Jump to content

Multiple ddlhost.exe Com Surrogate

jr5166

By jr5166
in Resolved Malware Removal Logs

 Share

Recommended Posts

jr5166

jr5166

Posted
Posted

I have read some of the other posts about the multiple ddlhost.exe Com Surrogates unfortunately I have the same issue.  Malwarebytes premium is blocking the outgoing attempts.  I have FRST and posted the log so that a filelist can be made for my PC.  It is my understanding that this is special to each PC.

 

Let me know what else I can do.

 

Thanks

 

FRST Log:

 

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 12-10-2014 02
Ran by Mark Bierman (administrator) on MGBTEMP-PC on 14-10-2014 13:09:28
Running from C:\Users\Mark Bierman\Downloads
Loaded Profile: Mark Bierman (Available profiles: Mark Bierman & UpdatusUser)
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: English (United States)
Internet Explorer Version 11
Boot Mode: Safe Mode (with Networking)
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
(Microsoft Corporation) C:\Windows\SysWOW64\dllhost.exe
(Microsoft Corporation) C:\Windows\SysWOW64\dllhost.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\SysWOW64\dllhost.exe
(Microsoft Corporation) C:\Windows\SysWOW64\dllhost.exe
(Microsoft Corporation) C:\Windows\SysWOW64\dllhost.exe
(Microsoft Corporation) C:\Windows\SysWOW64\dllhost.exe
(Microsoft Corporation) C:\Windows\SysWOW64\dllhost.exe
(Microsoft Corporation) C:\Windows\SysWOW64\dllhost.exe
(Microsoft Corporation) C:\Windows\SysWOW64\dllhost.exe
(Google Inc.) C:\Users\Mark Bierman\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Mark Bierman\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Mark Bierman\AppData\Local\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\SysWOW64\dllhost.exe
(Microsoft Corporation) C:\Windows\SysWOW64\dllhost.exe
(Microsoft Corporation) C:\Windows\SysWOW64\dllhost.exe
(Microsoft Corporation) C:\Windows\SysWOW64\dllhost.exe
(Microsoft Corporation) C:\Windows\SysWOW64\dllhost.exe
(Microsoft Corporation) C:\Windows\SysWOW64\dllhost.exe
(Microsoft Corporation) C:\Windows\SysWOW64\dllhost.exe
(Microsoft Corporation) C:\Windows\SysWOW64\dllhost.exe
(Microsoft Corporation) C:\Windows\SysWOW64\dllhost.exe
(Microsoft Corporation) C:\Windows\SysWOW64\dllhost.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
 
 
==================== Registry (Whitelisted) ==================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [11057768 2010-07-06] (Realtek Semiconductor)
HKLM\...\Run: [Acronis Scheduler2 Service] => C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe [395384 2012-04-27] (Acronis)
HKLM\...\Run: [EvtMgr6] => C:\Program Files\Logitech\SetPointP\SetPoint.exe [1744152 2011-10-07] (Logitech, Inc.)
HKLM\...\Run: [Logitech Download Assistant] => C:\Windows\system32\rundll32.exe C:\Windows\System32\LogiLDA.dll,LogiFetch
HKLM-x32\...\Run: [indexTray] => C:\Program Files (x86)\Sharp\Sharpdesk\IndexTray.exe [106496 2005-11-05] (SHARP CORPORATION)
HKLM-x32\...\Run: [indexer] => C:\Program Files (x86)\Sharp\Sharpdesk\Indexer.exe [184320 2005-11-05] (SHARP CORPORATION)
HKLM-x32\...\Run: [sharpTray] => C:\Program Files (x86)\Sharp\Sharpdesk\SharpTray.exe [32768 2005-11-05] (SHARP CORPORATION)
HKLM-x32\...\Run: [TypeRegChecker] => C:\Program Files (x86)\Sharp\Sharpdesk\TypeRegChecker.exe [57344 2005-11-05] (SHARP CORPORATION)
HKLM-x32\...\Run: [FtpServer.exe] => C:\Program Files (x86)\Sharp\Sharpdesk\FtpServer.exe [688128 2005-11-05] (SHARP CORPORATION)
HKLM-x32\...\Run: [Adobe Acrobat Speed Launcher] => C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe [44280 2012-12-19] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Acrobat Assistant 8.0] => C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe [642816 2012-12-18] (Adobe Systems Inc.)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [946352 2012-12-03] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Nuance PDF Converter Professional 7-reminder] => "C:\Program Files (x86)\Nuance\PDF Professional 7\Ereg\Ereg.exe" -r "C:\ProgramData\Nuance\PDF Converter Professional 7\Ereg\Ereg.ini"
HKLM-x32\...\Run: [searchSettings] => "C:\Program Files (x86)\Common Files\Spigot\Search Settings\SearchSettings.exe"
HKLM-x32\...\Run: [TrueImageMonitor.exe] => C:\Program Files (x86)\Acronis\TrueImageHome\TrueImageMonitor.exe [2637784 2012-04-27] (Acronis)
HKLM-x32\...\Run: [bingDesktop] => C:\Program Files (x86)\Microsoft\BingDesktop\BingDesktop.exe [2368736 2014-06-03] (Microsoft Corp.)
HKLM-x32\...\Run: [bCSSync] => C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe [89184 2012-11-05] (Microsoft Corporation)
HKLM-x32\...\Run: [My Movies Tray] => C:\Program Files (x86)\Binnerup Consult\My Movies Collection Management\My Movies Tray.exe [501280 2013-12-17] (Binnerup Consult)
HKLM-x32\...\Run: [iTW RedHead Update] => C:\Program Files (x86)\Red Head\RedHeadUpdate.exe [5931008 2014-09-19] ()
HKLM-x32\...\Run: [sunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [256896 2014-07-25] (Oracle Corporation)
HKLM-x32\...\Run: [AVG_UI] => C:\Program Files (x86)\AVG\AVG2013\avgui.exe [4411952 2014-01-21] (AVG Technologies CZ, s.r.o.)
Winlogon\Notify\LBTWlgn: c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll (Logitech, Inc.)
HKU\S-1-5-21-3557674480-255279013-434056649-1000\...\Run: [Google Update] => C:\Users\Mark Bierman\AppData\Local\Google\Update\GoogleUpdate.exe [136176 2011-04-20] (Google Inc.)
HKU\S-1-5-21-3557674480-255279013-434056649-1000\...\Run: [Microsoft Location Finder] => C:\Program Files (x86)\Microsoft Location Finder\LocationFinder.exe [101080 2005-08-24] (Microsoft Corporation)
HKU\S-1-5-21-3557674480-255279013-434056649-1000\...\Run: [ZumoCast] => C:\Program Files (x86)\Zecter\ZumoCast\ZumoLauncher.lnk [1972 2011-11-28] ()
HKU\S-1-5-21-3557674480-255279013-434056649-1000\...\Run: [skyDrive] => C:\Users\Mark Bierman\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe [277672 2014-09-25] (Microsoft Corporation)
HKU\S-1-5-21-3557674480-255279013-434056649-1000\...\Run: [iSUSPM] => "C:\ProgramData\FLEXnet\Connect\11\ISUSPM.exe" -scheduler
HKU\S-1-5-21-3557674480-255279013-434056649-1000\...\Run: [DAEMON Tools Lite] => C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe [3671872 2012-04-17] (DT Soft Ltd)
HKU\S-1-5-21-3557674480-255279013-434056649-1000\...\Run: [gSyncit] => C:\Program Files (x86)\Fieldston Software\gSyncit\gsyncit.exe [166912 2014-08-07] (Fieldston Software)
HKU\S-1-5-21-3557674480-255279013-434056649-1000\...\Run: [GarminExpressTrayApp] => C:\Program Files (x86)\Garmin\Express Tray\ExpressTray.exe [688984 2014-08-27] (Garmin Ltd or its subsidiaries)
HKU\S-1-5-21-3557674480-255279013-434056649-1000\...\RunOnce: [uninstall C:\Users\Mark Bierman\AppData\Local\Microsoft\SkyDrive\16.4.3347.0416_1\amd64] => C:\Windows\system32\cmd.exe /q /c rmdir /s /q "C:\Users\Mark Bierman\AppData\Local\Microsoft\SkyDrive\16.4.3347.0416_1\amd64"
HKU\S-1-5-21-3557674480-255279013-434056649-1000\...\RunOnce: [uninstall C:\Users\Mark Bierman\AppData\Local\Microsoft\SkyDrive\16.4.3347.0416_1] => C:\Windows\system32\cmd.exe /q /c rmdir /s /q "C:\Users\Mark Bierman\AppData\Local\Microsoft\SkyDrive\16.4.3347.0416_1"
HKU\S-1-5-21-3557674480-255279013-434056649-1000\...\RunOnce: [uninstall C:\Users\Mark Bierman\AppData\Local\Microsoft\SkyDrive\16.4.4111.0525\amd64] => C:\Windows\system32\cmd.exe /q /c rmdir /s /q "C:\Users\Mark Bierman\AppData\Local\Microsoft\SkyDrive\16.4.4111.0525\amd64"
HKU\S-1-5-21-3557674480-255279013-434056649-1000\...\RunOnce: [uninstall C:\Users\Mark Bierman\AppData\Local\Microsoft\SkyDrive\16.4.6006.0718\amd64] => C:\Windows\system32\cmd.exe /q /c rmdir /s /q "C:\Users\Mark Bierman\AppData\Local\Microsoft\SkyDrive\16.4.6006.0718\amd64"
HKU\S-1-5-21-3557674480-255279013-434056649-1000\...\RunOnce: [uninstall C:\Users\Mark Bierman\AppData\Local\Microsoft\SkyDrive\16.4.6010.0727\amd64] => C:\Windows\system32\cmd.exe /q /c rmdir /s /q "C:\Users\Mark Bierman\AppData\Local\Microsoft\SkyDrive\16.4.6010.0727\amd64"
HKU\S-1-5-21-3557674480-255279013-434056649-1000\...\RunOnce: [uninstall C:\Users\Mark Bierman\AppData\Local\Microsoft\SkyDrive\17.0.2003.1112\amd64] => C:\Windows\system32\cmd.exe /q /c rmdir /s /q "C:\Users\Mark Bierman\AppData\Local\Microsoft\SkyDrive\17.0.2003.1112\amd64"
HKU\S-1-5-21-3557674480-255279013-434056649-1000\...\RunOnce: [uninstall C:\Users\Mark Bierman\AppData\Local\Microsoft\SkyDrive\17.0.2006.0314\amd64] => C:\Windows\system32\cmd.exe /q /c rmdir /s /q "C:\Users\Mark Bierman\AppData\Local\Microsoft\SkyDrive\17.0.2006.0314\amd64"
HKU\S-1-5-21-3557674480-255279013-434056649-1000\...\RunOnce: [uninstall C:\Users\Mark Bierman\AppData\Local\Microsoft\SkyDrive\17.0.2010.0530\amd64] => C:\Windows\system32\cmd.exe /q /c rmdir /s /q "C:\Users\Mark Bierman\AppData\Local\Microsoft\SkyDrive\17.0.2010.0530\amd64"
HKU\S-1-5-21-3557674480-255279013-434056649-1000\...\RunOnce: [uninstall C:\Users\Mark Bierman\AppData\Local\Microsoft\SkyDrive\17.0.2011.0627\amd64] => C:\Windows\system32\cmd.exe /q /c rmdir /s /q "C:\Users\Mark Bierman\AppData\Local\Microsoft\SkyDrive\17.0.2011.0627\amd64"
HKU\S-1-5-21-3557674480-255279013-434056649-1000\...\RunOnce: [uninstall C:\Users\Mark Bierman\AppData\Local\Microsoft\SkyDrive\17.0.2015.0811\amd64] => C:\Windows\system32\cmd.exe /q /c rmdir /s /q "C:\Users\Mark Bierman\AppData\Local\Microsoft\SkyDrive\17.0.2015.0811\amd64"
HKU\S-1-5-21-3557674480-255279013-434056649-1000\...\RunOnce: [uninstall C:\Users\Mark Bierman\AppData\Local\Microsoft\SkyDrive\17.0.4029.0217\amd64] => C:\Windows\system32\cmd.exe /q /c rmdir /s /q "C:\Users\Mark Bierman\AppData\Local\Microsoft\SkyDrive\17.0.4029.0217\amd64"
HKU\S-1-5-21-3557674480-255279013-434056649-1000\...\RunOnce: [uninstall C:\Users\Mark Bierman\AppData\Local\Microsoft\SkyDrive\17.0.4035.0328\amd64] => C:\Windows\system32\cmd.exe /q /c rmdir /s /q "C:\Users\Mark Bierman\AppData\Local\Microsoft\SkyDrive\17.0.4035.0328\amd64"
HKU\S-1-5-21-3557674480-255279013-434056649-1000\...\RunOnce: [uninstall C:\Users\Mark Bierman\AppData\Local\Microsoft\SkyDrive\17.0.4041.0512\amd64] => C:\Windows\system32\cmd.exe /q /c rmdir /s /q "C:\Users\Mark Bierman\AppData\Local\Microsoft\SkyDrive\17.0.4041.0512\amd64"
HKU\S-1-5-21-3557674480-255279013-434056649-1000\...\RunOnce: [uninstall C:\Users\Mark Bierman\AppData\Local\Microsoft\SkyDrive\17.3.1166.0618\amd64] => C:\Windows\system32\cmd.exe /q /c rmdir /s /q "C:\Users\Mark Bierman\AppData\Local\Microsoft\SkyDrive\17.3.1166.0618\amd64"
HKU\S-1-5-21-3557674480-255279013-434056649-1000\...\RunOnce: [uninstall C:\Users\Mark Bierman\AppData\Local\Microsoft\SkyDrive\17.3.1171.0714_1\amd64] => C:\Windows\system32\cmd.exe /q /c rmdir /s /q "C:\Users\Mark Bierman\AppData\Local\Microsoft\SkyDrive\17.3.1171.0714_1\amd64"
HKU\S-1-5-21-3557674480-255279013-434056649-1000\...\RunOnce: [uninstall C:\Users\Mark Bierman\AppData\Local\Microsoft\SkyDrive\17.3.1171.0714_1] => C:\Windows\system32\cmd.exe /q /c rmdir /s /q "C:\Users\Mark Bierman\AppData\Local\Microsoft\SkyDrive\17.3.1171.0714_1"
HKU\S-1-5-21-3557674480-255279013-434056649-1000\...\MountPoints2: {29bc5af4-eec5-11e0-89a0-cbc16c2d6e9f} - H:\setup.exe -a
HKU\S-1-5-21-3557674480-255279013-434056649-1000\...\MountPoints2: {93e2421d-6ea4-11e1-8fcf-6c626d9462a1} - H:\setup.exe -a
HKU\S-1-5-21-3557674480-255279013-434056649-1000\...\MountPoints2: {ca5ece45-8b1c-11e2-ab26-6c626d9462a1} - J:\setup.exe -a
HKU\S-1-5-21-3557674480-255279013-434056649-1000\...\MountPoints2: {cbd9b04e-6402-11e3-9bf5-6c626d9462a1} - J:\VZW_Software_upgrade_assistant.exe
HKU\S-1-5-21-3557674480-255279013-434056649-1000\...\MountPoints2: {d02b9e79-9165-11e2-a049-6c626d9462a1} - J:\setup.exe -a
HKU\S-1-5-21-3557674480-255279013-434056649-1000\...A8F59079A8D5}\localserver32: rundll32.exe javascript:"\..\mshtml,RunHTMLApplication ";eval("epdvnfou/xsjuf)(=tdsjqu!mbohvbhf>ktds (the data entry has 239 more characters). <==== Poweliks!
AppInit_DLLs: acaptuser64.dll => C:\Windows\system32\acaptuser64.dll [119160 2008-06-11] (Adobe Systems, Inc.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\UltraMon.lnk
ShortcutTarget: UltraMon.lnk -> C:\Windows\Installer\{537056B7-32A4-4408-9B54-0341963C7C9C}\IcoUltraMon.ico ()
Startup: C:\Users\Mark Bierman\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk -> C:\Users\Mark Bierman\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
Startup: C:\Users\Mark Bierman\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\EvernoteClipper.lnk
ShortcutTarget: EvernoteClipper.lnk -> C:\Program Files (x86)\Evernote\Evernote\EvernoteClipper.exe (Evernote Corp., 305 Walnut Street, Redwood City, CA 94063)
Startup: C:\Users\Mark Bierman\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Stardock ObjectDock.lnk
ShortcutTarget: Stardock ObjectDock.lnk -> C:\Program Files (x86)\Stardock\ObjectDockFree\ObjectDock.exe (Stardock)
ShellIconOverlayIdentifiers: [AutoCAD Digital Signatures Icon Overlay Handler] -> {36A21736-36C2-4C11-8ACB-D4136F2B57BD} => C:\Windows\system32\AcSignIcon.dll (Autodesk, Inc.)
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0x644A282424FFCB01
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
SearchScopes: HKCU - DefaultScope {92B3A9EE-3E63-4841-AC46-4C4F831F9439} URL = http://search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&ilc=12&type=937811&p={searchTerms}
SearchScopes: HKCU - {92B3A9EE-3E63-4841-AC46-4C4F831F9439} URL = http://search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&ilc=12&type=937811&p={searchTerms}
BHO: AVG Safe Search -> {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} -> C:\Program Files (x86)\AVG\AVG9\avgssiea.dll No File
BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Adobe PDF Link Helper -> {18DF081C-E8AD-4283-A596-FA578C2EBDC3} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
BHO-x32: AVG Safe Search -> {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} -> C:\Program Files (x86)\AVG\AVG9\avgssie.dll No File
BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
BHO-x32: Java Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Evernote extension -> {92EF2EAD-A7CE-4424-B0DB-499CF856608E} -> C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll (Evernote Corp., 305 Walnut Street, Redwood City, CA 94063)
BHO-x32: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
BHO-x32: Adobe PDF Conversion Toolbar Helper -> {AE7CD045-E861-484f-8273-0445EE161910} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Java Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: SmartSelect Class -> {F4971EE7-DAA0-4053-9964-665D8EE6A077} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
Toolbar: HKLM-x32 - Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
Toolbar: HKLM-x32 - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
Toolbar: HKCU - No Name - {47833539-D0C5-4125-9FA8-0819E2EAAC93} -  No File
DPF: HKLM-x32 {02BCC737-B171-4746-94C9-0D8A0B2C0089} http://office.microsoft.com/sites/production/ieawsdc32.cab
DPF: HKLM-x32 {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: HKLM-x32 {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
Handler: sds - {79E0F14C-9C52-4218-89A7-7C4B0563D121} -  No File
Handler-x32: http\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: http\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: https\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: https\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: msdaipp\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: msdaipp\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: sds - {79E0F14C-9C52-4218-89A7-7C4B0563D121} - C:\Program Files (x86)\Sharp\Sharpdesk\ExplorerExtensions.dll (SHARP CORPORATION)
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\..\Interfaces\{3CC4833C-8CA9-437E-B0FC-A24B35619E84}: [NameServer] 192.168.0.254,208.67.222.222
 
FireFox:
========
FF ProfilePath: C:\Users\Mark Bierman\AppData\Roaming\Mozilla\Firefox\Profiles\jppmnerb.default
FF Homepage: hxxp://www.google.com/
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\Windows\system32\Adobe\Director\np32dsw.dll No File
FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin-x32: @google.com/npPicasa3,version=3.0.0 -> C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF Plugin-x32: @java.com/DTPlugin,version=10.67.2 -> C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.67.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3538.0513 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: Adobe Acrobat -> C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\Air\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: @citrixonline.com/appdetectorplugin -> C:\Users\Mark Bierman\AppData\Local\Citrix\Plugins\104\npappdetector.dll (Citrix Online)
FF Plugin HKCU: @tools.google.com/Google Update;version=3 -> C:\Users\Mark Bierman\AppData\Local\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKCU: @tools.google.com/Google Update;version=9 -> C:\Users\Mark Bierman\AppData\Local\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKCU: amazon.com/AmazonMP3DownloaderPlugin -> C:\Program Files (x86)\Amazon\MP3 Downloader\npAmazonMP3DownloaderPlugin101752.dll (Amazon.com, Inc.)
FF HKLM-x32\...\Firefox\Extensions: [fmconverter@gmail.com] - C:\Program Files (x86)\Freemake\Freemake Video Converter\BrowserPlugin\Firefox
FF Extension: Freemake Video Converter Plugin - C:\Program Files (x86)\Freemake\Freemake Video Converter\BrowserPlugin\Firefox [2011-06-20]
 
Chrome: 
=======
CHR HomePage: Default -> hxxp://www.google.com
CHR StartupUrls: Default -> "hxxp://www.google.com/"
CHR Plugin: (Remoting Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Users\Mark Bierman\AppData\Local\Google\Chrome\Application\37.0.2062.124\ppGoogleNaClPluginChrome.dll ()
CHR Plugin: (Chrome PDF Viewer) - C:\Users\Mark Bierman\AppData\Local\Google\Chrome\Application\37.0.2062.124\pdf.dll ()
CHR Plugin: (Shockwave Flash) - C:\Users\Mark Bierman\AppData\Local\Google\Chrome\Application\37.0.2062.124\gcswf32.dll No File
CHR Plugin: (Freemake np-plugin for google chrome) - C:\Users\Mark Bierman\AppData\Local\Google\Chrome\User Data\Default\Extensions\jbolfgndggfhhpbnkgnpjkfhinclbigj\1.0.0_0\npFreemake.dll ()
CHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\Browser\nppdf32.dll (Adobe Systems Inc.)
CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
CHR Plugin: (Google Earth Plugin) - C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
CHR Plugin: (Picasa) - C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll (Google, Inc.)
CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll No File
CHR Plugin: (Java Platform SE 6 U31) - C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll No File
CHR Plugin: (Windows Live™ Photo Gallery) - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
CHR Plugin: (Shockwave for Director) - C:\Windows\system32\Adobe\Director\np32dsw.dll No File
CHR Profile: C:\Users\Mark Bierman\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\Mark Bierman\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-06-05]
CHR Extension: (The Camelizer - Amazon Price Tracker) - C:\Users\Mark Bierman\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghnomdcacenbmilgjigehppbamfndblo [2012-03-23]
CHR Extension: (Freemake Video Converter) - C:\Users\Mark Bierman\AppData\Local\Google\Chrome\User Data\Default\Extensions\jbolfgndggfhhpbnkgnpjkfhinclbigj [2011-06-20]
CHR Extension: (Google Wallet) - C:\Users\Mark Bierman\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-08-23]
CHR HKLM-x32\...\Chrome\Extension: [jbolfgndggfhhpbnkgnpjkfhinclbigj] - C:\Program Files (x86)\Freemake\Freemake Video Converter\BrowserPlugin\Chrome\Freemake.Plugin.Chrome.crx [2011-06-20]
CHR StartMenuInternet: Google Chrome - C:\Users\Mark Bierman\AppData\Local\Google\Chrome\Application\chrome.exe
 
==================== Services (Whitelisted) =================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
S2 astcc; C:\Windows\SysWOW64\ASTSRV.EXE [57344 2007-02-16] (Nalpeiron Ltd.) [File not signed]
S2 Autodesk Content Service; C:\Program Files (x86)\Autodesk\Content Service\Connect.Service.ContentService.exe [18656 2011-02-02] ()
S2 AVGIDSAgent; C:\Program Files (x86)\AVG\AVG2013\avgidsagent.exe [4939312 2013-07-04] (AVG Technologies CZ, s.r.o.)
S2 avgwd; C:\Program Files (x86)\AVG\AVG2013\avgwdsvc.exe [283136 2013-11-20] (AVG Technologies CZ, s.r.o.)
S2 BingDesktopUpdate; C:\Program Files (x86)\Microsoft\BingDesktop\BingDesktopUpdater.exe [173792 2014-06-03] (Microsoft Corp.)
S2 Bonjour Service; C:\Program Files (x86)\Bonjour\mDNSResponder.exe [229376 2006-02-28] (Apple Computer, Inc.) [File not signed]
S3 FLEXnet Licensing Service; C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe [651720 2011-04-20] (Macrovision Europe Ltd.) [File not signed]
S2 Garmin Core Update Service; C:\Program Files (x86)\Garmin\Core Update Service\Garmin.Cartography.MapUpdate.CoreService.exe [441176 2014-08-27] (Garmin Ltd or its subsidiaries)
S2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1871160 2014-10-01] (Malwarebytes Corporation)
S2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [968504 2014-10-01] (Malwarebytes Corporation)
S2 Motorola Device Manager; C:\Program Files (x86)\Motorola Mobility\Motorola Device Manager\MotoHelperService.exe [137528 2013-11-15] (Motorola Mobility LLC)
S2 MSSQL$MYMOVIES; C:\Program Files (x86)\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [29293408 2010-12-10] (Microsoft Corporation)
S2 OneTouch 4.0 Monitor; C:\Program Files (x86)\Visioneer\OneTouch 4.0\OtService.exe [131072 2008-08-27] (Visioneer Inc.) [File not signed]
S2 PST Service; C:\Program Files (x86)\Motorola\MotForwardDaemon\ForwardDaemon.exe [65657 2011-09-02] (Motorola) [File not signed]
S2 RedHeadUpdateSvc; C:\Program Files (x86)\Red Head\RedHeadUpdateService.exe [2854912 2014-09-19] () [File not signed]
S2 VMLiteService; C:\Program Files\VMLite\VMLite Workstation\VMLiteService.exe [426600 2010-08-21] (VMLite, Inc.)
 
==================== Drivers (Whitelisted) ====================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
S1 AVGIDSDriver; C:\Windows\System32\DRIVERS\avgidsdrivera.sys [246072 2013-11-25] (AVG Technologies CZ, s.r.o.)
R0 AVGIDSHA; C:\Windows\System32\DRIVERS\avgidsha.sys [71480 2013-07-20] (AVG Technologies CZ, s.r.o.)
S1 Avgldx64; C:\Windows\System32\DRIVERS\avgldx64.sys [206648 2013-07-20] (AVG Technologies CZ, s.r.o.)
R0 Avgloga; C:\Windows\System32\DRIVERS\avgloga.sys [311608 2013-07-20] (AVG Technologies CZ, s.r.o.)
R0 Avgmfx64; C:\Windows\System32\DRIVERS\avgmfx64.sys [116536 2013-07-01] (AVG Technologies CZ, s.r.o.)
R0 Avgrkx64; C:\Windows\System32\DRIVERS\avgrkx64.sys [45880 2013-10-23] (AVG Technologies CZ, s.r.o.)
R1 Avgtdia; C:\Windows\System32\DRIVERS\avgtdia.sys [240952 2014-04-15] (AVG Technologies CZ, s.r.o.)
S3 DigiartyVirtualCDBus; C:\Windows\System32\drivers\DigiartyVirtualCDBus.sys [275648 2014-04-07] (LotSoft, Inc.)
R1 dtsoftbus01; C:\Windows\System32\DRIVERS\dtsoftbus01.sys [283200 2012-10-24] (DT Soft Ltd)
S3 epmntdrv; C:\Windows\system32\epmntdrv.sys [16776 2011-07-29] () [File not signed]
S3 epmntdrv; C:\Windows\SysWOW64\epmntdrv.sys [14216 2011-07-29] () [File not signed]
S3 EuGdiDrv; C:\Windows\system32\EuGdiDrv.sys [9096 2011-07-29] () [File not signed]
S3 EuGdiDrv; C:\Windows\SysWOW64\EuGdiDrv.sys [8456 2011-07-29] () [File not signed]
S3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2014-10-01] (Malwarebytes Corporation)
R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [129752 2014-10-14] (Malwarebytes Corporation)
S3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2014-10-01] (Malwarebytes Corporation)
S1 VBoxDrv; C:\Windows\System32\drivers\VBoxDrv.sys [204328 2010-08-11] (VMLite, Inc.)
R3 VBoxNetAdp; C:\Windows\System32\DRIVERS\VBoxNetAdp.sys [146216 2010-08-11] (VMLite, Inc.)
R3 VBoxNetFlt; C:\Windows\System32\DRIVERS\VBoxNetFlt.sys [165800 2010-08-11] (VMLite, Inc.)
R0 vidsflt53; C:\Windows\System32\DRIVERS\vsflt53.sys [141920 2012-09-16] (Acronis)
S1 vmlitedrv; C:\Windows\System32\drivers\vmlitedrv.sys [14952 2010-08-03] (VMLite, Inc.)
R3 vmlitestor; C:\Windows\System32\DRIVERS\vmlitestor.sys [177768 2010-08-11] (VMLite, Inc.)
S1 VMLiteUSBMon; C:\Windows\System32\drivers\vmliteusbmon.sys [135272 2010-08-18] (VMLite, Inc.)
S3 BTCFilterService; system32\DRIVERS\motfilt.sys [X]
S3 motandroidusb; System32\Drivers\motoandroid.sys [X]
S3 motccgp; system32\DRIVERS\motccgp.sys [X]
S3 motccgpfl; system32\DRIVERS\motccgpfl.sys [X]
S3 motmodem; system32\DRIVERS\motmodem.sys [X]
S3 MotoSwitchService; system32\DRIVERS\motswch.sys [X]
S3 Motousbnet; system32\DRIVERS\Motousbnet.sys [X]
S3 motusbdevice; system32\DRIVERS\motusbdevice.sys [X]
 
==================== NetSvcs (Whitelisted) ===================
 
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
 
 
==================== One Month Created Files and Folders ========
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2014-10-14 13:08 - 2014-10-14 13:09 - 00068902 _____ () C:\Users\Mark Bierman\Downloads\Addition.txt
2014-10-14 13:08 - 2014-10-14 13:09 - 00031138 _____ () C:\Users\Mark Bierman\Downloads\FRST.txt
2014-10-14 13:07 - 2014-10-14 13:09 - 00000000 ____D () C:\FRST
2014-10-14 11:33 - 2014-10-14 11:33 - 00000182 _____ () C:\Users\Mark Bierman\Desktop\PC Fix.url
2014-10-14 11:21 - 2014-10-14 11:21 - 01976320 _____ () C:\Users\Mark Bierman\Downloads\AdwCleaner.exe
2014-10-14 11:20 - 2014-10-14 11:20 - 01705698 _____ (Thisisu) C:\Users\Mark Bierman\Downloads\JRT.exe
2014-10-14 11:18 - 2014-10-14 11:18 - 00709564 _____ () C:\Users\Mark Bierman\Downloads\delfix_10.8.exe
2014-10-14 11:17 - 2014-10-14 11:17 - 00854436 _____ () C:\Users\Mark Bierman\Downloads\SecurityCheck.exe
2014-10-14 11:01 - 2014-10-14 11:01 - 02110464 _____ (Farbar) C:\Users\Mark Bierman\Downloads\FRST64 (1).exe
2014-10-14 10:59 - 2014-10-14 10:59 - 02110464 _____ (Farbar) C:\Users\Mark Bierman\Downloads\FRST64.exe
2014-10-14 09:43 - 2014-10-14 09:48 - 00000000 ____D () C:\Users\Mark Bierman\Downloads\Neon Trees - Pop Psychology (2014)
2014-10-10 16:12 - 2014-10-10 16:12 - 01547948 _____ () C:\Users\Mark Bierman\Downloads\2014.10 katie dons hobby.mp4
2014-09-30 23:14 - 2014-09-24 21:08 - 00371712 _____ (Microsoft Corporation) C:\Windows\system32\qdvd.dll
2014-09-30 23:14 - 2014-09-24 20:40 - 00519680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\qdvd.dll
2014-09-23 22:31 - 2014-09-09 17:11 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
2014-09-23 22:31 - 2014-09-09 16:47 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll
2014-09-22 10:37 - 2014-08-19 13:05 - 00374968 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2014-09-22 10:37 - 2014-08-19 12:39 - 00327872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2014-09-22 10:37 - 2014-08-18 18:01 - 23591424 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-09-22 10:37 - 2014-08-18 17:29 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-09-22 10:37 - 2014-08-18 17:29 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-09-22 10:37 - 2014-08-18 17:26 - 17455104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-09-22 10:37 - 2014-08-18 17:20 - 02793984 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-09-22 10:37 - 2014-08-18 17:19 - 05833728 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-09-22 10:37 - 2014-08-18 17:15 - 00547328 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-09-22 10:37 - 2014-08-18 17:15 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-09-22 10:37 - 2014-08-18 17:14 - 00083968 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2014-09-22 10:37 - 2014-08-18 17:14 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-09-22 10:37 - 2014-08-18 17:08 - 04232704 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-09-22 10:37 - 2014-08-18 17:08 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-09-22 10:37 - 2014-08-18 17:08 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-09-22 10:37 - 2014-08-18 17:05 - 00596480 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-09-22 10:37 - 2014-08-18 17:03 - 00758272 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-09-22 10:37 - 2014-08-18 17:03 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-09-22 10:37 - 2014-08-18 17:03 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-09-22 10:37 - 2014-08-18 16:57 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-09-22 10:37 - 2014-08-18 16:56 - 00940032 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-09-22 10:37 - 2014-08-18 16:51 - 00446464 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-09-22 10:37 - 2014-08-18 16:46 - 00454656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2014-09-22 10:37 - 2014-08-18 16:45 - 00072704 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2014-09-22 10:37 - 2014-08-18 16:45 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-09-22 10:37 - 2014-08-18 16:44 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2014-09-22 10:37 - 2014-08-18 16:44 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2014-09-22 10:37 - 2014-08-18 16:42 - 02185728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-09-22 10:37 - 2014-08-18 16:40 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-09-22 10:37 - 2014-08-18 16:39 - 00085504 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-09-22 10:37 - 2014-08-18 16:39 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-09-22 10:37 - 2014-08-18 16:39 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-09-22 10:37 - 2014-08-18 16:38 - 00289280 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-09-22 10:37 - 2014-08-18 16:37 - 00440320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-09-22 10:37 - 2014-08-18 16:36 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-09-22 10:37 - 2014-08-18 16:35 - 00597504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2014-09-22 10:37 - 2014-08-18 16:27 - 00365056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2014-09-22 10:37 - 2014-08-18 16:25 - 00727040 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-09-22 10:37 - 2014-08-18 16:25 - 00707072 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-09-22 10:37 - 2014-08-18 16:23 - 02104832 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-09-22 10:37 - 2014-08-18 16:23 - 01249280 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2014-09-22 10:37 - 2014-08-18 16:22 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2014-09-22 10:37 - 2014-08-18 16:19 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-09-22 10:37 - 2014-08-18 16:17 - 00243200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2014-09-22 10:37 - 2014-08-18 16:17 - 00069632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-09-22 10:37 - 2014-08-18 16:16 - 13588480 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-09-22 10:37 - 2014-08-18 16:15 - 11769856 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-09-22 10:37 - 2014-08-18 16:15 - 02310656 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-09-22 10:37 - 2014-08-18 16:09 - 00603136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-09-22 10:37 - 2014-08-18 16:08 - 02014208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-09-22 10:37 - 2014-08-18 16:07 - 01068032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2014-09-22 10:37 - 2014-08-18 15:55 - 01447424 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-09-22 10:37 - 2014-08-18 15:46 - 01812992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-09-22 10:37 - 2014-08-18 15:38 - 01190400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-09-22 10:37 - 2014-08-18 15:38 - 00775168 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-09-22 10:37 - 2014-08-18 15:36 - 00678400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2014-09-22 10:24 - 2014-06-26 21:08 - 02777088 _____ (Microsoft Corporation) C:\Windows\system32\msmpeg2vdec.dll
2014-09-22 10:24 - 2014-06-26 20:45 - 02285056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msmpeg2vdec.dll
2014-09-22 08:30 - 2014-09-22 08:30 - 00000000 ____D () C:\Users\Mark Bierman\AppData\Roaming\AVG2013
2014-09-22 08:29 - 2014-09-22 08:29 - 00000965 _____ () C:\Users\Public\Desktop\AVG.lnk
2014-09-22 08:29 - 2014-09-22 08:29 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG
2014-09-22 08:26 - 2014-09-22 08:29 - 00000000 ____D () C:\ProgramData\AVG2013
2014-09-22 08:26 - 2014-09-22 08:26 - 00000000 ___HD () C:\$AVG
2014-09-22 08:23 - 2014-10-14 08:40 - 00000000 ____D () C:\ProgramData\MFAData
2014-09-22 08:23 - 2014-09-22 09:02 - 00000000 ____D () C:\Users\Mark Bierman\AppData\Local\Avg2013
2014-09-22 08:23 - 2014-09-22 08:23 - 00000000 ____D () C:\Users\Mark Bierman\AppData\Local\MFAData
2014-09-18 09:58 - 2014-09-18 09:58 - 00000000 ____D () C:\Users\Mark Bierman\Documents\Garmin
2014-09-18 09:57 - 2014-09-18 09:57 - 00000000 ____D () C:\Users\Mark Bierman\AppData\Local\Garmin
2014-09-18 09:56 - 2014-09-18 09:56 - 00003556 _____ () C:\Windows\System32\Tasks\GarminUpdaterTask
2014-09-18 09:56 - 2014-09-18 09:56 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Garmin
2014-09-18 09:55 - 2014-09-18 09:57 - 00000000 ____D () C:\ProgramData\Package Cache
 
==================== One Month Modified Files and Folders =======
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2014-10-14 12:00 - 2009-07-14 00:13 - 00867606 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-10-14 11:55 - 2014-06-18 19:17 - 00129752 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-10-14 11:53 - 2012-04-26 09:20 - 00000000 ___RD () C:\Users\Mark Bierman\SkyDrive
2014-10-14 11:53 - 2011-04-19 23:39 - 01964709 _____ () C:\Windows\WindowsUpdate.log
2014-10-14 11:51 - 2011-04-20 16:10 - 00000936 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3557674480-255279013-434056649-1000UA.job
2014-10-14 11:16 - 2011-04-21 16:22 - 00000910 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-10-14 11:14 - 2014-03-07 12:08 - 00000604 _____ () C:\Windows\Tasks\G2MUpdateTask-S-1-5-21-3557674480-255279013-434056649-1000.job
2014-10-14 10:36 - 2011-04-21 17:26 - 00000000 ____D () C:\OUTLOOK
2014-10-14 10:25 - 2014-09-09 09:38 - 00000000 ____D () C:\Users\Mark Bierman\AppData\Roaming\gSyncit
2014-10-14 10:03 - 2009-07-13 23:45 - 00023584 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-10-14 10:03 - 2009-07-13 23:45 - 00023584 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-10-14 09:57 - 2011-11-18 10:39 - 00000000 ___RD () C:\Users\Mark Bierman\Dropbox
2014-10-14 09:56 - 2011-11-18 10:33 - 00000000 ____D () C:\Users\Mark Bierman\AppData\Roaming\Dropbox
2014-10-14 09:56 - 2011-10-11 11:07 - 00000000 ____D () C:\Users\Mark Bierman\.gstreamer-0.10
2014-10-14 09:56 - 2011-10-11 11:06 - 00000000 ____D () C:\Users\Mark Bierman\AppData\Roaming\ZumoCast
2014-10-14 09:54 - 2012-03-09 16:14 - 00000000 ____D () C:\Temp
2014-10-14 09:53 - 2014-06-18 19:17 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-10-14 09:53 - 2012-11-19 09:23 - 00000000 ____D () C:\ProgramData\NVIDIA
2014-10-14 09:53 - 2011-04-21 16:22 - 00000906 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-10-14 09:53 - 2009-07-14 00:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-10-14 09:53 - 2009-07-13 23:51 - 00095598 _____ () C:\Windows\setupact.log
2014-10-14 09:48 - 2014-04-11 09:32 - 00000000 ____D () C:\Users\Mark Bierman\AppData\Roaming\BitTorrent
2014-10-14 07:51 - 2011-04-20 16:10 - 00000884 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3557674480-255279013-434056649-1000Core.job
2014-10-13 14:21 - 2011-06-14 10:10 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Utilities
2014-10-13 10:54 - 2011-04-21 09:16 - 00000000 ____D () C:\Users\Mark Bierman\Documents\0 Spreadsheets
2014-10-13 10:40 - 2011-04-21 16:42 - 00000000 ____D () C:\Users\Mark Bierman\AppData\Roaming\GrabIt
2014-10-13 10:32 - 2014-02-19 10:43 - 00000000 ____D () C:\Users\Mark Bierman\AppData\Roaming\Mp3tag
2014-10-09 10:11 - 2012-06-05 01:22 - 00000000 ____D () C:\Users\Mark Bierman\Downloads\NPPD Auction
2014-10-09 10:10 - 2014-08-11 13:50 - 00000000 ____D () C:\Users\Mark Bierman\Downloads\NPPD auctions
2014-10-09 10:07 - 2014-02-10 11:47 - 00000000 ____D () C:\Users\Mark Bierman\Downloads\Babes
2014-10-09 10:07 - 2013-12-11 15:18 - 00000000 ____D () C:\Users\Mark Bierman\Downloads\TV Pics
2014-10-09 10:04 - 2012-02-17 16:04 - 00000000 ____D () C:\Users\Mark Bierman\Downloads\2gar
2014-10-07 10:29 - 2009-07-14 00:32 - 00000000 ____D () C:\Windows\system32\FxsTmp
2014-10-03 10:16 - 2011-04-21 09:11 - 00000000 ____D () C:\Users\Mark Bierman\Desktop\0 Job Shortcuts
2014-10-02 16:16 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\rescache
2014-10-02 13:19 - 2011-04-21 15:18 - 00000000 ____D () C:\Users\Mark Bierman\AppData\Roaming\SharpReader
2014-10-01 11:11 - 2014-06-18 19:17 - 00093400 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-10-01 11:11 - 2014-06-18 19:17 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-10-01 11:11 - 2011-04-21 13:52 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-09-30 11:59 - 2011-04-21 09:19 - 00000000 ___RD () C:\Users\Mark Bierman\Documents\My Wallpapers
2014-09-28 00:48 - 2014-03-07 12:08 - 00003648 _____ () C:\Windows\System32\Tasks\G2MUpdateTask-S-1-5-21-3557674480-255279013-434056649-1000
2014-09-25 08:16 - 2014-02-19 18:41 - 00002157 _____ () C:\Users\Mark Bierman\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Microsoft OneDrive.lnk
2014-09-23 08:28 - 2011-09-01 13:41 - 00000000 ____D () C:\Program Files (x86)\HTC
2014-09-23 08:28 - 2011-09-01 13:39 - 00000000 ____D () C:\Users\Mark Bierman\AppData\Local\Downloaded Installations
2014-09-23 08:28 - 2011-04-26 14:30 - 00000000 ____D () C:\Users\Mark Bierman\AppData\Roaming\Teleca
2014-09-23 08:26 - 2011-10-12 15:02 - 00000000 ____D () C:\Users\Mark Bierman\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Phone
2014-09-22 10:45 - 2009-07-14 00:08 - 00032564 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2014-09-22 10:37 - 2011-04-20 07:01 - 00000000 ____D () C:\ProgramData\Microsoft Help
2014-09-22 10:35 - 2011-04-20 07:40 - 00859728 _____ () C:\Windows\SysWOW64\PerfStringBackup.INI
2014-09-22 10:33 - 2013-08-12 08:40 - 00000000 ____D () C:\Windows\system32\MRT
2014-09-22 10:25 - 2011-04-20 00:19 - 101694776 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-09-22 10:24 - 2014-05-06 07:58 - 00000000 ___SD () C:\Windows\system32\CompatTel
2014-09-22 10:19 - 2011-04-21 09:53 - 00000000 ____D () C:\Users\Mark Bierman\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Audio Video
2014-09-22 08:26 - 2011-04-20 06:51 - 00000000 ____D () C:\Program Files (x86)\AVG
2014-09-22 08:19 - 2011-04-20 01:37 - 00369264 _____ () C:\Windows\PFRO.log
2014-09-18 09:57 - 2012-09-10 08:52 - 00000000 ____D () C:\Users\Mark Bierman\AppData\Roaming\Garmin
2014-09-18 09:57 - 2012-01-16 12:32 - 00000000 ____D () C:\ProgramData\GARMIN
2014-09-18 09:57 - 2012-01-16 12:32 - 00000000 ____D () C:\Program Files (x86)\Garmin
2014-09-18 09:57 - 2011-04-19 23:44 - 00000000 ____D () C:\Program Files\DIFX
2014-09-18 09:47 - 2012-09-10 08:48 - 00000000 ____D () C:\Users\Mark Bierman\AppData\Roaming\DNRGPS
2014-09-17 21:06 - 2011-11-18 10:39 - 00001000 _____ () C:\Users\Mark Bierman\Desktop\Dropbox.lnk
 
Some content of TEMP:
====================
C:\Users\Mark Bierman\AppData\Local\Temp\AcDeltree.exe
C:\Users\Mark Bierman\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpccxgvh.dll
C:\Users\Mark Bierman\AppData\Local\Temp\jna1080205931176783388.dll
C:\Users\Mark Bierman\AppData\Local\Temp\jna1249792603750668018.dll
C:\Users\Mark Bierman\AppData\Local\Temp\jna1259721639438690921.dll
C:\Users\Mark Bierman\AppData\Local\Temp\jna1297529722092955470.dll
C:\Users\Mark Bierman\AppData\Local\Temp\jna1740647102538794772.dll
C:\Users\Mark Bierman\AppData\Local\Temp\jna2461921186286634146.dll
C:\Users\Mark Bierman\AppData\Local\Temp\jna269923285590198953.dll
C:\Users\Mark Bierman\AppData\Local\Temp\jna3359491760433700109.dll
C:\Users\Mark Bierman\AppData\Local\Temp\jna3756795086450956548.dll
C:\Users\Mark Bierman\AppData\Local\Temp\jna3969833766666672244.dll
C:\Users\Mark Bierman\AppData\Local\Temp\jna4019300135418961919.dll
C:\Users\Mark Bierman\AppData\Local\Temp\jna4054994675017910250.dll
C:\Users\Mark Bierman\AppData\Local\Temp\jna4255886258593590725.dll
C:\Users\Mark Bierman\AppData\Local\Temp\jna4378579972035107963.dll
C:\Users\Mark Bierman\AppData\Local\Temp\jna4425774326368448558.dll
C:\Users\Mark Bierman\AppData\Local\Temp\jna4829100287182646844.dll
C:\Users\Mark Bierman\AppData\Local\Temp\jna4890363786551510682.dll
C:\Users\Mark Bierman\AppData\Local\Temp\jna5080389837414715564.dll
C:\Users\Mark Bierman\AppData\Local\Temp\jna5083461503821913625.dll
C:\Users\Mark Bierman\AppData\Local\Temp\jna5463705256633734942.dll
C:\Users\Mark Bierman\AppData\Local\Temp\jna6919915102075872585.dll
C:\Users\Mark Bierman\AppData\Local\Temp\jna7481507728285881198.dll
C:\Users\Mark Bierman\AppData\Local\Temp\jna7790713293959779250.dll
C:\Users\Mark Bierman\AppData\Local\Temp\jna7920475500094732441.dll
C:\Users\Mark Bierman\AppData\Local\Temp\jna801017145488103480.dll
C:\Users\Mark Bierman\AppData\Local\Temp\jna8044259168358829122.dll
C:\Users\Mark Bierman\AppData\Local\Temp\jna8527963885098719802.dll
C:\Users\Mark Bierman\AppData\Local\Temp\jna9217549820688876488.dll
C:\Users\Mark Bierman\AppData\Local\Temp\jre-6u29-windows-i586-iftw-rv.exe
C:\Users\Mark Bierman\AppData\Local\Temp\jre-6u31-windows-i586-iftw-rv.exe
C:\Users\Mark Bierman\AppData\Local\Temp\jre-6u33-windows-i586-iftw.exe
C:\Users\Mark Bierman\AppData\Local\Temp\jre-6u35-windows-i586-iftw.exe
C:\Users\Mark Bierman\AppData\Local\Temp\jre-6u37-windows-i586-iftw.exe
C:\Users\Mark Bierman\AppData\Local\Temp\jre-7u15-windows-i586-iftw.exe
C:\Users\Mark Bierman\AppData\Local\Temp\jre-7u17-windows-i586-iftw.exe
C:\Users\Mark Bierman\AppData\Local\Temp\jre-7u25-windows-i586-iftw.exe
C:\Users\Mark Bierman\AppData\Local\Temp\jre-7u45-windows-i586-iftw.exe
C:\Users\Mark Bierman\AppData\Local\Temp\jre-7u51-windows-i586-iftw.exe
C:\Users\Mark Bierman\AppData\Local\Temp\jre-7u55-windows-i586-iftw.exe
C:\Users\Mark Bierman\AppData\Local\Temp\jre-7u65-windows-i586-iftw.exe
C:\Users\Mark Bierman\AppData\Local\Temp\jre-7u67-windows-i586-iftw.exe
C:\Users\Mark Bierman\AppData\Local\Temp\MotorolaDeviceManager_2.0309.exe
C:\Users\Mark Bierman\AppData\Local\Temp\MotorolaDeviceManager_2.0403.exe
C:\Users\Mark Bierman\AppData\Local\Temp\MotorolaDeviceManager_2.0405.exe
C:\Users\Mark Bierman\AppData\Local\Temp\swt-gdip-win32-3448.dll
C:\Users\Mark Bierman\AppData\Local\Temp\swt-win32-3448.dll
C:\Users\Mark Bierman\AppData\Local\Temp\wmpfirefoxplugin.exe
C:\Users\Mark Bierman\AppData\Local\Temp\_is34C7.exe
C:\Users\Mark Bierman\AppData\Local\Temp\_is3613.exe
C:\Users\Mark Bierman\AppData\Local\Temp\_is73E8..dll
C:\Users\Mark Bierman\AppData\Local\Temp\{2D4B75DE-F78E-4699-A94B-947F2A06AF2B}-chrome_updater.exe
C:\Users\Mark Bierman\AppData\Local\Temp\{2EDC60A5-777A-4868-A913-7585E5B2F448}-34.0.1847.137_34.0.1847.131_chrome_updater.exe
C:\Users\Mark Bierman\AppData\Local\Temp\{367323B9-09A4-48C4-855C-40B7A3404EDD}-29.0.1547.62_29.0.1547.57_chrome_updater.exe
C:\Users\Mark Bierman\AppData\Local\Temp\{4CFE534E-6F39-4963-9373-803AA8B4029A}-31.0.1650.63_31.0.1650.57_chrome_updater.exe
C:\Users\Mark Bierman\AppData\Local\Temp\{989A0381-8184-4CFD-9008-97C7A4EBBA05}-chrome_updater.exe
C:\Users\Mark Bierman\AppData\Local\Temp\{9B83C473-3908-4408-A83B-0188EB48F87E}-chrome_updater.exe
C:\Users\Mark Bierman\AppData\Local\Temp\{C83E1341-3A85-4503-8FC5-7976709A980E}-chrome_updater.exe
C:\Users\Mark Bierman\AppData\Local\Temp\{D5F53B95-211C-420E-9FCE-FBA8A63114F0}-21.0.1180.89_21.0.1180.83_chrome_updater.exe
C:\Users\Mark Bierman\AppData\Local\Temp\{FF1BAE82-028B-4857-AD20-78C8C2C9C5F2}-20.0.1132.47_19.0.1084.56_chrome_updater.exe
 
 
==================== Bamital & volsnap Check =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
 
 
LastRegBack: 2014-10-06 00:13
 
==================== End Of Log ============================
 
 
 

 

Link to post
Share on other sites
jr5166

jr5166

Posted
  • Author
Posted

Addition.txt

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 12-10-2014 02

Ran by Mark Bierman at 2014-10-14 13:09:56

Running from C:\Users\Mark Bierman\Downloads

Boot Mode: Safe Mode (with Networking)

==========================================================

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: AVG AntiVirus Business Edition (Enabled - Up to date) {0E9420C4-06B3-7FA0-3AB1-6E49CB52ECD9}

AS: Windows Defender (Disabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

AS: AVG AntiVirus Business Edition (Enabled - Up to date) {B5F5C120-2089-702E-0001-553BB0D5A664}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Acronis True Image WD Edition (HKLM-x32\...\{9B683A28-2172-4CF1-B85D-41375E80652A}) (Version: 13.0.14184 - Acronis)

Adobe Acrobat 9 Pro Extended - English, Français, Deutsch (HKLM-x32\...\{AC76BA86-1033-F400-7761-000000000004}{AC76BA86-1033-F400-7761-000000000004}) (Version: 9.5.3 - Adobe Systems)

Adobe Acrobat 9 Pro Extended - English, Français, Deutsch (x32 Version: 9.5.3 - Adobe Systems) Hidden

Adobe Acrobat 9 Pro Extended 64-bit Add-On (HKLM\...\{AC76BA86-1033-0000-0064-0003D0000004}) (Version: 9.0.0 - Adobe Systems Incorporated)

Adobe Acrobat 9.5.3 - CPSID_83708 (HKLM-x32\...\{AC76BA86-1033-F400-7761-000000000004}_953) (Version: - Adobe Systems Incorporated)

Adobe Anchor Service CS3 (x32 Version: 1.0 - Adobe Systems Incorporated) Hidden

Adobe Asset Services CS3 (x32 Version: 3 - Adobe Systems Incorporated) Hidden

Adobe Bridge CS4 (x32 Version: 3 - Adobe Systems Incorporated) Hidden

Adobe Bridge Start Meeting (x32 Version: 1.0 - Adobe Systems Incorporated) Hidden

Adobe CMaps (x32 Version: 1.0 - Adobe Systems Incorporated) Hidden

Adobe Color - Photoshop Specific (x32 Version: 1.0 - Adobe Systems Incorporated) Hidden

Adobe Color Common Settings (x32 Version: 1.0 - Adobe Systems Incorporated) Hidden

Adobe Color EU Extra Settings (x32 Version: 1.0 - Adobe Systems Incorporated) Hidden

Adobe Color JA Extra Settings (x32 Version: 1.0 - Adobe Systems Incorporated) Hidden

Adobe Color NA Recommended Settings (x32 Version: 1.0 - Adobe Systems Incorporated) Hidden

Adobe Default Language CS3 (x32 Version: 1.0 - Adobe Systems Incorporated) Hidden

Adobe Device Central CS3 (x32 Version: 1.0 - Adobe Systems Incorporated) Hidden

Adobe ExtendScript Toolkit 2 (x32 Version: 2.0.1 - Adobe Systems Incorporated) Hidden

Adobe Flash Player 11 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 11.7.700.169 - Adobe Systems Incorporated)

Adobe Fonts All (x32 Version: 1.0 - Adobe Systems Incorporated) Hidden

Adobe Help Viewer CS3 (x32 Version: 1 - Adobe Systems Incorporated) Hidden

Adobe Linguistics CS3 (x32 Version: 3.0.0 - Adobe Systems Incorporated) Hidden

Adobe PDF Library Files (x32 Version: 8.0 - Adobe Systems Incorporated) Hidden

Adobe Photoshop CS4 (HKLM-x32\...\Adobe_b741c3c52d3108664cedeb2b76f6d96) (Version: 11.0 - Adobe Systems Incorporated)

Adobe Photoshop CS4 (x32 Version: 11.0 - Adobe Systems Incorporated) Hidden

Adobe Setup (x32 Version: 1.0 - Adobe Systems Incorporated) Hidden

Adobe Shockwave Player 11.5 (HKLM-x32\...\Adobe Shockwave Player) (Version: 11.5.9.620 - Adobe Systems, Inc.)

Adobe Type Support (x32 Version: 1.0 - Adobe Systems Incorporated) Hidden

Adobe Update Manager CS3 (x32 Version: 5.1.0 - Adobe Systems Incorporated) Hidden

Adobe Version Cue CS3 Client (x32 Version: 3 - Adobe Systems Incorporated) Hidden

Adobe WinSoft Linguistics Plugin (x32 Version: 1.0 - Adobe Systems Incorporated) Hidden

Adobe XMP Panels CS3 (x32 Version: 1.0 - Adobe Systems Incorporated) Hidden

Advanced PDF Password Recovery (HKLM-x32\...\Advanced PDF Password Recovery) (Version: - )

Aiseesoft Blu-ray Ripper 3.3.12 (HKLM-x32\...\{D1B455C8-C170-44fe-8A90-31263B5153C2}_is1) (Version: - )

Amazon MP3 Downloader 1.0.17 (HKLM-x32\...\Amazon MP3 Downloader) (Version: 1.0.17 - Amazon Services LLC)

Android SDK Tools (HKLM-x32\...\Android SDK Tools) (Version: 1.16 - Google Inc.)

Android Sync Manager WiFi (HKLM-x32\...\{13D946AF-DAD9-0200-0000-000000000000}) (Version: 11.10.2763 - Mobile Action)

Aneesoft DVD Show (HKLM-x32\...\Aneesoft DVD Show_is1) (Version: - Aneesoft Corporation)

ANT Drivers Installer x64 (Version: 2.3.4 - Garmin Ltd or its subsidiaries) Hidden

AutoCAD Architecture 2012 - English (HKLM\...\AutoCAD Architecture 2012 - English) (Version: 6.7.49.0 - Autodesk)

AutoCAD Architecture 2012 - English (Version: 6.7.49.0 - Autodesk) Hidden

AutoCAD Architecture 2012 Language Pack - English (Version: 18.2.51.0 - Autodesk) Hidden

Autodesk Buzzsaw 2013.1.27.1368 (HKLM-x32\...\Autodesk Buzzsaw 2013) (Version: 2013.1.27.1368 - Autodesk)

Autodesk Content Service (HKLM-x32\...\{086F9A69-CD39-4893-A9FB-D3A0634CE3F7}) (Version: 2.0.90 - Autodesk)

Autodesk Inventor Fusion 2012 (HKLM\...\Autodesk Inventor Fusion 2012) (Version: 1.0.0.79 - Autodesk, Inc.)

Autodesk Inventor Fusion 2012 (Version: 1.0.0.79 - Autodesk, Inc.) Hidden

Autodesk Inventor Fusion 2012 Language Pack (Version: 1.0.0.79 - Autodesk, Inc.) Hidden

Autodesk Material Library 2012 (HKLM-x32\...\{8F0837C2-EE09-4903-88F3-1976FE7FFF4E}) (Version: 2.5.0.8 - Autodesk)

Autodesk Material Library Base Resolution Image Library 2012 (HKLM-x32\...\{65420DC9-306E-4371-905F-F4DC3B418E52}) (Version: 2.5.0.8 - Autodesk)

AVG (HKLM\...\AVG) (Version: 3469 - AVG Technologies)

AVG 2013 (Version: 13.0.3485 - AVG Technologies) Hidden

AVG 2013 (Version: 13.0.4031 - AVG Technologies) Hidden

Avidemux 2.6 (HKLM-x32\...\Avidemux 2.6 (64-bit)) (Version: 2.6.0.8179 - )

BDlot DVD Clone Ultimate 3.1.2 (HKLM\...\BDlot DVD Clone Ultimate_is1) (Version: - LotSoft)

Bing Desktop (HKLM-x32\...\{7D095455-D971-4D4C-9EFD-9AF6A6584F3A}) (Version: 1.3.470.0 - Microsoft Corporation)

BitTorrent (HKCU\...\BitTorrent) (Version: 7.9.2.32241 - BitTorrent Inc.)

Blender (HKLM\...\Blender) (Version: 2.63-release - Blender Foundation)

BSDWsClient (HKLM-x32\...\{1BE2DA2B-B212-4DB5-8E03-8CC2B12DAFAF}) (Version: 1.2.0 - Building Systems Design)

Bulk Rename Utility 2.7.1.2 (HKLM-x32\...\Bulk Rename Utility_is1) (Version: - TGRMN Software)

Bully Dog Update Agent (HKCU\...\eb84c36a65d99d50) (Version: 1.1.1.16 - Bully Dog Technologies)

CDex extraction audio (HKLM-x32\...\CDex) (Version: - )

Celestia 1.4.1 (HKLM-x32\...\Celestia_is1) (Version: - Shatters Software)

Chief Architect Full Version (HKLM-x32\...\{2B82EF41-0E63-474D-8C5F-A8EFD0FF3497}) (Version: 10.0 - ART Inc)

Citrix Online Launcher (HKLM-x32\...\{AC7E7905-8C59-4806-A96D-30936A2B1FC5}) (Version: 1.0.168 - Citrix)

Comic Reader (HKLM-x32\...\{22D73BE1-54C5-48BC-B4D8-712963229350}) (Version: - )

Convert Audio Free FLAC to MP3 version 1.0 (HKLM-x32\...\Convert Audio Free FLAC to MP3_is1) (Version: 1.0 - )

CopyTrans Suite Remove Only (HKCU\...\CopyTrans Suite) (Version: 2.27 - WindSolutions)

D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden

DAEMON Tools Lite (HKLM-x32\...\DAEMON Tools Lite) (Version: 4.45.4.0315 - DT Soft Ltd)

Data Lifeguard Diagnostic for Windows 1.24 (HKLM-x32\...\{519C4DB6-B53B-4F5C-8297-89B2BE949FA5}_is1) (Version: - Western Digital Corporation)

Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{650DE870-ECA3-4E63-8D77-778512BE5D4C}) (Version: - Microsoft)

Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition (HKLM-x32\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{650DE870-ECA3-4E63-8D77-778512BE5D4C}) (Version: - Microsoft)

DESI Labeling System (HKLM-x32\...\DESI Labeling System 3.3.4.0) (Version: 3.1.10.1 - DESI Telephone Labels, Inc.)

DESI Labeling System (x32 Version: 3.3.4.0 - DESI Telephone Labels, Inc.) Hidden

Direct WAV MP3 Splitter version 2.7.0.25 (HKLM-x32\...\Direct WAV MP3 Splitter_is1) (Version: 2.7.0.25 - Piston Software)

DocuBuilder (HKLM-x32\...\{DD6E4317-B600-41CF-8171-2693F0BB90BF}) (Version: 7.00 - Associated General Contractors of America)

Dropbox (HKCU\...\Dropbox) (Version: 2.10.30 - Dropbox, Inc.)

DVD Decrypter (Remove Only) (HKLM-x32\...\DVD Decrypter) (Version: - )

DVD Shrink 3.2 (HKLM-x32\...\DVD Shrink_is1) (Version: - DVD Shrink)

DVDFab 8.1.6.3 (11/02/2012) Qt (HKLM-x32\...\DVDFab 8 Qt_is1) (Version: - Fengtao Software Inc.)

DVDFab Decrypter 2.9.7.3 (HKLM-x32\...\DVDFab Decrypter_is1) (Version: - Fengtao Software Inc.)

EASEUS Partition Master 9.1.1 Professional (HKLM-x32\...\EASEUS Partition Master Professional Edition_is1) (Version: - EASEUS)

Elevated Installer (x32 Version: 3.2.18.0 - Garmin Ltd or its subsidiaries) Hidden

ENERCALC Structural Engineering Library 6.0.18 (HKLM-x32\...\{4E7C8500-3D69-11DB-390C-1F56BA3C7E87}) (Version: 6.0.18 - ENERCALC Engineering Software, INC.)

eReg (x32 Version: 1.20.138.34 - Logitech, Inc.) Hidden

Evernote v. 5.6.4 (HKLM-x32\...\{DFDF0BE2-2D71-11E4-9454-00163E98E7D6}) (Version: 5.6.4.4632 - Evernote Corp.)

FARO LS 1.1.406.58 (HKLM-x32\...\{951B0F30-9F1A-4BF6-B3DA-99EB0E917B1C}) (Version: 4.6.58.2 - FARO Scanner Production)

Fathom It! (HKCU\...\Fathom It) (Version: - Mountain Vista Software)

Freemake Video Converter version 2.2.0 (HKLM-x32\...\Freemake Video Converter_is1) (Version: 2.2.0 - Ellora Assets Corporation)

Garmin Express (HKLM-x32\...\{22939821-cd61-449c-8a03-cff0af03c156}) (Version: 3.2.18.0 - Garmin Ltd or its subsidiaries)

Garmin Express (x32 Version: 3.2.18.0 - Garmin Ltd or its subsidiaries) Hidden

Garmin Express Tray (x32 Version: 3.2.18.0 - Garmin Ltd or its subsidiaries) Hidden

Garmin USB Drivers (HKLM-x32\...\{3D5D6CFC-3097-425A-8D8F-7EAF5D57641D}) (Version: 2.3.1.0 - Garmin Ltd or its subsidiaries)

Garmin VoiceStudio v2.10 (HKLM-x32\...\{AB4EDC19-3B5E-4838-80E7-92454323B0FE}) (Version: 2.10.0.0 - Garmin Ltd or its subsidiaries)

Google Chrome (HKCU\...\Google Chrome) (Version: 37.0.2062.124 - Google Inc.)

Google Earth (HKLM-x32\...\{4D2A6330-2F8B-11E3-9C40-B8AC6F97B88E}) (Version: 7.1.2.2041 - Google)

Google SketchUp 8 (HKLM-x32\...\{3544DED1-07DB-40C0-98F3-435A6DA195C7}) (Version: 3.0.14346 - Google, Inc.)

Google SketchUp Pro 7 (HKLM-x32\...\{CA9483A2-742A-4A72-881D-B81C6B1ACB3E}) (Version: 2.1.6860 - Google, Inc.)

Google Toolbar for Internet Explorer (HKLM-x32\...\{2318C2B1-4965-11d4-9B18-009027A5CD4F}) (Version: 7.5.5111.1712 - Google Inc.)

Google Toolbar for Internet Explorer (x32 Version: 1.0.0 - Google Inc.) Hidden

Google Update Helper (x32 Version: 1.3.24.15 - Google Inc.) Hidden

GoToMeeting 6.4.3.1767 (HKCU\...\GoToMeeting) (Version: 6.4.3.1767 - CitrixOnline)

GrabIt 1.7.2 Beta 4 (build 997) (HKLM-x32\...\GrabIt_is1) (Version: - Ilan Shemes)

gSyncit (HKLM-x32\...\{8570C7DF-6C68-42D7-A619-46180F817FBA}) (Version: 3.8.141 - Fieldston Software)

HTC Driver Installer (HKLM-x32\...\{6D6664A9-3342-4948-9B7E-034EFE366F0F}) (Version: 2.0.7.018 - HTC Corporation)

Image Resizer Powertoy Clone for Windows (64 bit) (HKLM\...\{80A620C1-B22C-4781-A351-B14B8A37BFE3}) (Version: 2.1 - Brice Lambson)

IrfanView (remove only) (HKLM-x32\...\IrfanView) (Version: 4.30 - Irfan Skiljan)

J2SE Runtime Environment 5.0 Update 6 (HKLM-x32\...\{3248F0A8-6813-11D6-A77B-00B0D0150060}) (Version: 1.5.0.60 - Sun Microsystems, Inc.)

Java 7 Update 67 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83217045FF}) (Version: 7.0.670 - Oracle)

Java Auto Updater (x32 Version: 2.1.67.1 - Oracle, Inc.) Hidden

Limcon V3 (HKLM-x32\...\Limcon V3) (Version: - )

Logitech SetPoint 6.32 (HKLM\...\sp6) (Version: 6.32.20 - Logitech)

Malwarebytes Anti-Malware version 2.0.3.1025 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.3.1025 - Malwarebytes Corporation)

Mathcad 13 (HKLM-x32\...\{E8334783-E2F9-4CA6-86F8-090051418F09}) (Version: 13.00.0000 - Mathsoft)

Mesh Runtime (x32 Version: 15.4.5722.2 - Microsoft Corporation) Hidden

Microsoft .NET Framework 1.1 (HKLM-x32\...\{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}) (Version: 1.1.4322 - Microsoft)

Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)

Microsoft .NET Framework 4.5.1 (Version: 4.5.50938 - Microsoft Corporation) Hidden

Microsoft Application Error Reporting (Version: 12.0.6015.5000 - Microsoft Corporation) Hidden

Microsoft Location Finder (HKLM-x32\...\{9D18F7F8-B984-4249-8512-CC621BC59F12}) (Version: 1.2.0 - Microsoft Corporation)

Microsoft Office Access MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden

Microsoft Office Access Setup Metadata MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden

Microsoft Office Excel MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden

Microsoft Office Groove MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden

Microsoft Office Home and Business 2010 (HKLM-x32\...\Office14.SingleImage) (Version: 14.0.7015.1000 - Microsoft Corporation)

Microsoft Office InfoPath MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden

Microsoft Office Office 64-bit Components 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden

Microsoft Office OneNote MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden

Microsoft Office Outlook MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden

Microsoft Office PowerPoint MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden

Microsoft Office Professional Plus 2010 (HKLM-x32\...\Office14.PROPLUSR) (Version: 14.0.7015.1000 - Microsoft Corporation)

Microsoft Office Professional Plus 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden

Microsoft Office Project Professional 2003 (HKLM-x32\...\{903B0409-6000-11D3-8CFE-0150048383C9}) (Version: 11.0.8173.0 - Microsoft Corporation)

Microsoft Office Proof (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden

Microsoft Office Proof (French) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden

Microsoft Office Proof (Spanish) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden

Microsoft Office Proofing (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden

Microsoft Office Publisher MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden

Microsoft Office Shared 64-bit MUI (English) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden

Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden

Microsoft Office Shared MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden

Microsoft Office Shared Setup Metadata MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden

Microsoft Office Single Image 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden

Microsoft Office Word MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden

Microsoft OneDrive (HKCU\...\OneDriveSetup.exe) (Version: 17.3.1229.0918 - Microsoft Corporation)

Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)

Microsoft SQL Server 2005 (HKLM-x32\...\Microsoft SQL Server 2005) (Version: - Microsoft Corporation)

Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)

Microsoft SQL Server 2005 Express Edition (MYMOVIES) (x32 Version: 9.4.5000.00 - Microsoft Corporation) Hidden

Microsoft SQL Server 2005 Tools Express Edition (x32 Version: 9.4.5000.00 - Microsoft Corporation) Hidden

Microsoft SQL Server Native Client (HKLM\...\{9ACF3FDB-C8E6-444C-8C64-13A221F7BFFD}) (Version: 9.00.5000.00 - Microsoft Corporation)

Microsoft SQL Server Setup Support Files (English) (HKLM-x32\...\{53F5C3EE-05ED-4830-994B-50B2F0D50FCE}) (Version: 9.00.5000.00 - Microsoft Corporation)

Microsoft SQL Server VSS Writer (HKLM\...\{B636C9B9-A3F2-4DCE-ADCC-72E095018385}) (Version: 9.00.5000.00 - Microsoft Corporation)

Microsoft Streets & Trips 2006 (HKLM-x32\...\{83ED1E80-A1B7-4226-BCF1-AC4A88151A6B}) (Version: 13.00.09.0200 - Microsoft Corporation)

Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053 (HKLM\...\{B6E3757B-5E77-3915-866A-CCFC4B8D194C}) (Version: 8.0.50727.4053 - Microsoft Corporation)

Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)

Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)

Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{A49F249F-0C91-497F-86DF-B2585E8E76B7}) (Version: 8.0.50727.42 - Microsoft Corporation)

Microsoft Visual C++ 2005 Redistributable (x64) - KB2467175 (HKLM\...\{aac9fcc4-dd9e-4add-901c-b5496a07ab2e}) (Version: 8.0.51011 - Microsoft Corporation)

Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)

Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation)

Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6E8E85E8-CE4B-4FF5-91F7-04999C9FAE6A}) (Version: 8.0.50727.42 - Microsoft Corporation)

Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)

Microsoft Visual C++ 2008 Redistributable - KB2467174 - x64 9.0.30729.5570 (HKLM\...\{8338783A-0968-3B85-AFC7-BAAE0A63DC50}) (Version: 9.0.30729.5570 - Microsoft Corporation)

Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 (HKLM-x32\...\{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}) (Version: 9.0.30729.5570 - Microsoft Corporation)

Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)

Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)

Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)

Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)

Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)

Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005 (HKLM-x32\...\{ce085a78-074e-4823-8dc1-8a721b94b76d}) (Version: 12.0.21005.1 - Microsoft Corporation)

Microsoft Visual C++ 2013 x86 Additional Runtime - 12.0.21005 (x32 Version: 12.0.21005 - Microsoft Corporation) Hidden

Microsoft Visual C++ 2013 x86 Minimum Runtime - 12.0.21005 (x32 Version: 12.0.21005 - Microsoft Corporation) Hidden

MotoHelper MergeModules (x32 Version: 1.2.0 - Motorola) Hidden

Motorola Device Manager (HKLM-x32\...\{28DB8373-C1BB-444F-A427-A55585A12ED7}) (Version: 2.4.5 - Motorola Mobility)

Motorola Device Software Update (x32 Version: 13.09.3001 - Motorola Mobility) Hidden

Motorola Mobile Drivers Installation 6.3.0 (HKLM\...\{759E6A2F-1F01-45EF-A0C4-22F1B56CB975}) (Version: 6.3.0 - Motorola Mobility LLC)

Mozilla Firefox 21.0 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 21.0 (x86 en-US)) (Version: 21.0 - Mozilla)

Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 21.0 - Mozilla)

Mp3tag v2.62 (HKLM-x32\...\Mp3tag) (Version: v2.62 - Florian Heidenreich)

MSVCRT (x32 Version: 15.4.2862.0708 - Microsoft) Hidden

MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)

MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)

MSXML 4.0 SP2 Parser and SDK (HKLM-x32\...\{716E0306-8318-4364-8B8F-0CC4E9376BAC}) (Version: 4.20.9818.0 - Microsoft Corporation)

MSXML 4.0 SP3 Parser (HKLM-x32\...\{196467F1-C11F-4F76-858B-5812ADC83B94}) (Version: 4.30.2100.0 - Microsoft Corporation)

MSXML 4.0 SP3 Parser (KB2758694) (HKLM-x32\...\{1D95BA90-F4F8-47EC-A882-441C99D30C1E}) (Version: 4.30.2117.0 - Microsoft Corporation)

My Movies Collection Management (HKLM-x32\...\{20AF2EC0-C0C8-44EB-8747-B6DD82E57CC5}) (Version: 4.0.6.100 - Binnerup Consult)

MyAttorney Home & Business (HKLM-x32\...\MyAttorney Home & Business) (Version: 3.1.0.0 - Avanquest)

MyPhoneExplorer (HKLM-x32\...\MPE) (Version: 1.8.2 - F.J. Wechselberger)

Nero Burning ROM 10 (HKLM-x32\...\{7A5D731D-B4B3-490E-B339-75685712BAAB}) (Version: 10.2.11000.12.100 - Nero AG)

Nero Burning ROM 10 (HKLM-x32\...\{FE83F463-7E61-4B18-9FA0-B94B90A0B6B9}) (Version: 10.5.10300 - Nero AG)

Nero BurningROM 10 Help (CHM) (x32 Version: 10.5.10100 - Nero AG) Hidden

Nero BurnRights 10 (HKLM-x32\...\{943CFD7D-5336-47AF-9418-E02473A5A517}) (Version: 4.2.10300.0.102 - Nero AG)

Nero BurnRights 10 Help (CHM) (x32 Version: 10.5.10000 - Nero AG) Hidden

Nero Control Center 10 (x32 Version: 10.2.10600.0.6 - Nero AG) Hidden

Nero ControlCenter 10 Help (CHM) (x32 Version: 10.5.10000 - Nero AG) Hidden

Nero Core Components 10 (x32 Version: 2.0.17400.8.2 - Nero AG) Hidden

Nero Update (HKLM-x32\...\{65BB0407-4CC8-4DC7-952E-3EEFDF05602A}) (Version: 1.0.0018 - Nero AG)

NVIDIA 3D Vision Driver 311.06 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 311.06 - NVIDIA Corporation)

NVIDIA Control Panel 311.06 (Version: 311.06 - NVIDIA Corporation) Hidden

NVIDIA Graphics Driver 311.06 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 311.06 - NVIDIA Corporation)

NVIDIA Install Application (Version: 2.1002.108.688 - NVIDIA Corporation) Hidden

NVIDIA Stereoscopic 3D Driver (x32 Version: 7.17.13.1106 - NVIDIA Corporation) Hidden

NVIDIA Update 1.11.3 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update) (Version: 1.11.3 - NVIDIA Corporation)

NVIDIA Update Components (Version: 1.11.3 - NVIDIA Corporation) Hidden

ObjectDock Free (HKLM-x32\...\ObjectDock Free2.00) (Version: 2.00 - Stardock Corporation)

Océ WPD (HKLM-x32\...\{3597D6BD-0E73-11D5-AB8A-00D0B7A62D54}) (Version: - Oce-Technologies B.V.)

OneTouch 4.0 (HKLM\...\{9B575496-A9BD-4C5E-8748-5C41ECCDA795}) (Version: 4.1.0 - Visioneer)

Opera 12.16 (HKLM-x32\...\Opera 12.16.1860) (Version: 12.16.1860 - Opera Software ASA)

OXD Software Movie Organizer (HKLM-x32\...\{DCC6F193-33DE-4558-9CD3-5112388CF529}) (Version: 2.7.7 - OXD Software)

PDF Settings (x32 Version: 1.0 - Adobe Systems Incorporated) Hidden

PDF-Tools 4 (HKLM\...\{14EC807A-F88E-4FCF-8013-CB909F930E88}_is1) (Version: 4.0.201.0 - Tracker Software Products Ltd)

Photoshop Camera Raw (x32 Version: 5.0 - Adobe Systems Incorporated) Hidden

Picasa 3 (HKLM-x32\...\Picasa 3) (Version: 3.8 - Google, Inc.)

Presto! BizCard 5 (English Version) (HKLM-x32\...\{EE99E4FB-ED4C-4303-A490-C05948287123}) (Version: 5.20.51 - NewSoft)

PsychicMP3 v2.00 (HKLM-x32\...\{754AFD82-CDB9-4DED-9192-BA39D47589BC}) (Version: - )

QuickPar 0.9 (HKLM-x32\...\QuickPar) (Version: 0.9 - Peter B. Clements)

Realtek Ethernet Controller Driver For Windows 7 (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.23.623.2010 - Realtek)

Realtek HDMI Audio Driver for ATI (HKLM-x32\...\{5449FB4F-1802-4D5B-A6D8-087DB1142147}) (Version: 6.0.1.6121 - Realtek Semiconductor Corp.)

Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6151 - Realtek Semiconductor Corp.)

RealWorld Paint (HKLM-x32\...\{DCBADAAD-6AAE-497D-BF1D-FD402BEF6A88}) (Version: 11.1.0 - RealWorld Graphics)

Red Head Truspec Anchor Calculation (HKLM-x32\...\{81882D85-3ACF-4317-9153-244485BD9820}) (Version: 1.0 - ITW Commercial Construction North America)

RISA-3D (HKLM-x32\...\{B18E3981-59AD-11D5-9D00-00B0D0E6A72E}) (Version: - )

RISASection (HKLM-x32\...\{E25AA2F0-2D3A-11D5-96C4-000102846A2D}) (Version: - )

SeaTools for Windows (HKLM-x32\...\{98613C99-1399-416C-A07C-1EE1C585D872}) (Version: 1.2.0.6 - Seagate Technology)

Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{DE28B448-32E8-4E8F-84F0-A52B21A49B5B}) (Version: - Microsoft)

Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM-x32\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{DE28B448-32E8-4E8F-84F0-A52B21A49B5B}) (Version: - Microsoft)

Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (x32 Version: - Microsoft) Hidden

SHARP MX/DX Series PCL/PS Printer Driver (HKLM-x32\...\SHARP MX-2300 2700 3500 4500 Series PCL PS Printer Driver) (Version: 1.00.000 - SHARP)

Sharpdesk (HKLM-x32\...\InstallShield_{0AEF384B-610F-4309-8DA3-91834FE4E80E}) (Version: 3.2 - SHARP CORPORATION)

Sharpdesk (x32 Version: 3.2 - SHARP CORPORATION) Hidden

SharpReader 0.9.7.0 (HKLM-x32\...\SharpReader_is1) (Version: - Luke Hutteman)

SSClient (HKLM-x32\...\{FBD62A5C-F9AF-4545-976F-A6FE59E488E1}) (Version: 2.00.0000 - Square 9 Softworks)

StruCalc 8.0.85 (HKLM-x32\...\{19D697C4-FD79-45CE-AE2E-0A3B13404FC7}) (Version: 8.0.85 - Cascade Consulting Associates, Inc.)

Structural Engineering Library (HKLM-x32\...\Structural Engineering Library) (Version: - )

UltraMon (HKLM\...\{537056B7-32A4-4408-9B54-0341963C7C9C}) (Version: 3.1.0 - Realtime Soft Ltd)

Update for Microsoft Access 2010 (KB2553446) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{B4A38370-2ADB-46B0-A1B0-0C4A2F7DCA31}) (Version: - Microsoft)

Update for Microsoft Access 2010 (KB2553446) 32-Bit Edition (HKLM-x32\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{B4A38370-2ADB-46B0-A1B0-0C4A2F7DCA31}) (Version: - Microsoft)

Update for Microsoft Excel 2010 (KB2889836) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{9179FC17-97A8-4D98-9E09-05720AF5D44E}) (Version: - Microsoft)

Update for Microsoft Excel 2010 (KB2889836) 32-Bit Edition (HKLM-x32\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{9179FC17-97A8-4D98-9E09-05720AF5D44E}) (Version: - Microsoft)

Update for Microsoft Filter Pack 2.0 (KB2878281) 32-Bit Edition (HKLM-x32\...\{90140000-002A-0000-1000-0000000FF1CE}_Office14.PROPLUSR_{302A8FE3-EBF5-486C-A431-16A1CD914443}) (Version: - Microsoft)

Update for Microsoft Filter Pack 2.0 (KB2878281) 32-Bit Edition (HKLM-x32\...\{90140000-002A-0000-1000-0000000FF1CE}_Office14.SingleImage_{302A8FE3-EBF5-486C-A431-16A1CD914443}) (Version: - Microsoft)

Update for Microsoft Filter Pack 2.0 (KB2878281) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{302A8FE3-EBF5-486C-A431-16A1CD914443}) (Version: - Microsoft)

Update for Microsoft Filter Pack 2.0 (KB2878281) 32-Bit Edition (HKLM-x32\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{302A8FE3-EBF5-486C-A431-16A1CD914443}) (Version: - Microsoft)

Update for Microsoft InfoPath 2010 (KB2817369) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{4EEA3D3E-989C-4DF4-AB0A-3042C0C12AA3}) (Version: - Microsoft)

Update for Microsoft InfoPath 2010 (KB2817369) 32-Bit Edition (HKLM-x32\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{4EEA3D3E-989C-4DF4-AB0A-3042C0C12AA3}) (Version: - Microsoft)

Update for Microsoft InfoPath 2010 (KB2817396) 32-Bit Edition (HKLM-x32\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{39767ECA-1731-45DB-AB5B-6BF40E151D66}) (Version: - Microsoft)

Update for Microsoft Office 2010 (KB2494150) (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{3FCFD88F-4D13-4F38-8625-ABABEA7F61EA}) (Version: - Microsoft)

Update for Microsoft Office 2010 (KB2589298) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{DADF7E25-FFA4-4D02-BE84-1DAE62C18516}) (Version: - Microsoft)

Update for Microsoft Office 2010 (KB2589298) 32-Bit Edition (HKLM-x32\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{DADF7E25-FFA4-4D02-BE84-1DAE62C18516}) (Version: - Microsoft)

Update for Microsoft Office 2010 (KB2589352) 32-Bit Edition (HKLM-x32\...\{90140000-002A-0000-1000-0000000FF1CE}_Office14.PROPLUSR_{F4284D93-7AE8-4309-8CF3-9AD394F35F3A}) (Version: - Microsoft)

Update for Microsoft Office 2010 (KB2589352) 32-Bit Edition (HKLM-x32\...\{90140000-002A-0000-1000-0000000FF1CE}_Office14.SingleImage_{F4284D93-7AE8-4309-8CF3-9AD394F35F3A}) (Version: - Microsoft)

Update for Microsoft Office 2010 (KB2589352) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{F4284D93-7AE8-4309-8CF3-9AD394F35F3A}) (Version: - Microsoft)

Update for Microsoft Office 2010 (KB2589352) 32-Bit Edition (HKLM-x32\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{F4284D93-7AE8-4309-8CF3-9AD394F35F3A}) (Version: - Microsoft)

Update for Microsoft Office 2010 (KB2589375) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{287A1E92-9E41-4BC1-8920-B3D0E9220800}) (Version: - Microsoft)

Update for Microsoft Office 2010 (KB2589375) 32-Bit Edition (HKLM-x32\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{287A1E92-9E41-4BC1-8920-B3D0E9220800}) (Version: - Microsoft)

Update for Microsoft Office 2010 (KB2597087) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{9D69691D-823D-4C3E-9B12-563A3F520366}) (Version: - Microsoft)

Update for Microsoft Office 2010 (KB2597087) 32-Bit Edition (HKLM-x32\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{9D69691D-823D-4C3E-9B12-563A3F520366}) (Version: - Microsoft)

Update for Microsoft Office 2010 (KB2687502) 32-Bit Edition (HKLM-x32\...\{90140000-001F-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{7DE7DF97-82FE-4B3A-AB8D-1621F9CC464A}) (Version: - Microsoft)

Update for Microsoft Office 2010 (KB2687502) 32-Bit Edition (HKLM-x32\...\{90140000-001F-0409-0000-0000000FF1CE}_Office14.SingleImage_{7DE7DF97-82FE-4B3A-AB8D-1621F9CC464A}) (Version: - Microsoft)

Update for Microsoft Office 2010 (KB2760598) 32-Bit Edition (HKLM-x32\...\{90140000-002A-0000-1000-0000000FF1CE}_Office14.PROPLUSR_{ECFE33A3-B8B7-439A-ADE4-59FBD29EF9B8}) (Version: - Microsoft)

Update for Microsoft Office 2010 (KB2760598) 32-Bit Edition (HKLM-x32\...\{90140000-002A-0000-1000-0000000FF1CE}_Office14.SingleImage_{ECFE33A3-B8B7-439A-ADE4-59FBD29EF9B8}) (Version: - Microsoft)

Update for Microsoft Office 2010 (KB2760598) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{ECFE33A3-B8B7-439A-ADE4-59FBD29EF9B8}) (Version: - Microsoft)

Update for Microsoft Office 2010 (KB2760598) 32-Bit Edition (HKLM-x32\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{ECFE33A3-B8B7-439A-ADE4-59FBD29EF9B8}) (Version: - Microsoft)

Update for Microsoft Office 2010 (KB2760631) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{35698CB7-AAA2-4577-B505-DBFF504AEF23}) (Version: - Microsoft)

Update for Microsoft Office 2010 (KB2760631) 32-Bit Edition (HKLM-x32\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{35698CB7-AAA2-4577-B505-DBFF504AEF23}) (Version: - Microsoft)

Update for Microsoft Office 2010 (KB2794737) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{5AA578BB-759C-40FD-9661-A737C0884541}) (Version: - Microsoft)

Update for Microsoft Office 2010 (KB2794737) 32-Bit Edition (HKLM-x32\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{5AA578BB-759C-40FD-9661-A737C0884541}) (Version: - Microsoft)

Update for Microsoft Office 2010 (KB2825635) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{F1A20C69-9FE5-40FD-9CD5-84EABC2EF64A}) (Version: - Microsoft)

Update for Microsoft Office 2010 (KB2825635) 32-Bit Edition (HKLM-x32\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{F1A20C69-9FE5-40FD-9CD5-84EABC2EF64A}) (Version: - Microsoft)

Update for Microsoft Office 2010 (KB2825640) 32-Bit Edition (HKLM-x32\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{BA610006-2C39-4419-9834-CF61AB24810A}) (Version: - Microsoft)

Update for Microsoft Office 2010 (KB2837581) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{334FB202-28D7-4BA4-8BC9-4FE4AB233EA0}) (Version: - Microsoft)

Update for Microsoft Office 2010 (KB2837581) 32-Bit Edition (HKLM-x32\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{334FB202-28D7-4BA4-8BC9-4FE4AB233EA0}) (Version: - Microsoft)

Update for Microsoft Office 2010 (KB2837606) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{B0D672F7-883E-4279-8E75-D97A5445AB46}) (Version: - Microsoft)

Update for Microsoft Office 2010 (KB2837606) 32-Bit Edition (HKLM-x32\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{B0D672F7-883E-4279-8E75-D97A5445AB46}) (Version: - Microsoft)

Update for Microsoft Office 2010 (KB2878252) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{B0DB9F71-E0F7-4FE6-8925-35B860CAC0C4}) (Version: - Microsoft)

Update for Microsoft Office 2010 (KB2878252) 32-Bit Edition (HKLM-x32\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{B0DB9F71-E0F7-4FE6-8925-35B860CAC0C4}) (Version: - Microsoft)

Update for Microsoft Office 2010 (KB2881028) 32-Bit Edition (HKLM-x32\...\{90140000-001F-040C-0000-0000000FF1CE}_Office14.PROPLUSR_{089DBFD7-8211-43B2-AAAE-5BDD8C23E3A8}) (Version: - Microsoft)

Update for Microsoft Office 2010 (KB2881028) 32-Bit Edition (HKLM-x32\...\{90140000-001F-040C-0000-0000000FF1CE}_Office14.SingleImage_{089DBFD7-8211-43B2-AAAE-5BDD8C23E3A8}) (Version: - Microsoft)

Update for Microsoft Office 2010 (KB2881028) 32-Bit Edition (HKLM-x32\...\{90140000-001F-0C0A-0000-0000000FF1CE}_Office14.PROPLUSR_{794A0574-4E2F-4D58-B2A0-D7460ACDC85C}) (Version: - Microsoft)

Update for Microsoft Office 2010 (KB2881028) 32-Bit Edition (HKLM-x32\...\{90140000-001F-0C0A-0000-0000000FF1CE}_Office14.SingleImage_{794A0574-4E2F-4D58-B2A0-D7460ACDC85C}) (Version: - Microsoft)

Update for Microsoft OneNote 2010 (KB2837595) 32-Bit Edition (HKLM-x32\...\{90140000-002A-0000-1000-0000000FF1CE}_Office14.PROPLUSR_{51CCA922-A0CC-47C4-8910-6936D97CAC2E}) (Version: - Microsoft)

Update for Microsoft OneNote 2010 (KB2837595) 32-Bit Edition (HKLM-x32\...\{90140000-002A-0000-1000-0000000FF1CE}_Office14.SingleImage_{51CCA922-A0CC-47C4-8910-6936D97CAC2E}) (Version: - Microsoft)

Update for Microsoft OneNote 2010 (KB2837595) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{51CCA922-A0CC-47C4-8910-6936D97CAC2E}) (Version: - Microsoft)

Update for Microsoft OneNote 2010 (KB2837595) 32-Bit Edition (HKLM-x32\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{51CCA922-A0CC-47C4-8910-6936D97CAC2E}) (Version: - Microsoft)

Update for Microsoft Outlook 2010 (KB2687567) 32-Bit Edition (HKLM-x32\...\{90140000-001A-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{DCE104A1-1875-4469-A83D-A5BFA6C4640F}) (Version: - Microsoft)

Update for Microsoft Outlook 2010 (KB2687567) 32-Bit Edition (HKLM-x32\...\{90140000-001A-0409-0000-0000000FF1CE}_Office14.SingleImage_{DCE104A1-1875-4469-A83D-A5BFA6C4640F}) (Version: - Microsoft)

Update for Microsoft Outlook 2010 (KB2687567) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{2AB483F1-C86E-427A-83B4-23889B03512D}) (Version: - Microsoft)

Update for Microsoft Outlook 2010 (KB2687567) 32-Bit Edition (HKLM-x32\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{2AB483F1-C86E-427A-83B4-23889B03512D}) (Version: - Microsoft)

Update for Microsoft PowerPoint 2010 (KB2837579) 32-Bit Edition (HKLM-x32\...\{90140000-0018-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{334AA0A1-2BB1-4D74-B66A-2B2C4D9C2C87}) (Version: - Microsoft)

Update for Microsoft PowerPoint 2010 (KB2837579) 32-Bit Edition (HKLM-x32\...\{90140000-0018-0409-0000-0000000FF1CE}_Office14.SingleImage_{334AA0A1-2BB1-4D74-B66A-2B2C4D9C2C87}) (Version: - Microsoft)

Update for Microsoft PowerPoint 2010 (KB2837579) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{2BA40F82-F3A4-441C-BF1A-ED4C42FF4872}) (Version: - Microsoft)

Update for Microsoft PowerPoint 2010 (KB2837579) 32-Bit Edition (HKLM-x32\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{2BA40F82-F3A4-441C-BF1A-ED4C42FF4872}) (Version: - Microsoft)

Update for Microsoft SharePoint Workspace 2010 (KB2760601) 32-Bit Edition (HKLM-x32\...\{90140000-002A-0000-1000-0000000FF1CE}_Office14.PROPLUSR_{F9F5A080-AF38-4966-9A6B-C43DCA465035}) (Version: - Microsoft)

Update for Microsoft SharePoint Workspace 2010 (KB2760601) 32-Bit Edition (HKLM-x32\...\{90140000-002A-0000-1000-0000000FF1CE}_Office14.SingleImage_{F9F5A080-AF38-4966-9A6B-C43DCA465035}) (Version: - Microsoft)

Update for Microsoft SharePoint Workspace 2010 (KB2760601) 32-Bit Edition (HKLM-x32\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{F9F5A080-AF38-4966-9A6B-C43DCA465035}) (Version: - Microsoft)

Update for Microsoft Visio 2010 (KB2880526) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{7B29D8B8-6A87-496C-A65E-B935E740448A}) (Version: - Microsoft)

Update for Microsoft Visio 2010 (KB2880526) 32-Bit Edition (HKLM-x32\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{7B29D8B8-6A87-496C-A65E-B935E740448A}) (Version: - Microsoft)

Update for Microsoft Visio Viewer 2010 (KB2837587) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{38CF30E4-3348-4BD1-A859-B630C355A56F}) (Version: - Microsoft)

Update for Microsoft Visio Viewer 2010 (KB2837587) 32-Bit Edition (HKLM-x32\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{38CF30E4-3348-4BD1-A859-B630C355A56F}) (Version: - Microsoft)

Update for Microsoft Word 2010 (KB2880529) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{B9B89E01-5B6B-4F73-BC34-B2C0D8ACB4CD}) (Version: - Microsoft)

Update for Microsoft Word 2010 (KB2880529) 32-Bit Edition (HKLM-x32\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{B9B89E01-5B6B-4F73-BC34-B2C0D8ACB4CD}) (Version: - Microsoft)

ViceVersa Pro 2 (Build 2015) (HKLM-x32\...\ViceVersa Pro 2_is1) (Version: 2 - TGRMN Software)

Video Converter Professional 4.0.0.0 (HKLM-x32\...\Video Converter Professional_is1) (Version: - Aviosoft)

Video Server E (HKLM-x32\...\Video Server E) (Version: 1.0.6.6 - )

Visual C++ 8.0 Runtime Setup Package (x64) (HKLM-x32\...\{2FDBBCEA-62DB-45F4-B6E5-0E1FB2A1F29D}) (Version: 9.0.0.623 - AVG Technologies CZ, s.r.o.)

Visual Studio 2010 x64 Redistributables (HKLM\...\{21B133D6-5979-47F0-BE1C-F6A6B304693F}) (Version: 13.0.0.1 - AVG Technologies)

VLC media player 1.1.10 (HKLM-x32\...\VLC media player) (Version: 1.1.10 - VideoLAN)

VMLite Workstation (HKLM\...\{197F2BEF-2705-406E-8CEB-8E404FFFE414}) (Version: 3.2.6 - VMLite)

WebEx (HKLM-x32\...\ActiveTouchMeetingClient) (Version: - Cisco WebEx LLC)

Winamp (HKLM-x32\...\Winamp) (Version: 5.63 - Nullsoft, Inc)

Winamp Detector Plug-in (HKCU\...\Winamp Detect) (Version: 1.0.0.1 - Nullsoft, Inc)

Windows Driver Package - Dynastream Innovations, Inc. ANT LibUSB Drivers (04/11/2012 1.2.40.201) (HKLM\...\F9D2A789F9CFF8CEC36B544F53877C80F1F73C46) (Version: 04/11/2012 1.2.40.201 - Dynastream Innovations, Inc.)

Windows Driver Package - Garmin (grmnusb) GARMIN Devices (04/19/2012 2.3.1.0) (HKLM\...\98157A226B40B173301B0F53C8E98C47805D5152) (Version: 04/19/2012 2.3.1.0 - Garmin)

Windows Driver Package - Silicon Labs Software (DSI_SiUSBXp_3_1) USB (02/06/2007 3.1) (HKLM\...\D1506E0025B5A3F9EB8270FE81C1EEDD9388B8A2) (Version: 02/06/2007 3.1 - Silicon Labs Software)

Windows Live Communications Platform (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden

Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3538.0513 - Microsoft Corporation)

Windows Live Essentials (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden

Windows Live ID Sign-in Assistant (Version: 7.250.4232.0 - Microsoft Corporation) Hidden

Windows Live Installer (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden

Windows Live Language Selector (Version: 15.4.3538.0513 - Microsoft Corporation) Hidden

Windows Live Mesh (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden

Windows Live Mesh ActiveX Control for Remote Connections (HKLM-x32\...\{2902F983-B4C1-44BA-B85D-5C6D52E2C441}) (Version: 15.4.5722.2 - Microsoft Corporation)

Windows Live Movie Maker (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden

Windows Live Photo Common (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden

Windows Live Photo Gallery (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden

Windows Live PIMT Platform (x32 Version: 15.4.3508.1109 - Microsoft Corporation) Hidden

Windows Live Remote Client (Version: 15.4.5722.2 - Microsoft Corporation) Hidden

Windows Live Remote Client Resources (Version: 15.4.5722.2 - Microsoft Corporation) Hidden

Windows Live Remote Service (Version: 15.4.5722.2 - Microsoft Corporation) Hidden

Windows Live Remote Service Resources (Version: 15.4.5722.2 - Microsoft Corporation) Hidden

Windows Live SOXE (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden

Windows Live SOXE Definitions (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden

Windows Live UX Platform (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden

Windows Live UX Platform Language Pack (x32 Version: 15.4.3508.1109 - Microsoft Corporation) Hidden

Windows Media Player Firefox Plugin (HKLM-x32\...\{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}) (Version: 1.0.0.8 - Microsoft Corp)

WinRAR archiver (HKLM-x32\...\WinRAR archiver) (Version: - )

WinX DVD Copy Pro 2.0.0 (HKLM-x32\...\WinX DVD Copy Pro_is1) (Version: - Digiarty Software,Inc.)

World Wind Java Application Template (HKCU\...\World Wind Java Application Template) (Version: - NASA)

XYplorer 10.80 (HKLM-x32\...\XYplorer) (Version: 10.80 - Donald Lessau)

YouTube Downloader Toolbar v6.0 (HKLM-x32\...\{590E3295-A11B-4C9F-9F88-399397EE393D}) (Version: 6.0 - Spigot, Inc.) <==== ATTENTION

YTD Video Downloader 4.8.2 (HKLM-x32\...\{1a413f37-ed88-4fec-9666-5c48dc4b7bb7}) (Version: 4.8.2 - GreenTree Applications SRL)

ZumoCast (HKLM-x32\...\ZumoCast) (Version: - )

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)

CustomCLSID: HKU\S-1-5-21-3557674480-255279013-434056649-1000_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Users\Mark Bierman\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)

CustomCLSID: HKU\S-1-5-21-3557674480-255279013-434056649-1000_Classes\CLSID\{355EC88A-02E2-4547-9DEE-F87426484BD1}\InprocServer32 -> C:\Users\Mark Bierman\AppData\Local\Google\Update\1.3.23.9\psuser_64.dll No File

CustomCLSID: HKU\S-1-5-21-3557674480-255279013-434056649-1000_Classes\CLSID\{6D7AE628-FF41-4CD3-91DD-34825BB1A251}\localserver32 -> C:\Program Files\Autodesk\AutoCAD Architecture 2012\acad.exe (Autodesk, Inc.)

CustomCLSID: HKU\S-1-5-21-3557674480-255279013-434056649-1000_Classes\CLSID\{84B5A313-CD5D-4904-8BA2-AFDC81C1B309}\InprocServer32 -> C:\Users\Mark Bierman\AppData\Local\Citrix\GoToMeeting\1312\G2MOutlookAddin64.dll (Citrix Online, a division of Citrix Systems, Inc.)

CustomCLSID: HKU\S-1-5-21-3557674480-255279013-434056649-1000_Classes\CLSID\{90B3DFBF-AF6A-4EA0-8899-F332194690F8}\InprocServer32 -> C:\Users\Mark Bierman\AppData\Local\Google\Update\1.3.24.15\psuser_64.dll (Google Inc.)

CustomCLSID: HKU\S-1-5-21-3557674480-255279013-434056649-1000_Classes\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}\InprocServer32 -> C:\Users\Mark Bierman\AppData\Local\Microsoft\SkyDrive\17.3.1229.0918\amd64\SkyDriveShell64.dll (Microsoft Corporation)

CustomCLSID: HKU\S-1-5-21-3557674480-255279013-434056649-1000_Classes\CLSID\{AB8902B4-09CA-4bb6-B78D-A8F59079A8D5}\localserver32 -> rundll32.exe javascript:"\..\mshtml,RunHTMLApplication ";eval("epdvnfou/xsjuf)(=tdsjqu!mbohvbhf>ktds (the data entry has 247 more characters). <==== Poweliks?

CustomCLSID: HKU\S-1-5-21-3557674480-255279013-434056649-1000_Classes\CLSID\{B77E471C-FBF3-4CB5-880F-D7528AD4B349}\localserver32 -> C:\Program Files\Autodesk\AutoCAD Architecture 2012\acad.exe (Autodesk, Inc.)

CustomCLSID: HKU\S-1-5-21-3557674480-255279013-434056649-1000_Classes\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524}\InprocServer32 -> C:\Users\Mark Bierman\AppData\Local\Microsoft\SkyDrive\17.3.1229.0918\amd64\SkyDriveShell64.dll (Microsoft Corporation)

CustomCLSID: HKU\S-1-5-21-3557674480-255279013-434056649-1000_Classes\CLSID\{C92FB640-AD4D-498A-9979-A51A2540C977}\localserver32 -> C:\Program Files\Autodesk\AutoCAD Architecture 2012\acad.exe (Autodesk, Inc.)

CustomCLSID: HKU\S-1-5-21-3557674480-255279013-434056649-1000_Classes\CLSID\{CB3D0F55-BC2C-4C1A-85ED-23ED75B5106B}\InprocServer32 -> C:\Users\Mark Bierman\AppData\Local\Microsoft\SkyDrive\17.3.1229.0918\amd64\SkyDriveShell64.dll (Microsoft Corporation)

CustomCLSID: HKU\S-1-5-21-3557674480-255279013-434056649-1000_Classes\CLSID\{D45F043D-F17F-4e8a-8435-70971D9FA46D}\InprocServer32 -> C:\Program Files\Blender Foundation\Blender\BlendThumb64.dll ()

CustomCLSID: HKU\S-1-5-21-3557674480-255279013-434056649-1000_Classes\CLSID\{D70E31AD-2614-49F2-B0FC-ACA781D81F3E}\localserver32 -> C:\Program Files\Autodesk\AutoCAD Architecture 2012\acad.exe (Autodesk, Inc.)

CustomCLSID: HKU\S-1-5-21-3557674480-255279013-434056649-1000_Classes\CLSID\{E2C40589-DE61-11ce-BAE0-0020AF6D7005}\InprocServer32 -> C:\Program Files\Autodesk\AutoCAD Architecture 2012\acadficn.dll (Autodesk, Inc.)

CustomCLSID: HKU\S-1-5-21-3557674480-255279013-434056649-1000_Classes\CLSID\{E8CF3E55-F919-49D9-ABC0-948E6CB34B9F}\InprocServer32 -> C:\Users\Mark Bierman\AppData\Local\Google\Update\1.3.24.15\psuser_64.dll (Google Inc.)

CustomCLSID: HKU\S-1-5-21-3557674480-255279013-434056649-1000_Classes\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A}\InprocServer32 -> C:\Users\Mark Bierman\AppData\Local\Microsoft\SkyDrive\17.3.1229.0918\amd64\SkyDriveShell64.dll (Microsoft Corporation)

CustomCLSID: HKU\S-1-5-21-3557674480-255279013-434056649-1000_Classes\CLSID\{F8071786-1FD0-4A66-81A1-3CBE29274458}\InprocServer32 -> C:\Users\Mark Bierman\AppData\Local\Microsoft\SkyDrive\17.3.1229.0918\amd64\FileSyncApi64.dll (Microsoft Corporation)

CustomCLSID: HKU\S-1-5-21-3557674480-255279013-434056649-1000_Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Mark Bierman\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)

CustomCLSID: HKU\S-1-5-21-3557674480-255279013-434056649-1000_Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Mark Bierman\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)

CustomCLSID: HKU\S-1-5-21-3557674480-255279013-434056649-1000_Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Mark Bierman\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)

CustomCLSID: HKU\S-1-5-21-3557674480-255279013-434056649-1000_Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Mark Bierman\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)

CustomCLSID: HKU\S-1-5-21-3557674480-255279013-434056649-1000_Classes\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Mark Bierman\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)

CustomCLSID: HKU\S-1-5-21-3557674480-255279013-434056649-1000_Classes\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Mark Bierman\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)

CustomCLSID: HKU\S-1-5-21-3557674480-255279013-434056649-1000_Classes\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Mark Bierman\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)

CustomCLSID: HKU\S-1-5-21-3557674480-255279013-434056649-1000_Classes\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Mark Bierman\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)

CustomCLSID: HKU\S-1-5-21-3557674480-255279013-434056649-1000_Classes\CLSID\{FE498BAB-CB4C-4F88-AC3F-3641AAAF5E9E}\InprocServer32 -> C:\Users\Mark Bierman\AppData\Local\Google\Update\1.3.24.7\psuser_64.dll No File

==================== Restore Points =========================

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2011-05-04 16:28 - 2011-02-16 08:16 - 00001211 ____A C:\Windows\system32\Drivers\etc\hosts

127.0.0.1 localhost

127.0.0.1 3dns.adobe.com 3dns-1.adobe.com 3dns-2.adobe.com 3dns-3.adobe.com 3dns-4.adobe.com activate.adobe.com activate-sea.adobe.com activate-sjc0.adobe.com activate.wip.adobe.com

127.0.0.1 activate.wip1.adobe.com activate.wip2.adobe.com activate.wip3.adobe.com activate.wip4.adobe.com adobe-dns.adobe.com adobe-dns-1.adobe.com adobe-dns-2.adobe.com adobe-dns-3.adobe.com adobe-dns-4.adobe.com

127.0.0.1 adobeereg.com practivate.adobe practivate.adobe.com practivate.adobe.newoa practivate.adobe.ntp practivate.adobe.ipp ereg.adobe.com ereg.wip.adobe.com ereg.wip1.adobe.com

127.0.0.1 ereg.wip2.adobe.com ereg.wip3.adobe.com ereg.wip4.adobe.com hl2rcv.adobe.com wip.adobe.com wip1.adobe.com wip2.adobe.com wip3.adobe.com wip4.adobe.com

127.0.0.1 www.adobeereg.com wwis-dubc1-vip60.adobe.com www.wip.adobe.com www.wip1.adobe.com

127.0.0.1 www.wip2.adobe.com www.wip3.adobe.com www.wip4.adobe.com wwis-dubc1-vip60.adobe.com crl.verisign.net CRL.VERISIGN.NET ood.opsource.net

==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

Task: {03E35B7F-CB9F-4E79-9018-A0BAB8EDB66E} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-3557674480-255279013-434056649-1000UA => C:\Users\Mark Bierman\AppData\Local\Google\Update\GoogleUpdate.exe [2011-04-20] (Google Inc.)

Task: {0FDADCC5-40F1-4201-B3FB-C3BE03078A20} - System32\Tasks\Motorola Device Manager Engine => C:\Program Files (x86)\Motorola Mobility\Motorola Device Manager\MotorolaDeviceManagerUpdate.exe [2013-10-31] ()

Task: {15E7FF43-0E7C-489D-A478-1F69E4EFF392} - System32\Tasks\{587280CB-96E0-4E98-84CD-1E5DAD193496} => Z:\Installs\Engineering\0 Structural Analysis\RISA\BCI RISABase v1.02 disk\SETUP.EXE [1997-01-18] (InstallShield Corporation, Inc.)

Task: {178FFA04-FEC8-4863-BF28-FF70A10379C3} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-3557674480-255279013-434056649-1000Core => C:\Users\Mark Bierman\AppData\Local\Google\Update\GoogleUpdate.exe [2011-04-20] (Google Inc.)

Task: {17CF6E89-99E8-4786-91D2-AD641293576F} - System32\Tasks\{27B9FCF9-355B-4D36-A5BA-CC2E4C5227F1} => Z:\Design\Programming\VB\PNLALW.EXE [1998-04-13] ()

Task: {29409901-809B-4A23-A8C0-F8099D85C668} - System32\Tasks\Motorola Device Manager Initial Update => C:\Program Files (x86)\Motorola Mobility\Motorola Device Manager\MotorolaDeviceManagerUpdate.exe [2013-10-31] ()

Task: {308E5DCD-28EA-4381-9A83-472255863D64} - System32\Tasks\GarminUpdaterTask => C:\Program Files (x86)\Garmin\Express Self Updater\ExpressSelfUpdater.exe [2014-08-27] ()

Task: {467A96BC-374B-48F0-834D-40E0B954907F} - System32\Tasks\{2E80DE86-6340-4DD8-94B3-36C37CD8C592} => Z:\Installs\Engineering\0 Structural Analysis\RISA\BCI RISABase v1.02 disk\SETUP.EXE [1997-01-18] (InstallShield Corporation, Inc.)

Task: {52E43D3A-9BA6-465A-92D8-62CE79288CA4} - System32\Tasks\{A55D874C-CFB5-4FE1-9C41-300857FA4831} => Z:\Design\Programming\VB\PNLALW.EXE [1998-04-13] ()

Task: {692D82C0-DD42-49D4-BC27-AE60A6FB5CD6} - System32\Tasks\{A5563D71-7DDE-4317-AC48-27CB5034ED37} => Z:\Design\Programming\VB\PNLALW.EXE [1998-04-13] ()

Task: {7D095A6A-63E7-43B5-87FD-181E7EDFFE2A} - System32\Tasks\{955B1FF3-20FC-471B-9B68-FBF37582BC28} => Z:\Design\Programming\VB\PNLALW.EXE [1998-04-13] ()

Task: {831402B1-3DBF-4D92-A91F-FACEBF497FDA} - System32\Tasks\{03A4EA77-D4A1-419A-B2AD-C9A03C8762EA} => Z:\Design\Programming\VB\PNLALW.EXE [1998-04-13] ()

Task: {92BDCE2A-0CCF-4106-94F8-9441C8B9227F} - System32\Tasks\G2MUpdateTask-S-1-5-21-3557674480-255279013-434056649-1000 => C:\Users\Mark Bierman\AppData\Local\Citrix\GoToMeeting\1767\g2mupdate.exe [2014-09-28] (Citrix Online, a division of Citrix Systems, Inc.)

Task: {9418DA0F-265D-4CCB-8A7C-4C6C9F91C8E0} - System32\Tasks\{3574459E-267C-4063-A1D1-0709DD63FD74} => Z:\Installs\Engineering\0 Structural Analysis\RISA\BCI RISABase v1.02 disk\SETUP.EXE [1997-01-18] (InstallShield Corporation, Inc.)

Task: {9DE55818-FF9C-41AE-BC99-A11F364BA767} - System32\Tasks\Motorola Device Manager Update => C:\Program Files (x86)\Motorola Mobility\Motorola Device Manager\MotorolaDeviceManagerUpdate.exe [2013-10-31] ()

Task: {9FC7B559-AD03-4C9B-9D25-B4F5B4CA7A4B} - System32\Tasks\{783DB4CF-149E-4A7B-8A85-E0E0213990E3} => Z:\Design\Programming\VB\PNLALW.EXE [1998-04-13] ()

Task: {B612C37D-F2A8-478F-87DB-954BE4D2F596} - System32\Tasks\{BA39A901-3331-486F-9EBD-171642AC78B5} => Z:\Design\Programming\VB\PNLALW.EXE [1998-04-13] ()

Task: {BF75C959-A9AB-41C2-AB0E-FF063558216F} - System32\Tasks\Comic Reader => C:\Program Files\Comic Reader\ComicReader.exe [2011-04-22] ()

Task: {DC47D98A-0B52-403A-9F5B-10E2F62CC217} - System32\Tasks\{FCA22189-D581-4F91-824E-682A09F71A99} => C:\VB Programs\PNLALW.EXE

Task: {E192E57C-E362-4B6F-BCBA-4B0A6655B4BE} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-04-21] (Google Inc.)

Task: {E5487555-AC57-49B2-AF03-549E97C44DB1} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-04-21] (Google Inc.)

Task: C:\Windows\Tasks\Comic Reader.job => C:\Program Files\Comic Reader\ComicReader.exe

Task: C:\Windows\Tasks\G2MUpdateTask-S-1-5-21-3557674480-255279013-434056649-1000.job => C:\Users\Mark Bierman\AppData\Local\Citrix\GoToMeeting\1767\g2mupdate.exe

Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3557674480-255279013-434056649-1000Core.job => C:\Users\Mark Bierman\AppData\Local\Google\Update\GoogleUpdate.exe

Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3557674480-255279013-434056649-1000UA.job => C:\Users\Mark Bierman\AppData\Local\Google\Update\GoogleUpdate.exe

==================== Loaded Modules (whitelisted) =============

2013-09-05 01:17 - 2013-09-05 01:17 - 04300456 _____ () C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Cultures\OFFICE.ODF

2010-10-20 15:23 - 2010-10-20 15:23 - 08801632 _____ () C:\Program Files\Microsoft Office\Office14\1033\GrooveIntlResource.dll

2014-09-25 08:16 - 2014-09-25 08:16 - 00081056 _____ () C:\Users\Mark Bierman\AppData\Local\Microsoft\SkyDrive\17.3.1229.0918\LoggingPlatform.DLL

2013-09-05 01:14 - 2013-09-05 01:14 - 04300456 _____ () C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF

2010-10-20 15:45 - 2010-10-20 15:45 - 08801120 _____ () C:\Program Files (x86)\Microsoft Office\Office14\1033\GrooveIntlResource.dll

2014-09-24 20:55 - 2014-09-22 23:07 - 08577864 _____ () C:\Users\Mark Bierman\AppData\Local\Google\Chrome\Application\37.0.2062.124\pdf.dll

2014-09-24 20:55 - 2014-09-22 23:07 - 00331592 _____ () C:\Users\Mark Bierman\AppData\Local\Google\Chrome\Application\37.0.2062.124\ppGoogleNaClPluginChrome.dll

2014-09-24 20:55 - 2014-09-22 23:06 - 01660232 _____ () C:\Users\Mark Bierman\AppData\Local\Google\Chrome\Application\37.0.2062.124\ffmpegsumo.dll

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)

AlternateDataStreams: C:\Windows:AstInfo

AlternateDataStreams: C:\ProgramData\TEMP:0574215C

AlternateDataStreams: C:\Users\Mark Bierman\Desktop\2014-07-04 12.27.43.jpg:com.dropbox.attributes

==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMSwissArmy => ""="Driver"

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMSwissArmy => ""="Driver"

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Option => "OptionValue"="2"

==================== EXE Association (whitelisted) =============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)

==================== MSCONFIG/TASK MANAGER disabled items =========

(Currently there is no automatic fix for this section.)

========================= Accounts: ==========================

Administrator (S-1-5-21-3557674480-255279013-434056649-500 - Administrator - Disabled)

ASPNET (S-1-5-21-3557674480-255279013-434056649-1002 - Limited - Enabled)

Guest (S-1-5-21-3557674480-255279013-434056649-501 - Limited - Enabled)

Mark Bierman (S-1-5-21-3557674480-255279013-434056649-1000 - Administrator - Enabled) => C:\Users\Mark Bierman

UpdatusUser (S-1-5-21-3557674480-255279013-434056649-1006 - Limited - Enabled) => C:\Users\UpdatusUser

==================== Faulty Device Manager Devices =============

Name: Security Processor Loader Driver

Description: Security Processor Loader Driver

Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}

Manufacturer:

Service: spldr

Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)

Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.

Devices stay in this state if they have been prepared for removal.

After you remove the device, this error disappears.Remove the device, and this error should be resolved.

==================== Event log errors: =========================

Application errors:

==================

Error: (10/14/2014 10:29:46 AM) (Source: Application Error) (EventID: 1000) (User: )

Description: Faulting application name: iexplore.exe, version: 11.0.9600.17280, time stamp: 0x4a5bc6b7

Faulting module name: MSHTML.dll, version: 11.0.9600.17280, time stamp: 0x53f27d67

Exception code: 0xc00000fd

Fault offset: 0x000d4795

Faulting process id: 0x1c4c

Faulting application start time: 0xiexplore.exe0

Faulting application path: iexplore.exe1

Faulting module path: iexplore.exe2

Report Id: iexplore.exe3

Error: (10/14/2014 09:54:44 AM) (Source: NSSDK.CprMfpif.1) (EventID: 8226) (User: )

Description: An error occured when saving profile "Mark Bierman-EMAIL" to copier 192.168.0.16. Error:949, Description: (0x82150616)

Error: (10/14/2014 09:54:43 AM) (Source: NSSDK.CprMfpif.1) (EventID: 8226) (User: )

Description: An error occured when saving profile "Mark Bierman-DESKTOP" to copier 192.168.0.16. Error:949, Description: (0x82150616)

Error: (10/14/2014 09:54:36 AM) (Source: NSSDK.MfpifValidator.1) (EventID: 8226) (User: )

Description: IP 192.168.0.10 cannot be reached on the network. (0x8215110b)

Error: (10/14/2014 09:54:36 AM) (Source: NSSDK.MfpifValidator.1) (EventID: 8226) (User: )

Description: Operation timed out when pinging IP 192.168.0.10. (0x82150737)

Error: (10/14/2014 09:36:59 AM) (Source: Application Error) (EventID: 1000) (User: )

Description: Faulting application name: iexplore.exe, version: 11.0.9600.17280, time stamp: 0x4a5bc6b7

Faulting module name: MSHTML.dll, version: 11.0.9600.17280, time stamp: 0x53f27d67

Exception code: 0xc0000005

Fault offset: 0x001032c5

Faulting process id: 0x1d14

Faulting application start time: 0xiexplore.exe0

Faulting application path: iexplore.exe1

Faulting module path: iexplore.exe2

Report Id: iexplore.exe3

Error: (10/02/2014 03:34:38 PM) (Source: NSSDK.CprMfpif.1) (EventID: 8226) (User: )

Description: An error occured when saving profile "Mark Bierman-EMAIL" to copier 192.168.0.16. Error:949, Description: (0x82150616)

Error: (10/02/2014 03:34:38 PM) (Source: NSSDK.CprMfpif.1) (EventID: 8226) (User: )

Description: An error occured when saving profile "Mark Bierman-DESKTOP" to copier 192.168.0.16. Error:949, Description: (0x82150616)

Error: (10/02/2014 03:34:32 PM) (Source: NSSDK.MfpifValidator.1) (EventID: 8226) (User: )

Description: IP 192.168.0.10 cannot be reached on the network. (0x8215110b)

Error: (10/02/2014 03:34:32 PM) (Source: NSSDK.MfpifValidator.1) (EventID: 8226) (User: )

Description: Operation timed out when pinging IP 192.168.0.10. (0x82150737)

System errors:

=============

Error: (10/14/2014 01:08:00 PM) (Source: Service Control Manager) (EventID: 7001) (User: )

Description: The Computer Browser service depends on the Server service which failed to start because of the following error:

%%1068

Error: (10/14/2014 01:08:00 PM) (Source: Service Control Manager) (EventID: 7001) (User: )

Description: The Computer Browser service depends on the Server service which failed to start because of the following error:

%%1068

Error: (10/14/2014 01:08:00 PM) (Source: Service Control Manager) (EventID: 7001) (User: )

Description: The Computer Browser service depends on the Server service which failed to start because of the following error:

%%1068

Error: (10/14/2014 01:07:10 PM) (Source: Service Control Manager) (EventID: 7001) (User: )

Description: The Computer Browser service depends on the Server service which failed to start because of the following error:

%%1068

Error: (10/14/2014 01:07:10 PM) (Source: Service Control Manager) (EventID: 7001) (User: )

Description: The Computer Browser service depends on the Server service which failed to start because of the following error:

%%1068

Error: (10/14/2014 01:07:10 PM) (Source: Service Control Manager) (EventID: 7001) (User: )

Description: The Computer Browser service depends on the Server service which failed to start because of the following error:

%%1068

Error: (10/14/2014 01:05:52 PM) (Source: Service Control Manager) (EventID: 7001) (User: )

Description: The Computer Browser service depends on the Server service which failed to start because of the following error:

%%1068

Error: (10/14/2014 01:05:52 PM) (Source: Service Control Manager) (EventID: 7001) (User: )

Description: The Computer Browser service depends on the Server service which failed to start because of the following error:

%%1068

Error: (10/14/2014 01:05:52 PM) (Source: Service Control Manager) (EventID: 7001) (User: )

Description: The Computer Browser service depends on the Server service which failed to start because of the following error:

%%1068

Error: (10/14/2014 01:05:12 PM) (Source: Service Control Manager) (EventID: 7001) (User: )

Description: The Computer Browser service depends on the Server service which failed to start because of the following error:

%%1068

Microsoft Office Sessions:

=========================

Error: (10/14/2014 10:29:46 AM) (Source: Application Error) (EventID: 1000) (User: )

Description: iexplore.exe11.0.9600.172804a5bc6b7MSHTML.dll11.0.9600.1728053f27d67c00000fd000d47951c4c01cfe7c34eaa842cC:\Program Files\Internet Explorer\iexplore.exeC:\Windows\system32\MSHTML.dlled62b0fb-53b6-11e4-89b3-6c626d9462a1

Error: (10/14/2014 09:54:44 AM) (Source: NSSDK.CprMfpif.1) (EventID: 8226) (User: )

Description: An error occured when saving profile "Mark Bierman-EMAIL" to copier 192.168.0.16. Error:949, Description: (0x82150616)

Error: (10/14/2014 09:54:43 AM) (Source: NSSDK.CprMfpif.1) (EventID: 8226) (User: )

Description: An error occured when saving profile "Mark Bierman-DESKTOP" to copier 192.168.0.16. Error:949, Description: (0x82150616)

Error: (10/14/2014 09:54:36 AM) (Source: NSSDK.MfpifValidator.1) (EventID: 8226) (User: )

Description: IP 192.168.0.10 cannot be reached on the network. (0x8215110b)

Error: (10/14/2014 09:54:36 AM) (Source: NSSDK.MfpifValidator.1) (EventID: 8226) (User: )

Description: Operation timed out when pinging IP 192.168.0.10. (0x82150737)

Error: (10/14/2014 09:36:59 AM) (Source: Application Error) (EventID: 1000) (User: )

Description: iexplore.exe11.0.9600.172804a5bc6b7MSHTML.dll11.0.9600.1728053f27d67c0000005001032c51d1401cfe7bbfffc1fd1C:\Program Files\Internet Explorer\iexplore.exeC:\Windows\system32\MSHTML.dll8d241d1a-53af-11e4-bcd9-6c626d9462a1

Error: (10/02/2014 03:34:38 PM) (Source: NSSDK.CprMfpif.1) (EventID: 8226) (User: )

Description: An error occured when saving profile "Mark Bierman-EMAIL" to copier 192.168.0.16. Error:949, Description: (0x82150616)

Error: (10/02/2014 03:34:38 PM) (Source: NSSDK.CprMfpif.1) (EventID: 8226) (User: )

Description: An error occured when saving profile "Mark Bierman-DESKTOP" to copier 192.168.0.16. Error:949, Description: (0x82150616)

Error: (10/02/2014 03:34:32 PM) (Source: NSSDK.MfpifValidator.1) (EventID: 8226) (User: )

Description: IP 192.168.0.10 cannot be reached on the network. (0x8215110b)

Error: (10/02/2014 03:34:32 PM) (Source: NSSDK.MfpifValidator.1) (EventID: 8226) (User: )

Description: Operation timed out when pinging IP 192.168.0.10. (0x82150737)

Link to post
Share on other sites
kevinf80

kevinf80

Posted
Posted

Thanks for the log, we continue;

 

Download attached fixlist.txt file (end of reply) and save it to the Desktop, or the folder you saved FRST into.

NOTE. It's important that both FRST and fixlist.txt are in the same location or the fix will not work.

 

Run FRST and press the Fix button just once and wait.

The tool will make a log on the Desktop (Fixlog.txt) or the folder it was ran from. Please post it to your reply.

 

Next,

 

Open Malwarebytes Anti-Malware, from the Dashboard please Check for Updates by clicking the Update Now... link

When the update completes select > Settings > Detection and Protection > Enable Scan for rootkit and Under Non Malware Protection set both PUP and PUM to Treat detections as malware.

 

 

Click on the SCAN button and run a Threat Scan with Malwarebytes Anti-Malware by clicking the Scan Now>> button.

 

When the scan is complete, if there have been detections, click Apply Actions to allow MBAM to clean what was detected.

 

 

In most cases, a restart will be required.

 

 

Wait for the prompt to restart the computer to appear, then click on Yes.

 

 

Once completed please click on the History > Application Logs and find your scan log and open it and then click on the "copy to clipboard" button and post back the results on your next reply.

 

Next,

 

Download AdwCleaner by Xplode onto your Desktop.


Double click on Adwcleaner.exe to run the tool.
Click on Scan
Once the scan is done, click on the Clean button.
You will get a prompt asking to close all programs. Click OK.
Click OK again to reboot your computer.
A text file will open after the restart. Please post the content of that logfile in your reply.
You can also find the logfile at C:\AdwCleaner[sn].txt. Where n in the scan reference number

 

Next,

 

thisisujrt.gif Please download Junkware Removal Tool to your desktop.


Shut down your protection software now to avoid potential conflicts. (re-enable when done)
Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
The tool will open and start scanning your system.
Please be patient as this can take a while to complete depending on your system's specifications.
On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
Post the contents of JRT.txt into your next message.

 

Next,

 

Download Microsoft's " Malicious Software Removal Tool" and save direct to the desktop

Ensure to get the correct version for your system....

32 Bit version:

https://www.microsoft.com/downloads/en/confirmation.aspx?FamilyId=AD724AE0-E72D-4F54-9AB3-75B8EB148356&displaylang=en

64 Bit version:

https://www.microsoft.com/downloads/en/confirmation.aspx?FamilyId=585D2BDE-367F-495E-94E7-6349F4EFFC74&displaylang=en'>https://www.microsoft.com/downloads/en/confirmation.aspx?FamilyId=585D2BDE-367F-495E-94E7-6349F4EFFC74&displaylang=en

 

Right click on the Tool, select “Run as Administrator” the tool will expand to the options Window

In the "Scan Type" window, select Full Scan

Perform a scan and  Click Finish when the scan is done.

Retrieve the MSRT log as follows, and post it in your next reply:

 

1) Select the Windows key and R key together to open the "Run" function

2) Type or Copy/Paste the following command to the "Run Line" and Press Enter

notepad c:\windows\debug\mrt.log

 

Let me see those logs, also give an update on any remaining issues or concerns....

 

Kevin..

 

 

 

 

 

 

Fixlist.txt

Link to post
Share on other sites
jr5166

jr5166

Posted
  • Author
Posted

FRST Results Log.

 

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 12-10-2014 02
Ran by Mark Bierman at 2014-10-14 16:36:58 Run:1
Running from C:\Users\Mark Bierman\Downloads
Loaded Profile: Mark Bierman (Available profiles: Mark Bierman & UpdatusUser)
Boot Mode: Normal
==============================================
 
Content of fixlist:
*****************
Start
HKU\S-1-5-21-3557674480-255279013-434056649-1000\...\MountPoints2: {29bc5af4-eec5-11e0-89a0-cbc16c2d6e9f} - H:\setup.exe -a
HKU\S-1-5-21-3557674480-255279013-434056649-1000\...\MountPoints2: {93e2421d-6ea4-11e1-8fcf-6c626d9462a1} - H:\setup.exe -a
HKU\S-1-5-21-3557674480-255279013-434056649-1000\...\MountPoints2: {ca5ece45-8b1c-11e2-ab26-6c626d9462a1} - J:\setup.exe -a
HKU\S-1-5-21-3557674480-255279013-434056649-1000\...\MountPoints2: {cbd9b04e-6402-11e3-9bf5-6c626d9462a1} - J:\VZW_Software_upgrade_assistant.exe
HKU\S-1-5-21-3557674480-255279013-434056649-1000\...\MountPoints2: {d02b9e79-9165-11e2-a049-6c626d9462a1} - J:\setup.exe -a
HKU\S-1-5-21-3557674480-255279013-434056649-1000\...A8F59079A8D5}\localserver32: rundll32.exe javascript:"\..\mshtml,RunHTMLApplication ";eval("epdvnfou/xsjuf)(=tdsjqu!mbohvbhf>ktds (the data entry has 239 more characters). <==== Poweliks!
S3 BTCFilterService; system32\DRIVERS\motfilt.sys [X]
S3 motandroidusb; System32\Drivers\motoandroid.sys [X]
S3 motccgp; system32\DRIVERS\motccgp.sys [X]
S3 motccgpfl; system32\DRIVERS\motccgpfl.sys [X]
S3 motmodem; system32\DRIVERS\motmodem.sys [X]
S3 MotoSwitchService; system32\DRIVERS\motswch.sys [X]
S3 Motousbnet; system32\DRIVERS\Motousbnet.sys [X]
S3 motusbdevice; system32\DRIVERS\motusbdevice.sys [X]
C:\Users\Mark Bierman\AppData\Local\Temp\AcDeltree.exe
C:\Users\Mark Bierman\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpccxgvh.dll
C:\Users\Mark Bierman\AppData\Local\Temp\jna1080205931176783388.dll
C:\Users\Mark Bierman\AppData\Local\Temp\jna1249792603750668018.dll
C:\Users\Mark Bierman\AppData\Local\Temp\jna1259721639438690921.dll
C:\Users\Mark Bierman\AppData\Local\Temp\jna1297529722092955470.dll
C:\Users\Mark Bierman\AppData\Local\Temp\jna1740647102538794772.dll
C:\Users\Mark Bierman\AppData\Local\Temp\jna2461921186286634146.dll
C:\Users\Mark Bierman\AppData\Local\Temp\jna269923285590198953.dll
C:\Users\Mark Bierman\AppData\Local\Temp\jna3359491760433700109.dll
C:\Users\Mark Bierman\AppData\Local\Temp\jna3756795086450956548.dll
C:\Users\Mark Bierman\AppData\Local\Temp\jna3969833766666672244.dll
C:\Users\Mark Bierman\AppData\Local\Temp\jna4019300135418961919.dll
C:\Users\Mark Bierman\AppData\Local\Temp\jna4054994675017910250.dll
C:\Users\Mark Bierman\AppData\Local\Temp\jna4255886258593590725.dll
C:\Users\Mark Bierman\AppData\Local\Temp\jna4378579972035107963.dll
C:\Users\Mark Bierman\AppData\Local\Temp\jna4425774326368448558.dll
C:\Users\Mark Bierman\AppData\Local\Temp\jna4829100287182646844.dll
C:\Users\Mark Bierman\AppData\Local\Temp\jna4890363786551510682.dll
C:\Users\Mark Bierman\AppData\Local\Temp\jna5080389837414715564.dll
C:\Users\Mark Bierman\AppData\Local\Temp\jna5083461503821913625.dll
C:\Users\Mark Bierman\AppData\Local\Temp\jna5463705256633734942.dll
C:\Users\Mark Bierman\AppData\Local\Temp\jna6919915102075872585.dll
C:\Users\Mark Bierman\AppData\Local\Temp\jna7481507728285881198.dll
C:\Users\Mark Bierman\AppData\Local\Temp\jna7790713293959779250.dll
C:\Users\Mark Bierman\AppData\Local\Temp\jna7920475500094732441.dll
C:\Users\Mark Bierman\AppData\Local\Temp\jna801017145488103480.dll
C:\Users\Mark Bierman\AppData\Local\Temp\jna8044259168358829122.dll
C:\Users\Mark Bierman\AppData\Local\Temp\jna8527963885098719802.dll
C:\Users\Mark Bierman\AppData\Local\Temp\jna9217549820688876488.dll
C:\Users\Mark Bierman\AppData\Local\Temp\jre-6u29-windows-i586-iftw-rv.exe
C:\Users\Mark Bierman\AppData\Local\Temp\jre-6u31-windows-i586-iftw-rv.exe
C:\Users\Mark Bierman\AppData\Local\Temp\jre-6u33-windows-i586-iftw.exe
C:\Users\Mark Bierman\AppData\Local\Temp\jre-6u35-windows-i586-iftw.exe
C:\Users\Mark Bierman\AppData\Local\Temp\jre-6u37-windows-i586-iftw.exe
C:\Users\Mark Bierman\AppData\Local\Temp\jre-7u15-windows-i586-iftw.exe
C:\Users\Mark Bierman\AppData\Local\Temp\jre-7u17-windows-i586-iftw.exe
C:\Users\Mark Bierman\AppData\Local\Temp\jre-7u25-windows-i586-iftw.exe
C:\Users\Mark Bierman\AppData\Local\Temp\jre-7u45-windows-i586-iftw.exe
C:\Users\Mark Bierman\AppData\Local\Temp\jre-7u51-windows-i586-iftw.exe
C:\Users\Mark Bierman\AppData\Local\Temp\jre-7u55-windows-i586-iftw.exe
C:\Users\Mark Bierman\AppData\Local\Temp\jre-7u65-windows-i586-iftw.exe
C:\Users\Mark Bierman\AppData\Local\Temp\jre-7u67-windows-i586-iftw.exe
C:\Users\Mark Bierman\AppData\Local\Temp\MotorolaDeviceManager_2.0309.exe
C:\Users\Mark Bierman\AppData\Local\Temp\MotorolaDeviceManager_2.0403.exe
C:\Users\Mark Bierman\AppData\Local\Temp\MotorolaDeviceManager_2.0405.exe
C:\Users\Mark Bierman\AppData\Local\Temp\swt-gdip-win32-3448.dll
C:\Users\Mark Bierman\AppData\Local\Temp\swt-win32-3448.dll
C:\Users\Mark Bierman\AppData\Local\Temp\wmpfirefoxplugin.exe
C:\Users\Mark Bierman\AppData\Local\Temp\_is34C7.exe
C:\Users\Mark Bierman\AppData\Local\Temp\_is3613.exe
C:\Users\Mark Bierman\AppData\Local\Temp\_is73E8..dll
C:\Users\Mark Bierman\AppData\Local\Temp\{2D4B75DE-F78E-4699-A94B-947F2A06AF2B}-chrome_updater.exe
C:\Users\Mark Bierman\AppData\Local\Temp\{2EDC60A5-777A-4868-A913-7585E5B2F448}-34.0.1847.137_34.0.1847.131_chrome_updater.exe
C:\Users\Mark Bierman\AppData\Local\Temp\{367323B9-09A4-48C4-855C-40B7A3404EDD}-29.0.1547.62_29.0.1547.57_chrome_updater.exe
C:\Users\Mark Bierman\AppData\Local\Temp\{4CFE534E-6F39-4963-9373-803AA8B4029A}-31.0.1650.63_31.0.1650.57_chrome_updater.exe
C:\Users\Mark Bierman\AppData\Local\Temp\{989A0381-8184-4CFD-9008-97C7A4EBBA05}-chrome_updater.exe
C:\Users\Mark Bierman\AppData\Local\Temp\{9B83C473-3908-4408-A83B-0188EB48F87E}-chrome_updater.exe
C:\Users\Mark Bierman\AppData\Local\Temp\{C83E1341-3A85-4503-8FC5-7976709A980E}-chrome_updater.exe
C:\Users\Mark Bierman\AppData\Local\Temp\{D5F53B95-211C-420E-9FCE-FBA8A63114F0}-21.0.1180.89_21.0.1180.83_chrome_updater.exe
C:\Users\Mark Bierman\AppData\Local\Temp\{FF1BAE82-028B-4857-AD20-78C8C2C9C5F2}-20.0.1132.47_19.0.1084.56_chrome_updater.exe
Hosts:
AlternateDataStreams: C:\Windows:AstInfo
AlternateDataStreams: C:\ProgramData\TEMP:0574215C
AlternateDataStreams: C:\Users\Mark Bierman\Desktop\2014-07-04 12.27.43.jpg:com.dropbox.attributes
EmptyTemp:
End
 
 
*****************
 
"HKU\S-1-5-21-3557674480-255279013-434056649-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{29bc5af4-eec5-11e0-89a0-cbc16c2d6e9f}" => Key deleted successfully.
"HKCR\CLSID\{29bc5af4-eec5-11e0-89a0-cbc16c2d6e9f}" => Key not found.
"HKU\S-1-5-21-3557674480-255279013-434056649-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{93e2421d-6ea4-11e1-8fcf-6c626d9462a1}" => Key deleted successfully.
"HKCR\CLSID\{93e2421d-6ea4-11e1-8fcf-6c626d9462a1}" => Key not found.
"HKU\S-1-5-21-3557674480-255279013-434056649-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{ca5ece45-8b1c-11e2-ab26-6c626d9462a1}" => Key deleted successfully.
"HKCR\CLSID\{ca5ece45-8b1c-11e2-ab26-6c626d9462a1}" => Key not found.
"HKU\S-1-5-21-3557674480-255279013-434056649-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{cbd9b04e-6402-11e3-9bf5-6c626d9462a1}" => Key deleted successfully.
"HKCR\CLSID\{cbd9b04e-6402-11e3-9bf5-6c626d9462a1}" => Key not found.
"HKU\S-1-5-21-3557674480-255279013-434056649-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{d02b9e79-9165-11e2-a049-6c626d9462a1}" => Key deleted successfully.
"HKCR\CLSID\{d02b9e79-9165-11e2-a049-6c626d9462a1}" => Key not found.
"HKU\S-1-5-21-3557674480-255279013-434056649-1000\Software\Classes\CLSID\{AB8902B4-09CA-4bb6-B78D-A8F59079A8D5}\localserver32" => Key Deleted Successfully.
"HKU\S-1-5-21-3557674480-255279013-434056649-1000\Software\Classes\CLSID\{AB8902B4-09CA-4bb6-B78D-A8F59079A8D5}" => Key deleted successfully.
BTCFilterService => Service deleted successfully.
motandroidusb => Service deleted successfully.
motccgp => Service deleted successfully.
motccgpfl => Service deleted successfully.
motmodem => Service deleted successfully.
MotoSwitchService => Service deleted successfully.
Motousbnet => Service deleted successfully.
motusbdevice => Service deleted successfully.
C:\Users\Mark Bierman\AppData\Local\Temp\AcDeltree.exe => Moved successfully.
"C:\Users\Mark Bierman\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpccxgvh.dll" => File/Directory not found.
C:\Users\Mark Bierman\AppData\Local\Temp\jna1080205931176783388.dll => Moved successfully.
C:\Users\Mark Bierman\AppData\Local\Temp\jna1249792603750668018.dll => Moved successfully.
C:\Users\Mark Bierman\AppData\Local\Temp\jna1259721639438690921.dll => Moved successfully.
C:\Users\Mark Bierman\AppData\Local\Temp\jna1297529722092955470.dll => Moved successfully.
C:\Users\Mark Bierman\AppData\Local\Temp\jna1740647102538794772.dll => Moved successfully.
C:\Users\Mark Bierman\AppData\Local\Temp\jna2461921186286634146.dll => Moved successfully.
C:\Users\Mark Bierman\AppData\Local\Temp\jna269923285590198953.dll => Moved successfully.
C:\Users\Mark Bierman\AppData\Local\Temp\jna3359491760433700109.dll => Moved successfully.
C:\Users\Mark Bierman\AppData\Local\Temp\jna3756795086450956548.dll => Moved successfully.
C:\Users\Mark Bierman\AppData\Local\Temp\jna3969833766666672244.dll => Moved successfully.
C:\Users\Mark Bierman\AppData\Local\Temp\jna4019300135418961919.dll => Moved successfully.
C:\Users\Mark Bierman\AppData\Local\Temp\jna4054994675017910250.dll => Moved successfully.
C:\Users\Mark Bierman\AppData\Local\Temp\jna4255886258593590725.dll => Moved successfully.
C:\Users\Mark Bierman\AppData\Local\Temp\jna4378579972035107963.dll => Moved successfully.
C:\Users\Mark Bierman\AppData\Local\Temp\jna4425774326368448558.dll => Moved successfully.
C:\Users\Mark Bierman\AppData\Local\Temp\jna4829100287182646844.dll => Moved successfully.
C:\Users\Mark Bierman\AppData\Local\Temp\jna4890363786551510682.dll => Moved successfully.
C:\Users\Mark Bierman\AppData\Local\Temp\jna5080389837414715564.dll => Moved successfully.
C:\Users\Mark Bierman\AppData\Local\Temp\jna5083461503821913625.dll => Moved successfully.
C:\Users\Mark Bierman\AppData\Local\Temp\jna5463705256633734942.dll => Moved successfully.
C:\Users\Mark Bierman\AppData\Local\Temp\jna6919915102075872585.dll => Moved successfully.
C:\Users\Mark Bierman\AppData\Local\Temp\jna7481507728285881198.dll => Moved successfully.
C:\Users\Mark Bierman\AppData\Local\Temp\jna7790713293959779250.dll => Moved successfully.
C:\Users\Mark Bierman\AppData\Local\Temp\jna7920475500094732441.dll => Moved successfully.
C:\Users\Mark Bierman\AppData\Local\Temp\jna801017145488103480.dll => Moved successfully.
C:\Users\Mark Bierman\AppData\Local\Temp\jna8044259168358829122.dll => Moved successfully.
C:\Users\Mark Bierman\AppData\Local\Temp\jna8527963885098719802.dll => Moved successfully.
C:\Users\Mark Bierman\AppData\Local\Temp\jna9217549820688876488.dll => Moved successfully.
C:\Users\Mark Bierman\AppData\Local\Temp\jre-6u29-windows-i586-iftw-rv.exe => Moved successfully.
C:\Users\Mark Bierman\AppData\Local\Temp\jre-6u31-windows-i586-iftw-rv.exe => Moved successfully.
C:\Users\Mark Bierman\AppData\Local\Temp\jre-6u33-windows-i586-iftw.exe => Moved successfully.
C:\Users\Mark Bierman\AppData\Local\Temp\jre-6u35-windows-i586-iftw.exe => Moved successfully.
C:\Users\Mark Bierman\AppData\Local\Temp\jre-6u37-windows-i586-iftw.exe => Moved successfully.
C:\Users\Mark Bierman\AppData\Local\Temp\jre-7u15-windows-i586-iftw.exe => Moved successfully.
C:\Users\Mark Bierman\AppData\Local\Temp\jre-7u17-windows-i586-iftw.exe => Moved successfully.
C:\Users\Mark Bierman\AppData\Local\Temp\jre-7u25-windows-i586-iftw.exe => Moved successfully.
C:\Users\Mark Bierman\AppData\Local\Temp\jre-7u45-windows-i586-iftw.exe => Moved successfully.
C:\Users\Mark Bierman\AppData\Local\Temp\jre-7u51-windows-i586-iftw.exe => Moved successfully.
C:\Users\Mark Bierman\AppData\Local\Temp\jre-7u55-windows-i586-iftw.exe => Moved successfully.
C:\Users\Mark Bierman\AppData\Local\Temp\jre-7u65-windows-i586-iftw.exe => Moved successfully.
C:\Users\Mark Bierman\AppData\Local\Temp\jre-7u67-windows-i586-iftw.exe => Moved successfully.
C:\Users\Mark Bierman\AppData\Local\Temp\MotorolaDeviceManager_2.0309.exe => Moved successfully.
C:\Users\Mark Bierman\AppData\Local\Temp\MotorolaDeviceManager_2.0403.exe => Moved successfully.
C:\Users\Mark Bierman\AppData\Local\Temp\MotorolaDeviceManager_2.0405.exe => Moved successfully.
C:\Users\Mark Bierman\AppData\Local\Temp\swt-gdip-win32-3448.dll => Moved successfully.
C:\Users\Mark Bierman\AppData\Local\Temp\swt-win32-3448.dll => Moved successfully.
C:\Users\Mark Bierman\AppData\Local\Temp\wmpfirefoxplugin.exe => Moved successfully.
C:\Users\Mark Bierman\AppData\Local\Temp\_is34C7.exe => Moved successfully.
C:\Users\Mark Bierman\AppData\Local\Temp\_is3613.exe => Moved successfully.
C:\Users\Mark Bierman\AppData\Local\Temp\_is73E8..dll => Moved successfully.
C:\Users\Mark Bierman\AppData\Local\Temp\{2D4B75DE-F78E-4699-A94B-947F2A06AF2B}-chrome_updater.exe => Moved successfully.
C:\Users\Mark Bierman\AppData\Local\Temp\{2EDC60A5-777A-4868-A913-7585E5B2F448}-34.0.1847.137_34.0.1847.131_chrome_updater.exe => Moved successfully.
C:\Users\Mark Bierman\AppData\Local\Temp\{367323B9-09A4-48C4-855C-40B7A3404EDD}-29.0.1547.62_29.0.1547.57_chrome_updater.exe => Moved successfully.
C:\Users\Mark Bierman\AppData\Local\Temp\{4CFE534E-6F39-4963-9373-803AA8B4029A}-31.0.1650.63_31.0.1650.57_chrome_updater.exe => Moved successfully.
C:\Users\Mark Bierman\AppData\Local\Temp\{989A0381-8184-4CFD-9008-97C7A4EBBA05}-chrome_updater.exe => Moved successfully.
C:\Users\Mark Bierman\AppData\Local\Temp\{9B83C473-3908-4408-A83B-0188EB48F87E}-chrome_updater.exe => Moved successfully.
C:\Users\Mark Bierman\AppData\Local\Temp\{C83E1341-3A85-4503-8FC5-7976709A980E}-chrome_updater.exe => Moved successfully.
C:\Users\Mark Bierman\AppData\Local\Temp\{D5F53B95-211C-420E-9FCE-FBA8A63114F0}-21.0.1180.89_21.0.1180.83_chrome_updater.exe => Moved successfully.
C:\Users\Mark Bierman\AppData\Local\Temp\{FF1BAE82-028B-4857-AD20-78C8C2C9C5F2}-20.0.1132.47_19.0.1084.56_chrome_updater.exe => Moved successfully.
C:\Windows\System32\Drivers\etc\hosts => Moved successfully.
Hosts was reset successfully.
C:\Windows => ":AstInfo" ADS removed successfully.
C:\ProgramData\TEMP => ":0574215C" ADS removed successfully.
C:\Users\Mark Bierman\Desktop\2014-07-04 12.27.43.jpg => ":com.dropbox.attributes" ADS removed successfully.
EmptyTemp: => Removed 13.7 GB temporary data.
 
 
The system needed a reboot. 
 
==== End of Fixlog ====
 
 
I am running MBAM now.
Link to post
Share on other sites
jr5166

jr5166

Posted
  • Author
Posted

MBAM Results

 

Malwarebytes Anti-Malware
www.malwarebytes.org
 
Scan Date: 10/14/2014
Scan Time: 5:01:35 PM
Logfile: 
Administrator: Yes
 
Version: 2.00.3.1025
Malware Database: v2014.10.14.12
Rootkit Database: v2014.10.11.01
License: Premium
Malware Protection: Enabled
Malicious Website Protection: Enabled
Self-protection: Disabled
 
OS: Windows 7 Service Pack 1
CPU: x64
File System: NTFS
User: Mark Bierman
 
Scan Type: Threat Scan
Result: Completed
Objects Scanned: 418398
Time Elapsed: 44 min, 28 sec
 
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Enabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled
 
Processes: 0
(No malicious items detected)
 
Modules: 0
(No malicious items detected)
 
Registry Keys: 0
(No malicious items detected)
 
Registry Values: 0
(No malicious items detected)
 
Registry Data: 0
(No malicious items detected)
 
Folders: 0
(No malicious items detected)
 
Files: 0
(No malicious items detected)
 
Physical Sectors: 0
(No malicious items detected)
 
 
(end)
Link to post
Share on other sites
jr5166

jr5166

Posted
  • Author
Posted

ADW Cleaner Log

 

# AdwCleaner v4.000 - Report created 14/10/2014 at 20:58:39
# DB v2014-10-14.6
# Updated 12/10/2014 by Xplode
# Operating System : Windows 7 Home Premium Service Pack 1 (64 bits)
# Username : Mark Bierman - MGBTEMP-PC
# Running from : C:\Users\Mark Bierman\Downloads\AdwCleaner.exe
# Option : Clean
 
***** [ Services ] *****
 
 
***** [ Files / Folders ] *****
 
Folder Deleted : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Online
Folder Deleted : C:\Users\Mark Bierman\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Online
Folder Deleted : C:\Users\Mark Bierman\Documents\Updater
 
***** [ Scheduled Tasks ] *****
 
 
***** [ Shortcuts ] *****
 
 
***** [ Registry ] *****
 
Key Deleted : HKLM\SOFTWARE\Classes\protector_dll.protectorbho
Key Deleted : HKLM\SOFTWARE\Classes\protector_dll.protectorbho.1
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\SearchSettings_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\SearchSettings_RASMANCS
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{79FB5FC8-44B9-4AF5-BADD-CCE547F953E5}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}
Key Deleted : HKCU\Software\YahooPartnerToolbar
Key Deleted : HKLM\SOFTWARE\PIP
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\00E944CB89111313EAF35A0553F547F9
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\30C16B15B255BD349A1157B8A83E2AF9
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\53F55AF3F4049ED3FA6EA6F88E414E24
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\68E4BF4B11615E03C97732FD581AB607
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\8CE3DDAB2D152683FBCEB4866BCD2B0F
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\AF6CE16AFEA5C9A39B766468A8B35C21
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\ED1CAE30F47D14B41B5FC8FA53658044
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\FB1E44269B58F433A8C8E671E37CFDCF
 
***** [ Browsers ] *****
 
-\\ Internet Explorer v11.0.9600.17280
 
 
-\\ Mozilla Firefox v21.0 (en-US)
 
 
-\\ Google Chrome v
 
Deleted [search Provider] : hxxp://search.aol.com/aol/search?q={searchTerms}
 
*************************
 
AdwCleaner[R0].txt - [3317 octets] - [14/10/2014 13:14:32]
AdwCleaner[R1].txt - [3313 octets] - [14/10/2014 20:51:19]
AdwCleaner[s0].txt - [3260 octets] - [14/10/2014 20:58:39]
 
########## EOF - C:\AdwCleaner\AdwCleaner[s0].txt - [3320 octets] ##########
 
 
JRT
 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.3.3 (10.14.2014:1)
OS: Windows 7 Home Premium x64
Ran by Mark Bierman on Tue 10/14/2014 at 21:00:01.49
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 
 
 
 
~~~ Services
 
 
 
~~~ Registry Values
 
 
 
~~~ Registry Keys
 
 
 
~~~ Files
 
 
 
~~~ Folders
 
 
 
~~~ Event Viewer Logs were cleared
 
 
 
 
 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Tue 10/14/2014 at 21:04:56.22
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 
 
 
Link to post
Share on other sites
jr5166

jr5166

Posted
  • Author
Posted
 

---------------------------------------------------------------------------------------

 

Microsoft Windows Malicious Software Removal Tool v3.17, March 2011

Started On Wed Apr 20 00:19:58 2011

 

Results Summary:

----------------

No infection found.

Microsoft Windows Malicious Software Removal Tool Finished On Wed Apr 20 00:20:29 2011

 

 

Return code: 0 (0x0)

 

---------------------------------------------------------------------------------------

 

Microsoft Windows Malicious Software Removal Tool v3.18, April 2011

Started On Wed Apr 20 00:46:30 2011

 

Results Summary:

----------------

No infection found.

Microsoft Windows Malicious Software Removal Tool Finished On Wed Apr 20 00:46:55 2011

 

 

Return code: 0 (0x0)

 

---------------------------------------------------------------------------------------

 

Microsoft Windows Malicious Software Removal Tool v3.18, April 2011

Started On Thu Apr 28 03:00:36 2011

 

Results Summary:

----------------

No infection found.

Microsoft Windows Malicious Software Removal Tool Finished On Thu Apr 28 03:02:14 2011

 

 

Return code: 0 (0x0)

 

---------------------------------------------------------------------------------------

 

Microsoft Windows Malicious Software Removal Tool v3.19, May 2011

Started On Thu May 12 03:00:45 2011

 

Results Summary:

----------------

No infection found.

Microsoft Windows Malicious Software Removal Tool Finished On Thu May 12 03:02:02 2011

 

 

Return code: 0 (0x0)

 

---------------------------------------------------------------------------------------

 

Microsoft Windows Malicious Software Removal Tool v3.20, June 2011

Started On Thu Jun 16 03:05:24 2011

 

Results Summary:

----------------

No infection found.

Microsoft Windows Malicious Software Removal Tool Finished On Thu Jun 16 03:06:31 2011

 

 

Return code: 0 (0x0)

 

---------------------------------------------------------------------------------------

 

Microsoft Windows Malicious Software Removal Tool v3.21, July 2011

Started On Mon Jul 18 08:10:40 2011

->Scan ERROR: resource process://pid:2244 (code 0x00000005 (5))

->Scan ERROR: resource process://pid:7080 (code 0x00000490 (1168))

 

Results Summary:

----------------

No infection found.

Microsoft Windows Malicious Software Removal Tool Finished On Mon Jul 18 08:12:21 2011

 

 

Return code: 0 (0x0)

 

---------------------------------------------------------------------------------------

 

Microsoft Windows Malicious Software Removal Tool v3.22, August 2011

Started On Tue Aug 16 09:57:04 2011

->Scan ERROR: resource process://pid:5156 (code 0x00000490 (1168))

 

Results Summary:

----------------

No infection found.

Microsoft Windows Malicious Software Removal Tool Finished On Tue Aug 16 09:58:26 2011

 

 

Return code: 0 (0x0)

 

---------------------------------------------------------------------------------------

 

Microsoft Windows Malicious Software Removal Tool v4.0, September 2011

Started On Wed Sep 14 16:51:27 2011

 

Results Summary:

----------------

No infection found.

Microsoft Windows Malicious Software Removal Tool Finished On Wed Sep 14 16:53:52 2011

 

 

Return code: 0 (0x0)

 

---------------------------------------------------------------------------------------

 

Microsoft Windows Malicious Software Removal Tool v4.0, September 2011

Started On Thu Sep 29 08:14:16 2011

->Scan ERROR: resource process://pid:8104 (code 0x00000005 (5))

 

Results Summary:

----------------

No infection found.

Microsoft Windows Malicious Software Removal Tool Finished On Thu Sep 29 08:15:53 2011

 

 

Return code: 0 (0x0)

 

---------------------------------------------------------------------------------------

 

Microsoft Windows Malicious Software Removal Tool v4.1, October 2011

Started On Thu Oct 13 08:28:48 2011

->Scan ERROR: resource process://pid:5364 (code 0x00000490 (1168))

->Scan ERROR: resource process://pid:4228 (code 0x00000005 (5))

->Scan ERROR: resource process://pid:6876 (code 0x00000490 (1168))

 

Results Summary:

----------------

No infection found.

Microsoft Windows Malicious Software Removal Tool Finished On Thu Oct 13 08:30:33 2011

 

 

Return code: 0 (0x0)

 

---------------------------------------------------------------------------------------

 

Microsoft Windows Malicious Software Removal Tool v4.2, November 2011

Started On Mon Nov 28 08:32:58 2011

->Scan ERROR: resource process://pid:7316 (code 0x00000005 (5))

 

Results Summary:

----------------

No infection found.

Microsoft Windows Malicious Software Removal Tool Finished On Mon Nov 28 08:34:56 2011

 

 

Return code: 0 (0x0)

 

---------------------------------------------------------------------------------------

 

Microsoft Windows Malicious Software Removal Tool v4.3, December 2011

Started On Wed Dec 14 20:43:34 2011

->Scan ERROR: resource process://pid:9052 (code 0x00000005 (5))

 

Results Summary:

----------------

No infection found.

Microsoft Windows Malicious Software Removal Tool Finished On Wed Dec 14 20:45:49 2011

 

 

Return code: 0 (0x0)

 

---------------------------------------------------------------------------------------

 

Microsoft Windows Malicious Software Removal Tool v4.4, January 2012

Started On Wed Jan 25 10:40:19 2012

 

Results Summary:

----------------

No infection found.

Microsoft Windows Malicious Software Removal Tool Finished On Wed Jan 25 10:41:55 2012

 

 

Return code: 0 (0x0)

 

---------------------------------------------------------------------------------------

 

Microsoft Windows Malicious Software Removal Tool v4.5, February 2012

Started On Fri Feb 17 13:00:45 2012

->Scan ERROR: resource process://pid:7004 (code 0x00000005 (5))

 

Results Summary:

----------------

No infection found.

Microsoft Windows Malicious Software Removal Tool Finished On Fri Feb 17 13:02:28 2012

 

 

Return code: 0 (0x0)

 

---------------------------------------------------------------------------------------

 

Microsoft Windows Malicious Software Removal Tool v4.6, March 2012

Started On Thu Mar 15 08:22:50 2012

->Scan ERROR: resource process://pid:6452 (code 0x00000005 (5))

 

Results Summary:

----------------

No infection found.

Microsoft Windows Malicious Software Removal Tool Finished On Thu Mar 15 08:25:26 2012

 

 

Return code: 0 (0x0)

 

---------------------------------------------------------------------------------------

 

Microsoft Windows Malicious Software Removal Tool v4.7, April 2012

Started On Thu Apr 12 08:33:31 2012

->Scan ERROR: resource process://pid:3104 (code 0x00000005 (5))

 

Results Summary:

----------------

No infection found.

Microsoft Windows Malicious Software Removal Tool Finished On Thu Apr 12 08:35:26 2012

 

 

Return code: 0 (0x0)

 

---------------------------------------------------------------------------------------

 

Microsoft Windows Malicious Software Removal Tool v4.8, May 2012

Started On Thu May 10 08:16:39 2012

->Scan ERROR: resource process://pid:5544 (code 0x00000005 (5))

->Scan ERROR: resource process://pid:7376 (code 0x00000490 (1168))

 

Results Summary:

----------------

No infection found.

Microsoft Windows Malicious Software Removal Tool Finished On Thu May 10 08:18:42 2012

 

 

Return code: 0 (0x0)

 

---------------------------------------------------------------------------------------

 

Microsoft Windows Malicious Software Removal Tool v4.9, June 2012

Started On Mon Jun 25 14:53:45 2012

->Scan ERROR: resource process://pid:4968 (code 0x00000005 (5))

 

Results Summary:

----------------

No infection found.

Microsoft Windows Malicious Software Removal Tool Finished On Mon Jun 25 14:56:19 2012

 

 

Return code: 0 (0x0)

 

---------------------------------------------------------------------------------------

 

Microsoft Windows Malicious Software Removal Tool v4.10, July 2012

Started On Thu Jul 12 12:30:12 2012

->Scan ERROR: resource process://pid:1352 (code 0x00000005 (5))

->Scan ERROR: resource process://pid:2780 (code 0x00000490 (1168))

->Scan ERROR: resource process://pid:3388 (code 0x00000490 (1168))

->Scan ERROR: resource process://pid:3920 (code 0x00000490 (1168))

->Scan ERROR: resource process://pid:6512 (code 0x00000490 (1168))

->Scan ERROR: resource process://pid:2112 (code 0x00000490 (1168))

->Scan ERROR: resource process://pid:7760 (code 0x00000490 (1168))

 

Results Summary:

----------------

No infection found.

Microsoft Windows Malicious Software Removal Tool Finished On Thu Jul 12 12:33:29 2012

 

 

Return code: 0 (0x0)

 

---------------------------------------------------------------------------------------

 

Microsoft Windows Malicious Software Removal Tool v4.11, August 2012

Started On Thu Aug 16 08:06:43 2012

->Scan ERROR: resource process://pid:7704 (code 0x00000005 (5))

->Scan ERROR: resource process://pid:1256 (code 0x00000490 (1168))

->Scan ERROR: resource process://pid:824 (code 0x00000490 (1168))

 

Results Summary:

----------------

No infection found.

Microsoft Windows Malicious Software Removal Tool Finished On Thu Aug 16 08:09:13 2012

 

 

Return code: 0 (0x0)

 

---------------------------------------------------------------------------------------

 

Microsoft Windows Malicious Software Removal Tool v4.12, September 2012

Started On Fri Sep 14 13:19:51 2012

->Scan ERROR: resource process://pid:7864 (code 0x00000490 (1168))

->Scan ERROR: resource process://pid:3296 (code 0x00000005 (5))

 

Results Summary:

----------------

No infection found.

Microsoft Windows Malicious Software Removal Tool Finished On Fri Sep 14 13:22:38 2012

 

 

Return code: 0 (0x0)

 

---------------------------------------------------------------------------------------

 

Microsoft Windows Malicious Software Removal Tool v4.13, October 2012

Started On Tue Oct 09 15:30:12 2012

->Scan ERROR: resource process://pid:19112 (code 0x00000005 (5))

 

Results Summary:

----------------

No infection found.

Microsoft Windows Malicious Software Removal Tool Finished On Tue Oct 09 15:33:05 2012

 

 

Return code: 0 (0x0)

 

---------------------------------------------------------------------------------------

 

Microsoft Windows Malicious Software Removal Tool v4.14, November 2012

Started On Mon Nov 19 08:08:42 2012

->Scan ERROR: resource process://pid:28292 (code 0x00000005 (5))

->Scan ERROR: resource process://pid:13164 (code 0x00000490 (1168))

 

Results Summary:

----------------

No infection found.

Microsoft Windows Malicious Software Removal Tool Finished On Mon Nov 19 08:11:05 2012

 

 

Return code: 0 (0x0)

 

---------------------------------------------------------------------------------------

 

Microsoft Windows Malicious Software Removal Tool v4.15, December 2012

Started On Fri Dec 14 10:04:51 2012

->Scan ERROR: resource process://pid:5836 (code 0x00000005 (5))

 

Results Summary:

----------------

No infection found.

Microsoft Windows Malicious Software Removal Tool Finished On Fri Dec 14 10:07:34 2012

 

 

Return code: 0 (0x0)

 

---------------------------------------------------------------------------------------

 

Microsoft Windows Malicious Software Removal Tool v4.16, January 2013

Started On Wed Jan 09 08:55:21 2013

->Scan ERROR: resource process://pid:14264 (code 0x00000005 (5))

->Scan ERROR: resource process://pid:14776 (code 0x0000012B (299))

 

Results Summary:

----------------

No infection found.

Microsoft Windows Malicious Software Removal Tool Finished On Wed Jan 09 08:57:48 2013

 

 

Return code: 0 (0x0)

 

---------------------------------------------------------------------------------------

 

Microsoft Windows Malicious Software Removal Tool v4.17, February 2013

Started On Wed Feb 13 08:47:12 2013

->Scan ERROR: resource process://pid:9648 (code 0x00000005 (5))

->Scan ERROR: resource process://pid:18444 (code 0x00000490 (1168))

->Scan ERROR: resource process://pid:14256 (code 0x00000490 (1168))

->Scan ERROR: resource process://pid:16832 (code 0x00000490 (1168))

->Scan ERROR: resource process://pid:10628 (code 0x00000490 (1168))

->Scan ERROR: resource process://pid:8124 (code 0x00000490 (1168))

->Scan ERROR: resource process://pid:2516 (code 0x00000490 (1168))

->Scan ERROR: resource process://pid:18708 (code 0x00000490 (1168))

 

Results Summary:

----------------

No infection found.

Microsoft Windows Malicious Software Removal Tool Finished On Wed Feb 13 08:51:28 2013

 

 

Return code: 0 (0x0)

 

---------------------------------------------------------------------------------------

 

Microsoft Windows Malicious Software Removal Tool v4.18, March 2013

Started On Fri Mar 15 15:28:26 2013

->Scan ERROR: resource process://pid:11320 (code 0x00000005 (5))

 

Results Summary:

----------------

No infection found.

Microsoft Windows Malicious Software Removal Tool Finished On Fri Mar 15 15:30:48 2013

 

 

Return code: 0 (0x0)

 

---------------------------------------------------------------------------------------

 

Microsoft Windows Malicious Software Removal Tool v4.19, April 2013

Started On Fri Apr 12 09:26:42 2013

->Scan ERROR: resource process://pid:49840 (code 0x00000005 (5))

 

Results Summary:

----------------

No infection found.

Microsoft Windows Malicious Software Removal Tool Finished On Fri Apr 12 09:35:01 2013

 

 

Return code: 0 (0x0)

 

---------------------------------------------------------------------------------------

 

Microsoft Windows Malicious Software Removal Tool v4.20, May 2013

Started On Thu May 23 09:13:40 2013

->Scan ERROR: resource process://pid:9088 (code 0x00000490 (1168))

->Scan ERROR: resource process://pid:10300 (code 0x00000005 (5))

 

Results Summary:

----------------

No infection found.

Microsoft Windows Malicious Software Removal Tool Finished On Thu May 23 09:17:22 2013

 

 

Return code: 0 (0x0)

 

---------------------------------------------------------------------------------------

 

Microsoft Windows Malicious Software Removal Tool v4.21, June 2013

Started On Fri Jun 14 08:43:30 2013

->Scan ERROR: resource process://pid:12992 (code 0x00000005 (5))

 

Results Summary:

----------------

No infection found.

Microsoft Windows Malicious Software Removal Tool Finished On Fri Jun 14 08:47:13 2013

 

 

Return code: 0 (0x0)

 

---------------------------------------------------------------------------------------

 

Microsoft Windows Malicious Software Removal Tool v4.22, July 2013

Started On Thu Jul 11 08:38:51 2013

->Scan ERROR: resource process://pid:8960 (code 0x0000012B (299))

->Scan ERROR: resource process://pid:9488 (code 0x00000005 (5))

->Scan ERROR: resource process://pid:12128 (code 0x00000490 (1168))

->Scan ERROR: resource process://pid:10736 (code 0x00000490 (1168))

->Scan ERROR: resource process://pid:8592 (code 0x00000490 (1168))

->Scan ERROR: resource process://pid:11852 (code 0x00000490 (1168))

->Scan ERROR: resource process://pid:12116 (code 0x00000490 (1168))

 

Results Summary:

----------------

No infection found.

Microsoft Windows Malicious Software Removal Tool Finished On Thu Jul 11 08:42:38 2013

 

 

Return code: 0 (0x0)

 

---------------------------------------------------------------------------------------

Microsoft Windows Malicious Software Removal Tool v5.2, July 2013 (build 5.2.9201.0)

Started On Mon Aug 12 08:40:16 2013

 

 

Results Summary:

----------------

No infection found.

Microsoft Windows Malicious Software Removal Tool Finished On Mon Aug 12 08:42:40 2013

 

 

Return code: 0 (0x0)

 

---------------------------------------------------------------------------------------

Microsoft Windows Malicious Software Removal Tool v5.3, August 2013 (build 5.3.9301.0)

Started On Fri Aug 23 13:36:40 2013

 

 

Results Summary:

----------------

No infection found.

Microsoft Windows Malicious Software Removal Tool Finished On Fri Aug 23 13:42:18 2013

 

 

Return code: 0 (0x0)

 

---------------------------------------------------------------------------------------

Microsoft Windows Malicious Software Removal Tool v5.4, September 2013 (build 5.4.9400.0)

Started On Wed Sep 11 10:51:19 2013

 

Engine: 1.1.9800.0

Signatures: 1.157.932.0

 

Results Summary:

----------------

No infection found.

Microsoft Windows Malicious Software Removal Tool Finished On Wed Sep 11 10:55:19 2013

 

 

Return code: 0 (0x0)

 

---------------------------------------------------------------------------------------

Microsoft Windows Malicious Software Removal Tool v5.5, October 2013 (build 5.5.9502.0)

Started On Wed Oct 16 13:25:17 2013

 

Engine: 1.1.9901.0

Signatures: 1.159.530.0

 

Results Summary:

----------------

No infection found.

Microsoft Windows Malicious Software Removal Tool Finished On Wed Oct 16 13:27:33 2013

 

 

Return code: 0 (0x0)

 

---------------------------------------------------------------------------------------

Microsoft Windows Malicious Software Removal Tool v5.6, November 2013 (build 5.6.9603.0)

Started On Wed Nov 13 13:16:01 2013

 

Engine: 1.1.10003.0

Signatures: 1.161.1618.0

 

Results Summary:

----------------

No infection found.

Microsoft Windows Malicious Software Removal Tool Finished On Wed Nov 13 13:19:51 2013

 

 

Return code: 0 (0x0)

 

---------------------------------------------------------------------------------------

Microsoft Windows Malicious Software Removal Tool v5.7, December 2013 (build 5.7.9701.0)

Started On Tue Dec 17 15:36:19 2013

 

Engine: 1.1.10100.0

Signatures: 1.163.1013.0

 

Results Summary:

----------------

No infection found.

Microsoft Windows Malicious Software Removal Tool Finished On Tue Dec 17 15:39:29 2013

 

 

Return code: 0 (0x0)

 

---------------------------------------------------------------------------------------

Microsoft Windows Malicious Software Removal Tool v5.8, January 2014 (build 5.8.9803.0)

Started On Wed Jan 15 08:14:22 2014

 

Engine: 1.1.10201.0

Signatures: 1.165.1273.0

 

Results Summary:

----------------

No infection found.

Microsoft Windows Malicious Software Removal Tool Finished On Wed Jan 15 08:16:52 2014

 

 

Return code: 0 (0x0)

 

---------------------------------------------------------------------------------------

Microsoft Windows Malicious Software Removal Tool v5.9, February 2014 (build 5.9.9902.0)

Started On Mon Feb 17 08:20:58 2014

 

Engine: 1.1.10201.0

Signatures: 1.165.3163.0

 

Results Summary:

----------------

No infection found.

Microsoft Windows Malicious Software Removal Tool Finished On Mon Feb 17 08:24:22 2014

 

 

Return code: 0 (0x0)

 

---------------------------------------------------------------------------------------

Microsoft Windows Malicious Software Removal Tool v5.10, March 2014 (build 5.10.10001.0)

Started On Mon Mar 17 08:36:53 2014

 

Engine: 1.1.10302.0

Signatures: 1.167.1001.0

 

Results Summary:

----------------

No infection found.

Microsoft Windows Malicious Software Removal Tool Finished On Mon Mar 17 08:40:47 2014

 

 

Return code: 0 (0x0)

 

---------------------------------------------------------------------------------------

Microsoft Windows Malicious Software Removal Tool v5.11, April 2014 (build 5.11.10100.0)

Started On Mon Apr 14 08:08:12 2014

 

Engine: 1.1.10401.0

Signatures: 1.169.1258.0

 

Results Summary:

----------------

No infection found.

Microsoft Windows Malicious Software Removal Tool Finished On Mon Apr 14 08:11:12 2014

 

 

Return code: 0 (0x0)

 

---------------------------------------------------------------------------------------

Microsoft Windows Malicious Software Removal Tool v5.12, May 2014 (build 5.12.10200.0)

Started On Thu May 15 08:33:12 2014

 

Engine: 1.1.10502.0

Signatures: 1.173.1305.0

 

Results Summary:

----------------

No infection found.

Microsoft Windows Malicious Software Removal Tool Finished On Thu May 15 08:38:55 2014

 

 

Return code: 0 (0x0)

 

---------------------------------------------------------------------------------------

Microsoft Windows Malicious Software Removal Tool v5.13, June 2014 (build 5.13.10300.0)

Started On Wed Jun 18 18:10:10 2014

 

Engine: 1.1.10600.0

Signatures: 1.175.1113.0

 

Results Summary:

----------------

No infection found.

Microsoft Windows Malicious Software Removal Tool Finished On Wed Jun 18 18:17:54 2014

 

 

Return code: 0 (0x0)

 

---------------------------------------------------------------------------------------

Microsoft Windows Malicious Software Removal Tool v5.14, July 2014 (build 5.14.10402.0)

Started On Wed Jul 09 08:13:56 2014

 

Engine: 1.1.10701.0

Signatures: 1.177.949.0

 

Results Summary:

----------------

No infection found.

Microsoft Windows Malicious Software Removal Tool Finished On Wed Jul 09 08:19:34 2014

 

 

Return code: 0 (0x0)

 

---------------------------------------------------------------------------------------

Microsoft Windows Malicious Software Removal Tool v5.15, August 2014 (build 5.15.10500.0)

Started On Fri Aug 15 08:10:27 2014

 

Engine: 1.1.10802.0

Signatures: 1.179.1796.0

 

Results Summary:

----------------

No infection found.

Microsoft Windows Malicious Software Removal Tool Finished On Fri Aug 15 08:14:26 2014

 

 

Return code: 0 (0x0)

 

---------------------------------------------------------------------------------------

Microsoft Windows Malicious Software Removal Tool v5.16, September 2014 (build 5.16.10602.0)

Started On Mon Sep 22 10:25:07 2014

 

Engine: 1.1.10904.0

Signatures: 1.183.882.0

 

Results Summary:

----------------

No infection found.

Microsoft Windows Malicious Software Removal Tool Finished On Mon Sep 22 10:33:56 2014

 

 

Return code: 0 (0x0)

 

---------------------------------------------------------------------------------------

Microsoft Windows Malicious Software Removal Tool v5.17, October 2014 (build 5.17.10700.0)

Started On Tue Oct 14 21:09:52 2014

 

Engine: 1.1.11005.0

Signatures: 1.185.2035.0

 

Results Summary:

----------------

No infection found.

Microsoft Windows Malicious Software Removal Tool Finished On Wed Oct 15 07:19:45 2014

 

 

Return code: 0 (0x0)

 

 

Seems like the filelist.txt and FRST got it.

 

Thank you for helping us.

Link to post
Share on other sites
kevinf80

kevinf80

Posted
Posted

Thanks for the logs/update, if no remaining issues or concerns run the following to clean up....

 

Download "Delfix by Xplode" and save it to your desktop.

 

Or use the following if first link is down:

 

"Delfix link mirror"

 

Double Click to start the program. If you are using Vista or higher, please right-click and choose run as administrator

 

Make Sure the following items are checked:

 


    Activate UAC
    Remove disinfection tools
     Create registry backup
    Purge System Restore
    Reset system settings

 

Now click on "Run" and wait patiently until the tool has completed.

 

The tool will create a log when it has completed. We don't need you to post this.

 

Part of the routine will be to create a registry back up with ERUNT,  the back up will be created here:

 

C:\Windows\ERUNT

 

When all is known to be well with your system you can delete that back up folder if you consider it as not needed...

Any remnant files/logs from tools we have used can be deleted…

 

Next,

 

Read the following link to fully understand PC security and best practices, you may find it useful....

 

http://www.bleepingcomputer.com/forums/t/407147/answers-to-common-security-questions-best-practices/#entry2316629

 

Let me know if its ok to close out....

 

Thanks,

 

Kevin...

Link to post
Share on other sites
Guest
This topic is now closed to further replies.
 Share
Go to topic listing

  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.