Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Caught the Simda rootkit. Help?


  • This topic is locked This topic is locked
30 replies to this topic

#1 Dunge

Dunge

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:04:29 AM

Posted 21 February 2015 - 03:13 PM

Windows 8.1 Pro x64 with nothing else than Windows Defender

 

I made the mistake of running an infected executable yesterday. Windows Defender automatically popped saying it stopped an infection, but I saw in the task manager that some processes looked strange. I also realized I now can't connect to many websites (mostly anti-virus ones, including this very site). Thanks god I have a Win7 installation on another hard drive who allow me to download files and send them to my infected Win8.1. So here's what I did:

  • Full scan MalwareBytes (free). Can't connect to update database. It detected a few files (sorry did not kept the log) and rebooted.
  • On reboot Windows Action Center told me "Windows found and removed Win32/Simda from your PC. Win32/Simda is malware that is designed to let a hacker control your PC and steal passwords." No details on the variant.
  • Full scan MalwareBytes again, nothing found.
  • Full scan Windows Defender, nothing found.
  • Find the ESET Simda Cleaner tool. It is said on the website to be working on all Windows version, but when executing it (as well from Win8.1 than Win7) it writes "Sorry but this Windows version is not supported!". I tried to run it in Compatibility mode of different version, administrator mode, no go. (That's strange).
  • Scan with MalwareByte Anti-Rootkit (BETA). Can't connect to update database. Nothing found.
  • Scan with Sophos Virus Removal Tool. Can't connect to update database. Nothing found.
  • Scan with Kaspersky TDSSKiller Antirootkit Utility. Nothing Found.
  • I would love to scan with ESET Online Scanner (while booted under Win8.1), but the site won't load because of the virus.

So here I am. I can't find any symptoms of being infected except for many websites refusing to connect. Booting in Safe Mode don't allow me to connect to many websites either, but under Win7 yes.

 

Since other threads here always begin with posting a FRST log, I took the initiative to include it already.

 

Anyone can help me toward the next logical step in my cleanup process?

 

Attached Files



BC AdBot (Login to Remove)

 


#2 olgun52

olgun52

  • Malware Response Team
  • 3,784 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:12:29 PM

Posted 21 February 2015 - 04:09 PM

Hello Dunge and :welcome: to BleepingComputer's Virus/Trojan/Spyware/Malware Removal forum.

 

My name is Yılmaz and I'll help you with the cleanup of malware from your computer.

Before we move on, please read the following points carefully.
 

  • Please complete all steps in the specified order.
  • Even if tools don't find malware, I want you to post the logfiles anyway.
  • Please copy and paste the logfiles directly into your posts. Please do not attach them unless you are instructed to do so.
  • Read the instructions carefully. If you have problems, stop what you  were doing and describe the problems you encountered as precisely as  you can.
  • Don't install or uninstall software during the cleanup unless you are told to do so.
  • If you can't answer for the next few days, please let me know. If  you haven't answered within 5 days, I am assuming that you don't need  help anymore and your topic will be closed.
  • I can not guarantee that we will find and be able to remove all  malware. The cleaning process is not instant. Please continue to review  my answers until I tell you that your computer is clean
  • Please reply to this thread. Do not start a new topic
  • As my first language is not English, please do not use slang or idioms. It could be hard for me to understand.

 

  • Please open as administrator  the computer. How is open as administrator  the computer?
  • Disable your AntiVirus and AntiSpyware applications, as they will  interfere with our tools and the removal. If you are unsure how to do  this, please refer to get help here

Thanks

---------------------------------------------------------------------------------------------------------

 

I am currently reviewing your log.I will be back with a fix for your problem as soon as possible.Please be patient with me during this time.

 

:hello:

 

Have a nice day.


Best regards
 
paypal.gif
If you wish to show appreciation and support me personally fighting against malware, then you can consider a donation. Thank you. :thumbup2:
Malware fix forum
If I don't reply within 24 hours please PM me!

 


 


#3 olgun52

olgun52

  • Malware Response Team
  • 3,784 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:12:29 PM

Posted 21 February 2015 - 04:47 PM

Hi Dunge,

 

Please do the following,

 

Step1:

Boot to Safemode with Networking
To Enter Safemode

  • Go to Start> Shut off your Computer> Restart
  • As the computer starts to boot-up, Tap the F8 KEY somewhat rapidly,
    this will bring up a menu.
  • Use the Up and Down Arrow Keys to scroll up to Safemode with Networking
  • Then press the Enter Key on your Keyboard

Tutorial if you need it How to boot into Safemode
 
next....

  • Please download rkill (Courtesy of Bleepingcomputer.com).
  • There are 5 different versions of this tool. If one of them will not run, please try the next one in the list.
  • Note: Vista and Windows 7 Users must right click and select "Run as Administrator" to run the tool.
  • Note: You only need to get one of the tools to run, not all of them.

1. rkill.exe

2. rkill.com

3. rkill.scr

4. WiNlOgOn.exe

5. uSeRiNiT.exe

 

Step2:

MBAR Scan:

  • Download and extract Malwarebytes Anti-Rootkit from here mbar-1.07.0.1009.zip and save it to your desktop.
  • Caution: This is a beta version so please be sure to read the disclaimer and back up any important data before using.
  • Double-click mbar.exe inside the mbar folder then click 'Next'.
  • Note: Malwarebytes Anti-Rootkit requires administrative privileges to function properly.
  • Click 'Update'.
  • When finished updating, click 'Next' then 'Scan'.
  • If you are told you have the 'AppInit_Dlls rootkit', choose not to fix it and proceed with the scan.
  • With some infections, you may see two messages boxes:
    • 'Could not load protection driver'. Click 'OK'.
    • 'Could not load DDA driver'. Click 'Yes' to this message, to allow the driver to load after a restart. Allow the computer to restart, then continue with the rest of these instructions.
  • If malware is found, do NOT press the 'Cleanup' button yet. Click 'Exit'.
  • Please zip and attach the two log files created by the tool within the folder from which it was run.

The logs will be named mbar-log-YYYY-MM-DD (##-##-##).txt and system-log.txt

 

Step3:

Please download and run RogueKiller  32/64 bit to your desktop

Quit all running programs.

For Windows XP, double-click to start.
For Vista or Windows 7-8, do a right-click on the program, select Run as Administrator to start, & when prompted Allow to run.

Click Scan to scan the system.
When the scan completes > Close out the program > Don't Fix anything!

Don't run any other options, they're not all bad!

Post back the report which should be located on your desktop.
(please don't put logs in code or quotes)


Best regards
 
paypal.gif
If you wish to show appreciation and support me personally fighting against malware, then you can consider a donation. Thank you. :thumbup2:
Malware fix forum
If I don't reply within 24 hours please PM me!

 


 


#4 Dunge

Dunge
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:04:29 AM

Posted 21 February 2015 - 06:00 PM

Please copy and paste the logfiles directly into your posts. Please do not attach them unless you are instructed to do so.

 

That's a strange request, it would help the readability of the discussions on this forum. But hey, as you say.

 

 

Download and extract Malwarebytes Anti-Rootkit from here mbar-1.07.0.1009.zip and save it to your desktop.

 

Just for the information, they are now at version 1.09.1.1004

 

The first logs don't have much, but RogueKiller might have found something interesting. Waiting your instructions.

 

Rkill.txt

 

Rkill 2.7.0 by Lawrence Abrams (Grinler)
http://www.bleepingcomputer.com/
Copyright 2008-2015 BleepingComputer.com
More Information about Rkill can be found at this link:
 http://www.bleepingcomputer.com/forums/topic308364.html

Program started at: 02/21/2015 05:33:52 PM in x64 mode. (Safe Mode)
Windows Version: Windows 8.1 Pro

Checking for Windows services to stop:

 * No malware services found to stop.

Checking for processes to terminate:

 * No malware processes found to kill.

Checking Registry for malware related settings:

 * No issues found in the Registry.

Resetting .EXE, .COM, & .BAT associations in the Windows Registry.

Performing miscellaneous checks:

 * No issues found.

Checking Windows Service Integrity:

 * COM+ Event System (EventSystem) is not Running.
   Startup Type set to: Automatic

 * Security Center (wscsvc) is not Running.
   Startup Type set to: Automatic (Delayed Start)

Searching for Missing Digital Signatures:

 * No issues found.

Checking HOSTS File:

 * No issues found.

Program finished at: 02/21/2015 05:34:18 PM
Execution time: 0 hours(s), 0 minute(s), and 25 seconds(s)
 

mbar-log-2015-02-21 (17-37-22).txt

 

Malwarebytes Anti-Rootkit BETA 1.09.1.1004
www.malwarebytes.org

Database version:
  main:    v2015.02.21.06
  rootkit: v2015.02.20.01

Windows 8.1 x64 NTFS (Safe Mode/Networking)
Internet Explorer 11.0.9600.17631
Dunge :: DUNGE-PC [administrator]

2015-02-21 17:37:22
mbar-log-2015-02-21 (17-37-22).txt

Scan type: Quick scan
Scan options enabled: Anti-Rootkit | Drivers | MBR | Physical Sectors | Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken
Scan options disabled:
Objects scanned: 386017
Time elapsed: 4 minute(s), 26 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

Physical Sectors Detected: 0
(No malicious items detected)

(end)
 

system-log.txt

 

---------------------------------------
Malwarebytes Anti-Rootkit BETA 1.09.1.1004

© Malwarebytes Corporation 2011-2012

OS version: 6.3.9600 Windows 8.1 x64

System is currently in a safe mode

Account is Administrative

Internet Explorer version: 11.0.9600.17631

File system is: NTFS
Disk drives: C:\ DRIVE_FIXED, E:\ DRIVE_FIXED, F:\ DRIVE_FIXED, H:\ DRIVE_FIXED
CPU speed: 3.300000 GHz
Memory total: 8555474944, free: 7569252352

Initializing...
======================
------------ Kernel report ------------
     02/21/2015 17:37:16
------------ Loaded modules -----------
\SystemRoot\system32\ntoskrnl.exe
\SystemRoot\system32\hal.dll
\SystemRoot\system32\kd.dll
\SystemRoot\system32\mcupdate_GenuineIntel.dll
\SystemRoot\System32\drivers\werkernel.sys
\SystemRoot\System32\drivers\CLFS.SYS
\SystemRoot\System32\drivers\tm.sys
\SystemRoot\system32\PSHED.dll
\SystemRoot\system32\BOOTVID.dll
\SystemRoot\system32\CI.dll
\SystemRoot\System32\drivers\msrpc.sys
\SystemRoot\system32\drivers\Wdf01000.sys
\SystemRoot\system32\drivers\WDFLDR.SYS
\SystemRoot\System32\Drivers\acpiex.sys
\SystemRoot\System32\Drivers\WppRecorder.sys
\SystemRoot\System32\drivers\ACPI.sys
\SystemRoot\System32\drivers\WMILIB.SYS
\SystemRoot\System32\Drivers\cng.sys
\SystemRoot\System32\drivers\msisadrv.sys
\SystemRoot\System32\drivers\pci.sys
\SystemRoot\System32\drivers\isapnp.sys
\SystemRoot\System32\drivers\vdrvroot.sys
\SystemRoot\system32\drivers\pdc.sys
\SystemRoot\System32\drivers\partmgr.sys
\SystemRoot\System32\drivers\spaceport.sys
\SystemRoot\System32\drivers\volmgr.sys
\SystemRoot\System32\drivers\volmgrx.sys
\SystemRoot\System32\drivers\vmbus.sys
\SystemRoot\System32\drivers\vmbkmcl.sys
\SystemRoot\System32\drivers\winhv.sys
\SystemRoot\System32\drivers\nvraid.sys
\SystemRoot\System32\drivers\CLASSPNP.SYS
\SystemRoot\System32\drivers\pciide.sys
\SystemRoot\System32\drivers\PCIIDEX.SYS
\SystemRoot\System32\drivers\intelide.sys
\SystemRoot\System32\drivers\viaide.sys
\SystemRoot\System32\drivers\bxvbda.sys
\SystemRoot\System32\drivers\evbda.sys
\SystemRoot\System32\drivers\sdbus.sys
\SystemRoot\System32\drivers\pcmcia.sys
\SystemRoot\System32\drivers\mountmgr.sys
\SystemRoot\System32\drivers\iaStorV.sys
\SystemRoot\System32\drivers\nvstor.sys
\SystemRoot\System32\drivers\storport.sys
\SystemRoot\System32\drivers\lsi_sas.sys
\SystemRoot\System32\drivers\lsi_sas2.sys
\SystemRoot\System32\drivers\lsi_sas3.sys
\SystemRoot\System32\drivers\lsi_sss.sys
\SystemRoot\System32\drivers\3ware.sys
\SystemRoot\System32\drivers\mvumis.sys
\SystemRoot\System32\drivers\vstxraid.sys
\SystemRoot\System32\drivers\megasas.sys
\SystemRoot\System32\drivers\megasr.sys
\SystemRoot\System32\drivers\iaStorAV.sys
\SystemRoot\System32\drivers\amdsata.sys
\SystemRoot\System32\drivers\amdxata.sys
\SystemRoot\System32\drivers\amdsbs.sys
\SystemRoot\System32\drivers\arcsas.sys
\SystemRoot\System32\drivers\vsmraid.sys
\SystemRoot\System32\drivers\SiSRaid2.sys
\SystemRoot\System32\drivers\sisraid4.sys
\SystemRoot\System32\drivers\atapi.sys
\SystemRoot\System32\drivers\ataport.SYS
\SystemRoot\System32\drivers\storahci.sys
\SystemRoot\System32\drivers\stornvme.sys
\SystemRoot\System32\drivers\stexstor.sys
\SystemRoot\System32\drivers\ADP80XX.SYS
\SystemRoot\System32\drivers\HpSAMD.sys
\SystemRoot\System32\drivers\iaStorA.sys
\SystemRoot\System32\drivers\EhStorTcgDrv.sys
\SystemRoot\System32\drivers\EhStorClass.sys
\SystemRoot\system32\drivers\fltmgr.sys
\SystemRoot\System32\drivers\fileinfo.sys
\SystemRoot\System32\Drivers\Wof.sys
\SystemRoot\System32\Drivers\Ntfs.sys
\SystemRoot\System32\Drivers\ksecdd.sys
\SystemRoot\System32\drivers\storvsc.sys
\SystemRoot\System32\drivers\usbccgp.sys
\SystemRoot\System32\drivers\USBD.SYS
\SystemRoot\System32\drivers\usbhub.sys
\SystemRoot\System32\drivers\usbehci.sys
\SystemRoot\System32\drivers\USBPORT.SYS
\SystemRoot\System32\drivers\ucx01000.sys
\SystemRoot\System32\drivers\UsbHub3.sys
\SystemRoot\System32\drivers\pcw.sys
\SystemRoot\System32\Drivers\Fs_Rec.sys
\SystemRoot\system32\drivers\ndis.sys
\SystemRoot\system32\drivers\NETIO.SYS
\SystemRoot\System32\Drivers\ksecpkg.sys
\SystemRoot\System32\drivers\tcpip.sys
\SystemRoot\System32\drivers\fwpkclnt.sys
\SystemRoot\system32\DRIVERS\wfplwfs.sys
\SystemRoot\system32\DRIVERS\vmstorfl.sys
\SystemRoot\System32\DRIVERS\fvevol.sys
\SystemRoot\System32\drivers\gagp30kx.sys
\SystemRoot\System32\drivers\uagp35.sys
\SystemRoot\System32\drivers\agp440.sys
\SystemRoot\System32\drivers\nv_agp.sys
\SystemRoot\System32\drivers\uliagpkx.sys
\SystemRoot\System32\drivers\volsnap.sys
\SystemRoot\System32\drivers\USBXHCI.SYS
\SystemRoot\System32\drivers\USBSTOR.SYS
\SystemRoot\System32\drivers\uaspstor.sys
\SystemRoot\System32\drivers\sdstor.sys
\SystemRoot\System32\drivers\sbp2port.sys
\SystemRoot\System32\drivers\rdyboost.sys
\SystemRoot\System32\Drivers\mup.sys
\SystemRoot\System32\drivers\intelpep.sys
\SystemRoot\System32\drivers\disk.sys
\SystemRoot\System32\Drivers\crashdmp.sys
\SystemRoot\System32\Drivers\Null.SYS
\SystemRoot\System32\Drivers\Beep.SYS
\SystemRoot\System32\drivers\BasicRender.sys
\SystemRoot\System32\drivers\dxgkrnl.sys
\SystemRoot\System32\drivers\watchdog.sys
\SystemRoot\System32\drivers\dxgmms1.sys
\SystemRoot\System32\drivers\BasicDisplay.sys
\SystemRoot\System32\drivers\CompositeBus.sys
\SystemRoot\system32\DRIVERS\kdnic.sys
\SystemRoot\System32\drivers\umbus.sys
\SystemRoot\System32\drivers\HDAudBus.sys
\SystemRoot\system32\DRIVERS\TeeDriverx64.sys
\SystemRoot\system32\DRIVERS\e1c64x64.sys
\SystemRoot\System32\drivers\1394ohci.sys
\SystemRoot\System32\drivers\cdrom.sys
\SystemRoot\System32\drivers\wmiacpi.sys
\SystemRoot\System32\drivers\NdisVirtualBus.sys
\SystemRoot\System32\drivers\mssmbios.sys
\SystemRoot\System32\drivers\swenum.sys
\SystemRoot\System32\drivers\ks.sys
\SystemRoot\System32\drivers\rdpbus.sys
\SystemRoot\System32\drivers\hidusb.sys
\SystemRoot\System32\drivers\HIDCLASS.SYS
\SystemRoot\System32\drivers\HIDPARSE.SYS
\SystemRoot\System32\drivers\mouhid.sys
\SystemRoot\System32\drivers\mouclass.sys
\SystemRoot\System32\drivers\kbdhid.sys
\SystemRoot\System32\drivers\kbdclass.sys
\SystemRoot\System32\Drivers\Npfs.SYS
\SystemRoot\System32\Drivers\Msfs.SYS
\SystemRoot\system32\DRIVERS\tdx.sys
\SystemRoot\system32\DRIVERS\TDI.SYS
\SystemRoot\System32\DRIVERS\netbt.sys
\SystemRoot\system32\drivers\afd.sys
\SystemRoot\system32\DRIVERS\pacer.sys
\SystemRoot\system32\DRIVERS\netbios.sys
\SystemRoot\system32\DRIVERS\rdbss.sys
\SystemRoot\system32\drivers\csc.sys
\SystemRoot\system32\drivers\nsiproxy.sys
\SystemRoot\System32\drivers\npsvctrig.sys
\SystemRoot\System32\Drivers\dfsc.sys
\SystemRoot\System32\Drivers\dump_diskdump.sys
\SystemRoot\System32\Drivers\dump_iaStorA.sys
\SystemRoot\System32\Drivers\dump_dumpfve.sys
\SystemRoot\System32\win32k.sys
\SystemRoot\System32\TSDDD.dll
\SystemRoot\System32\cdd.dll
\SystemRoot\system32\DRIVERS\bowser.sys
\SystemRoot\System32\drivers\mpsdrv.sys
\SystemRoot\system32\DRIVERS\mrxsmb.sys
\SystemRoot\system32\DRIVERS\mrxsmb20.sys
\SystemRoot\system32\DRIVERS\mrxsmb10.sys
\SystemRoot\System32\drivers\condrv.sys
\??\C:\Windows\system32\drivers\mbamchameleon.sys
\??\C:\Windows\system32\drivers\MBAMSwissArmy.sys
----------- End -----------
Done!

Scan started
Database versions:
  main:    v2015.02.21.06
  rootkit: v2015.02.20.01

<<<2>>>
Physical Sector Size: 512
Drive: 0, DevicePointer: 0xffffe000b3536060, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\disk\
--------- Disk Stack ------
DevicePointer: 0xffffe000b3536b20, DeviceName: Unknown, DriverName: \Driver\partmgr\
DevicePointer: 0xffffe000b3536060, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\disk\
DevicePointer: 0xffffe000b1e8c930, DeviceName: Unknown, DriverName: \Driver\ACPI\
DevicePointer: 0xffffe000b1e8c060, DeviceName: \Device\00000031\, DriverName: \Driver\iaStorA\
------------ End ----------
Alternate DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\disk\
Upper DeviceData: 0x0, 0x0, 0x0
Lower DeviceData: 0x0, 0x0, 0x0
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
<<<2>>>
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
Scanning drivers directory: C:\WINDOWS\SYSTEM32\drivers...
File "C:\Windows\System32\drivers\1394ohci.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\1394ohci.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\acpi.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\acpi.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\acpipagr.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\acpipagr.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\acpipmi.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\acpipmi.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\acpitime.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\acpitime.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\AGP440.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\AGP440.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\amdk8.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\amdk8.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\amdppm.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\amdppm.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\intelpep.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\intelpep.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\intelppm.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\intelppm.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\isapnp.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\isapnp.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\kbdclass.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\kbdclass.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\kbdhid.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\kbdhid.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\kdnic.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\kdnic.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\serenum.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\serenum.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\serial.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\serial.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\sermouse.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\sermouse.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\sfloppy.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\sfloppy.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\spaceport.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\spaceport.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\stornvme.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\stornvme.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\atapi.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\atapi.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\ataport.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\ataport.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\BasicDisplay.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\BasicDisplay.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\BasicRender.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\BasicRender.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\battc.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\battc.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\BtaMPM.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\BtaMPM.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\BthAvrcpTg.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\BthAvrcpTg.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\bthenum.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\bthenum.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\bthhfenum.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\bthhfenum.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\BthhfHid.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\BthhfHid.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\bthpan.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\bthpan.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\bthport.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\bthport.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\BTHUSB.SYS" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\BTHUSB.SYS" is compressed (flags = 1)
File "C:\Windows\System32\drivers\cdrom.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\cdrom.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\CmBatt.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\CmBatt.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\CompositeBus.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\CompositeBus.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\disk.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\disk.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\drmk.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\drmk.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\drmkaud.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\drmkaud.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\dumpsd.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\dumpsd.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\EhStorTcgDrv.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\EhStorTcgDrv.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\errdev.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\errdev.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\fdc.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\fdc.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\flpydisk.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\flpydisk.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\fxppm.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\fxppm.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\circlass.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\circlass.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\monitor.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\monitor.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\mouclass.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\mouclass.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\mouhid.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\mouhid.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\npsvctrig.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\npsvctrig.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\parport.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\parport.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\pci.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\pci.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\pciide.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\pciide.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\pciidex.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\pciidex.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\pcmcia.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\pcmcia.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\portcls.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\portcls.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\processr.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\processr.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\swenum.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\swenum.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\terminpt.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\terminpt.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\tpm.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\tpm.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\TsUsbGD.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\TsUsbGD.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\uaspstor.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\uaspstor.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\UCX01000.SYS" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\UCX01000.SYS" is compressed (flags = 1)
File "C:\Windows\System32\drivers\uefi.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\uefi.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\umbus.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\umbus.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\umpass.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\umpass.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\usbccgp.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\usbccgp.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\usbcir.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\usbcir.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\usbd.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\usbd.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\usbehci.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\usbehci.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\usbhub.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\usbhub.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\USBHUB3.SYS" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\USBHUB3.SYS" is compressed (flags = 1)
File "C:\Windows\System32\drivers\usbohci.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\usbohci.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\usbport.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\usbport.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\usbprint.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\usbprint.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\USBSTOR.SYS" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\USBSTOR.SYS" is compressed (flags = 1)
File "C:\Windows\System32\drivers\usbuhci.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\usbuhci.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\USBXHCI.SYS" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\USBXHCI.SYS" is compressed (flags = 1)
File "C:\Windows\System32\drivers\vdrvroot.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\vdrvroot.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\vhdmp.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\vhdmp.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\volmgr.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\volmgr.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\volsnap.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\volsnap.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\vwifibus.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\vwifibus.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\wacompen.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\wacompen.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\winusb.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\winusb.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\wmiacpi.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\wmiacpi.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\rdpbus.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\rdpbus.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\rfcomm.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\rfcomm.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\sbp2port.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\sbp2port.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\sdbus.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\sdbus.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\sdstor.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\sdstor.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\msgpiowin32.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\msgpiowin32.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\msisadrv.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\msisadrv.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\msiscsi.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\msiscsi.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\mssmbios.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\mssmbios.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\MTConfig.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\MTConfig.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\hdaudbus.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\hdaudbus.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\HdAudio.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\HdAudio.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\hidbatt.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\hidbatt.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\hidbth.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\hidbth.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\hidclass.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\hidclass.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\hidi2c.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\hidi2c.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\hidparse.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\hidparse.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\hidusb.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\hidusb.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\i8042prt.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\i8042prt.sys" is compressed (flags = 1)
Done!
Drive 0
This is a System drive
Scanning MBR on drive 0...
Inspecting partition table:
MBR Signature: 55AA
Disk Signature: 777C500F

Partition information:

    Partition 0 type is Primary (0x7)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 2048  Numsec = 250064896

    Partition 1 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0  Numsec = 0

    Partition 2 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0  Numsec = 0

    Partition 3 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0  Numsec = 0

Disk Size: 128035676160 bytes
Sector size: 512 bytes

Done!
Physical Sector Size: 512
Drive: 1, DevicePointer: 0xffffe000b35354b0, DeviceName: \Device\Harddisk1\DR1\, DriverName: \Driver\disk\
--------- Disk Stack ------
DevicePointer: 0xffffe000b3534040, DeviceName: Unknown, DriverName: \Driver\partmgr\
DevicePointer: 0xffffe000b35354b0, DeviceName: \Device\Harddisk1\DR1\, DriverName: \Driver\disk\
DevicePointer: 0xffffe000b1e88d90, DeviceName: Unknown, DriverName: \Driver\ACPI\
DevicePointer: 0xffffe000b1e8a060, DeviceName: \Device\00000032\, DriverName: \Driver\iaStorA\
------------ End ----------
Alternate DeviceName: \Device\Harddisk1\DR1\, DriverName: \Driver\disk\
Upper DeviceData: 0x0, 0x0, 0x0
Lower DeviceData: 0x0, 0x0, 0x0
Drive 1
Scanning MBR on drive 1...
Inspecting partition table:
MBR Signature: 55AA
Disk Signature: F05084FA

Partition information:

    Partition 0 type is Primary (0x7)
    Partition is ACTIVE.
    Partition starts at LBA: 2048  Numsec = 204800
    Partition file system is NTFS
    Partition is bootable

    Partition 1 type is Primary (0x7)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 206848  Numsec = 292837376

    Partition 2 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0  Numsec = 0

    Partition 3 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0  Numsec = 0

Disk Size: 150039945216 bytes
Sector size: 512 bytes

Done!
Physical Sector Size: 512
Drive: 2, DevicePointer: 0xffffe000b3534610, DeviceName: \Device\Harddisk2\DR2\, DriverName: \Driver\disk\
--------- Disk Stack ------
DevicePointer: 0xffffe000b3533040, DeviceName: Unknown, DriverName: \Driver\partmgr\
DevicePointer: 0xffffe000b3534610, DeviceName: \Device\Harddisk2\DR2\, DriverName: \Driver\disk\
DevicePointer: 0xffffe000b1e84bf0, DeviceName: Unknown, DriverName: \Driver\ACPI\
DevicePointer: 0xffffe000b1e86060, DeviceName: \Device\00000034\, DriverName: \Driver\iaStorA\
------------ End ----------
Alternate DeviceName: \Device\Harddisk2\DR2\, DriverName: \Driver\disk\
Upper DeviceData: 0x0, 0x0, 0x0
Lower DeviceData: 0x0, 0x0, 0x0
Drive 2
Scanning MBR on drive 2...
Inspecting partition table:
This drive is a GPT Drive.
MBR Signature: 55AA
Disk Signature: 0

GPT Protective MBR Partition information:

    Partition 0 type is EFI-GPT (0xee)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 1  Numsec = 4294967295

    Partition 1 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0  Numsec = 0

    Partition 2 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0  Numsec = 0

    Partition 3 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0  Numsec = 0

GPT Partition information:

    GPT Header Signature 4546492050415254
    GPT Header Revision 65536 Size 92 CRC 919007838
    GPT Header CurrentLba = 1 BackupLba 11721045167
    GPT Header FirstUsableLba 34  LastUsableLba 11721045134
    GPT Header Guid f2886d53-75fd-4a14-92c3-c1482c66a558
    GPT Header Contains 128 partition entries starting at LBA 2
    GPT Header Partition entry size = 128

    Backup GPT header Signature 4546492050415254
    Backup GPT header Revision 65536 Size 92 CRC 919007838
    Backup GPT header CurrentLba = 11721045167 BackupLba 1
    Backup GPT header FirstUsableLba 34  LastUsableLba 11721045134
    Backup GPT header Guid f2886d53-75fd-4a14-92c3-c1482c66a558
    Backup GPT header Contains 128 partition entries starting at LBA 11721045135
    Backup GPT header Partition entry size = 128

    Partition 0 Type e3c9e316-b5c-4db8-817d-f92df0215ae
    Partition ID 1fdc6faf-840b-412f-b246-f233e2daa8a
    FirstLBA 34  Last LBA 262177
    Attributes 0
    Partition Name         Microsoft reserved partition

    Partition 1 Type ebd0a0a2-b9e5-4433-87c0-68b6b72699c7
    Partition ID bd724f0e-a905-4d86-8924-dfef6b6bf80
    FirstLBA 264192  Last LBA 11721043967
    Attributes 0
    Partition Name                 Basic data partition

Disk Size: 6001175126016 bytes
Sector size: 512 bytes

Done!
Physical Sector Size: 512
Drive: 3, DevicePointer: 0xffffe000b3533770, DeviceName: \Device\Harddisk3\DR3\, DriverName: \Driver\disk\
--------- Disk Stack ------
DevicePointer: 0xffffe000b3532040, DeviceName: Unknown, DriverName: \Driver\partmgr\
DevicePointer: 0xffffe000b3533770, DeviceName: \Device\Harddisk3\DR3\, DriverName: \Driver\disk\
DevicePointer: 0xffffe000b1e84a00, DeviceName: Unknown, DriverName: \Driver\ACPI\
DevicePointer: 0xffffe000b1e84060, DeviceName: \Device\00000035\, DriverName: \Driver\iaStorA\
------------ End ----------
Alternate DeviceName: \Device\Harddisk3\DR3\, DriverName: \Driver\disk\
Upper DeviceData: 0x0, 0x0, 0x0
Lower DeviceData: 0x0, 0x0, 0x0
Drive 3
Scanning MBR on drive 3...
Inspecting partition table:
MBR Signature: 55AA
Disk Signature: 42D2C4AD

Partition information:

    Partition 0 type is Primary (0x7)
    Partition is ACTIVE.
    Partition starts at LBA: 2048  Numsec = 3907024896
    Partition file system is NTFS
    Partition is bootable

    Partition 1 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0  Numsec = 0

    Partition 2 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0  Numsec = 0

    Partition 3 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0  Numsec = 0

Disk Size: 2000398934016 bytes
Sector size: 512 bytes

Done!
Scan finished
=======================================


Removal queue found; removal started
Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\MBR-0-i.mbam...
Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\MBR-0-r.mbam...
Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\MBR-1-i.mbam...
Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\VBR-1-0-2048-i.mbam...
Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\MBR-1-r.mbam...
Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\MBR-2-i.mbam...
Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\MBR-2-r.mbam...
Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\MBR-3-i.mbam...
Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\VBR-3-0-2048-i.mbam...
Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\MBR-3-r.mbam...
Removal finished
 

RKreport_SCN_02212015_174637.log

 

RogueKiller V10.4.1.0 [Feb 19 2015] by Adlice Software
mail : http://www.adlice.com/contact/
Feedback : http://forum.adlice.com
Website : http://www.adlice.com/fr/logiciels/roguekiller/
Blog : http://www.adlice.com

Operating System : Windows 8.1 (6.3.9600 ) 64 bits version
Started in : Safe mode with network support
User : Dunge [Administrator]
Mode : Scan -- Date : 02/21/2015  17:46:37

¤¤¤ Processes : 0 ¤¤¤

¤¤¤ Registry : 38 ¤¤¤
[PUM.Proxy] (X64) HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings | ProxyEnable : 1  -> Found
[PUM.Proxy] (X86) HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings | ProxyEnable : 1  -> Found
[PUM.Proxy] (X64) HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings | ProxyEnable : 1  -> Found
[PUM.Proxy] (X86) HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings | ProxyEnable : 1  -> Found
[PUM.Proxy] (X64) HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings | ProxyServer : http=127.0.0.1:64955;https=127.0.0.1:64955  -> Found
[PUM.Proxy] (X86) HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings | ProxyServer : http=127.0.0.1:64955;https=127.0.0.1:64955  -> Found
[PUM.Proxy] (X64) HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings | ProxyServer : http=127.0.0.1:64955;https=127.0.0.1:64955  -> Found
[PUM.Proxy] (X86) HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings | ProxyServer : http=127.0.0.1:64955;https=127.0.0.1:64955  -> Found
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Tcpip\Parameters | DhcpNameServer : 74.116.184.28 74.116.184.29 [CANADA (CA)][CANADA (CA)]  -> Found
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\RK_System_ON_F_2398\ControlSet001\Services\Tcpip\Parameters | DhcpNameServer : 74.116.184.28 74.116.184.29 [CANADA (CA)][CANADA (CA)]  -> Found
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Tcpip\Parameters | DhcpNameServer : 74.116.184.28 74.116.184.29 [CANADA (CA)][CANADA (CA)]  -> Found
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\RK_System_ON_F_2398\ControlSet002\Services\Tcpip\Parameters | DhcpNameServer : 74.116.184.28 74.116.184.29 [CANADA (CA)][CANADA (CA)]  -> Found
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{68657A12-2600-4BFC-A718-979862677DAF} | DhcpNameServer : 74.116.184.28 74.116.184.29 [CANADA (CA)][CANADA (CA)]  -> Found
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{E3776FBE-C970-412A-834B-2620EF51C1C3} | DhcpNameServer : 10.1.0.201 10.1.0.3 [(Private Address) (XX)][(Private Address) (XX)]  -> Found
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\RK_System_ON_F_2398\ControlSet001\Services\Tcpip\Parameters\Interfaces\{9B752241-9D5A-4362-B982-71CD13243E1D} | DhcpNameServer : 74.116.184.28 74.116.184.29 [CANADA (CA)][CANADA (CA)]  -> Found
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\RK_System_ON_F_2398\ControlSet001\Services\Tcpip\Parameters\Interfaces\{FDA46101-4764-414D-9EA8-742D072AC18F} | DhcpNameServer : 10.1.0.22 10.1.0.5 [(Private Address) (XX)][(Private Address) (XX)]  -> Found
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Tcpip\Parameters\Interfaces\{68657A12-2600-4BFC-A718-979862677DAF} | DhcpNameServer : 74.116.184.28 74.116.184.29 [CANADA (CA)][CANADA (CA)]  -> Found
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Tcpip\Parameters\Interfaces\{E3776FBE-C970-412A-834B-2620EF51C1C3} | DhcpNameServer : 10.1.0.201 10.1.0.3 [(Private Address) (XX)][(Private Address) (XX)]  -> Found
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\RK_System_ON_F_2398\ControlSet002\Services\Tcpip\Parameters\Interfaces\{9B752241-9D5A-4362-B982-71CD13243E1D} | DhcpNameServer : 74.116.184.28 74.116.184.29 [CANADA (CA)][CANADA (CA)]  -> Found
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\RK_System_ON_F_2398\ControlSet002\Services\Tcpip\Parameters\Interfaces\{FDA46101-4764-414D-9EA8-742D072AC18F} | DhcpNameServer : 10.1.0.22 10.1.0.5 [(Private Address) (XX)][(Private Address) (XX)]  -> Found
[PUM.Policies] (X64) HKEY_LOCAL_MACHINE\RK_Software_ON_F_3E33\Microsoft\Windows\CurrentVersion\Policies\System | ConsentPromptBehaviorAdmin : 0  -> Found
[PUM.Policies] (X86) HKEY_LOCAL_MACHINE\RK_Software_ON_F_3E33\Microsoft\Windows\CurrentVersion\Policies\System | ConsentPromptBehaviorAdmin : 0  -> Found
[PUM.StartMenu] (X64) HKEY_USERS\RK_Dunge_ON_F_87C9\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced | Start_ShowSetProgramAccessAndDefaults : 0  -> Found
[PUM.StartMenu] (X64) HKEY_USERS\RK_Dunge_ON_F_87C9\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced | Start_ShowDownloads : 0  -> Found
[PUM.StartMenu] (X64) HKEY_USERS\RK_Dunge_ON_F_87C9\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced | Start_ShowUser : 0  -> Found
[PUM.StartMenu] (X86) HKEY_USERS\RK_Dunge_ON_F_87C9\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced | Start_ShowSetProgramAccessAndDefaults : 0  -> Found
[PUM.StartMenu] (X86) HKEY_USERS\RK_Dunge_ON_F_87C9\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced | Start_ShowDownloads : 0  -> Found
[PUM.StartMenu] (X86) HKEY_USERS\RK_Dunge_ON_F_87C9\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced | Start_ShowUser : 0  -> Found
[PUM.StartMenu] (X64) HKEY_USERS\S-1-5-21-2149543761-3914769281-2911391531-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced | Start_TrackProgs : 0  -> Found
[PUM.StartMenu] (X86) HKEY_USERS\S-1-5-21-2149543761-3914769281-2911391531-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced | Start_TrackProgs : 0  -> Found
[PUM.DesktopIcons] (X64) HKEY_LOCAL_MACHINE\RK_Software_ON_F_3E33\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1  -> Found
[PUM.DesktopIcons] (X64) HKEY_LOCAL_MACHINE\RK_Software_ON_F_3E33\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {59031a47-3f72-44a7-89c5-5595fe6b30ee} : 1  -> Found
[PUM.DesktopIcons] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1  -> Found
[PUM.DesktopIcons] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {59031a47-3f72-44a7-89c5-5595fe6b30ee} : 1  -> Found
[PUM.DesktopIcons] (X86) HKEY_LOCAL_MACHINE\RK_Software_ON_F_3E33\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1  -> Found
[PUM.DesktopIcons] (X86) HKEY_LOCAL_MACHINE\RK_Software_ON_F_3E33\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {59031a47-3f72-44a7-89c5-5595fe6b30ee} : 1  -> Found
[PUM.DesktopIcons] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1  -> Found
[PUM.DesktopIcons] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {59031a47-3f72-44a7-89c5-5595fe6b30ee} : 1  -> Found

¤¤¤ Tasks : 0 ¤¤¤

¤¤¤ Files : 1 ¤¤¤
[Suspicious.Path][File] RdpSaProxy.lnk -- C:\Users\Dunge\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\RdpSaProxy.lnk [LNK@] C:\Users\Dunge\AppData\Roaming\Microsoft\Windows\IEUpdate\RdpSaProxy.exe -> Found

¤¤¤ Hosts File : 0 ¤¤¤

¤¤¤ Antirootkit : 0 (Driver: Not loaded [0xc000035f]) ¤¤¤

¤¤¤ Web browsers : 0 ¤¤¤

¤¤¤ MBR Check : ¤¤¤
+++++ PhysicalDrive0: M4-CT128M4SSD2 +++++
--- User ---
[MBR] bd9b4e0fa9331152cde81b07782c7b71
[BSP] 1411e0dc09c836f411529b85b79a92d5 : Windows Vista/7/8 MBR Code
Partition table:
User = LL1 ... OK
User = LL2 ... OK

+++++ PhysicalDrive1: WDC WD1500ADFS-00SLR5 +++++
--- User ---
[MBR] 9457a99d6c12f9a7177dba09ee06242c
[BSP] db91323cba05185f0c30a69c31c25980 : Windows Vista/7/8 MBR Code
Partition table:
User = LL1 ... OK
User = LL2 ... OK

+++++ PhysicalDrive2: WDC WD60EFRX-68MYMN1 +++++
--- User ---
[MBR] 0086f36f0b7bc8b257f89fc226376c3d
[BSP] 9e3b3c473b1db0daa516427cdae6e1cc : Windows Vista/7/8 MBR Code
Partition table:
0 - Microsoft reserved partition | Offset (sectors): 34 | Size: 128 MB
1 - Basic data partition | Offset (sectors): 264192 | Size: 5723037 MB
User = LL1 ... OK
User = LL2 ... OK

+++++ PhysicalDrive3: WDC WD2002FAEX-007BA0 +++++
--- User ---
[MBR] a59bb6c53ad0ee2e7c333ab08f8e7c2d
[BSP] 0670b7d3b1d0bb6af520129143b81ecf : Windows Vista/7/8 MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x7) [VISIBLE] Offset (sectors): 2048 | Size: 1907727 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
User = LL1 ... OK
User = LL2 ... OK



#5 olgun52

olgun52

  • Malware Response Team
  • 3,784 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:12:29 PM

Posted 21 February 2015 - 07:27 PM

Do you use a proxy and Did you make this proxy settings?
ProxyServer: [.DEFAULT] => http=127.0.0.1:64955;https=127.0.0.1:64955

10.1.0.22 10.1.0.5
10.1.0.201 10.1.0.3
74.116.184.28 74.116.184.29

Did you make this DNS settings?


Best regards
 
paypal.gif
If you wish to show appreciation and support me personally fighting against malware, then you can consider a donation. Thank you. :thumbup2:
Malware fix forum
If I don't reply within 24 hours please PM me!

 


 


#6 Dunge

Dunge
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:04:29 AM

Posted 21 February 2015 - 07:45 PM

I do not use any proxy. I do not know what port 64955 is.

 

But I do have a VPN connection setup to the place where I work and I remember the IPs 10.1.0.22 and 10.1.0.3 were used as DNS/gateway. Might or might not be related. I do not care losing this VPN connection setting because it's quite easy to recreate, I would prefer clean everything if not certain.

 

As for 74.116.184.28 and 74.116.184.29 , searching these IPs on Google provide links to ElectronicBox which is my ISP, so I guess they are legit. On the other hand, I never added any special DNS settings or changed anything related to networking, it is set to use DHCP only.



#7 olgun52

olgun52

  • Malware Response Team
  • 3,784 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:12:29 PM

Posted 21 February 2015 - 08:13 PM

But I do have a VPN connection setup to the place where I work
I do not care losing this VPN connection setting because it's quite easy to recreate, I would prefer clean everything if not certain.

Okay. I will delete they
-------------------------------------------
 
Step 1:
FRST Script:
Please download this attached txt.gif  fixlist.txt   3.18KB   0 downloads and save it in the same directory as FRST.

  • Start FRST with Administrator privileges.
  • Press the Fix button.
  • When finished, a log file (Fixlog.txt) pops up and is saved to the same location the tool was run from.
    Please copy and paste its contents in your next reply.

NOT : It's important that both files, FRST and fixlist.txt are in the same location or the fix will not work.
and fixlist.txt are in the same location or the fix will not work.
 
Step 2:
Complete Internet Repair

  • Please download comintrep.zip and save it to your desktop
  • Double click the icon and select Run
  • Click Extract
  • Double click the Complete Internet Repair folder on your desktop
  • Double click the CIntRep.exe icon
  • Place a checkmark next to the following entries:

Reset Internet Protocol (TCP/IP)
Repair Winsock (Reset Catalog)
Renew Internet Connections
Flush DNS Resolver Cache

  • Click Go!
  • Ignore any error messages for now
  • Click OK to reboot your computer
  • Check your internet access

Step 3:
 
I would suggest you to go through the following steps and check.
 
İE Proxy reset:
a ) Under "Tools" in the browser tool bar select "Internet Options".
b ) In the "Internet Options" Window that pops up, click the "Connections" tab at the top.
c ) Click "LAN Settings" near the bottom of the "Connections" section.
d ) If the "Proxy server" checkbox is marked with a check, click it to deselect/uncheck it.
e ) Click "Ok" to close the "Local Area Network (LAN) Settings" window.
f ) Click "Ok" to close the "Internet Options" Window.
 
Now check if you are able to connect to Internet Explorer.
 
Firefox proxy reset:
http://How to reset the proxy infirefox
 
 To check your Firefox proxy settings:



  • Click the menu button 2014-01-10-13-08-08-f52b8c.png and choose Options
     
  • Select the Advanced panel.
  • Select the Network tab.
  • In the Connection section, click Settings....
  • Change your proxy settings:
    • If you don't connect to the Internet through a proxy (or don't know whether you connect through a proxy), select No Proxy.
  • Click OK to close the Connection Settings window.
  • Click OK to close the Options window
  • Chrome proxy reset:
    • Click "Customize and Control Google Chrome" menu.
    • Click "Options" button.
    • Under "Google Chrome Options" window select 'Under the Hood" tab
    • In the 'Network' section, click the "Change proxy settings" button.
    • Under "Internet Properties" window click "Lan settings" button.
    • Under "Local Area Network (LAN) Settings" window click on the Proxy server for your LAN"
    • If you don't connect to the Internet through a proxy (or don't know whether you connect through a proxy), select No Proxy. (unticked)
    • Click OK and Apply to save the settings.

Attached Files


Edited by olgun52, 21 February 2015 - 08:16 PM.

Best regards
 
paypal.gif
If you wish to show appreciation and support me personally fighting against malware, then you can consider a donation. Thank you. :thumbup2:
Malware fix forum
If I don't reply within 24 hours please PM me!

 


 


#8 Dunge

Dunge
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:04:29 AM

Posted 21 February 2015 - 09:01 PM

Done all this, still can't connect to this site and others (Microsoft, eset, etc.) via firefox/internet explorer.

For Step3, everything was already set at No Proxy

 

I've done a test with ping and here's the strange result.

 

C:\Windows\system32>ping bleepingcomputer.com

Pinging bleepingcomputer.com [141.101.113.117] with 32 bytes of data:
General failure.
General failure.
General failure.
General failure.

Ping statistics for 141.101.113.117:
    Packets: Sent = 4, Received = 0, Lost = 4 (100% loss),

C:\Windows\system32>ping google.com

Pinging google.com [96.127.250.42] with 32 bytes of data:
Reply from 96.127.250.42: bytes=32 time=22ms TTL=56
Reply from 96.127.250.42: bytes=32 time=14ms TTL=56
Reply from 96.127.250.42: bytes=32 time=14ms TTL=56
Reply from 96.127.250.42: bytes=32 time=21ms TTL=56

Ping statistics for 96.127.250.42:
    Packets: Sent = 4, Received = 4, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
    Minimum = 14ms, Maximum = 22ms, Average = 17ms

 

Fixlog.txt

 

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 21-02-2015
Ran by Dunge at 2015-02-21 20:27:35 Run:1
Running from C:\
Loaded Profiles: Dunge (Available profiles: Dunge)
Boot Mode: Safe Mode (with Networking)
==============================================

Content of fixlist:
*****************
CreateRestorePoint:
CloseProcesses:
Task: {915AFB89-B40E-4B74-97A5-D9FEA2B92152} - System32\Tasks\AutoKMS => C:\Windows\AutoKMS\AutoKMS.exe [2014-02-24] ()
Task: {FDEA5B45-0118-4C65-A870-FA859A96CAAA} - System32\Tasks\SpyHunter4Startup => C:\Program Files (x86)\Enigma Software Group\SpyHunter\Spyhunter4.exe
AlternateDataStreams: C:\Users\Dunge\OneDrive:ms-properties
HKU\S-1-5-21-2149543761-3914769281-2911391531-1001\...\MountPoints2: {6c807347-b6fb-11e3-8256-bcaec574dc08} - "I:\LaunchU3.exe" -a
ShortcutTarget: RdpSaProxy.lnk -> C:\Users\Dunge\AppData\Roaming\Microsoft\Windows\IEUpdate\RdpSaProxy.exe (No File)
FF ProfilePath: C:\Users\Dunge\AppData\Roaming\Mozilla\Firefox\Profiles\4pvi19hp.default
S3 esgiguard; \??\C:\Program Files (x86)\Enigma Software Group\SpyHunter\esgiguard.sys [X]
2015-02-21 14:52 - 2014-03-23 00:53 - 00003758 _____ () C:\Windows\System32\Tasks\AutoKMS
C:\Users\Dunge\AppData\Local\Temp\{6C2E9EC7-3265-4A57-91F7-840210774CC3}.exe
C:\Users\Dunge\AppData\Local\Temp\{FCD0AF1A-9D75-4924-A091-DF7998B0A0EA}.exe
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\49414768.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\64421304.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\49414768.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\64421304.sys => ""="Driver"
2015-02-21 12:48 - 2015-02-21 12:48 - 00003338 _____ () C:\Windows\System32\Tasks\SpyHunter4Startup
2015-02-21 12:48 - 2015-02-21 12:48 - 00000000 ____D () C:\Program Files (x86)\Enigma Software Group
2015-02-21 13:18 - 2015-02-21 13:18 - 00003272 _____ () C:\ESETSimdaCleaner.exe_20150221.131825.2732.log
2015-02-21 13:18 - 2015-02-21 13:18 - 00003272 _____ () C:\ESETSimdaCleaner.exe_20150221.131813.3976.log
2015-02-21 13:17 - 2015-02-21 13:18 - 00003272 _____ () C:\ESETSimdaCleaner.exe_20150221.131752.4124.log
2015-02-21 13:01 - 2015-02-21 13:01 - 04197016 _____ (Kaspersky Lab ZAO) C:\Users\Dunge\Desktop\tdsskiller.exe
2015-02-21 12:37 - 2015-02-21 12:37 - 00003272 _____ () C:\ESETSimdaCleaner.exe_20150221.123708.5700.log
2015-02-21 12:34 - 2015-02-21 12:34 - 00016704 _____ () C:\Users\Dunge\Desktop\SophosVirusRemovalTool.log
2015-02-21 02:50 - 2015-02-21 02:50 - 00002775 _____ () C:\Users\Public\Desktop\Sophos Virus Removal Tool.lnk
2015-02-21 02:50 - 2015-02-21 02:50 - 00000000 ____D () C:\ProgramData\Sophos
2015-02-21 02:50 - 2015-02-21 02:50 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sophos
2015-02-21 02:50 - 2015-02-21 02:50 - 00000000 ____D () C:\Program Files (x86)\Sophos
2015-02-21 02:46 - 2015-02-21 02:46 - 111222592 _____ (Sophos Limited) C:\Sophos Virus Removal Tool.exe
2015-02-21 02:22 - 2015-02-21 02:21 - 00210176 _____ (ESET) C:\ESETSimdaCleaner.exe
2015-02-20 23:38 - 2014-03-23 02:56 - 00000000 ____D () C:\Users\Dunge\AppData\Roaming\vlc
2015-02-13 23:04 - 2014-03-26 23:30 - 00309760 ___SH () C:\Users\Dunge\Desktop\Thumbs.db
ProxyEnable: [.DEFAULT] => Internet Explorer proxy is enabled.
ProxyServer: [.DEFAULT] => http=127.0.0.1:64955;https=127.0.0.1:64955
CMD: ipconfig /flushdns
CMD: netsh winsock reset all
CMD: netsh int ipv4 reset
CMD: netsh int ipv6 reset
EmptyTemp:
*****************

Error: Restore point can only be created in normal mode.
Processes closed successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{FDEA5B45-0118-4C65-A870-FA859A96CAAA}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{FDEA5B45-0118-4C65-A870-FA859A96CAAA}" => Key deleted successfully.
C:\Windows\System32\Tasks\SpyHunter4Startup => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\SpyHunter4Startup" => Key deleted successfully.
"C:\Users\Dunge\OneDrive" => ":ms-properties" ADS not found.
"HKU\S-1-5-21-2149543761-3914769281-2911391531-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{6c807347-b6fb-11e3-8256-bcaec574dc08}" => Key deleted successfully.
HKCR\CLSID\{6c807347-b6fb-11e3-8256-bcaec574dc08} => Key not found.
C:\Users\Dunge\AppData\Roaming\Microsoft\Windows\IEUpdate\RdpSaProxy.exe not found.
C:\Users\Dunge\AppData\Roaming\Microsoft\Windows\IEUpdate\RdpSaProxy.exe => Should not be moved.
esgiguard => Service deleted successfully.
C:\Windows\System32\Tasks\AutoKMS => Moved successfully.
C:\Users\Dunge\AppData\Local\Temp\{6C2E9EC7-3265-4A57-91F7-840210774CC3}.exe => Moved successfully.
"C:\Users\Dunge\AppData\Local\Temp\{FCD0AF1A-9D75-4924-A091-DF7998B0A0EA}.exe" => File/Directory not found.
"HKLM\System\CurrentControlSet\Control\SafeBoot\Minimal\49414768.sys" => Key deleted successfully.
"HKLM\System\CurrentControlSet\Control\SafeBoot\Minimal\64421304.sys" => Key deleted successfully.
"HKLM\System\CurrentControlSet\Control\SafeBoot\Network\49414768.sys" => Key deleted successfully.
"HKLM\System\CurrentControlSet\Control\SafeBoot\Network\64421304.sys" => Key deleted successfully.
"C:\Windows\System32\Tasks\SpyHunter4Startup" => File/Directory not found.
C:\Program Files (x86)\Enigma Software Group => Moved successfully.
"C:\ESETSimdaCleaner.exe_20150221.131825.2732.log" => File/Directory not found.
"C:\ESETSimdaCleaner.exe_20150221.131813.3976.log" => File/Directory not found.
"C:\ESETSimdaCleaner.exe_20150221.131752.4124.log" => File/Directory not found.
C:\Users\Dunge\Desktop\tdsskiller.exe => Moved successfully.
"C:\ESETSimdaCleaner.exe_20150221.123708.5700.log" => File/Directory not found.
C:\Users\Dunge\Desktop\SophosVirusRemovalTool.log => Moved successfully.
C:\Users\Public\Desktop\Sophos Virus Removal Tool.lnk => Moved successfully.
C:\ProgramData\Sophos => Moved successfully.
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sophos => Moved successfully.
C:\Program Files (x86)\Sophos => Moved successfully.
C:\Sophos Virus Removal Tool.exe => Moved successfully.
C:\ESETSimdaCleaner.exe => Moved successfully.
C:\Users\Dunge\AppData\Roaming\vlc => Moved successfully.
C:\Users\Dunge\Desktop\Thumbs.db => Moved successfully.
HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyEnable => value deleted successfully.
HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyServer => value deleted successfully.

=========  ipconfig /flushdns =========


Windows IP Configuration

Successfully flushed the DNS Resolver Cache.

========= End of CMD: =========


=========  netsh winsock reset all =========


Sucessfully reset the Winsock Catalog.
You must restart the computer in order to complete the reset.


========= End of CMD: =========


=========  netsh int ipv4 reset =========

Resetting Global, OK!
Resetting Interface, OK!
Resetting Neighbor, OK!
Resetting Path, OK!
Resetting , failed.
Access is denied.

Resetting , OK!
Restart the computer to complete this action.


========= End of CMD: =========


=========  netsh int ipv6 reset =========

Resetting Interface, OK!
Resetting Neighbor, OK!
Resetting Path, OK!
Resetting , failed.
Access is denied.

Resetting , OK!
Resetting , OK!
Restart the computer to complete this action.


========= End of CMD: =========

EmptyTemp: => Removed 572.5 MB temporary data.


The system needed a reboot.

==== End of Fixlog 20:27:41 ====

 

ComIntRepair.log

                                            ./
                                          (o o)
--------------------------------------oOOo-(_)-oOOo--------------------------------------
[21/02/2015 20:30:02] Resetting all TCP/IP Interfaces, Please wait.....
-----------------------------------------------------------------------------------------
[21/02/2015 20:30:02] TCP/IP interfaces reset successful.
[21/02/2015 20:30:02] TCP/IP v6 interfaces reset successful.
[21/02/2015 20:30:02] You may need to restart your computer for the settings to take effect.
[21/02/2015 20:30:02] Finished resetting the Internet Protocol (TCP/IP).

-----------------------------------------------------------------------------------------
[21/02/2015 20:30:02] Attempting to reset Winsock catalog, Please wait.....
-----------------------------------------------------------------------------------------
[21/02/2015 20:30:02] Successfully reset the Winsock Catalog.
[21/02/2015 20:30:02] Finished repairing Winsock

-----------------------------------------------------------------------------------------
[21/02/2015 20:30:02] Releasing TCP/IP connections, Please wait.....
-----------------------------------------------------------------------------------------
[21/02/2015 20:30:02] Successfully released TCP/IP connections.

-----------------------------------------------------------------------------------------
[21/02/2015 20:30:02] Renewing TCP/IP connections, Please wait.....
-----------------------------------------------------------------------------------------
[21/02/2015 20:30:05] Successfully renewed TCP/IP adapters.

-----------------------------------------------------------------------------------------
[21/02/2015 20:30:05] Configuring the Windows Event Log Service, Please wait.....
-----------------------------------------------------------------------------------------
[21/02/2015 20:30:05] Windows Event Log Service Configured.
[21/02/2015 20:30:05] Starting the Windows Event Log Service.....
[21/02/2015 20:30:06] Windows Event Log Service Started Successfully.

-----------------------------------------------------------------------------------------
[21/02/2015 20:30:06] Flushing DNS Resolver Cache, Please wait.....
-----------------------------------------------------------------------------------------
[21/02/2015 20:30:06] Successfully flushed DNS Resolver Cache.
[21/02/2015 20:30:06] Refreshing all DHCP leases and re-registering DNS names, Please wait.....
[21/02/2015 20:30:09] Registration of the DNS resource records has been initiated.
[21/02/2015 20:30:09] Note: Any errors will be reported in the 'Event Viewer' in about 15 minutes.
[21/02/2015 20:30:09] Note: Click on 'File' and then 'Event Viewer...' to open the Event Viewer.

-----------------------------------------------------------------------------------------
[21/02/2015 20:30:09] You will need to reboot your computer before the settings will take effect.
-----------------------------------------------------------------------------------------
[21/02/2015 20:30:27] Your computer is restarting now.....

-----------------------------------------------------------------------------------------
 



#9 olgun52

olgun52

  • Malware Response Team
  • 3,784 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:12:29 PM

Posted 22 February 2015 - 07:53 AM

Hi Dunge,

IP:141.101.113.117
http://whatismyipaddress.com/ip/141.101.113.117

[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{E3776FBE-C970-412A-834B-2620EF51C1C3} | DhcpNameServer : 10.1.0.201 10.1.0.3 [(Private Address) (XX)][(Private Address) (XX)] -> Found
IP address 10.1.0.201
https://db-ip.com/10.1.0.201

This is your address? Is it true ? 

Try removing If you see the VPN software. Let's also such a control.

May be a problem with CloudFlare.
??

-------------------------------------------------------------------

Step 1:

Please download MiniToolBox, save it to your desktop and run it.
Checkmark the following checkboxes:

  • Flush DNS
  • Report IE Proxy Settings
  • Reset IE Proxy Settings
  • Report FF Proxy Settings
  • Reset FF Proxy Settings
  • List content of Hosts
  • List IP configuration
  • List Winsock Entries
  • List last 10 Event Viewer log
  • List Installed Programs
  • List Users, Partitions and Memory size.

Click Go and post the result (Result.txt). A copy of Result.txt will be saved in the same directory the tool is run.
Note: When using "Reset FF Proxy Settings" option Firefox should be closed.

 

Step 2:
Please run Farbar Service Scanner.

  • Make sure the following options are checked:
    • Internet Services
    • Windows Firewall
    • System Restore
    • Security Center
    • Windows Update
    • Windows Defender
    • Other Services
  • Press "Scan".
  • It will create a log (FSS.txt) in the same directory the tool is run.
  • Please copy and paste the log to your reply.

Step3:

Please post a fresh FRST logfile for my check. (Frst.txt and Additional.txt)


Best regards
 
paypal.gif
If you wish to show appreciation and support me personally fighting against malware, then you can consider a donation. Thank you. :thumbup2:
Malware fix forum
If I don't reply within 24 hours please PM me!

 


 


#10 Dunge

Dunge
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:04:29 AM

Posted 22 February 2015 - 11:00 AM

Hi Yılmaz, thanks for keeping up with me!

 

The link you posted point to Switzerland, which have nothing to do with me, I'm in Canada. My IP address is (currently) 96.127.232.6

I do not have any VPN software, just had an entry in Windows. I deleted it now.

I do not know what CloudFire is, but as I said the network works perfectly fine if I'm under Win7 or over my phone via wifi using the same network, it only fail on my Win8.1.

Here are the logs requested. You will notice I have tons of games installed, don't worry about that.

 

Result.txt

 

MiniToolBox by Farbar  Version: 30-11-2014
Ran by Dunge (administrator) on 22-02-2015 at 10:33:30
Running from "C:\"
Microsoft Windows 8.1 Pro  (X64)
Boot Mode: Normal
***************************************************************************

========================= Flush DNS: ===================================

Windows IP Configuration

Successfully flushed the DNS Resolver Cache.

========================= IE Proxy Settings: ==============================

Proxy is not enabled.
No Proxy Server is set.

"Reset IE Proxy Settings": IE Proxy Settings were reset.

========================= FF Proxy Settings: ==============================


"Reset FF Proxy Settings": Firefox Proxy settings were reset.

========================= Hosts content: =================================



========================= IP Configuration: ================================

Intel® 82579V Gigabit Network Connection = Ethernet (Connected)
Bluetooth Device (Personal Area Network) = Bluetooth Network Connection (Media disconnected)


# ----------------------------------
# IPv4 Configuration
# ----------------------------------
pushd interface ipv4

reset
set global icmpredirects=enabled


popd
# End of IPv4 configuration



Windows IP Configuration

   Host Name . . . . . . . . . . . . : Dunge-PC
   Primary Dns Suffix  . . . . . . . :
   Node Type . . . . . . . . . . . . : Hybrid
   IP Routing Enabled. . . . . . . . : No
   WINS Proxy Enabled. . . . . . . . : No

Ethernet adapter Bluetooth Network Connection:

   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . :
   Description . . . . . . . . . . . : Bluetooth Device (Personal Area Network)
   Physical Address. . . . . . . . . : 00-26-83-14-80-84
   DHCP Enabled. . . . . . . . . . . : Yes
   Autoconfiguration Enabled . . . . : Yes

Ethernet adapter Ethernet:

   Connection-specific DNS Suffix  . :
   Description . . . . . . . . . . . : Intel® 82579V Gigabit Network Connection
   Physical Address. . . . . . . . . : BC-AE-C5-74-DC-08
   DHCP Enabled. . . . . . . . . . . : Yes
   Autoconfiguration Enabled . . . . : Yes
   Link-local IPv6 Address . . . . . : fe80::886:37cc:da16:f8b%3(Preferred)
   IPv4 Address. . . . . . . . . . . : 192.168.2.113(Preferred)
   Subnet Mask . . . . . . . . . . . : 255.255.255.0
   Lease Obtained. . . . . . . . . . : 22 f�vrier 2015 10:30:53
   Lease Expires . . . . . . . . . . : 23 f�vrier 2015 10:33:07
   Default Gateway . . . . . . . . . : 192.168.2.1
   DHCP Server . . . . . . . . . . . : 192.168.2.1
   DHCPv6 IAID . . . . . . . . . . . : 62697157
   DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-1A-C0-2D-C4-BC-AE-C5-74-DC-08
   DNS Servers . . . . . . . . . . . : 74.116.184.28
                                       74.116.184.29
   NetBIOS over Tcpip. . . . . . . . : Enabled

Tunnel adapter isatap.{68657A12-2600-4BFC-A718-979862677DAF}:

   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . :
   Description . . . . . . . . . . . : Microsoft ISATAP Adapter
   Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
   DHCP Enabled. . . . . . . . . . . : No
   Autoconfiguration Enabled . . . . : Yes

Tunnel adapter Teredo Tunneling Pseudo-Interface:

   Connection-specific DNS Suffix  . :
   Description . . . . . . . . . . . : Teredo Tunneling Pseudo-Interface
   Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
   DHCP Enabled. . . . . . . . . . . : No
   Autoconfiguration Enabled . . . . : Yes
   IPv6 Address. . . . . . . . . . . : 2001:0:9d38:90d7:24b8:1957:9f80:17f9(Preferred)
   Link-local IPv6 Address . . . . . : fe80::24b8:1957:9f80:17f9%7(Preferred)
   Default Gateway . . . . . . . . . : ::
   DHCPv6 IAID . . . . . . . . . . . : 167772160
   DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-1A-C0-2D-C4-BC-AE-C5-74-DC-08
   NetBIOS over Tcpip. . . . . . . . : Disabled
Server:  dsl-184-116-74-28.electronicbox.net
Address:  74.116.184.28

Name:    google.com
Addresses:  2607:f8b0:4006:809::1002
      96.127.250.57
      96.127.250.59
      96.127.250.15
      96.127.250.19
      96.127.250.23
      96.127.250.27
      96.127.250.29
      96.127.250.30
      96.127.250.34
      96.127.250.38
      96.127.250.42
      96.127.250.44
      96.127.250.45
      96.127.250.49
      96.127.250.53


Pinging google.com [96.127.250.49] with 32 bytes of data:
Reply from 96.127.250.49: bytes=32 time=14ms TTL=56
Reply from 96.127.250.49: bytes=32 time=13ms TTL=56

Ping statistics for 96.127.250.49:
    Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
    Minimum = 13ms, Maximum = 14ms, Average = 13ms
Server:  dsl-184-116-74-28.electronicbox.net
Address:  74.116.184.28

Name:    yahoo.com
Addresses:  98.139.183.24
      206.190.36.45
      98.138.253.109


Pinging yahoo.com [98.138.253.109] with 32 bytes of data:
Reply from 98.138.253.109: bytes=32 time=91ms TTL=42
Reply from 98.138.253.109: bytes=32 time=91ms TTL=42

Ping statistics for 98.138.253.109:
    Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
    Minimum = 91ms, Maximum = 91ms, Average = 91ms

Pinging 127.0.0.1 with 32 bytes of data:
Reply from 127.0.0.1: bytes=32 time<1ms TTL=128
Reply from 127.0.0.1: bytes=32 time<1ms TTL=128

Ping statistics for 127.0.0.1:
    Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
    Minimum = 0ms, Maximum = 0ms, Average = 0ms
===========================================================================
Interface List
  5...00 26 83 14 80 84 ......Bluetooth Device (Personal Area Network)
  3...bc ae c5 74 dc 08 ......Intel® 82579V Gigabit Network Connection
  1...........................Software Loopback Interface 1
  6...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter
  7...00 00 00 00 00 00 00 e0 Teredo Tunneling Pseudo-Interface
===========================================================================

IPv4 Route Table
===========================================================================
Active Routes:
Network Destination        Netmask          Gateway       Interface  Metric
          0.0.0.0          0.0.0.0      192.168.2.1    192.168.2.113     20
        127.0.0.0        255.0.0.0         On-link         127.0.0.1    306
        127.0.0.1  255.255.255.255         On-link         127.0.0.1    306
  127.255.255.255  255.255.255.255         On-link         127.0.0.1    306
      192.168.2.0    255.255.255.0         On-link     192.168.2.113    276
    192.168.2.113  255.255.255.255         On-link     192.168.2.113    276
    192.168.2.255  255.255.255.255         On-link     192.168.2.113    276
        224.0.0.0        240.0.0.0         On-link         127.0.0.1    306
        224.0.0.0        240.0.0.0         On-link     192.168.2.113    276
  255.255.255.255  255.255.255.255         On-link         127.0.0.1    306
  255.255.255.255  255.255.255.255         On-link     192.168.2.113    276
===========================================================================
Persistent Routes:
  None

IPv6 Route Table
===========================================================================
Active Routes:
 If Metric Network Destination      Gateway
  7    306 ::/0                     On-link
  1    306 ::1/128                  On-link
  7    306 2001::/32                On-link
  7    306 2001:0:9d38:90d7:24b8:1957:9f80:17f9/128
                                    On-link
  3    276 fe80::/64                On-link
  7    306 fe80::/64                On-link
  3    276 fe80::886:37cc:da16:f8b/128
                                    On-link
  7    306 fe80::24b8:1957:9f80:17f9/128
                                    On-link
  1    306 ff00::/8                 On-link
  3    276 ff00::/8                 On-link
  7    306 ff00::/8                 On-link
===========================================================================
Persistent Routes:
  None
========================= Winsock entries =====================================

Catalog5 01 C:\Windows\SysWOW64\napinsp.dll [53760] (Microsoft Corporation)
Catalog5 02 C:\Windows\SysWOW64\pnrpnsp.dll [68096] (Microsoft Corporation)
Catalog5 03 C:\Windows\SysWOW64\pnrpnsp.dll [68096] (Microsoft Corporation)
Catalog5 04 C:\Windows\SysWOW64\NLAapi.dll [65536] (Microsoft Corporation)
Catalog5 05 C:\Windows\SysWOW64\mswsock.dll [270848] (Microsoft Corporation)
Catalog5 06 C:\Windows\SysWOW64\winrnr.dll [21504] (Microsoft Corporation)
Catalog5 07 C:\Windows\SysWOW64\wshbth.dll [51200] (Microsoft Corporation)
Catalog9 01 C:\Windows\SysWOW64\mswsock.dll [270848] (Microsoft Corporation)
Catalog9 02 C:\Windows\SysWOW64\mswsock.dll [270848] (Microsoft Corporation)
Catalog9 03 C:\Windows\SysWOW64\mswsock.dll [270848] (Microsoft Corporation)
Catalog9 04 C:\Windows\SysWOW64\mswsock.dll [270848] (Microsoft Corporation)
Catalog9 05 C:\Windows\SysWOW64\mswsock.dll [270848] (Microsoft Corporation)
Catalog9 06 C:\Windows\SysWOW64\mswsock.dll [270848] (Microsoft Corporation)
Catalog9 07 C:\Windows\SysWOW64\mswsock.dll [270848] (Microsoft Corporation)
Catalog9 08 C:\Windows\SysWOW64\mswsock.dll [270848] (Microsoft Corporation)
Catalog9 09 C:\Windows\SysWOW64\mswsock.dll [270848] (Microsoft Corporation)
Catalog9 10 C:\Windows\SysWOW64\mswsock.dll [270848] (Microsoft Corporation)
Catalog9 11 C:\Windows\SysWOW64\mswsock.dll [270848] (Microsoft Corporation)
x64-Catalog5 01 C:\Windows\System32\napinsp.dll [67584] (Microsoft Corporation)
x64-Catalog5 02 C:\Windows\System32\pnrpnsp.dll [87040] (Microsoft Corporation)
x64-Catalog5 03 C:\Windows\System32\pnrpnsp.dll [87040] (Microsoft Corporation)
x64-Catalog5 04 C:\Windows\System32\NLAapi.dll [86016] (Microsoft Corporation)
x64-Catalog5 05 C:\Windows\System32\mswsock.dll [338432] (Microsoft Corporation)
x64-Catalog5 06 C:\Windows\System32\winrnr.dll [30208] (Microsoft Corporation)
x64-Catalog5 07 C:\Windows\System32\wshbth.dll [63488] (Microsoft Corporation)
x64-Catalog9 01 C:\Windows\System32\mswsock.dll [338432] (Microsoft Corporation)
x64-Catalog9 02 C:\Windows\System32\mswsock.dll [338432] (Microsoft Corporation)
x64-Catalog9 03 C:\Windows\System32\mswsock.dll [338432] (Microsoft Corporation)
x64-Catalog9 04 C:\Windows\System32\mswsock.dll [338432] (Microsoft Corporation)
x64-Catalog9 05 C:\Windows\System32\mswsock.dll [338432] (Microsoft Corporation)
x64-Catalog9 06 C:\Windows\System32\mswsock.dll [338432] (Microsoft Corporation)
x64-Catalog9 07 C:\Windows\System32\mswsock.dll [338432] (Microsoft Corporation)
x64-Catalog9 08 C:\Windows\System32\mswsock.dll [338432] (Microsoft Corporation)
x64-Catalog9 09 C:\Windows\System32\mswsock.dll [338432] (Microsoft Corporation)
x64-Catalog9 10 C:\Windows\System32\mswsock.dll [338432] (Microsoft Corporation)
x64-Catalog9 11 C:\Windows\System32\mswsock.dll [338432] (Microsoft Corporation)

========================= Event log errors: ===============================

Application errors:
==================
Error: (02/22/2015 07:04:20 AM) (Source: Office 2013 Licensing Service) (User: )
Description: Subscription licensing service failed: -1073418231

Error: (02/22/2015 05:11:17 AM) (Source: Microsoft-Windows-CAPI2) (User: )
Description: Cryptographic Services failed while processing the OnIdentity() call in the System Writer Object.


Details:
AddLegacyDriverFiles: Unable to back up image of binary Microsoft Link-Layer Discovery Protocol.

System Error:
Access is denied.
.

Error: (02/22/2015 05:01:15 AM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest2" on line C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest.
Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_a9efdb8b01377ea7.manifest.

Error: (02/21/2015 02:51:02 PM) (Source: System Restore) (User: )
Description: Failed to create restore point (Process = C:\Windows\system32\msiexec.exe /V; Description = Removed SpyHunter; Error = 0x8007043c).

Error: (02/21/2015 02:51:00 PM) (Source: System Restore) (User: )
Description: Failed to create restore point (Process = C:\Windows\system32\msiexec.exe /V; Description = Removed SpyHunter; Error = 0x8007043c).

Error: (02/21/2015 02:06:45 PM) (Source: Microsoft-Windows-Immersive-Shell) (User: DUNGE-PC)
Description: Activation of app 53949YingXiong.TileTime_9cdx8657rgq7a!App failed with error: -2144927142 See the Microsoft-Windows-TWinUI/Operational log for additional information.

Error: (02/21/2015 02:06:45 PM) (Source: Microsoft-Windows-Immersive-Shell) (User: DUNGE-PC)
Description: Activation of app 53949YingXiong.TileTime_9cdx8657rgq7a!App failed with error: -2144927142 See the Microsoft-Windows-TWinUI/Operational log for additional information.

Error: (02/21/2015 02:04:15 PM) (Source: Microsoft-Windows-Immersive-Shell) (User: DUNGE-PC)
Description: Activation of app microsoft.windowscommunicationsapps_8wekyb3d8bbwe!ppleae38af2e007f4358a809ac99a64a67c1 failed with error: -2144927142 See the Microsoft-Windows-TWinUI/Operational log for additional information.

Error: (02/21/2015 01:59:25 PM) (Source: Microsoft-Windows-Immersive-Shell) (User: DUNGE-PC)
Description: Activation of app microsoft.windowscommunicationsapps_8wekyb3d8bbwe!ppleae38af2e007f4358a809ac99a64a67c1 failed with error: -2144927142 See the Microsoft-Windows-TWinUI/Operational log for additional information.

Error: (02/21/2015 01:59:25 PM) (Source: Microsoft-Windows-Immersive-Shell) (User: DUNGE-PC)
Description: Activation of app microsoft.windowscommunicationsapps_8wekyb3d8bbwe!ppleae38af2e007f4358a809ac99a64a67c1 failed with error: -2144927142 See the Microsoft-Windows-TWinUI/Operational log for additional information.


System errors:
=============
Error: (02/22/2015 04:59:06 AM) (Source: DCOM) (User: DUNGE-PC)
Description: {1B1F472E-3221-4826-97DB-2C2324D389AE}

Error: (02/22/2015 04:58:36 AM) (Source: DCOM) (User: DUNGE-PC)
Description: {BF6C1E47-86EC-4194-9CE5-13C15DCB2001}

Error: (02/22/2015 01:17:34 AM) (Source: Schannel) (User: NT AUTHORITY)
Description: A fatal alert was generated and sent to the remote endpoint. This may result in termination of the connection. The TLS protocol defined fatal error code is 70. The Windows SChannel error state is 105.

Error: (02/21/2015 08:28:33 PM) (Source: DCOM) (User: DUNGE-PC)
Description: 1084WSearchUnavailable{9E175B68-F52A-11D8-B9A5-505054503030}

Error: (02/21/2015 08:28:32 PM) (Source: DCOM) (User: DUNGE-PC)
Description: 1084ShellHWDetectionUnavailable{DD522ACC-F821-461A-A407-50B198B896DC}

Error: (02/21/2015 08:28:26 PM) (Source: DCOM) (User: DUNGE-PC)
Description: 1084ShellHWDetectionUnavailable{DD522ACC-F821-461A-A407-50B198B896DC}

Error: (02/21/2015 08:27:57 PM) (Source: DCOM) (User: DUNGE-PC)
Description: 1084ShellHWDetectionUnavailable{DD522ACC-F821-461A-A407-50B198B896DC}

Error: (02/21/2015 08:27:49 PM) (Source: DCOM) (User: DUNGE-PC)
Description: 1084dpsUnavailable{7022A3B3-D004-4F52-AF11-E9E987FEE25F}

Error: (02/21/2015 08:27:42 PM) (Source: DCOM) (User: DUNGE-PC)
Description: 1084WSearchUnavailable{B52D54BB-4818-4EB9-AA80-F9EACD371DF8}

Error: (02/21/2015 08:27:42 PM) (Source: DCOM) (User: DUNGE-PC)
Description: 1084WSearchUnavailable{B52D54BB-4818-4EB9-AA80-F9EACD371DF8}


Microsoft Office Sessions:
=========================
Error: (02/22/2015 07:04:20 AM) (Source: Office 2013 Licensing Service)(User: )
Description: Subscription licensing service failed: -1073418231

Error: (02/22/2015 05:11:17 AM) (Source: Microsoft-Windows-CAPI2)(User: )
Description:
Details:
AddLegacyDriverFiles: Unable to back up image of binary Microsoft Link-Layer Discovery Protocol.

System Error:
Access is denied.

Error: (02/22/2015 05:01:15 AM) (Source: SideBySide)(User: )
Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_a9efdb8b01377ea7.manifestC:\Program Files (x86)\ESET\ESET Online Scanner\ESETSmartInstaller.exe

Error: (02/21/2015 02:51:02 PM) (Source: System Restore)(User: )
Description: C:\Windows\system32\msiexec.exe /VRemoved SpyHunter0x8007043c

Error: (02/21/2015 02:51:00 PM) (Source: System Restore)(User: )
Description: C:\Windows\system32\msiexec.exe /VRemoved SpyHunter0x8007043c

Error: (02/21/2015 02:06:45 PM) (Source: Microsoft-Windows-Immersive-Shell)(User: DUNGE-PC)
Description: 53949YingXiong.TileTime_9cdx8657rgq7a!App-2144927142

Error: (02/21/2015 02:06:45 PM) (Source: Microsoft-Windows-Immersive-Shell)(User: DUNGE-PC)
Description: 53949YingXiong.TileTime_9cdx8657rgq7a!App-2144927142

Error: (02/21/2015 02:04:15 PM) (Source: Microsoft-Windows-Immersive-Shell)(User: DUNGE-PC)
Description: microsoft.windowscommunicationsapps_8wekyb3d8bbwe!ppleae38af2e007f4358a809ac99a64a67c1-2144927142

Error: (02/21/2015 01:59:25 PM) (Source: Microsoft-Windows-Immersive-Shell)(User: DUNGE-PC)
Description: microsoft.windowscommunicationsapps_8wekyb3d8bbwe!ppleae38af2e007f4358a809ac99a64a67c1-2144927142

Error: (02/21/2015 01:59:25 PM) (Source: Microsoft-Windows-Immersive-Shell)(User: DUNGE-PC)
Description: microsoft.windowscommunicationsapps_8wekyb3d8bbwe!ppleae38af2e007f4358a809ac99a64a67c1-2144927142


CodeIntegrity Errors:
===================================
  Date: 2015-02-22 04:58:13.886
  Description: Code Integrity determined that a process (\Device\HarddiskVolume1\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume1\Program Files\Common Files\microsoft shared\OFFICE15\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2015-02-21 06:13:32.202
  Description: Code Integrity determined that a process (\Device\HarddiskVolume1\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume1\Program Files\Common Files\microsoft shared\OFFICE15\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2015-02-21 05:35:21.585
  Description: Code Integrity determined that a process (\Device\HarddiskVolume1\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume1\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2015-02-21 05:35:21.527
  Description: Code Integrity determined that a process (\Device\HarddiskVolume1\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume1\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2015-02-16 02:44:18.362
  Description: Code Integrity determined that a process (\Device\HarddiskVolume1\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume1\Program Files\Common Files\microsoft shared\OFFICE15\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2015-02-13 02:15:34.197
  Description: Code Integrity determined that a process (\Device\HarddiskVolume1\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume1\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2015-02-13 02:15:34.143
  Description: Code Integrity determined that a process (\Device\HarddiskVolume1\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume1\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2015-02-13 02:15:33.937
  Description: Code Integrity determined that a process (\Device\HarddiskVolume1\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume1\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2015-02-13 02:15:33.883
  Description: Code Integrity determined that a process (\Device\HarddiskVolume1\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume1\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2015-02-13 02:15:33.703
  Description: Code Integrity determined that a process (\Device\HarddiskVolume1\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume1\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.



 Tools for .Net 3.5 (x32 Version: 3.11.50727 - Microsoft Corporation) Hidden
=========================== Installed Programs ============================
A Golden Wake (HKLM-x32\...\1207666213_is1) (Version: 2.0.0.2 - GOG.com)
A.V. (HKLM-x32\...\A.V._is1) (Version: 1.0 - PLAZA)
Adobe Flash Player 16 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 16.0.0.305 - Adobe Systems Incorporated)
Afterfall Reconquest Episode 1 (HKLM-x32\...\Afterfall Reconquest Episode 1_is1) (Version:  - )
Assassin's Creed Unity (HKLM-x32\...\Uplay Install 720) (Version:  - Ubisoft)
Astray (HKLM-x32\...\QXN0cmF5_is1) (Version: 1 - )
ASUS Xonar DX Audio (HKLM-x32\...\{71B53BA8-4BE3-49AF-BC3E-07F392008788}) (Version:   - ASUSTeK Computer Inc.)
AzureTools.Notifications (x32 Version: 2.2.11003.1601 - Microsoft Corporation) Hidden
Behaviors SDK (XAML) for Visual Studio (x32 Version: 12.0.41002.1 - Microsoft Corporation) Hidden
Blackguards 2 (HKLM-x32\...\Blackguards2_is1) (Version: 1.0 - Daedalic Entertainment GmbH)
Blend for Visual Studio 2013 (x32 Version: 12.0.41002.1 - Microsoft Corporation) Hidden
Blend for Visual Studio 2013 ENU resources (x32 Version: 12.0.41002.1 - Microsoft Corporation) Hidden
Blend for Visual Studio SDK for .NET 4.5 (x32 Version: 3.0.40218.0 - Microsoft Corporation) Hidden
Blend for Visual Studio SDK for Silverlight 5 (x32 Version: 3.0.40218.0 - Microsoft Corporation) Hidden
Build Tools - amd64 (Version: 12.0.30110 - Microsoft Corporation) Hidden
Build Tools - x86 (x32 Version: 12.0.30110 - Microsoft Corporation) Hidden
Build Tools Language Resources - amd64 (Version: 12.0.30110 - Microsoft Corporation) Hidden
Build Tools Language Resources - x86 (x32 Version: 12.0.30110 - Microsoft Corporation) Hidden
CPUID CPU-Z 1.70 (HKLM\...\CPUID CPU-Z_is1) (Version:  - )
Dead Rising 3 (HKLM-x32\...\Dead Rising 3_is1) (Version:  - )
Deathtrap (HKLM-x32\...\Deathtrap_is1) (Version:  - NeocoreGames)
Decay: The Mare (HKLM-x32\...\RGVjYXlUaGVNYXJl_is1) (Version: 1 - )
Definition Update for Microsoft Office 2013 (KB2920752) 64-Bit Edition (HKLM\...\{91150000-0011-0000-1000-0000000FF1CE}_Office15.PROPLUSR_{DD8CA28C-FAA8-4BB7-B13B-979FF2E3C44B}) (Version:  - Microsoft)
Dotfuscator and Analytics Community Edition (x32 Version: 5.5.4954.46574 - PreEmptive Solutions) Hidden
Dying Light Update v1.4.0 (HKLM-x32\...\RHlpbmdMaWdodA==_is1) (Version: 1 - )
Entity Framework Tools for Visual Studio 2013 (HKLM-x32\...\{08AEF86A-1956-4846-B906-B01350E96E30}) (Version: 12.0.20912.0 - Microsoft Corporation)
ESET Online Scanner v3 (HKLM-x32\...\ESET Online Scanner) (Version:  - )
Fraps (HKLM-x32\...\Fraps) (Version:  - )
Galaxy Client (HKLM-x32\...\{D6D1DA54-531F-4FA0-B683-CE66ACE3543F}_is1) (Version: 0.1.0.393 - GOG.com)
Game of Thrones A Telltale Games Series (HKLM-x32\...\Game of Thrones A Telltale Games Series_is1) (Version:  - )
Git version 1.9.0-preview20140217 (HKLM-x32\...\Git_is1) (Version: 1.9.0-preview20140217 - The Git Development Community)
Grey Goo (HKLM-x32\...\Grey Goo_is1) (Version:  - )
Grim Fandango Remastered (HKLM-x32\...\Grim Fandango Remastered_is1) (Version:  - )
Grow Home (HKLM-x32\...\R3Jvd0hvbWU=_is1) (Version: 1 - )
Hand of Fate (HKLM-x32\...\Hand of Fate_is1) (Version:  - )
Harold (HKLM-x32\...\Harold_is1) (Version:  - )
HD Tune Pro 5.50 (HKLM-x32\...\HD Tune Pro_is1) (Version:  - EFD Software)
IIS 8.0 Express (HKLM\...\{7BF61FA9-BDFB-4563-98AD-FCB0DA28CCC7}) (Version: 8.0.1557 - Microsoft Corporation)
IIS Express Application Compatibility Database for x64 (HKLM\...\{9f4f4a9b-eec5-4906-92fe-d1f43ccf5c8d}.sdb) (Version:  - )
IIS Express Application Compatibility Database for x86 (HKLM\...\{fdfba1f3-74ae-4255-9c10-a0f552b4610f}.sdb) (Version:  - )
ImgBurn (HKLM-x32\...\ImgBurn) (Version: 2.5.8.0 - LIGHTNING UK!)
Install Finalizer (x32 Version: 2.2.11003.1601 - Microsoft Corporation) Hidden
Intel® Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 9.5.13.1706 - Intel Corporation)
Intel® Network Connections 18.5.54.0 (HKLM\...\PROSetDX) (Version: 18.5.54.0 - Intel)
Intel® Network Connections 18.5.54.0 (Version: 18.5.54.0 - Intel) Hidden
Intel® Rapid Storage Technology (HKLM\...\{409CB30E-E457-4008-9B1A-ED1B9EA21140}) (Version: 12.8.0.1016 - Intel Corporation)
Intel® Rapid Storage Technology (Version: 12.8.0.1016 - Intel Corporation) Hidden
Intel® Trusted Connect Service Client (Version: 1.28.487.1 - Intel Corporation) Hidden
Java 8 Update 20 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86418020F0}) (Version: 8.0.200 - Oracle Corporation)
Java Auto Updater (x32 Version: 2.8.20.26 - Oracle Corporation) Hidden
Java SE Development Kit 8 Update 5 (64-bit) (HKLM\...\{64A3A4F4-B792-11D6-A78A-00B0D0180050}) (Version: 8.0.50 - Oracle Corporation)
JavaScript Tooling (Version: 12.0.30110 - Microsoft Corporation) Hidden
JavaScript Tooling (x32 Version: 12.0.30110 - Microsoft Corporation) Hidden
Joe Devers Lone Wolf HD Remastered (HKLM-x32\...\Joe Devers Lone Wolf HD Remastered_is1) (Version:  - )
Kits Configuration Installer (x32 Version: 8.100.25984 - Microsoft) Hidden
Life Is Strange (HKLM-x32\...\Life Is Strange_is1) (Version:  - SQUARE ENIX)
LocalESPC Dev12 (x32 Version: 8.100.25984 - Microsoft Corporation) Hidden
LocalESPCui for en-us Dev12 (x32 Version: 8.100.25984 - Microsoft) Hidden
Lucius II (HKLM-x32\...\Lucius II_is1) (Version:  - )
Malwarebytes Anti-Malware version 2.0.4.1028 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.4.1028 - Malwarebytes Corporation)
Microsoft .NET Framework 4 Multi-Targeting Pack (x32 Version: 4.0.30319 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4.5 Multi-Targeting Pack (HKLM-x32\...\{56E962F0-4FB0-3C67-88DB-9EAA6EEFC493}) (Version: 4.5.50710 - Microsoft Corporation)
Microsoft .NET Framework 4.5 SDK (HKLM-x32\...\{4AE57014-05C4-4864-A13D-86517A7E1BA4}) (Version: 4.5.50710 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 Multi-Targeting Pack (ENU) (HKLM-x32\...\{D3517C62-68A5-37CF-92F7-93C029A89681}) (Version: 4.5.50932 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 Multi-Targeting Pack (HKLM-x32\...\{6A0C6700-EA93-372C-8871-DCCF13D160A4}) (Version: 4.5.50932 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 RC Multi-Targeting Pack for Windows Store Apps (ENU) (x32 Version: 4.5.21005 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4.5.1 RC Multi-Targeting Pack for Windows Store Apps (x32 Version: 4.5.21005 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4.5.1 SDK (HKLM-x32\...\{19A5926D-66E1-46FC-854D-163AA10A52D3}) (Version: 4.5.51641 - Microsoft Corporation)
Microsoft Access MUI (French) 2013 (Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
Microsoft Advertising SDK for Windows 8.1 - ENU (x32 Version: 8.1.30809.0 - Microsoft Corporation) Hidden
Microsoft Advertising Service Extension for Visual Studio (x32 Version: 12.0.30809.0 - Microsoft Corporation) Hidden
Microsoft ASP.NET and Web Tools 2013.1 - Visual Studio 2013 (HKLM-x32\...\{FFE80EFF-EDAB-4E36-9A35-76A9EA1561FB}) (Version: 2.1.41009.0 - Microsoft Corporation)
Microsoft ASP.NET MVC 4 - Visual Studio 2013 - ENU (x32 Version: 4.1.21001.0 - Microsoft Corporation) Hidden
Microsoft ASP.NET MVC 4 Runtime (HKLM-x32\...\{3FE312D5-B862-40CE-8E4E-A6D8ABF62736}) (Version: 4.0.40804.0 - Microsoft Corporation)
Microsoft ASP.NET Web Frameworks and Tools - Visual Studio 2013 - ENU (x32 Version: 5.0.11213.0 - Microsoft Corporation) Hidden
Microsoft ASP.NET Web Pages 2 - Visual Studio 2013 - ENU (x32 Version: 4.1.21001.0 - Microsoft Corporation) Hidden
Microsoft ASP.NET Web Pages 2 Runtime (x32 Version: 2.0.20716.0 - Microsoft Corporation) Hidden
Microsoft C++ Azure Mobile SDK for Visual Studio 2013 (x32 Version: 1.0 - Microsoft Corporation) Hidden
Microsoft C++ REST SDK for Visual Studio 2013 (x32 Version: 1.0 - Microsoft Corporation) Hidden
Microsoft DCF MUI (French) 2013 (Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
Microsoft Excel MUI (French) 2013 (Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
Microsoft Exchange Web Services Managed API 2.1 (HKLM-x32\...\{24CA683D-8174-4EBF-AD4D-3F2DD7814716}) (Version: 15.0.847.30 - Microsoft Corporation)
Microsoft Expression Blend SDK for .NET 4 (x32 Version: 2.0.20525.0 - Microsoft Corporation) Hidden
Microsoft Groove MUI (French) 2013 (Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
Microsoft Help Viewer 2.1 (HKLM-x32\...\Microsoft Help Viewer 2.1) (Version: 2.1.21005 - Microsoft Corporation)
Microsoft Help Viewer 2.1 (x32 Version: 2.1.21005 - Microsoft Corporation) Hidden
Microsoft Identity Extensions (Version: 2.0.1459.0 - Microsoft Corporation) Hidden
Microsoft InfoPath MUI (French) 2013 (Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
Microsoft LightSwitch for Visual Studio 2013 Core (x32 Version: 12.0.30225 - Microsoft Corporation) Hidden
Microsoft LightSwitch for Visual Studio 2013 CoreRes - ENU (x32 Version: 12.0.30225 - Microsoft Corporation) Hidden
Microsoft LightSwitch for Visual Studio 2013 v4.5 Tools (x32 Version: 12.0.30225 - Microsoft Corporation) Hidden
Microsoft LightSwitch for Visual Studio 2013 v4.5 ToolsRes - ENU (x32 Version: 12.0.30225 - Microsoft Corporation) Hidden
Microsoft LightSwitch v4.5 SDK (x32 Version: 12.0.30225 - Microsoft Corporation) Hidden
Microsoft Lync MUI (French) 2013 (Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
Microsoft NuGet - Visual Studio 2013 (x32 Version: 2.7.41101.371 - Microsoft Corporation) Hidden
Microsoft Office 2013 Developer Tools for Microsoft Visual Studio (x64) - ENU Language Pack (Version: 12.0.30225 - Microsoft Corporation) Hidden
Microsoft Office 2013 Developer Tools for Microsoft Visual Studio (x64) (Version: 12.0.30225 - Microsoft Corporation) Hidden
Microsoft Office 32-bit Components 2013 (Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
Microsoft Office Developer Tools for Visual Studio 2013 - March 2014 Update (HKLM-x32\...\{b9a142c4-c707-417c-8025-1ced2b024004}) (Version: 12.0.30225.0 - Microsoft Corporation)
Microsoft Office Korrekturhilfen 2013 - Deutsch (Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
Microsoft Office OSM MUI (French) 2013 (Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
Microsoft Office OSM UX MUI (French) 2013 (Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
Microsoft Office Professional Plus 2013 (Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
Microsoft Office Professionnel Plus 2013 (HKLM\...\Office15.PROPLUSR) (Version: 15.0.4569.1506 - Microsoft Corporation)
Microsoft Office Proofing (French) 2013 (Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
Microsoft Office Proofing Tools 2013 - English (Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
Microsoft Office Proofing Tools 2013 - Español (Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
Microsoft Office Proofing Tools 2013 - Nederlands (Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
Microsoft Office Proofing Tools 2013 - ????? ??????? (Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
Microsoft Office Shared 32-bit MUI (French) 2013 (Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
Microsoft Office Shared MUI (French) 2013 (Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
Microsoft OneNote MUI (French) 2013 (Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
Microsoft Outlook MUI (French) 2013 (Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
Microsoft Portable Library Multi-Targeting Pack (x32 Version: 12.0.21005.01 - Microsoft Corporation) Hidden
Microsoft Portable Library Multi-Targeting Pack Language Pack - enu (x32 Version: 12.0.21005.01 - Microsoft Corporation) Hidden
Microsoft PowerPoint MUI (French) 2013 (Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
Microsoft Publisher MUI (French) 2013 (Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
Microsoft Report Viewer Add-On for Visual Studio 2013 (x32 Version: 11.1.3366.16 - Microsoft Corporation) Hidden
Microsoft SharePoint 2013 Developer Tools for Visual Studio (x32 Version: 12.0.30225 - Microsoft Corporation) Hidden
Microsoft SharePoint 2013 Developer Tools for Visual Studio 2012 Nuget Package (x32 Version: 12.0.30225 - Microsoft Corporation) Hidden
Microsoft SharePoint 2013 Developer Tools for Visual Studio ENU Language Pack (x32 Version: 12.0.30225 - Microsoft Corporation) Hidden
Microsoft SharePoint 2013 Developer Tools for Visual Studio Finalizer (x32 Version: 12.0.30225 - Microsoft Corporation) Hidden
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.31211.0 - Microsoft Corporation)
Microsoft Silverlight 5 SDK (HKLM-x32\...\{E1FBB3D4-ADB0-4949-B101-855DA061C735}) (Version: 5.0.61118.0 - Microsoft Corporation)
Microsoft SQL Server 2012 Command Line Utilities  (HKLM\...\{58FED865-4F13-408D-A5BF-996019C4B936}) (Version: 11.1.3000.0 - Microsoft Corporation)
Microsoft SQL Server 2012 Data-Tier App Framework  (HKLM-x32\...\{1B876496-B3A2-4D22-9B12-B608A3FD4B8B}) (Version: 11.1.2902.0 - Microsoft Corporation)
Microsoft SQL Server 2012 Data-Tier App Framework  (x64) (HKLM\...\{A6BA243E-85A3-4635-A269-32949C98AC7F}) (Version: 11.1.2902.0 - Microsoft Corporation)
Microsoft SQL Server 2012 Express LocalDB  (HKLM\...\{6C026A91-640F-4A23-8B68-05D589CC6F18}) (Version: 11.1.3000.0 - Microsoft Corporation)
Microsoft SQL Server 2012 Management Objects  (HKLM-x32\...\{2F7DBBE6-8EBC-495C-9041-46A772F4E311}) (Version: 11.1.3000.0 - Microsoft Corporation)
Microsoft SQL Server 2012 Management Objects  (x64) (HKLM\...\{43A5C316-9521-49C3-B9B6-FCE5E1005DF0}) (Version: 11.1.3000.0 - Microsoft Corporation)
Microsoft SQL Server 2012 Native Client  (HKLM\...\{D411E9C9-CE62-4DBF-9D92-4CB22B750ED5}) (Version: 11.1.3000.0 - Microsoft Corporation)
Microsoft SQL Server 2012 Transact-SQL ScriptDom  (HKLM\...\{54C5041B-0E91-4E92-8417-AAA12493C790}) (Version: 11.1.3000.0 - Microsoft Corporation)
Microsoft SQL Server 2012 T-SQL Language Service  (HKLM-x32\...\{04DD7AF4-A6D3-4E30-9BB9-3B3670719234}) (Version: 11.1.3000.0 - Microsoft Corporation)
Microsoft SQL Server Compact 4.0 SP1 x64 ENU (HKLM\...\{78909610-D229-459C-A936-25D92283D3FD}) (Version: 4.0.8876.1 - Microsoft Corporation)
Microsoft SQL Server Data Tools - enu (12.0.30919.1) (HKLM-x32\...\{0D7FCBFB-F478-4D32-901C-83F0BF5A3501}) (Version: 12.0.30919.1 - Microsoft Corporation)
Microsoft SQL Server Data Tools Build Utilities - enu (12.0.30919.1) (HKLM-x32\...\{6781FF9B-E87D-4A03-9373-A55A288B83FA}) (Version: 12.0.30919.1 - Microsoft Corporation)
Microsoft SQL Server System CLR Types (HKLM-x32\...\{A47FD1BF-A815-4A76-BE65-53A15BD5D25D}) (Version: 10.50.1600.1 - Microsoft Corporation)
Microsoft SQL Server System CLR Types (x64) (HKLM\...\{4701DEDE-1888-49E0-BAE5-857875924CA2}) (Version: 10.50.1600.1 - Microsoft Corporation)
Microsoft System CLR Types for SQL Server 2012 (HKLM-x32\...\{070C38AC-05CE-43DF-9A20-141332F6AB2B}) (Version: 11.1.3366.16 - Microsoft Corporation)
Microsoft System CLR Types for SQL Server 2012 (x64) (HKLM\...\{05FF8209-C4F1-4C77-BC28-791653156D20}) (Version: 11.1.3366.16 - Microsoft Corporation)
Microsoft Team Foundation Server 2013 Object Model (x64) (Version: 12.0.21005 - Microsoft Corporation) Hidden
Microsoft Team Foundation Server 2013 Object Model Language Pack (x64) - ENU (Version: 12.0.21005 - Microsoft Corporation) Hidden
Microsoft Visual C++  ARM Libraries (x32 Version: 12.0.21005 - Microsoft Corporation) Hidden
Microsoft Visual C++  x64 Libraries (x32 Version: 12.0.21005 - Microsoft Corporation) Hidden
Microsoft Visual C++  x64 Native Compilers - ENU Resources (x32 Version: 12.0.21005 - Microsoft Corporation) Hidden
Microsoft Visual C++  x64 Native Compilers (x32 Version: 12.0.21005 - Microsoft Corporation) Hidden
Microsoft Visual C++  x64-arm Cross Compilers - ENU Resources (x32 Version: 12.0.21005 - Microsoft Corporation) Hidden
Microsoft Visual C++  x64-arm Cross Compilers (x32 Version: 12.0.21005 - Microsoft Corporation) Hidden
Microsoft Visual C++  x64-x86 Cross Compilers - ENU Resources (x32 Version: 12.0.21005 - Microsoft Corporation) Hidden
Microsoft Visual C++  x64-x86 Cross Compilers (x32 Version: 12.0.21005 - Microsoft Corporation) Hidden
Microsoft Visual C++  x86 Libraries (x32 Version: 12.0.21005 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 x64 Additional Runtime - 11.0.61030 (Version: 11.0.61030 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x64 Minimum Runtime - 11.0.61030 (Version: 11.0.61030 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x86 Additional Runtime - 11.0.61030 (x32 Version: 11.0.61030 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x86 Minimum Runtime - 11.0.61030 (x32 Version: 11.0.61030 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2013  x64 Designtime - 12.0.21005 (Version: 12.0.21005 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2013 32bit Compilers - ENU Resources (x32 Version: 12.0.21005 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2013 Compilers - ENU Resources (x32 Version: 12.0.21005 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2013 Compilers (x32 Version: 12.0.21005 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2013 Core Libraries (x32 Version: 12.0.21005 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2013 Extended Libraries (x32 Version: 12.0.21005 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2013 Microsoft Foundation Class Libraries (x32 Version: 12.0.21005 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2013 x64 Additional Runtime - 12.0.21005 (Version: 12.0.21005 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2013 x64 Debug Runtime - 12.0.21005 (Version: 12.0.21005 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2013 x64 Minimum Runtime - 12.0.21005 (Version: 12.0.21005 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2013 x86 Additional Runtime - 12.0.21005 (x32 Version: 12.0.21005 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2013 x86 Debug Runtime - 12.0.21005 (x32 Version: 12.0.21005 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2013 x86 Minimum Runtime - 12.0.21005 (x32 Version: 12.0.21005 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2013 x86-x64 Compilers (x32 Version: 12.0.21005 - Microsoft Corporation) Hidden
Microsoft Visual F# 3.1.1 (HKLM-x32\...\{51ba05a7-5d20-41ad-9ec8-6a4005faed87}) (Version: 12.0.30110.0 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (Version: 10.0.50908 - Microsoft Corporation) Hidden
Microsoft Visual Studio 2013 Devenv (x32 Version: 12.0.21005 - Microsoft Corporation) Hidden
Microsoft Visual Studio 2013 Devenv Resources (x32 Version: 12.0.21005 - Microsoft Corporation) Hidden
Microsoft Visual Studio 2013 IntelliTrace Core amd64 (Version: 12.0.30110 - Microsoft Corporation) Hidden
Microsoft Visual Studio 2013 IntelliTrace Core x86 (x32 Version: 12.0.30110 - Microsoft Corporation) Hidden
Microsoft Visual Studio 2013 IntelliTrace Front End x86 (x32 Version: 12.0.30110 - Microsoft Corporation) Hidden
Microsoft Visual Studio 2013 Performance Collection Tools - ENU (Version: 12.0.21005 - Microsoft Corporation) Hidden
Microsoft Visual Studio 2013 Performance Collection Tools (Version: 12.0.21005 - Microsoft Corporation) Hidden
Microsoft Visual Studio 2013 Preparation (x32 Version: 12.0.21005 - Microsoft Corporation) Hidden
Microsoft Visual Studio 2013 Preparation (x32 Version: 12.0.30110 - Microsoft Corporation) Hidden
Microsoft Visual Studio 2013 Profiling Tools (x32 Version: 12.0.21005 - Microsoft Corporation) Hidden
Microsoft Visual Studio 2013 Shell (Minimum) (x32 Version: 12.0.21005 - Microsoft Corporation) Hidden
Microsoft Visual Studio 2013 Shell (Minimum) Interop Assemblies (x32 Version: 12.0.21005 - Microsoft Corporation) Hidden
Microsoft Visual Studio 2013 Shell (Minimum) Resources (x32 Version: 12.0.21005 - Microsoft Corporation) Hidden
Microsoft Visual Studio 2013 Team Explorer Language Pack - ENU (x32 Version: 12.0.21005 - Microsoft Corporation) Hidden
Microsoft Visual Studio 2013 VsGraphics Helper Dependencies (Version: 12.0.21005 - Microsoft Corporation) Hidden
Microsoft Visual Studio Premium 2013 - ENU (x32 Version: 12.0.21005 - Microsoft Corporation) Hidden
Microsoft Visual Studio Premium 2013 (x32 Version: 12.0.21005 - Microsoft Corporation) Hidden
Microsoft Visual Studio Professional 2013 - ENU (x32 Version: 12.0.21005 - Microsoft Corporation) Hidden
Microsoft Visual Studio Professional 2013 (x32 Version: 12.0.21005 - Microsoft Corporation) Hidden
Microsoft Visual Studio Team Foundation Server 2013 Storyboarding (x64) (Version: 12.0.21005 - Microsoft Corporation) Hidden
Microsoft Visual Studio Team Foundation Server 2013 Storyboarding Language Pack (x64) - ENU (Version: 12.0.21005 - Microsoft Corporation) Hidden
Microsoft Visual Studio Ultimate 2013 - ENU (x32 Version: 12.0.21005 - Microsoft Corporation) Hidden
Microsoft Visual Studio Ultimate 2013 (HKLM-x32\...\{cd09eea6-d0b3-4246-bb80-e047ceadf61f}) (Version: 12.0.21005.13 - Microsoft Corporation)
Microsoft Visual Studio Ultimate 2013 (x32 Version: 12.0.21005 - Microsoft Corporation) Hidden
Microsoft Visual Studio Ultimate 2013 XAML UI Designer chs Resources (x32 Version: 12.0.30110 - Microsoft Corporation) Hidden
Microsoft Visual Studio Ultimate 2013 XAML UI Designer cht Resources (x32 Version: 12.0.30110 - Microsoft Corporation) Hidden
Microsoft Visual Studio Ultimate 2013 XAML UI Designer Core (x32 Version: 12.0.30110 - Microsoft Corporation) Hidden
Microsoft Visual Studio Ultimate 2013 XAML UI Designer csy Resources (x32 Version: 12.0.30110 - Microsoft Corporation) Hidden
Microsoft Visual Studio Ultimate 2013 XAML UI Designer deu Resources (x32 Version: 12.0.30110 - Microsoft Corporation) Hidden
Microsoft Visual Studio Ultimate 2013 XAML UI Designer enu Resources (x32 Version: 12.0.30110 - Microsoft Corporation) Hidden
Microsoft Visual Studio Ultimate 2013 XAML UI Designer esn Resources (x32 Version: 12.0.30110 - Microsoft Corporation) Hidden
Microsoft Visual Studio Ultimate 2013 XAML UI Designer ita Resources (x32 Version: 12.0.30110 - Microsoft Corporation) Hidden
Microsoft Visual Studio Ultimate 2013 XAML UI Designer jpn Resources (x32 Version: 12.0.30110 - Microsoft Corporation) Hidden
Microsoft Visual Studio Ultimate 2013 XAML UI Designer kor Resources (x32 Version: 12.0.30110 - Microsoft Corporation) Hidden
Microsoft Visual Studio Ultimate 2013 XAML UI Designer plk Resources (x32 Version: 12.0.30110 - Microsoft Corporation) Hidden
Microsoft Visual Studio Ultimate 2013 XAML UI Designer ptb Resources (x32 Version: 12.0.30110 - Microsoft Corporation) Hidden
Microsoft Visual Studio Ultimate 2013 XAML UI Designer rus Resources (x32 Version: 12.0.30110 - Microsoft Corporation) Hidden
Microsoft Visual Studio Ultimate 2013 XAML UI Designer trk Resources (x32 Version: 12.0.30110 - Microsoft Corporation) Hidden
Microsoft Visual Studio Ultimate 2013 XAML UI Designer fra Resources (x32 Version: 12.0.30110 - Microsoft Corporation) Hidden
Microsoft Web Deploy 3.5 (HKLM\...\{3674F088-9B90-473A-AAC3-20A00D8D810C}) (Version: 3.1237.1762 - Microsoft Corporation)
Microsoft Web Platform Installer 4.6 (HKLM\...\{16C7D2AD-20CA-491E-80BC-8607A9AACED9}) (Version: 4.0.40719.0 - Microsoft Corporation)
Microsoft Word MUI (French) 2013 (Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
Microsoft XNA Framework Redistributable 4.0 (HKLM-x32\...\{2BFC7AA0-544C-4E3A-8796-67F3BE655BE9}) (Version: 4.0.20823.0 - Microsoft Corporation)
Morningstar (HKLM-x32\...\Morningstar_is1) (Version:  - )
Mozilla Firefox 35.0.1 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 35.0.1 (x86 en-US)) (Version: 35.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 34.0.5 - Mozilla)
MSI Afterburner 4.0.0 (HKLM-x32\...\Afterburner) (Version: 4.0.0 - MSI Co., LTD)
My Game Long Name (HKLM\...\UDK-25312392-7483-4546-8a2d-25baf9369d24) (Version:  - Epic Games, Inc.)
Notepad++ (HKLM-x32\...\Notepad++) (Version: 6.6.9 - Notepad++ Team)
NVIDIA 3D Vision Controller Driver 347.09 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB) (Version: 347.09 - NVIDIA Corporation)
NVIDIA 3D Vision Driver 347.52 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 347.52 - NVIDIA Corporation)
NVIDIA Control Panel 347.52 (Version: 347.52 - NVIDIA Corporation) Hidden
NVIDIA GeForce Experience 2.1.3 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 2.1.3 - NVIDIA Corporation)
NVIDIA GeForce Experience Service (Version: 16.13.56 - NVIDIA Corporation) Hidden
NVIDIA Graphics Driver 347.52 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 347.52 - NVIDIA Corporation)
NVIDIA HD Audio Driver 1.3.33.0 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.33.0 - NVIDIA Corporation)
NVIDIA Install Application (Version: 2.1002.173.1392 - NVIDIA Corporation) Hidden
NVIDIA LED Visualizer 1.0 (Version: 1.0 - NVIDIA Corporation) Hidden
NVIDIA Miracast Virtual Audio 347.52 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Miracast.VirtualAudio) (Version: 347.52 - NVIDIA Corporation)
NVIDIA Network Service (Version: 2.0 - NVIDIA Corporation) Hidden
NVIDIA PhysX (x32 Version: 9.14.0702 - NVIDIA Corporation) Hidden
NVIDIA PhysX System Software 9.14.0702 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.14.0702 - NVIDIA Corporation)
NVIDIA ShadowPlay 16.13.56 (Version: 16.13.56 - NVIDIA Corporation) Hidden
NVIDIA Stereoscopic 3D Driver (x32 Version: 7.17.12.6514 - NVIDIA Corporation) Hidden
NVIDIA Update 16.13.56 (Version: 16.13.56 - NVIDIA Corporation) Hidden
NVIDIA Update Core (Version: 16.13.56 - NVIDIA Corporation) Hidden
NVIDIA Virtual Audio 1.2.25 (Version: 1.2.25 - NVIDIA Corporation) Hidden
Open XML SDK 2.5 for Microsoft Office (x32 Version: 2.5.5631 - Microsoft Corporation) Hidden
OpenAL (HKLM-x32\...\OpenAL) (Version:  - )
Origin (HKLM-x32\...\Origin) (Version: 9.4.22.2815 - Electronic Arts, Inc.)
Outils de vérification linguistique 2013 de Microsoft Office - Français (Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
Pixel Boy and the Ever Expanding Dungeon (HKLM-x32\...\Pixel Boy and the Ever Expanding Dungeon_is1) (Version:  - )
PKR (HKLM-x32\...\PKR) (Version:  - PKR Ltd)
PreEmptive Analytics Visual Studio Components (x32 Version: 1.2.3197.1 - PreEmptive Solutions) Hidden
Prehistorik (HKLM-x32\...\Prehistorik_is1) (Version:  - )
Prerequisites for SSDT  (HKLM-x32\...\{35C1D9D6-87C0-46A3-B1B4-EDBCC063221C}) (Version: 11.1.3000.0 - Microsoft Corporation)
Python Tools Redirection Template (x32 Version: 1.1 - Microsoft Corporation) Hidden
qBittorrent 3.1.11 (HKLM-x32\...\qBittorrent) (Version: 3.1.11 - The qBittorrent project)
Ravens Cry (HKLM-x32\...\Ravens Cry_is1) (Version:  - )
REVOLVER360 RE:ACTOR (HKLM-x32\...\REVOLVER360 RE:ACTOR_is1) (Version:  - )
RivaTuner Statistics Server 6.2.0 (HKLM-x32\...\RTSS) (Version: 6.2.0 - Unwinder)
Saints Row: Gat out of Hell (HKLM-x32\...\U2FpbnRzUm93R2F0b3V0b2ZIZWxs_is1) (Version: 1 - )
SDK Debuggers (x32 Version: 8.100.26629 - Microsoft Corporation) Hidden
Service Pack 1 for Microsoft Office 2013 (KB2850036) 64-Bit Edition (HKLM\...\{91150000-0011-0000-1000-0000000FF1CE}_Office15.PROPLUSR_{D82063A8-7C8C-4C3B-A9BB-95138CA55D26}) (Version:  - Microsoft)
Service Pack 1 for Microsoft Office 2013 (KB2850036) 64-Bit Edition (Version:  - Microsoft) Hidden
Shadows: Heretic Kingdoms (HKLM-x32\...\Shadows: Heretic Kingdoms_is1) (Version:  - bitComposer Games)
SharePoint Client Components (HKLM\...\{95150002-1163-0409-1000-0000000FF1CE}) (Version: 15.0.4569.1506 - Microsoft Corporation)
SharePoint Client Components (HKLM\...\{95160001-1163-0409-1000-0000000FF1CE}) (Version: 16.0.2617.1200 - Microsoft Corporation)
SHIELD Streaming (Version: 3.1.1000 - NVIDIA Corporation) Hidden
SHIELD Wireless Controller Driver (Version: 16.13.56 - NVIDIA Corporation) Hidden
SixaxisPairTool 0.3.0 (HKLM-x32\...\SixaxisPairTool_is1) (Version: 0.3.0 - Dancing Pixel Studios)
Skype™ 7.0 (HKLM-x32\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 7.0.102 - Skype Technologies S.A.)
Sophos Virus Removal Tool (HKLM-x32\...\{B829E117-D072-41EA-9606-9826A38D34C1}) (Version: 2.5.4 - Sophos Limited)
Space Run (HKLM-x32\...\Space Run_is1) (Version:  - Focus Home Interactive)
Stay Dead Evolution (HKLM-x32\...\Stay Dead Evolution_is1) (Version:  - )
Steam (HKLM-x32\...\Steam) (Version:  - Valve Corporation)
Styx: Master of Shadows Update v1.02 (HKLM-x32\...\U3R5eE1hc3Rlcm9mU2hhZG93cw==_is1) (Version: 1 - )
Supreme League of Patriots Episode 1 (HKLM-x32\...\1422357636_is1) (Version: 2.0.0.1 - GOG.com)
Supreme League of Patriots Episode 2 (HKLM-x32\...\1422357706_is1) (Version: 2.0.0.1 - GOG.com)
Supreme League of Patriots Episode 3 (HKLM-x32\...\1422357761_is1) (Version: 2.0.0.1 - GOG.com)
Team Explorer for Microsoft Visual Studio 2013 (x32 Version: 12.0.21005 - Microsoft Corporation) Hidden
Tengami (HKLM-x32\...\VGVuZ2FtaQ==_is1) (Version: 1 - )
The Book of Unwritten Tales 2 version 1.0.0 DISC (HKLM-x32\...\The Book of Unwritten Tales 2_is1) (Version: 1.0.0 DISC - Nordic Games GmbH)
TortoiseGit 1.8.7.0 (64 bit) (HKLM\...\{B7307613-51D1-40EA-80CD-4A5A71CC657B}) (Version: 1.8.7.0 - TortoiseGit)
Trillian (HKLM-x32\...\Trillian) (Version:  - Cerulean Studios, LLC)
UltraISO Premium V9.61 (HKLM-x32\...\UltraISO_is1) (Version:  - )
Uninstall Finalizer (x32 Version: 2.2.11003.1601 - Microsoft Corporation) Hidden
Update for  (KB2504637) (HKLM-x32\...\{CFEF48A8-BFB8-3EAC-8BA5-DE4F8AA267CE}.KB2504637) (Version: 1 - Microsoft Corporation)
Update for Microsoft Access 2013 (KB2910930) 64-Bit Edition (HKLM\...\{90150000-0015-040C-1000-0000000FF1CE}_Office15.PROPLUSR_{ED7FE277-965E-4812-8E2F-16D3D49AD03B}) (Version:  - Microsoft)
Update for Microsoft Access 2013 (KB2910930) 64-Bit Edition (HKLM\...\{91150000-0011-0000-1000-0000000FF1CE}_Office15.PROPLUSR_{ED7FE277-965E-4812-8E2F-16D3D49AD03B}) (Version:  - Microsoft)
Update for Microsoft Lync 2013 (KB2881083) 64-Bit Edition (HKLM\...\{90150000-012B-040C-1000-0000000FF1CE}_Office15.PROPLUSR_{9FFC03DB-B8EE-496C-AD75-BB9B580A76E2}) (Version:  - Microsoft)
Update for Microsoft Lync 2013 (KB2920744) 64-Bit Edition (HKLM\...\{90150000-00C1-0000-1000-0000000FF1CE}_Office15.PROPLUSR_{3E5BE283-3216-4578-94BF-3FC62AC7F64F}) (Version:  - Microsoft)
Update for Microsoft Lync 2013 (KB2920744) 64-Bit Edition (HKLM\...\{90150000-012B-040C-1000-0000000FF1CE}_Office15.PROPLUSR_{3E5BE283-3216-4578-94BF-3FC62AC7F64F}) (Version:  - Microsoft)
Update for Microsoft Lync 2013 (KB2920744) 64-Bit Edition (HKLM\...\{91150000-0011-0000-1000-0000000FF1CE}_Office15.PROPLUSR_{3E5BE283-3216-4578-94BF-3FC62AC7F64F}) (Version:  - Microsoft)
Update for Microsoft Office 2013 (KB2760249) 64-Bit Edition (HKLM\...\{91150000-0011-0000-1000-0000000FF1CE}_Office15.PROPLUSR_{7A4AB8E1-C091-4BD3-B308-844BA6EE752A}) (Version:  - Microsoft)
Update for Microsoft Office 2013 (KB2760344) 64-Bit Edition (HKLM\...\{91150000-0011-0000-1000-0000000FF1CE}_Office15.PROPLUSR_{EF77B4A6-DFEC-4010-A87D-9B6BF87FABEC}) (Version:  - Microsoft)
Update for Microsoft Office 2013 (KB2760371) 64-Bit Edition (HKLM\...\{91150000-0011-0000-1000-0000000FF1CE}_Office15.PROPLUSR_{25DEA344-FF6F-41BD-B88F-5242BB8E80E1}) (Version:  - Microsoft)
Update for Microsoft Office 2013 (KB2760544) 64-Bit Edition (HKLM\...\{91150000-0011-0000-1000-0000000FF1CE}_Office15.PROPLUSR_{62857CDD-2985-4939-91BA-19ED0B0031A5}) (Version:  - Microsoft)
Update for Microsoft Office 2013 (KB2768012) 64-Bit Edition (HKLM\...\{91150000-0011-0000-1000-0000000FF1CE}_Office15.PROPLUSR_{0814662C-FD28-4DE0-ACE5-EE50D1D6C8FB}) (Version:  - Microsoft)
Update for Microsoft Office 2013 (KB2827223) 64-Bit Edition (HKLM\...\{90150000-006E-040C-1000-0000000FF1CE}_Office15.PROPLUSR_{A976D761-90AF-42FE-8FEA-898498F38FDB}) (Version:  - Microsoft)
Update for Microsoft Office 2013 (KB2827223) 64-Bit Edition (HKLM\...\{91150000-0011-0000-1000-0000000FF1CE}_Office15.PROPLUSR_{A976D761-90AF-42FE-8FEA-898498F38FDB}) (Version:  - Microsoft)
Update for Microsoft Office 2013 (KB2837654) 64-Bit Edition (HKLM\...\{91150000-0011-0000-1000-0000000FF1CE}_Office15.PROPLUSR_{2147FFF7-71C4-4306-AFE2-1AA7A6025BB1}) (Version:  - Microsoft)
Update for Microsoft Office 2013 (KB2863843) 64-Bit Edition (HKLM\...\{91150000-0011-0000-1000-0000000FF1CE}_Office15.PROPLUSR_{290D80DE-03AB-47EC-9402-108AF4CE4F66}) (Version:  - Microsoft)
Update for Microsoft Office 2013 (KB2880478) 64-Bit Edition (HKLM\...\{91150000-0011-0000-1000-0000000FF1CE}_Office15.PROPLUSR_{8116ED50-F1E7-49E1-9D8D-421497D34B0F}) (Version:  - Microsoft)
Update for Microsoft Office 2013 (KB2880977) 64-Bit Edition (HKLM\...\{91150000-0011-0000-1000-0000000FF1CE}_Office15.PROPLUSR_{3FF26B00-AC61-487F-B03B-5D83415C5408}) (Version:  - Microsoft)
Update for Microsoft Office 2013 (KB2881001) 64-Bit Edition (HKLM\...\{91150000-0011-0000-1000-0000000FF1CE}_Office15.PROPLUSR_{DF1B7B95-4A86-4605-A628-556394B5580A}) (Version:  - Microsoft)
Update for Microsoft Office 2013 (KB2881035) 64-Bit Edition (HKLM\...\{90150000-0016-040C-1000-0000000FF1CE}_Office15.PROPLUSR_{885C981B-F1E3-430A-A099-31CA9D28C251}) (Version:  - Microsoft)
Update for Microsoft Office 2013 (KB2881035) 64-Bit Edition (HKLM\...\{90150000-0090-040C-1000-0000000FF1CE}_Office15.PROPLUSR_{885C981B-F1E3-430A-A099-31CA9D28C251}) (Version:  - Microsoft)
Update for Microsoft Office 2013 (KB2881035) 64-Bit Edition (HKLM\...\{91150000-0011-0000-1000-0000000FF1CE}_Office15.PROPLUSR_{885C981B-F1E3-430A-A099-31CA9D28C251}) (Version:  - Microsoft)
Update for Microsoft Office 2013 (KB2883036) 64-Bit Edition (HKLM\...\{91150000-0011-0000-1000-0000000FF1CE}_Office15.PROPLUSR_{E919ACF4-A1D7-4CAA-A103-5EB115563721}) (Version:  - Microsoft)
Update for Microsoft Office 2013 (KB2883095) 64-Bit Edition (HKLM\...\{91150000-0011-0000-1000-0000000FF1CE}_Office15.PROPLUSR_{EADBF225-163E-406B-B11A-26ECCCAB5A0E}) (Version:  - Microsoft)
Update for Microsoft Office 2013 (KB2889846) 64-Bit Edition (HKLM\...\{91150000-0011-0000-1000-0000000FF1CE}_Office15.PROPLUSR_{94303C15-A3C4-4A5A-9763-B63726F9DDEC}) (Version:  - Microsoft)
Update for Microsoft Office 2013 (KB2899498) 64-Bit Edition (HKLM\...\{90150000-0016-040C-1000-0000000FF1CE}_Office15.PROPLUSR_{D7FAA622-6BCF-4EDF-8C34-A48E1838D57B}) (Version:  - Microsoft)
Update for Microsoft Office 2013 (KB2899498) 64-Bit Edition (HKLM\...\{91150000-0011-0000-1000-0000000FF1CE}_Office15.PROPLUSR_{D7FAA622-6BCF-4EDF-8C34-A48E1838D57B}) (Version:  - Microsoft)
Update for Microsoft Office 2013 (KB2899522) 64-Bit Edition (HKLM\...\{91150000-0011-0000-1000-0000000FF1CE}_Office15.PROPLUSR_{A4E88D96-814F-4183-8DB2-BA3EC2B7E434}) (Version:  - Microsoft)
Update for Microsoft Office 2013 (KB2910921) 64-Bit Edition (HKLM\...\{90150000-006E-040C-1000-0000000FF1CE}_Office15.PROPLUSR_{B4D575C6-32FA-403E-B84F-F67BCA3E94CE}) (Version:  - Microsoft)
Update for Microsoft Office 2013 (KB2910921) 64-Bit Edition (HKLM\...\{90150000-00C1-0000-1000-0000000FF1CE}_Office15.PROPLUSR_{B4D575C6-32FA-403E-B84F-F67BCA3E94CE}) (Version:  - Microsoft)
Update for Microsoft Office 2013 (KB2910921) 64-Bit Edition (HKLM\...\{91150000-0011-0000-1000-0000000FF1CE}_Office15.PROPLUSR_{B4D575C6-32FA-403E-B84F-F67BCA3E94CE}) (Version:  - Microsoft)
Update for Microsoft Office 2013 (KB2920735) 64-Bit Edition (HKLM\...\{91150000-0011-0000-1000-0000000FF1CE}_Office15.PROPLUSR_{31BC612F-D234-47E7-A9BA-6EEE1F86B42F}) (Version:  - Microsoft)
Update for Microsoft Office 2013 (KB2920740) 64-Bit Edition (HKLM\...\{90150000-001F-0401-1000-0000000FF1CE}_Office15.PROPLUSR_{7CF3F7A0-CC2E-4012-9372-7C1BDC07B2A9}) (Version:  - Microsoft)
Update for Microsoft Office 2013 (KB2920740) 64-Bit Edition (HKLM\...\{90150000-001F-0407-1000-0000000FF1CE}_Office15.PROPLUSR_{BCD6070B-4F70-454A-8BD3-A0D874D3E861}) (Version:  - Microsoft)
Update for Microsoft Office 2013 (KB2920740) 64-Bit Edition (HKLM\...\{90150000-001F-0409-1000-0000000FF1CE}_Office15.PROPLUSR_{04740595-CBB6-43F2-8C73-736600D41ADD}) (Version:  - Microsoft)
Update for Microsoft Office 2013 (KB2920740) 64-Bit Edition (HKLM\...\{90150000-001F-040C-1000-0000000FF1CE}_Office15.PROPLUSR_{73100196-0C9D-4465-9DF7-8B437AC380EA}) (Version:  - Microsoft)
Update for Microsoft Office 2013 (KB2920740) 64-Bit Edition (HKLM\...\{90150000-001F-0413-1000-0000000FF1CE}_Office15.PROPLUSR_{C252253B-F7D8-4B73-B13A-0E6A03486004}) (Version:  - Microsoft)
Update for Microsoft Office 2013 (KB2920740) 64-Bit Edition (HKLM\...\{90150000-001F-0C0A-1000-0000000FF1CE}_Office15.PROPLUSR_{E0C1DB0B-BAD1-49FE-A20F-2F39969EE1EF}) (Version:  - Microsoft)
Update for Microsoft Office 2013 (KB2920742) 64-Bit Edition (HKLM\...\{91150000-0011-0000-1000-0000000FF1CE}_Office15.PROPLUSR_{A86306A9-993A-4B17-A3E2-ED9E6ADA2285}) (Version:  - Microsoft)
Update for Microsoft Office 2013 (KB2920745) 64-Bit Edition (HKLM\...\{90150000-00C1-0000-1000-0000000FF1CE}_Office15.PROPLUSR_{2228A0A3-3737-4E2B-8ED6-7713D5E76D27}) (Version:  - Microsoft)
Update for Microsoft Office 2013 (KB2920745) 64-Bit Edition (HKLM\...\{91150000-0011-0000-1000-0000000FF1CE}_Office15.PROPLUSR_{2228A0A3-3737-4E2B-8ED6-7713D5E76D27}) (Version:  - Microsoft)
Update for Microsoft Office 2013 (KB2920769) 64-Bit Edition (HKLM\...\{91150000-0011-0000-1000-0000000FF1CE}_Office15.PROPLUSR_{C906EC6B-8610-487F-8528-658FE2575C86}) (Version:  - Microsoft)
Update for Microsoft Office 2013 (KB2920798) 64-Bit Edition (HKLM\...\{90150000-006E-040C-1000-0000000FF1CE}_Office15.PROPLUSR_{E54A479E-936E-4FC0-942D-23E1605FCA34}) (Version:  - Microsoft)
Update for Microsoft Office 2013 (KB2920798) 64-Bit Edition (HKLM\...\{90150000-00C1-0000-1000-0000000FF1CE}_Office15.PROPLUSR_{E54A479E-936E-4FC0-942D-23E1605FCA34}) (Version:  - Microsoft)
Update for Microsoft Office 2013 (KB2920798) 64-Bit Edition (HKLM\...\{91150000-0011-0000-1000-0000000FF1CE}_Office15.PROPLUSR_{E54A479E-936E-4FC0-942D-23E1605FCA34}) (Version:  - Microsoft)
Update for Microsoft Office 2013 (KB2956102) 64-Bit Edition (HKLM\...\{91150000-0011-0000-1000-0000000FF1CE}_Office15.PROPLUSR_{89A83BFE-CB3A-4482-947B-C9D5B12968E2}) (Version:  - Microsoft)
Update for Microsoft OneDrive for Business (KB2920746) 64-Bit Edition (HKLM\...\{90150000-00BA-040C-1000-0000000FF1CE}_Office15.PROPLUSR_{98F3EBD3-07A0-4239-85BB-7DB8A1185CA6}) (Version:  - Microsoft)
Update for Microsoft OneDrive for Business (KB2920746) 64-Bit Edition (HKLM\...\{90150000-00C1-0000-1000-0000000FF1CE}_Office15.PROPLUSR_{98F3EBD3-07A0-4239-85BB-7DB8A1185CA6}) (Version:  - Microsoft)
Update for Microsoft OneDrive for Business (KB2920746) 64-Bit Edition (HKLM\...\{90150000-00C1-040C-1000-0000000FF1CE}_Office15.PROPLUSR_{98F3EBD3-07A0-4239-85BB-7DB8A1185CA6}) (Version:  - Microsoft)
Update for Microsoft OneDrive for Business (KB2920746) 64-Bit Edition (HKLM\...\{91150000-0011-0000-1000-0000000FF1CE}_Office15.PROPLUSR_{98F3EBD3-07A0-4239-85BB-7DB8A1185CA6}) (Version:  - Microsoft)
Update for Microsoft OneNote 2013 (KB2920739) 64-Bit Edition (HKLM\...\{90150000-00A1-040C-1000-0000000FF1CE}_Office15.PROPLUSR_{260C3274-6E83-4EDA-9D35-AD7BA782269D}) (Version:  - Microsoft)
Update for Microsoft OneNote 2013 (KB2920739) 64-Bit Edition (HKLM\...\{90150000-00C1-0000-1000-0000000FF1CE}_Office15.PROPLUSR_{260C3274-6E83-4EDA-9D35-AD7BA782269D}) (Version:  - Microsoft)
Update for Microsoft OneNote 2013 (KB2920739) 64-Bit Edition (HKLM\...\{91150000-0011-0000-1000-0000000FF1CE}_Office15.PROPLUSR_{260C3274-6E83-4EDA-9D35-AD7BA782269D}) (Version:  - Microsoft)
Update for Microsoft Outlook 2013 (KB2956087) 64-Bit Edition (HKLM\...\{90150000-001A-040C-1000-0000000FF1CE}_Office15.PROPLUSR_{04375E3E-AED6-4994-BC46-FAB2254322B1}) (Version:  - Microsoft)
Update for Microsoft Outlook 2013 (KB2956087) 64-Bit Edition (HKLM\...\{91150000-0011-0000-1000-0000000FF1CE}_Office15.PROPLUSR_{04375E3E-AED6-4994-BC46-FAB2254322B1}) (Version:  - Microsoft)
Update for Microsoft PowerPoint 2013 (KB2956149) 64-Bit Edition (HKLM\...\{90150000-0018-040C-1000-0000000FF1CE}_Office15.PROPLUSR_{B6D56E2E-AC7F-49AA-BD95-6577A7DA55E3}) (Version:  - Microsoft)
Update for Microsoft PowerPoint 2013 (KB2956149) 64-Bit Edition (HKLM\...\{91150000-0011-0000-1000-0000000FF1CE}_Office15.PROPLUSR_{B6D56E2E-AC7F-49AA-BD95-6577A7DA55E3}) (Version:  - Microsoft)
Update for Microsoft Project 2013 (KB2956091) 64-Bit Edition (HKLM\...\{90150000-00C1-0000-1000-0000000FF1CE}_Office15.PROPLUSR_{337AA80D-C94C-43B7-A64B-355B3E26F2B8}) (Version:  - Microsoft)
Update for Microsoft Publisher 2013 (KB2883048) 64-Bit Edition (HKLM\...\{90150000-0019-040C-1000-0000000FF1CE}_Office15.PROPLUSR_{F24DFA32-C8EE-4AFB-89AB-07EE7A52E414}) (Version:  - Microsoft)
Update for Microsoft Publisher 2013 (KB2883048) 64-Bit Edition (HKLM\...\{91150000-0011-0000-1000-0000000FF1CE}_Office15.PROPLUSR_{F24DFA32-C8EE-4AFB-89AB-07EE7A52E414}) (Version:  - Microsoft)
Update for Microsoft Visio 2013 (KB2837632) 64-Bit Edition (HKLM\...\{91150000-0011-0000-1000-0000000FF1CE}_Office15.PROPLUSR_{97183E08-6B06-40F1-80A9-585C4AEF98F1}) (Version:  - Microsoft)
Update for Microsoft Visio Viewer 2013 (KB2817301) 64-Bit Edition (HKLM\...\{90150000-006E-040C-1000-0000000FF1CE}_Office15.PROPLUSR_{8E5CD68A-CDF8-4930-88DF-B7778B1871A9}) (Version:  - Microsoft)
Update for Microsoft Visio Viewer 2013 (KB2817301) 64-Bit Edition (HKLM\...\{91150000-0011-0000-1000-0000000FF1CE}_Office15.PROPLUSR_{8E5CD68A-CDF8-4930-88DF-B7778B1871A9}) (Version:  - Microsoft)
Update for Microsoft Word 2013 (KB2878319) 64-Bit Edition (HKLM\...\{91150000-0011-0000-1000-0000000FF1CE}_Office15.PROPLUSR_{BC51FE30-3A56-4802-8D9E-E9BC05B56B49}) (Version:  - Microsoft)
Update for Microsoft Word 2013 (KB2956085) 64-Bit Edition (HKLM\...\{90150000-001A-040C-1000-0000000FF1CE}_Office15.PROPLUSR_{F2AC488A-A8D5-44BC-8546-CE0A75961E32}) (Version:  - Microsoft)
Update for Microsoft Word 2013 (KB2956085) 64-Bit Edition (HKLM\...\{90150000-001B-040C-1000-0000000FF1CE}_Office15.PROPLUSR_{F2AC488A-A8D5-44BC-8546-CE0A75961E32}) (Version:  - Microsoft)
Update for Microsoft Word 2013 (KB2956085) 64-Bit Edition (HKLM\...\{90150000-012B-040C-1000-0000000FF1CE}_Office15.PROPLUSR_{F2AC488A-A8D5-44BC-8546-CE0A75961E32}) (Version:  - Microsoft)
Update for Microsoft Word 2013 (KB2956085) 64-Bit Edition (HKLM\...\{91150000-0011-0000-1000-0000000FF1CE}_Office15.PROPLUSR_{F2AC488A-A8D5-44BC-8546-CE0A75961E32}) (Version:  - Microsoft)
Uplay (HKLM-x32\...\Uplay) (Version: 4.9 - Ubisoft)
VC_CRT_x64 (Version: 1.02.0000 - Intel Corporation) Hidden
Visual F# 3.1.1 SDK (x32 Version: 12.0.30110 - Microsoft Corporation) Hidden
Visual F# 3.1.1 VS (x32 Version: 12.0.30110 - Microsoft Corporation) Hidden
Visual Studio 2013 Prerequisites - ENU Language Pack (Version: 12.0.21005 - Microsoft Corporation) Hidden
Visual Studio 2013 Prerequisites (Version: 12.0.21005 - Microsoft Corporation) Hidden
Visual Studio 2013 Update 1 (KB2829760) (HKLM-x32\...\{67640e67-6563-4e54-9273-4242ca174290}) (Version: 12.0.30112 - Microsoft Corporation)
Visual Studio Extensions for Windows Library for JavaScript (x32 Version: 1.0.9600.16408 - Microsoft Corporation) Hidden
VLC media player (HKLM-x32\...\VLC media player) (Version: 2.1.5 - VideoLAN)
WARMACHINE: Tactics (HKLM-x32\...\V0FSTUFDSElORVRhY3RpY3M=_is1) (Version: 1 - )
Wasteland 2 (HKLM-x32\...\Wasteland 2_is1) (Version:  - )
WATCH_DOGS (HKLM-x32\...\Uplay Install 274) (Version:  - Ubisoft)
WCF Data Services 5.6.0 Runtime (x32 Version: 5.6.61587.0 - Microsoft Corporation) Hidden
WCF Data Services Tools for Microsoft Visual Studio 2013 (x32 Version: 5.6.61587.0 - Microsoft Corporation) Hidden
WCF RIA Services V1.0 SP2 (HKLM-x32\...\{5D8DD6A8-C4D7-4554-93F9-F1CC28C72600}) (Version: 4.1.62812.0 - Microsoft Corporation)
William Hill Poker (HKCU\...\William Hill Poker) (Version:  - )
Winamp (HKLM-x32\...\Winamp) (Version: 5.666  - Nullsoft, Inc)
WinDirStat 1.1.2 (HKCU\...\WinDirStat) (Version:  - )
Windows App Certification Kit Native Components (Version: 8.100.25984 - Microsoft Corporation) Hidden
Windows App Certification Kit x64 (x32 Version: 8.100.26074 - Microsoft Corporation) Hidden
Windows Azure Authoring Tools - v2.2 (HKLM\...\{863C94A6-E432-4C88-9C68-FB668AE66621}) (Version: 2.2.6492.2 - Microsoft Corporation)
Windows Azure Emulator - v2.2 (HKLM\...\Windows Azure Emulator - v2.2) (Version: 2.2.6492.2 - Microsoft Corporation)
Windows Azure Emulator - v2.2 (Version: 2.2.6492.2 - Microsoft Corporation) Hidden
Windows Azure Libraries for .NET – v2.2 (HKLM\...\{0DCF275C-3D88-48CC-B374-ACA7365EF966}) (Version: 2.2.0924.200 - Microsoft Corporation)
Windows Azure Mobile Services SDK (x32 Version: 1.0.10815.0 - Microsoft Corporation) Hidden
Windows Azure Mobile Services Tools for Visual Studio 2013 Preview - v1.0 (x32 Version: 1.0.60906.1602 - Microsoft Corporation) Hidden
Windows Azure Shared Components for Microsoft Visual Studio 2013 - v1.0 (x32 Version: 1.0.10930.1602 - Microsoft Corporation) Hidden
Windows Azure Storage Tools - v2.2 (HKLM-x32\...\{E7FCA9E4-CDCB-472B-B168-567B16088E89}) (Version: 2.2.0.0 - Microsoft Corporation)
Windows Azure Tools for LightSwitch for Visual Studio 2013 - March 2014 Update - v2.2 (x32 Version: 2.2.20221.1601 - Microsoft) Hidden
Windows Azure Tools for LightSwitch for Visual Studio 2013 - v2.1 (x32 Version: 2.1.10909.1601 - Microsoft) Hidden
Windows Azure Tools for LightSwitch for Visual Studio 2013 - v2.2 (x32 Version: 2.2.11002.1601 - Microsoft) Hidden
Windows Azure Tools for Microsoft LightSwitch for Visual Studio 2013 - v2.2 (HKLM-x32\...\{8f2e7a13-dcdb-42eb-a707-e0e7dac5ad5c}) (Version: 2.2.11002.1601 - Microsoft Corporation)
Windows Azure Tools for Microsoft Visual Studio 2013 - v2.2 (HKLM-x32\...\{1775e863-fea5-4931-9399-58f5247d0e99}) (Version: 2.2.11003.1601 - Microsoft Corporation)
Windows Azure Tools for Microsoft Visual Studio 2013 - v2.2 (x32 Version: 2.2.11003.1601 - Microsoft Corporation) Hidden
Windows Azure Tools for Microsoft Visual Studio 2013 Core (x32 Version: 2.2.11003.1601 - Microsoft Corporation) Hidden
Windows Runtime Intellisense Content - en-us (x32 Version: 8.100.25984 - Microsoft Corporation) Hidden
Windows Software Development Kit (x32 Version: 8.100.25984 - Microsoft Corporation) Hidden
Windows Software Development Kit DirectX x64 Remote (Version: 8.100.25984 - Microsoft Corporation) Hidden
Windows Software Development Kit DirectX x86 Remote (x32 Version: 8.100.25984 - Microsoft Corporation) Hidden
Windows Software Development Kit EULA (x32 Version: 8.100.25984 - Microsoft Corporations) Hidden
Windows Software Development Kit for Windows 8.1 (HKLM-x32\...\{25981ccc-475f-4b68-850b-89d3fc287ff1}) (Version: 8.100.26695 - Microsoft Corporation)
Windows Software Development Kit for Windows Store Apps (x32 Version: 8.100.25984 - Microsoft Corporation) Hidden
Windows Software Development Kit for Windows Store Apps DirectX x64 Remote (Version: 8.100.25984 - Microsoft Corporation) Hidden
Windows Software Development Kit for Windows Store Apps DirectX x86 Remote (x32 Version: 8.100.25984 - Microsoft Corporation) Hidden
Windows XP Targeting with C++ (Version: 11.0.51106 - Microsoft Corporation) Hidden
Windows XP Targeting with C++ (x32 Version: 11.0.51106 - Microsoft Corporation) Hidden
WinRAR 5.10 beta 1 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.10.1 - win.rar GmbH)
Workflow Manager Client 1.0 (HKLM\...\{A5ABAF5F-B5B6-44B3-B69F-2E13DC60FC9F}) (Version: 2.0.40131.0 - Microsoft Corporation)
Workflow Manager Tools 1.0 for Visual Studio (HKLM\...\{3F757C38-DEBF-4053-81C2-CF009B58DDE5}) (Version: 2.0.40131.0 - Microsoft Corporation)

========================= Memory info: ===================================

Percentage of memory in use: 19%
Total physical RAM: 8159.14 MB
Available physical RAM: 6583.32 MB
Total Pagefile: 9439.14 MB
Available Pagefile: 7818.93 MB
Total Virtual: 4095.88 MB
Available Virtual: 3973.95 MB

========================= Partitions: =====================================

1 Drive c: () (Fixed) (Total:119.24 GB) (Free:23.03 GB) NTFS
3 Drive e: () (Fixed) (Total:5588.9 GB) (Free:4715.13 GB) NTFS
4 Drive f: () (Fixed) (Total:139.64 GB) (Free:8.66 GB) NTFS
5 Drive h: () (Fixed) (Total:1863.01 GB) (Free:146.9 GB) NTFS

========================= Users: ========================================

User accounts for \\DUNGE-PC

Administrator            Dunge                    Guest                    


**** End of log ****
 

FSS.txt

 

Farbar Service Scanner Version: 17-01-2015
Ran by Dunge (administrator) on 22-02-2015 at 10:38:19
Running from "C:\"
Microsoft Windows 8.1 Pro  (X64)
Boot Mode: Normal
****************************************************************

Internet Services:
============

Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Google.com is accessible.
Yahoo.com is accessible.

ATTENTION!=====> local policy on IP:
Key: "HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local"
Value: "ActivePolicy"
Data: "SOFTWARE\Policies\Microsoft\Windows\IPSEC\Policy\Local\ipsecPolicy{c965be38-ae3c-44f6-bcdc-a713a0181666}"


Windows Firewall:
=============

Firewall Disabled Policy:
==================


System Restore:
============

System Restore Policy:
========================


Action Center:
============


Windows Update:
============

Windows Autoupdate Disabled Policy:
============================


Windows Defender:
==============

Other Services:
==============


File Check:
========
C:\Windows\System32\nsisvc.dll => File is digitally signed
C:\Windows\System32\drivers\nsiproxy.sys => File is digitally signed
C:\Windows\System32\dhcpcore.dll => File is digitally signed
C:\Windows\System32\drivers\afd.sys => File is digitally signed
C:\Windows\System32\drivers\tdx.sys => File is digitally signed
C:\Windows\System32\Drivers\tcpip.sys => File is digitally signed
C:\Windows\System32\dnsrslvr.dll => File is digitally signed
C:\Windows\System32\mpssvc.dll => File is digitally signed
C:\Windows\System32\bfe.dll => File is digitally signed
C:\Windows\System32\drivers\mpsdrv.sys => File is digitally signed
C:\Windows\System32\wscsvc.dll => File is digitally signed
C:\Windows\System32\wbem\WMIsvc.dll => File is digitally signed
C:\Windows\System32\wuaueng.dll => File is digitally signed
C:\Windows\System32\qmgr.dll => File is digitally signed
C:\Windows\System32\es.dll => File is digitally signed
C:\Windows\System32\cryptsvc.dll => File is digitally signed
C:\Program Files\Windows Defender\MpSvc.dll => File is digitally signed
C:\Program Files\Windows Defender\MsMpEng.exe => File is digitally signed
C:\Windows\System32\ipnathlp.dll => File is digitally signed
C:\Windows\System32\iphlpsvc.dll => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed


**** End of log ****

 

FRST.txt

 

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 21-02-2015
Ran by Dunge (administrator) on DUNGE-PC on 22-02-2015 10:39:13
Running from C:\
Loaded Profiles: Dunge (Available profiles: Dunge)
Platform: Windows 8.1 Pro (X64) OS Language: English (United States)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\AAHM\1.00.20\aaHMSvc.exe
(Atheros Commnucations) C:\Windows\System32\AdminService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe
(Microsoft Corporation) C:\Windows\System32\dasHost.exe
(Intel® Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Intel Corporation) C:\Windows\System32\IPROSetMonitor.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(Microsoft Corporation) C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MsMpEng.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\NisSrv.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(CMedia) C:\Program Files\ASUS Xonar DX Audio\Customapp\AsusAudioCenter.exe
() C:\Windows\SysWOW64\HsMgr.exe
() C:\Windows\System\HsMgr64.exe
(Cerulean Studios) C:\Program Files (x86)\Trillian\trillian.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office\Office15\MSOSYNC.EXE
(Intel Corporation) C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
() C:\Program Files (x86)\ASUS\AXSP\1.00.19\atkexComSvc.exe
(Intel Corporation) C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe
(Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MpCmdRun.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2462536 2014-10-16] (NVIDIA Corporation)
HKLM\...\Run: [ShadowPlay] => C:\Windows\system32\rundll32.exe C:\Windows\system32\nvspcap64.dll,ShadowPlayOnSystemStart
HKLM\...\Run: [Cmaudio8788] => C:\Windows\syswow64\RunDll32.exe C:\Windows\Syswow64\cmicnfgp.dll,CMICtrlWnd
HKLM\...\Run: [Cmaudio8788GX] => C:\Windows\syswow64\HsMgr.exe [200704 2008-07-11] ()
HKLM\...\Run: [Cmaudio8788GX64] => C:\Windows\system\HsMgr64.exe [282112 2008-07-11] ()
HKLM\...\Run: [IAStorIcon] => C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe [287592 2013-08-07] (Intel Corporation)
Startup: C:\Users\Dunge\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\RdpSaProxy.lnk
ShortcutTarget: RdpSaProxy.lnk -> C:\Users\Dunge\AppData\Roaming\Microsoft\Windows\IEUpdate\RdpSaProxy.exe (No File)
Startup: C:\Users\Dunge\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Trillian.lnk
ShortcutTarget: Trillian.lnk -> C:\Program Files (x86)\Trillian\trillian.exe (Cerulean Studios)
ShellIconOverlayIdentifiers: [1TortoiseNormal] -> {C5994560-53D9-4125-87C9-F193FC689CB2} => C:\Program Files\Common Files\TortoiseOverlays\TortoiseOverlays.dll (http://tortoisesvn.net)
ShellIconOverlayIdentifiers: [2TortoiseModified] -> {C5994561-53D9-4125-87C9-F193FC689CB2} => C:\Program Files\Common Files\TortoiseOverlays\TortoiseOverlays.dll (http://tortoisesvn.net)
ShellIconOverlayIdentifiers: [3TortoiseConflict] -> {C5994562-53D9-4125-87C9-F193FC689CB2} => C:\Program Files\Common Files\TortoiseOverlays\TortoiseOverlays.dll (http://tortoisesvn.net)
ShellIconOverlayIdentifiers: [4TortoiseLocked] -> {C5994563-53D9-4125-87C9-F193FC689CB2} => C:\Program Files\Common Files\TortoiseOverlays\TortoiseOverlays.dll (http://tortoisesvn.net)
ShellIconOverlayIdentifiers: [5TortoiseReadOnly] -> {C5994564-53D9-4125-87C9-F193FC689CB2} => C:\Program Files\Common Files\TortoiseOverlays\TortoiseOverlays.dll (http://tortoisesvn.net)
ShellIconOverlayIdentifiers: [6TortoiseDeleted] -> {C5994565-53D9-4125-87C9-F193FC689CB2} => C:\Program Files\Common Files\TortoiseOverlays\TortoiseOverlays.dll (http://tortoisesvn.net)
ShellIconOverlayIdentifiers: [7TortoiseAdded] -> {C5994566-53D9-4125-87C9-F193FC689CB2} => C:\Program Files\Common Files\TortoiseOverlays\TortoiseOverlays.dll (http://tortoisesvn.net)
ShellIconOverlayIdentifiers: [8TortoiseIgnored] -> {C5994567-53D9-4125-87C9-F193FC689CB2} => C:\Program Files\Common Files\TortoiseOverlays\TortoiseOverlays.dll (http://tortoisesvn.net)
ShellIconOverlayIdentifiers: [9TortoiseUnversioned] -> {C5994568-53D9-4125-87C9-F193FC689CB2} => C:\Program Files\Common Files\TortoiseOverlays\TortoiseOverlays.dll (http://tortoisesvn.net)
ShellIconOverlayIdentifiers-x32: [1TortoiseNormal] -> {C5994560-53D9-4125-87C9-F193FC689CB2} => C:\Program Files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll (http://tortoisesvn.net)
ShellIconOverlayIdentifiers-x32: [2TortoiseModified] -> {C5994561-53D9-4125-87C9-F193FC689CB2} => C:\Program Files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll (http://tortoisesvn.net)
ShellIconOverlayIdentifiers-x32: [3TortoiseConflict] -> {C5994562-53D9-4125-87C9-F193FC689CB2} => C:\Program Files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll (http://tortoisesvn.net)
ShellIconOverlayIdentifiers-x32: [4TortoiseLocked] -> {C5994563-53D9-4125-87C9-F193FC689CB2} => C:\Program Files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll (http://tortoisesvn.net)
ShellIconOverlayIdentifiers-x32: [5TortoiseReadOnly] -> {C5994564-53D9-4125-87C9-F193FC689CB2} => C:\Program Files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll (http://tortoisesvn.net)
ShellIconOverlayIdentifiers-x32: [6TortoiseDeleted] -> {C5994565-53D9-4125-87C9-F193FC689CB2} => C:\Program Files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll (http://tortoisesvn.net)
ShellIconOverlayIdentifiers-x32: [7TortoiseAdded] -> {C5994566-53D9-4125-87C9-F193FC689CB2} => C:\Program Files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll (http://tortoisesvn.net)
ShellIconOverlayIdentifiers-x32: [8TortoiseIgnored] -> {C5994567-53D9-4125-87C9-F193FC689CB2} => C:\Program Files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll (http://tortoisesvn.net)
ShellIconOverlayIdentifiers-x32: [9TortoiseUnversioned] -> {C5994568-53D9-4125-87C9-F193FC689CB2} => C:\Program Files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll (http://tortoisesvn.net)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKU\S-1-5-21-2149543761-3914769281-2911391531-1001\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://t.ca.msn.com/defaultf
BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation)
BHO: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_20\bin\ssv.dll (Oracle Corporation)
BHO: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_20\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: Microsoft Web Test Recorder 12.0 Helper -> {432dd630-7e03-4c97-9d62-b99f52df4fc2} -> C:\Program Files (x86)\Microsoft Visual Studio 12.0\Common7\IDE\PrivateAssemblies\Microsoft.VisualStudio.QualityTools.RecorderBarBHO100.dll (Microsoft Corporation)
BHO-x32: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation)
Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office\Office15\MSOSB.DLL (Microsoft Corporation)
Tcpip\Parameters: [DhcpNameServer] 74.116.184.28 74.116.184.29

FireFox:
========
FF ProfilePath: C:\Users\Dunge\AppData\Roaming\Mozilla\Firefox\Profiles\4pvi19hp.default
FF DefaultSearchEngine: Google
FF SelectedSearchEngine: Google
FF Homepage: about:home
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_16_0_0_305.dll ()
FF Plugin: @java.com/DTPlugin,version=11.20.2 -> C:\Program Files\Java\jre1.8.0_20\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.20.2 -> C:\Program Files\Java\jre1.8.0_20\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.31211.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~1\MIF5BA~1\Office15\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_16_0_0_305.dll ()
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.5 -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files (x86)\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll (Microsoft Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.31211.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MIF5BA~1\Office15\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF Plugin-x32: @videolan.org/vlc,version=2.1.3 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.1.5 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npMeetingJoinPluginOC.dll (Microsoft Corporation)
FF SearchPlugin: C:\Users\Dunge\AppData\Roaming\Mozilla\Firefox\Profiles\4pvi19hp.default\searchplugins\the-pirate-bay.xml
FF Extension: Dictionnaires français - C:\Users\Dunge\AppData\Roaming\Mozilla\Firefox\Profiles\4pvi19hp.default\Extensions\fr-dicollecte@dictionaries.addons.mozilla.org [2014-09-19]
FF Extension: Reddit Enhancement Suite - C:\Users\Dunge\AppData\Roaming\Mozilla\Firefox\Profiles\4pvi19hp.default\Extensions\jid1-xUfzOsOFlzSOXg@jetpack.xpi [2014-03-23]
FF Extension: Adblock Plus - C:\Users\Dunge\AppData\Roaming\Mozilla\Firefox\Profiles\4pvi19hp.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2014-03-23]

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 asComSvc; C:\Program Files (x86)\ASUS\AXSP\1.00.19\atkexComSvc.exe [920736 2013-09-17] ()
R2 asHmComSvc; C:\Program Files (x86)\ASUS\AAHM\1.00.20\aaHMSvc.exe [951936 2013-09-17] (ASUSTeK Computer Inc.)
R2 AtherosSvc; C:\Windows\system32\AdminService.exe [208384 2012-08-29] (Atheros Commnucations) [File not signed]
S3 c2wts; C:\Program Files\Windows Identity Foundation\v3.5\c2wtshost.exe [5632 2014-03-23] (Microsoft Corporation)
S3 fussvc; C:\Program Files (x86)\Windows Kits\8.1\App Certification Kit\fussvc.exe [142336 2013-08-22] (Microsoft Corporation) [File not signed]
S3 GalaxyService; C:\Program Files (x86)\GalaxyClient\GalaxyService.exe [1883424 2014-07-16] (GOG.com)
R2 GfExperienceService; C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe [1148744 2014-10-16] (NVIDIA Corporation)
R2 IAStorDataMgrSvc; C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [15720 2013-08-07] (Intel Corporation)
R2 Intel® Capability Licensing Service Interface; C:\Program Files\Intel\iCLS Client\HeciServer.exe [733696 2013-05-11] (Intel® Corporation) [File not signed]
S3 Intel® Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [822232 2013-05-11] (Intel® Corporation)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [169432 2013-08-08] (Intel Corporation)
S3 KAUpdateService; e:\Program Files (x86)\The Book of Unwritten Tales 2\service\KAUpdateService.exe [36864 2015-01-27] () [File not signed]
R2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1795912 2014-10-16] (NVIDIA Corporation)
R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [19439944 2014-10-16] (NVIDIA Corporation)
S3 Te.Service; C:\Program Files (x86)\Windows Kits\8.1\Testing\Runtimes\TAEF\Wex.Services.exe [119808 2013-08-22] (Microsoft Corporation) [File not signed]
S3 VsEtwService120; C:\Program Files\Microsoft Visual Studio 12.0\Common7\Packages\Debugger\Services\VsEtwService.exe [87728 2013-10-04] (Microsoft Corporation)
R3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [368632 2014-09-21] (Microsoft Corporation)
R2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23792 2014-09-21] (Microsoft Corporation)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R1 AsIO; C:\Windows\SysWow64\drivers\AsIO.sys [15232 2012-08-22] ()
R2 atksgt; C:\Windows\System32\DRIVERS\atksgt.sys [310728 2014-04-28] ()
R3 cmudaxp; C:\Windows\system32\drivers\cmudaxp.sys [2735616 2013-12-11] (C-Media Inc)
R3 e1cexpress; C:\Windows\system32\DRIVERS\e1c64x64.sys [469264 2013-06-21] (Intel Corporation)
S3 libusb0; C:\Windows\system32\DRIVERS\libusb0.sys [52832 2014-11-27] (http://libusb-win32.sourceforge.net)
R2 lirsgt; C:\Windows\System32\DRIVERS\lirsgt.sys [42696 2014-04-28] ()
R3 MEIx64; C:\Windows\system32\DRIVERS\TeeDriverx64.sys [99288 2013-08-08] (Intel Corporation)
R3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [19272 2014-10-16] (NVIDIA Corporation)
R3 NVVADARM; C:\Windows\system32\drivers\nvvadarm.sys [39240 2015-02-05] (NVIDIA Corporation)
R3 nvvad_WaveExtensible; C:\Windows\system32\drivers\nvvad64v.sys [38048 2014-10-16] (NVIDIA Corporation)
R3 SensorsSimulatorDriver; C:\Windows\system32\DRIVERS\WUDFRd.sys [227840 2014-05-31] (Microsoft Corporation)
U3 TrueSight; C:\Windows\System32\drivers\TrueSight.sys [35064 2015-02-21] ()
R3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [114496 2014-09-21] (Microsoft Corporation)
R3 xusb22; C:\Windows\System32\drivers\xusb22.sys [87040 2014-03-18] (Microsoft Corporation)

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-02-22 10:39 - 2015-02-22 10:39 - 00016652 _____ () C:\FRST.txt
2015-02-22 10:38 - 2015-02-22 10:38 - 00002524 _____ () C:\FSS.txt
2015-02-22 10:33 - 2015-02-22 10:33 - 00072223 _____ () C:\Result.txt
2015-02-22 10:29 - 2015-02-22 10:29 - 00415232 _____ (Farbar) C:\FSS.exe
2015-02-22 10:29 - 2015-02-22 10:29 - 00401920 _____ (Farbar) C:\MiniToolBox.exe
2015-02-21 20:29 - 2015-02-21 20:29 - 00045568 ___SH () C:\Users\Dunge\Desktop\Thumbs.db
2015-02-21 20:24 - 2015-02-21 20:24 - 00000000 ____D () C:\ComIntRepair
2015-02-21 17:44 - 2015-02-21 17:44 - 00035064 _____ () C:\Windows\system32\Drivers\TrueSight.sys
2015-02-21 17:43 - 2015-02-21 17:44 - 00000000 ____D () C:\ProgramData\RogueKiller
2015-02-21 17:30 - 2015-02-21 17:29 - 15533656 _____ () C:\RogueKiller.exe
2015-02-21 17:25 - 2015-02-22 10:30 - 00001147 _____ () C:\New Text Document.txt
2015-02-21 17:25 - 2015-02-21 17:25 - 01943800 _____ (Bleeping Computer, LLC) C:\rkill.exe
2015-02-21 14:55 - 2015-02-22 10:39 - 00000000 ____D () C:\FRST
2015-02-21 14:37 - 2015-02-21 14:37 - 02086912 _____ (Farbar) C:\FRST64.exe
2015-02-21 14:37 - 2015-02-21 14:37 - 00388608 _____ (Trend Micro Inc.) C:\HijackThis.exe
2015-02-21 12:47 - 2015-02-21 14:51 - 00000000 ____D () C:\Windows\DB847E94446B49E0AC5DC5627EC8B0C0.TMP
2015-02-21 12:39 - 2015-02-21 12:39 - 00000000 _____ () C:\autoexec.bat
2015-02-21 02:55 - 2015-02-21 17:41 - 00000000 ____D () C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2015-02-21 02:46 - 2015-02-21 02:37 - 16502728 _____ (Malwarebytes Corp.) C:\mbar-1.09.1.1004.exe
2015-02-21 01:49 - 2015-02-21 01:49 - 00001267 _____ () C:\Users\Public\Desktop\Pixel Boy and the Ever Expanding Dungeon.lnk
2015-02-21 01:49 - 2015-02-21 01:49 - 00000774 _____ () C:\Users\Dunge\Desktop\Hand of Fate.lnk
2015-02-21 01:49 - 2015-02-21 01:49 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Hand of Fate
2015-02-21 01:49 - 2015-02-21 01:49 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Giant Box Games
2015-02-21 01:47 - 2015-02-21 01:47 - 00000709 _____ () C:\Users\Dunge\Desktop\A.V..lnk
2015-02-21 01:47 - 2015-02-21 01:47 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\A.V
2015-02-21 01:46 - 2015-02-21 01:46 - 00001428 _____ () C:\Users\Public\Desktop\Afterfall Reconquest Episode 1 (x86).lnk
2015-02-21 01:46 - 2015-02-21 01:46 - 00001428 _____ () C:\Users\Public\Desktop\Afterfall Reconquest Episode 1 (x64).lnk
2015-02-21 01:46 - 2015-02-21 01:46 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Nicolas Games
2015-02-21 01:30 - 2015-02-21 01:30 - 00003602 _____ () C:\Windows\System32\Tasks\RdpSaProxy
2015-02-21 01:26 - 2015-02-21 01:26 - 00000641 _____ () C:\Users\Dunge\Desktop\The Book of Unwritten Tales 2.lnk
2015-02-21 01:26 - 2015-02-21 01:26 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\The Book of Unwritten Tales 2
2015-02-21 00:41 - 2015-02-21 00:41 - 00000000 ____D () C:\Users\Dunge\Documents\Joystick Replay
2015-02-20 22:14 - 2015-02-20 22:14 - 00000000 ____D () C:\Users\Dunge\AppData\Roaming\EnemyMind
2015-02-20 20:50 - 2015-02-20 20:50 - 00000000 ____D () C:\Users\Dunge\AppData\Roaming\com.brucefilm.staydeadevolution
2015-02-20 20:49 - 2015-02-20 20:49 - 00000685 _____ () C:\Users\Dunge\Desktop\Enemy Mind.lnk
2015-02-20 20:48 - 2015-02-20 20:48 - 00001095 _____ () C:\Users\Public\Desktop\Prehistorik.lnk
2015-02-20 20:48 - 2015-02-20 20:48 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Gravity Europe SAS
2015-02-20 20:47 - 2015-02-20 20:47 - 00001128 _____ () C:\Users\Public\Desktop\Stay Dead Evolution.lnk
2015-02-20 20:47 - 2015-02-20 20:47 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Brucefilm
2015-02-18 18:54 - 2015-02-18 18:54 - 00000876 _____ () C:\Users\Public\Desktop\Morningstar.lnk
2015-02-18 18:54 - 2015-02-18 18:54 - 00000000 ____D () C:\Users\Dunge\AppData\Roaming\com.redherringlabs.morningstar
2015-02-18 18:54 - 2015-02-18 18:54 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Morningstar
2015-02-17 22:11 - 2015-02-17 22:11 - 00000000 ____D () C:\Users\Dunge\Documents\Astray
2015-02-17 22:09 - 2015-02-17 22:09 - 00000000 ____D () C:\Users\Dunge\AppData\Local\Astray
2015-02-15 21:57 - 2015-02-15 21:57 - 00000816 _____ () C:\Users\Public\Desktop\A Golden Wake.lnk
2015-02-15 21:57 - 2015-02-15 21:57 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\A Golden Wake [GOG.com]
2015-02-13 23:09 - 2015-02-13 23:09 - 00000739 _____ () C:\Users\Dunge\Desktop\Lucius II.lnk
2015-02-13 23:09 - 2015-02-13 23:09 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Lucius II
2015-02-13 23:04 - 2015-02-13 23:04 - 00000601 _____ () C:\Users\Public\Desktop\Decay The Mare.lnk
2015-02-13 23:04 - 2015-02-13 23:04 - 00000601 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Decay The Mare.lnk
2015-02-13 20:34 - 2015-02-13 20:34 - 00000000 ____D () C:\Users\Dunge\Documents\NeocoreGames
2015-02-13 04:17 - 2015-01-22 23:41 - 06041600 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2015-02-13 04:17 - 2015-01-22 22:17 - 04300800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2015-02-12 20:59 - 2015-02-12 20:59 - 00000000 ____D () C:\Users\Dunge\Documents\Petroglyph
2015-02-12 20:54 - 2015-02-12 20:54 - 00000744 _____ () C:\Users\Dunge\Desktop\Harold.lnk
2015-02-12 20:54 - 2015-02-12 20:54 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Harold
2015-02-12 20:51 - 2015-02-12 20:51 - 00001127 _____ () C:\Users\Dunge\Desktop\Sunless Sea.lnk
2015-02-11 21:49 - 2015-02-11 21:49 - 00000856 _____ () C:\Users\Public\Desktop\Deathtrap.lnk
2015-02-11 21:49 - 2015-02-11 21:49 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Deathtrap
2015-02-11 21:41 - 2015-02-11 21:41 - 00000785 _____ () C:\Users\Dunge\Desktop\Grey Goo.lnk
2015-02-11 21:41 - 2015-02-11 21:41 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Grey Goo
2015-02-11 21:37 - 2015-02-11 21:37 - 00000856 _____ () C:\Users\Dunge\Desktop\Grim Fandango Remastered.lnk
2015-02-11 21:37 - 2015-02-11 21:37 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Grim Fandango Remastered
2015-02-11 21:32 - 2015-02-11 21:32 - 00000551 _____ () C:\Users\Public\Desktop\Grow Home.lnk
2015-02-11 21:32 - 2015-02-11 21:32 - 00000551 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Grow Home.lnk
2015-02-11 21:25 - 2015-02-11 21:25 - 00000777 _____ () C:\Users\Dunge\Desktop\Ravens Cry.lnk
2015-02-11 21:25 - 2015-02-11 21:25 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Ravens Cry
2015-02-10 22:28 - 2015-02-05 12:57 - 00621384 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvStreaming.exe
2015-02-10 22:27 - 2015-02-05 16:01 - 32106640 _____ (NVIDIA Corporation) C:\Windows\system32\nvoglv64.dll
2015-02-10 22:27 - 2015-02-05 16:01 - 25460880 _____ (NVIDIA Corporation) C:\Windows\system32\nvcompiler.dll
2015-02-10 22:27 - 2015-02-05 16:01 - 24768144 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvoglv32.dll
2015-02-10 22:27 - 2015-02-05 16:01 - 20466496 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcompiler.dll
2015-02-10 22:27 - 2015-02-05 16:01 - 17253848 _____ (NVIDIA Corporation) C:\Windows\system32\nvd3dumx.dll
2015-02-10 22:27 - 2015-02-05 16:01 - 13294528 _____ (NVIDIA Corporation) C:\Windows\system32\nvopencl.dll
2015-02-10 22:27 - 2015-02-05 16:01 - 13208200 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuda.dll
2015-02-10 22:27 - 2015-02-05 16:01 - 10773704 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvopencl.dll
2015-02-10 22:27 - 2015-02-05 16:01 - 10713256 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuda.dll
2015-02-10 22:27 - 2015-02-05 16:01 - 10284872 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvlddmkm.sys
2015-02-10 22:27 - 2015-02-05 16:01 - 03610768 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuvid.dll
2015-02-10 22:27 - 2015-02-05 16:01 - 03247248 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuvid.dll
2015-02-10 22:27 - 2015-02-05 16:01 - 01895240 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispco6434752.dll
2015-02-10 22:27 - 2015-02-05 16:01 - 01557648 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispgenco6434752.dll
2015-02-10 22:27 - 2015-02-05 16:01 - 00995248 _____ (NVIDIA Corporation) C:\Windows\system32\nvumdshimx.dll
2015-02-10 22:27 - 2015-02-05 16:01 - 00969872 _____ (NVIDIA Corporation) C:\Windows\system32\NvIFR64.dll
2015-02-10 22:27 - 2015-02-05 16:01 - 00943760 _____ (NVIDIA Corporation) C:\Windows\system32\NvFBC64.dll
2015-02-10 22:27 - 2015-02-05 16:01 - 00929936 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvIFR.dll
2015-02-10 22:27 - 2015-02-05 16:01 - 00908104 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvFBC.dll
2015-02-10 22:27 - 2015-02-05 16:01 - 00877816 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvumdshim.dll
2015-02-10 22:27 - 2015-02-05 16:01 - 00833680 _____ () C:\Windows\system32\nvmcumd.dll
2015-02-10 22:27 - 2015-02-05 16:01 - 00496272 _____ (NVIDIA Corporation) C:\Windows\system32\nvEncodeAPI64.dll
2015-02-10 22:27 - 2015-02-05 16:01 - 00399504 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvEncodeAPI.dll
2015-02-10 22:27 - 2015-02-05 16:01 - 00390472 _____ (NVIDIA Corporation) C:\Windows\system32\NvIFROpenGL.dll
2015-02-10 22:27 - 2015-02-05 16:01 - 00353224 _____ (NVIDIA Corporation) C:\Windows\system32\nvoglshim64.dll
2015-02-10 22:27 - 2015-02-05 16:01 - 00345744 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvIFROpenGL.dll
2015-02-10 22:27 - 2015-02-05 16:01 - 00305136 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvoglshim32.dll
2015-02-10 22:27 - 2015-02-05 16:01 - 00177624 _____ (NVIDIA Corporation) C:\Windows\system32\nvinitx.dll
2015-02-10 22:27 - 2015-02-05 16:01 - 00164752 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvinit.dll
2015-02-10 22:27 - 2015-02-05 16:01 - 00100496 _____ (NVIDIA Corporation) C:\Windows\system32\nvaudcaparm.dll
2015-02-10 22:27 - 2015-02-05 16:01 - 00039240 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvvadarm.sys
2015-02-10 16:52 - 2015-01-15 17:43 - 00563504 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\cng.sys
2015-02-10 16:52 - 2015-01-15 17:43 - 00177984 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2015-02-10 16:52 - 2015-01-13 23:22 - 00445440 _____ (Microsoft Corporation) C:\Windows\system32\certcli.dll
2015-02-10 16:52 - 2015-01-13 22:53 - 00324096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\certcli.dll
2015-02-10 16:52 - 2014-10-28 21:51 - 00154112 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
2015-02-10 16:52 - 2014-10-28 21:50 - 00736768 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2015-02-10 16:52 - 2014-10-28 21:06 - 00736768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll
2015-02-10 16:52 - 2014-10-28 21:06 - 00154112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll
2015-02-10 16:52 - 2014-10-28 20:31 - 01441792 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2015-02-10 16:51 - 2015-01-19 13:42 - 01487976 _____ (Microsoft Corporation) C:\Windows\system32\sppobjs.dll
2015-02-10 16:51 - 2015-01-13 17:11 - 01762840 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecs.dll
2015-02-10 16:51 - 2015-01-13 17:04 - 01489072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WindowsCodecs.dll
2015-02-10 16:51 - 2015-01-11 22:09 - 25056256 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2015-02-10 16:51 - 2015-01-11 21:48 - 02885632 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2015-02-10 16:51 - 2015-01-11 21:48 - 00584192 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2015-02-10 16:51 - 2015-01-11 21:47 - 00088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2015-02-10 16:51 - 2015-01-11 21:34 - 00816128 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2015-02-10 16:51 - 2015-01-11 21:25 - 19740160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2015-02-10 16:51 - 2015-01-11 21:21 - 00490496 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2015-02-10 16:51 - 2015-01-11 21:08 - 00503296 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2015-02-10 16:51 - 2015-01-11 21:07 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2015-02-10 16:51 - 2015-01-11 21:05 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2015-02-10 16:51 - 2015-01-11 21:02 - 02277888 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2015-02-10 16:51 - 2015-01-11 20:58 - 01032704 _____ (Microsoft Corporation) C:\Windows\system32\inetcomm.dll
2015-02-10 16:51 - 2015-01-11 20:55 - 00664064 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2015-02-10 16:51 - 2015-01-11 20:51 - 00262144 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll
2015-02-10 16:51 - 2015-01-11 20:48 - 00801280 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2015-02-10 16:51 - 2015-01-11 20:48 - 00718848 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2015-02-10 16:51 - 2015-01-11 20:48 - 00374272 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2015-02-10 16:51 - 2015-01-11 20:46 - 02125824 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2015-02-10 16:51 - 2015-01-11 20:45 - 00418304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2015-02-10 16:51 - 2015-01-11 20:43 - 14401024 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2015-02-10 16:51 - 2015-01-11 20:34 - 00128000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iepeers.dll
2015-02-10 16:51 - 2015-01-11 20:30 - 00880128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcomm.dll
2015-02-10 16:51 - 2015-01-11 20:27 - 02865152 _____ (Microsoft Corporation) C:\Windows\system32\actxprxy.dll
2015-02-10 16:51 - 2015-01-11 20:27 - 02358272 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2015-02-10 16:51 - 2015-01-11 20:25 - 00230400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll
2015-02-10 16:51 - 2015-01-11 20:23 - 02052608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2015-02-10 16:51 - 2015-01-11 20:23 - 00688640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2015-02-10 16:51 - 2015-01-11 20:23 - 00327168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2015-02-10 16:51 - 2015-01-11 20:14 - 12829184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2015-02-10 16:51 - 2015-01-11 20:14 - 01548288 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2015-02-10 16:51 - 2015-01-11 20:02 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2015-02-10 16:51 - 2015-01-11 20:00 - 01888256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2015-02-10 16:51 - 2015-01-11 19:56 - 01307136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2015-02-10 16:51 - 2015-01-11 19:55 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2015-02-10 16:51 - 2015-01-10 04:10 - 07472960 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2015-02-10 16:51 - 2015-01-10 04:10 - 01733440 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2015-02-10 16:51 - 2015-01-10 03:28 - 01498360 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll
2015-02-10 16:51 - 2015-01-10 03:22 - 04175872 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2015-02-10 16:51 - 2015-01-10 02:00 - 00430080 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2015-02-10 16:51 - 2015-01-10 01:38 - 00359424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2015-02-10 16:51 - 2014-12-19 03:57 - 00788680 _____ (Microsoft Corporation) C:\Windows\system32\oleaut32.dll
2015-02-10 16:51 - 2014-12-19 03:25 - 00602776 _____ (Microsoft Corporation) C:\Windows\SysWOW64\oleaut32.dll
2015-02-10 16:51 - 2014-12-08 22:45 - 00393728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\scesrv.dll
2015-02-10 16:51 - 2014-12-08 20:56 - 00538624 _____ (Microsoft Corporation) C:\Windows\system32\scesrv.dll
2015-02-10 16:51 - 2014-12-08 18:12 - 00391526 _____ () C:\Windows\system32\ApnDatabase.xml
2015-02-10 16:51 - 2014-10-28 21:02 - 00285184 _____ (Microsoft Corporation) C:\Windows\system32\wow64.dll
2015-02-10 16:51 - 2014-10-28 21:02 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\wow64cpu.dll
2015-02-10 16:51 - 2014-10-28 20:57 - 00016896 _____ (Microsoft Corporation) C:\Windows\system32\ntvdm64.dll
2015-02-10 16:51 - 2014-10-28 20:15 - 00014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll
2015-02-10 16:51 - 2014-10-28 20:15 - 00005632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll
2015-02-10 16:51 - 2014-10-28 20:14 - 00004096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe
2015-02-10 16:51 - 2014-10-28 20:13 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe
2015-02-10 16:51 - 2014-10-28 20:13 - 00008704 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe
2015-02-08 21:03 - 2015-02-08 21:03 - 00000531 _____ () C:\Users\Public\Desktop\Astray.lnk
2015-02-08 21:03 - 2015-02-08 21:03 - 00000531 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Astray.lnk
2015-02-08 20:57 - 2015-02-08 20:57 - 00000675 _____ () C:\Users\Public\Desktop\Saints Row Gat out of Hell.lnk
2015-02-08 20:57 - 2015-02-08 20:57 - 00000675 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Saints Row Gat out of Hell.lnk
2015-02-08 20:53 - 2015-02-08 20:53 - 00000537 _____ () C:\Users\Public\Desktop\Tengami.lnk
2015-02-08 20:53 - 2015-02-08 20:53 - 00000537 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Tengami.lnk
2015-02-08 09:13 - 2015-02-08 09:13 - 00001125 _____ () C:\Users\Public\Desktop\Life Is Strange.lnk
2015-02-08 09:13 - 2015-02-08 09:13 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Life Is Strange
2015-02-07 11:05 - 2015-02-07 11:05 - 00000914 _____ () C:\Users\Dunge\Desktop\Game of Thrones A Telltale Games Series.lnk
2015-02-07 11:05 - 2015-02-07 11:05 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Game of Thrones A Telltale Games Series
2015-02-05 21:47 - 2015-02-05 21:47 - 00000000 ____D () C:\Users\Dunge\Documents\DyingLight
2015-02-05 21:41 - 2015-02-05 21:41 - 00000579 _____ () C:\Users\Public\Desktop\Dying Light.lnk
2015-02-05 21:41 - 2015-02-05 21:41 - 00000579 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dying Light.lnk
2015-02-01 01:28 - 2015-02-01 01:28 - 00000982 _____ () C:\Users\Public\Desktop\Supreme League of Patriots Episode 3.lnk
2015-02-01 01:28 - 2015-02-01 01:28 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Supreme League of Patriots Episode 3 [GOG.com]
2015-02-01 01:27 - 2015-02-01 01:27 - 00000982 _____ () C:\Users\Public\Desktop\Supreme League of Patriots Episode 2.lnk
2015-02-01 01:27 - 2015-02-01 01:27 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Supreme League of Patriots Episode 2 [GOG.com]
2015-01-31 20:57 - 2015-01-31 20:57 - 00000982 _____ () C:\Users\Public\Desktop\Supreme League of Patriots Episode 1.lnk
2015-01-31 20:57 - 2015-01-31 20:57 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Supreme League of Patriots Episode 1 [GOG.com]
2015-01-24 15:47 - 2015-02-04 13:47 - 05070512 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerInstaller.exe
2015-01-23 23:21 - 2015-01-23 23:21 - 00412368 _____ () C:\Windows\Minidump\012315-9093-01.dmp
2015-01-23 17:42 - 2015-02-05 16:01 - 02902784 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvapi.dll
2015-01-23 17:42 - 2015-01-10 03:07 - 01895240 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispco6434725.dll
2015-01-23 17:42 - 2015-01-10 03:07 - 01556808 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispgenco6434725.dll

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-02-22 10:37 - 2014-03-23 00:54 - 00958292 _____ () C:\Windows\system32\PerfStringBackup.INI
2015-02-22 10:34 - 2014-03-23 00:49 - 01849650 _____ () C:\Windows\WindowsUpdate.log
2015-02-22 10:31 - 2014-07-08 23:35 - 00005056 _____ () C:\Windows\System32\Tasks\Microsoft Office 15 Sync Maintenance for DUNGE-PC-Dunge Dunge-PC
2015-02-22 10:30 - 2014-05-27 16:34 - 00026897 _____ () C:\Windows\setupact.log
2015-02-22 10:30 - 2014-03-23 01:00 - 00000000 ____D () C:\ProgramData\NVIDIA
2015-02-22 10:30 - 2013-08-22 09:45 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-02-22 10:27 - 2013-08-22 08:25 - 11272192 ___SH () C:\Windows\system32\config\BBI
2015-02-22 10:00 - 2013-08-22 10:36 - 00000000 ____D () C:\Windows\system32\sru
2015-02-22 09:47 - 2014-03-23 01:19 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-02-22 00:58 - 2014-03-23 00:58 - 00003600 _____ () C:\Windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-2149543761-3914769281-2911391531-1001
2015-02-21 22:33 - 2015-01-02 02:22 - 00000000 ____D () C:\Users\Dunge\Documents\Bout2
2015-02-21 17:37 - 2014-11-30 22:11 - 00136408 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-02-21 17:37 - 2014-11-30 22:09 - 00107736 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2015-02-21 14:51 - 2014-03-27 14:13 - 00000000 ____D () C:\Windows\system32\appmgmt
2015-02-21 14:43 - 2014-03-23 00:53 - 00000000 ____D () C:\Users\Dunge\AppData\Local\VirtualStore
2015-02-21 13:34 - 2014-03-23 00:52 - 00000000 ____D () C:\Users\Dunge
2015-02-21 12:33 - 2015-01-09 20:17 - 00000000 ____D () C:\Users\Dunge\Desktop\Dragon Age Inquisition
2015-02-21 02:27 - 2013-08-22 09:44 - 00412024 _____ () C:\Windows\system32\FNTCACHE.DAT
2015-02-21 02:22 - 2014-03-23 00:47 - 00032696 _____ () C:\Windows\PFRO.log
2015-02-21 01:40 - 2014-11-30 22:09 - 00001118 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2015-02-21 01:40 - 2014-11-30 22:09 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2015-02-21 01:40 - 2014-11-30 22:09 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2015-02-21 01:26 - 2014-08-16 11:33 - 00000000 ____D () C:\Users\Dunge\AppData\Roaming\Skype
2015-02-20 02:08 - 2013-08-22 10:36 - 00000000 ____D () C:\Windows\AppReadiness
2015-02-17 21:03 - 2013-08-22 10:36 - 00000000 ____D () C:\Windows\system32\FxsTmp
2015-02-17 10:18 - 2014-03-27 19:59 - 00000000 ____D () C:\ProgramData\Microsoft Help
2015-02-15 19:47 - 2014-11-15 13:41 - 00000000 ____D () C:\Users\Dunge\AppData\Local\Daedalic Entertainment GmbH
2015-02-13 08:11 - 2013-08-22 10:20 - 00000000 ____D () C:\Windows\CbsTemp
2015-02-13 02:15 - 2013-08-22 10:36 - 00000000 ____D () C:\Windows\rescache
2015-02-12 21:47 - 2014-03-27 20:01 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2013
2015-02-10 22:38 - 2014-03-23 13:01 - 00000000 ____D () C:\ProgramData\Package Cache
2015-02-10 22:37 - 2014-03-23 01:01 - 00000000 ____D () C:\Windows\system32\MRT
2015-02-10 22:34 - 2014-03-23 01:01 - 116773704 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2015-02-10 22:28 - 2014-03-23 01:14 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NVIDIA Corporation
2015-02-08 21:01 - 2014-03-23 03:06 - 00000000 ____D () C:\Users\Dunge\AppData\Roaming\uTorrent
2015-02-08 09:35 - 2014-03-25 22:55 - 00000000 ____D () C:\Users\Dunge\Documents\My Games
2015-02-05 21:01 - 2015-01-02 17:11 - 00000000 ____D () C:\Users\Dunge\AppData\Local\William Hill Poker
2015-02-05 16:01 - 2014-10-31 16:43 - 18575880 _____ (NVIDIA Corporation) C:\Windows\system32\nvwgf2umx.dll
2015-02-05 16:01 - 2014-10-31 16:43 - 16017040 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvwgf2um.dll
2015-02-05 16:01 - 2014-10-31 16:43 - 14119744 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvd3dum.dll
2015-02-05 16:01 - 2014-10-31 16:43 - 03299512 _____ (NVIDIA Corporation) C:\Windows\system32\nvapi64.dll
2015-02-05 16:01 - 2014-10-31 16:43 - 01557648 _____ (NVIDIA Corporation) C:\Windows\system32\nvmcvadgenco64.dll
2015-02-05 16:01 - 2014-03-23 01:00 - 00074056 _____ (Khronos Group) C:\Windows\system32\OpenCL.dll
2015-02-05 16:01 - 2014-03-23 01:00 - 00060560 _____ (Khronos Group) C:\Windows\SysWOW64\OpenCL.dll
2015-02-05 16:01 - 2013-10-27 08:12 - 00027441 _____ () C:\Windows\system32\nvinfo.pb
2015-02-05 14:07 - 2014-03-23 01:00 - 06861128 _____ (NVIDIA Corporation) C:\Windows\system32\nvcpl.dll
2015-02-05 14:07 - 2014-03-23 01:00 - 03517584 _____ (NVIDIA Corporation) C:\Windows\system32\nvsvc64.dll
2015-02-05 14:07 - 2014-03-23 01:00 - 02558792 _____ (NVIDIA Corporation) C:\Windows\system32\nvsvcr.dll
2015-02-05 14:07 - 2014-03-23 01:00 - 00935056 _____ (NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe
2015-02-05 14:07 - 2014-03-23 01:00 - 00062792 _____ (NVIDIA Corporation) C:\Windows\system32\nvshext.dll
2015-02-05 14:06 - 2014-03-23 01:00 - 00385168 _____ (NVIDIA Corporation) C:\Windows\system32\nvmctray.dll
2015-02-05 07:50 - 2014-03-23 01:00 - 04236870 _____ () C:\Windows\system32\nvcoproc.bin
2015-02-04 13:47 - 2014-03-23 01:19 - 00003718 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2015-02-03 14:31 - 2013-08-22 10:38 - 00714720 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2015-02-03 14:31 - 2013-08-22 10:38 - 00106976 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2015-01-31 13:08 - 2014-12-01 12:27 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2015-01-28 17:44 - 2014-03-23 01:06 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2015-01-23 23:21 - 2014-03-28 23:34 - 00000000 ____D () C:\Windows\Minidump
2015-01-23 23:19 - 2013-08-22 10:36 - 00000000 ____D () C:\Windows\LiveKernelReports
2015-01-23 17:40 - 2015-01-22 18:25 - 00000000 ____D () C:\Users\Dunge\AppData\Roaming\qBittorrent

==================== Files in the root of some directories =======

2015-01-22 18:24 - 2015-01-22 18:24 - 0000696 _____ () C:\Users\Dunge\AppData\Local\recently-used.xbel
2014-04-08 07:14 - 2014-11-30 22:27 - 0007620 _____ () C:\Users\Dunge\AppData\Local\Resmon.ResmonCfg

==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2015-02-17 02:37

==================== End Of Log ============================

 

Addition.txt

 

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 21-02-2015
Ran by Dunge at 2015-02-22 10:39:33
Running from C:\
Boot Mode: Normal
==========================================================


==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

 Tools for .Net 3.5 (x32 Version: 3.11.50727 - Microsoft Corporation) Hidden
A Golden Wake (HKLM-x32\...\1207666213_is1) (Version: 2.0.0.2 - GOG.com)
A.V. (HKLM-x32\...\A.V._is1) (Version: 1.0 - PLAZA)
Adobe Flash Player 16 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 16.0.0.305 - Adobe Systems Incorporated)
Afterfall Reconquest Episode 1 (HKLM-x32\...\Afterfall Reconquest Episode 1_is1) (Version:  - )
Assassin's Creed Unity (HKLM-x32\...\Uplay Install 720) (Version:  - Ubisoft)
Astray (HKLM-x32\...\QXN0cmF5_is1) (Version: 1 - )
ASUS Xonar DX Audio (HKLM-x32\...\{71B53BA8-4BE3-49AF-BC3E-07F392008788}) (Version:   - ASUSTeK Computer Inc.)
AzureTools.Notifications (x32 Version: 2.2.11003.1601 - Microsoft Corporation) Hidden
Behaviors SDK (XAML) for Visual Studio (x32 Version: 12.0.41002.1 - Microsoft Corporation) Hidden
Blackguards 2 (HKLM-x32\...\Blackguards2_is1) (Version: 1.0 - Daedalic Entertainment GmbH)
Blend for Visual Studio 2013 (x32 Version: 12.0.41002.1 - Microsoft Corporation) Hidden
Blend for Visual Studio 2013 ENU resources (x32 Version: 12.0.41002.1 - Microsoft Corporation) Hidden
Blend for Visual Studio SDK for .NET 4.5 (x32 Version: 3.0.40218.0 - Microsoft Corporation) Hidden
Blend for Visual Studio SDK for Silverlight 5 (x32 Version: 3.0.40218.0 - Microsoft Corporation) Hidden
Build Tools - amd64 (Version: 12.0.30110 - Microsoft Corporation) Hidden
Build Tools - x86 (x32 Version: 12.0.30110 - Microsoft Corporation) Hidden
Build Tools Language Resources - amd64 (Version: 12.0.30110 - Microsoft Corporation) Hidden
Build Tools Language Resources - x86 (x32 Version: 12.0.30110 - Microsoft Corporation) Hidden
CPUID CPU-Z 1.70 (HKLM\...\CPUID CPU-Z_is1) (Version:  - )
Dead Rising 3 (HKLM-x32\...\Dead Rising 3_is1) (Version:  - )
Deathtrap (HKLM-x32\...\Deathtrap_is1) (Version:  - NeocoreGames)
Decay: The Mare (HKLM-x32\...\RGVjYXlUaGVNYXJl_is1) (Version: 1 - )
Dotfuscator and Analytics Community Edition (x32 Version: 5.5.4954.46574 - PreEmptive Solutions) Hidden
Dying Light Update v1.4.0 (HKLM-x32\...\RHlpbmdMaWdodA==_is1) (Version: 1 - )
Entity Framework Tools for Visual Studio 2013 (HKLM-x32\...\{08AEF86A-1956-4846-B906-B01350E96E30}) (Version: 12.0.20912.0 - Microsoft Corporation)
ESET Online Scanner v3 (HKLM-x32\...\ESET Online Scanner) (Version:  - )
Fraps (HKLM-x32\...\Fraps) (Version:  - )
Galaxy Client (HKLM-x32\...\{D6D1DA54-531F-4FA0-B683-CE66ACE3543F}_is1) (Version: 0.1.0.393 - GOG.com)
Game of Thrones A Telltale Games Series (HKLM-x32\...\Game of Thrones A Telltale Games Series_is1) (Version:  - )
Git version 1.9.0-preview20140217 (HKLM-x32\...\Git_is1) (Version: 1.9.0-preview20140217 - The Git Development Community)
Grey Goo (HKLM-x32\...\Grey Goo_is1) (Version:  - )
Grim Fandango Remastered (HKLM-x32\...\Grim Fandango Remastered_is1) (Version:  - )
Grow Home (HKLM-x32\...\R3Jvd0hvbWU=_is1) (Version: 1 - )
Hand of Fate (HKLM-x32\...\Hand of Fate_is1) (Version:  - )
Harold (HKLM-x32\...\Harold_is1) (Version:  - )
HD Tune Pro 5.50 (HKLM-x32\...\HD Tune Pro_is1) (Version:  - EFD Software)
IIS 8.0 Express (HKLM\...\{7BF61FA9-BDFB-4563-98AD-FCB0DA28CCC7}) (Version: 8.0.1557 - Microsoft Corporation)
IIS Express Application Compatibility Database for x64 (HKLM\...\{9f4f4a9b-eec5-4906-92fe-d1f43ccf5c8d}.sdb) (Version:  - )
IIS Express Application Compatibility Database for x86 (HKLM\...\{fdfba1f3-74ae-4255-9c10-a0f552b4610f}.sdb) (Version:  - )
ImgBurn (HKLM-x32\...\ImgBurn) (Version: 2.5.8.0 - LIGHTNING UK!)
Install Finalizer (x32 Version: 2.2.11003.1601 - Microsoft Corporation) Hidden
Intel® Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 9.5.13.1706 - Intel Corporation)
Intel® Network Connections 18.5.54.0 (HKLM\...\PROSetDX) (Version: 18.5.54.0 - Intel)
Intel® Rapid Storage Technology (HKLM\...\{409CB30E-E457-4008-9B1A-ED1B9EA21140}) (Version: 12.8.0.1016 - Intel Corporation)
Java 8 Update 20 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86418020F0}) (Version: 8.0.200 - Oracle Corporation)
Java SE Development Kit 8 Update 5 (64-bit) (HKLM\...\{64A3A4F4-B792-11D6-A78A-00B0D0180050}) (Version: 8.0.50 - Oracle Corporation)
JavaScript Tooling (Version: 12.0.30110 - Microsoft Corporation) Hidden
Joe Devers Lone Wolf HD Remastered (HKLM-x32\...\Joe Devers Lone Wolf HD Remastered_is1) (Version:  - )
Kits Configuration Installer (x32 Version: 8.100.25984 - Microsoft) Hidden
Life Is Strange (HKLM-x32\...\Life Is Strange_is1) (Version:  - SQUARE ENIX)
LocalESPC Dev12 (x32 Version: 8.100.25984 - Microsoft Corporation) Hidden
LocalESPCui for en-us Dev12 (x32 Version: 8.100.25984 - Microsoft) Hidden
Lucius II (HKLM-x32\...\Lucius II_is1) (Version:  - )
Malwarebytes Anti-Malware version 2.0.4.1028 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.4.1028 - Malwarebytes Corporation)
Microsoft .NET Framework 4.5 Multi-Targeting Pack (HKLM-x32\...\{56E962F0-4FB0-3C67-88DB-9EAA6EEFC493}) (Version: 4.5.50710 - Microsoft Corporation)
Microsoft .NET Framework 4.5 SDK (HKLM-x32\...\{4AE57014-05C4-4864-A13D-86517A7E1BA4}) (Version: 4.5.50710 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 Multi-Targeting Pack (ENU) (HKLM-x32\...\{D3517C62-68A5-37CF-92F7-93C029A89681}) (Version: 4.5.50932 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 Multi-Targeting Pack (HKLM-x32\...\{6A0C6700-EA93-372C-8871-DCCF13D160A4}) (Version: 4.5.50932 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 SDK (HKLM-x32\...\{19A5926D-66E1-46FC-854D-163AA10A52D3}) (Version: 4.5.51641 - Microsoft Corporation)
Microsoft ASP.NET and Web Tools 2013.1 - Visual Studio 2013 (HKLM-x32\...\{FFE80EFF-EDAB-4E36-9A35-76A9EA1561FB}) (Version: 2.1.41009.0 - Microsoft Corporation)
Microsoft ASP.NET MVC 4 Runtime (HKLM-x32\...\{3FE312D5-B862-40CE-8E4E-A6D8ABF62736}) (Version: 4.0.40804.0 - Microsoft Corporation)
Microsoft Exchange Web Services Managed API 2.1 (HKLM-x32\...\{24CA683D-8174-4EBF-AD4D-3F2DD7814716}) (Version: 15.0.847.30 - Microsoft Corporation)
Microsoft Help Viewer 2.1 (HKLM-x32\...\Microsoft Help Viewer 2.1) (Version: 2.1.21005 - Microsoft Corporation)
Microsoft Office Developer Tools for Visual Studio 2013 - March 2014 Update (HKLM-x32\...\{b9a142c4-c707-417c-8025-1ced2b024004}) (Version: 12.0.30225.0 - Microsoft Corporation)
Microsoft Office Professionnel Plus 2013 (HKLM\...\Office15.PROPLUSR) (Version: 15.0.4569.1506 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.31211.0 - Microsoft Corporation)
Microsoft Silverlight 5 SDK (HKLM-x32\...\{E1FBB3D4-ADB0-4949-B101-855DA061C735}) (Version: 5.0.61118.0 - Microsoft Corporation)
Microsoft SQL Server 2012 Command Line Utilities  (HKLM\...\{58FED865-4F13-408D-A5BF-996019C4B936}) (Version: 11.1.3000.0 - Microsoft Corporation)
Microsoft SQL Server 2012 Data-Tier App Framework  (HKLM-x32\...\{1B876496-B3A2-4D22-9B12-B608A3FD4B8B}) (Version: 11.1.2902.0 - Microsoft Corporation)
Microsoft SQL Server 2012 Data-Tier App Framework  (x64) (HKLM\...\{A6BA243E-85A3-4635-A269-32949C98AC7F}) (Version: 11.1.2902.0 - Microsoft Corporation)
Microsoft SQL Server 2012 Express LocalDB  (HKLM\...\{6C026A91-640F-4A23-8B68-05D589CC6F18}) (Version: 11.1.3000.0 - Microsoft Corporation)
Microsoft SQL Server 2012 Management Objects  (HKLM-x32\...\{2F7DBBE6-8EBC-495C-9041-46A772F4E311}) (Version: 11.1.3000.0 - Microsoft Corporation)
Microsoft SQL Server 2012 Management Objects  (x64) (HKLM\...\{43A5C316-9521-49C3-B9B6-FCE5E1005DF0}) (Version: 11.1.3000.0 - Microsoft Corporation)
Microsoft SQL Server 2012 Native Client  (HKLM\...\{D411E9C9-CE62-4DBF-9D92-4CB22B750ED5}) (Version: 11.1.3000.0 - Microsoft Corporation)
Microsoft SQL Server 2012 Transact-SQL ScriptDom  (HKLM\...\{54C5041B-0E91-4E92-8417-AAA12493C790}) (Version: 11.1.3000.0 - Microsoft Corporation)
Microsoft SQL Server 2012 T-SQL Language Service  (HKLM-x32\...\{04DD7AF4-A6D3-4E30-9BB9-3B3670719234}) (Version: 11.1.3000.0 - Microsoft Corporation)
Microsoft SQL Server Compact 4.0 SP1 x64 ENU (HKLM\...\{78909610-D229-459C-A936-25D92283D3FD}) (Version: 4.0.8876.1 - Microsoft Corporation)
Microsoft SQL Server Data Tools - enu (12.0.30919.1) (HKLM-x32\...\{0D7FCBFB-F478-4D32-901C-83F0BF5A3501}) (Version: 12.0.30919.1 - Microsoft Corporation)
Microsoft SQL Server Data Tools Build Utilities - enu (12.0.30919.1) (HKLM-x32\...\{6781FF9B-E87D-4A03-9373-A55A288B83FA}) (Version: 12.0.30919.1 - Microsoft Corporation)
Microsoft SQL Server System CLR Types (HKLM-x32\...\{A47FD1BF-A815-4A76-BE65-53A15BD5D25D}) (Version: 10.50.1600.1 - Microsoft Corporation)
Microsoft SQL Server System CLR Types (x64) (HKLM\...\{4701DEDE-1888-49E0-BAE5-857875924CA2}) (Version: 10.50.1600.1 - Microsoft Corporation)
Microsoft System CLR Types for SQL Server 2012 (HKLM-x32\...\{070C38AC-05CE-43DF-9A20-141332F6AB2B}) (Version: 11.1.3366.16 - Microsoft Corporation)
Microsoft System CLR Types for SQL Server 2012 (x64) (HKLM\...\{05FF8209-C4F1-4C77-BC28-791653156D20}) (Version: 11.1.3366.16 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual F# 3.1.1 (HKLM-x32\...\{51ba05a7-5d20-41ad-9ec8-6a4005faed87}) (Version: 12.0.30110.0 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)
Microsoft Visual Studio Ultimate 2013 (HKLM-x32\...\{cd09eea6-d0b3-4246-bb80-e047ceadf61f}) (Version: 12.0.21005.13 - Microsoft Corporation)
Microsoft Web Deploy 3.5 (HKLM\...\{3674F088-9B90-473A-AAC3-20A00D8D810C}) (Version: 3.1237.1762 - Microsoft Corporation)
Microsoft Web Platform Installer 4.6 (HKLM\...\{16C7D2AD-20CA-491E-80BC-8607A9AACED9}) (Version: 4.0.40719.0 - Microsoft Corporation)
Microsoft XNA Framework Redistributable 4.0 (HKLM-x32\...\{2BFC7AA0-544C-4E3A-8796-67F3BE655BE9}) (Version: 4.0.20823.0 - Microsoft Corporation)
Morningstar (HKLM-x32\...\Morningstar_is1) (Version:  - )
Mozilla Firefox 35.0.1 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 35.0.1 (x86 en-US)) (Version: 35.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 34.0.5 - Mozilla)
MSI Afterburner 4.0.0 (HKLM-x32\...\Afterburner) (Version: 4.0.0 - MSI Co., LTD)
My Game Long Name (HKLM\...\UDK-25312392-7483-4546-8a2d-25baf9369d24) (Version:  - Epic Games, Inc.)
Notepad++ (HKLM-x32\...\Notepad++) (Version: 6.6.9 - Notepad++ Team)
NVIDIA 3D Vision Controller Driver 347.09 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB) (Version: 347.09 - NVIDIA Corporation)
NVIDIA 3D Vision Driver 347.52 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 347.52 - NVIDIA Corporation)
NVIDIA GeForce Experience 2.1.3 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 2.1.3 - NVIDIA Corporation)
NVIDIA Graphics Driver 347.52 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 347.52 - NVIDIA Corporation)
NVIDIA HD Audio Driver 1.3.33.0 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.33.0 - NVIDIA Corporation)
NVIDIA Miracast Virtual Audio 347.52 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Miracast.VirtualAudio) (Version: 347.52 - NVIDIA Corporation)
NVIDIA PhysX System Software 9.14.0702 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.14.0702 - NVIDIA Corporation)
Open XML SDK 2.5 for Microsoft Office (x32 Version: 2.5.5631 - Microsoft Corporation) Hidden
OpenAL (HKLM-x32\...\OpenAL) (Version:  - )
Origin (HKLM-x32\...\Origin) (Version: 9.4.22.2815 - Electronic Arts, Inc.)
Outils de vérification linguistique 2013 de Microsoft Office - Français (Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
Pixel Boy and the Ever Expanding Dungeon (HKLM-x32\...\Pixel Boy and the Ever Expanding Dungeon_is1) (Version:  - )
PKR (HKLM-x32\...\PKR) (Version:  - PKR Ltd)
PreEmptive Analytics Visual Studio Components (x32 Version: 1.2.3197.1 - PreEmptive Solutions) Hidden
Prehistorik (HKLM-x32\...\Prehistorik_is1) (Version:  - )
Prerequisites for SSDT  (HKLM-x32\...\{35C1D9D6-87C0-46A3-B1B4-EDBCC063221C}) (Version: 11.1.3000.0 - Microsoft Corporation)
Python Tools Redirection Template (x32 Version: 1.1 - Microsoft Corporation) Hidden
qBittorrent 3.1.11 (HKLM-x32\...\qBittorrent) (Version: 3.1.11 - The qBittorrent project)
Ravens Cry (HKLM-x32\...\Ravens Cry_is1) (Version:  - )
REVOLVER360 RE:ACTOR (HKLM-x32\...\REVOLVER360 RE:ACTOR_is1) (Version:  - )
RivaTuner Statistics Server 6.2.0 (HKLM-x32\...\RTSS) (Version: 6.2.0 - Unwinder)
Saints Row: Gat out of Hell (HKLM-x32\...\U2FpbnRzUm93R2F0b3V0b2ZIZWxs_is1) (Version: 1 - )
SDK Debuggers (x32 Version: 8.100.26629 - Microsoft Corporation) Hidden
Service Pack 1 for Microsoft Office 2013 (KB2850036) 64-Bit Edition (HKLM\...\{91150000-0011-0000-1000-0000000FF1CE}_Office15.PROPLUSR_{D82063A8-7C8C-4C3B-A9BB-95138CA55D26}) (Version:  - Microsoft)
Service Pack 1 for Microsoft Office 2013 (KB2850036) 64-Bit Edition (Version:  - Microsoft) Hidden
Shadows: Heretic Kingdoms (HKLM-x32\...\Shadows: Heretic Kingdoms_is1) (Version:  - bitComposer Games)
SharePoint Client Components (HKLM\...\{95150002-1163-0409-1000-0000000FF1CE}) (Version: 15.0.4569.1506 - Microsoft Corporation)
SharePoint Client Components (HKLM\...\{95160001-1163-0409-1000-0000000FF1CE}) (Version: 16.0.2617.1200 - Microsoft Corporation)
SHIELD Streaming (Version: 3.1.1000 - NVIDIA Corporation) Hidden
SHIELD Wireless Controller Driver (Version: 16.13.56 - NVIDIA Corporation) Hidden
SixaxisPairTool 0.3.0 (HKLM-x32\...\SixaxisPairTool_is1) (Version: 0.3.0 - Dancing Pixel Studios)
Skype™ 7.0 (HKLM-x32\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 7.0.102 - Skype Technologies S.A.)
Sophos Virus Removal Tool (HKLM-x32\...\{B829E117-D072-41EA-9606-9826A38D34C1}) (Version: 2.5.4 - Sophos Limited)
Space Run (HKLM-x32\...\Space Run_is1) (Version:  - Focus Home Interactive)
Stay Dead Evolution (HKLM-x32\...\Stay Dead Evolution_is1) (Version:  - )
Steam (HKLM-x32\...\Steam) (Version:  - Valve Corporation)
Styx: Master of Shadows Update v1.02 (HKLM-x32\...\U3R5eE1hc3Rlcm9mU2hhZG93cw==_is1) (Version: 1 - )
Supreme League of Patriots Episode 1 (HKLM-x32\...\1422357636_is1) (Version: 2.0.0.1 - GOG.com)
Supreme League of Patriots Episode 2 (HKLM-x32\...\1422357706_is1) (Version: 2.0.0.1 - GOG.com)
Supreme League of Patriots Episode 3 (HKLM-x32\...\1422357761_is1) (Version: 2.0.0.1 - GOG.com)
Team Explorer for Microsoft Visual Studio 2013 (x32 Version: 12.0.21005 - Microsoft Corporation) Hidden
Tengami (HKLM-x32\...\VGVuZ2FtaQ==_is1) (Version: 1 - )
The Book of Unwritten Tales 2 version 1.0.0 DISC (HKLM-x32\...\The Book of Unwritten Tales 2_is1) (Version: 1.0.0 DISC - Nordic Games GmbH)
TortoiseGit 1.8.7.0 (64 bit) (HKLM\...\{B7307613-51D1-40EA-80CD-4A5A71CC657B}) (Version: 1.8.7.0 - TortoiseGit)
Trillian (HKLM-x32\...\Trillian) (Version:  - Cerulean Studios, LLC)
UltraISO Premium V9.61 (HKLM-x32\...\UltraISO_is1) (Version:  - )
Uninstall Finalizer (x32 Version: 2.2.11003.1601 - Microsoft Corporation) Hidden
Update for  (KB2504637) (HKLM-x32\...\{CFEF48A8-BFB8-3EAC-8BA5-DE4F8AA267CE}.KB2504637) (Version: 1 - Microsoft Corporation)
Uplay (HKLM-x32\...\Uplay) (Version: 4.9 - Ubisoft)
VC_CRT_x64 (Version: 1.02.0000 - Intel Corporation) Hidden
Visual Studio 2013 Update 1 (KB2829760) (HKLM-x32\...\{67640e67-6563-4e54-9273-4242ca174290}) (Version: 12.0.30112 - Microsoft Corporation)
VLC media player (HKLM-x32\...\VLC media player) (Version: 2.1.5 - VideoLAN)
WARMACHINE: Tactics (HKLM-x32\...\V0FSTUFDSElORVRhY3RpY3M=_is1) (Version: 1 - )
Wasteland 2 (HKLM-x32\...\Wasteland 2_is1) (Version:  - )
WATCH_DOGS (HKLM-x32\...\Uplay Install 274) (Version:  - Ubisoft)
WCF Data Services 5.6.0 Runtime (x32 Version: 5.6.61587.0 - Microsoft Corporation) Hidden
WCF Data Services Tools for Microsoft Visual Studio 2013 (x32 Version: 5.6.61587.0 - Microsoft Corporation) Hidden
WCF RIA Services V1.0 SP2 (HKLM-x32\...\{5D8DD6A8-C4D7-4554-93F9-F1CC28C72600}) (Version: 4.1.62812.0 - Microsoft Corporation)
William Hill Poker (HKU\S-1-5-21-2149543761-3914769281-2911391531-1001\...\William Hill Poker) (Version:  - )
Winamp (HKLM-x32\...\Winamp) (Version: 5.666  - Nullsoft, Inc)
WinDirStat 1.1.2 (HKU\S-1-5-21-2149543761-3914769281-2911391531-1001\...\WinDirStat) (Version:  - )
Windows Azure Authoring Tools - v2.2 (HKLM\...\{863C94A6-E432-4C88-9C68-FB668AE66621}) (Version: 2.2.6492.2 - Microsoft Corporation)
Windows Azure Emulator - v2.2 (HKLM\...\Windows Azure Emulator - v2.2) (Version: 2.2.6492.2 - Microsoft Corporation)
Windows Azure Libraries for .NET – v2.2 (HKLM\...\{0DCF275C-3D88-48CC-B374-ACA7365EF966}) (Version: 2.2.0924.200 - Microsoft Corporation)
Windows Azure Storage Tools - v2.2 (HKLM-x32\...\{E7FCA9E4-CDCB-472B-B168-567B16088E89}) (Version: 2.2.0.0 - Microsoft Corporation)
Windows Azure Tools for Microsoft LightSwitch for Visual Studio 2013 - v2.2 (HKLM-x32\...\{8f2e7a13-dcdb-42eb-a707-e0e7dac5ad5c}) (Version: 2.2.11002.1601 - Microsoft Corporation)
Windows Azure Tools for Microsoft Visual Studio 2013 - v2.2 (HKLM-x32\...\{1775e863-fea5-4931-9399-58f5247d0e99}) (Version: 2.2.11003.1601 - Microsoft Corporation)
Windows Software Development Kit for Windows 8.1 (HKLM-x32\...\{25981ccc-475f-4b68-850b-89d3fc287ff1}) (Version: 8.100.26695 - Microsoft Corporation)
WinRAR 5.10 beta 1 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.10.1 - win.rar GmbH)
Workflow Manager Client 1.0 (HKLM\...\{A5ABAF5F-B5B6-44B3-B69F-2E13DC60FC9F}) (Version: 2.0.40131.0 - Microsoft Corporation)
Workflow Manager Tools 1.0 for Visual Studio (HKLM\...\{3F757C38-DEBF-4053-81C2-CF009B58DDE5}) (Version: 2.0.40131.0 - Microsoft Corporation)

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)


==================== Restore Points  =========================


==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2013-08-22 08:25 - 2013-08-22 08:25 - 00000824 ____N C:\Windows\system32\Drivers\etc\hosts

==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

Task: {04702482-73BD-4374-B3C8-4309821D7D9D} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack => C:\Program Files\Microsoft Office\Office15\msoia.exe [2014-01-23] (Microsoft Corporation)
Task: {40100879-48C1-4B43-922A-1E885C231780} - System32\Tasks\{A4BDACA9-85FC-45C6-BED8-21065CB2AC7C} => pcalua.exe -a J:\AutoStarter.exe -d J:\
Task: {42996488-B2A7-4A32-82B1-D785679D997F} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-02-04] (Adobe Systems Incorporated)
Task: {81FE05F7-F29A-4ACD-9EBB-9D668B7D8BDC} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn => C:\Program Files\Microsoft Office\Office15\msoia.exe [2014-01-23] (Microsoft Corporation)
Task: {921E7706-F8EA-4663-8824-FCD519B7B4DD} - System32\Tasks\Microsoft Office 15 Sync Maintenance for DUNGE-PC-Dunge Dunge-PC => C:\Program Files\Microsoft Office\Office15\MsoSync.exe [2015-01-21] (Microsoft Corporation)
Task: {A3412D5B-C3AD-4D34-BFB0-C035938C8A63} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\Windows\system32\MRT.exe [2015-02-10] (Microsoft Corporation)
Task: {ADE37EC0-4F5B-46CC-BE6E-C847D15971BA} - System32\Tasks\Microsoft\Office\Office 15 Subscription Heartbeat => C:\Program Files\Common Files\Microsoft Shared\Office15\OLicenseHeartbeat.exe [2014-01-23] (Microsoft Corporation)
Task: {FB832291-4D21-4162-9DA0-C056E2772190} - System32\Tasks\RdpSaProxy => C:\Users\Dunge\AppData\Roaming\Microsoft\Windows\IEUpdate\RdpSaProxy.exe
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe

==================== Loaded Modules (whitelisted) ==============

2014-03-23 01:00 - 2015-02-05 14:07 - 00117576 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll
2014-01-12 17:39 - 2014-01-12 17:39 - 00728424 _____ () C:\Program Files\TortoiseGit\bin\libgit2.dll
2014-01-12 17:39 - 2014-01-12 17:39 - 00087400 _____ () C:\Program Files\TortoiseGit\bin\zlib1.dll
2014-05-12 04:49 - 2014-05-12 04:49 - 00222720 _____ () C:\Program Files (x86)\Notepad++\NppShell_06.dll
2014-03-23 01:28 - 2008-07-11 14:04 - 00200704 ____N () C:\Windows\SysWOW64\HsMgr.exe
2014-03-23 01:28 - 2008-07-11 14:03 - 00282112 ____N () C:\Windows\System\HsMgr64.exe
2014-03-23 01:49 - 2013-09-17 17:58 - 00920736 _____ () C:\Program Files (x86)\ASUS\AXSP\1.00.19\atkexComSvc.exe
2014-03-23 01:28 - 2012-06-06 08:56 - 00143360 ____N () C:\Program Files\ASUS Xonar DX Audio\Customapp\VmixP8.dll
2014-12-18 00:00 - 2014-12-18 00:00 - 00059904 _____ () C:\Program Files (x86)\Trillian\zlib1.dll
2014-12-18 00:00 - 2014-12-18 00:00 - 00187392 _____ () C:\Program Files (x86)\Trillian\libpng15.dll
2014-12-18 00:00 - 2014-12-18 00:00 - 00006656 _____ () c:\program files (x86)\trillian\languages\en\trillian.dll
2014-12-18 00:00 - 2014-12-18 00:00 - 00065536 _____ () C:\Program Files (x86)\Trillian\libungif.dll
2014-12-18 00:00 - 2014-12-18 00:00 - 00003584 _____ () c:\program files (x86)\trillian\languages\en\toolkit.dll
2014-12-18 00:00 - 2014-12-18 00:00 - 00006656 _____ () c:\program files (x86)\trillian\languages\en\events.dll
2014-12-18 00:00 - 2014-12-18 00:00 - 00010752 _____ () c:\program files (x86)\trillian\languages\en\buddy.dll
2014-12-18 00:00 - 2014-12-18 00:00 - 00007168 _____ () c:\program files (x86)\trillian\languages\en\talk.dll
2014-03-23 01:49 - 2015-02-22 10:32 - 00024064 _____ () C:\Program Files (x86)\ASUS\AXSP\1.00.19\PEbiosinterface32.dll
2014-03-23 01:49 - 2010-06-29 09:58 - 00104448 _____ () C:\Program Files (x86)\ASUS\AXSP\1.00.19\ATKEX.dll
2014-12-01 12:27 - 2015-01-28 17:44 - 03925104 _____ () C:\Program Files (x86)\Mozilla Firefox\mozjs.dll

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)

AlternateDataStreams: C:\Users\Dunge\OneDrive:ms-properties

==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MSIServer => ""="Service"

==================== EXE Association (whitelisted) ===============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-2149543761-3914769281-2911391531-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\Dunge\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper
DNS Servers: 74.116.184.28 - 74.116.184.29

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)


==================== Accounts: =============================

Administrator (S-1-5-21-2149543761-3914769281-2911391531-500 - Administrator - Disabled)
Dunge (S-1-5-21-2149543761-3914769281-2911391531-1001 - Administrator - Enabled) => C:\Users\Dunge
Guest (S-1-5-21-2149543761-3914769281-2911391531-501 - Limited - Enabled)
HomeGroupUser$ (S-1-5-21-2149543761-3914769281-2911391531-1003 - Limited - Enabled)

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (02/22/2015 07:04:20 AM) (Source: Office 2013 Licensing Service) (EventID: 0) (User: )
Description: Subscription licensing service failed: -1073418231

Error: (02/22/2015 05:11:17 AM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: Cryptographic Services failed while processing the OnIdentity() call in the System Writer Object.


Details:
AddLegacyDriverFiles: Unable to back up image of binary Microsoft Link-Layer Discovery Protocol.

System Error:
Access is denied.
.

Error: (02/22/2015 05:01:15 AM) (Source: SideBySide) (EventID: 78) (User: )
Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest2" on line C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest.
Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_a9efdb8b01377ea7.manifest.

Error: (02/21/2015 02:51:02 PM) (Source: System Restore) (EventID: 8193) (User: )
Description: Failed to create restore point (Process = C:\Windows\system32\msiexec.exe /V; Description = Removed SpyHunter; Error = 0x8007043c).

Error: (02/21/2015 02:51:00 PM) (Source: System Restore) (EventID: 8193) (User: )
Description: Failed to create restore point (Process = C:\Windows\system32\msiexec.exe /V; Description = Removed SpyHunter; Error = 0x8007043c).

Error: (02/21/2015 02:06:45 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: DUNGE-PC)
Description: Activation of app 53949YingXiong.TileTime_9cdx8657rgq7a!App failed with error: -2144927142 See the Microsoft-Windows-TWinUI/Operational log for additional information.

Error: (02/21/2015 02:06:45 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: DUNGE-PC)
Description: Activation of app 53949YingXiong.TileTime_9cdx8657rgq7a!App failed with error: -2144927142 See the Microsoft-Windows-TWinUI/Operational log for additional information.

Error: (02/21/2015 02:04:15 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: DUNGE-PC)
Description: Activation of app microsoft.windowscommunicationsapps_8wekyb3d8bbwe!ppleae38af2e007f4358a809ac99a64a67c1 failed with error: -2144927142 See the Microsoft-Windows-TWinUI/Operational log for additional information.

Error: (02/21/2015 01:59:25 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: DUNGE-PC)
Description: Activation of app microsoft.windowscommunicationsapps_8wekyb3d8bbwe!ppleae38af2e007f4358a809ac99a64a67c1 failed with error: -2144927142 See the Microsoft-Windows-TWinUI/Operational log for additional information.

Error: (02/21/2015 01:59:25 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: DUNGE-PC)
Description: Activation of app microsoft.windowscommunicationsapps_8wekyb3d8bbwe!ppleae38af2e007f4358a809ac99a64a67c1 failed with error: -2144927142 See the Microsoft-Windows-TWinUI/Operational log for additional information.


System errors:
=============
Error: (02/22/2015 04:59:06 AM) (Source: DCOM) (EventID: 10010) (User: DUNGE-PC)
Description: {1B1F472E-3221-4826-97DB-2C2324D389AE}

Error: (02/22/2015 04:58:36 AM) (Source: DCOM) (EventID: 10010) (User: DUNGE-PC)
Description: {BF6C1E47-86EC-4194-9CE5-13C15DCB2001}

Error: (02/22/2015 01:17:34 AM) (Source: Schannel) (EventID: 4120) (User: NT AUTHORITY)
Description: A fatal alert was generated and sent to the remote endpoint. This may result in termination of the connection. The TLS protocol defined fatal error code is 70. The Windows SChannel error state is 105.

Error: (02/21/2015 08:28:33 PM) (Source: DCOM) (EventID: 10005) (User: DUNGE-PC)
Description: 1084WSearchUnavailable{9E175B68-F52A-11D8-B9A5-505054503030}

Error: (02/21/2015 08:28:32 PM) (Source: DCOM) (EventID: 10005) (User: DUNGE-PC)
Description: 1084ShellHWDetectionUnavailable{DD522ACC-F821-461A-A407-50B198B896DC}

Error: (02/21/2015 08:28:26 PM) (Source: DCOM) (EventID: 10005) (User: DUNGE-PC)
Description: 1084ShellHWDetectionUnavailable{DD522ACC-F821-461A-A407-50B198B896DC}

Error: (02/21/2015 08:27:57 PM) (Source: DCOM) (EventID: 10005) (User: DUNGE-PC)
Description: 1084ShellHWDetectionUnavailable{DD522ACC-F821-461A-A407-50B198B896DC}

Error: (02/21/2015 08:27:49 PM) (Source: DCOM) (EventID: 10005) (User: DUNGE-PC)
Description: 1084dpsUnavailable{7022A3B3-D004-4F52-AF11-E9E987FEE25F}

Error: (02/21/2015 08:27:42 PM) (Source: DCOM) (EventID: 10005) (User: DUNGE-PC)
Description: 1084WSearchUnavailable{B52D54BB-4818-4EB9-AA80-F9EACD371DF8}

Error: (02/21/2015 08:27:42 PM) (Source: DCOM) (EventID: 10005) (User: DUNGE-PC)
Description: 1084WSearchUnavailable{B52D54BB-4818-4EB9-AA80-F9EACD371DF8}


Microsoft Office Sessions:
=========================
Error: (02/22/2015 07:04:20 AM) (Source: Office 2013 Licensing Service) (EventID: 0) (User: )
Description: Subscription licensing service failed: -1073418231

Error: (02/22/2015 05:11:17 AM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description:
Details:
AddLegacyDriverFiles: Unable to back up image of binary Microsoft Link-Layer Discovery Protocol.

System Error:
Access is denied.

Error: (02/22/2015 05:01:15 AM) (Source: SideBySide) (EventID: 78) (User: )
Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_a9efdb8b01377ea7.manifestC:\Program Files (x86)\ESET\ESET Online Scanner\ESETSmartInstaller.exe

Error: (02/21/2015 02:51:02 PM) (Source: System Restore) (EventID: 8193) (User: )
Description: C:\Windows\system32\msiexec.exe /VRemoved SpyHunter0x8007043c

Error: (02/21/2015 02:51:00 PM) (Source: System Restore) (EventID: 8193) (User: )
Description: C:\Windows\system32\msiexec.exe /VRemoved SpyHunter0x8007043c

Error: (02/21/2015 02:06:45 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: DUNGE-PC)
Description: 53949YingXiong.TileTime_9cdx8657rgq7a!App-2144927142

Error: (02/21/2015 02:06:45 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: DUNGE-PC)
Description: 53949YingXiong.TileTime_9cdx8657rgq7a!App-2144927142

Error: (02/21/2015 02:04:15 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: DUNGE-PC)
Description: microsoft.windowscommunicationsapps_8wekyb3d8bbwe!ppleae38af2e007f4358a809ac99a64a67c1-2144927142

Error: (02/21/2015 01:59:25 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: DUNGE-PC)
Description: microsoft.windowscommunicationsapps_8wekyb3d8bbwe!ppleae38af2e007f4358a809ac99a64a67c1-2144927142

Error: (02/21/2015 01:59:25 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: DUNGE-PC)
Description: microsoft.windowscommunicationsapps_8wekyb3d8bbwe!ppleae38af2e007f4358a809ac99a64a67c1-2144927142


CodeIntegrity Errors:
===================================
  Date: 2015-02-22 04:58:13.886
  Description: Code Integrity determined that a process (\Device\HarddiskVolume1\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume1\Program Files\Common Files\microsoft shared\OFFICE15\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2015-02-21 06:13:32.202
  Description: Code Integrity determined that a process (\Device\HarddiskVolume1\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume1\Program Files\Common Files\microsoft shared\OFFICE15\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2015-02-21 05:35:21.585
  Description: Code Integrity determined that a process (\Device\HarddiskVolume1\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume1\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2015-02-21 05:35:21.527
  Description: Code Integrity determined that a process (\Device\HarddiskVolume1\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume1\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2015-02-16 02:44:18.362
  Description: Code Integrity determined that a process (\Device\HarddiskVolume1\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume1\Program Files\Common Files\microsoft shared\OFFICE15\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2015-02-13 02:15:34.197
  Description: Code Integrity determined that a process (\Device\HarddiskVolume1\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume1\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2015-02-13 02:15:34.143
  Description: Code Integrity determined that a process (\Device\HarddiskVolume1\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume1\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2015-02-13 02:15:33.937
  Description: Code Integrity determined that a process (\Device\HarddiskVolume1\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume1\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2015-02-13 02:15:33.883
  Description: Code Integrity determined that a process (\Device\HarddiskVolume1\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume1\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2015-02-13 02:15:33.703
  Description: Code Integrity determined that a process (\Device\HarddiskVolume1\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume1\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.


==================== Memory info ===========================

Processor: Intel® Core™ i5-2500K CPU @ 3.30GHz
Percentage of memory in use: 21%
Total physical RAM: 8159.14 MB
Available physical RAM: 6435.75 MB
Total Pagefile: 9439.14 MB
Available Pagefile: 7536.88 MB
Total Virtual: 131072 MB
Available Virtual: 131071.84 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:119.24 GB) (Free:23.03 GB) NTFS
Drive e: () (Fixed) (Total:5588.9 GB) (Free:4715.13 GB) NTFS
Drive f: () (Fixed) (Total:139.64 GB) (Free:8.66 GB) NTFS
Drive h: () (Fixed) (Total:1863.01 GB) (Free:146.9 GB) NTFS ==>[System with boot components (obtained from reading drive)]

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 119.2 GB) (Disk ID: 777C500F)
Partition 1: (Not Active) - (Size=119.2 GB) - (Type=07 NTFS)

========================================================
Disk: 1 (MBR Code: Windows 7 or 8) (Size: 139.7 GB) (Disk ID: F05084FA)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=139.6 GB) - (Type=07 NTFS)

========================================================
Disk: 2 (MBR Code: Windows 7 or 8) (Size: 5589 GB) (Disk ID: 00000000)

Partition: GPT Partition Type.

========================================================
Disk: 3 (MBR Code: Windows 7 or 8) (Size: 1863 GB) (Disk ID: 42D2C4AD)
Partition 1: (Active) - (Size=1863 GB) - (Type=07 NTFS)

==================== End Of Log ============================



#11 olgun52

olgun52

  • Malware Response Team
  • 3,784 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:12:29 PM

Posted 22 February 2015 - 02:50 PM

but as I said the network works perfectly fine if I'm under Win7 or
over my phone via wifi using the same network, it only fail on my Win8.1.

So,the network works perfectly fine under Win7, But, phone via wifi using the same network,  fail on  Win8.1. I understand, right ?

At that case the problem may be also in the phone. What do you think of this idea ?


Best regards
 
paypal.gif
If you wish to show appreciation and support me personally fighting against malware, then you can consider a donation. Thank you. :thumbup2:
Malware fix forum
If I don't reply within 24 hours please PM me!

 


 


#12 Dunge

Dunge
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:04:29 AM

Posted 22 February 2015 - 03:27 PM

No no phone work great and have nothing to do with it. I can't connect to many domains using my main pc OS with Win8.1 and it started exactly when I ran the Simda infected file. I was just trying to prove there is nothing wrong with my network because other devices work fine.

#13 olgun52

olgun52

  • Malware Response Team
  • 3,784 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:12:29 PM

Posted 22 February 2015 - 03:44 PM

Ok.
 

FSS.txt:
ATTENTION!=====> local policy on IP:

Please download SystemLook from one of the links below and save it to your Desktop.
Download 1
Download 2

64-bit users go Here

  • Double-click SystemLook.exe to run it.
  • Vista\Win 7 users:: Right click on SystemLook.exe, click Run As Administrator
  • Copy the content of the following box and paste it into the main textfield:
:reg
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local /s
  • Click the Look button to start the scan.
  • When finished, a notepad window will open with the results of the scan. Please post this log in your next reply.

Note: The log can also be found on your Desktop entitled SystemLook.txt


Best regards
 
paypal.gif
If you wish to show appreciation and support me personally fighting against malware, then you can consider a donation. Thank you. :thumbup2:
Malware fix forum
If I don't reply within 24 hours please PM me!

 


 


#14 Dunge

Dunge
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:04:29 AM

Posted 22 February 2015 - 04:04 PM

SystemLook 30.07.11 by jpshortstuff
Log created at 16:00 on 22/02/2015 by Dunge
Administrator - Elevation successful

========== reg ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local]
"ActivePolicy"="SOFTWARE\Policies\Microsoft\Windows\IPSEC\Policy\Local\ipsecPolicy{c965be38-ae3c-44f6-bcdc-a713a0181666}"

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local\ipsecFilter{360a9e9d-cdd8-4801-9c8d-002db7a61a01}]
"className"="ipsecFilter"
"description"="Windows Firewall Configuration Helper"
"name"="ipsecFilter{360a9e9d-cdd8-4801-9c8d-002db7a61a01}"
"ipsecName"="whitelist"
"ipsecID"="{360a9e9d-cdd8-4801-9c8d-002db7a61a01}"
"ipsecDataType"= 0x0000000100 (256)
"ipsecData"=b5 20 dc 80 c8 2e d1 11 a8 9e 00 a0 24 8d 30 21 b2 39 00 00 d3 00 00 00 02 00 00 00 00 00 02 00 00 00 00 00 02 00 00 00 00 00 df 85 d0 e5 77 76 cb 46 ab 75 5c 0d 9e c2 68 37 01 00 00 00 60 7f fa 69 ff ff ff ff 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 02 00 00 00 00 00 02 00 00 00 00 00 02 00 00 00 00 00 f1 73 c8 9b 32 20 b6 4a a5 e9 a8 8e 69 ab d3 b9 01 00 00 00 60 7f fa 68 ff ff ff ff 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 02 00 00 00 00 00 02 00 00 00 00 00 02 00 00 00 00 00 ec 01 cb 00 b3 7b f1 4e b8 0f f6 cf 8c 71 75 ac 01 00 00 00 60 7f fa 66 ff ff ff ff 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 02 00 00 00 00 00 02 00 00 00 00 00 02 00 00 00 00 00 08 42 e9 aa dc f3 2f 4a bc b9 99 c1 c1 6c 3f dc 01 00 00 00 60 7f fa 6e ff ff ff ff 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 02 00 00 00 00 00 02 00 00 00 00 00 02 00 00 00 00 00 ab 7c cc 4a a6 f6 99 42 a0 98 11 0c 90 ce 0b 92 01 00 00 (REG_BINARY)
"whenChanged"= 0x0054e82791 (1424500625)
"ipsecOwnersReference"="SOFTWARE\Policies\Microsoft\Windows\IPSEC\Policy\Local\ipsecNFA{3c4075c0-9359-434c-8e87-3b3acce5e32a}"

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local\ipsecISAKMPPolicy{88b0b268-e687-4d12-aed7-774acad3b128}]
"className"="ipsecISAKMPPolicy"
"name"="ipsecISAKMPPolicy{88b0b268-e687-4d12-aed7-774acad3b128}"
"ipsecID"="{88b0b268-e687-4d12-aed7-774acad3b128}"
"ipsecDataType"= 0x0000000100 (256)
"ipsecData"=b8 20 dc 80 c8 2e d1 11 a8 9e 00 a0 24 8d 30 21 c0 00 00 00 68 b2 b0 88 87 e6 12 4d ae d7 77 4a ca d3 b1 28 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 80 70 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 02 00 00 00 00 00 00 00 03 00 00 00 40 00 00 00 08 00 00 00 02 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 02 00 00 00 00 00 00 00 00 00 00 00 80 70 00 00 00 00 00 00 00 00 00 00 03 00 00 00 40 00 00 00 08 00 00 00 02 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 04 00 00 00 00 00 00 00 02 00 00 00 00 00 00 00 00 00 00 00 80 70 00 00 00 00 00 00 00  (REG_BINARY)
"whenChanged"= 0x0054e8271c (1424500508)
"ipsecOwnersReference"="SOFTWARE\Policies\Microsoft\Windows\IPSEC\Policy\Local\ipsecPolicy{c965be38-ae3c-44f6-bcdc-a713a0181666}"

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local\ipsecNegotiationPolicy{04a5b17a-3443-40e6-9ef5-da43096b4bf1}]
"className"="ipsecNegotiationPolicy"
"name"="ipsecNegotiationPolicy{04a5b17a-3443-40e6-9ef5-da43096b4bf1}"
"ipsecID"="{04a5b17a-3443-40e6-9ef5-da43096b4bf1}"
"ipsecNegotiationPolicyAction"="{8a171dd3-77e3-11d1-8659-a04f00000000}"
"ipsecNegotiationPolicyType"="{62f49e13-6c37-11d1-864c-14a300000000}"
"ipsecDataType"= 0x0000000100 (256)
"ipsecData"=b9 20 dc 80 c8 2e d1 11 a8 9e 00 a0 24 8d 30 21 a4 00 00 00 02 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 01 00 00 00 03 00 00 00 02 00 00 00 02 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 01 00 00 00 02 00 00 00 00 00 00 00 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  (REG_BINARY)
"whenChanged"= 0x0054e8271d (1424500509)
"ipsecOwnersReference"="SOFTWARE\Policies\Microsoft\Windows\IPSEC\Policy\Local\ipsecNFA{98a16105-e19e-437c-aa0b-a461840fffb8}"

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local\ipsecNegotiationPolicy{b1198a82-018c-4f68-a945-ba6d91e6c61c}]
"className"="ipsecNegotiationPolicy"
"name"="ipsecNegotiationPolicy{b1198a82-018c-4f68-a945-ba6d91e6c61c}"
"ipsecName"="permit"
"ipsecID"="{b1198a82-018c-4f68-a945-ba6d91e6c61c}"
"ipsecNegotiationPolicyAction"="{3f91a819-7647-11d1-864d-d46a00000000}"
"ipsecNegotiationPolicyType"="{62f49e10-6c37-11d1-864c-14a300000000}"
"ipsecDataType"= 0x0000000100 (256)
"ipsecData"=b9 20 dc 80 c8 2e d1 11 a8 9e 00 a0 24 8d 30 21 04 00 00 00 00 00 00 00 00  (REG_BINARY)
"whenChanged"= 0x0054e8271c (1424500508)
"ipsecOwnersReference"="SOFTWARE\Policies\Microsoft\Windows\IPSEC\Policy\Local\ipsecNFA{3c4075c0-9359-434c-8e87-3b3acce5e32a}"

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local\ipsecNFA{3c4075c0-9359-434c-8e87-3b3acce5e32a}]
"className"="ipsecNFA"
"name"="ipsecNFA{3c4075c0-9359-434c-8e87-3b3acce5e32a}"
"ipsecName"="whitelist"
"ipsecID"="{3c4075c0-9359-434c-8e87-3b3acce5e32a}"
"ipsecDataType"= 0x0000000100 (256)
"ipsecData"=00 ac bb 11 8d 49 d1 11 86 39 00 a0 24 8d 30 21 2a 00 00 00 01 00 00 00 05 00 00 00 02 00 00 00 00 00 fd ff ff ff 02 00 00 00 00 00 00 00 00 00 00 00 00 00 01 00 00 00 02 00 00 00 00 00 01 01 01 01 01 01 01 01 01 01 01 01 01 01 01 01 01 00 00 00 05 00 00 00 00 00 00 00 01 01 01 01 01 01 01 01 01 01 01 01 01 01 01 02 01 00 00 00 00 00 00 00 00  (REG_BINARY)
"ipsecNegotiationPolicyReference"="SOFTWARE\Policies\Microsoft\Windows\IPSEC\Policy\Local\ipsecNegotiationPolicy{b1198a82-018c-4f68-a945-ba6d91e6c61c}"
"ipsecFilterReference"="SOFTWARE\Policies\Microsoft\Windows\IPSEC\Policy\Local\ipsecFilter{360a9e9d-cdd8-4801-9c8d-002db7a61a01}"
"whenChanged"= 0x0054e827ef (1424500719)
"ipsecOwnersReference"="SOFTWARE\Policies\Microsoft\Windows\IPSEC\Policy\Local\ipsecPolicy{c965be38-ae3c-44f6-bcdc-a713a0181666}"

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local\ipsecNFA{98a16105-e19e-437c-aa0b-a461840fffb8}]
"className"="ipsecNFA"
"name"="ipsecNFA{98a16105-e19e-437c-aa0b-a461840fffb8}"
"ipsecID"="{98a16105-e19e-437c-aa0b-a461840fffb8}"
"ipsecDataType"= 0x0000000100 (256)
"ipsecData"=00 ac bb 11 8d 49 d1 11 86 39 00 a0 24 8d 30 21 2a 00 00 00 01 00 00 00 05 00 00 00 02 00 00 00 00 00 fd ff ff ff 02 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 02 00 00 00 00 00 01 01 01 01 01 01 01 01 01 01 01 01 01 01 01 01 01 00 00 00 05 00 00 00 00 00 00 00 01 01 01 01 01 01 01 01 01 01 01 01 01 01 01 02 01 00 00 00 00 00 00 00 00  (REG_BINARY)
"ipsecNegotiationPolicyReference"="SOFTWARE\Policies\Microsoft\Windows\IPSEC\Policy\Local\ipsecNegotiationPolicy{04a5b17a-3443-40e6-9ef5-da43096b4bf1}"
"whenChanged"= 0x0054e8271d (1424500509)
"ipsecOwnersReference"="SOFTWARE\Policies\Microsoft\Windows\IPSEC\Policy\Local\ipsecPolicy{c965be38-ae3c-44f6-bcdc-a713a0181666}"

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local\ipsecPolicy{c965be38-ae3c-44f6-bcdc-a713a0181666}]
"className"="ipsecPolicy"
"description"="Windows Firewall Configuration Helper"
"name"="ipsecPolicy{c965be38-ae3c-44f6-bcdc-a713a0181666}"
"ipsecName"="whitelist"
"ipsecID"="{c965be38-ae3c-44f6-bcdc-a713a0181666}"
"ipsecDataType"= 0x0000000100 (256)
"ipsecData"=63 21 20 22 4c 4f d1 11 86 3b 00 a0 24 8d 30 21 04 00 00 00 30 2a 00 00 00  (REG_BINARY)
"ipsecISAKMPReference"="SOFTWARE\Policies\Microsoft\Windows\IPSEC\Policy\Local\ipsecISAKMPPolicy{88b0b268-e687-4d12-aed7-774acad3b128}"
"whenChanged"= 0x0054e827f0 (1424500720)
"ipsecNFAReference"="SOFTWARE\Policies\Microsoft\Windows\IPSEC\Policy\Local\ipsecNFA{3c4075c0-9359-434c-8e87-3b3acce5e32a} SOFTWARE\Policies\Microsoft\Windows\IPSEC\Policy\Local\ipsecNFA{98a16105-e19e-437c-aa0b-a461840fffb8}"


-= EOF =-



#15 olgun52

olgun52

  • Malware Response Team
  • 3,784 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:12:29 PM

Posted 22 February 2015 - 04:48 PM

When another as user enter on  the system What is the situation? Have you ever checked you do?-


Best regards
 
paypal.gif
If you wish to show appreciation and support me personally fighting against malware, then you can consider a donation. Thank you. :thumbup2:
Malware fix forum
If I don't reply within 24 hours please PM me!

 


 





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users