Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Audio ads playing and slow booting issues


  • This topic is locked This topic is locked
81 replies to this topic

#1 td323i

td323i

  • Members
  • 122 posts
  • OFFLINE
  •  
  • Local time:07:08 AM

Posted 02 June 2014 - 02:29 PM

I have a pc that once per day I can hear advertisements playing through my speakers but no video is displayed.  Around the same time as that happening, I noticed my computer seems sluggish.  Internet explorer seems to behave properly buy I just have a feeling something is going on in the background that is some sort of virus.  Any help would be greatly appreciated.

 

Thanks,

Tony

 

DDS (Ver_2012-11-20.01) - NTFS_x86
Internet Explorer: 10.0.9200.16843
Run by Tony at 15:17:41 on 2014-06-02
Microsoft Windows 7 Professional   6.1.7601.1.1252.1.1033.18.3037.1449 [GMT -4:00]
.
AV: GFI Software VIPRE *Enabled/Updated* {FFE93D16-FD09-0282-C7D3-8B1731B6A051}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: GFI Software VIPRE *Enabled/Updated* {4488DCF2-DB33-0D0C-FD63-B0654A31EAEC}
.
============== Running Processes ================
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\System32\spoolsv.exe
C:\Program Files\Common Files\Acronis\Agent\agent.exe
C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe
C:\Program Files\Acronis\AMS\ManagementServer.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Acronis\ARSM\arsm.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Acer\Empowering Technology\Service\ETService.exe
C:\MaxiSocketUSB\ServiceInstaller.exe
C:\MaxiSocketUSB\GPSocketUSBService.exe
C:\Program Files\LogMeIn\x86\LMIGuardianSvc.exe
C:\Program Files\LogMeIn\x86\RaMaint.exe
C:\PROGRA~1\SAAZOD\Malwarebytes' Anti-Malware\mbamscheduler.exe
C:\PROGRA~1\SAAZOD\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe
C:\Program Files\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe
C:\PROGRA~1\SAAZOD\zRealTime\SAAZappr.exe
C:\PROGRA~1\SAAZOD\SAAZDPMACTL.exe
C:\PROGRA~1\SAAZOD\SAAZScheduler.exe
C:\PROGRA~1\SAAZOD\SAAZServerPlus.exe
C:\PROGRA~1\SAAZOD\zRealTime\rtHlpDk.exe
C:\PROGRA~1\SAAZOD\SAAZWatchDog.exe
C:\Program Files\GFI Software\GFIAgent\SBPIMSvc.exe
C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\Program Files\TeamViewer\Version8\TeamViewer_Service.exe
C:\Program Files\Acer\Acer Updater\UpdaterService.exe
C:\Program Files\Common Files\VMware\USB\vmware-usbarbitrator.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
C:\Program Files\LogMeIn\x86\LogMeIn.exe
C:\Program Files\Acronis\BackupAndRecovery\mms.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\servicing\TrustedInstaller.exe
C:\Program Files\GFI Software\GFIAgent\SBAMSvc.exe
C:\Windows\system32\SearchIndexer.exe
C:\PROGRA~1\SAAZOD\BaseComponents\PatchManagement\ZPMGmt.exe
C:\Windows\system32\UI0Detect.exe
C:\Windows\System32\WUDFHost.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe
C:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
C:\Program Files\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe
C:\Program Files\CyberLink\PowerDVD8\PDVD8Serv.exe
C:\Program Files\Adobe\Acrobat 9.0\Acrobat\acrotray.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Windows\WindowsMobile\wmdc.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\LogMeIn\x86\LogMeInSystray.exe
C:\Program Files\GFI Software\GFIAgent\SBAMTray.exe
C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe
C:\Program Files\Common Files\Acronis\TibMounter\TibMounterMonitor.exe
C:\Program Files\Microsoft Office\Office14\MSOSYNC.EXE
C:\Windows\System32\mobsync.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Windows\WindowsMobile\WmdHost.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\system32\Macromed\Flash\FlashUtil32_11_9_900_170_ActiveX.exe
C:\PROGRA~1\SAAZOD\DMPHelpDesk.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\PROGRA~1\SAAZOD\SAAZDefaultJobExe.exe
C:\Windows\system32\conhost.exe
C:\Windows\system32\taskeng.exe
C:\PROGRA~1\SAAZOD\zTUEXEC.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k WindowsMobile
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0409&m=veriton_x480g&r=170505103416p04f5u2h5z44716240
BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - c:\program files\microsoft office\office14\GROOVEEX.DLL
BHO: Adobe PDF Conversion Toolbar Helper: {AE7CD045-E861-484f-8273-0445EE161910} - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll
BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - c:\program files\microsoft office\office15\URLREDIR.DLL
BHO: SmartSelect Class: {F4971EE7-DAA0-4053-9964-665D8EE6A077} - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll
TB: Adobe PDF: {47833539-D0C5-4125-9FA8-0819E2EAAC93} - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll
TB: Adobe PDF: {47833539-D0C5-4125-9FA8-0819E2EAAC93} - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll
uRun: [OfficeSyncProcess] "c:\program files\microsoft office\office14\MSOSYNC.EXE"
mRun: [IAAnotif] c:\program files\intel\intel matrix storage manager\iaanotif.exe
mRun: [RtHDVCpl] c:\program files\realtek\audio\hda\RtHDVCpl.exe
mRun: [BackupManagerTray] "c:\program files\newtech infosystems\acer backup manager\BackupManagerTray.exe" -h -k
mRun: [Acer PowerSaver] c:\program files\acer\acer powersaver\PowerSaverTray.exe
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [RemoteControl8] "c:\program files\cyberlink\powerdvd8\PDVD8Serv.exe"
mRun: [PDVD8LanguageShortcut] "c:\program files\cyberlink\powerdvd8\language\Language.exe"
mRun: [Adobe Acrobat Speed Launcher] "c:\program files\adobe\acrobat 9.0\acrobat\Acrobat_sl.exe"
mRun: [Acrobat Assistant 8.0] "c:\program files\adobe\acrobat 9.0\acrobat\Acrotray.exe"
mRun: [BCSSync] "c:\program files\microsoft office\office14\BCSSync.exe" /DelayServices
mRun: [AdobeAAMUpdater-1.0] "c:\program files\common files\adobe\oobe\pdapp\uwa\UpdaterStartupUtility.exe"
mRun: [AdobeCS5ServiceManager] "c:\program files\common files\adobe\cs5servicemanager\CS5ServiceManager.exe" -launchedbylogin
mRun: [SwitchBoard] c:\program files\common files\adobe\switchboard\SwitchBoard.exe
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [Windows Mobile Device Center] c:\windows\windowsmobile\wmdc.exe
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [LogMeIn GUI] "c:\program files\logmein\x86\LogMeInSystray.exe"
mRun: [SBAMTray] "c:\program files\gfi software\gfiagent\SBAMTray.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [Acronis Scheduler2 Service] "c:\program files\common files\acronis\schedule2\schedhlp.exe"
mRun: [AcronisTibMounterMonitor] c:\program files\common files\acronis\tibmounter\TibMounterMonitor.exe
mRun: [BackupAndRecoveryMonitor.exe] c:\program files\acronis\backupandrecovery\BackupAndRecoveryMonitor.exe
StartupFolder: c:\users\tony\appdata\roaming\microsoft\windows\start menu\programs\startup\NVIDIA Experience.url
StartupFolder: c:\users\tony\appdata\roaming\microsoft\windows\start menu\programs\startup\Nvidia Expirience.url
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\sc_zac~1.lnk - c:\program files\saazod\zscc\zAccEvt.exe
uPolicies-Explorer: NoDriveTypeAutoRun = dword:145
uPolicies-Explorer: NoDrives = dword:0
mPolicies-Explorer: NoWelcomeScreen = dword:1
mPolicies-Explorer: NoDrives = dword:0
mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
IE: Append Link Target to Existing PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Append to Existing PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert Link Target to Adobe PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert to Adobe PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIECapture.html
IE: E&xport to Microsoft Excel - c:\progra~1\micros~1\office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - c:\progra~1\micros~1\office14\ONBttnIE.dll/105
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\program files\microsoft office\office14\ONBttnIE.dll
IE: {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - c:\windows\windowsmobile\INetRepl.dll
IE: {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - c:\windows\windowsmobile\INetRepl.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - c:\program files\microsoft office\office14\ONBttnIELinkedNotes.dll
DPF: {3591A50E-18FD-42BC-8D10-6C93BDAF2DA0} - hxxps://control.itsupport247.net/components/SG20o.cab
DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} - hxxp://dlm.tools.akamai.com/dlmanager/versions/activex/dlm-activex-2.2.5.7.cab
DPF: {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} - hxxps://secure.logmein.com//activex/ractrl.cab?lmi=1058
TCP: NameServer = 192.168.1.100 192.168.1.101
TCP: Interfaces\{F946D222-745A-4B81-B1FA-D91B4C2C1796} : DHCPNameServer = 192.168.1.100 192.168.1.101
Filter: text/xml - {807583E5-5146-11D5-A672-00B0D022E945} - c:\program files\common files\microsoft shared\office15\MSOXMLMF.DLL
Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - c:\program files\microsoft office\office15\MSOSB.DLL
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\program files\common files\skype\Skype4COM.dll
Notify: igfxcui - igfxdev.dll
AppInit_DLLs= c:\windows\system32\acaptuser32.dll
SSODL: WebCheck - <orphaned>
SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - c:\program files\microsoft office\office14\GROOVEEX.DLL
LSA: Authentication Packages =  msv1_0 relog_ap
.
============= SERVICES / DRIVERS ===============
.
R0 fltsrv;Acronis Storage Filter Management;c:\windows\system32\drivers\fltsrv.sys [2014-2-12 73504]
R0 tib;Acronis TIB Manager;c:\windows\system32\drivers\tib.sys [2014-2-12 736312]
R0 tib_mounter;Acronis TIB Mounter;c:\windows\system32\drivers\tib_mounter.sys [2014-2-12 130488]
R2 AcronisAgent;Acronis Remote Agent Service;c:\program files\common files\acronis\agent\agent.exe [2012-12-29 2046968]
R2 AMS;Acronis Management Server Service;c:\program files\acronis\ams\ManagementServer.exe [2014-2-19 13018864]
R2 ARSM;Acronis Removable Storage Management Service;c:\program files\acronis\arsm\arsm.exe [2014-2-19 5866040]
R2 ETService;Empowering Technology Service;c:\program files\acer\empowering technology\service\ETService.exe [2009-10-8 24576]
R2 GPSocketUSBService;GPSocketUSBService;c:\maxisocketusb\ServiceInstaller.exe [2013-5-22 76288]
R2 LMIGuardianSvc;LMIGuardianSvc;c:\program files\logmein\x86\LMIGuardianSvc.exe [2012-10-19 375120]
R2 LMIInfo;LogMeIn Kernel Information Provider;c:\program files\logmein\x86\rainfo.sys [2012-11-29 13624]
R2 MBAMScheduler;MBAMScheduler;c:\progra~1\saazod\malwarebytes' anti-malware\mbamscheduler.exe [2013-5-21 418376]
R2 MBAMService;MBAMService;c:\progra~1\saazod\malwarebytes' anti-malware\mbamservice.exe [2013-5-21 701512]
R2 MMS;Acronis Managed Machine Service;c:\program files\acronis\backupandrecovery\mms.exe [2014-2-19 11186048]
R2 MSSQL$ACRONIS;SQL Server (ACRONIS);c:\program files\microsoft sql server\mssql.1\mssql\binn\sqlservr.exe [2008-11-24 29263712]
R2 NTI IScheduleSvc;NTI IScheduleSvc;c:\program files\newtech infosystems\acer backup manager\IScheduleSvc.exe [2009-8-12 62208]
R2 SAAZappr;SAAZ RMM Agent Presence-PR;c:\progra~1\saazod\zrealtime\SAAZappr.exe [2012-6-26 85296]
R2 SAAZDPMACTL;SAAZDPMACTL;c:\progra~1\saazod\SAAZDPMACTL.exe [2012-6-26 89392]
R2 SAAZScheduler;SAAZScheduler;c:\progra~1\saazod\SAAZScheduler.exe [2013-5-21 85296]
R2 SAAZServerPlus;SAAZServerPlus;c:\progra~1\saazod\SAAZServerPlus.exe [2012-6-26 85296]
R2 SAAZWatchDog;SAAZWatchDog;c:\progra~1\saazod\SAAZWatchDog.exe [2012-6-26 89392]
R2 SBAMSvc;VIPRE Business;c:\program files\gfi software\gfiagent\SBAMSvc.exe [2013-5-30 3681016]
R2 sbapifs;sbapifs;c:\windows\system32\drivers\sbapifs.sys [2013-1-15 68904]
R2 SBPIMSvc;SB Recovery Service;c:\program files\gfi software\gfiagent\SBPIMSvc.exe [2013-5-30 176536]
R2 TeamViewer8;TeamViewer 8;c:\program files\teamviewer\version8\TeamViewer_Service.exe [2013-2-20 3467768]
R2 Updater Service;Updater Service;c:\program files\acer\acer updater\UpdaterService.exe [2009-10-8 240160]
R2 virtual_file;Acronis Virtual File Driver (build 2103);c:\windows\system32\drivers\virtual_file.sys [2014-2-12 123168]
R2 VMUSBArbService;VMware USB Arbitration Service;c:\program files\common files\vmware\usb\vmware-usbarbitrator.exe [2011-6-1 609904]
R3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-10-8 260648]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2013-5-21 22856]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2012-7-9 104912]
S2 SkypeUpdate;Skype Updater;c:\program files\skype\updater\Updater.exe [2012-7-13 160944]
S3 gfiark;gfiark;c:\windows\system32\drivers\gfiark.sys [2013-7-1 43368]
S3 gfiutil;gfiutil;c:\windows\system32\drivers\gfiutil.sys [2013-7-1 24040]
S3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\drivers\NisDrvWFP.sys [2010-10-24 100328]
S3 PDF Architect 2;PDF Architect 2;c:\program files\pdf architect 2\ws.exe [2014-4-17 1716264]
S3 pdfforge CrashHandler;pdfforge CrashHandler;c:\program files\pdf architect 2\crash-handler-ws.exe [2014-4-17 861736]
S3 sbwtis;sbwtis;c:\windows\system32\drivers\sbwtis.sys [2013-1-15 76064]
S3 StorSvc;Storage Service;c:\windows\system32\svchost.exe -k LocalSystemNetworkRestricted [2009-7-13 20992]
S3 SwitchBoard;Adobe SwitchBoard;c:\program files\common files\adobe\switchboard\SwitchBoard.exe [2010-2-19 517096]
S3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\TsUsbFlt.sys [2011-6-20 52224]
S3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\wat\WatAdminSvc.exe [2010-6-15 1343400]
S4 AmsWebServer;Acronis Web Server Service;c:\program files\common files\acronis\webserver\httpd.exe [2011-10-31 18432]
S4 SAAZapsc;SAAZ RMM Agent Presence-SC;c:\progra~1\saazod\zrealtime\SAAZapsc.exe [2012-6-26 85296]
S4 SAAZRemoteSupport;SAAZRemoteSupport;c:\progra~1\saazod\SAAZRemoteSupport.exe [2012-6-26 81200]
S4 ZEvtSVC;ZEvtSVC;c:\progra~1\saazod\zscc\zEvtSVC.exe [2012-6-26 232752]
.
=============== File Associations ===============
.
ShellExec: dreamweaver.exe: Open="c:\program files\adobe\adobe dreamweaver cs5\dreamweaver.exe", "%1"
.
=============== Created Last 30 ================
.
2014-05-15 04:35:36 2706432 ----a-w- c:\windows\system32\mshtml.tlb
.
==================== Find3M  ====================
.
2014-04-25 21:44:56 95416 ----a-w- c:\windows\system32\pdfcmon.dll
2014-04-25 21:44:54 23552 ----a-w- c:\windows\system32\MSMPIDE.DLL
2014-04-18 13:02:44 85832 ----a-w- c:\windows\system32\LMIinit.dll
2014-04-18 13:02:44 53064 ----a-w- c:\windows\system32\spool\prtprocs\w32x86\LMIproc.dll
2014-04-18 13:02:44 31560 ----a-w- c:\windows\system32\LMIport.dll
2014-04-15 06:34:10 1070232 ----a-w- c:\windows\system32\MSCOMCTL.OCX
2014-04-12 02:15:13 67520 ----a-w- c:\windows\system32\drivers\ksecdd.sys
2014-04-12 02:15:13 136640 ----a-w- c:\windows\system32\drivers\ksecpkg.sys
2014-04-12 02:12:09 15872 ----a-w- c:\windows\system32\sspisrv.dll
2014-04-12 02:12:09 100352 ----a-w- c:\windows\system32\sspicli.dll
2014-04-12 02:12:06 22016 ----a-w- c:\windows\system32\secur32.dll
2014-04-12 02:11:58 1059840 ----a-w- c:\windows\system32\lsasrv.dll
2014-04-12 02:11:22 22528 ----a-w- c:\windows\system32\lsass.exe
.
============= FINISH: 15:18:41.05 ===============
 

 

 



BC AdBot (Login to Remove)

 


#2 Starbuck

Starbuck

    'r Brudiwr


  • Malware Response Team
  • 4,150 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Midlands, UK
  • Local time:12:08 PM

Posted 06 June 2014 - 05:43 PM

Hi td323i

Please take note of the following:

1. Please do not run any other tools unless instructed.
2. Please don't install or uninstall anything unless asked.
3. The cleaning process is not instant. Please continue to review my answers until I tell you that your computer is clean.
4. If there's anything that you don't understand, please ask your question(s) before proceeding with the fixes.
5. Please reply to this thread. Do not start a new topic.


For x32 bit systems download Farbar Recovery Scan Tool and save it to your Desktop.
  • Double-click the downloaded icon to run the tool. Vista/Windows 7/8 users right-click and select Run As Administrator

    frsticon_zpsdc3cbdc3.png
  • When the tool opens click Yes to disclaimer.

    frstdis_zps7f598f12.png
  • Make sure that Addition.txt is selected at the bottom
  • Press Scan button.

    newfrst_zpsa63ffa3d.png
  • It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
  • The first time the tool is run, it also makes another log (Addition.txt). Please copy and paste it to your reply also.
Also
  • Please re-run FRST again, but this time type the following in the edit box after Search: rpcss.dll
  • Click the Search File(s) button


    rpcss_zps888886ad.png
  • It will make a log (Search.txt)- please post this report along with the other 2 FRST reports.
In your next reply, please submit:
FRST report
Addition.txt
Search.txt


Thanks.

BBPP6nz.png


#3 td323i

td323i
  • Topic Starter

  • Members
  • 122 posts
  • OFFLINE
  •  
  • Local time:07:08 AM

Posted 10 June 2014 - 08:50 AM

Thanks for the help.  Please see logs below;

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version:09-06-2014 03
Ran by Tony (administrator) on X153-WIN7 on 10-06-2014 09:32:49
Running from C:\Users\Tony\Desktop
Platform: Microsoft Windows 7 Professional  Service Pack 1 (X86) OS Language: English(US)
Internet Explorer Version 10
Boot Mode: Normal

The only official download link for FRST:
Download link for 32-Bit version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/
Download link for 64-Bit Version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/
Download link from any site other than Bleeping Computer is unpermitted or outdated.
See tutorial for FRST: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(Acronis) C:\Program Files\Common Files\Acronis\Agent\agent.exe
(Acronis) C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe
(Acronis) C:\Program Files\Acronis\AMS\ManagementServer.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Acronis) C:\Program Files\Acronis\ARSM\arsm.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
() C:\Program Files\Acer\Empowering Technology\Service\ETService.exe
(GeneralPlus) C:\MaxiSocketUSB\ServiceInstaller.exe
(GeneralPlus) C:\MaxiSocketUSB\GPSocketUSBService.exe
(Malwarebytes Corporation) C:\Program Files\SAAZOD\Malwarebytes' Anti-Malware\mbamscheduler.exe
(Malwarebytes Corporation) C:\Program Files\SAAZOD\Malwarebytes' Anti-Malware\mbamservice.exe
(Microsoft Corporation) C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe
(NewTech Infosystems, Inc.) C:\Program Files\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe
(Continuum Managed Services LLC.) C:\Program Files\SAAZOD\zRealTime\SAAZappr.exe
(Continuum Managed Services LLC.) C:\Program Files\SAAZOD\SAAZDPMACTL.exe
(Continuum Managed Service LLC.) C:\Program Files\SAAZOD\SAAZScheduler.exe
(Continuum Managed Services LLC.) C:\Program Files\SAAZOD\SAAZServerPlus.exe
(Continuum Managed Services LLC.) C:\Program Files\SAAZOD\zRealTime\rtHlpDk.exe
(Continuum Managed Services LLC.) C:\Program Files\SAAZOD\SAAZWatchDog.exe
(ThreatTrack Security, Inc.) C:\Program Files\GFI Software\GFIAgent\SBPIMSvc.exe
(Microsoft Corporation) C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
(TeamViewer GmbH) C:\Program Files\TeamViewer\Version8\TeamViewer_Service.exe
(Acer) C:\Program Files\Acer\Acer Updater\UpdaterService.exe
(VMware, Inc.) C:\Program Files\Common Files\VMware\USB\vmware-usbarbitrator.exe
(Intel Corporation) C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe
(Acronis) C:\Program Files\Acronis\BackupAndRecovery\mms.exe
(ThreatTrack Security, Inc.) C:\Program Files\GFI Software\GFIAgent\SBAMSvc.exe
(Microsoft Corporation) C:\Windows\System32\UI0Detect.exe
(Microsoft Corporation) C:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe
(Microsoft Corporation) C:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe
(Intel Corporation) C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
(NewTech Infosystems, Inc.) C:\Program Files\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe
(CyberLink Corp.) C:\Program Files\CyberLink\PowerDVD8\PDVD8Serv.exe
(Adobe Systems Inc.) C:\Program Files\Adobe\Acrobat 9.0\Acrobat\acrotray.exe
(Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe
(Microsoft Corporation) C:\Windows\WindowsMobile\wmdc.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(ThreatTrack Security, Inc.) C:\Program Files\GFI Software\GFIAgent\SBAMTray.exe
(Acronis) C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe
(Acronis) C:\Program Files\Common Files\Acronis\TibMounter\TibMounterMonitor.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office\Office14\MSOSYNC.EXE
(Microsoft Corporation) C:\Windows\System32\mobsync.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Microsoft Corporation) C:\Windows\WindowsMobile\WmdHost.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Adobe Systems Incorporated) C:\Windows\System32\Macromed\Flash\FlashUtil32_11_9_900_170_ActiveX.exe
(LogMeIn, Inc.) C:\Program Files\LogMeIn\x86\LMIGuardianSvc.exe
(LogMeIn, Inc.) C:\Program Files\LogMeIn\x86\LogMeIn.exe
(LogMeIn, Inc.) C:\Program Files\LogMeIn\x86\ramaint.exe
(LogMeIn, Inc.) C:\Program Files\LogMeIn\x86\LogMeInSystray.exe
(Continuum Managed Services LLC.) C:\Program Files\SAAZOD\zWbPeATPostLogs.exe

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [IAAnotif] => C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe [186904 2009-06-04] (Intel Corporation)
HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe [7625248 2009-07-20] (Realtek Semiconductor)
HKLM\...\Run: [BackupManagerTray] => C:\Program Files\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe [261888 2009-08-12] (NewTech Infosystems, Inc.)
HKLM\...\Run: [Acer PowerSaver] => C:\Program Files\Acer\Acer PowerSaver\PowerSaverTray.exe [434176 2009-04-17] (Acer Incorporated)
HKLM\...\Run: [Adobe Reader Speed Launcher] => C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe [35696 2009-02-27] (Adobe Systems Incorporated)
HKLM\...\Run: [RemoteControl8] => C:\Program Files\CyberLink\PowerDVD8\PDVD8Serv.exe [91432 2009-04-15] (CyberLink Corp.)
HKLM\...\Run: [PDVD8LanguageShortcut] => C:\Program Files\CyberLink\PowerDVD8\Language\Language.exe [50472 2009-04-15] (CyberLink Corp.)
HKLM\...\Run: [Adobe Acrobat Speed Launcher] => C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe [44128 2013-05-08] (Adobe Systems Incorporated)
HKLM\...\Run: [Acrobat Assistant 8.0] => C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe [642664 2013-05-08] (Adobe Systems Inc.)
HKLM\...\Run: [BCSSync] => C:\Program Files\Microsoft Office\Office14\BCSSync.exe [91520 2010-03-13] (Microsoft Corporation)
HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [500208 2010-03-06] (Adobe Systems Incorporated)
HKLM\...\Run: [AdobeCS5ServiceManager] => C:\Program Files\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe [406992 2010-02-22] (Adobe Systems Incorporated)
HKLM\...\Run: [SwitchBoard] => C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated)
HKLM\...\Run: [QuickTime Task] => C:\Program Files\QuickTime\QTTask.exe [421888 2010-11-29] (Apple Inc.)
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [421160 2011-03-07] (Apple Inc.)
HKLM\...\Run: [Windows Mobile Device Center] => C:\Windows\WindowsMobile\wmdc.exe [648072 2007-05-31] (Microsoft Corporation)
HKLM\...\Run: [LogMeIn GUI] => C:\Program Files\LogMeIn\x86\LogMeInSystray.exe [63048 2012-11-29] (LogMeIn, Inc.)
HKLM\...\Run: [SBAMTray] => C:\Program Files\GFI Software\GFIAgent\SBAMTray.exe [3232152 2013-05-30] (ThreatTrack Security, Inc.)
HKLM\...\Run: [Adobe ARM] => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-04-04] (Adobe Systems Incorporated)
HKLM\...\Run: [Acronis Scheduler2 Service] => C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe [396176 2013-06-06] (Acronis)
HKLM\...\Run: [AcronisTibMounterMonitor] => C:\Program Files\Common Files\Acronis\TibMounter\TibMounterMonitor.exe [1102184 2013-01-22] (Acronis)
HKLM\...\Run: [BackupAndRecoveryMonitor.exe] => C:\Program Files\Acronis\BackupAndRecovery\BackupAndRecoveryMonitor.exe [1530496 2014-02-18] (Acronis)
HKLM\...\Policies\Explorer: [NoWelcomeScreen] 1
HKU\S-1-5-21-743207681-3097587850-1565792595-1317\...\Run: [OfficeSyncProcess] => C:\Program Files\Microsoft Office\Office14\MSOSYNC.EXE [720064 2013-04-22] (Microsoft Corporation)
HKU\S-1-5-21-743207681-3097587850-1565792595-1317\...\Policies\system: [RunLogonScriptSync] 1
AppInit_DLLs: C:\Windows\System32\acaptuser32.dll => C:\Windows\System32\acaptuser32.dll [114280 2013-05-08] (Adobe Systems Incorporated)
Lsa: [Authentication Packages] msv1_0 relog_ap
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\SC_zAccEvt.lnk
ShortcutTarget: SC_zAccEvt.lnk -> C:\Program Files\SAAZOD\zSCC\zAccEvt.exe (Continuum Managed Services LLC.)
InternetURL: C:\Users\Tony\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\NVIDIA Experience.url -> C:\Users\Tony\AppData\Roaming\FlashPlayer\igfxpers.exe
InternetURL: C:\Users\Tony\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Nvidia Expirience.url -> C:\Users\Tony\AppData\Roaming\FlashPlayer\igfxpers.exe

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://homepage.acer.com/rdr.aspx?b=ACAW&l=0409&m=veriton_x480g&r=170505103416p04f5u2h5z44716240
SearchScopes: HKLM - DefaultScope value is missing.
SearchScopes: HKLM - {67A2568C-7A0A-4EED-AECC-B5405DE63B64} URL = http://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ACAW
SearchScopes: HKCU - DefaultScope {67A2568C-7A0A-4EED-AECC-B5405DE63B64} URL =
SearchScopes: HKCU - {67A2568C-7A0A-4EED-AECC-B5405DE63B64} URL =
SearchScopes: HKCU - {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL =
BHO: Adobe PDF Link Helper - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
BHO: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office15\URLREDIR.DLL (Microsoft Corporation)
BHO: SmartSelect Class - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
Toolbar: HKLM - Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
Toolbar: HKCU - Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
DPF: {3591A50E-18FD-42BC-8D10-6C93BDAF2DA0} https://control.itsupport247.net/components/SG20o.cab
DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} http://dlm.tools.akamai.com/dlmanager/versions/activex/dlm-activex-2.2.5.7.cab
DPF: {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} https://secure.logmein.com//activex/ractrl.cab?lmi=1058
Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office\Office15\MSOSB.DLL (Microsoft Corporation)
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Winsock: Catalog5 05 C:\Program Files\Bonjour\mdnsNSP.dll [152864] (Apple Inc.)
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.1.100 192.168.1.101

FireFox:
========
FF Plugin: @Apple.com/iTunes,version=1.0 - C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin: @microsoft.com/GENUINE - disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin: @microsoft.com/SharePoint,version=14.0 - C:\PROGRA~1\MICROS~1\Office15\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin: @vmware.com/vmrc,version=2.5.0.00000 - C:\Program Files\Common Files\VMware\VMware VMRC Plug-in\Firefox\np-vmware-vmrc.dll (VMware, Inc.)
FF Plugin: Adobe Acrobat - C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Air\nppdf32.dll (Adobe Systems Inc.)
FF Plugin: PDF Architect 2 - C:\Program Files\PDF Architect 2\np-previewer.dll (pdfforge GmbH)

========================== Services (Whitelisted) =================

R2 AcronisAgent; C:\Program Files\Common Files\Acronis\Agent\agent.exe [2046968 2012-12-29] (Acronis)
R2 AcrSch2Svc; C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe [801784 2013-06-06] (Acronis)
R2 AMS; C:\Program Files\Acronis\AMS\ManagementServer.exe [13018864 2014-02-19] (Acronis)
S4 AmsWebServer; C:\Program Files\Common Files\Acronis\WebServer\httpd.exe [18432 2011-10-31] (Apache Software Foundation) [File not signed]
R2 ARSM; C:\Program Files\Acronis\ARSM\arsm.exe [5866040 2014-02-19] (Acronis)
R2 DcomLaunch; C:\Windows\system32\rpcss.dll [382464 2010-11-20] (Microsoft Corporation) [File not signed]
R2 ETService; C:\Program Files\Acer\Empowering Technology\Service\ETService.exe [24576 2009-02-17] () [File not signed]
S3 FLEXnet Licensing Service; C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe [651720 2010-06-11] (Macrovision Europe Ltd.) [File not signed]
R2 GPSocketUSBService; C:\MaxiSocketUSB\ServiceInstaller.exe [76288 2012-03-05] (GeneralPlus) [File not signed]
R2 MBAMScheduler; C:\Program Files\SAAZOD\Malwarebytes' Anti-Malware\mbamscheduler.exe [418376 2013-04-04] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files\SAAZOD\Malwarebytes' Anti-Malware\mbamservice.exe [701512 2013-04-04] (Malwarebytes Corporation)
R2 MMS; C:\Program Files\Acronis\BackupAndRecovery\mms.exe [11186048 2014-02-19] (Acronis)
R2 MSSQL$ACRONIS; C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [29263712 2008-11-24] (Microsoft Corporation)
S4 MSSQLServerADHelper; C:\Program Files\Microsoft SQL Server\90\Shared\sqladhlp90.exe [45408 2008-11-24] (Microsoft Corporation)
R2 NTI IScheduleSvc; C:\Program Files\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe [62208 2009-08-12] (NewTech Infosystems, Inc.)
S3 PDF Architect 2; C:\Program Files\PDF Architect 2\ws.exe [1716264 2014-04-17] (pdfforge GmbH)
S3 pdfforge CrashHandler; C:\Program Files\PDF Architect 2\crash-handler-ws.exe [861736 2014-04-17] (pdfforge GmbH)
R2 RpcSs; C:\Windows\system32\rpcss.dll [382464 2010-11-20] (Microsoft Corporation) [File not signed]
R2 SAAZappr; C:\Program Files\SAAZOD\zRealTime\SAAZappr.exe [85296 2012-06-26] (Continuum Managed Services LLC.)
S4 SAAZapsc; C:\Program Files\SAAZOD\zRealTime\SAAZapsc.exe [85296 2012-06-26] (Continuum Managed Services LLC.)
R2 SAAZDPMACTL; C:\Program Files\SAAZOD\SAAZDPMACTL.exe [89392 2012-06-26] (Continuum Managed Services LLC.)
S4 SAAZRemoteSupport; C:\Program Files\SAAZOD\SAAZRemoteSupport.exe [81200 2012-06-26] (Continuum Managed Services LLC.)
R2 SAAZScheduler; C:\Program Files\SAAZOD\SAAZScheduler.exe [85296 2013-05-21] (Continuum Managed Service LLC.)
R2 SAAZServerPlus; C:\Program Files\SAAZOD\SAAZServerPlus.exe [85296 2012-06-26] (Continuum Managed Services LLC.)
R2 SAAZWatchDog; C:\Program Files\SAAZOD\SAAZWatchDog.exe [89392 2012-06-26] (Continuum Managed Services LLC.)
R2 SBAMSvc; C:\Program Files\GFI Software\GFIAgent\SBAMSvc.exe [3681016 2013-05-30] (ThreatTrack Security, Inc.)
R2 SBPIMSvc; C:\Program Files\GFI Software\GFIAgent\SBPIMSvc.exe [176536 2013-05-30] (ThreatTrack Security, Inc.)
S3 SwitchBoard; C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated) [File not signed]
R2 Updater Service; C:\Program Files\Acer\Acer Updater\UpdaterService.exe [240160 2009-07-03] (Acer)
R2 VMUSBArbService; C:\Program Files\Common Files\VMware\USB\vmware-usbarbitrator.exe [609904 2011-06-01] (VMware, Inc.)
S4 ZEvtSVC; C:\Program Files\SAAZOD\zSCC\zEvtSVC.exe [232752 2012-06-26] (Continuum Managed Services LLC.)

==================== Drivers (Whitelisted) ====================

S3 FTDIBUS; C:\Windows\System32\drivers\ftdibus.sys [63464 2013-01-22] (FTDI Ltd.)
R3 gfiark; C:\Windows\System32\drivers\gfiark.sys [43368 2013-05-23] (ThreatTrack Security)
R3 gfiutil; C:\Windows\System32\drivers\gfiutil.sys [24040 2013-09-04] (ThreatTrack Security)
R2 hcmon; C:\Windows\system32\drivers\hcmon.sys [32880 2011-06-01] (VMware, Inc.)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [22856 2013-04-04] (Malwarebytes Corporation)
R2 sbapifs; C:\Windows\System32\DRIVERS\sbapifs.sys [68904 2013-01-15] (GFI Software)
S3 sbwtis; C:\Windows\System32\DRIVERS\sbwtis.sys [76064 2013-01-15] (GFI Software)
R0 tib; C:\Windows\System32\DRIVERS\tib.sys [736312 2014-02-12] (Acronis)
R0 tib_mounter; C:\Windows\System32\DRIVERS\tib_mounter.sys [130488 2014-02-12] (Acronis)
R2 tvicport; C:\Windows\system32\drivers\tvicport.sys [14544 2009-02-05] (EnTech Taiwan) [File not signed]
R2 virtual_file; C:\Windows\System32\DRIVERS\virtual_file.sys [123168 2014-02-12] (Acronis International GmbH)
R2 zntport; C:\Windows\system32\drivers\zntport.sys [6080 2009-02-05] (Zeal SoftStudio) [File not signed]
S3 catchme; \??\C:\Users\Tony\AppData\Local\Temp\catchme.sys [X]
S4 LMIRfsClientNP; No ImagePath
U3 mbr; \??\C:\Users\Tony\AppData\Local\Temp\mbr.sys [X]

==================== NetSvcs (Whitelisted) ===================

==================== One Month Created Files and Folders ========

2014-06-10 09:32 - 2014-06-10 09:33 - 00017940 _____ () C:\Users\Tony\Desktop\FRST.txt
2014-06-10 09:32 - 2014-06-10 09:32 - 00000000 ____D () C:\FRST
2014-06-10 09:30 - 2014-06-10 09:30 - 01177600 _____ (Farbar) C:\Users\Tony\Desktop\FRST.exe
2014-06-09 17:07 - 2014-06-09 17:07 - 00028672 _____ () C:\Windows\system32\xntsf.wgx
2014-06-02 15:18 - 2014-06-02 15:18 - 00017027 _____ () C:\Users\Tony\Desktop\dds.txt
2014-06-02 15:18 - 2014-06-02 15:18 - 00015797 _____ () C:\Users\Tony\Desktop\attach.txt
2014-06-02 15:17 - 2014-06-02 15:24 - 00000000 ____D () C:\Users\Tony\Desktop\Problems
2014-06-02 15:15 - 2014-06-02 15:15 - 00688992 ____R (Swearware) C:\Users\Tony\Desktop\dds.com
2014-06-02 15:08 - 2014-06-02 15:08 - 00000000 ___RD () C:\Users\Tony\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\CyberLink PowerDVD 8
2014-05-23 17:54 - 2014-06-10 09:27 - 00000085 _____ () C:\Windows\system32\xeonv.djg
2014-05-23 17:43 - 2014-06-09 17:15 - 00000063 _____ () C:\Windows\system32\dluh.aun
2014-05-23 17:43 - 2014-05-23 17:43 - 00000064 _____ () C:\Windows\system32\afvwcc.bfl
2014-05-23 17:07 - 2014-05-23 17:07 - 00310760 ____S () C:\Windows\system32\ioyeva.sfa
2014-05-21 10:45 - 2014-06-02 18:47 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
2014-05-21 10:45 - 2014-06-02 18:47 - 00000000 ____D () C:\Program Files\Microsoft Silverlight
2014-05-19 20:49 - 2014-06-02 18:47 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\EASYLABEL Platinum
2014-05-19 20:49 - 2014-06-02 18:46 - 00000000 ____D () C:\Program Files\Tharo
2014-05-19 20:49 - 2014-05-19 20:49 - 00002011 _____ () C:\Users\Public\Desktop\EASYLABEL Platinum.lnk
2014-05-19 20:49 - 2014-05-19 20:49 - 00000082 _____ () C:\Windows\easy32.ini
2014-05-19 20:49 - 1999-10-05 14:01 - 00273920 _____ (LEAD Technologies, Inc.) C:\Windows\system32\LFCMP11n.DLL
2014-05-19 20:49 - 1999-10-05 14:01 - 00172544 _____ (LEAD Technologies, Inc.) C:\Windows\system32\Lfpng11n.dll
2014-05-19 20:49 - 1999-10-05 14:01 - 00080896 _____ (LEAD Technologies, Inc.) C:\Windows\system32\lfdxf11N.dll
2014-05-19 20:49 - 1999-10-05 14:01 - 00066048 _____ (LEAD Technologies, Inc.) C:\Windows\system32\Lfdgn11n.dll
2014-05-19 20:49 - 1999-10-05 14:01 - 00062976 _____ (LEAD Technologies, Inc.) C:\Windows\system32\lfXpm11n.dll
2014-05-19 20:49 - 1999-10-05 14:01 - 00059392 _____ (LEAD Technologies, Inc.) C:\Windows\system32\lfwmf11n.dll
2014-05-19 20:49 - 1999-10-05 14:01 - 00045568 _____ (LEAD Technologies, Inc.) C:\Windows\system32\lfXbm11n.dll
2014-05-19 20:49 - 1999-10-05 14:01 - 00032256 _____ (LEAD Technologies, Inc.) C:\Windows\system32\lfxwd11N.dll
2014-05-19 20:49 - 1999-10-05 14:01 - 00027648 _____ (LEAD Technologies, Inc.) C:\Windows\system32\lfwpg11n.dll
2014-05-19 20:49 - 1999-10-05 14:01 - 00024576 _____ (LEAD Technologies, Inc.) C:\Windows\system32\lfavi11n.dll
2014-05-19 20:49 - 1999-10-05 14:00 - 00304128 _____ (LEAD Technologies, Inc.) C:\Windows\system32\ltdlg11N.dll
2014-05-19 20:49 - 1999-10-05 14:00 - 00145920 _____ (LEAD Technologies, Inc.) C:\Windows\system32\lftif11n.dll
2014-05-19 20:49 - 1999-10-05 14:00 - 00096256 _____ (LEAD Technologies, Inc.) C:\Windows\system32\Lvkrn11n.dll
2014-05-19 20:49 - 1999-10-05 14:00 - 00080896 _____ (LEAD Technologies, Inc.) C:\Windows\system32\lffax11n.dll
2014-05-19 20:49 - 1999-10-05 14:00 - 00074240 _____ (LEAD Technologies, Inc.) C:\Windows\system32\lfpct11n.dll
2014-05-19 20:49 - 1999-10-05 14:00 - 00068096 _____ (LEAD Technologies, Inc.) C:\Windows\system32\LVDLG11N.dll
2014-05-19 20:49 - 1999-10-05 14:00 - 00056320 _____ (LEAD Technologies, Inc.) C:\Windows\system32\lfpsd11n.dll
2014-05-19 20:49 - 1999-10-05 14:00 - 00048640 _____ (LEAD Technologies, Inc.) C:\Windows\system32\LFPNM11n.dll
2014-05-19 20:49 - 1999-10-05 14:00 - 00045568 _____ (LEAD Technologies, Inc.) C:\Windows\system32\lfflc11N.dll
2014-05-19 20:49 - 1999-10-05 14:00 - 00036864 _____ (LEAD Technologies, Inc.) C:\Windows\system32\lfbmp11n.dll
2014-05-19 20:49 - 1999-10-05 14:00 - 00035840 _____ (LEAD Technologies, Inc.) C:\Windows\system32\lflma11n.dll
2014-05-19 20:49 - 1999-10-05 14:00 - 00033792 _____ (LEAD Technologies, Inc.) C:\Windows\system32\lfiff11n.dll
2014-05-19 20:49 - 1999-10-05 14:00 - 00033280 _____ (LEAD Technologies, Inc.) C:\Windows\system32\lfpcx11n.dll
2014-05-19 20:49 - 1999-10-05 14:00 - 00032256 _____ (LEAD Technologies, Inc.) C:\Windows\system32\lfani11n.dll
2014-05-19 20:49 - 1999-10-05 14:00 - 00031744 _____ (LEAD Technologies, Inc.) C:\Windows\system32\lflmb11n.dll
2014-05-19 20:49 - 1999-10-05 14:00 - 00031232 _____ (LEAD Technologies, Inc.) C:\Windows\system32\lfeps11n.dll
2014-05-19 20:49 - 1999-10-05 14:00 - 00027648 _____ (LEAD Technologies, Inc.) C:\Windows\system32\lftga11n.dll
2014-05-19 20:49 - 1999-10-05 14:00 - 00027648 _____ (LEAD Technologies, Inc.) C:\Windows\system32\lfCUT11n.dll
2014-05-19 20:49 - 1999-10-05 14:00 - 00027136 _____ (LEAD Technologies, Inc.) C:\Windows\system32\lfimg11n.dll
2014-05-19 20:49 - 1999-10-05 14:00 - 00026112 _____ (LEAD Technologies, Inc.) C:\Windows\system32\lfras11n.dll
2014-05-19 20:49 - 1999-10-05 14:00 - 00026112 _____ (LEAD Technologies, Inc.) C:\Windows\system32\lfmsp11n.dll
2014-05-19 20:49 - 1999-10-05 14:00 - 00026112 _____ (LEAD Technologies, Inc.) C:\Windows\system32\lfmac11n.dll
2014-05-19 20:49 - 1999-10-05 14:00 - 00026112 _____ (LEAD Technologies, Inc.) C:\Windows\system32\lfitg11N.dll
2014-05-19 20:49 - 1999-10-05 13:59 - 00391680 _____ (LEAD Technologies, Inc.) C:\Windows\system32\ltkrn11n.dll
2014-05-19 20:49 - 1999-10-05 13:59 - 00253952 _____ (LEAD Technologies, Inc.) C:\Windows\system32\LTDIS11n.dll
2014-05-19 20:49 - 1999-10-05 13:59 - 00127488 _____ (LEAD Technologies, Inc.) C:\Windows\system32\ltimg11n.dll
2014-05-19 20:49 - 1999-10-05 13:59 - 00115712 _____ (LEAD Technologies, Inc.) C:\Windows\system32\ltfil11n.DLL
2014-05-19 20:49 - 1999-10-01 16:34 - 00068096 _____ () C:\Windows\system32\lfplt11n.dll
2014-05-19 20:49 - 1999-10-01 16:34 - 00061952 _____ (LEAD Technologies, Inc.) C:\Windows\system32\lfDRW11n.dll
2014-05-19 20:49 - 1999-10-01 16:33 - 00059392 _____ (LEAD Technologies, Inc.) C:\Windows\system32\lfCGM11n.dll
2014-05-19 20:49 - 1995-07-31 13:44 - 00212480 _____ (Eastman Kodak) C:\Windows\system32\Pcdlib32.dll
2014-05-15 00:35 - 2014-05-05 23:48 - 14367232 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-05-15 00:35 - 2014-05-05 23:48 - 00080384 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-05-15 00:35 - 2014-05-05 23:26 - 02706432 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-05-15 00:34 - 2014-03-24 22:09 - 12874240 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll
2014-05-15 00:30 - 2014-04-11 22:15 - 00136640 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2014-05-15 00:30 - 2014-04-11 22:15 - 00067520 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2014-05-15 00:30 - 2014-04-11 22:12 - 00100352 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2014-05-15 00:30 - 2014-04-11 22:12 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2014-05-15 00:30 - 2014-04-11 22:12 - 00015872 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2014-05-15 00:30 - 2014-04-11 22:11 - 01059840 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2014-05-15 00:30 - 2014-04-11 22:11 - 00022528 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2014-05-15 00:30 - 2014-03-04 05:20 - 03969984 _____ (Microsoft Corporation) C:\Windows\system32\ntkrnlpa.exe
2014-05-15 00:30 - 2014-03-04 05:20 - 03914176 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2014-05-15 00:30 - 2014-03-04 05:17 - 00550912 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2014-05-15 00:30 - 2014-03-04 05:17 - 00538112 _____ (Microsoft Corporation) C:\Windows\system32\objsel.dll
2014-05-15 00:30 - 2014-03-04 05:17 - 00304128 _____ (Microsoft Corporation) C:\Windows\system32\winlogon.exe
2014-05-15 00:30 - 2014-03-04 05:17 - 00293376 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll
2014-05-15 00:30 - 2014-03-04 05:17 - 00259584 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2014-05-15 00:30 - 2014-03-04 05:17 - 00247808 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2014-05-15 00:30 - 2014-03-04 05:17 - 00172032 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2014-05-15 00:30 - 2014-03-04 05:17 - 00065536 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2014-05-15 00:30 - 2014-03-04 05:17 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\cngprovider.dll
2014-05-15 00:30 - 2014-03-04 05:17 - 00049664 _____ (Microsoft Corporation) C:\Windows\system32\adprovider.dll
2014-05-15 00:30 - 2014-03-04 05:17 - 00048128 _____ (Microsoft Corporation) C:\Windows\system32\capiprovider.dll
2014-05-15 00:30 - 2014-03-04 05:17 - 00047616 _____ (Microsoft Corporation) C:\Windows\system32\dpapiprovider.dll
2014-05-15 00:30 - 2014-03-04 05:17 - 00036864 _____ (Microsoft Corporation) C:\Windows\system32\dimsroam.dll
2014-05-15 00:30 - 2014-03-04 05:17 - 00035328 _____ (Microsoft Corporation) C:\Windows\system32\wincredprovider.dll
2014-05-15 00:30 - 2014-03-04 05:17 - 00017408 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll

==================== One Month Modified Files and Folders =======

2014-06-10 09:33 - 2014-06-10 09:32 - 00017940 _____ () C:\Users\Tony\Desktop\FRST.txt
2014-06-10 09:33 - 2013-12-10 17:01 - 00000000 ____D () C:\Users\Tony\AppData\Local\temp
2014-06-10 09:32 - 2014-06-10 09:32 - 00000000 ____D () C:\FRST
2014-06-10 09:30 - 2014-06-10 09:30 - 01177600 _____ (Farbar) C:\Users\Tony\Desktop\FRST.exe
2014-06-10 09:27 - 2014-05-23 17:54 - 00000085 _____ () C:\Windows\system32\xeonv.djg
2014-06-10 09:24 - 2014-02-12 14:15 - 00000000 ____D () C:\Users\AMS User\AppData\Local\temp
2014-06-10 09:16 - 2013-05-21 21:16 - 00000000 ____D () C:\Program Files\SAAZOD
2014-06-10 09:05 - 2013-08-29 01:30 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-06-10 07:37 - 2010-06-11 16:32 - 00000152 _____ () C:\Windows\system32\config\netlogon.ftl
2014-06-10 05:15 - 2010-05-13 12:22 - 02096150 _____ () C:\Windows\WindowsUpdate.log
2014-06-09 17:15 - 2014-05-23 17:43 - 00000063 _____ () C:\Windows\system32\dluh.aun
2014-06-09 17:07 - 2014-06-09 17:07 - 00028672 _____ () C:\Windows\system32\xntsf.wgx
2014-06-09 14:50 - 2012-10-28 18:00 - 00000000 ____D () C:\ProgramData\LogMeIn
2014-06-09 00:14 - 2013-05-21 21:17 - 00001784 _____ () C:\Windows\system32\ipstuffNew.txt
2014-06-07 14:51 - 2014-01-21 15:11 - 00000962 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LogMeIn Control Panel.lnk
2014-06-07 14:51 - 2012-10-28 18:00 - 00000000 ____D () C:\Program Files\LogMeIn
2014-06-07 06:45 - 2009-07-14 00:34 - 00009920 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-06-07 06:45 - 2009-07-14 00:34 - 00009920 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-06-06 14:01 - 2012-10-28 18:00 - 00085832 _____ (LogMeIn, Inc.) C:\Windows\system32\LMIinit.dll
2014-06-06 14:01 - 2012-10-28 18:00 - 00031560 _____ (LogMeIn, Inc.) C:\Windows\system32\LMIport.dll
2014-06-02 18:47 - 2014-05-21 10:45 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
2014-06-02 18:47 - 2014-05-21 10:45 - 00000000 ____D () C:\Program Files\Microsoft Silverlight
2014-06-02 18:47 - 2014-05-19 20:49 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\EASYLABEL Platinum
2014-06-02 18:47 - 2013-12-10 23:03 - 00000000 ____D () C:\Users\administrator
2014-06-02 18:47 - 2013-11-27 17:51 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2013
2014-06-02 18:47 - 2013-07-01 11:22 - 00000000 ____D () C:\Users\processpro
2014-06-02 18:47 - 2013-03-08 16:29 - 00000000 ____D () C:\Users\genas
2014-06-02 18:47 - 2012-04-12 16:11 - 00000000 ____D () C:\ProgramData\Brother
2014-06-02 18:47 - 2011-04-18 11:43 - 00000000 ____D () C:\Users\r&d
2014-06-02 18:47 - 2011-04-11 11:54 - 00000000 ____D () C:\Users\wayner
2014-06-02 18:47 - 2010-06-11 16:35 - 00000000 ___HD () C:\_rpcs
2014-06-02 18:47 - 2010-06-11 16:33 - 00000000 ____D () C:\Users\__sbs_netsetup__
2014-06-02 18:47 - 2010-06-11 16:10 - 00000000 ____D () C:\Program Files\Common Files\DESIGNER
2014-06-02 18:47 - 2009-10-08 21:08 - 00000000 ____D () C:\ProgramData\Microsoft Help
2014-06-02 18:47 - 2009-07-13 22:37 - 00000000 ____D () C:\Windows\system32\wfp
2014-06-02 18:47 - 2009-07-13 22:37 - 00000000 ____D () C:\Windows\security
2014-06-02 18:47 - 2009-07-13 22:37 - 00000000 ____D () C:\Windows\rescache
2014-06-02 18:47 - 2009-07-13 22:37 - 00000000 ____D () C:\Windows\registration
2014-06-02 18:47 - 2009-07-13 22:37 - 00000000 ____D () C:\Windows\AppCompat
2014-06-02 18:46 - 2014-05-19 20:49 - 00000000 ____D () C:\Program Files\Tharo
2014-06-02 18:46 - 2009-07-13 22:37 - 00000000 ____D () C:\Windows\Microsoft.NET
2014-06-02 18:45 - 2010-06-11 16:09 - 00000000 ____D () C:\Program Files\Microsoft Office
2014-06-02 15:24 - 2014-06-02 15:17 - 00000000 ____D () C:\Users\Tony\Desktop\Problems
2014-06-02 15:18 - 2014-06-02 15:18 - 00017027 _____ () C:\Users\Tony\Desktop\dds.txt
2014-06-02 15:18 - 2014-06-02 15:18 - 00015797 _____ () C:\Users\Tony\Desktop\attach.txt
2014-06-02 15:15 - 2014-06-02 15:15 - 00688992 ____R (Swearware) C:\Users\Tony\Desktop\dds.com
2014-06-02 15:08 - 2014-06-02 15:08 - 00000000 ___RD () C:\Users\Tony\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\CyberLink PowerDVD 8
2014-06-02 15:07 - 2010-06-11 16:35 - 00001448 _____ () C:\Windows\ricdb.ini
2014-06-02 15:05 - 2009-10-08 21:01 - 00853404 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-06-02 14:58 - 2009-07-14 00:53 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-06-02 14:58 - 2009-07-14 00:39 - 00095238 _____ () C:\Windows\setupact.log
2014-06-02 14:57 - 2009-10-08 21:30 - 00872638 _____ () C:\Windows\PFRO.log
2014-06-02 14:50 - 2010-06-11 16:34 - 00000000 ____D () C:\Users\Tony
2014-05-28 11:26 - 2009-07-14 00:52 - 00000000 ____D () C:\Windows\system32\FxsTmp
2014-05-23 17:43 - 2014-05-23 17:43 - 00000064 _____ () C:\Windows\system32\afvwcc.bfl
2014-05-23 17:07 - 2014-05-23 17:07 - 00310760 ____S () C:\Windows\system32\ioyeva.sfa
2014-05-19 20:50 - 2010-06-15 12:09 - 00000163 _____ () C:\Windows\label0.ini
2014-05-19 20:49 - 2014-05-19 20:49 - 00002011 _____ () C:\Users\Public\Desktop\EASYLABEL Platinum.lnk
2014-05-19 20:49 - 2014-05-19 20:49 - 00000082 _____ () C:\Windows\easy32.ini

==================== Bamital & volsnap Check =================

C:\Windows\explorer.exe => File is digitally signed
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll
[2011-06-20 18:50] - [2010-11-20 08:21] - 0382464 ____A (Microsoft Corporation) F3AEC6FD072136202634F2107F184EB6

 ATTENTION ======> If the system is having audio adware rpcss.dll is patched. Google the MD5, if the MD5 is unique the file is infected.
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2014-06-08 00:24

==================== End Of Log ============================

 

 

 

Additional scan result of Farbar Recovery Scan Tool (x86) Version:09-06-2014 03
Ran by Tony at 2014-06-10 09:33:40
Running from C:\Users\Tony\Desktop
Boot Mode: Normal
==========================================================

==================== Security Center ========================

AV: GFI Software VIPRE (Enabled - Up to date) {FFE93D16-FD09-0282-C7D3-8B1731B6A051}
AS: Windows Defender (Disabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: GFI Software VIPRE (Enabled - Up to date) {4488DCF2-DB33-0D0C-FD63-B0654A31EAEC}

==================== Installed Programs ======================

.Net Framework 3.5 (HKLM\...\{7DBBC062-E7D5-49E9-8694-FF19E047343B}) (Version: 1.0.2 - ProcessPro Premier)
Acer Backup Manager (HKLM\...\InstallShield_{30075A70-B5D2-440B-AFA3-FB2021740121}) (Version: 2.0.2.19 - NewTech Infosystems)
Acer eRecovery Management (HKLM\...\{7F811A54-5A09-4579-90E1-C93498E230D9}) (Version: 4.05.3003 - Acer Incorporated)
Acer eSettings Management (HKLM\...\{13D85C14-2B85-419F-AC41-C7F21E68B25D}) (Version: 3.00.5001 - Acer Incorporated)
Acer Framework (HKLM\...\{8F1B6239-FEA0-450A-A950-B05276CE177C}) (Version: 3.00.5000 - Acer Incorporated)
Acer PowerSaver (HKLM\...\{A1FFD720-0806-40E9-9554-DB22D593FDEF}) (Version: 1.00.3005 - Acer Incorporated)
Acer QuickMigration (HKLM\...\{D38FA7FF-84E7-42F7-ACAC-E85DF086F008}) (Version: 1.00.3005 - Acer Incorporated)
Acer Updater (HKLM\...\{EE171732-BEB4-4576-887D-CB62727F01CA}) (Version: 1.01.3014 - Acer Incorporated)
Acronis Backup 11.5 Agent Core (HKLM\...\{7370A3E3-9326-42AD-8B64-32D93A839F04}) (Version: 11.5.38573 - Acronis)
Acronis Backup 11.5 Agent for SQL (HKLM\...\{C1C4DD27-DD38-46A5-8396-B140771DB202}) (Version: 11.5.38573 - Acronis)
Acronis Backup 11.5 Agent for Windows (HKLM\...\{AC2E970D-857C-4DA9-9DAF-7F892E37540A}) (Version: 11.5.38573 - Acronis)
Acronis Backup 11.5 Bootable Media Builder (HKLM\...\{34542598-AC39-4F03-8C2D-819C10592BB0}) (Version: 11.5.38573 - Acronis)
Acronis Backup 11.5 Command-Line Tool (HKLM\...\{A9CFD8BA-61D3-4259-89EB-BA630FCF2FDE}) (Version: 11.5.38573 - Acronis)
Acronis Backup 11.5 Management Console (HKLM\...\{03AFCAEE-20E0-423E-8E44-F4AAA3BA1D65}) (Version: 11.5.38573 - Acronis)
Acronis Backup 11.5 Management Server (HKLM\...\{E9F0D163-FA3B-4FC5-A978-CBCC7DB68081}) (Version: 11.5.38573 - Acronis)
Acronis Components for Remote Installation (HKLM\...\{ED780047-33A8-4270-ABAA-B89ECB5A90E7}) (Version: 11.5.38573 - Acronis)
Acronis License Server (HKLM\...\{A2F25E98-D557-4AB7-9EBE-627D956A0E5C}) (Version: 11.5.38573 - Acronis)
Adobe Acrobat 9 Pro Extended - English, Français, Deutsch (HKLM\...\{AC76BA86-1033-F400-7761-000000000004}{AC76BA86-1033-F400-7761-000000000004}) (Version: 9.5.5 - Adobe Systems)
Adobe Acrobat 9 Pro Extended - English, Français, Deutsch (Version: 9.5.5 - Adobe Systems) Hidden
Adobe Acrobat 9.5.5 - CPSID_83708 (HKLM\...\{AC76BA86-1033-F400-7761-000000000004}_955) (Version:  - Adobe Systems Incorporated)
Adobe AIR (HKLM\...\Adobe AIR) (Version: 1.5.3.9120 - Adobe Systems Inc.)
Adobe AIR (Version: 1.5.3.9120 - Adobe Systems Inc.) Hidden
Adobe Anchor Service CS3 (Version: 1.0 - Adobe Systems Incorporated) Hidden
Adobe Asset Services CS3 (Version: 3 - Adobe Systems Incorporated) Hidden
Adobe Bridge CS3 (Version: 2 - Adobe Systems Incorporated) Hidden
Adobe Bridge Start Meeting (Version: 1.0 - Adobe Systems Incorporated) Hidden
Adobe Camera Raw 4.0 (Version: 4.0 - Adobe Systems Incorporated) Hidden
Adobe CMaps (Version: 1.0 - Adobe Systems Incorporated) Hidden
Adobe Color Common Settings (Version: 1.0 - Adobe Systems Incorporated) Hidden
Adobe Color EU Extra Settings (Version: 1.0 - Adobe Systems Incorporated) Hidden
Adobe Color JA Extra Settings (Version: 1.0 - Adobe Systems Incorporated) Hidden
Adobe Color NA Recommended Settings (Version: 1.0 - Adobe Systems Incorporated) Hidden
Adobe Community Help (HKLM\...\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1) (Version: 3.0.0.400 - Adobe Systems Incorporated)
Adobe Community Help (Version: 3.0.0 - Adobe Systems Incorporated) Hidden
Adobe Creative Suite 5 Master Collection (HKLM\...\{288DB08D-0708-4A94-B055-55B99E39EB62}) (Version: 5.0 - Adobe Systems Incorporated)
Adobe Default Language CS3 (Version: 1.0 - Adobe Systems Incorporated) Hidden
Adobe Device Central CS3 (Version: 1.0 - Adobe Systems Incorporated) Hidden
Adobe ExtendScript Toolkit 2 (Version: 2.0 - Adobe Systems Incorporated) Hidden
Adobe Flash Player 11 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 11.9.900.170 - Adobe Systems Incorporated)
Adobe Fonts All (Version: 1.0 - Adobe Systems Incorporated) Hidden
Adobe Help Viewer CS3 (Version: 1 - Adobe Systems Incorporated) Hidden
Adobe Illustrator CS3 (HKLM\...\Adobe_a04a925a57548091300ada368235fc6) (Version: 13.0 - Adobe Systems Incorporated)
Adobe Illustrator CS3 (Version: 13.0 - Adobe Systems Incorporated) Hidden
Adobe Linguistics CS3 (Version: 3.0.0 - Adobe Systems Incorporated) Hidden
Adobe Media Player (HKLM\...\com.adobe.amp.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1) (Version: 1.8 - Adobe Systems Incorporated)
Adobe Media Player (Version: 1.8 - Adobe Systems Incorporated) Hidden
Adobe PDF Library Files (Version: 8.0 - Adobe Systems Incorporated) Hidden
Adobe Reader 9.1 MUI (HKLM\...\{AC76BA86-7AD7-FFFF-7B44-A91000000001}) (Version: 9.1.0 - Adobe Systems Incorporated)
Adobe Setup (Version: 1.0 - Adobe Systems Incorporated) Hidden
Adobe Stock Photos CS3 (Version: 1.5 - Adobe Systems Incorporated) Hidden
Adobe Type Support (Version: 1.0 - Adobe Systems Incorporated) Hidden
Adobe Update Manager CS3 (Version: 5.1.0 - Adobe Systems Incorporated) Hidden
Adobe Version Cue CS3 Client (Version: 3 - Adobe Systems Incorporated) Hidden
Adobe WinSoft Linguistics Plugin (Version: 1.0 - Adobe Systems Incorporated) Hidden
Adobe XMP Panels CS3 (Version: 1.0 - Adobe Systems Incorporated) Hidden
Advertising Center (Version: 0.0.0.2 - Nero AG) Hidden
American Module for Microsoft Dynamics NAV Classic Client (Version: 6.0.29626.0 - Microsoft Corporation) Hidden
American Module for Microsoft Dynamics NAV Documentation (Version: 6.0.29626.0 - Microsoft Corporation) Hidden
American Module for Microsoft Dynamics NAV Role Tailored Client (Version: 6.0.29626.0 - Microsoft Corporation) Hidden
Apple Application Support (HKLM\...\{2DC94AFD-A6E2-4AB4-9132-4A3F8E07B386}) (Version: 1.5.0 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{CACAEB5F-174D-4C7C-AC56-A33289A807CA}) (Version: 3.4.0.25 - Apple Inc.)
Apple Software Update (HKLM\...\{C41300B9-185D-475E-BFEC-39EF732F19B1}) (Version: 2.1.2.120 - Apple Inc.)
AuthenTec Fingerprint Sensor Minimum Install (Version: 7.9.0.0 - AuthenTec) Hidden
Backup Manager Advance (Version: 2.0.2.19 - NewTech Infosystems) Hidden
Bonjour (HKLM\...\{2A981294-F14C-4F0F-9627-D793270922F8}) (Version: 2.0.4.0 - Apple Inc.)
Canadian Module for Microsoft Dynamics NAV Classic Client (Version: 6.0.29626.0 - Microsoft Corporation) Hidden
Canadian Module for Microsoft Dynamics NAV Documentation (Version: 6.0.29626.0 - Microsoft Corporation) Hidden
Canadian Module for Microsoft Dynamics NAV Role Tailored Client (Version: 6.0.29626.0 - Microsoft Corporation) Hidden
CeRegEditor 0.0.5.1 (HKLM\...\CeRegEditor_is1) (Version:  - )
Crystal Reports 9 Redistributables (HKLM\...\{9D571CDB-02AC-472D-8921-D2DBC4E64CE6}) (Version: 1.0.0 - ESHA Research)
Crystal Reports Basic Runtime for Visual Studio 2008 (HKLM\...\{CE26F10F-C80F-4377-908B-1B7882AE2CE3}) (Version: 10.5.0.0 - Business Objects)
CyberLink PowerDVD 8 (HKLM\...\InstallShield_{2BF2E31F-B8BB-40A7-B650-98D28E0F7D47}) (Version: 8.0.2815i.50 - CyberLink Corp.)
CyberLink PowerDVD 8 (Version: 8.0.2815i.50 - CyberLink Corp.) Hidden
DameWare NT Utilities 7.5 (HKLM\...\{63C7E50A-FBCD-40C0-974F-0855C286AB2B}) (Version: 7.5.6.0 - DameWare Development)
Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition (HKLM\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{6BDEB2BD-7C8B-4734-9E2F-E9EDC9D6C844}) (Version:  - Microsoft)
Definition Update for Microsoft Office 2013 (KB2760587) 32-Bit Edition (HKLM\...\{90150000-0017-0000-0000-0000000FF1CE}_Office15.SharePointDesigner_{B64AFC4A-F842-4444-9DA4-12A798EF5551}) (Version:  - Microsoft)
DYMO LabelWriter Drivers (HKLM\...\{CE16D92B-50F3-4FC5-B29C-13FAFEE1A6C6}) (Version: 8.3.0.443 - Sanford L.P.)
EASYLABEL Platinum (HKLM\...\EASYLABELPLAT) (Version:  - )
Genesis R&D SQL (HKLM\...\{B22CC1EA-3B11-449C-8AE8-6EA7BCEDCC19}) (Version: 9.12.1 - ESHA Research Inc.)
GFI Business Agent (HKLM\...\{C1D1FC57-3EB9-4B21-BCA3-F1C927508200}) (Version: 6.2.5530 - GFI Software)
GFI Business Agent (Version: 6.2.5530 - GFI Software) Hidden
ImagXpress (Version: 7.0.74.0 - Nero AG) Hidden
Intel® Graphics Media Accelerator Driver (HKLM\...\HDMI) (Version:  - Intel Corporation)
Intel® Matrix Storage Manager (HKLM\...\{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}) (Version:  - Intel Corporation)
ITSupport247-DPMA (HKLM\...\SAAZOD) (Version: 5.2.3 - Continuum Managed Services LLC)
iTunes (HKLM\...\{2A697B53-0DE3-42DA-B41D-C3F804B1C538}) (Version: 10.2.1.1 - Apple Inc.)
Keyscan System VII Client (HKLM\...\{1C2D030F-AECD-4E72-A8FD-AB4242BDA7C6}) (Version: 7.0.7 - Keyscan Inc.)
LAN-Fax Utilities (HKLM\...\LAN-Fax Utilities) (Version:  - )
LogMeIn (HKLM\...\{36E0F777-19FE-4454-BB2D-84206758EA85}) (Version: 4.1.2651 - LogMeIn, Inc.)
LogMeIn (HKLM\...\{5C5778DB-3E5A-499D-865D-740E67D1F165}) (Version: 4.1.2600 - LogMeIn, Inc.)
Malwarebytes Anti-Malware version 1.75.0.1300 (HKLM\...\Malwarebytes' Anti-Malware_is1) (Version: 1.75.0.1300 - Malwarebytes Corporation)
MAS 90 Workstation (HKLM\...\MAS 90 Workstation) (Version:  - )
Maxithermal (HKLM\...\{33D79CB9-E6CF-458B-A3FC-41419B8088AC}) (Version: 1.0.0 - Marathon Product Inc)
MDAS-Pro  (HKLM\...\Marathon_Products) (Version: 1.0 - Marathon Products)
Mexican Module for Microsoft Dynamics NAV Classic Client (Version: 6.0.29626.0 - Microsoft Corporation) Hidden
Mexican Module for Microsoft Dynamics NAV Documentation (Version: 6.0.29626.0 - Microsoft Corporation) Hidden
Mexican Module for Microsoft Dynamics NAV Role Tailored Client (Version: 6.0.29626.0 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4.5 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50709 - Microsoft Corporation)
Microsoft .NET Framework 4.5 (Version: 4.5.50709 - Microsoft Corporation) Hidden
Microsoft Chart Controls for Microsoft .NET Framework 3.5 (KB2500170) (HKLM\...\{41785C66-90F2-40CE-8CB5-1C94BFC97280}) (Version: 3.5.30730.0 - Microsoft Corporation)
Microsoft Dynamics NAV 2009 Classic (Version: 6.0.29626.0 - Microsoft Corporation) Hidden
Microsoft Dynamics NAV 2009 RoleTailored Client (Version: 6.0.29626.0 - Microsoft Corporation) Hidden
Microsoft Dynamics NAV 2009 SP1 (HKLM\...\DynamicsNav60) (Version: 6.0.29626.0 - Microsoft Corporation)
Microsoft Dynamics NAV 6.0 Setup (Version: 6.0.29626.0 - Microsoft Corporation) Hidden
Microsoft Mouse and Keyboard Center (HKLM\...\Microsoft Mouse and Keyboard Center) (Version: 2.2.173.0 - Microsoft Corporation)
Microsoft Mouse and Keyboard Center (Version: 2.2.173.0 - Microsoft Corporation) Hidden
Microsoft Office 2010 Service Pack 1 (SP1) (HKLM\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{047B0968-E622-4FAA-9B4B-121FA109EDDE}) (Version:  - Microsoft)
Microsoft Office 2010 Service Pack 1 (SP1) (Version:  - Microsoft) Hidden
Microsoft Office Access MUI (English) 2010 (Version: 14.0.6029.1000 - Microsoft Corporation) Hidden
Microsoft Office Access Setup Metadata MUI (English) 2010 (Version: 14.0.6029.1000 - Microsoft Corporation) Hidden
Microsoft Office Excel MUI (English) 2010 (Version: 14.0.6029.1000 - Microsoft Corporation) Hidden
Microsoft Office Groove MUI (English) 2010 (Version: 14.0.6029.1000 - Microsoft Corporation) Hidden
Microsoft Office InfoPath MUI (English) 2010 (Version: 14.0.6029.1000 - Microsoft Corporation) Hidden
Microsoft Office OneNote MUI (English) 2010 (Version: 14.0.6029.1000 - Microsoft Corporation) Hidden
Microsoft Office Outlook MUI (English) 2010 (Version: 14.0.6029.1000 - Microsoft Corporation) Hidden
Microsoft Office PowerPoint MUI (English) 2010 (Version: 14.0.6029.1000 - Microsoft Corporation) Hidden
Microsoft Office Professional Plus 2010 (HKLM\...\Office14.PROPLUSR) (Version: 14.0.6029.1000 - Microsoft Corporation)
Microsoft Office Professional Plus 2010 (Version: 14.0.6029.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (English) 2010 (Version: 14.0.6029.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (French) 2010 (Version: 14.0.6029.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (Spanish) 2010 (Version: 14.0.6029.1000 - Microsoft Corporation) Hidden
Microsoft Office Proofing (English) 2010 (Version: 14.0.6029.1000 - Microsoft Corporation) Hidden
Microsoft Office Proofing (English) 2013 (Version: 15.0.4420.1017 - Microsoft Corporation) Hidden
Microsoft Office Proofing Tools 2013 - English (Version: 15.0.4420.1017 - Microsoft Corporation) Hidden
Microsoft Office Proofing Tools 2013 - Español (Version: 15.0.4420.1017 - Microsoft Corporation) Hidden
Microsoft Office Publisher MUI (English) 2010 (Version: 14.0.6029.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared MUI (English) 2010 (Version: 14.0.6029.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared MUI (English) 2013 (Version: 15.0.4420.1017 - Microsoft Corporation) Hidden
Microsoft Office Shared Setup Metadata MUI (English) 2010 (Version: 14.0.6029.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared Setup Metadata MUI (English) 2013 (Version: 15.0.4420.1017 - Microsoft Corporation) Hidden
Microsoft Office Word MUI (English) 2010 (Version: 14.0.6029.1000 - Microsoft Corporation) Hidden
Microsoft OLE DB Provider for Visual FoxPro (HKLM\...\{CD5DC4AA-7D62-48D9-B756-5925471001FE}) (Version: 9.0.0.3504 - Microsoft Corporation)
Microsoft Report Viewer Redistributable 2008 (KB971119) (HKLM\...\Microsoft Report Viewer Redistributable 2008 (KB971119)) (Version:  - Microsoft Corporation)
Microsoft Report Viewer Redistributable 2008 (KB971119) (Version: 9.0.30731 - Microsoft Corporation) Hidden
Microsoft Report Viewer Redistributable 2008 SP1 (HKLM\...\Microsoft Report Viewer Redistributable 2008 SP1) (Version:  - Microsoft Corporation)
Microsoft Report Viewer Redistributable 2008 SP1 (Version: 9.0.30729 - Microsoft Corporation) Hidden
Microsoft SharePoint Designer 2013 (HKLM\...\Office15.SharePointDesigner) (Version: 15.0.4420.1017 - Microsoft Corporation)
Microsoft SharePoint Designer 2013 (Version: 15.0.4420.1017 - Microsoft Corporation) Hidden
Microsoft SharePoint Designer MUI (English) 2013 (Version: 15.0.4420.1017 - Microsoft Corporation) Hidden
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30214.0 - Microsoft Corporation)
Microsoft SOAP Toolkit 3.0 (HKLM\...\{BCB4C18A-ACA6-4383-8688-E19933A705DD}) (Version: 3.0.1325.4 - Microsoft Corporation)
Microsoft SQL Server 2005 (HKLM\...\Microsoft SQL Server 2005) (Version:  - Microsoft Corporation)
Microsoft SQL Server 2005 Express Edition (ACRONIS) (Version: 9.3.4035.00 - Microsoft Corporation) Hidden
Microsoft SQL Server 2005 Tools Express Edition (Version: 9.4.5000.00 - Microsoft Corporation) Hidden
Microsoft SQL Server 2008 R2 Native Client (HKLM\...\{4AB6A079-178B-4144-B21F-4D1AE71666A2}) (Version: 10.50.1600.1 - Microsoft Corporation)
Microsoft SQL Server Native Client (HKLM\...\{7670D32F-DAE6-4E49-8C8B-B3F08B5B1686}) (Version: 9.00.5000.00 - Microsoft Corporation)
Microsoft SQL Server Setup Support Files (English) (HKLM\...\{53F5C3EE-05ED-4830-994B-50B2F0D50FCE}) (Version: 9.00.5000.00 - Microsoft Corporation)
Microsoft SQL Server VSS Writer (HKLM\...\{56B4002F-671C-49F4-984C-C760FE3806B5}) (Version: 9.00.4035.00 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148 (HKLM\...\{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 (HKLM\...\{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}) (Version: 9.0.30729.5570 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022.218 (HKLM\...\{E503B4BF-F7BB-3D5F-8BC8-F694B1CFF942}) (Version: 9.0.21022.218 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual J# 2.0 Redistributable Package - SE (HKLM\...\Microsoft Visual J# 2.0 Redistributable Package - SE) (Version:  - Microsoft Corporation)
Microsoft Visual J# 2.0 Redistributable Package - SE (Version: 2.0.50728 - Microsoft Corporation) Hidden
Microsoft XML Parser (Version: 8.70.1104.04 - Microsoft Corporation) Hidden
Microsoft_VC80_ATL_x86 (Version: 8.0.50727.4053 - Adobe) Hidden
Microsoft_VC80_CRT_x86 (Version: 8.0.50727.4053 - Adobe) Hidden
Microsoft_VC80_MFC_x86 (Version: 8.0.50727.4053 - Adobe) Hidden
Microsoft_VC80_MFCLOC_x86 (Version: 8.0.50727.4053 - Adobe) Hidden
Microsoft_VC90_ATL_x86 (Version: 1.00.0000 - Adobe) Hidden
Microsoft_VC90_CRT_x86 (Version: 1.00.0000 - Adobe) Hidden
Microsoft_VC90_MFC_x86 (Version: 1.00.0000 - Adobe) Hidden
Motorola DataWedge 3.3 (HKLM\...\{7D2FE2D3-B4EA-4629-8B9D-59F2E0259D46}) (Version: 3.3.19 - Motorola)
MSXML 4.0 SP2 (KB954430) (HKLM\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
MSXML 4.0 SP2 Parser and SDK (HKLM\...\{716E0306-8318-4364-8B8F-0CC4E9376BAC}) (Version: 4.20.9818.0 - Microsoft Corporation)
Nero 9 Essentials (HKLM\...\{cf8a4834-4d9c-43b5-923d-7f56b9168d93}) (Version:  - Nero AG)
Nero ControlCenter (Version: 9.0.0.1 - Nero AG) Hidden
Nero DiscSpeed (Version: 5.4.7.201 - Nero AG) Hidden
Nero DiscSpeed Help (Version: 5.4.4.100 - Nero AG) Hidden
Nero DriveSpeed (Version: 4.4.7.201 - Nero AG) Hidden
Nero DriveSpeed Help (Version: 4.4.4.100 - Nero AG) Hidden
Nero Express Help (Version: 9.4.9.100 - Nero AG) Hidden
Nero InfoTool (Version: 6.4.7.201 - Nero AG) Hidden
Nero InfoTool Help (Version: 6.4.4.100 - Nero AG) Hidden
Nero Installer (Version: 4.4.8.1 - Nero AG) Hidden
Nero Online Upgrade (Version: 1.3.0.0 - Nero AG) Hidden
Nero StartSmart (Version: 9.4.11.209 - Nero AG) Hidden
Nero StartSmart Help (Version: 9.4.11.208 - Nero AG) Hidden
Nero StartSmart OEM (Version: 9.16.0.100 - Nero AG) Hidden
NeroExpress (Version: 9.4.10.505 - Nero AG) Hidden
neroxml (Version: 1.0.0 - Nero AG) Hidden
Notepad++ (HKLM\...\Notepad++) (Version: 5.6.8 - )
novaPDF v7 (novaPDF 7.7 printer) (HKLM\...\novaPDF v7_is1) (Version:  - Softland)
NVIDIA Drivers (HKLM\...\NVIDIA Drivers) (Version: 1.7 - )
OstroSoft SMTP Component (HKLM\...\{CE9B44EB-8511-4E19-BA88-A12627D52008}) (Version: 1.0.0 - OstroSoft)
Outils de vérification linguistique 2013 de Microsoft Office - Français (Version: 15.0.4420.1017 - Microsoft Corporation) Hidden
PDF Architect 2 View Module (HKLM\...\{3DA20A12-AD9F-4A75-8A6F-5204EEB94359}) (Version: 2.0.5.16319 - pdfforge GmbH)
PDF Settings (Version: 1.0 - Adobe Systems Incorporated) Hidden
PDF Settings CS5 (Version: 10.0 - Adobe Systems Incorporated) Hidden
PDFCreator (HKLM\...\{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}) (Version: 1.7.3 - pdfforge)
ProcessPro Premier 10.2 WorkStation  (HKLM\...\{D9EFA000-AE0B-4929-925E-C12D9E40E5E6}) (Version: 10.21 - ProcessPro Premier)
QuickTime (HKLM\...\{57752979-A1C9-4C02-856B-FBB27AC4E02C}) (Version: 7.69.80.9 - Apple Inc.)
Realtek High Definition Audio Driver (HKLM\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.5898 - Realtek Semiconductor Corp.)
Remote Desktop Connection Manager (HKLM\...\{173A2B7F-535A-4403-A454-B41531EF0D7F}) (Version: 2.2.0423 - Microsoft Corporation)
SAP Crystal Reports runtime engine for .NET Framework 4 (32-bit) (HKLM\...\{083988D7-BDA9-4244-983B-409A634BBC09}) (Version: 13.0.1.220 - SAP)
ServiceInstaller (HKLM\...\ServiceInstaller) (Version:  - )
Skype™ 5.10 (HKLM\...\{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}) (Version: 5.10.116 - Skype Technologies S.A.)
Softshare EDI Notepad (HKLM\...\{81FE9EFB-5A37-4B1D-881B-3C8E5E955A34}) (Version:  - )
Surveillix Remote (HKLM\...\InstallShield_{C193C75D-02BF-4F9D-8981-0843A7EABF39}) (Version: 4.01.0201 - Surveillix)
Surveillix Remote (Version: 4.01.0201 - Surveillix) Hidden
Surveillix SCS (HKLM\...\InstallShield_{1D7692D6-F8EC-42B7-808D-23970A2930C4}) (Version: 4.01.0401 - Surveillix)
Surveillix SCS (Version: 4.01.0401 - Surveillix) Hidden
TeamViewer 8 (HKLM\...\TeamViewer 8) (Version: 8.0.16642 - TeamViewer)
TrueCommerce Diagnostics Tool (HKLM\...\{91D5592A-CA01-4610-AC0C-6FEF99F9FEDF}) (Version: 7.1.0 - True Commerce, Inc)
TrueCommerce Transaction Manager (HKLM\...\{82CD6A04-6259-4EF0-BFA6-25D07EF5A875}) (Version: 7.1.0 - True Commerce, Inc)
Update for Microsoft Access 2010 (KB2553446) 32-Bit Edition (HKLM\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{B4A38370-2ADB-46B0-A1B0-0C4A2F7DCA31}) (Version:  - Microsoft)
Update for Microsoft Filter Pack 2.0 (KB2878281) 32-Bit Edition (HKLM\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{302A8FE3-EBF5-486C-A431-16A1CD914443}) (Version:  - Microsoft)
Update for Microsoft InfoPath 2010 (KB2817369) 32-Bit Edition (HKLM\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{4EEA3D3E-989C-4DF4-AB0A-3042C0C12AA3}) (Version:  - Microsoft)
Update for Microsoft InfoPath 2010 (KB2817396) 32-Bit Edition (HKLM\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{39767ECA-1731-45DB-AB5B-6BF40E151D66}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2494150) (HKLM\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{3FCFD88F-4D13-4F38-8625-ABABEA7F61EA}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2553267) 32-Bit Edition (HKLM\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{18B3CF2A-73F7-4716-B1AE-86D68726D408}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2553310) 32-Bit Edition (HKLM\...\{90140000-006E-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{73E67A3A-8D61-44EF-90C2-1697C3DBE668}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2566458) (HKLM\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{EFB525A0-E1C0-4E32-9968-FE401BC87363}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2589298) 32-Bit Edition (HKLM\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{DADF7E25-FFA4-4D02-BE84-1DAE62C18516}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2589352) 32-Bit Edition (HKLM\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{F4284D93-7AE8-4309-8CF3-9AD394F35F3A}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2589375) 32-Bit Edition (HKLM\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{287A1E92-9E41-4BC1-8920-B3D0E9220800}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2596964) 32-Bit Edition (HKLM\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{ED31DE9A-3E13-4E2C-9106-E0D8AFFB9FA6}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2597087) 32-Bit Edition (HKLM\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{9D69691D-823D-4C3E-9B12-563A3F520366}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2760598) 32-Bit Edition (HKLM\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{ECFE33A3-B8B7-439A-ADE4-59FBD29EF9B8}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2760631) 32-Bit Edition (HKLM\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{35698CB7-AAA2-4577-B505-DBFF504AEF23}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2767886) 32-Bit Edition (HKLM\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{9CFD026D-EB1C-48C2-9DD2-8E8875F251B2}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2794737) 32-Bit Edition (HKLM\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{5AA578BB-759C-40FD-9661-A737C0884541}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2825635) 32-Bit Edition (HKLM\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{F1A20C69-9FE5-40FD-9CD5-84EABC2EF64A}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2825640) 32-Bit Edition (HKLM\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{BA610006-2C39-4419-9834-CF61AB24810A}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2850079) 32-Bit Edition (HKLM\...\{90140000-001F-040C-0000-0000000FF1CE}_Office14.PROPLUSR_{82F87E28-B18E-46D6-A399-E2F19CF5949B}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2850079) 32-Bit Edition (HKLM\...\{90140000-001F-0C0A-0000-0000000FF1CE}_Office14.PROPLUSR_{5E8EB600-8B94-429E-873E-98369C6DC1BC}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2878225) 32-Bit Edition (HKLM\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{EFF5EBA3-40AD-4859-85E7-3C1CF4F297EB}) (Version:  - Microsoft)
Update for Microsoft Office 2013 (KB2726954) 32-Bit Edition (HKLM\...\{90150000-0017-0000-0000-0000000FF1CE}_Office15.SharePointDesigner_{4F307363-49DA-4AE7-9D9D-DAA1FF59274F}) (Version:  - Microsoft)
Update for Microsoft Office 2013 (KB2726996) 32-Bit Edition (HKLM\...\{90150000-0017-0000-0000-0000000FF1CE}_Office15.SharePointDesigner_{6E6B2968-B9D7-40C9-9FC2-8E729DDBB39C}) (Version:  - Microsoft)
Update for Microsoft Office 2013 (KB2738038) 32-Bit Edition (HKLM\...\{90150000-0017-0000-0000-0000000FF1CE}_Office15.SharePointDesigner_{AFDC9BDD-5608-4A21-8066-13E2ACE1EDB4}) (Version:  - Microsoft)
Update for Microsoft Office 2013 (KB2760224) 32-Bit Edition (HKLM\...\{90150000-0017-0000-0000-0000000FF1CE}_Office15.SharePointDesigner_{4F8AD68D-9F41-446E-AA81-C43BF88671BF}) (Version:  - Microsoft)
Update for Microsoft Office 2013 (KB2760242) 32-Bit Edition (HKLM\...\{90150000-0017-0000-0000-0000000FF1CE}_Office15.SharePointDesigner_{BCD0EA38-A8FB-4F3D-B04E-DFFB38BC7849}) (Version:  - Microsoft)
Update for Microsoft Office 2013 (KB2760267) 32-Bit Edition (HKLM\...\{90150000-0017-0000-0000-0000000FF1CE}_Office15.SharePointDesigner_{9E03AB38-EF60-4DE6-92FB-656E23403BFA}) (Version:  - Microsoft)
Update for Microsoft Office 2013 (KB2760344) 32-Bit Edition (HKLM\...\{90150000-0017-0000-0000-0000000FF1CE}_Office15.SharePointDesigner_{A7610F07-E844-4444-8E1D-D5BC8AD0B4C5}) (Version:  - Microsoft)
Update for Microsoft Office 2013 (KB2760544) 32-Bit Edition (HKLM\...\{90150000-0017-0000-0000-0000000FF1CE}_Office15.SharePointDesigner_{45B7D395-EB9B-414F-9E46-5849B42326E2}) (Version:  - Microsoft)
Update for Microsoft Office 2013 (KB2760610) 32-Bit Edition (HKLM\...\{90150000-0017-0000-0000-0000000FF1CE}_Office15.SharePointDesigner_{B299B17D-874D-43DD-84AA-414BD9C70021}) (Version:  - Microsoft)
Update for Microsoft Office 2013 (KB2768012) 32-Bit Edition (HKLM\...\{90150000-0017-0000-0000-0000000FF1CE}_Office15.SharePointDesigner_{66421820-D3CA-450A-898C-78D7E40108E6}) (Version:  - Microsoft)
Update for Microsoft Office 2013 (KB2768016) 32-Bit Edition (HKLM\...\{90150000-006E-0409-0000-0000000FF1CE}_Office15.SharePointDesigner_{A07ABCD5-4CAF-4493-A591-A6233EF13C7F}) (Version:  - Microsoft)
Update for Microsoft Office 2013 (KB2817490) 32-Bit Edition (HKLM\...\{90150000-0017-0000-0000-0000000FF1CE}_Office15.SharePointDesigner_{188DFB16-BA3F-4AD3-9432-45C8FA64EC8B}) (Version:  - Microsoft)
Update for Microsoft Office 2013 (KB2826040) 32-Bit Edition (HKLM\...\{90150000-0017-0000-0000-0000000FF1CE}_Office15.SharePointDesigner_{B7EA8070-C37F-4617-82F4-52CF3304595A}) (Version:  - Microsoft)
Update for Microsoft Office 2013 (KB2827225) 32-Bit Edition (HKLM\...\{90150000-0017-0000-0000-0000000FF1CE}_Office15.SharePointDesigner_{C5CF8938-646A-41A5-A4E6-6EEE4205CBA4}) (Version:  - Microsoft)
Update for Microsoft Office 2013 (KB2827230) 32-Bit Edition (HKLM\...\{90150000-0017-0000-0000-0000000FF1CE}_Office15.SharePointDesigner_{954A0EA5-CCCB-4B4E-8664-40E2CC8BBCBB}) (Version:  - Microsoft)
Update for Microsoft Office 2013 (KB2827239) 32-Bit Edition (HKLM\...\{90150000-0017-0000-0000-0000000FF1CE}_Office15.SharePointDesigner_{4B1A48FA-CAE2-49BB-A912-6F96AE7875D9}) (Version:  - Microsoft)
Update for Microsoft Office 2013 (KB2863825) 32-Bit Edition (HKLM\...\{90150000-0017-0000-0000-0000000FF1CE}_Office15.SharePointDesigner_{96754DD8-5AF9-4CF8-A5A9-19770CD9AFBC}) (Version:  - Microsoft)
Update for Microsoft Office 2013 (KB2863844) 32-Bit Edition (HKLM\...\{90150000-0017-0000-0000-0000000FF1CE}_Office15.SharePointDesigner_{8AEAF88E-A488-4C1E-B10D-F00143BA650F}) (Version:  - Microsoft)
Update for Microsoft Office 2013 (KB2880462) 32-Bit Edition (HKLM\...\{90150000-0017-0000-0000-0000000FF1CE}_Office15.SharePointDesigner_{5D6439FF-D651-4B13-B52E-2508AB9DE19D}) (Version:  - Microsoft)
Update for Microsoft Office 2013 (KB2880462) 32-Bit Edition (HKLM\...\{90150000-006E-0409-0000-0000000FF1CE}_Office15.SharePointDesigner_{5D6439FF-D651-4B13-B52E-2508AB9DE19D}) (Version:  - Microsoft)
Update for Microsoft Office 2013 (KB2880464) 32-Bit Edition (HKLM\...\{90150000-0017-0000-0000-0000000FF1CE}_Office15.SharePointDesigner_{06EF2BF7-7351-4D70-A0D5-588FCCF9808D}) (Version:  - Microsoft)
Update for Microsoft Office 2013 (KB2880476) 32-Bit Edition (HKLM\...\{90150000-0017-0000-0000-0000000FF1CE}_Office15.SharePointDesigner_{DDF64A37-8E32-406E-A94C-9F5B03661A21}) (Version:  - Microsoft)
Update for Microsoft Office 2013 (KB2880478) 32-Bit Edition (HKLM\...\{90150000-0017-0000-0000-0000000FF1CE}_Office15.SharePointDesigner_{7C5CEE0F-6823-4BB7-A28F-76FEC14EB6AC}) (Version:  - Microsoft)
Update for Microsoft OneNote 2010 (KB2553290) 32-Bit Edition (HKLM\...\{90140000-00A1-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{9865DC3A-2898-48D9-B96A-46397571C934}) (Version:  - Microsoft)
Update for Microsoft OneNote 2010 (KB2837595) 32-Bit Edition (HKLM\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{51CCA922-A0CC-47C4-8910-6936D97CAC2E}) (Version:  - Microsoft)
Update for Microsoft Outlook 2010 (KB2687567) 32-Bit Edition (HKLM\...\{90140000-001A-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{DCE104A1-1875-4469-A83D-A5BFA6C4640F}) (Version:  - Microsoft)
Update for Microsoft Outlook 2010 (KB2687567) 32-Bit Edition (HKLM\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{2AB483F1-C86E-427A-83B4-23889B03512D}) (Version:  - Microsoft)
Update for Microsoft Outlook 2013 (KB2880470) 32-Bit Edition (HKLM\...\{90150000-0017-0000-0000-0000000FF1CE}_Office15.SharePointDesigner_{1BCA67A6-5329-48D0-A088-C097AC7A14BD}) (Version:  - Microsoft)
Update for Microsoft Outlook Social Connector 2010 (KB2553406) 32-Bit Edition (HKLM\...\{90140000-001A-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{1EEFF749-6F29-4F0B-AB08-4C6EA52AA110}) (Version:  - Microsoft)
Update for Microsoft Outlook Social Connector 2010 (KB2553406) 32-Bit Edition (HKLM\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{BC6DFBFD-16DD-47E1-A7EF-2C062930FA4F}) (Version:  - Microsoft)
Update for Microsoft PowerPoint 2010 (KB2837579) 32-Bit Edition (HKLM\...\{90140000-0018-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{334AA0A1-2BB1-4D74-B66A-2B2C4D9C2C87}) (Version:  - Microsoft)
Update for Microsoft PowerPoint 2010 (KB2837579) 32-Bit Edition (HKLM\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{2BA40F82-F3A4-441C-BF1A-ED4C42FF4872}) (Version:  - Microsoft)
Update for Microsoft SharePoint Workspace 2010 (KB2760601) 32-Bit Edition (HKLM\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{F9F5A080-AF38-4966-9A6B-C43DCA465035}) (Version:  - Microsoft)
Update for Microsoft Visio 2010 (KB2880526) 32-Bit Edition (HKLM\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{7B29D8B8-6A87-496C-A65E-B935E740448A}) (Version:  - Microsoft)
Update for Microsoft Visio Viewer 2010 (KB2837587) 32-Bit Edition (HKLM\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{38CF30E4-3348-4BD1-A859-B630C355A56F}) (Version:  - Microsoft)
Update for Microsoft Visio Viewer 2013 (KB2817301) 32-Bit Edition (HKLM\...\{90150000-0017-0000-0000-0000000FF1CE}_Office15.SharePointDesigner_{25C61889-2E44-4BE1-9E96-9364BFDCF501}) (Version:  - Microsoft)
Update for Microsoft Visio Viewer 2013 (KB2817301) 32-Bit Edition (HKLM\...\{90150000-006E-0409-0000-0000000FF1CE}_Office15.SharePointDesigner_{25C61889-2E44-4BE1-9E96-9364BFDCF501}) (Version:  - Microsoft)
Update for Microsoft Word 2013 (KB2880455) 32-Bit Edition (HKLM\...\{90150000-0017-0000-0000-0000000FF1CE}_Office15.SharePointDesigner_{BCF1F149-B9D9-49D9-B829-FCDA37F7FF0C}) (Version:  - Microsoft)
Veriton ControlCenter (HKLM\...\{A78190D6-A513-4C5D-BC20-CFE14F1CD5E3}) (Version: 1.00.3004 - Acer Incorporated)
Visual FoxPro ODBC Driver (HKLM\...\{31821EFE-1B31-4744-9FB0-208F92BD7168}) (Version: 1.0.0 - Microsoft Corporation)
VLC media player 1.0.5 (HKLM\...\VLC media player) (Version: 1.0.5 - VideoLAN Team)
VMware vSphere Client 4.0 (HKLM\...\{C40698F9-A861-4531-9F8C-FA7F8961375B}) (Version: 4.0.0.10021 - VMware, Inc.)
VMware vSphere Client 4.1 (HKLM\...\{A0B433B1-941D-46F5-AE59-286263534232}) (Version: 4.1.0.12319 - VMware, Inc.)
VMware vSphere Client 5.0 (HKLM\...\{04805AB6-F757-496A-8D56-37A0FC5FF6F3}) (Version: 5.0.0.16964 - VMware, Inc.)
VMware vSphere Host Update Utility 4.0 (HKLM\...\{9BC51C0F-DA8E-4370-9997-899B3435A647}) (Version: 4.0.0.10021 - VMware, Inc.)
Welcome Center (HKLM\...\Acer Welcome Center) (Version: 1.00.3005 - Acer Incorporated)
Windows Mobile Device Center (HKLM\...\{904CCF62-818D-4675-BC76-D37EB399F917}) (Version: 6.1.6965.0 - Microsoft Corporation)
WinRAR archiver (HKLM\...\WinRAR archiver) (Version:  - )
WinSCP 4.2.7 (HKLM\...\winscp3_is1) (Version: 4.2.7 - Martin Prikryl)

==================== Restore Points  =========================

23-05-2014 04:00:02 Scheduled Checkpoint
31-05-2014 04:00:03 Scheduled Checkpoint
08-06-2014 04:00:06 Scheduled Checkpoint

==================== Hosts content: ==========================

2009-07-13 22:04 - 2014-01-29 12:46 - 00000057 ____A C:\Windows\system32\Drivers\etc\hosts
127.0.0.1       localhost
127.0.0.1 activate.adobe.com

==================== Scheduled Tasks (whitelisted) =============

Task: {15405954-CEC3-4D5D-9AC8-42C65529295B} - System32\Tasks\Microsoft\Microsoft Antimalware\Microsoft Antimalware Scheduled Scan => C:\Program Files\Microsoft Security Client\MpCmdRun.exe
Task: {1684FD86-F293-4345-BDE1-42C5372F84C5} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2013-12-27] (Adobe Systems Incorporated)
Task: {2EDBE6C9-7368-4B45-8589-503F5305FB9B} - System32\Tasks\Microsoft_Hardware_Launch_ipoint_exe => C:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe [2013-05-13] (Microsoft Corporation)
Task: {323FF028-C56F-4C1C-AEF9-C2D1416E789D} - System32\Tasks\{DE99B555-530A-40E1-98E3-7D90C87F24A2} => C:\Program Files\Skype\Phone\Skype.exe [2012-07-13] (Skype Technologies S.A.)
Task: {38B30748-F6EE-4C2E-8DB7-6EE04F489A21} - System32\Tasks\Microsoft_MKC_Logon_Task_itype.exe => C:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe [2013-05-13] (Microsoft Corporation)
Task: {496AB70D-D95D-481D-A81C-E5790EECEB30} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files\Apple Software Update\SoftwareUpdate.exe [2009-10-22] (Apple Inc.)
Task: {49B68C26-CCB6-4FA5-909A-202A2D51B90F} - System32\Tasks\Microsoft_MKC_Logon_Task_ipoint.exe => C:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe [2013-05-13] (Microsoft Corporation)
Task: {4F58C6EE-B4C0-42ED-BAAF-678DEEC74B7A} - System32\Tasks\Microsoft\Office\Office 15 Subscription Heartbeat => C:\Program Files\Common Files\Microsoft Shared\Office15\OLicenseHeartbeat.exe [2012-10-01] (Microsoft Corporation)
Task: {9D36E998-9B95-468B-BEDD-BFAB77BEE110} - System32\Tasks\Recovery Management\Burn Notification => C:\Program Files\Acer\Acer eRecovery Management\NotificationCenter\Notification.exe [2009-07-09] (Acer)
Task: {B72CFB99-4F68-40ED-9743-972D0F655EA3} - System32\Tasks\Microsoft_Hardware_Launch_itype_exe => C:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe [2013-05-13] (Microsoft Corporation)
Task: {FCAB1A28-A2E2-40F7-8073-082F11649C10} - System32\Tasks\Microsoft_Hardware_Launch_mousekeyboardcenter_exe => C:\Program Files\Microsoft Mouse and Keyboard Center\mousekeyboardcenter.exe [2013-05-13] (Microsoft)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe

==================== Loaded Modules (whitelisted) =============

2014-02-18 23:29 - 2014-02-18 23:29 - 00323816 _____ () C:\Program Files\Common Files\Acronis\BackupAndRecovery\Common\events_trace.dll
2014-02-18 23:29 - 2014-02-18 23:29 - 00282624 _____ () C:\Program Files\Common Files\Acronis\BackupAndRecovery\Common\fnls.dll
2014-02-18 23:30 - 2014-02-18 23:30 - 00440192 _____ () C:\Program Files\Common Files\Acronis\BackupAndRecovery\Common\FileTrace.dll
2014-02-18 23:31 - 2014-02-18 23:31 - 00935336 _____ () C:\Program Files\Acronis\AMS\human_resolving_ams.dll
2014-02-18 23:30 - 2014-02-18 23:30 - 00487176 _____ () C:\Program Files\Acronis\AMS\ams_statistic_addon.dll
2009-10-08 21:05 - 2009-02-17 20:01 - 00024576 _____ () C:\Program Files\Acer\Empowering Technology\Service\ETService.exe
2009-10-08 21:05 - 2009-10-08 21:05 - 00032768 _____ () C:\Windows\assembly\GAC_MSIL\Framework.Model.Controller\3.0.5000.0__14bcaafdb44b5951\Framework.Model.Controller.dll
2009-10-08 21:05 - 2009-10-08 21:05 - 00020480 _____ () C:\Windows\assembly\GAC_MSIL\Framework.Model.ControllerInterface\3.0.5000.0__d842b71b4d6ed079\Framework.Model.ControllerInterface.dll
2009-10-08 21:05 - 2009-10-08 21:05 - 00061440 _____ () C:\Windows\assembly\GAC_MSIL\Framework.Library\3.0.5000.0__3036420f80dd6947\Framework.Library.dll
2009-10-08 21:05 - 2009-10-08 21:05 - 00028672 _____ () C:\Windows\assembly\GAC_MSIL\Framework.Host\3.0.5000.0__672b450de5a7e94a\Framework.Host.dll
2009-10-08 21:05 - 2009-10-08 21:05 - 00016384 _____ () C:\Windows\assembly\GAC_MSIL\Framework.PluginInterface\3.0.5000.0__9ecdf03bb2054f94\Framework.PluginInterface.dll
2009-10-08 21:17 - 2009-05-04 15:09 - 00016384 _____ () C:\Program Files\Acer\Empowering Technology\eSettings\eSettings.ServicePlugin.dll
2009-10-08 21:17 - 2009-05-04 15:08 - 00016384 _____ () C:\Program Files\Acer\Empowering Technology\eSettings\eSettings.Logger.dll
2009-10-08 21:17 - 2009-05-04 15:09 - 00143360 _____ () C:\Program Files\Acer\Empowering Technology\eSettings\eSettings.Model.Computer.dll
2009-10-08 21:17 - 2009-05-04 15:08 - 00036864 _____ () C:\Program Files\Acer\Empowering Technology\Service\eSettings.Model.ComputerInterface.dll
2009-02-02 20:33 - 2009-02-02 20:33 - 00460199 _____ () C:\Program Files\NewTech Infosystems\Acer Backup Manager\sqlite3.dll
2008-09-28 20:55 - 2008-09-28 20:55 - 01076224 _____ () C:\Program Files\NewTech Infosystems\Acer Backup Manager\ACE.dll
2013-01-15 16:17 - 2013-01-15 16:17 - 00160768 _____ () C:\Program Files\GFI Software\GFIAgent\unrar.dll
2014-02-19 00:35 - 2014-02-19 00:35 - 00930272 _____ () C:\Program Files\Acronis\BackupAndRecovery\human_resolving_mms.dll
2014-02-19 00:29 - 2014-02-19 00:29 - 01930064 _____ () C:\Program Files\Acronis\BackupAndRecovery\msp_agent.dll
2013-05-21 21:37 - 2014-05-04 10:26 - 00190752 _____ () C:\Program Files\GFI Software\GFIAgent\Definitions\libBase64.dll
2013-05-21 21:37 - 2014-05-04 10:26 - 00178464 _____ () C:\Program Files\GFI Software\GFIAgent\Definitions\libMachoUniv.dll
2013-09-05 01:14 - 2013-09-05 01:14 - 04300456 _____ () C:\Program Files\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF
2010-10-20 15:45 - 2010-10-20 15:45 - 08801120 _____ () C:\Program Files\Microsoft Office\Office14\1033\GrooveIntlResource.dll
2010-06-14 12:09 - 2009-08-16 17:06 - 00141312 _____ () C:\Program Files\WinRAR\rarext.dll
2009-11-03 20:14 - 2009-11-03 20:14 - 00054272 _____ () C:\Program Files\Notepad++\NppShell_01.dll
2011-02-06 11:32 - 2011-02-06 11:32 - 00067872 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll

==================== Alternate Data Streams (whitelisted) =========

==================== Safe Mode (whitelisted) ===================

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SBAMSvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SBPIMSvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MpfService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\SAAZappr => "imagepath"=""C:\PROGRA~1\SAAZOD\zRealTime\SAAZappr.exe" SAAZappr"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\SAAZappr => "ObjectName"="LocalSystem"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\SAAZappr => "Start"="2"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\SAAZappr => "type"="110"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\SAAZapsc => "imagepath"=""C:\PROGRA~1\SAAZOD\zRealTime\SAAZapsc.exe" SAAZapsc"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\SAAZapsc => "ObjectName"="LocalSystem"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\SAAZapsc => "Start"="2"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\SAAZapsc => "type"="110"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\SBAMSvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\SBPIMSvc => ""="Service"

==================== EXE Association (whitelisted) =============

==================== Disabled items from MSCONFIG ==============

==================== Faulty Device Manager Devices =============

Name: LogMeIn Mirror Driver
Description: LogMeIn Mirror Driver
Class Guid: {4d36e968-e325-11ce-bfc1-08002be10318}
Manufacturer: LogMeIn, Inc.
Service: lmimirr
Problem: : Windows cannot start this hardware device because its configuration information (in the registry) is incomplete or damaged. (Code 19)
Resolution: A registry problem was detected.
 This can occur when more than one service is defined for a device, if there is a failure opening the service subkey, or if the driver name cannot be obtained from the service subkey. Try these options:
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.
Click "Uninstall", and then click "Scan for hardware changes" to load a usable driver.

==================== Event log errors: =========================

Application errors:
==================
Error: (06/08/2014 00:33:56 AM) (Source: SideBySide) (EventID: 63) (User: )
Description: Activation context generation failed for "assemblyIdentity1".Error in manifest or policy file "assemblyIdentity2" on line assemblyIdentity3.
The value "MAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINOR" of attribute "version" in element "assemblyIdentity" is invalid.

Error: (06/05/2014 11:55:48 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: iexplore.exe, version: 10.0.9200.16843, time stamp: 0x53096fea
Faulting module name: Flash32_11_9_900_170.ocx, version: 11.9.900.170, time stamp: 0x529b7962
Exception code: 0xc0000005
Fault offset: 0x000b241a
Faulting process id: 0x27fc
Faulting application start time: 0xiexplore.exe0
Faulting application path: iexplore.exe1
Faulting module path: iexplore.exe2
Report Id: iexplore.exe3

Error: (06/05/2014 00:33:37 AM) (Source: SideBySide) (EventID: 63) (User: )
Description: Activation context generation failed for "assemblyIdentity1".Error in manifest or policy file "assemblyIdentity2" on line assemblyIdentity3.
The value "MAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINOR" of attribute "version" in element "assemblyIdentity" is invalid.

Error: (06/04/2014 02:38:07 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: iexplore.exe, version: 10.0.9200.16843, time stamp: 0x53096fea
Faulting module name: Flash32_11_9_900_170.ocx, version: 11.9.900.170, time stamp: 0x529b7962
Exception code: 0xc0000005
Fault offset: 0x000b241a
Faulting process id: 0x56f8
Faulting application start time: 0xiexplore.exe0
Faulting application path: iexplore.exe1
Faulting module path: iexplore.exe2
Report Id: iexplore.exe3

Error: (06/04/2014 11:47:35 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: iexplore.exe, version: 10.0.9200.16843, time stamp: 0x53096fea
Faulting module name: Flash32_11_9_900_170.ocx, version: 11.9.900.170, time stamp: 0x529b7962
Exception code: 0xc0000005
Fault offset: 0x000b241a
Faulting process id: 0x1488
Faulting application start time: 0xiexplore.exe0
Faulting application path: iexplore.exe1
Faulting module path: iexplore.exe2
Report Id: iexplore.exe3

Error: (06/03/2014 00:34:11 AM) (Source: SideBySide) (EventID: 63) (User: )
Description: Activation context generation failed for "assemblyIdentity1".Error in manifest or policy file "assemblyIdentity2" on line assemblyIdentity3.
The value "MAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINOR" of attribute "version" in element "assemblyIdentity" is invalid.

Error: (06/02/2014 03:08:20 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: PowerSaverTray.exe, version: 1.0.3005.0, time stamp: 0x49e81ef9
Faulting module name: PowerSaverTray.exe, version: 1.0.3005.0, time stamp: 0x49e81ef9
Exception code: 0xc0000005
Fault offset: 0x00001010
Faulting process id: 0x14cc
Faulting application start time: 0xPowerSaverTray.exe0
Faulting application path: PowerSaverTray.exe1
Faulting module path: PowerSaverTray.exe2
Report Id: PowerSaverTray.exe3

Error: (06/02/2014 02:52:18 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: PowerSaverTray.exe, version: 1.0.3005.0, time stamp: 0x49e81ef9
Faulting module name: PowerSaverTray.exe, version: 1.0.3005.0, time stamp: 0x49e81ef9
Exception code: 0xc0000005
Fault offset: 0x00001010
Faulting process id: 0x124c
Faulting application start time: 0xPowerSaverTray.exe0
Faulting application path: PowerSaverTray.exe1
Faulting module path: PowerSaverTray.exe2
Report Id: PowerSaverTray.exe3

Error: (05/30/2014 11:41:03 AM) (Source: Acronis Scheduler) (EventID: 1) (User: NT AUTHORITY)
Description: Scheduler failed to run task  with GUID '2A4082E8-1C2B-11E1-87BA-D5724824019B' because of error 87 (Scheduler has received a request with an invalid parameter.).

Error: (05/29/2014 00:25:45 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: PowerSaverTray.exe, version: 1.0.3005.0, time stamp: 0x49e81ef9
Faulting module name: PowerSaverTray.exe, version: 1.0.3005.0, time stamp: 0x49e81ef9
Exception code: 0xc0000005
Fault offset: 0x00001010
Faulting process id: 0x151c
Faulting application start time: 0xPowerSaverTray.exe0
Faulting application path: PowerSaverTray.exe1
Faulting module path: PowerSaverTray.exe2
Report Id: PowerSaverTray.exe3

System errors:
=============
Error: (06/02/2014 02:59:14 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: The Power service terminated with the following error:
%%4203

Error: (06/02/2014 02:53:48 PM) (Source: DCOM) (EventID: 10010) (User: )
Description: {E60687F7-01A1-40AA-86AC-DB1CBF673334}

Error: (06/02/2014 02:53:41 PM) (Source: DCOM) (EventID: 10010) (User: )
Description: {6295DF2D-35EE-11D1-8707-00C04FD93327}

Error: (06/02/2014 02:50:15 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: The Power service terminated with the following error:
%%4203

Error: (05/28/2014 10:55:36 AM) (Source: UmrdpService) (EventID: 1111) (User: )
Description: Driver CutePDF Writer required for printer CutePDF Writer is unknown. Contact the administrator to install the driver before you log in again.

Error: (05/28/2014 10:55:35 AM) (Source: UmrdpService) (EventID: 1111) (User: )
Description: Driver Amyuni Document Converter 300 required for printer Amyuni Document Converter is unknown. Contact the administrator to install the driver before you log in again.

Error: (05/28/2014 10:55:32 AM) (Source: UmrdpService) (EventID: 1111) (User: )
Description: Driver RICOH Aficio MP C5000 PCL 5c required for printer !!removed00!Ricoh_CenterOffice is unknown. Contact the administrator to install the driver before you log in again.

Error: (05/28/2014 10:55:30 AM) (Source: UmrdpService) (EventID: 1111) (User: )
Description: Driver ZDesigner ZM400 200 dpi (ZPL) required for printer ZDesigner ZM400 200 dpi (ZPL) is unknown. Contact the administrator to install the driver before you log in again.

Error: (05/23/2014 05:44:36 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: The Power service terminated with the following error:
%%4203

Error: (05/23/2014 05:44:27 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The SQL Server (ACRONIS) service failed to start due to the following error:
%%1053

Microsoft Office Sessions:
=========================
Error: (06/08/2014 00:33:56 AM) (Source: SideBySide) (EventID: 63) (User: )
Description: assemblyIdentityversionMAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINORC:\Program Files\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dllC:\Program Files\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dll3

Error: (06/05/2014 11:55:48 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: iexplore.exe10.0.9200.1684353096feaFlash32_11_9_900_170.ocx11.9.900.170529b7962c0000005000b241a27fc01cf80c1fd984733C:\Program Files\Internet Explorer\iexplore.exeC:\Windows\system32\Macromed\Flash\Flash32_11_9_900_170.ocxdc00dcd3-ecc9-11e3-a2a4-90fba630bb24

Error: (06/05/2014 00:33:37 AM) (Source: SideBySide) (EventID: 63) (User: )
Description: assemblyIdentityversionMAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINORC:\Program Files\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dllC:\Program Files\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dll3

Error: (06/04/2014 02:38:07 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: iexplore.exe10.0.9200.1684353096feaFlash32_11_9_900_170.ocx11.9.900.170529b7962c0000005000b241a56f801cf800c7cf1bb00C:\Program Files\Internet Explorer\iexplore.exeC:\Windows\system32\Macromed\Flash\Flash32_11_9_900_170.ocx5e8d434c-ec17-11e3-a2a4-90fba630bb24

Error: (06/04/2014 11:47:35 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: iexplore.exe10.0.9200.1684353096feaFlash32_11_9_900_170.ocx11.9.900.170529b7962c0000005000b241a148801cf7ff7d93f2c59C:\Program Files\Internet Explorer\iexplore.exeC:\Windows\system32\Macromed\Flash\Flash32_11_9_900_170.ocx8bbab91d-ebff-11e3-a2a4-90fba630bb24

Error: (06/03/2014 00:34:11 AM) (Source: SideBySide) (EventID: 63) (User: )
Description: assemblyIdentityversionMAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINORC:\Program Files\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dllC:\Program Files\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dll3

Error: (06/02/2014 03:08:20 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: PowerSaverTray.exe1.0.3005.049e81ef9PowerSaverTray.exe1.0.3005.049e81ef9c00000050000101014cc01cf7e96010f5687C:\Program Files\Acer\Acer PowerSaver\PowerSaverTray.exeC:\Program Files\Acer\Acer PowerSaver\PowerSaverTray.exe41ff585f-ea89-11e3-a2a4-90fba630bb24

Error: (06/02/2014 02:52:18 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: PowerSaverTray.exe1.0.3005.049e81ef9PowerSaverTray.exe1.0.3005.049e81ef9c000000500001010124c01cf7e93c4c7f368C:\Program Files\Acer\Acer PowerSaver\PowerSaverTray.exeC:\Program Files\Acer\Acer PowerSaver\PowerSaverTray.exe04b271fb-ea87-11e3-b9c8-90fba630bb24

Error: (05/30/2014 11:41:03 AM) (Source: Acronis Scheduler) (EventID: 1) (User: NT AUTHORITY)
Description: Scheduler failed to run task  with GUID '2A4082E8-1C2B-11E1-87BA-D5724824019B' because of error 87 (Scheduler has received a request with an invalid parameter.).

Error: (05/29/2014 00:25:45 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: PowerSaverTray.exe1.0.3005.049e81ef9PowerSaverTray.exe1.0.3005.049e81ef9c000000500001010151c01cf7b5aa1c019c3C:\Program Files\Acer\Acer PowerSaver\PowerSaverTray.exeC:\Program Files\Acer\Acer PowerSaver\PowerSaverTray.exee217d063-e74d-11e3-b07a-90fba630bb24

CodeIntegrity Errors:
===================================
  Date: 2014-05-28 11:26:27.063
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\l3codeca.acm because the set of per-page image hashes could not be found on the system.

  Date: 2014-05-28 10:55:31.764
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\l3codeca.acm because the set of per-page image hashes could not be found on the system.

  Date: 2014-05-19 20:44:00.715
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\l3codeca.acm because the set of per-page image hashes could not be found on the system.

  Date: 2014-05-19 20:34:14.584
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\l3codeca.acm because the set of per-page image hashes could not be found on the system.

  Date: 2014-05-04 21:10:13.662
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\l3codeca.acm because the set of per-page image hashes could not be found on the system.

  Date: 2014-05-04 21:04:31.394
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\l3codeca.acm because the set of per-page image hashes could not be found on the system.

  Date: 2014-05-04 20:56:12.430
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\l3codeca.acm because the set of per-page image hashes could not be found on the system.

  Date: 2014-05-03 20:00:20.553
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\l3codeca.acm because the set of per-page image hashes could not be found on the system.

  Date: 2014-04-29 22:42:00.767
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\l3codeca.acm because the set of per-page image hashes could not be found on the system.

  Date: 2014-04-29 22:17:38.716
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\l3codeca.acm because the set of per-page image hashes could not be found on the system.

==================== Memory info ===========================

Percentage of memory in use: 45%
Total physical RAM: 3037.17 MB
Available physical RAM: 1653.38 MB
Total Pagefile: 6072.63 MB
Available Pagefile: 3781.45 MB
Total Virtual: 2047.88 MB
Available Virtual: 1882.04 MB

==================== Drives ================================

Drive c: (Acer) (Fixed) (Total:136.45 GB) (Free:41.02 GB) NTFS
Drive d: (DATA) (Fixed) (Total:136.54 GB) (Free:134.32 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 298 GB) (Disk ID: CA0E32F7)
Partition 1: (Not Active) - (Size=25 GB) - (Type=27)
Partition 2: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=136 GB) - (Type=07 NTFS)
Partition 4: (Not Active) - (Size=137 GB) - (Type=07 NTFS)

==================== End Of Log ============================

 

 

 

Farbar Recovery Scan Tool (x86) Version:09-06-2014 03
Ran by Tony at 2014-06-10 09:39:34
Running from C:\Users\Tony\Desktop
Boot Mode: Normal

================== Search: "rpcss.dll" ===================

C:\Windows\winsxs\x86_microsoft-windows-com-base-qfe-rpcss_31bf3856ad364e35_6.1.7601.17514_none_6bd245e79c221747\rpcss.dll
[2011-06-20 18:50] - [2010-11-20 08:21] - 0376832 ____A (Microsoft Corporation) 7660F01D3B38ACA1747E397D21D790AF

C:\Windows\winsxs\x86_microsoft-windows-com-base-qfe-rpcss_31bf3856ad364e35_6.1.7600.16385_none_69a1321f9f3393ad\rpcss.dll
[2009-07-13 19:45] - [2009-07-13 21:16] - 0376320 ____A (Microsoft Corporation) B82CD39E336973359D7C9BF911E8E84F

C:\Windows\System32\rpcss.dll
[2011-06-20 18:50] - [2010-11-20 08:21] - 0382464 ____A (Microsoft Corporation) F3AEC6FD072136202634F2107F184EB6

C:\Windows\erdnt\cache\rpcss.dll
[2013-12-10 17:00] - [2010-11-20 08:21] - 0376832 ____A (Microsoft Corporation) 7660F01D3B38ACA1747E397D21D790AF

=== End Of Search ===



#4 Starbuck

Starbuck

    'r Brudiwr


  • Malware Response Team
  • 4,150 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Midlands, UK
  • Local time:12:08 PM

Posted 10 June 2014 - 12:50 PM

Hi td323i

Thanks for the reports.

Step 1
Please download the attached fixlist.txt file (bottom of this post) and save it to the Desktop.
NOTE.
It's important that both files, FRST and fixlist.txt are in the same location or the fix will not work.

NOTICE: This script was written specifically for this user, for use on that particular machine.
Running this on another machine may cause damage to your operating system


Re-run FRST/FRST64 (which ever is installed ) and press the Fix button just once and wait.

frstfix_zps7db0c905.png

The tool will make a log on the Desktop (Fixlog.txt). Please post this in your next reply.


Step 2
Malwarebytes Anti-Malware version 1.75.0.1300 .... your version is out of date.
Please uninstall this version of MBAM and download/scan the latest version.
  • Download Malwarebytes Anti-Malware Free and save it to your desktop
  • Double click the desktop icon, click Run, then OK
  • Click Next
  • Select I accept the agreement then continue to click Next then finally click Install
  • A 14 day trial of the Premium features is pre-selected. You may deselect this if you wish, and it will not diminish the scanning and removal capabilities of the program ( i suggest you UNtick this option and just use the free version )
  • Click Finish
  • If you are notified the Database is out of date click Update Now

    mbamnew_zpsdc989cc1.png
  • Click Scan Now >>
  • A Threat Scan will begin.
  • When the scan is complete, if there have been detections, click Apply Actions to allow MBAM to clean what was detected.
  • In most cases, a restart will be required.
  • Wait for the prompt to restart the computer to appear, then click on Yes.
.

(Copy to clipboard for pasting into forum replies)
  • After the restart once you are back at your desktop, open MBAM once more.
  • Click on the History tab >> Application Logs.

    mbamapplog_zps222887ef.png
  • Double click on the scan log which shows the Date and time of the scan just performed.
  • Click 'Copy to Clipboard'

    mbamhis_zps7bfe6503.png
  • Paste the contents of the clipboard into your reply.
In your next reply, please submit:
Fixlog.txt
MBAM scan report


Thanks.

Attached Files


BBPP6nz.png


#5 td323i

td323i
  • Topic Starter

  • Members
  • 122 posts
  • OFFLINE
  •  
  • Local time:07:08 AM

Posted 10 June 2014 - 02:42 PM

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x86) Version:09-06-2014 03
Ran by Tony at 2014-06-10 14:16:39 Run:1
Running from C:\Users\Tony\Desktop
Boot Mode: Normal

==============================================

Content of fixlist:
*****************
SearchScopes: HKLM - DefaultScope value is missing.
SearchScopes: HKCU - DefaultScope {67A2568C-7A0A-4EED-AECC-B5405DE63B64} URL =
SearchScopes: HKCU - {67A2568C-7A0A-4EED-AECC-B5405DE63B64} URL =
SearchScopes: HKCU - {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL =
S3 catchme; \??\C:\Users\Tony\AppData\Local\Temp\catchme.sys [X]
U3 mbr; \??\C:\Users\Tony\AppData\Local\Temp\mbr.sys [X]
2014-06-09 17:07 - 2014-06-09 17:07 - 00028672 _____ () C:\Windows\system32\xntsf.wgx
2014-05-23 17:54 - 2014-06-10 09:27 - 00000085 _____ () C:\Windows\system32\xeonv.djg
2014-05-23 17:43 - 2014-06-09 17:15 - 00000063 _____ () C:\Windows\system32\dluh.aun
2014-05-23 17:43 - 2014-05-23 17:43 - 00000064 _____ () C:\Windows\system32\afvwcc.bfl
2014-05-23 17:07 - 2014-05-23 17:07 - 00310760 ____S () C:\Windows\system32\ioyeva.sfa
Replace: C:\Windows\winsxs\x86_microsoft-windows-com-base-qfe-rpcss_31bf3856ad364e35_6.1.7601.17514_none_6bd245e79c221747\rpcss.dll C:\Windows\System32\rpcss.dll
Hosts:
Reboot:

*****************

HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => Value was restored successfully.
HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value deleted successfully.
'HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}' => Key deleted successfully.
'HKCR\Wow6432Node\CLSID\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}'=> Key not found.
'HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}' => Key deleted successfully.
'HKCR\Wow6432Node\CLSID\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}'=> Key not found.
catchme => Service deleted successfully.
mbr => Service deleted successfully.
C:\Windows\system32\xntsf.wgx => Moved successfully.
C:\Windows\system32\xeonv.djg => Moved successfully.
Could not move "C:\Windows\system32\dluh.aun" => Scheduled to move on reboot.
C:\Windows\system32\afvwcc.bfl => Moved successfully.
Could not move "C:\Windows\system32\ioyeva.sfa" => Scheduled to move on reboot.
C:\Windows\System32\rpcss.dll => Moved successfully.
C:\Windows\winsxs\x86_microsoft-windows-com-base-qfe-rpcss_31bf3856ad364e35_6.1.7601.17514_none_6bd245e79c221747\rpcss.dll copied successfully to C:\Windows\System32\rpcss.dll
C:\Windows\System32\Drivers\etc\hosts => Moved successfully.
Hosts was reset successfully.

=> Result of Scheduled Files to move (Boot Mode: Normal) (Date&Time: 2014-06-10 14:20:29)<=

C:\Windows\system32\dluh.aun => Is moved successfully.
C:\Windows\system32\ioyeva.sfa => Is moved successfully.

==== End of Fixlog ====

 

 

Malwarebytes Anti-Malware
www.malwarebytes.org

Scan Date: 6/10/2014
Scan Time: 2:53:16 PM
Logfile:
Administrator: Yes

Version: 2.00.2.1012
Malware Database: v2014.06.10.06
Rootkit Database: v2014.06.02.01
License: Free
Malware Protection: Disabled
Malicious Website Protection: Disabled
Self-protection: Disabled

OS: Windows 7 Service Pack 1
CPU: x86
File System: NTFS
User: Tony

Scan Type: Threat Scan
Result: Completed
Objects Scanned: 533343
Time Elapsed: 11 min, 51 sec

Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Warn
PUM: Warn

Processes: 0
(No malicious items detected)

Modules: 0
(No malicious items detected)

Registry Keys: 0
(No malicious items detected)

Registry Values: 0
(No malicious items detected)

Registry Data: 0
(No malicious items detected)

Folders: 0
(No malicious items detected)

Files: 0
(No malicious items detected)

Physical Sectors: 0
(No malicious items detected)

(end)



#6 Starbuck

Starbuck

    'r Brudiwr


  • Malware Response Team
  • 4,150 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Midlands, UK
  • Local time:12:08 PM

Posted 10 June 2014 - 03:05 PM

Hi td323i

The radio ads should now have gone..... can you confirm this please.
Also, is the system any better?

BBPP6nz.png


#7 td323i

td323i
  • Topic Starter

  • Members
  • 122 posts
  • OFFLINE
  •  
  • Local time:07:08 AM

Posted 23 June 2014 - 11:02 AM

Thanks for the help.  My AV picked up some files yesterday and think there may be something hiding still.   Any other utilities I should run to better provide you with details?

 

Threat:     Trojan.Win32.Generic!BT

Category:   Trojan

Severity:   High Risk

Action:     Quarantined

 

Traces Found:

 

File:          C:\Users\Default\AppData\Roaming\35AD\runtimeactivex.dll

 

 

-----------------

 

Threat:     Trojan.Win32.Generic!BT

Category:   Trojan

Severity:   High Risk

Action:     Quarantined

 

Traces Found:

 

File:          C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\lIHX3Shmbk[1].exe

 

 

-----------------

 

Threat:     Trojan.Win32.Generic!BT

Category:   Trojan

Severity:   High Risk

Action:     Quarantined

 

Traces Found:

 

File:          C:\Windows\System32\config\systemprofile\AppData\Roaming\uytxnbe.exe



#8 Starbuck

Starbuck

    'r Brudiwr


  • Malware Response Team
  • 4,150 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Midlands, UK
  • Local time:12:08 PM

Posted 23 June 2014 - 11:21 AM

Hi td323i

My AV picked up some files yesterday and think there may be something hiding still.

Did you let your AV quarantine those entries?
If not... allow it to deal with them.

Any other utilities I should run to better provide you with details?

  • Download OTL to your desktop.
    right click on the link and select 'Save Link/Target As'.

    if you have problems, try this download link:
    OTL
  • Double click on the icon to run it. Vista/Windows 7 users right-click and select Run As Administrator.
  • Make sure all other windows are closed and to let it run uninterrupted.
  • When the window appears, underneath Output at the top change it to Minimal Output.
  • Check the boxes beside LOP Check and Purity Check
.

.
Otllatest.png

Now copy the lines in bold below.

netsvcs
msconfig
%SYSTEMDRIVE%\*.*
%systemroot%\system32\Spool\prtprocs\w32x86\*.dll
%systemroot%\*. /mp /s
%systemroot%\system32\*.dll /lockedfiles
%systemroot%\Tasks\*.job /lockedfiles
%systemroot%\system32\drivers\*.sys /lockedfiles
%systemroot%\system32\*.exe /lockedfiles
%systemroot%\System32\config\*.sav
%PROGRAMFILES%\*
%USERPROFILE%\..|smtmp;true;true;true /FP
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU
hklm\software\clients\startmenuinternet|command /rs
hklm\software\clients\startmenuinternet|command /64 /rs
CREATERESTOREPOINT
  • right click in the Custom Scans/Fixes window (under the blue bar) and choose Paste.

    scan-fix.png
    .
  • Click the Run Scan button.

    runscan.png
  • Do not change any settings unless otherwise told to do so. The scan wont take long.
  • When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
  • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post them with your next reply.
Thanks

BBPP6nz.png


#9 td323i

td323i
  • Topic Starter

  • Members
  • 122 posts
  • OFFLINE
  •  
  • Local time:07:08 AM

Posted 23 June 2014 - 01:51 PM

Thanks.  Yes, I let my AV handle the files. 

 

OTL logfile created on: 23/06/2014 2:27:56 PM - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Tony\Desktop
 Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.10.9200.16921)
Locale: 00001009 | Country: United States | Language: ENU | Date Format: M/d/yyyy
 
2.97 Gb Total Physical Memory | 1.40 Gb Available Physical Memory | 47.19% Memory free
5.93 Gb Paging File | 3.92 Gb Available in Paging File | 66.06% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 136.45 Gb Total Space | 38.31 Gb Free Space | 28.07% Space Free | Partition Type: NTFS
Drive D: | 136.54 Gb Total Space | 134.32 Gb Free Space | 98.37% Space Free | Partition Type: NTFS
 
Computer Name: X153-WIN7 | User Name: Tony | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - C:\Users\Tony\Desktop\OTL.scr (OldTimer Tools)
PRC - C:\Program Files\LogMeIn\x86\ramaint.exe (LogMeIn, Inc.)
PRC - C:\Program Files\LogMeIn\x86\LMIGuardianSvc.exe (LogMeIn, Inc.)
PRC - C:\Program Files\Acronis\ARSM\arsm.exe (Acronis)
PRC - C:\Program Files\Acronis\BackupAndRecovery\mms.exe (Acronis)
PRC - C:\Program Files\Acronis\AMS\ManagementServer.exe (Acronis)
PRC - C:\Windows\System32\MsSpellCheckingFacility.exe (Microsoft Corporation)
PRC - C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe (Acronis)
PRC - C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe (Acronis)
PRC - C:\Program Files\GFI Software\GFIAgent\SBAMTray.exe (ThreatTrack Security, Inc.)
PRC - C:\Program Files\GFI Software\GFIAgent\SBAMSvc.exe (ThreatTrack Security, Inc.)
PRC - C:\Program Files\GFI Software\GFIAgent\SBPIMSvc.exe (ThreatTrack Security, Inc.)
PRC - C:\Program Files\SAAZOD\SAAZScheduler.exe (Continuum Managed Service LLC.)
PRC - C:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe (Microsoft Corporation)
PRC - C:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe (Microsoft Corporation)
PRC - C:\Program Files\Adobe\Acrobat 9.0\Acrobat\acrotray.exe (Adobe Systems Inc.)
PRC - C:\Program Files\Microsoft Office\Office14\MSOSYNC.EXE (Microsoft Corporation)
PRC - C:\Program Files\SAAZOD\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
PRC - C:\Program Files\SAAZOD\Malwarebytes' Anti-Malware\mbamscheduler.exe (Malwarebytes Corporation)
PRC - C:\Program Files\Common Files\Acronis\TibMounter\TibMounterMonitor.exe (Acronis)
PRC - C:\Program Files\Common Files\Acronis\Agent\agent.exe (Acronis)
PRC - C:\Program Files\TeamViewer\Version8\TeamViewer_Service.exe (TeamViewer GmbH)
PRC - C:\Program Files\LogMeIn\x86\LogMeIn.exe (LogMeIn, Inc.)
PRC - C:\Program Files\LogMeIn\x86\LogMeInSystray.exe (LogMeIn, Inc.)
PRC - C:\Windows\System32\taskhost.exe (Microsoft Corporation)
PRC - C:\Program Files\SAAZOD\zRealTime\SAAZappr.exe (Continuum Managed Services LLC.)
PRC - C:\Program Files\SAAZOD\zRealTime\rtHlpDk.exe (Continuum Managed Services LLC.)
PRC - C:\Program Files\SAAZOD\SAAZWatchDog.exe (Continuum Managed Services LLC.)
PRC - C:\Program Files\SAAZOD\SAAZServerPlus.exe (Continuum Managed Services LLC.)
PRC - C:\Program Files\SAAZOD\SAAZDPMACTL.exe (Continuum Managed Services LLC.)
PRC - C:\MaxiSocketUSB\GPSocketUSBService.exe (GeneralPlus)
PRC - C:\MaxiSocketUSB\ServiceInstaller.exe (GeneralPlus)
PRC - C:\Program Files\Common Files\VMware\USB\vmware-usbarbitrator.exe (VMware, Inc.)
PRC - C:\Windows\explorer.exe (Microsoft Corporation)
PRC - C:\Program Files\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe (NewTech Infosystems, Inc.)
PRC - C:\Program Files\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe (NewTech Infosystems, Inc.)
PRC - C:\Program Files\Acer\Acer Updater\UpdaterService.exe (Acer)
PRC - C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Intel Corporation)
PRC - C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe (Intel Corporation)
PRC - C:\Program Files\CyberLink\PowerDVD8\PDVD8Serv.exe (CyberLink Corp.)
PRC - C:\Program Files\Acer\Empowering Technology\Service\ETService.exe ()
PRC - C:\Windows\WindowsMobile\WmdHost.exe (Microsoft Corporation)
 
 
========== Modules (No Company Name) ==========
 
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\8bc548587e91ecf0552a40e47bbf99cc\System.Windows.Forms.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\5c24d3b0041ebf4f48a93615b9fa3de9\System.Drawing.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\Accessibility\4f5069e6497e5e6a381ab6aadf05d6a5\Accessibility.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\217ece46920546d718414291d463bb1c\System.Xml.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\5b6ddf934128d538cd5cd77bf4209b93\System.Configuration.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System\b3a78269847005365001c33870cd121f\System.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\ede2c6c842840e009f01bcc74fa4c457\mscorlib.ni.dll ()
MOD - C:\Program Files\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF ()
MOD - C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll ()
MOD - C:\Program Files\Microsoft Office\Office14\1033\GrooveIntlResource.dll ()
MOD - C:\Program Files\Notepad++\NppShell_01.dll ()
MOD - C:\Program Files\WinRAR\RarExt.dll ()
MOD - C:\Program Files\NewTech Infosystems\Acer Backup Manager\sqlite3.dll ()
 
 
========== Services (SafeList) ==========
 
SRV - (LMIMaint) -- C:\Program Files\LogMeIn\x86\ramaint.exe (LogMeIn, Inc.)
SRV - (LMIGuardianSvc) -- C:\Program Files\LogMeIn\x86\LMIGuardianSvc.exe (LogMeIn, Inc.)
SRV - (PDF Architect 2) -- C:\Program Files\PDF Architect 2\ws.exe (pdfforge GmbH)
SRV - (pdfforge CrashHandler) -- C:\Program Files\PDF Architect 2\crash-handler-ws.exe (pdfforge GmbH)
SRV - (ARSM) -- C:\Program Files\Acronis\ARSM\arsm.exe (Acronis)
SRV - (MMS) -- C:\Program Files\Acronis\BackupAndRecovery\mms.exe (Acronis)
SRV - (AMS) -- C:\Program Files\Acronis\AMS\ManagementServer.exe (Acronis)
SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated)
SRV - (Microsoft SharePoint Workspace Audit Service) -- C:\Program Files\Microsoft Office\Office14\GROOVE.EXE (Microsoft Corporation)
SRV - (AcrSch2Svc) -- C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe (Acronis)
SRV - (SBAMSvc) -- C:\Program Files\GFI Software\GFIAgent\SBAMSvc.exe (ThreatTrack Security, Inc.)
SRV - (SBPIMSvc) -- C:\Program Files\GFI Software\GFIAgent\SBPIMSvc.exe (ThreatTrack Security, Inc.)
SRV - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV - (SAAZScheduler) -- C:\Program Files\SAAZOD\SAAZScheduler.exe (Continuum Managed Service LLC.)
SRV - (MBAMService) -- C:\Program Files\SAAZOD\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
SRV - (MBAMScheduler) -- C:\Program Files\SAAZOD\Malwarebytes' Anti-Malware\mbamscheduler.exe (Malwarebytes Corporation)
SRV - (AcronisAgent) -- C:\Program Files\Common Files\Acronis\Agent\agent.exe (Acronis)
SRV - (TeamViewer8) -- C:\Program Files\TeamViewer\Version8\TeamViewer_Service.exe (TeamViewer GmbH)
SRV - (LogMeIn) -- C:\Program Files\LogMeIn\x86\LogMeIn.exe (LogMeIn, Inc.)
SRV - (SkypeUpdate) -- C:\Program Files\Skype\Updater\Updater.exe (Skype Technologies)
SRV - (ZEvtSVC) -- C:\Program Files\SAAZOD\zSCC\zEvtSVC.exe (Continuum Managed Services LLC.)
SRV - (SAAZapsc) -- C:\Program Files\SAAZOD\zRealTime\SAAZapsc.exe (Continuum Managed Services LLC.)
SRV - (SAAZappr) -- C:\Program Files\SAAZOD\zRealTime\SAAZappr.exe (Continuum Managed Services LLC.)
SRV - (SAAZWatchDog) -- C:\Program Files\SAAZOD\SAAZWatchDog.exe (Continuum Managed Services LLC.)
SRV - (SAAZServerPlus) -- C:\Program Files\SAAZOD\SAAZServerPlus.exe (Continuum Managed Services LLC.)
SRV - (SAAZRemoteSupport) -- C:\Program Files\SAAZOD\SAAZRemoteSupport.exe (Continuum Managed Services LLC.)
SRV - (SAAZDPMACTL) -- C:\Program Files\SAAZOD\SAAZDPMACTL.exe (Continuum Managed Services LLC.)
SRV - (GPSocketUSBService) -- C:\MaxiSocketUSB\ServiceInstaller.exe (GeneralPlus)
SRV - (AmsWebServer) -- C:\Program Files\Common Files\Acronis\WebServer\httpd.exe (Apache Software Foundation)
SRV - (VMUSBArbService) -- C:\Program Files\Common Files\VMware\USB\vmware-usbarbitrator.exe (VMware, Inc.)
SRV - (WatAdminSvc) -- C:\Windows\System32\Wat\WatAdminSvc.exe (Microsoft Corporation)
SRV - (FLEXnet Licensing Service) -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe (Macrovision Europe Ltd.)
SRV - (SwitchBoard) -- C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe (Adobe Systems Incorporated)
SRV - (Nero BackItUp Scheduler 4.0) -- C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe (Nero AG)
SRV - (NTI IScheduleSvc) -- C:\Program Files\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe (NewTech Infosystems, Inc.)
SRV - (StorSvc) -- C:\Windows\System32\StorSvc.dll (Microsoft Corporation)
SRV - (SensrSvc) -- C:\Windows\System32\sensrsvc.dll (Microsoft Corporation)
SRV - (PeerDistSvc) -- C:\Windows\System32\PeerDistSvc.dll (Microsoft Corporation)
SRV - (Updater Service) -- C:\Program Files\Acer\Acer Updater\UpdaterService.exe (Acer)
SRV - (IAANTMON) -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe (Intel Corporation)
SRV - (ETService) -- C:\Program Files\Acer\Empowering Technology\Service\ETService.exe ()
SRV - (WcesComm) -- C:\Windows\WindowsMobile\wcescomm.dll (Microsoft Corporation)
SRV - (RapiMgr) -- C:\Windows\WindowsMobile\rapimgr.dll (Microsoft Corporation)
 
 
========== Driver Services (SafeList) ==========
 
DRV - (virtual_file) -- C:\Windows\System32\drivers\virtual_file.sys (Acronis International GmbH)
DRV - (tib_mounter) -- C:\Windows\System32\drivers\tib_mounter.sys (Acronis)
DRV - (tib) -- C:\Windows\System32\drivers\tib.sys (Acronis)
DRV - (snapman) -- C:\Windows\System32\drivers\snapman.sys (Acronis)
DRV - (fltsrv) -- C:\Windows\System32\drivers\fltsrv.sys (Acronis)
DRV - (gfiutil) -- C:\Windows\System32\drivers\gfiutil.sys (ThreatTrack Security)
DRV - (gfiark) -- C:\Windows\System32\drivers\gfiark.sys (ThreatTrack Security)
DRV - (LMIInfo) -- C:\Program Files\LogMeIn\x86\rainfo.sys (LogMeIn, Inc.)
DRV - (MBAMProtector) -- C:\Windows\System32\drivers\mbam.sys (Malwarebytes Corporation)
DRV - (dc3d) -- C:\Windows\System32\drivers\dc3d.sys (Microsoft Corporation)
DRV - (LMIRfsClientNP) -- C:\Windows\System32\LMIRfsClientNP.dll (LogMeIn, Inc.)
DRV - (FTDIBUS) -- C:\Windows\System32\drivers\ftdibus.sys (FTDI Ltd.)
DRV - (NisDrv) -- C:\Windows\System32\drivers\NisDrvWFP.sys (Microsoft Corporation)
DRV - (sbapifs) -- C:\Windows\System32\drivers\sbapifs.sys (GFI Software)
DRV - (sbwtis) -- C:\Windows\System32\drivers\sbwtis.sys (GFI Software)
DRV - (hcmon) -- C:\Windows\System32\drivers\hcmon.sys (VMware, Inc.)
DRV - (vmbus) -- C:\Windows\System32\drivers\vmbus.sys (Microsoft Corporation)
DRV - (storflt) -- C:\Windows\System32\drivers\vmstorfl.sys (Microsoft Corporation)
DRV - (storvsc) -- C:\Windows\System32\drivers\storvsc.sys (Microsoft Corporation)
DRV - (TsUsbFlt) -- C:\Windows\System32\drivers\TsUsbFlt.sys (Microsoft Corporation)
DRV - (WINUSB) -- C:\Windows\System32\drivers\winusb.sys (Microsoft Corporation)
DRV - (VMBusHID) -- C:\Windows\System32\drivers\VMBusHID.sys (Microsoft Corporation)
DRV - (s3cap) -- C:\Windows\System32\drivers\vms3cap.sys (Microsoft Corporation)
DRV - (AGERESoftModem) -- C:\Windows\System32\drivers\AGRSM.sys (LSI Corporation)
DRV - (zntport) -- C:\Windows\System32\drivers\zntport.sys (Zeal SoftStudio)
DRV - (tvicport) -- C:\Windows\System32\drivers\TVicPort.sys (EnTech Taiwan)
 
 
========== Standard Registry (All) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL =  [binary data]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\System32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/p/?LinkId=255141
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = http://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ACAW
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\system32\blank.htm
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://homepage.acer.com/rdr.aspx?b=ACAW&l=0409&m=veriton_x480g&r=170505103416p04f5u2h5z44716240
IE - HKCU\..\URLSearchHook: {CFBFAE00-17A6-11D0-99CB-00C04FD64497} - C:\Windows\System32\ieframe.dll (Microsoft Corporation)
IE - HKCU\..\SearchScopes,DefaultScope = {67A2568C-7A0A-4EED-AECC-B5405DE63B64}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE10SR
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
 
 
========== FireFox ==========
 
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:  File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~1\MICROS~1\Office15\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@vmware.com/vmrc,version=2.5.0.00000: C:\Program Files\Common Files\VMware\VMware VMRC Plug-in\Firefox\np-vmware-vmrc.dll (VMware, Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Acrobat: C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Air\nppdf32.dll (Adobe Systems Inc.)
FF - HKLM\Software\MozillaPlugins\PDF Architect 2: C:\Program Files\PDF Architect 2\np-previewer.dll (pdfforge GmbH)
 
 
 
O1 HOSTS File: ([2014/06/10 14:16:39 | 000,000,035 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office15\URLREDIR.DLL (Microsoft Corporation)
O2 - BHO: (SmartSelect Class) - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKCU\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O4 - HKLM..\Run: [Acer PowerSaver] C:\Program Files\Acer\Acer PowerSaver\PowerSaverTray.exe (Acer Incorporated)
O4 - HKLM..\Run: [Acrobat Assistant 8.0] C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe (Adobe Systems Inc.)
O4 - HKLM..\Run: [Acronis Scheduler2 Service] C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe (Acronis)
O4 - HKLM..\Run: [AcronisTibMounterMonitor] C:\Program Files\Common Files\Acronis\TibMounter\TibMounterMonitor.exe (Acronis)
O4 - HKLM..\Run: [Adobe Acrobat Speed Launcher] C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [Adobe ARM] C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [AdobeAAMUpdater-1.0] C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [AdobeCS5ServiceManager] C:\Program Files\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [BackupAndRecoveryMonitor.exe] C:\Program Files\Acronis\BackupAndRecovery\BackupAndRecoveryMonitor.exe (Acronis)
O4 - HKLM..\Run: [BackupManagerTray] C:\Program Files\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe (NewTech Infosystems, Inc.)
O4 - HKLM..\Run: [BCSSync] C:\Program Files\Microsoft Office\Office14\BCSSync.exe (Microsoft Corporation)
O4 - HKLM..\Run: [HotKeysCmds] C:\Windows\System32\hkcmd.exe (Intel Corporation)
O4 - HKLM..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Intel Corporation)
O4 - HKLM..\Run: [IgfxTray] C:\Windows\System32\igfxtray.exe (Intel Corporation)
O4 - HKLM..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe (Apple Inc.)
O4 - HKLM..\Run: [LogMeIn GUI] C:\Program Files\LogMeIn\x86\LogMeInSystray.exe (LogMeIn, Inc.)
O4 - HKLM..\Run: [PDVD8LanguageShortcut] C:\Program Files\CyberLink\PowerDVD8\Language\Language.exe (CyberLink Corp.)
O4 - HKLM..\Run: [Persistence] C:\Windows\System32\igfxpers.exe (Intel Corporation)
O4 - HKLM..\Run: [QuickTime Task] C:\Program Files\QuickTime\QTTask.exe (Apple Inc.)
O4 - HKLM..\Run: [RemoteControl8] C:\Program Files\CyberLink\PowerDVD8\PDVD8Serv.exe (CyberLink Corp.)
O4 - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [SBAMTray] C:\Program Files\GFI Software\GFIAgent\SBAMTray.exe (ThreatTrack Security, Inc.)
O4 - HKLM..\Run: [SwitchBoard] C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [Windows Mobile Device Center] C:\Windows\WindowsMobile\wmdc.exe (Microsoft Corporation)
O4 - HKCU..\Run: [OfficeSyncProcess] C:\Program Files\Microsoft Office\Office14\MSOSYNC.EXE (Microsoft Corporation)
O4 - Startup: C:\Users\Tony\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\NVIDIA Experience.url ()
O4 - Startup: C:\Users\Tony\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Nvidia Expirience.url ()
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoWelcomeScreen = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableInstallerDetection = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableSecureUIAPaths = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableUIADesktopToggle = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableVirtualization = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ValidateAdminCodeSignatures = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: scforceoption = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: FilterAdministratorToken = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableRegistryTools = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_TEXT = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_BITMAP = 2
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_OEMTEXT = 7
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_DIB = 8
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_PALETTE = 9
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_UNICODETEXT = 13
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_DIBV5 = 17
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: RunLogonScriptSync = 1
O8 - Extra context menu item: Append Link Target to Existing PDF - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Append to Existing PDF - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert Link Target to Adobe PDF - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert to Adobe PDF - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\Office14\EXCEL.EXE (Microsoft Corporation)
O8 - Extra context menu item: Se&nd to OneNote - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: @C:\Windows\WindowsMobile\INetRepl.dll,-222 - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : @C:\Windows\WindowsMobile\INetRepl.dll,-223 - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll (Microsoft Corporation)
O9 - Extra Button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000001 [] - C:\Windows\System32\nlaapi.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000002 [] - C:\Windows\System32\NapiNSP.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000003 [] - C:\Windows\System32\pnrpnsp.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Windows\System32\pnrpnsp.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000006 [] - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Windows\System32\winrnr.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000012 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000013 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000014 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000015 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000016 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000017 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000018 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000019 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000020 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.100 192.168.1.101
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = DOMAIN.local
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{F946D222-745A-4B81-B1FA-D91B4C2C1796}: DhcpNameServer = 192.168.1.100 192.168.1.101
O18 - Protocol\Handler\about {3050F406-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\System32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\cdl {3dd53d40-7b8b-11D0-b013-00aa0059ce02} - C:\Windows\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\dvd {12D51199-0DB5-46FE-A120-47A3D7D937CC} - C:\Windows\System32\MSVidCtl.dll (Microsoft Corporation)
O18 - Protocol\Handler\file {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\ftp {79eac9e3-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\http {79eac9e2-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\https {79eac9e5-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\Windows\System32\itss.dll (Microsoft Corporation)
O18 - Protocol\Handler\javascript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\System32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\local {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\mailto {3050f3DA-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\System32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\mhtml {05300401-BCBC-11d0-85E3-00C04FD85AB4} - C:\Windows\System32\inetcomm.dll (Microsoft Corporation)
O18 - Protocol\Handler\mk {79eac9e6-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\Windows\System32\itss.dll (Microsoft Corporation)
O18 - Protocol\Handler\osf {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office\Office15\MSOSB.DLL (Microsoft Corporation)
O18 - Protocol\Handler\res {3050F3BC-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\System32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\tv {CBD30858-AF45-11D2-B6D6-00C04FBBDE6E} - C:\Windows\System32\MSVidCtl.dll (Microsoft Corporation)
O18 - Protocol\Handler\vbscript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\System32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\System32\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\System32\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\System32\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL (Microsoft Corporation)
O20 - AppInit_DLLs: (C:\Windows\System32\acaptuser32.dll) - C:\Windows\System32\acaptuser32.dll (Adobe Systems Incorporated)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\System32\igfxdev.dll (Intel Corporation)
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
O29 - HKLM SecurityProviders - (credssp.dll) - C:\Windows\System32\credssp.dll (Microsoft Corporation)
O30 - LSA: Authentication Packages - (msv1_0) - C:\Windows\System32\msv1_0.dll (Microsoft Corporation)
O30 - LSA: Authentication Packages - (relog_ap) - C:\Windows\System32\relog_ap.dll (Acronis)
O30 - LSA: Security Packages - (kerberos) - C:\Windows\System32\kerberos.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (msv1_0) - C:\Windows\System32\msv1_0.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (schannel) - C:\Windows\System32\schannel.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (wdigest) - C:\Windows\System32\wdigest.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (tspkg) - C:\Windows\System32\tspkg.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (pku2u) - C:\Windows\System32\pku2u.dll (Microsoft Corporation)
O31 - SafeBoot: AlternateShell - cmd.exe
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/06/10 17:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
NetSvcs: FastUserSwitchingCompatibility -  File not found
NetSvcs: Ias - C:\Windows\System32\ias.dll (Microsoft Corporation)
NetSvcs: Nla -  File not found
NetSvcs: Ntmssvc -  File not found
NetSvcs: NWCWorkstation -  File not found
NetSvcs: Nwsapagent -  File not found
NetSvcs: SRService -  File not found
NetSvcs: WmdmPmSp -  File not found
NetSvcs: LogonHours -  File not found
NetSvcs: PCAudit -  File not found
NetSvcs: helpsvc -  File not found
NetSvcs: uploadmgr -  File not found
 
 
CREATERESTOREPOINT
Restore point Set: OTL Restore Point
 
========== Files/Folders - Created Within 30 Days ==========
 
[2014/06/23 14:09:07 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Tony\Desktop\OTL.scr
[2014/06/23 09:40:51 | 000,000,000 | R--D | C] -- C:\Users\Tony\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\CyberLink PowerDVD 8
[2014/06/12 00:08:45 | 002,706,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[2014/06/12 00:08:45 | 000,163,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msrating.dll
[2014/06/12 00:08:44 | 002,862,080 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jscript9.dll
[2014/06/12 00:08:43 | 000,357,888 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dxtmsft.dll
[2014/06/12 00:08:43 | 000,226,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dxtrans.dll
[2014/06/12 00:08:43 | 000,061,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iesetup.dll
[2014/06/12 00:08:43 | 000,039,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll
[2014/06/12 00:08:42 | 000,493,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll
[2014/06/12 00:08:42 | 000,391,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll
[2014/06/12 00:08:42 | 000,109,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iesysprep.dll
[2014/06/12 00:08:42 | 000,071,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\RegisterIEPKEYs.exe
[2014/06/12 00:08:42 | 000,042,496 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ie4uinit.exe
[2014/06/12 00:08:42 | 000,033,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iernonce.dll
[2014/06/12 00:08:40 | 001,440,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl
[2014/06/12 00:08:13 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msxml6r.dll
[2014/06/12 00:08:13 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msxml3r.dll
[2014/06/12 00:07:49 | 000,240,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\netio.sys
[2014/06/12 00:07:49 | 000,187,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\FWPKCLNT.SYS
[2014/06/11 21:59:44 | 000,034,638 | ---- | C] (Mercantil Servicios) -- C:\uninstall.exe
[2014/06/10 18:37:54 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2014/06/10 14:50:07 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
[2014/06/10 14:50:04 | 000,074,456 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamchameleon.sys
[2014/06/10 14:50:04 | 000,051,928 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mwac.sys
[2014/06/10 14:50:04 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes Anti-Malware
[2014/06/10 09:32:42 | 000,000,000 | ---D | C] -- C:\FRST
[2014/06/10 09:30:57 | 001,177,600 | ---- | C] (Farbar) -- C:\Users\Tony\Desktop\FRST.exe
[2014/06/02 15:17:26 | 000,000,000 | ---D | C] -- C:\Users\Tony\Desktop\Problems
 
========== Files - Modified Within 30 Days ==========
 
[2014/06/23 14:09:07 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Tony\Desktop\OTL.scr
[2014/06/23 14:05:00 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2014/06/23 09:47:35 | 000,009,920 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2014/06/23 09:47:35 | 000,009,920 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2014/06/21 05:16:39 | 000,000,000 | --S- | M] () -- C:\Windows\System32\fexz.wvx
[2014/06/20 21:49:57 | 000,000,000 | --S- | M] () -- C:\Windows\System32\maqogi.yiw
[2014/06/20 17:47:31 | 000,000,000 | --S- | M] () -- C:\Windows\System32\kvcal.pul
[2014/06/20 08:13:46 | 000,000,000 | --S- | M] () -- C:\Windows\System32\ekmztp.mpi
[2014/06/19 16:57:10 | 000,000,000 | --S- | M] () -- C:\Windows\System32\kyod.cwu
[2014/06/19 13:59:16 | 000,000,000 | --S- | M] () -- C:\Windows\System32\chwynpi.yqv
[2014/06/19 01:31:06 | 000,000,000 | --S- | M] () -- C:\Windows\System32\qmex.jfg
[2014/06/18 22:43:50 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2014/06/18 22:43:45 | 2388,529,152 | -HS- | M] () -- C:\hiberfil.sys
[2014/06/18 22:30:10 | 501,600,674 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2014/06/18 19:27:29 | 000,000,000 | --S- | M] () -- C:\Windows\System32\bzzya.kfd
[2014/06/17 21:42:09 | 000,000,000 | --S- | M] () -- C:\Windows\System32\qgyxvq.mfq
[2014/06/17 13:47:31 | 000,000,000 | --S- | M] () -- C:\Windows\System32\gvutl.rsr
[2014/06/16 22:13:39 | 000,000,000 | --S- | M] () -- C:\Windows\System32\htphl.hpt
[2014/06/16 19:11:00 | 000,000,000 | --S- | M] () -- C:\Windows\System32\vzjdvrh.ujd
[2014/06/14 20:35:52 | 000,000,000 | --S- | M] () -- C:\Windows\System32\zznicxl.wsh
[2014/06/14 15:36:05 | 000,000,000 | --S- | M] () -- C:\Windows\System32\mnczeew.nza
[2014/06/13 19:57:51 | 000,712,642 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2014/06/13 19:57:51 | 000,141,204 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2014/06/13 19:39:39 | 000,000,000 | --S- | M] () -- C:\Windows\System32\fdvjgfj.rng
[2014/06/13 11:35:41 | 000,000,000 | --S- | M] () -- C:\Windows\System32\ivqlaqs.sog
[2014/06/11 21:59:44 | 000,034,638 | ---- | M] (Mercantil Servicios) -- C:\uninstall.exe
[2014/06/11 17:15:17 | 000,315,743 | --S- | M] () -- C:\Windows\System32\jfpsh.brd
[2014/06/10 14:50:07 | 000,001,064 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2014/06/10 14:16:39 | 000,000,035 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts
[2014/06/10 09:30:57 | 001,177,600 | ---- | M] (Farbar) -- C:\Users\Tony\Desktop\FRST.exe
[2014/06/06 14:01:26 | 000,085,832 | ---- | M] (LogMeIn, Inc.) -- C:\Windows\System32\LMIinit.dll
[2014/06/06 14:01:26 | 000,031,560 | ---- | M] (LogMeIn, Inc.) -- C:\Windows\System32\LMIport.dll
[2014/06/02 15:07:56 | 000,001,448 | ---- | M] () -- C:\Windows\ricdb.ini
 
========== Files Created - No Company Name ==========
 
[2014/06/21 05:16:39 | 000,000,000 | --S- | C] () -- C:\Windows\System32\fexz.wvx
[2014/06/20 21:49:57 | 000,000,000 | --S- | C] () -- C:\Windows\System32\maqogi.yiw
[2014/06/20 17:47:31 | 000,000,000 | --S- | C] () -- C:\Windows\System32\kvcal.pul
[2014/06/20 08:13:46 | 000,000,000 | --S- | C] () -- C:\Windows\System32\ekmztp.mpi
[2014/06/19 16:57:10 | 000,000,000 | --S- | C] () -- C:\Windows\System32\kyod.cwu
[2014/06/19 13:59:16 | 000,000,000 | --S- | C] () -- C:\Windows\System32\chwynpi.yqv
[2014/06/19 01:31:06 | 000,000,000 | --S- | C] () -- C:\Windows\System32\qmex.jfg
[2014/06/18 22:30:10 | 501,600,674 | ---- | C] () -- C:\Windows\MEMORY.DMP
[2014/06/18 19:27:29 | 000,000,000 | --S- | C] () -- C:\Windows\System32\bzzya.kfd
[2014/06/17 21:42:09 | 000,000,000 | --S- | C] () -- C:\Windows\System32\qgyxvq.mfq
[2014/06/17 13:47:31 | 000,000,000 | --S- | C] () -- C:\Windows\System32\gvutl.rsr
[2014/06/16 22:13:39 | 000,000,000 | --S- | C] () -- C:\Windows\System32\htphl.hpt
[2014/06/16 19:11:00 | 000,000,000 | --S- | C] () -- C:\Windows\System32\vzjdvrh.ujd
[2014/06/14 20:35:52 | 000,000,000 | --S- | C] () -- C:\Windows\System32\zznicxl.wsh
[2014/06/14 15:36:05 | 000,000,000 | --S- | C] () -- C:\Windows\System32\mnczeew.nza
[2014/06/13 19:39:39 | 000,000,000 | --S- | C] () -- C:\Windows\System32\fdvjgfj.rng
[2014/06/13 11:35:41 | 000,000,000 | --S- | C] () -- C:\Windows\System32\ivqlaqs.sog
[2014/06/11 17:15:17 | 000,315,743 | --S- | C] () -- C:\Windows\System32\jfpsh.brd
[2014/06/10 14:50:07 | 000,001,064 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2014/05/19 20:49:17 | 000,068,096 | ---- | C] () -- C:\Windows\System32\lfplt11n.dll
[2014/05/19 20:49:16 | 000,000,082 | ---- | C] () -- C:\Windows\easy32.ini
[2013/12/10 16:51:31 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2013/12/10 16:51:31 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2013/12/10 16:51:31 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2013/12/10 16:51:31 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2013/12/10 16:51:31 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2013/10/10 13:35:10 | 000,009,584 | ---- | C] () -- C:\Windows\System32\ractrlkeyhook.dll
[2013/07/11 15:16:08 | 000,000,000 | ---- | C] () -- C:\Windows\soselect.INI
[2013/07/11 15:15:59 | 000,235,520 | ---- | C] () -- C:\Windows\System32\PXOFFICE.DLL
[2013/07/11 15:15:57 | 000,000,044 | ---- | C] () -- C:\Windows\isunst90ww.ini
[2013/07/11 15:15:56 | 000,000,463 | ---- | C] () -- C:\Windows\PVX.INI
[2013/07/11 15:15:48 | 000,017,920 | ---- | C] () -- C:\Windows\System32\IMPLODE.DLL
[2013/07/11 15:15:43 | 000,074,240 | ---- | C] () -- C:\Windows\System32\90WRES32.DLL
[2013/04/29 20:47:19 | 000,053,248 | ---- | C] () -- C:\Windows\System32\zlib.dll
[2013/03/07 16:08:59 | 000,000,514 | RHS- | C] () -- C:\Users\Tony\ntuser.pol
[2011/04/01 16:24:44 | 000,001,456 | ---- | C] () -- C:\Users\Tony\AppData\Local\Adobe Save for Web 12.0 Prefs
[2010/12/22 14:01:08 | 000,098,304 | ---- | C] () -- C:\Users\Tony\AppData\Roaming\fin.zup
[2010/06/14 12:05:05 | 000,000,600 | ---- | C] () -- C:\Users\Tony\AppData\Roaming\winscp.rnd
[2010/06/11 16:33:12 | 000,061,826 | RHS- | C] () -- C:\ProgramData\ntuser.pol
 
========== ZeroAccess Check ==========
 
[2009/07/14 00:42:31 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2014/03/24 22:09:54 | 012,874,240 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 08:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2009/07/13 21:16:17 | 000,342,528 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
========== LOP Check ==========
 
[2010/11/23 15:59:53 | 000,000,000 | ---D | M] -- C:\Users\Tony\AppData\Roaming\Articulate
[2013/12/11 14:22:08 | 000,000,000 | -H-D | M] -- C:\Users\Tony\AppData\Roaming\B8AE4942
[2010/07/07 12:19:32 | 000,000,000 | ---D | M] -- C:\Users\Tony\AppData\Roaming\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
[2013/07/20 23:01:54 | 000,000,000 | ---D | M] -- C:\Users\Tony\AppData\Roaming\DameWare Development
[2014/04/17 12:18:15 | 000,000,000 | ---D | M] -- C:\Users\Tony\AppData\Roaming\Downloaded Installations
[2010/06/14 12:00:28 | 000,000,000 | ---D | M] -- C:\Users\Tony\AppData\Roaming\Esha Research
[2014/02/02 00:28:42 | 000,000,000 | ---D | M] -- C:\Users\Tony\AppData\Roaming\FlashPlayer
[2013/05/22 09:17:03 | 000,000,000 | ---D | M] -- C:\Users\Tony\AppData\Roaming\GFI Software
[2010/06/14 12:03:43 | 000,000,000 | ---D | M] -- C:\Users\Tony\AppData\Roaming\Notepad++
[2014/04/28 16:50:20 | 000,000,000 | ---D | M] -- C:\Users\Tony\AppData\Roaming\pdfforge
[2014/04/17 12:20:41 | 000,000,000 | ---D | M] -- C:\Users\Tony\AppData\Roaming\Softland
[2013/02/20 21:19:09 | 000,000,000 | ---D | M] -- C:\Users\Tony\AppData\Roaming\TeamViewer
 
========== Purity Check ==========
 
 
 
========== Custom Scans ==========
 
< %SYSTEMDRIVE%\*.* >
[2014/04/18 09:03:07 | 000,001,024 | ---- | M] () -- C:\.rnd
[2009/06/10 17:42:20 | 000,000,024 | ---- | M] () -- C:\autoexec.bat
[2009/10/08 21:45:18 | 000,008,192 | RHS- | M] () -- C:\BOOTSECT.BAK
[2013/12/10 17:00:55 | 000,013,378 | ---- | M] () -- C:\ComboFix.txt
[2009/06/10 17:42:20 | 000,000,010 | ---- | M] () -- C:\config.sys
[2014/06/18 22:43:45 | 2388,529,152 | -HS- | M] () -- C:\hiberfil.sys
[2013/07/08 23:21:51 | 000,000,000 | RHS- | M] () -- C:\IO.SYS
[2013/07/08 23:21:51 | 000,000,000 | RHS- | M] () -- C:\MSDOS.SYS
[2014/06/18 22:43:49 | 3184,705,536 | -HS- | M] () -- C:\pagefile.sys
[2002/08/15 03:09:02 | 000,003,216 | ---- | M] () -- C:\README.TXT
[2009/10/08 21:00:16 | 000,001,932 | ---- | M] () -- C:\RHDSetup.log
[2014/06/11 21:59:44 | 000,034,638 | ---- | M] (Mercantil Servicios) -- C:\uninstall.exe
 
< %systemroot%\system32\Spool\prtprocs\w32x86\*.dll >
[2010/07/07 10:34:00 | 000,062,464 | ---- | M] (Lexmark International Inc.) -- C:\Windows\system32\Spool\prtprocs\w32x86\1_DKACHL4C.DLL
[2010/07/07 10:34:00 | 000,062,464 | ---- | M] (Lexmark International Inc.) -- C:\Windows\system32\Spool\prtprocs\w32x86\2_DKACHL4C.DLL
[2010/07/07 10:34:00 | 000,062,464 | ---- | M] (Lexmark International Inc.) -- C:\Windows\system32\Spool\prtprocs\w32x86\DKACHL4C.DLL
[2009/07/13 21:15:26 | 000,090,624 | ---- | M] (Hewlett-Packard Corporation) -- C:\Windows\system32\Spool\prtprocs\w32x86\HPZPPWN7.DLL
[2009/07/13 21:15:35 | 000,022,528 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\Spool\prtprocs\w32x86\jnwppr.dll
[2014/06/06 14:01:30 | 000,053,064 | ---- | M] (LogMeIn, Inc.) -- C:\Windows\system32\Spool\prtprocs\w32x86\LMIproc.dll
[2010/11/20 08:21:36 | 000,030,208 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\Spool\prtprocs\w32x86\winprint.dll
 
< %systemroot%\*. /mp /s >
 
< %systemroot%\system32\*.dll /lockedfiles >
 
< %systemroot%\Tasks\*.job /lockedfiles >
 
< %systemroot%\system32\drivers\*.sys /lockedfiles >
 
< %systemroot%\system32\*.exe /lockedfiles >
 
< %systemroot%\System32\config\*.sav >
 
< %PROGRAMFILES%\* >
[2012/10/05 04:14:29 | 000,003,774 | ---- | M] () -- C:\Program Files\desktop.ico
[2009/07/14 00:41:57 | 000,000,174 | -HS- | M] () -- C:\Program Files\desktop.ini
 
< %USERPROFILE%\..|smtmp;true;true;true /FP >
 
< HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU >
 
< hklm\software\clients\startmenuinternet|command /rs >
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ShowIconsCommand: "C:\Windows\System32\ie4uinit.exe" -show [2014/05/23 21:27:06 | 000,042,496 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ReinstallCommand: "C:\Windows\System32\ie4uinit.exe" -reinstall [2014/05/23 21:27:06 | 000,042,496 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\HideIconsCommand: "C:\Windows\System32\ie4uinit.exe" -hide [2014/05/23 21:27:06 | 000,042,496 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\naom\command\\: "C:\Program Files\Internet Explorer\iexplore.exe" -extoff [2014/05/23 22:10:04 | 000,770,736 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\open\command\\: "C:\Program Files\Internet Explorer\iexplore.exe" [2014/05/23 22:10:04 | 000,770,736 | ---- | M] (Microsoft Corporation)
 
< hklm\software\clients\startmenuinternet|command /64 /rs >
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ShowIconsCommand: "C:\Windows\System32\ie4uinit.exe" -show [2014/05/23 21:27:06 | 000,042,496 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ReinstallCommand: "C:\Windows\System32\ie4uinit.exe" -reinstall [2014/05/23 21:27:06 | 000,042,496 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\HideIconsCommand: "C:\Windows\System32\ie4uinit.exe" -hide [2014/05/23 21:27:06 | 000,042,496 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\naom\command\\: "C:\Program Files\Internet Explorer\iexplore.exe" -extoff [2014/05/23 22:10:04 | 000,770,736 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\open\command\\: "C:\Program Files\Internet Explorer\iexplore.exe" [2014/05/23 22:10:04 | 000,770,736 | ---- | M] (Microsoft Corporation)

< End of report >

 

 

 

 

 

 

OTL Extras logfile created on: 23/06/2014 2:27:56 PM - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Tony\Desktop
 Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.10.9200.16921)
Locale: 00001009 | Country: United States | Language: ENU | Date Format: M/d/yyyy
 
2.97 Gb Total Physical Memory | 1.40 Gb Available Physical Memory | 47.19% Memory free
5.93 Gb Paging File | 3.92 Gb Available in Paging File | 66.06% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 136.45 Gb Total Space | 38.31 Gb Free Space | 28.07% Space Free | Partition Type: NTFS
Drive D: | 136.54 Gb Total Space | 134.32 Gb Free Space | 98.37% Space Free | Partition Type: NTFS
 
Computer Name: X153-WIN7 | User Name: Tony | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
 
========== Shell Spawning ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office14\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files\Microsoft Office\Office14\msohtmed.exe" /p %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [Bridge] -- C:\Program Files\Adobe\Adobe Bridge CS5\Bridge.exe "%L" (Adobe Systems, Inc.)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"UpdatesDisableNotify" = 1
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\UpdatesDisableNotify]
 
========== System Restore Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile\RemoteAdminSettings]
"Enabled" = 1
"RemoteAddresses" =
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile\Services]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile\Services\RemoteDesktop]
"Enabled" = 1
"RemoteAddresses" =
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\FirewallRules]
"CoreNet-GP-LSASS-Out-TCP" = v2.0|Action=Allow|Active=TRUE|Dir=Out|Protocol=6|Profile=Domain|App=%SystemRoot%\system32\lsass.exe|Name=@FirewallAPI.dll,-25407|Desc=@FirewallAPI.dll,-25408|EmbedCtxt=@FirewallAPI.dll,-25000|AutoGenIPsec=FALSE|Edge=FALSE|
"CoreNet-DNS-Out-UDP" = v2.0|Action=Allow|Active=TRUE|Dir=Out|Protocol=17|Profile=Domain|RPort=53|App=%SystemRoot%\system32\svchost.exe|Svc=dnscache|Name=@FirewallAPI.dll,-25405|Desc=@FirewallAPI.dll,-25406|EmbedCtxt=@FirewallAPI.dll,-25000|AutoGenIPsec=FALSE|Edge=FALSE|
"CoreNet-GP-Out-TCP" = v2.0|Action=Allow|Active=TRUE|Dir=Out|Protocol=6|Profile=Domain|App=%SystemRoot%\system32\svchost.exe|Name=@FirewallAPI.dll,-25403|Desc=@FirewallAPI.dll,-25404|EmbedCtxt=@FirewallAPI.dll,-25000|AutoGenIPsec=FALSE|Edge=FALSE|
"CoreNet-GP-NP-Out-TCP" = v2.0|Action=Allow|Active=TRUE|Dir=Out|Protocol=6|Profile=Domain|RPort=445|App=System|Name=@FirewallAPI.dll,-25401|Desc=@FirewallAPI.dll,-25401|EmbedCtxt=@FirewallAPI.dll,-25000|AutoGenIPsec=FALSE|Edge=FALSE|
"CoreNet-IPv6-Out" = v2.0|Action=Allow|Active=TRUE|Dir=Out|Protocol=41|Profile=Domain|App=System|Name=@FirewallAPI.dll,-25352|Desc=@FirewallAPI.dll,-25358|EmbedCtxt=@FirewallAPI.dll,-25000|AutoGenIPsec=FALSE|Edge=FALSE|
"CoreNet-IPv6-In" = v2.0|Action=Allow|Active=TRUE|Dir=In|Protocol=41|Profile=Domain|App=System|Name=@FirewallAPI.dll,-25351|Desc=@FirewallAPI.dll,-25358|EmbedCtxt=@FirewallAPI.dll,-25000|AutoGenIPsec=FALSE|Edge=FALSE|
"CoreNet-Teredo-Out" = v2.0|Action=Allow|Active=TRUE|Dir=Out|Protocol=17|Profile=Domain|App=%SystemRoot%\system32\svchost.exe|Svc=iphlpsvc|Name=@FirewallAPI.dll,-25327|Desc=@FirewallAPI.dll,-25333|EmbedCtxt=@FirewallAPI.dll,-25000|AutoGenIPsec=FALSE|Edge=FALSE|
"CoreNet-Teredo-In" = v2.0|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Domain|LPort=Teredo|App=%SystemRoot%\system32\svchost.exe|Svc=iphlpsvc|Name=@FirewallAPI.dll,-25326|Desc=@FirewallAPI.dll,-25333|EmbedCtxt=@FirewallAPI.dll,-25000|AutoGenIPsec=FALSE|Edge=FALSE|
"CoreNet-DHCP-Out" = v2.0|Action=Allow|Active=TRUE|Dir=Out|Protocol=17|Profile=Domain|LPort=68|RPort=67|App=%SystemRoot%\system32\svchost.exe|Svc=dhcp|Name=@FirewallAPI.dll,-25302|Desc=@FirewallAPI.dll,-25303|EmbedCtxt=@FirewallAPI.dll,-25000|AutoGenIPsec=FALSE|Edge=FALSE|
"CoreNet-DHCP-In" = v2.0|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Domain|LPort=68|RPort=67|App=%SystemRoot%\system32\svchost.exe|Svc=dhcp|Name=@FirewallAPI.dll,-25301|Desc=@FirewallAPI.dll,-25303|EmbedCtxt=@FirewallAPI.dll,-25000|AutoGenIPsec=FALSE|Edge=FALSE|
"CoreNet-IGMP-Out" = v2.0|Action=Allow|Active=TRUE|Dir=Out|Protocol=2|Profile=Domain|App=System|Name=@FirewallAPI.dll,-25377|Desc=@FirewallAPI.dll,-25382|EmbedCtxt=@FirewallAPI.dll,-25000|AutoGenIPsec=FALSE|Edge=FALSE|
"CoreNet-IGMP-In" = v2.0|Action=Allow|Active=TRUE|Dir=In|Protocol=2|Profile=Domain|App=System|Name=@FirewallAPI.dll,-25376|Desc=@FirewallAPI.dll,-25382|EmbedCtxt=@FirewallAPI.dll,-25000|AutoGenIPsec=FALSE|Edge=FALSE|
"CoreNet-ICMP4-DUFRAG-Out" = v2.0|Action=Allow|Active=TRUE|Dir=Out|Protocol=1|Profile=Domain|ICMP4=3:4|App=System|Name=@FirewallAPI.dll,-25252|Desc=@FirewallAPI.dll,-25257|EmbedCtxt=@FirewallAPI.dll,-25000|AutoGenIPsec=FALSE|Edge=FALSE|
"CoreNet-ICMP4-DUFRAG-In" = v2.0|Action=Allow|Active=TRUE|Dir=In|Protocol=1|Profile=Domain|ICMP4=3:4|App=System|Name=@FirewallAPI.dll,-25251|Desc=@FirewallAPI.dll,-25257|EmbedCtxt=@FirewallAPI.dll,-25000|AutoGenIPsec=FALSE|Edge=FALSE|
"CoreNet-ICMP6-PP-Out" = v2.0|Action=Allow|Active=TRUE|Dir=Out|Protocol=58|Profile=Domain|ICMP6=4:*|App=System|Name=@FirewallAPI.dll,-25117|Desc=@FirewallAPI.dll,-25118|EmbedCtxt=@FirewallAPI.dll,-25000|AutoGenIPsec=FALSE|Edge=FALSE|
"CoreNet-ICMP6-PP-In" = v2.0|Action=Allow|Active=TRUE|Dir=In|Protocol=58|Profile=Domain|ICMP6=4:*|App=System|Name=@FirewallAPI.dll,-25116|Desc=@FirewallAPI.dll,-25118|EmbedCtxt=@FirewallAPI.dll,-25000|AutoGenIPsec=FALSE|Edge=FALSE|
"CoreNet-ICMP6-TE-Out" = v2.0|Action=Allow|Active=TRUE|Dir=Out|Protocol=58|Profile=Domain|ICMP6=3:*|App=System|Name=@FirewallAPI.dll,-25114|Desc=@FirewallAPI.dll,-25115|EmbedCtxt=@FirewallAPI.dll,-25000|AutoGenIPsec=FALSE|Edge=FALSE|
"CoreNet-ICMP6-TE-In" = v2.0|Action=Allow|Active=TRUE|Dir=In|Protocol=58|Profile=Domain|ICMP6=3:*|App=System|Name=@FirewallAPI.dll,-25113|Desc=@FirewallAPI.dll,-25115|EmbedCtxt=@FirewallAPI.dll,-25000|AutoGenIPsec=FALSE|Edge=FALSE|
"CoreNet-ICMP6-DU-Out" = v2.0|Action=Allow|Active=TRUE|Dir=Out|Protocol=58|Profile=Domain|ICMP6=1:*|App=System|Name=@FirewallAPI.dll,-25111|Desc=@FirewallAPI.dll,-25112|EmbedCtxt=@FirewallAPI.dll,-25000|AutoGenIPsec=FALSE|Edge=FALSE|
"CoreNet-ICMP6-DU-In" = v2.0|Action=Allow|Active=TRUE|Dir=In|Protocol=58|Profile=Domain|ICMP6=1:*|App=System|Name=@FirewallAPI.dll,-25110|Desc=@FirewallAPI.dll,-25112|EmbedCtxt=@FirewallAPI.dll,-25000|AutoGenIPsec=FALSE|Edge=FALSE|
"CoreNet-ICMP6-LD-Out" = v2.0|Action=Allow|Active=TRUE|Dir=Out|Protocol=58|Profile=Domain|ICMP6=132:*|RA6=LocalSubnet|App=System|Name=@FirewallAPI.dll,-25083|Desc=@FirewallAPI.dll,-25088|EmbedCtxt=@FirewallAPI.dll,-25000|AutoGenIPsec=FALSE|Edge=FALSE|
"CoreNet-ICMP6-LD-In" = v2.0|Action=Allow|Active=TRUE|Dir=In|Protocol=58|Profile=Domain|ICMP6=132:*|RA6=LocalSubnet|App=System|Name=@FirewallAPI.dll,-25082|Desc=@FirewallAPI.dll,-25088|EmbedCtxt=@FirewallAPI.dll,-25000|AutoGenIPsec=FALSE|Edge=FALSE|
"CoreNet-ICMP6-LR2-Out" = v2.0|Action=Allow|Active=TRUE|Dir=Out|Protocol=58|Profile=Domain|ICMP6=143:*|RA6=LocalSubnet|App=System|Name=@FirewallAPI.dll,-25076|Desc=@FirewallAPI.dll,-25081|EmbedCtxt=@FirewallAPI.dll,-25000|AutoGenIPsec=FALSE|Edge=FALSE|
"CoreNet-ICMP6-LR2-In" = v2.0|Action=Allow|Active=TRUE|Dir=In|Protocol=58|Profile=Domain|ICMP6=143:*|RA6=LocalSubnet|App=System|Name=@FirewallAPI.dll,-25075|Desc=@FirewallAPI.dll,-25081|EmbedCtxt=@FirewallAPI.dll,-25000|AutoGenIPsec=FALSE|Edge=FALSE|
"CoreNet-ICMP6-LR-Out" = v2.0|Action=Allow|Active=TRUE|Dir=Out|Protocol=58|Profile=Domain|ICMP6=131:*|RA6=LocalSubnet|App=System|Name=@FirewallAPI.dll,-25069|Desc=@FirewallAPI.dll,-25074|EmbedCtxt=@FirewallAPI.dll,-25000|AutoGenIPsec=FALSE|Edge=FALSE|
"CoreNet-ICMP6-LR-In" = v2.0|Action=Allow|Active=TRUE|Dir=In|Protocol=58|Profile=Domain|ICMP6=131:*|RA6=LocalSubnet|App=System|Name=@FirewallAPI.dll,-25068|Desc=@FirewallAPI.dll,-25074|EmbedCtxt=@FirewallAPI.dll,-25000|AutoGenIPsec=FALSE|Edge=FALSE|
"CoreNet-ICMP6-LQ-Out" = v2.0|Action=Allow|Active=TRUE|Dir=Out|Protocol=58|Profile=Domain|ICMP6=130:*|RA6=LocalSubnet|App=System|Name=@FirewallAPI.dll,-25062|Desc=@FirewallAPI.dll,-25067|EmbedCtxt=@FirewallAPI.dll,-25000|AutoGenIPsec=FALSE|Edge=FALSE|
"CoreNet-ICMP6-LQ-In" = v2.0|Action=Allow|Active=TRUE|Dir=In|Protocol=58|Profile=Domain|ICMP6=130:*|RA6=LocalSubnet|App=System|Name=@FirewallAPI.dll,-25061|Desc=@FirewallAPI.dll,-25067|EmbedCtxt=@FirewallAPI.dll,-25000|AutoGenIPsec=FALSE|Edge=FALSE|
"CoreNet-ICMP6-NDA-Out" = v2.0|Action=Allow|Active=TRUE|Dir=Out|Protocol=58|Profile=Domain|ICMP6=136:*|RA6=LocalSubnet|App=System|Name=@FirewallAPI.dll,-25027|Desc=@FirewallAPI.dll,-25032|EmbedCtxt=@FirewallAPI.dll,-25000|AutoGenIPsec=FALSE|Edge=FALSE|
"CoreNet-ICMP6-NDA-In" = v2.0|Action=Allow|Active=TRUE|Dir=In|Protocol=58|Profile=Domain|ICMP6=136:*|RA6=LocalSubnet|App=System|Name=@FirewallAPI.dll,-25026|Desc=@FirewallAPI.dll,-25032|EmbedCtxt=@FirewallAPI.dll,-25000|AutoGenIPsec=FALSE|Edge=FALSE|
"CoreNet-ICMP6-NDS-Out" = v2.0|Action=Allow|Active=TRUE|Dir=Out|Protocol=58|Profile=Domain|ICMP6=135:*|RA6=LocalSubnet|App=System|Name=@FirewallAPI.dll,-25020|Desc=@FirewallAPI.dll,-25025|EmbedCtxt=@FirewallAPI.dll,-25000|AutoGenIPsec=FALSE|Edge=FALSE|
"CoreNet-ICMP6-NDS-In" = v2.0|Action=Allow|Active=TRUE|Dir=In|Protocol=58|Profile=Domain|ICMP6=135:*|RA6=LocalSubnet|App=System|Name=@FirewallAPI.dll,-25019|Desc=@FirewallAPI.dll,-25025|EmbedCtxt=@FirewallAPI.dll,-25000|AutoGenIPsec=FALSE|Edge=FALSE|
"CoreNet-ICMP6-RA-Out" = v2.0|Action=Allow|Active=TRUE|Dir=Out|Protocol=58|Profile=Domain|ICMP6=134:*|RA6=LocalSubnet|App=System|Name=@FirewallAPI.dll,-25013|Desc=@FirewallAPI.dll,-25018|EmbedCtxt=@FirewallAPI.dll,-25000|AutoGenIPsec=FALSE|Edge=FALSE|
"CoreNet-ICMP6-RA-In" = v2.0|Action=Allow|Active=TRUE|Dir=In|Protocol=58|Profile=Domain|ICMP6=134:*|RA6=LocalSubnet|App=System|Name=@FirewallAPI.dll,-25012|Desc=@FirewallAPI.dll,-25018|EmbedCtxt=@FirewallAPI.dll,-25000|AutoGenIPsec=FALSE|Edge=FALSE|
"CoreNet-ICMP6-RS-Out" = v2.0|Action=Allow|Active=TRUE|Dir=Out|Protocol=58|Profile=Domain|ICMP6=133:*|RA6=LocalSubnet|App=System|Name=@FirewallAPI.dll,-25008|Desc=@FirewallAPI.dll,-25011|EmbedCtxt=@FirewallAPI.dll,-25000|AutoGenIPsec=FALSE|Edge=FALSE|
"CoreNet-ICMP6-PTB-Out" = v2.0|Action=Allow|Active=TRUE|Dir=Out|Protocol=58|Profile=Domain|ICMP6=2:*|App=System|Name=@FirewallAPI.dll,-25002|Desc=@FirewallAPI.dll,-25007|EmbedCtxt=@FirewallAPI.dll,-25000|AutoGenIPsec=FALSE|Edge=FALSE|
"CoreNet-ICMP6-PTB-In" = v2.0|Action=Allow|Active=TRUE|Dir=In|Protocol=58|Profile=Domain|ICMP6=2:*|App=System|Name=@FirewallAPI.dll,-25001|Desc=@FirewallAPI.dll,-25007|EmbedCtxt=@FirewallAPI.dll,-25000|AutoGenIPsec=FALSE|Edge=FALSE|
"RemoteDesktop-In-TCP" = v2.0|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Domain|LPort=3389|Name=@FirewallAPI.dll,-28753|Desc=@FirewallAPI.dll,-28756|EmbedCtxt=@FirewallAPI.dll,-28752|AutoGenIPsec=FALSE|Edge=FALSE|
"FPS-ICMP6-ERQ-Out" = v2.0|Action=Allow|Active=TRUE|Dir=Out|Protocol=58|Profile=Domain|ICMP6=128:*|Name=@FirewallAPI.dll,-28546|Desc=@FirewallAPI.dll,-28547|EmbedCtxt=@FirewallAPI.dll,-28502|AutoGenIPsec=FALSE|Edge=FALSE|
"FPS-ICMP6-ERQ-In" = v2.0|Action=Allow|Active=TRUE|Dir=In|Protocol=58|Profile=Domain|ICMP6=128:*|Name=@FirewallAPI.dll,-28545|Desc=@FirewallAPI.dll,-28547|EmbedCtxt=@FirewallAPI.dll,-28502|AutoGenIPsec=FALSE|Edge=FALSE|
"FPS-ICMP4-ERQ-Out" = v2.0|Action=Allow|Active=TRUE|Dir=Out|Protocol=1|Profile=Domain|ICMP4=8:*|Name=@FirewallAPI.dll,-28544|Desc=@FirewallAPI.dll,-28547|EmbedCtxt=@FirewallAPI.dll,-28502|AutoGenIPsec=FALSE|Edge=FALSE|
"FPS-ICMP4-ERQ-In" = v2.0|Action=Allow|Active=TRUE|Dir=In|Protocol=1|Profile=Domain|ICMP4=8:*|Name=@FirewallAPI.dll,-28543|Desc=@FirewallAPI.dll,-28547|EmbedCtxt=@FirewallAPI.dll,-28502|AutoGenIPsec=FALSE|Edge=FALSE|
"FPS-RPCSS-In-TCP" = v2.0|Action=Allow|Active=TRUE|Dir=In|Protocol=6|LPort=RPC-EPMap|RA4=LocalSubnet|RA6=LocalSubnet|Svc=Rpcss|Name=@FirewallAPI.dll,-28539|Desc=@FirewallAPI.dll,-28542|EmbedCtxt=@FirewallAPI.dll,-28502|AutoGenIPsec=FALSE|Edge=FALSE|
"FPS-SpoolSvc-In-TCP" = v2.0|Action=Allow|Active=TRUE|Dir=In|Protocol=6|LPort=RPC|RA4=LocalSubnet|RA6=LocalSubnet|App=%SystemRoot%\system32\spoolsv.exe|Svc=Spooler|Name=@FirewallAPI.dll,-28535|Desc=@FirewallAPI.dll,-28538|EmbedCtxt=@FirewallAPI.dll,-28502|AutoGenIPsec=FALSE|Edge=FALSE|
"FPS-NB_Datagram-Out-UDP" = v2.0|Action=Allow|Active=TRUE|Dir=Out|Protocol=17|RPort=138|RA4=LocalSubnet|RA6=LocalSubnet|App=System|Name=@FirewallAPI.dll,-28531|Desc=@FirewallAPI.dll,-28534|EmbedCtxt=@FirewallAPI.dll,-28502|AutoGenIPsec=FALSE|Edge=FALSE|
"FPS-NB_Datagram-In-UDP" = v2.0|Action=Allow|Active=TRUE|Dir=In|Protocol=17|LPort=138|RA4=LocalSubnet|RA6=LocalSubnet|App=System|Name=@FirewallAPI.dll,-28527|Desc=@FirewallAPI.dll,-28530|EmbedCtxt=@FirewallAPI.dll,-28502|AutoGenIPsec=FALSE|Edge=FALSE|
"FPS-NB_Name-Out-UDP" = v2.0|Action=Allow|Active=TRUE|Dir=Out|Protocol=17|RPort=137|RA4=LocalSubnet|RA6=LocalSubnet|App=System|Name=@FirewallAPI.dll,-28523|Desc=@FirewallAPI.dll,-28526|EmbedCtxt=@FirewallAPI.dll,-28502|AutoGenIPsec=FALSE|Edge=FALSE|
"FPS-NB_Name-In-UDP" = v2.0|Action=Allow|Active=TRUE|Dir=In|Protocol=17|LPort=137|RA4=LocalSubnet|RA6=LocalSubnet|App=System|Name=@FirewallAPI.dll,-28519|Desc=@FirewallAPI.dll,-28522|EmbedCtxt=@FirewallAPI.dll,-28502|AutoGenIPsec=FALSE|Edge=FALSE|
"FPS-SMB-Out-TCP" = v2.0|Action=Allow|Active=TRUE|Dir=Out|Protocol=6|RPort=445|RA4=LocalSubnet|RA6=LocalSubnet|App=System|Name=@FirewallAPI.dll,-28515|Desc=@FirewallAPI.dll,-28518|EmbedCtxt=@FirewallAPI.dll,-28502|AutoGenIPsec=FALSE|Edge=FALSE|
"FPS-SMB-In-TCP" = v2.0|Action=Allow|Active=TRUE|Dir=In|Protocol=6|LPort=445|RA4=LocalSubnet|RA6=LocalSubnet|App=System|Name=@FirewallAPI.dll,-28511|Desc=@FirewallAPI.dll,-28514|EmbedCtxt=@FirewallAPI.dll,-28502|AutoGenIPsec=FALSE|Edge=FALSE|
"FPS-NB_Session-Out-TCP" = v2.0|Action=Allow|Active=TRUE|Dir=Out|Protocol=6|RPort=139|RA4=LocalSubnet|RA6=LocalSubnet|App=System|Name=@FirewallAPI.dll,-28507|Desc=@FirewallAPI.dll,-28510|EmbedCtxt=@FirewallAPI.dll,-28502|AutoGenIPsec=FALSE|Edge=FALSE|
"FPS-NB_Session-In-TCP" = v2.0|Action=Allow|Active=TRUE|Dir=In|Protocol=6|LPort=139|RA4=LocalSubnet|RA6=LocalSubnet|App=System|Name=@FirewallAPI.dll,-28503|Desc=@FirewallAPI.dll,-28506|EmbedCtxt=@FirewallAPI.dll,-28502|AutoGenIPsec=FALSE|Edge=FALSE|
"FPS-RPCSS-In-TCP-NoScope" = v2.0|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Domain|LPort=RPC-EPMap|Svc=Rpcss|Name=@FirewallAPI.dll,-28539|Desc=@FirewallAPI.dll,-28542|EmbedCtxt=@FirewallAPI.dll,-28502|AutoGenIPsec=FALSE|Edge=FALSE|
"FPS-SpoolSvc-In-TCP-NoScope" = v2.0|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Domain|LPort=RPC|App=%SystemRoot%\system32\spoolsv.exe|Svc=Spooler|Name=@FirewallAPI.dll,-28535|Desc=@FirewallAPI.dll,-28538|EmbedCtxt=@FirewallAPI.dll,-28502|AutoGenIPsec=FALSE|Edge=FALSE|
"FPS-NB_Datagram-Out-UDP-NoScope" = v2.0|Action=Allow|Active=TRUE|Dir=Out|Protocol=17|Profile=Domain|RPort=138|App=System|Name=@FirewallAPI.dll,-28531|Desc=@FirewallAPI.dll,-28534|EmbedCtxt=@FirewallAPI.dll,-28502|AutoGenIPsec=FALSE|Edge=FALSE|
"FPS-NB_Datagram-In-UDP-NoScope" = v2.0|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Domain|LPort=138|App=System|Name=@FirewallAPI.dll,-28527|Desc=@FirewallAPI.dll,-28530|EmbedCtxt=@FirewallAPI.dll,-28502|AutoGenIPsec=FALSE|Edge=FALSE|
"FPS-NB_Name-Out-UDP-NoScope" = v2.0|Action=Allow|Active=TRUE|Dir=Out|Protocol=17|Profile=Domain|RPort=137|App=System|Name=@FirewallAPI.dll,-28523|Desc=@FirewallAPI.dll,-28526|EmbedCtxt=@FirewallAPI.dll,-28502|AutoGenIPsec=FALSE|Edge=FALSE|
"FPS-NB_Name-In-UDP-NoScope" = v2.0|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Domain|LPort=137|App=System|Name=@FirewallAPI.dll,-28519|Desc=@FirewallAPI.dll,-28522|EmbedCtxt=@FirewallAPI.dll,-28502|AutoGenIPsec=FALSE|Edge=FALSE|
"FPS-SMB-Out-TCP-NoScope" = v2.0|Action=Allow|Active=TRUE|Dir=Out|Protocol=6|Profile=Domain|RPort=445|App=System|Name=@FirewallAPI.dll,-28515|Desc=@FirewallAPI.dll,-28518|EmbedCtxt=@FirewallAPI.dll,-28502|AutoGenIPsec=FALSE|Edge=FALSE|
"FPS-SMB-In-TCP-NoScope" = v2.0|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Domain|LPort=445|App=System|Name=@FirewallAPI.dll,-28511|Desc=@FirewallAPI.dll,-28514|EmbedCtxt=@FirewallAPI.dll,-28502|AutoGenIPsec=FALSE|Edge=FALSE|
"FPS-NB_Session-Out-TCP-NoScope" = v2.0|Action=Allow|Active=TRUE|Dir=Out|Protocol=6|Profile=Domain|RPort=139|App=System|Name=@FirewallAPI.dll,-28507|Desc=@FirewallAPI.dll,-28510|EmbedCtxt=@FirewallAPI.dll,-28502|AutoGenIPsec=FALSE|Edge=FALSE|
"FPS-NB_Session-In-TCP-NoScope" = v2.0|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Domain|LPort=139|App=System|Name=@FirewallAPI.dll,-28503|Desc=@FirewallAPI.dll,-28506|EmbedCtxt=@FirewallAPI.dll,-28502|AutoGenIPsec=FALSE|Edge=FALSE|
"RemoteAssistance-UPnP-Out-TCP-Active" = v2.0|Action=Allow|Active=TRUE|Dir=Out|Protocol=6|RA4=LocalSubnet|RA6=LocalSubnet|App=%SystemRoot%\system32\svchost.exe|Svc=upnphost|Name=@FirewallAPI.dll,-33037|Desc=@FirewallAPI.dll,-33038|EmbedCtxt=@FirewallAPI.dll,-33002|AutoGenIPsec=FALSE|Edge=FALSE|
"RemoteAssistance-UPnPHost-Out-TCP-Active" = v2.0|Action=Allow|Active=TRUE|Dir=Out|Protocol=6|RA4=LocalSubnet|RA6=LocalSubnet|App=System|Name=@FirewallAPI.dll,-33031|Desc=@FirewallAPI.dll,-33034|EmbedCtxt=@FirewallAPI.dll,-33002|AutoGenIPsec=FALSE|Edge=FALSE|
"RemoteAssistance-UPnPHost-In-TCP-Active" = v2.0|Action=Allow|Active=TRUE|Dir=In|Protocol=6|LPort=2869|RA4=LocalSubnet|RA6=LocalSubnet|App=System|Name=@FirewallAPI.dll,-33027|Desc=@FirewallAPI.dll,-33030|EmbedCtxt=@FirewallAPI.dll,-33002|AutoGenIPsec=FALSE|Edge=FALSE|
"RemoteAssistance-SSDPSrv-Out-UDP-Active" = v2.0|Action=Allow|Active=TRUE|Dir=Out|Protocol=17|RPort=1900|RA4=LocalSubnet|RA6=LocalSubnet|App=%SystemRoot%\system32\svchost.exe|Svc=Ssdpsrv|Name=@FirewallAPI.dll,-33023|Desc=@FirewallAPI.dll,-33026|EmbedCtxt=@FirewallAPI.dll,-33002|AutoGenIPsec=FALSE|Edge=FALSE|
"RemoteAssistance-SSDPSrv-In-UDP-Active" = v2.0|Action=Allow|Active=TRUE|Dir=In|Protocol=17|LPort=1900|RA4=LocalSubnet|RA6=LocalSubnet|App=%SystemRoot%\system32\svchost.exe|Svc=Ssdpsrv|Name=@FirewallAPI.dll,-33019|Desc=@FirewallAPI.dll,-33022|EmbedCtxt=@FirewallAPI.dll,-33002|AutoGenIPsec=FALSE|Edge=FALSE|
"RemoteAssistance-Out-TCP-Active" = v2.0|Action=Allow|Active=TRUE|Dir=Out|Protocol=6|App=%SystemRoot%\system32\msra.exe|Name=@FirewallAPI.dll,-33007|Desc=@FirewallAPI.dll,-33010|EmbedCtxt=@FirewallAPI.dll,-33002|AutoGenIPsec=FALSE|Edge=FALSE|
"RemoteAssistance-In-TCP-EdgeScope-Active" = v2.0|Action=Allow|Active=TRUE|Dir=In|Protocol=6|App=%SystemRoot%\system32\msra.exe|Name=@FirewallAPI.dll,-33003|Desc=@FirewallAPI.dll,-33006|EmbedCtxt=@FirewallAPI.dll,-33002|AutoGenIPsec=FALSE|Edge=TRUE|
"RemoteAssistance-UPnP-Out-TCP" = v2.0|Action=Allow|Active=TRUE|Dir=Out|Protocol=6|Profile=Domain|RA4=LocalSubnet|RA6=LocalSubnet|App=%SystemRoot%\system32\svchost.exe|Svc=upnphost|Name=@FirewallAPI.dll,-33037|Desc=@FirewallAPI.dll,-33038|EmbedCtxt=@FirewallAPI.dll,-33002|AutoGenIPsec=FALSE|Edge=FALSE|
"RemoteAssistance-UPnPHost-Out-TCP" = v2.0|Action=Allow|Active=TRUE|Dir=Out|Protocol=6|Profile=Domain|RA4=LocalSubnet|RA6=LocalSubnet|App=System|Name=@FirewallAPI.dll,-33031|Desc=@FirewallAPI.dll,-33034|EmbedCtxt=@FirewallAPI.dll,-33002|AutoGenIPsec=FALSE|Edge=FALSE|
"RemoteAssistance-UPnPHost-In-TCP" = v2.0|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Domain|LPort=2869|RA4=LocalSubnet|RA6=LocalSubnet|App=System|Name=@FirewallAPI.dll,-33027|Desc=@FirewallAPI.dll,-33030|EmbedCtxt=@FirewallAPI.dll,-33002|AutoGenIPsec=FALSE|Edge=FALSE|
"RemoteAssistance-SSDPSrv-Out-UDP" = v2.0|Action=Allow|Active=TRUE|Dir=Out|Protocol=17|Profile=Domain|RPort=1900|RA4=LocalSubnet|RA6=LocalSubnet|App=%SystemRoot%\system32\svchost.exe|Svc=Ssdpsrv|Name=@FirewallAPI.dll,-33023|Desc=@FirewallAPI.dll,-33026|EmbedCtxt=@FirewallAPI.dll,-33002|AutoGenIPsec=FALSE|Edge=FALSE|
"RemoteAssistance-SSDPSrv-In-UDP" = v2.0|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Domain|LPort=1900|RA4=LocalSubnet|RA6=LocalSubnet|App=%SystemRoot%\system32\svchost.exe|Svc=Ssdpsrv|Name=@FirewallAPI.dll,-33019|Desc=@FirewallAPI.dll,-33022|EmbedCtxt=@FirewallAPI.dll,-33002|AutoGenIPsec=FALSE|Edge=FALSE|
"RemoteAssistance-Out-TCP" = v2.0|Action=Allow|Active=TRUE|Dir=Out|Protocol=6|Profile=Domain|App=%SystemRoot%\system32\msra.exe|Name=@FirewallAPI.dll,-33007|Desc=@FirewallAPI.dll,-33010|EmbedCtxt=@FirewallAPI.dll,-33002|AutoGenIPsec=FALSE|Edge=FALSE|
"RemoteAssistance-In-TCP-EdgeScope" = v2.0|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Domain|App=%SystemRoot%\system32\msra.exe|Name=@FirewallAPI.dll,-33003|Desc=@FirewallAPI.dll,-33006|EmbedCtxt=@FirewallAPI.dll,-33002|AutoGenIPsec=FALSE|Edge=TRUE|
"RemoteAssistance-DCOM-In-TCP-NoScope" = v2.0|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Domain|LPort=RPC-EPMap|App=%SystemRoot%\system32\svchost.exe|Svc=rpcss|Name=@FirewallAPI.dll,-33035|Desc=@FirewallAPI.dll,-33036|EmbedCtxt=@FirewallAPI.dll,-33002|AutoGenIPsec=FALSE|Edge=FALSE|
"RemoteAssistance-RAServer-Out-TCP-NoScope" = v2.0|Action=Allow|Active=TRUE|Dir=Out|Protocol=6|Profile=Domain|App=%SystemRoot%\system32\raserver.exe|Name=@FirewallAPI.dll,-33015|Desc=@FirewallAPI.dll,-33018|EmbedCtxt=@FirewallAPI.dll,-33002|AutoGenIPsec=FALSE|Edge=FALSE|
"RemoteAssistance-RAServer-In-TCP-NoScope" = v2.0|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Domain|App=%SystemRoot%\system32\raserver.exe|Name=@FirewallAPI.dll,-33011|Desc=@FirewallAPI.dll,-33014|EmbedCtxt=@FirewallAPI.dll,-33002|AutoGenIPsec=FALSE|Edge=FALSE|
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
========== Authorized Applications List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{2147648F-BD0F-4A53-B422-2E82428108A1}" = lport=3702 | protocol=17 | dir=in | svc=fdphost | app=%systemroot%\system32\svchost.exe |
"{49BD8254-A37E-479F-8057-98067A4BCB24}" = rport=3702 | protocol=17 | dir=out | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
"{520BB0F0-76F5-4B28-AFEA-7D52247E84F4}" = lport=5721 | protocol=6 | dir=in | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{64852356-0E39-4A60-9414-C5137DC802B8}" = rport=5679 | protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{6F1E073D-5001-4995-A0B5-6912497039DE}" = lport=999 | protocol=6 | dir=in | app=%systemroot%\windowsmobile\wmdhost.exe |
"{77F82503-897C-45B4-AB30-2026C9FAACF6}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{79A7AE51-78F2-40FC-9EC6-B70785270C9E}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{80885C0A-7BFD-4800-B353-B9FE68CC93B2}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{8B7C3C89-6360-4C44-81EC-C20A444E25E6}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{B1A9AD23-9293-4000-9189-288F220A50AC}" = lport=26675 | protocol=6 | dir=in | name=@%systemroot%\windowsmobile\wmdcbase.exe,-4006 |
"{BA9D1751-D5BD-41B4-9B4E-C1A6758AB278}" = lport=3702 | protocol=17 | dir=in | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
"{CA3CC3EB-CF7F-48D9-AAFC-02B7D83F596D}" = lport=990 | protocol=6 | dir=in | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{CD14C7B6-E327-4C6F-82CE-0C1DAA0CF099}" = lport=5678 | protocol=6 | dir=in | app=%systemroot%\windowsmobile\wmdhost.exe |
"{D7C63134-3576-4BF2-BCD9-59A5A8E00089}" = lport=6004 | protocol=17 | dir=in | app=c:\program files\microsoft office\office14\outlook.exe |
"{EBB8C114-F208-4DD5-B20C-C60AB2C8A65C}" = rport=3702 | protocol=17 | dir=out | svc=fdphost | app=%systemroot%\system32\svchost.exe |
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{004138C8-C03D-4B3C-A941-7859ED9C5B48}" = protocol=17 | dir=in | app=c:\program files\common files\acronis\webserver\httpd.exe |
"{025C56E0-B396-40FB-A4E2-56AE242B4ADE}" = protocol=17 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{0840E9F5-68C9-44A5-940C-548F3F6D10B0}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{0D1E65FC-B7FA-4556-B6F0-2AA21F30ED46}" = protocol=17 | dir=in | app=c:\program files\teamviewer\version8\teamviewer.exe |
"{0F5FD6B4-2148-42E4-A694-5180599A1DDB}" = protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{111364AA-C63B-47F1-B215-D3459FC773A1}" = protocol=6 | dir=in | app=c:\program files\common files\acronis\agent\agent.exe |
"{13FA7EDF-4E46-4475-8D43-0C9D88F246BC}" = protocol=17 | dir=in | app=c:\program files\common files\acronis\agent\agent.exe |
"{17980219-E3CC-4B4F-8B34-4E899D7B613E}" = protocol=6 | dir=in | app=c:\program files\teamviewer\version8\teamviewer.exe |
"{1ACBE211-229E-4E71-A64B-F821F459A7A9}" = protocol=6 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{22B4158D-F48E-45B9-B89A-EAB26E7A8CE0}" = protocol=6 | dir=in | app=c:\program files\gfi software\deployment\microinstaller.exe |
"{298FC328-8011-4CEA-BF49-0EDC334F34C2}" = protocol=6 | dir=in | app=c:\program files\gfi software\deployment\microinstaller.exe |
"{2E2362A1-D747-4BBE-A59A-7A8B4FFB003F}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{2F2D5499-DF5E-4021-8036-C2C8879C98D3}" = protocol=17 | dir=in | app=c:\program files\gfi software\gfiagent\sbamsvc.exe |
"{356BBAE2-B2BD-4197-8FCC-A01BB3663AF6}" = protocol=6 | dir=in | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{357D7658-4F0F-4B2A-BECC-F26464A6E90B}" = protocol=6 | dir=in | app=c:\program files\common files\acronis\webserver\httpd.exe |
"{3BAD8B72-4392-4269-A95F-BAC8A8CAE467}" = protocol=6 | dir=in | app=c:\program files\gfi software\deployment\microinstaller.exe |
"{41F68C7D-E731-4A99-AB18-883F6BA38EA3}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office14\onenote.exe |
"{488DCC12-1055-48E6-9443-3AB89E5460CA}" = protocol=17 | dir=in | app=c:\program files\acronis\ams\managementserver.exe |
"{51AADE59-1BD5-4DB7-AD0E-187479B579BD}" = protocol=17 | dir=in | app=c:\program files\teamviewer\version8\teamviewer_service.exe |
"{5582B742-596C-4788-8984-848B4BA30DE1}" = protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{567C5D4E-E8EB-45EA-963F-3D62B92307D6}" = protocol=17 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{5F69C582-8D6C-43AF-81B4-E5A417CCA431}" = protocol=17 | dir=in | app=c:\program files\microsoft dynamics nav\60\roletailored client\microsoft.dynamics.nav.client.exe |
"{6234F865-4AA5-470A-8E2E-EE073798A6C8}" = protocol=6 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{66ACB7D5-F140-4A72-9E76-73B0094E3458}" = protocol=17 | dir=in | app=c:\program files\acronis\backupandrecovery\mms.exe |
"{685EB089-C5EF-4054-9F55-4BA27F9BE881}" = protocol=6 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{6B2861C9-7AE6-485F-A8A4-7E1498FF769C}" = protocol=6 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{6FCF6F3A-1614-4A8E-9B5C-71E5547A21FC}" = protocol=6 | dir=in | app=c:\program files\teamviewer\version8\teamviewer_service.exe |
"{7234C43A-FDCF-48AB-8259-291CB7F9739F}" = protocol=6 | dir=in | app=c:\program files\common files\acronis\agent\agent.exe |
"{747010F7-29DC-4D74-B2FF-A8CAF6A43BB5}" = protocol=6 | dir=in | app=c:\program files\acronis\backupandrecovery\mms.exe |
"{7BA2EFD7-9B8B-43E4-9D03-D4BF34FBB0BC}" = protocol=6 | dir=in | app=c:\program files\microsoft dynamics nav\60\roletailored client\microsoft.dynamics.nav.client.exe |
"{7C2A849E-FB0A-4FC3-9198-6B48DA252BDC}" = protocol=17 | dir=in | app=c:\program files\acronis\ams\managementserver.exe |
"{83A57B65-A8F6-4452-B124-55619DF2CD07}" = protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{880AA0C1-2A00-4F3F-8582-BAEF4A4E5211}" = protocol=6 | dir=in | app=c:\program files\acronis\backupandrecovery\mms.exe |
"{8B91DCCB-FBA4-4ADD-B004-250FF249DDAB}" = dir=in | app=c:\program files\cyberlink\powerdvd8\powerdvd8.exe |
"{8C473905-6CF3-4990-B6B4-D14D60472FEA}" = protocol=6 | dir=in | app=c:\program files\acronis\ams\managementserver.exe |
"{8E60945A-133D-46E3-8F32-6AB06D7E3FFE}" = protocol=6 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{97F043B1-15D8-424E-9FB4-613BBCF5A874}" = protocol=6 | dir=in | app=c:\program files\microsoft dynamics nav\60\roletailored client\microsoft.dynamics.nav.client.exe |
"{9D55127A-BA5F-4CF1-8B26-5784426C3528}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{9DCDB2C4-722D-4284-AEBF-236A6E418697}" = protocol=6 | dir=in | app=c:\program files\acronis\ams\managementserver.exe |
"{9EA743A5-9753-4CC4-80F0-34DD4ECDDEDD}" = protocol=17 | dir=in | app=c:\program files\gfi software\gfiagent\sbamsvc.exe |
"{9FFBFE14-37CD-4055-B100-898F722602B2}" = protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{A1A75595-6417-437A-AFAA-6A77AC09B941}" = protocol=6 | dir=in | app=c:\program files\gfi software\gfiagent\sbamsvc.exe |
"{A2EA05CE-8D61-41E4-861D-EF74E354F4B0}" = protocol=6 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{A73182D7-338B-4B9B-904F-74DF74DDA09E}" = protocol=17 | dir=in | app=c:\program files\gfi software\deployment\microinstaller.exe |
"{AAC650FD-63DB-45EC-81E1-E60B722EC227}" = protocol=17 | dir=in | app=c:\program files\microsoft dynamics nav\60\roletailored client\microsoft.dynamics.nav.client.exe |
"{B07C962A-0AFF-4B63-BF34-F0A3DA3B773A}" = protocol=17 | dir=in | app=c:\program files\gfi software\deployment\microinstaller.exe |
"{B77F855B-EB2E-4B2E-8202-1195C58678FC}" = protocol=6 | dir=in | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{BED6B48B-3D63-4715-9C7E-5616C876B5E2}" = protocol=6 | dir=in | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{C70BEB01-8B39-4733-9C0E-78E4C0658B42}" = protocol=17 | dir=in | app=c:\program files\common files\acronis\webserver\httpd.exe |
"{CB65CAC5-98D5-4FCD-AEE3-85D5E7544487}" = protocol=6 | dir=in | app=c:\program files\common files\acronis\webserver\httpd.exe |
"{D3DD729D-FE5B-4CF3-B915-A4035CF3A636}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{D3F5FCE0-E226-4BEB-98B3-7FDF8CD1774D}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office14\groove.exe |
"{D4E0B57A-6ADE-4266-AB49-9F3A20C3BE6D}" = dir=in | app=c:\program files\itunes\itunes.exe |
"{D7F3ABDB-F3A5-414B-B381-6C74A41C8434}" = protocol=17 | dir=in | app=c:\program files\saazod\basecomponents\patchmanagement\zpmamgmt.exe |
"{DD49F776-17E4-4831-8781-2544997D4FEC}" = protocol=17 | dir=in | app=c:\program files\acronis\backupandrecovery\mms.exe |
"{DDC8B242-659E-4210-B090-C521E8B0E86D}" = protocol=6 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{E6CD3DC1-122B-460F-9C67-E5888E7DFD97}" = protocol=17 | dir=in | app=c:\program files\common files\acronis\agent\agent.exe |
"{EAE78CD2-34B9-4D85-B9FC-EDFBC936B473}" = protocol=6 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{ED3500EF-A09A-4DB2-9591-C93BF63D5A6E}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office14\groove.exe |
"{EFA7009A-0B5C-4FD2-8F8C-00CF1A4561B8}" = protocol=17 | dir=in | app=c:\program files\gfi software\deployment\microinstaller.exe |
"{F04CDE6B-4565-4AC8-B26B-B86A2B3FAB50}" = protocol=17 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{F20C7F96-097E-4795-B10B-BD8A0A729A5A}" = protocol=6 | dir=in | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{F2B55519-9939-4982-A5BA-8FA2776B83A3}" = protocol=6 | dir=in | app=c:\program files\gfi software\gfiagent\sbamsvc.exe |
"{F714548D-3D20-4A0D-BB6F-DF9BA2E6F0BB}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office14\onenote.exe |
"{F95D6B8B-415F-47ED-B34F-8ADE0309D8F2}" = protocol=6 | dir=in | app=c:\program files\saazod\basecomponents\patchmanagement\zpmamgmt.exe |
"{FB8CFF33-8E6B-4AD1-9612-5BCB902E49E5}" = protocol=17 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"TCP Query User{20CE18A9-5E0B-4B90-8BF1-19FE834857AF}C:\users\tony\appdata\local\logmein rescue applet\lmir0001.tmp\lmi_rescue.exe" = protocol=6 | dir=in | app=c:\users\tony\appdata\local\logmein rescue applet\lmir0001.tmp\lmi_rescue.exe |
"TCP Query User{471A615B-46E0-4A7D-84B2-600026E9844E}C:\program files\internet explorer\iexplore.exe" = protocol=6 | dir=in | app=c:\program files\internet explorer\iexplore.exe |
"TCP Query User{4FFF5BD1-2EE3-47E2-B90F-2FC5BC3C30D5}C:\program files\microsoft office\office14\outlook.exe" = protocol=6 | dir=in | app=c:\program files\microsoft office\office14\outlook.exe |
"TCP Query User{AD402FE4-0F01-4550-8A78-C204CA583C1C}E:\abr11.5a_37687_en-us.exe" = protocol=6 | dir=in | app=e:\abr11.5a_37687_en-us.exe |
"TCP Query User{C68877E4-7384-4262-A163-D250535C9FA8}C:\program files\dameware development\dameware nt utilities 7.5\dntu.exe" = protocol=6 | dir=in | app=c:\program files\dameware development\dameware nt utilities 7.5\dntu.exe |
"TCP Query User{CC6C069E-2DA3-4EBF-AFBF-AC84B7D4E319}C:\program files\surveillix\scs\scs.exe" = protocol=6 | dir=in | app=c:\program files\surveillix\scs\scs.exe |
"UDP Query User{37641EE8-85E3-48A0-B843-1CC8EC9D549D}C:\users\tony\appdata\local\logmein rescue applet\lmir0001.tmp\lmi_rescue.exe" = protocol=17 | dir=in | app=c:\users\tony\appdata\local\logmein rescue applet\lmir0001.tmp\lmi_rescue.exe |
"UDP Query User{50D73E67-3E95-4037-97D9-EB88A88AFA4A}C:\program files\surveillix\scs\scs.exe" = protocol=17 | dir=in | app=c:\program files\surveillix\scs\scs.exe |
"UDP Query User{7253BD55-42AF-42E6-933D-2697CE413C87}C:\program files\microsoft office\office14\outlook.exe" = protocol=17 | dir=in | app=c:\program files\microsoft office\office14\outlook.exe |
"UDP Query User{75444B83-A168-4308-BE2E-76F7CF82140B}E:\abr11.5a_37687_en-us.exe" = protocol=17 | dir=in | app=e:\abr11.5a_37687_en-us.exe |
"UDP Query User{9458BC70-23B3-4D39-8B94-91198A8EE89E}C:\program files\dameware development\dameware nt utilities 7.5\dntu.exe" = protocol=17 | dir=in | app=c:\program files\dameware development\dameware nt utilities 7.5\dntu.exe |
"UDP Query User{FEB988F1-9715-4725-B3D6-788DA5B946E0}C:\program files\internet explorer\iexplore.exe" = protocol=17 | dir=in | app=c:\program files\internet explorer\iexplore.exe |
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{00000000-0000-6001-0000-0000836BD2D2}" = Microsoft Dynamics NAV 2009 Classic
"{00000000-0000-6001-0020-0000836BD2D2}" = Microsoft Dynamics NAV 2009 RoleTailored Client
"{00000000-0000-6001-0C0C-0CE90DA3512B}" = Canadian Module for Microsoft Dynamics NAV Role Tailored Client
"{00000000-0000-6001-0C0C-39E2AE882700}" = Canadian Module for Microsoft Dynamics NAV Documentation
"{00000000-0000-6001-0C0C-FDACB85853AF}" = Canadian Module for Microsoft Dynamics NAV Classic Client
"{00000000-0000-6001-2400-0CE90DA3512B}" = Canadian Module for Microsoft Dynamics NAV Role Tailored Client
"{00000000-0000-6001-2400-39E2AE882700}" = Canadian Module for Microsoft Dynamics NAV Documentation
"{00000000-0000-6001-2400-FDACB85853AF}" = Canadian Module for Microsoft Dynamics NAV Classic Client
"{00000000-0000-6001-8EA3-0000836BD2D2}" = Documentation
"{00000000-0000-6001-9000-0CE90DA3512B}" = Mexican Module for Microsoft Dynamics NAV Role Tailored Client
"{00000000-0000-6001-9000-39E2AE882700}" = Mexican Module for Microsoft Dynamics NAV Documentation
"{00000000-0000-6001-9000-FDACB85853AF}" = Mexican Module for Microsoft Dynamics NAV Classic Client
"{00000000-0000-6001-A577-0000836BD2D2}" = Microsoft Dynamics NAV 6.0 Setup
"{00000000-0000-6001-D800-0CE90DA3512B}" = American Module for Microsoft Dynamics NAV Role Tailored Client
"{00000000-0000-6001-D800-39E2AE882700}" = American Module for Microsoft Dynamics NAV Documentation
"{00000000-0000-6001-D800-FDACB85853AF}" = American Module for Microsoft Dynamics NAV Classic Client
"{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}" = PDFCreator
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{033E378E-6AD3-4AD5-BDEB-CBD69B31046C}" = Microsoft_VC90_ATL_x86
"{03AFCAEE-20E0-423E-8E44-F4AAA3BA1D65}" = Acronis Backup 11.5 Management Console
"{04805AB6-F757-496A-8D56-37A0FC5FF6F3}" = VMware vSphere Client 5.0
"{04AF207D-9A77-465A-8B76-991F6AB66245}" = Adobe Help Viewer CS3
"{06CA3EA6-092E-4BA6-83E7-13950FECB3AF}" = Setup
"{083988D7-BDA9-4244-983B-409A634BBC09}" = SAP Crystal Reports runtime engine for .NET Framework 4 (32-bit)
"{08B32819-6EEF-4057-AEDA-5AB681A36A23}" = Adobe Bridge Start Meeting
"{08D2E121-7F6A-43EB-97FD-629B44903403}" = Microsoft_VC90_CRT_x86
"{0D2DBE8A-43D0-7830-7AE7-CA6C99A832E7}" = Adobe Community Help
"{0F3647F8-E51D-4FCC-8862-9A8D0C5ACF25}" = Microsoft_VC80_ATL_x86
"{13D85C14-2B85-419F-AC41-C7F21E68B25D}" = Acer eSettings Management
"{173A2B7F-535A-4403-A454-B41531EF0D7F}" = Remote Desktop Connection Manager
"{184CE391-7E0E-4C63-9935-D7A10EDFD3C6}" = Adobe WinSoft Linguistics Plugin
"{1C2D030F-AECD-4E72-A8FD-AB4242BDA7C6}" = Keyscan System VII Client
"{1D7692D6-F8EC-42B7-808D-23970A2930C4}" = Surveillix SCS
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{20400dbd-e6db-45b8-9b6b-1dd7033818ec}" = Nero InfoTool Help
"{2348b586-c9ae-46ce-936c-a68e9426e214}" = Nero StartSmart Help
"{2750B389-A2D2-4953-99CA-27C1F2A8E6FD}" = Microsoft SQL Server 2005 Tools Express Edition
"{288DB08D-0708-4A94-B055-55B99E39EB62}" = Adobe Creative Suite 5 Master Collection
"{29E5EA97-5F74-4A57-B8B2-D4F169117183}" = Adobe Stock Photos CS3
"{2A697B53-0DE3-42DA-B41D-C3F804B1C538}" = iTunes
"{2A981294-F14C-4F0F-9627-D793270922F8}" = Bonjour
"{2AFFFDD7-ED85-4A90-8C52-5DA9EBDC9B8F}" = Microsoft SQL Server 2005 Express Edition (ACRONIS)
"{2BF2E31F-B8BB-40A7-B650-98D28E0F7D47}" = CyberLink PowerDVD 8
"{2DC94AFD-A6E2-4AB4-9132-4A3F8E07B386}" = Apple Application Support
"{30075A70-B5D2-440B-AFA3-FB2021740121}" = Backup Manager Advance
"{31821EFE-1B31-4744-9FB0-208F92BD7168}" = Visual FoxPro ODBC Driver
"{33cf58f5-48d8-4575-83d6-96f574e4d83a}" = Nero DriveSpeed
"{33D79CB9-E6CF-458B-A3FC-41419B8088AC}" = Maxithermal
"{34542598-AC39-4F03-8C2D-819C10592BB0}" = Acronis Backup 11.5 Bootable Media Builder
"{36E0F777-19FE-4454-BB2D-84206758EA85}" = LogMeIn
"{39A086B2-07D6-430B-AE5E-B8AC1CC843A7}" = GFI Business Agent
"{3DA20A12-AD9F-4A75-8A6F-5204EEB94359}" = PDF Architect 2 View Module
"{4AB6A079-178B-4144-B21F-4D1AE71666A2}" = Microsoft SQL Server 2008 R2 Native Client
"{4D43D635-6FDA-4fa5-AA9B-23CF73D058EA}" = Nero StartSmart OEM
"{4F3E17F8-F1C8-4A4B-9EB8-1EE2D190CDA9}" = Adobe Setup
"{51846830-E7B2-4218-8968-B77F0FF475B8}" = Adobe Color EU Extra Settings
"{53F5C3EE-05ED-4830-994B-50B2F0D50FCE}" = Microsoft SQL Server Setup Support Files (English)
"{54793AA1-5001-42F4-ABB6-C364617C6078}" = Adobe Linguistics CS3
"{56B4002F-671C-49F4-984C-C760FE3806B5}" = Microsoft SQL Server VSS Writer
"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
"{57752979-A1C9-4C02-856B-FBB27AC4E02C}" = QuickTime
"{595a3116-40bb-4e0f-a2e8-d7951da56270}" = NeroExpress
"{5C5778DB-3E5A-499D-865D-740E67D1F165}" = LogMeIn
"{635FED5B-2C6D-49BE-87E6-7A6FCD22BC5A}" = Microsoft_VC90_MFC_x86
"{63C7E50A-FBCD-40C0-974F-0855C286AB2B}" = DameWare NT Utilities 7.5
"{6ABE0BEE-D572-4FE8-B434-9E72A289431B}" = Adobe Fonts All
"{6FF5DD7A-FE28-4439-B8CF-1E9AF4EA0A61}" = Adobe Asset Services CS3
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{716E0306-8318-4364-8B8F-0CC4E9376BAC}" = MSXML 4.0 SP2 Parser and SDK
"{7370A3E3-9326-42AD-8B64-32D93A839F04}" = Acronis Backup 11.5 Agent Core
"{7670D32F-DAE6-4E49-8C8B-B3F08B5B1686}" = Microsoft SQL Server Native Client
"{7748ac8c-18e3-43bb-959b-088faea16fb2}" = Nero StartSmart
"{7D2FE2D3-B4EA-4629-8B9D-59F2E0259D46}" = Motorola DataWedge 3.3
"{7DBBC062-E7D5-49E9-8694-FF19E047343B}" = .Net Framework 3.5
"{7F811A54-5A09-4579-90E1-C93498E230D9}" = Acer eRecovery Management
"{802771A9-A856-4A41-ACF7-1450E523C923}" = Adobe XMP Panels CS3
"{8048F0F3-C5AB-4C3C-8518-2B5E41DDFABA}" = AuthenTec Fingerprint Sensor Minimum Install
"{81FE9EFB-5A37-4B1D-881B-3C8E5E955A34}" = Softshare EDI Notepad
"{82CD6A04-6259-4EF0-BFA6-25D07EF5A875}" = TrueCommerce Transaction Manager
"{83202942-84b3-4c50-8622-b8c0aa2d2885}" = Nero Express Help
"{869200db-287a-4dc0-b02b-2b6787fbcd4c}" = Nero DiscSpeed
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8D2BA474-F406-4710-9AE4-D4F22D21F0DD}" = Adobe Device Central CS3
"{8E6808E2-613D-4FCD-81A2-6C8FA8E03312}" = Adobe Type Support
"{8F1B6239-FEA0-450A-A950-B05276CE177C}" = Acer Framework
"{90140000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2010
"{90140000-0015-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2010
"{90140000-0016-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2010
"{90140000-0018-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2010
"{90140000-0019-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2010
"{90140000-001A-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2010
"{90140000-001B-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010
"{90140000-001F-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{99ACCA38-6DD3-48A8-96AE-A283C9759279}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2010
"{90140000-001F-040C-0000-0000000FF1CE}_Office14.PROPLUSR_{46298F6A-1E7E-4D4A-B5F5-106A4F0E48C6}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2010
"{90140000-001F-0C0A-0000-0000000FF1CE}_Office14.PROPLUSR_{DEA87BE2-FFCC-4F33-9946-FCBE55A1E998}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2010
"{90140000-002C-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{7CA93DF4-8902-449E-A42E-4C5923CFBDE3}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2010
"{90140000-0044-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2010
"{90140000-006E-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{4560037C-E356-444A-A015-D21F487D809E}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2010
"{90140000-00A1-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2010
"{90140000-00BA-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2010
"{90140000-0115-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{4560037C-E356-444A-A015-D21F487D809E}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2010
"{90140000-0117-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90150000-0017-0000-0000-0000000FF1CE}" = Microsoft SharePoint Designer 2013
"{90150000-0017-0409-0000-0000000FF1CE}" = Microsoft SharePoint Designer MUI (English) 2013
"{90150000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proofing Tools 2013 - English
"{90150000-001F-040C-0000-0000000FF1CE}" = Outils de vérification linguistique 2013 de Microsoft Office - Français
"{90150000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proofing Tools 2013 - Español
"{90150000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2013
"{90150000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2013
"{90150000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2013
"{90176341-0A8B-4CCC-A78D-F862228A6B95}" = Adobe Anchor Service CS3
"{904CCF62-818D-4675-BC76-D37EB399F917}" = Windows Mobile Device Center
"{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel® Matrix Storage Manager
"{91140000-0011-0000-0000-0000000FF1CE}" = Microsoft Office Professional Plus 2010
"{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{047B0968-E622-4FAA-9B4B-121FA109EDDE}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{91D5592A-CA01-4610-AC0C-6FEF99F9FEDF}" = TrueCommerce Diagnostics Tool
"{92D58719-BBC1-4CC3-A08B-56C9E884CC2C}" = Microsoft_VC80_CRT_x86
"{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033" = Microsoft .NET Framework 4.5
"{95655ED4-7CA5-46DF-907F-7144877A32E5}" = Adobe Color NA Recommended Settings
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BC51C0F-DA8E-4370-9997-899B3435A647}" = VMware vSphere Host Update Utility 4.0
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9C9824D9-9000-4373-A6A5-D0E5D4831394}" = Adobe Bridge CS3
"{9D571CDB-02AC-472D-8921-D2DBC4E64CE6}" = Crystal Reports 9 Redistributables
"{9F612429-4A00-3D44-88CF-146DA2EE1F92}" = Microsoft .NET Framework 4.5
"{9FE75E68-96A2-48F3-90AB-34E6B8C9989D}" = Microsoft Mouse and Keyboard Center
"{A0B433B1-941D-46F5-AE59-286263534232}" = VMware vSphere Client 4.1
"{A1FFD720-0806-40E9-9554-DB22D593FDEF}" = Acer PowerSaver
"{A2B242BD-FF8D-4840-9DAA-9170EABEC59C}" = Adobe CMaps
"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
"{A2F25E98-D557-4AB7-9EBE-627D956A0E5C}" = Acronis License Server
"{A78190D6-A513-4C5D-BC20-CFE14F1CD5E3}" = Veriton ControlCenter
"{A78FE97A-C0C8-49CE-89D0-EDD524A17392}" = PDF Settings CS5
"{A8F2089B-1F79-4BF6-B385-A2C2B0B9A74D}" = ImagXpress
"{A9CFD8BA-61D3-4259-89EB-BA630FCF2FDE}" = Acronis Backup 11.5 Command-Line Tool
"{AC2E970D-857C-4DA9-9DAF-7F892E37540A}" = Acronis Backup 11.5 Agent for Windows
"{AC5B0C19-D851-42F4-BDA0-410ECF7F70A5}" = PDF Settings
"{AC76BA86-1033-F400-7761-000000000004}" = Adobe Acrobat 9 Pro Extended - English, Français, Deutsch
"{AC76BA86-1033-F400-7761-000000000004}_955" = Adobe Acrobat 9.5.5 - CPSID_83708
"{AC76BA86-1033-F400-7761-000000000004}{AC76BA86-1033-F400-7761-000000000004}" = Adobe Acrobat 9 Pro Extended - English, Français, Deutsch
"{AC76BA86-7AD7-FFFF-7B44-A91000000001}" = Adobe Reader 9.1 MUI
"{AF2A8E58-DBC6-36D3-A145-7252029F6F48}" = Microsoft Report Viewer Redistributable 2008 SP1
"{B22CC1EA-3B11-449C-8AE8-6EA7BCEDCC19}" = Genesis R&D SQL
"{b2ec4a38-b545-4a00-8214-13fe0e915e6d}" = Advertising Center
"{B3BF6689-A81D-40D8-9A86-4AC4ACD9FC1C}" = Adobe Camera Raw 4.0
"{B9B35331-B7E4-4E5C-BF4C-7BC87856124D}" = Adobe Default Language CS3
"{BCB4C18A-ACA6-4383-8688-E19933A705DD}" = Microsoft SOAP Toolkit 3.0
"{bd5ca0da-71ad-43da-b19e-6eee0c9adc9a}" = Nero ControlCenter
"{C193C75D-02BF-4F9D-8981-0843A7EABF39}" = Surveillix Remote
"{C1C4DD27-DD38-46A5-8396-B140771DB202}" = Acronis Backup 11.5 Agent for SQL
"{C1D1FC57-3EB9-4B21-BCA3-F1C927508200}" = GFI Business Agent
"{C2D69781-F392-4118-A5A7-C7E9C38DBFC2}" = Adobe ExtendScript Toolkit 2
"{C40698F9-A861-4531-9F8C-FA7F8961375B}" = VMware vSphere Client 4.0
"{C41300B9-185D-475E-BFEC-39EF732F19B1}" = Apple Software Update
"{CACAEB5F-174D-4C7C-AC56-A33289A807CA}" = Apple Mobile Device Support
"{cc019e3f-59d2-4486-8d4b-878105b62a71}" = Nero DiscSpeed Help
"{CD5DC4AA-7D62-48D9-B756-5925471001FE}" = Microsoft OLE DB Provider for Visual FoxPro
"{CE16D92B-50F3-4FC5-B29C-13FAFEE1A6C6}" = DYMO LabelWriter Drivers
"{CE26F10F-C80F-4377-908B-1B7882AE2CE3}" = Crystal Reports Basic Runtime for Visual Studio 2008
"{CE9B44EB-8511-4E19-BA88-A12627D52008}" = OstroSoft SMTP Component
"{cf8a4834-4d9c-43b5-923d-7f56b9168d93}" = Nero 9 Essentials
"{D0DFF92A-492E-4C40-B862-A74A173C25C5}" = Adobe Version Cue CS3 Client
"{D1A19B02-817E-4296-A45B-07853FD74D57}" = Microsoft_VC80_MFC_x86
"{D2559B88-CC9D-4B48-81BB-F492BAA9C48C}" = Adobe PDF Library Files
"{D38FA7FF-84E7-42F7-ACAC-E85DF086F008}" = Acer QuickMigration
"{D642E38E-0D24-486C-9A2D-E316DD696F4B}" = Microsoft XML Parser
"{D92BBB52-82FF-42ED-8A3C-4E062F944AB7}" = Microsoft_VC80_MFCLOC_x86
"{D9EFA000-AE0B-4929-925E-C12D9E40E5E6}" = ProcessPro Premier 10.2 WorkStation
"{DADD7B8A-BCB0-44F5-967A-ECB6B4F2ECD9}" = Adobe Color Common Settings
"{dba84796-8503-4ff0-af57-1747dd9a166d}" = Nero Online Upgrade
"{DD7DB3C5-6FA3-4FA3-8A71-C2F2940EB029}" = Adobe Color JA Extra Settings
"{DE3A9DC5-9A5D-6485-9662-347162C7E4CA}" = Adobe Media Player
"{DFAA3D2B-7087-464E-823B-738A23C29C27}" = Microsoft Visual J# 2.0 Redistributable Package - SE
"{E503B4BF-F7BB-3D5F-8BC8-F694B1CFF942}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022.218
"{e5c7d048-f9b4-4219-b323-8bdb01a2563d}" = Nero DriveSpeed Help
"{E69AE897-9E0B-485C-8552-7841F48D42D8}" = Adobe Update Manager CS3
"{e8a80433-302b-4ff1-815d-fcc8eac482ff}" = Nero Installer
"{E9F0D163-FA3B-4FC5-A978-CBCC7DB68081}" = Acronis Backup 11.5 Management Server
"{ED780047-33A8-4270-ABAA-B89ECB5A90E7}" = Acronis Components for Remote Installation
"{EE171732-BEB4-4576-887D-CB62727F01CA}" = Acer Updater
"{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}" = Skype™ 5.10
"{F08E8D2E-F132-4742-9C87-D5FF223A016A}" = Adobe Illustrator CS3
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{f4041dce-3fe1-4e18-8a9e-9de65231ee36}" = Nero ControlCenter
"{fbcdfd61-7dcf-4e71-9226-873ba0053139}" = Nero InfoTool
"Acer Welcome Center" = Welcome Center
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe_a04a925a57548091300ada368235fc6" = Adobe Illustrator CS3
"CeRegEditor_is1" = CeRegEditor 0.0.5.1
"chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Community Help
"com.adobe.amp.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Media Player
"DynamicsNav60" = Microsoft Dynamics NAV 2009 SP1
"EASYLABELPLAT" = EASYLABEL Platinum
"HDMI" = Intel® Graphics Media Accelerator Driver
"InstallShield_{1D7692D6-F8EC-42B7-808D-23970A2930C4}" = Surveillix SCS
"InstallShield_{2BF2E31F-B8BB-40A7-B650-98D28E0F7D47}" = CyberLink PowerDVD 8
"InstallShield_{30075A70-B5D2-440B-AFA3-FB2021740121}" = Acer Backup Manager
"InstallShield_{C193C75D-02BF-4F9D-8981-0843A7EABF39}" = Surveillix Remote
"LAN-Fax Utilities" = LAN-Fax Utilities
"Malwarebytes Anti-Malware_is1" = Malwarebytes Anti-Malware version 2.0.2.1012
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.75.0.1300
"Marathon_Products" = MDAS-Pro
"MAS 90 Workstation" = MAS 90 Workstation
"Microsoft Mouse and Keyboard Center" = Microsoft Mouse and Keyboard Center
"Microsoft Report Viewer Redistributable 2008 SP1" = Microsoft Report Viewer Redistributable 2008 SP1
"Microsoft SQL Server 2005" = Microsoft SQL Server 2005
"Microsoft Visual J# 2.0 Redistributable Package - SE" = Microsoft Visual J# 2.0 Redistributable Package - SE
"Notepad++" = Notepad++
"novaPDF v7_is1" = novaPDF v7 (novaPDF 7.7 printer)
"NVIDIA Drivers" = NVIDIA Drivers
"Office14.PROPLUSR" = Microsoft Office Professional Plus 2010
"Office15.SharePointDesigner" = Microsoft SharePoint Designer 2013
"SAAZOD" = ITSupport247-DPMA
"ServiceInstaller" = ServiceInstaller
"TeamViewer 8" = TeamViewer 8
"VLC media player" = VLC media player 1.0.5
"WinRAR archiver" = WinRAR archiver
"winscp3_is1" = WinSCP 4.2.7
 
========== Last 20 Event Log Errors ==========
 
[ Application Events ]
Error - 10/06/2014 2:50:09 PM | Computer Name = X153-WIN7.DOMAIN.local | Source = Application Error | ID = 1000
Description = Faulting application name: mbam-setup-2.0.2.1012.tmp, version: 51.52.0.0,
 time stamp: 0x2a425e19  Faulting module name: ntdll.dll, version: 6.1.7601.18247,
 time stamp: 0x521ea91c  Exception code: 0xc0000005  Fault offset: 0x00052d37  Faulting
 process id: 0x16ac  Faulting application start time: 0x01cf84dcb3514da0  Faulting application
 path: C:\Users\Tony\AppData\Local\Temp\is-QMOL0.tmp\mbam-setup-2.0.2.1012.tmp  Faulting
 module path: C:\Windows\SYSTEM32\ntdll.dll  Report Id: 0b9c9fd8-f0d0-11e3-b070-90fba630bb24
 
Error - 11/06/2014 12:32:13 AM | Computer Name = X153-WIN7.DOMAIN.local | Source = SideBySide | ID = 16842815
Description = Activation context generation failed for "C:\Program Files\Common
Files\Adobe AIR\Versions\1.0\Adobe AIR.dll".Error in manifest or policy file "C:\Program
 Files\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dll" on line 3.  The value "MAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINOR"
 of attribute "version" in element "assemblyIdentity" is invalid.
 
Error - 12/06/2014 12:33:04 AM | Computer Name = X153-WIN7.DOMAIN.local | Source = SideBySide | ID = 16842815
Description = Activation context generation failed for "C:\Program Files\Common
Files\Adobe AIR\Versions\1.0\Adobe AIR.dll".Error in manifest or policy file "C:\Program
 Files\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dll" on line 3.  The value "MAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINOR"
 of attribute "version" in element "assemblyIdentity" is invalid.
 
Error - 12/06/2014 4:49:38 PM | Computer Name = X153-WIN7.DOMAIN.local | Source = Application Error | ID = 1000
Description = Faulting application name: PowerSaverTray.exe, version: 1.0.3005.0,
 time stamp: 0x49e81ef9  Faulting module name: PowerSaverTray.exe, version: 1.0.3005.0,
 time stamp: 0x49e81ef9  Exception code: 0xc0000005  Fault offset: 0x00001010  Faulting
 process id: 0x1e5c  Faulting application start time: 0x01cf867fcfbda314  Faulting application
 path: C:\Program Files\Acer\Acer PowerSaver\PowerSaverTray.exe  Faulting module path:
 C:\Program Files\Acer\Acer PowerSaver\PowerSaverTray.exe  Report Id: 115944db-f273-11e3-b04e-90fba630bb24
 
Error - 13/06/2014 11:56:26 AM | Computer Name = X153-WIN7.DOMAIN.local | Source = Application Error | ID = 1000
Description = Faulting application name: PowerSaverTray.exe, version: 1.0.3005.0,
 time stamp: 0x49e81ef9  Faulting module name: PowerSaverTray.exe, version: 1.0.3005.0,
 time stamp: 0x49e81ef9  Exception code: 0xc0000005  Fault offset: 0x00001010  Faulting
 process id: 0x148c  Faulting application start time: 0x01cf8720064a9483  Faulting application
 path: C:\Program Files\Acer\Acer PowerSaver\PowerSaverTray.exe  Faulting module path:
 C:\Program Files\Acer\Acer PowerSaver\PowerSaverTray.exe  Report Id: 45e0d234-f313-11e3-b077-90fba630bb24
 
Error - 14/06/2014 12:32:50 AM | Computer Name = X153-WIN7.DOMAIN.local | Source = SideBySide | ID = 16842815
Description = Activation context generation failed for "C:\Program Files\Common
Files\Adobe AIR\Versions\1.0\Adobe AIR.dll".Error in manifest or policy file "C:\Program
 Files\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dll" on line 3.  The value "MAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINOR"
 of attribute "version" in element "assemblyIdentity" is invalid.
 
Error - 16/06/2014 9:47:45 AM | Computer Name = X153-WIN7.DOMAIN.local | Source = Application Error | ID = 1000
Description = Faulting application name: PowerSaverTray.exe, version: 1.0.3005.0,
 time stamp: 0x49e81ef9  Faulting module name: PowerSaverTray.exe, version: 1.0.3005.0,
 time stamp: 0x49e81ef9  Exception code: 0xc0000005  Fault offset: 0x00001010  Faulting
 process id: 0x4494  Faulting application start time: 0x01cf89698a098122  Faulting application
 path: C:\Program Files\Acer\Acer PowerSaver\PowerSaverTray.exe  Faulting module path:
 C:\Program Files\Acer\Acer PowerSaver\PowerSaverTray.exe  Report Id: cb5c7f4d-f55c-11e3-b070-90fba630bb24
 
Error - 17/06/2014 12:32:02 AM | Computer Name = X153-WIN7.DOMAIN.local | Source = SideBySide | ID = 16842815
Description = Activation context generation failed for "C:\Program Files\Common
Files\Adobe AIR\Versions\1.0\Adobe AIR.dll".Error in manifest or policy file "C:\Program
 Files\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dll" on line 3.  The value "MAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINOR"
 of attribute "version" in element "assemblyIdentity" is invalid.
 
Error - 19/06/2014 12:33:02 AM | Computer Name = X153-WIN7.DOMAIN.local | Source = SideBySide | ID = 16842815
Description = Activation context generation failed for "C:\Program Files\Common
Files\Adobe AIR\Versions\1.0\Adobe AIR.dll".Error in manifest or policy file "C:\Program
 Files\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dll" on line 3.  The value "MAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINOR"
 of attribute "version" in element "assemblyIdentity" is invalid.
 
Error - 23/06/2014 9:40:56 AM | Computer Name = X153-WIN7.DOMAIN.local | Source = Application Error | ID = 1000
Description = Faulting application name: PowerSaverTray.exe, version: 1.0.3005.0,
 time stamp: 0x49e81ef9  Faulting module name: PowerSaverTray.exe, version: 1.0.3005.0,
 time stamp: 0x49e81ef9  Exception code: 0xc0000005  Fault offset: 0x00001010  Faulting
 process id: 0x138  Faulting application start time: 0x01cf8ee8be95119f  Faulting application
 path: C:\Program Files\Acer\Acer PowerSaver\PowerSaverTray.exe  Faulting module path:
 C:\Program Files\Acer\Acer PowerSaver\PowerSaverTray.exe  Report Id: 002c7adf-fadc-11e3-b9f9-90fba630bb24
 
[ System Events ]
Error - 18/06/2014 9:03:56 PM | Computer Name = X153-WIN7.DOMAIN.local | Source = UmrdpService | ID = 1111
Description = Driver RICOH Aficio MP C5000 PCL 5c required for printer !!DOMAIN00!Ricoh_CenterOffice
 is unknown. Contact the administrator to install the driver before you log in again.
 
Error - 18/06/2014 10:30:13 PM | Computer Name = X153-WIN7.DOMAIN.local | Source = EventLog | ID = 6008
Description = The previous system shutdown at 10:18:29 PM on ?6/?18/?2014 was unexpected.
 
Error - 18/06/2014 10:30:20 PM | Computer Name = X153-WIN7.DOMAIN.local | Source = BugCheck | ID = 1001
Description =
 
Error - 18/06/2014 10:30:48 PM | Computer Name = X153-WIN7.DOMAIN.local | Source = Service Control Manager | ID = 7023
Description = The Power service terminated with the following error:   %%4203
 
Error - 18/06/2014 10:44:37 PM | Computer Name = X153-WIN7.DOMAIN.local | Source = Service Control Manager | ID = 7009
Description = A timeout was reached (30000 milliseconds) while waiting for the LMIGuardianSvc
 service to connect.
 
Error - 18/06/2014 10:44:37 PM | Computer Name = X153-WIN7.DOMAIN.local | Source = Service Control Manager | ID = 7000
Description = The LMIGuardianSvc service failed to start due to the following error:
   %%1053
 
Error - 18/06/2014 10:44:57 PM | Computer Name = X153-WIN7.DOMAIN.local | Source = Service Control Manager | ID = 7023
Description = The Power service terminated with the following error:   %%4203
 
Error - 18/06/2014 10:49:41 PM | Computer Name = X153-WIN7.DOMAIN.local | Source = Service Control Manager | ID = 7022
Description = The VIPRE Business service hung on starting.
 
Error - 22/06/2014 6:05:19 PM | Computer Name = X153-WIN7.DOMAIN.local | Source = Schannel | ID = 36874
Description = An SSL 3.0 connection request was received from a remote client application,
 but none of the cipher suites supported by the client application are supported
 by the server. The SSL connection request has failed.
 
Error - 22/06/2014 6:05:19 PM | Computer Name = X153-WIN7.DOMAIN.local | Source = Schannel | ID = 36888
Description = The following fatal alert was generated: 40. The internal error state
 is 107.
 
 
< End of report >
 



#10 Starbuck

Starbuck

    'r Brudiwr


  • Malware Response Team
  • 4,150 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Midlands, UK
  • Local time:12:08 PM

Posted 23 June 2014 - 04:35 PM

Hi td323i

You have both copies of MBAM installed:

Malwarebytes Anti-Malware version 2.0.2.1012
Malwarebytes Anti-Malware version 1.75.0.1300

Please uninstall this version:
Malwarebytes Anti-Malware version 1.75.0.1300


If you still have the old copy of Combofix on your system, please remove by right clicking on the icon and selecting delete.

Download Combofix from any of the links below. You must rename it before saving it. Save it to your desktop.

Link 1
Link 2

CF_download_FF.gif


CF_download_rename.gif

This is an example, you may rename ComboFix to anything you want.
Then:

Vista/Windows 7 users right-click and select Run As Administrator. on Combo-Fix.exe
  • Please follow any prompts
  • Note:
    Do not mouseclick combofix's window while it's running. That may cause it to stall


    When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply.

    Thanks

Edited by Starbuck, 23 June 2014 - 04:37 PM.

BBPP6nz.png


#11 td323i

td323i
  • Topic Starter

  • Members
  • 122 posts
  • OFFLINE
  •  
  • Local time:07:08 AM

Posted 24 June 2014 - 08:43 AM

Thanks,

 

 

ComboFix 14-06-24.01 - Tony 06/24/2014   9:29.2.2 - x86
Microsoft Windows 7 Professional   6.1.7601.1.1252.1.1033.18.3037.1467 [GMT -4:00]
Running from: c:\users\Tony\Desktop\cfixer.exe
AV: GFI Software VIPRE *Disabled/Updated* {FFE93D16-FD09-0282-C7D3-8B1731B6A051}
SP: GFI Software VIPRE *Disabled/Updated* {4488DCF2-DB33-0D0C-FD63-B0654A31EAEC}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
C:\uninstall.exe
c:\windows\system32\sysprep\cryptbase.dll
.
.
(((((((((((((((((((((((((   Files Created from 2014-05-24 to 2014-06-24  )))))))))))))))))))))))))))))))
.
.
2014-06-24 13:38 . 2014-06-24 13:38 -------- d-----w- c:\users\Tony\AppData\Local\temp
2014-06-24 13:38 . 2014-06-24 13:38 -------- d-----w- c:\users\wayner\AppData\Local\temp
2014-06-24 13:38 . 2014-06-24 13:38 -------- d-----w- c:\users\User\AppData\Local\temp
2014-06-24 13:38 . 2014-06-24 13:38 -------- d-----w- c:\users\r&d\AppData\Local\temp
2014-06-24 13:38 . 2014-06-24 13:38 -------- d-----w- c:\users\Public\AppData\Local\temp
2014-06-24 13:38 . 2014-06-24 13:38 -------- d-----w- c:\users\processpro\AppData\Local\temp
2014-06-24 13:38 . 2014-06-24 13:38 -------- d-----w- c:\users\genas\AppData\Local\temp
2014-06-24 13:38 . 2014-06-24 13:38 -------- d-----w- c:\users\Default\AppData\Local\temp
2014-06-24 13:38 . 2014-06-24 13:38 -------- d-----w- c:\users\__sbs_netsetup__\AppData\Local\temp
2014-06-12 04:09 . 2014-04-25 02:06 626688 ----a-w- c:\windows\system32\usp10.dll
2014-06-12 04:07 . 2014-04-05 02:25 1294272 ----a-w- c:\windows\system32\drivers\tcpip.sys
2014-06-12 04:07 . 2014-04-05 02:24 187840 ----a-w- c:\windows\system32\drivers\FWPKCLNT.SYS
2014-06-12 04:07 . 2013-11-26 11:11 240576 ----a-w- c:\windows\system32\drivers\netio.sys
2014-06-12 01:59 . 2014-06-22 08:59 -------- d-----w- c:\users\Default\AppData\Roaming\35AD
2014-06-10 18:50 . 2014-06-10 18:50 -------- d-----w- c:\program files\Malwarebytes Anti-Malware
2014-06-10 18:50 . 2014-05-12 11:26 51928 ----a-w- c:\windows\system32\drivers\mwac.sys
2014-06-10 13:32 . 2014-06-10 18:20 -------- d-----w- C:\FRST
.
.
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2014-06-06 18:01 . 2012-10-28 22:00 53064 ----a-w- c:\windows\system32\Spool\prtprocs\w32x86\LMIproc.dll
2014-06-06 18:01 . 2012-10-28 22:00 31560 ----a-w- c:\windows\system32\LMIport.dll
2014-06-06 18:01 . 2012-10-28 22:00 85832 ----a-w- c:\windows\system32\LMIinit.dll
2014-04-25 21:44 . 2014-04-28 20:50 95416 ----a-w- c:\windows\system32\pdfcmon.dll
2014-04-25 21:44 . 2014-04-28 20:50 23552 ----a-w- c:\windows\system32\MSMPIDE.DLL
2014-04-18 13:02 . 2012-10-28 22:00 85832 ----a-w- c:\windows\system32\LMIinit.dll.000.bak
2014-04-15 06:34 . 2014-04-15 06:34 1070232 ----a-w- c:\windows\system32\MSCOMCTL.OCX
2014-04-12 02:15 . 2014-05-15 04:30 67520 ----a-w- c:\windows\system32\drivers\ksecdd.sys
2014-04-12 02:15 . 2014-05-15 04:30 136640 ----a-w- c:\windows\system32\drivers\ksecpkg.sys
2014-04-12 02:12 . 2014-05-15 04:30 15872 ----a-w- c:\windows\system32\sspisrv.dll
2014-04-12 02:12 . 2014-05-15 04:30 100352 ----a-w- c:\windows\system32\sspicli.dll
2014-04-12 02:12 . 2014-05-15 04:30 22016 ----a-w- c:\windows\system32\secur32.dll
2014-04-12 02:11 . 2014-05-15 04:30 1059840 ----a-w- c:\windows\system32\lsasrv.dll
2014-04-12 02:11 . 2014-05-15 04:30 22528 ----a-w- c:\windows\system32\lsass.exe
.
.
------- Sigcheck -------
Note: Unsigned files aren't necessarily malware.
.
[7] 2010-11-20 . 7660F01D3B38ACA1747E397D21D790AF . 376832 . . [6.1.7601.17514] . . c:\windows\erdnt\cache\rpcss.dll
[-] 2010-11-20 . CA9A61158AF67F91B46D6BD7D41CCC5F . 384000 . . [6.1.7601.17514] . . c:\windows\System32\rpcss.dll
[7] 2010-11-20 . 7660F01D3B38ACA1747E397D21D790AF . 376832 . . [6.1.7601.17514] . . c:\windows\winsxs\x86_microsoft-windows-com-base-qfe-rpcss_31bf3856ad364e35_6.1.7601.17514_none_6bd245e79c221747\rpcss.dll
[7] 2009-07-14 . B82CD39E336973359D7C9BF911E8E84F . 376320 . . [6.1.7600.16385] . . c:\windows\winsxs\x86_microsoft-windows-com-base-qfe-rpcss_31bf3856ad364e35_6.1.7600.16385_none_69a1321f9f3393ad\rpcss.dll
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"OfficeSyncProcess"="c:\program files\Microsoft Office\Office14\MSOSYNC.EXE" [2013-04-22 720064]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2009-06-05 186904]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RtHDVCpl.exe" [2009-07-20 7625248]
"BackupManagerTray"="c:\program files\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe" [2009-08-12 261888]
"Acer PowerSaver"="c:\program files\Acer\Acer PowerSaver\PowerSaverTray.exe" [2009-04-17 434176]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-02-28 35696]
"RemoteControl8"="c:\program files\CyberLink\PowerDVD8\PDVD8Serv.exe" [2009-04-16 91432]
"PDVD8LanguageShortcut"="c:\program files\CyberLink\PowerDVD8\Language\Language.exe" [2009-04-16 50472]
"Adobe Acrobat Speed Launcher"="c:\program files\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe" [2013-05-08 44128]
"Acrobat Assistant 8.0"="c:\program files\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe" [2013-05-08 642664]
"BCSSync"="c:\program files\Microsoft Office\Office14\BCSSync.exe" [2010-03-13 91520]
"AdobeAAMUpdater-1.0"="c:\program files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2010-03-06 500208]
"AdobeCS5ServiceManager"="c:\program files\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" [2010-02-22 406992]
"SwitchBoard"="c:\program files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe" [2010-02-19 517096]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-11-29 421888]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2011-03-07 421160]
"Windows Mobile Device Center"="c:\windows\WindowsMobile\wmdc.exe" [2007-05-31 648072]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2011-02-11 137752]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2011-02-11 171032]
"Persistence"="c:\windows\system32\igfxpers.exe" [2011-02-11 172568]
"LogMeIn GUI"="c:\program files\LogMeIn\x86\LogMeInSystray.exe" [2012-11-29 63048]
"SBAMTray"="c:\program files\GFI Software\GFIAgent\SBAMTray.exe" [2013-05-30 3232152]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-04-04 958576]
"Acronis Scheduler2 Service"="c:\program files\Common Files\Acronis\Schedule2\schedhlp.exe" [2013-06-07 396176]
"AcronisTibMounterMonitor"="c:\program files\Common Files\Acronis\TibMounter\TibMounterMonitor.exe" [2013-01-22 1102184]
"BackupAndRecoveryMonitor.exe"="c:\program files\Acronis\BackupAndRecovery\BackupAndRecoveryMonitor.exe" [2014-02-19 1530496]
.
c:\users\Tony\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
NVIDIA Experience.url [2013-12-11 180]
Nvidia Expirience.url [2013-12-5 180]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
SC_zAccEvt.lnk - c:\program files\SAAZOD\zSCC\zAccEvt.exe [2013-3-11 306920]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"NoWelcomeScreen"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\windows\System32\acaptuser32.dll
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SBAMSvc]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SBPIMSvc]
@="Service"
.
R2 AcronisAgent;Acronis Remote Agent Service;c:\program files\Common Files\Acronis\Agent\agent.exe [2012-12-29 2046968]
R2 SkypeUpdate;Skype Updater;c:\program files\Skype\Updater\Updater.exe [2012-07-13 160944]
R3 dc3d;MS Hardware Device Detection Driver (USB);c:\windows\system32\DRIVERS\dc3d.sys [2013-03-25 65200]
R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [2013-01-20 100328]
R3 PDF Architect 2;PDF Architect 2;c:\program files\PDF Architect 2\ws.exe [2014-04-17 1716264]
R3 pdfforge CrashHandler;pdfforge CrashHandler;c:\program files\PDF Architect 2\crash-handler-ws.exe [2014-04-17 861736]
R3 sbwtis;sbwtis;c:\windows\system32\DRIVERS\sbwtis.sys [2013-01-15 76064]
R3 SwitchBoard;Adobe SwitchBoard;c:\program files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 52224]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2010-06-15 1343400]
R4 AmsWebServer;Acronis Web Server Service;c:\program files\Common Files\Acronis\WebServer\httpd.exe [2011-10-31 18432]
R4 SAAZapsc;SAAZ RMM Agent Presence-SC;c:\progra~1\SAAZOD\zRealTime\SAAZapsc.exe SAAZapsc [x]
R4 SAAZRemoteSupport;SAAZRemoteSupport;c:\progra~1\SAAZOD\SAAZRemoteSupport.exe [2012-06-27 81200]
R4 ZEvtSVC;ZEvtSVC;c:\progra~1\SAAZOD\zSCC\zEvtSVC.exe [2012-06-27 232752]
S0 fltsrv;Acronis Storage Filter Management;c:\windows\system32\DRIVERS\fltsrv.sys [2014-02-12 73504]
S0 tib;Acronis TIB Manager;c:\windows\system32\DRIVERS\tib.sys [2014-02-12 736312]
S0 tib_mounter;Acronis TIB Mounter;c:\windows\system32\DRIVERS\tib_mounter.sys [2014-02-12 130488]
S2 AMS;Acronis Management Server Service;c:\program files\Acronis\AMS\ManagementServer.exe [2014-02-19 13018864]
S2 ARSM;Acronis Removable Storage Management Service;c:\program files\Acronis\ARSM\arsm.exe [2014-02-19 5866040]
S2 ETService;Empowering Technology Service;c:\program files\Acer\Empowering Technology\Service\ETService.exe [2009-02-18 24576]
S2 GPSocketUSBService;GPSocketUSBService;c:\maxisocketusb\ServiceInstaller.exe [2012-03-05 76288]
S2 LMIGuardianSvc;LMIGuardianSvc;c:\program files\LogMeIn\x86\LMIGuardianSvc.exe [2014-06-06 375120]
S2 LMIInfo;LogMeIn Kernel Information Provider;c:\program files\LogMeIn\x86\RaInfo.sys [2013-04-30 13624]
S2 MMS;Acronis Managed Machine Service;c:\program files\Acronis\BackupAndRecovery\mms.exe [2014-02-19 11186048]
S2 MSSQL$ACRONIS;SQL Server (ACRONIS);c:\program files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [2008-11-25 29263712]
S2 NTI IScheduleSvc;NTI IScheduleSvc;c:\program files\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe [2009-08-12 62208]
S2 SAAZappr;SAAZ RMM Agent Presence-PR;c:\progra~1\SAAZOD\zRealTime\SAAZappr.exe SAAZappr [x]
S2 SAAZDPMACTL;SAAZDPMACTL;c:\progra~1\SAAZOD\SAAZDPMACTL.exe [2012-06-27 89392]
S2 SAAZScheduler;SAAZScheduler;c:\progra~1\SAAZOD\SAAZScheduler.exe [2013-05-22 85296]
S2 SAAZServerPlus;SAAZServerPlus;c:\progra~1\SAAZOD\SAAZServerPlus.exe [2012-06-27 85296]
S2 SAAZWatchDog;SAAZWatchDog;c:\progra~1\SAAZOD\SAAZWatchDog.exe [2012-06-27 89392]
S2 SBAMSvc;VIPRE Business;c:\program files\GFI Software\GFIAgent\SBAMSvc.exe [2013-05-30 3681016]
S2 sbapifs;sbapifs;c:\windows\system32\DRIVERS\sbapifs.sys [2013-01-15 68904]
S2 SBPIMSvc;SB Recovery Service;c:\program files\GFI Software\GFIAgent\SBPIMSvc.exe [2013-05-30 176536]
S2 TeamViewer8;TeamViewer 8;c:\program files\TeamViewer\Version8\TeamViewer_Service.exe [2012-12-14 3467768]
S2 Updater Service;Updater Service;c:\program files\Acer\Acer Updater\UpdaterService.exe [2009-07-04 240160]
S2 virtual_file;Acronis Virtual File Driver (build 2103);c:\windows\system32\DRIVERS\virtual_file.sys [2014-02-12 123168]
S2 VMUSBArbService;VMware USB Arbitration Service;c:\program files\Common Files\VMware\USB\vmware-usbarbitrator.exe [2011-06-01 609904]
S3 gfiark;gfiark;c:\windows\system32\drivers\gfiark.sys [2013-05-23 43368]
S3 gfiutil;gfiutil;c:\windows\system32\drivers\gfiutil.sys [2013-09-04 24040]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - GFIARK
*NewlyCreated* - GFIUTIL
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
WindowsMobile REG_MULTI_SZ    wcescomm rapimgr
LocalServiceRestricted REG_MULTI_SZ    WcesComm RapiMgr
.
Contents of the 'Scheduled Tasks' folder
.
2014-06-24 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2013-05-07 05:19]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0409&m=veriton_x480g&r=170505103416p04f5u2h5z44716240
uInternet Settings,ProxyOverride = *.local
IE: Append Link Target to Existing PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Append to Existing PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert Link Target to Adobe PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert to Adobe PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~1\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - c:\progra~1\MICROS~1\Office14\ONBttnIE.dll/105
TCP: DhcpNameServer = 192.168.1.100 192.168.1.101
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'lsass.exe'(640)
c:\windows\system32\relog_ap.DLL
.
Completion time: 2014-06-24  09:39:47
ComboFix-quarantined-files.txt  2014-06-24 13:39
ComboFix2.txt  2013-12-10 21:00
.
Pre-Run: 40,236,658,688 bytes free
Post-Run: 40,174,145,536 bytes free
.
- - End Of File - - F669A355765A90DCB42E66D92ECCB499
A36C5E4F47E84449FF07ED3517B43A31
 



#12 Starbuck

Starbuck

    'r Brudiwr


  • Malware Response Team
  • 4,150 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Midlands, UK
  • Local time:12:08 PM

Posted 24 June 2014 - 12:02 PM

Hi td323i

We have some strange things going on here.....

In the original FRST report it showed that rpcss.dll was legit.

A (Microsoft Corporation) B82CD39E336973359D7C9BF911E8E84F

C:\Windows\System32\rpcss.dll

Now the Combofix report is showing that it's patched.

[-] 2010-11-20 . CA9A61158AF67F91B46D6BD7D41CCC5F . 384000 . . [6.1.7601.17514] . . c:\windows\System32\rpcss.dll


Also.... between running the FRST fix and you posting the OTL report, we have a lot of strange entries!!

[2014/06/21 05:16:39 | 000,000,000 | --S- | C] () -- C:\Windows\System32\fexz.wvx
[2014/06/20 21:49:57 | 000,000,000 | --S- | C] () -- C:\Windows\System32\maqogi.yiw
[2014/06/20 17:47:31 | 000,000,000 | --S- | C] () -- C:\Windows\System32\kvcal.pul
[2014/06/20 08:13:46 | 000,000,000 | --S- | C] () -- C:\Windows\System32\ekmztp.mpi
[2014/06/19 16:57:10 | 000,000,000 | --S- | C] () -- C:\Windows\System32\kyod.cwu
[2014/06/19 13:59:16 | 000,000,000 | --S- | C] () -- C:\Windows\System32\chwynpi.yqv
[2014/06/19 01:31:06 | 000,000,000 | --S- | C] () -- C:\Windows\System32\qmex.jfg
[2014/06/18 19:27:29 | 000,000,000 | --S- | C] () -- C:\Windows\System32\bzzya.kfd
[2014/06/17 21:42:09 | 000,000,000 | --S- | C] () -- C:\Windows\System32\qgyxvq.mfq
[2014/06/17 13:47:31 | 000,000,000 | --S- | C] () -- C:\Windows\System32\gvutl.rsr
[2014/06/16 22:13:39 | 000,000,000 | --S- | C] () -- C:\Windows\System32\htphl.hpt
[2014/06/16 19:11:00 | 000,000,000 | --S- | C] () -- C:\Windows\System32\vzjdvrh.ujd
[2014/06/14 20:35:52 | 000,000,000 | --S- | C] () -- C:\Windows\System32\zznicxl.wsh
[2014/06/14 15:36:05 | 000,000,000 | --S- | C] () -- C:\Windows\System32\mnczeew.nza
[2014/06/13 19:39:39 | 000,000,000 | --S- | C] () -- C:\Windows\System32\fdvjgfj.rng
[2014/06/13 11:35:41 | 000,000,000 | --S- | C] () -- C:\Windows\System32\ivqlaqs.sog
[2014/06/11 17:15:17 | 000,315,743 | --S- | C] () -- C:\Windows\System32\jfpsh.brd


Are you familliar with this name....Mercantil Servicios

It seems that between running the FRST fix and the Otl report.... you have gotten yourself infected again!

Let's go back to square one:

Please re-run FRST.
  • Make sure that Addition.txt is selected at the bottom
  • Press Scan button.

    newfrst_zpsa63ffa3d.png
  • It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
  • It will also make another log (Addition.txt). Please copy and paste it to your reply also.
Also
  • Please re-run FRST again, but this time type the following in the edit box after Search: rpcss.dll
  • Click the Search File(s) button


    rpcss_zps888886ad.png
  • It will make a log (Search.txt)- please post this report along with the other 2 FRST reports.
Please post all 3 reports.

Thanks.

BBPP6nz.png


#13 td323i

td323i
  • Topic Starter

  • Members
  • 122 posts
  • OFFLINE
  •  
  • Local time:07:08 AM

Posted 24 June 2014 - 02:25 PM

thanks for the info.  That name isn't remotely familiar.  This computer rebooted on me at least once today that I noticed.  I only use this machine for one or two tasks which wouldn't put me at risk for an additional infection.  Something must be causing the infections.  I will rerun the tests shortly. 



#14 td323i

td323i
  • Topic Starter

  • Members
  • 122 posts
  • OFFLINE
  •  
  • Local time:07:08 AM

Posted 24 June 2014 - 02:34 PM

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version:22-06-2014
Ran by Tony (administrator) on X153-WIN7 on 24-06-2014 15:26:17
Running from C:\Users\Tony\Desktop
Platform: Microsoft Windows 7 Professional  Service Pack 1 (X86) OS Language: English (United States)
Internet Explorer Version 10
Boot Mode: Normal

The only official download link for FRST:
Download link for 32-Bit version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/
Download link for 64-Bit Version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/
Download link from any site other than Bleeping Computer is unpermitted or outdated.
See tutorial for FRST: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(Acronis) C:\Program Files\Common Files\Acronis\Agent\agent.exe
(Acronis) C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe
(Acronis) C:\Program Files\Acronis\AMS\ManagementServer.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Acronis) C:\Program Files\Acronis\ARSM\arsm.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
() C:\Program Files\Acer\Empowering Technology\Service\ETService.exe
(GeneralPlus) C:\MaxiSocketUSB\ServiceInstaller.exe
(LogMeIn, Inc.) C:\Program Files\LogMeIn\x86\LMIGuardianSvc.exe
(GeneralPlus) C:\MaxiSocketUSB\GPSocketUSBService.exe
(LogMeIn, Inc.) C:\Program Files\LogMeIn\x86\ramaint.exe
(Microsoft Corporation) C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe
(NewTech Infosystems, Inc.) C:\Program Files\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe
(Continuum Managed Services LLC.) C:\Program Files\SAAZOD\zRealTime\SAAZappr.exe
(Continuum Managed Services LLC.) C:\Program Files\SAAZOD\SAAZDPMACTL.exe
(Continuum Managed Service LLC.) C:\Program Files\SAAZOD\SAAZScheduler.exe
(Continuum Managed Services LLC.) C:\Program Files\SAAZOD\SAAZServerPlus.exe
(Continuum Managed Services LLC.) C:\Program Files\SAAZOD\zRealTime\rtHlpDk.exe
(Continuum Managed Services LLC.) C:\Program Files\SAAZOD\SAAZWatchDog.exe
(ThreatTrack Security, Inc.) C:\Program Files\GFI Software\GFIAgent\SBPIMSvc.exe
(Microsoft Corporation) C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
(TeamViewer GmbH) C:\Program Files\TeamViewer\Version8\TeamViewer_Service.exe
(Acer) C:\Program Files\Acer\Acer Updater\UpdaterService.exe
(VMware, Inc.) C:\Program Files\Common Files\VMware\USB\vmware-usbarbitrator.exe
(Intel Corporation) C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe
(LogMeIn, Inc.) C:\Program Files\LogMeIn\x86\LogMeIn.exe
(Acronis) C:\Program Files\Acronis\BackupAndRecovery\mms.exe
(Microsoft Corporation) C:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe
(Microsoft Corporation) C:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe
(Intel Corporation) C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
(NewTech Infosystems, Inc.) C:\Program Files\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe
(Acer Incorporated) C:\Program Files\Acer\Acer PowerSaver\PowerSaverTray.exe
(CyberLink Corp.) C:\Program Files\CyberLink\PowerDVD8\PDVD8Serv.exe
(Adobe Systems Inc.) C:\Program Files\Adobe\Acrobat 9.0\Acrobat\acrotray.exe
(Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe
(Microsoft Corporation) C:\Windows\WindowsMobile\wmdc.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(LogMeIn, Inc.) C:\Program Files\LogMeIn\x86\LogMeInSystray.exe
(ThreatTrack Security, Inc.) C:\Program Files\GFI Software\GFIAgent\SBAMTray.exe
(Acronis) C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe
(Acronis) C:\Program Files\Common Files\Acronis\TibMounter\TibMounterMonitor.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office\Office14\MSOSYNC.EXE
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Adobe Systems Incorporated) C:\Windows\System32\Macromed\Flash\FlashUtil32_11_9_900_170_ActiveX.exe
(ThreatTrack Security, Inc.) C:\Program Files\GFI Software\GFIAgent\SBAMSvc.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Microsoft Corporation) C:\Windows\System32\UI0Detect.exe
(Microsoft Corporation) C:\Windows\System32\mobsync.exe
(Microsoft Corporation) C:\Windows\WindowsMobile\WmdHost.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Microsoft Corporation) C:\Windows\System32\MsSpellCheckingFacility.exe

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [IAAnotif] => C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe [186904 2009-06-04] (Intel Corporation)
HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe [7625248 2009-07-20] (Realtek Semiconductor)
HKLM\...\Run: [BackupManagerTray] => C:\Program Files\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe [261888 2009-08-12] (NewTech Infosystems, Inc.)
HKLM\...\Run: [Acer PowerSaver] => C:\Program Files\Acer\Acer PowerSaver\PowerSaverTray.exe [434176 2009-04-17] (Acer Incorporated)
HKLM\...\Run: [Adobe Reader Speed Launcher] => C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe [35696 2009-02-27] (Adobe Systems Incorporated)
HKLM\...\Run: [RemoteControl8] => C:\Program Files\CyberLink\PowerDVD8\PDVD8Serv.exe [91432 2009-04-15] (CyberLink Corp.)
HKLM\...\Run: [PDVD8LanguageShortcut] => C:\Program Files\CyberLink\PowerDVD8\Language\Language.exe [50472 2009-04-15] (CyberLink Corp.)
HKLM\...\Run: [Adobe Acrobat Speed Launcher] => C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe [44128 2013-05-08] (Adobe Systems Incorporated)
HKLM\...\Run: [Acrobat Assistant 8.0] => C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe [642664 2013-05-08] (Adobe Systems Inc.)
HKLM\...\Run: [BCSSync] => C:\Program Files\Microsoft Office\Office14\BCSSync.exe [91520 2010-03-13] (Microsoft Corporation)
HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [500208 2010-03-06] (Adobe Systems Incorporated)
HKLM\...\Run: [AdobeCS5ServiceManager] => C:\Program Files\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe [406992 2010-02-22] (Adobe Systems Incorporated)
HKLM\...\Run: [SwitchBoard] => C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated)
HKLM\...\Run: [QuickTime Task] => C:\Program Files\QuickTime\QTTask.exe [421888 2010-11-29] (Apple Inc.)
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [421160 2011-03-07] (Apple Inc.)
HKLM\...\Run: [Windows Mobile Device Center] => C:\Windows\WindowsMobile\wmdc.exe [648072 2007-05-31] (Microsoft Corporation)
HKLM\...\Run: [LogMeIn GUI] => C:\Program Files\LogMeIn\x86\LogMeInSystray.exe [63048 2012-11-29] (LogMeIn, Inc.)
HKLM\...\Run: [SBAMTray] => C:\Program Files\GFI Software\GFIAgent\SBAMTray.exe [3232152 2013-05-30] (ThreatTrack Security, Inc.)
HKLM\...\Run: [Adobe ARM] => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-04-04] (Adobe Systems Incorporated)
HKLM\...\Run: [Acronis Scheduler2 Service] => C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe [396176 2013-06-06] (Acronis)
HKLM\...\Run: [AcronisTibMounterMonitor] => C:\Program Files\Common Files\Acronis\TibMounter\TibMounterMonitor.exe [1102184 2013-01-22] (Acronis)
HKLM\...\Run: [BackupAndRecoveryMonitor.exe] => C:\Program Files\Acronis\BackupAndRecovery\BackupAndRecoveryMonitor.exe [1530496 2014-02-18] (Acronis)
HKLM\...\Policies\Explorer: [NoWelcomeScreen] 1
HKU\S-1-5-21-743207681-3097587850-1565792595-1317\...\Run: [OfficeSyncProcess] => C:\Program Files\Microsoft Office\Office14\MSOSYNC.EXE [720064 2013-04-22] (Microsoft Corporation)
AppInit_DLLs: C:\Windows\System32\acaptuser32.dll => C:\Windows\System32\acaptuser32.dll [114280 2013-05-08] (Adobe Systems Incorporated)
Lsa: [Authentication Packages] msv1_0 relog_ap
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\SC_zAccEvt.lnk
ShortcutTarget: SC_zAccEvt.lnk -> C:\Program Files\SAAZOD\zSCC\zAccEvt.exe (Continuum Managed Services LLC.)
InternetURL: C:\Users\Tony\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\NVIDIA Experience.url -> C:\Users\Tony\AppData\Roaming\FlashPlayer\igfxpers.exe
InternetURL: C:\Users\Tony\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Nvidia Expirience.url -> C:\Users\Tony\AppData\Roaming\FlashPlayer\igfxpers.exe
ShellIconOverlayIdentifiers: Groove Explorer Icon Overlay 1 (GFS Unread Stub) -> {99FD978C-D287-4F50-827F-B2C658EDA8E7} => C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
ShellIconOverlayIdentifiers: Groove Explorer Icon Overlay 2 (GFS Stub) -> {AB5C5600-7E6E-4B06-9197-9ECEF74D31CC} => C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
ShellIconOverlayIdentifiers: Groove Explorer Icon Overlay 2.5 (GFS Unread Folder) -> {920E6DB1-9907-4370-B3A0-BAFC03D81399} => C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
ShellIconOverlayIdentifiers: Groove Explorer Icon Overlay 3 (GFS Folder) -> {16F3DD56-1AF5-4347-846D-7C10C4192619} => C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
ShellIconOverlayIdentifiers: Groove Explorer Icon Overlay 4 (GFS Unread Mark) -> {2916C86E-86A6-43FE-8112-43ABE6BF8DCC} => C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://homepage.acer.com/rdr.aspx?b=ACAW&l=0409&m=veriton_x480g&r=170505103416p04f5u2h5z44716240
SearchScopes: HKLM - {67A2568C-7A0A-4EED-AECC-B5405DE63B64} URL = http://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ACAW
SearchScopes: HKCU - DefaultScope {67A2568C-7A0A-4EED-AECC-B5405DE63B64} URL =
BHO: Adobe PDF Link Helper - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
BHO: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office15\URLREDIR.DLL (Microsoft Corporation)
BHO: SmartSelect Class - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
Toolbar: HKLM - Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
Toolbar: HKCU - Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office\Office15\MSOSB.DLL (Microsoft Corporation)
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Winsock: Catalog5 05 C:\Program Files\Bonjour\mdnsNSP.dll [152864] (Apple Inc.)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.100 192.168.1.101

FireFox:
========
FF Plugin: @Apple.com/iTunes,version=1.0 - C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin: @microsoft.com/GENUINE - disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin: @microsoft.com/SharePoint,version=14.0 - C:\PROGRA~1\MICROS~1\Office15\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin: @vmware.com/vmrc,version=2.5.0.00000 - C:\Program Files\Common Files\VMware\VMware VMRC Plug-in\Firefox\np-vmware-vmrc.dll (VMware, Inc.)
FF Plugin: Adobe Acrobat - C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Air\nppdf32.dll (Adobe Systems Inc.)
FF Plugin: PDF Architect 2 - C:\Program Files\PDF Architect 2\np-previewer.dll (pdfforge GmbH)

========================== Services (Whitelisted) =================

R2 AcronisAgent; C:\Program Files\Common Files\Acronis\Agent\agent.exe [2046968 2012-12-29] (Acronis)
R2 AcrSch2Svc; C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe [801784 2013-06-06] (Acronis)
R2 AMS; C:\Program Files\Acronis\AMS\ManagementServer.exe [13018864 2014-02-19] (Acronis)
S4 AmsWebServer; C:\Program Files\Common Files\Acronis\WebServer\httpd.exe [18432 2011-10-31] (Apache Software Foundation) [File not signed]
R2 ARSM; C:\Program Files\Acronis\ARSM\arsm.exe [5866040 2014-02-19] (Acronis)
R2 DcomLaunch; C:\Windows\system32\rpcss.dll [384000 2010-11-20] (Microsoft Corporation) [File not signed]
R2 ETService; C:\Program Files\Acer\Empowering Technology\Service\ETService.exe [24576 2009-02-17] () [File not signed]
S3 FLEXnet Licensing Service; C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe [651720 2010-06-11] (Macrovision Europe Ltd.) [File not signed]
R2 GPSocketUSBService; C:\MaxiSocketUSB\ServiceInstaller.exe [76288 2012-03-05] (GeneralPlus) [File not signed]
R2 MMS; C:\Program Files\Acronis\BackupAndRecovery\mms.exe [11186048 2014-02-19] (Acronis)
R2 MSSQL$ACRONIS; C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [29263712 2008-11-24] (Microsoft Corporation)
S4 MSSQLServerADHelper; C:\Program Files\Microsoft SQL Server\90\Shared\sqladhlp90.exe [45408 2008-11-24] (Microsoft Corporation)
R2 NTI IScheduleSvc; C:\Program Files\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe [62208 2009-08-12] (NewTech Infosystems, Inc.)
S3 PDF Architect 2; C:\Program Files\PDF Architect 2\ws.exe [1716264 2014-04-17] (pdfforge GmbH)
S3 pdfforge CrashHandler; C:\Program Files\PDF Architect 2\crash-handler-ws.exe [861736 2014-04-17] (pdfforge GmbH)
R2 RpcSs; C:\Windows\System32\rpcss.dll [384000 2010-11-20] (Microsoft Corporation) [File not signed]
R2 SAAZappr; C:\Program Files\SAAZOD\zRealTime\SAAZappr.exe [85296 2012-06-26] (Continuum Managed Services LLC.)
S4 SAAZapsc; C:\Program Files\SAAZOD\zRealTime\SAAZapsc.exe [85296 2012-06-26] (Continuum Managed Services LLC.)
R2 SAAZDPMACTL; C:\Program Files\SAAZOD\SAAZDPMACTL.exe [89392 2012-06-26] (Continuum Managed Services LLC.)
S4 SAAZRemoteSupport; C:\Program Files\SAAZOD\SAAZRemoteSupport.exe [81200 2012-06-26] (Continuum Managed Services LLC.)
R2 SAAZScheduler; C:\Program Files\SAAZOD\SAAZScheduler.exe [85296 2013-05-21] (Continuum Managed Service LLC.)
R2 SAAZServerPlus; C:\Program Files\SAAZOD\SAAZServerPlus.exe [85296 2012-06-26] (Continuum Managed Services LLC.)
R2 SAAZWatchDog; C:\Program Files\SAAZOD\SAAZWatchDog.exe [89392 2012-06-26] (Continuum Managed Services LLC.)
R2 SBAMSvc; C:\Program Files\GFI Software\GFIAgent\SBAMSvc.exe [3681016 2013-05-30] (ThreatTrack Security, Inc.)
R2 SBPIMSvc; C:\Program Files\GFI Software\GFIAgent\SBPIMSvc.exe [176536 2013-05-30] (ThreatTrack Security, Inc.)
S3 SwitchBoard; C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated) [File not signed]
R2 Updater Service; C:\Program Files\Acer\Acer Updater\UpdaterService.exe [240160 2009-07-03] (Acer)
R2 VMUSBArbService; C:\Program Files\Common Files\VMware\USB\vmware-usbarbitrator.exe [609904 2011-06-01] (VMware, Inc.)
S4 ZEvtSVC; C:\Program Files\SAAZOD\zSCC\zEvtSVC.exe [232752 2012-06-26] (Continuum Managed Services LLC.)

==================== Drivers (Whitelisted) ====================

S3 FTDIBUS; C:\Windows\System32\drivers\ftdibus.sys [63464 2013-01-22] (FTDI Ltd.)
S3 gfiark; C:\Windows\System32\drivers\gfiark.sys [43368 2013-05-23] (ThreatTrack Security)
S3 gfiutil; C:\Windows\System32\drivers\gfiutil.sys [24040 2013-09-04] (ThreatTrack Security)
R2 hcmon; C:\Windows\system32\drivers\hcmon.sys [32880 2011-06-01] (VMware, Inc.)
R2 sbapifs; C:\Windows\System32\DRIVERS\sbapifs.sys [68904 2013-01-15] (GFI Software)
S3 sbwtis; C:\Windows\System32\DRIVERS\sbwtis.sys [76064 2013-01-15] (GFI Software)
R0 tib; C:\Windows\System32\DRIVERS\tib.sys [736312 2014-02-12] (Acronis)
R0 tib_mounter; C:\Windows\System32\DRIVERS\tib_mounter.sys [130488 2014-02-12] (Acronis)
R2 tvicport; C:\Windows\system32\drivers\tvicport.sys [14544 2009-02-05] (EnTech Taiwan) [File not signed]
R2 virtual_file; C:\Windows\System32\DRIVERS\virtual_file.sys [123168 2014-02-12] (Acronis International GmbH)
R2 zntport; C:\Windows\system32\drivers\zntport.sys [6080 2009-02-05] (Zeal SoftStudio) [File not signed]
S3 catchme; \??\C:\Users\Tony\AppData\Local\Temp\catchme.sys [X]
S4 LMIRfsClientNP; No ImagePath

==================== NetSvcs (Whitelisted) ===================

==================== One Month Created Files and Folders ========

2014-06-24 15:26 - 2014-06-24 15:26 - 00017798 _____ () C:\Users\Tony\Desktop\FRST.txt
2014-06-24 15:26 - 2014-06-24 15:26 - 00000000 ____D () C:\Users\Tony\Desktop\FRST-OlderVersion
2014-06-24 11:01 - 2014-06-24 11:01 - 00000000 ___RD () C:\Users\Tony\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\CyberLink PowerDVD 8
2014-06-24 10:59 - 2014-06-24 10:59 - 00147000 _____ () C:\Windows\Minidump\062414-22900-01.dmp
2014-06-24 09:39 - 2014-06-24 09:39 - 00014269 _____ () C:\ComboFix.txt
2014-06-24 09:26 - 2014-06-24 09:26 - 05211571 ____R (Swearware) C:\Users\Tony\Desktop\cfixer.exe
2014-06-23 14:21 - 2014-06-23 14:41 - 00131720 _____ () C:\Users\Tony\Desktop\Extras.Txt
2014-06-23 14:20 - 2014-06-23 14:39 - 00104998 _____ () C:\Users\Tony\Desktop\OTL.Txt
2014-06-23 14:09 - 2014-06-23 14:09 - 00602112 _____ (OldTimer Tools) C:\Users\Tony\Desktop\OTL.scr
2014-06-21 05:16 - 2014-06-21 05:16 - 00000000 ____S () C:\Windows\system32\fexz.wvx
2014-06-20 21:49 - 2014-06-20 21:49 - 00000000 ____S () C:\Windows\system32\maqogi.yiw
2014-06-20 17:47 - 2014-06-20 17:47 - 00000000 ____S () C:\Windows\system32\kvcal.pul
2014-06-20 08:13 - 2014-06-20 08:13 - 00000000 ____S () C:\Windows\system32\ekmztp.mpi
2014-06-19 16:57 - 2014-06-19 16:57 - 00000000 ____S () C:\Windows\system32\kyod.cwu
2014-06-19 13:59 - 2014-06-19 13:59 - 00000000 ____S () C:\Windows\system32\chwynpi.yqv
2014-06-19 01:31 - 2014-06-19 01:31 - 00000000 ____S () C:\Windows\system32\qmex.jfg
2014-06-18 22:30 - 2014-06-24 10:59 - 384369058 _____ () C:\Windows\MEMORY.DMP
2014-06-18 22:30 - 2014-06-18 22:30 - 00147000 _____ () C:\Windows\Minidump\061814-18111-01.dmp
2014-06-18 21:48 - 2014-06-18 21:48 - 00001531 _____ () C:\Users\Tony\Desktop\scan results.txt
2014-06-18 19:27 - 2014-06-18 19:27 - 00000000 ____S () C:\Windows\system32\bzzya.kfd
2014-06-17 21:42 - 2014-06-17 21:42 - 00000000 ____S () C:\Windows\system32\qgyxvq.mfq
2014-06-17 13:47 - 2014-06-17 13:47 - 00000000 ____S () C:\Windows\system32\gvutl.rsr
2014-06-16 22:13 - 2014-06-16 22:13 - 00000000 ____S () C:\Windows\system32\htphl.hpt
2014-06-16 19:11 - 2014-06-16 19:11 - 00000000 ____S () C:\Windows\system32\vzjdvrh.ujd
2014-06-14 20:35 - 2014-06-14 20:35 - 00000000 ____S () C:\Windows\system32\zznicxl.wsh
2014-06-14 15:36 - 2014-06-14 15:36 - 00000000 ____S () C:\Windows\system32\mnczeew.nza
2014-06-13 19:39 - 2014-06-13 19:39 - 00000000 ____S () C:\Windows\system32\fdvjgfj.rng
2014-06-13 11:35 - 2014-06-13 11:35 - 00000000 ____S () C:\Windows\system32\ivqlaqs.sog
2014-06-12 00:09 - 2014-04-24 22:06 - 00626688 _____ (Microsoft Corporation) C:\Windows\system32\usp10.dll
2014-06-12 00:08 - 2014-05-23 21:27 - 00042496 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-06-12 00:08 - 2014-05-23 21:26 - 14365696 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-06-12 00:08 - 2014-05-23 21:26 - 01766400 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-06-12 00:08 - 2014-05-23 21:26 - 01141248 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-06-12 00:08 - 2014-05-23 21:26 - 00493056 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-06-12 00:08 - 2014-05-23 21:26 - 00163840 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-06-12 00:08 - 2014-05-23 21:26 - 00080896 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-06-12 00:08 - 2014-05-23 21:25 - 13731328 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-06-12 00:08 - 2014-05-23 21:25 - 02862080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-06-12 00:08 - 2014-05-23 21:25 - 02050560 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-06-12 00:08 - 2014-05-23 21:25 - 01440768 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-06-12 00:08 - 2014-05-23 21:25 - 00690688 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2014-06-12 00:08 - 2014-05-23 21:25 - 00391168 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-06-12 00:08 - 2014-05-23 21:25 - 00357888 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-06-12 00:08 - 2014-05-23 21:25 - 00226816 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-06-12 00:08 - 2014-05-23 21:25 - 00109056 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll
2014-06-12 00:08 - 2014-05-23 21:25 - 00061440 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-06-12 00:08 - 2014-05-23 21:25 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-06-12 00:08 - 2014-05-23 21:25 - 00033280 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-06-12 00:08 - 2014-05-23 21:03 - 02706432 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-06-12 00:08 - 2014-05-23 20:06 - 00071680 _____ (Microsoft Corporation) C:\Windows\system32\RegisterIEPKEYs.exe
2014-06-12 00:08 - 2014-03-26 10:27 - 01389056 _____ (Microsoft Corporation) C:\Windows\system32\msxml6.dll
2014-06-12 00:08 - 2014-03-26 10:27 - 01237504 _____ (Microsoft Corporation) C:\Windows\system32\msxml3.dll
2014-06-12 00:08 - 2014-03-26 10:25 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\msxml6r.dll
2014-06-12 00:08 - 2014-03-26 10:25 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\msxml3r.dll
2014-06-12 00:07 - 2014-04-04 22:25 - 01294272 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tcpip.sys
2014-06-12 00:07 - 2014-04-04 22:24 - 00187840 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\FWPKCLNT.SYS
2014-06-12 00:07 - 2013-11-26 07:11 - 00240576 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\netio.sys
2014-06-11 21:59 - 2014-06-22 04:59 - 00000000 ____D () C:\Users\Default\AppData\Roaming\35AD
2014-06-11 21:59 - 2014-06-22 04:59 - 00000000 ____D () C:\Users\Default User\AppData\Roaming\35AD
2014-06-11 17:15 - 2014-06-11 17:15 - 00315743 ____S () C:\Windows\system32\jfpsh.brd
2014-06-10 14:50 - 2014-06-10 14:50 - 00001064 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-06-10 14:50 - 2014-06-10 14:50 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-06-10 14:50 - 2014-06-10 14:50 - 00000000 ____D () C:\Program Files\Malwarebytes Anti-Malware
2014-06-10 14:50 - 2014-05-12 07:26 - 00051928 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-06-10 09:32 - 2014-06-24 15:26 - 00000000 ____D () C:\FRST
2014-06-10 09:30 - 2014-06-24 15:26 - 01073152 _____ (Farbar) C:\Users\Tony\Desktop\FRST.exe
2014-06-02 15:17 - 2014-06-23 11:57 - 00000000 ____D () C:\Users\Tony\Desktop\Problems

==================== One Month Modified Files and Folders =======

2014-06-24 15:26 - 2014-06-24 15:26 - 00017798 _____ () C:\Users\Tony\Desktop\FRST.txt
2014-06-24 15:26 - 2014-06-24 15:26 - 00000000 ____D () C:\Users\Tony\Desktop\FRST-OlderVersion
2014-06-24 15:26 - 2014-06-10 09:32 - 00000000 ____D () C:\FRST
2014-06-24 15:26 - 2014-06-10 09:30 - 01073152 _____ (Farbar) C:\Users\Tony\Desktop\FRST.exe
2014-06-24 15:05 - 2013-08-29 01:30 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-06-24 15:03 - 2013-05-21 21:16 - 00000000 ____D () C:\Program Files\SAAZOD
2014-06-24 14:51 - 2010-05-13 12:22 - 02094188 _____ () C:\Windows\WindowsUpdate.log
2014-06-24 14:39 - 2010-06-11 16:32 - 00000152 _____ () C:\Windows\system32\config\netlogon.ftl
2014-06-24 11:09 - 2009-07-14 00:34 - 00009920 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-06-24 11:09 - 2009-07-14 00:34 - 00009920 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-06-24 11:01 - 2014-06-24 11:01 - 00000000 ___RD () C:\Users\Tony\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\CyberLink PowerDVD 8
2014-06-24 10:59 - 2014-06-24 10:59 - 00147000 _____ () C:\Windows\Minidump\062414-22900-01.dmp
2014-06-24 10:59 - 2014-06-18 22:30 - 384369058 _____ () C:\Windows\MEMORY.DMP
2014-06-24 10:59 - 2014-01-21 15:11 - 00000962 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LogMeIn Control Panel.lnk
2014-06-24 10:59 - 2010-10-03 13:37 - 00000000 ____D () C:\Windows\Minidump
2014-06-24 10:59 - 2009-10-08 21:30 - 00877762 _____ () C:\Windows\PFRO.log
2014-06-24 10:59 - 2009-07-14 00:53 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-06-24 10:59 - 2009-07-14 00:39 - 00095686 _____ () C:\Windows\setupact.log
2014-06-24 09:39 - 2014-06-24 09:39 - 00014269 _____ () C:\ComboFix.txt
2014-06-24 09:39 - 2013-12-10 16:51 - 00000000 ____D () C:\Qoobox
2014-06-24 09:38 - 2009-07-13 22:04 - 00000215 _____ () C:\Windows\system.ini
2014-06-24 09:29 - 2012-10-28 18:00 - 00000000 ____D () C:\ProgramData\LogMeIn
2014-06-24 09:26 - 2014-06-24 09:26 - 05211571 ____R (Swearware) C:\Users\Tony\Desktop\cfixer.exe
2014-06-23 14:41 - 2014-06-23 14:21 - 00131720 _____ () C:\Users\Tony\Desktop\Extras.Txt
2014-06-23 14:39 - 2014-06-23 14:20 - 00104998 _____ () C:\Users\Tony\Desktop\OTL.Txt
2014-06-23 14:09 - 2014-06-23 14:09 - 00602112 _____ (OldTimer Tools) C:\Users\Tony\Desktop\OTL.scr
2014-06-23 11:57 - 2014-06-02 15:17 - 00000000 ____D () C:\Users\Tony\Desktop\Problems
2014-06-23 00:30 - 2013-05-21 21:17 - 00001789 _____ () C:\Windows\system32\ipstuffNew.txt
2014-06-22 04:59 - 2014-06-11 21:59 - 00000000 ____D () C:\Users\Default\AppData\Roaming\35AD
2014-06-22 04:59 - 2014-06-11 21:59 - 00000000 ____D () C:\Users\Default User\AppData\Roaming\35AD
2014-06-21 05:16 - 2014-06-21 05:16 - 00000000 ____S () C:\Windows\system32\fexz.wvx
2014-06-20 21:49 - 2014-06-20 21:49 - 00000000 ____S () C:\Windows\system32\maqogi.yiw
2014-06-20 17:47 - 2014-06-20 17:47 - 00000000 ____S () C:\Windows\system32\kvcal.pul
2014-06-20 08:13 - 2014-06-20 08:13 - 00000000 ____S () C:\Windows\system32\ekmztp.mpi
2014-06-19 16:57 - 2014-06-19 16:57 - 00000000 ____S () C:\Windows\system32\kyod.cwu
2014-06-19 13:59 - 2014-06-19 13:59 - 00000000 ____S () C:\Windows\system32\chwynpi.yqv
2014-06-19 01:31 - 2014-06-19 01:31 - 00000000 ____S () C:\Windows\system32\qmex.jfg
2014-06-18 22:30 - 2014-06-18 22:30 - 00147000 _____ () C:\Windows\Minidump\061814-18111-01.dmp
2014-06-18 22:30 - 2009-07-13 22:37 - 00000000 ____D () C:\Windows\TAPI
2014-06-18 21:58 - 2009-07-14 00:52 - 00000000 ____D () C:\Windows\system32\FxsTmp
2014-06-18 21:49 - 2009-07-13 22:37 - 00000000 ____D () C:\Windows\Branding
2014-06-18 21:48 - 2014-06-18 21:48 - 00001531 _____ () C:\Users\Tony\Desktop\scan results.txt
2014-06-18 19:27 - 2014-06-18 19:27 - 00000000 ____S () C:\Windows\system32\bzzya.kfd
2014-06-17 21:42 - 2014-06-17 21:42 - 00000000 ____S () C:\Windows\system32\qgyxvq.mfq
2014-06-17 13:47 - 2014-06-17 13:47 - 00000000 ____S () C:\Windows\system32\gvutl.rsr
2014-06-16 22:13 - 2014-06-16 22:13 - 00000000 ____S () C:\Windows\system32\htphl.hpt
2014-06-16 19:11 - 2014-06-16 19:11 - 00000000 ____S () C:\Windows\system32\vzjdvrh.ujd
2014-06-14 20:35 - 2014-06-14 20:35 - 00000000 ____S () C:\Windows\system32\zznicxl.wsh
2014-06-14 15:36 - 2014-06-14 15:36 - 00000000 ____S () C:\Windows\system32\mnczeew.nza
2014-06-13 19:57 - 2009-10-08 21:01 - 00853404 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-06-13 19:39 - 2014-06-13 19:39 - 00000000 ____S () C:\Windows\system32\fdvjgfj.rng
2014-06-13 11:35 - 2014-06-13 11:35 - 00000000 ____S () C:\Windows\system32\ivqlaqs.sog
2014-06-12 16:49 - 2009-07-13 22:37 - 00000000 ____D () C:\Windows\system32\spool
2014-06-12 00:14 - 2009-10-08 21:08 - 00000000 ____D () C:\ProgramData\Microsoft Help
2014-06-11 17:40 - 2009-07-14 00:53 - 00032650 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2014-06-11 17:15 - 2014-06-11 17:15 - 00315743 ____S () C:\Windows\system32\jfpsh.brd
2014-06-10 14:50 - 2014-06-10 14:50 - 00001064 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-06-10 14:50 - 2014-06-10 14:50 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-06-10 14:50 - 2014-06-10 14:50 - 00000000 ____D () C:\Program Files\Malwarebytes Anti-Malware
2014-06-10 14:50 - 2013-05-21 22:16 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-06-07 14:51 - 2012-10-28 18:00 - 00000000 ____D () C:\Program Files\LogMeIn
2014-06-06 14:01 - 2012-10-28 18:00 - 00085832 _____ (LogMeIn, Inc.) C:\Windows\system32\LMIinit.dll
2014-06-06 14:01 - 2012-10-28 18:00 - 00031560 _____ (LogMeIn, Inc.) C:\Windows\system32\LMIport.dll
2014-06-02 18:47 - 2014-05-21 10:45 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
2014-06-02 18:47 - 2014-05-21 10:45 - 00000000 ____D () C:\Program Files\Microsoft Silverlight
2014-06-02 18:47 - 2014-05-19 20:49 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\EASYLABEL Platinum
2014-06-02 18:47 - 2013-12-10 23:03 - 00000000 ____D () C:\Users\administrator
2014-06-02 18:47 - 2013-11-27 17:51 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2013
2014-06-02 18:47 - 2013-07-01 11:22 - 00000000 ____D () C:\Users\processpro
2014-06-02 18:47 - 2013-03-08 16:29 - 00000000 ____D () C:\Users\genas
2014-06-02 18:47 - 2012-04-12 16:11 - 00000000 ____D () C:\ProgramData\Brother
2014-06-02 18:47 - 2011-04-18 11:43 - 00000000 ____D () C:\Users\r&d
2014-06-02 18:47 - 2011-04-11 11:54 - 00000000 ____D () C:\Users\wayner
2014-06-02 18:47 - 2010-06-11 16:35 - 00000000 ____D () C:\_rpcs
2014-06-02 18:47 - 2010-06-11 16:33 - 00000000 ____D () C:\Users\__sbs_netsetup__
2014-06-02 18:47 - 2010-06-11 16:10 - 00000000 ____D () C:\Program Files\Common Files\DESIGNER
2014-06-02 18:47 - 2009-07-13 22:37 - 00000000 ____D () C:\Windows\system32\wfp
2014-06-02 18:47 - 2009-07-13 22:37 - 00000000 ____D () C:\Windows\security
2014-06-02 18:47 - 2009-07-13 22:37 - 00000000 ____D () C:\Windows\rescache
2014-06-02 18:47 - 2009-07-13 22:37 - 00000000 ____D () C:\Windows\registration
2014-06-02 18:47 - 2009-07-13 22:37 - 00000000 ____D () C:\Windows\AppCompat
2014-06-02 18:46 - 2014-05-19 20:49 - 00000000 ____D () C:\Program Files\Tharo
2014-06-02 18:46 - 2009-07-13 22:37 - 00000000 ____D () C:\Windows\Microsoft.NET
2014-06-02 18:45 - 2010-06-11 16:09 - 00000000 ____D () C:\Program Files\Microsoft Office
2014-06-02 15:07 - 2010-06-11 16:35 - 00001448 _____ () C:\Windows\ricdb.ini
2014-06-02 14:50 - 2010-06-11 16:34 - 00000000 ____D () C:\Users\Tony

Some content of TEMP:
====================
C:\Users\Tony\AppData\Local\temp\ApplnchConfig.exe

==================== Bamital & volsnap Check =================

C:\Windows\explorer.exe => File is digitally signed
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll
[2011-06-20 18:50] - [2010-11-20 08:21] - 0384000 ____A (Microsoft Corporation) CA9A61158AF67F91B46D6BD7D41CCC5F

 ATTENTION ======> If the system is having audio adware rpcss.dll is patched. Google the MD5, if the MD5 is unique the file is infected.
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2014-06-18 00:09

==================== End Of Log ============================

 

 

 

Additional scan result of Farbar Recovery Scan Tool (x86) Version:22-06-2014
Ran by Tony at 2014-06-24 15:26:57
Running from C:\Users\Tony\Desktop
Boot Mode: Normal
==========================================================

==================== Security Center ========================

AV: GFI Software VIPRE (Enabled - Up to date) {FFE93D16-FD09-0282-C7D3-8B1731B6A051}
AS: Windows Defender (Disabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: GFI Software VIPRE (Enabled - Up to date) {4488DCF2-DB33-0D0C-FD63-B0654A31EAEC}

==================== Installed Programs ======================

.Net Framework 3.5 (HKLM\...\{7DBBC062-E7D5-49E9-8694-FF19E047343B}) (Version: 1.0.2 - ProcessPro Premier)
Acer Backup Manager (HKLM\...\InstallShield_{30075A70-B5D2-440B-AFA3-FB2021740121}) (Version: 2.0.2.19 - NewTech Infosystems)
Acer eRecovery Management (HKLM\...\{7F811A54-5A09-4579-90E1-C93498E230D9}) (Version: 4.05.3003 - Acer Incorporated)
Acer eSettings Management (HKLM\...\{13D85C14-2B85-419F-AC41-C7F21E68B25D}) (Version: 3.00.5001 - Acer Incorporated)
Acer Framework (HKLM\...\{8F1B6239-FEA0-450A-A950-B05276CE177C}) (Version: 3.00.5000 - Acer Incorporated)
Acer PowerSaver (HKLM\...\{A1FFD720-0806-40E9-9554-DB22D593FDEF}) (Version: 1.00.3005 - Acer Incorporated)
Acer QuickMigration (HKLM\...\{D38FA7FF-84E7-42F7-ACAC-E85DF086F008}) (Version: 1.00.3005 - Acer Incorporated)
Acer Updater (HKLM\...\{EE171732-BEB4-4576-887D-CB62727F01CA}) (Version: 1.01.3014 - Acer Incorporated)
Acronis Backup 11.5 Agent Core (HKLM\...\{7370A3E3-9326-42AD-8B64-32D93A839F04}) (Version: 11.5.38573 - Acronis)
Acronis Backup 11.5 Agent for SQL (HKLM\...\{C1C4DD27-DD38-46A5-8396-B140771DB202}) (Version: 11.5.38573 - Acronis)
Acronis Backup 11.5 Agent for Windows (HKLM\...\{AC2E970D-857C-4DA9-9DAF-7F892E37540A}) (Version: 11.5.38573 - Acronis)
Acronis Backup 11.5 Bootable Media Builder (HKLM\...\{34542598-AC39-4F03-8C2D-819C10592BB0}) (Version: 11.5.38573 - Acronis)
Acronis Backup 11.5 Command-Line Tool (HKLM\...\{A9CFD8BA-61D3-4259-89EB-BA630FCF2FDE}) (Version: 11.5.38573 - Acronis)
Acronis Backup 11.5 Management Console (HKLM\...\{03AFCAEE-20E0-423E-8E44-F4AAA3BA1D65}) (Version: 11.5.38573 - Acronis)
Acronis Backup 11.5 Management Server (HKLM\...\{E9F0D163-FA3B-4FC5-A978-CBCC7DB68081}) (Version: 11.5.38573 - Acronis)
Acronis Components for Remote Installation (HKLM\...\{ED780047-33A8-4270-ABAA-B89ECB5A90E7}) (Version: 11.5.38573 - Acronis)
Acronis License Server (HKLM\...\{A2F25E98-D557-4AB7-9EBE-627D956A0E5C}) (Version: 11.5.38573 - Acronis)
Adobe Acrobat 9 Pro Extended - English, Français, Deutsch (HKLM\...\{AC76BA86-1033-F400-7761-000000000004}{AC76BA86-1033-F400-7761-000000000004}) (Version: 9.5.5 - Adobe Systems)
Adobe Acrobat 9 Pro Extended - English, Français, Deutsch (Version: 9.5.5 - Adobe Systems) Hidden
Adobe Acrobat 9.5.5 - CPSID_83708 (HKLM\...\{AC76BA86-1033-F400-7761-000000000004}_955) (Version:  - Adobe Systems Incorporated)
Adobe AIR (HKLM\...\Adobe AIR) (Version: 1.5.3.9120 - Adobe Systems Inc.)
Adobe AIR (Version: 1.5.3.9120 - Adobe Systems Inc.) Hidden
Adobe Anchor Service CS3 (Version: 1.0 - Adobe Systems Incorporated) Hidden
Adobe Asset Services CS3 (Version: 3 - Adobe Systems Incorporated) Hidden
Adobe Bridge CS3 (Version: 2 - Adobe Systems Incorporated) Hidden
Adobe Bridge Start Meeting (Version: 1.0 - Adobe Systems Incorporated) Hidden
Adobe Camera Raw 4.0 (Version: 4.0 - Adobe Systems Incorporated) Hidden
Adobe CMaps (Version: 1.0 - Adobe Systems Incorporated) Hidden
Adobe Color Common Settings (Version: 1.0 - Adobe Systems Incorporated) Hidden
Adobe Color EU Extra Settings (Version: 1.0 - Adobe Systems Incorporated) Hidden
Adobe Color JA Extra Settings (Version: 1.0 - Adobe Systems Incorporated) Hidden
Adobe Color NA Recommended Settings (Version: 1.0 - Adobe Systems Incorporated) Hidden
Adobe Community Help (HKLM\...\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1) (Version: 3.0.0.400 - Adobe Systems Incorporated)
Adobe Community Help (Version: 3.0.0 - Adobe Systems Incorporated) Hidden
Adobe Creative Suite 5 Master Collection (HKLM\...\{288DB08D-0708-4A94-B055-55B99E39EB62}) (Version: 5.0 - Adobe Systems Incorporated)
Adobe Default Language CS3 (Version: 1.0 - Adobe Systems Incorporated) Hidden
Adobe Device Central CS3 (Version: 1.0 - Adobe Systems Incorporated) Hidden
Adobe ExtendScript Toolkit 2 (Version: 2.0 - Adobe Systems Incorporated) Hidden
Adobe Flash Player 11 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 11.9.900.170 - Adobe Systems Incorporated)
Adobe Fonts All (Version: 1.0 - Adobe Systems Incorporated) Hidden
Adobe Help Viewer CS3 (Version: 1 - Adobe Systems Incorporated) Hidden
Adobe Illustrator CS3 (HKLM\...\Adobe_a04a925a57548091300ada368235fc6) (Version: 13.0 - Adobe Systems Incorporated)
Adobe Illustrator CS3 (Version: 13.0 - Adobe Systems Incorporated) Hidden
Adobe Linguistics CS3 (Version: 3.0.0 - Adobe Systems Incorporated) Hidden
Adobe Media Player (HKLM\...\com.adobe.amp.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1) (Version: 1.8 - Adobe Systems Incorporated)
Adobe Media Player (Version: 1.8 - Adobe Systems Incorporated) Hidden
Adobe PDF Library Files (Version: 8.0 - Adobe Systems Incorporated) Hidden
Adobe Reader 9.1 MUI (HKLM\...\{AC76BA86-7AD7-FFFF-7B44-A91000000001}) (Version: 9.1.0 - Adobe Systems Incorporated)
Adobe Setup (Version: 1.0 - Adobe Systems Incorporated) Hidden
Adobe Stock Photos CS3 (Version: 1.5 - Adobe Systems Incorporated) Hidden
Adobe Type Support (Version: 1.0 - Adobe Systems Incorporated) Hidden
Adobe Update Manager CS3 (Version: 5.1.0 - Adobe Systems Incorporated) Hidden
Adobe Version Cue CS3 Client (Version: 3 - Adobe Systems Incorporated) Hidden
Adobe WinSoft Linguistics Plugin (Version: 1.0 - Adobe Systems Incorporated) Hidden
Adobe XMP Panels CS3 (Version: 1.0 - Adobe Systems Incorporated) Hidden
Advertising Center (Version: 0.0.0.2 - Nero AG) Hidden
American Module for Microsoft Dynamics NAV Classic Client (Version: 6.0.29626.0 - Microsoft Corporation) Hidden
American Module for Microsoft Dynamics NAV Documentation (Version: 6.0.29626.0 - Microsoft Corporation) Hidden
American Module for Microsoft Dynamics NAV Role Tailored Client (Version: 6.0.29626.0 - Microsoft Corporation) Hidden
Apple Application Support (HKLM\...\{2DC94AFD-A6E2-4AB4-9132-4A3F8E07B386}) (Version: 1.5.0 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{CACAEB5F-174D-4C7C-AC56-A33289A807CA}) (Version: 3.4.0.25 - Apple Inc.)
Apple Software Update (HKLM\...\{C41300B9-185D-475E-BFEC-39EF732F19B1}) (Version: 2.1.2.120 - Apple Inc.)
AuthenTec Fingerprint Sensor Minimum Install (Version: 7.9.0.0 - AuthenTec) Hidden
Backup Manager Advance (Version: 2.0.2.19 - NewTech Infosystems) Hidden
Bonjour (HKLM\...\{2A981294-F14C-4F0F-9627-D793270922F8}) (Version: 2.0.4.0 - Apple Inc.)
Canadian Module for Microsoft Dynamics NAV Classic Client (Version: 6.0.29626.0 - Microsoft Corporation) Hidden
Canadian Module for Microsoft Dynamics NAV Documentation (Version: 6.0.29626.0 - Microsoft Corporation) Hidden
Canadian Module for Microsoft Dynamics NAV Role Tailored Client (Version: 6.0.29626.0 - Microsoft Corporation) Hidden
CeRegEditor 0.0.5.1 (HKLM\...\CeRegEditor_is1) (Version:  - )
Crystal Reports 9 Redistributables (HKLM\...\{9D571CDB-02AC-472D-8921-D2DBC4E64CE6}) (Version: 1.0.0 - ESHA Research)
Crystal Reports Basic Runtime for Visual Studio 2008 (HKLM\...\{CE26F10F-C80F-4377-908B-1B7882AE2CE3}) (Version: 10.5.0.0 - Business Objects)
CyberLink PowerDVD 8 (HKLM\...\InstallShield_{2BF2E31F-B8BB-40A7-B650-98D28E0F7D47}) (Version: 8.0.2815i.50 - CyberLink Corp.)
CyberLink PowerDVD 8 (Version: 8.0.2815i.50 - CyberLink Corp.) Hidden
DameWare NT Utilities 7.5 (HKLM\...\{63C7E50A-FBCD-40C0-974F-0855C286AB2B}) (Version: 7.5.6.0 - DameWare Development)
Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition (HKLM\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{6BDEB2BD-7C8B-4734-9E2F-E9EDC9D6C844}) (Version:  - Microsoft)
Definition Update for Microsoft Office 2013 (KB2760587) 32-Bit Edition (HKLM\...\{90150000-0017-0000-0000-0000000FF1CE}_Office15.SharePointDesigner_{B64AFC4A-F842-4444-9DA4-12A798EF5551}) (Version:  - Microsoft)
DYMO LabelWriter Drivers (HKLM\...\{CE16D92B-50F3-4FC5-B29C-13FAFEE1A6C6}) (Version: 8.3.0.443 - Sanford L.P.)
EASYLABEL Platinum (HKLM\...\EASYLABELPLAT) (Version:  - )
Genesis R&D SQL (HKLM\...\{B22CC1EA-3B11-449C-8AE8-6EA7BCEDCC19}) (Version: 9.12.1 - ESHA Research Inc.)
GFI Business Agent (HKLM\...\{C1D1FC57-3EB9-4B21-BCA3-F1C927508200}) (Version: 6.2.5530 - GFI Software)
GFI Business Agent (Version: 6.2.5530 - GFI Software) Hidden
ImagXpress (Version: 7.0.74.0 - Nero AG) Hidden
Intel® Graphics Media Accelerator Driver (HKLM\...\HDMI) (Version:  - Intel Corporation)
Intel® Matrix Storage Manager (HKLM\...\{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}) (Version:  - Intel Corporation)
ITSupport247-DPMA (HKLM\...\SAAZOD) (Version: 5.2.3 - Continuum Managed Services LLC)
iTunes (HKLM\...\{2A697B53-0DE3-42DA-B41D-C3F804B1C538}) (Version: 10.2.1.1 - Apple Inc.)
Keyscan System VII Client (HKLM\...\{1C2D030F-AECD-4E72-A8FD-AB4242BDA7C6}) (Version: 7.0.7 - Keyscan Inc.)
LAN-Fax Utilities (HKLM\...\LAN-Fax Utilities) (Version:  - )
LogMeIn (HKLM\...\{36E0F777-19FE-4454-BB2D-84206758EA85}) (Version: 4.1.2651 - LogMeIn, Inc.)
LogMeIn (HKLM\...\{5C5778DB-3E5A-499D-865D-740E67D1F165}) (Version: 4.1.2600 - LogMeIn, Inc.)
Malwarebytes Anti-Malware version 2.0.2.1012 (HKLM\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.2.1012 - Malwarebytes Corporation)
MAS 90 Workstation (HKLM\...\MAS 90 Workstation) (Version:  - )
Maxithermal (HKLM\...\{33D79CB9-E6CF-458B-A3FC-41419B8088AC}) (Version: 1.0.0 - Marathon Product Inc)
MDAS-Pro  (HKLM\...\Marathon_Products) (Version: 1.0 - Marathon Products)
Mexican Module for Microsoft Dynamics NAV Classic Client (Version: 6.0.29626.0 - Microsoft Corporation) Hidden
Mexican Module for Microsoft Dynamics NAV Documentation (Version: 6.0.29626.0 - Microsoft Corporation) Hidden
Mexican Module for Microsoft Dynamics NAV Role Tailored Client (Version: 6.0.29626.0 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4.5 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50709 - Microsoft Corporation)
Microsoft .NET Framework 4.5 (Version: 4.5.50709 - Microsoft Corporation) Hidden
Microsoft Chart Controls for Microsoft .NET Framework 3.5 (KB2500170) (HKLM\...\{41785C66-90F2-40CE-8CB5-1C94BFC97280}) (Version: 3.5.30730.0 - Microsoft Corporation)
Microsoft Dynamics NAV 2009 Classic (Version: 6.0.29626.0 - Microsoft Corporation) Hidden
Microsoft Dynamics NAV 2009 RoleTailored Client (Version: 6.0.29626.0 - Microsoft Corporation) Hidden
Microsoft Dynamics NAV 2009 SP1 (HKLM\...\DynamicsNav60) (Version: 6.0.29626.0 - Microsoft Corporation)
Microsoft Dynamics NAV 6.0 Setup (Version: 6.0.29626.0 - Microsoft Corporation) Hidden
Microsoft Mouse and Keyboard Center (HKLM\...\Microsoft Mouse and Keyboard Center) (Version: 2.2.173.0 - Microsoft Corporation)
Microsoft Mouse and Keyboard Center (Version: 2.2.173.0 - Microsoft Corporation) Hidden
Microsoft Office 2010 Service Pack 1 (SP1) (HKLM\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{047B0968-E622-4FAA-9B4B-121FA109EDDE}) (Version:  - Microsoft)
Microsoft Office 2010 Service Pack 1 (SP1) (Version:  - Microsoft) Hidden
Microsoft Office Access MUI (English) 2010 (Version: 14.0.6029.1000 - Microsoft Corporation) Hidden
Microsoft Office Access Setup Metadata MUI (English) 2010 (Version: 14.0.6029.1000 - Microsoft Corporation) Hidden
Microsoft Office Excel MUI (English) 2010 (Version: 14.0.6029.1000 - Microsoft Corporation) Hidden
Microsoft Office Groove MUI (English) 2010 (Version: 14.0.6029.1000 - Microsoft Corporation) Hidden
Microsoft Office InfoPath MUI (English) 2010 (Version: 14.0.6029.1000 - Microsoft Corporation) Hidden
Microsoft Office OneNote MUI (English) 2010 (Version: 14.0.6029.1000 - Microsoft Corporation) Hidden
Microsoft Office Outlook MUI (English) 2010 (Version: 14.0.6029.1000 - Microsoft Corporation) Hidden
Microsoft Office PowerPoint MUI (English) 2010 (Version: 14.0.6029.1000 - Microsoft Corporation) Hidden
Microsoft Office Professional Plus 2010 (HKLM\...\Office14.PROPLUSR) (Version: 14.0.6029.1000 - Microsoft Corporation)
Microsoft Office Professional Plus 2010 (Version: 14.0.6029.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (English) 2010 (Version: 14.0.6029.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (French) 2010 (Version: 14.0.6029.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (Spanish) 2010 (Version: 14.0.6029.1000 - Microsoft Corporation) Hidden
Microsoft Office Proofing (English) 2010 (Version: 14.0.6029.1000 - Microsoft Corporation) Hidden
Microsoft Office Proofing (English) 2013 (Version: 15.0.4420.1017 - Microsoft Corporation) Hidden
Microsoft Office Proofing Tools 2013 - English (Version: 15.0.4420.1017 - Microsoft Corporation) Hidden
Microsoft Office Proofing Tools 2013 - Español (Version: 15.0.4420.1017 - Microsoft Corporation) Hidden
Microsoft Office Publisher MUI (English) 2010 (Version: 14.0.6029.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared MUI (English) 2010 (Version: 14.0.6029.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared MUI (English) 2013 (Version: 15.0.4420.1017 - Microsoft Corporation) Hidden
Microsoft Office Shared Setup Metadata MUI (English) 2010 (Version: 14.0.6029.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared Setup Metadata MUI (English) 2013 (Version: 15.0.4420.1017 - Microsoft Corporation) Hidden
Microsoft Office Word MUI (English) 2010 (Version: 14.0.6029.1000 - Microsoft Corporation) Hidden
Microsoft OLE DB Provider for Visual FoxPro (HKLM\...\{CD5DC4AA-7D62-48D9-B756-5925471001FE}) (Version: 9.0.0.3504 - Microsoft Corporation)
Microsoft Report Viewer Redistributable 2008 (KB971119) (HKLM\...\Microsoft Report Viewer Redistributable 2008 (KB971119)) (Version:  - Microsoft Corporation)
Microsoft Report Viewer Redistributable 2008 (KB971119) (Version: 9.0.30731 - Microsoft Corporation) Hidden
Microsoft Report Viewer Redistributable 2008 SP1 (HKLM\...\Microsoft Report Viewer Redistributable 2008 SP1) (Version:  - Microsoft Corporation)
Microsoft Report Viewer Redistributable 2008 SP1 (Version: 9.0.30729 - Microsoft Corporation) Hidden
Microsoft SharePoint Designer 2013 (HKLM\...\Office15.SharePointDesigner) (Version: 15.0.4420.1017 - Microsoft Corporation)
Microsoft SharePoint Designer 2013 (Version: 15.0.4420.1017 - Microsoft Corporation) Hidden
Microsoft SharePoint Designer MUI (English) 2013 (Version: 15.0.4420.1017 - Microsoft Corporation) Hidden
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30214.0 - Microsoft Corporation)
Microsoft SOAP Toolkit 3.0 (HKLM\...\{BCB4C18A-ACA6-4383-8688-E19933A705DD}) (Version: 3.0.1325.4 - Microsoft Corporation)
Microsoft SQL Server 2005 (HKLM\...\Microsoft SQL Server 2005) (Version:  - Microsoft Corporation)
Microsoft SQL Server 2005 Express Edition (ACRONIS) (Version: 9.3.4035.00 - Microsoft Corporation) Hidden
Microsoft SQL Server 2005 Tools Express Edition (Version: 9.4.5000.00 - Microsoft Corporation) Hidden
Microsoft SQL Server 2008 R2 Native Client (HKLM\...\{4AB6A079-178B-4144-B21F-4D1AE71666A2}) (Version: 10.50.1600.1 - Microsoft Corporation)
Microsoft SQL Server Native Client (HKLM\...\{7670D32F-DAE6-4E49-8C8B-B3F08B5B1686}) (Version: 9.00.5000.00 - Microsoft Corporation)
Microsoft SQL Server Setup Support Files (English) (HKLM\...\{53F5C3EE-05ED-4830-994B-50B2F0D50FCE}) (Version: 9.00.5000.00 - Microsoft Corporation)
Microsoft SQL Server VSS Writer (HKLM\...\{56B4002F-671C-49F4-984C-C760FE3806B5}) (Version: 9.00.4035.00 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148 (HKLM\...\{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 (HKLM\...\{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}) (Version: 9.0.30729.5570 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022.218 (HKLM\...\{E503B4BF-F7BB-3D5F-8BC8-F694B1CFF942}) (Version: 9.0.21022.218 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual J# 2.0 Redistributable Package - SE (HKLM\...\Microsoft Visual J# 2.0 Redistributable Package - SE) (Version:  - Microsoft Corporation)
Microsoft Visual J# 2.0 Redistributable Package - SE (Version: 2.0.50728 - Microsoft Corporation) Hidden
Microsoft XML Parser (Version: 8.70.1104.04 - Microsoft Corporation) Hidden
Microsoft_VC80_ATL_x86 (Version: 8.0.50727.4053 - Adobe) Hidden
Microsoft_VC80_CRT_x86 (Version: 8.0.50727.4053 - Adobe) Hidden
Microsoft_VC80_MFC_x86 (Version: 8.0.50727.4053 - Adobe) Hidden
Microsoft_VC80_MFCLOC_x86 (Version: 8.0.50727.4053 - Adobe) Hidden
Microsoft_VC90_ATL_x86 (Version: 1.00.0000 - Adobe) Hidden
Microsoft_VC90_CRT_x86 (Version: 1.00.0000 - Adobe) Hidden
Microsoft_VC90_MFC_x86 (Version: 1.00.0000 - Adobe) Hidden
Motorola DataWedge 3.3 (HKLM\...\{7D2FE2D3-B4EA-4629-8B9D-59F2E0259D46}) (Version: 3.3.19 - Motorola)
MSXML 4.0 SP2 (KB954430) (HKLM\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
MSXML 4.0 SP2 Parser and SDK (HKLM\...\{716E0306-8318-4364-8B8F-0CC4E9376BAC}) (Version: 4.20.9818.0 - Microsoft Corporation)
Nero 9 Essentials (HKLM\...\{cf8a4834-4d9c-43b5-923d-7f56b9168d93}) (Version:  - Nero AG)
Nero ControlCenter (Version: 9.0.0.1 - Nero AG) Hidden
Nero DiscSpeed (Version: 5.4.7.201 - Nero AG) Hidden
Nero DiscSpeed Help (Version: 5.4.4.100 - Nero AG) Hidden
Nero DriveSpeed (Version: 4.4.7.201 - Nero AG) Hidden
Nero DriveSpeed Help (Version: 4.4.4.100 - Nero AG) Hidden
Nero Express Help (Version: 9.4.9.100 - Nero AG) Hidden
Nero InfoTool (Version: 6.4.7.201 - Nero AG) Hidden
Nero InfoTool Help (Version: 6.4.4.100 - Nero AG) Hidden
Nero Installer (Version: 4.4.8.1 - Nero AG) Hidden
Nero Online Upgrade (Version: 1.3.0.0 - Nero AG) Hidden
Nero StartSmart (Version: 9.4.11.209 - Nero AG) Hidden
Nero StartSmart Help (Version: 9.4.11.208 - Nero AG) Hidden
Nero StartSmart OEM (Version: 9.16.0.100 - Nero AG) Hidden
NeroExpress (Version: 9.4.10.505 - Nero AG) Hidden
neroxml (Version: 1.0.0 - Nero AG) Hidden
Notepad++ (HKLM\...\Notepad++) (Version: 5.6.8 - )
novaPDF v7 (novaPDF 7.7 printer) (HKLM\...\novaPDF v7_is1) (Version:  - Softland)
NVIDIA Drivers (HKLM\...\NVIDIA Drivers) (Version: 1.7 - )
OstroSoft SMTP Component (HKLM\...\{CE9B44EB-8511-4E19-BA88-A12627D52008}) (Version: 1.0.0 - OstroSoft)
Outils de vérification linguistique 2013 de Microsoft Office - Français (Version: 15.0.4420.1017 - Microsoft Corporation) Hidden
PDF Architect 2 View Module (HKLM\...\{3DA20A12-AD9F-4A75-8A6F-5204EEB94359}) (Version: 2.0.5.16319 - pdfforge GmbH)
PDF Settings (Version: 1.0 - Adobe Systems Incorporated) Hidden
PDF Settings CS5 (Version: 10.0 - Adobe Systems Incorporated) Hidden
PDFCreator (HKLM\...\{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}) (Version: 1.7.3 - pdfforge)
ProcessPro Premier 10.2 WorkStation  (HKLM\...\{D9EFA000-AE0B-4929-925E-C12D9E40E5E6}) (Version: 10.21 - ProcessPro Premier)
QuickTime (HKLM\...\{57752979-A1C9-4C02-856B-FBB27AC4E02C}) (Version: 7.69.80.9 - Apple Inc.)
Realtek High Definition Audio Driver (HKLM\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.5898 - Realtek Semiconductor Corp.)
Remote Desktop Connection Manager (HKLM\...\{173A2B7F-535A-4403-A454-B41531EF0D7F}) (Version: 2.2.0423 - Microsoft Corporation)
SAP Crystal Reports runtime engine for .NET Framework 4 (32-bit) (HKLM\...\{083988D7-BDA9-4244-983B-409A634BBC09}) (Version: 13.0.1.220 - SAP)
ServiceInstaller (HKLM\...\ServiceInstaller) (Version:  - )
Setup (HKLM\...\{06CA3EA6-092E-4BA6-83E7-13950FECB3AF}) (Version: 1.0.0 - Microsoft)
Skype™ 5.10 (HKLM\...\{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}) (Version: 5.10.116 - Skype Technologies S.A.)
Softshare EDI Notepad (HKLM\...\{81FE9EFB-5A37-4B1D-881B-3C8E5E955A34}) (Version:  - )
Surveillix Remote (HKLM\...\InstallShield_{C193C75D-02BF-4F9D-8981-0843A7EABF39}) (Version: 4.01.0201 - Surveillix)
Surveillix Remote (Version: 4.01.0201 - Surveillix) Hidden
Surveillix SCS (HKLM\...\InstallShield_{1D7692D6-F8EC-42B7-808D-23970A2930C4}) (Version: 4.01.0401 - Surveillix)
Surveillix SCS (Version: 4.01.0401 - Surveillix) Hidden
TeamViewer 8 (HKLM\...\TeamViewer 8) (Version: 8.0.16642 - TeamViewer)
TrueCommerce Diagnostics Tool (HKLM\...\{91D5592A-CA01-4610-AC0C-6FEF99F9FEDF}) (Version: 7.1.0 - True Commerce, Inc)
TrueCommerce Transaction Manager (HKLM\...\{82CD6A04-6259-4EF0-BFA6-25D07EF5A875}) (Version: 7.1.0 - True Commerce, Inc)
Update for Microsoft Access 2010 (KB2553446) 32-Bit Edition (HKLM\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{B4A38370-2ADB-46B0-A1B0-0C4A2F7DCA31}) (Version:  - Microsoft)
Update for Microsoft Filter Pack 2.0 (KB2878281) 32-Bit Edition (HKLM\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{302A8FE3-EBF5-486C-A431-16A1CD914443}) (Version:  - Microsoft)
Update for Microsoft InfoPath 2010 (KB2817369) 32-Bit Edition (HKLM\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{4EEA3D3E-989C-4DF4-AB0A-3042C0C12AA3}) (Version:  - Microsoft)
Update for Microsoft InfoPath 2010 (KB2817396) 32-Bit Edition (HKLM\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{39767ECA-1731-45DB-AB5B-6BF40E151D66}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2494150) (HKLM\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{3FCFD88F-4D13-4F38-8625-ABABEA7F61EA}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2553267) 32-Bit Edition (HKLM\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{18B3CF2A-73F7-4716-B1AE-86D68726D408}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2553310) 32-Bit Edition (HKLM\...\{90140000-006E-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{73E67A3A-8D61-44EF-90C2-1697C3DBE668}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2566458) (HKLM\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{EFB525A0-E1C0-4E32-9968-FE401BC87363}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2589298) 32-Bit Edition (HKLM\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{DADF7E25-FFA4-4D02-BE84-1DAE62C18516}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2589352) 32-Bit Edition (HKLM\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{F4284D93-7AE8-4309-8CF3-9AD394F35F3A}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2589375) 32-Bit Edition (HKLM\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{287A1E92-9E41-4BC1-8920-B3D0E9220800}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2596964) 32-Bit Edition (HKLM\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{ED31DE9A-3E13-4E2C-9106-E0D8AFFB9FA6}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2597087) 32-Bit Edition (HKLM\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{9D69691D-823D-4C3E-9B12-563A3F520366}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2760598) 32-Bit Edition (HKLM\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{ECFE33A3-B8B7-439A-ADE4-59FBD29EF9B8}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2760631) 32-Bit Edition (HKLM\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{35698CB7-AAA2-4577-B505-DBFF504AEF23}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2794737) 32-Bit Edition (HKLM\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{5AA578BB-759C-40FD-9661-A737C0884541}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2825635) 32-Bit Edition (HKLM\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{F1A20C69-9FE5-40FD-9CD5-84EABC2EF64A}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2825640) 32-Bit Edition (HKLM\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{BA610006-2C39-4419-9834-CF61AB24810A}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2850079) 32-Bit Edition (HKLM\...\{90140000-001F-040C-0000-0000000FF1CE}_Office14.PROPLUSR_{82F87E28-B18E-46D6-A399-E2F19CF5949B}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2850079) 32-Bit Edition (HKLM\...\{90140000-001F-0C0A-0000-0000000FF1CE}_Office14.PROPLUSR_{5E8EB600-8B94-429E-873E-98369C6DC1BC}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2878225) 32-Bit Edition (HKLM\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{EFF5EBA3-40AD-4859-85E7-3C1CF4F297EB}) (Version:  - Microsoft)
Update for Microsoft Office 2013 (KB2726954) 32-Bit Edition (HKLM\...\{90150000-0017-0000-0000-0000000FF1CE}_Office15.SharePointDesigner_{4F307363-49DA-4AE7-9D9D-DAA1FF59274F}) (Version:  - Microsoft)
Update for Microsoft Office 2013 (KB2726996) 32-Bit Edition (HKLM\...\{90150000-0017-0000-0000-0000000FF1CE}_Office15.SharePointDesigner_{6E6B2968-B9D7-40C9-9FC2-8E729DDBB39C}) (Version:  - Microsoft)
Update for Microsoft Office 2013 (KB2738038) 32-Bit Edition (HKLM\...\{90150000-0017-0000-0000-0000000FF1CE}_Office15.SharePointDesigner_{AFDC9BDD-5608-4A21-8066-13E2ACE1EDB4}) (Version:  - Microsoft)
Update for Microsoft Office 2013 (KB2760224) 32-Bit Edition (HKLM\...\{90150000-0017-0000-0000-0000000FF1CE}_Office15.SharePointDesigner_{4F8AD68D-9F41-446E-AA81-C43BF88671BF}) (Version:  - Microsoft)
Update for Microsoft Office 2013 (KB2760242) 32-Bit Edition (HKLM\...\{90150000-0017-0000-0000-0000000FF1CE}_Office15.SharePointDesigner_{BCD0EA38-A8FB-4F3D-B04E-DFFB38BC7849}) (Version:  - Microsoft)
Update for Microsoft Office 2013 (KB2760267) 32-Bit Edition (HKLM\...\{90150000-0017-0000-0000-0000000FF1CE}_Office15.SharePointDesigner_{9E03AB38-EF60-4DE6-92FB-656E23403BFA}) (Version:  - Microsoft)
Update for Microsoft Office 2013 (KB2760344) 32-Bit Edition (HKLM\...\{90150000-0017-0000-0000-0000000FF1CE}_Office15.SharePointDesigner_{A7610F07-E844-4444-8E1D-D5BC8AD0B4C5}) (Version:  - Microsoft)
Update for Microsoft Office 2013 (KB2760544) 32-Bit Edition (HKLM\...\{90150000-0017-0000-0000-0000000FF1CE}_Office15.SharePointDesigner_{45B7D395-EB9B-414F-9E46-5849B42326E2}) (Version:  - Microsoft)
Update for Microsoft Office 2013 (KB2760610) 32-Bit Edition (HKLM\...\{90150000-0017-0000-0000-0000000FF1CE}_Office15.SharePointDesigner_{B299B17D-874D-43DD-84AA-414BD9C70021}) (Version:  - Microsoft)
Update for Microsoft Office 2013 (KB2768012) 32-Bit Edition (HKLM\...\{90150000-0017-0000-0000-0000000FF1CE}_Office15.SharePointDesigner_{66421820-D3CA-450A-898C-78D7E40108E6}) (Version:  - Microsoft)
Update for Microsoft Office 2013 (KB2768016) 32-Bit Edition (HKLM\...\{90150000-006E-0409-0000-0000000FF1CE}_Office15.SharePointDesigner_{A07ABCD5-4CAF-4493-A591-A6233EF13C7F}) (Version:  - Microsoft)
Update for Microsoft Office 2013 (KB2817490) 32-Bit Edition (HKLM\...\{90150000-0017-0000-0000-0000000FF1CE}_Office15.SharePointDesigner_{188DFB16-BA3F-4AD3-9432-45C8FA64EC8B}) (Version:  - Microsoft)
Update for Microsoft Office 2013 (KB2826040) 32-Bit Edition (HKLM\...\{90150000-0017-0000-0000-0000000FF1CE}_Office15.SharePointDesigner_{B7EA8070-C37F-4617-82F4-52CF3304595A}) (Version:  - Microsoft)
Update for Microsoft Office 2013 (KB2827225) 32-Bit Edition (HKLM\...\{90150000-0017-0000-0000-0000000FF1CE}_Office15.SharePointDesigner_{C5CF8938-646A-41A5-A4E6-6EEE4205CBA4}) (Version:  - Microsoft)
Update for Microsoft Office 2013 (KB2827230) 32-Bit Edition (HKLM\...\{90150000-0017-0000-0000-0000000FF1CE}_Office15.SharePointDesigner_{954A0EA5-CCCB-4B4E-8664-40E2CC8BBCBB}) (Version:  - Microsoft)
Update for Microsoft Office 2013 (KB2827239) 32-Bit Edition (HKLM\...\{90150000-0017-0000-0000-0000000FF1CE}_Office15.SharePointDesigner_{4B1A48FA-CAE2-49BB-A912-6F96AE7875D9}) (Version:  - Microsoft)
Update for Microsoft Office 2013 (KB2878313) 32-Bit Edition (HKLM\...\{90150000-0017-0000-0000-0000000FF1CE}_Office15.SharePointDesigner_{1FB43AFB-8112-41B9-B9A6-A43474F46123}) (Version:  - Microsoft)
Update for Microsoft Office 2013 (KB2880457) 32-Bit Edition (HKLM\...\{90150000-0017-0000-0000-0000000FF1CE}_Office15.SharePointDesigner_{D27F6360-AE1E-4C8C-8ECD-C0375E20B923}) (Version:  - Microsoft)
Update for Microsoft Office 2013 (KB2880462) 32-Bit Edition (HKLM\...\{90150000-0017-0000-0000-0000000FF1CE}_Office15.SharePointDesigner_{5D6439FF-D651-4B13-B52E-2508AB9DE19D}) (Version:  - Microsoft)
Update for Microsoft Office 2013 (KB2880462) 32-Bit Edition (HKLM\...\{90150000-006E-0409-0000-0000000FF1CE}_Office15.SharePointDesigner_{5D6439FF-D651-4B13-B52E-2508AB9DE19D}) (Version:  - Microsoft)
Update for Microsoft Office 2013 (KB2880464) 32-Bit Edition (HKLM\...\{90150000-0017-0000-0000-0000000FF1CE}_Office15.SharePointDesigner_{06EF2BF7-7351-4D70-A0D5-588FCCF9808D}) (Version:  - Microsoft)
Update for Microsoft Office 2013 (KB2880476) 32-Bit Edition (HKLM\...\{90150000-0017-0000-0000-0000000FF1CE}_Office15.SharePointDesigner_{DDF64A37-8E32-406E-A94C-9F5B03661A21}) (Version:  - Microsoft)
Update for Microsoft Office 2013 (KB2880478) 32-Bit Edition (HKLM\...\{90150000-0017-0000-0000-0000000FF1CE}_Office15.SharePointDesigner_{7C5CEE0F-6823-4BB7-A28F-76FEC14EB6AC}) (Version:  - Microsoft)
Update for Microsoft Office 2013 (KB2880991) 32-Bit Edition (HKLM\...\{90150000-001F-0409-0000-0000000FF1CE}_Office15.SharePointDesigner_{3365FE58-896F-45DE-8051-E48F6D8069FD}) (Version:  - Microsoft)
Update for Microsoft Office 2013 (KB2880991) 32-Bit Edition (HKLM\...\{90150000-001F-040C-0000-0000000FF1CE}_Office15.SharePointDesigner_{A2D4D766-14AE-46CA-BD99-801FB1523626}) (Version:  - Microsoft)
Update for Microsoft Office 2013 (KB2880991) 32-Bit Edition (HKLM\...\{90150000-001F-0C0A-0000-0000000FF1CE}_Office15.SharePointDesigner_{17F87C6D-FB2C-40BA-9228-5C49C9A27972}) (Version:  - Microsoft)
Update for Microsoft OneNote 2010 (KB2553290) 32-Bit Edition (HKLM\...\{90140000-00A1-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{9865DC3A-2898-48D9-B96A-46397571C934}) (Version:  - Microsoft)
Update for Microsoft OneNote 2010 (KB2837595) 32-Bit Edition (HKLM\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{51CCA922-A0CC-47C4-8910-6936D97CAC2E}) (Version:  - Microsoft)
Update for Microsoft Outlook 2010 (KB2687567) 32-Bit Edition (HKLM\...\{90140000-001A-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{DCE104A1-1875-4469-A83D-A5BFA6C4640F}) (Version:  - Microsoft)
Update for Microsoft Outlook 2010 (KB2687567) 32-Bit Edition (HKLM\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{2AB483F1-C86E-427A-83B4-23889B03512D}) (Version:  - Microsoft)
Update for Microsoft Outlook 2013 (KB2880470) 32-Bit Edition (HKLM\...\{90150000-0017-0000-0000-0000000FF1CE}_Office15.SharePointDesigner_{1BCA67A6-5329-48D0-A088-C097AC7A14BD}) (Version:  - Microsoft)
Update for Microsoft Outlook Social Connector 2010 (KB2553406) 32-Bit Edition (HKLM\...\{90140000-001A-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{1EEFF749-6F29-4F0B-AB08-4C6EA52AA110}) (Version:  - Microsoft)
Update for Microsoft Outlook Social Connector 2010 (KB2553406) 32-Bit Edition (HKLM\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{BC6DFBFD-16DD-47E1-A7EF-2C062930FA4F}) (Version:  - Microsoft)
Update for Microsoft PowerPoint 2010 (KB2837579) 32-Bit Edition (HKLM\...\{90140000-0018-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{334AA0A1-2BB1-4D74-B66A-2B2C4D9C2C87}) (Version:  - Microsoft)
Update for Microsoft PowerPoint 2010 (KB2837579) 32-Bit Edition (HKLM\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{2BA40F82-F3A4-441C-BF1A-ED4C42FF4872}) (Version:  - Microsoft)
Update for Microsoft SharePoint Workspace 2010 (KB2760601) 32-Bit Edition (HKLM\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{F9F5A080-AF38-4966-9A6B-C43DCA465035}) (Version:  - Microsoft)
Update for Microsoft Visio 2010 (KB2880526) 32-Bit Edition (HKLM\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{7B29D8B8-6A87-496C-A65E-B935E740448A}) (Version:  - Microsoft)
Update for Microsoft Visio Viewer 2010 (KB2837587) 32-Bit Edition (HKLM\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{38CF30E4-3348-4BD1-A859-B630C355A56F}) (Version:  - Microsoft)
Update for Microsoft Visio Viewer 2013 (KB2817301) 32-Bit Edition (HKLM\...\{90150000-0017-0000-0000-0000000FF1CE}_Office15.SharePointDesigner_{25C61889-2E44-4BE1-9E96-9364BFDCF501}) (Version:  - Microsoft)
Update for Microsoft Visio Viewer 2013 (KB2817301) 32-Bit Edition (HKLM\...\{90150000-006E-0409-0000-0000000FF1CE}_Office15.SharePointDesigner_{25C61889-2E44-4BE1-9E96-9364BFDCF501}) (Version:  - Microsoft)
Update for Microsoft Word 2010 (KB2880529) 32-Bit Edition (HKLM\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{B9B89E01-5B6B-4F73-BC34-B2C0D8ACB4CD}) (Version:  - Microsoft)
Update for Microsoft Word 2013 (KB2881005) 32-Bit Edition (HKLM\...\{90150000-0017-0000-0000-0000000FF1CE}_Office15.SharePointDesigner_{F60958B9-F8A9-488F-99AD-8A6D95070CD8}) (Version:  - Microsoft)
Veriton ControlCenter (HKLM\...\{A78190D6-A513-4C5D-BC20-CFE14F1CD5E3}) (Version: 1.00.3004 - Acer Incorporated)
Visual FoxPro ODBC Driver (HKLM\...\{31821EFE-1B31-4744-9FB0-208F92BD7168}) (Version: 1.0.0 - Microsoft Corporation)
VLC media player 1.0.5 (HKLM\...\VLC media player) (Version: 1.0.5 - VideoLAN Team)
VMware vSphere Client 4.0 (HKLM\...\{C40698F9-A861-4531-9F8C-FA7F8961375B}) (Version: 4.0.0.10021 - VMware, Inc.)
VMware vSphere Client 4.1 (HKLM\...\{A0B433B1-941D-46F5-AE59-286263534232}) (Version: 4.1.0.12319 - VMware, Inc.)
VMware vSphere Client 5.0 (HKLM\...\{04805AB6-F757-496A-8D56-37A0FC5FF6F3}) (Version: 5.0.0.16964 - VMware, Inc.)
VMware vSphere Host Update Utility 4.0 (HKLM\...\{9BC51C0F-DA8E-4370-9997-899B3435A647}) (Version: 4.0.0.10021 - VMware, Inc.)
Welcome Center (HKLM\...\Acer Welcome Center) (Version: 1.00.3005 - Acer Incorporated)
Windows Mobile Device Center (HKLM\...\{904CCF62-818D-4675-BC76-D37EB399F917}) (Version: 6.1.6965.0 - Microsoft Corporation)
WinRAR archiver (HKLM\...\WinRAR archiver) (Version:  - )
WinSCP 4.2.7 (HKLM\...\winscp3_is1) (Version: 4.2.7 - Martin Prikryl)

==================== Restore Points  =========================

20-06-2014 04:00:02 Scheduled Checkpoint
23-06-2014 18:29:24 OTL Restore Point - 23/06/2014 2:29:23 PM

==================== Hosts content: ==========================

2009-07-13 22:04 - 2014-06-24 09:38 - 00000027 ____A C:\Windows\system32\Drivers\etc\hosts
127.0.0.1       localhost

==================== Scheduled Tasks (whitelisted) =============

Task: {15405954-CEC3-4D5D-9AC8-42C65529295B} - System32\Tasks\Microsoft\Microsoft Antimalware\Microsoft Antimalware Scheduled Scan => C:\Program Files\Microsoft Security Client\MpCmdRun.exe
Task: {1684FD86-F293-4345-BDE1-42C5372F84C5} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2013-12-27] (Adobe Systems Incorporated)
Task: {2EDBE6C9-7368-4B45-8589-503F5305FB9B} - System32\Tasks\Microsoft_Hardware_Launch_ipoint_exe => C:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe [2013-05-13] (Microsoft Corporation)
Task: {323FF028-C56F-4C1C-AEF9-C2D1416E789D} - System32\Tasks\{DE99B555-530A-40E1-98E3-7D90C87F24A2} => C:\Program Files\Skype\Phone\Skype.exe [2012-07-13] (Skype Technologies S.A.)
Task: {38B30748-F6EE-4C2E-8DB7-6EE04F489A21} - System32\Tasks\Microsoft_MKC_Logon_Task_itype.exe => C:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe [2013-05-13] (Microsoft Corporation)
Task: {496AB70D-D95D-481D-A81C-E5790EECEB30} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files\Apple Software Update\SoftwareUpdate.exe [2009-10-22] (Apple Inc.)
Task: {49B68C26-CCB6-4FA5-909A-202A2D51B90F} - System32\Tasks\Microsoft_MKC_Logon_Task_ipoint.exe => C:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe [2013-05-13] (Microsoft Corporation)
Task: {4F58C6EE-B4C0-42ED-BAAF-678DEEC74B7A} - System32\Tasks\Microsoft\Office\Office 15 Subscription Heartbeat => C:\Program Files\Common Files\Microsoft Shared\Office15\OLicenseHeartbeat.exe [2012-10-01] (Microsoft Corporation)
Task: {9D36E998-9B95-468B-BEDD-BFAB77BEE110} - System32\Tasks\Recovery Management\Burn Notification => C:\Program Files\Acer\Acer eRecovery Management\NotificationCenter\Notification.exe [2009-07-09] (Acer)
Task: {B72CFB99-4F68-40ED-9743-972D0F655EA3} - System32\Tasks\Microsoft_Hardware_Launch_itype_exe => C:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe [2013-05-13] (Microsoft Corporation)
Task: {FCAB1A28-A2E2-40F7-8073-082F11649C10} - System32\Tasks\Microsoft_Hardware_Launch_mousekeyboardcenter_exe => C:\Program Files\Microsoft Mouse and Keyboard Center\mousekeyboardcenter.exe [2013-05-13] (Microsoft)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe

==================== Loaded Modules (whitelisted) =============

2007-01-02 16:17 - 2008-02-27 14:49 - 01075297 _____ () C:\Windows\system32\spool\DRIVERS\W32X86\3\RCD6D130.DLL
2014-02-18 23:29 - 2014-02-18 23:29 - 00323816 _____ () C:\Program Files\Common Files\Acronis\BackupAndRecovery\Common\events_trace.dll
2014-02-18 23:29 - 2014-02-18 23:29 - 00282624 _____ () C:\Program Files\Common Files\Acronis\BackupAndRecovery\Common\fnls.dll
2014-02-18 23:30 - 2014-02-18 23:30 - 00440192 _____ () C:\Program Files\Common Files\Acronis\BackupAndRecovery\Common\FileTrace.dll
2014-02-18 23:31 - 2014-02-18 23:31 - 00935336 _____ () C:\Program Files\Acronis\AMS\human_resolving_ams.dll
2014-02-18 23:30 - 2014-02-18 23:30 - 00487176 _____ () C:\Program Files\Acronis\AMS\ams_statistic_addon.dll
2009-10-08 21:05 - 2009-02-17 20:01 - 00024576 _____ () C:\Program Files\Acer\Empowering Technology\Service\ETService.exe
2009-10-08 21:05 - 2009-10-08 21:05 - 00032768 _____ () C:\Windows\assembly\GAC_MSIL\Framework.Model.Controller\3.0.5000.0__14bcaafdb44b5951\Framework.Model.Controller.dll
2009-10-08 21:05 - 2009-10-08 21:05 - 00020480 _____ () C:\Windows\assembly\GAC_MSIL\Framework.Model.ControllerInterface\3.0.5000.0__d842b71b4d6ed079\Framework.Model.ControllerInterface.dll
2009-10-08 21:05 - 2009-10-08 21:05 - 00061440 _____ () C:\Windows\assembly\GAC_MSIL\Framework.Library\3.0.5000.0__3036420f80dd6947\Framework.Library.dll
2009-10-08 21:05 - 2009-10-08 21:05 - 00028672 _____ () C:\Windows\assembly\GAC_MSIL\Framework.Host\3.0.5000.0__672b450de5a7e94a\Framework.Host.dll
2009-10-08 21:05 - 2009-10-08 21:05 - 00016384 _____ () C:\Windows\assembly\GAC_MSIL\Framework.PluginInterface\3.0.5000.0__9ecdf03bb2054f94\Framework.PluginInterface.dll
2009-10-08 21:17 - 2009-05-04 15:09 - 00016384 _____ () C:\Program Files\Acer\Empowering Technology\eSettings\eSettings.ServicePlugin.dll
2009-10-08 21:17 - 2009-05-04 15:08 - 00016384 _____ () C:\Program Files\Acer\Empowering Technology\eSettings\eSettings.Logger.dll
2009-10-08 21:17 - 2009-05-04 15:09 - 00143360 _____ () C:\Program Files\Acer\Empowering Technology\eSettings\eSettings.Model.Computer.dll
2009-10-08 21:17 - 2009-05-04 15:08 - 00036864 _____ () C:\Program Files\Acer\Empowering Technology\Service\eSettings.Model.ComputerInterface.dll
2009-02-02 20:33 - 2009-02-02 20:33 - 00460199 _____ () C:\Program Files\NewTech Infosystems\Acer Backup Manager\sqlite3.dll
2008-09-28 20:55 - 2008-09-28 20:55 - 01076224 _____ () C:\Program Files\NewTech Infosystems\Acer Backup Manager\ACE.dll
2013-01-15 16:17 - 2013-01-15 16:17 - 00160768 _____ () C:\Program Files\GFI Software\GFIAgent\unrar.dll
2014-02-19 00:35 - 2014-02-19 00:35 - 00930272 _____ () C:\Program Files\Acronis\BackupAndRecovery\human_resolving_mms.dll
2014-02-19 00:29 - 2014-02-19 00:29 - 01930064 _____ () C:\Program Files\Acronis\BackupAndRecovery\msp_agent.dll
2013-09-05 01:14 - 2013-09-05 01:14 - 04300456 _____ () C:\Program Files\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF
2010-10-20 15:45 - 2010-10-20 15:45 - 08801120 _____ () C:\Program Files\Microsoft Office\Office14\1033\GrooveIntlResource.dll
2011-02-06 11:32 - 2011-02-06 11:32 - 00067872 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
2013-05-21 21:37 - 2014-06-03 11:01 - 00190752 _____ () C:\Program Files\GFI Software\GFIAgent\Definitions\libBase64.dll
2013-05-21 21:37 - 2014-06-03 11:01 - 00178464 _____ () C:\Program Files\GFI Software\GFIAgent\Definitions\libMachoUniv.dll

==================== Alternate Data Streams (whitelisted) =========

==================== Safe Mode (whitelisted) ===================

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SBAMSvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SBPIMSvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MpfService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\SAAZappr => "imagepath"=""C:\PROGRA~1\SAAZOD\zRealTime\SAAZappr.exe" SAAZappr"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\SAAZappr => "ObjectName"="LocalSystem"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\SAAZappr => "Start"="2"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\SAAZappr => "type"="110"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\SAAZapsc => "imagepath"=""C:\PROGRA~1\SAAZOD\zRealTime\SAAZapsc.exe" SAAZapsc"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\SAAZapsc => "ObjectName"="LocalSystem"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\SAAZapsc => "Start"="2"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\SAAZapsc => "type"="110"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\SBAMSvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\SBPIMSvc => ""="Service"

==================== EXE Association (whitelisted) =============

==================== MSCONFIG/TASK MANAGER disabled items =========

==================== Faulty Device Manager Devices =============

Name: LogMeIn Mirror Driver
Description: LogMeIn Mirror Driver
Class Guid: {4d36e968-e325-11ce-bfc1-08002be10318}
Manufacturer: LogMeIn, Inc.
Service: lmimirr
Problem: : Windows cannot start this hardware device because its configuration information (in the registry) is incomplete or damaged. (Code 19)
Resolution: A registry problem was detected.
 This can occur when more than one service is defined for a device, if there is a failure opening the service subkey, or if the driver name cannot be obtained from the service subkey. Try these options:
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.
Click "Uninstall", and then click "Scan for hardware changes" to load a usable driver.

==================== Event log errors: =========================

Application errors:
==================
Error: (06/24/2014 00:32:24 AM) (Source: SideBySide) (EventID: 63) (User: )
Description: Activation context generation failed for "assemblyIdentity1".Error in manifest or policy file "assemblyIdentity2" on line assemblyIdentity3.
The value "MAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINOR" of attribute "version" in element "assemblyIdentity" is invalid.

Error: (06/23/2014 09:40:56 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: PowerSaverTray.exe, version: 1.0.3005.0, time stamp: 0x49e81ef9
Faulting module name: PowerSaverTray.exe, version: 1.0.3005.0, time stamp: 0x49e81ef9
Exception code: 0xc0000005
Fault offset: 0x00001010
Faulting process id: 0x138
Faulting application start time: 0xPowerSaverTray.exe0
Faulting application path: PowerSaverTray.exe1
Faulting module path: PowerSaverTray.exe2
Report Id: PowerSaverTray.exe3

Error: (06/19/2014 00:33:02 AM) (Source: SideBySide) (EventID: 63) (User: )
Description: Activation context generation failed for "assemblyIdentity1".Error in manifest or policy file "assemblyIdentity2" on line assemblyIdentity3.
The value "MAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINOR" of attribute "version" in element "assemblyIdentity" is invalid.

Error: (06/17/2014 00:32:02 AM) (Source: SideBySide) (EventID: 63) (User: )
Description: Activation context generation failed for "assemblyIdentity1".Error in manifest or policy file "assemblyIdentity2" on line assemblyIdentity3.
The value "MAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINOR" of attribute "version" in element "assemblyIdentity" is invalid.

Error: (06/16/2014 09:47:45 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: PowerSaverTray.exe, version: 1.0.3005.0, time stamp: 0x49e81ef9
Faulting module name: PowerSaverTray.exe, version: 1.0.3005.0, time stamp: 0x49e81ef9
Exception code: 0xc0000005
Fault offset: 0x00001010
Faulting process id: 0x4494
Faulting application start time: 0xPowerSaverTray.exe0
Faulting application path: PowerSaverTray.exe1
Faulting module path: PowerSaverTray.exe2
Report Id: PowerSaverTray.exe3

Error: (06/14/2014 00:32:50 AM) (Source: SideBySide) (EventID: 63) (User: )
Description: Activation context generation failed for "assemblyIdentity1".Error in manifest or policy file "assemblyIdentity2" on line assemblyIdentity3.
The value "MAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINOR" of attribute "version" in element "assemblyIdentity" is invalid.

Error: (06/13/2014 11:56:26 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: PowerSaverTray.exe, version: 1.0.3005.0, time stamp: 0x49e81ef9
Faulting module name: PowerSaverTray.exe, version: 1.0.3005.0, time stamp: 0x49e81ef9
Exception code: 0xc0000005
Fault offset: 0x00001010
Faulting process id: 0x148c
Faulting application start time: 0xPowerSaverTray.exe0
Faulting application path: PowerSaverTray.exe1
Faulting module path: PowerSaverTray.exe2
Report Id: PowerSaverTray.exe3

Error: (06/12/2014 04:49:38 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: PowerSaverTray.exe, version: 1.0.3005.0, time stamp: 0x49e81ef9
Faulting module name: PowerSaverTray.exe, version: 1.0.3005.0, time stamp: 0x49e81ef9
Exception code: 0xc0000005
Fault offset: 0x00001010
Faulting process id: 0x1e5c
Faulting application start time: 0xPowerSaverTray.exe0
Faulting application path: PowerSaverTray.exe1
Faulting module path: PowerSaverTray.exe2
Report Id: PowerSaverTray.exe3

Error: (06/12/2014 00:33:04 AM) (Source: SideBySide) (EventID: 63) (User: )
Description: Activation context generation failed for "assemblyIdentity1".Error in manifest or policy file "assemblyIdentity2" on line assemblyIdentity3.
The value "MAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINOR" of attribute "version" in element "assemblyIdentity" is invalid.

Error: (06/11/2014 00:32:13 AM) (Source: SideBySide) (EventID: 63) (User: )
Description: Activation context generation failed for "assemblyIdentity1".Error in manifest or policy file "assemblyIdentity2" on line assemblyIdentity3.
The value "MAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINOR" of attribute "version" in element "assemblyIdentity" is invalid.

System errors:
=============
Error: (06/24/2014 10:59:20 AM) (Source: BugCheck) (EventID: 1001) (User: )
Description: 0x000000c2 (0x0000000d, 0x890d0530, 0x20707249, 0xe0000000)C:\Windows\MEMORY.DMP062414-22900-01

Error: (06/24/2014 10:59:16 AM) (Source: EventLog) (EventID: 6008) (User: )
Description: The previous system shutdown at 10:50:05 AM on ‎6/‎24/‎2014 was unexpected.

Error: (06/22/2014 06:05:19 PM) (Source: Schannel) (EventID: 4120) (User: NT AUTHORITY)
Description: The following fatal alert was generated: 40. The internal error state is 107.

Error: (06/22/2014 06:05:19 PM) (Source: Schannel) (EventID: 4106) (User: NT AUTHORITY)
Description: An SSL 3.0 connection request was received from a remote client application, but none of the cipher suites supported by the client application are supported by the server. The SSL connection request has failed.

Error: (06/18/2014 10:49:41 PM) (Source: Service Control Manager) (EventID: 7022) (User: )
Description: The VIPRE Business service hung on starting.

Error: (06/18/2014 10:44:57 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: The Power service terminated with the following error:
%%4203

Error: (06/18/2014 10:44:37 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The LMIGuardianSvc service failed to start due to the following error:
%%1053

Error: (06/18/2014 10:44:37 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the LMIGuardianSvc service to connect.

Error: (06/18/2014 10:30:48 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: The Power service terminated with the following error:
%%4203

Error: (06/18/2014 10:30:20 PM) (Source: BugCheck) (EventID: 1001) (User: )
Description: 0x00000050 (0xfffffffc, 0x00000000, 0x8327784b, 0x00000000)C:\Windows\MEMORY.DMP061814-18111-01

Microsoft Office Sessions:
=========================
Error: (06/24/2014 00:32:24 AM) (Source: SideBySide) (EventID: 63) (User: )
Description: assemblyIdentityversionMAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINORC:\Program Files\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dllC:\Program Files\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dll3

Error: (06/23/2014 09:40:56 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: PowerSaverTray.exe1.0.3005.049e81ef9PowerSaverTray.exe1.0.3005.049e81ef9c00000050000101013801cf8ee8be95119fC:\Program Files\Acer\Acer PowerSaver\PowerSaverTray.exeC:\Program Files\Acer\Acer PowerSaver\PowerSaverTray.exe002c7adf-fadc-11e3-b9f9-90fba630bb24

Error: (06/19/2014 00:33:02 AM) (Source: SideBySide) (EventID: 63) (User: )
Description: assemblyIdentityversionMAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINORC:\Program Files\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dllC:\Program Files\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dll3

Error: (06/17/2014 00:32:02 AM) (Source: SideBySide) (EventID: 63) (User: )
Description: assemblyIdentityversionMAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINORC:\Program Files\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dllC:\Program Files\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dll3

Error: (06/16/2014 09:47:45 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: PowerSaverTray.exe1.0.3005.049e81ef9PowerSaverTray.exe1.0.3005.049e81ef9c000000500001010449401cf89698a098122C:\Program Files\Acer\Acer PowerSaver\PowerSaverTray.exeC:\Program Files\Acer\Acer PowerSaver\PowerSaverTray.execb5c7f4d-f55c-11e3-b070-90fba630bb24

Error: (06/14/2014 00:32:50 AM) (Source: SideBySide) (EventID: 63) (User: )
Description: assemblyIdentityversionMAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINORC:\Program Files\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dllC:\Program Files\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dll3

Error: (06/13/2014 11:56:26 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: PowerSaverTray.exe1.0.3005.049e81ef9PowerSaverTray.exe1.0.3005.049e81ef9c000000500001010148c01cf8720064a9483C:\Program Files\Acer\Acer PowerSaver\PowerSaverTray.exeC:\Program Files\Acer\Acer PowerSaver\PowerSaverTray.exe45e0d234-f313-11e3-b077-90fba630bb24

Error: (06/12/2014 04:49:38 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: PowerSaverTray.exe1.0.3005.049e81ef9PowerSaverTray.exe1.0.3005.049e81ef9c0000005000010101e5c01cf867fcfbda314C:\Program Files\Acer\Acer PowerSaver\PowerSaverTray.exeC:\Program Files\Acer\Acer PowerSaver\PowerSaverTray.exe115944db-f273-11e3-b04e-90fba630bb24

Error: (06/12/2014 00:33:04 AM) (Source: SideBySide) (EventID: 63) (User: )
Description: assemblyIdentityversionMAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINORC:\Program Files\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dllC:\Program Files\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dll3

Error: (06/11/2014 00:32:13 AM) (Source: SideBySide) (EventID: 63) (User: )
Description: assemblyIdentityversionMAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINORC:\Program Files\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dllC:\Program Files\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dll3

CodeIntegrity Errors:
===================================
  Date: 2014-06-18 21:57:58.716
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\l3codeca.acm because the set of per-page image hashes could not be found on the system.

  Date: 2014-06-18 21:49:15.244
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\l3codeca.acm because the set of per-page image hashes could not be found on the system.

  Date: 2014-06-18 21:03:43.959
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\l3codeca.acm because the set of per-page image hashes could not be found on the system.

  Date: 2014-05-28 11:26:27.063
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\l3codeca.acm because the set of per-page image hashes could not be found on the system.

  Date: 2014-05-28 10:55:31.764
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\l3codeca.acm because the set of per-page image hashes could not be found on the system.

  Date: 2014-05-19 20:44:00.715
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\l3codeca.acm because the set of per-page image hashes could not be found on the system.

  Date: 2014-05-19 20:34:14.584
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\l3codeca.acm because the set of per-page image hashes could not be found on the system.

  Date: 2014-05-04 21:10:13.662
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\l3codeca.acm because the set of per-page image hashes could not be found on the system.

  Date: 2014-05-04 21:04:31.394
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\l3codeca.acm because the set of per-page image hashes could not be found on the system.

  Date: 2014-05-04 20:56:12.430
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\l3codeca.acm because the set of per-page image hashes could not be found on the system.

==================== Memory info ===========================

Percentage of memory in use: 49%
Total physical RAM: 3037.17 MB
Available physical RAM: 1540.41 MB
Total Pagefile: 6072.63 MB
Available Pagefile: 4359.77 MB
Total Virtual: 2047.88 MB
Available Virtual: 1904.54 MB

==================== Drives ================================

Drive c: (Acer) (Fixed) (Total:136.45 GB) (Free:36.02 GB) NTFS
Drive d: (DATA) (Fixed) (Total:136.54 GB) (Free:134.32 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 298 GB) (Disk ID: CA0E32F7)
Partition 1: (Not Active) - (Size=25 GB) - (Type=27)
Partition 2: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=136 GB) - (Type=07 NTFS)
Partition 4: (Not Active) - (Size=137 GB) - (Type=07 NTFS)

==================== End Of Log ============================

 

Farbar Recovery Scan Tool (x86) Version:22-06-2014
Ran by Tony at 2014-06-24 15:31:03
Running from C:\Users\Tony\Desktop
Boot Mode: Normal

================== Search: "rpcss.dll" ===================

C:\Windows\winsxs\x86_microsoft-windows-com-base-qfe-rpcss_31bf3856ad364e35_6.1.7601.17514_none_6bd245e79c221747\rpcss.dll
[2011-06-20 18:50][2010-11-20 08:21] 0376832 ____A (Microsoft Corporation) 7660F01D3B38ACA1747E397D21D790AF [File is signed]

C:\Windows\winsxs\x86_microsoft-windows-com-base-qfe-rpcss_31bf3856ad364e35_6.1.7600.16385_none_69a1321f9f3393ad\rpcss.dll
[2009-07-13 19:45][2009-07-13 21:16] 0376320 ____A (Microsoft Corporation) B82CD39E336973359D7C9BF911E8E84F [File is signed]

C:\Windows\System32\rpcss.dll
[2011-06-20 18:50][2010-11-20 08:21] 0384000 ____A (Microsoft Corporation) CA9A61158AF67F91B46D6BD7D41CCC5F

C:\Windows\erdnt\cache\rpcss.dll
[2013-12-10 17:00][2010-11-20 08:21] 0376832 ____A (Microsoft Corporation) 7660F01D3B38ACA1747E397D21D790AF [File is signed]

=== End Of Search ===



#15 Starbuck

Starbuck

    'r Brudiwr


  • Malware Response Team
  • 4,150 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Midlands, UK
  • Local time:12:08 PM

Posted 24 June 2014 - 05:17 PM

Hi td323i


Step 1
Please download the attached fixlist.txt file (bottom of this post) and save it to the Desktop.
NOTE.
It's important that both files, FRST and fixlist.txt are in the same location or the fix will not work.

NOTICE: This script was written specifically for this user, for use on that particular machine.
Running this on another machine may cause damage to your operating system


Re-run FRST/FRST64 (which ever is installed ) and press the Fix button just once and wait.

frstfix_zps7db0c905.png

The tool will make a log on the Desktop (Fixlog.txt). Please post this in your next reply.



Step 2
Download TFC by OldTimer to your desktop
  • Please double-click TFC.exe to run it. (Note: If you are running on Vista/Win7, right-click on the file and choose Run As Administrator).
  • It will close all programs when run, so make sure you have saved all your work before you begin.
  • Click the Start button to begin the process. Depending on how often you clean temp files, execution time should be anywhere from a few seconds to a minute or two. Let it run uninterrupted to completion.
  • Once it's finished it should reboot your machine. If it does not, please manually reboot the machine yourself to ensure a complete clean.
Step 3
I'd like you to do an ESET OnlineScan

You may find it beneficial to close your resident AV program before running the scan.
  • Hold down Control and click on the following link to open ESET OnlineScan in a new window.
    ESET OnlineScan
  • Click the esetOnline.png button.
  • For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
    • Click on esetSmartInstall.png to download the ESET Smart Installer.
      Save it to your desktop.
    • Double click on the esetSmartInstallDesktopIcon.png icon on your desktop.
  • Check esetAcceptTerms.png
  • Click the esetStart.png button.
  • Accept any security warnings from your browser.
  • Check esetScanArchives.png
  • Make sure that the option Remove found threats is ticked, and the option Scan unwanted applications is checked
  • Click the Start button.
  • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  • When the scan completes, push esetListThreats.png
  • Click esetExport.png, and save the file to your desktop using a unique name, such as ESETScan.
    Include the contents of this report in your next reply.
  • Click the esetBack.png button.
  • Click esetFinish.png
A log file will be saved here: C:\Program Files\ESET\ESET Online Scanner\log.txt


Note:
It's been found that on some systems the Eset's Online Scan fails during the database download ( around 20% )
To prevent this happening:
When the Computer scan settings display shows, click the Advanced option, the place a check next to the following (if it is not already checked):

Enable Anti-Stealth technology

eset.png



In your next reply, please submit:
Fixlog.txt
Eset scan report


Thanks

Attached Files


BBPP6nz.png





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users