"ImagePath"="\SystemRoot\system32\DRIVERS\amdsbs.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\amdxata]
"ImagePath"="system32\drivers\amdxata.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\APNMCP]
"ImagePath"="\"c:\program files (x86)\AskPartnerNetwork\Toolbar\apnmcp.exe\""
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\AppID]
"ImagePath"="\SystemRoot\system32\drivers\appid.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\AppIDSvc]
"ServiceDll"="%SystemRoot%\System32\appidsvc.dll"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Appinfo]
"ServiceDll"="%SystemRoot%\System32\appinfo.dll"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Apple Mobile Device]
"ImagePath"="\"c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe\""
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\AppMgmt]
"ServiceDll"="%SystemRoot%\System32\appmgmts.dll"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\arc]
"ImagePath"="\SystemRoot\system32\DRIVERS\arc.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\arcsas]
"ImagePath"="\SystemRoot\system32\DRIVERS\arcsas.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\ASP.NET]
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\ASP.NET_1.1.4322]
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\ASP.NET_4.0.30319]
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\aspnet_state]
"ImagePath"="%SystemRoot%\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\AsyncMac]
"ImagePath"="system32\DRIVERS\asyncmac.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\atapi]
"ImagePath"="system32\DRIVERS\atapi.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\AudioEndpointBuilder]
"ServiceDll"="%SystemRoot%\System32\Audiosrv.dll"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\AudioSrv]
"ServiceDll"="%SystemRoot%\System32\Audiosrv.dll"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Avg]
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\AVG Security Toolbar Service]
"ImagePath"="c:\program files (x86)\AVG\AVG10\Toolbar\ToolbarBroker.exe"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\AVGIDSAgent]
"ImagePath"="\"c:\program files (x86)\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe\""
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\AVGIDSDriver]
"ImagePath"="system32\DRIVERS\AVGIDSDriver.Sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\AVGIDSEH]
"ImagePath"="system32\DRIVERS\AVGIDSEH.Sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\AVGIDSFilter]
"ImagePath"="system32\DRIVERS\AVGIDSFilter.Sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Avgldx64]
"ImagePath"="system32\DRIVERS\avgldx64.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Avgmfx64]
"ImagePath"="system32\DRIVERS\avgmfx64.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Avgrkx64]
"ImagePath"="system32\DRIVERS\avgrkx64.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Avgtdia]
"ImagePath"="system32\DRIVERS\avgtdia.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\avgtp]
"ImagePath"="\??\c:\windows\system32\drivers\avgtpx64.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\avgwd]
"ImagePath"="\"c:\program files (x86)\AVG\AVG10\avgwdsvc.exe\""
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\AxInstSV]
"ServiceDll"="%SystemRoot%\System32\AxInstSV.dll"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\b06bdrv]
"ImagePath"="\SystemRoot\system32\DRIVERS\bxvbda.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\b57nd60a]
"ImagePath"="system32\DRIVERS\b57nd60a.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\BattC]
"MofImagePath"="system32\drivers\battc.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\BBSvc]
"ImagePath"="\"c:\program files (x86)\Microsoft\BingBar\BBSvc.EXE\""
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\BCM42RLY]
"ImagePath"="system32\drivers\BCM42RLY.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\BCM43XX]
"ImagePath"="system32\DRIVERS\bcmwl664.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\BCMLogon]
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\BDESVC]
"ServiceDll"="%SystemRoot%\System32\bdesvc.dll"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Beep]
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\BFE]
"ServiceDll"="%SystemRoot%\System32\bfe.dll"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\BITS]
"ServiceDll"="%systemroot%\system32\qmgr.dll"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\blbdrive]
"ImagePath"="system32\DRIVERS\blbdrive.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Bonjour Service]
"ImagePath"="\"c:\program files\Bonjour\mDNSResponder.exe\""
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\bowser]
"ImagePath"="system32\DRIVERS\bowser.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\BrFiltLo]
"ImagePath"="\SystemRoot\system32\DRIVERS\BrFiltLo.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\BrFiltUp]
"ImagePath"="\SystemRoot\system32\DRIVERS\BrFiltUp.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\BridgeMP]
"ImagePath"="system32\DRIVERS\bridge.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Browser]
"ServiceDll"="%SystemRoot%\System32\browser.dll"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Brserid]
"ImagePath"="\SystemRoot\System32\Drivers\Brserid.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\BrSerWdm]
"ImagePath"="\SystemRoot\System32\Drivers\BrSerWdm.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\BrUsbMdm]
"ImagePath"="\SystemRoot\System32\Drivers\BrUsbMdm.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\BrUsbSer]
"ImagePath"="\SystemRoot\System32\Drivers\BrUsbSer.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\BTHMODEM]
"ImagePath"="\SystemRoot\system32\DRIVERS\bthmodem.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\BTHPORT]
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\bthserv]
"ServiceDll"="%SystemRoot%\system32\bthserv.dll"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\CarboniteService]
"ImagePath"="\"c:\program files\Carbonite\Carbonite Backup\carboniteservice.exe\""
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\catchme]
"ImagePath"="\??\c:\combofix\catchme.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\cdfs]
"ImagePath"="system32\DRIVERS\cdfs.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\cdrom]
"ImagePath"="system32\DRIVERS\cdrom.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\CertPropSvc]
"ServiceDll"="%SystemRoot%\System32\certprop.dll"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\circlass]
"ImagePath"="\SystemRoot\system32\DRIVERS\circlass.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\CLFS]
"ImagePath"="System32\CLFS.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\clr_optimization_v2.0.50727_32]
"ImagePath"="%systemroot%\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\clr_optimization_v2.0.50727_64]
"ImagePath"="%systemroot%\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\clr_optimization_v4.0.30319_32]
"ImagePath"="c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\clr_optimization_v4.0.30319_64]
"ImagePath"="c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\CmBatt]
"ImagePath"="system32\DRIVERS\CmBatt.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\cmdide]
"ImagePath"="\SystemRoot\system32\DRIVERS\cmdide.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\CNG]
"ImagePath"="System32\Drivers\cng.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Compbatt]
"ImagePath"="system32\DRIVERS\compbatt.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\CompositeBus]
"ImagePath"="system32\DRIVERS\CompositeBus.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\COMSysApp]
"ImagePath"="%SystemRoot%\system32\dllhost.exe /Processid:{02D4B3F1-FD88-11D1-960D-00805FC79235}"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\crcdisk]
"ImagePath"="\SystemRoot\system32\DRIVERS\crcdisk.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\crypt32]
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\CryptSvc]
"ServiceDll"="%SystemRoot%\system32\cryptsvc.dll"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\CtClsFlt]
"ImagePath"="system32\DRIVERS\CtClsFlt.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\cvhsvc]
"ImagePath"="\"c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE\""
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\DCLocator]
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\DcomLaunch]
"ServiceDll"="%SystemRoot%\system32\rpcss.dll"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\defragsvc]
"ServiceDll"="%Systemroot%\System32\defragsvc.dll"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\DfsC]
"ImagePath"="System32\Drivers\dfsc.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Dhcp]
"ServiceDll"="%SystemRoot%\system32\dhcpcore.dll"
--
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\discache]
"ImagePath"="System32\drivers\discache.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Disk]
"ImagePath"="system32\DRIVERS\disk.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Dnscache]
"ServiceDll"="%SystemRoot%\System32\dnsrslvr.dll"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\DockLoginService]
"ImagePath"="c:\program files\Dell\DellDock\DockLogin.exe"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\dot3svc]
"ServiceDll"="%SystemRoot%\System32\dot3svc.dll"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\DPS]
"ServiceDll"="%SystemRoot%\system32\dps.dll"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\drmkaud]
"ImagePath"="system32\drivers\drmkaud.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\DXGKrnl]
"ImagePath"="\SystemRoot\System32\drivers\dxgkrnl.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\EapHost]
"ServiceDll"="%SystemRoot%\System32\eapsvc.dll"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\ebdrv]
"ImagePath"="\SystemRoot\system32\DRIVERS\evbda.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\EFS]
"ImagePath"="%SystemRoot%\System32\lsass.exe"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\ehRecvr]
"ImagePath"="%systemroot%\ehome\ehRecvr.exe"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\ehSched]
"ImagePath"="%systemroot%\ehome\ehsched.exe"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\elxstor]
"ImagePath"="\SystemRoot\system32\DRIVERS\elxstor.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\EpsonCustomerParticipation]
"ImagePath"="\"c:\program files\EPSON\EpsonCustomerParticipation\EPCP.exe\""
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\ErrDev]
"ImagePath"="\SystemRoot\system32\DRIVERS\errdev.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\ESENT]
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\eventlog]
"ServiceDll"="%SystemRoot%\System32\wevtsvc.dll"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\EventSystem]
"ServiceDll"="%systemroot%\system32\es.dll"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\exfat]
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\fastfat]
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Fax]
"ImagePath"="%systemroot%\system32\fxssvc.exe"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\fdc]
"ImagePath"="\SystemRoot\system32\DRIVERS\fdc.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\fdPHost]
"ServiceDll"="%SystemRoot%\system32\fdPHost.dll"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\FDResPub]
"ServiceDll"="%SystemRoot%\system32\fdrespub.dll"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\FileInfo]
"ImagePath"="system32\drivers\fileinfo.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Filetrace]
"ImagePath"="system32\drivers\filetrace.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\flpydisk]
"ImagePath"="\SystemRoot\system32\DRIVERS\flpydisk.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\FltMgr]
"ImagePath"="system32\drivers\fltmgr.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\FontCache]
"ServiceDll"="%SystemRoot%\system32\FntCache.dll"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\FontCache3.0.0.0]
"ImagePath"="%systemroot%\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\FsDepends]
"ImagePath"="System32\drivers\FsDepends.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Fs_Rec]
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\fvevol]
"ImagePath"="System32\DRIVERS\fvevol.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\gagp30kx]
"ImagePath"="\SystemRoot\system32\DRIVERS\gagp30kx.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\GameConsoleService]
"ImagePath"="\"c:\program files (x86)\WildTangent\Dell Games\Dell Game Console\GameConsoleService.exe\""
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\GEARAspiWDM]
"ImagePath"="system32\DRIVERS\GEARAspiWDM.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\GoToAssist]
"ImagePath"="\"c:\program files (x86)\Citrix\GoToAssist\514\g2aservice.exe\" Start=service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\gpsvc]
"ServiceDll"="%SystemRoot%\System32\gpsvc.dll"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\gupdate]
"ImagePath"="\"c:\program files (x86)\Google\Update\GoogleUpdate.exe\" /svc"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\gupdatem]
"ImagePath"="\"c:\program files (x86)\Google\Update\GoogleUpdate.exe\" /medsvc"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\hcw85cir]
"ImagePath"="\SystemRoot\system32\drivers\hcw85cir.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\HDAudBus]
"ImagePath"="system32\DRIVERS\HDAudBus.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\HECIx64]
"ImagePath"="system32\DRIVERS\HECIx64.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\HidBatt]
"ImagePath"="\SystemRoot\system32\DRIVERS\HidBatt.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\HidBth]
"ImagePath"="\SystemRoot\system32\DRIVERS\hidbth.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\HidIr]
"ImagePath"="\SystemRoot\system32\DRIVERS\hidir.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\hidserv]
"ServiceDll"="%SystemRoot%\System32\hidserv.dll"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\HidUsb]
"ImagePath"="system32\DRIVERS\hidusb.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\hkmsvc]
"ServiceDLL"="%SystemRoot%\system32\kmsvc.dll"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\HomeGroupListener]
"ServiceDll"="%SystemRoot%\system32\ListSvc.dll"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\HomeGroupProvider]
"ServiceDll"="%SystemRoot%\system32\provsvc.dll"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\HpSAMD]
"ImagePath"="\SystemRoot\system32\DRIVERS\HpSAMD.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\HTTP]
"ImagePath"="system32\drivers\HTTP.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\hwpolicy]
"ImagePath"="System32\drivers\hwpolicy.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\i8042prt]
"ImagePath"="system32\DRIVERS\i8042prt.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\ialm]
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\iastor]
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\iaStorV]
"ImagePath"="\SystemRoot\system32\drivers\iaStorV.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\idsvc]
"ImagePath"="\"%systemroot%\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe\""
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\igfx]
"ImagePath"="system32\DRIVERS\igdkmd64.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\iirsp]
"ImagePath"="\SystemRoot\system32\DRIVERS\iirsp.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\IKEEXT]
"ServiceDll"="%SystemRoot%\System32\ikeext.dll"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Impcd]
"ImagePath"="system32\DRIVERS\Impcd.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\inetaccs]
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\IntcDAud]
"ImagePath"="system32\DRIVERS\IntcDAud.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\intelide]
"ImagePath"="\SystemRoot\system32\DRIVERS\intelide.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\intelppm]
"ImagePath"="system32\DRIVERS\intelppm.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\IPBusEnum]
"ServiceDll"="%SystemRoot%\system32\ipbusenum.dll"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\IpFilterDriver]
"ImagePath"="system32\DRIVERS\ipfltdrv.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\iphlpsvc]
"ServiceDll"="%SystemRoot%\System32\iphlpsvc.dll"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\IPMIDRV]
"ImagePath"="\SystemRoot\system32\DRIVERS\IPMIDrv.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\IPNAT]
"ImagePath"="System32\drivers\ipnat.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\iPod Service]
"ImagePath"="\"c:\program files\iPod\bin\iPodService.exe\""
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\IRENUM]
"ImagePath"="system32\drivers\irenum.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\isapnp]
"ImagePath"="\SystemRoot\system32\DRIVERS\isapnp.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\iScsiPrt]
"ImagePath"="\SystemRoot\system32\DRIVERS\msiscsi.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\kbdclass]
"ImagePath"="system32\DRIVERS\kbdclass.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\kbdhid]
"ImagePath"="system32\DRIVERS\kbdhid.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\KeyIso]
"ImagePath"="%SystemRoot%\system32\lsass.exe"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\KSecDD]
"ImagePath"="System32\Drivers\ksecdd.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\KSecPkg]
"ImagePath"="System32\Drivers\ksecpkg.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\ksthunk]
"ImagePath"="\SystemRoot\system32\drivers\ksthunk.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\KtmRm]
"ServiceDll"="%systemroot%\system32\msdtckrm.dll"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\LanmanServer]
"ServiceDll"="%SystemRoot%\System32\srvsvc.dll"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\LanmanWorkstation]
"ServiceDll"="%SystemRoot%\System32\wkssvc.dll"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\ldap]
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\lltdio]
"ImagePath"="system32\DRIVERS\lltdio.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\lltdsvc]
"ServiceDll"="%SystemRoot%\System32\lltdsvc.dll"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\lmhosts]
"ServiceDll"="%SystemRoot%\System32\lmhsvc.dll"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\LMS]
"ImagePath"="c:\program files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Lsa]
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\LSI_FC]
"ImagePath"="\SystemRoot\system32\DRIVERS\lsi_fc.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\LSI_SAS]
"ImagePath"="\SystemRoot\system32\DRIVERS\lsi_sas.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\LSI_SAS2]
"ImagePath"="\SystemRoot\system32\DRIVERS\lsi_sas2.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\LSI_SCSI]
"ImagePath"="\SystemRoot\system32\DRIVERS\lsi_scsi.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\luafv]
"ImagePath"="\SystemRoot\system32\drivers\luafv.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\MAV Client PerfMon Provider]
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\McComponentHostService]
"ImagePath"="\"c:\program files\McAfee Security Scan\3.8.130\McCHSvc.exe\""
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Mcx2Svc]
"ServiceDll"="%SystemRoot%\system32\Mcx2Svc.dll"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\MDM]
"ImagePath"="\"c:\program files (x86)\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE\""
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\megasas]
"ImagePath"="\SystemRoot\system32\DRIVERS\megasas.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\MegaSR]
"ImagePath"="\SystemRoot\system32\DRIVERS\MegaSR.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\MMCSS]
"ServiceDll"="%SystemRoot%\system32\mmcss.dll"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Modem]
"ImagePath"="system32\drivers\modem.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\monitor]
"ImagePath"="system32\DRIVERS\monitor.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\mouclass]
"ImagePath"="system32\DRIVERS\mouclass.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\mouhid]
"ImagePath"="system32\DRIVERS\mouhid.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\mountmgr]
"ImagePath"="System32\drivers\mountmgr.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\MozillaMaintenance]
"ImagePath"="\"c:\program files (x86)\Mozilla Maintenance Service\maintenanceservice.exe\""
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\mpio]
"ImagePath"="\SystemRoot\system32\DRIVERS\mpio.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\mpsdrv]
"ImagePath"="System32\drivers\mpsdrv.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\MpsSvc]
"ServiceDll"="%SystemRoot%\system32\mpssvc.dll"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\MRxDAV]
"ImagePath"="\SystemRoot\system32\drivers\mrxdav.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\mrxsmb]
"ImagePath"="system32\DRIVERS\mrxsmb.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\mrxsmb10]
"ImagePath"="system32\DRIVERS\mrxsmb10.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\mrxsmb20]
"ImagePath"="system32\DRIVERS\mrxsmb20.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\msahci]
"ImagePath"="system32\DRIVERS\msahci.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\msdsm]
"ImagePath"="\SystemRoot\system32\DRIVERS\msdsm.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\MSDTC]
"ImagePath"="%SystemRoot%\System32\msdtc.exe"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\MSDTC Bridge 3.0.0.0]
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\MSDTC Bridge 4.0.0.0]
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Msfs]
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\mshidkmdf]
"ImagePath"="\SystemRoot\System32\drivers\mshidkmdf.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\msisadrv]
"ImagePath"="system32\DRIVERS\msisadrv.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\MSiSCSI]
"ServiceDll"="%systemroot%\system32\iscsiexe.dll"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\msiserver]
"ImagePath"="%systemroot%\system32\msiexec.exe /V"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\MSKSSRV]
"ImagePath"="system32\drivers\MSKSSRV.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\MSPCLOCK]
"ImagePath"="system32\drivers\MSPCLOCK.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\MSPQM]
"ImagePath"="system32\drivers\MSPQM.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\MsRPC]
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\MSSCNTRS]
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\mssmbios]
"ImagePath"="system32\DRIVERS\mssmbios.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\MSTEE]
"ImagePath"="system32\drivers\MSTEE.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\MTConfig]
"ImagePath"="\SystemRoot\system32\DRIVERS\MTConfig.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Mup]
"ImagePath"="System32\Drivers\mup.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\napagent]
"ServiceDLL"="%SystemRoot%\system32\qagentRT.dll"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\NativeWifiP]
"ImagePath"="system32\DRIVERS\nwifi.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\NDIS]
"ImagePath"="system32\drivers\ndis.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\NdisCap]
"ImagePath"="system32\DRIVERS\ndiscap.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\NdisTapi]
"ImagePath"="system32\DRIVERS\ndistapi.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Ndisuio]
"ImagePath"="system32\DRIVERS\ndisuio.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\NdisWan]
"ImagePath"="system32\DRIVERS\ndiswan.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\NDProxy]
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Netaapl]
"ImagePath"="system32\DRIVERS\netaapl64.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\NetBIOS]
"ImagePath"="system32\DRIVERS\netbios.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\NetBT]
"ImagePath"="System32\DRIVERS\netbt.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Netlogon]
"ImagePath"="%SystemRoot%\system32\lsass.exe"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Netman]
"ServiceDll"="%SystemRoot%\System32\netman.dll"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\NetMsmqActivator]
"ImagePath"="\"c:\windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe\" -NetMsmqActivator"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\NetPipeActivator]
"ImagePath"="c:\windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\netprofm]
"ServiceDll"="%SystemRoot%\System32\netprofm.dll"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\NetTcpActivator]
"ImagePath"="c:\windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\NetTcpPortSharing]
"ImagePath"="c:\windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\nfrd960]
"ImagePath"="\SystemRoot\system32\DRIVERS\nfrd960.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\NlaSvc]
"ServiceDll"="%SystemRoot%\System32\nlasvc.dll"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Npfs]
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\nsi]
"ServiceDll"="%systemroot%\system32\nsisvc.dll"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\nsiproxy]
"ImagePath"="system32\drivers\nsiproxy.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\NTDS]
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Ntfs]
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Null]
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\nvraid]
"ImagePath"="\SystemRoot\system32\drivers\nvraid.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\nvstor]
"ImagePath"="\SystemRoot\system32\drivers\nvstor.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\nv_agp]
"ImagePath"="\SystemRoot\system32\DRIVERS\nv_agp.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\O2FLASH]
"ImagePath"="%SystemRoot%\system32\DRIVERS\o2flash.exe"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\O2MDGRDR]
"ImagePath"="system32\DRIVERS\o2mdgx64.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\ohci1394]
"ImagePath"="\SystemRoot\system32\DRIVERS\ohci1394.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\ose]
"ImagePath"="\"c:\program files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE\""
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\osppsvc]
"ImagePath"="\"c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE\""
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Outlook]
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\p2pimsvc]
"ServiceDll"="%SystemRoot%\system32\pnrpsvc.dll"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\p2psvc]
"ServiceDll"="%SystemRoot%\system32\p2psvc.dll"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Parport]
"ImagePath"="\SystemRoot\system32\DRIVERS\parport.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\partmgr]
"ImagePath"="System32\drivers\partmgr.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\PcaSvc]
"ServiceDll"="%SystemRoot%\System32\pcasvc.dll"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\pci]
"ImagePath"="system32\DRIVERS\pci.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\pciide]
"ImagePath"="\SystemRoot\system32\DRIVERS\pciide.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\pcmcia]
"ImagePath"="\SystemRoot\system32\DRIVERS\pcmcia.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\pcw]
"ImagePath"="System32\drivers\pcw.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\PEAUTH]
"ImagePath"="system32\drivers\peauth.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\PerfDisk]
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\PerfHost]
"ImagePath"="%SystemRoot%\SysWow64\perfhost.exe"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\PerfNet]
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\PerfOS]
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\PerfProc]
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\pla]
"ServiceDll"="%systemroot%\system32\pla.dll"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\PlugPlay]
"ServiceDll"="%SystemRoot%\system32\umpnpmgr.dll"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Pml Driver HPZ12]
"ServiceDll"="c:\windows\system32\HPZipm12.dll"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\PNRPAutoReg]
"ServiceDll"="%SystemRoot%\system32\pnrpauto.dll"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\PNRPsvc]
"ServiceDll"="%SystemRoot%\system32\pnrpsvc.dll"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\PolicyAgent]
"ServiceDll"="%SystemRoot%\System32\ipsecsvc.dll"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\PortProxy]
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Power]
"ServiceDll"="%SystemRoot%\system32\umpo.dll"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\PptpMiniport]
"ImagePath"="system32\DRIVERS\raspptp.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Processor]
"ImagePath"="\SystemRoot\system32\DRIVERS\processr.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\ProfSvc]
"ServiceDll"="%systemroot%\system32\profsvc.dll"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\ProtectedStorage]
"ImagePath"="%SystemRoot%\system32\lsass.exe"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Psched]
"ImagePath"="system32\DRIVERS\pacer.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\PxHlpa64]
"ImagePath"="System32\Drivers\PxHlpa64.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\QBCFMonitorService]
"ImagePath"="\"c:\program files (x86)\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe\""
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\QBFCService]
"ImagePath"="\"c:\program files (x86)\Common Files\Intuit\QuickBooks\FCS\Intuit.QuickBooks.FCS.exe\""
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\QBVSS]
"ImagePath"="\"c:\program files (x86)\Common Files\Intuit\DataProtect\QBIDPService.exe\""
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\ql2300]
"ImagePath"="\SystemRoot\system32\DRIVERS\ql2300.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\ql40xx]
"ImagePath"="\SystemRoot\system32\DRIVERS\ql40xx.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\QWAVE]
"ServiceDll"="%windir%\system32\qwave.dll"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\QWAVEdrv]
"ImagePath"="\SystemRoot\system32\drivers\qwavedrv.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\RapiMgr]
"ServiceDll"="%windir%\WindowsMobile\rapimgr.dll"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\RapportCerberus_69875]
"ImagePath"="\??\c:\programdata\Trusteer\Rapport\store\exts\RapportCerberus\baseline\RapportCerberus64_69875.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\RapportEI64]
"ImagePath"="\??\c:\program files (x86)\Trusteer\Rapport\bin\x64\RapportEI64.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\RapportKE64]
"ImagePath"="System32\Drivers\RapportKE64.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\RapportMgmtService]
"ImagePath"="\"c:\program files (x86)\Trusteer\Rapport\bin\RapportMgmtService.exe\""
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\RapportPG64]
"ImagePath"="\??\c:\program files (x86)\Trusteer\Rapport\bin\x64\RapportPG64.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\RasAcd]
"ImagePath"="System32\DRIVERS\rasacd.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\RasAgileVpn]
"ImagePath"="system32\DRIVERS\AgileVpn.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\RasAuto]
"ServiceDll"="%SystemRoot%\System32\rasauto.dll"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Rasl2tp]
"ImagePath"="system32\DRIVERS\rasl2tp.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\RasMan]
"ServiceDll"="%SystemRoot%\System32\rasmans.dll"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\RasPppoe]
"ImagePath"="system32\DRIVERS\raspppoe.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\RasSstp]
"ImagePath"="system32\DRIVERS\rassstp.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\rdbss]
"ImagePath"="system32\DRIVERS\rdbss.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\rdpbus]
"ImagePath"="\SystemRoot\system32\DRIVERS\rdpbus.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\RDPCDD]
"ImagePath"="System32\DRIVERS\RDPCDD.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\RDPDD]
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\RDPENCDD]
"ImagePath"="system32\drivers\rdpencdd.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\RDPNP]
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\RDPREFMP]
"ImagePath"="system32\drivers\rdprefmp.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\RDPWD]
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\rdyboost]
"ImagePath"="System32\drivers\rdyboost.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\RemoteAccess]
"ServiceDLL"="%SystemRoot%\System32\mprdim.dll"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\RemotePCHelpDesk]
"ImagePath"="system32\DRIVERS\RemotePCHelpDesk.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\RemoteRegistry]
"ServiceDll"="%SystemRoot%\system32\regsvc.dll"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\RHDCStarter]
"ImagePath"="Ú\Dummy.exe"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\RpcEptMapper]
"ServiceDll"="%SystemRoot%\System32\RpcEpMap.dll"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\RpcLocator]
"ImagePath"="%SystemRoot%\system32\locator.exe"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\RpcSs]
"ServiceDll"="%SystemRoot%\System32\rpcss.dll"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\rspndr]
"ImagePath"="system32\DRIVERS\rspndr.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\RTL8167]
"ImagePath"="system32\DRIVERS\Rt64win7.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\SamSs]
"ImagePath"="%SystemRoot%\system32\lsass.exe"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\sbp2port]
"ImagePath"="\SystemRoot\system32\DRIVERS\sbp2port.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\SCardSvr]
"ServiceDll"="%SystemRoot%\System32\SCardSvr.dll"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\scfilter]
"ImagePath"="System32\DRIVERS\scfilter.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Schedule]
"ServiceDll"="%systemroot%\system32\schedsvc.dll"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\SCPolicySvc]
"ServiceDll"="%SystemRoot%\System32\certprop.dll"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\sdbus]
"ImagePath"="system32\DRIVERS\sdbus.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\SDRSVC]
"ServiceDll"="%Systemroot%\System32\SDRSVC.dll"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\SeaPort]
"ImagePath"="\"c:\program files (x86)\Microsoft\BingBar\SeaPort.EXE\""
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\secdrv]
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\seclogon]
"ServiceDll"="%windir%\system32\seclogon.dll"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\SENS]
"ServiceDll"="%SystemRoot%\system32\sens.dll"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\SensrSvc]
"ServiceDll"="%SystemRoot%\system32\sensrsvc.dll"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Serenum]
"ImagePath"="\SystemRoot\system32\DRIVERS\serenum.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Serial]
"ImagePath"="\SystemRoot\system32\DRIVERS\serial.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\sermouse]
"ImagePath"="\SystemRoot\system32\DRIVERS\sermouse.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\ServiceModelEndpoint 3.0.0.0]
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\ServiceModelOperation 3.0.0.0]
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\ServiceModelService 3.0.0.0]
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\SessionEnv]
"ServiceDLL"="%SystemRoot%\system32\sessenv.dll"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\sffdisk]
"ImagePath"="system32\DRIVERS\sffdisk.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\sffp_mmc]
"ImagePath"="\SystemRoot\system32\DRIVERS\sffp_mmc.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\sffp_sd]
"ImagePath"="system32\DRIVERS\sffp_sd.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\sfloppy]
"ImagePath"="\SystemRoot\system32\DRIVERS\sfloppy.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Sftfs]
"ImagePath"="system32\DRIVERS\Sftfslh.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\sftlist]
"ImagePath"="\"c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe\""
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Sftplay]
"ImagePath"="system32\DRIVERS\Sftplaylh.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Sftredir]
"ImagePath"="system32\DRIVERS\Sftredirlh.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\SftService]
"ImagePath"="\"c:\program files (x86)\Dell DataSafe Local Backup\sftservice.EXE\""
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Sftvol]
"ImagePath"="system32\DRIVERS\Sftvollh.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\sftvsa]
"ImagePath"="\"c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe\""
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\SharedAccess]
"ServiceDll"="%SystemRoot%\System32\ipnathlp.dll"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\ShellHWDetection]
"ServiceDll"="%SystemRoot%\System32\shsvcs.dll"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\silabenm]
"ImagePath"="system32\DRIVERS\silabenm.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\silabser]
"ImagePath"="system32\DRIVERS\silabser.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\SiSRaid2]
"ImagePath"="\SystemRoot\system32\DRIVERS\SiSRaid2.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\SiSRaid4]
"ImagePath"="\SystemRoot\system32\DRIVERS\sisraid4.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\SkypeUpdate]
"ImagePath"="\"c:\program files (x86)\Skype\Updater\Updater.exe\""
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Smb]
"ImagePath"="system32\DRIVERS\smb.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\SMSvcHost 3.0.0.0]
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\SMSvcHost 4.0.0.0]
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\SNMPTRAP]
"ImagePath"="%SystemRoot%\System32\snmptrap.exe"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\spldr]
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Spooler]
"ImagePath"="%SystemRoot%\System32\spoolsv.exe"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\sppsvc]
"ImagePath"="%SystemRoot%\system32\sppsvc.exe"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\sppuinotify]
"ServiceDll"="%SystemRoot%\system32\sppuinotify.dll"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\sprtsvc_DellSupportCenter]
"ImagePath"="\"c:\program files (x86)\Dell Support Center\bin\sprtsvc.exe\" /service /P DellSupportCenter"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\srv]
"ImagePath"="System32\DRIVERS\srv.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\srv2]
"ImagePath"="System32\DRIVERS\srv2.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\srvnet]
"ImagePath"="System32\DRIVERS\srvnet.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\SSDPSRV]
"ServiceDll"="%SystemRoot%\System32\ssdpsrv.dll"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\SstpSvc]
"ServiceDll"="%SystemRoot%\system32\sstpsvc.dll"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\STacSV]
"ImagePath"="c:\windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_0057cbec48a2d7cf\STacSV64.exe"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\stexstor]
"ImagePath"="\SystemRoot\system32\DRIVERS\stexstor.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\STHDA]
"ImagePath"="system32\DRIVERS\stwrt64.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\stisvc]
"ServiceDll"="%SystemRoot%\System32\wiaservc.dll"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\swenum]
"ImagePath"="system32\DRIVERS\swenum.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\swprv]
"ServiceDll"="%Systemroot%\System32\swprv.dll"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\SynTP]
"ImagePath"="system32\DRIVERS\SynTP.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\SysMain]
"ServiceDll"="%systemroot%\system32\sysmain.dll"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\TabletInputService]
"ServiceDll"="%SystemRoot%\System32\TabSvc.dll"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\TapiSrv]
"ServiceDll"="%SystemRoot%\System32\tapisrv.dll"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\TBS]
"ServiceDll"="%SystemRoot%\System32\tbssvc.dll"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Tcpip]
"ImagePath"="System32\drivers\tcpip.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\TCPIP6]
"ImagePath"="system32\DRIVERS\tcpip.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\TCPIP6TUNNEL]
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\tcpipreg]
"ImagePath"="System32\drivers\tcpipreg.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\TCPIPTUNNEL]
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\TDPIPE]
"ImagePath"="system32\drivers\tdpipe.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\TDTCP]
"ImagePath"="system32\drivers\tdtcp.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\tdx]
"ImagePath"="system32\DRIVERS\tdx.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\TermDD]
"ImagePath"="system32\DRIVERS\termdd.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\TermService]
"ServiceDll"="%SystemRoot%\System32\termsrv.dll"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Themes]
"ServiceDll"="%SystemRoot%\system32\themeservice.dll"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\THREADORDER]
"ServiceDll"="%SystemRoot%\system32\mmcss.dll"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\TrkWks]
"ServiceDll"="%SystemRoot%\System32\trkwks.dll"
--
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\TrustedInstaller]
"ImagePath"="%SystemRoot%\servicing\TrustedInstaller.exe"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\TSDDD]
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\tssecsrv]
"ImagePath"="System32\DRIVERS\tssecsrv.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\tunnel]
"ImagePath"="system32\DRIVERS\tunnel.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\uagp35]
"ImagePath"="\SystemRoot\system32\DRIVERS\uagp35.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\udfs]
"ImagePath"="system32\DRIVERS\udfs.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\UGatherer]
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\UGTHRSVC]
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\UI0Detect]
"ImagePath"="%SystemRoot%\system32\UI0Detect.exe"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\uliagpkx]
"ImagePath"="\SystemRoot\system32\DRIVERS\uliagpkx.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\umbus]
"ImagePath"="system32\DRIVERS\umbus.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\UmPass]
"ImagePath"="\SystemRoot\system32\DRIVERS\umpass.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\UNS]
"ImagePath"="\"c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe\""
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\upnphost]
"ServiceDll"="%SystemRoot%\System32\upnphost.dll"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\USBAAPL64]
"ImagePath"="System32\Drivers\usbaapl64.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\usbccgp]
"ImagePath"="system32\DRIVERS\usbccgp.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\usbcir]
"ImagePath"="\SystemRoot\system32\DRIVERS\usbcir.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\usbehci]
"ImagePath"="\SystemRoot\system32\drivers\usbehci.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\usbhub]
"ImagePath"="system32\DRIVERS\usbhub.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\usbohci]
"ImagePath"="\SystemRoot\system32\drivers\usbohci.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\usbprint]
"ImagePath"="system32\DRIVERS\usbprint.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\usbscan]
"ImagePath"="system32\DRIVERS\usbscan.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\USBSTOR]
"ImagePath"="system32\DRIVERS\USBSTOR.SYS"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\usbuhci]
"ImagePath"="\SystemRoot\system32\drivers\usbuhci.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\usbvideo]
"ImagePath"="System32\Drivers\usbvideo.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\usb_rndisx]
"ImagePath"="system32\DRIVERS\usb8023x.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\UxSms]
"ServiceDll"="%SystemRoot%\System32\uxsms.dll"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VaultSvc]
"ImagePath"="%SystemRoot%\system32\lsass.exe"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\vdrvroot]
"ImagePath"="system32\DRIVERS\vdrvroot.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\vds]
"ImagePath"="%SystemRoot%\System32\vds.exe"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\vga]
"ImagePath"="system32\DRIVERS\vgapnp.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VgaSave]
"ImagePath"="\SystemRoot\System32\drivers\vga.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\vhdmp]
"ImagePath"="\SystemRoot\system32\DRIVERS\vhdmp.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\viaide]
"ImagePath"="\SystemRoot\system32\DRIVERS\viaide.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\volmgr]
"ImagePath"="system32\DRIVERS\volmgr.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\volmgrx]
"ImagePath"="System32\drivers\volmgrx.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\volsnap]
"ImagePath"="system32\drivers\volsnap.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\vsmraid]
"ImagePath"="\SystemRoot\system32\DRIVERS\vsmraid.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS]
"ImagePath"="%systemroot%\system32\vssvc.exe"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\vToolbarUpdater18.1.9]
"ImagePath"="c:\program files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\18.1.9\ToolbarUpdater.exe"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\vwifibus]
"ImagePath"="system32\DRIVERS\vwifibus.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\vwififlt]
"ImagePath"="system32\DRIVERS\vwififlt.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\vwifimp]
"ImagePath"="system32\DRIVERS\vwifimp.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\W32Time]
"ServiceDll"="%systemroot%\system32\w32time.dll"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\W3SVC]
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\WacomPen]
"ImagePath"="\SystemRoot\system32\DRIVERS\wacompen.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\WANARP]
"ImagePath"="system32\DRIVERS\wanarp.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Wanarpv6]
"ImagePath"="system32\DRIVERS\wanarp.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\WatAdminSvc]
"ImagePath"="%SystemRoot%\system32\Wat\WatAdminSvc.exe"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\wbengine]
"ImagePath"="\"%systemroot%\system32\wbengine.exe\""
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\WbioSrvc]
"ServiceDll"="%SystemRoot%\System32\wbiosrvc.dll"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\WcesComm]
"ServiceDll"="%windir%\WindowsMobile\wcescomm.dll"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\wcncsvc]
"ServiceDll"="%SystemRoot%\System32\wcncsvc.dll"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\WcsPlugInService]
"ServiceDll"="%SystemRoot%\System32\WcsPlugInService.dll"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Wd]
"ImagePath"="\SystemRoot\system32\DRIVERS\wd.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Wdf01000]
"ImagePath"="system32\drivers\Wdf01000.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\WdiServiceHost]
"ServiceDll"="%SystemRoot%\system32\wdi.dll"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\WdiSystemHost]
"ServiceDll"="%SystemRoot%\system32\wdi.dll"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\WebClient]
"ServiceDll"="%SystemRoot%\System32\webclnt.dll"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Wecsvc]
"ServiceDll"="%SystemRoot%\system32\wecsvc.dll"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\wercplsupport]
"ServiceDll"="%SystemRoot%\System32\wercplsupport.dll"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\WerSvc]
"ServiceDll"="%SystemRoot%\System32\WerSvc.dll"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\WfpLwf]
"ImagePath"="system32\DRIVERS\wfplwf.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\WimFltr]
"ImagePath"="system32\DRIVERS\wimfltr.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\WIMMount]
"ImagePath"="system32\drivers\wimmount.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\WinDefend]
"ServiceDll"="%ProgramFiles%\Windows Defender\mpsvc.dll"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Windows Workflow Foundation 3.0.0.0]
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Windows Workflow Foundation 4.0.0.0]
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\WinHttpAutoProxySvc]
"ServiceDll"="winhttp.dll"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Winmgmt]
"ServiceDll"="%SystemRoot%\system32\wbem\WMIsvc.dll"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\WinRM]
"ServiceDll"="%SystemRoot%\system32\WsmSvc.dll"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Winsock]
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\WinSock2]
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\WINUSB]
"ImagePath"="system32\DRIVERS\WinUSB.SYS"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Wlansvc]
"ServiceDll"="%SystemRoot%\System32\wlansvc.dll"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\wlidsvc]
"ImagePath"="\"c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE\""
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\wltrysvc]
"ImagePath"="\"c:\program files\Dell\DW WLAN Card\WLTRYSVC.EXE\" \"c:\program files\Dell\DW WLAN Card\bcmwltry.exe\""
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\WmiAcpi]
"ImagePath"="system32\DRIVERS\wmiacpi.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\WmiApRpl]
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\wmiApSrv]
"ImagePath"="%systemroot%\system32\wbem\WmiApSrv.exe"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\WMPNetworkSvc]
"ImagePath"="\"%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe\""
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\WPCSvc]
"ServiceDll"="%SystemRoot%\System32\wpcsvc.dll"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\WPDBusEnum]
"ServiceDll"="%SystemRoot%\system32\wpdbusenum.dll"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\ws2ifsl]
"ImagePath"="\SystemRoot\system32\drivers\ws2ifsl.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\wscsvc]
"ServiceDll"="%SYSTEMROOT%\system32\wscsvc.dll"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\WSDPrintDevice]
"ImagePath"="system32\DRIVERS\WSDPrint.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\WSDScan]
"ImagePath"="system32\DRIVERS\WSDScan.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\WSearch]
"ImagePath"="%systemroot%\system32\SearchIndexer.exe /Embedding"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\WSearchIdxPi]
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\wuauserv]
"ServiceDll"="%systemroot%\system32\wuaueng.dll"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\WudfPf]
"ImagePath"="system32\drivers\WudfPf.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\WUDFRd]
"ImagePath"="system32\DRIVERS\WUDFRd.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\wudfsvc]
"ServiceDll"="%SystemRoot%\System32\WUDFSvc.dll"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\WwanSvc]
"ServiceDll"="%SystemRoot%\System32\wwansvc.dll"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\xmlprov]
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\{07171AC2-0D2A-427d-BCE5-B6C2D6C7058B}]
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\{10BAE1CA-19B8-4D9A-A6CB-8F9843993830}]
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\{35299A4A-5B5D-46E9-BA4E-09B2D4D761EA}]
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\{4854BF79-EF65-46ED-A2A3-C9D65F0C8622}]
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\{917D34CA-38F1-4184-A9F6-02D9F505E6A1}]
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\{C610CA4F-B83A-4F94-8136-94946BC0EC6B}]
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\{D46009A4-2B93-41C1-8F0F-92065E2A4152}]
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\{E679E928-E231-4D71-9354-6E08173ED602}]
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2014-08-16  22:46:55
ComboFix-quarantined-files.txt  2014-08-17 02:46
.
Pre-Run: 210,387,509,248 bytes free
Post-Run: 209,948,303,360 bytes free
.
- - End Of File - - 8DD1D302AA4956A2F3F61450C480C51C
5C616939100B85E558DA92B899A0FC36
 

Thanks!

Karen


  • 0

#7
Naathim
Posted 17 August 2014 - 12:43 PM

Naathim

    GeekU Minion

  • Expert
  • 4,568 posts

Hi :)

Still some work to be done here. There are multiple steps listed here, perform them in the order mentioned.


51a5bf3d99e8a-ComboFixlogo16.png Fix with ComboFix

Let's prepare a Script for ComboFix to mark some things for being deleted.

  • Press the WindowsKey.png + R on your keyboard at the same time.
  • A Run window should appear in the lower left corner. Type in notepad.exe and press Enter.
  • In the shown window paste in the following script:
    File:
c:\windows\SysWow64\sho76FE.tmp
c:\windows\SysWow64\sho38E8.tmp
c:\windows\SysWow64\sho1CD9.tmp
c:\windows\SysWow64\sho96B7.tmp

Folder::
c:\users\Isaiah\AppData\Roaming\Uhxyzu
c:\users\Isaiah\AppData\Roaming\Teyfpau
c:\users\Isaiah\AppData\Roaming\Ybryti
c:\users\Isaiah\AppData\Roaming\Wiolico
c:\users\Isaiah\AppData\Roaming\Luedzyo
c:\users\Isaiah\AppData\Roaming\Liamevx
c:\users\Isaiah\AppData\Roaming\Reynabre
c:\users\Isaiah\AppData\Roaming\Ondyys
c:\users\Isaiah\AppData\Roaming\Ytraes
  • Go to File menu and select Save as.
  • Make sure that the Save as type option is set to Text files (*.txt) and the place to save will be your desktop.
  • Name the file CFScript and select Save.

Your CFScript.txt file should appear on your desktop.

Temporary disable your AntiVirus and AntiSpyware protection - instructions here.

  • Now drag your CFScript file and drop it onto the 51a5bf3d99e8a-ComboFixlogo16.png icon.
  • This will start ComboFix. Let it run uninterrupted!
  • A reboot may be needed during this run. Allow it.
  • When finished, it shall produce a log for you at C:\ComboFix.txt and display it.

Please include that log in your next reply.

icon_idea.gif If you'll encounter any issues with internet connection after running ComboFix, please visit this link.
icon_idea.gif If an error about operation on the key marked for deletion will appear after running the tool, please reboot your machine.
icon_idea.gif Do not forget to turn on your previously switched-off protection software!



JRTbythisisu.png Fix with Junkware Removal Tool

Please download JRT by Thisisu and save the file to your desktop.
Temporary disable your AntiVirus and AntiSpyware protection - instructions here.

  • Right-click on JRTbythisisu.png icon and select RunAsAdmin.jpg Run as Administrator to start the tool.
  • Follow the prompts and let this process run uninterrupted.
  • This scan can take a while, depending on your System specs.
  • Upon completion, a log (JRT.txt) will open on your desktop.

Please include the contents of that file in your reply.
Do not forget to re-enable your previously switched off protection software!
Please also manually reboot your machine after this procedure.



adwcleaner_new.png Fix with AdwCleaner

Please download AdwCleaner by Xplode and save the file to your desktop.

  • Right-click on adwcleaner_new.png icon and select RunAsAdmin.jpg Run as Administrator to start the tool.
  • Follow the prompts and click Scan.
  • When finished, please click Clean.
  • Upon completion, click Report. A log (AdwCleaner[S*].txt) will open.

Please include the contents of that file in your reply.



FRST.gif Scan with Farbar Recovery Scan Tool

Please re-run Farbar Recovery Scan Tool.

  • Right-click on FRST.gif icon and select RunAsAdmin.jpg Run as Administrator to start the tool.
    > XP users click run after receipt of Windows Security Warning - Open File.
    > 8 users will be prompted about Windows SmartScreen protection - click More information and Run.
  • Make sure that Addition option is checked.
  • Press Scan button and wait.
  • The tool will produce two logfiles on your desktop: FRST.txt and Addition.txt.

Please include their content in your next reply.


  • 0

#8
plante
Posted 17 August 2014 - 05:39 PM

plante

    Member

  • Topic Starter
  • Member
  • PipPip
  • 63 posts

Hi Naat, right after running JRT, the computer lost the internet connection and it will not reconnect.  I manually rebooted, went to network diagnostics (running windows 7) and it says that the configured proxy server is not responding.  Not sure what to do.

 

Thanks,

Karen


  • 0

#9
Naathim
Posted 18 August 2014 - 07:03 AM

Naathim

    GeekU Minion

  • Expert
  • 4,568 posts

Hi.
 
Something ususual, I suppose. Do you have a thumbdrive (USB drive) to transfer the logfiles to another machine and post logs your from there?

Also, there are sometimes internet issues after running ComboFix. What about the link I have provided in the CF instruction?

If you'll encounter any issues with internet connection after running ComboFix, please visit this link.


  • 0

#10
plante
Posted 18 August 2014 - 09:35 AM

plante

    Member

  • Topic Starter
  • Member
  • PipPip
  • 63 posts

Hi Naat,

 

I tried the fixes in the CF link but it didn't come back.  Right now, I using the flash drive to download the programs on my computer and run them on his.  Then I will post all of the logs.  Looking back, the connection dropped after running JRT, because I was able to download that last night and get a report file.  Here are the combofix and jrt reports.  I am working on the other two.

 

Thanks!

 

ComboFix 14-08-15.01 - Isaiah 08/17/2014  16:55:44.2.4 - x64
Microsoft Windows 7 Home Premium   6.1.7600.0.1252.1.1033.18.3765.1754 [GMT -4:00]
Running from: c:\users\Isaiah\Downloads\ComboFix.exe
Command switches used :: c:\users\Isaiah\Desktop\CFScript.txt
AV: AVG Anti-Virus 2011 *Disabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}
SP: AVG Anti-Virus 2011 *Disabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((((   Files Created from 2014-07-17 to 2014-08-17  )))))))))))))))))))))))))))))))
.
.
2014-08-17 21:14 . 2014-08-17 21:14 -------- d-----w- c:\users\QBDataServiceUser\AppData\Local\temp
2014-08-17 21:14 . 2014-08-17 21:14 -------- d-----w- c:\users\Default\AppData\Local\temp
2014-08-17 21:14 . 2014-08-17 21:14 -------- d-----w- c:\users\Administrator\AppData\Local\temp
2014-08-16 22:05 . 2014-08-16 22:08 -------- d-----w- C:\FRST
2014-08-16 07:31 . 2014-08-16 07:31 0 ----a-w- c:\windows\SysWow64\sho76FE.tmp
2014-08-16 07:15 . 2014-08-16 07:15 -------- d-----w- c:\users\Isaiah\AppData\Roaming\Uhxyzu
2014-08-16 07:09 . 2014-08-07 01:52 526848 ----a-w- c:\windows\system32\aepdu.dll
2014-08-16 07:09 . 2014-08-07 01:46 424448 ----a-w- c:\windows\system32\aeinv.dll
2014-08-15 22:02 . 2014-08-15 22:02 -------- d-----w- c:\users\Isaiah\AppData\Roaming\Teyfpau
2014-08-15 21:02 . 2014-08-15 21:02 -------- d-----w- c:\program files\CCleaner
2014-08-13 13:42 . 2014-08-13 13:42 -------- d-----w- c:\users\Isaiah\AppData\Roaming\Ybryti
2014-08-12 11:37 . 2014-08-12 11:37 -------- d-----w- c:\users\Isaiah\AppData\Roaming\Wiolico
2014-08-11 11:34 . 2014-08-11 11:34 -------- d-----w- c:\users\Isaiah\AppData\Roaming\Luedzyo
2014-08-09 18:41 . 2014-08-10 16:45 -------- d-----w- c:\users\Isaiah\AppData\Roaming\Liamevx
2014-08-06 21:52 . 2014-08-06 21:52 -------- d-----w- c:\users\Isaiah\AppData\Roaming\Reynabre
2014-07-30 12:50 . 2014-07-30 12:51 -------- d-----w- c:\users\Isaiah\AppData\Roaming\Ondyys
2014-07-29 17:46 . 2014-07-29 17:46 -------- d-----w- c:\users\Isaiah\AppData\Roaming\Ytraes
2014-07-29 14:11 . 2014-07-29 14:11 -------- d-----w- c:\program files (x86)\Common Files\Java
2014-07-29 14:10 . 2014-07-11 07:02 98216 ----a-w- c:\windows\SysWow64\WindowsAccessBridge-32.dll
2014-07-19 22:32 . 2014-07-19 22:32 0 ----a-w- c:\windows\SysWow64\sho38E8.tmp
.
.
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2014-08-16 07:02 . 2010-10-28 14:41 99218768 ----a-w- c:\windows\system32\MRT.exe
2014-08-11 20:37 . 2012-11-08 17:24 50976 ----a-w- c:\windows\system32\drivers\avgtpx64.sys
2014-07-15 21:20 . 2014-07-15 21:20 0 ----a-w- c:\windows\SysWow64\sho1CD9.tmp
2014-07-10 23:23 . 2012-08-08 00:58 358616 ----a-w- c:\windows\system32\drivers\RapportKE64.sys
2014-07-10 07:29 . 2014-07-10 07:29 0 ----a-w- c:\windows\SysWow64\sho96B7.tmp
2014-07-10 01:12 . 2012-09-19 20:26 699056 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2014-07-10 01:12 . 2012-02-28 01:32 71344 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2014-07-01 13:17 . 2014-07-01 13:20 83968 ----a-w- c:\windows\system32\E_YD4BHVA.DLL
2014-07-01 13:17 . 2014-07-01 13:20 120320 ----a-w- c:\windows\system32\E_YLMHVA.DLL
1997-07-21 23:30 1045776 --sha-w- c:\windows\SysWOW64\Msjet35.dll
1997-06-23 07:00 123664 --sha-w- c:\windows\SysWOW64\Msjint35.dll
1997-06-23 16:06 24848 --sha-w- c:\windows\SysWOW64\Msjter35.dll
1997-06-23 16:06 252176 --sha-w- c:\windows\SysWOW64\Msrd2x35.dll
1997-06-23 16:06 287504 --sha-w- c:\windows\SysWOW64\Msxbse35.dll
.
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown 
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\~\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233}]
2014-08-11 20:37 3627032 ----a-w- c:\program files (x86)\AVG Secure Search\18.1.9.786\AVG Secure Search_toolbar.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\~\Browser Helper Objects\{9D425283-D487-4337-BAB6-AB8354A81457}]
2010-04-08 14:52 271024 ----a-w- c:\program files (x86)\Search Toolbar\SearchToolbar.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\~\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}]
2014-06-23 23:58 12184 ----a-w- c:\program files (x86)\AskPartnerNetwork\Toolbar\ORJ\Passport.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar]
"{9D425283-D487-4337-BAB6-AB8354A81457}"= "c:\program files (x86)\Search Toolbar\SearchToolbar.dll" [2010-04-08 271024]
"{95B7759C-8C7F-4BF1-B163-73684A933233}"= "c:\program files (x86)\AVG Secure Search\18.1.9.786\AVG Secure Search_toolbar.dll" [2014-08-11 3627032]
"{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files (x86)\AskPartnerNetwork\Toolbar\ORJ\Passport.dll" [2014-06-23 12184]
.
[HKEY_CLASSES_ROOT\clsid\{9d425283-d487-4337-bab6-ab8354a81457}]
[HKEY_CLASSES_ROOT\SearchToolbarLib.CSearchToolbarImpl.1]
[HKEY_CLASSES_ROOT\TypeLib\{E43AD97A-5248-46A7-BB03-35574058224C}]
[HKEY_CLASSES_ROOT\SearchToolbarLib.CSearchToolbarImpl]
.
[HKEY_CLASSES_ROOT\clsid\{95b7759c-8c7f-4bf1-b163-73684a933233}]
[HKEY_CLASSES_ROOT\AVG Secure Search.PugiObj.1]
[HKEY_CLASSES_ROOT\AVG Secure Search.PugiObj]
.
[HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
[HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\Carbonite.Green]
@="{95A27763-F62A-4114-9072-E81D87DE3B68}"
[HKEY_CLASSES_ROOT\CLSID\{95A27763-F62A-4114-9072-E81D87DE3B68}]
2013-10-10 19:26 1021448 ----a-r- c:\program files (x86)\Carbonite\Carbonite Backup\CarboniteNSE.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\Carbonite.Partial]
@="{E300CD91-100F-4E67-9AF3-1384A6124015}"
[HKEY_CLASSES_ROOT\CLSID\{E300CD91-100F-4E67-9AF3-1384A6124015}]
2013-10-10 19:26 1021448 ----a-r- c:\program files (x86)\Carbonite\Carbonite Backup\CarboniteNSE.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\Carbonite.Yellow]
@="{5E529433-B50E-4bef-A63B-16A6B71B071A}"
[HKEY_CLASSES_ROOT\CLSID\{5E529433-B50E-4bef-A63B-16A6B71B071A}]
2013-10-10 19:26 1021448 ----a-r- c:\program files (x86)\Carbonite\Carbonite Backup\CarboniteNSE.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2014-06-24 22:04 131480 ----a-w- c:\users\Isaiah\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2014-06-24 22:04 131480 ----a-w- c:\users\Isaiah\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2014-06-24 22:04 131480 ----a-w- c:\users\Isaiah\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll
.
c:\users\Isaiah\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dropbox.lnk - c:\users\Isaiah\AppData\Roaming\Dropbox\bin\Dropbox.exe /systemstartup [2014-7-29 36414496]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Intuit Data Protect.lnk - c:\program files (x86)\Common Files\Intuit\DataProtect\IntuitDataProtect.exe /Startup [2012-3-9 5969752]
McAfee Security Scan Plus.lnk - c:\program files\McAfee Security Scan\3.8.130\SSScheduler.exe [2013-9-6 324320]
QuickBooks Update Agent.lnk - c:\program files (x86)\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe [2012-5-14 1156968]
QuickBooks_Standard_21.lnk - c:\program files (x86)\Intuit\QuickBooks 2011\QBW32.EXE -silent [2012-5-14 1178984]
.
c:\users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dell Dock First Run.lnk - c:\program files\Dell\DellDock\DellDock.exe /firstrun [2009-12-15 1324384]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ   autocheck autochk *\0c:\progra~2\AVG\AVG10\avgchsva.exe /sync\0c:\progra~2\AVG\AVG10\avgrsa.exe /sync /restart
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R2 RHDCStarter;RPCHD;Ú\Dummy.exe;Ú\Dummy.exe [x]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe;c:\program files (x86)\Skype\Updater\Updater.exe [x]
R3 AVG Security Toolbar Service;AVG Security Toolbar Service;c:\program files (x86)\AVG\AVG10\Toolbar\ToolbarBroker.exe;c:\program files (x86)\AVG\AVG10\Toolbar\ToolbarBroker.exe [x]
R3 BBSvc;Bing Bar Update Service;c:\program files (x86)\Microsoft\BingBar\BBSvc.EXE;c:\program files (x86)\Microsoft\BingBar\BBSvc.EXE [x]
R3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files\McAfee Security Scan\3.8.130\McCHSvc.exe;c:\program files\McAfee Security Scan\3.8.130\McCHSvc.exe [x]
R3 Netaapl;Apple Mobile Device Ethernet Service;c:\windows\system32\DRIVERS\netaapl64.sys;c:\windows\SYSNATIVE\DRIVERS\netaapl64.sys [x]
R3 silabenm;Silicon Labs CP210x USB to UART Bridge Serial Port Enumerator Driver;c:\windows\system32\DRIVERS\silabenm.sys;c:\windows\SYSNATIVE\DRIVERS\silabenm.sys [x]
R3 silabser;Silicon Labs CP210x USB to UART Bridge Driver;c:\windows\system32\DRIVERS\silabser.sys;c:\windows\SYSNATIVE\DRIVERS\silabser.sys [x]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys;c:\windows\SYSNATIVE\Drivers\usbaapl64.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]
S0 AVGIDSEH;AVGIDSEH;c:\windows\system32\DRIVERS\AVGIDSEH.Sys;c:\windows\SYSNATIVE\DRIVERS\AVGIDSEH.Sys [x]
S0 Avgrkx64;AVG Anti-Rootkit Driver;c:\windows\system32\DRIVERS\avgrkx64.sys;c:\windows\SYSNATIVE\DRIVERS\avgrkx64.sys [x]
S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys;c:\windows\SYSNATIVE\Drivers\PxHlpa64.sys [x]
S0 RapportKE64;RapportKE64;c:\windows\System32\Drivers\RapportKE64.sys;c:\windows\SYSNATIVE\Drivers\RapportKE64.sys [x]
S1 Avgldx64;AVG AVI Loader Driver;c:\windows\system32\DRIVERS\avgldx64.sys;c:\windows\SYSNATIVE\DRIVERS\avgldx64.sys [x]
S1 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\DRIVERS\avgmfx64.sys;c:\windows\SYSNATIVE\DRIVERS\avgmfx64.sys [x]
S1 Avgtdia;AVG TDI Driver;c:\windows\system32\DRIVERS\avgtdia.sys;c:\windows\SYSNATIVE\DRIVERS\avgtdia.sys [x]
S1 avgtp;avgtp;c:\windows\system32\drivers\avgtpx64.sys;c:\windows\SYSNATIVE\drivers\avgtpx64.sys [x]
S1 RapportCerberus_69875;RapportCerberus_69875;c:\programdata\Trusteer\Rapport\store\exts\RapportCerberus\baseline\RapportCerberus64_69875.sys;c:\programdata\Trusteer\Rapport\store\exts\RapportCerberus\baseline\RapportCerberus64_69875.sys [x]
S1 RapportEI64;RapportEI64;c:\program files (x86)\Trusteer\Rapport\bin\x64\RapportEI64.sys;c:\program files (x86)\Trusteer\Rapport\bin\x64\RapportEI64.sys [x]
S1 RapportPG64;RapportPG64;c:\program files (x86)\Trusteer\Rapport\bin\x64\RapportPG64.sys;c:\program files (x86)\Trusteer\Rapport\bin\x64\RapportPG64.sys [x]
S2 AESTFilters;Andrea ST Filters Service;c:\windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_0057cbec48a2d7cf\AESTSr64.exe;c:\windows\SYSNATIVE\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_0057cbec48a2d7cf\AESTSr64.exe [x]
S2 APNMCP;Ask Update Service;c:\program files (x86)\AskPartnerNetwork\Toolbar\apnmcp.exe;c:\program files (x86)\AskPartnerNetwork\Toolbar\apnmcp.exe [x]
S2 AVGIDSAgent;AVGIDSAgent;c:\program files (x86)\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe;c:\program files (x86)\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe [x]
S2 avgwd;AVG WatchDog;c:\program files (x86)\AVG\AVG10\avgwdsvc.exe;c:\program files (x86)\AVG\AVG10\avgwdsvc.exe [x]
S2 cvhsvc;Client Virtualization Handler;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE [x]
S2 DockLoginService;Dock Login Service;c:\program files\Dell\DellDock\DockLogin.exe;c:\program files\Dell\DellDock\DockLogin.exe [x]
S2 EpsonCustomerParticipation;EpsonCustomerParticipation;c:\program files\EPSON\EpsonCustomerParticipation\EPCP.exe;c:\program files\EPSON\EpsonCustomerParticipation\EPCP.exe [x]
S2 QBVSS;QBIDPService;c:\program files (x86)\Common Files\Intuit\DataProtect\QBIDPService.exe;c:\program files (x86)\Common Files\Intuit\DataProtect\QBIDPService.exe [x]
S2 RapportMgmtService;Rapport Management Service;c:\program files (x86)\Trusteer\Rapport\bin\RapportMgmtService.exe;c:\program files (x86)\Trusteer\Rapport\bin\RapportMgmtService.exe [x]
S2 sftlist;Application Virtualization Client;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe [x]
S2 SftService;SoftThinks Agent Service;c:\program files (x86)\Dell DataSafe Local Backup\sftservice.EXE;c:\program files (x86)\Dell DataSafe Local Backup\sftservice.EXE [x]
S2 UNS;Intel® Management & Security Application User Notification Service;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [x]
S2 vToolbarUpdater18.1.9;vToolbarUpdater18.1.9;c:\program files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\18.1.9\ToolbarUpdater.exe;c:\program files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\18.1.9\ToolbarUpdater.exe [x]
S3 Acceler;Accelerometer Service;c:\windows\system32\DRIVERS\Acceler.sys;c:\windows\SYSNATIVE\DRIVERS\Acceler.sys [x]
S3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\DRIVERS\AVGIDSDriver.Sys;c:\windows\SYSNATIVE\DRIVERS\AVGIDSDriver.Sys [x]
S3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\DRIVERS\AVGIDSFilter.Sys;c:\windows\SYSNATIVE\DRIVERS\AVGIDSFilter.Sys [x]
S3 CtClsFlt;Creative Camera Class Upper Filter Driver;c:\windows\system32\DRIVERS\CtClsFlt.sys;c:\windows\SYSNATIVE\DRIVERS\CtClsFlt.sys [x]
S3 HECIx64;Intel® Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys;c:\windows\SYSNATIVE\DRIVERS\HECIx64.sys [x]
S3 Impcd;Impcd;c:\windows\system32\DRIVERS\Impcd.sys;c:\windows\SYSNATIVE\DRIVERS\Impcd.sys [x]
S3 IntcDAud;Intel® Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys;c:\windows\SYSNATIVE\DRIVERS\IntcDAud.sys [x]
S3 O2MDGRDR;O2MDGRDR;c:\windows\system32\DRIVERS\o2mdgx64.sys;c:\windows\SYSNATIVE\DRIVERS\o2mdgx64.sys [x]
S3 RemotePCHelpDesk;RemotePCHelpDesk;c:\windows\system32\DRIVERS\RemotePCHelpDesk.sys;c:\windows\SYSNATIVE\DRIVERS\RemotePCHelpDesk.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys;c:\windows\SYSNATIVE\DRIVERS\Rt64win7.sys [x]
S3 Sftfs;Sftfs;c:\windows\system32\DRIVERS\Sftfslh.sys;c:\windows\SYSNATIVE\DRIVERS\Sftfslh.sys [x]
S3 Sftplay;Sftplay;c:\windows\system32\DRIVERS\Sftplaylh.sys;c:\windows\SYSNATIVE\DRIVERS\Sftplaylh.sys [x]
S3 Sftredir;Sftredir;c:\windows\system32\DRIVERS\Sftredirlh.sys;c:\windows\SYSNATIVE\DRIVERS\Sftredirlh.sys [x]
S3 Sftvol;Sftvol;c:\windows\system32\DRIVERS\Sftvollh.sys;c:\windows\SYSNATIVE\DRIVERS\Sftvollh.sys [x]
S3 sftvsa;Application Virtualization Service Agent;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [x]
S3 WSDScan;WSD Scan Support via UMB;c:\windows\system32\DRIVERS\WSDScan.sys;c:\windows\SYSNATIVE\DRIVERS\WSDScan.sys [x]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - ASWMBR
*NewlyCreated* - ASWVMM
*Deregistered* - aswMBR
*Deregistered* - aswVmm
.
Contents of the 'Scheduled Tasks' folder
.
2014-08-17 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-09-19 01:12]
.
2014-08-17 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-08-15 11:27]
.
2014-08-17 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-08-15 11:27]
.
2014-08-17 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-928644344-3032971394-1657302220-1001Core.job
- c:\users\Isaiah\AppData\Local\Google\Update\GoogleUpdate.exe [2012-02-11 13:41]
.
2014-08-17 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-928644344-3032971394-1657302220-1001UA.job
- c:\users\Isaiah\AppData\Local\Google\Update\GoogleUpdate.exe [2012-02-11 13:41]
.
2014-08-16 c:\windows\Tasks\ROC_JAN2013_TB_rmv.job
- c:\program files (x86)\AVG Secure Search\PostInstall\ROC.exe [2013-01-22 12:07]
.
2012-01-13 c:\windows\Tasks\SyncBack Dell Studio 17 Backup.job
- c:\program files (x86)\2BrightSparks\SyncBack\SyncBack.exe [2010-10-01 22:45]
.
2012-01-13 c:\windows\Tasks\SyncBack Kimball Files Backup.job
- c:\program files (x86)\2BrightSparks\SyncBack\SyncBack.exe [2010-10-01 22:45]
.
2012-02-07 c:\windows\Tasks\SyncBack My Pictures Backup.job
- c:\program files (x86)\2BrightSparks\SyncBack\SyncBack.exe [2010-10-01 22:45]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\Carbonite.Green]
@="{95A27763-F62A-4114-9072-E81D87DE3B68}"
[HKEY_CLASSES_ROOT\CLSID\{95A27763-F62A-4114-9072-E81D87DE3B68}]
2013-10-10 19:12 1294344 ----a-r- c:\program files\Carbonite\Carbonite Backup\CarboniteNSE.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\Carbonite.Partial]
@="{E300CD91-100F-4E67-9AF3-1384A6124015}"
[HKEY_CLASSES_ROOT\CLSID\{E300CD91-100F-4E67-9AF3-1384A6124015}]
2013-10-10 19:12 1294344 ----a-r- c:\program files\Carbonite\Carbonite Backup\CarboniteNSE.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\Carbonite.Yellow]
@="{5E529433-B50E-4bef-A63B-16A6B71B071A}"
[HKEY_CLASSES_ROOT\CLSID\{5E529433-B50E-4bef-A63B-16A6B71B071A}]
2013-10-10 19:12 1294344 ----a-r- c:\program files\Carbonite\Carbonite Backup\CarboniteNSE.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2014-06-24 22:04 164760 ----a-w- c:\users\Isaiah\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2014-06-24 22:04 164760 ----a-w- c:\users\Isaiah\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2014-06-24 22:04 164760 ----a-w- c:\users\Isaiah\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2014-06-24 22:04 164760 ----a-w- c:\users\Isaiah\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SynTPEnh"="c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe" [BU]
"SysTrayApp"="c:\program files\IDT\WDM\sttray64.exe" [2010-01-20 487424]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2010-04-07 166424]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2010-04-07 391192]
"Persistence"="c:\windows\system32\igfxpers.exe" [2010-04-07 413720]
"Broadcom Wireless Manager UI"="c:\program files\Dell\DW WLAN Card\WLTRAY.exe" [2009-12-16 5470208]
"Windows Mobile Device Center"="c:\windows\WindowsMobile\wmdc.exe" [2007-05-31 660360]
"Logitech Download Assistant"="c:\windows\System32\LogiLDA.dll" [2012-09-20 1832760]
"MRT"="c:\windows\system32\MRT.exe" [2014-08-16 99218768]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.bing.com/?pc=ZUGO&form=ZGAPHP
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local;<local>
TCP: DhcpNameServer = 192.168.1.1
Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - c:\program files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\18.1.9\ViProtocol.dll
FF - ProfilePath - c:\users\Isaiah\AppData\Roaming\Mozilla\Firefox\Profiles\pqvjg8a6.default\
FF - prefs.js: browser.search.defaulturl - hxxp://www.bing.com/search?FORM=WLETDF&PC=WLEM&q=
FF - prefs.js: browser.search.selectedEngine - Ask Search
FF - prefs.js: browser.startup.homepage - www.yahoo.com
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-Locked - (no file)
Toolbar-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
.
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\.NET CLR Data]
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\.NET CLR Networking]
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\.NET CLR Networking 4.0.0.0]
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\.NET Data Provider for Oracle]
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\.NET Data Provider for SqlServer]
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\.NET Memory Cache 4.0]
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\.NETFramework]
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\1394ohci]
"ImagePath"="system32\DRIVERS\1394ohci.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Acceler]
"ImagePath"="system32\DRIVERS\Acceler.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\ACPI]
"ImagePath"="system32\DRIVERS\ACPI.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\AcpiPmi]
"ImagePath"="\SystemRoot\system32\DRIVERS\acpipmi.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\AdobeFlashPlayerUpdateSvc]
"ImagePath"="c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\adp94xx]
"ImagePath"="\SystemRoot\system32\DRIVERS\adp94xx.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\adpahci]
"ImagePath"="\SystemRoot\system32\DRIVERS\adpahci.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\adpu320]
"ImagePath"="\SystemRoot\system32\DRIVERS\adpu320.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\adsi]
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\AeLookupSvc]
"ServiceDll"="%SystemRoot%\System32\aelupsvc.dll"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\AESTFilters]
"ImagePath"="c:\windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_0057cbec48a2d7cf\AESTSr64.exe"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\AFD]
"ImagePath"="\SystemRoot\system32\drivers\afd.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\agp440]
"ImagePath"="\SystemRoot\system32\DRIVERS\agp440.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\ALG]
"ImagePath"="%SystemRoot%\System32\alg.exe"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\aliide]
"ImagePath"="\SystemRoot\system32\DRIVERS\aliide.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\amdide]
"ImagePath"="\SystemRoot\system32\DRIVERS\amdide.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\AmdK8]
"ImagePath"="\SystemRoot\system32\DRIVERS\amdk8.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\AmdPPM]
"ImagePath"="\SystemRoot\system32\DRIVERS\amdppm.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\amdsata]
"ImagePath"="\SystemRoot\system32\drivers\amdsata.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\amdsbs]
"ImagePath"="\SystemRoot\system32\DRIVERS\amdsbs.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\amdxata]
"ImagePath"="system32\drivers\amdxata.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\APNMCP]
"ImagePath"="\"c:\program files (x86)\AskPartnerNetwork\Toolbar\apnmcp.exe\""
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\AppID]
"ImagePath"="\SystemRoot\system32\drivers\appid.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\AppIDSvc]
"ServiceDll"="%SystemRoot%\System32\appidsvc.dll"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Appinfo]
"ServiceDll"="%SystemRoot%\System32\appinfo.dll"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Apple Mobile Device]
"ImagePath"="\"c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe\""
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\AppMgmt]
"ServiceDll"="%SystemRoot%\System32\appmgmts.dll"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\arc]
"ImagePath"="\SystemRoot\system32\DRIVERS\arc.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\arcsas]
"ImagePath"="\SystemRoot\system32\DRIVERS\arcsas.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\ASP.NET]
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\ASP.NET_1.1.4322]
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\ASP.NET_4.0.30319]
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\aspnet_state]
"ImagePath"="%SystemRoot%\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\AsyncMac]
"ImagePath"="system32\DRIVERS\asyncmac.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\atapi]
"ImagePath"="system32\DRIVERS\atapi.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\AudioEndpointBuilder]
"ServiceDll"="%SystemRoot%\System32\Audiosrv.dll"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\AudioSrv]
"ServiceDll"="%SystemRoot%\System32\Audiosrv.dll"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Avg]
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\AVG Security Toolbar Service]
"ImagePath"="c:\program files (x86)\AVG\AVG10\Toolbar\ToolbarBroker.exe"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\AVGIDSAgent]
"ImagePath"="\"c:\program files (x86)\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe\""
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\AVGIDSDriver]
"ImagePath"="system32\DRIVERS\AVGIDSDriver.Sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\AVGIDSEH]
"ImagePath"="system32\DRIVERS\AVGIDSEH.Sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\AVGIDSFilter]
"ImagePath"="system32\DRIVERS\AVGIDSFilter.Sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Avgldx64]
"ImagePath"="system32\DRIVERS\avgldx64.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Avgmfx64]
"ImagePath"="system32\DRIVERS\avgmfx64.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Avgrkx64]
"ImagePath"="system32\DRIVERS\avgrkx64.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Avgtdia]
"ImagePath"="system32\DRIVERS\avgtdia.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\avgtp]
"ImagePath"="\??\c:\windows\system32\drivers\avgtpx64.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\avgwd]
"ImagePath"="\"c:\program files (x86)\AVG\AVG10\avgwdsvc.exe\""
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\AxInstSV]
"ServiceDll"="%SystemRoot%\System32\AxInstSV.dll"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\b06bdrv]
"ImagePath"="\SystemRoot\system32\DRIVERS\bxvbda.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\b57nd60a]
"ImagePath"="system32\DRIVERS\b57nd60a.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\BattC]
"MofImagePath"="system32\drivers\battc.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\BBSvc]
"ImagePath"="\"c:\program files (x86)\Microsoft\BingBar\BBSvc.EXE\""
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\BCM42RLY]
"ImagePath"="system32\drivers\BCM42RLY.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\BCM43XX]
"ImagePath"="system32\DRIVERS\bcmwl664.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\BCMLogon]
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\BDESVC]
"ServiceDll"="%SystemRoot%\System32\bdesvc.dll"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Beep]
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\BFE]
"ServiceDll"="%SystemRoot%\System32\bfe.dll"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\BITS]
"ServiceDll"="%systemroot%\system32\qmgr.dll"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\blbdrive]
"ImagePath"="system32\DRIVERS\blbdrive.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Bonjour Service]
"ImagePath"="\"c:\program files\Bonjour\mDNSResponder.exe\""
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\bowser]
"ImagePath"="system32\DRIVERS\bowser.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\BrFiltLo]
"ImagePath"="\SystemRoot\system32\DRIVERS\BrFiltLo.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\BrFiltUp]
"ImagePath"="\SystemRoot\system32\DRIVERS\BrFiltUp.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\BridgeMP]
"ImagePath"="system32\DRIVERS\bridge.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Browser]
"ServiceDll"="%SystemRoot%\System32\browser.dll"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Brserid]
"ImagePath"="\SystemRoot\System32\Drivers\Brserid.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\BrSerWdm]
"ImagePath"="\SystemRoot\System32\Drivers\BrSerWdm.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\BrUsbMdm]
"ImagePath"="\SystemRoot\System32\Drivers\BrUsbMdm.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\BrUsbSer]
"ImagePath"="\SystemRoot\System32\Drivers\BrUsbSer.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\BTHMODEM]
"ImagePath"="\SystemRoot\system32\DRIVERS\bthmodem.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\BTHPORT]
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\bthserv]
"ServiceDll"="%SystemRoot%\system32\bthserv.dll"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\CarboniteService]
"ImagePath"="\"c:\program files\Carbonite\Carbonite Backup\carboniteservice.exe\""
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\catchme]
"ImagePath"="\??\c:\combofix\catchme.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\cdfs]
"ImagePath"="system32\DRIVERS\cdfs.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\cdrom]
"ImagePath"="system32\DRIVERS\cdrom.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\CertPropSvc]
"ServiceDll"="%SystemRoot%\System32\certprop.dll"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\circlass]
"ImagePath"="\SystemRoot\system32\DRIVERS\circlass.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\CLFS]
"ImagePath"="System32\CLFS.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\clr_optimization_v2.0.50727_32]
"ImagePath"="%systemroot%\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\clr_optimization_v2.0.50727_64]
"ImagePath"="%systemroot%\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\clr_optimization_v4.0.30319_32]
"ImagePath"="c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\clr_optimization_v4.0.30319_64]
"ImagePath"="c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\CmBatt]
"ImagePath"="system32\DRIVERS\CmBatt.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\cmdide]
"ImagePath"="\SystemRoot\system32\DRIVERS\cmdide.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\CNG]
"ImagePath"="System32\Drivers\cng.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Compbatt]
"ImagePath"="system32\DRIVERS\compbatt.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\CompositeBus]
"ImagePath"="system32\DRIVERS\CompositeBus.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\COMSysApp]
"ImagePath"="%SystemRoot%\system32\dllhost.exe /Processid:{02D4B3F1-FD88-11D1-960D-00805FC79235}"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\crcdisk]
"ImagePath"="\SystemRoot\system32\DRIVERS\crcdisk.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\crypt32]
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\CryptSvc]
"ServiceDll"="%SystemRoot%\system32\cryptsvc.dll"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\CtClsFlt]
"ImagePath"="system32\DRIVERS\CtClsFlt.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\cvhsvc]
"ImagePath"="\"c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE\""
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\DCLocator]
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\DcomLaunch]
"ServiceDll"="%SystemRoot%\system32\rpcss.dll"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\defragsvc]
"ServiceDll"="%Systemroot%\System32\defragsvc.dll"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\DfsC]
"ImagePath"="System32\Drivers\dfsc.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Dhcp]
"ServiceDll"="%SystemRoot%\system32\dhcpcore.dll"
--
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\discache]
"ImagePath"="System32\drivers\discache.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Disk]
"ImagePath"="system32\DRIVERS\disk.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Dnscache]
"ServiceDll"="%SystemRoot%\System32\dnsrslvr.dll"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\DockLoginService]
"ImagePath"="c:\program files\Dell\DellDock\DockLogin.exe"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\dot3svc]
"ServiceDll"="%SystemRoot%\System32\dot3svc.dll"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\DPS]
"ServiceDll"="%SystemRoot%\system32\dps.dll"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\drmkaud]
"ImagePath"="system32\drivers\drmkaud.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\DXGKrnl]
"ImagePath"="\SystemRoot\System32\drivers\dxgkrnl.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\EapHost]
"ServiceDll"="%SystemRoot%\System32\eapsvc.dll"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\ebdrv]
"ImagePath"="\SystemRoot\system32\DRIVERS\evbda.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\EFS]
"ImagePath"="%SystemRoot%\System32\lsass.exe"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\ehRecvr]
"ImagePath"="%systemroot%\ehome\ehRecvr.exe"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\ehSched]
"ImagePath"="%systemroot%\ehome\ehsched.exe"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\elxstor]
"ImagePath"="\SystemRoot\system32\DRIVERS\elxstor.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\EpsonCustomerParticipation]
"ImagePath"="\"c:\program files\EPSON\EpsonCustomerParticipation\EPCP.exe\""
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\ErrDev]
"ImagePath"="\SystemRoot\system32\DRIVERS\errdev.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\ESENT]
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\eventlog]
"ServiceDll"="%SystemRoot%\System32\wevtsvc.dll"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\EventSystem]
"ServiceDll"="%systemroot%\system32\es.dll"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\exfat]
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\fastfat]
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Fax]
"ImagePath"="%systemroot%\system32\fxssvc.exe"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\fdc]
"ImagePath"="\SystemRoot\system32\DRIVERS\fdc.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\fdPHost]
"ServiceDll"="%SystemRoot%\system32\fdPHost.dll"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\FDResPub]
"ServiceDll"="%SystemRoot%\system32\fdrespub.dll"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\FileInfo]
"ImagePath"="system32\drivers\fileinfo.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Filetrace]
"ImagePath"="system32\drivers\filetrace.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\flpydisk]
"ImagePath"="\SystemRoot\system32\DRIVERS\flpydisk.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\FltMgr]
"ImagePath"="system32\drivers\fltmgr.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\FontCache]
"ServiceDll"="%SystemRoot%\system32\FntCache.dll"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\FontCache3.0.0.0]
"ImagePath"="%systemroot%\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\FsDepends]
"ImagePath"="System32\drivers\FsDepends.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Fs_Rec]
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\fvevol]
"ImagePath"="System32\DRIVERS\fvevol.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\gagp30kx]
"ImagePath"="\SystemRoot\system32\DRIVERS\gagp30kx.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\GameConsoleService]
"ImagePath"="\"c:\program files (x86)\WildTangent\Dell Games\Dell Game Console\GameConsoleService.exe\""
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\GEARAspiWDM]
"ImagePath"="system32\DRIVERS\GEARAspiWDM.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\GoToAssist]
"ImagePath"="\"c:\program files (x86)\Citrix\GoToAssist\514\g2aservice.exe\" Start=service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\gpsvc]
"ServiceDll"="%SystemRoot%\System32\gpsvc.dll"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\gupdate]
"ImagePath"="\"c:\program files (x86)\Google\Update\GoogleUpdate.exe\" /svc"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\gupdatem]
"ImagePath"="\"c:\program files (x86)\Google\Update\GoogleUpdate.exe\" /medsvc"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\hcw85cir]
"ImagePath"="\SystemRoot\system32\drivers\hcw85cir.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\HDAudBus]
"ImagePath"="system32\DRIVERS\HDAudBus.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\HECIx64]
"ImagePath"="system32\DRIVERS\HECIx64.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\HidBatt]
"ImagePath"="\SystemRoot\system32\DRIVERS\HidBatt.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\HidBth]
"ImagePath"="\SystemRoot\system32\DRIVERS\hidbth.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\HidIr]
"ImagePath"="\SystemRoot\system32\DRIVERS\hidir.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\hidserv]
"ServiceDll"="%SystemRoot%\System32\hidserv.dll"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\HidUsb]
"ImagePath"="system32\DRIVERS\hidusb.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\hkmsvc]
"ServiceDLL"="%SystemRoot%\system32\kmsvc.dll"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\HomeGroupListener]
"ServiceDll"="%SystemRoot%\system32\ListSvc.dll"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\HomeGroupProvider]
"ServiceDll"="%SystemRoot%\system32\provsvc.dll"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\HpSAMD]
"ImagePath"="\SystemRoot\system32\DRIVERS\HpSAMD.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\HTTP]
"ImagePath"="system32\drivers\HTTP.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\hwpolicy]
"ImagePath"="System32\drivers\hwpolicy.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\i8042prt]
"ImagePath"="system32\DRIVERS\i8042prt.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\ialm]
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\iastor]
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\iaStorV]
"ImagePath"="\SystemRoot\system32\drivers\iaStorV.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\idsvc]
"ImagePath"="\"%systemroot%\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe\""
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\igfx]
"ImagePath"="system32\DRIVERS\igdkmd64.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\iirsp]
"ImagePath"="\SystemRoot\system32\DRIVERS\iirsp.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\IKEEXT]
"ServiceDll"="%SystemRoot%\System32\ikeext.dll"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Impcd]
"ImagePath"="system32\DRIVERS\Impcd.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\inetaccs]
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\IntcDAud]
"ImagePath"="system32\DRIVERS\IntcDAud.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\intelide]
"ImagePath"="\SystemRoot\system32\DRIVERS\intelide.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\intelppm]
"ImagePath"="system32\DRIVERS\intelppm.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\IPBusEnum]
"ServiceDll"="%SystemRoot%\system32\ipbusenum.dll"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\IpFilterDriver]
"ImagePath"="system32\DRIVERS\ipfltdrv.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\iphlpsvc]
"ServiceDll"="%SystemRoot%\System32\iphlpsvc.dll"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\IPMIDRV]
"ImagePath"="\SystemRoot\system32\DRIVERS\IPMIDrv.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\IPNAT]
"ImagePath"="System32\drivers\ipnat.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\iPod Service]
"ImagePath"="\"c:\program files\iPod\bin\iPodService.exe\""
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\IRENUM]
"ImagePath"="system32\drivers\irenum.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\isapnp]
"ImagePath"="\SystemRoot\system32\DRIVERS\isapnp.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\iScsiPrt]
"ImagePath"="\SystemRoot\system32\DRIVERS\msiscsi.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\kbdclass]
"ImagePath"="system32\DRIVERS\kbdclass.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\kbdhid]
"ImagePath"="system32\DRIVERS\kbdhid.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\KeyIso]
"ImagePath"="%SystemRoot%\system32\lsass.exe"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\KSecDD]
"ImagePath"="System32\Drivers\ksecdd.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\KSecPkg]
"ImagePath"="System32\Drivers\ksecpkg.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\ksthunk]
"ImagePath"="\SystemRoot\system32\drivers\ksthunk.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\KtmRm]
"ServiceDll"="%systemroot%\system32\msdtckrm.dll"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\LanmanServer]
"ServiceDll"="%SystemRoot%\System32\srvsvc.dll"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\LanmanWorkstation]
"ServiceDll"="%SystemRoot%\System32\wkssvc.dll"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\ldap]
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\lltdio]
"ImagePath"="system32\DRIVERS\lltdio.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\lltdsvc]
"ServiceDll"="%SystemRoot%\System32\lltdsvc.dll"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\lmhosts]
"ServiceDll"="%SystemRoot%\System32\lmhsvc.dll"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\LMS]
"ImagePath"="c:\program files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Lsa]
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\LSI_FC]
"ImagePath"="\SystemRoot\system32\DRIVERS\lsi_fc.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\LSI_SAS]
"ImagePath"="\SystemRoot\system32\DRIVERS\lsi_sas.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\LSI_SAS2]
"ImagePath"="\SystemRoot\system32\DRIVERS\lsi_sas2.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\LSI_SCSI]
"ImagePath"="\SystemRoot\system32\DRIVERS\lsi_scsi.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\luafv]
"ImagePath"="\SystemRoot\system32\drivers\luafv.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\MAV Client PerfMon Provider]
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\McComponentHostService]
"ImagePath"="\"c:\program files\McAfee Security Scan\3.8.130\McCHSvc.exe\""
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Mcx2Svc]
"ServiceDll"="%SystemRoot%\system32\Mcx2Svc.dll"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\MDM]
"ImagePath"="\"c:\program files (x86)\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE\""
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\megasas]
"ImagePath"="\SystemRoot\system32\DRIVERS\megasas.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\MegaSR]
"ImagePath"="\SystemRoot\system32\DRIVERS\MegaSR.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\MMCSS]
"ServiceDll"="%SystemRoot%\system32\mmcss.dll"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Modem]
"ImagePath"="system32\drivers\modem.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\monitor]
"ImagePath"="system32\DRIVERS\monitor.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\mouclass]
"ImagePath"="system32\DRIVERS\mouclass.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\mouhid]
"ImagePath"="system32\DRIVERS\mouhid.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\mountmgr]
"ImagePath"="System32\drivers\mountmgr.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\MozillaMaintenance]
"ImagePath"="\"c:\program files (x86)\Mozilla Maintenance Service\maintenanceservice.exe\""
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\mpio]
"ImagePath"="\SystemRoot\system32\DRIVERS\mpio.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\mpsdrv]
"ImagePath"="System32\drivers\mpsdrv.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\MpsSvc]
"ServiceDll"="%SystemRoot%\system32\mpssvc.dll"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\MRxDAV]
"ImagePath"="\SystemRoot\system32\drivers\mrxdav.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\mrxsmb]
"ImagePath"="system32\DRIVERS\mrxsmb.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\mrxsmb10]
"ImagePath"="system32\DRIVERS\mrxsmb10.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\mrxsmb20]
"ImagePath"="system32\DRIVERS\mrxsmb20.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\msahci]
"ImagePath"="system32\DRIVERS\msahci.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\msdsm]
"ImagePath"="\SystemRoot\system32\DRIVERS\msdsm.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\MSDTC]
"ImagePath"="%SystemRoot%\System32\msdtc.exe"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\MSDTC Bridge 3.0.0.0]
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\MSDTC Bridge 4.0.0.0]
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Msfs]
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\mshidkmdf]
"ImagePath"="\SystemRoot\System32\drivers\mshidkmdf.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\msisadrv]
"ImagePath"="system32\DRIVERS\msisadrv.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\MSiSCSI]
"ServiceDll"="%systemroot%\system32\iscsiexe.dll"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\msiserver]
"ImagePath"="%systemroot%\system32\msiexec.exe /V"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\MSKSSRV]
"ImagePath"="system32\drivers\MSKSSRV.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\MSPCLOCK]
"ImagePath"="system32\drivers\MSPCLOCK.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\MSPQM]
"ImagePath"="system32\drivers\MSPQM.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\MsRPC]
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\MSSCNTRS]
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\mssmbios]
"ImagePath"="system32\DRIVERS\mssmbios.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\MSTEE]
"ImagePath"="system32\drivers\MSTEE.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\MTConfig]
"ImagePath"="\SystemRoot\system32\DRIVERS\MTConfig.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Mup]
"ImagePath"="System32\Drivers\mup.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\napagent]
"ServiceDLL"="%SystemRoot%\system32\qagentRT.dll"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\NativeWifiP]
"ImagePath"="system32\DRIVERS\nwifi.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\NDIS]
"ImagePath"="system32\drivers\ndis.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\NdisCap]
"ImagePath"="system32\DRIVERS\ndiscap.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\NdisTapi]
"ImagePath"="system32\DRIVERS\ndistapi.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Ndisuio]
"ImagePath"="system32\DRIVERS\ndisuio.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\NdisWan]
"ImagePath"="system32\DRIVERS\ndiswan.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\NDProxy]
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Netaapl]
"ImagePath"="system32\DRIVERS\netaapl64.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\NetBIOS]
"ImagePath"="system32\DRIVERS\netbios.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\NetBT]
"ImagePath"="System32\DRIVERS\netbt.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Netlogon]
"ImagePath"="%SystemRoot%\system32\lsass.exe"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Netman]
"ServiceDll"="%SystemRoot%\System32\netman.dll"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\NetMsmqActivator]
"ImagePath"="\"c:\windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe\" -NetMsmqActivator"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\NetPipeActivator]
"ImagePath"="c:\windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\netprofm]
"ServiceDll"="%SystemRoot%\System32\netprofm.dll"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\NetTcpActivator]
"ImagePath"="c:\windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\NetTcpPortSharing]
"ImagePath"="c:\windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\nfrd960]
"ImagePath"="\SystemRoot\system32\DRIVERS\nfrd960.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\NlaSvc]
"ServiceDll"="%SystemRoot%\System32\nlasvc.dll"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Npfs]
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\nsi]
"ServiceDll"="%systemroot%\system32\nsisvc.dll"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\nsiproxy]
"ImagePath"="system32\drivers\nsiproxy.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\NTDS]
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Ntfs]
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Null]
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\nvraid]
"ImagePath"="\SystemRoot\system32\drivers\nvraid.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\nvstor]
"ImagePath"="\SystemRoot\system32\drivers\nvstor.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\nv_agp]
"ImagePath"="\SystemRoot\system32\DRIVERS\nv_agp.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\O2FLASH]
"ImagePath"="%SystemRoot%\system32\DRIVERS\o2flash.exe"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\O2MDGRDR]
"ImagePath"="system32\DRIVERS\o2mdgx64.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\ohci1394]
"ImagePath"="\SystemRoot\system32\DRIVERS\ohci1394.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\ose]
"ImagePath"="\"c:\program files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE\""
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\osppsvc]
"ImagePath"="\"c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE\""
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Outlook]
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\p2pimsvc]
"ServiceDll"="%SystemRoot%\system32\pnrpsvc.dll"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\p2psvc]
"ServiceDll"="%SystemRoot%\system32\p2psvc.dll"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Parport]
"ImagePath"="\SystemRoot\system32\DRIVERS\parport.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\partmgr]
"ImagePath"="System32\drivers\partmgr.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\PcaSvc]
"ServiceDll"="%SystemRoot%\System32\pcasvc.dll"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\pci]
"ImagePath"="system32\DRIVERS\pci.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\pciide]
"ImagePath"="\SystemRoot\system32\DRIVERS\pciide.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\pcmcia]
"ImagePath"="\SystemRoot\system32\DRIVERS\pcmcia.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\pcw]
"ImagePath"="System32\drivers\pcw.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\PEAUTH]
"ImagePath"="system32\drivers\peauth.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\PerfDisk]
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\PerfHost]
"ImagePath"="%SystemRoot%\SysWow64\perfhost.exe"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\PerfNet]
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\PerfOS]
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\PerfProc]
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\pla]
"ServiceDll"="%systemroot%\system32\pla.dll"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\PlugPlay]
"ServiceDll"="%SystemRoot%\system32\umpnpmgr.dll"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Pml Driver HPZ12]
"ServiceDll"="c:\windows\system32\HPZipm12.dll"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\PNRPAutoReg]
"ServiceDll"="%SystemRoot%\system32\pnrpauto.dll"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\PNRPsvc]
"ServiceDll"="%SystemRoot%\system32\pnrpsvc.dll"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\PolicyAgent]
"ServiceDll"="%SystemRoot%\System32\ipsecsvc.dll"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\PortProxy]
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Power]
"ServiceDll"="%SystemRoot%\system32\umpo.dll"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\PptpMiniport]
"ImagePath"="system32\DRIVERS\raspptp.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Processor]
"ImagePath"="\SystemRoot\system32\DRIVERS\processr.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\ProfSvc]
"ServiceDll"="%systemroot%\system32\profsvc.dll"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\ProtectedStorage]
"ImagePath"="%SystemRoot%\system32\lsass.exe"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Psched]
"ImagePath"="system32\DRIVERS\pacer.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\PxHlpa64]
"ImagePath"="System32\Drivers\PxHlpa64.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\QBCFMonitorService]
"ImagePath"="\"c:\program files (x86)\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe\""
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\QBFCService]
"ImagePath"="\"c:\program files (x86)\Common Files\Intuit\QuickBooks\FCS\Intuit.QuickBooks.FCS.exe\""
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\QBVSS]
"ImagePath"="\"c:\program files (x86)\Common Files\Intuit\DataProtect\QBIDPService.exe\""
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\ql2300]
"ImagePath"="\SystemRoot\system32\DRIVERS\ql2300.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\ql40xx]
"ImagePath"="\SystemRoot\system32\DRIVERS\ql40xx.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\QWAVE]
"ServiceDll"="%windir%\system32\qwave.dll"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\QWAVEdrv]
"ImagePath"="\SystemRoot\system32\drivers\qwavedrv.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\RapiMgr]
"ServiceDll"="%windir%\WindowsMobile\rapimgr.dll"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\RapportCerberus_69875]
"ImagePath"="\??\c:\programdata\Trusteer\Rapport\store\exts\RapportCerberus\baseline\RapportCerberus64_69875.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\RapportEI64]
"ImagePath"="\??\c:\program files (x86)\Trusteer\Rapport\bin\x64\RapportEI64.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\RapportKE64]
"ImagePath"="System32\Drivers\RapportKE64.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\RapportMgmtService]
"ImagePath"="\"c:\program files (x86)\Trusteer\Rapport\bin\RapportMgmtService.exe\""
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\RapportPG64]
"ImagePath"="\??\c:\program files (x86)\Trusteer\Rapport\bin\x64\RapportPG64.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\RasAcd]
"ImagePath"="System32\DRIVERS\rasacd.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\RasAgileVpn]
"ImagePath"="system32\DRIVERS\AgileVpn.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\RasAuto]
"ServiceDll"="%SystemRoot%\System32\rasauto.dll"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Rasl2tp]
"ImagePath"="system32\DRIVERS\rasl2tp.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\RasMan]
"ServiceDll"="%SystemRoot%\System32\rasmans.dll"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\RasPppoe]
"ImagePath"="system32\DRIVERS\raspppoe.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\RasSstp]
"ImagePath"="system32\DRIVERS\rassstp.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\rdbss]
"ImagePath"="system32\DRIVERS\rdbss.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\rdpbus]
"ImagePath"="\SystemRoot\system32\DRIVERS\rdpbus.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\RDPCDD]
"ImagePath"="System32\DRIVERS\RDPCDD.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\RDPDD]
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\RDPENCDD]
"ImagePath"="system32\drivers\rdpencdd.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\RDPNP]
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\RDPREFMP]
"ImagePath"="system32\drivers\rdprefmp.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\RDPWD]
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\rdyboost]
"ImagePath"="System32\drivers\rdyboost.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\RemoteAccess]
"ServiceDLL"="%SystemRoot%\System32\mprdim.dll"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\RemotePCHelpDesk]
"ImagePath"="system32\DRIVERS\RemotePCHelpDesk.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\RemoteRegistry]
"ServiceDll"="%SystemRoot%\system32\regsvc.dll"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\RHDCStarter]
"ImagePath"="Ú\Dummy.exe"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\RpcEptMapper]
"ServiceDll"="%SystemRoot%\System32\RpcEpMap.dll"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\RpcLocator]
"ImagePath"="%SystemRoot%\system32\locator.exe"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\RpcSs]
"ServiceDll"="%SystemRoot%\System32\rpcss.dll"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\rspndr]
"ImagePath"="system32\DRIVERS\rspndr.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\RTL8167]
"ImagePath"="system32\DRIVERS\Rt64win7.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\SamSs]
"ImagePath"="%SystemRoot%\system32\lsass.exe"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\sbp2port]
"ImagePath"="\SystemRoot\system32\DRIVERS\sbp2port.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\SCardSvr]
"ServiceDll"="%SystemRoot%\System32\SCardSvr.dll"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\scfilter]
"ImagePath"="System32\DRIVERS\scfilter.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Schedule]
"ServiceDll"="%systemroot%\system32\schedsvc.dll"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\SCPolicySvc]
"ServiceDll"="%SystemRoot%\System32\certprop.dll"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\sdbus]
"ImagePath"="system32\DRIVERS\sdbus.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\SDRSVC]
"ServiceDll"="%Systemroot%\System32\SDRSVC.dll"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\SeaPort]
"ImagePath"="\"c:\program files (x86)\Microsoft\BingBar\SeaPort.EXE\""
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\secdrv]
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\seclogon]
"ServiceDll"="%windir%\system32\seclogon.dll"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\SENS]
"ServiceDll"="%SystemRoot%\system32\sens.dll"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\SensrSvc]
"ServiceDll"="%SystemRoot%\system32\sensrsvc.dll"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Serenum]
"ImagePath"="\SystemRoot\system32\DRIVERS\serenum.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Serial]
"ImagePath"="\SystemRoot\system32\DRIVERS\serial.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\sermouse]
"ImagePath"="\SystemRoot\system32\DRIVERS\sermouse.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\ServiceModelEndpoint 3.0.0.0]
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\ServiceModelOperation 3.0.0.0]
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\ServiceModelService 3.0.0.0]
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\SessionEnv]
"ServiceDLL"="%SystemRoot%\system32\sessenv.dll"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\sffdisk]
"ImagePath"="system32\DRIVERS\sffdisk.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\sffp_mmc]
"ImagePath"="\SystemRoot\system32\DRIVERS\sffp_mmc.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\sffp_sd]
"ImagePath"="system32\DRIVERS\sffp_sd.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\sfloppy]
"ImagePath"="\SystemRoot\system32\DRIVERS\sfloppy.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Sftfs]
"ImagePath"="system32\DRIVERS\Sftfslh.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\sftlist]
"ImagePath"="\"c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe\""
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Sftplay]
"ImagePath"="system32\DRIVERS\Sftplaylh.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Sftredir]
"ImagePath"="system32\DRIVERS\Sftredirlh.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\SftService]
"ImagePath"="\"c:\program files (x86)\Dell DataSafe Local Backup\sftservice.EXE\""
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Sftvol]
"ImagePath"="system32\DRIVERS\Sftvollh.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\sftvsa]
"ImagePath"="\"c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe\""
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\SharedAccess]
"ServiceDll"="%SystemRoot%\System32\ipnathlp.dll"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\ShellHWDetection]
"ServiceDll"="%SystemRoot%\System32\shsvcs.dll"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\silabenm]
"ImagePath"="system32\DRIVERS\silabenm.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\silabser]
"ImagePath"="system32\DRIVERS\silabser.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\SiSRaid2]
"ImagePath"="\SystemRoot\system32\DRIVERS\SiSRaid2.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\SiSRaid4]
"ImagePath"="\SystemRoot\system32\DRIVERS\sisraid4.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\SkypeUpdate]
"ImagePath"="\"c:\program files (x86)\Skype\Updater\Updater.exe\""
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Smb]
"ImagePath"="system32\DRIVERS\smb.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\SMSvcHost 3.0.0.0]
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\SMSvcHost 4.0.0.0]
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\SNMPTRAP]
"ImagePath"="%SystemRoot%\System32\snmptrap.exe"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\spldr]
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Spooler]
"ImagePath"="%SystemRoot%\System32\spoolsv.exe"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\sppsvc]
"ImagePath"="%SystemRoot%\system32\sppsvc.exe"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\sppuinotify]
"ServiceDll"="%SystemRoot%\system32\sppuinotify.dll"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\sprtsvc_DellSupportCenter]
"ImagePath"="\"c:\program files (x86)\Dell Support Center\bin\sprtsvc.exe\" /service /P DellSupportCenter"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\srv]
"ImagePath"="System32\DRIVERS\srv.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\srv2]
"ImagePath"="System32\DRIVERS\srv2.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\srvnet]
"ImagePath"="System32\DRIVERS\srvnet.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\SSDPSRV]
"ServiceDll"="%SystemRoot%\System32\ssdpsrv.dll"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\SstpSvc]
"ServiceDll"="%SystemRoot%\system32\sstpsvc.dll"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\STacSV]
"ImagePath"="c:\windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_0057cbec48a2d7cf\STacSV64.exe"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\stexstor]
"ImagePath"="\SystemRoot\system32\DRIVERS\stexstor.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\STHDA]
"ImagePath"="system32\DRIVERS\stwrt64.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\stisvc]
"ServiceDll"="%SystemRoot%\System32\wiaservc.dll"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\swenum]
"ImagePath"="system32\DRIVERS\swenum.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\swprv]
"ServiceDll"="%Systemroot%\System32\swprv.dll"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\SynTP]
"ImagePath"="system32\DRIVERS\SynTP.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\SysMain]
"ServiceDll"="%systemroot%\system32\sysmain.dll"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\TabletInputService]
"ServiceDll"="%SystemRoot%\System32\TabSvc.dll"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\TapiSrv]
"ServiceDll"="%SystemRoot%\System32\tapisrv.dll"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\TBS]
"ServiceDll"="%SystemRoot%\System32\tbssvc.dll"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Tcpip]
"ImagePath"="System32\drivers\tcpip.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\TCPIP6]
"ImagePath"="system32\DRIVERS\tcpip.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\TCPIP6TUNNEL]
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\tcpipreg]
"ImagePath"="System32\drivers\tcpipreg.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\TCPIPTUNNEL]
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\TDPIPE]
"ImagePath"="system32\drivers\tdpipe.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\TDTCP]
"ImagePath"="system32\drivers\tdtcp.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\tdx]
"ImagePath"="system32\DRIVERS\tdx.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\TermDD]
"ImagePath"="system32\DRIVERS\termdd.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\TermService]
"ServiceDll"="%SystemRoot%\System32\termsrv.dll"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Themes]
"ServiceDll"="%SystemRoot%\system32\themeservice.dll"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\THREADORDER]
"ServiceDll"="%SystemRoot%\system32\mmcss.dll"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\TrkWks]
"ServiceDll"="%SystemRoot%\System32\trkwks.dll"
--
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\TrustedInstaller]
"ImagePath"="%SystemRoot%\servicing\TrustedInstaller.exe"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\TSDDD]
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\tssecsrv]
"ImagePath"="System32\DRIVERS\tssecsrv.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\tunnel]
"ImagePath"="system32\DRIVERS\tunnel.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\uagp35]
"ImagePath"="\SystemRoot\system32\DRIVERS\uagp35.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\udfs]
"ImagePath"="system32\DRIVERS\udfs.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\UGatherer]
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\UGTHRSVC]
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\UI0Detect]
"ImagePath"="%SystemRoot%\system32\UI0Detect.exe"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\uliagpkx]
"ImagePath"="\SystemRoot\system32\DRIVERS\uliagpkx.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\umbus]
"ImagePath"="system32\DRIVERS\umbus.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\UmPass]
"ImagePath"="\SystemRoot\system32\DRIVERS\umpass.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\UNS]
"ImagePath"="\"c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe\""
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\upnphost]
"ServiceDll"="%SystemRoot%\System32\upnphost.dll"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\USBAAPL64]
"ImagePath"="System32\Drivers\usbaapl64.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\usbccgp]
"ImagePath"="system32\DRIVERS\usbccgp.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\usbcir]
"ImagePath"="\SystemRoot\system32\DRIVERS\usbcir.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\usbehci]
"ImagePath"="\SystemRoot\system32\drivers\usbehci.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\usbhub]
"ImagePath"="system32\DRIVERS\usbhub.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\usbohci]
"ImagePath"="\SystemRoot\system32\drivers\usbohci.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\usbprint]
"ImagePath"="system32\DRIVERS\usbprint.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\usbscan]
"ImagePath"="system32\DRIVERS\usbscan.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\USBSTOR]
"ImagePath"="system32\DRIVERS\USBSTOR.SYS"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\usbuhci]
"ImagePath"="\SystemRoot\system32\drivers\usbuhci.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\usbvideo]
"ImagePath"="System32\Drivers\usbvideo.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\usb_rndisx]
"ImagePath"="system32\DRIVERS\usb8023x.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\UxSms]
"ServiceDll"="%SystemRoot%\System32\uxsms.dll"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VaultSvc]
"ImagePath"="%SystemRoot%\system32\lsass.exe"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\vdrvroot]
"ImagePath"="system32\DRIVERS\vdrvroot.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\vds]
"ImagePath"="%SystemRoot%\System32\vds.exe"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\vga]
"ImagePath"="system32\DRIVERS\vgapnp.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VgaSave]
"ImagePath"="\SystemRoot\System32\drivers\vga.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\vhdmp]
"ImagePath"="\SystemRoot\system32\DRIVERS\vhdmp.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\viaide]
"ImagePath"="\SystemRoot\system32\DRIVERS\viaide.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\volmgr]
"ImagePath"="system32\DRIVERS\volmgr.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\volmgrx]
"ImagePath"="System32\drivers\volmgrx.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\volsnap]
"ImagePath"="system32\drivers\volsnap.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\vsmraid]
"ImagePath"="\SystemRoot\system32\DRIVERS\vsmraid.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS]
"ImagePath"="%systemroot%\system32\vssvc.exe"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\vToolbarUpdater18.1.9]
"ImagePath"="c:\program files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\18.1.9\ToolbarUpdater.exe"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\vwifibus]
"ImagePath"="system32\DRIVERS\vwifibus.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\vwififlt]
"ImagePath"="system32\DRIVERS\vwififlt.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\vwifimp]
"ImagePath"="system32\DRIVERS\vwifimp.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\W32Time]
"ServiceDll"="%systemroot%\system32\w32time.dll"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\W3SVC]
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\WacomPen]
"ImagePath"="\SystemRoot\system32\DRIVERS\wacompen.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\WANARP]
"ImagePath"="system32\DRIVERS\wanarp.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Wanarpv6]
"ImagePath"="system32\DRIVERS\wanarp.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\WatAdminSvc]
"ImagePath"="%SystemRoot%\system32\Wat\WatAdminSvc.exe"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\wbengine]
"ImagePath"="\"%systemroot%\system32\wbengine.exe\""
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\WbioSrvc]
"ServiceDll"="%SystemRoot%\System32\wbiosrvc.dll"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\WcesComm]
"ServiceDll"="%windir%\WindowsMobile\wcescomm.dll"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\wcncsvc]
"ServiceDll"="%SystemRoot%\System32\wcncsvc.dll"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\WcsPlugInService]
"ServiceDll"="%SystemRoot%\System32\WcsPlugInService.dll"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Wd]
"ImagePath"="\SystemRoot\system32\DRIVERS\wd.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Wdf01000]
"ImagePath"="system32\drivers\Wdf01000.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\WdiServiceHost]
"ServiceDll"="%SystemRoot%\system32\wdi.dll"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\WdiSystemHost]
"ServiceDll"="%SystemRoot%\system32\wdi.dll"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\WebClient]
"ServiceDll"="%SystemRoot%\System32\webclnt.dll"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Wecsvc]
"ServiceDll"="%SystemRoot%\system32\wecsvc.dll"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\wercplsupport]
"ServiceDll"="%SystemRoot%\System32\wercplsupport.dll"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\WerSvc]
"ServiceDll"="%SystemRoot%\System32\WerSvc.dll"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\WfpLwf]
"ImagePath"="system32\DRIVERS\wfplwf.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\WimFltr]
"ImagePath"="system32\DRIVERS\wimfltr.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\WIMMount]
"ImagePath"="system32\drivers\wimmount.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\WinDefend]
"ServiceDll"="%ProgramFiles%\Windows Defender\mpsvc.dll"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Windows Workflow Foundation 3.0.0.0]
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Windows Workflow Foundation 4.0.0.0]
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\WinHttpAutoProxySvc]
"ServiceDll"="winhttp.dll"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Winmgmt]
"ServiceDll"="%SystemRoot%\system32\wbem\WMIsvc.dll"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\WinRM]
"ServiceDll"="%SystemRoot%\system32\WsmSvc.dll"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Winsock]
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\WinSock2]
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\WINUSB]
"ImagePath"="system32\DRIVERS\WinUSB.SYS"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Wlansvc]
"ServiceDll"="%SystemRoot%\System32\wlansvc.dll"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\wlidsvc]
"ImagePath"="\"c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE\""
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\wltrysvc]
"ImagePath"="\"c:\program files\Dell\DW WLAN Card\WLTRYSVC.EXE\" \"c:\program files\Dell\DW WLAN Card\bcmwltry.exe\""
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\WmiAcpi]
"ImagePath"="system32\DRIVERS\wmiacpi.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\WmiApRpl]
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\wmiApSrv]
"ImagePath"="%systemroot%\system32\wbem\WmiApSrv.exe"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\WMPNetworkSvc]
"ImagePath"="\"%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe\""
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\WPCSvc]
"ServiceDll"="%SystemRoot%\System32\wpcsvc.dll"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\WPDBusEnum]
"ServiceDll"="%SystemRoot%\system32\wpdbusenum.dll"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\ws2ifsl]
"ImagePath"="\SystemRoot\system32\drivers\ws2ifsl.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\wscsvc]
"ServiceDll"="%SYSTEMROOT%\system32\wscsvc.dll"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\WSDPrintDevice]
"ImagePath"="system32\DRIVERS\WSDPrint.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\WSDScan]
"ImagePath"="system32\DRIVERS\WSDScan.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\WSearch]
"ImagePath"="%systemroot%\system32\SearchIndexer.exe /Embedding"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\WSearchIdxPi]
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\wuauserv]
"ServiceDll"="%systemroot%\system32\wuaueng.dll"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\WudfPf]
"ImagePath"="system32\drivers\WudfPf.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\WUDFRd]
"ImagePath"="system32\DRIVERS\WUDFRd.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\wudfsvc]
"ServiceDll"="%SystemRoot%\System32\WUDFSvc.dll"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\WwanSvc]
"ServiceDll"="%SystemRoot%\System32\wwansvc.dll"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\xmlprov]
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\{07171AC2-0D2A-427d-BCE5-B6C2D6C7058B}]
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\{10BAE1CA-19B8-4D9A-A6CB-8F9843993830}]
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\{35299A4A-5B5D-46E9-BA4E-09B2D4D761EA}]
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\{4854BF79-EF65-46ED-A2A3-C9D65F0C8622}]
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\{917D34CA-38F1-4184-A9F6-02D9F505E6A1}]
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\{C610CA4F-B83A-4F94-8136-94946BC0EC6B}]
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\{D46009A4-2B93-41C1-8F0F-92065E2A4152}]
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\{E679E928-E231-4D71-9354-6E08173ED602}]
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2014-08-17  17:19:34
ComboFix-quarantined-files.txt  2014-08-17 21:19
ComboFix2.txt  2014-08-17 02:46
.
Pre-Run: 209,037,066,240 bytes free
Post-Run: 208,591,753,216 bytes free
.
- - End Of File - - EEADA2CF87D4D81F6E1E7271B9C48998
5C616939100B85E558DA92B899A0FC36
 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.1.4 (04.06.2014:1)
OS: Windows 7 Home Premium x64
Ran by Isaiah on Sun 08/17/2014 at 18:05:42.80
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 
 
 
 
~~~ Services
 
Successfully stopped: [Service] backupstack 
Successfully deleted: [Service] backupstack 
Successfully stopped: [Service] APNMCP
Successfully deleted: [Service] APNMCP
 
 
 
~~~ Registry Values
 
Successfully deleted: [Registry Value] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\apntbmon
Successfully deleted: [Registry Value] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\browsersafeguard
Successfully deleted: [Registry Value] HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\free download manager
Successfully repaired: [Registry Value] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Windows\\AppInit_DLLs
Successfully repaired: [Registry Value] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\AboutURLs\\Tabs
Successfully deleted: [Registry Value] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{D4027C7F-154A-4066-A1AD-4243D8127440}
 
 
 
~~~ Registry Keys
 
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\AppID\{1FDFF5A2-7BB1-48E1-8081-7236812B12B2}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\AppID\{BB711CB0-C70B-482E-9852-EC05EBD71DBB}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\AppID\genericasktoolbar.dll
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\AppID\scripthelper.exe
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\AppID\viprotocol.dll
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{933B95E2-E7B7-4AD9-B952-7AC336682AE3}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{94496571-6AC5-4836-82D5-D46260C44B17}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{95B7759C-8C7F-4BF1-B163-73684A933233}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{B658800C-F66E-4EF3-AB85-6C0C227862A9}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{BC9FD17D-30F6-4464-9E53-596A90AFF023}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{CC5AD34C-6F10-4CB3-B74A-C2DD4D5060A3}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{DE9028D0-5FFA-4E69-94E3-89EE8741F468}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{F25AF245-4A81-40DC-92F9-E9021F207706}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\Interface\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\Interface\{6C434537-053E-486D-B62A-160059D9D456}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\Interface\{91CF619A-4686-4CA4-9232-3B2E6B63AA92}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\Interface\{AC71B60E-94C9-4EDE-BA46-E146747BB67E}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\Interface\{C401D2CE-DC27-45C7-BC0C-8E6EA7F085D6}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\TypeLib\{13ABD093-D46F-40DF-A608-47E162EC799D}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\TypeLib\{74FB6AFD-DD77-4CEB-83BD-AB2B63E63C93}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\TypeLib\{9C049BA6-EA47-4AC3-AED6-A66D8DC9E1D8}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\TypeLib\{C2AC8A0E-E48E-484B-A71C-C7A937FAAB94}
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{95B7759C-8C7F-4BF1-B163-73684A933233}
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{95B7759C-8C7F-4BF1-B163-73684A933233}
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F25AF245-4A81-40DC-92F9-E9021F207706}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\searchprotect
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\protocols\handler\viprotocol
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\scripthelper.scripthelperapi
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\scripthelper.scripthelperapi.1
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\viprotocol.viprotocolole
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\viprotocol.viprotocolole.1
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\apnstub_rasapi32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\apnstub_rasmancs
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\App Paths\mypc backup
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{C6FDD0C3-266A-4DC3-B459-28C697C44CDC}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{F25AF245-4A81-40DC-92F9-E9021F207706}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\searchprotect
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\TaskScheduler_RASAPI32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\TaskScheduler_RASMANCS
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Tracing\APNSetup_RASAPI32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Tracing\APNSetup_RASMANCS
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Tracing\TaskScheduler_RASAPI32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Tracing\TaskScheduler_RASMANCS
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{57BE1FB1-D6F2-4BE6-BE8D-386E34C114CE}
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{D5042721-6DFD-85DD-AD1C-6B852F3F6275}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9D425283-D487-4337-BAB6-AB8354A81457}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{00000000-6E41-4FD3-8538-502F5495E5FC}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}
Successfully deleted: [Registry Key] "hkey_current_user\software\askpartnernetwork"
Successfully deleted: [Registry Key] "hkey_local_machine\software\askpartnernetwork"
Successfully deleted: [Registry Key] "hkey_local_machine\software\classes\appid\{9b0cb95c-933a-4b8c-b6d4-edcd19a43874}"
Successfully deleted: [Registry Key] "hkey_local_machine\software\classes\clsid\{44cbc005-6243-4502-8a02-3a096a282664}"
Successfully deleted: [Registry Key] "hkey_local_machine\software\classes\clsid\{80703783-e415-4ee3-ab60-d36981c5a6f1}"
Successfully deleted: [Registry Key] "hkey_local_machine\software\classes\clsid\{d8278076-bc68-4484-9233-6e7f1628b56c}"
Successfully deleted: [Registry Key] "hkey_local_machine\software\classes\clsid\{f297534d-7b06-459d-bc19-2dd8ef69297b}"
Successfully deleted: [Registry Key] "hkey_local_machine\software\classes\typelib\{9945959c-aad8-4312-8b57-2de11927e770}"
Successfully deleted: [Registry Key] "hkey_local_machine\software\microsoft\internet explorer\low rights\elevationpolicy\{6978f29a-3493-40b2-8cdc-9c13a02f85a4}"
Successfully deleted: [Registry Key] "hkey_local_machine\software\microsoft\internet explorer\low rights\elevationpolicy\{d7949a66-d936-4028-9552-14f7dc50f38d}"
 
 
 
~~~ Files
 
Successfully deleted: [File] C:\Windows\syswow64\sho198B.tmp
Successfully deleted: [File] C:\Windows\syswow64\sho1AD6.tmp
Successfully deleted: [File] C:\Windows\syswow64\sho1CD9.tmp
Successfully deleted: [File] C:\Windows\syswow64\sho2367.tmp
Successfully deleted: [File] C:\Windows\syswow64\sho2BE.tmp
Successfully deleted: [File] C:\Windows\syswow64\sho321F.tmp
Successfully deleted: [File] C:\Windows\syswow64\sho34A4.tmp
Successfully deleted: [File] C:\Windows\syswow64\sho38E8.tmp
Successfully deleted: [File] C:\Windows\syswow64\sho3972.tmp
Successfully deleted: [File] C:\Windows\syswow64\sho408.tmp
Successfully deleted: [File] C:\Windows\syswow64\sho439.tmp
Successfully deleted: [File] C:\Windows\syswow64\sho4ACE.tmp
Successfully deleted: [File] C:\Windows\syswow64\sho4BD7.tmp
Successfully deleted: [File] C:\Windows\syswow64\sho5023.tmp
Successfully deleted: [File] C:\Windows\syswow64\sho5761.tmp
Successfully deleted: [File] C:\Windows\syswow64\sho5DC5.tmp
Successfully deleted: [File] C:\Windows\syswow64\sho5EC5.tmp
Successfully deleted: [File] C:\Windows\syswow64\sho62EA.tmp
Successfully deleted: [File] C:\Windows\syswow64\sho6523.tmp
Successfully deleted: [File] C:\Windows\syswow64\sho6810.tmp
Successfully deleted: [File] C:\Windows\syswow64\sho76FE.tmp
Successfully deleted: [File] C:\Windows\syswow64\sho7B87.tmp
Successfully deleted: [File] C:\Windows\syswow64\sho919B.tmp
Successfully deleted: [File] C:\Windows\syswow64\sho96B7.tmp
Successfully deleted: [File] C:\Windows\syswow64\sho9888.tmp
Successfully deleted: [File] C:\Windows\syswow64\sho9B4D.tmp
Successfully deleted: [File] C:\Windows\syswow64\shoA1E9.tmp
Successfully deleted: [File] C:\Windows\syswow64\shoA2A2.tmp
Successfully deleted: [File] C:\Windows\syswow64\shoB173.tmp
Successfully deleted: [File] C:\Windows\syswow64\shoB277.tmp
Successfully deleted: [File] C:\Windows\syswow64\shoBA57.tmp
Successfully deleted: [File] C:\Windows\syswow64\shoBC40.tmp
Successfully deleted: [File] C:\Windows\syswow64\shoCDE9.tmp
Successfully deleted: [File] C:\Windows\syswow64\shoCE46.tmp
Successfully deleted: [File] C:\Windows\syswow64\shoD477.tmp
Successfully deleted: [File] C:\Windows\syswow64\shoE134.tmp
Successfully deleted: [File] C:\Windows\syswow64\shoE2CA.tmp
Successfully deleted: [File] C:\Windows\syswow64\shoE706.tmp
Successfully deleted: [File] C:\Windows\syswow64\shoE94A.tmp
Successfully deleted: [File] C:\Windows\syswow64\shoF1D3.tmp
Successfully deleted: [File] C:\Windows\syswow64\shoF1E.tmp
 
 
 
~~~ Folders
 
Successfully deleted: [Folder] "C:\ProgramData\apn"
Successfully deleted: [Folder] "C:\ProgramData\freerip"
Successfully deleted: [Folder] "C:\Program Files (x86)\browsersafeguard"
Successfully deleted: [Folder] "C:\Program Files (x86)\freerip3"
Successfully deleted: [Folder] "C:\Program Files (x86)\mypc backup"
Successfully deleted: [Folder] "C:\Program Files (x86)\search toolbar"
Successfully deleted: [Folder] "C:\Program Files (x86)\searchprotect"
Successfully deleted: [Folder] "C:\Users\Isaiah\AppData\Roaming\microsoft\windows\start menu\programs\mypc backup"
Successfully deleted: [Folder] "C:\ProgramData\ask"
Successfully deleted: [Folder] "C:\ProgramData\AskPartnerNetwork"
Failed to delete: [Folder] "C:\Program Files (x86)\askpartnernetwork"
 
 
 
~~~ FireFox
 
Successfully deleted: [File] C:\Users\Isaiah\AppData\Roaming\mozilla\firefox\profiles\pqvjg8a6.default\searchplugins\askcom.xml
Successfully deleted the following from C:\Users\Isaiah\AppData\Roaming\mozilla\firefox\profiles\pqvjg8a6.default\prefs.js
 
user_pref("[email protected]", true);
Emptied folder: C:\Users\Isaiah\AppData\Roaming\mozilla\firefox\profiles\pqvjg8a6.default\minidumps [329 files]
 
 
 
~~~ Event Viewer Logs were cleared
 
 
 
 
 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Sun 08/17/2014 at 18:26:17.81
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 

  • 0

Advertisements

#11
plante
Posted 18 August 2014 - 10:23 AM

plante

    Member

  • Topic Starter
  • Member
  • PipPip
  • 63 posts

Hi Naat, Here are the other logs.

 

ADWcleaner.txt:

 

# AdwCleaner v3.307 - Report created 18/08/2014 at 11:58:14
# Updated 17/08/2014 by Xplode
# Operating System : Windows 7 Home Premium  (64 bits)
# Username : Isaiah - DELLSTUDIO17
# Running from : C:\Users\Isaiah\Desktop\AdwCleaner.exe
# Option : Clean
 
***** [ Services ] *****
 
 
***** [ Files / Folders ] *****
 
Folder Deleted : C:\ProgramData\AVG Secure Search
Folder Deleted : C:\ProgramData\AVG Security Toolbar
Folder Deleted : C:\Program Files (x86)\AskPartnerNetwork
Folder Deleted : C:\Program Files (x86)\AVG Secure Search
Folder Deleted : C:\Program Files (x86)\Common Files\AVG Secure Search
Folder Deleted : C:\Program Files\005
Folder Deleted : C:\Users\Isaiah\AppData\Local\AskPartnerNetwork
Folder Deleted : C:\Users\Isaiah\AppData\Local\AVG Secure Search
Folder Deleted : C:\Users\Isaiah\AppData\Local\AVG Security Toolbar
Folder Deleted : C:\Users\Isaiah\AppData\Local\SearchProtect
Folder Deleted : C:\Users\Isaiah\AppData\LocalLow\AVG Secure Search
Folder Deleted : C:\Users\Isaiah\AppData\LocalLow\AVG Security Toolbar
Folder Deleted : C:\Users\Isaiah\AppData\Local\Google\Chrome\User Data\Default\Extensions\jmfkcklnlgedgbglfkkgedjfmejoahla
File Deleted : C:\Users\Isaiah\AppData\Roaming\Mozilla\Firefox\Profiles\pqvjg8a6.default\Extensions\[email protected]
File Deleted : C:\Users\Isaiah\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\MyPC Backup.lnk
File Deleted : C:\Users\Isaiah\Desktop\MyPC Backup.lnk
File Deleted : C:\Users\Isaiah\AppData\Roaming\Mozilla\Firefox\Profiles\pqvjg8a6.default\searchplugins\ask-search.xml
File Deleted : C:\Program Files (x86)\Mozilla Firefox\browser\searchplugins\avg-secure-search.xml
 
***** [ Scheduled Tasks ] *****
 
 
***** [ Shortcuts ] *****
 
 
***** [ Registry ] *****
 
Value Deleted : HKLM\SOFTWARE\Mozilla\Firefox\Extensions [Avg@toolbar]
Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\jmfkcklnlgedgbglfkkgedjfmejoahla
Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\ndibdjnfmopecpmkdieinmbadjfpblof
Key Deleted : HKLM\SOFTWARE\Classes\AVG Secure Search.BrowserWndAPI
Key Deleted : HKLM\SOFTWARE\Classes\AVG Secure Search.BrowserWndAPI.1
Key Deleted : HKLM\SOFTWARE\Classes\AVG Secure Search.PugiObj
Key Deleted : HKLM\SOFTWARE\Classes\AVG Secure Search.PugiObj.1
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\BingBar_RASMANCS
Value Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [BrowserSafeguard Update Task]
Value Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [vProt]
Key Deleted : HKLM\SOFTWARE\MozillaPlugins\@avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{408CFAD9-8F13-4747-8EC7-770A339C7237}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{9D425283-D487-4337-BAB6-AB8354A81457}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{80703783-E415-4EE3-AB60-D36981C5A6F1}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{07CAC314-E962-4F78-89AB-DD002F2490EE}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{CCC7A320-B3CA-4199-B1A6-9F516DD69829}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{014DB5FA-EAFB-4592-A95B-F44D3EE87FA9}
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{95B7759C-8C7F-4BF1-B163-73684A933233}]
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{9D425283-D487-4337-BAB6-AB8354A81457}]
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{CCC7A320-B3CA-4199-B1A6-9F516DD69829}]
Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{6C434537-053E-486D-B62A-160059D9D456}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{91CF619A-4686-4CA4-9232-3B2E6B63AA92}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{AC71B60E-94C9-4EDE-BA46-E146747BB67E}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{C401D2CE-DC27-45C7-BC0C-8E6EA7F085D6}
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{6978F29A-3493-40B2-8CDC-9C13A02F85A4}
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{D7949A66-D936-4028-9552-14F7DC50F38D}
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Deleted : HKCU\Software\AVG Secure Search
Key Deleted : HKCU\Software\AVG Security Toolbar
Key Deleted : HKCU\Software\BrowserSafeguardInstalled
Key Deleted : HKCU\Software\MGShareware
Key Deleted : HKCU\Software\AppDataLow\Software\AVG Security Toolbar
Key Deleted : HKLM\SOFTWARE\AVG Secure Search
Key Deleted : HKLM\SOFTWARE\AVG Security Toolbar
Key Deleted : HKLM\SOFTWARE\BrowserSafeGuard
Key Deleted : HKLM\SOFTWARE\MGShareware
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\AVG Secure Search
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\BrowserSafeGuard
Key Deleted : [x64] HKLM\SOFTWARE\AskPartnerNetwork
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\MyPC Backup
Data Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows [AppInit_DLLs] - C:\PROGRA~2\SearchProtect\SearchProtect\bin\SPVC64Loader.dll
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\08121C32A9C319F4CB0C11FF059552A4
 
***** [ Browsers ] *****
 
-\\ Internet Explorer v8.0.7600.17267
 
Setting Restored : HKCU\Software\Microsoft\Internet Explorer\Main [Start Page]
 
-\\ Mozilla Firefox v31.0 (x86 en-US)
 
[ File : C:\Users\Isaiah\AppData\Roaming\Mozilla\Firefox\Profiles\pqvjg8a6.default\prefs.js ]
 
Line Deleted : user_pref("avg.install.installDirPath", "C:\\ProgramData\\AVG Secure Search\\FireFoxExt\\18.1.9.786");
Line Deleted : user_pref("avg.userPreferences.URLBarFocus.whiteList", "bing\\.com|google\\.\\w+|yahoo\\.\\w+|gmail\\.\\w+|hotmail\\.\\w+|live\\.\\w+|isearch\\.avg\\.com|mysearch\\.avg\\.com");
Line Deleted : user_pref("browser.search.defaultengine", "Ask.com");
Line Deleted : user_pref("browser.search.order.1", "Ask.com");
 
-\\ Google Chrome v
 
[ File : C:\Users\Isaiah\AppData\Local\Google\Chrome\User Data\Default\preferences ]
 
Deleted [Startup_urls] : hxxp://www.trovi.com/?gd=&ctid=CT3330394&octid=EB_ORIGINAL_CTID&ISID=M66ED40BC-9F9D-4933-923D-5F1559ADA402&SearchSource=55&CUI=&UM=6&UP=SP949696A3-A725-47A1-9904-CFFE195A3926&SSPV=
Deleted [Homepage] : hxxp://www.trovi.com/?gd=&ctid=CT3330394&octid=EB_ORIGINAL_CTID&ISID=M66ED40BC-9F9D-4933-923D-5F1559ADA402&SearchSource=55&CUI=&UM=6&UP=SP949696A3-A725-47A1-9904-CFFE195A3926&SSPV=
Deleted [Extension] : jmfkcklnlgedgbglfkkgedjfmejoahla
 
*************************
 
AdwCleaner[R0].txt - [8206 octets] - [18/08/2014 11:37:49]
AdwCleaner[S0].txt - [7713 octets] - [18/08/2014 11:58:14]
 
########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [7773 octets] ##########
 
 
 
FRST.txt:
 
LastRegBack: 2014-08-17 03:33
 
==================== End Of Log ============================
 
 
 
Addition.txt:
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 17-08-2014 01
Ran by Isaiah at 2014-08-18 12:17:34
Running from C:\Users\Isaiah\Desktop
Boot Mode: Normal
==========================================================
 
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
AV: AVG Anti-Virus 2011 (Enabled - Up to date) {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}
AS: AVG Anti-Virus 2011 (Enabled - Up to date) {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}
AS: Windows Defender (Disabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 
==================== Installed Programs ======================
 
(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
Adobe Digital Editions (HKLM-x32\...\Digital Editions) (Version:  - )
Adobe Flash Player 10 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 10.0.42.34 - Adobe Systems Incorporated)
Adobe Flash Player 14 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 14.0.0.145 - Adobe Systems Incorporated)
Adobe Reader 9.1.2 (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-A91000000001}) (Version: 9.1.2 - Adobe Systems Incorporated)
Advanced Audio FX Engine (HKLM-x32\...\Advanced Audio FX Engine) (Version: 1.12.05 - Creative Technology Ltd)
Akamai NetSession Interface (HKCU\...\Akamai) (Version:  - Akamai Technologies, Inc)
allday savings (HKLM\...\B021CBBD-E38E-4F8C-8E93-6624B0597A23) (Version: 2.0.1 - allday savings) <==== ATTENTION
Any PDF to DWG Converter 2013 (HKLM-x32\...\Any PDF to DWG Converter_is1) (Version:  - AnyDWG Software, Inc.)
Apple Application Support (HKLM-x32\...\{AAC5D43E-816D-4C2D-8E51-55FFF35BE301}) (Version: 3.0.1 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{787136D2-F0F8-4625-AA3F-72D7795AC842}) (Version: 7.1.1.3 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
Ask Shopping Toolbar (HKLM-x32\...\{4F524A00-6A76-A76A-76A7-A758B70C0F05}) (Version: 12.15.5.6 - APN, LLC) <==== ATTENTION
AutoCAD Express Tools Volumes 1-9 (HKLM-x32\...\{5783F2D7-0211-0409-0000-0060B0CE6BBA}) (Version: 1.0.0.0 - Autodesk)
Autodesk Civil Series 2004 (HKLM-x32\...\{5783F2D7-0218-0409-0000-0060B0CE6BBA}) (Version: 7.26.0.118 - Autodesk)
Autodesk Express Viewer (HKLM-x32\...\Autodesk Express Viewer) (Version: 3.1 - Autodesk, Inc.)
Autodesk Land 2004 Object Enabler (HKLM-x32\...\{F9045147-2659-4942-8CB8-318EB7A375CA}) (Version: 4.0.017 - Autodesk, Inc.)
AutoTURN 7 Demo (HKLM-x32\...\AutoTURN 7 Demo) (Version: 7.0 Demo - Transoft Solutions)
AVG 2011 (HKLM\...\AVG) (Version: 10.0.1432 - AVG Technologies)
AVG 2011 (Version: 10.0.1432 - AVG Technologies) Hidden
AVG 2011 (Version: 10.0.3955 - AVG Technologies) Hidden
Banctec Service Agreement (HKLM-x32\...\{42D68A86-DB1C-4256-B8C9-5D0D92919AF5}) (Version: 2.0.0 - Dell Inc.)
Bing Bar (HKLM-x32\...\{77F8A71E-3515-4832-B8B2-2F1EDBD2E0F1}) (Version: 7.0.609.0 - Microsoft Corporation)
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
Bullzip PDF Printer 7.1.0.1218 (HKLM\...\Bullzip PDF Printer_is1) (Version: 7.1.0.1218 - Bullzip)
Carbonite (HKLM-x32\...\Carbonite Backup) (Version: 5.5.0 build 3621  (Oct-10-2013) - Carbonite)
Carlson X-Port (HKLM-x32\...\Carlson X-Port) (Version:  - )
CCleaner (HKLM\...\CCleaner) (Version: 4.16 - Piriform)
Cisco EAP-FAST Module (HKLM-x32\...\{64BF0187-F3D2-498B-99EA-163AF9AE6EC9}) (Version: 2.2.14 - Cisco Systems, Inc.)
Cisco LEAP Module (HKLM-x32\...\{51C7AD07-C3F6-4635-8E8A-231306D810FE}) (Version: 1.0.19 - Cisco Systems, Inc.)
Cisco PEAP Module (HKLM-x32\...\{ED5776D5-59B4-46B7-AF81-5F2D94D7C640}) (Version: 1.1.6 - Cisco Systems, Inc.)
Compatibility Pack for the 2007 Office system (HKLM-x32\...\{90120000-0020-0409-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
Dell DataSafe Local Backup - Support Software (HKLM-x32\...\{A9668246-FB70-4103-A1E3-66C9BC2EFB49}) (Version: 2.41 - Dell)
Dell DataSafe Local Backup (HKLM-x32\...\{0ED7EE95-6A97-47AA-AD73-152C08A15B04}) (Version: 9.4.45 - Dell)
Dell DataSafe Online (HKLM-x32\...\{13766F76-6C8C-4E57-A9F3-3212D1C6E0D1}) (Version: 1.2.0011 - Dell, Inc.)
Dell Dock (HKLM-x32\...\Dell Dock) (Version:  - Stardock Corporation)
Dell Dock (Version: 2.0 - Stardock Corporation) Hidden
Dell Edoc Viewer (HKLM\...\{8EBA8727-ADC2-477B-9D9A-1A1836BE4E05}) (Version: 1.0.0 - Dell Inc)
Dell Getting Started Guide (HKLM-x32\...\{7DB9F1E5-9ACB-410D-A7DC-7A3D023CE045}) (Version: 1.00.0000 - Dell Inc.)
Dell Support Center (Support Software) (HKLM-x32\...\{E3BFEE55-39E2-4BE0-B966-89FE583822C1}) (Version: 2.5.09100 - Dell)
Dell Webcam Central (HKLM-x32\...\Dell Webcam Central) (Version: 1.40.05 - Creative Technology Ltd)
Dropbox (HKCU\...\Dropbox) (Version: 2.10.27 - Dropbox, Inc.)
DW WLAN Card Utility (HKLM\...\DW WLAN Card Utility) (Version: 5.60.48.18 - Dell Inc.)
DWG TrueView 2013 (HKLM\...\DWG TrueView 2013) (Version: 19.0.55.0 - Autodesk)
DWG TrueView 2013 (Version: 19.0.55.0 - Autodesk) Hidden
Epson Connect (HKLM-x32\...\{64BA551C-9AF6-495C-93F3-D1270E0045FC}) (Version:  - )
Epson Connect Printer Setup (HKLM-x32\...\{D9B1D51B-EB56-410D-AEB5-1CCFAC4B6C8C}) (Version: 1.0.2 - SEIKO EPSON CORPORATION)
Epson Customer Participation (HKLM\...\{814FA673-A085-403C-9545-747FC1495069}) (Version: 1.0.0.0 - SEIKO EPSON CORPORATION)
Epson Download Navigator (HKLM-x32\...\{10F63395-157F-4B93-AB4D-702A2FF11942}) (Version: 1.0.1 - SEIKO EPSON CORPORATION)
Epson Event Manager (HKLM-x32\...\{FA9D303D-0FB2-49C7-9397-8E6B11EA892D}) (Version: 2.50.0001 - SEIKO EPSON CORPORATION)
Epson FAX Utility (HKLM-x32\...\{0CBE6C93-CB2E-4378-91EE-12BE6D4E2E4A}) (Version: 1.20.00 - SEIKO EPSON CORPORATION)
Epson PC-FAX Driver (HKLM-x32\...\EPSON PC-FAX Driver 2) (Version:  - )
EPSON Scan (HKLM-x32\...\EPSON Scanner) (Version:  - Seiko Epson Corporation)
EPSON WorkForce 645 Series Printer Uninstall (HKLM\...\EPSON WorkForce 645 Series) (Version:  - SEIKO EPSON Corporation)
EpsonNet Print (HKLM-x32\...\{3E31400D-274E-4647-916C-2CACC3741799}) (Version: 2.4j - SEIKO EPSON CORPORATION)
Free Download Manager 3.9.4 (HKLM-x32\...\Free Download Manager_is1) (Version:  - FreeDownloadManager.ORG)
FreeRIP v3.5 (HKLM-x32\...\{501451DE-5808-4599-B544-8BD0915B6B24}_is1) (Version: 3.5 - MGShareware)
Garmin Communicator Plugin (HKLM-x32\...\{B1EE1CC5-6CED-4801-BFFF-8454F21A245A}) (Version: 2.9.3 - Garmin Ltd or its subsidiaries)
Garmin USB Drivers (HKLM-x32\...\{510D2239-6C2E-457B-9590-485EC552D94D}) (Version: 2.3.0.0 - Garmin Ltd or its subsidiaries)
GeoMax Assistant Zenith25 (HKLM-x32\...\InstallShield_{1D4627BB-93FF-492C-A913-81BF9A143CCA}) (Version: 1.83 - Hexagon)
GeoMax Assistant Zenith25 (x32 Version: 1.83 - Hexagon) Hidden
Google Chrome (HKCU\...\Google Chrome) (Version: 36.0.1985.143 - Google Inc.)
Google Earth (HKLM-x32\...\{4D2A6330-2F8B-11E3-9C40-B8AC6F97B88E}) (Version: 7.1.2.2041 - Google)
Google Earth Pro (HKLM-x32\...\{9BCC60E1-EAE1-11E2-A9F0-B8AC6F98CCE3}) (Version: 7.1.1.1888 - Google)
Google Update Helper (x32 Version: 1.3.24.15 - Google Inc.) Hidden
GoToAssist 8.0.0.514 (HKLM-x32\...\GoToAssist) (Version:  - )
GPL Ghostscript Lite 8.70 (HKLM-x32\...\GPL Ghostscript Lite_is1) (Version:  - )
HydroCAD (HKLM-x32\...\HydroCAD) (Version:  - )
iCloud (HKLM\...\{81E20D41-C277-4526-934D-F2380AF91B78}) (Version: 3.1.0.40 - Apple Inc.)
Intel® Graphics Media Accelerator Driver (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 8.15.10.2104 - Intel Corporation)
Intel® Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 6.0.0.1179 - Intel Corporation)
iTunes (HKLM\...\{B8BA155B-1E75-405F-9CB4-8A99615D09DC}) (Version: 11.1.5.5 - Apple Inc.)
Java 7 Update 65 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83217051FF}) (Version: 7.0.650 - Oracle)
Java 7 Update 7 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86417007FF}) (Version: 7.0.70 - Oracle)
Java Auto Updater (x32 Version: 2.1.65.20 - Oracle, Inc.) Hidden
Java™ 6 Update 20 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86416020FF}) (Version: 6.0.200 - Sun Microsystems, Inc.)
Java™ 6 Update 35 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83216035FF}) (Version: 6.0.350 - Oracle)
Junk Mail filter update (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Live! Cam Avatar Creator (HKLM-x32\...\{65D0C510-D7B6-4438-9FC8-E6B91115AB0D}) (Version: 4.6.3009.1 - Creative Technology Ltd)
LoJack Factory Installer (HKLM-x32\...\{40F4FF7A-B214-4453-B973-080B09CED019}) (Version: 1.0.0 - Absolute Software)
LTCM Client (HKLM-x32\...\LTCM Client) (Version:  - Leader Technologies Inc.)
McAfee Security Scan Plus (HKLM\...\McAfee Security Scan) (Version: 3.8.130.10 - McAfee, Inc.)
MdbConverter (HKLM-x32\...\{00DA624A-4D28-470A-A3F7-F833FD9C69B7}) (Version: 4.2.0 - GeoSystems)
Microsoft .NET Framework 1.1 (HKLM-x32\...\{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}) (Version: 1.1.4322 - Microsoft)
Microsoft .NET Framework 4 Client Profile (HKLM\...\Microsoft .NET Framework 4 Client Profile) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4 Extended (HKLM\...\Microsoft .NET Framework 4 Extended) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft .NET Framework 4 Extended (Version: 4.0.30319 - Microsoft Corporation) Hidden
Microsoft Application Error Reporting (Version: 12.0.6015.5000 - Microsoft Corporation) Hidden
Microsoft Office 2003 Primary Interop Assemblies (HKLM-x32\...\{91490409-6000-11D3-8CFE-0150048383C9}) (Version: 11.0.6553.0 - Microsoft Corporation)
Microsoft Office 2010 (HKLM-x32\...\{95140000-0070-0000-0000-0000000FF1CE}) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Office Basic Edition 2003 (HKLM-x32\...\{91130409-6000-11D3-8CFE-0150048383C9}) (Version: 11.0.8173.0 - Microsoft Corporation)
Microsoft Office Click-to-Run 2010 (HKLM-x32\...\Office14.Click2Run) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Office Click-to-Run 2010 (Version: 14.0.4763.1000 - Microsoft Corporation) Hidden
Microsoft Office File Validation Add-In (HKLM-x32\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
Microsoft Office Starter 2010 - English (HKLM-x32\...\{90140011-0066-0409-0000-0000000FF1CE}) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053 (HKLM\...\{B6E3757B-5E77-3915-866A-CCFC4B8D194C}) (Version: 8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable - KB2467175 (HKLM-x32\...\{a0fe116e-9a8a-466f-aee0-625cb7c207e3}) (Version: 8.0.51011 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{052bac4a-6f79-46d4-a024-1ce1b4f73cd4}) (Version: 8.0.58299 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) - KB2467175 (HKLM\...\{aac9fcc4-dd9e-4add-901c-b5496a07ab2e}) (Version: 8.0.51011 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 ATL Update kb973924 - x64 9.0.30729.4148 (HKLM\...\{EE936C7A-EA40-31D5-9B65-8E3E089C3828}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x64 9.0.30729.5570 (HKLM\...\{8338783A-0968-3B85-AFC7-BAAE0A63DC50}) (Version: 9.0.30729.5570 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 (HKLM-x32\...\{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}) (Version: 9.0.30729.5570 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (HKLM-x32\...\{820B6609-4C97-3A2B-B644-573B06A0F0CC}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual Studio 2005 Tools for Office Runtime (HKLM-x32\...\Microsoft Visual Studio 2005 Tools for Office Runtime) (Version:  - Microsoft Corporation)
Microsoft Visual Studio 2005 Tools for Office Runtime (x32 Version: 8.0.60940.0 - Microsoft Corporation) Hidden
Mozilla Firefox 31.0 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 31.0 (x86 en-US)) (Version: 31.0 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 29.0 - Mozilla)
MSVCRT (x32 Version: 15.4.2862.0708 - Microsoft) Hidden
MSVCRT_amd64 (x32 Version: 15.4.2862.0708 - Microsoft) Hidden
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
MSXML 4.0 SP2 Parser and SDK (HKLM-x32\...\{716E0306-8318-4364-8B8F-0CC4E9376BAC}) (Version: 4.20.9818.0 - Microsoft Corporation)
OfficeSharedAddInSetup (HKLM-x32\...\{3D316CFB-1825-4030-A13A-29D18DC6B177}) (Version: 1.0.0 - Smart Soft)
PDFill PDF Editor with FREE Writer and FREE Tools (HKLM\...\{D1399216-81B2-457C-A0F7-73B9A2EF6902}) (Version: 10.0 - PlotSoft LLC)
PowerDVD DX (HKLM-x32\...\{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}) (Version: 8.3.6029 - CyberLink Corp.)
QuickBooks (x32 Version: 21.0.4011.904 - Intuit Inc.) Hidden
QuickBooks Pro 2011 (HKLM-x32\...\{11E0AC7D-6822-4F67-865F-EE1C13D28C38}) (Version: 21.0.4011.904 - Intuit Inc.)
Quickset64 (HKLM\...\{87CF757E-C1F1-4D22-865C-00C6950B5258}) (Version: 10.3.2 - Dell Inc.)
QuickTime 7 (HKLM-x32\...\{111EE7DF-FC45-40C7-98A7-753AC46B12FB}) (Version: 7.75.80.95 - Apple Inc.)
Rapport (Version: 3.5.1205.20 - Trusteer) Hidden
Rapport (x32 Version: 3.5.1307.109 - Trusteer) Hidden
Roxio Burn (HKLM-x32\...\{B2E47DE7-800B-40BB-BD1F-9F221C3AEE87}) (Version: 1.01 - Roxio)
Roxio Burn (x32 Version: 1.01 - Roxio) Hidden
Search Toolbar (HKLM-x32\...\Search Toolbar) (Version: 1.2 - Zugo Ltd) <==== ATTENTION
Shopping App by Ask (HKLM-x32\...\{4F524A2D-5354-2D53-5045-A758B70C0F01}) (Version: 12.15.1.21 - APN, LLC)
Skype Toolbars (HKLM-x32\...\{981029E0-7FC9-4CF3-AB39-6F133621921A}) (Version: 1.0.4051 - Skype Technologies S.A.)
Skype™ 6.11 (HKLM-x32\...\{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}) (Version: 6.11.102 - Skype Technologies S.A.)
Smart PDF Converter 6.1.0.425 (HKLM\...\Smart PDF Converter_is1) (Version: 6.1.0.425 - Smart Soft)
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 15.0.3.0 - Synaptics Incorporated)
SyncBack (HKLM-x32\...\SyncBack_is1) (Version:  - 2BrightSparks)
TOPO! (HKLM-x32\...\TOPO!) (Version:  - )
Trusteer Endpoint Protection (HKLM-x32\...\Rapport_msi) (Version: 3.5.1307.109 - Trusteer)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871) (HKLM-x32\...\{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}.KB2468871) (Version: 1 - Microsoft Corporation)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523) (HKLM-x32\...\{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}.KB2533523) (Version: 1 - Microsoft Corporation)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217) (HKLM-x32\...\{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}.KB2600217) (Version: 1 - Microsoft Corporation)
Update for Microsoft .NET Framework 4 Extended (KB2468871) (HKLM-x32\...\{8E34682C-8118-31F1-BC4C-98CD9675E1C2}.KB2468871) (Version: 1 - Microsoft Corporation)
Update for Microsoft .NET Framework 4 Extended (KB2533523) (HKLM-x32\...\{8E34682C-8118-31F1-BC4C-98CD9675E1C2}.KB2533523) (Version: 1 - Microsoft Corporation)
Update for Microsoft .NET Framework 4 Extended (KB2600217) (HKLM-x32\...\{8E34682C-8118-31F1-BC4C-98CD9675E1C2}.KB2600217) (Version: 1 - Microsoft Corporation)
Visual C++ 8.0 Runtime Setup Package (x64) (HKLM-x32\...\{2FDBBCEA-62DB-45F4-B6E5-0E1FB2A1F29D}) (Version: 9.0.0.623 - AVG Technologies CZ, s.r.o.)
Visual Studio 2008 x64 Redistributables (HKLM-x32\...\{FCDBEA60-79F0-4FAE-BBA8-55A26C609A49}) (Version: 10.0.0.2 - AVG Technologies)
WildTangent Games (HKLM-x32\...\WildTangent dell Master Uninstall) (Version: 1.0.0.71 - WildTangent)
Windows Driver Package - Garmin (grmnusb) GARMIN Devices  (06/03/2009 2.3.0.0) (HKLM\...\49CF605F02C7954F4E139D18828DE298CD59217C) (Version: 06/03/2009 2.3.0.0 - Garmin)
Windows Driver Package - Silicon Laboratories (silabenm) Ports  (12/10/2012 6.6.1.0) (HKLM\...\D680DEE0F68D64EC53D0C5769879D15D387054CC) (Version: 12/10/2012 6.6.1.0 - Silicon Laboratories)
Windows Live Communications Platform (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3502.0922 - Microsoft Corporation)
Windows Live Essentials (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live ID Sign-in Assistant (Version: 7.250.4225.0 - Microsoft Corporation) Hidden
Windows Live Installer (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Language Selector (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Mail (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Messenger (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live MIME IFilter (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Movie Maker (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Photo Common (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Photo Gallery (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live PIMT Platform (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live SOXE (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live SOXE Definitions (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Sync (HKLM-x32\...\{84EBDF39-4B33-49D7-A0BD-EB6E2C4E81C1}) (Version: 14.0.8089.726 - Microsoft Corporation)
Windows Live UX Platform (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live UX Platform Language Pack (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Writer (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Writer Resources (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Mobile Device Center (HKLM\...\{626672CD-BFCF-49A9-AEFE-AB0FED3BFC5B}) (Version: 6.1.6965.0 - Microsoft Corporation)
 
==================== Custom CLSID (selected items): ==========================
 
(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)
 
CustomCLSID: HKU\S-1-5-21-928644344-3032971394-1657302220-1001_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Users\Isaiah\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-928644344-3032971394-1657302220-1001_Classes\CLSID\{355EC88A-02E2-4547-9DEE-F87426484BD1}\InprocServer32 -> C:\Users\Isaiah\AppData\Local\Google\Update\1.3.23.9\psuser_64.dll No File
CustomCLSID: HKU\S-1-5-21-928644344-3032971394-1657302220-1001_Classes\CLSID\{3faa4380-a399-11cf-a466-00805fe418f6}\InprocServer32 -> C:\Program Files\Autodesk\DWG TrueView 2013\en-US\dwgviewrficn.dll (Autodesk, Inc.)
CustomCLSID: HKU\S-1-5-21-928644344-3032971394-1657302220-1001_Classes\CLSID\{6A221957-2D85-42A7-8E19-BE33950D1DEB}\localserver32 -> C:\Program Files\Autodesk\DWG TrueView 2013\dwgviewr.exe (Autodesk, Inc.)
CustomCLSID: HKU\S-1-5-21-928644344-3032971394-1657302220-1001_Classes\CLSID\{90B3DFBF-AF6A-4EA0-8899-F332194690F8}\InprocServer32 -> C:\Users\Isaiah\AppData\Local\Google\Update\1.3.24.15\psuser_64.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-928644344-3032971394-1657302220-1001_Classes\CLSID\{E8CF3E55-F919-49D9-ABC0-948E6CB34B9F}\InprocServer32 -> C:\Users\Isaiah\AppData\Local\Google\Update\1.3.24.15\psuser_64.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-928644344-3032971394-1657302220-1001_Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Isaiah\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-928644344-3032971394-1657302220-1001_Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Isaiah\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-928644344-3032971394-1657302220-1001_Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Isaiah\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-928644344-3032971394-1657302220-1001_Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Isaiah\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-928644344-3032971394-1657302220-1001_Classes\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Isaiah\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-928644344-3032971394-1657302220-1001_Classes\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Isaiah\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-928644344-3032971394-1657302220-1001_Classes\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Isaiah\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-928644344-3032971394-1657302220-1001_Classes\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Isaiah\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-928644344-3032971394-1657302220-1001_Classes\CLSID\{FE498BAB-CB4C-4F88-AC3F-3641AAAF5E9E}\InprocServer32 -> C:\Users\Isaiah\AppData\Local\Google\Update\1.3.24.7\psuser_64.dll No File
 
==================== Restore Points  =========================
 
06-08-2014 21:20:59 Scheduled Checkpoint
13-08-2014 23:34:33 Scheduled Checkpoint
16-08-2014 07:00:23 Windows Update
17-08-2014 07:00:59 Windows Update
 
==================== Hosts content: ==========================
 
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 
2009-07-13 22:34 - 2014-08-16 22:41 - 00000027 ____A C:\Windows\system32\Drivers\etc\hosts
127.0.0.1       localhost
 
==================== Scheduled Tasks (whitelisted) =============
 
(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)
 
Task: {1EB3B4C9-D130-4EC3-A9B6-1670EF52E140} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-07-09] (Adobe Systems Incorporated)
Task: {4B0B8DCA-C5B3-4DF9-9458-814D4915CD1B} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-928644344-3032971394-1657302220-1001Core => C:\Users\Isaiah\AppData\Local\Google\Update\GoogleUpdate.exe [2012-02-11] (Google Inc.)
Task: {4DE2B731-5EFF-4EFD-B81C-B77581D8AB06} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2010-08-15] (Google Inc.)
Task: {7BEAC62A-833B-4328-9C17-E6EA8DDE41B2} - System32\Tasks\{5F6010C8-60E5-41f3-BF5B-C3AF5DBE12D4} => C:\ProgramData\Carbonite\Carbonite Backup\CarboniteUpgrade.exe
Task: {7FF6B4FC-AAAE-4E6E-800E-666332081D23} - System32\Tasks\ROC_JAN2013_TB_rmv => C:\Program Files (x86)\AVG Secure Search\PostInstall\ROC.exe
Task: {8634F19C-EE42-4F3F-B188-6B4C163163A2} - System32\Tasks\LoJack for Laptops Install => C:\Program Files (x86)\Absolute Software\LoJack Install\FactoryInstaller.exe [2009-11-26] (Absolute Software)
Task: {8B8A27AD-9935-49FA-91A6-8F8E69FB37EF} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2010-08-15] (Google Inc.)
Task: {AC391964-C694-4427-852F-FA53BC9F0399} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-928644344-3032971394-1657302220-1001UA => C:\Users\Isaiah\AppData\Local\Google\Update\GoogleUpdate.exe [2012-02-11] (Google Inc.)
Task: {AFDFB340-D9B0-40A5-B9E2-E834071B71FC} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {B2C24EA5-76DD-4D9E-B975-CD732E5F7098} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2014-07-23] (Piriform Ltd)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-928644344-3032971394-1657302220-1001Core.job => C:\Users\Isaiah\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-928644344-3032971394-1657302220-1001UA.job => C:\Users\Isaiah\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\ROC_JAN2013_TB_rmv.job => C:\Program Files (x86)\AVG Secure Search\PostInstall\ROC.exe
Task: C:\Windows\Tasks\SyncBack Dell Studio 17 Backup.job => C:\Program Files (x86)\2BrightSparks\SyncBackIsaiahTask created by SyncBack.exe
Task: C:\Windows\Tasks\SyncBack Kimball Files Backup.job => C:\Program Files (x86)\2BrightSparks\SyncBackIsaiahTask created by SyncBack.exe
Task: C:\Windows\Tasks\SyncBack My Pictures Backup.job => C:\Program Files (x86)\2BrightSparks\SyncBackIsaiahTask created by SyncBack.exe
 
==================== Loaded Modules (whitelisted) =============
 
2011-04-21 21:36 - 2011-03-18 19:59 - 00349064 _____ () C:\Program Files\Smart PDF Converter\ExplorerExt_x64.dll
2010-07-15 23:21 - 2010-07-21 11:35 - 00161088 _____ () C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpd.exe
2010-02-09 14:34 - 2010-02-09 14:34 - 01807680 _____ () C:\Program Files (x86)\Dell DataSafe Online\DataSafeOnline.exe
2009-10-15 04:10 - 2009-10-15 04:10 - 00498160 _____ () C:\Program Files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe
2011-02-10 07:55 - 2011-02-10 07:55 - 01148256 _____ () C:\Program Files (x86)\AVG\AVG10\Identity Protection\agent\bin\avgidsmonitor.exe
2012-08-07 20:58 - 2014-07-06 10:18 - 01404120 _____ () C:\ProgramData\Trusteer\Rapport\store\exts\RapportMS\baseline\RapportMS.dll
2010-07-15 23:19 - 2010-07-21 11:33 - 00058688 _____ () C:\Program Files (x86)\Dell DataSafe Local Backup\STCoreXml.dll
2010-07-15 23:19 - 2010-07-21 11:33 - 00116032 _____ () C:\Program Files (x86)\Dell DataSafe Local Backup\PSTVdsDisk.dll
2010-07-15 23:19 - 2010-07-21 11:33 - 00128320 _____ () C:\Program Files (x86)\Dell DataSafe Local Backup\STLog.dll
2012-05-14 15:09 - 2012-05-14 15:09 - 00268648 _____ () C:\Program Files (x86)\Intuit\QuickBooks 2011\boost_regex-vc90-mt-p-1_33.dll
2012-05-14 15:10 - 2012-05-14 15:10 - 00020840 _____ () C:\Program Files (x86)\Intuit\QuickBooks 2011\QBCompressor.dll
2005-07-19 23:18 - 2005-07-19 23:18 - 00059904 _____ () C:\Program Files (x86)\Intuit\QuickBooks 2011\zlib1.dll
2012-05-14 15:09 - 2012-05-14 15:09 - 00348008 _____ () C:\Program Files (x86)\Intuit\QuickBooks 2011\BackupLib.dll
2012-05-14 15:10 - 2012-05-14 15:10 - 00125800 _____ () C:\Program Files (x86)\Intuit\QuickBooks 2011\QBMAPILibrary.dll
2012-05-14 15:09 - 2012-05-14 15:09 - 00176488 _____ () C:\Program Files (x86)\Intuit\QuickBooks 2011\boost_serialization-vc90-mt-p-1_33.dll
2012-05-14 15:10 - 2012-05-14 15:10 - 00042344 _____ () C:\Program Files (x86)\Intuit\QuickBooks 2011\mbpopup.dll
2014-08-18 12:11 - 2014-08-18 12:11 - 00043008 _____ () c:\users\isaiah\appdata\local\temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpl5isk9.dll
2013-08-23 15:01 - 2013-08-23 15:01 - 25100288 _____ () C:\Users\Isaiah\AppData\Roaming\Dropbox\bin\libcef.dll
2010-02-09 14:34 - 2010-02-09 14:34 - 00275776 _____ () C:\Program Files (x86)\Dell DataSafe Online\SdbShared.dll
2010-02-09 14:34 - 2010-02-09 14:34 - 00058688 _____ () C:\Program Files (x86)\Dell DataSafe Online\BalloonWindow.dll
2010-02-09 14:34 - 2010-02-09 14:34 - 00095552 _____ () C:\Program Files (x86)\Dell DataSafe Online\SdbUI.dll
2010-02-09 14:34 - 2010-02-09 14:34 - 00152896 _____ () C:\Program Files (x86)\Dell DataSafe Online\SdbShared.XmlSerializers.dll
2010-02-09 14:34 - 2010-02-09 14:34 - 00017728 _____ () C:\Program Files (x86)\Dell DataSafe Online\cpputils.dll
2009-07-13 17:03 - 2009-07-13 21:15 - 00364544 _____ () C:\Windows\SysWOW64\msjetoledb40.dll
2014-02-12 20:58 - 2014-02-12 20:58 - 00073544 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
2014-02-12 20:58 - 2014-02-12 20:58 - 01044808 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
2014-03-23 17:04 - 2014-03-23 17:04 - 00557056 _____ () C:\Program Files (x86)\Trusteer\Rapport\bin\js32.dll
 
==================== Alternate Data Streams (whitelisted) =========
 
(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)
 
 
==================== Safe Mode (whitelisted) ===================
 
(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
 
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\GoToAssist => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\McMPFSvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\remote support => "(Default)"="Service"
 
==================== EXE Association (whitelisted) =============
 
(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)
 
 
==================== MSCONFIG/TASK MANAGER disabled items =========
 
(Currently there is no automatic fix for this section.)
 
 
==================== Faulty Device Manager Devices =============
 
Name: HTTP
Description: HTTP
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer: 
Service: HTTP
Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
Devices stay in this state if they have been prepared for removal.
After you remove the device, this error disappears.Remove the device, and this error should be resolved.
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (08/18/2014 00:18:18 PM) (Source: WcesComm) (EventID: 7) (User: )
Description: Windows Mobile-based device failed to connect due to Fatal (0x80004005) failure (see data for failure code).
 
Error: (08/18/2014 00:18:13 PM) (Source: WcesComm) (EventID: 7) (User: )
Description: Windows Mobile-based device failed to connect due to Fatal (0x80004005) failure (see data for failure code).
 
Error: (08/18/2014 00:18:08 PM) (Source: WcesComm) (EventID: 7) (User: )
Description: Windows Mobile-based device failed to connect due to Fatal (0x80004005) failure (see data for failure code).
 
Error: (08/18/2014 00:18:03 PM) (Source: WcesComm) (EventID: 7) (User: )
Description: Windows Mobile-based device failed to connect due to Fatal (0x80004005) failure (see data for failure code).
 
Error: (08/18/2014 00:17:58 PM) (Source: WcesComm) (EventID: 7) (User: )
Description: Windows Mobile-based device failed to connect due to Fatal (0x80004005) failure (see data for failure code).
 
Error: (08/18/2014 00:17:53 PM) (Source: WcesComm) (EventID: 7) (User: )
Description: Windows Mobile-based device failed to connect due to Fatal (0x80004005) failure (see data for failure code).
 
Error: (08/18/2014 00:17:47 PM) (Source: WcesComm) (EventID: 7) (User: )
Description: Windows Mobile-based device failed to connect due to Fatal (0x80004005) failure (see data for failure code).
 
Error: (08/18/2014 00:17:42 PM) (Source: WcesComm) (EventID: 7) (User: )
Description: Windows Mobile-based device failed to connect due to Fatal (0x80004005) failure (see data for failure code).
 
Error: (08/18/2014 00:17:37 PM) (Source: WcesComm) (EventID: 7) (User: )
Description: Windows Mobile-based device failed to connect due to Fatal (0x80004005) failure (see data for failure code).
 
Error: (08/18/2014 00:17:32 PM) (Source: WcesComm) (EventID: 7) (User: )
Description: Windows Mobile-based device failed to connect due to Fatal (0x80004005) failure (see data for failure code).
 
 
System errors:
=============
Error: (08/18/2014 00:13:20 PM) (Source: Service Control Manager) (EventID: 7024) (User: )
Description: The Background Intelligent Transfer Service service terminated with service-specific error %%-2147014846.
 
Error: (08/18/2014 00:13:20 PM) (Source: Microsoft-Windows-Bits-Client) (EventID: 16392) (User: NT AUTHORITY)
Description: The BITS service failed to start.  Error 2147952450.
 
Error: (08/18/2014 00:12:50 PM) (Source: Service Control Manager) (EventID: 7024) (User: )
Description: The Background Intelligent Transfer Service service terminated with service-specific error %%-2147014846.
 
Error: (08/18/2014 00:12:50 PM) (Source: Microsoft-Windows-Bits-Client) (EventID: 16392) (User: NT AUTHORITY)
Description: The BITS service failed to start.  Error 2147952450.
 
Error: (08/18/2014 00:12:37 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: application-specificLocalLaunch{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}{344ED43D-D086-4961-86A6-1106F4ACAD9B}NT AUTHORITYLOCAL SERVICES-1-5-19LocalHost (Using LRPC)
 
Error: (08/18/2014 00:12:36 PM) (Source: DCOM) (EventID: 10010) (User: )
Description: {E60687F7-01A1-40AA-86AC-DB1CBF673334}
 
Error: (08/18/2014 00:12:20 PM) (Source: Service Control Manager) (EventID: 7024) (User: )
Description: The Background Intelligent Transfer Service service terminated with service-specific error %%-2147014846.
 
Error: (08/18/2014 00:12:20 PM) (Source: Microsoft-Windows-Bits-Client) (EventID: 16392) (User: NT AUTHORITY)
Description: The BITS service failed to start.  Error 2147952450.
 
Error: (08/18/2014 00:12:20 PM) (Source: DCOM) (EventID: 10010) (User: )
Description: {4991D34B-80A1-4291-83B6-3328366B9097}
 
Error: (08/18/2014 00:12:06 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: The Windows Update service terminated with the following error: 
%%-2147014846
 
 
Microsoft Office Sessions:
=========================
Error: (08/18/2014 00:18:18 PM) (Source: WcesComm) (EventID: 7) (User: )
Description: Fatal (0x80004005)
 
Error: (08/18/2014 00:18:13 PM) (Source: WcesComm) (EventID: 7) (User: )
Description: Fatal (0x80004005)
 
Error: (08/18/2014 00:18:08 PM) (Source: WcesComm) (EventID: 7) (User: )
Description: Fatal (0x80004005)
 
Error: (08/18/2014 00:18:03 PM) (Source: WcesComm) (EventID: 7) (User: )
Description: Fatal (0x80004005)
 
Error: (08/18/2014 00:17:58 PM) (Source: WcesComm) (EventID: 7) (User: )
Description: Fatal (0x80004005)
 
Error: (08/18/2014 00:17:53 PM) (Source: WcesComm) (EventID: 7) (User: )
Description: Fatal (0x80004005)
 
Error: (08/18/2014 00:17:47 PM) (Source: WcesComm) (EventID: 7) (User: )
Description: Fatal (0x80004005)
 
Error: (08/18/2014 00:17:42 PM) (Source: WcesComm) (EventID: 7) (User: )
Description: Fatal (0x80004005)
 
Error: (08/18/2014 00:17:37 PM) (Source: WcesComm) (EventID: 7) (User: )
Description: Fatal (0x80004005)
 
Error: (08/18/2014 00:17:32 PM) (Source: WcesComm) (EventID: 7) (User: )
Description: Fatal (0x80004005)
 
 
CodeIntegrity Errors:
===================================
  Date: 2014-08-16 21:52:11.515
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2014-08-16 21:52:11.406
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
 
==================== Memory info =========================== 
 
Processor: Intel® Core™ i3 CPU M 350 @ 2.27GHz
Percentage of memory in use: 43%
Total physical RAM: 3764.55 MB
Available physical RAM: 2135.11 MB
Total Pagefile: 7527.23 MB
Available Pagefile: 5540.5 MB
Total Virtual: 8192 MB
Available Virtual: 8191.85 MB
 
==================== Drives ================================
 
Drive c: (OS) (Fixed) (Total:451.07 GB) (Free:196.3 GB) NTFS
Drive e: () (Removable) (Total:0.95 GB) (Free:0.71 GB) FAT
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (MBR Code: Windows 7 or Vista) (Size: 465.8 GB) (Disk ID: 71EC67E7)
Partition 1: (Not Active) - (Size=39 MB) - (Type=DE)
Partition 2: (Active) - (Size=14.6 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=451.1 GB) - (Type=07 NTFS)
 
========================================================
Disk: 1 (Size: 968.8 MB) (Disk ID: 00000000)
 
Partition: GPT Partition Type.
 
==================== End Of Log ============================
 
 
 

  • 0

#12
Naathim
Posted 18 August 2014 - 10:27 AM

Naathim

    GeekU Minion

  • Expert
  • 4,568 posts
The FRST.txt log looks like an empty one, or you have accidentaly posted only last couple of lines. Can you please double-check it? This one is the most important now.

Cheers,
Naat
  • 0

#13
plante
Posted 18 August 2014 - 11:13 AM

plante

    Member

  • Topic Starter
  • Member
  • PipPip
  • 63 posts

That was what the first scan reported, but I ran it again and got:

 

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 17-08-2014 01
Ran by Isaiah (administrator) on DELLSTUDIO17 on 18-08-2014 13:08:10
Running from C:\Users\Isaiah\Desktop
Platform: Windows 7 Home Premium (X64) OS Language: English (United States)
Internet Explorer Version 8
Boot Mode: Normal
 
The only official download link for FRST:
Download link from any site other than Bleeping Computer is unpermitted or outdated.
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG10\avgchsva.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG10\avgrsa.exe
(Trusteer Ltd.) C:\Program Files (x86)\Trusteer\Rapport\bin\RapportMgmtService.exe
(IDT, Inc.) C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_0057cbec48a2d7cf\stacsv64.exe
(Stardock Corporation) C:\Program Files\Dell\DellDock\DockLogin.exe
(Dell Inc.) C:\Program Files\Dell\DW WLAN Card\WLTRYSVC.EXE
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Dell Inc.) C:\Program Files\Dell\DW WLAN Card\BCMWLTRY.EXE
(Andrea Electronics Corporation) C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_0057cbec48a2d7cf\AESTSr64.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG10\avgwdsvc.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Carbonite, Inc. (www.carbonite.com)) C:\Program Files\Carbonite\Carbonite Backup\CarboniteService.exe
(SEIKO EPSON CORPORATION) C:\Program Files\EPSON\EpsonCustomerParticipation\EPCP.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(Microsoft Corporation) C:\Program Files (x86)\Common Files\microsoft shared\VS7DEBUG\MDM.EXE
(O2Micro International) C:\Windows\System32\drivers\o2flash.exe
(Intuit) C:\Program Files (x86)\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG10\avgam.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG10\avgnsa.exe
(Intuit Inc.) C:\Program Files (x86)\Common Files\Intuit\DataProtect\QBIDPService.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE
(SoftThinks SAS) C:\Program Files (x86)\Dell DataSafe Local Backup\SftService.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe
(Microsoft Corporation) C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.24.15\GoogleCrashHandler.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.24.15\GoogleCrashHandler64.exe
(SupportSoft, Inc.) C:\Program Files (x86)\Dell Support Center\bin\sprtsvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG10\avgrsa.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG10\avgcsrva.exe
() C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpd.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(IDT, Inc.) C:\Program Files\IDT\WDM\sttray64.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Dell Inc.) C:\Program Files\Dell\DW WLAN Card\WLTRAY.EXE
(Microsoft Corporation) C:\Windows\WindowsMobile\wmdc.exe
(Akamai Technologies, Inc.) C:\Users\Isaiah\AppData\Local\Akamai\netsession_win.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Akamai Technologies, Inc.) C:\Users\Isaiah\AppData\Local\Akamai\netsession_win.exe
(McAfee, Inc.) C:\Program Files\McAfee Security Scan\3.8.130\SSScheduler.exe
(Intuit Inc.) C:\Program Files (x86)\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe
(Intuit Inc.) C:\Program Files (x86)\Intuit\QuickBooks 2011\QBW32.EXE
(Dropbox, Inc.) C:\Users\Isaiah\AppData\Roaming\Dropbox\bin\Dropbox.exe
() C:\Program Files (x86)\Dell DataSafe Online\DataSafeOnline.exe
(CyberLink Corp.) C:\Program Files (x86)\CyberLink\PowerDVD DX\PDVDDXSrv.exe
(Creative Technology Ltd) C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe
() C:\Program Files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe
(SupportSoft, Inc.) C:\Program Files (x86)\Dell Support Center\bin\sprtcmd.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG10\avgtray.exe
(SEIKO EPSON CORPORATION) C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe
() C:\Program Files (x86)\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSMonitor.exe
(Carbonite, Inc.) C:\Program Files (x86)\Carbonite\Carbonite Backup\CarboniteUI.exe
(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Trusteer Ltd.) C:\Program Files (x86)\Trusteer\Rapport\bin\RapportService.exe
 
 
==================== Registry (Whitelisted) ==================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [1909032 2010-01-14] (Synaptics Incorporated)
HKLM\...\Run: [SysTrayApp] => C:\Program Files\IDT\WDM\sttray64.exe [487424 2010-01-20] (IDT, Inc.)
HKLM\...\Run: [Broadcom Wireless Manager UI] => C:\Program Files\Dell\DW WLAN Card\WLTRAY.exe [5470208 2009-12-16] (Dell Inc.)
HKLM\...\Run: [Windows Mobile Device Center] => C:\Windows\WindowsMobile\wmdc.exe [660360 2007-05-31] (Microsoft Corporation)
HKLM\...\Run: [Logitech Download Assistant] => C:\Windows\system32\rundll32.exe C:\Windows\System32\LogiLDA.dll,LogiFetch
HKLM-x32\...\Run: [Adobe Reader Speed Launcher] => C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe [35696 2009-02-27] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Dell DataSafe Online] => C:\Program Files (x86)\Dell DataSafe Online\DataSafeOnline.exe [1807680 2010-02-09] ()
HKLM-x32\...\Run: [PDVDDXSrv] => C:\Program Files (x86)\CyberLink\PowerDVD DX\PDVDDXSrv.exe [140520 2009-12-29] (CyberLink Corp.)
HKLM-x32\...\Run: [Dell Webcam Central] => C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe [409744 2009-06-24] (Creative Technology Ltd)
HKLM-x32\...\Run: [Desktop Disc Tool] => c:\Program Files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe [498160 2009-10-15] ()
HKLM-x32\...\Run: [DellSupportCenter] => C:\Program Files (x86)\Dell Support Center\bin\sprtcmd.exe [206064 2009-05-21] (SupportSoft, Inc.)
HKLM-x32\...\Run: [AVG_TRAY] => C:\Program Files (x86)\AVG\AVG10\avgtray.exe [2345592 2012-08-01] (AVG Technologies CZ, s.r.o.)
HKLM-x32\...\Run: [Intuit SyncManager] => C:\Program Files (x86)\Common Files\Intuit\Sync\IntuitSyncManager.exe [2215768 2011-09-30] (Intuit Inc. All rights reserved.)
HKLM-x32\...\Run: [EEventManager] => C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe [979328 2010-10-12] (SEIKO EPSON CORPORATION)
HKLM-x32\...\Run: [FUFAXRCV] => C:\Program Files (x86)\Epson Software\FAX Utility\FUFAXRCV.exe [495616 2011-03-09] (SEIKO EPSON CORPORATION)
HKLM-x32\...\Run: [FUFAXSTM] => C:\Program Files (x86)\Epson Software\FAX Utility\FUFAXSTM.exe [856064 2011-03-09] (SEIKO EPSON CORPORATION)
HKLM-x32\...\Run: [LTCM Client] => C:\Program Files (x86)\LTCM Client\ltcmClient.exe [1596096 2009-08-05] (Leader Technologies Inc.)
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [43848 2014-02-12] (Apple Inc.)
HKLM-x32\...\Run: [Carbonite Backup] => C:\Program Files (x86)\Carbonite\Carbonite Backup\CarboniteUI.exe [1056264 2013-10-10] (Carbonite, Inc.)
HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2014-01-17] (Apple Inc.)
HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2014-02-21] (Apple Inc.)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [256896 2014-07-11] (Oracle Corporation)
HKLM-x32\...\RunOnce: ["C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpdate.exe"] => C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpdate.exe [560128 2010-09-26] (Dell)
HKLM-x32\...\RunOnce: [DSUpdateLauncher] => C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpd.exe [161088 2010-07-21] ()
Winlogon\Notify\GoToAssist: C:\Program Files (x86)\Citrix\GoToAssist\514\G2AWinLogon_x64.dll ()
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-928644344-3032971394-1657302220-1001\...\Run: [Akamai NetSession Interface] => C:\Users\Isaiah\AppData\Local\Akamai\netsession_win.exe [4672920 2014-04-17] (Akamai Technologies, Inc.)
HKU\S-1-5-21-928644344-3032971394-1657302220-1001\...\Run: [EPLTarget\P0000000000000000] => C:\Windows\system32\spool\DRIVERS\x64\3\E_YATIHVA.EXE [241280 2014-07-01] (SEIKO EPSON CORPORATION)
HKU\S-1-5-21-928644344-3032971394-1657302220-1001\...\Run: [lvqcpjha] => "C:\Users\Isaiah\AppData\Local\fkewwvtk.exe"
HKU\S-1-5-21-928644344-3032971394-1657302220-1001\...\Run: [fdjfvowh] => "C:\Users\Isaiah\AppData\Local\ncsakshk.exe"
HKU\S-1-5-21-928644344-3032971394-1657302220-1001\...\Run: [lmkuiwqa] => "C:\Users\Isaiah\AppData\Local\pltlcdfj.exe"
HKU\S-1-5-21-928644344-3032971394-1657302220-1001\...\Run: [moqknlab] => "C:\Users\Isaiah\AppData\Local\mlxchjql.exe"
HKU\S-1-5-21-928644344-3032971394-1657302220-1001\...\Run: [jpsvbbtb] => "C:\Users\Isaiah\AppData\Local\mnevmcsq.exe"
HKU\S-1-5-21-928644344-3032971394-1657302220-1001\...\Run: [bmsujadl] => "C:\Users\Isaiah\AppData\Local\txvqbrcd.exe"
Startup: C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock First Run.lnk
ShortcutTarget: Dell Dock First Run.lnk -> C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Intuit Data Protect.lnk
ShortcutTarget: Intuit Data Protect.lnk -> C:\Program Files (x86)\Common Files\Intuit\DataProtect\IntuitDataProtect.exe (Intuit Inc.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk
ShortcutTarget: McAfee Security Scan Plus.lnk -> C:\Program Files\McAfee Security Scan\3.8.130\SSScheduler.exe (McAfee, Inc.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\QuickBooks Update Agent.lnk
ShortcutTarget: QuickBooks Update Agent.lnk -> C:\Program Files (x86)\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe (Intuit Inc.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\QuickBooks_Standard_21.lnk
ShortcutTarget: QuickBooks_Standard_21.lnk -> C:\Program Files (x86)\Intuit\QuickBooks 2011\QBW32.EXE (Intuit Inc.)
Startup: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock First Run.lnk
ShortcutTarget: Dell Dock First Run.lnk -> C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation)
Startup: C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock First Run.lnk
ShortcutTarget: Dell Dock First Run.lnk -> C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation)
Startup: C:\Users\Isaiah\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk -> C:\Users\Isaiah\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
Startup: C:\Users\QBDataServiceUser\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock First Run.lnk
ShortcutTarget: Dell Dock First Run.lnk -> C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation)
ShellIconOverlayIdentifiers: AutoCAD Digital Signatures Icon Overlay Handler -> {36A21736-36C2-4C11-8ACB-D4136F2B57BD} => C:\Windows\system32\AcSignIcon.dll (Autodesk, Inc.)
ShellIconOverlayIdentifiers: Carbonite.Green -> {95A27763-F62A-4114-9072-E81D87DE3B68} => C:\Program Files\Carbonite\Carbonite Backup\CarboniteNSE.dll (Carbonite, Inc.)
ShellIconOverlayIdentifiers: Carbonite.Partial -> {E300CD91-100F-4E67-9AF3-1384A6124015} => C:\Program Files\Carbonite\Carbonite Backup\CarboniteNSE.dll (Carbonite, Inc.)
ShellIconOverlayIdentifiers: Carbonite.Yellow -> {5E529433-B50E-4bef-A63B-16A6B71B071A} => C:\Program Files\Carbonite\Carbonite Backup\CarboniteNSE.dll (Carbonite, Inc.)
ShellIconOverlayIdentifiers: DropboxExt1 -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Isaiah\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: DropboxExt2 -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Isaiah\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: DropboxExt3 -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Isaiah\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: DropboxExt4 -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Isaiah\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: AutoCAD Digital Signatures Icon Overlay Handler -> {36A21736-36C2-4C11-8ACB-D4136F2B57BD} => C:\Windows\SysWOW64\AcSignIcon.dll (Autodesk)
ShellIconOverlayIdentifiers-x32: Carbonite.Green -> {95A27763-F62A-4114-9072-E81D87DE3B68} => C:\Program Files (x86)\Carbonite\Carbonite Backup\CarboniteNSE.dll (Carbonite, Inc.)
ShellIconOverlayIdentifiers-x32: Carbonite.Partial -> {E300CD91-100F-4E67-9AF3-1384A6124015} => C:\Program Files (x86)\Carbonite\Carbonite Backup\CarboniteNSE.dll (Carbonite, Inc.)
ShellIconOverlayIdentifiers-x32: Carbonite.Yellow -> {5E529433-B50E-4bef-A63B-16A6B71B071A} => C:\Program Files (x86)\Carbonite\Carbonite Backup\CarboniteNSE.dll (Carbonite, Inc.)
ShellIconOverlayIdentifiers-x32: DropboxExt1 -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Isaiah\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: DropboxExt2 -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Isaiah\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: DropboxExt3 -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Isaiah\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll (Dropbox, Inc.)
BootExecute: autocheck autochk * C:\PROGRA~2\AVG\AVG10\avgchsva.exe /syncC:\PROGRA~2\AVG\AVG10\avgrsa.exe /sync /restart
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
ProxyEnable: Internet Explorer proxy is enabled.
ProxyServer: http=127.0.0.1:52203;https=127.0.0.1:52203;
HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft...=ie&ar=iesearch
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
SearchScopes: HKCU - {0D27E54B-747F-4A12-9445-14DDEE88339C} URL = 
BHO: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: MSS+ Identifier -> {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} -> C:\Program Files\McAfee Security Scan\3.8.130\McAfeeMSS_IE.dll (McAfee, Inc.)
BHO-x32: Adobe PDF Link Helper -> {18DF081C-E8AD-4283-A596-FA578C2EBDC3} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Skype add-on for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
BHO-x32: Free Download Manager -> {CC59E0F9-7E43-44FA-9FAA-8377850BF205} -> C:\Program Files (x86)\Free Download Manager\iefdm2.dll (FreeDownloadManager.ORG)
BHO-x32: Bing Bar Helper -> {d2ce3e00-f94a-4740-988e-03dc2f38c34f} -> C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKLM-x32 - Bing Bar - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
Toolbar: HKCU - No Name - {21FA44EF-376D-4D53-9B0F-8A89D3229068} -  No File
Handler: intu-help-qb4 - {ACE22922-D07C-4860-B51B-8CF472FEC2CB} -  No File
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG10\avgppa.dll (AVG Technologies CZ, s.r.o.)
Handler: qbwc - {FC598A64-626C-4447-85B8-53150405FD57} -  No File
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} -  No File
Handler-x32: http\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: http\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: https\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: https\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: intu-help-qb4 - {ACE22922-D07C-4860-B51B-8CF472FEC2CB} - C:\Program Files (x86)\Intuit\QuickBooks 2011\HelpAsyncPluggableProtocol.dll (Intuit, Inc.)
Handler-x32: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG10\avgpp.dll (AVG Technologies CZ, s.r.o.)
Handler-x32: msdaipp\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: msdaipp\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: qbwc - {FC598A64-626C-4447-85B8-53150405FD57} - C:\Windows\SysWOW64\mscoree.dll (Microsoft Corporation)
Handler-x32: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Filter: text/xml - {807553E5-5146-11D5-A672-00B0D022E945} -  No File
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
 
FireFox:
========
FF ProfilePath: C:\Users\Isaiah\AppData\Roaming\Mozilla\Firefox\Profiles\pqvjg8a6.default
FF DefaultSearchEngine: Ask Search
FF SelectedSearchEngine: Ask Search
FF Homepage: www.yahoo.com
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_14_0_0_145.dll ()
FF Plugin: @java.com/DTPlugin,version=10.7.2 -> C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.7.2 -> C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_14_0_0_145.dll ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @garmin.com/GpsControl -> C:\Program Files (x86)\Garmin GPS Plugin\npGarmin.dll (GARMIN Corp.)
FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin-x32: @java.com/DTPlugin,version=10.65.2 -> C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.65.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @mcafee.com/McAfeeMssPlugin -> C:\Program Files\McAfee Security Scan\3.8.130\npMcAfeeMss.dll (McAfee, Inc.)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MIF5BA~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKCU: @tools.google.com/Google Update;version=3 -> C:\Users\Isaiah\AppData\Local\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKCU: @tools.google.com/Google Update;version=9 -> C:\Users\Isaiah\AppData\Local\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\NPOFFICE.DLL (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin2.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin3.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin4.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin5.dll (Apple Inc.)
FF Extension: Search Toolbar - C:\Users\Isaiah\AppData\Roaming\Mozilla\Firefox\Profiles\pqvjg8a6.default\Extensions\[email protected] [2011-02-19]
FF Extension: Garmin Communicator - C:\Users\Isaiah\AppData\Roaming\Mozilla\Firefox\Profiles\pqvjg8a6.default\Extensions\{195A3098-0BD5-4e90-AE22-BA1C540AFD1E} [2013-11-20]
FF Extension: WOT - C:\Users\Isaiah\AppData\Roaming\Mozilla\Firefox\Profiles\pqvjg8a6.default\Extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7} [2013-11-26]
FF Extension: Shopping App by Ask - C:\Users\Isaiah\AppData\Roaming\Mozilla\Firefox\Profiles\pqvjg8a6.default\Extensions\[email protected] [2014-06-25]
FF Extension: QuickJava - C:\Users\Isaiah\AppData\Roaming\Mozilla\Firefox\Profiles\pqvjg8a6.default\Extensions\{E6C1199F-E687-42da-8C24-E7770CC3AE66}.xpi [2012-02-10]
FF Extension: JavaScript Debugger - C:\Users\Isaiah\AppData\Roaming\Mozilla\Firefox\Profiles\pqvjg8a6.default\Extensions\{f13b157f-b174-47e7-a34d-4815ddfdfeb8}.xpi [2012-02-10]
FF Extension: Java Console - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA} [2014-06-18]
FF HKLM-x32\...\Firefox\Extensions: [{1E73965B-8B48-48be-9C8D-68B920ABC1C4}] - C:\Program Files (x86)\AVG\AVG10\Firefox4
FF Extension: AVG Safe Search - C:\Program Files (x86)\AVG\AVG10\Firefox4 [2011-03-30]
 
Chrome: 
=======
CHR HomePage: hxxp://www.google.com/
CHR DefaultSearchKeyword: trovi.search
CHR DefaultSearchProvider: Trovi search
CHR Plugin: (Shockwave Flash) - C:\Users\Isaiah\AppData\Local\Google\Chrome\Application\36.0.1985.143\gcswf32.dll No File
CHR Plugin: (Shockwave Flash) - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll No File
CHR Plugin: (Remoting Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Users\Isaiah\AppData\Local\Google\Chrome\Application\36.0.1985.143\ppGoogleNaClPluginChrome.dll ()
CHR Plugin: (Chrome PDF Viewer) - C:\Users\Isaiah\AppData\Local\Google\Chrome\Application\36.0.1985.143\pdf.dll ()
CHR Plugin: (AVG Internet Security) - C:\Users\Isaiah\AppData\Local\Google\Chrome\User Data\Default\Extensions\jmfkcklnlgedgbglfkkgedjfmejoahla\10.0.0.1409_0\plugins/avgnpss.dll No File
CHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll (Adobe Systems Inc.)
CHR Plugin: (Java Deployment Toolkit 6.0.300.12) - C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll No File
CHR Plugin: (Java™ Platform SE 6 U30) - C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll No File
CHR Plugin: (QuickTime Plug-in 7.6.9) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.6.9) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin2.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.6.9) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin3.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.6.9) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin4.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.6.9) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin5.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.6.9) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin6.dll No File
CHR Plugin: (QuickTime Plug-in 7.6.9) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin7.dll No File
CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~2\MIF5BA~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
CHR Plugin: (Garmin Communicator Plug-In) - C:\Program Files (x86)\Garmin GPS Plugin\npGarmin.dll (GARMIN Corp.)
CHR Plugin: (Google Earth Plugin) - C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.99\npGoogleUpdate3.dll No File
CHR Plugin: (Windows Live Photo Gallery) - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
CHR Plugin: (iTunes Application Detector) - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
CHR Plugin: (Silverlight Plug-In) - c:\Program Files (x86)\Microsoft Silverlight\4.0.60831.0\npctrl.dll No File
CHR Plugin: (Default Plug-in) - default_plugin No File
CHR Extension: (YouTube) - C:\Users\Isaiah\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2012-02-11]
CHR Extension: (Google Search) - C:\Users\Isaiah\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2012-02-11]
CHR Extension: (No Name) - C:\Users\Isaiah\AppData\Local\Google\Chrome\User Data\Default\Extensions\jmfkcklnlgedgbglfkkgedjfmejoahla [2012-02-11]
CHR Extension: (Google Wallet) - C:\Users\Isaiah\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-08-23]
CHR Extension: (Gmail) - C:\Users\Isaiah\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2012-02-11]
CHR StartMenuInternet: Google Chrome - C:\Users\Isaiah\AppData\Local\Google\Chrome\Application\chrome.exe
 
==================== Services (Whitelisted) =================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
S3 AVG Security Toolbar Service; C:\Program Files (x86)\AVG\AVG10\Toolbar\ToolbarBroker.exe [167264 2011-11-10] ()
R2 AVGIDSAgent; C:\Program Files (x86)\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe [7391072 2012-01-31] (AVG Technologies CZ, s.r.o.)
R2 avgwd; C:\Program Files (x86)\AVG\AVG10\avgwdsvc.exe [269520 2011-02-08] (AVG Technologies CZ, s.r.o.)
R2 DockLoginService; C:\Program Files\Dell\DellDock\DockLogin.exe [155648 2009-06-09] (Stardock Corporation) [File not signed]
S3 McComponentHostService; C:\Program Files\McAfee Security Scan\3.8.130\McCHSvc.exe [288776 2013-09-06] (McAfee, Inc.)
R2 QBCFMonitorService; C:\Program Files (x86)\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe [45056 2012-05-14] (Intuit) [File not signed]
S3 QBFCService; C:\Program Files (x86)\Common Files\Intuit\QuickBooks\FCS\Intuit.QuickBooks.FCS.exe [61440 2009-07-23] (Intuit Inc.) [File not signed]
R2 QBVSS; C:\Program Files (x86)\Common Files\Intuit\DataProtect\QBIDPService.exe [1248256 2011-06-30] (Intuit Inc.) [File not signed]
R2 RapportMgmtService; C:\Program Files (x86)\Trusteer\Rapport\bin\RapportMgmtService.exe [1886488 2014-07-10] (Trusteer Ltd.)
R2 STacSV; C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_0057cbec48a2d7cf\STacSV64.exe [244736 2010-01-20] (IDT, Inc.)
R2 wltrysvc; C:\Program Files\Dell\DW WLAN Card\bcmwltry.exe [4950016 2009-12-16] (Dell Inc.) [File not signed]
S2 RHDCStarter; Ú\Dummy.exe [X]
S2 vToolbarUpdater18.1.9; C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\18.1.9\ToolbarUpdater.exe [X]
 
==================== Drivers (Whitelisted) ====================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
U5 AppMgmt; C:\Windows\system32\svchost.exe [27136 2009-07-13] (Microsoft Corporation)
R3 AVGIDSDriver; C:\Windows\System32\DRIVERS\AVGIDSDriver.Sys [118864 2011-05-27] (AVG Technologies CZ, s.r.o. )
R0 AVGIDSEH; C:\Windows\System32\DRIVERS\AVGIDSEH.Sys [26704 2011-02-22] (AVG Technologies CZ, s.r.o. )
R3 AVGIDSFilter; C:\Windows\System32\DRIVERS\AVGIDSFilter.Sys [29264 2011-02-10] (AVG Technologies CZ, s.r.o. )
R1 Avgldx64; C:\Windows\System32\DRIVERS\avgldx64.sys [312160 2012-11-12] (AVG Technologies CZ, s.r.o.)
R1 Avgmfx64; C:\Windows\System32\DRIVERS\avgmfx64.sys [41552 2011-03-01] (AVG Technologies CZ, s.r.o.)
R0 Avgrkx64; C:\Windows\System32\DRIVERS\avgrkx64.sys [37456 2011-03-16] (AVG Technologies CZ, s.r.o.)
R1 Avgtdia; C:\Windows\System32\DRIVERS\avgtdia.sys [377936 2011-04-05] (AVG Technologies CZ, s.r.o.)
R1 avgtp; C:\Windows\system32\drivers\avgtpx64.sys [50976 2014-08-11] (AVG Technologies)
R1 RapportCerberus_69875; C:\ProgramData\Trusteer\Rapport\store\exts\RapportCerberus\baseline\RapportCerberus64_69875.sys [631128 2014-07-28] ()
R1 RapportEI64; C:\Program Files (x86)\Trusteer\Rapport\bin\x64\RapportEI64.sys [299736 2014-07-10] (Trusteer Ltd.)
R0 RapportKE64; C:\Windows\System32\Drivers\RapportKE64.sys [358616 2014-07-10] (Trusteer Ltd.)
R1 RapportPG64; C:\Program Files (x86)\Trusteer\Rapport\bin\x64\RapportPG64.sys [414296 2014-07-10] (Trusteer Ltd.)
R3 RemotePCHelpDesk; C:\Windows\System32\DRIVERS\RemotePCHelpDesk.sys [13120 2011-06-30] (Pro Softnet Crop provider)
S3 catchme; \??\C:\ComboFix\catchme.sys [X]
S3 SPPD; \??\C:\Windows\system32\drivers\SPPD.sys [X]
 
==================== NetSvcs (Whitelisted) ===================
 
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
 
 
==================== One Month Created Files and Folders ========
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2014-08-18 13:08 - 2014-08-18 13:08 - 00032912 _____ () C:\Users\Isaiah\Desktop\FRST.txt
2014-08-18 12:17 - 2014-08-18 12:18 - 00039422 _____ () C:\Users\Isaiah\Desktop\Addition.txt
2014-08-18 12:15 - 2014-08-18 11:18 - 02101760 _____ (Farbar) C:\Users\Isaiah\Desktop\FRST64.exe
2014-08-18 12:14 - 2014-08-18 12:14 - 00007917 _____ () C:\Users\Isaiah\Desktop\AdwCleaner[S0].txt
2014-08-18 11:37 - 2014-08-18 11:58 - 00000000 ____D () C:\AdwCleaner
2014-08-18 11:37 - 2014-08-18 11:12 - 01361671 _____ () C:\Users\Isaiah\Desktop\AdwCleaner.exe
2014-08-18 11:26 - 2014-08-18 11:26 - 00081157 _____ () C:\Users\Isaiah\Desktop\ComboFix.txt
2014-08-17 19:02 - 2014-08-17 19:02 - 00000000 _____ () C:\Windows\SysWOW64\sho6166.tmp
2014-08-17 18:26 - 2014-08-17 18:26 - 00013332 _____ () C:\Users\Isaiah\Desktop\JRT.txt
2014-08-17 18:05 - 2014-08-17 18:05 - 00000000 ____D () C:\Windows\ERUNT
2014-08-17 18:04 - 2014-08-17 18:04 - 01016261 _____ (Thisisu) C:\Users\Isaiah\Downloads\JRT.exe
2014-08-17 18:02 - 2014-08-17 18:05 - 00000000 ____D () C:\Users\Isaiah\AppData\Roaming\Free Download Manager
2014-08-17 18:00 - 2014-08-17 18:00 - 00001069 _____ () C:\Users\Isaiah\Desktop\Free Download Manager.lnk
2014-08-17 18:00 - 2014-08-17 18:00 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Free Download Manager
2014-08-17 18:00 - 2014-08-17 18:00 - 00000000 ____D () C:\Program Files (x86)\Free Download Manager
2014-08-17 17:49 - 2014-08-17 17:49 - 00000000 ____D () C:\Program Files\B021CBBD-E38E-4F8C-8E93-6624B0597A23
2014-08-17 17:26 - 2014-08-17 17:26 - 00146432 _____ () C:\Users\Isaiah\AppData\Roaming\setup.exe
2014-08-17 17:26 - 2014-08-17 17:26 - 00000007 _____ () C:\Users\Isaiah\AppData\Roaming\loaderRunning.tmp
2014-08-17 17:23 - 2014-08-17 17:24 - 00163784 _____ () C:\Users\Isaiah\Downloads\Setup.exe
2014-08-17 17:19 - 2014-08-17 17:19 - 00081157 _____ () C:\ComboFix.txt
2014-08-17 16:34 - 2014-08-17 16:34 - 00013484 _____ () C:\Users\Isaiah\Desktop\combofix - Shortcut.lnk
2014-08-16 21:29 - 2011-06-26 02:45 - 00256000 _____ () C:\Windows\PEV.exe
2014-08-16 21:29 - 2010-11-07 13:20 - 00208896 _____ () C:\Windows\MBR.exe
2014-08-16 21:29 - 2009-04-20 00:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2014-08-16 21:29 - 2000-08-30 20:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2014-08-16 21:29 - 2000-08-30 20:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2014-08-16 21:29 - 2000-08-30 20:00 - 00098816 _____ () C:\Windows\sed.exe
2014-08-16 21:29 - 2000-08-30 20:00 - 00080412 _____ () C:\Windows\grep.exe
2014-08-16 21:29 - 2000-08-30 20:00 - 00068096 _____ () C:\Windows\zip.exe
2014-08-16 21:28 - 2014-08-17 17:19 - 00000000 ____D () C:\Qoobox
2014-08-16 21:28 - 2014-08-16 22:43 - 00000000 ____D () C:\Windows\erdnt
2014-08-16 21:26 - 2014-08-16 21:26 - 05571320 ____R (Swearware) C:\Users\Isaiah\Downloads\ComboFix.exe
2014-08-16 18:17 - 2014-08-16 18:17 - 00001943 _____ () C:\Users\Isaiah\Desktop\aswMBR.txt
2014-08-16 18:17 - 2014-08-16 18:17 - 00000512 _____ () C:\Users\Isaiah\Desktop\MBR.dat
2014-08-16 18:11 - 2014-08-16 18:11 - 05185536 _____ (AVAST Software) C:\Users\Isaiah\Downloads\aswMBR.exe
2014-08-16 18:07 - 2014-08-16 18:08 - 00039927 _____ () C:\Users\Isaiah\Downloads\Addition.txt
2014-08-16 18:06 - 2014-08-16 18:08 - 00055310 _____ () C:\Users\Isaiah\Downloads\FRST.txt
2014-08-16 18:05 - 2014-08-18 13:08 - 00000000 ____D () C:\FRST
2014-08-16 18:04 - 2014-08-16 18:05 - 02101760 _____ (Farbar) C:\Users\Isaiah\Downloads\FRST64.exe
2014-08-16 03:15 - 2014-08-16 03:15 - 00000000 ____D () C:\Users\Isaiah\AppData\Roaming\Uhxyzu
2014-08-16 03:09 - 2014-08-06 21:52 - 00526848 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-08-16 03:09 - 2014-08-06 21:46 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2014-08-15 18:02 - 2014-08-15 18:02 - 00000000 ____D () C:\Users\Isaiah\AppData\Roaming\Teyfpau
2014-08-15 17:47 - 2014-08-18 12:00 - 00001678 _____ () C:\Windows\PFRO.log
2014-08-15 17:47 - 2014-08-18 12:00 - 00000392 _____ () C:\Windows\setupact.log
2014-08-15 17:47 - 2014-08-15 17:47 - 00000000 _____ () C:\Windows\setuperr.log
2014-08-15 17:45 - 2014-08-15 17:45 - 00145368 _____ () C:\Users\Isaiah\Desktop\OTL.Txt
2014-08-15 17:36 - 2014-08-15 17:36 - 00099396 _____ () C:\Users\Isaiah\Downloads\Extras.Txt
2014-08-15 17:33 - 2014-08-15 17:33 - 00145368 _____ () C:\Users\Isaiah\Downloads\OTL.Txt
2014-08-15 17:18 - 2014-08-15 17:18 - 00602112 _____ (OldTimer Tools) C:\Users\Isaiah\Downloads\OTL.exe
2014-08-15 17:02 - 2014-08-15 17:02 - 00002774 _____ () C:\Windows\System32\Tasks\CCleanerSkipUAC
2014-08-15 17:02 - 2014-08-15 17:02 - 00000824 _____ () C:\Users\Public\Desktop\CCleaner.lnk
2014-08-15 17:02 - 2014-08-15 17:02 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
2014-08-15 17:02 - 2014-08-15 17:02 - 00000000 ____D () C:\Program Files\CCleaner
2014-08-15 17:00 - 2014-08-15 17:00 - 04813544 _____ (Piriform Ltd) C:\Users\Isaiah\Downloads\ccsetup416.exe
2014-08-13 09:42 - 2014-08-13 09:42 - 00000000 ____D () C:\Users\Isaiah\AppData\Roaming\Ybryti
2014-08-12 07:37 - 2014-08-12 07:37 - 00000000 ____D () C:\Users\Isaiah\AppData\Roaming\Wiolico
2014-08-11 07:34 - 2014-08-11 07:34 - 00000000 ____D () C:\Users\Isaiah\AppData\Roaming\Luedzyo
2014-08-09 14:41 - 2014-08-10 12:45 - 00000000 ____D () C:\Users\Isaiah\AppData\Roaming\Liamevx
2014-08-07 15:44 - 2014-08-07 15:46 - 00054932 _____ () C:\Users\Isaiah\Downloads\AMX-Battery-Driver-Update.CAB
2014-08-06 17:52 - 2014-08-06 17:52 - 00000000 ____D () C:\Users\Isaiah\AppData\Roaming\Reynabre
2014-07-30 08:50 - 2014-07-30 08:51 - 00000000 ____D () C:\Users\Isaiah\AppData\Roaming\Ondyys
2014-07-29 13:46 - 2014-07-29 13:46 - 00000000 ____D () C:\Users\Isaiah\AppData\Roaming\Ytraes
2014-07-29 10:11 - 2014-07-11 02:56 - 00272808 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe
2014-07-29 10:10 - 2014-07-11 03:02 - 00098216 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2014-07-29 10:10 - 2014-07-11 02:56 - 00175528 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe
2014-07-29 10:10 - 2014-07-11 02:55 - 00175528 _____ (Oracle Corporation) C:\Windows\SysWOW64\java.exe
2014-07-29 10:09 - 2014-07-29 10:10 - 00004578 _____ () C:\Windows\SysWOW64\jupdate-1.7.0_65-b20.log
2014-07-29 10:07 - 2014-07-29 10:07 - 00918440 _____ (Oracle Corporation) C:\Users\Isaiah\Downloads\jxpiinstall.exe
2014-07-29 10:05 - 2014-07-29 10:05 - 00036601 _____ () C:\Users\Isaiah\AppData\Local\mwvaelve
2014-07-29 09:48 - 2014-07-29 09:48 - 00036601 _____ () C:\Users\Isaiah\AppData\Local\rekvldnw
 
==================== One Month Modified Files and Folders =======
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2014-08-18 13:08 - 2014-08-18 13:08 - 00032912 _____ () C:\Users\Isaiah\Desktop\FRST.txt
2014-08-18 13:08 - 2014-08-16 18:05 - 00000000 ____D () C:\FRST
2014-08-18 12:18 - 2014-08-18 12:17 - 00039422 _____ () C:\Users\Isaiah\Desktop\Addition.txt
2014-08-18 12:14 - 2014-08-18 12:14 - 00007917 _____ () C:\Users\Isaiah\Desktop\AdwCleaner[S0].txt
2014-08-18 12:12 - 2009-07-14 01:10 - 01909577 _____ () C:\Windows\WindowsUpdate.log
2014-08-18 12:08 - 2009-07-14 00:45 - 00019520 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-08-18 12:08 - 2009-07-14 00:45 - 00019520 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-08-18 12:00 - 2014-08-15 17:47 - 00001678 _____ () C:\Windows\PFRO.log
2014-08-18 12:00 - 2014-08-15 17:47 - 00000392 _____ () C:\Windows\setupact.log
2014-08-18 12:00 - 2009-07-14 01:08 - 00032652 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2014-08-18 12:00 - 2009-07-14 01:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-08-18 11:58 - 2014-08-18 11:37 - 00000000 ____D () C:\AdwCleaner
2014-08-18 11:26 - 2014-08-18 11:26 - 00081157 _____ () C:\Users\Isaiah\Desktop\ComboFix.txt
2014-08-18 11:18 - 2014-08-18 12:15 - 02101760 _____ (Farbar) C:\Users\Isaiah\Desktop\FRST64.exe
2014-08-18 11:12 - 2014-08-18 11:37 - 01361671 _____ () C:\Users\Isaiah\Desktop\AdwCleaner.exe
2014-08-17 19:41 - 2014-03-31 07:15 - 00000000 ____D () C:\Windows\system32\MRT
2014-08-17 19:39 - 2009-07-13 23:20 - 00000000 ____D () C:\Windows\system32\NDF
2014-08-17 19:07 - 2009-07-14 01:32 - 00000000 ____D () C:\Program Files (x86)\Windows Defender
2014-08-17 19:04 - 2010-11-19 18:31 - 00000000 ____D () C:\ProgramData\AVG10
2014-08-17 19:03 - 2012-02-14 19:21 - 00020048 _____ (AVG Technologies CZ, s.r.o. ) C:\Windows\system32\Drivers\AFD.SYS
2014-08-17 19:03 - 2009-07-13 20:10 - 00020048 _____ (AVG Technologies CZ, s.r.o. ) C:\Windows\system32\Drivers\WS2IFSL.SYS
2014-08-17 19:02 - 2014-08-17 19:02 - 00000000 _____ () C:\Windows\SysWOW64\sho6166.tmp
2014-08-17 19:00 - 2012-02-11 09:41 - 00000912 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-928644344-3032971394-1657302220-1001UA.job
2014-08-17 18:36 - 2012-09-19 16:26 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-08-17 18:26 - 2014-08-17 18:26 - 00013332 _____ () C:\Users\Isaiah\Desktop\JRT.txt
2014-08-17 18:24 - 2010-08-15 07:27 - 00000898 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-08-17 18:05 - 2014-08-17 18:05 - 00000000 ____D () C:\Windows\ERUNT
2014-08-17 18:05 - 2014-08-17 18:02 - 00000000 ____D () C:\Users\Isaiah\AppData\Roaming\Free Download Manager
2014-08-17 18:04 - 2014-08-17 18:04 - 01016261 _____ (Thisisu) C:\Users\Isaiah\Downloads\JRT.exe
2014-08-17 18:00 - 2014-08-17 18:00 - 00001069 _____ () C:\Users\Isaiah\Desktop\Free Download Manager.lnk
2014-08-17 18:00 - 2014-08-17 18:00 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Free Download Manager
2014-08-17 18:00 - 2014-08-17 18:00 - 00000000 ____D () C:\Program Files (x86)\Free Download Manager
2014-08-17 17:49 - 2014-08-17 17:49 - 00000000 ____D () C:\Program Files\B021CBBD-E38E-4F8C-8E93-6624B0597A23
2014-08-17 17:26 - 2014-08-17 17:26 - 00146432 _____ () C:\Users\Isaiah\AppData\Roaming\setup.exe
2014-08-17 17:26 - 2014-08-17 17:26 - 00000007 _____ () C:\Users\Isaiah\AppData\Roaming\loaderRunning.tmp
2014-08-17 17:24 - 2014-08-17 17:23 - 00163784 _____ () C:\Users\Isaiah\Downloads\Setup.exe
2014-08-17 17:20 - 2014-06-18 09:26 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-08-17 17:19 - 2014-08-17 17:19 - 00081157 _____ () C:\ComboFix.txt
2014-08-17 17:19 - 2014-08-16 21:28 - 00000000 ____D () C:\Qoobox
2014-08-17 17:15 - 2009-07-13 22:34 - 00000215 _____ () C:\Windows\system.ini
2014-08-17 16:34 - 2014-08-17 16:34 - 00013484 _____ () C:\Users\Isaiah\Desktop\combofix - Shortcut.lnk
2014-08-17 16:17 - 2012-02-11 09:41 - 00000860 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-928644344-3032971394-1657302220-1001Core.job
2014-08-17 16:17 - 2010-08-15 07:27 - 00000894 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-08-17 03:05 - 2010-11-19 18:31 - 00000000 ____D () C:\Windows\system32\Drivers\AVG
2014-08-17 03:02 - 2014-07-10 03:29 - 00000000 ___SD () C:\Windows\system32\CompatTel
2014-08-16 22:47 - 2009-07-13 23:20 - 00000000 __RHD () C:\Users\Default
2014-08-16 22:43 - 2014-08-16 21:28 - 00000000 ____D () C:\Windows\erdnt
2014-08-16 21:26 - 2014-08-16 21:26 - 05571320 ____R (Swearware) C:\Users\Isaiah\Downloads\ComboFix.exe
2014-08-16 18:17 - 2014-08-16 18:17 - 00001943 _____ () C:\Users\Isaiah\Desktop\aswMBR.txt
2014-08-16 18:17 - 2014-08-16 18:17 - 00000512 _____ () C:\Users\Isaiah\Desktop\MBR.dat
2014-08-16 18:11 - 2014-08-16 18:11 - 05185536 _____ (AVAST Software) C:\Users\Isaiah\Downloads\aswMBR.exe
2014-08-16 18:08 - 2014-08-16 18:07 - 00039927 _____ () C:\Users\Isaiah\Downloads\Addition.txt
2014-08-16 18:08 - 2014-08-16 18:06 - 00055310 _____ () C:\Users\Isaiah\Downloads\FRST.txt
2014-08-16 18:05 - 2014-08-16 18:04 - 02101760 _____ (Farbar) C:\Users\Isaiah\Downloads\FRST64.exe
2014-08-16 10:28 - 2012-01-04 10:00 - 00000000 ___RD () C:\Users\Isaiah\Dropbox
2014-08-16 10:28 - 2012-01-04 09:56 - 00000000 ____D () C:\Users\Isaiah\AppData\Roaming\Dropbox
2014-08-16 10:27 - 2013-01-22 16:29 - 00000354 _____ () C:\Windows\Tasks\ROC_JAN2013_TB_rmv.job
2014-08-16 03:15 - 2014-08-16 03:15 - 00000000 ____D () C:\Users\Isaiah\AppData\Roaming\Uhxyzu
2014-08-16 03:02 - 2010-10-28 10:41 - 99218768 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-08-15 18:02 - 2014-08-15 18:02 - 00000000 ____D () C:\Users\Isaiah\AppData\Roaming\Teyfpau
2014-08-15 17:59 - 2012-01-04 10:00 - 00001028 _____ () C:\Users\Isaiah\Desktop\Dropbox.lnk
2014-08-15 17:59 - 2012-01-04 09:57 - 00000000 ____D () C:\Users\Isaiah\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
2014-08-15 17:47 - 2014-08-15 17:47 - 00000000 _____ () C:\Windows\setuperr.log
2014-08-15 17:45 - 2014-08-15 17:45 - 00145368 _____ () C:\Users\Isaiah\Desktop\OTL.Txt
2014-08-15 17:36 - 2014-08-15 17:36 - 00099396 _____ () C:\Users\Isaiah\Downloads\Extras.Txt
2014-08-15 17:33 - 2014-08-15 17:33 - 00145368 _____ () C:\Users\Isaiah\Downloads\OTL.Txt
2014-08-15 17:18 - 2014-08-15 17:18 - 00602112 _____ (OldTimer Tools) C:\Users\Isaiah\Downloads\OTL.exe
2014-08-15 17:15 - 2013-08-22 08:10 - 00000000 ____D () C:\Windows\Minidump
2014-08-15 17:15 - 2010-07-20 15:33 - 00000000 ___DC () C:\Users\Isaiah\AppData\Local\MigWiz
2014-08-15 17:15 - 2010-07-16 01:29 - 00000000 ____D () C:\Windows\Panther
2014-08-15 17:02 - 2014-08-15 17:02 - 00002774 _____ () C:\Windows\System32\Tasks\CCleanerSkipUAC
2014-08-15 17:02 - 2014-08-15 17:02 - 00000824 _____ () C:\Users\Public\Desktop\CCleaner.lnk
2014-08-15 17:02 - 2014-08-15 17:02 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
2014-08-15 17:02 - 2014-08-15 17:02 - 00000000 ____D () C:\Program Files\CCleaner
2014-08-15 17:00 - 2014-08-15 17:00 - 04813544 _____ (Piriform Ltd) C:\Users\Isaiah\Downloads\ccsetup416.exe
2014-08-15 16:45 - 2010-09-27 10:14 - 00000000 _____ () C:\Users\Isaiah\AppData\Local\prvlcl.dat
2014-08-15 10:40 - 2009-07-14 01:32 - 00000000 ____D () C:\Windows\system32\FxsTmp
2014-08-13 11:23 - 2010-07-20 19:33 - 00000000 ____D () C:\Land Projects 2004
2014-08-13 09:42 - 2014-08-13 09:42 - 00000000 ____D () C:\Users\Isaiah\AppData\Roaming\Ybryti
2014-08-13 09:00 - 2012-02-11 09:41 - 00002377 _____ () C:\Users\Isaiah\Desktop\Google Chrome.lnk
2014-08-12 07:37 - 2014-08-12 07:37 - 00000000 ____D () C:\Users\Isaiah\AppData\Roaming\Wiolico
2014-08-11 16:55 - 2009-07-14 01:13 - 00006812 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-08-11 16:37 - 2012-11-08 13:24 - 00050976 _____ (AVG Technologies) C:\Windows\system32\Drivers\avgtpx64.sys
2014-08-11 07:34 - 2014-08-11 07:34 - 00000000 ____D () C:\Users\Isaiah\AppData\Roaming\Luedzyo
2014-08-10 12:45 - 2014-08-09 14:41 - 00000000 ____D () C:\Users\Isaiah\AppData\Roaming\Liamevx
2014-08-08 12:21 - 2010-07-20 15:49 - 00000000 ____D () C:\Users\Administrator
2014-08-07 15:46 - 2014-08-07 15:44 - 00054932 _____ () C:\Users\Isaiah\Downloads\AMX-Battery-Driver-Update.CAB
2014-08-06 21:52 - 2014-08-16 03:09 - 00526848 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-08-06 21:46 - 2014-08-16 03:09 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2014-08-06 17:52 - 2014-08-06 17:52 - 00000000 ____D () C:\Users\Isaiah\AppData\Roaming\Reynabre
2014-08-06 11:25 - 2012-04-25 06:34 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2014-07-30 08:51 - 2014-07-30 08:50 - 00000000 ____D () C:\Users\Isaiah\AppData\Roaming\Ondyys
2014-07-29 13:46 - 2014-07-29 13:46 - 00000000 ____D () C:\Users\Isaiah\AppData\Roaming\Ytraes
2014-07-29 10:11 - 2014-01-29 13:19 - 00000000 ____D () C:\ProgramData\Oracle
2014-07-29 10:10 - 2014-07-29 10:09 - 00004578 _____ () C:\Windows\SysWOW64\jupdate-1.7.0_65-b20.log
2014-07-29 10:10 - 2012-09-11 14:23 - 00000000 ____D () C:\Program Files (x86)\Java
2014-07-29 10:07 - 2014-07-29 10:07 - 00918440 _____ (Oracle Corporation) C:\Users\Isaiah\Downloads\jxpiinstall.exe
2014-07-29 10:05 - 2014-07-29 10:05 - 00036601 _____ () C:\Users\Isaiah\AppData\Local\mwvaelve
2014-07-29 09:48 - 2014-07-29 09:48 - 00036601 _____ () C:\Users\Isaiah\AppData\Local\rekvldnw
2014-07-28 17:07 - 2013-08-22 08:19 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Trusteer Endpoint Protection
2014-07-28 16:57 - 2013-03-14 03:06 - 00000000 ____D () C:\Program Files\Microsoft Silverlight
2014-07-28 16:57 - 2013-03-14 03:06 - 00000000 ____D () C:\Program Files (x86)\Microsoft Silverlight
2014-07-25 03:03 - 2013-03-14 03:08 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
2014-07-24 20:13 - 2011-03-03 20:48 - 00019456 _____ () C:\Users\Isaiah\Documents\Moose Permits.xls
 
Some content of TEMP:
====================
C:\Users\Isaiah\AppData\Local\Temp\CloudBackup3686.exe
C:\Users\Isaiah\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpl5isk9.dll
C:\Users\Isaiah\AppData\Local\Temp\nsc6D98.exe
C:\Users\Isaiah\AppData\Local\Temp\nscBD6E.exe
C:\Users\Isaiah\AppData\Local\Temp\nsd82E3.exe
C:\Users\Isaiah\AppData\Local\Temp\nsdAC06.exe
C:\Users\Isaiah\AppData\Local\Temp\nsdD529.exe
C:\Users\Isaiah\AppData\Local\Temp\nsn9610.exe
C:\Users\Isaiah\AppData\Local\Temp\Quarantine.exe
C:\Users\Isaiah\AppData\Local\Temp\System.Data.SQLite.dll
 
 
==================== Bamital & volsnap Check =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
 
 
LastRegBack: 2014-08-17 03:33
 
==================== End Of Log ============================
 
Thanks!
Karen

  • 0

#14
Naathim
Posted 18 August 2014 - 11:32 AM

Naathim

    GeekU Minion

  • Expert
  • 4,568 posts

After this fix you should be able to connect to the internet normally.


If you can't download it on the infected machine, transfer it using USB drive, but bare in mind that both FRST and fixlist have to be in the same location: particularly Desktop, so copy the fixlist to the desktop.


FRST.gif Fix with Farbar Recovery Scan Tool
 

icon_exclaim.gif This fix was created for this user for use on that particular machine. icon_exclaim.gif
icon_exclaim.gif Running it on another one may cause damage and render the system unstable. icon_exclaim.gif


Press the WindowsKey.png + R on your keyboard at the same time. Type Notepad and click OK.

  • Copy the entire content of the codebox below and paste into the Notepad document:
    start
HKU\S-1-5-21-928644344-3032971394-1657302220-1001\...\Run: [lvqcpjha] => "C:\Users\Isaiah\AppData\Local\fkewwvtk.exe"
HKU\S-1-5-21-928644344-3032971394-1657302220-1001\...\Run: [fdjfvowh] => "C:\Users\Isaiah\AppData\Local\ncsakshk.exe"
HKU\S-1-5-21-928644344-3032971394-1657302220-1001\...\Run: [lmkuiwqa] => "C:\Users\Isaiah\AppData\Local\pltlcdfj.exe"
HKU\S-1-5-21-928644344-3032971394-1657302220-1001\...\Run: [moqknlab] => "C:\Users\Isaiah\AppData\Local\mlxchjql.exe"
HKU\S-1-5-21-928644344-3032971394-1657302220-1001\...\Run: [jpsvbbtb] => "C:\Users\Isaiah\AppData\Local\mnevmcsq.exe"
HKU\S-1-5-21-928644344-3032971394-1657302220-1001\...\Run: [bmsujadl] => "C:\Users\Isaiah\AppData\Local\txvqbrcd.exe"
C:\Users\Isaiah\AppData\Local\fkewwvtk.exe
C:\Users\Isaiah\AppData\Local\ncsakshk.exe
C:\Users\Isaiah\AppData\Local\pltlcdfj.exe
C:\Users\Isaiah\AppData\Local\mlxchjql.exe
C:\Users\Isaiah\AppData\Local\mnevmcsq.exe
C:\Users\Isaiah\AppData\Local\txvqbrcd.exe
ProxyEnable: Internet Explorer proxy is enabled.
ProxyServer: http=127.0.0.1:52203;https=127.0.0.1:52203;
Toolbar: HKCU - No Name - {21FA44EF-376D-4D53-9B0F-8A89D3229068} -  No File
Handler: intu-help-qb4 - {ACE22922-D07C-4860-B51B-8CF472FEC2CB} -  No File
Handler: qbwc - {FC598A64-626C-4447-85B8-53150405FD57} -  No File
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} -  No File
Filter: text/xml - {807553E5-5146-11D5-A672-00B0D022E945} -  No File
FF DefaultSearchEngine: Ask Search
FF SelectedSearchEngine: Ask Search
FF Extension: Search Toolbar - C:\Users\Isaiah\AppData\Roaming\Mozilla\Firefox\Profiles\pqvjg8a6.default\Extensions\[email protected] [2011-02-19]
FF Extension: Shopping App by Ask - C:\Users\Isaiah\AppData\Roaming\Mozilla\Firefox\Profiles\pqvjg8a6.default\Extensions\[email protected] [2014-06-25]
C:\Users\Isaiah\AppData\Roaming\Mozilla\Firefox\Profiles\pqvjg8a6.default\Extensions\[email protected]
C:\Users\Isaiah\AppData\Roaming\Mozilla\Firefox\Profiles\pqvjg8a6.default\Extensions\[email protected]
CHR DefaultSearchKeyword: trovi.search
CHR DefaultSearchProvider: Trovi search
CHR DefaultSearchURL: http://www.trovi.com...rchTerms}&SSPV=
CHR DefaultSuggestURL: http://suggest.secci...x={searchTerms}
CHR Plugin: (Shockwave Flash) - C:\Users\Isaiah\AppData\Local\Google\Chrome\Application\36.0.1985.143\gcswf32.dll No File
CHR Plugin: (Shockwave Flash) - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll No File
CHR Plugin: (Java Deployment Toolkit 6.0.300.12) - C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll No File
CHR Plugin: (Java™ Platform SE 6 U30) - C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll No File
S3 AVG Security Toolbar Service; C:\Program Files (x86)\AVG\AVG10\Toolbar\ToolbarBroker.exe [167264 2011-11-10] ()
S2 RHDCStarter; Ú\Dummy.exe [X]
S2 vToolbarUpdater18.1.9; C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\18.1.9\ToolbarUpdater.exe [X]
S3 catchme; \??\C:\ComboFix\catchme.sys [X]
S3 SPPD; \??\C:\Windows\system32\drivers\SPPD.sys [X]
C:\Program Files (x86)\Common Files\AVG Secure Search
C:\Users\Isaiah\AppData\Roaming\Uhxyzu
C:\Users\Isaiah\AppData\Roaming\Teyfpau
C:\Users\Isaiah\AppData\Roaming\Ybryti
C:\Users\Isaiah\AppData\Roaming\Wiolico
C:\Users\Isaiah\AppData\Roaming\Luedzyo
C:\Users\Isaiah\AppData\Roaming\Liamevx
C:\Users\Isaiah\AppData\Roaming\Reynabre
C:\Users\Isaiah\AppData\Roaming\Ondyys
C:\Users\Isaiah\AppData\Roaming\Ytraes
C:\Users\Isaiah\AppData\Local\mwvaelve
C:\Users\Isaiah\AppData\Local\rekvldnw
C:\Windows\SysWOW64\sho6166.tmp
Task: C:\Windows\Tasks\ROC_JAN2013_TB_rmv.job => C:\Program Files (x86)\AVG Secure Search\PostInstall\ROC.exe
Task: {7FF6B4FC-AAAE-4E6E-800E-666332081D23} - System32\Tasks\ROC_JAN2013_TB_rmv => C:\Program Files (x86)\AVG Secure Search\PostInstall\ROC.exe
EmptyTemp:
end
  • Click File, Save As and type fixlist.txt as the File Name.

Both files, FRST and fixlist.txt have to be in the same location or the fix will not work!

  • Right-click on FRST.gif icon and select RunAsAdmin.jpg Run as Administrator to start the tool.
    > XP users click run after receipt of Windows Security Warning - Open File.
    > 8 users will be prompted about Windows SmartScreen protection - click More information and Run.
  • Press the Fix button just once and wait.
  • If for some reason the tool needs a restart, please make sure you let the system restart normally. After that let the tool complete its run.
  • When finished FRST will generate a log on the Desktop, called Fixlog.txt.

Please include it in your reply.


Next


FRST.gif Scan with Farbar Recovery Scan Tool

Please re-run Farbar Recovery Scan Tool.

  • Right-click on FRST.gif icon and select RunAsAdmin.jpg Run as Administrator to start the tool.
    > XP users click run after receipt of Windows Security Warning - Open File.
    > 8 users will be prompted about Windows SmartScreen protection - click More information and Run.
  • Make sure that Addition option is checked.
  • Press Scan button and wait.
  • The tool will produce two logfiles on your desktop: FRST.txt and Addition.txt.

Please include their content in your next reply.


  • 0

#15
plante
Posted 18 August 2014 - 01:30 PM

plante

    Member

  • Topic Starter
  • Member
  • PipPip
  • 63 posts

Hi Naat,  ran the fix and the scan. Was not able to connect, rebooted still unable.

 

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 17-08-2014 01
Ran by Isaiah at 2014-08-18 14:40:59 Run:1
Running from C:\Users\Isaiah\Desktop
Boot Mode: Normal
==============================================
 
Content of fixlist:
*****************
HKU\S-1-5-21-928644344-3032971394-1657302220-1001\...\Run: [lvqcpjha] => "C:\Users\Isaiah\AppData\Local\fkewwvtk.exe"
HKU\S-1-5-21-928644344-3032971394-1657302220-1001\...\Run: [fdjfvowh] =>
"C:\Users\Isaiah\AppData\Local\ncsakshk.exe"
HKU\S-1-5-21-928644344-3032971394-1657302220-1001\...\Run: [lmkuiwqa] => "C:\Users\Isaiah\AppData\Local\pltlcdfj.exe"
HKU\S-1-5-21-928644344-3032971394-1657302220-1001\...\Run: [moqknlab] => "C:\Users\Isaiah\AppData\Local\mlxchjql.exe"
HKU\S-1-5-21-928644344-3032971394-1657302220-1001\...\Run: [jpsvbbtb] => "C:\Users\Isaiah\AppData\Local\mnevmcsq.exe"
HKU\S-1-5-21-928644344-3032971394-1657302220-1001\...\Run: [bmsujadl] => "C:\Users\Isaiah\AppData\Local\txvqbrcd.exe"
C:\Users\Isaiah\AppData\Local\fkewwvtk.exe
C:\Users\Isaiah\AppData\Local\ncsakshk.exe
C:\Users\Isaiah\AppData\Local\pltlcdfj.exe
C:\Users\Isaiah\AppData\Local\mlxchjql.exe
C:\Users\Isaiah\AppData\Local\mnevmcsq.exe
C:\Users\Isaiah\AppData\Local\txvqbrcd.exe
ProxyEnable: Internet Explorer proxy is enabled.
ProxyServer: http=127.0.0.1:52203;https=127.0.0.1:52203;
Toolbar: HKCU - No Name - {21FA44EF-376D-4D53-9B0F-8A89D3229068} -  No File
Handler:
intu-help-qb4 - {ACE22922-D07C-4860-B51B-8CF472FEC2CB} -  No File
Handler: qbwc - {FC598A64-626C-4447-85B8-53150405FD57} -  No File
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} -  No File
Filter: text/xml - {807553E5-5146-11D5-A672-00B0D022E945} -  No File
FF DefaultSearchEngine: Ask Search
FF SelectedSearchEngine: Ask Search
FF Extension: Search Toolbar - C:\Users\Isaiah\AppData\Roaming\Mozilla\Firefox\Profiles\pqvjg8a6.default\Extensions\[email protected] [2011-02-19]
FF Extension: Shopping App by Ask - C:\Users\Isaiah\AppData\Roaming\Mozilla\Firefox\Profiles\pqvjg8a6.default\Extensions\[email protected] [2014-06-25]
C:\Users\Isaiah\AppData\Roaming\Mozilla\Firefox\Profiles\pqvjg8a6.default\Extensions\[email protected]
C:\Users\Isaiah\AppData\Roaming\Mozilla\Firefox\Profiles\pqvjg8a6.default\Extensions\[email protected]
CHR DefaultSearchKeyword: trovi.search
CHR DefaultSearchProvider: Trovi search
CHR
CHR Plugin: (Shockwave Flash) - C:\Users\Isaiah\AppData\Local\Google\Chrome\Application\36.0.1985.143\gcswf32.dll No File
CHR Plugin: (Shockwave Flash) - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll No File
CHR Plugin: (Java Deployment Toolkit 6.0.300.12) - C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll No File
CHR Plugin: (Java™ Platform SE 6 U30) - C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll No File
S3 AVG Security Toolbar Service; C:\Program Files (x86)\AVG\AVG10\Toolbar\ToolbarBroker.exe [167264 2011-11-10] ()
S2 RHDCStarter; Ú\Dummy.exe [X]
S2 vToolbarUpdater18.1.9; C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\18.1.9\ToolbarUpdater.exe [X]
S3 catchme; \??\C:\ComboFix\catchme.sys [X]
S3 SPPD; \??\C:\Windows\system32\drivers\SPPD.sys [X]
C:\Program
Files (x86)\Common Files\AVG Secure Search
C:\Users\Isaiah\AppData\Roaming\Uhxyzu
C:\Users\Isaiah\AppData\Roaming\Teyfpau
C:\Users\Isaiah\AppData\Roaming\Ybryti
C:\Users\Isaiah\AppData\Roaming\Wiolico
C:\Users\Isaiah\AppData\Roaming\Luedzyo
C:\Users\Isaiah\AppData\Roaming\Liamevx
C:\Users\Isaiah\AppData\Roaming\Reynabre
C:\Users\Isaiah\AppData\Roaming\Ondyys
C:\Users\Isaiah\AppData\Roaming\Ytraes
C:\Users\Isaiah\AppData\Local\mwvaelve
C:\Users\Isaiah\AppData\Local\rekvldnw
C:\Windows\SysWOW64\sho6166.tmp
Task: C:\Windows\Tasks\ROC_JAN2013_TB_rmv.job => C:\Program Files (x86)\AVG Secure Search\PostInstall\ROC.exe
Task: {7FF6B4FC-AAAE-4E6E-800E-666332081D23} - System32\Tasks\ROC_JAN2013_TB_rmv => C:\Program Files (x86)\AVG Secure Search\PostInstall\ROC.exe
EmptyTemp:
 
*****************
 
HKU\S-1-5-21-928644344-3032971394-1657302220-1001\Software\Microsoft\Windows\CurrentVersion\Run\\lvqcpjha => value deleted successfully.
HKU\S-1-5-21-928644344-3032971394-1657302220-1001\Software\Microsoft\Windows\CurrentVersion\Run\\fdjfvowh => value deleted successfully.
"C:\Users\Isaiah\AppData\Local\ncsakshk.exe" => File/Directory not found.
HKU\S-1-5-21-928644344-3032971394-1657302220-1001\Software\Microsoft\Windows\CurrentVersion\Run\\lmkuiwqa => value deleted successfully.
HKU\S-1-5-21-928644344-3032971394-1657302220-1001\Software\Microsoft\Windows\CurrentVersion\Run\\moqknlab => value deleted successfully.
HKU\S-1-5-21-928644344-3032971394-1657302220-1001\Software\Microsoft\Windows\CurrentVersion\Run\\jpsvbbtb => value deleted successfully.
HKU\S-1-5-21-928644344-3032971394-1657302220-1001\Software\Microsoft\Windows\CurrentVersion\Run\\bmsujadl => value deleted successfully.
"C:\Users\Isaiah\AppData\Local\fkewwvtk.exe" => File/Directory not found.
"C:\Users\Isaiah\AppData\Local\ncsakshk.exe" => File/Directory not found.
"C:\Users\Isaiah\AppData\Local\pltlcdfj.exe" => File/Directory not found.
"C:\Users\Isaiah\AppData\Local\mlxchjql.exe" => File/Directory not found.
"C:\Users\Isaiah\AppData\Local\mnevmcsq.exe" => File/Directory not found.
"C:\Users\Isaiah\AppData\Local\txvqbrcd.exe" => File/Directory not found.
HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyEnable => value deleted successfully.
HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyServer => value deleted successfully.
HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{21FA44EF-376D-4D53-9B0F-8A89D3229068} => value deleted successfully.
"HKCR\CLSID\{21FA44EF-376D-4D53-9B0F-8A89D3229068}" => Key not found.
Handler: => Error: No automatic fix found for this entry.
intu-help-qb4 - {ACE22922-D07C-4860-B51B-8CF472FEC2CB} -  No File => Error: No automatic fix found for this entry.
"HKCR\PROTOCOLS\Handler\qbwc" => Key deleted successfully.
"HKCR\CLSID\{FC598A64-626C-4447-85B8-53150405FD57}" => Key not found.
"HKCR\PROTOCOLS\Handler\skype-ie-addon-data" => Key deleted successfully.
"HKCR\CLSID\{91774881-D725-4E58-B298-07617B9B86A8}" => Key not found.
"HKCR\PROTOCOLS\Filter\text/xml" => Key deleted successfully.
"HKCR\CLSID\{807553E5-5146-11D5-A672-00B0D022E945}" => Key not found.
Firefox DefaultSearchEngine deleted successfully.
Firefox SelectedSearchEngine deleted successfully.
C:\Users\Isaiah\AppData\Roaming\Mozilla\Firefox\Profiles\pqvjg8a6.default\Extensions\[email protected] => Moved successfully.
C:\Users\Isaiah\AppData\Roaming\Mozilla\Firefox\Profiles\pqvjg8a6.default\Extensions\[email protected] => Moved successfully.
"C:\Users\Isaiah\AppData\Roaming\Mozilla\Firefox\Profiles\pqvjg8a6.default\Extensions\[email protected]" => File/Directory not found.
"C:\Users\Isaiah\AppData\Roaming\Mozilla\Firefox\Profiles\pqvjg8a6.default\Extensions\[email protected]" => File/Directory not found.
Chrome DefaultSearchKeyword deleted successfully.
CHR DefaultSearchProvider: Trovi search ==> The Chrome "Settings" can be used to fix the entry.
CHR => Error: No automatic fix found for this entry.
DefaultSearchURL: http://www.trovi.com...rchTerms}&SSPV= => Error: No automatic fix found for this entry.
Chrome DefaultSuggestURL deleted successfully.
C:\Users\Isaiah\AppData\Local\Google\Chrome\Application\36.0.1985.143\gcswf32.dll not found.
C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll not found.
C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll not found.
C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll not found.
AVG Security Toolbar Service => Service deleted successfully.
RHDCStarter => Service deleted successfully.
vToolbarUpdater18.1.9 => Service deleted successfully.
catchme => Service deleted successfully.
SPPD => Service deleted successfully.
"C:\Program" => File/Directory not found.
Files (x86)\Common Files\AVG Secure Search => Error: No automatic fix found for this entry.
C:\Users\Isaiah\AppData\Roaming\Uhxyzu => Moved successfully.
C:\Users\Isaiah\AppData\Roaming\Teyfpau => Moved successfully.
C:\Users\Isaiah\AppData\Roaming\Ybryti => Moved successfully.
C:\Users\Isaiah\AppData\Roaming\Wiolico => Moved successfully.
C:\Users\Isaiah\AppData\Roaming\Luedzyo => Moved successfully.
C:\Users\Isaiah\AppData\Roaming\Liamevx => Moved successfully.
C:\Users\Isaiah\AppData\Roaming\Reynabre => Moved successfully.
C:\Users\Isaiah\AppData\Roaming\Ondyys => Moved successfully.
C:\Users\Isaiah\AppData\Roaming\Ytraes => Moved successfully.
C:\Users\Isaiah\AppData\Local\mwvaelve => Moved successfully.
C:\Users\Isaiah\AppData\Local\rekvldnw => Moved successfully.
C:\Windows\SysWOW64\sho6166.tmp => Moved successfully.
C:\Windows\Tasks\ROC_JAN2013_TB_rmv.job => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{7FF6B4FC-AAAE-4E6E-800E-666332081D23}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{7FF6B4FC-AAAE-4E6E-800E-666332081D23}" => Key deleted successfully.
C:\Windows\System32\Tasks\ROC_JAN2013_TB_rmv => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\ROC_JAN2013_TB_rmv" => Key deleted successfully.
EmptyTemp: => Removed 414.5 MB temporary data.
 
 
The system needed a reboot. 
 
==== End of Fixlog ====
 
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 17-08-2014 01
Ran by Isaiah (administrator) on DELLSTUDIO17 on 18-08-2014 15:12:30
Running from C:\Users\Isaiah\Desktop
Platform: Windows 7 Home Premium (X64) OS Language: English (United States)
Internet Explorer Version 8
Boot Mode: Normal
 
The only official download link for FRST:
Download link from any site other than Bleeping Computer is unpermitted or outdated.
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG10\avgchsva.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG10\avgrsa.exe
(Trusteer Ltd.) C:\Program Files (x86)\Trusteer\Rapport\bin\RapportMgmtService.exe
(IDT, Inc.) C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_0057cbec48a2d7cf\stacsv64.exe
(Stardock Corporation) C:\Program Files\Dell\DellDock\DockLogin.exe
(Dell Inc.) C:\Program Files\Dell\DW WLAN Card\WLTRYSVC.EXE
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Dell Inc.) C:\Program Files\Dell\DW WLAN Card\BCMWLTRY.EXE
(Andrea Electronics Corporation) C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_0057cbec48a2d7cf\AESTSr64.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG10\avgwdsvc.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Carbonite, Inc. (www.carbonite.com)) C:\Program Files\Carbonite\Carbonite Backup\CarboniteService.exe
(SEIKO EPSON CORPORATION) C:\Program Files\EPSON\EpsonCustomerParticipation\EPCP.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(Microsoft Corporation) C:\Program Files (x86)\Common Files\microsoft shared\VS7DEBUG\MDM.EXE
(O2Micro International) C:\Windows\System32\drivers\o2flash.exe
(Intuit) C:\Program Files (x86)\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG10\avgam.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG10\avgnsa.exe
(Intuit Inc.) C:\Program Files (x86)\Common Files\Intuit\DataProtect\QBIDPService.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE
(SoftThinks SAS) C:\Program Files (x86)\Dell DataSafe Local Backup\SftService.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe
(Microsoft Corporation) C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.24.15\GoogleCrashHandler.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.24.15\GoogleCrashHandler64.exe
(SupportSoft, Inc.) C:\Program Files (x86)\Dell Support Center\bin\sprtsvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG10\avgrsa.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG10\avgcsrva.exe
() C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpd.exe
(Trusteer Ltd.) C:\Program Files (x86)\Trusteer\Rapport\bin\RapportService.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(IDT, Inc.) C:\Program Files\IDT\WDM\sttray64.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Dell Inc.) C:\Program Files\Dell\DW WLAN Card\WLTRAY.EXE
(Microsoft Corporation) C:\Windows\WindowsMobile\wmdc.exe
(Akamai Technologies, Inc.) C:\Users\Isaiah\AppData\Local\Akamai\netsession_win.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Reader 9.0\Reader\reader_sl.exe
() C:\Program Files (x86)\Dell DataSafe Online\DataSafeOnline.exe
(McAfee, Inc.) C:\Program Files\McAfee Security Scan\3.8.130\SSScheduler.exe
(Akamai Technologies, Inc.) C:\Users\Isaiah\AppData\Local\Akamai\netsession_win.exe
(CyberLink Corp.) C:\Program Files (x86)\CyberLink\PowerDVD DX\PDVDDXSrv.exe
(Intuit Inc.) C:\Program Files (x86)\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe
(Intuit Inc.) C:\Program Files (x86)\Intuit\QuickBooks 2011\QBW32.EXE
(Dropbox, Inc.) C:\Users\Isaiah\AppData\Roaming\Dropbox\bin\Dropbox.exe
(Creative Technology Ltd) C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe
() C:\Program Files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe
(SupportSoft, Inc.) C:\Program Files (x86)\Dell Support Center\bin\sprtcmd.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG10\avgtray.exe
(SEIKO EPSON CORPORATION) C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe
(SEIKO EPSON CORPORATION) C:\Program Files (x86)\Epson Software\FAX Utility\FUFAXRCV.exe
(SEIKO EPSON CORPORATION) C:\Program Files (x86)\Epson Software\FAX Utility\FUFAXSTM.exe
(Carbonite, Inc.) C:\Program Files (x86)\Carbonite\Carbonite Backup\CarboniteUI.exe
() C:\Program Files (x86)\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSMonitor.exe
(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
 
 
==================== Registry (Whitelisted) ==================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [1909032 2010-01-14] (Synaptics Incorporated)
HKLM\...\Run: [SysTrayApp] => C:\Program Files\IDT\WDM\sttray64.exe [487424 2010-01-20] (IDT, Inc.)
HKLM\...\Run: [Broadcom Wireless Manager UI] => C:\Program Files\Dell\DW WLAN Card\WLTRAY.exe [5470208 2009-12-16] (Dell Inc.)
HKLM\...\Run: [Windows Mobile Device Center] => C:\Windows\WindowsMobile\wmdc.exe [660360 2007-05-31] (Microsoft Corporation)
HKLM\...\Run: [Logitech Download Assistant] => C:\Windows\system32\rundll32.exe C:\Windows\System32\LogiLDA.dll,LogiFetch
HKLM-x32\...\Run: [Adobe Reader Speed Launcher] => C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe [35696 2009-02-27] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Dell DataSafe Online] => C:\Program Files (x86)\Dell DataSafe Online\DataSafeOnline.exe [1807680 2010-02-09] ()
HKLM-x32\...\Run: [PDVDDXSrv] => C:\Program Files (x86)\CyberLink\PowerDVD DX\PDVDDXSrv.exe [140520 2009-12-29] (CyberLink Corp.)
HKLM-x32\...\Run: [Dell Webcam Central] => C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe [409744 2009-06-24] (Creative Technology Ltd)
HKLM-x32\...\Run: [Desktop Disc Tool] => c:\Program Files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe [498160 2009-10-15] ()
HKLM-x32\...\Run: [DellSupportCenter] => C:\Program Files (x86)\Dell Support Center\bin\sprtcmd.exe [206064 2009-05-21] (SupportSoft, Inc.)
HKLM-x32\...\Run: [AVG_TRAY] => C:\Program Files (x86)\AVG\AVG10\avgtray.exe [2345592 2012-08-01] (AVG Technologies CZ, s.r.o.)
HKLM-x32\...\Run: [Intuit SyncManager] => C:\Program Files (x86)\Common Files\Intuit\Sync\IntuitSyncManager.exe [2215768 2011-09-30] (Intuit Inc. All rights reserved.)
HKLM-x32\...\Run: [EEventManager] => C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe [979328 2010-10-12] (SEIKO EPSON CORPORATION)
HKLM-x32\...\Run: [FUFAXRCV] => C:\Program Files (x86)\Epson Software\FAX Utility\FUFAXRCV.exe [495616 2011-03-09] (SEIKO EPSON CORPORATION)
HKLM-x32\...\Run: [FUFAXSTM] => C:\Program Files (x86)\Epson Software\FAX Utility\FUFAXSTM.exe [856064 2011-03-09] (SEIKO EPSON CORPORATION)
HKLM-x32\...\Run: [LTCM Client] => C:\Program Files (x86)\LTCM Client\ltcmClient.exe [1596096 2009-08-05] (Leader Technologies Inc.)
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [43848 2014-02-12] (Apple Inc.)
HKLM-x32\...\Run: [Carbonite Backup] => C:\Program Files (x86)\Carbonite\Carbonite Backup\CarboniteUI.exe [1056264 2013-10-10] (Carbonite, Inc.)
HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2014-01-17] (Apple Inc.)
HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2014-02-21] (Apple Inc.)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [256896 2014-07-11] (Oracle Corporation)
HKLM-x32\...\RunOnce: ["C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpdate.exe"] => C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpdate.exe [560128 2010-09-26] (Dell)
HKLM-x32\...\RunOnce: [DSUpdateLauncher] => C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpd.exe [161088 2010-07-21] ()
Winlogon\Notify\GoToAssist: C:\Program Files (x86)\Citrix\GoToAssist\514\G2AWinLogon_x64.dll ()
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-928644344-3032971394-1657302220-1001\...\Run: [Akamai NetSession Interface] => C:\Users\Isaiah\AppData\Local\Akamai\netsession_win.exe [4672920 2014-04-17] (Akamai Technologies, Inc.)
HKU\S-1-5-21-928644344-3032971394-1657302220-1001\...\Run: [EPLTarget\P0000000000000000] => C:\Windows\system32\spool\DRIVERS\x64\3\E_YATIHVA.EXE [241280 2014-07-01] (SEIKO EPSON CORPORATION)
Startup: C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock First Run.lnk
ShortcutTarget: Dell Dock First Run.lnk -> C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Intuit Data Protect.lnk
ShortcutTarget: Intuit Data Protect.lnk -> C:\Program Files (x86)\Common Files\Intuit\DataProtect\IntuitDataProtect.exe (Intuit Inc.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk
ShortcutTarget: McAfee Security Scan Plus.lnk -> C:\Program Files\McAfee Security Scan\3.8.130\SSScheduler.exe (McAfee, Inc.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\QuickBooks Update Agent.lnk
ShortcutTarget: QuickBooks Update Agent.lnk -> C:\Program Files (x86)\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe (Intuit Inc.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\QuickBooks_Standard_21.lnk
ShortcutTarget: QuickBooks_Standard_21.lnk -> C:\Program Files (x86)\Intuit\QuickBooks 2011\QBW32.EXE (Intuit Inc.)
Startup: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock First Run.lnk
ShortcutTarget: Dell Dock First Run.lnk -> C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation)
Startup: C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock First Run.lnk
ShortcutTarget: Dell Dock First Run.lnk -> C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation)
Startup: C:\Users\Isaiah\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk -> C:\Users\Isaiah\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
Startup: C:\Users\QBDataServiceUser\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock First Run.lnk
ShortcutTarget: Dell Dock First Run.lnk -> C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation)
ShellIconOverlayIdentifiers: AutoCAD Digital Signatures Icon Overlay Handler -> {36A21736-36C2-4C11-8ACB-D4136F2B57BD} => C:\Windows\system32\AcSignIcon.dll (Autodesk, Inc.)
ShellIconOverlayIdentifiers: Carbonite.Green -> {95A27763-F62A-4114-9072-E81D87DE3B68} => C:\Program Files\Carbonite\Carbonite Backup\CarboniteNSE.dll (Carbonite, Inc.)
ShellIconOverlayIdentifiers: Carbonite.Partial -> {E300CD91-100F-4E67-9AF3-1384A6124015} => C:\Program Files\Carbonite\Carbonite Backup\CarboniteNSE.dll (Carbonite, Inc.)
ShellIconOverlayIdentifiers: Carbonite.Yellow -> {5E529433-B50E-4bef-A63B-16A6B71B071A} => C:\Program Files\Carbonite\Carbonite Backup\CarboniteNSE.dll (Carbonite, Inc.)
ShellIconOverlayIdentifiers: DropboxExt1 -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Isaiah\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: DropboxExt2 -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Isaiah\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: DropboxExt3 -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Isaiah\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: DropboxExt4 -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Isaiah\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: AutoCAD Digital Signatures Icon Overlay Handler -> {36A21736-36C2-4C11-8ACB-D4136F2B57BD} => C:\Windows\SysWOW64\AcSignIcon.dll (Autodesk)
ShellIconOverlayIdentifiers-x32: Carbonite.Green -> {95A27763-F62A-4114-9072-E81D87DE3B68} => C:\Program Files (x86)\Carbonite\Carbonite Backup\CarboniteNSE.dll (Carbonite, Inc.)
ShellIconOverlayIdentifiers-x32: Carbonite.Partial -> {E300CD91-100F-4E67-9AF3-1384A6124015} => C:\Program Files (x86)\Carbonite\Carbonite Backup\CarboniteNSE.dll (Carbonite, Inc.)
ShellIconOverlayIdentifiers-x32: Carbonite.Yellow -> {5E529433-B50E-4bef-A63B-16A6B71B071A} => C:\Program Files (x86)\Carbonite\Carbonite Backup\CarboniteNSE.dll (Carbonite, Inc.)
ShellIconOverlayIdentifiers-x32: DropboxExt1 -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Isaiah\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: DropboxExt2 -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Isaiah\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: DropboxExt3 -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Isaiah\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll (Dropbox, Inc.)
BootExecute: autocheck autochk * C:\PROGRA~2\AVG\AVG10\avgchsva.exe /syncC:\PROGRA~2\AVG\AVG10\avgrsa.exe /sync /restart
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
ProxyEnable: Internet Explorer proxy is enabled.
ProxyServer: http=127.0.0.1:52203;https=127.0.0.1:52203;
HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft...=ie&ar=iesearch
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
SearchScopes: HKCU - {0D27E54B-747F-4A12-9445-14DDEE88339C} URL = 
BHO: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: MSS+ Identifier -> {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} -> C:\Program Files\McAfee Security Scan\3.8.130\McAfeeMSS_IE.dll (McAfee, Inc.)
BHO-x32: Adobe PDF Link Helper -> {18DF081C-E8AD-4283-A596-FA578C2EBDC3} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Skype add-on for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
BHO-x32: Free Download Manager -> {CC59E0F9-7E43-44FA-9FAA-8377850BF205} -> C:\Program Files (x86)\Free Download Manager\iefdm2.dll (FreeDownloadManager.ORG)
BHO-x32: Bing Bar Helper -> {d2ce3e00-f94a-4740-988e-03dc2f38c34f} -> C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKLM-x32 - Bing Bar - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
Handler: intu-help-qb4 - {ACE22922-D07C-4860-B51B-8CF472FEC2CB} -  No File
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG10\avgppa.dll (AVG Technologies CZ, s.r.o.)
Handler-x32: http\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: http\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: https\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: https\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: intu-help-qb4 - {ACE22922-D07C-4860-B51B-8CF472FEC2CB} - C:\Program Files (x86)\Intuit\QuickBooks 2011\HelpAsyncPluggableProtocol.dll (Intuit, Inc.)
Handler-x32: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG10\avgpp.dll (AVG Technologies CZ, s.r.o.)
Handler-x32: msdaipp\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: msdaipp\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
 
FireFox:
========
FF ProfilePath: C:\Users\Isaiah\AppData\Roaming\Mozilla\Firefox\Profiles\pqvjg8a6.default
FF Homepage: www.yahoo.com
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_14_0_0_145.dll ()
FF Plugin: @java.com/DTPlugin,version=10.7.2 -> C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.7.2 -> C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_14_0_0_145.dll ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @garmin.com/GpsControl -> C:\Program Files (x86)\Garmin GPS Plugin\npGarmin.dll (GARMIN Corp.)
FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin-x32: @java.com/DTPlugin,version=10.65.2 -> C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.65.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @mcafee.com/McAfeeMssPlugin -> C:\Program Files\McAfee Security Scan\3.8.130\npMcAfeeMss.dll (McAfee, Inc.)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MIF5BA~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKCU: @tools.google.com/Google Update;version=3 -> C:\Users\Isaiah\AppData\Local\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKCU: @tools.google.com/Google Update;version=9 -> C:\Users\Isaiah\AppData\Local\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\NPOFFICE.DLL (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin2.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin3.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin4.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin5.dll (Apple Inc.)
FF Extension: Garmin Communicator - C:\Users\Isaiah\AppData\Roaming\Mozilla\Firefox\Profiles\pqvjg8a6.default\Extensions\{195A3098-0BD5-4e90-AE22-BA1C540AFD1E} [2013-11-20]
FF Extension: WOT - C:\Users\Isaiah\AppData\Roaming\Mozilla\Firefox\Profiles\pqvjg8a6.default\Extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7} [2013-11-26]
FF Extension: QuickJava - C:\Users\Isaiah\AppData\Roaming\Mozilla\Firefox\Profiles\pqvjg8a6.default\Extensions\{E6C1199F-E687-42da-8C24-E7770CC3AE66}.xpi [2012-02-10]
FF Extension: JavaScript Debugger - C:\Users\Isaiah\AppData\Roaming\Mozilla\Firefox\Profiles\pqvjg8a6.default\Extensions\{f13b157f-b174-47e7-a34d-4815ddfdfeb8}.xpi [2012-02-10]
FF Extension: Java Console - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA} [2014-06-18]
FF HKLM-x32\...\Firefox\Extensions: [{1E73965B-8B48-48be-9C8D-68B920ABC1C4}] - C:\Program Files (x86)\AVG\AVG10\Firefox4
FF Extension: AVG Safe Search - C:\Program Files (x86)\AVG\AVG10\Firefox4 [2011-03-30]
 
Chrome: 
=======
CHR HomePage: hxxp://www.google.com/
CHR DefaultSearchKeyword: trovi.search
CHR DefaultSearchProvider: Trovi search
CHR Plugin: (Shockwave Flash) - C:\Users\Isaiah\AppData\Local\Google\Chrome\Application\36.0.1985.143\gcswf32.dll No File
CHR Plugin: (Shockwave Flash) - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll No File
CHR Plugin: (Remoting Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Users\Isaiah\AppData\Local\Google\Chrome\Application\36.0.1985.143\ppGoogleNaClPluginChrome.dll ()
CHR Plugin: (Chrome PDF Viewer) - C:\Users\Isaiah\AppData\Local\Google\Chrome\Application\36.0.1985.143\pdf.dll ()
CHR Plugin: (AVG Internet Security) - C:\Users\Isaiah\AppData\Local\Google\Chrome\User Data\Default\Extensions\jmfkcklnlgedgbglfkkgedjfmejoahla\10.0.0.1409_0\plugins/avgnpss.dll No File
CHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll (Adobe Systems Inc.)
CHR Plugin: (Java Deployment Toolkit 6.0.300.12) - C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll No File
CHR Plugin: (Java™ Platform SE 6 U30) - C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll No File
CHR Plugin: (QuickTime Plug-in 7.6.9) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.6.9) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin2.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.6.9) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin3.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.6.9) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin4.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.6.9) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin5.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.6.9) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin6.dll No File
CHR Plugin: (QuickTime Plug-in 7.6.9) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin7.dll No File
CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~2\MIF5BA~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
CHR Plugin: (Garmin Communicator Plug-In) - C:\Program Files (x86)\Garmin GPS Plugin\npGarmin.dll (GARMIN Corp.)
CHR Plugin: (Google Earth Plugin) - C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.99\npGoogleUpdate3.dll No File
CHR Plugin: (Windows Live Photo Gallery) - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
CHR Plugin: (iTunes Application Detector) - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
CHR Plugin: (Silverlight Plug-In) - c:\Program Files (x86)\Microsoft Silverlight\4.0.60831.0\npctrl.dll No File
CHR Plugin: (Default Plug-in) - default_plugin No File
CHR Extension: (YouTube) - C:\Users\Isaiah\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2012-02-11]
CHR Extension: (Google Search) - C:\Users\Isaiah\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2012-02-11]
CHR Extension: (No Name) - C:\Users\Isaiah\AppData\Local\Google\Chrome\User Data\Default\Extensions\jmfkcklnlgedgbglfkkgedjfmejoahla [2012-02-11]
CHR Extension: (Google Wallet) - C:\Users\Isaiah\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-08-23]
CHR Extension: (Gmail) - C:\Users\Isaiah\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2012-02-11]
CHR StartMenuInternet: Google Chrome - C:\Users\Isaiah\AppData\Local\Google\Chrome\Application\chrome.exe
 
==================== Services (Whitelisted) =================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 AVGIDSAgent; C:\Program Files (x86)\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe [7391072 2012-01-31] (AVG Technologies CZ, s.r.o.)
R2 avgwd; C:\Program Files (x86)\AVG\AVG10\avgwdsvc.exe [269520 2011-02-08] (AVG Technologies CZ, s.r.o.)
R2 DockLoginService; C:\Program Files\Dell\DellDock\DockLogin.exe [155648 2009-06-09] (Stardock Corporation) [File not signed]
S3 McComponentHostService; C:\Program Files\McAfee Security Scan\3.8.130\McCHSvc.exe [288776 2013-09-06] (McAfee, Inc.)
R2 QBCFMonitorService; C:\Program Files (x86)\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe [45056 2012-05-14] (Intuit) [File not signed]
S3 QBFCService; C:\Program Files (x86)\Common Files\Intuit\QuickBooks\FCS\Intuit.QuickBooks.FCS.exe [61440 2009-07-23] (Intuit Inc.) [File not signed]
R2 QBVSS; C:\Program Files (x86)\Common Files\Intuit\DataProtect\QBIDPService.exe [1248256 2011-06-30] (Intuit Inc.) [File not signed]
R2 RapportMgmtService; C:\Program Files (x86)\Trusteer\Rapport\bin\RapportMgmtService.exe [1886488 2014-07-10] (Trusteer Ltd.)
R2 STacSV; C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_0057cbec48a2d7cf\STacSV64.exe [244736 2010-01-20] (IDT, Inc.)
R2 wltrysvc; C:\Program Files\Dell\DW WLAN Card\bcmwltry.exe [4950016 2009-12-16] (Dell Inc.) [File not signed]
 
==================== Drivers (Whitelisted) ====================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
U5 AppMgmt; C:\Windows\system32\svchost.exe [27136 2009-07-13] (Microsoft Corporation)
R3 AVGIDSDriver; C:\Windows\System32\DRIVERS\AVGIDSDriver.Sys [118864 2011-05-27] (AVG Technologies CZ, s.r.o. )
R0 AVGIDSEH; C:\Windows\System32\DRIVERS\AVGIDSEH.Sys [26704 2011-02-22] (AVG Technologies CZ, s.r.o. )
R3 AVGIDSFilter; C:\Windows\System32\DRIVERS\AVGIDSFilter.Sys [29264 2011-02-10] (AVG Technologies CZ, s.r.o. )
R1 Avgldx64; C:\Windows\System32\DRIVERS\avgldx64.sys [312160 2012-11-12] (AVG Technologies CZ, s.r.o.)
R1 Avgmfx64; C:\Windows\System32\DRIVERS\avgmfx64.sys [41552 2011-03-01] (AVG Technologies CZ, s.r.o.)
R0 Avgrkx64; C:\Windows\System32\DRIVERS\avgrkx64.sys [37456 2011-03-16] (AVG Technologies CZ, s.r.o.)
R1 Avgtdia; C:\Windows\System32\DRIVERS\avgtdia.sys [377936 2011-04-05] (AVG Technologies CZ, s.r.o.)
R1 avgtp; C:\Windows\system32\drivers\avgtpx64.sys [50976 2014-08-11] (AVG Technologies)
R1 RapportCerberus_69875; C:\ProgramData\Trusteer\Rapport\store\exts\RapportCerberus\baseline\RapportCerberus64_69875.sys [631128 2014-07-28] ()
R1 RapportEI64; C:\Program Files (x86)\Trusteer\Rapport\bin\x64\RapportEI64.sys [299736 2014-07-10] (Trusteer Ltd.)
R0 RapportKE64; C:\Windows\System32\Drivers\RapportKE64.sys [358616 2014-07-10] (Trusteer Ltd.)
R1 RapportPG64; C:\Program Files (x86)\Trusteer\Rapport\bin\x64\RapportPG64.sys [414296 2014-07-10] (Trusteer Ltd.)
R3 RemotePCHelpDesk; C:\Windows\System32\DRIVERS\RemotePCHelpDesk.sys [13120 2011-06-30] (Pro Softnet Crop provider)
 
==================== NetSvcs (Whitelisted) ===================
 
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
 
 
==================== One Month Created Files and Folders ========
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2014-08-18 15:12 - 2014-08-18 15:13 - 00031105 _____ () C:\Users\Isaiah\Desktop\FRST.txt
2014-08-18 12:15 - 2014-08-18 11:18 - 02101760 _____ (Farbar) C:\Users\Isaiah\Desktop\FRST64.exe
2014-08-18 12:14 - 2014-08-18 12:14 - 00007917 _____ () C:\Users\Isaiah\Desktop\AdwCleaner[S0].txt
2014-08-18 11:37 - 2014-08-18 11:58 - 00000000 ____D () C:\AdwCleaner
2014-08-18 11:37 - 2014-08-18 11:12 - 01361671 _____ () C:\Users\Isaiah\Desktop\AdwCleaner.exe
2014-08-18 11:26 - 2014-08-18 11:26 - 00081157 _____ () C:\Users\Isaiah\Desktop\ComboFix.txt
2014-08-17 18:26 - 2014-08-17 18:26 - 00013332 _____ () C:\Users\Isaiah\Desktop\JRT.txt
2014-08-17 18:05 - 2014-08-17 18:05 - 00000000 ____D () C:\Windows\ERUNT
2014-08-17 18:04 - 2014-08-17 18:04 - 01016261 _____ (Thisisu) C:\Users\Isaiah\Downloads\JRT.exe
2014-08-17 18:02 - 2014-08-17 18:05 - 00000000 ____D () C:\Users\Isaiah\AppData\Roaming\Free Download Manager
2014-08-17 18:00 - 2014-08-17 18:00 - 00001069 _____ () C:\Users\Isaiah\Desktop\Free Download Manager.lnk
2014-08-17 18:00 - 2014-08-17 18:00 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Free Download Manager
2014-08-17 18:00 - 2014-08-17 18:00 - 00000000 ____D () C:\Program Files (x86)\Free Download Manager
2014-08-17 17:49 - 2014-08-17 17:49 - 00000000 ____D () C:\Program Files\B021CBBD-E38E-4F8C-8E93-6624B0597A23
2014-08-17 17:26 - 2014-08-17 17:26 - 00146432 _____ () C:\Users\Isaiah\AppData\Roaming\setup.exe
2014-08-17 17:26 - 2014-08-17 17:26 - 00000007 _____ () C:\Users\Isaiah\AppData\Roaming\loaderRunning.tmp
2014-08-17 17:23 - 2014-08-17 17:24 - 00163784 _____ () C:\Users\Isaiah\Downloads\Setup.exe
2014-08-17 17:19 - 2014-08-17 17:19 - 00081157 _____ () C:\ComboFix.txt
2014-08-17 16:34 - 2014-08-17 16:34 - 00013484 _____ () C:\Users\Isaiah\Desktop\combofix - Shortcut.lnk
2014-08-16 21:29 - 2011-06-26 02:45 - 00256000 _____ () C:\Windows\PEV.exe
2014-08-16 21:29 - 2010-11-07 13:20 - 00208896 _____ () C:\Windows\MBR.exe
2014-08-16 21:29 - 2009-04-20 00:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2014-08-16 21:29 - 2000-08-30 20:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2014-08-16 21:29 - 2000-08-30 20:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2014-08-16 21:29 - 2000-08-30 20:00 - 00098816 _____ () C:\Windows\sed.exe
2014-08-16 21:29 - 2000-08-30 20:00 - 00080412 _____ () C:\Windows\grep.exe
2014-08-16 21:29 - 2000-08-30 20:00 - 00068096 _____ () C:\Windows\zip.exe
2014-08-16 21:28 - 2014-08-17 17:19 - 00000000 ____D () C:\Qoobox
2014-08-16 21:28 - 2014-08-16 22:43 - 00000000 ____D () C:\Windows\erdnt
2014-08-16 21:26 - 2014-08-16 21:26 - 05571320 ____R (Swearware) C:\Users\Isaiah\Downloads\ComboFix.exe
2014-08-16 18:17 - 2014-08-16 18:17 - 00001943 _____ () C:\Users\Isaiah\Desktop\aswMBR.txt
2014-08-16 18:17 - 2014-08-16 18:17 - 00000512 _____ () C:\Users\Isaiah\Desktop\MBR.dat
2014-08-16 18:11 - 2014-08-16 18:11 - 05185536 _____ (AVAST Software) C:\Users\Isaiah\Downloads\aswMBR.exe
2014-08-16 18:07 - 2014-08-16 18:08 - 00039927 _____ () C:\Users\Isaiah\Downloads\Addition.txt
2014-08-16 18:06 - 2014-08-16 18:08 - 00055310 _____ () C:\Users\Isaiah\Downloads\FRST.txt
2014-08-16 18:05 - 2014-08-18 15:12 - 00000000 ____D () C:\FRST
2014-08-16 18:04 - 2014-08-16 18:05 - 02101760 _____ (Farbar) C:\Users\Isaiah\Downloads\FRST64.exe
2014-08-16 03:09 - 2014-08-06 21:52 - 00526848 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-08-16 03:09 - 2014-08-06 21:46 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2014-08-15 17:47 - 2014-08-18 14:44 - 00003466 _____ () C:\Windows\PFRO.log
2014-08-15 17:47 - 2014-08-18 14:44 - 00000448 _____ () C:\Windows\setupact.log
2014-08-15 17:47 - 2014-08-15 17:47 - 00000000 _____ () C:\Windows\setuperr.log
2014-08-15 17:45 - 2014-08-15 17:45 - 00145368 _____ () C:\Users\Isaiah\Desktop\OTL.Txt
2014-08-15 17:36 - 2014-08-15 17:36 - 00099396 _____ () C:\Users\Isaiah\Downloads\Extras.Txt
2014-08-15 17:33 - 2014-08-15 17:33 - 00145368 _____ () C:\Users\Isaiah\Downloads\OTL.Txt
2014-08-15 17:18 - 2014-08-15 17:18 - 00602112 _____ (OldTimer Tools) C:\Users\Isaiah\Downloads\OTL.exe
2014-08-15 17:02 - 2014-08-15 17:02 - 00002774 _____ () C:\Windows\System32\Tasks\CCleanerSkipUAC
2014-08-15 17:02 - 2014-08-15 17:02 - 00000824 _____ () C:\Users\Public\Desktop\CCleaner.lnk
2014-08-15 17:02 - 2014-08-15 17:02 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
2014-08-15 17:02 - 2014-08-15 17:02 - 00000000 ____D () C:\Program Files\CCleaner
2014-08-15 17:00 - 2014-08-15 17:00 - 04813544 _____ (Piriform Ltd) C:\Users\Isaiah\Downloads\ccsetup416.exe
2014-08-07 15:44 - 2014-08-07 15:46 - 00054932 _____ () C:\Users\Isaiah\Downloads\AMX-Battery-Driver-Update.CAB
2014-07-29 10:11 - 2014-07-11 02:56 - 00272808 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe
2014-07-29 10:10 - 2014-07-11 03:02 - 00098216 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2014-07-29 10:10 - 2014-07-11 02:56 - 00175528 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe
2014-07-29 10:10 - 2014-07-11 02:55 - 00175528 _____ (Oracle Corporation) C:\Windows\SysWOW64\java.exe
2014-07-29 10:09 - 2014-07-29 10:10 - 00004578 _____ () C:\Windows\SysWOW64\jupdate-1.7.0_65-b20.log
2014-07-29 10:07 - 2014-07-29 10:07 - 00918440 _____ (Oracle Corporation) C:\Users\Isaiah\Downloads\jxpiinstall.exe
 
==================== One Month Modified Files and Folders =======
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2014-08-18 15:13 - 2014-08-18 15:12 - 00031105 _____ () C:\Users\Isaiah\Desktop\FRST.txt
2014-08-18 15:12 - 2014-08-16 18:05 - 00000000 ____D () C:\FRST
2014-08-18 15:10 - 2009-07-14 01:10 - 01920217 _____ () C:\Windows\WindowsUpdate.log
2014-08-18 14:52 - 2009-07-14 00:45 - 00019520 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-08-18 14:52 - 2009-07-14 00:45 - 00019520 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-08-18 14:44 - 2014-08-15 17:47 - 00003466 _____ () C:\Windows\PFRO.log
2014-08-18 14:44 - 2014-08-15 17:47 - 00000448 _____ () C:\Windows\setupact.log
2014-08-18 14:44 - 2009-07-14 01:08 - 00032652 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2014-08-18 14:44 - 2009-07-14 01:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-08-18 12:14 - 2014-08-18 12:14 - 00007917 _____ () C:\Users\Isaiah\Desktop\AdwCleaner[S0].txt
2014-08-18 11:58 - 2014-08-18 11:37 - 00000000 ____D () C:\AdwCleaner
2014-08-18 11:26 - 2014-08-18 11:26 - 00081157 _____ () C:\Users\Isaiah\Desktop\ComboFix.txt
2014-08-18 11:18 - 2014-08-18 12:15 - 02101760 _____ (Farbar) C:\Users\Isaiah\Desktop\FRST64.exe
2014-08-18 11:12 - 2014-08-18 11:37 - 01361671 _____ () C:\Users\Isaiah\Desktop\AdwCleaner.exe
2014-08-17 19:41 - 2014-03-31 07:15 - 00000000 ____D () C:\Windows\system32\MRT
2014-08-17 19:39 - 2009-07-13 23:20 - 00000000 ____D () C:\Windows\system32\NDF
2014-08-17 19:07 - 2009-07-14 01:32 - 00000000 ____D () C:\Program Files (x86)\Windows Defender
2014-08-17 19:04 - 2010-11-19 18:31 - 00000000 ____D () C:\ProgramData\AVG10
2014-08-17 19:03 - 2012-02-14 19:21 - 00020048 _____ (AVG Technologies CZ, s.r.o. ) C:\Windows\system32\Drivers\AFD.SYS
2014-08-17 19:03 - 2009-07-13 20:10 - 00020048 _____ (AVG Technologies CZ, s.r.o. ) C:\Windows\system32\Drivers\WS2IFSL.SYS
2014-08-17 19:00 - 2012-02-11 09:41 - 00000912 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-928644344-3032971394-1657302220-1001UA.job
2014-08-17 18:36 - 2012-09-19 16:26 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-08-17 18:26 - 2014-08-17 18:26 - 00013332 _____ () C:\Users\Isaiah\Desktop\JRT.txt
2014-08-17 18:24 - 2010-08-15 07:27 - 00000898 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-08-17 18:05 - 2014-08-17 18:05 - 00000000 ____D () C:\Windows\ERUNT
2014-08-17 18:05 - 2014-08-17 18:02 - 00000000 ____D () C:\Users\Isaiah\AppData\Roaming\Free Download Manager
2014-08-17 18:04 - 2014-08-17 18:04 - 01016261 _____ (Thisisu) C:\Users\Isaiah\Downloads\JRT.exe
2014-08-17 18:00 - 2014-08-17 18:00 - 00001069 _____ () C:\Users\Isaiah\Desktop\Free Download Manager.lnk
2014-08-17 18:00 - 2014-08-17 18:00 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Free Download Manager
2014-08-17 18:00 - 2014-08-17 18:00 - 00000000 ____D () C:\Program Files (x86)\Free Download Manager
2014-08-17 17:49 - 2014-08-17 17:49 - 00000000 ____D () C:\Program Files\B021CBBD-E38E-4F8C-8E93-6624B0597A23
2014-08-17 17:26 - 2014-08-17 17:26 - 00146432 _____ () C:\Users\Isaiah\AppData\Roaming\setup.exe
2014-08-17 17:26 - 2014-08-17 17:26 - 00000007 _____ () C:\Users\Isaiah\AppData\Roaming\loaderRunning.tmp
2014-08-17 17:24 - 2014-08-17 17:23 - 00163784 _____ () C:\Users\Isaiah\Downloads\Setup.exe
2014-08-17 17:20 - 2014-06-18 09:26 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-08-17 17:19 - 2014-08-17 17:19 - 00081157 _____ () C:\ComboFix.txt
2014-08-17 17:19 - 2014-08-16 21:28 - 00000000 ____D () C:\Qoobox
2014-08-17 17:15 - 2009-07-13 22:34 - 00000215 _____ () C:\Windows\system.ini
2014-08-17 16:34 - 2014-08-17 16:34 - 00013484 _____ () C:\Users\Isaiah\Desktop\combofix - Shortcut.lnk
2014-08-17 16:17 - 2012-02-11 09:41 - 00000860 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-928644344-3032971394-1657302220-1001Core.job
2014-08-17 16:17 - 2010-08-15 07:27 - 00000894 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-08-17 03:05 - 2010-11-19 18:31 - 00000000 ____D () C:\Windows\system32\Drivers\AVG
2014-08-17 03:02 - 2014-07-10 03:29 - 00000000 ___SD () C:\Windows\system32\CompatTel
2014-08-16 22:47 - 2009-07-13 23:20 - 00000000 __RHD () C:\Users\Default
2014-08-16 22:43 - 2014-08-16 21:28 - 00000000 ____D () C:\Windows\erdnt
2014-08-16 21:26 - 2014-08-16 21:26 - 05571320 ____R (Swearware) C:\Users\Isaiah\Downloads\ComboFix.exe
2014-08-16 18:17 - 2014-08-16 18:17 - 00001943 _____ () C:\Users\Isaiah\Desktop\aswMBR.txt
2014-08-16 18:17 - 2014-08-16 18:17 - 00000512 _____ () C:\Users\Isaiah\Desktop\MBR.dat
2014-08-16 18:11 - 2014-08-16 18:11 - 05185536 _____ (AVAST Software) C:\Users\Isaiah\Downloads\aswMBR.exe
2014-08-16 18:08 - 2014-08-16 18:07 - 00039927 _____ () C:\Users\Isaiah\Downloads\Addition.txt
2014-08-16 18:08 - 2014-08-16 18:06 - 00055310 _____ () C:\Users\Isaiah\Downloads\FRST.txt
2014-08-16 18:05 - 2014-08-16 18:04 - 02101760 _____ (Farbar) C:\Users\Isaiah\Downloads\FRST64.exe
2014-08-16 10:28 - 2012-01-04 10:00 - 00000000 ___RD () C:\Users\Isaiah\Dropbox
2014-08-16 10:28 - 2012-01-04 09:56 - 00000000 ____D () C:\Users\Isaiah\AppData\Roaming\Dropbox
2014-08-16 03:02 - 2010-10-28 10:41 - 99218768 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-08-15 17:59 - 2012-01-04 10:00 - 00001028 _____ () C:\Users\Isaiah\Desktop\Dropbox.lnk
2014-08-15 17:59 - 2012-01-04 09:57 - 00000000 ____D () C:\Users\Isaiah\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
2014-08-15 17:47 - 2014-08-15 17:47 - 00000000 _____ () C:\Windows\setuperr.log
2014-08-15 17:45 - 2014-08-15 17:45 - 00145368 _____ () C:\Users\Isaiah\Desktop\OTL.Txt
2014-08-15 17:36 - 2014-08-15 17:36 - 00099396 _____ () C:\Users\Isaiah\Downloads\Extras.Txt
2014-08-15 17:33 - 2014-08-15 17:33 - 00145368 _____ () C:\Users\Isaiah\Downloads\OTL.Txt
2014-08-15 17:18 - 2014-08-15 17:18 - 00602112 _____ (OldTimer Tools) C:\Users\Isaiah\Downloads\OTL.exe
2014-08-15 17:15 - 2013-08-22 08:10 - 00000000 ____D () C:\Windows\Minidump
2014-08-15 17:15 - 2010-07-20 15:33 - 00000000 ___DC () C:\Users\Isaiah\AppData\Local\MigWiz
2014-08-15 17:15 - 2010-07-16 01:29 - 00000000 ____D () C:\Windows\Panther
2014-08-15 17:02 - 2014-08-15 17:02 - 00002774 _____ () C:\Windows\System32\Tasks\CCleanerSkipUAC
2014-08-15 17:02 - 2014-08-15 17:02 - 00000824 _____ () C:\Users\Public\Desktop\CCleaner.lnk
2014-08-15 17:02 - 2014-08-15 17:02 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
2014-08-15 17:02 - 2014-08-15 17:02 - 00000000 ____D () C:\Program Files\CCleaner
2014-08-15 17:00 - 2014-08-15 17:00 - 04813544 _____ (Piriform Ltd) C:\Users\Isaiah\Downloads\ccsetup416.exe
2014-08-15 16:45 - 2010-09-27 10:14 - 00000000 _____ () C:\Users\Isaiah\AppData\Local\prvlcl.dat
2014-08-15 10:40 - 2009-07-14 01:32 - 00000000 ____D () C:\Windows\system32\FxsTmp
2014-08-13 11:23 - 2010-07-20 19:33 - 00000000 ____D () C:\Land Projects 2004
2014-08-13 09:00 - 2012-02-11 09:41 - 00002377 _____ () C:\Users\Isaiah\Desktop\Google Chrome.lnk
2014-08-11 16:55 - 2009-07-14 01:13 - 00006812 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-08-11 16:37 - 2012-11-08 13:24 - 00050976 _____ (AVG Technologies) C:\Windows\system32\Drivers\avgtpx64.sys
2014-08-08 12:21 - 2010-07-20 15:49 - 00000000 ____D () C:\Users\Administrator
2014-08-07 15:46 - 2014-08-07 15:44 - 00054932 _____ () C:\Users\Isaiah\Downloads\AMX-Battery-Driver-Update.CAB
2014-08-06 21:52 - 2014-08-16 03:09 - 00526848 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-08-06 21:46 - 2014-08-16 03:09 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2014-08-06 11:25 - 2012-04-25 06:34 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2014-07-29 10:11 - 2014-01-29 13:19 - 00000000 ____D () C:\ProgramData\Oracle
2014-07-29 10:10 - 2014-07-29 10:09 - 00004578 _____ () C:\Windows\SysWOW64\jupdate-1.7.0_65-b20.log
2014-07-29 10:10 - 2012-09-11 14:23 - 00000000 ____D () C:\Program Files (x86)\Java
2014-07-29 10:07 - 2014-07-29 10:07 - 00918440 _____ (Oracle Corporation) C:\Users\Isaiah\Downloads\jxpiinstall.exe
2014-07-28 17:07 - 2013-08-22 08:19 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Trusteer Endpoint Protection
2014-07-28 16:57 - 2013-03-14 03:06 - 00000000 ____D () C:\Program Files\Microsoft Silverlight
2014-07-28 16:57 - 2013-03-14 03:06 - 00000000 ____D () C:\Program Files (x86)\Microsoft Silverlight
2014-07-25 03:03 - 2013-03-14 03:08 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
2014-07-24 20:13 - 2011-03-03 20:48 - 00019456 _____ () C:\Users\Isaiah\Documents\Moose Permits.xls
 
Some content of TEMP:
====================
C:\Users\Isaiah\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpjmmlh4.dll
C:\Users\Isaiah\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpkhje7x.dll
 
 
==================== Bamital & volsnap Check =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
 
 
LastRegBack: 2014-08-17 03:33
 
==================== End Of Log ============================
 
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 17-08-2014 01
Ran by Isaiah at 2014-08-18 15:13:31
Running from C:\Users\Isaiah\Desktop
Boot Mode: Normal
==========================================================
 
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
AV: AVG Anti-Virus 2011 (Enabled - Up to date) {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}
AS: AVG Anti-Virus 2011 (Enabled - Up to date) {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}
AS: Windows Defender (Disabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 
==================== Installed Programs ======================
 
(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
Adobe Digital Editions (HKLM-x32\...\Digital Editions) (Version:  - )
Adobe Flash Player 10 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 10.0.42.34 - Adobe Systems Incorporated)
Adobe Flash Player 14 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 14.0.0.145 - Adobe Systems Incorporated)
Adobe Reader 9.1.2 (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-A91000000001}) (Version: 9.1.2 - Adobe Systems Incorporated)
Advanced Audio FX Engine (HKLM-x32\...\Advanced Audio FX Engine) (Version: 1.12.05 - Creative Technology Ltd)
Akamai NetSession Interface (HKCU\...\Akamai) (Version:  - Akamai Technologies, Inc)
allday savings (HKLM\...\B021CBBD-E38E-4F8C-8E93-6624B0597A23) (Version: 2.0.1 - allday savings) <==== ATTENTION
Any PDF to DWG Converter 2013 (HKLM-x32\...\Any PDF to DWG Converter_is1) (Version:  - AnyDWG Software, Inc.)
Apple Application Support (HKLM-x32\...\{AAC5D43E-816D-4C2D-8E51-55FFF35BE301}) (Version: 3.0.1 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{787136D2-F0F8-4625-AA3F-72D7795AC842}) (Version: 7.1.1.3 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
Ask Shopping Toolbar (HKLM-x32\...\{4F524A00-6A76-A76A-76A7-A758B70C0F05}) (Version: 12.15.5.6 - APN, LLC) <==== ATTENTION
AutoCAD Express Tools Volumes 1-9 (HKLM-x32\...\{5783F2D7-0211-0409-0000-0060B0CE6BBA}) (Version: 1.0.0.0 - Autodesk)
Autodesk Civil Series 2004 (HKLM-x32\...\{5783F2D7-0218-0409-0000-0060B0CE6BBA}) (Version: 7.26.0.118 - Autodesk)
Autodesk Express Viewer (HKLM-x32\...\Autodesk Express Viewer) (Version: 3.1 - Autodesk, Inc.)
Autodesk Land 2004 Object Enabler (HKLM-x32\...\{F9045147-2659-4942-8CB8-318EB7A375CA}) (Version: 4.0.017 - Autodesk, Inc.)
AutoTURN 7 Demo (HKLM-x32\...\AutoTURN 7 Demo) (Version: 7.0 Demo - Transoft Solutions)
AVG 2011 (HKLM\...\AVG) (Version: 10.0.1432 - AVG Technologies)
AVG 2011 (Version: 10.0.1432 - AVG Technologies) Hidden
AVG 2011 (Version: 10.0.3955 - AVG Technologies) Hidden
Banctec Service Agreement (HKLM-x32\...\{42D68A86-DB1C-4256-B8C9-5D0D92919AF5}) (Version: 2.0.0 - Dell Inc.)
Bing Bar (HKLM-x32\...\{77F8A71E-3515-4832-B8B2-2F1EDBD2E0F1}) (Version: 7.0.609.0 - Microsoft Corporation)
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
Bullzip PDF Printer 7.1.0.1218 (HKLM\...\Bullzip PDF Printer_is1) (Version: 7.1.0.1218 - Bullzip)
Carbonite (HKLM-x32\...\Carbonite Backup) (Version: 5.5.0 build 3621  (Oct-10-2013) - Carbonite)
Carlson X-Port (HKLM-x32\...\Carlson X-Port) (Version:  - )
CCleaner (HKLM\...\CCleaner) (Version: 4.16 - Piriform)
Cisco EAP-FAST Module (HKLM-x32\...\{64BF0187-F3D2-498B-99EA-163AF9AE6EC9}) (Version: 2.2.14 - Cisco Systems, Inc.)
Cisco LEAP Module (HKLM-x32\...\{51C7AD07-C3F6-4635-8E8A-231306D810FE}) (Version: 1.0.19 - Cisco Systems, Inc.)
Cisco PEAP Module (HKLM-x32\...\{ED5776D5-59B4-46B7-AF81-5F2D94D7C640}) (Version: 1.1.6 - Cisco Systems, Inc.)
Compatibility Pack for the 2007 Office system (HKLM-x32\...\{90120000-0020-0409-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
Dell DataSafe Local Backup - Support Software (HKLM-x32\...\{A9668246-FB70-4103-A1E3-66C9BC2EFB49}) (Version: 2.41 - Dell)
Dell DataSafe Local Backup (HKLM-x32\...\{0ED7EE95-6A97-47AA-AD73-152C08A15B04}) (Version: 9.4.45 - Dell)
Dell DataSafe Online (HKLM-x32\...\{13766F76-6C8C-4E57-A9F3-3212D1C6E0D1}) (Version: 1.2.0011 - Dell, Inc.)
Dell Dock (HKLM-x32\...\Dell Dock) (Version:  - Stardock Corporation)
Dell Dock (Version: 2.0 - Stardock Corporation) Hidden
Dell Edoc Viewer (HKLM\...\{8EBA8727-ADC2-477B-9D9A-1A1836BE4E05}) (Version: 1.0.0 - Dell Inc)
Dell Getting Started Guide (HKLM-x32\...\{7DB9F1E5-9ACB-410D-A7DC-7A3D023CE045}) (Version: 1.00.0000 - Dell Inc.)
Dell Support Center (Support Software) (HKLM-x32\...\{E3BFEE55-39E2-4BE0-B966-89FE583822C1}) (Version: 2.5.09100 - Dell)
Dell Webcam Central (HKLM-x32\...\Dell Webcam Central) (Version: 1.40.05 - Creative Technology Ltd)
Dropbox (HKCU\...\Dropbox) (Version: 2.10.27 - Dropbox, Inc.)
DW WLAN Card Utility (HKLM\...\DW WLAN Card Utility) (Version: 5.60.48.18 - Dell Inc.)
DWG TrueView 2013 (HKLM\...\DWG TrueView 2013) (Version: 19.0.55.0 - Autodesk)
DWG TrueView 2013 (Version: 19.0.55.0 - Autodesk) Hidden
Epson Connect (HKLM-x32\...\{64BA551C-9AF6-495C-93F3-D1270E0045FC}) (Version:  - )
Epson Connect Printer Setup (HKLM-x32\...\{D9B1D51B-EB56-410D-AEB5-1CCFAC4B6C8C}) (Version: 1.0.2 - SEIKO EPSON CORPORATION)
Epson Customer Participation (HKLM\...\{814FA673-A085-403C-9545-747FC1495069}) (Version: 1.0.0.0 - SEIKO EPSON CORPORATION)
Epson Download Navigator (HKLM-x32\...\{10F63395-157F-4B93-AB4D-702A2FF11942}) (Version: 1.0.1 - SEIKO EPSON CORPORATION)
Epson Event Manager (HKLM-x32\...\{FA9D303D-0FB2-49C7-9397-8E6B11EA892D}) (Version: 2.50.0001 - SEIKO EPSON CORPORATION)
Epson FAX Utility (HKLM-x32\...\{0CBE6C93-CB2E-4378-91EE-12BE6D4E2E4A}) (Version: 1.20.00 - SEIKO EPSON CORPORATION)
Epson PC-FAX Driver (HKLM-x32\...\EPSON PC-FAX Driver 2) (Version:  - )
EPSON Scan (HKLM-x32\...\EPSON Scanner) (Version:  - Seiko Epson Corporation)
EPSON WorkForce 645 Series Printer Uninstall (HKLM\...\EPSON WorkForce 645 Series) (Version:  - SEIKO EPSON Corporation)
EpsonNet Print (HKLM-x32\...\{3E31400D-274E-4647-916C-2CACC3741799}) (Version: 2.4j - SEIKO EPSON CORPORATION)
Free Download Manager 3.9.4 (HKLM-x32\...\Free Download Manager_is1) (Version:  - FreeDownloadManager.ORG)
FreeRIP v3.5 (HKLM-x32\...\{501451DE-5808-4599-B544-8BD0915B6B24}_is1) (Version: 3.5 - MGShareware)
Garmin Communicator Plugin (HKLM-x32\...\{B1EE1CC5-6CED-4801-BFFF-8454F21A245A}) (Version: 2.9.3 - Garmin Ltd or its subsidiaries)
Garmin USB Drivers (HKLM-x32\...\{510D2239-6C2E-457B-9590-485EC552D94D}) (Version: 2.3.0.0 - Garmin Ltd or its subsidiaries)
GeoMax Assistant Zenith25 (HKLM-x32\...\InstallShield_{1D4627BB-93FF-492C-A913-81BF9A143CCA}) (Version: 1.83 - Hexagon)
GeoMax Assistant Zenith25 (x32 Version: 1.83 - Hexagon) Hidden
Google Chrome (HKCU\...\Google Chrome) (Version: 36.0.1985.143 - Google Inc.)
Google Earth (HKLM-x32\...\{4D2A6330-2F8B-11E3-9C40-B8AC6F97B88E}) (Version: 7.1.2.2041 - Google)
Google Earth Pro (HKLM-x32\...\{9BCC60E1-EAE1-11E2-A9F0-B8AC6F98CCE3}) (Version: 7.1.1.1888 - Google)
Google Update Helper (x32 Version: 1.3.24.15 - Google Inc.) Hidden
GoToAssist 8.0.0.514 (HKLM-x32\...\GoToAssist) (Version:  - )
GPL Ghostscript Lite 8.70 (HKLM-x32\...\GPL Ghostscript Lite_is1) (Version:  - )
HydroCAD (HKLM-x32\...\HydroCAD) (Version:  - )
iCloud (HKLM\...\{81E20D41-C277-4526-934D-F2380AF91B78}) (Version: 3.1.0.40 - Apple Inc.)
Intel® Graphics Media Accelerator Driver (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 8.15.10.2104 - Intel Corporation)
Intel® Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 6.0.0.1179 - Intel Corporation)
iTunes (HKLM\...\{B8BA155B-1E75-405F-9CB4-8A99615D09DC}) (Version: 11.1.5.5 - Apple Inc.)
Java 7 Update 65 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83217051FF}) (Version: 7.0.650 - Oracle)
Java 7 Update 7 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86417007FF}) (Version: 7.0.70 - Oracle)
Java Auto Updater (x32 Version: 2.1.65.20 - Oracle, Inc.) Hidden
Java™ 6 Update 20 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86416020FF}) (Version: 6.0.200 - Sun Microsystems, Inc.)
Java™ 6 Update 35 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83216035FF}) (Version: 6.0.350 - Oracle)
Junk Mail filter update (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Live! Cam Avatar Creator (HKLM-x32\...\{65D0C510-D7B6-4438-9FC8-E6B91115AB0D}) (Version: 4.6.3009.1 - Creative Technology Ltd)
LoJack Factory Installer (HKLM-x32\...\{40F4FF7A-B214-4453-B973-080B09CED019}) (Version: 1.0.0 - Absolute Software)
LTCM Client (HKLM-x32\...\LTCM Client) (Version:  - Leader Technologies Inc.)
McAfee Security Scan Plus (HKLM\...\McAfee Security Scan) (Version: 3.8.130.10 - McAfee, Inc.)
MdbConverter (HKLM-x32\...\{00DA624A-4D28-470A-A3F7-F833FD9C69B7}) (Version: 4.2.0 - GeoSystems)
Microsoft .NET Framework 1.1 (HKLM-x32\...\{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}) (Version: 1.1.4322 - Microsoft)
Microsoft .NET Framework 4 Client Profile (HKLM\...\Microsoft .NET Framework 4 Client Profile) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4 Extended (HKLM\...\Microsoft .NET Framework 4 Extended) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft .NET Framework 4 Extended (Version: 4.0.30319 - Microsoft Corporation) Hidden
Microsoft Application Error Reporting (Version: 12.0.6015.5000 - Microsoft Corporation) Hidden
Microsoft Office 2003 Primary Interop Assemblies (HKLM-x32\...\{91490409-6000-11D3-8CFE-0150048383C9}) (Version: 11.0.6553.0 - Microsoft Corporation)
Microsoft Office 2010 (HKLM-x32\...\{95140000-0070-0000-0000-0000000FF1CE}) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Office Basic Edition 2003 (HKLM-x32\...\{91130409-6000-11D3-8CFE-0150048383C9}) (Version: 11.0.8173.0 - Microsoft Corporation)
Microsoft Office Click-to-Run 2010 (HKLM-x32\...\Office14.Click2Run) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Office Click-to-Run 2010 (Version: 14.0.4763.1000 - Microsoft Corporation) Hidden
Microsoft Office File Validation Add-In (HKLM-x32\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
Microsoft Office Starter 2010 - English (HKLM-x32\...\{90140011-0066-0409-0000-0000000FF1CE}) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053 (HKLM\...\{B6E3757B-5E77-3915-866A-CCFC4B8D194C}) (Version: 8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable - KB2467175 (HKLM-x32\...\{a0fe116e-9a8a-466f-aee0-625cb7c207e3}) (Version: 8.0.51011 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{052bac4a-6f79-46d4-a024-1ce1b4f73cd4}) (Version: 8.0.58299 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) - KB2467175 (HKLM\...\{aac9fcc4-dd9e-4add-901c-b5496a07ab2e}) (Version: 8.0.51011 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 ATL Update kb973924 - x64 9.0.30729.4148 (HKLM\...\{EE936C7A-EA40-31D5-9B65-8E3E089C3828}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x64 9.0.30729.5570 (HKLM\...\{8338783A-0968-3B85-AFC7-BAAE0A63DC50}) (Version: 9.0.30729.5570 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 (HKLM-x32\...\{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}) (Version: 9.0.30729.5570 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (HKLM-x32\...\{820B6609-4C97-3A2B-B644-573B06A0F0CC}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual Studio 2005 Tools for Office Runtime (HKLM-x32\...\Microsoft Visual Studio 2005 Tools for Office Runtime) (Version:  - Microsoft Corporation)
Microsoft Visual Studio 2005 Tools for Office Runtime (x32 Version: 8.0.60940.0 - Microsoft Corporation) Hidden
Mozilla Firefox 31.0 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 31.0 (x86 en-US)) (Version: 31.0 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 29.0 - Mozilla)
MSVCRT (x32 Version: 15.4.2862.0708 - Microsoft) Hidden
MSVCRT_amd64 (x32 Version: 15.4.2862.0708 - Microsoft) Hidden
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
MSXML 4.0 SP2 Parser and SDK (HKLM-x32\...\{716E0306-8318-4364-8B8F-0CC4E9376BAC}) (Version: 4.20.9818.0 - Microsoft Corporation)
OfficeSharedAddInSetup (HKLM-x32\...\{3D316CFB-1825-4030-A13A-29D18DC6B177}) (Version: 1.0.0 - Smart Soft)
PDFill PDF Editor with FREE Writer and FREE Tools (HKLM\...\{D1399216-81B2-457C-A0F7-73B9A2EF6902}) (Version: 10.0 - PlotSoft LLC)
PowerDVD DX (HKLM-x32\...\{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}) (Version: 8.3.6029 - CyberLink Corp.)
QuickBooks (x32 Version: 21.0.4011.904 - Intuit Inc.) Hidden
QuickBooks Pro 2011 (HKLM-x32\...\{11E0AC7D-6822-4F67-865F-EE1C13D28C38}) (Version: 21.0.4011.904 - Intuit Inc.)
Quickset64 (HKLM\...\{87CF757E-C1F1-4D22-865C-00C6950B5258}) (Version: 10.3.2 - Dell Inc.)
QuickTime 7 (HKLM-x32\...\{111EE7DF-FC45-40C7-98A7-753AC46B12FB}) (Version: 7.75.80.95 - Apple Inc.)
Rapport (Version: 3.5.1205.20 - Trusteer) Hidden
Rapport (x32 Version: 3.5.1307.109 - Trusteer) Hidden
Roxio Burn (HKLM-x32\...\{B2E47DE7-800B-40BB-BD1F-9F221C3AEE87}) (Version: 1.01 - Roxio)
Roxio Burn (x32 Version: 1.01 - Roxio) Hidden
Search Toolbar (HKLM-x32\...\Search Toolbar) (Version: 1.2 - Zugo Ltd) <==== ATTENTION
Shopping App by Ask (HKLM-x32\...\{4F524A2D-5354-2D53-5045-A758B70C0F01}) (Version: 12.15.1.21 - APN, LLC)
Skype Toolbars (HKLM-x32\...\{981029E0-7FC9-4CF3-AB39-6F133621921A}) (Version: 1.0.4051 - Skype Technologies S.A.)
Skype™ 6.11 (HKLM-x32\...\{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}) (Version: 6.11.102 - Skype Technologies S.A.)
Smart PDF Converter 6.1.0.425 (HKLM\...\Smart PDF Converter_is1) (Version: 6.1.0.425 - Smart Soft)
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 15.0.3.0 - Synaptics Incorporated)
SyncBack (HKLM-x32\...\SyncBack_is1) (Version:  - 2BrightSparks)
TOPO! (HKLM-x32\...\TOPO!) (Version:  - )
Trusteer Endpoint Protection (HKLM-x32\...\Rapport_msi) (Version: 3.5.1307.109 - Trusteer)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871) (HKLM-x32\...\{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}.KB2468871) (Version: 1 - Microsoft Corporation)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523) (HKLM-x32\...\{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}.KB2533523) (Version: 1 - Microsoft Corporation)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217) (HKLM-x32\...\{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}.KB2600217) (Version: 1 - Microsoft Corporation)
Update for Microsoft .NET Framework 4 Extended (KB2468871) (HKLM-x32\...\{8E34682C-8118-31F1-BC4C-98CD9675E1C2}.KB2468871) (Version: 1 - Microsoft Corporation)
Update for Microsoft .NET Framework 4 Extended (KB2533523) (HKLM-x32\...\{8E34682C-8118-31F1-BC4C-98CD9675E1C2}.KB2533523) (Version: 1 - Microsoft Corporation)
Update for Microsoft .NET Framework 4 Extended (KB2600217) (HKLM-x32\...\{8E34682C-8118-31F1-BC4C-98CD9675E1C2}.KB2600217) (Version: 1 - Microsoft Corporation)
Visual C++ 8.0 Runtime Setup Package (x64) (HKLM-x32\...\{2FDBBCEA-62DB-45F4-B6E5-0E1FB2A1F29D}) (Version: 9.0.0.623 - AVG Technologies CZ, s.r.o.)
Visual Studio 2008 x64 Redistributables (HKLM-x32\...\{FCDBEA60-79F0-4FAE-BBA8-55A26C609A49}) (Version: 10.0.0.2 - AVG Technologies)
WildTangent Games (HKLM-x32\...\WildTangent dell Master Uninstall) (Version: 1.0.0.71 - WildTangent)
Windows Driver Package - Garmin (grmnusb) GARMIN Devices  (06/03/2009 2.3.0.0) (HKLM\...\49CF605F02C7954F4E139D18828DE298CD59217C) (Version: 06/03/2009 2.3.0.0 - Garmin)
Windows Driver Package - Silicon Laboratories (silabenm) Ports  (12/10/2012 6.6.1.0) (HKLM\...\D680DEE0F68D64EC53D0C5769879D15D387054CC) (Version: 12/10/2012 6.6.1.0 - Silicon Laboratories)
Windows Live Communications Platform (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3502.0922 - Microsoft Corporation)
Windows Live Essentials (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live ID Sign-in Assistant (Version: 7.250.4225.0 - Microsoft Corporation) Hidden
Windows Live Installer (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Language Selector (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Mail (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Messenger (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live MIME IFilter (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Movie Maker (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Photo Common (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Photo Gallery (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live PIMT Platform (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live SOXE (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live SOXE Definitions (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Sync (HKLM-x32\...\{84EBDF39-4B33-49D7-A0BD-EB6E2C4E81C1}) (Version: 14.0.8089.726 - Microsoft Corporation)
Windows Live UX Platform (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live UX Platform Language Pack (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Writer (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Writer Resources (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Mobile Device Center (HKLM\...\{626672CD-BFCF-49A9-AEFE-AB0FED3BFC5B}) (Version: 6.1.6965.0 - Microsoft Corporation)
 
==================== Custom CLSID (selected items): ==========================
 
(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)
 
CustomCLSID: HKU\S-1-5-21-928644344-3032971394-1657302220-1001_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Users\Isaiah\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-928644344-3032971394-1657302220-1001_Classes\CLSID\{355EC88A-02E2-4547-9DEE-F87426484BD1}\InprocServer32 -> C:\Users\Isaiah\AppData\Local\Google\Update\1.3.23.9\psuser_64.dll No File
CustomCLSID: HKU\S-1-5-21-928644344-3032971394-1657302220-1001_Classes\CLSID\{3faa4380-a399-11cf-a466-00805fe418f6}\InprocServer32 -> C:\Program Files\Autodesk\DWG TrueView 2013\en-US\dwgviewrficn.dll (Autodesk, Inc.)
CustomCLSID: HKU\S-1-5-21-928644344-3032971394-1657302220-1001_Classes\CLSID\{6A221957-2D85-42A7-8E19-BE33950D1DEB}\localserver32 -> C:\Program Files\Autodesk\DWG TrueView 2013\dwgviewr.exe (Autodesk, Inc.)
CustomCLSID: HKU\S-1-5-21-928644344-3032971394-1657302220-1001_Classes\CLSID\{90B3DFBF-AF6A-4EA0-8899-F332194690F8}\InprocServer32 -> C:\Users\Isaiah\AppData\Local\Google\Update\1.3.24.15\psuser_64.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-928644344-3032971394-1657302220-1001_Classes\CLSID\{E8CF3E55-F919-49D9-ABC0-948E6CB34B9F}\InprocServer32 -> C:\Users\Isaiah\AppData\Local\Google\Update\1.3.24.15\psuser_64.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-928644344-3032971394-1657302220-1001_Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Isaiah\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-928644344-3032971394-1657302220-1001_Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Isaiah\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-928644344-3032971394-1657302220-1001_Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Isaiah\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-928644344-3032971394-1657302220-1001_Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Isaiah\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-928644344-3032971394-1657302220-1001_Classes\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Isaiah\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-928644344-3032971394-1657302220-1001_Classes\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Isaiah\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-928644344-3032971394-1657302220-1001_Classes\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Isaiah\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-928644344-3032971394-1657302220-1001_Classes\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Isaiah\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-928644344-3032971394-1657302220-1001_Classes\CLSID\{FE498BAB-CB4C-4F88-AC3F-3641AAAF5E9E}\InprocServer32 -> C:\Users\Isaiah\AppData\Local\Google\Update\1.3.24.7\psuser_64.dll No File
 
==================== Restore Points  =========================
 
06-08-2014 21:20:59 Scheduled Checkpoint
13-08-2014 23:34:33 Scheduled Checkpoint
16-08-2014 07:00:23 Windows Update
17-08-2014 07:00:59 Windows Update
 
==================== Hosts content: ==========================
 
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 
2009-07-13 22:34 - 2014-08-16 22:41 - 00000027 ____A C:\Windows\system32\Drivers\etc\hosts
127.0.0.1       localhost
 
==================== Scheduled Tasks (whitelisted) =============
 
(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)
 
Task: {1EB3B4C9-D130-4EC3-A9B6-1670EF52E140} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-07-09] (Adobe Systems Incorporated)
Task: {4B0B8DCA-C5B3-4DF9-9458-814D4915CD1B} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-928644344-3032971394-1657302220-1001Core => C:\Users\Isaiah\AppData\Local\Google\Update\GoogleUpdate.exe [2012-02-11] (Google Inc.)
Task: {4DE2B731-5EFF-4EFD-B81C-B77581D8AB06} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2010-08-15] (Google Inc.)
Task: {7BEAC62A-833B-4328-9C17-E6EA8DDE41B2} - System32\Tasks\{5F6010C8-60E5-41f3-BF5B-C3AF5DBE12D4} => C:\ProgramData\Carbonite\Carbonite Backup\CarboniteUpgrade.exe
Task: {8634F19C-EE42-4F3F-B188-6B4C163163A2} - System32\Tasks\LoJack for Laptops Install => C:\Program Files (x86)\Absolute Software\LoJack Install\FactoryInstaller.exe [2009-11-26] (Absolute Software)
Task: {8B8A27AD-9935-49FA-91A6-8F8E69FB37EF} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2010-08-15] (Google Inc.)
Task: {AC391964-C694-4427-852F-FA53BC9F0399} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-928644344-3032971394-1657302220-1001UA => C:\Users\Isaiah\AppData\Local\Google\Update\GoogleUpdate.exe [2012-02-11] (Google Inc.)
Task: {AFDFB340-D9B0-40A5-B9E2-E834071B71FC} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {B2C24EA5-76DD-4D9E-B975-CD732E5F7098} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2014-07-23] (Piriform Ltd)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-928644344-3032971394-1657302220-1001Core.job => C:\Users\Isaiah\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-928644344-3032971394-1657302220-1001UA.job => C:\Users\Isaiah\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\SyncBack Dell Studio 17 Backup.job => C:\Program Files (x86)\2BrightSparks\SyncBackIsaiahTask created by SyncBack.exe
Task: C:\Windows\Tasks\SyncBack Kimball Files Backup.job => C:\Program Files (x86)\2BrightSparks\SyncBackIsaiahTask created by SyncBack.exe
Task: C:\Windows\Tasks\SyncBack My Pictures Backup.job => C:\Program Files (x86)\2BrightSparks\SyncBackIsaiahTask created by SyncBack.exe
 
==================== Loaded Modules (whitelisted) =============
 
2011-04-21 21:36 - 2011-03-18 19:59 - 00349064 _____ () C:\Program Files\Smart PDF Converter\ExplorerExt_x64.dll
2010-07-15 23:21 - 2010-07-21 11:35 - 00161088 _____ () C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpd.exe
2010-02-09 14:34 - 2010-02-09 14:34 - 01807680 _____ () C:\Program Files (x86)\Dell DataSafe Online\DataSafeOnline.exe
2009-10-15 04:10 - 2009-10-15 04:10 - 00498160 _____ () C:\Program Files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe
2011-02-10 07:55 - 2011-02-10 07:55 - 01148256 _____ () C:\Program Files (x86)\AVG\AVG10\Identity Protection\agent\bin\avgidsmonitor.exe
2012-08-07 20:58 - 2014-07-06 10:18 - 01404120 _____ () C:\ProgramData\Trusteer\Rapport\store\exts\RapportMS\baseline\RapportMS.dll
2010-07-15 23:19 - 2010-07-21 11:33 - 00058688 _____ () C:\Program Files (x86)\Dell DataSafe Local Backup\STCoreXml.dll
2010-07-15 23:19 - 2010-07-21 11:33 - 00116032 _____ () C:\Program Files (x86)\Dell DataSafe Local Backup\PSTVdsDisk.dll
2010-07-15 23:19 - 2010-07-21 11:33 - 00128320 _____ () C:\Program Files (x86)\Dell DataSafe Local Backup\STLog.dll
2014-03-23 17:04 - 2014-03-23 17:04 - 00557056 _____ () C:\Program Files (x86)\Trusteer\Rapport\bin\js32.dll
2010-02-09 14:34 - 2010-02-09 14:34 - 00275776 _____ () C:\Program Files (x86)\Dell DataSafe Online\SdbShared.dll
2010-02-09 14:34 - 2010-02-09 14:34 - 00058688 _____ () C:\Program Files (x86)\Dell DataSafe Online\BalloonWindow.dll
2010-02-09 14:34 - 2010-02-09 14:34 - 00095552 _____ () C:\Program Files (x86)\Dell DataSafe Online\SdbUI.dll
2010-02-09 14:34 - 2010-02-09 14:34 - 00152896 _____ () C:\Program Files (x86)\Dell DataSafe Online\SdbShared.XmlSerializers.dll
2010-02-09 14:34 - 2010-02-09 14:34 - 00017728 _____ () C:\Program Files (x86)\Dell DataSafe Online\cpputils.dll
2012-05-14 15:09 - 2012-05-14 15:09 - 00268648 _____ () C:\Program Files (x86)\Intuit\QuickBooks 2011\boost_regex-vc90-mt-p-1_33.dll
2012-05-14 15:10 - 2012-05-14 15:10 - 00020840 _____ () C:\Program Files (x86)\Intuit\QuickBooks 2011\QBCompressor.dll
2005-07-19 23:18 - 2005-07-19 23:18 - 00059904 _____ () C:\Program Files (x86)\Intuit\QuickBooks 2011\zlib1.dll
2012-05-14 15:09 - 2012-05-14 15:09 - 00348008 _____ () C:\Program Files (x86)\Intuit\QuickBooks 2011\BackupLib.dll
2012-05-14 15:10 - 2012-05-14 15:10 - 00125800 _____ () C:\Program Files (x86)\Intuit\QuickBooks 2011\QBMAPILibrary.dll
2012-05-14 15:09 - 2012-05-14 15:09 - 00176488 _____ () C:\Program Files (x86)\Intuit\QuickBooks 2011\boost_serialization-vc90-mt-p-1_33.dll
2012-05-14 15:10 - 2012-05-14 15:10 - 00042344 _____ () C:\Program Files (x86)\Intuit\QuickBooks 2011\mbpopup.dll
2014-08-18 15:10 - 2014-08-18 15:10 - 00043008 _____ () c:\users\isaiah\appdata\local\temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpjmmlh4.dll
2013-08-23 15:01 - 2013-08-23 15:01 - 25100288 _____ () C:\Users\Isaiah\AppData\Roaming\Dropbox\bin\libcef.dll
2009-07-13 17:03 - 2009-07-13 21:15 - 00364544 _____ () C:\Windows\SysWOW64\msjetoledb40.dll
2014-02-12 20:58 - 2014-02-12 20:58 - 00073544 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
2014-02-12 20:58 - 2014-02-12 20:58 - 01044808 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
 
==================== Alternate Data Streams (whitelisted) =========
 
(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)
 
 
==================== Safe Mode (whitelisted) ===================
 
(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
 
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\GoToAssist => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\McMPFSvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\remote support => "(Default)"="Service"
 
==================== EXE Association (whitelisted) =============
 
(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)
 
 
==================== MSCONFIG/TASK MANAGER disabled items =========
 
(Currently there is no automatic fix for this section.)
 
 
==================== Faulty Device Manager Devices =============
 
Name: HTTP
Description: HTTP
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer: 
Service: HTTP
Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
Devices stay in this state if they have been prepared for removal.
After you remove the device, this error disappears.Remove the device, and this error should be resolved.
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (08/18/2014 03:14:07 PM) (Source: WcesComm) (EventID: 7) (User: )
Description: Windows Mobile-based device failed to connect due to Fatal (0x80004005) failure (see data for failure code).
 
Error: (08/18/2014 03:14:02 PM) (Source: WcesComm) (EventID: 7) (User: )
Description: Windows Mobile-based device failed to connect due to Fatal (0x80004005) failure (see data for failure code).
 
Error: (08/18/2014 03:13:57 PM) (Source: WcesComm) (EventID: 7) (User: )
Description: Windows Mobile-based device failed to connect due to Fatal (0x80004005) failure (see data for failure code).
 
Error: (08/18/2014 03:13:52 PM) (Source: WcesComm) (EventID: 7) (User: )
Description: Windows Mobile-based device failed to connect due to Fatal (0x80004005) failure (see data for failure code).
 
Error: (08/18/2014 03:13:47 PM) (Source: WcesComm) (EventID: 7) (User: )
Description: Windows Mobile-based device failed to connect due to Fatal (0x80004005) failure (see data for failure code).
 
Error: (08/18/2014 03:13:42 PM) (Source: WcesComm) (EventID: 7) (User: )
Description: Windows Mobile-based device failed to connect due to Fatal (0x80004005) failure (see data for failure code).
 
Error: (08/18/2014 03:13:36 PM) (Source: WcesComm) (EventID: 7) (User: )
Description: Windows Mobile-based device failed to connect due to Fatal (0x80004005) failure (see data for failure code).
 
Error: (08/18/2014 03:13:31 PM) (Source: WcesComm) (EventID: 7) (User: )
Description: Windows Mobile-based device failed to connect due to Fatal (0x80004005) failure (see data for failure code).
 
Error: (08/18/2014 03:13:26 PM) (Source: WcesComm) (EventID: 7) (User: )
Description: Windows Mobile-based device failed to connect due to Fatal (0x80004005) failure (see data for failure code).
 
Error: (08/18/2014 03:13:21 PM) (Source: WcesComm) (EventID: 7) (User: )
Description: Windows Mobile-based device failed to connect due to Fatal (0x80004005) failure (see data for failure code).
 
 
System errors:
=============
Error: (08/18/2014 03:12:23 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: application-specificLocalLaunch{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}{344ED43D-D086-4961-86A6-1106F4ACAD9B}NT AUTHORITYLOCAL SERVICES-1-5-19LocalHost (Using LRPC)
 
Error: (08/18/2014 03:11:57 PM) (Source: DCOM) (EventID: 10010) (User: )
Description: {005A3A96-BAC4-4B0A-94EA-C0CE100EA736}
 
Error: (08/18/2014 03:11:02 PM) (Source: DCOM) (EventID: 10010) (User: )
Description: {4991D34B-80A1-4291-83B6-3328366B9097}
 
Error: (08/18/2014 03:11:01 PM) (Source: DCOM) (EventID: 10010) (User: )
Description: {E60687F7-01A1-40AA-86AC-DB1CBF673334}
 
Error: (08/18/2014 03:10:32 PM) (Source: Service Control Manager) (EventID: 7024) (User: )
Description: The Background Intelligent Transfer Service service terminated with service-specific error %%-2147014846.
 
Error: (08/18/2014 03:10:32 PM) (Source: Microsoft-Windows-Bits-Client) (EventID: 16392) (User: NT AUTHORITY)
Description: The BITS service failed to start.  Error 2147952450.
 
Error: (08/18/2014 03:10:31 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The WinHTTP Web Proxy Auto-Discovery Service service depends on the DHCP Client service which failed to start because of the following error: 
%%1075
 
Error: (08/18/2014 03:10:31 PM) (Source: Service Control Manager) (EventID: 7003) (User: )
Description: The DHCP Client service depends the following service: Afd. This service might not be installed.
 
Error: (08/18/2014 03:10:31 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: The Windows Update service terminated with the following error: 
%%-2147014846
 
Error: (08/18/2014 03:10:16 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The WinHTTP Web Proxy Auto-Discovery Service service depends on the DHCP Client service which failed to start because of the following error: 
%%1075
 
 
Microsoft Office Sessions:
=========================
Error: (08/18/2014 03:14:07 PM) (Source: WcesComm) (EventID: 7) (User: )
Description: Fatal (0x80004005)
 
Error: (08/18/2014 03:14:02 PM) (Source: WcesComm) (EventID: 7) (User: )
Description: Fatal (0x80004005)
 
Error: (08/18/2014 03:13:57 PM) (Source: WcesComm) (EventID: 7) (User: )
Description: Fatal (0x80004005)
 
Error: (08/18/2014 03:13:52 PM) (Source: WcesComm) (EventID: 7) (User: )
Description: Fatal (0x80004005)
 
Error: (08/18/2014 03:13:47 PM) (Source: WcesComm) (EventID: 7) (User: )
Description: Fatal (0x80004005)
 
Error: (08/18/2014 03:13:42 PM) (Source: WcesComm) (EventID: 7) (User: )
Description: Fatal (0x80004005)
 
Error: (08/18/2014 03:13:36 PM) (Source: WcesComm) (EventID: 7) (User: )
Description: Fatal (0x80004005)
 
Error: (08/18/2014 03:13:31 PM) (Source: WcesComm) (EventID: 7) (User: )
Description: Fatal (0x80004005)
 
Error: (08/18/2014 03:13:26 PM) (Source: WcesComm) (EventID: 7) (User: )
Description: Fatal (0x80004005)
 
Error: (08/18/2014 03:13:21 PM) (Source: WcesComm) (EventID: 7) (User: )
Description: Fatal (0x80004005)
 
 
CodeIntegrity Errors:
===================================
  Date: 2014-08-16 21:52:11.515
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2014-08-16 21:52:11.406
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
 
==================== Memory info =========================== 
 
Processor: Intel® Core™ i3 CPU M 350 @ 2.27GHz
Percentage of memory in use: 42%
Total physical RAM: 3764.55 MB
Available physical RAM: 2178.1 MB
Total Pagefile: 7527.23 MB
Available Pagefile: 5606.14 MB
Total Virtual: 8192 MB
Available Virtual: 8191.85 MB
 
==================== Drives ================================
 
Drive c: (OS) (Fixed) (Total:451.07 GB) (Free:196.71 GB) NTFS
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (MBR Code: Windows 7 or Vista) (Size: 465.8 GB) (Disk ID: 71EC67E7)
Partition 1: (Not Active) - (Size=39 MB) - (Type=DE)
Partition 2: (Active) - (Size=14.6 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=451.1 GB) - (Type=07 NTFS)
 
==================== End Of Log ============================
 
Thank you!
 

  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP