Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

dllhost.exe in sysWOW64


  • This topic is locked This topic is locked
14 replies to this topic

#1 AnthonyY

AnthonyY

  • Members
  • 47 posts
  • OFFLINE
  •  
  • Local time:10:42 AM

Posted 18 December 2014 - 10:46 PM

Tried running DDS.com but doesn't work because of windows 8.1, Posting RSIT logs


Info:

info.txt logfile of random's system information tool 1.10 2014-12-18 22:41:08
 
======MBR======
 
0x0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000B189BD8D000000000200EEFFFFFF01000000FFFFFFFF00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000055AA
 
======Uninstall list======
 
-->MsiExec /X{B455E95A-B804-439F-B533-336B1635AE97}
«Tropico 5 - Steam Special Edition»-->"C:\Program Files (x86)\Kalypso Media Digital\Tropico 5\unins000.exe"
64 Bit HP CIO Components Installer-->MsiExec.exe /I{FF21C3E6-97FD-474F-9518-8DCBE94C2854}
Absolute Reminder-->MsiExec.exe /X{40F4FF7A-B214-4453-B973-080B09CED019}
Adobe Flash Player 15 Plugin-->C:\WINDOWS\SysWOW64\Macromed\Flash\FlashUtil32_15_0_0_246_Plugin.exe -maintain plugin
Adobe Photoshop Elements 11-->msiexec /i {1D181764-DCD0-41B8-AA7B-0A599F027A72} NOT_STANDALONE=1
Adobe Reader X (10.1.13) MUI-->MsiExec.exe /I{AC76BA86-7AD7-FFFF-7B44-AA0000000001}
AllSharePlayLink-->MsiExec.exe /I{CE1836A8-3F2B-49BD-8395-93DD414068D2}
Apple Application Support-->MsiExec.exe /I{83CAF0DE-8D3B-4C37-A631-2B8F16EC3031}
Apple Mobile Device Support-->MsiExec.exe /I{BDD99690-3541-4619-9D2A-3CDDB3E15F9E}
Apple Software Update-->MsiExec.exe /I{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}
AVG 2014-->"C:\Program Files (x86)\AVG\AVG2014\avgmfapx.exe" /AppMode=SETUP /Uninstall
AVG 2014-->MsiExec.exe /I{08257488-8829-46D4-892A-BEC4B4785B95}
AVG 2014-->MsiExec.exe /I{8F221493-6D10-4C81-9BEE-3C5DD53B94F6}
AVG SafeGuard toolbar-->C:\Program Files (x86)\AVG SafeGuard toolbar\UNINSTALL.exe /PROMPT /UNINSTALL
Banished-->"C:\Program Files (x86)\Steam\steam.exe" steam://uninstall/242920
Bitcasa version 0.9.20.4135-->"C:\Program Files\Bitcasa\unins000.exe"
Blitzkrieg Mod version 4.8.1.0-->"C:\Program Files (x86)\Steam\steamapps\common\Company of Heroes Relaunch\unins000.exe"
Bonjour-->MsiExec.exe /X{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}
Cheat Engine 6.4-->"C:\Program Files (x86)\Cheat Engine 6.4\unins000.exe"
Chivalry: Medieval Warfare Beta-->"C:\Program Files (x86)\Steam\steam.exe" steam://uninstall/232210
Cisco Connect-->"C:\Program Files (x86)\Cisco Systems\Cisco Connect\Cisco Connect.exe" -uninstall
Cities in Motion 2-->"C:\Program Files (x86)\Steam\steam.exe" steam://uninstall/225420
Company of Heroes (New Steam Version)-->"C:\Program Files (x86)\Steam\steam.exe" steam://uninstall/228200
Company of Heroes 2-->"C:\Program Files (x86)\Steam\steam.exe" steam://uninstall/231430
Cubic Castles-->"C:\Program Files (x86)\Steam\steam.exe" steam://uninstall/317470
CyberLink Power2Go 8-->"C:\Program Files (x86)\InstallShield Installation Information\{2A87D48D-3FDF-41fd-97CD-A1E370EFFFE2}\Setup.exe" /z-uninstall
CyberLink Power2Go 8-->"C:\Program Files (x86)\InstallShield Installation Information\{2A87D48D-3FDF-41fd-97CD-A1E370EFFFE2}\Setup.exe" /z-uninstall
CyberLink PowerDVD 10-->"C:\Program Files (x86)\InstallShield Installation Information\{DEC235ED-58A4-4517-A278-C41E8DAEAB3B}\setup.exe" /z-uninstall
CyberLink PowerDVD 10-->"C:\Program Files (x86)\InstallShield Installation Information\{DEC235ED-58A4-4517-A278-C41E8DAEAB3B}\setup.exe" /z-uninstall
D3DX10-->MsiExec.exe /X{E09C4DB7-630C-4F06-A631-8EA7239923AF}
Darkest Hour: Europe '44-'45-->"C:\Program Files (x86)\Steam\steam.exe" steam://uninstall/1280
Darwinia-->"C:\Program Files (x86)\Steam\steam.exe" steam://uninstall/1500
DEFCON-->"C:\Program Files (x86)\Steam\steam.exe" steam://uninstall/1520
Definition Update for Microsoft Office 2010 (KB2910899) 32-Bit Edition-->"C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\Oarpmany.exe" /removereleaseinpatch "{90140000-003D-0000-0000-0000000FF1CE}" "{C8358E8D-6C89-41B3-8439-FEFBC0353D81}" "1033" "0"
Easy File Share-->MsiExec.exe /I{A7C37D4B-F37A-42E8-9B6A-B28C18AD4C12}
EditPlus 3 (64 bit)-->C:\Program Files\EditPlus 3\remove.exe
Empire: Total War-->"C:\Program Files (x86)\Steam\steam.exe" steam://uninstall/10500
Endless Space-->"C:\Program Files (x86)\Steam\steam.exe" steam://uninstall/208140
E-POP-->"C:\Program Files (x86)\InstallShield Installation Information\{F06DD8D9-9DC8-430C-835C-C9BF21E05CC1}\setup.exe" -runfromtemp -l0x0409  -removeonly
ESET Online Scanner v3-->C:\Program Files (x86)\ESET\ESET Online Scanner\OnlineScannerUninstaller.exe
ExpressCache-->MsiExec.exe /I{3EA6AB5D-D434-4ACA-9609-48F1319518EF}
FTL: Faster Than Light-->"C:\Program Files (x86)\Steam\steam.exe" steam://uninstall/212680
Glary Utilities 5.5-->C:\Program Files (x86)\Glary Utilities 5\uninst.exe
Google Chrome-->"C:\Program Files (x86)\Google\Chrome\Application\39.0.2171.95\Installer\setup.exe" --uninstall --multi-install --chrome --system-level
Google Update Helper-->MsiExec.exe /I{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}
Happy Wars-->"C:\Program Files (x86)\Steam\steam.exe" steam://uninstall/246280
Hearts of Iron III-->"C:\Program Files (x86)\Steam\steam.exe" steam://uninstall/25890
Help Desk-->MsiExec.exe /I{22B32087-797D-4A1B-AFA7-072C87580ADC}
Heroes & Generals-->"C:\Program Files (x86)\Steam\steam.exe" steam://uninstall/227940
HP LaserJet 100 color MFP M175-->C:\Program Files (x86)\HP\csiInstaller\965D0289-10E1-45ec-B11F-A60AC9AE8D4D\Setup.exe /Uninstall
HP LJ100 M175 HP Scan-->MsiExec.exe /I{C3529014-BB16-4933-83FE-9BC9D79619F5}
HP Support Solutions Framework-->MsiExec.exe /I{44157EB3-D8D0-4BB1-B0F5-AD2C38814ED1}
HP Update-->MsiExec.exe /X{B0069CFA-5BB9-4C03-B1C6-89CE290E5AFE}
HPLaserJet100ColorMFPM175_HelpLearnCenter_SI-->MsiExec.exe /X{19542156-285B-458C-994D-2A21889001DF}
Insurgency-->"C:\Program Files (x86)\Steam\steam.exe" steam://uninstall/222880
Intel AppUp(SM) center-->C:\Program Files (x86)\Intel\IntelAppStore\run_uninstaller.exe
Intel® Manageability Engine Firmware Recovery Agent-->MsiExec.exe /X{A6C48A9F-694A-4234-B3AA-62590B668927}
Intel® Management Engine Components-->C:\Program Files (x86)\Intel\Intel® Management Engine Components\Uninstall\setup.exe -uninstall
Intel® Processor Graphics-->C:\Program Files (x86)\Intel\Intel® Processor Graphics\Uninstall\setup.exe -uninstall
Intel® PROSet/Wireless for Bluetooth® + High Speed-->MsiExec.exe /X{7288D4E1-8050-4B81-B9EC-F812D17AD693}
Intel® Rapid Storage Technology-->C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\Uninstall\setup.exe -uninstall
Intel® SDK for OpenCL - CPU Only Runtime Package-->C:\Program Files (x86)\Intel\OpenCL SDK\2.0\Uninstall\setup.exe -uninstall
Intel® WiDi-->MsiExec.exe /X{6097158B-0184-4140-BEC3-7885794D2571}
Intel® PROSet/Wireless Software-->"C:\ProgramData\Package Cache\{c9967fbd-e3c3-4ed0-992a-5b33260f2944}\Setup.exe"  /uninstall
Intel® PROSet/Wireless WiFi Software-->MsiExec.exe /I{D61F48DA-627B-404E-9315-32A651B18B64}
Intel® Trusted Connect Service Client-->MsiExec.exe /I{F4404AFD-2EF3-40C1-8C09-29E5F3B6972B}
iSpy-->MsiExec.exe /I{DF547F06-961B-4F0E-88E4-A6DB44B9D498}
iTunes-->MsiExec.exe /I{2ABBBD91-91E5-4AD7-929A-FE15D1DC0576}
Java 7 Update 65-->MsiExec.exe /X{26A24AE4-039D-4CA4-87B4-2F03217065FF}
Java 8 Update 25-->MsiExec.exe /I{26A24AE4-039D-4CA4-87B4-2F83218025F0}
Java SE Development Kit 8 Update 11 (64-bit)-->MsiExec.exe /I{64A3A4F4-B792-11D6-A78A-00B0D0180110}
Kerbal Space Program-->"C:\Program Files (x86)\Steam\steam.exe" steam://uninstall/220200
Kinetic Void-->"C:\Program Files (x86)\Steam\steam.exe" steam://uninstall/227160
Malwarebytes Anti-Malware version 2.0.4.1028-->"C:\Program Files (x86)\Malwarebytes Anti-Malware\unins000.exe"
Men of War: Assault Squad-->"C:\Program Files (x86)\Steam\steam.exe" steam://uninstall/64000
Microsoft Chart Controls for Microsoft .NET Framework 3.5-->MsiExec.exe /X{41785C66-90F2-40CE-8CB5-1C94BFC97280}
Microsoft Office Access MUI (English) 2010-->MsiExec.exe /X{90140000-0015-0409-0000-0000000FF1CE}
Microsoft Office Access Setup Metadata MUI (English) 2010-->MsiExec.exe /X{90140000-0117-0409-0000-0000000FF1CE}
Microsoft Office Excel MUI (English) 2010-->MsiExec.exe /X{90140000-0016-0409-0000-0000000FF1CE}
Microsoft Office Home and Student 2010-->"C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\setup.exe" /uninstall SINGLEIMAGE /dll OSETUP.DLL
Microsoft Office Office 64-bit Components 2010-->MsiExec.exe /X{90140000-002A-0000-1000-0000000FF1CE}
Microsoft Office OneNote MUI (English) 2010-->MsiExec.exe /X{90140000-00A1-0409-0000-0000000FF1CE}
Microsoft Office Outlook MUI (English) 2010-->MsiExec.exe /X{90140000-001A-0409-0000-0000000FF1CE}
Microsoft Office PowerPoint MUI (English) 2010-->MsiExec.exe /X{90140000-0018-0409-0000-0000000FF1CE}
Microsoft Office Proof (English) 2010-->MsiExec.exe /X{90140000-001F-0409-0000-0000000FF1CE}
Microsoft Office Proof (French) 2010-->MsiExec.exe /X{90140000-001F-040C-0000-0000000FF1CE}
Microsoft Office Proof (Spanish) 2010-->MsiExec.exe /X{90140000-001F-0C0A-0000-0000000FF1CE}
Microsoft Office Proofing (English) 2010-->MsiExec.exe /X{90140000-002C-0409-0000-0000000FF1CE}
Microsoft Office Publisher MUI (English) 2010-->MsiExec.exe /X{90140000-0019-0409-0000-0000000FF1CE}
Microsoft Office Shared 64-bit MUI (English) 2010-->MsiExec.exe /X{90140000-002A-0409-1000-0000000FF1CE}
Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2010-->MsiExec.exe /X{90140000-0116-0409-1000-0000000FF1CE}
Microsoft Office Shared MUI (English) 2010-->MsiExec.exe /X{90140000-006E-0409-0000-0000000FF1CE}
Microsoft Office Shared Setup Metadata MUI (English) 2010-->MsiExec.exe /X{90140000-0115-0409-0000-0000000FF1CE}
Microsoft Office Single Image 2010-->MsiExec.exe /X{90140000-003D-0000-0000-0000000FF1CE}
Microsoft Office Word MUI (English) 2010-->MsiExec.exe /X{90140000-001B-0409-0000-0000000FF1CE}
Microsoft SQL Server 2005 Compact Edition [ENU]-->MsiExec.exe /I{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}
Microsoft Visual C++ 2005 Redistributable (x64)-->MsiExec.exe /X{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}
Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}
Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d}
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148-->MsiExec.exe /X{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161-->MsiExec.exe /X{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022-->MsiExec.exe /X{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17-->MsiExec.exe /X{9A25302D-30C0-39D9-BD6F-21E6EC160475}
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148-->MsiExec.exe /X{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161-->MsiExec.exe /X{9BE518E6-ECC6-35A9-88E4-87755C07200F}
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219-->MsiExec.exe /X{1D8E6291-B0D5-35EC-8441-6616F567A0F7}
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219-->MsiExec.exe /X{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.60610-->"C:\ProgramData\Package Cache\{a1909659-0a08-4554-8af1-2175904903a1}\vcredist_x64.exe"  /uninstall
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.60610-->"C:\ProgramData\Package Cache\{95716cce-fc71-413f-8ad5-56c2892d4b3a}\vcredist_x86.exe"  /uninstall
Microsoft Visual C++ 2012 x64 Additional Runtime - 11.0.60610-->MsiExec.exe /X{764384C5-BCA9-307C-9AAC-FD443662686A}
Microsoft Visual C++ 2012 x64 Minimum Runtime - 11.0.60610-->MsiExec.exe /X{2EDC2FA3-1F34-34E5-9085-588C9EFD1CC6}
Microsoft Visual C++ 2012 x86 Additional Runtime - 11.0.60610-->MsiExec.exe /X{3D6AD258-61EA-35F5-812C-B7A02152996E}
Microsoft Visual C++ 2012 x86 Minimum Runtime - 11.0.60610-->MsiExec.exe /X{E7D4E834-93EB-351F-B8FB-82CDAE623003}
Microsoft XNA Framework Redistributable 3.1-->MsiExec.exe /I{19BFDA5D-1FE2-4F25-97F9-1A79DD04EE20}
Mount & Blade: Warband-->"C:\Program Files (x86)\Steam\steam.exe" steam://uninstall/48700
Movie Maker-->MsiExec.exe /X{40F55150-F43D-4C9F-9A00-1A0A6F1EB7F0}
Movie Maker-->MsiExec.exe /X{8AB3FBDE-CCF7-4055-98EF-A1FBC7B661E9}
Movie Maker-->MsiExec.exe /X{D71BC54E-A4E6-4E06-866C-FD6EE16EA187}
Movie Maker-->MsiExec.exe /X{E8F373BC-AAE2-4DC7-9853-B6A83CC88793}
Mozilla Firefox 30.0 (x86 en-US)-->"C:\Program Files (x86)\Mozilla Firefox\uninstall\helper.exe"
Mozilla Maintenance Service-->"C:\Program Files (x86)\Mozilla Maintenance Service\uninstall.exe"
MSVCRT-->MsiExec.exe /I{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}
MSVCRT110_amd64-->MsiExec.exe /I{F842F8B0-6942-4930-821F-543E976B2C66}
MSVCRT110-->MsiExec.exe /I{8E14DDC8-EA60-4E18-B3E3-1937104D5BDA}
Multiwinia-->"C:\Program Files (x86)\Steam\steam.exe" steam://uninstall/1530
Norton Online Backup ARA-->C:\Program Files (x86)\NortonInstaller\{311739EB-5C94-4EE1-B911-2D1F005060F4}\NARA\LicenseType\4.1.0.14\InstStub.exe /X /ARP
Norton Online Backup-->MsiExec.exe /X{40A66DF6-22D3-44B5-A7D3-83B118A2C0DC}
NVIDIA GeForce Experience 2.1.3-->"C:\WINDOWS\SysWOW64\RunDll32.EXE" "C:\Program Files\NVIDIA Corporation\Installer2\InstallerCore\NVI2.DLL",UninstallPackage Display.GFExperience
NVIDIA Graphics Driver 344.48-->"C:\WINDOWS\SysWOW64\RunDll32.EXE" "C:\Program Files\NVIDIA Corporation\Installer2\InstallerCore\NVI2.DLL",UninstallPackage Display.Driver
NVIDIA PhysX System Software 9.14.0702-->"C:\WINDOWS\SysWOW64\RunDll32.EXE" "C:\Program Files\NVIDIA Corporation\Installer2\InstallerCore\NVI2.DLL",UninstallPackage Display.PhysX
NVIDIA PhysX-->MsiExec.exe /I{B455E95A-B804-439F-B533-336B1635AE97}
paint.net-->MsiExec.exe /X{F509C1F4-0029-49F9-B145-A4C4E8DF481A}
Pandora: First Contact-->"C:\Program Files (x86)\Steam\steam.exe" steam://uninstall/287580
Papers, Please-->"C:\Program Files (x86)\Steam\steam.exe" steam://uninstall/239030
Photo Common-->MsiExec.exe /X{5CC4C963-F772-4766-BFF2-DE551E205EE9}
Photo Common-->MsiExec.exe /X{8C5935EF-ECAD-4323-99B8-67AB6163D4D2}
Photo Common-->MsiExec.exe /X{C60589D9-9881-4ED8-AF7B-1F955542381F}
Photo Gallery-->MsiExec.exe /X{60A1253C-2D51-4166-95C2-52E9CF4F8D64}
Photo Gallery-->MsiExec.exe /X{9B2E55F8-5BA8-4A45-9682-ACB6F2CC0DA5}
Pixel Piracy-->"C:\Program Files (x86)\Steam\steam.exe" steam://uninstall/264140
PlanetSide 2-->"C:\Program Files (x86)\Steam\steam.exe" steam://uninstall/218230
Plants vs. Zombies-->C:\Program Files (x86)\PopCap Games\Plants vs. Zombies\PopUninstall.exe "C:\Program Files (x86)\PopCap Games\Plants vs. Zombies\Install.log"
Portal 2-->"C:\Program Files (x86)\Steam\steam.exe" steam://uninstall/620
Portal-->"C:\Program Files (x86)\Steam\steam.exe" steam://uninstall/400
POSTAL 2-->"C:\Program Files (x86)\Steam\steam.exe" steam://uninstall/223470
Prison Architect-->"C:\Program Files (x86)\Steam\steam.exe" steam://uninstall/233450
PSE11 STI Installer-->C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\core\PDApp.exe --appletID="DWA_UI" --appletVersion="1.0" --mode="Uninstall" --mediaSignature="{98CE8819-87AA-4814-8167-ADDDD513485F}"
PunkBuster Services-->C:\Program Files (x86)\Steam\steamapps\common\Red Orchestra 2\Binaries\Win32\pbsvc_hos.exe -u
Python 3.4.1 (64-bit)-->MsiExec.exe /I{D54842CB-F761-30BA-881F-1FF821DC44DF}
QuickTime 7-->MsiExec.exe /I{3D2CBC2C-65D4-4463-87AB-BB2C859C1F3E}
Realtek Ethernet Controller Driver-->C:\Program Files (x86)\InstallShield Installation Information\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}\setup.exe -runfromtemp -l0x0409 -removeonly
Realtek High Definition Audio Driver-->C:\Program Files\Realtek\Audio\HDA\RtlUpd64.exe -r -m -nrg2709
Receiver-->"C:\Program Files (x86)\Steam\steam.exe" steam://uninstall/234190
Recovery-->"C:\Program Files (x86)\InstallShield Installation Information\{145DE957-0679-4A2A-BB5C-1D3E9808FAB2}\setup.exe" -runfromtemp -removeonly
Red Orchestra 2: Heroes of Stalingrad - Single Player-->"C:\Program Files (x86)\Steam\steam.exe" steam://uninstall/236830
Red Orchestra: Ostfront 41-45-->"C:\Program Files (x86)\Steam\steam.exe" steam://uninstall/1200
Reflector-->MsiExec.exe /X{77342B24-A2A9-4420-8C9C-C109EE201CBC}
Rising Storm/Red Orchestra 2 Multiplayer-->"C:\Program Files (x86)\Steam\steam.exe" steam://uninstall/35450
Robocraft-->"C:\Program Files (x86)\Steam\steam.exe" steam://uninstall/301520
Romae Bellum 3.0-->C:\Program Files (x86)\Steam\SteamApps\common\mountblade warband\Modules\Romae_Bellum_3.0\uninst.exe
S Agent-->MsiExec.exe /I{5A52C7BA-14F5-4BDD-A74A-3333DCB121F0}
Security Update for Microsoft Excel 2010 (KB2910902) 32-Bit Edition-->"C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\Oarpmany.exe" /removereleaseinpatch "{90140000-003D-0000-0000-0000000FF1CE}" "{6A1E6C95-CDE5-4E8C-A712-79C0985DAFE6}" "1033" "0"
Security Update for Microsoft Office 2010 (KB2553154) 32-Bit Edition-->"C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\Oarpmany.exe" /removereleaseinpatch "{90140000-003D-0000-0000-0000000FF1CE}" "{D0D69BA5-4BD9-439E-804F-07DC80CF5408}" "1033" "0"
Security Update for Microsoft Office 2010 (KB2553284) 32-Bit Edition-->"C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\Oarpmany.exe" /removereleaseinpatch "{90140000-006E-0409-0000-0000000FF1CE}" "{688AC276-B332-4A76-AEB0-708AAAE669E5}" "1033" "0"
Security Update for Microsoft Office 2010 (KB2687423) 32-Bit Edition-->"C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\Oarpmany.exe" /removereleaseinpatch "{90140000-003D-0000-0000-0000000FF1CE}" "{4D6FE7B6-559F-4DAC-92CF-A01C24046AEB}" "1033" "0"
Security Update for Microsoft Office 2010 (KB2810073) 32-Bit Edition-->"C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\Oarpmany.exe" /removereleaseinpatch "{90140000-003D-0000-0000-0000000FF1CE}" "{1EE5FA17-F624-438C-B7AC-7C5A41E90FA2}" "1033" "0"
Security Update for Microsoft Office 2010 (KB2850016) 32-Bit Edition-->"C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\Oarpmany.exe" /removereleaseinpatch "{90140000-003D-0000-0000-0000000FF1CE}" "{7AC3F78E-ECA0-45F4-A9CC-3E885DA23662}" "1033" "0"
Security Update for Microsoft Office 2010 (KB2880971) 32-Bit Edition-->"C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\Oarpmany.exe" /removereleaseinpatch "{90140000-003D-0000-0000-0000000FF1CE}" "{5EE42B42-1159-435C-898A-2A3298453B20}" "1033" "0"
Security Update for Microsoft Office 2010 (KB2881071) 32-Bit Edition-->"C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\Oarpmany.exe" /removereleaseinpatch "{90140000-003D-0000-0000-0000000FF1CE}" "{0BC570F0-7352-4A3A-B2A2-CA56ADA7375F}" "1033" "0"
Security Update for Microsoft Word 2010 (KB2899519) 32-Bit Edition-->"C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\Oarpmany.exe" /removereleaseinpatch "{90140000-003D-0000-0000-0000000FF1CE}" "{3D0C726C-AA67-4078-9046-24F95B738B6A}" "1033" "0"
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition-->"C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\Oarpmany.exe" /removereleaseinpatch "{90140000-0015-0409-0000-0000000FF1CE}" "{D6A2CD7F-C90C-4B90-BBA7-2BADE2E08610}" "1033" "0"
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition-->"C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\Oarpmany.exe" /removereleaseinpatch "{90140000-0016-0409-0000-0000000FF1CE}" "{D6A2CD7F-C90C-4B90-BBA7-2BADE2E08610}" "1033" "0"
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition-->"C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\Oarpmany.exe" /removereleaseinpatch "{90140000-0018-0409-0000-0000000FF1CE}" "{D6A2CD7F-C90C-4B90-BBA7-2BADE2E08610}" "1033" "0"
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition-->"C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\Oarpmany.exe" /removereleaseinpatch "{90140000-0019-0409-0000-0000000FF1CE}" "{D6A2CD7F-C90C-4B90-BBA7-2BADE2E08610}" "1033" "0"
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition-->"C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\Oarpmany.exe" /removereleaseinpatch "{90140000-001A-0409-0000-0000000FF1CE}" "{D6A2CD7F-C90C-4B90-BBA7-2BADE2E08610}" "1033" "0"
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition-->"C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\Oarpmany.exe" /removereleaseinpatch "{90140000-001B-0409-0000-0000000FF1CE}" "{D6A2CD7F-C90C-4B90-BBA7-2BADE2E08610}" "1033" "0"
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition-->"C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\Oarpmany.exe" /removereleaseinpatch "{90140000-001F-0409-0000-0000000FF1CE}" "{09A9DF49-DA06-4093-A2FD-F339211E39EA}" "1033" "0"
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition-->"C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\Oarpmany.exe" /removereleaseinpatch "{90140000-001F-040C-0000-0000000FF1CE}" "{ECC1D579-DC17-4B90-929C-B4A0BB35F7B3}" "1033" "0"
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition-->"C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\Oarpmany.exe" /removereleaseinpatch "{90140000-001F-0C0A-0000-0000000FF1CE}" "{8C5A05B6-FF56-480F-A0E6-9F4BCA4B4CAC}" "1033" "0"
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition-->"C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\Oarpmany.exe" /removereleaseinpatch "{90140000-002A-0000-1000-0000000FF1CE}" "{E4D76E88-C65F-4003-9C71-EC4306679D17}" "1033" "0"
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition-->"C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\Oarpmany.exe" /removereleaseinpatch "{90140000-002A-0409-1000-0000000FF1CE}" "{03AE1408-7BF1-4AC6-A327-E32E7799BCE4}" "1033" "0"
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition-->"C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\Oarpmany.exe" /removereleaseinpatch "{90140000-002C-0409-0000-0000000FF1CE}" "{945F1D43-451D-4383-9BBE-241F37950B15}" "1033" "0"
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition-->"C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\Oarpmany.exe" /removereleaseinpatch "{90140000-003D-0000-0000-0000000FF1CE}" "{DE28B448-32E8-4E8F-84F0-A52B21A49B5B}" "1033" "0"
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition-->"C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\Oarpmany.exe" /removereleaseinpatch "{90140000-006E-0409-0000-0000000FF1CE}" "{8DD50F3B-E0BD-4E39-AF1F-2F316B4FC528}" "1033" "0"
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition-->"C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\Oarpmany.exe" /removereleaseinpatch "{90140000-00A1-0409-0000-0000000FF1CE}" "{D6A2CD7F-C90C-4B90-BBA7-2BADE2E08610}" "1033" "0"
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition-->"C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\Oarpmany.exe" /removereleaseinpatch "{90140000-0115-0409-0000-0000000FF1CE}" "{8DD50F3B-E0BD-4E39-AF1F-2F316B4FC528}" "1033" "0"
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition-->"C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\Oarpmany.exe" /removereleaseinpatch "{90140000-0116-0409-1000-0000000FF1CE}" "{03AE1408-7BF1-4AC6-A327-E32E7799BCE4}" "1033" "0"
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition-->"C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\Oarpmany.exe" /removereleaseinpatch "{90140000-0117-0409-0000-0000000FF1CE}" "{D6A2CD7F-C90C-4B90-BBA7-2BADE2E08610}" "1033" "0"
Settings-->MsiExec.exe /I{8CB5C357-12E5-41B1-A024-D57D4E6F32D9}
Sharepod 4.0.1.2-->"C:\Program Files (x86)\Sharepod\unins000.exe"
Sid Meier's Civilization V-->"C:\Program Files (x86)\Steam\steam.exe" steam://uninstall/8930
Sins of a Solar Empire: Rebellion-->"C:\Program Files (x86)\Steam\steam.exe" steam://uninstall/204880
Skype Click to Call-->MsiExec.exe /X{6D1221A9-17BF-4EC0-81F2-27D30EC30701}
Skype™ 6.18-->MsiExec.exe /X{7A3C7E05-EE37-47D6-99E1-2EB05A3DA3F7}
Sniper Elite V2-->"C:\Program Files (x86)\Steam\steam.exe" steam://uninstall/63380
Spintires-->"C:\Users\User\AppData\Roaming\Spintires\Uninstall\unins000.exe"
StarDrive-->"C:\Program Files (x86)\Steam\steam.exe" steam://uninstall/220660
Support Center FAQ-->MsiExec.exe /I{02F04AFA-243D-4E6A-9556-60F8D2539547}
Support Center-->MsiExec.exe /I{8EC7C961-2CD2-49DC-8F39-75E9CD20BB19}
Surgeon Simulator 2013-->"C:\Program Files (x86)\Steam\steam.exe" steam://uninstall/233720
SW Update-->MsiExec.exe /I{DA06101F-FD76-4BF0-88BD-B26A197005E3}
Synaptics Pointing Device Driver-->rundll32.exe "%ProgramFiles%\Synaptics\SynTP\SynISDLL.dll",standAloneUninstall
TeamSpeak 3 Client-->"C:\Program Files\TeamSpeak 3 Client\uninstall.exe"
The Elder Scrolls V: Skyrim-->"C:\Program Files (x86)\Steam\steam.exe" steam://uninstall/72850
The Escapists-->"C:\Program Files (x86)\Steam\steam.exe" steam://uninstall/298630
The Long Dark-->"C:\Program Files (x86)\Steam\steam.exe" steam://uninstall/305620
Total War: ROME II - Emperor Edition-->"C:\Program Files (x86)\Steam\steam.exe" steam://uninstall/214950
Universe Sandbox-->"C:\Program Files (x86)\Steam\steam.exe" steam://uninstall/72200
Unturned-->"C:\Program Files (x86)\Steam\steam.exe" steam://uninstall/304930
Update for Microsoft Access 2010 (KB2553446) 32-Bit Edition-->"C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\Oarpmany.exe" /removereleaseinpatch "{90140000-003D-0000-0000-0000000FF1CE}" "{B4A38370-2ADB-46B0-A1B0-0C4A2F7DCA31}" "1033" "0"
Update for Microsoft Excel 2010 (KB2589348) 32-Bit Edition-->"C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\Oarpmany.exe" /removereleaseinpatch "{90140000-0016-0409-0000-0000000FF1CE}" "{A7C2902F-C60B-428F-BDD7-ECE4DC0A2CA1}" "1033" "0"
Update for Microsoft Excel 2010 (KB2589348) 32-Bit Edition-->"C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\Oarpmany.exe" /removereleaseinpatch "{90140000-0018-0409-0000-0000000FF1CE}" "{A7C2902F-C60B-428F-BDD7-ECE4DC0A2CA1}" "1033" "0"
Update for Microsoft Excel 2010 (KB2589348) 32-Bit Edition-->"C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\Oarpmany.exe" /removereleaseinpatch "{90140000-001B-0409-0000-0000000FF1CE}" "{A7C2902F-C60B-428F-BDD7-ECE4DC0A2CA1}" "1033" "0"
Update for Microsoft Filter Pack 2.0 (KB2878281) 32-Bit Edition-->"C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\Oarpmany.exe" /removereleaseinpatch "{90140000-002A-0000-1000-0000000FF1CE}" "{302A8FE3-EBF5-486C-A431-16A1CD914443}" "1033" "0"
Update for Microsoft Filter Pack 2.0 (KB2878281) 32-Bit Edition-->"C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\Oarpmany.exe" /removereleaseinpatch "{90140000-003D-0000-0000-0000000FF1CE}" "{302A8FE3-EBF5-486C-A431-16A1CD914443}" "1033" "0"
Update for Microsoft InfoPath 2010 (KB2817369) 32-Bit Edition-->"C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\Oarpmany.exe" /removereleaseinpatch "{90140000-003D-0000-0000-0000000FF1CE}" "{4EEA3D3E-989C-4DF4-AB0A-3042C0C12AA3}" "1033" "0"
Update for Microsoft Office 2010 (KB2553140) 32-Bit Edition-->"C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\Oarpmany.exe" /removereleaseinpatch "{90140000-003D-0000-0000-0000000FF1CE}" "{8BEEA2FC-D416-428A-B52A-A3ED45921151}" "1033" "0"
Update for Microsoft Office 2010 (KB2553140) 32-Bit Edition-->"C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\Oarpmany.exe" /removereleaseinpatch "{90140000-006E-0409-0000-0000000FF1CE}" "{8BEEA2FC-D416-428A-B52A-A3ED45921151}" "1033" "0"
Update for Microsoft Office 2010 (KB2589298) 32-Bit Edition-->"C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\Oarpmany.exe" /removereleaseinpatch "{90140000-003D-0000-0000-0000000FF1CE}" "{DADF7E25-FFA4-4D02-BE84-1DAE62C18516}" "1033" "0"
Update for Microsoft Office 2010 (KB2589352) 32-Bit Edition-->"C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\Oarpmany.exe" /removereleaseinpatch "{90140000-002A-0000-1000-0000000FF1CE}" "{F4284D93-7AE8-4309-8CF3-9AD394F35F3A}" "1033" "0"
Update for Microsoft Office 2010 (KB2589352) 32-Bit Edition-->"C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\Oarpmany.exe" /removereleaseinpatch "{90140000-003D-0000-0000-0000000FF1CE}" "{F4284D93-7AE8-4309-8CF3-9AD394F35F3A}" "1033" "0"
Update for Microsoft Office 2010 (KB2589375) 32-Bit Edition-->"C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\Oarpmany.exe" /removereleaseinpatch "{90140000-003D-0000-0000-0000000FF1CE}" "{287A1E92-9E41-4BC1-8920-B3D0E9220800}" "1033" "0"
Update for Microsoft Office 2010 (KB2589386) 32-Bit Edition-->"C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\Oarpmany.exe" /removereleaseinpatch "{90140000-003D-0000-0000-0000000FF1CE}" "{A4F91D60-654C-4892-BFD3-0D41ADA649B6}" "1033" "0"
Update for Microsoft Office 2010 (KB2597087) 32-Bit Edition-->"C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\Oarpmany.exe" /removereleaseinpatch "{90140000-003D-0000-0000-0000000FF1CE}" "{9D69691D-823D-4C3E-9B12-563A3F520366}" "1033" "0"
Update for Microsoft Office 2010 (KB2597089) 32-Bit Edition-->"C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\Oarpmany.exe" /removereleaseinpatch "{90140000-006E-0409-0000-0000000FF1CE}" "{A12F43A5-CF0B-44E3-942F-2441CD442F0D}" "1033" "0"
Update for Microsoft Office 2010 (KB2687275) 32-Bit Edition-->"C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\Oarpmany.exe" /removereleaseinpatch "{90140000-003D-0000-0000-0000000FF1CE}" "{0B7744D2-1FDD-4843-9987-7CE11B79F370}" "1033" "0"
Update for Microsoft Office 2010 (KB2794737) 32-Bit Edition-->"C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\Oarpmany.exe" /removereleaseinpatch "{90140000-003D-0000-0000-0000000FF1CE}" "{5AA578BB-759C-40FD-9661-A737C0884541}" "1033" "0"
Update for Microsoft Office 2010 (KB2825635) 32-Bit Edition-->"C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\Oarpmany.exe" /removereleaseinpatch "{90140000-003D-0000-0000-0000000FF1CE}" "{F1A20C69-9FE5-40FD-9CD5-84EABC2EF64A}" "1033" "0"
Update for Microsoft Office 2010 (KB2837581) 32-Bit Edition-->"C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\Oarpmany.exe" /removereleaseinpatch "{90140000-003D-0000-0000-0000000FF1CE}" "{334FB202-28D7-4BA4-8BC9-4FE4AB233EA0}" "1033" "0"
Update for Microsoft Office 2010 (KB2837602) 32-Bit Edition-->"C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\Oarpmany.exe" /removereleaseinpatch "{90140000-002A-0000-1000-0000000FF1CE}" "{8158D96B-083A-4FE4-8587-B5D0F49FE4B8}" "1033" "0"
Update for Microsoft Office 2010 (KB2837602) 32-Bit Edition-->"C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\Oarpmany.exe" /removereleaseinpatch "{90140000-003D-0000-0000-0000000FF1CE}" "{8158D96B-083A-4FE4-8587-B5D0F49FE4B8}" "1033" "0"
Update for Microsoft Office 2010 (KB2837606) 32-Bit Edition-->"C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\Oarpmany.exe" /removereleaseinpatch "{90140000-003D-0000-0000-0000000FF1CE}" "{B0D672F7-883E-4279-8E75-D97A5445AB46}" "1033" "0"
Update for Microsoft Office 2010 (KB2883019) 32-Bit Edition-->"C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\Oarpmany.exe" /removereleaseinpatch "{90140000-003D-0000-0000-0000000FF1CE}" "{D1C4AD0B-CC79-41D2-8D6A-571E7B30658C}" "1033" "0"
Update for Microsoft Office 2010 (KB2889818) 32-Bit Edition-->"C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\Oarpmany.exe" /removereleaseinpatch "{90140000-003D-0000-0000-0000000FF1CE}" "{CFB80344-FCBA-4C03-AD77-D49E82F14C3E}" "1033" "0"
Update for Microsoft Office 2010 (KB2889828) 32-Bit Edition-->"C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\Oarpmany.exe" /removereleaseinpatch "{90140000-001F-040C-0000-0000000FF1CE}" "{C1954E2B-1672-4E5C-B564-F8CB2D08345B}" "1033" "0"
Update for Microsoft Office 2010 (KB2910896) 32-Bit Edition-->"C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\Oarpmany.exe" /removereleaseinpatch "{90140000-001F-0409-0000-0000000FF1CE}" "{E762A933-274B-4860-B066-A39FAB0838FD}" "1033" "0"
Update for Microsoft Office 2010 (KB2910896) 32-Bit Edition-->"C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\Oarpmany.exe" /removereleaseinpatch "{90140000-001F-0C0A-0000-0000000FF1CE}" "{A7AA9E77-A9F4-4596-8AFD-4910FF258C3D}" "1033" "0"
Update for Microsoft OneNote 2010 (KB2597088) 32-Bit Edition-->"C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\Oarpmany.exe" /removereleaseinpatch "{90140000-002A-0000-1000-0000000FF1CE}" "{A87EDEA3-4861-4D99-9B36-F442740F1287}" "1033" "0"
Update for Microsoft OneNote 2010 (KB2597088) 32-Bit Edition-->"C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\Oarpmany.exe" /removereleaseinpatch "{90140000-003D-0000-0000-0000000FF1CE}" "{A87EDEA3-4861-4D99-9B36-F442740F1287}" "1033" "0"
Update for Microsoft OneNote 2010 (KB2597088) 32-Bit Edition-->"C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\Oarpmany.exe" /removereleaseinpatch "{90140000-00A1-0409-0000-0000000FF1CE}" "{26A0F874-417C-4B0A-8088-3FA53638FB49}" "1033" "0"
Update for Microsoft Outlook 2010 (KB2687567) 32-Bit Edition-->"C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\Oarpmany.exe" /removereleaseinpatch "{90140000-001A-0409-0000-0000000FF1CE}" "{DCE104A1-1875-4469-A83D-A5BFA6C4640F}" "1033" "0"
Update for Microsoft Outlook 2010 (KB2687567) 32-Bit Edition-->"C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\Oarpmany.exe" /removereleaseinpatch "{90140000-003D-0000-0000-0000000FF1CE}" "{2AB483F1-C86E-427A-83B4-23889B03512D}" "1033" "0"
Update for Microsoft PowerPoint 2010 (KB2880517) 32-Bit Edition-->"C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\Oarpmany.exe" /removereleaseinpatch "{90140000-0018-0409-0000-0000000FF1CE}" "{DF548669-AAED-467B-A074-AE2B72A4A871}" "1033" "0"
Update for Microsoft PowerPoint 2010 (KB2880517) 32-Bit Edition-->"C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\Oarpmany.exe" /removereleaseinpatch "{90140000-003D-0000-0000-0000000FF1CE}" "{6C727BC2-B2B9-4B03-BD7E-682EA6FA1C04}" "1033" "0"
Update for Microsoft SharePoint Workspace 2010 (KB2760601) 32-Bit Edition-->"C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\Oarpmany.exe" /removereleaseinpatch "{90140000-002A-0000-1000-0000000FF1CE}" "{F9F5A080-AF38-4966-9A6B-C43DCA465035}" "1033" "0"
Update for Microsoft Visio 2010 (KB2880526) 32-Bit Edition-->"C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\Oarpmany.exe" /removereleaseinpatch "{90140000-003D-0000-0000-0000000FF1CE}" "{7B29D8B8-6A87-496C-A65E-B935E740448A}" "1033" "0"
Update for Microsoft Visio Viewer 2010 (KB2837587) 32-Bit Edition-->"C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\Oarpmany.exe" /removereleaseinpatch "{90140000-003D-0000-0000-0000000FF1CE}" "{38CF30E4-3348-4BD1-A859-B630C355A56F}" "1033" "0"
Uplink-->"C:\Program Files (x86)\Steam\steam.exe" steam://uninstall/1510
User Guide-->MsiExec.exe /I{93467343-BD37-4643-8A4B-E5463CD9B7E2}
Visual Studio 2012 x64 Redistributables-->MsiExec.exe /I{8C775E70-A791-4DA8-BCC3-6AB7136F4484}
Visual Studio 2012 x86 Redistributables-->MsiExec.exe /I{98EFF19A-30AB-4E4B-B943-F06B1C63EBF8}
VLC media player 2.1.3-->C:\Program Files (x86)\VideoLAN\VLC\uninstall.exe
Wargame: AirLand Battle-->"C:\Program Files (x86)\Steam\steam.exe" steam://uninstall/222750
Wargame: Red Dragon-->"C:\Program Files (x86)\Steam\steam.exe" steam://uninstall/251060
Windows Live Communications Platform-->MsiExec.exe /I{BA73469B-D8C7-4FE3-B33C-1340D09F0709}
Windows Live Essentials-->C:\Program Files (x86)\Windows Live\Installer\wlarp.exe
Windows Live Essentials-->MsiExec.exe /I{46316411-80D8-4F68-8118-696E05FCE199}
Windows Live Installer-->MsiExec.exe /I{76EE8FE7-1957-4C51-9074-4930A8CFB1AF}
Windows Live Photo Common-->MsiExec.exe /X{64DF7404-9D46-44AF-AFA1-A2F8D5648C2D}
Windows Live PIMT Platform-->MsiExec.exe /I{1057511B-F8FE-4230-9ED3-AB949A57EE4A}
Windows Live SOXE Definitions-->MsiExec.exe /I{4FA8F084-C42F-45E1-B7E5-E0C8A1083DC5}
Windows Live SOXE-->MsiExec.exe /I{4F9A382F-4478-4036-905C-F77DF2EA0370}
Windows Live UX Platform Language Pack-->MsiExec.exe /I{2D416A80-0BB1-4D8B-B770-7BE8F53D5937}
Windows Live UX Platform Language Pack-->MsiExec.exe /I{3221ABB3-A940-4030-AA86-C0DA75BCD176}
Windows Live UX Platform Language Pack-->MsiExec.exe /I{D436D212-1381-485A-BE46-32E1E2A95D98}
Windows Live UX Platform-->MsiExec.exe /I{29315CEC-E6CE-4394-84DC-6F862E8D9A52}
Windows Live 程式集-->MsiExec.exe /I{954FC3E4-61C1-43BC-AB13-F0CCF145716D}
Windows Live 软件包-->MsiExec.exe /I{67E78A3A-617B-4DD1-975D-7100CF4AC9E6}
WinRAR 5.10 (32-bit)-->C:\Program Files (x86)\WinRAR\uninstall.exe
World of Tanks-->"C:\Games\World_of_Tanks\unins000.exe"
XCom Long War EW Mod version Beta 14f-->"c:\program files (x86)\steam\steamapps\common\XCom-Enemy-Unknown\XEW\unins000.exe"
XCOM: Enemy Unknown-->"C:\Program Files (x86)\Steam\steam.exe" steam://uninstall/200510
影像中心-->MsiExec.exe /X{3668CB0E-910D-43FE-9EDB-B07754E1CF24}
照片库-->MsiExec.exe /X{0E6639BB-C1BB-4FF5-8846-5813EF63E04B}
 
======System event log======
 
Computer Name: user
Event Code: 10010
Message: The server {9AA46009-3CE0-458A-A354-715610A075E6} did not register with DCOM within the required timeout.
Record Number: 434296
Source Name: Microsoft-Windows-DistributedCOM
Time Written: 20141217041506.612132-000
Event Type: Error
User: user\Anthony Y
 
Computer Name: user
Event Code: 10010
Message: The server {9AA46009-3CE0-458A-A354-715610A075E6} did not register with DCOM within the required timeout.
Record Number: 434295
Source Name: Microsoft-Windows-DistributedCOM
Time Written: 20141217041436.541010-000
Event Type: Error
User: user\Anthony Y
 
Computer Name: user
Event Code: 10010
Message: The server {9AA46009-3CE0-458A-A354-715610A075E6} did not register with DCOM within the required timeout.
Record Number: 434294
Source Name: Microsoft-Windows-DistributedCOM
Time Written: 20141217041406.496676-000
Event Type: Error
User: user\Anthony Y
 
Computer Name: user
Event Code: 10010
Message: The server {9AA46009-3CE0-458A-A354-715610A075E6} did not register with DCOM within the required timeout.
Record Number: 434293
Source Name: Microsoft-Windows-DistributedCOM
Time Written: 20141217041336.456625-000
Event Type: Error
User: user\Anthony Y
 
Computer Name: user
Event Code: 10010
Message: The server {9AA46009-3CE0-458A-A354-715610A075E6} did not register with DCOM within the required timeout.
Record Number: 434291
Source Name: Microsoft-Windows-DistributedCOM
Time Written: 20141217041306.416117-000
Event Type: Error
User: user\Anthony Y
 
=====Application event log=====
 
Computer Name: user
Event Code: 100
Message: mDNSCoreReceiveResponse: Received from 192.168.1.103:5353   16 user.local. AAAA FD87:FA2E:2132:0000:849F:9E58:E696:46F3
Record Number: 56999
Source Name: Bonjour Service
Time Written: 20141217051124.000000-000
Event Type: Error
User: 
 
Computer Name: user
Event Code: 1000
Message: Faulting application name: HPLaserJetService.exe, version: 2.15.602.0, time stamp: 0x4cc86bd5
Faulting module name: hppccompio.DLL, version: 1.3.0.24, time stamp: 0x4c9685d0
Exception code: 0xc0000417
Fault offset: 0x000073bf
Faulting process id: 0x568
Faulting application start time: 0x01d019b7d87f7a3c
Faulting application path: C:\Program Files (x86)\HP\HPLaserJetService\HPLaserJetService.exe
Faulting module path: C:\WINDOWS\SYSTEM32\hppccompio.DLL
Report Id: 1f9879c1-85ab-11e4-802e-c8f733d2fc2a
Faulting package full name: 
Faulting package-relative application ID: 
Record Number: 56998
Source Name: Application Error
Time Written: 20141217051115.000000-000
Event Type: Error
User: 
 
Computer Name: user
Event Code: 78
Message: Activation context generation failed for "C:\Users\User\Downloads\esetsmartinstaller_enu.exe".Error in manifest or policy file "" on line . A component version required by the application conflicts with another component version already active. Conflicting components are:. Component 1: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest. Component 2: C:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_a9efdb8b01377ea7.manifest.
Record Number: 56950
Source Name: SideBySide
Time Written: 20141217050534.000000-000
Event Type: Error
User: 
 
Computer Name: user
Event Code: 78
Message: Activation context generation failed for "C:\Users\User\Downloads\esetsmartinstaller_enu.exe".Error in manifest or policy file "" on line . A component version required by the application conflicts with another component version already active. Conflicting components are:. Component 1: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest. Component 2: C:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_a9efdb8b01377ea7.manifest.
Record Number: 56949
Source Name: SideBySide
Time Written: 20141217041553.000000-000
Event Type: Error
User: 
 
Computer Name: user
Event Code: 78
Message: Activation context generation failed for "C:\Users\User\Downloads\esetsmartinstaller_enu.exe".Error in manifest or policy file "" on line . A component version required by the application conflicts with another component version already active. Conflicting components are:. Component 1: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest. Component 2: C:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_a9efdb8b01377ea7.manifest.
Record Number: 56948
Source Name: SideBySide
Time Written: 20141217041553.000000-000
Event Type: Error
User: 
 
=====Security event log=====
 
Computer Name: user
Event Code: 6407
Message: AVG Internet Security 2014 unregistered from Windows Firewall. Windows Firewall is now controlling the filtering for BootTimeRuleCategory, StealthRuleCategory, FirewallRuleCategory.
Record Number: 99159
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20141217050848.730647-000
Event Type: Audit Success
User: 
 
Computer Name: user
Event Code: 4647
Message: User initiated logoff:
 
Subject:
Security ID: S-1-5-21-664592772-186111481-3113653328-1002
Account Name: Anthony Y
Account Domain: user
Logon ID: 0x9CED7
 
This event is generated when a logoff is initiated. No further user-initiated activity can occur. This event can be interpreted as a logoff event.
Record Number: 99158
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20141217050842.474230-000
Event Type: Audit Success
User: 
 
Computer Name: user
Event Code: 4672
Message: Special privileges assigned to new logon.
 
Subject:
Security ID: S-1-5-18
Account Name: SYSTEM
Account Domain: NT AUTHORITY
Logon ID: 0x3E7
 
Privileges: SeAssignPrimaryTokenPrivilege
SeTcbPrivilege
SeSecurityPrivilege
SeTakeOwnershipPrivilege
SeLoadDriverPrivilege
SeBackupPrivilege
SeRestorePrivilege
SeDebugPrivilege
SeAuditPrivilege
SeSystemEnvironmentPrivilege
SeImpersonatePrivilege
Record Number: 99157
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20141217050829.367125-000
Event Type: Audit Success
User: 
 
Computer Name: user
Event Code: 4624
Message: An account was successfully logged on.
 
Subject:
Security ID: S-1-5-18
Account Name: USER$
Account Domain: WORKGROUP
Logon ID: 0x3E7
 
Logon Type: 5
 
Impersonation Level: Impersonation
 
New Logon:
Security ID: S-1-5-18
Account Name: SYSTEM
Account Domain: NT AUTHORITY
Logon ID: 0x3E7
Logon GUID: {00000000-0000-0000-0000-000000000000}
 
Process Information:
Process ID: 0x550
Process Name: C:\Windows\System32\services.exe
 
Network Information:
Workstation Name:
Source Network Address: -
Source Port: -
 
Detailed Authentication Information:
Logon Process: Advapi  
Authentication Package: Negotiate
Transited Services: -
Package Name (NTLM only): -
Key Length: 0
 
This event is generated when a logon session is created. It is generated on the computer that was accessed.
 
The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe.
 
The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network).
 
The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on.
 
The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases.
 
The impersonation level field indicates the extent to which a process in the logon session can impersonate.
 
The authentication information fields provide detailed information about this specific logon request.
- Logon GUID is a unique identifier that can be used to correlate this event with a KDC event.
- Transited services indicate which intermediate services have participated in this logon request.
- Package name indicates which sub-protocol was used among the NTLM protocols.
- Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
Record Number: 99156
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20141217050829.367125-000
Event Type: Audit Success
User: 
 
Computer Name: user
Event Code: 1102
Message: The audit log was cleared.
Subject:
Security ID: S-1-5-21-664592772-186111481-3113653328-1002
Account Name: Anthony Y
Domain Name: user
Logon ID: 0x9CE89
Record Number: 99155
Source Name: Microsoft-Windows-Eventlog
Time Written: 20141217041158.018961-000
Event Type: Audit Success
User: 
 
======Environment variables======
 
"ComSpec"=%SystemRoot%\system32\cmd.exe
"FP_NO_HOST_CHECK"=NO
"NUMBER_OF_PROCESSORS"=8
"OS"=Windows_NT
"Path"=C:\Program Files (x86)\NVIDIA Corporation\PhysX\Common;C:\ProgramData\Oracle\Java\javapath;C:\Python34\;C:\Python34\Scripts;C:\Program Files (x86)\Intel\iCLS Client\;C:\Program Files\Intel\iCLS Client\;%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;%SYSTEMROOT%\System32\WindowsPowerShell\v1.0\;C:\Program Files\Intel\Intel® Management Engine Components\DAL;C:\Program Files\Intel\Intel® Management Engine Components\IPT;C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL;C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT;C:\Program Files (x86)\Intel\OpenCL SDK\2.0\bin\x86;C:\Program Files (x86)\Intel\OpenCL SDK\2.0\bin\x64;C:\Program Files\Condusiv Technologies\ExpressCache\;C:\Program Files (x86)\Windows Live\Shared;C:\Program Files\Intel\WiFi\bin\;C:\Program Files\Common Files\Intel\WirelessCommon\;C:\Program Files\Java\jdk1.8.0_11\bin;C:\Program Files (x86)\QuickTime\QTSystem\
"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC;.PY
"PROCESSOR_ARCHITECTURE"=AMD64
"PROCESSOR_IDENTIFIER"=Intel64 Family 6 Model 58 Stepping 9, GenuineIntel
"PROCESSOR_LEVEL"=6
"PROCESSOR_REVISION"=3a09
"PSModulePath"=%SystemRoot%\system32\WindowsPowerShell\v1.0\Modules\
"TEMP"=%SystemRoot%\TEMP
"TMP"=%SystemRoot%\TEMP
"USERNAME"=SYSTEM
"windir"=%SystemRoot%
"asl.log"=Destination=file
 
-----------------EOF-----------------

Log:

Logfile of random's system information tool 1.10 (written by random/random)
Run by Anthony Y at 2014-12-18 22:39:03
Microsoft Windows 8.1 
System drive C: has 498 GB (53%) free of 933 GB
Total RAM: 8079 MB (58% free)
 
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 10:39:39 PM, on 18-Dec-14
Platform: Unknown Windows (WinNT 6.02.1008)
MSIE: Internet Explorer v11.0 (11.00.9600.17416)
Boot mode: Normal
 
Running processes:
C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
C:\Program Files (x86)\Samsung\Settings\sSettings.exe
C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
C:\Program Files (x86)\Steam\Steam.exe
C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe
C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe
C:\Program Files (x86)\CyberLink\Shared files\brs.exe
C:\Program Files (x86)\Intel\IntelAppStore\bin\ismagent.exe
C:\Program Files (x86)\AVG\AVG2014\avgui.exe
C:\Program Files (x86)\AVG SafeGuard toolbar\vprot.exe
C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\WINDOWS\SysWOW64\ctfmon.exe
C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
C:\Program Files (x86)\AVG\AVG2014\avgcfgex.exe
C:\Program Files\trend micro\Anthony Y.exe
 
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://samsung13.msn.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://samsung13.msn.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/p/?LinkId=255141
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/p/?LinkId=255141
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = 
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = 
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = 
F2 - REG:system.ini: UserInit=userinit.exe,
O2 - BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre1.8.0_25\bin\ssv.dll
O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\Microsoft Office\Office14\URLREDIR.DLL
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre1.8.0_25\bin\jp2ssv.dll
O3 - Toolbar: AVG SafeGuard toolbar - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG SafeGuard toolbar\18.1.9.786\AVG SafeGuard toolbar_toolbar.dll
O4 - HKLM\..\Run: [CLMLServer_For_P2G8] "C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe"
O4 - HKLM\..\Run: [CLVirtualDrive] "C:\Program Files (x86)\CyberLink\Power2Go8\VirtualDrive.exe" /R
O4 - HKLM\..\Run: [RemoteControl10] "C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe"
O4 - HKLM\..\Run: [BDRegion] C:\Program Files (x86)\Cyberlink\Shared files\brs.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [Intel AppUp(SM) center] "C:\Program Files (x86)\Intel\IntelAppStore\bin\ismagent.exe" --domain-id F0399437-FD0C-4A48-B101-F0314A6172E4
O4 - HKLM\..\Run: [Norton Online Backup] C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuClient.exe
O4 - HKLM\..\Run: [AVG_UI] "C:\Program Files (x86)\AVG\AVG2014\avgui.exe" /TRAYONLY
O4 - HKLM\..\Run: [vProt] "C:\Program Files (x86)\AVG SafeGuard toolbar\vprot.exe"
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [CCPrt] "C:\Program Files (x86)\Cisco Systems\Cisco Connect\CCPrt.exe"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
O4 - HKCU\..\Run: [GUDelayStartup] "C:\Program Files (x86)\Glary Utilities 5\StartupManager.exe" -delayrun
O4 - HKCU\..\Run: [Steam] "C:\Program Files (x86)\Steam\steam.exe" -silent
O4 - HKCU\..\RunOnce: [Adobe Speed Launcher] 1418953515
O4 - Global Startup: DOW.lnk = C:\ProgramData\Samsung\DeleteOOBEWPP.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\Program Files (x86)\Microsoft Office\Office14\EXCEL.EXE/3000
O8 - Extra context menu item: Se&nd to OneNote - res://C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll/105
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O9 - Extra 'Tools' menuitem: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O9 - Extra button: Skype Click to Call settings - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O15 - Trusted Zone: *.clonewarsadventures.com
O15 - Trusted Zone: *.freerealms.com
O15 - Trusted Zone: *.soe.com
O15 - Trusted Zone: *.sony.com
O18 - Protocol: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O18 - Protocol: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\18.1.9\ViProtocol.dll
O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
O20 - AppInit_DLLs: C:\WINDOWS\SysWOW64\nvinit.dll
O21 - SSODL: EldosMountNotificator - {5FF49FE8-B332-4CB9-B102-FB6951629E55} - C:\windows\SysWow64\CbFsMntNtf3.dll
O22 - SharedTaskScheduler: Virtual Storage Mount Notification - {5FF49FE8-B332-4CB9-B102-FB6951629E55} - C:\windows\SysWow64\CbFsMntNtf3.dll
O23 - Service: Adobe Active File Monitor V11 (AdobeActiveFileMonitor11.0) - Adobe Systems Incorporated - C:\Program Files (x86)\Adobe\Elements 11 Organizer\PhotoshopElementsFileAgent.exe
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\WINDOWS\System32\alg.exe (file missing)
O23 - Service: Intel® Centrino® Wireless Bluetooth® + High Speed Service (AMPPALR3) - Intel Corporation - C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: AVG Firewall (avgfws) - AVG Technologies CZ, s.r.o. - C:\Program Files (x86)\AVG\AVG2014\avgfws.exe
O23 - Service: AVGIDSAgent - AVG Technologies CZ, s.r.o. - C:\Program Files (x86)\AVG\AVG2014\avgidsagent.exe
O23 - Service: AVG WatchDog (avgwd) - AVG Technologies CZ, s.r.o. - C:\Program Files (x86)\AVG\AVG2014\avgwdsvc.exe
O23 - Service: Bluetooth Device Monitor - Motorola Solutions, Inc. - C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe
O23 - Service: Bluetooth OBEX Service - Motorola Solutions, Inc. - C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Intel® Centrino® Wireless Bluetooth® + High Speed Security Service (BTHSSecurityMgr) - Intel® Corporation - C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe
O23 - Service: CyberLink Product - 2013/01/29 00:10:38 (CLKMSVC10_38F51D56) - CyberLink - C:\Program Files (x86)\CyberLink\PowerDVD10\NavFilter\kmsvc.exe
O23 - Service: Intel® Content Protection HECI Service (cphs) - Intel Corporation - C:\WINDOWS\SysWow64\IntelCpHeciSvc.exe
O23 - Service: Easy Launcher - Samsung Electronics CO., LTD. - C:\Program Files (x86)\Samsung\Settings\CmdServer\EasyLauncher.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\WINDOWS\System32\lsass.exe (file missing)
O23 - Service: Intel® PROSet/Wireless Event Log (EvtEng) - Intel® Corporation - C:\Program Files\Intel\WiFi\bin\EvtEng.exe
O23 - Service: ExpressCache - Condusiv Technologies - C:\Program Files\Condusiv Technologies\ExpressCache\ExpressCache.exe
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\WINDOWS\system32\fxssvc.exe (file missing)
O23 - Service: NVIDIA GeForce Experience Service (GfExperienceService) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: HP DS Service - Hewlett-Packard Company - C:\Program Files (x86)\HP\HPBDSService\HPBDSService.exe
O23 - Service: HP LaserJet Service - HP - C:\Program Files (x86)\HP\HPLaserJetService\HPLaserJetService.exe
O23 - Service: HP Support Solutions Framework Service (HPSupportSolutionsFrameworkService) - Hewlett-Packard Company - C:\Program Files (x86)\Hp\Common\HPSupportSolutionsFrameworkService.exe
O23 - Service: @%SystemRoot%\system32\ieetwcollectorres.dll,-1000 (IEEtwCollectorService) - Unknown owner - C:\WINDOWS\system32\IEEtwCollector.exe (file missing)
O23 - Service: Intel® HD Graphics Control Panel Service (igfxCUIService1.0.0.0) - Unknown owner - C:\WINDOWS\system32\igfxCUIService.exe (file missing)
O23 - Service: Intel® Capability Licensing Service Interface - Intel® Corporation - C:\Program Files\Intel\iCLS Client\HeciServer.exe
O23 - Service: Intel® ME Service - Intel Corporation - C:\Program Files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe
O23 - Service: Intel® Wireless Bluetooth® 4.0 Radio Management - Intel Corporation - C:\Program Files (x86)\Intel\Bluetooth\ibtrksrv.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Intel® Dynamic Application Loader Host Interface Service (jhi_service) - Intel Corporation - C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing)
O23 - Service: Intel® Management and Security Application Local Management Service (LMS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
O23 - Service: MBAMScheduler - Malwarebytes Corporation - C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\WINDOWS\System32\msdtc.exe (file missing)
O23 - Service: Wireless PAN DHCP Server (MyWiFiDHCPDNS) - Unknown owner - C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing)
O23 - Service: Norton Online Backup (NOBU) - Symantec Corporation - C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe
O23 - Service: NVIDIA Network Service (NvNetworkService) - NVIDIA Corporation - C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
O23 - Service: NVIDIA Streamer Service (NvStreamSvc) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - Unknown owner - C:\WINDOWS\system32\nvvsvc.exe (file missing)
O23 - Service: Intel® PROSet/Wireless Registry Service (RegSrvc) - Intel® Corporation - C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\WINDOWS\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing)
O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files (x86)\Skype\Updater\Updater.exe
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\WINDOWS\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\WINDOWS\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\WINDOWS\system32\sppsvc.exe (file missing)
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files (x86)\Common Files\Steam\SteamService.exe
O23 - Service: SW Update Service (SWUpdateService) - Samsung Electronics CO., LTD. - C:\ProgramData\Samsung\SW Update Service\SWMAgent.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\WINDOWS\system32\UI0Detect.exe (file missing)
O23 - Service: Intel® Management and Security Application User Notification Service (UNS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\WINDOWS\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\WINDOWS\system32\vssvc.exe (file missing)
O23 - Service: vToolbarUpdater18.1.9 - Unknown owner - C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\18.1.9\ToolbarUpdater.exe
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\WINDOWS\system32\wbengine.exe (file missing)
O23 - Service: @%ProgramFiles%\Windows Defender\MpAsDesc.dll,-320 (WdNisSvc) - Unknown owner - C:\Program Files (x86)\Windows Defender\NisSrv.exe (file missing)
O23 - Service: @%ProgramFiles%\Windows Defender\MpAsDesc.dll,-310 (WinDefend) - Unknown owner - C:\Program Files (x86)\Windows Defender\MsMpEng.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\WINDOWS\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)
O23 - Service: Intel® PROSet/Wireless Zero Configuration Service (ZeroConfigService) - Intel® Corporation - C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe
 
--
End of file - 16118 bytes
 
======Listing Processes======
 
 
 
 
c:\PROGRA~2\AVG\AVG2014\avgrsa.exe /boot
C:\Program Files (x86)\AVG\AVG2014\avgcsrva.exe /pipeName=9e01a463-4743-4d7a-a39b-e8091f96d703 /coreSdkOptions=4382 /logConfFile="C:\WINDOWS\system32\config\systemprofile\AppData\Local\Avg2014\temp\becd0e41-12f7-4304-9ad8-4521ae1a901f-298-oopp.tmp" /loggerName=AVG.RS.Core /binaryPath="C:\Program Files (x86)\AVG\AVG2014\" /tempPath="C:\WINDOWS\system32\config\systemprofile\AppData\Local\Avg2014\temp\" /logPath="C:\WINDOWS\system32\config\systemprofile\AppData\Local\Avg2014\log\"
 
wininit.exe
 
winlogon.exe
 
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe -k DcomLaunch
C:\WINDOWS\system32\svchost.exe -k RPCSS
"C:\WINDOWS\system32\nvvsvc.exe"
"dwm.exe"
"C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe"
C:\WINDOWS\system32\nvvsvc.exe -session -first
C:\WINDOWS\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\WINDOWS\system32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\WINDOWS\system32\igfxCUIService.exe
C:\WINDOWS\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\WINDOWS\system32\svchost.exe -k NetworkService
C:\WINDOWS\system32\WLANExt.exe 95896232176
\??\C:\WINDOWS\system32\conhost.exe 0x4
C:\WINDOWS\System32\spoolsv.exe
C:\WINDOWS\system32\svchost.exe -k LocalServiceNoNetwork
"C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe"
"C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe"
"C:\Program Files (x86)\AVG\AVG2014\avgfws.exe"
"C:\Program Files (x86)\AVG\AVG2014\avgidsagent.exe"
"C:\Program Files (x86)\AVG\AVG2014\avgwdsvc.exe"
"C:\Program Files\Bonjour\mDNSResponder.exe"
"C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe" /service
"C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe" /service
"C:\Program Files (x86)\Samsung\Settings\CmdServer\EasyLauncher.exe"
dashost.exe {721d981e-4b23-4eeb-8feaf867e6eac70d}
"C:\Program Files\Intel\WiFi\bin\EvtEng.exe"
"C:\Program Files\Condusiv Technologies\ExpressCache\ExpressCache.exe"
"C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe"
"C:\Program Files (x86)\HP\HPBDSService\HPBDSService.exe"
"C:\Program Files (x86)\AVG\AVG2014\avgnsa.exe"
"C:\Program Files (x86)\AVG\AVG2014\avgemca.exe"
"C:\Program Files (x86)\Hp\Common\HPSupportSolutionsFrameworkService.exe"
"C:\Program Files\Intel\iCLS Client\HeciServer.exe"
"C:\Program Files (x86)\Intel\Bluetooth\ibtrksrv.exe"
"C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe"
"C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe"
"C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe"
C:\windows\System32\svchost.exe -k HPZ12
"C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe"
"C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe"
C:\windows\System32\svchost.exe -k HPZ12
"C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe"
C:\WINDOWS\system32\svchost.exe -k imgsvc
"C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\18.1.9\ToolbarUpdater.exe"
"C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe"
"C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe" nss 6d054798-e460-49f9-94ef-82117e1de861 1
\??\C:\WINDOWS\system32\conhost.exe 0x4
"C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\18.1.9\loggingserver.exe" 72648 "C:\ProgramData\AVG Secure Search\Logger\logger.properties"
\??\C:\WINDOWS\system32\conhost.exe 0x4
C:\WINDOWS\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\WINDOWS\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\WINDOWS\System32\svchost.exe -k LocalServicePeerNet
C:\WINDOWS\system32\wbem\unsecapp.exe -Embedding
"C:\Program Files (x86)\Samsung\Settings\CmdServer\EasySettingsCmdServer.exe"
C:\WINDOWS\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
"C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe" /starttray
"C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe" serviceapp
"\Program Files\Synaptics\SynTP\SynTPEnh.exe" 
taskhostex.exe 
\??\C:\WINDOWS\system32\conhost.exe 0x4
C:\Windows\System32\InputMethod\CHT\ChtIME.exe -Embedding
"C:\Program Files (x86)\Samsung\Settings\sSettings.exe" /s
"C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe"
"C:\Program Files (x86)\Google\Update\1.3.25.11\GoogleCrashHandler.exe"
"C:\Program Files (x86)\Google\Update\1.3.25.11\GoogleCrashHandler64.exe"
igfxEM.exe 
igfxHK.exe 
igfxTray.exe 
C:\WINDOWS\system32\DllHost.exe /Processid:{30D49246-D217-465F-B00B-AC9DDD652EB7}
"C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE" 
"C:/Program Files/NVIDIA Corporation/Display/nvtray.exe" -user_has_logged_in 1
C:\WINDOWS\system32\SearchIndexer.exe /Embedding
"C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe" -s
"C:\Windows\System32\rundll32.exe" "C:\Program Files (x86)\Intel\Bluetooth\btmshellex.dll",TrayApp
"C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe"
"C:\Program Files (x86)\Steam\Steam.exe" -silent
"C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe"
"C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe" 
"C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe" 
"C:\Program Files (x86)\CyberLink\Shared files\brs.exe" 
"C:\Program Files (x86)\Intel\IntelAppStore\bin\ismagent.exe" --domain-id F0399437-FD0C-4A48-B101-F0314A6172E4
"C:\Program Files (x86)\AVG\AVG2014\avgui.exe" /TRAYONLY
"C:\Program Files (x86)\AVG SafeGuard toolbar\vprot.exe" 
"C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe" 
"C:\Program Files (x86)\iTunes\iTunesHelper.exe" 
"C:\Program Files\iPod\bin\iPodService.exe"
ctfmon.exe
C:\Windows\System32\InputMethod\CHT\ChtIME.exe -Embedding
"C:\Program Files\Samsung\S Agent\CommonAgent.exe" 
"C:\Program Files (x86)\Adobe\Elements 11 Organizer\PhotoshopElementsFileAgent.exe"
"C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe"
"C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe"
"C:\Program Files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe"
"C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe"
"C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe" SERVICE
"C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE"
"C:\ProgramData\Samsung\SW Update Service\SWMAgent.exe" /SERVICE
"C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe"
"C:\Program Files\Windows Media Player\wmpnetwk.exe"
"C:\Program Files (x86)\Steam\bin\steamwebhelper.exe" -cefhost -cachedir "C:\Program Files (x86)\Steam\config\htmlcache" -cookiepath "C:\Program Files (x86)\Steam\config\cookies" -steampid 6712 --blacklist-accelerated-compositing --process-per-tab --disable-accelerated-video-decode --enable-direct-write
"C:\Program Files (x86)\Common Files\Steam\SteamService.exe" /RunAsService
C:\WINDOWS\splwow64.exe 8192
"C:\Program Files\Samsung\Support Center\GuaranaAgent.exe" 
C:\Program Files (x86)\AVG\AVG2014\avgcsrva.exe /pipeName=9b05fa7c-2a91-4c78-82d9-3e544d4da456 /coreSdkOptions=4096 /binaryPath="C:\Program Files (x86)\AVG\AVG2014\" /tempPath="C:\WINDOWS\system32\config\systemprofile\AppData\Local\Avg2014\temp\" /logPath="C:\WINDOWS\system32\config\systemprofile\AppData\Local\Avg2014\log\"
C:\Program Files (x86)\AVG\AVG2014\avgcsrva.exe /pipeName=79acd904-6c76-4e4a-88cd-7007c8af9004 /coreSdkOptions=4114 /logConfFile="C:\WINDOWS\system32\config\systemprofile\AppData\Local\Avg2014\temp\09eff760-5d85-487a-bd44-bd07484c054c-834-oopp.tmp" /loggerName=AVG.NS.Core /binaryPath="C:\Program Files (x86)\AVG\AVG2014\" /tempPath="C:\WINDOWS\system32\config\systemprofile\AppData\Local\Avg2014\temp\"
"C:\WINDOWS\system32\taskmgr.exe" /7
 
"C:\WINDOWS\system32\SearchProtocolHost.exe" Global\UsGthrFltPipeMssGthrPipe6_ Global\UsGthrCtrlFltPipeMssGthrPipe6 1 -2147483646 "Software\Microsoft\Windows Search" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT; MS Search 4.0 Robot)" "C:\ProgramData\Microsoft\Search\Data\Temp\usgthrsvc" "DownLevelDaemon" 
"C:\WINDOWS\system32\SearchFilterHost.exe" 0 572 576 584 65536 580 
C:\WINDOWS\System32\svchost.exe -k WerSvcGroup
C:\WINDOWS\system32\wbem\WmiApSrv.exe
"C:\Users\User\Desktop\RSITx64.exe" 
"C:\Program Files (x86)\AVG\AVG2014\avgcfgex.exe"  /command_id=44140e7a-b676-4719-a9a9-8c168742e515 /client_id=22675d33-97da-4922-8fc9-3a048ce2b619
 
======Scheduled tasks folder======
 
C:\WINDOWS\tasks\Adobe Flash Player Updater.job - C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe  
C:\WINDOWS\tasks\GlaryInitialize 5.job - C:\Program Files (x86)\Glary Utilities 5\Initialize.exe  
C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe  /c 
C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe  /ua /installsource scheduler 
 
=========Mozilla firefox=========
 
ProfilePath - C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\mc4hbjg7.default
 
prefs.js - "keyword.URL" -  ""
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@adobe.com/FlashPlayer]
"Description"=Adobe® Flash® Player 15.0.0.246 Plugin
"Path"=C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_15_0_0_246.dll
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@Apple.com/iTunes,version=]
"Description"=iTunes Detector Plug-in
"Path"=
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@Apple.com/iTunes,version=1.0]
"Description"=
"Path"=C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin]
"Description"=
"Path"=C:\Program Files (x86)\Common Files\AVG Secure Search\SiteSafetyInstaller\18.1.9\\npsitesafety.dll
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@intel-webapi.intel.com/Intel WebAPI ipt;version=2.1.42]
"Description"=Intel IPT WebApi plugin
"Path"=C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@intel-webapi.intel.com/Intel WebAPI updater]
"Description"=This plugin updates Intel WebAPI component
"Path"=C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@java.com/DTPlugin,version=11.25.2]
"Description"=Java™ Deployment Toolkit
"Path"=C:\Program Files (x86)\Java\jre1.8.0_25\bin\dtplugin\npDeployJava1.dll
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@java.com/JavaPlugin,version=11.25.2]
"Description"=Oracle® Next Generation Java™ Plug-In
"Path"=C:\Program Files (x86)\Java\jre1.8.0_25\bin\plugin2\npjp2.dll
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0]
"Description"=Office Authorization plug-in for NPAPI browsers
"Path"=C:\PROGRA~2\Microsoft Office\Office14\NPAUTHZ.DLL
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@microsoft.com/SharePoint,version=14.0]
"Description"=Microsoft SharePoint Plug-in for Firefox
"Path"=C:\Program Files (x86)\Microsoft Office\Office14\NPSPWRAP.DLL
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@microsoft.com/WLPG,version=16.4.3503.0728]
"Description"=WLPG Install MIME type
"Path"=C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@tools.google.com/Google Update;version=3]
"Description"=Google Update
"Path"=C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@tools.google.com/Google Update;version=9]
"Description"=Google Update
"Path"=C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@videolan.org/vlc,version=2.1.3]
"Description"=VLC Multimedia Plugin
"Path"=C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\Adobe Reader]
"Description"=Handles PDFs in-place in Firefox
"Path"=C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll
 
 
[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@adobe.com/FlashPlayer]
"Description"=Adobe® Flash® Player 15.0.0.246 Plugin
"Path"=C:\WINDOWS\system32\Macromed\Flash\NPSWF64_15_0_0_246.dll
 
[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0]
"Description"=Office Authorization plug-in for NPAPI browsers
"Path"=C:\Program Files\Microsoft Office\Office14\NPAUTHZ.DLL
 
 
C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\mc4hbjg7.default\extensions\
{A143C337-CA7A-4348-8AB6-CDE6E91EDB39}
 
======Registry dump======
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}]
Skype Click to Call for Internet Explorer - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll [2014-07-14 2117216]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B4F3A835-0E21-4959-BA22-42B3008E02FF}]
Office Document Cache Handler - C:\PROGRA~1\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06 690392]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
Java™ Plug-In SSV Helper - C:\Program Files (x86)\Java\jre1.8.0_25\bin\ssv.dll [2014-11-01 460712]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}]
Skype Click to Call for Internet Explorer - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2014-07-14 1709152]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B4F3A835-0E21-4959-BA22-42B3008E02FF}]
Office Document Cache Handler - C:\PROGRA~2\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06 562904]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java™ Plug-In 2 SSV Helper - C:\Program Files (x86)\Java\jre1.8.0_25\bin\jp2ssv.dll [2014-11-01 172968]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{95B7759C-8C7F-4BF1-B163-73684A933233} - AVG SafeGuard toolbar - C:\Program Files\AVG SafeGuard toolbar\18.1.9.786\AVG SafeGuard toolbar_toolbar.dll [2014-08-11 6431768]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Internet Explorer\Toolbar]
{95B7759C-8C7F-4BF1-B163-73684A933233} - AVG SafeGuard toolbar - C:\Program Files (x86)\AVG SafeGuard toolbar\18.1.9.786\AVG SafeGuard toolbar_toolbar.dll [2014-08-11 3627032]
 
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"=C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [2012-08-06 13191312]
"AdobeAAMUpdater-1.0"=C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [2011-06-16 499608]
"Bitcasa"=C:\Program Files\Bitcasa\Bitcasa.exe [2012-12-27 4365824]
"BTMTrayAgent"=C:\Program Files (x86)\Intel\Bluetooth\btmshellex.dll [2013-09-19 7818040]
"NvBackend"=C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2014-10-16 2462536]
"ShadowPlay"=C:\WINDOWS\system32\nvspcap64.dll [2014-10-16 2800296]
 
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"GUDelayStartup"=C:\Program Files (x86)\Glary Utilities 5\StartupManager.exe [2014-08-04 37152]
"Steam"=C:\Program Files (x86)\Steam\steam.exe [2014-11-18 1940160]
 
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"Adobe Speed Launcher"=1418953515 []
 
[HKEY_LOCAL_MACHINE\Software\wow6432node\Microsoft\Windows\CurrentVersion\Run]
"CLMLServer_For_P2G8"=C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe [2012-06-07 111120]
"CLVirtualDrive"=C:\Program Files (x86)\CyberLink\Power2Go8\VirtualDrive.exe [2012-07-12 491120]
"RemoteControl10"=C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe [2012-08-15 97392]
"BDRegion"=C:\Program Files (x86)\Cyberlink\Shared files\brs.exe [2012-05-22 78352]
"Adobe Reader Speed Launcher"=C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe [2014-12-03 40336]
"Adobe ARM"=C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2014-11-20 1021128]
"Intel AppUp(SM) center"=C:\Program Files (x86)\Intel\IntelAppStore\bin\ismagent.exe [2012-07-13 155488]
"Norton Online Backup"=C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuClient.exe [2012-08-14 2994880]
"AVG_UI"=C:\Program Files (x86)\AVG\AVG2014\avgui.exe [2014-11-07 5188112]
"vProt"=C:\Program Files (x86)\AVG SafeGuard toolbar\vprot.exe [2014-08-30 2640408]
"HP Software Update"=C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe [2010-06-09 49208]
""= []
"CCPrt"=C:\Program Files (x86)\Cisco Systems\Cisco Connect\CCPrt.exe [2012-01-06 1267320]
"iTunesHelper"=C:\Program Files (x86)\iTunes\iTunesHelper.exe [2014-10-15 157480]
"QuickTime Task"=C:\Program Files (x86)\QuickTime\QTTask.exe [2014-10-02 421888]
 
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup
DOW.lnk - C:\ProgramData\Samsung\DeleteOOBEWPP.exe
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"="C:\windows\system32\nvinitx.dll, C:\WINDOWS\system32\nvinitx.dll"
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui]
igfxdev.dll []
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
EldosMountNotificator - {5FF49FE8-B332-4CB9-B102-FB6951629E55} - C:\windows\system32\CbFsMntNtf3.dll [2012-08-05 190480]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\explorer\SharedTaskScheduler]
Virtual Storage Mount Notification - {5FF49FE8-B332-4CB9-B102-FB6951629E55} - C:\windows\system32\CbFsMntNtf3.dll [2012-08-05 190480]
 
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"DisableTaskMgr"=0
 
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
 
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32]
"msacm.l3acm"=C:\Windows\System32\l3codeca.acm
"VIDC.YUY2"=msyuv.dll
"vidc.i420"=iyuv_32.dll
"msacm.msgsm610"=msgsm32.acm
"msacm.msg711"=msg711.acm
"VIDC.YVYU"=msyuv.dll
"VIDC.YVU9"=tsbyuv.dll
"wavemapper"=msacm32.drv
"midimapper"=midimap.dll
"VIDC.UYVY"=msyuv.dll
"VIDC.IYUV"=iyuv_32.dll
"vidc.mrle"=msrle32.dll
"msacm.imaadpcm"=imaadp32.acm
"msacm.msadpcm"=msadp32.acm
"vidc.msvc"=msvidc32.dll
"MSVideo8"=VfWWDM32.dll
"wave"=wdmaud.drv
"midi"=wdmaud.drv
"mixer"=wdmaud.drv
"aux"=wdmaud.drv
"wave1"=wdmaud.drv
"midi1"=wdmaud.drv
"mixer1"=wdmaud.drv
"aux1"=wdmaud.drv
"wave2"=wdmaud.drv
"midi2"=wdmaud.drv
"mixer2"=wdmaud.drv
 
======File associations======
 
.js - edit - C:\Windows\System32\Notepad.exe %1
.js - open - C:\Windows\System32\WScript.exe "%1" %*
 
======List of files/folders created in the last 3 months======
 
2014-12-18 22:39:05 ----D---- C:\Program Files\trend micro
2014-12-18 22:39:03 ----D---- C:\rsit
2014-12-17 22:10:12 ----A---- C:\TDSSKiller.3.0.0.42_17.12.2014_22.10.12_log.txt
2014-12-17 22:07:59 ----A---- C:\TDSSKiller.3.0.0.42_17.12.2014_22.07.59_log.txt
2014-12-16 23:15:53 ----D---- C:\Program Files (x86)\ESET
2014-12-16 23:05:15 ----D---- C:\WINDOWS\ERUNT
2014-12-16 22:59:56 ----D---- C:\AdwCleaner
2014-12-16 22:58:58 ----A---- C:\TDSSKiller.3.0.0.42_16.12.2014_22.58.58_log.txt
2014-12-16 22:53:06 ----A---- C:\TDSSKiller.3.0.0.42_16.12.2014_22.53.06_log.txt
2014-12-15 18:59:13 ----A---- C:\WINDOWS\system32\poqexec.exe
2014-12-15 18:59:12 ----A---- C:\WINDOWS\SYSWOW64\poqexec.exe
2014-12-10 13:37:31 ----A---- C:\WINDOWS\SYSWOW64\crypt32.dll
2014-12-10 13:37:31 ----A---- C:\WINDOWS\system32\crypt32.dll
2014-12-10 13:37:15 ----A---- C:\WINDOWS\SYSWOW64\DeviceSetupStatusProvider.dll
2014-12-10 13:37:15 ----A---- C:\WINDOWS\system32\DeviceSetupStatusProvider.dll
2014-12-10 13:37:02 ----A---- C:\WINDOWS\SYSWOW64\MrmCoreR.dll
2014-12-10 13:37:02 ----A---- C:\WINDOWS\system32\MrmCoreR.dll
2014-12-10 09:17:20 ----A---- C:\WINDOWS\system32\mshtml.dll
2014-12-10 09:17:19 ----A---- C:\WINDOWS\SYSWOW64\mshtml.dll
2014-12-10 09:17:16 ----A---- C:\WINDOWS\SYSWOW64\ieframe.dll
2014-12-10 09:17:16 ----A---- C:\WINDOWS\system32\ieframe.dll
2014-12-10 09:17:15 ----A---- C:\WINDOWS\SYSWOW64\wininet.dll
2014-12-10 09:17:15 ----A---- C:\WINDOWS\SYSWOW64\iertutil.dll
2014-12-10 09:17:15 ----A---- C:\WINDOWS\system32\wininet.dll
2014-12-10 09:17:15 ----A---- C:\WINDOWS\system32\urlmon.dll
2014-12-10 09:17:15 ----A---- C:\WINDOWS\system32\jscript9.dll
2014-12-10 09:17:15 ----A---- C:\WINDOWS\system32\iertutil.dll
2014-12-10 09:17:14 ----A---- C:\WINDOWS\SYSWOW64\urlmon.dll
2014-12-10 09:17:14 ----A---- C:\WINDOWS\SYSWOW64\jscript9.dll
2014-12-10 09:17:13 ----A---- C:\WINDOWS\SYSWOW64\vbscript.dll
2014-12-10 09:17:13 ----A---- C:\WINDOWS\SYSWOW64\ieapfltr.dll
2014-12-10 09:17:13 ----A---- C:\WINDOWS\system32\ieapfltr.dll
2014-12-10 09:17:12 ----A---- C:\WINDOWS\SYSWOW64\webcheck.dll
2014-12-10 09:17:12 ----A---- C:\WINDOWS\SYSWOW64\mshtmled.dll
2014-12-10 09:17:12 ----A---- C:\WINDOWS\SYSWOW64\MshtmlDac.dll
2014-12-10 09:17:12 ----A---- C:\WINDOWS\SYSWOW64\msfeeds.dll
2014-12-10 09:17:12 ----A---- C:\WINDOWS\SYSWOW64\iepeers.dll
2014-12-10 09:17:12 ----A---- C:\WINDOWS\SYSWOW64\iedkcs32.dll
2014-12-10 09:17:12 ----A---- C:\WINDOWS\SYSWOW64\dxtrans.dll
2014-12-10 09:17:12 ----A---- C:\WINDOWS\system32\webcheck.dll
2014-12-10 09:17:12 ----A---- C:\WINDOWS\system32\vbscript.dll
2014-12-10 09:17:12 ----A---- C:\WINDOWS\system32\mshtmled.dll
2014-12-10 09:17:12 ----A---- C:\WINDOWS\system32\MshtmlDac.dll
2014-12-10 09:17:12 ----A---- C:\WINDOWS\system32\msfeeds.dll
2014-12-10 09:17:12 ----A---- C:\WINDOWS\system32\jscript.dll
2014-12-10 09:17:12 ----A---- C:\WINDOWS\system32\inetcomm.dll
2014-12-10 09:17:12 ----A---- C:\WINDOWS\system32\iepeers.dll
2014-12-10 09:17:12 ----A---- C:\WINDOWS\system32\iedkcs32.dll
2014-12-10 09:17:12 ----A---- C:\WINDOWS\system32\ie4uinit.exe
2014-12-10 09:17:12 ----A---- C:\WINDOWS\system32\dxtrans.dll
2014-12-10 09:17:11 ----A---- C:\WINDOWS\SYSWOW64\jscript.dll
2014-12-10 09:17:11 ----A---- C:\WINDOWS\SYSWOW64\inetcomm.dll
2014-12-10 09:17:09 ----A---- C:\WINDOWS\SYSWOW64\WindowsCodecs.dll
2014-12-10 09:17:09 ----A---- C:\WINDOWS\system32\WindowsCodecs.dll
2014-12-10 09:17:08 ----AC---- C:\WINDOWS\system32\drivers\sdbus.sys
2014-12-10 09:17:08 ----AC---- C:\WINDOWS\system32\drivers\intelpep.sys
2014-12-10 09:17:08 ----AC---- C:\WINDOWS\system32\drivers\dumpsd.sys
2014-12-10 09:17:08 ----A---- C:\WINDOWS\system32\drivers\pdc.sys
2014-11-19 14:19:38 ----A---- C:\WINDOWS\SYSWOW64\pku2u.dll
2014-11-19 14:19:38 ----A---- C:\WINDOWS\SYSWOW64\kerberos.dll
2014-11-19 14:19:38 ----A---- C:\WINDOWS\system32\kerberos.dll
2014-11-19 14:19:37 ----A---- C:\WINDOWS\system32\pku2u.dll
2014-11-19 14:15:08 ----D---- C:\Users\User\AppData\Roaming\Cubic
2014-11-19 04:31:16 ----A---- C:\WINDOWS\SYSWOW64\FM20.DLL
2014-11-16 10:28:35 ----A---- C:\WINDOWS\system32\drivers\585C1E88.sys
2014-11-15 12:48:32 ----A---- C:\WINDOWS\SYSWOW64\XAudio2_7.dll
2014-11-15 12:48:32 ----A---- C:\WINDOWS\SYSWOW64\XAPOFX1_5.dll
2014-11-15 12:48:32 ----A---- C:\WINDOWS\system32\XAudio2_7.dll
2014-11-15 12:48:32 ----A---- C:\WINDOWS\system32\XAPOFX1_5.dll
2014-11-15 12:48:31 ----A---- C:\WINDOWS\SYSWOW64\xactengine3_7.dll
2014-11-15 12:48:31 ----A---- C:\WINDOWS\system32\xactengine3_7.dll
2014-11-15 12:48:29 ----A---- C:\WINDOWS\SYSWOW64\D3DCompiler_43.dll
2014-11-15 12:48:29 ----A---- C:\WINDOWS\system32\D3DCompiler_43.dll
2014-11-15 12:48:28 ----A---- C:\WINDOWS\SYSWOW64\d3dcsx_43.dll
2014-11-15 12:48:28 ----A---- C:\WINDOWS\system32\d3dcsx_43.dll
2014-11-15 12:48:27 ----A---- C:\WINDOWS\SYSWOW64\d3dx11_43.dll
2014-11-15 12:48:27 ----A---- C:\WINDOWS\system32\d3dx11_43.dll
2014-11-15 12:48:25 ----A---- C:\WINDOWS\SYSWOW64\d3dx10_43.dll
2014-11-15 12:48:25 ----A---- C:\WINDOWS\system32\d3dx10_43.dll
2014-11-15 12:48:22 ----A---- C:\WINDOWS\SYSWOW64\D3DX9_43.dll
2014-11-15 12:48:20 ----A---- C:\WINDOWS\SYSWOW64\XAudio2_6.dll
2014-11-15 12:48:20 ----A---- C:\WINDOWS\SYSWOW64\XAPOFX1_4.dll
2014-11-15 12:48:20 ----A---- C:\WINDOWS\SYSWOW64\xactengine3_6.dll
2014-11-15 12:48:20 ----A---- C:\WINDOWS\SYSWOW64\X3DAudio1_7.dll
2014-11-15 12:48:20 ----A---- C:\WINDOWS\system32\XAudio2_6.dll
2014-11-15 12:48:20 ----A---- C:\WINDOWS\system32\XAPOFX1_4.dll
2014-11-15 12:48:20 ----A---- C:\WINDOWS\system32\xactengine3_6.dll
2014-11-15 12:48:20 ----A---- C:\WINDOWS\system32\X3DAudio1_7.dll
2014-11-15 12:48:18 ----A---- C:\WINDOWS\SYSWOW64\XAudio2_5.dll
2014-11-15 12:48:18 ----A---- C:\WINDOWS\system32\XAudio2_5.dll
2014-11-15 12:48:16 ----A---- C:\WINDOWS\SYSWOW64\xactengine3_5.dll
2014-11-15 12:48:16 ----A---- C:\WINDOWS\system32\xactengine3_5.dll
2014-11-15 12:48:15 ----A---- C:\WINDOWS\SYSWOW64\D3DCompiler_42.dll
2014-11-15 12:48:15 ----A---- C:\WINDOWS\system32\D3DCompiler_42.dll
2014-11-15 12:48:10 ----A---- C:\WINDOWS\SYSWOW64\d3dcsx_42.dll
2014-11-15 12:48:10 ----A---- C:\WINDOWS\system32\d3dcsx_42.dll
2014-11-15 12:48:09 ----A---- C:\WINDOWS\SYSWOW64\d3dx11_42.dll
2014-11-15 12:48:09 ----A---- C:\WINDOWS\system32\d3dx11_42.dll
2014-11-15 12:48:08 ----A---- C:\WINDOWS\SYSWOW64\d3dx10_42.dll
2014-11-15 12:48:08 ----A---- C:\WINDOWS\system32\d3dx10_42.dll
2014-11-15 12:48:04 ----A---- C:\WINDOWS\SYSWOW64\D3DX9_42.dll
2014-11-15 12:48:04 ----A---- C:\WINDOWS\system32\D3DX9_42.dll
2014-11-15 12:47:58 ----A---- C:\WINDOWS\system32\d3dx10_41.dll
2014-11-15 12:47:58 ----A---- C:\WINDOWS\system32\D3DCompiler_41.dll
2014-11-15 12:47:53 ----A---- C:\WINDOWS\SYSWOW64\D3DX9_41.dll
2014-11-15 12:47:53 ----A---- C:\WINDOWS\system32\D3DX9_41.dll
2014-11-15 12:47:51 ----A---- C:\WINDOWS\SYSWOW64\XAudio2_4.dll
2014-11-15 12:47:51 ----A---- C:\WINDOWS\SYSWOW64\XAPOFX1_3.dll
2014-11-15 12:47:51 ----A---- C:\WINDOWS\SYSWOW64\xactengine3_4.dll
2014-11-15 12:47:51 ----A---- C:\WINDOWS\system32\XAudio2_4.dll
2014-11-15 12:47:51 ----A---- C:\WINDOWS\system32\XAPOFX1_3.dll
2014-11-15 12:47:51 ----A---- C:\WINDOWS\system32\xactengine3_4.dll
2014-11-15 12:47:50 ----A---- C:\WINDOWS\SYSWOW64\X3DAudio1_6.dll
2014-11-15 12:47:50 ----A---- C:\WINDOWS\system32\X3DAudio1_6.dll
2014-11-15 12:47:44 ----A---- C:\WINDOWS\SYSWOW64\d3dx10_40.dll
2014-11-15 12:47:44 ----A---- C:\WINDOWS\SYSWOW64\D3DCompiler_40.dll
2014-11-15 12:47:44 ----A---- C:\WINDOWS\system32\d3dx10_40.dll
2014-11-15 12:47:44 ----A---- C:\WINDOWS\system32\D3DCompiler_40.dll
2014-11-15 12:47:38 ----A---- C:\WINDOWS\SYSWOW64\D3DX9_40.dll
2014-11-15 12:47:38 ----A---- C:\WINDOWS\system32\D3DX9_40.dll
2014-11-15 12:47:33 ----A---- C:\WINDOWS\SYSWOW64\XAudio2_3.dll
2014-11-15 12:47:33 ----A---- C:\WINDOWS\SYSWOW64\XAPOFX1_2.dll
2014-11-15 12:47:33 ----A---- C:\WINDOWS\system32\XAudio2_3.dll
2014-11-15 12:47:33 ----A---- C:\WINDOWS\system32\XAPOFX1_2.dll
2014-11-15 12:47:32 ----A---- C:\WINDOWS\SYSWOW64\xactengine3_3.dll
2014-11-15 12:47:32 ----A---- C:\WINDOWS\SYSWOW64\X3DAudio1_5.dll
2014-11-15 12:47:32 ----A---- C:\WINDOWS\system32\xactengine3_3.dll
2014-11-15 12:47:32 ----A---- C:\WINDOWS\system32\X3DAudio1_5.dll
2014-11-15 12:47:30 ----A---- C:\WINDOWS\SYSWOW64\XAudio2_2.dll
2014-11-15 12:47:30 ----A---- C:\WINDOWS\SYSWOW64\XAPOFX1_1.dll
2014-11-15 12:47:30 ----A---- C:\WINDOWS\system32\XAudio2_2.dll
2014-11-15 12:47:30 ----A---- C:\WINDOWS\system32\XAPOFX1_1.dll
2014-11-15 12:47:29 ----A---- C:\WINDOWS\SYSWOW64\xactengine3_2.dll
2014-11-15 12:47:29 ----A---- C:\WINDOWS\system32\xactengine3_2.dll
2014-11-15 12:47:26 ----A---- C:\WINDOWS\SYSWOW64\d3dx10_39.dll
2014-11-15 12:47:26 ----A---- C:\WINDOWS\SYSWOW64\D3DCompiler_39.dll
2014-11-15 12:47:26 ----A---- C:\WINDOWS\system32\d3dx10_39.dll
2014-11-15 12:47:26 ----A---- C:\WINDOWS\system32\D3DCompiler_39.dll
2014-11-15 12:47:22 ----A---- C:\WINDOWS\SYSWOW64\D3DX9_39.dll
2014-11-15 12:47:22 ----A---- C:\WINDOWS\system32\D3DX9_39.dll
2014-11-15 12:47:19 ----A---- C:\WINDOWS\SYSWOW64\XAudio2_1.dll
2014-11-15 12:47:19 ----A---- C:\WINDOWS\SYSWOW64\XAPOFX1_0.dll
2014-11-15 12:47:19 ----A---- C:\WINDOWS\system32\XAudio2_1.dll
2014-11-15 12:47:19 ----A---- C:\WINDOWS\system32\XAPOFX1_0.dll
2014-11-15 12:47:18 ----A---- C:\WINDOWS\SYSWOW64\xactengine3_1.dll
2014-11-15 12:47:18 ----A---- C:\WINDOWS\system32\xactengine3_1.dll
2014-11-15 12:47:17 ----A---- C:\WINDOWS\SYSWOW64\X3DAudio1_4.dll
2014-11-15 12:47:17 ----A---- C:\WINDOWS\system32\X3DAudio1_4.dll
2014-11-15 12:47:13 ----A---- C:\WINDOWS\SYSWOW64\d3dx10_38.dll
2014-11-15 12:47:13 ----A---- C:\WINDOWS\SYSWOW64\D3DCompiler_38.dll
2014-11-15 12:47:13 ----A---- C:\WINDOWS\system32\d3dx10_38.dll
2014-11-15 12:47:13 ----A---- C:\WINDOWS\system32\D3DCompiler_38.dll
2014-11-15 12:47:02 ----A---- C:\WINDOWS\SYSWOW64\D3DX9_38.dll
2014-11-15 12:47:02 ----A---- C:\WINDOWS\system32\D3DX9_38.dll
2014-11-15 12:47:01 ----A---- C:\WINDOWS\SYSWOW64\XAudio2_0.dll
2014-11-15 12:47:01 ----A---- C:\WINDOWS\system32\XAudio2_0.dll
2014-11-15 12:46:58 ----A---- C:\WINDOWS\SYSWOW64\xactengine3_0.dll
2014-11-15 12:46:58 ----A---- C:\WINDOWS\system32\xactengine3_0.dll
2014-11-15 12:46:56 ----A---- C:\WINDOWS\SYSWOW64\X3DAudio1_3.dll
2014-11-15 12:46:56 ----A---- C:\WINDOWS\system32\X3DAudio1_3.dll
2014-11-15 12:46:51 ----A---- C:\WINDOWS\SYSWOW64\d3dx10_37.dll
2014-11-15 12:46:51 ----A---- C:\WINDOWS\SYSWOW64\D3DCompiler_37.dll
2014-11-15 12:46:51 ----A---- C:\WINDOWS\system32\d3dx10_37.dll
2014-11-15 12:46:51 ----A---- C:\WINDOWS\system32\D3DCompiler_37.dll
2014-11-15 12:46:42 ----A---- C:\WINDOWS\SYSWOW64\D3DX9_37.dll
2014-11-15 12:46:42 ----A---- C:\WINDOWS\system32\D3DX9_37.dll
2014-11-15 12:46:41 ----A---- C:\WINDOWS\SYSWOW64\xactengine2_10.dll
2014-11-15 12:46:41 ----A---- C:\WINDOWS\system32\xactengine2_10.dll
2014-11-15 12:46:32 ----A---- C:\WINDOWS\SYSWOW64\d3dx10_36.dll
2014-11-15 12:46:32 ----A---- C:\WINDOWS\SYSWOW64\D3DCompiler_36.dll
2014-11-15 12:46:32 ----A---- C:\WINDOWS\system32\d3dx10_36.dll
2014-11-15 12:46:32 ----A---- C:\WINDOWS\system32\D3DCompiler_36.dll
2014-11-15 12:46:24 ----A---- C:\WINDOWS\SYSWOW64\d3dx9_36.dll
2014-11-15 12:46:24 ----A---- C:\WINDOWS\system32\d3dx9_36.dll
2014-11-15 12:46:22 ----A---- C:\WINDOWS\SYSWOW64\xactengine2_9.dll
2014-11-15 12:46:22 ----A---- C:\WINDOWS\system32\xactengine2_9.dll
2014-11-15 12:46:19 ----A---- C:\WINDOWS\SYSWOW64\d3dx10_35.dll
2014-11-15 12:46:19 ----A---- C:\WINDOWS\SYSWOW64\D3DCompiler_35.dll
2014-11-15 12:46:19 ----A---- C:\WINDOWS\system32\d3dx10_35.dll
2014-11-15 12:46:19 ----A---- C:\WINDOWS\system32\D3DCompiler_35.dll
2014-11-15 12:46:12 ----A---- C:\WINDOWS\SYSWOW64\d3dx9_35.dll
2014-11-15 12:46:12 ----A---- C:\WINDOWS\system32\d3dx9_35.dll
2014-11-15 12:46:10 ----A---- C:\WINDOWS\SYSWOW64\xactengine2_8.dll
2014-11-15 12:46:10 ----A---- C:\WINDOWS\SYSWOW64\X3DAudio1_2.dll
2014-11-15 12:46:10 ----A---- C:\WINDOWS\system32\xactengine2_8.dll
2014-11-15 12:46:10 ----A---- C:\WINDOWS\system32\X3DAudio1_2.dll
2014-11-15 12:46:06 ----A---- C:\WINDOWS\SYSWOW64\d3dx10_34.dll
2014-11-15 12:46:06 ----A---- C:\WINDOWS\SYSWOW64\D3DCompiler_34.dll
2014-11-15 12:46:06 ----A---- C:\WINDOWS\system32\d3dx10_34.dll
2014-11-15 12:46:06 ----A---- C:\WINDOWS\system32\D3DCompiler_34.dll
2014-11-15 12:46:00 ----A---- C:\WINDOWS\SYSWOW64\d3dx9_34.dll
2014-11-15 12:46:00 ----A---- C:\WINDOWS\system32\d3dx9_34.dll
2014-11-15 12:45:59 ----A---- C:\WINDOWS\SYSWOW64\xinput1_3.dll
2014-11-15 12:45:59 ----A---- C:\WINDOWS\system32\xinput1_3.dll
2014-11-15 12:45:55 ----A---- C:\WINDOWS\SYSWOW64\xactengine2_7.dll
2014-11-15 12:45:55 ----A---- C:\WINDOWS\system32\xactengine2_7.dll
2014-11-15 12:45:52 ----A---- C:\WINDOWS\SYSWOW64\d3dx10_33.dll
2014-11-15 12:45:52 ----A---- C:\WINDOWS\SYSWOW64\D3DCompiler_33.dll
2014-11-15 12:45:52 ----A---- C:\WINDOWS\system32\d3dx10_33.dll
2014-11-15 12:45:52 ----A---- C:\WINDOWS\system32\D3DCompiler_33.dll
2014-11-15 12:45:48 ----A---- C:\WINDOWS\SYSWOW64\d3dx9_33.dll
2014-11-15 12:45:48 ----A---- C:\WINDOWS\system32\d3dx9_33.dll
2014-11-15 12:45:42 ----A---- C:\WINDOWS\SYSWOW64\xactengine2_6.dll
2014-11-15 12:45:42 ----A---- C:\WINDOWS\system32\xactengine2_6.dll
2014-11-15 12:45:40 ----A---- C:\WINDOWS\SYSWOW64\xactengine2_5.dll
2014-11-15 12:45:40 ----A---- C:\WINDOWS\system32\xactengine2_5.dll
2014-11-15 12:45:39 ----A---- C:\WINDOWS\SYSWOW64\d3dx10.dll
2014-11-15 12:45:39 ----A---- C:\WINDOWS\system32\d3dx10.dll
2014-11-15 12:45:36 ----A---- C:\WINDOWS\SYSWOW64\d3dx9_32.dll
2014-11-15 12:45:36 ----A---- C:\WINDOWS\system32\d3dx9_32.dll
2014-11-15 12:45:34 ----A---- C:\WINDOWS\SYSWOW64\xactengine2_4.dll
2014-11-15 12:45:34 ----A---- C:\WINDOWS\SYSWOW64\x3daudio1_1.dll
2014-11-15 12:45:34 ----A---- C:\WINDOWS\system32\xactengine2_4.dll
2014-11-15 12:45:34 ----A---- C:\WINDOWS\system32\x3daudio1_1.dll
2014-11-15 12:45:31 ----A---- C:\WINDOWS\SYSWOW64\d3dx9_31.dll
2014-11-15 12:45:31 ----A---- C:\WINDOWS\system32\d3dx9_31.dll
2014-11-15 12:45:29 ----A---- C:\WINDOWS\SYSWOW64\xactengine2_3.dll
2014-11-15 12:45:29 ----A---- C:\WINDOWS\system32\xactengine2_3.dll
2014-11-15 12:45:28 ----A---- C:\WINDOWS\SYSWOW64\xinput1_2.dll
2014-11-15 12:45:28 ----A---- C:\WINDOWS\system32\xinput1_2.dll
2014-11-15 12:45:27 ----A---- C:\WINDOWS\SYSWOW64\xactengine2_2.dll
2014-11-15 12:45:27 ----A---- C:\WINDOWS\system32\xactengine2_2.dll
2014-11-15 12:45:25 ----A---- C:\WINDOWS\SYSWOW64\xinput1_1.dll
2014-11-15 12:45:25 ----A---- C:\WINDOWS\system32\xinput1_1.dll
2014-11-15 12:45:22 ----A---- C:\WINDOWS\SYSWOW64\xactengine2_1.dll
2014-11-15 12:45:22 ----A---- C:\WINDOWS\system32\xactengine2_1.dll
2014-11-15 12:44:50 ----A---- C:\WINDOWS\SYSWOW64\d3dx9_30.dll
2014-11-15 12:44:50 ----A---- C:\WINDOWS\system32\d3dx9_30.dll
2014-11-15 12:44:47 ----A---- C:\WINDOWS\SYSWOW64\xactengine2_0.dll
2014-11-15 12:44:47 ----A---- C:\WINDOWS\SYSWOW64\x3daudio1_0.dll
2014-11-15 12:44:47 ----A---- C:\WINDOWS\system32\xactengine2_0.dll
2014-11-15 12:44:47 ----A---- C:\WINDOWS\system32\x3daudio1_0.dll
2014-11-15 12:44:44 ----A---- C:\WINDOWS\SYSWOW64\d3dx9_29.dll
2014-11-15 12:44:44 ----A---- C:\WINDOWS\system32\d3dx9_29.dll
2014-11-15 12:44:40 ----A---- C:\WINDOWS\SYSWOW64\d3dx9_28.dll
2014-11-15 12:44:40 ----A---- C:\WINDOWS\system32\d3dx9_28.dll
2014-11-15 12:44:34 ----A---- C:\WINDOWS\SYSWOW64\d3dx9_27.dll
2014-11-15 12:44:34 ----A---- C:\WINDOWS\system32\d3dx9_27.dll
2014-11-15 12:44:30 ----A---- C:\WINDOWS\SYSWOW64\d3dx9_26.dll
2014-11-15 12:44:30 ----A---- C:\WINDOWS\system32\d3dx9_26.dll
2014-11-15 12:44:23 ----A---- C:\WINDOWS\SYSWOW64\d3dx9_25.dll
2014-11-15 12:44:23 ----A---- C:\WINDOWS\system32\d3dx9_25.dll
2014-11-15 12:44:19 ----A---- C:\WINDOWS\SYSWOW64\d3dx9_24.dll
2014-11-15 12:44:19 ----A---- C:\WINDOWS\system32\d3dx9_24.dll
2014-11-14 01:14:10 ----A---- C:\WINDOWS\SYSWOW64\winshfhc.dll
2014-11-14 01:14:10 ----A---- C:\WINDOWS\system32\winshfhc.dll
2014-11-14 01:14:10 ----A---- C:\WINDOWS\system32\drivers\WdNisDrv.sys
2014-11-14 01:14:10 ----A---- C:\WINDOWS\system32\drivers\WdFilter.sys
2014-11-14 01:14:10 ----A---- C:\WINDOWS\system32\drivers\WdBoot.sys
2014-11-14 01:14:01 ----A---- C:\WINDOWS\SYSWOW64\user32.dll
2014-11-14 01:14:01 ----A---- C:\WINDOWS\system32\user32.dll
2014-11-14 01:13:53 ----A---- C:\WINDOWS\SYSWOW64\msihnd.dll
2014-11-14 01:13:53 ----A---- C:\WINDOWS\SYSWOW64\msi.dll
2014-11-14 01:13:53 ----A---- C:\WINDOWS\SYSWOW64\authui.dll
2014-11-14 01:13:53 ----A---- C:\WINDOWS\system32\msihnd.dll
2014-11-14 01:13:53 ----A---- C:\WINDOWS\system32\msi.dll
2014-11-14 01:13:53 ----A---- C:\WINDOWS\system32\consent.exe
2014-11-14 01:13:53 ----A---- C:\WINDOWS\system32\authui.dll
2014-11-14 01:13:53 ----A---- C:\WINDOWS\system32\appinfo.dll
2014-11-12 09:16:11 ----A---- C:\WINDOWS\SYSWOW64\schannel.dll
2014-11-12 09:16:11 ----A---- C:\WINDOWS\system32\schannel.dll
2014-11-12 09:16:10 ----A---- C:\WINDOWS\SYSWOW64\ncryptsslp.dll
2014-11-12 09:16:10 ----A---- C:\WINDOWS\system32\ncryptsslp.dll
2014-11-12 09:16:10 ----A---- C:\WINDOWS\system32\dpapisrv.dll
2014-11-12 09:15:11 ----A---- C:\WINDOWS\SYSWOW64\certcli.dll
2014-11-12 09:15:11 ----A---- C:\WINDOWS\system32\rdpcorets.dll
2014-11-12 09:15:11 ----A---- C:\WINDOWS\system32\lsasrv.dll
2014-11-12 09:15:11 ----A---- C:\WINDOWS\system32\drivers\ksecpkg.sys
2014-11-12 09:15:11 ----A---- C:\WINDOWS\system32\drivers\cng.sys
2014-11-12 09:15:11 ----A---- C:\WINDOWS\system32\certcli.dll
2014-11-12 09:15:10 ----A---- C:\WINDOWS\SYSWOW64\adtschema.dll
2014-11-12 09:15:10 ----A---- C:\WINDOWS\system32\rfxvmt.dll
2014-11-12 09:15:10 ----A---- C:\WINDOWS\system32\adtschema.dll
2014-11-12 09:15:09 ----A---- C:\WINDOWS\SYSWOW64\msaudite.dll
2014-11-12 09:15:09 ----A---- C:\WINDOWS\system32\msaudite.dll
2014-11-12 09:15:09 ----A---- C:\WINDOWS\system32\drivers\rdpvideominiport.sys
2014-11-12 09:15:08 ----A---- C:\WINDOWS\system32\rdpudd.dll
2014-11-12 09:14:43 ----A---- C:\WINDOWS\SYSWOW64\oleaut32.dll
2014-11-12 09:14:43 ----A---- C:\WINDOWS\system32\oleaut32.dll
2014-11-12 09:14:41 ----A---- C:\WINDOWS\system32\wuaueng.dll
2014-11-12 09:14:40 ----A---- C:\WINDOWS\SYSWOW64\wuwebv.dll
2014-11-12 09:14:40 ----A---- C:\WINDOWS\SYSWOW64\wups.dll
2014-11-12 09:14:40 ----A---- C:\WINDOWS\SYSWOW64\wudriver.dll
2014-11-12 09:14:40 ----A---- C:\WINDOWS\SYSWOW64\wuapp.exe
2014-11-12 09:14:40 ----A---- C:\WINDOWS\SYSWOW64\wuapi.dll
2014-11-12 09:14:40 ----A---- C:\WINDOWS\system32\wuwebv.dll
2014-11-12 09:14:40 ----A---- C:\WINDOWS\system32\WUSettingsProvider.dll
2014-11-12 09:14:40 ----A---- C:\WINDOWS\system32\wups2.dll
2014-11-12 09:14:40 ----A---- C:\WINDOWS\system32\wups.dll
2014-11-12 09:14:40 ----A---- C:\WINDOWS\system32\wudriver.dll
2014-11-12 09:14:40 ----A---- C:\WINDOWS\system32\wucltux.dll
2014-11-12 09:14:40 ----A---- C:\WINDOWS\system32\wuauclt.exe
2014-11-12 09:14:40 ----A---- C:\WINDOWS\system32\wuapp.exe
2014-11-12 09:14:40 ----A---- C:\WINDOWS\system32\wuapi.dll
2014-11-12 09:14:40 ----A---- C:\WINDOWS\system32\wuaext.dll
2014-11-12 09:14:37 ----A---- C:\WINDOWS\SYSWOW64\msxml3.dll
2014-11-12 09:14:37 ----A---- C:\WINDOWS\system32\msxml3.dll
2014-11-12 09:14:20 ----A---- C:\WINDOWS\system32\audiosrv.dll
2014-11-12 09:14:20 ----A---- C:\WINDOWS\system32\AudioSes.dll
2014-11-12 09:14:19 ----A---- C:\WINDOWS\SYSWOW64\AudioSes.dll
2014-11-12 09:14:19 ----A---- C:\WINDOWS\SYSWOW64\AUDIOKSE.dll
2014-11-12 09:14:19 ----A---- C:\WINDOWS\SYSWOW64\AudioEng.dll
2014-11-12 09:14:19 ----A---- C:\WINDOWS\system32\EncDump.dll
2014-11-12 09:14:19 ----A---- C:\WINDOWS\system32\AUDIOKSE.dll
2014-11-12 09:14:19 ----A---- C:\WINDOWS\system32\AudioEng.dll
2014-11-12 09:14:19 ----A---- C:\WINDOWS\system32\AudioEndpointBuilder.dll
2014-11-12 09:14:19 ----A---- C:\WINDOWS\system32\audiodg.exe
2014-11-12 09:13:05 ----A---- C:\WINDOWS\system32\actxprxy.dll
2014-11-12 09:13:01 ----A---- C:\WINDOWS\system32\jscript9diag.dll
2014-11-12 09:13:00 ----A---- C:\WINDOWS\system32\ieui.dll
2014-11-12 09:12:58 ----A---- C:\WINDOWS\SYSWOW64\jscript9diag.dll
2014-11-12 09:12:57 ----A---- C:\WINDOWS\SYSWOW64\ieui.dll
2014-11-12 09:12:52 ----A---- C:\WINDOWS\system32\dxtmsft.dll
2014-11-12 09:12:51 ----A---- C:\WINDOWS\SYSWOW64\dxtmsft.dll
2014-11-12 09:12:47 ----A---- C:\WINDOWS\system32\ieetwproxystub.dll
2014-11-12 09:12:43 ----A---- C:\WINDOWS\SYSWOW64\hlink.dll
2014-11-12 09:12:42 ----A---- C:\WINDOWS\system32\msrating.dll
2014-11-12 09:12:42 ----A---- C:\WINDOWS\system32\iesysprep.dll
2014-11-12 09:12:42 ----A---- C:\WINDOWS\system32\hlink.dll
2014-11-12 09:12:41 ----A---- C:\WINDOWS\SYSWOW64\msrating.dll
2014-11-12 09:12:41 ----A---- C:\WINDOWS\SYSWOW64\ieUnatt.exe
2014-11-12 09:12:41 ----A---- C:\WINDOWS\SYSWOW64\iesysprep.dll
2014-11-12 09:12:41 ----A---- C:\WINDOWS\system32\ieUnatt.exe
2014-11-12 09:12:41 ----A---- C:\WINDOWS\system32\ieetwcollector.exe
2014-11-12 09:12:40 ----A---- C:\WINDOWS\SYSWOW64\inseng.dll
2014-11-12 09:12:40 ----A---- C:\WINDOWS\SYSWOW64\actxprxy.dll
2014-11-12 09:12:39 ----A---- C:\WINDOWS\system32\msfeedsbs.dll
2014-11-12 09:12:39 ----A---- C:\WINDOWS\system32\JavaScriptCollectionAgent.dll
2014-11-12 09:12:39 ----A---- C:\WINDOWS\system32\inseng.dll
2014-11-12 09:12:38 ----A---- C:\WINDOWS\SYSWOW64\msfeedsbs.dll
2014-11-12 09:12:38 ----A---- C:\WINDOWS\SYSWOW64\jsproxy.dll
2014-11-12 09:12:38 ----A---- C:\WINDOWS\system32\jsproxy.dll
2014-11-12 09:12:37 ----A---- C:\WINDOWS\SYSWOW64\occache.dll
2014-11-12 09:12:37 ----A---- C:\WINDOWS\SYSWOW64\iexpress.exe
2014-11-12 09:12:37 ----A---- C:\WINDOWS\SYSWOW64\IEAdvpack.dll
2014-11-12 09:12:36 ----A---- C:\WINDOWS\SYSWOW64\JavaScriptCollectionAgent.dll
2014-11-12 09:12:36 ----A---- C:\WINDOWS\SYSWOW64\imgutil.dll
2014-11-12 09:12:36 ----A---- C:\WINDOWS\system32\occache.dll
2014-11-12 09:12:35 ----A---- C:\WINDOWS\SYSWOW64\pngfilt.dll
2014-11-12 09:12:35 ----A---- C:\WINDOWS\SYSWOW64\licmgr10.dll
2014-11-12 09:12:35 ----A---- C:\WINDOWS\SYSWOW64\ieetwproxystub.dll
2014-11-12 09:12:35 ----A---- C:\WINDOWS\system32\pngfilt.dll
2014-11-12 09:12:35 ----A---- C:\WINDOWS\system32\licmgr10.dll
2014-11-12 09:12:35 ----A---- C:\WINDOWS\system32\imgutil.dll
2014-11-12 09:12:34 ----A---- C:\WINDOWS\SYSWOW64\wextract.exe
2014-11-12 09:12:34 ----A---- C:\WINDOWS\SYSWOW64\url.dll
2014-11-12 09:12:34 ----A---- C:\WINDOWS\SYSWOW64\iesetup.dll
2014-11-12 09:12:34 ----A---- C:\WINDOWS\SYSWOW64\iernonce.dll
2014-11-12 09:12:34 ----A---- C:\WINDOWS\system32\url.dll
2014-11-12 09:12:34 ----A---- C:\WINDOWS\system32\iernonce.dll
2014-11-12 09:12:34 ----A---- C:\WINDOWS\system32\IEAdvpack.dll
2014-11-12 09:12:33 ----A---- C:\WINDOWS\SYSWOW64\mshta.exe
2014-11-12 09:12:33 ----A---- C:\WINDOWS\SYSWOW64\msfeedssync.exe
2014-11-12 09:12:33 ----A---- C:\WINDOWS\system32\wextract.exe
2014-11-12 09:12:33 ----A---- C:\WINDOWS\system32\msfeedssync.exe
2014-11-12 09:12:33 ----A---- C:\WINDOWS\system32\iexpress.exe
2014-11-12 09:12:33 ----A---- C:\WINDOWS\system32\iesetup.dll
2014-11-12 09:12:32 ----A---- C:\WINDOWS\system32\mshta.exe
2014-11-12 09:11:20 ----A---- C:\WINDOWS\system32\win32k.sys
2014-11-12 09:11:18 ----A---- C:\WINDOWS\SYSWOW64\packager.dll
2014-11-12 09:11:18 ----A---- C:\WINDOWS\system32\packager.dll
2014-11-02 10:23:18 ----A---- C:\WINDOWS\system32\avgrep.txt
2014-11-02 10:05:34 ----A---- C:\WINDOWS\ntbtlog.txt
2014-11-01 18:51:51 ----A---- C:\WINDOWS\system32\nvspbridge64.dll
2014-11-01 18:51:50 ----A---- C:\WINDOWS\system32\nvspcap64.dll
2014-11-01 18:51:44 ----A---- C:\WINDOWS\SYSWOW64\nvspbridge.dll
2014-11-01 18:51:41 ----A---- C:\WINDOWS\SYSWOW64\nvspcap.dll
2014-11-01 18:49:00 ----D---- C:\Program Files (x86)\AGEIA Technologies
2014-11-01 18:48:25 ----D---- C:\WINDOWS\SYSWOW64\NV
2014-11-01 18:48:25 ----D---- C:\WINDOWS\system32\NV
2014-11-01 18:48:18 ----D---- C:\ProgramData\NVIDIA
2014-11-01 18:47:52 ----A---- C:\WINDOWS\system32\nvvsvc.exe
2014-11-01 18:47:52 ----A---- C:\WINDOWS\system32\nvsvcr.dll
2014-11-01 18:47:52 ----A---- C:\WINDOWS\system32\nvsvc64.dll
2014-11-01 18:47:52 ----A---- C:\WINDOWS\system32\nvshext.dll
2014-11-01 18:47:52 ----A---- C:\WINDOWS\system32\nvmctray.dll
2014-11-01 18:47:52 ----A---- C:\WINDOWS\system32\nvcpl.dll
2014-11-01 18:47:52 ----A---- C:\WINDOWS\system32\nv3dappshextr.dll
2014-11-01 18:47:52 ----A---- C:\WINDOWS\system32\nv3dappshext.dll
2014-11-01 18:46:57 ----D---- C:\ProgramData\NVIDIA Corporation
2014-11-01 18:34:01 ----A---- C:\WINDOWS\system32\drivers\nvvad64v.sys
2014-11-01 18:34:00 ----A---- C:\WINDOWS\SYSWOW64\nvaudcap32v.dll
2014-11-01 18:34:00 ----A---- C:\WINDOWS\system32\nvaudcap64v.dll
2014-11-01 18:33:58 ----A---- C:\WINDOWS\SYSWOW64\nvwgf2um.dll
2014-11-01 18:33:58 ----A---- C:\WINDOWS\SYSWOW64\nvumdshim.dll
2014-11-01 18:33:58 ----A---- C:\WINDOWS\system32\nvwgf2umx.dll
2014-11-01 18:33:58 ----A---- C:\WINDOWS\system32\nvumdshimx.dll
2014-11-01 18:33:57 ----A---- C:\WINDOWS\SYSWOW64\nvopencl.dll
2014-11-01 18:33:57 ----A---- C:\WINDOWS\SYSWOW64\nvoglv32.dll
2014-11-01 18:33:57 ----A---- C:\WINDOWS\SYSWOW64\nvoglshim32.dll
2014-11-01 18:33:57 ----A---- C:\WINDOWS\SYSWOW64\nvinit.dll
2014-11-01 18:33:57 ----A---- C:\WINDOWS\SYSWOW64\NvIFROpenGL.dll
2014-11-01 18:33:57 ----A---- C:\WINDOWS\SYSWOW64\NvIFR.dll
2014-11-01 18:33:57 ----A---- C:\WINDOWS\SYSWOW64\NvFBC.dll
2014-11-01 18:33:57 ----A---- C:\WINDOWS\SYSWOW64\nvEncodeAPI.dll
2014-11-01 18:33:57 ----A---- C:\WINDOWS\SYSWOW64\nvd3dum.dll
2014-11-01 18:33:57 ----A---- C:\WINDOWS\SYSWOW64\nvcuvid.dll
2014-11-01 18:33:57 ----A---- C:\WINDOWS\SYSWOW64\nvcuda.dll
2014-11-01 18:33:57 ----A---- C:\WINDOWS\system32\nvopencl.dll
2014-11-01 18:33:57 ----A---- C:\WINDOWS\system32\nvoglv64.dll
2014-11-01 18:33:57 ----A---- C:\WINDOWS\system32\nvoglshim64.dll
2014-11-01 18:33:57 ----A---- C:\WINDOWS\system32\nvinitx.dll
2014-11-01 18:33:57 ----A---- C:\WINDOWS\system32\NvIFROpenGL.dll
2014-11-01 18:33:57 ----A---- C:\WINDOWS\system32\NvIFR64.dll
2014-11-01 18:33:57 ----A---- C:\WINDOWS\system32\NvFBC64.dll
2014-11-01 18:33:57 ----A---- C:\WINDOWS\system32\nvEncodeAPI64.dll
2014-11-01 18:33:57 ----A---- C:\WINDOWS\system32\nvdispgenco6434448.dll
2014-11-01 18:33:57 ----A---- C:\WINDOWS\system32\nvdispco6434448.dll
2014-11-01 18:33:57 ----A---- C:\WINDOWS\system32\nvd3dumx.dll
2014-11-01 18:33:57 ----A---- C:\WINDOWS\system32\nvcuvid.dll
2014-11-01 18:33:57 ----A---- C:\WINDOWS\system32\nvcuda.dll
2014-11-01 18:33:57 ----A---- C:\WINDOWS\system32\drivers\nvpciflt.sys
2014-11-01 18:33:57 ----A---- C:\WINDOWS\system32\drivers\nvlddmkm.sys
2014-11-01 18:33:56 ----A---- C:\WINDOWS\SYSWOW64\nvcompiler.dll
2014-11-01 18:33:56 ----A---- C:\WINDOWS\SYSWOW64\nvapi.dll
2014-11-01 18:33:56 ----A---- C:\WINDOWS\system32\nvcompiler.dll
2014-11-01 18:33:56 ----A---- C:\WINDOWS\system32\nvapi64.dll
2014-11-01 18:28:56 ----D---- C:\NVIDIA
2014-10-29 21:03:36 ----A---- C:\WINDOWS\system32\drivers\avgmfx64.sys
2014-10-26 21:52:10 ----A---- C:\WINDOWS\system32\shell32.dll
2014-10-26 21:52:08 ----A---- C:\WINDOWS\system32\ntoskrnl.exe
2014-10-26 21:52:07 ----A---- C:\WINDOWS\SYSWOW64\shell32.dll
2014-10-26 21:52:07 ----A---- C:\WINDOWS\system32\SettingsHandlers.dll
2014-10-26 21:52:05 ----A---- C:\WINDOWS\system32\twinui.dll
2014-10-26 21:52:04 ----A---- C:\WINDOWS\system32\drivers\tcpip.sys
2014-10-26 21:52:03 ----A---- C:\WINDOWS\system32\mfmp4srcsnk.dll
2014-10-26 21:52:03 ----A---- C:\WINDOWS\system32\MFMediaEngine.dll
2014-10-26 21:52:03 ----A---- C:\WINDOWS\system32\localspl.dll
2014-10-26 21:52:02 ----A---- C:\WINDOWS\SYSWOW64\twinui.dll
2014-10-26 21:52:02 ----A---- C:\WINDOWS\SYSWOW64\mfmp4srcsnk.dll
2014-10-26 21:52:02 ----A---- C:\WINDOWS\SYSWOW64\MFMediaEngine.dll
2014-10-26 21:52:02 ----A---- C:\WINDOWS\system32\win32spl.dll
2014-10-26 21:52:01 ----A---- C:\WINDOWS\SYSWOW64\WsmSvc.dll
2014-10-26 21:52:01 ----A---- C:\WINDOWS\system32\WsmSvc.dll
2014-10-26 21:52:01 ----A---- C:\WINDOWS\system32\puiobj.dll
2014-10-26 21:52:01 ----A---- C:\WINDOWS\system32\drivers\netio.sys
2014-10-26 21:52:00 ----AC---- C:\WINDOWS\system32\drivers\USBSTOR.SYS
2014-10-26 21:52:00 ----A---- C:\WINDOWS\SYSWOW64\puiobj.dll
2014-10-26 21:52:00 ----A---- C:\WINDOWS\system32\untfs.dll
2014-10-26 21:52:00 ----A---- C:\WINDOWS\system32\drivers\FWPKCLNT.SYS
2014-10-26 21:51:59 ----A---- C:\WINDOWS\SYSWOW64\untfs.dll
2014-10-26 21:51:59 ----A---- C:\WINDOWS\SYSWOW64\FXSAPI.dll
2014-10-26 21:51:59 ----A---- C:\WINDOWS\system32\FXSCOMEX.dll
2014-10-26 21:51:59 ----A---- C:\WINDOWS\system32\FXSAPI.dll
2014-10-25 18:19:54 ----D---- C:\Program Files (x86)\Sharepod
2014-10-25 18:09:34 ----D---- C:\Program Files (x86)\QuickTime
2014-10-25 17:14:17 ----D---- C:\Users\User\AppData\Roaming\Apple Computer
2014-10-25 17:14:09 ----A---- C:\WINDOWS\system32\drivers\GEARAspiWDM.sys
2014-10-25 17:13:24 ----D---- C:\Program Files\iPod
2014-10-25 17:13:23 ----D---- C:\ProgramData\E1864A66-75E3-486a-BD95-D1B7D99A84A7
2014-10-25 17:13:23 ----D---- C:\ProgramData\Apple Computer
2014-10-25 17:13:23 ----D---- C:\Program Files\iTunes
2014-10-25 17:13:23 ----D---- C:\Program Files (x86)\iTunes
2014-10-25 17:11:39 ----D---- C:\Program Files (x86)\Apple Software Update
2014-10-25 17:11:31 ----D---- C:\Program Files\Common Files\Apple
2014-10-25 17:11:21 ----D---- C:\Program Files\Bonjour
2014-10-25 17:11:21 ----D---- C:\Program Files (x86)\Bonjour
2014-10-25 17:11:09 ----D---- C:\ProgramData\Apple
2014-10-24 10:20:06 ----A---- C:\WINDOWS\system32\drivers\avgldx64.sys
2014-10-18 11:26:02 ----D---- C:\WINDOWS\Minidump
2014-10-17 07:48:18 ----A---- C:\WINDOWS\system32\drivers\36B07BDE.sys
2014-10-16 18:35:12 ----D---- C:\Users\User\AppData\Roaming\HeroesAndGeneralsDesktop
2014-10-16 13:14:37 ----A---- C:\WINDOWS\system32\winbici.dll
2014-10-16 11:33:37 ----A---- C:\WINDOWS\SYSWOW64\rastls.dll
2014-10-16 11:33:37 ----A---- C:\WINDOWS\system32\rastls.dll
2014-10-16 07:29:45 ----A---- C:\WINDOWS\system32\Windows.UI.Search.dll
2014-10-16 07:29:41 ----A---- C:\WINDOWS\SYSWOW64\Windows.UI.Search.dll
2014-10-16 07:29:40 ----A---- C:\WINDOWS\system32\mstscax.dll
2014-10-16 07:29:39 ----A---- C:\WINDOWS\SYSWOW64\mstscax.dll
2014-10-16 07:29:38 ----A---- C:\WINDOWS\system32\SyncEngine.dll
2014-10-16 07:29:36 ----A---- C:\WINDOWS\system32\SearchFolder.dll
2014-10-16 07:29:35 ----A---- C:\WINDOWS\system32\ntdll.dll
2014-10-16 07:29:34 ----A---- C:\WINDOWS\system32\KernelBase.dll
2014-10-16 07:29:32 ----A---- C:\WINDOWS\SYSWOW64\ntdll.dll
2014-10-16 07:29:31 ----A---- C:\WINDOWS\system32\propsys.dll
2014-10-16 07:29:30 ----A---- C:\WINDOWS\system32\WSShared.dll
2014-10-16 07:29:29 ----A---- C:\WINDOWS\SYSWOW64\WSShared.dll
2014-10-16 07:29:29 ----A---- C:\WINDOWS\system32\Wldap32.dll
2014-10-16 07:29:29 ----A---- C:\WINDOWS\system32\iphlpsvc.dll
2014-10-16 07:29:28 ----A---- C:\WINDOWS\SYSWOW64\SearchFolder.dll
2014-10-16 07:29:28 ----A---- C:\WINDOWS\SYSWOW64\KernelBase.dll
2014-10-16 07:29:26 ----A---- C:\WINDOWS\SYSWOW64\Wldap32.dll
2014-10-16 07:29:26 ----A---- C:\WINDOWS\system32\SystemEventsBrokerServer.dll
2014-10-16 07:29:25 ----A---- C:\WINDOWS\SYSWOW64\propsys.dll
2014-10-16 07:29:24 ----A---- C:\WINDOWS\system32\SkyDriveTelemetry.dll
2014-10-16 07:29:23 ----A---- C:\WINDOWS\system32\SkyDrive.exe
2014-10-16 07:29:23 ----A---- C:\WINDOWS\system32\httpprxm.dll
2014-10-16 07:29:23 ----A---- C:\WINDOWS\system32\bisrv.dll
2014-10-16 07:29:22 ----A---- C:\WINDOWS\SYSWOW64\SkyDriveShell.dll
2014-10-16 07:29:22 ----A---- C:\WINDOWS\system32\SkyDriveShell.dll
2014-10-16 07:29:22 ----A---- C:\WINDOWS\system32\ProximityService.dll
2014-10-16 07:29:22 ----A---- C:\WINDOWS\system32\pcsvDevice.dll
2014-10-16 07:29:22 ----A---- C:\WINDOWS\system32\adhsvc.dll
2014-10-16 07:29:21 ----A---- C:\WINDOWS\system32\Windows.ApplicationModel.Store.TestingFramework.dll
2014-10-16 07:29:20 ----A---- C:\WINDOWS\SYSWOW64\Windows.ApplicationModel.Store.TestingFramework.dll
2014-10-14 06:56:26 ----A---- C:\WINDOWS\system32\drivers\08E869C5.sys
2014-10-13 09:10:41 ----A---- C:\WINDOWS\system32\drivers\48230029.sys
2014-10-06 20:10:16 ----D---- C:\ProgramData\regid.1986-12.com.adobe
2014-09-25 21:00:45 ----D---- C:\Program Files (x86)\Hewlett-Packard
2014-09-22 23:18:10 ----RA---- C:\Rome2.dll
2014-09-22 23:18:09 ----RA---- C:\steam_api.ini
 
======List of files/folders modified in the last 3 months======
 
2014-12-18 22:39:05 ----RD---- C:\Program Files
2014-12-18 22:39:04 ----D---- C:\WINDOWS\Prefetch
2014-12-18 22:33:55 ----D---- C:\WINDOWS\Temp
2014-12-18 22:22:35 ----SHD---- C:\WINDOWS\Installer
2014-12-18 22:21:42 ----D---- C:\ProgramData\MFAData
2014-12-18 22:00:09 ----D---- C:\WINDOWS\system32\sru
2014-12-18 20:54:44 ----D---- C:\ProgramData\WinClon
2014-12-18 20:46:19 ----A---- C:\WINDOWS\SYSWOW64\log.txt
2014-12-18 20:45:12 ----D---- C:\Program Files (x86)\Steam
2014-12-18 20:43:51 ----D---- C:\WINDOWS\system32\drivers
2014-12-18 17:57:06 ----D---- C:\WINDOWS\AppReadiness
2014-12-18 17:52:58 ----HD---- C:\Program Files\WindowsApps
2014-12-18 08:01:03 ----D---- C:\WINDOWS\system32\config
2014-12-17 18:36:08 ----D---- C:\WINDOWS\CbsTemp
2014-12-17 18:36:05 ----D---- C:\WINDOWS\WinSxS
2014-12-17 09:23:44 ----D---- C:\Python
2014-12-17 09:07:14 ----D---- C:\Java
2014-12-16 23:15:53 ----RD---- C:\Program Files (x86)
2014-12-16 23:05:15 ----D---- C:\Windows
2014-12-16 22:48:02 ----SHD---- C:\System Volume Information
2014-12-16 21:04:11 ----D---- C:\Users\User\AppData\Roaming\DiskDefrag
2014-12-16 18:02:49 ----D---- C:\WINDOWS\system32\DriverStore
2014-12-16 17:51:06 ----D---- C:\WINDOWS\Microsoft.NET
2014-12-16 14:53:19 ----D---- C:\WINDOWS\Inf
2014-12-15 21:35:42 ----D---- C:\WINDOWS\rescache
2014-12-15 20:00:47 ----RD---- C:\WINDOWS\System32
2014-12-15 20:00:47 ----D---- C:\WINDOWS\SysWOW64
2014-12-15 19:47:50 ----D---- C:\WINDOWS\SYSWOW64\en-US
2014-12-15 19:47:50 ----D---- C:\WINDOWS\system32\en-US
2014-12-14 22:19:54 ----D---- C:\WINDOWS\system32\NDF
2014-12-14 16:49:37 ----RSD---- C:\WINDOWS\assembly
2014-12-13 17:13:17 ----D---- C:\ProgramData\AVG2014
2014-12-13 13:55:15 ----D---- C:\WINDOWS\system32\catroot2
2014-12-12 21:47:25 ----D---- C:\WINDOWS\system32\MRT
2014-12-12 21:41:30 ----A---- C:\WINDOWS\system32\MRT.exe
2014-12-12 14:44:15 ----RD---- C:\Users
2014-12-11 19:09:30 ----D---- C:\WINDOWS\system32\drivers\UMDF
2014-12-11 14:17:30 ----D---- C:\Python34
2014-12-10 09:57:10 ----D---- C:\WINDOWS\system32\sr-Latn-RS
2014-12-10 09:57:10 ----D---- C:\WINDOWS\system32\sr-Latn-CS
2014-12-10 09:57:07 ----D---- C:\WINDOWS\PolicyDefinitions
2014-12-10 09:57:07 ----D---- C:\Program Files\Internet Explorer
2014-12-10 09:57:07 ----D---- C:\Program Files (x86)\Internet Explorer
2014-12-10 09:47:17 ----D---- C:\ProgramData\Microsoft Help
2014-12-04 17:24:06 ----D---- C:\Users\User\AppData\Roaming\vlc
2014-12-02 18:44:50 ----D---- C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-11-27 17:34:32 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2014-11-26 16:10:48 ----A---- C:\WINDOWS\SYSWOW64\FlashPlayerApp.exe
2014-11-26 09:04:18 ----SD---- C:\Users\User\AppData\Roaming\Microsoft
2014-11-20 19:39:23 ----D---- C:\Users\User\AppData\Roaming\HpUpdate
2014-11-20 17:47:42 ----D---- C:\Users\User\AppData\Roaming\iSpy
2014-11-15 12:46:55 ----D---- C:\WINDOWS\Logs
2014-11-14 14:00:20 ----RSD---- C:\WINDOWS\Fonts
2014-11-14 02:05:36 ----D---- C:\Program Files\Windows Defender
2014-11-14 02:05:36 ----D---- C:\Program Files (x86)\Windows Defender
2014-11-14 01:13:10 ----D---- C:\WINDOWS\system32\wbem
2014-11-12 22:05:50 ----D---- C:\Users\User\AppData\Roaming\uTorrent
2014-11-12 19:06:37 ----D---- C:\Program Files (x86)\Glary Utilities 5
2014-11-12 14:12:10 ----D---- C:\WINDOWS\Tasks
2014-11-12 10:00:15 ----D---- C:\WINDOWS\SYSWOW64\migration
2014-11-12 10:00:15 ----D---- C:\WINDOWS\system32\migration
2014-11-09 22:28:17 ----D---- C:\Program Files (x86)\DAEMON Tools Pro
2014-11-01 18:55:00 ----D---- C:\Program Files\NVIDIA Corporation
2014-11-01 18:51:23 ----D---- C:\Program Files (x86)\NVIDIA Corporation
2014-11-01 18:48:18 ----HD---- C:\ProgramData
2014-11-01 18:47:48 ----D---- C:\WINDOWS\Help
2014-11-01 18:30:52 ----D---- C:\WINDOWS\SoftwareDistribution
2014-11-01 18:19:43 ----D---- C:\WINDOWS\debug
2014-11-01 17:44:41 ----D---- C:\ProgramData\Oracle
2014-11-01 17:43:59 ----D---- C:\Program Files (x86)\Java
2014-11-01 17:41:58 ----D---- C:\Program Files (x86)\Common Files
2014-11-01 17:41:08 ----A---- C:\WINDOWS\SYSWOW64\WindowsAccessBridge-32.dll
2014-10-29 14:19:47 ----D---- C:\WINDOWS\LiveKernelReports
2014-10-27 08:18:16 ----D---- C:\Program Files (x86)\Intel
2014-10-26 21:58:26 ----RD---- C:\WINDOWS\ToastData
2014-10-26 21:58:26 ----RD---- C:\WINDOWS\ImmersiveControlPanel
2014-10-26 21:58:26 ----D---- C:\WINDOWS\apppatch
2014-10-25 21:08:46 ----D---- C:\WINDOWS\system32\catroot
2014-10-25 17:14:09 ----DC---- C:\WINDOWS\system32\DRVSTORE
2014-10-25 17:11:40 ----D---- C:\WINDOWS\system32\Tasks
2014-10-25 17:11:31 ----D---- C:\Program Files\Common Files
2014-10-16 14:19:37 ----D---- C:\WINDOWS\MediaViewer
2014-10-16 14:19:37 ----D---- C:\WINDOWS\FileManager
2014-10-16 14:19:37 ----D---- C:\WINDOWS\Camera
2014-10-16 11:42:06 ----D---- C:\WINDOWS\WinStore
2014-10-12 15:18:21 ----D---- C:\Users\User\AppData\Roaming\Mount&Blade Warband
2014-10-06 20:10:01 ----D---- C:\Users\User\AppData\Roaming\Adobe
2014-10-06 06:50:50 ----D---- C:\ProgramData\PopCap Games
2014-10-03 22:36:57 ----D---- C:\Users\User\AppData\Roaming\Skype
2014-10-02 18:11:55 ----D---- C:\Program Files\Java
2014-10-02 18:10:46 ----A---- C:\WINDOWS\system32\javaws.exe
2014-10-02 18:10:46 ----A---- C:\WINDOWS\system32\javaw.exe
2014-10-02 18:10:45 ----A---- C:\WINDOWS\system32\java.exe
2014-09-25 21:12:53 ----D---- C:\ProgramData\Adobe
2014-09-25 20:52:50 ----D---- C:\Program Files (x86)\HP
2014-09-25 20:52:45 ----D---- C:\WINDOWS\twain_32
2014-09-22 23:28:07 ----D---- C:\Users\User\AppData\Roaming\The Creative Assembly
 
======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
 
R0 AVGIDSHA;AVGIDSHA; C:\WINDOWS\system32\DRIVERS\avgidsha.sys [2014-06-17 190744]
R0 Avgloga;AVG Logging Driver; C:\WINDOWS\system32\DRIVERS\avgloga.sys [2014-06-17 328984]
R0 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield; C:\WINDOWS\system32\DRIVERS\avgmfx64.sys [2014-10-29 123672]
R0 Avgrkx64;AVG Anti-Rootkit Driver; C:\WINDOWS\system32\DRIVERS\avgrkx64.sys [2014-06-17 31512]
R0 BootDefragDriver;BootDefragDriver; C:\WINDOWS\System32\drivers\BootDefragDriver.sys [2014-07-18 17600]
R0 excsd;ExpressCache Storage Filter Driver; C:\WINDOWS\system32\DRIVERS\excsd.sys [2012-08-17 103248]
R0 iaStorA;iaStorA; C:\WINDOWS\System32\drivers\iaStorA.sys [2012-07-30 645952]
R0 nvpciflt;nvpciflt; C:\WINDOWS\system32\DRIVERS\nvpciflt.sys [2014-10-16 30408]
R0 PxHlpa64;PxHlpa64; C:\WINDOWS\System32\Drivers\PxHlpa64.sys [2012-08-09 56336]
R1 Avgdiska;AVG Disk Driver; C:\WINDOWS\system32\DRIVERS\avgdiska.sys [2014-06-30 152344]
R1 Avgfwfd;@oem24.inf,%AvgfwfdService_Desc%;AVG network filter service; C:\WINDOWS\system32\DRIVERS\avgfwd6a.sys [2013-09-26 57144]
R1 AVGIDSDriver;AVGIDSDriver; C:\WINDOWS\system32\DRIVERS\avgidsdrivera.sys [2014-07-21 244504]
R1 Avgldx64;AVG AVI Loader Driver; C:\WINDOWS\system32\DRIVERS\avgldx64.sys [2014-10-24 237848]
R1 avgtp;avgtp; \??\C:\windows\system32\drivers\avgtpx64.sys [2014-08-11 50976]
R1 Avgwfpa;AVG Firewall Driver; C:\WINDOWS\system32\DRIVERS\avgwfpa.sys [2014-06-30 270104]
R1 cbfs3;cbfs3; \??\C:\windows\system32\drivers\cbfs3.sys [2012-08-05 352456]
R1 ccSet_NARA;NARA Settings Manager; C:\WINDOWS\system32\drivers\NARAx64\0401000.00E\ccSetx64.sys [2012-05-25 168608]
R1 CLVirtualDrive;CLVirtualDrive; C:\WINDOWS\system32\DRIVERS\CLVirtualDrive.sys [2012-06-24 92536]
R1 excfs;ExpressCache File System Filter Driver; C:\WINDOWS\system32\DRIVERS\excfs.sys [2012-08-17 23376]
R1 GUBootStartup;GUBootStartup; \??\C:\WINDOWS\System32\drivers\GUBootStartup.sys [2014-08-13 20672]
R1 mbamchameleon;mbamchameleon; \??\C:\WINDOWS\system32\drivers\mbamchameleon.sys [2014-11-21 93400]
R3 AMPPAL;@oem21.inf,%AMPPAL.SVCDESC%;Intel® Centrino® Wireless Bluetooth® + High Speed Virtual Adapter; C:\WINDOWS\System32\drivers\AMPPAL.sys [2013-05-21 165344]
R3 BthEnum;@bth.inf,%BthEnum.SVCDESC%;Bluetooth Enumerator Service; C:\WINDOWS\System32\drivers\BthEnum.sys [2013-08-22 53248]
R3 BthLEEnum;@bthleenum.inf,%BthLEEnum.SVCDESC%;Bluetooth Low Energy Driver; C:\WINDOWS\system32\DRIVERS\BthLEEnum.sys [2014-03-18 226304]
R3 BthPan;@bthpan.inf,%BthPan.DisplayName%;Bluetooth Device (Personal Area Network); C:\WINDOWS\System32\drivers\bthpan.sys [2014-07-24 118272]
R3 BTHUSB;@bth.inf,%BTHUSB.SvcDesc%;Bluetooth Radio USB Driver; C:\WINDOWS\System32\Drivers\BTHUSB.sys [2014-03-18 81920]
R3 btmaux;@oem10.inf,%BTMAUX.ServiceDesc%;Intel Bluetooth Auxiliary Service; C:\WINDOWS\system32\DRIVERS\btmaux.sys [2013-07-22 140600]
R3 btmhsf;btmhsf; C:\WINDOWS\system32\DRIVERS\btmhsf.sys [2013-09-05 1390904]
R3 GEARAspiWDM;GEAR ASPI Filter Driver; C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys [2012-10-03 33240]
R3 iBtFltCoex;iBtFltCoex; C:\WINDOWS\system32\DRIVERS\iBtFltCoex.sys [2013-04-23 69088]
R3 igfx;igfx; C:\WINDOWS\system32\DRIVERS\igdkmd64.sys [2014-05-20 3791872]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\WINDOWS\system32\drivers\RTKVHD64.sys [2012-08-07 4102928]
R3 IntcDAud;@oem35.inf,%IntcDAud.SvcDesc%;Intel® Display Audio; C:\WINDOWS\system32\DRIVERS\IntcDAud.sys [2012-06-18 342528]
R3 iwdbus;@oem5.inf,%iwdbus.SVCDESC%;IWD Bus Enumerator; C:\WINDOWS\System32\drivers\iwdbus.sys [2014-05-06 27032]
R3 MBAMProtector;MBAMProtector; \??\C:\WINDOWS\system32\drivers\mbam.sys [2014-11-21 25816]
R3 MBAMSwissArmy;MBAMSwissArmy; \??\C:\WINDOWS\system32\drivers\MBAMSwissArmy.sys [2014-12-18 129752]
R3 MBAMWebAccessControl;MBAMWebAccessControl; \??\C:\WINDOWS\system32\drivers\mwac.sys [2014-11-21 64216]
R3 MEIx64;@oem31.inf,%HECI_SvcDesc%;Intel® Management Engine Interface ; C:\WINDOWS\System32\drivers\HECIx64.sys [2012-07-02 62784]
R3 NETwNe64;@oem20.inf,%NIC_Service_DispName_WIN8_64%;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows 8 - 64 Bit; C:\WINDOWS\system32\DRIVERS\Netwew00.sys [2013-10-08 3345376]
R3 nvlddmkm;nvlddmkm; C:\WINDOWS\system32\DRIVERS\nvlddmkm.sys [2014-10-16 13190288]
R3 NvStreamKms;NvStreamKms; \??\C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [2014-10-16 19272]
R3 nvvad_WaveExtensible;@oem43.inf,%nvvad_WaveExtensible.SvcDesc%;NVIDIA Virtual Audio Device (Wave Extensible) (WDM); C:\WINDOWS\system32\drivers\nvvad64v.sys [2014-10-16 38048]
R3 RadioHIDMini;@oem8.inf,%RadioHIDMini%;Radio HID Mini-driver; C:\WINDOWS\System32\drivers\RadioHIDMini.sys [2012-07-27 23408]
R3 RFCOMM;@tdibth.inf,%RFCOMM.DisplayName%;Bluetooth Device (RFCOMM Protocol TDI); C:\WINDOWS\System32\drivers\rfcomm.sys [2014-03-18 167424]
R3 RTL8168;@netrt630x64.inf,%rtl8168.Service.DispName%;Realtek 8168 NT Driver; C:\WINDOWS\system32\DRIVERS\Rt630x64.sys [2013-06-18 591360]
R3 SynTP;@oem12.inf,%SynTP.SvcDesc%;Synaptics TouchPad Driver; C:\WINDOWS\system32\DRIVERS\SynTP.sys [2012-10-16 457016]
R3 usb3Hub;@oem6.inf,%usb3Hub.SVCDESC%;USB-IF USB 3.0 Hub; C:\WINDOWS\System32\drivers\usb3Hub.sys [2012-10-09 47072]
R3 usbvideo;@usbvideo.inf,%USBVideo.SvcDesc%;USB Video Device (WDM); C:\WINDOWS\System32\Drivers\usbvideo.sys [2013-08-22 212224]
S0 Avgboota;AVG Early Launch Anti-Malware Driver; C:\WINDOWS\system32\DRIVERS\avgboota.sys [2013-09-04 20496]
S3 BTHPORT;@bth.inf,%BTHPORT.SvcDesc%;Bluetooth Port Driver; C:\WINDOWS\System32\Drivers\BTHport.sys [2014-07-24 1200640]
S3 HPFXBULKLEDM;HPFXBULKLEDM; C:\WINDOWS\system32\drivers\hppdbulkio.sys [2010-10-28 22040]
S3 intaud_WaveExtensible;@oem4.inf,%INTAUD_WEX.SvcDesc%;Intel WiDi Audio Device; C:\WINDOWS\system32\drivers\intelaud.sys [2014-05-06 38296]
S3 USBAAPL64;@oem18.inf,%USBAAPL64.SvcDesc%;Apple Mobile USB Driver; C:\WINDOWS\System32\Drivers\usbaapl64.sys [2014-08-15 54784]
S3 usbscan;@sti.inf,%usbscan.SvcDesc%;USB Scanner Driver; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2013-08-22 44544]
 
======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
 
R2 AdobeActiveFileMonitor11.0;Adobe Active File Monitor V11; C:\Program Files (x86)\Adobe\Elements 11 Organizer\PhotoshopElementsFileAgent.exe [2012-11-05 171664]
R2 AdobeARMservice;Adobe Acrobat Update Service; C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2014-12-03 81088]
R2 AMPPALR3;Intel® Centrino® Wireless Bluetooth® + High Speed Service; C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe [2013-05-21 772064]
R2 Apple Mobile Device;Apple Mobile Device; C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [2014-10-07 60744]
R2 avgfws;AVG Firewall; C:\Program Files (x86)\AVG\AVG2014\avgfws.exe [2014-11-07 1417160]
R2 AVGIDSAgent;AVGIDSAgent; C:\Program Files (x86)\AVG\AVG2014\avgidsagent.exe [2014-11-07 3247120]
R2 avgwd;AVG WatchDog; C:\Program Files (x86)\AVG\AVG2014\avgwdsvc.exe [2014-11-07 289328]
R2 Bluetooth Device Monitor;Bluetooth Device Monitor; C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe [2013-08-26 1137016]
R2 Bluetooth OBEX Service;Bluetooth OBEX Service; C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe [2013-08-26 1157496]
R2 Bonjour Service;Bonjour Service; C:\Program Files\Bonjour\mDNSResponder.exe [2011-08-30 462184]
R2 BTHSSecurityMgr;Intel® Centrino® Wireless Bluetooth® + High Speed Security Service; C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe [2012-09-12 135984]
R2 c2cautoupdatesvc;Skype Click to Call Updater; C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [2014-07-14 1390176]
R2 c2cpnrsvc;Skype Click to Call PNR Service; C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [2014-07-14 1767520]
R2 Easy Launcher;Easy Launcher; C:\Program Files (x86)\Samsung\Settings\CmdServer\EasyLauncher.exe [2012-11-30 1591176]
R2 EvtEng;Intel® PROSet/Wireless Event Log; C:\Program Files\Intel\WiFi\bin\EvtEng.exe [2013-08-28 626416]
R2 ExpressCache;ExpressCache; C:\Program Files\Condusiv Technologies\ExpressCache\ExpressCache.exe [2012-08-17 102224]
R2 GfExperienceService;NVIDIA GeForce Experience Service; C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe [2014-10-16 1148744]
R2 HP DS Service;HP DS Service; C:\Program Files (x86)\HP\HPBDSService\HPBDSService.exe [2010-10-27 13824]
R2 HPSupportSolutionsFrameworkService;HP Support Solutions Framework Service; C:\Program Files (x86)\Hp\Common\HPSupportSolutionsFrameworkService.exe [2014-09-15 89352]
R2 igfxCUIService1.0.0.0;Intel® HD Graphics Control Panel Service; C:\WINDOWS\system32\igfxCUIService.exe [2014-05-20 314696]
R2 Intel® Capability Licensing Service Interface;Intel® Capability Licensing Service Interface; C:\Program Files\Intel\iCLS Client\HeciServer.exe [2012-04-20 635104]
R2 Intel® ME Service;Intel® ME Service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe [2012-07-17 128896]
R2 Intel® Wireless Bluetooth® 4.0 Radio Management;Intel® Wireless Bluetooth® 4.0 Radio Management; C:\Program Files (x86)\Intel\Bluetooth\ibtrksrv.exe [2013-09-18 157128]
R2 jhi_service;Intel® Dynamic Application Loader Host Interface Service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [2012-07-17 165760]
R2 LMS;Intel® Management and Security Application Local Management Service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe [2012-07-17 276864]
R2 MBAMScheduler;MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [2014-11-21 1871160]
R2 MBAMService;MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [2014-11-21 969016]
R2 Net Driver HPZ12;Net Driver HPZ12; C:\windows\System32\svchost.exe [2013-08-22 37768]
R2 NOBU;Norton Online Backup; C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe [2012-08-14 3943104]
R2 NvNetworkService;NVIDIA Network Service; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [2014-10-16 1795912]
R2 NvStreamSvc;NVIDIA Streamer Service; C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [2014-10-16 19439944]
R2 nvsvc;NVIDIA Display Driver Service; C:\WINDOWS\system32\nvvsvc.exe [2014-10-16 933064]
R2 Pml Driver HPZ12;Pml Driver HPZ12; C:\windows\System32\svchost.exe [2013-08-22 37768]
R2 RegSrvc;Intel® PROSet/Wireless Registry Service; C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe [2013-08-28 149744]
R2 SWUpdateService;SW Update Service; C:\ProgramData\Samsung\SW Update Service\SWMAgent.exe [2013-10-21 3018800]
R2 UNS;Intel® Management and Security Application User Notification Service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2012-07-17 364416]
R3 FontCache3.0.0.0;@%SystemRoot%\system32\PresentationHost.exe,-3309; C:\WINDOWS\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe [2013-08-02 43696]
R3 iPod Service;iPod Service; C:\Program Files\iPod\bin\iPodService.exe [2014-10-15 643880]
R3 osppsvc;Office Software Protection Platform; C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-09 4925184]
R3 Steam Client Service;Steam Client Service; C:\Program Files (x86)\Common Files\Steam\SteamService.exe [2014-11-18 833728]
S2 CLKMSVC10_38F51D56;CyberLink Product - 2013/01/29 00:10:38; C:\Program Files (x86)\CyberLink\PowerDVD10\NavFilter\kmsvc.exe [2012-05-22 243728]
S2 gupdate;Google Update Service (gupdate); C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-09-01 116648]
S2 HP LaserJet Service;HP LaserJet Service; C:\Program Files (x86)\HP\HPLaserJetService\HPLaserJetService.exe [2010-10-27 145920]
S2 SkypeUpdate;Skype Updater; C:\Program Files (x86)\Skype\Updater\Updater.exe [2014-04-03 315008]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service; C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-12-09 267440]
S3 cphs;Intel® Content Protection HECI Service; C:\WINDOWS\SysWow64\IntelCpHeciSvc.exe [2014-05-20 278344]
S3 gupdatem;Google Update Service (gupdatem); C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-09-01 116648]
S3 MozillaMaintenance;Mozilla Maintenance Service; C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2014-06-11 119408]
S3 MyWiFiDHCPDNS;Wireless PAN DHCP Server; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [2013-08-28 273136]
S3 ose;Office  Source Engine; C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2010-01-09 149352]
 
-----------------EOF-----------------


BC AdBot (Login to Remove)

 


#2 HelpBot

HelpBot

    Bleepin' Binary Bot


  • Bots
  • 12,732 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:10:42 AM

Posted 23 December 2014 - 10:50 PM

Hello and welcome to Bleeping Computer!

I am HelpBot: an automated program designed to help the Bleeping Computer Staff better assist you! This message contains very important information, so please read through all of it before doing anything.

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

To help Bleeping Computer better assist you please perform the following steps:

***************************************************

step1.gif In order to continue receiving help at BleepingComputer.com, YOU MUST tell me if you still need help or if your issue has already been resolved on your own or through another resource! To tell me this, please click on the following link and follow the instructions there.

CLICK THIS LINK >>> http://www.bleepingcomputer.com/logreply/560328 <<< CLICK THIS LINK



If you no longer need help, then all you needed to do was the previous instructions of telling me so. You can skip the rest of this post. If you do need help please continue with Step 2 below.

***************************************************

step2.gifIf you still need help, I would like you to post a Reply to this topic (click the "Add Reply" button in the lower right hand of this page). In that reply, please include the following information:

  • If you have not done so already, include a clear description of the problems you're having, along with any steps you may have performed so far.
  • A new DDS log. For your convenience, you will find the instructions for generating these logs repeated at the bottom of this post.
    • Please do this even if you have previously posted logs for us.
    • If you were unable to produce the logs originally please try once more.
    • If you are unable to create a log please provide detailed information about your installed Windows Operating System including the Version, Edition and if it is a 32bit or a 64bit system.
    • If you are unsure about any of these characteristics just post what you can and we will guide you.
  • Please tell us if you have your original Windows CD/DVD available.
  • Upon completing the above steps and posting a reply, another staff member will review your topic and do their best to resolve your issues.

Thank you for your patience, and again sorry for the delay.

***************************************************

We need to see some information about what is happening in your machine. Please perform the following scan again:

  • Download DDS by sUBs from the following link if you no longer have it available and save it to your destop.

    DDS.com Download Link
  • Double click on the DDS icon, allow it to run.
  • A small box will open, with an explanation about the tool. No input is needed, the scan is running.
  • Notepad will open with the results.
  • Follow the instructions that pop up for posting the results.
  • Close the program window, and delete the program from your desktop.
Please note: You may have to disable any script protection running if the scan fails to run. After downloading the tool, disconnect from the internet and disable all antivirus protection. Run the scan, enable your A/V and reconnect to the internet.

Information on A/V control can be found HERE.

As I am just a silly little program running on the BleepingComputer.com servers, please do not send me private messages as I do not know how to read and reply to them! Thanks!

#3 AnthonyY

AnthonyY
  • Topic Starter

  • Members
  • 47 posts
  • OFFLINE
  •  
  • Local time:10:42 AM

Posted 24 December 2014 - 05:52 PM

Hi, I posted before in the Am I infected? section about having a different sized dllhost.exe in the sysWOW64 directory. Boopme have adviced me to use adwcleaner, TDSSKiller, and ESET Poweliks to scan the computer, and results came back clean; so I'm referred here to have someone check if my RSIT log shows any infections, specifically a more recent version of Poweliks that does not show up on ESET's tool. 
I use a 64bit Windows 8.1, and I do not have the original Windows CD/DVD.

As noted above, since I have Windows 8.1 DDS shows up with a compatibility error, I was told to post RSIT logs instead.

Thanks



#4 nasdaq

nasdaq

  • Malware Response Team
  • 39,954 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:10:42 AM

Posted 25 December 2014 - 09:28 AM

Hello, Welcome to BleepingComputer.
I'm nasdaq and will be helping you.

If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps in the order listed.
===

Download the version of this tool for your operating system.
Farbar Recovery Scan Tool (64 bit)
Farbar Recovery Scan Tool (32 bit)
and save it to a folder on your computer's Desktop.
Double-click to run it. When the tool opens click Yes to disclaimer.
Press Scan button.
It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
The first time the tool is run, it makes also another log (Addition.txt). Please attach it to your reply.
===

Please paste the logs in your next reply DO NOT ATTACH THEM unless specified.
To attach a file select the "More Reply Option" and follow the instructions.

Wait for further instructions.

#5 AnthonyY

AnthonyY
  • Topic Starter

  • Members
  • 47 posts
  • OFFLINE
  •  
  • Local time:10:42 AM

Posted 25 December 2014 - 01:00 PM

FRST:

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 25-12-2014
Ran by Anthony Y (administrator) on USER on 25-12-2014 12:58:05
Running from C:\Users\User\Desktop
Loaded Profile: Anthony Y (Available profiles: Anthony Y)
Platform: Windows 8.1 (X64) OS Language: English (United States)
Internet Explorer Version 11
Boot Mode: Normal
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgrsa.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgcsrva.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Intel Corporation) C:\Windows\System32\igfxCUIService.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgfws.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgidsagent.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgwdsvc.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe
(Samsung Electronics CO., LTD.) C:\Program Files (x86)\Samsung\Settings\CmdServer\EasyLauncher.exe
(Microsoft Corporation) C:\Windows\System32\dasHost.exe
(Intel® Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe
(Condusiv Technologies) C:\Program Files\Condusiv Technologies\ExpressCache\ExpressCache.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe
(Hewlett-Packard Company) C:\Program Files (x86)\HP\HPBDSService\HPBDSService.exe
() C:\Program Files (x86)\Samsung\Settings\CmdServer\EasySettingsCmdServer.exe
(Microsoft Corporation) C:\Windows\System32\InputMethod\CHT\ChtIME.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Samsung Electronics CO., LTD.) C:\Program Files (x86)\Samsung\Settings\sSettings.exe
(Hewlett-Packard Company) C:\Program Files (x86)\HP\Common\HPSupportSolutionsFrameworkService.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.25.11\GoogleCrashHandler.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.25.11\GoogleCrashHandler64.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgnsa.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgemca.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
(Intel® Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Bluetooth\ibtrksrv.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\Jhi_service.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgcsrva.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(Intel® Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(AVG Secure Search) C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\18.1.9\ToolbarUpdater.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(Intel® Corporation) C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe
() C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\18.1.9\loggingserver.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Samsung Electronics CO., LTD.) C:\Program Files\Samsung\S Agent\CommonAgent.exe
(Intel Corporation) C:\Windows\System32\igfxEM.exe
(Intel Corporation) C:\Windows\System32\igfxHK.exe
(Intel Corporation) C:\Windows\System32\igfxTray.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Valve Corporation) C:\Program Files (x86)\Steam\Steam.exe
(CyberLink) C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe
(Motorola Solutions, Inc.) C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe
(CyberLink Corp.) C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe
(cyberlink) C:\Program Files (x86)\CyberLink\Shared files\brs.exe
(Intel Corporation) C:\Program Files (x86)\Intel\IntelAppStore\bin\ismagent.exe
(Motorola Solutions, Inc.) C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgui.exe
() C:\Program Files (x86)\AVG SafeGuard toolbar\vprot.exe
(Hewlett-Packard) C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Hewlett Packard) C:\Program Files (x86)\HP\HPLJUT\HPLJUTSCH.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\System32\InputMethod\CHT\ChtIME.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Elements 11 Organizer\PhotoshopElementsFileAgent.exe
(Intel Corporation) C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe
(Intel® Corporation) C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(Symantec Corporation) C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe
(Valve Corporation) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
(Samsung Electronics CO., LTD.) C:\ProgramData\Samsung\SW Update Service\SWMAgent.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
(Valve Corporation) C:\Program Files (x86)\Common Files\Steam\SteamService.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Samsung Electronics CO., LTD.) C:\Program Files\Samsung\Support Center\GuaranaAgent.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgcfgex.exe
 
 
==================== Registry (Whitelisted) ==================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13191312 2012-08-06] (Realtek Semiconductor)
HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [499608 2011-06-16] (Adobe Systems Incorporated)
HKLM\...\Run: [Bitcasa] => C:\Program Files\Bitcasa\Bitcasa.exe [4365824 2012-12-27] (Bitcasa, Inc)
HKLM\...\Run: [BTMTrayAgent] => rundll32.exe "C:\Program Files (x86)\Intel\Bluetooth\btmshellex.dll",TrayApp
HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2462536 2014-10-16] (NVIDIA Corporation)
HKLM\...\Run: [ShadowPlay] => C:\WINDOWS\system32\rundll32.exe C:\WINDOWS\system32\nvspcap64.dll,ShadowPlayOnSystemStart
HKLM-x32\...\Run: [CLMLServer_For_P2G8] => C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe [111120 2012-06-07] (CyberLink)
HKLM-x32\...\Run: [CLVirtualDrive] => C:\Program Files (x86)\CyberLink\Power2Go8\VirtualDrive.exe [491120 2012-07-12] (CyberLink Corp.)
HKLM-x32\...\Run: [RemoteControl10] => C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe [97392 2012-08-15] (CyberLink Corp.)
HKLM-x32\...\Run: [BDRegion] => C:\Program Files (x86)\Cyberlink\Shared files\brs.exe [78352 2012-05-22] (cyberlink)
HKLM-x32\...\Run: [Adobe Reader Speed Launcher] => C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe [40336 2014-12-03] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Intel AppUp(SM) center] => C:\Program Files (x86)\Intel\IntelAppStore\bin\ismagent.exe [155488 2012-07-13] (Intel Corporation)
HKLM-x32\...\Run: [Norton Online Backup] => C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuClient.exe [2994880 2012-08-14] (Symantec Corporation)
HKLM-x32\...\Run: [AVG_UI] => C:\Program Files (x86)\AVG\AVG2014\avgui.exe [5188112 2014-11-07] (AVG Technologies CZ, s.r.o.)
HKLM-x32\...\Run: [vProt] => C:\Program Files (x86)\AVG SafeGuard toolbar\vprot.exe [2640408 2014-08-30] ()
HKLM-x32\...\Run: [HP Software Update] => C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe [49208 2010-06-09] (Hewlett-Packard)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [CCPrt] => C:\Program Files (x86)\Cisco Systems\Cisco Connect\CCPrt.exe [1267320 2012-01-06] (Cisco Consumer Products LLC)
HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [157480 2014-10-15] (Apple Inc.)
HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2014-10-02] (Apple Inc.)
Winlogon\Notify\igfxcui: igfxdev.dll [X]
HKU\S-1-5-21-664592772-186111481-3113653328-1002\...\Run: [GUDelayStartup] => C:\Program Files (x86)\Glary Utilities 5\StartupManager.exe [37152 2014-08-04] (Glarysoft Ltd)
HKU\S-1-5-21-664592772-186111481-3113653328-1002\...\Run: [Steam] => C:\Program Files (x86)\Steam\steam.exe [1940160 2014-11-18] (Valve Corporation)
HKU\S-1-5-21-664592772-186111481-3113653328-1002\...\MountPoints2: {16be0a03-f19d-11e3-be8e-c8f733d2fc2a} - "F:\Autorun.exe" 
HKU\S-1-5-21-664592772-186111481-3113653328-1002\...\MountPoints2: {9ac07ce2-fd5a-11e3-be92-c8f733d2fc2a} - "F:\LaunchU3.exe" -a
AppInit_DLLs: C:\windows\system32\nvinitx.dll => C:\windows\system32\nvinitx.dll [174856 2014-10-16] (NVIDIA Corporation)
AppInit_DLLs: , C:\WINDOWS\system32\nvinitx.dll => C:\WINDOWS\system32\nvinitx.dll [174856 2014-10-16] (NVIDIA Corporation)
AppInit_DLLs-x32: C:\WINDOWS\SysWOW64\nvinit.dll => C:\WINDOWS\SysWOW64\nvinit.dll [156840 2014-10-16] (NVIDIA Corporation)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\DOW.lnk
ShortcutTarget: DOW.lnk -> C:\ProgramData\Samsung\DeleteOOBEWPP.exe (SAMSUNG Electronics co., LTD.)
SSODL: EldosMountNotificator - {5FF49FE8-B332-4CB9-B102-FB6951629E55} - C:\windows\system32\CbFsMntNtf3.dll (EldoS Corporation)
SSODL-x32: EldosMountNotificator - {5FF49FE8-B332-4CB9-B102-FB6951629E55} - C:\windows\SysWow64\CbFsMntNtf3.dll (EldoS Corporation)
ShellIconOverlayIdentifiers: [1EldosIconOverlay] -> {E0200AAA-C660-4DDF-8376-65E26F0D5759} => C:\windows\SYSTEM32\CbFsMntNtf3.dll (EldoS Corporation)
ShellIconOverlayIdentifiers: [BitcasaIconOverlay] -> {A6975448-A999-49BB-B3E4-7730CF6A82C0} => C:\Program Files\Bitcasa\ExplorerMenu.dll (Bitcasa, Inc)
ShellIconOverlayIdentifiers: [BitcasaProgressOverlay] -> {6FB8D52A-0064-45B2-B687-F596FEAD09C2} => C:\Program Files\Bitcasa\ExplorerMenu.dll (Bitcasa, Inc)
ShellIconOverlayIdentifiers: [EldosIconOverlay] -> {5BB532A2-BF14-4CCC-86B7-71B81EF6F8BC} => C:\windows\system32\CbFsMntNtf3.dll (EldoS Corporation)
ShellIconOverlayIdentifiers-x32: [1EldosIconOverlay] -> {E0200AAA-C660-4DDF-8376-65E26F0D5759} => C:\windows\SysWOW64\CbFsMntNtf3.dll (EldoS Corporation)
ShellIconOverlayIdentifiers-x32: [EldosIconOverlay] -> {5BB532A2-BF14-4CCC-86B7-71B81EF6F8BC} => C:\windows\SysWow64\CbFsMntNtf3.dll (EldoS Corporation)
BootExecute: autocheck autochk *  BootDefrag.exe
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
HKU\S-1-5-21-664592772-186111481-3113653328-1002\Software\Microsoft\Internet Explorer\Main,Start Page = http://samsung13.msn.com
HKU\S-1-5-21-664592772-186111481-3113653328-1002\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://samsung13.msn.com
SearchScopes: HKU\S-1-5-21-664592772-186111481-3113653328-1002 -> DefaultScope {E0DA18C0-1BF5-44F6-9519-8D37784FE3A3} URL = 
SearchScopes: HKU\S-1-5-21-664592772-186111481-3113653328-1002 -> {E0DA18C0-1BF5-44F6-9519-8D37784FE3A3} URL = 
BHO: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Microsoft Corporation)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\ssv.dll (Oracle Corporation)
BHO-x32: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Microsoft Corporation)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKLM - AVG SafeGuard toolbar - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files\AVG SafeGuard toolbar\18.1.9.786\AVG SafeGuard toolbar_toolbar.dll (AVG Secure Search)
Toolbar: HKLM-x32 - AVG SafeGuard toolbar - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG SafeGuard toolbar\18.1.9.786\AVG SafeGuard toolbar_toolbar.dll (AVG Secure Search)
Handler: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Microsoft Corporation)
Handler-x32: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Microsoft Corporation)
Handler-x32: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\18.1.9\ViProtocol.dll (AVG Secure Search)
Tcpip\Parameters: [DhcpNameServer] 204.197.191.194 38.117.85.2 192.168.1.1
 
FireFox:
========
FF ProfilePath: C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\mc4hbjg7.default
FF Keyword.URL: 
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_15_0_0_246.dll ()
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\Program Files\Microsoft Office\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_15_0_0_246.dll ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin -> C:\Program Files (x86)\Common Files\AVG Secure Search\SiteSafetyInstaller\18.1.9\\npsitesafety.dll No File
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.1.42 -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=11.25.2 -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.25.2 -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\Microsoft Office\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files (x86)\Microsoft Office\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3503.0728 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.1.3 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-664592772-186111481-3113653328-1002: @nsroblox.roblox.com/launcher -> C:\Users\User\AppData\Local\Roblox\Versions\version-c4060e4821af4163\\NPRobloxProxy.dll ( ROBLOX Corporation)
FF Plugin HKU\S-1-5-21-664592772-186111481-3113653328-1002: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\User\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\safeguard-secure-search.xml
FF Extension: Astroempires Angel (w/DSIS) - C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\mc4hbjg7.default\Extensions\{A143C337-CA7A-4348-8AB6-CDE6E91EDB39} [2014-06-10]
FF Extension: Skype Click to Call - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}.xpi [2014-07-14]
FF HKLM-x32\...\Firefox\Extensions: [avg@toolbar] - C:\ProgramData\AVG SafeGuard toolbar\FireFoxExt\18.1.9.786
FF Extension: AVG SafeGuard toolbar - C:\ProgramData\AVG SafeGuard toolbar\FireFoxExt\18.1.9.786 [2014-08-11]
 
Chrome: 
=======
CHR HomePage: Default -> https://www.google.ca/
CHR StartupUrls: Default -> "https://mysearch.avg.com?cid={AB1F5983-329C-4CD1-8264-8FD09C0F15C1}&mid=a01ec7c7cb9347d29d3e19be753615d9-855cfa1ce7dbcfcecb9d80f07d8fa615b98d1158&lang=en&ds=AVG&coid=avgtbavg&cmpid=&pr=fr&d=2014-06-11 15:25:11&v=18.1.9.799&pid=safeguard&sg=&sap=hp"
CHR Profile: C:\Users\User\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Docs) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-11-03]
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-06-02]
CHR Extension: (AdBlock) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2014-11-03]
CHR Extension: (Google Wallet) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-09-01]
CHR Extension: (Unblock Youku) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\pdnfnkhpgegpcingjbfihlkjeighnddk [2014-10-12]
CHR Extension: (Space Planet) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\ppcocpoeoiajndepaaimnnglicichmbb [2014-10-12]
CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files (x86)\Skype\Toolbars\ChromeExtension\skype_chrome_extension.crx [2014-07-14]
 
==================== Services (Whitelisted) =================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 AdobeActiveFileMonitor11.0; C:\Program Files (x86)\Adobe\Elements 11 Organizer\PhotoshopElementsFileAgent.exe [171664 2012-11-05] (Adobe Systems Incorporated)
R2 avgfws; C:\Program Files (x86)\AVG\AVG2014\avgfws.exe [1417160 2014-11-07] (AVG Technologies CZ, s.r.o.)
R2 AVGIDSAgent; C:\Program Files (x86)\AVG\AVG2014\avgidsagent.exe [3247120 2014-11-07] (AVG Technologies CZ, s.r.o.)
R2 avgwd; C:\Program Files (x86)\AVG\AVG2014\avgwdsvc.exe [289328 2014-11-07] (AVG Technologies CZ, s.r.o.)
R2 c2cautoupdatesvc; C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [1390176 2014-07-14] (Microsoft Corporation)
R2 c2cpnrsvc; C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [1767520 2014-07-14] (Microsoft Corporation)
S2 CLKMSVC10_38F51D56; C:\Program Files (x86)\CyberLink\PowerDVD10\NavFilter\kmsvc.exe [243728 2012-05-22] (CyberLink)
R2 Easy Launcher; C:\Program Files (x86)\Samsung\Settings\CmdServer\EasyLauncher.exe [1591176 2012-11-30] (Samsung Electronics CO., LTD.) [File not signed]
R2 ExpressCache; C:\Program Files\Condusiv Technologies\ExpressCache\ExpressCache.exe [102224 2012-08-17] (Condusiv Technologies)
R2 GfExperienceService; C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe [1148744 2014-10-16] (NVIDIA Corporation)
R2 HP DS Service; C:\Program Files (x86)\HP\HPBDSService\HPBDSService.exe [13824 2010-10-27] (Hewlett-Packard Company) [File not signed]
S2 HP LaserJet Service; C:\Program Files (x86)\HP\HPLaserJetService\HPLaserJetService.exe [145920 2010-10-27] (HP) [File not signed]
R2 HPSupportSolutionsFrameworkService; C:\Program Files (x86)\Hp\Common\HPSupportSolutionsFrameworkService.exe [89352 2014-09-15] (Hewlett-Packard Company)
R2 igfxCUIService1.0.0.0; C:\Windows\system32\igfxCUIService.exe [314696 2014-05-20] (Intel Corporation)
R2 Intel® ME Service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe [128896 2012-07-17] (Intel Corporation)
R2 Intel® Wireless Bluetooth® 4.0 Radio Management; C:\Program Files (x86)\Intel\Bluetooth\ibtrksrv.exe [157128 2013-09-18] (Intel Corporation)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [165760 2012-07-17] (Intel Corporation)
R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1871160 2014-11-21] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [969016 2014-11-21] (Malwarebytes Corporation)
S3 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [273136 2013-08-28] ()
R2 Net Driver HPZ12; C:\Windows\System32\HPZinw12.dll [71680 2010-08-06] (Hewlett-Packard) [File not signed]
R2 NOBU; C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe [3943104 2012-08-14] (Symantec Corporation)
R2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1795912 2014-10-16] (NVIDIA Corporation)
R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [19439944 2014-10-16] (NVIDIA Corporation)
R2 Pml Driver HPZ12; C:\Windows\System32\HPZipm12.dll [89600 2010-08-06] (Hewlett-Packard) [File not signed]
R2 SWUpdateService; C:\ProgramData\Samsung\SW Update Service\SWMAgent.exe [3018800 2013-10-21] (Samsung Electronics CO., LTD.)
R2 vToolbarUpdater18.1.9; C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\18.1.9\ToolbarUpdater.exe [1820184 2014-08-11] (AVG Secure Search)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [368632 2014-09-21] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23792 2014-09-21] (Microsoft Corporation)
R2 ZeroConfigService; C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe [3378416 2013-08-28] (Intel® Corporation)
 
==================== Drivers (Whitelisted) ====================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
S0 Avgboota; C:\Windows\System32\DRIVERS\avgboota.sys [20496 2013-09-04] (AVG Technologies CZ, s.r.o.)
R1 Avgdiska; C:\Windows\System32\DRIVERS\avgdiska.sys [152344 2014-06-30] (AVG Technologies CZ, s.r.o.)
R1 Avgfwfd; C:\Windows\system32\DRIVERS\avgfwd6a.sys [57144 2013-09-26] (AVG Technologies CZ, s.r.o.)
R1 AVGIDSDriver; C:\Windows\System32\DRIVERS\avgidsdrivera.sys [244504 2014-07-21] (AVG Technologies CZ, s.r.o.)
R0 AVGIDSHA; C:\Windows\System32\DRIVERS\avgidsha.sys [190744 2014-06-17] (AVG Technologies CZ, s.r.o.)
R1 Avgldx64; C:\Windows\System32\DRIVERS\avgldx64.sys [237848 2014-10-24] (AVG Technologies CZ, s.r.o.)
R0 Avgloga; C:\Windows\System32\DRIVERS\avgloga.sys [328984 2014-06-17] (AVG Technologies CZ, s.r.o.)
R0 Avgmfx64; C:\Windows\System32\DRIVERS\avgmfx64.sys [123672 2014-10-29] (AVG Technologies CZ, s.r.o.)
R0 Avgrkx64; C:\Windows\System32\DRIVERS\avgrkx64.sys [31512 2014-06-17] (AVG Technologies CZ, s.r.o.)
R1 avgtp; C:\windows\system32\drivers\avgtpx64.sys [50976 2014-08-11] (AVG Technologies)
R1 Avgwfpa; C:\Windows\system32\DRIVERS\avgwfpa.sys [270104 2014-06-30] (AVG Technologies CZ, s.r.o.)
R0 BootDefragDriver; C:\Windows\System32\drivers\BootDefragDriver.sys [17600 2014-07-18] (Glarysoft Ltd)
R3 BthLEEnum; C:\Windows\system32\DRIVERS\BthLEEnum.sys [226304 2014-03-18] (Microsoft Corporation)
R3 btmaux; C:\Windows\system32\DRIVERS\btmaux.sys [140600 2013-07-22] (Motorola Solutions, Inc.)
R3 btmhsf; C:\Windows\system32\DRIVERS\btmhsf.sys [1390904 2013-09-05] (Motorola Solutions, Inc.)
R1 cbfs3; C:\windows\system32\drivers\cbfs3.sys [352456 2012-08-05] (EldoS Corporation)
R1 ccSet_NARA; C:\Windows\system32\drivers\NARAx64\0401000.00E\ccSetx64.sys [168608 2012-05-25] (Symantec Corporation)
R1 CLVirtualDrive; C:\Windows\system32\DRIVERS\CLVirtualDrive.sys [92536 2012-06-24] (CyberLink)
R1 excfs; C:\Windows\System32\DRIVERS\excfs.sys [23376 2012-08-17] (Condusiv Technologies)
R0 excsd; C:\Windows\System32\DRIVERS\excsd.sys [103248 2012-08-17] (Condusiv Technologies)
R1 GUBootStartup; C:\WINDOWS\System32\drivers\GUBootStartup.sys [20672 2014-08-13] (Glarysoft Ltd)
R1 mbamchameleon; C:\WINDOWS\system32\drivers\mbamchameleon.sys [93400 2014-11-21] (Malwarebytes Corporation)
R3 MBAMProtector; C:\WINDOWS\system32\drivers\mbam.sys [25816 2014-11-21] (Malwarebytes Corporation)
R3 MBAMSwissArmy; C:\WINDOWS\system32\drivers\MBAMSwissArmy.sys [129752 2014-12-25] (Malwarebytes Corporation)
R3 MBAMWebAccessControl; C:\WINDOWS\system32\drivers\mwac.sys [64216 2014-11-21] (Malwarebytes Corporation)
R3 NETwNe64; C:\Windows\system32\DRIVERS\Netwew00.sys [3345376 2013-10-08] (Intel Corporation)
R3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [19272 2014-10-16] (NVIDIA Corporation)
R3 nvvad_WaveExtensible; C:\Windows\system32\drivers\nvvad64v.sys [38048 2014-10-16] (NVIDIA Corporation)
R0 PxHlpa64; C:\Windows\System32\Drivers\PxHlpa64.sys [56336 2012-08-09] (Corel Corporation)
R3 RadioHIDMini; C:\Windows\System32\drivers\RadioHIDMini.sys [23408 2012-07-27] (Windows ® Win 7 DDK provider)
R3 usb3Hub; C:\Windows\System32\drivers\usb3Hub.sys [47072 2012-10-09] (Windows ® Win 7 DDK provider)
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [114496 2014-09-21] (Microsoft Corporation)
R3 XHCIPort; C:\Windows\System32\drivers\XHCIPort.sys [188896 2012-10-09] (Windows ® Win 7 DDK provider)
 
==================== NetSvcs (Whitelisted) ===================
 
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
 
 
==================== One Month Created Files and Folders ========
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2014-12-25 12:58 - 2014-12-25 12:58 - 00028756 _____ () C:\Users\User\Desktop\FRST.txt
2014-12-25 12:57 - 2014-12-25 12:58 - 00000000 ____D () C:\FRST
2014-12-25 12:55 - 2014-12-25 12:55 - 02122240 _____ (Farbar) C:\Users\User\Desktop\FRST64.exe
2014-12-23 17:30 - 2014-12-23 17:30 - 00003886 _____ () C:\WINDOWS\System32\Tasks\Adobe Acrobat Update Task
2014-12-21 11:20 - 2014-12-21 11:26 - 00000000 ____D () C:\Users\User\AppData\Roaming\Notepad++
2014-12-21 11:20 - 2014-12-21 11:20 - 00001063 _____ () C:\Users\User\Desktop\Notepad++.lnk
2014-12-21 11:20 - 2014-12-21 11:20 - 00000000 ____D () C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Notepad++
2014-12-21 11:20 - 2014-12-21 11:20 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Notepad++
2014-12-21 11:20 - 2014-12-21 11:20 - 00000000 ____D () C:\Program Files (x86)\Notepad++
2014-12-21 11:19 - 2014-12-21 11:19 - 07944971 _____ () C:\Users\User\Downloads\npp.6.7.Installer.exe
2014-12-20 12:56 - 2014-12-20 12:56 - 00000000 ____D () C:\Users\User\AppData\Roaming\PixelPiracy
2014-12-18 22:39 - 2014-12-18 22:41 - 00000000 ____D () C:\rsit
2014-12-18 22:39 - 2014-12-18 22:39 - 00000000 ____D () C:\Program Files\trend micro
2014-12-18 22:38 - 2014-12-18 22:38 - 01222144 _____ () C:\Users\User\Desktop\RSITx64.exe
2014-12-18 01:11 - 2014-12-18 01:12 - 02967032 _____ (Malwarebytes ) C:\Users\User\Downloads\mbae-setup-1.05.1.1016.exe
2014-12-17 22:42 - 2014-12-17 22:42 - 01063160 _____ (Bleeping Computer, LLC) C:\Users\User\Desktop\rkill64.exe
2014-12-16 23:15 - 2014-12-16 23:15 - 02347384 _____ (ESET) C:\Users\User\Downloads\esetsmartinstaller_enu.exe
2014-12-16 23:15 - 2014-12-16 23:15 - 00000000 ____D () C:\Program Files (x86)\ESET
2014-12-16 23:12 - 2014-12-16 23:12 - 00000763 _____ () C:\Users\User\Desktop\JRT.txt
2014-12-16 23:05 - 2014-12-16 23:05 - 00000000 ____D () C:\WINDOWS\ERUNT
2014-12-16 23:04 - 2014-12-16 23:04 - 01707646 _____ (Thisisu) C:\Users\User\Desktop\JRT.exe
2014-12-16 22:59 - 2014-12-16 23:01 - 00000000 ____D () C:\AdwCleaner
2014-12-16 22:59 - 2014-12-16 22:59 - 02166272 _____ () C:\Users\User\Desktop\AdwCleaner.exe
2014-12-16 22:52 - 2014-12-16 22:52 - 04166770 _____ () C:\Users\User\Downloads\tdsskiller.zip
2014-12-16 22:52 - 2014-12-12 00:46 - 04187592 _____ (Kaspersky Lab ZAO) C:\Users\User\Desktop\TDSSKiller.exe
2014-12-16 22:51 - 2014-12-16 22:53 - 00051022 _____ () C:\Users\User\Desktop\Result.txt
2014-12-16 22:50 - 2014-12-16 22:50 - 00401920 _____ (Farbar) C:\Users\User\Desktop\MiniToolBox.exe
2014-12-16 22:24 - 2014-12-16 22:24 - 00381542 _____ () C:\Users\User\Desktop\ESETPoweliksCleaner.exe_20141216.222400.9808.log
2014-12-16 22:19 - 2014-12-16 22:19 - 00381608 _____ () C:\Users\User\Desktop\ESETPoweliksCleaner.exe_20141216.221952.5796.log
2014-12-16 22:18 - 2014-12-16 22:18 - 00186568 _____ (ESET) C:\Users\User\Desktop\ESETPoweliksCleaner.exe
2014-12-15 18:59 - 2014-10-30 17:37 - 00129536 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\poqexec.exe
2014-12-15 18:59 - 2014-10-30 17:34 - 00146432 _____ (Microsoft Corporation) C:\WINDOWS\system32\poqexec.exe
2014-12-12 22:13 - 2014-12-12 22:13 - 01142392 _____ () C:\Users\User\Downloads\SteamSetup.exe
2014-12-11 19:26 - 2014-12-11 19:26 - 00000000 ____D () C:\Users\User\Documents\My Received Files
2014-12-10 21:42 - 2014-12-10 21:53 - 424146939 _____ () C:\Users\User\Downloads\Astronomer's Visual Pack - Interstellar.zip
2014-12-10 13:37 - 2014-11-09 21:29 - 00034304 _____ (Microsoft Corporation) C:\WINDOWS\system32\DeviceSetupStatusProvider.dll
2014-12-10 13:37 - 2014-11-09 20:51 - 00028672 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\DeviceSetupStatusProvider.dll
2014-12-10 13:37 - 2014-10-31 18:57 - 01091072 _____ (Microsoft Corporation) C:\WINDOWS\system32\MrmCoreR.dll
2014-12-10 13:37 - 2014-10-31 18:47 - 00790528 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MrmCoreR.dll
2014-12-10 13:37 - 2014-10-30 18:39 - 01970432 _____ (Microsoft Corporation) C:\WINDOWS\system32\crypt32.dll
2014-12-10 13:37 - 2014-10-30 18:38 - 01612992 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\crypt32.dll
2014-12-10 09:17 - 2014-11-21 22:13 - 25059840 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2014-12-10 09:17 - 2014-11-21 21:50 - 00580096 _____ (Microsoft Corporation) C:\WINDOWS\system32\vbscript.dll
2014-12-10 09:17 - 2014-11-21 21:49 - 02885120 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll
2014-12-10 09:17 - 2014-11-21 21:49 - 00417280 _____ (Microsoft Corporation) C:\WINDOWS\system32\html.iec
2014-12-10 09:17 - 2014-11-21 21:48 - 00088064 _____ (Microsoft Corporation) C:\WINDOWS\system32\MshtmlDac.dll
2014-12-10 09:17 - 2014-11-21 21:35 - 00812544 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript.dll
2014-12-10 09:17 - 2014-11-21 21:34 - 06039552 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
2014-12-10 09:17 - 2014-11-21 21:22 - 19749376 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2014-12-10 09:17 - 2014-11-21 21:08 - 00092160 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtmled.dll
2014-12-10 09:17 - 2014-11-21 21:07 - 00501248 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\vbscript.dll
2014-12-10 09:17 - 2014-11-21 21:06 - 00340992 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\html.iec
2014-12-10 09:17 - 2014-11-21 21:06 - 00145408 _____ (Microsoft Corporation) C:\WINDOWS\system32\iepeers.dll
2014-12-10 09:17 - 2014-11-21 21:05 - 00316928 _____ (Microsoft Corporation) C:\WINDOWS\system32\dxtrans.dll
2014-12-10 09:17 - 2014-11-21 21:05 - 00064000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MshtmlDac.dll
2014-12-10 09:17 - 2014-11-21 21:01 - 02277888 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll
2014-12-10 09:17 - 2014-11-21 20:59 - 01032704 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcomm.dll
2014-12-10 09:17 - 2014-11-21 20:55 - 00661504 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript.dll
2014-12-10 09:17 - 2014-11-21 20:52 - 00262144 _____ (Microsoft Corporation) C:\WINDOWS\system32\webcheck.dll
2014-12-10 09:17 - 2014-11-21 20:49 - 00800768 _____ (Microsoft Corporation) C:\WINDOWS\system32\msfeeds.dll
2014-12-10 09:17 - 2014-11-21 20:49 - 00718848 _____ (Microsoft Corporation) C:\WINDOWS\system32\ie4uinit.exe
2014-12-10 09:17 - 2014-11-21 20:49 - 00373760 _____ (Microsoft Corporation) C:\WINDOWS\system32\iedkcs32.dll
2014-12-10 09:17 - 2014-11-21 20:46 - 02125312 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcpl.cpl
2014-12-10 09:17 - 2014-11-21 20:43 - 14412800 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2014-12-10 09:17 - 2014-11-21 20:35 - 00076288 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtmled.dll
2014-12-10 09:17 - 2014-11-21 20:34 - 00128000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iepeers.dll
2014-12-10 09:17 - 2014-11-21 20:33 - 00285696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dxtrans.dll
2014-12-10 09:17 - 2014-11-21 20:29 - 04299264 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll
2014-12-10 09:17 - 2014-11-21 20:29 - 00880128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcomm.dll
2014-12-10 09:17 - 2014-11-21 20:28 - 02358272 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll
2014-12-10 09:17 - 2014-11-21 20:25 - 00230400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\webcheck.dll
2014-12-10 09:17 - 2014-11-21 20:23 - 00688640 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msfeeds.dll
2014-12-10 09:17 - 2014-11-21 20:23 - 00326656 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iedkcs32.dll
2014-12-10 09:17 - 2014-11-21 20:22 - 02052096 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcpl.cpl
2014-12-10 09:17 - 2014-11-21 20:15 - 01548288 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
2014-12-10 09:17 - 2014-11-21 20:13 - 12836864 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
2014-12-10 09:17 - 2014-11-21 20:03 - 00800768 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieapfltr.dll
2014-12-10 09:17 - 2014-11-21 20:00 - 01888256 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll
2014-12-10 09:17 - 2014-11-21 19:56 - 01307136 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll
2014-12-10 09:17 - 2014-11-21 19:54 - 00710144 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieapfltr.dll
2014-12-10 09:17 - 2014-11-06 23:16 - 01762840 _____ (Microsoft Corporation) C:\WINDOWS\system32\WindowsCodecs.dll
2014-12-10 09:17 - 2014-11-06 22:26 - 01489072 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WindowsCodecs.dll
2014-12-10 09:17 - 2014-10-12 21:43 - 00238912 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\sdbus.sys
2014-12-10 09:17 - 2014-10-12 21:43 - 00153920 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dumpsd.sys
2014-12-10 09:17 - 2014-10-12 21:43 - 00086336 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\pdc.sys
2014-12-10 09:17 - 2014-10-12 21:43 - 00039744 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\intelpep.sys
2014-12-08 17:18 - 2014-12-08 17:18 - 00041869 _____ () C:\Users\User\Downloads\PlanetShine-0.2.2.zip
2014-12-08 10:39 - 2014-12-08 10:39 - 00034245 _____ () C:\Users\User\Downloads\DistantObject_1.4.1.zip
2014-12-07 19:57 - 2014-12-07 19:57 - 01081992 _____ (Unity Technologies ApS) C:\Users\User\Downloads\UnityWebPlayer.exe
2014-12-07 19:57 - 2014-12-07 19:57 - 00000000 ____D () C:\Users\User\AppData\Local\Unity
2014-12-05 17:30 - 2014-12-05 17:30 - 09925505 _____ () C:\Users\User\Downloads\EnvironmentalVisualEnhancements-7-4-LR.zip
2014-12-05 17:30 - 2014-12-05 17:30 - 01776825 _____ () C:\Users\User\Downloads\ProcFairings_3.10.zip
2014-12-05 17:29 - 2014-12-05 17:29 - 07403194 _____ () C:\Users\User\Downloads\ProceduralParts-0.9.20.zip
2014-12-05 13:22 - 2014-12-19 22:54 - 00000000 ____D () C:\Users\User\Documents\Chemistry 12
2014-12-04 12:38 - 2014-12-05 13:22 - 00059904 ___SH () C:\Users\User\Documents\Thumbs.db
2014-12-04 12:37 - 2014-12-05 13:23 - 00000000 ____D () C:\Users\User\Documents\English 11
2014-12-01 18:37 - 2014-12-01 18:38 - 05997448 _____ () C:\Users\User\Downloads\TacLifeSupport_0.10.1.13.zip
2014-12-01 18:37 - 2014-12-01 18:37 - 38650007 _____ () C:\Users\User\Downloads\MKS-master.zip
2014-11-28 19:20 - 2014-11-28 19:20 - 01961163 _____ () C:\Users\User\Downloads\SCANsat.v8.zip
2014-11-28 19:19 - 2014-11-28 19:19 - 00581923 _____ () C:\Users\User\Downloads\RasterPropMonitor 0.18.3.zip
2014-11-27 17:44 - 2014-11-27 17:44 - 00744634 _____ () C:\Users\User\Downloads\Applets.zip
2014-11-27 17:44 - 2014-11-27 17:44 - 00050783 _____ () C:\Users\User\Downloads\cards_gif.zip
2014-11-26 20:35 - 2014-11-26 20:39 - 56671297 _____ () C:\Users\User\Downloads\KW Release Package v2.6d2.zip
 
==================== One Month Modified Files and Folders =======
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2014-12-25 12:57 - 2014-11-01 18:30 - 01592342 _____ () C:\WINDOWS\WindowsUpdate.log
2014-12-25 12:57 - 2013-01-28 10:29 - 00000000 ____D () C:\ProgramData\WinClon
2014-12-25 12:56 - 2014-05-06 21:36 - 00000000 ____D () C:\ProgramData\MFAData
2014-12-25 12:55 - 2013-07-19 10:22 - 00003594 _____ () C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-664592772-186111481-3113653328-1002
2014-12-25 12:51 - 2014-09-07 19:50 - 00129752 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2014-12-25 12:51 - 2014-08-13 21:41 - 00000350 _____ () C:\WINDOWS\Tasks\GlaryInitialize 5.job
2014-12-25 12:51 - 2013-09-01 12:58 - 00000000 ____D () C:\Program Files (x86)\Steam
2014-12-25 12:50 - 2013-09-01 12:42 - 00000912 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2014-12-25 12:49 - 2013-08-22 09:45 - 00000006 ____H () C:\WINDOWS\Tasks\SA.DAT
2014-12-24 20:02 - 2013-08-22 10:36 - 00000000 ____D () C:\WINDOWS\system32\sru
2014-12-24 19:46 - 2014-06-10 17:05 - 00000830 _____ () C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
2014-12-24 19:17 - 2013-09-01 12:42 - 00000916 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2014-12-24 17:43 - 2013-08-22 10:36 - 00000000 ____D () C:\WINDOWS\AppReadiness
2014-12-23 23:24 - 2013-08-22 08:25 - 00262144 ___SH () C:\WINDOWS\system32\config\BBI
2014-12-23 22:22 - 2013-08-22 08:25 - 00262144 ___SH () C:\WINDOWS\system32\config\ELAM
2014-12-23 22:15 - 2014-05-09 08:10 - 07744000 ___SH () C:\Users\User\Downloads\Thumbs.db
2014-12-23 17:29 - 2014-06-08 21:07 - 00065024 ___SH () C:\Users\User\Desktop\Thumbs.db
2014-12-22 12:23 - 2014-09-17 13:19 - 00000000 ____D () C:\Python
2014-12-21 17:02 - 2012-07-26 02:59 - 00000000 ____D () C:\WINDOWS\CbsTemp
2014-12-19 23:53 - 2014-09-09 07:50 - 00000000 ____D () C:\Users\User\Documents\Data Management
2014-12-17 22:45 - 2014-09-21 12:13 - 00003528 _____ () C:\Users\User\Desktop\Rkill.txt
2014-12-17 09:07 - 2014-08-03 17:19 - 00000000 ____D () C:\Java
2014-12-17 00:01 - 2014-08-22 18:40 - 00000000 ____D () C:\Users\User\Downloads\GIFs
2014-12-16 22:36 - 2014-07-09 11:57 - 00007640 _____ () C:\Users\User\AppData\Local\Resmon.ResmonCfg
2014-12-16 21:04 - 2014-08-13 21:41 - 00000000 ____D () C:\Users\User\AppData\Roaming\DiskDefrag
2014-12-15 21:35 - 2013-08-22 10:36 - 00000000 ____D () C:\WINDOWS\rescache
2014-12-14 22:19 - 2013-08-22 10:36 - 00000000 ____D () C:\WINDOWS\system32\NDF
2014-12-14 16:50 - 2014-11-15 12:44 - 00034320 _____ () C:\WINDOWS\DirectX.log
2014-12-13 17:13 - 2014-06-08 21:31 - 00000000 ____D () C:\ProgramData\AVG2014
2014-12-12 22:41 - 2013-09-01 12:58 - 00000985 _____ () C:\Users\Public\Desktop\Steam.lnk
2014-12-12 22:14 - 2013-09-01 12:58 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Steam
2014-12-12 21:47 - 2013-09-02 11:19 - 00000000 ____D () C:\WINDOWS\system32\MRT
2014-12-12 21:41 - 2013-07-19 13:07 - 112710672 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2014-12-12 09:20 - 2013-09-01 12:43 - 00002205 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2014-12-11 19:09 - 2014-11-01 18:30 - 00003273 _____ () C:\WINDOWS\setupact.log
2014-12-11 14:17 - 2014-09-16 14:08 - 00000000 ____D () C:\Python34
2014-12-10 10:21 - 2014-11-10 08:49 - 00006270 _____ () C:\WINDOWS\PFRO.log
2014-12-10 09:57 - 2013-08-22 10:36 - 00000000 ____D () C:\WINDOWS\system32\sr-Latn-RS
2014-12-10 09:57 - 2013-08-22 10:36 - 00000000 ____D () C:\WINDOWS\system32\sr-Latn-CS
2014-12-10 09:57 - 2013-08-22 10:36 - 00000000 ____D () C:\WINDOWS\PolicyDefinitions
2014-12-10 09:47 - 2014-05-06 21:33 - 00000000 ____D () C:\ProgramData\Microsoft Help
2014-12-09 20:52 - 2014-09-26 17:29 - 00002039 _____ () C:\Users\Public\Desktop\Adobe Reader X.lnk
2014-12-09 20:52 - 2013-01-28 10:12 - 00002487 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader X.lnk
2014-12-09 17:46 - 2014-06-10 17:05 - 00003718 _____ () C:\WINDOWS\System32\Tasks\Adobe Flash Player Updater
2014-12-04 17:24 - 2014-08-14 22:06 - 00000000 ____D () C:\Users\User\AppData\Roaming\vlc
2014-12-02 18:44 - 2014-09-07 19:50 - 00001114 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-12-02 18:44 - 2014-09-07 19:50 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-12-02 18:44 - 2014-09-07 19:49 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-11-27 17:34 - 2014-03-18 05:03 - 00863592 _____ () C:\WINDOWS\system32\PerfStringBackup.INI
2014-11-26 16:10 - 2014-09-13 10:32 - 00714720 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
2014-11-26 16:10 - 2014-09-13 10:32 - 00106976 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl
 
Files to move or delete:
====================
C:\ProgramData\MakeMarkerFile.exe
C:\Users\EasySurvey\EasySurvey.exe
 
 
==================== Bamital & volsnap Check =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
 
 
LastRegBack: 2014-12-21 16:54
 
==================== End Of Log ============================


#6 AnthonyY

AnthonyY
  • Topic Starter

  • Members
  • 47 posts
  • OFFLINE
  •  
  • Local time:10:42 AM

Posted 25 December 2014 - 01:02 PM

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 25-12-2014
Ran by Anthony Y at 2014-12-25 12:59:11
Running from C:\Users\User\Desktop
Boot Mode: Normal
==========================================================
 
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
AV: AVG Internet Security 2014 (Enabled - Up to date) {0E9420C4-06B3-7FA0-3AB1-6E49CB52ECD9}
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: AVG Internet Security 2014 (Enabled - Up to date) {B5F5C120-2089-702E-0001-553BB0D5A664}
FW: AVG Internet Security 2014 (Enabled) {36AFA1E1-4CDC-7EF8-11EE-C77C3581ABA2}
 
==================== Installed Programs ======================
 
(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
«Tropico 5 - Steam Special Edition» (HKLM-x32\...\«Tropico 5 - Steam Special Edition»_is1) (Version:  - Kalypso Media Digital)
µTorrent (HKU\S-1-5-21-664592772-186111481-3113653328-1002\...\uTorrent) (Version: 3.4.2.34309 - BitTorrent Inc.)
64 Bit HP CIO Components Installer (Version: 7.2.8 - Hewlett-Packard) Hidden
Absolute Reminder (HKLM-x32\...\{40F4FF7A-B214-4453-B973-080B09CED019}) (Version: 2.1.0.8 - Absolute Software)
Adobe Flash Player 15 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 15.0.0.246 - Adobe Systems Incorporated)
Adobe Photoshop Elements 11 (HKLM-x32\...\Adobe Photoshop Elements 11) (Version: 11.0 - Adobe Systems Incorporated)
Adobe Reader X (10.1.13) MUI (HKLM-x32\...\{AC76BA86-7AD7-FFFF-7B44-AA0000000001}) (Version: 10.1.13 - Adobe Systems Incorporated)
AllSharePlayLink (HKLM-x32\...\{CE1836A8-3F2B-49BD-8395-93DD414068D2}) (Version: 1.0.0 - Samsung Electronics Co., Ltd.)
Apple Application Support (HKLM-x32\...\{83CAF0DE-8D3B-4C37-A631-2B8F16EC3031}) (Version: 3.1 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{BDD99690-3541-4619-9D2A-3CDDB3E15F9E}) (Version: 8.0.5.6 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
AVG 2014 (HKLM\...\AVG) (Version: 2014.0.4794 - AVG Technologies)
AVG 2014 (Version: 14.0.4253 - AVG Technologies) Hidden
AVG 2014 (Version: 14.0.4794 - AVG Technologies) Hidden
AVG SafeGuard toolbar (HKLM-x32\...\AVG SafeGuard toolbar) (Version: 18.1.9.786 - AVG Technologies)
Banished (HKLM-x32\...\Steam App 242920) (Version:  - Shining Rock Software LLC)
Bitcasa version 0.9.20.4135 (HKLM\...\{EDA09459-AD7D-4434-BA0C-647F6703EA12}_is1) (Version: 0.9.20.4135 - Bitcasa Inc.)
Blitzkrieg Mod version 4.8.1.0 (HKLM-x32\...\{81EC7B6D-B297-4820-B5BE-5A2373725158}_is1) (Version: 4.8.1.0 - Blitzkrieg Mod Team)
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
Cheat Engine 6.4 (HKLM-x32\...\Cheat Engine 6.4_is1) (Version:  - Cheat Engine)
Chivalry: Medieval Warfare Beta (HKLM-x32\...\Steam App 232210) (Version:  - )
Cisco Connect (HKLM-x32\...\Cisco Connect) (Version: 1.4.12005.2 - Cisco Consumer Products LLC)
Cities in Motion 2 (HKLM-x32\...\Steam App 225420) (Version:  - Colossal Order Ltd.)
Company of Heroes (New Steam Version) (HKLM-x32\...\Steam App 228200) (Version:  - Relic)
Company of Heroes 2 (HKLM-x32\...\Steam App 231430) (Version:  - Relic Entertainment)
Cubic Castles (HKLM-x32\...\Steam App 317470) (Version:  - Cosmic Cow LLC)
CyberLink Power2Go 8 (HKLM-x32\...\InstallShield_{2A87D48D-3FDF-41fd-97CD-A1E370EFFFE2}) (Version: 8.0.0.1912 - CyberLink Corp.)
CyberLink PowerDVD 10 (HKLM-x32\...\InstallShield_{DEC235ED-58A4-4517-A278-C41E8DAEAB3B}) (Version: 10.0.4421.52 - CyberLink Corp.)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
Darkest Hour: Europe '44-'45 (HKLM-x32\...\Steam App 1280) (Version:  - Darkest Hour Team)
Darwinia (HKLM-x32\...\Steam App 1500) (Version:  - Introversion Software)
DEFCON (HKLM-x32\...\Steam App 1520) (Version:  - Introversion Software)
Easy File Share (HKLM-x32\...\{A7C37D4B-F37A-42E8-9B6A-B28C18AD4C12}) (Version: 1.3.4 - Samsung Electronics CO.,LTD.)
EditPlus 3 (64 bit) (HKLM\...\EditPlus 3) (Version:  - ES-Computing)
Elements 11 Organizer (x32 Version: 11.0 - Adobe Systems Incorporated) Hidden
Empire: Total War (HKLM-x32\...\Steam App 10500) (Version:  - The Creative Assembly)
Endless Space (HKLM-x32\...\Steam App 208140) (Version:  - Amplitude Studios)
E-POP (HKLM-x32\...\{F06DD8D9-9DC8-430C-835C-C9BF21E05CC1}) (Version: 1.0.1 - Samsung Electronics CO., LTD.)
ESET Online Scanner v3 (HKLM-x32\...\ESET Online Scanner) (Version:  - )
ExpressCache (HKLM\...\{3EA6AB5D-D434-4ACA-9609-48F1319518EF}) (Version: 1.0.94 - Condusiv Technologies)
FTL: Faster Than Light (HKLM-x32\...\Steam App 212680) (Version:  - Subset Games)
Glary Utilities 5.5 (HKLM-x32\...\Glary Utilities 5) (Version: 5.5.0.12 - Glarysoft Ltd)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 39.0.2171.95 - Google Inc.)
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
Happy Wars (HKLM-x32\...\Steam App 246280) (Version:  - Toylogic inc.)
Hearts of Iron III (HKLM-x32\...\Steam App 25890) (Version:  - Paradox Development Studio)
Help Desk (HKLM\...\{22B32087-797D-4A1B-AFA7-072C87580ADC}) (Version: 1.0.9 - Samsung Electronics CO., LTD.)
Heroes & Generals (HKLM-x32\...\Steam App 227940) (Version:  - Reto-Moto)
HP LaserJet 100 color MFP M175 (HKLM-x32\...\{965D0289-10E1-45ec-B11F-A60AC9AE8D4D}) (Version:  - Hewlett-Packard)
HP Support Solutions Framework (HKLM-x32\...\{44157EB3-D8D0-4BB1-B0F5-AD2C38814ED1}) (Version: 11.51.0027 - Hewlett-Packard Company)
HP Update (HKLM-x32\...\{B0069CFA-5BB9-4C03-B1C6-89CE290E5AFE}) (Version: 5.002.006.003 - Hewlett-Packard)
hpbDSService (x32 Version: 001.001.05133 - Hewlett-Packard) Hidden
hpbM175DSService (x32 Version: 001.001.05133 - Hewlett-Packard) Hidden
HPLaserJet100ColorMFPM175_HelpLearnCenter_SI (HKLM-x32\...\{19542156-285B-458C-994D-2A21889001DF}) (Version: 1.00.0000 - Hewlett-Packard)
HPLJUT (x32 Version: 1.00.0012 - HP) Hidden
hppLaserJetService (x32 Version: 002.015.00602 - Hewlett-Packard) Hidden
hppM175LaserJetService (x32 Version: 001.014.00480 - Hewlett-Packard) Hidden
InstanceFinder (x32 Version: 1.00.0001 - HP) Hidden
Insurgency (HKLM-x32\...\Steam App 222880) (Version:  - New World Interactive)
Intel AppUp(SM) center (HKLM-x32\...\Intel AppUp(SM) center 33070) (Version: 3.6.1.33070.11 - Intel)
Intel® Manageability Engine Firmware Recovery Agent (HKLM-x32\...\{A6C48A9F-694A-4234-B3AA-62590B668927}) (Version: 1.0.0.36702 - Intel Corporation)
Intel® Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 8.1.0.1252 - Intel Corporation)
Intel® Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 10.18.10.3621 - Intel Corporation)
Intel® PROSet/Wireless Software for Bluetooth® Technology (HKLM\...\{302600C1-6BDF-4FD1-1309-148929CC1385}) (Version: 3.1.1309.0390 - Intel Corporation)
Intel® Rapid Storage Technology (HKLM-x32\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 11.5.2.1001 - Intel Corporation)
Intel® SDK for OpenCL - CPU Only Runtime Package (HKLM-x32\...\{FCB3772C-B7D0-4933-B1A9-3707EBACC573}) (Version: 2.0.0.37149 - Intel Corporation)
Intel® WiDi (HKLM\...\{6097158B-0184-4140-BEC3-7885794D2571}) (Version: 3.5.40.0 - Intel Corporation)
Intel® PROSet/Wireless Software (HKLM-x32\...\{c9967fbd-e3c3-4ed0-992a-5b33260f2944}) (Version: 16.1.5 - Intel Corporation)
iSpy (HKLM-x32\...\{DF547F06-961B-4F0E-88E4-A6DB44B9D498}) (Version: 6.2.4 - iSpy)
iTunes (HKLM\...\{2ABBBD91-91E5-4AD7-929A-FE15D1DC0576}) (Version: 12.0.1.26 - Apple Inc.)
Java 7 Update 65 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F03217065FF}) (Version: 7.0.650 - Oracle)
Java 8 Update 25 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218025F0}) (Version: 8.0.250 - Oracle Corporation)
Java SE Development Kit 8 Update 11 (64-bit) (HKLM\...\{64A3A4F4-B792-11D6-A78A-00B0D0180110}) (Version: 8.0.110 - Oracle Corporation)
Kerbal Space Program (HKLM-x32\...\Steam App 220200) (Version:  - Squad)
Kinetic Void (HKLM-x32\...\Steam App 227160) (Version:  - Badland Studio)
Malwarebytes Anti-Malware version 2.0.4.1028 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.4.1028 - Malwarebytes Corporation)
Men of War: Assault Squad (HKLM-x32\...\Steam App 64000) (Version:  - Digitalmindsoft)
Microsoft Chart Controls for Microsoft .NET Framework 3.5 (HKLM-x32\...\{41785C66-90F2-40CE-8CB5-1C94BFC97280}) (Version: 3.5.0.0 - Microsoft Corporation)
Microsoft Office Home and Student 2010 (HKLM-x32\...\Office14.SingleImage) (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.60610 (HKLM-x32\...\{a1909659-0a08-4554-8af1-2175904903a1}) (Version: 11.0.60610.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.60610 (HKLM-x32\...\{95716cce-fc71-413f-8ad5-56c2892d4b3a}) (Version: 11.0.60610.1 - Microsoft Corporation)
Microsoft XNA Framework Redistributable 3.1 (HKLM-x32\...\{19BFDA5D-1FE2-4F25-97F9-1A79DD04EE20}) (Version: 3.1.10527.0 - Microsoft Corporation)
Mount & Blade: Warband (HKLM-x32\...\Steam App 48700) (Version:  - TaleWorlds Entertainment)
Movie Maker (x32 Version: 16.4.3503.0728 - Microsoft Corporation) Hidden
Mozilla Firefox 30.0 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 30.0 (x86 en-US)) (Version: 30.0 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 29.0.1 - Mozilla)
Multiwinia (HKLM-x32\...\Steam App 1530) (Version:  - Introversion Software)
Norton Online Backup (HKLM-x32\...\{40A66DF6-22D3-44B5-A7D3-83B118A2C0DC}) (Version: 2.2.3.51 - Symantec Corporation)
Norton Online Backup ARA (x32 Version: 4.1.0.14 - Symantec Corporation) Hidden
Notepad++ (HKLM-x32\...\Notepad++) (Version: 6.7 - Notepad++ Team)
NVIDIA GeForce Experience 2.1.3 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 2.1.3 - NVIDIA Corporation)
NVIDIA Graphics Driver 344.48 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 344.48 - NVIDIA Corporation)
NVIDIA PhysX System Software 9.14.0702 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.14.0702 - NVIDIA Corporation)
paint.net (HKLM\...\{F509C1F4-0029-49F9-B145-A4C4E8DF481A}) (Version: 4.0.3 - dotPDN LLC)
Pandora: First Contact (HKLM-x32\...\Steam App 287580) (Version:  - Proxy Studios)
Papers, Please (HKLM-x32\...\Steam App 239030) (Version:  - 3909)
Pixel Piracy (HKLM-x32\...\Steam App 264140) (Version:  - Vitali Kirpu)
PlanetSide 2 (HKLM-x32\...\Steam App 218230) (Version:  - Sony Online Entertainment)
PlanetSide 2 (HKU\S-1-5-21-664592772-186111481-3113653328-1002\...\SOE-PlanetSide 2) (Version:  - Sony Online Entertainment)
Plants vs. Zombies (HKLM-x32\...\Plants vs. Zombies) (Version:  - PopCap Games)
Portal (HKLM-x32\...\Steam App 400) (Version:  - Valve)
Portal 2 (HKLM-x32\...\Steam App 620) (Version:  - Valve)
POSTAL 2 (HKLM-x32\...\Steam App 223470) (Version:  - Running With Scissors)
Prison Architect (HKLM-x32\...\Steam App 233450) (Version:  - Introversion Software)
PSE11 STI Installer (x32 Version: 11.0 - Adobe Systems Incorporated) Hidden
PunkBuster Services (HKLM-x32\...\PunkBusterSvc) (Version: 0.992 - Even Balance, Inc.)
Python 3.4.1 (64-bit) (HKLM\...\{d54842cb-f761-30ba-881f-1ff821dc44df}) (Version: 3.4.1150 - Python Software Foundation)
QuickTime 7 (HKLM-x32\...\{3D2CBC2C-65D4-4463-87AB-BB2C859C1F3E}) (Version: 7.76.80.95 - Apple Inc.)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 8.2.612.2012 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6699 - Realtek Semiconductor Corp.)
Receiver (HKLM-x32\...\Steam App 234190) (Version:  - Wolfire Games)
Recovery (HKLM-x32\...\{145DE957-0679-4A2A-BB5C-1D3E9808FAB2}) (Version: 6.0.9.10 - Samsung Electronics CO., LTD.)
Red Orchestra 2: Heroes of Stalingrad - Single Player (HKLM-x32\...\Steam App 236830) (Version:  - )
Red Orchestra: Ostfront 41-45 (HKLM-x32\...\Steam App 1200) (Version:  - Tripwire Interactive)
Reflector (HKLM\...\{77342B24-A2A9-4420-8C9C-C109EE201CBC}) (Version: 1.3.3.1 - Squirrels)
Rising Storm/Red Orchestra 2 Multiplayer (HKLM-x32\...\Steam App 35450) (Version:  - Tripwire Interactive)
ROBLOX Player for Anthony Y (HKU\S-1-5-21-664592772-186111481-3113653328-1002\...\{373B1718-8CC5-4567-8EE2-9033AD08A680}) (Version:  - ROBLOX Corporation)
Robocraft (HKLM-x32\...\Steam App 301520) (Version:  - Freejam)
Romae Bellum 3.0 (HKLM-x32\...\Romae Bellum) (Version: 3.0 - )
S Agent (Version: 1.1.47 - Samsung Electronics CO., LTD.) Hidden
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{DE28B448-32E8-4E8F-84F0-A52B21A49B5B}) (Version:  - Microsoft)
Settings (HKLM-x32\...\{8CB5C357-12E5-41B1-A024-D57D4E6F32D9}) (Version: 2.0.1 - Samsung Electronics CO., LTD.)
Sharepod 4.0.1.2 (HKLM-x32\...\{085BCFB8-F6FB-4600-AFAB-1F6DBC7F5F99}_is1) (Version:  - Macroplant LLC)
SHIELD Streaming (Version: 3.1.1000 - NVIDIA Corporation) Hidden
SHIELD Wireless Controller Driver (Version: 16.13.56 - NVIDIA Corporation) Hidden
Sid Meier's Civilization V (HKLM-x32\...\Steam App 8930) (Version:  - 2K Games, Inc.)
Sins of a Solar Empire: Rebellion (HKLM-x32\...\Steam App 204880) (Version:  - Ironclad Games)
Skype Click to Call (HKLM-x32\...\{6D1221A9-17BF-4EC0-81F2-27D30EC30701}) (Version: 7.3.16540.9015 - Microsoft Corporation)
Skype™ 6.18 (HKLM-x32\...\{7A3C7E05-EE37-47D6-99E1-2EB05A3DA3F7}) (Version: 6.18.106 - Skype Technologies S.A.)
Sniper Elite V2 (HKLM-x32\...\Steam App 63380) (Version:  - Rebellion)
Spintires (HKLM-x32\...\Spintires_R.G. Mechanics_is1) (Version:  - R.G. Mechanics, markfiter)
StarDrive (HKLM-x32\...\Steam App 220660) (Version:  - Zero Sum Games)
Support Center (HKLM\...\{8EC7C961-2CD2-49DC-8F39-75E9CD20BB19}) (Version: 2.1.100 - Samsung Electronics CO., LTD.)
Support Center FAQ (x32 Version: 1.0.9 - Samsung Electronics CO., LTD.) Hidden
Surgeon Simulator 2013 (HKLM-x32\...\Steam App 233720) (Version:  - Bossa Studios)
SW Update (HKLM-x32\...\{DA06101F-FD76-4BF0-88BD-B26A197005E3}) (Version: 2.1.21 - Samsung Electronics CO., LTD.)
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 16.2.14.2 - Synaptics Incorporated)
TeamSpeak 3 Client (HKLM\...\TeamSpeak 3 Client) (Version: 3.0.15 - TeamSpeak Systems GmbH)
The Elder Scrolls V: Skyrim (HKLM-x32\...\Steam App 72850) (Version:  - Bethesda Game Studios)
The Escapists (HKLM-x32\...\Steam App 298630) (Version:  - Mouldy Toof Studios)
The Long Dark (HKLM-x32\...\Steam App 305620) (Version:  - Hinterland Studio Inc.)
ToolboxProxy (x32 Version: 1.00.0001 - HP) Hidden
Total War: ROME II - Emperor Edition (HKLM-x32\...\Steam App 214950) (Version:  - Creative Assembly)
Unity Web Player (HKU\S-1-5-21-664592772-186111481-3113653328-1002\...\UnityWebPlayer) (Version: 4.6.0f3 - Unity Technologies ApS)
Universe Sandbox (HKLM-x32\...\Steam App 72200) (Version:  - Giant Army)
Unturned (HKLM-x32\...\Steam App 304930) (Version:  - Nelson Sexton)
Uplink (HKLM-x32\...\Steam App 1510) (Version:  - Introversion Software)
User Guide (HKLM-x32\...\{93467343-BD37-4643-8A4B-E5463CD9B7E2}) (Version: 1.3.00 - Samsung Electronics CO., LTD.)
Visual Studio 2012 x64 Redistributables (HKLM\...\{8C775E70-A791-4DA8-BCC3-6AB7136F4484}) (Version: 14.0.0.1 - AVG Technologies)
Visual Studio 2012 x86 Redistributables (HKLM-x32\...\{98EFF19A-30AB-4E4B-B943-F06B1C63EBF8}) (Version: 14.0.0.1 - AVG Technologies CZ, s.r.o.)
VLC media player 2.1.3 (HKLM-x32\...\VLC media player) (Version: 2.1.3 - VideoLAN)
Wargame: AirLand Battle (HKLM-x32\...\Steam App 222750) (Version:  - Eugen Systems)
Wargame: Red Dragon (HKLM-x32\...\Steam App 251060) (Version:  - Eugen Systems)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3503.0728 - Microsoft Corporation)
WinRAR 5.10 (32-bit) (HKLM-x32\...\WinRAR archiver) (Version: 5.10.0 - win.rar GmbH)
World of Tanks (HKLM-x32\...\{1EAC1D02-C6AC-4FA6-9A44-96258C37C812NA}_is1) (Version:  - Wargaming.net)
X3: Albion Prelude (HKLM-x32\...\Steam App 201310) (Version:  - Egosoft)
XCom Long War EW Mod version Beta 14f (HKLM-x32\...\{860C3266-65B9-4BF2-937A-1778483046B5}_is1) (Version: Beta 14f - JohnnyLump)
XCOM: Enemy Unknown (HKLM-x32\...\Steam App 200510) (Version:  - Firaxis Games)
影像中心 (x32 Version: 16.4.3503.0728 - Microsoft Corporation) Hidden
照片库 (x32 Version: 16.4.3503.0728 - Microsoft Corporation) Hidden
 
==================== Custom CLSID (selected items): ==========================
 
(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)
 
CustomCLSID: HKU\S-1-5-21-664592772-186111481-3113653328-1002_Classes\CLSID\{820D63D5-8CFF-46DE-86AF-4997DEDD6DB5}\localserver32 -> C:\WINDOWS\system32\igfxEM.exe (Intel Corporation)
 
==================== Restore Points  =========================
 
27-11-2014 20:03:48 Windows Update
07-12-2014 13:18:47 Scheduled Checkpoint
12-12-2014 21:40:09 Windows Update
14-12-2014 16:47:56 Installed DirectX
21-12-2014 16:56:25 Windows Update
 
==================== Hosts content: ==========================
 
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 
2013-08-22 08:25 - 2013-08-22 08:25 - 00000824 ____A C:\WINDOWS\system32\Drivers\etc\hosts
 
==================== Scheduled Tasks (whitelisted) =============
 
(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)
 
Task: {0C35C05A-789D-497C-A346-E1D7FA6BC07D} - System32\Tasks\advRecovery => C:\Program Files\Samsung\Recovery\WCScheduler.exe [2013-06-19] (SEC)
Task: {0D45E00A-B01C-43D1-8250-D11D87681CD0} - System32\Tasks\Settings => C:\Program Files (x86)\Samsung\Settings\sSettings.exe [2012-11-30] (Samsung Electronics CO., LTD.)
Task: {17E16936-D1AF-4101-9200-24DECB64D6C4} - System32\Tasks\GlaryInitialize 5 => C:\Program Files (x86)\Glary Utilities 5\Initialize.exe [2014-08-04] (Glarysoft Ltd)
Task: {225F74AB-F22F-41D8-A561-DCD1EF16508C} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {2572EE08-A0F9-4CEA-A4CF-C57E384F7BCF} - System32\Tasks\GU5SkipUAC => C:\Program Files (x86)\Glary Utilities 5\Integrator.exe [2014-08-04] (Glarysoft Ltd)
Task: {2ADFA104-FE11-4E9E-9518-C81D1B07D24B} - System32\Tasks\OfficeSoftwareProtectionPlatform\SvcRestartTask => Sc.exe start osppsvc
Task: {39E9D9DB-C760-44C4-A80E-25C5260AEC40} - System32\Tasks\HPLJCustParticipation => C:\Program Files (x86)\HP\HPLJUT\HPLJUTSCH.exe [2010-09-22] (Hewlett Packard)
Task: {5196EF4D-2A96-401F-9830-9C254FBB1320} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2014-12-19] (Adobe Systems Incorporated)
Task: {7096D61B-F6FC-45EF-AAF5-8D7ACD6762BE} - System32\Tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d-Logon => C:\Program Files (x86)\Intel\Intel® ME FW Recovery Agent\bin\Bootstrap.exe [2012-06-13] (Intel Corporation)
Task: {947565CA-E89D-4239-BBFC-BE9A9A505D7B} - System32\Tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d => C:\Program Files (x86)\Intel\Intel® ME FW Recovery Agent\bin\Bootstrap.exe [2012-06-13] (Intel Corporation)
Task: {98507405-A2F6-41E4-A34A-768304A86D8A} - System32\Tasks\SAgent => C:\Program Files\Samsung\S Agent\CommonAgent.exe [2014-03-19] (Samsung Electronics CO., LTD.)
Task: {9B96F4D8-EB47-4897-84B7-F4CD05B01976} - System32\Tasks\Synaptics TouchPad Enhancements => \Program Files\Synaptics\SynTP\SynTPEnh.exe [2012-10-16] (Synaptics Incorporated)
Task: {ADD29AF3-E1C4-47FF-8F74-51E99ABA79C3} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-09-01] (Google Inc.)
Task: {BA367469-DC85-4926-946B-034442914C3B} - System32\Tasks\ECReset => %Programdata%\ExpressCacheRun.exe
Task: {C97D3067-2422-49EA-88AA-5BE9B11D98DA} - System32\Tasks\{367D65F7-7F13-4488-9172-2BAA4AD973D6} => Chrome.exe http://ui.skype.com/ui/0/6.16.60.105/en/abandoninstall?page=tsMain
Task: {D3BF5D5E-0BBB-49B5-8FC6-448E5E99830A} - System32\Tasks\Adobe Flash Player Updater => C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-12-09] (Adobe Systems Incorporated)
Task: {DA4175DE-B6D5-4617-BABD-79BD253488D1} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-09-01] (Google Inc.)
Task: {EBD619FB-FED2-420D-82D0-59C066D37975} - System32\Tasks\Shutdown => C:\Windows\System32\shutdown.exe [2013-08-22] (Microsoft Corporation)
Task: {F5FD7414-E539-418F-820C-EB7B26EF9F95} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\WINDOWS\system32\MRT.exe [2014-12-12] (Microsoft Corporation)
Task: C:\WINDOWS\Tasks\Adobe Flash Player Updater.job => C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\WINDOWS\Tasks\GlaryInitialize 5.job => C:\Program Files (x86)\Glary Utilities 5\Initialize.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
 
==================== Loaded Modules (whitelisted) =============
 
2014-11-01 18:33 - 2014-10-16 11:54 - 00012104 _____ () C:\Program Files\NVIDIA Corporation\CoProcManager\detoured.dll
2014-11-01 18:47 - 2014-10-16 09:11 - 00116880 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll
2012-11-30 02:26 - 2012-11-30 02:26 - 00082312 _____ () C:\Program Files (x86)\Samsung\Settings\CmdServer\EasySettingsCmdServer.exe
2014-08-11 11:45 - 2014-08-11 11:44 - 00159768 _____ () C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\18.1.9\loggingserver.exe
2014-03-19 10:41 - 2014-03-19 10:41 - 00088624 _____ () C:\Program Files\Samsung\S Agent\ToastX64.dll
2014-06-11 14:24 - 2014-08-30 04:14 - 02640408 _____ () C:\Program Files (x86)\AVG SafeGuard toolbar\vprot.exe
2014-10-11 12:06 - 2014-10-11 12:06 - 00073544 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
2014-10-11 12:05 - 2014-10-11 12:05 - 01044776 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
2012-11-30 02:26 - 2012-11-30 02:26 - 00028792 _____ () C:\Program Files (x86)\Samsung\Settings\CmdServer\EasySettingsCmdWrapper.dll
2012-11-30 02:26 - 2012-11-30 02:26 - 01068664 _____ () C:\Program Files (x86)\Samsung\Settings\CmdServer\EasySettingsCmd.dll
2012-11-30 02:26 - 2012-11-30 02:26 - 00110712 _____ () C:\Program Files (x86)\Samsung\Settings\CmdServer\EasySettingsBase.dll
2012-11-30 02:26 - 2012-11-30 02:26 - 00056440 _____ () C:\Program Files (x86)\Samsung\Settings\CmdServer\HookDllPS2.dll
2012-11-30 02:26 - 2012-11-30 02:26 - 00211064 _____ () C:\Program Files (x86)\Samsung\Settings\CmdServer\WinCRT.dll
2012-11-30 02:26 - 2012-11-30 02:26 - 00026744 _____ () C:\Program Files (x86)\Samsung\Settings\EasySettingsAPI.dll
2012-11-30 02:26 - 2012-11-30 02:26 - 00110712 _____ () C:\Program Files (x86)\Samsung\Settings\EasySettingsBase.dll
2012-11-30 02:26 - 2012-11-30 02:26 - 00060536 _____ () C:\Program Files (x86)\Samsung\Settings\EasyMovieEnhancer.dll
2012-11-30 02:26 - 2012-11-30 02:26 - 00103032 _____ () C:\Program Files (x86)\Samsung\Settings\EasySettingsCmdClient.dll
2014-08-11 11:45 - 2014-08-11 11:44 - 00519704 _____ () C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\18.1.9\log4cplusU.dll
2014-08-29 22:15 - 2014-11-11 13:48 - 01171456 _____ () C:\Program Files (x86)\Steam\libavcodec-56.dll
2014-08-29 22:15 - 2014-11-11 13:48 - 00332800 _____ () C:\Program Files (x86)\Steam\libavresample-2.dll
2014-08-29 22:15 - 2014-11-11 13:48 - 00442368 _____ () C:\Program Files (x86)\Steam\libavutil-54.dll
2014-07-02 18:11 - 2014-11-11 13:47 - 00774656 _____ () C:\Program Files (x86)\Steam\SDL2.dll
2014-07-11 20:38 - 2014-11-18 15:23 - 02227904 _____ () C:\Program Files (x86)\Steam\video.dll
2014-08-29 22:15 - 2014-11-11 13:48 - 00403968 _____ () C:\Program Files (x86)\Steam\libavformat-56.dll
2014-08-29 22:15 - 2014-11-11 13:48 - 00485888 _____ () C:\Program Files (x86)\Steam\libswscale-3.dll
2014-07-11 20:38 - 2014-11-18 15:23 - 00690880 _____ () C:\Program Files (x86)\Steam\bin\chromehtml.DLL
2014-11-01 18:33 - 2014-10-16 11:54 - 00013120 _____ () C:\Program Files (x86)\NVIDIA Corporation\CoProcManager\detoured.dll
2013-01-28 10:08 - 2012-06-07 22:34 - 00627216 _____ () C:\Program Files (x86)\CyberLink\Power2Go8\CLMediaLibrary.dll
2012-06-07 21:34 - 2012-06-07 21:34 - 00016400 _____ () C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvcPS.dll
2013-01-28 10:18 - 2012-07-13 10:30 - 00891392 _____ () C:\Program Files (x86)\Intel\IntelAppStore\bin\QtNetwork4.dll
2013-01-28 10:18 - 2012-07-13 10:30 - 02281984 _____ () C:\Program Files (x86)\Intel\IntelAppStore\bin\QtCore4.dll
2013-01-28 10:18 - 2012-07-13 10:30 - 00016896 _____ () C:\Program Files (x86)\Intel\IntelAppStore\bin\featureController.dll
2013-01-28 10:18 - 2012-07-13 10:30 - 00062976 _____ () C:\Program Files (x86)\Intel\IntelAppStore\bin\osEvents.dll
2013-01-28 10:18 - 2012-07-13 10:30 - 00322048 _____ () C:\Program Files (x86)\Intel\IntelAppStore\bin\log4cplus.dll
2013-01-28 10:18 - 2012-07-13 10:30 - 00339456 _____ () C:\Program Files (x86)\Intel\IntelAppStore\bin\QtXml4.dll
2013-01-28 10:18 - 2012-07-13 10:30 - 00400384 _____ () C:\Program Files (x86)\Intel\IntelAppStore\bin\sqlite3.dll
2013-01-28 10:18 - 2012-07-13 10:30 - 00195584 _____ () C:\Program Files (x86)\Intel\IntelAppStore\bin\libgsoap.dll
2013-01-28 10:18 - 2012-07-13 10:30 - 00062464 _____ () C:\Program Files (x86)\Intel\IntelAppStore\bin\zlib1.dll
2013-01-28 10:18 - 2012-07-13 10:30 - 00446976 _____ () C:\Program Files (x86)\Intel\IntelAppStore\bin\deviceProfile.dll
2013-01-28 10:18 - 2012-07-13 10:30 - 00019456 _____ () C:\Program Files (x86)\Intel\IntelAppStore\bin\eventsSender.dll
2013-01-28 10:18 - 2012-07-13 10:30 - 00062976 _____ () C:\Program Files (x86)\Intel\IntelAppStore\bin\serviceManagerStarter.dll
2014-06-11 14:24 - 2014-08-30 04:14 - 01654296 _____ () C:\Program Files (x86)\AVG SafeGuard toolbar\TBAPI.dll
2014-12-12 09:20 - 2014-12-05 20:50 - 09009480 _____ () C:\Program Files (x86)\Google\Chrome\Application\39.0.2171.95\pdf.dll
2014-12-12 09:20 - 2014-12-05 20:50 - 01677128 _____ () C:\Program Files (x86)\Google\Chrome\Application\39.0.2171.95\ffmpegsumo.dll
2014-05-26 11:33 - 2014-11-11 13:48 - 34589888 _____ () C:\Program Files (x86)\Steam\bin\libcef.dll
2013-01-28 10:00 - 2012-06-25 13:41 - 01198912 _____ () C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\ACE.dll
2014-07-13 13:45 - 2014-02-10 12:44 - 04592128 _____ () C:\Users\User\AppData\Local\Google\Chrome\User Data\SwiftShader\3.2.6.45159\libglesv2.dll
2014-07-13 13:45 - 2014-02-10 12:44 - 00112128 _____ () C:\Users\User\AppData\Local\Google\Chrome\User Data\SwiftShader\3.2.6.45159\libegl.dll
 
==================== Alternate Data Streams (whitelisted) =========
 
(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)
 
 
==================== Safe Mode (whitelisted) ===================
 
(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
 
 
==================== EXE Association (whitelisted) =============
 
(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)
 
 
==================== MSCONFIG/TASK MANAGER disabled items =========
 
(Currently there is no automatic fix for this section.)
 
HKLM\...\StartupApproved\Run32: => "Norton Online Backup"
HKU\S-1-5-21-664592772-186111481-3113653328-1002\...\StartupApproved\Run: => "DAEMON Tools Pro Agent"
 
========================= Accounts: ==========================
 
Administrator (S-1-5-21-664592772-186111481-3113653328-500 - Administrator - Disabled)
Anthony Y (S-1-5-21-664592772-186111481-3113653328-1002 - Administrator - Enabled) => C:\Users\User
Guest (S-1-5-21-664592772-186111481-3113653328-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-664592772-186111481-3113653328-1008 - Limited - Enabled)
 
==================== Faulty Device Manager Devices =============
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (12/25/2014 00:55:38 PM) (Source: SideBySide) (EventID: 78) (User: )
Description: Activation context generation failed for "C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest1".Error in manifest or policy file "C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest2" on line C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest.
Component 2: C:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_a9efdb8b01377ea7.manifest.
 
Error: (12/25/2014 00:51:01 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: mDNSCoreReceiveResponse: Unexpected conflict discarding   14 3.F.6.4.6.9.6.E.8.5.E.9.F.9.4.8.0.0.0.0.0.0.0.0.0.0.0.0.0.8.E.F.ip6.arpa. PTR user-2.local.
 
Error: (12/25/2014 00:51:01 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: mDNSCoreReceiveResponse: Received from 192.168.1.103:5353   12 3.F.6.4.6.9.6.E.8.5.E.9.F.9.4.8.0.0.0.0.0.0.0.0.0.0.0.0.0.8.E.F.ip6.arpa. PTR user.local.
 
Error: (12/25/2014 00:51:01 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: mDNSCoreReceiveResponse: Unexpected conflict discarding   14 103.1.168.192.in-addr.arpa. PTR user-2.local.
 
Error: (12/25/2014 00:51:01 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: mDNSCoreReceiveResponse: Received from 192.168.1.103:5353   12 103.1.168.192.in-addr.arpa. PTR user.local.
 
Error: (12/25/2014 00:51:00 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Local Hostname user.local already in use; will try user-2.local instead
 
Error: (12/25/2014 00:51:00 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: mDNSCoreReceiveResponse: ProbeCount 2; will deregister    4 user.local. Addr 192.168.1.103
 
Error: (12/25/2014 00:51:00 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: mDNSCoreReceiveResponse: Received from 192.168.1.103:5353   16 user.local. AAAA FD87:FA2E:2132:0000:849F:9E58:E696:46F3
 
Error: (12/25/2014 00:51:00 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: HPLaserJetService.exe, version: 2.15.602.0, time stamp: 0x4cc86bd5
Faulting module name: hppccompio.DLL, version: 1.3.0.24, time stamp: 0x4c9685d0
Exception code: 0xc0000417
Fault offset: 0x000073bf
Faulting process id: 0xdfc
Faulting application start time: 0xHPLaserJetService.exe0
Faulting application path: HPLaserJetService.exe1
Faulting module path: HPLaserJetService.exe2
Report Id: HPLaserJetService.exe3
Faulting package full name: HPLaserJetService.exe4
Faulting package-relative application ID: HPLaserJetService.exe5
 
Error: (12/25/2014 00:51:00 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: mDNSCoreReceiveResponse: Resetting to Probing:   16 user.local. AAAA FE80:0000:0000:0000:849F:9E58:E696:46F3
 
 
System errors:
=============
Error: (12/25/2014 00:51:11 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The HP LaserJet Service service terminated unexpectedly.  It has done this 1 time(s).
 
Error: (12/25/2014 00:51:06 PM) (Source: DCOM) (EventID: 10016) (User: user)
Description: application-specificLocalLaunch{7022A3B3-D004-4F52-AF11-E9E987FEE25F}{ADA41B3C-C6FD-4A08-8CC1-D6EFDE67BE7D}userAnthony YS-1-5-21-664592772-186111481-3113653328-1002LocalHost (Using LRPC)UnavailableUnavailable
 
Error: (12/25/2014 00:51:06 PM) (Source: DCOM) (EventID: 10016) (User: user)
Description: application-specificLocalLaunch{7022A3B3-D004-4F52-AF11-E9E987FEE25F}{ADA41B3C-C6FD-4A08-8CC1-D6EFDE67BE7D}userAnthony YS-1-5-21-664592772-186111481-3113653328-1002LocalHost (Using LRPC)UnavailableUnavailable
 
Error: (12/25/2014 00:51:05 PM) (Source: DCOM) (EventID: 10016) (User: user)
Description: application-specificLocalLaunch{7022A3B3-D004-4F52-AF11-E9E987FEE25F}{ADA41B3C-C6FD-4A08-8CC1-D6EFDE67BE7D}userAnthony YS-1-5-21-664592772-186111481-3113653328-1002LocalHost (Using LRPC)UnavailableUnavailable
 
Error: (12/24/2014 08:07:50 PM) (Source: DCOM) (EventID: 10010) (User: user)
Description: {4545DEA0-2DFC-4906-A728-6D986BA399A9}
 
Error: (12/24/2014 08:07:50 PM) (Source: DCOM) (EventID: 10010) (User: user)
Description: {4545DEA0-2DFC-4906-A728-6D986BA399A9}
 
Error: (12/24/2014 08:07:44 PM) (Source: DCOM) (EventID: 10010) (User: user)
Description: {4545DEA0-2DFC-4906-A728-6D986BA399A9}
 
Error: (12/24/2014 08:07:44 PM) (Source: DCOM) (EventID: 10010) (User: user)
Description: {4545DEA0-2DFC-4906-A728-6D986BA399A9}
 
Error: (12/24/2014 08:07:38 PM) (Source: DCOM) (EventID: 10010) (User: user)
Description: {4545DEA0-2DFC-4906-A728-6D986BA399A9}
 
Error: (12/24/2014 08:07:38 PM) (Source: DCOM) (EventID: 10010) (User: user)
Description: {4545DEA0-2DFC-4906-A728-6D986BA399A9}
 
 
Microsoft Office Sessions:
=========================
Error: (12/25/2014 00:55:38 PM) (Source: SideBySide) (EventID: 78) (User: )
Description: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifestC:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_a9efdb8b01377ea7.manifestC:\Users\User\Downloads\esetsmartinstaller_enu.exe
 
Error: (12/25/2014 00:51:01 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: mDNSCoreReceiveResponse: Unexpected conflict discarding   14 3.F.6.4.6.9.6.E.8.5.E.9.F.9.4.8.0.0.0.0.0.0.0.0.0.0.0.0.0.8.E.F.ip6.arpa. PTR user-2.local.
 
Error: (12/25/2014 00:51:01 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: mDNSCoreReceiveResponse: Received from 192.168.1.103:5353   12 3.F.6.4.6.9.6.E.8.5.E.9.F.9.4.8.0.0.0.0.0.0.0.0.0.0.0.0.0.8.E.F.ip6.arpa. PTR user.local.
 
Error: (12/25/2014 00:51:01 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: mDNSCoreReceiveResponse: Unexpected conflict discarding   14 103.1.168.192.in-addr.arpa. PTR user-2.local.
 
Error: (12/25/2014 00:51:01 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: mDNSCoreReceiveResponse: Received from 192.168.1.103:5353   12 103.1.168.192.in-addr.arpa. PTR user.local.
 
Error: (12/25/2014 00:51:00 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Local Hostname user.local already in use; will try user-2.local instead
 
Error: (12/25/2014 00:51:00 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: mDNSCoreReceiveResponse: ProbeCount 2; will deregister    4 user.local. Addr 192.168.1.103
 
Error: (12/25/2014 00:51:00 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: mDNSCoreReceiveResponse: Received from 192.168.1.103:5353   16 user.local. AAAA FD87:FA2E:2132:0000:849F:9E58:E696:46F3
 
Error: (12/25/2014 00:51:00 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: HPLaserJetService.exe2.15.602.04cc86bd5hppccompio.DLL1.3.0.244c9685d0c0000417000073bfdfc01d0206b37b600a1C:\Program Files (x86)\HP\HPLaserJetService\HPLaserJetService.exeC:\WINDOWS\SYSTEM32\hppccompio.DLL95ce054c-8c5e-11e4-8044-c8f733d2fc2a
 
Error: (12/25/2014 00:51:00 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: mDNSCoreReceiveResponse: Resetting to Probing:   16 user.local. AAAA FE80:0000:0000:0000:849F:9E58:E696:46F3
 
 
==================== Memory info =========================== 
 
Processor: Intel® Core™ i7-3630QM CPU @ 2.40GHz
Percentage of memory in use: 35%
Total physical RAM: 8079.34 MB
Available physical RAM: 5219.84 MB
Total Pagefile: 9103.34 MB
Available Pagefile: 5589.33 MB
Total Virtual: 131072 MB
Available Virtual: 131071.79 MB
 
==================== Drives ================================
 
Drive c: () (Fixed) (Total:910.86 GB) (Free:476.02 GB) NTFS
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (Size: 931.5 GB) (Disk ID: 8DBD89B1)
 
Partition: GPT Partition Type.
 
========================================================
Disk: 1 (Size: 7.5 GB) (Disk ID: 74F02DEA)
Partition 1: (Not Active) - (Size=7.5 GB) - (Type=73)
 
==================== End Of Log ============================


#7 nasdaq

nasdaq

  • Malware Response Team
  • 39,954 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:10:42 AM

Posted 25 December 2014 - 02:18 PM


Open notepad (Start =>All Programs => Accessories => Notepad). Please copy the entire contents of the code box below.


start

(AVG Secure Search) C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\18.1.9\ToolbarUpdater.exe
() C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\18.1.9\loggingserver.exe
() C:\Program Files (x86)\AVG SafeGuard toolbar\vprot.exe
HKLM-x32\...\Run: [vProt] => C:\Program Files (x86)\AVG SafeGuard toolbar\vprot.exe [2640408 2014-08-30] ()
HKLM-x32\...\Run: [] => [X]
Winlogon\Notify\igfxcui: igfxdev.dll [X]
FF Plugin-x32: @avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin -> C:\Program Files (x86)\Common Files\AVG Secure Search\SiteSafetyInstaller\18.1.9\\npsitesafety.dll No File
FF Plugin-x32: @videolan.org/vlc,version=2.1.3 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\safeguard-secure-search.xml
FF HKLM-x32\...\Firefox\Extensions: [avg@toolbar] - C:\ProgramData\AVG SafeGuard toolbar\FireFoxExt\18.1.9.786
FF Extension: AVG SafeGuard toolbar - C:\ProgramData\AVG SafeGuard toolbar\FireFoxExt\18.1.9.786 [2014-08-11]
CHR StartupUrls: Default -> "https://mysearch.avg.com?cid={AB1F5983-329C-4CD1-8264-8FD09C0F15C1}&mid=a01ec7c7cb9347d29d3e19be753615d9-855cfa1ce7dbcfcecb9d80f07d8fa615b98d1158&lang=en&ds=AVG&coid=avgtbavg&cmpid=&pr=fr&d=2014-06-11 15:25:11&v=18.1.9.799&pid=safeguard&sg=&sap=hp"
CHR Extension: (Google Wallet) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-09-01]
R2 vToolbarUpdater18.1.9; C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\18.1.9\ToolbarUpdater.exe [1820184 2014-08-11] (AVG Secure Search)

End
Save the files as fixlist.txt into the same folder as FRST

Run FRST and click Fix only once and wait.

Restart the computer normally to reset the registry.

The tool will create a log (Fixlog.txt) please post it to your reply.
===

Download Security Check by screen317 from here
  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.
p.s.
If the SecurityCheck program fails to run for any reason, run it as an Administrator.

If the site is busy or not available use this mirror site:
http://www.bleepingcomputer.com/download/securitycheck/

How is the computer running now?

======

#8 AnthonyY

AnthonyY
  • Topic Starter

  • Members
  • 47 posts
  • OFFLINE
  •  
  • Local time:10:42 AM

Posted 25 December 2014 - 04:09 PM

Fix log:

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 25-12-2014
Ran by Anthony Y at 2014-12-25 14:33:43 Run:1
Running from C:\Users\User\Desktop
Loaded Profile: Anthony Y (Available profiles: Anthony Y)
Boot Mode: Normal
==============================================
 
Content of fixlist:
*****************
start
 
(AVG Secure Search) C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\18.1.9\ToolbarUpdater.exe
() C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\18.1.9\loggingserver.exe
() C:\Program Files (x86)\AVG SafeGuard toolbar\vprot.exe
HKLM-x32\...\Run: [vProt] => C:\Program Files (x86)\AVG SafeGuard toolbar\vprot.exe [2640408 2014-08-30] ()
HKLM-x32\...\Run: [] => [X]
Winlogon\Notify\igfxcui: igfxdev.dll [X]
FF Plugin-x32: @avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin -> C:\Program Files (x86)\Common Files\AVG Secure Search\SiteSafetyInstaller\18.1.9\\npsitesafety.dll No File
FF Plugin-x32: @videolan.org/vlc,version=2.1.3 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\safeguard-secure-search.xml
FF HKLM-x32\...\Firefox\Extensions: [avg@toolbar] - C:\ProgramData\AVG SafeGuard toolbar\FireFoxExt\18.1.9.786
FF Extension: AVG SafeGuard toolbar - C:\ProgramData\AVG SafeGuard toolbar\FireFoxExt\18.1.9.786 [2014-08-11]
CHR StartupUrls: Default -> "https://mysearch.avg.com?cid={AB1F5983-329C-4CD1-8264-8FD09C0F15C1}&mid=a01ec7c7cb9347d29d3e19be753615d9-855cfa1ce7dbcfcecb9d80f07d8fa615b98d1158&lang=en&ds=AVG&coid=avgtbavg&cmpid=&pr=fr&d=2014-06-11 15:25:11&v=18.1.9.799&pid=safeguard&sg=&sap=hp"
CHR Extension: (Google Wallet) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-09-01]
R2 vToolbarUpdater18.1.9; C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\18.1.9\ToolbarUpdater.exe [1820184 2014-08-11] (AVG Secure Search)
 
End
*****************
 
[5188] C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\18.1.9\ToolbarUpdater.exe => Process closed successfully.
[5308] C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\18.1.9\loggingserver.exe => Process closed successfully.
[7216] C:\Program Files (x86)\AVG SafeGuard toolbar\vprot.exe => Process closed successfully.
HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\vProt => value deleted successfully.
HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\ => value deleted successfully.
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui" => Key deleted successfully.
"HKLM\Software\Wow6432Node\MozillaPlugins\@avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin" => Key deleted successfully.
"HKLM\Software\Wow6432Node\MozillaPlugins\@videolan.org/vlc,version=2.1.3" => Key deleted successfully.
C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll => Moved successfully.
C:\Program Files (x86)\mozilla firefox\browser\searchplugins\safeguard-secure-search.xml => Moved successfully.
HKLM\Software\Wow6432Node\Mozilla\Firefox\Extensions\\avg@toolbar => value deleted successfully.
C:\ProgramData\AVG SafeGuard toolbar\FireFoxExt\18.1.9.786 => Moved successfully.
Chrome StartupUrls deleted successfully.
C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda => Moved successfully.
vToolbarUpdater18.1.9 => Service deleted successfully.
 
==== End of Fixlog 14:33:45 ====


#9 AnthonyY

AnthonyY
  • Topic Starter

  • Members
  • 47 posts
  • OFFLINE
  •  
  • Local time:10:42 AM

Posted 25 December 2014 - 04:15 PM

The computer is running fine most of the times, occasionally the computer will hang and all programs will stop responding, but that resolves itself after a while. It also has a tendency of getting slower the longer it's turned on (probably just cooling issues).

Check Up:

 Results of screen317's Security Check version 0.99.93  
   x64 (UAC is enabled)  
 Internet Explorer 11  
``````````````Antivirus/Firewall Check:`````````````` 
 Windows Firewall Enabled!  
AVG Internet Security 2014   
Windows Defender             
 Antivirus up to date!   
`````````Anti-malware/Other Utilities Check:````````` 
 iSpy     
 Java 7 Update 65  
 Java 8 Update 25  
 Java version 32-bit out of Date! 
  Adobe Flash Player 15.0.0.246 Flash Player out of Date!  
 Adobe Reader 10.1.13 Adobe Reader out of Date!  
 Mozilla Firefox 30.0 Firefox out of Date!  
 Google Chrome (39.0.2171.71) 
 Google Chrome (39.0.2171.95) 
````````Process Check: objlist.exe by Laurent````````  
 Malwarebytes Anti-Malware mbamservice.exe  
 Malwarebytes Anti-Malware mbam.exe  
 AVG avgwdsvc.exe 
 Malwarebytes Anti-Malware mbamscheduler.exe   
 Symantec Norton Online Backup NOBuAgent.exe  
`````````````````System Health check````````````````` 
 Total Fragmentation on Drive C:  % 
````````````````````End of Log`````````````````````` 


#10 nasdaq

nasdaq

  • Malware Response Team
  • 39,954 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:10:42 AM

Posted 26 December 2014 - 07:47 AM


Try this.

Restore your Windows 7 to the Last good configuration
Follow the instructions on this page.

http://windows.microsoft.com/en-ca/windows/using-last-known-good-configuration#1TC=windows-7
<<<>>>


The latest version is Java 7 Update 71 for the 32 bit Operating system.
Java 8 Update 25 for the 64 bit Operating system.

You have the latest version for your system.

Remove the old version Java 7 Update 65 using the Add/Remove programs applet.
===


Get the latest version of the Adobe Reader.
http://get.adobe.com/reader/
Before your download I suggest you unckeck the box on the top right "Yes, install McAfee Security Scan Plus - optional" this is not required if you are not a McAfee subscriber. While the installation is in progress you can also deny the installation of any other programs that may be suggested.

When installed remove your old version of the Reader using the Add/Remove Programs applet if present.
<<<>>>

Critical vulnerabilities have been identified in old version of Adobe Flash Player please get the latest version.

Flash test site:
http://www.adobe.com/software/flash/about/
Install the new version or if you have the latest close the windows.

Flash Player Help / Find version
http://helpx.adobe.com/flash-player/kb/find-version-flash-player.html#main_Find_the_Flash_Player_version_installed_on_your_machine
===

#11 nasdaq

nasdaq

  • Malware Response Team
  • 39,954 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:10:42 AM

Posted 01 January 2015 - 09:42 AM

Are you still with me?

#12 AnthonyY

AnthonyY
  • Topic Starter

  • Members
  • 47 posts
  • OFFLINE
  •  
  • Local time:10:42 AM

Posted 01 January 2015 - 11:18 AM

Are you still with me?

Yes, I have done the updates.



#13 nasdaq

nasdaq

  • Malware Response Team
  • 39,954 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:10:42 AM

Posted 01 January 2015 - 11:35 AM

If all is well.

To learn more about how to protect yourself while on the internet read this little guide Best security practices Keep safe.
http://www.bleepingcomputer.com/forums/t/407147/answers-to-common-security-questions-best-practices/
===

#14 AnthonyY

AnthonyY
  • Topic Starter

  • Members
  • 47 posts
  • OFFLINE
  •  
  • Local time:10:42 AM

Posted 01 January 2015 - 01:14 PM

If all is well.

To learn more about how to protect yourself while on the internet read this little guide Best security practices Keep safe.
http://www.bleepingcomputer.com/forums/t/407147/answers-to-common-security-questions-best-practices/
===

Things are fine now, thanks for the help  :bounce:



#15 nasdaq

nasdaq

  • Malware Response Team
  • 39,954 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:10:42 AM

Posted 02 January 2015 - 07:44 AM

It appears that this issue is resolved, therefore I am closing the topic. If that is not the case and you need or wish to continue with this topic, please send me or any Moderator a Personal Message (PM) that you would like this topic re-opened.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users