1. Computer problem? Tech Support Guy is completely free -- paid for by advertisers and donations. Click here to join today! If you're new to Tech Support Guy, we highly recommend that you visit our Guide for New Members.

Fake Google Chrome processes taxing computer

Discussion in 'Virus & Other Malware Removal' started by Aidan884, Jan 9, 2015.

Thread Status:
Not open for further replies.
Advertisement
  1. Aidan884

    Aidan884 Thread Starter

    Joined:
    Jan 9, 2015
    Messages:
    9
    I have seen this Trojan on this forum before, but I need to get it off unique to my computer so I don't accidentally kill my computer.


    A fake Google Chrome application called "ckfgiex.exe" is running multiple processes and lagging my computer like crazy. It is located in my LocalLow data folder (at seemingly random folder choices in LocalLow since it plants itself into a different folder for each different user). Thankfully it doesn't run in Safe Mode. How do I get this thing off of my computer?


    Thanks,
    Aidan
     
  2. dvk01

    dvk01 Moderator Malware Specialist

    Joined:
    Dec 14, 2002
    Messages:
    56,283
    First Name:
    Derek
    Download to Desktop: DDS by sUBs from one of the below locations

    http://download.bleepingcomputer.com/sUBs/dds.com
    http://download.bleepingcomputer.com/sUBs/dds.exe

    double click DDS to run it
    Make sure there is a check mark in DDS txt
    place a check mark in the attach.txt box and then press start

    Do not select any other options unless specifically told to

    When complete, DDS.txt will openand attach.txt will be minimized on your taskbar, click on it to open it

    Save both reports to your desktop.
    DDS.txt
    Attach.txt

    post the contents of both logs back here.
     
  3. Aidan884

    Aidan884 Thread Starter

    Joined:
    Jan 9, 2015
    Messages:
    9
    Here is a zip file with both logs inside!


    Thanks,
    Aidan
     

    Attached Files:

  4. dvk01

    dvk01 Moderator Malware Specialist

    Joined:
    Dec 14, 2002
    Messages:
    56,283
    First Name:
    Derek
    OK I can see the problem from those logs
    This might fix it on the first run , but it is likely that we will have to use a special script on the next run to dela with it all

    Delete any existing version of ComboFix you might already have sitting on your desktop or in downloads folder
    Please read and follow all these instructions very carefully
    Do not edit or remove any information or user names etc, otherwise we cannot fix the problem. If you insist on editing out anything then I will close the topic & refuse to offer any help.

    Download ComboFix from Hereto your Desktop or your downloads folder.

    **Note: It is important that it is saved directly to your desktop or downloads folder and run from either the desktop or the downloads folder and not any other folder on your computer**
    --------------------------------------------------------------------
    1. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

    • Very Important! Temporarily disable your anti-virus and anti-malware real-time protection and any script blocking components of them or your firewall before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results" or stop combofix running at all
    • Click on THIS LINK to see instructions on how to temporarily disable many security programs while running combofix. The list does not cover every program. If yours is not listed and you don't know how to disable it, please ask.
    • Remember to re enable the protection again after combofix has finished
    --------------------------------------------------------------------
    2. Close any open browsers and any other programs you might have running
    Double click on combofix.exe & follow the prompts.​
    If you are using windows XP It might display a pop up saying that "Recovery console is not installed, do you want to install?"
    Please select yes & let it download the files it needs to do this. Once the recovery console is installed Combofix will then offer to scan for malware. Select continue or yes.
    When finished, it will produce a report for you.
    Please post the "C:\ComboFix.txt" for further review


    ****Note: Do not mouseclick combofix's window while it's running. That may cause it to stall or freeze ****

    Note: ComboFix may reset a number of Internet Explorer's settings, including making it the default browser.
    Note: Combofix prevents autorun of ALL CDs, floppies and USB devices to assist with malware removal & increase security.Read HERE why we disable autoruns

    Please do not install any new programs or update anything (always allow your antivirus/antispyware to update) unless told to do so while we are fixing your problem. If combofix alerts to a new version and offers to update, please let it. It is essential we always use the latest version.

    Please tell us if it has cured the problems or if there are any outstanding issues

    *EXTRA NOTES*
    • If Combofix detects any Rootkit/Bootkit activity on your system it will give a warning and prompt for a reboot, you must allow it to do so.
    • If Combofix reboot is due to a rootkit, the screen may stay black for several minutes on reboot, this is normal
    • If after running Combofix you receive any type of warning message about registry key's being listed for deletion when trying to open certain items, reboot the system and this will fix the issue (Those items will not be deleted)

    Post the log in next reply please...
     
  5. Aidan884

    Aidan884 Thread Starter

    Joined:
    Jan 9, 2015
    Messages:
    9
    Here are the contents of the log:


    ComboFix 15-01-08.01 - Aidan 01/10/2015 14:09:50.1.4 - x64
    Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.5608.2326 [GMT -6:00]
    Running from: c:\users\Aidan\Desktop\ComboFix.exe
    AV: System Shield *Disabled/Updated* {3030810C-E2AC-B12D-8BB1-B1B8C0193798}
    SP: System Shield *Disabled/Updated* {8B5160E8-C496-BEA3-B101-8ACABB9E7D25}
    SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    .
    .
    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    C:\install.exe
    C:\prefs.js
    c:\program files (x86)\Searchqu Toolbar\Datamngr
    c:\program files (x86)\Searchqu Toolbar\Datamngr\BrowserConnection.dll
    c:\program files (x86)\Searchqu Toolbar\Datamngr\ChromeExtension\config\skin\css\new-tab.css
    c:\program files (x86)\Searchqu Toolbar\Datamngr\ChromeExtension\config\skin\images\fav_amazon.png
    c:\program files (x86)\Searchqu Toolbar\Datamngr\ChromeExtension\config\skin\images\fav_ebay.png
    c:\program files (x86)\Searchqu Toolbar\Datamngr\ChromeExtension\config\skin\images\fav_facebook.png
    c:\program files (x86)\Searchqu Toolbar\Datamngr\ChromeExtension\config\skin\images\fav_fantastigames.png
    c:\program files (x86)\Searchqu Toolbar\Datamngr\ChromeExtension\config\skin\images\fav_ftalk.png
    c:\program files (x86)\Searchqu Toolbar\Datamngr\ChromeExtension\config\skin\images\fav_youtube.png
    c:\program files (x86)\Searchqu Toolbar\Datamngr\ChromeExtension\config\skin\images\IDR_WEBSTORE_ICON.png
    c:\program files (x86)\Searchqu Toolbar\Datamngr\ChromeExtension\config\skin\images\imesh_logo_128.png
    c:\program files (x86)\Searchqu Toolbar\Datamngr\ChromeExtension\config\skin\new-tab.html
    c:\program files (x86)\Searchqu Toolbar\Datamngr\ChromeExtension\default-config.js
    c:\program files (x86)\Searchqu Toolbar\Datamngr\ChromeExtension\lib\analytics.js
    c:\program files (x86)\Searchqu Toolbar\Datamngr\ChromeExtension\lib\constant.js
    c:\program files (x86)\Searchqu Toolbar\Datamngr\ChromeExtension\lib\default-config.js
    c:\program files (x86)\Searchqu Toolbar\Datamngr\ChromeExtension\lib\jquery.js
    c:\program files (x86)\Searchqu Toolbar\Datamngr\ChromeExtension\lib\localStorage.js
    c:\program files (x86)\Searchqu Toolbar\Datamngr\ChromeExtension\lib\new-tab.js
    c:\program files (x86)\Searchqu Toolbar\Datamngr\ChromeExtension\lib\preferences.js
    c:\program files (x86)\Searchqu Toolbar\Datamngr\ChromeExtension\manifest.json
    c:\program files (x86)\Searchqu Toolbar\Datamngr\ChromeExtension\new-tab.js
    c:\program files (x86)\Searchqu Toolbar\Datamngr\ChromeExtension\OurLocalPage.html
    c:\program files (x86)\Searchqu Toolbar\Datamngr\datamngr.dll
    c:\program files (x86)\Searchqu Toolbar\Datamngr\DnsBHO.dll
    c:\program files (x86)\Searchqu Toolbar\Datamngr\IEBHO.dll
    c:\program files (x86)\Searchqu Toolbar\Datamngr\installhelper.dll
    c:\program files (x86)\Searchqu Toolbar\Datamngr\x64\BrowserConnection.dll
    c:\program files (x86)\Searchqu Toolbar\Datamngr\x64\datamngr.dll
    c:\program files (x86)\Searchqu Toolbar\Datamngr\x64\DnsBHO.dll
    c:\program files (x86)\Searchqu Toolbar\Datamngr\x64\IEBHO.dll
    c:\programdata\374311380
    c:\programdata\ntuser.pol
    c:\programdata\Wincert\WIN32C~1.DLL
    c:\programdata\WinSpeed\WinSpeed.dll
    c:\programdata\winspeed\WinSpeedSvc.dll
    c:\users\Administrator\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\bhdipkjmgjdfaaenbkegnkefmeklnooi
    c:\users\Administrator\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\bhdipkjmgjdfaaenbkegnkefmeklnooi\3.7\background.html
    c:\users\Administrator\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\bhdipkjmgjdfaaenbkegnkefmeklnooi\3.7\content.js
    c:\users\Administrator\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\bhdipkjmgjdfaaenbkegnkefmeklnooi\3.7\lsdb.js
    c:\users\Administrator\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\bhdipkjmgjdfaaenbkegnkefmeklnooi\3.7\manifest.json
    c:\users\Administrator\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\bhdipkjmgjdfaaenbkegnkefmeklnooi\3.7\ZaB4z.js
    c:\users\Administrator\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\hgljgnjibpkcjnneiccmfjpjcanbhfld
    c:\users\Administrator\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\hgljgnjibpkcjnneiccmfjpjcanbhfld\2.7\background.html
    c:\users\Administrator\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\hgljgnjibpkcjnneiccmfjpjcanbhfld\2.7\content.js
    c:\users\Administrator\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\hgljgnjibpkcjnneiccmfjpjcanbhfld\2.7\lsdb.js
    c:\users\Administrator\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\hgljgnjibpkcjnneiccmfjpjcanbhfld\2.7\manifest.json
    c:\users\Administrator\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\hgljgnjibpkcjnneiccmfjpjcanbhfld\2.7\TvTDQ8Oa.js
    c:\users\Administrator\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\bhdipkjmgjdfaaenbkegnkefmeklnooi
    c:\users\Administrator\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\bhdipkjmgjdfaaenbkegnkefmeklnooi\3.7\background.html
    c:\users\Administrator\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\bhdipkjmgjdfaaenbkegnkefmeklnooi\3.7\content.js
    c:\users\Administrator\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\bhdipkjmgjdfaaenbkegnkefmeklnooi\3.7\lsdb.js
    c:\users\Administrator\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\bhdipkjmgjdfaaenbkegnkefmeklnooi\3.7\manifest.json
    c:\users\Administrator\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\bhdipkjmgjdfaaenbkegnkefmeklnooi\3.7\ZaB4z.js
    c:\users\Administrator\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\hgljgnjibpkcjnneiccmfjpjcanbhfld
    c:\users\Administrator\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\hgljgnjibpkcjnneiccmfjpjcanbhfld\2.7\background.html
    c:\users\Administrator\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\hgljgnjibpkcjnneiccmfjpjcanbhfld\2.7\content.js
    c:\users\Administrator\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\hgljgnjibpkcjnneiccmfjpjcanbhfld\2.7\lsdb.js
    c:\users\Administrator\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\hgljgnjibpkcjnneiccmfjpjcanbhfld\2.7\manifest.json
    c:\users\Administrator\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\hgljgnjibpkcjnneiccmfjpjcanbhfld\2.7\TvTDQ8Oa.js
    c:\users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\bhdipkjmgjdfaaenbkegnkefmeklnooi
    c:\users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\bhdipkjmgjdfaaenbkegnkefmeklnooi\3.7\background.html
    c:\users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\bhdipkjmgjdfaaenbkegnkefmeklnooi\3.7\content.js
    c:\users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\bhdipkjmgjdfaaenbkegnkefmeklnooi\3.7\lsdb.js
    c:\users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\bhdipkjmgjdfaaenbkegnkefmeklnooi\3.7\manifest.json
    c:\users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\bhdipkjmgjdfaaenbkegnkefmeklnooi\3.7\ZaB4z.js
    c:\users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\hgljgnjibpkcjnneiccmfjpjcanbhfld
    c:\users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\hgljgnjibpkcjnneiccmfjpjcanbhfld\2.7\background.html
    c:\users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\hgljgnjibpkcjnneiccmfjpjcanbhfld\2.7\content.js
    c:\users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\hgljgnjibpkcjnneiccmfjpjcanbhfld\2.7\lsdb.js
    c:\users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\hgljgnjibpkcjnneiccmfjpjcanbhfld\2.7\manifest.json
    c:\users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\hgljgnjibpkcjnneiccmfjpjcanbhfld\2.7\TvTDQ8Oa.js
    c:\users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\hgogacjeaenloddfjlldnjnbfophkpng
    c:\users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\hgogacjeaenloddfjlldnjnbfophkpng\3.7\background.html
    c:\users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\hgogacjeaenloddfjlldnjnbfophkpng\3.7\content.js
    c:\users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\hgogacjeaenloddfjlldnjnbfophkpng\3.7\fYgQ8HEnX.js
    c:\users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\hgogacjeaenloddfjlldnjnbfophkpng\3.7\lsdb.js
    c:\users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\hgogacjeaenloddfjlldnjnbfophkpng\3.7\manifest.json
    c:\users\Administrator\AppData\Local\Torch\User Data\Default\Extensions\bhdipkjmgjdfaaenbkegnkefmeklnooi
    c:\users\Administrator\AppData\Local\Torch\User Data\Default\Extensions\bhdipkjmgjdfaaenbkegnkefmeklnooi\3.7\background.html
    c:\users\Administrator\AppData\Local\Torch\User Data\Default\Extensions\bhdipkjmgjdfaaenbkegnkefmeklnooi\3.7\content.js
    c:\users\Administrator\AppData\Local\Torch\User Data\Default\Extensions\bhdipkjmgjdfaaenbkegnkefmeklnooi\3.7\lsdb.js
    c:\users\Administrator\AppData\Local\Torch\User Data\Default\Extensions\bhdipkjmgjdfaaenbkegnkefmeklnooi\3.7\manifest.json
    c:\users\Administrator\AppData\Local\Torch\User Data\Default\Extensions\bhdipkjmgjdfaaenbkegnkefmeklnooi\3.7\ZaB4z.js
    c:\users\Administrator\AppData\Local\Torch\User Data\Default\Extensions\hgljgnjibpkcjnneiccmfjpjcanbhfld
    c:\users\Administrator\AppData\Local\Torch\User Data\Default\Extensions\hgljgnjibpkcjnneiccmfjpjcanbhfld\2.7\background.html
    c:\users\Administrator\AppData\Local\Torch\User Data\Default\Extensions\hgljgnjibpkcjnneiccmfjpjcanbhfld\2.7\content.js
    c:\users\Administrator\AppData\Local\Torch\User Data\Default\Extensions\hgljgnjibpkcjnneiccmfjpjcanbhfld\2.7\lsdb.js
    c:\users\Administrator\AppData\Local\Torch\User Data\Default\Extensions\hgljgnjibpkcjnneiccmfjpjcanbhfld\2.7\manifest.json
    c:\users\Administrator\AppData\Local\Torch\User Data\Default\Extensions\hgljgnjibpkcjnneiccmfjpjcanbhfld\2.7\TvTDQ8Oa.js
    c:\users\Aidan\AppData\Local\Adobe\downloader.dll
    c:\users\Aidan\AppData\Local\Adobe\gccheck.exe
    c:\users\Aidan\AppData\Local\Adobe\gtbcheck.exe
    c:\users\Aidan\AppData\Local\assembly\tmp
    c:\users\Aidan\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\bhdipkjmgjdfaaenbkegnkefmeklnooi
    c:\users\Aidan\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\bhdipkjmgjdfaaenbkegnkefmeklnooi\3.7\background.html
    c:\users\Aidan\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\bhdipkjmgjdfaaenbkegnkefmeklnooi\3.7\content.js
    c:\users\Aidan\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\bhdipkjmgjdfaaenbkegnkefmeklnooi\3.7\lsdb.js
    c:\users\Aidan\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\bhdipkjmgjdfaaenbkegnkefmeklnooi\3.7\manifest.json
    c:\users\Aidan\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\bhdipkjmgjdfaaenbkegnkefmeklnooi\3.7\ZaB4z.js
    c:\users\Aidan\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\bhdipkjmgjdfaaenbkegnkefmeklnooi
    c:\users\Aidan\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\bhdipkjmgjdfaaenbkegnkefmeklnooi\3.7\background.html
    c:\users\Aidan\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\bhdipkjmgjdfaaenbkegnkefmeklnooi\3.7\content.js
    c:\users\Aidan\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\bhdipkjmgjdfaaenbkegnkefmeklnooi\3.7\lsdb.js
    c:\users\Aidan\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\bhdipkjmgjdfaaenbkegnkefmeklnooi\3.7\manifest.json
    c:\users\Aidan\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\bhdipkjmgjdfaaenbkegnkefmeklnooi\3.7\ZaB4z.js
    c:\users\Aidan\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\hgljgnjibpkcjnneiccmfjpjcanbhfld
    c:\users\Aidan\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\hgljgnjibpkcjnneiccmfjpjcanbhfld\2.7\background.html
    c:\users\Aidan\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\hgljgnjibpkcjnneiccmfjpjcanbhfld\2.7\content.js
    c:\users\Aidan\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\hgljgnjibpkcjnneiccmfjpjcanbhfld\2.7\lsdb.js
    c:\users\Aidan\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\hgljgnjibpkcjnneiccmfjpjcanbhfld\2.7\manifest.json
    c:\users\Aidan\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\hgljgnjibpkcjnneiccmfjpjcanbhfld\2.7\TvTDQ8Oa.js
    c:\users\Aidan\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_hgljgnjibpkcjnneiccmfjpjcanbhfld_0.localstorage-journal
    c:\users\Aidan\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_hgljgnjibpkcjnneiccmfjpjcanbhfld_0.localstorage
    c:\users\Aidan\AppData\Local\Google\Chrome\User Data\Default\Preferences
    c:\users\Aidan\AppData\Local\Torch\User Data\Default\Extensions\bhdipkjmgjdfaaenbkegnkefmeklnooi
    c:\users\Aidan\AppData\Local\Torch\User Data\Default\Extensions\bhdipkjmgjdfaaenbkegnkefmeklnooi\3.7\background.html
    c:\users\Aidan\AppData\Local\Torch\User Data\Default\Extensions\bhdipkjmgjdfaaenbkegnkefmeklnooi\3.7\content.js
    c:\users\Aidan\AppData\Local\Torch\User Data\Default\Extensions\bhdipkjmgjdfaaenbkegnkefmeklnooi\3.7\lsdb.js
    c:\users\Aidan\AppData\Local\Torch\User Data\Default\Extensions\bhdipkjmgjdfaaenbkegnkefmeklnooi\3.7\manifest.json
    c:\users\Aidan\AppData\Local\Torch\User Data\Default\Extensions\bhdipkjmgjdfaaenbkegnkefmeklnooi\3.7\ZaB4z.js
    c:\users\F6DF0C9454B6436B8503\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\bhdipkjmgjdfaaenbkegnkefmeklnooi
    c:\users\F6DF0C9454B6436B8503\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\bhdipkjmgjdfaaenbkegnkefmeklnooi\3.7\background.html
    c:\users\F6DF0C9454B6436B8503\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\bhdipkjmgjdfaaenbkegnkefmeklnooi\3.7\content.js
    c:\users\F6DF0C9454B6436B8503\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\bhdipkjmgjdfaaenbkegnkefmeklnooi\3.7\lsdb.js
    c:\users\F6DF0C9454B6436B8503\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\bhdipkjmgjdfaaenbkegnkefmeklnooi\3.7\manifest.json
    c:\users\F6DF0C9454B6436B8503\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\bhdipkjmgjdfaaenbkegnkefmeklnooi\3.7\ZaB4z.js
    c:\users\F6DF0C9454B6436B8503\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\hgljgnjibpkcjnneiccmfjpjcanbhfld
    c:\users\F6DF0C9454B6436B8503\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\hgljgnjibpkcjnneiccmfjpjcanbhfld\2.7\background.html
    c:\users\F6DF0C9454B6436B8503\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\hgljgnjibpkcjnneiccmfjpjcanbhfld\2.7\content.js
    c:\users\F6DF0C9454B6436B8503\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\hgljgnjibpkcjnneiccmfjpjcanbhfld\2.7\lsdb.js
    c:\users\F6DF0C9454B6436B8503\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\hgljgnjibpkcjnneiccmfjpjcanbhfld\2.7\manifest.json
    c:\users\F6DF0C9454B6436B8503\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\hgljgnjibpkcjnneiccmfjpjcanbhfld\2.7\TvTDQ8Oa.js
    c:\users\F6DF0C9454B6436B8503\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\bhdipkjmgjdfaaenbkegnkefmeklnooi
    c:\users\F6DF0C9454B6436B8503\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\bhdipkjmgjdfaaenbkegnkefmeklnooi\3.7\background.html
    c:\users\F6DF0C9454B6436B8503\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\bhdipkjmgjdfaaenbkegnkefmeklnooi\3.7\content.js
    c:\users\F6DF0C9454B6436B8503\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\bhdipkjmgjdfaaenbkegnkefmeklnooi\3.7\lsdb.js
    c:\users\F6DF0C9454B6436B8503\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\bhdipkjmgjdfaaenbkegnkefmeklnooi\3.7\manifest.json
    c:\users\F6DF0C9454B6436B8503\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\bhdipkjmgjdfaaenbkegnkefmeklnooi\3.7\ZaB4z.js
    c:\users\F6DF0C9454B6436B8503\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\hgljgnjibpkcjnneiccmfjpjcanbhfld
    c:\users\F6DF0C9454B6436B8503\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\hgljgnjibpkcjnneiccmfjpjcanbhfld\2.7\background.html
    c:\users\F6DF0C9454B6436B8503\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\hgljgnjibpkcjnneiccmfjpjcanbhfld\2.7\content.js
    c:\users\F6DF0C9454B6436B8503\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\hgljgnjibpkcjnneiccmfjpjcanbhfld\2.7\lsdb.js
    c:\users\F6DF0C9454B6436B8503\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\hgljgnjibpkcjnneiccmfjpjcanbhfld\2.7\manifest.json
    c:\users\F6DF0C9454B6436B8503\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\hgljgnjibpkcjnneiccmfjpjcanbhfld\2.7\TvTDQ8Oa.js
    c:\users\F6DF0C9454B6436B8503\AppData\Local\Google\Chrome\User Data\Default\Extensions\bhdipkjmgjdfaaenbkegnkefmeklnooi
    c:\users\F6DF0C9454B6436B8503\AppData\Local\Google\Chrome\User Data\Default\Extensions\bhdipkjmgjdfaaenbkegnkefmeklnooi\3.7\background.html
    c:\users\F6DF0C9454B6436B8503\AppData\Local\Google\Chrome\User Data\Default\Extensions\bhdipkjmgjdfaaenbkegnkefmeklnooi\3.7\content.js
    c:\users\F6DF0C9454B6436B8503\AppData\Local\Google\Chrome\User Data\Default\Extensions\bhdipkjmgjdfaaenbkegnkefmeklnooi\3.7\lsdb.js
    c:\users\F6DF0C9454B6436B8503\AppData\Local\Google\Chrome\User Data\Default\Extensions\bhdipkjmgjdfaaenbkegnkefmeklnooi\3.7\manifest.json
    c:\users\F6DF0C9454B6436B8503\AppData\Local\Google\Chrome\User Data\Default\Extensions\bhdipkjmgjdfaaenbkegnkefmeklnooi\3.7\ZaB4z.js
    c:\users\F6DF0C9454B6436B8503\AppData\Local\Google\Chrome\User Data\Default\Extensions\hgljgnjibpkcjnneiccmfjpjcanbhfld
    c:\users\F6DF0C9454B6436B8503\AppData\Local\Google\Chrome\User Data\Default\Extensions\hgljgnjibpkcjnneiccmfjpjcanbhfld\2.7\background.html
    c:\users\F6DF0C9454B6436B8503\AppData\Local\Google\Chrome\User Data\Default\Extensions\hgljgnjibpkcjnneiccmfjpjcanbhfld\2.7\content.js
    c:\users\F6DF0C9454B6436B8503\AppData\Local\Google\Chrome\User Data\Default\Extensions\hgljgnjibpkcjnneiccmfjpjcanbhfld\2.7\lsdb.js
    c:\users\F6DF0C9454B6436B8503\AppData\Local\Google\Chrome\User Data\Default\Extensions\hgljgnjibpkcjnneiccmfjpjcanbhfld\2.7\manifest.json
    c:\users\F6DF0C9454B6436B8503\AppData\Local\Google\Chrome\User Data\Default\Extensions\hgljgnjibpkcjnneiccmfjpjcanbhfld\2.7\TvTDQ8Oa.js
    c:\users\F6DF0C9454B6436B8503\AppData\Local\Torch\User Data\Default\Extensions\bhdipkjmgjdfaaenbkegnkefmeklnooi
    c:\users\F6DF0C9454B6436B8503\AppData\Local\Torch\User Data\Default\Extensions\bhdipkjmgjdfaaenbkegnkefmeklnooi\3.7\background.html
    c:\users\F6DF0C9454B6436B8503\AppData\Local\Torch\User Data\Default\Extensions\bhdipkjmgjdfaaenbkegnkefmeklnooi\3.7\content.js
    c:\users\F6DF0C9454B6436B8503\AppData\Local\Torch\User Data\Default\Extensions\bhdipkjmgjdfaaenbkegnkefmeklnooi\3.7\lsdb.js
    c:\users\F6DF0C9454B6436B8503\AppData\Local\Torch\User Data\Default\Extensions\bhdipkjmgjdfaaenbkegnkefmeklnooi\3.7\manifest.json
    c:\users\F6DF0C9454B6436B8503\AppData\Local\Torch\User Data\Default\Extensions\bhdipkjmgjdfaaenbkegnkefmeklnooi\3.7\ZaB4z.js
    c:\users\F6DF0C9454B6436B8503\AppData\Local\Torch\User Data\Default\Extensions\hgljgnjibpkcjnneiccmfjpjcanbhfld
    c:\users\F6DF0C9454B6436B8503\AppData\Local\Torch\User Data\Default\Extensions\hgljgnjibpkcjnneiccmfjpjcanbhfld\2.7\background.html
    c:\users\F6DF0C9454B6436B8503\AppData\Local\Torch\User Data\Default\Extensions\hgljgnjibpkcjnneiccmfjpjcanbhfld\2.7\content.js
    c:\users\F6DF0C9454B6436B8503\AppData\Local\Torch\User Data\Default\Extensions\hgljgnjibpkcjnneiccmfjpjcanbhfld\2.7\lsdb.js
    c:\users\F6DF0C9454B6436B8503\AppData\Local\Torch\User Data\Default\Extensions\hgljgnjibpkcjnneiccmfjpjcanbhfld\2.7\manifest.json
    c:\users\F6DF0C9454B6436B8503\AppData\Local\Torch\User Data\Default\Extensions\hgljgnjibpkcjnneiccmfjpjcanbhfld\2.7\TvTDQ8Oa.js
    c:\users\Guest\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\bhdipkjmgjdfaaenbkegnkefmeklnooi
    c:\users\Guest\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\bhdipkjmgjdfaaenbkegnkefmeklnooi\3.7\background.html
    c:\users\Guest\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\bhdipkjmgjdfaaenbkegnkefmeklnooi\3.7\content.js
    c:\users\Guest\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\bhdipkjmgjdfaaenbkegnkefmeklnooi\3.7\lsdb.js
    c:\users\Guest\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\bhdipkjmgjdfaaenbkegnkefmeklnooi\3.7\manifest.json
    c:\users\Guest\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\bhdipkjmgjdfaaenbkegnkefmeklnooi\3.7\ZaB4z.js
    c:\users\Guest\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\hgljgnjibpkcjnneiccmfjpjcanbhfld
    c:\users\Guest\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\hgljgnjibpkcjnneiccmfjpjcanbhfld\2.7\background.html
    c:\users\Guest\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\hgljgnjibpkcjnneiccmfjpjcanbhfld\2.7\content.js
    c:\users\Guest\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\hgljgnjibpkcjnneiccmfjpjcanbhfld\2.7\lsdb.js
    c:\users\Guest\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\hgljgnjibpkcjnneiccmfjpjcanbhfld\2.7\manifest.json
    c:\users\Guest\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\hgljgnjibpkcjnneiccmfjpjcanbhfld\2.7\TvTDQ8Oa.js
    c:\users\Guest\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\bhdipkjmgjdfaaenbkegnkefmeklnooi
    c:\users\Guest\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\bhdipkjmgjdfaaenbkegnkefmeklnooi\3.7\background.html
    c:\users\Guest\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\bhdipkjmgjdfaaenbkegnkefmeklnooi\3.7\content.js
    c:\users\Guest\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\bhdipkjmgjdfaaenbkegnkefmeklnooi\3.7\lsdb.js
    c:\users\Guest\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\bhdipkjmgjdfaaenbkegnkefmeklnooi\3.7\manifest.json
    c:\users\Guest\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\bhdipkjmgjdfaaenbkegnkefmeklnooi\3.7\ZaB4z.js
    c:\users\Guest\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\hgljgnjibpkcjnneiccmfjpjcanbhfld
    c:\users\Guest\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\hgljgnjibpkcjnneiccmfjpjcanbhfld\2.7\background.html
    c:\users\Guest\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\hgljgnjibpkcjnneiccmfjpjcanbhfld\2.7\content.js
    c:\users\Guest\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\hgljgnjibpkcjnneiccmfjpjcanbhfld\2.7\lsdb.js
    c:\users\Guest\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\hgljgnjibpkcjnneiccmfjpjcanbhfld\2.7\manifest.json
    c:\users\Guest\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\hgljgnjibpkcjnneiccmfjpjcanbhfld\2.7\TvTDQ8Oa.js
    c:\users\Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\bhdipkjmgjdfaaenbkegnkefmeklnooi
    c:\users\Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\bhdipkjmgjdfaaenbkegnkefmeklnooi\3.7\background.html
    c:\users\Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\bhdipkjmgjdfaaenbkegnkefmeklnooi\3.7\content.js
    c:\users\Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\bhdipkjmgjdfaaenbkegnkefmeklnooi\3.7\lsdb.js
    c:\users\Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\bhdipkjmgjdfaaenbkegnkefmeklnooi\3.7\manifest.json
    c:\users\Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\bhdipkjmgjdfaaenbkegnkefmeklnooi\3.7\ZaB4z.js
    c:\users\Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\hgljgnjibpkcjnneiccmfjpjcanbhfld
    c:\users\Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\hgljgnjibpkcjnneiccmfjpjcanbhfld\2.7\background.html
    c:\users\Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\hgljgnjibpkcjnneiccmfjpjcanbhfld\2.7\content.js
    c:\users\Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\hgljgnjibpkcjnneiccmfjpjcanbhfld\2.7\lsdb.js
    c:\users\Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\hgljgnjibpkcjnneiccmfjpjcanbhfld\2.7\manifest.json
    c:\users\Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\hgljgnjibpkcjnneiccmfjpjcanbhfld\2.7\TvTDQ8Oa.js
    c:\users\Guest\AppData\Local\Torch\User Data\Default\Extensions\bhdipkjmgjdfaaenbkegnkefmeklnooi
    c:\users\Guest\AppData\Local\Torch\User Data\Default\Extensions\bhdipkjmgjdfaaenbkegnkefmeklnooi\3.7\background.html
    c:\users\Guest\AppData\Local\Torch\User Data\Default\Extensions\bhdipkjmgjdfaaenbkegnkefmeklnooi\3.7\content.js
    c:\users\Guest\AppData\Local\Torch\User Data\Default\Extensions\bhdipkjmgjdfaaenbkegnkefmeklnooi\3.7\lsdb.js
    c:\users\Guest\AppData\Local\Torch\User Data\Default\Extensions\bhdipkjmgjdfaaenbkegnkefmeklnooi\3.7\manifest.json
    c:\users\Guest\AppData\Local\Torch\User Data\Default\Extensions\bhdipkjmgjdfaaenbkegnkefmeklnooi\3.7\ZaB4z.js
    c:\users\Guest\AppData\Local\Torch\User Data\Default\Extensions\hgljgnjibpkcjnneiccmfjpjcanbhfld
    c:\users\Guest\AppData\Local\Torch\User Data\Default\Extensions\hgljgnjibpkcjnneiccmfjpjcanbhfld\2.7\background.html
    c:\users\Guest\AppData\Local\Torch\User Data\Default\Extensions\hgljgnjibpkcjnneiccmfjpjcanbhfld\2.7\content.js
    c:\users\Guest\AppData\Local\Torch\User Data\Default\Extensions\hgljgnjibpkcjnneiccmfjpjcanbhfld\2.7\lsdb.js
    c:\users\Guest\AppData\Local\Torch\User Data\Default\Extensions\hgljgnjibpkcjnneiccmfjpjcanbhfld\2.7\manifest.json
    c:\users\Guest\AppData\Local\Torch\User Data\Default\Extensions\hgljgnjibpkcjnneiccmfjpjcanbhfld\2.7\TvTDQ8Oa.js
    c:\users\HomeGroupUser$\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\bhdipkjmgjdfaaenbkegnkefmeklnooi
    c:\users\HomeGroupUser$\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\bhdipkjmgjdfaaenbkegnkefmeklnooi\3.7\background.html
    c:\users\HomeGroupUser$\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\bhdipkjmgjdfaaenbkegnkefmeklnooi\3.7\content.js
    c:\users\HomeGroupUser$\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\bhdipkjmgjdfaaenbkegnkefmeklnooi\3.7\lsdb.js
    c:\users\HomeGroupUser$\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\bhdipkjmgjdfaaenbkegnkefmeklnooi\3.7\manifest.json
    c:\users\HomeGroupUser$\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\bhdipkjmgjdfaaenbkegnkefmeklnooi\3.7\ZaB4z.js
    c:\users\HomeGroupUser$\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\hgljgnjibpkcjnneiccmfjpjcanbhfld
    c:\users\HomeGroupUser$\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\hgljgnjibpkcjnneiccmfjpjcanbhfld\2.7\background.html
    c:\users\HomeGroupUser$\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\hgljgnjibpkcjnneiccmfjpjcanbhfld\2.7\content.js
    c:\users\HomeGroupUser$\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\hgljgnjibpkcjnneiccmfjpjcanbhfld\2.7\lsdb.js
    c:\users\HomeGroupUser$\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\hgljgnjibpkcjnneiccmfjpjcanbhfld\2.7\manifest.json
    c:\users\HomeGroupUser$\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\hgljgnjibpkcjnneiccmfjpjcanbhfld\2.7\TvTDQ8Oa.js
    c:\users\HomeGroupUser$\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\bhdipkjmgjdfaaenbkegnkefmeklnooi
    c:\users\HomeGroupUser$\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\bhdipkjmgjdfaaenbkegnkefmeklnooi\3.7\background.html
    c:\users\HomeGroupUser$\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\bhdipkjmgjdfaaenbkegnkefmeklnooi\3.7\content.js
    c:\users\HomeGroupUser$\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\bhdipkjmgjdfaaenbkegnkefmeklnooi\3.7\lsdb.js
    c:\users\HomeGroupUser$\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\bhdipkjmgjdfaaenbkegnkefmeklnooi\3.7\manifest.json
    c:\users\HomeGroupUser$\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\bhdipkjmgjdfaaenbkegnkefmeklnooi\3.7\ZaB4z.js
    c:\users\HomeGroupUser$\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\hgljgnjibpkcjnneiccmfjpjcanbhfld
    c:\users\HomeGroupUser$\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\hgljgnjibpkcjnneiccmfjpjcanbhfld\2.7\background.html
    c:\users\HomeGroupUser$\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\hgljgnjibpkcjnneiccmfjpjcanbhfld\2.7\content.js
    c:\users\HomeGroupUser$\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\hgljgnjibpkcjnneiccmfjpjcanbhfld\2.7\lsdb.js
    c:\users\HomeGroupUser$\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\hgljgnjibpkcjnneiccmfjpjcanbhfld\2.7\manifest.json
    c:\users\HomeGroupUser$\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\hgljgnjibpkcjnneiccmfjpjcanbhfld\2.7\TvTDQ8Oa.js
    c:\users\HomeGroupUser$\AppData\Local\Google\Chrome\User Data\Default\Extensions\bhdipkjmgjdfaaenbkegnkefmeklnooi
    c:\users\HomeGroupUser$\AppData\Local\Google\Chrome\User Data\Default\Extensions\bhdipkjmgjdfaaenbkegnkefmeklnooi\3.7\background.html
    c:\users\HomeGroupUser$\AppData\Local\Google\Chrome\User Data\Default\Extensions\bhdipkjmgjdfaaenbkegnkefmeklnooi\3.7\content.js
    c:\users\HomeGroupUser$\AppData\Local\Google\Chrome\User Data\Default\Extensions\bhdipkjmgjdfaaenbkegnkefmeklnooi\3.7\lsdb.js
    c:\users\HomeGroupUser$\AppData\Local\Google\Chrome\User Data\Default\Extensions\bhdipkjmgjdfaaenbkegnkefmeklnooi\3.7\manifest.json
    c:\users\HomeGroupUser$\AppData\Local\Google\Chrome\User Data\Default\Extensions\bhdipkjmgjdfaaenbkegnkefmeklnooi\3.7\ZaB4z.js
    c:\users\HomeGroupUser$\AppData\Local\Google\Chrome\User Data\Default\Extensions\hgljgnjibpkcjnneiccmfjpjcanbhfld
    c:\users\HomeGroupUser$\AppData\Local\Google\Chrome\User Data\Default\Extensions\hgljgnjibpkcjnneiccmfjpjcanbhfld\2.7\background.html
    c:\users\HomeGroupUser$\AppData\Local\Google\Chrome\User Data\Default\Extensions\hgljgnjibpkcjnneiccmfjpjcanbhfld\2.7\content.js
    c:\users\HomeGroupUser$\AppData\Local\Google\Chrome\User Data\Default\Extensions\hgljgnjibpkcjnneiccmfjpjcanbhfld\2.7\lsdb.js
    c:\users\HomeGroupUser$\AppData\Local\Google\Chrome\User Data\Default\Extensions\hgljgnjibpkcjnneiccmfjpjcanbhfld\2.7\manifest.json
    c:\users\HomeGroupUser$\AppData\Local\Google\Chrome\User Data\Default\Extensions\hgljgnjibpkcjnneiccmfjpjcanbhfld\2.7\TvTDQ8Oa.js
    c:\users\HomeGroupUser$\AppData\Local\Torch\User Data\Default\Extensions\bhdipkjmgjdfaaenbkegnkefmeklnooi
    c:\users\HomeGroupUser$\AppData\Local\Torch\User Data\Default\Extensions\bhdipkjmgjdfaaenbkegnkefmeklnooi\3.7\background.html
    c:\users\HomeGroupUser$\AppData\Local\Torch\User Data\Default\Extensions\bhdipkjmgjdfaaenbkegnkefmeklnooi\3.7\content.js
    c:\users\HomeGroupUser$\AppData\Local\Torch\User Data\Default\Extensions\bhdipkjmgjdfaaenbkegnkefmeklnooi\3.7\lsdb.js
    c:\users\HomeGroupUser$\AppData\Local\Torch\User Data\Default\Extensions\bhdipkjmgjdfaaenbkegnkefmeklnooi\3.7\manifest.json
    c:\users\HomeGroupUser$\AppData\Local\Torch\User Data\Default\Extensions\bhdipkjmgjdfaaenbkegnkefmeklnooi\3.7\ZaB4z.js
    c:\users\HomeGroupUser$\AppData\Local\Torch\User Data\Default\Extensions\hgljgnjibpkcjnneiccmfjpjcanbhfld
    c:\users\HomeGroupUser$\AppData\Local\Torch\User Data\Default\Extensions\hgljgnjibpkcjnneiccmfjpjcanbhfld\2.7\background.html
    c:\users\HomeGroupUser$\AppData\Local\Torch\User Data\Default\Extensions\hgljgnjibpkcjnneiccmfjpjcanbhfld\2.7\content.js
    c:\users\HomeGroupUser$\AppData\Local\Torch\User Data\Default\Extensions\hgljgnjibpkcjnneiccmfjpjcanbhfld\2.7\lsdb.js
    c:\users\HomeGroupUser$\AppData\Local\Torch\User Data\Default\Extensions\hgljgnjibpkcjnneiccmfjpjcanbhfld\2.7\manifest.json
    c:\users\HomeGroupUser$\AppData\Local\Torch\User Data\Default\Extensions\hgljgnjibpkcjnneiccmfjpjcanbhfld\2.7\TvTDQ8Oa.js
    c:\windows\msdownld.tmp
    c:\windows\SysWow64\DEBUG.log
    .
    .
    ((((((((((((((((((((((((( Files Created from 2014-12-11 to 2015-01-11 )))))))))))))))))))))))))))))))
    .
    .
    2015-01-11 00:52 . 2015-01-11 00:52 -------- d-----w- c:\users\Default\AppData\Local\temp
    2015-01-06 02:16 . 2015-01-06 02:17 -------- d-----w- c:\program files\CyberfoxPortable
    2015-01-05 02:09 . 2015-01-05 02:09 -------- d-----w- c:\users\Aidan\AppData\Roaming\TeamViewer
    2015-01-05 02:00 . 2015-01-05 02:09 -------- d-----w- c:\program files (x86)\TeamViewer
    2014-12-31 18:51 . 2014-08-29 02:07 3179520 ----a-w- c:\windows\system32\rdpcorets.dll
    2014-12-31 18:51 . 2014-05-08 09:32 16384 ----a-w- c:\windows\system32\RdpGroupPolicyExtension.dll
    2014-12-31 18:50 . 2014-09-05 01:52 5703168 ----a-w- c:\windows\SysWow64\mstscax.dll
    2014-12-31 18:50 . 2014-09-05 02:11 6584320 ----a-w- c:\windows\system32\mstscax.dll
    2014-12-30 19:09 . 2012-08-23 14:10 19456 ----a-w- c:\windows\system32\drivers\rdpvideominiport.sys
    2014-12-30 19:09 . 2012-08-23 14:08 30208 ----a-w- c:\windows\system32\drivers\TsUsbGD.sys
    2014-12-30 19:08 . 2012-08-23 14:13 243200 ----a-w- c:\windows\system32\rdpudd.dll
    2014-12-30 19:08 . 2012-08-23 11:12 192000 ----a-w- c:\windows\SysWow64\rdpendp_winip.dll
    2014-12-30 19:08 . 2012-08-23 10:51 228864 ----a-w- c:\windows\system32\rdpendp_winip.dll
    2014-12-29 02:29 . 2014-12-29 02:29 -------- d-sh--w- c:\users\Aidan\AppData\Local\EmieBrowserModeList
    2014-12-28 19:58 . 2014-12-28 19:58 -------- d-----w- c:\program files (x86)\LogMeIn Hamachi
    2014-12-28 19:57 . 2014-08-13 05:38 32912 ----a-w- c:\windows\system32\drivers\rawdsk3.sys
    2014-12-27 21:07 . 2014-12-27 21:07 -------- d-----w- c:\users\Aidan\AppData\Local\M-Audio
    2014-12-27 21:07 . 2014-12-27 21:07 -------- d-----w- c:\programdata\M-Audio
    2014-12-27 21:06 . 2014-12-27 21:06 -------- d-----w- c:\program files\M-Audio
    2014-12-27 21:06 . 2014-12-27 21:06 -------- d-----w- c:\program files (x86)\M-Audio
    2014-12-27 21:06 . 2014-12-27 21:06 -------- d-----w- c:\programdata\AVID
    2014-12-26 17:22 . 2014-12-26 17:22 -------- d-----w- C:\logs
    2014-12-24 04:35 . 2014-12-24 04:35 -------- d-----w- c:\users\Aidan\AppData\Local\FE2
    2014-12-23 01:29 . 2014-12-23 01:29 -------- d-----w- c:\windows\8A809006C25A4A3A9DAB94659BCDB107.TMP
    2014-12-23 01:16 . 2014-12-23 01:16 -------- d-----w- c:\users\Aidan\AppData\Local\PowerTest
    2014-12-17 21:13 . 2014-12-13 05:09 144384 ----a-w- c:\windows\system32\ieUnatt.exe
    2014-12-17 21:13 . 2014-12-13 03:33 115712 ----a-w- c:\windows\SysWow64\ieUnatt.exe
    2014-12-16 21:14 . 2014-12-16 21:14 -------- d-----w- c:\users\Aidan\AppData\Local\FERewritten
    .
    .
    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2015-01-06 10:36 . 2010-11-21 03:27 298120 ------w- c:\windows\system32\MpSigStub.exe
    2014-12-13 18:03 . 2013-07-25 14:37 701616 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
    2014-12-13 18:03 . 2012-03-10 19:52 71344 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
    2014-12-11 03:56 . 2012-10-28 13:42 112710672 ----a-w- c:\windows\system32\MRT.exe
    2014-12-04 02:50 . 2014-12-10 23:07 413184 ----a-w- c:\windows\system32\generaltel.dll
    2014-12-04 02:50 . 2014-12-10 23:07 741376 ----a-w- c:\windows\system32\invagent.dll
    2014-12-04 02:50 . 2014-12-10 23:07 396800 ----a-w- c:\windows\system32\devinv.dll
    2014-12-04 02:50 . 2014-12-10 23:07 830976 ----a-w- c:\windows\system32\appraiser.dll
    2014-12-04 02:50 . 2014-12-10 23:07 192000 ----a-w- c:\windows\system32\aepic.dll
    2014-12-04 02:50 . 2014-12-10 23:07 227328 ----a-w- c:\windows\system32\aepdu.dll
    2014-12-04 02:44 . 2014-12-10 23:07 1083392 ----a-w- c:\windows\system32\aeinv.dll
    2014-12-01 23:28 . 2014-12-10 23:07 1232040 ----a-w- c:\windows\system32\aitstatic.exe
    2014-11-27 01:43 . 2014-12-10 23:04 389296 ----a-w- c:\windows\system32\iedkcs32.dll
    2014-11-22 03:13 . 2014-12-10 23:04 25059840 ----a-w- c:\windows\system32\mshtml.dll
    2014-11-22 03:06 . 2014-12-10 23:04 2724864 ----a-w- c:\windows\system32\mshtml.tlb
    2014-11-22 03:06 . 2014-12-10 23:04 4096 ----a-w- c:\windows\system32\ieetwcollectorres.dll
    2014-11-22 02:50 . 2014-12-10 23:04 66560 ----a-w- c:\windows\system32\iesetup.dll
    2014-11-22 02:50 . 2014-12-10 23:04 580096 ----a-w- c:\windows\system32\vbscript.dll
    2014-11-22 02:49 . 2014-12-10 23:04 48640 ----a-w- c:\windows\system32\ieetwproxystub.dll
    2014-11-22 02:49 . 2014-12-10 23:04 2885120 ----a-w- c:\windows\system32\iertutil.dll
    2014-11-22 02:48 . 2014-12-10 23:04 88064 ----a-w- c:\windows\system32\MshtmlDac.dll
    2014-11-22 02:41 . 2014-12-10 23:04 54784 ----a-w- c:\windows\system32\jsproxy.dll
    2014-11-22 02:40 . 2014-12-10 23:04 34304 ----a-w- c:\windows\system32\iernonce.dll
    2014-11-22 02:37 . 2014-12-10 23:04 633856 ----a-w- c:\windows\system32\ieui.dll
    2014-11-22 02:35 . 2014-12-10 23:04 114688 ----a-w- c:\windows\system32\ieetwcollector.exe
    2014-11-22 02:34 . 2014-12-10 23:04 814080 ----a-w- c:\windows\system32\jscript9diag.dll
    2014-11-22 02:34 . 2014-12-10 23:04 6039552 ----a-w- c:\windows\system32\jscript9.dll
    2014-11-22 02:26 . 2014-12-10 23:04 968704 ----a-w- c:\windows\system32\MsSpellCheckingFacility.exe
    2014-11-22 02:22 . 2014-12-10 23:04 490496 ----a-w- c:\windows\system32\dxtmsft.dll
    2014-11-22 02:20 . 2014-12-10 23:04 2724864 ----a-w- c:\windows\SysWow64\mshtml.tlb
    2014-11-22 02:14 . 2014-12-10 23:04 77824 ----a-w- c:\windows\system32\JavaScriptCollectionAgent.dll
    2014-11-22 02:09 . 2014-12-10 23:04 199680 ----a-w- c:\windows\system32\msrating.dll
    2014-11-22 02:08 . 2014-12-10 23:04 92160 ----a-w- c:\windows\system32\mshtmled.dll
    2014-11-22 02:07 . 2014-12-10 23:04 501248 ----a-w- c:\windows\SysWow64\vbscript.dll
    2014-11-22 02:07 . 2014-12-10 23:04 62464 ----a-w- c:\windows\SysWow64\iesetup.dll
    2014-11-22 02:06 . 2014-12-10 23:04 47616 ----a-w- c:\windows\SysWow64\ieetwproxystub.dll
    2014-11-22 02:05 . 2014-12-10 23:04 64000 ----a-w- c:\windows\SysWow64\MshtmlDac.dll
    2014-11-22 02:05 . 2014-12-10 23:04 316928 ----a-w- c:\windows\system32\dxtrans.dll
    2014-11-22 01:54 . 2014-12-10 23:04 620032 ----a-w- c:\windows\SysWow64\jscript9diag.dll
    2014-11-22 01:49 . 2014-12-10 23:04 718848 ----a-w- c:\windows\system32\ie4uinit.exe
    2014-11-22 01:49 . 2014-12-10 23:04 800768 ----a-w- c:\windows\system32\msfeeds.dll
    2014-11-22 01:47 . 2014-12-10 23:04 1359360 ----a-w- c:\windows\system32\mshtmlmedia.dll
    2014-11-22 01:46 . 2014-12-10 23:04 2125312 ----a-w- c:\windows\system32\inetcpl.cpl
    2014-11-22 01:43 . 2014-12-10 23:04 14412800 ----a-w- c:\windows\system32\ieframe.dll
    2014-11-22 01:40 . 2014-12-10 23:04 60416 ----a-w- c:\windows\SysWow64\JavaScriptCollectionAgent.dll
    2014-11-22 01:29 . 2014-12-10 23:04 4299264 ----a-w- c:\windows\SysWow64\jscript9.dll
    2014-11-22 01:28 . 2014-12-10 23:04 2358272 ----a-w- c:\windows\system32\wininet.dll
    2014-11-22 01:22 . 2014-12-10 23:04 2052096 ----a-w- c:\windows\SysWow64\inetcpl.cpl
    2014-11-22 01:21 . 2014-12-10 23:04 1155072 ----a-w- c:\windows\SysWow64\mshtmlmedia.dll
    2014-11-22 01:15 . 2014-12-10 23:04 1548288 ----a-w- c:\windows\system32\urlmon.dll
    2014-11-22 01:03 . 2014-12-10 23:04 800768 ----a-w- c:\windows\system32\ieapfltr.dll
    2014-11-22 01:00 . 2014-12-10 23:04 1888256 ----a-w- c:\windows\SysWow64\wininet.dll
    2014-11-19 10:31 . 2014-11-19 10:31 1217192 ----a-w- c:\windows\SysWow64\FM20.DLL
    2014-11-11 03:09 . 2014-12-10 23:05 1424384 ----a-w- c:\windows\system32\WindowsCodecs.dll
    2014-11-11 03:08 . 2014-11-20 01:27 241152 ----a-w- c:\windows\system32\pku2u.dll
    2014-11-11 03:08 . 2014-11-20 01:27 728064 ----a-w- c:\windows\system32\kerberos.dll
    2014-11-11 02:44 . 2014-12-10 23:05 1230336 ----a-w- c:\windows\SysWow64\WindowsCodecs.dll
    2014-11-11 02:44 . 2014-11-20 01:27 186880 ----a-w- c:\windows\SysWow64\pku2u.dll
    2014-11-11 02:44 . 2014-11-20 01:27 550912 ----a-w- c:\windows\SysWow64\kerberos.dll
    2014-11-11 01:46 . 2014-12-10 23:05 119296 ----a-w- c:\windows\system32\drivers\tdx.sys
    2014-11-08 03:16 . 2014-12-10 23:00 2048 ----a-w- c:\windows\system32\tzres.dll
    2014-11-08 02:45 . 2014-12-10 23:00 2048 ----a-w- c:\windows\SysWow64\tzres.dll
    2014-10-30 02:03 . 2014-12-10 23:01 165888 ----a-w- c:\windows\system32\charmap.exe
    2014-10-30 01:45 . 2014-12-10 23:01 155136 ----a-w- c:\windows\SysWow64\charmap.exe
    2014-10-25 01:57 . 2014-11-13 21:46 77824 ----a-w- c:\windows\system32\packager.dll
    2014-10-25 01:32 . 2014-11-13 21:46 67584 ----a-w- c:\windows\SysWow64\packager.dll
    2014-10-21 16:06 . 2014-10-21 16:07 98216 ----a-w- c:\windows\SysWow64\WindowsAccessBridge-32.dll
    2014-10-18 02:05 . 2014-11-13 21:45 861696 ----a-w- c:\windows\system32\oleaut32.dll
    2014-10-18 02:05 . 2014-12-11 03:52 4121600 ----a-w- c:\windows\system32\mf.dll
    2014-10-18 01:33 . 2014-11-13 21:45 571904 ----a-w- c:\windows\SysWow64\oleaut32.dll
    2014-10-18 01:33 . 2014-12-11 03:52 3209728 ----a-w- c:\windows\SysWow64\mf.dll
    2014-10-14 02:16 . 2014-11-13 21:49 155064 ----a-w- c:\windows\system32\drivers\ksecpkg.sys
    2014-10-14 02:13 . 2014-11-13 21:49 683520 ----a-w- c:\windows\system32\termsrv.dll
    2014-10-14 02:13 . 2014-11-13 21:46 3241984 ----a-w- c:\windows\system32\msi.dll
    2014-10-14 02:12 . 2014-11-13 21:49 1460736 ----a-w- c:\windows\system32\lsasrv.dll
    2014-10-14 02:09 . 2014-11-13 21:49 146432 ----a-w- c:\windows\system32\msaudite.dll
    2014-10-14 02:07 . 2014-11-13 21:49 681984 ----a-w- c:\windows\system32\adtschema.dll
    2014-10-14 01:50 . 2014-11-13 21:49 22016 ----a-w- c:\windows\SysWow64\secur32.dll
    2014-10-14 01:50 . 2014-11-13 21:46 2363904 ----a-w- c:\windows\SysWow64\msi.dll
    2014-10-14 01:49 . 2014-11-13 21:49 96768 ----a-w- c:\windows\SysWow64\sspicli.dll
    2014-10-14 01:47 . 2014-11-13 21:49 146432 ----a-w- c:\windows\SysWow64\msaudite.dll
    2014-10-14 01:46 . 2014-11-13 21:49 681984 ----a-w- c:\windows\SysWow64\adtschema.dll
    .
    .
    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4
    .
    [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
    "{739df940-c5ee-4bab-9d7e-270894ae687a}"= "c:\program files (x86)\WhiteSmoke_New\prxtbWhit.dll" [2013-03-05 231168]
    .
    [HKEY_CLASSES_ROOT\clsid\{739df940-c5ee-4bab-9d7e-270894ae687a}]
    .
    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
    @="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
    [HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
    2013-05-25 00:36 130736 ----a-w- c:\users\Aidan\AppData\Roaming\Dropbox\bin\DropboxExt.19.dll
    .
    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
    @="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
    [HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
    2013-05-25 00:36 130736 ----a-w- c:\users\Aidan\AppData\Roaming\Dropbox\bin\DropboxExt.19.dll
    .
    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
    @="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
    [HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
    2013-05-25 00:36 130736 ----a-w- c:\users\Aidan\AppData\Roaming\Dropbox\bin\DropboxExt.19.dll
    .
    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\P4EXPCheckoutOverlay]
    @="{80E008A4-EAE7-4867-AEB0-1A245F070F25}"
    [HKEY_CLASSES_ROOT\CLSID\{80E008A4-EAE7-4867-AEB0-1A245F070F25}]
    2012-09-24 20:48 1954440 ----a-w- c:\program files\Perforce\p4exp.dll
    .
    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\P4EXPSyncdOverlay]
    @="{ADF262C1-E8FE-49BE-AD63-F77CD4A6CCD9}"
    [HKEY_CLASSES_ROOT\CLSID\{ADF262C1-E8FE-49BE-AD63-F77CD4A6CCD9}]
    2012-09-24 20:48 1954440 ----a-w- c:\program files\Perforce\p4exp.dll
    .
    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\P4EXPUpdateOverlay]
    @="{C550CDA2-37D7-4838-A9D7-65ECB1EB5AB2}"
    [HKEY_CLASSES_ROOT\CLSID\{C550CDA2-37D7-4838-A9D7-65ECB1EB5AB2}]
    2012-09-24 20:48 1954440 ----a-w- c:\program files\Perforce\p4exp.dll
    .
    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "Steam"="c:\program files (x86)\Steam\steam.exe" [2014-11-18 1940160]
    "ApplePhotoStreams"="c:\program files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe" [2013-11-20 59720]
    "Game Update"="c:\users\Aidan\AppData\Roaming\WUDFHost.exe" [2013-07-22 190842]
    "EADM"="c:\program files (x86)\Origin\Origin.exe" [2014-12-18 3618648]
    "RocketDock"="c:\program files (x86)\RocketDock\RocketDock.exe" [2007-09-02 495616]
    "ooVoo.exe"="c:\program files (x86)\ooVoo\oovoo.exe" [2014-03-25 36247104]
    "Cloud Sync Application"="c:\program files (x86)\Renewed Vision\ProPresenter 5\CloudSyncApp.exe" [2014-03-12 169984]
    "Clownfish"="c:\program files (x86)\Clownfish\Clownfish.exe" [2014-06-09 1315072]
    "Xwqgvctxd"="c:\users\Aidan\AppData\Local\Octodad Dadliest Catch\Xwqgvctxd.dll" [2015-01-04 266752]
    "Skype"="c:\program files (x86)\Skype\Phone\Skype.exe" [2014-12-11 30877280]
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
    "Dell Webcam Central"="c:\program files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe" [2011-04-13 503942]
    "APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2014-10-11 60712]
    "AdobeCS4ServiceManager"="c:\program files (x86)\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" [2008-08-14 611712]
    "DigidesignMMERefresh"="c:\program files (x86)\Digidesign\Drivers\MMERefresh.exe" [2011-08-11 81920]
    "EKStatusMonitor"="c:\program files (x86)\Kodak\AiO\StatusMonitor\EKStatusMonitor.exe" [2013-12-11 2750840]
    "iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2014-10-15 157480]
    "LogMeIn Hamachi Ui"="c:\program files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe" [2014-12-13 3838800]
    .
    [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
    "KodakHomeCenter"="c:\program files (x86)\Kodak\AiO\Center\AiOHomeCenter.exe" [2014-05-06 2234064]
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
    "ConsentPromptBehaviorAdmin"= 5 (0x5)
    "ConsentPromptBehaviorUser"= 3 (0x3)
    "EnableUIADesktopToggle"= 0 (0x0)
    "PromptOnSecureDesktop"= 0 (0x0)
    .
    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
    "LoadAppInit_DLLs"=1 (0x1)
    .
    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
    "midi1"=VirtualMIDISynth\VirtualMIDISynth.dll
    .
    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
    BootExecute REG_MULTI_SZ autocheck
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\BITS]
    @="Service"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\EventSystem]
    @="Service"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ioloSystemService]
    @="Service"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
    @=""
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vseamps]
    @="Service"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vsedsps]
    @="Service"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vseqrts]
    @="Service"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
    @="Driver"
    .
    R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
    R2 DellDigitalDelivery;Dell Digital Delivery Service;c:\program files (x86)\Dell Digital Delivery\DeliveryService.exe;c:\program files (x86)\Dell Digital Delivery\DeliveryService.exe [x]
    R2 f1f78e38;WinSpeed;c:\windows\system32\rundll32.exe;c:\windows\SYSNATIVE\rundll32.exe [x]
    R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe;c:\program files (x86)\Skype\Updater\Updater.exe [x]
    R2 UnsignedThemes;Unsigned Themes;c:\windows\UnsignedThemesSvc.exe;c:\windows\UnsignedThemesSvc.exe [x]
    R2 uxpatch;uxpatch;c:\windows\system32\drivers\uxpatch.sys;c:\windows\SYSNATIVE\drivers\uxpatch.sys [x]
    R3 Adobe Version Cue CS4;Adobe Version Cue CS4;c:\program files (x86)\Common Files\Adobe\Adobe Version Cue CS4\Server\bin\VersionCueCS4.exe;c:\program files (x86)\Common Files\Adobe\Adobe Version Cue CS4\Server\bin\VersionCueCS4.exe [x]
    R3 cfwids;McAfee Inc. cfwids;c:\windows\system32\drivers\cfwids.sys;c:\windows\SYSNATIVE\drivers\cfwids.sys [x]
    R3 FLEXnet Licensing Service 64;FLEXnet Licensing Service 64;c:\program files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe;c:\program files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe [x]
    R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe;c:\windows\SYSNATIVE\IEEtwCollector.exe [x]
    R3 MAUSBFASTTRACK;Service for M-Audio FastTrack;c:\windows\system32\DRIVERS\MAudioFastTrack.sys;c:\windows\SYSNATIVE\DRIVERS\MAudioFastTrack.sys [x]
    R3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files\McAfee Security Scan\3.8.150\McCHSvc.exe;c:\program files\McAfee Security Scan\3.8.150\McCHSvc.exe [x]
    R3 mfehidk01;McAfee Inc.;Device\mfehidk01.sys;Device\mfehidk01.sys [x]
    R3 mferkdet;McAfee Inc. mferkdet;c:\windows\system32\drivers\mferkdet.sys;c:\windows\SYSNATIVE\drivers\mferkdet.sys [x]
    R3 Origin Client Service;Origin Client Service;c:\program files (x86)\Origin\OriginClientService.exe;c:\program files (x86)\Origin\OriginClientService.exe [x]
    R3 OverwolfUpdaterService;Overwolf Updater Service;c:\program files (x86)\Overwolf\OverwolfUpdater.exe;c:\program files (x86)\Overwolf\OverwolfUpdater.exe [x]
    R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys;c:\windows\SYSNATIVE\drivers\rdpvideominiport.sys [x]
    R3 ScreamBAudioSvc;ScreamBee Audio;c:\windows\system32\drivers\ScreamingBAudio64.sys;c:\windows\SYSNATIVE\drivers\ScreamingBAudio64.sys [x]
    R3 ssadbus;SAMSUNG Android USB Composite Device driver (WDM);c:\windows\system32\DRIVERS\ssadbus.sys;c:\windows\SYSNATIVE\DRIVERS\ssadbus.sys [x]
    R3 ssadmdfl;SAMSUNG Android USB Modem (Filter);c:\windows\system32\DRIVERS\ssadmdfl.sys;c:\windows\SYSNATIVE\DRIVERS\ssadmdfl.sys [x]
    R3 ssadmdm;SAMSUNG Android USB Modem Drivers;c:\windows\system32\DRIVERS\ssadmdm.sys;c:\windows\SYSNATIVE\DRIVERS\ssadmdm.sys [x]
    R3 tapoas;TAP-Win32 Adapter OAS;c:\windows\system32\DRIVERS\tapoas.sys;c:\windows\SYSNATIVE\DRIVERS\tapoas.sys [x]
    R3 Te.Service;Te.Service;c:\program files (x86)\Windows Kits\8.0\Testing\Runtimes\TAEF\Wex.Services.exe;c:\program files (x86)\Windows Kits\8.0\Testing\Runtimes\TAEF\Wex.Services.exe [x]
    R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
    R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys;c:\windows\SYSNATIVE\drivers\TsUsbGD.sys [x]
    R3 TSVAD_PCM;Wirecast Virtual Microphone Driver;c:\windows\system32\drivers\tsvadpcm.sys;c:\windows\SYSNATIVE\drivers\tsvadpcm.sys [x]
    R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys;c:\windows\SYSNATIVE\Drivers\usbaapl64.sys [x]
    R3 VBoxNetAdp;VirtualBox Host-Only Ethernet Adapter;c:\windows\system32\DRIVERS\VBoxNetAdp.sys;c:\windows\SYSNATIVE\DRIVERS\VBoxNetAdp.sys [x]
    R3 vseqrts;vseqrts;c:\program files\Common Files\Authentium\AntiVirus5\vseqrts.exe;c:\program files\Common Files\Authentium\AntiVirus5\vseqrts.exe [x]
    R3 wampapache64;wampapache64;c:\wamp\bin\apache\apache2.4.9\bin\httpd.exe;c:\wamp\bin\apache\apache2.4.9\bin\httpd.exe [x]
    R3 wampmysqld64;wampmysqld64;c:\wamp\bin\mysql\mysql5.6.17\bin\mysqld.exe wampmysqld64;c:\wamp\bin\mysql\mysql5.6.17\bin\mysqld.exe wampmysqld64 [x]
    R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]
    R4 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe;c:\windows\SYSNATIVE\atiesrxx.exe [x]
    R4 Desura Install Service;Desura Install Service;c:\program files (x86)\Common Files\Desura\desura_service.exe;c:\program files (x86)\Common Files\Desura\desura_service.exe [x]
    R4 NOBU;Dell DataSafe Online;c:\program files (x86)\Dell\Dell Datasafe Online\NOBuAgent.exe SERVICE;c:\program files (x86)\Dell\Dell Datasafe Online\NOBuAgent.exe SERVICE [x]
    R4 SftService;SoftThinks Agent Service;c:\program files (x86)\Dell DataSafe Local Backup\sftservice.EXE;c:\program files (x86)\Dell DataSafe Local Backup\sftservice.EXE [x]
    R4 Skype C2C Service;Skype C2C Service;c:\programdata\Skype\Toolbars\Skype C2C Service\c2c_service.exe;c:\programdata\Skype\Toolbars\Skype C2C Service\c2c_service.exe [x]
    R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe;c:\program files\Windows Live\Mesh\wlcrasvc.exe [x]
    S0 amd_sata;amd_sata;c:\windows\system32\DRIVERS\amd_sata.sys;c:\windows\SYSNATIVE\DRIVERS\amd_sata.sys [x]
    S0 amd_xata;amd_xata;c:\windows\system32\DRIVERS\amd_xata.sys;c:\windows\SYSNATIVE\DRIVERS\amd_xata.sys [x]
    S0 mfewfpk;McAfee Inc. mfewfpk;c:\windows\system32\drivers\mfewfpk.sys;c:\windows\SYSNATIVE\drivers\mfewfpk.sys [x]
    S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys;c:\windows\SYSNATIVE\Drivers\PxHlpa64.sys [x]
    S1 ElRawDisk;ElRawDisk;c:\windows\system32\drivers\ElRawDsk.sys;c:\windows\SYSNATIVE\drivers\ElRawDsk.sys [x]
    S1 mfenlfk;McAfee NDIS Light Filter;c:\windows\system32\DRIVERS\mfenlfk.sys;c:\windows\SYSNATIVE\DRIVERS\mfenlfk.sys [x]
    S1 RawDisk3;RawDisk3;c:\windows\system32\drivers\rawdsk3.sys;c:\windows\SYSNATIVE\drivers\rawdsk3.sys [x]
    S1 VBoxDrv;VirtualBox Service;c:\windows\system32\DRIVERS\VBoxDrv.sys;c:\windows\SYSNATIVE\DRIVERS\VBoxDrv.sys [x]
    S1 VBoxUSBMon;VirtualBox USB Monitor Driver;c:\windows\system32\DRIVERS\VBoxUSBMon.sys;c:\windows\SYSNATIVE\DRIVERS\VBoxUSBMon.sys [x]
    S2 Abrosoft: Abrosoft FantaMorph update permissions manager. 12810.;Abrosoft: Abrosoft FantaMorph update permissions manager. 12810.;c:\program files (x86)\Abrosoft\FantaMorph5\FantaUp.exe;c:\program files (x86)\Abrosoft\FantaMorph5\FantaUp.exe [x]
    S2 AESTFilters;Andrea ST Filters Service;c:\program files\IDT\WDM\AESTSr64.exe;c:\program files\IDT\WDM\AESTSr64.exe [x]
    S2 AMD FUEL Service;AMD FUEL Service;c:\program files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe;c:\program files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [x]
    S2 AMP;Active Malware Protection Minifilter Driver;c:\windows\system32\Drivers\amp.sys;c:\windows\SYSNATIVE\Drivers\amp.sys [x]
    S2 AMPSE;Active Malware Protection Support Driver;c:\windows\system32\Drivers\ampse.sys;c:\windows\SYSNATIVE\Drivers\ampse.sys [x]
    S2 c2cautoupdatesvc;Skype Click to Call Updater;c:\program files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe;c:\program files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [x]
    S2 c2cpnrsvc;Skype Click to Call PNR Service;c:\program files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe;c:\program files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [x]
    S2 e9f32388;GS Supporter;c:\windows\system32\rundll32.exe;c:\windows\SYSNATIVE\rundll32.exe [x]
    S2 FastTrackAudioDevMon;Fast Track Audio Device Monitor;c:\program files (x86)\M-Audio\Fast Track\AudioDevMon.exe;c:\program files (x86)\M-Audio\Fast Track\AudioDevMon.exe [x]
    S2 Hamachi2Svc;LogMeIn Hamachi Tunneling Engine;c:\program files (x86)\LogMeIn Hamachi\hamachi-2.exe;c:\program files (x86)\LogMeIn Hamachi\hamachi-2.exe [x]
    S2 ioloSystemService;iolo System Service;c:\program files (x86)\iolo\Common\Lib\ioloServiceManager.exe;c:\program files (x86)\iolo\Common\Lib\ioloServiceManager.exe [x]
    S2 Kodak AiO Network Discovery Service;Kodak AiO Network Discovery Service;c:\program files (x86)\Kodak\AiO\Center\EKAiOHostService.exe;c:\program files (x86)\Kodak\AiO\Center\EKAiOHostService.exe [x]
    S2 Kodak AiO Status Monitor Service;Kodak AiO Status Monitor Service;c:\program files (x86)\Kodak\AiO\StatusMonitor\EKPrinterSDK.exe;c:\program files (x86)\Kodak\AiO\StatusMonitor\EKPrinterSDK.exe [x]
    S2 LMIGuardianSvc;LMIGuardianSvc;c:\program files (x86)\LogMeIn Hamachi\LMIGuardianSvc.exe;c:\program files (x86)\LogMeIn Hamachi\LMIGuardianSvc.exe [x]
    S2 mfefire;McAfee Firewall Core Service;c:\program files\Common Files\McAfee\SystemCore\\mfefire.exe;c:\program files\Common Files\McAfee\SystemCore\\mfefire.exe [x]
    S2 mfevtp;McAfee Validation Trust Protection Service;c:\windows\system32\mfevtps.exe;c:\windows\SYSNATIVE\mfevtps.exe [x]
    S2 PaceLicenseDServices;PACE License Services;c:\program files (x86)\Common Files\PACE\Services\LicenseServices\LDSvc.exe;c:\program files (x86)\Common Files\PACE\Services\LicenseServices\LDSvc.exe [x]
    S2 PDFsFilter;PDFsFilter;c:\windows\system32\DRIVERS\PDFsFilter.sys;c:\windows\SYSNATIVE\DRIVERS\PDFsFilter.sys [x]
    S2 UMVPFSrv;UMVPFSrv;c:\program files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe;c:\program files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe [x]
    S2 vseamps;vseamps;c:\program files\Common Files\Authentium\AntiVirus5\vseamps.exe;c:\program files\Common Files\Authentium\AntiVirus5\vseamps.exe [x]
    S2 vsedsps;vsedsps;c:\program files\Common Files\Authentium\AntiVirus5\vsedsps.exe;c:\program files\Common Files\Authentium\AntiVirus5\vsedsps.exe [x]
    S3 amdhub30;AMD USB 3.0 Hub Driver;c:\windows\system32\DRIVERS\amdhub30.sys;c:\windows\SYSNATIVE\DRIVERS\amdhub30.sys [x]
    S3 amdiox64;AMD IO Driver;c:\windows\system32\DRIVERS\amdiox64.sys;c:\windows\SYSNATIVE\DRIVERS\amdiox64.sys [x]
    S3 amdxhc;AMD USB 3.0 Host Controller Driver;c:\windows\system32\DRIVERS\amdxhc.sys;c:\windows\SYSNATIVE\DRIVERS\amdxhc.sys [x]
    S3 AtiHDAudioService;ATI Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys;c:\windows\SYSNATIVE\drivers\AtihdW76.sys [x]
    S3 BTWAMPFL;BTWAMPFL;c:\windows\system32\DRIVERS\btwampfl.sys;c:\windows\SYSNATIVE\DRIVERS\btwampfl.sys [x]
    S3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys;c:\windows\SYSNATIVE\DRIVERS\btwl2cap.sys [x]
    S3 CtClsFlt;Creative Camera Class Upper Filter Driver;c:\windows\system32\DRIVERS\CtClsFlt.sys;c:\windows\SYSNATIVE\DRIVERS\CtClsFlt.sys [x]
    S3 LVRS64;Logitech RightSound Filter Driver;c:\windows\system32\DRIVERS\lvrs64.sys;c:\windows\SYSNATIVE\DRIVERS\lvrs64.sys [x]
    S3 LVUVC64;Logitech QuickCam Pro 9000(UVC);c:\windows\system32\DRIVERS\lvuvc64.sys;c:\windows\SYSNATIVE\DRIVERS\lvuvc64.sys [x]
    S3 ManyCam;ManyCam Virtual Webcam;c:\windows\system32\DRIVERS\mcvidrv_x64.sys;c:\windows\SYSNATIVE\DRIVERS\mcvidrv_x64.sys [x]
    S3 mcaudrv_simple;ManyCam Virtual Microphone;c:\windows\system32\drivers\mcaudrv_x64.sys;c:\windows\SYSNATIVE\drivers\mcaudrv_x64.sys [x]
    S3 mfefirek;McAfee Inc. mfefirek;c:\windows\system32\drivers\mfefirek.sys;c:\windows\SYSNATIVE\drivers\mfefirek.sys [x]
    S3 pneteth;PdaNet Broadband;c:\windows\system32\DRIVERS\pneteth.sys;c:\windows\SYSNATIVE\DRIVERS\pneteth.sys [x]
    S3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys;c:\windows\SYSNATIVE\Drivers\RtsUStor.sys [x]
    S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys;c:\windows\SYSNATIVE\DRIVERS\Rt64win7.sys [x]
    S3 usbfilter;AMD USB Filter Driver;c:\windows\system32\DRIVERS\usbfilter.sys;c:\windows\SYSNATIVE\DRIVERS\usbfilter.sys [x]
    S3 VBoxNetFlt;VirtualBox Bridged Networking Service;c:\windows\system32\DRIVERS\VBoxNetFlt.sys;c:\windows\SYSNATIVE\DRIVERS\VBoxNetFlt.sys [x]
    S3 voxaldriver;Voxal Filter Driver 2.12.01;c:\windows\system32\DRIVERS\voxaldriverx64.sys;c:\windows\SYSNATIVE\DRIVERS\voxaldriverx64.sys [x]
    .
    .
    Contents of the 'Scheduled Tasks' folder
    .
    2015-01-11 c:\windows\Tasks\Adobe Flash Player Updater.job
    - c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2013-07-25 18:03]
    .
    2015-01-11 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
    - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-10-09 22:47]
    .
    2015-01-11 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
    - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-10-09 22:47]
    .
    2015-01-06 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-41472551-3302669374-2398554026-1002Core.job
    - c:\users\Aidan\AppData\Local\Google\Update\GoogleUpdate.exe [2012-12-26 00:23]
    .
    2015-01-11 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-41472551-3302669374-2398554026-1002UA.job
    - c:\users\Aidan\AppData\Local\Google\Update\GoogleUpdate.exe [2012-12-26 00:23]
    .
    .
    --------- X64 Entries -----------
    .
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
    @="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
    [HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
    2013-05-25 00:36 164016 ----a-w- c:\users\Aidan\AppData\Roaming\Dropbox\bin\DropboxExt64.19.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
    @="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
    [HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
    2013-05-25 00:36 164016 ----a-w- c:\users\Aidan\AppData\Roaming\Dropbox\bin\DropboxExt64.19.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
    @="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
    [HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
    2013-05-25 00:36 164016 ----a-w- c:\users\Aidan\AppData\Roaming\Dropbox\bin\DropboxExt64.19.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
    @="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
    [HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
    2013-05-25 00:36 164016 ----a-w- c:\users\Aidan\AppData\Roaming\Dropbox\bin\DropboxExt64.19.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\P4EXPCheckoutOverlay]
    @="{80E008A4-EAE7-4867-AEB0-1A245F070F25}"
    [HKEY_CLASSES_ROOT\CLSID\{80E008A4-EAE7-4867-AEB0-1A245F070F25}]
    2012-09-24 20:49 2394760 ----a-w- c:\program files\Perforce\p4exp64.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\P4EXPSyncdOverlay]
    @="{ADF262C1-E8FE-49BE-AD63-F77CD4A6CCD9}"
    [HKEY_CLASSES_ROOT\CLSID\{ADF262C1-E8FE-49BE-AD63-F77CD4A6CCD9}]
    2012-09-24 20:49 2394760 ----a-w- c:\program files\Perforce\p4exp64.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\P4EXPUpdateOverlay]
    @="{C550CDA2-37D7-4838-A9D7-65ECB1EB5AB2}"
    [HKEY_CLASSES_ROOT\CLSID\{C550CDA2-37D7-4838-A9D7-65ECB1EB5AB2}]
    2012-09-24 20:49 2394760 ----a-w- c:\program files\Perforce\p4exp64.dll
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "SysTrayApp"="c:\program files\IDT\WDM\sttray64.exe" [2011-09-08 1424896]
    "DellStage"="c:\program files (x86)\Dell Stage\Dell Stage\stage_primary.exe" [2011-11-03 2190704]
    "Broadcom Wireless Manager UI"="c:\program files\Dell\DW WLAN Card\WLTRAY.exe" [2012-03-10 7464448]
    "Apoint"="c:\program files\DellTPad\Apoint.exe" [2011-04-12 609144]
    "AdobeAAMUpdater-1.0"="c:\program files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2010-02-22 500208]
    "EKIJ5000StatusMonitor"="c:\windows\system32\spool\DRIVERS\x64\3\EKIJ5000MUI.exe" [2012-10-08 3182080]
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Drivers32]
    "midi1"=VirtualMIDISynth\VirtualMIDISynth.dll
    .
    ------- Supplementary Scan -------
    .
    uStart Page = hxxp://www.google.com/
    uInternet Settings,ProxyOverride = *.local
    uInternet Settings,ProxyServer = 80.193.214.234:3128
    IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~1\Office14\EXCEL.EXE/3000
    IE: Se&nd to OneNote - c:\progra~2\MICROS~1\Office14\ONBttnIE.dll/105
    IE: Search the Web - c:\program files (x86)\SweetIM\Toolbars\Internet Explorer\resources\menuext.html
    IE: Send image to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
    IE: Send page to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
    Trusted Zone: clonewarsadventures.com
    Trusted Zone: freerealms.com
    Trusted Zone: soe.com
    Trusted Zone: sony.com
    .
    .
    ------- File Associations -------
    .
    JSEFile=NOTEPAD.EXE "%1"
    .
    - - - - ORPHANS REMOVED - - - -
    .
    URLSearchHooks-{7473b6bd-4691-4744-a82b-7854eb3d70b6} - (no file)
    Wow6432Node-HKCU-Run-C0C9E0FC2C799E034D1A1A156A1497AAC9C6817C._service_run - c:\program files (x86)\Google\Chrome\Application\chrome.exe
    Wow6432Node-HKLM-RunOnce-mcpatcherprowcat - c:\users\Aidan\AppData\Local\Temp\\BI_RunOnce.exe
    Wow6432Node-HKU-Default-Run-SearchProtect - \SearchProtect\bin\cltmng.exe
    SafeBoot-AMP
    SafeBoot-AMPSE
    HKLM_Wow6432Node-ActiveSetup-{2D46B6DC-2207-486B-B523-A557E6D54B47} - start
    AddRemove-MCI Screensaver - c:\windows\system32\\MCI_Screensaver_Uninstall.exe
    AddRemove-MCI Screensaver 2 - c:\windows\system32\\MCI_Screensaver2_Uninstall.exe
    AddRemove-{5F189DF5-2D05-472B-9091-84D9848AE48B}{f1f78e38} - c:\progra~3\WinSpeed\WinSpeed.dll
    .
    .
    "ImagePath"="\SystemRoot\system32\drivers\1394ohci.sys"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Abrosoft: Abrosoft FantaMorph update permissions manager. 12810.]
    .
    --------------------- LOCKED REGISTRY KEYS ---------------------
    .
    [HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.htm\UserChoice]
    @Denied: (2) (LocalSystem)
    "Progid"="ChromeHTML"
    .
    [HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.html\UserChoice]
    @Denied: (2) (LocalSystem)
    "Progid"="ChromeHTML"
    .
    [HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.shtml\UserChoice]
    @Denied: (2) (LocalSystem)
    "Progid"="ChromeHTML"
    .
    [HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xht\UserChoice]
    @Denied: (2) (LocalSystem)
    "Progid"="ChromeHTML"
    .
    [HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xhtml\UserChoice]
    @Denied: (2) (LocalSystem)
    "Progid"="ChromeHTML"
    .
    [HKEY_USERS\S-1-5-21-41472551-3302669374-2398554026-1002\Software\SecuROM\License information*]
    "datasecu"=hex:a1,c4,a1,80,aa,e3,3f,5b,73,25,cf,bd,a0,f4,00,8f,60,5a,31,2c,b7,
    f5,14,d3,62,2c,77,5f,c0,27,75,c4,6f,fd,66,04,57,d0,e3,db,4a,3d,95,4b,80,45,\
    "rkeysecu"=hex:2f,0f,d5,3e,02,2b,06,63,b1,0b,dd,b6,71,e2,54,98
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}]
    @Denied: (A 2) (Everyone)
    @="FlashBroker"
    "LocalizedString"="@c:\\windows\\system32\\Macromed\\Flash\\FlashUtil64_15_0_0_246_ActiveX.exe,-101"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\Elevation]
    "Enabled"=dword:00000001
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\LocalServer32]
    @="c:\\windows\\system32\\Macromed\\Flash\\FlashUtil64_15_0_0_246_ActiveX.exe"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}]
    @Denied: (A 2) (Everyone)
    @="IFlashBroker6"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\ProxyStubClsid32]
    @="{00020424-0000-0000-C000-000000000046}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    "Version"="1.0"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}]
    @Denied: (A 2) (Everyone)
    @="FlashBroker"
    "LocalizedString"="@c:\\windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_15_0_0_246_ActiveX.exe,-101"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\Elevation]
    "Enabled"=dword:00000001
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\LocalServer32]
    @="c:\\windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_15_0_0_246_ActiveX.exe"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
    @Denied: (A 2) (Everyone)
    @="Shockwave Flash Object"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
    @="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_15_0_0_246.ocx"
    "ThreadingModel"="Apartment"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
    @="0"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
    @="ShockwaveFlash.ShockwaveFlash.15"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
    @="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_15_0_0_246.ocx, 1"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
    @="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
    @="1.0"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
    @="ShockwaveFlash.ShockwaveFlash"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
    @Denied: (A 2) (Everyone)
    @="Macromedia Flash Factory Object"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
    @="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_15_0_0_246.ocx"
    "ThreadingModel"="Apartment"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
    @="FlashFactory.FlashFactory.1"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
    @="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_15_0_0_246.ocx, 1"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
    @="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
    @="1.0"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
    @="FlashFactory.FlashFactory"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}]
    @Denied: (A 2) (Everyone)
    @="IFlashBroker6"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\ProxyStubClsid32]
    @="{00020424-0000-0000-C000-000000000046}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    "Version"="1.0"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\McAfee]
    "SymbolicLinkValue"=hex(6):5c,00,72,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
    00,5c,00,6d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,6f,00,66,00,\
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
    @Denied: (A) (Everyone)
    "Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
    @Denied: (A) (Everyone)
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
    "Key"="ActionsPane3"
    "Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
    @Denied: (A) (Users)
    @Denied: (A) (Everyone)
    @Allowed: (B 1 2 3 4 5) (S-1-5-20)
    "BlindDial"=dword:00000000
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
    @Denied: (Full) (Everyone)
    .
    ------------------------ Other Running Processes ------------------------
    .
    c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
    c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    c:\windows\SysWOW64\rundll32.exe
    c:\windows\SysWOW64\PnkBstrA.exe
    c:\program files (x86)\TeamViewer\TeamViewer_Service.exe
    c:\program files (x86)\TeamViewer\TeamViewer_Desktop.exe
    c:\program files (x86)\iolo\System Mechanic Professional\LiveBoost.exe
    c:\program files (x86)\iolo\System Mechanic Professional\System Shield\ioloSSTray.exe
    c:\program files (x86)\teamviewer\TeamViewer.exe
    c:\program files (x86)\TeamViewer\tv_w32.exe
    .
    **************************************************************************
    .
    Completion time: 2015-01-10 19:18:52 - machine was rebooted
    ComboFix-quarantined-files.txt 2015-01-11 01:18
    .
    Pre-Run: 132,991,143,936 bytes free
    Post-Run: 131,965,116,416 bytes free
    .
    - - End Of File - - D130F805F9AFAD24278CB71B27AC7104
    A36C5E4F47E84449FF07ED3517B43A31






    Thanks,
    Aidan
     
  6. dvk01

    dvk01 Moderator Malware Specialist

    Joined:
    Dec 14, 2002
    Messages:
    56,283
    First Name:
    Derek
    next step

    In IE: Tools Menu -> Internet Options -> Connections Tab ->Lan Settings > uncheck "use a proxy server" or reconfigure the Proxy server again in case you have set it previously.

    In Firefox in Tools Menu -> Options... -> Advanced Tab -> Network Tab -> "Settings" under Connection and uncheck the proxyserver, set it to No Proxy.

    then

    Download the attached CFScript.txt and save it to your desktop or the same folder that you downloaded combofix to originally ( click on the link underneath this post & if you are using internet explorer when the "File download" pop up comes press SAVE and choose desktop in the list of selections in that window & press save)
    Disable any antivirus/antimalware/firewall realtime protection or script blocking in the same way you did previously before running combofix & remember to re-enable it when it has finished
    Close any open browsers
    Then drag the CFScript.txt into the ComboFix.exe or renamed combofix icon as shown in the screenshot below.



    [​IMG]



    This will start ComboFix again. It may ask to reboot. Post the contents of Combofix.txt in your next reply


    Note: these instructions and script were created specifically for this user. If you are not this user, do NOT follow these instructions or use this script as it could damage the workings of your system and will not fix your problem. If you have a similar problem start your own topic in the malware fixing forum

    This will create a zip file inside C:\QooBox\quarantine named something like [38][email protected]

    at the end it will pop up an alert & open your browser and ask you to send the zip file

    please follow those instructions. We need to see the zip file before we can carry on with the fix

    If there is no pop up alert or open browser then

    please go to http://thespykiller.co.uk/index.php?board=1.0 and upload these files so I can examine them and if needed distribute them to antivirus companies.
    Just press new topic, fill in the needed details and just give a link to your post here & then press the browse button and then navigate to & select the files on your computer, If there is more than 1 file then press the more attachments button for each extra file and browse and select etc and then when all the files are listed in the windows press send to upload the files ( do not post HJT logs there as they will not get dealt with)

    Files to submit:
    the zip file inside C:\QooBox\quarantine created by combofix named something like [38][email protected]

    or to
    http://www.bleepingcomputer.com/submit-malware.php?channel=38
     

    Attached Files:

  7. Aidan884

    Aidan884 Thread Starter

    Joined:
    Jan 9, 2015
    Messages:
    9
    I have sent the zip file from Qoobox to bleeping computer and here are the contents of the log:


    ComboFix 15-01-08.01 - Aidan 01/11/2015 10:20:10.2.4 - x64
    Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.5608.2408 [GMT -6:00]
    Running from: c:\users\Aidan\Desktop\ComboFix.exe
    Command switches used :: c:\users\Aidan\Desktop\cfscript.txt
    AV: System Shield *Disabled/Updated* {3030810C-E2AC-B12D-8BB1-B1B8C0193798}
    SP: System Shield *Disabled/Updated* {8B5160E8-C496-BEA3-B101-8ACABB9E7D25}
    SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    .
    FILE ::
    "c:\users\Aidan\AppData\Local\Octodad Dadliest Catch\Xwqgvctxd.dll"
    .
    .
    .
    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    c:\programdata\PCDr\6426\AddOnDownloaded\2b7a7ebb-6083-4253-a1e6-149883b6eb45.dll
    c:\programdata\PCDr\6426\AddOnDownloaded\481fbe3e-ec08-4d5a-94ea-95c753609e7c.dll
    c:\programdata\PCDr\6426\AddOnDownloaded\48476a77-44f9-40a8-a623-f3402f22b01b.dll
    c:\programdata\PCDr\6426\AddOnDownloaded\5c57a158-1254-45f6-b629-b2debbf1fd29.dll
    c:\programdata\PCDr\6426\AddOnDownloaded\5dc7cfd3-e8ce-4478-9404-0ae32511b353.dll
    c:\programdata\PCDr\6426\AddOnDownloaded\846b4c9b-a7ba-4fb5-8d64-0e84281ea84e.dll
    c:\programdata\PCDr\6426\AddOnDownloaded\8d56ceae-d309-4e1d-8376-c13e94d402c3.dll
    c:\programdata\PCDr\6426\AddOnDownloaded\b79eb8ca-c461-4cb3-b3f9-d11b2bbc6a94.dll
    c:\programdata\PCDr\6426\AddOnDownloaded\c74b2d1b-fd92-4f74-8532-20f83f9afd65.dll
    c:\users\Aidan\AppData\LocalLow\Muse Games\Ikstyggspc
    c:\users\Aidan\AppData\LocalLow\Muse Games\Ikstyggspc\Awyxhrv
    c:\users\Aidan\AppData\LocalLow\Muse Games\Ikstyggspc\Hjtqqrbm
    c:\users\Aidan\AppData\LocalLow\Muse Games\Ikstyggspc\Hqtzyqfcqrmr
    c:\users\Aidan\AppData\LocalLow\Muse Games\Ikstyggspc\lugrzvcpuwo
    c:\users\Aidan\AppData\LocalLow\Muse Games\Ikstyggspc\mdkkccjwbh
    c:\users\Aidan\AppData\LocalLow\Muse Games\Ikstyggspc\oehybly\36.0.1985.143\36.0.1985.143.manifest
    c:\users\Aidan\AppData\LocalLow\Muse Games\Ikstyggspc\oehybly\36.0.1985.143\chrome.dll
    c:\users\Aidan\AppData\LocalLow\Muse Games\Ikstyggspc\oehybly\36.0.1985.143\chrome_100_percent.pak
    c:\users\Aidan\AppData\LocalLow\Muse Games\Ikstyggspc\oehybly\36.0.1985.143\chrome_200_percent.pak
    c:\users\Aidan\AppData\LocalLow\Muse Games\Ikstyggspc\oehybly\36.0.1985.143\chrome_child.dll
    c:\users\Aidan\AppData\LocalLow\Muse Games\Ikstyggspc\oehybly\36.0.1985.143\chrome_elf.dll
    c:\users\Aidan\AppData\LocalLow\Muse Games\Ikstyggspc\oehybly\36.0.1985.143\d3dcompiler_43.dll
    c:\users\Aidan\AppData\LocalLow\Muse Games\Ikstyggspc\oehybly\36.0.1985.143\d3dcompiler_46.dll
    c:\users\Aidan\AppData\LocalLow\Muse Games\Ikstyggspc\oehybly\36.0.1985.143\default_apps\docs.crx
    c:\users\Aidan\AppData\LocalLow\Muse Games\Ikstyggspc\oehybly\36.0.1985.143\default_apps\drive.crx
    c:\users\Aidan\AppData\LocalLow\Muse Games\Ikstyggspc\oehybly\36.0.1985.143\default_apps\external_extensions.json
    c:\users\Aidan\AppData\LocalLow\Muse Games\Ikstyggspc\oehybly\36.0.1985.143\default_apps\gmail.crx
    c:\users\Aidan\AppData\LocalLow\Muse Games\Ikstyggspc\oehybly\36.0.1985.143\default_apps\search.crx
    c:\users\Aidan\AppData\LocalLow\Muse Games\Ikstyggspc\oehybly\36.0.1985.143\default_apps\youtube.crx
    c:\users\Aidan\AppData\LocalLow\Muse Games\Ikstyggspc\oehybly\36.0.1985.143\delegate_execute.exe
    c:\users\Aidan\AppData\LocalLow\Muse Games\Ikstyggspc\oehybly\36.0.1985.143\Extensions\external_extensions.json
    c:\users\Aidan\AppData\LocalLow\Muse Games\Ikstyggspc\oehybly\36.0.1985.143\ffmpegsumo.dll
    c:\users\Aidan\AppData\LocalLow\Muse Games\Ikstyggspc\oehybly\36.0.1985.143\icudtl.dat
    c:\users\Aidan\AppData\LocalLow\Muse Games\Ikstyggspc\oehybly\36.0.1985.143\libegl.dll
    c:\users\Aidan\AppData\LocalLow\Muse Games\Ikstyggspc\oehybly\36.0.1985.143\libexif.dll
    c:\users\Aidan\AppData\LocalLow\Muse Games\Ikstyggspc\oehybly\36.0.1985.143\libglesv2.dll
    c:\users\Aidan\AppData\LocalLow\Muse Games\Ikstyggspc\oehybly\36.0.1985.143\libpeerconnection.dll
    c:\users\Aidan\AppData\LocalLow\Muse Games\Ikstyggspc\oehybly\36.0.1985.143\Locales\en-GB.pak
    c:\users\Aidan\AppData\LocalLow\Muse Games\Ikstyggspc\oehybly\36.0.1985.143\Locales\en-US.pak
    c:\users\Aidan\AppData\LocalLow\Muse Games\Ikstyggspc\oehybly\36.0.1985.143\metro_driver.dll
    c:\users\Aidan\AppData\LocalLow\Muse Games\Ikstyggspc\oehybly\36.0.1985.143\mksnapshot.ia32.exe.assert.manifest
    c:\users\Aidan\AppData\LocalLow\Muse Games\Ikstyggspc\oehybly\36.0.1985.143\nacl_irt_x86_32.nexe
    c:\users\Aidan\AppData\LocalLow\Muse Games\Ikstyggspc\oehybly\36.0.1985.143\nacl_irt_x86_64.nexe
    c:\users\Aidan\AppData\LocalLow\Muse Games\Ikstyggspc\oehybly\36.0.1985.143\nacl64.exe
    c:\users\Aidan\AppData\LocalLow\Muse Games\Ikstyggspc\oehybly\36.0.1985.143\pdf.dll
    c:\users\Aidan\AppData\LocalLow\Muse Games\Ikstyggspc\oehybly\36.0.1985.143\PepperFlash\manifest.json
    c:\users\Aidan\AppData\LocalLow\Muse Games\Ikstyggspc\oehybly\36.0.1985.143\PepperFlash\pepflashplayer.dll
    c:\users\Aidan\AppData\LocalLow\Muse Games\Ikstyggspc\oehybly\36.0.1985.143\ppgooglenaclpluginchrome.dll
    c:\users\Aidan\AppData\LocalLow\Muse Games\Ikstyggspc\oehybly\36.0.1985.143\resources.pak
    c:\users\Aidan\AppData\LocalLow\Muse Games\Ikstyggspc\oehybly\36.0.1985.143\secondarytile.png
    c:\users\Aidan\AppData\LocalLow\Muse Games\Ikstyggspc\oehybly\36.0.1985.143\VisualElements\logo.png
    c:\users\Aidan\AppData\LocalLow\Muse Games\Ikstyggspc\oehybly\36.0.1985.143\VisualElements\smalllogo.png
    c:\users\Aidan\AppData\LocalLow\Muse Games\Ikstyggspc\oehybly\36.0.1985.143\VisualElements\splash-620x300.png
    c:\users\Aidan\AppData\LocalLow\Muse Games\Ikstyggspc\oehybly\36.0.1985.143\widevinecdmadapter.dll
    c:\users\Aidan\AppData\LocalLow\Muse Games\Ikstyggspc\oehybly\36.0.1985.143\xinput1_3.dll
    c:\users\Aidan\AppData\LocalLow\Muse Games\Ikstyggspc\oehybly\Ckfgiex.exe
    c:\users\Aidan\AppData\LocalLow\Muse Games\Ikstyggspc\oehybly\Dictionaries\en-US-3-0.bdic
    c:\users\Aidan\AppData\LocalLow\Muse Games\Ikstyggspc\oehybly\rundll32.exe
    c:\users\Aidan\AppData\LocalLow\Muse Games\Ikstyggspc\oehybly\VisualElementsManifest.xml
    c:\users\Aidan\AppData\LocalLow\Muse Games\Ikstyggspc\opgbyndw
    c:\users\Aidan\AppData\LocalLow\Muse Games\Ikstyggspc\Ovfqojeseef\manifest.json
    c:\users\Aidan\AppData\LocalLow\Muse Games\Ikstyggspc\Ovfqojeseef\Wxoeuzcy.js
    c:\users\Aidan\AppData\LocalLow\Muse Games\Ikstyggspc\qpoppfnmveo\manifest.json
    c:\users\Aidan\AppData\LocalLow\Muse Games\Ikstyggspc\qpoppfnmveo\zsgutbixpr.js
    c:\users\Aidan\AppData\LocalLow\Muse Games\Ikstyggspc\Xzthooz\Jmsemfqy.js
    c:\users\Aidan\AppData\LocalLow\Muse Games\Ikstyggspc\Xzthooz\manifest.json
    .
    .
    ((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    -------\Service_f1f78e38
    .
    .
    ((((((((((((((((((((((((( Files Created from 2014-12-11 to 2015-01-11 )))))))))))))))))))))))))))))))
    .
    .
    2015-01-11 18:28 . 2015-01-11 18:28 -------- d-----w- c:\users\HomeGroupUser$\AppData\Local\temp
    2015-01-11 18:28 . 2015-01-11 18:28 -------- d-----w- c:\users\Guest\AppData\Local\temp
    2015-01-11 18:28 . 2015-01-11 18:28 -------- d-----w- c:\users\F6DF0C9454B6436B8503\AppData\Local\temp
    2015-01-11 18:28 . 2015-01-11 18:28 -------- d-----w- c:\users\Default\AppData\Local\temp
    2015-01-06 02:16 . 2015-01-06 02:17 -------- d-----w- c:\program files\CyberfoxPortable
    2015-01-05 02:09 . 2015-01-05 02:09 -------- d-----w- c:\users\Aidan\AppData\Roaming\TeamViewer
    2015-01-05 02:00 . 2015-01-05 02:09 -------- d-----w- c:\program files (x86)\TeamViewer
    2014-12-31 18:51 . 2014-08-29 02:07 3179520 ----a-w- c:\windows\system32\rdpcorets.dll
    2014-12-31 18:51 . 2014-05-08 09:32 16384 ----a-w- c:\windows\system32\RdpGroupPolicyExtension.dll
    2014-12-31 18:50 . 2014-09-05 01:52 5703168 ----a-w- c:\windows\SysWow64\mstscax.dll
    2014-12-31 18:50 . 2014-09-05 02:11 6584320 ----a-w- c:\windows\system32\mstscax.dll
    2014-12-30 19:09 . 2012-08-23 14:10 19456 ----a-w- c:\windows\system32\drivers\rdpvideominiport.sys
    2014-12-30 19:09 . 2012-08-23 14:08 30208 ----a-w- c:\windows\system32\drivers\TsUsbGD.sys
    2014-12-30 19:08 . 2012-08-23 14:13 243200 ----a-w- c:\windows\system32\rdpudd.dll
    2014-12-30 19:08 . 2012-08-23 11:12 192000 ----a-w- c:\windows\SysWow64\rdpendp_winip.dll
    2014-12-30 19:08 . 2012-08-23 10:51 228864 ----a-w- c:\windows\system32\rdpendp_winip.dll
    2014-12-29 02:29 . 2014-12-29 02:29 -------- d-sh--w- c:\users\Aidan\AppData\Local\EmieBrowserModeList
    2014-12-28 19:58 . 2014-12-28 19:58 -------- d-----w- c:\program files (x86)\LogMeIn Hamachi
    2014-12-28 19:57 . 2014-08-13 05:38 32912 ----a-w- c:\windows\system32\drivers\rawdsk3.sys
    2014-12-27 21:07 . 2014-12-27 21:07 -------- d-----w- c:\users\Aidan\AppData\Local\M-Audio
    2014-12-27 21:07 . 2014-12-27 21:07 -------- d-----w- c:\programdata\M-Audio
    2014-12-27 21:06 . 2014-12-27 21:06 -------- d-----w- c:\program files\M-Audio
    2014-12-27 21:06 . 2014-12-27 21:06 -------- d-----w- c:\program files (x86)\M-Audio
    2014-12-27 21:06 . 2014-12-27 21:06 -------- d-----w- c:\programdata\AVID
    2014-12-26 17:22 . 2014-12-26 17:22 -------- d-----w- C:\logs
    2014-12-24 04:35 . 2014-12-24 04:35 -------- d-----w- c:\users\Aidan\AppData\Local\FE2
    2014-12-23 01:29 . 2014-12-23 01:29 -------- d-----w- c:\windows\8A809006C25A4A3A9DAB94659BCDB107.TMP
    2014-12-23 01:16 . 2014-12-23 01:16 -------- d-----w- c:\users\Aidan\AppData\Local\PowerTest
    2014-12-17 21:13 . 2014-12-13 05:09 144384 ----a-w- c:\windows\system32\ieUnatt.exe
    2014-12-17 21:13 . 2014-12-13 03:33 115712 ----a-w- c:\windows\SysWow64\ieUnatt.exe
    2014-12-16 21:14 . 2014-12-16 21:14 -------- d-----w- c:\users\Aidan\AppData\Local\FERewritten
    .
    .
    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2015-01-06 10:36 . 2010-11-21 03:27 298120 ------w- c:\windows\system32\MpSigStub.exe
    2014-12-13 18:03 . 2013-07-25 14:37 701616 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
    2014-12-13 18:03 . 2012-03-10 19:52 71344 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
    2014-12-11 03:56 . 2012-10-28 13:42 112710672 ----a-w- c:\windows\system32\MRT.exe
    2014-12-04 02:50 . 2014-12-10 23:07 413184 ----a-w- c:\windows\system32\generaltel.dll
    2014-12-04 02:50 . 2014-12-10 23:07 741376 ----a-w- c:\windows\system32\invagent.dll
    2014-12-04 02:50 . 2014-12-10 23:07 396800 ----a-w- c:\windows\system32\devinv.dll
    2014-12-04 02:50 . 2014-12-10 23:07 830976 ----a-w- c:\windows\system32\appraiser.dll
    2014-12-04 02:50 . 2014-12-10 23:07 192000 ----a-w- c:\windows\system32\aepic.dll
    2014-12-04 02:50 . 2014-12-10 23:07 227328 ----a-w- c:\windows\system32\aepdu.dll
    2014-12-04 02:44 . 2014-12-10 23:07 1083392 ----a-w- c:\windows\system32\aeinv.dll
    2014-12-02 10:26 . 2015-01-10 17:42 11870360 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{B44313EB-BE51-4FC8-A338-E38C688E0BBA}\mpengine.dll
    2014-12-01 23:28 . 2014-12-10 23:07 1232040 ----a-w- c:\windows\system32\aitstatic.exe
    2014-11-27 01:43 . 2014-12-10 23:04 389296 ----a-w- c:\windows\system32\iedkcs32.dll
    2014-11-22 03:13 . 2014-12-10 23:04 25059840 ----a-w- c:\windows\system32\mshtml.dll
    2014-11-22 03:06 . 2014-12-10 23:04 2724864 ----a-w- c:\windows\system32\mshtml.tlb
    2014-11-22 03:06 . 2014-12-10 23:04 4096 ----a-w- c:\windows\system32\ieetwcollectorres.dll
    2014-11-22 02:50 . 2014-12-10 23:04 66560 ----a-w- c:\windows\system32\iesetup.dll
    2014-11-22 02:50 . 2014-12-10 23:04 580096 ----a-w- c:\windows\system32\vbscript.dll
    2014-11-22 02:49 . 2014-12-10 23:04 48640 ----a-w- c:\windows\system32\ieetwproxystub.dll
    2014-11-22 02:49 . 2014-12-10 23:04 2885120 ----a-w- c:\windows\system32\iertutil.dll
    2014-11-22 02:48 . 2014-12-10 23:04 88064 ----a-w- c:\windows\system32\MshtmlDac.dll
    2014-11-22 02:41 . 2014-12-10 23:04 54784 ----a-w- c:\windows\system32\jsproxy.dll
    2014-11-22 02:40 . 2014-12-10 23:04 34304 ----a-w- c:\windows\system32\iernonce.dll
    2014-11-22 02:37 . 2014-12-10 23:04 633856 ----a-w- c:\windows\system32\ieui.dll
    2014-11-22 02:35 . 2014-12-10 23:04 114688 ----a-w- c:\windows\system32\ieetwcollector.exe
    2014-11-22 02:34 . 2014-12-10 23:04 814080 ----a-w- c:\windows\system32\jscript9diag.dll
    2014-11-22 02:34 . 2014-12-10 23:04 6039552 ----a-w- c:\windows\system32\jscript9.dll
    2014-11-22 02:26 . 2014-12-10 23:04 968704 ----a-w- c:\windows\system32\MsSpellCheckingFacility.exe
    2014-11-22 02:22 . 2014-12-10 23:04 490496 ----a-w- c:\windows\system32\dxtmsft.dll
    2014-11-22 02:20 . 2014-12-10 23:04 2724864 ----a-w- c:\windows\SysWow64\mshtml.tlb
    2014-11-22 02:14 . 2014-12-10 23:04 77824 ----a-w- c:\windows\system32\JavaScriptCollectionAgent.dll
    2014-11-22 02:09 . 2014-12-10 23:04 199680 ----a-w- c:\windows\system32\msrating.dll
    2014-11-22 02:08 . 2014-12-10 23:04 92160 ----a-w- c:\windows\system32\mshtmled.dll
    2014-11-22 02:07 . 2014-12-10 23:04 501248 ----a-w- c:\windows\SysWow64\vbscript.dll
    2014-11-22 02:07 . 2014-12-10 23:04 62464 ----a-w- c:\windows\SysWow64\iesetup.dll
    2014-11-22 02:06 . 2014-12-10 23:04 47616 ----a-w- c:\windows\SysWow64\ieetwproxystub.dll
    2014-11-22 02:05 . 2014-12-10 23:04 64000 ----a-w- c:\windows\SysWow64\MshtmlDac.dll
    2014-11-22 02:05 . 2014-12-10 23:04 316928 ----a-w- c:\windows\system32\dxtrans.dll
    2014-11-22 01:54 . 2014-12-10 23:04 620032 ----a-w- c:\windows\SysWow64\jscript9diag.dll
    2014-11-22 01:49 . 2014-12-10 23:04 718848 ----a-w- c:\windows\system32\ie4uinit.exe
    2014-11-22 01:49 . 2014-12-10 23:04 800768 ----a-w- c:\windows\system32\msfeeds.dll
    2014-11-22 01:47 . 2014-12-10 23:04 1359360 ----a-w- c:\windows\system32\mshtmlmedia.dll
    2014-11-22 01:46 . 2014-12-10 23:04 2125312 ----a-w- c:\windows\system32\inetcpl.cpl
    2014-11-22 01:43 . 2014-12-10 23:04 14412800 ----a-w- c:\windows\system32\ieframe.dll
    2014-11-22 01:40 . 2014-12-10 23:04 60416 ----a-w- c:\windows\SysWow64\JavaScriptCollectionAgent.dll
    2014-11-22 01:29 . 2014-12-10 23:04 4299264 ----a-w- c:\windows\SysWow64\jscript9.dll
    2014-11-22 01:28 . 2014-12-10 23:04 2358272 ----a-w- c:\windows\system32\wininet.dll
    2014-11-22 01:22 . 2014-12-10 23:04 2052096 ----a-w- c:\windows\SysWow64\inetcpl.cpl
    2014-11-22 01:21 . 2014-12-10 23:04 1155072 ----a-w- c:\windows\SysWow64\mshtmlmedia.dll
    2014-11-22 01:15 . 2014-12-10 23:04 1548288 ----a-w- c:\windows\system32\urlmon.dll
    2014-11-22 01:03 . 2014-12-10 23:04 800768 ----a-w- c:\windows\system32\ieapfltr.dll
    2014-11-22 01:00 . 2014-12-10 23:04 1888256 ----a-w- c:\windows\SysWow64\wininet.dll
    2014-11-19 10:31 . 2014-11-19 10:31 1217192 ----a-w- c:\windows\SysWow64\FM20.DLL
    2014-11-11 03:09 . 2014-12-10 23:05 1424384 ----a-w- c:\windows\system32\WindowsCodecs.dll
    2014-11-11 03:08 . 2014-11-20 01:27 241152 ----a-w- c:\windows\system32\pku2u.dll
    2014-11-11 03:08 . 2014-11-20 01:27 728064 ----a-w- c:\windows\system32\kerberos.dll
    2014-11-11 02:44 . 2014-12-10 23:05 1230336 ----a-w- c:\windows\SysWow64\WindowsCodecs.dll
    2014-11-11 02:44 . 2014-11-20 01:27 186880 ----a-w- c:\windows\SysWow64\pku2u.dll
    2014-11-11 02:44 . 2014-11-20 01:27 550912 ----a-w- c:\windows\SysWow64\kerberos.dll
    2014-11-11 01:46 . 2014-12-10 23:05 119296 ----a-w- c:\windows\system32\drivers\tdx.sys
    2014-11-08 03:16 . 2014-12-10 23:00 2048 ----a-w- c:\windows\system32\tzres.dll
    2014-11-08 02:45 . 2014-12-10 23:00 2048 ----a-w- c:\windows\SysWow64\tzres.dll
    2014-10-30 02:03 . 2014-12-10 23:01 165888 ----a-w- c:\windows\system32\charmap.exe
    2014-10-30 01:45 . 2014-12-10 23:01 155136 ----a-w- c:\windows\SysWow64\charmap.exe
    2014-10-25 01:57 . 2014-11-13 21:46 77824 ----a-w- c:\windows\system32\packager.dll
    2014-10-25 01:32 . 2014-11-13 21:46 67584 ----a-w- c:\windows\SysWow64\packager.dll
    2014-10-21 16:06 . 2014-10-21 16:07 98216 ----a-w- c:\windows\SysWow64\WindowsAccessBridge-32.dll
    2014-10-18 02:05 . 2014-11-13 21:45 861696 ----a-w- c:\windows\system32\oleaut32.dll
    2014-10-18 02:05 . 2014-12-11 03:52 4121600 ----a-w- c:\windows\system32\mf.dll
    2014-10-18 01:33 . 2014-11-13 21:45 571904 ----a-w- c:\windows\SysWow64\oleaut32.dll
    2014-10-18 01:33 . 2014-12-11 03:52 3209728 ----a-w- c:\windows\SysWow64\mf.dll
    2014-10-14 02:16 . 2014-11-13 21:49 155064 ----a-w- c:\windows\system32\drivers\ksecpkg.sys
    2014-10-14 02:13 . 2014-11-13 21:49 683520 ----a-w- c:\windows\system32\termsrv.dll
    2014-10-14 02:13 . 2014-11-13 21:46 3241984 ----a-w- c:\windows\system32\msi.dll
    2014-10-14 02:12 . 2014-11-13 21:49 1460736 ----a-w- c:\windows\system32\lsasrv.dll
    2014-10-14 02:09 . 2014-11-13 21:49 146432 ----a-w- c:\windows\system32\msaudite.dll
    2014-10-14 02:07 . 2014-11-13 21:49 681984 ----a-w- c:\windows\system32\adtschema.dll
    2014-10-14 01:50 . 2014-11-13 21:49 22016 ----a-w- c:\windows\SysWow64\secur32.dll
    2014-10-14 01:50 . 2014-11-13 21:46 2363904 ----a-w- c:\windows\SysWow64\msi.dll
    2014-10-14 01:49 . 2014-11-13 21:49 96768 ----a-w- c:\windows\SysWow64\sspicli.dll
    2014-10-14 01:47 . 2014-11-13 21:49 146432 ----a-w- c:\windows\SysWow64\msaudite.dll
    2014-10-14 01:46 . 2014-11-13 21:49 681984 ----a-w- c:\windows\SysWow64\adtschema.dll
    .
    .
    (((((((((((((((((((((((((((((((((((((((((((( Look )))))))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    ---- Directory of c:\users\Aidan\AppData\Local\Octodad Dadliest Catch ----
    .
    2015-01-04 00:10 . 2015-01-04 00:10 266752 ----a-w- c:\users\Aidan\AppData\Local\Octodad Dadliest Catch\Xwqgvctxd.dll
    2014-02-06 00:18 . 2014-07-31 03:28 12127 ----a-w- c:\users\Aidan\AppData\Local\Octodad Dadliest Catch\OctodadAnalytics.txt
    2014-02-06 00:18 . 2014-07-31 03:28 341623 ----a-w- c:\users\Aidan\AppData\Local\Octodad Dadliest Catch\OctodadLog.txt
    2014-02-06 00:18 . 2014-07-31 03:28 4064 ----a-w- c:\users\Aidan\AppData\Local\Octodad Dadliest Catch\OctodadConfig.xml
    .
    .
    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4
    .
    [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
    "{739df940-c5ee-4bab-9d7e-270894ae687a}"= "c:\program files (x86)\WhiteSmoke_New\prxtbWhit.dll" [2013-03-05 231168]
    .
    [HKEY_CLASSES_ROOT\clsid\{739df940-c5ee-4bab-9d7e-270894ae687a}]
    .
    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
    @="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
    [HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
    2013-05-25 00:36 130736 ----a-w- c:\users\Aidan\AppData\Roaming\Dropbox\bin\DropboxExt.19.dll
    .
    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
    @="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
    [HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
    2013-05-25 00:36 130736 ----a-w- c:\users\Aidan\AppData\Roaming\Dropbox\bin\DropboxExt.19.dll
    .
    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
    @="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
    [HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
    2013-05-25 00:36 130736 ----a-w- c:\users\Aidan\AppData\Roaming\Dropbox\bin\DropboxExt.19.dll
    .
    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\P4EXPCheckoutOverlay]
    @="{80E008A4-EAE7-4867-AEB0-1A245F070F25}"
    [HKEY_CLASSES_ROOT\CLSID\{80E008A4-EAE7-4867-AEB0-1A245F070F25}]
    2012-09-24 20:48 1954440 ----a-w- c:\program files\Perforce\p4exp.dll
    .
    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\P4EXPSyncdOverlay]
    @="{ADF262C1-E8FE-49BE-AD63-F77CD4A6CCD9}"
    [HKEY_CLASSES_ROOT\CLSID\{ADF262C1-E8FE-49BE-AD63-F77CD4A6CCD9}]
    2012-09-24 20:48 1954440 ----a-w- c:\program files\Perforce\p4exp.dll
    .
    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\P4EXPUpdateOverlay]
    @="{C550CDA2-37D7-4838-A9D7-65ECB1EB5AB2}"
    [HKEY_CLASSES_ROOT\CLSID\{C550CDA2-37D7-4838-A9D7-65ECB1EB5AB2}]
    2012-09-24 20:48 1954440 ----a-w- c:\program files\Perforce\p4exp.dll
    .
    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "Steam"="c:\program files (x86)\Steam\steam.exe" [2014-11-18 1940160]
    "ApplePhotoStreams"="c:\program files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe" [2013-11-20 59720]
    "Game Update"="c:\users\Aidan\AppData\Roaming\WUDFHost.exe" [2013-07-22 190842]
    "EADM"="c:\program files (x86)\Origin\Origin.exe" [2014-12-18 3618648]
    "RocketDock"="c:\program files (x86)\RocketDock\RocketDock.exe" [2007-09-02 495616]
    "ooVoo.exe"="c:\program files (x86)\ooVoo\oovoo.exe" [2014-03-25 36247104]
    "Cloud Sync Application"="c:\program files (x86)\Renewed Vision\ProPresenter 5\CloudSyncApp.exe" [2014-03-12 169984]
    "Clownfish"="c:\program files (x86)\Clownfish\Clownfish.exe" [2014-06-09 1315072]
    "Xwqgvctxd"="c:\users\Aidan\AppData\Local\Octodad Dadliest Catch\Xwqgvctxd.dll" [2015-01-04 266752]
    "Skype"="c:\program files (x86)\Skype\Phone\Skype.exe" [2014-12-11 30877280]
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
    "Dell Webcam Central"="c:\program files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe" [2011-04-13 503942]
    "APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2014-10-11 60712]
    "AdobeCS4ServiceManager"="c:\program files (x86)\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" [2008-08-14 611712]
    "DigidesignMMERefresh"="c:\program files (x86)\Digidesign\Drivers\MMERefresh.exe" [2011-08-11 81920]
    "EKStatusMonitor"="c:\program files (x86)\Kodak\AiO\StatusMonitor\EKStatusMonitor.exe" [2013-12-11 2750840]
    "iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2014-10-15 157480]
    "LogMeIn Hamachi Ui"="c:\program files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe" [2014-12-13 3838800]
    .
    [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
    "KodakHomeCenter"="c:\program files (x86)\Kodak\AiO\Center\AiOHomeCenter.exe" [2014-05-06 2234064]
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
    "ConsentPromptBehaviorAdmin"= 5 (0x5)
    "ConsentPromptBehaviorUser"= 3 (0x3)
    "EnableUIADesktopToggle"= 0 (0x0)
    "PromptOnSecureDesktop"= 0 (0x0)
    .
    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
    "LoadAppInit_DLLs"=1 (0x1)
    .
    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
    "midi1"=VirtualMIDISynth\VirtualMIDISynth.dll
    .
    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
    BootExecute REG_MULTI_SZ autocheck
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\BITS]
    @="Service"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\EventSystem]
    @="Service"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ioloSystemService]
    @="Service"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
    @=""
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vseamps]
    @="Service"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vsedsps]
    @="Service"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vseqrts]
    @="Service"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
    @="Driver"
    .
    R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
    R2 DellDigitalDelivery;Dell Digital Delivery Service;c:\program files (x86)\Dell Digital Delivery\DeliveryService.exe;c:\program files (x86)\Dell Digital Delivery\DeliveryService.exe [x]
    R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe;c:\program files (x86)\Skype\Updater\Updater.exe [x]
    R2 UnsignedThemes;Unsigned Themes;c:\windows\UnsignedThemesSvc.exe;c:\windows\UnsignedThemesSvc.exe [x]
    R2 uxpatch;uxpatch;c:\windows\system32\drivers\uxpatch.sys;c:\windows\SYSNATIVE\drivers\uxpatch.sys [x]
    R3 Adobe Version Cue CS4;Adobe Version Cue CS4;c:\program files (x86)\Common Files\Adobe\Adobe Version Cue CS4\Server\bin\VersionCueCS4.exe;c:\program files (x86)\Common Files\Adobe\Adobe Version Cue CS4\Server\bin\VersionCueCS4.exe [x]
    R3 cfwids;McAfee Inc. cfwids;c:\windows\system32\drivers\cfwids.sys;c:\windows\SYSNATIVE\drivers\cfwids.sys [x]
    R3 FLEXnet Licensing Service 64;FLEXnet Licensing Service 64;c:\program files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe;c:\program files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe [x]
    R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe;c:\windows\SYSNATIVE\IEEtwCollector.exe [x]
    R3 MAUSBFASTTRACK;Service for M-Audio FastTrack;c:\windows\system32\DRIVERS\MAudioFastTrack.sys;c:\windows\SYSNATIVE\DRIVERS\MAudioFastTrack.sys [x]
    R3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files\McAfee Security Scan\3.8.150\McCHSvc.exe;c:\program files\McAfee Security Scan\3.8.150\McCHSvc.exe [x]
    R3 mfehidk01;McAfee Inc.;Device\mfehidk01.sys;Device\mfehidk01.sys [x]
    R3 mferkdet;McAfee Inc. mferkdet;c:\windows\system32\drivers\mferkdet.sys;c:\windows\SYSNATIVE\drivers\mferkdet.sys [x]
    R3 Origin Client Service;Origin Client Service;c:\program files (x86)\Origin\OriginClientService.exe;c:\program files (x86)\Origin\OriginClientService.exe [x]
    R3 OverwolfUpdaterService;Overwolf Updater Service;c:\program files (x86)\Overwolf\OverwolfUpdater.exe;c:\program files (x86)\Overwolf\OverwolfUpdater.exe [x]
    R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys;c:\windows\SYSNATIVE\drivers\rdpvideominiport.sys [x]
    R3 ScreamBAudioSvc;ScreamBee Audio;c:\windows\system32\drivers\ScreamingBAudio64.sys;c:\windows\SYSNATIVE\drivers\ScreamingBAudio64.sys [x]
    R3 ssadbus;SAMSUNG Android USB Composite Device driver (WDM);c:\windows\system32\DRIVERS\ssadbus.sys;c:\windows\SYSNATIVE\DRIVERS\ssadbus.sys [x]
    R3 ssadmdfl;SAMSUNG Android USB Modem (Filter);c:\windows\system32\DRIVERS\ssadmdfl.sys;c:\windows\SYSNATIVE\DRIVERS\ssadmdfl.sys [x]
    R3 ssadmdm;SAMSUNG Android USB Modem Drivers;c:\windows\system32\DRIVERS\ssadmdm.sys;c:\windows\SYSNATIVE\DRIVERS\ssadmdm.sys [x]
    R3 tapoas;TAP-Win32 Adapter OAS;c:\windows\system32\DRIVERS\tapoas.sys;c:\windows\SYSNATIVE\DRIVERS\tapoas.sys [x]
    R3 Te.Service;Te.Service;c:\program files (x86)\Windows Kits\8.0\Testing\Runtimes\TAEF\Wex.Services.exe;c:\program files (x86)\Windows Kits\8.0\Testing\Runtimes\TAEF\Wex.Services.exe [x]
    R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
    R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys;c:\windows\SYSNATIVE\drivers\TsUsbGD.sys [x]
    R3 TSVAD_PCM;Wirecast Virtual Microphone Driver;c:\windows\system32\drivers\tsvadpcm.sys;c:\windows\SYSNATIVE\drivers\tsvadpcm.sys [x]
    R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys;c:\windows\SYSNATIVE\Drivers\usbaapl64.sys [x]
    R3 VBoxNetAdp;VirtualBox Host-Only Ethernet Adapter;c:\windows\system32\DRIVERS\VBoxNetAdp.sys;c:\windows\SYSNATIVE\DRIVERS\VBoxNetAdp.sys [x]
    R3 vseqrts;vseqrts;c:\program files\Common Files\Authentium\AntiVirus5\vseqrts.exe;c:\program files\Common Files\Authentium\AntiVirus5\vseqrts.exe [x]
    R3 wampapache64;wampapache64;c:\wamp\bin\apache\apache2.4.9\bin\httpd.exe;c:\wamp\bin\apache\apache2.4.9\bin\httpd.exe [x]
    R3 wampmysqld64;wampmysqld64;c:\wamp\bin\mysql\mysql5.6.17\bin\mysqld.exe wampmysqld64;c:\wamp\bin\mysql\mysql5.6.17\bin\mysqld.exe wampmysqld64 [x]
    R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]
    R4 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe;c:\windows\SYSNATIVE\atiesrxx.exe [x]
    R4 Desura Install Service;Desura Install Service;c:\program files (x86)\Common Files\Desura\desura_service.exe;c:\program files (x86)\Common Files\Desura\desura_service.exe [x]
    R4 NOBU;Dell DataSafe Online;c:\program files (x86)\Dell\Dell Datasafe Online\NOBuAgent.exe SERVICE;c:\program files (x86)\Dell\Dell Datasafe Online\NOBuAgent.exe SERVICE [x]
    R4 SftService;SoftThinks Agent Service;c:\program files (x86)\Dell DataSafe Local Backup\sftservice.EXE;c:\program files (x86)\Dell DataSafe Local Backup\sftservice.EXE [x]
    R4 Skype C2C Service;Skype C2C Service;c:\programdata\Skype\Toolbars\Skype C2C Service\c2c_service.exe;c:\programdata\Skype\Toolbars\Skype C2C Service\c2c_service.exe [x]
    R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe;c:\program files\Windows Live\Mesh\wlcrasvc.exe [x]
    S0 amd_sata;amd_sata;c:\windows\system32\DRIVERS\amd_sata.sys;c:\windows\SYSNATIVE\DRIVERS\amd_sata.sys [x]
    S0 amd_xata;amd_xata;c:\windows\system32\DRIVERS\amd_xata.sys;c:\windows\SYSNATIVE\DRIVERS\amd_xata.sys [x]
    S0 mfewfpk;McAfee Inc. mfewfpk;c:\windows\system32\drivers\mfewfpk.sys;c:\windows\SYSNATIVE\drivers\mfewfpk.sys [x]
    S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys;c:\windows\SYSNATIVE\Drivers\PxHlpa64.sys [x]
    S1 ElRawDisk;ElRawDisk;c:\windows\system32\drivers\ElRawDsk.sys;c:\windows\SYSNATIVE\drivers\ElRawDsk.sys [x]
    S1 mfenlfk;McAfee NDIS Light Filter;c:\windows\system32\DRIVERS\mfenlfk.sys;c:\windows\SYSNATIVE\DRIVERS\mfenlfk.sys [x]
    S1 RawDisk3;RawDisk3;c:\windows\system32\drivers\rawdsk3.sys;c:\windows\SYSNATIVE\drivers\rawdsk3.sys [x]
    S1 VBoxDrv;VirtualBox Service;c:\windows\system32\DRIVERS\VBoxDrv.sys;c:\windows\SYSNATIVE\DRIVERS\VBoxDrv.sys [x]
    S1 VBoxUSBMon;VirtualBox USB Monitor Driver;c:\windows\system32\DRIVERS\VBoxUSBMon.sys;c:\windows\SYSNATIVE\DRIVERS\VBoxUSBMon.sys [x]
    S2 Abrosoft: Abrosoft FantaMorph update permissions manager. 12810.;Abrosoft: Abrosoft FantaMorph update permissions manager. 12810.;c:\program files (x86)\Abrosoft\FantaMorph5\FantaUp.exe;c:\program files (x86)\Abrosoft\FantaMorph5\FantaUp.exe [x]
    S2 AESTFilters;Andrea ST Filters Service;c:\program files\IDT\WDM\AESTSr64.exe;c:\program files\IDT\WDM\AESTSr64.exe [x]
    S2 AMD FUEL Service;AMD FUEL Service;c:\program files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe;c:\program files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [x]
    S2 AMP;Active Malware Protection Minifilter Driver;c:\windows\system32\Drivers\amp.sys;c:\windows\SYSNATIVE\Drivers\amp.sys [x]
    S2 AMPSE;Active Malware Protection Support Driver;c:\windows\system32\Drivers\ampse.sys;c:\windows\SYSNATIVE\Drivers\ampse.sys [x]
    S2 c2cautoupdatesvc;Skype Click to Call Updater;c:\program files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe;c:\program files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [x]
    S2 c2cpnrsvc;Skype Click to Call PNR Service;c:\program files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe;c:\program files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [x]
    S2 e9f32388;GS Supporter;c:\windows\system32\rundll32.exe;c:\windows\SYSNATIVE\rundll32.exe [x]
    S2 FastTrackAudioDevMon;Fast Track Audio Device Monitor;c:\program files (x86)\M-Audio\Fast Track\AudioDevMon.exe;c:\program files (x86)\M-Audio\Fast Track\AudioDevMon.exe [x]
    S2 Hamachi2Svc;LogMeIn Hamachi Tunneling Engine;c:\program files (x86)\LogMeIn Hamachi\hamachi-2.exe;c:\program files (x86)\LogMeIn Hamachi\hamachi-2.exe [x]
    S2 ioloSystemService;iolo System Service;c:\program files (x86)\iolo\Common\Lib\ioloServiceManager.exe;c:\program files (x86)\iolo\Common\Lib\ioloServiceManager.exe [x]
    S2 Kodak AiO Network Discovery Service;Kodak AiO Network Discovery Service;c:\program files (x86)\Kodak\AiO\Center\EKAiOHostService.exe;c:\program files (x86)\Kodak\AiO\Center\EKAiOHostService.exe [x]
    S2 Kodak AiO Status Monitor Service;Kodak AiO Status Monitor Service;c:\program files (x86)\Kodak\AiO\StatusMonitor\EKPrinterSDK.exe;c:\program files (x86)\Kodak\AiO\StatusMonitor\EKPrinterSDK.exe [x]
    S2 LMIGuardianSvc;LMIGuardianSvc;c:\program files (x86)\LogMeIn Hamachi\LMIGuardianSvc.exe;c:\program files (x86)\LogMeIn Hamachi\LMIGuardianSvc.exe [x]
    S2 mfefire;McAfee Firewall Core Service;c:\program files\Common Files\McAfee\SystemCore\\mfefire.exe;c:\program files\Common Files\McAfee\SystemCore\\mfefire.exe [x]
    S2 mfevtp;McAfee Validation Trust Protection Service;c:\windows\system32\mfevtps.exe;c:\windows\SYSNATIVE\mfevtps.exe [x]
    S2 PaceLicenseDServices;PACE License Services;c:\program files (x86)\Common Files\PACE\Services\LicenseServices\LDSvc.exe;c:\program files (x86)\Common Files\PACE\Services\LicenseServices\LDSvc.exe [x]
    S2 PDFsFilter;PDFsFilter;c:\windows\system32\DRIVERS\PDFsFilter.sys;c:\windows\SYSNATIVE\DRIVERS\PDFsFilter.sys [x]
    S2 UMVPFSrv;UMVPFSrv;c:\program files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe;c:\program files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe [x]
    S2 vseamps;vseamps;c:\program files\Common Files\Authentium\AntiVirus5\vseamps.exe;c:\program files\Common Files\Authentium\AntiVirus5\vseamps.exe [x]
    S2 vsedsps;vsedsps;c:\program files\Common Files\Authentium\AntiVirus5\vsedsps.exe;c:\program files\Common Files\Authentium\AntiVirus5\vsedsps.exe [x]
    S3 amdhub30;AMD USB 3.0 Hub Driver;c:\windows\system32\DRIVERS\amdhub30.sys;c:\windows\SYSNATIVE\DRIVERS\amdhub30.sys [x]
    S3 amdiox64;AMD IO Driver;c:\windows\system32\DRIVERS\amdiox64.sys;c:\windows\SYSNATIVE\DRIVERS\amdiox64.sys [x]
    S3 amdxhc;AMD USB 3.0 Host Controller Driver;c:\windows\system32\DRIVERS\amdxhc.sys;c:\windows\SYSNATIVE\DRIVERS\amdxhc.sys [x]
    S3 AtiHDAudioService;ATI Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys;c:\windows\SYSNATIVE\drivers\AtihdW76.sys [x]
    S3 BTWAMPFL;BTWAMPFL;c:\windows\system32\DRIVERS\btwampfl.sys;c:\windows\SYSNATIVE\DRIVERS\btwampfl.sys [x]
    S3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys;c:\windows\SYSNATIVE\DRIVERS\btwl2cap.sys [x]
    S3 CtClsFlt;Creative Camera Class Upper Filter Driver;c:\windows\system32\DRIVERS\CtClsFlt.sys;c:\windows\SYSNATIVE\DRIVERS\CtClsFlt.sys [x]
    S3 LVRS64;Logitech RightSound Filter Driver;c:\windows\system32\DRIVERS\lvrs64.sys;c:\windows\SYSNATIVE\DRIVERS\lvrs64.sys [x]
    S3 LVUVC64;Logitech QuickCam Pro 9000(UVC);c:\windows\system32\DRIVERS\lvuvc64.sys;c:\windows\SYSNATIVE\DRIVERS\lvuvc64.sys [x]
    S3 ManyCam;ManyCam Virtual Webcam;c:\windows\system32\DRIVERS\mcvidrv_x64.sys;c:\windows\SYSNATIVE\DRIVERS\mcvidrv_x64.sys [x]
    S3 mcaudrv_simple;ManyCam Virtual Microphone;c:\windows\system32\drivers\mcaudrv_x64.sys;c:\windows\SYSNATIVE\drivers\mcaudrv_x64.sys [x]
    S3 mfefirek;McAfee Inc. mfefirek;c:\windows\system32\drivers\mfefirek.sys;c:\windows\SYSNATIVE\drivers\mfefirek.sys [x]
    S3 pneteth;PdaNet Broadband;c:\windows\system32\DRIVERS\pneteth.sys;c:\windows\SYSNATIVE\DRIVERS\pneteth.sys [x]
    S3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys;c:\windows\SYSNATIVE\Drivers\RtsUStor.sys [x]
    S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys;c:\windows\SYSNATIVE\DRIVERS\Rt64win7.sys [x]
    S3 usbfilter;AMD USB Filter Driver;c:\windows\system32\DRIVERS\usbfilter.sys;c:\windows\SYSNATIVE\DRIVERS\usbfilter.sys [x]
    S3 VBoxNetFlt;VirtualBox Bridged Networking Service;c:\windows\system32\DRIVERS\VBoxNetFlt.sys;c:\windows\SYSNATIVE\DRIVERS\VBoxNetFlt.sys [x]
    S3 voxaldriver;Voxal Filter Driver 2.12.01;c:\windows\system32\DRIVERS\voxaldriverx64.sys;c:\windows\SYSNATIVE\DRIVERS\voxaldriverx64.sys [x]
    .
    .
    Contents of the 'Scheduled Tasks' folder
    .
    2015-01-11 c:\windows\Tasks\Adobe Flash Player Updater.job
    - c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2013-07-25 18:03]
    .
    2015-01-11 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
    - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-10-09 22:47]
    .
    2015-01-11 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
    - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-10-09 22:47]
    .
    2015-01-06 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-41472551-3302669374-2398554026-1002Core.job
    - c:\users\Aidan\AppData\Local\Google\Update\GoogleUpdate.exe [2012-12-26 00:23]
    .
    2015-01-11 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-41472551-3302669374-2398554026-1002UA.job
    - c:\users\Aidan\AppData\Local\Google\Update\GoogleUpdate.exe [2012-12-26 00:23]
    .
    .
    --------- X64 Entries -----------
    .
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
    @="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
    [HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
    2013-05-25 00:36 164016 ----a-w- c:\users\Aidan\AppData\Roaming\Dropbox\bin\DropboxExt64.19.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
    @="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
    [HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
    2013-05-25 00:36 164016 ----a-w- c:\users\Aidan\AppData\Roaming\Dropbox\bin\DropboxExt64.19.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
    @="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
    [HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
    2013-05-25 00:36 164016 ----a-w- c:\users\Aidan\AppData\Roaming\Dropbox\bin\DropboxExt64.19.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
    @="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
    [HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
    2013-05-25 00:36 164016 ----a-w- c:\users\Aidan\AppData\Roaming\Dropbox\bin\DropboxExt64.19.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\P4EXPCheckoutOverlay]
    @="{80E008A4-EAE7-4867-AEB0-1A245F070F25}"
    [HKEY_CLASSES_ROOT\CLSID\{80E008A4-EAE7-4867-AEB0-1A245F070F25}]
    2012-09-24 20:49 2394760 ----a-w- c:\program files\Perforce\p4exp64.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\P4EXPSyncdOverlay]
    @="{ADF262C1-E8FE-49BE-AD63-F77CD4A6CCD9}"
    [HKEY_CLASSES_ROOT\CLSID\{ADF262C1-E8FE-49BE-AD63-F77CD4A6CCD9}]
    2012-09-24 20:49 2394760 ----a-w- c:\program files\Perforce\p4exp64.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\P4EXPUpdateOverlay]
    @="{C550CDA2-37D7-4838-A9D7-65ECB1EB5AB2}"
    [HKEY_CLASSES_ROOT\CLSID\{C550CDA2-37D7-4838-A9D7-65ECB1EB5AB2}]
    2012-09-24 20:49 2394760 ----a-w- c:\program files\Perforce\p4exp64.dll
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "SysTrayApp"="c:\program files\IDT\WDM\sttray64.exe" [2011-09-08 1424896]
    "DellStage"="c:\program files (x86)\Dell Stage\Dell Stage\stage_primary.exe" [2011-11-03 2190704]
    "Broadcom Wireless Manager UI"="c:\program files\Dell\DW WLAN Card\WLTRAY.exe" [2012-03-10 7464448]
    "Apoint"="c:\program files\DellTPad\Apoint.exe" [2011-04-12 609144]
    "AdobeAAMUpdater-1.0"="c:\program files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2010-02-22 500208]
    "EKIJ5000StatusMonitor"="c:\windows\system32\spool\DRIVERS\x64\3\EKIJ5000MUI.exe" [2012-10-08 3182080]
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Drivers32]
    "midi1"=VirtualMIDISynth\VirtualMIDISynth.dll
    .
    ------- Supplementary Scan -------
    .
    uStart Page = hxxp://www.google.com/
    uInternet Settings,ProxyOverride = *.local
    IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~1\Office14\EXCEL.EXE/3000
    IE: Se&nd to OneNote - c:\progra~2\MICROS~1\Office14\ONBttnIE.dll/105
    IE: Search the Web - c:\program files (x86)\SweetIM\Toolbars\Internet Explorer\resources\menuext.html
    IE: Send image to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
    IE: Send page to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
    Trusted Zone: clonewarsadventures.com
    Trusted Zone: freerealms.com
    Trusted Zone: soe.com
    Trusted Zone: sony.com
    .
    - - - - ORPHANS REMOVED - - - -
    .
    AddRemove-MCI Screensaver - c:\windows\system32\\MCI_Screensaver_Uninstall.exe
    AddRemove-MCI Screensaver 2 - c:\windows\system32\\MCI_Screensaver2_Uninstall.exe
    AddRemove-{5F189DF5-2D05-472B-9091-84D9848AE48B}{f1f78e38} - c:\progra~3\WinSpeed\WinSpeed.dll
    .
    .
    "ImagePath"="\SystemRoot\system32\drivers\1394ohci.sys"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Abrosoft: Abrosoft FantaMorph update permissions manager. 12810.]
    .
    --------------------- LOCKED REGISTRY KEYS ---------------------
    .
    [HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.htm\UserChoice]
    @Denied: (2) (LocalSystem)
    "Progid"="ChromeHTML"
    .
    [HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.html\UserChoice]
    @Denied: (2) (LocalSystem)
    "Progid"="ChromeHTML"
    .
    [HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.shtml\UserChoice]
    @Denied: (2) (LocalSystem)
    "Progid"="ChromeHTML"
    .
    [HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xht\UserChoice]
    @Denied: (2) (LocalSystem)
    "Progid"="ChromeHTML"
    .
    [HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xhtml\UserChoice]
    @Denied: (2) (LocalSystem)
    "Progid"="ChromeHTML"
    .
    [HKEY_USERS\S-1-5-21-41472551-3302669374-2398554026-1002\Software\SecuROM\License information*]
    "datasecu"=hex:a1,c4,a1,80,aa,e3,3f,5b,73,25,cf,bd,a0,f4,00,8f,60,5a,31,2c,b7,
    f5,14,d3,62,2c,77,5f,c0,27,75,c4,6f,fd,66,04,57,d0,e3,db,4a,3d,95,4b,80,45,\
    "rkeysecu"=hex:2f,0f,d5,3e,02,2b,06,63,b1,0b,dd,b6,71,e2,54,98
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}]
    @Denied: (A 2) (Everyone)
    @="FlashBroker"
    "LocalizedString"="@c:\\windows\\system32\\Macromed\\Flash\\FlashUtil64_15_0_0_246_ActiveX.exe,-101"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\Elevation]
    "Enabled"=dword:00000001
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\LocalServer32]
    @="c:\\windows\\system32\\Macromed\\Flash\\FlashUtil64_15_0_0_246_ActiveX.exe"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}]
    @Denied: (A 2) (Everyone)
    @="IFlashBroker6"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\ProxyStubClsid32]
    @="{00020424-0000-0000-C000-000000000046}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    "Version"="1.0"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}]
    @Denied: (A 2) (Everyone)
    @="FlashBroker"
    "LocalizedString"="@c:\\windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_15_0_0_246_ActiveX.exe,-101"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\Elevation]
    "Enabled"=dword:00000001
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\LocalServer32]
    @="c:\\windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_15_0_0_246_ActiveX.exe"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
    @Denied: (A 2) (Everyone)
    @="Shockwave Flash Object"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
    @="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_15_0_0_246.ocx"
    "ThreadingModel"="Apartment"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
    @="0"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
    @="ShockwaveFlash.ShockwaveFlash.15"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
    @="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_15_0_0_246.ocx, 1"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
    @="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
    @="1.0"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
    @="ShockwaveFlash.ShockwaveFlash"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
    @Denied: (A 2) (Everyone)
    @="Macromedia Flash Factory Object"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
    @="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_15_0_0_246.ocx"
    "ThreadingModel"="Apartment"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
    @="FlashFactory.FlashFactory.1"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
    @="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_15_0_0_246.ocx, 1"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
    @="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
    @="1.0"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
    @="FlashFactory.FlashFactory"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}]
    @Denied: (A 2) (Everyone)
    @="IFlashBroker6"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\ProxyStubClsid32]
    @="{00020424-0000-0000-C000-000000000046}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    "Version"="1.0"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\McAfee]
    "SymbolicLinkValue"=hex(6):5c,00,72,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
    00,5c,00,6d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,6f,00,66,00,\
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
    @Denied: (A) (Everyone)
    "Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
    @Denied: (A) (Everyone)
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
    "Key"="ActionsPane3"
    "Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
    @Denied: (A) (Users)
    @Denied: (A) (Everyone)
    @Allowed: (B 1 2 3 4 5) (S-1-5-20)
    "BlindDial"=dword:00000000
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
    @Denied: (Full) (Everyone)
    .
    ------------------------ Other Running Processes ------------------------
    .
    c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
    c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    c:\windows\SysWOW64\rundll32.exe
    c:\windows\SysWOW64\PnkBstrA.exe
    c:\program files (x86)\TeamViewer\TeamViewer_Service.exe
    c:\program files (x86)\iolo\System Mechanic Professional\LiveBoost.exe
    c:\program files (x86)\iolo\System Mechanic Professional\System Shield\ioloSSTray.exe
    .
    **************************************************************************
    .
    Completion time: 2015-01-11 16:18:09 - machine was rebooted
    ComboFix-quarantined-files.txt 2015-01-11 22:18
    ComboFix2.txt 2015-01-11 01:18
    .
    Pre-Run: 131,581,157,376 bytes free
    Post-Run: 141,570,670,592 bytes free
    .
    - - End Of File - - 7D61324E456A3235ADE1680207AB1682
    A36C5E4F47E84449FF07ED3517B43A31
     
  8. dvk01

    dvk01 Moderator Malware Specialist

    Joined:
    Dec 14, 2002
    Messages:
    56,283
    First Name:
    Derek
    next
    download the attached boot.zip
    save it to a suitable folder, either downloads or desktop
    Unzip it & double click the extracted boot.reg file. Say yes to the prompts to merge or add to registry
    then
    delete any existing cfsci-t.txt fioles
    Download the attached CFScript.txt and save it to your desktop or the same folder that you downloaded combofix to originally ( click on the link underneath this post & if you are using internet explorer when the "File download" pop up comes press SAVE and choose desktop in the list of selections in that window & press save)

    Disable any antivirus/antimalware/firewall realtime protection or script blocking in the same way you did previously before running combofix & remember to re-enable it when it has finished

    Close any open browsers
    Then drag the CFScript.txt into the ComboFix.exe or renamed combofix icon as shown in the screenshot below.



    [​IMG]



    This will start ComboFix again. It may ask to reboot. Post the contents of Combofix.txt in your next reply .


    Note: these instructions and script were created specifically for this user. If you are not this user, do NOT follow these instructions or use this script as it could damage the workings of your system and will not fix your problem. If you have a similar problem start your own topic in the malware fixing forum
     

    Attached Files:

  9. Aidan884

    Aidan884 Thread Starter

    Joined:
    Jan 9, 2015
    Messages:
    9
    Contents of combofix log:


    ComboFix 15-01-08.01 - Aidan 01/11/2015 18:56:00.3.4 - x64
    Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.5608.3203 [GMT -6:00]
    Running from: c:\users\Aidan\Desktop\ComboFix.exe
    Command switches used :: c:\users\Aidan\Desktop\cfscript.txt
    SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    * Created a new restore point
    .
    FILE ::
    "c:\users\Aidan\AppData\Local\Octodad Dadliest Catch\Xwqgvctxd.dll"
    "c:\users\Aidan\AppData\Roaming\WUDFHost.exe"
    "c:\windows\8A809006C25A4A3A9DAB94659BCDB107.TMP"
    .
    .
    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    c:\programdata\PCDr\6426\AddOnDownloaded\2b7a7ebb-6083-4253-a1e6-149883b6eb45.dll
    c:\programdata\PCDr\6426\AddOnDownloaded\481fbe3e-ec08-4d5a-94ea-95c753609e7c.dll
    c:\programdata\PCDr\6426\AddOnDownloaded\48476a77-44f9-40a8-a623-f3402f22b01b.dll
    c:\programdata\PCDr\6426\AddOnDownloaded\5c57a158-1254-45f6-b629-b2debbf1fd29.dll
    c:\programdata\PCDr\6426\AddOnDownloaded\5dc7cfd3-e8ce-4478-9404-0ae32511b353.dll
    c:\programdata\PCDr\6426\AddOnDownloaded\846b4c9b-a7ba-4fb5-8d64-0e84281ea84e.dll
    c:\programdata\PCDr\6426\AddOnDownloaded\8d56ceae-d309-4e1d-8376-c13e94d402c3.dll
    c:\programdata\PCDr\6426\AddOnDownloaded\b79eb8ca-c461-4cb3-b3f9-d11b2bbc6a94.dll
    c:\programdata\PCDr\6426\AddOnDownloaded\c74b2d1b-fd92-4f74-8532-20f83f9afd65.dll
    .
    .
    ((((((((((((((((((((((((( Files Created from 2014-12-12 to 2015-01-12 )))))))))))))))))))))))))))))))
    .
    .
    2015-01-12 01:17 . 2015-01-12 01:17 -------- d-----w- c:\users\HomeGroupUser$\AppData\Local\temp
    2015-01-12 01:17 . 2015-01-12 01:17 -------- d-----w- c:\users\Guest\AppData\Local\temp
    2015-01-12 01:17 . 2015-01-12 01:17 -------- d-----w- c:\users\F6DF0C9454B6436B8503\AppData\Local\temp
    2015-01-12 01:17 . 2015-01-12 01:17 -------- d-----w- c:\users\Default\AppData\Local\temp
    2015-01-12 01:17 . 2015-01-12 01:17 -------- d-----w- c:\users\Administrator\AppData\Local\temp
    2015-01-11 23:17 . 2015-01-11 23:17 75888 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{B44313EB-BE51-4FC8-A338-E38C688E0BBA}\offreg.dll
    2015-01-11 23:05 . 2015-01-11 23:05 -------- d-----w- c:\users\Aidan\AppData\Roaming\8pecxstudios
    2015-01-11 23:05 . 2015-01-11 23:05 -------- d-----w- c:\users\Aidan\AppData\Local\8pecxstudios
    2015-01-11 23:04 . 2015-01-11 23:05 -------- d-----w- c:\program files\Cyberfox
    2015-01-10 17:42 . 2014-12-02 10:26 11870360 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{B44313EB-BE51-4FC8-A338-E38C688E0BBA}\mpengine.dll
    2015-01-05 02:09 . 2015-01-05 02:09 -------- d-----w- c:\users\Aidan\AppData\Roaming\TeamViewer
    2015-01-05 02:00 . 2015-01-05 02:09 -------- d-----w- c:\program files (x86)\TeamViewer
    2014-12-31 18:51 . 2014-08-29 02:07 3179520 ----a-w- c:\windows\system32\rdpcorets.dll
    2014-12-31 18:51 . 2014-05-08 09:32 16384 ----a-w- c:\windows\system32\RdpGroupPolicyExtension.dll
    2014-12-31 18:50 . 2014-09-05 01:52 5703168 ----a-w- c:\windows\SysWow64\mstscax.dll
    2014-12-31 18:50 . 2014-09-05 02:11 6584320 ----a-w- c:\windows\system32\mstscax.dll
    2014-12-30 19:09 . 2012-08-23 14:10 19456 ----a-w- c:\windows\system32\drivers\rdpvideominiport.sys
    2014-12-30 19:09 . 2012-08-23 14:08 30208 ----a-w- c:\windows\system32\drivers\TsUsbGD.sys
    2014-12-30 19:08 . 2012-08-23 14:13 243200 ----a-w- c:\windows\system32\rdpudd.dll
    2014-12-30 19:08 . 2012-08-23 11:12 192000 ----a-w- c:\windows\SysWow64\rdpendp_winip.dll
    2014-12-30 19:08 . 2012-08-23 10:51 228864 ----a-w- c:\windows\system32\rdpendp_winip.dll
    2014-12-29 02:29 . 2014-12-29 02:29 -------- d-sh--w- c:\users\Aidan\AppData\Local\EmieBrowserModeList
    2014-12-28 19:58 . 2014-12-28 19:58 -------- d-----w- c:\program files (x86)\LogMeIn Hamachi
    2014-12-28 19:57 . 2014-08-13 05:38 32912 ----a-w- c:\windows\system32\drivers\rawdsk3.sys
    2014-12-27 21:07 . 2014-12-27 21:07 -------- d-----w- c:\users\Aidan\AppData\Local\M-Audio
    2014-12-27 21:07 . 2014-12-27 21:07 -------- d-----w- c:\programdata\M-Audio
    2014-12-27 21:06 . 2014-12-27 21:06 -------- d-----w- c:\program files\M-Audio
    2014-12-27 21:06 . 2014-12-27 21:06 -------- d-----w- c:\program files (x86)\M-Audio
    2014-12-27 21:06 . 2014-12-27 21:06 -------- d-----w- c:\programdata\AVID
    2014-12-26 17:22 . 2014-12-26 17:22 -------- d-----w- C:\logs
    2014-12-24 04:35 . 2014-12-24 04:35 -------- d-----w- c:\users\Aidan\AppData\Local\FE2
    2014-12-23 01:29 . 2014-12-23 01:29 -------- d-----w- c:\windows\8A809006C25A4A3A9DAB94659BCDB107.TMP
    2014-12-23 01:16 . 2014-12-23 01:16 -------- d-----w- c:\users\Aidan\AppData\Local\PowerTest
    2014-12-17 21:13 . 2014-12-13 05:09 144384 ----a-w- c:\windows\system32\ieUnatt.exe
    2014-12-17 21:13 . 2014-12-13 03:33 115712 ----a-w- c:\windows\SysWow64\ieUnatt.exe
    2014-12-16 21:14 . 2014-12-16 21:14 -------- d-----w- c:\users\Aidan\AppData\Local\FERewritten
    .
    .
    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2015-01-06 10:36 . 2010-11-21 03:27 298120 ------w- c:\windows\system32\MpSigStub.exe
    2014-12-13 18:03 . 2013-07-25 14:37 701616 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
    2014-12-13 18:03 . 2012-03-10 19:52 71344 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
    2014-12-11 03:56 . 2012-10-28 13:42 112710672 ----a-w- c:\windows\system32\MRT.exe
    2014-12-04 02:50 . 2014-12-10 23:07 413184 ----a-w- c:\windows\system32\generaltel.dll
    2014-12-04 02:50 . 2014-12-10 23:07 741376 ----a-w- c:\windows\system32\invagent.dll
    2014-12-04 02:50 . 2014-12-10 23:07 396800 ----a-w- c:\windows\system32\devinv.dll
    2014-12-04 02:50 . 2014-12-10 23:07 830976 ----a-w- c:\windows\system32\appraiser.dll
    2014-12-04 02:50 . 2014-12-10 23:07 192000 ----a-w- c:\windows\system32\aepic.dll
    2014-12-04 02:50 . 2014-12-10 23:07 227328 ----a-w- c:\windows\system32\aepdu.dll
    2014-12-04 02:44 . 2014-12-10 23:07 1083392 ----a-w- c:\windows\system32\aeinv.dll
    2014-12-01 23:28 . 2014-12-10 23:07 1232040 ----a-w- c:\windows\system32\aitstatic.exe
    2014-11-27 01:43 . 2014-12-10 23:04 389296 ----a-w- c:\windows\system32\iedkcs32.dll
    2014-11-22 03:13 . 2014-12-10 23:04 25059840 ----a-w- c:\windows\system32\mshtml.dll
    2014-11-22 03:06 . 2014-12-10 23:04 2724864 ----a-w- c:\windows\system32\mshtml.tlb
    2014-11-22 03:06 . 2014-12-10 23:04 4096 ----a-w- c:\windows\system32\ieetwcollectorres.dll
    2014-11-22 02:50 . 2014-12-10 23:04 66560 ----a-w- c:\windows\system32\iesetup.dll
    2014-11-22 02:50 . 2014-12-10 23:04 580096 ----a-w- c:\windows\system32\vbscript.dll
    2014-11-22 02:49 . 2014-12-10 23:04 48640 ----a-w- c:\windows\system32\ieetwproxystub.dll
    2014-11-22 02:49 . 2014-12-10 23:04 2885120 ----a-w- c:\windows\system32\iertutil.dll
    2014-11-22 02:48 . 2014-12-10 23:04 88064 ----a-w- c:\windows\system32\MshtmlDac.dll
    2014-11-22 02:41 . 2014-12-10 23:04 54784 ----a-w- c:\windows\system32\jsproxy.dll
    2014-11-22 02:40 . 2014-12-10 23:04 34304 ----a-w- c:\windows\system32\iernonce.dll
    2014-11-22 02:37 . 2014-12-10 23:04 633856 ----a-w- c:\windows\system32\ieui.dll
    2014-11-22 02:35 . 2014-12-10 23:04 114688 ----a-w- c:\windows\system32\ieetwcollector.exe
    2014-11-22 02:34 . 2014-12-10 23:04 814080 ----a-w- c:\windows\system32\jscript9diag.dll
    2014-11-22 02:34 . 2014-12-10 23:04 6039552 ----a-w- c:\windows\system32\jscript9.dll
    2014-11-22 02:26 . 2014-12-10 23:04 968704 ----a-w- c:\windows\system32\MsSpellCheckingFacility.exe
    2014-11-22 02:22 . 2014-12-10 23:04 490496 ----a-w- c:\windows\system32\dxtmsft.dll
    2014-11-22 02:20 . 2014-12-10 23:04 2724864 ----a-w- c:\windows\SysWow64\mshtml.tlb
    2014-11-22 02:14 . 2014-12-10 23:04 77824 ----a-w- c:\windows\system32\JavaScriptCollectionAgent.dll
    2014-11-22 02:09 . 2014-12-10 23:04 199680 ----a-w- c:\windows\system32\msrating.dll
    2014-11-22 02:08 . 2014-12-10 23:04 92160 ----a-w- c:\windows\system32\mshtmled.dll
    2014-11-22 02:07 . 2014-12-10 23:04 501248 ----a-w- c:\windows\SysWow64\vbscript.dll
    2014-11-22 02:07 . 2014-12-10 23:04 62464 ----a-w- c:\windows\SysWow64\iesetup.dll
    2014-11-22 02:06 . 2014-12-10 23:04 47616 ----a-w- c:\windows\SysWow64\ieetwproxystub.dll
    2014-11-22 02:05 . 2014-12-10 23:04 64000 ----a-w- c:\windows\SysWow64\MshtmlDac.dll
    2014-11-22 02:05 . 2014-12-10 23:04 316928 ----a-w- c:\windows\system32\dxtrans.dll
    2014-11-22 01:54 . 2014-12-10 23:04 620032 ----a-w- c:\windows\SysWow64\jscript9diag.dll
    2014-11-22 01:49 . 2014-12-10 23:04 718848 ----a-w- c:\windows\system32\ie4uinit.exe
    2014-11-22 01:49 . 2014-12-10 23:04 800768 ----a-w- c:\windows\system32\msfeeds.dll
    2014-11-22 01:47 . 2014-12-10 23:04 1359360 ----a-w- c:\windows\system32\mshtmlmedia.dll
    2014-11-22 01:46 . 2014-12-10 23:04 2125312 ----a-w- c:\windows\system32\inetcpl.cpl
    2014-11-22 01:43 . 2014-12-10 23:04 14412800 ----a-w- c:\windows\system32\ieframe.dll
    2014-11-22 01:40 . 2014-12-10 23:04 60416 ----a-w- c:\windows\SysWow64\JavaScriptCollectionAgent.dll
    2014-11-22 01:29 . 2014-12-10 23:04 4299264 ----a-w- c:\windows\SysWow64\jscript9.dll
    2014-11-22 01:28 . 2014-12-10 23:04 2358272 ----a-w- c:\windows\system32\wininet.dll
    2014-11-22 01:22 . 2014-12-10 23:04 2052096 ----a-w- c:\windows\SysWow64\inetcpl.cpl
    2014-11-22 01:21 . 2014-12-10 23:04 1155072 ----a-w- c:\windows\SysWow64\mshtmlmedia.dll
    2014-11-22 01:15 . 2014-12-10 23:04 1548288 ----a-w- c:\windows\system32\urlmon.dll
    2014-11-22 01:03 . 2014-12-10 23:04 800768 ----a-w- c:\windows\system32\ieapfltr.dll
    2014-11-22 01:00 . 2014-12-10 23:04 1888256 ----a-w- c:\windows\SysWow64\wininet.dll
    2014-11-19 10:31 . 2014-11-19 10:31 1217192 ----a-w- c:\windows\SysWow64\FM20.DLL
    2014-11-11 03:09 . 2014-12-10 23:05 1424384 ----a-w- c:\windows\system32\WindowsCodecs.dll
    2014-11-11 03:08 . 2014-11-20 01:27 241152 ----a-w- c:\windows\system32\pku2u.dll
    2014-11-11 03:08 . 2014-11-20 01:27 728064 ----a-w- c:\windows\system32\kerberos.dll
    2014-11-11 02:44 . 2014-12-10 23:05 1230336 ----a-w- c:\windows\SysWow64\WindowsCodecs.dll
    2014-11-11 02:44 . 2014-11-20 01:27 186880 ----a-w- c:\windows\SysWow64\pku2u.dll
    2014-11-11 02:44 . 2014-11-20 01:27 550912 ----a-w- c:\windows\SysWow64\kerberos.dll
    2014-11-11 01:46 . 2014-12-10 23:05 119296 ----a-w- c:\windows\system32\drivers\tdx.sys
    2014-11-08 03:16 . 2014-12-10 23:00 2048 ----a-w- c:\windows\system32\tzres.dll
    2014-11-08 02:45 . 2014-12-10 23:00 2048 ----a-w- c:\windows\SysWow64\tzres.dll
    2014-10-30 02:03 . 2014-12-10 23:01 165888 ----a-w- c:\windows\system32\charmap.exe
    2014-10-30 01:45 . 2014-12-10 23:01 155136 ----a-w- c:\windows\SysWow64\charmap.exe
    2014-10-25 01:57 . 2014-11-13 21:46 77824 ----a-w- c:\windows\system32\packager.dll
    2014-10-25 01:32 . 2014-11-13 21:46 67584 ----a-w- c:\windows\SysWow64\packager.dll
    2014-10-21 16:06 . 2014-10-21 16:07 98216 ----a-w- c:\windows\SysWow64\WindowsAccessBridge-32.dll
    2014-10-18 02:05 . 2014-11-13 21:45 861696 ----a-w- c:\windows\system32\oleaut32.dll
    2014-10-18 02:05 . 2014-12-11 03:52 4121600 ----a-w- c:\windows\system32\mf.dll
    2014-10-18 01:33 . 2014-11-13 21:45 571904 ----a-w- c:\windows\SysWow64\oleaut32.dll
    2014-10-18 01:33 . 2014-12-11 03:52 3209728 ----a-w- c:\windows\SysWow64\mf.dll
    2014-10-14 02:16 . 2014-11-13 21:49 155064 ----a-w- c:\windows\system32\drivers\ksecpkg.sys
    2014-10-14 02:13 . 2014-11-13 21:49 683520 ----a-w- c:\windows\system32\termsrv.dll
    2014-10-14 02:13 . 2014-11-13 21:46 3241984 ----a-w- c:\windows\system32\msi.dll
    2014-10-14 02:12 . 2014-11-13 21:49 1460736 ----a-w- c:\windows\system32\lsasrv.dll
    2014-10-14 02:09 . 2014-11-13 21:49 146432 ----a-w- c:\windows\system32\msaudite.dll
    2014-10-14 02:07 . 2014-11-13 21:49 681984 ----a-w- c:\windows\system32\adtschema.dll
    2014-10-14 01:50 . 2014-11-13 21:49 22016 ----a-w- c:\windows\SysWow64\secur32.dll
    2014-10-14 01:50 . 2014-11-13 21:46 2363904 ----a-w- c:\windows\SysWow64\msi.dll
    2014-10-14 01:49 . 2014-11-13 21:49 96768 ----a-w- c:\windows\SysWow64\sspicli.dll
    2014-10-14 01:47 . 2014-11-13 21:49 146432 ----a-w- c:\windows\SysWow64\msaudite.dll
    2014-10-14 01:46 . 2014-11-13 21:49 681984 ----a-w- c:\windows\SysWow64\adtschema.dll
    .
    .
    ------- Sigcheck -------
    Note: Unsigned files aren't necessarily malware.
    .
    [-] 2013-12-18 . 858547B2A75A16B353D0676964EAE858 . 2946560 . . [6.1.7600.16385] .. c:\windows\explorer.exe
    [7] 2011-02-26 . 3B69712041F3D63605529BD66DC00C48 . 2871808 . . [6.1.7600.16385] .. c:\windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_b0333b22a99da332\explorer.exe
    [7] 2011-02-25 . 332FEAB1435662FC6C672E25BEB37BE3 . 2871808 . . [6.1.7600.16385] .. c:\windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_afa79dc39081d0ba\explorer.exe
    [7] 2010-11-21 . AC4C51EB24AA95B77F705AB159189E24 . 2872320 . . [6.1.7600.16385] .. c:\windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_afdaac81905bf900\explorer.exe
    .
    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4
    .
    [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
    "{739df940-c5ee-4bab-9d7e-270894ae687a}"= "c:\program files (x86)\WhiteSmoke_New\prxtbWhit.dll" [2013-03-05 231168]
    .
    [HKEY_CLASSES_ROOT\clsid\{739df940-c5ee-4bab-9d7e-270894ae687a}]
    .
    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
    @="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
    [HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
    2013-05-25 00:36 130736 ----a-w- c:\users\Aidan\AppData\Roaming\Dropbox\bin\DropboxExt.19.dll
    .
    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
    @="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
    [HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
    2013-05-25 00:36 130736 ----a-w- c:\users\Aidan\AppData\Roaming\Dropbox\bin\DropboxExt.19.dll
    .
    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
    @="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
    [HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
    2013-05-25 00:36 130736 ----a-w- c:\users\Aidan\AppData\Roaming\Dropbox\bin\DropboxExt.19.dll
    .
    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\P4EXPCheckoutOverlay]
    @="{80E008A4-EAE7-4867-AEB0-1A245F070F25}"
    [HKEY_CLASSES_ROOT\CLSID\{80E008A4-EAE7-4867-AEB0-1A245F070F25}]
    2012-09-24 20:48 1954440 ----a-w- c:\program files\Perforce\p4exp.dll
    .
    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\P4EXPSyncdOverlay]
    @="{ADF262C1-E8FE-49BE-AD63-F77CD4A6CCD9}"
    [HKEY_CLASSES_ROOT\CLSID\{ADF262C1-E8FE-49BE-AD63-F77CD4A6CCD9}]
    2012-09-24 20:48 1954440 ----a-w- c:\program files\Perforce\p4exp.dll
    .
    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\P4EXPUpdateOverlay]
    @="{C550CDA2-37D7-4838-A9D7-65ECB1EB5AB2}"
    [HKEY_CLASSES_ROOT\CLSID\{C550CDA2-37D7-4838-A9D7-65ECB1EB5AB2}]
    2012-09-24 20:48 1954440 ----a-w- c:\program files\Perforce\p4exp.dll
    .
    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "Steam"="c:\program files (x86)\Steam\steam.exe" [2014-11-18 1940160]
    "ApplePhotoStreams"="c:\program files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe" [2013-11-20 59720]
    "Game Update"="c:\users\Aidan\AppData\Roaming\WUDFHost.exe" [2013-07-22 190842]
    "EADM"="c:\program files (x86)\Origin\Origin.exe" [2014-12-18 3618648]
    "RocketDock"="c:\program files (x86)\RocketDock\RocketDock.exe" [2007-09-02 495616]
    "ooVoo.exe"="c:\program files (x86)\ooVoo\oovoo.exe" [2014-03-25 36247104]
    "Cloud Sync Application"="c:\program files (x86)\Renewed Vision\ProPresenter 5\CloudSyncApp.exe" [2014-03-12 169984]
    "Clownfish"="c:\program files (x86)\Clownfish\Clownfish.exe" [2014-06-09 1315072]
    "Xwqgvctxd"="c:\users\Aidan\AppData\Local\Octodad Dadliest Catch\Xwqgvctxd.dll" [2015-01-04 266752]
    "Skype"="c:\program files (x86)\Skype\Phone\Skype.exe" [2014-12-11 30877280]
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
    "Dell Webcam Central"="c:\program files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe" [2011-04-13 503942]
    "APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2014-10-11 60712]
    "AdobeCS4ServiceManager"="c:\program files (x86)\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" [2008-08-14 611712]
    "DigidesignMMERefresh"="c:\program files (x86)\Digidesign\Drivers\MMERefresh.exe" [2011-08-11 81920]
    "EKStatusMonitor"="c:\program files (x86)\Kodak\AiO\StatusMonitor\EKStatusMonitor.exe" [2013-12-11 2750840]
    "iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2014-10-15 157480]
    "LogMeIn Hamachi Ui"="c:\program files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe" [2014-12-13 3838800]
    .
    [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
    "KodakHomeCenter"="c:\program files (x86)\Kodak\AiO\Center\AiOHomeCenter.exe" [2014-05-06 2234064]
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
    "ConsentPromptBehaviorAdmin"= 5 (0x5)
    "ConsentPromptBehaviorUser"= 3 (0x3)
    "EnableUIADesktopToggle"= 0 (0x0)
    "PromptOnSecureDesktop"= 0 (0x0)
    .
    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
    "LoadAppInit_DLLs"=1 (0x1)
    .
    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
    "midi1"=VirtualMIDISynth\VirtualMIDISynth.dll
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\BITS]
    @="Service"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\EventSystem]
    @="Service"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ioloSystemService]
    @="Service"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
    @=""
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vseamps]
    @="Service"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vsedsps]
    @="Service"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vseqrts]
    @="Service"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
    @="Driver"
    .
    R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
    R2 DellDigitalDelivery;Dell Digital Delivery Service;c:\program files (x86)\Dell Digital Delivery\DeliveryService.exe;c:\program files (x86)\Dell Digital Delivery\DeliveryService.exe [x]
    R2 e9f32388;GS Supporter;c:\windows\system32\rundll32.exe;c:\windows\SYSNATIVE\rundll32.exe [x]
    R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe;c:\program files (x86)\Skype\Updater\Updater.exe [x]
    R2 UnsignedThemes;Unsigned Themes;c:\windows\UnsignedThemesSvc.exe;c:\windows\UnsignedThemesSvc.exe [x]
    R2 uxpatch;uxpatch;c:\windows\system32\drivers\uxpatch.sys;c:\windows\SYSNATIVE\drivers\uxpatch.sys [x]
    R3 Adobe Version Cue CS4;Adobe Version Cue CS4;c:\program files (x86)\Common Files\Adobe\Adobe Version Cue CS4\Server\bin\VersionCueCS4.exe;c:\program files (x86)\Common Files\Adobe\Adobe Version Cue CS4\Server\bin\VersionCueCS4.exe [x]
    R3 cfwids;McAfee Inc. cfwids;c:\windows\system32\drivers\cfwids.sys;c:\windows\SYSNATIVE\drivers\cfwids.sys [x]
    R3 FLEXnet Licensing Service 64;FLEXnet Licensing Service 64;c:\program files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe;c:\program files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe [x]
    R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe;c:\windows\SYSNATIVE\IEEtwCollector.exe [x]
    R3 MAUSBFASTTRACK;Service for M-Audio FastTrack;c:\windows\system32\DRIVERS\MAudioFastTrack.sys;c:\windows\SYSNATIVE\DRIVERS\MAudioFastTrack.sys [x]
    R3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files\McAfee Security Scan\3.8.150\McCHSvc.exe;c:\program files\McAfee Security Scan\3.8.150\McCHSvc.exe [x]
    R3 mfehidk01;McAfee Inc.;Device\mfehidk01.sys;Device\mfehidk01.sys [x]
    R3 mferkdet;McAfee Inc. mferkdet;c:\windows\system32\drivers\mferkdet.sys;c:\windows\SYSNATIVE\drivers\mferkdet.sys [x]
    R3 Origin Client Service;Origin Client Service;c:\program files (x86)\Origin\OriginClientService.exe;c:\program files (x86)\Origin\OriginClientService.exe [x]
    R3 OverwolfUpdaterService;Overwolf Updater Service;c:\program files (x86)\Overwolf\OverwolfUpdater.exe;c:\program files (x86)\Overwolf\OverwolfUpdater.exe [x]
    R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys;c:\windows\SYSNATIVE\drivers\rdpvideominiport.sys [x]
    R3 ScreamBAudioSvc;ScreamBee Audio;c:\windows\system32\drivers\ScreamingBAudio64.sys;c:\windows\SYSNATIVE\drivers\ScreamingBAudio64.sys [x]
    R3 ssadbus;SAMSUNG Android USB Composite Device driver (WDM);c:\windows\system32\DRIVERS\ssadbus.sys;c:\windows\SYSNATIVE\DRIVERS\ssadbus.sys [x]
    R3 ssadmdfl;SAMSUNG Android USB Modem (Filter);c:\windows\system32\DRIVERS\ssadmdfl.sys;c:\windows\SYSNATIVE\DRIVERS\ssadmdfl.sys [x]
    R3 ssadmdm;SAMSUNG Android USB Modem Drivers;c:\windows\system32\DRIVERS\ssadmdm.sys;c:\windows\SYSNATIVE\DRIVERS\ssadmdm.sys [x]
    R3 tapoas;TAP-Win32 Adapter OAS;c:\windows\system32\DRIVERS\tapoas.sys;c:\windows\SYSNATIVE\DRIVERS\tapoas.sys [x]
    R3 Te.Service;Te.Service;c:\program files (x86)\Windows Kits\8.0\Testing\Runtimes\TAEF\Wex.Services.exe;c:\program files (x86)\Windows Kits\8.0\Testing\Runtimes\TAEF\Wex.Services.exe [x]
    R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
    R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys;c:\windows\SYSNATIVE\drivers\TsUsbGD.sys [x]
    R3 TSVAD_PCM;Wirecast Virtual Microphone Driver;c:\windows\system32\drivers\tsvadpcm.sys;c:\windows\SYSNATIVE\drivers\tsvadpcm.sys [x]
    R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys;c:\windows\SYSNATIVE\Drivers\usbaapl64.sys [x]
    R3 VBoxNetAdp;VirtualBox Host-Only Ethernet Adapter;c:\windows\system32\DRIVERS\VBoxNetAdp.sys;c:\windows\SYSNATIVE\DRIVERS\VBoxNetAdp.sys [x]
    R3 vseqrts;vseqrts;c:\program files\Common Files\Authentium\AntiVirus5\vseqrts.exe;c:\program files\Common Files\Authentium\AntiVirus5\vseqrts.exe [x]
    R3 wampapache64;wampapache64;c:\wamp\bin\apache\apache2.4.9\bin\httpd.exe;c:\wamp\bin\apache\apache2.4.9\bin\httpd.exe [x]
    R3 wampmysqld64;wampmysqld64;c:\wamp\bin\mysql\mysql5.6.17\bin\mysqld.exe wampmysqld64;c:\wamp\bin\mysql\mysql5.6.17\bin\mysqld.exe wampmysqld64 [x]
    R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]
    R4 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe;c:\windows\SYSNATIVE\atiesrxx.exe [x]
    R4 Desura Install Service;Desura Install Service;c:\program files (x86)\Common Files\Desura\desura_service.exe;c:\program files (x86)\Common Files\Desura\desura_service.exe [x]
    R4 NOBU;Dell DataSafe Online;c:\program files (x86)\Dell\Dell Datasafe Online\NOBuAgent.exe SERVICE;c:\program files (x86)\Dell\Dell Datasafe Online\NOBuAgent.exe SERVICE [x]
    R4 SftService;SoftThinks Agent Service;c:\program files (x86)\Dell DataSafe Local Backup\sftservice.EXE;c:\program files (x86)\Dell DataSafe Local Backup\sftservice.EXE [x]
    R4 Skype C2C Service;Skype C2C Service;c:\programdata\Skype\Toolbars\Skype C2C Service\c2c_service.exe;c:\programdata\Skype\Toolbars\Skype C2C Service\c2c_service.exe [x]
    R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe;c:\program files\Windows Live\Mesh\wlcrasvc.exe [x]
    S0 amd_sata;amd_sata;c:\windows\system32\DRIVERS\amd_sata.sys;c:\windows\SYSNATIVE\DRIVERS\amd_sata.sys [x]
    S0 amd_xata;amd_xata;c:\windows\system32\DRIVERS\amd_xata.sys;c:\windows\SYSNATIVE\DRIVERS\amd_xata.sys [x]
    S0 mfewfpk;McAfee Inc. mfewfpk;c:\windows\system32\drivers\mfewfpk.sys;c:\windows\SYSNATIVE\drivers\mfewfpk.sys [x]
    S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys;c:\windows\SYSNATIVE\Drivers\PxHlpa64.sys [x]
    S1 ElRawDisk;ElRawDisk;c:\windows\system32\drivers\ElRawDsk.sys;c:\windows\SYSNATIVE\drivers\ElRawDsk.sys [x]
    S1 mfenlfk;McAfee NDIS Light Filter;c:\windows\system32\DRIVERS\mfenlfk.sys;c:\windows\SYSNATIVE\DRIVERS\mfenlfk.sys [x]
    S1 RawDisk3;RawDisk3;c:\windows\system32\drivers\rawdsk3.sys;c:\windows\SYSNATIVE\drivers\rawdsk3.sys [x]
    S1 VBoxDrv;VirtualBox Service;c:\windows\system32\DRIVERS\VBoxDrv.sys;c:\windows\SYSNATIVE\DRIVERS\VBoxDrv.sys [x]
    S1 VBoxUSBMon;VirtualBox USB Monitor Driver;c:\windows\system32\DRIVERS\VBoxUSBMon.sys;c:\windows\SYSNATIVE\DRIVERS\VBoxUSBMon.sys [x]
    S2 Abrosoft: Abrosoft FantaMorph update permissions manager. 12810.;Abrosoft: Abrosoft FantaMorph update permissions manager. 12810.;c:\program files (x86)\Abrosoft\FantaMorph5\FantaUp.exe;c:\program files (x86)\Abrosoft\FantaMorph5\FantaUp.exe [x]
    S2 AESTFilters;Andrea ST Filters Service;c:\program files\IDT\WDM\AESTSr64.exe;c:\program files\IDT\WDM\AESTSr64.exe [x]
    S2 AMD FUEL Service;AMD FUEL Service;c:\program files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe;c:\program files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [x]
    S2 AMP;Active Malware Protection Minifilter Driver;c:\windows\system32\Drivers\amp.sys;c:\windows\SYSNATIVE\Drivers\amp.sys [x]
    S2 AMPSE;Active Malware Protection Support Driver;c:\windows\system32\Drivers\ampse.sys;c:\windows\SYSNATIVE\Drivers\ampse.sys [x]
    S2 c2cautoupdatesvc;Skype Click to Call Updater;c:\program files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe;c:\program files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [x]
    S2 c2cpnrsvc;Skype Click to Call PNR Service;c:\program files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe;c:\program files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [x]
    S2 FastTrackAudioDevMon;Fast Track Audio Device Monitor;c:\program files (x86)\M-Audio\Fast Track\AudioDevMon.exe;c:\program files (x86)\M-Audio\Fast Track\AudioDevMon.exe [x]
    S2 Hamachi2Svc;LogMeIn Hamachi Tunneling Engine;c:\program files (x86)\LogMeIn Hamachi\hamachi-2.exe;c:\program files (x86)\LogMeIn Hamachi\hamachi-2.exe [x]
    S2 ioloSystemService;iolo System Service;c:\program files (x86)\iolo\Common\Lib\ioloServiceManager.exe;c:\program files (x86)\iolo\Common\Lib\ioloServiceManager.exe [x]
    S2 Kodak AiO Network Discovery Service;Kodak AiO Network Discovery Service;c:\program files (x86)\Kodak\AiO\Center\EKAiOHostService.exe;c:\program files (x86)\Kodak\AiO\Center\EKAiOHostService.exe [x]
    S2 Kodak AiO Status Monitor Service;Kodak AiO Status Monitor Service;c:\program files (x86)\Kodak\AiO\StatusMonitor\EKPrinterSDK.exe;c:\program files (x86)\Kodak\AiO\StatusMonitor\EKPrinterSDK.exe [x]
    S2 LMIGuardianSvc;LMIGuardianSvc;c:\program files (x86)\LogMeIn Hamachi\LMIGuardianSvc.exe;c:\program files (x86)\LogMeIn Hamachi\LMIGuardianSvc.exe [x]
    S2 mfefire;McAfee Firewall Core Service;c:\program files\Common Files\McAfee\SystemCore\\mfefire.exe;c:\program files\Common Files\McAfee\SystemCore\\mfefire.exe [x]
    S2 mfevtp;McAfee Validation Trust Protection Service;c:\windows\system32\mfevtps.exe;c:\windows\SYSNATIVE\mfevtps.exe [x]
    S2 PaceLicenseDServices;PACE License Services;c:\program files (x86)\Common Files\PACE\Services\LicenseServices\LDSvc.exe;c:\program files (x86)\Common Files\PACE\Services\LicenseServices\LDSvc.exe [x]
    S2 PDFsFilter;PDFsFilter;c:\windows\system32\DRIVERS\PDFsFilter.sys;c:\windows\SYSNATIVE\DRIVERS\PDFsFilter.sys [x]
    S2 UMVPFSrv;UMVPFSrv;c:\program files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe;c:\program files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe [x]
    S2 vseamps;vseamps;c:\program files\Common Files\Authentium\AntiVirus5\vseamps.exe;c:\program files\Common Files\Authentium\AntiVirus5\vseamps.exe [x]
    S2 vsedsps;vsedsps;c:\program files\Common Files\Authentium\AntiVirus5\vsedsps.exe;c:\program files\Common Files\Authentium\AntiVirus5\vsedsps.exe [x]
    S3 amdhub30;AMD USB 3.0 Hub Driver;c:\windows\system32\DRIVERS\amdhub30.sys;c:\windows\SYSNATIVE\DRIVERS\amdhub30.sys [x]
    S3 amdiox64;AMD IO Driver;c:\windows\system32\DRIVERS\amdiox64.sys;c:\windows\SYSNATIVE\DRIVERS\amdiox64.sys [x]
    S3 amdxhc;AMD USB 3.0 Host Controller Driver;c:\windows\system32\DRIVERS\amdxhc.sys;c:\windows\SYSNATIVE\DRIVERS\amdxhc.sys [x]
    S3 AtiHDAudioService;ATI Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys;c:\windows\SYSNATIVE\drivers\AtihdW76.sys [x]
    S3 BTWAMPFL;BTWAMPFL;c:\windows\system32\DRIVERS\btwampfl.sys;c:\windows\SYSNATIVE\DRIVERS\btwampfl.sys [x]
    S3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys;c:\windows\SYSNATIVE\DRIVERS\btwl2cap.sys [x]
    S3 CtClsFlt;Creative Camera Class Upper Filter Driver;c:\windows\system32\DRIVERS\CtClsFlt.sys;c:\windows\SYSNATIVE\DRIVERS\CtClsFlt.sys [x]
    S3 LVRS64;Logitech RightSound Filter Driver;c:\windows\system32\DRIVERS\lvrs64.sys;c:\windows\SYSNATIVE\DRIVERS\lvrs64.sys [x]
    S3 LVUVC64;Logitech QuickCam Pro 9000(UVC);c:\windows\system32\DRIVERS\lvuvc64.sys;c:\windows\SYSNATIVE\DRIVERS\lvuvc64.sys [x]
    S3 ManyCam;ManyCam Virtual Webcam;c:\windows\system32\DRIVERS\mcvidrv_x64.sys;c:\windows\SYSNATIVE\DRIVERS\mcvidrv_x64.sys [x]
    S3 mcaudrv_simple;ManyCam Virtual Microphone;c:\windows\system32\drivers\mcaudrv_x64.sys;c:\windows\SYSNATIVE\drivers\mcaudrv_x64.sys [x]
    S3 mfefirek;McAfee Inc. mfefirek;c:\windows\system32\drivers\mfefirek.sys;c:\windows\SYSNATIVE\drivers\mfefirek.sys [x]
    S3 PCDSRVC{D3412D80-CF3B4A27-06020200}_0;PCDSRVC{D3412D80-CF3B4A27-06020200}_0 - PCDR Kernel Mode Service Helper Driver;c:\program files\my dell\pcdsrvc_x64.pkms;c:\program files\my dell\pcdsrvc_x64.pkms [x]
    S3 pneteth;PdaNet Broadband;c:\windows\system32\DRIVERS\pneteth.sys;c:\windows\SYSNATIVE\DRIVERS\pneteth.sys [x]
    S3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys;c:\windows\SYSNATIVE\Drivers\RtsUStor.sys [x]
    S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys;c:\windows\SYSNATIVE\DRIVERS\Rt64win7.sys [x]
    S3 usbfilter;AMD USB Filter Driver;c:\windows\system32\DRIVERS\usbfilter.sys;c:\windows\SYSNATIVE\DRIVERS\usbfilter.sys [x]
    S3 VBoxNetFlt;VirtualBox Bridged Networking Service;c:\windows\system32\DRIVERS\VBoxNetFlt.sys;c:\windows\SYSNATIVE\DRIVERS\VBoxNetFlt.sys [x]
    S3 voxaldriver;Voxal Filter Driver 2.12.01;c:\windows\system32\DRIVERS\voxaldriverx64.sys;c:\windows\SYSNATIVE\DRIVERS\voxaldriverx64.sys [x]
    .
    .
    --- Other Services/Drivers In Memory ---
    .
    *NewlyCreated* - PCDSRVC{D3412D80-CF3B4A27-06020200}_0
    .
    Contents of the 'Scheduled Tasks' folder
    .
    2015-01-12 c:\windows\Tasks\Adobe Flash Player Updater.job
    - c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2013-07-25 18:03]
    .
    2015-01-11 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
    - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-10-09 22:47]
    .
    2015-01-12 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
    - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-10-09 22:47]
    .
    2015-01-06 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-41472551-3302669374-2398554026-1002Core.job
    - c:\users\Aidan\AppData\Local\Google\Update\GoogleUpdate.exe [2012-12-26 00:23]
    .
    2015-01-12 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-41472551-3302669374-2398554026-1002UA.job
    - c:\users\Aidan\AppData\Local\Google\Update\GoogleUpdate.exe [2012-12-26 00:23]
    .
    .
    --------- X64 Entries -----------
    .
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
    @="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
    [HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
    2013-05-25 00:36 164016 ----a-w- c:\users\Aidan\AppData\Roaming\Dropbox\bin\DropboxExt64.19.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
    @="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
    [HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
    2013-05-25 00:36 164016 ----a-w- c:\users\Aidan\AppData\Roaming\Dropbox\bin\DropboxExt64.19.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
    @="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
    [HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
    2013-05-25 00:36 164016 ----a-w- c:\users\Aidan\AppData\Roaming\Dropbox\bin\DropboxExt64.19.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
    @="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
    [HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
    2013-05-25 00:36 164016 ----a-w- c:\users\Aidan\AppData\Roaming\Dropbox\bin\DropboxExt64.19.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\P4EXPCheckoutOverlay]
    @="{80E008A4-EAE7-4867-AEB0-1A245F070F25}"
    [HKEY_CLASSES_ROOT\CLSID\{80E008A4-EAE7-4867-AEB0-1A245F070F25}]
    2012-09-24 20:49 2394760 ----a-w- c:\program files\Perforce\p4exp64.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\P4EXPSyncdOverlay]
    @="{ADF262C1-E8FE-49BE-AD63-F77CD4A6CCD9}"
    [HKEY_CLASSES_ROOT\CLSID\{ADF262C1-E8FE-49BE-AD63-F77CD4A6CCD9}]
    2012-09-24 20:49 2394760 ----a-w- c:\program files\Perforce\p4exp64.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\P4EXPUpdateOverlay]
    @="{C550CDA2-37D7-4838-A9D7-65ECB1EB5AB2}"
    [HKEY_CLASSES_ROOT\CLSID\{C550CDA2-37D7-4838-A9D7-65ECB1EB5AB2}]
    2012-09-24 20:49 2394760 ----a-w- c:\program files\Perforce\p4exp64.dll
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "SysTrayApp"="c:\program files\IDT\WDM\sttray64.exe" [2011-09-08 1424896]
    "DellStage"="c:\program files (x86)\Dell Stage\Dell Stage\stage_primary.exe" [2011-11-03 2190704]
    "Broadcom Wireless Manager UI"="c:\program files\Dell\DW WLAN Card\WLTRAY.exe" [2012-03-10 7464448]
    "Apoint"="c:\program files\DellTPad\Apoint.exe" [2011-04-12 609144]
    "AdobeAAMUpdater-1.0"="c:\program files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2010-02-22 500208]
    "EKIJ5000StatusMonitor"="c:\windows\system32\spool\DRIVERS\x64\3\EKIJ5000MUI.exe" [2012-10-08 3182080]
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Drivers32]
    "midi1"=VirtualMIDISynth\VirtualMIDISynth.dll
    .
    ------- Supplementary Scan -------
    .
    uStart Page = hxxp://www.google.com/
    uInternet Settings,ProxyOverride = *.local
    IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~1\Office14\EXCEL.EXE/3000
    IE: Se&nd to OneNote - c:\progra~2\MICROS~1\Office14\ONBttnIE.dll/105
    IE: Search the Web - c:\program files (x86)\SweetIM\Toolbars\Internet Explorer\resources\menuext.html
    IE: Send image to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
    IE: Send page to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
    Trusted Zone: clonewarsadventures.com
    Trusted Zone: freerealms.com
    Trusted Zone: soe.com
    Trusted Zone: sony.com
    .
    - - - - ORPHANS REMOVED - - - -
    .
    AddRemove-MCI Screensaver - c:\windows\system32\\MCI_Screensaver_Uninstall.exe
    AddRemove-MCI Screensaver 2 - c:\windows\system32\\MCI_Screensaver2_Uninstall.exe
    AddRemove-{5F189DF5-2D05-472B-9091-84D9848AE48B}{f1f78e38} - c:\progra~3\WinSpeed\WinSpeed.dll
    .
    .
    "ImagePath"="\SystemRoot\system32\drivers\1394ohci.sys"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Abrosoft: Abrosoft FantaMorph update permissions manager. 12810.]
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\PCDSRVC{D3412D80-CF3B4A27-06020200}_0]
    "ImagePath"="\??\c:\program files\my dell\pcdsrvc_x64.pkms"
    .
    --------------------- LOCKED REGISTRY KEYS ---------------------
    .
    [HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.htm\UserChoice]
    @Denied: (2) (LocalSystem)
    "Progid"="ChromeHTML"
    .
    [HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.html\UserChoice]
    @Denied: (2) (LocalSystem)
    "Progid"="ChromeHTML"
    .
    [HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.shtml\UserChoice]
    @Denied: (2) (LocalSystem)
    "Progid"="ChromeHTML"
    .
    [HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xht\UserChoice]
    @Denied: (2) (LocalSystem)
    "Progid"="ChromeHTML"
    .
    [HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xhtml\UserChoice]
    @Denied: (2) (LocalSystem)
    "Progid"="ChromeHTML"
    .
    [HKEY_USERS\S-1-5-21-41472551-3302669374-2398554026-1002\Software\SecuROM\License information*]
    "datasecu"=hex:a1,c4,a1,80,aa,e3,3f,5b,73,25,cf,bd,a0,f4,00,8f,60,5a,31,2c,b7,
    f5,14,d3,62,2c,77,5f,c0,27,75,c4,6f,fd,66,04,57,d0,e3,db,4a,3d,95,4b,80,45,\
    "rkeysecu"=hex:2f,0f,d5,3e,02,2b,06,63,b1,0b,dd,b6,71,e2,54,98
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}]
    @Denied: (A 2) (Everyone)
    @="FlashBroker"
    "LocalizedString"="@c:\\windows\\system32\\Macromed\\Flash\\FlashUtil64_15_0_0_246_ActiveX.exe,-101"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\Elevation]
    "Enabled"=dword:00000001
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\LocalServer32]
    @="c:\\windows\\system32\\Macromed\\Flash\\FlashUtil64_15_0_0_246_ActiveX.exe"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}]
    @Denied: (A 2) (Everyone)
    @="IFlashBroker6"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\ProxyStubClsid32]
    @="{00020424-0000-0000-C000-000000000046}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    "Version"="1.0"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}]
    @Denied: (A 2) (Everyone)
    @="FlashBroker"
    "LocalizedString"="@c:\\windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_15_0_0_246_ActiveX.exe,-101"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\Elevation]
    "Enabled"=dword:00000001
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\LocalServer32]
    @="c:\\windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_15_0_0_246_ActiveX.exe"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
    @Denied: (A 2) (Everyone)
    @="Shockwave Flash Object"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
    @="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_15_0_0_246.ocx"
    "ThreadingModel"="Apartment"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
    @="0"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
    @="ShockwaveFlash.ShockwaveFlash.15"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
    @="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_15_0_0_246.ocx, 1"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
    @="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
    @="1.0"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
    @="ShockwaveFlash.ShockwaveFlash"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
    @Denied: (A 2) (Everyone)
    @="Macromedia Flash Factory Object"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
    @="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_15_0_0_246.ocx"
    "ThreadingModel"="Apartment"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
    @="FlashFactory.FlashFactory.1"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
    @="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_15_0_0_246.ocx, 1"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
    @="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
    @="1.0"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
    @="FlashFactory.FlashFactory"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}]
    @Denied: (A 2) (Everyone)
    @="IFlashBroker6"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\ProxyStubClsid32]
    @="{00020424-0000-0000-C000-000000000046}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    "Version"="1.0"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\McAfee]
    "SymbolicLinkValue"=hex(6):5c,00,72,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
    00,5c,00,6d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,6f,00,66,00,\
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
    @Denied: (A) (Everyone)
    "Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
    @Denied: (A) (Everyone)
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
    "Key"="ActionsPane3"
    "Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
    @Denied: (A) (Users)
    @Denied: (A) (Everyone)
    @Allowed: (B 1 2 3 4 5) (S-1-5-20)
    "BlindDial"=dword:00000000
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
    @Denied: (Full) (Everyone)
    .
    Completion time: 2015-01-11 19:22:07
    ComboFix-quarantined-files.txt 2015-01-12 01:22
    ComboFix2.txt 2015-01-11 22:18
    ComboFix3.txt 2015-01-11 01:18
    .
    Pre-Run: 142,116,257,792 bytes free
    Post-Run: 142,018,822,144 bytes free
    .
    - - End Of File - - F4230C20E2E45ECF448DA245DD0E66E0
    A36C5E4F47E84449FF07ED3517B43A31
     
  10. dvk01

    dvk01 Moderator Malware Specialist

    Joined:
    Dec 14, 2002
    Messages:
    56,283
    First Name:
    Derek
    something keeps putting back all the files and registry entries we keep deleting
    lets see what this does

    Click on this link to download : ADWCleaner Click on ONE of the Two Blue Download Now buttons That have a blue arrow beside them and save it to your desktop. Do not click on any links in the top Advert.

    See the screenshot where the proper download buttons are highlighted
    [​IMG]

    NOTE: If using Internet Explorer and you get an alert that stops the program downloading click on Tools > Smartscreen Filter > Turn off Smartscreen Filter then click on OK in the box that opens. Then click on the link again.

    Close your browser and double click on this icon on your desktop:

    [​IMG]

    You will then see the screen below, click on the Scan button (as indicated), accept any prompts that appear and allow it to run, it may take several minutes to complete, when it is done, you will get a message saying "PENDING" , Ignore that & click on the Clean button, accept any prompts that appear and allow the system to reboot. You will then be presented with the report, Copy & Paste it into your next post.
    Please note: the newer versions of Adwcleaner have a pretty colour display on some versions of windows and slightly different icons. The screenshots are from the older version but are basically the same

    [​IMG]
     
  11. Aidan884

    Aidan884 Thread Starter

    Joined:
    Jan 9, 2015
    Messages:
    9
    I am pretty sure this did the trick. It got rid of some old adware that my friend accidentally put on my computer that kept popping up. Thank you so much!


    Here are the contents of the AdwCleaner log:




    # AdwCleaner v4.107 - Report created 12/01/2015 at 17:27:17
    # Updated 07/01/2015 by Xplode
    # Database : 2015-01-12.3 [Live]
    # Operating System : Windows 7 Home Premium Service Pack 1 (64 bits)
    # Username : Aidan - AIDAN-PC
    # Running from : C:\Users\Aidan\Desktop\AdwCleaner.exe
    # Option : Clean
    ***** [ Services ] *****
    Service Deleted : e9f32388
    [#] Service Deleted : Skype C2C Service
    ***** [ Files / Folders ] *****
    Folder Deleted : C:\ProgramData\4d09ce8d5400296d
    Folder Deleted : C:\ProgramData\Babylon
    Folder Deleted : C:\ProgramData\NCH Software
    Folder Deleted : C:\ProgramData\Premium
    Folder Deleted : C:\ProgramData\QuickSet
    Folder Deleted : C:\ProgramData\safesoft
    Folder Deleted : C:\ProgramData\wincert
    Folder Deleted : C:\ProgramData\WinSpeed
    Folder Deleted : C:\ProgramData\WinterSoft
    Folder Deleted : C:\ProgramData\Zoomex
    Folder Deleted : C:\ProgramData\ytd video downloader
    Folder Deleted : C:\ProgramData\RoboSaver
    Folder Deleted : C:\ProgramData\SaveNewaAppz
    Folder Deleted : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ytd video downloader
    Folder Deleted : C:\Program Files (x86)\Conduit
    Folder Deleted : C:\Program Files (x86)\GreenTree Applications
    Folder Deleted : C:\Program Files (x86)\gs supporter
    Folder Deleted : C:\Program Files (x86)\NCH Software
    Folder Deleted : C:\Program Files (x86)\Searchqu Toolbar
    Folder Deleted : C:\Program Files (x86)\ss helper
    Folder Deleted : C:\Program Files (x86)\RoboSaver
    Folder Deleted : C:\Program Files (x86)\SaveNewaAppz
    Folder Deleted : C:\Users\Administrator\AppData\Local\torch
    Folder Deleted : C:\Users\Aidan\AppData\Local\Conduit
    Folder Deleted : C:\Users\Aidan\AppData\Local\SwvUpdater
    Folder Deleted : C:\Users\Aidan\AppData\Local\torch
    Folder Deleted : C:\Users\Aidan\AppData\LocalLow\Conduit
    Folder Deleted : C:\Users\Aidan\AppData\LocalLow\DataMngr
    Folder Deleted : C:\Users\Aidan\AppData\LocalLow\Delta
    Folder Deleted : C:\Users\Aidan\AppData\LocalLow\PriceGong
    Folder Deleted : C:\Users\Aidan\AppData\LocalLow\Zoomex
    Folder Deleted : C:\Users\Aidan\AppData\Roaming\Babylon
    Folder Deleted : C:\Users\Aidan\AppData\Roaming\NCH Software
    Folder Deleted : C:\Users\Aidan\Documents\Optimizer Pro
    Folder Deleted : C:\Users\F6DF0C9454B6436B8503\AppData\Local\torch
    Folder Deleted : C:\Users\Guest\AppData\Local\torch
    Folder Deleted : C:\Users\HomeGroupUser$\AppData\Local\torch
    File Deleted : C:\Users\Aidan\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_app.mam.conduit.com_0.localstorage
    File Deleted : C:\Users\Aidan\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_app.mam.conduit.com_0.localstorage-journal
    File Deleted : C:\Users\Aidan\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.azlyrics.com_0.localstorage
    File Deleted : C:\Users\Aidan\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.azlyrics.com_0.localstorage-journal
    File Deleted : C:\Users\Aidan\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.superfish.com_0.localstorage
    File Deleted : C:\Users\Aidan\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.superfish.com_0.localstorage-journal
    File Deleted : C:\Users\Aidan\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.ask.com_0.localstorage-journal
    File Deleted : C:\Users\Aidan\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_toolbar.utorrent.com_0.localstorage-journal
    File Deleted : C:\Users\Aidan\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_services.hearstmags.com_0.localstorage-journal
    File Deleted : C:\Users\Aidan\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxps_www.superfish.com_0.localstorage
    File Deleted : C:\Users\Aidan\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxps_www.superfish.com_0.localstorage-journal
    File Deleted : C:\Users\Aidan\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_services.hearstmags.com_0.localstorage
    File Deleted : C:\Users\Aidan\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_static.ak.facebook.com_0.localstorage
    File Deleted : C:\Users\Aidan\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_static.ak.facebook.com_0.localstorage-journal
    File Deleted : C:\Users\Aidan\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxps_static.olark.com_0.localstorage-journal
    ***** [ Scheduled Tasks ] *****

    ***** [ Shortcuts ] *****

    ***** [ Registry ] *****
    Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\bopakagnckmlgajfccecajhnimjiiedh
    Key Deleted : HKCU\Software\Google\Chrome\Extensions\ejpbbhjlbipncjklfjjaedaieimbmdda
    Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\ejpbbhjlbipncjklfjjaedaieimbmdda
    Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\jcdgjdiieiljkfkdcloehkohchhpekkn
    Key Deleted : HKCU\Software\Google\Chrome\Extensions\klibnahbojhkanfgaglnlalfkgpcppfi
    Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\klibnahbojhkanfgaglnlalfkgpcppfi
    Key Deleted : HKCU\Software\Google\Chrome\Extensions\dknkjnkhedbanphkkpbpcgoblmkbfhlf
    Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\dknkjnkhedbanphkkpbpcgoblmkbfhlf
    Key Deleted : HKCU\Software\Google\Chrome\Extensions\apjkpjchfbckhjhokinlgdbmibpbbjak
    Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\apjkpjchfbckhjhokinlgdbmibpbbjak
    Key Deleted : HKCU\Software\Google\Chrome\Extensions\dnmlhhbehhdmajijfenoldcajelckpmn
    Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\dnmlhhbehhdmajijfenoldcajelckpmn
    Key Deleted : HKCU\Software\MICROSOFT\INTERNET EXPLORER\DOMSTORAGE\superfish.com
    Key Deleted : HKCU\Software\Microsoft\Internet Explorer\DOMStorage\www.superfish.com
    Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Main [bprotector start page]
    Value Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes [bProtectorDefaultScope]
    Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\bProtectSettings
    Key Deleted : HKLM\SOFTWARE\Classes\AppID\{C26644C4-2A12-4CA6-8F2E-0EDE6CF018F3}
    Key Deleted : HKLM\SOFTWARE\Classes\AppID\BrowserConnection.dll
    Key Deleted : HKLM\SOFTWARE\Classes\Prod.cap
    Key Deleted : HKCU\Software\5c55da8cbc3ab845
    Key Deleted : HKLM\SOFTWARE\5c55da8cbc3ab845
    Key Deleted : HKCU\Software\AppDataLow\{5F189DF5-2D05-472B-9091-84D9848AE48B}
    Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{5F189DF5-2D05-472B-9091-84D9848AE48B}{e9f32388}
    Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{5F189DF5-2D05-472B-9091-84D9848AE48B}{f1f78e38}
    Key Deleted : HKLM\SOFTWARE\Classes\AppID\{D97A8234-F2A2-4AD4-91D5-FECDB2C553AF}
    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{1AA60054-57D9-4F99-9A55-D0FBFBE7ECD3}
    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1}
    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{A1CCCE0D-AE21-42A2-BE58-8E6109410995}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{1B730ACF-26A3-447B-9994-14AEE0EB72CC}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{31E3BC75-2A09-4CFF-9C92-8D0ED8D1DC0F}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{3408AC0D-510E-4808-8F7B-6B70B1F88534}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{C66F0B7A-BD67-4982-AF71-C6CA6E7F016F}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{EAF749DC-CD87-4B04-B22A-D4AC3FBCB2BC}
    Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{3EC1A45C-8BC3-4BFE-B226-4051C5D3D068}
    Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{1B730ACF-26A3-447B-9994-14AEE0EB72CC}
    Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{31E3BC75-2A09-4CFF-9C92-8D0ED8D1DC0F}
    Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{3408AC0D-510E-4808-8F7B-6B70B1F88534}
    Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{C66F0B7A-BD67-4982-AF71-C6CA6E7F016F}
    Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{EAF749DC-CD87-4B04-B22A-D4AC3FBCB2BC}
    Key Deleted : [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4D79-A620-CCE0C0A66CC9}
    Key Deleted : [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2421}
    Key Deleted : [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{EEE6C360-6118-11DC-9C72-001320C79847}
    Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2421}
    Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{6B9900F1-055D-4CEE-A93E-312B30C93423}
    Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{D3B917A1-4CB1-4C5C-8673-2BD8B7489972}
    Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2421}
    Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{EEE6C360-6118-11DC-9C72-001320C79847}
    Key Deleted : HKCU\Software\APN PIP
    Key Deleted : HKCU\Software\BI
    Key Deleted : HKCU\Software\Conduit
    [#] Key Deleted : HKCU\Software\DataMngr_Toolbar
    Key Deleted : HKCU\Software\InstallCore
    Key Deleted : HKCU\Software\Optimizer Pro
    Key Deleted : HKCU\Software\PrivitizeVPNInstallDates
    Key Deleted : HKCU\Software\Softonic
    Key Deleted : HKCU\Software\StartSearch
    Key Deleted : HKCU\Software\SweetIM
    Key Deleted : HKCU\Software\systweak
    Key Deleted : HKCU\Software\usyndication.com
    Key Deleted : HKCU\Software\USyndication
    Key Deleted : HKCU\Software\Video Player
    Key Deleted : HKCU\Software\AppDataLow\{1146AC44-2F03-4431-B4FD-889BC837521F}
    Key Deleted : HKCU\Software\AppDataLow\Software\Conduit
    Key Deleted : HKCU\Software\AppDataLow\Software\ConduitSearchScopes
    Key Deleted : HKCU\Software\AppDataLow\Software\PriceGong
    Key Deleted : HKCU\Software\AppDataLow\Software\SmartBar
    Key Deleted : HKLM\SOFTWARE\{3A7D3E19-1B79-4E4E-BD96-5467DA2C4EF0}
    Key Deleted : HKLM\SOFTWARE\{5F189DF5-2D05-472B-9091-84D9848AE48B}
    Key Deleted : HKLM\SOFTWARE\{6791A2F3-FC80-475C-A002-C014AF797E9C}
    Key Deleted : HKLM\SOFTWARE\{77D46E27-0E41-4478-87A6-AABE6FBCF252}
    Key Deleted : HKLM\SOFTWARE\Babylon
    Key Deleted : HKLM\SOFTWARE\Conduit
    Key Deleted : HKLM\SOFTWARE\DataMngr
    Key Deleted : HKLM\SOFTWARE\Iminent
    Key Deleted : HKLM\SOFTWARE\PIP
    Key Deleted : HKLM\SOFTWARE\SearchquSRTB
    Key Deleted : HKLM\SOFTWARE\SProtector
    Key Deleted : HKLM\SOFTWARE\SweetIM
    Key Deleted : HKLM\SOFTWARE\systweak
    Key Deleted : HKLM\SOFTWARE\Vittalia
    Key Deleted : HKLM\SOFTWARE\WS.Booster
    Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{1a413f37-ed88-4fec-9666-5c48dc4b7bb7}
    ***** [ Browsers ] *****
    -\\ Internet Explorer v11.0.9600.17496

    -\\ Cyberfox v

    -\\ Google Chrome v
    [C:\Users\Aidan\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://www.explorelearning.com/index.cfm?method=cSearch.actDoSearch&NewSearch=1&uncompiledQuery={searchTerms}&src=osrchbr
    [C:\Users\Aidan\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://en.softonic.com/s/{searchTerms}
    [C:\Users\Aidan\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://search.aol.com/aol/search?q={searchTerms}
    [C:\Users\Aidan\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://www.ask.com/web?q={searchTerms}
    [C:\Users\Aidan\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://www.gracecenter.us/search-results/?keywords={searchTerms}&show_results=N%253B
    [C:\Users\Aidan\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://searchab.com/?aff=7&uid=fef6fa95-4949-11e2-aa06-642737dd5b96&q={searchTerms}
    [C:\Users\Aidan\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://dts.search-results.com/sr?src=crb&gct=ds&appid=0&systemid=421&apn_dtid=BND421&apn_ptnrs=AGA&o=APN10649&apn_uid=0034137060354216&q={searchTerms}
    [C:\Users\Aidan\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://movies.netflix.com/WiSearch?raw_query=cars+2&ac_category_type=none&ac_rel_posn=-1&ac_abs_posn=-1&v1={searchTerms}&search_submit=
    [C:\Users\Aidan\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://search.conduit.com/Results.aspx?q={searchTerms}&SearchSource=49&cui=UN40533162254923313&ctid=CT3225826
    [C:\Users\Aidan\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://search.conduit.com/Results.aspx?q={searchTerms}&SearchSource=49&cui=UN40533162254923313&ctid=CT3225826
    [C:\Users\Aidan\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://us.yhs4.search.yahoo.com/yhs/search?hsimp=yhs-affiliate_a_gc&hspart=greentree&type=937811_yhs3tst&p={searchTerms}
    -\\ Chromium v
    [C:\Users\Aidan\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://www.explorelearning.com/index.cfm?method=cSearch.actDoSearch&NewSearch=1&uncompiledQuery={searchTerms}&src=osrchbr
    [C:\Users\Aidan\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://en.softonic.com/s/{searchTerms}
    [C:\Users\Aidan\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://search.aol.com/aol/search?q={searchTerms}
    [C:\Users\Aidan\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://www.ask.com/web?q={searchTerms}
    [C:\Users\Aidan\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://www.gracecenter.us/search-results/?keywords={searchTerms}&show_results=N%253B
    [C:\Users\Aidan\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://searchab.com/?aff=7&uid=fef6fa95-4949-11e2-aa06-642737dd5b96&q={searchTerms}
    [C:\Users\Aidan\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://dts.search-results.com/sr?src=crb&gct=ds&appid=0&systemid=421&apn_dtid=BND421&apn_ptnrs=AGA&o=APN10649&apn_uid=0034137060354216&q={searchTerms}
    [C:\Users\Aidan\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://movies.netflix.com/WiSearch?raw_query=cars+2&ac_category_type=none&ac_rel_posn=-1&ac_abs_posn=-1&v1={searchTerms}&search_submit=
    [C:\Users\Aidan\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://search.conduit.com/Results.aspx?q={searchTerms}&SearchSource=49&cui=UN40533162254923313&ctid=CT3225826
    [C:\Users\Aidan\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://search.conduit.com/Results.aspx?q={searchTerms}&SearchSource=49&cui=UN40533162254923313&ctid=CT3225826
    [C:\Users\Aidan\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://us.yhs4.search.yahoo.com/yhs/search?hsimp=yhs-affiliate_a_gc&hspart=greentree&type=937811_yhs3tst&p={searchTerms}
    -\\ Comodo Dragon v
    [C:\Users\Aidan\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://www.explorelearning.com/index.cfm?method=cSearch.actDoSearch&NewSearch=1&uncompiledQuery={searchTerms}&src=osrchbr
    [C:\Users\Aidan\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://en.softonic.com/s/{searchTerms}
    [C:\Users\Aidan\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://search.aol.com/aol/search?q={searchTerms}
    [C:\Users\Aidan\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://www.ask.com/web?q={searchTerms}
    [C:\Users\Aidan\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://www.gracecenter.us/search-results/?keywords={searchTerms}&show_results=N%253B
    [C:\Users\Aidan\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://searchab.com/?aff=7&uid=fef6fa95-4949-11e2-aa06-642737dd5b96&q={searchTerms}
    [C:\Users\Aidan\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://dts.search-results.com/sr?src=crb&gct=ds&appid=0&systemid=421&apn_dtid=BND421&apn_ptnrs=AGA&o=APN10649&apn_uid=0034137060354216&q={searchTerms}
    [C:\Users\Aidan\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://movies.netflix.com/WiSearch?raw_query=cars+2&ac_category_type=none&ac_rel_posn=-1&ac_abs_posn=-1&v1={searchTerms}&search_submit=
    [C:\Users\Aidan\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://search.conduit.com/Results.aspx?q={searchTerms}&SearchSource=49&cui=UN40533162254923313&ctid=CT3225826
    [C:\Users\Aidan\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://search.conduit.com/Results.aspx?q={searchTerms}&SearchSource=49&cui=UN40533162254923313&ctid=CT3225826
    [C:\Users\Aidan\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://us.yhs4.search.yahoo.com/yhs/search?hsimp=yhs-affiliate_a_gc&hspart=greentree&type=937811_yhs3tst&p={searchTerms}
    *************************
    AdwCleaner[R0].txt - [14906 octets] - [12/01/2015 17:11:24]
    AdwCleaner[S0].txt - [17319 octets] - [12/01/2015 17:27:17]
    ########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [17380 octets] ##########
     
  12. Aidan884

    Aidan884 Thread Starter

    Joined:
    Jan 9, 2015
    Messages:
    9
    Nevermind. It came back. This thing is hard to kill!
     
  13. dvk01

    dvk01 Moderator Malware Specialist

    Joined:
    Dec 14, 2002
    Messages:
    56,283
    First Name:
    Derek
    Please download Farbar Recovery Scan Tool and save it to your Desktop.

    Note: You need to download and run the 64 bit version

    • Right click to run as administrator. When the tool opens click Yes to disclaimer.
    • under the optional; scans, please also select shorcuts
    • Press Scan button.
    • It will produce a log called FRST.txt in the same directory the tool is run from.
    • Please copy and paste log back here.
    • The first time the tool is run it generates another log (Addition.txt - also located in the same directory as FRST.exe/FRST64.exe). Please also paste that along with the FRST.txt into your reply.
     
  14. Aidan884

    Aidan884 Thread Starter

    Joined:
    Jan 9, 2015
    Messages:
    9
    Here are the contents of the FRST log:


    Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 12-01-2015 02
    Ran by Aidan (administrator) on AIDAN-PC on 13-01-2015 18:44:02
    Running from C:\Users\Aidan\Desktop
    Loaded Profile: Aidan (Available profiles: Aidan)
    Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: English (United States)
    Internet Explorer Version 11 (Default browser: Cyberfox)
    Boot Mode: Safe Mode (with Networking)
    Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
    ==================== Processes (Whitelisted) =================
    (If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
    (McAfee, Inc.) C:\Windows\System32\mfevtps.exe
    (Commtouch, Inc.) C:\Program Files\Common Files\Authentium\AntiVirus5\vsedsps.exe
    (McAfee, Inc.) C:\Program Files\Common Files\mcafee\systemcore\mfefire.exe
    (Commtouch, Inc.) C:\Program Files\Common Files\Authentium\AntiVirus5\vseamps.exe
    (LogMeIn Inc.) C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe
    (LogMeIn, Inc.) C:\Program Files (x86)\LogMeIn Hamachi\LMIGuardianSvc.exe
    (iolo technologies, LLC) C:\Program Files (x86)\iolo\Common\Lib\ioloServiceManager.exe
    (iolo technologies, LLC) C:\Program Files (x86)\iolo\Common\Lib\WscRmd.exe
    (iolo technologies, LLC) C:\Program Files (x86)\iolo\Common\Lib\WscRmd.exe
    (iolo technologies, LLC) C:\Program Files (x86)\iolo\System Mechanic Professional\LiveBoost.exe
    (iolo technologies, LLC) C:\Program Files (x86)\iolo\System Mechanic Professional\System Shield\ioloSSTray.exe
    (iolo technologies, LLC) C:\Program Files (x86)\iolo\Common\Lib\WscRmd.exe
    (iolo technologies, LLC) C:\Program Files (x86)\iolo\Common\Lib\WscRmd.exe
    (Microsoft Corporation) C:\Windows\System32\dllhost.exe
    (iolo technologies, LLC) C:\Program Files (x86)\iolo\Common\Lib\WscRmd.exe
    (iolo technologies, LLC) C:\Program Files (x86)\iolo\Common\Lib\WscRmd.exe
    (iolo technologies, LLC) C:\Program Files (x86)\iolo\Common\Lib\WscRmd.exe
    (iolo technologies, LLC) C:\Program Files (x86)\iolo\Common\Lib\WscRmd.exe
    (Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe

    ==================== Registry (Whitelisted) ==================
    (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
    HKLM\...\Run: [SysTrayApp] => C:\Program Files\IDT\WDM\sttray64.exe [1424896 2011-09-08] (IDT, Inc.)
    HKLM\...\Run: [DellStage] => C:\Program Files (x86)\Dell Stage\Dell Stage\stage_primary.exe [2190704 2011-11-03] ()
    HKLM\...\Run: [Broadcom Wireless Manager UI] => C:\Program Files\Dell\DW WLAN Card\WLTRAY.exe [7464448 2012-03-10] (Dell Inc.)
    HKLM\...\Run: [Apoint] => C:\Program Files\DellTPad\Apoint.exe [609144 2011-04-12] (Alps Electric Co., Ltd.)
    HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [500208 2010-02-22] (Adobe Systems Incorporated)
    HKLM\...\Run: [EKIJ5000StatusMonitor] => C:\windows\system32\spool\DRIVERS\x64\3\EKIJ5000MUI.exe [3182080 2012-10-08] (Eastman Kodak Company)
    HKLM-x32\...\Run: [Dell Webcam Central] => C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe [503942 2011-04-13] (Creative Technology Ltd)
    HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [60712 2014-10-11] (Apple Inc.)
    HKLM-x32\...\Run: [Adobe_ID0ENQBO] => C:\Program Files (x86)\Common Files\Adobe\Adobe Version Cue CS4\Server\bin\VersionCueCS4Tray.exe [378224 2008-08-15] (Adobe Systems Incorporated)
    HKLM-x32\...\Run: [AdobeCS4ServiceManager] => C:\Program Files (x86)\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe [611712 2008-08-14] (Adobe Systems Incorporated)
    HKLM-x32\...\Run: [DigidesignMMERefresh] => C:\Program Files (x86)\Digidesign\Drivers\MMERefresh.exe [81920 2011-08-11] (Avid Technology, Inc..)
    HKLM-x32\...\Run: [EKStatusMonitor] => C:\Program Files (x86)\Kodak\AiO\StatusMonitor\EKStatusMonitor.exe [2750840 2013-12-11] (Eastman Kodak Company)
    HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [157480 2014-10-15] (Apple Inc.)
    HKLM-x32\...\Run: [LogMeIn Hamachi Ui] => C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe [3838800 2014-12-13] (LogMeIn Inc.)
    HKU\S-1-5-21-41472551-3302669374-2398554026-1002\...\Run: [Steam] => C:\Program Files (x86)\Steam\steam.exe [1940160 2014-11-18] (Valve Corporation)
    HKU\S-1-5-21-41472551-3302669374-2398554026-1002\...\Run: [ApplePhotoStreams] => C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe [59720 2013-11-20] (Apple Inc.)
    HKU\S-1-5-21-41472551-3302669374-2398554026-1002\...\Run: [Game Update] => C:\Users\Aidan\AppData\Roaming\WUDFHost.exe [190842 2013-07-22] (Microsoft Corporation)
    HKU\S-1-5-21-41472551-3302669374-2398554026-1002\...\Run: [EADM] => C:\Program Files (x86)\Origin\Origin.exe [3618648 2014-12-18] (Electronic Arts)
    HKU\S-1-5-21-41472551-3302669374-2398554026-1002\...\Run: [RocketDock] => C:\Program Files (x86)\RocketDock\RocketDock.exe [495616 2007-09-02] ()
    HKU\S-1-5-21-41472551-3302669374-2398554026-1002\...\Run: [ooVoo.exe] => C:\Program Files (x86)\ooVoo\oovoo.exe [36247104 2014-03-25] (ooVoo LLC)
    HKU\S-1-5-21-41472551-3302669374-2398554026-1002\...\Run: [Cloud Sync Application] => C:\Program Files (x86)\Renewed Vision\ProPresenter 5\CloudSyncApp.exe [169984 2014-03-12] (Renewed Vision, Inc)
    HKU\S-1-5-21-41472551-3302669374-2398554026-1002\...\Run: [Clownfish] => C:\Program Files (x86)\Clownfish\Clownfish.exe [1315072 2014-06-09] (Bogdan Sharkov)
    HKU\S-1-5-21-41472551-3302669374-2398554026-1002\...\Run: [Xwqgvctxd] => regsvr32.exe /s "C:\Users\Aidan\AppData\Local\Octodad Dadliest Catch\Xwqgvctxd.dll" <===== ATTENTION
    HKU\S-1-5-21-41472551-3302669374-2398554026-1002\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [30877280 2014-12-11] (Skype Technologies S.A.)
    HKU\S-1-5-18\...\RunOnce: [KodakHomeCenter] => C:\Program Files (x86)\Kodak\AiO\Center\AiOHomeCenter.exe [2234064 2014-05-06] (Eastman Kodak Company)
    ShellIconOverlayIdentifiers: [DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Aidan\AppData\Roaming\Dropbox\bin\DropboxExt64.19.dll (Dropbox, Inc.)
    ShellIconOverlayIdentifiers: [DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Aidan\AppData\Roaming\Dropbox\bin\DropboxExt64.19.dll (Dropbox, Inc.)
    ShellIconOverlayIdentifiers: [DropboxExt3] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Aidan\AppData\Roaming\Dropbox\bin\DropboxExt64.19.dll (Dropbox, Inc.)
    ShellIconOverlayIdentifiers: [DropboxExt4] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Aidan\AppData\Roaming\Dropbox\bin\DropboxExt64.19.dll (Dropbox, Inc.)
    ShellIconOverlayIdentifiers: [P4EXPCheckoutOverlay] -> {80E008A4-EAE7-4867-AEB0-1A245F070F25} => C:\Program Files\Perforce\p4exp64.dll (Perforce Software Inc.)
    ShellIconOverlayIdentifiers: [P4EXPSyncdOverlay] -> {ADF262C1-E8FE-49BE-AD63-F77CD4A6CCD9} => C:\Program Files\Perforce\p4exp64.dll (Perforce Software Inc.)
    ShellIconOverlayIdentifiers: [P4EXPUpdateOverlay] -> {C550CDA2-37D7-4838-A9D7-65ECB1EB5AB2} => C:\Program Files\Perforce\p4exp64.dll (Perforce Software Inc.)
    ShellIconOverlayIdentifiers-x32: [DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Aidan\AppData\Roaming\Dropbox\bin\DropboxExt.19.dll (Dropbox, Inc.)
    ShellIconOverlayIdentifiers-x32: [DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Aidan\AppData\Roaming\Dropbox\bin\DropboxExt.19.dll (Dropbox, Inc.)
    ShellIconOverlayIdentifiers-x32: [DropboxExt3] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Aidan\AppData\Roaming\Dropbox\bin\DropboxExt.19.dll (Dropbox, Inc.)
    ShellIconOverlayIdentifiers-x32: [P4EXPCheckoutOverlay] -> {80E008A4-EAE7-4867-AEB0-1A245F070F25} => C:\Program Files\Perforce\p4exp.dll (Perforce Software Inc.)
    ShellIconOverlayIdentifiers-x32: [P4EXPSyncdOverlay] -> {ADF262C1-E8FE-49BE-AD63-F77CD4A6CCD9} => C:\Program Files\Perforce\p4exp.dll (Perforce Software Inc.)
    ShellIconOverlayIdentifiers-x32: [P4EXPUpdateOverlay] -> {C550CDA2-37D7-4838-A9D7-65ECB1EB5AB2} => C:\Program Files\Perforce\p4exp.dll (Perforce Software Inc.)
    BootExecute: autocheck autochk *
    GroupPolicy: Group Policy on Chrome detected <======= ATTENTION
    CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
    ==================== Internet (Whitelisted) ====================
    (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
    HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
    HKU\S-1-5-21-41472551-3302669374-2398554026-1002\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
    HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
    HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Local Page =
    HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
    HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
    HKU\S-1-5-21-41472551-3302669374-2398554026-1002\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
    URLSearchHook: HKLM-x32 - WhiteSmoke New Toolbar - {739df940-c5ee-4bab-9d7e-270894ae687a} - C:\Program Files (x86)\WhiteSmoke_New\prxtbWhit.dll (Conduit Ltd.)
    URLSearchHook: HKU\S-1-5-21-41472551-3302669374-2398554026-1002 - WhiteSmoke New Toolbar - {739df940-c5ee-4bab-9d7e-270894ae687a} - C:\Program Files (x86)\WhiteSmoke_New\prxtbWhit.dll (Conduit Ltd.)
    StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
    SearchScopes: HKLM -> {2F1E335A-858A-4BE9-8F6B-D0AF1D018B53} URL = http://www.bing.com/search?q={searchTerms}&form=DLCDF8&pc=MDDC&src=IE-SearchBox
    SearchScopes: HKLM-x32 -> {2F1E335A-858A-4BE9-8F6B-D0AF1D018B53} URL = http://www.bing.com/search?q={searchTerms}&form=DLCDF8&pc=MDDC&src=IE-SearchBox
    SearchScopes: HKLM-x32 -> {8299FC23-462F-4BF1-B5BA-E604B58D0B0C} URL = ${SEARCH_URL}{searchTerms}
    SearchScopes: HKLM-x32 -> {8B099E24-13E5-47CD-9141-E397FB0068EF} URL = ${SEARCH_URL}{searchTerms}
    SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
    SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
    SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
    SearchScopes: HKU\S-1-5-21-41472551-3302669374-2398554026-1002 -> DefaultScope {8299FC23-462F-4BF1-B5BA-E604B58D0B0C} URL = http://search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&ilc=12&type=714647&p={searchTerms}
    SearchScopes: HKU\S-1-5-21-41472551-3302669374-2398554026-1002 -> {8299FC23-462F-4BF1-B5BA-E604B58D0B0C} URL = http://search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&ilc=12&type=714647&p={searchTerms}
    BHO: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Microsoft Corporation)
    BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
    BHO-x32: MSS+ Identifier -> {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} -> C:\Program Files\McAfee Security Scan\3.8.150\McAfeeMSS_IE.dll (McAfee, Inc.)
    BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
    BHO-x32: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Microsoft Corporation)
    BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
    BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
    DPF: HKLM-x32 {6C269571-C6D7-4818-BCA4-32A035E8C884} http://ccfiles.creative.com/Web/softwareupdate/su/ocx/15102/CTSUEng.cab
    DPF: HKLM-x32 {D4B68B83-8710-488B-A692-D74B50BA558E} http://ccfiles.creative.com/Web/softwareupdate/ocx/15113/CTPIDPDE.cab
    DPF: HKLM-x32 {F6ACF75C-C32C-447B-9BEF-46B766368D29} http://ccfiles.creative.com/Web/softwareupdate/ocx/130321/CTPID.cab
    Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
    Handler: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Microsoft Corporation)
    Handler-x32: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Microsoft Corporation)
    Filter: video/mp4 - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files\AMD\SteadyVideo\VideoMIMEFilter.dll (Advanced Micro Devices)
    Filter-x32: video/mp4 - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files (x86)\amd\SteadyVideo\VideoMIMEFilter.dll (Advanced Micro Devices)
    Filter: video/x-flv - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files\AMD\SteadyVideo\VideoMIMEFilter.dll (Advanced Micro Devices)
    Filter-x32: video/x-flv - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files (x86)\amd\SteadyVideo\VideoMIMEFilter.dll (Advanced Micro Devices)
    FireFox:
    ========
    FF Plugin: @adobe.com/FlashPlayer -> C:\windows\system32\Macromed\Flash\NPSWF64_16_0_0_235.dll ()
    FF Plugin: @java.com/DTPlugin,version=10.10.2 -> C:\windows\system32\npDeployJava1.dll (Oracle Corporation)
    FF Plugin: @microsoft.com/GENUINE -> disabled No File
    FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
    FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~3\Office14\NPAUTHZ.DLL (Microsoft Corporation)
    FF Plugin-x32: @adobe.com/FlashPlayer -> C:\windows\SysWOW64\Macromed\Flash\NPSWF32_16_0_0_235.dll ()
    FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\windows\SysWOW64\Adobe\Director\np32dsw_1202122.dll (Adobe Systems, Inc.)
    FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
    FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
    FF Plugin-x32: @java.com/DTPlugin,version=10.71.2 -> C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
    FF Plugin-x32: @java.com/JavaPlugin,version=10.71.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
    FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
    FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
    FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
    FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
    FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
    FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
    FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
    FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
    FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
    FF Plugin HKU\S-1-5-21-41472551-3302669374-2398554026-1002: @talk.google.com/GoogleTalkPlugin -> C:\Users\Aidan\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll (Google)
    FF Plugin HKU\S-1-5-21-41472551-3302669374-2398554026-1002: @talk.google.com/O1DPlugin -> C:\Users\Aidan\AppData\Roaming\Mozilla\plugins\npo1d.dll (Google)
    FF Plugin HKU\S-1-5-21-41472551-3302669374-2398554026-1002: @tools.google.com/Google Update;version=3 -> C:\Users\Aidan\AppData\Local\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
    FF Plugin HKU\S-1-5-21-41472551-3302669374-2398554026-1002: @tools.google.com/Google Update;version=9 -> C:\Users\Aidan\AppData\Local\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
    FF Plugin HKU\S-1-5-21-41472551-3302669374-2398554026-1002: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\Aidan\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
    FF Plugin ProgramFiles/Appdata: C:\Users\Aidan\AppData\Roaming\mozilla\plugins\npgoogletalk.dll (Google)
    FF Plugin ProgramFiles/Appdata: C:\Users\Aidan\AppData\Roaming\mozilla\plugins\npo1d.dll (Google)
    Chrome:
    =======
    CHR Profile: C:\Users\Aidan\AppData\Local\Google\Chrome\User Data\Default
    CHR Extension: (Google Docs) - C:\Users\Aidan\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-10-04]
    CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\Aidan\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-11-01]
    CHR Extension: (YouTube) - C:\Users\Aidan\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-10-04]
    CHR Extension: (Firebug Lite for Google Chrome™) - C:\Users\Aidan\AppData\Local\Google\Chrome\User Data\Default\Extensions\bmagokdooijbeehmkpknfglimnifench [2014-10-04]
    CHR Extension: (Adblock Plus) - C:\Users\Aidan\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2014-03-01]
    CHR Extension: (Google Search) - C:\Users\Aidan\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-10-04]
    CHR Extension: (Facebook Customizer (by Adblock Plus)) - C:\Users\Aidan\AppData\Local\Google\Chrome\User Data\Default\Extensions\deoeenbkoccjaefmmhpmlegngdjohdcm [2014-05-04]
    CHR Extension: (Google Play Music) - C:\Users\Aidan\AppData\Local\Google\Chrome\User Data\Default\Extensions\fahmaaghhglfmonjliepjlchgpgfmobi [2014-10-04]
    CHR Extension: (Hola Better Internet) - C:\Users\Aidan\AppData\Local\Google\Chrome\User Data\Default\Extensions\gkojfkhlekighikafcpjkiklfbnlmeio [2014-05-23]
    CHR Extension: (Torch Fields) - C:\Users\Aidan\AppData\Local\Google\Chrome\User Data\Default\Extensions\ihbnagjkaobebmgafmldcniinabinifk [2014-03-01]
    CHR Extension: (Quick Note) - C:\Users\Aidan\AppData\Local\Google\Chrome\User Data\Default\Extensions\mijlebbfndhelmdpmllgcfadlkankhok [2014-10-04]
    CHR Extension: (Google Wallet) - C:\Users\Aidan\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-08-22]
    CHR Extension: (My Chrome Theme) - C:\Users\Aidan\AppData\Local\Google\Chrome\User Data\Default\Extensions\oehpjpccmlcalbenfhnacjeocbjdonic [2014-10-04]
    CHR Profile: C:\Users\Aidan\AppData\Local\Google\Chrome\User Data\Profile 2
    CHR Extension: (No Name) - C:\Users\Aidan\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2013-05-31]
    CHR Extension: (SaVENewaAppz) - C:\Users\Aidan\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\ccnckhdabdfbgndjkiilmcgdifmedljo [2013-12-29]
    CHR Extension: (No Name) - C:\Users\Aidan\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2013-05-31]
    CHR Extension: (No Name) - C:\Users\Aidan\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\dnmlhhbehhdmajijfenoldcajelckpmn [2013-07-17]
    CHR Extension: (Delta Toolbar) - C:\Users\Aidan\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\eooncjejnppfjjklapaamhcdmjbilmde [2013-05-31]
    CHR Extension: (Zoomex) - C:\Users\Aidan\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\gcgkbdalhphgdenjalkmbplpmciebbfh [2013-05-31]
    CHR Extension: (Zoomex) - C:\Users\Aidan\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\hakignilgjdflknlkkclilebnmopinpf [2013-05-31]
    CHR Extension: (No Name) - C:\Users\Aidan\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\hgljgnjibpkcjnneiccmfjpjcanbhfld [2013-12-28]
    CHR Extension: (Domain Error Assistant) - C:\Users\Aidan\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\icdlfehblmklkikfigmjhbmmpmkmpooj [2013-05-31]
    CHR Extension: (SweetIM for Facebook) - C:\Users\Aidan\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\jcdgjdiieiljkfkdcloehkohchhpekkn [2013-05-31]
    CHR Extension: (No Name) - C:\Users\Aidan\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\jimcjgibkkgdjagpgeiogpccfigndide [2013-11-16]
    CHR Extension: (WhiteSmoke New) - C:\Users\Aidan\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\klibnahbojhkanfgaglnlalfkgpcppfi [2013-05-31]
    CHR Extension: (Skype Click to Call) - C:\Users\Aidan\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl [2013-05-31]
    CHR Extension: (Savings-Slider) - C:\Users\Aidan\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\mhkaekfpcppmmioggniknbnbdbcigpkk [2013-05-31]
    CHR Extension: (No Name) - C:\Users\Aidan\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2013-05-31]
    CHR HKLM-x32\...\Chrome\Extension: [acnjnkooijlohjgodnblmijfdghidcgn] - C:\ProgramData\Zoomex\acnjnkooijlohjgodnblmijfdghidcgn.crx [Not Found]
    CHR HKLM-x32\...\Chrome\Extension: [gcgkbdalhphgdenjalkmbplpmciebbfh] - C:\ProgramData\Zoomex\gcgkbdalhphgdenjalkmbplpmciebbfh.crx [Not Found]
    CHR HKLM-x32\...\Chrome\Extension: [hakignilgjdflknlkkclilebnmopinpf] - C:\ProgramData\Zoomex\hakignilgjdflknlkkclilebnmopinpf.crx [Not Found]
    CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files (x86)\Skype\Toolbars\ChromeExtension\skype_chrome_extension.crx [2014-07-14]
    ==================== Services (Whitelisted) =================
    (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
    S2 Abrosoft: Abrosoft FantaMorph update permissions manager. 12810.; C:\Program Files (x86)\Abrosoft\FantaMorph5\FantaUp.exe [224176 2010-11-18] ()
    S3 Adobe Version Cue CS4; C:\Program Files (x86)\Common Files\Adobe\Adobe Version Cue CS4\Server\bin\VersionCueCS4.exe [284016 2008-08-15] (Adobe Systems Incorporated)
    S2 AMD FUEL Service; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [361984 2011-11-14] (Advanced Micro Devices, Inc.) [File not signed]
    S2 c2cautoupdatesvc; C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [1390176 2014-07-14] (Microsoft Corporation)
    S2 c2cpnrsvc; C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [1767520 2014-07-14] (Microsoft Corporation)
    S2 DellDigitalDelivery; C:\Program Files (x86)\Dell Digital Delivery\DeliveryService.exe [162816 2011-10-26] (Dell Products, LP.) [File not signed]
    S2 DigiRefresh; C:\Program Files (x86)\Digidesign\Drivers\MMERefresh.exe [81920 2011-08-11] (Avid Technology, Inc..) [File not signed]
    S2 FastTrackAudioDevMon; C:\Program Files (x86)\M-Audio\Fast Track\AudioDevMon.exe [1962768 2013-05-21] (M-Audio)
    S3 fussvc; C:\Program Files (x86)\Windows Kits\8.0\App Certification Kit\fussvc.exe [139776 2012-07-25] (Microsoft Corporation) [File not signed]
    R2 ioloSystemService; C:\Program Files (x86)\iolo\Common\Lib\ioloServiceManager.exe [4700872 2014-08-12] (iolo technologies, LLC)
    S2 LMIGuardianSvc; C:\Program Files (x86)\LogMeIn Hamachi\LMIGuardianSvc.exe [417552 2014-12-02] (LogMeIn, Inc.)
    S3 McComponentHostService; C:\Program Files\McAfee Security Scan\3.8.150\McCHSvc.exe [289256 2014-04-09] (McAfee, Inc.)
    S4 McShield; C:\Program Files\Common Files\McAfee\SystemCore\\mcshield.exe [199304 2012-05-25] (McAfee, Inc.)
    R2 mfefire; C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe [210616 2012-05-25] (McAfee, Inc.)
    R2 mfevtp; C:\Windows\system32\mfevtps.exe [177144 2012-07-17] (McAfee, Inc.)
    S3 Origin Client Service; C:\Program Files (x86)\Origin\OriginClientService.exe [1903472 2014-12-18] (Electronic Arts)
    S3 OverwolfUpdaterService; C:\Program Files (x86)\Overwolf\OverwolfUpdater.exe [99616 2014-03-05] (Overwolf LTD)
    S2 PaceLicenseDServices; C:\Program Files (x86)\Common Files\PACE\Services\LicenseServices\LDSvc.exe [2928128 2012-11-19] (PACE Anti-Piracy, Inc.) [File not signed]
    S2 PnkBstrA; C:\windows\SysWOW64\PnkBstrA.exe [76888 2014-04-25] ()
    S3 Te.Service; C:\Program Files (x86)\Windows Kits\8.0\Testing\Runtimes\TAEF\Wex.Services.exe [126976 2012-07-25] (Microsoft Corporation) [File not signed]
    S2 TeamViewer; C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe [5426448 2014-12-15] (TeamViewer GmbH)
    S2 UnsignedThemes; C:\windows\UnsignedThemesSvc.exe [21096 2009-07-13] (The Within Network, LLC)
    R2 vseamps; C:\Program Files\Common Files\Authentium\AntiVirus5\vseamps.exe [121696 2012-08-24] (Commtouch, Inc.)
    R2 vsedsps; C:\Program Files\Common Files\Authentium\AntiVirus5\vsedsps.exe [119136 2012-08-24] (Commtouch, Inc.)
    S3 vseqrts; C:\Program Files\Common Files\Authentium\AntiVirus5\vseqrts.exe [181600 2012-08-24] (Commtouch, Inc.)
    S3 wampapache64; c:\wamp\bin\apache\apache2.4.9\bin\httpd.exe [24576 2014-05-01] (Apache Software Foundation) [File not signed]
    S3 wampmysqld64; c:\wamp\bin\mysql\mysql5.6.17\bin\mysqld.exe [12942848 2014-05-01] () [File not signed]
    S2 wltrysvc; C:\Program Files\Dell\DW WLAN Card\bcmwltry.exe [6146560 2012-03-10] (Dell Inc.) [File not signed]
    S3 COMSysApp; %SystemRoot%\system32\dllhost.exe /Processid:{02D4B3F1-FD88-11D1-960D-00805FC79235}
    ==================== Drivers (Whitelisted) ====================
    (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
    S2 AMP; C:\windows\system32\Drivers\amp.sys [173408 2012-08-24] (Commtouch, Inc.)
    S2 AMPSE; C:\windows\system32\Drivers\ampse.sys [1504608 2012-08-24] (Commtouch, Inc.)
    U5 AppMgmt; C:\Windows\system32\svchost.exe [27136 2009-07-13] (Microsoft Corporation)
    S3 cfwids; C:\Windows\System32\drivers\cfwids.sys [65264 2012-02-22] (McAfee, Inc.)
    S1 ElRawDisk; C:\windows\system32\drivers\ElRawDsk.sys [30752 2012-08-02] (EldoS Corporation)
    S1 FileDisk; No ImagePath
    S3 ManyCam; C:\Windows\System32\DRIVERS\mcvidrv_x64.sys [44928 2012-10-10] (ManyCam LLC)
    S3 MAUSBFASTTRACK; C:\Windows\System32\DRIVERS\MAudioFastTrack.sys [187912 2010-12-07] (Avid Technology, Inc.)
    S3 mcaudrv_simple; C:\Windows\System32\drivers\mcaudrv_x64.sys [28160 2013-01-31] (ManyCam LLC)
    S3 mfeapfk; C:\Windows\System32\drivers\mfeapfk.sys [160792 2012-02-22] (McAfee, Inc.)
    S3 mfeavfk; C:\Windows\System32\drivers\mfeavfk.sys [229528 2012-02-22] (McAfee, Inc.)
    R3 mfefirek; C:\Windows\System32\drivers\mfefirek.sys [487296 2012-02-22] (McAfee, Inc.)
    R0 mfehidk; C:\Windows\System32\drivers\mfehidk.sys [752672 2012-07-17] (McAfee, Inc.)
    R1 mfenlfk; C:\Windows\System32\DRIVERS\mfenlfk.sys [75936 2012-02-22] (McAfee, Inc.)
    S3 mferkdet; C:\Windows\System32\drivers\mferkdet.sys [100912 2012-02-22] (McAfee, Inc.)
    R0 mfewfpk; C:\Windows\System32\drivers\mfewfpk.sys [335784 2012-07-17] (McAfee, Inc.)
    S1 RawDisk3; C:\windows\system32\drivers\rawdsk3.sys [32912 2014-08-12] (EldoS Corporation)
    S3 ssadbus; C:\Windows\System32\DRIVERS\ssadbus.sys [157160 2011-01-12] (MCCI Corporation) [File not signed]
    S3 tapoas; C:\Windows\System32\DRIVERS\tapoas.sys [30720 2011-08-18] (The OpenVPN Project)
    S3 TSVAD_PCM; C:\Windows\System32\drivers\tsvadpcm.sys [33552 2012-08-22] (Windows (R) Win 7 DDK provider)
    S3 USBAAPL64; C:\Windows\System32\Drivers\usbaapl64.sys [54784 2012-12-13] (Apple, Inc.) [File not signed]
    S2 uxpatch; C:\windows\SysWOW64\drivers\uxpatch.sys [25448 2009-07-13] ()
    S3 voxaldriver; C:\Windows\System32\DRIVERS\voxaldriverx64.sys [33488 2014-01-11] ()
    S3 VSPerfDrv110; C:\Program Files (x86)\Microsoft Visual Studio 11.0\Team Tools\Performance Tools\x64\VSPerfDrv110.sys [70264 2012-07-13] (Microsoft Corporation)
    S3 catchme; \??\C:\ComboFix\catchme.sys [X]
    S3 mfehidk01; \Device\mfehidk01.sys [X]
    S3 PCDSRVC{D3412D80-CF3B4A27-06020200}_0; \??\c:\program files\my dell\pcdsrvc_x64.pkms [X]
    ==================== NetSvcs (Whitelisted) ===================
    (If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)

    ==================== One Month Created Files and Folders ========
    (If an entry is included in the fixlist, the file\folder will be moved.)
    2015-01-13 18:44 - 2015-01-13 18:45 - 00028978 _____ () C:\Users\Aidan\Desktop\FRST.txt
    2015-01-13 18:43 - 2015-01-13 18:44 - 00000000 ____D () C:\FRST
    2015-01-13 18:42 - 2015-01-13 18:42 - 02124288 _____ (Farbar) C:\Users\Aidan\Desktop\FRST64.exe
    2015-01-13 18:34 - 2015-01-13 18:34 - 00000408 _____ () C:\windows\SysWOW64\iolo.ini
    2015-01-13 18:34 - 2015-01-13 18:34 - 00000408 _____ () C:\windows\system32\iolo.ini
    2015-01-12 17:11 - 2015-01-12 17:31 - 00000000 ____D () C:\AdwCleaner
    2015-01-12 17:09 - 2015-01-12 17:09 - 02191360 _____ () C:\Users\Aidan\Desktop\AdwCleaner.exe
    2015-01-11 19:22 - 2015-01-11 19:22 - 00043727 _____ () C:\ComboFix.txt
    2015-01-11 18:52 - 2015-01-11 19:22 - 00000000 ____D () C:\ComboFix
    2015-01-11 18:50 - 2015-01-02 06:31 - 00000262 _____ () C:\Users\Aidan\Desktop\boot.reg
    2015-01-11 18:47 - 2015-01-11 18:47 - 00000321 _____ () C:\Users\Aidan\Desktop\boot.zip
    2015-01-11 17:05 - 2015-01-11 17:05 - 00000814 _____ () C:\Users\Public\Desktop\Cyberfox.lnk
    2015-01-11 17:05 - 2015-01-11 17:05 - 00000000 ____D () C:\Users\Aidan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Cyberfox
    2015-01-11 17:05 - 2015-01-11 17:05 - 00000000 ____D () C:\Users\Aidan\AppData\Roaming\8pecxstudios
    2015-01-11 17:05 - 2015-01-11 17:05 - 00000000 ____D () C:\Users\Aidan\AppData\Local\8pecxstudios
    2015-01-11 17:04 - 2015-01-11 20:01 - 00000000 ____D () C:\Program Files\Cyberfox
    2015-01-11 10:19 - 2015-01-11 10:19 - 00001293 _____ () C:\CF-Submit.htm
    2015-01-10 14:02 - 2011-06-26 00:45 - 00256000 _____ () C:\windows\PEV.exe
    2015-01-10 14:02 - 2010-11-07 11:20 - 00208896 _____ () C:\windows\MBR.exe
    2015-01-10 14:02 - 2009-04-19 22:56 - 00060416 _____ (NirSoft) C:\windows\NIRCMD.exe
    2015-01-10 14:02 - 2000-08-30 18:00 - 00518144 _____ (SteelWerX) C:\windows\SWREG.exe
    2015-01-10 14:02 - 2000-08-30 18:00 - 00406528 _____ (SteelWerX) C:\windows\SWSC.exe
    2015-01-10 14:02 - 2000-08-30 18:00 - 00098816 _____ () C:\windows\sed.exe
    2015-01-10 14:02 - 2000-08-30 18:00 - 00080412 _____ () C:\windows\grep.exe
    2015-01-10 14:02 - 2000-08-30 18:00 - 00068096 _____ () C:\windows\zip.exe
    2015-01-10 14:01 - 2015-01-11 19:22 - 00000000 ____D () C:\Qoobox
    2015-01-10 13:58 - 2015-01-11 12:28 - 00000000 ____D () C:\windows\erdnt
    2015-01-10 13:55 - 2015-01-10 13:55 - 05609736 ____R (Swearware) C:\Users\Aidan\Desktop\ComboFix.exe
    2015-01-10 12:54 - 2015-01-10 12:55 - 00012182 _____ () C:\Users\Aidan\Desktop\dds and attach logs.zip
    2015-01-10 12:41 - 2015-01-10 12:41 - 00019364 _____ () C:\Users\Aidan\Desktop\attach.txt
    2015-01-10 12:41 - 2015-01-10 12:40 - 00023428 _____ () C:\Users\Aidan\Desktop\dds.txt
    2015-01-05 20:16 - 2015-01-05 20:17 - 00000000 ____D () C:\Program Files\CyberfoxPortable
    2015-01-04 20:09 - 2015-01-04 20:09 - 00000000 ____D () C:\Users\Aidan\AppData\Roaming\TeamViewer
    2015-01-04 20:01 - 2015-01-04 20:01 - 00001045 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TeamViewer 10.lnk
    2015-01-04 20:00 - 2015-01-04 20:09 - 00000000 ____D () C:\Program Files (x86)\TeamViewer
    2015-01-04 14:48 - 2015-01-04 14:48 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
    2014-12-31 12:51 - 2014-08-28 20:07 - 03179520 _____ (Microsoft Corporation) C:\windows\system32\rdpcorets.dll
    2014-12-31 12:51 - 2014-05-08 03:32 - 00016384 _____ (Microsoft Corporation) C:\windows\system32\RdpGroupPolicyExtension.dll
    2014-12-31 12:50 - 2014-09-04 20:11 - 06584320 _____ (Microsoft Corporation) C:\windows\system32\mstscax.dll
    2014-12-31 12:50 - 2014-09-04 19:52 - 05703168 _____ (Microsoft Corporation) C:\windows\SysWOW64\mstscax.dll
    2014-12-30 13:10 - 2013-10-01 20:22 - 00056832 _____ (Microsoft Corporation) C:\windows\system32\Drivers\TsUsbFlt.sys
    2014-12-30 13:10 - 2013-10-01 20:11 - 00013824 _____ (Microsoft Corporation) C:\windows\system32\TsUsbRedirectionGroupPolicyControl.exe
    2014-12-30 13:10 - 2013-10-01 20:08 - 00012800 _____ (Microsoft Corporation) C:\windows\system32\TsUsbRedirectionGroupPolicyExtension.dll
    2014-12-30 13:10 - 2013-10-01 19:48 - 00056832 _____ (Microsoft Corporation) C:\windows\system32\MsRdpWebAccess.dll
    2014-12-30 13:10 - 2013-10-01 19:48 - 00018944 _____ (Microsoft Corporation) C:\windows\system32\wksprtPS.dll
    2014-12-30 13:10 - 2013-10-01 19:29 - 00062976 _____ (Microsoft Corporation) C:\windows\system32\tsgqec.dll
    2014-12-30 13:10 - 2013-10-01 19:10 - 00044544 _____ (Microsoft Corporation) C:\windows\system32\TsUsbGDCoInstaller.dll
    2014-12-30 13:10 - 2013-10-01 18:15 - 01057280 _____ (Microsoft Corporation) C:\windows\system32\rdvidcrl.dll
    2014-12-30 13:10 - 2013-10-01 18:14 - 00050176 _____ (Microsoft Corporation) C:\windows\SysWOW64\MsRdpWebAccess.dll
    2014-12-30 13:10 - 2013-10-01 18:14 - 00017920 _____ (Microsoft Corporation) C:\windows\SysWOW64\wksprtPS.dll
    2014-12-30 13:10 - 2013-10-01 18:08 - 00083968 _____ (Microsoft Corporation) C:\windows\system32\TSWbPrxy.exe
    2014-12-30 13:10 - 2013-10-01 18:01 - 00420864 _____ (Microsoft Corporation) C:\windows\system32\wksprt.exe
    2014-12-30 13:10 - 2013-10-01 17:58 - 00053248 _____ (Microsoft Corporation) C:\windows\SysWOW64\tsgqec.dll
    2014-12-30 13:10 - 2013-10-01 17:31 - 01147392 _____ (Microsoft Corporation) C:\windows\system32\mstsc.exe
    2014-12-30 13:10 - 2013-10-01 17:08 - 00855552 _____ (Microsoft Corporation) C:\windows\SysWOW64\rdvidcrl.dll
    2014-12-30 13:10 - 2013-10-01 16:34 - 01068544 _____ (Microsoft Corporation) C:\windows\SysWOW64\mstsc.exe
    2014-12-30 13:09 - 2012-08-23 08:10 - 00019456 _____ (Microsoft Corporation) C:\windows\system32\Drivers\rdpvideominiport.sys
    2014-12-30 13:09 - 2012-08-23 08:08 - 00030208 _____ (Microsoft Corporation) C:\windows\system32\Drivers\TsUsbGD.sys
    2014-12-30 13:08 - 2012-08-23 08:13 - 00243200 _____ (Microsoft Corporation) C:\windows\system32\rdpudd.dll
    2014-12-30 13:08 - 2012-08-23 05:12 - 00192000 _____ (Microsoft Corporation) C:\windows\SysWOW64\rdpendp_winip.dll
    2014-12-30 13:08 - 2012-08-23 04:51 - 00228864 _____ (Microsoft Corporation) C:\windows\system32\rdpendp_winip.dll
    2014-12-30 12:35 - 2014-12-30 12:35 - 00000000 ____D () C:\Users\Aidan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Bluetooth Devices
    2014-12-28 20:29 - 2014-12-28 20:29 - 00000000 __SHD () C:\Users\Aidan\AppData\Local\EmieBrowserModeList
    2014-12-28 13:58 - 2014-12-28 13:58 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LogMeIn Hamachi
    2014-12-28 13:58 - 2014-12-28 13:58 - 00000000 ____D () C:\Program Files (x86)\LogMeIn Hamachi
    2014-12-28 13:57 - 2014-08-12 23:38 - 00032912 _____ (EldoS Corporation) C:\windows\system32\Drivers\rawdsk3.sys
    2014-12-27 15:07 - 2014-12-27 15:07 - 00000000 ____D () C:\Users\Aidan\AppData\Local\M-Audio
    2014-12-27 15:07 - 2014-12-27 15:07 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\M-Audio
    2014-12-27 15:07 - 2014-12-27 15:07 - 00000000 ____D () C:\ProgramData\M-Audio
    2014-12-27 15:06 - 2014-12-27 15:06 - 00000000 ____D () C:\ProgramData\AVID
    2014-12-27 15:06 - 2014-12-27 15:06 - 00000000 ____D () C:\Program Files\M-Audio
    2014-12-27 15:06 - 2014-12-27 15:06 - 00000000 ____D () C:\Program Files (x86)\M-Audio
    2014-12-25 13:05 - 2014-12-25 13:05 - 00003886 _____ () C:\windows\System32\Tasks\Adobe Acrobat Update Task
    2014-12-23 22:35 - 2014-12-23 22:35 - 00000000 ____D () C:\Users\Aidan\AppData\Local\FE2
    2014-12-22 19:29 - 2014-12-22 19:29 - 00000000 ____D () C:\windows\8A809006C25A4A3A9DAB94659BCDB107.TMP
    2014-12-22 19:16 - 2014-12-22 19:16 - 00000000 ____D () C:\Users\Aidan\AppData\Local\PowerTest
    2014-12-22 18:37 - 2014-12-22 18:37 - 00000222 _____ () C:\Users\Aidan\Desktop\Antichamber.url
    2014-12-17 19:20 - 2014-12-17 19:20 - 00000222 _____ () C:\Users\Aidan\Desktop\Clickteam Fusion 2.5.url
    2014-12-17 15:13 - 2014-12-12 23:09 - 00144384 _____ (Microsoft Corporation) C:\windows\system32\ieUnatt.exe
    2014-12-17 15:13 - 2014-12-12 21:33 - 00115712 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieUnatt.exe
    2014-12-16 15:14 - 2014-12-16 15:14 - 00000000 ____D () C:\Users\Aidan\AppData\Local\FERewritten
    ==================== One Month Modified Files and Folders =======
    (If an entry is included in the fixlist, the file\folder will be moved.)
    2050-12-13 21:17 - 2012-12-17 16:32 - 00000000 ____D () C:\Program Files\NewBlue
    2050-12-13 21:17 - 2012-11-05 19:53 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NewBlue
    2050-12-13 21:17 - 2012-11-05 19:53 - 00000000 ____D () C:\Program Files (x86)\NewBlue
    2015-01-13 18:34 - 2012-10-29 12:15 - 00000392 _____ () C:\windows\SysWOW64\iolo.ini.txt
    2015-01-13 18:33 - 2013-10-17 14:40 - 00663292 _____ () C:\windows\PFRO.log
    2015-01-12 17:42 - 2012-03-10 13:44 - 01743984 _____ () C:\windows\WindowsUpdate.log
    2015-01-12 17:41 - 2009-07-13 22:45 - 00028576 ____H () C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
    2015-01-12 17:41 - 2009-07-13 22:45 - 00028576 ____H () C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
    2015-01-12 17:38 - 2012-10-11 17:03 - 00000000 ____D () C:\Users\Aidan\AppData\Roaming\Skype
    2015-01-12 17:37 - 2013-02-02 07:45 - 00000000 ____D () C:\Users\Aidan\AppData\Roaming\TS3Client
    2015-01-12 17:35 - 2013-10-16 19:11 - 00000000 ____D () C:\Users\Aidan\AppData\Local\LogMeIn Hamachi
    2015-01-12 17:35 - 2013-08-19 11:06 - 00000000 ____D () C:\ProgramData\Origin
    2015-01-12 17:35 - 2013-08-19 11:06 - 00000000 ____D () C:\Program Files (x86)\Origin
    2015-01-12 17:34 - 2012-10-09 19:27 - 00000000 ____D () C:\Program Files (x86)\Steam
    2015-01-12 17:34 - 2012-10-09 16:47 - 00000894 _____ () C:\windows\Tasks\GoogleUpdateTaskMachineCore.job
    2015-01-12 17:33 - 2013-10-17 14:40 - 00046972 _____ () C:\windows\setupact.log
    2015-01-12 17:33 - 2012-10-25 15:28 - 00000000 ____D () C:\ProgramData\Kodak
    2015-01-12 17:33 - 2009-07-13 23:08 - 00000006 ____H () C:\windows\Tasks\SA.DAT
    2015-01-12 17:10 - 2012-12-26 09:43 - 00000908 _____ () C:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-41472551-3302669374-2398554026-1002UA.job
    2015-01-12 17:10 - 2012-10-09 16:47 - 00000898 _____ () C:\windows\Tasks\GoogleUpdateTaskMachineUA.job
    2015-01-12 16:38 - 2012-10-09 16:37 - 00000000 ____D () C:\Users\Aidan
    2015-01-11 20:33 - 2013-07-25 08:37 - 00000830 _____ () C:\windows\Tasks\Adobe Flash Player Updater.job
    2015-01-11 20:07 - 2012-10-09 19:38 - 00000000 ____D () C:\Users\Aidan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Steam
    2015-01-11 20:01 - 2012-11-10 12:07 - 00000000 ____D () C:\windows\Minidump
    2015-01-11 19:22 - 2012-10-09 16:46 - 00000000 ____D () C:\Users\Aidan\AppData\Local\Apps\2.0
    2015-01-11 19:17 - 2009-07-13 20:34 - 00000215 _____ () C:\windows\system.ini
    2015-01-11 17:05 - 2012-10-18 15:52 - 00000000 ____D () C:\Users\Aidan\AppData\Roaming\Mozilla
    2015-01-11 16:20 - 2013-08-16 18:55 - 00021852 _____ () C:\windows\system32\lvcoinst.log
    2015-01-11 16:19 - 2014-06-25 12:09 - 00003440 _____ () C:\windows\System32\Tasks\PCDEventLauncherTask
    2015-01-11 16:03 - 2009-07-13 20:34 - 22282240 _____ () C:\windows\system32\config\SYSTEM.bak
    2015-01-11 16:03 - 2009-07-13 20:34 - 118751232 _____ () C:\windows\system32\config\SOFTWARE.bak
    2015-01-11 16:03 - 2009-07-13 20:34 - 05505024 _____ () C:\windows\system32\config\DEFAULT.bak
    2015-01-11 16:03 - 2009-07-13 20:34 - 00061440 _____ () C:\windows\system32\config\SAM.bak
    2015-01-11 16:03 - 2009-07-13 20:34 - 00024576 _____ () C:\windows\system32\config\SECURITY.bak
    2015-01-10 19:18 - 2009-07-13 21:20 - 00000000 __RHD () C:\Users\Default
    2015-01-10 18:43 - 2014-06-18 08:55 - 00000000 ____D () C:\Users\Aidan\AppData\Local\Adobe
    2015-01-10 15:51 - 2012-03-10 14:12 - 00000000 ____D () C:\ProgramData\Temp
    2015-01-09 21:43 - 2012-10-29 12:06 - 00000000 ____D () C:\ProgramData\iolo
    2015-01-06 06:37 - 2012-12-26 09:43 - 00000856 _____ () C:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-41472551-3302669374-2398554026-1002Core.job
    2015-01-06 04:36 - 2010-11-20 21:27 - 00298120 ____N (Microsoft Corporation) C:\windows\system32\MpSigStub.exe
    2015-01-05 20:05 - 2012-10-09 16:47 - 00000000 ____D () C:\Program Files (x86)\Google
    2015-01-05 19:12 - 2012-12-19 15:57 - 00000000 ____D () C:\Users\Aidan\AppData\Roaming\.minecraft
    2015-01-05 17:28 - 2013-12-18 16:21 - 00118752 _____ () C:\Users\Aidan\AppData\Local\GDIPFONTCACHEV1.DAT
    2015-01-05 17:25 - 2013-12-20 14:32 - 00000000 ____D () C:\windows\rescache
    2015-01-05 16:39 - 2009-07-13 22:45 - 04989168 _____ () C:\windows\system32\FNTCACHE.DAT
    2015-01-04 14:48 - 2012-10-11 17:03 - 00000000 ___RD () C:\Program Files (x86)\Skype
    2015-01-04 14:48 - 2012-03-10 14:25 - 00000000 ____D () C:\ProgramData\Skype
    2015-01-03 18:10 - 2014-02-05 18:18 - 00000000 ____D () C:\Users\Aidan\AppData\Local\Octodad Dadliest Catch
    2015-01-02 19:36 - 2012-11-06 17:18 - 00013824 _____ () C:\Users\Aidan\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
    2014-12-31 12:39 - 2009-07-13 21:20 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories
    2014-12-31 12:34 - 2009-07-13 21:20 - 00000000 ____D () C:\windows\PolicyDefinitions
    2014-12-30 13:00 - 2013-06-05 12:35 - 00000000 ____D () C:\Users\Aidan\MSYNC
    2014-12-29 17:33 - 2014-08-31 16:58 - 00000000 ___RD () C:\Users\Aidan\Desktop\DO NOT OPEN!
    2014-12-27 14:08 - 2012-11-11 00:05 - 00000000 ___HD () C:\Users\Aidan\AppData\Local\hWifzu26wbwrAYK
    2014-12-27 14:05 - 2013-09-16 15:32 - 00796934 _____ () C:\windows\system32\PerfStringBackup.INI
    2014-12-26 11:24 - 2012-10-29 12:13 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\System Mechanic Professional
    2014-12-26 11:23 - 2014-10-21 15:47 - 00003144 _____ () C:\windows\System32\Tasks\iolo Process Governor
    2014-12-26 11:23 - 2014-10-21 15:47 - 00000000 ____D () C:\ProgramData\ioloGovernor
    2014-12-26 11:23 - 2012-10-29 12:06 - 00000000 ____D () C:\Users\Aidan\AppData\Roaming\iolo
    2014-12-17 21:34 - 2014-01-11 14:52 - 00000000 ____D () C:\ProgramData\Package Cache
    ==================== Bamital & volsnap Check =================
    (There is no automatic fix for files that do not pass verification.)
    C:\Windows\System32\winlogon.exe => File is digitally signed
    C:\Windows\System32\wininit.exe => File is digitally signed
    C:\Windows\SysWOW64\wininit.exe => File is digitally signed
    C:\Windows\explorer.exe
    [2012-02-26 04:24] - [2013-12-18 15:50] - 2946560 ____A (Microsoft Corporation) 858547B2A75A16B353D0676964EAE858
    C:\Windows\SysWOW64\explorer.exe => File is digitally signed
    C:\Windows\System32\svchost.exe => File is digitally signed
    C:\Windows\SysWOW64\svchost.exe => File is digitally signed
    C:\Windows\System32\services.exe => File is digitally signed
    C:\Windows\System32\User32.dll => File is digitally signed
    C:\Windows\SysWOW64\User32.dll => File is digitally signed
    C:\Windows\System32\userinit.exe => File is digitally signed
    C:\Windows\SysWOW64\userinit.exe => File is digitally signed
    C:\Windows\System32\rpcss.dll => File is digitally signed
    C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed

    LastRegBack: 2015-01-05 17:09
    ==================== End Of Log ============================
     
  15. Aidan884

    Aidan884 Thread Starter

    Joined:
    Jan 9, 2015
    Messages:
    9
    Here are the contents of the Addition log:


    Additional scan result of Farbar Recovery Scan Tool (x64) Version: 12-01-2015 02
    Ran by Aidan at 2015-01-13 18:46:01
    Running from C:\Users\Aidan\Desktop
    Boot Mode: Safe Mode (with Networking)
    ==========================================================

    ==================== Security Center ========================
    (If an entry is included in the fixlist, it will be removed.)
    AV: System Shield (Enabled - Up to date) {3030810C-E2AC-B12D-8BB1-B1B8C0193798}
    AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    AS: System Shield (Enabled - Up to date) {8B5160E8-C496-BEA3-B101-8ACABB9E7D25}
    ==================== Installed Programs ======================
    (Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
    Tools for .Net 3.5 (x32 Version: 3.11.50727 - Microsoft Corporation) Hidden
    7-Zip 9.20 (HKLM-x32\...\7-Zip) (Version: - )
    7-Zip 9.20 (x64 edition) (HKLM\...\{23170F69-40C1-2702-0920-000001000000}) (Version: 9.20.00.0 - Igor Pavlov)
    A Virus Named TOM (HKLM-x32\...\Steam App 207650) (Version: - Misfits Attic)
    Abrosoft FantaMorph 5.4.2 (HKLM-x32\...\Abrosoft FantaMorph 5_is1) (Version: 5.4.2 - Abrosoft)
    Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 3.5.0.1060 - Adobe Systems Incorporated)
    Adobe Anchor Service x64 CS4 (Version: 2.0 - Adobe Systems Incorporated) Hidden
    Adobe CMaps x64 CS4 (Version: 2.0 - Adobe Systems Incorporated) Hidden
    Adobe Community Help (HKLM-x32\...\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1) (Version: 3.0.0.400 - Adobe Systems Incorporated)
    Adobe Creative Suite 4 Production Premium (HKLM-x32\...\Adobe_36ac9dc8c9a94feb9e5886810012e78) (Version: 4.0 - Adobe Systems Incorporated)
    Adobe CSI CS4 x64 (Version: 1 - Adobe Systems Incorporated) Hidden
    Adobe Drive CS4 x64 (Version: 1 - Adobe Systems Incorporated) Hidden
    Adobe Flash Media Live Encoder 3.2 (HKLM-x32\...\{0659E943-DDF4-44FC-9FEE-A13B09F8BB08}) (Version: 3.2.0 - Adobe Systems Incorporated)
    Adobe Flash Player 15 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 15.0.0.246 - Adobe Systems Incorporated)
    Adobe Flash Player 16 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 16.0.0.235 - Adobe Systems Incorporated)
    Adobe Fonts All x64 (Version: 2.0 - Adobe Systems Incorporated) Hidden
    Adobe Linguistics CS4 x64 (Version: 4.0.0 - Adobe Systems Incorporated) Hidden
    Adobe Media Player (HKLM-x32\...\com.adobe.amp.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1) (Version: 1.8 - Adobe Systems Incorporated)
    Adobe PDF Library Files x64 CS4 (Version: 9.0 - Adobe Systems Incorporated) Hidden
    Adobe Photoshop CS4 (64 Bit) (Version: 11.0 - Adobe Systems Incorporated) Hidden
    Adobe Reader XI (11.0.10) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.10 - Adobe Systems Incorporated)
    Adobe Shockwave Player 12.0 (HKLM-x32\...\Adobe Shockwave Player) (Version: 12.0.2.122 - Adobe Systems, Inc.)
    Adobe Type Support x64 CS4 (Version: 9.0 - Adobe Systems Incorporated) Hidden
    Adobe WinSoft Linguistics Plugin x64 (Version: 1.1 - Adobe Systems Incorporated) Hidden
    Advanced Audio FX Engine (HKLM-x32\...\Advanced Audio FX Engine) (Version: 1.12.05 - Creative Technology Ltd)
    aioprnt (Version: 5.3.1.0 - Eastman Kodak Company) Hidden
    aioscnnr (x32 Version: 5.8.10.0 - Your Company Name) Hidden
    aioscnnr (x32 Version: 7.6.13.10 - Your Company Name) Hidden
    AMD Catalyst Install Manager (HKLM\...\{EE0AEC31-DAE0-6F50-FFD8-58F08CC74F07}) (Version: 3.0.847.0 - Advanced Micro Devices, Inc.)
    Amnesia - The Dark Descent (HKLM-x32\...\{54B7A3C7-0940-4C16-A509-FC3C3758D22A}_is1) (Version: 1.2.1 - Frictional Games)
    Antichamber (HKLM-x32\...\Steam App 219890) (Version: - Alexander Bruce)
    Apple Application Support (HKLM-x32\...\{83CAF0DE-8D3B-4C37-A631-2B8F16EC3031}) (Version: 3.1 - Apple Inc.)
    Apple Mobile Device Support (HKLM\...\{BDD99690-3541-4619-9D2A-3CDDB3E15F9E}) (Version: 8.0.5.6 - Apple Inc.)
    Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
    Audacity 2.0.3 (HKLM-x32\...\Audacity_is1) (Version: 2.0.3 - Audacity Team)
    AV Voice Changer Software DIAMOND 7.0 (HKLM-x32\...\AV Voice Changer Software DIAMOND 7.0) (Version: 7.0.51 - AVSOFT Corp.)
    Avid Pro Tools SE 8.0.3 (HKLM-x32\...\{371F27A1-9502-4762-AE97-1C1938B21055}) (Version: 8.0.3 - Digidesign, A Division of Avid Technology, Inc.)
    AVS Media Player 4.1.10.99 (HKLM-x32\...\AVS Media Player_is1) (Version: 4.1.10.99 - Online Media Technologies Ltd.)
    AVS Video Converter 8 (HKLM-x32\...\AVS4YOU Video Converter 7_is1) (Version: 8.3.2.533 - Online Media Technologies Ltd.)
    AVSDK5 (Version: 5.3.20 - Commtouch, Inc.) Hidden
    Bandicam (HKLM-x32\...\Bandicam) (Version: 1.8.4.283 - Bandisoft.com)
    Bandisoft MPEG-1 Decoder (HKLM-x32\...\BandiMPEG1) (Version: - )
    BBC iPlayer Downloads (HKLM-x32\...\{60094A87-D184-4616-9538-F111C02042F8}) (Version: 1.8.0 - BBC)
    Blend for Visual Studio 2012 (x32 Version: 5.0.30709.0 - Microsoft Corporation) Hidden
    Blend for Visual Studio 2012 ENU resources (x32 Version: 5.0.30709.0 - Microsoft Corporation) Hidden
    Blender (HKLM\...\Blender) (Version: 2.69 - Blender Foundation)
    Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
    Burnout Paradise: The Ultimate Box (HKLM-x32\...\Steam App 24740) (Version: - Criterion Games)
    C4USelfUpdater (x32 Version: 1.00.0000 - Your Company Name) Hidden
    CameraHelperMsi (x32 Version: 13.51.815.0 - Logitech) Hidden
    Carmageddon Mod version 3.1.3 (HKLM-x32\...\{0FF4BBB6-B94A-4462-B50F-CF21828944F4}_is1) (Version: 3.1.3 - GiphtWorks)
    CCleaner (HKLM\...\CCleaner) (Version: 4.11 - Piriform)
    Celemony Melodyne version 2.1 (HKLM\...\Celemony Melodyne_is1) (Version: - Copyright (C) 2001-2012 Celemony Software GmbH)
    Celtx (2.9.7) (HKLM-x32\...\Celtx (2.9.7)) (Version: 2.9.7 (en-US) - Greyfirst)
    center (x32 Version: 7.8.0.0 - Eastman Kodak Company) Hidden
    Cheat Engine 6.2 (HKLM-x32\...\Cheat Engine 6.2_is1) (Version: - Dark Byte)
    Cisco EAP-FAST Module (x32 Version: 2.2.14 - Cisco Systems, Inc.) Hidden
    Cisco LEAP Module (x32 Version: 1.0.19 - Cisco Systems, Inc.) Hidden
    Cisco PEAP Module (x32 Version: 1.1.6 - Cisco Systems, Inc.) Hidden
    Clickteam Fusion 2.5 (HKLM-x32\...\Steam App 248170) (Version: - Clickteam)
    Clownfish for Skype (HKLM-x32\...\Clownfish) (Version: - )
    Connect (x32 Version: 1.0.0.1 - Adobe Systems Incorporated) Hidden
    Construct Classic r1.2 (HKLM-x32\...\Construct Classic_is1) (Version: - Scirra)
    CoolSoft VirtualMIDISynth 1.8.2 (HKLM-x32\...\CoolSoft VirtualMIDISynth) (Version: 1.8.2.0 - CoolSoft)
    Counter-Strike: Source (HKLM-x32\...\Steam App 240) (Version: - Valve)
    CraftStudio (HKLM-x32\...\{ED7B230D-F99C-4B51-A75F-E58CCD9DEB35}) (Version: 1.2.1.0 - Sparklin Labs)
    CrazyTalk v7.3 Pro RU-BOARD Edition (HKLM-x32\...\CrazyTalk7_is1) (Version: - )
    Cyberfox Web Browser (HKLM\...\{5EFB52C0-4EC9-46B4-80EB-8432C6599641}_is1) (Version: 34.1.0.0 - 8pecxstudios)
    D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
    Dell DataSafe Local Backup - Support Software (HKLM-x32\...\{A9668246-FB70-4103-A1E3-66C9BC2EFB49}) (Version: - Dell)
    Dell DataSafe Local Backup (HKLM-x32\...\{0ED7EE95-6A97-47AA-AD73-152C08A15B04}) (Version: 9.4.47 - Dell)
    Dell DataSafe Online (HKLM-x32\...\{7EC66A95-AC2D-4127-940B-0445A526AB2F}) (Version: 2.1.19634 - Dell)
    Dell Digital Delivery (HKLM-x32\...\{AFC08A81-D3C5-46F4-8F08-876E4BA606EA}) (Version: 1.7.4502.0 - Dell Products, LP)
    Dell Edoc Viewer (HKLM\...\{8EBA8727-ADC2-477B-9D9A-1A1836BE4E05}) (Version: 1.0.0 - Dell Inc)
    Dell Getting Started Guide (HKLM-x32\...\{7DB9F1E5-9ACB-410D-A7DC-7A3D023CE045}) (Version: 1.00.0000 - Dell Inc.)
    Dell Home Systems Service Agreement (HKLM-x32\...\{AB2FDE4F-6BED-4E9E-B676-3DCCEBB1FBFE}) (Version: 2.0.0 - Dell Inc.)
    Dell MusicStage (HKLM-x32\...\{3BD7DD08-991B-4A2F-A165-614ED14EAADD}) (Version: 1.6.225.0 - Fingertapps)
    Dell PhotoStage (HKLM-x32\...\{E4335E82-17B3-460F-9E70-39D9BC269DB3}) (Version: 1.5.0.65 - ArcSoft)
    Dell Stage (HKLM-x32\...\{0F99CA59-7CB4-4167-A43A-4B1D5E584281}) (Version: 1.6.301.0 - Fingertapps)
    Dell Touchpad (HKLM\...\{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}) (Version: 7.1209.101.204 - ALPS ELECTRIC CO., LTD.)
    Dell VideoStage (HKLM-x32\...\InstallShield_{DCE0E79A-B9AC-41AC-98C1-7EF0538BCA7F}) (Version: 1.3.0.2214 - CyberLink Corp.)
    Dell VideoStage (x32 Version: 1.3.0.2214 - CyberLink Corp.) Hidden
    Dell Webcam Central (HKLM-x32\...\Dell Webcam Central) (Version: 2.00.44 - Creative Technology Ltd)
    Desura: Grey (HKLM-x32\...\Desura_55130200211472) (Version: Full - Deppresick Team)
    Dolet Light for Finale (HKLM-x32\...\{457B00DC-314C-48E8-870E-BE04B2DCC1E9}) (Version: 1.0.1 - Recordare LLC)
    Don't Starve (HKLM-x32\...\Steam App 219740) (Version: - Klei Entertainment)
    Dotfuscator and Analytics Community Edition (x32 Version: 5.5.4521.29298 - PreEmptive Solutions) Hidden
    Dropbox (HKU\S-1-5-21-41472551-3302669374-2398554026-1002\...\Dropbox) (Version: 2.0.22 - Dropbox, Inc.)
    DW WLAN Card Utility (HKLM\...\DW WLAN Card Utility) (Version: 5.100.82.96 - Dell Inc.)
    EarMaster Pro 4 (HKLM-x32\...\EarMaster Pro 4 (trial)_is1) (Version: 4.0 - MidiTec)
    Easy Phone Tunes (HKLM-x32\...\{03ED925F-9E5E-4532-998D-7F8840FE5A74}) (Version: 137 - Easy Phone Tunes)
    Entity Framework Designer for Visual Studio 2012 - enu (HKLM-x32\...\{0A1A1D48-DB23-443A-BC7B-49255D138020}) (Version: 11.1.20702.00 - Microsoft Corporation)
    Erie (HKLM\...\UDK-adedc6e3-a6b3-40bd-9404-9842b2ae142e) (Version: - Epic Games, Inc.)
    erLT (x32 Version: 1.20.138.34 - Logitech, Inc.) Hidden
    essentials (x32 Version: 7.8.0.0 - Eastman Kodak Company) Hidden
    FileZilla Client 3.7.3 (HKLM-x32\...\FileZilla Client) (Version: 3.7.3 - Tim Kosse)
    Five Nights at Freddy's (HKU\S-1-5-21-41472551-3302669374-2398554026-1002\...\Five Nights at Freddy's) (Version: - )
    Fraps (remove only) (HKLM-x32\...\Fraps) (Version: - )
    Free Easy Burner V 5.1 (HKLM-x32\...\Free Easy Burner_is1) (Version: 5.1.0.0 - Koyote soft)
    GameMaker: Studio (HKLM-x32\...\Steam App 214850) (Version: - YoYo Games Ltd.)
    GameMaker-HTML5 1.0 (HKU\S-1-5-21-41472551-3302669374-2398554026-1002\...\GameMaker-HTML510) (Version: - )
    Garry's Mod (HKLM-x32\...\Steam App 4000) (Version: - Facepunch Studios)
    GCFScape 1.8.5 (HKLM\...\GCFScape_is1) (Version: - Ryan Gregg)
    GitHub (HKU\S-1-5-21-41472551-3302669374-2398554026-1002\...\5f7eb300e2ea4ebf) (Version: 1.2.11.0 - GitHub, Inc.)
    Google Earth (HKLM-x32\...\{4D2A6330-2F8B-11E3-9C40-B8AC6F97B88E}) (Version: 7.1.2.2041 - Google)
    Google Talk Plugin (HKLM-x32\...\{0C5C1177-94C5-3EFB-A8BE-3F6AF1AF887F}) (Version: 5.38.6.0 - Google)
    Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
    Guns of Icarus Online (HKLM-x32\...\Steam App 209080) (Version: - Muse Games)
    HitFilm 2 Ultimate (HKLM\...\{7C71682E-E8A9-4DAC-B0D9-34A01DBC5049}) (Version: 2.0.1618.47977 - FXhome)
    iCloud (HKLM\...\{81E20D41-C277-4526-934D-F2380AF91B78}) (Version: 3.1.0.40 - Apple Inc.)
    IDT Audio (HKLM-x32\...\{E3A5A8AB-58F6-45FF-AFCB-C9AE18C05001}) (Version: 1.0.6365.0 - IDT)
    IIS 8.0 Express (HKLM\...\{7BF61FA9-BDFB-4563-98AD-FCB0DA28CCC7}) (Version: 8.0.1557 - Microsoft Corporation)
    IIS Express Application Compatibility Database for x64 (HKLM\...\{9f4f4a9b-eec5-4906-92fe-d1f43ccf5c8d}.sdb) (Version: - )
    IIS Express Application Compatibility Database for x86 (HKLM\...\{fdfba1f3-74ae-4255-9c10-a0f552b4610f}.sdb) (Version: - )
    iolo technologies' System Mechanic Professional (HKLM-x32\...\{BBD3F66B-1180-4785-B679-3F91572CD3B4}_is1) (Version: 14.0.1 - iolo technologies, LLC)
    iTunes (HKLM\...\{2ABBBD91-91E5-4AD7-929A-FE15D1DC0576}) (Version: 12.0.1.26 - Apple Inc.)
    Java 7 Update 71 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F03217071FF}) (Version: 7.0.710 - Oracle)
    Java SE Development Kit 7 Update 10 (64-bit) (HKLM\...\{64A3A4F4-B792-11D6-A78A-00B0D0170100}) (Version: 1.7.0.100 - Oracle)
    Junk Mail filter update (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
    Kodak AIO Printer (Version: 7.8.1.0 - Eastman Kodak Company) Hidden
    KODAK AiO Software (HKLM-x32\...\{E0F274B7-592B-4669-8FB8-8D9825A09858}) (Version: 7.8.5.2 - Eastman Kodak Company)
    kuler (x32 Version: 2.0 - Adobe Systems Incorporated) Hidden
    License Support (HKLM-x32\...\InstallShield_{3165EA9B-36CC-499B-96FF-36FC30E10EF4}) (Version: 1.3.0.8766 - PACE Anti-Piracy, Inc.)
    License Support (Version: 1.3.0.8766 - PACE Anti-Piracy, Inc.) Hidden
    LIMBO (HKLM-x32\...\Steam App 48000) (Version: - )
    LocalESPC (x32 Version: 8.59.25584 - Microsoft Corporation) Hidden
    LocalESPCui for en-us (x32 Version: 8.59.25584 - Microsoft) Hidden
    Logitech Webcam Software (HKLM-x32\...\{D40EB009-0499-459c-A8AF-C9C110766215}) (Version: 2.51 - Logitech Inc.)
    LogMeIn Hamachi (HKLM-x32\...\LogMeIn Hamachi) (Version: 2.2.0.291 - LogMeIn, Inc.)
    LogMeIn Hamachi (x32 Version: 2.2.0.291 - LogMeIn, Inc.) Hidden
    Lurking (v1.0.3) (HKLM-x32\...\{C55C9DCE-4ACC-4B44-92B3-49D5DF5A7CC1}_is1) (Version: - Runneraway)
    MagicDisc 2.7.106 (HKLM-x32\...\MagicDisc 2.7.106) (Version: - )
    ManyCam 3.1.51 (HKLM-x32\...\ManyCam) (Version: 3.1.51 - ManyCam LLC)
    M-Audio Fast Track 6.1.12 (x64) (HKLM\...\{102B819F-54FB-4CD3-8B48-B80C210D55BC}) (Version: 6.1.12 - M-Audio)
    McAfee Security Scan Plus (HKLM\...\McAfee Security Scan) (Version: 3.8.150.1 - McAfee, Inc.)
    MCI Screensaver (HKLM-x32\...\MCI Screensaver) (Version: - )
    MCI Screensaver 2 (HKLM-x32\...\MCI Screensaver 2) (Version: - )
    McPixel (HKLM-x32\...\Steam App 220860) (Version: - Sos)
    Mesh Runtime (x32 Version: 15.4.5722.2 - Microsoft Corporation) Hidden
    Microsoft .NET Framework 1.1 (HKLM-x32\...\Microsoft .NET Framework 1.1 (1033)) (Version: - )
    Microsoft .NET Framework 4 Multi-Targeting Pack (HKLM-x32\...\{CFEF48A8-BFB8-3EAC-8BA5-DE4F8AA267CE}) (Version: 4.0.30319 - Microsoft Corporation)
    Microsoft .NET Framework 4.5 Multi-Targeting Pack (HKLM-x32\...\{5CBFF3F3-2D40-34EE-BCA5-A95BC19E400D}) (Version: 4.5.50709 - Microsoft Corporation)
    Microsoft .NET Framework 4.5 SDK (HKLM-x32\...\{1948E039-EC79-4591-951D-9867A8C14C90}) (Version: 4.5.50709 - Microsoft Corporation)
    Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
    Microsoft Games for Windows - LIVE (HKLM-x32\...\{2C9EE786-1DDB-4C98-8FA4-B1B9B5A66B77}) (Version: 3.1.186.0 - Microsoft Corporation)
    Microsoft Games for Windows - LIVE Redistributable (HKLM-x32\...\{42AA4CA8-DCD8-4308-BCAB-0B6D75856A9D}) (Version: 3.5.95.0 - Microsoft Corporation)
    Microsoft Help Viewer 1.1 (HKLM\...\Microsoft Help Viewer 1.1) (Version: 1.1.40219 - Microsoft Corporation)
    Microsoft Help Viewer 2.0 (HKLM-x32\...\Microsoft Help Viewer 2.0) (Version: 2.0.50727 - Microsoft Corporation)
    Microsoft Office 2010 (HKLM-x32\...\{95140000-0070-0000-0000-0000000FF1CE}) (Version: 14.0.4763.1000 - Microsoft Corporation)
    Microsoft Office Home and Student 2010 (HKLM-x32\...\Office14.SingleImage) (Version: 14.0.7015.1000 - Microsoft Corporation)
    Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
    Microsoft Silverlight 4 SDK (HKLM-x32\...\{189AEA94-DAFB-487A-8CEE-F9D3DDE0A748}) (Version: 4.0.60310.0 - Microsoft Corporation)
    Microsoft Silverlight 5 SDK (HKLM-x32\...\{E1FBB3D4-ADB0-4949-B101-855DA061C735}) (Version: 5.0.61118.0 - Microsoft Corporation)
    Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
    Microsoft SQL Server 2008 R2 Management Objects (HKLM-x32\...\{77F1F8AD-51B8-4490-AEEC-BF480073E0FC}) (Version: 10.50.1750.9 - Microsoft Corporation)
    Microsoft SQL Server 2008 Setup Support Files (HKLM\...\{B40EE88B-400A-4266-A17B-E3DE64E94431}) (Version: 10.1.2731.0 - Microsoft Corporation)
    Microsoft SQL Server 2012 Command Line Utilities (HKLM\...\{9D573E71-1077-4C7E-B4DB-4E22A5D2B48B}) (Version: 11.0.2100.60 - Microsoft Corporation)
    Microsoft SQL Server 2012 Data-Tier App Framework (HKLM\...\{36E619BC-A234-4EC3-849B-779A7C865A45}) (Version: 11.0.2316.0 - Microsoft Corporation)
    Microsoft SQL Server 2012 Data-Tier App Framework (HKLM-x32\...\{FBA6F90E-36EC-4FC9-9B25-3834E3BD46A8}) (Version: 11.0.2316.0 - Microsoft Corporation)
    Microsoft SQL Server 2012 Express LocalDB (HKLM\...\{13D558FE-A863-402C-B115-160007277033}) (Version: 11.0.2100.60 - Microsoft Corporation)
    Microsoft SQL Server 2012 Management Objects (HKLM-x32\...\{DA1C1761-5F4F-4332-AB9D-29EDF3F8EA0A}) (Version: 11.0.2100.60 - Microsoft Corporation)
    Microsoft SQL Server 2012 Management Objects (x64) (HKLM\...\{FA0A244E-F3C2-4589-B42A-3D522DE79A42}) (Version: 11.0.2100.60 - Microsoft Corporation)
    Microsoft SQL Server 2012 Native Client (HKLM\...\{49D665A2-4C2A-476E-9AB8-FCC425F526FC}) (Version: 11.0.2100.60 - Microsoft Corporation)
    Microsoft SQL Server 2012 Transact-SQL Compiler Service (HKLM\...\{BEB0F91E-F2EA-48A1-B938-7857ABF2A93D}) (Version: 11.0.2100.60 - Microsoft Corporation)
    Microsoft SQL Server 2012 Transact-SQL ScriptDom (HKLM\...\{0E8670B8-3965-4930-ADA6-570348B67153}) (Version: 11.0.2100.60 - Microsoft Corporation)
    Microsoft SQL Server 2012 T-SQL Language Service (HKLM-x32\...\{6D6D43E5-218C-4B05-92D3-2240810F4760}) (Version: 11.0.2100.60 - Microsoft Corporation)
    Microsoft SQL Server Compact 3.5 SP2 ENU (HKLM-x32\...\{3A9FC03D-C685-4831-94CF-4EDFD3749497}) (Version: 3.5.8080.0 - Microsoft Corporation)
    Microsoft SQL Server Compact 3.5 SP2 x64 ENU (HKLM\...\{D4AD39AD-091E-4D33-BB2B-59F6FCB8ADC3}) (Version: 3.5.8080.0 - Microsoft Corporation)
    Microsoft SQL Server Compact 4.0 SP1 x64 ENU (HKLM\...\{78909610-D229-459C-A936-25D92283D3FD}) (Version: 4.0.8876.1 - Microsoft Corporation)
    Microsoft SQL Server Data Tools - enu (11.1.20627.00) (HKLM-x32\...\{FA804794-2CCB-4301-954F-2C2894698876}) (Version: 11.1.20627.00 - Microsoft Corporation)
    Microsoft SQL Server Data Tools Build Utilities - enu (11.1.20627.00) (HKLM-x32\...\{790E9425-8570-493F-9AE7-81AFC9E46930}) (Version: 11.1.20627.00 - Microsoft Corporation)
    Microsoft SQL Server System CLR Types (HKLM-x32\...\{877B76B2-F83F-4F5A-B28D-3F398641ADB6}) (Version: 10.50.1750.9 - Microsoft Corporation)
    Microsoft SQL Server System CLR Types (x64) (HKLM\...\{1E6ED082-E32D-4B2B-8B6A-70B094815135}) (Version: 10.50.1750.9 - Microsoft Corporation)
    Microsoft System CLR Types for SQL Server 2012 (HKLM-x32\...\{E2082604-4BA5-44BB-BBFB-AF0F3CB8C6AB}) (Version: 11.0.2100.60 - Microsoft Corporation)
    Microsoft System CLR Types for SQL Server 2012 (x64) (HKLM\...\{F1949145-EB64-4DE7-9D81-E6D27937146C}) (Version: 11.0.2100.60 - Microsoft Corporation)
    Microsoft Visual Basic 2010 Express - ENU (HKLM-x32\...\Microsoft Visual Basic 2010 Express - ENU) (Version: 10.0.40219 - Microsoft Corporation)
    Microsoft Visual C++ 2005 Redistributable - KB2467175 (HKLM-x32\...\{a0fe116e-9a8a-466f-aee0-625cb7c207e3}) (Version: 8.0.51011 - Microsoft Corporation)
    Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
    Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
    Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
    Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)
    Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022 (HKLM\...\{350AA351-21FA-3270-8B7A-835434E766AD}) (Version: 9.0.21022 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729 (HKLM\...\{2DFD8316-9EF1-3210-908C-4CB61961C1AC}) (Version: 9.0.30729 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (HKLM-x32\...\{527BBE2F-1FED-3D8B-91CB-4DB0F838E69E}) (Version: 9.0.30729 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
    Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
    Microsoft Visual C++ 2010 x64 Runtime - 10.0.40219 (HKLM\...\{1C7C8AAF-A16D-32E8-89E5-F6D165DE0BCE}) (Version: 10.0.40219 - Microsoft Corporation)
    Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
    Microsoft Visual C++ 2010 x86 Runtime - 10.0.40219 (HKLM-x32\...\{5D9ED403-94DE-3BA0-B1D6-71F4BDA412E6}) (Version: 10.0.40219 - Microsoft Corporation)
    Microsoft Visual Studio 2010 ADO.NET Entity Framework Tools (HKLM-x32\...\{14DD7530-CCD2-3798-B37D-3839ED6A441C}) (Version: 10.0.40219 - Microsoft Corporation)
    Microsoft Visual Studio 2010 Express Prerequisites x64 - ENU (HKLM\...\{BCA26999-EC22-3007-BB79-638913079C9A}) (Version: 10.0.40219 - Microsoft Corporation)
    Microsoft Visual Studio 2010 Service Pack 1 (HKLM-x32\...\Microsoft Visual Studio 2010 Service Pack 1) (Version: 10.0.40219 - Microsoft Corporation)
    Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)
    Microsoft Visual Studio Professional 2012 (HKLM-x32\...\{c93c1c16-fd12-4b07-8926-2a4af46b6597}) (Version: 11.0.50727.26 - Microsoft Corporation)
    Microsoft Web Deploy 3.0 (HKLM\...\{AA72C306-30BE-4BB1-9E42-59552BAD2CDF}) (Version: 3.1236.1631 - Microsoft Corporation)
    Microsoft Web Deploy dbSqlPackage Provider - enu (HKLM-x32\...\{E4C33F5B-1B2F-466E-957E-B274F08151A0}) (Version: 10.3.20225.0 - Microsoft Corporation)
    Microsoft XNA Framework Redistributable 4.0 (HKLM-x32\...\{2BFC7AA0-544C-4E3A-8796-67F3BE655BE9}) (Version: 4.0.20823.0 - Microsoft Corporation)
    Minecraft Note Block Studio version 3.1.3 (HKLM-x32\...\{85725958-E3A1-4D0F-862B-4CE4EDC71A5E}_is1) (Version: 3.1.3 - David Norgren)
    Mirror's Edge (HKLM-x32\...\Steam App 17410) (Version: - DICE)
    MorphVOX Pro (HKLM-x32\...\{2D7CF073-6583-464A-84D4-F86DE59DCA42}) (Version: 4.4.8 - Screaming Bee)
    Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 17.0 - Mozilla)
    MultiBit 0.5.14 (HKLM-x32\...\MultiBit 0.5.14) (Version: 0.5.14 - )
    Multimedia Fusion Developer 2 (HKLM-x32\...\Multimedia Fusion Developer 2) (Version: - )
    Multimedia Fusion Developer 2 Extension Pack (HKU\S-1-5-21-41472551-3302669374-2398554026-1002\...\Multimedia Fusion Developer 2 Extension Pack) (Version: - )
    Mumble 1.2.3 (HKLM-x32\...\{B4E343DD-BAAB-4D59-AD9C-DEA0AFE09DF1}) (Version: 1.2.3 - Thorvald Natvig)
    My Dell (HKLM\...\PC-Doctor for Windows) (Version: 3.5.6426.22 - PC-Doctor, Inc.)
    My Game Long Name (HKLM\...\UDK-4b1fa42f-6f67-4e1d-b0a2-ddefa0de7bf5) (Version: - Epic Games, Inc.)
    NaturalReaderFree (HKLM-x32\...\{C5E7BF75-007E-44AD-8962-627ED44CB63B}) (Version: 11.5 - NaturalSoft)
    NBTExplorer (HKLM-x32\...\{3EB5BC0C-EF81-428F-8175-143C2DF01629}) (Version: 2.6.1.0 - Justin Aquadro)
    NewBlue 3D Explosions for Windows (HKLM-x32\...\NewBlue 3D Explosions for Windows) (Version: 1.4 - NewBlue)
    NewBlue 3D Transformations for Windows (HKLM-x32\...\NewBlue 3D Transformations for Windows) (Version: 1.4 - NewBlue)
    NewBlue Art Blends for Windows (HKLM-x32\...\NewBlue Art Blends for Windows) (Version: 2.4 - NewBlue)
    NewBlue Art Effects for Windows (HKLM-x32\...\NewBlue Art Effects for Windows) (Version: 2.4 - NewBlue)
    NewBlue Light Effects for Windows (HKLM-x32\...\NewBlue Light Effects for Windows) (Version: 1.4 - NewBlue)
    NewBlue Motion Blends for Windows (HKLM-x32\...\NewBlue Motion Blends for Windows) (Version: 2.4 - NewBlue)
    NewBlue Motion Effects for Windows (HKLM-x32\...\NewBlue Motion Effects for Windows) (Version: 2.4 - NewBlue)
    NewBlue Paint Blends for Windows (HKLM-x32\...\NewBlue Paint Blends for Windows) (Version: 1.4 - NewBlue)
    NewBlue Paint Effects for Windows (HKLM-x32\...\NewBlue Paint Effects for Windows) (Version: 1.4 - NewBlue)
    NewBlue Sampler Pack for Windows (HKLM-x32\...\NewBlue Sampler Pack for Windows) (Version: 1.4 - NewBlue)
    NewBlue Stabilizer for Windows (HKLM-x32\...\NewBlue Stabilizer for Windows) (Version: 1.4 - NewBlue)
    NewBlue Video Essentials for Windows (HKLM-x32\...\NewBlue Video Essentials for Windows) (Version: 1.4 - NewBlue)
    NewBlue Video Essentials II for Windows (HKLM-x32\...\NewBlue Video Essentials II for Windows) (Version: 1.4 - NewBlue)
    NewBlue Video Essentials III for Windows (HKLM-x32\...\NewBlue Video Essentials III for Windows) (Version: 1.4 - NewBlue)
    NewBlue Video Essentials IV for Windows (HKLM-x32\...\NewBlue Video Essentials IV for Windows) (Version: 1.4 - NewBlue)
    Notepad++ (HKLM-x32\...\Notepad++) (Version: 6.5 - Notepad++ Team)
    NVIDIA PhysX (HKLM-x32\...\{64467D47-FFE4-4FBC-ABBA-A0DB829A17EB}) (Version: 9.12.0613 - NVIDIA Corporation)
    ocr (x32 Version: 6.2.3.50 - Eastman Kodak Company) Hidden
    Octodad (HKLM-x32\...\Octodad) (Version: - )
    ooVoo (HKLM-x32\...\{FAA7F8FF-3C05-4A61-8F14-D8A6E9ED6623}) (Version: 3.6.4001 - ooVoo LLC.)
    Oracle VM VirtualBox 4.3.6 (HKLM\...\{DC65DFD8-E175-4A85-948A-42965853B2E8}) (Version: 4.3.6 - Oracle Corporation)
    Origin (HKLM-x32\...\Origin) (Version: 9.3.1.4482 - Electronic Arts, Inc.)
    Outlast (HKLM-x32\...\Steam App 238320) (Version: - Red Barrels)
    OverDrive Media Console (HKLM-x32\...\{D07205E7-F6D3-4333-AFCC-782A07685B72}) (Version: 3.2.20 - OverDrive, Inc.)
    Overwolf (HKLM-x32\...\{FB83467F-D8EB-43E6-8B3D-860B045C1C52}) (Version: 0.51.325 - Overwolf)
    paint.net (HKLM\...\{F509C1F4-0029-49F9-B145-A4C4E8DF481A}) (Version: 4.0.3 - dotPDN LLC)
    PdaNet+ for Android 4.12 (HKLM-x32\...\PdaNet_is1) (Version: - June Fabrics Technology Inc)
    PDF Settings CS4 (x32 Version: 9.0 - Adobe Systems Incorporated) Hidden
    Perforce Visual Components (HKLM\...\{C9C04584-E48A-41D9-A069-85E4C309DA9B}) (Version: 122.52.8133 - Perforce Software)
    Photoshop Camera Raw (x32 Version: 5.0 - Adobe Systems Incorporated) Hidden
    Photoshop Camera Raw_x64 (Version: 5.0 - Adobe Systems Incorporated) Hidden
    Pixel Bender Toolkit (x32 Version: 1.0 - Adobe Systems Incorporated) Hidden
    Portal (HKLM-x32\...\Steam App 400) (Version: - Valve)
    PreEmptive Analytics Visual Studio Components (x32 Version: 1.0.2180.1 - PreEmptive Solutions) Hidden
    PreReq (x32 Version: 6.2.4.0 - Eastman Kodak Company) Hidden
    Prerequisites for SSDT (HKLM-x32\...\{9169C939-ED01-446A-BD0C-29873BAF4E48}) (Version: 11.0.2100.60 - Microsoft Corporation)
    PrintProjects (HKLM-x32\...\PrintProjects) (Version: 1.0.0.9282 - RocketLife Inc.)
    Project 64 version 2.1.0.1 (HKLM-x32\...\Project 64_is1) (Version: 2.1.0.1 - )
    ProPresenter 5 (HKLM-x32\...\{48506FD9-44F1-4FF0-8144-B483FC290D69}) (Version: 5.2.502 - Renewed Vision)
    PunkBuster Services (HKLM-x32\...\PunkBusterSvc) (Version: 0.993 - Even Balance, Inc.)
    Quickset64 (HKLM\...\{87CF757E-C1F1-4D22-865C-00C6950B5258}) (Version: 10.09.22 - Dell Inc.)
    QuickTime 7 (HKLM-x32\...\{3D2CBC2C-65D4-4463-87AB-BB2C859C1F3E}) (Version: 7.76.80.95 - Apple Inc.)
    RAD Video Tools (HKLM-x32\...\RADVideo) (Version: - )
    Rainmeter (HKLM-x32\...\Rainmeter) (Version: 3.0.2 r2161 - )
    RAR Password Unlocker 4.2.0.0 (HKLM-x32\...\{B789FA51-6A71-408F-92DE-EDE4A517B8F9}_is1) (Version: - Password Unlocker Studio)
    Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.48.823.2011 - Realtek)
    Realtek USB 2.0 Card Reader (HKLM-x32\...\{96AE7E41-E34E-47D0-AC07-1091A8127911}) (Version: 6.1.7600.30127 - Realtek Semiconductor Corp.)
    Rocketbirds: Hardboiled Chicken (HKLM-x32\...\Steam App 215510) (Version: - Ratloop Asia)
    RocketDock 1.3.5 (HKLM-x32\...\RocketDock_is1) (Version: - Punk Software)
    RSS Builder (HKLM-x32\...\{2D314DA3-96BC-4FD0-8067-70AAF054C3E2}) (Version: 2.1.8 - B!Soft)
    RX-SSTV Version 1.3.1b (HKLM-x32\...\RX-SSTV_is1) (Version: - ON6MU)
    Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{DE28B448-32E8-4E8F-84F0-A52B21A49B5B}) (Version: - Microsoft)
    Shared C Run-time for x64 (HKLM\...\{EF79C448-6946-4D71-8134-03407888C054}) (Version: 10.0.0 - McAfee)
    SkinPack 9-win7-ver1 (HKLM-x32\...\SkinPack) (Version: 9-win7-ver1 - SkinPack)
    Skype Click to Call (HKLM-x32\...\{6D1221A9-17BF-4EC0-81F2-27D30EC30701}) (Version: 7.3.16540.9015 - Microsoft Corporation)
    Skype Voice Changer (HKLM-x32\...\{FECDEFFF-D7FC-4502-96CA-C9E0BF62CCA5}) (Version: 2.3.0.0 - iWesoft)
    Skype™ 7.0 (HKLM-x32\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 7.0.102 - Skype Technologies S.A.)
    Source Filmmaker (HKLM-x32\...\Steam App 1840) (Version: - Valve)
    Source SDK (HKLM-x32\...\Steam App 211) (Version: - Valve)
    Source SDK Base 2007 (HKLM-x32\...\Steam App 218) (Version: - Valve)
    Steam (HKLM-x32\...\{048298C9-A4D3-490B-9FF9-AB023A9238F3}) (Version: 1.0.0.0 - Valve Corporation)
    Suite Shared Configuration CS4 (x32 Version: 1.0 - Adobe Systems Incorporated) Hidden
    swMSM (x32 Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
    Synthesia (HKLM-x32\...\Synthesia) (Version: 8.4 - Synthesia LLC)
    System Mechanic 11 Professional (x32 Version: 14.0.1 - ) Hidden
    Team Fortress 2 (HKLM-x32\...\Steam App 440) (Version: - Valve)
    TeamSpeak 3 Client (HKU\S-1-5-21-41472551-3302669374-2398554026-1002\...\TeamSpeak 3 Client) (Version: 3.0.15.1 - TeamSpeak Systems GmbH)
    TeamViewer 10 (HKLM-x32\...\TeamViewer) (Version: 10.0.36897 - TeamViewer)
    Techne (HKU\S-1-5-21-41472551-3302669374-2398554026-1002\...\244a1e8693fd9c7e) (Version: 1.3.0.15 - ZeuX and r4wk)
    Terror Engine (HKLM-x32\...\Terror Engine) (Version: - )
    Thomas Was Alone (HKLM-x32\...\Steam App 220780) (Version: - Mike Bithell)
    UltraVnc (HKLM\...\Ultravnc2_is1) (Version: 1.0.9.6.1 - uvnc bvba)
    Unity (HKLM-x32\...\Unity) (Version: - Unity Technologies ApS)
    Unity Web Player (HKU\S-1-5-21-41472551-3302669374-2398554026-1002\...\UnityWebPlayer) (Version: - Unity Technologies ApS)
    Unreal Development Kit: 2013-07 (HKLM\...\UDK-3846ad0f-2abb-421b-8d65-e575899b9628) (Version: - Epic Games, Inc.)
    UxStyle Core Beta (HKLM-x32\...\{8E363055-15E5-4D8A-9C69-A0A9DE9A3337}) (Version: 0.2.1.1 - The Within Network, LLC)
    Vegas Pro 12.0 (64-bit) (HKLM\...\{87CEB7C0-1D35-11E2-8F19-F04DA23A5C58}) (Version: 12.0.394 - Sony)
    Viscera Cleanup Detail - ALPHA (HKLM\...\UDK-6c747c56-1fdb-4a3b-82d9-4c00b2803401) (Version: - RuneStorm)
    Visual C++ 64-bit Redistributables (HKLM-x32\...\InstallShield_{FB03650C-B373-4B20-ACA5-B7BA1A8EEE33}) (Version: 1.3.0.8766 - PACE Anti-Piracy, Inc.)
    Visual C++ Redistributables (HKLM-x32\...\InstallShield_{F03117FA-9270-46B0-9666-0B4BC2CDEBF5}) (Version: 1.3.0.8766 - PACE Anti-Piracy, Inc.)
    Visual Studio 2010 Tools for SQL Server Compact 3.5 SP2 ENU (HKLM-x32\...\{112C23F2-C036-4D40-BED4-0CB47BF5555C}) (Version: 4.0.8080.0 - Microsoft Corporation)
    VLC media player 1.0.1 (HKLM-x32\...\VLC media player) (Version: 1.0.1 - VideoLAN Team)
    VST Bridge 1.1 (HKLM-x32\...\VST Bridge_is1) (Version: - )
    VTFEdit 1.3.3 (HKLM\...\VTFEdit_is1) (Version: - Neil Jedrzejewski & Ryan Gregg)
    Vue 10 xStream 64bit (HKLM-x32\...\Vue 10 xStream 64bit) (Version: 10 - e-on software)
    WampServer 2.5 (HKLM-x32\...\WampServer 2_is1) (Version: - Hervé Leclerc (HeL))
    WCF Data Services 5.0 (for OData v3) Primary Components (x32 Version: 5.0.50628.0 - Microsoft Corporation) Hidden
    WCF Data Services Tools for Microsoft Visual Studio 2012 (x32 Version: 5.0.50710.0 - Microsoft Corporation) Hidden
    WCF RIA Services V1.0 SP2 (HKLM-x32\...\{3A523AF9-D32F-4C85-8388-0335731F3405}) (Version: 4.1.61829.0 - Microsoft Corporation)
    WhiteSmoke New Toolbar (HKLM-x32\...\WhiteSmoke_New Toolbar) (Version: 6.11.2.6 - WhiteSmoke New) <==== ATTENTION
    WIDCOMM Bluetooth Software (HKLM\...\{436E0B79-2CFB-4E5F-9380-E17C1B25D0C5}) (Version: 6.3.0.8000 - Broadcom Corporation)
    WIDI Recognition System Pro 4.3 (remove only) (HKLM-x32\...\WIDI Recognition System Pro 4.3) (Version: - )
    Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3508.1109 - Microsoft Corporation)
    Windows Live Mesh ActiveX Control for Remote Connections (HKLM-x32\...\{2902F983-B4C1-44BA-B85D-5C6D52E2C441}) (Version: 15.4.5722.2 - Microsoft Corporation)
    WinRAR 4.20 (32-bit) (HKLM-x32\...\WinRAR archiver) (Version: 4.20.0 - win.rar GmbH)
    Wirecast (HKLM-x32\...\{37C5DF8F-C877-4B87-AEF8-7771749B4A3D}) (Version: 4.3.0 - Telestream, Inc.)
    Word Art Generator (HKU\S-1-5-21-41472551-3302669374-2398554026-1002\...\Word Art Generator) (Version: - )
    XSplit Broadcaster (HKLM-x32\...\{6459F338-FE52-4034-BCA7-74772DA0F24D}) (Version: 1.3.1403.1202 - SplitMediaLabs)
    ==================== Custom CLSID (selected items): ==========================
    (If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)
    CustomCLSID: HKU\S-1-5-21-41472551-3302669374-2398554026-1002_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Users\Aidan\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
    CustomCLSID: HKU\S-1-5-21-41472551-3302669374-2398554026-1002_Classes\CLSID\{009f61a3-611e-4b9f-a19f-dfd61a55ef8e}\InprocServer32 -> C:\windows\system32\dfshim.dll (Microsoft Corporation)
    CustomCLSID: HKU\S-1-5-21-41472551-3302669374-2398554026-1002_Classes\CLSID\{D0336C0B-7919-4C04-8CCE-2EBAE2ECE8C9}\InprocServer32 -> C:\Users\Aidan\AppData\Local\Google\Update\1.3.25.11\psuser_64.dll (Google Inc.)
    CustomCLSID: HKU\S-1-5-21-41472551-3302669374-2398554026-1002_Classes\CLSID\{D45F043D-F17F-4e8a-8435-70971D9FA46D}\InprocServer32 -> C:\Program Files\Blender Foundation\Blender\BlendThumb64.dll ()
    CustomCLSID: HKU\S-1-5-21-41472551-3302669374-2398554026-1002_Classes\CLSID\{E8CF3E55-F919-49D9-ABC0-948E6CB34B9F}\InprocServer32 -> C:\Users\Aidan\AppData\Local\Google\Update\1.3.25.11\psuser_64.dll (Google Inc.)
    CustomCLSID: HKU\S-1-5-21-41472551-3302669374-2398554026-1002_Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Aidan\AppData\Roaming\Dropbox\bin\DropboxExt64.19.dll (Dropbox, Inc.)
    CustomCLSID: HKU\S-1-5-21-41472551-3302669374-2398554026-1002_Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Aidan\AppData\Roaming\Dropbox\bin\DropboxExt64.19.dll (Dropbox, Inc.)
    CustomCLSID: HKU\S-1-5-21-41472551-3302669374-2398554026-1002_Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Aidan\AppData\Roaming\Dropbox\bin\DropboxExt64.19.dll (Dropbox, Inc.)
    CustomCLSID: HKU\S-1-5-21-41472551-3302669374-2398554026-1002_Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Aidan\AppData\Roaming\Dropbox\bin\DropboxExt64.19.dll (Dropbox, Inc.)
    ==================== Restore Points =========================
    11-01-2015 18:52:26 ComboFix created restore point
    ==================== Hosts content: ==========================
    (If needed Hosts: directive could be included in the fixlist to reset Hosts.)
    2012-10-18 16:07 - 2015-01-11 19:17 - 00000027 ____A C:\windows\system32\Drivers\etc\hosts
    127.0.0.1 localhost
    ==================== Scheduled Tasks (whitelisted) =============
    (If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)
    Task: {57F25B67-672A-44F9-AEBD-2F8225E52545} - System32\Tasks\{5DBDFFED-8478-4E21-8A06-578B98E26E5E} => pcalua.exe -a "C:\Program Files (x86)\Desura\Common\minimal-theory\Binaries\UnSetup.exe" -d "C:\Program Files (x86)\Desura\Common\minimal-theory\Binaries\Win32\..\" -c /EULA
    Task: {626AC523-7C3B-4A4B-B516-01AC81C7BA17} - System32\Tasks\SystemToolsDailyTest => uaclauncher.exe
    Task: {89C46932-691C-47C1-AE52-ED363A417804} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-10-09] (Google Inc.)
    Task: {8BC82352-84D8-4E74-9809-75E4D66F282D} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
    Task: {9B0EF8A7-426B-4E5E-BE70-156C3C4750E0} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-41472551-3302669374-2398554026-1002Core => C:\Users\Aidan\AppData\Local\Google\Update\GoogleUpdate.exe [2012-11-28] (Google Inc.)
    Task: {9F354EC2-FAAE-449D-8A68-BFBA172689D7} - System32\Tasks\ZoomExUpdaterTask{23DA4E05-5A76-45FB-9642-45E4375CDD66} => C:\ProgramData\Premium\ZoomEx\ZoomEx.exe <==== ATTENTION
    Task: {AD2E097F-ED2B-469B-9D67-06CA524529E7} - System32\Tasks\{C768C9D4-4A80-46E5-BDDE-F5A4CB9C30AE} => Chrome.exe http://ui.skype.com/ui/0/6.5.0.158/en/abandoninstall?page=tsProgressBar
    Task: {B3434044-E496-4C27-B123-31977915DFAD} - System32\Tasks\{674E10AF-AFAD-4C80-B0DB-E03362852B44} => pcalua.exe -a C:\Users\Aidan\Downloads\OpenRPGMaker-2.0-win32.exe -d C:\Users\Aidan\Downloads
    Task: {BA432CE0-6BED-45A2-8ADC-604736B79E12} - System32\Tasks\ZoomExUpdaterTask{68597619-B04C-4BC9-8FD2-3750FFF40021} => C:\ProgramData\Premium\ZoomEx\ZoomEx.exe <==== ATTENTION
    Task: {BDADE07E-C77C-4BEA-89E7-EB1100DF52D2} - System32\Tasks\Adobe Flash Player Updater => C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-12-13] (Adobe Systems Incorporated)
    Task: {C3A9BCB9-17B9-487F-9C76-DED2A01FE469} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2014-12-19] (Adobe Systems Incorporated)
    Task: {CA0B2BE1-B3BA-4630-BD69-FF3116DD4102} - System32\Tasks\{586C74BA-306C-441D-84CB-F3C5BD4BEB72} => pcalua.exe -a "D:\Adobe CS4\payloads\AdobeAIR1.0\AdobeAIRInstaller.exe" -d "C:\Program Files (x86)\Common Files\Adobe\Installers\36ac9dc8c9a94feb9e5886810012e78" -c -silent
    Task: {D29FE22A-0632-47C9-8ABC-DD26C1922BAD} - System32\Tasks\PCDoctorBackgroundMonitorTask => C:\Program Files\My Dell\uaclauncher.exe [2014-01-10] (PC-Doctor, Inc.)
    Task: {D4D08280-CD40-4B64-94F1-881C51BB3596} - System32\Tasks\PCDEventLauncherTask => C:\Program Files\My Dell\sessionchecker.exe [2014-01-10] (PC-Doctor, Inc.)
    Task: {DCE8DFF1-09F8-4EC2-8FB0-EDF764EDA744} - System32\Tasks\{6C4165C9-A105-4568-93CB-45038E86C21F} => pcalua.exe -a C:\Users\Aidan\Downloads\MMF2ExtPack2.exe -d C:\Users\Aidan\Downloads
    Task: {DE3A74AD-6425-4ECE-AB6F-899454137A0D} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2014-02-20] (Piriform Ltd)
    Task: {E591BB2B-A3E5-48A9-87B2-9A65A6E983D6} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-41472551-3302669374-2398554026-1002UA => C:\Users\Aidan\AppData\Local\Google\Update\GoogleUpdate.exe [2012-11-28] (Google Inc.)
    Task: {F12F1F48-0A4D-4590-84B8-DBC8A14D8669} - System32\Tasks\iolo Process Governor => C:\Program Files (x86)\iolo\System Mechanic Professional\iologovernor64.exe [2014-08-13] (iolo technologies, LLC)
    Task: {F3A63C68-5219-48F1-99A6-17795A96C4DD} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-10-09] (Google Inc.)
    Task: {FF619472-AE44-4A98-AC56-4CE1E8A5276E} - System32\Tasks\OfficeSoftwareProtectionPlatform\SvcRestartTask => Sc.exe start osppsvc
    Task: C:\windows\Tasks\Adobe Flash Player Updater.job => C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
    Task: C:\windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
    Task: C:\windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
    Task: C:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-41472551-3302669374-2398554026-1002Core.job => C:\Users\Aidan\AppData\Local\Google\Update\GoogleUpdate.exe
    Task: C:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-41472551-3302669374-2398554026-1002UA.job => C:\Users\Aidan\AppData\Local\Google\Update\GoogleUpdate.exe
    ==================== Loaded Modules (whitelisted) =============
    2010-01-02 08:42 - 2010-01-02 08:42 - 00098304 _____ () C:\Program Files (x86)\FileZilla FTP Client\fzshellext_64.dll
    2012-06-18 09:24 - 2012-06-18 09:24 - 00222720 _____ () C:\Program Files (x86)\Notepad++\NppShell_05.dll
    ==================== Alternate Data Streams (whitelisted) =========
    (If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)
    AlternateDataStreams: C:\Users\Aidan\Local Settings:53GrS2Ba99ZNfY3bgoAUeFs2Pu
    AlternateDataStreams: C:\Users\Aidan\AppData\Local:53GrS2Ba99ZNfY3bgoAUeFs2Pu
    AlternateDataStreams: C:\Users\Aidan\AppData\Local\Application Data:53GrS2Ba99ZNfY3bgoAUeFs2Pu
    AlternateDataStreams: C:\Users\Aidan\AppData\Local\hWifzu26wbwrAYK:9ikWs8hgdkUSS1Po3AgLZClWlP
    AlternateDataStreams: C:\Users\Aidan\AppData\Local\Temp:J7RTH6iKNuUEGbuI8Rqe
    AlternateDataStreams: C:\Users\Aidan\AppData\Local\Temporary Internet Files:rL0BX0iNUAs4ER9N14qB
    AlternateDataStreams: C:\ProgramData\Microsoft:DfVqpFdFscNYljXAEoCsy6DH85
    AlternateDataStreams: C:\ProgramData\Microsoft:ffWdRzgKINDooMCUNe9jpTpqS
    ==================== Safe Mode (whitelisted) ===================
    (If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\BITS => ""="Service"
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\EventSystem => ""="Service"
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ioloSystemService => ""="Service"
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vseamps => ""="Service"
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vsedsps => ""="Service"
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vseqrts => ""="Service"
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys => ""="Driver"
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\BITS => ""="Service"
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\EventSystem => ""="Service"
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Hamachi2Svc => ""="Service"
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\ioloSystemService => ""="Service"
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefire => ""="Driver"
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefirek => ""="Driver"
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefirek.sys => ""="Driver"
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfehidk => ""="Driver"
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfehidk.sys => ""="Driver"
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfevtp => ""="Driver"
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\vseamps => ""="Service"
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\vsedsps => ""="Service"
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\vseqrts => ""="Service"
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Wdf01000.sys => ""="Driver"
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Option => "OptionValue"="2"
    ==================== EXE Association (whitelisted) =============
    (If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)

    ==================== MSCONFIG/TASK MANAGER disabled items =========
    (Currently there is no automatic fix for this section.)
    MSCONFIG\startupreg: Clownfish => "C:\Program Files (x86)\Clownfish\Clownfish.exe"
    MSCONFIG\startupreg: Desura => C:\Program Files (x86)\Desura\desura.exe -autostart
    MSCONFIG\startupreg: Overwolf => C:\Program Files (x86)\Overwolf\Overwolf.exe -silent
    ========================= Accounts: ==========================
    Administrator (S-1-5-21-41472551-3302669374-2398554026-500 - Administrator - Disabled)
    Aidan (S-1-5-21-41472551-3302669374-2398554026-1002 - Administrator - Enabled) => C:\Users\Aidan
    F6DF0C9454B6436B8503 (S-1-5-21-41472551-3302669374-2398554026-1007 - Limited - Enabled)
    Guest (S-1-5-21-41472551-3302669374-2398554026-501 - Limited - Disabled)
    HomeGroupUser$ (S-1-5-21-41472551-3302669374-2398554026-1004 - Limited - Enabled)
    ==================== Faulty Device Manager Devices =============
    Name: VirtualBox Host-Only Ethernet Adapter
    Description: VirtualBox Host-Only Ethernet Adapter
    Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
    Manufacturer: Oracle Corporation
    Service: VBoxNetAdp
    Problem: : This device is disabled. (Code 22)
    Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.
    Name: Security Processor Loader Driver
    Description: Security Processor Loader Driver
    Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
    Manufacturer:
    Service: spldr
    Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
    Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
    Devices stay in this state if they have been prepared for removal.
    After you remove the device, this error disappears.Remove the device, and this error should be resolved.

    ==================== Event log errors: =========================
    Application errors:
    ==================
    Error: (01/13/2015 06:35:09 PM) (Source: WinMgmt) (EventID: 10) (User: )
    Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
    Error: (01/13/2015 06:33:41 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 512) (User: )
    Description: The Cryptographic Services service failed to initialize the VSS backup "System Writer" object.

    Details:
    System Writer object failed to initialize VSS.
    System Error:
    Incorrect function.
    .
    Error: (01/12/2015 05:48:39 PM) (Source: WinMgmt) (EventID: 10) (User: )
    Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
    Error: (01/12/2015 05:47:01 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 512) (User: )
    Description: The Cryptographic Services service failed to initialize the VSS backup "System Writer" object.

    Details:
    System Writer object failed to initialize VSS.
    System Error:
    Incorrect function.
    .
    Error: (01/12/2015 05:35:07 PM) (Source: WinMgmt) (EventID: 10) (User: )
    Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
    Error: (01/12/2015 05:33:43 PM) (Source: Bonjour Service) (EventID: 100) (User: )
    Description: mDNSCoreReceiveResponse: Unexpected conflict discarding 16 60.66.12.25.in-addr.arpa. PTR Aidan-PC.local.
    Error: (01/12/2015 05:33:43 PM) (Source: Bonjour Service) (EventID: 100) (User: )
    Description: mDNSCoreReceiveResponse: Received from 25.12.66.60:5353 18 60.66.12.25.in-addr.arpa. PTR Aidan-PC-2.local.
    Error: (01/12/2015 05:33:43 PM) (Source: Bonjour Service) (EventID: 100) (User: )
    Description: mDNSCoreReceiveResponse: Unexpected conflict discarding 16 101.10.168.192.in-addr.arpa. PTR Aidan-PC.local.
    Error: (01/12/2015 05:33:43 PM) (Source: Bonjour Service) (EventID: 100) (User: )
    Description: mDNSCoreReceiveResponse: Received from 192.168.10.101:5353 18 101.10.168.192.in-addr.arpa. PTR Aidan-PC-2.local.
    Error: (01/12/2015 04:39:08 PM) (Source: WinMgmt) (EventID: 10) (User: )
    Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

    System errors:
    =============
    Error: (01/13/2015 06:41:37 PM) (Source: DCOM) (EventID: 10005) (User: )
    Description: 1068fdPHost{D3DCB472-7261-43CE-924B-0704BD730D5F}
    Error: (01/13/2015 06:41:37 PM) (Source: DCOM) (EventID: 10005) (User: )
    Description: 1068fdPHost{145B4335-FE2A-4927-A040-7C35AD3180EF}
    Error: (01/13/2015 06:35:29 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
    Description: The HomeGroup Provider service depends on the Function Discovery Provider Host service which failed to start because of the following error:
    %%1068
    Error: (01/13/2015 06:35:28 PM) (Source: DCOM) (EventID: 10005) (User: )
    Description: 1084WSearch{9E175B6D-F52A-11D8-B9A5-505054503030}
    Error: (01/13/2015 06:35:26 PM) (Source: DCOM) (EventID: 10005) (User: )
    Description: 1084WSearch{7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}
    Error: (01/13/2015 06:35:21 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
    Description: The Computer Browser service depends on the Server service which failed to start because of the following error:
    %%1068
    Error: (01/13/2015 06:35:21 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
    Description: The Computer Browser service depends on the Server service which failed to start because of the following error:
    %%1068
    Error: (01/13/2015 06:35:21 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
    Description: The Computer Browser service depends on the Server service which failed to start because of the following error:
    %%1068
    Error: (01/13/2015 06:35:19 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
    Description: The Computer Browser service depends on the Server service which failed to start because of the following error:
    %%1068
    Error: (01/13/2015 06:35:19 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
    Description: The Computer Browser service depends on the Server service which failed to start because of the following error:
    %%1068

    Microsoft Office Sessions:
    =========================
    Error: (01/13/2015 06:35:09 PM) (Source: WinMgmt) (EventID: 10) (User: )
    Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
    Error: (01/13/2015 06:33:41 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 512) (User: )
    Description:
    Details:
    System Writer object failed to initialize VSS.
    System Error:
    Incorrect function.
    Error: (01/12/2015 05:48:39 PM) (Source: WinMgmt) (EventID: 10) (User: )
    Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
    Error: (01/12/2015 05:47:01 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 512) (User: )
    Description:
    Details:
    System Writer object failed to initialize VSS.
    System Error:
    Incorrect function.
    Error: (01/12/2015 05:35:07 PM) (Source: WinMgmt) (EventID: 10) (User: )
    Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
    Error: (01/12/2015 05:33:43 PM) (Source: Bonjour Service) (EventID: 100) (User: )
    Description: mDNSCoreReceiveResponse: Unexpected conflict discarding 16 60.66.12.25.in-addr.arpa. PTR Aidan-PC.local.
    Error: (01/12/2015 05:33:43 PM) (Source: Bonjour Service) (EventID: 100) (User: )
    Description: mDNSCoreReceiveResponse: Received from 25.12.66.60:5353 18 60.66.12.25.in-addr.arpa. PTR Aidan-PC-2.local.
    Error: (01/12/2015 05:33:43 PM) (Source: Bonjour Service) (EventID: 100) (User: )
    Description: mDNSCoreReceiveResponse: Unexpected conflict discarding 16 101.10.168.192.in-addr.arpa. PTR Aidan-PC.local.
    Error: (01/12/2015 05:33:43 PM) (Source: Bonjour Service) (EventID: 100) (User: )
    Description: mDNSCoreReceiveResponse: Received from 192.168.10.101:5353 18 101.10.168.192.in-addr.arpa. PTR Aidan-PC-2.local.
    Error: (01/12/2015 04:39:08 PM) (Source: WinMgmt) (EventID: 10) (User: )
    Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

    CodeIntegrity Errors:
    ===================================
    Date: 2015-01-11 19:16:22.658
    Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
    Date: 2015-01-11 19:16:22.486
    Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
    Date: 2015-01-11 19:12:34.414
    Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Users\Aidan\AppData\Local\Temp\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
    Date: 2015-01-11 19:12:34.242
    Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Users\Aidan\AppData\Local\Temp\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
    Date: 2015-01-11 19:12:34.071
    Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Users\Aidan\AppData\Local\Temp\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
    Date: 2015-01-11 19:12:33.899
    Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Users\Aidan\AppData\Local\Temp\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
    Date: 2015-01-11 19:12:33.681
    Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Users\Aidan\AppData\Local\Temp\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
    Date: 2015-01-11 19:12:33.509
    Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Users\Aidan\AppData\Local\Temp\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
    Date: 2015-01-11 12:24:19.632
    Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
    Date: 2015-01-11 12:24:19.375
    Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

    ==================== Memory info ===========================
    Processor: AMD A8-3520M APU with Radeon(tm) HD Graphics
    Percentage of memory in use: 19%
    Total physical RAM: 5607.92 MB
    Available physical RAM: 4511.97 MB
    Total Pagefile: 11214.02 MB
    Available Pagefile: 10115.55 MB
    Total Virtual: 8192 MB
    Available Virtual: 8191.8 MB
    ==================== Drives ================================
    Drive c: (OS) (Fixed) (Total:683.89 GB) (Free:321.24 GB) NTFS
    Drive f: (AE Storage) (Fixed) (Total:1863.01 GB) (Free:1460.61 GB) NTFS
    ==================== MBR & Partition Table ==================
    ========================================================
    Disk: 0 (MBR Code: Windows 7 or 8) (Size: 698.6 GB) (Disk ID: E920D318)
    Partition 1: (Not Active) - (Size=100 MB) - (Type=DE)
    Partition 2: (Active) - (Size=14.6 GB) - (Type=07 NTFS)
    Partition 3: (Not Active) - (Size=683.9 GB) - (Type=07 NTFS)
    Attempted reading MBR returned 0 bytes.
    Could not read MBR for disk 1.
    ==================== End Of Log ============================
     
  16. Sponsor

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 733,556 other people just like you!

Loading...
Thread Status:
Not open for further replies.

Short URL to this thread: https://techguy.org/1140896

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice