Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Infected with Zero Access Rootkit


  • Please log in to reply
15 replies to this topic

#1 goal

goal

  • Members
  • 54 posts
  • OFFLINE
  •  
  • Local time:03:55 PM

Posted 12 August 2014 - 09:44 AM

I've been instructed to continue my posts from here

 

I've apparently been infected with ZeroAccess Rootkit, and desperately need help removing it. I've attached the DDS and Attach files. Thank you in advance!

 

Attached Files



BC AdBot (Login to Remove)

 


#2 Starbuck

Starbuck

    'r Brudiwr


  • Malware Response Team
  • 4,149 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Midlands, UK
  • Local time:09:55 PM

Posted 15 August 2014 - 04:33 PM

Hi goal

Please take note of the following:

1. Please do not run any other tools unless instructed.
2. Please don't install or uninstall anything unless asked.
3. The cleaning process is not instant. Please continue to review my answers until I tell you that your computer is clean.
4. If there's anything that you don't understand, please ask your question(s) before proceeding with the fixes.
5. Please reply to this thread. Do not start a new topic.
6. Please follow steps in the correct order.

Your reports are showing multiple problems, but we'll get to those as we go along:

Step 1
It is not recommend that you have more than one anti virus product installed and running on your computer at a time. The reason for this is that if both products have their automatic (Real-Time) protection switched on, then those products which do not encrypt the virus strings within them can cause other anti virus products to cause "false alarms". It can also lead to a clash as both products fight for access to files which are opened again this is the resident/automatic protection. In general terms, the two programs may conflict and cause:
1) False Alarms: When the anti virus software tells you that your PC has a virus when it actually doesn't.
2) System Performance Problems: Your system may lock up due to both products attempting to access the same file at the same time.
Therefore please go to add/remove in the control panel and remove either AVG AntiVirus Free Edition 2014 or Microsoft Forefront Client Security.


Step 2
For x64 bit systems download Farbar Recovery Scan Tool x64 and save it to your Desktop.
  • Double-click the downloaded icon to run the tool. Vista/Windows 7/8 users right-click and select Run As Administrator

    frsticon_zpsdc3cbdc3.png
  • When the tool opens click Yes to disclaimer.

    frstdis_zps7f598f12.png
  • Make sure that Addition.txt is selected at the bottom
  • Press Scan button.

    newfrst_zpsa63ffa3d.png
  • It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
  • The first time the tool is run, it also makes another log (Addition.txt). Please copy and paste it to your reply also.
In your next reply, please submit:
Both reports from FRST


Thanks.

BBPP6nz.png


#3 goal

goal
  • Topic Starter

  • Members
  • 54 posts
  • OFFLINE
  •  
  • Local time:03:55 PM

Posted 15 August 2014 - 11:39 PM

Okay heres the reports

 

FRST.txt log

 

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 15-08-2014
Ran by anrit (administrator) on BAEFAE114-SSRBR on 16-08-2014 00:33:16
Running from C:\Users\anrit\Desktop
Platform: Windows 7 Ultimate Service Pack 1 (X64) OS Language: English (United States)
Internet Explorer Version 11
Boot Mode: Normal
 
The only official download link for FRST:
Download link from any site other than Bleeping Computer is unpermitted or outdated.
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgrsa.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgcsrva.exe
(Microsoft Corporation) C:\Program Files\Microsoft Forefront\Client Security\Client\Antimalware\MsMpEng.exe
(Sandboxie Holdings, LLC) C:\Program Files\Sandboxie\SbieSvc.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgidsagent.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgwdsvc.exe
(Microsoft Corporation) C:\Program Files\Microsoft Forefront\Client Security\Client\SSA\FcsSas.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
() C:\Windows\SysWOW64\PnkBstrA.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Forefront\Client Security\Client\Microsoft Operations Manager 2005\MOMService.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgnsa.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgemca.exe
(Microsoft Corporation) C:\Windows\SysWOW64\wbem\WmiPrvSE.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgcsrva.exe
(Microsoft Corporation) C:\Windows\SysWOW64\wbem\WmiPrvSE.exe
(UPEK Inc.) C:\Program Files\Protector Suite\upeksvr.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Sandboxie Holdings, LLC) C:\Program Files\Sandboxie\SbieCtrl.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
(Adobe Systems Inc.) C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\acrotray.exe
(Citrix Systems, Inc.) C:\Program Files (x86)\Citrix\ICA Client\concentr.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgui.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Citrix Systems, Inc.) C:\Program Files (x86)\Citrix\ICA Client\wfcrun32.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
 
 
==================== Registry (Whitelisted) ==================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [Logitech Download Assistant] => C:\Windows\system32\rundll32.exe C:\Windows\System32\LogiLDA.dll,LogiFetch
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13513288 2013-03-29] (Realtek Semiconductor)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Adobe Acrobat Speed Launcher] => C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrobat_sl.exe [41336 2014-05-08] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Acrobat Assistant 8.0] => C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrotray.exe [840568 2014-05-08] (Adobe Systems Inc.)
HKLM-x32\...\Run: [ConnectionCenter] => C:\Program Files (x86)\Citrix\ICA Client\concentr.exe [304568 2010-10-12] (Citrix Systems, Inc.)
HKLM-x32\...\Run: [APSDaemon] => "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
HKLM-x32\...\Run: [AVG_UI] => C:\Program Files (x86)\AVG\AVG2014\avgui.exe [5187088 2014-08-11] (AVG Technologies CZ, s.r.o.)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)
HKLM-x32\...\Run: [BCSSync] => C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe [89184 2012-11-05] (Microsoft Corporation)
HKLM-x32\...\Run: [] => [X]
Winlogon\Notify\psfus: C:\Program Files\Protector Suite\psqlpwd.dll (UPEK Inc.)
HKLM\...D6A79037F57F\InprocServer32: [Default-fastprox]  ATTENTION! ====> ZeroAccess?
HKU\S-1-5-21-3572275565-2679945913-2636382964-1000\...\Run: [Google Update] => C:\Users\anrit\AppData\Local\Google\Update\GoogleUpdate.exe [116648 2013-11-17] (Google Inc.)
HKU\S-1-5-21-3572275565-2679945913-2636382964-1000\...\Run: [SandboxieControl] => C:\Program Files\Sandboxie\SbieCtrl.exe [759496 2013-10-16] (Sandboxie Holdings, LLC)
HKU\S-1-5-21-3572275565-2679945913-2636382964-1000\...\MountPoints2: {2ba4397a-e080-11e1-a710-0090f5b86645} - E:\LaunchU3.exe -a
Lsa: [Notification Packages] scecli C:\Program Files\Protector Suite\psqlpwd.dll
ShellIconOverlayIdentifiers: UEAFOverlay -> {F2F31467-B1AC-4df0-AE79-FD5FA085E22B} => C:\Program Files\Protector Suite\farchns.dll (UPEK Inc.)
ShellIconOverlayIdentifiers: UEAFOverlayOpen -> {A3E208F7-0E3A-4182-A7A6-B169D5D691AA} => C:\Program Files\Protector Suite\farchns.dll (UPEK Inc.)
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/?ocid=iehp
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-US
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0x04A254243602CE01
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://google.com/
SearchScopes: HKLM - DefaultScope value is missing.
SearchScopes: HKLM-x32 - DefaultScope value is missing.
SearchScopes: HKCU - {19720C75-1A9A-426E-BAEA-97BB9F3308F7} URL = http://search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&ilc=12&type=407453&p={searchTerms}
BHO: SMART Notebook Download Utility -> {67BCF957-85FC-4036-8DC4-D4D80E00A77B} -> C:\Program Files (x86)\SMART Technologies\Notebook Interactive Viewer\Win64\NotebookPlugin.dll (SMART Technologies ULC.)
BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: SMART Notebook Download Utility -> {67BCF957-85FC-4036-8DC4-D4D80E00A77B} -> C:\Program Files (x86)\SMART Technologies\Notebook Interactive Viewer\Win32\NotebookPlugin.dll (SMART Technologies ULC.)
BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Adobe PDF Conversion Toolbar Helper -> {AE7CD045-E861-484f-8273-0445EE161910} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: SmartSelect Class -> {F4971EE7-DAA0-4053-9964-665D8EE6A077} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
Toolbar: HKLM-x32 - Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
Toolbar: HKCU - No Name - {47833539-D0C5-4125-9FA8-0819E2EAAC93} -  No File
DPF: HKLM {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab
DPF: HKLM-x32 {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab
Filter: application/x-ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} -  No File
Filter: application/x-ica; charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} -  No File
Filter: application/x-ica; charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} -  No File
Filter: application/x-ica; charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} -  No File
Filter: application/x-ica; charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} -  No File
Filter: application/x-ica; charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} -  No File
Filter: application/x-ica; charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} -  No File
Filter: application/x-ica; charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} -  No File
Filter: application/x-ica;charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} -  No File
Filter: application/x-ica;charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} -  No File
Filter: application/x-ica;charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} -  No File
Filter: application/x-ica;charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} -  No File
Filter: application/x-ica;charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} -  No File
Filter: application/x-ica;charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} -  No File
Filter: application/x-ica;charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} -  No File
Filter: ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} -  No File
Filter-x32: application/x-ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.254
 
FireFox:
========
FF ProfilePath: C:\Users\anrit\AppData\Roaming\Mozilla\Firefox\Profiles\wfscfafv.default-1376773501983
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_14_0_0_145.dll ()
FF Plugin: @java.com/DTPlugin,version=10.13.2 -> C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.13.2 -> C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~3\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_14_0_0_145.dll ()
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\Windows\system32\Adobe\Director\np32dsw_1205146.dll No File
FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin-x32: @java.com/DTPlugin,version=10.45.2 -> C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.45.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3508.0205 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @nexon.net/NxGame -> C:\ProgramData\NexonUS\NGM\npNxGameUS.dll No File
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF Plugin-x32: @pandonetworks.com/PandoWebPlugin -> C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll No File
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: Adobe Acrobat -> C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Air\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: @talk.google.com/GoogleTalkPlugin -> C:\Users\anrit\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll (Google)
FF Plugin HKCU: @talk.google.com/O1DPlugin -> C:\Users\anrit\AppData\Roaming\Mozilla\plugins\npo1d.dll (Google)
FF Plugin HKCU: @tools.google.com/Google Update;version=3 -> C:\Users\anrit\AppData\Local\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKCU: @tools.google.com/Google Update;version=9 -> C:\Users\anrit\AppData\Local\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKCU: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\anrit\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\CCMSDK.dll (Citrix Systems, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\cgpcfg.dll (Citrix Systems, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\CgpCore.dll (Citrix Systems, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\confmgr.dll (Citrix Systems, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\ctxlogging.dll (Citrix Systems, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\ctxmui.dll (Citrix Systems, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\icafile.dll (Citrix Systems, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\icalogon.dll (Citrix Systems, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npicaN.dll ()
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\sslsdk_b.dll (Citrix Systems, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\TcpPServ.dll (Citrix Systems, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Users\anrit\AppData\Roaming\mozilla\plugins\npgoogletalk.dll (Google)
FF Plugin ProgramFiles/Appdata: C:\Users\anrit\AppData\Roaming\mozilla\plugins\npo1d.dll (Google)
FF HKLM-x32\...\Firefox\Extensions: [web2pdfextension@web2pdf.adobedotcom] - C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Browser\WCFirefoxExtn
FF Extension: Adobe Acrobat - Create PDF - C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Browser\WCFirefoxExtn [2011-09-21]
FF HKLM-x32\...\Firefox\Extensions: [{ABDE892B-13A8-4d1b-88E6-365A6E755758}] - C:\Program Files (x86)\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext
 
Chrome: 
=======
CHR HKLM-x32\...\Chrome\Extension: [hbcennhacfaagdopikcegfcobcadeocj] - C:\Program Files (x86)\Common Files\Spigot\GC\saebay_1.0.crx []
CHR HKLM-x32\...\Chrome\Extension: [icdlfehblmklkikfigmjhbmmpmkmpooj] - C:\Program Files (x86)\Common Files\Spigot\GC\errorassistant_1.1.crx []
CHR HKLM-x32\...\Chrome\Extension: [mhkaekfpcppmmioggniknbnbdbcigpkk] - C:\Users\anrit\AppData\Local\Slick Savings\coupons.crx [2013-08-16]
CHR HKLM-x32\...\Chrome\Extension: [pfndaklgolladniicklehhancnlgocpp] - C:\Program Files (x86)\Common Files\Spigot\GC\saamazon_1.0.crx [2013-08-16]
 
==================== Services (Whitelisted) =================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
S4 !SASCORE; C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE [140672 2012-07-11] (SUPERAntiSpyware.com) [File not signed]
R2 AVGIDSAgent; C:\Program Files (x86)\AVG\AVG2014\avgidsagent.exe [3244048 2014-08-11] (AVG Technologies CZ, s.r.o.)
R2 avgwd; C:\Program Files (x86)\AVG\AVG2014\avgwdsvc.exe [289328 2014-08-11] (AVG Technologies CZ, s.r.o.)
S4 CLKMSVC10_38F51D56; c:\Program Files (x86)\CyberLink\PowerDVD10\NavFilter\kmsvc.exe [241648 2010-11-12] (CyberLink)
R2 FCSAM; c:\Program Files\Microsoft Forefront\Client Security\Client\Antimalware\MsMpEng.exe [16384 2010-07-20] (Microsoft Corporation)
R2 FcsSas; C:\Program Files\Microsoft Forefront\Client Security\Client\SSA\FcsSas.exe [77216 2007-04-05] (Microsoft Corporation)
R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [418376 2013-04-04] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [701512 2013-04-04] (Malwarebytes Corporation)
R2 MOM; C:\Program Files (x86)\Microsoft Forefront\Client Security\Client\Microsoft Operations Manager 2005\MOMService.exe [134656 2005-07-21] (Microsoft Corporation) [File not signed]
S4 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [340240 2011-01-05] ()
R2 PnkBstrA; C:\Windows\SysWOW64\PnkBstrA.exe [76888 2012-08-11] ()
S4 PowerBiosServer; c:\Program Files (x86)\Hotkey\PowerBiosServer.exe [33280 2011-01-17] () [File not signed]
R2 SbieSvc; C:\Program Files\Sandboxie\SbieSvc.exe [186056 2013-10-16] (Sandboxie Holdings, LLC)
S4 XTUService; C:\Program Files (x86)\Common Files\Intel\Intel Extreme Tuning Utility\PerfTuneService.exe [22280 2010-02-19] (Intel Corporation)
 
==================== Drivers (Whitelisted) ====================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
R1 A2DDA; C:\Users\anrit\Documents\EmsisoftEmergencyKit\Run\a2ddax64.sys [23208 2013-02-08] (Emsi Software GmbH)
R1 Avgdiska; C:\Windows\System32\DRIVERS\avgdiska.sys [152344 2014-06-30] (AVG Technologies CZ, s.r.o.)
R1 AVGIDSDriver; C:\Windows\System32\DRIVERS\avgidsdrivera.sys [242968 2014-06-17] (AVG Technologies CZ, s.r.o.)
R0 AVGIDSHA; C:\Windows\System32\DRIVERS\avgidsha.sys [190744 2014-06-17] (AVG Technologies CZ, s.r.o.)
R1 Avgldx64; C:\Windows\System32\DRIVERS\avgldx64.sys [235800 2014-06-17] (AVG Technologies CZ, s.r.o.)
R0 Avgloga; C:\Windows\System32\DRIVERS\avgloga.sys [328984 2014-06-17] (AVG Technologies CZ, s.r.o.)
R0 Avgmfx64; C:\Windows\System32\DRIVERS\avgmfx64.sys [123672 2014-06-17] (AVG Technologies CZ, s.r.o.)
R0 Avgrkx64; C:\Windows\System32\DRIVERS\avgrkx64.sys [31512 2014-06-17] (AVG Technologies CZ, s.r.o.)
R1 Avgtdia; C:\Windows\System32\DRIVERS\avgtdia.sys [269080 2014-06-17] (AVG Technologies CZ, s.r.o.)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25928 2013-04-04] (Malwarebytes Corporation)
R3 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [91520 2010-07-18] (Microsoft Corporation)
R1 SASDIFSV; C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS [14928 2011-07-22] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
R1 SASKUTIL; C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS [12368 2011-07-12] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
R3 SbieDrv; C:\Program Files\Sandboxie\SbieDrv.sys [200552 2013-10-16] (Sandboxie Holdings, LLC)
S3 USBAAPL64; C:\Windows\System32\Drivers\usbaapl64.sys [54784 2012-12-13] (Apple, Inc.) [File not signed]
S3 EagleX64; \??\C:\Windows\system32\drivers\EagleX64.sys [X]
S3 VGPU; System32\drivers\rdvgkmd.sys [X]
 
==================== NetSvcs (Whitelisted) ===================
 
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
 
 
==================== One Month Created Files and Folders ========
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2014-08-16 00:33 - 2014-08-16 00:34 - 00024296 _____ () C:\Users\anrit\Desktop\FRST.txt
2014-08-16 00:33 - 2014-08-16 00:33 - 00000000 ____D () C:\FRST
2014-08-16 00:32 - 2014-08-16 00:32 - 02100224 _____ (Farbar) C:\Users\anrit\Desktop\FRST64.exe
2014-08-16 00:31 - 2014-08-16 00:31 - 00003106 _____ () C:\Windows\System32\Tasks\{4B6BAF47-C353-442E-9F8A-BFA25F127B3E}
2014-08-13 10:11 - 2014-08-13 10:11 - 00000671 _____ () C:\Users\anrit\Downloads\ATT00001.htm
2014-08-12 10:34 - 2014-08-12 10:34 - 00022456 _____ () C:\Users\anrit\Desktop\attach.txt
2014-08-12 10:34 - 2014-08-12 10:33 - 00026745 _____ () C:\Users\anrit\Desktop\dds.txt
2014-08-12 10:32 - 2014-08-12 10:32 - 00688992 ____R (Swearware) C:\Users\anrit\Downloads\dds.com
2014-08-11 11:01 - 2014-08-11 11:01 - 00001091 _____ () C:\WirelessDiagLog.csv
2014-08-10 23:29 - 2014-08-10 23:29 - 00002352 _____ () C:\Users\anrit\Desktop\Rkill.txt
2014-08-10 23:28 - 2014-08-10 23:28 - 01944824 _____ (Bleeping Computer, LLC) C:\Users\anrit\Desktop\rkill.exe
2014-08-10 23:26 - 2014-08-10 23:26 - 14349744 _____ (Malwarebytes Corp.) C:\Users\anrit\Downloads\mbar-1.07.0.1012 (1).exe
2014-08-10 22:15 - 2014-08-10 23:27 - 00128728 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-08-10 22:15 - 2014-08-10 23:27 - 00000000 ____D () C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2014-08-10 22:14 - 2014-08-10 23:27 - 00000000 ____D () C:\Users\anrit\Desktop\mbar
2014-08-10 22:14 - 2014-08-10 23:26 - 00092888 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-08-10 22:14 - 2014-08-10 22:14 - 14349744 _____ (Malwarebytes Corp.) C:\Users\anrit\Desktop\mbar-1.07.0.1012.exe
2014-08-10 22:08 - 2014-08-10 22:08 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\anrit\Downloads\mbam-setup-2.0.2.1012 (2).exe
2014-08-10 22:05 - 2014-08-10 22:06 - 00050425 _____ () C:\Users\anrit\Downloads\Result.txt
2014-08-10 22:05 - 2014-08-10 22:05 - 00401920 _____ (Farbar) C:\Users\anrit\Downloads\MiniToolBox (1).exe
2014-08-10 22:03 - 2014-08-10 22:03 - 00003199 _____ () C:\Users\anrit\Downloads\FSS.txt
2014-08-10 21:58 - 2014-08-10 21:58 - 00415232 _____ (Farbar) C:\Users\anrit\Downloads\FSS.exe
2014-08-10 21:58 - 2014-08-10 21:58 - 00401920 _____ (Farbar) C:\Users\anrit\Downloads\MiniToolBox.exe
2014-08-10 21:57 - 2014-08-10 21:57 - 00854410 _____ () C:\Users\anrit\Downloads\SecurityCheck.exe
2014-08-10 18:28 - 2014-08-10 18:28 - 00027724 _____ () C:\Users\anrit\Downloads\Howl's Moving Castle Theme.zip
2014-08-10 18:28 - 2014-08-10 18:28 - 00027724 _____ () C:\Users\anrit\Downloads\Howl's Moving Castle Theme (1).zip
2014-08-10 18:19 - 2014-08-10 18:19 - 00106761 _____ () C:\Users\anrit\Downloads\Zelda- Lost Woods.zip
2014-08-10 18:16 - 2014-08-10 18:17 - 00314606 _____ () C:\Users\anrit\Downloads\Bleach- Never Meant to Belong.zip
2014-08-09 01:47 - 2014-08-09 01:47 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\anrit\Downloads\mbam-setup-2.0.2.1012.exe
2014-08-09 01:47 - 2014-08-09 01:47 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\anrit\Downloads\mbam-setup-2.0.2.1012 (1).exe
2014-08-09 01:39 - 2014-08-09 01:39 - 00000051 _____ () C:\Users\anrit\AppData\Roaming\mbam.context.scan
2014-08-09 01:33 - 2014-08-09 01:33 - 00000000 ____D () C:\Users\anrit\AppData\Roaming\SUPERAntiSpyware.com
2014-08-09 01:33 - 2014-08-09 01:33 - 00000000 ____D () C:\ProgramData\SUPERAntiSpyware.com
2014-08-09 00:38 - 2014-08-09 00:38 - 00000000 _____ () C:\autoexec.bat
2014-08-09 00:37 - 2014-08-09 00:37 - 00143640 _____ () C:\Users\anrit\AppData\Local\GDIPFONTCACHEV1.DAT
2014-08-09 00:37 - 2014-08-09 00:37 - 00000000 ____D () C:\sh4ldr
2014-08-09 00:37 - 2014-08-09 00:37 - 00000000 ____D () C:\Program Files\Enigma Software Group
2014-07-29 14:11 - 2014-07-29 14:11 - 00000000 ____D () C:\Users\anrit\AppData\Roaming\AVG
2014-07-29 14:11 - 2014-07-29 14:11 - 00000000 ____D () C:\Users\anrit\AppData\Local\AVG
2014-07-29 14:10 - 2014-08-09 04:52 - 00000000 __SHD () C:\ProgramData\{01BD4FC9-2F86-4706-A62E-774BB7E9D308}
2014-07-29 14:08 - 2014-08-09 04:51 - 00000000 ____D () C:\ProgramData\AVG
2014-07-29 14:05 - 2014-07-29 14:08 - 77159736 _____ (AVG) C:\Users\anrit\Downloads\avg_tuh_stf_all_2014_519_24c28.exe
2014-07-20 18:43 - 2014-08-09 04:52 - 00000000 ___RD () C:\Program Files (x86)\Skype
2014-07-20 18:43 - 2014-08-09 04:52 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
 
==================== One Month Modified Files and Folders =======
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2014-08-16 00:34 - 2014-08-16 00:33 - 00024296 _____ () C:\Users\anrit\Desktop\FRST.txt
2014-08-16 00:33 - 2014-08-16 00:33 - 00000000 ____D () C:\FRST
2014-08-16 00:33 - 2013-03-29 13:28 - 00000896 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-08-16 00:32 - 2014-08-16 00:32 - 02100224 _____ (Farbar) C:\Users\anrit\Desktop\FRST64.exe
2014-08-16 00:31 - 2014-08-16 00:31 - 00003106 _____ () C:\Windows\System32\Tasks\{4B6BAF47-C353-442E-9F8A-BFA25F127B3E}
2014-08-15 23:54 - 2013-11-17 18:13 - 00000908 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3572275565-2679945913-2636382964-1000UA.job
2014-08-15 23:50 - 2014-01-06 17:25 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-08-15 23:48 - 2011-06-16 16:42 - 01858663 _____ () C:\Windows\WindowsUpdate.log
2014-08-15 23:39 - 2013-10-20 19:13 - 00000000 ____D () C:\ProgramData\MFAData
2014-08-15 19:54 - 2013-11-17 18:13 - 00000856 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3572275565-2679945913-2636382964-1000Core.job
2014-08-15 17:21 - 2014-03-09 20:48 - 00019578 _____ () C:\Windows\setupact.log
2014-08-15 17:21 - 2009-07-14 01:13 - 00802556 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-08-15 17:20 - 2013-03-29 13:28 - 00000892 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-08-15 17:20 - 2009-07-14 00:45 - 00016976 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-08-15 17:20 - 2009-07-14 00:45 - 00016976 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-08-15 17:12 - 2009-07-14 01:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-08-15 07:20 - 2014-05-03 00:13 - 00002888 _____ () C:\Windows\PFRO.log
2014-08-14 19:57 - 2014-03-31 20:02 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG
2014-08-14 19:57 - 2013-10-20 19:16 - 00000972 _____ () C:\Users\Public\Desktop\AVG 2014.lnk
2014-08-13 10:34 - 2013-03-29 13:29 - 00002190 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2014-08-13 10:11 - 2014-08-13 10:11 - 00000671 _____ () C:\Users\anrit\Downloads\ATT00001.htm
2014-08-12 10:34 - 2014-08-12 10:34 - 00022456 _____ () C:\Users\anrit\Desktop\attach.txt
2014-08-12 10:33 - 2014-08-12 10:34 - 00026745 _____ () C:\Users\anrit\Desktop\dds.txt
2014-08-12 10:32 - 2014-08-12 10:32 - 00688992 ____R (Swearware) C:\Users\anrit\Downloads\dds.com
2014-08-11 11:01 - 2014-08-11 11:01 - 00001091 _____ () C:\WirelessDiagLog.csv
2014-08-11 11:00 - 2009-07-13 23:20 - 00000000 ____D () C:\Windows\system32\NDF
2014-08-10 23:29 - 2014-08-10 23:29 - 00002352 _____ () C:\Users\anrit\Desktop\Rkill.txt
2014-08-10 23:28 - 2014-08-10 23:28 - 01944824 _____ (Bleeping Computer, LLC) C:\Users\anrit\Desktop\rkill.exe
2014-08-10 23:27 - 2014-08-10 22:15 - 00128728 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-08-10 23:27 - 2014-08-10 22:15 - 00000000 ____D () C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2014-08-10 23:27 - 2014-08-10 22:14 - 00000000 ____D () C:\Users\anrit\Desktop\mbar
2014-08-10 23:26 - 2014-08-10 23:26 - 14349744 _____ (Malwarebytes Corp.) C:\Users\anrit\Downloads\mbar-1.07.0.1012 (1).exe
2014-08-10 23:26 - 2014-08-10 22:14 - 00092888 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-08-10 22:14 - 2014-08-10 22:14 - 14349744 _____ (Malwarebytes Corp.) C:\Users\anrit\Desktop\mbar-1.07.0.1012.exe
2014-08-10 22:08 - 2014-08-10 22:08 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\anrit\Downloads\mbam-setup-2.0.2.1012 (2).exe
2014-08-10 22:06 - 2014-08-10 22:05 - 00050425 _____ () C:\Users\anrit\Downloads\Result.txt
2014-08-10 22:05 - 2014-08-10 22:05 - 00401920 _____ (Farbar) C:\Users\anrit\Downloads\MiniToolBox (1).exe
2014-08-10 22:03 - 2014-08-10 22:03 - 00003199 _____ () C:\Users\anrit\Downloads\FSS.txt
2014-08-10 21:58 - 2014-08-10 21:58 - 00415232 _____ (Farbar) C:\Users\anrit\Downloads\FSS.exe
2014-08-10 21:58 - 2014-08-10 21:58 - 00401920 _____ (Farbar) C:\Users\anrit\Downloads\MiniToolBox.exe
2014-08-10 21:57 - 2014-08-10 21:57 - 00854410 _____ () C:\Users\anrit\Downloads\SecurityCheck.exe
2014-08-10 18:28 - 2014-08-10 18:28 - 00027724 _____ () C:\Users\anrit\Downloads\Howl's Moving Castle Theme.zip
2014-08-10 18:28 - 2014-08-10 18:28 - 00027724 _____ () C:\Users\anrit\Downloads\Howl's Moving Castle Theme (1).zip
2014-08-10 18:19 - 2014-08-10 18:19 - 00106761 _____ () C:\Users\anrit\Downloads\Zelda- Lost Woods.zip
2014-08-10 18:17 - 2014-08-10 18:16 - 00314606 _____ () C:\Users\anrit\Downloads\Bleach- Never Meant to Belong.zip
2014-08-09 22:34 - 2012-09-16 11:52 - 00007618 _____ () C:\Users\anrit\AppData\Local\Resmon.ResmonCfg
2014-08-09 04:52 - 2014-07-29 14:10 - 00000000 __SHD () C:\ProgramData\{01BD4FC9-2F86-4706-A62E-774BB7E9D308}
2014-08-09 04:52 - 2014-07-20 18:43 - 00000000 ___RD () C:\Program Files (x86)\Skype
2014-08-09 04:52 - 2014-07-20 18:43 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
2014-08-09 04:52 - 2014-06-20 16:11 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Wondershare
2014-08-09 04:52 - 2013-08-03 00:00 - 00000000 ____D () C:\ProgramData\Apple Computer
2014-08-09 04:52 - 2013-08-02 23:59 - 00000000 ____D () C:\ProgramData\Apple
2014-08-09 04:52 - 2013-02-09 14:05 - 00000000 ____D () C:\Program Files (x86)\ESET
2014-08-09 04:52 - 2012-11-09 16:14 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SUPERAntiSpyware
2014-08-09 04:52 - 2012-11-09 16:14 - 00000000 ____D () C:\Program Files\SUPERAntiSpyware
2014-08-09 04:52 - 2012-07-25 18:19 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
2014-08-09 04:52 - 2012-07-25 18:19 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes' Anti-Malware
2014-08-09 04:52 - 2012-07-19 21:19 - 00000000 ____D () C:\Program Files (x86)\Pando Networks
2014-08-09 04:52 - 2011-07-11 10:28 - 00000000 ____D () C:\Users\anrit\AppData\Local\Microsoft Help
2014-08-09 04:52 - 2011-06-16 16:53 - 00000000 ____D () C:\ProgramData\Temp
2014-08-09 04:52 - 2009-07-13 23:20 - 00000000 ____D () C:\Windows\registration
2014-08-09 04:51 - 2014-07-29 14:08 - 00000000 ____D () C:\ProgramData\AVG
2014-08-09 04:51 - 2012-07-25 18:19 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-08-09 04:51 - 2012-07-19 22:36 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Nexon
2014-08-09 04:50 - 2013-10-20 19:15 - 00000000 ____D () C:\Program Files (x86)\AVG
2014-08-09 04:50 - 2012-12-11 20:58 - 00000000 ____D () C:\NVIDIA
2014-08-09 04:50 - 2011-07-11 10:28 - 00000000 __RHD () C:\MSOCache
2014-08-09 01:47 - 2014-08-09 01:47 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\anrit\Downloads\mbam-setup-2.0.2.1012.exe
2014-08-09 01:47 - 2014-08-09 01:47 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\anrit\Downloads\mbam-setup-2.0.2.1012 (1).exe
2014-08-09 01:39 - 2014-08-09 01:39 - 00000051 _____ () C:\Users\anrit\AppData\Roaming\mbam.context.scan
2014-08-09 01:33 - 2014-08-09 01:33 - 00000000 ____D () C:\Users\anrit\AppData\Roaming\SUPERAntiSpyware.com
2014-08-09 01:33 - 2014-08-09 01:33 - 00000000 ____D () C:\ProgramData\SUPERAntiSpyware.com
2014-08-09 01:24 - 2014-02-27 21:24 - 00000000 ____D () C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
2014-08-09 01:20 - 2011-09-21 11:05 - 00000000 ____D () C:\ProgramData\Corel
2014-08-09 01:20 - 2011-07-11 10:13 - 00000000 ____D () C:\Users\anrit
2014-08-09 01:20 - 2009-07-14 01:32 - 00000000 ____D () C:\Windows\system32\FxsTmp
2014-08-09 01:12 - 2011-09-21 11:09 - 00000000 ____D () C:\ProgramData\Adobe
2014-08-09 01:11 - 2013-08-09 20:39 - 00000000 ____D () C:\Program Files\Common Files\Adobe
2014-08-09 01:11 - 2011-09-21 11:09 - 00000000 ____D () C:\Program Files (x86)\Adobe
2014-08-09 01:07 - 2012-07-19 22:34 - 00000000 ____D () C:\ProgramData\NexonUS
2014-08-09 01:07 - 2012-07-19 22:34 - 00000000 ____D () C:\Nexon
2014-08-09 01:06 - 2011-09-21 11:12 - 00000000 ____D () C:\Users\anrit\AppData\Local\Adobe
2014-08-09 00:38 - 2014-08-09 00:38 - 00000000 _____ () C:\autoexec.bat
2014-08-09 00:37 - 2014-08-09 00:37 - 00143640 _____ () C:\Users\anrit\AppData\Local\GDIPFONTCACHEV1.DAT
2014-08-09 00:37 - 2014-08-09 00:37 - 00000000 ____D () C:\sh4ldr
2014-08-09 00:37 - 2014-08-09 00:37 - 00000000 ____D () C:\Program Files\Enigma Software Group
2014-08-09 00:18 - 2012-07-25 18:19 - 00000000 ____D () C:\Users\anrit\AppData\Roaming\Malwarebytes
2014-08-08 00:52 - 2013-10-20 19:13 - 00000000 ____D () C:\Users\anrit\AppData\Local\Avg2014
2014-08-05 09:20 - 2010-11-20 23:27 - 00270496 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe
2014-07-29 15:03 - 2011-09-21 15:49 - 00000000 ____D () C:\Windows\system32\appmgmt
2014-07-29 14:11 - 2014-07-29 14:11 - 00000000 ____D () C:\Users\anrit\AppData\Roaming\AVG
2014-07-29 14:11 - 2014-07-29 14:11 - 00000000 ____D () C:\Users\anrit\AppData\Local\AVG
2014-07-29 14:08 - 2014-07-29 14:05 - 77159736 _____ (AVG) C:\Users\anrit\Downloads\avg_tuh_stf_all_2014_519_24c28.exe
2014-07-29 14:04 - 2011-09-21 11:11 - 00002465 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Acrobat Distiller X.lnk
2014-07-29 14:04 - 2011-09-21 11:11 - 00002453 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Acrobat X Pro.lnk
2014-07-29 14:04 - 2011-09-21 11:11 - 00002033 _____ () C:\Users\Public\Desktop\Adobe Acrobat X Pro.lnk
2014-07-29 14:04 - 2011-09-21 11:11 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe LiveCycle ES2
2014-07-28 00:43 - 2013-11-17 18:28 - 00000000 ____D () C:\Users\anrit\AppData\Roaming\Skype
2014-07-23 20:56 - 2013-02-03 14:00 - 00000000 ____D () C:\Program Files\Microsoft Silverlight
2014-07-23 20:56 - 2013-02-03 14:00 - 00000000 ____D () C:\Program Files (x86)\Microsoft Silverlight
2014-07-23 18:00 - 2013-02-03 14:01 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
2014-07-20 18:43 - 2013-11-17 18:28 - 00002515 _____ () C:\Users\Public\Desktop\Skype.lnk
2014-07-20 18:43 - 2013-11-17 18:27 - 00000000 ____D () C:\ProgramData\Skype
 
Files to move or delete:
====================
C:\Users\Public\DynamicInstaller.exe
 
 
Some content of TEMP:
====================
C:\Users\anrit\AppData\Local\Temp\BullseyeCoverage-2-x86.dll
C:\Users\anrit\AppData\Local\Temp\NGM.exe
C:\Users\anrit\AppData\Local\Temp\NGMDll.dll
C:\Users\anrit\AppData\Local\Temp\NGMResource.dll
 
 
==================== Bamital & volsnap Check =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
 
 
LastRegBack: 2014-08-09 03:44
 
==================== End Of Log ============================
 
Addition.txt log
 
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 15-08-2014
Ran by anrit at 2014-08-16 00:34:16
Running from C:\Users\anrit\Desktop
Boot Mode: Normal
==========================================================
 
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
AV: AVG Internet Security 2014 (Enabled - Up to date) {0E9420C4-06B3-7FA0-3AB1-6E49CB52ECD9}
AV: Microsoft Forefront Client Security (Enabled - Up to date) {BF5CEBDC-F2D3-7540-343C-F0CE11FD6E66}
AS: Microsoft Forefront Client Security (Enabled - Up to date) {043D0A38-D4E9-7ACE-0E8C-CBBC6A7A24DB}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: AVG Internet Security 2014 (Enabled - Up to date) {B5F5C120-2089-702E-0001-553BB0D5A664}
FW: AVG Internet Security 2014 (Disabled) {36AFA1E1-4CDC-7EF8-11EE-C77C3581ABA2}
 
==================== Installed Programs ======================
 
(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
Adobe Acrobat X Pro (HKLM-x32\...\{AC76BA86-1033-0000-7760-000000000005}) (Version: 10.1.10 - Adobe Systems)
Adobe Flash Player 14 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 14.0.0.145 - Adobe Systems Incorporated)
Adobe Flash Player 14 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 14.0.0.145 - Adobe Systems Incorporated)
Adobe Shockwave Player 12.0 (HKLM-x32\...\Adobe Shockwave Player) (Version: 12.0.2.122 - Adobe Systems, Inc.)
AVG 2014 (HKLM\...\AVG) (Version: 2014.0.4745 - AVG Technologies)
AVG 2014 (Version: 14.0.4007 - AVG Technologies) Hidden
AVG 2014 (Version: 14.0.4745 - AVG Technologies) Hidden
AVG PC TuneUp 2014 (en-US) (x32 Version: 14.0.1001.519 - AVG) Hidden
Bing Rewards Client Installer (x32 Version: 16.0.345.0 - Microsoft Corporation) Hidden
BisonCam (HKLM-x32\...\{5BBC4803-C96E-4D3E-9D1D-2E43774C4062}) (Version: 9.2.1.71.19 - BisonCam)
Citrix online plug-in - web (HKLM-x32\...\CitrixOnlinePluginPackWeb) (Version: 12.1.0.30 - Citrix Systems, Inc.)
Citrix online plug-in (DV) (x32 Version: 12.1.0.30 - Citrix Systems, Inc.) Hidden
Citrix online plug-in (HDX) (x32 Version: 12.1.0.30 - Citrix Systems, Inc.) Hidden
Citrix online plug-in (USB) (x32 Version: 12.1.0.30 - Citrix Systems, Inc.) Hidden
Citrix online plug-in (Web) (x32 Version: 12.1.0.30 - Citrix Systems, Inc.) Hidden
Corel Graphics - Windows Shell Extension (HKLM-x32\...\_{B6BFCD02-BA0E-41A9-9C9C-6624C4BB475F}) (Version: 15.2.0.686 - Corel Corporation)
Corel Graphics - Windows Shell Extension (x32 Version: 15.2.686 - Corel Corporation) Hidden
Corel Graphics - Windows Shell Extension 64 Bit (Version: 15.2.686 - Corel Corporation) Hidden
Corel WordPerfect Office - iFilter 64 Bit (HKLM\...\{1B45B85C-99E8-4523-8FB3-0248B3DECFC8}) (Version: 1.01.000 - Corel Corporation)
CorelDRAW Graphics Suite X5 - BR (x32 Version: 15.3 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X5 - Capture (x32 Version: 15.3 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X5 - Common (x32 Version: 15.3 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X5 - Connect (x32 Version: 15.3 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X5 - Custom Data (x32 Version: 15.3 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X5 - Draw (x32 Version: 15.3 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X5 - EN (x32 Version: 15.3 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X5 - ES (x32 Version: 15.3 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X5 - Extra Content (HKLM-x32\...\_{D0291D38-D7AE-47B6-AD64-4FAB908FDB9F}) (Version:  - Corel Corporation)
CorelDRAW Graphics Suite X5 - Extra Content (x32 Version: 15.0 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X5 - Filters (x32 Version: 15.3 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X5 - FontNav (x32 Version: 15.3 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X5 - FR (x32 Version: 15.3 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X5 - IPM (x32 Version: 15.3 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X5 - PHOTO-PAINT (x32 Version: 15.3 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X5 - Photozoom Plugin (x32 Version: 15.3 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X5 - Redist (x32 Version: 15.3 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X5 - Setup Files (x32 Version: 15.3 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X5 - VBA (x32 Version: 15.3 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X5 - VideoBrowser (x32 Version: 15.3 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X5 - VSTA (x32 Version: 15.3 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X5 - WT (x32 Version: 15.3 -  Corel Corporation) Hidden
CorelDRAW Graphics Suite X5 (x32 Version: 15.3 - Corel Corporation) Hidden
CorelDRAW® Graphics Suite X5 (HKLM-x32\...\_{CE54DCE1-E00A-4D91-ACB9-A2D916C24051}) (Version: 15.2.0.686 - Corel Corporation)
CyberLink Media Suite (HKLM-x32\...\InstallShield_{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}) (Version: 8.0.2401 - CyberLink Corp.)
CyberLink Media Suite (x32 Version: 8.0.2401 - CyberLink Corp.) Hidden
CyberLink Power2Go (HKLM-x32\...\InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}) (Version: 7.0.0.1126 - CyberLink Corp.)
CyberLink Power2Go (x32 Version: 7.0.0.1126 - CyberLink Corp.) Hidden
CyberLink PowerDVD 10 (HKLM-x32\...\InstallShield_{DEC235ED-58A4-4517-A278-C41E8DAEAB3B}) (Version: 10.0.2312.52 - CyberLink Corp.)
CyberLink PowerDVD 10 (x32 Version: 10.0.2312.52 - CyberLink Corp.) Hidden
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{5C78021E-3C8E-4EDF-97EA-E9B8D808FD6D}) (Version:  - Microsoft)
ESET Online Scanner v3 (HKLM-x32\...\ESET Online Scanner) (Version:  - )
Futuremark SystemInfo (HKLM-x32\...\{BEE64C14-BEF1-4610-8A68-A16EAA47B882}) (Version: 3.21.2.1 - Futuremark Corporation)
Glary Utilities 2.52.0.1698 (HKLM-x32\...\Glary Utilities_is1) (Version: 2.52.0.1698 - Glarysoft Ltd)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 36.0.1985.143 - Google Inc.)
Google Earth Plug-in (HKLM-x32\...\{4AB54F11-2F8C-11E3-B09F-B8AC6F97B88E}) (Version: 7.1.2.2041 - Google)
Google Talk Plugin (HKLM-x32\...\{C1E3DFE7-4EAD-3E9E-A826-E06055BA5921}) (Version: 5.4.2.18903 - Google)
Google Update Helper (x32 Version: 1.3.24.15 - Google Inc.) Hidden
Hotkey 3.3020 (HKLM-x32\...\InstallShield_{164714B6-46BC-4649-9A30-A6ED32F03B5A}) (Version: 3.3020 - NoteBook)
Hotkey 3.3020 (x32 Version: 3.3020 - NoteBook) Hidden
HP Officejet Pro 8500 A910 Basic Device Software (HKLM\...\{EE7C94CC-BECB-4000-B5E3-D895307B9D5E}) (Version: 22.50.231.0 - Hewlett-Packard Co.)
HP Officejet Pro 8500 A910 Help (HKLM-x32\...\{871B2A9D-0F12-44B3-88C1-E0CB10A232E4}) (Version: 140.0.2.2 - Hewlett Packard)
HP Officejet Pro 8500 A910 Product Improvement Study (HKLM\...\{0308919C-E317-4293-8D3C-97EF307BCDBC}) (Version: 22.50.231.0 - Hewlett-Packard Co.)
HP Update (HKLM-x32\...\{B0069CFA-5BB9-4C03-B1C6-89CE290E5AFE}) (Version: 5.002.006.003 - Hewlett-Packard)
I.R.I.S. OCR (HKLM-x32\...\{CA6BCA2F-EDEB-408F-850B-31404BE16A61}) (Version: 12.3.4.0 - HP)
Intel PROSet Wireless (Version:  - ) Hidden
Intel® Control Center (HKLM-x32\...\{F8A9085D-4C7A-41a9-8A77-C8998A96C421}) (Version: 1.2.1.1007 - Intel Corporation)
Intel® PROSet/Wireless WiFi Software (HKLM\...\{1927E640-A2C6-4BA7-8F43-FFD2AE3DFCF3}) (Version: 14.0.2000 - Intel Corporation)
Intel® Rapid Storage Technology (HKLM-x32\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 9.6.0.1014 - Intel Corporation)
Intel® SMBus (HKLM\...\SMBus) (Version:  - )
ITE Infrared Transceiver (HKLM-x32\...\{40580068-9B10-40B5-9548-536CE88AB23C}) (Version: 1.00.0000 - ITE)
Java 7 Update 13 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86417013FF}) (Version: 7.0.130 - Oracle)
Java 7 Update 45 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83217025FF}) (Version: 7.0.450 - Oracle)
Java Auto Updater (x32 Version: 2.1.9.8 - Sun Microsystems, Inc.) Hidden
JMicron Ethernet Adapter NDIS Driver (HKLM-x32\...\{96DCEE2F-98EE-4F80-8C0F-7C04D1FB9D7F}) (Version: 6.0.21.9 - JMicron Technology Corp.)
JMicron Flash Media Controller Driver (HKLM-x32\...\{26604C7E-A313-4D12-867F-7C6E7820BE4C}) (Version: 1.0.48.1 - JMicron Technology Corp.)
Malwarebytes Anti-Malware version 1.75.0.1300 (HKLM-x32\...\Malwarebytes' Anti-Malware_is1) (Version: 1.75.0.1300 - Malwarebytes Corporation)
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (Version: 4.5.50938 - Microsoft Corporation) Hidden
Microsoft Application Error Reporting (Version: 12.0.6015.5000 - Microsoft Corporation) Hidden
Microsoft Forefront Client Security Antimalware Service (HKLM\...\{A22989EE-AE7A-42F8-A0C0-9C99CFB644FB}) (Version: 1.5.1993.0 - Microsoft Corporation)
Microsoft Forefront Client Security State Assessment Service (HKLM\...\{E8B56B39-A826-11DB-8C83-0011430C73A4}) (Version: 1.0.1703.0 - Microsoft Corporation)
Microsoft Office Access MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Access Setup Metadata MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Excel MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Groove MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office InfoPath MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Office 64-bit Components 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office OneNote MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Outlook MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office PowerPoint MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Professional Plus 2010 (HKLM-x32\...\Office14.PROPLUS) (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft Office Professional Plus 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (French) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (Spanish) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proofing (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Publisher MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared 64-bit MUI (English) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared Setup Metadata MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Word MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Operations Manager 2005 Agent (HKLM-x32\...\{F692770D-0E27-4D3F-8386-F04C6F434040}) (Version: 5.0.2911.0 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual Studio Tools for Applications 2.0 - ENU (HKLM-x32\...\{AA4A4B2C-0465-3CF8-BA76-27A027D8ACAB}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual Studio Tools for Applications 2.0 Runtime (HKLM-x32\...\{299C0434-4F4E-341F-A916-4E07AEB35E79}) (Version: 9.0.30729 - Microsoft Corporation)
Movie Maker (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Movie Maker 6.0 for Windows 7 (64-bit) (HKLM\...\{A7395F20-2B22-4CB8-8510-B452C0F47E02}) (Version: 6.0.0 - Microsoft Corporation)
Mozilla Firefox 30.0 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 30.0 (x86 en-US)) (Version: 30.0 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 29.0.1 - Mozilla)
MSVCRT (x32 Version: 15.4.2862.0708 - Microsoft) Hidden
MSVCRT110 (x32 Version: 16.4.1108.0727 - Microsoft) Hidden
MSVCRT110_amd64 (Version: 16.4.1109.0912 - Microsoft) Hidden
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
NVIDIA 3D Vision Driver 306.97 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 306.97 - NVIDIA Corporation)
NVIDIA Control Panel 306.97 (Version: 306.97 - NVIDIA Corporation) Hidden
NVIDIA Graphics Driver 306.97 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 306.97 - NVIDIA Corporation)
NVIDIA HD Audio Driver 1.3.18.0 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.18.0 - NVIDIA Corporation)
NVIDIA Install Application (Version: 2.1002.85.551 - NVIDIA Corporation) Hidden
NVIDIA PhysX (x32 Version: 9.12.0604 - NVIDIA Corporation) Hidden
NVIDIA PhysX System Software 9.12.0604 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.12.0604 - NVIDIA Corporation)
NVIDIA Stereoscopic 3D Driver (x32 Version: 7.17.13.0697 - NVIDIA Corporation) Hidden
NVIDIA Update 1.10.8 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update) (Version: 1.10.8 - NVIDIA Corporation)
NVIDIA Update Components (Version: 1.10.8 - NVIDIA Corporation) Hidden
Paradox (HKLM-x32\...\_{B568643E-076D-48A2-B5C3-7F0144D668D8}) (Version:  - Corel Corporation)
Paradox (x32 Version: 11.4 - Corel Corporation) Hidden
Photo Gallery (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Protector Suite 2009 (HKLM\...\{0F841121-4DB6-4B31-839F-7F5AB3BB3423}) (Version: 5.9.3.6379 - UPEK Inc.)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6873 - Realtek Semiconductor Corp.)
Renesas Electronics USB 3.0 Host Controller Driver (HKLM-x32\...\InstallShield_{5442DAB8-7177-49E1-8B22-09A049EA5996}) (Version: 2.0.34.0 - Renesas Electronics Corporation)
Renesas Electronics USB 3.0 Host Controller Driver (x32 Version: 2.0.34.0 - Renesas Electronics Corporation) Hidden
Sandboxie 4.06 (64-bit) (HKLM\...\Sandboxie) (Version: 4.06 - Sandboxie Holdings, LLC)
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{DE28B448-32E8-4E8F-84F0-A52B21A49B5B}) (Version:  - Microsoft)
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (x32 Version:  - Microsoft) Hidden
Skype™ 6.18 (HKLM-x32\...\{7A3C7E05-EE37-47D6-99E1-2EB05A3DA3F7}) (Version: 6.18.105 - Skype Technologies S.A.)
SMART Common Files (HKLM-x32\...\{ED2455F7-6AA6-4D3C-85E9-A72297DD7051}) (Version: 11.1.34.1 - SMART Technologies ULC)
SMART Notebook Interactive Viewer (HKLM-x32\...\{BDC0E727-AF8C-4360-88FD-439144C833A8}) (Version: 2.0.103.0 - SMART Technologies ULC)
SUPERAntiSpyware (HKLM\...\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}) (Version: 5.6.1014 - SUPERAntiSpyware.com)
swMSM (x32 Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 15.0.8.0 - Synaptics Incorporated)
Unity Web Player (HKCU\...\UnityWebPlayer) (Version:  - Unity Technologies ApS)
Update for Microsoft Access 2010 (KB2553446) 32-Bit Edition (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{B4A38370-2ADB-46B0-A1B0-0C4A2F7DCA31}) (Version:  - Microsoft)
Update for Microsoft Excel 2010 (KB2837600) 32-Bit Edition (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{4ACD847E-547D-493F-9A86-F73EAE1B5174}) (Version:  - Microsoft)
Update for Microsoft Filter Pack 2.0 (KB2878281) 32-Bit Edition (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{302A8FE3-EBF5-486C-A431-16A1CD914443}) (Version:  - Microsoft)
Update for Microsoft Filter Pack 2.0 (KB2878281) 32-Bit Edition (HKLM-x32\...\{90140000-002A-0000-1000-0000000FF1CE}_Office14.PROPLUS_{302A8FE3-EBF5-486C-A431-16A1CD914443}) (Version:  - Microsoft)
Update for Microsoft InfoPath 2010 (KB2817369) 32-Bit Edition (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{4EEA3D3E-989C-4DF4-AB0A-3042C0C12AA3}) (Version:  - Microsoft)
Update for Microsoft InfoPath 2010 (KB2817396) 32-Bit Edition (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{39767ECA-1731-45DB-AB5B-6BF40E151D66}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2494150) (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{3FCFD88F-4D13-4F38-8625-ABABEA7F61EA}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2589298) 32-Bit Edition (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{DADF7E25-FFA4-4D02-BE84-1DAE62C18516}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2589352) 32-Bit Edition (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{F4284D93-7AE8-4309-8CF3-9AD394F35F3A}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2589352) 32-Bit Edition (HKLM-x32\...\{90140000-002A-0000-1000-0000000FF1CE}_Office14.PROPLUS_{F4284D93-7AE8-4309-8CF3-9AD394F35F3A}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2589375) 32-Bit Edition (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{287A1E92-9E41-4BC1-8920-B3D0E9220800}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2597087) 32-Bit Edition (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{9D69691D-823D-4C3E-9B12-563A3F520366}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2760598) 32-Bit Edition (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{ECFE33A3-B8B7-439A-ADE4-59FBD29EF9B8}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2760598) 32-Bit Edition (HKLM-x32\...\{90140000-002A-0000-1000-0000000FF1CE}_Office14.PROPLUS_{ECFE33A3-B8B7-439A-ADE4-59FBD29EF9B8}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2760631) 32-Bit Edition (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{35698CB7-AAA2-4577-B505-DBFF504AEF23}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2794737) 32-Bit Edition (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{5AA578BB-759C-40FD-9661-A737C0884541}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2825635) 32-Bit Edition (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{F1A20C69-9FE5-40FD-9CD5-84EABC2EF64A}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2825640) 32-Bit Edition (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{BA610006-2C39-4419-9834-CF61AB24810A}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2837581) 32-Bit Edition (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{334FB202-28D7-4BA4-8BC9-4FE4AB233EA0}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2837606) 32-Bit Edition (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{B0D672F7-883E-4279-8E75-D97A5445AB46}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2878252) 32-Bit Edition (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{B0DB9F71-E0F7-4FE6-8925-35B860CAC0C4}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2881028) 32-Bit Edition (HKLM-x32\...\{90140000-001F-0409-0000-0000000FF1CE}_Office14.PROPLUS_{C0BDC1DE-C35E-422B-8CBD-C1D555468720}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2881028) 32-Bit Edition (HKLM-x32\...\{90140000-001F-040C-0000-0000000FF1CE}_Office14.PROPLUS_{089DBFD7-8211-43B2-AAAE-5BDD8C23E3A8}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2881028) 32-Bit Edition (HKLM-x32\...\{90140000-001F-0C0A-0000-0000000FF1CE}_Office14.PROPLUS_{794A0574-4E2F-4D58-B2A0-D7460ACDC85C}) (Version:  - Microsoft)
Update for Microsoft OneNote 2010 (KB2837595) 32-Bit Edition (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{51CCA922-A0CC-47C4-8910-6936D97CAC2E}) (Version:  - Microsoft)
Update for Microsoft OneNote 2010 (KB2837595) 32-Bit Edition (HKLM-x32\...\{90140000-002A-0000-1000-0000000FF1CE}_Office14.PROPLUS_{51CCA922-A0CC-47C4-8910-6936D97CAC2E}) (Version:  - Microsoft)
Update for Microsoft Outlook 2010 (KB2687567) 32-Bit Edition (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{2AB483F1-C86E-427A-83B4-23889B03512D}) (Version:  - Microsoft)
Update for Microsoft Outlook 2010 (KB2687567) 32-Bit Edition (HKLM-x32\...\{90140000-001A-0409-0000-0000000FF1CE}_Office14.PROPLUS_{DCE104A1-1875-4469-A83D-A5BFA6C4640F}) (Version:  - Microsoft)
Update for Microsoft PowerPoint 2010 (KB2837579) 32-Bit Edition (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{2BA40F82-F3A4-441C-BF1A-ED4C42FF4872}) (Version:  - Microsoft)
Update for Microsoft PowerPoint 2010 (KB2837579) 32-Bit Edition (HKLM-x32\...\{90140000-0018-0409-0000-0000000FF1CE}_Office14.PROPLUS_{334AA0A1-2BB1-4D74-B66A-2B2C4D9C2C87}) (Version:  - Microsoft)
Update for Microsoft SharePoint Workspace 2010 (KB2760601) 32-Bit Edition (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{F9F5A080-AF38-4966-9A6B-C43DCA465035}) (Version:  - Microsoft)
Update for Microsoft SharePoint Workspace 2010 (KB2760601) 32-Bit Edition (HKLM-x32\...\{90140000-002A-0000-1000-0000000FF1CE}_Office14.PROPLUS_{F9F5A080-AF38-4966-9A6B-C43DCA465035}) (Version:  - Microsoft)
Update for Microsoft Visio 2010 (KB2880526) 32-Bit Edition (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{7B29D8B8-6A87-496C-A65E-B935E740448A}) (Version:  - Microsoft)
Update for Microsoft Visio Viewer 2010 (KB2837587) 32-Bit Edition (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{38CF30E4-3348-4BD1-A859-B630C355A56F}) (Version:  - Microsoft)
Update for Microsoft Word 2010 (KB2880529) 32-Bit Edition (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{B9B89E01-5B6B-4F73-BC34-B2C0D8ACB4CD}) (Version:  - Microsoft)
Visual Basic for Applications ® Core - English (x32 Version: 6.4.99.69 - Microsoft Corporation) Hidden
Visual Basic for Applications ® Core (x32 Version: 6.4.99.69 - Microsoft Corporation) Hidden
Visual Studio 2012 x64 Redistributables (HKLM\...\{8C775E70-A791-4DA8-BCC3-6AB7136F4484}) (Version: 14.0.0.1 - AVG Technologies)
Visual Studio 2012 x86 Redistributables (HKLM-x32\...\{98EFF19A-30AB-4E4B-B943-F06B1C63EBF8}) (Version: 14.0.0.1 - AVG Technologies CZ, s.r.o.)
Windows Live Communications Platform (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3508.0205 - Microsoft Corporation)
Windows Live Essentials (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Windows Live ID Sign-in Assistant (Version: 7.250.4311.0 - Microsoft Corporation) Hidden
Windows Live Installer (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Windows Live Photo Common (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Windows Live PIMT Platform (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Windows Live SOXE (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Windows Live SOXE Definitions (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Windows Live UX Platform (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Windows Live UX Platform Language Pack (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
WordPerfect Lightning - IPM (x32 Version: 1.0 - Corel Corporation) Hidden
WordPerfect Lightning - Messages (x32 Version: 1.0 - Corel Corporation) Hidden
WordPerfect Lightning - MSOM (x32 Version: 1.1 - Corel Corporation) Hidden
WordPerfect Lightning (x32 Version: 2.0 - Corel Corporation) Hidden
WordPerfect Office X5 - Common (x32 Version: 15.0 - Corel Corporation) Hidden
Wordperfect Office X5 - EN (x32 Version: 15.0 - Corel Corporation) Hidden
WordPerfect Office X5 - Filters (x32 Version: 15.0 - Corel Corporation) Hidden
WordPerfect Office X5 - Graphics (x32 Version: 15.0 - Corel Corporation) Hidden
WordPerfect Office X5 - IPM (x32 Version: 15.0 - Corel Corporation) Hidden
WordPerfect Office X5 - LegalTools (x32 Version: 15.0 - Corel Corporation) Hidden
WordPerfect Office X5 - Migration Manager (x32 Version: 15.0 - Corel Corporation) Hidden
WordPerfect Office X5 - Oxford (x32 Version: 15.0 - Corel Corporation) Hidden
WordPerfect Office X5 - PerfectExperts EN (x32 Version: 15.0 - Corel Corporation) Hidden
WordPerfect Office X5 - PR (x32 Version: 15.0 - Corel Corporation) Hidden
WordPerfect Office X5 - QP (x32 Version: 15.0 - Corel Corporation) Hidden
WordPerfect Office X5 - Setup Files (x32 Version: 15.0 - Corel Corporation) Hidden
WordPerfect Office X5 - Sharepoint (x32 Version: 15.0 - Corel Corporation) Hidden
WordPerfect Office X5 - Skins (x32 Version: 15.0 - Corel Corporation) Hidden
WordPerfect Office X5 - System EN (x32 Version: 15.0 - Corel Corporation) Hidden
WordPerfect Office X5 - Templates (x32 Version: 15.0 - Corel Corporation) Hidden
WordPerfect Office X5 - WP (x32 Version: 15.0 - Corel Corporation) Hidden
WordPerfect Office X5 - WT (x32 Version: 15.0 -  Corel Corporation) Hidden
WordPerfect Office X5 (HKLM-x32\...\_{DE6DE4A1-0343-4DBE-9DC2-E667AA03F579}) (Version: 15.0.0.357 - Corel Corporation)
WordPerfect Office X5 (x32 Version: 15.0 - Corel Corporation) Hidden
 
==================== Custom CLSID (selected items): ==========================
 
(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)
 
CustomCLSID: HKU\S-1-5-21-3572275565-2679945913-2636382964-1000_Classes\CLSID\{355EC88A-02E2-4547-9DEE-F87426484BD1}\InprocServer32 -> C:\Users\anrit\AppData\Local\Google\Update\1.3.23.9\psuser_64.dll No File
CustomCLSID: HKU\S-1-5-21-3572275565-2679945913-2636382964-1000_Classes\CLSID\{90B3DFBF-AF6A-4EA0-8899-F332194690F8}\InprocServer32 -> C:\Users\anrit\AppData\Local\Google\Update\1.3.24.15\psuser_64.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-3572275565-2679945913-2636382964-1000_Classes\CLSID\{E8CF3E55-F919-49D9-ABC0-948E6CB34B9F}\InprocServer32 -> C:\Users\anrit\AppData\Local\Google\Update\1.3.24.15\psuser_64.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-3572275565-2679945913-2636382964-1000_Classes\CLSID\{FE498BAB-CB4C-4F88-AC3F-3641AAAF5E9E}\InprocServer32 -> C:\Users\anrit\AppData\Local\Google\Update\1.3.24.7\psuser_64.dll No File
 
==================== Restore Points  =========================
 
14-08-2014 23:38:18 Scheduled Checkpoint
14-08-2014 23:55:58 Installed AVG 2014
15-08-2014 21:18:28 Windows Update
 
==================== Hosts content: ==========================
 
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 
2009-07-13 22:34 - 2011-12-22 17:11 - 00000833 ____A C:\Windows\system32\Drivers\etc\hosts
 
==================== Scheduled Tasks (whitelisted) =============
 
(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)
 
Task: {0571BD23-1117-4BF7-AEA4-9B097A1CE6AB} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-03-29] (Google Inc.)
Task: {1DC230E3-20BD-4CE8-B9F9-3AA7D967AD50} - System32\Tasks\Microsoft\Microsoft Forefront\Client Security\Client\Antimalware\MP Scheduled Signature Update => c:\Program Files\Microsoft Forefront\Client Security\Client\Antimalware\MpCmdRun.exe [2010-07-20] (Microsoft Corporation)
Task: {1FA39506-8FB1-49B7-AB4D-0FE101D9730D} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-03-29] (Google Inc.)
Task: {270BBDE2-4C45-4B83-9BAE-F43FB9F03279} - System32\Tasks\GlaryInitialize => C:\Program Files (x86)\Glary Utilities\initialize.exe [2013-01-05] (Glarysoft Ltd)
Task: {5A88B87A-0321-410E-B746-B33600616246} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-3572275565-2679945913-2636382964-1000UA => C:\Users\anrit\AppData\Local\Google\Update\GoogleUpdate.exe [2013-11-17] (Google Inc.)
Task: {9C9D053B-0441-4EDC-B6D6-72251A71C9AC} - System32\Tasks\{894A66B5-DCC1-4E7F-A834-4D35E4EE925D} => Firefox.exe 
Task: {B943A203-79DF-4EA8-A329-30501B55358A} - System32\Tasks\Microsoft\Microsoft Forefront\Client Security\Client\Antimalware\MP Scheduled Scan => c:\Program Files\Microsoft Forefront\Client Security\Client\Antimalware\MpCmdRun.exe [2010-07-20] (Microsoft Corporation)
Task: {BBC10EFB-8C62-486E-AE9B-4448357DD43C} - System32\Tasks\Microsoft\Microsoft Forefront\Client Security\Client\Antimalware\MP Scheduled Quick Scan => c:\Program Files\Microsoft Forefront\Client Security\Client\Antimalware\MpCmdRun.exe [2010-07-20] (Microsoft Corporation)
Task: {BDB23471-54B8-4705-BBCF-428478C040C6} - System32\Tasks\HPCustParticipation HP Officejet Pro 8500 A910 => C:\Program Files\HP\HP Officejet Pro 8500 A910\Bin\HPCustPartic.exe [2010-11-16] (Hewlett-Packard Co.)
Task: {BFD704D3-C615-4679-94CF-D937F53AB43C} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-3572275565-2679945913-2636382964-1000Core => C:\Users\anrit\AppData\Local\Google\Update\GoogleUpdate.exe [2013-11-17] (Google Inc.)
Task: {C8ECB06E-BBEE-4F6C-BAB0-BE6435D16A7A} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-07-09] (Adobe Systems Incorporated)
Task: {EF7CFBA8-5A57-4527-9DE1-9509EFF95914} - System32\Tasks\RunAsStdUser Task for VeohWebPlayer => C:\Program Files (x86)\Veoh Networks\VeohWebPlayer\veohwebplayer.exe
Task: {FE10CBFC-C5CD-4CB3-BA5E-7EC32E7BE155} - System32\Tasks\Microsoft\Windows\WindowsBackup\AutomaticBackup => Rundll32.exe /d sdengin2.dll,ExecuteScheduledBackup
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GlaryInitialize.job => C:\Program Files (x86)\Glary Utilities\initialize.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3572275565-2679945913-2636382964-1000Core.job => C:\Users\anrit\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3572275565-2679945913-2636382964-1000UA.job => C:\Users\anrit\AppData\Local\Google\Update\GoogleUpdate.exe
 
==================== Loaded Modules (whitelisted) =============
 
2011-01-05 15:53 - 2011-01-05 15:53 - 01501696 _____ () C:\Program Files\Common Files\Intel\WirelessCommon\Libeay32.dll
2012-08-11 15:59 - 2012-08-11 16:15 - 00076888 _____ () C:\Windows\SysWOW64\PnkBstrA.exe
2013-09-05 01:17 - 2013-09-05 01:17 - 04300456 _____ () C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Cultures\OFFICE.ODF
2010-10-20 15:23 - 2010-10-20 15:23 - 08801632 _____ () C:\Program Files\Microsoft Office\Office14\1033\GrooveIntlResource.dll
2013-09-05 01:14 - 2013-09-05 01:14 - 04300456 _____ () C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF
2010-10-20 15:45 - 2010-10-20 15:45 - 08801120 _____ () C:\Program Files (x86)\Microsoft Office\Office14\1033\GrooveIntlResource.dll
2014-08-13 10:34 - 2014-08-06 23:20 - 00718152 _____ () C:\Program Files (x86)\Google\Chrome\Application\36.0.1985.143\libglesv2.dll
2014-08-13 10:34 - 2014-08-06 23:20 - 00126280 _____ () C:\Program Files (x86)\Google\Chrome\Application\36.0.1985.143\libegl.dll
2014-08-13 10:34 - 2014-08-06 23:20 - 08537928 _____ () C:\Program Files (x86)\Google\Chrome\Application\36.0.1985.143\pdf.dll
2014-08-13 10:34 - 2014-08-06 23:20 - 00353096 _____ () C:\Program Files (x86)\Google\Chrome\Application\36.0.1985.143\ppGoogleNaClPluginChrome.dll
2014-08-13 10:34 - 2014-08-06 23:20 - 01732936 _____ () C:\Program Files (x86)\Google\Chrome\Application\36.0.1985.143\ffmpegsumo.dll
 
==================== Alternate Data Streams (whitelisted) =========
 
(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)
 
 
==================== Safe Mode (whitelisted) ===================
 
(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
 
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\FCSAM => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\FCSAM => ""="Service"
 
==================== EXE Association (whitelisted) =============
 
(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)
 
 
==================== MSCONFIG/TASK MANAGER disabled items =========
 
(Currently there is no automatic fix for this section.)
 
MSCONFIG\Services: AdobeARMservice => 2
MSCONFIG\Services: AdobeFlashPlayerUpdateSvc => 3
MSCONFIG\Services: Apple Mobile Device => 2
MSCONFIG\Services: Application Updater => 2
MSCONFIG\Services: Bonjour Service => 2
MSCONFIG\Services: CLKMSVC10_38F51D56 => 2
MSCONFIG\Services: EvtEng => 2
MSCONFIG\Services: FLEXnet Licensing Service => 3
MSCONFIG\Services: gupdate => 2
MSCONFIG\Services: gupdatem => 3
MSCONFIG\Services: IAStorDataMgrSvc => 2
MSCONFIG\Services: iPod Service => 3
MSCONFIG\Services: MozillaMaintenance => 3
MSCONFIG\Services: MyWiFiDHCPDNS => 3
MSCONFIG\Services: NVSvc => 2
MSCONFIG\Services: nvUpdatusService => 2
MSCONFIG\Services: PowerBiosServer => 2
MSCONFIG\Services: PSI_SVC_2 => 2
MSCONFIG\Services: RegSrvc => 2
MSCONFIG\Services: Steam Client Service => 3
MSCONFIG\Services: Stereo Service => 2
MSCONFIG\Services: XTUService => 2
MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Hotkey.lnk => C:\Windows\pss\Hotkey.lnk.CommonStartup
MSCONFIG\startupreg: Acrobat Assistant 8.0 => "C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrotray.exe"
MSCONFIG\startupreg: Adobe Acrobat Speed Launcher => "C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrobat_sl.exe"
MSCONFIG\startupreg: Adobe ARM => "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
MSCONFIG\startupreg: BCSSync => "C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServices
MSCONFIG\startupreg: BDRegion => c:\Program Files (x86)\Cyberlink\Shared files\brs.exe
MSCONFIG\startupreg: BisonHK => C:\Program Files (x86)\BisonCam\BisonHK.exe
MSCONFIG\startupreg: CLMLServer => "c:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe"
MSCONFIG\startupreg: DeLay => C:\Program Files (x86)\BisonCam\DeLay.exe
MSCONFIG\startupreg: HP Software Update => C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe
MSCONFIG\startupreg: IAStorIcon => C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
MSCONFIG\startupreg: IntelWireless => "C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe" /tf Intel Wireless Tray
MSCONFIG\startupreg: Microsoft Forefront Client Security Antimalware Service => "c:\Program Files\Microsoft Forefront\Client Security\Client\Antimalware\MSASCui.exe" -hide
MSCONFIG\startupreg: NUSB3MON => "c:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe"
MSCONFIG\startupreg: PdxRegCl => "c:\Program Files (x86)\Corel\Paradox\Programs\PdxRegCl.exe" /s /c
MSCONFIG\startupreg: PSQLLauncher => "C:\Program Files\Protector Suite\launcher.exe" /startup
MSCONFIG\startupreg: QuickFinder Scheduler => "c:\Program Files (x86)\Corel\WordPerfect Office X5\Programs\QFSCHD150.EXE"
MSCONFIG\startupreg: RemoteControl10 => "c:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe"
MSCONFIG\startupreg: RtHDVCpl => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s
MSCONFIG\startupreg: Steam => "C:\Program Files (x86)\Steam\Steam.exe" -silent
MSCONFIG\startupreg: SUPERAntiSpyware => C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
MSCONFIG\startupreg: SynTPEnh => %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe
 
==================== Faulty Device Manager Devices =============
 
Name: Teredo Tunneling Pseudo-Interface
Description: Microsoft Teredo Tunneling Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: tunnel
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (08/15/2014 05:12:26 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (08/15/2014 07:32:41 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (08/14/2014 09:37:25 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" on line C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.
 
Error: (08/14/2014 07:11:32 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" on line C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.
 
Error: (08/14/2014 06:38:34 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (08/13/2014 11:09:41 AM) (Source: SideBySide) (EventID: 80) (User: )
Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" on line C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.
 
Error: (08/13/2014 10:04:11 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (08/12/2014 10:46:36 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (08/12/2014 01:13:29 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" on line C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.
 
Error: (08/12/2014 10:22:37 AM) (Source: Microsoft Operations Manager) (EventID: 26008) (User: NT AUTHORITY)
Description: The agent could not resolve the IP of the MOM Server ASQIATS10002.  The error reported is 'The requested name is valid, but no data of the requested type was found.'.
 
 
System errors:
=============
Error: (08/15/2014 09:14:49 PM) (Source: NETLOGON) (EventID: 5719) (User: )
Description: This computer was not able to set up a secure session with a domain
controller in domain ANR due to the following: 
%%1311
 
This may lead to authentication problems. Make sure that this
computer is connected to the network. If the problem persists,
please contact your domain administrator.
 
 
 
ADDITIONAL INFO
 
If this computer is a domain controller for the specified domain, it
sets up the secure session to the primary domain controller emulator in the specified
domain. Otherwise, this computer sets up the secure session to any domain controller
in the specified domain.
 
Error: (08/15/2014 07:05:30 PM) (Source: Microsoft-Windows-GroupPolicy) (EventID: 1129) (User: NT AUTHORITY)
Description: The processing of Group Policy failed because of lack of network connectivity to a domain controller. This may be a transient condition. A success message would be generated once the machine gets connected to the domain controller and Group Policy has succesfully processed. If you do not see a success message for several hours, then contact your administrator.
 
Error: (08/15/2014 05:12:14 PM) (Source: Microsoft-Windows-GroupPolicy) (EventID: 1055) (User: NT AUTHORITY)
Description: The processing of Group Policy failed. Windows could not resolve the computer name. This could be caused by one of more of the following: 
a) Name Resolution failure on the current domain controller. 
B) Active Directory Replication Latency (an account created on another domain controller has not replicated to the current domain controller).
 
Error: (08/15/2014 05:12:13 PM) (Source: NETLOGON) (EventID: 5719) (User: )
Description: This computer was not able to set up a secure session with a domain
controller in domain ANR due to the following: 
%%1311
 
This may lead to authentication problems. Make sure that this
computer is connected to the network. If the problem persists,
please contact your domain administrator.
 
 
 
ADDITIONAL INFO
 
If this computer is a domain controller for the specified domain, it
sets up the secure session to the primary domain controller emulator in the specified
domain. Otherwise, this computer sets up the secure session to any domain controller
in the specified domain.
 
Error: (08/15/2014 07:32:26 AM) (Source: Microsoft-Windows-GroupPolicy) (EventID: 1055) (User: NT AUTHORITY)
Description: The processing of Group Policy failed. Windows could not resolve the computer name. This could be caused by one of more of the following: 
a) Name Resolution failure on the current domain controller. 
B) Active Directory Replication Latency (an account created on another domain controller has not replicated to the current domain controller).
 
Error: (08/15/2014 07:32:22 AM) (Source: NETLOGON) (EventID: 5719) (User: )
Description: This computer was not able to set up a secure session with a domain
controller in domain ANR due to the following: 
%%1311
 
This may lead to authentication problems. Make sure that this
computer is connected to the network. If the problem persists,
please contact your domain administrator.
 
 
 
ADDITIONAL INFO
 
If this computer is a domain controller for the specified domain, it
sets up the secure session to the primary domain controller emulator in the specified
domain. Otherwise, this computer sets up the secure session to any domain controller
in the specified domain.
 
Error: (08/14/2014 10:42:09 PM) (Source: NETLOGON) (EventID: 5719) (User: )
Description: This computer was not able to set up a secure session with a domain
controller in domain ANR due to the following: 
%%1311
 
This may lead to authentication problems. Make sure that this
computer is connected to the network. If the problem persists,
please contact your domain administrator.
 
 
 
ADDITIONAL INFO
 
If this computer is a domain controller for the specified domain, it
sets up the secure session to the primary domain controller emulator in the specified
domain. Otherwise, this computer sets up the secure session to any domain controller
in the specified domain.
 
Error: (08/14/2014 08:26:12 PM) (Source: Microsoft-Windows-GroupPolicy) (EventID: 1129) (User: NT AUTHORITY)
Description: The processing of Group Policy failed because of lack of network connectivity to a domain controller. This may be a transient condition. A success message would be generated once the machine gets connected to the domain controller and Group Policy has succesfully processed. If you do not see a success message for several hours, then contact your administrator.
 
Error: (08/14/2014 06:38:11 PM) (Source: Microsoft-Windows-GroupPolicy) (EventID: 1055) (User: NT AUTHORITY)
Description: The processing of Group Policy failed. Windows could not resolve the computer name. This could be caused by one of more of the following: 
a) Name Resolution failure on the current domain controller. 
B) Active Directory Replication Latency (an account created on another domain controller has not replicated to the current domain controller).
 
Error: (08/14/2014 06:38:06 PM) (Source: NETLOGON) (EventID: 5719) (User: )
Description: This computer was not able to set up a secure session with a domain
controller in domain ANR due to the following: 
%%1311
 
This may lead to authentication problems. Make sure that this
computer is connected to the network. If the problem persists,
please contact your domain administrator.
 
 
 
ADDITIONAL INFO
 
If this computer is a domain controller for the specified domain, it
sets up the secure session to the primary domain controller emulator in the specified
domain. Otherwise, this computer sets up the secure session to any domain controller
in the specified domain.
 
 
Microsoft Office Sessions:
=========================
Error: (08/15/2014 05:12:26 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (08/15/2014 07:32:41 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (08/14/2014 09:37:25 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifestc:\program files (x86)\ESET\eset online scanner\ESETSmartInstaller.exe
 
Error: (08/14/2014 07:11:32 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifestc:\program files (x86)\ESET\eset online scanner\ESETSmartInstaller.exe
 
Error: (08/14/2014 06:38:34 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (08/13/2014 11:09:41 AM) (Source: SideBySide) (EventID: 80) (User: )
Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifestc:\program files (x86)\ESET\eset online scanner\ESETSmartInstaller.exe
 
Error: (08/13/2014 10:04:11 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (08/12/2014 10:46:36 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (08/12/2014 01:13:29 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifestc:\program files (x86)\ESET\eset online scanner\ESETSmartInstaller.exe
 
Error: (08/12/2014 10:22:37 AM) (Source: Microsoft Operations Manager) (EventID: 26008) (User: NT AUTHORITY)
Description: ASQIATS10002The requested name is valid, but no data of the requested type was found.
 
 
==================== Memory info =========================== 
 
Processor: Intel® Core™ i7 CPU 960 @ 3.20GHz
Percentage of memory in use: 22%
Total physical RAM: 12279.23 MB
Available physical RAM: 9468.89 MB
Total Pagefile: 24556.64 MB
Available Pagefile: 21525.31 MB
Total Virtual: 8192 MB
Available Virtual: 8191.83 MB
 
==================== Drives ================================
 
Drive c: (Windows) (Fixed) (Total:465.56 GB) (Free:394.69 GB) NTFS
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 466 GB) (Disk ID: 4A9AD269)
Partition 1: (Active) - (Size=200 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=466 GB) - (Type=07 NTFS)
 
==================== End Of Log ============================


#4 Starbuck

Starbuck

    'r Brudiwr


  • Malware Response Team
  • 4,149 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Midlands, UK
  • Local time:09:55 PM

Posted 16 August 2014 - 02:02 AM

Hi goal

AVG AntiVirus Free Edition 2014 and Microsoft Forefront Client Security are both still installed.
Plus Microsoft Forefront Client Security has been stopped by using MsConfig.

MSCONFIG\startupreg: Microsoft Forefront Client Security Antimalware Service => "c:\Program Files\Microsoft Forefront\Client Security\Client\Antimalware\MSASCui.exe" -hide

This has to be re-enabled.... to either run correctly or to be removed completely.
Please uninstall one or the other and then run another set of FRST reports so that i get an up to date view of the system.

Please re-run FRST.
  • Make sure that Addition.txt is selected at the bottom
  • Press Scan button.

    newfrst_zpsa63ffa3d.png
  • It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
  • It will also make another log (Addition.txt). Please copy and paste it to your reply also.
Thanks

BBPP6nz.png


#5 goal

goal
  • Topic Starter

  • Members
  • 54 posts
  • OFFLINE
  •  
  • Local time:03:55 PM

Posted 17 August 2014 - 12:21 AM

okay here's the updated logs

FRST.txt log

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 16-08-2014 04
Ran by anrit (administrator) on BAEFAE114-SSRBR on 17-08-2014 01:13:13
Running from C:\Users\anrit\Desktop
Platform: Windows 7 Ultimate Service Pack 1 (X64) OS Language: English (United States)
Internet Explorer Version 11
Boot Mode: Normal
 
The only official download link for FRST:
Download link from any site other than Bleeping Computer is unpermitted or outdated.
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(Microsoft Corporation) C:\Program Files\Microsoft Forefront\Client Security\Client\Antimalware\MsMpEng.exe
(Sandboxie Holdings, LLC) C:\Program Files\Sandboxie\SbieSvc.exe
(UPEK Inc.) C:\Program Files\Protector Suite\upeksvr.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Microsoft Corporation) C:\Program Files\Microsoft Forefront\Client Security\Client\SSA\FcsSas.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
() C:\Windows\SysWOW64\PnkBstrA.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Forefront\Client Security\Client\Microsoft Operations Manager 2005\MOMService.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Microsoft Corporation) C:\Program Files\Microsoft Forefront\Client Security\Client\Antimalware\MSASCui.exe
(Sandboxie Holdings, LLC) C:\Program Files\Sandboxie\SbieCtrl.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
(Adobe Systems Inc.) C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\acrotray.exe
(Microsoft Corporation) C:\Windows\SysWOW64\wbem\WmiPrvSE.exe
(Citrix Systems, Inc.) C:\Program Files (x86)\Citrix\ICA Client\concentr.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Citrix Systems, Inc.) C:\Program Files (x86)\Citrix\ICA Client\wfcrun32.exe
(Microsoft Corporation) C:\Windows\SysWOW64\wbem\WmiPrvSE.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
 
 
==================== Registry (Whitelisted) ==================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [Logitech Download Assistant] => C:\Windows\system32\rundll32.exe C:\Windows\System32\LogiLDA.dll,LogiFetch
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13513288 2013-03-29] (Realtek Semiconductor)
HKLM\...\Run: [Microsoft Forefront Client Security Antimalware Service] => c:\Program Files\Microsoft Forefront\Client Security\Client\Antimalware\MSASCui.exe [1636736 2010-07-20] (Microsoft Corporation)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Adobe Acrobat Speed Launcher] => C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrobat_sl.exe [41336 2014-05-08] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Acrobat Assistant 8.0] => C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrotray.exe [840568 2014-05-08] (Adobe Systems Inc.)
HKLM-x32\...\Run: [ConnectionCenter] => C:\Program Files (x86)\Citrix\ICA Client\concentr.exe [304568 2010-10-12] (Citrix Systems, Inc.)
HKLM-x32\...\Run: [APSDaemon] => "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)
HKLM-x32\...\Run: [BCSSync] => C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe [89184 2012-11-05] (Microsoft Corporation)
HKLM-x32\...\Run: [] => [X]
Winlogon\Notify\psfus: C:\Program Files\Protector Suite\psqlpwd.dll (UPEK Inc.)
HKLM\...D6A79037F57F\InprocServer32: [Default-fastprox]  ATTENTION! ====> ZeroAccess?
HKU\S-1-5-21-3572275565-2679945913-2636382964-1000\...\Run: [Google Update] => C:\Users\anrit\AppData\Local\Google\Update\GoogleUpdate.exe [116648 2013-11-17] (Google Inc.)
HKU\S-1-5-21-3572275565-2679945913-2636382964-1000\...\Run: [SandboxieControl] => C:\Program Files\Sandboxie\SbieCtrl.exe [759496 2013-10-16] (Sandboxie Holdings, LLC)
HKU\S-1-5-21-3572275565-2679945913-2636382964-1000\...\MountPoints2: {2ba4397a-e080-11e1-a710-0090f5b86645} - E:\LaunchU3.exe -a
Lsa: [Notification Packages] scecli C:\Program Files\Protector Suite\psqlpwd.dll
ShellIconOverlayIdentifiers: UEAFOverlay -> {F2F31467-B1AC-4df0-AE79-FD5FA085E22B} => C:\Program Files\Protector Suite\farchns.dll (UPEK Inc.)
ShellIconOverlayIdentifiers: UEAFOverlayOpen -> {A3E208F7-0E3A-4182-A7A6-B169D5D691AA} => C:\Program Files\Protector Suite\farchns.dll (UPEK Inc.)
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/?ocid=iehp
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-US
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0x04A254243602CE01
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://google.com/
SearchScopes: HKLM - DefaultScope value is missing.
SearchScopes: HKLM-x32 - DefaultScope value is missing.
SearchScopes: HKCU - {19720C75-1A9A-426E-BAEA-97BB9F3308F7} URL = http://search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&ilc=12&type=407453&p={searchTerms}
BHO: SMART Notebook Download Utility -> {67BCF957-85FC-4036-8DC4-D4D80E00A77B} -> C:\Program Files (x86)\SMART Technologies\Notebook Interactive Viewer\Win64\NotebookPlugin.dll (SMART Technologies ULC.)
BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: SMART Notebook Download Utility -> {67BCF957-85FC-4036-8DC4-D4D80E00A77B} -> C:\Program Files (x86)\SMART Technologies\Notebook Interactive Viewer\Win32\NotebookPlugin.dll (SMART Technologies ULC.)
BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Adobe PDF Conversion Toolbar Helper -> {AE7CD045-E861-484f-8273-0445EE161910} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: SmartSelect Class -> {F4971EE7-DAA0-4053-9964-665D8EE6A077} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
Toolbar: HKLM-x32 - Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
Toolbar: HKCU - No Name - {47833539-D0C5-4125-9FA8-0819E2EAAC93} -  No File
DPF: HKLM {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab
DPF: HKLM-x32 {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab
Filter: application/x-ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} -  No File
Filter: application/x-ica; charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} -  No File
Filter: application/x-ica; charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} -  No File
Filter: application/x-ica; charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} -  No File
Filter: application/x-ica; charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} -  No File
Filter: application/x-ica; charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} -  No File
Filter: application/x-ica; charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} -  No File
Filter: application/x-ica; charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} -  No File
Filter: application/x-ica;charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} -  No File
Filter: application/x-ica;charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} -  No File
Filter: application/x-ica;charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} -  No File
Filter: application/x-ica;charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} -  No File
Filter: application/x-ica;charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} -  No File
Filter: application/x-ica;charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} -  No File
Filter: application/x-ica;charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} -  No File
Filter: ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} -  No File
Filter-x32: application/x-ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.254
 
FireFox:
========
FF ProfilePath: C:\Users\anrit\AppData\Roaming\Mozilla\Firefox\Profiles\wfscfafv.default-1376773501983
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_14_0_0_145.dll ()
FF Plugin: @java.com/DTPlugin,version=10.13.2 -> C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.13.2 -> C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~3\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_14_0_0_145.dll ()
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\Windows\system32\Adobe\Director\np32dsw_1205146.dll No File
FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin-x32: @java.com/DTPlugin,version=10.45.2 -> C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.45.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3508.0205 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @nexon.net/NxGame -> C:\ProgramData\NexonUS\NGM\npNxGameUS.dll No File
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF Plugin-x32: @pandonetworks.com/PandoWebPlugin -> C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll No File
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: Adobe Acrobat -> C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Air\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: @talk.google.com/GoogleTalkPlugin -> C:\Users\anrit\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll (Google)
FF Plugin HKCU: @talk.google.com/O1DPlugin -> C:\Users\anrit\AppData\Roaming\Mozilla\plugins\npo1d.dll (Google)
FF Plugin HKCU: @tools.google.com/Google Update;version=3 -> C:\Users\anrit\AppData\Local\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKCU: @tools.google.com/Google Update;version=9 -> C:\Users\anrit\AppData\Local\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKCU: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\anrit\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\CCMSDK.dll (Citrix Systems, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\cgpcfg.dll (Citrix Systems, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\CgpCore.dll (Citrix Systems, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\confmgr.dll (Citrix Systems, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\ctxlogging.dll (Citrix Systems, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\ctxmui.dll (Citrix Systems, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\icafile.dll (Citrix Systems, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\icalogon.dll (Citrix Systems, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npicaN.dll ()
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\sslsdk_b.dll (Citrix Systems, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\TcpPServ.dll (Citrix Systems, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Users\anrit\AppData\Roaming\mozilla\plugins\npgoogletalk.dll (Google)
FF Plugin ProgramFiles/Appdata: C:\Users\anrit\AppData\Roaming\mozilla\plugins\npo1d.dll (Google)
FF HKLM-x32\...\Firefox\Extensions: [web2pdfextension@web2pdf.adobedotcom] - C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Browser\WCFirefoxExtn
FF Extension: Adobe Acrobat - Create PDF - C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Browser\WCFirefoxExtn [2011-09-21]
FF HKLM-x32\...\Firefox\Extensions: [{ABDE892B-13A8-4d1b-88E6-365A6E755758}] - C:\Program Files (x86)\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext
 
Chrome: 
=======
CHR HKLM-x32\...\Chrome\Extension: [hbcennhacfaagdopikcegfcobcadeocj] - C:\Program Files (x86)\Common Files\Spigot\GC\saebay_1.0.crx []
CHR HKLM-x32\...\Chrome\Extension: [icdlfehblmklkikfigmjhbmmpmkmpooj] - C:\Program Files (x86)\Common Files\Spigot\GC\errorassistant_1.1.crx []
CHR HKLM-x32\...\Chrome\Extension: [mhkaekfpcppmmioggniknbnbdbcigpkk] - C:\Users\anrit\AppData\Local\Slick Savings\coupons.crx [2013-08-16]
CHR HKLM-x32\...\Chrome\Extension: [pfndaklgolladniicklehhancnlgocpp] - C:\Program Files (x86)\Common Files\Spigot\GC\saamazon_1.0.crx [2013-08-16]
 
==================== Services (Whitelisted) =================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
S4 !SASCORE; C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE [140672 2012-07-11] (SUPERAntiSpyware.com) [File not signed]
S4 CLKMSVC10_38F51D56; c:\Program Files (x86)\CyberLink\PowerDVD10\NavFilter\kmsvc.exe [241648 2010-11-12] (CyberLink)
R2 FCSAM; c:\Program Files\Microsoft Forefront\Client Security\Client\Antimalware\MsMpEng.exe [16384 2010-07-20] (Microsoft Corporation)
R2 FcsSas; C:\Program Files\Microsoft Forefront\Client Security\Client\SSA\FcsSas.exe [77216 2007-04-05] (Microsoft Corporation)
R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [418376 2013-04-04] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [701512 2013-04-04] (Malwarebytes Corporation)
R2 MOM; C:\Program Files (x86)\Microsoft Forefront\Client Security\Client\Microsoft Operations Manager 2005\MOMService.exe [134656 2005-07-21] (Microsoft Corporation) [File not signed]
S4 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [340240 2011-01-05] ()
R2 PnkBstrA; C:\Windows\SysWOW64\PnkBstrA.exe [76888 2012-08-11] ()
S4 PowerBiosServer; c:\Program Files (x86)\Hotkey\PowerBiosServer.exe [33280 2011-01-17] () [File not signed]
R2 SbieSvc; C:\Program Files\Sandboxie\SbieSvc.exe [186056 2013-10-16] (Sandboxie Holdings, LLC)
S4 XTUService; C:\Program Files (x86)\Common Files\Intel\Intel Extreme Tuning Utility\PerfTuneService.exe [22280 2010-02-19] (Intel Corporation)
 
==================== Drivers (Whitelisted) ====================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
R1 A2DDA; C:\Users\anrit\Documents\EmsisoftEmergencyKit\Run\a2ddax64.sys [23208 2013-02-08] (Emsi Software GmbH)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25928 2013-04-04] (Malwarebytes Corporation)
R3 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [91520 2010-07-18] (Microsoft Corporation)
R1 SASDIFSV; C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS [14928 2011-07-22] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
R1 SASKUTIL; C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS [12368 2011-07-12] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
R3 SbieDrv; C:\Program Files\Sandboxie\SbieDrv.sys [200552 2013-10-16] (Sandboxie Holdings, LLC)
S3 USBAAPL64; C:\Windows\System32\Drivers\usbaapl64.sys [54784 2012-12-13] (Apple, Inc.) [File not signed]
S3 EagleX64; \??\C:\Windows\system32\drivers\EagleX64.sys [X]
S3 VGPU; System32\drivers\rdvgkmd.sys [X]
 
==================== NetSvcs (Whitelisted) ===================
 
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
 
 
==================== One Month Created Files and Folders ========
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2014-08-17 01:12 - 2014-08-17 01:12 - 00000000 ____D () C:\Users\anrit\Desktop\FRST-OlderVersion
2014-08-16 12:51 - 2014-06-30 18:24 - 00008856 _____ (Microsoft Corporation) C:\Windows\system32\icardres.dll
2014-08-16 12:51 - 2014-06-30 18:14 - 00008856 _____ (Microsoft Corporation) C:\Windows\SysWOW64\icardres.dll
2014-08-16 12:51 - 2014-06-06 02:16 - 00035480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TsWpfWrp.exe
2014-08-16 12:51 - 2014-06-06 02:12 - 00035480 _____ (Microsoft Corporation) C:\Windows\system32\TsWpfWrp.exe
2014-08-16 12:51 - 2014-03-09 17:48 - 01389208 _____ (Microsoft Corporation) C:\Windows\system32\icardagt.exe
2014-08-16 12:51 - 2014-03-09 17:48 - 00171160 _____ (Microsoft Corporation) C:\Windows\system32\infocardapi.dll
2014-08-16 12:51 - 2014-03-09 17:47 - 00619672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\icardagt.exe
2014-08-16 12:51 - 2014-03-09 17:47 - 00099480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\infocardapi.dll
2014-08-16 12:13 - 2014-07-15 23:23 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
2014-08-16 12:13 - 2014-07-15 22:46 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll
2014-08-16 12:13 - 2014-06-15 22:10 - 00985536 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dxgkrnl.sys
2014-08-16 12:13 - 2014-06-03 06:02 - 03241984 _____ (Microsoft Corporation) C:\Windows\system32\msi.dll
2014-08-16 12:13 - 2014-06-03 06:02 - 01941504 _____ (Microsoft Corporation) C:\Windows\system32\authui.dll
2014-08-16 12:13 - 2014-06-03 06:02 - 00504320 _____ (Microsoft Corporation) C:\Windows\system32\msihnd.dll
2014-08-16 12:13 - 2014-06-03 06:02 - 00112064 _____ (Microsoft Corporation) C:\Windows\system32\consent.exe
2014-08-16 12:13 - 2014-06-03 05:29 - 02363392 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msi.dll
2014-08-16 12:13 - 2014-06-03 05:29 - 01805824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\authui.dll
2014-08-16 12:13 - 2014-06-03 05:29 - 00337408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msihnd.dll
2014-08-16 12:12 - 2014-07-31 19:41 - 00348856 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2014-08-16 12:12 - 2014-07-31 19:16 - 00307384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2014-08-16 12:12 - 2014-07-25 10:52 - 23645696 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-08-16 12:12 - 2014-07-25 10:02 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-08-16 12:12 - 2014-07-25 10:01 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-08-16 12:12 - 2014-07-25 09:51 - 17524224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-08-16 12:12 - 2014-07-25 09:30 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-08-16 12:12 - 2014-07-25 09:28 - 00548352 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-08-16 12:12 - 2014-07-25 09:28 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-08-16 12:12 - 2014-07-25 09:25 - 02774528 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-08-16 12:12 - 2014-07-25 09:25 - 00083968 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2014-08-16 12:12 - 2014-07-25 09:11 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-08-16 12:12 - 2014-07-25 09:10 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-08-16 12:12 - 2014-07-25 09:04 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-08-16 12:12 - 2014-07-25 09:03 - 00598016 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-08-16 12:12 - 2014-07-25 09:00 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-08-16 12:12 - 2014-07-25 09:00 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-08-16 12:12 - 2014-07-25 08:59 - 00758272 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-08-16 12:12 - 2014-07-25 08:47 - 00940032 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-08-16 12:12 - 2014-07-25 08:40 - 00452096 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-08-16 12:12 - 2014-07-25 08:34 - 00455168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2014-08-16 12:12 - 2014-07-25 08:34 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-08-16 12:12 - 2014-07-25 08:33 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2014-08-16 12:12 - 2014-07-25 08:30 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2014-08-16 12:12 - 2014-07-25 08:28 - 05824512 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-08-16 12:12 - 2014-07-25 08:28 - 00072704 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2014-08-16 12:12 - 2014-07-25 08:21 - 02184704 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-08-16 12:12 - 2014-07-25 08:19 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-08-16 12:12 - 2014-07-25 08:18 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-08-16 12:12 - 2014-07-25 08:17 - 00085504 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-08-16 12:12 - 2014-07-25 08:17 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-08-16 12:12 - 2014-07-25 08:12 - 00438784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-08-16 12:12 - 2014-07-25 08:10 - 00292864 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-08-16 12:12 - 2014-07-25 08:10 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-08-16 12:12 - 2014-07-25 08:08 - 00597504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2014-08-16 12:12 - 2014-07-25 08:06 - 04204032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-08-16 12:12 - 2014-07-25 07:52 - 00367104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2014-08-16 12:12 - 2014-07-25 07:47 - 00631808 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-08-16 12:12 - 2014-07-25 07:43 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2014-08-16 12:12 - 2014-07-25 07:42 - 00692736 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-08-16 12:12 - 2014-07-25 07:39 - 02087936 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-08-16 12:12 - 2014-07-25 07:39 - 01249280 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2014-08-16 12:12 - 2014-07-25 07:36 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-08-16 12:12 - 2014-07-25 07:34 - 00069632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-08-16 12:12 - 2014-07-25 07:29 - 00239616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2014-08-16 12:12 - 2014-07-25 07:23 - 13547008 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-08-16 12:12 - 2014-07-25 07:13 - 00526336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-08-16 12:12 - 2014-07-25 07:07 - 02001920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-08-16 12:12 - 2014-07-25 07:07 - 01068032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2014-08-16 12:12 - 2014-07-25 07:03 - 11772928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-08-16 12:12 - 2014-07-25 06:52 - 02266624 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-08-16 12:12 - 2014-07-25 06:26 - 01431040 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-08-16 12:12 - 2014-07-25 06:17 - 00846336 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-08-16 12:12 - 2014-07-25 06:09 - 00704512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2014-08-16 12:12 - 2014-07-25 06:05 - 01792512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-08-16 12:12 - 2014-07-25 06:00 - 01169920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-08-16 12:12 - 2014-06-24 22:05 - 14175744 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll
2014-08-16 12:12 - 2014-06-24 21:41 - 12874240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll
2014-08-16 12:11 - 2014-08-06 22:06 - 00529920 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-08-16 12:11 - 2014-08-06 22:01 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2014-08-16 12:11 - 2014-07-13 22:02 - 01216000 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll
2014-08-16 12:11 - 2014-07-13 21:40 - 00664064 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpcrt4.dll
2014-08-16 00:34 - 2014-08-16 00:34 - 00054121 _____ () C:\Users\anrit\Desktop\Addition.txt
2014-08-16 00:33 - 2014-08-17 01:15 - 00022508 _____ () C:\Users\anrit\Desktop\FRST.txt
2014-08-16 00:33 - 2014-08-17 01:13 - 00000000 ____D () C:\FRST
2014-08-16 00:32 - 2014-08-17 01:12 - 02101760 _____ (Farbar) C:\Users\anrit\Desktop\FRST64.exe
2014-08-16 00:31 - 2014-08-16 00:31 - 00003106 _____ () C:\Windows\System32\Tasks\{4B6BAF47-C353-442E-9F8A-BFA25F127B3E}
2014-08-13 10:11 - 2014-08-13 10:11 - 00000671 _____ () C:\Users\anrit\Downloads\ATT00001.htm
2014-08-12 10:34 - 2014-08-12 10:34 - 00022456 _____ () C:\Users\anrit\Desktop\attach.txt
2014-08-12 10:34 - 2014-08-12 10:33 - 00026745 _____ () C:\Users\anrit\Desktop\dds.txt
2014-08-12 10:32 - 2014-08-12 10:32 - 00688992 ____R (Swearware) C:\Users\anrit\Downloads\dds.com
2014-08-11 11:01 - 2014-08-11 11:01 - 00001091 _____ () C:\WirelessDiagLog.csv
2014-08-10 23:29 - 2014-08-10 23:29 - 00002352 _____ () C:\Users\anrit\Desktop\Rkill.txt
2014-08-10 23:28 - 2014-08-10 23:28 - 01944824 _____ (Bleeping Computer, LLC) C:\Users\anrit\Desktop\rkill.exe
2014-08-10 23:26 - 2014-08-10 23:26 - 14349744 _____ (Malwarebytes Corp.) C:\Users\anrit\Downloads\mbar-1.07.0.1012 (1).exe
2014-08-10 22:15 - 2014-08-10 23:27 - 00128728 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-08-10 22:15 - 2014-08-10 23:27 - 00000000 ____D () C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2014-08-10 22:14 - 2014-08-10 23:27 - 00000000 ____D () C:\Users\anrit\Desktop\mbar
2014-08-10 22:14 - 2014-08-10 23:26 - 00092888 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-08-10 22:14 - 2014-08-10 22:14 - 14349744 _____ (Malwarebytes Corp.) C:\Users\anrit\Desktop\mbar-1.07.0.1012.exe
2014-08-10 22:08 - 2014-08-10 22:08 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\anrit\Downloads\mbam-setup-2.0.2.1012 (2).exe
2014-08-10 22:05 - 2014-08-10 22:06 - 00050425 _____ () C:\Users\anrit\Downloads\Result.txt
2014-08-10 22:05 - 2014-08-10 22:05 - 00401920 _____ (Farbar) C:\Users\anrit\Downloads\MiniToolBox (1).exe
2014-08-10 22:03 - 2014-08-10 22:03 - 00003199 _____ () C:\Users\anrit\Downloads\FSS.txt
2014-08-10 21:58 - 2014-08-10 21:58 - 00415232 _____ (Farbar) C:\Users\anrit\Downloads\FSS.exe
2014-08-10 21:58 - 2014-08-10 21:58 - 00401920 _____ (Farbar) C:\Users\anrit\Downloads\MiniToolBox.exe
2014-08-10 21:57 - 2014-08-10 21:57 - 00854410 _____ () C:\Users\anrit\Downloads\SecurityCheck.exe
2014-08-10 18:28 - 2014-08-10 18:28 - 00027724 _____ () C:\Users\anrit\Downloads\Howl's Moving Castle Theme.zip
2014-08-10 18:28 - 2014-08-10 18:28 - 00027724 _____ () C:\Users\anrit\Downloads\Howl's Moving Castle Theme (1).zip
2014-08-10 18:19 - 2014-08-10 18:19 - 00106761 _____ () C:\Users\anrit\Downloads\Zelda- Lost Woods.zip
2014-08-10 18:16 - 2014-08-10 18:17 - 00314606 _____ () C:\Users\anrit\Downloads\Bleach- Never Meant to Belong.zip
2014-08-09 01:47 - 2014-08-09 01:47 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\anrit\Downloads\mbam-setup-2.0.2.1012.exe
2014-08-09 01:47 - 2014-08-09 01:47 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\anrit\Downloads\mbam-setup-2.0.2.1012 (1).exe
2014-08-09 01:39 - 2014-08-09 01:39 - 00000051 _____ () C:\Users\anrit\AppData\Roaming\mbam.context.scan
2014-08-09 01:33 - 2014-08-09 01:33 - 00000000 ____D () C:\Users\anrit\AppData\Roaming\SUPERAntiSpyware.com
2014-08-09 01:33 - 2014-08-09 01:33 - 00000000 ____D () C:\ProgramData\SUPERAntiSpyware.com
2014-08-09 00:38 - 2014-08-09 00:38 - 00000000 _____ () C:\autoexec.bat
2014-08-09 00:37 - 2014-08-09 00:37 - 00143640 _____ () C:\Users\anrit\AppData\Local\GDIPFONTCACHEV1.DAT
2014-08-09 00:37 - 2014-08-09 00:37 - 00000000 ____D () C:\sh4ldr
2014-08-09 00:37 - 2014-08-09 00:37 - 00000000 ____D () C:\Program Files\Enigma Software Group
2014-07-29 14:11 - 2014-07-29 14:11 - 00000000 ____D () C:\Users\anrit\AppData\Roaming\AVG
2014-07-29 14:11 - 2014-07-29 14:11 - 00000000 ____D () C:\Users\anrit\AppData\Local\AVG
2014-07-29 14:10 - 2014-08-09 04:52 - 00000000 __SHD () C:\ProgramData\{01BD4FC9-2F86-4706-A62E-774BB7E9D308}
2014-07-29 14:08 - 2014-08-09 04:51 - 00000000 ____D () C:\ProgramData\AVG
2014-07-29 14:05 - 2014-07-29 14:08 - 77159736 _____ (AVG) C:\Users\anrit\Downloads\avg_tuh_stf_all_2014_519_24c28.exe
2014-07-20 18:43 - 2014-08-09 04:52 - 00000000 ___RD () C:\Program Files (x86)\Skype
2014-07-20 18:43 - 2014-08-09 04:52 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
 
==================== One Month Modified Files and Folders =======
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2014-08-17 01:15 - 2014-08-16 00:33 - 00022508 _____ () C:\Users\anrit\Desktop\FRST.txt
2014-08-17 01:14 - 2011-06-16 16:42 - 01775898 _____ () C:\Windows\WindowsUpdate.log
2014-08-17 01:13 - 2014-08-16 00:33 - 00000000 ____D () C:\FRST
2014-08-17 01:12 - 2014-08-17 01:12 - 00000000 ____D () C:\Users\anrit\Desktop\FRST-OlderVersion
2014-08-17 01:12 - 2014-08-16 00:32 - 02101760 _____ (Farbar) C:\Users\anrit\Desktop\FRST64.exe
2014-08-17 01:09 - 2013-03-29 13:28 - 00000892 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-08-17 01:08 - 2014-03-09 20:48 - 00020082 _____ () C:\Windows\setupact.log
2014-08-17 01:08 - 2009-07-14 01:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-08-17 01:07 - 2014-05-03 00:13 - 00023370 _____ () C:\Windows\PFRO.log
2014-08-17 01:07 - 2013-10-20 19:13 - 00000000 ____D () C:\ProgramData\MFAData
2014-08-17 01:04 - 2014-01-16 23:41 - 00001710 _____ () C:\Windows\Sandboxie.ini
2014-08-17 00:54 - 2013-11-17 18:13 - 00000908 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3572275565-2679945913-2636382964-1000UA.job
2014-08-17 00:50 - 2014-01-06 17:25 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-08-17 00:33 - 2013-03-29 13:28 - 00000896 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-08-16 21:34 - 2009-07-14 00:45 - 00016976 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-08-16 21:34 - 2009-07-14 00:45 - 00016976 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-08-16 21:32 - 2009-07-14 01:13 - 00802556 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-08-16 15:06 - 2009-07-13 23:20 - 00000000 ____D () C:\Windows\PolicyDefinitions
2014-08-16 13:05 - 2011-07-11 10:28 - 00000000 ____D () C:\ProgramData\Microsoft Help
2014-08-16 12:58 - 2013-07-30 17:03 - 00000000 ____D () C:\Windows\system32\MRT
2014-08-16 12:56 - 2011-07-11 10:43 - 99218768 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-08-16 12:50 - 2014-05-06 23:32 - 00000000 ___SD () C:\Windows\system32\CompatTel
2014-08-16 00:34 - 2014-08-16 00:34 - 00054121 _____ () C:\Users\anrit\Desktop\Addition.txt
2014-08-16 00:31 - 2014-08-16 00:31 - 00003106 _____ () C:\Windows\System32\Tasks\{4B6BAF47-C353-442E-9F8A-BFA25F127B3E}
2014-08-15 19:54 - 2013-11-17 18:13 - 00000856 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3572275565-2679945913-2636382964-1000Core.job
2014-08-14 19:57 - 2013-10-20 19:16 - 00000972 _____ () C:\Users\Public\Desktop\AVG 2014.lnk
2014-08-13 10:34 - 2013-03-29 13:29 - 00002190 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2014-08-13 10:11 - 2014-08-13 10:11 - 00000671 _____ () C:\Users\anrit\Downloads\ATT00001.htm
2014-08-12 10:34 - 2014-08-12 10:34 - 00022456 _____ () C:\Users\anrit\Desktop\attach.txt
2014-08-12 10:33 - 2014-08-12 10:34 - 00026745 _____ () C:\Users\anrit\Desktop\dds.txt
2014-08-12 10:32 - 2014-08-12 10:32 - 00688992 ____R (Swearware) C:\Users\anrit\Downloads\dds.com
2014-08-11 11:01 - 2014-08-11 11:01 - 00001091 _____ () C:\WirelessDiagLog.csv
2014-08-11 11:00 - 2009-07-13 23:20 - 00000000 ____D () C:\Windows\system32\NDF
2014-08-10 23:29 - 2014-08-10 23:29 - 00002352 _____ () C:\Users\anrit\Desktop\Rkill.txt
2014-08-10 23:28 - 2014-08-10 23:28 - 01944824 _____ (Bleeping Computer, LLC) C:\Users\anrit\Desktop\rkill.exe
2014-08-10 23:27 - 2014-08-10 22:15 - 00128728 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-08-10 23:27 - 2014-08-10 22:15 - 00000000 ____D () C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2014-08-10 23:27 - 2014-08-10 22:14 - 00000000 ____D () C:\Users\anrit\Desktop\mbar
2014-08-10 23:26 - 2014-08-10 23:26 - 14349744 _____ (Malwarebytes Corp.) C:\Users\anrit\Downloads\mbar-1.07.0.1012 (1).exe
2014-08-10 23:26 - 2014-08-10 22:14 - 00092888 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-08-10 22:14 - 2014-08-10 22:14 - 14349744 _____ (Malwarebytes Corp.) C:\Users\anrit\Desktop\mbar-1.07.0.1012.exe
2014-08-10 22:08 - 2014-08-10 22:08 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\anrit\Downloads\mbam-setup-2.0.2.1012 (2).exe
2014-08-10 22:06 - 2014-08-10 22:05 - 00050425 _____ () C:\Users\anrit\Downloads\Result.txt
2014-08-10 22:05 - 2014-08-10 22:05 - 00401920 _____ (Farbar) C:\Users\anrit\Downloads\MiniToolBox (1).exe
2014-08-10 22:03 - 2014-08-10 22:03 - 00003199 _____ () C:\Users\anrit\Downloads\FSS.txt
2014-08-10 21:58 - 2014-08-10 21:58 - 00415232 _____ (Farbar) C:\Users\anrit\Downloads\FSS.exe
2014-08-10 21:58 - 2014-08-10 21:58 - 00401920 _____ (Farbar) C:\Users\anrit\Downloads\MiniToolBox.exe
2014-08-10 21:57 - 2014-08-10 21:57 - 00854410 _____ () C:\Users\anrit\Downloads\SecurityCheck.exe
2014-08-10 18:28 - 2014-08-10 18:28 - 00027724 _____ () C:\Users\anrit\Downloads\Howl's Moving Castle Theme.zip
2014-08-10 18:28 - 2014-08-10 18:28 - 00027724 _____ () C:\Users\anrit\Downloads\Howl's Moving Castle Theme (1).zip
2014-08-10 18:19 - 2014-08-10 18:19 - 00106761 _____ () C:\Users\anrit\Downloads\Zelda- Lost Woods.zip
2014-08-10 18:17 - 2014-08-10 18:16 - 00314606 _____ () C:\Users\anrit\Downloads\Bleach- Never Meant to Belong.zip
2014-08-09 22:34 - 2012-09-16 11:52 - 00007618 _____ () C:\Users\anrit\AppData\Local\Resmon.ResmonCfg
2014-08-09 04:52 - 2014-07-29 14:10 - 00000000 __SHD () C:\ProgramData\{01BD4FC9-2F86-4706-A62E-774BB7E9D308}
2014-08-09 04:52 - 2014-07-20 18:43 - 00000000 ___RD () C:\Program Files (x86)\Skype
2014-08-09 04:52 - 2014-07-20 18:43 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
2014-08-09 04:52 - 2014-06-20 16:11 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Wondershare
2014-08-09 04:52 - 2013-08-03 00:00 - 00000000 ____D () C:\ProgramData\Apple Computer
2014-08-09 04:52 - 2013-08-02 23:59 - 00000000 ____D () C:\ProgramData\Apple
2014-08-09 04:52 - 2013-02-09 14:05 - 00000000 ____D () C:\Program Files (x86)\ESET
2014-08-09 04:52 - 2012-11-09 16:14 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SUPERAntiSpyware
2014-08-09 04:52 - 2012-11-09 16:14 - 00000000 ____D () C:\Program Files\SUPERAntiSpyware
2014-08-09 04:52 - 2012-07-25 18:19 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
2014-08-09 04:52 - 2012-07-25 18:19 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes' Anti-Malware
2014-08-09 04:52 - 2012-07-19 21:19 - 00000000 ____D () C:\Program Files (x86)\Pando Networks
2014-08-09 04:52 - 2011-07-11 10:28 - 00000000 ____D () C:\Users\anrit\AppData\Local\Microsoft Help
2014-08-09 04:52 - 2011-06-16 16:53 - 00000000 ____D () C:\ProgramData\Temp
2014-08-09 04:52 - 2009-07-13 23:20 - 00000000 ____D () C:\Windows\registration
2014-08-09 04:51 - 2014-07-29 14:08 - 00000000 ____D () C:\ProgramData\AVG
2014-08-09 04:51 - 2012-07-25 18:19 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-08-09 04:51 - 2012-07-19 22:36 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Nexon
2014-08-09 04:50 - 2013-10-20 19:15 - 00000000 ____D () C:\Program Files (x86)\AVG
2014-08-09 04:50 - 2012-12-11 20:58 - 00000000 ____D () C:\NVIDIA
2014-08-09 04:50 - 2011-07-11 10:28 - 00000000 __RHD () C:\MSOCache
2014-08-09 01:47 - 2014-08-09 01:47 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\anrit\Downloads\mbam-setup-2.0.2.1012.exe
2014-08-09 01:47 - 2014-08-09 01:47 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\anrit\Downloads\mbam-setup-2.0.2.1012 (1).exe
2014-08-09 01:39 - 2014-08-09 01:39 - 00000051 _____ () C:\Users\anrit\AppData\Roaming\mbam.context.scan
2014-08-09 01:33 - 2014-08-09 01:33 - 00000000 ____D () C:\Users\anrit\AppData\Roaming\SUPERAntiSpyware.com
2014-08-09 01:33 - 2014-08-09 01:33 - 00000000 ____D () C:\ProgramData\SUPERAntiSpyware.com
2014-08-09 01:24 - 2014-02-27 21:24 - 00000000 ____D () C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
2014-08-09 01:20 - 2011-09-21 11:05 - 00000000 ____D () C:\ProgramData\Corel
2014-08-09 01:20 - 2011-07-11 10:13 - 00000000 ____D () C:\Users\anrit
2014-08-09 01:20 - 2009-07-14 01:32 - 00000000 ____D () C:\Windows\system32\FxsTmp
2014-08-09 01:12 - 2011-09-21 11:09 - 00000000 ____D () C:\ProgramData\Adobe
2014-08-09 01:11 - 2013-08-09 20:39 - 00000000 ____D () C:\Program Files\Common Files\Adobe
2014-08-09 01:11 - 2011-09-21 11:09 - 00000000 ____D () C:\Program Files (x86)\Adobe
2014-08-09 01:07 - 2012-07-19 22:34 - 00000000 ____D () C:\ProgramData\NexonUS
2014-08-09 01:07 - 2012-07-19 22:34 - 00000000 ____D () C:\Nexon
2014-08-09 01:06 - 2011-09-21 11:12 - 00000000 ____D () C:\Users\anrit\AppData\Local\Adobe
2014-08-09 00:38 - 2014-08-09 00:38 - 00000000 _____ () C:\autoexec.bat
2014-08-09 00:37 - 2014-08-09 00:37 - 00143640 _____ () C:\Users\anrit\AppData\Local\GDIPFONTCACHEV1.DAT
2014-08-09 00:37 - 2014-08-09 00:37 - 00000000 ____D () C:\sh4ldr
2014-08-09 00:37 - 2014-08-09 00:37 - 00000000 ____D () C:\Program Files\Enigma Software Group
2014-08-09 00:18 - 2012-07-25 18:19 - 00000000 ____D () C:\Users\anrit\AppData\Roaming\Malwarebytes
2014-08-06 22:06 - 2014-08-16 12:11 - 00529920 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-08-06 22:01 - 2014-08-16 12:11 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2014-08-05 09:20 - 2010-11-20 23:27 - 00270496 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe
2014-07-31 19:41 - 2014-08-16 12:12 - 00348856 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2014-07-31 19:16 - 2014-08-16 12:12 - 00307384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2014-07-29 15:03 - 2011-09-21 15:49 - 00000000 ____D () C:\Windows\system32\appmgmt
2014-07-29 14:11 - 2014-07-29 14:11 - 00000000 ____D () C:\Users\anrit\AppData\Roaming\AVG
2014-07-29 14:11 - 2014-07-29 14:11 - 00000000 ____D () C:\Users\anrit\AppData\Local\AVG
2014-07-29 14:08 - 2014-07-29 14:05 - 77159736 _____ (AVG) C:\Users\anrit\Downloads\avg_tuh_stf_all_2014_519_24c28.exe
2014-07-29 14:04 - 2011-09-21 11:11 - 00002465 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Acrobat Distiller X.lnk
2014-07-29 14:04 - 2011-09-21 11:11 - 00002453 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Acrobat X Pro.lnk
2014-07-29 14:04 - 2011-09-21 11:11 - 00002033 _____ () C:\Users\Public\Desktop\Adobe Acrobat X Pro.lnk
2014-07-29 14:04 - 2011-09-21 11:11 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe LiveCycle ES2
2014-07-28 00:43 - 2013-11-17 18:28 - 00000000 ____D () C:\Users\anrit\AppData\Roaming\Skype
2014-07-25 10:52 - 2014-08-16 12:12 - 23645696 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-07-25 10:02 - 2014-08-16 12:12 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-07-25 10:01 - 2014-08-16 12:12 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-07-25 09:51 - 2014-08-16 12:12 - 17524224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-07-25 09:30 - 2014-08-16 12:12 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-07-25 09:28 - 2014-08-16 12:12 - 00548352 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-07-25 09:28 - 2014-08-16 12:12 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-07-25 09:25 - 2014-08-16 12:12 - 02774528 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-07-25 09:25 - 2014-08-16 12:12 - 00083968 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2014-07-25 09:11 - 2014-08-16 12:12 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-07-25 09:10 - 2014-08-16 12:12 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-07-25 09:04 - 2014-08-16 12:12 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-07-25 09:03 - 2014-08-16 12:12 - 00598016 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-07-25 09:00 - 2014-08-16 12:12 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-07-25 09:00 - 2014-08-16 12:12 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-07-25 08:59 - 2014-08-16 12:12 - 00758272 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-07-25 08:47 - 2014-08-16 12:12 - 00940032 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-07-25 08:40 - 2014-08-16 12:12 - 00452096 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-07-25 08:34 - 2014-08-16 12:12 - 00455168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2014-07-25 08:34 - 2014-08-16 12:12 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-07-25 08:33 - 2014-08-16 12:12 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2014-07-25 08:30 - 2014-08-16 12:12 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2014-07-25 08:28 - 2014-08-16 12:12 - 05824512 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-07-25 08:28 - 2014-08-16 12:12 - 00072704 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2014-07-25 08:21 - 2014-08-16 12:12 - 02184704 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-07-25 08:19 - 2014-08-16 12:12 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-07-25 08:18 - 2014-08-16 12:12 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-07-25 08:17 - 2014-08-16 12:12 - 00085504 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-07-25 08:17 - 2014-08-16 12:12 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-07-25 08:12 - 2014-08-16 12:12 - 00438784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-07-25 08:10 - 2014-08-16 12:12 - 00292864 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-07-25 08:10 - 2014-08-16 12:12 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-07-25 08:08 - 2014-08-16 12:12 - 00597504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2014-07-25 08:06 - 2014-08-16 12:12 - 04204032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-07-25 07:52 - 2014-08-16 12:12 - 00367104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2014-07-25 07:47 - 2014-08-16 12:12 - 00631808 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-07-25 07:43 - 2014-08-16 12:12 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2014-07-25 07:42 - 2014-08-16 12:12 - 00692736 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-07-25 07:39 - 2014-08-16 12:12 - 02087936 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-07-25 07:39 - 2014-08-16 12:12 - 01249280 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2014-07-25 07:36 - 2014-08-16 12:12 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-07-25 07:34 - 2014-08-16 12:12 - 00069632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-07-25 07:29 - 2014-08-16 12:12 - 00239616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2014-07-25 07:23 - 2014-08-16 12:12 - 13547008 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-07-25 07:13 - 2014-08-16 12:12 - 00526336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-07-25 07:07 - 2014-08-16 12:12 - 02001920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-07-25 07:07 - 2014-08-16 12:12 - 01068032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2014-07-25 07:03 - 2014-08-16 12:12 - 11772928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-07-25 06:52 - 2014-08-16 12:12 - 02266624 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-07-25 06:26 - 2014-08-16 12:12 - 01431040 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-07-25 06:17 - 2014-08-16 12:12 - 00846336 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-07-25 06:09 - 2014-08-16 12:12 - 00704512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2014-07-25 06:05 - 2014-08-16 12:12 - 01792512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-07-25 06:00 - 2014-08-16 12:12 - 01169920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-07-23 20:56 - 2013-02-03 14:00 - 00000000 ____D () C:\Program Files\Microsoft Silverlight
2014-07-23 20:56 - 2013-02-03 14:00 - 00000000 ____D () C:\Program Files (x86)\Microsoft Silverlight
2014-07-23 18:00 - 2013-02-03 14:01 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
2014-07-20 18:43 - 2013-11-17 18:28 - 00002515 _____ () C:\Users\Public\Desktop\Skype.lnk
2014-07-20 18:43 - 2013-11-17 18:27 - 00000000 ____D () C:\ProgramData\Skype
 
Files to move or delete:
====================
C:\Users\Public\DynamicInstaller.exe
 
 
Some content of TEMP:
====================
C:\Users\anrit\AppData\Local\Temp\BullseyeCoverage-2-x86.dll
C:\Users\anrit\AppData\Local\Temp\NGM.exe
C:\Users\anrit\AppData\Local\Temp\NGMDll.dll
C:\Users\anrit\AppData\Local\Temp\NGMResource.dll
 
 
==================== Bamital & volsnap Check =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
 
 
LastRegBack: 2014-08-09 03:44
 
==================== End Of Log ============================
 
Addition.txt log
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 16-08-2014 04
Ran by anrit at 2014-08-17 01:15:53
Running from C:\Users\anrit\Desktop
Boot Mode: Normal
==========================================================
 
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
AV: Microsoft Forefront Client Security (Enabled - Up to date) {BF5CEBDC-F2D3-7540-343C-F0CE11FD6E66}
AS: Microsoft Forefront Client Security (Enabled - Up to date) {043D0A38-D4E9-7ACE-0E8C-CBBC6A7A24DB}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 
==================== Installed Programs ======================
 
(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
Adobe Acrobat X Pro (HKLM-x32\...\{AC76BA86-1033-0000-7760-000000000005}) (Version: 10.1.10 - Adobe Systems)
Adobe Flash Player 14 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 14.0.0.145 - Adobe Systems Incorporated)
Adobe Flash Player 14 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 14.0.0.145 - Adobe Systems Incorporated)
Adobe Shockwave Player 12.0 (HKLM-x32\...\Adobe Shockwave Player) (Version: 12.0.2.122 - Adobe Systems, Inc.)
AVG PC TuneUp 2014 (en-US) (x32 Version: 14.0.1001.519 - AVG) Hidden
Bing Rewards Client Installer (x32 Version: 16.0.345.0 - Microsoft Corporation) Hidden
BisonCam (HKLM-x32\...\{5BBC4803-C96E-4D3E-9D1D-2E43774C4062}) (Version: 9.2.1.71.19 - BisonCam)
Citrix online plug-in - web (HKLM-x32\...\CitrixOnlinePluginPackWeb) (Version: 12.1.0.30 - Citrix Systems, Inc.)
Citrix online plug-in (DV) (x32 Version: 12.1.0.30 - Citrix Systems, Inc.) Hidden
Citrix online plug-in (HDX) (x32 Version: 12.1.0.30 - Citrix Systems, Inc.) Hidden
Citrix online plug-in (USB) (x32 Version: 12.1.0.30 - Citrix Systems, Inc.) Hidden
Citrix online plug-in (Web) (x32 Version: 12.1.0.30 - Citrix Systems, Inc.) Hidden
Corel Graphics - Windows Shell Extension (HKLM-x32\...\_{B6BFCD02-BA0E-41A9-9C9C-6624C4BB475F}) (Version: 15.2.0.686 - Corel Corporation)
Corel Graphics - Windows Shell Extension (x32 Version: 15.2.686 - Corel Corporation) Hidden
Corel Graphics - Windows Shell Extension 64 Bit (Version: 15.2.686 - Corel Corporation) Hidden
Corel WordPerfect Office - iFilter 64 Bit (HKLM\...\{1B45B85C-99E8-4523-8FB3-0248B3DECFC8}) (Version: 1.01.000 - Corel Corporation)
CorelDRAW Graphics Suite X5 - BR (x32 Version: 15.3 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X5 - Capture (x32 Version: 15.3 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X5 - Common (x32 Version: 15.3 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X5 - Connect (x32 Version: 15.3 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X5 - Custom Data (x32 Version: 15.3 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X5 - Draw (x32 Version: 15.3 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X5 - EN (x32 Version: 15.3 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X5 - ES (x32 Version: 15.3 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X5 - Extra Content (HKLM-x32\...\_{D0291D38-D7AE-47B6-AD64-4FAB908FDB9F}) (Version:  - Corel Corporation)
CorelDRAW Graphics Suite X5 - Extra Content (x32 Version: 15.0 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X5 - Filters (x32 Version: 15.3 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X5 - FontNav (x32 Version: 15.3 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X5 - FR (x32 Version: 15.3 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X5 - IPM (x32 Version: 15.3 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X5 - PHOTO-PAINT (x32 Version: 15.3 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X5 - Photozoom Plugin (x32 Version: 15.3 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X5 - Redist (x32 Version: 15.3 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X5 - Setup Files (x32 Version: 15.3 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X5 - VBA (x32 Version: 15.3 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X5 - VideoBrowser (x32 Version: 15.3 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X5 - VSTA (x32 Version: 15.3 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X5 - WT (x32 Version: 15.3 -  Corel Corporation) Hidden
CorelDRAW Graphics Suite X5 (x32 Version: 15.3 - Corel Corporation) Hidden
CorelDRAW® Graphics Suite X5 (HKLM-x32\...\_{CE54DCE1-E00A-4D91-ACB9-A2D916C24051}) (Version: 15.2.0.686 - Corel Corporation)
CyberLink Media Suite (HKLM-x32\...\InstallShield_{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}) (Version: 8.0.2401 - CyberLink Corp.)
CyberLink Media Suite (x32 Version: 8.0.2401 - CyberLink Corp.) Hidden
CyberLink Power2Go (HKLM-x32\...\InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}) (Version: 7.0.0.1126 - CyberLink Corp.)
CyberLink Power2Go (x32 Version: 7.0.0.1126 - CyberLink Corp.) Hidden
CyberLink PowerDVD 10 (HKLM-x32\...\InstallShield_{DEC235ED-58A4-4517-A278-C41E8DAEAB3B}) (Version: 10.0.2312.52 - CyberLink Corp.)
CyberLink PowerDVD 10 (x32 Version: 10.0.2312.52 - CyberLink Corp.) Hidden
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{132D27B8-C656-44BD-8C16-73C54EA8A85F}) (Version:  - Microsoft)
ESET Online Scanner v3 (HKLM-x32\...\ESET Online Scanner) (Version:  - )
Futuremark SystemInfo (HKLM-x32\...\{BEE64C14-BEF1-4610-8A68-A16EAA47B882}) (Version: 3.21.2.1 - Futuremark Corporation)
Glary Utilities 2.52.0.1698 (HKLM-x32\...\Glary Utilities_is1) (Version: 2.52.0.1698 - Glarysoft Ltd)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 36.0.1985.143 - Google Inc.)
Google Earth Plug-in (HKLM-x32\...\{4AB54F11-2F8C-11E3-B09F-B8AC6F97B88E}) (Version: 7.1.2.2041 - Google)
Google Talk Plugin (HKLM-x32\...\{C1E3DFE7-4EAD-3E9E-A826-E06055BA5921}) (Version: 5.4.2.18903 - Google)
Google Update Helper (x32 Version: 1.3.24.15 - Google Inc.) Hidden
Hotkey 3.3020 (HKLM-x32\...\InstallShield_{164714B6-46BC-4649-9A30-A6ED32F03B5A}) (Version: 3.3020 - NoteBook)
Hotkey 3.3020 (x32 Version: 3.3020 - NoteBook) Hidden
HP Officejet Pro 8500 A910 Basic Device Software (HKLM\...\{EE7C94CC-BECB-4000-B5E3-D895307B9D5E}) (Version: 22.50.231.0 - Hewlett-Packard Co.)
HP Officejet Pro 8500 A910 Help (HKLM-x32\...\{871B2A9D-0F12-44B3-88C1-E0CB10A232E4}) (Version: 140.0.2.2 - Hewlett Packard)
HP Officejet Pro 8500 A910 Product Improvement Study (HKLM\...\{0308919C-E317-4293-8D3C-97EF307BCDBC}) (Version: 22.50.231.0 - Hewlett-Packard Co.)
HP Update (HKLM-x32\...\{B0069CFA-5BB9-4C03-B1C6-89CE290E5AFE}) (Version: 5.002.006.003 - Hewlett-Packard)
I.R.I.S. OCR (HKLM-x32\...\{CA6BCA2F-EDEB-408F-850B-31404BE16A61}) (Version: 12.3.4.0 - HP)
Intel PROSet Wireless (Version:  - ) Hidden
Intel® Control Center (HKLM-x32\...\{F8A9085D-4C7A-41a9-8A77-C8998A96C421}) (Version: 1.2.1.1007 - Intel Corporation)
Intel® PROSet/Wireless WiFi Software (HKLM\...\{1927E640-A2C6-4BA7-8F43-FFD2AE3DFCF3}) (Version: 14.0.2000 - Intel Corporation)
Intel® Rapid Storage Technology (HKLM-x32\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 9.6.0.1014 - Intel Corporation)
Intel® SMBus (HKLM\...\SMBus) (Version:  - )
ITE Infrared Transceiver (HKLM-x32\...\{40580068-9B10-40B5-9548-536CE88AB23C}) (Version: 1.00.0000 - ITE)
Java 7 Update 13 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86417013FF}) (Version: 7.0.130 - Oracle)
Java 7 Update 45 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83217025FF}) (Version: 7.0.450 - Oracle)
Java Auto Updater (x32 Version: 2.1.9.8 - Sun Microsystems, Inc.) Hidden
JMicron Ethernet Adapter NDIS Driver (HKLM-x32\...\{96DCEE2F-98EE-4F80-8C0F-7C04D1FB9D7F}) (Version: 6.0.21.9 - JMicron Technology Corp.)
JMicron Flash Media Controller Driver (HKLM-x32\...\{26604C7E-A313-4D12-867F-7C6E7820BE4C}) (Version: 1.0.48.1 - JMicron Technology Corp.)
Malwarebytes Anti-Malware version 1.75.0.1300 (HKLM-x32\...\Malwarebytes' Anti-Malware_is1) (Version: 1.75.0.1300 - Malwarebytes Corporation)
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (Version: 4.5.50938 - Microsoft Corporation) Hidden
Microsoft Application Error Reporting (Version: 12.0.6015.5000 - Microsoft Corporation) Hidden
Microsoft Forefront Client Security Antimalware Service (HKLM\...\{A22989EE-AE7A-42F8-A0C0-9C99CFB644FB}) (Version: 1.5.1993.0 - Microsoft Corporation)
Microsoft Forefront Client Security State Assessment Service (HKLM\...\{E8B56B39-A826-11DB-8C83-0011430C73A4}) (Version: 1.0.1703.0 - Microsoft Corporation)
Microsoft Office Access MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Access Setup Metadata MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Excel MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Groove MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office InfoPath MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Office 64-bit Components 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office OneNote MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Outlook MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office PowerPoint MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Professional Plus 2010 (HKLM-x32\...\Office14.PROPLUS) (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft Office Professional Plus 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (French) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (Spanish) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proofing (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Publisher MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared 64-bit MUI (English) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared Setup Metadata MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Word MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Operations Manager 2005 Agent (HKLM-x32\...\{F692770D-0E27-4D3F-8386-F04C6F434040}) (Version: 5.0.2911.0 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual Studio Tools for Applications 2.0 - ENU (HKLM-x32\...\{AA4A4B2C-0465-3CF8-BA76-27A027D8ACAB}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual Studio Tools for Applications 2.0 Runtime (HKLM-x32\...\{299C0434-4F4E-341F-A916-4E07AEB35E79}) (Version: 9.0.30729 - Microsoft Corporation)
Movie Maker (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Movie Maker 6.0 for Windows 7 (64-bit) (HKLM\...\{A7395F20-2B22-4CB8-8510-B452C0F47E02}) (Version: 6.0.0 - Microsoft Corporation)
Mozilla Firefox 30.0 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 30.0 (x86 en-US)) (Version: 30.0 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 29.0.1 - Mozilla)
MSVCRT (x32 Version: 15.4.2862.0708 - Microsoft) Hidden
MSVCRT110 (x32 Version: 16.4.1108.0727 - Microsoft) Hidden
MSVCRT110_amd64 (Version: 16.4.1109.0912 - Microsoft) Hidden
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
NVIDIA 3D Vision Driver 306.97 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 306.97 - NVIDIA Corporation)
NVIDIA Control Panel 306.97 (Version: 306.97 - NVIDIA Corporation) Hidden
NVIDIA Graphics Driver 306.97 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 306.97 - NVIDIA Corporation)
NVIDIA HD Audio Driver 1.3.18.0 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.18.0 - NVIDIA Corporation)
NVIDIA Install Application (Version: 2.1002.85.551 - NVIDIA Corporation) Hidden
NVIDIA PhysX (x32 Version: 9.12.0604 - NVIDIA Corporation) Hidden
NVIDIA PhysX System Software 9.12.0604 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.12.0604 - NVIDIA Corporation)
NVIDIA Stereoscopic 3D Driver (x32 Version: 7.17.13.0697 - NVIDIA Corporation) Hidden
NVIDIA Update 1.10.8 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update) (Version: 1.10.8 - NVIDIA Corporation)
NVIDIA Update Components (Version: 1.10.8 - NVIDIA Corporation) Hidden
Paradox (HKLM-x32\...\_{B568643E-076D-48A2-B5C3-7F0144D668D8}) (Version:  - Corel Corporation)
Paradox (x32 Version: 11.4 - Corel Corporation) Hidden
Photo Gallery (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Protector Suite 2009 (HKLM\...\{0F841121-4DB6-4B31-839F-7F5AB3BB3423}) (Version: 5.9.3.6379 - UPEK Inc.)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6873 - Realtek Semiconductor Corp.)
Renesas Electronics USB 3.0 Host Controller Driver (HKLM-x32\...\InstallShield_{5442DAB8-7177-49E1-8B22-09A049EA5996}) (Version: 2.0.34.0 - Renesas Electronics Corporation)
Renesas Electronics USB 3.0 Host Controller Driver (x32 Version: 2.0.34.0 - Renesas Electronics Corporation) Hidden
Sandboxie 4.06 (64-bit) (HKLM\...\Sandboxie) (Version: 4.06 - Sandboxie Holdings, LLC)
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{DE28B448-32E8-4E8F-84F0-A52B21A49B5B}) (Version:  - Microsoft)
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (x32 Version:  - Microsoft) Hidden
Skype™ 6.18 (HKLM-x32\...\{7A3C7E05-EE37-47D6-99E1-2EB05A3DA3F7}) (Version: 6.18.105 - Skype Technologies S.A.)
SMART Common Files (HKLM-x32\...\{ED2455F7-6AA6-4D3C-85E9-A72297DD7051}) (Version: 11.1.34.1 - SMART Technologies ULC)
SMART Notebook Interactive Viewer (HKLM-x32\...\{BDC0E727-AF8C-4360-88FD-439144C833A8}) (Version: 2.0.103.0 - SMART Technologies ULC)
SUPERAntiSpyware (HKLM\...\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}) (Version: 5.6.1014 - SUPERAntiSpyware.com)
swMSM (x32 Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 15.0.8.0 - Synaptics Incorporated)
Unity Web Player (HKCU\...\UnityWebPlayer) (Version:  - Unity Technologies ApS)
Update for Microsoft Access 2010 (KB2553446) 32-Bit Edition (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{B4A38370-2ADB-46B0-A1B0-0C4A2F7DCA31}) (Version:  - Microsoft)
Update for Microsoft Excel 2010 (KB2837600) 32-Bit Edition (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{4ACD847E-547D-493F-9A86-F73EAE1B5174}) (Version:  - Microsoft)
Update for Microsoft Filter Pack 2.0 (KB2878281) 32-Bit Edition (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{302A8FE3-EBF5-486C-A431-16A1CD914443}) (Version:  - Microsoft)
Update for Microsoft Filter Pack 2.0 (KB2878281) 32-Bit Edition (HKLM-x32\...\{90140000-002A-0000-1000-0000000FF1CE}_Office14.PROPLUS_{302A8FE3-EBF5-486C-A431-16A1CD914443}) (Version:  - Microsoft)
Update for Microsoft InfoPath 2010 (KB2817369) 32-Bit Edition (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{4EEA3D3E-989C-4DF4-AB0A-3042C0C12AA3}) (Version:  - Microsoft)
Update for Microsoft InfoPath 2010 (KB2817396) 32-Bit Edition (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{39767ECA-1731-45DB-AB5B-6BF40E151D66}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2494150) (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{3FCFD88F-4D13-4F38-8625-ABABEA7F61EA}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2589298) 32-Bit Edition (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{DADF7E25-FFA4-4D02-BE84-1DAE62C18516}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2589352) 32-Bit Edition (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{F4284D93-7AE8-4309-8CF3-9AD394F35F3A}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2589352) 32-Bit Edition (HKLM-x32\...\{90140000-002A-0000-1000-0000000FF1CE}_Office14.PROPLUS_{F4284D93-7AE8-4309-8CF3-9AD394F35F3A}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2589375) 32-Bit Edition (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{287A1E92-9E41-4BC1-8920-B3D0E9220800}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2597087) 32-Bit Edition (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{9D69691D-823D-4C3E-9B12-563A3F520366}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2687502) 32-Bit Edition (HKLM-x32\...\{90140000-001F-0409-0000-0000000FF1CE}_Office14.PROPLUS_{7DE7DF97-82FE-4B3A-AB8D-1621F9CC464A}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2760598) 32-Bit Edition (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{ECFE33A3-B8B7-439A-ADE4-59FBD29EF9B8}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2760598) 32-Bit Edition (HKLM-x32\...\{90140000-002A-0000-1000-0000000FF1CE}_Office14.PROPLUS_{ECFE33A3-B8B7-439A-ADE4-59FBD29EF9B8}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2760631) 32-Bit Edition (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{35698CB7-AAA2-4577-B505-DBFF504AEF23}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2794737) 32-Bit Edition (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{5AA578BB-759C-40FD-9661-A737C0884541}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2825635) 32-Bit Edition (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{F1A20C69-9FE5-40FD-9CD5-84EABC2EF64A}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2825640) 32-Bit Edition (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{BA610006-2C39-4419-9834-CF61AB24810A}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2837581) 32-Bit Edition (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{334FB202-28D7-4BA4-8BC9-4FE4AB233EA0}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2837606) 32-Bit Edition (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{B0D672F7-883E-4279-8E75-D97A5445AB46}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2878252) 32-Bit Edition (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{B0DB9F71-E0F7-4FE6-8925-35B860CAC0C4}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2881028) 32-Bit Edition (HKLM-x32\...\{90140000-001F-040C-0000-0000000FF1CE}_Office14.PROPLUS_{089DBFD7-8211-43B2-AAAE-5BDD8C23E3A8}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2881028) 32-Bit Edition (HKLM-x32\...\{90140000-001F-0C0A-0000-0000000FF1CE}_Office14.PROPLUS_{794A0574-4E2F-4D58-B2A0-D7460ACDC85C}) (Version:  - Microsoft)
Update for Microsoft OneNote 2010 (KB2837595) 32-Bit Edition (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{51CCA922-A0CC-47C4-8910-6936D97CAC2E}) (Version:  - Microsoft)
Update for Microsoft OneNote 2010 (KB2837595) 32-Bit Edition (HKLM-x32\...\{90140000-002A-0000-1000-0000000FF1CE}_Office14.PROPLUS_{51CCA922-A0CC-47C4-8910-6936D97CAC2E}) (Version:  - Microsoft)
Update for Microsoft Outlook 2010 (KB2687567) 32-Bit Edition (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{2AB483F1-C86E-427A-83B4-23889B03512D}) (Version:  - Microsoft)
Update for Microsoft Outlook 2010 (KB2687567) 32-Bit Edition (HKLM-x32\...\{90140000-001A-0409-0000-0000000FF1CE}_Office14.PROPLUS_{DCE104A1-1875-4469-A83D-A5BFA6C4640F}) (Version:  - Microsoft)
Update for Microsoft PowerPoint 2010 (KB2837579) 32-Bit Edition (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{2BA40F82-F3A4-441C-BF1A-ED4C42FF4872}) (Version:  - Microsoft)
Update for Microsoft PowerPoint 2010 (KB2837579) 32-Bit Edition (HKLM-x32\...\{90140000-0018-0409-0000-0000000FF1CE}_Office14.PROPLUS_{334AA0A1-2BB1-4D74-B66A-2B2C4D9C2C87}) (Version:  - Microsoft)
Update for Microsoft SharePoint Workspace 2010 (KB2760601) 32-Bit Edition (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{F9F5A080-AF38-4966-9A6B-C43DCA465035}) (Version:  - Microsoft)
Update for Microsoft SharePoint Workspace 2010 (KB2760601) 32-Bit Edition (HKLM-x32\...\{90140000-002A-0000-1000-0000000FF1CE}_Office14.PROPLUS_{F9F5A080-AF38-4966-9A6B-C43DCA465035}) (Version:  - Microsoft)
Update for Microsoft Visio 2010 (KB2880526) 32-Bit Edition (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{7B29D8B8-6A87-496C-A65E-B935E740448A}) (Version:  - Microsoft)
Update for Microsoft Visio Viewer 2010 (KB2837587) 32-Bit Edition (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{38CF30E4-3348-4BD1-A859-B630C355A56F}) (Version:  - Microsoft)
Update for Microsoft Word 2010 (KB2880529) 32-Bit Edition (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{B9B89E01-5B6B-4F73-BC34-B2C0D8ACB4CD}) (Version:  - Microsoft)
Visual Basic for Applications ® Core - English (x32 Version: 6.4.99.69 - Microsoft Corporation) Hidden
Visual Basic for Applications ® Core (x32 Version: 6.4.99.69 - Microsoft Corporation) Hidden
Visual Studio 2012 x64 Redistributables (HKLM\...\{8C775E70-A791-4DA8-BCC3-6AB7136F4484}) (Version: 14.0.0.1 - AVG Technologies)
Visual Studio 2012 x86 Redistributables (HKLM-x32\...\{98EFF19A-30AB-4E4B-B943-F06B1C63EBF8}) (Version: 14.0.0.1 - AVG Technologies CZ, s.r.o.)
Windows Live Communications Platform (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3508.0205 - Microsoft Corporation)
Windows Live Essentials (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Windows Live ID Sign-in Assistant (Version: 7.250.4311.0 - Microsoft Corporation) Hidden
Windows Live Installer (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Windows Live Photo Common (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Windows Live PIMT Platform (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Windows Live SOXE (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Windows Live SOXE Definitions (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Windows Live UX Platform (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Windows Live UX Platform Language Pack (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
WordPerfect Lightning - IPM (x32 Version: 1.0 - Corel Corporation) Hidden
WordPerfect Lightning - Messages (x32 Version: 1.0 - Corel Corporation) Hidden
WordPerfect Lightning - MSOM (x32 Version: 1.1 - Corel Corporation) Hidden
WordPerfect Lightning (x32 Version: 2.0 - Corel Corporation) Hidden
WordPerfect Office X5 - Common (x32 Version: 15.0 - Corel Corporation) Hidden
Wordperfect Office X5 - EN (x32 Version: 15.0 - Corel Corporation) Hidden
WordPerfect Office X5 - Filters (x32 Version: 15.0 - Corel Corporation) Hidden
WordPerfect Office X5 - Graphics (x32 Version: 15.0 - Corel Corporation) Hidden
WordPerfect Office X5 - IPM (x32 Version: 15.0 - Corel Corporation) Hidden
WordPerfect Office X5 - LegalTools (x32 Version: 15.0 - Corel Corporation) Hidden
WordPerfect Office X5 - Migration Manager (x32 Version: 15.0 - Corel Corporation) Hidden
WordPerfect Office X5 - Oxford (x32 Version: 15.0 - Corel Corporation) Hidden
WordPerfect Office X5 - PerfectExperts EN (x32 Version: 15.0 - Corel Corporation) Hidden
WordPerfect Office X5 - PR (x32 Version: 15.0 - Corel Corporation) Hidden
WordPerfect Office X5 - QP (x32 Version: 15.0 - Corel Corporation) Hidden
WordPerfect Office X5 - Setup Files (x32 Version: 15.0 - Corel Corporation) Hidden
WordPerfect Office X5 - Sharepoint (x32 Version: 15.0 - Corel Corporation) Hidden
WordPerfect Office X5 - Skins (x32 Version: 15.0 - Corel Corporation) Hidden
WordPerfect Office X5 - System EN (x32 Version: 15.0 - Corel Corporation) Hidden
WordPerfect Office X5 - Templates (x32 Version: 15.0 - Corel Corporation) Hidden
WordPerfect Office X5 - WP (x32 Version: 15.0 - Corel Corporation) Hidden
WordPerfect Office X5 - WT (x32 Version: 15.0 -  Corel Corporation) Hidden
WordPerfect Office X5 (HKLM-x32\...\_{DE6DE4A1-0343-4DBE-9DC2-E667AA03F579}) (Version: 15.0.0.357 - Corel Corporation)
WordPerfect Office X5 (x32 Version: 15.0 - Corel Corporation) Hidden
 
==================== Custom CLSID (selected items): ==========================
 
(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)
 
CustomCLSID: HKU\S-1-5-21-3572275565-2679945913-2636382964-1000_Classes\CLSID\{355EC88A-02E2-4547-9DEE-F87426484BD1}\InprocServer32 -> C:\Users\anrit\AppData\Local\Google\Update\1.3.23.9\psuser_64.dll No File
CustomCLSID: HKU\S-1-5-21-3572275565-2679945913-2636382964-1000_Classes\CLSID\{90B3DFBF-AF6A-4EA0-8899-F332194690F8}\InprocServer32 -> C:\Users\anrit\AppData\Local\Google\Update\1.3.24.15\psuser_64.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-3572275565-2679945913-2636382964-1000_Classes\CLSID\{E8CF3E55-F919-49D9-ABC0-948E6CB34B9F}\InprocServer32 -> C:\Users\anrit\AppData\Local\Google\Update\1.3.24.15\psuser_64.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-3572275565-2679945913-2636382964-1000_Classes\CLSID\{FE498BAB-CB4C-4F88-AC3F-3641AAAF5E9E}\InprocServer32 -> C:\Users\anrit\AppData\Local\Google\Update\1.3.24.7\psuser_64.dll No File
 
==================== Restore Points  =========================
 
14-08-2014 23:38:18 Scheduled Checkpoint
14-08-2014 23:55:58 Installed AVG 2014
15-08-2014 21:18:28 Windows Update
16-08-2014 16:50:34 Windows Update
16-08-2014 21:19:44 Windows Update
17-08-2014 04:58:48 Removed AVG 2014
17-08-2014 05:02:00 Removed AVG 2014
17-08-2014 05:05:52 Removed AVG 2014
 
==================== Hosts content: ==========================
 
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 
2009-07-13 22:34 - 2011-12-22 17:11 - 00000833 ____A C:\Windows\system32\Drivers\etc\hosts
 
==================== Scheduled Tasks (whitelisted) =============
 
(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)
 
Task: {0571BD23-1117-4BF7-AEA4-9B097A1CE6AB} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-03-29] (Google Inc.)
Task: {1F13D5F4-F537-4D39-A6B3-EDD258ADF936} - System32\Tasks\Microsoft\Microsoft Forefront\Client Security\Client\Antimalware\MP Scheduled Signature Update => c:\Program Files\Microsoft Forefront\Client Security\Client\Antimalware\MpCmdRun.exe [2010-07-20] (Microsoft Corporation)
Task: {1FA39506-8FB1-49B7-AB4D-0FE101D9730D} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-03-29] (Google Inc.)
Task: {270BBDE2-4C45-4B83-9BAE-F43FB9F03279} - System32\Tasks\GlaryInitialize => C:\Program Files (x86)\Glary Utilities\initialize.exe [2013-01-05] (Glarysoft Ltd)
Task: {5A88B87A-0321-410E-B746-B33600616246} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-3572275565-2679945913-2636382964-1000UA => C:\Users\anrit\AppData\Local\Google\Update\GoogleUpdate.exe [2013-11-17] (Google Inc.)
Task: {9C9D053B-0441-4EDC-B6D6-72251A71C9AC} - System32\Tasks\{894A66B5-DCC1-4E7F-A834-4D35E4EE925D} => Firefox.exe 
Task: {BDB23471-54B8-4705-BBCF-428478C040C6} - System32\Tasks\HPCustParticipation HP Officejet Pro 8500 A910 => C:\Program Files\HP\HP Officejet Pro 8500 A910\Bin\HPCustPartic.exe [2010-11-16] (Hewlett-Packard Co.)
Task: {BFD704D3-C615-4679-94CF-D937F53AB43C} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-3572275565-2679945913-2636382964-1000Core => C:\Users\anrit\AppData\Local\Google\Update\GoogleUpdate.exe [2013-11-17] (Google Inc.)
Task: {C8ECB06E-BBEE-4F6C-BAB0-BE6435D16A7A} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-07-09] (Adobe Systems Incorporated)
Task: {DA40511B-228C-4669-BAEF-92A1CC69DDA2} - System32\Tasks\Microsoft\Microsoft Forefront\Client Security\Client\Antimalware\MP Scheduled Scan => c:\Program Files\Microsoft Forefront\Client Security\Client\Antimalware\MpCmdRun.exe [2010-07-20] (Microsoft Corporation)
Task: {EC3F4B8F-D751-4E23-9F0F-DC25345DE32E} - System32\Tasks\Microsoft\Microsoft Forefront\Client Security\Client\Antimalware\MP Scheduled Quick Scan => c:\Program Files\Microsoft Forefront\Client Security\Client\Antimalware\MpCmdRun.exe [2010-07-20] (Microsoft Corporation)
Task: {EF7CFBA8-5A57-4527-9DE1-9509EFF95914} - System32\Tasks\RunAsStdUser Task for VeohWebPlayer => C:\Program Files (x86)\Veoh Networks\VeohWebPlayer\veohwebplayer.exe
Task: {FE10CBFC-C5CD-4CB3-BA5E-7EC32E7BE155} - System32\Tasks\Microsoft\Windows\WindowsBackup\AutomaticBackup => Rundll32.exe /d sdengin2.dll,ExecuteScheduledBackup
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GlaryInitialize.job => C:\Program Files (x86)\Glary Utilities\initialize.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3572275565-2679945913-2636382964-1000Core.job => C:\Users\anrit\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3572275565-2679945913-2636382964-1000UA.job => C:\Users\anrit\AppData\Local\Google\Update\GoogleUpdate.exe
 
==================== Loaded Modules (whitelisted) =============
 
2011-01-05 15:53 - 2011-01-05 15:53 - 01501696 _____ () C:\Program Files\Common Files\Intel\WirelessCommon\Libeay32.dll
2013-09-05 01:17 - 2013-09-05 01:17 - 04300456 _____ () C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Cultures\OFFICE.ODF
2010-10-20 15:23 - 2010-10-20 15:23 - 08801632 _____ () C:\Program Files\Microsoft Office\Office14\1033\GrooveIntlResource.dll
2012-08-11 15:59 - 2012-08-11 16:15 - 00076888 _____ () C:\Windows\SysWOW64\PnkBstrA.exe
2014-08-13 10:34 - 2014-08-06 23:20 - 00718152 _____ () C:\Program Files (x86)\Google\Chrome\Application\36.0.1985.143\libglesv2.dll
2014-08-13 10:34 - 2014-08-06 23:20 - 00126280 _____ () C:\Program Files (x86)\Google\Chrome\Application\36.0.1985.143\libegl.dll
2014-08-13 10:34 - 2014-08-06 23:20 - 08537928 _____ () C:\Program Files (x86)\Google\Chrome\Application\36.0.1985.143\pdf.dll
2014-08-13 10:34 - 2014-08-06 23:20 - 00353096 _____ () C:\Program Files (x86)\Google\Chrome\Application\36.0.1985.143\ppGoogleNaClPluginChrome.dll
2014-08-13 10:34 - 2014-08-06 23:20 - 01732936 _____ () C:\Program Files (x86)\Google\Chrome\Application\36.0.1985.143\ffmpegsumo.dll
 
==================== Alternate Data Streams (whitelisted) =========
 
(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)
 
 
==================== Safe Mode (whitelisted) ===================
 
(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
 
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\FCSAM => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\FCSAM => ""="Service"
 
==================== EXE Association (whitelisted) =============
 
(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)
 
 
==================== MSCONFIG/TASK MANAGER disabled items =========
 
(Currently there is no automatic fix for this section.)
 
MSCONFIG\Services: AdobeARMservice => 2
MSCONFIG\Services: AdobeFlashPlayerUpdateSvc => 3
MSCONFIG\Services: Apple Mobile Device => 2
MSCONFIG\Services: Application Updater => 2
MSCONFIG\Services: Bonjour Service => 2
MSCONFIG\Services: CLKMSVC10_38F51D56 => 2
MSCONFIG\Services: EvtEng => 2
MSCONFIG\Services: FLEXnet Licensing Service => 3
MSCONFIG\Services: gupdate => 2
MSCONFIG\Services: gupdatem => 3
MSCONFIG\Services: IAStorDataMgrSvc => 2
MSCONFIG\Services: iPod Service => 3
MSCONFIG\Services: MozillaMaintenance => 3
MSCONFIG\Services: MyWiFiDHCPDNS => 3
MSCONFIG\Services: NVSvc => 2
MSCONFIG\Services: nvUpdatusService => 2
MSCONFIG\Services: PowerBiosServer => 2
MSCONFIG\Services: PSI_SVC_2 => 2
MSCONFIG\Services: RegSrvc => 2
MSCONFIG\Services: Steam Client Service => 3
MSCONFIG\Services: Stereo Service => 2
MSCONFIG\Services: XTUService => 2
MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Hotkey.lnk => C:\Windows\pss\Hotkey.lnk.CommonStartup
MSCONFIG\startupreg: Acrobat Assistant 8.0 => "C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrotray.exe"
MSCONFIG\startupreg: Adobe Acrobat Speed Launcher => "C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrobat_sl.exe"
MSCONFIG\startupreg: Adobe ARM => "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
MSCONFIG\startupreg: BCSSync => "C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServices
MSCONFIG\startupreg: BDRegion => c:\Program Files (x86)\Cyberlink\Shared files\brs.exe
MSCONFIG\startupreg: BisonHK => C:\Program Files (x86)\BisonCam\BisonHK.exe
MSCONFIG\startupreg: CLMLServer => "c:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe"
MSCONFIG\startupreg: DeLay => C:\Program Files (x86)\BisonCam\DeLay.exe
MSCONFIG\startupreg: HP Software Update => C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe
MSCONFIG\startupreg: IAStorIcon => C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
MSCONFIG\startupreg: IntelWireless => "C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe" /tf Intel Wireless Tray
MSCONFIG\startupreg: NUSB3MON => "c:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe"
MSCONFIG\startupreg: PdxRegCl => "c:\Program Files (x86)\Corel\Paradox\Programs\PdxRegCl.exe" /s /c
MSCONFIG\startupreg: PSQLLauncher => "C:\Program Files\Protector Suite\launcher.exe" /startup
MSCONFIG\startupreg: QuickFinder Scheduler => "c:\Program Files (x86)\Corel\WordPerfect Office X5\Programs\QFSCHD150.EXE"
MSCONFIG\startupreg: RemoteControl10 => "c:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe"
MSCONFIG\startupreg: RtHDVCpl => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s
MSCONFIG\startupreg: Steam => "C:\Program Files (x86)\Steam\Steam.exe" -silent
MSCONFIG\startupreg: SUPERAntiSpyware => C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
MSCONFIG\startupreg: SynTPEnh => %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe
 
==================== Faulty Device Manager Devices =============
 
Name: Teredo Tunneling Pseudo-Interface
Description: Microsoft Teredo Tunneling Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: tunnel
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (08/17/2014 01:11:07 AM) (Source: Microsoft Operations Manager) (EventID: 26009) (User: NT AUTHORITY)
Description: The agent could not connect to the MOM Server ASQIATS10002.  The error reported is 'A connection attempt failed because the connected party did not properly respond after a period of time, or established connection failed because connected host has failed to respond.'.  Verify the management group name is correct, the MOM Server
is running, that it is listening on port 1270, and that any firewalls between this agent and the MOM
server are configured to pass TCP and UDP traffic on port 1270.
 
Error: (08/17/2014 01:10:00 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (08/17/2014 01:05:52 AM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: Cryptographic Services failed while processing the OnIdentity() call in the System Writer Object.
 
 
Details:
AddLegacyDriverFiles: Unable to back up image of binary AVGIDSDriver.
 
System Error:
The system cannot find the file specified.
.
 
Error: (08/17/2014 01:00:07 AM) (Source: MsiInstaller) (EventID: 10005) (User: BAEFAE114-SSRBR)
Description: SA_Error1709: StandardAction(0xC00706AD): Product: AVG 2014 -- Error 27054. CA_Error27054: SetupAction(0xC0070642): Installation failed.
 
Error: (08/16/2014 10:47:13 PM) (Source: Microsoft Operations Manager) (EventID: 26009) (User: NT AUTHORITY)
Description: The agent could not connect to the MOM Server ASQIATS10002.  The error reported is 'A connection attempt failed because the connected party did not properly respond after a period of time, or established connection failed because connected host has failed to respond.'.  Verify the management group name is correct, the MOM Server
is running, that it is listening on port 1270, and that any firewalls between this agent and the MOM
server are configured to pass TCP and UDP traffic on port 1270.
 
Error: (08/16/2014 09:27:13 PM) (Source: Microsoft Operations Manager) (EventID: 26008) (User: NT AUTHORITY)
Description: The agent could not resolve the IP of the MOM Server ASQIATS10002.  The error reported is 'The requested name is valid, but no data of the requested type was found.'.
 
Error: (08/16/2014 09:27:07 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (08/16/2014 03:20:54 PM) (Source: .NET Runtime Optimization Service) (EventID: 1101) (User: )
Description: .NET Runtime Optimization Service (clr_optimization_v4.0.30319_64) - Failed to compile: ehshell, Version=6.1.0.0, Culture=Neutral, PublicKeyToken=31bf3856ad364e35, processorArchitecture=msil . Error code = 0x80070020
 
Error: (08/16/2014 03:13:20 PM) (Source: .NET Runtime Optimization Service) (EventID: 1107) (User: )
Description: .NET Runtime Optimization Service (clr_optimization_v4.0.30319_64) - Failed to execute command from the offline queue: uninstall "Microsoft.Build.Utilities, Version=2.0.0.0, Culture=Neutral, PublicKeyToken=b03f5f7f11d50a3a, processorArchitecture=msil" /NoDependencies .  The error returned was Error: The specified assembly is not installed.
.
 
Error: (08/16/2014 03:13:20 PM) (Source: .NET Runtime Optimization Service) (EventID: 1107) (User: )
Description: .NET Runtime Optimization Service (clr_optimization_v4.0.30319_64) - Failed to execute command from the offline queue: uninstall "dfsvc, Version=2.0.0.0, Culture=Neutral, PublicKeyToken=b03f5f7f11d50a3a, processorArchitecture=msil" /NoDependencies .  The error returned was Error: The specified assembly is not installed.
.
 
 
System errors:
=============
Error: (08/17/2014 01:09:10 AM) (Source: Microsoft-Windows-GroupPolicy) (EventID: 1055) (User: NT AUTHORITY)
Description: The processing of Group Policy failed. Windows could not resolve the computer name. This could be caused by one of more of the following: 
a) Name Resolution failure on the current domain controller. 
B) Active Directory Replication Latency (an account created on another domain controller has not replicated to the current domain controller).
 
Error: (08/17/2014 01:09:07 AM) (Source: NETLOGON) (EventID: 5719) (User: )
Description: This computer was not able to set up a secure session with a domain
controller in domain ANR due to the following: 
%%1311
 
This may lead to authentication problems. Make sure that this
computer is connected to the network. If the problem persists,
please contact your domain administrator.
 
 
 
ADDITIONAL INFO
 
If this computer is a domain controller for the specified domain, it
sets up the secure session to the primary domain controller emulator in the specified
domain. Otherwise, this computer sets up the secure session to any domain controller
in the specified domain.
 
Error: (08/16/2014 11:19:14 PM) (Source: Microsoft-Windows-GroupPolicy) (EventID: 1129) (User: NT AUTHORITY)
Description: The processing of Group Policy failed because of lack of network connectivity to a domain controller. This may be a transient condition. A success message would be generated once the machine gets connected to the domain controller and Group Policy has succesfully processed. If you do not see a success message for several hours, then contact your administrator.
 
Error: (08/16/2014 09:26:59 PM) (Source: Microsoft-Windows-GroupPolicy) (EventID: 1055) (User: NT AUTHORITY)
Description: The processing of Group Policy failed. Windows could not resolve the computer name. This could be caused by one of more of the following: 
a) Name Resolution failure on the current domain controller. 
B) Active Directory Replication Latency (an account created on another domain controller has not replicated to the current domain controller).
 
Error: (08/16/2014 09:26:57 PM) (Source: NETLOGON) (EventID: 5719) (User: )
Description: This computer was not able to set up a secure session with a domain
controller in domain ANR due to the following: 
%%1311
 
This may lead to authentication problems. Make sure that this
computer is connected to the network. If the problem persists,
please contact your domain administrator.
 
 
 
ADDITIONAL INFO
 
If this computer is a domain controller for the specified domain, it
sets up the secure session to the primary domain controller emulator in the specified
domain. Otherwise, this computer sets up the secure session to any domain controller
in the specified domain.
 
Error: (08/16/2014 03:13:20 PM) (Source: Microsoft-Windows-GroupPolicy) (EventID: 1129) (User: NT AUTHORITY)
Description: The processing of Group Policy failed because of lack of network connectivity to a domain controller. This may be a transient condition. A success message would be generated once the machine gets connected to the domain controller and Group Policy has succesfully processed. If you do not see a success message for several hours, then contact your administrator.
 
Error: (08/16/2014 03:12:34 PM) (Source: NETLOGON) (EventID: 5719) (User: )
Description: This computer was not able to set up a secure session with a domain
controller in domain ANR due to the following: 
%%1311
 
This may lead to authentication problems. Make sure that this
computer is connected to the network. If the problem persists,
please contact your domain administrator.
 
 
 
ADDITIONAL INFO
 
If this computer is a domain controller for the specified domain, it
sets up the secure session to the primary domain controller emulator in the specified
domain. Otherwise, this computer sets up the secure session to any domain controller
in the specified domain.
 
Error: (08/16/2014 01:05:28 PM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT AUTHORITY)
Description: Installation Failure: Windows failed to install the following update with error 0x800f0902: Security Update for Windows 7 for x64-based Systems (KB2978742).
 
Error: (08/16/2014 00:01:59 PM) (Source: Microsoft-Windows-GroupPolicy) (EventID: 1055) (User: NT AUTHORITY)
Description: The processing of Group Policy failed. Windows could not resolve the computer name. This could be caused by one of more of the following: 
a) Name Resolution failure on the current domain controller. 
B) Active Directory Replication Latency (an account created on another domain controller has not replicated to the current domain controller).
 
Error: (08/16/2014 00:01:57 PM) (Source: NETLOGON) (EventID: 5719) (User: )
Description: This computer was not able to set up a secure session with a domain
controller in domain ANR due to the following: 
%%1311
 
This may lead to authentication problems. Make sure that this
computer is connected to the network. If the problem persists,
please contact your domain administrator.
 
 
 
ADDITIONAL INFO
 
If this computer is a domain controller for the specified domain, it
sets up the secure session to the primary domain controller emulator in the specified
domain. Otherwise, this computer sets up the secure session to any domain controller
in the specified domain.
 
 
Microsoft Office Sessions:
=========================
Error: (08/17/2014 01:11:07 AM) (Source: Microsoft Operations Manager) (EventID: 26009) (User: NT AUTHORITY)
Description: ASQIATS10002A connection attempt failed because the connected party did not properly respond after a period of time, or established connection failed because connected host has failed to respond.1270
 
Error: (08/17/2014 01:10:00 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (08/17/2014 01:05:52 AM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: 
Details:
AddLegacyDriverFiles: Unable to back up image of binary AVGIDSDriver.
 
System Error:
The system cannot find the file specified.
 
Error: (08/17/2014 01:00:07 AM) (Source: MsiInstaller) (EventID: 10005) (User: BAEFAE114-SSRBR)
Description: SA_Error1709: StandardAction(0xC00706AD): Product: AVG 2014 -- Error 27054. CA_Error27054: SetupAction(0xC0070642): Installation failed.(NULL)(NULL)(NULL)(NULL)(NULL)
 
Error: (08/16/2014 10:47:13 PM) (Source: Microsoft Operations Manager) (EventID: 26009) (User: NT AUTHORITY)
Description: ASQIATS10002A connection attempt failed because the connected party did not properly respond after a period of time, or established connection failed because connected host has failed to respond.1270
 
Error: (08/16/2014 09:27:13 PM) (Source: Microsoft Operations Manager) (EventID: 26008) (User: NT AUTHORITY)
Description: ASQIATS10002The requested name is valid, but no data of the requested type was found.
 
Error: (08/16/2014 09:27:07 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (08/16/2014 03:20:54 PM) (Source: .NET Runtime Optimization Service) (EventID: 1101) (User: )
Description: .NET Runtime Optimization Service (clr_optimization_v4.0.30319_64) - Failed to compile: ehshell, Version=6.1.0.0, Culture=Neutral, PublicKeyToken=31bf3856ad364e35, processorArchitecture=msil . Error code = 0x80070020 
ehshell, Version=6.1.0.0, Culture=Neutral, PublicKeyToken=31bf3856ad364e35, processorArchitecture=msil
 
Error: (08/16/2014 03:13:20 PM) (Source: .NET Runtime Optimization Service) (EventID: 1107) (User: )
Description: .NET Runtime Optimization Service (clr_optimization_v4.0.30319_64) - Failed to execute command from the offline queue: uninstall "Microsoft.Build.Utilities, Version=2.0.0.0, Culture=Neutral, PublicKeyToken=b03f5f7f11d50a3a, processorArchitecture=msil" /NoDependencies .  The error returned was Error: The specified assembly is not installed.
.
 
Error: (08/16/2014 03:13:20 PM) (Source: .NET Runtime Optimization Service) (EventID: 1107) (User: )
Description: .NET Runtime Optimization Service (clr_optimization_v4.0.30319_64) - Failed to execute command from the offline queue: uninstall "dfsvc, Version=2.0.0.0, Culture=Neutral, PublicKeyToken=b03f5f7f11d50a3a, processorArchitecture=msil" /NoDependencies .  The error returned was Error: The specified assembly is not installed.
.
 
 
==================== Memory info =========================== 
 
Processor: Intel® Core™ i7 CPU 960 @ 3.20GHz
Percentage of memory in use: 20%
Total physical RAM: 12279.23 MB
Available physical RAM: 9720.94 MB
Total Pagefile: 24556.64 MB
Available Pagefile: 21891.11 MB
Total Virtual: 8192 MB
Available Virtual: 8191.86 MB
 
==================== Drives ================================
 
Drive c: (Windows) (Fixed) (Total:465.56 GB) (Free:392.49 GB) NTFS
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 465.8 GB) (Disk ID: 4A9AD269)
Partition 1: (Active) - (Size=200 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=465.6 GB) - (Type=07 NTFS)
 
==================== End Of Log ============================


#6 Starbuck

Starbuck

    'r Brudiwr


  • Malware Response Team
  • 4,149 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Midlands, UK
  • Local time:09:55 PM

Posted 17 August 2014 - 04:17 AM

Hi goal

Thanks for that.

One word about MsConfig.......
This has to be one of the most misused utilities in a Windows system.
The main function of MSConfig is to temporarily disable or re-enable software, device drivers or Windows services that run during startup process to help user decide the cause of problem.
It was primarily designed to find and isolate startup problems opposed to being used as a startup management program.
If applicable it is much better to permanently remove an app by uninstalling it over simply stopping a service/app from launching.


Step 1
Please download the attached fixlist.txt file (bottom of this post) and save it to the Desktop.
NOTE.
It's important that both files, FRST and fixlist.txt are in the same location or the fix will not work.

NOTICE: This script was written specifically for this user, for use on that particular machine.
Running this on another machine may cause damage to your operating system


Re-run FRST/FRST64 (which ever is installed ) and press the Fix button just once and wait.

frstfix_zps7db0c905.png

The tool will make a log on the Desktop (Fixlog.txt). Please post this in your next reply.



Step 2

Malwarebytes Anti-Malware version 1.75.0.1300

I see in the other thread that you had problems trying to remove this old version.
  • Try again to Uninstall Malwarebytes' Anti-Malware using Add/Remove programs in the control panel.
  • If successful.... restart your computer (very important).
  • Then whether it uninstalled or not....Download mbam clean
and save to your Desktop.
  • Please close all open applications and temporarily shutdown your antivirus to avoid any conflicts when running the tool.
  • Locate the file mbam-clean.exe and double-click to run it... Vista/Windows 7/8 users right-click and select Run As Administrator.. and follow the onscreen prompts.
  • It will ask to restart your computer, please allow it to do so (very important)
  • After the computer restarts..........
  • Ensure that your antivirus is re-enabled.
    • Download Malwarebytes Anti-Malware Free and save it to your desktop
    • Double click the desktop icon, click Run, then OK
    • Click Next
    • Select I accept the agreement then continue to click Next then finally click Install
    • A 14 day trial of the Premium features is pre-selected. You may deselect this if you wish, and it will not diminish the scanning and removal capabilities of the program
      I recommend that you UNtick this option.
    • Click Finish
    • If you are notified the Database is out of date click Update Now

      mbamnew_zpsdc989cc1.png
    • Click Scan Now >>
    • A Threat Scan will begin.
    • When the scan is complete, if there have been detections, click Apply Actions to allow MBAM to clean what was detected.
    • In most cases, a restart will be required.
    • Wait for the prompt to restart the computer to appear, then click on Yes.
    .

    (Copy to clipboard for pasting into forum replies)
    • After the restart once you are back at your desktop, open MBAM once more.
    • Click on the History tab >> Application Logs.

      mbamapplog_zps222887ef.png
    • Double click on the scan log which shows the Date and time of the scan just performed.
    • Click 'Copy to Clipboard'

      mbamhis_zps7bfe6503.png
    • Paste the contents of the clipboard into your reply.
    In your next reply, please submit:
    Fixlog.txt
    MBAM scan report



    Thanks.

Attached Files


BBPP6nz.png


#7 goal

goal
  • Topic Starter

  • Members
  • 54 posts
  • OFFLINE
  •  
  • Local time:03:55 PM

Posted 19 August 2014 - 09:56 AM

here is the fixlog.txt

 

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 16-08-2014 04
Ran by anrit at 2014-08-19 10:52:34 Run:1
Running from C:\Users\anrit\Desktop
Boot Mode: Normal
==============================================
 
Content of fixlist:
*****************
HKLM-x32\...\Run: [] => [X]
HKLM\...D6A79037F57F\InprocServer32: [Default-fastprox]  ATTENTION! ====> ZeroAccess?
SearchScopes: HKLM - DefaultScope value is missing.
SearchScopes: HKLM-x32 - DefaultScope value is missing.
Toolbar: HKCU - No Name - {47833539-D0C5-4125-9FA8-0819E2EAAC93} -  No File
Filter: application/x-ica; charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} -  No File
Filter: application/x-ica; charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} -  No File
Filter: application/x-ica; charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} -  No File
Filter: application/x-ica; charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} -  No File
Filter: application/x-ica; charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} -  No File
Filter: application/x-ica; charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} -  No File
Filter: application/x-ica; charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} -  No File
Filter: application/x-ica;charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} -  No File
Filter: application/x-ica;charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} -  No File
Filter: application/x-ica;charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} -  No File
Filter: application/x-ica;charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} -  No File
Filter: application/x-ica;charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} -  No File
Filter: application/x-ica;charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} -  No File
Filter: application/x-ica;charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} -  No File
Filter: ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} -  No File
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\Windows\system32\Adobe\Director\np32dsw_1205146.dll No File
FF Plugin-x32: @nexon.net/NxGame -> C:\ProgramData\NexonUS\NGM\npNxGameUS.dll No File
FF Plugin-x32: @pandonetworks.com/PandoWebPlugin -> C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll No File
CHR HKLM-x32\...\Chrome\Extension: [hbcennhacfaagdopikcegfcobcadeocj] - C:\Program Files (x86)\Common Files\Spigot\GC\saebay_1.0.crx []
CHR HKLM-x32\...\Chrome\Extension: [icdlfehblmklkikfigmjhbmmpmkmpooj] - C:\Program Files (x86)\Common Files\Spigot\GC\errorassistant_1.1.crx []
CHR HKLM-x32\...\Chrome\Extension: [mhkaekfpcppmmioggniknbnbdbcigpkk] - C:\Users\anrit\AppData\Local\Slick Savings\coupons.crx [2013-08-16]
CHR HKLM-x32\...\Chrome\Extension: [pfndaklgolladniicklehhancnlgocpp] - C:\Program Files (x86)\Common Files\Spigot\GC\saamazon_1.0.crx [2013-08-16]
S3 EagleX64; \??\C:\Windows\system32\drivers\EagleX64.sys [X]
S3 VGPU; System32\drivers\rdvgkmd.sys [X]
2014-07-29 14:11 - 2014-07-29 14:11 - 00000000 ____D () C:\Users\anrit\AppData\Roaming\AVG
2014-07-29 14:11 - 2014-07-29 14:11 - 00000000 ____D () C:\Users\anrit\AppData\Local\AVG
2014-07-29 14:10 - 2014-08-09 04:52 - 00000000 __SHD () C:\ProgramData\{01BD4FC9-2F86-4706-A62E-774BB7E9D308}
2014-07-29 14:08 - 2014-08-09 04:51 - 00000000 ____D () C:\ProgramData\AVG
2014-07-29 14:05 - 2014-07-29 14:08 - 77159736 _____ (AVG) C:\Users\anrit\Downloads\avg_tuh_stf_all_2014_519_24c28.exe
2014-08-14 19:57 - 2013-10-20 19:16 - 00000972 _____ () C:\Users\Public\Desktop\AVG 2014.lnk
2014-08-09 04:50 - 2013-10-20 19:15 - 00000000 ____D () C:\Program Files (x86)\AVG
C:\Users\Public\DynamicInstaller.exe
C:\Users\anrit\AppData\Local\Temp\BullseyeCoverage-2-x86.dll
C:\Users\anrit\AppData\Local\Temp\NGM.exe
C:\Users\anrit\AppData\Local\Temp\NGMDll.dll
C:\Users\anrit\AppData\Local\Temp\NGMResource.dll
CustomCLSID: HKU\S-1-5-21-3572275565-2679945913-2636382964-1000_Classes\CLSID\{355EC88A-02E2-4547-9DEE-F87426484BD1}\InprocServer32 -> C:\Users\anrit\AppData\Local\Google\Update\1.3.23.9\psuser_64.dll No File
CustomCLSID: HKU\S-1-5-21-3572275565-2679945913-2636382964-1000_Classes\CLSID\{FE498BAB-CB4C-4F88-AC3F-3641AAAF5E9E}\InprocServer32 -> C:\Users\anrit\AppData\Local\Google\Update\1.3.24.7\psuser_64.dll No File
C:\Program Files (x86)\Common Files\Spigot
C:\Users\anrit\AppData\Local\Slick Savings
Hosts:
CMD: ipconfig /flushdns
EmptyTemp:
 
 
 
 
 
*****************
 
HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\ => value deleted successfully.
HKLM\Software\Classes\CLSID\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InprocServer32\\Default => Value was restored successfully.
HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => Value was restored successfully.
HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => Value was restored successfully.
HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{47833539-D0C5-4125-9FA8-0819E2EAAC93} => value deleted successfully.
"HKCR\CLSID\{47833539-D0C5-4125-9FA8-0819E2EAAC93}" => Key not found.
"HKCR\PROTOCOLS\Filter\application/x-ica; charset=euc-jp" => Key deleted successfully.
"HKCR\CLSID\{CFB6322E-CC85-4d1b-82C7-893888A236BC}" => Key not found.
"HKCR\PROTOCOLS\Filter\application/x-ica; charset=ISO-8859-1" => Key deleted successfully.
"HKCR\CLSID\{CFB6322E-CC85-4d1b-82C7-893888A236BC}" => Key not found.
"HKCR\PROTOCOLS\Filter\application/x-ica; charset=MS936" => Key deleted successfully.
"HKCR\CLSID\{CFB6322E-CC85-4d1b-82C7-893888A236BC}" => Key not found.
"HKCR\PROTOCOLS\Filter\application/x-ica; charset=MS949" => Key deleted successfully.
"HKCR\CLSID\{CFB6322E-CC85-4d1b-82C7-893888A236BC}" => Key not found.
"HKCR\PROTOCOLS\Filter\application/x-ica; charset=MS950" => Key deleted successfully.
"HKCR\CLSID\{CFB6322E-CC85-4d1b-82C7-893888A236BC}" => Key not found.
"HKCR\PROTOCOLS\Filter\application/x-ica; charset=UTF-8" => Key deleted successfully.
"HKCR\CLSID\{CFB6322E-CC85-4d1b-82C7-893888A236BC}" => Key not found.
"HKCR\PROTOCOLS\Filter\application/x-ica; charset=UTF8" => Key deleted successfully.
"HKCR\CLSID\{CFB6322E-CC85-4d1b-82C7-893888A236BC}" => Key not found.
"HKCR\PROTOCOLS\Filter\application/x-ica;charset=euc-jp" => Key deleted successfully.
"HKCR\CLSID\{CFB6322E-CC85-4d1b-82C7-893888A236BC}" => Key not found.
"HKCR\PROTOCOLS\Filter\application/x-ica;charset=ISO-8859-1" => Key deleted successfully.
"HKCR\CLSID\{CFB6322E-CC85-4d1b-82C7-893888A236BC}" => Key not found.
"HKCR\PROTOCOLS\Filter\application/x-ica;charset=MS936" => Key deleted successfully.
"HKCR\CLSID\{CFB6322E-CC85-4d1b-82C7-893888A236BC}" => Key not found.
"HKCR\PROTOCOLS\Filter\application/x-ica;charset=MS949" => Key deleted successfully.
"HKCR\CLSID\{CFB6322E-CC85-4d1b-82C7-893888A236BC}" => Key not found.
"HKCR\PROTOCOLS\Filter\application/x-ica;charset=MS950" => Key deleted successfully.
"HKCR\CLSID\{CFB6322E-CC85-4d1b-82C7-893888A236BC}" => Key not found.
"HKCR\PROTOCOLS\Filter\application/x-ica;charset=UTF-8" => Key deleted successfully.
"HKCR\CLSID\{CFB6322E-CC85-4d1b-82C7-893888A236BC}" => Key not found.
"HKCR\PROTOCOLS\Filter\application/x-ica;charset=UTF8" => Key deleted successfully.
"HKCR\CLSID\{CFB6322E-CC85-4d1b-82C7-893888A236BC}" => Key not found.
"HKCR\PROTOCOLS\Filter\ica" => Key deleted successfully.
"HKCR\CLSID\{CFB6322E-CC85-4d1b-82C7-893888A236BC}" => Key not found.
"HKLM\Software\Wow6432Node\MozillaPlugins\@adobe.com/ShockwavePlayer" => Key deleted successfully.
"HKLM\Software\Wow6432Node\MozillaPlugins\@nexon.net/NxGame" => Key deleted successfully.
"HKLM\Software\Wow6432Node\MozillaPlugins\@pandonetworks.com/PandoWebPlugin" => Key deleted successfully.
"HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\hbcennhacfaagdopikcegfcobcadeocj" => Key deleted successfully.
"C:\Program Files (x86)\Common Files\Spigot\GC\saebay_1.0.crx" => File/Directory not found.
"HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\icdlfehblmklkikfigmjhbmmpmkmpooj" => Key deleted successfully.
"C:\Program Files (x86)\Common Files\Spigot\GC\errorassistant_1.1.crx" => File/Directory not found.
"HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\mhkaekfpcppmmioggniknbnbdbcigpkk" => Key deleted successfully.
C:\Users\anrit\AppData\Local\Slick Savings\coupons.crx => Moved successfully.
"HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\pfndaklgolladniicklehhancnlgocpp" => Key deleted successfully.
"C:\Program Files (x86)\Common Files\Spigot\GC\saamazon_1.0.crx" => File/Directory not found.
EagleX64 => Service deleted successfully.
VGPU => Service deleted successfully.
C:\Users\anrit\AppData\Roaming\AVG => Moved successfully.
C:\Users\anrit\AppData\Local\AVG => Moved successfully.
C:\ProgramData\{01BD4FC9-2F86-4706-A62E-774BB7E9D308} => Moved successfully.
C:\ProgramData\AVG => Moved successfully.
C:\Users\anrit\Downloads\avg_tuh_stf_all_2014_519_24c28.exe => Moved successfully.
C:\Users\Public\Desktop\AVG 2014.lnk => Moved successfully.
C:\Program Files (x86)\AVG => Moved successfully.
C:\Users\Public\DynamicInstaller.exe => Moved successfully.
C:\Users\anrit\AppData\Local\Temp\BullseyeCoverage-2-x86.dll => Moved successfully.
C:\Users\anrit\AppData\Local\Temp\NGM.exe => Moved successfully.
C:\Users\anrit\AppData\Local\Temp\NGMDll.dll => Moved successfully.
C:\Users\anrit\AppData\Local\Temp\NGMResource.dll => Moved successfully.
"HKU\S-1-5-21-3572275565-2679945913-2636382964-1000_Classes\CLSID\{355EC88A-02E2-4547-9DEE-F87426484BD1}" => Key deleted successfully.
"HKU\S-1-5-21-3572275565-2679945913-2636382964-1000_Classes\CLSID\{FE498BAB-CB4C-4F88-AC3F-3641AAAF5E9E}" => Key deleted successfully.
"C:\Program Files (x86)\Common Files\Spigot" => File/Directory not found.
C:\Users\anrit\AppData\Local\Slick Savings => Moved successfully.
C:\Windows\System32\Drivers\etc\hosts => Moved successfully.
Hosts was reset successfully.
 
=========  ipconfig /flushdns =========
 
 
Windows IP Configuration
 
Successfully flushed the DNS Resolver Cache.
 
========= End of CMD: =========
 
EmptyTemp: => Removed 55.7 MB temporary data.
 
 
The system needed a reboot. 
 
==== End of Fixlog ====
 
i will continue the mbam shortly


#8 Starbuck

Starbuck

    'r Brudiwr


  • Malware Response Team
  • 4,149 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Midlands, UK
  • Local time:09:55 PM

Posted 19 August 2014 - 01:47 PM

i will continue the mbam shortly

Ok, let me know how things go.

BBPP6nz.png


#9 goal

goal
  • Topic Starter

  • Members
  • 54 posts
  • OFFLINE
  •  
  • Local time:03:55 PM

Posted 19 August 2014 - 06:25 PM

After successfully removing traces of the previous malwarbytes anti malware and installing the new one, my PC shutdown midscan. It now shutdowns randomly.

#10 goal

goal
  • Topic Starter

  • Members
  • 54 posts
  • OFFLINE
  •  
  • Local time:03:55 PM

Posted 19 August 2014 - 06:31 PM

I am unable to click anything from the start panel.
Update; I can click through the start panel, most programs are slow to load

Edited by goal, 19 August 2014 - 09:41 PM.


#11 goal

goal
  • Topic Starter

  • Members
  • 54 posts
  • OFFLINE
  •  
  • Local time:03:55 PM

Posted 19 August 2014 - 10:13 PM

here is the mbam log

 

Malwarebytes Anti-Malware
www.malwarebytes.org
 
Scan Date: 8/19/2014
Scan Time: 10:43:23 PM
Logfile: mbam log1.txt
Administrator: Yes
 
Version: 2.00.2.1012
Malware Database: v2014.08.19.10
Rootkit Database: v2014.08.16.01
License: Trial
Malware Protection: Enabled
Malicious Website Protection: Enabled
Self-protection: Disabled
 
OS: Windows 7 Service Pack 1
CPU: x64
File System: NTFS
User: anrit
 
Scan Type: Threat Scan
Result: Completed
Objects Scanned: 348863
Time Elapsed: 27 min, 13 sec
 
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled
 
Processes: 0
(No malicious items detected)
 
Modules: 0
(No malicious items detected)
 
Registry Keys: 1
PUP.Optional.Spigot.A, HKU\S-1-5-21-3572275565-2679945913-2636382964-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\APPDATALOW\SOFTWARE\Search Settings, , [d5a1bd0bd0ab191d7f033d0adb2927d9], 
 
Registry Values: 0
(No malicious items detected)
 
Registry Data: 0
(No malicious items detected)
 
Folders: 0
(No malicious items detected)
 
Files: 0
(No malicious items detected)
 
Physical Sectors: 0
(No malicious items detected)
 
 
(end)


#12 Starbuck

Starbuck

    'r Brudiwr


  • Malware Response Team
  • 4,149 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Midlands, UK
  • Local time:09:55 PM

Posted 20 August 2014 - 10:53 AM

Hi goal,

I see that you enabled the trial version of MBAM..... not the free version.
I have heard of people having problems with the realtime scanners, that's why i recommend just the free version:
It may well be this that is causing the problem. 

Click Next
Select I accept the agreement then continue to click Next then finally click Install
A 14 day trial of the Premium features is pre-selected. You may deselect this if you wish, and it will not diminish the scanning and removal capabilities of the program
I recommend that you UNtick this option.
Click Finish

It's easy to revert back to the free version though.

Start MBAM, then from the main page click on End Free Trial

post-29793-0-07484600-1407003137_zps2e08

Let me know if this cures the problem.

BBPP6nz.png


#13 goal

goal
  • Topic Starter

  • Members
  • 54 posts
  • OFFLINE
  •  
  • Local time:03:55 PM

Posted 20 August 2014 - 01:12 PM

It seems to definitely be faster. I probably need to update things, but other then that, thanks!



#14 Starbuck

Starbuck

    'r Brudiwr


  • Malware Response Team
  • 4,149 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Midlands, UK
  • Local time:09:55 PM

Posted 20 August 2014 - 01:58 PM

Hi goal,

Sounds like it was the MBAM realtime scanners causing the problem then.
As you had Zero Access, there are some other checks we should run.... just to make sure.

Download TDSSKiller and save it to your Desktop.
  • Doubleclick on TDSSKiller.exe to run the application, then click on Change parameters.

    tdss_1.jpg
  • Check the boxes beside Verify Driver Digital Signature and Detect TDLFS file system, then click OK.

    tdss_2.jpg
  • Click the Start Scan button.

    tdss_3.jpg
  • If a suspicious object is detected, the default action will be Skip, click on Continue.

    tdss_4.jpg
  • If malicious objects are found, they will show in the Scan results and offer three (3) options.
  • Ensure SKIP is selected, then click Continue => Reboot now to finish the cleaning process.

    tdss_5.jpg
  • Note: Do not choose Delete unless instructed.
A report will be created in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste its contents on your next reply.

BBPP6nz.png


#15 goal

goal
  • Topic Starter

  • Members
  • 54 posts
  • OFFLINE
  •  
  • Local time:03:55 PM

Posted 23 August 2014 - 11:16 AM

TDSSkiller did not detect anything






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users